Index: .depend
===================================================================
--- .depend
+++ .depend
@@ -6,47 +6,46 @@
 audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
 auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
 auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
-auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
+auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
 auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 auth-skey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h
-auth.o: authfile.h monitor_wrap.h ssherr.h compat.h channels.h
-auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h misc.h servconf.h
+auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h openbsd-compat/sys-queue.h dispatch.h authfile.h
+auth.o: monitor_wrap.h ssherr.h compat.h channels.h
+auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
 auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h
-auth2-hostbased.o: pathnames.h ssherr.h match.h
-auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h
-auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h
-auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
-auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h
-auth2-pubkey.o: auth-options.h canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h
-auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h
-auth2.o: monitor_wrap.h digest.h
+auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h pathnames.h
+auth2-hostbased.o: ssherr.h match.h
+auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h
+auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h
+auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
+auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h auth-options.h
+auth2-pubkey.o: canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h
+auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h monitor_wrap.h
+auth2.o: digest.h
 authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h
 authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h
 bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
-canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h canohost.h misc.h
+canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h canohost.h misc.h
 chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
-channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h opacket.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
+channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
 cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
 cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
 cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h
 cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
 cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h opacket.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h
+clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
 clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h
-compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h log.h match.h kex.h mac.h
-crc32.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crc32.h
+compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h match.h kex.h mac.h crypto_api.h
 dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
 digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h opacket.h compat.h ssherr.h
+dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h ssherr.h
 dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
 ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
 entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
@@ -60,23 +59,19 @@
 hash.o: crypto_api.h includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h log.h ssherr.h
 hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
 hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h
-kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h log.h match.h misc.h monitor.h ssherr.h sshbuf.h
-kex.o: digest.h
-kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h digest.h ssherr.h
-kexc25519c.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h digest.h ssherr.h
-kexc25519s.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h kex.h mac.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h ssh2.h sshbuf.h ssherr.h
+kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h match.h
+kex.o: misc.h monitor.h ssherr.h sshbuf.h digest.h
+kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
 kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexecdhc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexecdhs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
+kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h
 kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexsntrup4591761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h
 krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h krl.h
 log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h
+loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h
 logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
 mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
 match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
@@ -84,24 +79,23 @@
 misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h
 moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
-monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h dh.h packet.h dispatch.h opacket.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h
+monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h
 monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h
-monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
-monitor_wrap.o: auth-options.h packet.h dispatch.h opacket.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h
+monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+monitor_wrap.o: auth-options.h packet.h dispatch.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h
 msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
-mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h opacket.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h
-nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h opacket.h channels.h compat.h log.h
-opacket.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h
-packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h crc32.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h digest.h log.h canohost.h misc.h channels.h ssh.h
-packet.o: packet.h dispatch.h opacket.h ssherr.h sshbuf.h
+mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h
+nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
+packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h canohost.h misc.h channels.h ssh.h
+packet.o: packet.h dispatch.h ssherr.h sshbuf.h
 platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
 platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
 poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
-progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h
-readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h uidswap.h
-readconf.o: myproposal.h digest.h
+progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
+readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
+readconf.o: uidswap.h myproposal.h digest.h
 readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h
 rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
 sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
@@ -114,58 +108,60 @@
 sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
 scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h
-servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h match.h channels.h
-servconf.o: groupaccess.h canohost.h packet.h dispatch.h opacket.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
-serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h opacket.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
-serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h
-session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
-session.o: cipher-aesctr.h rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h monitor_wrap.h sftp.h atomicio.h
+servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
+servconf.o: match.h channels.h groupaccess.h canohost.h packet.h dispatch.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
+serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
+serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h
+session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
+session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
 sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
 sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
 sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
+sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h
 sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
 sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
-ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h
+sntrup4591761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
+ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h
 ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h
 ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h
-ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h uuencode.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h
-ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h compat.h myproposal.h packet.h dispatch.h opacket.h log.h
+ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h
+ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
 ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h
 ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h
 ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h
-ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshkey.h
 ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
 ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h opacket.h
-ssh.o: sshbuf.h channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h
-ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h ssh.h ssh2.h packet.h dispatch.h opacket.h compat.h log.h authfile.h misc.h
-ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h
+ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h packet.h dispatch.h sshbuf.h
+ssh.o: channels.h sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h
+ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc.h
+ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
 sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
 sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
 sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
 sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
-sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
-sshconnect.o: ssherr.h authfd.h
-sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h opacket.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h myproposal.h
+sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h ssherr.h
+sshconnect.o: authfd.h kex.h mac.h crypto_api.h
+sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h myproposal.h
 sshconnect2.o: sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h
-sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h opacket.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
-sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h
+sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
+sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h
 ssherr.o: ssherr.h
 sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h sshkey-xmss.h match.h xmss_fast.h openbsd-compat/openssl-compat.h
+sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h openbsd-compat/openssl-compat.h
 sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h
 sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h
+sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h misc.h sshbuf.h sshsig.h ssherr.h sshkey.h match.h digest.h
 sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
-ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h opacket.h log.h compat.h sshbuf.h ssherr.h ttymodes.h
+ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h compat.h sshbuf.h ssherr.h ttymodes.h
 uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h
 umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
 umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
 utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
-uuencode.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h uuencode.h
 verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
 xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h
 xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/rmd160.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
Index: .gitignore
===================================================================
--- .gitignore
+++ .gitignore
@@ -26,3 +26,4 @@
 ssh-pkcs11-helper
 sshd
 !regress/misc/fuzz-harness/Makefile
+tags
Index: .skipped-commit-ids
===================================================================
--- .skipped-commit-ids
+++ .skipped-commit-ids
@@ -5,6 +5,12 @@
 1de0e85522051eb2ffa00437e1885e9d7b3e0c2e	moduli update
 814b2f670df75759e1581ecef530980b2b3d7e0f	remove redundant make defs
 04431e8e7872f49a2129bf080a6b73c19d576d40	moduli update
+c07772f58028fda683ee6abd41c73da3ff70d403	moduli update
+db6375fc302e3bdf07d96430c63c991b2c2bd3ff	moduli update
+5ea3d63ab972691f43e9087ab5fd8376d48e898f	uuencode.c Makefile accident
+99dd10e72c04e93849981d43d64c946619efa474	include sshbuf-misc.c
+9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5	sshbuf-misc.c in regress
+569f08445c27124ec7c7f6c0268d844ec56ac061	Makefile tweaks for !openssl
 
 Old upstream tree:
 
Index: ChangeLog
===================================================================
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,5133 @@
+commit cdf1d0a9f5d18535e0a18ff34860e81a6d83aa5c
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Oct 9 11:31:03 2019 +1100
+
+    prepare for 8.1 release
+
+commit 3b4e56d740b74324e2d7542957cad5a11518f455
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Oct 9 00:04:57 2019 +0000
+
+    upstream: openssh-8.1
+    
+    OpenBSD-Commit-ID: 3356bb34e2aa287f0e6d6773c9ae659dc680147d
+
+commit 29e0ecd9b4eb3b9f305e2240351f0c59cad9ef81
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Oct 9 00:04:42 2019 +0000
+
+    upstream: fix an unreachable integer overflow similar to the XMSS
+    
+    case, and some other NULL dereferences found by fuzzing.
+    
+    fix with and ok markus@
+    
+    OpenBSD-Commit-ID: 0f81adbb95ef887ce586953e1cb225fa45c7a47b
+
+commit a546b17bbaeb12beac4c9aeed56f74a42b18a93a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Oct 9 00:02:57 2019 +0000
+
+    upstream: fix integer overflow in XMSS private key parsing.
+    
+    Reported by Adam Zabrocki via SecuriTeam's SSH program.
+    
+    Note that this code is experimental and not compiled by default.
+    
+    ok markus@
+    
+    OpenBSD-Commit-ID: cd0361896d15e8a1bac495ac583ff065ffca2be1
+
+commit c2cc25480ba36ab48c1a577bebb12493865aad87
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Oct 8 22:40:39 2019 +0000
+
+    upstream: Correct type for end-of-list sentinel; fixes initializer
+    
+    warnings on some platforms.  ok deraadt.
+    
+    OpenBSD-Commit-ID: a990dbc2dac25bdfa07e79321349c73fd991efa2
+
+commit e827aedf8818e75c0016b47ed8fc231427457c43
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Oct 7 23:10:38 2019 +0000
+
+    upstream: reversed test yielded incorrect debug message
+    
+    OpenBSD-Commit-ID: 78bb512d04cfc238adb2c5b7504ac93eecf523b3
+
+commit 8ca491d29fbe26e5909ce22b344c0a848dc28d55
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Oct 8 17:05:57 2019 +1100
+
+    depend
+
+commit 86a0323374cbd404629e75bb320b3fa1c16aaa6b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed Oct 9 09:36:06 2019 +1100
+
+    Make MAKE_CLONE no-op macro more correct.
+    
+    Similar to the previous change to DEF_WEAK, some compilers don't like
+    the empty statement, so convert into a no-op function prototype.
+
+commit cfc1897a2002ec6c4dc879b24e8b3153c87ea2cf
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Oct 9 09:06:35 2019 +1100
+
+    wrap stdint.h include in HAVE_STDINT_H
+    
+    make the indenting a little more consistent too..
+    
+    Fixes Solaris 2.6; reported by Tom G. Christensen
+
+commit 13b3369830a43b89a503915216a23816d1b25744
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Oct 8 15:32:02 2019 +1100
+
+    avoid "return (value)" in void-declared function
+    
+    spotted by Tim Rice; ok dtucker
+
+commit 0c7f8d2326d812b371f7afd63aff846973ec80a4
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Oct 8 14:44:50 2019 +1100
+
+    Make DEF_WEAK more likely to be correct.
+    
+    Completely nop-ing out DEF_WEAK leaves an empty statemment which some
+    compilers don't like.  Replace with a no-op function template.  ok djm@
+
+commit b1e79ea8fae9c252399677a28707661d85c7d00c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Sun Oct 6 11:49:50 2019 +0000
+
+    upstream: Instead of running sed over the whole log to remove CRs,
+    
+    remove them only where it's needed (and confuses test(1) on at least OS X in
+    portable).
+    
+    OpenBSD-Regress-ID: a6ab9b4bd1d33770feaf01b2dfb96f9e4189d2d0
+
+commit 8dc7d6b75a7f746fdd056acd41dffc0a13557a4c
+Author: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
+Date:   Tue May 9 13:33:30 2017 -0300
+
+    Enable specific ioctl call for EP11 crypto card (s390)
+    
+    The EP11 crypto card needs to make an ioctl call, which receives an
+    specific argument. This crypto card is for s390 only.
+    
+    Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
+
+commit 07f2c7f34951c04d2cd796ac6c80e47c56c4969e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Oct 4 04:31:59 2019 +0000
+
+    upstream: fix memory leak in error path; bz#3074 patch from
+    
+    krishnaiah.bommu@intel.com, ok dtucker
+    
+    OpenBSD-Commit-ID: d031853f3ecf47b35a0669588f4d9d8e3b307b3c
+
+commit b7fbc75e119170f4d15c94a7fda4a1050e0871d6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Oct 4 04:13:39 2019 +0000
+
+    upstream: space
+    
+    OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac
+
+commit 643ab68c79ac1644f4a31e36928c2bfc8a51db3c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Oct 4 03:39:19 2019 +0000
+
+    upstream: more sshsig regress tests: check key revocation, the
+    
+    check-novalidate signature test mode and signing keys in ssh-agent.
+    
+    From Sebastian Kinne (slightly tweaked)
+    
+    OpenBSD-Regress-ID: b39566f5cec70140674658cdcedf38752a52e2e2
+
+commit 714031a10bbe378a395a93cf1040f4ee1451f45f
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Oct 4 03:26:58 2019 +0000
+
+    upstream: Check for gmtime failure in moduli generation. Based on
+    
+    patch from krishnaiah.bommu@intel.com, ok djm@
+    
+    OpenBSD-Commit-ID: 4c6a4cde0022188ac83737de08da0e875704eeaa
+
+commit 6918974405cc28ed977f802fd97a9c9a9b2e141b
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Thu Oct 3 17:07:50 2019 +0000
+
+    upstream: use a more common options order in SYNOPSIS and sync
+    
+    usage(); while here, no need for Bk/Ek;
+    
+    ok dtucker
+    
+    OpenBSD-Commit-ID: 38715c3f10b166f599a2283eb7bc14860211bb90
+
+commit feff96b7d4c0b99307f0459cbff128aede4a8984
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Oct 2 09:50:50 2019 +0000
+
+    upstream: thinko in previous; spotted by Mantas
+    
+    =?UTF-8?q?=20Mikul=C4=97nas?=
+    MIME-Version: 1.0
+    Content-Type: text/plain; charset=UTF-8
+    Content-Transfer-Encoding: 8bit
+    
+    OpenBSD-Commit-ID: ffa3f5a45e09752fc47d9041e2203ee2ec15b24d
+
+commit b5a89eec410967d6b712665f8cf0cb632928d74b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Oct 2 08:07:13 2019 +0000
+
+    upstream: make signature format match PROTOCO
+    
+    =?UTF-8?q?=20as=20a=20string,=20not=20raw=20bytes.=20Spotted=20by=20Manta?=
+    =?UTF-8?q?s=20Mikul=C4=97nas?=
+    MIME-Version: 1.0
+    Content-Type: text/plain; charset=UTF-8
+    Content-Transfer-Encoding: 8bit
+    
+    OpenBSD-Commit-ID: 80fcc6d52893f80c6de2bedd65353cebfebcfa8f
+
+commit dc6f81ee94995deb11bbf7e19801022c5f6fd90a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Oct 2 08:05:50 2019 +0000
+
+    upstream: ban empty namespace strings for s
+    
+    =?UTF-8?q?shsig;=20spotted=20by=20Mantas=20Mikul=C4=97nas?=
+    MIME-Version: 1.0
+    Content-Type: text/plain; charset=UTF-8
+    Content-Transfer-Encoding: 8bit
+    
+    OpenBSD-Commit-ID: 7c5bcf40bed8f4e826230176f4aa353c52aeb698
+
+commit fa5bd8107e0e2b3e1e184f55d0f9320c119f65f0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed Oct 2 14:30:55 2019 +1000
+
+    Put ssherr.h back as it's actually needed.
+
+commit 3ef92a657444f172b61f92d5da66d94fa8265602
+Author: Lonnie Abelbeck <lonnie@abelbeck.com>
+Date:   Tue Oct 1 09:05:09 2019 -0500
+
+    Deny (non-fatal) shmget/shmat/shmdt in preauth privsep child.
+    
+    New wait_random_seeded() function on OpenSSL 1.1.1d uses shmget, shmat, and shmdt
+    in the preauth codepath, deny (non-fatal) in seccomp_filter sandbox.
+
+commit edd1d3a6261aecbf9a55944fd7be1db83571b46e
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Oct 2 10:54:28 2019 +1000
+
+    remove duplicate #includes
+    
+    Prompted by Jakub Jelen
+
+commit 13c508dfed9f25e6e54c984ad00a74ef08539e70
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Oct 2 10:51:15 2019 +1000
+
+    typo in comment
+
+commit d0c3ac427f6c52b872d6617421421dd791664445
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Oct 2 00:42:30 2019 +0000
+
+    upstream: remove some duplicate #includes
+    
+    OpenBSD-Commit-ID: ed6827ab921eff8027669848ef4f70dc1da4098c
+
+commit 084682786d9275552ee93857cb36e43c446ce92c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Oct 1 10:22:53 2019 +0000
+
+    upstream: revert unconditional forced login implemented in r1.41 of
+    
+    ssh-pkcs11.c; r1.45 added a forced login as a fallback for cases where the
+    token returns no objects and this is less disruptive for users of tokens
+    directly in ssh (rather than via ssh-agent) and in ssh-keygen
+    
+    bz3006, patch from Jakub Jelen; ok markus
+    
+    OpenBSD-Commit-ID: 33d6df589b072094384631ff93b1030103b3d02e
+
+commit 6c91d42cce3f055917dc3fd2c305dfc5b3b584b3
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Sun Sep 29 16:31:57 2019 +0000
+
+    upstream: group and sort single letter options; ok deraadt
+    
+    OpenBSD-Commit-ID: e1480e760a2b582f79696cdcff70098e23fc603f
+
+commit 3b44bf39ff4d7ef5d50861e2e9dda62d2926d2fe
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Fri Sep 27 20:03:24 2019 +0000
+
+    upstream: fix the DH-GEX text in -a; because this required a comma,
+    
+    i added a comma to the first part, for balance...
+    
+    OpenBSD-Commit-ID: 2c3464e9e82a41e8cdfe8f0a16d94266e43dbb58
+
+commit 3e53ef28fab53094e3b19622ba0e9c3d5fe71273
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Tue Sep 24 12:50:46 2019 +0000
+
+    upstream: identity_file[] should be PATH_MAX, not the arbitrary
+    
+    number 1024
+    
+    OpenBSD-Commit-ID: e775f94ad47ce9ab37bd1410d7cf3b7ea98b11b7
+
+commit 90d4b2541e8c907793233d9cbd4963f7624f4174
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Fri Sep 20 18:50:58 2019 +0000
+
+    upstream: new sentence, new line;
+    
+    OpenBSD-Commit-ID: c35ca5ec07be460e95e7406af12eee04a77b6698
+
+commit fbec7dba01b70b49ac47f56031310865dff86200
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Sep 30 18:01:12 2019 +1000
+
+    Include stdio.h for snprintf.
+    
+    Patch from vapier@gentoo.org.
+
+commit 0a403bfde71c4b82147473298d3a60b4171468bd
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Sep 30 14:11:42 2019 +1000
+
+    Add SKIP_LTESTS for skipping specific tests.
+
+commit 4d59f7a5169c451ebf559aedec031ac9da2bf80c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Sep 27 05:25:12 2019 +0000
+
+    upstream: Test for empty result in expected bits. Remove CRs from log
+    
+    as they confuse tools on some platforms.  Re-enable the 3des-cbc test.
+    
+    OpenBSD-Regress-ID: edf536d4f29fc1ba412889b37247a47f1b49d250
+
+commit 7c817d129e2d48fc8a6f7965339313023ec45765
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Sep 27 15:26:22 2019 +1000
+
+    Re-enable dhgex test.
+    
+    Since we've added larger fallback groups to dh.c this test will pass
+    even if there is no moduli file installed on the system.
+
+commit c1e0a32fa852de6d1c82ece4f76add0ab0ca0eae
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Sep 24 21:17:20 2019 +1000
+
+    Add more ToS bits, currently only used by netcat.
+
+commit 5a273a33ca1410351cb484af7db7c13e8b4e8e4e
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Sep 19 15:41:23 2019 +1000
+
+    Privsep is now required.
+
+commit 8aa2aa3cd4d27d14e74b247c773696349472ef20
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Sep 16 03:23:02 2019 +0000
+
+    upstream: Allow testing signature syntax and validity without verifying
+    
+    that a signature came from a trusted signer. To discourage accidental or
+    unintentional use, this is invoked by the deliberately ugly option name
+    "check-novalidate"
+    
+    from Sebastian Kinne
+    
+    OpenBSD-Commit-ID: cea42c36ab7d6b70890e2d8635c1b5b943adcc0b
+
+commit 7047d5afe3103f0f07966c05b810682d92add359
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 13 04:52:34 2019 +0000
+
+    upstream: clarify that IdentitiesOnly also applies to the default
+    
+    ~/.ssh/id_* keys; bz#3062
+    
+    OpenBSD-Commit-ID: 604be570e04646f0f4a17026f8b2aada6a585dfa
+
+commit b36ee3fcb2f1601693b1b7fd60dd6bd96006ea75
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Sep 13 04:36:43 2019 +0000
+
+    upstream: Plug mem leaks on error paths, based in part on github
+    
+    pr#120 from David Carlier.  ok djm@.
+    
+    OpenBSD-Commit-ID: c57adeb1022a8148fc86e5a88837b3b156dbdb7e
+
+commit 2aefdf1aef906cf7548a2e5927d35aacb55948d4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 13 04:31:19 2019 +0000
+
+    upstream: whitespace
+    
+    OpenBSD-Commit-ID: 57a71dd5f4cae8d61e0ac631a862589fb2bfd700
+
+commit fbe24b142915331ceb2a3a76be3dc5b6d204fddf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 13 04:27:35 2019 +0000
+
+    upstream: allow %n to be expanded in ProxyCommand strings
+    
+    From Zachary Harmany via github.com/openssh/openssh-portable/pull/118
+    ok dtucker@
+    
+    OpenBSD-Commit-ID: 7eebf1b7695f50c66d42053d352a4db9e8fb84b6
+
+commit 2ce1d11600e13bee0667d6b717ffcc18a057b821
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 13 04:07:42 2019 +0000
+
+    upstream: clarify that ConnectTimeout applies both to the TCP
+    
+    connection and to the protocol handshake/KEX. From Jean-Charles Longuet via
+    Github PR140
+    
+    OpenBSD-Commit-ID: ce1766abc6da080f0d88c09c2c5585a32b2256bf
+
+commit df780114278f406ef7cb2278802a2660092fff09
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Sep 9 02:31:19 2019 +0000
+
+    upstream: Fix potential truncation warning. ok deraadt.
+    
+    OpenBSD-Commit-ID: d87b7e3a94ec935e8194e7fce41815e22804c3ff
+
+commit ec0e6243660bf2df30c620a6a0d83eded376c9c6
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Sep 13 13:14:39 2019 +1000
+
+    memleak of buffer in sshpam_query
+    
+    coverity report via Ed Maste; ok dtucker@
+
+commit c17e4638e5592688264fc0349f61bfc7b4425aa5
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Sep 13 13:12:42 2019 +1000
+
+    explicitly test set[ug]id() return values
+    
+    Legacy !_POSIX_SAVED_IDS path only; coverity report via Ed Maste
+    ok dtucker@
+
+commit 91a2135f32acdd6378476c5bae475a6e7811a6a2
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date:   Fri Sep 6 14:45:34 2019 +0000
+
+    upstream: Allow prepending a list of algorithms to the default set
+    
+    by starting the list with the '^' character, e.g.
+    
+    HostKeyAlgorithms ^ssh-ed25519
+    Ciphers ^aes128-gcm@openssh.com,aes256-gcm@openssh.com
+    
+    ok djm@ dtucker@
+    
+    OpenBSD-Commit-ID: 1e1996fac0dc8a4b0d0ff58395135848287f6f97
+
+commit c8bdd2db77ac2369d5cdee237656f266c8f41552
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 6 07:53:40 2019 +0000
+
+    upstream: key conversion should fail for !openssl builds, not fall
+    
+    through to the key generation code
+    
+    OpenBSD-Commit-ID: b957436adc43c4941e61d61958a193a708bc83c9
+
+commit 823f6c37eb2d8191d45539f7b6fa877a4cb4ed3d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 6 06:08:11 2019 +0000
+
+    upstream: typo in previous
+    
+    OpenBSD-Commit-ID: 7c3b94110864771a6b80a0d8acaca34037c3c96e
+
+commit 6a710d3e06fd375e2c2ae02546b9541c488a2cdb
+Author: Damien Miller <djm@mindrot.org>
+Date:   Sun Sep 8 14:48:11 2019 +1000
+
+    needs time.h for --without-openssl
+
+commit f61f29afda6c71eda26effa54d3c2e5306fd0833
+Author: Damien Miller <djm@mindrot.org>
+Date:   Sat Sep 7 19:25:00 2019 +1000
+
+    make unittests pass for no-openssl case
+
+commit 105e1c9218940eb53473f55a9177652d889ddbad
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 6 05:59:41 2019 +0000
+
+    upstream: avoid compiling certain files that deeply depend on
+    
+    libcrypto when WITH_OPENSSL isn't set
+    
+    OpenBSD-Commit-ID: 569f08445c27124ec7c7f6c0268d844ec56ac061
+
+commit 670104b923dd97b1c06c0659aef7c3e52af571b2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 6 05:23:55 2019 +0000
+
+    upstream: fixes for !WITH_OPENSSL compilation; ok dtucker@
+    
+    OpenBSD-Commit-ID: 7fd68eaa9e0f7482b5d4c7e8d740aed4770a839f
+
+commit be02d7cbde3d211ec2ed2320a1f7d86b2339d758
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 6 04:53:27 2019 +0000
+
+    upstream: lots of things were relying on libcrypto headers to
+    
+    transitively include various system headers (mostly stdlib.h); include them
+    explicitly
+    
+    OpenBSD-Commit-ID: 5b522f4f2d844f78bf1cc4f3f4cc392e177b2080
+
+commit d05aaaaadcad592abfaa44540928e0c61ef72ebb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 6 03:30:42 2019 +0000
+
+    upstream: remove leakmalloc reference; we used this early when
+    
+    refactoring but not since
+    
+    OpenBSD-Commit-ID: bb28ebda8f7c490b87b37954044a6cdd43a7eb2c
+
+commit 1268f0bcd8fc844ac6c27167888443c8350005eb
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Sep 6 04:24:06 2019 +0000
+
+    upstream: Check for RSA support before using it for the user key,
+    
+    otherwise use ed25519 which is supported when built without OpenSSL.
+    
+    OpenBSD-Regress-ID: 3d23ddfe83c5062f00ac845d463f19a2ec78c0f7
+
+commit fd7a2dec652b9efc8e97f03f118f935dce732c60
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Sep 6 14:07:10 2019 +1000
+
+    Provide explicit path to configure-check.
+    
+    On some platforms (at least OpenBSD) make won't search VPATH for target
+    files, so building out-of-tree will fail at configure-check.  Provide
+    explicit path.  ok djm@
+
+commit 00865c29690003b4523cc09a0e104724b9f911a4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Sep 6 01:58:50 2019 +0000
+
+    upstream: better error code for bad arguments; inspired by
+    
+    OpenBSD-Commit-ID: dfc263b6041de7f0ed921a1de0b81ddebfab1e0a
+
+commit afdf27f5aceb4973b9f5308f4310c6e3fd8db1fb
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Sep 5 21:38:40 2019 +1000
+
+    revert config.h/config.h.in freshness checks
+    
+    turns out autoreconf and configure don't touch some files if their content
+    doesn't change, so the mtime can't be relied upon in a makefile rule
+
+commit a97609e850c57bd2cc2fe7e175fc35cb865bc834
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Sep 5 20:54:39 2019 +1000
+
+    extend autoconf freshness test
+    
+    make it cover config.h.in and config.h separately
+
+commit 182297c10edb21c4856c6a38326fd04d81de41a5
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Sep 5 20:34:54 2019 +1000
+
+    check that configure/config.h is up to date
+    
+    Ensure they are newer than the configure.ac / aclocal.m4 source
+
+commit 7d6034bd020248e9fc0f8c39c71c858debd0d0c1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Sep 5 10:05:51 2019 +0000
+
+    upstream: if a PKCS#11 token returns no keys then try to login and
+    
+    refetch them. Based on patch from Jakub Jelen; bz#2430 ok markus@
+    
+    OpenBSD-Commit-ID: ab53bd6ddd54dd09e54a8bfbed1a984496f08b43
+
+commit 76f09bd95917862101b740afb19f4db5ccc752bf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Sep 5 09:35:19 2019 +0000
+
+    upstream: sprinkle in some explicit errors here, otherwise the
+    
+    percolate all the way up to dispatch_run_fatal() and lose all meaninful
+    context
+    
+    to help with bz#3063; ok dtucker@
+    
+    OpenBSD-Commit-ID: 5b2da83bb1c4a3471444b7910b2120ae36438a0a
+
+commit 0ea332497b2b2fc3995f72f6bafe9d664c0195b3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Sep 5 09:25:13 2019 +0000
+
+    upstream: only send ext_info for KEX_INITIAL; bz#2929 ok dtucker
+    
+    OpenBSD-Commit-ID: 00f5c6062f6863769f5447c6346f78c05d2e4a63
+
+commit f23d91f9fa7f6f42e70404e000fac88aebfe3076
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Thu Sep 5 05:47:23 2019 +0000
+
+    upstream: macro fix; ok djm
+    
+    OpenBSD-Commit-ID: e891dd6c7996114cb32f0924cb7898ab55efde6e
+
+commit 8b57337c1c1506df2bb9f039d0628a6de618566b
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Sep 5 15:46:39 2019 +1000
+
+    update fuzzing makefile to more recent clang
+
+commit ae631ad77daf8fd39723d15a687cd4b1482cbae8
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Sep 5 15:45:32 2019 +1000
+
+    fuzzer for sshsig allowed_signers option parsing
+
+commit 69159afe24120c97e5ebaf81016c85968afb903e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Sep 5 05:42:59 2019 +0000
+
+    upstream: memleak on error path; found by libfuzzer
+    
+    OpenBSD-Commit-ID: 34d44cb0fb5bdb5fcbc6b02b804e71b20a7a5fc7
+
+commit bab6feb01f9924758ca7129dba708298a53dde5f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Sep 5 04:55:32 2019 +0000
+
+    upstream: expose allowed_signers options parsing code in header for
+    
+    fuzzing
+    
+    rename to make more consistent with philosophically-similar auth
+    options parsing API.
+    
+    OpenBSD-Commit-ID: 0c67600ef04187f98e2912ca57b60c22a8025b7c
+
+commit 4f9d75fbafde83d428e291516f8ce98e6b3a7c4b
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date:   Wed Sep 4 20:31:15 2019 +0000
+
+    upstream: Call comma-separated lists as such to clarify semantics.
+    
+    Options such as Ciphers take values that may be a list of ciphers; the
+    complete list, not indiviual elements, may be prefixed with a dash or plus
+    character to remove from or append to the default list, respectively.
+    
+    Users might read the current text as if each elment took an optional prefix,
+    so tweak the wording from "values" to "list" to prevent such ambiguity for
+    all options supporting these semantics.
+    
+    Fix instances missed in first commit.  ok jmc@ kn@
+    
+    OpenBSD-Commit-ID: 7112522430a54fb9f15a7a26d26190ed84d5e417
+
+commit db1e6f60f03641b2d17e0ab062242609f4ed4598
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Wed Sep 4 05:56:54 2019 +0000
+
+    upstream: tweak previous;
+    
+    OpenBSD-Commit-ID: 0abd728aef6b5b35f6db43176aa83b7e3bf3ce27
+
+commit 0f44e5956c7c816f6600f2a47be4d7bb5a8d711d
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date:   Tue Sep 3 20:51:49 2019 +0000
+
+    upstream: repair typo and editing mishap
+    
+    OpenBSD-Commit-ID: d125ab720ca71ccf9baf83e08ddc8c12a328597e
+
+commit f4846dfc6a79f84bbc6356ae3184f142bacedc24
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Sep 5 11:09:28 2019 +1000
+
+    Fuzzer harness for sshsig
+
+commit b08a6bc1cc7750c6f8a425d1cdbd86552fffc637
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Sep 3 18:45:42 2019 +1000
+
+    oops; missed including the actual file
+
+commit 1a72c0dd89f09754df443c9576dde624a17d7dd0
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Sep 3 18:44:10 2019 +1000
+
+    portability fixes for sshsig
+
+commit 6d6427d01304d967e58544cf1c71d2b4394c0522
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:37:45 2019 +0000
+
+    upstream: regress test for sshsig; feedback and ok markus@
+    
+    OpenBSD-Regress-ID: 74c0974f2cdae8d9599b9d76a09680bae55d8a8b
+
+commit 59650f0eaf65115afe04c39abfb93a4fc994ec55
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:37:06 2019 +0000
+
+    upstream: only add plain keys to prevent any certs laying around
+    
+    from confusing the test.
+    
+    OpenBSD-Regress-ID: b8f1508f822bc560b98dea910e61ecd76f34100f
+
+commit d637c4aee6f9b5280c13c020d7653444ac1fcaa5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:35:27 2019 +0000
+
+    upstream: sshsig tweaks and improvements from and suggested by
+    
+    Markus
+    
+    ok markus/me
+    
+    OpenBSD-Commit-ID: ea4f46ad5a16b27af96e08c4877423918c4253e9
+
+commit 2a9c9f7272c1e8665155118fe6536bebdafb6166
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:34:19 2019 +0000
+
+    upstream: sshsig: lightweight signature and verification ability
+    
+    for OpenSSH
+    
+    This adds a simple manual signature scheme to OpenSSH.
+    Signatures can be made and verified using ssh-keygen -Y sign|verify
+    
+    Signatures embed the key used to make them. At verification time, this
+    is matched via principal name against an authorized_keys-like list
+    of allowed signers.
+    
+    Mostly by Sebastian Kinne w/ some tweaks by me
+    
+    ok markus@
+    
+    OpenBSD-Commit-ID: 2ab568e7114c933346616392579d72be65a4b8fb
+
+commit 5485f8d50a5bc46aeed829075ebf5d9c617027ea
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:32:11 2019 +0000
+
+    upstream: move authorized_keys option parsing helpsers to misc.c
+    
+    and make them public; ok markus@
+    
+    OpenBSD-Commit-ID: c18bcb2a687227b3478377c981c2d56af2638ea2
+
+commit f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:31:20 2019 +0000
+
+    upstream: make get_sigtype public as sshkey_get_sigtype(); ok
+    
+    markus@
+    
+    OpenBSD-Commit-ID: 01f8cdbec63350490d2249f41112c5780d1cfbb8
+
+commit dd8002fbe63d903ffea5be7b7f5fc2714acab4a0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:30:47 2019 +0000
+
+    upstream: move advance_past_options to authfile.c and make it
+    
+    public; ok markus@
+    
+    OpenBSD-Commit-ID: edda2fbba2c5b1f48e60f857a2010479e80c5f3c
+
+commit c72d78ccbe642e08591a626e5de18381489716e0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:29:58 2019 +0000
+
+    upstream: move skip_space() to misc.c and make it public; ok
+    
+    markus@
+    
+    OpenBSD-Commit-ID: caa77e8a3b210948e29ad3e28c5db00852961eae
+
+commit 06af3583f46e2c327fdd44d8a95b8b4e8dfd8db5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:29:15 2019 +0000
+
+    upstream: authfd: add function to check if key is in agent
+    
+    This commit adds a helper function which allows the caller to
+    check if a given public key is present in ssh-agent.
+    
+    work by Sebastian Kinne; ok markus@
+    
+    OpenBSD-Commit-ID: d43c5826353e1fdc1af71eb42961b30782c7bd13
+
+commit 2ab5a8464870cc4b29ddbe849bbbc255729437bf
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:28:30 2019 +0000
+
+    upstream: fix memleak in ssh_free_identitylist(); ok markus@
+    
+    OpenBSD-Commit-ID: aa51f77ae2c5330a1f61b2d22933f24a443f9abf
+
+commit 85443f165b4169b2a448b3e24bc1d4dc5b3156a4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Sep 3 08:27:52 2019 +0000
+
+    upstream: factor out confirm_overwrite(); ok markus@
+    
+    OpenBSD-Commit-ID: 304e95381b39c774c8fced7e5328b106a3ff0400
+
+commit 9a396e33685633581c67d5ad9664570ef95281f2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Sep 2 23:46:46 2019 +0000
+
+    upstream: constify an argument
+    
+    OpenBSD-Commit-ID: 724bafc9f993746ad4303e95bede2c030de6233b
+
+commit b52c0c2e64988277a35a955a474d944967059aeb
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Sep 2 00:19:25 2019 +0000
+
+    upstream: downgrade PKCS#11 "provider returned no slots" warning
+    
+    from log level error to debug. This is common when attempting to enumerate
+    keys on smartcard readers with no cards plugged in. bz#3058 ok dtucker@
+    
+    OpenBSD-Commit-ID: bb8839ddeb77c271390488af1b771041d43e49c6
+
+commit 0713322e18162463c5ab5ddfb9f935055ca775d8
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Sep 1 23:47:32 2019 +0000
+
+    upstream: print comment when printing pubkey from private
+    
+    bz#3052; ok dtucker
+    
+    OpenBSD-Commit-ID: a91b2a8d5f1053d34d7fce44523c53fb534ba914
+
+commit 368f1cc2fbd6ad10c66bc1b67c2c04aebf8a04a8
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Sep 2 10:28:42 2019 +1000
+
+    fixed test in OSX closefrom() replacement
+    
+    from likan_999.student AT sina.com
+
+commit 6b7c53498def19a14dd9587bf521ab6dbee8988f
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Sep 2 10:22:02 2019 +1000
+
+    retain Solaris PRIV_FILE_LINK_ANY in sftp-server
+    
+    Dropping this privilege removes the ability to create hard links to
+    files owned by other users. This is required for the legacy sftp rename
+    operation.
+    
+    bz#3036; approach ok Alex Wilson (the original author of the Solaris
+    sandbox/pledge replacement code)
+
+commit e50f808712393e86d69e42e9847cdf8d473412d7
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Aug 30 05:08:28 2019 +0000
+
+    upstream: Use ed25519 for most hostkey rotation tests since it's
+    
+    supported even when built without OpenSSL.  Use RSA for the secondary type
+    test if supported, otherwise skip it.  Fixes this test for !OpenSSL builds.
+    
+    OpenBSD-Regress-ID: 101cb34a84fd974c623bdb2e496f25a6e91be109
+
+commit 5e4796c47dd8d6c38fb2ff0b3e817525fed6040d
+Author: bluhm@openbsd.org <bluhm@openbsd.org>
+Date:   Thu Aug 22 21:47:27 2019 +0000
+
+    upstream: Test did not compile due to missing symbols. Add source
+    
+    sshbuf-misc.c to regress as it was done in ssh make file. from Moritz Buhl
+    
+    OpenBSD-Regress-ID: 9e1c23476bb845f3cf3d15d9032da3ed0cb2fcf5
+
+commit e0e7e3d0e26f2c30697e6d0cfc293414908963c7
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 30 14:26:19 2019 +1000
+
+    tweak warning flags
+    
+    Enable -Wextra if compiler supports it
+    
+    Set -Wno-error=format-truncation if available to prevent expected
+    string truncations in openbsd-compat from breaking -Werror builds
+
+commit 28744182cf90e0073b76a9e98de58a47e688b2c4
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 30 13:21:38 2019 +1000
+
+    proc_pidinfo()-based closefrom() for OS X
+    
+    Refactor closefrom() to use a single brute-force close() loop fallback.
+    
+    Based on patch from likan_999.student@sina.com in bz#3049. ok dtucker@
+
+commit dc2ca588144f088a54febebfde3414568dc73d5f
+Author: kn@openbsd.org <kn@openbsd.org>
+Date:   Fri Aug 16 11:16:32 2019 +0000
+
+    upstream: Call comma-separated lists as such to clarify semantics
+    
+    Options such as Ciphers take values that may be a list of ciphers;  the
+    complete list, not indiviual elements, may be prefixed with a dash or plus
+    character to remove from or append to the default list respectively.
+    
+    Users might read the current text as if each elment took an optional prefix,
+    so tweak the wording from "values" to "list" to prevent such ambiguity for
+    all options supporting this semantics (those that provide a list of
+    available elements via "ssh -Q ...").
+    
+    Input and OK jmc
+    
+    OpenBSD-Commit-ID: 4fdd175b0e5f5cb10ab3f26ccc38a93bb6515d57
+
+commit c4736f39e66729ce2bf5b06ee6b391e092b48f47
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Aug 16 06:35:27 2019 +0000
+
+    upstream: include sshbuf-misc.c in SRCS_BASE
+    
+    OpenBSD-Commit-ID: 99dd10e72c04e93849981d43d64c946619efa474
+
+commit d0e51810f332fe44ebdba41113aacf319d35f5a5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Aug 24 15:12:11 2019 +1000
+
+    Fix pasto in fallback code.
+    
+    There is no parameter called "pathname", it should simply be "path".
+    bz#3059, patch from samuel at cendio.se.
+
+commit e83c989bfd9fc9838b7dfb711d1dc6da81814045
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 23 10:19:30 2019 +1000
+
+    use SC_ALLOW_ARG_MASK to limit mmap protections
+    
+    Restrict to PROT_(READ|WRITE|NONE), i.e. exclude PROT_EXEC
+
+commit f6906f9bf12c968debec3671bbf19926ff8a235b
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Aug 23 10:08:48 2019 +1000
+
+    allow mprotect(2) with PROT_(READ|WRITE|NONE) only
+    
+    Used by some hardened heap allocators. Requested by Yegor
+    Timoshenko in https://github.com/openssh/openssh-portable/pull/142
+
+commit e3b6c966b79c3ea5d51b923c3bbdc41e13b96ea0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Aug 16 06:13:15 2019 +0000
+
+    upstream: switch percent_expand() to use sshbuf instead of a limited
+    
+    fixed buffer; ok markus@
+    
+    OpenBSD-Commit-ID: 3f9ef20bca5ef5058b48c1cac67c53b9a1d15711
+
+commit 9ab5b9474779ac4f581d402ae397f871ed16b383
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Aug 9 05:05:54 2019 +0000
+
+    upstream: produce a useful error message if the user's shell is set
+    
+    incorrectly during "match exec" processing. bz#2791 reported by Dario
+    Bertini; ok dtucker
+    
+    OpenBSD-Commit-ID: cf9eddd6a6be726cb73bd9c3936f3888cd85c03d
+
+commit 8fdbc7247f432578abaaca1b72a0dbf5058d67e5
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Aug 9 04:24:03 2019 +0000
+
+    upstream: Change description of TCPKeepAlive from "inactive" to
+    
+    "unresponsive" to clarify what it checks for.  Patch from jblaine at
+    kickflop.net via github pr#129, ok djm@.
+    
+    OpenBSD-Commit-ID: 3682f8ec7227f5697945daa25d11ce2d933899e9
+
+commit 7afc45c3ed72672690014dc432edc223b23ae288
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Aug 8 08:02:57 2019 +0000
+
+    upstream: Allow the maximimum uint32 value for the argument passed to
+    
+    -b which allows better error messages from later validation.  bz#3050, ok
+    djm@
+    
+    OpenBSD-Commit-ID: 10adf6876b2401b3dc02da580ebf67af05861673
+
+commit c31e4f5fb3915c040061981a67224de7650ab34b
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date:   Mon Aug 5 21:45:27 2019 +0000
+
+    upstream: Many key types are supported now, so take care to check
+    
+    the size restrictions and apply the default size only to the matching key
+    type. tweak and ok dtucker@
+    
+    OpenBSD-Commit-ID: b825de92d79cc4cba19b298c61e99909488ff57e
+
+commit 6b39a7b49ebacec4e70e24bfc8ea2f11057aac22
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Aug 5 11:50:33 2019 +0000
+
+    upstream: Remove now-redundant perm_ok arg since
+    
+    sshkey_load_private_type will now return SSH_ERR_KEY_BAD_PERMISSIONS in that
+    case.  Patch from jitendra.sharma at intel.com, ok djm@
+    
+    OpenBSD-Commit-ID: 07916a17ed0a252591b71e7fb4be2599cb5b0c77
+
+commit d46075b923bf25e6f25959a3f5b458852161cb3e
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Aug 5 21:36:48 2019 +1000
+
+    Fix mem leak in unit test.
+    
+    Patch from jitendra.sharma at intel.com.
+
+commit c4ffb72593c08921cf9291bc05a5ef1d0aaa6891
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Aug 2 01:41:24 2019 +0000
+
+    upstream: fix some memleaks in test_helper code
+    
+    bz#3037 from Jitendra Sharma
+    
+    OpenBSD-Regress-ID: 71440fa9186f5842a65ce9a27159385c6cb6f751
+
+commit 6e76e69dc0c7712e9ac599af34bd091b0e7dcdb5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Aug 2 01:23:19 2019 +0000
+
+    upstream: typo; from Christian Hesse
+    
+    OpenBSD-Commit-ID: 82f6de7438ea7ee5a14f44fdf5058ed57688fdc3
+
+commit 49fa065a1bfaeb88a59abdfa4432d3b9c35b0655
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jul 30 05:04:49 2019 +0000
+
+    upstream: let sshbuf_find/cmp take a void* for the
+    
+    search/comparison argument, instead of a u_char*. Saves callers needing to
+    cast.
+    
+    OpenBSD-Commit-ID: d63b69b7c5dd570963e682f758f5a47b825605ed
+
+commit 7adf6c430d6fc17901e167bc0789d31638f5c2f8
+Author: mestre@openbsd.org <mestre@openbsd.org>
+Date:   Wed Jul 24 08:57:00 2019 +0000
+
+    upstream: When using a combination of a Yubikey+GnuPG+remote
+    
+    forwarding the gpg-agent (and options ControlMaster+RemoteForward in
+    ssh_config(5)) then the codepath taken will call mux_client_request_session
+    -> mm_send_fd -> sendmsg(2). Since sendmsg(2) is not allowed in that codepath
+    then pledge(2) kills the process.
+    
+    The solution is to add "sendfd" to pledge(2), which is not too bad considering
+    a little bit later we reduce pledge(2) to only "stdio proc tty" in that
+    codepath.
+    
+    Problem reported and diff provided by Timothy Brown <tbrown at freeshell.org>
+    
+    OK deraadt@
+    
+    OpenBSD-Commit-ID: 7ce38b6542bbec00e441595d0a178e970a9472ac
+
+commit 0e2fe18acc1da853a9120c2e9af68e8d05e6503e
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Jul 23 23:06:57 2019 +0000
+
+    upstream: Fix typo in CASignatureAlgorithms wherein what should be
+    
+    a comma is a dot. Patch from hnj2 via github pr#141.
+    
+    OpenBSD-Commit-ID: 01f5a460438ff1af09aab483c0a70065309445f0
+
+commit e93ffd1a19fc47c49d68ae2fb332433690ecd389
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Jul 29 16:04:01 2019 +1000
+
+    Report success of individual tests as well as all.
+    
+    This puts the "all tests passed" message back at the end where the
+    test harnesses can find it.
+
+commit 2ad5b36b18bddf2965fe60384c29b3f1d451b4ed
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jul 29 09:49:23 2019 +1000
+
+    convert to UTF-8; from Mike Frysinger
+
+commit d31e7c937ba0b97534f373cf5dea34675bcec602
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Jul 26 04:22:21 2019 +0000
+
+    upstream: Restrict limit-keytype to types supported by build. This
+    
+    means we have to skip a couple tests when only one key type is supported.
+    
+    OpenBSD-Regress-ID: 22d05befb9c7ce21ce8dc22acf1ffe9e2ef2e95e
+
+commit 0967a233b8a28907ae8a4a6773c89f21d2ace11b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Jul 25 18:36:28 2019 +1000
+
+    Remove override disabling DH-GEX.
+    
+    The DH-GEX override doesn't work when build without OpenSSL, and
+    we'll prefer curve25519 these days, removing the need for it.
+
+commit 061407efc19b41ab4a7485e5adcff2a12befacdb
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Jul 25 09:17:35 2019 +0000
+
+    upstream: Only use supported key types during KRL test, preferring
+    
+    ed25519 since it's supported by both OpenSSL and non-OpenSSL builds.
+    
+    OpenBSD-Regress-ID: 9f2bb3eadd50fcc8245b1bd8fd6f0e53602f71aa
+
+commit 47f8ff1fa5b76790c1d785815fd13ee6009f8012
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Jul 25 08:48:11 2019 +0000
+
+    upstream: Switch keys-command test from rsa to ed25519 since it's
+    
+    supported for both OpenSSL and non-OpenSSL builds.
+    
+    OpenBSD-Regress-ID: 174be4be876edd493e4a5c851e5bc579885e7a0a
+
+commit 1e94afdfa8df774ab7dd3bad52912b636dc31bbd
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Jul 25 08:28:15 2019 +0000
+
+    upstream: Make certificate tests work with the supported key
+    
+    algorithms.  Allows tests to pass when built without OpenSSL.
+    
+    OpenBSD-Regress-ID: 617169a6dd9d06db3697a449d9a26c284eca20fc
+
+commit 26bf693661a48b97b6023f702b2af643676ac21a
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Jul 23 13:49:14 2019 +0000
+
+    upstream: Construct list of key types to test based on the types
+    
+    supported by the binaries.
+    
+    OpenBSD-Regress-ID: fcbd115efacec8ab0ecbdb3faef79ac696cb1d62
+
+commit 773c55b3d1230e8f7714a1b33873c37b85049c74
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Jul 23 13:32:48 2019 +0000
+
+    upstream: Only use DSA key type in tests if binaries support it.
+    
+    OpenBSD-Regress-ID: 770e31fe61dc33ed8eea9c04ce839b33ddb4dc96
+
+commit 159e987a54d92ccd73875e7581ffc64e8927a715
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed Jul 24 14:21:19 2019 +1000
+
+    Split test targets further.
+    
+    Splits test into file-tests, t-exec, unit and interop-tests and their
+    respective dependencies.  Should allow running any set individually
+    without having to build the other dependencies that are not needed
+    for that specific test.
+
+commit 520d4550a2470106d63e30079bb05ce82f3a4f7d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed Jul 24 11:20:18 2019 +1000
+
+    Add lib dependencies for regress binary targets.
+
+commit 4e8d0dd78d5f6142841a07dc8b8c6b4730eaf587
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed Jul 24 00:12:51 2019 +1000
+
+    Make "unit" a dependency of "test".
+
+commit 4317b2a0480e293e58ba115e47b49d3a384b6568
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 23 23:24:47 2019 +1000
+
+    upstream rev 1.28: fix comment typo.
+
+commit e0055af2bd39fdb44566ff6594147664e1fac8b8
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 23 23:06:22 2019 +1000
+
+    Split regress-binaries into two targets.
+    
+    Split the binaries for the unit tests out into a regress-unit-binaries
+    target, and add a dependency on it for only the unit tests.  This allows
+    us to run the integration tests only ("make t-exec") without building
+    the unit tests, which allows us to run a subset of the tests when
+    building --without-openssl without trying (and failing) to build the
+    unit tests.
+    
+    This means there are two targets for "unit" which I *think* is valid
+    (it works in testing, and makedepend will generate Makefiles of this
+    form)a but I could be wrong.
+
+commit 7cdf9fdcf11aaaa98c2bd22c92882ea559e772ad
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Jul 23 08:19:29 2019 +0000
+
+    upstream: Skip DH group generation test if binaries don't support
+    
+    DH-GEX.
+    
+    OpenBSD-Regress-ID: 7c918230d969ecf7656babd6191a74526bffbffd
+
+commit 3a3eab8bb0da3d2f0f32cb85a1a268bcca6e4d69
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Jul 23 07:55:29 2019 +0000
+
+    upstream: Only test conversion of key types supported by the
+    
+    binaries.
+    
+    OpenBSD-Regress-ID: e3f0938a0a7407e2dfbb90abc3ec979ab6e8eeea
+
+commit 7e66b7d98c6e3f48a1918c3e1940c9b11b10ec63
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Jul 23 07:39:43 2019 +0000
+
+    upstream: Only add ssh-dss to allowed key types if it's supported
+    
+    by the binary.
+    
+    OpenBSD-Regress-ID: 395a54cab16e9e4ece9aec047ab257954eebd413
+
+commit fd0684b319e664d8821dc4ca3026126dfea3ccf4
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 23 22:36:39 2019 +1000
+
+    Remove sys/cdefs.h include.
+    
+    It's not needed on -portable (that's handled by includes.h) and not all
+    platforms have it.
+
+commit 9634ffbf29b3c2493e69d10b37077b09a8cbf5ff
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 23 22:25:44 2019 +1000
+
+    Add headers to prevent warnings w/out OpenSSL.
+
+commit 2ea60312e1c08dea88982fec68244f89a40912ff
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 23 22:11:50 2019 +1000
+
+    Include stdlib.h for free() and calloc().
+
+commit 11cba2a4523fda447e2554ea457484655bedc831
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 23 21:51:22 2019 +1000
+
+    Re-apply portability changes to current sha2.{c,h}.
+    
+    Rather than attempt to apply 14 years' worth of changes to OpenBSD's sha2
+    I imported the current versions directly then re-applied the portability
+    changes.  This also allowed re-syncing digest-libc.c against upstream.
+
+commit 09159594a3bbd363429ee6fafde57ce77986dd7c
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 23 20:27:51 2019 +1000
+
+    Import current sha2.c and sha2.h from OpenBSD.
+    
+    These are not changed from their original state, the next commit will
+    re-apply the portable changes.
+
+commit 2e6035b900cc9d7432d95084e03993d1b426f812
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 23 08:11:22 2019 +1000
+
+    Rename valgrind "errors" to "failures".
+    
+    When valgrind is enabled, test-exec.sh counts the number of invocations
+    that valgrind detects failures in, not the total number of errors detected.
+    This makes the name to be more accurate.
+
+commit e82c9bb9ffa65725cc2e03ea81cb79ce3387f66b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jul 19 18:51:18 2019 +1000
+
+    Skip running sftp-chroot under Valgrind.
+
+commit 41e22c2e05cb950b704945ac9408f6109c9b7848
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Sat Jul 20 09:50:58 2019 +0000
+
+    upstream: Remove the sleeps and thus races from the forwarding
+    
+    test.  They were originally required to work with Protocol 1, but now we can
+    use ssh -N and the control socket without the sleeps. While there, suppress
+    output fro the control exit commands.
+    
+    OpenBSD-Regress-ID: 4c51a1d651242f12c90074c18c61008a74c1c790
+
+commit 0423043c5e54293f4dd56041304fd0046c317be9
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Sat Jul 20 09:37:31 2019 +0000
+
+    upstream: Allow SLEEPTIME to be overridden.
+    
+    OpenBSD-Regress-ID: 1596ab168729954be3d219933b2d01cc93687e76
+
+commit d466b6a5cfba17a83c7aae9f584ab164e2ece0a1
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Sat Jul 20 09:14:40 2019 +0000
+
+    upstream: Move sleep time into a variable so that we can increase
+    
+    it for platforms or configurations that are much slower then usual.
+    
+    OpenBSD-Regress-ID: 88586cabc800062c260d0b876bdcd4ca3f58a872
+
+commit b4a7c9d2b5f928e0b902b580d35dc8b244a3aae0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 19 03:45:44 2019 +0000
+
+    upstream: add regression tests for scp for out-of-destination path file
+    
+    creation by Harry Sintonen via Jakub Jelen in bz3007
+    
+    OpenBSD-Regress-ID: 01ae5fbc6ce400b2df5a84dc3152a9e31f354c07
+
+commit bca0582063f148c7ddf409ec51435a5a726bee4c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 19 03:38:01 2019 +0000
+
+    upstream: Accept the verbose flag when searching for host keys in known
+    
+    hosts (i.e. "ssh-keygen -vF host") to print the matching host's random- art
+    signature too. bz#3003 "amusing, pretty" deraadt@
+    
+    OpenBSD-Commit-ID: 686221a5447d6507f40a2ffba5393984d889891f
+
+commit 5299a09fa2879a068af200c91028fcfa9283c0f0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jul 19 13:50:25 2019 +1000
+
+    Revert one dependency per line change.
+    
+    It turns out that having such a large number of lines in the .depend
+    file will cause the memory usage of awk during AC_SUBST to blow up on at
+    least NetBSD's awk, causing configure to fail.
+
+commit 01dddb231f23b4a7b616f9d33a0b9d937f9eaf0e
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Jul 19 13:19:19 2019 +1000
+
+    fix SIGWINCH delivery of Solaris for mux sessions
+    
+    Remove PRIV_PROC_SESSION which was limiting ability to send SIGWINCH
+    signals to other sessions.  bz#3030; report and fix from Darren Moffat
+
+commit 05500af21d27c1a3ddac232b018cc23da7b1ee95
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jul 19 13:20:03 2019 +1000
+
+    Force dependencies one per line.
+    
+    Force makedepend to output one dependency per line, which will make
+    reading diffs against it much easier.  ok djm@
+
+commit b5bc5d016bbb83eb7f8e685390044e78b1ea1427
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jul 19 13:18:07 2019 +1000
+
+    make depend.
+
+commit 65333f7454365fe40f7367630e7dd10903b9d99e
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jul 19 13:16:11 2019 +1000
+
+    Show when skipping valgrind for a test.
+
+commit fccb7eb3436da8ef3dcd22e5936ba1abc7ae6730
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jul 19 10:41:56 2019 +1000
+
+    Enable connect-privsep test with valgrind.
+    
+    connect-privsep seems to work OK with valgrind now so don't skip
+    valgrind on it.
+
+commit d7423017265c5ae6d0be39340feb6c9f016b1f71
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jul 19 07:43:07 2019 +1000
+
+    Show valgrind results and error counts.
+
+commit 22b9b3e944880db906c6ac5527c4228bd92b293a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Jul 18 13:40:12 2019 +1000
+
+    Fix format string integer type in error message.
+
+commit ed46a0c0705895834d3f47a46faa89c2a71b760a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Jul 18 13:26:00 2019 +0000
+
+    upstream: fix off-by-one in sshbuf_dtob64() base64 wrapping that could
+    
+    cause extra newlines to be appended at the end of the base64 text (ugly, but
+    harmless). Found and fixed by Sebastian Kinne
+    
+    OpenBSD-Commit-ID: 9fe290bd68f706ed8f986a7704ca5a2bd32d7b68
+
+commit a192021fedead23c375077f92346336d531f8cad
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Jul 18 11:09:38 2019 +1000
+
+    Fail tests if Valgrind enabled and reports errors.
+    
+    Also dump the failing valgrind report to stdout (not the cleanest
+    solution, but better than nothing).
+
+commit d1c491ecb939ee10b341fa7bb6205dff19d297e5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Jul 18 10:17:54 2019 +1000
+
+    Allow low-priv tests to write to pipe dir.
+    
+    When running regression tests with Valgrind and SUDO, the low-priv agent
+    tests need to be able to create pipes in the appropriate directory.
+
+commit 8a5bb3e78191cc206f970c26d2a26c949971e91a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed Jul 17 21:24:55 2019 +1000
+
+    Put valgrind vgdb files to a specific directory.
+    
+    Valgrind by default puts vgdb files and pipes under /tmp, however it
+    is not always able to clean them up, which can cause test failures when
+    there's a pid/file collision.  Using a specific directory ensures that
+    we can clean up and start clean.
+
+commit f8829fe57fb0479d6103cfe1190095da3c032c6d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jul 16 22:16:49 2019 +0000
+
+    upstream: adapt to sshbuf_dtob64() change
+    
+    OpenBSD-Regress-ID: 82374a83edf0955fd1477169eee3f5d6467405a6
+
+commit 1254fcbb2f005f745f2265016ee9fa52e16d37b0
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Jul 16 03:21:54 2019 +0000
+
+    upstream: Remove ssh1 files from CLEANFILES since ssh1 no longer
+    
+    supported.
+    
+    OpenBSD-Regress-ID: 5b9ae869dc669bac05939b4a2fdf44ee067acfa0
+
+commit 9dc81a5adabc9a7d611ed2e63fbf4c85d43b15c6
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Jul 16 02:09:29 2019 +0000
+
+    upstream: Update names of host key files in CLEANFILES to match
+    
+    recent changes to the tests.
+    
+    OpenBSD-Regress-ID: 28743052de3acf70b06f18333561497cd47c4ecf
+
+commit e44e4ad1190db22ed407a79f32a8cff5bcd2b815
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Jul 16 23:26:53 2019 +1000
+
+    depend
+
+commit 16dd8b2c78a0de106c7429e2a294d203f6bda3c7
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jul 16 13:18:39 2019 +0000
+
+    upstream: remove mostly vestigal uuencode.[ch]; moving the only unique
+    
+    functionality there (wrapping of base64-encoded data) to sshbuf functions;
+    feedback and ok markus@
+    
+    OpenBSD-Commit-ID: 4dba6735d88c57232f6fccec8a08bdcfea44ac4c
+
+commit 45478898f9590b5cc8bc7104e573b84be67443b0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 16 09:20:23 2019 +1000
+
+    Hook memmem compat code into build.
+    
+    This fixes builds on platforms that don't have it (at least old DragonFly,
+    probably others).
+
+commit c7bd4617293a903bd3fac3394a7e72d439af49a5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jul 16 09:07:18 2019 +1000
+
+    Import memmem.c from OpenBSD.
+
+commit 477e2a3be8b10df76e8d76f0427b043280d73d68
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jul 15 13:12:02 2019 +0000
+
+    upstream: unit tests for sshbuf_cmp() and sshbuf_find(); ok markus
+    
+    OpenBSD-Regress-ID: b52d36bc3ab6dc158c1e59a9a4735f821cf9e1fd
+
+commit eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jul 15 13:16:29 2019 +0000
+
+    upstream: support PKCS8 as an optional format for storage of
+    
+    private keys, enabled via "ssh-keygen -m PKCS8" on operations that save
+    private keys to disk.
+    
+    The OpenSSH native key format remains the default, but PKCS8 is a
+    superior format to PEM if interoperability with non-OpenSSH software
+    is required, as it may use a less terrible KDF (IIRC PEM uses a single
+    round of MD5 as a KDF).
+    
+    adapted from patch by Jakub Jelen via bz3013; ok markus
+    
+    OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
+
+commit e18a27eedccb024acb3cd9820b650a5dff323f01
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jul 15 13:11:38 2019 +0000
+
+    upstream: two more bounds-checking sshbuf counterparts to common
+    
+    string operations: sshbuf_cmp() (bcmp-like) and sshbuf_find() (memmem like)
+    
+    feedback and ok markus@
+    
+    OpenBSD-Commit-ID: fd071ec2485c7198074a168ff363a0d6052a706a
+
+commit bc551dfebb55845537b1095cf3ccd01640a147b7
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Jul 15 12:52:45 2019 +1000
+
+    Clear valgrind-out dir to prevent collisions.
+
+commit 5db9ba718e983661a9114ae1418f6e412d1f52d5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Jul 15 12:02:27 2019 +1000
+
+    Allow agent tests to write to valgrind dir.
+
+commit 121e48fa5305f41f0477d9908e3d862987a68a84
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jul 14 23:33:19 2019 +0000
+
+    upstream: unit tests for sshbuf_peek/poke bounds-checked random access
+    
+    functions. ok markus@
+    
+    OpenBSD-Regress-ID: 034c4284b1da6b12e25c762a6b958efacdafbaef
+
+commit 101d164723ffbc38f8036b6f3ea3bfef771ba250
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jul 14 23:32:27 2019 +0000
+
+    upstream: add some functions to perform random-access read/write
+    
+    operations inside buffers with bounds checking. Intended to replace manual
+    pointer arithmetic wherever possible.
+    
+    feedback and ok markus@
+    
+    OpenBSD-Commit-ID: 91771fde7732738f1ffed078aa5d3bee6d198409
+
+commit 7250879c72d28275a53f2f220e49646c3e42ef18
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 12 04:08:39 2019 +0000
+
+    upstream: include SHA2-variant RSA key algorithms in KEX proposal;
+    
+    allows ssh-keyscan to harvest keys from servers that disable olde SHA1
+    ssh-rsa. bz#3029 from Jakub Jelen
+    
+    OpenBSD-Commit-ID: 9f95ebf76a150c2f727ca4780fb2599d50bbab7a
+
+commit a0876bd994cab9ba6e47ba2a163a4417c7597487
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 12 03:56:21 2019 +0000
+
+    upstream: print explicit "not modified" message if a file was
+    
+    requested for resumed download but was considered already complete.
+    
+    bz#2978 ok dtucker
+    
+    OpenBSD-Commit-ID: f32084b26a662f16215ee4ca4a403d67e49ab986
+
+commit b9b0f2ac9625933db53a35b1c1ce423876630558
+Author: tb@openbsd.org <tb@openbsd.org>
+Date:   Wed Jul 10 07:04:27 2019 +0000
+
+    upstream: Fix a typo and make <esc><right> move right to the
+    
+    closest end of a word just like <esc><left> moves left to the closest
+    beginning of a word.
+    
+    ok djm
+    
+    OpenBSD-Commit-ID: 6afe01b05ed52d8b12eb1fda6e9af5afb5e198ee
+
+commit 8729498a5d239980a91d32f031b34e8c58c52f62
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Jul 10 09:43:19 2019 +1000
+
+    fix typo that prevented detection of Linux VRF
+    
+    Reported by hexiaowen AT huawei.com
+
+commit 5b2b79ff7c057ee101518545727ed3023372891d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jul 9 04:15:00 2019 +0000
+
+    upstream: cap the number of permiopen/permitlisten directives we're
+    
+    willing to parse on a single authorized_keys line; ok deraadt@
+    
+    OpenBSD-Commit-ID: a43a752c2555d26aa3fc754805a476f6e3e30f46
+
+commit eb0b51dac408fadd1fd13fa6d726ab8fdfcc4152
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Jul 8 17:27:26 2019 +1000
+
+    Move log.h include inside ifdefs.
+    
+    Fixes build on some other platforms that don't have va_list immediately
+    available (eg NetBSD).
+
+commit 43702f8e6fa22a258e25c4dd950baaae0bc656b7
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jul 6 23:07:04 2019 +1000
+
+    Include log.h for debug() and friends.
+    
+    Should fix some compiler warnings on IRIX (bz#3032).
+
+commit 53a6ebf1445a857f5e487b18ee5e5830a9575149
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jul 8 13:44:32 2019 +1000
+
+    sftp-realpath.c needs includes.h
+
+commit 4efe1adf05ee5d3fce44320fcff68735891f4ee6
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jul 8 13:38:39 2019 +1000
+
+    remove realpath() compat replacement
+    
+    We shipped a BSD implementation of realpath() because sftp-server
+    depended on its behaviour.
+    
+    OpenBSD is now moving to a more strictly POSIX-compliant realpath(2),
+    so sftp-server now unconditionally requires its own BSD-style realpath
+    implementation. As such, there is no need to carry another independant
+    implementation in openbsd-compat.
+    
+    ok dtucker@
+
+commit 696fb4298e80f2ebcd188986a91b49af3b7ca14c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Sun Jul 7 01:05:00 2019 +0000
+
+    upstream: Remove some set but never used variables. ok daraadt@
+    
+    OpenBSD-Commit-ID: 824baf9c59afc66a4637017e397b9b74a41684e7
+
+commit 156e9e85e92b46ca90226605d9eff49e8ec31b22
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Fri Jul 5 12:35:40 2019 +0000
+
+    upstream: still compile uuencode.c, unbreaks build
+    
+    OpenBSD-Commit-ID: 5ea3d63ab972691f43e9087ab5fd8376d48e898f
+
+commit cec9ee527a12b1f6c2e0a1c155fec64a38d71cf6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 5 07:32:01 2019 +0000
+
+    upstream: revert header removal that snuck into previous
+    
+    OpenBSD-Commit-ID: 3919cdd58989786660b8269b325646ef8856428e
+
+commit 569b650f93b561c09c655f83f128e1dfffe74101
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jul 5 04:55:40 2019 +0000
+
+    upstream: add a local implementation of BSD realpath() for
+    
+    sftp-server use ahead of OpenBSD's realpath changing to match POSIX;
+    
+    ok deraadt@ (thanks for snaps testing)
+    
+    OpenBSD-Commit-ID: 4f8cbf7ed8679f6237264301d104ecec64885d55
+
+commit b8e2b797362526437e0642a6c2f2970d794f2561
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jul 6 13:13:57 2019 +1000
+
+    Add prototype for strnlen to prevent warnings.
+
+commit 4c3e00b1ed7e596610f34590eb5d54ee50d77878
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jul 6 13:02:34 2019 +1000
+
+    Cast *ID types to unsigned long when printing.
+    
+    UID and GID types vary by platform so cast to u_long and use %lu when
+    printing them to prevent warnings.
+
+commit 2753521e899f30d1d58b5da0b4e68fde6fcf341e
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jul 6 12:54:43 2019 +1000
+
+    Add prototype for compat strndup.(bz#3032).
+
+commit 01a1e21cd55d99293c8ff8ed7c590f2ee440da43
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jul 6 12:00:41 2019 +1000
+
+    Add missing bracket in EGD seeding code.
+    
+    When configured --with-prngd-socket the code had a missing bracket after
+    an API change.  Fix that and a couple of warnings.  bz#3032 , from
+    ole.weidner at protonmail.ch
+
+commit e187b1d4607392cf2c19243afe0d0311a4ff3591
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Jul 5 04:19:39 2019 +0000
+
+    upstream: Add (recently added) rsa_oldfmt to CLEANFILES.
+    
+    OpenBSD-Regress-ID: 405beda94e32aa6cc9c80969152fab91f7c54bd3
+
+commit 74b541bfabdcb57c1683cd9b3f1d1f4d5e41563e
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Jul 5 04:12:46 2019 +0000
+
+    upstream: Adapt the PuTTY/Conch tests to new key names.
+    
+    A recent regress change (2a9b3a2ce411d16cda9c79ab713c55f65b0ec257 in
+    portable) broke the PuTTY and Twisted Conch interop tests, because the
+    key they want to use is now called ssh-rsa rather than rsa.  Adapt the
+    tests to the new file names.  bz#3020, patch from cjwatson at debian.org.
+    
+    OpenBSD-Regress-ID: fd342a37db4d55aa4ec85316f73082c8eb96e64e
+
+commit de08335a4cfaa9b7081e94ea4a8b7153c230546d
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Jul 5 04:03:13 2019 +0000
+
+    upstream: Add a sleep to allow forwards to come up.
+    
+    Currently when the multiplex client requests a forward it returns
+    once the request has been sent but not necessarily when the forward
+    is up.  This causes intermittent text failures due to this race,
+    so add some sleeps to mitigate this until we can fix it properly.
+    
+    OpenBSD-Regress-ID: 384c7d209d2443d25ea941d7f677e932621fb253
+
+commit 4d249284729f864faa2e8f3e015f9a41b674544a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jul 5 14:58:57 2019 +1000
+
+    Remove nc stderr redirection to resync w/OpenBSD.
+
+commit c5cfa90e03432181ffcc7ad3f9f815179bd0c626
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jul 5 13:21:45 2019 +1000
+
+    Do not fatal on failed lookup of group "tty".
+    
+    Some platforms (eg AIX and Cygwin) do not have a "tty" group.  In those
+    cases we will fall back to making the tty device the user's primary
+    group, so do not fatal if the group lookup fails.  ok djm@
+
+commit 8b4cc4bdc8a70bf209a274fa2b2a49c1e3c8d8a2
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Thu Jul 4 16:20:10 2019 +0000
+
+    upstream: fatal() if getgrnam() cannot find "tty"
+    
+    OpenBSD-Commit-ID: d148c1c052fa0ed7d105b5428b5c1bab91630048
+
+commit 48cccc275c6a1e91d3f80fdb0dc0d5baf529aeca
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Thu Jul 4 16:16:51 2019 +0000
+
+    upstream: stat() returns precisely -1 to indicate error
+    
+    OpenBSD-Commit-ID: 668e8d022ed4ab847747214f64119e5865365fa1
+
+commit 8142fcaf9ed8ff66252deecbfd29fc59d5f2df4f
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Wed Jul 3 03:24:02 2019 +0000
+
+    upstream: snprintf/vsnprintf return < 0 on error, rather than -1.
+    
+    OpenBSD-Commit-ID: a261c421140a0639bb2b66bbceca72bf8239749d
+
+commit 4d28fa78abce2890e136281950633fae2066cc29
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Fri Jun 28 13:35:04 2019 +0000
+
+    upstream: When system calls indicate an error they return -1, not
+    
+    some arbitrary value < 0.  errno is only updated in this case.  Change all
+    (most?) callers of syscalls to follow this better, and let's see if this
+    strictness helps us in the future.
+    
+    OpenBSD-Commit-ID: 48081f00db7518e3b712a49dca06efc2a5428075
+
+commit e8c974043c1648eab0ad67a7ba6a3e444fe79d2d
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Fri Jun 28 05:44:09 2019 +0000
+
+    upstream: asprintf returns -1, not an arbitrary value < 0. Also
+    
+    upon error the (very sloppy specification) leaves an undefined value in *ret,
+    so it is wrong to inspect it, the error condition is enough. discussed a
+    little with nicm, and then much more with millert until we were exasperated
+    
+    OpenBSD-Commit-ID: 29258fa51edf8115d244b9d4b84028487bf8923e
+
+commit 1b2d55d15c6240c15a1e1cf4203b82e54a766272
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Fri Jun 28 01:23:50 2019 +0000
+
+    upstream: oops, from asou
+    
+    OpenBSD-Commit-ID: 702e765d1639b732370d8f003bb84a1c71c4d0c6
+
+commit 5cdbaa78fcb718c39af4522d98016ad89d065427
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Thu Jun 27 18:03:37 2019 +0000
+
+    upstream: Some asprintf() calls were checked < 0, rather than the
+    
+    precise == -1. ok millert nicm tb, etc
+    
+    OpenBSD-Commit-ID: caecf8f57938685c04f125515b9f2806ad408d53
+
+commit b2e3e57be4a933d9464bccbe592573725765486f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Jun 27 06:29:35 2019 +0000
+
+    upstream: fix NULL deference (bzero) on err
+    
+    =?UTF-8?q?or=20path=20added=20in=20last=20commit;=20spotted=20by=20Reynir?=
+    =?UTF-8?q?=20Bj=C3=B6rnsson?=
+    MIME-Version: 1.0
+    Content-Type: text/plain; charset=UTF-8
+    Content-Transfer-Encoding: 8bit
+    
+    ok deraadt@ markus@ tb@
+    
+    OpenBSD-Commit-ID: b11b084bcc551b2c630560eb08618dd501027bbd
+
+commit 58ceacdcbaebefc77d120712de55c6fc6aa32bb1
+Author: Jitendra Sharma <jitendra.sharma@intel.com>
+Date:   Fri Jun 21 09:54:17 2019 +0530
+
+    Update README doc to include missing test cases
+    
+    Readme regress document is missing various individual tests,
+    which are supported currently. Update README to
+    include those test cases.
+
+commit 7959330a554051b5587f8af3fec0c2c0d5820f64
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Wed Jun 26 22:29:43 2019 +0000
+
+    upstream: Remove unneeded unlink of xauthfile o
+    
+    =?UTF-8?q?n=20error=20path.=20=20From=20Erik=20Sj=C3=B6lund=20via=20githu?=
+    =?UTF-8?q?b,=20ok=20djm@=20deraadt@?=
+    MIME-Version: 1.0
+    Content-Type: text/plain; charset=UTF-8
+    Content-Transfer-Encoding: 8bit
+    
+    OpenBSD-Commit-ID: 62a4893cf83b29a4bbfedc40e7067c25c203e632
+
+commit 8de52eb224143783a49f9bddd9ab7800022a8276
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jun 23 12:21:46 2019 +0000
+
+    upstream: fix mismatch proto/decl from key shielding change; spotted
+    
+    via oss-fuzz
+    
+    OpenBSD-Commit-ID: 1ea0ba05ded2c5557507bd844cd446e5c8b5b3b7
+
+commit 1dfadb9b57c2985c95838a0292d1c2f6a501896e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jun 21 04:21:45 2019 +0000
+
+    upstream: adapt for key shielding API changes (const removal)
+    
+    OpenBSD-Regress-ID: 298890bc52f0cd09dba76dc1022fabe89bc0ded6
+
+commit 4f7a56d5e02e3d04ab69eac1213817a7536d0562
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jun 21 04:21:04 2019 +0000
+
+    upstream: Add protection for private keys at rest in RAM against
+    
+    speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer
+    and Rambleed. This change encrypts private keys when they are not in use with
+    a symmetic key that is derived from a relatively large "prekey" consisting of
+    random data (currently 16KB).
+    
+    Attackers must recover the entire prekey with high accuracy before
+    they can attempt to decrypt the shielded private key, but the current
+    generation of attacks have bit error rates that, when applied
+    cumulatively to the entire prekey, make this unlikely.
+    
+    Implementation-wise, keys are encrypted "shielded" when loaded and then
+    automatically and transparently unshielded when used for signatures or
+    when being saved/serialised.
+    
+    Hopefully we can remove this in a few years time when computer
+    architecture has become less unsafe.
+    
+    been in snaps for a bit already; thanks deraadt@
+    
+    ok dtucker@ deraadt@
+    
+    OpenBSD-Commit-ID: 19767213c312e46f94b303a512ef8e9218a39bd4
+
+commit 4cd6b12cc9c10bf59c8b425041f3ea5091285a0f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jun 21 03:19:59 2019 +0000
+
+    upstream: print the correct AuthorizedPrincipalsCommand rather than
+    
+    an uninitialised variable; spotted by dtucker@
+    
+    OpenBSD-Commit-ID: 02802018784250f68202f01c8561de82e17b0638
+
+commit 5f68ab436b0e01751d564e9a9041e6ac3673e45a
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Wed Jun 19 20:12:44 2019 +0000
+
+    upstream: from tim: - for reput, it is remote-path which is
+    
+    optional, not local-path - sync help
+    
+    from deraadt:
+    - prefer -R and undocument -r (but add a comment for future editors)
+    
+    from schwarze:
+    - prefer -p and undocument -P (as above. the comment was schwarze's too)
+    
+    more:
+    - add the -f flag to reput and reget
+    - sort help (i can;t remember who suggested this originally)
+    
+    djm and deraadt were ok with earlier versions of this;
+    tim and schwarze ok
+    
+    OpenBSD-Commit-ID: 3c699b53b46111f5c57eed4533f132e7e58bacdd
+
+commit 99bcbbc77fbd5a5027031f42a5931b21b07c947e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jun 14 04:03:48 2019 +0000
+
+    upstream: check for convtime() refusing to accept times that
+    
+    resolve to LONG_MAX Reported by Kirk Wolf bz2977; ok dtucker
+    
+    OpenBSD-Regress-ID: 15c9fe87be1ec241d24707006a31123d3a3117e0
+
+commit e5cccb2410247c9b8151b9510a876abdf5424b24
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Sun Apr 28 22:53:26 2019 +0000
+
+    upstream: Add unit tests for user@host and URI parsing.
+    
+    OpenBSD-Regress-ID: 69d5b6f278e04ed32377046f7692c714c2d07a68
+
+commit 0bb7e38834e3f9886302bbaea630a6b0f8cfb520
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Apr 18 18:57:16 2019 +0000
+
+    upstream: Add tests for sshd -T -C with Match.
+    
+    OpenBSD-Regress-ID: d4c34916fe20d717692f10ef50b5ae5a271c12c7
+
+commit 73eb6cef41daba0359c1888e4756108d41b4e819
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sun Jun 16 12:55:27 2019 +1000
+
+    Include stdio.h for vsnprintf.
+    
+    Patch from mforney at mforney.org.
+
+commit adcaf40fd0a180e6cb5798317fdf479b52e3c09a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jun 8 09:07:04 2019 +1000
+
+    upstream rev 1.27: fix integer overflow.
+    
+    Cast bitcount to u_in64_t before bit shifting to prevent integer overflow
+    on 32bit platforms which cause incorrect results when adding a block
+    >=512M in size.  sha1 patch from ante84 at gmail.com via openssh github,
+    sha2 with djm@, ok tedu@
+
+commit 7689048e6103d3c34cba24ac5aeea7bf8405d19a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jun 8 09:06:06 2019 +1000
+
+    upstream rev 1.25: add DEF_WEAK.
+    
+    Wrap blowfish, sha*, md5, and rmd160 so that internal calls go direct
+    ok deraadt@
+
+commit 55f3153393ac7e072a4b4b21b194864460d8f44a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jun 8 09:02:24 2019 +1000
+
+    upstream rev 1.25: add sys/types.h
+
+commit 10974f986fa842a3a3a693e3d5761072540002b4
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jun 8 09:01:14 2019 +1000
+
+    upstream: Use explicit_bzero instead of memset
+    
+    in hash Final and End functions.  OK deraadt@ djm@
+
+commit cb8f56570f70b00abae4267d4bcce2bfae7dfff6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jun 14 04:13:58 2019 +0000
+
+    upstream: slightly more instructive error message when the user
+    
+    specifies multiple -J options on the commandline. bz3015 ok dtucker@
+    
+    OpenBSD-Commit-ID: 181c15a65cac3b575819bc8d9a56212c3c748179
+
+commit 2317ce4b0ed7d8c4b0c684e2d47bff5006bd1178
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jun 14 03:51:47 2019 +0000
+
+    upstream: process agent requests for RSA certificate private keys using
+    
+    correct signature algorithm when requested. Patch from Jakub Jelen in bz3016
+    ok dtucker markus
+    
+    OpenBSD-Commit-ID: 61f86efbeb4a1857a3e91298c1ccc6cf49b79624
+
+commit c95b90d40170473825904be561b1eafba354f376
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jun 14 03:39:59 2019 +0000
+
+    upstream: for public key authentication, check AuthorizedKeysFiles
+    
+    files before consulting AuthorizedKeysCommand; ok dtucker markus
+    
+    OpenBSD-Commit-ID: 13652998bea5cb93668999c39c3c48e8429db8b3
+
+commit a5a53914989ddd3521b6edc452bc3291784a4f4f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jun 14 03:28:19 2019 +0000
+
+    upstream: if passed a bad fd, log what it was
+    
+    OpenBSD-Commit-ID: 582e2bd05854e49365195b58989b68ac67f09140
+
+commit 7349149da1074d82b71722338e05b6a282f126cc
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Wed Jun 12 11:31:50 2019 +0000
+
+    upstream: Hostname->HostName cleanup; from lauri tirkkonen ok
+    
+    dtucker
+    
+    OpenBSD-Commit-ID: 4ade73629ede63b691f36f9a929f943d4e7a44e4
+
+commit 76af9c57387243556d38935555c227d0b34062c5
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Wed Jun 12 05:53:21 2019 +0000
+
+    upstream: deraadt noticed some inconsistency in the way we denote
+    
+    the "Hostname" and "X11UseLocalhost" keywords; this makes things consistent
+    (effectively reversing my commit of yesterday);
+    
+    ok deraadt markus djm
+    
+    OpenBSD-Commit-ID: 255c02adb29186ac91dcf47dfad7adb1b1e54667
+
+commit d1bbfdd932db9b9b799db865ee1ff50060dfc895
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Tue Jun 11 13:39:40 2019 +0000
+
+    upstream: consistent lettering for "HostName" keyword; from lauri
+    
+    tirkkonen
+    
+    OpenBSD-Commit-ID: 0c267a1257ed7482b13ef550837b6496e657d563
+
+commit fc0340f7c4ee29bfb12bd1de9f99defa797e16b4
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jun 8 00:10:59 2019 +1000
+
+    Typo fixes in error messages.
+    
+    Patch from knweiss at gmail.com via github pull req #97 (portable-
+    specific parts).
+
+commit 4b7dd22b02b64b1ededd3c0e98a6e7ae21e31d38
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Jun 7 14:18:48 2019 +0000
+
+    upstream: Typo and spelling fixes in comments and error messages.
+    
+    Patch from knweiss at gmail.com via -portable.
+    
+    OpenBSD-Commit-ID: 2577465442f761a39703762c4f87a8dfcb918b4b
+
+commit 130ef0695e1731392ca33831939fe89e8b70cc17
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jun 8 00:47:07 2019 +1000
+
+    Include missed bits from previous sync.
+
+commit 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Jun 7 03:47:12 2019 +0000
+
+    upstream: Check for user@host when parsing sftp target. This
+    
+    allows user@[1.2.3.4] to work without a path in addition to with one.
+    bz#2999, ok djm@
+    
+    OpenBSD-Commit-ID: d989217110932490ba8ce92127a9a6838878928b
+
+commit 0323d9b619d512f80c57575b810a05791891f657
+Author: otto@openbsd.org <otto@openbsd.org>
+Date:   Thu Jun 6 05:13:13 2019 +0000
+
+    upstream: Replace calls to ssh_malloc_init() by a static init of
+    
+    malloc_options. Prepares for changes in the way malloc is initialized.  ok
+    guenther@ dtucker@
+    
+    OpenBSD-Commit-ID: 154f4e3e174f614b09f792d4d06575e08de58a6b
+
+commit c586d2d3129265ea64b12960c379d634bccb6535
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri May 31 03:20:07 2019 +0000
+
+    upstream: fix ssh-keysign fd handling problem introduced in r1.304
+    
+    caused by a typo (STDIN_FILENO vs STDERR_FILENO)
+    
+    OpenBSD-Commit-ID: 57a0b4be7bef23963afe24150e24bf014fdd9cb0
+
+commit 410b231aa41ff830b2f5b09b5aaf5e5cdc1ab86b
+Author: lum@openbsd.org <lum@openbsd.org>
+Date:   Wed May 29 08:30:26 2019 +0000
+
+    upstream: Make the standard output messages of both methods of
+    
+    changing a key pair's comments (using -c and -C) more applicable to both
+    methods. ok and suggestions djm@ dtucker@
+    
+    OpenBSD-Commit-ID: b379338118109eb36e14a65bc0a12735205b3de6
+
+commit 2b3402dc9f1d9b0df70291b424f36e436cdfa7e0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Jun 8 00:03:07 2019 +1000
+
+    Always clean up before and after utimensat test.
+
+commit 182898192d4b720e4faeafd5b39c2cfb3b92aa21
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jun 7 23:47:37 2019 +1000
+
+    Update utimensat test.
+    
+    POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW should
+    update the symlink and not the destination.  The compat code doesn't
+    have a way to do this, so where possible it fails instead of following a
+    symlink when explicitly asked not to. Instead of checking for an explicit
+    failure, check that it does not update the destination, which both the
+    real and compat implmentations should honour.
+    
+    Inspired by github pull req #125 from chutzpah at gentoo.org.
+
+commit d220b675205185e0b4d6b6524acc2e5c599ef0e2
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jun 7 14:26:54 2019 +1000
+
+    Have pthread_create return errno on failure.
+    
+    According to POSIX, pthread_create returns the failure reason in
+    the non-zero function return code so make the fork wrapper do that.
+    Matches previous change.
+
+commit 1bd4f7f25f653e0cadb2e6f25d79bc3c35c6aa4d
+Author: Elliott Hughes <enh@google.com>
+Date:   Thu Apr 25 13:36:27 2019 -0700
+
+    pthread_create(3) returns positive values on failure.
+    
+    Found by inspection after finding similar bugs in other code used by
+    Android.
+
+commit b3a77b25e5f7880222b179431a74fad76d2cf60c
+Author: Harald Freudenberger <freude@linux.ibm.com>
+Date:   Fri May 24 10:11:15 2019 +0200
+
+    allow s390 specific ioctl for ecc hardware support
+    
+    Adding another s390 specific ioctl to be able to support ECC hardware
+    acceleration to the sandbox seccomp filter rules.
+    
+    Now the ibmca openssl engine provides elliptic curve cryptography
+    support with the help of libica and CCA crypto cards. This is done via
+    jet another ioctl call to the zcrypt device driver and so there is a
+    need to enable this on the openssl sandbox.
+    
+    Code is s390 specific and has been tested, verified and reviewed.
+    
+    Please note that I am also the originator of the previous changes in
+    that area.  I posted these changes to Eduardo and he forwarded the
+    patches to the openssl community.
+    
+    Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
+    Reviewed-by: Joerg Schmidbauer <jschmidb@de.ibm.com>
+
+commit 2459df9aa11820f8092a8651aeb381af7ebbccb1
+Author: Sorin Adrian Savu <sorin25@users.noreply.github.com>
+Date:   Sun May 26 21:50:08 2019 +0300
+
+    openssl-devel is obsoleted by libssl-devel
+    
+    openssl-devel is no longer installable via the cygwin setup and
+    it's hidden by default, so you can't see the replacement very easy.
+
+commit 85ceb0e64bff672558fc87958cd548f135c83cdd
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Mon May 20 06:01:59 2019 +0000
+
+    upstream: tweak previous;
+    
+    OpenBSD-Commit-ID: 42f39f22f53cfcb913bce401ae0f1bb93e08dd6c
+
+commit 30615295609f5c57b3137b3021fe63bfa45c1985
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon May 20 00:25:55 2019 +0000
+
+    upstream: embiggen format buffer size for certificate serial number so
+    
+    that it will fit a full 64 bit integer. bz#3012 from Manoel Domingues Junior
+    
+    OpenBSD-Commit-ID: a51f3013056d05b976e5af6b978dcb9e27bbc12b
+
+commit 476e3551b2952ef73acc43d995e832539bf9bc4d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon May 20 00:20:35 2019 +0000
+
+    upstream: When signing certificates with an RSA key, default to
+    
+    using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
+    will therefore be incompatible with OpenSSH < 7.2 unless the default is
+    overridden.
+    
+    Document the ability of the ssh-keygen -t flag to override the
+    signature algorithm when signing certificates, and the new default.
+    
+    ok deraadt@
+    
+    OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
+
+commit 606077ee1e77af5908431d003fb28461ef7be092
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri May 17 13:14:12 2019 +1000
+
+    Add no-op implementation of pam_putenv.
+    
+    Some platforms such as HP-UX do not have pam_putenv.  Currently the
+    calls are ifdef'ed out, but a new one was recently added.  Remove the
+    ifdefs and add a no-op implementation.  bz#3008, ok djm.
+
+commit 1ac98be8724c9789d770ddb8e7f0dbf1b55e05a0
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri May 17 12:42:17 2019 +1000
+
+    Use the correct macro for SSH_ALLOWED_CA_SIGALGS.
+
+commit 97370f6c2c3b825f8c577b7e6c00b1a98d30a6cf
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri May 17 10:54:51 2019 +1000
+
+    Fix building w/out ECC.
+    
+    Ifdef out ECC specific code so that that it'll build against an OpenSSL
+    configured w/out ECC.  With & ok djm@
+
+commit 633703babf8d9a88da85f23b800e1b88dec7cdbd
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri May 17 10:50:29 2019 +1000
+
+    Conditionalize ECDH methods in CA algos.
+    
+    When building against an OpenSSL configured without ECC, don't include
+    those algos in CASignatureAlgorithms.  ok djm@
+
+commit 5c8d14c512f5d413095b22bdba08a6bb990f1e97
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu May 16 08:47:27 2019 +0000
+
+    upstream: Move a variable declaration to the block where it's used
+    
+    to make things a little tidier for -portable.
+    
+    OpenBSD-Commit-ID: 616379861be95619e5358768b7dee4793e2f3a75
+
+commit a1d29cc36a5e6eeabc935065a8780e1ba5b67014
+Author: deraadt@openbsd.org <deraadt@openbsd.org>
+Date:   Wed May 15 04:43:31 2019 +0000
+
+    upstream: When doing the fork+exec'ing for ssh-keysign, rearrange
+    
+    the socket into fd3, so as to not mistakenly leak other fd forward
+    accidentally. ok djm
+    
+    OpenBSD-Commit-ID: 24cc753f5aa2c6a7d0fbf62766adbc75cd785296
+
+commit db7606d4a62fee67b0cb2f32dfcbd7b3642bfef5
+Author: schwarze@openbsd.org <schwarze@openbsd.org>
+Date:   Tue May 14 12:47:17 2019 +0000
+
+    upstream: Delete some .Sx macros that were used in a wrong way.
+    
+    Part of a patch from Stephen Gregoratto <dev at sgregoratto dot me>.
+    
+    OpenBSD-Commit-ID: 15501ed13c595f135e7610b1a5d8345ccdb513b7
+
+commit cb4accb1233865d9151f8a50cc5f0c61a3fd4077
+Author: florian@openbsd.org <florian@openbsd.org>
+Date:   Fri May 10 18:55:17 2019 +0000
+
+    upstream: For PermitOpen violations add the remote host and port to
+    
+    be able to find out from where the request was comming.
+    
+    Add the same logging for PermitListen violations which where not
+    logged at all.
+    
+    Pointed out by Robert Kisteleki (robert AT ripe.net)
+    
+    input markus
+    OK deraadt
+    
+    OpenBSD-Commit-ID: 8a7d0f1b7175504c0d1dca8d9aca1588b66448c8
+
+commit cd16aceec148d55088fc8df6be88335578d85258
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu May 16 07:53:20 2019 +1000
+
+    Add OpenSSL 1.1.1 to the supported list.
+    
+    Clarify the language around prngd and egd.
+
+commit 6fd4aa2aafbce90acb11a328ca0aa0696cb01c6b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed May 15 16:19:14 2019 +1000
+
+    Fix typo in man page formatter selector.
+
+commit 285546b73e2c172565c992a695927ac8cf3b4cc6
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri May 10 15:04:42 2019 +1000
+
+    Use "doc" man page format if mandoc present.
+    
+    Previously configure would not select the "doc" man page format if
+    mandoc was present but nroff was not.  This checks for mandoc first
+    and removes a now-superflous AC_PATH_PROG.  Based on a patch from
+    vehk at vehk.de and feedback from schwarze at usta.de.
+
+commit 62dd70613b77b229f53db3cc1c3e8a206fa2b582
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri May 3 06:06:30 2019 +0000
+
+    upstream: Use the correct (according to POSIX) format for
+    
+    left-justification in snmprintf. bz#3002, patch from velemas at gmail.com, ok
+    markus@.
+    
+    OpenBSD-Commit-ID: 65d252b799be0cc8f68b6c47cece0a57bb00fea7
+
+commit 62be1ffe5ffc68cfaac183320503c00a8c72e0b1
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri May 3 04:11:00 2019 +0000
+
+    upstream: Free channel objects on exit path. Patch from markus at
+    
+    blueflash.cc, ok deraadt
+    
+    OpenBSD-Commit-ID: dbe4db381603909482211ffdd2b48abd72169117
+
+commit 1c554a5d94b9de6bd5374e2992a5662746cc39ba
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri May 3 03:27:38 2019 +0000
+
+    upstream: Free host on exit path. Patch from markus at
+    
+    blueflash.cc, ok djm@
+    
+    OpenBSD-Commit-ID: c54e9945d93c4ce28350d8b9fa8b71f744ef2b5a
+
+commit 99043bd64e5e0f427173f4fa83ef25a4676624a3
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri May 3 03:25:18 2019 +0000
+
+    upstream: Wrap XMSS including in ifdef. Patch from markus at
+    
+    blueflash.cc, ok djm
+    
+    OpenBSD-Commit-ID: e3b34fc35cf12d33bde91ac03633210a3bc0f8b5
+
+commit 8fcfb7789c43a19d24162a7a4055cd09ee951b34
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Apr 26 08:37:17 2019 +0000
+
+    upstream: Import regenerated moduli.
+    
+    OpenBSD-Commit-ID: db6375fc302e3bdf07d96430c63c991b2c2bd3ff
+
+commit 3a7db919d5dd09f797971b3cf8ee301767459774
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Apr 23 11:56:41 2019 +0000
+
+    upstream: Use the LogLevel typdef instead of int where appropriate. Patch from Markus Schmidt via openssh-unix-dev, ok markus@
+    
+    OpenBSD-Commit-ID: 4c0f0f458e3da7807806b35e3eb5c1e8403c968a
+
+commit d7c6e38b87efab1f140745fd8b1106b82e6e4a68
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Apr 19 05:47:44 2019 +0000
+
+    upstream: Document new default RSA key size. From
+    
+    sebastiaanlokhorst at gmail.com via bz#2997.
+    
+    OpenBSD-Commit-ID: bdd62ff5d4d649d2147904e91bf7cefa82fe11e1
+
+commit e826bbcafe26dac349a8593da5569e82faa45ab8
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Apr 18 18:56:16 2019 +0000
+
+    upstream: When running sshd -T, assume any attibute not provided by
+    
+    -C does not match, which allows it to work when sshd_config contains a Match
+    directive with or without -C.  bz#2858, ok djm@
+    
+    OpenBSD-Commit-ID: 1a701f0a33e3bc96753cfda2fe0b0378520b82eb
+
+commit 5696512d7ad57e85e89f8011ce8dec617be686aa
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Apr 18 07:32:56 2019 +0000
+
+    upstream: Remove crc32.{c,h} which were only used by the now-gone
+    
+    SSH1 protocol. Patch from yumkam at gmail.com, ok deraadt.
+    
+    OpenBSD-Commit-ID: cceda5876c5ba6b4d8abcd52335329198cee3240
+
+commit 34e87fb5d9ce607f5701ab4c31d837ad8133e2d1
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Apr 30 12:27:57 2019 +1000
+
+    Remove unused variables from RLIMIT_NOFILE test.
+
+commit 35e82e62c1ef53cfa457473a4c4d957d6197371a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Apr 26 18:38:27 2019 +1000
+
+    Import regenerated moduli.
+
+commit 5590f53f99219e95dc23b0ebd220f19a6f46b101
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Apr 26 18:22:10 2019 +1000
+
+    Whitespace resync w/OpenBSD.
+    
+    Patch from markus at blueflash.cc via openssh-unix-dev.
+
+commit b7b8334914fb9397a6725f3b5d2de999b0bb69ac
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Apr 26 18:06:34 2019 +1000
+
+    Don't install duplicate STREAMS modules on Solaris
+    
+    Check if STREAMS modules are already installed on pty before installing
+    since when compiling with XPG>=4 they will likely be installed already.
+    Prevents hangs and duplicate lines on the terminal.  bz#2945 and bz#2998,
+    patch from djm@
+
+commit fd0fa130ecf06d7d092932adcd5d77f1549bfc8d
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Apr 18 08:52:57 2019 +1000
+
+    makedepend
+
+commit 5de397a876b587ba05a9169237deffdc71f273b0
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Apr 5 11:29:51 2019 -0700
+
+    second thoughts: leave README in place
+    
+    A number of contrib/* files refer to the existing README so let's leave
+    it in place for release and add the new markdown version in parallel.
+    
+    I'll get rid of README after release.
+
+commit 5d3127d9274519b25ed10e320f45045ba8d7f3be
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Apr 5 11:29:31 2019 -0700
+
+    Revert "rewrite README"
+    
+    This reverts commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f.
+
+commit 9444d82678cb7781820da4d1c23b3c2b9fb1e12f
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Apr 5 11:21:48 2019 -0700
+
+    rewrite README
+    
+    Include basic build instructions and comments on commonly-used build-
+    time flags, links to the manual pages and other resources.
+    
+    Now in Markdown format for better viewing on github, etc.
+
+commit a924de0c4908902433813ba205bee1446bd1a157
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Apr 5 03:41:52 2019 +1100
+
+    update versions
+
+commit 312dcee739bca5d6878c536537b2a8a497314b75
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Apr 3 15:48:45 2019 +0000
+
+    upstream: openssh-8.0
+    
+    OpenBSD-Commit-ID: 5aafdf218679dab982fea20771afd643be9a127b
+
+commit 885bc114692046d55e2a170b932bdc0092fa3456
+Author: Damien Miller <djm@mindrot.org>
+Date:   Thu Apr 4 02:47:40 2019 +1100
+
+    session: Do not use removed API
+    
+    from Jakub Jelen
+
+commit 9d7b2882b0c9a5e9bf8312ce4075bf178e2b98be
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Mar 29 11:31:40 2019 +0000
+
+    upstream: when logging/fataling on error, include a bit more detail
+    
+    than just the function name and the error message
+    
+    OpenBSD-Commit-ID: dd72d7eba2215fcb89be516c378f633ea5bcca9f
+
+commit 79a87d32783d6c9db40af8f35e091d9d30365ae7
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed Apr 3 06:27:45 2019 +1100
+
+    Remove "struct ssh" from sys_auth_record_login.
+    
+    It's not needed, and is not available from the call site in loginrec.c
+    Should only affect AIX, spotted by Kevin Brott.
+
+commit 138c0d52cdc90f9895333b82fc57d81cce7a3d90
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Apr 2 18:21:35 2019 +1100
+
+    Adapt custom_failed_login to new prototype.
+    
+    Spotted by Kevin Brott.
+
+commit a0ca4009ab2f0b1007ec8ab6864dbf9b760a8ed5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Apr 1 20:07:23 2019 +1100
+
+    Add includes.h for compat layer.
+    
+    Should fix build on AIX 7.2.
+
+commit 00991151786ce9b1d577bdad1f83a81d19c8236d
+Author: Tim Rice <tim@multitalents.net>
+Date:   Sun Mar 31 22:14:22 2019 -0700
+
+    Stop USL compilers for erroring with "integral constant expression expected"
+
+commit 43f47ebbdd4037b569c23b8f4f7981f53b567f1d
+Author: Tim Rice <tim@multitalents.net>
+Date:   Sun Mar 31 19:22:19 2019 -0700
+
+    Only use O_NOFOLLOW in fchownat and fchmodat if defined
+
+commit 342d6e51589b184c337cccfc4c788b60ff8b3765
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Fri Mar 29 12:29:41 2019 +0100
+
+    Adjust softhsm2 path on Fedora Linux for regress
+    
+    The SoftHSM lives in Fedora in /usr/lib64/pkcs11/libsofthsm2.so
+
+commit f5abb05f8c7358dacdcb866fe2813f6d8efd5830
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Mar 28 09:26:14 2019 +1100
+
+    Only use O_NOFOLLOW in utimensat if defined.
+    
+    Fixes build on systems that don't have it (Solaris <=9)  Found by
+    Tom G. Christensen.
+
+commit 786cd4c1837fdc3fe7b4befe54a3f37db7df8715
+Author: Corinna Vinschen <vinschen@redhat.com>
+Date:   Wed Mar 27 18:18:21 2019 +0100
+
+    drop old Cygwin considerations
+    
+    - Cygwin supports non-DOS characters in filenames
+    - Cygwin does not support Windows XP anymore
+    
+    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
+
+commit 21da87f439b48a85b951ef1518fe85ac0273e719
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Mar 27 09:29:14 2019 +0000
+
+    upstream: fix interaction between ClientAliveInterval and RekeyLimit
+    
+    that could cause connection to close incorrectly; Report and patch from Jakub
+    Jelen in bz#2757; ok dtucker@ markus@
+    
+    OpenBSD-Commit-ID: 17229a8a65bd8e6c2080318ec2b7a61e1aede3fb
+
+commit 4f0019a9afdb4a94d83b75e82dbbbe0cbe826c56
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Mar 25 22:34:52 2019 +0000
+
+    upstream: Fix authentication failures when "AuthenticationMethods
+    
+    any" in a Match block overrides a more restrictive global default.
+    
+    Spotted by jmc@, ok markus@
+    
+    OpenBSD-Commit-ID: a90a4fe2ab81d0eeeb8fdfc21af81f7eabda6666
+
+commit d6e5def308610f194c0ec3ef97a34a3e9630e190
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Mar 25 22:33:44 2019 +0000
+
+    upstream: whitespace
+    
+    OpenBSD-Commit-ID: 106e853ae8a477e8385bc53824d3884a8159db07
+
+commit 26e0cef07b04479537c971dec898741df1290fe5
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Mar 25 16:19:44 2019 +0000
+
+    upstream: Expand comment to document rationale for default key
+    
+    sizes. "seems worthwhile" deraadt.
+    
+    OpenBSD-Commit-ID: 72e5c0983d7da1fb72f191870f36cb58263a2456
+
+commit f47269ea67eb4ff87454bf0d2a03e55532786482
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Mar 25 15:49:00 2019 +0000
+
+    upstream: Increase the default RSA key size to 3072 bits. Based on
+    
+    the estimates from NIST Special Publication 800-57, 3k bits provides security
+    equivalent to 128 bits which is the smallest symmetric cipher we enable by
+    default. ok markus@ deraadt@
+    
+    OpenBSD-Commit-ID: 461dd32ebe808f88f4fc3ec74749b0e6bef2276b
+
+commit 62949c5b37af28d8490d94866e314a76be683a5e
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Fri Mar 22 20:58:34 2019 +0000
+
+    upstream: full stop in the wrong place;
+    
+    OpenBSD-Commit-ID: 478a0567c83553a2aebf95d0f1bd67ac1b1253e4
+
+commit 1b1332b5bb975d759a50b37f0e8bc8cfb07a0bb0
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Sat Mar 16 19:14:21 2019 +0000
+
+    upstream: benno helped me clean up the tcp forwarding section;
+    
+    OpenBSD-Commit-ID: d4bec27edefde636fb632b7f0b7c656b9c7b7f08
+
+commit 2aee9a49f668092ac5c9d34e904ef7a9722e541d
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Fri Mar 8 17:24:43 2019 +0000
+
+    upstream: fix use-after-free in ssh-pkcs11; found by hshoexer w/AFL
+    
+    OpenBSD-Commit-ID: febce81cca72b71f70513fbee4ff52ca050f675c
+
+commit 9edbd7821e6837e98e7e95546cede804dac96754
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Mar 14 10:17:28 2019 +1100
+
+    Fix build when configured --without-openssl.
+    
+    ok djm@
+
+commit 825ab32f0d04a791e9d19d743c61ff8ed9b4d8e5
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Mar 14 08:51:17 2019 +1100
+
+    On Cygwin run sshd as SYSTEM where possible.
+    
+    Seteuid now creates user token using S4U.  We don't create a token
+    from scratch anymore, so we don't need the "Create a process token"
+    privilege.  The service can run under SYSTEM again...
+    
+    ...unless Cygwin is running on Windows Vista or Windows 7 in the
+    WOW64 32 bit emulation layer.  It turns out that WOW64 on these systems
+    didn't implement MsV1_0 S4U Logon so we still need the fallback
+    to NtCreateToken for these systems.
+    
+    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
+
+commit a212107bfdf4d3e870ab7a443e4d906e5b9578c3
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed Mar 13 10:49:16 2019 +1100
+
+    Replace alloca with xcalloc.
+    
+    The latter checks for memory exhaustion and integer overflow and may be
+    at a less predictable place.  Sanity check by vinschen at redhat.com, ok
+    djm@
+
+commit daa7505aadca68ba1a2c70cbdfce423208eb91ee
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Mar 12 09:19:19 2019 +1100
+
+    Use Cygwin-specific matching only for users+groups.
+    
+    Patch from vinschen at redhat.com, updated a little by me.
+
+commit fd10cf027b56f9aaa80c9e3844626a05066589a4
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Wed Mar 6 22:14:23 2019 +0000
+
+    upstream: Move checks for lists of users or groups into their own
+    
+    function. This is a no-op on OpenBSD but will make things easier in
+    -portable, eg on systems where these checks should be case-insensitive.  ok
+    djm@
+    
+    OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e
+
+commit ab5fee8eb6a011002fd9e32b1597f02aa8804a25
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Wed Mar 6 21:06:59 2019 +0000
+
+    upstream: Reset last-seen time when sending a keepalive. Prevents
+    
+    sending two keepalives successively and prematurely terminating connection
+    when ClientAliveCount=1.  While there, collapse two similar tests into one.
+    ok markus@
+    
+    OpenBSD-Commit-ID: 043670d201dfe222537a2a4bed16ce1087de5ddd
+
+commit c13b74530f9f1d9df7aeae012004b31b2de4438e
+Author: naddy@openbsd.org <naddy@openbsd.org>
+Date:   Tue Mar 5 16:17:12 2019 +0000
+
+    upstream: PKCS#11 support is no longer limited to RSA; ok benno@
+    
+    kn@
+    
+    OpenBSD-Commit-ID: 1a9bec64d530aed5f434a960e7515a3e80cbc826
+
+commit e9552d6043db7cd170ac6ba1b4d2c7a5eb2c3201
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Mar 1 03:29:32 2019 +0000
+
+    upstream: in ssh_set_newkeys(), mention the direction that we're
+    
+    keying in debug messages. Previously it would be difficult to tell which
+    direction it was talking about
+    
+    OpenBSD-Commit-ID: c2b71bfcceb2a7389b9d0b497fb2122a406a522d
+
+commit 76a24b3fa193a9ca3e47a8779d497cb06500798b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Mar 1 02:32:39 2019 +0000
+
+    upstream: Fix two race conditions in sshd relating to SIGHUP:
+    
+    1. Recently-forked child processes will briefly remain listening to
+      listen_socks. If the main server sshd process completes its restart
+      via execv() before these sockets are closed by the child processes
+      then it can fail to listen at the desired addresses/ports and/or
+      fail to restart.
+    
+    2. When a SIGHUP is received, there may be forked child processes that
+      are awaiting their reexecution state. If the main server sshd
+      process restarts before passing this state, these child processes
+      will yield errors and use a fallback path of reading the current
+      sshd_config from the filesystem rather than use the one that sshd
+      was started with.
+    
+    To fix both of these cases, we reuse the startup_pipes that are shared
+    between the main server sshd and forked children. Previously this was
+    used solely to implement tracking of pre-auth child processes for
+    MaxStartups, but this extends the messaging over these pipes to include
+    a child->parent message that the parent process is safe to restart. This
+    message is sent from the child after it has completed its preliminaries:
+    closing listen_socks and receiving its reexec state.
+    
+    bz#2953, reported by Michal Koutný; ok markus@ dtucker@
+    
+    OpenBSD-Commit-ID: 7df09eacfa3ce13e9a7b1e9f17276ecc924d65ab
+
+commit de817e9dfab99473017d28cdf69e60397d00ea21
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Mar 1 02:16:47 2019 +0000
+
+    upstream: mention PKCS11Provide=none, reword a little and remove
+    
+    mention of RSA keys only (since we support ECDSA now and might support others
+    in the future). Inspired by Jakub Jelen via bz#2974
+    
+    OpenBSD-Commit-ID: a92e3686561bf624ccc64ab320c96c9e9a263aa5
+
+commit 95a8058c1a90a27acbb91392ba206854abc85226
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Mar 1 02:08:50 2019 +0000
+
+    upstream: let PKCS11Provider=none do what users expect
+    
+    print PKCS11Provider instead of obsolete SmartcardDevice in config dump.
+    
+    bz#2974 ok dtucker@
+    
+    OpenBSD-Commit-ID: c303d6f0230a33aa2dd92dc9b68843d56a64f846
+
+commit 8e7bac35aa576d2fd7560836da83733e864ce649
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Wed Feb 27 19:37:01 2019 +0000
+
+    upstream: dup stdout/in for proxycommand=-, otherwise stdout might
+    
+    be redirected to /dev/null; ok djm@
+    
+    OpenBSD-Commit-ID: 97dfce4c47ed4055042de8ebde85b7d88793e595
+
+commit 9b61130fbd95d196bce81ebeca94a4cb7c0d5ba0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Feb 23 08:20:43 2019 +0000
+
+    upstream: openssh-7.9 accidentally reused the server's algorithm lists
+    
+    in the client for KEX, ciphers and MACs. The ciphers and MACs were identical
+    between the client and server, but the error accidentially disabled the
+    diffie-hellman-group-exchange-sha1 KEX method.
+    
+    This fixes the client code to use the correct method list, but
+    because nobody complained, it also disables the
+    diffie-hellman-group-exchange-sha1 KEX method.
+    
+    Reported by nuxi AT vault24.org via bz#2697; ok dtucker
+    
+    OpenBSD-Commit-ID: e30c33a23c10fd536fefa120e86af1842e33fd57
+
+commit 37638c752041d591371900df820f070037878a2d
+Author: Corinna Vinschen <vinschen@redhat.com>
+Date:   Wed Feb 20 13:41:25 2019 +0100
+
+    Cygwin: implement case-insensitive Unicode user and group name matching
+    
+    The previous revert enabled case-insensitive user names again.  This
+    patch implements the case-insensitive user and group name matching.
+    To allow Unicode chars, implement the matcher using wchar_t chars in
+    Cygwin-specific code.  Keep the generic code changes as small as possible.
+    Cygwin: implement case-insensitive Unicode user and group name matching
+    
+    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
+
+commit bed1d43698807a07bb4ddb93a46b0bd84b9970b3
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Feb 22 15:21:21 2019 +1100
+
+    Revert unintended parts of previous commit.
+
+commit f02afa350afac1b2f2d1413259a27a4ba1e2ca24
+Author: Corinna Vinschen <vinschen@redhat.com>
+Date:   Wed Feb 20 13:41:24 2019 +0100
+
+    Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"
+    
+    This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c.
+    
+    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
+
+commit 4c55b674835478eb80a1a7aeae588aa654e2a433
+Author: Corinna Vinschen <vinschen@redhat.com>
+Date:   Sat Feb 16 14:13:43 2019 +0100
+
+    Add tags to .gitignore
+    
+    Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
+
+commit 625b62634c33eaef4b80d07529954fe5c6435fe5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Feb 22 03:37:11 2019 +0000
+
+    upstream: perform removal of agent-forwarding directory in forward
+    
+    setup error path with user's privileged. This is a no-op as this code always
+    runs with user privilege now that we no longer support running sshd with
+    privilege separation disabled, but as long as the privsep skeleton is there
+    we should follow the rules.
+    MIME-Version: 1.0
+    Content-Type: text/plain; charset=UTF-8
+    Content-Transfer-Encoding: 8bit
+    
+    bz#2969 with patch from Erik Sjölund
+    
+    OpenBSD-Commit-ID: 2b708401a5a8d6133c865d7698d9852210dca846
+
+commit d9ecfaba0b2f1887d20e4368230632e709ca83be
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Mon Feb 18 07:02:34 2019 +0000
+
+    upstream: sync the description of ~/.ssh/config with djm's updated
+    
+    description in ssh.1; issue pointed out by andreas kahari
+    
+    ok dtucker djm
+    
+    OpenBSD-Commit-ID: 1b01ef0ae2c6328165150badae317ec92e52b01c
+
+commit 38e83e4f219c752ebb1560633b73f06f0392018b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Feb 12 23:53:10 2019 +0000
+
+    upstream: fix regression in r1.302 reported by naddy@ - only the first
+    
+    public key from the agent was being attempted for use.
+    
+    OpenBSD-Commit-ID: 07116aea521a04888718b2157f1ca723b2f46c8d
+
+commit 5c68ea8da790d711e6dd5f4c30d089c54032c59a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Feb 11 09:44:42 2019 +0000
+
+    upstream: cleanup GSSAPI authentication context after completion of the
+    
+    authmethod. Move function-static GSSAPI state to the client Authctxt
+    structure. Make static a bunch of functions that aren't used outside this
+    file.
+    
+    Based on patch from Markus Schmidt <markus@blueflash.cc>; ok markus@
+    
+    OpenBSD-Commit-ID: 497fb792c0ddb4f1ba631b6eed526861f115dbe5
+
+commit a8c807f1956f81a92a758d3d0237d0ff06d0be5d
+Author: benno@openbsd.org <benno@openbsd.org>
+Date:   Sun Feb 10 16:35:41 2019 +0000
+
+    upstream: ssh-keygen -D pkcs11.so needs to initialize pkcs11
+    
+    interactive, so it can ask for the smartcards PIN. ok markus@
+    
+    OpenBSD-Commit-ID: 1be7ccf88f1876e0fc4d7c9b3f96019ac5655bab
+
+commit 3d896c157c722bc47adca51a58dca859225b5874
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Feb 10 11:15:52 2019 +0000
+
+    upstream: when checking that filenames sent by the server side
+    
+    match what the client requested, be prepared to handle shell-style brace
+    alternations, e.g. "{foo,bar}".
+    
+    "looks good to me" millert@ + in snaps for the last week courtesy
+    deraadt@
+    
+    OpenBSD-Commit-ID: 3b1ce7639b0b25b2248e3a30f561a548f6815f3e
+
+commit 318e4f8548a4f5c0c913f61e27d4fc21ffb1eaae
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Feb 10 11:10:57 2019 +0000
+
+    upstream: syslog when connection is dropped for attempting to run a
+    
+    command when ForceCommand=internal-sftp is in effect; bz2960; ok dtucker@
+    
+    OpenBSD-Commit-ID: 8c87fa66d7fc6c0fffa3a3c28e8ab5e8dde234b8
+
+commit 2ff2e19653b8c0798b8b8eff209651bdb1be2761
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Feb 8 14:53:35 2019 +1100
+
+    don't set $MAIL if UsePam=yes
+    
+    PAM typically specifies the user environment if it's enabled, so don't
+    second guess. bz#2937; ok dtucker@
+
+commit 03e92dd27d491fe6d1a54e7b2f44ef1b0a916e52
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Feb 8 14:50:36 2019 +1100
+
+    use same close logic for stderr as stdout
+    
+    Avoids sending SIGPIPE to child processes after their parent exits
+    if they attempt to write to stderr.
+    
+    Analysis and patch from JD Paul; patch reworked by Jakub Jelen and
+    myself. bz#2071; ok dtucker@
+
+commit 8c53d409baeeaf652c0c125a9b164edc9dbeb6de
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Tue Feb 5 11:35:56 2019 +0000
+
+    upstream: Adapt code in the non-USE_PIPES codepath to the new packet
+    
+    API. This code is not normally reachable since USE_PIPES is always defined.
+    bz#2961, patch from adrian.fita at gmail com.
+    
+    OpenBSD-Commit-ID: 8d8428d678d1d5eb4bb21921df34e8173e6d238a
+
+commit 7a7fdca78de4b4774950be056099e579ef595414
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Feb 4 23:37:54 2019 +0000
+
+    upstream: fix NULL-deref crash in PKCS#11 code when attempting
+    
+    login to a token requiring a PIN; reported by benno@ fix mostly by markus@
+    
+    OpenBSD-Commit-ID: 438d0b114b1b4ba25a9869733db1921209aa9a31
+
+commit cac302a4b42a988e54d32eb254b29b79b648dbf5
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Feb 4 02:39:42 2019 +0000
+
+    upstream: Remove obsolete "Protocol" from commented out examples. Patch
+    
+    from samy.mahmoudi at gmail com.
+    
+    OpenBSD-Commit-ID: 16aede33dae299725a03abdac5dcb4d73f5d0cbf
+
+commit 483b3b638500fd498b4b529356e5a0e18cf76891
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Feb 1 03:52:23 2019 +0000
+
+    upstream: Save connection timeout and restore for 2nd and
+    
+    subsequent attempts, preventing them from having no timeout.  bz#2918, ok
+    djm@
+    
+    OpenBSD-Commit-ID: 4977f1d0521d9b6bba0c9a20d3d226cefac48292
+
+commit 5f004620fdc1b2108139300ee12f4014530fb559
+Author: markus@openbsd.org <markus@openbsd.org>
+Date:   Wed Jan 30 19:51:15 2019 +0000
+
+    upstream: Add authors for public domain sntrup4591761 code;
+    
+    confirmed by Daniel J. Bernstein
+    
+    OpenBSD-Commit-ID: b4621f22b8b8ef13e063c852af5e54dbbfa413c1
+
+commit 2c21b75a7be6ebdcbceaebb43157c48dbb36f3d8
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Sun Jan 27 07:14:11 2019 +0000
+
+    upstream: add -T to usage();
+    
+    OpenBSD-Commit-ID: a7ae14d9436c64e1bd05022329187ea3a0ce1899
+
+commit 19a0f0529d3df04118da829528cac7ceff380b24
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Jan 28 03:50:39 2019 +0000
+
+    upstream: The test sshd_config in in $OBJ.
+    
+    OpenBSD-Regress-ID: 1e5d908a286d8e7de3a15a0020c8857f3a7c9172
+
+commit 8fe25440206319d15b52d12b948a5dfdec14dca3
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Jan 28 03:28:10 2019 +0000
+
+    upstream: Remove leftover debugging.
+    
+    OpenBSD-Regress-ID: 3d86c3d4867e46b35af3fd2ac8c96df0ffdcfeb9
+
+commit e30d32364d12c351eec9e14be6c61116f9d6cc90
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Jan 28 00:12:36 2019 +0000
+
+    upstream: Enable ssh-dss for the agent test. Disable it for the
+    
+    certificate test.
+    
+    OpenBSD-Regress-ID: 388c1e03e1def539d350f139b37d69f12334668d
+
+commit ffdde469ed56249f5dc8af98da468dde35531398
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Mon Jan 28 00:08:26 2019 +0000
+
+    upstream: Count the number of key types instead of assuming there
+    
+    are only two.
+    
+    OpenBSD-Regress-ID: 0998702c41235782cf0beee396ec49b5056eaed9
+
+commit 1d05b4adcba08ab068466e5c08dee2f5417ec53a
+Author: Corinna Vinschen <vinschen@redhat.com>
+Date:   Sat Jan 26 23:42:40 2019 +0100
+
+    Cygwin: only tweak sshd_config file if it's new, drop creating sshd user
+    
+    The sshd_config tweaks were executed even if the old file was
+    still in place.  Fix that.  Also disable sshd user creation.
+    It's not used on Cygwin.
+
+commit 89843de0c4c733501f6b4f988098e6e06963df37
+Author: Corinna Vinschen <vinschen@redhat.com>
+Date:   Sat Jan 26 23:03:12 2019 +0100
+
+    Cygwin: Change service name to cygsshd
+    
+    Microsoft hijacked the sshd service name without asking.
+
+commit 2a9b3a2ce411d16cda9c79ab713c55f65b0ec257
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Sun Jan 27 06:30:53 2019 +0000
+
+    upstream: Generate all key supported key types and enable for keyscan
+    
+    test.
+    
+    OpenBSD-Regress-ID: 72f72ff49946c61bc949e1692dd9e3d71370891b
+
+commit 391ffc4b9d31fa1f4ad566499fef9176ff8a07dc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 26 22:41:28 2019 +0000
+
+    upstream: check in scp client that filenames sent during
+    
+    remote->local directory copies satisfy the wildcard specified by the user.
+    
+    This checking provides some protection against a malicious server
+    sending unexpected filenames, but it comes at a risk of rejecting wanted
+    files due to differences between client and server wildcard expansion rules.
+    
+    For this reason, this also adds a new -T flag to disable the check.
+    
+    reported by Harry Sintonen
+    fix approach suggested by markus@;
+    has been in snaps for ~1wk courtesy deraadt@
+    
+    OpenBSD-Commit-ID: 00f44b50d2be8e321973f3c6d014260f8f7a8eda
+
+commit c2c18a39683db382a15b438632afab3f551d50ce
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 26 22:35:01 2019 +0000
+
+    upstream: make ssh-keyscan return a non-zero exit status if it
+    
+    finds no keys. bz#2903
+    
+    OpenBSD-Commit-ID: 89f1081fb81d950ebb48e6e73d21807b2723d488
+
+commit 05b9a466700b44d49492edc2aa415fc2e8913dfe
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Jan 24 17:00:29 2019 +0000
+
+    upstream: Accept the host key fingerprint as a synonym for "yes"
+    
+    when accepting an unknown host key.  This allows you to paste a fingerprint
+    obtained out of band into the yes/no prompt and have the client do the
+    comparison for you.  ok markus@ djm@
+    
+    OpenBSD-Commit-ID: 3c47d10b9f43d3d345e044fd9ec09709583a2767
+
+commit bdc6c63c80b55bcbaa66b5fde31c1cb1d09a41eb
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Jan 24 16:52:17 2019 +0000
+
+    upstream: Have progressmeter force an update at the beginning and
+    
+    end of each transfer.  Fixes the problem recently introduces where very quick
+    transfers do not display the progressmeter at all.  Spotted by naddy@
+    
+    OpenBSD-Commit-ID: 68dc46c259e8fdd4f5db3ec2a130f8e4590a7a9a
+
+commit 258e6ca003e47f944688ad8b8de087b58a7d966c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Jan 24 02:42:23 2019 +0000
+
+    upstream: Check for both EAGAIN and EWOULDBLOCK. This is a no-op
+    
+    in OpenBSD (they are the same value) but makes things easier in -portable
+    where they may be distinct values.  "sigh ok" deraadt@
+    
+    (ID sync only, portable already had this change).
+    
+    OpenBSD-Commit-ID: 91f2bc7c0ecec905915ed59fa37feb9cc90e17d7
+
+commit 281ce042579b834cdc1e74314f1fb2eeb75d2612
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Jan 24 02:34:52 2019 +0000
+
+    upstream: Always initialize 2nd arg to hpdelim2. It populates that
+    
+    *ONLY IF* there's a delimiter.  If there's not (the common case) it checked
+    uninitialized memory, which usually passed, but if not would cause spurious
+    failures when the uninitialized memory happens to contain "/".  ok deraadt.
+    
+    OpenBSD-Commit-ID: 4291611eaf2a53d4c92f4a57c7f267c9f944e0d3
+
+commit d05ea255678d9402beda4416cd0360f3e5dfe938
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Wed Jan 23 21:50:56 2019 +0000
+
+    upstream: Remove support for obsolete host/port syntax.
+    
+    host/port was added in 2001 as an alternative to host:port syntax for
+    the benefit of IPv6 users.  These days there are establised standards
+    for this like [::1]:22 and the slash syntax is easily mistaken for CIDR
+    notation, which OpenSSH now supports for some things.  Remove the slash
+    notation from ListenAddress and PermitOpen.  bz#2335, patch from jjelen
+    at redhat.com, ok markus@
+    
+    OpenBSD-Commit-ID: fae5f4e23c51a368d6b2d98376069ac2b10ad4b7
+
+commit 177d6c80c557a5e060cd343a0c116a2f1a7f43db
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Wed Jan 23 20:48:52 2019 +0000
+
+    upstream: Remove duplicate word. bz#2958, patch from jjelen at
+    
+    redhat.com
+    
+    OpenBSD-Commit-ID: cca3965a8333f2b6aae48b79ec1d72f7a830dd2c
+
+commit be3e6cba95dffe5fcf190c713525b48c837e7875
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Wed Jan 23 09:49:00 2019 +0000
+
+    upstream: Remove 3 as a guess for possible generator during moduli
+    
+    generation. It's not mentioned in RFC4419 and it's not possible for
+    Sophie-Germain primes greater than 5.  bz#2330, from Christian Wittenhorst ,
+    ok djm@ tb@
+    
+    OpenBSD-Commit-ID: 1467652e6802ad3333b0959282d8d49dfe22c8cd
+
+commit 8976f1c4b2721c26e878151f52bdf346dfe2d54c
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Wed Jan 23 08:01:46 2019 +0000
+
+    upstream: Sanitize scp filenames via snmprintf. To do this we move
+    
+    the progressmeter formatting outside of signal handler context and have the
+    atomicio callback called for EINTR too.  bz#2434 with contributions from djm
+    and jjelen at redhat.com, ok djm@
+    
+    OpenBSD-Commit-ID: 1af61c1f70e4f3bd8ab140b9f1fa699481db57d8
+
+commit 6249451f381755f792c6b9e2c2f80cdc699c14e2
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Jan 24 10:00:20 2019 +1100
+
+    For broken read/readv comparisons, poll(RW).
+    
+    In the cases where we can't compare to read or readv function pointers
+    for some reason we currently ifdef out the poll() used to block while
+    waiting for reads or writes, falling back to busy waiting.  This restores
+    the poll() in this case, but has it always check for read or write,
+    removing an inline ifdef in the process.
+
+commit 5cb503dff4db251520e8bf7d23b9c97c06eee031
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Jan 24 09:55:16 2019 +1100
+
+    Include unistd.h for strmode().
+
+commit f236ca2741f29b5c443c0b2db3aa9afb9ad9befe
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Jan 24 09:50:58 2019 +1100
+
+    Also undef SIMPLEQ_FOREACH_SAFE.
+    
+    Prevents macro redefinition warning on at least NetBSD 6.1.
+
+commit be063945e4e7d46b1734d973bf244c350fae172a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jan 23 04:51:02 2019 +0000
+
+    upstream: allow auto-incrementing certificate serial number for certs
+    
+    signed in a single commandline.
+    
+    OpenBSD-Commit-ID: 39881087641efb8cd83c7ec13b9c98280633f45b
+
+commit 851f80328931975fe68f71af363c4537cb896da2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jan 23 04:16:22 2019 +0000
+
+    upstream: move a bunch of global flag variables to main(); make the
+    
+    rest static
+    
+    OpenBSD-Commit-ID: fa431d92584e81fe99f95882f4c56b43fe3242dc
+
+commit 2265402dc7d701a9aca9f8a7b7b0fd45b65c479f
+Author: Damien Miller <djm@mindrot.org>
+Date:   Wed Jan 23 13:03:16 2019 +1100
+
+    depend
+
+commit 2c223878e53cc46def760add459f5f7c4fb43e35
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jan 23 02:01:10 2019 +0000
+
+    upstream: switch mainloop from select(2) to poll(2); ok deraadt@
+    
+    OpenBSD-Commit-ID: 37645419a330037d297f6f0adc3b3663e7ae7b2e
+
+commit bb956eaa94757ad058ff43631c3a7d6c94d38c2f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jan 23 00:30:41 2019 +0000
+
+    upstream: pass most arguments to the KEX hash functions as sshbuf
+    
+    rather than pointer+length; ok markus@
+    
+    OpenBSD-Commit-ID: ef0c89c52ccc89817a13a5205725148a28492bf7
+
+commit d691588b8e29622c66abf8932362b522cf7f4051
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 22 22:58:50 2019 +0000
+
+    upstream: backoff reading messages from active connections when the
+    
+    input buffer is too full to read one, or if the output buffer is too full to
+    enqueue a response; feedback & ok dtucker@
+    
+    OpenBSD-Commit-ID: df3c5b6d57c968975875de40d8955cbfed05a6c8
+
+commit f99ef8de967949a1fc25a5c28263ea32736e5943
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 22 20:48:01 2019 +0000
+
+    upstream: add -m to usage(); reminded by jmc@
+    
+    OpenBSD-Commit-ID: bca476a5236e8f94210290b3e6a507af0434613e
+
+commit 41923ce06ac149453debe472238e0cca7d5a2e5f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 22 12:03:58 2019 +0000
+
+    upstream: Correct some bugs in PKCS#11 token PIN handling at
+    
+    initial login, the attempt at reading the PIN could be skipped in some cases
+    especially on devices with integrated PIN readers.
+    
+    based on patch from Daniel Kucera in bz#2652; ok markus@
+    
+    OpenBSD-Commit-ID: fad70a61c60610afe8bb0db538c90e343e75e58e
+
+commit 2162171ad517501ba511fa9f8191945d01857bb4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 22 12:00:50 2019 +0000
+
+    upstream: Support keys that set the CKA_ALWAYS_AUTHENTICATE by
+    
+    requring a fresh login after the C_SignInit operation.
+    
+    based on patch from Jakub Jelen in bz#2638; ok markus
+    
+    OpenBSD-Commit-ID: a76e66996ba7c0923b46b74d46d499b811786661
+
+commit 7a2cb18a215b2cb335da3dc99489c52a91f4925b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 22 11:51:25 2019 +0000
+
+    upstream: Mention that configuration for the destination host is
+    
+    not applied to any ProxyJump/-J hosts. This has confused a few people...
+    
+    OpenBSD-Commit-ID: 03f4f641df6ca236c1bfc69836a256b873db868b
+
+commit ecd2f33cb772db4fa76776543599f1c1ab6f9fa0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 22 11:40:42 2019 +0000
+
+    upstream: Include -m in the synopsis for a few more commands that
+    
+    support it
+    
+    Be more explicit in the description of -m about where it may be used
+    
+    Prompted by Jakub Jelen in bz2904
+    
+    OpenBSD-Commit-ID: 3b398ac5e05d8a6356710d0ff114536c9d71046c
+
+commit ff5d2cf4ca373bb4002eef395ed2cbe2ff0826c1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 22 11:26:16 2019 +0000
+
+    upstream: print the full pubkey being attempted at loglevel >=
+    
+    debug2; bz2939
+    
+    OpenBSD-Commit-ID: ac0fe5ca1429ebf4d460bad602adc96de0d7e290
+
+commit 180b520e2bab33b566b4b0cbac7d5f9940935011
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 22 11:19:42 2019 +0000
+
+    upstream: clarify: ssh-keygen -e only writes public keys, never
+    
+    private
+    
+    OpenBSD-Commit-ID: 7de7ff6d274d82febf9feb641e2415ffd6a30bfb
+
+commit c45616a199c322ca674315de88e788f1d2596e26
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 22 11:00:15 2019 +0000
+
+    upstream: mention the new vs. old key formats in the introduction
+    
+    and give some hints on how keys may be converted or written in the old
+    format.
+    
+    OpenBSD-Commit-ID: 9c90a9f92eddc249e07fad1204d0e15c8aa13823
+
+commit fd8eb1383a34c986a00ef13d745ae9bd3ea21760
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Tue Jan 22 06:58:31 2019 +0000
+
+    upstream: tweak previous;
+    
+    OpenBSD-Commit-ID: d2a80e389da8e7ed71978643d8cbaa8605b597a8
+
+commit 68e924d5473c00057f8532af57741d258c478223
+Author: tb@openbsd.org <tb@openbsd.org>
+Date:   Mon Jan 21 23:55:12 2019 +0000
+
+    upstream: Forgot to add -J to the synopsis.
+    
+    OpenBSD-Commit-ID: 26d95e409a0b72526526fc56ca1caca5cc3d3c5e
+
+commit 622dedf1a884f2927a9121e672bd9955e12ba108
+Author: tb@openbsd.org <tb@openbsd.org>
+Date:   Mon Jan 21 22:50:42 2019 +0000
+
+    upstream: Add a -J option as a shortcut for -o Proxyjump= to scp(1)
+    
+    and sftp(1) to match ssh(1)'s interface.
+    
+    ok djm
+    
+    OpenBSD-Commit-ID: a75bc2d5f329caa7229a7e9fe346c4f41c2663fc
+
+commit c882d74652800150d538e22c80dd2bd3cdd5fae2
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Tue Jan 22 20:38:40 2019 +1100
+
+    Allow building against OpenSSL dev (3.x) version.
+
+commit d5520393572eb24aa0e001a1c61f49b104396e45
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Jan 22 10:50:40 2019 +1100
+
+    typo
+
+commit 2de9cec54230998ab10161576f77860a2559ccb7
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Jan 22 10:49:52 2019 +1100
+
+    add missing header
+
+commit 533cfb01e49a2a30354e191669dc3159e03e99a7
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 22:18:24 2019 +0000
+
+    upstream: switch sntrup implementation source from supercop to
+    
+    libpqcrypto; the latter is almost identical but doesn't rely on signed
+    underflow to implement an optimised integer sort; from markus@
+    
+    OpenBSD-Commit-ID: cd09bbf0e0fcef1bedca69fdf7990dc360567cf8
+
+commit d50ab3cd6fb859888a26b4d4e333239b4f6bf573
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Jan 22 00:02:23 2019 +1100
+
+    new files need includes.h
+
+commit c7670b091a7174760d619ef6738b4f26b2093301
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 12:53:35 2019 +0000
+
+    upstream: add "-v" flags to ssh-add and ssh-pkcs11-helper to turn up
+    
+    debug verbosity.
+    
+    Make ssh-agent turn on ssh-pkcs11-helper's verbosity when it is run
+    in debug mode ("ssh-agent -d"), so we get to see errors from the
+    PKCS#11 code.
+    
+    ok markus@
+    
+    OpenBSD-Commit-ID: 0a798643c6a92a508df6bd121253ba1c8bee659d
+
+commit 49d8c8e214d39acf752903566b105d06c565442a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 12:50:12 2019 +0000
+
+    upstream: adapt to changes in KEX APIs and file removals
+    
+    OpenBSD-Regress-ID: 54d6857e7c58999c7a6d40942ab0fed3529f43ca
+
+commit 35ecc53a83f8e8baab2e37549addfd05c73c30f1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 12:35:20 2019 +0000
+
+    upstream: adapt to changes in KEX API and file removals
+    
+    OpenBSD-Regress-ID: 92cad022d3b0d11e08f3e0055d6a14b8f994c0d7
+
+commit 7d69aae64c35868cc4f644583ab973113a79480e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 12:29:35 2019 +0000
+
+    upstream: adapt to bignum1 API removal and bignum2 API change
+    
+    OpenBSD-Regress-ID: cea6ff270f3d560de86b355a87a2c95b55a5ca63
+
+commit beab553f0a9578ef9bffe28b2c779725e77b39ec
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 09:13:41 2019 +0000
+
+    upstream: remove hack to use non-system libcrypto
+    
+    OpenBSD-Regress-ID: ce72487327eee4dfae1ab0212a1f33871fe0809f
+
+commit 4dc06bd57996f1a46b4c3bababe0d09bc89098f7
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jan 21 23:14:04 2019 +1100
+
+    depend
+
+commit 70edd73edc4df54e5eee50cd27c25427b34612f8
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 12:08:13 2019 +0000
+
+    upstream: fix reversed arguments to kex_load_hostkey(); manifested as
+    
+    errors in cert-hostkey.sh regress failures.
+    
+    OpenBSD-Commit-ID: 12dab63850b844f84d5a67e86d9e21a42fba93ba
+
+commit f1185abbf0c9108e639297addc77f8757ee00eb3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 11:22:00 2019 +0000
+
+    upstream: forgot to cvs add this file in previous series of commits;
+    
+    grrr
+    
+    OpenBSD-Commit-ID: bcff316c3e7da8fd15333e05d244442c3aaa66b0
+
+commit 7bef390b625bdc080f0fd4499ef03cef60fca4fa
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:44:21 2019 +0000
+
+    upstream: nothing shall escape this purge
+    
+    OpenBSD-Commit-ID: 4795b0ff142b45448f7e15f3c2f77a947191b217
+
+commit aaca72d6f1279b842066e07bff797019efeb2c23
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:40:11 2019 +0000
+
+    upstream: rename kex->kem_client_pub -> kex->client_pub now that
+    
+    KEM has been renamed to kexgen
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: fac6da5dc63530ad0da537db022a9a4cfbe8bed8
+
+commit 70867e1ca2eb08bbd494fe9c568df4fd3b35b867
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:38:54 2019 +0000
+
+    upstream: merge kexkem[cs] into kexgen
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: 87d886b7f1812ff9355fda1435f6ea9b71a0ac89
+
+commit 71e67fff946396caa110a7964da23480757258ff
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:35:09 2019 +0000
+
+    upstream: pass values used in KEX hash computation as sshbuf
+    
+    rather than pointer+len
+    
+    suggested by me; implemented by markus@ ok me
+    
+    OpenBSD-Commit-ID: 994f33c464f4a9e0f1d21909fa3e379f5a0910f0
+
+commit 4b83e2a2cc0c12e671a77eaba1c1245894f4e884
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:33:49 2019 +0000
+
+    upstream: remove kex_derive_keys_bn wrapper; no unused since the
+    
+    DH-like KEX methods have moved to KEM
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: bde9809103832f349545e4f5bb733d316db9a060
+
+commit 92dda34e373832f34a1944e5d9ebbebb184dedc1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:29:56 2019 +0000
+
+    upstream: use KEM API for vanilla ECDH
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: 6fbff96339a929835536b5730585d1d6057a352c
+
+commit b72357217cbe510a3ae155307a7be6b9181f1d1b
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jan 21 23:11:21 2019 +1100
+
+    fixup missing ssherr.h
+
+commit 9c9c97e14fe190931f341876ad98213e1e1dc19f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:28:01 2019 +0000
+
+    upstream: use KEM API for vanilla DH KEX
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: af56466426b08a8be275412ae2743319e3d277c9
+
+commit 2f6a9ddbbf6ca8623c53c323ff17fb6d68d66970
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:24:09 2019 +0000
+
+    upstream: use KEM API for vanilla c25519 KEX
+    
+    OpenBSD-Commit-ID: 38d937b85ff770886379dd66a8f32ab0c1c35c1f
+
+commit dfd591618cdf2c96727ac0eb65f89cf54af0d97e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:20:12 2019 +0000
+
+    upstream: Add support for a PQC KEX/KEM:
+    
+    sntrup4591761x25519-sha512@tinyssh.org using the Streamlined NTRU Prime
+    4591^761 implementation from SUPERCOP coupled with X25519 as a stop-loss. Not
+    enabled by default.
+    
+    introduce KEM API; a simplified framework for DH-ish KEX methods.
+    
+    from markus@ feedback & ok djm@
+    
+    OpenBSD-Commit-ID: d687f76cffd3561dd73eb302d17a1c3bf321d1a7
+
+commit b1b2ff4ed559051d1035419f8f236275fa66d5d6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:07:22 2019 +0000
+
+    upstream: factor out kex_verify_hostkey() - again, duplicated
+    
+    almost exactly across client and server for several KEX methods.
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: 4e4a16d949dadde002a0aacf6d280a684e20829c
+
+commit bb39bafb6dc520cc097780f4611a52da7f19c3e2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:05:09 2019 +0000
+
+    upstream: factor out kex_load_hostkey() - this is duplicated in
+    
+    both the client and server implementations for most KEX methods.
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: 8232fa7c21fbfbcaf838313b0c166dc6c8762f3c
+
+commit dec5e9d33891e3bc3f1395d7db0e56fdc7f86dfc
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:03:37 2019 +0000
+
+    upstream: factor out kex_dh_compute_key() - it's shared between
+    
+    plain DH KEX and DH GEX in both the client and server implementations
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: 12186e18791fffcd4642c82e7e0cfdd7ea37e2ec
+
+commit e93bd98eab79b9a78f64ee8dd4dffc4d3979c7ae
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 10:00:23 2019 +0000
+
+    upstream: factor out DH keygen; it's identical between the client
+    
+    and the server
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: 2be57f6a0d44f1ab2c8de2b1b5d6f530c387fae9
+
+commit 5ae3f6d314465026d028af82609c1d49ad197655
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 09:55:52 2019 +0000
+
+    upstream: save the derived session id in kex_derive_keys() rather
+    
+    than making each kex method implementation do it.
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: d61ade9c8d1e13f665f8663c552abff8c8a30673
+
+commit 7be8572b32a15d5c3dba897f252e2e04e991c307
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 09:54:11 2019 +0000
+
+    upstream: Make sshpkt_get_bignum2() allocate the bignum it is
+    
+    parsing rather than make the caller do it. Saves a lot of boilerplate code.
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: 576bf784f9a240f5a1401f7005364e59aed3bce9
+
+commit 803178bd5da7e72be94ba5b4c4c196d4b542da4d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 09:52:25 2019 +0000
+
+    upstream: remove obsolete (SSH v.1) sshbuf_get/put_bignum1
+    
+    functions
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: 0380b1b2d9de063de3c5a097481a622e6a04943e
+
+commit f3ebaffd8714be31d4345f90af64992de4b3bba2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 09:49:37 2019 +0000
+
+    upstream: fix all-zero check in kexc25519_shared_key
+    
+    from markus@ ok djm@
+    
+    OpenBSD-Commit-ID: 60b1d364e0d9d34d1d1ef1620cb92e36cf06712d
+
+commit 9d1a9771d0ad3a83af733bf3d2650b53f43c269f
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Mon Jan 21 07:09:10 2019 +0000
+
+    upstream: - -T was added to the first synopsis by mistake - since
+    
+    "..." denotes optional, no need to surround it in []
+    
+    ok djm
+    
+    OpenBSD-Commit-ID: 918f6d8eed4e0d8d9ef5eadae1b8983d796f0e25
+
+commit 2f0bad2bf85391dbb41315ab55032ec522660617
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Jan 21 21:28:27 2019 +1100
+
+    Make --with-rpath take a flag instead of yes/no.
+    
+    Linkers need various flags for -rpath and similar, so make --with-rpath
+    take an optional flag argument which is passed to the linker.  ok djm@
+
+commit 23490a6c970ea1d03581a3b4208f2eb7a675f453
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jan 21 15:05:43 2019 +1100
+
+    fix previous test
+
+commit b6dd3277f2c49f9584a2097bc792e8f480397e87
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Jan 21 13:50:17 2019 +1100
+
+    Wrap ECC static globals in EC_KEY_METHOD_NEW too.
+
+commit b2eb9db35b7191613f2f4b934d57b25938bb34b3
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jan 21 12:53:40 2019 +1100
+
+    pass TEST_SSH_SSHPKCS11HELPER to regress tests
+
+commit ba58a529f45b3dae2db68607d8c54ae96e90e705
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jan 21 12:31:29 2019 +1100
+
+    make agent-pkcs11 search harder for softhsm2.so
+
+commit 662be40c62339ab645113c930ce689466f028938
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 02:05:38 2019 +0000
+
+    upstream: always print the caller's error message in ossl_error(),
+    
+    even when there are no libcrypto errors to report.
+    
+    OpenBSD-Commit-ID: 09ebaa8f706e0eccedd209775baa1eee2ada806a
+
+commit ce46c3a077dfb4c531ccffcfff03f37775725b75
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 02:01:03 2019 +0000
+
+    upstream: get the ex_data (pkcs11_key object) back from the keys at
+    
+    the index at which it was inserted, rather than assuming index 0
+    
+    OpenBSD-Commit-ID: 1f3a6ce0346c8014e895e50423bef16401510aa8
+
+commit 0a5f2ea35626022299ece3c8817a1abe8cf37b3e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 01:05:00 2019 +0000
+
+    upstream: GSSAPI code got missed when converting to new packet API
+    
+    OpenBSD-Commit-ID: 37e4f06ab4a0f4214430ff462ba91acba28b7851
+
+commit 2efcf812b4c1555ca3aff744820a3b3bccd68298
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jan 21 11:57:21 2019 +1100
+
+    Fix -Wunused when compiling PKCS#11 without ECDSA
+
+commit 3c0c657ed7cd335fc05c0852d88232ca7e92a5d9
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:26:44 2019 +0000
+
+    upstream: allow override of ssh-pkcs11-helper binary via
+    
+    $TEST_SSH_SSHPKCS11HELPER from markus@
+    
+    OpenBSD-Regress-ID: 7382a3d76746f5a792d106912a5819fd5e49e469
+
+commit 760ae37b4505453c6fa4faf1aa39a8671ab053af
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:25:25 2019 +0000
+
+    upstream: adapt agent-pkcs11.sh test to softhsm2 and add support
+    
+    for ECDSA keys
+    
+    work by markus@, ok djm@
+    
+    OpenBSD-Regress-ID: 1ebc2be0e88eff1b6d8be2f9c00cdc60723509fe
+
+commit b2ce8b31a1f974a13e6d12e0a0c132b50bc45115
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:24:19 2019 +0000
+
+    upstream: add "extra:" target to run some extra tests that are not
+    
+    enabled by default (currently includes agent-pkcs11.sh); from markus@
+    
+    OpenBSD-Regress-ID: 9a969e1adcd117fea174d368dcb9c61eb50a2a3c
+
+commit 632976418d60b7193597bbc6ac7ca33981a41aab
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Jan 21 00:47:34 2019 +0000
+
+    upstream: use ECDSA_SIG_set0() instead of poking signature values into
+    
+    structure directly; the latter works on LibreSSL but not on OpenSSL. From
+    portable.
+    
+    OpenBSD-Commit-ID: 5b22a1919d9cee907d3f8a029167f70a481891c6
+
+commit 5de6ac2bad11175135d9b819b3546db0ca0b4878
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jan 21 11:44:19 2019 +1100
+
+    remove HAVE_DLOPEN that snuck in
+    
+    portable doesn't use this
+
+commit e2cb445d786f7572da2af93e3433308eaed1093a
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Jan 21 11:32:28 2019 +1100
+
+    conditionalise ECDSA PKCS#11 support
+    
+    Require EC_KEY_METHOD support in libcrypto, evidenced by presence
+    of EC_KEY_METHOD_new() function.
+
+commit fcb1b0937182d0137a3c357c89735d0dc5869d54
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:12:35 2019 +0000
+
+    upstream: we use singleton pkcs#11 RSA_METHOD and EC_KEY_METHOD
+    
+    now, so there is no need to keep a copy of each in the pkcs11_key object.
+    
+    work by markus@, ok djm@
+    
+    OpenBSD-Commit-ID: 43b4856516e45c0595f17a8e95b2daee05f12faa
+
+commit 6529409e85890cd6df7e5e81d04e393b1d2e4b0b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:11:11 2019 +0000
+
+    upstream: KNF previous; from markus@
+    
+    OpenBSD-Commit-ID: 3dfe35e25b310c3968b1e4e53a0cb1d03bda5395
+
+commit 58622a8c82f4e2aad630580543f51ba537c1f39e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:10:33 2019 +0000
+
+    upstream: use OpenSSL's RSA reference counting hooks to
+    
+    implicitly clean up pkcs11_key objects when their owning RSA object's
+    reference count drops to zero. Simplifies the cleanup path and makes it more
+    like ECDSA's
+    
+    work by markus@, ok djm@
+    
+    OpenBSD-Commit-ID: 74b9c98f405cd78f7148e9e4a4982336cd3df25c
+
+commit f118542fc82a3b3ab0360955b33bc5a271ea709f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:08:24 2019 +0000
+
+    upstream: make the PKCS#11 RSA code more like the new PKCS#11
+    
+    ECDSA code: use a single custom RSA_METHOD instead of a method per key
+    
+    suggested by me, but markus@ did all the work.
+    ok djm@
+    
+    OpenBSD-Commit-ID: 8aafcebe923dc742fc5537a995cee549d07e4b2e
+
+commit 445cfce49dfc904c6b8ab25afa2f43130296c1a5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:05:52 2019 +0000
+
+    upstream: fix leak of ECDSA pkcs11_key objects
+    
+    work by markus, ok djm@
+    
+    OpenBSD-Commit-ID: 9fc0c4f1d640aaa5f19b8d70f37ea19b8ad284a1
+
+commit 8a2467583f0b5760787273796ec929190c3f16ee
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:03:26 2019 +0000
+
+    upstream: use EVP_PKEY_get0_EC_KEY() instead of direct access of
+    
+    EC_KEY internals as that won't work on OpenSSL
+    
+    work by markus@, feedback and ok djm@
+    
+    OpenBSD-Commit-ID: 4a99cdb89fbd6f5155ef8c521c99dc66e2612700
+
+commit 24757c1ae309324e98d50e5935478655be04e549
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:01:59 2019 +0000
+
+    upstream: cleanup PKCS#11 ECDSA pubkey loading: the returned
+    
+    object should never have a DER header
+    
+    work by markus; feedback and ok djm@
+    
+    OpenBSD-Commit-ID: b617fa585eddbbf0b1245b58b7a3c4b8d613db17
+
+commit 749aef30321595435ddacef2f31d7a8f2b289309
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 23:00:12 2019 +0000
+
+    upstream: cleanup unnecessary code in ECDSA pkcs#11 signature
+    
+    work by markus@, feedback and ok djm@
+    
+    OpenBSD-Commit-ID: affa5ca7d58d59fbd16169f77771dcdbd2b0306d
+
+commit 0c50992af49b562970dd0ba3f8f151f1119e260e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 22:57:45 2019 +0000
+
+    upstream: cleanup pkcs#11 client code: use sshkey_new in instead
+    
+    of stack- allocating a sshkey
+    
+    work by markus@, ok djm@
+    
+    OpenBSD-Commit-ID: a048eb6ec8aa7fa97330af927022c0da77521f91
+
+commit 854bd8674ee5074a239f7cadf757d55454802e41
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 22:54:30 2019 +0000
+
+    upstream: allow override of the pkcs#11 helper binary via
+    
+    $SSH_PKCS11_HELPER; needed for regress tests.
+    
+    work by markus@, ok me
+    
+    OpenBSD-Commit-ID: f78d8185500bd7c37aeaf7bd27336db62f0f7a83
+
+commit 93f02107f44d63a016d8c23ebd2ca9205c495c48
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 22:51:37 2019 +0000
+
+    upstream: add support for ECDSA keys in PKCS#11 tokens
+    
+    Work by markus@ and Pedro Martelletto, feedback and ok me@
+    
+    OpenBSD-Commit-ID: a37d651e221341376636056512bddfc16efb4424
+
+commit aa22c20e0c36c2fc610cfcc793b0d14079c38814
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sun Jan 20 22:03:29 2019 +0000
+
+    upstream: add option to test whether keys in an agent are usable,
+    
+    by performing a signature and a verification using each key "ssh-add -T
+    pubkey [...]"
+    
+    work by markus@, ok djm@
+    
+    OpenBSD-Commit-ID: 931b888a600b6a883f65375bd5f73a4776c6d19b
+
+commit a36b0b14a12971086034d53c0c3dfbad07665abe
+Author: tb@openbsd.org <tb@openbsd.org>
+Date:   Sun Jan 20 02:01:59 2019 +0000
+
+    upstream: Fix BN_is_prime_* calls in SSH, the API returns -1 on
+    
+    error.
+    
+    Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
+    by David Benjamin.
+    
+    ok djm, dtucker
+    
+    OpenBSD-Commit-ID: 1ee832be3c44b1337f76b8562ec6d203f3b072f8
+
+commit ec4776bb01dd8d61fddc7d2a31ab10bf3d3d829a
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Sun Jan 20 01:12:40 2019 +0000
+
+    upstream: DH-GEX min value is now specified in RFC8270. ok djm@
+    
+    OpenBSD-Commit-ID: 1229d0feb1d0ecefe05bf67a17578b263e991acc
+
+commit c90a7928c4191303e76a8c58b9008d464287ae1b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Jan 21 09:22:36 2019 +1100
+
+    Check for cc before gcc.
+    
+    If cc is something other than gcc and is the system compiler prefer using
+    that, unless otherwise told via $CC.  ok djm@
+
+commit 9b655dc9c9a353f0a527f0c6c43a5e35653c9503
+Author: Damien Miller <djm@mindrot.org>
+Date:   Sun Jan 20 14:55:27 2019 +1100
+
+    last bits of old packet API / active_state global
+
+commit 3f0786bbe73609ac96e5a0d91425ee21129f8e04
+Author: Damien Miller <djm@mindrot.org>
+Date:   Sun Jan 20 10:22:18 2019 +1100
+
+    remove PAM dependencies on old packet API
+    
+    Requires some caching of values, because the PAM code isn't
+    always called with packet context.
+
+commit 08f66d9f17e12c1140d1f1cf5c4dce67e915d3cc
+Author: Damien Miller <djm@mindrot.org>
+Date:   Sun Jan 20 09:58:45 2019 +1100
+
+    remove vestiges of old packet API from loginrec.c
+
+commit c327813ea1d740e3e367109c17873815aba1328e
+Author: Damien Miller <djm@mindrot.org>
+Date:   Sun Jan 20 09:45:38 2019 +1100
+
+    depend
+
+commit 135e302cfdbe91817294317c337cc38c3ff01cba
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 22:30:52 2019 +0000
+
+    upstream: fix error in refactor: use ssh_packet_disconnect() instead of
+    
+    sshpkt_error(). The first one logs the error and exits (what we want) instead
+    of just logging and blundering on.
+    
+    OpenBSD-Commit-ID: 39f51b43641dce9ce0f408ea6c0e6e077e2e91ae
+
+commit 245c6a0b220b58686ee35bc5fc1c359e9be2faaa
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:45:31 2019 +0000
+
+    upstream: remove last traces of old packet API!
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 9bd10437026423eb8245636ad34797a20fbafd7d
+
+commit 04c091fc199f17dacf8921df0a06634b454e2722
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:43:56 2019 +0000
+
+    upstream: remove last references to active_state
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 78619a50ea7e4ca2f3b54d4658b3227277490ba2
+
+commit ec00f918b8ad90295044266c433340a8adc93452
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:43:07 2019 +0000
+
+    upstream: convert monitor.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 61ecd154bd9804461a0cf5f495a29d919e0014d5
+
+commit 6350e0316981489d4205952d6904d6fedba5bfe0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:42:30 2019 +0000
+
+    upstream: convert sshd.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: ea569d3eaf9b5cf1bad52779fbfa5fa0b28af891
+
+commit a5e2ad88acff2b7d131ee6d5dc5d339b0f8c6a6d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:41:53 2019 +0000
+
+    upstream: convert session.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: fae817207e23099ddd248960c984f7b7f26ea68e
+
+commit 3a00a921590d4c4b7e96df11bb10e6f9253ad45e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:41:18 2019 +0000
+
+    upstream: convert auth.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 7e10359f614ff522b52a3f05eec576257794e8e4
+
+commit 7ec5cb4d15ed2f2c5c9f5d00e6b361d136fc1e2d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:40:48 2019 +0000
+
+    upstream: convert serverloop.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: c92dd19b55457541478f95c0d6b318426d86d885
+
+commit 64c9598ac05332d1327cbf55334dee4172d216c4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:40:21 2019 +0000
+
+    upstream: convert the remainder of sshconnect2.c to new packet
+    
+    API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 0986d324f2ceb5e8a12ac21c1bb10b3b4b1e0f71
+
+commit bc5e1169d101d16e3a5962a928db2bc49a8ef5a3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:39:12 2019 +0000
+
+    upstream: convert the remainder of clientloop.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: ce2fbbacb86a290f31da1e7bf04cddf2bdae3d1e
+
+commit 5ebce136a6105f084db8f0d7ee41981d42daec40
+Author: Damien Miller <djm@mindrot.org>
+Date:   Sun Jan 20 09:44:53 2019 +1100
+
+    upstream: convert auth2.c to new packet API
+    
+    OpenBSD-Commit-ID: ed831bb95ad228c6791bc18b60ce7a2edef2c999
+
+commit 172a592a53ebe8649c4ac0d7946e6c08eb151af6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:37:48 2019 +0000
+
+    upstream: convert servconf.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 126553aecca302c9e02fd77e333b9cb217e623b4
+
+commit 8cc7a679d29cf6ecccfa08191e688c7f81ef95c2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:37:13 2019 +0000
+
+    upstream: convert channels.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 0b8279b56113cbd4011fc91315c0796b63dc862c
+
+commit 06232038c794c7dfcb087be0ab0b3e65b09fd396
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:36:38 2019 +0000
+
+    upstream: convert sshconnect.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 222337cf6c96c347f1022d976fac74b4257c061f
+
+commit 25b2ed667216314471bb66752442c55b95792dc3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:36:06 2019 +0000
+
+    upstream: convert ssh.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: eb146878b24e85c2a09ee171afa6797c166a2e21
+
+commit e3128b38623eef2fa8d6e7ae934d3bd08c7e973e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:35:25 2019 +0000
+
+    upstream: convert mux.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 4e3893937bae66416e984b282d8f0f800aafd802
+
+commit ed1df7226caf3a943a36d580d4d4e9275f8a61ee
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:34:45 2019 +0000
+
+    upstream: convert sshconnect2.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 1cb869e0d6e03539f943235641ea070cae2ebc58
+
+commit 23f22a4aaa923c61ec49a99ebaa383656e87fa40
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:33:57 2019 +0000
+
+    upstream: convert clientloop.c to new packet API
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 497b36500191f452a22abf283aa8d4a9abaee7fa
+
+commit ad60b1179c9682ca5aef0b346f99ef68cbbbc4e5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:33:13 2019 +0000
+
+    upstream: allow sshpkt_fatal() to take a varargs format; we'll
+    
+    use this to give packet-related fatal error messages more context (esp. the
+    remote endpoint) ok markus@
+    
+    OpenBSD-Commit-ID: de57211f9543426b515a8a10a4f481666b2b2a50
+
+commit 0fa174ebe129f3d0aeaf4e2d1dd8de745870d0ff
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Sat Jan 19 21:31:32 2019 +0000
+
+    upstream: begin landing remaining refactoring of packet parsing
+    
+    API, started almost exactly six years ago.
+    
+    This change stops including the old packet_* API by default and makes
+    each file that requires the old API include it explicitly. We will
+    commit file-by-file refactoring to remove the old API in consistent
+    steps.
+    
+    with & ok markus@
+    
+    OpenBSD-Commit-ID: 93c98a6b38f6911fd1ae025a1ec57807fb4d4ef4
+
+commit 4ae7f80dfd02f2bde912a67c9f338f61e90fa79f
+Author: tb@openbsd.org <tb@openbsd.org>
+Date:   Sat Jan 19 04:15:56 2019 +0000
+
+    upstream: Print an \r in front of the password prompt so parts of
+    
+    a password that was entered too early are likely clobbered by the prompt.
+    Idea from doas.
+    
+    from and ok djm
+    "i like it" deraadt
+    
+    OpenBSD-Commit-ID: 5fb97c68df6d8b09ab37f77bca1d84d799c4084e
+
+commit a6258e5dc314c7d504ac9f0fbc3be96475581dbe
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jan 18 11:09:01 2019 +1100
+
+    Add minimal fchownat and fchmodat implementations.
+    
+    Fixes builds on at least OS X Lion, NetBSD 6 and Solaris 10.
+
+commit 091093d25802b87d3b2b09f2c88d9f33e1ae5562
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Jan 18 12:11:42 2019 +1300
+
+    Add a minimal implementation of utimensat().
+    
+    Some systems (eg older OS X) do not have utimensat, so provide minimal
+    implementation in compat layer.  Fixes build on at least El Capitan.
+
+commit 609644027dde1f82213699cb6599e584c7efcb75
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 1 22:20:16 2019 +0000
+
+    upstream: regress bits for banner processing refactor (this test was
+    
+    depending on ssh returning a particular error message for banner parsing
+    failure)
+    
+    reminded by bluhm@
+    
+    OpenBSD-Regress-ID: f24fc303d40931157431df589b386abf5e1be575
+
+commit f47d72ddad75b93d3cbc781718b0fa9046c03df8
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Jan 17 04:45:09 2019 +0000
+
+    upstream: tun_fwd_ifnames variable should b
+    
+    =?UTF-8?q?e=20extern;=20from=20Hanno=20B=C3=B6ck?=
+    MIME-Version: 1.0
+    Content-Type: text/plain; charset=UTF-8
+    Content-Transfer-Encoding: 8bit
+    
+    OpenBSD-Commit-ID: d53dede6e521161bf04d39d09947db6253a38271
+
+commit 943d0965263cae1c080ce5a9d0b5aa341885e55d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Jan 17 04:20:53 2019 +0000
+
+    upstream: include time.h for time(3)/nanosleep(2); from Ian
+    
+    McKellar
+    
+    OpenBSD-Commit-ID: 6412ccd06a88f65b207a1089345f51fa1244ea51
+
+commit dbb4dec6d5d671b5e9d67ef02162a610ad052068
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Jan 17 01:50:24 2019 +0000
+
+    upstream: many of the global variables in this file can be made static;
+    
+    patch from Markus Schmidt
+    
+    OpenBSD-Commit-ID: f3db619f67beb53257b21bac0e92b4fb7d5d5737
+
+commit 60d8c84e0887514c99c9ce071965fafaa1c3d34a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jan 16 23:23:45 2019 +0000
+
+    upstream: Add "-h" flag to sftp chown/chgrp/chmod commands to
+    
+    request they do not follow symlinks. Requires recently-committed
+    lsetstat@openssh.com extension on the server side.
+    
+    ok markus@ dtucker@
+    
+    OpenBSD-Commit-ID: f93bb3f6f7eb2fb7ef1e59126e72714f1626d604
+
+commit dbbc7e0eab7262f34b8e0cd6efecd1c77b905ed0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Jan 16 23:22:10 2019 +0000
+
+    upstream: add support for a "lsetstat@openssh.com" extension. This
+    
+    replicates the functionality of the existing SSH2_FXP_SETSTAT operation but
+    does not follow symlinks. Based on a patch from Bert Haverkamp in bz#2067 but
+    with more attribute modifications supported.
+    
+    ok markus@ dtucker@
+    
+    OpenBSD-Commit-ID: f7234f6e90db19655d55d936a115ee4ccb6aaf80
+
+commit 4a526941d328fc3d97068c6a4cbd9b71b70fe5e1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jan 4 03:27:50 2019 +0000
+
+    upstream: eliminate function-static attempt counters for
+    
+    passwd/kbdint authmethods by moving them to the client authctxt; Patch from
+    Markus Schmidt, ok markus@
+    
+    OpenBSD-Commit-ID: 4df4404a5d5416eb056f68e0e2f4fa91ba3b3f7f
+
+commit 8a8183474c41bd6cebaa917346b549af2239ba2f
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Jan 4 03:23:00 2019 +0000
+
+    upstream: fix memory leak of ciphercontext when rekeying; bz#2942
+    
+    Patch from Markus Schmidt; ok markus@
+    
+    OpenBSD-Commit-ID: 7877f1b82e249986f1ef98d0ae76ce987d332bdd
+
+commit 5bed70afce0907b6217418d0655724c99b683d93
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Jan 1 23:10:53 2019 +0000
+
+    upstream: static on global vars, const on handler tables that contain
+    
+    function pointers; from Mike Frysinger
+    
+    OpenBSD-Commit-ID: 7ef2305e50d3caa6326286db43cf2cfaf03960e0
+
+commit 007a88b48c97d092ed2f501bbdcb70d9925277be
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Dec 27 23:02:11 2018 +0000
+
+    upstream: Request RSA-SHA2 signatures for
+    
+    rsa-sha2-{256|512}-cert-v01@openssh.com cert algorithms; ok markus@
+    
+    OpenBSD-Commit-ID: afc6f7ca216ccd821656d1c911d2a3deed685033
+
+commit eb347d086c35428c47fe52b34588cbbc9b49d9a6
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Dec 27 03:37:49 2018 +0000
+
+    upstream: ssh_packet_set_state() now frees ssh->kex implicitly, so
+    
+    don't do explicit kex_free() beforehand
+    
+    OpenBSD-Regress-ID: f2f73bad47f62a2040ccba0a72cadcb12eda49cf
+
+commit bb542f0cf6f7511a22a08c492861e256a82376a9
+Author: tedu@openbsd.org <tedu@openbsd.org>
+Date:   Sat Dec 15 00:50:21 2018 +0000
+
+    upstream: remove unused and problematic sudo clean. ok espie
+    
+    OpenBSD-Regress-ID: ca90c20a15a85b661e13e98b80c10e65cd662f7b
+
+commit 0a843d9a0e805f14653a555f5c7a8ba99d62c12d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Thu Dec 27 03:25:24 2018 +0000
+
+    upstream: move client/server SSH-* banners to buffers under
+    
+    ssh->kex and factor out the banner exchange. This eliminates some common code
+    from the client and server.
+    
+    Also be more strict about handling \r characters - these should only
+    be accepted immediately before \n (pointed out by Jann Horn).
+    
+    Inspired by a patch from Markus Schmidt.
+    (lots of) feedback and ok markus@
+    
+    OpenBSD-Commit-ID: 1cc7885487a6754f63641d7d3279b0941890275b
+
+commit 434b587afe41c19391821e7392005068fda76248
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Dec 7 04:36:09 2018 +0000
+
+    upstream: Fix calculation of initial bandwidth limits. Account for
+    
+    written bytes before the initial timer check so that the first buffer written
+    is accounted.  Set the threshold after which the timer is checked such that
+    the limit starts being computed as soon as possible, ie after the second
+    buffer is written.  This prevents an initial burst of traffic and provides a
+    more accurate bandwidth limit.  bz#2927, ok djm.
+    
+    OpenBSD-Commit-ID: ff3ef76e4e43040ec198c2718d5682c36b255cb6
+
+commit a6a0788cbbe8dfce2819ee43b09c80725742e21c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Dec 7 03:39:40 2018 +0000
+
+    upstream: only consider the ext-info-c extension during the initial
+    
+    KEX. It shouldn't be sent in subsequent ones, but if it is present we should
+    ignore it.
+    
+    This prevents sshd from sending a SSH_MSG_EXT_INFO for REKEX for buggy
+    these clients. Reported by Jakub Jelen via bz2929; ok dtucker@
+    
+    OpenBSD-Commit-ID: 91564118547f7807030ec537480303e2371902f9
+
+commit 63bba57a32c5bb6158d57cf4c47022daf89c14a0
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Dec 7 03:33:18 2018 +0000
+
+    upstream: fix option letter pasto in previous
+    
+    OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39
+
+commit 737e4edd82406595815efadc28ed5161b8b0c01a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Dec 7 03:32:26 2018 +0000
+
+    upstream: mention that the ssh-keygen -F (find host in
+    
+    authorized_keys) and -R (remove host from authorized_keys) options may accept
+    either a bare hostname or a [hostname]:port combo. bz#2935
+    
+    OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780
+
+commit 8a22ffaa13391cfe5b40316d938fe0fb931e9296
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Dec 7 15:41:16 2018 +1100
+
+    expose $SSH_CONNECTION in the PAM environment
+    
+    This makes the connection 4-tuple available to PAM modules that
+    wish to use it in decision-making. bz#2741
+
+commit a784fa8c7a7b084d63bae82ccfea902131bb45c5
+Author: Kevin Adler <kadler@us.ibm.com>
+Date:   Wed Dec 12 22:12:45 2018 -0600
+
+    Don't pass loginmsg by address now that it's an sshbuf*
+    
+    In 120a1ec74, loginmsg was changed from the legacy Buffer type
+    to struct sshbuf*, but it missed changing calls to
+    sys_auth_allowed_user and sys_auth_record_login which passed
+    loginmsg by address. Now that it's a pointer, just pass it directly.
+    
+    This only affects AIX, unless there are out of tree users.
+
+commit 285310b897969a63ef224d39e7cc2b7316d86940
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Dec 7 02:31:20 2018 +0000
+
+    upstream: no need to allocate channels_pre/channels_post in
+    
+    channel_init_channels() as we do it anyway in channel_handler_init() that we
+    call at the end of the function. Fix from Markus Schmidt via bz#2938
+    
+    OpenBSD-Commit-ID: 74893638af49e3734f1e33a54af1b7ea533373ed
+
+commit 87d6cf1cbc91df6815db8fe0acc7c910bc3d18e4
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 30 02:24:52 2018 +0000
+
+    upstream: don't attempt to connect to empty SSH_AUTH_SOCK; bz#293
+    
+    OpenBSD-Commit-ID: 0e8fc8f19f14b21adef7109e0faa583d87c0e929
+
+commit 91b19198c3f604f5eef2c56dbe36f29478243141
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Nov 28 06:00:38 2018 +0000
+
+    upstream: don't truncate user or host name in "user@host's
+    
+    OpenBSD-Commit-ID: e6ca01a8d58004b7f2cac0b1b7ce8f87e425e360
+
+commit dd0cf6318d9b4b3533bda1e3bc021b2cd7246b7a
+Author: jmc@openbsd.org <jmc@openbsd.org>
+Date:   Fri Nov 23 06:58:28 2018 +0000
+
+    upstream: tweak previous;
+    
+    OpenBSD-Commit-ID: 08f096922eb00c98251501c193ff9e83fbb5de4f
+
+commit 8a85f5458d1c802471ca899c97f89946f6666e61
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sun Nov 25 21:44:05 2018 +1100
+
+    Include stdio.h for FILE if needed.
+
+commit 16fb23f25454991272bfe4598cc05d20fcd25116
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sun Nov 25 14:05:57 2018 +1100
+
+    Reverse order of OpenSSL init functions.
+    
+    Try the new init function (OPENSSL_init_crypto) before falling back to
+    the old one (OpenSSL_add_all_algorithms).
+
+commit 98f878d2272bf8dff21f2a0265d963c29e33fed2
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sun Nov 25 14:05:08 2018 +1100
+
+    Improve OpenSSL_add_all_algorithms check.
+    
+    OpenSSL_add_all_algorithms() may be a macro so check for that too.
+
+commit 9e34e0c59ab04514f9de9934a772283f7f372afe
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 23 05:08:07 2018 +0000
+
+    upstream: add a ssh_config "Match final" predicate
+    
+    Matches in same pass as "Match canonical" but doesn't require
+    hostname canonicalisation be enabled. bz#2906 ok markus
+    
+    OpenBSD-Commit-ID: fba1dfe9f6e0cabcd0e2b3be13f7a434199beffa
+
+commit 4da58d58736b065b1182b563d10ad6765d811c6d
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Fri Nov 23 02:53:57 2018 +0000
+
+    upstream: Remove now-unneeded ifdef SIGINFO around handler since it is
+    
+    now always used for SIGUSR1 even when SIGINFO is not defined.  This will make
+    things simpler in -portable.
+    
+    OpenBSD-Regress-ID: 4ff0265b335820b0646d37beb93f036ded0dc43f
+
+commit c721d5877509875c8515df0215fa1dab862013bc
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Nov 23 14:11:20 2018 +1100
+
+    Move RANDOM_SEED_SIZE outside ifdef.
+    
+    RANDOM_SEED_SIZE is used by both the OpenSSL and non-OpenSSL code
+    This fixes the build with configureed --without-openssl.
+
+commit deb51552c3ce7ce72c8d0232e4f36f2e7c118c7d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Nov 22 19:59:28 2018 +1100
+
+    Resync with OpenBSD by pulling in an ifdef SIGINFO.
+
+commit 28c7b2cd050f4416bfcf3869a20e3ea138aa52fe
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Nov 23 10:45:20 2018 +1100
+
+    fix configure test for OpenSSL version
+    
+    square brackets in case statements may be eaten by autoconf.
+    
+    Report and fix from Filipp Gunbin; tweaked by naddy@
+
+commit 42c5ec4b97b6a1bae70f323952d0646af16ce710
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Nov 23 10:40:06 2018 +1100
+
+    refactor libcrypto initialisation
+    
+    Don't call OpenSSL_add_all_algorithms() unless OpenSSL actually
+    supports it.
+    
+    Move all libcrypto initialisation to a single function, and call that
+    from seed_rng() that is called early in each tool's main().
+    
+    Prompted by patch from Rosen Penev
+
+commit 5b60b6c02009547a3e2a99d4886965de2a4719da
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Nov 22 08:59:11 2018 +0000
+
+    upstream: Output info on SIGUSR1 as well as
+    
+    SIGINFO to resync with portable.  (ID sync only).
+    
+    OpenBSD-Regress-ID: 699d153e2de22dce51a1b270c40a98472d1a1b16
+
+commit e4ae345dc75b34fd870c2e8690d831d2c1088eb7
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Thu Nov 22 08:48:32 2018 +0000
+
+    upstream: Append pid to temp files in /var/run and set a cleanup
+    
+    trap for them. This allows multiple instances of tests to run without
+    colliding.
+    
+    OpenBSD-Regress-ID: 57add105ecdfc54752d8003acdd99eb68c3e0b4c
+
+commit f72d0f52effca5aa20a193217346615ecd3eed53
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Wed Oct 31 11:09:27 2018 +0000
+
+    upstream: UsePrivilegeSeparation no is deprecated
+    
+    test "yes" and "sandbox".
+    
+    OpenBSD-Regress-ID: 80e685ed8990766527dc629b1affc09a75bfe2da
+
+commit 35d0e5fefc419bddcbe09d7fc163d8cd3417125b
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Wed Oct 17 23:28:05 2018 +0000
+
+    upstream: add some knobs:
+    
+    UNITTEST_FAST?= no     # Skip slow tests (e.g. less intensive fuzzing).
+    UNITTEST_SLOW?= no     # Include slower tests (e.g. more intensive fuzzing).
+    UNITTEST_VERBOSE?= no  # Verbose test output (inc. per-test names).
+    
+    useful if you want to run the tests as a smoke test to exercise the
+    functionality without waiting for all the fuzzers to run.
+    
+    OpenBSD-Regress-ID: e04d82ebec86068198cd903acf1c67563c57315e
+
+commit c1941293d9422a14dda372b4c21895e72aa7a063
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Nov 22 15:52:26 2018 +1100
+
+    Resync Makefile.inc with upstream.
+    
+    It's unused in -portable, but having it out of sync makes other syncs
+    fail to apply.
+
+commit 928f1231f65f88cd4c73e6e0edd63d2cf6295d77
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Mon Nov 19 04:12:32 2018 +0000
+
+    upstream: silence (to log level debug2) failure messages when
+    
+    loading the default hostkeys. Hostkeys explicitly specified in the
+    configuration or on the command-line are still reported as errors, and
+    failure to load at least one host key remains a fatal error.
+    MIME-Version: 1.0
+    Content-Type: text/plain; charset=UTF-8
+    Content-Transfer-Encoding: 8bit
+    
+    Based on patch from Dag-Erling Smørgrav via
+    https://github.com/openssh/openssh-portable/pull/103
+    
+    ok markus@
+    
+    OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684
+
+commit 7fca94edbe8ca9f879da9fdd2afd959c4180f4c7
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Sun Nov 18 22:43:29 2018 +0000
+
+    upstream: Fix inverted logic for redirecting ProxyCommand stderr to
+    
+    /dev/null. Fixes mosh in proxycommand mode that was broken by the previous
+    ProxyCommand change that was reported by matthieu@. ok djm@ danj@
+    
+    OpenBSD-Commit-ID: c6fc9641bc250221a0a81c6beb2e72d603f8add6
+
+commit ccef7c4faf914993b53035cd2b25ce02ab039c9d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 16 06:17:38 2018 +0000
+
+    upstream: redirect stderr of ProxyCommands to /dev/null when ssh is
+    
+    started with ControlPersist; based on patch from Steffen Prohaska
+    
+    OpenBSD-Commit-ID: 1bcaa14a03ae80369d31021271ec75dce2597957
+
+commit 15182fd96845a03216d7ac5a2cf31c4e77e406e3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 16 06:10:29 2018 +0000
+
+    upstream: make grandparent-parent-child sshbuf chains robust to
+    
+    use-after-free faults if the ancestors are freed before the descendents.
+    Nothing in OpenSSH uses this deallocation pattern. Reported by Jann Horn
+    
+    OpenBSD-Commit-ID: d93501d1d2734245aac802a252b9bb2eccdba0f2
+
+commit 2a35862e664afde774d4a72497d394fe7306ccb5
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 16 03:26:01 2018 +0000
+
+    upstream: use path_absolute() for pathname checks; from Manoj Ampalam
+    
+    OpenBSD-Commit-ID: 482ce71a5ea5c5f3bc4d00fd719481a6a584d925
+
+commit d0d1dfa55be1c5c0d77ab3096b198a64235f936d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Nov 16 14:11:44 2018 +1100
+
+    Test for OPENSSL_init_crypto before using.
+    
+    Check for the presence of OPENSSL_init_crypto and all the flags we want
+    before trying to use it (bz#2931).
+
+commit 6010c0303a422a9c5fa8860c061bf7105eb7f8b2
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 16 03:03:10 2018 +0000
+
+    upstream: disallow empty incoming filename or ones that refer to the
+    
+    current directory; based on report/patch from Harry Sintonen
+    
+    OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
+
+commit aaed635e3a401cfcc4cc97f33788179c458901c3
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 16 02:46:20 2018 +0000
+
+    upstream: fix bug in client that was keeping a redundant ssh-agent
+    
+    socket around for the life of the connection; bz#2912; reported by Simon
+    Tatham; ok dtucker@
+    
+    OpenBSD-Commit-ID: 4ded588301183d343dce3e8c5fc1398e35058478
+
+commit e76135e3007f1564427b2956c628923d8dc2f75a
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 16 02:43:56 2018 +0000
+
+    upstream: fix bug in HostbasedAcceptedKeyTypes and
+    
+    PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types were
+    specified, then authentication would always fail for RSA keys as the monitor
+    checks only the base key (not the signature algorithm) type against
+    *AcceptedKeyTypes. bz#2746; reported by Jakub Jelen; ok dtucker
+    
+    OpenBSD-Commit-ID: 117bc3dc54578dbdb515a1d3732988cb5b00461b
+
+commit 5c1a63562cac0574c226224075b0829a50b48c9d
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 16 02:30:20 2018 +0000
+
+    upstream: support a prefix of '@' to suppress echo of sftp batch
+    
+    commands; bz#2926; ok dtucker@
+    
+    OpenBSD-Commit-ID: 9d635636bc84aeae796467e059f7634de990a79d
+
+commit 90ef45f7aac33eaf55ec344e101548a01e570f29
+Author: schwarze@openbsd.org <schwarze@openbsd.org>
+Date:   Tue Nov 13 07:22:45 2018 +0000
+
+    upstream: fix markup error (missing blank before delimiter); from
+    
+    Mike Frysinger <vapier at gentoo dot org>
+    
+    OpenBSD-Commit-ID: 1bc5392f795ca86318d695e0947eaf71a5a4f6d9
+
+commit 960e7c672dc106f3b759c081de3edb4d1138b36e
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 9 02:57:58 2018 +0000
+
+    upstream: typo in error message; caught by Debian lintian, via
+    
+    Colin Watson
+    
+    OpenBSD-Commit-ID: bff614c7bd1f4ca491a84e9b5999f848d0d66758
+
+commit 81f1620c836e6c79c0823ba44acca605226a80f1
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Nov 9 02:56:22 2018 +0000
+
+    upstream: correct local variable name; from yawang AT microsoft.com
+    
+    OpenBSD-Commit-ID: a0c228390856a215bb66319c89cb3959d3af8c87
+
+commit 1293740e800fa2e5ccd38842a2e4970c6f3b9831
+Author: dtucker@openbsd.org <dtucker@openbsd.org>
+Date:   Wed Oct 31 11:20:05 2018 +0000
+
+    upstream: Import new moduli.
+    
+    OpenBSD-Commit-ID: c07772f58028fda683ee6abd41c73da3ff70d403
+
+commit 46925ae28e53fc9add336a4fcdb7ed4b86c3591c
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Oct 26 01:23:03 2018 +0000
+
+    upstream: mention ssh-ed25519-cert-v01@openssh.com in list of cert
+    
+    key type at start of doc
+    
+    OpenBSD-Commit-ID: b46b0149256d67f05f2d5d01e160634ed1a67324
+
+commit 8d8340e2c215155637fe19cb1a837f71b2d55f7b
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Nov 16 13:32:13 2018 +1100
+
+    Remove fallback check for /usr/local/ssl.
+    
+    If configure could not find a working OpenSSL installation it would
+    fall back to checking in /usr/local/ssl.  This made sense back when
+    systems did not ship with OpenSSL, but most do and OpenSSL 1.1 doesn't
+    use that as a default any more.  The fallback behaviour also meant
+    that if you pointed --with-ssl-dir at a specific directory and it
+    didn't work, it would silently use either the system libs or the ones
+    in /usr/local/ssl.  If you want to use /usr/local/ssl you'll need to
+    pass configure --with-ssl-dir=/usr/local/ssl.  ok djm@
+
+commit ce93472134fb22eff73edbcd173a21ae38889331
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Fri Nov 16 12:44:01 2018 +1100
+
+    Fix check for OpenSSL 1.0.1 exactly.
+    
+    Both INSTALL and configure.ac claim OpenSSL >= 1.0.1 is supported; fix
+    compile-time check for 1.0.1 to match.
+
+commit f2970868f86161a22b2c377057fa3891863a692a
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sun Nov 11 15:58:20 2018 +1100
+
+    Improve warnings in cygwin service setup.
+    
+    bz#2922, patch from vinschen at redhat.com.
+
+commit bd2d54fc1eee84bf87158a1277a50e6c8a303339
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sun Nov 11 15:54:54 2018 +1100
+
+    Remove hardcoded service name in cygwin setup.
+    
+    bz#2922, patch from Christian.Lupien at USherbrooke.ca, sanity check
+    by vinschen at redhat.com.
+
+commit d0153c77bf7964e694f1d26c56c41a571b8e9466
+Author: Dag-Erling Smørgrav <des@des.no>
+Date:   Tue Oct 9 23:03:40 2018 +0200
+
+    AC_CHECK_SIZEOF() no longer needs a second argument.
+
+commit 9b47b083ca9d866249ada9f02dbd57c87b13806e
+Author: Manoj Ampalam <manojamp@microsoft.com>
+Date:   Thu Nov 8 22:41:59 2018 -0800
+
+    Fix error message w/out nistp521.
+    
+    Correct error message when OpenSSL doesn't support certain ECDSA key
+    lengths.
+
+commit 624d19ac2d56fa86a22417c35536caceb3be346f
+Author: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date:   Tue Oct 9 16:17:42 2018 -0300
+
+    fix compilation with openssl built without ECC
+    
+    ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
+    guarded by OPENSSL_HAS_ECC
+    
+    Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+commit 1801cd11d99d05a66ab5248c0555f55909a355ce
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Thu Nov 8 15:03:11 2018 +1100
+
+    Simplify OpenSSL 1.1 function checks.
+    
+    Replace AC_SEARCH_LIBS checks for OpenSSL 1.1 functions with a single
+    AC_CHECK_FUNCS.  ok djm@
+
+commit bc32f118d484e4d71d2a0828fd4eab7e4176c9af
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Nov 5 17:31:24 2018 +1100
+
+    Fix pasto for HAVE_EVP_CIPHER_CTX_SET_IV.
+    
+    Prevents unnecessary redefinition.  Patch from mforney at mforney.org.
+
+commit 3719df60c66abc4b47200d41f571d67772f293ba
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Wed Oct 31 22:21:03 2018 +1100
+
+    Import new moduli.
+
+commit 595605d4abede475339d6a1f07a8cc674c11d1c3
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sun Oct 28 15:18:13 2018 +1100
+
+    Update check for minimum OpenSSL version.
+
+commit 6ab75aba340d827140d7ba719787aabaf39a0355
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sun Oct 28 15:16:31 2018 +1100
+
+    Update required OpenSSL versions to match current.
+
+commit c801b0e38eae99427f37869370151b78f8e15c5d
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sun Oct 28 14:34:12 2018 +1100
+
+    Use detected version functions in openssl compat.
+    
+    Use detected functions in compat layer instead of guessing based on
+    versions.  Really fixes builds with LibreSSL, not just configure.
+
+commit 262d81a259d4aa1507c709ec9d5caa21c7740722
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Sat Oct 27 16:45:59 2018 +1100
+
+    Check for the existence of openssl version funcs.
+    
+    Check for the existence of openssl version functions and use the ones
+    detected instead of trying to guess based on the int32 version
+    identifier.  Fixes builds with LibreSSL.
+
+commit 406a24b25d6a2bdd70cacd16de7e899dcb2a8829
+Author: Damien Miller <djm@mindrot.org>
+Date:   Fri Oct 26 13:43:28 2018 +1100
+
+    fix builds on OpenSSL <= 1.0.x
+    
+    I thought OpenSSL 1.0.x offered the new-style OpenSSL_version_num() API
+    to obtain version number, but they don't.
+
+commit 859754bdeb41373d372e36b5dc89c547453addb3
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Oct 23 17:10:41 2018 +1100
+
+    remove remaining references to SSLeay
+    
+    Prompted by Rosen Penev
+
+commit b9fea45a68946c8dfeace72ad1f6657c18f2a98a
+Author: Damien Miller <djm@mindrot.org>
+Date:   Tue Oct 23 17:10:35 2018 +1100
+
+    regen depend
+
+commit a65784c9f9c5d00cf1a0e235090170abc8d07c73
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Tue Oct 23 05:56:35 2018 +0000
+
+    upstream: refer to OpenSSL not SSLeay;
+    
+    we're old, but we don't have to act it
+    
+    OpenBSD-Commit-ID: 9ca38d11f8ed19e61a55108d1e892d696cee08ec
+
+commit c0a35265907533be10ca151ac797f34ae0d68969
+Author: Damien Miller <djm@mindrot.org>
+Date:   Mon Oct 22 11:22:50 2018 +1100
+
+    fix compile for openssl 1.0.x w/ --with-ssl-engine
+    
+    bz#2921, patch from cotequeiroz
+
+commit 31b49525168245abe16ad49d7b7f519786b53a38
+Author: Darren Tucker <dtucker@dtucker.net>
+Date:   Mon Oct 22 20:05:18 2018 +1100
+
+    Include openssl compatibility.
+    
+    Patch from rosenp at gmail.com via openssh-unix-dev.
+
+commit a4fc253f5f44f0e4c47aafe2a17d2c46481d3c04
+Author: djm@openbsd.org <djm@openbsd.org>
+Date:   Fri Oct 19 03:12:42 2018 +0000
+
+    upstream: when printing certificate contents "ssh-keygen -Lf
+    
+    /path/certificate", include the algorithm that the CA used to sign the cert.
+    
+    OpenBSD-Commit-ID: 1ea20b5048a851a7a0758dcb9777a211a2c0dddd
+
+commit 83b3d99d2b47321b7ebb8db6f6ea04f3808bc069
+Author: florian@openbsd.org <florian@openbsd.org>
+Date:   Mon Oct 15 11:28:50 2018 +0000
+
+    upstream: struct sockaddr_storage is guaranteed to be large enough,
+    
+    no need to check the size. OK kn, deraadt
+    
+    OpenBSD-Commit-ID: 0aa56e92eb49c79f495b31a5093109ec5841f439
+
 commit aede1c34243a6f7feae2fb2cb686ade5f9be6f3d
 Author: Damien Miller <djm@mindrot.org>
 Date:   Wed Oct 17 11:01:20 2018 +1100
@@ -3168,13 +8298,13 @@
     with portable. ok djm@.
     
     OpenBSD-Commit-ID: 5233a27aafd1dfadad4b957225f95ae51eb365c1
-
+
 commit afd830847a82ebbd5aeab05bad6d2c8ce74df1cd
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Mon Feb 26 03:03:05 2018 +0000
-
+
     upstream: Add newline at end of file to prevent compiler warnings.
-    
+    
     OpenBSD-Commit-ID: 52f247d4eafe840c7c14c8befa71a760a8eeb063
 
 commit 941e0d3e9bb8d5e4eb70cc694441445faf037c84
@@ -3182,20 +8312,20 @@
 Date:   Wed Feb 28 19:59:35 2018 +1100
 
     Add WITH_XMSS, move to prevent conflicts.
-    
+    
     Add #ifdef WITH_XMSS to ssh-xmss.c, move it in the other files to after
     includes.h so it's less likely to conflict and will pick up WITH_XMSS if
     added to config.h.
-
+
 commit a10d8552d0d2438da4ed539275abcbf557d1e7a8
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Tue Feb 27 14:45:17 2018 +1100
-
+
     Conditionally compile XMSS code.
-    
+    
     The XMSS code is currently experimental and, unlike the rest of OpenSSH
     cannot currently be compiled with a c89 compiler.
-
+
 commit 146c3bd28c8dbee9c4b06465d9c9facab96b1e9b
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Mon Feb 26 12:51:29 2018 +1100
@@ -3263,11 +8393,11 @@
     Import flock() compat from NetBSD.
     
     From NetBSD's src/trunk/tools/compat/flock.c, no OpenSSH changes yet.
-
+
 commit 89212533dde6798324e835b1499084658df4579e
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Mon Feb 26 12:32:14 2018 +1100
-
+
     Fix breakage when REGRESSTMP not set.
     
     BUILDDIR is not set where used for REGRESSTMP, use make's CURDIR
@@ -3370,30 +8500,30 @@
 Date:   Sat Feb 24 20:25:22 2018 +1100
 
     Check for bzero and supply if needed.
-    
+    
     Since explicit_bzero uses it via an indirect it needs to be a function
     not just a macro.
-
+
 commit 1a348359e4d2876203b5255941bae348557f4f54
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Fri Feb 23 05:14:05 2018 +0000
-
+
     upstream: Add ssh-keyscan -D option to make it print its results in
-    
+    
     SSHFP format bz#2821, ok dtucker@
     
     OpenBSD-Commit-ID: 831446b582e0f298ca15c9d99c415c899e392221
-
+
 commit 3e19fb976a47b44b3d7c4f8355269f7f2c5dd82c
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Fri Feb 23 04:18:46 2018 +0000
 
     upstream: Add missing braces.
-    
+    
     Caught by the tinderbox's -Werror=misleading-indentation,  ok djm@
     
     OpenBSD-Commit-ID: d44656af594c3b2366eb87d6abcef83e1c88a6ca
-
+
 commit b59162da99399d89bd57f71c170c0003c55b1583
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Fri Feb 23 15:20:42 2018 +1100
@@ -3419,7 +8549,7 @@
     $SUDO set. Prevents test failures when neither sudo nor doas are configured.
     
     OpenBSD-Regress-ID: 6a0464decc4f8ac7d6eded556a032b0fc521bc7b
-
+
 commit 3e9d3192ad43758ef761c5b0aa3ac5ccf8121ef2
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Fri Feb 23 14:10:53 2018 +1100
@@ -3431,21 +8561,21 @@
 Date:   Fri Feb 23 03:03:00 2018 +0000
 
     upstream: unbreak interop test after SSHv1 purge; patch from Colin
-    
+    
     Watson via bz#2823
     
     OpenBSD-Regress-ID: 807d30a597756ed6612bdf46dfebca74f49cb31a
-
+
 commit f8985dde5f46aedade0373365cbf86ed3f1aead2
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Fri Feb 9 03:42:57 2018 +0000
-
+
     upstream: Skip sftp-chroot test when SUDO not set instead of
-    
+    
     fatal().
     
     OpenBSD-Regress-ID: cd4b5f1109b0dc09af4e5ea7d4968c43fbcbde88
-
+
 commit df88551c02d4e3445c44ff67ba8757cff718609a
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Fri Feb 9 03:40:22 2018 +0000
@@ -3497,7 +8627,7 @@
 Date:   Thu Feb 22 20:45:09 2018 +1100
 
     Add headers for sys/audit.h.
-    
+    
     On some older platforms (at least sunos4, probably others) sys/audit.h
     requires some other headers.  Patch from klausz at haus-gisela.de.
 
@@ -3542,7 +8672,7 @@
 Date:   Fri Feb 16 02:40:45 2018 +0000
 
     upstream: Mention recent DH KEX methods:
-    
+    
     diffie-hellman-group14-sha256
     diffie-hellman-group16-sha512
     diffie-hellman-group18-sha512
@@ -3550,7 +8680,7 @@
     From Jakub Jelen via bz#2826
     
     OpenBSD-Commit-ID: 51bf769f06e55447f4bfa7306949e62d2401907a
-
+
 commit 88c50a5ae20902715f0fca306bb9c38514f71679
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Fri Feb 16 02:32:40 2018 +0000
@@ -3622,7 +8752,7 @@
 Date:   Thu Feb 15 21:43:01 2018 +1100
 
     Replace remaining mysignal() with signal().
-    
+    
     These seem to have been missed during the replacement of mysignal
     with #define signal in commit 5ade9ab.  Both include the requisite
     headers to pick up the #define.
@@ -3644,16 +8774,16 @@
 Date:   Tue Feb 13 09:10:46 2018 +1100
 
     Remove UNICOS support.
-    
+    
     The code required to support it is quite invasive to the mainline
     code that is synced with upstream and is an ongoing maintenance burden.
     Both the hardware and software are literal museum pieces these days and
     we could not find anyone still running OpenSSH on one.
-
+
 commit 174bed686968494723e6db881208cc4dac0d020f
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Tue Feb 13 18:12:47 2018 +1100
-
+
     Retpoline linker flag only needed for linking.
 
 commit 075e258c2cc41e1d7f3ea2d292c5342091728d40
@@ -3667,7 +8797,7 @@
 Date:   Tue Feb 13 16:27:09 2018 +1100
 
     Remove assigned-to-but-never-used variable.
-    
+    
     'p' was removed in previous change but I neglected to remove the
     otherwise-unused assignment to it.
 
@@ -3684,7 +8814,7 @@
 Date:   Sun Feb 11 21:16:56 2018 +0000
 
     upstream Don't reset signal handlers inside handlers.
-    
+    
     The signal handlers from the original ssh1 code on which OpenSSH
     is based assume unreliable signals and reinstall their handlers.
     Since OpenBSD (and pretty much every current system) has reliable
@@ -3693,11 +8823,11 @@
     compat layer.  ok deraadt@
     
     OpenBSD-Commit-ID: f53a1015cb6908431b92116130d285d71589612c
-
+
 commit 3c51143c639ac686687c7acf9b373b8c08195ffb
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Tue Feb 13 09:07:29 2018 +1100
-
+
     Whitespace sync with upstream.
 
 commit 19edfd4af746bedf0df17f01953ba8c6d3186eb7
@@ -3717,7 +8847,7 @@
 Date:   Sun Feb 11 21:20:39 2018 +1300
 
     Include headers for linux/if.h.
-    
+    
     Prevents configure-time "present but cannot be compiled" warning.
 
 commit bc02181c24fc551aab85eb2cff0f90380928ef43
@@ -3731,39 +8861,39 @@
 Date:   Sun Feb 11 09:32:37 2018 +1100
 
     Add checks for Spectre v2 mitigation (retpoline)
-    
+    
     This adds checks for gcc and clang flags for mitigations for Spectre
     variant 2, ie "retpoline".  It'll automatically enabled if the compiler
     supports it as part of toolchain hardening flag.  ok djm@
-
+
 commit d9e5cf078ea5380da6df767bb1773802ec557ef0
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Sat Feb 10 09:25:34 2018 +0000
-
+
     upstream commit
-    
+    
     constify some private key-related functions; based on
     https://github.com/openssh/openssh-portable/pull/56 by Vincent Brillault
     
     OpenBSD-Commit-ID: dcb94a41834a15f4d00275cb5051616fdc4c988c
-
+
 commit a7c38215d564bf98e8e9eb40c1079e3adf686f15
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Sat Feb 10 09:03:54 2018 +0000
-
+
     upstream commit
-    
+    
     Mention ServerAliveTimeout in context of TCPKeepAlives;
     prompted by Christoph Anton Mitterer via github
     
     OpenBSD-Commit-ID: f0cf1b5bd3f1fbf41d71c88d75d93afc1c880ca2
-
+
 commit 62562ceae61e4f7cf896566592bb840216e71061
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Sat Feb 10 06:54:38 2018 +0000
-
+
     upstream commit
-    
+    
     clarify IgnoreUserKnownHosts; based on github PR from
     Christoph Anton Mitterer.
     
@@ -3772,9 +8902,9 @@
 commit 4f011daa4cada6450fa810f7563b8968639bb562
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Sat Feb 10 06:40:28 2018 +0000
-
+
     upstream commit
-    
+    
     Shorter, more accurate explanation of
     NoHostAuthenticationForLocalhost without the confusing example. Prompted by
     Christoph Anton Mitterer via github and bz#2293.
@@ -3786,7 +8916,7 @@
 Date:   Sat Feb 10 06:15:12 2018 +0000
 
     upstream commit
-    
+    
     Disable RemoteCommand and RequestTTY in the ssh session
     started by scp. sftp is already doing this. From Camden Narzt via github; ok
     dtucker
@@ -3807,9 +8937,9 @@
 commit b56ac069d46b6f800de34e1e935f98d050731d14
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Sat Feb 10 05:43:26 2018 +0000
-
+
     upstream commit
-    
+    
     fatal if we're unable to write all the public key; previously
     we would silently ignore errors writing the comment and terminating newline.
     Prompted by github PR from WillerZ; ok dtucker
@@ -3833,7 +8963,7 @@
 Date:   Sat Feb 10 11:12:45 2018 +1100
 
     Don't strip binaries so debuginfo gets built.
-    
+    
     Tell install not to strip binaries during package creation so that the
     debuginfo package can be built.
 
@@ -3860,11 +8990,11 @@
 Date:   Sat Feb 10 09:57:04 2018 +1100
 
     Add leading zero so it'll work when rhel not set.
-    
+    
     When rhel is not set it will error out with "bad if". Add leading zero
     as per https://fedoraproject.org/wiki/Packaging:DistTag so it'll work
     on non-RHEL.
-
+
 commit 12abd67a6af28476550807a443b38def2076bb92
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Sat Feb 10 09:56:34 2018 +1100
@@ -3876,7 +9006,7 @@
 Date:   Sun Nov 16 18:19:58 2014 -0500
 
     Add mandir with-mandir' for RHEL 5 compatibility.
-    
+    
     Activate '--mandir' and '--with-mandir' settings in setup for RHEL
     5 compatibility.
 
@@ -3911,13 +9041,13 @@
 Date:   Sun Nov 16 13:04:14 2014 -0500
 
     Always include x11-ssh-askpass SRPM.
-    
+    
     Always include x11-ssh-askpass tarball in redhat SRPM, even if unused.
 
 commit c61d0d038d58eebc365f31830be6e04ce373ad1b
 Author: Damien Miller <djm@mindrot.org>
 Date:   Sat Feb 10 09:43:12 2018 +1100
-
+
     this is long unused; prompted by dtucker@
 
 commit 745771fb788e41bb7cdad34e5555bf82da3af7ed
@@ -3925,39 +9055,39 @@
 Date:   Fri Feb 9 02:37:36 2018 +0000
 
     upstream commit
-    
+    
     Remove unused sKerberosTgtPassing from enum.  From
     calestyo via github pull req #11, ok djm@
     
     OpenBSD-Commit-ID: 1008f8870865a7c4968b7aed402a0a9e3e5b9540
-
+
 commit 1f385f55332db830b0ae22a7663b98279ca2d657
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Thu Feb 8 04:12:32 2018 +0000
-
+
     upstream commit
-    
+    
     Rename struct umac_ctx to umac128_ctx too.  In portable
     some linkers complain about two symbols with the same name having differing
     sizes.  ok djm@
     
     OpenBSD-Commit-ID: cbebf8bdd3310a9795b4939a1e112cfe24061ca3
-
+
 commit f1f047fb031c0081dbc8738f05bf5d4cc47acadf
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Wed Feb 7 22:52:45 2018 +0000
-
+
     upstream commit
-    
+    
     ssh_free checks for and handles NULL args, remove NULL
     checks from remaining callers.  ok djm@
     
     OpenBSD-Commit-ID: bb926825c53724c069df68a93a2597f9192f7e7b
-
+
 commit aee49b2a89b6b323c80dd3b431bd486e51f94c8c
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Thu Feb 8 12:36:22 2018 +1100
-
+
     Set SO_REUSEADDR in regression test netcat.
     
     Sometimes multiplex tests fail on Solaris with "netcat: local_listen:
@@ -4011,9 +9141,9 @@
 commit 3c000d57d46882eb736c6563edfc4995915c24a2
 Author: Darren Tucker <dtucker@dtucker.net>
 Date:   Wed Feb 7 09:19:38 2018 +1100
-
+
     Remove obsolete "Smartcard support" message
-    
+    
     The configure checks that populated $SCARD_MSG were removed in commits
     7ea845e4 and d8f60022 when the smartcard support was replaced with
     PKCS#11.
@@ -4023,12 +9153,12 @@
 Date:   Tue Feb 6 06:01:54 2018 +0000
 
     upstream commit
-    
+    
     Replace "trojan horse" with the correct term (MITM).
     From maikel at predikkta.com via bz#2822, ok markus@
     
     OpenBSD-Commit-ID: e86ac64c512057c89edfadb43302ac0aa81a6c53
-
+
 commit 3484380110d437c50e17f87d18544286328c75cb
 Author: tb@openbsd.org <tb@openbsd.org>
 Date:   Mon Feb 5 05:37:46 2018 +0000
@@ -4058,30 +9188,30 @@
 commit 2b428f90ea1b21d7a7c68ec1ee334253b3f9324d
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Mon Feb 5 04:02:53 2018 +0000
-
+
     upstream commit
-    
+    
     I accidentially a word
     
     OpenBSD-Commit-ID: 4547ee713fa941da861e83ae7a3e6432f915e14a
-
+
 commit 130283d5c2545ff017c2162dc1258c5354e29399
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Thu Jan 25 03:34:43 2018 +0000
-
+
     upstream commit
-    
+    
     certificate options are case-sensitive; fix case on one
     that had it wrong.
     
     move a badly-place sentence to a less bad place
     
     OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
-
+
 commit 89f09ee68730337015bf0c3f138504494a34e9a6
 Author: Damien Miller <djm@mindrot.org>
 Date:   Wed Jan 24 12:20:44 2018 +1100
-
+
     crypto_api.h needs includes.h
 
 commit c9c1bba06ad1c7cad8548549a68c071bd807af60
@@ -4089,13 +9219,13 @@
 Date:   Tue Jan 23 20:00:58 2018 +0000
 
     upstream commit
-    
+    
     Fix a logic bug in sshd_exchange_identification which
     prevented clients using major protocol version 2 from connecting to the
     server. ok millert@
     
     OpenBSD-Commit-ID: 8668dec04586e27f1c0eb039ef1feb93d80a5ee9
-
+
 commit a60c5dcfa2538ffc94dc5b5adb3db5b6ed905bdb
 Author: stsp@openbsd.org <stsp@openbsd.org>
 Date:   Tue Jan 23 18:33:49 2018 +0000
@@ -4110,7 +9240,7 @@
 commit 20d53ac283e1c60245ea464bdedd015ed9b38f4a
 Author: Damien Miller <djm@mindrot.org>
 Date:   Tue Jan 23 16:49:43 2018 +1100
-
+
     rebuild depends
 
 commit 552ea155be44f9c439c1f9f0c38f9e593428f838
@@ -4124,7 +9254,7 @@
 Date:   Tue Jan 23 05:27:21 2018 +0000
 
     upstream commit
-    
+    
     Drop compatibility hacks for some ancient SSH
     implementations, including ssh.com <=2.* and OpenSSH <= 3.*.
     
@@ -4135,37 +9265,37 @@
     ok markus@
     
     OpenBSD-Commit-ID: 4be81c67db57647f907f4e881fb9341448606138
-
+
 commit 7c77991f5de5d8475cbeb7cbb06d0c7d1611d7bb
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Tue Jan 23 05:17:04 2018 +0000
-
+
     upstream commit
-    
+    
     try harder to preserve errno during
     ssh_connect_direct() to make the final error message possibly accurate;
     bz#2814, ok dtucker@
     
     OpenBSD-Commit-ID: 57de882cb47381c319b04499fef845dd0c2b46ca
-
+
 commit 9e9c4a7e57b96ab29fe6d7545ed09d2e5bddbdec
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Tue Jan 23 05:12:12 2018 +0000
 
     upstream commit
-    
+    
     unbreak support for clients that advertise a protocol
     version of "1.99" (indicating both v2 and v1 support). Busted by me during
     SSHv1 purge in r1.358; bz2810, ok dtucker
     
     OpenBSD-Commit-ID: e8f9c2bee11afc16c872bb79d6abe9c555bd0e4b
-
+
 commit fc21ea97968264ad9bb86b13fedaaec8fd3bf97d
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Tue Jan 23 05:06:25 2018 +0000
-
+
     upstream commit
-    
+    
     don't attempt to force hostnames that are addresses to
     lowercase, but instead canonicalise them through getnameinfo/getaddrinfo to
     remove ambiguities (e.g. ::0001 => ::1) before they are matched against
@@ -4178,7 +9308,7 @@
 Date:   Tue Jan 23 05:01:15 2018 +0000
 
     upstream commit
-    
+    
     avoid modifying pw->pw_passwd; let endpwent() clean up
     for us, but keep a scrubbed copy; bz2777, ok dtucker@
     
@@ -4210,7 +9340,7 @@
 Date:   Mon Jan 8 15:21:49 2018 +0000
 
     upstream commit
-    
+    
     move subprocess() so scp/sftp do not need uidswap.o; ok
     djm@
     
@@ -4231,7 +9361,7 @@
 Date:   Mon Jan 8 15:15:36 2018 +0000
 
     upstream commit
-    
+    
     split client/server kex; only ssh-keygen needs
     uuencode.o; only scp/sftp use progressmeter.o; ok djm@
     
@@ -4242,7 +9372,7 @@
 Date:   Mon Jan 8 15:15:17 2018 +0000
 
     upstream commit
-    
+    
     only ssh-keygen needs uuencode.o; only scp/sftp use
     progressmeter.o
     
@@ -4253,15 +9383,15 @@
 Date:   Mon Jan 8 15:14:44 2018 +0000
 
     upstream commit
-    
+    
     uuencode.h is not used
     
     OpenBSD-Commit-ID: 238eb4659f3c119904326b9e94a5e507a912796c
-
+
 commit 4f29309c4cb19bcb1774931db84cacc414f17d29
 Author: Damien Miller <djm@mindrot.org>
 Date:   Wed Jan 3 19:50:43 2018 +1100
-
+
     unbreak fuzz harness
 
 commit f6b50bf84dc0b61f22c887c00423e0ea7644e844
@@ -4269,37 +9399,37 @@
 Date:   Thu Dec 21 05:46:35 2017 +0000
 
     upstream commit
-    
+    
     another libssh casualty
     
     OpenBSD-Regress-ID: 839b970560246de23e7c50215095fb527a5a83ec
-
+
 commit 5fb4fb5a0158318fb8ed7dbb32f3869bbf221f13
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Thu Dec 21 03:01:49 2017 +0000
-
+
     upstream commit
-    
+    
     missed one (unbreak after ssh/lib removal)
     
     OpenBSD-Regress-ID: cfdd132143131769e2d2455e7892b5d55854c322
-
+
 commit e6c4134165d05447009437a96e7201276688807f
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Thu Dec 21 00:41:22 2017 +0000
-
+
     upstream commit
-    
+    
     unbreak unit tests after removal of src/usr.bin/ssh/lib
     
     OpenBSD-Regress-ID: 3a79760494147b20761cbd2bd5c20e86c63dc8f9
-
+
 commit d45d69f2a937cea215c7f0424e5a4677b6d8c7fe
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Thu Dec 21 00:00:28 2017 +0000
-
+
     upstream commit
-    
+    
     revert stricter key type / signature type checking in
     userauth path; too much software generates inconsistent messages, so we need
     a better plan.
@@ -4311,20 +9441,20 @@
 Date:   Tue Dec 19 00:49:30 2017 +0000
 
     upstream commit
-    
+    
     explicitly test all key types and their certificate
     counterparts
     
     refactor a little
     
     OpenBSD-Regress-ID: e9ecd5580821b9ef8b7106919c6980d8e45ca8c4
-
+
 commit f689adb7a370b5572612d88be9837ca9aea75447
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Mon Dec 11 11:41:56 2017 +0000
-
+
     upstream commit
-    
+    
     use cmp in a loop instead of diff -N to compare
     directories. The former works on more platforms for Portable.
     
@@ -4341,40 +9471,40 @@
 Date:   Tue Dec 19 00:24:34 2017 +0000
 
     upstream commit
-    
+    
     include signature type and CA key (if applicable) in some
     debug messages
     
     OpenBSD-Commit-ID: b71615cc20e78cec7105bb6e940c03ce9ae414a5
-
+
 commit 7860731ef190b52119fa480f8064ab03c44a120a
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Mon Dec 18 23:16:23 2017 +0000
-
+
     upstream commit
-    
+    
     unbreak hostkey rotation; attempting to sign with a
     desired signature algorithm of kex->hostkey_alg is incorrect when the key
     type isn't capable of making those signatures. ok markus@
     
     OpenBSD-Commit-ID: 35ae46864e1f5859831ec0d115ee5ea50953a906
-
+
 commit 966ef478339ad5e631fb684d2a8effe846ce3fd4
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Mon Dec 18 23:14:34 2017 +0000
-
+
     upstream commit
-    
+    
     log mismatched RSA signature types; ok markus@
     
     OpenBSD-Commit-ID: 381bddfcc1e297a42292222f3bcb5ac2b7ea2418
-
+
 commit 349ecd4da3a985359694a74635748009be6baca6
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Mon Dec 18 23:13:42 2017 +0000
 
     upstream commit
-    
+    
     pass kex->hostkey_alg and kex->hostkey_nid from pre-auth
     to post-auth unpriviledged child processes; ok markus@
     
@@ -4395,7 +9525,7 @@
 commit 04c7e28f83062dc42f2380d1bb3a6bf0190852c0
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Mon Dec 18 02:25:15 2017 +0000
-
+
     upstream commit
     
     pass negotiated signing algorithm though to
@@ -4409,7 +9539,7 @@
 Date:   Mon Dec 18 02:22:29 2017 +0000
 
     upstream commit
-    
+    
     sshkey_sigtype() function to return the type of a
     signature; ok markus@
     
@@ -4420,7 +9550,7 @@
 Date:   Thu Dec 14 21:07:39 2017 +0000
 
     upstream commit
-    
+    
     Replace ED25519's private SHA-512 implementation with a
     call to the regular digest code.  This speeds up compilation considerably. ok
     markus@
@@ -4473,15 +9603,15 @@
 commit 48c23a39a8f1069a57264dd826f6c90aa12778d5
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Sun Dec 10 05:55:29 2017 +0000
-
+
     upstream commit
-    
+    
     Put remote client info back into the ClientAlive
     connection termination message.  Based in part on diff from  lars.nooden at
     gmail, ok djm
     
     OpenBSD-Commit-ID: 80a0f619a29bbf2f32eb5297a69978a0e05d0ee0
-
+
 commit aabd75ec76575c1b17232e6526a644097cd798e5
 Author: deraadt@openbsd.org <deraadt@openbsd.org>
 Date:   Fri Dec 8 03:45:52 2017 +0000
@@ -4495,25 +9625,25 @@
 commit fd4eeeec16537870bd40d04836c7906ec141c17d
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Fri Dec 8 02:14:33 2017 +0000
-
+
     upstream commit
-    
+    
     fix ordering in previous to ensure errno isn't clobbered
     before logging.
     
     OpenBSD-Commit-ID: e260bc1e145a9690dcb0d5aa9460c7b96a0c8ab2
-
+
 commit 155072fdb0d938015df828836beb2f18a294ab8a
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Fri Dec 8 02:13:02 2017 +0000
-
+
     upstream commit
-    
+    
     for some reason unix_listener() logged most errors twice
     with each message containing only some of the useful information; merge these
     
     OpenBSD-Commit-ID: 1978a7594a9470c0dddcd719586066311b7c9a4a
-
+
 commit 79c0e1d29959304e5a49af1dbc58b144628c09f3
 Author: Darren Tucker <dtucker@zip.com.au>
 Date:   Mon Dec 11 14:38:33 2017 +1100
@@ -4565,56 +9695,56 @@
 Date:   Tue Dec 5 23:59:47 2017 +0000
 
     upstream commit
-    
+    
     Replace atoi and strtol conversions for integer arguments
     to config keywords with a checking wrapper around strtonum.  This will
     prevent and flag invalid and negative arguments to these keywords.  ok djm@
     
     OpenBSD-Commit-ID: 99ae3981f3d608a219ccb8d2fff635ae52c17998
-
+
 commit 168ecec13f9d7cb80c07df3bf7d414f4e4165e84
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Tue Dec 5 23:56:07 2017 +0000
-
+
     upstream commit
-    
+    
     Add missing break for rdomain.  Prevents spurious
     "Deprecated option" warnings.  ok djm@
     
     OpenBSD-Commit-ID: ba28a675d39bb04a974586241c3cba71a9c6099a
-
+
 commit 927f8514ceffb1af380a5f63ab4d3f7709b1b198
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Tue Dec 5 01:30:19 2017 +0000
-
+
     upstream commit
-    
+    
     include the addr:port in bind/listen failure messages
     
     OpenBSD-Commit-ID: fdadb69fe1b38692608809cf0376b71c2c28e58e
-
+
 commit a8c89499543e2d889629c4e5e8dcf47a655cf889
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Wed Nov 29 05:49:54 2017 +0000
 
     upstream commit
-    
+    
     Import updated moduli.
     
     OpenBSD-Commit-ID: 524d210f982af6007aa936ca7f4c977f4d32f38a
-
+
 commit 3dde09ab38c8e1cfc28252be473541a81bc57097
 Author: dtucker@openbsd.org <dtucker@openbsd.org>
 Date:   Tue Nov 28 21:10:22 2017 +0000
-
+
     upstream commit
-    
+    
     Have sftp print a warning about shell cleanliness when
     decoding the first packet fails, which is usually caused by shells polluting
     stdout of non-interactive starups.  bz#2800, ok markus@ deraadt@.
     
     OpenBSD-Commit-ID: 88d6a9bf3470f9324b76ba1cbd53e50120f685b5
-
+
 commit 6c8a246437f612ada8541076be2414846d767319
 Author: Darren Tucker <dtucker@zip.com.au>
 Date:   Fri Dec 1 17:11:47 2017 +1100
@@ -4645,13 +9775,13 @@
 commit 2937dd02c572a12f33d5c334d518f6cbe0b645eb
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Tue Nov 28 06:09:38 2017 +0000
-
+
     upstream commit
-    
+    
     more whitespace errors
     
     OpenBSD-Commit-ID: 5e11c125378327b648940b90145e0d98beb05abb
-
+
 commit 7f257bf3fd3a759f31098960cbbd1453fafc4164
 Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
 Date:   Tue Nov 28 06:04:51 2017 +0000
@@ -4699,7 +9829,7 @@
 Date:   Fri Nov 24 10:23:47 2017 +1100
 
     fix incorrect range of OpenSSL versions supported
-    
+    
     Pointed out by Solar Designer
 
 commit 83a1e5dbec52d05775174f368e0c44b08619a308
@@ -4844,7 +9974,7 @@
 Date:   Sat Oct 28 19:48:39 2017 +0200
 
     only enable functions in dh.c when openssl is used
-    
+    
     Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
 
 commit 939b30ba23848b572e15bf92f0f1a3d9cf3acc2b
@@ -4863,7 +9993,7 @@
 Date:   Tue Oct 31 10:09:33 2017 +1100
 
     Include includes.h for HAVE_GETPAGESIZE.
-    
+    
     The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in
     config.h, but bsd-getpagesize.c forgot to include includes.h (which
     indirectly includes config.h) so the checks always fails, causing linker
@@ -4876,7 +10006,7 @@
 Date:   Mon Oct 30 22:01:52 2017 +0000
 
     upstream commit
-    
+    
     whitespace at EOL
     
     OpenBSD-Regress-ID: f4b5df99b28c6f63478deb916c6ed0e794685f07
@@ -4896,7 +10026,7 @@
 Date:   Wed Oct 25 20:08:36 2017 +0000
 
     upstream commit
-    
+    
     Use printenv to test whether an SSH_USER_AUTH is set
     instead of using $SSH_USER_AUTH.  The latter won't work with csh which treats
     unknown variables as an error when expanding them.  OK markus@
@@ -4908,7 +10038,7 @@
 Date:   Tue Oct 24 19:33:32 2017 +0000
 
     upstream commit
-    
+    
     Add tests for URI parsing.  OK markus@
     
     OpenBSD-Regress-ID: 5d1df19874f3b916d1a2256a905526e17a98bd3b
@@ -4928,48 +10058,48 @@
 Date:   Fri Oct 27 01:01:17 2017 +0000
 
     upstream commit
-    
+    
     whitespace at EOL (lots)
     
     OpenBSD-Commit-ID: 757257dd44116794ee1b5a45c6724973de181747
-
+
 commit b77c29a07f5a02c7c1998701c73d92bde7ae1608
 Author: djm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>
 Date:   Fri Oct 27 00:18:41 2017 +0000
-
+
     upstream commit
-    
+    
     improve printing of rdomain on accept() a little
     
     OpenBSD-Commit-ID: 5da58db2243606899cedaa646c70201b2d12247a
-
+
 commit 68d3bbb2e6dfbf117c46e942142795b2cdd0274b
 Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org>
 Date:   Thu Oct 26 06:44:01 2017 +0000
-
+
     upstream commit
-    
+    
     mark up the rdomain keyword;
     
     OpenBSD-Commit-ID: 1b597d0ad0ad20e94dbd61ca066057e6f6313b8a
-
+
 commit 0b2e2896b9d0d6cfb59e9ec8271085296bd4e99b
 Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org>
 Date:   Wed Oct 25 06:19:46 2017 +0000
-
+
     upstream commit
-    
+    
     tweak the uri text, specifically removing some markup to
     make it a bit more readable;
     
     issue reported by - and diff ok - millert
     
     OpenBSD-Commit-ID: 8b56a20208040b2d0633536fd926e992de37ef3f
-
+
 commit 7530e77bdc9415386d2a8ea3d086e8b611b2ba40
 Author: jmc@openbsd.org@openbsd.org <jmc@openbsd.org@openbsd.org>
 Date:   Wed Oct 25 06:18:06 2017 +0000
-
+
     upstream commit
     
     simplify macros in previous, and some minor tweaks;
@@ -5016,11 +10146,11 @@
     
     OpenBSD-ID: 9c43a9968c7929613284ea18e9fb92e4e2a8e4c1
     OpenBSD-Regress-ID: b33b385719420bf3bc57d664feda6f699c147fef
-
+
 commit 2de5c6b53bf063ac698596ef4e23d8e3099656ea
 Author: Damien Miller <djm@mindrot.org>
 Date:   Fri Oct 27 08:42:33 2017 +1100
-
+
     fix rdomain compilation errors
 
 commit 6bd5b569fd6dfd5e8c8af20bbc41e45c2d6462ab
@@ -5060,13 +10190,13 @@
 commit d685e5a31feea35fb99e1a31a70b3c60a7f2a0eb
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Wed Oct 25 02:10:39 2017 +0000
-
+
     upstream commit
-    
+    
     uninitialised variable in PermitTunnel printing code
     
     Upstream-ID: f04dc33e42855704e116b8da61095ecc71bc9e9a
-
+
 commit 43c29bb7cfd46bbbc61e0ffa61a11e74d49a712f
 Author: Damien Miller <djm@mindrot.org>
 Date:   Wed Oct 25 13:10:59 2017 +1100
@@ -5084,31 +10214,31 @@
 Date:   Wed Oct 25 00:21:37 2017 +0000
 
     upstream commit
-    
+    
     transfer ownership of stdout to the session channel by
     dup2'ing /dev/null to fd 1. This allows propagation of remote stdout close to
     the local side; reported by David Newall, ok markus@
     
     Upstream-ID: 8d9ac18a11d89e6b0415f0cbf67b928ac67f0e79
-
+
 commit 68af80e6fdeaeb79432209db614386ff0f37e75f
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Wed Oct 25 00:19:47 2017 +0000
-
+
     upstream commit
-    
+    
     add a "rdomain" criteria for the sshd_config Match
     keyword to allow conditional configuration that depends on which rdomain(4) a
     connection was recevied on. ok markus@
     
     Upstream-ID: 27d8fd5a3f1bae18c9c6e533afdf99bff887a4fb
-
+
 commit 35eb33fb957979e3fcbe6ea0eaee8bf4a217421a
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Wed Oct 25 00:17:08 2017 +0000
-
+
     upstream commit
-    
+    
     add sshd_config RDomain keyword to place sshd and the
     subsequent user session (including the shell and any TCP/IP forwardings) into
     the specified rdomain(4)
@@ -5116,11 +10246,11 @@
     ok markus@
     
     Upstream-ID: be2358e86346b5cacf20d90f59f980b87d1af0f5
-
+
 commit acf559e1cffbd1d6167cc1742729fc381069f06b
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Wed Oct 25 00:15:35 2017 +0000
-
+
     upstream commit
     
     Add optional rdomain qualifier to sshd_config's
@@ -5129,7 +10259,7 @@
     ListenAddress 0.0.0.0 rdomain 4
     
     Upstream-ID: 24b6622c376feeed9e9be8b9605e593695ac9091
-
+
 commit b9903ee8ee8671b447fc260c2bee3761e26c7227
 Author: millert@openbsd.org <millert@openbsd.org>
 Date:   Tue Oct 24 19:41:45 2017 +0000
@@ -5162,7 +10292,7 @@
 Date:   Mon Oct 23 05:08:00 2017 +0000
 
     upstream commit
-    
+    
     Expose devices allocated for tun/tap forwarding.
     
     At the client, the device may be obtained from a new %T expansion
@@ -5175,7 +10305,7 @@
     ok markus
     
     Upstream-ID: e61e53f8ae80566e9ddc0d67a5df5bdf2f3c9f9e
-
+
 commit 887669ef032d63cf07f53cada216fa8a0c9a7d72
 Author: millert@openbsd.org <millert@openbsd.org>
 Date:   Sat Oct 21 23:06:24 2017 +0000
@@ -5201,48 +10331,48 @@
 Date:   Fri Oct 20 02:13:41 2017 +0000
 
     upstream commit
-    
+    
     more RCSIDs
     
     Upstream-Regress-ID: 1aecbe3f8224793f0ec56741a86d619830eb33be
-
+
 commit b011edbb32e41aaab01386ce4c0efcc9ff681c4a
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Fri Oct 20 01:56:39 2017 +0000
-
+
     upstream commit
-    
+    
     add RCSIDs to these; they make syncing portable a bit
     easier
     
     Upstream-ID: 56cb7021faea599736dd7e7f09c2e714425b1e68
-
+
 commit 6eb27597781dccaf0ec2b80107a9f0592a0cb464
 Author: Damien Miller <djm@mindrot.org>
 Date:   Fri Oct 20 12:54:15 2017 +1100
 
     upstream commit
-    
+    
     Apply missing commit 1.11 to kexc25519s.c
     
     Upstream-ID: 5f020e23a1ee6c3597af1f91511e68552cdf15e8
-
+
 commit 6f72280553cb6918859ebcacc717f2d2fafc1a27
 Author: Damien Miller <djm@mindrot.org>
 Date:   Fri Oct 20 12:52:50 2017 +1100
-
+
     upstream commit
-    
+    
     Apply missing commit 1.127 to servconf.h
     
     Upstream-ID: f14c4bac74a2b7cf1e3cff6bea5c447f192a7d15
-
+
 commit bb3e16ab25cb911238c2eb7455f9cf490cb143cc
 Author: jmc@openbsd.org <jmc@openbsd.org>
 Date:   Wed Oct 18 05:36:59 2017 +0000
 
     upstream commit
-    
+    
     remove unused Pp;
     
     Upstream-ID: 8ad26467f1f6a40be887234085a8e01a61a00550
@@ -5250,32 +10380,32 @@
 commit 05b69e99570553c8e1eafb895b1fbf1d098d2e14
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Wed Oct 18 02:49:44 2017 +0000
-
+
     upstream commit
-    
+    
     In the description of pattern-lists, clarify negated
     matches by explicitly stating that a negated match will never yield a
     positive result, and that at least one positive term in the pattern-list must
     match. bz#1918
     
     Upstream-ID: 652d2f9d993f158fc5f83cef4a95cd9d95ae6a14
-
+
 commit eb80e26a15c10bc65fed8b8cdb476819a713c0fd
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Fri Oct 13 21:13:54 2017 +0000
-
+
     upstream commit
-    
+    
     log debug messages sent to peer; ok deraadt markus
     
     Upstream-ID: 3b4fdc0a06ea5083f61d96e20043000f477103d9
-
+
 commit 071325f458d615d7740da5c1c1d5a8b68a0b4605
 Author: jmc@openbsd.org <jmc@openbsd.org>
 Date:   Fri Oct 13 16:50:45 2017 +0000
 
     upstream commit
-    
+    
     trim permitrootlogin description somewhat, to avoid
     ambiguity; original diff from walter alejandro iglesias, tweaked by sthen and
     myself
@@ -5283,29 +10413,29 @@
     ok sthen schwarze deraadt
     
     Upstream-ID: 1749418b2bc073f3fdd25fe21f8263c3637fe5d2
-
+
 commit 10727487becb897a15f658e0cb2d05466236e622
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Fri Oct 13 06:45:18 2017 +0000
-
+
     upstream commit
-    
+    
     mention SSH_USER_AUTH in the list of environment
     variables
     
     Upstream-ID: 1083397c3ee54b4933121ab058c70a0fc6383691
-
+
 commit 224f193d6a4b57e7a0cb2b9ecd3b6c54d721d8c2
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Fri Oct 13 06:24:51 2017 +0000
-
+
     upstream commit
-    
+    
     BIO_get_mem_data() is supposed to take a char* as pointer
     argument, so don't pass it a const char*
     
     Upstream-ID: 1ccd91eb7f4dd4f0fa812d4f956987cd00b5f6ec
-
+
 commit cfa46825b5ef7097373ed8e31b01a4538a8db565
 Author: benno@openbsd.org <benno@openbsd.org>
 Date:   Mon Oct 9 20:12:51 2017 +0000
@@ -5316,4391 +10446,25 @@
     jmc@ djm@
     
     Upstream-ID: e37e27bb6bbac71315e22cb9690fd8a556a501ed
-
+
 commit dceabc7ad7ebc7769c8214a1647af64c9a1d92e5
 Author: djm@openbsd.org <djm@openbsd.org>
 Date:   Thu Oct 5 15:52:03 2017 +0000
-
+
     upstream commit
-    
+    
     replace statically-sized arrays in ServerOptions with
     dynamic ones managed by xrecallocarray, removing some arbitrary (though
     large) limits and saving a bit of memory; "much nicer" markus@
     
     Upstream-ID: 1732720b2f478fe929d6687ac7b0a97ff2efe9d2
-
+
 commit 2b4f3ab050c2aaf6977604dd037041372615178d
 Author: jmc@openbsd.org <jmc@openbsd.org>
 Date:   Thu Oct 5 12:56:50 2017 +0000
 
     upstream commit
-    
+    
     %C is hashed; from klemens nanni ok markus
     
     Upstream-ID: 6ebed7b2e1b6ee5402a67875d74f5e2859d8f998
-
-commit a66714508b86d6814e9055fefe362d9fe4d49ab3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Oct 4 18:50:23 2017 +0000
-
-    upstream commit
-    
-    exercise PermitOpen a little more thoroughly
-    
-    Upstream-Regress-ID: f41592334e227a4c1f9a983044522de4502d5eac
-
-commit 609ecc8e57eb88e2eac976bd3cae7f7889aaeff6
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Sep 26 22:39:25 2017 +0000
-
-    upstream commit
-    
-    UsePrivilegeSeparation is gone, stop trying to test it.
-    
-    Upstream-Regress-ID: 796a5057cfd79456a20ea935cc53f6eb80ace191
-
-commit 69bda0228861f3dacd4fb3d28b60ce9d103d254b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Oct 4 18:49:30 2017 +0000
-
-    upstream commit
-    
-    fix (another) problem in PermitOpen introduced during the
-    channels.c refactor: the third and subsequent arguments to PermitOpen were
-    being silently ignored; ok markus@
-    
-    Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd
-
-commit 66bf74a92131b7effe49fb0eefe5225151869dc5
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Oct 2 19:33:20 2017 +0000
-
-    upstream commit
-    
-    Fix PermitOpen crash; spotted by benno@, ok dtucker@ deraadt@
-    
-    Upstream-ID: c2cc84ffac070d2e1ff76182c70ca230a387983c
-
-commit d63b38160a59039708fd952adc75a0b3da141560
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Oct 1 10:32:25 2017 +1100
-
-    update URL again
-    
-    I spotted a typo in the draft so uploaded a new version...
-
-commit 6f64f596430cd3576c529f07acaaf2800aa17d58
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Oct 1 10:01:56 2017 +1100
-
-    sync release notes URL
-
-commit 35ff70a04dd71663a5ac1e73b90d16d270a06e0d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Oct 1 10:01:25 2017 +1100
-
-    sync contrib/ssh-copy-id with upstream
-
-commit 290843b8ede85f8b30bf29cd7dceb805c3ea5b66
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Oct 1 09:59:19 2017 +1100
-
-    update version in RPM spec files
-
-commit 4e4e0bb223c5be88d87d5798c75cc6b0d4fef31d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Oct 1 09:58:24 2017 +1100
-
-    update agent draft URL
-
-commit e4a798f001d2ecd8bf025c1d07658079f27cc604
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Sep 30 22:26:33 2017 +0000
-
-    upstream commit
-    
-    openssh-7.6; ok deraadt@
-    
-    Upstream-ID: a39c3a5b63a1baae109ae1ae4c7c34c2a59acde0
-
-commit 5fa1407e16e7e5fda9769d53b626ce39d5588d4d
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Wed Sep 27 06:45:53 2017 +0000
-
-    upstream commit
-    
-    tweak EposeAuthinfo; diff from lars nooden
-    
-    tweaked by sthen; ok djm dtucker
-    
-    Upstream-ID: 8f2ea5d2065184363e8be7a0ba24d98a3b259748
-
-commit bba69c246f0331f657fd6ec97724df99fc1ad174
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Sep 28 16:06:21 2017 -0700
-
-    don't fatal ./configure for LibreSSL
-
-commit 04dc070e8b4507d9d829f910b29be7e3b2414913
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Sep 28 14:54:34 2017 -0700
-
-    abort in configure when only openssl-1.1.x found
-    
-    We don't support openssl-1.1.x yet (see multiple threads on the
-    openssh-unix-dev@ mailing list for the reason), but previously
-    ./configure would accept it and the compilation would subsequently
-    fail. This makes ./configure display an explicit error message and
-    abort.
-    
-    ok dtucker@
-
-commit 74c1c3660acf996d9dc329e819179418dc115f2c
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Sep 27 07:44:41 2017 +1000
-
-    Check for and handle calloc(p, 0) = NULL.
-    
-    On some platforms (AIX, maybe others) allocating zero bytes of memory
-    via the various *alloc functions returns NULL, which is permitted
-    by the standards.  Autoconf has some macros for detecting this (with
-    the exception of calloc for some reason) so use these and if necessary
-    activate shims for them.  ok djm@
-
-commit 6a9481258a77b0b54b2a313d1761c87360c5f1f5
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Thu Sep 21 19:18:12 2017 +0000
-
-    upstream commit
-    
-    test reverse dynamic forwarding with SOCKS
-    
-    Upstream-Regress-ID: 95cf290470f7e5e2f691e4bc6ba19b91eced2f79
-
-commit 1b9f321605733754df60fac8c1d3283c89b74455
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Sep 26 16:55:55 2017 +1000
-
-    sync missing changes in dynamic-forward.sh
-
-commit 44fc334c7a9ebdd08addb6d5fa005369897fddeb
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Mon Sep 25 09:48:10 2017 +1000
-
-    Add minimal strsignal for platforms without it.
-
-commit 218e6f98df566fb9bd363f6aa47018cb65ede196
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Sep 24 13:45:34 2017 +0000
-
-    upstream commit
-    
-    fix inverted test on channel open failure path that
-    "upgraded" a transient failure into a fatal error; reported by sthen and also
-    seen by benno@; ok sthen@
-    
-    Upstream-ID: b58b3fbb79ba224599c6cd6b60c934fc46c68472
-
-commit c704f641f7b8777497dc82e81f2ac89afec7e401
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Sep 24 09:50:01 2017 +0000
-
-    upstream commit
-    
-    write the correct buffer when tunnel forwarding; doesn't
-    matter on OpenBSD (they are the same) but does matter on portable where we
-    use an output filter to translate os-specific tun/tap headers
-    
-    Upstream-ID: f1ca94eff48404827b12e1d12f6139ee99a72284
-
-commit 55486f5cef117354f0c64f991895835077b7c7f7
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Sep 23 22:04:07 2017 +0000
-
-    upstream commit
-    
-    fix tunnel forwarding problem introduced in refactor;
-    reported by stsp@ ok markus@
-    
-    Upstream-ID: 81a731cdae1122c8522134095d1a8b60fa9dcd04
-
-commit 609d7a66ce578abf259da2d5f6f68795c2bda731
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Thu Sep 21 19:16:53 2017 +0000
-
-    upstream commit
-    
-    Add 'reverse' dynamic forwarding which combines dynamic
-    forwarding (-D) with remote forwarding (-R) where the remote-forwarded port
-    expects SOCKS-requests.
-    
-    The SSH server code is unchanged and the parsing happens at the SSH
-    clients side. Thus the full SOCKS-request is sent over the forwarded
-    channel and the client parses c->output. Parsing happens in
-    channel_before_prepare_select(), _before_ the select bitmask is
-    computed in the pre[] handlers, but after network input processing
-    in the post[] handlers.
-    
-    help and ok djm@
-    
-    Upstream-ID: aa25a6a3851064f34fe719e0bf15656ad5a64b89
-
-commit 36945fa103176c00b39731e1fc1919a0d0808b81
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Wed Sep 20 05:19:00 2017 +0000
-
-    upstream commit
-    
-    Use strsignal in debug message instead of casting for the
-    benefit of portable where sig_atomic_t might not be int.  "much nicer"
-    deraadt@
-    
-    Upstream-ID: 2dac6c1e40511c700bd90664cd263ed2299dcf79
-
-commit 3e8d185af326bf183b6f78597d5e3d2eeb2dc40e
-Author: millert@openbsd.org <millert@openbsd.org>
-Date:   Tue Sep 19 12:10:30 2017 +0000
-
-    upstream commit
-    
-    Use explicit_bzero() instead of bzero() before free() to
-    prevent the compiler from optimizing away the bzero() call.  OK djm@
-    
-    Upstream-ID: cdc6197e64c9684c7250e23d60863ee1b53cef1d
-
-commit 5b8da1f53854c0923ec6e927e86709e4d72737b6
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Sep 19 04:24:22 2017 +0000
-
-    upstream commit
-    
-    fix use-after-free in ~^Z escape handler path, introduced
-    in channels.c refactor; spotted by millert@ "makes sense" deraadt@
-    
-    Upstream-ID: 8fa2cdc65c23ad6420c1e59444b0c955b0589b22
-
-commit a3839d8d2b89ff1a80cadd4dd654336710de2c9e
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Sep 18 12:03:24 2017 +0000
-
-    upstream commit
-    
-    Prevent type mismatch warning in debug on platforms where
-    sig_atomic_t != int.  ok djm@
-    
-    Upstream-ID: 306e2375eb0364a4c68e48f091739bea4f4892ed
-
-commit 30484e5e5f0b63d2c6ba32c6b85f06b6c6fa55fc
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Sep 18 09:41:52 2017 +0000
-
-    upstream commit
-    
-    Add braces missing after channels refactor.  ok markus@
-    
-    Upstream-ID: 72ab325c84e010680dbc88f226e2aa96b11a3980
-
-commit b79569190b9b76dfacc6d996faa482f16e8fc026
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Sep 19 12:29:23 2017 +1000
-
-    add freezero(3) replacement
-    
-    ok dtucker@
-
-commit 161af8f5ec0961b10cc032efb5cc1b44ced5a92e
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Sep 19 10:18:56 2017 +1000
-
-    move FORTIFY_SOURCE into hardening options group
-    
-    It's still on by default, but now it's possible to turn it off using
-    --without-hardening. This is useful since it's known to cause problems
-    with some -fsanitize options. ok dtucker@
-
-commit 09eacf856e0fe1a6e3fe597ec8032b7046292914
-Author: bluhm@openbsd.org <bluhm@openbsd.org>
-Date:   Wed Sep 13 14:58:26 2017 +0000
-
-    upstream commit
-    
-    Print SKIPPED if sudo and doas configuration is missing.
-    Prevents that running the regression test with wrong environment is reported
-    as failure.  Keep the fatal there to avoid interfering with other setups for
-    portable ssh. OK dtucker@
-    
-    Upstream-Regress-ID: f0dc60023caef496ded341ac5aade2a606fa234e
-
-commit cdede10899892f25f1ccdccd7a3fe5e5ef0aa49a
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Aug 7 03:52:55 2017 +0000
-
-    upstream commit
-    
-    Remove obsolete privsep=no fallback test.
-    
-    Upstream-Regress-ID: 7d6e1baa1678ac6be50c2a1555662eb1047638df
-
-commit ec218c105daa9f5b192f7aa890fdb2d4fdc4e9d8
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Aug 7 00:53:51 2017 +0000
-
-    upstream commit
-    
-    Remove non-privsep test since disabling privsep is now
-    deprecated.
-    
-    Upstream-Regress-ID: 77ad3f3d8d52e87f514a80f285c6c1229b108ce8
-
-commit 239c57d5bc2253e27e3e6ad7ac52ec8c377ee24e
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jul 28 10:32:08 2017 +0000
-
-    upstream commit
-    
-    Don't call fatal from stop_sshd since it calls cleanup
-    which calls stop_sshd which will probably fail in the same way.  Instead,
-    just bail. Differentiate between sshd dying without cleanup and not shutting
-    down.
-    
-    Upstream-Regress-ID: f97315f538618b349e2b0bea02d6b0c9196c6bc4
-
-commit aea59a0d9f120f2a87c7f494a0d9c51eaa79b8ba
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Thu Sep 14 04:32:21 2017 +0000
-
-    upstream commit
-    
-    Revert commitid: gJtIN6rRTS3CHy9b.
-    
-    -------------
-    identify the case where SSHFP records are missing but other DNS RR
-    types are present and display a more useful error message for this
-    case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
-    -------------
-    
-    This caused unexpected failures when VerifyHostKeyDNS=yes, SSHFP results
-    are missing but the user already has the key in known_hosts
-    
-    Spotted by dtucker@
-    
-    Upstream-ID: 97e31742fddaf72046f6ffef091ec0d823299920
-
-commit 871f1e4374420b07550041b329627c474abc3010
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Sep 12 18:01:35 2017 +1000
-
-    adapt portable to channels API changes
-
-commit 4ec0bb9f9ad7b4eb0af110fa8eddf8fa199e46bb
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Sep 12 07:55:48 2017 +0000
-
-    upstream commit
-    
-    unused variable
-    
-    Upstream-ID: 2f9ba09f2708993d35eac5aa71df910dcc52bac1
-
-commit 9145a73ce2ba30c82bbf91d7205bfd112529449f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Sep 12 07:32:04 2017 +0000
-
-    upstream commit
-    
-    fix tun/tap forwarding case in previous
-    
-    Upstream-ID: 43ebe37a930320e24bca6900dccc39857840bc53
-
-commit 9f53229c2ac97dbc6f5a03657de08a1150a9ac7e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Sep 12 06:35:31 2017 +0000
-
-    upstream commit
-    
-    Make remote channel ID a u_int
-    
-    Previously we tracked the remote channel IDs in an int, but this is
-    strictly incorrect: the wire protocol uses uint32 and there is nothing
-    in-principle stopping a SSH implementation from sending, say, 0xffff0000.
-    
-    In practice everyone numbers their channels sequentially, so this has
-    never been a problem.
-    
-    ok markus@
-    
-    Upstream-ID: b9f4cd3dc53155b4a5c995c0adba7da760d03e73
-
-commit dbee4119b502e3f8b6cd3282c69c537fd01d8e16
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Sep 12 06:32:07 2017 +0000
-
-    upstream commit
-    
-    refactor channels.c
-    
-    Move static state to a "struct ssh_channels" that is allocated at
-    runtime and tracked as a member of struct ssh.
-    
-    Explicitly pass "struct ssh" to all channels functions.
-    
-    Replace use of the legacy packet APIs in channels.c.
-    
-    Rework sshd_config PermitOpen handling: previously the configuration
-    parser would call directly into the channels layer. After the refactor
-    this is not possible, as the channels structures are allocated at
-    connection time and aren't available when the configuration is parsed.
-    The server config parser now tracks PermitOpen itself and explicitly
-    configures the channels code later.
-    
-    ok markus@
-    
-    Upstream-ID: 11828f161656b965cc306576422613614bea2d8f
-
-commit abd59663df37a42152e37980113ccaa405b9a282
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Thu Sep 7 23:48:09 2017 +0000
-
-    upstream commit
-    
-    typo in comment
-    
-    Upstream-ID: a93b1e6f30f1f9b854b5b964b9fd092d0c422c47
-
-commit 149a8cd24ce9dd47c36f571738681df5f31a326c
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Mon Sep 4 06:34:43 2017 +0000
-
-    upstream commit
-    
-    tweak previous;
-    
-    Upstream-ID: bb8cc40b61b15f6a13d81da465ac5bfc65cbfc4b
-
-commit ec9d22cc251cc5acfe7b2bcef9cc7a1fe0e949d8
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Sep 8 12:44:13 2017 +1000
-
-    Fuzzer harnesses for sig verify and pubkey parsing
-    
-    These are some basic clang libfuzzer harnesses for signature
-    verification and public key parsing. Some assembly (metaphorical)
-    required.
-
-commit de35c382894964a896a63ecd5607d3a3b93af75d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Sep 8 12:38:31 2017 +1000
-
-    Give configure ability to set CFLAGS/LDFLAGS later
-    
-    Some CFLAGS/LDFLAGS may disrupt the configure script's operation,
-    in particular santization and fuzzer options that break assumptions
-    about memory and file descriptor dispositions.
-    
-    This adds two flags to configure --with-cflags-after and
-    --with-ldflags-after that allow specifying additional compiler and
-    linker options that are added to the resultant Makefiles but not
-    used in the configure run itself.
-    
-    E.g.
-    
-    env CC=clang-3.9 ./configure \
-      --with-cflags-after=-fsantize=address \
-      --with-ldflags-after="-g -fsanitize=address"
-
-commit 22376d27a349f62c502fec3396dfe0fdcb2a40b7
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Sep 3 23:33:13 2017 +0000
-
-    upstream commit
-    
-    Expand ssh_config's StrictModes option with two new
-    settings:
-    
-    StrictModes=accept-new will automatically accept hitherto-unseen keys
-    but will refuse connections for changed or invalid hostkeys.
-    
-    StrictModes=off is the same as StrictModes=no
-    
-    Motivation:
-    
-    StrictModes=no combines two behaviours for host key processing:
-    automatically learning new hostkeys and continuing to connect to hosts
-    with invalid/changed hostkeys. The latter behaviour is quite dangerous
-    since it removes most of the protections the SSH protocol is supposed to
-    provide.
-    
-    Quite a few users want to automatically learn hostkeys however, so
-    this makes that feature available with less danger.
-    
-    At some point in the future, StrictModes=no will change to be a synonym
-    for accept-new, with its current behaviour remaining available via
-    StrictModes=off.
-    
-    bz#2400, suggested by Michael Samuel; ok markus
-    
-    Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
-
-commit ff3c42384033514e248ba5d7376aa033f4a2b99a
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Fri Sep 1 15:41:26 2017 +0000
-
-    upstream commit
-    
-    remove blank line;
-    
-    Upstream-ID: 2f46b51a0ddb3730020791719e94d3e418e9f423
-
-commit b828605d51f57851316d7ba402b4ae06cf37c55d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Sep 1 05:53:56 2017 +0000
-
-    upstream commit
-    
-    identify the case where SSHFP records are missing but
-    other DNS RR types are present and display a more useful error message for
-    this case; patch by Thordur Bjornsson; bz#2501; ok dtucker@
-    
-    Upstream-ID: 8f7a5a8344f684823d8317a9708b63e75be2c244
-
-commit 8042bad97e2789a50e8f742c3bcd665ebf0add32
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Sep 1 05:50:48 2017 +0000
-
-    upstream commit
-    
-    document available AuthenticationMethods; bz#2453 ok
-    dtucker@
-    
-    Upstream-ID: 2c70576f237bb699aff59889dbf2acba4276d3d0
-
-commit 71e5a536ec815d542b199f2ae6d646c0db9f1b58
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Aug 30 03:59:08 2017 +0000
-
-    upstream commit
-    
-    pass packet state down to some of the channels function
-    (more to come...); ok markus@
-    
-    Upstream-ID: d8ce7a94f4059d7ac1e01fb0eb01de0c4b36c81b
-
-commit 6227fe5b362239c872b91bbdee4bf63cf85aebc5
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Tue Aug 29 13:05:58 2017 +0000
-
-    upstream commit
-    
-    sort options;
-    
-    Upstream-ID: cf21d68cf54e81968bca629aaeddc87f0c684f3c
-
-commit 530591a5795a02d01c78877d58604723918aac87
-Author: dlg@openbsd.org <dlg@openbsd.org>
-Date:   Tue Aug 29 09:42:29 2017 +0000
-
-    upstream commit
-    
-    add a -q option to ssh-add to make it quiet on success.
-    
-    if you want to silence ssh-add without this you generally redirect
-    the output to /dev/null, but that can hide error output which you
-    should see.
-    
-    ok djm@
-    
-    Upstream-ID: 2f31b9b13f99dcf587e9a8ba443458e6c0d8997c
-
-commit a54eb27dd64b5eca3ba94e15cec3535124bd5029
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Sun Aug 27 00:38:41 2017 +0000
-
-    upstream commit
-    
-    Increase the buffer sizes for user prompts to ensure that
-    they won't be truncated by snprintf.  Based on patch from cjwatson at
-    debian.org via bz#2768, ok djm@
-    
-    Upstream-ID: 6ffacf1abec8f40b469de5b94bfb29997d96af3e
-
-commit dd9d9b3381a4597b840d480b043823112039327e
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Mon Aug 28 16:48:27 2017 +1000
-
-    Switch Capsicum header to sys/capsicum.h.
-    
-    FreeBSD's <sys/capability.h> was renamed to <sys/capsicum.h> in 2014 to
-    avoid future conflicts with POSIX capabilities (the last release that
-    didn't have it was 9.3) so switch to that.  Patch from des at des.no.
-
-commit f5e917ab105af5dd6429348d9bc463e52b263f92
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sun Aug 27 08:55:40 2017 +1000
-
-    Add missing includes for bsd-err.c.
-    
-    Patch from cjwatson at debian.org via bz#2767.
-
-commit 878e029797cfc9754771d6f6ea17f8c89e11d225
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Aug 25 13:25:01 2017 +1000
-
-    Split platform_sys_dir_uid into its own file
-    
-    platform.o is too heavy for libssh.a use; it calls into the server on
-    many platforms. Move just the function needed by misc.c into its own
-    file.
-
-commit 07949bfe9133234eddd01715592aa0dde67745f0
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Aug 23 20:13:18 2017 +1000
-
-    misc.c needs functions from platform.c now
-
-commit b074c3c3f820000a21953441cea7699c4b17d72f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Aug 18 05:48:04 2017 +0000
-
-    upstream commit
-    
-    add a "quiet" flag to exited_cleanly() that supresses
-    errors about exit status (failure due to signal is still reported)
-    
-    Upstream-ID: db85c39c3aa08e6ff67fc1fb4ffa89f807a9d2f0
-
-commit de4ae07f12dabf8815ecede54235fce5d22e3f63
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Aug 18 05:36:45 2017 +0000
-
-    upstream commit
-    
-    Move several subprocess-related functions from various
-    locations to misc.c. Extend subprocess() to offer a little more control over
-    stdio disposition.
-    
-    feedback & ok dtucker@
-    
-    Upstream-ID: 3573dd7109d13ef9bd3bed93a3deb170fbfce049
-
-commit 643c2ad82910691b2240551ea8b14472f60b5078
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Aug 12 06:46:01 2017 +0000
-
-    upstream commit
-    
-    make "--" before the hostname terminate command-line
-    option processing completely; previous behaviour would not prevent further
-    options appearing after the hostname (ssh has a supported options after the
-    hostname for >20 years, so that's too late to change).
-    
-    ok deraadt@
-    
-    Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89
-
-commit 0f3455356bc284d7c6f4d3c1614d31161bd5dcc2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Aug 12 06:42:52 2017 +0000
-
-    upstream commit
-    
-    Switch from aes256-cbc to aes256-ctr for encrypting
-    new-style private keys. The latter having the advantage of being supported
-    for no-OpenSSL builds; bz#2754 ok markus@
-    
-    Upstream-ID: 54179a2afd28f93470471030567ac40431e56909
-
-commit c4972d0a9bd6f898462906b4827e09b7caea2d9b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Aug 11 04:47:12 2017 +0000
-
-    upstream commit
-    
-    refuse to a private keys when its corresponding .pub key
-    does not match. bz#2737 ok dtucker@
-    
-    Upstream-ID: 54ff5e2db00037f9db8d61690f26ef8f16e0d913
-
-commit 4b3ecbb663c919132dddb3758e17a23089413519
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Aug 11 04:41:08 2017 +0000
-
-    upstream commit
-    
-    don't print verbose error message when ssh disconnects
-    under sftp; bz#2750; ok dtucker@
-    
-    Upstream-ID: 6d83708aed77b933c47cf155a87dc753ec01f370
-
-commit 42a8f8bc288ef8cac504c5c73f09ed610bc74a34
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Aug 11 04:16:35 2017 +0000
-
-    upstream commit
-    
-    Tweak previous keepalive commit: if last_time + keepalive
-    <= now instead of just "<" so client_alive_check will fire if the select
-    happens to return on exact second of the timeout.  ok djm@
-    
-    Upstream-ID: e02756bd6038d11bb8522bfd75a4761c3a684fcc
-
-commit b60ff20051ef96dfb207b6bfa45c0ad6c34a542a
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Aug 11 03:58:36 2017 +0000
-
-    upstream commit
-    
-    Keep track of the last time we actually heard from the
-    client and use this to also schedule a client_alive_check().  Prevents
-    activity on a forwarded port from indefinitely preventing the select timeout
-    so that client_alive_check() will eventually (although not optimally) be
-    called.
-    
-    Analysis by willchan at google com via bz#2756, feedback & ok djm@
-    
-    Upstream-ID: c08721e0bbda55c6d18e2760f3fe1b17fb71169e
-
-commit 94bc1e7ffba3cbdea8c7dcdab8376bf29283128f
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jul 28 14:50:59 2017 +1000
-
-    Expose list of completed auth methods to PAM
-    
-    bz#2408; ok dtucker@
-
-commit c78e6eec78c88acf8d51db90ae05a3e39458603d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jul 21 14:38:16 2017 +1000
-
-    fix problems in tunnel forwarding portability code
-    
-    This fixes a few problems in the tun forwarding code, mostly to do
-    with host/network byte order confusion.
-    
-    Based on a  report and patch by stepe AT centaurus.uberspace.de;
-    bz#2735; ok dtucker@
-
-commit 2985d4062ebf4204bbd373456a810d558698f9f5
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Jul 25 09:22:25 2017 +0000
-
-    upstream commit
-    
-    Make WinSCP patterns for SSH_OLD_DHGEX more specific to
-    exclude WinSCP 5.10.x and up.  bz#2748, from martin at winscp.net, ok djm@
-    
-    Upstream-ID: 6fd7c32e99af3952db007aa180e73142ddbc741a
-
-commit 9f0e44e1a0439ff4646495d5735baa61138930a9
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jul 24 04:34:28 2017 +0000
-
-    upstream commit
-    
-    g/c unused variable; make a little more portable
-    
-    Upstream-ID: 3f5980481551cb823c6fb2858900f93fa9217dea
-
-commit 51676ec61491ec6d7cbd06082034e29b377b3bf6
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Jul 23 23:37:02 2017 +0000
-
-    upstream commit
-    
-    Allow IPQoS=none in ssh/sshd to not set an explicit
-    ToS/DSCP value and just use the operating system default; ok dtucker@
-    
-    Upstream-ID: 77906ff8c7b660b02ba7cb1e47b17d66f54f1f7e
-
-commit 6c1fbd5a50d8d2415f06c920dd3b1279b741072d
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jul 21 14:24:26 2017 +1000
-
-    mention libedit
-
-commit dc2bd308768386b02c7337120203ca477e67ba62
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Wed Jul 19 08:30:41 2017 +0000
-
-    upstream commit
-    
-    fix support for unknown key types; ok djm@
-    
-    Upstream-ID: 53fb29394ed04d616d65b3748dee5aa06b07ab48
-
-commit fd0e8fa5f89d21290b1fb5f9d110ca4f113d81d9
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Jul 19 01:15:02 2017 +0000
-
-    upstream commit
-    
-    switch from select() to poll() for the ssh-agent
-    mainloop; ok markus
-    
-    Upstream-ID: 4a94888ee67b3fd948fd10693973beb12f802448
-
-commit b1e72df2b813ecc15bd0152167bf4af5f91c36d3
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jul 14 03:18:21 2017 +0000
-
-    upstream commit
-    
-    Make ""Killed by signal 1" LogLevel verbose so it's not
-    shown at the default level.  Prevents it from appearing during ssh -J and
-    equivalent ProxyCommand configs. bz#1906, bz#2744, feedback&ok markus@
-    
-    Upstream-ID: debfaa7e859b272246c2f2633335d288d2e2ae28
-
-commit 1f3d202770a08ee6752ed2a234b7ca6f180eb498
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Thu Jul 13 19:16:33 2017 +0000
-
-    upstream commit
-    
-    man pages with pseudo synopses which list filenames end
-    up creating very ugly output in man -k; after some discussion with ingo, we
-    feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly
-    helpful at page top, is contained already in FILES, and there are
-    sufficiently few that just zapping them is simple;
-    
-    ok schwarze, who also helpfully ran things through a build to check
-    output;
-    
-    Upstream-ID: 3e211b99457e2f4c925c5927d608e6f97431336c
-
-commit 7f13a4827fb28957161de4249bd6d71954f1f2ed
-Author: espie@openbsd.org <espie@openbsd.org>
-Date:   Mon Jul 10 14:09:59 2017 +0000
-
-    upstream commit
-    
-    zap redundant Makefile variables. okay djm@
-    
-    Upstream-ID: e39b3902fe1d6c4a7ba6a3c58e072219f3c1e604
-
-commit dc44dd3a9e2c9795394e6a7e1e71c929cbc70ce0
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Sat Jul 8 18:32:54 2017 +0000
-
-    upstream commit
-    
-    slightly rework previous, to avoid an article issue;
-    
-    Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
-
-commit 853edbe057a84ebd0024c8003e4da21bf2b469f7
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jul 7 03:53:12 2017 +0000
-
-    upstream commit
-    
-    When generating all hostkeys (ssh-keygen -A), clobber
-    existing keys if they exist but are zero length. zero-length keys could
-    previously be made if ssh-keygen failed part way through generating them, so
-    avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@
-    
-    Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
-
-commit 43616876ba68a2ffaece6a6c792def4b039f2d6e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jul 1 22:55:44 2017 +0000
-
-    upstream commit
-    
-    actually remove these files
-    
-    Upstream-ID: 1bd41cba06a7752de4df304305a8153ebfb6b0ac
-
-commit 83fa3a044891887369ce8b487ce88d713a04df48
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jul 1 13:50:45 2017 +0000
-
-    upstream commit
-    
-    remove post-SSHv1 removal dead code from rsa.c and merge
-    the remaining bit that it still used into ssh-rsa.c; ok markus
-    
-    Upstream-ID: ac8a048d24dcd89594b0052ea5e3404b473bfa2f
-
-commit 738c73dca2c99ee78c531b4cbeefc2008fe438f0
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jul 14 14:26:36 2017 +1000
-
-    make explicit_bzero/memset safe for sz=0
-
-commit 8433d51e067e0829f5521c0c646b6fd3fe17e732
-Author: Tim Rice <tim@multitalents.net>
-Date:   Tue Jul 11 18:47:56 2017 -0700
-
-    modified:   configure.ac
-    UnixWare needs BROKEN_TCGETATTR_ICANON like Solaris
-    Analysis by Robbie Zhang
-
-commit ff3507aea9c7d30cd098e7801e156c68faff7cc7
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jul 7 11:21:27 2017 +1000
-
-    typo
-
-commit d79bceb9311a9c137d268f5bc481705db4151810
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jun 30 04:17:23 2017 +0000
-
-    upstream commit
-    
-    Only call close once in confree().  ssh_packet_close will
-    close the FD so only explicitly close non-SSH channels.  bz#2734, from
-    bagajjal at microsoft.com, ok djm@
-    
-    Upstream-ID: a81ce0c8b023527167739fccf1732b154718ab02
-
-commit 197dc9728f062e23ce374f44c95a2b5f9ffa4075
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Jun 29 15:40:25 2017 +1000
-
-    Update link for my patches.
-
-commit a98339edbc1fc21342a390f345179a9c3031bef7
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Jun 28 01:09:22 2017 +0000
-
-    upstream commit
-    
-    Allow ssh-keygen to use a key held in ssh-agent as a CA when
-    signing certificates. bz#2377 ok markus
-    
-    Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
-
-commit c9cdef35524bd59007e17d5bd2502dade69e2dfb
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jun 24 06:35:24 2017 +0000
-
-    upstream commit
-    
-    regress test for ExposeAuthInfo
-    
-    Upstream-Regress-ID: 190e5b6866376f4061c411ab157ca4d4e7ae86fd
-
-commit f17ee61cad25d210edab69d04ed447ad55fe80c1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jun 24 07:08:57 2017 +0000
-
-    upstream commit
-    
-    correct env var name
-    
-    Upstream-ID: 721e761c2b1d6a4dcf700179f16fd53a1dadb313
-
-commit 40962198e3b132cecdb32e9350acd4294e6a1082
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Sat Jun 24 06:57:04 2017 +0000
-
-    upstream commit
-    
-    spelling;
-    
-    Upstream-ID: 606f933c8e2d0be902ea663946bc15e3eee40b25
-
-commit 33f86265d7e8a0e88d3a81745d746efbdd397370
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jun 24 06:38:11 2017 +0000
-
-    upstream commit
-    
-    don't pass pointer to struct sshcipher between privsep
-    processes, just redo the lookup in each using the already-passed cipher name.
-    bz#2704 based on patch from Brooks Davis; ok markus dtucker
-    
-    Upstream-ID: 2eab434c09bdf549dafd7da3e32a0d2d540adbe0
-
-commit 8f574959272ac7fe9239c4f5d10fd913f8920ab0
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jun 24 06:34:38 2017 +0000
-
-    upstream commit
-    
-    refactor authentication logging
-    
-    optionally record successful auth methods and public credentials
-    used in a file accessible to user sessions
-    
-    feedback and ok markus@
-    
-    Upstream-ID: 090b93036967015717b9a54fd0467875ae9d32fb
-
-commit e2004d4bb7eb01c663dd3a3e7eb224f1ccdc9bba
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Sat Jun 24 06:28:50 2017 +0000
-
-    upstream commit
-    
-    word fix;
-    
-    Upstream-ID: 8539bdaf2366603a34a9b2f034527ca13bb795c5
-
-commit 4540428cd0adf039bcf5a8a27f2d5cdf09191513
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jun 24 05:37:44 2017 +0000
-
-    upstream commit
-    
-    switch sshconnect.c from (slightly abused) select() to
-    poll(); ok deraadt@ a while back
-    
-    Upstream-ID: efc1937fc591bbe70ac9e9542bb984f354c8c175
-
-commit 6f8ca3b92540fa1a9b91670edc98d15448e3d765
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jun 24 05:35:05 2017 +0000
-
-    upstream commit
-    
-    use HostKeyAlias if specified instead of hostname for
-    matching host certificate principal names; bz#2728; ok dtucker@
-    
-    Upstream-ID: dc2e11c83ae9201bbe74872a0c895ae9725536dd
-
-commit 8904ffce057b80a7472955f1ec00d7d5c250076c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jun 24 05:24:11 2017 +0000
-
-    upstream commit
-    
-    no need to call log_init to reinitialise logged PID in
-    child sessions, since we haven't called openlog() in log_init() since 1999;
-    ok markus@
-    
-    Upstream-ID: 0906e4002af5d83d3d544df75e1187c932a3cf2e
-
-commit e238645d789cd7eb47541b66aea2a887ea122c9b
-Author: mestre@openbsd.org <mestre@openbsd.org>
-Date:   Fri Jun 23 07:24:48 2017 +0000
-
-    upstream commit
-    
-    When using the escape sequence &~ the code path is
-    client_loop() -> client_simple_escape_filter() -> process_escapes() -> fork()
-    and the pledge for this path lacks the proc promise and therefore aborts the
-    process. The solution is to just add proc the promise to this specific
-    pledge.
-    
-    Reported by Gregoire Jadi gjadi ! omecha.info
-    Insight with tb@, OK jca@
-    
-    Upstream-ID: 63c05e30c28209519f476023b65b0b1b0387a05b
-
-commit 5abbb31c4e7a6caa922cc1cbb14e87a77f9d19d3
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jun 23 03:30:42 2017 +0000
-
-    upstream commit
-    
-    Import regenerated moduli.
-    
-    Upstream-ID: b25bf747544265b39af74fe0716dc8d9f5b63b95
-
-commit 849c5468b6d9b4365784c5dd88e3f1fb568ba38f
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jun 23 03:25:53 2017 +0000
-
-    upstream commit
-    
-    Run the screen twice so we end up with more candidate
-    groups.  ok djm@
-    
-    Upstream-ID: b92c93266d8234d493857bb822260dacf4366157
-
-commit 4626e39c7053c6486c1c8b708ec757e464623f5f
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Wed Jun 14 00:31:38 2017 +0000
-
-    upstream commit
-    
-    Add user@host prefix to client's "Permisison denied"
-    messages, useful in particular when using "stacked" connections where it's
-    not clear which host is denying.  bz#2720, ok djm@ markus@
-    
-    Upstream-ID: de88e1e9dcb050c98e85377482d1287a9fe0d2be
-
-commit c948030d54911b2d3cddb96a7a8e9269e15d11cd
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 13 12:13:59 2017 +0000
-
-    upstream commit
-    
-    Do not require that unknown EXT_INFO extension values not
-    contain \0 characters. This would cause fatal connection errors if an
-    implementation sent e.g. string-encoded sub-values inside a value.
-    
-    Reported by Denis Bider; ok markus@
-    
-    Upstream-ID: 030e10fdc605563c040244c4b4f1d8ae75811a5c
-
-commit 6026f48dfca78b713e4a7f681ffa42a0afe0929e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jun 13 11:22:15 2017 +0000
-
-    upstream commit
-    
-    missing prototype.
-    
-    Upstream-ID: f443d2be9910fd2165a0667956d03343c46f66c9
-
-commit bcd1485075aa72ba9418003f5cc27af2b049c51b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sat Jun 10 23:41:25 2017 +1000
-
-    portability for sftp globbed ls sort by mtime
-    
-    Include replacement timespeccmp() for systems that lack it.
-    Support time_t struct stat->st_mtime in addition to
-    timespec stat->st_mtim, as well as unsorted fallback.
-
-commit 072e172f1d302d2a2c6043ecbfb4004406717b96
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jun 10 06:36:46 2017 +0000
-
-    upstream commit
-    
-    print '?' instead of incorrect link count (that the
-    protocol doesn't provide) for remote listings. bz#2710 ok dtucker@
-    
-    Upstream-ID: c611f98a66302cea452ef10f13fff8cf0385242e
-
-commit 72be5b2f8e7dc37235e8c4b8d0bc7b5ee1301505
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Jun 10 06:33:34 2017 +0000
-
-    upstream commit
-    
-    implement sorting for globbed ls; bz#2649 ok dtucker@
-    
-    Upstream-ID: ed3110f351cc9703411bf847ba864041fb7216a8
-
-commit 5b2f34a74aa6a524cd57e856b23e1b7b25007721
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 9 06:47:13 2017 +0000
-
-    upstream commit
-    
-    return failure rather than fatal() for more cases during
-    mux negotiations. Causes the session to fall back to a non-mux connection if
-    they occur. bz#2707 ok dtucker@
-    
-    Upstream-ID: d2a7892f464d434e1f615334a1c9d0cdb83b29ab
-
-commit 7f5637c4a67a49ef256cb4eedf14e8590ac30976
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 9 06:43:01 2017 +0000
-
-    upstream commit
-    
-    in description of public key authentication, mention that
-    the server will send debug messages to the client for some error conditions
-    after authentication has completed. bz#2709 ok dtucker
-    
-    Upstream-ID: 750127dbd58c5a2672c2d28bc35fe221fcc8d1dd
-
-commit 2076e4adb986512ce8c415dd194fd4e52136c4b4
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 9 06:40:24 2017 +0000
-
-    upstream commit
-    
-    better translate libcrypto errors by looking deeper in
-    the accursed error stack for codes that indicate the wrong passphrase was
-    supplied for a PEM key. bz#2699 ok dtucker@
-    
-    Upstream-ID: 4da4286326d570f4f0489459bb71f6297e54b681
-
-commit ad0531614cbe8ec424af3c0fa90c34a8e1ebee4c
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jun 9 04:40:04 2017 +0000
-
-    upstream commit
-    
-    Add comments referring to the relevant RFC sections for
-    rekeying behaviour.
-    
-    Upstream-ID: 6fc8e82485757a27633f9175ad00468f49a07d40
-
-commit ce9134260b9b1247e2385a1afed00c26112ba479
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Jun 9 14:43:47 2017 +1000
-
-    drop two more privileges in the Solaris sandbox
-    
-    Drop PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO.
-    Patch from huieying.lee AT oracle.com via bz#2723
-
-commit e0f609c8a2ab940374689ab8c854199c3c285a76
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Jun 9 13:36:29 2017 +1000
-
-    Wrap stdint.h include in #ifdef.
-
-commit 1de5e47a85850526a4fdaf77185134046c050f75
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Jun 7 01:48:15 2017 +0000
-
-    upstream commit
-    
-    unbreak after sshv1 purge
-    
-    Upstream-Regress-ID: 8ea01a92d5f571b9fba88c1463a4254a7552d51b
-
-commit 550c053168123fcc0791f9952abad684704b5760
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Jun 6 09:12:17 2017 +0000
-
-    upstream commit
-    
-    Fix compression output stats broken in rev 1.201.  Patch
-    originally by Russell Coker via Debian bug #797964 and Christoph Biedl.  ok
-    djm@
-    
-    Upstream-ID: 83a1903b95ec2e4ed100703debb4b4a313b01016
-
-commit 55d06c6e72a9abf1c06a7ac2749ba733134a1f39
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jun 2 06:06:10 2017 +0000
-
-    upstream commit
-    
-    rationalise the long list of manual CDIAGFLAGS that we
-    add; most of these were redundant to -Wall -Wextra
-    
-    Upstream-ID: ea80f445e819719ccdcb237022cacfac990fdc5c
-
-commit 1527d9f61e6d50f6c2b4a3fa5b45829034b1b0b1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Thu Jun 1 06:59:21 2017 +0000
-
-    upstream commit
-    
-    no need to bzero allocated space now that we use use
-    recallocarray; ok deraadt@
-    
-    Upstream-ID: 53333c62ccf97de60b8cb570608c1ba5ca5803c8
-
-commit cc812baf39b93d5355565da98648d8c31f955990
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Thu Jun 1 06:58:25 2017 +0000
-
-    upstream commit
-    
-    unconditionally zero init size of buffer; ok markus@
-    deraadt@
-    
-    Upstream-ID: 218963e846d8f26763ba25afe79294547b99da29
-
-commit 65eb8fae0d7ba45ef4483a3cf0ae7fd0dbc7c226
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Jun 1 16:25:09 2017 +1000
-
-    avoid compiler warning
-
-commit 2d75d74272dc2a0521fce13cfe6388800c9a2406
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Thu Jun 1 06:16:43 2017 +0000
-
-    upstream commit
-    
-    some warnings spotted by clang; ok markus@
-    
-    Upstream-ID: 24381d68ca249c5cee4388ceb0f383fa5b43991b
-
-commit 151c6e433a5f5af761c78de87d7b5d30a453cf5e
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Jun 1 15:25:13 2017 +1000
-
-    add recallocarray replacement and dependency
-    
-    recallocarray() needs getpagesize() so add a tiny replacement for that.
-
-commit 01e6f78924da308447e71e9a32c8a6104ef4e888
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Jun 1 15:16:24 2017 +1000
-
-    add *.0 manpage droppings
-
-commit 4b2e2d3fd9dccff357e1e26ce9a5f2e103837a36
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Thu Jun 1 04:51:58 2017 +0000
-
-    upstream commit
-    
-    fix casts re constness
-    
-    Upstream-ID: e38f2bac162b37dbaf784d349c8327a6626fa266
-
-commit 75b8af8de805c0694b37fcf80ce82783b2acc86f
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Wed May 31 10:54:00 2017 +0000
-
-    upstream commit
-    
-    make sure we don't pass a NULL string to vfprintf
-    (triggered by the principals-command regress test); ok bluhm
-    
-    Upstream-ID: eb49854f274ab37a0b57056a6af379a0b7111990
-
-commit 84008608c9ee944d9f72f5100f31ccff743b10f2
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Wed May 31 10:04:29 2017 +0000
-
-    upstream commit
-    
-    use SO_ZEROIZE for privsep communication (if available)
-    
-    Upstream-ID: abcbb6d2f8039fc4367a6a78096e5d5c39de4a62
-
-commit 9e509d4ec97cb3d71696f1a2f1fdad254cbbce11
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date:   Wed May 31 09:15:42 2017 +0000
-
-    upstream commit
-    
-    Switch to recallocarray() for a few operations.  Both
-    growth and shrinkage are handled safely, and there also is no need for
-    preallocation dances. Future changes in this area will be less error prone.
-    Review and one bug found by markus
-    
-    Upstream-ID: 822d664d6a5a1d10eccb23acdd53578a679d5065
-
-commit dc5dc45662773c0f7745c29cf77ae2d52723e55e
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date:   Wed May 31 08:58:52 2017 +0000
-
-    upstream commit
-    
-    These shutdown() SHUT_RDWR are not needed before close()
-    ok djm markus claudio
-    
-    Upstream-ID: 36f13ae4ba10f5618cb9347933101eb4a98dbcb5
-
-commit 1e0cdf8efb745d0d1116e1aa22bdc99ee731695e
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Wed May 31 08:09:45 2017 +0000
-
-    upstream commit
-    
-    clear session keys from memory; ok djm@
-    
-    Upstream-ID: ecd178819868975affd5fd6637458b7c712b6a0f
-
-commit 92e9fe633130376a95dd533df6e5e6a578c1e6b8
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Wed May 31 07:00:13 2017 +0000
-
-    upstream commit
-    
-    remove now obsolete ctx from ssh_dispatch_run; ok djm@
-    
-    Upstream-ID: 9870aabf7f4d71660c31fda91b942b19a8e68d29
-
-commit 17ad5b346043c5bbc5befa864d0dbeb76be39390
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Wed May 31 05:34:14 2017 +0000
-
-    upstream commit
-    
-    use the ssh_dispatch_run_fatal variant
-    
-    Upstream-ID: 28c5b364e37c755d1b22652b8cd6735a05c625d8
-
-commit 39896b777320a6574dd06707aebac5fb98e666da
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed May 31 05:08:46 2017 +0000
-
-    upstream commit
-    
-    another ctx => ssh conversion (in GSSAPI code)
-    
-    Upstream-ID: 4d6574c3948075c60608d8e045af42fe5b5d8ae0
-
-commit 6116bd4ed354a71a733c8fd0f0467ce612f12911
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed May 31 14:56:07 2017 +1000
-
-    fix conversion of kexc25519s.c to struct ssh too
-    
-    git cvsimport missed this commit for some reason
-
-commit d40dbdc85b6fb2fd78485ba02225511b8cbf20d7
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed May 31 04:29:44 2017 +0000
-
-    upstream commit
-    
-    spell out that custom options/extensions should follow the
-    usual SSH naming rules, e.g. "extension@example.com"
-    
-    Upstream-ID: ab326666d2fad40769ec96b5a6de4015ffd97b8d
-
-commit 2a108277f976e8d0955c8b29d1dfde04dcbb3d5b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed May 31 04:17:12 2017 +0000
-
-    upstream commit
-    
-    one more void *ctx => struct ssh *ssh conversion
-    
-    Upstream-ID: d299d043471c10214cf52c03daa10f1c232759e2
-
-commit c04e979503e97f52b750d3b98caa6fe004ab2ab9
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed May 31 00:43:04 2017 +0000
-
-    upstream commit
-    
-    fix possible OOB strlen() in SOCKS4A hostname parsing;
-    ok markus@
-    
-    Upstream-ID: c67297cbeb0e5a19d81752aa18ec44d31270cd11
-
-commit a3bb250c93bfe556838c46ed965066afce61cffa
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Tue May 30 19:38:17 2017 +0000
-
-    upstream commit
-    
-    tweak previous;
-    
-    Upstream-ID: 66987651046c42d142f7318c9695fb81a6d14031
-
-commit 1112b534a6a7a07190e497e6bf86b0d5c5fb02dc
-Author: bluhm@openbsd.org <bluhm@openbsd.org>
-Date:   Tue May 30 18:58:37 2017 +0000
-
-    upstream commit
-    
-    Add RemoteCommand option to specify a command in the
-    ssh config file instead of giving it on the client's command line.  This
-    command will be executed on the remote host.  The feature allows to automate
-    tasks using ssh config. OK markus@
-    
-    Upstream-ID: 5d982fc17adea373a9c68cae1021ce0a0904a5ee
-
-commit eb272ea4099fd6157846f15c129ac5727933aa69
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:29:59 2017 +0000
-
-    upstream commit
-    
-    switch auth2 to ssh_dispatch API; ok djm@
-    
-    Upstream-ID: a752ca19e2782900dd83060b5c6344008106215f
-
-commit 5a146bbd4fdf5c571f9fb438e5210d28cead76d9
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:27:22 2017 +0000
-
-    upstream commit
-    
-    switch auth2-none.c to modern APIs; ok djm@
-    
-    Upstream-ID: 07252b58e064d332214bcabbeae8e08c44b2001b
-
-commit 60306b2d2f029f91927c6aa7c8e08068519a0fa2
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:26:49 2017 +0000
-
-    upstream commit
-    
-    switch auth2-passwd.c to modern APIs; ok djm@
-    
-    Upstream-ID: cba0a8b72b4f97adfb7e3b3fd2f8ba3159981fc7
-
-commit eb76698b91338bd798c978d4db2d6af624d185e4
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:25:42 2017 +0000
-
-    upstream commit
-    
-    switch auth2-hostbased.c to modern APIs; ok djm@
-    
-    Upstream-ID: 146af25c36daeeb83d5dbbb8ca52b5d25de88f4e
-
-commit 2ae666a8fc20b3b871b2f1b90ad65cc027336ccd
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:23:52 2017 +0000
-
-    upstream commit
-    
-    protocol handlers all get struct ssh passed; ok djm@
-    
-    Upstream-ID: 0ca9ea2a5d01a6d2ded94c5024456a930c5bfb5d
-
-commit 94583beb24a6c5fd19cedb9104ab2d2d5cd052b6
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:19:15 2017 +0000
-
-    upstream commit
-    
-    ssh: pass struct ssh to auth functions, too; ok djm@
-    
-    Upstream-ID: d13c509cc782f8f19728fbea47ac7cf36f6e85dd
-
-commit 5f4082d886c6173b9e90b9768c9a38a3bfd92c2b
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:18:15 2017 +0000
-
-    upstream commit
-    
-    sshd: pass struct ssh to auth functions; ok djm@
-    
-    Upstream-ID: b00a80c3460884ebcdd14ef550154c761aebe488
-
-commit 7da5df11ac788bc1133d8d598d298e33500524cc
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:16:41 2017 +0000
-
-    upstream commit
-    
-    remove unused wrapper functions from key.[ch]; ok djm@
-    
-    Upstream-ID: ea0f4016666a6817fc11f439dd4be06bab69707e
-
-commit ff7371afd08ac0bbd957d90451d4dcd0da087ef5
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:15:17 2017 +0000
-
-    upstream commit
-    
-    sshkey_new() might return NULL (pkcs#11 code only); ok
-    djm@
-    
-    Upstream-ID: de9f2ad4a42c0b430caaa7d08dea7bac943075dd
-
-commit beb965bbc5a984fa69fb1e2b45ebe766ae09d1ef
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:13:40 2017 +0000
-
-    upstream commit
-    
-    switch sshconnect.c to modern APIs; ok djm@
-    
-    Upstream-ID: 27be17f84b950d5e139b7a9b281aa487187945ad
-
-commit 00ed75c92d1f95fe50032835106c368fa22f0f02
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 14:10:53 2017 +0000
-
-    upstream commit
-    
-    switch auth2-pubkey.c to modern APIs; with & ok djm@
-    
-    Upstream-ID: 8f08d4316eb1b0c4ffe4a206c05cdd45ed1daf07
-
-commit 54d90ace1d3535b44d92a8611952dc109a74a031
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 08:52:19 2017 +0000
-
-    upstream commit
-    
-    switch from Key typedef with struct sshkey; ok djm@
-    
-    Upstream-ID: 3067d33e04efbe5131ce8f70668c47a58e5b7a1f
-
-commit c221219b1fbee47028dcaf66613f4f8d6b7640e9
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 08:49:58 2017 +0000
-
-    upstream commit
-    
-    remove ssh1 references; ok djm@
-    
-    Upstream-ID: fc23b7578e7b0a8daaec72946d7f5e58ffff5a3d
-
-commit afbfa68fa18081ef05a9cd294958509a5d3cda8b
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Tue May 30 08:49:32 2017 +0000
-
-    upstream commit
-    
-    revise sshkey_load_public(): remove ssh1 related
-    comments, remove extra open()/close() on keyfile, prevent leak of 'pub' if
-    'keyp' is NULL, replace strlcpy+cat with asprintf; ok djm@
-    
-    Upstream-ID: 6175e47cab5b4794dcd99c1175549a483ec673ca
-
-commit 813f55336a24fdfc45e7ed655fccc7d792e8f859
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Fri May 26 20:34:49 2017 +0000
-
-    upstream commit
-    
-    sshbuf_consume: reset empty buffer; ok djm@
-    
-    Upstream-ID: 0d4583ba57f69e369d38bbd7843d85cac37fa821
-
-commit 6cf711752cc2a7ffaad1fb4de18cae65715ed8bb
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Fri May 26 19:35:50 2017 +0000
-
-    upstream commit
-    
-    remove SSH_CHANNEL_XXX_DRAINING (ssh1 only); ok djm@
-    
-    Upstream-ID: e2e225b6ac67b84dd024f38819afff2554fafe42
-
-commit 364f0d5edea27767fb0f915ea7fc61aded88d3e8
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Fri May 26 19:34:12 2017 +0000
-
-    upstream commit
-    
-    remove channel_input_close_confirmation (ssh1 only); ok
-    djm@
-    
-    Upstream-ID: 8e7c8c38f322d255bb0294a5c0ebef53fdf576f1
-
-commit 8ba0fd40082751dbbc23a830433488bbfb1abdca
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri May 26 01:40:07 2017 +0000
-
-    upstream commit
-    
-    fix references to obsolete v00 cert format; spotted by
-    Jakub Jelen
-    
-    Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f
-
-commit dcc714c65cfb81eb6903095b4590719e8690f3da
-Author: Mike Frysinger <vapier@chromium.org>
-Date:   Wed May 24 23:21:19 2017 -0400
-
-    configure: actually set cache vars when cross-compiling
-    
-    The cross-compiling fallback message says it's assuming the test
-    passed, but it didn't actually set the cache var which causes
-    later tests to fail.
-
-commit 947a3e829a5b8832a4768fd764283709a4ca7955
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat May 20 02:35:47 2017 +0000
-
-    upstream commit
-    
-    there's no reason to artificially limit the key path
-    here, just check that it fits PATH_MAX; spotted by Matthew Patton
-    
-    Upstream-ID: 858addaf2009c9cf04d80164a41b2088edb30b58
-
-commit 773224802d7cb250bb8b461546fcce10567b4b2e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri May 19 21:07:17 2017 +0000
-
-    upstream commit
-    
-    Now that we no longer support SSHv1, replace the contents
-    of this file with a pointer to
-    https://tools.ietf.org/html/draft-miller-ssh-agent-00 It's better edited,
-    doesn't need to document stuff we no longer implement and does document stuff
-    that we do implement (RSA SHA256/512 signature flags)
-    
-    Upstream-ID: da8cdc46bbcc266efabd565ddddd0d8e556f846e
-
-commit 54cd41a4663fad66406dd3c8fe0e4760ccd8a899
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed May 17 01:24:17 2017 +0000
-
-    upstream commit
-    
-    allow LogLevel in sshd_config Match blocks; ok dtucker
-    bz#2717
-    
-    Upstream-ID: 662e303be63148f47db1aa78ab81c5c2e732baa8
-
-commit 277abcda3f1b08d2376686f0ef20320160d4c8ab
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue May 16 16:56:15 2017 +0000
-
-    upstream commit
-    
-    remove duplicate check; spotted by Jakub Jelen
-    
-    Upstream-ID: 30c2996c1767616a8fdc49d4cee088efac69c3b0
-
-commit adb47ce839c977fa197e770c1be8f852508d65aa
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue May 16 16:54:05 2017 +0000
-
-    upstream commit
-    
-    mention that Ed25519 keys are valid as CA keys; spotted
-    by Jakub Jelen
-    
-    Upstream-ID: d3f6db58b30418cb1c3058211b893a1ffed3dfd4
-
-commit 6bdf70f01e700348bb4d8c064c31a0ab90896df6
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue May 9 14:35:03 2017 +1000
-
-    clean up regress files and add a .gitignore
-
-commit 7bdb2eeb1d3c26acdc409bd94532eefa252e440b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 8 22:57:38 2017 +0000
-
-    upstream commit
-    
-    remove hmac-ripemd160; ok dtucker
-    
-    Upstream-ID: 896e737ea0bad6e23327d1c127e02d5e9e9c654d
-
-commit 5f02bb1f99f70bb422be8a5c2b77ef853f1db554
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 8 06:11:06 2017 +0000
-
-    upstream commit
-    
-    make requesting bad ECDSA bits yield the same error
-    (SSH_ERR_KEY_LENGTH) as the same mistake for RSA/DSA
-    
-    Upstream-ID: bf40d3fee567c271e33f05ef8e4e0fa0b6f0ece6
-
-commit d757a4b633e8874629a1442c7c2e7b1b55d28c19
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 8 06:08:42 2017 +0000
-
-    upstream commit
-    
-    fix for new SSH_ERR_KEY_LENGTH error value
-    
-    Upstream-Regress-ID: c38a6e6174d4c3feca3518df150d4fbae0dca8dc
-
-commit 2e58a69508ac49c02d1bb6057300fa6a76db1045
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 8 06:03:39 2017 +0000
-
-    upstream commit
-    
-    helps if I commit the correct version of the file. fix
-    missing return statement.
-    
-    Upstream-ID: c86394a3beeb1ec6611e659bfa830254f325546c
-
-commit effaf526bfa57c0ac9056ca236becf52385ce8af
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 8 01:52:49 2017 +0000
-
-    upstream commit
-    
-    remove arcfour, blowfish and CAST here too
-    
-    Upstream-Regress-ID: c613b3bcbef75df1fe84ca4dc2d3ef253dc5e920
-
-commit 7461a5bc571696273252df28a1f1578968cae506
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 8 00:21:36 2017 +0000
-
-    upstream commit
-    
-    I was too aggressive with the scalpel in the last commit;
-    unbreak sshd, spotted quickly by naddy@
-    
-    Upstream-ID: fb7e75d2b2c7e6ca57dee00ca645e322dd49adbf
-
-commit bd636f40911094a39c2920bf87d2ec340533c152
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun May 7 23:15:59 2017 +0000
-
-    upstream commit
-    
-    Refuse RSA keys <1024 bits in length. Improve reporting
-    for keys that do not meet this requirement. ok markus@
-    
-    Upstream-ID: b385e2a7b13b1484792ee681daaf79e1e203df6c
-
-commit 70c1218fc45757a030285051eb4d209403f54785
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun May 7 23:13:42 2017 +0000
-
-    upstream commit
-    
-    Don't offer CBC ciphers by default in the client. ok
-    markus@
-    
-    Upstream-ID: 94c9ce8d0d1a085052e11c7f3307950fdc0901ef
-
-commit acaf34fd823235d549c633c0146ee03ac5956e82
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun May 7 23:12:57 2017 +0000
-
-    upstream commit
-    
-    As promised in last release announcement: remove
-    support for Blowfish, RC4 and CAST ciphers. ok markus@ deraadt@
-    
-    Upstream-ID: 21f8facdba3fd8da248df6417000867cec6ba222
-
-commit 3e371bd2124427403971db853fb2e36ce789b6fd
-Author: naddy@openbsd.org <naddy@openbsd.org>
-Date:   Fri May 5 10:42:49 2017 +0000
-
-    upstream commit
-    
-    more simplification and removal of SSHv1-related code;
-    ok djm@
-    
-    Upstream-ID: d2f041aa0b79c0ebd98c68a01e5a0bfab2cf3b55
-
-commit 2e9c324b3a7f15c092d118c2ac9490939f6228fd
-Author: naddy@openbsd.org <naddy@openbsd.org>
-Date:   Fri May 5 10:41:58 2017 +0000
-
-    upstream commit
-    
-    remove superfluous protocol 2 mentions; ok jmc@
-    
-    Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
-
-commit 744bde79c3361e2153cb395a2ecdcee6c713585d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Thu May 4 06:10:57 2017 +0000
-
-    upstream commit
-    
-    since a couple of people have asked, leave a comment
-    explaining why we retain SSH v.1 support in the "delete all keys from agent"
-    path.
-    
-    Upstream-ID: 4b42dcfa339813c15fe9248a2c1b7ed41c21bbb4
-
-commit 0c378ff6d98d80bc465a4a6a787670fb9cc701ee
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Thu May 4 01:33:21 2017 +0000
-
-    upstream commit
-    
-    another tentacle: cipher_set_key_string() was only ever
-    used for SSHv1
-    
-    Upstream-ID: 7fd31eb6c48946f7e7cc12af0699fe8eb637e94a
-
-commit 9a82e24b986e3e0dc70849dbb2c19aa6c707b37f
-Author: naddy@openbsd.org <naddy@openbsd.org>
-Date:   Wed May 3 21:49:18 2017 +0000
-
-    upstream commit
-    
-    restore mistakenly deleted description of the
-    ConnectionAttempts option ok markus@
-    
-    Upstream-ID: 943002b1b7c470caea3253ba7b7348c359de0348
-
-commit 768405fddf64ff83aa6ef701ebb3c1f82d98a2f3
-Author: naddy@openbsd.org <naddy@openbsd.org>
-Date:   Wed May 3 21:08:09 2017 +0000
-
-    upstream commit
-    
-    remove miscellaneous SSH1 leftovers; ok markus@
-    
-    Upstream-ID: af23696022ae4d45a1abc2fb8b490d8d9dd63b7c
-
-commit 1a1b24f8229bf7a21f89df21987433283265527a
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Wed May 3 10:01:44 2017 +0000
-
-    upstream commit
-    
-    more protocol 1 bits removed; ok djm
-    
-    Upstream-ID: b5b977eaf756915acb56aef3604a650e27f7c2b9
-
-commit 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Wed May 3 06:32:02 2017 +0000
-
-    upstream commit
-    
-    more protocol 1 stuff to go; ok djm
-    
-    Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
-
-commit f10c0d32cde2084d2a0b19bc47d80cb93e85a093
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Tue May 2 17:04:09 2017 +0000
-
-    upstream commit
-    
-    rsa1 is no longer valid;
-    
-    Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89
-
-commit 42b690b4fd0faef78c4d68225948b6e5c46c5163
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Tue May 2 14:06:37 2017 +0000
-
-    upstream commit
-    
-    add PubKeyAcceptedKeyTypes to the -o list: scp(1) has
-    it, so i guess this should too;
-    
-    Upstream-ID: 7fab32e869ca5831d09ab0c40d210b461d527a2c
-
-commit d852603214defd93e054de2877b20cc79c19d0c6
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Tue May 2 13:44:51 2017 +0000
-
-    upstream commit
-    
-    remove now obsolete protocol1 options from the -o
-    lists;
-    
-    Upstream-ID: 828e478a440bc5f9947672c392420510a362b3dd
-
-commit 8b60ce8d8111e604c711c4cdd9579ffe0edced74
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Tue May 2 09:05:58 2017 +0000
-
-    upstream commit
-    
-    more -O shuffle; ok djm
-    
-    Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb
-
-commit 3575f0b12afe6b561681582fd3c34067d1196231
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue May 2 08:54:19 2017 +0000
-
-    upstream commit
-    
-    remove -1 / -2 options; pointed out by jmc@
-    
-    Upstream-ID: 65d2a816000741a95df1c7cfdb5fa8469fcc7daa
-
-commit 4f1ca823bad12e4f9614895eefe0d0073b84a28f
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Tue May 2 08:06:33 2017 +0000
-
-    upstream commit
-    
-    remove options -12 from usage();
-    
-    Upstream-ID: db7ceef25132e63b50ed05289bf447fece1d1270
-
-commit 6b84897f7fd39956b849eac7810319d8a9958568
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Tue May 2 07:13:31 2017 +0000
-
-    upstream commit
-    
-    tidy up -O somewhat; ok djm
-    
-    Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52
-
-commit d1c6b7fdbdfe4a7a37ecd48a97f0796b061c2868
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 1 22:09:48 2017 +0000
-
-    upstream commit
-    
-    when freeing a bitmap, zero all it bytes; spotted by Ilya
-    Kaliman
-    
-    Upstream-ID: 834ac024f2c82389d6ea6b1c7d6701b3836e28e4
-
-commit 0f163983016c2988a92e039d18a7569f9ea8e071
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 1 14:08:26 2017 +0000
-
-    upstream commit
-    
-    this one I did forget to "cvs rm"
-    
-    Upstream-ID: 5781670c0578fe89663c9085ed3ba477cf7e7913
-
-commit 21ed00a8e26fe8a772bcca782175fafc2b0890ed
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 1 09:27:45 2017 +0000
-
-    upstream commit
-    
-    don't know why cvs didn't exterminate these the first
-    time around, I use rm -f and everuthing...
-    
-    pointed out by sobrado@
-    
-    Upstream-ID: a6c44a0c2885330d322ee01fcfd7f6f209b1e15d
-
-commit d29ba6f45086703fdcb894532848ada3427dfde6
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Mon May 1 13:53:07 2017 +1000
-
-    Define INT32_MAX and INT64_MAX if needed.
-
-commit 329037e389f02ec95c8e16bf93ffede94d3d44ce
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Mon May 1 13:19:41 2017 +1000
-
-    Wrap stdint.h in HAVE_STDINT_H
-
-commit f382362e8dfb6b277f16779ab1936399d7f2af78
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 1 02:27:11 2017 +0000
-
-    upstream commit
-    
-    remove unused variable
-    
-    Upstream-ID: 66011f00819d0e71b14700449a98414033284516
-
-commit dd369320d2435b630a5974ab270d686dcd92d024
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:34:55 2017 +0000
-
-    upstream commit
-    
-    eliminate explicit specification of protocol in tests and
-    loops over protocol. We only support SSHv2 now.
-    
-    Upstream-Regress-ID: 0082838a9b8a382b7ee9cbf0c1b9db727784fadd
-
-commit 557f921aad004be15805e09fd9572969eb3d9321
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:33:48 2017 +0000
-
-    upstream commit
-    
-    remove SSHv1 support from unit tests
-    
-    Upstream-Regress-ID: 395ca2aa48f1f7d23eefff6cb849ea733ca8bbfe
-
-commit e77e1562716fb3da413e4c2397811017b762f5e3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon May 1 00:03:18 2017 +0000
-
-    upstream commit
-    
-    fixup setting ciphercontext->plaintext (lost in SSHv1 purge),
-    though it isn't really used for much anymore.
-    
-    Upstream-ID: 859b8bce84ff4865b32097db5430349d04b9b747
-
-commit f7849e6c83a4e0f602dea6c834a24091c622d68e
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon May 1 09:55:56 2017 +1000
-
-    remove configure --with-ssh1
-
-commit f4a6a88ddb6dba6d2f7bfb9e2c9879fcc9633043
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:29:10 2017 +0000
-
-    upstream commit
-    
-    flense SSHv1 support from ssh-agent, considerably
-    simplifying it
-    
-    ok markus
-    
-    Upstream-ID: 71d772cdcefcb29f76e01252e8361e6fc2dfc365
-
-commit 930e8d2827853bc2e196c20c3e000263cc87fb75
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:28:41 2017 +0000
-
-    upstream commit
-    
-    obliterate ssh1.h and some dead code that used it
-    
-    ok markus@
-    
-    Upstream-ID: 1ca9159a9fb95618f9d51e069ac8e1131a087343
-
-commit a3710d5d529a34b8f56aa62db798c70e85d576a0
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:28:12 2017 +0000
-
-    upstream commit
-    
-    exterminate the -1 flag from scp
-    
-    ok markus@
-    
-    Upstream-ID: 26d247f7065da15056b209cef5f594ff591b89db
-
-commit aebd0abfaa8a41e75d50f9f7934267b0a2d9acb4
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:26:54 2017 +0000
-
-    upstream commit
-    
-    purge the last traces of SSHv1 from the TTY modes
-    handling code
-    
-    ok markus
-    
-    Upstream-ID: 963a19f1e06577377c38a3b7ce468f121b966195
-
-commit dfa641f758d4b8b2608ab1b00abaf88df0a8e36a
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:26:16 2017 +0000
-
-    upstream commit
-    
-    remove the (in)famous SSHv1 CRC compensation attack
-    detector.
-    
-    Despite your cameo in The Matrix movies, you will not be missed.
-    
-    ok markus
-    
-    Upstream-ID: 44261fce51a56d93cdb2af7b6e184be629f667e0
-
-commit e5d3bd36ef67d82092861f39b5bf422cb12b31a6
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:25:03 2017 +0000
-
-    upstream commit
-    
-    undo some local debugging stuff that I committed by
-    accident
-    
-    Upstream-ID: fe5b31f69a60d47171836911f144acff77810217
-
-commit 3d6d09f2e90f4ad650ebda6520bf2da446f37f14
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:23:54 2017 +0000
-
-    upstream commit
-    
-    remove SSHv1 support from packet and buffer APIs
-    
-    ok markus@
-    
-    Upstream-ID: bfc290053d40b806ecac46317d300677d80e1dc9
-
-commit 05164358577c82de18ed7373196bc7dbd8a3f79c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:21:54 2017 +0000
-
-    upstream commit
-    
-    remove SSHv1-related buffers from client code
-    
-    Upstream-ID: dca5d01108f891861ceaf7ba1c0f2eb274e0c7dd
-
-commit 873d3e7d9a4707d0934fb4c4299354418f91b541
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:18:44 2017 +0000
-
-    upstream commit
-    
-    remove KEY_RSA1
-    
-    ok markus@
-    
-    Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
-
-commit 788ac799a6efa40517f2ac0d895a610394298ffc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:18:22 2017 +0000
-
-    upstream commit
-    
-    remove SSHv1 configuration options and man pages bits
-    
-    ok markus@
-    
-    Upstream-ID: 84638c23546c056727b7a7d653c72574e0f19424
-
-commit e6882463a8ae0594aacb6d6575a6318a41973d84
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:17:37 2017 +0000
-
-    upstream commit
-    
-    remove SSH1 make flag and associated files ok markus@
-    
-    Upstream-ID: ba9feacc5787337c413db7cf26ea3d53f854cfef
-
-commit cdccebdf85204bf7542b7fcc1aa2ea3f36661833
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:15:04 2017 +0000
-
-    upstream commit
-    
-    remove SSHv1 ciphers; ok markus@
-    
-    Upstream-ID: e5ebc5e540d7f23a8c1266db1839794d4d177890
-
-commit 97f4d3083b036ce3e68d6346a6140a22123d5864
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:13:25 2017 +0000
-
-    upstream commit
-    
-    remove compat20/compat13/compat15 variables
-    
-    ok markus@
-    
-    Upstream-ID: 43802c035ceb3fef6c50c400e4ecabf12354691c
-
-commit 99f95ba82673d33215dce17bfa1512b57f54ec09
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:11:45 2017 +0000
-
-    upstream commit
-    
-    remove options.protocol and client Protocol
-    configuration knob
-    
-    ok markus@
-    
-    Upstream-ID: 5a967f5d06e2d004b0235457b6de3a9a314e9366
-
-commit 56912dea6ef63dae4eb1194e5d88973a7c6c5740
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Apr 30 23:10:43 2017 +0000
-
-    upstream commit
-    
-    unifdef WITH_SSH1 ok markus@
-    
-    Upstream-ID: 9716e62a883ef8826c57f4d33b4a81a9cc7755c7
-
-commit d4084cd230f7319056559b00db8b99296dad49d5
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Sat Apr 29 06:06:01 2017 +0000
-
-    upstream commit
-    
-    tweak previous;
-    
-    Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
-
-commit 249516e428e8461b46340a5df5d5ed1fbad2ccce
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Apr 29 04:12:25 2017 +0000
-
-    upstream commit
-    
-    allow ssh-keygen to include arbitrary string or flag
-    certificate extensions and critical options. ok markus@ dtucker@
-    
-    Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
-
-commit 47a287bb6ac936c26b4f3ae63279c02902ded3b9
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Fri Apr 28 06:15:03 2017 +0000
-
-    upstream commit
-    
-    sort;
-    
-    Upstream-ID: 7e6b56e52b039cf44d0418e9de9aca20a2d2d15a
-
-commit 36465a76a79ad5040800711b41cf5f32249d5120
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Apr 28 14:44:28 2017 +1000
-
-    Typo.
-    
-    Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
-
-commit 9d18cb7bdeb00b20205fd13d412aae8c0e0457ed
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Apr 28 14:41:17 2017 +1000
-
-    Add 2 regress commits I applied by hand.
-    
-    Upstream-Regress-ID: 30c20180c87cbc99fa1020489fe7fd8245b6420c
-    Upstream-Regress-ID: 1e6b51ddf767cbad0a4e63eb08026c127e654308
-
-commit 9504ea6b27f9f0ece64e88582ebb9235e664a100
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Apr 28 14:33:43 2017 +1000
-
-    Merge integrity.sh rev 1.22.
-    
-    Merge missing bits from Colin Watson's patch in bz#2658 which make integrity
-    tests more robust against timeouts.  ok djm@
-
-commit 06ec837a34542627e2183a412d6a9d2236f22140
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Apr 28 14:30:03 2017 +1000
-
-    Id sync for integrity.sh rev 1.21 which pulls in some shell portability fixes
-
-commit e0194b471efe7d3daedc9cc66686cb1ab69d3be8
-Author: jsg@openbsd.org <jsg@openbsd.org>
-Date:   Mon Apr 17 11:02:31 2017 +0000
-
-    upstream commit
-    
-    Change COMPILER_VERSION tests which limited additional
-    warnings to gcc4 to instead skip them on gcc3 as clang can handle
-    -Wpointer-sign and -Wold-style-definition.
-    
-    Upstream-Regress-ID: e48d7dc13e48d9334b8195ef884dfbc51316012f
-
-commit 6830be90e71f46bcd182a9202b151eaf2b299434
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Apr 28 03:24:53 2017 +0000
-
-    upstream commit
-    
-    include key fingerprint in "Offering public key" debug
-    message
-    
-    Upstream-ID: 964749f820c2ed4cf6a866268b1a05e907315c52
-
-commit 066437187e16dcafcbc19f9402ef0e6575899b1d
-Author: millert@openbsd.org <millert@openbsd.org>
-Date:   Fri Apr 28 03:21:12 2017 +0000
-
-    upstream commit
-    
-    Avoid relying on implementation-specific behavior when
-    detecting whether the timestamp or file size overflowed.  If time_t and off_t
-    are not either 32-bit or 64-bit scp will exit with an error. OK djm@
-    
-    Upstream-ID: f31caae73ddab6df496b7bbbf7da431e267ad135
-
-commit 68d3a2a059183ebd83b15e54984ffaced04d2742
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Apr 28 03:20:27 2017 +0000
-
-    upstream commit
-    
-    Add SyslogFacility option to ssh(1) matching the
-    equivalent option in sshd(8).  bz#2705, patch from erahn at arista.com, ok
-    djm@
-    
-    Upstream-ID: d5115c2c0193ceb056ed857813b2a7222abda9ed
-
-commit e13aad66e73a14b062d13aee4e98f1e21a3f6a14
-Author: jsg@openbsd.org <jsg@openbsd.org>
-Date:   Thu Apr 27 13:40:05 2017 +0000
-
-    upstream commit
-    
-    remove a static array unused since rev 1.306 spotted by
-    clang ok djm@
-    
-    Upstream-ID: 249b3eed2446f6074ba2219ccc46919dd235a7b8
-
-commit 91bd2181866659f00714903e78e1c3edd4c45f3d
-Author: millert@openbsd.org <millert@openbsd.org>
-Date:   Thu Apr 27 11:53:12 2017 +0000
-
-    upstream commit
-    
-    Avoid potential signed int overflow when parsing the file
-    size. Use strtoul() instead of parsing manually.  OK djm@
-    
-    Upstream-ID: 1f82640861c7d905bbb05e7d935d46b0419ced02
-
-commit 17a54a03f5a1d35e33cc24e22cd7a9d0f6865dc4
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Tue Apr 25 08:32:27 2017 +1000
-
-    Fix typo in "socketcall".
-    
-    Pointed out by jjelen at redhat.com.
-
-commit 8b0eee148f7cf8b248c30d1bae57300f2cc5aafd
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Mon Apr 24 19:40:31 2017 +1000
-
-    Deny socketcall in seccomp filter on ppc64le.
-    
-    OpenSSL is using socket() calls (in FIPS mode) when handling ECDSA keys
-    in privsep child. The socket() syscall is already denied in the seccomp
-    filter, but in ppc64le kernel, it is implemented using socketcall()
-    syscall, which is not denied yet (only SYS_SHUTDOWN is allowed) and
-    therefore fails hard.
-    
-    Patch from jjelen at redhat.com.
-
-commit f8500b2be599053daa05248a86a743232ec6a536
-Author: schwarze@openbsd.org <schwarze@openbsd.org>
-Date:   Mon Apr 17 14:31:23 2017 +0000
-
-    upstream commit
-    
-    Recognize nl_langinfo(CODESET) return values "646" and ""
-    as aliases for "US-ASCII", useful for different versions of NetBSD and
-    Solaris. Found by dtucker@ and by Tom G. Christensen <tgc at jupiterrise dot
-    com>. OK dtucker@ deraadt@
-    
-    Upstream-ID: 38c2133817cbcae75c88c63599ac54228f0fa384
-
-commit 7480dfedf8c5c93baaabef444b3def9331e86ad5
-Author: jsg@openbsd.org <jsg@openbsd.org>
-Date:   Mon Apr 17 11:02:31 2017 +0000
-
-    upstream commit
-    
-    Change COMPILER_VERSION tests which limited additional
-    warnings to gcc4 to instead skip them on gcc3 as clang can handle
-    -Wpointer-sign and -Wold-style-definition.
-    
-    Upstream-ID: 5cbe348aa76dc1adf55be6c0e388fafaa945439a
-
-commit 4d827f0d75a53d3952288ab882efbddea7ffadfe
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Apr 4 00:24:56 2017 +0000
-
-    upstream commit
-    
-    disallow creation (of empty files) in read-only mode;
-    reported by Michal Zalewski, feedback & ok deraadt@
-    
-    Upstream-ID: 5d9c8f2fa8511d4ecf95322994ffe73e9283899b
-
-commit ef47843af0a904a21c920e619c5aec97b65dd9ac
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date:   Sun Mar 26 00:18:52 2017 +0000
-
-    upstream commit
-    
-    incorrect renditions of this quote bother me
-    
-    Upstream-ID: 1662be3ebb7a71d543da088119c31d4d463a9e49
-
-commit d9048861bea842c4eba9c2dbbf97064cc2a5ef02
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Mar 31 11:04:43 2017 +1100
-
-    Check for and use gcc's -pipe.
-    
-    Speeds up configure and build by a couple of percent.  ok djm@
-
-commit 282cad2240c4fbc104c2f2df86d688192cbbe4bb
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Mar 29 16:34:44 2017 +1100
-
-    Import fmt_scaled.c rev 1.16 from OpenBSD.
-    
-    Fix overly-conservative overflow checks on mulitplications and add checks
-    on additions.  This allows scan_scaled to work up to +/-LLONG_MAX (LLONG_MIN
-    will still be flagged as a range error).  ok millert@
-
-commit c73a229e4edf98920f395e19fd310684fc6bb951
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Mar 29 16:34:02 2017 +1100
-
-    Import fmt_scaled.c rev 1.15 from OpenBSD.
-    
-    Collapse underflow and overflow checks into a single block.
-    ok djm@ millert@
-
-commit d427b73bf5a564f663d16546dbcbd84ba8b9d4af
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Mar 29 16:32:57 2017 +1100
-
-    Import fmt_scaled.c rev 1.14 from OpenBSD.
-    
-    Catch integer underflow in scan_scaled reported by Nicolas Iooss.
-    ok deraadt@ djm@
-
-commit d13281f2964abc5f2e535e1613c77fc61b0c53e7
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Mar 29 12:39:39 2017 +1100
-
-    Don't check privsep user or path when unprivileged
-    
-    If running with privsep (mandatory now) as a non-privileged user, we
-    don't chroot or change to an unprivileged user however we still checked
-    the existence of the user and directory.  Don't do those checks if we're
-    not going to use them.  Based in part on a patch from Lionel Fourquaux
-    via Corinna Vinschen, ok djm@
-
-commit f2742a481fe151e493765a3fbdef200df2ea7037
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Mar 29 10:50:31 2017 +1100
-
-    Remove SHA256 EVP wrapper implementation.
-    
-    All supported versions of OpenSSL should now have SHA256 so remove our
-    EVP wrapper implementaion.  ok djm@
-
-commit 5346f271fc76549caf4a8e65b5fba319be422fe9
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Mar 29 10:23:58 2017 +1100
-
-    Remove check for OpenSSL < 0.9.8g.
-    
-    We no longer support OpenSSL < 1.0.1 so remove check for unreliable ECC
-    in OpenSSL < 0.9.8g.
-
-commit 8fed0a5fe7b4e78a6810b133d8e91be9742ee0a1
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Mar 29 10:16:15 2017 +1100
-
-    Remove compat code for OpenSSL < 0.9.7.
-    
-    Resyncs that code with OpenBSD upstream.
-
-commit 608ec1f62ff22fdccc3952e51463d79c43cbd0d3
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Mar 29 09:50:54 2017 +1100
-
-    Remove SSHv1 code path.
-    
-    Server-side support for Protocol 1 has been removed so remove !compat20
-    PAM code path.
-
-commit 7af27bf538cbc493d609753f9a6d43168d438f1b
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Mar 24 09:44:56 2017 +1100
-
-    Enable ldns when using ldns-config.
-    
-    Actually enable ldns when attempting to use ldns-config.  bz#2697, patch
-    from fredrik at fornwall.net.
-
-commit 58b8cfa2a062b72139d7229ae8de567f55776f24
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Mar 22 12:43:02 2017 +1100
-
-    Missing header on Linux/s390
-    
-    Patch from Jakub Jelen
-
-commit 096fb65084593f9f3c1fc91b6d9052759a272a00
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Mar 20 22:08:06 2017 +0000
-
-    upstream commit
-    
-    remove /usr/bin/time calls around tests, makes diffing test
-    runs harder. Based on patch from Mike Frysinger
-    
-    Upstream-Regress-ID: 81c1083b14dcf473b23d2817882f40b346ebc95c
-
-commit 6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Mar 21 08:47:55 2017 +1100
-
-    Fix syntax error on Linux/X32
-    
-    Patch from Mike Frysinger
-
-commit d38f05dbdd291212bc95ea80648b72b7177e9f4e
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Mon Mar 20 13:38:27 2017 +1100
-
-    Add llabs() implementation.
-
-commit 72536316a219b7394996a74691a5d4ec197480f7
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Mar 20 12:23:04 2017 +1100
-
-    crank version numbers
-
-commit 3be52bc36bdfd24ded7e0f46999e7db520fb4e3f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Mar 20 01:18:59 2017 +0000
-
-    upstream commit
-    
-    openssh-7.5
-    
-    Upstream-ID: b8b9a4a949427c393cd868215e1724ceb3467ee5
-
-commit db84e52fe9cfad57f22e7e23c5fbf00092385129
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Mar 20 12:07:20 2017 +1100
-
-    I'm a doofus.
-    
-    Unbreak obvious syntax error.
-
-commit 89f04852db27643717c9c3a2b0dde97ae50099ee
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Mar 20 11:53:34 2017 +1100
-
-    on Cygwin, check paths from server for backslashes
-    
-    Pointed out by Jann Horn of Google Project Zero
-
-commit 7ef1f9bafc2cc8d97ff2fbd4f280002b6e8ea5d9
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Mar 20 11:48:34 2017 +1100
-
-    Yet another synonym for ASCII: "646"
-    
-    Used by NetBSD; this unbreaks mprintf() and friends there for the C
-    locale (caught by dtucker@ and his menagerie of test systems).
-
-commit 9165abfea3f68a0c684a6ed2e575e59bc31a3a6b
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Mar 20 09:58:34 2017 +1100
-
-    create test mux socket in /tmp
-    
-    Creating the socket in $OBJ could blow past the (quite limited)
-    path limit for Unix domain sockets. As a bandaid for bz#2660,
-    reported by Colin Watson; ok dtucker@
-
-commit 2adbe1e63bc313d03e8e84e652cc623af8ebb163
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Wed Mar 15 07:07:39 2017 +0000
-
-    upstream commit
-    
-    disallow KEXINIT before NEWKEYS; ok djm; report by
-    vegard.nossum at oracle.com
-    
-    Upstream-ID: 3668852d1f145050e62f1da08917de34cb0c5234
-
-commit 2fbf91684d76d38b9cf06550b69c9e41bca5a71c
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Mar 16 14:05:46 2017 +1100
-
-    Include includes.h for compat bits.
-
-commit b55f634e96b9c5b0cd991e23a9ca181bec4bdbad
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Mar 16 13:45:17 2017 +1100
-
-    Wrap stdint.h in #ifdef HAVE_STDINT_H
-
-commit 55a1117d7342a0bf8b793250cf314bab6b482b99
-Author: Damien Miller <djm@mindrot.org>
-Date:   Thu Mar 16 11:22:42 2017 +1100
-
-    Adapt Cygwin config script to privsep knob removal
-    
-    Patch from Corinna Vinschen.
-
-commit 1a321bfdb91defe3c4d9cca5651724ae167e5436
-Author: deraadt@openbsd.org <deraadt@openbsd.org>
-Date:   Wed Mar 15 03:52:30 2017 +0000
-
-    upstream commit
-    
-    accidents happen to the best of us; ok djm
-    
-    Upstream-ID: b7a9dbd71011ffde95e06f6945fe7197dedd1604
-
-commit 25f837646be8c2017c914d34be71ca435dfc0e07
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Mar 15 02:25:09 2017 +0000
-
-    upstream commit
-    
-    fix regression in 7.4: deletion of PKCS#11-hosted keys
-    would fail unless they were specified by full physical pathname. Report and
-    fix from Jakub Jelen via bz#2682; ok dtucker@
-    
-    Upstream-ID: 5b5bc20ca11cacb5d5eb29c3f93fd18425552268
-
-commit a8c5eeacf032a7d3408957e45dd7603cc1baf55f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Mar 15 02:19:09 2017 +0000
-
-    upstream commit
-    
-    Fix segfault when sshd attempts to load RSA1 keys (can
-    only happen when protocol v.1 support is enabled for the client). Reported by
-    Jakub Jelen in bz#2686; ok dtucker
-    
-    Upstream-ID: 8fdaec2ba4b5f65db1d094f6714ce64b25d871d7
-
-commit 66705948c0639a7061a0d0753266da7685badfec
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Mar 14 07:19:07 2017 +0000
-
-    upstream commit
-    
-    Mark the sshd_config UsePrivilegeSeparation option as
-    deprecated, effectively making privsep mandatory in sandboxing mode. ok
-    markus@ deraadt@
-    
-    (note: this doesn't remove the !privsep code paths, though that will
-    happen eventually).
-    
-    Upstream-ID: b4c52666256c4dd865f8ce9431af5d6ce2d74a0a
-
-commit f86586b03fe6cd8f595289bde200a94bc2c191af
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Mar 14 18:26:29 2017 +1100
-
-    Make seccomp-bpf sandbox work on Linux/X32
-    
-    Allow clock_gettime syscall with X32 bit masked off. Apparently
-    this is required for at least some kernel versions. bz#2142
-    Patch mostly by Colin Watson. ok dtucker@
-
-commit 2429cf78dd2a9741ce27ba25ac41c535274a0af6
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Mar 14 18:01:52 2017 +1100
-
-    require OpenSSL >=1.0.1
-
-commit e3ea335abeab731c68f2b2141bee85a4b0bf680f
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Mar 14 17:48:43 2017 +1100
-
-    Remove macro trickery; no binary change
-    
-    This stops the SC_ALLOW(), SC_ALLOW_ARG() and SC_DENY() macros
-    prepending __NR_ to the syscall number parameter and just makes
-    them explicit in the macro invocations.
-    
-    No binary change in stripped object file before/after.
-
-commit 5f1596e11d55539678c41f68aed358628d33d86f
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Mar 14 13:15:18 2017 +1100
-
-    support ioctls for ICA crypto card on Linux/s390
-    
-    Based on patch from Eduardo Barretto; ok dtucker@
-
-commit b1b22dd0df2668b322dda174e501dccba2cf5c44
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Tue Mar 14 14:19:36 2017 +1100
-
-    Plumb conversion test into makefile.
-
-commit f57783f1ddfb4cdfbd612c6beb5ec01cb5b9a6b9
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Mar 14 01:20:29 2017 +0000
-
-    upstream commit
-    
-    Add unit test for convtime().
-    
-    Upstream-Regress-ID: 8717bc0ca4c21120f6dd3a1d3b7a363f707c31e1
-
-commit 8884b7247d094cd11ff9e39c325ba928c5bdbc6c
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Mar 14 01:10:07 2017 +0000
-
-    upstream commit
-    
-    Add ASSERT_LONG_* helpers.
-    
-    Upstream-Regress-ID: fe15beaea8f5063c7f21b0660c722648e3d76431
-
-commit c6774d21185220c0ba11e8fd204bf0ad1a432071
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Mar 14 00:55:37 2017 +0000
-
-    upstream commit
-    
-    Fix convtime() overflow test on boundary condition,
-    spotted by & ok djm.
-    
-    Upstream-ID: 51f14c507ea87a3022e63f574100613ab2ba5708
-
-commit f5746b40cfe6d767c8e128fe50c43274b31cd594
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Mar 14 00:25:03 2017 +0000
-
-    upstream commit
-    
-    Check for integer overflow when parsing times in
-    convtime().  Reported by nicolas.iooss at m4x.org, ok djm@
-    
-    Upstream-ID: 35e6a4e98f6fa24df50bfb8ba1307cf70e966f13
-
-commit f5907982f42a8d88a430b8a46752cbb7859ba979
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Tue Mar 14 13:38:15 2017 +1100
-
-    Add a "unit" target to run only unit tests.
-
-commit 9e96b41682aed793fadbea5ccd472f862179fb02
-Author: Damien Miller <djm@mindrot.org>
-Date:   Tue Mar 14 12:24:47 2017 +1100
-
-    Fix weakness in seccomp-bpf sandbox arg inspection
-    
-    Syscall arguments are passed via an array of 64-bit values in struct
-    seccomp_data, but we were only inspecting the bottom 32 bits and not
-    even those correctly for BE systems.
-    
-    Fortunately, the only case argument inspection was used was in the
-    socketcall filtering so using this for sandbox escape seems
-    impossible.
-    
-    ok dtucker
-
-commit 8ff3fc3f2f7c13e8968717bc2b895ee32c441275
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Mar 11 23:44:16 2017 +0000
-
-    upstream commit
-    
-    regress tests for loading certificates without public keys;
-    bz#2617 based on patch from Adam Eijdenberg; ok markus@ dtucker@
-    
-    Upstream-Regress-ID: 0145d19328ed995b73fe2d9da33596b17429d0d0
-
-commit 1e24552716194db8f2f620587b876158a9ef56ad
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sat Mar 11 23:40:26 2017 +0000
-
-    upstream commit
-    
-    allow ssh to use certificates accompanied by a private
-    key file but no corresponding plain *.pub public key. bz#2617 based on patch
-    from Adam Eijdenberg; ok dtucker@ markus@
-    
-    Upstream-ID: 295668dca2c39505281577217583ddd2bd4b00b9
-
-commit 0fb1a617a07b8df5de188dd5a0c8bf293d4bfc0e
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Sat Mar 11 13:07:35 2017 +0000
-
-    upstream commit
-    
-    Don't count the initial block twice when computing how
-    many bytes to discard for the work around for the attacks against CBC-mode.
-    ok djm@; report from Jean Paul, Kenny, Martin and Torben @ RHUL
-    
-    Upstream-ID: f445f509a4e0a7ba3b9c0dae7311cb42458dc1e2
-
-commit ef653dd5bd5777132d9f9ee356225f9ee3379504
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Mar 10 07:18:32 2017 +0000
-
-    upstream commit
-    
-    krl.c
-    
-    Upstream-ID: fc5e695d5d107d730182e2da7b23f00b489e0ee1
-
-commit d94c1dfef2ea30ca67b1204ada7c3b537c54f4d0
-Author: Damien Miller <djm@mindrot.org>
-Date:   Sun Mar 12 10:48:14 2017 +1100
-
-    sync fmt_scaled.c with OpenBSD
-    
-    revision 1.13
-    date: 2017/03/11 23:37:23;  author: djm;  state: Exp;  lines: +14 -1;  commitid: jnFKyHkB3CEiEZ2R;
-    fix signed integer overflow in scan_scaled. Found by Nicolas Iooss
-    using AFL against ssh_config. ok deraadt@ millert@
-    ----------------------------
-    revision 1.12
-    date: 2013/11/29 19:00:51;  author: deraadt;  state: Exp;  lines: +6 -5;
-    fairly simple unsigned char casts for ctype
-    ok krw
-    ----------------------------
-    revision 1.11
-    date: 2012/11/12 14:07:20;  author: halex;  state: Exp;  lines: +4 -2;
-    make scan_scaled set errno to EINVAL rather than ERANGE if it encounters
-    an invalid multiplier, like the man page says it should
-    
-    "looks sensible" deraadt@, ok ian@
-    ----------------------------
-    revision 1.10
-    date: 2009/06/20 15:00:04;  author: martynas;  state: Exp;  lines: +4 -4;
-    use llabs instead of the home-grown version;  and some comment changes
-    ok ian@, millert@
-    ----------------------------
-
-commit 894221a63fa061e52e414ca58d47edc5fe645968
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 05:01:13 2017 +0000
-
-    upstream commit
-    
-    When updating hostkeys, accept RSA keys if
-    HostkeyAlgorithms contains any RSA keytype. Previously, ssh could ignore RSA
-    keys when any of the ssh-rsa-sha2-* methods was enabled in HostkeyAlgorithms
-    nit ssh-rsa (SHA1 signatures) was not. bz#2650 reported by Luis Ressel; ok
-    dtucker@
-    
-    Upstream-ID: c5e8cfee15c42f4a05d126158a0766ea06da79d2
-
-commit dd3e2298663f4cc1a06bc69582d00dcfee27d73c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 04:24:55 2017 +0000
-
-    upstream commit
-    
-    make hostname matching really insensitive to case;
-    bz#2685, reported by Petr Cerny; ok dtucker@
-    
-    Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253
-
-commit 77a9be9446697fe8b5499fe651f4a82a71a4b51f
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 03:52:48 2017 +0000
-
-    upstream commit
-    
-    reword a comment to make it fit 80 columns
-    
-    Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4
-
-commit 61b8ef6a66efaec07e023342cb94a10bdc2254dc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 04:27:32 2017 +0000
-
-    upstream commit
-    
-    better match sshd config parser behaviour: fatal() if
-    line is overlong, increase line buffer to match sshd's; bz#2651 reported by
-    Don Fong; ok dtucker@
-    
-    Upstream-ID: b175ae7e0ba403833f1ee566edf10f67443ccd18
-
-commit db2597207e69912f2592cd86a1de8e948a9d7ffb
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 04:26:06 2017 +0000
-
-    upstream commit
-    
-    ensure hostname is lower-case before hashing it;
-    bz#2591 reported by Griff Miller II; ok dtucker@
-    
-    Upstream-ID: c3b8b93804f376bd00d859b8bcd9fc0d86b4db17
-
-commit df9936936c695f85c1038bd706d62edf752aca4b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 04:24:55 2017 +0000
-
-    upstream commit
-    
-    make hostname matching really insensitive to case;
-    bz#2685, reported by Petr Cerny; ok dtucker@
-    
-    Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549
-
-commit 67eed24bfa7645d88fa0b883745fccb22a0e527e
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Mar 10 04:11:00 2017 +0000
-
-    upstream commit
-    
-    Remove old null check from config dumper.  Patch from
-    jjelen at redhat.com vi bz#2687, ok djm@
-    
-    Upstream-ID: 824ab71467b78c4bab0dd1b3a38e8bc5f63dd528
-
-commit 183ba55aaaecca0206184b854ad6155df237adbe
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 04:07:20 2017 +0000
-
-    upstream commit
-    
-    fix regression in 7.4 server-sig-algs, where we were
-    accidentally excluding SHA2 RSA signature methods. bz#2680, patch from Nuno
-    Goncalves; ok dtucker@
-    
-    Upstream-ID: 81ac8bfb30960447740b9b8f6a214dcf322f12e8
-
-commit 66be4fe8c4435af5bbc82998501a142a831f1181
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Mar 10 03:53:11 2017 +0000
-
-    upstream commit
-    
-    Check for NULL return value from key_new.  Patch from
-    jjelen at redhat.com via bz#2687, ok djm@
-    
-    Upstream-ID: 059e33cd43cba88dc8caf0b1936fd4dd88fd5b8e
-
-commit ec2892b5c7fea199914cb3a6afb3af38f84990bf
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 03:52:48 2017 +0000
-
-    upstream commit
-    
-    reword a comment to make it fit 80 columns
-    
-    Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349
-
-commit 7fadbb6da3f4122de689165651eb39985e1cba85
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Mar 10 03:48:57 2017 +0000
-
-    upstream commit
-    
-    Check for NULL argument to sshkey_read.  Patch from
-    jjelen at redhat.com via bz#2687, ok djm@
-    
-    Upstream-ID: c2d00c2ea50c4861d271d0a586f925cc64a87e0e
-
-commit 5a06b9e019e2b0b0f65a223422935b66f3749de3
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Mar 10 03:45:40 2017 +0000
-
-    upstream commit
-    
-    Plug some mem leaks mostly on error paths.  From jjelen
-    at redhat.com via bz#2687, ok djm@
-    
-    Upstream-ID: 3fb030149598957a51b7c8beb32bf92cf30c96f2
-
-commit f6edbe9febff8121f26835996b1229b5064d31b7
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Mar 10 03:24:48 2017 +0000
-
-    upstream commit
-    
-    Plug mem leak on GLOB_NOMATCH case.  From jjelen at
-    redhat.com via bz#2687, ok djm@
-    
-    Upstream-ID: 8016a7ae97719d3aa55fb723fc2ad3200058340d
-
-commit 566b3a46e89a2fda2db46f04f2639e92da64a120
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Mar 10 03:22:40 2017 +0000
-
-    upstream commit
-    
-    Plug descriptor leaks of auth_sock.  From jjelen at
-    redhat.com via bz#2687, ok djm@
-    
-    Upstream-ID: 248acb99a5ed2fdca37d1aa33c0fcee7be286d88
-
-commit 8a2834454c73dfc1eb96453c0e97690595f3f4c2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 03:18:24 2017 +0000
-
-    upstream commit
-    
-    correctly hash hosts with a port number. Reported by Josh
-    Powers in bz#2692; ok dtucker@
-    
-    Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
-
-commit 9747b9c742de409633d4753bf1a752cbd211e2d3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 10 03:15:58 2017 +0000
-
-    upstream commit
-    
-    don't truncate off \r\n from long stderr lines; bz#2688,
-    reported by Brian Dyson; ok dtucker@
-    
-    Upstream-ID: cdfdc4ba90639af807397ce996153c88af046ca4
-
-commit 4a4b75adac862029a1064577eb5af299b1580cdd
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Mar 10 02:59:51 2017 +0000
-
-    upstream commit
-    
-    Validate digest arg in ssh_digest_final; from jjelen at
-    redhat.com via bz#2687, ok djm@
-    
-    Upstream-ID: dbe5494dfddfe523fab341a3dab5a79e7338f878
-
-commit bee0167be2340d8de4bdc1ab1064ec957c85a447
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Mar 10 13:40:18 2017 +1100
-
-    Check for NULL from malloc.
-    
-    Part of bz#2687, from jjelen at redhat.com.
-
-commit da39b09d43b137a5a3d071b51589e3efb3701238
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Mar 10 13:22:32 2017 +1100
-
-    If OSX is using launchd, remove screen no.
-    
-    Check for socket with and without screen number.  From Apple and Jakob
-    Schlyter via bz#2341, with contributions from Ron Frederick, ok djm@
-
-commit 8fb15311a011517eb2394bb95a467c209b8b336c
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Mar 8 12:07:47 2017 +0000
-
-    upstream commit
-    
-    quote [host]:port in generated ProxyJump commandline; the
-    [ / ] characters can confuse some shells (e.g. zsh). Reported by Lauri
-    Tirkkonen via bugs@
-    
-    Upstream-ID: 65cdd161460e1351c3d778e974c1c2a4fa4bc182
-
-commit 18501151cf272a15b5f2c5e777f2e0933633c513
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Mar 6 02:03:20 2017 +0000
-
-    upstream commit
-    
-    Check l->hosts before dereferencing; fixes potential null
-    pointer deref. ok djm@
-    
-    Upstream-ID: 81c0327c6ec361da794b5c680601195cc23d1301
-
-commit d072370793f1a20f01ad827ba8fcd3b8f2c46165
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Mar 6 00:44:51 2017 +0000
-
-    upstream commit
-    
-    linenum is unsigned long so use %lu in log formats.  ok
-    deraadt@
-    
-    Upstream-ID: 9dc582d9bb887ebe0164e030d619fc20b1a4ea08
-
-commit 12d3767ba4c84c32150cbe6ff6494498780f12c9
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Mar 3 06:13:11 2017 +0000
-
-    upstream commit
-    
-    fix ssh-keygen -H accidentally corrupting known_hosts that
-    contained already-hashed entries. HKF_MATCH_HOST_HASHED is only set by
-    hostkeys_foreach() when hostname matching is in use, so we need to look for
-    the hash marker explicitly.
-    
-    Upstream-ID: da82ad653b93e8a753580d3cf5cd448bc2520528
-
-commit d7abb771bd5a941b26144ba400a34563a1afa589
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Feb 28 06:10:08 2017 +0000
-
-    upstream commit
-    
-    small memleak: free fd_set on connection timeout (though
-    we are heading to exit anyway). From Tom Rix in bz#2683
-    
-    Upstream-ID: 10e3dadbb8199845b66581473711642d9e6741c4
-
-commit 78142e3ab3887e53a968d6e199bcb18daaf2436e
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Mon Feb 27 14:30:33 2017 +0000
-
-    upstream commit
-    
-    errant dot; from klemens nanni
-    
-    Upstream-ID: 83d93366a5acf47047298c5d3ebc5e7426f37921
-
-commit 8071a6924c12bb51406a9a64a4b2892675112c87
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Feb 24 03:16:34 2017 +0000
-
-    upstream commit
-    
-    might as well set the listener socket CLOEXEC
-    
-    Upstream-ID: 9c538433d6a0ca79f5f21decc5620e46fb68ab57
-
-commit d5499190559ebe374bcdfa8805408646ceffad64
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Feb 19 00:11:29 2017 +0000
-
-    upstream commit
-    
-    add test cases for C locale; ok schwarze@
-    
-    Upstream-Regress-ID: 783d75de35fbc923d46e2a5e6cee30f8f381ba87
-
-commit 011c8ffbb0275281a0cf330054cf21be10c43e37
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Feb 19 00:10:57 2017 +0000
-
-    upstream commit
-    
-    Add a common nl_langinfo(CODESET) alias for US-ASCII
-    "ANSI_X3.4-1968" that is used by Linux. Fixes mprintf output truncation for
-    non-UTF-8 locales on Linux spotted by dtucker@; ok deraadt@ schwarze@
-    
-    Upstream-ID: c6808956ebffd64066f9075d839f74ff0dd60719
-
-commit 0c4430a19b73058a569573492f55e4c9eeaae67b
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Feb 7 23:03:11 2017 +0000
-
-    upstream commit
-    
-    Remove deprecated SSH1 options RSAAuthentication and
-    RhostsRSAAuthentication from regression test sshd_config.
-    
-    Upstream-Regress-ID: 8066b753d9dce7cf02ff87af5c727ff680d99491
-
-commit 3baa4cdd197c95d972ec3d07f1c0d08f2d7d9199
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Feb 17 02:32:05 2017 +0000
-
-    upstream commit
-    
-    Do not show rsa1 key type in usage when compiled without
-    SSH1 support.
-    
-    Upstream-ID: 068b5c41357a02f319957746fa4e84ea73960f57
-
-commit ecc35893715f969e98fee118481f404772de4132
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Feb 17 02:31:14 2017 +0000
-
-    upstream commit
-    
-    ifdef out "rsa1" from the list of supported keytypes when
-    compiled without SSH1 support.  Found by kdunlop at guralp.com, ok djm@
-    
-    Upstream-ID: cea93a26433d235bb1d64b1d990f19a9c160a70f
-
-commit 10577c6d96a55b877a960b2d0b75edef1b9945af
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Feb 17 02:04:15 2017 +0000
-
-    upstream commit
-    
-    For ProxyJump/-J, surround host name with brackets to
-    allow literal IPv6 addresses. From Dick Visser; ok dtucker@
-    
-    Upstream-ID: 3a5d3b0171250daf6a5235e91bce09c1d5746bf1
-
-commit b2afdaf1b52231aa23d2153f4a8c5a60a694dda4
-Author: jsg@openbsd.org <jsg@openbsd.org>
-Date:   Wed Feb 15 23:38:31 2017 +0000
-
-    upstream commit
-    
-    Fix memory leaks in match_filter_list() error paths.
-    
-    ok dtucker@ markus@
-    
-    Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e
-
-commit 6d5a41b38b55258213ecfaae9df7a758caa752a1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Feb 15 01:46:47 2017 +0000
-
-    upstream commit
-    
-    fix division by zero crash in "df" output when server
-    returns zero total filesystem blocks/inodes. Spotted by Guido Vranken; ok
-    dtucker@
-    
-    Upstream-ID: 6fb6c2ae6b289aa07b6232dbc0be54682ef5419f
-
-commit bd5d7d239525d595ecea92765334af33a45d9d63
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Sun Feb 12 15:45:15 2017 +1100
-
-    ifdef out EVP_R_PRIVATE_KEY_DECODE_ERROR
-    
-    EVP_R_PRIVATE_KEY_DECODE_ERROR was added in OpenSSL 1.0.0 so ifdef out
-    for the benefit of OpenSSL versions prior to that.
-
-commit 155d540d00ff55f063421ec182ec8ff2b7ab6cbe
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Feb 10 04:34:50 2017 +0000
-
-    upstream commit
-    
-    bring back r1.34 that was backed out for problems loading
-    public keys:
-    
-    translate OpenSSL error codes to something more
-    meaninful; bz#2522 reported by Jakub Jelen, ok dtucker@
-    
-    with additional fix from Jakub Jelen to solve the backout.
-    bz#2525 bz#2523 re-ok dtucker@
-    
-    Upstream-ID: a9d5bc0306f4473d9b4f4484f880e95f3c1cc031
-
-commit a287c5ad1e0bf9811c7b9221979b969255076019
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Feb 10 03:36:40 2017 +0000
-
-    upstream commit
-    
-    Sanitise escape sequences in key comments sent to printf
-    but preserve valid UTF-8 when the locale supports it; bz#2520 ok dtucker@
-    
-    Upstream-ID: e8eed28712ba7b22d49be534237eed019875bd1e
-
-commit e40269be388972848aafcca7060111c70aab5b87
-Author: millert@openbsd.org <millert@openbsd.org>
-Date:   Wed Feb 8 20:32:43 2017 +0000
-
-    upstream commit
-    
-    Avoid printf %s NULL.  From semarie@, OK djm@
-    
-    Upstream-ID: 06beef7344da0208efa9275d504d60d2a5b9266c
-
-commit 5b90709ab8704dafdb31e5651073b259d98352bc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Feb 6 09:22:51 2017 +0000
-
-    upstream commit
-    
-    Restore \r\n newline sequence for server ident string. The CR
-    got lost in the flensing of SSHv1. Pointed out by Stef Bon
-    
-    Upstream-ID: 5333fd43ce5396bf5999496096fac5536e678fac
-
-commit 97c31c46ee2e6b46dfffdfc4f90bbbf188064cbc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Feb 3 23:01:42 2017 +0000
-
-    upstream commit
-    
-    unit test for match_filter_list() function; still want a
-    better name for this...
-    
-    Upstream-Regress-ID: 840ad6118552c35111f0a897af9c8d93ab8de92a
-
-commit f1a193464a7b77646f0d0cedc929068e4a413ab4
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Feb 3 23:05:57 2017 +0000
-
-    upstream commit
-    
-    use ssh_packet_set_log_preamble() to include connection
-    username in packet log messages, e.g.
-    
-    Connection closed by invalid user foo 10.1.1.1 port 44056 [preauth]
-    
-    ok markus@ bz#113
-    
-    Upstream-ID: 3591b88bdb5416d6066fb3d49d8fff2375bf1a15
-
-commit 07edd7e9537ab32aa52abb5fb2a915c350fcf441
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Feb 3 23:03:33 2017 +0000
-
-    upstream commit
-    
-    add ssh_packet_set_log_preamble() to allow inclusion of a
-    preamble string in disconnect messages; ok markus@
-    
-    Upstream-ID: 34cb41182cd76d414c214ccb01c01707849afead
-
-commit 68bc8cfa7642d3ccbf2cd64281c16b8b9205be59
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Feb 3 23:01:19 2017 +0000
-
-    upstream commit
-    
-    support =- for removing methods from algorithms lists,
-    e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
-    it" markus@
-    
-    Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d
-
-commit c924b2ef941028a1f31e6e94f54dfeeeef462a4e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Feb 3 05:05:56 2017 +0000
-
-    upstream commit
-    
-    allow form-feed characters at EOL; bz#2431 ok dtucker@
-    
-    Upstream-ID: 1f453afaba6da2ae69d6afdf1ae79a917552f1a2
-
-commit 523db8540b720c4d21ab0ff6f928476c70c38aab
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Feb 3 16:01:22 2017 +1100
-
-    prefer to use ldns-config to find libldns
-    
-    Should fix bz#2603 - "Build with ldns and without kerberos support
-    fails if ldns compiled with kerberos support" by including correct
-    cflags/libs
-    
-    ok dtucker@
-
-commit c998bf0afa1a01257a53793eba57941182e9e0b7
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Feb 3 02:56:00 2017 +0000
-
-    upstream commit
-    
-    Make ssh_packet_set_rekey_limits take u32 for the number of
-    seconds until rekeying (negative values are rejected at config parse time).
-    This allows the removal of some casts and a signed vs unsigned comparison
-    warning.
-    
-    rekey_time is cast to int64 for the comparison which is a no-op
-    on OpenBSD, but should also do the right thing in -portable on
-    anything still using 32bit time_t (until the system time actually
-    wraps, anyway).
-    
-    some early guidance deraadt@, ok djm@
-    
-    Upstream-ID: c9f18613afb994a07e7622eb326f49de3d123b6c
-
-commit 3ec5fa4ba97d4c4853620daea26a33b9f1fe3422
-Author: jsg@openbsd.org <jsg@openbsd.org>
-Date:   Thu Feb 2 10:54:25 2017 +0000
-
-    upstream commit
-    
-    In vasnmprintf() return an error if malloc fails and
-    don't set a function argument to the address of free'd memory.
-    
-    ok djm@
-    
-    Upstream-ID: 1efffffff2f51d53c9141f245b90ac23d33b9779
-
-commit 858252fb1d451ebb0969cf9749116c8f0ee42753
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Wed Feb 1 02:59:09 2017 +0000
-
-    upstream commit
-    
-    Return true reason for port forwarding failures where
-    feasible rather than always "administratively prohibited".  bz#2674, ok djm@
-    
-    Upstream-ID: d901d9887951774e604ca970e1827afaaef9e419
-
-commit 6ba9f893838489add6ec4213c7a997b425e4a9e0
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Jan 30 23:27:39 2017 +0000
-
-    upstream commit
-    
-    Small correction to the known_hosts section on when it is
-    updated. Patch from lkppo at free.fr some time ago, pointed out by smallm at
-    sdf.org
-    
-    Upstream-ID: 1834d7af179dea1a12ad2137f84566664af225d5
-
-commit c61d5ec3c11e7ff9779b6127421d9f166cf10915
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Feb 3 14:10:34 2017 +1100
-
-    Remove _XOPEN_SOURCE from wide char detection.
-    
-    Having _XOPEN_SOURCE unconditionally causes problems on some platforms
-    and configurations, notably Solaris 64-bit binaries.  It was there for
-    the benefit of Linux put the required bits in the *-*linux* section.
-    
-    Patch from yvoinov at gmail.com.
-
-commit f25ee13b3e81fd80efeb871dc150fe49d7fc8afd
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jan 30 05:22:14 2017 +0000
-
-    upstream commit
-    
-    fully unbreak: some $SSH invocations did not have -F
-    specified and could pick up the ~/.ssh/config of the user running the tests
-    
-    Upstream-Regress-ID: f362d1892c0d3e66212d5d3fc02d915c58ef6b89
-
-commit 6956e21fb26652887475fe77ea40d2efcf25908b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jan 30 04:54:07 2017 +0000
-
-    upstream commit
-    
-    partially unbreak: was not specifying hostname on some
-    $SSH invocations
-    
-    Upstream-Regress-ID: bc8a5e98e57bad0a92ef4f34ed91c1d18294e2cc
-
-commit 52763dd3fe0a4678dafdf7aeb32286e514130afc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jan 30 01:03:00 2017 +0000
-
-    upstream commit
-    
-    revise keys/principals command hang fix (bz#2655) to
-    consume entire output, avoiding sending SIGPIPE to subprocesses early; ok
-    dtucker@
-    
-    Upstream-ID: 7cb04b31a61f8c78c4e48ceededcd2fd5c4ee1bc
-
-commit 381a2615a154a82c4c53b787f4a564ef894fe9ac
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jan 30 00:38:50 2017 +0000
-
-    upstream commit
-    
-    small cleanup post SSHv1 removal:
-    
-    remove SSHv1-isms in commented examples
-    
-    reorder token table to group deprecated and compile-time conditional tokens
-    better
-    
-    fix config dumping code for some compile-time conditional options that
-    weren't being correctly skipped (SSHv1 and PKCS#11)
-    
-    Upstream-ID: f2e96b3cb3158d857c5a91ad2e15925df3060105
-
-commit 4833d01591b7eb049489d9558b65f5553387ed43
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jan 30 00:34:01 2017 +0000
-
-    upstream commit
-    
-    some explicit NULL tests when dumping configured
-    forwardings; from Karsten Weiss
-    
-    Upstream-ID: 40957b8dea69672b0e50df6b4a91a94e3e37f72d
-
-commit 326e2fae9f2e3e067b5651365eba86b35ee5a6b2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jan 30 00:32:28 2017 +0000
-
-    upstream commit
-    
-    misplaced braces in test; from Karsten Weiss
-    
-    Upstream-ID: f7b794074d3aae8e35b69a91d211c599c94afaae
-
-commit 3e032a95e46bfaea9f9e857678ac8fa5f63997fb
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Jan 30 00:32:03 2017 +0000
-
-    upstream commit
-    
-    don't dereference authctxt before testing != NULL, it
-    causes compilers to make assumptions; from Karsten Weiss
-    
-    Upstream-ID: 794243aad1e976ebc717885b7a97a25e00c031b2
-
-commit 01cfaa2b1cfb84f3cdd32d1bf82b120a8d30e057
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jan 6 02:51:16 2017 +0000
-
-    upstream commit
-    
-    use correct ssh-add program; bz#2654, from Colin Watson
-    
-    Upstream-Regress-ID: 7042a36e1bdaec6562f6e57e9d047efe9c7a6030
-
-commit e5c7ec67cdc42ae2584085e0fc5cc5ee91133cf5
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jan 6 02:26:10 2017 +0000
-
-    upstream commit
-    
-    Account for timeouts in the integrity tests as failures.
-    
-    If the first test in a series for a given MAC happens to modify the low
-    bytes of a packet length, then ssh will time out and this will be
-    interpreted as a test failure.  Patch from cjwatson at debian.org via
-    bz#2658.
-    
-    Upstream-Regress-ID: e7467613b0badedaa300bc6fc7495ec2f44e2fb9
-
-commit dbaf599b61bd6e0f8469363a8c8e7f633b334018
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jan 6 02:09:25 2017 +0000
-
-    upstream commit
-    
-    Make forwarding test less racy by using unix domain
-    sockets instead of TCP ports where possible.  Patch from cjwatson at
-    debian.org via bz#2659.
-    
-    Upstream-Regress-ID: 4756375aac5916ef9d25452a1c1d5fa9e90299a9
-
-commit 9390b0031ebd6eb5488d3bc4d4333c528dffc0a6
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Sun Jan 29 21:35:23 2017 +0000
-
-    upstream commit
-    
-    Fix typo in ~C error message for bad port forward
-    cancellation. bz#2672, from Brad Marshall via Colin Watson and Ubuntu's
-    bugtracker.
-    
-    Upstream-ID: 0d4a7e5ead6cc59c9a44b4c1e5435ab3aada09af
-
-commit 4ba15462ca38883b8a61a1eccc093c79462d5414
-Author: guenther@openbsd.org <guenther@openbsd.org>
-Date:   Sat Jan 21 11:32:04 2017 +0000
-
-    upstream commit
-    
-    The POSIX APIs that that sockaddrs all ignore the s*_len
-    field in the incoming socket, so userspace doesn't need to set it unless it
-    has its own reasons for tracking the size along with the sockaddr.
-    
-    ok phessler@ deraadt@ florian@
-    
-    Upstream-ID: ca6e49e2f22f2b9e81d6d924b90ecd7e422e7437
-
-commit a1187bd3ef3e4940af849ca953a1b849dae78445
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Fri Jan 6 16:28:12 2017 +0000
-
-    upstream commit
-    
-    keep the tokens list sorted;
-    
-    Upstream-ID: b96239dae4fb3aa94146bb381afabcc7740a1638
-
-commit b64077f9767634715402014f509e58decf1e140d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jan 6 09:27:52 2017 +0000
-
-    upstream commit
-    
-    fix previous
-    
-    Upstream-ID: c107d6a69bc22325d79fbf78a2a62e04bcac6895
-
-commit 5e820e9ea2e949aeb93071fe31c80b0c42f2b2de
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jan 6 03:53:58 2017 +0000
-
-    upstream commit
-    
-    show a useful error message when included config files
-    can't be opened; bz#2653, ok dtucker@
-    
-    Upstream-ID: f598b73b5dfe497344cec9efc9386b4e5a3cb95b
-
-commit 13bd2e2d622d01dc85d22b94520a5b243d006049
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jan 6 03:45:41 2017 +0000
-
-    upstream commit
-    
-    sshd_config is documented to set
-    GSSAPIStrictAcceptorCheck=yes by default, so actually make it do this.
-    bz#2637 ok dtucker
-    
-    Upstream-ID: 99ef8ac51f17f0f7aec166cb2e34228d4d72a665
-
-commit f89b928534c9e77f608806a217d39a2960cc7fd0
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Jan 6 03:41:58 2017 +0000
-
-    upstream commit
-    
-    Avoid confusing error message when attempting to use
-    ssh-keyscan built without SSH protocol v.1 to scan for v.1 keys; bz#2583
-    
-    Upstream-ID: 5d214abd3a21337d67c6dcc5aa6f313298d0d165
-
-commit 0999533014784579aa6f01c2d3a06e3e8804b680
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Jan 6 02:34:54 2017 +0000
-
-    upstream commit
-    
-    Re-add '%k' token for AuthorizedKeysCommand which was
-    lost during the re-org in rev 1.235.  bz#2656, from jboning at gmail.com.
-    
-    Upstream-ID: 2884e203c02764d7b3fe7472710d9c24bdc73e38
-
-commit 51045869fa084cdd016fdd721ea760417c0a3bf3
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Jan 4 05:37:40 2017 +0000
-
-    upstream commit
-    
-    unbreak Unix domain socket forwarding for root; ok
-    markus@
-    
-    Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2
-
-commit 58fca12ba967ea5c768653535604e1522d177e44
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Mon Jan 16 09:08:32 2017 +1100
-
-    Remove LOGIN_PROGRAM.
-    
-    UseLogin is gone, remove leftover.  bz#2665, from cjwatson at debian.org
-
-commit b108ce92aae0ca0376dce9513d953be60e449ae1
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Jan 4 02:21:43 2017 +0000
-
-    upstream commit
-    
-    relax PKCS#11 whitelist a bit to allow libexec as well as
-    lib directories.
-    
-    Upstream-ID: cf5617958e2e2d39f8285fd3bc63b557da484702
-
-commit c7995f296b9222df2846f56ecf61e5ae13d7a53d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Jan 3 05:46:51 2017 +0000
-
-    upstream commit
-    
-    check number of entries in SSH2_FXP_NAME response; avoids
-    unreachable overflow later. Reported by Jann Horn
-    
-    Upstream-ID: b6b2b434a6d6035b1644ca44f24cd8104057420f
-
-commit ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Dec 30 22:08:02 2016 +0000
-
-    upstream commit
-    
-    fix deadlock when keys/principals command produces a lot of
-    output and a key is matched early; bz#2655, patch from jboning AT gmail.com
-    
-    Upstream-ID: e19456429bf99087ea994432c16d00a642060afe
-
-commit 30eee7d1b2fec33c14870cc11910610be5d2aa6f
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Tue Dec 20 12:16:11 2016 +1100
-
-    Re-add missing "Prerequisites" header and fix typo
-    
-    Patch from HARUYAMA Seigo <haruyama at unixuser org>.
-
-commit c8c60f3663165edd6a52632c6ddbfabfce1ca865
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Dec 19 22:35:23 2016 +0000
-
-    upstream commit
-    
-    use standard /bin/sh equality test; from Mike Frysinger
-    
-    Upstream-Regress-ID: 7b6f0b63525f399844c8ac211003acb8e4b0bec2
-
-commit 4a354fc231174901f2629437c2a6e924a2dd6772
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Dec 19 15:59:26 2016 +1100
-
-    crank version numbers for release
-
-commit 5f8d0bb8413d4d909cc7aa3c616fb0538224c3c9
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Dec 19 04:55:51 2016 +0000
-
-    upstream commit
-    
-    openssh-7.4
-    
-    Upstream-ID: 1ee404adba6bbe10ae9277cbae3a94abe2867b79
-
-commit 3a8213ea0ed843523e34e55ab9c852332bab4c7b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Dec 19 04:55:18 2016 +0000
-
-    upstream commit
-    
-    remove testcase that depends on exact output and
-    behaviour of snprintf(..., "%s", NULL)
-    
-    Upstream-Regress-ID: cab4288531766bd9593cb556613b91a2eeefb56f
-
-commit eae735a82d759054f6ec7b4e887fb7a5692c66d7
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Dec 19 03:32:57 2016 +0000
-
-    upstream commit
-    
-    Use LOGNAME to get current user and fall back to whoami if
-    not set. Mainly to benefit -portable since some platforms don't have whoami.
-    
-    Upstream-Regress-ID: e3a16b7836a3ae24dc8f8a4e43fdf8127a60bdfa
-
-commit 0d2f88428487518eea60602bd593989013831dcf
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Dec 16 03:51:19 2016 +0000
-
-    upstream commit
-    
-    Add regression test for AllowUsers and DenyUsers.  Patch from
-    Zev Weiss <zev at bewilderbeest.net>
-    
-    Upstream-Regress-ID: 8f1aac24d52728398871dac14ad26ea38b533fb9
-
-commit 3bc8180a008929f6fe98af4a56fb37d04444b417
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Dec 16 15:02:24 2016 +1100
-
-    Add missing monitor.h include.
-    
-    Fixes warning pointed out by Zev Weiss <zev at bewilderbeest.net>
-
-commit 410681f9015d76cc7b137dd90dac897f673244a0
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Dec 16 02:48:55 2016 +0000
-
-    upstream commit
-    
-    revert to rev1.2; the new bits in this test depend on changes
-    to ssh that aren't yet committed
-    
-    Upstream-Regress-ID: 828ffc2c7afcf65d50ff2cf3dfc47a073ad39123
-
-commit 2f2ffa4fbe4b671bbffa0611f15ba44cff64d58e
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Dec 16 01:06:27 2016 +0000
-
-    upstream commit
-    
-    Move the "stop sshd" code into its own helper function.
-    Patch from Zev Weiss <zev at bewilderbeest.net>, ok djm@
-    
-    Upstream-Regress-ID: a113dea77df5bd97fb4633ea31f3d72dbe356329
-
-commit e15e7152331e3976b35475fd4e9c72897ad0f074
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Dec 16 01:01:07 2016 +0000
-
-    upstream commit
-    
-    regression test for certificates along with private key
-    with no public half. bz#2617, mostly from Adam Eijdenberg
-    
-    Upstream-Regress-ID: 2e74dc2c726f4dc839609b3ce045466b69f01115
-
-commit 9a70ec085faf6e55db311cd1a329f1a35ad2a500
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Thu Dec 15 23:50:37 2016 +0000
-
-    upstream commit
-    
-    Use $SUDO to read pidfile in case root's umask is
-    restricted.  From portable.
-    
-    Upstream-Regress-ID: f6b1c7ffbc5a0dfb7d430adb2883344899174a98
-
-commit fe06b68f824f8f55670442fb31f2c03526dd326c
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Thu Dec 15 21:29:05 2016 +0000
-
-    upstream commit
-    
-    Add missing braces in DenyUsers code.  Patch from zev at
-    bewilderbeest.net, ok deraadt@
-    
-    Upstream-ID: d747ace338dcf943b077925f90f85f789714b54e
-
-commit dcc7d74242a574fd5c4afbb4224795b1644321e7
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Thu Dec 15 21:20:41 2016 +0000
-
-    upstream commit
-    
-    Fix text in error message.  Patch from zev at
-    bewilderbeest.net.
-    
-    Upstream-ID: deb0486e175e7282f98f9a15035d76c55c84f7f6
-
-commit b737e4d7433577403a31cff6614f6a1b0b5e22f4
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Dec 14 00:36:34 2016 +0000
-
-    upstream commit
-    
-    disable Unix-domain socket forwarding when privsep is
-    disabled
-    
-    Upstream-ID: ab61516ae0faadad407857808517efa900a0d6d0
-
-commit 08a1e7014d65c5b59416a0e138c1f73f417496eb
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Dec 9 03:04:29 2016 +0000
-
-    upstream commit
-    
-    log connections dropped in excess of MaxStartups at
-    verbose LogLevel; bz#2613 based on diff from Tomas Kuthan; ok dtucker@
-    
-    Upstream-ID: 703ae690dbf9b56620a6018f8a3b2389ce76d92b
-
-commit 10e290ec00964b2bf70faab15a10a5574bb80527
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Tue Dec 13 13:51:32 2016 +1100
-
-    Get default of TEST_SSH_UTF8 from environment.
-
-commit b9b8ba3f9ed92c6220b58d70d1e6d8aa3eea1104
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Tue Dec 13 12:56:40 2016 +1100
-
-    Remove commented-out includes.
-    
-    These commented-out includes have "Still needed?" comments.  Since
-    they've been commented out for ~13 years I assert that they're not.
-
-commit 25275f1c9d5f01a0877d39444e8f90521a598ea0
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Tue Dec 13 12:54:23 2016 +1100
-
-    Add prototype for strcasestr in compat library.
-
-commit afec07732aa2985142f3e0b9a01eb6391f523dec
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Tue Dec 13 10:23:03 2016 +1100
-
-    Add strcasestr to compat library.
-    
-    Fixes build on (at least) Solaris 10.
-
-commit dda78a03af32e7994f132d923c2046e98b7c56c8
-Author: Damien Miller <djm@mindrot.org>
-Date:   Mon Dec 12 13:57:10 2016 +1100
-
-    Force Turkish locales back to C/POSIX; bz#2643
-    
-    Turkish locales are unique in their handling of the letters 'i' and
-    'I' (yes, they are different letters) and OpenSSH isn't remotely
-    prepared to deal with that. For now, the best we can do is to force
-    OpenSSH to use the C/POSIX locale and try to preserve the UTF-8
-    encoding if possible.
-    
-    ok dtucker@
-
-commit c35995048f41239fc8895aadc3374c5f75180554
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Dec 9 12:52:02 2016 +1100
-
-    exit is in stdlib.h not unistd.h (that's _exit).
-
-commit d399a8b914aace62418c0cfa20341aa37a192f98
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Dec 9 12:33:25 2016 +1100
-
-    Include <unistd.h> for exit in utf8 locale test.
-
-commit 47b8c99ab3221188ad3926108dd9d36da3b528ec
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Dec 8 15:48:34 2016 +1100
-
-    Check for utf8 local support before testing it.
-    
-    Check for utf8 local support and if not found, do not attempt to run the
-    utf8 tests.  Suggested by djm@
-
-commit 4089fc1885b3a2822204effbb02b74e3da58240d
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Dec 8 12:57:24 2016 +1100
-
-    Use AC_PATH_TOOL for krb5-config.
-    
-    This will use the host-prefixed version when cross compiling; patch from
-    david.michael at coreos.com.
-
-commit b4867e0712c89b93be905220c82f0a15e6865d1e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Dec 6 07:48:01 2016 +0000
-
-    upstream commit
-    
-    make IdentityFile successfully load and use certificates that
-    have no corresponding bare public key. E.g. just a private id_rsa and
-    certificate id_rsa-cert.pub (and no id_rsa.pub).
-    
-    bz#2617 ok dtucker@
-    
-    Upstream-ID: c1e9699b8c0e3b63cc4189e6972e3522b6292604
-
-commit c9792783a98881eb7ed295680013ca97a958f8ac
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Nov 25 14:04:21 2016 +1100
-
-    Add a gnome-ssh-askpass3 target for GTK+3 version
-    
-    Based on patch from Colin Watson via bz#2640
-
-commit 7be85ae02b9de0993ce0a1d1e978e11329f6e763
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Nov 25 14:03:53 2016 +1100
-
-    Make gnome-ssh-askpass2.c GTK+3-friendly
-    
-    Patch from Colin Watson via bz#2640
-
-commit b9844a45c7f0162fd1b5465683879793d4cc4aaa
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Dec 4 23:54:02 2016 +0000
-
-    upstream commit
-    
-    Fix public key authentication when multiple
-    authentication is in use. Instead of deleting and re-preparing the entire
-    keys list, just reset the 'used' flags; the keys list is already in a good
-    order (with already- tried keys at the back)
-    
-    Analysis and patch from Vincent Brillault on bz#2642; ok dtucker@
-    
-    Upstream-ID: 7123f12dc2f3bcaae715853035a97923d7300176
-
-commit f2398eb774075c687b13af5bc22009eb08889abe
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Sun Dec 4 22:27:25 2016 +0000
-
-    upstream commit
-    
-    Unlink PidFile on SIGHUP and always recreate it when the
-    new sshd starts. Regression tests (and possibly other things) depend on the
-    pidfile being recreated after SIGHUP, and unlinking it means it won't contain
-    a stale pid if sshd fails to restart.  ok djm@ markus@
-    
-    Upstream-ID: 132dd6dda0c77dd49d2f15b2573b5794f6160870
-
-commit 85aa2efeba51a96bf6834f9accf2935d96150296
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Nov 30 03:01:33 2016 +0000
-
-    upstream commit
-    
-    test new behaviour of cert force-command restriction vs.
-    authorized_key/ principals
-    
-    Upstream-Regress-ID: 399efa7469d40c404c0b0a295064ce75d495387c
-
-commit 5d333131cd8519d022389cfd3236280818dae1bc
-Author: jmc@openbsd.org <jmc@openbsd.org>
-Date:   Wed Nov 30 06:54:26 2016 +0000
-
-    upstream commit
-    
-    tweak previous; while here fix up FILES and AUTHORS;
-    
-    Upstream-ID: 93f6e54086145a75df8d8ec7d8689bdadbbac8fa
-
-commit 786d5994da79151180cb14a6cf157ebbba61c0cc
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Nov 30 03:07:37 2016 +0000
-
-    upstream commit
-    
-    add a whitelist of paths from which ssh-agent will load
-    (via ssh-pkcs11-helper) a PKCS#11 module; ok markus@
-    
-    Upstream-ID: fe79769469d9cd6d26fe0dc15751b83ef2a06e8f
-
-commit 7844f357cdd90530eec81340847783f1f1da010b
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Nov 30 03:00:05 2016 +0000
-
-    upstream commit
-    
-    Add a sshd_config DisableForwaring option that disables
-    X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as
-    anything else we might implement in the future.
-    
-    This, like the 'restrict' authorized_keys flag, is intended to be a
-    simple and future-proof way of restricting an account. Suggested as
-    a complement to 'restrict' by Jann Horn; ok markus@
-    
-    Upstream-ID: 203803f66e533a474086b38a59ceb4cf2410fcf7
-
-commit fd6dcef2030d23c43f986d26979f84619c10589d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Wed Nov 30 02:57:40 2016 +0000
-
-    upstream commit
-    
-    When a forced-command appears in both a certificate and
-    an authorized keys/principals command= restriction, refuse to accept the
-    certificate unless they are identical.
-    
-    The previous (documented) behaviour of having the certificate forced-
-    command override the other could be a bit confused and more error-prone.
-    
-    Pointed out by Jann Horn of Project Zero; ok dtucker@
-    
-    Upstream-ID: 79d811b6eb6bbe1221bf146dde6928f92d2cd05f
-
-commit 7fc4766ac78abae81ee75b22b7550720bfa28a33
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Wed Nov 30 00:28:31 2016 +0000
-
-    upstream commit
-    
-    On startup, check to see if sshd is already daemonized
-    and if so, skip the call to daemon() and do not rewrite the PidFile.  This
-    means that when sshd re-execs itself on SIGHUP the process ID will no longer
-    change.  Should address bz#2641.  ok djm@ markus@.
-    
-    Upstream-ID: 5ea0355580056fb3b25c1fd6364307d9638a37b9
-
-commit c9f880c195c65f1dddcbc4ce9d6bfea7747debcc
-Author: Damien Miller <djm@mindrot.org>
-Date:   Wed Nov 30 13:51:49 2016 +1100
-
-    factor out common PRNG reseed before privdrop
-    
-    Add a call to RAND_poll() to ensure than more than pid+time gets
-    stirred into child processes states. Prompted by analysis from Jann
-    Horn at Project Zero. ok dtucker@
-
-commit 79e4829ec81dead1b30999e1626eca589319a47f
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Nov 25 03:02:01 2016 +0000
-
-    upstream commit
-    
-    Allow PuTTY interop tests to run unattended.  bz#2639,
-    patch from cjwatson at debian.org.
-    
-    Upstream-Regress-ID: 4345253558ac23b2082aebabccd48377433b6fe0
-
-commit 504c3a9a1bf090f6b27260fc3e8ea7d984d163dc
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Nov 25 02:56:49 2016 +0000
-
-    upstream commit
-    
-    Reverse args to sshd-log-wrapper.  Matches change in
-    portable, where it allows sshd do be optionally run under Valgrind.
-    
-    Upstream-Regress-ID: b438d1c6726dc5caa2a45153e6103a0393faa906
-
-commit bd13017736ec2f8f9ca498fe109fb0035f322733
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Fri Nov 25 02:49:18 2016 +0000
-
-    upstream commit
-    
-    Fix typo in trace message; from portable.
-    
-    Upstream-Regress-ID: 4c4a2ba0d37faf5fd230a91b4c7edb5699fbd73a
-
-commit 7da751d8b007c7f3e814fd5737c2351440d78b4c
-Author: tb@openbsd.org <tb@openbsd.org>
-Date:   Tue Nov 1 13:43:27 2016 +0000
-
-    upstream commit
-    
-    Clean up MALLOC_OPTIONS.  For the unittests, move
-    MALLOC_OPTIONS and TEST_ENV to unittets/Makefile.inc.
-    
-    ok otto
-    
-    Upstream-Regress-ID: 890d497e0a38eeddfebb11cc429098d76cf29f12
-
-commit 36f58e68221bced35e06d1cca8d97c48807a8b71
-Author: tb@openbsd.org <tb@openbsd.org>
-Date:   Mon Oct 31 23:45:08 2016 +0000
-
-    upstream commit
-    
-    Remove the obsolete A and P flags from MALLOC_OPTIONS.
-    
-    ok dtucker
-    
-    Upstream-Regress-ID: 6cc25024c8174a87e5734a0dc830194be216dd59
-
-commit b0899ee26a6630883c0f2350098b6a35e647f512
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Tue Nov 29 03:54:50 2016 +0000
-
-    upstream commit
-    
-    Factor out code to disconnect from controlling terminal
-    into its own function.  ok djm@
-    
-    Upstream-ID: 39fd9e8ebd7222615a837312face5cc7ae962885
-
-commit 54d022026aae4f53fa74cc636e4a032d9689b64d
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Nov 25 23:24:45 2016 +0000
-
-    upstream commit
-    
-    use sshbuf_allocate() to pre-allocate the buffer used for
-    loading keys. This avoids implicit realloc inside the buffer code, which
-    might theoretically leave fragments of the key on the heap. This doesn't
-    appear to happen in practice for normal sized keys, but was observed for
-    novelty oversize ones.
-    
-    Pointed out by Jann Horn of Project Zero; ok markus@
-    
-    Upstream-ID: d620e1d46a29fdea56aeadeda120879eddc60ab1
-
-commit a9c746088787549bb5b1ae3add7d06a1b6d93d5e
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Nov 25 23:22:04 2016 +0000
-
-    upstream commit
-    
-    split allocation out of sshbuf_reserve() into a separate
-    sshbuf_allocate() function; ok markus@
-    
-    Upstream-ID: 11b8a2795afeeb1418d508a2c8095b3355577ec2
-
-commit f0ddedee460486fa0e32fefb2950548009e5026e
-Author: markus@openbsd.org <markus@openbsd.org>
-Date:   Wed Nov 23 23:14:15 2016 +0000
-
-    upstream commit
-    
-    allow ClientAlive{Interval,CountMax} in Match; ok dtucker,
-    djm
-    
-    Upstream-ID: 8beb4c1eadd588f1080b58932281983864979f55
-
-commit 1a6f9d2e2493d445cd9ee496e6e3c2a2f283f66a
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Tue Nov 8 22:04:34 2016 +0000
-
-    upstream commit
-    
-    unbreak DenyUsers; reported by henning@
-    
-    Upstream-ID: 1c67d4148f5e953c35acdb62e7c08ae8e33f7cb2
-
-commit 010359b32659f455fddd2bd85fd7cc4d7a3b994a
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Sun Nov 6 05:46:37 2016 +0000
-
-    upstream commit
-    
-    Validate address ranges for AllowUser/DenyUsers at
-    configuration load time and refuse to accept bad ones. It was previously
-    possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and
-    these would always match.
-    
-    Thanks to Laurence Parry for a detailed bug report. ok markus (for
-    a previous diff version)
-    
-    Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb
-
-commit efb494e81d1317209256b38b49f4280897c61e69
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Fri Oct 28 03:33:52 2016 +0000
-
-    upstream commit
-    
-    Improve pkcs11_add_provider() logging: demote some
-    excessively verbose error()s to debug()s, include PKCS#11 provider name and
-    slot in log messages where possible. bz#2610, based on patch from Jakub Jelen
-    
-    Upstream-ID: 3223ef693cfcbff9079edfc7e89f55bf63e1973d
-
-commit 5ee3fb5affd7646f141749483205ade5fc54adaf
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Tue Nov 1 08:12:33 2016 +1100
-
-    Use ptrace(PT_DENY_ATTACH, ..) on OS X.
-
-commit 315d2a4e674d0b7115574645cb51f968420ebb34
-Author: Damien Miller <djm@mindrot.org>
-Date:   Fri Oct 28 14:34:07 2016 +1100
-
-    Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL
-    
-    ok dtucker@
-
-commit a9ff3950b8e80ff971b4d44bbce96df27aed28af
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Oct 28 14:26:58 2016 +1100
-
-    Move OPENSSL_NO_RIPEMD160 to compat.
-    
-    Move OPENSSL_NO_RIPEMD160 to compat and add ifdefs to mac.c around the
-    ripemd160 MACs.
-
-commit bce58885160e5db2adda3054c3b81fe770f7285a
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Oct 28 13:52:31 2016 +1100
-
-    Check if RIPEMD160 is disabled in OpenSSL.
-
-commit d924640d4c355d1b5eca1f4cc60146a9975dbbff
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Oct 28 13:38:19 2016 +1100
-
-    Skip ssh1 specfic ciphers.
-    
-    cipher-3des1.c and cipher-bf1.c are specific to sshv1 so don't even try
-    to compile them when Protocol 1 is not enabled.
-
-commit 79d078e7a49caef746516d9710ec369ba45feab6
-Author: jsg@openbsd.org <jsg@openbsd.org>
-Date:   Tue Oct 25 04:08:13 2016 +0000
-
-    upstream commit
-    
-    Fix logic in add_local_forward() that inverted a test
-    when code was refactored out into bind_permitted().  This broke ssh port
-    forwarding for non-priv ports as a non root user.
-    
-    ok dtucker@ 'looks good' deraadt@
-    
-    Upstream-ID: ddb8156ca03cc99997de284ce7777536ff9570c9
-
-commit a903e315dee483e555c8a3a02c2946937f9b4e5d
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Mon Oct 24 01:09:17 2016 +0000
-
-    upstream commit
-    
-    Remove dead breaks, found via opencoverage.net.  ok
-    deraadt@
-    
-    Upstream-ID: ad9cc655829d67fad219762810770787ba913069
-
-commit b4e96b4c9bea4182846e4942ba2048e6d708ee54
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Wed Oct 26 08:43:25 2016 +1100
-
-    Use !=NULL instead of >0 for getdefaultproj.
-    
-    getdefaultproj() returns a pointer so test it for NULL inequality
-    instead of >0.  Fixes compiler warning and is more correct.  Patch from
-    David Binderman.
-
-commit 1c4ef0b808d3d38232aeeb1cebb7e9a43def42c5
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Sun Oct 23 22:04:05 2016 +0000
-
-    upstream commit
-    
-    Factor out "can bind to low ports" check into its own function.  This will
-    make it easier for Portable to support platforms with permissions models
-    other than uid==0 (eg bz#2625).  ok djm@, "doesn't offend me too much"
-    deraadt@.
-    
-    Upstream-ID: 86213df4183e92b8f189a6d2dac858c994bfface
-
-commit 0b9ee623d57e5de7e83e66fd61a7ba9a5be98894
-Author: dtucker@openbsd.org <dtucker@openbsd.org>
-Date:   Wed Oct 19 23:21:56 2016 +0000
-
-    upstream commit
-    
-    When tearing down ControlMaster connecctions, don't
-    pollute stderr when LogLevel=quiet.  Patch from Tim Kuijsten via tech@.
-    
-    Upstream-ID: d9b3a68b2a7c2f2fc7f74678e29a4618d55ceced
-
-commit 09e6a7d8354224933febc08ddcbc2010f542284e
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Mon Oct 24 09:06:18 2016 +1100
-
-    Wrap stdint.h include in ifdef.
-
-commit 08d9e9516e587b25127545c029e5464b2e7f2919
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Oct 21 09:46:46 2016 +1100
-
-    Fix formatting.
-
-commit 461f50e7ab8751d3a55e9158c44c13031db7ba1d
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Oct 21 06:55:58 2016 +1100
-
-    Update links to https.
-    
-    www.openssh.com now supports https and ftp.openbsd.org no longer
-    supports ftp.  Make all links to these https.
-
-commit dd4e7212a6141f37742de97795e79db51e4427ad
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Oct 21 06:48:46 2016 +1100
-
-    Update host key generation examples.
-    
-    Remove ssh1 host key generation, add ssh-keygen -A
-
-commit 6d49ae82634c67e9a4d4af882bee20b40bb8c639
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Fri Oct 21 05:22:55 2016 +1100
-
-    Update links.
-    
-    Make links to openssh.com HTTPS now that it's supported, point release
-    notes link to the HTML release notes page, and update a couple of other
-    links and bits of text.
-
-commit fe0d1ca6ace06376625084b004ee533f2c2ea9d6
-Author: Darren Tucker <dtucker@zip.com.au>
-Date:   Thu Oct 20 03:42:09 2016 +1100
-
-    Remote channels .orig and .rej files.
-    
-    These files were incorrectly added during an OpenBSD sync.
Index: INSTALL
===================================================================
--- INSTALL
+++ INSTALL
@@ -13,33 +13,39 @@
 Zlib 1.1.4 or 1.2.1.2 or greater (earlier 1.2.x versions have problems):
 http://www.gzip.org/zlib/
 
-libcrypto (LibreSSL or OpenSSL >= 1.0.1 < 1.1.0)
-LibreSSL http://www.libressl.org/ ; or
-OpenSSL http://www.openssl.org/
+libcrypto from either of:
+ - LibreSSL (https://www.libressl.org/)
+ - OpenSSL (https://www.openssl.org) with any of the following versions:
+   - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
 
 LibreSSL/OpenSSL should be compiled as a position-independent library
 (i.e. with -fPIC) otherwise OpenSSH will not be able to link with it.
 If you must use a non-position-independent libcrypto, then you may need
-to configure OpenSSH --without-pie.  Note that because of API changes,
-OpenSSL 1.1.x is not currently supported.
+to configure OpenSSH --without-pie.  Note that due to a bug in EVP_CipherInit
+OpenSSL 1.1 versions prior to 1.1.0g can't be used.
 
+To support Privilege Separation (which is now required) you will need
+to create the user, group and directory used by sshd for privilege
+separation.  See README.privsep for details.
+
 The remaining items are optional.
 
 NB. If you operating system supports /dev/random, you should configure
 libcrypto (LibreSSL/OpenSSL) to use it. OpenSSH relies on libcrypto's
-direct support of /dev/random, or failing that, either prngd or egd
+direct support of /dev/random, or failing that, either prngd or egd.
 
 PRNGD:
 
 If your system lacks kernel-based random collection, the use of Lutz
-Jaenicke's PRNGd is recommended.
+Jaenicke's PRNGd is recommended. It requires that libcrypto be configured
+to support it.
 
 http://prngd.sourceforge.net/
 
 EGD:
 
-If the kernel lacks /dev/random the Entropy Gathering Daemon (EGD) is
-supported only if libcrypto supports it.
+The Entropy Gathering Daemon (EGD) suppports the same interface as prngd.
+It also supported only if libcrypto is configured to support it.
 
 http://egd.sourceforge.net/
 
@@ -130,10 +136,6 @@
 
 This will install the binaries in /opt/{bin,lib,sbin}, but will place the
 configuration files in /etc/ssh.
-
-If you are using Privilege Separation (which is enabled by default)
-then you will also need to create the user, group and directory used by
-sshd for privilege separation.  See README.privsep for details.
 
 If you are using PAM, you may need to manually install a PAM control
 file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
Index: Makefile.in
===================================================================
--- Makefile.in
+++ Makefile.in
@@ -87,10 +87,10 @@
 	authfd.o authfile.o \
 	canohost.o channels.o cipher.o cipher-aes.o cipher-aesctr.o \
 	cipher-ctr.o cleanup.o \
-	compat.o crc32.o fatal.o hostfile.o \
-	log.o match.o moduli.o nchan.o packet.o opacket.o \
+	compat.o fatal.o hostfile.o \
+	log.o match.o moduli.o nchan.o packet.o \
 	readpass.o ttymodes.o xmalloc.o addrmatch.o \
-	atomicio.o dispatch.o mac.o uuencode.o misc.o utf8.o \
+	atomicio.o dispatch.o mac.o misc.o utf8.o \
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
 	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
 	ssh-pkcs11.o smult_curve25519_ref.o \
@@ -98,10 +98,11 @@
 	ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
 	sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
 	kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
-	kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \
-	kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
+	kexgexc.o kexgexs.o \
+	sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
 	platform-pledge.o platform-tracing.o platform-misc.o
 
+
 SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
 	sshconnect.o sshconnect2.o mux.o
 
@@ -115,7 +116,7 @@
 	monitor.o monitor_wrap.o auth-krb5.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
-	sftp-server.o sftp-common.o \
+	sftp-server.o sftp-common.o sftp-realpath.o \
 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
 	sandbox-solaris.o uidswap.o
@@ -150,12 +151,17 @@
 FIXALGORITHMSCMD= $(SHELL) $(srcdir)/fixalgorithms $(SED) \
 		     @UNSUPPORTED_ALGORITHMS@
 
-all: $(CONFIGFILES) $(MANPAGES) $(TARGETS)
+all: configure-check $(CONFIGFILES) $(MANPAGES) $(TARGETS)
 
 $(LIBSSH_OBJS): Makefile.in config.h
 $(SSHOBJS): Makefile.in config.h
 $(SSHDOBJS): Makefile.in config.h
+configure-check: $(srcdir)/configure
 
+$(srcdir)/configure: configure.ac aclocal.m4
+	@echo "ERROR: configure is out of date; please run ${AUTORECONF} (and configure)" 1>&2
+	@exit 1
+
 .c.o:
 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
 
@@ -183,10 +189,10 @@
 ssh-agent$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-agent.o ssh-pkcs11-client.o
 	$(LD) -o $@ ssh-agent.o ssh-pkcs11-client.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
-ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o
-	$(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ssh-keygen$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keygen.o sshsig.o
+	$(LD) -o $@ ssh-keygen.o sshsig.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
-ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o
+ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o readconf.o uidswap.o compat.o
 	$(LD) -o $@ ssh-keysign.o readconf.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
@@ -195,8 +201,8 @@
 ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 
-sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
-	$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-realpath.o sftp-server-main.o
+	$(LD) -o $@ sftp-server.o sftp-common.o sftp-realpath.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
 
 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
 	$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
@@ -571,11 +577,14 @@
 	$(LD) -o $@ $(LDFLAGS) $(MISC_KEX_FUZZ_OBJS) \
 	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
-regress-binaries: regress/modpipe$(EXEEXT) \
+regress-binaries: regress-prep $(LIBCOMPAT) \
+	regress/modpipe$(EXEEXT) \
 	regress/setuid-allowed$(EXEEXT) \
 	regress/netcat$(EXEEXT) \
 	regress/check-perm$(EXEEXT) \
-	regress/mkdtemp$(EXEEXT) \
+	regress/mkdtemp$(EXEEXT)
+
+regress-unit-binaries: regress-prep $(REGRESSLIBS) \
 	regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
 	regress/unittests/sshkey/test_sshkey$(EXEEXT) \
 	regress/unittests/bitmap/test_bitmap$(EXEEXT) \
@@ -586,8 +595,19 @@
 	regress/unittests/utf8/test_utf8$(EXEEXT) \
 	regress/misc/kexfuzz/kexfuzz$(EXEEXT)
 
-tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
+tests:	file-tests t-exec interop-tests unit
+	echo all tests passed
+
+unit: regress-unit-binaries
 	BUILDDIR=`pwd`; \
+	cd $(srcdir)/regress || exit $$?; \
+	$(MAKE) \
+		.OBJDIR="$${BUILDDIR}/regress" \
+		.CURDIR="`pwd`" \
+		$@ && echo $@ tests passed
+
+interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
+	BUILDDIR=`pwd`; \
 	TEST_SSH_SCP="$${BUILDDIR}/scp"; \
 	TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
 	TEST_SSH_SSHD="$${BUILDDIR}/sshd"; \
@@ -598,6 +618,7 @@
 	TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan"; \
 	TEST_SSH_SFTP="$${BUILDDIR}/sftp"; \
 	TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server"; \
+	TEST_SSH_SSHPKCS11HELPER="$${BUILDDIR}/ssh-pkcs11-helper"; \
 	TEST_SSH_PLINK="plink"; \
 	TEST_SSH_PUTTYGEN="puttygen"; \
 	TEST_SSH_CONCH="conch"; \
@@ -631,7 +652,7 @@
 		TEST_SSH_ECC="$${TEST_SSH_ECC}" \
 		TEST_SHELL="${TEST_SHELL}" \
 		EXEEXT="$(EXEEXT)" \
-		$@ && echo all tests passed
+		$@ && echo all $@ passed
 
 compat-tests: $(LIBCOMPAT)
 	(cd openbsd-compat/regress && $(MAKE))
Index: OVERVIEW
===================================================================
--- OVERVIEW
+++ OVERVIEW
@@ -34,11 +34,12 @@
 
     - Ssh contains several encryption algorithms.  These are all
       accessed through the cipher.h interface.  The interface code is
-      in cipher.c, and the implementations are in libc.
+      in cipher.c, and the implementations are either in libc or
+      LibreSSL.
 
   Multiple Precision Integer Library
 
-    - Uses the SSLeay BIGNUM sublibrary.
+    - Uses the LibreSSL BIGNUM sublibrary.
 
   Random Numbers
 
@@ -158,4 +159,4 @@
 	uidswap.c    uid-swapping
 	xmalloc.c    "safe" malloc routines
 
-$OpenBSD: OVERVIEW,v 1.14 2018/07/27 03:55:22 dtucker Exp $
+$OpenBSD: OVERVIEW,v 1.15 2018/10/23 05:56:35 djm Exp $
Index: PROTOCOL.certkeys
===================================================================
--- PROTOCOL.certkeys
+++ PROTOCOL.certkeys
@@ -36,6 +36,7 @@
     ecdsa-sha2-nistp256-cert-v01@openssh.com
     ecdsa-sha2-nistp384-cert-v01@openssh.com
     ecdsa-sha2-nistp521-cert-v01@openssh.com
+    ssh-ed25519-cert-v01@openssh.com
 
 Two additional types exist for RSA certificates to force use of
 SHA-2 signatures (SHA-256 and SHA-512 respectively):
@@ -303,4 +304,4 @@
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.16 2018/10/26 01:23:03 djm Exp $
Index: PROTOCOL.sshsig
===================================================================
--- /dev/null
+++ PROTOCOL.sshsig
@@ -0,0 +1,99 @@
+This document describes a lightweight SSH Signature format
+that is compatible with SSH keys and wire formats.
+
+At present, only detached and armored signatures are supported.
+
+1. Armored format
+
+The Armored SSH signatures consist of a header, a base64
+encoded blob, and a footer.
+
+The header is the string "-----BEGIN SSH SIGNATURE-----"
+followed by a newline. The footer is the string
+"-----END SSH SIGNATURE-----" immediately after a newline.
+
+The header MUST be present at the start of every signature.
+Files containing the signature MUST start with the header.
+Likewise, the footer MUST be present at the end of every
+signature.
+
+The base64 encoded blob SHOULD be broken up by newlines
+every 76 characters.
+
+Example:
+
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgJKxoLBJBivUPNTUJUSslQTt2hD
+jozKvHarKeN8uYFqgAAAADZm9vAAAAAAAAAFMAAAALc3NoLWVkMjU1MTkAAABAKNC4IEbt
+Tq0Fb56xhtuE1/lK9H9RZJfON4o6hE9R4ZGFX98gy0+fFJ/1d2/RxnZky0Y7GojwrZkrHT
+FgCqVWAQ==
+-----END SSH SIGNATURE-----
+
+2. Blob format
+
+#define MAGIC_PREAMBLE "SSHSIG"
+#define SIG_VERSION    0x01
+
+        byte[6]   MAGIC_PREAMBLE
+        uint32    SIG_VERSION
+        string    publickey
+        string    namespace
+        string    reserved
+        string    hash_algorithm
+        string    signature
+
+The publickey field MUST contain the serialisation of the
+public key used to make the signature using the usual SSH
+encoding rules, i.e RFC4253, RFC5656,
+draft-ietf-curdle-ssh-ed25519-ed448, etc.
+
+Verifiers MUST reject signatures with versions greater than those
+they support.
+
+The purpose of the namespace value is to specify a unambiguous
+interpretation domain for the signature, e.g. file signing.
+This prevents cross-protocol attacks caused by signatures
+intended for one intended domain being accepted in another.
+The namespace value MUST NOT be the empty string.
+
+The reserved value is present to encode future information
+(e.g. tags) into the signature. Implementations should ignore
+the reserved field if it is not empty.
+
+Data to be signed is first hashed with the specified hash_algorithm.
+This is done to limit the amount of data presented to the signature
+operation, which may be of concern if the signing key is held in limited
+or slow hardware or on a remote ssh-agent. The supported hash algorithms
+are "sha256" and "sha512".
+
+The signature itself is made using the SSH signature algorithm and
+encoding rules for the chosen key type. For RSA signatures, the
+signature algorithm must be "rsa-sha2-512" or "rsa-sha2-256" (i.e.
+not the legacy RSA-SHA1 "ssh-rsa").
+
+This blob is encoded as a string using the RFC4243 encoding
+rules and base64 encoded to form the middle part of the
+armored signature.
+
+
+3. Signed Data, of which the signature goes into the blob above
+
+#define MAGIC_PREAMBLE "SSHSIG"
+
+        byte[6]   MAGIC_PREAMBLE
+        string    namespace
+        string    reserved
+        string    hash_algorithm
+        string    H(message)
+
+The preamble is the six-byte sequence "SSHSIG". It is included to
+ensure that manual signatures can never be confused with any message
+signed during SSH user or host authentication.
+
+The reserved value is present to encode future information
+(e.g. tags) into the signature. Implementations should ignore
+the reserved field if it is not empty.
+
+The data is concatenated and passed to the SSH signing
+function.
+
Index: README
===================================================================
--- README
+++ README
@@ -1,4 +1,4 @@
-See https://www.openssh.com/releasenotes.html#7.9p1 for the release notes.
+See https://www.openssh.com/releasenotes.html#8.1p1 for the release notes.
 
 Please read https://www.openssh.com/report.html for bug reporting
 instructions and note that we do not use Github for bug reporting or
Index: README.md
===================================================================
--- /dev/null
+++ README.md
@@ -0,0 +1,74 @@
+# Portable OpenSSH
+
+OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
+
+This is a port of OpenBSD's [OpenSSH](https://openssh.com) to most Unix-like operating systems, including Linux, OS X and Cygwin. Portable OpenSSH polyfills OpenBSD APIs that are not available elsewhere, adds sshd sandboxing for more operating systems and includes support for OS-native authentication and auditing (e.g. using PAM).
+
+## Documentation
+
+The official documentation for OpenSSH are the man pages for each tool:
+
+* [ssh(1)](https://man.openbsd.org/ssh.1)
+* [sshd(8)](https://man.openbsd.org/sshd.8)
+* [ssh-keygen(1)](https://man.openbsd.org/ssh-keygen.1)
+* [ssh-agent(1)](https://man.openbsd.org/ssh-agent.1)
+* [scp(1)](https://man.openbsd.org/scp.1)
+* [sftp(1)](https://man.openbsd.org/sftp.1)
+* [ssh-keyscan(8)](https://man.openbsd.org/ssh-keyscan.8)
+* [sftp-server(8)](https://man.openbsd.org/sftp-server.8)
+
+## Stable Releases
+
+Stable release tarballs are available from a number of [download mirrors](https://www.openssh.com/portable.html#downloads). We recommend the use of a stable release for most users. Please read the [release notes](https://www.openssh.com/releasenotes.html) for details of recent changes and potential incompatibilities.
+
+## Building Portable OpenSSH
+
+### Dependencies
+
+Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, as well as [zlib](https://www.zlib.net/) and ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) to build. Certain platforms and build-time options may require additional dependencies.
+
+### Building a release
+
+Releases include a pre-built copy of the ``configure`` script and may be built using:
+
+```
+tar zxvf openssh-X.Y.tar.gz
+cd openssh
+./configure # [options]
+make && make tests
+```
+
+See the [Build-time Customisation](#build-time-customisation) section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths.
+ 
+### Building from git
+
+If building from git, you'll need [autoconf](https://www.gnu.org/software/autoconf/) installed to build the ``configure`` script. The following commands will check out and build portable OpenSSH from git:
+
+```
+git clone https://github.com/openssh/openssh-portable # or https://anongit.mindrot.org/openssh.git
+cd openssh-portable
+autoreconf
+./configure
+make && make tests
+```
+
+### Build-time Customisation
+
+There are many build-time customisation options available. All Autoconf destination path flags (e.g. ``--prefix``) are supported (and are usually required if you want to install OpenSSH).
+
+For a full list of available flags, run ``configure --help`` but a few of the more frequently-used ones are described below. Some of these flags will require additional libraries and/or headers be installed.
+
+Flag | Meaning
+--- | ---
+``--with-pam`` | Enable [PAM](https://en.wikipedia.org/wiki/Pluggable_authentication_module) support. [OpenPAM](https://www.openpam.org/), [Linux PAM](http://www.linux-pam.org/) and Solaris PAM are supported.
+``--with-libedit`` | Enable [libedit](https://www.thrysoee.dk/editline/) support for sftp.
+``--with-kerberos5`` | Enable Kerberos/GSSAPI support. Both [Heimdal](https://www.h5l.org/) and [MIT](https://web.mit.edu/kerberos/) Kerberos implementations are supported.
+``--with-selinux`` | Enable [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux) support.
+
+## Development
+
+Portable OpenSSH development is discussed on the [openssh-unix-dev mailing list](https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev) ([archive mirror](https://marc.info/?l=openssh-unix-dev)). Bugs and feature requests are tracked on our [Bugzilla](https://bugzilla.mindrot.org/).
+
+## Reporting bugs
+
+_Non-security_ bugs may be reported to the developers via [Bugzilla](https://bugzilla.mindrot.org/) or via the mailing list above. Security bugs should be reported to [openssh@openssh.com](mailto:openssh.openssh.com).
Index: README.privsep
===================================================================
--- README.privsep
+++ README.privsep
@@ -5,13 +5,10 @@
 More information is available at:
 	http://www.citi.umich.edu/u/provos/ssh/privsep.html
 
-Privilege separation is now enabled by default; see the
-UsePrivilegeSeparation option in sshd_config(5).
-
-When privsep is enabled, during the pre-authentication phase sshd will
-chroot(2) to "/var/empty" and change its privileges to the "sshd" user
-and its primary group.  sshd is a pseudo-account that should not be
-used by other daemons, and must be locked and should contain a
+Privilege separation is now mandatory.  During the pre-authentication
+phase sshd will chroot(2) to "/var/empty" and change its privileges to the
+"sshd" user and its primary group.  sshd is a pseudo-account that should
+not be used by other daemons, and must be locked and should contain a
 "nologin" or invalid shell.
 
 You should do something like the following to prepare the privsep
Index: atomicio.h
===================================================================
--- atomicio.h
+++ atomicio.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: atomicio.h,v 1.11 2010/09/22 22:58:51 djm Exp $ */
+/* $OpenBSD: atomicio.h,v 1.12 2018/12/27 03:25:25 djm Exp $ */
 
 /*
  * Copyright (c) 2006 Damien Miller.  All rights reserved.
@@ -28,6 +28,8 @@
 
 #ifndef _ATOMICIO_H
 #define _ATOMICIO_H
+
+struct iovec;
 
 /*
  * Ensure all of data on socket comes through. f==read || f==vwrite
Index: atomicio.c
===================================================================
--- atomicio.c
+++ atomicio.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: atomicio.c,v 1.28 2016/07/27 23:18:12 djm Exp $ */
+/* $OpenBSD: atomicio.c,v 1.30 2019/01/24 02:42:23 dtucker Exp $ */
 /*
  * Copyright (c) 2006 Damien Miller. All rights reserved.
  * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
@@ -57,20 +57,25 @@
 	ssize_t res;
 	struct pollfd pfd;
 
-#ifndef BROKEN_READ_COMPARISON
 	pfd.fd = fd;
+#ifndef BROKEN_READ_COMPARISON
 	pfd.events = f == read ? POLLIN : POLLOUT;
+#else
+	pfd.events = POLLIN|POLLOUT;
 #endif
 	while (n > pos) {
 		res = (f) (fd, s + pos, n - pos);
 		switch (res) {
 		case -1:
-			if (errno == EINTR)
+			if (errno == EINTR) {
+				/* possible SIGALARM, update callback */
+				if (cb != NULL && cb(cb_arg, 0) == -1) {
+					errno = EINTR;
+					return pos;
+				}
 				continue;
-			if (errno == EAGAIN || errno == EWOULDBLOCK) {
-#ifndef BROKEN_READ_COMPARISON
+			} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
 				(void)poll(&pfd, 1, -1);
-#endif
 				continue;
 			}
 			return 0;
@@ -114,20 +119,25 @@
 	/* Make a copy of the iov array because we may modify it below */
 	memcpy(iov, _iov, (size_t)iovcnt * sizeof(*_iov));
 
-#ifndef BROKEN_READV_COMPARISON
 	pfd.fd = fd;
+#ifndef BROKEN_READV_COMPARISON
 	pfd.events = f == readv ? POLLIN : POLLOUT;
+#else
+	pfd.events = POLLIN|POLLOUT;
 #endif
 	for (; iovcnt > 0 && iov[0].iov_len > 0;) {
 		res = (f) (fd, iov, iovcnt);
 		switch (res) {
 		case -1:
-			if (errno == EINTR)
+			if (errno == EINTR) {
+				/* possible SIGALARM, update callback */
+				if (cb != NULL && cb(cb_arg, 0) == -1) {
+					errno = EINTR;
+					return pos;
+				}
 				continue;
-			if (errno == EAGAIN || errno == EWOULDBLOCK) {
-#ifndef BROKEN_READV_COMPARISON
+			} else if (errno == EAGAIN || errno == EWOULDBLOCK) {
 				(void)poll(&pfd, 1, -1);
-#endif
 				continue;
 			}
 			return 0;
Index: audit-bsm.c
===================================================================
--- audit-bsm.c
+++ audit-bsm.c
@@ -391,7 +391,7 @@
 }
 
 void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	char    textbuf[BSM_TEXTBUFSZ];
 	static int logged_in = 0;
Index: audit-linux.c
===================================================================
--- audit-linux.c
+++ audit-linux.c
@@ -97,10 +97,8 @@
 }
 
 void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
-	struct ssh *ssh = active_state; /* XXX */
-
 	switch(event) {
 	case SSH_AUTH_SUCCESS:
 	case SSH_CONNECTION_CLOSE:
Index: audit.h
===================================================================
--- audit.h
+++ audit.h
@@ -27,6 +27,8 @@
 
 #include "loginrec.h"
 
+struct ssh;
+
 enum ssh_audit_event_type {
 	SSH_LOGIN_EXCEED_MAXTRIES,
 	SSH_LOGIN_ROOT_DENIED,
@@ -46,7 +48,7 @@
 typedef enum ssh_audit_event_type ssh_audit_event_t;
 
 void	audit_connection_from(const char *, int);
-void	audit_event(ssh_audit_event_t);
+void	audit_event(struct ssh *, ssh_audit_event_t);
 void	audit_session_open(struct logininfo *);
 void	audit_session_close(struct logininfo *);
 void	audit_run_command(const char *);
Index: audit.c
===================================================================
--- audit.c
+++ audit.c
@@ -131,7 +131,7 @@
  * events and what they mean).
  */
 void
-audit_event(ssh_audit_event_t event)
+audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	debug("audit event euid %d user %s event %d (%s)", geteuid(),
 	    audit_username(), event, audit_event_lookup(event));
Index: auth-bsdauth.c
===================================================================
--- auth-bsdauth.c
+++ auth-bsdauth.c
@@ -29,8 +29,6 @@
 #include <stdarg.h>
 #include <stdio.h>
 
-#include <stdarg.h>
-
 #ifdef BSD_AUTH
 #include "xmalloc.h"
 #include "sshkey.h"
Index: auth-options.h
===================================================================
--- auth-options.h
+++ auth-options.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.h,v 1.27 2018/06/06 18:23:32 djm Exp $ */
+/* $OpenBSD: auth-options.h,v 1.28 2019/07/09 04:15:00 djm Exp $ */
 
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
@@ -21,6 +21,9 @@
 
 struct passwd;
 struct sshkey;
+
+/* Maximum number of permitopen/permitlisten directives to accept */
+#define SSH_AUTHOPT_PERMIT_MAX 4096
 
 /*
  * sshauthopt represents key options parsed from authorized_keys or
Index: auth-options.c
===================================================================
--- auth-options.c
+++ auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.84 2018/10/03 06:38:35 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.89 2019/09/13 04:36:43 dtucker Exp $ */
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
  *
@@ -19,6 +19,7 @@
 
 #include <sys/types.h>
 
+#include <stdlib.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <string.h>
@@ -39,76 +40,7 @@
 #include "ssh2.h"
 #include "auth-options.h"
 
-/*
- * Match flag 'opt' in *optsp, and if allow_negate is set then also match
- * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
- * if negated option matches.
- * If the option or negated option matches, then *optsp is updated to
- * point to the first character after the option.
- */
 static int
-opt_flag(const char *opt, int allow_negate, const char **optsp)
-{
-	size_t opt_len = strlen(opt);
-	const char *opts = *optsp;
-	int negate = 0;
-
-	if (allow_negate && strncasecmp(opts, "no-", 3) == 0) {
-		opts += 3;
-		negate = 1;
-	}
-	if (strncasecmp(opts, opt, opt_len) == 0) {
-		*optsp = opts + opt_len;
-		return negate ? 0 : 1;
-	}
-	return -1;
-}
-
-static char *
-opt_dequote(const char **sp, const char **errstrp)
-{
-	const char *s = *sp;
-	char *ret;
-	size_t i;
-
-	*errstrp = NULL;
-	if (*s != '"') {
-		*errstrp = "missing start quote";
-		return NULL;
-	}
-	s++;
-	if ((ret = malloc(strlen((s)) + 1)) == NULL) {
-		*errstrp = "memory allocation failed";
-		return NULL;
-	}
-	for (i = 0; *s != '\0' && *s != '"';) {
-		if (s[0] == '\\' && s[1] == '"')
-			s++;
-		ret[i++] = *s++;
-	}
-	if (*s == '\0') {
-		*errstrp = "missing end quote";
-		free(ret);
-		return NULL;
-	}
-	ret[i] = '\0';
-	s++;
-	*sp = s;
-	return ret;
-}
-
-static int
-opt_match(const char **opts, const char *term)
-{
-	if (strncasecmp((*opts), term, strlen(term)) == 0 &&
-	    (*opts)[strlen(term)] == '=') {
-		*opts += strlen(term) + 1;
-		return 1;
-	}
-	return 0;
-}
-
-static int
 dup_strings(char ***dstp, size_t *ndstp, char **src, size_t nsrc)
 {
 	char **dst;
@@ -320,7 +252,7 @@
 	size_t npermits = *npermitsp;
 	const char *errstr = "unknown error";
 
-	if (npermits > INT_MAX) {
+	if (npermits > SSH_AUTHOPT_PERMIT_MAX) {
 		*errstrp = "too many permission directives";
 		return -1;
 	}
@@ -332,7 +264,8 @@
 		 * Allow a bare port number in permitlisten to indicate a
 		 * listen_host wildcard.
 		 */
-		if (asprintf(&tmp, "*:%s", opt) < 0) {
+		if (asprintf(&tmp, "*:%s", opt) == -1) {
+			free(opt);
 			*errstrp = "memory allocation failed";
 			return -1;
 		}
Index: auth-pam.h
===================================================================
--- auth-pam.h
+++ auth-pam.h
@@ -27,7 +27,7 @@
 
 struct ssh;
 
-void start_pam(Authctxt *);
+void start_pam(struct ssh *);
 void finish_pam(void);
 u_int do_pam_account(void);
 void do_pam_session(struct ssh *);
Index: auth-pam.c
===================================================================
--- auth-pam.c
+++ auth-pam.c
@@ -197,7 +197,7 @@
 	switch ((pid = fork())) {
 	case -1:
 		error("fork(): %s", strerror(errno));
-		return (-1);
+		return errno;
 	case 0:
 		close(ctx->pam_psock);
 		ctx->pam_psock = -1;
@@ -248,6 +248,9 @@
 static char **sshpam_env = NULL;
 static Authctxt *sshpam_authctxt = NULL;
 static const char *sshpam_password = NULL;
+static char *sshpam_rhost = NULL;
+static char *sshpam_laddr = NULL;
+static char *sshpam_conninfo = NULL;
 
 /* Some PAM implementations don't implement this */
 #ifndef HAVE_PAM_GETENVLIST
@@ -255,7 +258,7 @@
 pam_getenvlist(pam_handle_t *pamh)
 {
 	/*
-	 * XXX - If necessary, we can still support envrionment passing
+	 * XXX - If necessary, we can still support environment passing
 	 * for platforms without pam_getenvlist by searching for known
 	 * env vars (e.g. KRB5CCNAME) from the PAM environment.
 	 */
@@ -263,6 +266,14 @@
 }
 #endif
 
+#ifndef HAVE_PAM_PUTENV
+static int
+pam_putenv(pam_handle_t *pamh, const char *name_value)
+{
+	return PAM_SUCCESS;
+}
+#endif /* HAVE_PAM_PUTENV */
+
 /*
  * Some platforms, notably Solaris, do not enforce password complexity
  * rules during pam_chauthtok() if the real uid of the calling process
@@ -357,13 +368,11 @@
 	for (i = 0; i < num_env; i++) {
 		if ((r = sshbuf_get_cstring(b, &env, NULL)) != 0)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
-#ifdef HAVE_PAM_PUTENV
 		/* Errors are not fatal here */
 		if ((r = pam_putenv(sshpam_handle, env)) != PAM_SUCCESS) {
 			error("PAM: pam_putenv: %s",
 			    pam_strerror(sshpam_handle, r));
 		}
-#endif
 		/* XXX leak env? */
 	}
 #endif
@@ -532,7 +541,7 @@
 	for (i = 0; environ[i] != NULL; i++) {
 		/* Count */
 		if (i > INT_MAX)
-			fatal("%s: too many enviornment strings", __func__);
+			fatal("%s: too many environment strings", __func__);
 	}
 	if ((r = sshbuf_put_u32(buffer, i)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@@ -545,7 +554,7 @@
 	for (i = 0; env_from_pam != NULL && env_from_pam[i] != NULL; i++) {
 		/* Count */
 		if (i > INT_MAX)
-			fatal("%s: too many PAM enviornment strings", __func__);
+			fatal("%s: too many PAM environment strings", __func__);
 	}
 	if ((r = sshbuf_put_u32(buffer, i)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
@@ -669,13 +678,17 @@
 }
 
 static int
-sshpam_init(Authctxt *authctxt)
+sshpam_init(struct ssh *ssh, Authctxt *authctxt)
 {
-	const char *pam_rhost, *pam_user, *user = authctxt->user;
+	const char *pam_user, *user = authctxt->user;
 	const char **ptr_pam_user = &pam_user;
-	struct ssh *ssh = active_state; /* XXX */
 
-	if (sshpam_handle != NULL) {
+	if (sshpam_handle == NULL) {
+		if (ssh == NULL) {
+			fatal("%s: called initially with no "
+			    "packet context", __func__);
+		}
+	} if (sshpam_handle != NULL) {
 		/* We already have a PAM context; check if the user matches */
 		sshpam_err = pam_get_item(sshpam_handle,
 		    PAM_USER, (sshpam_const void **)ptr_pam_user);
@@ -694,14 +707,33 @@
 		sshpam_handle = NULL;
 		return (-1);
 	}
-	pam_rhost = auth_get_canonical_hostname(ssh, options.use_dns);
-	debug("PAM: setting PAM_RHOST to \"%s\"", pam_rhost);
-	sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST, pam_rhost);
-	if (sshpam_err != PAM_SUCCESS) {
-		pam_end(sshpam_handle, sshpam_err);
-		sshpam_handle = NULL;
-		return (-1);
+
+	if (ssh != NULL && sshpam_rhost == NULL) {
+		/*
+		 * We need to cache these as we don't have packet context
+		 * during the kbdint flow.
+		 */
+		sshpam_rhost = xstrdup(auth_get_canonical_hostname(ssh,
+		    options.use_dns));
+	        sshpam_laddr = get_local_ipaddr(
+		    ssh_packet_get_connection_in(ssh));
+	        xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
+		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+		    sshpam_laddr, ssh_local_port(ssh));
 	}
+	if (sshpam_rhost != NULL) {
+		debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);
+		sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST,
+		    sshpam_rhost);
+		if (sshpam_err != PAM_SUCCESS) {
+			pam_end(sshpam_handle, sshpam_err);
+			sshpam_handle = NULL;
+			return (-1);
+		}
+		/* Put SSH_CONNECTION in the PAM environment too */
+		pam_putenv(sshpam_handle, sshpam_conninfo);
+	}
+
 #ifdef PAM_TTY_KLUDGE
 	/*
 	 * Some silly PAM modules (e.g. pam_time) require a TTY to operate.
@@ -744,7 +776,7 @@
 sshpam_init_ctx(Authctxt *authctxt)
 {
 	struct pam_ctxt *ctxt;
-	int socks[2];
+	int result, socks[2];
 
 	debug3("PAM: %s entering", __func__);
 	/*
@@ -755,7 +787,7 @@
 		return NULL;
 
 	/* Initialize PAM */
-	if (sshpam_init(authctxt) == -1) {
+	if (sshpam_init(NULL, authctxt) == -1) {
 		error("PAM: initialization failed");
 		return (NULL);
 	}
@@ -771,9 +803,10 @@
 	}
 	ctxt->pam_psock = socks[0];
 	ctxt->pam_csock = socks[1];
-	if (pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt) == -1) {
+	result = pthread_create(&ctxt->pam_thread, NULL, sshpam_thread, ctxt);
+	if (result != 0) {
 		error("PAM: failed to start authentication thread: %s",
-		    strerror(errno));
+		    strerror(result));
 		close(socks[0]);
 		close(socks[1]);
 		free(ctxt);
@@ -787,7 +820,6 @@
 sshpam_query(void *ctx, char **name, char **info,
     u_int *num, char ***prompts, u_int **echo_on)
 {
-	struct ssh *ssh = active_state; /* XXX */
 	struct sshbuf *buffer;
 	struct pam_ctxt *ctxt = ctx;
 	size_t plen;
@@ -819,6 +851,7 @@
 			plen += mlen;
 			**echo_on = (type == PAM_PROMPT_ECHO_ON);
 			free(msg);
+			sshbuf_free(buffer);
 			return (0);
 		case PAM_ERROR_MSG:
 		case PAM_TEXT_INFO:
@@ -847,6 +880,7 @@
 				**echo_on = 0;
 				ctxt->pam_done = -1;
 				free(msg);
+				sshbuf_free(buffer);
 				return 0;
 			}
 			/* FALLTHROUGH */
@@ -873,21 +907,23 @@
 				**echo_on = 0;
 				ctxt->pam_done = 1;
 				free(msg);
+				sshbuf_free(buffer);
 				return (0);
 			}
 			error("PAM: %s for %s%.100s from %.100s", msg,
 			    sshpam_authctxt->valid ? "" : "illegal user ",
-			    sshpam_authctxt->user,
-			    auth_get_canonical_hostname(ssh, options.use_dns));
+			    sshpam_authctxt->user, sshpam_rhost);
 			/* FALLTHROUGH */
 		default:
 			*num = 0;
 			**echo_on = 0;
 			free(msg);
 			ctxt->pam_done = -1;
+			sshbuf_free(buffer);
 			return (-1);
 		}
 	}
+	sshbuf_free(buffer);
 	return (-1);
 }
 
@@ -995,12 +1031,14 @@
  * This replaces auth-pam.c
  */
 void
-start_pam(Authctxt *authctxt)
+start_pam(struct ssh *ssh)
 {
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
+
 	if (!options.use_pam)
 		fatal("PAM: initialisation requested when UsePAM=no");
 
-	if (sshpam_init(authctxt) == -1)
+	if (sshpam_init(ssh, authctxt) == -1)
 		fatal("PAM: initialisation failed");
 }
 
@@ -1179,7 +1217,6 @@
 do_pam_putenv(char *name, char *value)
 {
 	int ret = 1;
-#ifdef HAVE_PAM_PUTENV
 	char *compound;
 	size_t len;
 
@@ -1189,7 +1226,6 @@
 	snprintf(compound, len, "%s=%s", name, value);
 	ret = pam_putenv(sshpam_handle, compound);
 	free(compound);
-#endif
 
 	return (ret);
 }
Index: auth-rhosts.c
===================================================================
--- auth-rhosts.c
+++ auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.49 2018/07/09 21:35:50 markus Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.51 2019/10/02 00:42:30 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -38,7 +38,6 @@
 #include "sshkey.h"
 #include "servconf.h"
 #include "canohost.h"
-#include "sshkey.h"
 #include "hostfile.h"
 #include "auth.h"
 
@@ -222,8 +221,8 @@
 	 * are no system-wide files.
 	 */
 	if (!rhosts_files[rhosts_file_index] &&
-	    stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
-	    stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0) {
+	    stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
+	    stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
 		debug3("%s: no hosts access files exist", __func__);
 		return 0;
 	}
@@ -253,7 +252,7 @@
 	 * Check that the home directory is owned by root or the user, and is
 	 * not group or world writable.
 	 */
-	if (stat(pw->pw_dir, &st) < 0) {
+	if (stat(pw->pw_dir, &st) == -1) {
 		logit("Rhosts authentication refused for %.100s: "
 		    "no home directory %.200s", pw->pw_name, pw->pw_dir);
 		auth_debug_add("Rhosts authentication refused for %.100s: "
@@ -278,7 +277,7 @@
 		/* Check users .rhosts or .shosts. */
 		snprintf(buf, sizeof buf, "%.500s/%.100s",
 			 pw->pw_dir, rhosts_files[rhosts_file_index]);
-		if (stat(buf, &st) < 0)
+		if (stat(buf, &st) == -1)
 			continue;
 
 		/*
Index: auth.h
===================================================================
--- auth.h
+++ auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.96 2018/04/10 00:10:49 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.100 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -30,8 +30,6 @@
 
 #include <signal.h>
 
-#include <openssl/rsa.h>
-
 #ifdef HAVE_LOGIN_CAP
 #include <login_cap.h>
 #endif
@@ -132,8 +130,8 @@
 
 int      auth_password(struct ssh *, const char *);
 
-int	 hostbased_key_allowed(struct passwd *, const char *, char *,
-	    struct sshkey *);
+int	 hostbased_key_allowed(struct ssh *, struct passwd *,
+	    const char *, char *, struct sshkey *);
 int	 user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int,
     struct sshauthopt **);
 int	 auth2_key_already_used(Authctxt *, const struct sshkey *);
@@ -166,15 +164,13 @@
 #include "audit.h"
 void remove_kbdint_device(const char *);
 
-void	do_authentication2(Authctxt *);
+void	do_authentication2(struct ssh *);
 
-void	auth_log(Authctxt *, int, int, const char *, const char *);
-void	auth_maxtries_exceeded(Authctxt *) __attribute__((noreturn));
+void	auth_log(struct ssh *, int, int, const char *, const char *);
+void	auth_maxtries_exceeded(struct ssh *) __attribute__((noreturn));
 void	userauth_finish(struct ssh *, int, const char *, const char *);
 int	auth_root_allowed(struct ssh *, const char *);
 
-void	userauth_send_banner(const char *);
-
 char	*auth2_read_banner(void);
 int	 auth2_methods_valid(const char *, int);
 int	 auth2_update_methods_lists(Authctxt *, const char *, const char *);
@@ -188,8 +184,8 @@
 int	bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
 int	bsdauth_respond(void *, u_int, char **);
 
-int	allowed_user(struct passwd *);
-struct passwd * getpwnamallow(const char *user);
+int	allowed_user(struct ssh *, struct passwd *);
+struct passwd * getpwnamallow(struct ssh *, const char *user);
 
 char	*expand_authorized_keys(const char *, struct passwd *pw);
 char	*authorized_principals_file(struct passwd *);
@@ -210,8 +206,8 @@
 struct sshkey	*get_hostkey_public_by_type(int, int, struct ssh *);
 struct sshkey	*get_hostkey_private_by_type(int, int, struct ssh *);
 int	 get_hostkey_index(struct sshkey *, int, struct ssh *);
-int	 sshd_hostkey_sign(struct sshkey *, struct sshkey *, u_char **,
-	     size_t *, const u_char *, size_t, const char *, u_int);
+int	 sshd_hostkey_sign(struct ssh *, struct sshkey *, struct sshkey *,
+    u_char **, size_t *, const u_char *, size_t, const char *);
 
 /* Key / cert options linkage to auth layer */
 const struct sshauthopt *auth_options(struct ssh *);
@@ -224,7 +220,7 @@
 /* debug messages during authentication */
 void	 auth_debug_add(const char *fmt,...)
     __attribute__((format(printf, 1, 2)));
-void	 auth_debug_send(void);
+void	 auth_debug_send(struct ssh *);
 void	 auth_debug_reset(void);
 
 struct passwd *fakepw(void);
@@ -238,7 +234,7 @@
 int	 sys_auth_passwd(struct ssh *, const char *);
 
 #if defined(KRB5) && !defined(HEIMDAL)
-#include <krb5.h>
 krb5_error_code ssh_krb5_cc_gen(krb5_context, krb5_ccache *);
 #endif
-#endif
+
+#endif /* AUTH_H */
Index: auth.c
===================================================================
--- auth.c
+++ auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.133 2018/09/12 01:19:12 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.141 2019/10/02 00:42:30 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -32,6 +32,7 @@
 
 #include <netinet/in.h>
 
+#include <stdlib.h>
 #include <errno.h>
 #include <fcntl.h>
 #ifdef HAVE_PATHS_H
@@ -50,6 +51,7 @@
 #include <unistd.h>
 #include <limits.h>
 #include <netdb.h>
+#include <time.h>
 
 #include "xmalloc.h"
 #include "match.h"
@@ -71,7 +73,6 @@
 #endif
 #include "authfile.h"
 #include "monitor_wrap.h"
-#include "authfile.h"
 #include "ssherr.h"
 #include "compat.h"
 #include "channels.h"
@@ -96,9 +97,8 @@
  * Otherwise true is returned.
  */
 int
-allowed_user(struct passwd * pw)
+allowed_user(struct ssh *ssh, struct passwd * pw)
 {
-	struct ssh *ssh = active_state; /* XXX */
 	struct stat st;
 	const char *hostname = NULL, *ipaddr = NULL, *passwd = NULL;
 	u_int i;
@@ -167,7 +167,7 @@
 		char *shell = xstrdup((pw->pw_shell[0] == '\0') ?
 		    _PATH_BSHELL : pw->pw_shell); /* empty = /bin/sh */
 
-		if (stat(shell, &st) != 0) {
+		if (stat(shell, &st) == -1) {
 			logit("User %.100s not allowed because shell %.100s "
 			    "does not exist", pw->pw_name, shell);
 			free(shell);
@@ -258,7 +258,7 @@
 	}
 
 #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER
-	if (!sys_auth_allowed_user(pw, &loginmsg))
+	if (!sys_auth_allowed_user(pw, loginmsg))
 		return 0;
 #endif
 
@@ -308,10 +308,10 @@
 }
 
 void
-auth_log(Authctxt *authctxt, int authenticated, int partial,
+auth_log(struct ssh *ssh, int authenticated, int partial,
     const char *method, const char *submethod)
 {
-	struct ssh *ssh = active_state; /* XXX */
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	int level = SYSLOG_LEVEL_VERBOSE;
 	const char *authmsg;
 	char *extra = NULL;
@@ -356,26 +356,26 @@
 	    (strcmp(method, "password") == 0 ||
 	    strncmp(method, "keyboard-interactive", 20) == 0 ||
 	    strcmp(method, "challenge-response") == 0))
-		record_failed_login(authctxt->user,
+		record_failed_login(ssh, authctxt->user,
 		    auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
 # ifdef WITH_AIXAUTHENTICATE
 	if (authenticated)
 		sys_auth_record_login(authctxt->user,
 		    auth_get_canonical_hostname(ssh, options.use_dns), "ssh",
-		    &loginmsg);
+		    loginmsg);
 # endif
 #endif
 #ifdef SSH_AUDIT_EVENTS
 	if (authenticated == 0 && !authctxt->postponed)
-		audit_event(audit_classify_auth(method));
+		audit_event(ssh, audit_classify_auth(method));
 #endif
 }
 
 
 void
-auth_maxtries_exceeded(Authctxt *authctxt)
+auth_maxtries_exceeded(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state; /* XXX */
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 
 	error("maximum authentication attempts exceeded for "
 	    "%s%.100s from %.200s port %d ssh2",
@@ -383,7 +383,7 @@
 	    authctxt->user,
 	    ssh_remote_ipaddr(ssh),
 	    ssh_remote_port(ssh));
-	packet_disconnect("Too many authentication failures");
+	ssh_packet_disconnect(ssh, "Too many authentication failures");
 	/* NOTREACHED */
 }
 
@@ -437,7 +437,7 @@
 	 * Ensure that filename starts anchored. If not, be backward
 	 * compatible and prepend the '%h/'
 	 */
-	if (*file == '/')
+	if (path_absolute(file))
 		return (file);
 
 	i = snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file);
@@ -517,7 +517,7 @@
 		return NULL;
 	}
 
-	if (fstat(fd, &st) < 0) {
+	if (fstat(fd, &st) == -1) {
 		close(fd);
 		return NULL;
 	}
@@ -558,9 +558,8 @@
 }
 
 struct passwd *
-getpwnamallow(const char *user)
+getpwnamallow(struct ssh *ssh, const char *user)
 {
-	struct ssh *ssh = active_state; /* XXX */
 #ifdef HAVE_LOGIN_CAP
 	extern login_cap_t *lc;
 #ifdef BSD_AUTH
@@ -568,8 +567,9 @@
 #endif
 #endif
 	struct passwd *pw;
-	struct connection_info *ci = get_connection_info(1, options.use_dns);
+	struct connection_info *ci;
 
+	ci = get_connection_info(ssh, 1, options.use_dns);
 	ci->user = user;
 	parse_server_match_config(&options, ci);
 	log_change_level(options.log_level);
@@ -584,32 +584,19 @@
 #if defined(_AIX) && defined(HAVE_SETAUTHDB)
 	aix_restoreauthdb();
 #endif
-#ifdef HAVE_CYGWIN
-	/*
-	 * Windows usernames are case-insensitive.  To avoid later problems
-	 * when trying to match the username, the user is only allowed to
-	 * login if the username is given in the same case as stored in the
-	 * user database.
-	 */
-	if (pw != NULL && strcmp(user, pw->pw_name) != 0) {
-		logit("Login name %.100s does not match stored username %.100s",
-		    user, pw->pw_name);
-		pw = NULL;
-	}
-#endif
 	if (pw == NULL) {
 		logit("Invalid user %.100s from %.100s port %d",
 		    user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 #ifdef CUSTOM_FAILED_LOGIN
-		record_failed_login(user,
+		record_failed_login(ssh, user,
 		    auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
 #endif
 #ifdef SSH_AUDIT_EVENTS
-		audit_event(SSH_INVALID_USER);
+		audit_event(ssh, SSH_INVALID_USER);
 #endif /* SSH_AUDIT_EVENTS */
 		return (NULL);
 	}
-	if (!allowed_user(pw))
+	if (!allowed_user(ssh, pw))
 		return (NULL);
 #ifdef HAVE_LOGIN_CAP
 	if ((lc = login_getclass(pw->pw_class)) == NULL) {
@@ -688,9 +675,8 @@
 }
 
 void
-auth_debug_send(void)
+auth_debug_send(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state;		/* XXX */
 	char *msg;
 	int r;
 
@@ -760,7 +746,7 @@
 	fromlen = sizeof(from);
 	memset(&from, 0, sizeof(from));
 	if (getpeername(ssh_packet_get_connection_in(ssh),
-	    (struct sockaddr *)&from, &fromlen) < 0) {
+	    (struct sockaddr *)&from, &fromlen) == -1) {
 		debug("getpeername failed: %.100s", strerror(errno));
 		return strdup(ntop);
 	}
@@ -893,12 +879,12 @@
 	 * If executing an explicit binary, then verify the it exists
 	 * and appears safe-ish to execute
 	 */
-	if (*av[0] != '/') {
+	if (!path_absolute(av[0])) {
 		error("%s path is not absolute", tag);
 		return 0;
 	}
 	temporarily_use_uid(pw);
-	if (stat(av[0], &st) < 0) {
+	if (stat(av[0], &st) == -1) {
 		error("Could not stat %s \"%s\": %s", tag,
 		    av[0], strerror(errno));
 		restore_uid();
@@ -910,7 +896,7 @@
 		return 0;
 	}
 	/* Prepare to keep the child's stdout if requested */
-	if (pipe(p) != 0) {
+	if (pipe(p) == -1) {
 		error("%s: pipe: %s", tag, strerror(errno));
 		restore_uid();
 		return 0;
@@ -960,12 +946,12 @@
 		closefrom(STDERR_FILENO + 1);
 
 		/* Don't use permanently_set_uid() here to avoid fatal() */
-		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
+		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
 			    strerror(errno));
 			_exit(1);
 		}
-		if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) {
+		if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
 			error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
 			    strerror(errno));
 			_exit(1);
Index: auth2-chall.c
===================================================================
--- auth2-chall.c
+++ auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.50 2018/07/11 18:55:11 markus Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.51 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -28,6 +28,7 @@
 
 #include <sys/types.h>
 
+#include <stdlib.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
Index: auth2-hostbased.c
===================================================================
--- auth2-hostbased.c
+++ auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.38 2018/09/20 03:28:06 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.41 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -27,6 +27,7 @@
 
 #include <sys/types.h>
 
+#include <stdlib.h>
 #include <pwd.h>
 #include <string.h>
 #include <stdarg.h>
@@ -147,7 +148,8 @@
 
 	/* test for allowed key and correct signature */
 	authenticated = 0;
-	if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) &&
+	if (PRIVSEP(hostbased_key_allowed(ssh, authctxt->pw, cuser,
+	    chost, key)) &&
 	    PRIVSEP(sshkey_verify(key, sig, slen,
 	    sshbuf_ptr(b), sshbuf_len(b), pkalg, ssh->compat)) == 0)
 		authenticated = 1;
@@ -167,10 +169,9 @@
 
 /* return 1 if given hostkey is allowed */
 int
-hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
-    struct sshkey *key)
+hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
+    const char *cuser, char *chost, struct sshkey *key)
 {
-	struct ssh *ssh = active_state; /* XXX */
 	const char *resolvedname, *ipaddr, *lookup, *reason;
 	HostStatus host_status;
 	int len;
Index: auth2-kbdint.c
===================================================================
--- auth2-kbdint.c
+++ auth2-kbdint.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-kbdint.c,v 1.9 2018/07/09 21:35:50 markus Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.10 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -28,6 +28,9 @@
 #include <sys/types.h>
 
 #include <stdarg.h>
+
+#include <stdlib.h>
+#include <stdio.h>
 
 #include "xmalloc.h"
 #include "packet.h"
Index: auth2-passwd.c
===================================================================
--- auth2-passwd.c
+++ auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.16 2018/07/09 21:35:50 markus Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.17 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -27,8 +27,10 @@
 
 #include <sys/types.h>
 
+#include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>
+#include <stdio.h>
 
 #include "packet.h"
 #include "ssherr.h"
Index: auth2-pubkey.c
===================================================================
--- auth2-pubkey.c
+++ auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.86 2018/09/20 03:28:06 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.94 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -28,6 +28,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
+#include <stdlib.h>
 #include <errno.h>
 #include <fcntl.h>
 #ifdef HAVE_PATHS_H
@@ -102,6 +103,22 @@
 	    (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
 	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
 		fatal("%s: parse request failed: %s", __func__, ssh_err(r));
+
+	if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) {
+		char *keystring;
+		struct sshbuf *pkbuf;
+
+		if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL)
+			fatal("%s: sshbuf_from failed", __func__);
+		if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL)
+			fatal("%s: sshbuf_dtob64 failed", __func__);
+		debug2("%s: %s user %s %s public key %s %s", __func__,
+		    authctxt->valid ? "valid" : "invalid", authctxt->user,
+		    have_sig ? "attempting" : "querying", pkalg, keystring);
+		sshbuf_free(pkbuf);
+		free(keystring);
+	}
+
 	pktype = sshkey_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */
@@ -402,7 +419,7 @@
 	pid_t pid;
 	char *tmp, *username = NULL, *command = NULL, **av = NULL;
 	char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL;
-	char serial_s[16], uidstr[32];
+	char serial_s[32], uidstr[32];
 	void (*osigchld)(int);
 
 	if (authoptsp != NULL)
@@ -434,12 +451,12 @@
 	/* Turn the command into an argument vector */
 	if (argv_split(options.authorized_principals_command, &ac, &av) != 0) {
 		error("AuthorizedPrincipalsCommand \"%s\" contains "
-		    "invalid quotes", command);
+		    "invalid quotes", options.authorized_principals_command);
 		goto out;
 	}
 	if (ac == 0) {
 		error("AuthorizedPrincipalsCommand \"%s\" yielded no arguments",
-		    command);
+		    options.authorized_principals_command);
 		goto out;
 	}
 	if ((ca_fp = sshkey_fingerprint(cert->signature_key,
@@ -522,39 +539,7 @@
 	return found_principal;
 }
 
-static void
-skip_space(char **cpp)
-{
-	char *cp;
-
-	for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)
-		;
-	*cpp = cp;
-}
-
 /*
- * Advanced *cpp past the end of key options, defined as the first unquoted
- * whitespace character. Returns 0 on success or -1 on failure (e.g.
- * unterminated quotes).
- */
-static int
-advance_past_options(char **cpp)
-{
-	char *cp = *cpp;
-	int quoted = 0;
-
-	for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
-		if (*cp == '\\' && cp[1] == '"')
-			cp++;	/* Skip both */
-		else if (*cp == '"')
-			quoted = !quoted;
-	}
-	*cpp = cp;
-	/* return failure for unterminated quotes */
-	return (*cp == '\0' && quoted) ? -1 : 0;
-}
-
-/*
  * Check a single line of an authorized_keys-format file. Returns 0 if key
  * matches, -1 otherwise. Will return key/cert options via *authoptsp
  * on success. "loc" is used as file/line location in log messages.
@@ -584,7 +569,7 @@
 		/* no key?  check for options */
 		debug2("%s: check options: '%s'", loc, cp);
 		key_options = cp;
-		if (advance_past_options(&cp) != 0) {
+		if (sshkey_advance_past_options(&cp) != 0) {
 			reason = "invalid key option string";
 			goto fail_reason;
 		}
@@ -998,9 +983,10 @@
 user_key_allowed(struct ssh *ssh, struct passwd *pw, struct sshkey *key,
     int auth_attempt, struct sshauthopt **authoptsp)
 {
-	u_int success, i;
+	u_int success = 0, i;
 	char *file;
 	struct sshauthopt *opts = NULL;
+
 	if (authoptsp != NULL)
 		*authoptsp = NULL;
 
@@ -1010,6 +996,21 @@
 	    auth_key_is_revoked(key->cert->signature_key))
 		return 0;
 
+	for (i = 0; !success && i < options.num_authkeys_files; i++) {
+		if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
+			continue;
+		file = expand_authorized_keys(
+		    options.authorized_keys_files[i], pw);
+		success = user_key_allowed2(ssh, pw, key, file, &opts);
+		free(file);
+		if (!success) {
+			sshauthopt_free(opts);
+			opts = NULL;
+		}
+	}
+	if (success)
+		goto out;
+
 	if ((success = user_cert_trusted_ca(ssh, pw, key, &opts)) != 0)
 		goto out;
 	sshauthopt_free(opts);
@@ -1019,15 +1020,6 @@
 		goto out;
 	sshauthopt_free(opts);
 	opts = NULL;
-
-	for (i = 0; !success && i < options.num_authkeys_files; i++) {
-		if (strcasecmp(options.authorized_keys_files[i], "none") == 0)
-			continue;
-		file = expand_authorized_keys(
-		    options.authorized_keys_files[i], pw);
-		success = user_key_allowed2(ssh, pw, key, file, &opts);
-		free(file);
-	}
 
  out:
 	if (success && authoptsp != NULL) {
Index: auth2.c
===================================================================
--- auth2.c
+++ auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.149 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: auth2.c,v 1.157 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -35,7 +35,9 @@
 #include <stdarg.h>
 #include <string.h>
 #include <unistd.h>
+#include <time.h>
 
+#include "stdlib.h"
 #include "atomicio.h"
 #include "xmalloc.h"
 #include "ssh2.h"
@@ -50,14 +52,11 @@
 #include "auth.h"
 #include "dispatch.h"
 #include "pathnames.h"
-#include "sshbuf.h"
 #include "ssherr.h"
-
 #ifdef GSSAPI
 #include "ssh-gss.h"
 #endif
 #include "monitor_wrap.h"
-#include "ssherr.h"
 #include "digest.h"
 
 /* import */
@@ -137,18 +136,21 @@
 	return (banner);
 }
 
-void
-userauth_send_banner(const char *msg)
+static void
+userauth_send_banner(struct ssh *ssh, const char *msg)
 {
-	packet_start(SSH2_MSG_USERAUTH_BANNER);
-	packet_put_cstring(msg);
-	packet_put_cstring("");		/* language, unused */
-	packet_send();
+	int r;
+
+	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_BANNER)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, msg)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language, unused */
+	    (r = sshpkt_send(ssh)) != 0)
+		fatal("%s: %s", __func__, ssh_err(r));
 	debug("%s: sent", __func__);
 }
 
 static void
-userauth_banner(void)
+userauth_banner(struct ssh *ssh)
 {
 	char *banner = NULL;
 
@@ -157,7 +159,7 @@
 
 	if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
 		goto done;
-	userauth_send_banner(banner);
+	userauth_send_banner(ssh, banner);
 
 done:
 	free(banner);
@@ -167,10 +169,10 @@
  * loop until authctxt->success == TRUE
  */
 void
-do_authentication2(Authctxt *authctxt)
+do_authentication2(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state;		/* XXX */
-	ssh->authctxt = authctxt;		/* XXX move to caller */
+	Authctxt *authctxt = ssh->authctxt;
+
 	ssh_dispatch_init(ssh, &dispatch_protocol_error);
 	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_REQUEST, &input_service_request);
 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt->success);
@@ -182,11 +184,13 @@
 input_service_request(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
-	u_int len;
-	int acceptit = 0;
-	char *service = packet_get_cstring(&len);
-	packet_check_eom();
+	char *service = NULL;
+	int r, acceptit = 0;
 
+	if ((r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		goto out;
+
 	if (authctxt == NULL)
 		fatal("input_service_request: no authctxt");
 
@@ -194,20 +198,24 @@
 		if (!authctxt->success) {
 			acceptit = 1;
 			/* now we can handle user-auth requests */
-			ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &input_userauth_request);
+			ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
+			    &input_userauth_request);
 		}
 	}
 	/* XXX all other service requests are denied */
 
 	if (acceptit) {
-		packet_start(SSH2_MSG_SERVICE_ACCEPT);
-		packet_put_cstring(service);
-		packet_send();
-		packet_write_wait();
+		if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_ACCEPT)) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, service)) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0 ||
+		    (r = ssh_packet_write_wait(ssh)) != 0)
+			goto out;
 	} else {
 		debug("bad service request %s", service);
-		packet_disconnect("bad service request %s", service);
+		ssh_packet_disconnect(ssh, "bad service request %s", service);
 	}
+	r = 0;
+ out:
 	free(service);
 	return 0;
 }
@@ -255,16 +263,17 @@
 {
 	Authctxt *authctxt = ssh->authctxt;
 	Authmethod *m = NULL;
-	char *user, *service, *method, *style = NULL;
-	int authenticated = 0;
+	char *user = NULL, *service = NULL, *method = NULL, *style = NULL;
+	int r, authenticated = 0;
 	double tstart = monotime_double();
 
 	if (authctxt == NULL)
 		fatal("input_userauth_request: no authctxt");
 
-	user = packet_get_cstring(NULL);
-	service = packet_get_cstring(NULL);
-	method = packet_get_cstring(NULL);
+	if ((r = sshpkt_get_cstring(ssh, &user, NULL)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &service, NULL)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &method, NULL)) != 0)
+		goto out;
 	debug("userauth-request for user %s service %s method %s", user, service, method);
 	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
 
@@ -273,7 +282,7 @@
 
 	if (authctxt->attempt++ == 0) {
 		/* setup auth context */
-		authctxt->pw = PRIVSEP(getpwnamallow(user));
+		authctxt->pw = PRIVSEP(getpwnamallow(ssh, user));
 		authctxt->user = xstrdup(user);
 		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
 			authctxt->valid = 1;
@@ -283,12 +292,12 @@
 			/* Invalid user, fake password information */
 			authctxt->pw = fakepw();
 #ifdef SSH_AUDIT_EVENTS
-			PRIVSEP(audit_event(SSH_INVALID_USER));
+			PRIVSEP(audit_event(ssh, SSH_INVALID_USER));
 #endif
 		}
 #ifdef USE_PAM
 		if (options.use_pam)
-			PRIVSEP(start_pam(authctxt));
+			PRIVSEP(start_pam(ssh));
 #endif
 		ssh_packet_set_log_preamble(ssh, "%suser %s",
 		    authctxt->valid ? "authenticating " : "invalid ", user);
@@ -298,13 +307,14 @@
 		authctxt->style = style ? xstrdup(style) : NULL;
 		if (use_privsep)
 			mm_inform_authserv(service, style);
-		userauth_banner();
+		userauth_banner(ssh);
 		if (auth2_setup_methods_lists(authctxt) != 0)
-			packet_disconnect("no authentication methods enabled");
+			ssh_packet_disconnect(ssh,
+			    "no authentication methods enabled");
 	} else if (strcmp(user, authctxt->user) != 0 ||
 	    strcmp(service, authctxt->service) != 0) {
-		packet_disconnect("Change of username or service not allowed: "
-		    "(%s,%s) -> (%s,%s)",
+		ssh_packet_disconnect(ssh, "Change of username or service "
+		    "not allowed: (%s,%s) -> (%s,%s)",
 		    authctxt->user, authctxt->service, user, service);
 	}
 	/* reset state */
@@ -330,11 +340,12 @@
 		ensure_minimum_time_since(tstart,
 		    user_specific_delay(authctxt->user));
 	userauth_finish(ssh, authenticated, method, NULL);
-
+	r = 0;
+ out:
 	free(service);
 	free(user);
 	free(method);
-	return 0;
+	return r;
 }
 
 void
@@ -343,7 +354,7 @@
 {
 	Authctxt *authctxt = ssh->authctxt;
 	char *methods;
-	int partial = 0;
+	int r, partial = 0;
 
 	if (!authctxt->valid && authenticated)
 		fatal("INTERNAL ERROR: authenticated invalid user %s",
@@ -356,7 +367,7 @@
 	    !auth_root_allowed(ssh, method)) {
 		authenticated = 0;
 #ifdef SSH_AUDIT_EVENTS
-		PRIVSEP(audit_event(SSH_LOGIN_ROOT_DENIED));
+		PRIVSEP(audit_event(ssh, SSH_LOGIN_ROOT_DENIED));
 #endif
 	}
 
@@ -368,7 +379,7 @@
 	}
 
 	/* Log before sending the reply */
-	auth_log(authctxt, authenticated, partial, method, submethod);
+	auth_log(ssh, authenticated, partial, method, submethod);
 
 	/* Update information exposed to session */
 	if (authenticated || partial)
@@ -387,8 +398,11 @@
 				if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
 					fatal("%s: buffer error: %s",
 					    __func__, ssh_err(r));
-				userauth_send_banner(sshbuf_ptr(loginmsg));
-				packet_write_wait();
+				userauth_send_banner(ssh, sshbuf_ptr(loginmsg));
+				if ((r = ssh_packet_write_wait(ssh)) != 0) {
+					sshpkt_fatal(ssh, r,
+					    "%s: send PAM banner", __func__);
+				}
 			}
 			fatal("Access denied for user %s by PAM account "
 			    "configuration", authctxt->user);
@@ -398,10 +412,12 @@
 
 	if (authenticated == 1) {
 		/* turn off userauth */
-		ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
-		packet_start(SSH2_MSG_USERAUTH_SUCCESS);
-		packet_send();
-		packet_write_wait();
+		ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST,
+		    &dispatch_protocol_ignore);
+		if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0 ||
+		    (r = ssh_packet_write_wait(ssh)) != 0)
+			fatal("%s: %s", __func__, ssh_err(r));
 		/* now we can break out */
 		authctxt->success = 1;
 		ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
@@ -412,18 +428,19 @@
 			authctxt->failures++;
 		if (authctxt->failures >= options.max_authtries) {
 #ifdef SSH_AUDIT_EVENTS
-			PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES));
+			PRIVSEP(audit_event(ssh, SSH_LOGIN_EXCEED_MAXTRIES));
 #endif
-			auth_maxtries_exceeded(authctxt);
+			auth_maxtries_exceeded(ssh);
 		}
 		methods = authmethods_get(authctxt);
 		debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
 		    partial, methods);
-		packet_start(SSH2_MSG_USERAUTH_FAILURE);
-		packet_put_cstring(methods);
-		packet_put_char(partial);
-		packet_send();
-		packet_write_wait();
+		if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, methods)) != 0 ||
+		    (r = sshpkt_put_u8(ssh, partial)) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0 ||
+		    (r = ssh_packet_write_wait(ssh)) != 0)
+			fatal("%s: %s", __func__, ssh_err(r));
 		free(methods);
 	}
 }
@@ -558,6 +575,14 @@
 {
 	u_int i;
 
+	/* First, normalise away the "any" pseudo-method */
+	if (options.num_auth_methods == 1 &&
+	    strcmp(options.auth_methods[0], "any") == 0) {
+		free(options.auth_methods[0]);
+		options.auth_methods[0] = NULL;
+		options.num_auth_methods = 0;
+	}
+
 	if (options.num_auth_methods == 0)
 		return 0;
 	debug3("%s: checking methods", __func__);
@@ -690,7 +715,7 @@
 	i = vasprintf(&authctxt->auth_method_info, fmt, ap);
 	va_end(ap);
 
-	if (i < 0 || authctxt->auth_method_info == NULL)
+	if (i == -1)
 		fatal("%s: vasprintf failed", __func__);
 }
 
Index: authfd.h
===================================================================
--- authfd.h
+++ authfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.44 2018/07/12 04:35:25 djm Exp $ */
+/* $OpenBSD: authfd.h,v 1.46 2019/09/03 08:29:15 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -29,8 +29,9 @@
 int	ssh_lock_agent(int sock, int lock, const char *password);
 int	ssh_fetch_identitylist(int sock, struct ssh_identitylist **idlp);
 void	ssh_free_identitylist(struct ssh_identitylist *idl);
-int	ssh_add_identity_constrained(int sock, const struct sshkey *key,
+int	ssh_add_identity_constrained(int sock, struct sshkey *key,
 	    const char *comment, u_int life, u_int confirm, u_int maxsign);
+int	ssh_agent_has_key(int sock, struct sshkey *key);
 int	ssh_remove_identity(int sock, struct sshkey *key);
 int	ssh_update_card(int sock, int add, const char *reader_id,
 	    const char *pin, u_int life, u_int confirm);
Index: authfd.c
===================================================================
--- authfd.c
+++ authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.111 2018/07/09 21:59:10 markus Exp $ */
+/* $OpenBSD: authfd.c,v 1.117 2019/09/03 08:29:15 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -94,19 +94,19 @@
 		*fdp = -1;
 
 	authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
-	if (!authsocket)
+	if (authsocket == NULL || *authsocket == '\0')
 		return SSH_ERR_AGENT_NOT_PRESENT;
 
 	memset(&sunaddr, 0, sizeof(sunaddr));
 	sunaddr.sun_family = AF_UNIX;
 	strlcpy(sunaddr.sun_path, authsocket, sizeof(sunaddr.sun_path));
 
-	if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
+	if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1)
 		return SSH_ERR_SYSTEM_ERROR;
 
 	/* close on exec */
 	if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1 ||
-	    connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
+	    connect(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
 		oerrno = errno;
 		close(sock);
 		errno = oerrno;
@@ -312,10 +312,38 @@
 		if (idl->comments != NULL)
 			free(idl->comments[i]);
 	}
+	free(idl->keys);
+	free(idl->comments);
 	free(idl);
 }
 
 /*
+ * Check if the ssh agent has a given key.
+ * Returns 0 if found, or a negative SSH_ERR_* error code on failure.
+ */
+int
+ssh_agent_has_key(int sock, struct sshkey *key)
+{
+	int r, ret = SSH_ERR_KEY_NOT_FOUND;
+	size_t i;
+	struct ssh_identitylist *idlist = NULL;
+
+	if ((r = ssh_fetch_identitylist(sock, &idlist)) < 0) {
+		return r;
+	}
+
+	for (i = 0; i < idlist->nkeys; i++) {
+		if (sshkey_equal_public(idlist->keys[i], key)) {
+			ret = 0;
+			break;
+		}
+	}
+
+	ssh_free_identitylist(idlist);
+	return ret;
+}
+
+/*
  * Sends a challenge (typically from a server via ssh(1)) to the agent,
  * and waits for a response from the agent.
  * Returns true (non-zero) if the agent gave the correct answer, zero
@@ -327,10 +355,12 @@
 static u_int
 agent_encode_alg(const struct sshkey *key, const char *alg)
 {
-	if (alg != NULL && key->type == KEY_RSA) {
-		if (strcmp(alg, "rsa-sha2-256") == 0)
+	if (alg != NULL && sshkey_type_plain(key->type) == KEY_RSA) {
+		if (strcmp(alg, "rsa-sha2-256") == 0 ||
+		    strcmp(alg, "rsa-sha2-256-cert-v01@openssh.com") == 0)
 			return SSH_AGENT_RSA_SHA2_256;
-		else if (strcmp(alg, "rsa-sha2-512") == 0)
+		if (strcmp(alg, "rsa-sha2-512") == 0 ||
+		    strcmp(alg, "rsa-sha2-512-cert-v01@openssh.com") == 0)
 			return SSH_AGENT_RSA_SHA2_512;
 	}
 	return 0;
@@ -421,7 +451,7 @@
  * This call is intended only for use by ssh-add(1) and like applications.
  */
 int
-ssh_add_identity_constrained(int sock, const struct sshkey *key,
+ssh_add_identity_constrained(int sock, struct sshkey *key,
     const char *comment, u_int life, u_int confirm, u_int maxsign)
 {
 	struct sshbuf *msg;
Index: authfile.h
===================================================================
--- authfile.h
+++ authfile.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.h,v 1.21 2015/01/08 10:14:08 djm Exp $ */
+/* $OpenBSD: authfile.h,v 1.23 2019/09/03 08:30:47 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
@@ -40,13 +40,14 @@
 int sshkey_load_public(const char *, struct sshkey **, char **);
 int sshkey_load_private(const char *, const char *, struct sshkey **, char **);
 int sshkey_load_private_cert(int, const char *, const char *,
-    struct sshkey **, int *);
+    struct sshkey **);
 int sshkey_load_private_type(int, const char *, const char *,
-    struct sshkey **, char **, int *);
+    struct sshkey **, char **);
 int sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
     struct sshkey **keyp, char **commentp);
 int sshkey_perm_ok(int, const char *);
 int sshkey_in_file(struct sshkey *, const char *, int, int);
 int sshkey_check_revoked(struct sshkey *key, const char *revoked_keys_file);
+int sshkey_advance_past_options(char **cpp);
 
 #endif
Index: authfile.c
===================================================================
--- authfile.c
+++ authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.131 2018/09/21 12:20:12 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.135 2019/09/03 08:30:47 djm Exp $ */
 /*
  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
  *
@@ -57,7 +57,7 @@
 {
 	int fd, oerrno;
 
-	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) < 0)
+	if ((fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0600)) == -1)
 		return SSH_ERR_SYSTEM_ERROR;
 	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(keybuf),
 	    sshbuf_len(keybuf)) != sshbuf_len(keybuf)) {
@@ -74,7 +74,7 @@
 int
 sshkey_save_private(struct sshkey *key, const char *filename,
     const char *passphrase, const char *comment,
-    int force_new_format, const char *new_format_cipher, int new_format_rounds)
+    int format, const char *openssh_format_cipher, int openssh_format_rounds)
 {
 	struct sshbuf *keyblob = NULL;
 	int r;
@@ -82,7 +82,7 @@
 	if ((keyblob = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
 	if ((r = sshkey_private_to_fileblob(key, keyblob, passphrase, comment,
-	    force_new_format, new_format_cipher, new_format_rounds)) != 0)
+	    format, openssh_format_cipher, openssh_format_rounds)) != 0)
 		goto out;
 	if ((r = sshkey_save_private_blob(keyblob, filename)) != 0)
 		goto out;
@@ -101,7 +101,7 @@
 	struct stat st;
 	int r;
 
-	if (fstat(fd, &st) < 0)
+	if (fstat(fd, &st) == -1)
 		return SSH_ERR_SYSTEM_ERROR;
 	if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
 	    st.st_size > MAX_KEY_FILE_SIZE)
@@ -141,7 +141,7 @@
 {
 	struct stat st;
 
-	if (fstat(fd, &st) < 0)
+	if (fstat(fd, &st) == -1)
 		return SSH_ERR_SYSTEM_ERROR;
 	/*
 	 * if a key owned by the user is accessed, then we check the
@@ -164,10 +164,9 @@
 	return 0;
 }
 
-/* XXX kill perm_ok now that we have SSH_ERR_KEY_BAD_PERMISSIONS? */
 int
 sshkey_load_private_type(int type, const char *filename, const char *passphrase,
-    struct sshkey **keyp, char **commentp, int *perm_ok)
+    struct sshkey **keyp, char **commentp)
 {
 	int fd, r;
 
@@ -176,19 +175,12 @@
 	if (commentp != NULL)
 		*commentp = NULL;
 
-	if ((fd = open(filename, O_RDONLY)) < 0) {
-		if (perm_ok != NULL)
-			*perm_ok = 0;
+	if ((fd = open(filename, O_RDONLY)) == -1)
 		return SSH_ERR_SYSTEM_ERROR;
-	}
-	if (sshkey_perm_ok(fd, filename) != 0) {
-		if (perm_ok != NULL)
-			*perm_ok = 0;
-		r = SSH_ERR_KEY_BAD_PERMISSIONS;
+
+	r = sshkey_perm_ok(fd, filename);
+	if (r != 0)
 		goto out;
-	}
-	if (perm_ok != NULL)
-		*perm_ok = 1;
 
 	r = sshkey_load_private_type_fd(fd, type, passphrase, keyp, commentp);
 	if (r == 0 && keyp && *keyp)
@@ -236,7 +228,7 @@
 	if (commentp != NULL)
 		*commentp = NULL;
 
-	if ((fd = open(filename, O_RDONLY)) < 0)
+	if ((fd = open(filename, O_RDONLY)) == -1)
 		return SSH_ERR_SYSTEM_ERROR;
 	if (sshkey_perm_ok(fd, filename) != 0) {
 		r = SSH_ERR_KEY_BAD_PERMISSIONS;
@@ -387,7 +379,7 @@
 /* Load private key and certificate */
 int
 sshkey_load_private_cert(int type, const char *filename, const char *passphrase,
-    struct sshkey **keyp, int *perm_ok)
+    struct sshkey **keyp)
 {
 	struct sshkey *key = NULL, *cert = NULL;
 	int r;
@@ -410,7 +402,7 @@
 	}
 
 	if ((r = sshkey_load_private_type(type, filename,
-	    passphrase, &key, NULL, perm_ok)) != 0 ||
+	    passphrase, &key, NULL)) != 0 ||
 	    (r = sshkey_load_cert(filename, &cert)) != 0)
 		goto out;
 
@@ -534,5 +526,27 @@
 		/* Some other error occurred */
 		return r;
 	}
+}
+
+/*
+ * Advanced *cpp past the end of key options, defined as the first unquoted
+ * whitespace character. Returns 0 on success or -1 on failure (e.g.
+ * unterminated quotes).
+ */
+int
+sshkey_advance_past_options(char **cpp)
+{
+	char *cp = *cpp;
+	int quoted = 0;
+
+	for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+		if (*cp == '\\' && cp[1] == '"')
+			cp++;	/* Skip both */
+		else if (*cp == '"')
+			quoted = !quoted;
+	}
+	*cpp = cp;
+	/* return failure for unterminated quotes */
+	return (*cp == '\0' && quoted) ? -1 : 0;
 }
 
Index: canohost.c
===================================================================
--- canohost.c
+++ canohost.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: canohost.c,v 1.73 2016/03/07 19:02:43 djm Exp $ */
+/* $OpenBSD: canohost.c,v 1.74 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -164,12 +164,12 @@
 	fromlen = sizeof(from);
 	memset(&from, 0, sizeof(from));
 	if (local) {
-		if (getsockname(sock, (struct sockaddr *)&from, &fromlen) < 0) {
+		if (getsockname(sock, (struct sockaddr *)&from, &fromlen) == -1) {
 			error("getsockname failed: %.100s", strerror(errno));
 			return 0;
 		}
 	} else {
-		if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
+		if (getpeername(sock, (struct sockaddr *)&from, &fromlen) == -1) {
 			debug("getpeername failed: %.100s", strerror(errno));
 			return -1;
 		}
Index: channels.c
===================================================================
--- channels.c
+++ channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.386 2018/10/04 01:04:52 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.394 2019/07/07 01:05:00 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -59,7 +59,7 @@
 #include <netdb.h>
 #include <stdarg.h>
 #ifdef HAVE_STDINT_H
- #include <stdint.h>
+# include <stdint.h>
 #endif
 #include <stdio.h>
 #include <stdlib.h>
@@ -227,11 +227,7 @@
 {
 	struct ssh_channels *sc;
 
-	if ((sc = calloc(1, sizeof(*sc))) == NULL ||
-	    (sc->channel_pre = calloc(SSH_CHANNEL_MAX_TYPE,
-	    sizeof(*sc->channel_pre))) == NULL ||
-	    (sc->channel_post = calloc(SSH_CHANNEL_MAX_TYPE,
-	    sizeof(*sc->channel_post))) == NULL)
+	if ((sc = calloc(1, sizeof(*sc))) == NULL)
 		fatal("%s: allocation failed", __func__);
 	sc->channels_alloc = 10;
 	sc->channels = xcalloc(sc->channels_alloc, sizeof(*sc->channels));
@@ -497,7 +493,7 @@
 	}
 }
 
-/* Reutrns pointers to the specified forwarding list and its element count */
+/* Returns pointers to the specified forwarding list and its element count */
 static void
 permission_set_get_array(struct ssh *ssh, int who, int where,
     struct permission ***permpp, u_int **npermpp)
@@ -643,10 +639,30 @@
 channel_free_all(struct ssh *ssh)
 {
 	u_int i;
+	struct ssh_channels *sc = ssh->chanctxt;
 
-	for (i = 0; i < ssh->chanctxt->channels_alloc; i++)
-		if (ssh->chanctxt->channels[i] != NULL)
-			channel_free(ssh, ssh->chanctxt->channels[i]);
+	for (i = 0; i < sc->channels_alloc; i++)
+		if (sc->channels[i] != NULL)
+			channel_free(ssh, sc->channels[i]);
+
+	free(sc->channels);
+	sc->channels = NULL;
+	sc->channels_alloc = 0;
+	sc->channel_max_fd = 0;
+
+	free(sc->x11_saved_display);
+	sc->x11_saved_display = NULL;
+
+	free(sc->x11_saved_proto);
+	sc->x11_saved_proto = NULL;
+
+	free(sc->x11_saved_data);
+	sc->x11_saved_data = NULL;
+	sc->x11_saved_data_len = 0;
+
+	free(sc->x11_fake_data);
+	sc->x11_fake_data = NULL;
+	sc->x11_fake_data_len = 0;
 }
 
 /*
@@ -1655,7 +1671,7 @@
 		chan_mark_dead(ssh, c);
 		errno = oerrno;
 	}
-	if (newsock < 0) {
+	if (newsock == -1) {
 		if (errno != EINTR && errno != EWOULDBLOCK &&
 		    errno != ECONNABORTED)
 			error("accept: %.100s", strerror(errno));
@@ -1798,7 +1814,7 @@
 
 	addrlen = sizeof(addr);
 	newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
-	if (newsock < 0) {
+	if (newsock == -1) {
 		if (errno != EINTR && errno != EWOULDBLOCK &&
 		    errno != ECONNABORTED)
 			error("accept: %.100s", strerror(errno));
@@ -1837,7 +1853,7 @@
 
 	addrlen = sizeof(addr);
 	newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen);
-	if (newsock < 0) {
+	if (newsock == -1) {
 		error("accept from auth socket: %.100s", strerror(errno));
 		if (errno == EMFILE || errno == ENFILE)
 			c->notbefore = monotime() + 1;
@@ -1865,7 +1881,7 @@
 		fatal(":%s: channel %d: no remote id", __func__, c->self);
 	/* for rdynamic the OPEN_CONFIRMATION has been sent already */
 	isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH);
-	if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) < 0) {
+	if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) {
 		err = errno;
 		error("getsockopt SO_ERROR failed");
 	}
@@ -1940,7 +1956,7 @@
 
 	errno = 0;
 	len = read(c->rfd, buf, sizeof(buf));
-	if (len < 0 && (errno == EINTR ||
+	if (len == -1 && (errno == EINTR ||
 	    ((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
 		return 1;
 #ifndef PTY_ZEROREAD
@@ -2014,7 +2030,7 @@
 		/* ignore truncated writes, datagrams might get lost */
 		len = write(c->wfd, buf, dlen);
 		free(data);
-		if (len < 0 && (errno == EINTR || errno == EAGAIN ||
+		if (len == -1 && (errno == EINTR || errno == EAGAIN ||
 		    errno == EWOULDBLOCK))
 			return 1;
 		if (len <= 0)
@@ -2029,7 +2045,7 @@
 #endif
 
 	len = write(c->wfd, buf, dlen);
-	if (len < 0 &&
+	if (len == -1 &&
 	    (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK))
 		return 1;
 	if (len <= 0) {
@@ -2083,7 +2099,7 @@
 	len = write(c->efd, sshbuf_ptr(c->extended),
 	    sshbuf_len(c->extended));
 	debug2("channel %d: written %zd to efd %d", c->self, len, c->efd);
-	if (len < 0 && (errno == EINTR || errno == EAGAIN ||
+	if (len == -1 && (errno == EINTR || errno == EAGAIN ||
 	    errno == EWOULDBLOCK))
 		return 1;
 	if (len <= 0) {
@@ -2104,16 +2120,18 @@
     fd_set *readset, fd_set *writeset)
 {
 	char buf[CHAN_RBUF];
-	int r;
 	ssize_t len;
+	int r, force;
 
-	if (!c->detach_close && !FD_ISSET(c->efd, readset))
+	force = c->isatty && c->detach_close && c->istate != CHAN_INPUT_CLOSED;
+
+	if (c->efd == -1 || (!force && !FD_ISSET(c->efd, readset)))
 		return 1;
 
 	len = read(c->efd, buf, sizeof(buf));
 	debug2("channel %d: read %zd from efd %d", c->self, len, c->efd);
-	if (len < 0 && (errno == EINTR || ((errno == EAGAIN ||
-	    errno == EWOULDBLOCK) && !c->detach_close)))
+	if (len == -1 && (errno == EINTR || ((errno == EAGAIN ||
+	    errno == EWOULDBLOCK) && !force)))
 		return 1;
 	if (len <= 0) {
 		debug2("channel %d: closing read-efd %d",
@@ -2201,7 +2219,7 @@
 	if (sshbuf_len(c->input) < need) {
 		rlen = need - sshbuf_len(c->input);
 		len = read(c->rfd, buf, MINIMUM(rlen, CHAN_RBUF));
-		if (len < 0 && (errno == EINTR || errno == EAGAIN))
+		if (len == -1 && (errno == EINTR || errno == EAGAIN))
 			return sshbuf_len(c->input);
 		if (len <= 0) {
 			debug2("channel %d: ctl read<=0 rfd %d len %zd",
@@ -2265,7 +2283,7 @@
 		return;
 
 	len = write(c->wfd, sshbuf_ptr(c->output), sshbuf_len(c->output));
-	if (len < 0 && (errno == EINTR || errno == EAGAIN))
+	if (len == -1 && (errno == EINTR || errno == EAGAIN))
 		return;
 	if (len <= 0) {
 		chan_mark_dead(ssh, c);
@@ -2313,7 +2331,7 @@
 		return;
 	}
 
-	if (getpeereid(newsock, &euid, &egid) < 0) {
+	if (getpeereid(newsock, &euid, &egid) == -1) {
 		error("%s getpeereid failed: %s", __func__,
 		    strerror(errno));
 		close(newsock);
@@ -2995,10 +3013,10 @@
 		return 0;
 
 	/* Get the data. */
-	if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0)
+	if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0)
 		fatal("%s: channel %d: get data: %s", __func__,
 		    c->self, ssh_err(r));
-	ssh_packet_check_eom(ssh);
 
 	win_len = data_len;
 	if (c->datagram)
@@ -3072,11 +3090,11 @@
 		logit("channel %d: bad ext data", c->self);
 		return 0;
 	}
-	if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0) {
+	if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0) {
 		error("%s: parse data: %s", __func__, ssh_err(r));
 		ssh_packet_disconnect(ssh, "Invalid extended_data message");
 	}
-	ssh_packet_check_eom(ssh);
 
 	if (data_len > c->local_window) {
 		logit("channel %d: rcvd too much extended_data %zu, win %u",
@@ -3095,8 +3113,12 @@
 channel_input_ieof(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Channel *c = channel_from_packet_id(ssh, __func__, "ieof");
+	int r;
 
-	ssh_packet_check_eom(ssh);
+        if ((r = sshpkt_get_end(ssh)) != 0) {
+		error("%s: parse data: %s", __func__, ssh_err(r));
+		ssh_packet_disconnect(ssh, "Invalid ieof message");
+	}
 
 	if (channel_proxy_upstream(c, type, seq, ssh))
 		return 0;
@@ -3116,10 +3138,14 @@
 channel_input_oclose(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Channel *c = channel_from_packet_id(ssh, __func__, "oclose");
+	int r;
 
 	if (channel_proxy_upstream(c, type, seq, ssh))
 		return 0;
-	ssh_packet_check_eom(ssh);
+        if ((r = sshpkt_get_end(ssh)) != 0) {
+		error("%s: parse data: %s", __func__, ssh_err(r));
+		ssh_packet_disconnect(ssh, "Invalid oclose message");
+	}
 	chan_rcvd_oclose(ssh, c);
 	return 0;
 }
@@ -3134,7 +3160,7 @@
 	if (channel_proxy_upstream(c, type, seq, ssh))
 		return 0;
 	if (c->type != SSH_CHANNEL_OPENING)
-		packet_disconnect("Received open confirmation for "
+		ssh_packet_disconnect(ssh, "Received open confirmation for "
 		    "non-opening channel %d.", c->self);
 	/*
 	 * Record the remote channel number and mark that the channel
@@ -3142,11 +3168,11 @@
 	 */
 	if ((r = sshpkt_get_u32(ssh, &c->remote_id)) != 0 ||
 	    (r = sshpkt_get_u32(ssh, &remote_window)) != 0 ||
-	    (r = sshpkt_get_u32(ssh, &remote_maxpacket)) != 0) {
+	    (r = sshpkt_get_u32(ssh, &remote_maxpacket)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0) {
 		error("%s: window/maxpacket: %s", __func__, ssh_err(r));
-		packet_disconnect("Invalid open confirmation message");
+		ssh_packet_disconnect(ssh, "Invalid open confirmation message");
 	}
-	ssh_packet_check_eom(ssh);
 
 	c->have_remote_id = 1;
 	c->remote_window = remote_window;
@@ -3189,19 +3215,19 @@
 	if (channel_proxy_upstream(c, type, seq, ssh))
 		return 0;
 	if (c->type != SSH_CHANNEL_OPENING)
-		packet_disconnect("Received open failure for "
+		ssh_packet_disconnect(ssh, "Received open failure for "
 		    "non-opening channel %d.", c->self);
 	if ((r = sshpkt_get_u32(ssh, &reason)) != 0) {
 		error("%s: reason: %s", __func__, ssh_err(r));
-		packet_disconnect("Invalid open failure message");
+		ssh_packet_disconnect(ssh, "Invalid open failure message");
 	}
 	/* skip language */
 	if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 ||
-	    (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0) {
+	    (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0) {
 		error("%s: message/lang: %s", __func__, ssh_err(r));
-		packet_disconnect("Invalid open failure message");
+		ssh_packet_disconnect(ssh, "Invalid open failure message");
 	}
-	ssh_packet_check_eom(ssh);
 	logit("channel %d: open failed: %s%s%s", c->self,
 	    reason2txt(reason), msg ? ": ": "", msg ? msg : "");
 	free(msg);
@@ -3231,11 +3257,11 @@
 
 	if (channel_proxy_upstream(c, type, seq, ssh))
 		return 0;
-	if ((r = sshpkt_get_u32(ssh, &adjust)) != 0) {
+	if ((r = sshpkt_get_u32(ssh, &adjust)) != 0 ||
+            (r = sshpkt_get_end(ssh)) != 0) {
 		error("%s: adjust: %s", __func__, ssh_err(r));
-		packet_disconnect("Invalid window adjust message");
+		ssh_packet_disconnect(ssh, "Invalid window adjust message");
 	}
-	ssh_packet_check_eom(ssh);
 	debug2("channel %d: rcvd adjust %u", c->self, adjust);
 	if ((new_rwin = c->remote_window + adjust) < c->remote_window) {
 		fatal("channel %d: adjust %u overflows remote window %u",
@@ -3253,7 +3279,7 @@
 	struct channel_confirm *cc;
 
 	/* Reset keepalive timeout */
-	packet_set_alive_timeouts(0);
+	ssh_packet_set_alive_timeouts(ssh, 0);
 
 	debug2("%s: type %d id %d", __func__, type, id);
 
@@ -3263,7 +3289,8 @@
 	}
 	if (channel_proxy_upstream(c, type, seq, ssh))
 		return 0;
-	ssh_packet_check_eom(ssh);
+        if (sshpkt_get_end(ssh) != 0)
+		ssh_packet_disconnect(ssh, "Invalid status confirm message");
 	if ((cc = TAILQ_FIRST(&c->status_confirms)) == NULL)
 		return 0;
 	cc->cb(ssh, type, c, cc->ctx);
@@ -3298,7 +3325,7 @@
  * "127.0.0.1" / "::1"     -> accepted even if gateway_ports isn't set
  */
 static const char *
-channel_fwd_bind_addr(const char *listen_addr, int *wildcardp,
+channel_fwd_bind_addr(struct ssh *ssh, const char *listen_addr, int *wildcardp,
     int is_client, struct ForwardOptions *fwd_opts)
 {
 	const char *addr = NULL;
@@ -3321,7 +3348,8 @@
 			if (*listen_addr != '\0' &&
 			    strcmp(listen_addr, "0.0.0.0") != 0 &&
 			    strcmp(listen_addr, "*") != 0) {
-				packet_send_debug("Forwarding listen address "
+				ssh_packet_send_debug(ssh,
+				    "Forwarding listen address "
 				    "\"%s\" overridden by server "
 				    "GatewayPorts", listen_addr);
 			}
@@ -3375,7 +3403,7 @@
 	}
 
 	/* Determine the bind address, cf. channel_fwd_bind_addr() comment */
-	addr = channel_fwd_bind_addr(fwd->listen_host, &wildcard,
+	addr = channel_fwd_bind_addr(ssh, fwd->listen_host, &wildcard,
 	    is_client, fwd_opts);
 	debug3("%s: type %d wildcard %d addr %s", __func__,
 	    type, wildcard, (addr == NULL) ? "NULL" : addr);
@@ -3392,7 +3420,7 @@
 	if ((r = getaddrinfo(addr, strport, &hints, &aitop)) != 0) {
 		if (addr == NULL) {
 			/* This really shouldn't happen */
-			packet_disconnect("getaddrinfo: fatal error: %s",
+			ssh_packet_disconnect(ssh, "getaddrinfo: fatal error: %s",
 			    ssh_gai_strerror(r));
 		} else {
 			error("%s: getaddrinfo(%.64s): %s", __func__, addr,
@@ -3432,7 +3460,7 @@
 		}
 		/* Create a port to listen for the host. */
 		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		if (sock < 0) {
+		if (sock == -1) {
 			/* this is no error since kernel may not support ipv6 */
 			verbose("socket [%s]:%s: %.100s", ntop, strport,
 			    strerror(errno));
@@ -3447,7 +3475,7 @@
 		    ntop, strport);
 
 		/* Bind the socket to the address. */
-		if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+		if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
 			/*
 			 * address can be in if use ipv6 address is
 			 * already bound
@@ -3463,7 +3491,7 @@
 			continue;
 		}
 		/* Start listening for connections on the socket. */
-		if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
+		if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
 			error("listen: %.100s", strerror(errno));
 			error("listen [%s]:%s: %.100s", ntop, strport,
 			    strerror(errno));
@@ -3641,7 +3669,7 @@
 {
 	u_int i;
 	int found = 0;
-	const char *addr = channel_fwd_bind_addr(lhost, NULL, 1, fwd_opts);
+	const char *addr = channel_fwd_bind_addr(ssh, lhost, NULL, 1, fwd_opts);
 
 	for (i = 0; i < ssh->chanctxt->channels_alloc; i++) {
 		Channel *c = ssh->chanctxt->channels[i];
@@ -3793,7 +3821,24 @@
     int *allocated_listen_port, struct ForwardOptions *fwd_opts)
 {
 	if (!check_rfwd_permission(ssh, fwd)) {
-		packet_send_debug("port forwarding refused");
+		ssh_packet_send_debug(ssh, "port forwarding refused");
+		if (fwd->listen_path != NULL)
+			/* XXX always allowed, see remote_open_match() */
+			logit("Received request from %.100s port %d to "
+			    "remote forward to path \"%.100s\", "
+			    "but the request was denied.",
+			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+			    fwd->listen_path);
+		else if(fwd->listen_host != NULL)
+			logit("Received request from %.100s port %d to "
+			    "remote forward to host %.100s port %d, "
+			    "but the request was denied.",
+			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+			    fwd->listen_host, fwd->listen_port );
+		else
+			logit("Received request from %.100s port %d to remote "
+			    "forward, but the request was denied.",
+			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 		return 0;
 	}
 	if (fwd->listen_path != NULL) {
@@ -4389,8 +4434,9 @@
 	}
 
 	if (!permit || !permit_adm) {
-		logit("Received request to connect to host %.100s port %d, "
-		    "but the request was denied.", host, port);
+		logit("Received request from %.100s port %d to connect to "
+		    "host %.100s port %d, but the request was denied.",
+		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), host, port);
 		if (reason != NULL)
 			*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
 		return NULL;
@@ -4465,7 +4511,7 @@
 		if (sc->channels[i] == NULL || !sc->channels[i]->client_tty ||
 		    sc->channels[i]->type != SSH_CHANNEL_OPEN)
 			continue;
-		if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) < 0)
+		if (ioctl(sc->channels[i]->rfd, TIOCGWINSZ, &ws) == -1)
 			continue;
 		channel_request_start(ssh, i, "window-change", 0);
 		if ((r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 ||
@@ -4568,7 +4614,7 @@
 				continue;
 			sock = socket(ai->ai_family, ai->ai_socktype,
 			    ai->ai_protocol);
-			if (sock < 0) {
+			if (sock == -1) {
 				if ((errno != EINVAL) && (errno != EAFNOSUPPORT)
 #ifdef EPFNOSUPPORT
 				    && (errno != EPFNOSUPPORT)
@@ -4587,7 +4633,7 @@
 				sock_set_v6only(sock);
 			if (x11_use_localhost)
 				set_reuseaddr(sock);
-			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+			if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
 				debug2("%s: bind port %d: %.100s", __func__,
 				    port, strerror(errno));
 				close(sock);
@@ -4611,7 +4657,7 @@
 	/* Start listening for connections on the socket. */
 	for (n = 0; n < num_socks; n++) {
 		sock = socks[n];
-		if (listen(sock, SSH_LISTEN_BACKLOG) < 0) {
+		if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
 			error("listen: %.100s", strerror(errno));
 			close(sock);
 			return -1;
@@ -4643,7 +4689,7 @@
 	struct sockaddr_un addr;
 
 	sock = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (sock < 0)
+	if (sock == -1)
 		error("socket: %.100s", strerror(errno));
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
@@ -4784,12 +4830,12 @@
 	for (ai = aitop; ai; ai = ai->ai_next) {
 		/* Create a socket. */
 		sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		if (sock < 0) {
+		if (sock == -1) {
 			debug2("socket: %.100s", strerror(errno));
 			continue;
 		}
 		/* Connect it to the display. */
-		if (connect(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+		if (connect(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
 			debug2("connect %.100s port %u: %.100s", buf,
 			    6000 + display_number, strerror(errno));
 			close(sock);
Index: cipher.h
===================================================================
--- cipher.h
+++ cipher.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.h,v 1.52 2017/05/07 23:12:57 djm Exp $ */
+/* $OpenBSD: cipher.h,v 1.54 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -38,7 +38,9 @@
 #define CIPHER_H
 
 #include <sys/types.h>
+#ifdef WITH_OPENSSL
 #include <openssl/evp.h>
+#endif
 #include "cipher-chachapoly.h"
 #include "cipher-aesctr.h"
 
Index: cipher.c
===================================================================
--- cipher.c
+++ cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.111 2018/02/23 15:58:37 markus Exp $ */
+/* $OpenBSD: cipher.c,v 1.113 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -51,6 +51,9 @@
 
 #include "openbsd-compat/openssl-compat.h"
 
+#ifndef WITH_OPENSSL
+#define EVP_CIPHER_CTX void
+#endif
 
 struct sshcipher_ctx {
 	int	plaintext;
Index: clientloop.c
===================================================================
--- clientloop.c
+++ clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.318 2018/09/21 12:46:22 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.327 2019/07/24 08:57:00 mestre Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -129,7 +129,7 @@
 
 /*
  * Name of the host we are connecting to.  This is the name given on the
- * command line, or the HostName specified for the user-supplied name in a
+ * command line, or the Hostname specified for the user-supplied name in a
  * configuration file.
  */
 extern char *host;
@@ -160,7 +160,7 @@
 static int session_closed;	/* In SSH2: login session closed. */
 static u_int x11_refuse_time;	/* If >0, refuse x11 opens after this time. */
 
-static void client_init_dispatch(void);
+static void client_init_dispatch(struct ssh *ssh);
 int	session_ident = -1;
 
 /* Track escape per proto2 channel */
@@ -338,7 +338,6 @@
 			    "%s/xauthfile", xauthdir)) < 0 ||
 			    (size_t)r >= sizeof(xauthfile)) {
 				error("%s: xauthfile path too long", __func__);
-				unlink(xauthfile);
 				rmdir(xauthdir);
 				return -1;
 			}
@@ -364,7 +363,7 @@
 				    SSH_X11_PROTO, x11_timeout_real,
 				    _PATH_DEVNULL);
 			}
-			debug2("%s: %s", __func__, cmd);
+			debug2("%s: xauth command: %s", __func__, cmd);
 
 			if (timeout != 0 && x11_refuse_time == 0) {
 				now = monotime() + 1;
@@ -475,21 +474,24 @@
 		free(gc);
 	}
 
-	packet_set_alive_timeouts(0);
+	ssh_packet_set_alive_timeouts(ssh, 0);
 	return 0;
 }
 
 static void
-server_alive_check(void)
+server_alive_check(struct ssh *ssh)
 {
-	if (packet_inc_alive_timeouts() > options.server_alive_count_max) {
+	int r;
+
+	if (ssh_packet_inc_alive_timeouts(ssh) > options.server_alive_count_max) {
 		logit("Timeout, server %s not responding.", host);
 		cleanup_exit(255);
 	}
-	packet_start(SSH2_MSG_GLOBAL_REQUEST);
-	packet_put_cstring("keepalive@openssh.com");
-	packet_put_char(1);     /* boolean: want reply */
-	packet_send();
+	if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 ||
+	    (r = sshpkt_put_u8(ssh, 1)) != 0 ||		/* boolean: want reply */
+	    (r = sshpkt_send(ssh)) != 0)
+		fatal("%s: send packet: %s", __func__, ssh_err(r));
 	/* Insert an empty placeholder to maintain ordering */
 	client_register_global_confirm(NULL, NULL);
 }
@@ -509,12 +511,12 @@
 	int r, ret;
 
 	/* Add any selections by the channel mechanism. */
-	channel_prepare_select(active_state, readsetp, writesetp, maxfdp,
+	channel_prepare_select(ssh, readsetp, writesetp, maxfdp,
 	    nallocp, &minwait_secs);
 
 	/* channel_prepare_select could have closed the last channel */
 	if (session_closed && !channel_still_open(ssh) &&
-	    !packet_have_data_to_write()) {
+	    !ssh_packet_have_data_to_write(ssh)) {
 		/* clear mask since we did not call select() */
 		memset(*readsetp, 0, *nallocp);
 		memset(*writesetp, 0, *nallocp);
@@ -524,7 +526,7 @@
 	FD_SET(connection_in, *readsetp);
 
 	/* Select server connection if have data to write to the server. */
-	if (packet_have_data_to_write())
+	if (ssh_packet_have_data_to_write(ssh))
 		FD_SET(connection_out, *writesetp);
 
 	/*
@@ -539,7 +541,8 @@
 		server_alive_time = now + options.server_alive_interval;
 	}
 	if (options.rekey_interval > 0 && !rekeying)
-		timeout_secs = MINIMUM(timeout_secs, packet_get_rekey_timeout());
+		timeout_secs = MINIMUM(timeout_secs,
+		    ssh_packet_get_rekey_timeout(ssh));
 	set_control_persist_exit_time(ssh);
 	if (control_persist_exit_time > 0) {
 		timeout_secs = MINIMUM(timeout_secs,
@@ -558,7 +561,7 @@
 	}
 
 	ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
-	if (ret < 0) {
+	if (ret == -1) {
 		/*
 		 * We have to clear the select masks, because we return.
 		 * We have to return, because the mainloop checks for the flags
@@ -580,7 +583,7 @@
 		 * Keepalive we check here, rekeying is checked in clientloop.
 		 */
 		if (server_alive_time != 0 && server_alive_time <= monotime())
-			server_alive_check();
+			server_alive_check(ssh);
 	}
 
 }
@@ -612,7 +615,7 @@
 }
 
 static void
-client_process_net_input(fd_set *readset)
+client_process_net_input(struct ssh *ssh, fd_set *readset)
 {
 	char buf[SSH_IOBUFSZ];
 	int r, len;
@@ -641,11 +644,11 @@
 		 * There is a kernel bug on Solaris that causes select to
 		 * sometimes wake up even though there is no data available.
 		 */
-		if (len < 0 &&
+		if (len == -1 &&
 		    (errno == EAGAIN || errno == EINTR || errno == EWOULDBLOCK))
 			len = 0;
 
-		if (len < 0) {
+		if (len == -1) {
 			/*
 			 * An error has encountered.  Perhaps there is a
 			 * network problem.
@@ -658,7 +661,7 @@
 			quit_pending = 1;
 			return;
 		}
-		packet_process_incoming(buf, len);
+		ssh_packet_process_incoming(ssh, buf, len);
 	}
 }
 
@@ -1031,7 +1034,7 @@
 				channel_request_start(ssh, c->self, "break", 0);
 				if ((r = sshpkt_put_u32(ssh, 1000)) != 0 ||
 				    (r = sshpkt_send(ssh)) != 0)
-					fatal("%s: %s", __func__,
+					fatal("%s: send packet: %s", __func__,
 					    ssh_err(r));
 				continue;
 
@@ -1093,7 +1096,7 @@
 
 				/* Fork into background. */
 				pid = fork();
-				if (pid < 0) {
+				if (pid == -1) {
 					error("fork: %.100s", strerror(errno));
 					continue;
 				}
@@ -1182,9 +1185,9 @@
  */
 
 static void
-client_process_buffered_input_packets(void)
+client_process_buffered_input_packets(struct ssh *ssh)
 {
-	ssh_dispatch_run_fatal(active_state, DISPATCH_NONBLOCK, &quit_pending);
+	ssh_dispatch_run_fatal(ssh, DISPATCH_NONBLOCK, &quit_pending);
 }
 
 /* scan buf[] for '~' before sending data to the peer */
@@ -1248,7 +1251,7 @@
 	if (options.control_master &&
 	    !option_clear_or_none(options.control_path)) {
 		debug("pledge: id");
-		if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc exec id tty",
+		if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty",
 		    NULL) == -1)
 			fatal("%s pledge(): %s", __func__, strerror(errno));
 
@@ -1281,8 +1284,8 @@
 	/* Initialize variables. */
 	last_was_cr = 1;
 	exit_status = -1;
-	connection_in = packet_get_connection_in();
-	connection_out = packet_get_connection_out();
+	connection_in = ssh_packet_get_connection_in(ssh);
+	connection_out = ssh_packet_get_connection_out(ssh);
 	max_fd = MAXIMUM(connection_in, connection_out);
 
 	quit_pending = 0;
@@ -1291,7 +1294,7 @@
 	if ((stderr_buffer = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
 
-	client_init_dispatch();
+	client_init_dispatch(ssh);
 
 	/*
 	 * Set signal handlers, (e.g. to restore non-blocking mode)
@@ -1327,7 +1330,7 @@
 	while (!quit_pending) {
 
 		/* Process buffered packets sent by the server. */
-		client_process_buffered_input_packets();
+		client_process_buffered_input_packets(ssh);
 
 		if (session_closed && !channel_still_open(ssh))
 			break;
@@ -1346,7 +1349,7 @@
 			 * Make packets from buffered channel data, and
 			 * enqueue them for sending to the server.
 			 */
-			if (packet_not_very_much_data_to_write())
+			if (ssh_packet_not_very_much_data_to_write(ssh))
 				channel_output_poll(ssh);
 
 			/*
@@ -1374,7 +1377,7 @@
 			channel_after_select(ssh, readset, writeset);
 
 		/* Buffer input from the connection.  */
-		client_process_net_input(readset);
+		client_process_net_input(ssh, readset);
 
 		if (quit_pending)
 			break;
@@ -1384,7 +1387,7 @@
 		 * sender.
 		 */
 		if (FD_ISSET(connection_out, writeset))
-			packet_write_poll();
+			ssh_packet_write_poll(ssh);
 
 		/*
 		 * If we are a backgrounded control master, and the
@@ -1406,12 +1409,13 @@
 	/* Stop watching for window change. */
 	signal(SIGWINCH, SIG_DFL);
 
-	packet_start(SSH2_MSG_DISCONNECT);
-	packet_put_int(SSH2_DISCONNECT_BY_APPLICATION);
-	packet_put_cstring("disconnected by user");
-	packet_put_cstring(""); /* language tag */
-	packet_send();
-	packet_write_wait();
+	if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 ||
+	    (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_BY_APPLICATION)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, "disconnected by user")) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language tag */
+	    (r = sshpkt_send(ssh)) != 0 ||
+	    (r = ssh_packet_write_wait(ssh)) != 0)
+		fatal("%s: send disconnect: %s", __func__, ssh_err(r));
 
 	channel_free_all(ssh);
 
@@ -1468,7 +1472,7 @@
 
 	/* Report bytes transferred, and transfer rates. */
 	total_time = monotime_double() - start_time;
-	packet_get_bytes(&ibytes, &obytes);
+	ssh_packet_get_bytes(ssh, &ibytes, &obytes);
 	verbose("Transferred: sent %llu, received %llu bytes, in %.1f seconds",
 	    (unsigned long long)obytes, (unsigned long long)ibytes, total_time);
 	if (total_time > 0)
@@ -1488,21 +1492,29 @@
 	Channel *c = NULL;
 	struct sshbuf *b = NULL;
 	char *listen_address, *originator_address;
-	u_short listen_port, originator_port;
+	u_int listen_port, originator_port;
 	int r;
 
 	/* Get rest of the packet */
-	listen_address = packet_get_string(NULL);
-	listen_port = packet_get_int();
-	originator_address = packet_get_string(NULL);
-	originator_port = packet_get_int();
-	packet_check_eom();
+	if ((r = sshpkt_get_cstring(ssh, &listen_address, NULL)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &listen_port)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &originator_address, NULL)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		fatal("%s: parse packet: %s", __func__, ssh_err(r));
 
 	debug("%s: listen %s port %d, originator %s port %d", __func__,
 	    listen_address, listen_port, originator_address, originator_port);
 
-	c = channel_connect_by_listen_address(ssh, listen_address, listen_port,
-	    "forwarded-tcpip", originator_address);
+	if (listen_port > 0xffff)
+		error("%s: invalid listen port", __func__);
+	else if (originator_port > 0xffff)
+		error("%s: invalid originator port", __func__);
+	else {
+		c = channel_connect_by_listen_address(ssh,
+		    listen_address, listen_port, "forwarded-tcpip",
+		    originator_address);
+	}
 
 	if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) {
 		if ((b = sshbuf_new()) == NULL) {
@@ -1540,15 +1552,15 @@
 {
 	Channel *c = NULL;
 	char *listen_path;
+	int r;
 
 	/* Get the remote path. */
-	listen_path = packet_get_string(NULL);
-	/* XXX: Skip reserved field for now. */
-	if (packet_get_string_ptr(NULL) == NULL)
-		fatal("%s: packet_get_string_ptr failed", __func__);
-	packet_check_eom();
+	if ((r = sshpkt_get_cstring(ssh, &listen_path, NULL)) != 0 ||
+	    (r = sshpkt_get_string(ssh, NULL, NULL)) != 0 ||	/* reserved */
+	    (r = sshpkt_get_end(ssh)) != 0)
+		fatal("%s: parse packet: %s", __func__, ssh_err(r));
 
-	debug("%s: %s", __func__, listen_path);
+	debug("%s: request: %s", __func__, listen_path);
 
 	c = channel_connect_by_listen_path(ssh, listen_path,
 	    "forwarded-streamlocal@openssh.com", "forwarded-streamlocal");
@@ -1561,8 +1573,8 @@
 {
 	Channel *c = NULL;
 	char *originator;
-	u_short originator_port;
-	int sock;
+	u_int originator_port;
+	int r, sock;
 
 	if (!options.forward_x11) {
 		error("Warning: ssh server tried X11 forwarding.");
@@ -1575,11 +1587,13 @@
 		    "expired");
 		return NULL;
 	}
-	originator = packet_get_string(NULL);
-	originator_port = packet_get_int();
-	packet_check_eom();
+	if ((r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		fatal("%s: parse packet: %s", __func__, ssh_err(r));
 	/* XXX check permission */
-	debug("client_request_x11: request from %s %d", originator,
+	/* XXX range check originator port? */
+	debug("client_request_x11: request from %s %u", originator,
 	    originator_port);
 	free(originator);
 	sock = x11_connect_display(ssh);
@@ -1623,7 +1637,7 @@
     int local_tun, int remote_tun)
 {
 	Channel *c;
-	int fd;
+	int r, fd;
 	char *ifname = NULL;
 
 	if (tun_mode == SSH_TUNMODE_NO)
@@ -1648,14 +1662,15 @@
 		    sys_tun_outfilter, NULL, NULL);
 #endif
 
-	packet_start(SSH2_MSG_CHANNEL_OPEN);
-	packet_put_cstring("tun@openssh.com");
-	packet_put_int(c->self);
-	packet_put_int(c->local_window_max);
-	packet_put_int(c->local_maxpacket);
-	packet_put_int(tun_mode);
-	packet_put_int(remote_tun);
-	packet_send();
+	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, "tun@openssh.com")) != 0 ||
+	    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||
+	    (r = sshpkt_put_u32(ssh, c->local_window_max)) != 0 ||
+	    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 ||
+	    (r = sshpkt_put_u32(ssh, tun_mode)) != 0 ||
+	    (r = sshpkt_put_u32(ssh, remote_tun)) != 0 ||
+	    (r = sshpkt_send(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: send reply", __func__);
 
 	return ifname;
 }
@@ -1665,14 +1680,17 @@
 client_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Channel *c = NULL;
-	char *ctype;
-	int rchan;
-	u_int rmaxpack, rwindow, len;
+	char *ctype = NULL;
+	int r;
+	u_int rchan;
+	size_t len;
+	u_int rmaxpack, rwindow;
 
-	ctype = packet_get_string(&len);
-	rchan = packet_get_int();
-	rwindow = packet_get_int();
-	rmaxpack = packet_get_int();
+	if ((r = sshpkt_get_cstring(ssh, &ctype, &len)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &rchan)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &rwindow)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0)
+		goto out;
 
 	debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
 	    ctype, rchan, rwindow, rmaxpack);
@@ -1696,57 +1714,66 @@
 		c->remote_window = rwindow;
 		c->remote_maxpacket = rmaxpack;
 		if (c->type != SSH_CHANNEL_CONNECTING) {
-			packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
-			packet_put_int(c->remote_id);
-			packet_put_int(c->self);
-			packet_put_int(c->local_window);
-			packet_put_int(c->local_maxpacket);
-			packet_send();
+			if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION)) != 0 ||
+			    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
+			    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||
+			    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||
+			    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 ||
+			    (r = sshpkt_send(ssh)) != 0)
+				sshpkt_fatal(ssh, r, "%s: send reply", __func__);
 		}
 	} else {
 		debug("failure %s", ctype);
-		packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
-		packet_put_int(rchan);
-		packet_put_int(SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED);
-		packet_put_cstring("open failed");
-		packet_put_cstring("");
-		packet_send();
+		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||
+		    (r = sshpkt_put_u32(ssh, rchan)) != 0 ||
+		    (r = sshpkt_put_u32(ssh, SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED)) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, "open failed")) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, "")) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0)
+			sshpkt_fatal(ssh, r, "%s: send failure", __func__);
 	}
+	r = 0;
+ out:
 	free(ctype);
-	return 0;
+	return r;
 }
 
 static int
 client_input_channel_req(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Channel *c = NULL;
-	int exitval, id, reply, success = 0;
-	char *rtype;
+	char *rtype = NULL;
+	u_char reply;
+	u_int id, exitval;
+	int r, success = 0;
 
-	id = packet_get_int();
-	c = channel_lookup(ssh, id);
+	if ((r = sshpkt_get_u32(ssh, &id)) != 0)
+		return r;
+	if (id <= INT_MAX)
+		c = channel_lookup(ssh, id);
 	if (channel_proxy_upstream(c, type, seq, ssh))
 		return 0;
-	rtype = packet_get_string(NULL);
-	reply = packet_get_char();
+	if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||
+	    (r = sshpkt_get_u8(ssh, &reply)) != 0)
+		goto out;
 
-	debug("client_input_channel_req: channel %d rtype %s reply %d",
+	debug("client_input_channel_req: channel %u rtype %s reply %d",
 	    id, rtype, reply);
 
-	if (id == -1) {
-		error("client_input_channel_req: request for channel -1");
-	} else if (c == NULL) {
+	if (c == NULL) {
 		error("client_input_channel_req: channel %d: "
 		    "unknown channel", id);
 	} else if (strcmp(rtype, "eow@openssh.com") == 0) {
-		packet_check_eom();
+		if ((r = sshpkt_get_end(ssh)) != 0)
+			goto out;
 		chan_rcvd_eow(ssh, c);
 	} else if (strcmp(rtype, "exit-status") == 0) {
-		exitval = packet_get_int();
+		if ((r = sshpkt_get_u32(ssh, &exitval)) != 0)
+			goto out;
 		if (c->ctl_chan != -1) {
 			mux_exit_message(ssh, c, exitval);
 			success = 1;
-		} else if (id == session_ident) {
+		} else if ((int)id == session_ident) {
 			/* Record exit value of local session */
 			success = 1;
 			exit_status = exitval;
@@ -1755,19 +1782,23 @@
 			debug("%s: no sink for exit-status on channel %d",
 			    __func__, id);
 		}
-		packet_check_eom();
+		if ((r = sshpkt_get_end(ssh)) != 0)
+			goto out;
 	}
 	if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) {
 		if (!c->have_remote_id)
 			fatal("%s: channel %d: no remote_id",
 			    __func__, c->self);
-		packet_start(success ?
-		    SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
-		packet_put_int(c->remote_id);
-		packet_send();
+		if ((r = sshpkt_start(ssh, success ?
+		    SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 ||
+		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0)
+			sshpkt_fatal(ssh, r, "%s: send failure", __func__);
 	}
+	r = 0;
+ out:
 	free(rtype);
-	return 0;
+	return r;
 }
 
 struct hostkeys_update_ctx {
@@ -1849,7 +1880,7 @@
 update_known_hosts(struct hostkeys_update_ctx *ctx)
 {
 	int r, was_raw = 0;
-	int loglevel = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK ?
+	LogLevel loglevel = options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK ?
 	    SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_VERBOSE;
 	char *fp, *response;
 	size_t i;
@@ -1984,7 +2015,10 @@
 	if (ndone != ctx->nnew)
 		fatal("%s: ndone != ctx->nnew (%zu / %zu)", __func__,
 		    ndone, ctx->nnew);  /* Shouldn't happen */
-	ssh_packet_check_eom(ssh);
+	if ((r = sshpkt_get_end(ssh)) != 0) {
+		error("%s: protocol error", __func__);
+		goto out;
+	}
 
 	/* Make the edits to known_hosts */
 	update_known_hosts(ctx);
@@ -2018,9 +2052,8 @@
  * HostkeyAlgorithms preference before they are accepted.
  */
 static int
-client_input_hostkeys(void)
+client_input_hostkeys(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state; /* XXX */
 	const u_char *blob = NULL;
 	size_t i, len = 0;
 	struct sshbuf *buf = NULL;
@@ -2171,23 +2204,27 @@
 client_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
 {
 	char *rtype;
-	int want_reply;
-	int success = 0;
+	u_char want_reply;
+	int r, success = 0;
 
-	rtype = packet_get_cstring(NULL);
-	want_reply = packet_get_char();
+	if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||
+	    (r = sshpkt_get_u8(ssh, &want_reply)) != 0)
+		goto out;
 	debug("client_input_global_request: rtype %s want_reply %d",
 	    rtype, want_reply);
 	if (strcmp(rtype, "hostkeys-00@openssh.com") == 0)
-		success = client_input_hostkeys();
+		success = client_input_hostkeys(ssh);
 	if (want_reply) {
-		packet_start(success ?
-		    SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
-		packet_send();
-		packet_write_wait();
+		if ((r = sshpkt_start(ssh, success ? SSH2_MSG_REQUEST_SUCCESS :
+		    SSH2_MSG_REQUEST_FAILURE)) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0 ||
+		    (r = ssh_packet_write_wait(ssh)) != 0)
+			goto out;
 	}
+	r = 0;
+ out:
 	free(rtype);
-	return 0;
+	return r;
 }
 
 void
@@ -2195,7 +2232,7 @@
     const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd,
     char **env)
 {
-	int i, j, matched, len;
+	int i, j, matched, len, r;
 	char *name, *val;
 	Channel *c = NULL;
 
@@ -2204,27 +2241,30 @@
 	if ((c = channel_lookup(ssh, id)) == NULL)
 		fatal("%s: channel %d: unknown channel", __func__, id);
 
-	packet_set_interactive(want_tty,
+	ssh_packet_set_interactive(ssh, want_tty,
 	    options.ip_qos_interactive, options.ip_qos_bulk);
 
 	if (want_tty) {
 		struct winsize ws;
 
 		/* Store window size in the packet. */
-		if (ioctl(in_fd, TIOCGWINSZ, &ws) < 0)
+		if (ioctl(in_fd, TIOCGWINSZ, &ws) == -1)
 			memset(&ws, 0, sizeof(ws));
 
 		channel_request_start(ssh, id, "pty-req", 1);
 		client_expect_confirm(ssh, id, "PTY allocation", CONFIRM_TTY);
-		packet_put_cstring(term != NULL ? term : "");
-		packet_put_int((u_int)ws.ws_col);
-		packet_put_int((u_int)ws.ws_row);
-		packet_put_int((u_int)ws.ws_xpixel);
-		packet_put_int((u_int)ws.ws_ypixel);
+		if ((r = sshpkt_put_cstring(ssh, term != NULL ? term : ""))
+		    != 0 ||
+		    (r = sshpkt_put_u32(ssh, (u_int)ws.ws_col)) != 0 ||
+		    (r = sshpkt_put_u32(ssh, (u_int)ws.ws_row)) != 0 ||
+		    (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 ||
+		    (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0)
+			fatal("%s: build packet: %s", __func__, ssh_err(r));
 		if (tiop == NULL)
 			tiop = get_saved_tio();
 		ssh_tty_make_modes(ssh, -1, tiop);
-		packet_send();
+		if ((r = sshpkt_send(ssh)) != 0)
+			fatal("%s: send packet: %s", __func__, ssh_err(r));
 		/* XXX wait for reply */
 		c->client_tty = 1;
 	}
@@ -2256,9 +2296,12 @@
 
 			debug("Sending env %s = %s", name, val);
 			channel_request_start(ssh, id, "env", 0);
-			packet_put_cstring(name);
-			packet_put_cstring(val);
-			packet_send();
+			if ((r = sshpkt_put_cstring(ssh, name)) != 0 ||
+			    (r = sshpkt_put_cstring(ssh, val)) != 0 ||
+			    (r = sshpkt_send(ssh)) != 0) {
+				fatal("%s: send packet: %s",
+				    __func__, ssh_err(r));
+			}
 			free(name);
 		}
 	}
@@ -2273,9 +2316,10 @@
 
 		debug("Setting env %s = %s", name, val);
 		channel_request_start(ssh, id, "env", 0);
-		packet_put_cstring(name);
-		packet_put_cstring(val);
-		packet_send();
+		if ((r = sshpkt_put_cstring(ssh, name)) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, val)) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0)
+			fatal("%s: send packet: %s", __func__, ssh_err(r));
 		free(name);
 	}
 
@@ -2295,39 +2339,43 @@
 			channel_request_start(ssh, id, "exec", 1);
 			client_expect_confirm(ssh, id, "exec", CONFIRM_CLOSE);
 		}
-		packet_put_string(sshbuf_ptr(cmd), sshbuf_len(cmd));
-		packet_send();
+		if ((r = sshpkt_put_stringb(ssh, cmd)) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0)
+			fatal("%s: send command: %s", __func__, ssh_err(r));
 	} else {
 		channel_request_start(ssh, id, "shell", 1);
 		client_expect_confirm(ssh, id, "shell", CONFIRM_CLOSE);
-		packet_send();
+		if ((r = sshpkt_send(ssh)) != 0) {
+			fatal("%s: send shell request: %s",
+			    __func__, ssh_err(r));
+		}
 	}
 }
 
 static void
-client_init_dispatch(void)
+client_init_dispatch(struct ssh *ssh)
 {
-	dispatch_init(&dispatch_protocol_error);
+	ssh_dispatch_init(ssh, &dispatch_protocol_error);
 
-	dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
-	dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
-	dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
-	dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
-	dispatch_set(SSH2_MSG_CHANNEL_OPEN, &client_input_channel_open);
-	dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
-	dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
-	dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req);
-	dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
-	dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm);
-	dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm);
-	dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &client_input_global_request);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_DATA, &channel_input_data);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN, &client_input_channel_open);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_REQUEST, &client_input_channel_req);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_SUCCESS, &channel_input_status_confirm);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_FAILURE, &channel_input_status_confirm);
+	ssh_dispatch_set(ssh, SSH2_MSG_GLOBAL_REQUEST, &client_input_global_request);
 
 	/* rekeying */
-	dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
+	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
 
 	/* global request reply messages */
-	dispatch_set(SSH2_MSG_REQUEST_FAILURE, &client_global_request_reply);
-	dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &client_global_request_reply);
+	ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_FAILURE, &client_global_request_reply);
+	ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_SUCCESS, &client_global_request_reply);
 }
 
 void
Index: config.h.in
===================================================================
--- config.h.in
+++ config.h.in
@@ -45,9 +45,6 @@
    against it */
 #undef BROKEN_READ_COMPARISON
 
-/* realpath does not work with nonexistent files */
-#undef BROKEN_REALPATH
-
 /* Needed for NeXT */
 #undef BROKEN_SAVED_UIDS
 
@@ -393,19 +390,19 @@
 /* Define if you have /dev/ptc */
 #undef HAVE_DEV_PTS_AND_PTC
 
-/* Define if libcrypto has DH_get0_key */
+/* Define to 1 if you have the `DH_get0_key' function. */
 #undef HAVE_DH_GET0_KEY
 
-/* Define if libcrypto has DH_get0_pqg */
+/* Define to 1 if you have the `DH_get0_pqg' function. */
 #undef HAVE_DH_GET0_PQG
 
-/* Define if libcrypto has DH_set0_key */
+/* Define to 1 if you have the `DH_set0_key' function. */
 #undef HAVE_DH_SET0_KEY
 
-/* Define if libcrypto has DH_set0_pqg */
+/* Define to 1 if you have the `DH_set0_pqg' function. */
 #undef HAVE_DH_SET0_PQG
 
-/* Define if libcrypto has DH_set_length */
+/* Define to 1 if you have the `DH_set_length' function. */
 #undef HAVE_DH_SET_LENGTH
 
 /* Define to 1 if you have the <dirent.h> header file. */
@@ -420,30 +417,33 @@
 /* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
 #undef HAVE_DSA_GENERATE_PARAMETERS_EX
 
-/* Define if libcrypto has DSA_get0_key */
+/* Define to 1 if you have the `DSA_get0_key' function. */
 #undef HAVE_DSA_GET0_KEY
 
-/* Define if libcrypto has DSA_get0_pqg */
+/* Define to 1 if you have the `DSA_get0_pqg' function. */
 #undef HAVE_DSA_GET0_PQG
 
-/* Define if libcrypto has DSA_set0_key */
+/* Define to 1 if you have the `DSA_set0_key' function. */
 #undef HAVE_DSA_SET0_KEY
 
-/* Define if libcrypto has DSA_set0_pqg */
+/* Define to 1 if you have the `DSA_set0_pqg' function. */
 #undef HAVE_DSA_SET0_PQG
 
-/* Define if libcrypto has DSA_SIG_get0 */
+/* Define to 1 if you have the `DSA_SIG_get0' function. */
 #undef HAVE_DSA_SIG_GET0
 
-/* Define if libcrypto has DSA_SIG_set0 */
+/* Define to 1 if you have the `DSA_SIG_set0' function. */
 #undef HAVE_DSA_SIG_SET0
 
-/* Define if libcrypto has ECDSA_SIG_get0 */
+/* Define to 1 if you have the `ECDSA_SIG_get0' function. */
 #undef HAVE_ECDSA_SIG_GET0
 
-/* Define if libcrypto has ECDSA_SIG_set0 */
+/* Define to 1 if you have the `ECDSA_SIG_set0' function. */
 #undef HAVE_ECDSA_SIG_SET0
 
+/* Define to 1 if you have the `EC_KEY_METHOD_new' function. */
+#undef HAVE_EC_KEY_METHOD_NEW
+
 /* Define to 1 if you have the <elf.h> header file. */
 #undef HAVE_ELF_H
 
@@ -471,18 +471,21 @@
 /* Define if your system has /etc/default/login */
 #undef HAVE_ETC_DEFAULT_LOGIN
 
-/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */
+/* Define to 1 if you have the `EVP_CIPHER_CTX_ctrl' function. */
 #undef HAVE_EVP_CIPHER_CTX_CTRL
 
-/* Define if libcrypto has EVP_CIPHER_CTX_set_iv */
+/* Define to 1 if you have the `EVP_CIPHER_CTX_get_iv' function. */
 #undef HAVE_EVP_CIPHER_CTX_GET_IV
 
-/* Define if libcrypto has EVP_CIPHER_CTX_iv */
+/* Define to 1 if you have the `EVP_CIPHER_CTX_iv' function. */
 #undef HAVE_EVP_CIPHER_CTX_IV
 
-/* Define if libcrypto has EVP_CIPHER_CTX_iv_noconst */
+/* Define to 1 if you have the `EVP_CIPHER_CTX_iv_noconst' function. */
 #undef HAVE_EVP_CIPHER_CTX_IV_NOCONST
 
+/* Define to 1 if you have the `EVP_CIPHER_CTX_set_iv' function. */
+#undef HAVE_EVP_CIPHER_CTX_SET_IV
+
 /* Define to 1 if you have the `EVP_DigestFinal_ex' function. */
 #undef HAVE_EVP_DIGESTFINAL_EX
 
@@ -495,16 +498,16 @@
 /* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */
 #undef HAVE_EVP_MD_CTX_COPY_EX
 
-/* Define if libcrypto has EVP_MD_CTX_free */
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
 #undef HAVE_EVP_MD_CTX_FREE
 
 /* Define to 1 if you have the `EVP_MD_CTX_init' function. */
 #undef HAVE_EVP_MD_CTX_INIT
 
-/* Define if libcrypto has EVP_MD_CTX_new */
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
 #undef HAVE_EVP_MD_CTX_NEW
 
-/* Define if libcrypto has EVP_PKEY_get0_RSA */
+/* Define to 1 if you have the `EVP_PKEY_get0_RSA' function. */
 #undef HAVE_EVP_PKEY_GET0_RSA
 
 /* Define to 1 if you have the `EVP_ripemd160' function. */
@@ -513,6 +516,12 @@
 /* Define to 1 if you have the `EVP_sha256' function. */
 #undef HAVE_EVP_SHA256
 
+/* Define to 1 if you have the `EVP_sha384' function. */
+#undef HAVE_EVP_SHA384
+
+/* Define to 1 if you have the `EVP_sha512' function. */
+#undef HAVE_EVP_SHA512
+
 /* Define if you have ut_exit in utmp.h */
 #undef HAVE_EXIT_IN_UTMP
 
@@ -522,9 +531,15 @@
 /* Define to 1 if you have the `fchmod' function. */
 #undef HAVE_FCHMOD
 
+/* Define to 1 if you have the `fchmodat' function. */
+#undef HAVE_FCHMODAT
+
 /* Define to 1 if you have the `fchown' function. */
 #undef HAVE_FCHOWN
 
+/* Define to 1 if you have the `fchownat' function. */
+#undef HAVE_FCHOWNAT
+
 /* Use F_CLOSEM fcntl for closefrom */
 #undef HAVE_FCNTL_CLOSEM
 
@@ -801,6 +816,9 @@
 /* Define to 1 if you have the `pam' library (-lpam). */
 #undef HAVE_LIBPAM
 
+/* Define to 1 if you have the <libproc.h> header file. */
+#undef HAVE_LIBPROC_H
+
 /* Define to 1 if you have the `socket' library (-lsocket). */
 #undef HAVE_LIBSOCKET
 
@@ -877,6 +895,9 @@
 /* Define if you want to allow MD5 passwords */
 #undef HAVE_MD5_PASSWORDS
 
+/* Define to 1 if you have the `memmem' function. */
+#undef HAVE_MEMMEM
+
 /* Define to 1 if you have the `memmove' function. */
 #undef HAVE_MEMMOVE
 
@@ -935,9 +956,18 @@
 /* Define to 1 if you have the `openpty' function. */
 #undef HAVE_OPENPTY
 
-/* Define if your ssl headers are included with #include <openssl/header.h> */
-#undef HAVE_OPENSSL
+/* as a macro */
+#undef HAVE_OPENSSL_ADD_ALL_ALGORITHMS
 
+/* Define to 1 if you have the `OPENSSL_init_crypto' function. */
+#undef HAVE_OPENSSL_INIT_CRYPTO
+
+/* Define to 1 if you have the `OpenSSL_version' function. */
+#undef HAVE_OPENSSL_VERSION
+
+/* Define to 1 if you have the `OpenSSL_version_num' function. */
+#undef HAVE_OPENSSL_VERSION_NUM
+
 /* Define if you have Digital Unix Security Integration Architecture */
 #undef HAVE_OSF_SIA
 
@@ -980,6 +1010,9 @@
 /* Define if you have /proc/$pid/fd */
 #undef HAVE_PROC_PID
 
+/* Define to 1 if you have the `proc_pidinfo' function. */
+#undef HAVE_PROC_PIDINFO
+
 /* Define to 1 if you have the `pstat' function. */
 #undef HAVE_PSTAT
 
@@ -1008,9 +1041,6 @@
 /* Define to 1 if you have the `reallocarray' function. */
 #undef HAVE_REALLOCARRAY
 
-/* Define to 1 if you have the `realpath' function. */
-#undef HAVE_REALPATH
-
 /* Define to 1 if you have the `recallocarray' function. */
 #undef HAVE_RECALLOCARRAY
 
@@ -1029,46 +1059,46 @@
 /* Define to 1 if you have the `RSA_generate_key_ex' function. */
 #undef HAVE_RSA_GENERATE_KEY_EX
 
-/* Define if libcrypto has RSA_get0_crt_params */
+/* Define to 1 if you have the `RSA_get0_crt_params' function. */
 #undef HAVE_RSA_GET0_CRT_PARAMS
 
-/* Define if libcrypto has RSA_get0_factors */
+/* Define to 1 if you have the `RSA_get0_factors' function. */
 #undef HAVE_RSA_GET0_FACTORS
 
-/* Define if libcrypto has RSA_get0_key */
+/* Define to 1 if you have the `RSA_get0_key' function. */
 #undef HAVE_RSA_GET0_KEY
 
 /* Define to 1 if you have the `RSA_get_default_method' function. */
 #undef HAVE_RSA_GET_DEFAULT_METHOD
 
-/* Define if libcrypto has RSA_meth_dup */
+/* Define to 1 if you have the `RSA_meth_dup' function. */
 #undef HAVE_RSA_METH_DUP
 
-/* Define if libcrypto has RSA_meth_free */
+/* Define to 1 if you have the `RSA_meth_free' function. */
 #undef HAVE_RSA_METH_FREE
 
-/* Define if libcrypto has RSA_meth_get_finish */
+/* Define to 1 if you have the `RSA_meth_get_finish' function. */
 #undef HAVE_RSA_METH_GET_FINISH
 
-/* Define if libcrypto has RSA_meth_set1_name */
+/* Define to 1 if you have the `RSA_meth_set1_name' function. */
 #undef HAVE_RSA_METH_SET1_NAME
 
-/* Define if libcrypto has RSA_meth_set_finish */
+/* Define to 1 if you have the `RSA_meth_set_finish' function. */
 #undef HAVE_RSA_METH_SET_FINISH
 
-/* Define if libcrypto has RSA_meth_set_priv_dec */
+/* Define to 1 if you have the `RSA_meth_set_priv_dec' function. */
 #undef HAVE_RSA_METH_SET_PRIV_DEC
 
-/* Define if libcrypto has RSA_meth_set_priv_enc */
+/* Define to 1 if you have the `RSA_meth_set_priv_enc' function. */
 #undef HAVE_RSA_METH_SET_PRIV_ENC
 
-/* Define if libcrypto has RSA_get0_srt_params */
+/* Define to 1 if you have the `RSA_set0_crt_params' function. */
 #undef HAVE_RSA_SET0_CRT_PARAMS
 
-/* Define if libcrypto has RSA_set0_factors */
+/* Define to 1 if you have the `RSA_set0_factors' function. */
 #undef HAVE_RSA_SET0_FACTORS
 
-/* Define if libcrypto has RSA_set0_key */
+/* Define to 1 if you have the `RSA_set0_key' function. */
 #undef HAVE_RSA_SET0_KEY
 
 /* Define to 1 if you have the <sandbox.h> header file. */
@@ -1170,12 +1200,18 @@
 /* Define to 1 if you have the `set_id' function. */
 #undef HAVE_SET_ID
 
-/* Define to 1 if you have the `SHA256_Update' function. */
-#undef HAVE_SHA256_UPDATE
+/* Define to 1 if you have the `SHA256Update' function. */
+#undef HAVE_SHA256UPDATE
 
 /* Define to 1 if you have the <sha2.h> header file. */
 #undef HAVE_SHA2_H
 
+/* Define to 1 if you have the `SHA384Update' function. */
+#undef HAVE_SHA384UPDATE
+
+/* Define to 1 if you have the `SHA512Update' function. */
+#undef HAVE_SHA512UPDATE
+
 /* Define to 1 if you have the <shadow.h> header file. */
 #undef HAVE_SHADOW_H
 
@@ -1511,6 +1547,9 @@
 
 /* Define to 1 if you have the <util.h> header file. */
 #undef HAVE_UTIL_H
+
+/* Define to 1 if you have the `utimensat' function. */
+#undef HAVE_UTIMENSAT
 
 /* Define to 1 if you have the `utimes' function. */
 #undef HAVE_UTIMES
Index: configure
===================================================================
--- configure
+++ configure
@@ -2625,197 +2625,7 @@
 ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 if test -n "$ac_tool_prefix"; then
-  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_CC="${ac_tool_prefix}gcc"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$ac_cv_prog_CC"; then
-  ac_ct_CC=$CC
-  # Extract the first word of "gcc", so it can be a program name with args.
-set dummy gcc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_ac_ct_CC+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if test -n "$ac_ct_CC"; then
-  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_ac_ct_CC="gcc"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-fi
-fi
-ac_ct_CC=$ac_cv_prog_ac_ct_CC
-if test -n "$ac_ct_CC"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
-$as_echo "$ac_ct_CC" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-  if test "x$ac_ct_CC" = x; then
-    CC=""
-  else
-    case $cross_compiling:$ac_tool_warned in
-yes:)
-{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
-$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
-ac_tool_warned=yes ;;
-esac
-    CC=$ac_ct_CC
-  fi
-else
-  CC="$ac_cv_prog_CC"
-fi
-
-if test -z "$CC"; then
-          if test -n "$ac_tool_prefix"; then
-    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
-set dummy ${ac_tool_prefix}cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_prog_CC="${ac_tool_prefix}cc"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-  fi
-fi
-if test -z "$CC"; then
-  # Extract the first word of "cc", so it can be a program name with args.
-set dummy cc; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_prog_CC+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  if test -n "$CC"; then
-  ac_cv_prog_CC="$CC" # Let the user override the test.
-else
-  ac_prog_rejected=no
-as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $PATH
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
-       ac_prog_rejected=yes
-       continue
-     fi
-    ac_cv_prog_CC="cc"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-if test $ac_prog_rejected = yes; then
-  # We found a bogon in the path, so make sure we never use it.
-  set dummy $ac_cv_prog_CC
-  shift
-  if test $# != 0; then
-    # We chose a different compiler from the bogus one.
-    # However, it has the same basename, so the bogon will be chosen
-    # first if we set CC to just the basename; use the full file name.
-    shift
-    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
-  fi
-fi
-fi
-fi
-CC=$ac_cv_prog_CC
-if test -n "$CC"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
-$as_echo "$CC" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-fi
-if test -z "$CC"; then
-  if test -n "$ac_tool_prefix"; then
-  for ac_prog in cl.exe
+  for ac_prog in cc gcc
   do
     # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
 set dummy $ac_tool_prefix$ac_prog; ac_word=$2
@@ -2859,7 +2669,7 @@
 fi
 if test -z "$CC"; then
   ac_ct_CC=$CC
-  for ac_prog in cl.exe
+  for ac_prog in cc gcc
 do
   # Extract the first word of "$ac_prog", so it can be a program name with args.
 set dummy $ac_prog; ac_word=$2
@@ -2914,9 +2724,7 @@
   fi
 fi
 
-fi
 
-
 test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
 as_fn_error $? "no acceptable C compiler found in \$PATH
@@ -5066,8 +4874,8 @@
 fi
 
 
-# Extract the first word of "nroff", so it can be a program name with args.
-set dummy nroff; ac_word=$2
+# Extract the first word of "nroff awf", so it can be a program name with args.
+set dummy nroff awf; ac_word=$2
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
 $as_echo_n "checking for $ac_word... " >&6; }
 if ${ac_cv_path_NROFF+:} false; then :
@@ -5156,8 +4964,8 @@
 elif test "x$GROFF" != "x" ; then
 	MANFMT="$GROFF -mandoc -Tascii"
 else
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatted found" >&5
-$as_echo "$as_me: WARNING: no manpage formatted found" >&2;}
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no manpage formatter found" >&5
+$as_echo "$as_me: WARNING: no manpage formatter found" >&2;}
 	MANFMT="false"
 fi
 
@@ -5742,12 +5550,12 @@
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 }
 	{
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Qunused-arguments" >&5
-$as_echo_n "checking if $CC supports compile flag -Qunused-arguments... " >&6; }
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunknown-warning-option" >&5
+$as_echo_n "checking if $CC supports compile flag -Wunknown-warning-option... " >&6; }
 	saved_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS $WERROR -Qunused-arguments"
+	CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option"
 	_define_flag=""
-	test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments"
+	test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option"
 	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -5785,12 +5593,12 @@
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 }
 	{
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wunknown-warning-option" >&5
-$as_echo_n "checking if $CC supports compile flag -Wunknown-warning-option... " >&6; }
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wno-error=format-truncation" >&5
+$as_echo_n "checking if $CC supports compile flag -Wno-error=format-truncation... " >&6; }
 	saved_CFLAGS="$CFLAGS"
-	CFLAGS="$CFLAGS $WERROR -Wunknown-warning-option"
+	CFLAGS="$CFLAGS $WERROR -Wno-error=format-truncation"
 	_define_flag=""
-	test "x$_define_flag" = "x" && _define_flag="-Wunknown-warning-option"
+	test "x$_define_flag" = "x" && _define_flag="-Wno-error=format-truncation"
 	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
 
@@ -5828,6 +5636,49 @@
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 }
 	{
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Qunused-arguments" >&5
+$as_echo_n "checking if $CC supports compile flag -Qunused-arguments... " >&6; }
+	saved_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS $WERROR -Qunused-arguments"
+	_define_flag=""
+	test "x$_define_flag" = "x" && _define_flag="-Qunused-arguments"
+	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+	/* Some math to catch -ftrapv problems in the toolchain */
+	int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+	float l = i * 2.1;
+	double m = l / 0.5;
+	long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+	printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+	exit(0);
+}
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null
+then
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		CFLAGS="$saved_CFLAGS"
+else
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		 CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		  CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+	{
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wall" >&5
 $as_echo_n "checking if $CC supports compile flag -Wall... " >&6; }
 	saved_CFLAGS="$CFLAGS"
@@ -5871,6 +5722,49 @@
 rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
 }
 	{
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wextra" >&5
+$as_echo_n "checking if $CC supports compile flag -Wextra... " >&6; }
+	saved_CFLAGS="$CFLAGS"
+	CFLAGS="$CFLAGS $WERROR -Wextra"
+	_define_flag=""
+	test "x$_define_flag" = "x" && _define_flag="-Wextra"
+	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <stdlib.h>
+#include <stdio.h>
+int main(int argc, char **argv) {
+	/* Some math to catch -ftrapv problems in the toolchain */
+	int i = 123 * argc, j = 456 + argc, k = 789 - argc;
+	float l = i * 2.1;
+	double m = l / 0.5;
+	long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
+	printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+	exit(0);
+}
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+if $ac_cv_path_EGREP -i "unrecognized option|warning.*ignored" conftest.err >/dev/null
+then
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		CFLAGS="$saved_CFLAGS"
+else
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+		 CFLAGS="$saved_CFLAGS $_define_flag"
+fi
+else
+   { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+		  CFLAGS="$saved_CFLAGS"
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+}
+	{
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC supports compile flag -Wpointer-arith" >&5
 $as_echo_n "checking if $CC supports compile flag -Wpointer-arith... " >&6; }
 	saved_CFLAGS="$CFLAGS"
@@ -6735,11 +6629,12 @@
 if test "${with_rpath+set}" = set; then :
   withval=$with_rpath;
 		if test "x$withval" = "xno" ; then
-			need_dash_r=""
+			rpath_opt=""
+		elif test "x$withval" = "xyes" ; then
+			rpath_opt="-R"
+		else
+			rpath_opt="$withval"
 		fi
-		if test "x$withval" = "xyes" ; then
-			need_dash_r=1
-		fi
 
 
 fi
@@ -7341,9 +7236,6 @@
 
 	check_for_aix_broken_getaddrinfo=1
 
-$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
-
-
 $as_echo "#define SETEUID_BREAKS_SETUID 1" >>confdefs.h
 
 
@@ -7608,6 +7500,30 @@
 
 fi
 
+	# proc_pidinfo()-based closefrom() replacement.
+	for ac_header in libproc.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "libproc.h" "ac_cv_header_libproc_h" "$ac_includes_default"
+if test "x$ac_cv_header_libproc_h" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBPROC_H 1
+_ACEOF
+
+fi
+
+done
+
+	for ac_func in proc_pidinfo
+do :
+  ac_fn_c_check_func "$LINENO" "proc_pidinfo" "ac_cv_func_proc_pidinfo"
+if test "x$ac_cv_func_proc_pidinfo" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_PROC_PIDINFO 1
+_ACEOF
+
+fi
+done
+
 	;;
 *-*-dragonfly*)
 	SSHDLIBS="$SSHDLIBS -lcrypt"
@@ -7888,7 +7804,7 @@
 	fi
 	ac_fn_c_check_header_compile "$LINENO" "linux/if.h" "ac_cv_header_linux_if_h" "
 #ifdef HAVE_SYS_TYPES_H
-# include <sys/types.H>
+# include <sys/types.h>
 #endif
 
 "
@@ -8059,7 +7975,7 @@
 *-*-netbsd*)
 	check_for_libcrypt_before=1
 	if test "x$withval" != "xno" ; then
-		need_dash_r=1
+		rpath_opt="-R"
 	fi
 	CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
 
@@ -8127,8 +8043,6 @@
 
 $as_echo "#define HAVE_NEXT 1" >>confdefs.h
 
-	$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
-
 	$as_echo "#define USE_PIPES 1" >>confdefs.h
 
 
@@ -8153,7 +8067,7 @@
 	;;
 *-*-solaris*)
 	if test "x$withval" != "xno" ; then
-		need_dash_r=1
+		rpath_opt="-R"
 	fi
 	$as_echo "#define PAM_SUN_CODEBASE 1" >>confdefs.h
 
@@ -9083,14 +8997,14 @@
 		as_fn_error $? "*** zlib is required ***" "$LINENO" 5
 	  elif test "x$withval" != "xyes"; then
 		if test -d "$withval/lib"; then
-			if test -n "${need_dash_r}"; then
-				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+			if test -n "${rpath_opt}"; then
+				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
 			else
 				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
 			fi
 		else
-			if test -n "${need_dash_r}"; then
-				LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+			if test -n "${rpath_opt}"; then
+				LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
 			else
 				LDFLAGS="-L${withval} ${LDFLAGS}"
 			fi
@@ -9161,8 +9075,8 @@
 		saved_CPPFLAGS="$CPPFLAGS"
 		saved_LDFLAGS="$LDFLAGS"
 		save_LIBS="$LIBS"
-				if test -n "${need_dash_r}"; then
-			LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+				if test -n "${rpath_opt}"; then
+			LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
 		else
 			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
 		fi
@@ -10607,8 +10521,8 @@
 			fi
 		else
 			CPPFLAGS="$CPPFLAGS -I${withval}/include"
-			if test -n "${need_dash_r}"; then
-				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+			if test -n "${rpath_opt}"; then
+				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
 			else
 				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
 			fi
@@ -11011,6 +10925,9 @@
 	Blowfish_expandstate \
 	Blowfish_expand0state \
 	Blowfish_stream2word \
+	SHA256Update \
+	SHA384Update \
+	SHA512Update \
 	asprintf \
 	b64_ntop \
 	__b64_ntop \
@@ -11030,7 +10947,9 @@
 	errx \
 	explicit_bzero \
 	fchmod \
+	fchmodat \
 	fchown \
+	fchownat \
 	flock \
 	freeaddrinfo \
 	freezero \
@@ -11061,6 +10980,7 @@
 	llabs \
 	login_getcapbool \
 	md5_crypt \
+	memmem \
 	memmove \
 	memset_s \
 	mkdtemp \
@@ -11123,6 +11043,7 @@
 	truncate \
 	unsetenv \
 	updwtmpx \
+	utimensat \
 	user_from_uid \
 	usleep \
 	vasprintf \
@@ -11811,61 +11732,6 @@
 done
 
 
-for ac_func in realpath
-do :
-  ac_fn_c_check_func "$LINENO" "realpath" "ac_cv_func_realpath"
-if test "x$ac_cv_func_realpath" = xyes; then :
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_REALPATH 1
-_ACEOF
-
-					{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if realpath works with non-existent files" >&5
-$as_echo_n "checking if realpath works with non-existent files... " >&6; }
-	if test "$cross_compiling" = yes; then :
-  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming working" >&5
-$as_echo "$as_me: WARNING: cross compiling: assuming working" >&2;}
-
-else
-  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-#include <limits.h>
-#include <stdlib.h>
-#include <errno.h>
-
-int
-main ()
-{
-
-		char buf[PATH_MAX];
-		if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
-			if (errno == ENOENT)
-				exit(1);
-		exit(0);
-
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_run "$LINENO"; then :
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-$as_echo "yes" >&6; }
-else
-
-$as_echo "#define BROKEN_REALPATH 1" >>confdefs.h
-
-		 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
-  conftest.$ac_objext conftest.beam conftest.$ac_ext
-fi
-
-
-fi
-done
-
-
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fflush(NULL)" >&5
 $as_echo_n "checking for working fflush(NULL)... " >&6; }
 if test "$cross_compiling" = yes; then :
@@ -12742,20 +12608,20 @@
 				./*|../*)	withval="`pwd`/$withval"
 			esac
 			if test -d "$withval/lib"; then
-				if test -n "${need_dash_r}"; then
-					LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+				if test -n "${rpath_opt}"; then
+					LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
 				else
 					LDFLAGS="-L${withval}/lib ${LDFLAGS}"
 				fi
 			elif test -d "$withval/lib64"; then
-				if test -n "${need_dash_r}"; then
-					LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
+				if test -n "${rpath_opt}"; then
+					LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}"
 				else
 					LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
 				fi
 			else
-				if test -n "${need_dash_r}"; then
-					LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+				if test -n "${rpath_opt}"; then
+					LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
 				else
 					LDFLAGS="-L${withval} ${LDFLAGS}"
 				fi
@@ -12821,17 +12687,12 @@
 _ACEOF
 if ac_fn_c_try_link "$LINENO"; then :
 
-$as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
-
 else
-
-						if test -n "${need_dash_r}"; then
-				LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
-			else
-				LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
-			fi
-			CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
-			ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default"
+  as_fn_error $? "*** working libcrypto not found, check config.log" "$LINENO" 5
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+	ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default"
 if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then :
 
 else
@@ -12839,41 +12700,7 @@
 fi
 
 
-			cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
 
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RAND_add ();
-int
-main ()
-{
-return RAND_add ();
-  ;
-  return 0;
-}
-_ACEOF
-if ac_fn_c_try_link "$LINENO"; then :
-  $as_echo "#define HAVE_OPENSSL 1" >>confdefs.h
-
-else
-
-					as_fn_error $? "*** Can't find recent OpenSSL libcrypto (see config.log for details) ***" "$LINENO" 5
-
-
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-
-
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext conftest.$ac_ext
-
 	# Determine OpenSSL header version
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL header version" >&5
 $as_echo_n "checking OpenSSL header version... " >&6; }
@@ -12933,6 +12760,20 @@
 fi
 
 
+	# Determining OpenSSL library version is version dependent.
+	for ac_func in OpenSSL_version OpenSSL_version_num
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
 	# Determine OpenSSL library version
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL library version" >&5
 $as_echo_n "checking OpenSSL library version... " >&6; }
@@ -12962,9 +12803,18 @@
 		fd = fopen(DATA,"w");
 		if(fd == NULL)
 			exit(1);
-
-		if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
-		    SSLeay_version(SSLEAY_VERSION))) < 0)
+#ifndef OPENSSL_VERSION
+# define OPENSSL_VERSION SSLEAY_VERSION
+#endif
+#ifndef HAVE_OPENSSL_VERSION
+# define OpenSSL_version	SSLeay_version
+#endif
+#ifndef HAVE_OPENSSL_VERSION_NUM
+# define OpenSSL_version_num	SSLeay
+#endif
+		if ((rc = fprintf(fd, "%08lx (%s)\n",
+		    (unsigned long)OpenSSL_version_num(),
+		    OpenSSL_version(OPENSSL_VERSION))) < 0)
 			exit(1);
 
 		exit(0);
@@ -12982,14 +12832,15 @@
 				as_fn_error $? "OpenSSL >= 1.0.1 required (have \"$ssl_library_ver\")" "$LINENO" 5
 		                ;;
 			100*)   ;; # 1.0.x
-			1010000123456*)
+			101000[0123456]*)
 				# https://github.com/openssl/openssl/pull/4613
 				as_fn_error $? "OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have \"$ssl_library_ver\")" "$LINENO" 5
 				;;
 			101*)   ;; # 1.1.x
 			200*)   ;; # LibreSSL
+			300*)   ;; # OpenSSL development branch.
 		        *)
-				as_fn_error $? "OpenSSL > 1.1.x is not yet supported (have \"$ssl_library_ver\")" "$LINENO" 5
+				as_fn_error $? "Unknown/unsupported OpenSSL version (\"$ssl_library_ver\")" "$LINENO" 5
 		                ;;
 			esac
 			{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
@@ -13028,7 +12879,10 @@
 main ()
 {
 
-		exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
+#ifndef HAVE_OPENSSL_VERSION_NUM
+# define OpenSSL_version_num	SSLeay
+#endif
+		exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
 
   ;
   return 0;
@@ -13069,11 +12923,11 @@
 $as_echo_n "checking if programs using OpenSSL functions will link... " >&6; }
 	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
- #include <openssl/evp.h>
+ #include <openssl/err.h>
 int
 main ()
 {
- SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
   ;
   return 0;
 }
@@ -13093,11 +12947,11 @@
 $as_echo_n "checking if programs using OpenSSL need -ldl... " >&6; }
 			cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 /* end confdefs.h.  */
- #include <openssl/evp.h>
+ #include <openssl/err.h>
 int
 main ()
 {
- SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
   ;
   return 0;
 }
@@ -13126,11 +12980,12 @@
 	for ac_func in  \
 		BN_is_prime_ex \
 		DSA_generate_parameters_ex \
-		EVP_DigestInit_ex \
+		EVP_CIPHER_CTX_ctrl \
 		EVP_DigestFinal_ex \
-		EVP_MD_CTX_init \
+		EVP_DigestInit_ex \
 		EVP_MD_CTX_cleanup \
 		EVP_MD_CTX_copy_ex \
+		EVP_MD_CTX_init \
 		HMAC_CTX_init \
 		RSA_generate_key_ex \
 		RSA_get_default_method \
@@ -13147,6 +13002,75 @@
 done
 
 
+	# OpenSSL_add_all_algorithms may be a macro.
+	ac_fn_c_check_func "$LINENO" "OpenSSL_add_all_algorithms" "ac_cv_func_OpenSSL_add_all_algorithms"
+if test "x$ac_cv_func_OpenSSL_add_all_algorithms" = xyes; then :
+
+$as_echo "#define HAVE_OPENSSL_ADD_ALL_ALGORITHMS 1" >>confdefs.h
+
+else
+  ac_fn_c_check_decl "$LINENO" "OpenSSL_add_all_algorithms" "ac_cv_have_decl_OpenSSL_add_all_algorithms" "#include <openssl/evp.h>
+
+"
+if test "x$ac_cv_have_decl_OpenSSL_add_all_algorithms" = xyes; then :
+
+$as_echo "#define HAVE_OPENSSL_ADD_ALL_ALGORITHMS 1" >>confdefs.h
+
+fi
+
+
+fi
+
+
+	# LibreSSL/OpenSSL 1.1x API
+	for ac_func in  \
+		OPENSSL_init_crypto \
+		DH_get0_key \
+		DH_get0_pqg \
+		DH_set0_key \
+		DH_set_length \
+		DH_set0_pqg \
+		DSA_get0_key \
+		DSA_get0_pqg \
+		DSA_set0_key \
+		DSA_set0_pqg \
+		DSA_SIG_get0 \
+		DSA_SIG_set0 \
+		ECDSA_SIG_get0 \
+		ECDSA_SIG_set0 \
+		EVP_CIPHER_CTX_iv \
+		EVP_CIPHER_CTX_iv_noconst \
+		EVP_CIPHER_CTX_get_iv \
+		EVP_CIPHER_CTX_set_iv \
+		RSA_get0_crt_params \
+		RSA_get0_factors \
+		RSA_get0_key \
+		RSA_set0_crt_params \
+		RSA_set0_factors \
+		RSA_set0_key \
+		RSA_meth_free \
+		RSA_meth_dup \
+		RSA_meth_set1_name \
+		RSA_meth_get_finish \
+		RSA_meth_set_priv_enc \
+		RSA_meth_set_priv_dec \
+		RSA_meth_set_finish \
+		EVP_PKEY_get0_RSA \
+		EVP_MD_CTX_new \
+		EVP_MD_CTX_free \
+
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
 	if test "x$openssl_engine" = "xyes" ; then
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ENGINE support" >&5
 $as_echo_n "checking for OpenSSL ENGINE support... " >&6; }
@@ -13302,1989 +13226,6 @@
 rm -f core conftest.err conftest.$ac_objext \
     conftest$ac_exeext conftest.$ac_ext
 
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_ctrl" >&5
-$as_echo_n "checking for library containing EVP_CIPHER_CTX_ctrl... " >&6; }
-if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EVP_CIPHER_CTX_ctrl ();
-int
-main ()
-{
-return EVP_CIPHER_CTX_ctrl ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_CIPHER_CTX_ctrl=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_EVP_CIPHER_CTX_ctrl+:} false; then :
-
-else
-  ac_cv_search_EVP_CIPHER_CTX_ctrl=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_ctrl" >&5
-$as_echo "$ac_cv_search_EVP_CIPHER_CTX_ctrl" >&6; }
-ac_res=$ac_cv_search_EVP_CIPHER_CTX_ctrl
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_EVP_CIPHER_CTX_CTRL 1" >>confdefs.h
-
-fi
-
-
-	# LibreSSL/OpenSSL 1.1x API
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DH_get0_key" >&5
-$as_echo_n "checking for library containing DH_get0_key... " >&6; }
-if ${ac_cv_search_DH_get0_key+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DH_get0_key ();
-int
-main ()
-{
-return DH_get0_key ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DH_get0_key=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DH_get0_key+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DH_get0_key+:} false; then :
-
-else
-  ac_cv_search_DH_get0_key=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DH_get0_key" >&5
-$as_echo "$ac_cv_search_DH_get0_key" >&6; }
-ac_res=$ac_cv_search_DH_get0_key
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DH_GET0_KEY 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DH_get0_pqg" >&5
-$as_echo_n "checking for library containing DH_get0_pqg... " >&6; }
-if ${ac_cv_search_DH_get0_pqg+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DH_get0_pqg ();
-int
-main ()
-{
-return DH_get0_pqg ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DH_get0_pqg=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DH_get0_pqg+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DH_get0_pqg+:} false; then :
-
-else
-  ac_cv_search_DH_get0_pqg=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DH_get0_pqg" >&5
-$as_echo "$ac_cv_search_DH_get0_pqg" >&6; }
-ac_res=$ac_cv_search_DH_get0_pqg
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DH_GET0_PQG 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DH_set0_key" >&5
-$as_echo_n "checking for library containing DH_set0_key... " >&6; }
-if ${ac_cv_search_DH_set0_key+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DH_set0_key ();
-int
-main ()
-{
-return DH_set0_key ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DH_set0_key=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DH_set0_key+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DH_set0_key+:} false; then :
-
-else
-  ac_cv_search_DH_set0_key=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DH_set0_key" >&5
-$as_echo "$ac_cv_search_DH_set0_key" >&6; }
-ac_res=$ac_cv_search_DH_set0_key
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DH_SET0_KEY 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DH_set_length" >&5
-$as_echo_n "checking for library containing DH_set_length... " >&6; }
-if ${ac_cv_search_DH_set_length+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DH_set_length ();
-int
-main ()
-{
-return DH_set_length ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DH_set_length=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DH_set_length+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DH_set_length+:} false; then :
-
-else
-  ac_cv_search_DH_set_length=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DH_set_length" >&5
-$as_echo "$ac_cv_search_DH_set_length" >&6; }
-ac_res=$ac_cv_search_DH_set_length
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DH_SET_LENGTH 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DH_set0_pqg" >&5
-$as_echo_n "checking for library containing DH_set0_pqg... " >&6; }
-if ${ac_cv_search_DH_set0_pqg+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DH_set0_pqg ();
-int
-main ()
-{
-return DH_set0_pqg ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DH_set0_pqg=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DH_set0_pqg+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DH_set0_pqg+:} false; then :
-
-else
-  ac_cv_search_DH_set0_pqg=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DH_set0_pqg" >&5
-$as_echo "$ac_cv_search_DH_set0_pqg" >&6; }
-ac_res=$ac_cv_search_DH_set0_pqg
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DH_SET0_PQG 1" >>confdefs.h
-
-fi
-
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DSA_get0_key" >&5
-$as_echo_n "checking for library containing DSA_get0_key... " >&6; }
-if ${ac_cv_search_DSA_get0_key+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DSA_get0_key ();
-int
-main ()
-{
-return DSA_get0_key ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DSA_get0_key=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DSA_get0_key+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DSA_get0_key+:} false; then :
-
-else
-  ac_cv_search_DSA_get0_key=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DSA_get0_key" >&5
-$as_echo "$ac_cv_search_DSA_get0_key" >&6; }
-ac_res=$ac_cv_search_DSA_get0_key
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DSA_GET0_KEY 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DSA_get0_pqg" >&5
-$as_echo_n "checking for library containing DSA_get0_pqg... " >&6; }
-if ${ac_cv_search_DSA_get0_pqg+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DSA_get0_pqg ();
-int
-main ()
-{
-return DSA_get0_pqg ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DSA_get0_pqg=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DSA_get0_pqg+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DSA_get0_pqg+:} false; then :
-
-else
-  ac_cv_search_DSA_get0_pqg=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DSA_get0_pqg" >&5
-$as_echo "$ac_cv_search_DSA_get0_pqg" >&6; }
-ac_res=$ac_cv_search_DSA_get0_pqg
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DSA_GET0_PQG 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DSA_set0_key" >&5
-$as_echo_n "checking for library containing DSA_set0_key... " >&6; }
-if ${ac_cv_search_DSA_set0_key+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DSA_set0_key ();
-int
-main ()
-{
-return DSA_set0_key ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DSA_set0_key=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DSA_set0_key+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DSA_set0_key+:} false; then :
-
-else
-  ac_cv_search_DSA_set0_key=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DSA_set0_key" >&5
-$as_echo "$ac_cv_search_DSA_set0_key" >&6; }
-ac_res=$ac_cv_search_DSA_set0_key
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DSA_SET0_KEY 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DSA_set0_pqg" >&5
-$as_echo_n "checking for library containing DSA_set0_pqg... " >&6; }
-if ${ac_cv_search_DSA_set0_pqg+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DSA_set0_pqg ();
-int
-main ()
-{
-return DSA_set0_pqg ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DSA_set0_pqg=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DSA_set0_pqg+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DSA_set0_pqg+:} false; then :
-
-else
-  ac_cv_search_DSA_set0_pqg=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DSA_set0_pqg" >&5
-$as_echo "$ac_cv_search_DSA_set0_pqg" >&6; }
-ac_res=$ac_cv_search_DSA_set0_pqg
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DSA_SET0_PQG 1" >>confdefs.h
-
-fi
-
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DSA_SIG_get0" >&5
-$as_echo_n "checking for library containing DSA_SIG_get0... " >&6; }
-if ${ac_cv_search_DSA_SIG_get0+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DSA_SIG_get0 ();
-int
-main ()
-{
-return DSA_SIG_get0 ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DSA_SIG_get0=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DSA_SIG_get0+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DSA_SIG_get0+:} false; then :
-
-else
-  ac_cv_search_DSA_SIG_get0=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DSA_SIG_get0" >&5
-$as_echo "$ac_cv_search_DSA_SIG_get0" >&6; }
-ac_res=$ac_cv_search_DSA_SIG_get0
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DSA_SIG_GET0 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing DSA_SIG_set0" >&5
-$as_echo_n "checking for library containing DSA_SIG_set0... " >&6; }
-if ${ac_cv_search_DSA_SIG_set0+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char DSA_SIG_set0 ();
-int
-main ()
-{
-return DSA_SIG_set0 ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_DSA_SIG_set0=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_DSA_SIG_set0+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_DSA_SIG_set0+:} false; then :
-
-else
-  ac_cv_search_DSA_SIG_set0=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_DSA_SIG_set0" >&5
-$as_echo "$ac_cv_search_DSA_SIG_set0" >&6; }
-ac_res=$ac_cv_search_DSA_SIG_set0
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_DSA_SIG_SET0 1" >>confdefs.h
-
-fi
-
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ECDSA_SIG_get0" >&5
-$as_echo_n "checking for library containing ECDSA_SIG_get0... " >&6; }
-if ${ac_cv_search_ECDSA_SIG_get0+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char ECDSA_SIG_get0 ();
-int
-main ()
-{
-return ECDSA_SIG_get0 ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_ECDSA_SIG_get0=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_ECDSA_SIG_get0+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_ECDSA_SIG_get0+:} false; then :
-
-else
-  ac_cv_search_ECDSA_SIG_get0=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ECDSA_SIG_get0" >&5
-$as_echo "$ac_cv_search_ECDSA_SIG_get0" >&6; }
-ac_res=$ac_cv_search_ECDSA_SIG_get0
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_ECDSA_SIG_GET0 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing ECDSA_SIG_set0" >&5
-$as_echo_n "checking for library containing ECDSA_SIG_set0... " >&6; }
-if ${ac_cv_search_ECDSA_SIG_set0+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char ECDSA_SIG_set0 ();
-int
-main ()
-{
-return ECDSA_SIG_set0 ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_ECDSA_SIG_set0=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_ECDSA_SIG_set0+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_ECDSA_SIG_set0+:} false; then :
-
-else
-  ac_cv_search_ECDSA_SIG_set0=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_ECDSA_SIG_set0" >&5
-$as_echo "$ac_cv_search_ECDSA_SIG_set0" >&6; }
-ac_res=$ac_cv_search_ECDSA_SIG_set0
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_ECDSA_SIG_SET0 1" >>confdefs.h
-
-fi
-
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_iv" >&5
-$as_echo_n "checking for library containing EVP_CIPHER_CTX_iv... " >&6; }
-if ${ac_cv_search_EVP_CIPHER_CTX_iv+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EVP_CIPHER_CTX_iv ();
-int
-main ()
-{
-return EVP_CIPHER_CTX_iv ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_CIPHER_CTX_iv=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_EVP_CIPHER_CTX_iv+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_EVP_CIPHER_CTX_iv+:} false; then :
-
-else
-  ac_cv_search_EVP_CIPHER_CTX_iv=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_iv" >&5
-$as_echo "$ac_cv_search_EVP_CIPHER_CTX_iv" >&6; }
-ac_res=$ac_cv_search_EVP_CIPHER_CTX_iv
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_EVP_CIPHER_CTX_IV 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_iv_noconst" >&5
-$as_echo_n "checking for library containing EVP_CIPHER_CTX_iv_noconst... " >&6; }
-if ${ac_cv_search_EVP_CIPHER_CTX_iv_noconst+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EVP_CIPHER_CTX_iv_noconst ();
-int
-main ()
-{
-return EVP_CIPHER_CTX_iv_noconst ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_CIPHER_CTX_iv_noconst=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_EVP_CIPHER_CTX_iv_noconst+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_EVP_CIPHER_CTX_iv_noconst+:} false; then :
-
-else
-  ac_cv_search_EVP_CIPHER_CTX_iv_noconst=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_iv_noconst" >&5
-$as_echo "$ac_cv_search_EVP_CIPHER_CTX_iv_noconst" >&6; }
-ac_res=$ac_cv_search_EVP_CIPHER_CTX_iv_noconst
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_EVP_CIPHER_CTX_IV_NOCONST 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_get_iv" >&5
-$as_echo_n "checking for library containing EVP_CIPHER_CTX_get_iv... " >&6; }
-if ${ac_cv_search_EVP_CIPHER_CTX_get_iv+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EVP_CIPHER_CTX_get_iv ();
-int
-main ()
-{
-return EVP_CIPHER_CTX_get_iv ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_CIPHER_CTX_get_iv=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_EVP_CIPHER_CTX_get_iv+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_EVP_CIPHER_CTX_get_iv+:} false; then :
-
-else
-  ac_cv_search_EVP_CIPHER_CTX_get_iv=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_get_iv" >&5
-$as_echo "$ac_cv_search_EVP_CIPHER_CTX_get_iv" >&6; }
-ac_res=$ac_cv_search_EVP_CIPHER_CTX_get_iv
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_EVP_CIPHER_CTX_GET_IV 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_CIPHER_CTX_set_iv" >&5
-$as_echo_n "checking for library containing EVP_CIPHER_CTX_set_iv... " >&6; }
-if ${ac_cv_search_EVP_CIPHER_CTX_set_iv+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EVP_CIPHER_CTX_set_iv ();
-int
-main ()
-{
-return EVP_CIPHER_CTX_set_iv ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_CIPHER_CTX_set_iv=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_EVP_CIPHER_CTX_set_iv+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_EVP_CIPHER_CTX_set_iv+:} false; then :
-
-else
-  ac_cv_search_EVP_CIPHER_CTX_set_iv=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_CIPHER_CTX_set_iv" >&5
-$as_echo "$ac_cv_search_EVP_CIPHER_CTX_set_iv" >&6; }
-ac_res=$ac_cv_search_EVP_CIPHER_CTX_set_iv
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_EVP_CIPHER_CTX_GET_IV 1" >>confdefs.h
-
-fi
-
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_get0_crt_params" >&5
-$as_echo_n "checking for library containing RSA_get0_crt_params... " >&6; }
-if ${ac_cv_search_RSA_get0_crt_params+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_get0_crt_params ();
-int
-main ()
-{
-return RSA_get0_crt_params ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_get0_crt_params=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_get0_crt_params+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_get0_crt_params+:} false; then :
-
-else
-  ac_cv_search_RSA_get0_crt_params=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_get0_crt_params" >&5
-$as_echo "$ac_cv_search_RSA_get0_crt_params" >&6; }
-ac_res=$ac_cv_search_RSA_get0_crt_params
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_GET0_CRT_PARAMS 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_get0_factors" >&5
-$as_echo_n "checking for library containing RSA_get0_factors... " >&6; }
-if ${ac_cv_search_RSA_get0_factors+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_get0_factors ();
-int
-main ()
-{
-return RSA_get0_factors ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_get0_factors=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_get0_factors+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_get0_factors+:} false; then :
-
-else
-  ac_cv_search_RSA_get0_factors=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_get0_factors" >&5
-$as_echo "$ac_cv_search_RSA_get0_factors" >&6; }
-ac_res=$ac_cv_search_RSA_get0_factors
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_GET0_FACTORS 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_get0_key" >&5
-$as_echo_n "checking for library containing RSA_get0_key... " >&6; }
-if ${ac_cv_search_RSA_get0_key+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_get0_key ();
-int
-main ()
-{
-return RSA_get0_key ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_get0_key=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_get0_key+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_get0_key+:} false; then :
-
-else
-  ac_cv_search_RSA_get0_key=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_get0_key" >&5
-$as_echo "$ac_cv_search_RSA_get0_key" >&6; }
-ac_res=$ac_cv_search_RSA_get0_key
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_GET0_KEY 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_set0_crt_params" >&5
-$as_echo_n "checking for library containing RSA_set0_crt_params... " >&6; }
-if ${ac_cv_search_RSA_set0_crt_params+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_set0_crt_params ();
-int
-main ()
-{
-return RSA_set0_crt_params ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_set0_crt_params=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_set0_crt_params+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_set0_crt_params+:} false; then :
-
-else
-  ac_cv_search_RSA_set0_crt_params=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_set0_crt_params" >&5
-$as_echo "$ac_cv_search_RSA_set0_crt_params" >&6; }
-ac_res=$ac_cv_search_RSA_set0_crt_params
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_SET0_CRT_PARAMS 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_set0_factors" >&5
-$as_echo_n "checking for library containing RSA_set0_factors... " >&6; }
-if ${ac_cv_search_RSA_set0_factors+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_set0_factors ();
-int
-main ()
-{
-return RSA_set0_factors ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_set0_factors=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_set0_factors+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_set0_factors+:} false; then :
-
-else
-  ac_cv_search_RSA_set0_factors=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_set0_factors" >&5
-$as_echo "$ac_cv_search_RSA_set0_factors" >&6; }
-ac_res=$ac_cv_search_RSA_set0_factors
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_SET0_FACTORS 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_set0_key" >&5
-$as_echo_n "checking for library containing RSA_set0_key... " >&6; }
-if ${ac_cv_search_RSA_set0_key+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_set0_key ();
-int
-main ()
-{
-return RSA_set0_key ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_set0_key=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_set0_key+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_set0_key+:} false; then :
-
-else
-  ac_cv_search_RSA_set0_key=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_set0_key" >&5
-$as_echo "$ac_cv_search_RSA_set0_key" >&6; }
-ac_res=$ac_cv_search_RSA_set0_key
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_SET0_KEY 1" >>confdefs.h
-
-fi
-
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_meth_free" >&5
-$as_echo_n "checking for library containing RSA_meth_free... " >&6; }
-if ${ac_cv_search_RSA_meth_free+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_meth_free ();
-int
-main ()
-{
-return RSA_meth_free ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_meth_free=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_meth_free+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_meth_free+:} false; then :
-
-else
-  ac_cv_search_RSA_meth_free=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_meth_free" >&5
-$as_echo "$ac_cv_search_RSA_meth_free" >&6; }
-ac_res=$ac_cv_search_RSA_meth_free
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_METH_FREE 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_meth_dup" >&5
-$as_echo_n "checking for library containing RSA_meth_dup... " >&6; }
-if ${ac_cv_search_RSA_meth_dup+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_meth_dup ();
-int
-main ()
-{
-return RSA_meth_dup ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_meth_dup=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_meth_dup+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_meth_dup+:} false; then :
-
-else
-  ac_cv_search_RSA_meth_dup=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_meth_dup" >&5
-$as_echo "$ac_cv_search_RSA_meth_dup" >&6; }
-ac_res=$ac_cv_search_RSA_meth_dup
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_METH_DUP 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_meth_set1_name" >&5
-$as_echo_n "checking for library containing RSA_meth_set1_name... " >&6; }
-if ${ac_cv_search_RSA_meth_set1_name+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_meth_set1_name ();
-int
-main ()
-{
-return RSA_meth_set1_name ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_meth_set1_name=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_meth_set1_name+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_meth_set1_name+:} false; then :
-
-else
-  ac_cv_search_RSA_meth_set1_name=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_meth_set1_name" >&5
-$as_echo "$ac_cv_search_RSA_meth_set1_name" >&6; }
-ac_res=$ac_cv_search_RSA_meth_set1_name
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_METH_SET1_NAME 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_meth_get_finish" >&5
-$as_echo_n "checking for library containing RSA_meth_get_finish... " >&6; }
-if ${ac_cv_search_RSA_meth_get_finish+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_meth_get_finish ();
-int
-main ()
-{
-return RSA_meth_get_finish ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_meth_get_finish=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_meth_get_finish+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_meth_get_finish+:} false; then :
-
-else
-  ac_cv_search_RSA_meth_get_finish=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_meth_get_finish" >&5
-$as_echo "$ac_cv_search_RSA_meth_get_finish" >&6; }
-ac_res=$ac_cv_search_RSA_meth_get_finish
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_METH_GET_FINISH 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_meth_set_priv_enc" >&5
-$as_echo_n "checking for library containing RSA_meth_set_priv_enc... " >&6; }
-if ${ac_cv_search_RSA_meth_set_priv_enc+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_meth_set_priv_enc ();
-int
-main ()
-{
-return RSA_meth_set_priv_enc ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_meth_set_priv_enc=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_meth_set_priv_enc+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_meth_set_priv_enc+:} false; then :
-
-else
-  ac_cv_search_RSA_meth_set_priv_enc=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_meth_set_priv_enc" >&5
-$as_echo "$ac_cv_search_RSA_meth_set_priv_enc" >&6; }
-ac_res=$ac_cv_search_RSA_meth_set_priv_enc
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_METH_SET_PRIV_ENC 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_meth_set_priv_dec" >&5
-$as_echo_n "checking for library containing RSA_meth_set_priv_dec... " >&6; }
-if ${ac_cv_search_RSA_meth_set_priv_dec+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_meth_set_priv_dec ();
-int
-main ()
-{
-return RSA_meth_set_priv_dec ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_meth_set_priv_dec=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_meth_set_priv_dec+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_meth_set_priv_dec+:} false; then :
-
-else
-  ac_cv_search_RSA_meth_set_priv_dec=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_meth_set_priv_dec" >&5
-$as_echo "$ac_cv_search_RSA_meth_set_priv_dec" >&6; }
-ac_res=$ac_cv_search_RSA_meth_set_priv_dec
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_METH_SET_PRIV_DEC 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing RSA_meth_set_finish" >&5
-$as_echo_n "checking for library containing RSA_meth_set_finish... " >&6; }
-if ${ac_cv_search_RSA_meth_set_finish+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char RSA_meth_set_finish ();
-int
-main ()
-{
-return RSA_meth_set_finish ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_RSA_meth_set_finish=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_RSA_meth_set_finish+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_RSA_meth_set_finish+:} false; then :
-
-else
-  ac_cv_search_RSA_meth_set_finish=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_RSA_meth_set_finish" >&5
-$as_echo "$ac_cv_search_RSA_meth_set_finish" >&6; }
-ac_res=$ac_cv_search_RSA_meth_set_finish
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_RSA_METH_SET_FINISH 1" >>confdefs.h
-
-fi
-
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_PKEY_get0_RSA" >&5
-$as_echo_n "checking for library containing EVP_PKEY_get0_RSA... " >&6; }
-if ${ac_cv_search_EVP_PKEY_get0_RSA+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EVP_PKEY_get0_RSA ();
-int
-main ()
-{
-return EVP_PKEY_get0_RSA ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_PKEY_get0_RSA=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_EVP_PKEY_get0_RSA+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_EVP_PKEY_get0_RSA+:} false; then :
-
-else
-  ac_cv_search_EVP_PKEY_get0_RSA=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_PKEY_get0_RSA" >&5
-$as_echo "$ac_cv_search_EVP_PKEY_get0_RSA" >&6; }
-ac_res=$ac_cv_search_EVP_PKEY_get0_RSA
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_EVP_PKEY_GET0_RSA 1" >>confdefs.h
-
-fi
-
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_MD_CTX_new" >&5
-$as_echo_n "checking for library containing EVP_MD_CTX_new... " >&6; }
-if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EVP_MD_CTX_new ();
-int
-main ()
-{
-return EVP_MD_CTX_new ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_MD_CTX_new=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_EVP_MD_CTX_new+:} false; then :
-
-else
-  ac_cv_search_EVP_MD_CTX_new=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_MD_CTX_new" >&5
-$as_echo "$ac_cv_search_EVP_MD_CTX_new" >&6; }
-ac_res=$ac_cv_search_EVP_MD_CTX_new
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_EVP_MD_CTX_NEW 1" >>confdefs.h
-
-fi
-
-	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing EVP_MD_CTX_free" >&5
-$as_echo_n "checking for library containing EVP_MD_CTX_free... " >&6; }
-if ${ac_cv_search_EVP_MD_CTX_free+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  ac_func_search_save_LIBS=$LIBS
-cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-/* end confdefs.h.  */
-
-/* Override any GCC internal prototype to avoid an error.
-   Use char because int might match the return type of a GCC
-   builtin and then its argument prototype would still apply.  */
-#ifdef __cplusplus
-extern "C"
-#endif
-char EVP_MD_CTX_free ();
-int
-main ()
-{
-return EVP_MD_CTX_free ();
-  ;
-  return 0;
-}
-_ACEOF
-for ac_lib in '' crypto; do
-  if test -z "$ac_lib"; then
-    ac_res="none required"
-  else
-    ac_res=-l$ac_lib
-    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
-  fi
-  if ac_fn_c_try_link "$LINENO"; then :
-  ac_cv_search_EVP_MD_CTX_free=$ac_res
-fi
-rm -f core conftest.err conftest.$ac_objext \
-    conftest$ac_exeext
-  if ${ac_cv_search_EVP_MD_CTX_free+:} false; then :
-  break
-fi
-done
-if ${ac_cv_search_EVP_MD_CTX_free+:} false; then :
-
-else
-  ac_cv_search_EVP_MD_CTX_free=no
-fi
-rm conftest.$ac_ext
-LIBS=$ac_func_search_save_LIBS
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_EVP_MD_CTX_free" >&5
-$as_echo "$ac_cv_search_EVP_MD_CTX_free" >&6; }
-ac_res=$ac_cv_search_EVP_MD_CTX_free
-if test "$ac_res" != no; then :
-  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
-
-$as_echo "#define HAVE_EVP_MD_CTX_FREE 1" >>confdefs.h
-
-fi
-
-
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if EVP_DigestUpdate returns an int" >&5
 $as_echo_n "checking if EVP_DigestUpdate returns an int... " >&6; }
 	cat confdefs.h - <<_ACEOF >conftest.$ac_ext
@@ -15429,8 +13370,8 @@
 done
 
 
-	# Search for SHA256 support in libc and/or OpenSSL
-	for ac_func in SHA256_Update EVP_sha256
+	# Check for SHA256, SHA384 and SHA512 support in OpenSSL
+	for ac_func in EVP_sha256 EVP_sha384 EVP_sha512
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -15439,18 +13380,10 @@
 #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
 _ACEOF
 
-else
-  unsupported_algorithms="$unsupported_algorithms \
-		hmac-sha2-256 \
-		hmac-sha2-512 \
-		diffie-hellman-group-exchange-sha256 \
-		hmac-sha2-256-etm@openssh.com \
-		hmac-sha2-512-etm@openssh.com"
-
-
 fi
 done
 
+
 	# Search for RIPE-MD support in OpenSSL
 	for ac_func in EVP_ripemd160
 do :
@@ -15626,6 +13559,17 @@
 
 $as_echo "#define OPENSSL_HAS_ECC 1" >>confdefs.h
 
+		for ac_func in EC_KEY_METHOD_new
+do :
+  ac_fn_c_check_func "$LINENO" "EC_KEY_METHOD_new" "ac_cv_func_EC_KEY_METHOD_new"
+if test "x$ac_cv_func_EC_KEY_METHOD_new" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_EC_KEY_METHOD_NEW 1
+_ACEOF
+
+fi
+done
+
 	fi
 	if test x$enable_nistp256 = x1; then
 
@@ -16359,8 +14303,7 @@
 {
 
 	struct rlimit rl_zero;
-	int fd, r;
-	fd_set fds;
+	int r;
 
 	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
 	r = setrlimit(RLIMIT_NOFILE, &rl_zero);
@@ -20190,8 +18133,8 @@
 
 
 		fi
-		if test ! -z "$need_dash_r" ; then
-			LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+		if test -n "${rpath_opt}" ; then
+			LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
 		fi
 		if test ! -z "$blibpath" ; then
 			blibpath="$blibpath:${KRB5ROOT}/lib"
@@ -20657,54 +18600,9 @@
 fi
 
 if test -z "$MANTYPE"; then
-	TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
-	for ac_prog in nroff awf
-do
-  # Extract the first word of "$ac_prog", so it can be a program name with args.
-set dummy $ac_prog; ac_word=$2
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
-$as_echo_n "checking for $ac_word... " >&6; }
-if ${ac_cv_path_NROFF+:} false; then :
-  $as_echo_n "(cached) " >&6
-else
-  case $NROFF in
-  [\\/]* | ?:[\\/]*)
-  ac_cv_path_NROFF="$NROFF" # Let the user override the test with a path.
-  ;;
-  *)
-  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
-for as_dir in $TestPath
-do
-  IFS=$as_save_IFS
-  test -z "$as_dir" && as_dir=.
-    for ac_exec_ext in '' $ac_executable_extensions; do
-  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
-    ac_cv_path_NROFF="$as_dir/$ac_word$ac_exec_ext"
-    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
-    break 2
-  fi
-done
-  done
-IFS=$as_save_IFS
-
-  ;;
-esac
-fi
-NROFF=$ac_cv_path_NROFF
-if test -n "$NROFF"; then
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NROFF" >&5
-$as_echo "$NROFF" >&6; }
-else
-  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
-$as_echo "no" >&6; }
-fi
-
-
-  test -n "$NROFF" && break
-done
-test -n "$NROFF" || NROFF="/bin/false"
-
-	if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
+	if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
+		MANTYPE=doc
+	elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
 		MANTYPE=doc
 	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
 		MANTYPE=man
Index: configure.ac
===================================================================
--- configure.ac
+++ configure.ac
@@ -19,7 +19,7 @@
 AC_LANG([C])
 
 AC_CONFIG_HEADER([config.h])
-AC_PROG_CC
+AC_PROG_CC([cc gcc])
 AC_CANONICAL_HOST
 AC_C_BIGENDIAN
 
@@ -41,11 +41,11 @@
 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
 AC_PATH_PROG([SH], [sh])
 AC_PATH_PROG([GROFF], [groff])
-AC_PATH_PROG([NROFF], [nroff])
+AC_PATH_PROG([NROFF], [nroff awf])
 AC_PATH_PROG([MANDOC], [mandoc])
 AC_SUBST([TEST_SHELL], [sh])
 
-dnl select manpage formatter
+dnl select manpage formatter to be used to build "cat" format pages.
 if test "x$MANDOC" != "x" ; then
 	MANFMT="$MANDOC"
 elif test "x$NROFF" != "x" ; then
@@ -53,7 +53,7 @@
 elif test "x$GROFF" != "x" ; then
 	MANFMT="$GROFF -mandoc -Tascii"
 else
-	AC_MSG_WARN([no manpage formatted found])
+	AC_MSG_WARN([no manpage formatter found])
 	MANFMT="false"
 fi
 AC_SUBST([MANFMT])
@@ -152,9 +152,11 @@
 
 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
 	OSSH_CHECK_CFLAG_COMPILE([-pipe])
-	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
 	OSSH_CHECK_CFLAG_COMPILE([-Wunknown-warning-option])
+	OSSH_CHECK_CFLAG_COMPILE([-Wno-error=format-truncation])
+	OSSH_CHECK_CFLAG_COMPILE([-Qunused-arguments])
 	OSSH_CHECK_CFLAG_COMPILE([-Wall])
+	OSSH_CHECK_CFLAG_COMPILE([-Wextra])
 	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-arith])
 	OSSH_CHECK_CFLAG_COMPILE([-Wuninitialized])
 	OSSH_CHECK_CFLAG_COMPILE([-Wsign-compare])
@@ -285,11 +287,12 @@
 	[  --without-rpath         Disable auto-added -R linker paths],
 	[
 		if test "x$withval" = "xno" ; then
-			need_dash_r=""
+			rpath_opt=""
+		elif test "x$withval" = "xyes" ; then
+			rpath_opt="-R"
+		else
+			rpath_opt="$withval"
 		fi
-		if test "x$withval" = "xyes" ; then
-			need_dash_r=1
-		fi
 	]
 )
 
@@ -587,7 +590,6 @@
 	      #include <fcntl.h> ]
 	)
 	check_for_aix_broken_getaddrinfo=1
-	AC_DEFINE([BROKEN_REALPATH], [1], [Define if you have a broken realpath.])
 	AC_DEFINE([SETEUID_BREAKS_SETUID], [1],
 	    [Define if your platform breaks doing a seteuid before a setuid])
 	AC_DEFINE([BROKEN_SETREUID], [1], [Define if your setreuid() is broken])
@@ -679,6 +681,9 @@
 	AC_CHECK_LIB([sandbox], [sandbox_apply], [
 	    SSHDLIBS="$SSHDLIBS -lsandbox"
 	])
+	# proc_pidinfo()-based closefrom() replacement.
+	AC_CHECK_HEADERS([libproc.h])
+	AC_CHECK_FUNCS([proc_pidinfo])
 	;;
 *-*-dragonfly*)
 	SSHDLIBS="$SSHDLIBS -lcrypt"
@@ -816,7 +821,7 @@
 	    AC_DEFINE([SYS_RDOMAIN_LINUX], [1],
 		[Support routing domains using Linux VRF]), [], [
 #ifdef HAVE_SYS_TYPES_H
-# include <sys/types.H>
+# include <sys/types.h>
 #endif
 	    ])
 	AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [],
@@ -911,7 +916,7 @@
 *-*-netbsd*)
 	check_for_libcrypt_before=1
 	if test "x$withval" != "xno" ; then
-		need_dash_r=1
+		rpath_opt="-R"
 	fi
 	CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
 	AC_DEFINE([SSH_TUN_FREEBSD], [1], [Open tunnel devices the FreeBSD way])
@@ -947,7 +952,6 @@
 	conf_wtmp_location=/usr/adm/wtmp
 	maildir=/usr/spool/mail
 	AC_DEFINE([HAVE_NEXT], [1], [Define if you are on NeXT])
-	AC_DEFINE([BROKEN_REALPATH])
 	AC_DEFINE([USE_PIPES])
 	AC_DEFINE([BROKEN_SAVED_UIDS], [1], [Needed for NeXT])
 	;;
@@ -962,7 +966,7 @@
 	;;
 *-*-solaris*)
 	if test "x$withval" != "xno" ; then
-		need_dash_r=1
+		rpath_opt="-R"
 	fi
 	AC_DEFINE([PAM_SUN_CODEBASE])
 	AC_DEFINE([LOGIN_NEEDS_UTMPX])
@@ -1263,14 +1267,14 @@
 		AC_MSG_ERROR([*** zlib is required ***])
 	  elif test "x$withval" != "xyes"; then
 		if test -d "$withval/lib"; then
-			if test -n "${need_dash_r}"; then
-				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+			if test -n "${rpath_opt}"; then
+				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
 			else
 				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
 			fi
 		else
-			if test -n "${need_dash_r}"; then
-				LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+			if test -n "${rpath_opt}"; then
+				LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
 			else
 				LDFLAGS="-L${withval} ${LDFLAGS}"
 			fi
@@ -1290,8 +1294,8 @@
 		saved_LDFLAGS="$LDFLAGS"
 		save_LIBS="$LIBS"
 		dnl Check default zlib install dir
-		if test -n "${need_dash_r}"; then
-			LDFLAGS="-L/usr/local/lib -R/usr/local/lib ${saved_LDFLAGS}"
+		if test -n "${rpath_opt}"; then
+			LDFLAGS="-L/usr/local/lib ${rpath_opt}/usr/local/lib ${saved_LDFLAGS}"
 		else
 			LDFLAGS="-L/usr/local/lib ${saved_LDFLAGS}"
 		fi
@@ -1558,8 +1562,8 @@
 			fi
 		else
 			CPPFLAGS="$CPPFLAGS -I${withval}/include"
-			if test -n "${need_dash_r}"; then
-				LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+			if test -n "${rpath_opt}"; then
+				LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
 			else
 				LDFLAGS="-L${withval}/lib ${LDFLAGS}"
 			fi
@@ -1700,6 +1704,9 @@
 	Blowfish_expandstate \
 	Blowfish_expand0state \
 	Blowfish_stream2word \
+	SHA256Update \
+	SHA384Update \
+	SHA512Update \
 	asprintf \
 	b64_ntop \
 	__b64_ntop \
@@ -1719,7 +1726,9 @@
 	errx \
 	explicit_bzero \
 	fchmod \
+	fchmodat \
 	fchown \
+	fchownat \
 	flock \
 	freeaddrinfo \
 	freezero \
@@ -1750,6 +1759,7 @@
 	llabs \
 	login_getcapbool \
 	md5_crypt \
+	memmem \
 	memmove \
 	memset_s \
 	mkdtemp \
@@ -1812,6 +1822,7 @@
 	truncate \
 	unsetenv \
 	updwtmpx \
+	utimensat \
 	user_from_uid \
 	usleep \
 	vasprintf \
@@ -2020,32 +2031,6 @@
 	)
 ])
 
-AC_CHECK_FUNCS([realpath], [
-	dnl the sftp v3 spec says SSH_FXP_REALPATH will "canonicalize any given
-	dnl path name", however some implementations of realpath (and some
-	dnl versions of the POSIX spec) do not work on non-existent files,
-	dnl so we use the OpenBSD implementation on those platforms.
-	AC_MSG_CHECKING([if realpath works with non-existent files])
-	AC_RUN_IFELSE(
-		[AC_LANG_PROGRAM([[
-#include <limits.h>
-#include <stdlib.h>
-#include <errno.h>
-		]], [[
-		char buf[PATH_MAX];
-		if (realpath("/opensshnonexistentfilename1234", buf) == NULL)
-			if (errno == ENOENT)
-				exit(1);
-		exit(0);
-		]])],
-		[AC_MSG_RESULT([yes])],
-		[AC_DEFINE([BROKEN_REALPATH], [1],
-			[realpath does not work with nonexistent files])
-		 AC_MSG_RESULT([no])],
-		[AC_MSG_WARN([cross compiling: assuming working])]
-	)
-])
-
 AC_MSG_CHECKING([for working fflush(NULL)])
 AC_RUN_IFELSE(
 	[AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])],
@@ -2476,20 +2461,20 @@
 				./*|../*)	withval="`pwd`/$withval"
 			esac
 			if test -d "$withval/lib"; then
-				if test -n "${need_dash_r}"; then
-					LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
+				if test -n "${rpath_opt}"; then
+					LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
 				else
 					LDFLAGS="-L${withval}/lib ${LDFLAGS}"
 				fi
 			elif test -d "$withval/lib64"; then
-				if test -n "${need_dash_r}"; then
-					LDFLAGS="-L${withval}/lib64 -R${withval}/lib64 ${LDFLAGS}"
+				if test -n "${rpath_opt}"; then
+					LDFLAGS="-L${withval}/lib64 ${rpath_opt}${withval}/lib64 ${LDFLAGS}"
 				else
 					LDFLAGS="-L${withval}/lib64 ${LDFLAGS}"
 				fi
 			else
-				if test -n "${need_dash_r}"; then
-					LDFLAGS="-L${withval} -R${withval} ${LDFLAGS}"
+				if test -n "${rpath_opt}"; then
+					LDFLAGS="-L${withval} ${rpath_opt}${withval} ${LDFLAGS}"
 				else
 					LDFLAGS="-L${withval} ${LDFLAGS}"
 				fi
@@ -2527,26 +2512,10 @@
 
 if test "x$openssl" = "xyes" ; then
 	LIBS="-lcrypto $LIBS"
-	AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL], [1],
-		[Define if your ssl headers are included
-		with #include <openssl/header.h>])],
-		[
-			dnl Check default openssl install dir
-			if test -n "${need_dash_r}"; then
-				LDFLAGS="-L/usr/local/ssl/lib -R/usr/local/ssl/lib ${saved_LDFLAGS}"
-			else
-				LDFLAGS="-L/usr/local/ssl/lib ${saved_LDFLAGS}"
-			fi
-			CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}"
-			AC_CHECK_HEADER([openssl/opensslv.h], ,
-			    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
-			AC_TRY_LINK_FUNC([RAND_add], [AC_DEFINE([HAVE_OPENSSL])],
-				[
-					AC_MSG_ERROR([*** Can't find recent OpenSSL libcrypto (see config.log for details) ***])
-				]
-			)
-		]
-	)
+	AC_TRY_LINK_FUNC([RAND_add], ,
+	    [AC_MSG_ERROR([*** working libcrypto not found, check config.log])])
+	AC_CHECK_HEADER([openssl/opensslv.h], ,
+	    [AC_MSG_ERROR([*** OpenSSL headers missing - please install first or check config.log ***])])
 
 	# Determine OpenSSL header version
 	AC_MSG_CHECKING([OpenSSL header version])
@@ -2585,6 +2554,9 @@
 		]
 	)
 
+	# Determining OpenSSL library version is version dependent.
+	AC_CHECK_FUNCS([OpenSSL_version OpenSSL_version_num])
+
 	# Determine OpenSSL library version
 	AC_MSG_CHECKING([OpenSSL library version])
 	AC_RUN_IFELSE(
@@ -2601,9 +2573,18 @@
 		fd = fopen(DATA,"w");
 		if(fd == NULL)
 			exit(1);
-
-		if ((rc = fprintf(fd, "%08lx (%s)\n", (unsigned long)SSLeay(),
-		    SSLeay_version(SSLEAY_VERSION))) < 0)
+#ifndef OPENSSL_VERSION
+# define OPENSSL_VERSION SSLEAY_VERSION
+#endif
+#ifndef HAVE_OPENSSL_VERSION
+# define OpenSSL_version	SSLeay_version
+#endif
+#ifndef HAVE_OPENSSL_VERSION_NUM
+# define OpenSSL_version_num	SSLeay
+#endif
+		if ((rc = fprintf(fd, "%08lx (%s)\n",
+		    (unsigned long)OpenSSL_version_num(),
+		    OpenSSL_version(OPENSSL_VERSION))) < 0)
 			exit(1);
 
 		exit(0);
@@ -2616,14 +2597,15 @@
 				AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
 		                ;;
 			100*)   ;; # 1.0.x
-			101000[0123456]*)
+			101000[[0123456]]*)
 				# https://github.com/openssl/openssl/pull/4613
 				AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
 				;;
 			101*)   ;; # 1.1.x
 			200*)   ;; # LibreSSL
+			300*)   ;; # OpenSSL development branch.
 		        *)
-				AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
+				AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
 		                ;;
 			esac
 			AC_MSG_RESULT([$ssl_library_ver])
@@ -2645,7 +2627,10 @@
 	#include <openssl/opensslv.h>
 	#include <openssl/crypto.h>
 		]], [[
-		exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1);
+#ifndef HAVE_OPENSSL_VERSION_NUM
+# define OpenSSL_version_num	SSLeay
+#endif
+		exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
 		]])],
 		[
 			AC_MSG_RESULT([yes])
@@ -2672,8 +2657,8 @@
 
 	AC_MSG_CHECKING([if programs using OpenSSL functions will link])
 	AC_LINK_IFELSE(
-		[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
-		[[ SSLeay_add_all_algorithms(); ]])],
+		[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
+		[[ ERR_load_crypto_strings(); ]])],
 		[
 			AC_MSG_RESULT([yes])
 		],
@@ -2683,8 +2668,8 @@
 			LIBS="$LIBS -ldl"
 			AC_MSG_CHECKING([if programs using OpenSSL need -ldl])
 			AC_LINK_IFELSE(
-				[AC_LANG_PROGRAM([[ #include <openssl/evp.h> ]],
-				[[ SSLeay_add_all_algorithms(); ]])],
+				[AC_LANG_PROGRAM([[ #include <openssl/err.h> ]],
+				[[ ERR_load_crypto_strings(); ]])],
 				[
 					AC_MSG_RESULT([yes])
 				],
@@ -2699,16 +2684,64 @@
 	AC_CHECK_FUNCS([ \
 		BN_is_prime_ex \
 		DSA_generate_parameters_ex \
-		EVP_DigestInit_ex \
+		EVP_CIPHER_CTX_ctrl \
 		EVP_DigestFinal_ex \
-		EVP_MD_CTX_init \
+		EVP_DigestInit_ex \
 		EVP_MD_CTX_cleanup \
 		EVP_MD_CTX_copy_ex \
+		EVP_MD_CTX_init \
 		HMAC_CTX_init \
 		RSA_generate_key_ex \
 		RSA_get_default_method \
 	])
 
+	# OpenSSL_add_all_algorithms may be a macro.
+	AC_CHECK_FUNC(OpenSSL_add_all_algorithms,
+	    AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a function]),
+	    AC_CHECK_DECL(OpenSSL_add_all_algorithms,
+		AC_DEFINE(HAVE_OPENSSL_ADD_ALL_ALGORITHMS, 1, [as a macro]), ,
+		[[#include <openssl/evp.h>]]
+	    )
+	)
+
+	# LibreSSL/OpenSSL 1.1x API
+	AC_CHECK_FUNCS([ \
+		OPENSSL_init_crypto \
+		DH_get0_key \
+		DH_get0_pqg \
+		DH_set0_key \
+		DH_set_length \
+		DH_set0_pqg \
+		DSA_get0_key \
+		DSA_get0_pqg \
+		DSA_set0_key \
+		DSA_set0_pqg \
+		DSA_SIG_get0 \
+		DSA_SIG_set0 \
+		ECDSA_SIG_get0 \
+		ECDSA_SIG_set0 \
+		EVP_CIPHER_CTX_iv \
+		EVP_CIPHER_CTX_iv_noconst \
+		EVP_CIPHER_CTX_get_iv \
+		EVP_CIPHER_CTX_set_iv \
+		RSA_get0_crt_params \
+		RSA_get0_factors \
+		RSA_get0_key \
+		RSA_set0_crt_params \
+		RSA_set0_factors \
+		RSA_set0_key \
+		RSA_meth_free \
+		RSA_meth_dup \
+		RSA_meth_set1_name \
+		RSA_meth_get_finish \
+		RSA_meth_set_priv_enc \
+		RSA_meth_set_priv_dec \
+		RSA_meth_set_finish \
+		EVP_PKEY_get0_RSA \
+		EVP_MD_CTX_new \
+		EVP_MD_CTX_free \
+	])
+
 	if test "x$openssl_engine" = "xyes" ; then
 		AC_MSG_CHECKING([for OpenSSL ENGINE support])
 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
@@ -2792,119 +2825,6 @@
 		]
 	)
 
-	AC_SEARCH_LIBS([EVP_CIPHER_CTX_ctrl], [crypto],
-		[AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
-		    [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
-
-	# LibreSSL/OpenSSL 1.1x API
-	AC_SEARCH_LIBS([DH_get0_key], [crypto],
-		[AC_DEFINE([HAVE_DH_GET0_KEY], [1],
-		    [Define if libcrypto has DH_get0_key])])
-	AC_SEARCH_LIBS([DH_get0_pqg], [crypto],
-		[AC_DEFINE([HAVE_DH_GET0_PQG], [1],
-		    [Define if libcrypto has DH_get0_pqg])])
-	AC_SEARCH_LIBS([DH_set0_key], [crypto],
-		[AC_DEFINE([HAVE_DH_SET0_KEY], [1],
-		    [Define if libcrypto has DH_set0_key])])
-	AC_SEARCH_LIBS([DH_set_length], [crypto],
-		[AC_DEFINE([HAVE_DH_SET_LENGTH], [1],
-		    [Define if libcrypto has DH_set_length])])
-	AC_SEARCH_LIBS([DH_set0_pqg], [crypto],
-		[AC_DEFINE([HAVE_DH_SET0_PQG], [1],
-		    [Define if libcrypto has DH_set0_pqg])])
-
-	AC_SEARCH_LIBS([DSA_get0_key], [crypto],
-		[AC_DEFINE([HAVE_DSA_GET0_KEY], [1],
-		    [Define if libcrypto has DSA_get0_key])])
-	AC_SEARCH_LIBS([DSA_get0_pqg], [crypto],
-		[AC_DEFINE([HAVE_DSA_GET0_PQG], [1],
-		    [Define if libcrypto has DSA_get0_pqg])])
-	AC_SEARCH_LIBS([DSA_set0_key], [crypto],
-		[AC_DEFINE([HAVE_DSA_SET0_KEY], [1],
-		    [Define if libcrypto has DSA_set0_key])])
-	AC_SEARCH_LIBS([DSA_set0_pqg], [crypto],
-		[AC_DEFINE([HAVE_DSA_SET0_PQG], [1],
-		    [Define if libcrypto has DSA_set0_pqg])])
-
-	AC_SEARCH_LIBS([DSA_SIG_get0], [crypto],
-		[AC_DEFINE([HAVE_DSA_SIG_GET0], [1],
-		    [Define if libcrypto has DSA_SIG_get0])])
-	AC_SEARCH_LIBS([DSA_SIG_set0], [crypto],
-		[AC_DEFINE([HAVE_DSA_SIG_SET0], [1],
-		    [Define if libcrypto has DSA_SIG_set0])])
-
-	AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto],
-		[AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1],
-		    [Define if libcrypto has ECDSA_SIG_get0])])
-	AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto],
-		[AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1],
-		    [Define if libcrypto has ECDSA_SIG_set0])])
-
-	AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto],
-		[AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1],
-		    [Define if libcrypto has EVP_CIPHER_CTX_iv])])
-	AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto],
-		[AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1],
-		    [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])])
-	AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto],
-		[AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
-		    [Define if libcrypto has EVP_CIPHER_CTX_get_iv])])
-	AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto],
-		[AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
-		    [Define if libcrypto has EVP_CIPHER_CTX_set_iv])])
-
-	AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto],
-		[AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1],
-		    [Define if libcrypto has RSA_get0_crt_params])])
-	AC_SEARCH_LIBS([RSA_get0_factors], [crypto],
-		[AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1],
-		    [Define if libcrypto has RSA_get0_factors])])
-	AC_SEARCH_LIBS([RSA_get0_key], [crypto],
-		[AC_DEFINE([HAVE_RSA_GET0_KEY], [1],
-		    [Define if libcrypto has RSA_get0_key])])
-	AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto],
-		[AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1],
-		    [Define if libcrypto has RSA_get0_srt_params])])
-	AC_SEARCH_LIBS([RSA_set0_factors], [crypto],
-		[AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1],
-		    [Define if libcrypto has RSA_set0_factors])])
-	AC_SEARCH_LIBS([RSA_set0_key], [crypto],
-		[AC_DEFINE([HAVE_RSA_SET0_KEY], [1],
-		    [Define if libcrypto has RSA_set0_key])])
-
-	AC_SEARCH_LIBS([RSA_meth_free], [crypto],
-		[AC_DEFINE([HAVE_RSA_METH_FREE], [1],
-		    [Define if libcrypto has RSA_meth_free])])
-	AC_SEARCH_LIBS([RSA_meth_dup], [crypto],
-		[AC_DEFINE([HAVE_RSA_METH_DUP], [1],
-		    [Define if libcrypto has RSA_meth_dup])])
-	AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto],
-		[AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1],
-		    [Define if libcrypto has RSA_meth_set1_name])])
-	AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto],
-		[AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1],
-		    [Define if libcrypto has RSA_meth_get_finish])])
-	AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto],
-		[AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1],
-		    [Define if libcrypto has RSA_meth_set_priv_enc])])
-	AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto],
-		[AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1],
-		    [Define if libcrypto has RSA_meth_set_priv_dec])])
-	AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto],
-		[AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1],
-		    [Define if libcrypto has RSA_meth_set_finish])])
-
-	AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto],
-		[AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1],
-		    [Define if libcrypto has EVP_PKEY_get0_RSA])])
-
-	AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto],
-		[AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
-		    [Define if libcrypto has EVP_MD_CTX_new])])
-	AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto],
-		[AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
-		    [Define if libcrypto has EVP_MD_CTX_free])])
-
 	AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
 	AC_LINK_IFELSE(
 		[AC_LANG_PROGRAM([[
@@ -2937,16 +2857,9 @@
 	fi
 	AC_CHECK_FUNCS([crypt DES_crypt])
 
-	# Search for SHA256 support in libc and/or OpenSSL
-	AC_CHECK_FUNCS([SHA256_Update EVP_sha256], ,
-	    [unsupported_algorithms="$unsupported_algorithms \
-		hmac-sha2-256 \
-		hmac-sha2-512 \
-		diffie-hellman-group-exchange-sha256 \
-		hmac-sha2-256-etm@openssh.com \
-		hmac-sha2-512-etm@openssh.com"
-	     ]
-	)
+	# Check for SHA256, SHA384 and SHA512 support in OpenSSL
+	AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
+
 	# Search for RIPE-MD support in OpenSSL
 	AC_CHECK_FUNCS([EVP_ripemd160], ,
 	    [unsupported_algorithms="$unsupported_algorithms \
@@ -3036,6 +2949,7 @@
 	if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
 	    test x$enable_nistp521 = x1; then
 		AC_DEFINE(OPENSSL_HAS_ECC, [1], [OpenSSL has ECC])
+		AC_CHECK_FUNCS([EC_KEY_METHOD_new])
 	fi
 	if test x$enable_nistp256 = x1; then
 		AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
@@ -3402,8 +3316,7 @@
 #include <stdlib.h>
 	]],[[
 	struct rlimit rl_zero;
-	int fd, r;
-	fd_set fds;
+	int r;
 
 	rl_zero.rlim_cur = rl_zero.rlim_max = 0;
 	r = setrlimit(RLIMIT_NOFILE, &rl_zero);
@@ -3516,10 +3429,10 @@
 AC_CHECK_TYPES([long long, unsigned long long, long double])
 
 # Check datatype sizes
-AC_CHECK_SIZEOF([short int], [2])
-AC_CHECK_SIZEOF([int], [4])
-AC_CHECK_SIZEOF([long int], [4])
-AC_CHECK_SIZEOF([long long int], [8])
+AC_CHECK_SIZEOF([short int])
+AC_CHECK_SIZEOF([int])
+AC_CHECK_SIZEOF([long int])
+AC_CHECK_SIZEOF([long long int])
 
 # Sanity check long long for some platforms (AIX)
 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
@@ -4468,8 +4381,8 @@
 					[ CPPFLAGS="$oldCPP" ])
 
 		fi
-		if test ! -z "$need_dash_r" ; then
-			LDFLAGS="$LDFLAGS -R${KRB5ROOT}/lib"
+		if test -n "${rpath_opt}" ; then
+			LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
 		fi
 		if test ! -z "$blibpath" ; then
 			blibpath="$blibpath:${KRB5ROOT}/lib"
@@ -4687,9 +4600,9 @@
 	]
 )
 if test -z "$MANTYPE"; then
-	TestPath="/usr/bin${PATH_SEPARATOR}/usr/ucb"
-	AC_PATH_PROGS([NROFF], [nroff awf], [/bin/false], [$TestPath])
-	if ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
+	if ${MANDOC} ${srcdir}/ssh.1 >/dev/null 2>&1; then
+		MANTYPE=doc
+	elif ${NROFF} -mdoc ${srcdir}/ssh.1 >/dev/null 2>&1; then
 		MANTYPE=doc
 	elif ${NROFF} -man ${srcdir}/ssh.1 >/dev/null 2>&1; then
 		MANTYPE=man
Index: contrib/cygwin/README
===================================================================
--- contrib/cygwin/README
+++ contrib/cygwin/README
@@ -77,7 +77,7 @@
 
   zlib
   crypt
-  openssl-devel
+  libssl-devel
   libedit-devel
   libkrb5-devel
 
Index: contrib/cygwin/ssh-host-config
===================================================================
--- contrib/cygwin/ssh-host-config
+++ contrib/cygwin/ssh-host-config
@@ -61,7 +61,7 @@
 
 sshd_config_configured=no
 port_number=22
-service_name=sshd
+service_name=cygsshd
 strictmodes=yes
 cygwin_value=""
 user_account=
@@ -307,7 +307,7 @@
 
   if [ -z "${run_service_as}" ]
   then
-    accnt_name=$(/usr/bin/cygrunsrv -VQ sshd |
+    accnt_name=$(/usr/bin/cygrunsrv -VQ "${service_name}" |
     		 /usr/bin/sed -ne 's/^Account *: *//gp')
     if [ "${accnt_name}" = "LocalSystem" ]
     then
@@ -329,9 +329,9 @@
     fi
     if [ -z "${run_service_as}" ]
     then
-      csih_warning "Couldn't determine name of user running sshd service from account database!"
+      csih_warning "Couldn't determine name of user running ${service_name} service from account database!"
       csih_warning "As a result, this script cannot make sure that the files used"
-      csih_warning "by the sshd service belong to the user running the service."
+      csih_warning "by the ${service_name} service belong to the user running the service."
       return 1
     fi
   fi
@@ -367,8 +367,8 @@
   if [ $ret -ne 0 ]
   then
     csih_warning "Couldn't change owner of important files to ${run_service_as}!"
-    csih_warning "This may cause the sshd service to fail!  Please make sure that"
-    csih_warning "you have suufficient permissions to change the ownership of files"
+    csih_warning "This may cause the ${service_name} service to fail!  Please make sure that"
+    csih_warning "you have sufficient permissions to change the ownership of files"
     csih_warning "and try to run the ssh-host-config script again."
   fi
   return $ret
@@ -394,14 +394,24 @@
     then
       csih_get_cygenv "${cygwin_value}"
 
-      if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+      if ( [ "$csih_FORCE_PRIVILEGED_USER" != "yes" ] )
       then
-	csih_inform "On Windows Server 2003, Windows Vista, and above, the"
-	csih_inform "SYSTEM account cannot setuid to other users -- a capability"
-	csih_inform "sshd requires.  You need to have or to create a privileged"
-	csih_inform "account.  This script will help you do so."
-	echo
+	# Enforce using privileged user on 64 bit Vista or W7 under WOW64
+	is_wow64=$(/usr/bin/uname | /usr/bin/grep -q 'WOW' && echo 1 || echo 0)
 
+	if ( csih_is_nt2003 && ! csih_is_windows8 && [ "${is_wow64}" = "1" ] )
+	then
+	  csih_inform "Running 32 bit Cygwin on 64 bit Windows Vista or Windows 7"
+	  csih_inform "the SYSTEM account is not sufficient to setuid to a local"
+	  csih_inform "user account.  You need to have or to create a privileged"
+	  csih_inform "account.  This script will help you do so."
+	  echo
+	  csih_FORCE_PRIVILEGED_USER=yes
+	fi
+      fi
+
+      if ( [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
+      then
 	[ "${opt_force}" = "yes" ] && opt_f=-f
 	[ -n "${user_account}" ] && opt_u="-u ""${user_account}"""
 	csih_select_privileged_username ${opt_f} ${opt_u} sshd
@@ -412,11 +422,12 @@
 	  csih_request "Do you want to proceed anyway?" || exit 1
 	  let ++ret
 	fi
+	# Never returns empty if NT or above
+	run_service_as=$(csih_service_should_run_as)
+      else
+	run_service_as="SYSTEM"
       fi
 
-      # Never returns empty if NT or above
-      run_service_as=$(csih_service_should_run_as)
-
       if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
       then
 	password="${csih_PRIVILEGED_PASSWORD}"
@@ -446,7 +457,7 @@
 	  echo
 	  csih_inform "The sshd service has been installed under the LocalSystem"
 	  csih_inform "account (also known as SYSTEM). To start the service now, call"
-	  csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'.  Otherwise, it"
+	  csih_inform "\`net start ${service_name}' or \`cygrunsrv -S ${service_name}'.  Otherwise, it"
 	  csih_inform "will start automatically after the next reboot."
 	fi
       else
@@ -669,14 +680,24 @@
 fi
 
 # handle sshd_config
+# make sure not to change the existing file
+mod_before=""
+if [ -e "${SYSCONFDIR}/sshd_config" ]
+then
+  mod_before=$(stat "${SYSCONFDIR}/sshd_config" | grep '^Modify:')
+fi
 csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
+mod_now=$(stat "${SYSCONFDIR}/sshd_config" | grep '^Modify:')
 if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
 then
   sshd_config_configured=yes
 fi
-sshd_strictmodes || let warning_cnt+=$?
-sshd_privsep || let warning_cnt+=$?
-sshd_config_tweak || let warning_cnt+=$?
+if [ "${mod_before}" != "${mod_now}" ]
+then
+  sshd_strictmodes || let warning_cnt+=$?
+  sshd_config_tweak || let warning_cnt+=$?
+fi
+#sshd_privsep || let warning_cnt+=$?
 update_services_file || let warning_cnt+=$?
 update_inetd_conf || let warning_cnt+=$?
 install_service || let warning_cnt+=$?
Index: contrib/redhat/openssh.spec
===================================================================
--- contrib/redhat/openssh.spec
+++ contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 7.9p1
+%define ver 8.1p1
 %define rel 1%{?dist}
 
 # OpenSSH privilege separation requires a user & group ID
Index: contrib/suse/openssh.spec
===================================================================
--- contrib/suse/openssh.spec
+++ contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
 
 Summary:	OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:		openssh
-Version:	7.9p1
+Version:	8.1p1
 URL:		https://www.openssh.com/
 Release:	1
 Source0:	openssh-%{version}.tar.gz
Index: crc32.h
===================================================================
--- crc32.h
+++ /dev/null
@@ -1,30 +0,0 @@
-/* $OpenBSD: crc32.h,v 1.15 2006/03/25 22:22:43 djm Exp $ */
-
-/*
- * Copyright (c) 2003 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#ifndef SSH_CRC32_H
-#define SSH_CRC32_H
-u_int32_t	 ssh_crc32(const u_char *, u_int32_t);
-#endif
Index: crc32.c
===================================================================
--- crc32.c
+++ /dev/null
@@ -1,105 +0,0 @@
-/* $OpenBSD: crc32.c,v 1.11 2006/04/22 18:29:33 stevesk Exp $ */
-
-/*
- * Copyright (c) 2003 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#include "includes.h"
-#include "crc32.h"
-
-static const u_int32_t crc32tab[] = {
-	0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL,
-	0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L,
-	0x0edb8832L, 0x79dcb8a4L, 0xe0d5e91eL, 0x97d2d988L,
-	0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, 0x90bf1d91L,
-	0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
-	0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L,
-	0x136c9856L, 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL,
-	0x14015c4fL, 0x63066cd9L, 0xfa0f3d63L, 0x8d080df5L,
-	0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, 0xa2677172L,
-	0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
-	0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L,
-	0x32d86ce3L, 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L,
-	0x26d930acL, 0x51de003aL, 0xc8d75180L, 0xbfd06116L,
-	0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, 0xb8bda50fL,
-	0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
-	0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL,
-	0x76dc4190L, 0x01db7106L, 0x98d220bcL, 0xefd5102aL,
-	0x71b18589L, 0x06b6b51fL, 0x9fbfe4a5L, 0xe8b8d433L,
-	0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, 0xe10e9818L,
-	0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
-	0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL,
-	0x6c0695edL, 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L,
-	0x65b0d9c6L, 0x12b7e950L, 0x8bbeb8eaL, 0xfcb9887cL,
-	0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, 0xfbd44c65L,
-	0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
-	0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL,
-	0x4369e96aL, 0x346ed9fcL, 0xad678846L, 0xda60b8d0L,
-	0x44042d73L, 0x33031de5L, 0xaa0a4c5fL, 0xdd0d7cc9L,
-	0x5005713cL, 0x270241aaL, 0xbe0b1010L, 0xc90c2086L,
-	0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
-	0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L,
-	0x59b33d17L, 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL,
-	0xedb88320L, 0x9abfb3b6L, 0x03b6e20cL, 0x74b1d29aL,
-	0xead54739L, 0x9dd277afL, 0x04db2615L, 0x73dc1683L,
-	0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
-	0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L,
-	0xf00f9344L, 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL,
-	0xf762575dL, 0x806567cbL, 0x196c3671L, 0x6e6b06e7L,
-	0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, 0x67dd4accL,
-	0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
-	0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L,
-	0xd1bb67f1L, 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL,
-	0xd80d2bdaL, 0xaf0a1b4cL, 0x36034af6L, 0x41047a60L,
-	0xdf60efc3L, 0xa867df55L, 0x316e8eefL, 0x4669be79L,
-	0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
-	0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL,
-	0xc5ba3bbeL, 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L,
-	0xc2d7ffa7L, 0xb5d0cf31L, 0x2cd99e8bL, 0x5bdeae1dL,
-	0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, 0x026d930aL,
-	0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
-	0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L,
-	0x92d28e9bL, 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L,
-	0x86d3d2d4L, 0xf1d4e242L, 0x68ddb3f8L, 0x1fda836eL,
-	0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, 0x18b74777L,
-	0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
-	0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L,
-	0xa00ae278L, 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L,
-	0xa7672661L, 0xd06016f7L, 0x4969474dL, 0x3e6e77dbL,
-	0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, 0x37d83bf0L,
-	0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
-	0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L,
-	0xbad03605L, 0xcdd70693L, 0x54de5729L, 0x23d967bfL,
-	0xb3667a2eL, 0xc4614ab8L, 0x5d681b02L, 0x2a6f2b94L,
-	0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, 0x2d02ef8dL
-};
-
-u_int32_t
-ssh_crc32(const u_char *buf, u_int32_t size)
-{
-	u_int32_t i, crc;
-
-	crc = 0;
-	for (i = 0; i < size; i++)
-		crc = crc32tab[(crc ^ buf[i]) & 0xff] ^ (crc >> 8);
-	return crc;
-}
Index: crypto_api.h
===================================================================
--- crypto_api.h
+++ crypto_api.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto_api.h,v 1.4 2017/12/14 21:07:39 naddy Exp $ */
+/* $OpenBSD: crypto_api.h,v 1.5 2019/01/21 10:20:12 djm Exp $ */
 
 /*
  * Assembled from generated headers and source files by Markus Friedl.
@@ -15,10 +15,15 @@
 #endif
 #include <stdlib.h>
 
+typedef int8_t crypto_int8;
+typedef uint8_t crypto_uint8;
+typedef int16_t crypto_int16;
+typedef uint16_t crypto_uint16;
 typedef int32_t crypto_int32;
 typedef uint32_t crypto_uint32;
 
 #define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len))
+#define small_random32() arc4random()
 
 #define crypto_hash_sha512_BYTES 64U
 
@@ -36,5 +41,16 @@
 int	crypto_sign_ed25519_open(unsigned char *, unsigned long long *,
     const unsigned char *, unsigned long long, const unsigned char *);
 int	crypto_sign_ed25519_keypair(unsigned char *, unsigned char *);
+
+#define crypto_kem_sntrup4591761_PUBLICKEYBYTES 1218
+#define crypto_kem_sntrup4591761_SECRETKEYBYTES 1600
+#define crypto_kem_sntrup4591761_CIPHERTEXTBYTES 1047
+#define crypto_kem_sntrup4591761_BYTES 32
+
+int	crypto_kem_sntrup4591761_enc(unsigned char *cstr, unsigned char *k,
+    const unsigned char *pk);
+int	crypto_kem_sntrup4591761_dec(unsigned char *k,
+    const unsigned char *cstr, const unsigned char *sk);
+int	crypto_kem_sntrup4591761_keypair(unsigned char *pk, unsigned char *sk);
 
 #endif /* crypto_api_h */
Index: defines.h
===================================================================
--- defines.h
+++ defines.h
@@ -96,6 +96,15 @@
 #ifndef IPTOS_DSCP_EF
 # define	IPTOS_DSCP_EF		0xb8
 #endif /* IPTOS_DSCP_EF */
+#ifndef IPTOS_PREC_CRITIC_ECP
+# define IPTOS_PREC_CRITIC_ECP		0xa0
+#endif
+#ifndef IPTOS_PREC_INTERNETCONTROL
+# define IPTOS_PREC_INTERNETCONTROL	0xc0
+#endif
+#ifndef IPTOS_PREC_NETCONTROL
+# define IPTOS_PREC_NETCONTROL		0xe0
+#endif
 
 #ifndef PATH_MAX
 # ifdef _POSIX_PATH_MAX
@@ -108,10 +117,6 @@
 #  define MAXPATHLEN PATH_MAX
 # else /* PATH_MAX */
 #  define MAXPATHLEN 64
-/* realpath uses a fixed buffer of size MAXPATHLEN, so force use of ours */
-#  ifndef BROKEN_REALPATH
-#   define BROKEN_REALPATH 1
-#  endif /* BROKEN_REALPATH */
 # endif /* PATH_MAX */
 #endif /* MAXPATHLEN */
 
@@ -834,9 +839,10 @@
 /*
  * We want functions in openbsd-compat, if enabled, to override system ones.
  * We no-op out the weak symbol definition rather than remove it to reduce
- * future sync problems.
+ * future sync problems.  Some compilers (eg Unixware) do not allow an
+ * empty statement, so we use a bogus function declaration.
  */
-#define DEF_WEAK(x)
+#define DEF_WEAK(x)	void __ssh_compat_weak_##x(void)
 
 /*
  * Platforms that have arc4random_uniform() and not arc4random_stir()
Index: dh.h
===================================================================
--- dh.h
+++ dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.15 2016/05/02 10:26:04 djm Exp $ */
+/* $OpenBSD: dh.h,v 1.18 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
@@ -26,6 +26,8 @@
 #ifndef DH_H
 #define DH_H
 
+#ifdef WITH_OPENSSL
+
 struct dhgroup {
 	int size;
 	BIGNUM *g;
@@ -48,7 +50,7 @@
 
 /*
  * Max value from RFC4419.
- * Miniumum increased in light of DH precomputation attacks.
+ * Min value from RFC8270.
  */
 #define DH_GRP_MIN	2048
 #define DH_GRP_MAX	8192
@@ -76,5 +78,6 @@
 #define MODULI_TESTS_JACOBI		(0x08)
 #define MODULI_TESTS_ELLIPTIC		(0x10)
 
+#endif /* WITH_OPENSSL */
 
-#endif
+#endif /* DH_H */
Index: dh.c
===================================================================
--- dh.c
+++ dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.68 2018/09/17 15:40:14 millert Exp $ */
+/* $OpenBSD: dh.c,v 1.71 2019/09/06 06:08:11 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -27,9 +27,6 @@
 
 #ifdef WITH_OPENSSL
 
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-
 #include <errno.h>
 #include <stdarg.h>
 #include <stdio.h>
@@ -37,6 +34,9 @@
 #include <string.h>
 #include <limits.h>
 
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+
 #include "dh.h"
 #include "pathnames.h"
 #include "log.h"
@@ -406,7 +406,7 @@
 DH *
 dh_new_group18(void)
 {
-	static char *gen = "2", *group16 =
+	static char *gen = "2", *group18 =
 	    "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" "C4C6628B" "80DC1CD1"
 	    "29024E08" "8A67CC74" "020BBEA6" "3B139B22" "514A0879" "8E3404DD"
 	    "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" "4FE1356D" "6D51C245"
@@ -451,7 +451,7 @@
 	    "9558E447" "5677E9AA" "9E3050E2" "765694DF" "C81F56E8" "80B96E71"
 	    "60C980DD" "98EDD3DF" "FFFFFFFF" "FFFFFFFF";
 
-	return (dh_new_group_asc(gen, group16));
+	return (dh_new_group_asc(gen, group18));
 }
 
 /* Select fallback group used by DH-GEX if moduli file cannot be read. */
Index: digest-libc.c
===================================================================
--- digest-libc.c
+++ digest-libc.c
@@ -28,7 +28,11 @@
 #if 0
 #include <md5.h>
 #include <rmd160.h>
+#endif
+#ifdef HAVE_SHA1_H
 #include <sha1.h>
+#endif
+#ifdef HAVE_SHA2_H
 #include <sha2.h>
 #endif
 
@@ -83,30 +87,30 @@
 		"SHA256",
 		SHA256_BLOCK_LENGTH,
 		SHA256_DIGEST_LENGTH,
-		sizeof(SHA256_CTX),
-		(md_init_fn *) SHA256_Init,
-		(md_update_fn *) SHA256_Update,
-		(md_final_fn *) SHA256_Final
+		sizeof(SHA2_CTX),
+		(md_init_fn *) SHA256Init,
+		(md_update_fn *) SHA256Update,
+		(md_final_fn *) SHA256Final
 	},
 	{
 		SSH_DIGEST_SHA384,
 		"SHA384",
 		SHA384_BLOCK_LENGTH,
 		SHA384_DIGEST_LENGTH,
-		sizeof(SHA384_CTX),
-		(md_init_fn *) SHA384_Init,
-		(md_update_fn *) SHA384_Update,
-		(md_final_fn *) SHA384_Final
+		sizeof(SHA2_CTX),
+		(md_init_fn *) SHA384Init,
+		(md_update_fn *) SHA384Update,
+		(md_final_fn *) SHA384Final
 	},
 	{
 		SSH_DIGEST_SHA512,
 		"SHA512",
 		SHA512_BLOCK_LENGTH,
 		SHA512_DIGEST_LENGTH,
-		sizeof(SHA512_CTX),
-		(md_init_fn *) SHA512_Init,
-		(md_update_fn *) SHA512_Update,
-		(md_final_fn *) SHA512_Final
+		sizeof(SHA2_CTX),
+		(md_init_fn *) SHA512Init,
+		(md_update_fn *) SHA512Update,
+		(md_final_fn *) SHA512Final
 	}
 };
 
Index: digest-openssl.c
===================================================================
--- digest-openssl.c
+++ digest-openssl.c
@@ -34,12 +34,16 @@
 
 #ifndef HAVE_EVP_RIPEMD160
 # define EVP_ripemd160 NULL
-#endif /* HAVE_EVP_RIPEMD160 */
+#endif
 #ifndef HAVE_EVP_SHA256
 # define EVP_sha256 NULL
+#endif
+#ifndef HAVE_EVP_SHA384
 # define EVP_sha384 NULL
+#endif
+#ifndef HAVE_EVP_SHA512
 # define EVP_sha512 NULL
-#endif /* HAVE_EVP_SHA256 */
+#endif
 
 struct ssh_digest_ctx {
 	int alg;
Index: dispatch.h
===================================================================
--- dispatch.h
+++ dispatch.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dispatch.h,v 1.14 2017/05/31 07:00:13 markus Exp $ */
+/* $OpenBSD: dispatch.h,v 1.15 2019/01/19 21:45:31 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -45,12 +45,5 @@
 void	ssh_dispatch_range(struct ssh *, u_int, u_int, dispatch_fn *);
 int	ssh_dispatch_run(struct ssh *, int, volatile sig_atomic_t *);
 void	ssh_dispatch_run_fatal(struct ssh *, int, volatile sig_atomic_t *);
-
-#define dispatch_init(dflt) \
-	ssh_dispatch_init(active_state, (dflt))
-#define dispatch_range(from, to, fn) \
-	ssh_dispatch_range(active_state, (from), (to), (fn))
-#define dispatch_set(type, fn) \
-	ssh_dispatch_set(active_state, (type), (fn))
 
 #endif
Index: dispatch.c
===================================================================
--- dispatch.c
+++ dispatch.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dispatch.c,v 1.31 2017/05/31 07:00:13 markus Exp $ */
+/* $OpenBSD: dispatch.c,v 1.32 2019/01/19 21:33:13 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -47,7 +47,7 @@
 	    (r = sshpkt_put_u32(ssh, seq)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0 ||
 	    (r = ssh_packet_write_wait(ssh)) != 0)
-		sshpkt_fatal(ssh, __func__, r);
+		sshpkt_fatal(ssh, r, "%s", __func__);
 	return 0;
 }
 
@@ -131,5 +131,5 @@
 	int r;
 
 	if ((r = ssh_dispatch_run(ssh, mode, done)) != 0)
-		sshpkt_fatal(ssh, __func__, r);
+		sshpkt_fatal(ssh, r, "%s", __func__);
 }
Index: dns.c
===================================================================
--- dns.c
+++ dns.c
@@ -34,7 +34,6 @@
 #include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
-#include <stdarg.h>
 #include <stdlib.h>
 
 #include "xmalloc.h"
Index: entropy.c
===================================================================
--- entropy.c
+++ entropy.c
@@ -24,6 +24,8 @@
 
 #include "includes.h"
 
+#define RANDOM_SEED_SIZE 48
+
 #ifdef WITH_OPENSSL
 
 #include <sys/types.h>
@@ -37,6 +39,7 @@
 
 #include <errno.h>
 #include <signal.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 #include <stddef.h> /* for offsetof */
@@ -64,8 +67,6 @@
  */
 #ifndef OPENSSL_PRNG_ONLY
 
-#define RANDOM_SEED_SIZE 48
-
 /*
  * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
  * listening either on 'tcp_port', or via Unix domain socket at *
@@ -201,14 +202,15 @@
 void
 rexec_recv_rng_seed(struct sshbuf *m)
 {
-	u_char *buf = NULL;
+	const u_char *buf = NULL;
 	size_t len = 0;
 	int r;
 
-	if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0
+	if ((r = sshbuf_get_string_direct(m, &buf, &len)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
-	debug3("rexec_recv_rng_seed: seeding rng with %u bytes", len);
+	debug3("rexec_recv_rng_seed: seeding rng with %lu bytes",
+	    (unsigned long)len);
 	RAND_add(buf, len, len);
 }
 #endif /* OPENSSL_PRNG_ONLY */
@@ -216,35 +218,49 @@
 void
 seed_rng(void)
 {
-#ifndef OPENSSL_PRNG_ONLY
 	unsigned char buf[RANDOM_SEED_SIZE];
-#endif
-	if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER, SSLeay()))
+
+	/* Initialise libcrypto */
+	ssh_libcrypto_init();
+
+	if (!ssh_compatible_openssl(OPENSSL_VERSION_NUMBER,
+	    OpenSSL_version_num()))
 		fatal("OpenSSL version mismatch. Built against %lx, you "
-		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
+		    "have %lx", (u_long)OPENSSL_VERSION_NUMBER,
+		    OpenSSL_version_num());
 
 #ifndef OPENSSL_PRNG_ONLY
-	if (RAND_status() == 1) {
+	if (RAND_status() == 1)
 		debug3("RNG is ready, skipping seeding");
-		return;
+	else {
+		if (seed_from_prngd(buf, sizeof(buf)) == -1)
+			fatal("Could not obtain seed from PRNGd");
+		RAND_add(buf, sizeof(buf), sizeof(buf));
 	}
-
-	if (seed_from_prngd(buf, sizeof(buf)) == -1)
-		fatal("Could not obtain seed from PRNGd");
-	RAND_add(buf, sizeof(buf), sizeof(buf));
-	memset(buf, '\0', sizeof(buf));
-
 #endif /* OPENSSL_PRNG_ONLY */
+
 	if (RAND_status() != 1)
 		fatal("PRNG is not seeded");
+
+	/* Ensure arc4random() is primed */
+	arc4random_buf(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }
 
 #else /* WITH_OPENSSL */
 
-/* Handled in arc4random() */
+#include <stdlib.h>
+#include <string.h>
+
+/* Actual initialisation is handled in arc4random() */
 void
 seed_rng(void)
 {
+	unsigned char buf[RANDOM_SEED_SIZE];
+
+	/* Ensure arc4random() is primed */
+	arc4random_buf(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }
 
 #endif /* WITH_OPENSSL */
Index: groupaccess.c
===================================================================
--- groupaccess.c
+++ groupaccess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: groupaccess.c,v 1.16 2015/05/04 06:10:48 djm Exp $ */
+/* $OpenBSD: groupaccess.c,v 1.17 2019/03/06 22:14:23 dtucker Exp $ */
 /*
  * Copyright (c) 2001 Kevin Steves.  All rights reserved.
  *
@@ -103,7 +103,8 @@
 	int i, found = 0;
 
 	for (i = 0; i < ngroups; i++) {
-		switch (match_pattern_list(groups_byname[i], group_pattern, 0)) {
+		switch (match_usergroup_pattern_list(groups_byname[i],
+		    group_pattern)) {
 		case -1:
 			return 0;	/* Negated match wins */
 		case 0:
Index: hmac.c
===================================================================
--- hmac.c
+++ hmac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hmac.c,v 1.12 2015/03/24 20:03:44 markus Exp $ */
+/* $OpenBSD: hmac.c,v 1.13 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2014 Markus Friedl.  All rights reserved.
  *
@@ -18,6 +18,8 @@
 #include "includes.h"
 
 #include <sys/types.h>
+
+#include <stdlib.h>
 #include <string.h>
 
 #include "sshbuf.h"
Index: hostfile.c
===================================================================
--- hostfile.c
+++ hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.73 2018/07/16 03:09:13 djm Exp $ */
+/* $OpenBSD: hostfile.c,v 1.76 2019/07/07 01:05:00 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -49,7 +49,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <stdarg.h>
 #include <unistd.h>
 
 #include "xmalloc.h"
@@ -163,13 +162,12 @@
 hostfile_read_key(char **cpp, u_int *bitsp, struct sshkey *ret)
 {
 	char *cp;
-	int r;
 
 	/* Skip leading whitespace. */
 	for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)
 		;
 
-	if ((r = sshkey_read(ret, &cp)) != 0)
+	if (sshkey_read(ret, &cp) != 0)
 		return 0;
 
 	/* Skip trailing whitespace. */
@@ -545,8 +543,8 @@
 	/*
 	 * Prepare temporary file for in-place deletion.
 	 */
-	if ((r = asprintf(&temp, "%s.XXXXXXXXXXX", filename)) < 0 ||
-	    (r = asprintf(&back, "%s.old", filename)) < 0) {
+	if ((r = asprintf(&temp, "%s.XXXXXXXXXXX", filename)) == -1 ||
+	    (r = asprintf(&back, "%s.old", filename)) == -1) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto fail;
 	}
Index: kex.h
===================================================================
--- kex.h
+++ kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.91 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: kex.h,v 1.109 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -27,12 +27,12 @@
 #define KEX_H
 
 #include "mac.h"
+#include "crypto_api.h"
 
-#ifdef WITH_LEAKMALLOC
-#include "leakmalloc.h"
-#endif
-
 #ifdef WITH_OPENSSL
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+# include <openssl/ecdsa.h>
 # ifdef OPENSSL_HAS_ECC
 #  include <openssl/ec.h>
 # else /* OPENSSL_HAS_ECC */
@@ -62,6 +62,7 @@
 #define	KEX_ECDH_SHA2_NISTP521		"ecdh-sha2-nistp521"
 #define	KEX_CURVE25519_SHA256		"curve25519-sha256"
 #define	KEX_CURVE25519_SHA256_OLD	"curve25519-sha256@libssh.org"
+#define	KEX_SNTRUP4591761X25519_SHA512	"sntrup4591761x25519-sha512@tinyssh.org"
 
 #define COMP_NONE	0
 /* pre-auth compression (COMP_ZLIB) is only supported in the client */
@@ -100,10 +101,12 @@
 	KEX_DH_GEX_SHA256,
 	KEX_ECDH_SHA2,
 	KEX_C25519_SHA256,
+	KEX_KEM_SNTRUP4591761X25519_SHA512,
 	KEX_MAX
 };
 
 #define KEX_INIT_SENT	0x0001
+#define KEX_INITIAL	0x0002
 
 struct sshenc {
 	char	*name;
@@ -144,27 +147,29 @@
 	int	ext_info_c;
 	struct sshbuf *my;
 	struct sshbuf *peer;
+	struct sshbuf *client_version;
+	struct sshbuf *server_version;
 	sig_atomic_t done;
 	u_int	flags;
 	int	hash_alg;
 	int	ec_nid;
-	char	*client_version_string;
-	char	*server_version_string;
 	char	*failed_choice;
 	int	(*verify_host_key)(struct sshkey *, struct ssh *);
 	struct sshkey *(*load_host_public_key)(int, int, struct ssh *);
 	struct sshkey *(*load_host_private_key)(int, int, struct ssh *);
 	int	(*host_key_index)(struct sshkey *, int, struct ssh *);
-	int	(*sign)(struct sshkey *, struct sshkey *, u_char **, size_t *,
-	    const u_char *, size_t, const char *, u_int);
+	int	(*sign)(struct ssh *, struct sshkey *, struct sshkey *,
+	    u_char **, size_t *, const u_char *, size_t, const char *);
 	int	(*kex[KEX_MAX])(struct ssh *);
 	/* kex specific state */
 	DH	*dh;			/* DH */
 	u_int	min, max, nbits;	/* GEX */
 	EC_KEY	*ec_client_key;		/* ECDH */
 	const EC_GROUP *ec_group;	/* ECDH */
-	u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
+	u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
 	u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
+	u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */
+	struct sshbuf *client_pub;
 };
 
 int	 kex_names_valid(const char *);
@@ -172,7 +177,10 @@
 char	*kex_names_cat(const char *, const char *);
 int	 kex_assemble_names(char **, const char *, const char *);
 
-int	 kex_new(struct ssh *, char *[PROPOSAL_MAX], struct kex **);
+int	 kex_exchange_identification(struct ssh *, int, const char *);
+
+struct kex *kex_new(void);
+int	 kex_ready(struct ssh *, char *[PROPOSAL_MAX]);
 int	 kex_setup(struct ssh *, char *[PROPOSAL_MAX]);
 void	 kex_free_newkeys(struct newkeys *);
 void	 kex_free(struct kex *);
@@ -180,44 +188,52 @@
 int	 kex_buf2prop(struct sshbuf *, int *, char ***);
 int	 kex_prop2buf(struct sshbuf *, char *proposal[PROPOSAL_MAX]);
 void	 kex_prop_free(char **);
+int	 kex_load_hostkey(struct ssh *, struct sshkey **, struct sshkey **);
+int	 kex_verify_host_key(struct ssh *, struct sshkey *);
 
 int	 kex_send_kexinit(struct ssh *);
 int	 kex_input_kexinit(int, u_int32_t, struct ssh *);
 int	 kex_input_ext_info(int, u_int32_t, struct ssh *);
 int	 kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
-int	 kex_derive_keys_bn(struct ssh *, u_char *, u_int, const BIGNUM *);
 int	 kex_send_newkeys(struct ssh *);
 int	 kex_start_rekex(struct ssh *);
 
-int	 kexdh_client(struct ssh *);
-int	 kexdh_server(struct ssh *);
 int	 kexgex_client(struct ssh *);
 int	 kexgex_server(struct ssh *);
-int	 kexecdh_client(struct ssh *);
-int	 kexecdh_server(struct ssh *);
-int	 kexc25519_client(struct ssh *);
-int	 kexc25519_server(struct ssh *);
+int	 kex_gen_client(struct ssh *);
+int	 kex_gen_server(struct ssh *);
 
-int	 kex_dh_hash(int, const char *, const char *,
-    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
-    const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *);
+int	 kex_dh_keypair(struct kex *);
+int	 kex_dh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
+    struct sshbuf **);
+int	 kex_dh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
 
-int	 kexgex_hash(int, const char *, const char *,
-    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+int	 kex_ecdh_keypair(struct kex *);
+int	 kex_ecdh_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
+    struct sshbuf **);
+int	 kex_ecdh_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
+
+int	 kex_c25519_keypair(struct kex *);
+int	 kex_c25519_enc(struct kex *, const struct sshbuf *, struct sshbuf **,
+    struct sshbuf **);
+int	 kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
+
+int	 kex_kem_sntrup4591761x25519_keypair(struct kex *);
+int	 kex_kem_sntrup4591761x25519_enc(struct kex *, const struct sshbuf *,
+    struct sshbuf **, struct sshbuf **);
+int	 kex_kem_sntrup4591761x25519_dec(struct kex *, const struct sshbuf *,
+    struct sshbuf **);
+
+int	 kex_dh_keygen(struct kex *);
+int	 kex_dh_compute_key(struct kex *, BIGNUM *, struct sshbuf *);
+
+int	 kexgex_hash(int, const struct sshbuf *, const struct sshbuf *,
+    const struct sshbuf *, const struct sshbuf *, const struct sshbuf *,
     int, int, int,
     const BIGNUM *, const BIGNUM *, const BIGNUM *,
-    const BIGNUM *, const BIGNUM *,
+    const BIGNUM *, const u_char *, size_t,
     u_char *, size_t *);
 
-int kex_ecdh_hash(int, const EC_GROUP *, const char *, const char *,
-    const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
-    const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
-
-int	 kex_c25519_hash(int, const char *, const char *,
-    const u_char *, size_t, const u_char *, size_t,
-    const u_char *, size_t, const u_char *, const u_char *,
-    const u_char *, size_t, u_char *, size_t *);
-
 void	kexc25519_keygen(u_char key[CURVE25519_SIZE], u_char pub[CURVE25519_SIZE])
 	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
 	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
@@ -225,9 +241,13 @@
     const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
 	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
 	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
+int	kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE],
+    const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int)
+	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
+	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
 
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
-void	dump_digest(char *, u_char *, int);
+void	dump_digest(const char *, const u_char *, int);
 #endif
 
 #if !defined(WITH_OPENSSL) || !defined(OPENSSL_HAS_ECC)
Index: kex.c
===================================================================
--- kex.c
+++ kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.141 2018/07/09 13:37:10 sf Exp $ */
+/* $OpenBSD: kex.c,v 1.155 2019/10/08 22:40:39 dtucker Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -25,19 +25,25 @@
 
 #include "includes.h"
 
-
+#include <sys/types.h>
+#include <errno.h>
 #include <signal.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
+#include <poll.h>
 
 #ifdef WITH_OPENSSL
 #include <openssl/crypto.h>
 #include <openssl/dh.h>
 #endif
 
+#include "ssh.h"
 #include "ssh2.h"
+#include "atomicio.h"
+#include "version.h"
 #include "packet.h"
 #include "compat.h"
 #include "cipher.h"
@@ -102,8 +108,10 @@
 #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
 	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
 	{ KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
+	{ KEX_SNTRUP4591761X25519_SHA512, KEX_KEM_SNTRUP4591761X25519_SHA512, 0,
+	    SSH_DIGEST_SHA512 },
 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
-	{ NULL, -1, -1, -1},
+	{ NULL, 0, -1, -1},
 };
 
 char *
@@ -205,8 +213,9 @@
 /*
  * Assemble a list of algorithms from a default list and a string from a
  * configuration file. The user-provided string may begin with '+' to
- * indicate that it should be appended to the default or '-' that the
- * specified names should be removed.
+ * indicate that it should be appended to the default, '-' that the
+ * specified names should be removed, or '^' that they should be placed
+ * at the head.
  */
 int
 kex_assemble_names(char **listp, const char *def, const char *all)
@@ -215,7 +224,10 @@
 	char *list = NULL, *ret = NULL, *matching = NULL, *opatterns = NULL;
 	int r = SSH_ERR_INTERNAL_ERROR;
 
-	if (listp == NULL || *listp == NULL || **listp == '\0') {
+	if (listp == NULL || def == NULL || all == NULL)
+		return SSH_ERR_INVALID_ARGUMENT;
+
+	if (*listp == NULL || **listp == '\0') {
 		if ((*listp = strdup(def)) == NULL)
 			return SSH_ERR_ALLOC_FAIL;
 		return 0;
@@ -240,6 +252,14 @@
 		free(list);
 		/* filtering has already been done */
 		return 0;
+	} else if (*list == '^') {
+		/* Place names at head of default list */
+		if ((tmp = kex_names_cat(list + 1, def)) == NULL) {
+			r = SSH_ERR_ALLOC_FAIL;
+			goto fail;
+		}
+		free(list);
+		list = tmp;
 	} else {
 		/* Explicit list, overrides default - just use "list" as is */
 	}
@@ -337,18 +357,25 @@
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) /* skip cookie */
+	if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) { /* skip cookie */
+		error("%s: consume cookie: %s", __func__, ssh_err(r));
 		goto out;
+	}
 	/* extract kex init proposal strings */
 	for (i = 0; i < PROPOSAL_MAX; i++) {
-		if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0)
+		if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) {
+			error("%s: parse proposal %u: %s", __func__,
+			    i, ssh_err(r));
 			goto out;
+		}
 		debug2("%s: %s", proposal_names[i], proposal[i]);
 	}
 	/* first kex follows / reserved */
 	if ((r = sshbuf_get_u8(b, &v)) != 0 ||	/* first_kex_follows */
-	    (r = sshbuf_get_u32(b, &i)) != 0)	/* reserved */
+	    (r = sshbuf_get_u32(b, &i)) != 0) {	/* reserved */
+		error("%s: parse: %s", __func__, ssh_err(r));
 		goto out;
+	}
 	if (first_kex_follows != NULL)
 		*first_kex_follows = v;
 	debug2("first_kex_follows %d ", v);
@@ -401,6 +428,7 @@
 	int r;
 	char *algs;
 
+	debug("Sending SSH2_MSG_EXT_INFO");
 	if ((algs = sshkey_alg_list(0, 1, 1, ',')) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
 	/* XXX filter algs list by allowed pubkey/hostbased types */
@@ -408,8 +436,10 @@
 	    (r = sshpkt_put_u32(ssh, 1)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, algs)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
+	    (r = sshpkt_send(ssh)) != 0) {
+		error("%s: compose: %s", __func__, ssh_err(r));
 		goto out;
+	}
 	/* success */
 	r = 0;
  out:
@@ -427,11 +457,11 @@
 	    (r = sshpkt_send(ssh)) != 0)
 		return r;
 	debug("SSH2_MSG_NEWKEYS sent");
-	debug("expecting SSH2_MSG_NEWKEYS");
 	ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys);
-	if (ssh->kex->ext_info_c)
+	if (ssh->kex->ext_info_c && (ssh->kex->flags & KEX_INITIAL) != 0)
 		if ((r = kex_send_ext_info(ssh)) != 0)
 			return r;
+	debug("expecting SSH2_MSG_NEWKEYS");
 	return 0;
 }
 
@@ -487,6 +517,7 @@
 	if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
 		return r;
 	kex->done = 1;
+	kex->flags &= ~KEX_INITIAL;
 	sshbuf_reset(kex->peer);
 	/* sshbuf_reset(kex->my); */
 	kex->flags &= ~KEX_INIT_SENT;
@@ -502,23 +533,32 @@
 	struct kex *kex = ssh->kex;
 	int r;
 
-	if (kex == NULL)
+	if (kex == NULL) {
+		error("%s: no hex", __func__);
 		return SSH_ERR_INTERNAL_ERROR;
+	}
 	if (kex->flags & KEX_INIT_SENT)
 		return 0;
 	kex->done = 0;
 
 	/* generate a random cookie */
-	if (sshbuf_len(kex->my) < KEX_COOKIE_LEN)
+	if (sshbuf_len(kex->my) < KEX_COOKIE_LEN) {
+		error("%s: bad kex length: %zu < %d", __func__,
+		    sshbuf_len(kex->my), KEX_COOKIE_LEN);
 		return SSH_ERR_INVALID_FORMAT;
-	if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL)
+	}
+	if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL) {
+		error("%s: buffer error", __func__);
 		return SSH_ERR_INTERNAL_ERROR;
+	}
 	arc4random_buf(cookie, KEX_COOKIE_LEN);
 
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXINIT)) != 0 ||
 	    (r = sshpkt_putb(ssh, kex->my)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
+	    (r = sshpkt_send(ssh)) != 0) {
+		error("%s: compose reply: %s", __func__, ssh_err(r));
 		return r;
+	}
 	debug("SSH2_MSG_KEXINIT sent");
 	kex->flags |= KEX_INIT_SENT;
 	return 0;
@@ -535,21 +575,28 @@
 	int r;
 
 	debug("SSH2_MSG_KEXINIT received");
-	if (kex == NULL)
-		return SSH_ERR_INVALID_ARGUMENT;
-
+	if (kex == NULL) {
+		error("%s: no hex", __func__);
+		return SSH_ERR_INTERNAL_ERROR;
+	}
 	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
 	ptr = sshpkt_ptr(ssh, &dlen);
 	if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0)
 		return r;
 
 	/* discard packet */
-	for (i = 0; i < KEX_COOKIE_LEN; i++)
-		if ((r = sshpkt_get_u8(ssh, NULL)) != 0)
+	for (i = 0; i < KEX_COOKIE_LEN; i++) {
+		if ((r = sshpkt_get_u8(ssh, NULL)) != 0) {
+			error("%s: discard cookie: %s", __func__, ssh_err(r));
 			return r;
-	for (i = 0; i < PROPOSAL_MAX; i++)
-		if ((r = sshpkt_get_string(ssh, NULL, NULL)) != 0)
+		}
+	}
+	for (i = 0; i < PROPOSAL_MAX; i++) {
+		if ((r = sshpkt_get_string(ssh, NULL, NULL)) != 0) {
+			error("%s: discard proposal: %s", __func__, ssh_err(r));
 			return r;
+		}
+	}
 	/*
 	 * XXX RFC4253 sec 7: "each side MAY guess" - currently no supported
 	 * KEX method has the server move first, but a server might be using
@@ -574,34 +621,24 @@
 	if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
 		return (kex->kex[kex->kex_type])(ssh);
 
+	error("%s: unknown kex type %u", __func__, kex->kex_type);
 	return SSH_ERR_INTERNAL_ERROR;
 }
 
-int
-kex_new(struct ssh *ssh, char *proposal[PROPOSAL_MAX], struct kex **kexp)
+struct kex *
+kex_new(void)
 {
 	struct kex *kex;
-	int r;
 
-	*kexp = NULL;
-	if ((kex = calloc(1, sizeof(*kex))) == NULL)
-		return SSH_ERR_ALLOC_FAIL;
-	if ((kex->peer = sshbuf_new()) == NULL ||
-	    (kex->my = sshbuf_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = kex_prop2buf(kex->my, proposal)) != 0)
-		goto out;
-	kex->done = 0;
-	kex_reset_dispatch(ssh);
-	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
-	r = 0;
-	*kexp = kex;
- out:
-	if (r != 0)
+	if ((kex = calloc(1, sizeof(*kex))) == NULL ||
+	    (kex->peer = sshbuf_new()) == NULL ||
+	    (kex->my = sshbuf_new()) == NULL ||
+	    (kex->client_version = sshbuf_new()) == NULL ||
+	    (kex->server_version = sshbuf_new()) == NULL) {
 		kex_free(kex);
-	return r;
+		return NULL;
+	}
+	return kex;
 }
 
 void
@@ -640,6 +677,9 @@
 {
 	u_int mode;
 
+	if (kex == NULL)
+		return;
+
 #ifdef WITH_OPENSSL
 	DH_free(kex->dh);
 #ifdef OPENSSL_HAS_ECC
@@ -652,9 +692,10 @@
 	}
 	sshbuf_free(kex->peer);
 	sshbuf_free(kex->my);
+	sshbuf_free(kex->client_version);
+	sshbuf_free(kex->server_version);
+	sshbuf_free(kex->client_pub);
 	free(kex->session_id);
-	free(kex->client_version_string);
-	free(kex->server_version_string);
 	free(kex->failed_choice);
 	free(kex->hostkey_alg);
 	free(kex->name);
@@ -662,11 +703,24 @@
 }
 
 int
+kex_ready(struct ssh *ssh, char *proposal[PROPOSAL_MAX])
+{
+	int r;
+
+	if ((r = kex_prop2buf(ssh->kex->my, proposal)) != 0)
+		return r;
+	ssh->kex->flags = KEX_INITIAL;
+	kex_reset_dispatch(ssh);
+	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
+	return 0;
+}
+
+int
 kex_setup(struct ssh *ssh, char *proposal[PROPOSAL_MAX])
 {
 	int r;
 
-	if ((r = kex_new(ssh, proposal, &ssh->kex)) != 0)
+	if ((r = kex_ready(ssh, proposal)) != 0)
 		return r;
 	if ((r = kex_send_kexinit(ssh)) != 0) {		/* we start */
 		kex_free(ssh->kex);
@@ -703,6 +757,7 @@
 	if (name == NULL)
 		return SSH_ERR_NO_CIPHER_ALG_MATCH;
 	if ((enc->cipher = cipher_by_name(name)) == NULL) {
+		error("%s: unsupported cipher %s", __func__, name);
 		free(name);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
@@ -724,6 +779,7 @@
 	if (name == NULL)
 		return SSH_ERR_NO_MAC_ALG_MATCH;
 	if (mac_setup(mac, name) < 0) {
+		error("%s: unsupported MAC %s", __func__, name);
 		free(name);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
@@ -747,6 +803,7 @@
 	} else if (strcmp(name, "none") == 0) {
 		comp->type = COMP_NONE;
 	} else {
+		error("%s: unsupported compression scheme %s", __func__, name);
 		free(name);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
@@ -764,8 +821,10 @@
 	debug("kex: algorithm: %s", k->name ? k->name : "(no match)");
 	if (k->name == NULL)
 		return SSH_ERR_NO_KEX_ALG_MATCH;
-	if ((kexalg = kex_alg_by_name(k->name)) == NULL)
+	if ((kexalg = kex_alg_by_name(k->name)) == NULL) {
+		error("%s: unsupported KEX method %s", __func__, k->name);
 		return SSH_ERR_INTERNAL_ERROR;
+	}
 	k->kex_type = kexalg->type;
 	k->hash_alg = kexalg->hash_alg;
 	k->ec_nid = kexalg->ec_nid;
@@ -782,8 +841,11 @@
 	if (k->hostkey_alg == NULL)
 		return SSH_ERR_NO_HOSTKEY_ALG_MATCH;
 	k->hostkey_type = sshkey_type_from_name(k->hostkey_alg);
-	if (k->hostkey_type == KEY_UNSPEC)
+	if (k->hostkey_type == KEY_UNSPEC) {
+		error("%s: unsupported hostkey algorithm %s", __func__,
+		    k->hostkey_alg);
 		return SSH_ERR_INTERNAL_ERROR;
+	}
 	k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg);
 	return 0;
 }
@@ -839,7 +901,7 @@
 	}
 
 	/* Check whether client supports ext_info_c */
-	if (kex->server) {
+	if (kex->server && (kex->flags & KEX_INITIAL)) {
 		char *ext;
 
 		ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL);
@@ -952,6 +1014,7 @@
 	    kex->session_id_len) != 0 ||
 	    ssh_digest_final(hashctx, digest, mdsz) != 0) {
 		r = SSH_ERR_LIBCRYPTO_ERROR;
+		error("%s: KEX hash failed", __func__);
 		goto out;
 	}
 	ssh_digest_free(hashctx);
@@ -968,6 +1031,7 @@
 		    ssh_digest_update(hashctx, hash, hashlen) != 0 ||
 		    ssh_digest_update(hashctx, digest, have) != 0 ||
 		    ssh_digest_final(hashctx, digest + have, mdsz) != 0) {
+			error("%s: KDF failed", __func__);
 			r = SSH_ERR_LIBCRYPTO_ERROR;
 			goto out;
 		}
@@ -997,6 +1061,14 @@
 	u_int i, j, mode, ctos;
 	int r;
 
+	/* save initial hash as session id */
+	if (kex->session_id == NULL) {
+		kex->session_id_len = hashlen;
+		kex->session_id = malloc(kex->session_id_len);
+		if (kex->session_id == NULL)
+			return SSH_ERR_ALLOC_FAIL;
+		memcpy(kex->session_id, hash, kex->session_id_len);
+	}
 	for (i = 0; i < NKEYS; i++) {
 		if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,
 		    shared_secret, &keys[i])) != 0) {
@@ -1015,29 +1087,280 @@
 	return 0;
 }
 
-#ifdef WITH_OPENSSL
 int
-kex_derive_keys_bn(struct ssh *ssh, u_char *hash, u_int hashlen,
-    const BIGNUM *secret)
+kex_load_hostkey(struct ssh *ssh, struct sshkey **prvp, struct sshkey **pubp)
 {
-	struct sshbuf *shared_secret;
-	int r;
+	struct kex *kex = ssh->kex;
 
-	if ((shared_secret = sshbuf_new()) == NULL)
-		return SSH_ERR_ALLOC_FAIL;
-	if ((r = sshbuf_put_bignum2(shared_secret, secret)) == 0)
-		r = kex_derive_keys(ssh, hash, hashlen, shared_secret);
-	sshbuf_free(shared_secret);
-	return r;
+	*pubp = NULL;
+	*prvp = NULL;
+	if (kex->load_host_public_key == NULL ||
+	    kex->load_host_private_key == NULL) {
+		error("%s: missing hostkey loader", __func__);
+		return SSH_ERR_INVALID_ARGUMENT;
+	}
+	*pubp = kex->load_host_public_key(kex->hostkey_type,
+	    kex->hostkey_nid, ssh);
+	*prvp = kex->load_host_private_key(kex->hostkey_type,
+	    kex->hostkey_nid, ssh);
+	if (*pubp == NULL)
+		return SSH_ERR_NO_HOSTKEY_LOADED;
+	return 0;
 }
-#endif
 
+int
+kex_verify_host_key(struct ssh *ssh, struct sshkey *server_host_key)
+{
+	struct kex *kex = ssh->kex;
 
+	if (kex->verify_host_key == NULL) {
+		error("%s: missing hostkey verifier", __func__);
+		return SSH_ERR_INVALID_ARGUMENT;
+	}
+	if (server_host_key->type != kex->hostkey_type ||
+	    (kex->hostkey_type == KEY_ECDSA &&
+	    server_host_key->ecdsa_nid != kex->hostkey_nid))
+		return SSH_ERR_KEY_TYPE_MISMATCH;
+	if (kex->verify_host_key(server_host_key, ssh) == -1)
+		return  SSH_ERR_SIGNATURE_INVALID;
+	return 0;
+}
+
 #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) || defined(DEBUG_KEXECDH)
 void
-dump_digest(char *msg, u_char *digest, int len)
+dump_digest(const char *msg, const u_char *digest, int len)
 {
 	fprintf(stderr, "%s\n", msg);
 	sshbuf_dump_data(digest, len, stderr);
 }
 #endif
+
+/*
+ * Send a plaintext error message to the peer, suffixed by \r\n.
+ * Only used during banner exchange, and there only for the server.
+ */
+static void
+send_error(struct ssh *ssh, char *msg)
+{
+	char *crnl = "\r\n";
+
+	if (!ssh->kex->server)
+		return;
+
+	if (atomicio(vwrite, ssh_packet_get_connection_out(ssh),
+	    msg, strlen(msg)) != strlen(msg) ||
+	    atomicio(vwrite, ssh_packet_get_connection_out(ssh),
+	    crnl, strlen(crnl)) != strlen(crnl))
+		error("%s: write: %.100s", __func__, strerror(errno));
+}
+
+/*
+ * Sends our identification string and waits for the peer's. Will block for
+ * up to timeout_ms (or indefinitely if timeout_ms <= 0).
+ * Returns on 0 success or a ssherr.h code on failure.
+ */
+int
+kex_exchange_identification(struct ssh *ssh, int timeout_ms,
+    const char *version_addendum)
+{
+	int remote_major, remote_minor, mismatch;
+	size_t len, i, n;
+	int r, expect_nl;
+	u_char c;
+	struct sshbuf *our_version = ssh->kex->server ?
+	    ssh->kex->server_version : ssh->kex->client_version;
+	struct sshbuf *peer_version = ssh->kex->server ?
+	    ssh->kex->client_version : ssh->kex->server_version;
+	char *our_version_string = NULL, *peer_version_string = NULL;
+	char *cp, *remote_version = NULL;
+
+	/* Prepare and send our banner */
+	sshbuf_reset(our_version);
+	if (version_addendum != NULL && *version_addendum == '\0')
+		version_addendum = NULL;
+	if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
+	   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+	    version_addendum == NULL ? "" : " ",
+	    version_addendum == NULL ? "" : version_addendum)) != 0) {
+		error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
+		goto out;
+	}
+
+	if (atomicio(vwrite, ssh_packet_get_connection_out(ssh),
+	    sshbuf_mutable_ptr(our_version),
+	    sshbuf_len(our_version)) != sshbuf_len(our_version)) {
+		error("%s: write: %.100s", __func__, strerror(errno));
+		r = SSH_ERR_SYSTEM_ERROR;
+		goto out;
+	}
+	if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */
+		error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	our_version_string = sshbuf_dup_string(our_version);
+	if (our_version_string == NULL) {
+		error("%s: sshbuf_dup_string failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	debug("Local version string %.100s", our_version_string);
+
+	/* Read other side's version identification. */
+	for (n = 0; ; n++) {
+		if (n >= SSH_MAX_PRE_BANNER_LINES) {
+			send_error(ssh, "No SSH identification string "
+			    "received.");
+			error("%s: No SSH version received in first %u lines "
+			    "from server", __func__, SSH_MAX_PRE_BANNER_LINES);
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
+		sshbuf_reset(peer_version);
+		expect_nl = 0;
+		for (i = 0; ; i++) {
+			if (timeout_ms > 0) {
+				r = waitrfd(ssh_packet_get_connection_in(ssh),
+				    &timeout_ms);
+				if (r == -1 && errno == ETIMEDOUT) {
+					send_error(ssh, "Timed out waiting "
+					    "for SSH identification string.");
+					error("Connection timed out during "
+					    "banner exchange");
+					r = SSH_ERR_CONN_TIMEOUT;
+					goto out;
+				} else if (r == -1) {
+					error("%s: %s",
+					    __func__, strerror(errno));
+					r = SSH_ERR_SYSTEM_ERROR;
+					goto out;
+				}
+			}
+
+			len = atomicio(read, ssh_packet_get_connection_in(ssh),
+			    &c, 1);
+			if (len != 1 && errno == EPIPE) {
+				error("%s: Connection closed by remote host",
+				    __func__);
+				r = SSH_ERR_CONN_CLOSED;
+				goto out;
+			} else if (len != 1) {
+				error("%s: read: %.100s",
+				    __func__, strerror(errno));
+				r = SSH_ERR_SYSTEM_ERROR;
+				goto out;
+			}
+			if (c == '\r') {
+				expect_nl = 1;
+				continue;
+			}
+			if (c == '\n')
+				break;
+			if (c == '\0' || expect_nl) {
+				error("%s: banner line contains invalid "
+				    "characters", __func__);
+				goto invalid;
+			}
+			if ((r = sshbuf_put_u8(peer_version, c)) != 0) {
+				error("%s: sshbuf_put: %s",
+				    __func__, ssh_err(r));
+				goto out;
+			}
+			if (sshbuf_len(peer_version) > SSH_MAX_BANNER_LEN) {
+				error("%s: banner line too long", __func__);
+				goto invalid;
+			}
+		}
+		/* Is this an actual protocol banner? */
+		if (sshbuf_len(peer_version) > 4 &&
+		    memcmp(sshbuf_ptr(peer_version), "SSH-", 4) == 0)
+			break;
+		/* If not, then just log the line and continue */
+		if ((cp = sshbuf_dup_string(peer_version)) == NULL) {
+			error("%s: sshbuf_dup_string failed", __func__);
+			r = SSH_ERR_ALLOC_FAIL;
+			goto out;
+		}
+		/* Do not accept lines before the SSH ident from a client */
+		if (ssh->kex->server) {
+			error("%s: client sent invalid protocol identifier "
+			    "\"%.256s\"", __func__, cp);
+			free(cp);
+			goto invalid;
+		}
+		debug("%s: banner line %zu: %s", __func__, n, cp);
+		free(cp);
+	}
+	peer_version_string = sshbuf_dup_string(peer_version);
+	if (peer_version_string == NULL)
+		error("%s: sshbuf_dup_string failed", __func__);
+	/* XXX must be same size for sscanf */
+	if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) {
+		error("%s: calloc failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+
+	/*
+	 * Check that the versions match.  In future this might accept
+	 * several versions and set appropriate flags to handle them.
+	 */
+	if (sscanf(peer_version_string, "SSH-%d.%d-%[^\n]\n",
+	    &remote_major, &remote_minor, remote_version) != 3) {
+		error("Bad remote protocol version identification: '%.100s'",
+		    peer_version_string);
+ invalid:
+		send_error(ssh, "Invalid SSH identification string.");
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	debug("Remote protocol version %d.%d, remote software version %.100s",
+	    remote_major, remote_minor, remote_version);
+	ssh->compat = compat_datafellows(remote_version);
+
+	mismatch = 0;
+	switch (remote_major) {
+	case 2:
+		break;
+	case 1:
+		if (remote_minor != 99)
+			mismatch = 1;
+		break;
+	default:
+		mismatch = 1;
+		break;
+	}
+	if (mismatch) {
+		error("Protocol major versions differ: %d vs. %d",
+		    PROTOCOL_MAJOR_2, remote_major);
+		send_error(ssh, "Protocol major versions differ.");
+		r = SSH_ERR_NO_PROTOCOL_VERSION;
+		goto out;
+	}
+
+	if (ssh->kex->server && (ssh->compat & SSH_BUG_PROBE) != 0) {
+		logit("probed from %s port %d with %s.  Don't panic.",
+		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+		    peer_version_string);
+		r = SSH_ERR_CONN_CLOSED; /* XXX */
+		goto out;
+	}
+	if (ssh->kex->server && (ssh->compat & SSH_BUG_SCANNER) != 0) {
+		logit("scanned from %s port %d with %s.  Don't panic.",
+		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+		    peer_version_string);
+		r = SSH_ERR_CONN_CLOSED; /* XXX */
+		goto out;
+	}
+	if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
+		logit("Remote version \"%.100s\" uses unsafe RSA signature "
+		    "scheme; disabling use of RSA keys", remote_version);
+	}
+	/* success */
+	r = 0;
+ out:
+	free(our_version_string);
+	free(peer_version_string);
+	free(remote_version);
+	return r;
+}
+
Index: kexc25519.c
===================================================================
--- kexc25519.c
+++ kexc25519.c
@@ -1,6 +1,6 @@
-/* $OpenBSD: kexc25519.c,v 1.10 2016/05/02 08:49:03 djm Exp $ */
+/* $OpenBSD: kexc25519.c,v 1.17 2019/01/21 10:40:11 djm Exp $ */
 /*
- * Copyright (c) 2001, 2013 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
  * Copyright (c) 2013 Aris Adamantiadis.  All rights reserved.
  *
@@ -29,20 +29,16 @@
 
 #include <sys/types.h>
 
-#include <signal.h>
+#include <stdio.h>
 #include <string.h>
+#include <signal.h>
 
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-
-#include "sshbuf.h"
-#include "ssh2.h"
 #include "sshkey.h"
-#include "cipher.h"
 #include "kex.h"
-#include "log.h"
+#include "sshbuf.h"
 #include "digest.h"
 #include "ssherr.h"
+#include "ssh2.h"
 
 extern int crypto_scalarmult_curve25519(u_char a[CURVE25519_SIZE],
     const u_char b[CURVE25519_SIZE], const u_char c[CURVE25519_SIZE])
@@ -60,74 +56,144 @@
 }
 
 int
-kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
-    const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
+kexc25519_shared_key_ext(const u_char key[CURVE25519_SIZE],
+    const u_char pub[CURVE25519_SIZE], struct sshbuf *out, int raw)
 {
 	u_char shared_key[CURVE25519_SIZE];
+	u_char zero[CURVE25519_SIZE];
 	int r;
 
-	/* Check for all-zero public key */
-	explicit_bzero(shared_key, CURVE25519_SIZE);
-	if (timingsafe_bcmp(pub, shared_key, CURVE25519_SIZE) == 0)
+	crypto_scalarmult_curve25519(shared_key, key, pub);
+
+	/* Check for all-zero shared secret */
+	explicit_bzero(zero, CURVE25519_SIZE);
+	if (timingsafe_bcmp(zero, shared_key, CURVE25519_SIZE) == 0)
 		return SSH_ERR_KEY_INVALID_EC_VALUE;
 
-	crypto_scalarmult_curve25519(shared_key, key, pub);
 #ifdef DEBUG_KEXECDH
 	dump_digest("shared secret", shared_key, CURVE25519_SIZE);
 #endif
-	sshbuf_reset(out);
-	r = sshbuf_put_bignum2_bytes(out, shared_key, CURVE25519_SIZE);
+	if (raw)
+		r = sshbuf_put(out, shared_key, CURVE25519_SIZE);
+	else
+		r = sshbuf_put_bignum2_bytes(out, shared_key, CURVE25519_SIZE);
 	explicit_bzero(shared_key, CURVE25519_SIZE);
 	return r;
 }
 
 int
-kex_c25519_hash(
-    int hash_alg,
-    const char *client_version_string,
-    const char *server_version_string,
-    const u_char *ckexinit, size_t ckexinitlen,
-    const u_char *skexinit, size_t skexinitlen,
-    const u_char *serverhostkeyblob, size_t sbloblen,
-    const u_char client_dh_pub[CURVE25519_SIZE],
-    const u_char server_dh_pub[CURVE25519_SIZE],
-    const u_char *shared_secret, size_t secretlen,
-    u_char *hash, size_t *hashlen)
+kexc25519_shared_key(const u_char key[CURVE25519_SIZE],
+    const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
 {
-	struct sshbuf *b;
+	return kexc25519_shared_key_ext(key, pub, out, 0);
+}
+
+int
+kex_c25519_keypair(struct kex *kex)
+{
+	struct sshbuf *buf = NULL;
+	u_char *cp = NULL;
 	int r;
 
-	if (*hashlen < ssh_digest_bytes(hash_alg))
-		return SSH_ERR_INVALID_ARGUMENT;
-	if ((b = sshbuf_new()) == NULL)
+	if ((buf = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
-	if ((r = sshbuf_put_cstring(b, client_version_string)) < 0 ||
-	    (r = sshbuf_put_cstring(b, server_version_string)) < 0 ||
-	    /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
-	    (r = sshbuf_put_u32(b, ckexinitlen+1)) < 0 ||
-	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) < 0 ||
-	    (r = sshbuf_put(b, ckexinit, ckexinitlen)) < 0 ||
-	    (r = sshbuf_put_u32(b, skexinitlen+1)) < 0 ||
-	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) < 0 ||
-	    (r = sshbuf_put(b, skexinit, skexinitlen)) < 0 ||
-	    (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) < 0 ||
-	    (r = sshbuf_put_string(b, client_dh_pub, CURVE25519_SIZE)) < 0 ||
-	    (r = sshbuf_put_string(b, server_dh_pub, CURVE25519_SIZE)) < 0 ||
-	    (r = sshbuf_put(b, shared_secret, secretlen)) < 0) {
-		sshbuf_free(b);
-		return r;
+	if ((r = sshbuf_reserve(buf, CURVE25519_SIZE, &cp)) != 0)
+		goto out;
+	kexc25519_keygen(kex->c25519_client_key, cp);
+#ifdef DEBUG_KEXECDH
+	dump_digest("client public key c25519:", cp, CURVE25519_SIZE);
+#endif
+	kex->client_pub = buf;
+	buf = NULL;
+ out:
+	sshbuf_free(buf);
+	return r;
+}
+
+int
+kex_c25519_enc(struct kex *kex, const struct sshbuf *client_blob,
+   struct sshbuf **server_blobp, struct sshbuf **shared_secretp)
+{
+	struct sshbuf *server_blob = NULL;
+	struct sshbuf *buf = NULL;
+	const u_char *client_pub;
+	u_char *server_pub;
+	u_char server_key[CURVE25519_SIZE];
+	int r;
+
+	*server_blobp = NULL;
+	*shared_secretp = NULL;
+
+	if (sshbuf_len(client_blob) != CURVE25519_SIZE) {
+		r = SSH_ERR_SIGNATURE_INVALID;
+		goto out;
 	}
-#ifdef DEBUG_KEX
-	sshbuf_dump(b, stderr);
+	client_pub = sshbuf_ptr(client_blob);
+#ifdef DEBUG_KEXECDH
+	dump_digest("client public key 25519:", client_pub, CURVE25519_SIZE);
 #endif
-	if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
-		sshbuf_free(b);
-		return SSH_ERR_LIBCRYPTO_ERROR;
+	/* allocate space for encrypted KEM key and ECDH pub key */
+	if ((server_blob = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
 	}
-	sshbuf_free(b);
-	*hashlen = ssh_digest_bytes(hash_alg);
-#ifdef DEBUG_KEX
-	dump_digest("hash", hash, *hashlen);
+	if ((r = sshbuf_reserve(server_blob, CURVE25519_SIZE, &server_pub)) != 0)
+		goto out;
+	kexc25519_keygen(server_key, server_pub);
+	/* allocate shared secret */
+	if ((buf = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 0)) < 0)
+		goto out;
+#ifdef DEBUG_KEXECDH
+	dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE);
+	dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf));
 #endif
-	return 0;
+	*server_blobp = server_blob;
+	*shared_secretp = buf;
+	server_blob = NULL;
+	buf = NULL;
+ out:
+	explicit_bzero(server_key, sizeof(server_key));
+	sshbuf_free(server_blob);
+	sshbuf_free(buf);
+	return r;
+}
+
+int
+kex_c25519_dec(struct kex *kex, const struct sshbuf *server_blob,
+    struct sshbuf **shared_secretp)
+{
+	struct sshbuf *buf = NULL;
+	const u_char *server_pub;
+	int r;
+
+	*shared_secretp = NULL;
+
+	if (sshbuf_len(server_blob) != CURVE25519_SIZE) {
+		r = SSH_ERR_SIGNATURE_INVALID;
+		goto out;
+	}
+	server_pub = sshbuf_ptr(server_blob);
+#ifdef DEBUG_KEXECDH
+	dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE);
+#endif
+	/* shared secret */
+	if ((buf = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub,
+	    buf, 0)) < 0)
+		goto out;
+#ifdef DEBUG_KEXECDH
+	dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf));
+#endif
+	*shared_secretp = buf;
+	buf = NULL;
+ out:
+	sshbuf_free(buf);
+	return r;
 }
Index: kexc25519c.c
===================================================================
--- kexc25519c.c
+++ /dev/null
@@ -1,169 +0,0 @@
-/* $OpenBSD: kexc25519c.c,v 1.9 2017/12/18 02:25:15 djm Exp $ */
-/*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
- * Copyright (c) 2010 Damien Miller.  All rights reserved.
- * Copyright (c) 2013 Aris Adamantiadis.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-
-#include "sshkey.h"
-#include "cipher.h"
-#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "ssh2.h"
-#include "sshbuf.h"
-#include "digest.h"
-#include "ssherr.h"
-
-static int
-input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh);
-
-int
-kexc25519_client(struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	int r;
-
-	kexc25519_keygen(kex->c25519_client_key, kex->c25519_client_pubkey);
-#ifdef DEBUG_KEXECDH
-	dump_digest("client private key:", kex->c25519_client_key,
-	    sizeof(kex->c25519_client_key));
-#endif
-	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 ||
-	    (r = sshpkt_put_string(ssh, kex->c25519_client_pubkey,
-	    sizeof(kex->c25519_client_pubkey))) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
-		return r;
-
-	debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
-	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_c25519_reply);
-	return 0;
-}
-
-static int
-input_kex_c25519_reply(int type, u_int32_t seq, struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	struct sshkey *server_host_key = NULL;
-	struct sshbuf *shared_secret = NULL;
-	u_char *server_pubkey = NULL;
-	u_char *server_host_key_blob = NULL, *signature = NULL;
-	u_char hash[SSH_DIGEST_MAX_LENGTH];
-	size_t slen, pklen, sbloblen, hashlen;
-	int r;
-
-	if (kex->verify_host_key == NULL) {
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
-
-	/* hostkey */
-	if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
-	    &sbloblen)) != 0 ||
-	    (r = sshkey_from_blob(server_host_key_blob, sbloblen,
-	    &server_host_key)) != 0)
-		goto out;
-	if (server_host_key->type != kex->hostkey_type ||
-	    (kex->hostkey_type == KEY_ECDSA &&
-	    server_host_key->ecdsa_nid != kex->hostkey_nid)) {
-		r = SSH_ERR_KEY_TYPE_MISMATCH;
-		goto out;
-	}
-	if (kex->verify_host_key(server_host_key, ssh) == -1) {
-		r = SSH_ERR_SIGNATURE_INVALID;
-		goto out;
-	}
-
-	/* Q_S, server public key */
-	/* signed H */
-	if ((r = sshpkt_get_string(ssh, &server_pubkey, &pklen)) != 0 ||
-	    (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
-	    (r = sshpkt_get_end(ssh)) != 0)
-		goto out;
-	if (pklen != CURVE25519_SIZE) {
-		r = SSH_ERR_SIGNATURE_INVALID;
-		goto out;
-	}
-
-#ifdef DEBUG_KEXECDH
-	dump_digest("server public key:", server_pubkey, CURVE25519_SIZE);
-#endif
-
-	if ((shared_secret = sshbuf_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = kexc25519_shared_key(kex->c25519_client_key, server_pubkey,
-	    shared_secret)) < 0)
-		goto out;
-
-	/* calc and verify H */
-	hashlen = sizeof(hash);
-	if ((r = kex_c25519_hash(
-	    kex->hash_alg,
-	    kex->client_version_string,
-	    kex->server_version_string,
-	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-	    server_host_key_blob, sbloblen,
-	    kex->c25519_client_pubkey,
-	    server_pubkey,
-	    sshbuf_ptr(shared_secret), sshbuf_len(shared_secret),
-	    hash, &hashlen)) < 0)
-		goto out;
-
-	if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
-	    kex->hostkey_alg, ssh->compat)) != 0)
-		goto out;
-
-	/* save session id */
-	if (kex->session_id == NULL) {
-		kex->session_id_len = hashlen;
-		kex->session_id = malloc(kex->session_id_len);
-		if (kex->session_id == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		memcpy(kex->session_id, hash, kex->session_id_len);
-	}
-
-	if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
-		r = kex_send_newkeys(ssh);
-out:
-	explicit_bzero(hash, sizeof(hash));
-	explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key));
-	free(server_host_key_blob);
-	free(server_pubkey);
-	free(signature);
-	sshkey_free(server_host_key);
-	sshbuf_free(shared_secret);
-	return r;
-}
Index: kexc25519s.c
===================================================================
--- kexc25519s.c
+++ /dev/null
@@ -1,158 +0,0 @@
-/* $OpenBSD: kexc25519s.c,v 1.11 2017/05/31 04:19:28 djm Exp $ */
-/*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
- * Copyright (c) 2010 Damien Miller.  All rights reserved.
- * Copyright (c) 2013 Aris Adamantiadis.  All rights reserved.
- *
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-
-#include "sshkey.h"
-#include "cipher.h"
-#include "digest.h"
-#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "ssh2.h"
-#include "sshbuf.h"
-#include "ssherr.h"
-
-static int input_kex_c25519_init(int, u_int32_t, struct ssh *);
-
-int
-kexc25519_server(struct ssh *ssh)
-{
-	debug("expecting SSH2_MSG_KEX_ECDH_INIT");
-	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_c25519_init);
-	return 0;
-}
-
-static int
-input_kex_c25519_init(int type, u_int32_t seq, struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	struct sshkey *server_host_private, *server_host_public;
-	struct sshbuf *shared_secret = NULL;
-	u_char *server_host_key_blob = NULL, *signature = NULL;
-	u_char server_key[CURVE25519_SIZE];
-	u_char *client_pubkey = NULL;
-	u_char server_pubkey[CURVE25519_SIZE];
-	u_char hash[SSH_DIGEST_MAX_LENGTH];
-	size_t slen, pklen, sbloblen, hashlen;
-	int r;
-
-	/* generate private key */
-	kexc25519_keygen(server_key, server_pubkey);
-#ifdef DEBUG_KEXECDH
-	dump_digest("server private key:", server_key, sizeof(server_key));
-#endif
-	if (kex->load_host_public_key == NULL ||
-	    kex->load_host_private_key == NULL) {
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
-	server_host_public = kex->load_host_public_key(kex->hostkey_type,
-	    kex->hostkey_nid, ssh);
-	server_host_private = kex->load_host_private_key(kex->hostkey_type,
-	    kex->hostkey_nid, ssh);
-	if (server_host_public == NULL) {
-		r = SSH_ERR_NO_HOSTKEY_LOADED;
-		goto out;
-	}
-
-	if ((r = sshpkt_get_string(ssh, &client_pubkey, &pklen)) != 0 ||
-	    (r = sshpkt_get_end(ssh)) != 0)
-		goto out;
-	if (pklen != CURVE25519_SIZE) {
-		r = SSH_ERR_SIGNATURE_INVALID;
-		goto out;
-	}
-#ifdef DEBUG_KEXECDH
-	dump_digest("client public key:", client_pubkey, CURVE25519_SIZE);
-#endif
-
-	if ((shared_secret = sshbuf_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = kexc25519_shared_key(server_key, client_pubkey,
-	    shared_secret)) < 0)
-		goto out;
-
-	/* calc H */
-	if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob,
-	    &sbloblen)) != 0)
-		goto out;
-	hashlen = sizeof(hash);
-	if ((r = kex_c25519_hash(
-	    kex->hash_alg,
-	    kex->client_version_string,
-	    kex->server_version_string,
-	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-	    server_host_key_blob, sbloblen,
-	    client_pubkey,
-	    server_pubkey,
-	    sshbuf_ptr(shared_secret), sshbuf_len(shared_secret),
-	    hash, &hashlen)) < 0)
-		goto out;
-
-	/* save session id := H */
-	if (kex->session_id == NULL) {
-		kex->session_id_len = hashlen;
-		kex->session_id = malloc(kex->session_id_len);
-		if (kex->session_id == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		memcpy(kex->session_id, hash, kex->session_id_len);
-	}
-
-	/* sign H */
-	if ((r = kex->sign(server_host_private, server_host_public, &signature,
-	     &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
-		goto out;
-
-	/* send server hostkey, ECDH pubkey 'Q_S' and signed H */
-	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 ||
-	    (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
-	    (r = sshpkt_put_string(ssh, server_pubkey, sizeof(server_pubkey))) != 0 ||
-	    (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
-		goto out;
-
-	if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
-		r = kex_send_newkeys(ssh);
-out:
-	explicit_bzero(hash, sizeof(hash));
-	explicit_bzero(server_key, sizeof(server_key));
-	free(server_host_key_blob);
-	free(signature);
-	free(client_pubkey);
-	sshbuf_free(shared_secret);
-	return r;
-}
Index: kexdh.c
===================================================================
--- kexdh.c
+++ kexdh.c
@@ -1,6 +1,6 @@
-/* $OpenBSD: kexdh.c,v 1.26 2016/05/02 10:26:04 djm Exp $ */
+/* $OpenBSD: kexdh.c,v 1.32 2019/01/21 10:40:11 djm Exp $ */
 /*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,67 +30,172 @@
 #include <sys/types.h>
 
 #include <signal.h>
+#include <stdio.h>
+#include <string.h>
 
-#include <openssl/evp.h>
-
 #include "openbsd-compat/openssl-compat.h"
+#include <openssl/dh.h>
 
-#include "ssh2.h"
 #include "sshkey.h"
-#include "cipher.h"
 #include "kex.h"
-#include "ssherr.h"
 #include "sshbuf.h"
 #include "digest.h"
+#include "ssherr.h"
+#include "dh.h"
 
 int
-kex_dh_hash(
-    int hash_alg,
-    const char *client_version_string,
-    const char *server_version_string,
-    const u_char *ckexinit, size_t ckexinitlen,
-    const u_char *skexinit, size_t skexinitlen,
-    const u_char *serverhostkeyblob, size_t sbloblen,
-    const BIGNUM *client_dh_pub,
-    const BIGNUM *server_dh_pub,
-    const BIGNUM *shared_secret,
-    u_char *hash, size_t *hashlen)
+kex_dh_keygen(struct kex *kex)
 {
-	struct sshbuf *b;
-	int r;
-
-	if (*hashlen < ssh_digest_bytes(hash_alg))
+	switch (kex->kex_type) {
+	case KEX_DH_GRP1_SHA1:
+		kex->dh = dh_new_group1();
+		break;
+	case KEX_DH_GRP14_SHA1:
+	case KEX_DH_GRP14_SHA256:
+		kex->dh = dh_new_group14();
+		break;
+	case KEX_DH_GRP16_SHA512:
+		kex->dh = dh_new_group16();
+		break;
+	case KEX_DH_GRP18_SHA512:
+		kex->dh = dh_new_group18();
+		break;
+	default:
 		return SSH_ERR_INVALID_ARGUMENT;
-	if ((b = sshbuf_new()) == NULL)
-		return SSH_ERR_ALLOC_FAIL;
-	if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 ||
-	    (r = sshbuf_put_cstring(b, server_version_string)) != 0 ||
-	    /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
-	    (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 ||
-	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
-	    (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 ||
-	    (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 ||
-	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
-	    (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 ||
-	    (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 ||
-	    (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 ||
-	    (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 ||
-	    (r = sshbuf_put_bignum2(b, shared_secret)) != 0) {
-		sshbuf_free(b);
-		return r;
 	}
-#ifdef DEBUG_KEX
-	sshbuf_dump(b, stderr);
+	if (kex->dh == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	return (dh_gen_key(kex->dh, kex->we_need * 8));
+}
+
+int
+kex_dh_compute_key(struct kex *kex, BIGNUM *dh_pub, struct sshbuf *out)
+{
+	BIGNUM *shared_secret = NULL;
+	u_char *kbuf = NULL;
+	size_t klen = 0;
+	int kout, r;
+
+#ifdef DEBUG_KEXDH
+	fprintf(stderr, "dh_pub= ");
+	BN_print_fp(stderr, dh_pub);
+	fprintf(stderr, "\n");
+	debug("bits %d", BN_num_bits(dh_pub));
+	DHparams_print_fp(stderr, kex->dh);
+	fprintf(stderr, "\n");
 #endif
-	if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
-		sshbuf_free(b);
-		return SSH_ERR_LIBCRYPTO_ERROR;
+
+	if (!dh_pub_is_valid(kex->dh, dh_pub)) {
+		r = SSH_ERR_MESSAGE_INCOMPLETE;
+		goto out;
 	}
-	sshbuf_free(b);
-	*hashlen = ssh_digest_bytes(hash_alg);
-#ifdef DEBUG_KEX
-	dump_digest("hash", hash, *hashlen);
+	klen = DH_size(kex->dh);
+	if ((kbuf = malloc(klen)) == NULL ||
+	    (shared_secret = BN_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((kout = DH_compute_key(kbuf, dh_pub, kex->dh)) < 0 ||
+	    BN_bin2bn(kbuf, kout, shared_secret) == NULL) {
+		r = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+#ifdef DEBUG_KEXDH
+	dump_digest("shared secret", kbuf, kout);
 #endif
-	return 0;
+	r = sshbuf_put_bignum2(out, shared_secret);
+ out:
+	freezero(kbuf, klen);
+	BN_clear_free(shared_secret);
+	return r;
+}
+
+int
+kex_dh_keypair(struct kex *kex)
+{
+	const BIGNUM *pub_key;
+	struct sshbuf *buf = NULL;
+	int r;
+
+	if ((r = kex_dh_keygen(kex)) != 0)
+		return r;
+	DH_get0_key(kex->dh, &pub_key, NULL);
+	if ((buf = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_put_bignum2(buf, pub_key)) != 0 ||
+	    (r = sshbuf_get_u32(buf, NULL)) != 0)
+		goto out;
+#ifdef DEBUG_KEXDH
+	DHparams_print_fp(stderr, kex->dh);
+	fprintf(stderr, "pub= ");
+	BN_print_fp(stderr, pub_key);
+	fprintf(stderr, "\n");
+#endif
+	kex->client_pub = buf;
+	buf = NULL;
+ out:
+	sshbuf_free(buf);
+	return r;
+}
+
+int
+kex_dh_enc(struct kex *kex, const struct sshbuf *client_blob,
+    struct sshbuf **server_blobp, struct sshbuf **shared_secretp)
+{
+	const BIGNUM *pub_key;
+	struct sshbuf *server_blob = NULL;
+	int r;
+
+	*server_blobp = NULL;
+	*shared_secretp = NULL;
+
+	if ((r = kex_dh_keygen(kex)) != 0)
+		goto out;
+	DH_get0_key(kex->dh, &pub_key, NULL);
+	if ((server_blob = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_put_bignum2(server_blob, pub_key)) != 0 ||
+	    (r = sshbuf_get_u32(server_blob, NULL)) != 0)
+		goto out;
+	if ((r = kex_dh_dec(kex, client_blob, shared_secretp)) != 0)
+		goto out;
+	*server_blobp = server_blob;
+	server_blob = NULL;
+ out:
+	DH_free(kex->dh);
+	kex->dh = NULL;
+	sshbuf_free(server_blob);
+	return r;
+}
+
+int
+kex_dh_dec(struct kex *kex, const struct sshbuf *dh_blob,
+    struct sshbuf **shared_secretp)
+{
+	struct sshbuf *buf = NULL;
+	BIGNUM *dh_pub = NULL;
+	int r;
+
+	*shared_secretp = NULL;
+
+	if ((buf = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_put_stringb(buf, dh_blob)) != 0 ||
+	    (r = sshbuf_get_bignum2(buf, &dh_pub)) != 0)
+		goto out;
+	sshbuf_reset(buf);
+	if ((r = kex_dh_compute_key(kex, dh_pub, buf)) != 0)
+		goto out;
+	*shared_secretp = buf;
+	buf = NULL;
+ out:
+	DH_free(kex->dh);
+	kex->dh = NULL;
+	sshbuf_free(buf);
+	return r;
 }
 #endif /* WITH_OPENSSL */
Index: kexdhc.c
===================================================================
--- kexdhc.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/* $OpenBSD: kexdhc.c,v 1.22 2018/02/07 02:06:51 jsing Exp $ */
-/*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#ifdef WITH_OPENSSL
-
-#include <sys/types.h>
-
-#include <openssl/dh.h>
-
-#include <stdarg.h>
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-
-#include "openbsd-compat/openssl-compat.h"
-
-#include "sshkey.h"
-#include "cipher.h"
-#include "digest.h"
-#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "dh.h"
-#include "ssh2.h"
-#include "dispatch.h"
-#include "compat.h"
-#include "ssherr.h"
-#include "sshbuf.h"
-
-static int input_kex_dh(int, u_int32_t, struct ssh *);
-
-int
-kexdh_client(struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	int r;
-	const BIGNUM *pub_key;
-
-	/* generate and send 'e', client DH public key */
-	switch (kex->kex_type) {
-	case KEX_DH_GRP1_SHA1:
-		kex->dh = dh_new_group1();
-		break;
-	case KEX_DH_GRP14_SHA1:
-	case KEX_DH_GRP14_SHA256:
-		kex->dh = dh_new_group14();
-		break;
-	case KEX_DH_GRP16_SHA512:
-		kex->dh = dh_new_group16();
-		break;
-	case KEX_DH_GRP18_SHA512:
-		kex->dh = dh_new_group18();
-		break;
-	default:
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
-	if (kex->dh == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	debug("sending SSH2_MSG_KEXDH_INIT");
-	if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-		goto out;
-	DH_get0_key(kex->dh, &pub_key, NULL);
-	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
-	    (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
-		goto out;
-#ifdef DEBUG_KEXDH
-	DHparams_print_fp(stderr, kex->dh);
-	fprintf(stderr, "pub= ");
-	BN_print_fp(stderr, pub_key);
-	fprintf(stderr, "\n");
-#endif
-	debug("expecting SSH2_MSG_KEXDH_REPLY");
-	ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_REPLY, &input_kex_dh);
-	r = 0;
- out:
-	return r;
-}
-
-static int
-input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
-	const BIGNUM *pub_key;
-	struct sshkey *server_host_key = NULL;
-	u_char *kbuf = NULL, *server_host_key_blob = NULL, *signature = NULL;
-	u_char hash[SSH_DIGEST_MAX_LENGTH];
-	size_t klen = 0, slen, sbloblen, hashlen;
-	int kout, r;
-
-	if (kex->verify_host_key == NULL) {
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
-	/* key, cert */
-	if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
-	    &sbloblen)) != 0 ||
-	    (r = sshkey_from_blob(server_host_key_blob, sbloblen,
-	    &server_host_key)) != 0)
-		goto out;
-	if (server_host_key->type != kex->hostkey_type ||
-	    (kex->hostkey_type == KEY_ECDSA &&
-	    server_host_key->ecdsa_nid != kex->hostkey_nid)) {
-		r = SSH_ERR_KEY_TYPE_MISMATCH;
-		goto out;
-	}
-	if (kex->verify_host_key(server_host_key, ssh) == -1) {
-		r = SSH_ERR_SIGNATURE_INVALID;
-		goto out;
-	}
-	/* DH parameter f, server public DH key */
-	if ((dh_server_pub = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	/* signed H */
-	if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 ||
-	    (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
-	    (r = sshpkt_get_end(ssh)) != 0)
-		goto out;
-#ifdef DEBUG_KEXDH
-	fprintf(stderr, "dh_server_pub= ");
-	BN_print_fp(stderr, dh_server_pub);
-	fprintf(stderr, "\n");
-	debug("bits %d", BN_num_bits(dh_server_pub));
-#endif
-	if (!dh_pub_is_valid(kex->dh, dh_server_pub)) {
-		sshpkt_disconnect(ssh, "bad server public DH value");
-		r = SSH_ERR_MESSAGE_INCOMPLETE;
-		goto out;
-	}
-
-	klen = DH_size(kex->dh);
-	if ((kbuf = malloc(klen)) == NULL ||
-	    (shared_secret = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 ||
-	    BN_bin2bn(kbuf, kout, shared_secret) == NULL) {
-		r = SSH_ERR_LIBCRYPTO_ERROR;
-		goto out;
-	}
-#ifdef DEBUG_KEXDH
-	dump_digest("shared secret", kbuf, kout);
-#endif
-
-	/* calc and verify H */
-	DH_get0_key(kex->dh, &pub_key, NULL);
-	hashlen = sizeof(hash);
-	if ((r = kex_dh_hash(
-	    kex->hash_alg,
-	    kex->client_version_string,
-	    kex->server_version_string,
-	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-	    server_host_key_blob, sbloblen,
-	    pub_key,
-	    dh_server_pub,
-	    shared_secret,
-	    hash, &hashlen)) != 0)
-		goto out;
-
-	if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
-	    kex->hostkey_alg, ssh->compat)) != 0)
-		goto out;
-
-	/* save session id */
-	if (kex->session_id == NULL) {
-		kex->session_id_len = hashlen;
-		kex->session_id = malloc(kex->session_id_len);
-		if (kex->session_id == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		memcpy(kex->session_id, hash, kex->session_id_len);
-	}
-
-	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
-		r = kex_send_newkeys(ssh);
- out:
-	explicit_bzero(hash, sizeof(hash));
-	DH_free(kex->dh);
-	kex->dh = NULL;
-	BN_clear_free(dh_server_pub);
-	if (kbuf) {
-		explicit_bzero(kbuf, klen);
-		free(kbuf);
-	}
-	BN_clear_free(shared_secret);
-	sshkey_free(server_host_key);
-	free(server_host_key_blob);
-	free(signature);
-	return r;
-}
-#endif /* WITH_OPENSSL */
Index: kexdhs.c
===================================================================
--- kexdhs.c
+++ /dev/null
@@ -1,222 +0,0 @@
-/* $OpenBSD: kexdhs.c,v 1.27 2018/04/10 00:10:49 djm Exp $ */
-/*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#ifdef WITH_OPENSSL
-
-#include <sys/types.h>
-
-#include <stdarg.h>
-#include <string.h>
-#include <signal.h>
-
-#include <openssl/dh.h>
-
-#include "openbsd-compat/openssl-compat.h"
-
-#include "sshkey.h"
-#include "cipher.h"
-#include "digest.h"
-#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "dh.h"
-#include "ssh2.h"
-
-#include "dispatch.h"
-#include "compat.h"
-#include "ssherr.h"
-#include "sshbuf.h"
-
-static int input_kex_dh_init(int, u_int32_t, struct ssh *);
-
-int
-kexdh_server(struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	int r;
-
-	/* generate server DH public key */
-	switch (kex->kex_type) {
-	case KEX_DH_GRP1_SHA1:
-		kex->dh = dh_new_group1();
-		break;
-	case KEX_DH_GRP14_SHA1:
-	case KEX_DH_GRP14_SHA256:
-		kex->dh = dh_new_group14();
-		break;
-	case KEX_DH_GRP16_SHA512:
-		kex->dh = dh_new_group16();
-		break;
-	case KEX_DH_GRP18_SHA512:
-		kex->dh = dh_new_group18();
-		break;
-	default:
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
-	if (kex->dh == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-		goto out;
-
-	debug("expecting SSH2_MSG_KEXDH_INIT");
-	ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init);
-	r = 0;
- out:
-	return r;
-}
-
-int
-input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
-	const BIGNUM *pub_key;
-	struct sshkey *server_host_public, *server_host_private;
-	u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
-	u_char hash[SSH_DIGEST_MAX_LENGTH];
-	size_t sbloblen, slen;
-	size_t klen = 0, hashlen;
-	int kout, r;
-
-	if (kex->load_host_public_key == NULL ||
-	    kex->load_host_private_key == NULL) {
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
-	server_host_public = kex->load_host_public_key(kex->hostkey_type,
-	    kex->hostkey_nid, ssh);
-	server_host_private = kex->load_host_private_key(kex->hostkey_type,
-	    kex->hostkey_nid, ssh);
-	if (server_host_public == NULL) {
-		r = SSH_ERR_NO_HOSTKEY_LOADED;
-		goto out;
-	}
-
-	/* key, cert */
-	if ((dh_client_pub = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	DH_get0_key(kex->dh, &pub_key, NULL);
-	if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 ||
-	    (r = sshpkt_get_end(ssh)) != 0)
-		goto out;
-
-#ifdef DEBUG_KEXDH
-	fprintf(stderr, "dh_client_pub= ");
-	BN_print_fp(stderr, dh_client_pub);
-	fprintf(stderr, "\n");
-	debug("bits %d", BN_num_bits(dh_client_pub));
-	DHparams_print_fp(stderr, kex->dh);
-	fprintf(stderr, "pub= ");
-	BN_print_fp(stderr, pub_key);
-	fprintf(stderr, "\n");
-#endif
-	if (!dh_pub_is_valid(kex->dh, dh_client_pub)) {
-		sshpkt_disconnect(ssh, "bad client public DH value");
-		r = SSH_ERR_MESSAGE_INCOMPLETE;
-		goto out;
-	}
-
-	klen = DH_size(kex->dh);
-	if ((kbuf = malloc(klen)) == NULL ||
-	    (shared_secret = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((kout = DH_compute_key(kbuf, dh_client_pub, kex->dh)) < 0 ||
-	    BN_bin2bn(kbuf, kout, shared_secret) == NULL) {
-		r = SSH_ERR_LIBCRYPTO_ERROR;
-		goto out;
-	}
-#ifdef DEBUG_KEXDH
-	dump_digest("shared secret", kbuf, kout);
-#endif
-	if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob,
-	    &sbloblen)) != 0)
-		goto out;
-	/* calc H */
-	hashlen = sizeof(hash);
-	if ((r = kex_dh_hash(
-	    kex->hash_alg,
-	    kex->client_version_string,
-	    kex->server_version_string,
-	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-	    server_host_key_blob, sbloblen,
-	    dh_client_pub,
-	    pub_key,
-	    shared_secret,
-	    hash, &hashlen)) != 0)
-		goto out;
-
-	/* save session id := H */
-	if (kex->session_id == NULL) {
-		kex->session_id_len = hashlen;
-		kex->session_id = malloc(kex->session_id_len);
-		if (kex->session_id == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		memcpy(kex->session_id, hash, kex->session_id_len);
-	}
-
-	/* sign H */
-	if ((r = kex->sign(server_host_private, server_host_public, &signature,
-	     &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
-		goto out;
-
-	/* destroy_sensitive_data(); */
-
-	/* send server hostkey, DH pubkey 'f' and signed H */
-	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 ||
-	    (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
-	    (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||	/* f */
-	    (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
-		goto out;
-
-	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
-		r = kex_send_newkeys(ssh);
- out:
-	explicit_bzero(hash, sizeof(hash));
-	DH_free(kex->dh);
-	kex->dh = NULL;
-	BN_clear_free(dh_client_pub);
-	if (kbuf) {
-		explicit_bzero(kbuf, klen);
-		free(kbuf);
-	}
-	BN_clear_free(shared_secret);
-	free(server_host_key_blob);
-	free(signature);
-	return r;
-}
-#endif /* WITH_OPENSSL */
Index: kexecdh.c
===================================================================
--- kexecdh.c
+++ kexecdh.c
@@ -1,7 +1,7 @@
-/* $OpenBSD: kexecdh.c,v 1.6 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexecdh.c,v 1.10 2019/01/21 10:40:11 djm Exp $ */
 /*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
+ * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -30,71 +30,210 @@
 
 #include <sys/types.h>
 
-#include <signal.h>
+#include <stdio.h>
 #include <string.h>
+#include <signal.h>
 
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/ec.h>
 #include <openssl/ecdh.h>
 
-#include "ssh2.h"
 #include "sshkey.h"
-#include "cipher.h"
 #include "kex.h"
 #include "sshbuf.h"
 #include "digest.h"
 #include "ssherr.h"
 
+static int
+kex_ecdh_dec_key_group(struct kex *, const struct sshbuf *, EC_KEY *key,
+    const EC_GROUP *, struct sshbuf **);
+
 int
-kex_ecdh_hash(
-    int hash_alg,
-    const EC_GROUP *ec_group,
-    const char *client_version_string,
-    const char *server_version_string,
-    const u_char *ckexinit, size_t ckexinitlen,
-    const u_char *skexinit, size_t skexinitlen,
-    const u_char *serverhostkeyblob, size_t sbloblen,
-    const EC_POINT *client_dh_pub,
-    const EC_POINT *server_dh_pub,
-    const BIGNUM *shared_secret,
-    u_char *hash, size_t *hashlen)
+kex_ecdh_keypair(struct kex *kex)
 {
-	struct sshbuf *b;
+	EC_KEY *client_key = NULL;
+	const EC_GROUP *group;
+	const EC_POINT *public_key;
+	struct sshbuf *buf = NULL;
 	int r;
 
-	if (*hashlen < ssh_digest_bytes(hash_alg))
-		return SSH_ERR_INVALID_ARGUMENT;
-	if ((b = sshbuf_new()) == NULL)
-		return SSH_ERR_ALLOC_FAIL;
-	if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 ||
-	    (r = sshbuf_put_cstring(b, server_version_string)) != 0 ||
-	    /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
-	    (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 ||
-	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
-	    (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 ||
-	    (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 ||
-	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
-	    (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 ||
-	    (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 ||
-	    (r = sshbuf_put_ec(b, client_dh_pub, ec_group)) != 0 ||
-	    (r = sshbuf_put_ec(b, server_dh_pub, ec_group)) != 0 ||
-	    (r = sshbuf_put_bignum2(b, shared_secret)) != 0) {
-		sshbuf_free(b);
-		return r;
+	if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
 	}
-#ifdef DEBUG_KEX
-	sshbuf_dump(b, stderr);
+	if (EC_KEY_generate_key(client_key) != 1) {
+		r = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+	group = EC_KEY_get0_group(client_key);
+	public_key = EC_KEY_get0_public_key(client_key);
+
+	if ((buf = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_put_ec(buf, public_key, group)) != 0 ||
+	    (r = sshbuf_get_u32(buf, NULL)) != 0)
+		goto out;
+#ifdef DEBUG_KEXECDH
+	fputs("client private key:\n", stderr);
+	sshkey_dump_ec_key(client_key);
 #endif
-	if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
-		sshbuf_free(b);
-		return SSH_ERR_LIBCRYPTO_ERROR;
+	kex->ec_client_key = client_key;
+	kex->ec_group = group;
+	client_key = NULL;	/* owned by the kex */
+	kex->client_pub = buf;
+	buf = NULL;
+ out:
+	EC_KEY_free(client_key);
+	sshbuf_free(buf);
+	return r;
+}
+
+int
+kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob,
+    struct sshbuf **server_blobp, struct sshbuf **shared_secretp)
+{
+	const EC_GROUP *group;
+	const EC_POINT *pub_key;
+	EC_KEY *server_key = NULL;
+	struct sshbuf *server_blob = NULL;
+	int r;
+
+	*server_blobp = NULL;
+	*shared_secretp = NULL;
+
+	if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
 	}
-	sshbuf_free(b);
-	*hashlen = ssh_digest_bytes(hash_alg);
-#ifdef DEBUG_KEX
-	dump_digest("hash", hash, *hashlen);
+	if (EC_KEY_generate_key(server_key) != 1) {
+		r = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+	group = EC_KEY_get0_group(server_key);
+
+#ifdef DEBUG_KEXECDH
+	fputs("server private key:\n", stderr);
+	sshkey_dump_ec_key(server_key);
 #endif
-	return 0;
+	pub_key = EC_KEY_get0_public_key(server_key);
+	if ((server_blob = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_put_ec(server_blob, pub_key, group)) != 0 ||
+	    (r = sshbuf_get_u32(server_blob, NULL)) != 0)
+		goto out;
+	if ((r = kex_ecdh_dec_key_group(kex, client_blob, server_key, group,
+	    shared_secretp)) != 0)
+		goto out;
+	*server_blobp = server_blob;
+	server_blob = NULL;
+ out:
+	EC_KEY_free(server_key);
+	sshbuf_free(server_blob);
+	return r;
+}
+
+static int
+kex_ecdh_dec_key_group(struct kex *kex, const struct sshbuf *ec_blob,
+    EC_KEY *key, const EC_GROUP *group, struct sshbuf **shared_secretp)
+{
+	struct sshbuf *buf = NULL;
+	BIGNUM *shared_secret = NULL;
+	EC_POINT *dh_pub = NULL;
+	u_char *kbuf = NULL;
+	size_t klen = 0;
+	int r;
+
+	*shared_secretp = NULL;
+
+	if ((buf = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_put_stringb(buf, ec_blob)) != 0)
+		goto out;
+	if ((dh_pub = EC_POINT_new(group)) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_get_ec(buf, dh_pub, group)) != 0) {
+		goto out;
+	}
+	sshbuf_reset(buf);
+
+#ifdef DEBUG_KEXECDH
+	fputs("public key:\n", stderr);
+	sshkey_dump_ec_point(group, dh_pub);
+#endif
+	if (sshkey_ec_validate_public(group, dh_pub) != 0) {
+		r = SSH_ERR_MESSAGE_INCOMPLETE;
+		goto out;
+	}
+	klen = (EC_GROUP_get_degree(group) + 7) / 8;
+	if ((kbuf = malloc(klen)) == NULL ||
+	    (shared_secret = BN_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if (ECDH_compute_key(kbuf, klen, dh_pub, key, NULL) != (int)klen ||
+	    BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
+		r = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+#ifdef DEBUG_KEXECDH
+	dump_digest("shared secret", kbuf, klen);
+#endif
+	if ((r = sshbuf_put_bignum2(buf, shared_secret)) != 0)
+		goto out;
+	*shared_secretp = buf;
+	buf = NULL;
+ out:
+	EC_POINT_clear_free(dh_pub);
+	BN_clear_free(shared_secret);
+	freezero(kbuf, klen);
+	sshbuf_free(buf);
+	return r;
+}
+
+int
+kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
+    struct sshbuf **shared_secretp)
+{
+	int r;
+
+	r = kex_ecdh_dec_key_group(kex, server_blob, kex->ec_client_key,
+	    kex->ec_group, shared_secretp);
+	EC_KEY_free(kex->ec_client_key);
+	kex->ec_client_key = NULL;
+	return r;
+}
+
+#else
+
+#include "ssherr.h"
+
+struct kex;
+struct sshbuf;
+struct sshkey;
+
+int
+kex_ecdh_keypair(struct kex *kex)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+
+int
+kex_ecdh_enc(struct kex *kex, const struct sshbuf *client_blob,
+    struct sshbuf **server_blobp, struct sshbuf **shared_secretp)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+
+int
+kex_ecdh_dec(struct kex *kex, const struct sshbuf *server_blob,
+    struct sshbuf **shared_secretp)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
 }
 #endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
Index: kexecdhc.c
===================================================================
--- kexecdhc.c
+++ /dev/null
@@ -1,222 +0,0 @@
-/* $OpenBSD: kexecdhc.c,v 1.13 2018/02/07 02:06:51 jsing Exp $ */
-/*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
- * Copyright (c) 2010 Damien Miller.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
-
-#include <sys/types.h>
-
-#include <stdio.h>
-#include <string.h>
-#include <signal.h>
-
-#include <openssl/ecdh.h>
-
-#include "sshkey.h"
-#include "cipher.h"
-#include "digest.h"
-#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "dh.h"
-#include "ssh2.h"
-#include "dispatch.h"
-#include "compat.h"
-#include "ssherr.h"
-#include "sshbuf.h"
-
-static int input_kex_ecdh_reply(int, u_int32_t, struct ssh *);
-
-int
-kexecdh_client(struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	EC_KEY *client_key = NULL;
-	const EC_GROUP *group;
-	const EC_POINT *public_key;
-	int r;
-
-	if ((client_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if (EC_KEY_generate_key(client_key) != 1) {
-		r = SSH_ERR_LIBCRYPTO_ERROR;
-		goto out;
-	}
-	group = EC_KEY_get0_group(client_key);
-	public_key = EC_KEY_get0_public_key(client_key);
-
-	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 ||
-	    (r = sshpkt_put_ec(ssh, public_key, group)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
-		goto out;
-	debug("sending SSH2_MSG_KEX_ECDH_INIT");
-
-#ifdef DEBUG_KEXECDH
-	fputs("client private key:\n", stderr);
-	sshkey_dump_ec_key(client_key);
-#endif
-	kex->ec_client_key = client_key;
-	kex->ec_group = group;
-	client_key = NULL;	/* owned by the kex */
-
-	debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
-	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_ecdh_reply);
-	r = 0;
- out:
-	EC_KEY_free(client_key);
-	return r;
-}
-
-static int
-input_kex_ecdh_reply(int type, u_int32_t seq, struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	const EC_GROUP *group;
-	EC_POINT *server_public = NULL;
-	EC_KEY *client_key;
-	BIGNUM *shared_secret = NULL;
-	struct sshkey *server_host_key = NULL;
-	u_char *server_host_key_blob = NULL, *signature = NULL;
-	u_char *kbuf = NULL;
-	u_char hash[SSH_DIGEST_MAX_LENGTH];
-	size_t slen, sbloblen;
-	size_t klen = 0, hashlen;
-	int r;
-
-	if (kex->verify_host_key == NULL) {
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
-	group = kex->ec_group;
-	client_key = kex->ec_client_key;
-
-	/* hostkey */
-	if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
-	    &sbloblen)) != 0 ||
-	    (r = sshkey_from_blob(server_host_key_blob, sbloblen,
-	    &server_host_key)) != 0)
-		goto out;
-	if (server_host_key->type != kex->hostkey_type ||
-	    (kex->hostkey_type == KEY_ECDSA &&
-	    server_host_key->ecdsa_nid != kex->hostkey_nid)) {
-		r = SSH_ERR_KEY_TYPE_MISMATCH;
-		goto out;
-	}
-	if (kex->verify_host_key(server_host_key, ssh) == -1) {
-		r = SSH_ERR_SIGNATURE_INVALID;
-		goto out;
-	}
-
-	/* Q_S, server public key */
-	/* signed H */
-	if ((server_public = EC_POINT_new(group)) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = sshpkt_get_ec(ssh, server_public, group)) != 0 ||
-	    (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
-	    (r = sshpkt_get_end(ssh)) != 0)
-		goto out;
-
-#ifdef DEBUG_KEXECDH
-	fputs("server public key:\n", stderr);
-	sshkey_dump_ec_point(group, server_public);
-#endif
-	if (sshkey_ec_validate_public(group, server_public) != 0) {
-		sshpkt_disconnect(ssh, "invalid server public key");
-		r = SSH_ERR_MESSAGE_INCOMPLETE;
-		goto out;
-	}
-
-	klen = (EC_GROUP_get_degree(group) + 7) / 8;
-	if ((kbuf = malloc(klen)) == NULL ||
-	    (shared_secret = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if (ECDH_compute_key(kbuf, klen, server_public,
-	    client_key, NULL) != (int)klen ||
-	    BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
-		r = SSH_ERR_LIBCRYPTO_ERROR;
-		goto out;
-	}
-
-#ifdef DEBUG_KEXECDH
-	dump_digest("shared secret", kbuf, klen);
-#endif
-	/* calc and verify H */
-	hashlen = sizeof(hash);
-	if ((r = kex_ecdh_hash(
-	    kex->hash_alg,
-	    group,
-	    kex->client_version_string,
-	    kex->server_version_string,
-	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-	    server_host_key_blob, sbloblen,
-	    EC_KEY_get0_public_key(client_key),
-	    server_public,
-	    shared_secret,
-	    hash, &hashlen)) != 0)
-		goto out;
-
-	if ((r = sshkey_verify(server_host_key, signature, slen, hash,
-	    hashlen, kex->hostkey_alg, ssh->compat)) != 0)
-		goto out;
-
-	/* save session id */
-	if (kex->session_id == NULL) {
-		kex->session_id_len = hashlen;
-		kex->session_id = malloc(kex->session_id_len);
-		if (kex->session_id == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		memcpy(kex->session_id, hash, kex->session_id_len);
-	}
-
-	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
-		r = kex_send_newkeys(ssh);
- out:
-	explicit_bzero(hash, sizeof(hash));
-	EC_KEY_free(kex->ec_client_key);
-	kex->ec_client_key = NULL;
-	EC_POINT_clear_free(server_public);
-	if (kbuf) {
-		explicit_bzero(kbuf, klen);
-		free(kbuf);
-	}
-	BN_clear_free(shared_secret);
-	sshkey_free(server_host_key);
-	free(server_host_key_blob);
-	free(signature);
-	return r;
-}
-#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
-
Index: kexecdhs.c
===================================================================
--- kexecdhs.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/* $OpenBSD: kexecdhs.c,v 1.17 2018/02/07 02:06:51 jsing Exp $ */
-/*
- * Copyright (c) 2001 Markus Friedl.  All rights reserved.
- * Copyright (c) 2010 Damien Miller.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
-
-#include <sys/types.h>
-#include <string.h>
-#include <signal.h>
-
-#include <openssl/ecdh.h>
-
-#include "sshkey.h"
-#include "cipher.h"
-#include "digest.h"
-#include "kex.h"
-#include "log.h"
-#include "packet.h"
-#include "ssh2.h"
-
-#include "dispatch.h"
-#include "compat.h"
-#include "ssherr.h"
-#include "sshbuf.h"
-
-static int input_kex_ecdh_init(int, u_int32_t, struct ssh *);
-
-int
-kexecdh_server(struct ssh *ssh)
-{
-	debug("expecting SSH2_MSG_KEX_ECDH_INIT");
-	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_ecdh_init);
-	return 0;
-}
-
-static int
-input_kex_ecdh_init(int type, u_int32_t seq, struct ssh *ssh)
-{
-	struct kex *kex = ssh->kex;
-	EC_POINT *client_public;
-	EC_KEY *server_key = NULL;
-	const EC_GROUP *group;
-	const EC_POINT *public_key;
-	BIGNUM *shared_secret = NULL;
-	struct sshkey *server_host_private, *server_host_public;
-	u_char *server_host_key_blob = NULL, *signature = NULL;
-	u_char *kbuf = NULL;
-	u_char hash[SSH_DIGEST_MAX_LENGTH];
-	size_t slen, sbloblen;
-	size_t klen = 0, hashlen;
-	int r;
-
-	if ((server_key = EC_KEY_new_by_curve_name(kex->ec_nid)) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if (EC_KEY_generate_key(server_key) != 1) {
-		r = SSH_ERR_LIBCRYPTO_ERROR;
-		goto out;
-	}
-	group = EC_KEY_get0_group(server_key);
-
-#ifdef DEBUG_KEXECDH
-	fputs("server private key:\n", stderr);
-	sshkey_dump_ec_key(server_key);
-#endif
-
-	if (kex->load_host_public_key == NULL ||
-	    kex->load_host_private_key == NULL) {
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
-	server_host_public = kex->load_host_public_key(kex->hostkey_type,
-	    kex->hostkey_nid, ssh);
-	server_host_private = kex->load_host_private_key(kex->hostkey_type,
-	    kex->hostkey_nid, ssh);
-	if (server_host_public == NULL) {
-		r = SSH_ERR_NO_HOSTKEY_LOADED;
-		goto out;
-	}
-	if ((client_public = EC_POINT_new(group)) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = sshpkt_get_ec(ssh, client_public, group)) != 0 ||
-	    (r = sshpkt_get_end(ssh)) != 0)
-		goto out;
-
-#ifdef DEBUG_KEXECDH
-	fputs("client public key:\n", stderr);
-	sshkey_dump_ec_point(group, client_public);
-#endif
-	if (sshkey_ec_validate_public(group, client_public) != 0) {
-		sshpkt_disconnect(ssh, "invalid client public key");
-		r = SSH_ERR_MESSAGE_INCOMPLETE;
-		goto out;
-	}
-
-	/* Calculate shared_secret */
-	klen = (EC_GROUP_get_degree(group) + 7) / 8;
-	if ((kbuf = malloc(klen)) == NULL ||
-	    (shared_secret = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if (ECDH_compute_key(kbuf, klen, client_public,
-	    server_key, NULL) != (int)klen ||
-	    BN_bin2bn(kbuf, klen, shared_secret) == NULL) {
-		r = SSH_ERR_LIBCRYPTO_ERROR;
-		goto out;
-	}
-
-#ifdef DEBUG_KEXECDH
-	dump_digest("shared secret", kbuf, klen);
-#endif
-	/* calc H */
-	if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob,
-	    &sbloblen)) != 0)
-		goto out;
-	hashlen = sizeof(hash);
-	if ((r = kex_ecdh_hash(
-	    kex->hash_alg,
-	    group,
-	    kex->client_version_string,
-	    kex->server_version_string,
-	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-	    server_host_key_blob, sbloblen,
-	    client_public,
-	    EC_KEY_get0_public_key(server_key),
-	    shared_secret,
-	    hash, &hashlen)) != 0)
-		goto out;
-
-	/* save session id := H */
-	if (kex->session_id == NULL) {
-		kex->session_id_len = hashlen;
-		kex->session_id = malloc(kex->session_id_len);
-		if (kex->session_id == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		memcpy(kex->session_id, hash, kex->session_id_len);
-	}
-
-	/* sign H */
-	if ((r = kex->sign(server_host_private, server_host_public, &signature,
-	     &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
-		goto out;
-
-	/* destroy_sensitive_data(); */
-
-	public_key = EC_KEY_get0_public_key(server_key);
-	/* send server hostkey, ECDH pubkey 'Q_S' and signed H */
-	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 ||
-	    (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
-	    (r = sshpkt_put_ec(ssh, public_key, group)) != 0 ||
-	    (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0)
-		goto out;
-
-	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
-		r = kex_send_newkeys(ssh);
- out:
-	explicit_bzero(hash, sizeof(hash));
-	EC_KEY_free(kex->ec_client_key);
-	kex->ec_client_key = NULL;
-	EC_KEY_free(server_key);
-	if (kbuf) {
-		explicit_bzero(kbuf, klen);
-		free(kbuf);
-	}
-	BN_clear_free(shared_secret);
-	free(server_host_key_blob);
-	free(signature);
-	return r;
-}
-#endif /* defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC) */
-
Index: kexgen.c
===================================================================
--- /dev/null
+++ kexgen.c
@@ -0,0 +1,340 @@
+/* $OpenBSD: kexgen.c,v 1.3 2019/09/06 05:23:55 djm Exp $ */
+/*
+ * Copyright (c) 2019 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+
+#include "sshkey.h"
+#include "kex.h"
+#include "log.h"
+#include "packet.h"
+#include "ssh2.h"
+#include "sshbuf.h"
+#include "digest.h"
+#include "ssherr.h"
+
+static int input_kex_gen_init(int, u_int32_t, struct ssh *);
+static int input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh);
+
+static int
+kex_gen_hash(
+    int hash_alg,
+    const struct sshbuf *client_version,
+    const struct sshbuf *server_version,
+    const struct sshbuf *client_kexinit,
+    const struct sshbuf *server_kexinit,
+    const struct sshbuf *server_host_key_blob,
+    const struct sshbuf *client_pub,
+    const struct sshbuf *server_pub,
+    const struct sshbuf *shared_secret,
+    u_char *hash, size_t *hashlen)
+{
+	struct sshbuf *b;
+	int r;
+
+	if (*hashlen < ssh_digest_bytes(hash_alg))
+		return SSH_ERR_INVALID_ARGUMENT;
+	if ((b = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshbuf_put_stringb(b, client_version)) != 0 ||
+	    (r = sshbuf_put_stringb(b, server_version)) != 0 ||
+	    /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
+	    (r = sshbuf_put_u32(b, sshbuf_len(client_kexinit) + 1)) != 0 ||
+	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
+	    (r = sshbuf_putb(b, client_kexinit)) != 0 ||
+	    (r = sshbuf_put_u32(b, sshbuf_len(server_kexinit) + 1)) != 0 ||
+	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
+	    (r = sshbuf_putb(b, server_kexinit)) != 0 ||
+	    (r = sshbuf_put_stringb(b, server_host_key_blob)) != 0 ||
+	    (r = sshbuf_put_stringb(b, client_pub)) != 0 ||
+	    (r = sshbuf_put_stringb(b, server_pub)) != 0 ||
+	    (r = sshbuf_putb(b, shared_secret)) != 0) {
+		sshbuf_free(b);
+		return r;
+	}
+#ifdef DEBUG_KEX
+	sshbuf_dump(b, stderr);
+#endif
+	if (ssh_digest_buffer(hash_alg, b, hash, *hashlen) != 0) {
+		sshbuf_free(b);
+		return SSH_ERR_LIBCRYPTO_ERROR;
+	}
+	sshbuf_free(b);
+	*hashlen = ssh_digest_bytes(hash_alg);
+#ifdef DEBUG_KEX
+	dump_digest("hash", hash, *hashlen);
+#endif
+	return 0;
+}
+
+int
+kex_gen_client(struct ssh *ssh)
+{
+	struct kex *kex = ssh->kex;
+	int r;
+
+	switch (kex->kex_type) {
+#ifdef WITH_OPENSSL
+	case KEX_DH_GRP1_SHA1:
+	case KEX_DH_GRP14_SHA1:
+	case KEX_DH_GRP14_SHA256:
+	case KEX_DH_GRP16_SHA512:
+	case KEX_DH_GRP18_SHA512:
+		r = kex_dh_keypair(kex);
+		break;
+	case KEX_ECDH_SHA2:
+		r = kex_ecdh_keypair(kex);
+		break;
+#endif
+	case KEX_C25519_SHA256:
+		r = kex_c25519_keypair(kex);
+		break;
+	case KEX_KEM_SNTRUP4591761X25519_SHA512:
+		r = kex_kem_sntrup4591761x25519_keypair(kex);
+		break;
+	default:
+		r = SSH_ERR_INVALID_ARGUMENT;
+		break;
+	}
+	if (r != 0)
+		return r;
+	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_INIT)) != 0 ||
+	    (r = sshpkt_put_stringb(ssh, kex->client_pub)) != 0 ||
+	    (r = sshpkt_send(ssh)) != 0)
+		return r;
+	debug("expecting SSH2_MSG_KEX_ECDH_REPLY");
+	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &input_kex_gen_reply);
+	return 0;
+}
+
+static int
+input_kex_gen_reply(int type, u_int32_t seq, struct ssh *ssh)
+{
+	struct kex *kex = ssh->kex;
+	struct sshkey *server_host_key = NULL;
+	struct sshbuf *shared_secret = NULL;
+	struct sshbuf *server_blob = NULL;
+	struct sshbuf *tmp = NULL, *server_host_key_blob = NULL;
+	u_char *signature = NULL;
+	u_char hash[SSH_DIGEST_MAX_LENGTH];
+	size_t slen, hashlen;
+	int r;
+
+	/* hostkey */
+	if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
+		goto out;
+	/* sshkey_fromb() consumes its buffer, so make a copy */
+	if ((tmp = sshbuf_fromb(server_host_key_blob)) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshkey_fromb(tmp, &server_host_key)) != 0)
+		goto out;
+	if ((r = kex_verify_host_key(ssh, server_host_key)) != 0)
+		goto out;
+
+	/* Q_S, server public key */
+	/* signed H */
+	if ((r = sshpkt_getb_froms(ssh, &server_blob)) != 0 ||
+	    (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		goto out;
+
+	/* compute shared secret */
+	switch (kex->kex_type) {
+#ifdef WITH_OPENSSL
+	case KEX_DH_GRP1_SHA1:
+	case KEX_DH_GRP14_SHA1:
+	case KEX_DH_GRP14_SHA256:
+	case KEX_DH_GRP16_SHA512:
+	case KEX_DH_GRP18_SHA512:
+		r = kex_dh_dec(kex, server_blob, &shared_secret);
+		break;
+	case KEX_ECDH_SHA2:
+		r = kex_ecdh_dec(kex, server_blob, &shared_secret);
+		break;
+#endif
+	case KEX_C25519_SHA256:
+		r = kex_c25519_dec(kex, server_blob, &shared_secret);
+		break;
+	case KEX_KEM_SNTRUP4591761X25519_SHA512:
+		r = kex_kem_sntrup4591761x25519_dec(kex, server_blob,
+		    &shared_secret);
+		break;
+	default:
+		r = SSH_ERR_INVALID_ARGUMENT;
+		break;
+	}
+	if (r !=0 )
+		goto out;
+
+	/* calc and verify H */
+	hashlen = sizeof(hash);
+	if ((r = kex_gen_hash(
+	    kex->hash_alg,
+	    kex->client_version,
+	    kex->server_version,
+	    kex->my,
+	    kex->peer,
+	    server_host_key_blob,
+	    kex->client_pub,
+	    server_blob,
+	    shared_secret,
+	    hash, &hashlen)) != 0)
+		goto out;
+
+	if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
+	    kex->hostkey_alg, ssh->compat)) != 0)
+		goto out;
+
+	if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
+		r = kex_send_newkeys(ssh);
+out:
+	explicit_bzero(hash, sizeof(hash));
+	explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key));
+	explicit_bzero(kex->sntrup4591761_client_key,
+	    sizeof(kex->sntrup4591761_client_key));
+	sshbuf_free(server_host_key_blob);
+	free(signature);
+	sshbuf_free(tmp);
+	sshkey_free(server_host_key);
+	sshbuf_free(server_blob);
+	sshbuf_free(shared_secret);
+	sshbuf_free(kex->client_pub);
+	kex->client_pub = NULL;
+	return r;
+}
+
+int
+kex_gen_server(struct ssh *ssh)
+{
+	debug("expecting SSH2_MSG_KEX_ECDH_INIT");
+	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &input_kex_gen_init);
+	return 0;
+}
+
+static int
+input_kex_gen_init(int type, u_int32_t seq, struct ssh *ssh)
+{
+	struct kex *kex = ssh->kex;
+	struct sshkey *server_host_private, *server_host_public;
+	struct sshbuf *shared_secret = NULL;
+	struct sshbuf *server_pubkey = NULL;
+	struct sshbuf *client_pubkey = NULL;
+	struct sshbuf *server_host_key_blob = NULL;
+	u_char *signature = NULL, hash[SSH_DIGEST_MAX_LENGTH];
+	size_t slen, hashlen;
+	int r;
+
+	if ((r = kex_load_hostkey(ssh, &server_host_private,
+	    &server_host_public)) != 0)
+		goto out;
+
+	if ((r = sshpkt_getb_froms(ssh, &client_pubkey)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		goto out;
+
+	/* compute shared secret */
+	switch (kex->kex_type) {
+#ifdef WITH_OPENSSL
+	case KEX_DH_GRP1_SHA1:
+	case KEX_DH_GRP14_SHA1:
+	case KEX_DH_GRP14_SHA256:
+	case KEX_DH_GRP16_SHA512:
+	case KEX_DH_GRP18_SHA512:
+		r = kex_dh_enc(kex, client_pubkey, &server_pubkey,
+		    &shared_secret);
+		break;
+	case KEX_ECDH_SHA2:
+		r = kex_ecdh_enc(kex, client_pubkey, &server_pubkey,
+		    &shared_secret);
+		break;
+#endif
+	case KEX_C25519_SHA256:
+		r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
+		    &shared_secret);
+		break;
+	case KEX_KEM_SNTRUP4591761X25519_SHA512:
+		r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey,
+		    &server_pubkey, &shared_secret);
+		break;
+	default:
+		r = SSH_ERR_INVALID_ARGUMENT;
+		break;
+	}
+	if (r !=0 )
+		goto out;
+
+	/* calc H */
+	if ((server_host_key_blob = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshkey_putb(server_host_public, server_host_key_blob)) != 0)
+		goto out;
+	hashlen = sizeof(hash);
+	if ((r = kex_gen_hash(
+	    kex->hash_alg,
+	    kex->client_version,
+	    kex->server_version,
+	    kex->peer,
+	    kex->my,
+	    server_host_key_blob,
+	    client_pubkey,
+	    server_pubkey,
+	    shared_secret,
+	    hash, &hashlen)) != 0)
+		goto out;
+
+	/* sign H */
+	if ((r = kex->sign(ssh, server_host_private, server_host_public,
+	     &signature, &slen, hash, hashlen, kex->hostkey_alg)) != 0)
+		goto out;
+
+	/* send server hostkey, ECDH pubkey 'Q_S' and signed H */
+	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_ECDH_REPLY)) != 0 ||
+	    (r = sshpkt_put_stringb(ssh, server_host_key_blob)) != 0 ||
+	    (r = sshpkt_put_stringb(ssh, server_pubkey)) != 0 ||
+	    (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
+	    (r = sshpkt_send(ssh)) != 0)
+		goto out;
+
+	if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
+		r = kex_send_newkeys(ssh);
+out:
+	explicit_bzero(hash, sizeof(hash));
+	sshbuf_free(server_host_key_blob);
+	free(signature);
+	sshbuf_free(shared_secret);
+	sshbuf_free(client_pubkey);
+	sshbuf_free(server_pubkey);
+	return r;
+}
Index: kexgex.c
===================================================================
--- kexgex.c
+++ kexgex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgex.c,v 1.29 2015/01/19 20:16:15 markus Exp $ */
+/* $OpenBSD: kexgex.c,v 1.32 2019/01/23 00:30:41 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -46,17 +46,17 @@
 int
 kexgex_hash(
     int hash_alg,
-    const char *client_version_string,
-    const char *server_version_string,
-    const u_char *ckexinit, size_t ckexinitlen,
-    const u_char *skexinit, size_t skexinitlen,
-    const u_char *serverhostkeyblob, size_t sbloblen,
+    const struct sshbuf *client_version,
+    const struct sshbuf *server_version,
+    const struct sshbuf *client_kexinit,
+    const struct sshbuf *server_kexinit,
+    const struct sshbuf *server_host_key_blob,
     int min, int wantbits, int max,
     const BIGNUM *prime,
     const BIGNUM *gen,
     const BIGNUM *client_dh_pub,
     const BIGNUM *server_dh_pub,
-    const BIGNUM *shared_secret,
+    const u_char *shared_secret, size_t secretlen,
     u_char *hash, size_t *hashlen)
 {
 	struct sshbuf *b;
@@ -66,16 +66,16 @@
 		return SSH_ERR_INVALID_ARGUMENT;
 	if ((b = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
-	if ((r = sshbuf_put_cstring(b, client_version_string)) != 0 ||
-	    (r = sshbuf_put_cstring(b, server_version_string)) != 0 ||
+	if ((r = sshbuf_put_stringb(b, client_version)) < 0 ||
+	    (r = sshbuf_put_stringb(b, server_version)) < 0 ||
 	    /* kexinit messages: fake header: len+SSH2_MSG_KEXINIT */
-	    (r = sshbuf_put_u32(b, ckexinitlen+1)) != 0 ||
+	    (r = sshbuf_put_u32(b, sshbuf_len(client_kexinit) + 1)) != 0 ||
 	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
-	    (r = sshbuf_put(b, ckexinit, ckexinitlen)) != 0 ||
-	    (r = sshbuf_put_u32(b, skexinitlen+1)) != 0 ||
+	    (r = sshbuf_putb(b, client_kexinit)) != 0 ||
+	    (r = sshbuf_put_u32(b, sshbuf_len(server_kexinit) + 1)) != 0 ||
 	    (r = sshbuf_put_u8(b, SSH2_MSG_KEXINIT)) != 0 ||
-	    (r = sshbuf_put(b, skexinit, skexinitlen)) != 0 ||
-	    (r = sshbuf_put_string(b, serverhostkeyblob, sbloblen)) != 0 ||
+	    (r = sshbuf_putb(b, server_kexinit)) != 0 ||
+	    (r = sshbuf_put_stringb(b, server_host_key_blob)) != 0 ||
 	    (min != -1 && (r = sshbuf_put_u32(b, min)) != 0) ||
 	    (r = sshbuf_put_u32(b, wantbits)) != 0 ||
 	    (max != -1 && (r = sshbuf_put_u32(b, max)) != 0) ||
@@ -83,7 +83,7 @@
 	    (r = sshbuf_put_bignum2(b, gen)) != 0 ||
 	    (r = sshbuf_put_bignum2(b, client_dh_pub)) != 0 ||
 	    (r = sshbuf_put_bignum2(b, server_dh_pub)) != 0 ||
-	    (r = sshbuf_put_bignum2(b, shared_secret)) != 0) {
+	    (r = sshbuf_put(b, shared_secret, secretlen)) != 0) {
 		sshbuf_free(b);
 		return r;
 	}
Index: kexgexc.c
===================================================================
--- kexgexc.c
+++ kexgexc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.27 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.34 2019/01/23 00:30:41 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -100,13 +100,8 @@
 
 	debug("got SSH2_MSG_KEX_DH_GEX_GROUP");
 
-	if ((p = BN_new()) == NULL ||
-	    (g = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = sshpkt_get_bignum2(ssh, p)) != 0 ||
-	    (r = sshpkt_get_bignum2(ssh, g)) != 0 ||
+	if ((r = sshpkt_get_bignum2(ssh, &p)) != 0 ||
+	    (r = sshpkt_get_bignum2(ssh, &g)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
 		goto out;
 	if ((bits = BN_num_bits(p)) < 0 ||
@@ -148,71 +143,39 @@
 input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
 {
 	struct kex *kex = ssh->kex;
-	BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
+	BIGNUM *dh_server_pub = NULL;
 	const BIGNUM *pub_key, *dh_p, *dh_g;
+	struct sshbuf *shared_secret = NULL;
+	struct sshbuf *tmp = NULL, *server_host_key_blob = NULL;
 	struct sshkey *server_host_key = NULL;
-	u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
+	u_char *signature = NULL;
 	u_char hash[SSH_DIGEST_MAX_LENGTH];
-	size_t klen = 0, slen, sbloblen, hashlen;
-	int kout, r;
+	size_t slen, hashlen;
+	int r;
 
 	debug("got SSH2_MSG_KEX_DH_GEX_REPLY");
-	if (kex->verify_host_key == NULL) {
-		r = SSH_ERR_INVALID_ARGUMENT;
-		goto out;
-	}
 	/* key, cert */
-	if ((r = sshpkt_get_string(ssh, &server_host_key_blob,
-	    &sbloblen)) != 0 ||
-	    (r = sshkey_from_blob(server_host_key_blob, sbloblen,
-	    &server_host_key)) != 0)
+	if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
 		goto out;
-	if (server_host_key->type != kex->hostkey_type ||
-	    (kex->hostkey_type == KEY_ECDSA &&
-	    server_host_key->ecdsa_nid != kex->hostkey_nid)) {
-		r = SSH_ERR_KEY_TYPE_MISMATCH;
-		goto out;
-	}
-	if (kex->verify_host_key(server_host_key, ssh) == -1) {
-		r = SSH_ERR_SIGNATURE_INVALID;
-		goto out;
-	}
-	/* DH parameter f, server public DH key */
-	if ((dh_server_pub = BN_new()) == NULL) {
+	/* sshkey_fromb() consumes its buffer, so make a copy */
+	if ((tmp = sshbuf_fromb(server_host_key_blob)) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	/* signed H */
-	if ((r = sshpkt_get_bignum2(ssh, dh_server_pub)) != 0 ||
+	if ((r = sshkey_fromb(tmp, &server_host_key)) != 0 ||
+	    (r = kex_verify_host_key(ssh, server_host_key)) != 0)
+		goto out;
+	/* DH parameter f, server public DH key, signed H */
+	if ((r = sshpkt_get_bignum2(ssh, &dh_server_pub)) != 0 ||
 	    (r = sshpkt_get_string(ssh, &signature, &slen)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
 		goto out;
-#ifdef DEBUG_KEXDH
-	fprintf(stderr, "dh_server_pub= ");
-	BN_print_fp(stderr, dh_server_pub);
-	fprintf(stderr, "\n");
-	debug("bits %d", BN_num_bits(dh_server_pub));
-#endif
-	if (!dh_pub_is_valid(kex->dh, dh_server_pub)) {
-		sshpkt_disconnect(ssh, "bad server public DH value");
-		r = SSH_ERR_MESSAGE_INCOMPLETE;
-		goto out;
-	}
-
-	klen = DH_size(kex->dh);
-	if ((kbuf = malloc(klen)) == NULL ||
-	    (shared_secret = BN_new()) == NULL) {
+	if ((shared_secret = sshbuf_new()) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((kout = DH_compute_key(kbuf, dh_server_pub, kex->dh)) < 0 ||
-	    BN_bin2bn(kbuf, kout, shared_secret) == NULL) {
-		r = SSH_ERR_LIBCRYPTO_ERROR;
+	if ((r = kex_dh_compute_key(kex, dh_server_pub, shared_secret)) != 0)
 		goto out;
-	}
-#ifdef DEBUG_KEXDH
-	dump_digest("shared secret", kbuf, kout);
-#endif
 	if (ssh->compat & SSH_OLD_DHGEX)
 		kex->min = kex->max = -1;
 
@@ -222,16 +185,16 @@
 	hashlen = sizeof(hash);
 	if ((r = kexgex_hash(
 	    kex->hash_alg,
-	    kex->client_version_string,
-	    kex->server_version_string,
-	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-	    server_host_key_blob, sbloblen,
+	    kex->client_version,
+	    kex->server_version,
+	    kex->my,
+	    kex->peer,
+	    server_host_key_blob,
 	    kex->min, kex->nbits, kex->max,
 	    dh_p, dh_g,
 	    pub_key,
 	    dh_server_pub,
-	    shared_secret,
+	    sshbuf_ptr(shared_secret), sshbuf_len(shared_secret),
 	    hash, &hashlen)) != 0)
 		goto out;
 
@@ -239,31 +202,17 @@
 	    hashlen, kex->hostkey_alg, ssh->compat)) != 0)
 		goto out;
 
-	/* save session id */
-	if (kex->session_id == NULL) {
-		kex->session_id_len = hashlen;
-		kex->session_id = malloc(kex->session_id_len);
-		if (kex->session_id == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		memcpy(kex->session_id, hash, kex->session_id_len);
-	}
-
-	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
+	if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
 		r = kex_send_newkeys(ssh);
  out:
 	explicit_bzero(hash, sizeof(hash));
 	DH_free(kex->dh);
 	kex->dh = NULL;
 	BN_clear_free(dh_server_pub);
-	if (kbuf) {
-		explicit_bzero(kbuf, klen);
-		free(kbuf);
-	}
-	BN_clear_free(shared_secret);
+	sshbuf_free(shared_secret);
 	sshkey_free(server_host_key);
-	free(server_host_key_blob);
+	sshbuf_free(tmp);
+	sshbuf_free(server_host_key_blob);
 	free(signature);
 	return r;
 }
Index: kexgexs.c
===================================================================
--- kexgexs.c
+++ kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.35 2018/10/04 00:04:41 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.42 2019/01/23 00:30:41 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -126,130 +126,78 @@
 input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
 {
 	struct kex *kex = ssh->kex;
-	BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
+	BIGNUM *dh_client_pub = NULL;
 	const BIGNUM *pub_key, *dh_p, *dh_g;
+	struct sshbuf *shared_secret = NULL;
+	struct sshbuf *server_host_key_blob = NULL;
 	struct sshkey *server_host_public, *server_host_private;
-	u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
+	u_char *signature = NULL;
 	u_char hash[SSH_DIGEST_MAX_LENGTH];
-	size_t sbloblen, slen;
-	size_t klen = 0, hashlen;
-	int kout, r;
+	size_t slen, hashlen;
+	int r;
 
-	if (kex->load_host_public_key == NULL ||
-	    kex->load_host_private_key == NULL) {
-		r = SSH_ERR_INVALID_ARGUMENT;
+	if ((r = kex_load_hostkey(ssh, &server_host_private,
+	    &server_host_public)) != 0)
 		goto out;
-	}
-	server_host_public = kex->load_host_public_key(kex->hostkey_type,
-	    kex->hostkey_nid, ssh);
-	server_host_private = kex->load_host_private_key(kex->hostkey_type,
-	    kex->hostkey_nid, ssh);
-	if (server_host_public == NULL) {
-		r = SSH_ERR_NO_HOSTKEY_LOADED;
-		goto out;
-	}
 
 	/* key, cert */
-	if ((dh_client_pub = BN_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-	if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 ||
+	if ((r = sshpkt_get_bignum2(ssh, &dh_client_pub)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
 		goto out;
-
-	DH_get0_key(kex->dh, &pub_key, NULL);
-	DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
-
-#ifdef DEBUG_KEXDH
-	fprintf(stderr, "dh_client_pub= ");
-	BN_print_fp(stderr, dh_client_pub);
-	fprintf(stderr, "\n");
-	debug("bits %d", BN_num_bits(dh_client_pub));
-	DHparams_print_fp(stderr, kex->dh);
-	fprintf(stderr, "pub= ");
-	BN_print_fp(stderr, pub_key);
-	fprintf(stderr, "\n");
-#endif
-	if (!dh_pub_is_valid(kex->dh, dh_client_pub)) {
-		sshpkt_disconnect(ssh, "bad client public DH value");
-		r = SSH_ERR_MESSAGE_INCOMPLETE;
+	if ((shared_secret = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-
-	klen = DH_size(kex->dh);
-	if ((kbuf = malloc(klen)) == NULL ||
-	    (shared_secret = BN_new()) == NULL) {
+	if ((r = kex_dh_compute_key(kex, dh_client_pub, shared_secret)) != 0)
+		goto out;
+	if ((server_host_key_blob = sshbuf_new()) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((kout = DH_compute_key(kbuf, dh_client_pub, kex->dh)) < 0 ||
-	    BN_bin2bn(kbuf, kout, shared_secret) == NULL) {
-		r = SSH_ERR_LIBCRYPTO_ERROR;
+	if ((r = sshkey_putb(server_host_public, server_host_key_blob)) != 0)
 		goto out;
-	}
-#ifdef DEBUG_KEXDH
-	dump_digest("shared secret", kbuf, kout);
-#endif
-	if ((r = sshkey_to_blob(server_host_public, &server_host_key_blob,
-	    &sbloblen)) != 0)
-		goto out;
+
 	/* calc H */
+	DH_get0_key(kex->dh, &pub_key, NULL);
+	DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
 	hashlen = sizeof(hash);
 	if ((r = kexgex_hash(
 	    kex->hash_alg,
-	    kex->client_version_string,
-	    kex->server_version_string,
-	    sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
-	    sshbuf_ptr(kex->my), sshbuf_len(kex->my),
-	    server_host_key_blob, sbloblen,
+	    kex->client_version,
+	    kex->server_version,
+	    kex->peer,
+	    kex->my,
+	    server_host_key_blob,
 	    kex->min, kex->nbits, kex->max,
 	    dh_p, dh_g,
 	    dh_client_pub,
 	    pub_key,
-	    shared_secret,
+	    sshbuf_ptr(shared_secret), sshbuf_len(shared_secret),
 	    hash, &hashlen)) != 0)
 		goto out;
 
-	/* save session id := H */
-	if (kex->session_id == NULL) {
-		kex->session_id_len = hashlen;
-		kex->session_id = malloc(kex->session_id_len);
-		if (kex->session_id == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		memcpy(kex->session_id, hash, kex->session_id_len);
-	}
-
 	/* sign H */
-	if ((r = kex->sign(server_host_private, server_host_public, &signature,
-	     &slen, hash, hashlen, kex->hostkey_alg, ssh->compat)) < 0)
+	if ((r = kex->sign(ssh, server_host_private, server_host_public,
+	    &signature, &slen, hash, hashlen, kex->hostkey_alg)) < 0)
 		goto out;
 
-	/* destroy_sensitive_data(); */
-
 	/* send server hostkey, DH pubkey 'f' and signed H */
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
-	    (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
+	    (r = sshpkt_put_stringb(ssh, server_host_key_blob)) != 0 ||
 	    (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||     /* f */
 	    (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
 		goto out;
 
-	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
+	if ((r = kex_derive_keys(ssh, hash, hashlen, shared_secret)) == 0)
 		r = kex_send_newkeys(ssh);
  out:
 	explicit_bzero(hash, sizeof(hash));
 	DH_free(kex->dh);
 	kex->dh = NULL;
 	BN_clear_free(dh_client_pub);
-	if (kbuf) {
-		explicit_bzero(kbuf, klen);
-		free(kbuf);
-	}
-	BN_clear_free(shared_secret);
-	free(server_host_key_blob);
+	sshbuf_free(shared_secret);
+	sshbuf_free(server_host_key_blob);
 	free(signature);
 	return r;
 }
Index: kexsntrup4591761x25519.c
===================================================================
--- /dev/null
+++ kexsntrup4591761x25519.c
@@ -0,0 +1,219 @@
+/* $OpenBSD: kexsntrup4591761x25519.c,v 1.3 2019/01/21 10:40:11 djm Exp $ */
+/*
+ * Copyright (c) 2019 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <signal.h>
+
+#include "sshkey.h"
+#include "kex.h"
+#include "sshbuf.h"
+#include "digest.h"
+#include "ssherr.h"
+
+int
+kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
+{
+	struct sshbuf *buf = NULL;
+	u_char *cp = NULL;
+	size_t need;
+	int r;
+
+	if ((buf = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
+	if ((r = sshbuf_reserve(buf, need, &cp)) != 0)
+		goto out;
+	crypto_kem_sntrup4591761_keypair(cp, kex->sntrup4591761_client_key);
+#ifdef DEBUG_KEXECDH
+	dump_digest("client public key sntrup4591761:", cp,
+	    crypto_kem_sntrup4591761_PUBLICKEYBYTES);
+#endif
+	cp += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
+	kexc25519_keygen(kex->c25519_client_key, cp);
+#ifdef DEBUG_KEXECDH
+	dump_digest("client public key c25519:", cp, CURVE25519_SIZE);
+#endif
+	kex->client_pub = buf;
+	buf = NULL;
+ out:
+	sshbuf_free(buf);
+	return r;
+}
+
+int
+kex_kem_sntrup4591761x25519_enc(struct kex *kex,
+   const struct sshbuf *client_blob, struct sshbuf **server_blobp,
+   struct sshbuf **shared_secretp)
+{
+	struct sshbuf *server_blob = NULL;
+	struct sshbuf *buf = NULL;
+	const u_char *client_pub;
+	u_char *kem_key, *ciphertext, *server_pub;
+	u_char server_key[CURVE25519_SIZE];
+	u_char hash[SSH_DIGEST_MAX_LENGTH];
+	size_t need;
+	int r;
+
+	*server_blobp = NULL;
+	*shared_secretp = NULL;
+
+	/* client_blob contains both KEM and ECDH client pubkeys */
+	need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
+	if (sshbuf_len(client_blob) != need) {
+		r = SSH_ERR_SIGNATURE_INVALID;
+		goto out;
+	}
+	client_pub = sshbuf_ptr(client_blob);
+#ifdef DEBUG_KEXECDH
+	dump_digest("client public key sntrup4591761:", client_pub,
+	    crypto_kem_sntrup4591761_PUBLICKEYBYTES);
+	dump_digest("client public key 25519:",
+	    client_pub + crypto_kem_sntrup4591761_PUBLICKEYBYTES,
+	    CURVE25519_SIZE);
+#endif
+	/* allocate buffer for concatenation of KEM key and ECDH shared key */
+	/* the buffer will be hashed and the result is the shared secret */
+	if ((buf = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
+	    &kem_key)) != 0)
+		goto out;
+	/* allocate space for encrypted KEM key and ECDH pub key */
+	if ((server_blob = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
+	if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0)
+		goto out;
+	/* generate and encrypt KEM key with client key */
+	crypto_kem_sntrup4591761_enc(ciphertext, kem_key, client_pub);
+	/* generate ECDH key pair, store server pubkey after ciphertext */
+	server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
+	kexc25519_keygen(server_key, server_pub);
+	/* append ECDH shared key */
+	client_pub += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
+	if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0)
+		goto out;
+	if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
+		goto out;
+#ifdef DEBUG_KEXECDH
+	dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE);
+	dump_digest("server cipher text:", ciphertext,
+	    crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
+	dump_digest("server kem key:", kem_key, sizeof(kem_key));
+	dump_digest("concatenation of KEM key and ECDH shared key:",
+	    sshbuf_ptr(buf), sshbuf_len(buf));
+#endif
+	/* string-encoded hash is resulting shared secret */
+	sshbuf_reset(buf);
+	if ((r = sshbuf_put_string(buf, hash,
+	    ssh_digest_bytes(kex->hash_alg))) != 0)
+		goto out;
+#ifdef DEBUG_KEXECDH
+	dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf));
+#endif
+	*server_blobp = server_blob;
+	*shared_secretp = buf;
+	server_blob = NULL;
+	buf = NULL;
+ out:
+	explicit_bzero(hash, sizeof(hash));
+	explicit_bzero(server_key, sizeof(server_key));
+	sshbuf_free(server_blob);
+	sshbuf_free(buf);
+	return r;
+}
+
+int
+kex_kem_sntrup4591761x25519_dec(struct kex *kex,
+    const struct sshbuf *server_blob, struct sshbuf **shared_secretp)
+{
+	struct sshbuf *buf = NULL;
+	u_char *kem_key = NULL;
+	const u_char *ciphertext, *server_pub;
+	u_char hash[SSH_DIGEST_MAX_LENGTH];
+	size_t need;
+	int r, decoded;
+
+	*shared_secretp = NULL;
+
+	need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
+	if (sshbuf_len(server_blob) != need) {
+		r = SSH_ERR_SIGNATURE_INVALID;
+		goto out;
+	}
+	ciphertext = sshbuf_ptr(server_blob);
+	server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
+#ifdef DEBUG_KEXECDH
+	dump_digest("server cipher text:", ciphertext,
+	    crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
+	dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE);
+#endif
+	/* hash concatenation of KEM key and ECDH shared key */
+	if ((buf = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
+	    &kem_key)) != 0)
+		goto out;
+	decoded = crypto_kem_sntrup4591761_dec(kem_key, ciphertext,
+	    kex->sntrup4591761_client_key);
+	if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub,
+	    buf, 1)) < 0)
+		goto out;
+	if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
+		goto out;
+#ifdef DEBUG_KEXECDH
+	dump_digest("client kem key:", kem_key, sizeof(kem_key));
+	dump_digest("concatenation of KEM key and ECDH shared key:",
+	    sshbuf_ptr(buf), sshbuf_len(buf));
+#endif
+	sshbuf_reset(buf);
+	if ((r = sshbuf_put_string(buf, hash,
+	    ssh_digest_bytes(kex->hash_alg))) != 0)
+		goto out;
+#ifdef DEBUG_KEXECDH
+	dump_digest("encoded shared secret:", sshbuf_ptr(buf), sshbuf_len(buf));
+#endif
+	if (decoded != 0) {
+		r = SSH_ERR_SIGNATURE_INVALID;
+		goto out;
+	}
+	*shared_secretp = buf;
+	buf = NULL;
+ out:
+	explicit_bzero(hash, sizeof(hash));
+	sshbuf_free(buf);
+	return r;
+}
Index: krl.h
===================================================================
--- krl.h
+++ krl.h
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.h,v 1.6 2018/09/12 01:21:34 djm Exp $ */
+/* $OpenBSD: krl.h,v 1.7 2019/06/21 04:21:04 djm Exp $ */
 
 #ifndef _KRL_H
 #define _KRL_H
@@ -56,7 +56,7 @@
 int ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len);
 int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key);
 int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
-    const struct sshkey **sign_keys, u_int nsign_keys);
+    struct sshkey **sign_keys, u_int nsign_keys);
 int ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
     const struct sshkey **sign_ca_keys, size_t nsign_ca_keys);
 int ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key);
Index: krl.c
===================================================================
--- krl.c
+++ krl.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.42 2018/09/12 01:21:34 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.44 2019/09/06 04:53:27 djm Exp $ */
 
 #include "includes.h"
 
@@ -25,6 +25,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
+#include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
@@ -732,7 +733,7 @@
 
 int
 ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
-    const struct sshkey **sign_keys, u_int nsign_keys)
+    struct sshkey **sign_keys, u_int nsign_keys)
 {
 	int r = SSH_ERR_INTERNAL_ERROR;
 	struct revoked_certs *rc;
Index: log.h
===================================================================
--- log.h
+++ log.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.h,v 1.23 2018/07/27 12:03:17 markus Exp $ */
+/* $OpenBSD: log.h,v 1.24 2019/09/06 04:53:27 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -14,6 +14,8 @@
 
 #ifndef SSH_LOG_H
 #define SSH_LOG_H
+
+#include <stdarg.h> /* va_list */
 
 /* Supported syslog facilities and levels. */
 typedef enum {
Index: loginrec.h
===================================================================
--- loginrec.h
+++ loginrec.h
@@ -31,6 +31,8 @@
 
 #include "includes.h"
 
+struct ssh;
+
 /**
  ** you should use the login_* calls to work around platform dependencies
  **/
@@ -126,6 +128,7 @@
 char *line_stripname(char *dst, const char *src, int dstsize);
 char *line_abbrevname(char *dst, const char *src, int dstsize);
 
-void record_failed_login(const char *, const char *, const char *);
+void record_failed_login(struct ssh *, const char *, const char *,
+    const char *);
 
 #endif /* _HAVE_LOGINREC_H_ */
Index: loginrec.c
===================================================================
--- loginrec.c
+++ loginrec.c
@@ -156,6 +156,7 @@
 
 #include <netinet/in.h>
 
+#include <stdlib.h>
 #include <errno.h>
 #include <fcntl.h>
 #ifdef HAVE_PATHS_H
@@ -163,6 +164,7 @@
 #endif
 #include <pwd.h>
 #include <stdarg.h>
+#include <stdio.h>
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
@@ -467,7 +469,7 @@
 #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN
 	if (li->type == LTYPE_LOGIN &&
 	    !sys_auth_record_login(li->username,li->hostname,li->line,
-	    &loginmsg))
+	    loginmsg))
 		logit("Writing login record failed for %s", li->username);
 #endif
 #ifdef SSH_AUDIT_EVENTS
@@ -1653,7 +1655,7 @@
    */
 
 void
-record_failed_login(const char *username, const char *hostname,
+record_failed_login(struct ssh *ssh, const char *username, const char *hostname,
     const char *ttyn)
 {
 	int fd;
@@ -1696,8 +1698,8 @@
 	/* strncpy because we don't necessarily want nul termination */
 	strncpy(ut.ut_host, hostname, sizeof(ut.ut_host));
 
-	if (packet_connection_is_on_socket() &&
-	    getpeername(packet_get_connection_in(),
+	if (ssh_packet_connection_is_on_socket(ssh) &&
+	    getpeername(ssh_packet_get_connection_in(ssh),
 	    (struct sockaddr *)&from, &fromlen) == 0) {
 		ipv64_normalise_mapped(&from, &fromlen);
 		if (from.ss_family == AF_INET) {
Index: mac.c
===================================================================
--- mac.c
+++ mac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mac.c,v 1.34 2017/05/08 22:57:38 djm Exp $ */
+/* $OpenBSD: mac.c,v 1.35 2019/09/06 04:53:27 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -27,6 +27,7 @@
 
 #include <sys/types.h>
 
+#include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
 
@@ -58,10 +59,8 @@
 	/* Encrypt-and-MAC (encrypt-and-authenticate) variants */
 	{ "hmac-sha1",				SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 0 },
 	{ "hmac-sha1-96",			SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 0 },
-#ifdef HAVE_EVP_SHA256
 	{ "hmac-sha2-256",			SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 0 },
 	{ "hmac-sha2-512",			SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 0 },
-#endif
 	{ "hmac-md5",				SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 0 },
 	{ "hmac-md5-96",			SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 0 },
 	{ "umac-64@openssh.com",		SSH_UMAC, 0, 0, 128, 64, 0 },
@@ -70,10 +69,8 @@
 	/* Encrypt-then-MAC variants */
 	{ "hmac-sha1-etm@openssh.com",		SSH_DIGEST, SSH_DIGEST_SHA1, 0, 0, 0, 1 },
 	{ "hmac-sha1-96-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_SHA1, 96, 0, 0, 1 },
-#ifdef HAVE_EVP_SHA256
 	{ "hmac-sha2-256-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_SHA256, 0, 0, 0, 1 },
 	{ "hmac-sha2-512-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_SHA512, 0, 0, 0, 1 },
-#endif
 	{ "hmac-md5-etm@openssh.com",		SSH_DIGEST, SSH_DIGEST_MD5, 0, 0, 0, 1 },
 	{ "hmac-md5-96-etm@openssh.com",	SSH_DIGEST, SSH_DIGEST_MD5, 96, 0, 0, 1 },
 	{ "umac-64-etm@openssh.com",		SSH_UMAC, 0, 0, 128, 64, 1 },
Index: match.h
===================================================================
--- match.h
+++ match.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.h,v 1.18 2018/07/04 13:49:31 djm Exp $ */
+/* $OpenBSD: match.h,v 1.19 2019/03/06 22:14:23 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -16,6 +16,7 @@
 
 int	 match_pattern(const char *, const char *);
 int	 match_pattern_list(const char *, const char *, int);
+int	 match_usergroup_pattern_list(const char *, const char *);
 int	 match_hostname(const char *, const char *);
 int	 match_host_and_ip(const char *, const char *, const char *);
 int	 match_user(const char *, const char *, const char *, const char *);
Index: match.c
===================================================================
--- match.c
+++ match.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.38 2018/07/04 13:49:31 djm Exp $ */
+/* $OpenBSD: match.c,v 1.40 2019/10/04 04:13:39 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -170,6 +170,19 @@
 	return got_positive;
 }
 
+/* Match a list representing users or groups. */
+int
+match_usergroup_pattern_list(const char *string, const char *pattern)
+{
+#ifdef HAVE_CYGWIN
+	/* Windows usernames may be Unicode and are not case sensitive */
+	return cygwin_ug_match_pattern_list(string, pattern);
+#else
+	/* Case insensitive match */
+	return match_pattern_list(string, pattern, 0);
+#endif
+}
+
 /*
  * Tries to match the host name (which must be in all lowercase) against the
  * comma-separated sequence of subpatterns (each possibly preceded by ! to
@@ -233,7 +246,7 @@
 		return 0;
 	}
 
-	if ((p = strchr(pattern,'@')) == NULL)
+	if ((p = strchr(pattern, '@')) == NULL)
 		return match_pattern(user, pattern);
 
 	pat = xstrdup(pattern);
Index: misc.h
===================================================================
--- misc.h
+++ misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.75 2018/10/03 06:38:35 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.81 2019/09/03 08:32:11 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -17,6 +17,7 @@
 
 #include <sys/time.h>
 #include <sys/types.h>
+#include <sys/socket.h>
 
 /* Data structure for representing a forwarding request. */
 struct Forward {
@@ -43,6 +44,7 @@
 /* misc.c */
 
 char	*chop(char *);
+void	skip_space(char **);
 char	*strdelim(char **);
 char	*strdelimw(char **);
 int	 set_nonblock(int);
@@ -51,9 +53,12 @@
 int	 set_reuseaddr(int);
 char	*get_rdomain(int);
 int	 set_rdomain(int, const char *);
+int	 waitrfd(int, int *);
+int	 timeout_connect(int, const struct sockaddr *, socklen_t, int *);
 int	 a2port(const char *);
 int	 a2tun(const char *, int *);
 char	*put_host_port(const char *, u_short);
+char	*hpdelim2(char **, char *);
 char	*hpdelim(char **);
 char	*cleanhostname(char *);
 char	*colon(char *);
@@ -78,6 +83,7 @@
 const char *atoi_err(const char *, int *);
 int	 parse_absolute_time(const char *, uint64_t *);
 void	 format_absolute_time(uint64_t, char *, size_t);
+int	 path_absolute(const char *);
 
 void	 sock_set_v6only(int);
 
@@ -134,7 +140,9 @@
 
 struct bwlimit {
 	size_t buflen;
-	u_int64_t rate, thresh, lamt;
+	u_int64_t rate;		/* desired rate in kbit/s */
+	u_int64_t thresh;	/* threshold after which we'll check timers */
+	u_int64_t lamt;		/* amount written in last timer interval */
 	struct timeval bwstart, bwend;
 };
 
@@ -157,6 +165,11 @@
 	     char *, size_t);
 int	 safe_path_fd(int, const char *, struct passwd *,
 	     char *err, size_t errlen);
+
+/* authorized_key-style options parsing helpers */
+int	opt_flag(const char *opt, int allow_negate, const char **optsp);
+char	*opt_dequote(const char **sp, const char **errstrp);
+int	opt_match(const char **opts, const char *term);
 
 /* readpass.c */
 
Index: misc.c
===================================================================
--- misc.c
+++ misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.133 2018/10/05 14:26:09 naddy Exp $ */
+/* $OpenBSD: misc.c,v 1.142 2019/09/03 08:32:11 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -38,6 +38,7 @@
 #ifdef HAVE_LIBGEN_H
 # include <libgen.h>
 #endif
+#include <poll.h>
 #include <signal.h>
 #include <stdarg.h>
 #include <stdio.h>
@@ -95,7 +96,7 @@
 	int val;
 
 	val = fcntl(fd, F_GETFL);
-	if (val < 0) {
+	if (val == -1) {
 		error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
 		return (-1);
 	}
@@ -119,7 +120,7 @@
 	int val;
 
 	val = fcntl(fd, F_GETFL);
-	if (val < 0) {
+	if (val == -1) {
 		error("fcntl(%d, F_GETFL): %s", fd, strerror(errno));
 		return (-1);
 	}
@@ -234,6 +235,80 @@
 #endif
 }
 
+/*
+ * Wait up to *timeoutp milliseconds for fd to be readable. Updates
+ * *timeoutp with time remaining.
+ * Returns 0 if fd ready or -1 on timeout or error (see errno).
+ */
+int
+waitrfd(int fd, int *timeoutp)
+{
+	struct pollfd pfd;
+	struct timeval t_start;
+	int oerrno, r;
+
+	monotime_tv(&t_start);
+	pfd.fd = fd;
+	pfd.events = POLLIN;
+	for (; *timeoutp >= 0;) {
+		r = poll(&pfd, 1, *timeoutp);
+		oerrno = errno;
+		ms_subtract_diff(&t_start, timeoutp);
+		errno = oerrno;
+		if (r > 0)
+			return 0;
+		else if (r == -1 && errno != EAGAIN)
+			return -1;
+		else if (r == 0)
+			break;
+	}
+	/* timeout */
+	errno = ETIMEDOUT;
+	return -1;
+}
+
+/*
+ * Attempt a non-blocking connect(2) to the specified address, waiting up to
+ * *timeoutp milliseconds for the connection to complete. If the timeout is
+ * <=0, then wait indefinitely.
+ *
+ * Returns 0 on success or -1 on failure.
+ */
+int
+timeout_connect(int sockfd, const struct sockaddr *serv_addr,
+    socklen_t addrlen, int *timeoutp)
+{
+	int optval = 0;
+	socklen_t optlen = sizeof(optval);
+
+	/* No timeout: just do a blocking connect() */
+	if (timeoutp == NULL || *timeoutp <= 0)
+		return connect(sockfd, serv_addr, addrlen);
+
+	set_nonblock(sockfd);
+	if (connect(sockfd, serv_addr, addrlen) == 0) {
+		/* Succeeded already? */
+		unset_nonblock(sockfd);
+		return 0;
+	} else if (errno != EINPROGRESS)
+		return -1;
+
+	if (waitrfd(sockfd, timeoutp) == -1)
+		return -1;
+
+	/* Completed or failed */
+	if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1) {
+		debug("getsockopt: %s", strerror(errno));
+		return -1;
+	}
+	if (optval != 0) {
+		errno = optval;
+		return -1;
+	}
+	unset_nonblock(sockfd);
+	return 0;
+}
+
 /* Characters considered whitespace in strsep calls. */
 #define WHITESPACE " \t\r\n"
 #define QUOTE	"\""
@@ -475,7 +550,7 @@
 
 	if (port == 0 || port == SSH_DEFAULT_PORT)
 		return(xstrdup(host));
-	if (asprintf(&hoststr, "[%s]:%d", host, (int)port) < 0)
+	if (asprintf(&hoststr, "[%s]:%d", host, (int)port) == -1)
 		fatal("put_host_port: asprintf: %s", strerror(errno));
 	debug3("put_host_port: %s", hoststr);
 	return hoststr;
@@ -489,7 +564,7 @@
  * The delimiter char, if present, is stored in delim.
  * If this is the last field, *cp is set to NULL.
  */
-static char *
+char *
 hpdelim2(char **cp, char *delim)
 {
 	char *s, *old;
@@ -974,14 +1049,19 @@
 percent_expand(const char *string, ...)
 {
 #define EXPAND_MAX_KEYS	16
-	u_int num_keys, i, j;
+	u_int num_keys, i;
 	struct {
 		const char *key;
 		const char *repl;
 	} keys[EXPAND_MAX_KEYS];
-	char buf[4096];
+	struct sshbuf *buf;
 	va_list ap;
+	int r;
+	char *ret;
 
+	if ((buf = sshbuf_new()) == NULL)
+		fatal("%s: sshbuf_new failed", __func__);
+
 	/* Gather keys */
 	va_start(ap, string);
 	for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
@@ -997,14 +1077,13 @@
 	va_end(ap);
 
 	/* Expand string */
-	*buf = '\0';
 	for (i = 0; *string != '\0'; string++) {
 		if (*string != '%') {
  append:
-			buf[i++] = *string;
-			if (i >= sizeof(buf))
-				fatal("%s: string too long", __func__);
-			buf[i] = '\0';
+			if ((r = sshbuf_put_u8(buf, *string)) != 0) {
+				fatal("%s: sshbuf_put_u8: %s",
+				    __func__, ssh_err(r));
+			}
 			continue;
 		}
 		string++;
@@ -1013,18 +1092,23 @@
 			goto append;
 		if (*string == '\0')
 			fatal("%s: invalid format", __func__);
-		for (j = 0; j < num_keys; j++) {
-			if (strchr(keys[j].key, *string) != NULL) {
-				i = strlcat(buf, keys[j].repl, sizeof(buf));
-				if (i >= sizeof(buf))
-					fatal("%s: string too long", __func__);
+		for (i = 0; i < num_keys; i++) {
+			if (strchr(keys[i].key, *string) != NULL) {
+				if ((r = sshbuf_put(buf, keys[i].repl,
+				    strlen(keys[i].repl))) != 0) {
+					fatal("%s: sshbuf_put: %s",
+					    __func__, ssh_err(r));
+				}
 				break;
 			}
 		}
-		if (j >= num_keys)
+		if (i >= num_keys)
 			fatal("%s: unknown key %%%c", __func__, *string);
 	}
-	return (xstrdup(buf));
+	if ((ret = sshbuf_dup_string(buf)) == NULL)
+		fatal("%s: sshbuf_dup_string failed", __func__);
+	sshbuf_free(buf);
+	return ret;
 #undef EXPAND_MAX_KEYS
 }
 
@@ -1061,7 +1145,7 @@
 		return -1;
 	}
 
-	if (fd < 0) {
+	if (fd == -1) {
 		debug("%s: %s open: %s", __func__, name, strerror(errno));
 		return -1;
 	}
@@ -1335,11 +1419,11 @@
 {
 	bw->buflen = buflen;
 	bw->rate = kbps;
-	bw->thresh = bw->rate;
+	bw->thresh = buflen;
 	bw->lamt = 0;
 	timerclear(&bw->bwstart);
 	timerclear(&bw->bwend);
-}	
+}
 
 /* Callback from read/write loop to insert bandwidth-limiting delays */
 void
@@ -1348,12 +1432,11 @@
 	u_int64_t waitlen;
 	struct timespec ts, rm;
 
+	bw->lamt += read_len;
 	if (!timerisset(&bw->bwstart)) {
 		monotime_tv(&bw->bwstart);
 		return;
 	}
-
-	bw->lamt += read_len;
 	if (bw->lamt < bw->thresh)
 		return;
 
@@ -1501,7 +1584,7 @@
 	}
 
 	sock = socket(PF_UNIX, SOCK_STREAM, 0);
-	if (sock < 0) {
+	if (sock == -1) {
 		saved_errno = errno;
 		error("%s: socket: %.100s", __func__, strerror(errno));
 		errno = saved_errno;
@@ -1511,7 +1594,7 @@
 		if (unlink(path) != 0 && errno != ENOENT)
 			error("unlink(%s): %.100s", path, strerror(errno));
 	}
-	if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) < 0) {
+	if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
 		saved_errno = errno;
 		error("%s: cannot bind to path %s: %s",
 		    __func__, path, strerror(errno));
@@ -1519,7 +1602,7 @@
 		errno = saved_errno;
 		return -1;
 	}
-	if (listen(sock, backlog) < 0) {
+	if (listen(sock, backlog) == -1) {
 		saved_errno = errno;
 		error("%s: cannot listen on path %s: %s",
 		    __func__, path, strerror(errno));
@@ -1801,7 +1884,7 @@
 		}
 		strlcpy(buf, cp, sizeof(buf));
 
-		if (stat(buf, &st) < 0 ||
+		if (stat(buf, &st) == -1 ||
 		    (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
 		    (st.st_mode & 022) != 0) {
 			snprintf(err, errlen,
@@ -1836,7 +1919,7 @@
 	struct stat st;
 
 	/* check the open file to avoid races */
-	if (fstat(fd, &st) < 0) {
+	if (fstat(fd, &st) == -1) {
 		snprintf(err, errlen, "cannot stat file %s: %s",
 		    file, strerror(errno));
 		return -1;
@@ -2037,3 +2120,92 @@
 	localtime_r(&tt, &tm);
 	strftime(buf, len, "%Y-%m-%dT%H:%M:%S", &tm);
 }
+
+/* check if path is absolute */
+int
+path_absolute(const char *path)
+{
+	return (*path == '/') ? 1 : 0;
+}
+
+void
+skip_space(char **cpp)
+{
+	char *cp;
+
+	for (cp = *cpp; *cp == ' ' || *cp == '\t'; cp++)
+		;
+	*cpp = cp;
+}
+
+/* authorized_key-style options parsing helpers */
+
+/*
+ * Match flag 'opt' in *optsp, and if allow_negate is set then also match
+ * 'no-opt'. Returns -1 if option not matched, 1 if option matches or 0
+ * if negated option matches.
+ * If the option or negated option matches, then *optsp is updated to
+ * point to the first character after the option.
+ */
+int
+opt_flag(const char *opt, int allow_negate, const char **optsp)
+{
+	size_t opt_len = strlen(opt);
+	const char *opts = *optsp;
+	int negate = 0;
+
+	if (allow_negate && strncasecmp(opts, "no-", 3) == 0) {
+		opts += 3;
+		negate = 1;
+	}
+	if (strncasecmp(opts, opt, opt_len) == 0) {
+		*optsp = opts + opt_len;
+		return negate ? 0 : 1;
+	}
+	return -1;
+}
+
+char *
+opt_dequote(const char **sp, const char **errstrp)
+{
+	const char *s = *sp;
+	char *ret;
+	size_t i;
+
+	*errstrp = NULL;
+	if (*s != '"') {
+		*errstrp = "missing start quote";
+		return NULL;
+	}
+	s++;
+	if ((ret = malloc(strlen((s)) + 1)) == NULL) {
+		*errstrp = "memory allocation failed";
+		return NULL;
+	}
+	for (i = 0; *s != '\0' && *s != '"';) {
+		if (s[0] == '\\' && s[1] == '"')
+			s++;
+		ret[i++] = *s++;
+	}
+	if (*s == '\0') {
+		*errstrp = "missing end quote";
+		free(ret);
+		return NULL;
+	}
+	ret[i] = '\0';
+	s++;
+	*sp = s;
+	return ret;
+}
+
+int
+opt_match(const char **opts, const char *term)
+{
+	if (strncasecmp((*opts), term, strlen(term)) == 0 &&
+	    (*opts)[strlen(term)] == '=') {
+		*opts += strlen(term) + 1;
+		return 1;
+	}
+	return 0;
+}
+
Index: moduli
===================================================================
--- moduli
+++ moduli
@@ -1,428 +1,452 @@
-#    $OpenBSD: moduli,v 1.22 2018/09/20 08:07:03 dtucker Exp $
+#    $OpenBSD: moduli,v 1.24 2019/04/26 08:37:16 dtucker Exp $
 # Time Type Tests Tries Size Generator Modulus
-20180403031539 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A591E4B57
-20180403031604 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5923D0DB
-20180403031626 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A592B11B7
-20180403031845 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A59715A73
-20180403032143 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A59CDE963
-20180403032347 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5A11B463
-20180403032438 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5A2BBC5F
-20180403032617 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5A6308C3
-20180403032923 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5ADA5523
-20180403033405 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5B9A6B37
-20180403033427 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5B9F8E27
-20180403033655 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5C00897F
-20180403033742 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5C172DBB
-20180403033837 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5C33AEAB
-20180403033952 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5C5F6067
-20180403034409 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5CEE2AD7
-20180403034453 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5CFFE4F3
-20180403034601 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5D1A691B
-20180403035311 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5E04B193
-20180403035645 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5E75D66F
-20180403035724 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5E864847
-20180403035828 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5EA44DCF
-20180403035953 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5ECCB51B
-20180403040048 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5EE55A9F
-20180403040339 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5F4D5E6F
-20180403040523 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5F8939A3
-20180403040638 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5FB85E8B
-20180403040715 2 6 100 2047 2 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A5FCC3033
-20180403041128 2 6 100 2047 5 F78A3F3A47AFE34101F186DF022B970FB51586E65B1D1875E41D02EDDD4BDF6D6D8BA1CC296EA6A8BD7036297A0C01C636A55493E3ADEC2F1DAB9D8D7E0CCD39D7FFC9D4011C3F57A944AA1EEB1AC1784E28ACF7B6FB3AC49185F4E638B567DA6B4903CB8C6D815ED1253D512670FAF71E6BF1ED6669863B552B3BB2173A7F16262454142B7B928F91E60EED00BDFA465F2C46665BD30C1426F9B8D9611D086D6BAB672CB472E8F8E6990F623C2E7458991D982E199BB168C93F96F71974181F898D6C56C02D9DABA852E7E51CA0DC723255B49CAA122D2A6CC64F1389128A0E3298B0E155EC8A4D9BF1D1671B808DDD835015381C1F16C35A84D20A60755C57
-20180403041637 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336541B76F
-20180403041935 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3365BF1D13
-20180403042035 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3365E41E47
-20180403042109 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3365F700BB
-20180403042214 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336624FF2B
-20180403042419 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336687845B
-20180403042507 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3366A8266B
-20180403042626 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3366E23603
-20180403042722 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367059073
-20180403042819 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367289EC3
-20180403042928 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367519D23
-20180403042946 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336758BFC3
-20180403043032 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336774A8EB
-20180403043218 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367BAAE3F
-20180403043245 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3367C6B5CB
-20180403043522 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3368340BB3
-20180403043954 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B33690CEBC3
-20180403044107 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B33693DA563
-20180403044245 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B33697A63FB
-20180403044527 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B3369F3CAFF
-20180403044559 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A09E6EB
-20180403044611 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A0C4F53
-20180403044719 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A4348BF
-20180403044820 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A6E3193
-20180403044844 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336A7A9C7F
-20180403045235 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336B2E2173
-20180403045518 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336BAD847B
-20180403045629 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336BE29A4B
-20180403045953 2 6 100 2047 2 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336C865153
-20180403050042 2 6 100 2047 5 EA0303D03FF69BCABDC25DDEA6AC9CFEE8C36EF48C7F2882B65D568B0D14A7DACCF4A6E8E905727C0B982FA4D7C4E59DDAF4704D0EC767D79B13A32467C8D39F615B5268E4338DD70C6072C702CDF6F39153C472E668ABF0B85B8D08454027AA52E3227C5BA017B2558F7A611F09C7BE5E28A472FAB51C71FF7E8C758CD5205C562F3674D941EF2DEC7F3B3F49C4CE3A9DD7B4275BD537BF04A4A8E98FAA42AD0A2280CFC0D4692339EEC803B69FDC33057837FBD233DB6B78920F7049B5F9CA9CFDD98351B9E7947265439F48429306D6CAB08774F2B7427A61DA757375D26C08B99BCAFB8085E41DBA0E49D142EEC164CC3153AB3119FB76033B336CA6948F
-20180403055314 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57012EEDBB
-20180403055637 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57015FFFAB
-20180403060753 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57021C5763
-20180403061035 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570243FBBB
-20180403061925 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5702CE55A3
-20180403062241 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5702FA4263
-20180403062828 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5703495AD7
-20180403063232 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570383322F
-20180403063441 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57039D0EE7
-20180403065803 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5704F5DFCB
-20180403070250 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570535A157
-20180403071043 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5705AD5B2B
-20180403072237 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57066B3AFF
-20180403072347 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5706763D5B
-20180403072612 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570696B733
-20180403073322 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5707062E2B
-20180403073825 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5707547607
-20180403073948 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570762843F
-20180403074104 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57076EC3DB
-20180403074403 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570799DD63
-20180403074828 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5707D93973
-20180403075240 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570814F21B
-20180403075918 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570878D0DB
-20180403080045 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5708890F47
-20180403080212 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570898D8B3
-20180403080523 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5708C1E14B
-20180403080854 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5708EEE0AF
-20180403081003 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5708F7F537
-20180403081710 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570961D7DB
-20180403082007 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570988E91B
-20180403082804 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570A02958B
-20180403084609 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570B1FC24F
-20180403084705 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570B262033
-20180403084905 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570B3DD5AB
-20180403085348 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570B82B95B
-20180403090858 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570C6C2E5F
-20180403091014 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570C766563
-20180403092356 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570D49B077
-20180403092842 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570D8D7FEB
-20180403093424 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570DE274D7
-20180403093850 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570E28C2BB
-20180403094634 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570EA36EDF
-20180403094738 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570EACDABB
-20180403095906 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B570F67B813
-20180403101909 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5710AFC157
-20180403102057 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5710C6E1FB
-20180403102257 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5710DF2FD7
-20180403102711 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57111EFB2F
-20180403104106 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5711F3B14F
-20180403104411 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B5712188817
-20180403104503 2 6 100 3071 5 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57121EA02F
-20180403104712 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57123CDA13
-20180403104901 2 6 100 3071 2 FF8DCF143A9E3CC447F8D3D03206E386572BFAC54F4BDE233C8B1223CC9CBA99689328E35F8F83F0922A9F0AB33E7C7892E940377CE0064700ECDCC8532F0FEF888913E1894054707878511DD84455BEACCA35E8418D6CAD03111BC1842581D40E280A13055030CB35339E2A0E422DB9EC47916AD6302BE248AD5EBCCE7CF087CB2285A6B8D227DC7130ADB14163BE4D1AA779DBCD36710AA080F219B535B1887392DE9EF44116C933F5CA2234A7A82A8A48F1691A39434D70E3C3995AEE7CEAFF86DAA2326CF367B7E3C7939E4B78A00EE58E52F7BB36C8A89525CA4D44173E30AA6B40FD0B60C29F6CBC763241AC5DA16E2A9FB9B78F360EED32704B686AD6D40DAE8127C9351A2B21C140292E77592A7159000FB2AA9561DA10B2AC3167CC8E41C10CDF86E9041A3A114F42EF4AA5134C716893E81C3A7488ED5131073FC76B20358549BF1B0858B571550663DA9CF73B7B28BF9CA1FAF8EC96966D493C174B03DBCF9B5470DD9A79FB3E14A0B73B6E6C09D531886ACF60E51B57125332B3
-20180403105756 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE03762997
-20180403111214 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0468815B
-20180403111819 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE04C53C43
-20180403111907 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE04CAC50F
-20180403112635 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0540031F
-20180403113403 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE05B956F7
-20180403113943 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0619B7F3
-20180403114045 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE06220B07
-20180403114120 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0622E517
-20180403115211 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE06D363E7
-20180403115424 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE06F22507
-20180403115558 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE070516F3
-20180403115753 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE071E3297
-20180403115927 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0731011F
-20180403121723 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE085D2303
-20180403122312 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE08B88A7F
-20180403123158 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE09563C53
-20180403123328 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0969A18F
-20180403123534 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE09876D27
-20180403124247 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE09F3F4CF
-20180403124446 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0A10443F
-20180403125400 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0AA6560F
-20180403131328 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0BF05873
-20180403131708 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0C28FCF3
-20180403132618 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0CC05D43
-20180403140905 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE0FBCA05B
-20180403141813 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE1054C7EF
-20180403143434 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE1176152B
-20180403143933 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE11C90E93
-20180403144751 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE125A12D3
-20180403145406 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE12C4F6CF
-20180403145448 2 6 100 3071 5 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE12CA246F
-20180403145549 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE12D582AB
-20180403150132 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE13386F43
-20180403150512 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE1373A2CB
-20180403150605 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE137CA7DB
-20180403151404 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE140AEF53
-20180403152834 2 6 100 3071 2 D9FA0132FCCAAE8116BD22861CD21A859841BA7D566829E10ACC15A7EFEEB381774F839F7228AE3C627F5765944DCDB6866618E187903EBDB558C9186BD84D2521630A379E161FDCEC19BA02A8E4B5A3C4A66D02CA0FEB7BEB75BA3BE87F26BB99122217A4FFEB1F730B430AA0A70BA4A91EFB248DF689E95957E93B9E5D2AC13FBD3896759F77C6CBB6664BA6FEB31C4FD7BF081D4F2D800AB8D979D89A5EFB34675A904F4B332ADD7340116E7D5D4F72F7E3940A30036ACA889C27D8E2E11C0668A2E8A43DFF411FA03F0AFB420262947A60528805A7E0F4B2CC6AC0EF62CBCB807BC131A8D51E7784A13C77DB461A9FDF01C0E97EA8B7C5A13BB4A86784C2FFA34FC1EF094ACB858A919951AA55508E468CBB889EA63B606D45455AAB75883A75A813E9EC6A3A49CADB05A62C2F5CA32013A4FC73E8B5DE1C14A39539A4716B157C08C74CD99EA23AE018A89C838B6C0EAEECDFCF78A447594033ED3D63F4623BFC05C0F6701A36420D60D9C99339F9486395CBE534D66CE66AAE14BB5263
-20180403164629 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F2ACFC43
-20180403173943 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F45D568B
-20180403183028 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F603359B
-20180403183423 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F61BDC27
-20180403194550 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F877D863
-20180403202122 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445F9A0304B
-20180403210313 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FAFCEC73
-20180403213851 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FC2F80FF
-20180403215353 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FCA8B737
-20180403222440 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FDAD53EF
-20180403224035 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FE2EF2E3
-20180403224214 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D445FE343553
-20180403234157 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446002B2C0F
-20180404012449 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446038F5C77
-20180404012740 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446039F760B
-20180404013701 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D44603E742CF
-20180404024209 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460610756B
-20180404034850 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446083DCDA7
-20180404035100 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446084796E3
-20180404035224 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446084ACD8B
-20180404040621 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D44608BABFE3
-20180404043706 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D44609B60613
-20180404044213 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D44609DB5067
-20180404050247 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460A8585C3
-20180404053546 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460B94238B
-20180404054127 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460BBC6C0B
-20180404060250 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460C67CBB7
-20180404061330 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4460CA93683
-20180404084828 2 6 100 4095 2 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D446115943A3
-20180404085435 2 6 100 4095 5 D6A36D53FE335EAC6C6F21F2963EEF44BF055FBE1D529CAC77341CADF25097607135D53FBDF5ED5B3BB2CE243834E344600627AB46C3F3952C0E59AAD95A13E0B299073FA6C02260432090C66B7DFA4C06633B8D31E7376024958AEF0B57A6A1519DC39CCFD65E33B19DA7C52C0C6DA0E5990A5DCDE9CB16C36408E6CC825FA464EC6CF3848202E6197281C8176600BEAABAB5E2C0598A97C9A5AC7606A0583DFFBD20FA424D1B62E0E5FAF7DA56C1CEB3C309C999C5B574322B8E511BA14342DAA24EA688E16B05CFC6B89696FF17BF21EC5AF75FB3A6258E6EA4CEE93B06299FC2D32441238B8EBF78124347A0E56522079641D5CB6F8858A91F9C7B1047E7CFCF6A80A0884BE39E9FB8CACE70865A022E538E80C899A43E5842C753E8332A8972249E4EAEB2C327FCD2777488CD9A1F03A242889D3F33A5C5047721605727486E3B97F3BEC6D8BF7C7B4512FB6AC8B854BD92B0ECC9F65408254BDDD8428F0F68EEF4FC61F033C56FF65C566B81994C1B92308771151DEBE7C814C608F99B784251C1CC4E5F110F5D9B9104BC8D60544FC4955204EF21F429E3D618C10F5F3A178BD71CEFD02ADF8AA5A3B79EB2038BC31467EE98AD1EA501B492EEF950B5B3E95AD0D792B585E3F6164E6B5EC52701DE13B6C7D832D339618E4C7372F8D02E48E743FB7477FDF8ED746987F72F4FFD46F1CEEA5340ABFC82D4461181EE57
-20180404093010 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B396361597
-20180404100034 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3973953BB
-20180404112136 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B399EA8DDF
-20180404112714 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39A1427A3
-20180404115040 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39AD94553
-20180404130727 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39D6ABE8B
-20180404132841 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39E19247F
-20180404140647 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B39F5CFEAB
-20180404144308 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A087B8A7
-20180404154403 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A271BD2F
-20180404155315 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A2B7E4DF
-20180404164237 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A451FC23
-20180404165126 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A494B437
-20180404172833 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A5C78E83
-20180404175448 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A6A037D3
-20180404183147 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A7D443E3
-20180404183316 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A7D883F3
-20180404190024 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3A8B7BF5F
-20180404194132 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AA11DC3B
-20180404195020 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AA5664E3
-20180404195123 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AA56EAF3
-20180404202233 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AB5A9C37
-20180404202802 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AB8229D3
-20180404203244 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3ABA0DD8B
-20180404203913 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3ABCF8F47
-20180404210704 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3ACB6CB0B
-20180404213123 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AD7FE977
-20180404223506 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3AF9772FB
-20180404225041 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B016049F
-20180404225753 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B04C3C37
-20180404230652 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B092364B
-20180404231941 2 6 100 4095 5 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B0F7D807
-20180404232637 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B127CC5B
-20180404233306 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B154E443
-20180405003707 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B373FAF3
-20180405012137 2 6 100 4095 2 C287DA1692C8760D889CABEA6A7055FADB13C9F064C87322D569B9C574001DEBA1685DA8DFFB9A11253F685A3045E2CEBA057C35DD417F717110949007702B25A37AEE60C3A1A9AA6A1667C15BBFFFF173DF27813A74959756822AB34A2BB97B2F408CC6A994ADC83F05CB8028784B859A25032D691F1DDFB1A87F47EDC289FE4452BE4E4D7B07745C1D5A901E7EF0521465DFFC1EECAB7E4F15172A90257AFFCA11B455ADD24067B20C20EDF9B5B59BDFDAE03BF0AB39A13E60515CA8ADE3273BBCA8290D3B581F92B61F1A893ABFF16255A9226638159640F7869B5C30C8FFF3C3378B14E1A5529C8DE120A9E2099388E1217BDDFCC1708F37E74BDE5D0A2DCFDC4DD27BA697C3F8238182DA7C5D02431E086067358CC9A9B4EFF7C8D7FC9F0C8C0528887A194A6D0613AEE1EEDDC7A315AC1A178E9377E488F49367573BA8EDF80FD6EDE2D256F0614AF81B8FB1B243EA7F04CA6BE0E0BE9F43525D3B6718DAA5E2FD3D20BE3F37ED402DAFD7F19C39E51A40868D3F79D45CD422A9F7454DB3FEFF205BE4C10234914FD8882B344DBFB5C2BE5B576EA94EB62C3AFCD012EE7F82F0744BE067736E9A78EF38E6F06474E025776F138AF84E4093AB36683A60D0DB5CB9F75CA7C4303059E0DDCE3A641A3278F5015FD42EAA79B72E5F0D2EFDAADE3B76B23DD4C2A39F359B3CA00F7584B729800B3E01DC3D4CD4B3B4E4FE3B
-20180405071813 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436983FC590B
-20180405072141 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436983FCDA2F
-20180405132535 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698806F173
-20180405133926 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436988262AB7
-20180405165648 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698A47BC0B
-20180405195101 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698C28BB2F
-20180405213026 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698D395FBB
-20180405220015 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698D843327
-20180405231702 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043698E544067
-20180406025336 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436990AEC063
-20180406035121 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043699149227B
-20180406063935 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436992C6FC43
-20180406115213 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436995ACE13F
-20180406155248 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436997C8EA27
-20180406170431 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D595320436998593AD3
-20180406184640 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043699940ADB7
-20180407000748 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043699C562CCB
-20180407041558 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D59532043699EECE453
-20180407070330 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A0B1D577
-20180407100408 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A29D405B
-20180407103952 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A2F83A33
-20180407123940 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A43ACBEB
-20180407154812 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A62F48B7
-20180407170835 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A704C5AF
-20180407175007 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A76C88B7
-20180407184438 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A7F65E03
-20180407195743 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369A8B41617
-20180408071229 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369AFC7905B
-20180408075553 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369B03562E7
-20180408124736 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369B3416E27
-20180408125929 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369B35942B3
-20180409023705 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369BBCCDCBB
-20180409072217 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369BEB6303F
-20180409124237 2 6 100 6143 2 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369C1F95DB3
-20180409150941 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369C3A97BA7
-20180409162805 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369C56C92A7
-20180409185627 2 6 100 6143 5 E0CFB3582CE2D136E662908DCAA4CD666F574807FFFFF04BFB357D087BD132C8B569A579EC7FEDA39DA9FDBC7A8B289953FC1793F1B5D0F13A317C5F25554892D8A4F4EE9E85B9737D1412316C8169810745D8AC420ED45AA5419137F86E811AA101CD8746EDC5AF653499CA5585851205807E7EC4A3241FDD4C302AAC131FE24B2AC3700D3D21A82EB999FD0005E810811CEB2B1279D95E028269503DBF65FB23CBFC595B12BC67EC4A77D00324909088B6FDF511ABA41732957D32CC436FB0BE95E04F46DF57EC93E4FBD8FF12E18288384CBFABB1BD58F4A047CBF1AB831B43C550515DA98CA33697ECEE8AFAC110E7DD284D531324AC21013C86CFBC9DC286B6669534D8E2D40319E9BA9DC5ACE1825354E1869614CBCB708586A9455D20FC3B724C6FBF941EAAB3FFA61647906B890D9C8F2831A59B7A9A4EB6305DAEDE94A0525C8150EA3B27FC405430B82885E8EAA64A46E2E24DA089A0008C09C5B8117F5E5F397DCAC43906067AE2C6A1B7C1D1B2D233EFF6CBC472F328053EB666EC826604ADA4E27CA01FF98B7A5ADCF8FD3A6E2F6AEC4F36CE8D1D847E611CFDDA7B53AE4F0BA6481A2265D134B5B78F8416164B262CF58FA8806090613D09FA2E8CC417AF2A3208F5BB210CA87927C4FB980C9B97A743CC1B3A7BB9E22DD78EDFB52669C4DB24F796C5D99038E140CE81A9DFECE675F200DC0DEC203FB94380EAA8D13F30530A410BCBD393137FBF89AB80D872D6A4A46B303F01E79FA05DEF4F0F2A2ABD0788459E4C678F3952072570971EA5A686E5964D1C3A61E2311F57E7AB8519809243EB88A87A21B6589A16862EE1B9B4DD452950DDBB5D5482099FC667B5F9A43E3F803D9D0030D0D6E0F86DBFD2B0C2A67B9BFB1F318C6DF0745F75F9F59C7CC62F4763FBBFE3517BF28D9B68372674CBB759E150F6F06FB3053343D54DB7959B79C3764FE57AC25EF6728F1A6A2C6D98E56841DC461BBF12BD23E8C058D500435777431ADC23CA373B0F4A43B5E18787925E79113199A368F30692429BF3041D9BC82BFF88147C3DE432169578E304C72D5953204369C8DC8A0F
-20180409201511 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E047122A7
-20180409212042 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E06189297
-20180410021123 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E0D35B28F
-20180410022638 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E0D8CA623
-20180410024637 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E0E02E03F
-20180410063306 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E1393582B
-20180410063848 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E13B0682B
-20180410071153 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E147AB73B
-20180410082253 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E16363257
-20180410101335 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E18F03B13
-20180410105609 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E19F1DE37
-20180410152104 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E205A4ACB
-20180410153733 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E20B2606F
-20180410175655 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E240655BF
-20180410204830 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E281EDA87
-20180410231426 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E2B95718B
-20180410233438 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E2C0621C7
-20180410234833 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E2C5297E3
-20180411035657 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E32375BE3
-20180411053901 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3499E12F
-20180411073150 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3738967B
-20180411073910 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E375B7807
-20180411075734 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E37C0C66B
-20180411081855 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E383A5BCB
-20180411093848 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3A0D60EB
-20180411094657 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3A351317
-20180411110541 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3C08A7A7
-20180411120731 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3D6EB9BB
-20180411130125 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E3EAD50F3
-20180411151653 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E41CC6D9F
-20180411152943 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E4210423B
-20180411184911 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E46A13843
-20180411191726 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E473E26CF
-20180411205712 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E498A1853
-20180411212652 2 6 100 6143 5 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E4A2D607F
-20180411215657 2 6 100 6143 2 E01FFD7EC91328929E4FD6183C9C9EDF4EF8CFC608D943A1011CEE0B49D7322663D64028F7205A4F008A0C8F393F91FF42D1C7ACB6B4041D0DC79BB0DA6D394532A0E33BC96FEA6EC2E67987F13D2F218B9E8A46D20125D822B6AA1C9615087E5C667CCA74414305E3382E20792B058F61D9DBFD93EF80A2E30E17FDB883F79989B540A6E467D9CEF07C849B659890706CAC7FF6F95669DAD0D9170D485C298AA940C6B7B3092E265FB512C70F36E3D6515B7B799E20FFE9DA35F932C3F2C238F5D8BCB92193216563D6163EB9FAAFEDD0E8A1A3F8CE292E8A1BEF630C5E75D845444B414017844E9560C8309CD54BF9EEAB2CAAE888226AB8031F1569A728256BB6FCC14DF314314F9F2DF75E781E8A4A5411ACCB4D9E3103131F52E0D14386A6E107AA7A522E42F1A41C8A8E46CE69E824492B87BC8B34A457EC25A7508B3E1A33BCC9E99EA754163AEC31161A83A80780DF46D36E757CF90C0F002DF73AB406F7DF81FDA75AD7F3F052EEA91955FA737616D8D4BB87A60FF471400D50688146BC3C10FF60A35D8BB9EF6BEF26497361118125FBEE607726AA408674A45931C87666146BE520503A5241D49B964406A864749C50F9B2718B8E0F62614DB27F35F53D57F70CB4ECE081BD377CDBA5C4AD75BEA63CB8E2653E52D11C0CAC67916B0C24232FC9D90091C7CDD317D4F60D8271D81E70B79031BE25CD5D6CC1E7A04FAF98C25B143B9D7B08D94160B1737AB49F55A01AF3A9BB7C8C261E8F2F84A1995C752276F5F03E54EE22A973F63C73083377DD6851634AA5568AA1173E5BE96606D946AAC82951E326750E18C2AD12C311EF784AD9014BEE322032B45244BD6EEDA224CCDA93983C8FB326F8C8B02F5574B0BC0CD7BFD1C524CD66ACD8A7AC1619E57136F2FEB5F49E9791D4E0F0C9AB8B9E7A98E49E5603D4E02771EFC9993ED15974CD0EEA50510C410FD884CB5D83D0FCD0AF7218D49523F95C4C396CBC0359DABD75EC138910788E1766649130AD089F565ED926B4F26FEBAF9CA4F768E6CA6E6BB7E43769B7D46E2F0D6A63254B41715567635FC1D38DCD7E4AD99963
-20180412095549 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D1E908A07
-20180412222127 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D28C808CB
-20180413014812 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D2B32FFD3
-20180413033600 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D2C8AD64F
-20180413142737 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D34F03213
-20180413150907 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D35714FEF
-20180413164654 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D36BB8D1B
-20180413202724 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D39A4E13B
-20180413203949 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D39C6A4FB
-20180413211909 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D3A44F883
-20180414010718 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D3D3D3257
-20180414125221 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D467C1523
-20180414181319 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D4AA2837B
-20180414202910 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D4C60657F
-20180414210359 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D4CCB3D87
-20180415054313 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D53659F57
-20180415133017 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D596ABEFF
-20180415160204 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D5B5415B7
-20180415222232 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6018A3AB
-20180415224834 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6064EF13
-20180416005338 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D61F17307
-20180416021119 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D62E1D04F
-20180416083930 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D67B78127
-20180416182014 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6EDFEF6B
-20180416190916 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6F71FA97
-20180416195012 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D6FE60F77
-20180417005002 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D737F03EF
-20180417031611 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D75497E7B
-20180417042601 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D761E7D7F
-20180417230051 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D83ABCCEF
-20180417231044 2 6 100 7679 5 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D83C22B2F
-20180418011858 2 6 100 7679 2 FBED7F3DD7CF86B0A6EEDC1930C6958C3C00695DAF4347560C5AC1AA4B22F4DC76F190D63E230EB0CB4344A370A471F17FFCA8DA3B5B0A903F9D1258370125F6C172F3EC5F56D7B8EBD07B2072C45D6141DA3CDC01C3D95DE279C5FAA1E042651028141085EB68AFAC473600F75F4A373DC234D5405DCE7AB5B5854960ABC550FCEFEE8FD578810201DE6B4A5EF616F0CBF5707466D7ECBFD488EB68AD4B2EAC889BA2B7FEFE19CD8AA2C78F61D5DA08B4BC2738E1997F951A525EEF9F668148996D1ABFD1620F9276D741A46BECC0B7868A54745E0B16589A4AA7B938AF92FCA0FC9BBC193504D7EBFEFFEC996746DC6CAD3C192D724FB51E6228915789FF18314B3EB690359ADED802F35F48EC0D9C85AA1A20A2E5CF6EB795F2CCD03284547688B1B80A07EFC31668D30836C59C958BBBF6C1EE3940CC43A9334289C872302BB70368FDAC1653AF132F3E398E9310159C839E72555FD889E4E3B05E714E44E116804BF3748F62EF46E6A05DEC58A55185E43E2310EC945004AD61945BD2AD923B7B3C69A01C0393C15B6000BF542A55274ACA20B8A6EB96FAF83E27023FE0EA9EE564959A91BE17110176FB10D1A094947A23EFDE15DD093EF477EF798BCA8F5E14F85411242BC9C9492081444490C072BE8511B3C961AAAC80477897B54BDABE78C533F2E149FA64B51936E31F126625566CAFBB57E9F36CE0DF72A45E61AB27B6D25DEA3BA35910E16BB00AD300CEE2535CE75F9411DD43943250B03EBBA60C5C788974F2F695967103045F3A90A587AEFD0613F9C8E10A273DD827A314C75C7DBCE4326191DBCB92020CDB75129BCA032B6FD59D368C3E2404B2832398E40F43ACE284A91DED8812AA23E5B5A1D36AE204C53F1C6EF0E89AD31D1552E70538451847D7332D8FCACB62A1E56C1E5643E4F7AF63C67E082AC95DCB190795FA53522FA046F1919C81A088D7A8A452124E562BE2A702139670E94524D3110B9DFF35AE73F43280600B8304FA2E776089AF2ED929695967998E29A343FF62C4CAD7618222C01735734342FD33284BE9BDA4976DA1BC3B384E6F813FCBDFA3DC57B841515836CB2B37116EB6D417BBE6AEA7604AA915530AD803DF1C13656753C1A5867F4A3AE94BA7347580EE5A6CEBD2F3EB9B7F83E7B74F38995168F08A15A4CDF5702EA9DC907FC45910586D59537582DB1D5F155BF0050866CE3087560F1F44D1F275FD2B422038F9D8643C3BEBA49938D514848AC4F68F4CF44329C7E806B911B0CB7FF0020F3277A3E2B4FF17090D012B641E24D67A962E2FE361504DB014155F074F30F52078CB31DFC51B32746A42EDBF013F9920CFB17D8545B2B3
-20180418054538 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA00823770B
-20180418071157 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA00950BDC3
-20180418085254 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA00AAFBDDB
-20180418174929 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA01225DA53
-20180418210652 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA014D6E5DF
-20180418211238 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA014E1D75B
-20180418224228 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA016133603
-20180418233547 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA016C53D1F
-20180419053435 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA01B7B0413
-20180419055744 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA01BC212DB
-20180419135850 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA022362F53
-20180419162659 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA02429C813
-20180419214419 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA0286020EF
-20180420033054 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA02CE157FF
-20180420033355 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA02CE22F0F
-20180420131137 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA03463D903
-20180420174655 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA037E8E853
-20180420224816 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA03BC5BAEB
-20180421002804 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA03CFF8483
-20180421033707 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA03F5CEF07
-20180421044121 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04029ED83
-20180421054539 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA040F07753
-20180421080206 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA042A70927
-20180421084346 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04323E033
-20180421135101 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04708373F
-20180421220150 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04D33A023
-20180421233337 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA04E52D9FF
-20180422094542 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA055FBBC03
-20180422151643 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA05A0B8E53
-20180422163933 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA05B02DF5B
-20180423004105 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA060EDD493
-20180423045850 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA06410777F
-20180423175352 2 6 100 7679 2 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA06D85A5C3
-20180424034739 2 6 100 7679 5 ECCC9B93ED119552D36A774B288F541A81536A13B8D687B23174D680CE3F21B8FA088685F5B965215AFA69736E741A3AFC2AC82CE16162A1E4F0012F28998A638AA98D0789D6C58D92F207EAAA33E467C801891B8D37651B66E0942CF6AB7FD8E0D09A6D597D582BA48563F1450C3300218874730D26EE8B6505059C95C1C764D5FD736BF0A64FAD10F0C7D52A8A57C3FBD653887AAA890DA7AFEDA55DAF702EFF06CC722D147DAA2C8B78F0707F51D2B326BEF8972F5A289829E998B94D98E0ED663143797B569F3A6B56897B5726A38B042806FDFDAA367A4F63C4BA31114300B6290828321C30B25DF97F273041E30A404836E84BB32E0620DC558047FC011A1205126F84D9F8EA5E607FC297E5C9FA00D803026D8126C08EF68B49F6A6C55DCB06EED0B666880CD49FCBFF598055D5E40303669CBC55D85F583DA5EF4F320D6E6A50ECBBFAF8C1F7209655EEAA58BFC18EB9FA20B29EC63FBC810C3A2EDCF8E27FD98975C87D59D9C909895AA10CEA5F7594ADD3ED1EBDFE01BE0559423475592A0E2936E4671504337221F897AE3016BC4670C6B765F5FF1185933B26B1183BCB1E5591970F40A1402EB19EF2644E941F67ABB31935259308B4A5271541F41653EB5E77CCA82214C9C6F4E42E8A3C46CC9BE15BC868BC45B28027E515A16554B9D4F6AB57CFFE42CFE0B42BF83E53F27B39AD95E000C329F716E51D15D6CD211E87AAA83A0F1175F5E1E8963A57DA656FBC19FB42661F14328B05CA7F1A83F49044A5086E6AF56225B8783450E43CB1B6F19061441AF58053BBFAACBC3A80FF5F19A8BD873F487A8FFE3DECD35E77EB2C26387EF66A3EED98C773211914115AFD0776FDAC90CB65479DFE59C0D199F195BBE9E4B2F70A9B1A41429002C2998FAB0F2D6956731819D9F5175B92FECE43178BC69ABEC6E2C18EA88289C5B14C58227640D02F614A9A881633816B9DCAC79E4721EF6E42691902AD1CF565600BAA8019310CAA0AC1087A86846C2E9B96B82C3F0CE52EE73760111061EF090DCBF47882710302A65FBDCF380F84703FE3D4FF7ADD0CB7ED65C889DD6EEC24D01F92771DF3F3D8DFB4BDE234D4A35AB20B22BF5D749398C9B6AE5C7B62DC11ACD887A49586238F5B6D37B47EA6953C3E339A9B40EF3EB01DD70F69253BA9A262777C75DF175195D172BD8233FC7B6F207154EF6E2F47533E359D24EB312A292C756C34A2D55A16452829DAD7A9731E2026E56486F6A3C07380DCA1AFFF270464DA8FF34621FBA715C5853EB1D4EA1C4E23B43CD1CDE1F252B728875F187626A813B4166CC34A62A5D6867E0B605641CEE8025F0AD73DBE4443286CA074B2314F
-20180424155916 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFACFC9C07
-20180424222331 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFB180A887
-20180425154127 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFBD59073B
-20180426001519 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFC3391D93
-20180426011753 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFC3E66CFF
-20180426121313 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFCB4C31C7
-20180426192735 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFD02C1487
-20180427041246 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFD60EF383
-20180427102113 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFD9FE975B
-20180427110709 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFDA77CFC7
-20180427115833 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFDB032A8F
-20180427231209 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFE24BAFE7
-20180428032748 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFE509AE73
-20180428050334 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFE60622B3
-20180428204832 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF035C75F
-20180428220506 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF0FF9743
-20180428221212 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF108842F
-20180429040829 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF4BDEDDF
-20180429045604 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF5372357
-20180429052346 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF57C9113
-20180429053535 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6CFF591B0F3
-20180429234833 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D000DBC47B
-20180430061137 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D004DD4873
-20180430071004 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D0056DDF9F
-20180430074559 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D005C5181B
-20180430091811 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D006B26D17
-20180430191732 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D00CD17013
-20180501005739 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01047BA13
-20180501022059 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01117B47B
-20180501025617 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D0116B88A7
-20180501031400 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01190866F
-20180501201356 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01BDDAB3B
-20180501204003 2 6 100 8191 5 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D01C18942F
-20180502033416 2 6 100 8191 2 FAEE1044985A5E9005F621D69401F45F006C4AC70C849E5C17F3D28A22FE2C86DEF3780E73C15BC778C65638702E1DF6193E19C79BC8A9CEC1D64759E6E8E1B3754AAD1F82819BDB1F1E224F7D7BFF62061D89F6AE8D8EAF444A543333A4E71A4EBEE16AA9FEAE434FD965B90E6B57A198C12619CC31EF4F2BA3ACEA4C0D31EDD7BD715FE76FCD9282221F27F6CFD678ABC0458E4EDFBB72FB23333A3137C1C9AEB0AE4E5D98148527A5670311C0181861C1305901FF9704C64F88B75AD76574ABE3B5CEAAC2F675F5A56B807B2D9FFEDC975C7CFC6C697A18ED7F3D76C164FE108255F43971A3CCEE8FDC5E95F38B6ED8F8B150E17A7780E2D5CFD9A4D35BC4E2B3C3F4F286DC9DD0A8A53A22E643AD29753AAAB58E4C268A4145B1958050895F7FF5EB300FD0435824024F6DA4C38039A621D8E553493D964479DB2C1647C5123A9ED27955117CB966D41BAB3FA2F6AE1CE0E9787E3C815B1E3A3E3002B0BC54A89D66A3B532E8152BB0FD681D134374B4F2197F0B451E4C68C589E1F213D42CB62FC749D0883D9A68B39B93A1582F957AC989E5664266BB53BB8A07C84F662D5E3B4D4B277840A98B37F8A2CDF892085AF77A0AD370B2A4649F2381B7136AEB189421C6C801DC4F20273922A57C76DB4DB487DFC33DA2AC490C77E8ABA4AC719E6F0428A37ADBBE04F776199ACE29C1BC3B8A1F8E0D049628FDA016735559589D660FB23421D29745528E160F60B5D1923E685D0E04BE9DAC15C90BCAC4F4A7FD5CE52950734F2A849CAAB083DD18324EE82D1679146E60C290A97E2C94FBFEEDD88DE9EBEB346DF9E11AE14F4540A84F98B210E5366A03A82128986543C48FC3867431B2531AF99B379CE7E8D3105C574B0D4974295E98EFA2C01AC31C80CB1654BCEFA8467A55BC7B55ADB92DC1BE438006E5392ED521B5817558DE5E38172D023E3236EEAE34037E92EA61D6DA463212E012E603709D65EBE8062644A17B1A00FF5DE6E42FD4B3812DACC8C85754616A5539AB60FEF0F9170413E94D3052CBA3A7B9FCF46F318D30DD88DD988C9C16F5BB8823538A8DBC4830B00E7CE5346277E4DAD464128025955E7E5FD184C40EEC184B6143FC4720DA45C7DE3ED4849D6ABC89B1C01D6761660EA595B65E7F70457A32A4D63CCC6FC9736ABDDB9AE9FC8FB90388DAB7BD2189B38488B17DA76B96DAB6871475F59FC36BD53076293EBF9970A1081BA84E44A3A109F6B7231E64C1C54BF9AABD2320185DC054672B2F8F52172CD262F14CCA3237542F421A2413DF5E371DD4F1297E01D81E392A6C4F3BBABAA3091B2F10DB1C4A2C12B0DDDC279F7AD45992225ACA55ADA7CB6370B07B0CD5B935B8DF18BFFA2567EBF77658772D043318B6BA159DBD3AA48C7A509A1F887A05118CBE1470599C2683D9C00DAA5480A05FFDDF7612E6D02024C2DB
-20180502214537 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED639CFC883
-20180503020255 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED63CD06DCB
-20180503022319 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED63D0368DF
-20180503125648 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6446836FF
-20180503155809 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED64679B30F
-20180503191156 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED648AEA87F
-20180504050354 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED64F75441F
-20180504071143 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED650DC49F3
-20180504084722 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED651F00D33
-20180504103430 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65316D0B7
-20180504105453 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65348CDBB
-20180504234946 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65BF5CBBF
-20180505042813 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65F0A04E7
-20180505043446 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED65F133337
-20180505082348 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6618FACC3
-20180505142452 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED665916E9B
-20180505191845 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED668B9BE0B
-20180506011717 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED66CA10377
-20180506064643 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED67028E243
-20180506091931 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED671CB9597
-20180506094237 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED67201565B
-20180506200807 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED678BDEA8B
-20180507012051 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED67C15F093
-20180507102714 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED681E510A7
-20180507105523 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6822806B3
-20180507204038 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6885CE023
-20180508025258 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED68C4A13A7
-20180508064503 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED68EAB2CC7
-20180508094511 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED69078137B
-20180509200633 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6A5AB6E77
-20180509233450 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6A7C34C7F
-20180510003712 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6A85E2007
-20180510011010 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6A8ABBDA3
-20180510075358 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6AC65344B
-20180510102028 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6ADD74BF3
-20180510111207 2 6 100 8191 2 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6AE56234B
-20180510122304 2 6 100 8191 5 E3FCBDCFD41A409C58BE083B6485A2D67E20931B1F469774BAE0F1AB2898B800032581B1C4FC71FE136087937A885AFB6FC9E582DD97B8DE3AD2AF861419D5F06278316DFA78BAE7EF099889F0E99575C7812E7240B67623E7877737013A7D5DB3638040083400E8F27600BAC0650D24220CA1B3C05FB7DD70469A201DBFF1308ECA1C7152A6016BB89BFB6C625715EE91A92EA1848F0B2491AA92187468D9E8442679D7F5F6B64BC9D5A3D4E9B58C59EEEB65F8D6B70A71099E1B420BC0FD750CB2F333C23C97966BE727A6B6D9AEC8C0EB2436E01770F03840BFEC9228BB6DD46CE27D5739E18429F464FFF6812B0F66A8B0024BE03294900B8D0BC3CA6785F8C418EFE7068B2CD190A54BB9F90E05885A5C85DC069495C2009F79DBFD7774D7D65B9831FDC295CE146F4EB91DC56ABBD0B64BEAF3C340E0BF123A115D12289D44B650FF8461734308F4701CF2C199676DB3B4804FCDBD6B08C5D4875073AD5C575CA0B64597472A5C23EB4277B52B1128F3B1AE363E36A2C2D6EF5FCE00EE1573A40AD5ACDCDADE3E2672979CF68E87530520B2CA2C1110CBE4B631F3ABE83CFFDB7D5ACDD6DCA5916E30B1771FE29C4F60163B62349B66C0EDDCE8502F7C49DD4089EA5AE31FFB220A88C8D232367B52FAB7644F02E7EC10378697213CF0D90DA83A9941C217C559F88DEC6587AD953C95F11C575F0EFA9CC0650955C733910F2F90C78AE367F67B0F496A100E0B018731404D2BAEC7420F8C2B1FB6612AF69ECF369F236DD0BFB0ACBAED4141B2A14591C6475FC5C3D4E9B6229ECF7E288C015D59A35DE67F633DC586609AB3AB85A02B99DDF1B6FA7D54D4B2DDB767CAAB797C9FB29594B80B5BAACF777666D0B35CE6EFD8E46270C4D715B74FEA64FE34FBF4332BB4E8477CA438645C24444417EA5769B507925FB4B8FC59E429F1EC593C397F71087A080B39A192B5147D04D9F30DC237764C810E519B74EE90F047D0829104B6BA1A01F1CC18C85BE79F52084FAD6D7BF3EDA36D63981D8B75676740DB1AA6E06AD0C1F6A3B665D2D9D0E363FCE37B581C682A5F554D820849CEE7066A7DB011EA7D916B4A45212CBBC7A56ADAD33D203B8A1EDA03064A34351916C243E65D45425974C1468A626B773B48962108203F02814F15640149BCC2325C40F2457F0618CAAFDE26162326F2F81E8C727FAFED1B43E3AC8752E9F4EDFF5B58BD316882B555E63278FEB00B61144703C060B6188F3528E176E9B2D5996579048B723EB678CD56FA979004270E9F88F235404C522ED076E9F287097F2F7600A2D4566D2F6EFB600A9854B61CDB4363040D4F30D96BB011EF4BB0E0F21192F72B106B4F38A79FA384978C3C2A9AB94534BE01C83927BC95A9C5E55E618D7C5D77A9FA39664EEF11B2D50F59396DAD7CDC23F17948585BD88342EED6AF06789F
+20181031113618 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0BE8103
+20181031113634 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0C7C3CF
+20181031113642 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0C8204B
+20181031113722 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0E7A6DB
+20181031113747 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE0F5096B
+20181031113822 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE11027BF
+20181031113906 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE12EA013
+20181031113934 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE13F42E7
+20181031114007 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE15AA2C3
+20181031114101 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE18AB6BB
+20181031114215 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE1C69837
+20181031114328 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE207143B
+20181031114445 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE24E3977
+20181031114549 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2843EE7
+20181031114559 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE285908B
+20181031114647 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2A7511B
+20181031114706 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2B08EBF
+20181031114734 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2C326CF
+20181031114807 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE2E0BCBB
+20181031114901 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE30D862B
+20181031114935 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE32AADEF
+20181031114949 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE32F8FDB
+20181031115050 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE372E443
+20181031115213 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE3C3748F
+20181031115339 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4158847
+20181031115400 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4262F2F
+20181031115438 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE452029F
+20181031115505 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE467FAEB
+20181031115602 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4A3A77B
+20181031115728 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE4F4FEC3
+20181031115752 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE50404F3
+20181031115803 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE50889BB
+20181031115940 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE57A3D23
+20181031120037 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE5CC4913
+20181031120051 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE5D944FB
+20181031120113 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE5EF41F7
+20181031120225 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE646894F
+20181031120258 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE670C3B7
+20181031120333 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE69AD617
+20181031120339 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE69AE223
+20181031120356 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE6ADE1B3
+20181031120414 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE6BD0ACF
+20181031120712 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7ACC18B
+20181031120724 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7B37CAB
+20181031120737 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7BF34CF
+20181031120819 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7F719A3
+20181031120825 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7F7A70F
+20181031120834 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7FD3383
+20181031120841 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE7FF6C03
+20181031120850 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE806800F
+20181031120856 2 6 100 2047 2 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE807F56B
+20181031120905 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE80BD7DF
+20181031120923 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE81F7F6F
+20181031121031 2 6 100 2047 5 F13B549CC6FE8517551E48FAEBA8D93EAC29403838E22ED862927B8AC9A9ABBA96AB7E306F0A01B75C0E960AB9DEA0F8519BAA2F13E541E194604848CBC9DEC51165E7A45897104B4A9C54C7337270A8B1B7F53B9DC203744ED2C634889C879E713BEA519452AE800B390FFBABF40B992AF659947D3ED78AA04DDF51C84D7B0824978643683F2153C99F682E30A25683CE180948F62E2CC1EFA1513CB16E74117334356E4E365132BB37BA41B4B79F148F26842A61F12D42B149F3FAB0041CB7DF7F53742544FA4E956D314B140F49786E23A5446C1F5CD55CB59D845774C6D6EF1CE5B7426F351FE906C69D23720BCFC5E250DE2786ACEBEC823E1DE88D9BB7
+20181031121153 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD79F990A17
+20181031121230 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD79FC4B55B
+20181031121305 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD79FF25EFF
+20181031121338 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0250433
+20181031121452 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0A900D3
+20181031121515 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0C7B767
+20181031121531 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0DB38C3
+20181031121542 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A0E45E73
+20181031121642 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A13B7883
+20181031121702 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A155F0FF
+20181031121739 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A19802C3
+20181031121744 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A198FC0B
+20181031121802 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A1B38723
+20181031121819 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A1CBBC3F
+20181031121927 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A24638B7
+20181031121954 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A26FE49F
+20181031121959 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A272126F
+20181031122023 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2962B0B
+20181031122035 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2A69E27
+20181031122128 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2F49F9B
+20181031122137 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A2FC98C7
+20181031122211 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A32E8983
+20181031122217 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A332034B
+20181031122230 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A341BC13
+20181031122415 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A3E82A8B
+20181031122441 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A405F593
+20181031122523 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A44029BB
+20181031122645 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A4A62F13
+20181031122739 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A4D96A23
+20181031122811 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A4F1B05B
+20181031122853 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5184683
+20181031122948 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A549FBCF
+20181031123010 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5593157
+20181031123029 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5681F87
+20181031123056 2 6 100 2047 2 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A57EC4B3
+20181031123230 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5DD04FF
+20181031123244 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A5E3B3D7
+20181031123450 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A660A94F
+20181031123530 2 6 100 2047 5 FAEA3B642004FC1DB17244B7DE6AE7EFEA5B3AB4D54A13674A0E4B460E9D0716E6313530F9BA5D9C959562FD4A1D23FC92D99F1060A3C1B374050C77152C461AEC19CBE7AD6818C48CC9568FF8F4E45367C1053D6DEBCF76BD4DE8E3BA808FA43A3649722202C83417ED96F423DCEA18BB3F99E4598C797D05E0D3E6D2E27A5EC0B10304BB7643AEA01DD989AE84AA4B08AC3AA5613C222C41F5CD46EAF191343F1D07664F2D6E7BC876BFC46CFEFBE50991EBC15664112F6DC8D58D6665B9BB9F974D7210AB8E04F963128E43D92B6D645A963121058BA29C668AC5DA81DF3CC17908D240E8771EB52E4396AB6DA2157F3EE55D0C0E20A52C560FD7A68FC267
+20181031125435 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11528E4B7
+20181031125919 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B115D90A53
+20181031130156 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B116301C17
+20181031130212 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11631DCAF
+20181031130646 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B116E4CA3B
+20181031130658 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B116E4E133
+20181031130803 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B117068663
+20181031130826 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1170E270F
+20181031131600 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1184656D3
+20181031131740 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11883D577
+20181031131908 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B118B728DB
+20181031131956 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B118D00F87
+20181031132017 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B118D567E7
+20181031132405 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1196905F7
+20181031132450 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11980B233
+20181031132510 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B119877CCB
+20181031132628 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B119B78FAF
+20181031133030 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11A5CA257
+20181031133638 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11B5728B7
+20181031133714 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11B698D4F
+20181031133816 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11B8BE2EF
+20181031134152 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11C1D39BB
+20181031134307 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11C4B4083
+20181031134804 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11D1356A7
+20181031135113 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11D93FB63
+20181031135414 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11E0CAEBB
+20181031135744 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11E9CB9E3
+20181031140159 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11F4E4B63
+20181031140258 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11F72025B
+20181031140622 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B11FFAA343
+20181031140654 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B120087713
+20181031140849 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B12052E023
+20181031141317 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1210F24F7
+20181031141517 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1215A8893
+20181031141539 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B12161A467
+20181031142722 2 6 100 3071 2 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B1234E3F83
+20181031143116 2 6 100 3071 5 DE6700153B27F195B230266F3E9064D8646E4E27111A6C5A013DE98A5CD7F11B31B1DC4C71DD72CBEC38DA508B1AD04CB69A372B8D01396C5AE7F5F99C3C3CBE1B2B3287C6AB5794E3AFD6C4E5C8E23B76E21A479765DD7D0D8D41A75DA966486E2C94030AA81314CFC104172048A82D95F402FA9B12E2CF3469AF6202F527BB5FADD82F7F5A67CF47EAA9F70FA02A55D45688EC65A26E8A8BCBD47BEA5C70721995434D0736F3396E9D1681BB08A336B0A9E3340AA24D1E9AC4B33103438C130B4BB87A22D3D85B8BC66B66679790AF7429D0B8F8CEE9BFA7F34239E0F109DABE5370196CB46C134B184178ED494D4703A681A18FFE9A4D6FF5EE71E141EBE11C6E3A6FEE7586F9D5B400EFDF06289783269BD86F1F38CABB0FBEAE666C0FE9EDAF7D1017DCCFBC4AEE1F1BE6FDA3EBD47C7E2BA2D54CC61B740E94B171E0FC2A0F93BF1B93FA4C1D6050106D20A69C11B16AC43EA17C6EE954444B05DCCAD5DAB6794A98FEE7256EA9B1F817E80D86C9242CFA02EED926E200C7B123D4E7B7
+20181031144633 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BD211E4B
+20181031144827 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BD69A2F3
+20181031145126 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BDE3D567
+20181031145403 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BE4DA06B
+20181031150010 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5BF499357
+20181031150458 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C00F4FE3
+20181031150931 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C0C7C2CF
+20181031151259 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C159195F
+20181031151525 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C1B99ABF
+20181031152039 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C29330EB
+20181031152155 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C2C100E7
+20181031152224 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C2CD60CF
+20181031152510 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C33CEF4F
+20181031152907 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C3E0892F
+20181031153155 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C44E0077
+20181031153227 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C45D1D9F
+20181031153350 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C493C143
+20181031153609 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C4EF9D0B
+20181031153956 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C5898C03
+20181031154033 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C59B843B
+20181031154104 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C5A94107
+20181031154333 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C60D5BBB
+20181031154832 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C6DD0793
+20181031155320 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C7A1DB4B
+20181031155718 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C842B8B7
+20181031160130 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C8EEDABB
+20181031160435 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5C96EA9B7
+20181031161312 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CAE0E013
+20181031161424 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CB0BFEAB
+20181031161443 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CB10BF07
+20181031161804 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CB9812B3
+20181031162300 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CC62B69B
+20181031162439 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CC9EFAAB
+20181031162719 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD0A69F7
+20181031162832 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD357E3F
+20181031162924 2 6 100 3071 5 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD51C05F
+20181031162948 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD5A0C83
+20181031163058 2 6 100 3071 2 D55876EAB302ADAA592F62BBE1E67B18C153FA6D93B6CF3C0D0E8989C13F29E1F6638AE58634C6A3C067754CA1241A8EDA45CB1306347BC6BA69D2CE5F515238C78CAFEB65D4FF05D52048EB048BE9B4C127C81EC60B978A372A5054B89BA7D8963DA343DB7F5B673B275E34D03A25C098FEE46063F963E47CAEB67A4915F413570C89224688F4598D25EEEE97DE581256261C0053CCBA12966E31849F31BF32BC506029A41F94356714EF0046FF68D5B75EC86ACB79708CD817C7752EA5E0D5E730245B06B91953434E2325B706C70492446CFC070C11F8E347AFDDB065B680A075BF287DEBFA9D59EE918B85D5D0157CD539A5E46888F39DB448D1D6BFAD57A3970C537387B556D801960276284F363287FE0230CA1950725B1B09A54DEDDF924BE8059E38A729A400582713F149E7E1005C8B0FB302ECA12D8949BA2B4FC645BE96B3F20384384626F1BA1F4E8E045442DDD6A124DECC49B8CDBD6D4217978F69FF8DE7B7F4B15908881391F81F43DF6FBD616398BE9225FE3AC5CD82F3D3
+20181031163809 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1925064B
+20181031164609 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A19BA1E2B
+20181031170331 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1B0331C7
+20181031174642 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1E40577F
+20181031175327 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A1EBA2BA3
+20181031190736 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A24551BC7
+20181031192252 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A256E6A8B
+20181031193735 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A26848667
+20181031194031 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A26B3187F
+20181031194403 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A26EC656B
+20181031194833 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A273A8833
+20181031195443 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A27A959BF
+20181031195836 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A27EBBC83
+20181031200940 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A28B88307
+20181031203106 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2A47E5BF
+20181031203858 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2AD76CDB
+20181031204443 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2B3F16FF
+20181031205841 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2C416607
+20181031210215 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2C7C62CF
+20181031211110 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2D1C8377
+20181031212747 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2E532EF7
+20181031214614 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A2FAEF903
+20181031215951 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A30A680FB
+20181031222543 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A328D6FAB
+20181031222846 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A32BD423F
+20181031224038 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A339269AB
+20181031225211 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A34692BDB
+20181031225338 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A347B8EFF
+20181031225926 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A34DFF2BB
+20181031231202 2 6 100 4095 5 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A35C67F5F
+20181031233350 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A3758AE93
+20181031233800 2 6 100 4095 2 FC69089A469473B9CF3F3CCD21123CCF3563811632E7FB6CDF9CDF7726AFA4691881289B3952D2347D7BA520E95016066B02888C7EA1E633B998E00EFE78E454EAF64D6462437E9DDB4A239DE998EC0756E7ED17B7A3499CCF2E3F33A54FD223BB6C485AECA2475E2C002C303F6A55530F2F83A98059699C59A43238468FC85CD137A1FC9B9674ED5D746B44848339A9CA772E802BCE56FED99E8B110C8CA365DFB9BFDD47CB2A33CA92469B3BCC6758B73A7A5685F3FB74B6D785ACFA15E462CA9E70453CD1E9D48D146F0951E4E10773A4FBC9C8E2948D2A091525F964FDE6B60BC3C7A175FF88D20A3758B2D6C35F253AF00B95697F32446EAAA00C7B8A3C4B9DC47EDF44BC4C35052CF7304ADE74A0A9C70575FA935961B07B908D9E58454662B0ED6D8148B79FC45B1F5EDD602B13C7285A75B901183C87CF0F6C060E40D48D9910BDB86C2A253C9894CCE7034DEB7707EF5256DE8E98570375845ADABAAF81893FF6D9E61E45FE9906E61CD2FB86F4A1ABC0D51527B56D3329192EBDFA78149C4652EA23463D6FEFC6F79F22154631CEB04692FB67B815FF791576AB9BA71B0A51009D4B2ECF0ED280745831B4B6B49D951479E5E6831F19CE717025AE212A3057D21832E86C847970CF0CEA82D19BC3D211A23EE2CB6B60ED499F1910A4AEC72FEE2BCA10E8BA9AC47ED2D953E1429B056CCEAD0ED2715D2A379DD5F3
+20181101001517 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C3B843C3
+20181101001909 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C3FC854F
+20181101003052 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C4D5B923
+20181101003946 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C578D833
+20181101004718 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C60301F7
+20181101011451 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C80CD293
+20181101012546 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C8D7E023
+20181101013857 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C9CDF40F
+20181101014111 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002C9EF64FB
+20181101014518 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CA3777C7
+20181101014810 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CA6853C3
+20181101015518 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CAE81C2F
+20181101022434 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CD0FC883
+20181101022626 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CD297D7B
+20181101023305 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CDA00627
+20181101024528 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CE8651DF
+20181101024730 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CEA46B8F
+20181101025218 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002CEFBF913
+20181101030928 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D039AC1B
+20181101031126 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D0557A5B
+20181101032741 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D184F8BB
+20181101033140 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D1C803A3
+20181101033414 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D1F094A7
+20181101033713 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D21F8203
+20181101034124 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D268646B
+20181101035424 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D3556B5B
+20181101042126 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D556768F
+20181101043318 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D62CB7EF
+20181101050055 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D835583B
+20181101052304 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002D9D786F3
+20181101053022 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DA550ABB
+20181101055828 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DC5EBE23
+20181101055855 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DC5EC45F
+20181101061019 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DD2F3B53
+20181101061349 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DD68BE4B
+20181101061523 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DD7D755B
+20181101063404 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DED7E937
+20181101064144 2 6 100 4095 5 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DF60EDC7
+20181101064624 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002DFAC40E3
+20181101070243 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002E0D7FD93
+20181101070718 2 6 100 4095 2 CB00EACDC1EDB3E4111DB89DA6722A2D66156FC2F5B602DCE0510B47F36F6E94615D96D222BD22037AD407B782A888F534CE84C04E6B78FDF3F24C869960888D33F8396A58F34238B7E2F2BF3CE48263BE78474C422A073FCCF02C47218509E5A989208456CC7ECCB7004957802A413AA0AB3E51C29FB53A99886977A86B4C47A56C2F312D3BA2B2CC4D5CE637B13A77369D5D5CF478E9D38389969F5CF041863F1D5714F11BC66C0FEF500A6B3FEB18BDF575E9E0F066E0A42DEC284B5A23D1C31C628F672D94363CBCCEA7C81636D51D81337E7556B726B35185139FA7568978E684E511DB467D92F0B56B43ADF802E7ADC15107723068B06E024DD25340B228AE9674BC3FC58D6BD55FE67F01B197847B6F4FE8F2DF6BC8C72292067C6BEA73C1D8176926BDBB7A620C36CEC57230A89C9799416E68ECEB323425728DE2830C64979DDEC6355F2BB391FBDC705A5C1537EB03D2372650409D7084D6FF1B3913F9796109B40CAD99DC8B4EED4379A67E96FD1192BC87A5C60A410BB6996D1E0DA0D7E43CE2632B14714E6A25569B9F42D51F22C067F12E6E030DF1205FC91429E93214891F026089748772A64DD21C2F13EC3BEBC313187FB8936613D8E4A93F8569FFC6C6509D43F3939D4CFA5BF958D6E1E9E148DDD3E332728957413FA6084CDDC1263419C9C712F5DC3177F39F0EE5CB8B5F90EE60EEC4A002E12169CB
+20181101074507 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC509A2DF
+20181101080039 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC560A423
+20181101090537 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC6F28D1F
+20181101092350 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AC75F93C3
+20181101133727 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4ACDA5C3BF
+20181101153921 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD0A30BD7
+20181101171128 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD2DFFEAB
+20181101174632 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD3B43EF3
+20181101182605 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD4A147DB
+20181101203006 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD79B0197
+20181101204455 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD7F055F3
+20181101205817 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AD837F15B
+20181102024420 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AE097172B
+20181102055827 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AE5403DDB
+20181102071828 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AE71BA84B
+20181102092836 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEA2D28E3
+20181102103738 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEBD11737
+20181102114713 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AED6CB613
+20181102115644 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEDA11D23
+20181102121940 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEE243617
+20181102130721 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AEF3698BF
+20181102141842 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF0DFB873
+20181102154420 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF2D2C0A3
+20181102154806 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF2DFCAFB
+20181102163042 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF3D211A3
+20181102165448 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF45675DB
+20181102181017 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF614E323
+20181102193623 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF80E023F
+20181102203258 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AF956439F
+20181102221408 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFBAC649B
+20181102225455 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFC958F53
+20181102232700 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFD502EE3
+20181103011316 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4AFFC84A6B
+20181103033644 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B031123EB
+20181103045613 2 6 100 6143 2 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B04EC8B2B
+20181103061743 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B06C56A47
+20181103094430 2 6 100 6143 5 CAD8A4810C1ADC23A2317EA8BB2F93AD4198F948452AD65159BD3D71800456C339AFD34BC6D512D8FCD337463E3CDFBB4E81A9BE01A6FBA103051D50118610088400DEE2C8E51376B07593D50760832754D352737620CB3BD45CF6A0356209541D14FA9A356DB075DAC362617DF28B202B8FF5FE65A7A6106715796ECC5433DF29FDE1BA29D1D70BB0248EFEEE7DCB10B78EDE9F37078D39AEE37395927F97C2E8C8D80747496C5F4C7ED0A14193BDABE56665BE74475CBD49049F7BE47366B32A1E828B3155A7D48F1D06052DDAA3C0C24550772A69F0E3635794B1FC8BFF6274582092BE2CB3323269D3433FF6CC0294074B0BD8E5DF1A42A4A2A687FE9C4772994FA5EA75F099539D9A7761C687F3F2896D0517E73ABC64C8A330E740DB99537F30E9566497DE782C8F5A5A9E64111478A69BA4535C72B323CCCAFFD7E2C181009424D4CA391B0CED89411455E8CB00147E098716861AAB1B18EC5F295F22C8F687C9DBA534BDDF5F98D94E07F0DFFBB9D272AD71A7B1F657794E36EABA60A6D097F0AB4C405909F5D3D15B177496BCE74217892D701745D176AC5A6049C75F2C17C18FB00F09DFCF1934E69E64DC4C758C3353411503479EE07D7660B67DFDE76DD3FA26B2894DC3C6F5A87059657428324E613F7FE6AD25B09D73133AE16C0A5CA8E285BEF024DE79A27A3C363A70B80AAA1638EDEE29FCBD929D6AE23A5A064769F474D116DD11EACCA5B629EFAB4A95053BD9EBD5B21A3AC3CCD503EDF8CC659FBEAE8FC4EEB2B59CEB41438752AD130476F2DE793FB993BDE8057F1F31437F053B847653D379E2ED78491A0AF3F8ADFC4FF023DB11CC9087AFFC810FE16491CEE4E7CB8622C47E0F44479C0C6D915F4A68723B38FBE83DFDCEE4D5745CD316444BD98C951DAA9706795FE922754B80DB3AE924FBEC44AEF4C3D31EB9299175322FEF02A52E854377030F9BF09AB7CC1BF5327C8746BCAD1AA0A876B740FBCA2C914D45BA75292A2329078DF05ECDC8EA0C149D29E481AA1CA80DB2A13ADA476DE3D82D24136A5B92B7FCCC486A785706FF8ED0CD41F5DF4B0B7BA467
+20181103110754 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1949920F8B
+20181103141747 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB194E3CB3E3
+20181103152440 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB194FD1CDE7
+20181103155517 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB195089F093
+20181103161259 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1950F052F7
+20181103173322 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1952DF5333
+20181103181221 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1953CC5B37
+20181103194325 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1955FDACA3
+20181103194542 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB195602AE57
+20181103205409 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1957A5593B
+20181103221714 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1959A6D687
+20181104161809 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1973A572FF
+20181104162823 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1973D9C983
+20181104163116 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1973E18163
+20181104164151 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19741666EB
+20181104183842 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1976CE68FB
+20181104184621 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1976F40FA7
+20181104192058 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1977BCD9FB
+20181104213223 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197ACC31C7
+20181104215616 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197B54F0A3
+20181104233753 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197DA923D7
+20181104235806 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197E18BC83
+20181105001724 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197E83B0E7
+20181105010241 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB197F8509D7
+20181105022532 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB198168A38B
+20181105042426 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19842450D7
+20181105052112 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19856CA53F
+20181105052812 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19858EBEEB
+20181105053259 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB1985A24167
+20181105060205 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB19864B479F
+20181105104043 2 6 100 6143 2 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB198B9EEEC3
+20181105111928 2 6 100 6143 5 F35161AADD9632E3575CDA92B32D0F28F2E75A457C95BE770E9A8E8122E71DDB31C63B86B67348319F52466B6F3FED41463FAADCA6CE2901FF62D867C09A3565BFC511A060AABAD5040F94C3066EFBFED3CA9BA71864EBBE9F616FCE8F9B0C9C463E2172BA6B1EEF222E310FEC9B70FDF42104292FE772CB350DB09040ED588DA44E0607286D1D66F155FFC5607EBEB4041F705839FEDB0C03FDA40F013BAE3D02EA1256B6DB4DB0F9ED423CD6DCFFD36AA0841BB1FDAF66A453A19EB967F0ECF045FB069302CCB0C6EB52834D1A8DBDE302530510349FC21AE0EE7D5F912D6FBFDEF8A19B8B4CEF2EEE0D05F67DB8F03E564FCD7CD2A344DD1A45A7079037A7629747BE1F183775275C93F52505BA701B27FB18035A0B8D707BF1A3B3BE453FD1A21B0B7FBA7CF90B3BB9665AA33EFB1FC04F858A33E8908397B976C03F972D6C50296DF33359E0BE9209C7D333A019937EC6A26BBB0EDD75DA06CF63A6333B1786B55DC0812AB74FD5D87EE581750E238EFCC75A1EF651502D3988C29C6C37504D90F8878D2FBE7F9131F273638A1BFFF96839557C5D1BA687DF78AFAF75E7FA7214B44C04BE0F3D160071146681C7CBE9B1DB1766C1D972E836DF71D0D4CD4E396D15EE25EF1A58FAC876E2ACCC2DE8EFA8B194694524C1F73D66B8D4D0B95C9896D18FE4061A68FB322BBC155D24E7EA516F740866BB32BB55E8FECAA7BC7F9D3D347024584F8BF4A40232D6AF32E3BB753718567698ABCA6440D68AF0B4317F343FA866ECCC64E895D780300BFA2FCAAAAFA4630C37EB8546025DFDD1E3FAB56F70CC95AA0CB7E3E8F11253D80B4C072ED04FE7068C4818B52831F77C11934F97AD153C44499AF0E6C99DE5741E41EB4C3DDEA3A7C7404AF7F154EAB7422598797E4E5106BFCF7390DE9AF5E9978A7000566FF8EE5737730108235AACBD38D8C337C71978FDC765243322C08F74B0F71B91E3C50BE3DAB7E58F0F8F187839AABB2991C1AB686975AEF90EECCBEAD74AE9C78F0A4DF2376A35A4E5894E8677A08788FEA19DEAE13C88D696C65A7426E620AA1492115E2BF0FB198C77AA37
+20181105162143 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416C2EDFD4B
+20181106022607 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416CB3AFEA3
+20181106061722 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416CE37F7FB
+20181106094748 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D109F343
+20181106111032 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D2224817
+20181106145715 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D526B7D3
+20181106182511 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D7F88093
+20181106185324 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416D85194CB
+20181107004801 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DD089B0F
+20181107010004 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DD2A3B6B
+20181107033546 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DF3A214F
+20181107042839 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416DFE1C77F
+20181107045255 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E02B64E3
+20181107093859 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E3F7C30F
+20181107111504 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E533987B
+20181107115050 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416E5A3AA83
+20181107192529 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416EB936ECF
+20181108001017 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416EF491CEF
+20181108055511 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F33826BF
+20181108085903 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F58E9E8B
+20181108093954 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F6069543
+20181108144923 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416F9FC5BCB
+20181108194100 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B416FDB2EF23
+20181109005641 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B41701B64E6B
+20181109074202 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B417064EC2FF
+20181109125150 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170A2F02DB
+20181109160619 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170C92055B
+20181109161624 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170CA966AF
+20181109172619 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4170D7B99EB
+20181110021145 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171409B02B
+20181110062711 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B417172F0403
+20181110153547 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171D11BFBF
+20181110171812 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171E461903
+20181110193333 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4171FE2013B
+20181111070228 2 6 100 7679 2 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4172812EAEB
+20181111152029 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B4172BC07FE7
+20181111213014 2 6 100 7679 5 C988D06CCD826A9351D5CAE32A47B28ECC90FA4870D861CCC058CFA49419B0044A395E3F289A48C821B2EFE08D293B917B1DB2E2369564F5D066084F71A090706F84E101625CACAAECFFF3B2FE2A8C04FF9A14D43E9B316576F1571B0FDD51A119222601AE2BBFC3007FBC12D10A2D725AD9D8503A47B4B1977FAF4B0C8E244C372662A335C82380718ABAA9B522A03866EBFC6DD7DEE135A54FDCE58EAAF1996D2485E178888F361B01C2A5F5E21E65BAFFE3024C02210AF189975CADE7BFEAD4A90401D7E37D9B855FA8C8F0D2FBFF9357F8C05E3A2A14173E8F7555FD78B88ECEDC94E238639FA1F59C896F61501B2094199D7679805FB69026D4F13CDEB60CAA339BEB091D7D0C125C72028FDFEC35C5D6EE231B1A46C0619BF822F415121A975322001C4EDC29C5CAA430D1471D1013B67B90F5A7FAFB322B53A9C4D418763CB8A9DD068BF3B7702BA939B4FB0DA5253A999B5A8DFA664D2A9F94169F34E46D45D348E3A7E3424CF6019CFDFE1623940B3FC47A1064E601549C02020571FA10F63AEB0676213CD71D1A8A4140662D00471FE9BA88C269F8D217A978AE910A85CADCA772BD7023DC8D0C2ED524C7FEEFEDF408E4221F474A3783545E155118133FA9D65382F7261CF001701E46721021A1315780A53F4238C1AEEA41D38E1B3310D2EC9AE97C2677467157A0B74DA93A3CDF3E6CF898FA0F5CDF3F55CA572385698FD0F55E0E5C63B4BCB9F4A6EDB74C02C0150B057B1A903F7DD8EFC011EE822F2ECBB780914BCC43A11F7BF4A63BE31F06226881ADE9EA780A58C1A6D7183EE947611A03051A0EA817D6D26FC0C418607EEF57AE00494CDDA1CB518C3F910FD46C65F96E3553CEFFD72D13AC13904EFF4E66203B8D512BF7136251120F0BD28C1E781000BBF832A072DB3BBA7B2CFB5AB1F6DAA17FD6EA6C484BB764E5F01194A5445B1FD435977F916261FA1B5AAD6B7E83782C04EBF3CBD11DC7D929FFD8A16597E2D6A384F343D08E13CEA8232818D7F989BB4B0D7D7531AF0F4C6683356A109EAFD135D2E3319FFA6218053EC737FBD91D5886790D4FB1DB70F3D704148EFF2FAA0241F47F2902EA8286BD7647B615197B0E2A70F3638BDF46973518EA692DA5EE26E533F815FA5E5835C2080FAC1776A7CCFE2F49B1400A55F24C9FC465A766772EFB35756AABF0A42B58966E883AFE5E4000D863756225CDDA2F5AC06093173A1AFB5AD9A7B721A30820170A4AE35B3A2F09DE1B53B7D7A407E0F77F1CD4201337315E6677D30CA3E40F84A7AD707BE0FF99CE9334FAE40692F38135DBBC8CE8E7604C0F9C8AE1989C9FE2AC29C2800DC8876032B41730368927
+20181112101949 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4608E66C77
+20181112120627 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C460A539D5F
+20181112155435 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C460D765A73
+20181112211414 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4611D8F2D7
+20181113033731 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C46170D027F
+20181113122018 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C461E0FB427
+20181113122849 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C461E245A3F
+20181113143304 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C461FC358AF
+20181113155105 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4620C4118B
+20181113165341 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4621936EAF
+20181113171216 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4621C96C57
+20181114050208 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C462B2BBD5B
+20181114141440 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4632523CCF
+20181114160132 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4633A72497
+20181114185818 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4635EC630B
+20181114200207 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4636B93337
+20181114220623 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C463844D7C3
+20181115101522 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4641A155C7
+20181115120812 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C46430AFEB3
+20181115125440 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464390BAB3
+20181115150855 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464535BB4B
+20181115170837 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4646B220EF
+20181115231105 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464B3844E3
+20181116000709 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464BE2332F
+20181116053629 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C464EAB7A73
+20181116122404 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C46538BEADB
+20181116141535 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4654E5E903
+20181116230159 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465B551BBB
+20181117015828 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465D3CDE9F
+20181117025015 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465DD9203F
+20181117031140 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C465E163313
+20181117071114 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C466102759F
+20181117161936 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C4667A72DC3
+20181117215936 2 6 100 7679 5 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C466BB5F597
+20181118001148 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C466D436643
+20181118040056 2 6 100 7679 2 FB0D9422C2C18ABC70FF186A01FA8ED40D4950F804266E0B9661F1E2A6EC548235ADF6A86C277AC391995CF5C43940D264D81121AE69F224E949221EDC039AFE2DA6752F6C04E10159FE65D54CBE5EF34174D36E069C4FB18C8E6DBB80B2C6E0F0AD82E0B7281B9D675AE9E85F509B12746130BF725235E2AC495D268C383378FA130AFF2584962A8A3EDEC0B02504DF264F77980B8342713A28BD3219D83F6D70CC1393E10D5A4734BC029FECD3383FF41CB73AC61C29B54B50E439807BFA5663814B6DA5E81B9491217BE616F6B5F93728669FEF51C06D049586FA6584DFBECD526C5CAE6BBD17F104FA69D353A01CD7E39D5BEA60EB0491DCAE78F3A42BFBCC1F366C55FB23B649197B2D2493180963388FBC4A2AC804ECD042A97A07943D46F18EB6D6C24FC050E3DBD8EE2C84FA03E34814EA53197F1121232E239AA0DA133BD81D439AB595FC6F895AB27D0C6C8A5C3F468C9EF81A42BCB7676C2FF4D381063700AEE81FB7369463187413077048310A98D2DC034CCAB7001A28E288B4E6A8DB609974EC9FFC75F6DA91203429ACCEBA35B4CC03006BB069BD2A062A8CAF59E200A8E27B0CD48F896AE6236F0208AE3924EDF58F87557D05413C00CCAD3B95E6F659EC73FDC6933D6D1E21BE753670F6725F21721FDDC304E6178A3164A85F6757A508AFBD9AA4F1C7B181866F5AA306A25032E59C042ACA8EAEDE17B5136ACEC3B56D2E73284922162E614BE0B87654B7B12132D15E6F11F23B0FF2D0A898680B9A66BB908106A60FFC9A0FB43FF3ADCECDB128764764E1D429A0A194ABCD5AB41CE6B75CD025AC8A5FF2153A20E937354A27E361FB396D87924DCF91FE72203BCEA88303DF0A848EA5ADA9282C2C3C2B92542F721C58809178F36E2DA00D17C613FA5173BFC0F27F9502A1AE535BA9D373ABF83413A8F086FE904B0B45F449CCA9F0615028E1A4878463EA8EB424CA76949EA34A6A36C8DDE6EC4A4AE653A2F1F1009773BB92B8D20530A3313F388FA1AD70C3ECB716E5CA80A06C35CBA247D15D41795F8E083B27B4E227B616408863AFAE48F4C4AE68F1DA9A4B427F666DAD85035D1A499B25A09CC19548A5B9276FB082AA8B00879CCE17105CE7368033F4A18D68826780EB79162AD1B7C70879041BA08FB4A45B3071951DD05EFC9FD04AFCB99D57AEFD4EC51549EF9A166312E744CC7EEAEE9543C02D1B2D233A4B59B187D6E1DB64C843358E8B3C73765DDDC9D79D2D270FF493F56BB4F2F0DC4002605999644FF2A573CBA98492AC8577F5C1A822FD0FB709EAD85C786292DCB4FC8FAD924EEE898502BCD84ED4023C7D74A691A7A3A812685C467005CF4B
+20181118070300 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211133D9A97
+20181118160610 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21119A92B8B
+20181119005538 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2111FD14FAB
+20181119071041 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211241066AB
+20181119085941 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211254A0343
+20181119153022 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21129CA56FB
+20181119193618 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2112C8E0D93
+20181119234643 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2112F6601C7
+20181120010634 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2113048398B
+20181120045702 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21132D1168F
+20181120121931 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21137C65BFB
+20181121150916 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21149914247
+20181121230020 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2114EAE7D3B
+20181121233310 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2114EFEE58B
+20181122074348 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211542C97AF
+20181122122936 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21157397D47
+20181122134740 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115803DB63
+20181122213432 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115CF3077F
+20181122232736 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115E1C6FCB
+20181123013244 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115F5E2D97
+20181123013752 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2115F623A23
+20181123032802 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211608810CB
+20181123054205 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21161EAF243
+20181123185533 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2116A336C63
+20181124051353 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21170A23417
+20181124051939 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21170A81107
+20181124102146 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21173C1D793
+20181124105734 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117416EF17
+20181124114011 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211747D7B4B
+20181124162540 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117764D6CF
+20181124195401 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21179863787
+20181124221336 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117AE70AF7
+20181125005223 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117C7CCCA7
+20181125060115 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117F8262DB
+20181125063720 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C2117FD8EA63
+20181125071430 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211803251C3
+20181125172444 2 6 100 8191 2 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C21185F9BDF3
+20181126120755 2 6 100 8191 5 D72A51FC8A019CA61D28C85021CE881FBDCA1D9E2773A50343C390408ABF52C024F0268B5D4F74AA0722F8FA78F966B7AE411C57015CC9E0DB7E56B27A1D078D951747F90F8F663552B12F9BE26809481BD6D62C8EE018E2944DCF0EC7D31FFE3F7DD2F11F3C8311F1C2E2038613E541F53BA05FD92A540D11BB3267E80CCC5DEC74FD67AE473FAD56EFE2CF04457BB7B3121F93AC8F00A5DBE46E460B9B97823F937CF18722D4EE6373EF369D26A7602491493497C1EFDA3F7509772853CF84CD64A06A54FE32817B39B98CE3CE4477616CF232B04D0B2098D5A4E575939C63B26B72BE87B2BEF58F2F6DB4B2A0E00634E02637DF471D6519C22BA9494F225CA01A1A96886C6F02CE0D11EDE3370180E6E6F5CA54B44A8B66BF16ECD52193B7483700AA4051AF775F80818F3331AD80BB25A0FC8775B7821C32EAFDBEF75B3BFCB2F1A4BBDF5340B20AC9E185B0770CE6AAB120CFC4C8C88CA381946F48C0478DC07E5CF3CFB805A1BA8DB905A6D2ABFCFD765990CA4699D9F9B6922FECA4FF861362B4525FF0934E679109AB8F00909945FE897E927380F72416231AAE1A717D47BD129D5549F60C2EA377744B8807AA2432D1925D02C4C205715231DFAD86AC6B5253DE58E3E3F65484A0014CC1EFFBABC6EE912A925C08C8BB68E5FD7A13AED0116863EFA7E69A33D28A1FA853B7E0B84A5F78EFC44CDC39C4148C4B1B3D17E7371E51F96CFAAEBE15D67E82B590B9BB0567BC161AFF012F7571E514BCA7157A8C1521BD7147E83EE57721A77895722390D9C1B7C3BEEEF316E313F5A2DFBA0A5E3509F5F2CEB90C07E1177D3C8AA6CD56F5C5C614656D155350AAFD556890247AE6EDEE2236583A6DA347679C69A9B518FA9BD882F5B9850762C987F727CFEE68421A2D4F363EC45EDABAD574CC4C5AB7654F1C7E0CD84E708CD7C3ED66F369EC1E0E193346FE4747709F6A6DC969E3D2394758E807F4370E2C5A64B5190C5E9D3983CF5778076667B3E41AA28A868B9EA72C45A9234A2C92F0627512AC815CDC1418C676E66B474C071C65DF4EB7AA109ED189B30F49C9A7310CDD5504A0155E5A37FB41548B78049F3FF57EF682D04EFF6B43E5390B07019C555CB55D477552EC778C5BBF00830D1D2B233CB9B5C5A1817F96F395A527458625740A6B2FEFDF160F003D72086FAD44EA24CC669E710A965052D997E63144FD5F32271D0CF75D24DCCF5F4A8E7FD0381E03F0E9DB6F63BA5A59790788D48161E0C292436F79120C9057EBC7B1CA430E5D060836CEE57945DF5557EE2036588A902A1BD163F4DA436602B4BEF61A20D52B15877BFF9973366F242A6D2564BF32E2251C0E07DB2C98A31E82B63F6513FD4CC37D040653E3A68C6B2DB43B569FB070120ADEE89042BF0AC0E9103164E5F8BC57847A1F109ABF35E6E5DE0258C211914B6C57
+20181126180517 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA20E92F77
+20181127132421 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA2E7C1F6B
+20181127185312 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA32237C3F
+20181127232536 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA353F763B
+20181127233956 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA355F350B
+20181128191837 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA4281917F
+20181128221658 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA44764C13
+20181129071050 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA4A5411D3
+20181129083522 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA4B386FC3
+20181129195812 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA5262DD0F
+20181129230915 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA547B23C3
+20181129232739 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA54A6C53B
+20181130011847 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA55D16287
+20181130055628 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA58CB384B
+20181130162040 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA5F85360B
+20181201010704 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA652B1403
+20181201012529 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA6552017F
+20181201070700 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA68F8AE73
+20181201120437 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA6C1C6B53
+20181201153708 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA6E492B5B
+20181201212404 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA71E3AEBB
+20181201213749 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA71FF6D23
+20181202153927 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA7D41FB5F
+20181203042444 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA852BE5A7
+20181203093150 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA88559E07
+20181203160725 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8C5B7A9F
+20181203195346 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8EA11AB7
+20181203212839 2 6 100 8191 2 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8F91F893
+20181203214143 2 6 100 8191 5 EA2361A4ABC2DDA42ADD74B38CE837D05B00192233F16571DAB16B15049BA7606BA9A6DC1588738A9949D68815E7F9DB7FEB2C81C1284F976E38376817186BB7725E05B3DA281A887F71DADA27911625597D376826592E156211FF30844F8A1C47DF9320AE8E9C9171181EE3F7D5EB1B56F79D7DCC39FC5C20A23EF716809E2035466B7E7A43DF588D73637DC89192E5EC392C917AD498C66E229EDBEFAEBD449773973E04F812B55466A3F2E321FA8A3AD1B6AF8A95178F4EF001004EAA4D83EC362F1B966137C811AE2B52B5815ED28F7CEB16DE55E7C64E5D34BE122EED25B5E9DAC04AE9EBB4C0EEBA6D447B435262EDF18CD616E396C80DCAF8547DED8A9817BB70FEDEA734E5A7005F8C7C2CB53366827824E2666DE1F1AC109A41576BC37B3BD1536D79CAB6F6BD7A2D9863EF0F6FEA547A990EF5DF931632F203682D34462025E053CEE1D25EEB0508CBE0A50F7D687A5AE6038F3BE219992B7796E1181D06AA9072D5419E50046F40D5985CB8EBE8C5232EE75AB3C03F113C5EC4669C072D5C514EFA0778062DDD9FF90BB75DDBA4AE2E2100559A35273D202E93B17FFABBC976DB516DA4FC9433322FE6517E5B39021A4564AFB6E1A15B1EB5981B952A8161C688C461CD1CC8E67882CAAFD6FDFA2BA7EBFC40D16D39F4DA16879D230375833741E1B3C49D1630E10C5E6CD1C11AEB2C356C3A0A4EAD805B9330199AC8BC1BB1ECF2E3F84839B5A444FB06959505AF97019C695D6A14990A1E2C678A6EC187C90F6989DA0E977767F2110D8C9289C6E85CC87C7141B11B284A4DCE2ACA6414F5AEB560E11E44699973E4BC4B28526C2D1C68B81A51ACC9E490B6F28129100FC3888C85ABB9E0B3808F00753F76C908E8E71B08EDD87C9359F716324183EE3D89389839F0E741246400D1BEC8F5592F4D66ED0205A90F6A153D3D0751662BB95FA3CBF1543D35E2B9E02497FA24173FC8387B36EE320007E4DC8D3400DC69D361FE071D1C015F87F4FD8E942E5D92D7197279F02513839ABC5D11098DF80A4D3817B7AFC4F7A93BA8469D89DB503284B6D2B7E90F2B52ED2E6F65F0E90A3D13564725FF563772C5356E2C50AFED4301BBE029DEFB252B1598847FAB4136B69110942DE842A9186D391E8CB2AD210B1D9B9473676222F6EA1F445E24290B6F1845243B33250224C0F316E18C52180220C2549D093D9F3974980F95DA8F1A49E36D142A3957A1F7DE6E492578544D17C856BEEC0F40FAFBFB8140945D6B13AB23BE8D1ABDC3E4A92E051CD180C5F2FE288C96F831DD5F34CA679E618D160B21F1697870F8F3B3A7318D0A558C4EADF16D0A76079D148F7404AC163852513ECE66374A9F5A8BC4C87F36CB2AE52ADBC034DEAE51FD60DC071284F8CAC9346E6D60F97D6CFE41C605B2C4D8D0C8BA41DB0DB3A2BD01B037D8CA8FAACDB7
Index: moduli.0
===================================================================
--- moduli.0
+++ moduli.0
@@ -71,4 +71,4 @@
      the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006,
      2006.
 
-OpenBSD 6.4                   September 26, 2012                   OpenBSD 6.4
+OpenBSD 6.6                   September 26, 2012                   OpenBSD 6.6
Index: moduli.c
===================================================================
--- moduli.c
+++ moduli.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: moduli.c,v 1.32 2017/12/08 03:45:52 deraadt Exp $ */
+/* $OpenBSD: moduli.c,v 1.36 2019/10/04 03:26:58 dtucker Exp $ */
 /*
  * Copyright 1994 Phil Karn <karn@qualcomm.com>
  * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com>
@@ -159,6 +159,8 @@
 
 	time(&time_now);
 	gtm = gmtime(&time_now);
+	if (gtm == NULL)
+		return -1;
 
 	res = fprintf(ofile, "%04d%02d%02d%02d%02d%02d %u %u %u %u %x ",
 	    gtm->tm_year + 1900, gtm->tm_mon + 1, gtm->tm_mday,
@@ -453,7 +455,7 @@
 	int r;
 
 	r = snprintf(tmp, sizeof(tmp), "%s.XXXXXXXXXX", cpfile);
-	if (r == -1 || r >= PATH_MAX) {
+	if (r < 0 || r >= PATH_MAX) {
 		logit("write_checkpoint: temp pathname too long");
 		return;
 	}
@@ -582,7 +584,7 @@
 	u_int32_t generator_known, in_tests, in_tries, in_type, in_size;
 	unsigned long last_processed = 0, end_lineno;
 	time_t time_start, time_stop;
-	int res;
+	int res, is_prime;
 
 	if (trials < TRIAL_MINIMUM) {
 		error("Minimum primality trials is %d", TRIAL_MINIMUM);
@@ -716,8 +718,6 @@
 		if (generator_known == 0) {
 			if (BN_mod_word(p, 24) == 11)
 				generator_known = 2;
-			else if (BN_mod_word(p, 12) == 5)
-				generator_known = 3;
 			else {
 				u_int32_t r = BN_mod_word(p, 10);
 
@@ -753,7 +753,10 @@
 		 * that p is also prime. A single pass will weed out the
 		 * vast majority of composite q's.
 		 */
-		if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) {
+		is_prime = BN_is_prime_ex(q, 1, ctx, NULL);
+		if (is_prime < 0)
+			fatal("BN_is_prime_ex failed");
+		if (is_prime == 0) {
 			debug("%10u: q failed first possible prime test",
 			    count_in);
 			continue;
@@ -766,14 +769,20 @@
 		 * will show up on the first Rabin-Miller iteration so it
 		 * doesn't hurt to specify a high iteration count.
 		 */
-		if (!BN_is_prime_ex(p, trials, ctx, NULL)) {
+		is_prime = BN_is_prime_ex(p, trials, ctx, NULL);
+		if (is_prime < 0)
+			fatal("BN_is_prime_ex failed");
+		if (is_prime == 0) {
 			debug("%10u: p is not prime", count_in);
 			continue;
 		}
 		debug("%10u: p is almost certainly prime", count_in);
 
 		/* recheck q more rigorously */
-		if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) {
+		is_prime = BN_is_prime_ex(q, trials - 1, ctx, NULL);
+		if (is_prime < 0)
+			fatal("BN_is_prime_ex failed");
+		if (is_prime == 0) {
 			debug("%10u: q is not prime", count_in);
 			continue;
 		}
Index: monitor.h
===================================================================
--- monitor.h
+++ monitor.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.h,v 1.21 2018/07/09 21:53:45 markus Exp $ */
+/* $OpenBSD: monitor.h,v 1.23 2019/01/19 21:43:56 djm Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -65,6 +65,8 @@
 
 };
 
+struct ssh;
+
 struct monitor {
 	int			 m_recvfd;
 	int			 m_sendfd;
@@ -78,15 +80,16 @@
 void monitor_reinit(struct monitor *);
 
 struct Authctxt;
-void monitor_child_preauth(struct Authctxt *, struct monitor *);
-void monitor_child_postauth(struct monitor *);
+void monitor_child_preauth(struct ssh *, struct monitor *);
+void monitor_child_postauth(struct ssh *, struct monitor *);
 
-struct mon_table;
-int monitor_read(struct monitor*, struct mon_table *, struct mon_table **);
+void monitor_clear_keystate(struct ssh *, struct monitor *);
+void monitor_apply_keystate(struct ssh *, struct monitor *);
 
 /* Prototypes for request sending and receiving */
 void mm_request_send(int, enum monitor_reqtype, struct sshbuf *);
 void mm_request_receive(int, struct sshbuf *);
 void mm_request_receive_expect(int, enum monitor_reqtype, struct sshbuf *);
+void mm_get_keystate(struct ssh *, struct monitor *);
 
 #endif /* _MONITOR_H_ */
Index: monitor.c
===================================================================
--- monitor.c
+++ monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.186 2018/07/20 03:46:34 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.199 2019/10/07 23:10:38 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -40,7 +40,7 @@
 #include <pwd.h>
 #include <signal.h>
 #ifdef HAVE_STDINT_H
-#include <stdint.h>
+# include <stdint.h>
 #endif
 #include <stdlib.h>
 #include <string.h>
@@ -112,48 +112,48 @@
 
 /* Functions on the monitor that answer unprivileged requests */
 
-int mm_answer_moduli(int, struct sshbuf *);
-int mm_answer_sign(int, struct sshbuf *);
-int mm_answer_pwnamallow(int, struct sshbuf *);
-int mm_answer_auth2_read_banner(int, struct sshbuf *);
-int mm_answer_authserv(int, struct sshbuf *);
-int mm_answer_authpassword(int, struct sshbuf *);
-int mm_answer_bsdauthquery(int, struct sshbuf *);
-int mm_answer_bsdauthrespond(int, struct sshbuf *);
-int mm_answer_keyallowed(int, struct sshbuf *);
-int mm_answer_keyverify(int, struct sshbuf *);
-int mm_answer_pty(int, struct sshbuf *);
-int mm_answer_pty_cleanup(int, struct sshbuf *);
-int mm_answer_term(int, struct sshbuf *);
-int mm_answer_rsa_keyallowed(int, struct sshbuf *);
-int mm_answer_rsa_challenge(int, struct sshbuf *);
-int mm_answer_rsa_response(int, struct sshbuf *);
-int mm_answer_sesskey(int, struct sshbuf *);
-int mm_answer_sessid(int, struct sshbuf *);
+int mm_answer_moduli(struct ssh *, int, struct sshbuf *);
+int mm_answer_sign(struct ssh *, int, struct sshbuf *);
+int mm_answer_pwnamallow(struct ssh *, int, struct sshbuf *);
+int mm_answer_auth2_read_banner(struct ssh *, int, struct sshbuf *);
+int mm_answer_authserv(struct ssh *, int, struct sshbuf *);
+int mm_answer_authpassword(struct ssh *, int, struct sshbuf *);
+int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *);
+int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *);
+int mm_answer_skeyquery(struct ssh *, int, struct sshbuf *);
+int mm_answer_skeyrespond(struct ssh *, int, struct sshbuf *);
+int mm_answer_keyallowed(struct ssh *, int, struct sshbuf *);
+int mm_answer_keyverify(struct ssh *, int, struct sshbuf *);
+int mm_answer_pty(struct ssh *, int, struct sshbuf *);
+int mm_answer_pty_cleanup(struct ssh *, int, struct sshbuf *);
+int mm_answer_term(struct ssh *, int, struct sshbuf *);
+int mm_answer_rsa_keyallowed(struct ssh *, int, struct sshbuf *);
+int mm_answer_rsa_challenge(struct ssh *, int, struct sshbuf *);
+int mm_answer_rsa_response(struct ssh *, int, struct sshbuf *);
+int mm_answer_sesskey(struct ssh *, int, struct sshbuf *);
+int mm_answer_sessid(struct ssh *, int, struct sshbuf *);
 
 #ifdef USE_PAM
-int mm_answer_pam_start(int, struct sshbuf *);
-int mm_answer_pam_account(int, struct sshbuf *);
-int mm_answer_pam_init_ctx(int, struct sshbuf *);
-int mm_answer_pam_query(int, struct sshbuf *);
-int mm_answer_pam_respond(int, struct sshbuf *);
-int mm_answer_pam_free_ctx(int, struct sshbuf *);
+int mm_answer_pam_start(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_account(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_init_ctx(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_query(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_respond(struct ssh *, int, struct sshbuf *);
+int mm_answer_pam_free_ctx(struct ssh *, int, struct sshbuf *);
 #endif
 
 #ifdef GSSAPI
-int mm_answer_gss_setup_ctx(int, struct sshbuf *);
-int mm_answer_gss_accept_ctx(int, struct sshbuf *);
-int mm_answer_gss_userok(int, struct sshbuf *);
-int mm_answer_gss_checkmic(int, struct sshbuf *);
+int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *);
+int mm_answer_gss_accept_ctx(struct ssh *, int, struct sshbuf *);
+int mm_answer_gss_userok(struct ssh *, int, struct sshbuf *);
+int mm_answer_gss_checkmic(struct ssh *, int, struct sshbuf *);
 #endif
 
 #ifdef SSH_AUDIT_EVENTS
-int mm_answer_audit_event(int, struct sshbuf *);
-int mm_answer_audit_command(int, struct sshbuf *);
+int mm_answer_audit_event(struct ssh *, int, struct sshbuf *);
+int mm_answer_audit_command(struct ssh *, int, struct sshbuf *);
 #endif
 
-static int monitor_read_log(struct monitor *);
-
 static Authctxt *authctxt;
 
 /* local state for key verify */
@@ -172,7 +172,7 @@
 struct mon_table {
 	enum monitor_reqtype type;
 	int flags;
-	int (*f)(int, struct sshbuf *);
+	int (*f)(struct ssh *, int, struct sshbuf *);
 };
 
 #define MON_ISAUTH	0x0004	/* Required for Authentication */
@@ -184,6 +184,10 @@
 
 #define MON_PERMIT	0x1000	/* Request is permitted */
 
+static int monitor_read(struct ssh *, struct monitor *, struct mon_table *,
+    struct mon_table **);
+static int monitor_read_log(struct monitor *);
+
 struct mon_table mon_dispatch_proto20[] = {
 #ifdef WITH_OPENSSL
     {MONITOR_REQ_MODULI, MON_ONCE, mm_answer_moduli},
@@ -265,9 +269,8 @@
 }
 
 void
-monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+monitor_child_preauth(struct ssh *ssh, struct monitor *pmonitor)
 {
-	struct ssh *ssh = active_state;	/* XXX */
 	struct mon_table *ent;
 	int authenticated = 0, partial = 0;
 
@@ -279,7 +282,7 @@
 		close(pmonitor->m_log_sendfd);
 	pmonitor->m_log_sendfd = pmonitor->m_recvfd = -1;
 
-	authctxt = _authctxt;
+	authctxt = (Authctxt *)ssh->authctxt;
 	memset(authctxt, 0, sizeof(*authctxt));
 	ssh->authctxt = authctxt;
 
@@ -297,7 +300,8 @@
 		auth_submethod = NULL;
 		auth2_authctxt_reset_info(authctxt);
 
-		authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1);
+		authenticated = (monitor_read(ssh, pmonitor,
+		    mon_dispatch, &ent) == 1);
 
 		/* Special handling for multiple required authentications */
 		if (options.num_auth_methods != 0) {
@@ -329,13 +333,13 @@
 				mm_request_receive_expect(pmonitor->m_sendfd,
 				    MONITOR_REQ_PAM_ACCOUNT, m);
 				authenticated = mm_answer_pam_account(
-				    pmonitor->m_sendfd, m);
+				    ssh, pmonitor->m_sendfd, m);
 				sshbuf_free(m);
 			}
 #endif
 		}
 		if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) {
-			auth_log(authctxt, authenticated, partial,
+			auth_log(ssh, authenticated, partial,
 			    auth_method, auth_submethod);
 			if (!partial && !authenticated)
 				authctxt->failures++;
@@ -356,7 +360,7 @@
 	ssh->authctxt = NULL;
 	ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
 
-	mm_get_keystate(pmonitor);
+	mm_get_keystate(ssh, pmonitor);
 
 	/* Drain any buffered messages from the child */
 	while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0)
@@ -382,7 +386,7 @@
 }
 
 void
-monitor_child_postauth(struct monitor *pmonitor)
+monitor_child_postauth(struct ssh *ssh, struct monitor *pmonitor)
 {
 	close(pmonitor->m_recvfd);
 	pmonitor->m_recvfd = -1;
@@ -408,7 +412,7 @@
 	}
 
 	for (;;)
-		monitor_read(pmonitor, mon_dispatch, NULL);
+		monitor_read(ssh, pmonitor, mon_dispatch, NULL);
 }
 
 static int
@@ -463,8 +467,8 @@
 	return 0;
 }
 
-int
-monitor_read(struct monitor *pmonitor, struct mon_table *ent,
+static int
+monitor_read(struct ssh *ssh, struct monitor *pmonitor, struct mon_table *ent,
     struct mon_table **pent)
 {
 	struct sshbuf *m;
@@ -514,7 +518,7 @@
 		if (!(ent->flags & MON_PERMIT))
 			fatal("%s: unpermitted request %d", __func__,
 			    type);
-		ret = (*ent->f)(pmonitor->m_sendfd, m);
+		ret = (*ent->f)(ssh, pmonitor->m_sendfd, m);
 		sshbuf_free(m);
 
 		/* The child may use this request only once, disable it */
@@ -565,7 +569,7 @@
 
 #ifdef WITH_OPENSSL
 int
-mm_answer_moduli(int sock, struct sshbuf *m)
+mm_answer_moduli(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	DH *dh;
 	const BIGNUM *dh_p, *dh_g;
@@ -607,9 +611,8 @@
 #endif
 
 int
-mm_answer_sign(int sock, struct sshbuf *m)
+mm_answer_sign(struct ssh *ssh, int sock, struct sshbuf *m)
 {
-	struct ssh *ssh = active_state; 	/* XXX */
 	extern int auth_sock;			/* XXX move to state struct? */
 	struct sshkey *key;
 	struct sshbuf *sigbuf = NULL;
@@ -689,7 +692,7 @@
 		fatal("%s: no hostkey from index %d", __func__, keyid);
 
 	debug3("%s: %s signature %p(%zu)", __func__,
-	    is_proof ? "KEX" : "hostkey proof", signature, siglen);
+	    is_proof ? "hostkey proof" : "KEX", signature, siglen);
 
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_string(m, signature, siglen)) != 0)
@@ -710,9 +713,8 @@
 /* Retrieves the password entry and also checks if the user is permitted */
 
 int
-mm_answer_pwnamallow(int sock, struct sshbuf *m)
+mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
 {
-	struct ssh *ssh = active_state;	/* XXX */
 	char *username;
 	struct passwd *pwent;
 	int r, allowed = 0;
@@ -726,7 +728,7 @@
 	if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
-	pwent = getpwnamallow(username);
+	pwent = getpwnamallow(ssh, username);
 
 	authctxt->user = xstrdup(username);
 	setproctitle("%s [priv]", pwent ? username : "unknown");
@@ -810,7 +812,7 @@
 	return (0);
 }
 
-int mm_answer_auth2_read_banner(int sock, struct sshbuf *m)
+int mm_answer_auth2_read_banner(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	char *banner;
 	int r;
@@ -826,7 +828,7 @@
 }
 
 int
-mm_answer_authserv(int sock, struct sshbuf *m)
+mm_answer_authserv(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	int r;
 
@@ -846,10 +848,38 @@
 	return (0);
 }
 
+/*
+ * Check that the key type appears in the supplied pattern list, ignoring
+ * mismatches in the signature algorithm. (Signature algorithm checks are
+ * performed in the unprivileged authentication code).
+ * Returns 1 on success, 0 otherwise.
+ */
+static int
+key_base_type_match(const char *method, const struct sshkey *key,
+    const char *list)
+{
+	char *s, *l, *ol = xstrdup(list);
+	int found = 0;
+
+	l = ol;
+	for ((s = strsep(&l, ",")); s && *s != '\0'; (s = strsep(&l, ","))) {
+		if (sshkey_type_from_name(s) == key->type) {
+			found = 1;
+			break;
+		}
+	}
+	if (!found) {
+		error("%s key type %s is not in permitted list %s", method,
+		    sshkey_ssh_name(key), list);
+	}
+
+	free(ol);
+	return found;
+}
+
 int
-mm_answer_authpassword(int sock, struct sshbuf *m)
+mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m)
 {
-	struct ssh *ssh = active_state;	/* XXX */
 	static int call_count;
 	char *passwd;
 	int r, authenticated;
@@ -888,7 +918,7 @@
 
 #ifdef BSD_AUTH
 int
-mm_answer_bsdauthquery(int sock, struct sshbuf *m)
+mm_answer_bsdauthquery(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	char *name, *infotxt;
 	u_int numprompts, *echo_on, success;
@@ -922,7 +952,7 @@
 }
 
 int
-mm_answer_bsdauthrespond(int sock, struct sshbuf *m)
+mm_answer_bsdauthrespond(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	char *response;
 	int r, authok;
@@ -956,12 +986,12 @@
 
 #ifdef USE_PAM
 int
-mm_answer_pam_start(int sock, struct sshbuf *m)
+mm_answer_pam_start(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	if (!options.use_pam)
 		fatal("UsePAM not set, but ended up in %s anyway", __func__);
 
-	start_pam(authctxt);
+	start_pam(ssh);
 
 	monitor_permit(mon_dispatch, MONITOR_REQ_PAM_ACCOUNT, 1);
 	if (options.kbd_interactive_authentication)
@@ -971,7 +1001,7 @@
 }
 
 int
-mm_answer_pam_account(int sock, struct sshbuf *m)
+mm_answer_pam_account(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	u_int ret;
 	int r;
@@ -994,7 +1024,7 @@
 extern KbdintDevice sshpam_device;
 
 int
-mm_answer_pam_init_ctx(int sock, struct sshbuf *m)
+mm_answer_pam_init_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	u_int ok = 0;
 	int r;
@@ -1019,7 +1049,7 @@
 }
 
 int
-mm_answer_pam_query(int sock, struct sshbuf *m)
+mm_answer_pam_query(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	char *name = NULL, *info = NULL, **prompts = NULL;
 	u_int i, num = 0, *echo_on = 0;
@@ -1060,7 +1090,7 @@
 }
 
 int
-mm_answer_pam_respond(int sock, struct sshbuf *m)
+mm_answer_pam_respond(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	char **resp;
 	u_int i, num;
@@ -1098,7 +1128,7 @@
 }
 
 int
-mm_answer_pam_free_ctx(int sock, struct sshbuf *m)
+mm_answer_pam_free_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
 
@@ -1118,9 +1148,8 @@
 #endif
 
 int
-mm_answer_keyallowed(int sock, struct sshbuf *m)
+mm_answer_keyallowed(struct ssh *ssh, int sock, struct sshbuf *m)
 {
-	struct ssh *ssh = active_state;	/* XXX */
 	struct sshkey *key = NULL;
 	char *cuser, *chost;
 	u_int pubkey_auth_attempt;
@@ -1151,8 +1180,8 @@
 				break;
 			if (auth2_key_already_used(authctxt, key))
 				break;
-			if (match_pattern_list(sshkey_ssh_name(key),
-			    options.pubkey_key_types, 0) != 1)
+			if (!key_base_type_match(auth_method, key,
+			    options.pubkey_key_types))
 				break;
 			allowed = user_key_allowed(ssh, authctxt->pw, key,
 			    pubkey_auth_attempt, &opts);
@@ -1163,10 +1192,10 @@
 				break;
 			if (auth2_key_already_used(authctxt, key))
 				break;
-			if (match_pattern_list(sshkey_ssh_name(key),
-			    options.hostbased_key_types, 0) != 1)
+			if (!key_base_type_match(auth_method, key,
+			    options.hostbased_key_types))
 				break;
-			allowed = hostbased_key_allowed(authctxt->pw,
+			allowed = hostbased_key_allowed(ssh, authctxt->pw,
 			    cuser, chost, key);
 			auth2_record_info(authctxt,
 			    "client user \"%.100s\", client host \"%.100s\"",
@@ -1198,7 +1227,7 @@
 		hostbased_chost = chost;
 	} else {
 		/* Log failed attempt */
-		auth_log(authctxt, 0, 0, auth_method, NULL);
+		auth_log(ssh, 0, 0, auth_method, NULL);
 		free(cuser);
 		free(chost);
 	}
@@ -1355,9 +1384,8 @@
 }
 
 int
-mm_answer_keyverify(int sock, struct sshbuf *m)
+mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m)
 {
-	struct ssh *ssh = active_state;	/* XXX */
 	struct sshkey *key;
 	u_char *signature, *data, *blob;
 	char *sigalg;
@@ -1402,7 +1430,7 @@
 		fatal("%s: bad signature data blob", __func__);
 
 	ret = sshkey_verify(key, signature, signaturelen, data, datalen,
-	    sigalg, active_state->compat);
+	    sigalg, ssh->compat);
 	debug3("%s: %s %p signature %s", __func__, auth_method, key,
 	    (ret == 0) ? "verified" : "unverified");
 	auth2_record_key(authctxt, ret == 0, key);
@@ -1429,9 +1457,8 @@
 }
 
 static void
-mm_record_login(Session *s, struct passwd *pw)
+mm_record_login(struct ssh *ssh, Session *s, struct passwd *pw)
 {
-	struct ssh *ssh = active_state;	/* XXX */
 	socklen_t fromlen;
 	struct sockaddr_storage from;
 
@@ -1441,9 +1468,9 @@
 	 */
 	memset(&from, 0, sizeof(from));
 	fromlen = sizeof(from);
-	if (packet_connection_is_on_socket()) {
-		if (getpeername(packet_get_connection_in(),
-		    (struct sockaddr *)&from, &fromlen) < 0) {
+	if (ssh_packet_connection_is_on_socket(ssh)) {
+		if (getpeername(ssh_packet_get_connection_in(ssh),
+		    (struct sockaddr *)&from, &fromlen) == -1) {
 			debug("getpeername: %.100s", strerror(errno));
 			cleanup_exit(255);
 		}
@@ -1466,7 +1493,7 @@
 }
 
 int
-mm_answer_pty(int sock, struct sshbuf *m)
+mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	extern struct monitor *pmonitor;
 	Session *s;
@@ -1494,7 +1521,7 @@
 	if (dup2(s->ttyfd, 0) == -1)
 		fatal("%s: dup2", __func__);
 
-	mm_record_login(s, authctxt->pw);
+	mm_record_login(ssh, s, authctxt->pw);
 
 	/* Now we can close the file descriptor again */
 	close(0);
@@ -1511,7 +1538,7 @@
 		fatal("%s: send fds failed", __func__);
 
 	/* make sure nothing uses fd 0 */
-	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) < 0)
+	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1)
 		fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
 	if (fd0 != 0)
 		error("%s: fd0 %d != 0", __func__, fd0);
@@ -1536,7 +1563,7 @@
 }
 
 int
-mm_answer_pty_cleanup(int sock, struct sshbuf *m)
+mm_answer_pty_cleanup(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	Session *s;
 	char *tty;
@@ -1554,9 +1581,8 @@
 }
 
 int
-mm_answer_term(int sock, struct sshbuf *req)
+mm_answer_term(struct ssh *ssh, int sock, struct sshbuf *req)
 {
-	struct ssh *ssh = active_state;	/* XXX */
 	extern struct monitor *pmonitor;
 	int res, status;
 
@@ -1583,7 +1609,7 @@
 #ifdef SSH_AUDIT_EVENTS
 /* Report that an audit event occurred */
 int
-mm_answer_audit_event(int socket, struct sshbuf *m)
+mm_answer_audit_event(struct ssh *ssh, int socket, struct sshbuf *m)
 {
 	u_int n;
 	ssh_audit_event_t event;
@@ -1602,7 +1628,7 @@
 	case SSH_LOGIN_ROOT_DENIED:
 	case SSH_CONNECTION_CLOSE:
 	case SSH_INVALID_USER:
-		audit_event(event);
+		audit_event(ssh, event);
 		break;
 	default:
 		fatal("Audit event type %d not permitted", event);
@@ -1612,7 +1638,7 @@
 }
 
 int
-mm_answer_audit_command(int socket, struct sshbuf *m)
+mm_answer_audit_command(struct ssh *ssh, int socket, struct sshbuf *m)
 {
 	char *cmd;
 	int r;
@@ -1628,10 +1654,8 @@
 #endif /* SSH_AUDIT_EVENTS */
 
 void
-monitor_clear_keystate(struct monitor *pmonitor)
+monitor_clear_keystate(struct ssh *ssh, struct monitor *pmonitor)
 {
-	struct ssh *ssh = active_state;	/* XXX */
-
 	ssh_clear_newkeys(ssh, MODE_IN);
 	ssh_clear_newkeys(ssh, MODE_OUT);
 	sshbuf_free(child_state);
@@ -1639,9 +1663,8 @@
 }
 
 void
-monitor_apply_keystate(struct monitor *pmonitor)
+monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor)
 {
-	struct ssh *ssh = active_state;	/* XXX */
 	struct kex *kex;
 	int r;
 
@@ -1654,18 +1677,19 @@
 	if ((kex = ssh->kex) != NULL) {
 		/* XXX set callbacks */
 #ifdef WITH_OPENSSL
-		kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
-		kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
-		kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
-		kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
-		kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
+		kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
+		kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
+		kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
+		kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
+		kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
 		kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 		kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 # ifdef OPENSSL_HAS_ECC
-		kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+		kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
 # endif
 #endif /* WITH_OPENSSL */
-		kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+		kex->kex[KEX_C25519_SHA256] = kex_gen_server;
+		kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
 		kex->load_host_public_key=&get_hostkey_public_by_type;
 		kex->load_host_private_key=&get_hostkey_private_by_type;
 		kex->host_key_index=&get_hostkey_index;
@@ -1676,7 +1700,7 @@
 /* This function requries careful sanity checking */
 
 void
-mm_get_keystate(struct monitor *pmonitor)
+mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor)
 {
 	debug3("%s: Waiting for new keys", __func__);
 
@@ -1706,9 +1730,9 @@
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
 		fatal("%s: socketpair: %s", __func__, strerror(errno));
 #ifdef SO_ZEROIZE
-	if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
+	if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1)
 		error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));
-	if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) < 0)
+	if (setsockopt(pair[1], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1)
 		error("setsockopt SO_ZEROIZE(1): %.100s", strerror(errno));
 #endif
 	FD_CLOSEONEXEC(pair[0]);
@@ -1748,7 +1772,7 @@
 
 #ifdef GSSAPI
 int
-mm_answer_gss_setup_ctx(int sock, struct sshbuf *m)
+mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	gss_OID_desc goid;
 	OM_uint32 major;
@@ -1781,7 +1805,7 @@
 }
 
 int
-mm_answer_gss_accept_ctx(int sock, struct sshbuf *m)
+mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	gss_buffer_desc in;
 	gss_buffer_desc out = GSS_C_EMPTY_BUFFER;
@@ -1815,7 +1839,7 @@
 }
 
 int
-mm_answer_gss_checkmic(int sock, struct sshbuf *m)
+mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	gss_buffer_desc gssbuf, mic;
 	OM_uint32 ret;
@@ -1846,7 +1870,7 @@
 }
 
 int
-mm_answer_gss_userok(int sock, struct sshbuf *m)
+mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m)
 {
 	int r, authenticated;
 	const char *displayname;
Index: monitor_wrap.h
===================================================================
--- monitor_wrap.h
+++ monitor_wrap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.38 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.42 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -33,6 +33,7 @@
 
 enum mm_keytype { MM_NOKEY, MM_HOSTKEY, MM_USERKEY };
 
+struct ssh;
 struct monitor;
 struct Authctxt;
 struct sshkey;
@@ -40,18 +41,20 @@
 
 void mm_log_handler(LogLevel, const char *, void *);
 int mm_is_monitor(void);
+#ifdef WITH_OPENSSL
 DH *mm_choose_dh(int, int, int);
-int mm_sshkey_sign(struct sshkey *, u_char **, size_t *, const u_char *, size_t,
-    const char *, u_int compat);
+#endif
+int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
+    const u_char *, size_t, const char *, u_int compat);
 void mm_inform_authserv(char *, char *);
-struct passwd *mm_getpwnamallow(const char *);
+struct passwd *mm_getpwnamallow(struct ssh *, const char *);
 char *mm_auth2_read_banner(void);
 int mm_auth_password(struct ssh *, char *);
 int mm_key_allowed(enum mm_keytype, const char *, const char *, struct sshkey *,
     int, struct sshauthopt **);
 int mm_user_key_allowed(struct ssh *, struct passwd *, struct sshkey *, int,
     struct sshauthopt **);
-int mm_hostbased_key_allowed(struct passwd *, const char *,
+int mm_hostbased_key_allowed(struct ssh *, struct passwd *, const char *,
     const char *, struct sshkey *);
 int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t,
     const u_char *, size_t, const char *, u_int);
@@ -65,7 +68,7 @@
 #endif
 
 #ifdef USE_PAM
-void mm_start_pam(struct Authctxt *);
+void mm_start_pam(struct ssh *ssh);
 u_int mm_do_pam_account(void);
 void *mm_sshpam_init_ctx(struct Authctxt *);
 int mm_sshpam_query(void *, char **, char **, u_int *, char ***, u_int **);
@@ -75,7 +78,7 @@
 
 #ifdef SSH_AUDIT_EVENTS
 #include "audit.h"
-void mm_audit_event(ssh_audit_event_t);
+void mm_audit_event(struct ssh *, ssh_audit_event_t);
 void mm_audit_run_command(const char *);
 #endif
 
@@ -88,10 +91,7 @@
 struct newkeys *mm_newkeys_from_blob(u_char *, int);
 int mm_newkeys_to_blob(int, u_char **, u_int *);
 
-void monitor_clear_keystate(struct monitor *);
-void monitor_apply_keystate(struct monitor *);
-void mm_get_keystate(struct monitor *);
-void mm_send_keystate(struct monitor*);
+void mm_send_keystate(struct ssh *, struct monitor*);
 
 /* bsdauth */
 int mm_bsdauth_query(void *, char **, char **, u_int *, char ***, u_int **);
Index: monitor_wrap.c
===================================================================
--- monitor_wrap.c
+++ monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.107 2018/07/20 03:46:34 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.113 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -202,12 +202,8 @@
 	if (success == 0)
 		fatal("%s: MONITOR_ANS_MODULI failed", __func__);
 
-	if ((p = BN_new()) == NULL)
-		fatal("%s: BN_new failed", __func__);
-	if ((g = BN_new()) == NULL)
-		fatal("%s: BN_new failed", __func__);
-	if ((r = sshbuf_get_bignum2(m, p)) != 0 ||
-	    (r = sshbuf_get_bignum2(m, g)) != 0)
+	if ((r = sshbuf_get_bignum2(m, &p)) != 0 ||
+	    (r = sshbuf_get_bignum2(m, &g)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
 	debug3("%s: remaining %zu", __func__, sshbuf_len(m));
@@ -218,12 +214,12 @@
 #endif
 
 int
-mm_sshkey_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
+mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen, const char *hostkey_alg, u_int compat)
 {
 	struct kex *kex = *pmonitor->m_pkex;
 	struct sshbuf *m;
-	u_int ndx = kex->host_key_index(key, 0, active_state);
+	u_int ndx = kex->host_key_index(key, 0, ssh);
 	int r;
 
 	debug3("%s entering", __func__);
@@ -248,9 +244,8 @@
 }
 
 struct passwd *
-mm_getpwnamallow(const char *username)
+mm_getpwnamallow(struct ssh *ssh, const char *username)
 {
-	struct ssh *ssh = active_state;		/* XXX */
 	struct sshbuf *m;
 	struct passwd *pw;
 	size_t len;
@@ -438,8 +433,8 @@
 }
 
 int
-mm_hostbased_key_allowed(struct passwd *pw, const char *user, const char *host,
-    struct sshkey *key)
+mm_hostbased_key_allowed(struct ssh *ssh, struct passwd *pw,
+    const char *user, const char *host, struct sshkey *key)
 {
 	return (mm_key_allowed(MM_HOSTKEY, user, host, key, 0, NULL));
 }
@@ -532,9 +527,8 @@
 }
 
 void
-mm_send_keystate(struct monitor *monitor)
+mm_send_keystate(struct ssh *ssh, struct monitor *monitor)
 {
-	struct ssh *ssh = active_state;		/* XXX */
 	struct sshbuf *m;
 	int r;
 
@@ -618,7 +612,7 @@
 	sshbuf_free(m);
 
 	/* closed dup'ed master */
-	if (s->ptymaster != -1 && close(s->ptymaster) < 0)
+	if (s->ptymaster != -1 && close(s->ptymaster) == -1)
 		error("close(s->ptymaster/%d): %s",
 		    s->ptymaster, strerror(errno));
 
@@ -628,7 +622,7 @@
 
 #ifdef USE_PAM
 void
-mm_start_pam(Authctxt *authctxt)
+mm_start_pam(struct ssh *ssh)
 {
 	struct sshbuf *m;
 
@@ -869,7 +863,7 @@
 
 #ifdef SSH_AUDIT_EVENTS
 void
-mm_audit_event(ssh_audit_event_t event)
+mm_audit_event(struct ssh *ssh, ssh_audit_event_t event)
 {
 	struct sshbuf *m;
 	int r;
Index: mux.c
===================================================================
--- mux.c
+++ mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.77 2018/09/26 07:32:44 djm Exp $ */
+/* $OpenBSD: mux.c,v 1.80 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -610,6 +610,7 @@
 	struct Forward *rfwd;
 	Channel *c;
 	struct sshbuf *out;
+	u_int port;
 	int r;
 
 	if ((c = channel_by_id(ssh, fctx->cid)) == NULL) {
@@ -632,7 +633,15 @@
 	    rfwd->connect_host, rfwd->connect_port);
 	if (type == SSH2_MSG_REQUEST_SUCCESS) {
 		if (rfwd->listen_port == 0) {
-			rfwd->allocated_port = packet_get_int();
+			if ((r = sshpkt_get_u32(ssh, &port)) != 0)
+				fatal("%s: packet error: %s",
+				    __func__, ssh_err(r));
+			if (port > 65535) {
+				fatal("Invalid allocated port %u for "
+				    "mux remote forward to %s:%d", port,
+				    rfwd->connect_host, rfwd->connect_port);
+			}
+			rfwd->allocated_port = (int)port;
 			debug("Allocated port %u for mux remote forward"
 			    " to %s:%d", rfwd->allocated_port,
 			    rfwd->connect_host, rfwd->connect_port);
@@ -1406,7 +1415,8 @@
 	if (cctx->want_agent_fwd && options.forward_agent) {
 		debug("Requesting authentication agent forwarding.");
 		channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0);
-		packet_send();
+		if ((r = sshpkt_send(ssh)) != 0)
+			fatal("%s: packet error: %s", __func__, ssh_err(r));
 	}
 
 	client_session2_setup(ssh, id, cctx->want_tty, cctx->want_subsys,
@@ -1482,7 +1492,7 @@
 			return -1;
 		}
 		len = read(fd, p + have, need - have);
-		if (len < 0) {
+		if (len == -1) {
 			switch (errno) {
 #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
 			case EWOULDBLOCK:
@@ -1531,7 +1541,7 @@
 			return -1;
 		}
 		len = write(fd, ptr + have, need - have);
-		if (len < 0) {
+		if (len == -1) {
 			switch (errno) {
 #if defined(EWOULDBLOCK) && (EWOULDBLOCK != EAGAIN)
 			case EWOULDBLOCK:
@@ -2314,7 +2324,7 @@
 		fatal("ControlPath too long ('%s' >= %u bytes)", path,
 		     (unsigned int)sizeof(addr.sun_path));
 
-	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0)
+	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
 		fatal("%s socket(): %s", __func__, strerror(errno));
 
 	if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
Index: myproposal.h
===================================================================
--- myproposal.h
+++ myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.57 2018/09/12 01:34:02 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.58 2019/02/23 08:20:43 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -90,20 +90,15 @@
 # else
 #  define KEX_CURVE25519_METHODS ""
 # endif
-#define KEX_COMMON_KEX \
+#define KEX_SERVER_KEX \
 	KEX_CURVE25519_METHODS \
 	KEX_ECDH_METHODS \
-	KEX_SHA2_METHODS
-
-#define KEX_SERVER_KEX KEX_COMMON_KEX \
+	KEX_SHA2_METHODS \
 	KEX_SHA2_GROUP14 \
-	"diffie-hellman-group14-sha1" \
-
-#define KEX_CLIENT_KEX KEX_COMMON_KEX \
-	"diffie-hellman-group-exchange-sha1," \
-	KEX_SHA2_GROUP14 \
 	"diffie-hellman-group14-sha1"
 
+#define KEX_CLIENT_KEX KEX_SERVER_KEX
+
 #define	KEX_DEFAULT_PK_ALG	\
 	HOSTKEY_ECDSA_CERT_METHODS \
 	"ssh-ed25519-cert-v01@openssh.com," \
@@ -141,9 +136,7 @@
 
 /* Not a KEX value, but here so all the algorithm defaults are together */
 #define	SSH_ALLOWED_CA_SIGALGS	\
-	"ecdsa-sha2-nistp256," \
-	"ecdsa-sha2-nistp384," \
-	"ecdsa-sha2-nistp521," \
+	HOSTKEY_ECDSA_METHODS \
 	"ssh-ed25519," \
 	"rsa-sha2-512," \
 	"rsa-sha2-256," \
Index: nchan.c
===================================================================
--- nchan.c
+++ nchan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nchan.c,v 1.69 2018/10/04 07:47:35 djm Exp $ */
+/* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -380,7 +380,7 @@
 	    c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd,
 	    channel_format_extended_usage(c));
 	if (c->sock != -1) {
-		if (shutdown(c->sock, SHUT_WR) < 0) {
+		if (shutdown(c->sock, SHUT_WR) == -1) {
 			debug2("channel %d: %s: shutdown() failed for "
 			    "fd %d [i%d o%d]: %.100s", c->self, __func__,
 			    c->sock, c->istate, c->ostate,
@@ -410,7 +410,7 @@
 		 * write side has been closed already. (bug on Linux)
 		 * HP-UX may return ENOTCONN also.
 		 */
-		if (shutdown(c->sock, SHUT_RD) < 0 && errno != ENOTCONN) {
+		if (shutdown(c->sock, SHUT_RD) == -1 && errno != ENOTCONN) {
 			error("channel %d: %s: shutdown() failed for "
 			    "fd %d [i%d o%d]: %.100s",
 			    c->self, __func__, c->sock, c->istate, c->ostate,
Index: opacket.h
===================================================================
--- opacket.h
+++ /dev/null
@@ -1,154 +0,0 @@
-/* $OpenBSD: opacket.h,v 1.13 2018/07/06 09:03:02 sf Exp $ */
-#ifndef _OPACKET_H
-/* Written by Markus Friedl. Placed in the public domain.  */
-
-/* Map old to new API */
-void     ssh_packet_start(struct ssh *, u_char);
-void     ssh_packet_put_char(struct ssh *, int ch);
-void     ssh_packet_put_int(struct ssh *, u_int value);
-void     ssh_packet_put_int64(struct ssh *, u_int64_t value);
-void     ssh_packet_put_bignum2(struct ssh *, BIGNUM * value);
-void     ssh_packet_put_ecpoint(struct ssh *, const EC_GROUP *, const EC_POINT *);
-void     ssh_packet_put_string(struct ssh *, const void *buf, u_int len);
-void     ssh_packet_put_cstring(struct ssh *, const char *str);
-void     ssh_packet_put_raw(struct ssh *, const void *buf, u_int len);
-void     ssh_packet_send(struct ssh *);
-
-u_int	 ssh_packet_get_char(struct ssh *);
-u_int	 ssh_packet_get_int(struct ssh *);
-u_int64_t ssh_packet_get_int64(struct ssh *);
-void     ssh_packet_get_bignum2(struct ssh *, BIGNUM * value);
-void	 ssh_packet_get_ecpoint(struct ssh *, const EC_GROUP *, EC_POINT *);
-void	*ssh_packet_get_string(struct ssh *, u_int *length_ptr);
-char	*ssh_packet_get_cstring(struct ssh *, u_int *length_ptr);
-
-/* don't allow remaining bytes after the end of the message */
-#define ssh_packet_check_eom(ssh) \
-do { \
-	int _len = ssh_packet_remaining(ssh); \
-	if (_len > 0) { \
-		logit("Packet integrity error (%d bytes remaining) at %s:%d", \
-		    _len ,__FILE__, __LINE__); \
-		ssh_packet_disconnect(ssh, \
-		    "Packet integrity error."); \
-	} \
-} while (0)
-
-/* old API */
-void	 packet_close(void);
-u_int	 packet_get_char(void);
-u_int	 packet_get_int(void);
-void     packet_set_connection(int, int);
-int	 packet_read_seqnr(u_int32_t *);
-int	 packet_read_poll_seqnr(u_int32_t *);
-void	 packet_process_incoming(const char *buf, u_int len);
-void	 packet_write_wait(void);
-void	 packet_write_poll(void);
-void	 packet_read_expect(int expected_type);
-#define packet_set_timeout(timeout, count) \
-	ssh_packet_set_timeout(active_state, (timeout), (count))
-#define packet_connection_is_on_socket() \
-	ssh_packet_connection_is_on_socket(active_state)
-#define packet_set_nonblocking() \
-	ssh_packet_set_nonblocking(active_state)
-#define packet_get_connection_in() \
-	ssh_packet_get_connection_in(active_state)
-#define packet_get_connection_out() \
-	ssh_packet_get_connection_out(active_state)
-#define packet_set_protocol_flags(protocol_flags) \
-	ssh_packet_set_protocol_flags(active_state, (protocol_flags))
-#define packet_get_protocol_flags() \
-	ssh_packet_get_protocol_flags(active_state)
-#define packet_start(type) \
-	ssh_packet_start(active_state, (type))
-#define packet_put_char(value) \
-	ssh_packet_put_char(active_state, (value))
-#define packet_put_int(value) \
-	ssh_packet_put_int(active_state, (value))
-#define packet_put_int64(value) \
-	ssh_packet_put_int64(active_state, (value))
-#define packet_put_string( buf, len) \
-	ssh_packet_put_string(active_state, (buf), (len))
-#define packet_put_cstring(str) \
-	ssh_packet_put_cstring(active_state, (str))
-#define packet_put_raw(buf, len) \
-	ssh_packet_put_raw(active_state, (buf), (len))
-#define packet_put_bignum2(value) \
-	ssh_packet_put_bignum2(active_state, (value))
-#define packet_send() \
-	ssh_packet_send(active_state)
-#define packet_read() \
-	ssh_packet_read(active_state)
-#define packet_get_int64() \
-	ssh_packet_get_int64(active_state)
-#define packet_get_bignum2(value) \
-	ssh_packet_get_bignum2(active_state, (value))
-#define packet_remaining() \
-	ssh_packet_remaining(active_state)
-#define packet_get_string(length_ptr) \
-	ssh_packet_get_string(active_state, (length_ptr))
-#define packet_get_string_ptr(length_ptr) \
-	ssh_packet_get_string_ptr(active_state, (length_ptr))
-#define packet_get_cstring(length_ptr) \
-	ssh_packet_get_cstring(active_state, (length_ptr))
-void	packet_send_debug(const char *, ...)
-	    __attribute__((format(printf, 1, 2)));
-void	packet_disconnect(const char *, ...)
-	    __attribute__((format(printf, 1, 2)))
-	    __attribute__((noreturn));
-#define packet_have_data_to_write() \
-	ssh_packet_have_data_to_write(active_state)
-#define packet_not_very_much_data_to_write() \
-	ssh_packet_not_very_much_data_to_write(active_state)
-#define packet_set_interactive(interactive, qos_interactive, qos_bulk) \
-	ssh_packet_set_interactive(active_state, (interactive), (qos_interactive), (qos_bulk))
-#define packet_is_interactive() \
-	ssh_packet_is_interactive(active_state)
-#define packet_set_maxsize(s) \
-	ssh_packet_set_maxsize(active_state, (s))
-#define packet_inc_alive_timeouts() \
-	ssh_packet_inc_alive_timeouts(active_state)
-#define packet_set_alive_timeouts(ka) \
-	ssh_packet_set_alive_timeouts(active_state, (ka))
-#define packet_get_maxsize() \
-	ssh_packet_get_maxsize(active_state)
-#define packet_add_padding(pad) \
-	sshpkt_add_padding(active_state, (pad))
-#define packet_send_ignore(nbytes) \
-	ssh_packet_send_ignore(active_state, (nbytes))
-#define packet_set_server() \
-	ssh_packet_set_server(active_state)
-#define packet_set_authenticated() \
-	ssh_packet_set_authenticated(active_state)
-#define packet_get_input() \
-	ssh_packet_get_input(active_state)
-#define packet_get_output() \
-	ssh_packet_get_output(active_state)
-#define packet_check_eom() \
-	ssh_packet_check_eom(active_state)
-#define set_newkeys(mode) \
-	ssh_set_newkeys(active_state, (mode))
-#define packet_get_state(m) \
-	ssh_packet_get_state(active_state, m)
-#define packet_set_state(m) \
-	ssh_packet_set_state(active_state, m)
-#define packet_get_raw(lenp) \
-        sshpkt_ptr(active_state, lenp)
-#define packet_get_ecpoint(c,p) \
-	ssh_packet_get_ecpoint(active_state, c, p)
-#define packet_put_ecpoint(c,p) \
-	ssh_packet_put_ecpoint(active_state, c, p)
-#define packet_get_rekey_timeout() \
-	ssh_packet_get_rekey_timeout(active_state)
-#define packet_set_rekey_limits(x,y) \
-	ssh_packet_set_rekey_limits(active_state, x, y)
-#define packet_get_bytes(x,y) \
-	ssh_packet_get_bytes(active_state, x, y)
-#define packet_set_mux() \
-	ssh_packet_set_mux(active_state)
-#define packet_get_mux() \
-	ssh_packet_get_mux(active_state)
-#define packet_clear_keys() \
-	ssh_packet_clear_keys(active_state)
-
-#endif /* _OPACKET_H */
Index: opacket.c
===================================================================
--- opacket.c
+++ /dev/null
@@ -1,320 +0,0 @@
-/* $OpenBSD: opacket.c,v 1.7 2017/10/20 01:56:39 djm Exp $ */
-/* Written by Markus Friedl. Placed in the public domain.  */
-
-#include "includes.h"
-
-#include <stdarg.h>
-
-#include "ssherr.h"
-#include "packet.h"
-#include "log.h"
-
-struct ssh *active_state, *backup_state;
-
-/* Map old to new API */
-
-void
-ssh_packet_start(struct ssh *ssh, u_char type)
-{
-	int r;
-
-	if ((r = sshpkt_start(ssh, type)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-void
-ssh_packet_put_char(struct ssh *ssh, int value)
-{
-	u_char ch = value;
-	int r;
-
-	if ((r = sshpkt_put_u8(ssh, ch)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-void
-ssh_packet_put_int(struct ssh *ssh, u_int value)
-{
-	int r;
-
-	if ((r = sshpkt_put_u32(ssh, value)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-void
-ssh_packet_put_int64(struct ssh *ssh, u_int64_t value)
-{
-	int r;
-
-	if ((r = sshpkt_put_u64(ssh, value)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-void
-ssh_packet_put_string(struct ssh *ssh, const void *buf, u_int len)
-{
-	int r;
-
-	if ((r = sshpkt_put_string(ssh, buf, len)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-void
-ssh_packet_put_cstring(struct ssh *ssh, const char *str)
-{
-	int r;
-
-	if ((r = sshpkt_put_cstring(ssh, str)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-void
-ssh_packet_put_raw(struct ssh *ssh, const void *buf, u_int len)
-{
-	int r;
-
-	if ((r = sshpkt_put(ssh, buf, len)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-
-#ifdef WITH_OPENSSL
-void
-ssh_packet_put_bignum2(struct ssh *ssh, BIGNUM * value)
-{
-	int r;
-
-	if ((r = sshpkt_put_bignum2(ssh, value)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-# ifdef OPENSSL_HAS_ECC
-void
-ssh_packet_put_ecpoint(struct ssh *ssh, const EC_GROUP *curve,
-    const EC_POINT *point)
-{
-	int r;
-
-	if ((r = sshpkt_put_ec(ssh, point, curve)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-# endif
-#endif /* WITH_OPENSSL */
-
-void
-ssh_packet_send(struct ssh *ssh)
-{
-	int r;
-
-	if ((r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-u_int
-ssh_packet_get_char(struct ssh *ssh)
-{
-	u_char ch;
-	int r;
-
-	if ((r = sshpkt_get_u8(ssh, &ch)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-	return ch;
-}
-
-u_int
-ssh_packet_get_int(struct ssh *ssh)
-{
-	u_int val;
-	int r;
-
-	if ((r = sshpkt_get_u32(ssh, &val)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-	return val;
-}
-
-u_int64_t
-ssh_packet_get_int64(struct ssh *ssh)
-{
-	u_int64_t val;
-	int r;
-
-	if ((r = sshpkt_get_u64(ssh, &val)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-	return val;
-}
-
-
-#ifdef WITH_OPENSSL
-void
-ssh_packet_get_bignum2(struct ssh *ssh, BIGNUM * value)
-{
-	int r;
-
-	if ((r = sshpkt_get_bignum2(ssh, value)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-
-# ifdef OPENSSL_HAS_ECC
-void
-ssh_packet_get_ecpoint(struct ssh *ssh, const EC_GROUP *curve, EC_POINT *point)
-{
-	int r;
-
-	if ((r = sshpkt_get_ec(ssh, point, curve)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-}
-# endif
-#endif /* WITH_OPENSSL */
-
-void *
-ssh_packet_get_string(struct ssh *ssh, u_int *length_ptr)
-{
-	int r;
-	size_t len;
-	u_char *val;
-
-	if ((r = sshpkt_get_string(ssh, &val, &len)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-	if (length_ptr != NULL)
-		*length_ptr = (u_int)len;
-	return val;
-}
-
-const void *
-ssh_packet_get_string_ptr(struct ssh *ssh, u_int *length_ptr)
-{
-	int r;
-	size_t len;
-	const u_char *val;
-
-	if ((r = sshpkt_get_string_direct(ssh, &val, &len)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-	if (length_ptr != NULL)
-		*length_ptr = (u_int)len;
-	return val;
-}
-
-char *
-ssh_packet_get_cstring(struct ssh *ssh, u_int *length_ptr)
-{
-	int r;
-	size_t len;
-	char *val;
-
-	if ((r = sshpkt_get_cstring(ssh, &val, &len)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
-	if (length_ptr != NULL)
-		*length_ptr = (u_int)len;
-	return val;
-}
-
-/* Old API, that had to be reimplemented */
-
-void
-packet_set_connection(int fd_in, int fd_out)
-{
-	active_state = ssh_packet_set_connection(active_state, fd_in, fd_out);
-	if (active_state == NULL)
-		fatal("%s: ssh_packet_set_connection failed", __func__);
-}
-
-u_int
-packet_get_char(void)
-{
-	return (ssh_packet_get_char(active_state));
-}
-
-u_int
-packet_get_int(void)
-{
-	return (ssh_packet_get_int(active_state));
-}
-
-int
-packet_read_seqnr(u_int32_t *seqnr)
-{
-	u_char type;
-	int r;
-
-	if ((r = ssh_packet_read_seqnr(active_state, &type, seqnr)) != 0)
-		sshpkt_fatal(active_state, __func__, r);
-	return type;
-}
-
-int
-packet_read_poll_seqnr(u_int32_t *seqnr)
-{
-	u_char type;
-	int r;
-
-	if ((r = ssh_packet_read_poll_seqnr(active_state, &type, seqnr)))
-		sshpkt_fatal(active_state, __func__, r);
-	return type;
-}
-
-void
-packet_close(void)
-{
-	ssh_packet_close(active_state);
-	active_state = NULL;
-}
-
-void
-packet_process_incoming(const char *buf, u_int len)
-{
-	int r;
-
-	if ((r = ssh_packet_process_incoming(active_state, buf, len)) != 0)
-		sshpkt_fatal(active_state, __func__, r);
-}
-
-void
-packet_write_wait(void)
-{
-	int r;
-
-	if ((r = ssh_packet_write_wait(active_state)) != 0)
-		sshpkt_fatal(active_state, __func__, r);
-}
-
-void
-packet_write_poll(void)
-{
-	int r;
-
-	if ((r = ssh_packet_write_poll(active_state)) != 0)
-		sshpkt_fatal(active_state, __func__, r);
-}
-
-void
-packet_read_expect(int expected_type)
-{
-	int r;
-
-	if ((r = ssh_packet_read_expect(active_state, expected_type)) != 0)
-		sshpkt_fatal(active_state, __func__, r);
-}
-
-void
-packet_disconnect(const char *fmt, ...)
-{
-	char buf[1024];
-	va_list args;
-
-	va_start(args, fmt);
-	vsnprintf(buf, sizeof(buf), fmt, args);
-	va_end(args);
-	ssh_packet_disconnect(active_state, "%s", buf);
-}
-
-void
-packet_send_debug(const char *fmt, ...)
-{
-	char buf[1024];
-	va_list args;
-
-	va_start(args, fmt);
-	vsnprintf(buf, sizeof(buf), fmt, args);
-	va_end(args);
-	ssh_packet_send_debug(active_state, "%s", buf);
-}
Index: openbsd-compat/Makefile.in
===================================================================
--- openbsd-compat/Makefile.in
+++ openbsd-compat/Makefile.in
@@ -34,11 +34,11 @@
 	inet_ntoa.o \
 	inet_ntop.o \
 	md5.o \
+	memmem.o \
 	mktemp.o \
 	pwcache.o \
 	readpassphrase.o \
 	reallocarray.o \
-	realpath.o \
 	recallocarray.o \
 	rmd160.o \
 	rresvport.o \
Index: openbsd-compat/bsd-closefrom.c
===================================================================
--- openbsd-compat/bsd-closefrom.c
+++ openbsd-compat/bsd-closefrom.c
@@ -46,6 +46,9 @@
 #  include <ndir.h>
 # endif
 #endif
+#if defined(HAVE_LIBPROC_H)
+# include <libproc.h>
+#endif
 
 #ifndef OPEN_MAX
 # define OPEN_MAX	256
@@ -55,21 +58,73 @@
 __unused static const char rcsid[] = "$Sudo: closefrom.c,v 1.11 2006/08/17 15:26:54 millert Exp $";
 #endif /* lint */
 
+#ifndef HAVE_FCNTL_CLOSEM
 /*
  * Close all file descriptors greater than or equal to lowfd.
  */
+static void
+closefrom_fallback(int lowfd)
+{
+	long fd, maxfd;
+
+	/*
+	 * Fall back on sysconf() or getdtablesize().  We avoid checking
+	 * resource limits since it is possible to open a file descriptor
+	 * and then drop the rlimit such that it is below the open fd.
+	 */
+#ifdef HAVE_SYSCONF
+	maxfd = sysconf(_SC_OPEN_MAX);
+#else
+	maxfd = getdtablesize();
+#endif /* HAVE_SYSCONF */
+	if (maxfd < 0)
+		maxfd = OPEN_MAX;
+
+	for (fd = lowfd; fd < maxfd; fd++)
+		(void) close((int) fd);
+}
+#endif /* HAVE_FCNTL_CLOSEM */
+
 #ifdef HAVE_FCNTL_CLOSEM
 void
 closefrom(int lowfd)
 {
     (void) fcntl(lowfd, F_CLOSEM, 0);
 }
-#else
+#elif defined(HAVE_LIBPROC_H) && defined(HAVE_PROC_PIDINFO)
 void
 closefrom(int lowfd)
 {
-    long fd, maxfd;
-#if defined(HAVE_DIRFD) && defined(HAVE_PROC_PID)
+	int i, r, sz;
+	pid_t pid = getpid();
+	struct proc_fdinfo *fdinfo_buf = NULL;
+
+	sz = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, NULL, 0);
+	if (sz == 0)
+		return; /* no fds, really? */
+	else if (sz == -1)
+		goto fallback;
+	if ((fdinfo_buf = malloc(sz)) == NULL)
+		goto fallback;
+	r = proc_pidinfo(pid, PROC_PIDLISTFDS, 0, fdinfo_buf, sz);
+	if (r < 0 || r > sz)
+		goto fallback;
+	for (i = 0; i < r / (int)PROC_PIDLISTFD_SIZE; i++) {
+		if (fdinfo_buf[i].proc_fd >= lowfd)
+			close(fdinfo_buf[i].proc_fd);
+	}
+	free(fdinfo_buf);
+	return;
+ fallback:
+	free(fdinfo_buf);
+	closefrom_fallback(lowfd);
+	return;
+}
+#elif defined(HAVE_DIRFD) && defined(HAVE_PROC_PID)
+void
+closefrom(int lowfd)
+{
+    long fd;
     char fdpath[PATH_MAX], *endp;
     struct dirent *dent;
     DIR *dirp;
@@ -85,25 +140,16 @@
 		(void) close((int) fd);
 	}
 	(void) closedir(dirp);
-    } else
-#endif
-    {
-	/*
-	 * Fall back on sysconf() or getdtablesize().  We avoid checking
-	 * resource limits since it is possible to open a file descriptor
-	 * and then drop the rlimit such that it is below the open fd.
-	 */
-#ifdef HAVE_SYSCONF
-	maxfd = sysconf(_SC_OPEN_MAX);
-#else
-	maxfd = getdtablesize();
-#endif /* HAVE_SYSCONF */
-	if (maxfd < 0)
-	    maxfd = OPEN_MAX;
-
-	for (fd = lowfd; fd < maxfd; fd++)
-	    (void) close((int) fd);
+	return;
     }
+    /* /proc/$$/fd strategy failed, fall back to brute force closure */
+    closefrom_fallback(lowfd);
+}
+#else
+void
+closefrom(int lowfd)
+{
+	closefrom_fallback(lowfd);
 }
 #endif /* !HAVE_FCNTL_CLOSEM */
 #endif /* HAVE_CLOSEFROM */
Index: openbsd-compat/bsd-cygwin_util.h
===================================================================
--- openbsd-compat/bsd-cygwin_util.h
+++ openbsd-compat/bsd-cygwin_util.h
@@ -55,6 +55,7 @@
 int check_ntsec(const char *);
 char **fetch_windows_environment(void);
 void free_windows_environment(char **);
+int cygwin_ug_match_pattern_list(const char *, const char *);
 
 #ifndef NO_BINARY_OPEN
 #define open binary_open
Index: openbsd-compat/bsd-cygwin_util.c
===================================================================
--- openbsd-compat/bsd-cygwin_util.c
+++ openbsd-compat/bsd-cygwin_util.c
@@ -37,6 +37,9 @@
 #include <string.h>
 #include <unistd.h>
 #include <stdarg.h>
+#include <stdlib.h>
+#include <wchar.h>
+#include <wctype.h>
 
 #include "xmalloc.h"
 
@@ -115,6 +118,152 @@
 free_windows_environment(char **p)
 {
 	free(p);
+}
+
+/*
+ * Returns true if the given string matches the pattern (which may contain ?
+ * and * as wildcards), and zero if it does not match.
+ *
+ * The Cygwin version of this function must be case-insensitive and take
+ * Unicode characters into account.
+ */
+
+static int
+__match_pattern (const wchar_t *s, const wchar_t *pattern)
+{
+	for (;;) {
+		/* If at end of pattern, accept if also at end of string. */
+		if (!*pattern)
+			return !*s;
+
+		if (*pattern == '*') {
+			/* Skip the asterisk. */
+			pattern++;
+
+			/* If at end of pattern, accept immediately. */
+			if (!*pattern)
+				return 1;
+
+			/* If next character in pattern is known, optimize. */
+			if (*pattern != '?' && *pattern != '*') {
+				/*
+				 * Look instances of the next character in
+				 * pattern, and try to match starting from
+				 * those.
+				 */
+				for (; *s; s++)
+					if (*s == *pattern &&
+					    __match_pattern(s + 1, pattern + 1))
+						return 1;
+				/* Failed. */
+				return 0;
+			}
+			/*
+			 * Move ahead one character at a time and try to
+			 * match at each position.
+			 */
+			for (; *s; s++)
+				if (__match_pattern(s, pattern))
+					return 1;
+			/* Failed. */
+			return 0;
+		}
+		/*
+		 * There must be at least one more character in the string.
+		 * If we are at the end, fail.
+		 */
+		if (!*s)
+			return 0;
+
+		/* Check if the next character of the string is acceptable. */
+		if (*pattern != '?' && towlower(*pattern) != towlower(*s))
+			return 0;
+
+		/* Move to the next character, both in string and in pattern. */
+		s++;
+		pattern++;
+	}
+	/* NOTREACHED */
+}
+
+static int
+_match_pattern(const char *s, const char *pattern)
+{
+	wchar_t *ws;
+	wchar_t *wpattern;
+	size_t len;
+	int ret;
+
+	if ((len = mbstowcs(NULL, s, 0)) < 0)
+		return 0;
+	ws = (wchar_t *) xcalloc(len + 1, sizeof (wchar_t));
+	mbstowcs(ws, s, len + 1);
+	if ((len = mbstowcs(NULL, pattern, 0)) < 0)
+		return 0;
+	wpattern = (wchar_t *) xcalloc(len + 1, sizeof (wchar_t));
+	mbstowcs(wpattern, pattern, len + 1);
+	ret = __match_pattern (ws, wpattern);
+	free(ws);
+	free(wpattern);
+	return ret;
+}
+
+/*
+ * Tries to match the string against the
+ * comma-separated sequence of subpatterns (each possibly preceded by ! to
+ * indicate negation).  Returns -1 if negation matches, 1 if there is
+ * a positive match, 0 if there is no match at all.
+ */
+int
+cygwin_ug_match_pattern_list(const char *string, const char *pattern)
+{
+	char sub[1024];
+	int negated;
+	int got_positive;
+	u_int i, subi, len = strlen(pattern);
+
+	got_positive = 0;
+	for (i = 0; i < len;) {
+		/* Check if the subpattern is negated. */
+		if (pattern[i] == '!') {
+			negated = 1;
+			i++;
+		} else
+			negated = 0;
+
+		/*
+		 * Extract the subpattern up to a comma or end.  Convert the
+		 * subpattern to lowercase.
+		 */
+		for (subi = 0;
+		    i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
+		    subi++, i++)
+			sub[subi] = pattern[i];
+		/* If subpattern too long, return failure (no match). */
+		if (subi >= sizeof(sub) - 1)
+			return 0;
+
+		/* If the subpattern was terminated by a comma, then skip it. */
+		if (i < len && pattern[i] == ',')
+			i++;
+
+		/* Null-terminate the subpattern. */
+		sub[subi] = '\0';
+
+		/* Try to match the subpattern against the string. */
+		if (_match_pattern(string, sub)) {
+			if (negated)
+				return -1;		/* Negative */
+			else
+				got_positive = 1;	/* Positive */
+		}
+	}
+
+	/*
+	 * Return success if got a positive match.  If there was a negative
+	 * match, we have already returned -1 and never get here.
+	 */
+	return got_positive;
 }
 
 #endif /* HAVE_CYGWIN */
Index: openbsd-compat/bsd-misc.h
===================================================================
--- openbsd-compat/bsd-misc.h
+++ openbsd-compat/bsd-misc.h
@@ -64,6 +64,26 @@
 int utimes(char *, struct timeval *);
 #endif /* HAVE_UTIMES */
 
+#ifndef HAVE_UTIMENSAT
+/* start with the high bits and work down to minimise risk of overlap */
+# ifndef AT_SYMLINK_NOFOLLOW
+#  define AT_SYMLINK_NOFOLLOW 0x80000000
+# endif
+int utimensat(int, const char *, const struct timespec[2], int);
+#endif
+
+#ifndef AT_FDCWD
+# define AT_FDCWD (-2)
+#endif
+
+#ifndef HAVE_FCHMODAT
+int fchmodat(int, const char *, mode_t, int);
+#endif
+
+#ifndef HAVE_FCHOWNAT
+int fchownat(int, const char *, uid_t, gid_t, int);
+#endif
+
 #ifndef HAVE_TRUNCATE
 int truncate (const char *, off_t);
 #endif /* HAVE_TRUNCATE */
Index: openbsd-compat/bsd-misc.c
===================================================================
--- openbsd-compat/bsd-misc.c
+++ openbsd-compat/bsd-misc.c
@@ -25,6 +25,7 @@
 # include <sys/time.h>
 #endif
 
+#include <fcntl.h>
 #include <string.h>
 #include <signal.h>
 #include <stdlib.h>
@@ -114,6 +115,106 @@
 	ub.modtime = tvp[1].tv_sec;
 
 	return (utime(filename, &ub));
+}
+#endif
+
+#ifndef HAVE_UTIMENSAT
+/*
+ * A limited implementation of utimensat() that only implements the
+ * functionality used by OpenSSH, currently only AT_FDCWD and
+ * AT_SYMLINK_NOFOLLOW.
+ */
+int
+utimensat(int fd, const char *path, const struct timespec times[2],
+    int flag)
+{
+	struct timeval tv[2];
+	int ret, oflags = O_WRONLY;
+
+	tv[0].tv_sec = times[0].tv_sec;
+	tv[0].tv_usec = times[0].tv_nsec / 1000;
+	tv[1].tv_sec = times[1].tv_sec;
+	tv[1].tv_usec = times[1].tv_nsec / 1000;
+
+	if (fd != AT_FDCWD) {
+		errno = ENOSYS;
+		return -1;
+	}
+# ifndef HAVE_FUTIMES
+	return utimes(path, tv);
+# else
+#  ifdef O_NOFOLLOW
+	if (flag & AT_SYMLINK_NOFOLLOW)
+		oflags |= O_NOFOLLOW;
+#  endif /* O_NOFOLLOW */
+	if ((fd = open(path, oflags)) == -1)
+		return -1;
+	ret = futimes(fd, tv);
+	close(fd);
+	return ret;
+# endif
+}
+#endif
+
+#ifndef HAVE_FCHOWNAT
+/*
+ * A limited implementation of fchownat() that only implements the
+ * functionality used by OpenSSH, currently only AT_FDCWD and
+ * AT_SYMLINK_NOFOLLOW.
+ */
+int
+fchownat(int fd, const char *path, uid_t owner, gid_t group, int flag)
+{
+	int ret, oflags = O_WRONLY;
+
+	if (fd != AT_FDCWD) {
+		errno = ENOSYS;
+		return -1;
+	}
+# ifndef HAVE_FCHOWN
+	return chown(path, owner, group);
+# else
+#  ifdef O_NOFOLLOW
+	if (flag & AT_SYMLINK_NOFOLLOW)
+		oflags |= O_NOFOLLOW;
+#  endif /* O_NOFOLLOW */
+	if ((fd = open(path, oflags)) == -1)
+		return -1;
+	ret = fchown(fd, owner, group);
+	close(fd);
+	return ret;
+# endif
+}
+#endif
+
+#ifndef HAVE_FCHMODAT
+/*
+ * A limited implementation of fchmodat() that only implements the
+ * functionality used by OpenSSH, currently only AT_FDCWD and
+ * AT_SYMLINK_NOFOLLOW.
+ */
+int
+fchmodat(int fd, const char *path, mode_t mode, int flag)
+{
+	int ret, oflags = O_WRONLY;
+
+	if (fd != AT_FDCWD) {
+		errno = ENOSYS;
+		return -1;
+	}
+# ifndef HAVE_FCHMOD
+	return chmod(path, mode);
+# else
+#  ifdef O_NOFOLLOW
+	if (flag & AT_SYMLINK_NOFOLLOW)
+		oflags |= O_NOFOLLOW;
+#  endif /* O_NOFOLLOW */
+	if ((fd = open(path, oflags)) == -1)
+		return -1;
+	ret = fchmod(fd, mode);
+	close(fd);
+	return ret;
+# endif
 }
 #endif
 
Index: openbsd-compat/bsd-openpty.c
===================================================================
--- openbsd-compat/bsd-openpty.c
+++ openbsd-compat/bsd-openpty.c
@@ -121,6 +121,15 @@
 		return (-1);
 	}
 
+# if defined(I_FIND) && defined(__SVR4)
+	/*
+	 * If the streams modules have already been pushed then there
+	 * is no more work to do here.
+	 */
+	if (ioctl(*aslave, I_FIND, "ptem") != 0)
+		return 0;
+# endif
+
 	/*
 	 * Try to push the appropriate streams modules, as described
 	 * in Solaris pts(7).
Index: openbsd-compat/bsd-setres_id.c
===================================================================
--- openbsd-compat/bsd-setres_id.c
+++ openbsd-compat/bsd-setres_id.c
@@ -37,20 +37,20 @@
 #if defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
 	if (setregid(rgid, egid) < 0) {
 		saved_errno = errno;
-		error("setregid %u: %.100s", rgid, strerror(errno));
+		error("setregid %lu: %.100s", (u_long)rgid, strerror(errno));
 		errno = saved_errno;
 		ret = -1;
 	}
 #else
 	if (setegid(egid) < 0) {
 		saved_errno = errno;
-		error("setegid %u: %.100s", (u_int)egid, strerror(errno));
+		error("setegid %lu: %.100s", (u_long)egid, strerror(errno));
 		errno = saved_errno;
 		ret = -1;
 	}
 	if (setgid(rgid) < 0) {
 		saved_errno = errno;
-		error("setgid %u: %.100s", rgid, strerror(errno));
+		error("setgid %lu: %.100s", (u_long)rgid, strerror(errno));
 		errno = saved_errno;
 		ret = -1;
 	}
@@ -72,7 +72,7 @@
 #if defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
 	if (setreuid(ruid, euid) < 0) {
 		saved_errno = errno;
-		error("setreuid %u: %.100s", ruid, strerror(errno));
+		error("setreuid %lu: %.100s", (u_long)ruid, strerror(errno));
 		errno = saved_errno;
 		ret = -1;
 	}
@@ -81,14 +81,14 @@
 # ifndef SETEUID_BREAKS_SETUID
 	if (seteuid(euid) < 0) {
 		saved_errno = errno;
-		error("seteuid %u: %.100s", euid, strerror(errno));
+		error("seteuid %lu: %.100s", (u_long)euid, strerror(errno));
 		errno = saved_errno;
 		ret = -1;
 	}
 # endif
 	if (setuid(ruid) < 0) {
 		saved_errno = errno;
-		error("setuid %u: %.100s", ruid, strerror(errno));
+		error("setuid %lu: %.100s", (u_long)ruid, strerror(errno));
 		errno = saved_errno;
 		ret = -1;
 	}
Index: openbsd-compat/bsd-signal.c
===================================================================
--- openbsd-compat/bsd-signal.c
+++ openbsd-compat/bsd-signal.c
@@ -17,6 +17,7 @@
 #include "includes.h"
 
 #include <signal.h>
+#include <stdio.h>
 #include <string.h>
 #include <unistd.h>
 
Index: openbsd-compat/libressl-api-compat.c
===================================================================
--- openbsd-compat/libressl-api-compat.c
+++ openbsd-compat/libressl-api-compat.c
@@ -152,7 +152,9 @@
 #include <openssl/dsa.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
+#ifdef OPENSSL_HAS_ECC
 #include <openssl/ecdsa.h>
+#endif
 #include <openssl/dh.h>
 
 #ifndef HAVE_DSA_GET0_PQG
@@ -417,6 +419,7 @@
 }
 #endif /* HAVE_DSA_SIG_SET0 */
 
+#ifdef OPENSSL_HAS_ECC
 #ifndef HAVE_ECDSA_SIG_GET0
 void
 ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
@@ -442,6 +445,7 @@
 	return 1;
 }
 #endif /* HAVE_ECDSA_SIG_SET0 */
+#endif /* OPENSSL_HAS_ECC */
 
 #ifndef HAVE_DH_GET0_PQG
 void
Index: openbsd-compat/memmem.c
===================================================================
--- /dev/null
+++ openbsd-compat/memmem.c
@@ -0,0 +1,69 @@
+/*	$OpenBSD: memmem.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */
+/*-
+ * Copyright (c) 2005 Pascal Gloor <pascal.gloor@spale.com>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_MEMMEM
+
+#include <string.h>
+
+/*
+ * Find the first occurrence of the byte string s in byte string l.
+ */
+
+void *
+memmem(const void *l, size_t l_len, const void *s, size_t s_len)
+{
+	const char *cur, *last;
+	const char *cl = l;
+	const char *cs = s;
+
+	/* a zero length needle should just return the haystack */
+	if (s_len == 0)
+		return (void *)cl;
+
+	/* "s" must be smaller or equal to "l" */
+	if (l_len < s_len)
+		return NULL;
+
+	/* special case where s_len == 1 */
+	if (s_len == 1)
+		return memchr(l, *cs, l_len);
+
+	/* the last position where its possible to find "s" in "l" */
+	last = cl + l_len - s_len;
+
+	for (cur = cl; cur <= last; cur++)
+		if (cur[0] == cs[0] && memcmp(cur, cs, s_len) == 0)
+			return (void *)cur;
+
+	return NULL;
+}
+DEF_WEAK(memmem);
+#endif /* HAVE_MEMMEM */
Index: openbsd-compat/openbsd-compat.h
===================================================================
--- openbsd-compat/openbsd-compat.h
+++ openbsd-compat/openbsd-compat.h
@@ -61,6 +61,7 @@
 #endif
 
 #ifndef HAVE_GETLINE
+#include <stdio.h>
 ssize_t getline(char **, size_t *, FILE *);
 #endif
 
@@ -72,6 +73,10 @@
 char *getcwd(char *pt, size_t size);
 #endif
 
+#ifdef HAVE_MEMMEM
+void *memmem(const void *, size_t, const void *, size_t);
+#endif
+
 #ifndef HAVE_REALLOCARRAY
 void *reallocarray(void *, size_t, size_t);
 #endif
@@ -80,18 +85,6 @@
 void *recallocarray(void *, size_t, size_t, size_t);
 #endif
 
-#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
-/*
- * glibc's FORTIFY_SOURCE can redefine this and prevent us picking up the
- * compat version.
- */
-# ifdef BROKEN_REALPATH
-#  define realpath(x, y) _ssh_compat_realpath(x, y)
-# endif
-
-char *realpath(const char *path, char *resolved);
-#endif
-
 #ifndef HAVE_RRESVPORT_AF
 int rresvport_af(int *alport, sa_family_t af);
 #endif
@@ -106,6 +99,14 @@
 
 #ifndef HAVE_STRCASESTR
 char *strcasestr(const char *, const char *);
+#endif
+
+#ifndef HAVE_STRNLEN
+size_t strnlen(const char *, size_t);
+#endif
+
+#ifndef HAVE_STRNDUP
+char *strndup(const char *s, size_t n);
 #endif
 
 #ifndef HAVE_SETENV
Index: openbsd-compat/openssl-compat.h
===================================================================
--- openbsd-compat/openssl-compat.h
+++ openbsd-compat/openssl-compat.h
@@ -21,18 +21,34 @@
 #ifdef WITH_OPENSSL
 
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
+#ifdef OPENSSL_HAS_ECC
 #include <openssl/ecdsa.h>
+#endif
 #include <openssl/dh.h>
 
 int ssh_compatible_openssl(long, long);
+void ssh_libcrypto_init(void);
 
-#if (OPENSSL_VERSION_NUMBER <= 0x0090805fL)
-# error OpenSSL 0.9.8f or greater is required
+#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
+# error OpenSSL 1.0.1 or greater is required
 #endif
 
+#ifndef OPENSSL_VERSION
+# define OPENSSL_VERSION	SSLEAY_VERSION
+#endif
+
+#ifndef HAVE_OPENSSL_VERSION
+# define OpenSSL_version(x)	SSLeay_version(x)
+#endif
+
+#ifndef HAVE_OPENSSL_VERSION_NUM
+# define OpenSSL_version_num	SSLeay
+#endif
+
 #if OPENSSL_VERSION_NUMBER < 0x10000001L
 # define LIBCRYPTO_EVP_INL_TYPE unsigned int
 #else
@@ -77,27 +93,6 @@
 # endif
 #endif
 
-/*
- * We overload some of the OpenSSL crypto functions with ssh_* equivalents
- * to automatically handle OpenSSL engine initialisation.
- *
- * In order for the compat library to call the real functions, it must
- * define SSH_DONT_OVERLOAD_OPENSSL_FUNCS before including this file and
- * implement the ssh_* equivalents.
- */
-#ifndef SSH_DONT_OVERLOAD_OPENSSL_FUNCS
-
-# ifdef USE_OPENSSL_ENGINE
-#  ifdef OpenSSL_add_all_algorithms
-#   undef OpenSSL_add_all_algorithms
-#  endif
-#  define OpenSSL_add_all_algorithms()  ssh_OpenSSL_add_all_algorithms()
-# endif
-
-void ssh_OpenSSL_add_all_algorithms(void);
-
-#endif	/* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
-
 /* LibreSSL/OpenSSL 1.1x API compat */
 #ifndef HAVE_DSA_GET0_PQG
 void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
@@ -161,6 +156,7 @@
 int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
 #endif /* DSA_SIG_SET0 */
 
+#ifdef OPENSSL_HAS_ECC
 #ifndef HAVE_ECDSA_SIG_GET0
 void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
 #endif /* HAVE_ECDSA_SIG_GET0 */
@@ -168,6 +164,7 @@
 #ifndef HAVE_ECDSA_SIG_SET0
 int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
 #endif /* HAVE_ECDSA_SIG_SET0 */
+#endif /* OPENSSL_HAS_ECC */
 
 #ifndef HAVE_DH_GET0_PQG
 void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
Index: openbsd-compat/openssl-compat.c
===================================================================
--- openbsd-compat/openssl-compat.c
+++ openbsd-compat/openssl-compat.c
@@ -66,23 +66,31 @@
 	return 0;
 }
 
-#ifdef	USE_OPENSSL_ENGINE
 void
-ssh_OpenSSL_add_all_algorithms(void)
+ssh_libcrypto_init(void)
 {
+#if defined(HAVE_OPENSSL_INIT_CRYPTO) && \
+      defined(OPENSSL_INIT_ADD_ALL_CIPHERS) && \
+      defined(OPENSSL_INIT_ADD_ALL_DIGESTS)
+	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
+	    OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+#elif defined(HAVE_OPENSSL_ADD_ALL_ALGORITHMS)
 	OpenSSL_add_all_algorithms();
+#endif
 
+#ifdef	USE_OPENSSL_ENGINE
 	/* Enable use of crypto hardware */
 	ENGINE_load_builtin_engines();
 	ENGINE_register_all_complete();
 
-#if OPENSSL_VERSION_NUMBER < 0x10001000L
-	OPENSSL_config(NULL);
-#else
+	/* Load the libcrypto config file to pick up engines defined there */
+# if defined(HAVE_OPENSSL_INIT_CRYPTO) && defined(OPENSSL_INIT_LOAD_CONFIG)
 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
 	    OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL);
-#endif
+# else
+	OPENSSL_config(NULL);
+# endif
+#endif /* USE_OPENSSL_ENGINE */
 }
-#endif
 
 #endif /* WITH_OPENSSL */
Index: openbsd-compat/port-aix.h
===================================================================
--- openbsd-compat/port-aix.h
+++ openbsd-compat/port-aix.h
@@ -30,6 +30,7 @@
 # include <sys/socket.h>
 #endif
 
+struct ssh;
 struct sshbuf;
 
 /* These should be in the system headers but are not. */
@@ -89,8 +90,8 @@
 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1
 int sys_auth_allowed_user(struct passwd *, struct sshbuf *);
 # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
-int sys_auth_record_login(const char *, const char *,
-    const char *, struct sshbuf *);
+int sys_auth_record_login(const char *, const char *, const char *,
+    struct sshbuf *);
 # define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
 char *sys_auth_get_lastlogin_msg(const char *, uid_t);
 # define CUSTOM_FAILED_LOGIN 1
Index: openbsd-compat/port-aix.c
===================================================================
--- openbsd-compat/port-aix.c
+++ openbsd-compat/port-aix.c
@@ -313,7 +313,8 @@
  * record_failed_login: generic "login failed" interface function
  */
 void
-record_failed_login(const char *user, const char *hostname, const char *ttyname)
+record_failed_login(struct ssh *ssh, const char *user, const char *hostname,
+    const char *ttyname)
 {
 	if (geteuid() != 0)
 		return;
Index: openbsd-compat/port-irix.c
===================================================================
--- openbsd-compat/port-irix.c
+++ openbsd-compat/port-irix.c
@@ -43,6 +43,8 @@
 # include <sat.h>
 #endif /* WITH_IRIX_AUDIT */
 
+#include "log.h"
+
 void
 irix_setusercontext(struct passwd *pw)
 {
Index: openbsd-compat/port-solaris.c
===================================================================
--- openbsd-compat/port-solaris.c
+++ openbsd-compat/port-solaris.c
@@ -284,11 +284,10 @@
 	    priv_addset(npset, PRIV_FILE_OWNER) != 0)
 		fatal("priv_addset: %s", strerror(errno));
 
-	if (priv_delset(npset, PRIV_FILE_LINK_ANY) != 0 ||
+	if (priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
 #ifdef PRIV_NET_ACCESS
 	    priv_delset(npset, PRIV_NET_ACCESS) != 0 ||
 #endif
-	    priv_delset(npset, PRIV_PROC_EXEC) != 0 ||
 	    priv_delset(npset, PRIV_PROC_FORK) != 0 ||
 	    priv_delset(npset, PRIV_PROC_INFO) != 0 ||
 	    priv_delset(npset, PRIV_PROC_SESSION) != 0)
@@ -348,8 +347,7 @@
 	    priv_delset(pset, PRIV_NET_ACCESS) != 0 ||
 #endif
 	    priv_delset(pset, PRIV_PROC_EXEC) != 0 ||
-	    priv_delset(pset, PRIV_PROC_INFO) != 0 ||
-	    priv_delset(pset, PRIV_PROC_SESSION) != 0)
+	    priv_delset(pset, PRIV_PROC_INFO) != 0)
 		fatal("priv_delset: %s", strerror(errno));
 
 	if (setppriv(PRIV_SET, PRIV_PERMITTED, pset) != 0 ||
Index: openbsd-compat/pwcache.c
===================================================================
--- openbsd-compat/pwcache.c
+++ openbsd-compat/pwcache.c
@@ -67,7 +67,7 @@
 		if ((pw = getpwuid(uid)) == NULL) {
 			if (nouser)
 				return (NULL);
-			(void)snprintf(nbuf, sizeof(nbuf), "%u", uid);
+			(void)snprintf(nbuf, sizeof(nbuf), "%lu", (u_long)uid);
 		}
 		cp->uid = uid;
 		if (cp->name != NULL)
@@ -102,7 +102,7 @@
 		if ((gr = getgrgid(gid)) == NULL) {
 			if (nogroup)
 				return (NULL);
-			(void)snprintf(nbuf, sizeof(nbuf), "%u", gid);
+			(void)snprintf(nbuf, sizeof(nbuf), "%lu", (u_long)gid);
 		}
 		cp->gid = gid;
 		if (cp->name != NULL)
Index: openbsd-compat/realpath.c
===================================================================
--- openbsd-compat/realpath.c
+++ /dev/null
@@ -1,229 +0,0 @@
-/*	$OpenBSD: realpath.c,v 1.20 2015/10/13 20:55:37 millert Exp $ */
-/*
- * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The names of the authors may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
-
-#include "includes.h"
-
-#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/stat.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <stddef.h>
-#include <string.h>
-#include <unistd.h>
-#include <limits.h>
-
-#ifndef SYMLOOP_MAX
-# define SYMLOOP_MAX 32
-#endif
-
-/* A slightly modified copy of this file exists in libexec/ld.so */
-
-/*
- * char *realpath(const char *path, char resolved[PATH_MAX]);
- *
- * Find the real name of path, by removing all ".", ".." and symlink
- * components.  Returns (resolved) on success, or (NULL) on failure,
- * in which case the path which caused trouble is left in (resolved).
- */
-char *
-realpath(const char *path, char *resolved)
-{
-	struct stat sb;
-	char *p, *q, *s;
-	size_t left_len, resolved_len;
-	unsigned symlinks;
-	int serrno, slen, mem_allocated;
-	char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
-
-	if (path[0] == '\0') {
-		errno = ENOENT;
-		return (NULL);
-	}
-
-	serrno = errno;
-
-	if (resolved == NULL) {
-		resolved = malloc(PATH_MAX);
-		if (resolved == NULL)
-			return (NULL);
-		mem_allocated = 1;
-	} else
-		mem_allocated = 0;
-
-	symlinks = 0;
-	if (path[0] == '/') {
-		resolved[0] = '/';
-		resolved[1] = '\0';
-		if (path[1] == '\0')
-			return (resolved);
-		resolved_len = 1;
-		left_len = strlcpy(left, path + 1, sizeof(left));
-	} else {
-		if (getcwd(resolved, PATH_MAX) == NULL) {
-			if (mem_allocated)
-				free(resolved);
-			else
-				strlcpy(resolved, ".", PATH_MAX);
-			return (NULL);
-		}
-		resolved_len = strlen(resolved);
-		left_len = strlcpy(left, path, sizeof(left));
-	}
-	if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
-		errno = ENAMETOOLONG;
-		goto err;
-	}
-
-	/*
-	 * Iterate over path components in `left'.
-	 */
-	while (left_len != 0) {
-		/*
-		 * Extract the next path component and adjust `left'
-		 * and its length.
-		 */
-		p = strchr(left, '/');
-		s = p ? p : left + left_len;
-		if (s - left >= (ptrdiff_t)sizeof(next_token)) {
-			errno = ENAMETOOLONG;
-			goto err;
-		}
-		memcpy(next_token, left, s - left);
-		next_token[s - left] = '\0';
-		left_len -= s - left;
-		if (p != NULL)
-			memmove(left, s + 1, left_len + 1);
-		if (resolved[resolved_len - 1] != '/') {
-			if (resolved_len + 1 >= PATH_MAX) {
-				errno = ENAMETOOLONG;
-				goto err;
-			}
-			resolved[resolved_len++] = '/';
-			resolved[resolved_len] = '\0';
-		}
-		if (next_token[0] == '\0')
-			continue;
-		else if (strcmp(next_token, ".") == 0)
-			continue;
-		else if (strcmp(next_token, "..") == 0) {
-			/*
-			 * Strip the last path component except when we have
-			 * single "/"
-			 */
-			if (resolved_len > 1) {
-				resolved[resolved_len - 1] = '\0';
-				q = strrchr(resolved, '/') + 1;
-				*q = '\0';
-				resolved_len = q - resolved;
-			}
-			continue;
-		}
-
-		/*
-		 * Append the next path component and lstat() it. If
-		 * lstat() fails we still can return successfully if
-		 * there are no more path components left.
-		 */
-		resolved_len = strlcat(resolved, next_token, PATH_MAX);
-		if (resolved_len >= PATH_MAX) {
-			errno = ENAMETOOLONG;
-			goto err;
-		}
-		if (lstat(resolved, &sb) != 0) {
-			if (errno == ENOENT && p == NULL) {
-				errno = serrno;
-				return (resolved);
-			}
-			goto err;
-		}
-		if (S_ISLNK(sb.st_mode)) {
-			if (symlinks++ > SYMLOOP_MAX) {
-				errno = ELOOP;
-				goto err;
-			}
-			slen = readlink(resolved, symlink, sizeof(symlink) - 1);
-			if (slen < 0)
-				goto err;
-			symlink[slen] = '\0';
-			if (symlink[0] == '/') {
-				resolved[1] = 0;
-				resolved_len = 1;
-			} else if (resolved_len > 1) {
-				/* Strip the last path component. */
-				resolved[resolved_len - 1] = '\0';
-				q = strrchr(resolved, '/') + 1;
-				*q = '\0';
-				resolved_len = q - resolved;
-			}
-
-			/*
-			 * If there are any path components left, then
-			 * append them to symlink. The result is placed
-			 * in `left'.
-			 */
-			if (p != NULL) {
-				if (symlink[slen - 1] != '/') {
-					if (slen + 1 >=
-					    (ptrdiff_t)sizeof(symlink)) {
-						errno = ENAMETOOLONG;
-						goto err;
-					}
-					symlink[slen] = '/';
-					symlink[slen + 1] = 0;
-				}
-				left_len = strlcat(symlink, left, sizeof(symlink));
-				if (left_len >= sizeof(symlink)) {
-					errno = ENAMETOOLONG;
-					goto err;
-				}
-			}
-			left_len = strlcpy(left, symlink, sizeof(left));
-		}
-	}
-
-	/*
-	 * Remove trailing slash except when the resolved pathname
-	 * is a single "/".
-	 */
-	if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
-		resolved[resolved_len - 1] = '\0';
-	return (resolved);
-
-err:
-	if (mem_allocated)
-		free(resolved);
-	return (NULL);
-}
-#endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */
Index: openbsd-compat/regress/Makefile.in
===================================================================
--- openbsd-compat/regress/Makefile.in
+++ openbsd-compat/regress/Makefile.in
@@ -14,7 +14,7 @@
 LDFLAGS=@LDFLAGS@ $(LIBCOMPAT)
 
 TESTPROGS=closefromtest$(EXEEXT) snprintftest$(EXEEXT) strduptest$(EXEEXT) \
-	strtonumtest$(EXEEXT) opensslvertest$(EXEEXT)
+	strtonumtest$(EXEEXT) opensslvertest$(EXEEXT) utimensattest$(EXEEXT)
 
 all:	t-exec ${OTHERTESTS}
 
Index: openbsd-compat/regress/snprintftest.c
===================================================================
--- openbsd-compat/regress/snprintftest.c
+++ openbsd-compat/regress/snprintftest.c
@@ -47,7 +47,7 @@
 main(void)
 {
 	char b[5];
-	char *src;
+	char *src = NULL;
 
 	snprintf(b,5,"123456789");
 	if (b[4] != '\0')
@@ -69,5 +69,6 @@
 	if (x_snprintf(b, 1, "%s %d", "hello", 12345) != 11)
 		fail("vsnprintf does not return required length");
 
+	free(src);
 	return failed;
 }
Index: openbsd-compat/regress/utimensattest.c
===================================================================
--- /dev/null
+++ openbsd-compat/regress/utimensattest.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2019 Darren Tucker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define TMPFILE "utimensat.tmp"
+#define TMPFILE2 "utimensat.tmp2"
+
+#ifndef AT_SYMLINK_NOFOLLOW
+# define AT_SYMLINK_NOFOLLOW 0x80000000
+#endif
+
+int utimensat(int, const char *, const struct timespec[2], int);
+
+static void
+cleanup(void)
+{
+	(void)unlink(TMPFILE);
+	(void)unlink(TMPFILE2);
+}
+
+static void
+fail(char *msg, long expect, long got)
+{
+	int saved_errno = errno;
+
+	if (expect == got && got == 0)
+		fprintf(stderr, "utimensat: %s: %s\n", msg,
+		     strerror(saved_errno));
+	else
+		fprintf(stderr, "utimensat: %s: expected %ld got %ld\n",
+		     msg, expect, got);
+	cleanup();
+	exit(1);
+}
+
+int
+main(void)
+{
+	int fd;
+	struct stat sb;
+	struct timespec ts[2];
+
+	cleanup();
+	if ((fd = open(TMPFILE, O_CREAT, 0600)) == -1)
+		fail("open", 0, 0);
+	close(fd);
+
+	ts[0].tv_sec = 12345678;
+	ts[0].tv_nsec = 23456789;
+	ts[1].tv_sec = 34567890;
+	ts[1].tv_nsec = 45678901;
+	if (utimensat(AT_FDCWD, TMPFILE, ts, AT_SYMLINK_NOFOLLOW) == -1)
+		fail("utimensat", 0, 0);
+
+	if (stat(TMPFILE, &sb) == -1)
+		fail("stat", 0, 0 );
+	if (sb.st_atime != 12345678)
+		fail("st_atime", 0, 0 );
+	if (sb.st_mtime != 34567890)
+		fail("st_mtime", 0, 0 );
+#if 0
+	/*
+	 * Results expected to be rounded to the nearest microsecond.
+	 * Depends on timestamp precision in kernel and filesystem so
+	 * disabled by default.
+	 */
+	if (sb.st_atim.tv_nsec != 23456000)
+		fail("atim.tv_nsec", 23456000, sb.st_atim.tv_nsec);
+	if (sb.st_mtim.tv_nsec != 45678000)
+		fail("mtim.tv_nsec", 45678000, sb.st_mtim.tv_nsec);
+#endif
+
+	/*
+	 * POSIX specifies that when given a symlink, AT_SYMLINK_NOFOLLOW
+	 * should update the symlink and not the destination.  The compat
+	 * code doesn't have a way to do this, so where possible it fails
+	 * with instead of following a symlink when explicitly asked not to.
+	 * Here we just test that it does not update the destination.
+	 */
+	if (rename(TMPFILE, TMPFILE2) == -1)
+		fail("rename", 0, 0);
+	if (symlink(TMPFILE2, TMPFILE) == -1)
+		fail("symlink", 0, 0);
+	ts[0].tv_sec = 11223344;
+	ts[1].tv_sec = 55667788;
+	(void)utimensat(AT_FDCWD, TMPFILE, ts, AT_SYMLINK_NOFOLLOW);
+	if (stat(TMPFILE2, &sb) == -1)
+		fail("stat", 0, 0 );
+	if (sb.st_atime == 11223344)
+		fail("utimensat symlink st_atime", 0, 0 );
+	if (sb.st_mtime == 55667788)
+		fail("utimensat symlink st_mtime", 0, 0 );
+
+	cleanup();
+	exit(0);
+}
Index: openbsd-compat/setproctitle.c
===================================================================
--- openbsd-compat/setproctitle.c
+++ openbsd-compat/setproctitle.c
@@ -36,6 +36,7 @@
 #ifndef HAVE_SETPROCTITLE
 
 #include <stdarg.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
 #ifdef HAVE_SYS_PSTAT_H
Index: openbsd-compat/sha1.c
===================================================================
--- openbsd-compat/sha1.c
+++ openbsd-compat/sha1.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sha1.c,v 1.23 2014/01/08 06:14:57 tedu Exp $	*/
+/*	$OpenBSD: sha1.c,v 1.27 2019/06/07 22:56:36 dtucker Exp $	*/
 
 /*
  * SHA-1 in C
@@ -18,7 +18,7 @@
 
 #ifndef WITH_OPENSSL
 
-#include <sys/param.h>
+#include <sys/types.h>
 #include <string.h>
 
 #define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
@@ -101,6 +101,7 @@
 	/* Wipe variables */
 	a = b = c = d = e = 0;
 }
+DEF_WEAK(SHA1Transform);
 
 
 /*
@@ -118,6 +119,7 @@
 	context->state[3] = 0x10325476;
 	context->state[4] = 0xC3D2E1F0;
 }
+DEF_WEAK(SHA1Init);
 
 
 /*
@@ -129,7 +131,7 @@
 	size_t i, j;
 
 	j = (size_t)((context->count >> 3) & 63);
-	context->count += (len << 3);
+	context->count += ((u_int64_t)len << 3);
 	if ((j + len) > 63) {
 		(void)memcpy(&context->buffer[j], data, (i = 64-j));
 		SHA1Transform(context->state, context->buffer);
@@ -141,6 +143,7 @@
 	}
 	(void)memcpy(&context->buffer[j], &data[i], len - i);
 }
+DEF_WEAK(SHA1Update);
 
 
 /*
@@ -161,6 +164,7 @@
 		SHA1Update(context, (u_int8_t *)"\0", 1);
 	SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
 }
+DEF_WEAK(SHA1Pad);
 
 void
 SHA1Final(u_int8_t digest[SHA1_DIGEST_LENGTH], SHA1_CTX *context)
@@ -172,6 +176,7 @@
 		digest[i] = (u_int8_t)
 		   ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
 	}
-	memset(context, 0, sizeof(*context));
+	explicit_bzero(context, sizeof(*context));
 }
+DEF_WEAK(SHA1Final);
 #endif /* !WITH_OPENSSL */
Index: openbsd-compat/sha2.h
===================================================================
--- openbsd-compat/sha2.h
+++ openbsd-compat/sha2.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sha2.h,v 1.6 2004/06/22 01:57:30 jfb Exp 	*/
+/*	$OpenBSD: sha2.h,v 1.10 2016/09/03 17:00:29 tedu Exp $	*/
 
 /*
  * FILE:	sha2.h
@@ -41,18 +41,13 @@
 
 #include "includes.h"
 
-#ifdef WITH_OPENSSL
-# include <openssl/opensslv.h>
-# if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-#  define _NEED_SHA2 1
-# endif
-#else
-# define _NEED_SHA2 1
-#endif
+#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \
+    !defined(HAVE_SHA512UPDATE)
 
-#if defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE)
-
 /*** SHA-256/384/512 Various Length Definitions ***********************/
+#define SHA224_BLOCK_LENGTH		64
+#define SHA224_DIGEST_LENGTH		28
+#define SHA224_DIGEST_STRING_LENGTH	(SHA224_DIGEST_LENGTH * 2 + 1)
 #define SHA256_BLOCK_LENGTH		64
 #define SHA256_DIGEST_LENGTH		32
 #define SHA256_DIGEST_STRING_LENGTH	(SHA256_DIGEST_LENGTH * 2 + 1)
@@ -62,73 +57,118 @@
 #define SHA512_BLOCK_LENGTH		128
 #define SHA512_DIGEST_LENGTH		64
 #define SHA512_DIGEST_STRING_LENGTH	(SHA512_DIGEST_LENGTH * 2 + 1)
+#define SHA512_256_BLOCK_LENGTH		128
+#define SHA512_256_DIGEST_LENGTH	32
+#define SHA512_256_DIGEST_STRING_LENGTH	(SHA512_256_DIGEST_LENGTH * 2 + 1)
 
 
-/*** SHA-256/384/512 Context Structures *******************************/
-typedef struct _SHA256_CTX {
-	u_int32_t	state[8];
-	u_int64_t	bitcount;
-	u_int8_t	buffer[SHA256_BLOCK_LENGTH];
-} SHA256_CTX;
-typedef struct _SHA512_CTX {
-	u_int64_t	state[8];
+/*** SHA-224/256/384/512 Context Structure *******************************/
+typedef struct _SHA2_CTX {
+	union {
+		u_int32_t	st32[8];
+		u_int64_t	st64[8];
+	} state;
 	u_int64_t	bitcount[2];
 	u_int8_t	buffer[SHA512_BLOCK_LENGTH];
-} SHA512_CTX;
+} SHA2_CTX;
 
-typedef SHA512_CTX SHA384_CTX;
+#if 0
+__BEGIN_DECLS
+void SHA224Init(SHA2_CTX *);
+void SHA224Transform(u_int32_t state[8], const u_int8_t [SHA224_BLOCK_LENGTH]);
+void SHA224Update(SHA2_CTX *, const u_int8_t *, size_t)
+	__attribute__((__bounded__(__string__,2,3)));
+void SHA224Pad(SHA2_CTX *);
+void SHA224Final(u_int8_t [SHA224_DIGEST_LENGTH], SHA2_CTX *)
+	__attribute__((__bounded__(__minbytes__,1,SHA224_DIGEST_LENGTH)));
+char *SHA224End(SHA2_CTX *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH)));
+char *SHA224File(const char *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH)));
+char *SHA224FileChunk(const char *, char *, off_t, off_t)
+	__attribute__((__bounded__(__minbytes__,2,SHA224_DIGEST_STRING_LENGTH)));
+char *SHA224Data(const u_int8_t *, size_t, char *)
+	__attribute__((__bounded__(__string__,1,2)))
+	__attribute__((__bounded__(__minbytes__,3,SHA224_DIGEST_STRING_LENGTH)));
+#endif /* 0 */
 
-void SHA256_Init(SHA256_CTX *);
-void SHA256_Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
-void SHA256_Update(SHA256_CTX *, const u_int8_t *, size_t)
+#ifndef HAVE_SHA256UPDATE
+void SHA256Init(SHA2_CTX *);
+void SHA256Transform(u_int32_t state[8], const u_int8_t [SHA256_BLOCK_LENGTH]);
+void SHA256Update(SHA2_CTX *, const u_int8_t *, size_t)
 	__attribute__((__bounded__(__string__,2,3)));
-void SHA256_Pad(SHA256_CTX *);
-void SHA256_Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA256_CTX *)
+void SHA256Pad(SHA2_CTX *);
+void SHA256Final(u_int8_t [SHA256_DIGEST_LENGTH], SHA2_CTX *)
 	__attribute__((__bounded__(__minbytes__,1,SHA256_DIGEST_LENGTH)));
-char *SHA256_End(SHA256_CTX *, char *)
+char *SHA256End(SHA2_CTX *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
-char *SHA256_File(const char *, char *)
+char *SHA256File(const char *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
-char *SHA256_FileChunk(const char *, char *, off_t, off_t)
+char *SHA256FileChunk(const char *, char *, off_t, off_t)
 	__attribute__((__bounded__(__minbytes__,2,SHA256_DIGEST_STRING_LENGTH)));
-char *SHA256_Data(const u_int8_t *, size_t, char *)
+char *SHA256Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA256_DIGEST_STRING_LENGTH)));
+#endif /* HAVE_SHA256UPDATE */
 
-void SHA384_Init(SHA384_CTX *);
-void SHA384_Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
-void SHA384_Update(SHA384_CTX *, const u_int8_t *, size_t)
+#ifndef HAVE_SHA384UPDATE
+void SHA384Init(SHA2_CTX *);
+void SHA384Transform(u_int64_t state[8], const u_int8_t [SHA384_BLOCK_LENGTH]);
+void SHA384Update(SHA2_CTX *, const u_int8_t *, size_t)
 	__attribute__((__bounded__(__string__,2,3)));
-void SHA384_Pad(SHA384_CTX *);
-void SHA384_Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA384_CTX *)
+void SHA384Pad(SHA2_CTX *);
+void SHA384Final(u_int8_t [SHA384_DIGEST_LENGTH], SHA2_CTX *)
 	__attribute__((__bounded__(__minbytes__,1,SHA384_DIGEST_LENGTH)));
-char *SHA384_End(SHA384_CTX *, char *)
+char *SHA384End(SHA2_CTX *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
-char *SHA384_File(const char *, char *)
+char *SHA384File(const char *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
-char *SHA384_FileChunk(const char *, char *, off_t, off_t)
+char *SHA384FileChunk(const char *, char *, off_t, off_t)
 	__attribute__((__bounded__(__minbytes__,2,SHA384_DIGEST_STRING_LENGTH)));
-char *SHA384_Data(const u_int8_t *, size_t, char *)
+char *SHA384Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA384_DIGEST_STRING_LENGTH)));
+#endif /* HAVE_SHA384UPDATE */
 
-void SHA512_Init(SHA512_CTX *);
-void SHA512_Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
-void SHA512_Update(SHA512_CTX *, const u_int8_t *, size_t)
+#ifndef HAVE_SHA512UPDATE
+void SHA512Init(SHA2_CTX *);
+void SHA512Transform(u_int64_t state[8], const u_int8_t [SHA512_BLOCK_LENGTH]);
+void SHA512Update(SHA2_CTX *, const u_int8_t *, size_t)
 	__attribute__((__bounded__(__string__,2,3)));
-void SHA512_Pad(SHA512_CTX *);
-void SHA512_Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA512_CTX *)
+void SHA512Pad(SHA2_CTX *);
+void SHA512Final(u_int8_t [SHA512_DIGEST_LENGTH], SHA2_CTX *)
 	__attribute__((__bounded__(__minbytes__,1,SHA512_DIGEST_LENGTH)));
-char *SHA512_End(SHA512_CTX *, char *)
+char *SHA512End(SHA2_CTX *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
-char *SHA512_File(const char *, char *)
+char *SHA512File(const char *, char *)
 	__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
-char *SHA512_FileChunk(const char *, char *, off_t, off_t)
+char *SHA512FileChunk(const char *, char *, off_t, off_t)
 	__attribute__((__bounded__(__minbytes__,2,SHA512_DIGEST_STRING_LENGTH)));
-char *SHA512_Data(const u_int8_t *, size_t, char *)
+char *SHA512Data(const u_int8_t *, size_t, char *)
 	__attribute__((__bounded__(__string__,1,2)))
 	__attribute__((__bounded__(__minbytes__,3,SHA512_DIGEST_STRING_LENGTH)));
+#endif /* HAVE_SHA512UPDATE */
 
-#endif /* defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) */
+#if 0
+void SHA512_256Init(SHA2_CTX *);
+void SHA512_256Transform(u_int64_t state[8], const u_int8_t [SHA512_256_BLOCK_LENGTH]);
+void SHA512_256Update(SHA2_CTX *, const u_int8_t *, size_t)
+	__attribute__((__bounded__(__string__,2,3)));
+void SHA512_256Pad(SHA2_CTX *);
+void SHA512_256Final(u_int8_t [SHA512_256_DIGEST_LENGTH], SHA2_CTX *)
+	__attribute__((__bounded__(__minbytes__,1,SHA512_256_DIGEST_LENGTH)));
+char *SHA512_256End(SHA2_CTX *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA512_256_DIGEST_STRING_LENGTH)));
+char *SHA512_256File(const char *, char *)
+	__attribute__((__bounded__(__minbytes__,2,SHA512_256_DIGEST_STRING_LENGTH)));
+char *SHA512_256FileChunk(const char *, char *, off_t, off_t)
+	__attribute__((__bounded__(__minbytes__,2,SHA512_256_DIGEST_STRING_LENGTH)));
+char *SHA512_256Data(const u_int8_t *, size_t, char *)
+	__attribute__((__bounded__(__string__,1,2)))
+	__attribute__((__bounded__(__minbytes__,3,SHA512_256_DIGEST_STRING_LENGTH)));
+__END_DECLS
+#endif /* 0 */
+
+#endif /* HAVE_SHA{256,384,512}UPDATE */
 
 #endif /* _SSHSHA2_H */
Index: openbsd-compat/sha2.c
===================================================================
--- openbsd-compat/sha2.c
+++ openbsd-compat/sha2.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sha2.c,v 1.11 2005/08/08 08:05:35 espie Exp 	*/
+/*	$OpenBSD: sha2.c,v 1.28 2019/07/23 12:35:22 dtucker Exp $	*/
 
 /*
  * FILE:	sha2.c
@@ -38,18 +38,14 @@
 
 #include "includes.h"
 
-#ifdef WITH_OPENSSL
-# include <openssl/opensslv.h>
-# if !defined(HAVE_EVP_SHA256) && (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-#  define _NEED_SHA2 1
-# endif
-#else
-# define _NEED_SHA2 1
-#endif
+#if !defined(HAVE_SHA256UPDATE) || !defined(HAVE_SHA384UPDATE) || \
+    !defined(HAVE_SHA512UPDATE)
 
-#if defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE)
+/* no-op out, similar to DEF_WEAK but only needed here */
+#define MAKE_CLONE(x, y)	void __ssh_compat_make_clone_##x_##y(void);
 
 #include <string.h>
+#include <sha2.h>
 
 /*
  * UNROLLED TRANSFORM LOOP NOTE:
@@ -64,8 +60,13 @@
  *   #define SHA2_UNROLL_TRANSFORM
  *
  */
+#ifndef SHA2_SMALL
+#if defined(__amd64__) || defined(__i386__)
+#define SHA2_UNROLL_TRANSFORM
+#endif
+#endif
 
-/*** SHA-256/384/512 Machine Architecture Definitions *****************/
+/*** SHA-224/256/384/512 Machine Architecture Definitions *****************/
 /*
  * BYTE_ORDER NOTE:
  *
@@ -98,8 +99,9 @@
 #endif
 
 
-/*** SHA-256/384/512 Various Length Definitions ***********************/
+/*** SHA-224/256/384/512 Various Length Definitions ***********************/
 /* NOTE: Most of these are in sha2.h */
+#define SHA224_SHORT_BLOCK_LENGTH	(SHA224_BLOCK_LENGTH - 8)
 #define SHA256_SHORT_BLOCK_LENGTH	(SHA256_BLOCK_LENGTH - 8)
 #define SHA384_SHORT_BLOCK_LENGTH	(SHA384_BLOCK_LENGTH - 16)
 #define SHA512_SHORT_BLOCK_LENGTH	(SHA512_BLOCK_LENGTH - 16)
@@ -152,22 +154,22 @@
  * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
  *
  *   NOTE:  The naming of R and S appears backwards here (R is a SHIFT and
- *   S is a ROTATION) because the SHA-256/384/512 description document
+ *   S is a ROTATION) because the SHA-224/256/384/512 description document
  *   (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
  *   same "backwards" definition.
  */
-/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
+/* Shift-right (used in SHA-224, SHA-256, SHA-384, and SHA-512): */
 #define R(b,x) 		((x) >> (b))
-/* 32-bit Rotate-right (used in SHA-256): */
+/* 32-bit Rotate-right (used in SHA-224 and SHA-256): */
 #define S32(b,x)	(((x) >> (b)) | ((x) << (32 - (b))))
 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
 #define S64(b,x)	(((x) >> (b)) | ((x) << (64 - (b))))
 
-/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
+/* Two of six logical functions used in SHA-224, SHA-256, SHA-384, and SHA-512: */
 #define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
 #define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
 
-/* Four of six logical functions used in SHA-256: */
+/* Four of six logical functions used in SHA-224 and SHA-256: */
 #define Sigma0_256(x)	(S32(2,  (x)) ^ S32(13, (x)) ^ S32(22, (x)))
 #define Sigma1_256(x)	(S32(6,  (x)) ^ S32(11, (x)) ^ S32(25, (x)))
 #define sigma0_256(x)	(S32(7,  (x)) ^ S32(18, (x)) ^ R(3 ,   (x)))
@@ -181,8 +183,8 @@
 
 
 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
-/* Hash constant words K for SHA-256: */
-const static u_int32_t K256[64] = {
+/* Hash constant words K for SHA-224 and SHA-256: */
+static const u_int32_t K256[64] = {
 	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
 	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
 	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
@@ -202,7 +204,7 @@
 };
 
 /* Initial hash value H for SHA-256: */
-const static u_int32_t sha256_initial_hash_value[8] = {
+static const u_int32_t sha256_initial_hash_value[8] = {
 	0x6a09e667UL,
 	0xbb67ae85UL,
 	0x3c6ef372UL,
@@ -214,7 +216,7 @@
 };
 
 /* Hash constant words K for SHA-384 and SHA-512: */
-const static u_int64_t K512[80] = {
+static const u_int64_t K512[80] = {
 	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
 	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
 	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
@@ -257,8 +259,35 @@
 	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
 };
 
+/* Initial hash value H for SHA-512 */
+static const u_int64_t sha512_initial_hash_value[8] = {
+	0x6a09e667f3bcc908ULL,
+	0xbb67ae8584caa73bULL,
+	0x3c6ef372fe94f82bULL,
+	0xa54ff53a5f1d36f1ULL,
+	0x510e527fade682d1ULL,
+	0x9b05688c2b3e6c1fULL,
+	0x1f83d9abfb41bd6bULL,
+	0x5be0cd19137e2179ULL
+};
+
+#if !defined(SHA2_SMALL)
+#if 0
+/* Initial hash value H for SHA-224: */
+static const u_int32_t sha224_initial_hash_value[8] = {
+	0xc1059ed8UL,
+	0x367cd507UL,
+	0x3070dd17UL,
+	0xf70e5939UL,
+	0xffc00b31UL,
+	0x68581511UL,
+	0x64f98fa7UL,
+	0xbefa4fa4UL
+};
+#endif /* 0 */
+
 /* Initial hash value H for SHA-384 */
-const static u_int64_t sha384_initial_hash_value[8] = {
+static const u_int64_t sha384_initial_hash_value[8] = {
 	0xcbbb9d5dc1059ed8ULL,
 	0x629a292a367cd507ULL,
 	0x9159015a3070dd17ULL,
@@ -269,30 +298,67 @@
 	0x47b5481dbefa4fa4ULL
 };
 
-/* Initial hash value H for SHA-512 */
-const static u_int64_t sha512_initial_hash_value[8] = {
-	0x6a09e667f3bcc908ULL,
-	0xbb67ae8584caa73bULL,
-	0x3c6ef372fe94f82bULL,
-	0xa54ff53a5f1d36f1ULL,
-	0x510e527fade682d1ULL,
-	0x9b05688c2b3e6c1fULL,
-	0x1f83d9abfb41bd6bULL,
-	0x5be0cd19137e2179ULL
+#if 0
+/* Initial hash value H for SHA-512-256 */
+static const u_int64_t sha512_256_initial_hash_value[8] = {
+	0x22312194fc2bf72cULL,
+	0x9f555fa3c84c64c2ULL,
+	0x2393b86b6f53b151ULL,
+	0x963877195940eabdULL,
+	0x96283ee2a88effe3ULL,
+	0xbe5e1e2553863992ULL,
+	0x2b0199fc2c85b8aaULL,
+	0x0eb72ddc81c52ca2ULL
 };
 
+/*** SHA-224: *********************************************************/
+void
+SHA224Init(SHA2_CTX *context)
+{
+	memcpy(context->state.st32, sha224_initial_hash_value,
+	    sizeof(sha224_initial_hash_value));
+	memset(context->buffer, 0, sizeof(context->buffer));
+	context->bitcount[0] = 0;
+}
+DEF_WEAK(SHA224Init);
 
+MAKE_CLONE(SHA224Transform, SHA256Transform);
+MAKE_CLONE(SHA224Update, SHA256Update);
+MAKE_CLONE(SHA224Pad, SHA256Pad);
+DEF_WEAK(SHA224Transform);
+DEF_WEAK(SHA224Update);
+DEF_WEAK(SHA224Pad);
+
+void
+SHA224Final(u_int8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *context)
+{
+	SHA224Pad(context);
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+	int	i;
+
+	/* Convert TO host byte order */
+	for (i = 0; i < 7; i++)
+		BE_32_TO_8(digest + i * 4, context->state.st32[i]);
+#else
+	memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH);
+#endif
+	explicit_bzero(context, sizeof(*context));
+}
+DEF_WEAK(SHA224Final);
+#endif /* !defined(SHA2_SMALL) */
+#endif /* 0 */
+
 /*** SHA-256: *********************************************************/
 void
-SHA256_Init(SHA256_CTX *context)
+SHA256Init(SHA2_CTX *context)
 {
-	if (context == NULL)
-		return;
-	memcpy(context->state, sha256_initial_hash_value,
+	memcpy(context->state.st32, sha256_initial_hash_value,
 	    sizeof(sha256_initial_hash_value));
 	memset(context->buffer, 0, sizeof(context->buffer));
-	context->bitcount = 0;
+	context->bitcount[0] = 0;
 }
+DEF_WEAK(SHA256Init);
 
 #ifdef SHA2_UNROLL_TRANSFORM
 
@@ -320,7 +386,7 @@
 } while(0)
 
 void
-SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
+SHA256Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
 {
 	u_int32_t	a, b, c, d, e, f, g, h, s0, s1;
 	u_int32_t	T1, W256[16];
@@ -378,7 +444,7 @@
 #else /* SHA2_UNROLL_TRANSFORM */
 
 void
-SHA256_Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
+SHA256Transform(u_int32_t state[8], const u_int8_t data[SHA256_BLOCK_LENGTH])
 {
 	u_int32_t	a, b, c, d, e, f, g, h, s0, s1;
 	u_int32_t	T1, T2, W256[16];
@@ -451,17 +517,18 @@
 }
 
 #endif /* SHA2_UNROLL_TRANSFORM */
+DEF_WEAK(SHA256Transform);
 
 void
-SHA256_Update(SHA256_CTX *context, const u_int8_t *data, size_t len)
+SHA256Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
 {
-	size_t	freespace, usedspace;
+	u_int64_t	freespace, usedspace;
 
 	/* Calling with no data is valid (we do nothing) */
 	if (len == 0)
 		return;
 
-	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
+	usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH;
 	if (usedspace > 0) {
 		/* Calculate how much free space is available in the buffer */
 		freespace = SHA256_BLOCK_LENGTH - usedspace;
@@ -469,14 +536,14 @@
 		if (len >= freespace) {
 			/* Fill the buffer completely and process it */
 			memcpy(&context->buffer[usedspace], data, freespace);
-			context->bitcount += freespace << 3;
+			context->bitcount[0] += freespace << 3;
 			len -= freespace;
 			data += freespace;
-			SHA256_Transform(context->state, context->buffer);
+			SHA256Transform(context->state.st32, context->buffer);
 		} else {
 			/* The buffer is not yet full */
 			memcpy(&context->buffer[usedspace], data, len);
-			context->bitcount += len << 3;
+			context->bitcount[0] += (u_int64_t)len << 3;
 			/* Clean up: */
 			usedspace = freespace = 0;
 			return;
@@ -484,26 +551,27 @@
 	}
 	while (len >= SHA256_BLOCK_LENGTH) {
 		/* Process as many complete blocks as we can */
-		SHA256_Transform(context->state, data);
-		context->bitcount += SHA256_BLOCK_LENGTH << 3;
+		SHA256Transform(context->state.st32, data);
+		context->bitcount[0] += SHA256_BLOCK_LENGTH << 3;
 		len -= SHA256_BLOCK_LENGTH;
 		data += SHA256_BLOCK_LENGTH;
 	}
 	if (len > 0) {
 		/* There's left-overs, so save 'em */
 		memcpy(context->buffer, data, len);
-		context->bitcount += len << 3;
+		context->bitcount[0] += len << 3;
 	}
 	/* Clean up: */
 	usedspace = freespace = 0;
 }
+DEF_WEAK(SHA256Update);
 
 void
-SHA256_Pad(SHA256_CTX *context)
+SHA256Pad(SHA2_CTX *context)
 {
 	unsigned int	usedspace;
 
-	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
+	usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH;
 	if (usedspace > 0) {
 		/* Begin padding with a 1 bit: */
 		context->buffer[usedspace++] = 0x80;
@@ -518,7 +586,7 @@
 				    SHA256_BLOCK_LENGTH - usedspace);
 			}
 			/* Do second-to-last transform: */
-			SHA256_Transform(context->state, context->buffer);
+			SHA256Transform(context->state.st32, context->buffer);
 
 			/* Prepare for last transform: */
 			memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH);
@@ -532,47 +600,45 @@
 	}
 	/* Store the length of input data (in bits) in big endian format: */
 	BE_64_TO_8(&context->buffer[SHA256_SHORT_BLOCK_LENGTH],
-	    context->bitcount);
+	    context->bitcount[0]);
 
 	/* Final transform: */
-	SHA256_Transform(context->state, context->buffer);
+	SHA256Transform(context->state.st32, context->buffer);
 
 	/* Clean up: */
 	usedspace = 0;
 }
+DEF_WEAK(SHA256Pad);
 
 void
-SHA256_Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA256_CTX *context)
+SHA256Final(u_int8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *context)
 {
-	SHA256_Pad(context);
+	SHA256Pad(context);
 
-	/* If no digest buffer is passed, we don't bother doing this: */
-	if (digest != NULL) {
 #if BYTE_ORDER == LITTLE_ENDIAN
-		int	i;
+	int	i;
 
-		/* Convert TO host byte order */
-		for (i = 0; i < 8; i++)
-			BE_32_TO_8(digest + i * 4, context->state[i]);
+	/* Convert TO host byte order */
+	for (i = 0; i < 8; i++)
+		BE_32_TO_8(digest + i * 4, context->state.st32[i]);
 #else
-		memcpy(digest, context->state, SHA256_DIGEST_LENGTH);
+	memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH);
 #endif
-		memset(context, 0, sizeof(*context));
-	}
+	explicit_bzero(context, sizeof(*context));
 }
+DEF_WEAK(SHA256Final);
 
 
 /*** SHA-512: *********************************************************/
 void
-SHA512_Init(SHA512_CTX *context)
+SHA512Init(SHA2_CTX *context)
 {
-	if (context == NULL)
-		return;
-	memcpy(context->state, sha512_initial_hash_value,
+	memcpy(context->state.st64, sha512_initial_hash_value,
 	    sizeof(sha512_initial_hash_value));
 	memset(context->buffer, 0, sizeof(context->buffer));
 	context->bitcount[0] = context->bitcount[1] =  0;
 }
+DEF_WEAK(SHA512Init);
 
 #ifdef SHA2_UNROLL_TRANSFORM
 
@@ -601,7 +667,7 @@
 } while(0)
 
 void
-SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
+SHA512Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
 {
 	u_int64_t	a, b, c, d, e, f, g, h, s0, s1;
 	u_int64_t	T1, W512[16];
@@ -659,7 +725,7 @@
 #else /* SHA2_UNROLL_TRANSFORM */
 
 void
-SHA512_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
+SHA512Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
 {
 	u_int64_t	a, b, c, d, e, f, g, h, s0, s1;
 	u_int64_t	T1, T2, W512[16];
@@ -732,9 +798,10 @@
 }
 
 #endif /* SHA2_UNROLL_TRANSFORM */
+DEF_WEAK(SHA512Transform);
 
 void
-SHA512_Update(SHA512_CTX *context, const u_int8_t *data, size_t len)
+SHA512Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
 {
 	size_t	freespace, usedspace;
 
@@ -753,7 +820,7 @@
 			ADDINC128(context->bitcount, freespace << 3);
 			len -= freespace;
 			data += freespace;
-			SHA512_Transform(context->state, context->buffer);
+			SHA512Transform(context->state.st64, context->buffer);
 		} else {
 			/* The buffer is not yet full */
 			memcpy(&context->buffer[usedspace], data, len);
@@ -765,7 +832,7 @@
 	}
 	while (len >= SHA512_BLOCK_LENGTH) {
 		/* Process as many complete blocks as we can */
-		SHA512_Transform(context->state, data);
+		SHA512Transform(context->state.st64, data);
 		ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
 		len -= SHA512_BLOCK_LENGTH;
 		data += SHA512_BLOCK_LENGTH;
@@ -778,9 +845,10 @@
 	/* Clean up: */
 	usedspace = freespace = 0;
 }
+DEF_WEAK(SHA512Update);
 
 void
-SHA512_Pad(SHA512_CTX *context)
+SHA512Pad(SHA2_CTX *context)
 {
 	unsigned int	usedspace;
 
@@ -797,7 +865,7 @@
 				memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace);
 			}
 			/* Do second-to-last transform: */
-			SHA512_Transform(context->state, context->buffer);
+			SHA512Transform(context->state.st64, context->buffer);
 
 			/* And set-up for the last transform: */
 			memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2);
@@ -816,89 +884,127 @@
 	    context->bitcount[0]);
 
 	/* Final transform: */
-	SHA512_Transform(context->state, context->buffer);
+	SHA512Transform(context->state.st64, context->buffer);
 
 	/* Clean up: */
 	usedspace = 0;
 }
+DEF_WEAK(SHA512Pad);
 
 void
-SHA512_Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA512_CTX *context)
+SHA512Final(u_int8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *context)
 {
-	SHA512_Pad(context);
+	SHA512Pad(context);
 
-	/* If no digest buffer is passed, we don't bother doing this: */
-	if (digest != NULL) {
 #if BYTE_ORDER == LITTLE_ENDIAN
-		int	i;
+	int	i;
 
-		/* Convert TO host byte order */
-		for (i = 0; i < 8; i++)
-			BE_64_TO_8(digest + i * 8, context->state[i]);
+	/* Convert TO host byte order */
+	for (i = 0; i < 8; i++)
+		BE_64_TO_8(digest + i * 8, context->state.st64[i]);
 #else
-		memcpy(digest, context->state, SHA512_DIGEST_LENGTH);
+	memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH);
 #endif
-		memset(context, 0, sizeof(*context));
-	}
+	explicit_bzero(context, sizeof(*context));
 }
+DEF_WEAK(SHA512Final);
 
+#if !defined(SHA2_SMALL)
 
 /*** SHA-384: *********************************************************/
 void
-SHA384_Init(SHA384_CTX *context)
+SHA384Init(SHA2_CTX *context)
 {
-	if (context == NULL)
-		return;
-	memcpy(context->state, sha384_initial_hash_value,
+	memcpy(context->state.st64, sha384_initial_hash_value,
 	    sizeof(sha384_initial_hash_value));
 	memset(context->buffer, 0, sizeof(context->buffer));
 	context->bitcount[0] = context->bitcount[1] = 0;
 }
+DEF_WEAK(SHA384Init);
 
-#if 0
-__weak_alias(SHA384_Transform, SHA512_Transform);
-__weak_alias(SHA384_Update, SHA512_Update);
-__weak_alias(SHA384_Pad, SHA512_Pad);
-#endif
+MAKE_CLONE(SHA384Transform, SHA512Transform);
+MAKE_CLONE(SHA384Update, SHA512Update);
+MAKE_CLONE(SHA384Pad, SHA512Pad);
+DEF_WEAK(SHA384Transform);
+DEF_WEAK(SHA384Update);
+DEF_WEAK(SHA384Pad);
 
+/* Equivalent of MAKE_CLONE (which is a no-op) for SHA384 funcs */
 void
-SHA384_Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
+SHA384Transform(u_int64_t state[8], const u_int8_t data[SHA512_BLOCK_LENGTH])
 {
-	return SHA512_Transform(state, data);
+	SHA512Transform(state, data);
 }
 
 void
-SHA384_Update(SHA512_CTX *context, const u_int8_t *data, size_t len)
+SHA384Update(SHA2_CTX *context, const u_int8_t *data, size_t len)
 {
-	SHA512_Update(context, data, len);
+	SHA512Update(context, data, len);
 }
 
 void
-SHA384_Pad(SHA512_CTX *context)
+SHA384Pad(SHA2_CTX *context)
 {
-	SHA512_Pad(context);
+	SHA512Pad(context);
 }
 
 void
-SHA384_Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA384_CTX *context)
+SHA384Final(u_int8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *context)
 {
-	SHA384_Pad(context);
+	SHA384Pad(context);
 
-	/* If no digest buffer is passed, we don't bother doing this: */
-	if (digest != NULL) {
 #if BYTE_ORDER == LITTLE_ENDIAN
-		int	i;
+	int	i;
 
-		/* Convert TO host byte order */
-		for (i = 0; i < 6; i++)
-			BE_64_TO_8(digest + i * 8, context->state[i]);
+	/* Convert TO host byte order */
+	for (i = 0; i < 6; i++)
+		BE_64_TO_8(digest + i * 8, context->state.st64[i]);
 #else
-		memcpy(digest, context->state, SHA384_DIGEST_LENGTH);
+	memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH);
 #endif
-	}
+	/* Zero out state data */
+	explicit_bzero(context, sizeof(*context));
+}
+DEF_WEAK(SHA384Final);
 
+#if 0
+/*** SHA-512/256: *********************************************************/
+void
+SHA512_256Init(SHA2_CTX *context)
+{
+	memcpy(context->state.st64, sha512_256_initial_hash_value,
+	    sizeof(sha512_256_initial_hash_value));
+	memset(context->buffer, 0, sizeof(context->buffer));
+	context->bitcount[0] = context->bitcount[1] = 0;
+}
+DEF_WEAK(SHA512_256Init);
+
+MAKE_CLONE(SHA512_256Transform, SHA512Transform);
+MAKE_CLONE(SHA512_256Update, SHA512Update);
+MAKE_CLONE(SHA512_256Pad, SHA512Pad);
+DEF_WEAK(SHA512_256Transform);
+DEF_WEAK(SHA512_256Update);
+DEF_WEAK(SHA512_256Pad);
+
+void
+SHA512_256Final(u_int8_t digest[SHA512_256_DIGEST_LENGTH], SHA2_CTX *context)
+{
+	SHA512_256Pad(context);
+
+#if BYTE_ORDER == LITTLE_ENDIAN
+	int	i;
+
+	/* Convert TO host byte order */
+	for (i = 0; i < 4; i++)
+		BE_64_TO_8(digest + i * 8, context->state.st64[i]);
+#else
+	memcpy(digest, context->state.st64, SHA512_256_DIGEST_LENGTH);
+#endif
 	/* Zero out state data */
-	memset(context, 0, sizeof(*context));
+	explicit_bzero(context, sizeof(*context));
 }
+DEF_WEAK(SHA512_256Final);
+#endif /* !defined(SHA2_SMALL) */
+#endif /* 0 */
 
-#endif /* defined(_NEED_SHA2) && !defined(HAVE_SHA256_UPDATE) */
+#endif /* HAVE_SHA{256,384,512}UPDATE */
Index: openbsd-compat/sys-queue.h
===================================================================
--- openbsd-compat/sys-queue.h
+++ openbsd-compat/sys-queue.h
@@ -81,6 +81,7 @@
 #undef SIMPLEQ_EMPTY
 #undef SIMPLEQ_NEXT
 #undef SIMPLEQ_FOREACH
+#undef SIMPLEQ_FOREACH_SAFE
 #undef SIMPLEQ_INIT
 #undef SIMPLEQ_INSERT_HEAD
 #undef SIMPLEQ_INSERT_TAIL
Index: packet.h
===================================================================
--- packet.h
+++ packet.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.86 2018/07/09 21:20:26 markus Exp $ */
+/* $OpenBSD: packet.h,v 1.91 2019/09/06 05:23:55 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -176,7 +176,8 @@
 int     sshpkt_disconnect(struct ssh *, const char *fmt, ...)
 	    __attribute__((format(printf, 2, 3)));
 int	sshpkt_add_padding(struct ssh *, u_char);
-void	sshpkt_fatal(struct ssh *ssh, const char *tag, int r);
+void	sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...)
+	    __attribute__((format(printf, 3, 4)));
 int	sshpkt_msg_ignore(struct ssh *, u_int);
 
 int	sshpkt_put(struct ssh *ssh, const void *v, size_t len);
@@ -198,15 +199,12 @@
 int	sshpkt_get_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp);
 int	sshpkt_peek_string_direct(struct ssh *ssh, const u_char **valp, size_t *lenp);
 int	sshpkt_get_cstring(struct ssh *ssh, char **valp, size_t *lenp);
+int	sshpkt_getb_froms(struct ssh *ssh, struct sshbuf **valp);
 int	sshpkt_get_ec(struct ssh *ssh, EC_POINT *v, const EC_GROUP *g);
-int	sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v);
+int	sshpkt_get_bignum2(struct ssh *ssh, BIGNUM **valp);
 int	sshpkt_get_end(struct ssh *ssh);
 void	sshpkt_fmt_connection_id(struct ssh *ssh, char *s, size_t l);
 const u_char	*sshpkt_ptr(struct ssh *, size_t *lenp);
-
-/* OLD API */
-extern struct ssh *active_state;
-#include "opacket.h"
 
 #if !defined(WITH_OPENSSL)
 # undef BIGNUM
Index: packet.c
===================================================================
--- packet.c
+++ packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.277 2018/07/16 03:09:13 djm Exp $ */
+/* $OpenBSD: packet.c,v 1.286 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -58,6 +58,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <limits.h>
+#include <poll.h>
 #include <signal.h>
 #include <time.h>
 
@@ -76,7 +77,6 @@
 #include <zlib.h>
 
 #include "xmalloc.h"
-#include "crc32.h"
 #include "compat.h"
 #include "ssh2.h"
 #include "cipher.h"
@@ -228,6 +228,7 @@
 
 	if ((ssh = calloc(1, sizeof(*ssh))) == NULL ||
 	    (state = calloc(1, sizeof(*state))) == NULL ||
+	    (ssh->kex = kex_new()) == NULL ||
 	    (state->input = sshbuf_new()) == NULL ||
 	    (state->output = sshbuf_new()) == NULL ||
 	    (state->outgoing_packet = sshbuf_new()) == NULL ||
@@ -250,6 +251,10 @@
 	ssh->state = state;
 	return ssh;
  fail:
+	if (ssh) {
+		kex_free(ssh->kex);
+		free(ssh);
+	}
 	if (state) {
 		sshbuf_free(state->input);
 		sshbuf_free(state->output);
@@ -257,7 +262,6 @@
 		sshbuf_free(state->outgoing_packet);
 		free(state);
 	}
-	free(ssh);
 	return NULL;
 }
 
@@ -272,8 +276,7 @@
 int
 ssh_packet_is_rekeying(struct ssh *ssh)
 {
-	return ssh->state->rekeying ||
-	    (ssh->kex != NULL && ssh->kex->done == 0);
+	return ssh->state->rekeying || ssh->kex->done == 0;
 }
 
 /*
@@ -293,7 +296,7 @@
 	if (ssh == NULL)
 		ssh = ssh_alloc_session_state();
 	if (ssh == NULL) {
-		error("%s: cound not allocate state", __func__);
+		error("%s: could not allocate state", __func__);
 		return NULL;
 	}
 	state = ssh->state;
@@ -437,12 +440,12 @@
 	fromlen = sizeof(from);
 	memset(&from, 0, sizeof(from));
 	if (getpeername(state->connection_in, (struct sockaddr *)&from,
-	    &fromlen) < 0)
+	    &fromlen) == -1)
 		return 0;
 	tolen = sizeof(to);
 	memset(&to, 0, sizeof(to));
 	if (getpeername(state->connection_out, (struct sockaddr *)&to,
-	    &tolen) < 0)
+	    &tolen) == -1)
 		return 0;
 	if (fromlen != tolen || memcmp(&from, &to, fromlen) != 0)
 		return 0;
@@ -468,7 +471,7 @@
 
 	memset(&to, 0, sizeof(to));
 	if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to,
-	    &tolen) < 0)
+	    &tolen) == -1)
 		return 0;
 #ifdef IPV4_IN_IPV6
 	if (to.ss_family == AF_INET6 &&
@@ -837,6 +840,7 @@
 	u_int64_t *max_blocks;
 	const char *wmsg;
 	int r, crypt_type;
+	const char *dir = mode == MODE_OUT ? "out" : "in";
 
 	debug2("set_newkeys: mode %d", mode);
 
@@ -852,14 +856,12 @@
 		max_blocks = &state->max_blocks_in;
 	}
 	if (state->newkeys[mode] != NULL) {
-		debug("set_newkeys: rekeying, input %llu bytes %llu blocks, "
-		   "output %llu bytes %llu blocks",
+		debug("%s: rekeying %s, input %llu bytes %llu blocks, "
+		   "output %llu bytes %llu blocks", __func__, dir,
 		   (unsigned long long)state->p_read.bytes,
 		   (unsigned long long)state->p_read.blocks,
 		   (unsigned long long)state->p_send.bytes,
 		   (unsigned long long)state->p_send.blocks);
-		cipher_free(*ccp);
-		*ccp = NULL;
 		kex_free_newkeys(state->newkeys[mode]);
 		state->newkeys[mode] = NULL;
 	}
@@ -877,7 +879,9 @@
 			return r;
 	}
 	mac->enabled = 1;
-	DBG(debug("cipher_init_context: %d", mode));
+	DBG(debug("%s: cipher_init_context: %s", __func__, dir));
+	cipher_free(*ccp);
+	*ccp = NULL;
 	if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len,
 	    enc->iv, enc->iv_len, crypt_type)) != 0)
 		return r;
@@ -916,7 +920,8 @@
 	if (state->rekey_limit)
 		*max_blocks = MINIMUM(*max_blocks,
 		    state->rekey_limit / enc->block_size);
-	debug("rekey after %llu blocks", (unsigned long long)*max_blocks);
+	debug("rekey %s after %llu blocks", dir,
+	    (unsigned long long)*max_blocks);
 	return 0;
 }
 
@@ -932,7 +937,7 @@
 		return 0;
 
 	/* Haven't keyed yet or KEX in progress. */
-	if (ssh->kex == NULL || ssh_packet_is_rekeying(ssh))
+	if (ssh_packet_is_rekeying(ssh))
 		return 0;
 
 	/* Peer can't rekey */
@@ -1354,7 +1359,7 @@
 			r = SSH_ERR_CONN_CLOSED;
 			goto out;
 		}
-		if (len < 0) {
+		if (len == -1) {
 			r = SSH_ERR_SYSTEM_ERROR;
 			goto out;
 		}
@@ -1805,10 +1810,10 @@
 /*
  * Pretty-print connection-terminating errors and exit.
  */
-void
-sshpkt_fatal(struct ssh *ssh, const char *tag, int r)
+static void
+sshpkt_vfatal(struct ssh *ssh, int r, const char *fmt, va_list ap)
 {
-	char remote_id[512];
+	char *tag = NULL, remote_id[512];
 
 	sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
 
@@ -1842,6 +1847,11 @@
 		}
 		/* FALLTHROUGH */
 	default:
+		if (vasprintf(&tag, fmt, ap) == -1) {
+			ssh_packet_clear_keys(ssh);
+			logdie("%s: could not allocate failure message",
+			    __func__);
+		}
 		ssh_packet_clear_keys(ssh);
 		logdie("%s%sConnection %s %s: %s",
 		    tag != NULL ? tag : "", tag != NULL ? ": " : "",
@@ -1850,6 +1860,18 @@
 	}
 }
 
+void
+sshpkt_fatal(struct ssh *ssh, int r, const char *fmt, ...)
+{
+	va_list ap;
+
+	va_start(ap, fmt);
+	sshpkt_vfatal(ssh, r, fmt, ap);
+	/* NOTREACHED */
+	va_end(ap);
+	logdie("%s: should have exited", __func__);
+}
+
 /*
  * Logs the error plus constructs and sends a disconnect packet, closes the
  * connection, and exits.  This function never returns. The error message
@@ -1885,10 +1907,10 @@
 	 * for it to get sent.
 	 */
 	if ((r = sshpkt_disconnect(ssh, "%s", buf)) != 0)
-		sshpkt_fatal(ssh, __func__, r);
+		sshpkt_fatal(ssh, r, "%s", __func__);
 
 	if ((r = ssh_packet_write_wait(ssh)) != 0)
-		sshpkt_fatal(ssh, __func__, r);
+		sshpkt_fatal(ssh, r, "%s", __func__);
 
 	/* Close the connection. */
 	ssh_packet_close(ssh);
@@ -2014,7 +2036,7 @@
 	case AF_INET:
 		debug3("%s: set IP_TOS 0x%02x", __func__, tos);
 		if (setsockopt(ssh->state->connection_in,
-		    IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) < 0)
+		    IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1)
 			error("setsockopt IP_TOS %d: %.100s:",
 			    tos, strerror(errno));
 		break;
@@ -2023,7 +2045,7 @@
 	case AF_INET6:
 		debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos);
 		if (setsockopt(ssh->state->connection_in,
-		    IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) < 0)
+		    IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1)
 			error("setsockopt IPV6_TCLASS %d: %.100s:",
 			    tos, strerror(errno));
 		break;
@@ -2123,6 +2145,7 @@
 ssh_packet_set_server(struct ssh *ssh)
 {
 	ssh->state->server_side = 1;
+	ssh->kex->server = 1; /* XXX unify? */
 }
 
 void
@@ -2175,9 +2198,9 @@
 	    (r = sshbuf_put_u32(m, kex->kex_type)) != 0 ||
 	    (r = sshbuf_put_stringb(m, kex->my)) != 0 ||
 	    (r = sshbuf_put_stringb(m, kex->peer)) != 0 ||
-	    (r = sshbuf_put_u32(m, kex->flags)) != 0 ||
-	    (r = sshbuf_put_cstring(m, kex->client_version_string)) != 0 ||
-	    (r = sshbuf_put_cstring(m, kex->server_version_string)) != 0)
+	    (r = sshbuf_put_stringb(m, kex->client_version)) != 0 ||
+	    (r = sshbuf_put_stringb(m, kex->server_version)) != 0 ||
+	    (r = sshbuf_put_u32(m, kex->flags)) != 0)
 		return r;
 	return 0;
 }
@@ -2327,12 +2350,8 @@
 	struct kex *kex;
 	int r;
 
-	if ((kex = calloc(1, sizeof(struct kex))) == NULL ||
-	    (kex->my = sshbuf_new()) == NULL ||
-	    (kex->peer = sshbuf_new()) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
+	if ((kex = kex_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
 	if ((r = sshbuf_get_string(m, &kex->session_id, &kex->session_id_len)) != 0 ||
 	    (r = sshbuf_get_u32(m, &kex->we_need)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &kex->hostkey_alg, NULL)) != 0 ||
@@ -2341,23 +2360,20 @@
 	    (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 ||
 	    (r = sshbuf_get_stringb(m, kex->my)) != 0 ||
 	    (r = sshbuf_get_stringb(m, kex->peer)) != 0 ||
-	    (r = sshbuf_get_u32(m, &kex->flags)) != 0 ||
-	    (r = sshbuf_get_cstring(m, &kex->client_version_string, NULL)) != 0 ||
-	    (r = sshbuf_get_cstring(m, &kex->server_version_string, NULL)) != 0)
+	    (r = sshbuf_get_stringb(m, kex->client_version)) != 0 ||
+	    (r = sshbuf_get_stringb(m, kex->server_version)) != 0 ||
+	    (r = sshbuf_get_u32(m, &kex->flags)) != 0)
 		goto out;
 	kex->server = 1;
 	kex->done = 1;
 	r = 0;
  out:
 	if (r != 0 || kexp == NULL) {
-		if (kex != NULL) {
-			sshbuf_free(kex->my);
-			sshbuf_free(kex->peer);
-			free(kex);
-		}
+		kex_free(kex);
 		if (kexp != NULL)
 			*kexp = NULL;
 	} else {
+		kex_free(*kexp);
 		*kexp = kex;
 	}
 	return r;
@@ -2468,6 +2484,12 @@
 	return sshbuf_put_stringb(ssh->state->outgoing_packet, v);
 }
 
+int
+sshpkt_getb_froms(struct ssh *ssh, struct sshbuf **valp)
+{
+	return sshbuf_froms(ssh->state->incoming_packet, valp);
+}
+
 #ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 int
@@ -2544,11 +2566,10 @@
 }
 #endif /* OPENSSL_HAS_ECC */
 
-
 int
-sshpkt_get_bignum2(struct ssh *ssh, BIGNUM *v)
+sshpkt_get_bignum2(struct ssh *ssh, BIGNUM **valp)
 {
-	return sshbuf_get_bignum2(ssh->state->incoming_packet, v);
+	return sshbuf_get_bignum2(ssh->state->incoming_packet, valp);
 }
 #endif /* WITH_OPENSSL */
 
Index: platform.c
===================================================================
--- platform.c
+++ platform.c
@@ -17,6 +17,7 @@
 #include "includes.h"
 
 #include <stdarg.h>
+#include <stdio.h>
 #include <unistd.h>
 
 #include "log.h"
Index: progressmeter.h
===================================================================
--- progressmeter.h
+++ progressmeter.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.h,v 1.3 2015/01/14 13:54:13 djm Exp $ */
+/* $OpenBSD: progressmeter.h,v 1.5 2019/01/24 16:52:17 dtucker Exp $ */
 /*
  * Copyright (c) 2002 Nils Nordman.  All rights reserved.
  *
@@ -24,4 +24,5 @@
  */
 
 void	start_progress_meter(const char *, off_t, off_t *);
+void	refresh_progress_meter(int);
 void	stop_progress_meter(void);
Index: progressmeter.c
===================================================================
--- progressmeter.c
+++ progressmeter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: progressmeter.c,v 1.45 2016/06/30 05:17:05 dtucker Exp $ */
+/* $OpenBSD: progressmeter.c,v 1.48 2019/05/03 06:06:30 dtucker Exp $ */
 /*
  * Copyright (c) 2003 Nils Nordman.  All rights reserved.
  *
@@ -31,6 +31,7 @@
 
 #include <errno.h>
 #include <signal.h>
+#include <stdarg.h>
 #include <stdio.h>
 #include <string.h>
 #include <time.h>
@@ -39,6 +40,7 @@
 #include "progressmeter.h"
 #include "atomicio.h"
 #include "misc.h"
+#include "utf8.h"
 
 #define DEFAULT_WINSIZE 80
 #define MAX_WINSIZE 512
@@ -57,11 +59,8 @@
 static void sig_winch(int);
 static void setscreensize(void);
 
-/* updates the progressmeter to reflect the current state of the transfer */
-void refresh_progress_meter(void);
-
 /* signal handler for updating the progress meter */
-static void update_progress_meter(int);
+static void sig_alarm(int);
 
 static double start;		/* start progress */
 static double last_update;	/* last progress update */
@@ -74,6 +73,7 @@
 static int bytes_per_second;	/* current speed in bytes per second */
 static int win_size;		/* terminal window size */
 static volatile sig_atomic_t win_resized; /* for window resizing */
+static volatile sig_atomic_t alarm_fired;
 
 /* units for format_size */
 static const char unit[] = " KMGT";
@@ -117,7 +117,7 @@
 }
 
 void
-refresh_progress_meter(void)
+refresh_progress_meter(int force_update)
 {
 	char buf[MAX_WINSIZE + 1];
 	off_t transferred;
@@ -126,9 +126,17 @@
 	off_t bytes_left;
 	int cur_speed;
 	int hours, minutes, seconds;
-	int i, len;
 	int file_len;
 
+	if ((!force_update && !alarm_fired && !win_resized) || !can_output())
+		return;
+	alarm_fired = 0;
+
+	if (win_resized) {
+		setscreensize();
+		win_resized = 0;
+	}
+
 	transferred = *counter - (cur_pos ? cur_pos : start_pos);
 	cur_pos = *counter;
 	now = monotime_double();
@@ -158,16 +166,11 @@
 
 	/* filename */
 	buf[0] = '\0';
-	file_len = win_size - 35;
+	file_len = win_size - 36;
 	if (file_len > 0) {
-		len = snprintf(buf, file_len + 1, "\r%s", file);
-		if (len < 0)
-			len = 0;
-		if (len >= file_len + 1)
-			len = file_len;
-		for (i = len; i < file_len; i++)
-			buf[i] = ' ';
-		buf[file_len] = '\0';
+		buf[0] = '\r';
+		snmprintf(buf+1, sizeof(buf)-1, &file_len, "%-*s",
+		    file_len, file);
 	}
 
 	/* percent of transfer done */
@@ -228,22 +231,11 @@
 
 /*ARGSUSED*/
 static void
-update_progress_meter(int ignore)
+sig_alarm(int ignore)
 {
-	int save_errno;
-
-	save_errno = errno;
-
-	if (win_resized) {
-		setscreensize();
-		win_resized = 0;
-	}
-	if (can_output())
-		refresh_progress_meter();
-
-	signal(SIGALRM, update_progress_meter);
+	signal(SIGALRM, sig_alarm);
+	alarm_fired = 1;
 	alarm(UPDATE_INTERVAL);
-	errno = save_errno;
 }
 
 void
@@ -259,10 +251,9 @@
 	bytes_per_second = 0;
 
 	setscreensize();
-	if (can_output())
-		refresh_progress_meter();
+	refresh_progress_meter(1);
 
-	signal(SIGALRM, update_progress_meter);
+	signal(SIGALRM, sig_alarm);
 	signal(SIGWINCH, sig_winch);
 	alarm(UPDATE_INTERVAL);
 }
@@ -277,7 +268,7 @@
 
 	/* Ensure we complete the progress */
 	if (cur_pos != end_pos)
-		refresh_progress_meter();
+		refresh_progress_meter(1);
 
 	atomicio(vwrite, STDOUT_FILENO, "\n", 1);
 }
@@ -286,6 +277,7 @@
 static void
 sig_winch(int sig)
 {
+	signal(SIGWINCH, sig_winch);
 	win_resized = 1;
 }
 
Index: readconf.h
===================================================================
--- readconf.h
+++ readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.128 2018/09/20 03:30:44 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.129 2018/11/23 05:08:07 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -185,7 +185,7 @@
 
 #define SSHCONF_CHECKPERM	1  /* check permissions on config file */
 #define SSHCONF_USERCONF	2  /* user provided config file not system */
-#define SSHCONF_POSTCANON	4  /* After hostname canonicalisation */
+#define SSHCONF_FINAL		4  /* Final pass over config, after canon. */
 #define SSHCONF_NEVERMATCH	8  /* Match/Host never matches; internal only */
 
 #define SSH_UPDATE_HOSTKEYS_NO	0
@@ -203,7 +203,7 @@
 int	 process_config_line(Options *, struct passwd *, const char *,
     const char *, char *, const char *, int, int *, int);
 int	 read_config_file(const char *, struct passwd *, const char *,
-    const char *, Options *, int);
+    const char *, Options *, int, int *);
 int	 parse_forward(struct Forward *, const char *, int, int);
 int	 parse_jump(const char *, Options *, int);
 int	 parse_ssh_uri(const char *, char **, char **, int *);
Index: readconf.c
===================================================================
--- readconf.c
+++ readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.300 2018/10/05 14:26:09 naddy Exp $ */
+/* $OpenBSD: readconf.c,v 1.309 2019/09/06 14:45:34 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -86,7 +86,7 @@
      User foo
 
    Host fake.com
-     HostName another.host.name.real.org
+     Hostname another.host.name.real.org
      User blaah
      Port 34289
      ForwardX11 no
@@ -133,10 +133,11 @@
 
 static int read_config_file_depth(const char *filename, struct passwd *pw,
     const char *host, const char *original_host, Options *options,
-    int flags, int *activep, int depth);
+    int flags, int *activep, int *want_final_pass, int depth);
 static int process_config_line_depth(Options *options, struct passwd *pw,
     const char *host, const char *original_host, char *line,
-    const char *filename, int linenum, int *activep, int flags, int depth);
+    const char *filename, int linenum, int *activep, int flags,
+    int *want_final_pass, int depth);
 
 /* Keyword tokens. */
 
@@ -147,7 +148,7 @@
 	oGatewayPorts, oExitOnForwardFailure,
 	oPasswordAuthentication, oRSAAuthentication,
 	oChallengeResponseAuthentication, oXAuthLocation,
-	oIdentityFile, oHostName, oPort, oCipher, oRemoteForward, oLocalForward,
+	oIdentityFile, oHostname, oPort, oCipher, oRemoteForward, oLocalForward,
 	oCertificateFile, oAddKeysToAgent, oIdentityAgent,
 	oUser, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
 	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@@ -207,8 +208,8 @@
 	{ "gssapidelegatecredentials", oUnsupported },
 #endif
 #ifdef ENABLE_PKCS11
-	{ "smartcarddevice", oPKCS11Provider },
 	{ "pkcs11provider", oPKCS11Provider },
+	{ "smartcarddevice", oPKCS11Provider },
 # else
 	{ "smartcarddevice", oUnsupported },
 	{ "pkcs11provider", oUnsupported },
@@ -239,7 +240,7 @@
 	{ "certificatefile", oCertificateFile },
 	{ "addkeystoagent", oAddKeysToAgent },
 	{ "identityagent", oIdentityAgent },
-	{ "hostname", oHostName },
+	{ "hostname", oHostname },
 	{ "hostkeyalias", oHostKeyAlias },
 	{ "proxycommand", oProxyCommand },
 	{ "port", oPort },
@@ -485,6 +486,11 @@
 	if ((shell = getenv("SHELL")) == NULL)
 		shell = _PATH_BSHELL;
 
+	if (access(shell, X_OK) == -1) {
+		fatal("Shell \"%s\" is not executable: %s",
+		    shell, strerror(errno));
+	}
+
 	/* Need this to redirect subprocess stdin/out */
 	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
 		fatal("open(/dev/null): %s", strerror(errno));
@@ -517,7 +523,7 @@
 		_exit(1);
 	}
 	/* Parent. */
-	if (pid < 0)
+	if (pid == -1)
 		fatal("%s: fork: %.100s", __func__, strerror(errno));
 
 	close(devnull);
@@ -539,8 +545,8 @@
  */
 static int
 match_cfg_line(Options *options, char **condition, struct passwd *pw,
-    const char *host_arg, const char *original_host, int post_canon,
-    const char *filename, int linenum)
+    const char *host_arg, const char *original_host, int final_pass,
+    int *want_final_pass, const char *filename, int linenum)
 {
 	char *arg, *oattrib, *attrib, *cmd, *cp = *condition, *host, *criteria;
 	const char *ruser;
@@ -554,7 +560,7 @@
 	 */
 	port = options->port <= 0 ? default_ssh_port() : options->port;
 	ruser = options->user == NULL ? pw->pw_name : options->user;
-	if (post_canon) {
+	if (final_pass) {
 		host = xstrdup(options->hostname);
 	} else if (options->hostname != NULL) {
 		/* NB. Please keep in sync with ssh.c:main() */
@@ -586,8 +592,16 @@
 			goto out;
 		}
 		attributes++;
-		if (strcasecmp(attrib, "canonical") == 0) {
-			r = !!post_canon;  /* force bitmask member to boolean */
+		if (strcasecmp(attrib, "canonical") == 0 ||
+		    strcasecmp(attrib, "final") == 0) {
+			/*
+			 * If the config requests "Match final" then remember
+			 * this so we can perform a second pass later.
+			 */
+			if (strcasecmp(attrib, "final") == 0 &&
+			    want_final_pass != NULL)
+				*want_final_pass = 1;
+			r = !!final_pass;  /* force bitmask member to boolean */
 			if (r == (negate ? 1 : 0))
 				this_result = result = 0;
 			debug3("%.200s line %d: %smatched '%s'",
@@ -824,14 +838,14 @@
     int linenum, int *activep, int flags)
 {
 	return process_config_line_depth(options, pw, host, original_host,
-	    line, filename, linenum, activep, flags, 0);
+	    line, filename, linenum, activep, flags, NULL, 0);
 }
 
 #define WHITESPACE " \t\r\n"
 static int
 process_config_line_depth(Options *options, struct passwd *pw, const char *host,
     const char *original_host, char *line, const char *filename,
-    int linenum, int *activep, int flags, int depth)
+    int linenum, int *activep, int flags, int *want_final_pass, int depth)
 {
 	char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
 	char **cpptr, fwdarg[256];
@@ -1108,7 +1122,7 @@
 		max_entries = SSH_MAX_HOSTS_FILES;
 		goto parse_char_array;
 
-	case oHostName:
+	case oHostname:
 		charptr = &options->hostname;
 		goto parse_string;
 
@@ -1185,7 +1199,8 @@
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing argument.", filename, linenum);
-		if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
+		if (*arg != '-' &&
+		    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
 			fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
 		if (*activep && options->ciphers == NULL)
@@ -1196,8 +1211,9 @@
 		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing argument.", filename, linenum);
-		if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
-			fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
+		if (*arg != '-' &&
+		    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
+			fatal("%.200s line %d: Bad SSH2 MAC spec '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
 		if (*activep && options->macs == NULL)
 			options->macs = xstrdup(arg);
@@ -1209,7 +1225,8 @@
 			fatal("%.200s line %d: Missing argument.",
 			    filename, linenum);
 		if (*arg != '-' &&
-		    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
+		    !kex_names_valid(*arg == '+' || *arg == '^' ?
+		    arg + 1 : arg))
 			fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
 		if (*activep && options->kex_algorithms == NULL)
@@ -1224,7 +1241,8 @@
 			fatal("%.200s line %d: Missing argument.",
 			    filename, linenum);
 		if (*arg != '-' &&
-		    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
+		    !sshkey_names_valid2(*arg == '+' || *arg == '^' ?
+		    arg + 1 : arg, 1))
 			fatal("%s line %d: Bad key types '%s'.",
 				filename, linenum, arg ? arg : "<NONE>");
 		if (*activep && *charptr == NULL)
@@ -1339,7 +1357,8 @@
 			fatal("Host directive not supported as a command-line "
 			    "option");
 		value = match_cfg_line(options, &s, pw, host, original_host,
-		    flags & SSHCONF_POSTCANON, filename, linenum);
+		    flags & SSHCONF_FINAL, want_final_pass,
+		    filename, linenum);
 		if (value < 0)
 			fatal("%.200s line %d: Bad Match condition", filename,
 			    linenum);
@@ -1521,7 +1540,7 @@
 			if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0)
 				fatal("%.200s line %d: bad include path %s.",
 				    filename, linenum, arg);
-			if (*arg != '/' && *arg != '~') {
+			if (!path_absolute(arg) && *arg != '~') {
 				xasprintf(&arg2, "%s/%s",
 				    (flags & SSHCONF_USERCONF) ?
 				    "~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
@@ -1548,7 +1567,7 @@
 				    pw, host, original_host, options,
 				    flags | SSHCONF_CHECKPERM |
 				    (oactive ? 0 : SSHCONF_NEVERMATCH),
-				    activep, depth + 1);
+				    activep, want_final_pass, depth + 1);
 				if (r != 1 && errno != ENOENT) {
 					fatal("Can't open user config file "
 					    "%.100s: %.100s", gl.gl_pathv[i],
@@ -1751,19 +1770,20 @@
  */
 int
 read_config_file(const char *filename, struct passwd *pw, const char *host,
-    const char *original_host, Options *options, int flags)
+    const char *original_host, Options *options, int flags,
+    int *want_final_pass)
 {
 	int active = 1;
 
 	return read_config_file_depth(filename, pw, host, original_host,
-	    options, flags, &active, 0);
+	    options, flags, &active, want_final_pass, 0);
 }
 
 #define READCONF_MAX_DEPTH	16
 static int
 read_config_file_depth(const char *filename, struct passwd *pw,
     const char *host, const char *original_host, Options *options,
-    int flags, int *activep, int depth)
+    int flags, int *activep, int *want_final_pass, int depth)
 {
 	FILE *f;
 	char *line = NULL;
@@ -1798,7 +1818,8 @@
 		/* Update line number counter. */
 		linenum++;
 		if (process_config_line_depth(options, pw, host, original_host,
-		    line, filename, linenum, activep, flags, depth) != 0)
+		    line, filename, linenum, activep, flags, want_final_pass,
+		    depth) != 0)
 			bad_options++;
 	}
 	free(line);
@@ -2110,9 +2131,9 @@
 		    defaults, all)) != 0) \
 			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
 	} while (0)
-	ASSEMBLE(ciphers, KEX_SERVER_ENCRYPT, all_cipher);
-	ASSEMBLE(macs, KEX_SERVER_MAC, all_mac);
-	ASSEMBLE(kex_algorithms, KEX_SERVER_KEX, all_kex);
+	ASSEMBLE(ciphers, KEX_CLIENT_ENCRYPT, all_cipher);
+	ASSEMBLE(macs, KEX_CLIENT_MAC, all_mac);
+	ASSEMBLE(kex_algorithms, KEX_CLIENT_KEX, all_kex);
 	ASSEMBLE(hostbased_key_types, KEX_DEFAULT_PK_ALG, all_key);
 	ASSEMBLE(pubkey_key_types, KEX_DEFAULT_PK_ALG, all_key);
 	ASSEMBLE(ca_sign_algorithms, SSH_ALLOWED_CA_SIGALGS, all_sig);
@@ -2135,6 +2156,7 @@
 	CLEAR_ON_NONE(options->proxy_command);
 	CLEAR_ON_NONE(options->control_path);
 	CLEAR_ON_NONE(options->revoked_host_keys);
+	CLEAR_ON_NONE(options->pkcs11_provider);
 	if (options->jump_host != NULL &&
 	    strcmp(options->jump_host, "none") == 0 &&
 	    options->jump_port == 0 && options->jump_user == NULL) {
@@ -2580,7 +2602,7 @@
 
 	/* Most interesting options first: user, host, port */
 	dump_cfg_string(oUser, o->user);
-	dump_cfg_string(oHostName, host);
+	dump_cfg_string(oHostname, host);
 	dump_cfg_int(oPort, o->port);
 
 	/* Flag options */
Index: readpass.c
===================================================================
--- readpass.c
+++ readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.52 2018/07/18 11:34:04 dtucker Exp $ */
+/* $OpenBSD: readpass.c,v 1.54 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -61,19 +61,19 @@
 		error("ssh_askpass: fflush: %s", strerror(errno));
 	if (askpass == NULL)
 		fatal("internal error: askpass undefined");
-	if (pipe(p) < 0) {
+	if (pipe(p) == -1) {
 		error("ssh_askpass: pipe: %s", strerror(errno));
 		return NULL;
 	}
 	osigchld = signal(SIGCHLD, SIG_DFL);
-	if ((pid = fork()) < 0) {
+	if ((pid = fork()) == -1) {
 		error("ssh_askpass: fork: %s", strerror(errno));
 		signal(SIGCHLD, osigchld);
 		return NULL;
 	}
 	if (pid == 0) {
 		close(p[0]);
-		if (dup2(p[1], STDOUT_FILENO) < 0)
+		if (dup2(p[1], STDOUT_FILENO) == -1)
 			fatal("ssh_askpass: dup2: %s", strerror(errno));
 		execlp(askpass, askpass, msg, (char *)NULL);
 		fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno));
@@ -93,7 +93,7 @@
 	buf[len] = '\0';
 
 	close(p[0]);
-	while ((ret = waitpid(pid, &status, 0)) < 0)
+	while ((ret = waitpid(pid, &status, 0)) == -1)
 		if (errno != EINTR)
 			break;
 	signal(SIGCHLD, osigchld);
@@ -117,7 +117,7 @@
 char *
 read_passphrase(const char *prompt, int flags)
 {
-	char *askpass = NULL, *ret, buf[1024];
+	char cr = '\r', *askpass = NULL, *ret, buf[1024];
 	int rppflags, use_askpass = 0, ttyfd;
 
 	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
@@ -131,9 +131,16 @@
 	} else {
 		rppflags |= RPP_REQUIRE_TTY;
 		ttyfd = open(_PATH_TTY, O_RDWR);
-		if (ttyfd >= 0)
+		if (ttyfd >= 0) {
+			/*
+			 * If we're on a tty, ensure that show the prompt at
+			 * the beginning of the line. This will hopefully
+			 * clobber any password characters the user has
+			 * optimistically typed before echo is disabled.
+			 */
+			(void)write(ttyfd, &cr, 1);
 			close(ttyfd);
-		else {
+		} else {
 			debug("read_passphrase: can't open %s: %s", _PATH_TTY,
 			    strerror(errno));
 			use_askpass = 1;
Index: regress/Makefile
===================================================================
--- regress/Makefile
+++ regress/Makefile
@@ -1,8 +1,12 @@
-#	$OpenBSD: Makefile,v 1.97 2018/06/07 04:46:34 djm Exp $
+#	$OpenBSD: Makefile,v 1.104 2019/09/03 08:37:45 djm Exp $
 
-REGRESS_TARGETS=	unit t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12 t-exec
-tests:		prep $(REGRESS_TARGETS)
+tests:		prep file-tests t-exec unit
 
+REGRESS_TARGETS=	t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t11 t12
+
+# File based tests
+file-tests: $(REGRESS_TARGETS)
+
 # Interop tests are not run by default
 interop interop-tests: t-exec-interop
 
@@ -11,7 +15,6 @@
 
 clean:
 	for F in $(CLEANFILES); do rm -f $(OBJ)$$F; done
-	test -z "${SUDO}" || ${SUDO} rm -f ${SUDO_CLEAN}
 	rm -rf $(OBJ).putty
 
 distclean:	clean
@@ -27,6 +30,7 @@
 		transfer \
 		banner \
 		rekey \
+		dhgex \
 		stderr-data \
 		stderr-after-eof \
 		broken-pipe \
@@ -84,15 +88,16 @@
 		cert-file \
 		cfginclude \
 		allow-deny-users \
-		authinfo
+		authinfo \
+		sshsig
 
 
-#		dhgex \
 
 INTEROP_TESTS=	putty-transfer putty-ciphers putty-kex conch-ciphers
 #INTEROP_TESTS+=ssh-com ssh-com-client ssh-com-keygen ssh-com-sftp
 
-#LTESTS= 	cipher-speed
+EXTRA_TESTS=	agent-pkcs11
+#EXTRA_TESTS+= 	cipher-speed
 
 USERNAME=		${LOGNAME}
 CLEANFILES=	*.core actual agent-key.* authorized_keys_${USERNAME} \
@@ -102,18 +107,19 @@
 		copy.1 copy.2 data ed25519-agent ed25519-agent* \
 		ed25519-agent.pub ed25519 ed25519.pub empty.in \
 		expect failed-regress.log failed-ssh.log failed-sshd.log \
-		hkr.* host.ed25519 host.rsa host.rsa1 host_* \
-		host_ca_key* host_krl_* host_revoked_* key.* \
+		hkr.* host.ecdsa-sha2-nistp256 host.ecdsa-sha2-nistp384 \
+		host.ecdsa-sha2-nistp521 host.ssh-dss host.ssh-ed25519 \
+		host.ssh-rsa host_ca_key* host_krl_* host_revoked_* key.* \
 		key.dsa-* key.ecdsa-* key.ed25519-512 \
 		key.ed25519-512.pub key.rsa-* keys-command-args kh.* \
 		known_hosts known_hosts-cert known_hosts.* krl-* ls.copy \
 		modpipe netcat no_identity_config \
-		pidfile putty.rsa2 ready regress.log \
-		remote_pid revoked-* rsa rsa-agent rsa-agent.pub rsa.pub \
-		rsa1 rsa1-agent rsa1-agent.pub rsa1.pub rsa_ssh2_cr.prv \
+		pidfile putty.rsa2 ready regress.log remote_pid \
+		revoked-* rsa rsa-agent rsa-agent.pub rsa.pub rsa_ssh2_cr.prv \
 		rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
 		scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
 		sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
+		ssh-rsa_oldfmt \
 		ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
 		ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
 		sshd_config.orig sshd_proxy sshd_proxy.* sshd_proxy_bak \
@@ -122,8 +128,6 @@
 		t8.out t8.out.pub t9.out t9.out.pub testdata \
 		user_*key* user_ca* user_key*
 
-SUDO_CLEAN+=	/var/run/testdata_${USERNAME} /var/run/keycommand_${USERNAME}
-
 # Enable all malloc(3) randomisations and checks
 TEST_ENV=      "MALLOC_OPTIONS=CFGJRSUX"
 
@@ -206,11 +210,26 @@
 t-exec:	${LTESTS:=.sh}
 	@if [ "x$?" = "x" ]; then exit 0; fi; \
 	for TEST in ""$?; do \
+		skip=no; \
+		for t in ""$${SKIP_LTESTS}; do \
+			if [ "x$${t}.sh" = "x$${TEST}" ]; then skip=yes; fi; \
+		done; \
+		if [ "x$${skip}" = "xno" ]; then \
+			echo "run test $${TEST}" ... 1>&2; \
+			(env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
+		else \
+			echo skip test $${TEST} 1>&2; \
+		fi; \
+	done
+
+t-exec-interop:	${INTEROP_TESTS:=.sh}
+	@if [ "x$?" = "x" ]; then exit 0; fi; \
+	for TEST in ""$?; do \
 		echo "run test $${TEST}" ... 1>&2; \
 		(env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \
 	done
 
-t-exec-interop:	${INTEROP_TESTS:=.sh}
+t-extra:	${EXTRA_TESTS:=.sh}
 	@if [ "x$?" = "x" ]; then exit 0; fi; \
 	for TEST in ""$?; do \
 		echo "run test $${TEST}" ... 1>&2; \
Index: regress/README.regress
===================================================================
--- regress/README.regress
+++ regress/README.regress
@@ -25,6 +25,7 @@
 	(notably systems using PAM) require sudo to execute some tests.
 LTESTS: Whitespace separated list of tests (filenames without the .sh
 	extension) to run.
+SKIP_LTESTS: Whitespace separated list of tests to skip.
 OBJ: used by test scripts to access build dir.
 TEST_SHELL: shell used for running the test scripts.
 TEST_SSH_FAIL_FATAL: set to "yes" to make any failure abort the test
@@ -63,28 +64,79 @@
 and keys and runs the specified test.
 
 At the time of writing, the individual tests are:
-agent-timeout.sh:	agent timeout test
-agent.sh:		simple agent test
-broken-pipe.sh:		broken pipe test
-connect-privsep.sh:	proxy connect with privsep
 connect.sh:		simple connect
+proxy-connect.sh:	proxy connect
+connect-privsep.sh:	proxy connect with privsep
+connect-uri.sh:		uri connect
+proto-version.sh:	sshd version with different protocol combinations
+proto-mismatch.sh:	protocol version mismatch
 exit-status.sh:		remote exit status
-forwarding.sh:		local and remote forwarding
-keygen-change.sh:	change passphrase for key
+envpass.sh:		environment passing
+transfer.sh:		transfer data
+banner.sh:		banner
+rekey.sh:		rekey
+stderr-data.sh:		stderr data transfer
+stderr-after-eof.sh:	stderr data after eof
+broken-pipe.sh:		broken pipe test
+try-ciphers.sh:		try ciphers
+yes-head.sh:		yes pipe head
+login-timeout.sh:	connect after login grace timeout
+agent.sh:		simple connect via agent
+agent-getpeereid.sh:	disallow agent attach from other uid
+agent-timeout.sh:	agent timeout test
+agent-ptrace.sh:	disallow agent ptrace attach
 keyscan.sh:		keyscan
-proto-mismatch.sh:	protocol version mismatch
-proto-version.sh:	sshd version with different protocol combinations
-proxy-connect.sh:	proxy connect
+keygen-change.sh:	change passphrase for key
+keygen-convert.sh:	convert keys
+keygen-moduli.sh:	keygen moduli
+key-options.sh:		key options
+scp.sh:			scp
+scp-uri.sh:		scp-uri
 sftp.sh:		basic sftp put/get
+sftp-chroot.sh:		sftp in chroot
+sftp-cmds.sh:		sftp command
+sftp-badcmds.sh:	sftp invalid commands
+sftp-batch.sh:		sftp batchfile
+sftp-glob.sh:		sftp glob
+sftp-perm.sh:		sftp permissions
+sftp-uri.sh:		sftp-uri
 ssh-com-client.sh:	connect with ssh.com client
 ssh-com-keygen.sh:	ssh.com key import
 ssh-com-sftp.sh:	basic sftp put/get with ssh.com server
 ssh-com.sh:		connect to ssh.com server
-stderr-after-eof.sh:	stderr data after eof
-stderr-data.sh:		stderr data transfer
-transfer.sh:		transfer data
-try-ciphers.sh:		try ciphers
-yes-head.sh:		yes pipe head
+reconfigure.sh:		simple connect after reconfigure
+dynamic-forward.sh:	dynamic forwarding
+forwarding.sh:		local and remote forwarding
+multiplex.sh:		connection multiplexing
+reexec.sh:		reexec tests
+brokenkeys.sh:		broken keys
+sshcfgparse.sh:		ssh config parse
+cfgparse.sh:		sshd config parse
+cfgmatch.sh:		sshd_config match
+cfgmatchlisten.sh:	sshd_config matchlisten
+addrmatch.sh:		address match
+localcommand.sh:	localcommand
+forcecommand.sh:	forced command
+portnum.sh:		port number parsing
+keytype.sh:		login with different key types
+kextype.sh:		login with different key exchange algorithms
+cert-hostkey.sh		certified host keys
+cert-userkey.sh:	certified user keys
+host-expand.sh:		expand %h and %n
+keys-command.sh:	authorized keys from command
+forward-control.sh:	sshd control of local and remote forwarding
+integrity.sh:		integrity
+krl.sh:			key revocation lists
+multipubkey.sh:		multiple pubkey
+limit-keytype.sh:	restrict pubkey type
+hostkey-agent.sh:	hostkey agent
+keygen-knownhosts.sh:	ssh-keygen known_hosts
+hostkey-rotate.sh:	hostkey rotate
+principals-command.sh:	authorized principals command
+cert-file.sh:		ssh with certificates
+cfginclude.sh:		config include
+allow-deny-users.sh:	AllowUsers/DenyUsers
+authinfo.sh:		authinfo
 
 
 Problems?
Index: regress/agent-pkcs11.sh
===================================================================
--- regress/agent-pkcs11.sh
+++ regress/agent-pkcs11.sh
@@ -1,16 +1,53 @@
-#	$OpenBSD: agent-pkcs11.sh,v 1.3 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: agent-pkcs11.sh,v 1.6 2019/01/21 09:13:41 djm Exp $
 #	Placed in the Public Domain.
 
 tid="pkcs11 agent test"
 
-TEST_SSH_PIN=""
-TEST_SSH_PKCS11=/usr/local/lib/soft-pkcs11.so.0.0
+try_token_libs() {
+	for _lib in "$@" ; do
+		if test -f "$_lib" ; then
+			verbose "Using token library $_lib"
+			TEST_SSH_PKCS11="$_lib"
+			return
+		fi
+	done
+	echo "skipped: Unable to find PKCS#11 token library"
+	exit 0
+}
 
+try_token_libs \
+	/usr/local/lib/softhsm/libsofthsm2.so \
+	/usr/lib64/pkcs11/libsofthsm2.so \
+	/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
+
+TEST_SSH_PIN=1234
+TEST_SSH_SOPIN=12345678
+if [ "x$TEST_SSH_SSHPKCS11HELPER" != "x" ]; then
+	SSH_PKCS11_HELPER="${TEST_SSH_SSHPKCS11HELPER}"
+	export SSH_PKCS11_HELPER
+fi
+
 test -f "$TEST_SSH_PKCS11" || fatal "$TEST_SSH_PKCS11 does not exist"
 
-# setup environment for soft-pkcs11 token
-SOFTPKCS11RC=$OBJ/pkcs11.info
-export SOFTPKCS11RC
+# setup environment for softhsm2 token
+DIR=$OBJ/SOFTHSM
+rm -rf $DIR
+TOKEN=$DIR/tokendir
+mkdir -p $TOKEN
+SOFTHSM2_CONF=$DIR/softhsm2.conf
+export SOFTHSM2_CONF
+cat > $SOFTHSM2_CONF << EOF
+# SoftHSM v2 configuration file
+directories.tokendir = ${TOKEN}
+objectstore.backend = file
+# ERROR, WARNING, INFO, DEBUG
+log.level = DEBUG
+# If CKF_REMOVABLE_DEVICE flag should be set
+slots.removable = false
+EOF
+out=$(softhsm2-util --init-token --free --label token-slot-0 --pin "$TEST_SSH_PIN" --so-pin "$TEST_SSH_SOPIN")
+slot=$(echo -- $out | sed 's/.* //')
+
 # prevent ssh-agent from calling ssh-askpass
 SSH_ASKPASS=/usr/bin/true
 export SSH_ASKPASS
@@ -22,22 +59,27 @@
 	    if (fork) { wait; exit($? >> 8); } else { exec(@ARGV) }' "$@"
 }
 
+trace "generating keys"
+RSA=${DIR}/RSA
+EC=${DIR}/EC
+openssl genpkey -algorithm rsa > $RSA
+openssl pkcs8 -nocrypt -in $RSA |\
+    softhsm2-util --slot "$slot" --label 01 --id 01 --pin "$TEST_SSH_PIN" --import /dev/stdin
+openssl genpkey \
+    -genparam \
+    -algorithm ec \
+    -pkeyopt ec_paramgen_curve:prime256v1 |\
+    openssl genpkey \
+    -paramfile /dev/stdin > $EC
+openssl pkcs8 -nocrypt -in $EC |\
+    softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin
+
 trace "start agent"
 eval `${SSHAGENT} -s` > /dev/null
 r=$?
 if [ $r -ne 0 ]; then
 	fail "could not start ssh-agent: exit code $r"
 else
-	trace "generating key/cert"
-	rm -f $OBJ/pkcs11.key $OBJ/pkcs11.crt
-	openssl genrsa -out $OBJ/pkcs11.key 2048 > /dev/null 2>&1
-	chmod 600 $OBJ/pkcs11.key 
-	openssl req -key $OBJ/pkcs11.key -new -x509 \
-	    -out $OBJ/pkcs11.crt -text -subj '/CN=pkcs11 test' > /dev/null
-	printf "a\ta\t$OBJ/pkcs11.crt\t$OBJ/pkcs11.key" > $SOFTPKCS11RC
-	# add to authorized keys
-	${SSHKEYGEN} -y -f $OBJ/pkcs11.key > $OBJ/authorized_keys_$USER
-
 	trace "add pkcs11 key to agent"
 	echo ${TEST_SSH_PIN} | notty ${SSHADD} -s ${TEST_SSH_PKCS11} > /dev/null 2>&1
 	r=$?
@@ -52,12 +94,23 @@
 		fail "ssh-add -l failed: exit code $r"
 	fi
 
-	trace "pkcs11 connect via agent"
-	${SSH} -F $OBJ/ssh_proxy somehost exit 5
-	r=$?
-	if [ $r -ne 5 ]; then
-		fail "ssh connect failed (exit code $r)"
-	fi
+	for k in $RSA $EC; do
+		trace "testing $k"
+		chmod 600 $k
+		ssh-keygen -y -f $k > $k.pub
+		pub=$(cat $k.pub)
+		${SSHADD} -L | grep -q "$pub" || fail "key $k missing in ssh-add -L"
+		${SSHADD} -T $k.pub || fail "ssh-add -T with $k failed"
+
+		# add to authorized keys
+		cat $k.pub > $OBJ/authorized_keys_$USER
+		trace "pkcs11 connect via agent ($k)"
+		${SSH} -F $OBJ/ssh_proxy somehost exit 5
+		r=$?
+		if [ $r -ne 5 ]; then
+			fail "ssh connect failed (exit code $r)"
+		fi
+	done
 
 	trace "remove pkcs11 keys"
 	echo ${TEST_SSH_PIN} | notty ${SSHADD} -e ${TEST_SSH_PKCS11} > /dev/null 2>&1
Index: regress/agent-timeout.sh
===================================================================
--- regress/agent-timeout.sh
+++ regress/agent-timeout.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent-timeout.sh,v 1.3 2015/03/03 22:35:19 markus Exp $
+#	$OpenBSD: agent-timeout.sh,v 1.5 2019/09/03 08:37:06 djm Exp $
 #	Placed in the Public Domain.
 
 tid="agent timeout test"
@@ -12,16 +12,18 @@
 	fail "could not start ssh-agent: exit code $r"
 else
 	trace "add keys with timeout"
+	keys=0
 	for t in ${SSH_KEYTYPES}; do
-		${SSHADD} -t ${SSHAGENT_TIMEOUT} $OBJ/$t > /dev/null 2>&1
+		${SSHADD} -kt ${SSHAGENT_TIMEOUT} $OBJ/$t > /dev/null 2>&1
 		if [ $? -ne 0 ]; then
 			fail "ssh-add did succeed exit code 0"
 		fi
+		keys=$((${keys} + 1))
 	done
 	n=`${SSHADD} -l 2> /dev/null | wc -l`
 	trace "agent has $n keys"
-	if [ $n -ne 2 ]; then
-		fail "ssh-add -l did not return 2 keys: $n"
+	if [ $n -ne $keys ]; then
+		fail "ssh-add -l did not return $keys keys: $n"
 	fi
 	trace "sleeping 2*${SSHAGENT_TIMEOUT} seconds"
 	sleep ${SSHAGENT_TIMEOUT}
Index: regress/agent.sh
===================================================================
--- regress/agent.sh
+++ regress/agent.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent.sh,v 1.13 2017/12/19 00:49:30 djm Exp $
+#	$OpenBSD: agent.sh,v 1.15 2019/07/23 07:39:43 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="simple agent test"
@@ -72,6 +72,10 @@
 
 for t in ${SSH_KEYTYPES}; do
 	trace "connect via agent using $t key"
+	if [ "$t" = "ssh-dss" ]; then
+		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
+		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
+	fi
 	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
 		somehost exit 52
 	r=$?
@@ -96,6 +100,7 @@
 (printf 'cert-authority,principals="estragon" '; cat $OBJ/user_ca_key.pub) \
 	> $OBJ/authorized_keys_$USER
 for t in ${SSH_KEYTYPES}; do
+    if [ "$t" != "ssh-dss" ]; then
 	trace "connect via agent using $t key"
 	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub \
 		-oCertificateFile=$OBJ/$t-agent-cert.pub \
@@ -104,6 +109,7 @@
 	if [ $r -ne 52 ]; then
 		fail "ssh connect with failed (exit code $r)"
 	fi
+    fi
 done
 
 trace "delete all agent keys"
Index: regress/cert-hostkey.sh
===================================================================
--- regress/cert-hostkey.sh
+++ regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-hostkey.sh,v 1.16 2018/07/03 11:43:49 djm Exp $
+#	$OpenBSD: cert-hostkey.sh,v 1.18 2019/07/25 08:28:15 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="certified host keys"
@@ -7,6 +7,7 @@
 rm -f $OBJ/cert_host_key* $OBJ/host_krl_*
 
 # Allow all hostkey/pubkey types, prefer certs for the client
+rsa=0
 types=""
 for i in `$SSH -Q key`; do
 	if [ -z "$types" ]; then
@@ -19,6 +20,7 @@
 		types="rsa-sha2-256-cert-v01@openssh.com,$i,$types"
 		types="rsa-sha2-512-cert-v01@openssh.com,$types";;
 	*rsa*)
+		rsa=1
 		types="$types,rsa-sha2-512,rsa-sha2-256,$i";;
 	# Prefer certificate to plain keys.
 	*cert*)	types="$i,$types";;
@@ -51,10 +53,12 @@
 }
 
 # Create a CA key and add it to known hosts. Ed25519 chosen for speed.
-# RSA for testing RSA/SHA2 signatures.
+# RSA for testing RSA/SHA2 signatures if supported.
+ktype2=ed25519
+[ "x$rsa" = "x1" ] && ktype2=rsa
 ${SSHKEYGEN} -q -N '' -t ed25519  -f $OBJ/host_ca_key ||\
 	fail "ssh-keygen of host_ca_key failed"
-${SSHKEYGEN} -q -N '' -t rsa  -f $OBJ/host_ca_key2 ||\
+${SSHKEYGEN} -q -N '' -t $ktype2  -f $OBJ/host_ca_key2 ||\
 	fail "ssh-keygen of host_ca_key failed"
 
 kh_ca host_ca_key.pub host_ca_key2.pub > $OBJ/known_hosts-cert.orig
@@ -127,7 +131,7 @@
 }
 
 # Basic connect and revocation tests.
-for privsep in yes no ; do
+for privsep in yes sandbox ; do
 	for ktype in $PLAIN_TYPES ; do
 		verbose "$tid: host ${ktype} cert connect privsep $privsep"
 		(
@@ -165,7 +169,7 @@
 	kh_revoke cert_host_key_${ktype}.pub >> $OBJ/known_hosts-cert.orig
 done
 cp $OBJ/known_hosts-cert.orig $OBJ/known_hosts-cert
-for privsep in yes no ; do
+for privsep in yes sandbox ; do
 	for ktype in $PLAIN_TYPES ; do
 		verbose "$tid: host ${ktype} revoked cert privsep $privsep"
 		(
@@ -214,7 +218,7 @@
 	result=$2
 	sign_opts=$3
 
-	for kt in rsa ed25519 ; do
+	for kt in $PLAIN_TYPES; do
 		case $ktype in
 		rsa-sha2-*)	tflag="-t $ktype"; ca="$OBJ/host_ca_key2" ;;
 		*)		tflag=""; ca="$OBJ/host_ca_key" ;;
Index: regress/cert-userkey.sh
===================================================================
--- regress/cert-userkey.sh
+++ regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-userkey.sh,v 1.19 2018/03/12 00:54:04 djm Exp $
+#	$OpenBSD: cert-userkey.sh,v 1.21 2019/07/25 08:28:15 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="certified user keys"
@@ -9,8 +9,10 @@
 
 PLAIN_TYPES=`$SSH -Q key-plain | sed 's/^ssh-dss/ssh-dsa/;s/^ssh-//'`
 EXTRA_TYPES=""
+rsa=""
 
 if echo "$PLAIN_TYPES" | grep '^rsa$' >/dev/null 2>&1 ; then
+	rsa=rsa
 	PLAIN_TYPES="$PLAIN_TYPES rsa-sha2-256 rsa-sha2-512"
 fi
 
@@ -20,11 +22,20 @@
 	# subshell because some seds will add a newline
 	*) n=$(echo $1 | sed 's/^dsa/ssh-dss/;s/^rsa/ssh-rsa/;s/^ed/ssh-ed/') ;;
 	esac
-	echo "$n*,ssh-rsa*,ssh-ed25519*"
+	if [ -z "$rsa" ]; then
+		echo "$n*,ssh-ed25519*"
+	else
+		echo "$n*,ssh-rsa*,ssh-ed25519*"
+	fi
 }
 
 # Create a CA key
-${SSHKEYGEN} -q -N '' -t rsa  -f $OBJ/user_ca_key ||\
+if [ ! -z "$rsa" ]; then
+	catype=rsa
+else
+	catype=ed25519
+fi
+${SSHKEYGEN} -q -N '' -t $catype  -f $OBJ/user_ca_key ||\
 	fail "ssh-keygen of user_ca_key failed"
 
 # Generate and sign user keys
@@ -47,7 +58,7 @@
 # Test explicitly-specified principals
 for ktype in $EXTRA_TYPES $PLAIN_TYPES ; do
 	t=$(kname $ktype)
-	for privsep in yes no ; do
+	for privsep in yes sandbox ; do
 		_prefix="${ktype} privsep $privsep"
 
 		# Setup for AuthorizedPrincipalsFile
@@ -283,7 +294,7 @@
 	fi
 
 	for auth in $auth_choice ; do
-		for ktype in rsa ed25519 ; do
+		for ktype in $rsa ed25519 ; do
 			cat $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
 			if test "x$auth" = "xauthorized_keys" ; then
 				# Add CA to authorized_keys
Index: regress/cfgmatch.sh
===================================================================
--- regress/cfgmatch.sh
+++ regress/cfgmatch.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cfgmatch.sh,v 1.11 2017/10/04 18:50:23 djm Exp $
+#	$OpenBSD: cfgmatch.sh,v 1.12 2019/04/18 18:57:16 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="sshd_config match"
@@ -51,10 +51,11 @@
 echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
 echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
 
+${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
+    fail "config w/match fails config test"
+
 start_sshd
 
-#set -x
-
 # Test Match + PermitOpen in sshd_config.  This should be permitted
 trace "match permitopen localhost"
 start_client -F $OBJ/ssh_config
@@ -113,3 +114,45 @@
 ${SSH} -q -p $fwdport -F $OBJ/ssh_config somehost true || \
     fail "nomatch override permitopen"
 stop_client
+
+# Test parsing of available Match criteria (with the exception of Group which
+# requires knowledge of actual group memberships user running the test).
+params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \
+    localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1"
+cp $OBJ/sshd_proxy_bak $OBJ/sshd_config
+echo 'Banner /nomatch' >>$OBJ/sshd_config
+for i in $params; do
+	config=`echo $i | cut -f1 -d:`
+	criteria=`echo $i | cut -f2 -d:`
+	value=`echo $i | cut -f3 -d:`
+	cat >>$OBJ/sshd_config <<EOD
+	    Match $config $value
+	      Banner /$value
+EOD
+done
+
+${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
+    fail "validate config for w/out spec"
+
+# Test matching each criteria.
+for i in $params; do
+	testcriteria=`echo $i | cut -f2 -d:`
+	expected=/`echo $i | cut -f3 -d:`
+	spec=""
+	for j in $params; do
+		config=`echo $j | cut -f1 -d:`
+		criteria=`echo $j | cut -f2 -d:`
+		value=`echo $j | cut -f3 -d:`
+		if [ "$criteria" = "$testcriteria" ]; then
+			spec="$criteria=$value,$spec"
+		else
+			spec="$criteria=1$value,$spec"
+		fi
+	done
+	trace "test spec $spec"
+	result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \
+	    awk '$1=="banner"{print $2}'`
+	if [ "$result" != "$expected" ]; then
+		fail "match $config expected $expected got $result"
+	fi
+done
Index: regress/conch-ciphers.sh
===================================================================
--- regress/conch-ciphers.sh
+++ regress/conch-ciphers.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: conch-ciphers.sh,v 1.3 2013/05/17 04:29:14 dtucker Exp $
+#	$OpenBSD: conch-ciphers.sh,v 1.4 2019/07/05 04:12:46 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="conch ciphers"
@@ -16,7 +16,7 @@
 	rm -f ${COPY}
 	# XXX the 2nd "cat" seems to be needed because of buggy FD handling
 	# in conch
-	${CONCH} --identity $OBJ/rsa --port $PORT --user $USER  -e none \
+	${CONCH} --identity $OBJ/ssh-rsa --port $PORT --user $USER -e none \
 	    --known-hosts $OBJ/known_hosts --notty --noagent --nox11 -n \
 	    127.0.0.1 "cat ${DATA}" 2>/dev/null | cat > ${COPY}
 	if [ $? -ne 0 ]; then
Index: regress/dhgex.sh
===================================================================
--- regress/dhgex.sh
+++ regress/dhgex.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: dhgex.sh,v 1.4 2017/05/08 01:52:49 djm Exp $
+#	$OpenBSD: dhgex.sh,v 1.6 2019/10/06 11:49:50 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="dhgex"
@@ -34,9 +34,11 @@
 		got=`egrep "SSH2_MSG_KEX_DH_GEX_REQUEST(.*) sent" ${LOG}`
 		fail "$tid unexpected GEX sizes, expected $groupsz, got $got"
 	fi
-	# check what we got (depends on contents of system moduli file)
-	gotbits="`awk '/bits set:/{print $4}' ${LOG} | head -1 | cut -f2 -d/`"
-	if [ "$gotbits" -lt "$bits" ]; then
+	# check what we got.
+	gotbits="`awk 'BEGIN{FS="/"}/bits set:/{print $2}' ${LOG} |
+	    head -1 | tr -d '\r\n'`"
+	trace "expected '$bits' got '$gotbits'"
+	if [ -z "$gotbits" ] || [ "$gotbits" -lt "$bits" ]; then
 		fatal "$tid expected $bits bit group, got $gotbits"
 	fi
 }
@@ -52,7 +54,7 @@
 	done
 }
 
-#check 2048 3des-cbc
+check 3072 3des-cbc  # 112 bits.
 check 3072 `${SSH} -Q cipher | grep 128`
 check 7680 `${SSH} -Q cipher | grep 192`
 check 8192 `${SSH} -Q cipher | grep 256`
Index: regress/forwarding.sh
===================================================================
--- regress/forwarding.sh
+++ regress/forwarding.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: forwarding.sh,v 1.20 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: forwarding.sh,v 1.23 2019/07/20 09:50:58 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="local and remote forwarding"
@@ -26,7 +26,7 @@
 
 trace "start forwarding, fork to background"
 rm -f $CTL
-${SSH} -S $CTL -M -F $OBJ/ssh_config -f $fwd somehost sleep 10
+${SSH} -S $CTL -N -M -F $OBJ/ssh_config -f $fwd somehost
 
 trace "transfer over forwarded channels and check result"
 ${SSH} -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
@@ -34,7 +34,7 @@
 test -s ${COPY}		|| fail "failed copy of ${DATA}"
 cmp ${DATA} ${COPY}	|| fail "corrupted copy of ${DATA}"
 
-${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
+${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
 
 for d in L R; do
 	trace "exit on -$d forward failure"
@@ -69,8 +69,8 @@
 
 trace "clear local forward"
 rm -f $CTL
-${SSH} -S $CTL -M -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
-    -oClearAllForwardings=yes somehost sleep 10
+${SSH} -S $CTL -N -M -f -F $OBJ/ssh_config -L ${base}01:127.0.0.1:$PORT \
+    -oClearAllForwardings=yes somehost
 if [ $? != 0 ]; then
 	fail "connection failed with cleared local forwarding"
 else
@@ -79,12 +79,12 @@
 	     >>$TEST_REGRESS_LOGFILE 2>&1 && \
 		fail "local forwarding not cleared"
 fi
-${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
+${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
 
 trace "clear remote forward"
 rm -f $CTL
-${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
-    -oClearAllForwardings=yes somehost sleep 10
+${SSH} -S $CTL -N -M -f -F $OBJ/ssh_config -R ${base}01:127.0.0.1:$PORT \
+    -oClearAllForwardings=yes somehost
 if [ $? != 0 ]; then
 	fail "connection failed with cleared remote forwarding"
 else
@@ -93,7 +93,7 @@
 	     >>$TEST_REGRESS_LOGFILE 2>&1 && \
 		fail "remote forwarding not cleared"
 fi
-${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
+${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
 
 trace "stdio forwarding"
 cmd="${SSH} -F $OBJ/ssh_config"
@@ -107,7 +107,7 @@
 
 trace "config file: start forwarding, fork to background"
 rm -f $CTL
-${SSH} -S $CTL -M -F $OBJ/ssh_config -f somehost sleep 10
+${SSH} -S $CTL -N -M -F $OBJ/ssh_config -f somehost
 
 trace "config file: transfer over forwarded channels and check result"
 ${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \
@@ -115,22 +115,22 @@
 test -s ${COPY}		|| fail "failed copy of ${DATA}"
 cmp ${DATA} ${COPY}	|| fail "corrupted copy of ${DATA}"
 
-${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
+${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
 
 trace "transfer over chained unix domain socket forwards and check result"
 rm -f $OBJ/unix-[123].fwd
 rm -f $CTL $CTL.[123]
-${SSH} -S $CTL -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost sleep 10
-${SSH} -S $CTL.1 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost sleep 10
-${SSH} -S $CTL.2 -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost sleep 10
-${SSH} -S $CTL.3 -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost sleep 10
+${SSH} -S $CTL -N -M -f -F $OBJ/ssh_config -R${base}01:[$OBJ/unix-1.fwd] somehost
+${SSH} -S $CTL.1 -N -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost
+${SSH} -S $CTL.2 -N -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost
+${SSH} -S $CTL.3 -N -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost
 ${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \
 	somehost cat ${DATA} > ${COPY}
 test -s ${COPY}			|| fail "failed copy ${DATA}"
 cmp ${DATA} ${COPY}		|| fail "corrupted copy of ${DATA}"
 
-${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost
-${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost
-${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost
-${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost
+${SSH} -F $OBJ/ssh_config -S $CTL -O exit somehost 2>/dev/null
+${SSH} -F $OBJ/ssh_config -S $CTL.1 -O exit somehost 2>/dev/null
+${SSH} -F $OBJ/ssh_config -S $CTL.2 -O exit somehost 2>/dev/null
+${SSH} -F $OBJ/ssh_config -S $CTL.3 -O exit somehost 2>/dev/null
 
Index: regress/hostkey-rotate.sh
===================================================================
--- regress/hostkey-rotate.sh
+++ regress/hostkey-rotate.sh
@@ -1,10 +1,10 @@
-#	$OpenBSD: hostkey-rotate.sh,v 1.5 2015/09/04 04:23:10 djm Exp $
+#	$OpenBSD: hostkey-rotate.sh,v 1.6 2019/08/30 05:08:28 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="hostkey rotate"
 
 # Need full names here since they are used in HostKeyAlgorithms
-HOSTKEY_TYPES="ecdsa-sha2-nistp256 ssh-ed25519 ssh-rsa ssh-dss"
+HOSTKEY_TYPES="`${SSH} -Q key-plain`"
 
 rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig
 
@@ -12,15 +12,23 @@
 echo "UpdateHostkeys=yes" >> $OBJ/ssh_proxy
 rm $OBJ/known_hosts
 
+# The "primary" key type is ed25519 since it's supported even when built
+# without OpenSSL.  The secondary is RSA if it's supported.
+primary="ssh-ed25519"
+secondary="$primary"
+
 trace "prepare hostkeys"
 nkeys=0
 all_algs=""
-for k in `${SSH} -Q key-plain` ; do
+for k in $HOSTKEY_TYPES; do
 	${SSHKEYGEN} -qt $k -f $OBJ/hkr.$k -N '' || fatal "ssh-keygen $k"
 	echo "Hostkey $OBJ/hkr.${k}" >> $OBJ/sshd_proxy.orig
 	nkeys=`expr $nkeys + 1`
 	test "x$all_algs" = "x" || all_algs="${all_algs},"
 	all_algs="${all_algs}$k"
+	case "$k" in
+		ssh-rsa)	secondary="ssh-rsa" ;;
+	esac
 done
 
 dossh() {
@@ -49,62 +57,68 @@
 # Connect to sshd with StrictHostkeyChecking=no
 verbose "learn hostkey with StrictHostKeyChecking=no"
 >$OBJ/known_hosts
-dossh -oHostKeyAlgorithms=ssh-ed25519 -oStrictHostKeyChecking=no
+dossh -oHostKeyAlgorithms=$primary -oStrictHostKeyChecking=no
 # Verify no additional keys learned
 expect_nkeys 1 "unstrict connect keys"
-check_key_present ssh-ed25519 || fail "unstrict didn't learn key"
+check_key_present $primary || fail "unstrict didn't learn key"
 
 # Connect to sshd as usual
 verbose "learn additional hostkeys"
 dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$all_algs
 # Check that other keys learned
 expect_nkeys $nkeys "learn hostkeys"
-check_key_present ssh-rsa || fail "didn't learn keys"
+for k in $HOSTKEY_TYPES; do
+	check_key_present $k || fail "didn't learn keytype $k"
+done
 
 # Check each key type
-for k in `${SSH} -Q key-plain` ; do
+for k in $HOSTKEY_TYPES; do
 	verbose "learn additional hostkeys, type=$k"
 	dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$k,$all_algs
 	expect_nkeys $nkeys "learn hostkeys $k"
-	check_key_present $k || fail "didn't learn $k"
+	check_key_present $k || fail "didn't learn $k correctly"
 done
 
 # Change one hostkey (non primary) and relearn
-verbose "learn changed non-primary hostkey"
-mv $OBJ/hkr.ssh-rsa.pub $OBJ/hkr.ssh-rsa.pub.old
-rm -f $OBJ/hkr.ssh-rsa
-${SSHKEYGEN} -qt ssh-rsa -f $OBJ/hkr.ssh-rsa -N '' || fatal "ssh-keygen $k"
-dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$all_algs
-# Check that the key was replaced
-expect_nkeys $nkeys "learn hostkeys"
-check_key_present ssh-rsa $OBJ/hkr.ssh-rsa.pub.old && fail "old key present"
-check_key_present ssh-rsa || fail "didn't learn changed key"
+if [ "$primary" != "$secondary" ]; then
+	verbose "learn changed non-primary hostkey type=${secondary}"
+	mv $OBJ/hkr.${secondary}.pub $OBJ/hkr.${secondary}.pub.old
+	rm -f $OBJ/hkr.${secondary}
+	${SSHKEYGEN} -qt ${secondary} -f $OBJ/hkr.${secondary} -N '' || \
+	    fatal "ssh-keygen $secondary"
+	dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=$all_algs
+	# Check that the key was replaced
+	expect_nkeys $nkeys "learn hostkeys"
+	check_key_present ${secondary} $OBJ/hkr.${secondary}.pub.old && \
+	    fail "old key present"
+	check_key_present ${secondary} || fail "didn't learn changed key"
+fi
 
 # Add new hostkey (primary type) to sshd and connect
 verbose "learn new primary hostkey"
-${SSHKEYGEN} -qt ssh-rsa -f $OBJ/hkr.ssh-rsa-new -N '' || fatal "ssh-keygen $k"
-( cat $OBJ/sshd_proxy.orig ; echo HostKey $OBJ/hkr.ssh-rsa-new ) \
+${SSHKEYGEN} -qt ${primary} -f $OBJ/hkr.${primary}-new -N '' || fatal "ssh-keygen ed25519"
+( cat $OBJ/sshd_proxy.orig ; echo HostKey $OBJ/hkr.${primary}-new ) \
     > $OBJ/sshd_proxy
 # Check new hostkey added
-dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=ssh-rsa,$all_algs
+dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=${primary},$all_algs
 expect_nkeys `expr $nkeys + 1` "learn hostkeys"
-check_key_present ssh-rsa || fail "current key missing"
-check_key_present ssh-rsa $OBJ/hkr.ssh-rsa-new.pub || fail "new key missing"
+check_key_present ${primary} || fail "current key missing"
+check_key_present ${primary} $OBJ/hkr.${primary}-new.pub || fail "new key missing"
 
 # Remove old hostkey (primary type) from sshd
 verbose "rotate primary hostkey"
 cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
-mv $OBJ/hkr.ssh-rsa.pub $OBJ/hkr.ssh-rsa.pub.old
-mv $OBJ/hkr.ssh-rsa-new.pub $OBJ/hkr.ssh-rsa.pub
-mv $OBJ/hkr.ssh-rsa-new $OBJ/hkr.ssh-rsa
+mv $OBJ/hkr.${primary}.pub $OBJ/hkr.${primary}.pub.old
+mv $OBJ/hkr.${primary}-new.pub $OBJ/hkr.${primary}.pub
+mv $OBJ/hkr.${primary}-new $OBJ/hkr.${primary}
 # Check old hostkey removed
-dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=ssh-rsa,$all_algs
+dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=${primary},$all_algs
 expect_nkeys $nkeys "learn hostkeys"
-check_key_present ssh-rsa $OBJ/hkr.ssh-rsa.pub.old && fail "old key present"
-check_key_present ssh-rsa || fail "didn't learn changed key"
+check_key_present ${primary} $OBJ/hkr.${primary}.pub.old && fail "old key present"
+check_key_present ${primary} || fail "didn't learn changed key"
 
 # Connect again, forcing rotated key
 verbose "check rotate primary hostkey"
-dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=ssh-rsa
+dossh -oStrictHostKeyChecking=yes -oHostKeyAlgorithms=${primary}
 expect_nkeys 1 "learn hostkeys"
-check_key_present ssh-rsa || fail "didn't learn changed key"
+check_key_present ${primary} || fail "didn't learn changed key"
Index: regress/integrity.sh
===================================================================
--- regress/integrity.sh
+++ regress/integrity.sh
@@ -14,8 +14,8 @@
 
 # avoid DH group exchange as the extra traffic makes it harder to get the
 # offset into the stream right.
-echo "KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1" \
-	>> $OBJ/ssh_proxy
+#echo "KexAlgorithms -diffie-hellman-group*" \
+#	>> $OBJ/ssh_proxy
 
 # sshd-command for proxy (see test-exec.sh)
 cmd="$SUDO sh ${SRC}/sshd-log-wrapper.sh ${TEST_SSHD_LOGFILE} ${SSHD} -i -f $OBJ/sshd_proxy"
Index: regress/keygen-convert.sh
===================================================================
--- regress/keygen-convert.sh
+++ regress/keygen-convert.sh
@@ -1,9 +1,17 @@
-#	$OpenBSD: keygen-convert.sh,v 1.1 2009/11/09 04:20:04 dtucker Exp $
+#	$OpenBSD: keygen-convert.sh,v 1.2 2019/07/23 07:55:29 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="convert keys"
 
-for t in rsa dsa; do
+types=""
+for i in ${SSH_KEYTYPES}; do
+	case "$i" in
+		ssh-dss)	types="$types dsa" ;;
+		ssh-rsa)	types="$types rsa" ;;
+	esac
+done
+
+for t in $types; do
 	# generate user key for agent
 	trace "generating $t key"
 	rm -f $OBJ/$t-key
Index: regress/keygen-moduli.sh
===================================================================
--- regress/keygen-moduli.sh
+++ regress/keygen-moduli.sh
@@ -1,18 +1,27 @@
-#	$OpenBSD: keygen-moduli.sh,v 1.2 2016/09/14 00:45:31 dtucker Exp $
+#	$OpenBSD: keygen-moduli.sh,v 1.3 2019/07/23 08:19:29 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="keygen moduli"
 
+dhgex=0
+for kex in `${SSH} -Q kex`; do
+	case $kex in
+		diffie-hellman-group*)	dhgex=1 ;;
+	esac
+done
+
 # Try "start at the beginning and stop after 1", "skip 1 then stop after 1"
 # and "skip 2 and run to the end with checkpointing".  Since our test data
 # file has 3 lines, these should always result in 1 line of output.
-for i in "-J1" "-j1 -J1" "-j2 -K $OBJ/moduli.ckpt"; do
+if [ "x$dhgex" = "x1" ]; then
+    for i in "-J1" "-j1 -J1" "-j2 -K $OBJ/moduli.ckpt"; do
 	trace "keygen $i"
 	rm -f $OBJ/moduli.out $OBJ/moduli.ckpt
 	${SSHKEYGEN} -T $OBJ/moduli.out -f ${SRC}/moduli.in $i 2>/dev/null || \
 	    fail "keygen screen failed $i"
 	lines=`wc -l <$OBJ/moduli.out`
 	test "$lines" -eq "1" || fail "expected 1 line, got $lines"
-done
+    done
+fi
 
 rm -f $OBJ/moduli.out $OBJ/moduli.ckpt
Index: regress/keys-command.sh
===================================================================
--- regress/keys-command.sh
+++ regress/keys-command.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: keys-command.sh,v 1.4 2016/09/26 21:34:38 bluhm Exp $
+#	$OpenBSD: keys-command.sh,v 1.6 2019/07/25 08:48:11 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="authorized keys from command"
@@ -14,12 +14,13 @@
 touch $OBJ/keys-command-args
 chmod a+rw $OBJ/keys-command-args
 
-expected_key_text=`awk '{ print $2 }' < $OBJ/rsa.pub`
-expected_key_fp=`$SSHKEYGEN -lf $OBJ/rsa.pub | awk '{ print $2 }'`
+expected_key_text=`awk '{ print $2 }' < $OBJ/ssh-ed25519.pub`
+expected_key_fp=`$SSHKEYGEN -lf $OBJ/ssh-ed25519.pub | awk '{ print $2 }'`
 
 # Establish a AuthorizedKeysCommand in /var/run where it will have
 # acceptable directory permissions.
-KEY_COMMAND="/var/run/keycommand_${LOGNAME}"
+KEY_COMMAND="/var/run/keycommand_${LOGNAME}.$$"
+trap "${SUDO} rm -f ${KEY_COMMAND}" 0
 cat << _EOF | $SUDO sh -c "rm -f '$KEY_COMMAND' ; cat > '$KEY_COMMAND'"
 #!/bin/sh
 echo args: "\$@" >> $OBJ/keys-command-args
@@ -78,5 +79,3 @@
 else
 	echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
 fi
-
-$SUDO rm -f $KEY_COMMAND
Index: regress/keyscan.sh
===================================================================
--- regress/keyscan.sh
+++ regress/keyscan.sh
@@ -1,14 +1,20 @@
-#	$OpenBSD: keyscan.sh,v 1.6 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: keyscan.sh,v 1.9 2019/01/28 03:50:39 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="keyscan"
 
-# remove DSA hostkey
-rm -f ${OBJ}/host.dsa
+KEYTYPES=`${SSH} -Q key-plain`
+for i in $KEYTYPES; do
+	if [ -z "$algs" ]; then
+		algs="$i"
+	else
+		algs="$algs,$i"
+	fi
+done
+echo "HostKeyAlgorithms $algs" >> $OBJ/sshd_config
 
 start_sshd
 
-KEYTYPES=`${SSH} -Q key-plain`
 for t in $KEYTYPES; do
 	trace "keyscan type $t"
 	${SSHKEYSCAN} -t $t -p $PORT 127.0.0.1 127.0.0.1 127.0.0.1 \
Index: regress/keytype.sh
===================================================================
--- regress/keytype.sh
+++ regress/keytype.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: keytype.sh,v 1.7 2018/03/12 00:54:04 djm Exp $
+#	$OpenBSD: keytype.sh,v 1.8 2019/07/23 13:49:14 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="login with different key types"
@@ -6,11 +6,13 @@
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
 cp $OBJ/ssh_proxy $OBJ/ssh_proxy_bak
 
-# Traditional and builtin key types.
-ktypes="dsa-1024 rsa-2048 rsa-3072 ed25519-512"
-# Types not present in all OpenSSL versions.
-for i in `$SSH -Q key`; do
+# Construct list of key types based on what the built binaries support.
+ktypes=""
+for i in ${SSH_KEYTYPES}; do
 	case "$i" in
+		ssh-dss)		ktypes="$ktypes dsa-1024" ;;
+		ssh-rsa)		ktypes="$ktypes rsa-2048 rsa-3072" ;;
+		ssh-ed25519)		ktypes="$ktypes ed25519-512" ;;
 		ecdsa-sha2-nistp256)	ktypes="$ktypes ecdsa-256" ;;
 		ecdsa-sha2-nistp384)	ktypes="$ktypes ecdsa-384" ;;
 		ecdsa-sha2-nistp521)	ktypes="$ktypes ecdsa-521" ;;
Index: regress/krl.sh
===================================================================
--- regress/krl.sh
+++ regress/krl.sh
@@ -1,13 +1,18 @@
-#	$OpenBSD: krl.sh,v 1.7 2018/09/12 01:23:48 djm Exp $
+#	$OpenBSD: krl.sh,v 1.8 2019/07/25 09:17:35 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="key revocation lists"
 
-# If we don't support ecdsa keys then this tell will be much slower.
-ECDSA=ecdsa
-if test "x$TEST_SSH_ECC" != "xyes"; then
-	ECDSA=rsa
-fi
+# Use ed25519 by default since it's fast and it's supported when building
+# w/out OpenSSL.  Populate ktype[2-4] with the other types if supported.
+ktype1=ed25519; ktype2=ed25519; ktype3=ed25519; ktype4=ed25519
+for t in `${SSH} -Q key-plain`; do
+	case "$t" in
+		ecdsa*)		ktype2=ecdsa ;;
+		ssh-rsa)	ktype3=rsa ;;
+		ssh-dss)	ktype4=dsa ;;
+	esac
+done
 
 # Do most testing with ssh-keygen; it uses the same verification code as sshd.
 
@@ -15,9 +20,9 @@
 rm -f $OBJ/revoked-* $OBJ/krl-*
 
 # Generate a CA key
-$SSHKEYGEN -t $ECDSA -f $OBJ/revoked-ca  -C "" -N "" > /dev/null ||
+$SSHKEYGEN -t $ktype1 -f $OBJ/revoked-ca  -C "" -N "" > /dev/null ||
 	fatal "$SSHKEYGEN CA failed"
-$SSHKEYGEN -t ed25519 -f $OBJ/revoked-ca2  -C "" -N "" > /dev/null ||
+$SSHKEYGEN -t $ktype2 -f $OBJ/revoked-ca2  -C "" -N "" > /dev/null ||
 	fatal "$SSHKEYGEN CA2 failed"
 
 # A specification that revokes some certificates by serial numbers
@@ -55,11 +60,13 @@
 keygen() {
 	N=$1
 	f=$OBJ/revoked-`printf "%04d" $N`
-	# Vary the keytype. We use mostly ECDSA since this is fastest by far.
-	keytype=$ECDSA
+	# Vary the keytype. We use mostly ed25519 since this is fast and well
+	# supported.
+	keytype=$ktype1
 	case $N in
-	2 | 10 | 510 | 1001)	keytype=rsa;;
-	4 | 30 | 520 | 1002)	keytype=ed25519;;
+	2 | 10 | 510 | 1001)	keytype=$ktype2 ;;
+	4 | 30 | 520 | 1002)	keytype=$ktype3 ;;
+	8 | 50 | 530 | 1003)	keytype=$ktype4 ;;
 	esac
 	$SSHKEYGEN -t $keytype -f $f -C "" -N "" > /dev/null \
 		|| fatal "$SSHKEYGEN failed"
Index: regress/limit-keytype.sh
===================================================================
--- regress/limit-keytype.sh
+++ regress/limit-keytype.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: limit-keytype.sh,v 1.5 2018/03/12 00:52:57 djm Exp $
+#	$OpenBSD: limit-keytype.sh,v 1.6 2019/07/26 04:22:21 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="restrict pubkey type"
@@ -9,18 +9,27 @@
 mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
 mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig
 
+ktype1=ed25519; ktype2=$ktype1; ktype3=$ktype1; ktype4=$ktype1
+for t in `${SSH} -Q key-plain`; do
+	case "$t" in
+		ssh-rsa)	ktype2=rsa ;;
+		ecdsa*)		ktype3=ecdsa ;;  # unused
+		ssh-dss)	ktype4=dsa ;;
+	esac
+done
+
 # Create a CA key
-${SSHKEYGEN} -q -N '' -t ed25519  -f $OBJ/user_ca_key ||\
+${SSHKEYGEN} -q -N '' -t $ktype1 -f $OBJ/user_ca_key ||\
 	fatal "ssh-keygen failed"
 
 # Make some keys and a certificate.
-${SSHKEYGEN} -q -N '' -t ed25519 -f $OBJ/user_key1 || \
+${SSHKEYGEN} -q -N '' -t $ktype1 -f $OBJ/user_key1 || \
 	fatal "ssh-keygen failed"
-${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_key2 || \
+${SSHKEYGEN} -q -N '' -t $ktype2 -f $OBJ/user_key2 || \
 	fatal "ssh-keygen failed"
-${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/user_key3 || \
+${SSHKEYGEN} -q -N '' -t $ktype2 -f $OBJ/user_key3 || \
 	fatal "ssh-keygen failed"
-${SSHKEYGEN} -q -N '' -t dsa -f $OBJ/user_key4 || \
+${SSHKEYGEN} -q -N '' -t $ktype4 -f $OBJ/user_key4 || \
 	fatal "ssh-keygen failed"
 ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "regress user key for $USER" \
 	-z $$ -n ${USER},mekmitasdigoat $OBJ/user_key3 ||
@@ -51,6 +60,17 @@
  	) > $OBJ/sshd_proxy
 }
 
+# Return the required parameter for PubkeyAcceptedKeyTypes corresponding to
+# the supplied key type.
+keytype() {
+	case "$1" in
+		ecdsa)		printf "ecdsa-sha2-*" ;;
+		ed25519)	printf "ssh-ed25519" ;;
+		dsa)		printf "ssh-dss" ;;
+		rsa)		printf "rsa-sha2-256,rsa-sha2-512,ssh-rsa" ;;
+	esac
+}
+
 prepare_config
 
 # Check we can log in with all key types.
@@ -59,19 +79,21 @@
 ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
 
 # Allow plain Ed25519 and RSA. The certificate should fail.
-verbose "allow rsa,ed25519"
+verbose "allow $ktype2,$ktype1"
 prepare_config \
-	"PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-ed25519"
+	"PubkeyAcceptedKeyTypes `keytype $ktype2`,`keytype $ktype1`"
 ${SSH} $certopts proxy true && fatal "cert succeeded"
 ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
 ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
 
 # Allow Ed25519 only.
-verbose "allow ed25519"
-prepare_config "PubkeyAcceptedKeyTypes ssh-ed25519"
+verbose "allow $ktype1"
+prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype1`"
 ${SSH} $certopts proxy true && fatal "cert succeeded"
 ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
-${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded"
+if [ "$ktype1" != "$ktype2" ]; then
+	${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded"
+fi
 
 # Allow all certs. Plain keys should fail.
 verbose "allow cert only"
@@ -82,16 +104,18 @@
 
 # Allow RSA in main config, Ed25519 for non-existent user.
 verbose "match w/ no match"
-prepare_config "PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-512,ssh-rsa" \
-	"Match user x$USER" "PubkeyAcceptedKeyTypes +ssh-ed25519"
+prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype2`" \
+	"Match user x$USER" "PubkeyAcceptedKeyTypes +`keytype $ktype1`"
 ${SSH} $certopts proxy true && fatal "cert succeeded"
-${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded"
+if [ "$ktype1" != "$ktype2" ]; then
+	${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded"
+fi
 ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
 
 # Allow only DSA in main config, Ed25519 for user.
 verbose "match w/ matching"
-prepare_config "PubkeyAcceptedKeyTypes ssh-dss" \
-	"Match user $USER" "PubkeyAcceptedKeyTypes +ssh-ed25519"
+prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype4`" \
+	"Match user $USER" "PubkeyAcceptedKeyTypes +`keytype $ktype1`"
 ${SSH} $certopts proxy true || fatal "cert failed"
 ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
 ${SSH} $opts -i $OBJ/user_key4 proxy true && fatal "key4 succeeded"
Index: regress/misc/fuzz-harness/Makefile
===================================================================
--- regress/misc/fuzz-harness/Makefile
+++ regress/misc/fuzz-harness/Makefile
@@ -1,14 +1,16 @@
 # NB. libssh and libopenbsd-compat should be built with the same sanitizer opts.
-CXX=clang++-3.9
-FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge
+CXX=clang++-6.0
+FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge,trace-pc
 FUZZ_LIBS=-lFuzzer
 
 CXXFLAGS=-O2 -g -Wall -Wextra -I ../../.. $(FUZZ_FLAGS)
 LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
 LIBS=-lssh -lopenbsd-compat -lcrypto $(FUZZ_LIBS)
 
-all: pubkey_fuzz sig_fuzz authopt_fuzz
+TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz sshsigopt_fuzz
 
+all: $(TARGETS)
+
 .cc.o:
 	$(CXX) $(CXXFLAGS) -c $< -o $@
 
@@ -21,5 +23,11 @@
 authopt_fuzz: authopt_fuzz.o
 	$(CXX) -o $@ authopt_fuzz.o ../../../auth-options.o $(LDFLAGS) $(LIBS)
 
+sshsig_fuzz: sshsig_fuzz.o
+	$(CXX) -o $@ sshsig_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
+
+sshsigopt_fuzz: sshsigopt_fuzz.o
+	$(CXX) -o $@ sshsigopt_fuzz.o ../../../sshsig.o $(LDFLAGS) $(LIBS)
+
 clean:
-	-rm -f *.o pubkey_fuzz sig_fuzz authopt_fuzz
+	-rm -f *.o $(TARGETS)
Index: regress/misc/fuzz-harness/sshsig_fuzz.cc
===================================================================
--- /dev/null
+++ regress/misc/fuzz-harness/sshsig_fuzz.cc
@@ -0,0 +1,35 @@
+// cc_fuzz_target test for sshsig verification.
+
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+extern "C" {
+
+#include "includes.h"
+#include "sshkey.h"
+#include "ssherr.h"
+#include "sshbuf.h"
+#include "sshsig.h"
+#include "log.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* sig, size_t slen)
+{
+  static const char *data = "If everyone started announcing his nose had "
+      "run away, I don’t know how it would all end";
+  struct sshbuf *signature = sshbuf_from(sig, slen);
+  struct sshbuf *message = sshbuf_from(data, strlen(data));
+  struct sshkey *k = NULL;
+  extern char *__progname;
+
+  log_init(__progname, SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_USER, 1);
+  sshsig_verifyb(signature, message, "castle", &k);
+  sshkey_free(k);
+  sshbuf_free(signature);
+  sshbuf_free(message);
+  return 0;
+}
+
+} // extern
Index: regress/misc/fuzz-harness/sshsigopt_fuzz.cc
===================================================================
--- /dev/null
+++ regress/misc/fuzz-harness/sshsigopt_fuzz.cc
@@ -0,0 +1,29 @@
+#include <stddef.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+extern "C" {
+
+#include "sshsig.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	char *cp = (char *)malloc(size + 1);
+	struct sshsigopt *opts = NULL;
+
+	if (cp == NULL)
+		goto out;
+	memcpy(cp, data, size);
+	cp[size] = '\0';
+	if ((opts = sshsigopt_parse(cp, "libfuzzer", 0, NULL)) == NULL)
+		goto out;
+
+ out:
+	free(cp);
+	sshsigopt_free(opts);
+	return 0;
+}
+
+} // extern "C"
Index: regress/misc/kexfuzz/Makefile
===================================================================
--- regress/misc/kexfuzz/Makefile
+++ regress/misc/kexfuzz/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.3 2017/12/21 05:46:35 djm Exp $
+#	$OpenBSD: Makefile,v 1.4 2019/01/21 12:50:12 djm Exp $
 
 .include <bsd.own.mk>
 .include <bsd.obj.mk>
@@ -18,12 +18,21 @@
 SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
 SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
 SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
-SRCS+=kex.c kexc25519.c kexc25519c.c kexc25519s.c kexdh.c kexdhc.c kexdhs.c
-SRCS+=kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c kexgexs.c
-SRCS+=dh.c compat.c
-SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
+SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
 SRCS+=cipher-chachapoly.c chacha.c poly1305.c
-SRCS+=smult_curve25519_ref.c
+
+SRCS+=	kex.c
+SRCS+=	dh.c
+SRCS+=	kexdh.c
+SRCS+=	kexecdh.c
+SRCS+=	kexgex.c
+SRCS+=	kexgexc.c
+SRCS+=	kexgexs.c
+SRCS+=	kexc25519.c
+SRCS+=	smult_curve25519_ref.c
+SRCS+=	kexgen.c
+SRCS+=	kexsntrup4591761x25519.c
+SRCS+=	sntrup4591761.c
 
 SRCS+=digest-openssl.c
 #SRCS+=digest-libc.c
Index: regress/misc/kexfuzz/kexfuzz.c
===================================================================
--- regress/misc/kexfuzz/kexfuzz.c
+++ regress/misc/kexfuzz/kexfuzz.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: kexfuzz.c,v 1.4 2017/04/30 23:34:55 djm Exp $ */
+/* 	$OpenBSD: kexfuzz.c,v 1.5 2019/01/21 12:50:12 djm Exp $ */
 /*
  * Fuzz harness for KEX code
  *
@@ -29,8 +29,6 @@
 #include "authfile.h"
 #include "log.h"
 
-struct ssh *active_state = NULL; /* XXX - needed for linking */
-
 void kex_tests(void);
 static int do_debug = 0;
 
@@ -275,18 +273,18 @@
 	ASSERT_PTR_NE(server2->kex, NULL);
 	/* XXX we need to set the callbacks */
 #ifdef WITH_OPENSSL
-	server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
-	server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
-	server2->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
-	server2->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
-	server2->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
+	server2->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
+	server2->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
+	server2->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
+	server2->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
+	server2->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
 	server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 	server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 # ifdef OPENSSL_HAS_ECC
-	server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+	server2->kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
 # endif
 #endif
-	server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+	server2->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
 	server2->kex->load_host_public_key = server->kex->load_host_public_key;
 	server2->kex->load_host_private_key = server->kex->load_host_private_key;
 	server2->kex->sign = server->kex->sign;
Index: regress/multiplex.sh
===================================================================
--- regress/multiplex.sh
+++ regress/multiplex.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: multiplex.sh,v 1.28 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: multiplex.sh,v 1.30 2019/07/05 04:03:13 dtucker Exp $
 #	Placed in the Public Domain.
 
 make_tmpdir
@@ -81,6 +81,7 @@
 $NC -N -l 127.0.0.1 $((${PORT} + 1)) < ${DATA} > /dev/null &
 netcat_pid=$!
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L127.0.0.1:$((${PORT} + 2)):127.0.0.1:$((${PORT} + 1)) otherhost >>$TEST_SSH_LOGFILE 2>&1
+sleep 1  # XXX remove once race fixed
 $NC 127.0.0.1 $((${PORT} + 2)) < /dev/null > ${COPY}
 cmp ${DATA} ${COPY}		|| fail "ssh: corrupted copy of ${DATA}"
 kill $netcat_pid 2>/dev/null
@@ -91,7 +92,8 @@
 netcat_pid=$!
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L$OBJ/unix-2.fwd:$OBJ/unix-1.fwd otherhost >>$TEST_SSH_LOGFILE 2>&1
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R$OBJ/unix-3.fwd:$OBJ/unix-2.fwd otherhost >>$TEST_SSH_LOGFILE 2>&1
-$NC -U $OBJ/unix-3.fwd < /dev/null > ${COPY} 2>/dev/null
+sleep 1  # XXX remove once race fixed
+$NC -U $OBJ/unix-3.fwd < /dev/null > ${COPY}
 cmp ${DATA} ${COPY}		|| fail "ssh: corrupted copy of ${DATA}"
 kill $netcat_pid 2>/dev/null
 rm -f ${COPY} $OBJ/unix-[123].fwd
@@ -122,6 +124,7 @@
 verbose "test $tid: cmd forward local (TCP)"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $P:localhost:$PORT otherhost \
      || fail "request local forward failed"
+sleep 1  # XXX remove once race fixed
 ${SSH} -F $OBJ/ssh_config -p$P otherhost true \
      || fail "connect to local forward port failed"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $P:localhost:$PORT otherhost \
@@ -132,6 +135,7 @@
 verbose "test $tid: cmd forward remote (TCP)"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $P:localhost:$PORT otherhost \
      || fail "request remote forward failed"
+sleep 1  # XXX remove once race fixed
 ${SSH} -F $OBJ/ssh_config -p$P otherhost true \
      || fail "connect to remote forwarded port failed"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $P:localhost:$PORT otherhost \
@@ -142,7 +146,9 @@
 verbose "test $tid: cmd forward local (UNIX)"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -L $OBJ/unix-1.fwd:localhost:$PORT otherhost \
      || fail "request local forward failed"
-echo "" | $NC -U $OBJ/unix-1.fwd | grep "Protocol mismatch" >/dev/null 2>&1 \
+sleep 1  # XXX remove once race fixed
+echo "" | $NC -U $OBJ/unix-1.fwd | \
+    grep "Invalid SSH identification string" >/dev/null 2>&1 \
      || fail "connect to local forward path failed"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -L $OBJ/unix-1.fwd:localhost:$PORT otherhost \
      || fail "cancel local forward failed"
@@ -153,7 +159,9 @@
 verbose "test $tid: cmd forward remote (UNIX)"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Oforward -R $OBJ/unix-1.fwd:localhost:$PORT otherhost \
      || fail "request remote forward failed"
-echo "" | $NC -U $OBJ/unix-1.fwd | grep "Protocol mismatch" >/dev/null 2>&1 \
+sleep 1  # XXX remove once race fixed
+echo "" | $NC -U $OBJ/unix-1.fwd | \
+    grep "Invalid SSH identification string" >/dev/null 2>&1 \
      || fail "connect to remote forwarded path failed"
 ${SSH} -F $OBJ/ssh_config -S $CTL -Ocancel -R $OBJ/unix-1.fwd:localhost:$PORT otherhost \
      || fail "cancel remote forward failed"
Index: regress/multipubkey.sh
===================================================================
--- regress/multipubkey.sh
+++ regress/multipubkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: multipubkey.sh,v 1.1 2014/12/22 08:06:03 djm Exp $
+#	$OpenBSD: multipubkey.sh,v 1.2 2018/10/31 11:09:27 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="multiple pubkey"
@@ -31,7 +31,7 @@
 opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
 opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2"
 
-for privsep in no yes; do
+for privsep in yes sandbox ; do
 	(
 		grep -v "Protocol"  $OBJ/sshd_proxy.orig
 		echo "Protocol 2"
Index: regress/principals-command.sh
===================================================================
--- regress/principals-command.sh
+++ regress/principals-command.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: principals-command.sh,v 1.4 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: principals-command.sh,v 1.7 2019/09/06 04:24:06 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="authorized principals command"
@@ -12,12 +12,17 @@
 	exit 0
 fi
 
+case "`${SSH} -Q key-plain`" in
+	*ssh-rsa*)	userkeytype=rsa ;;
+	*)		userkeytype=ed25519 ;;
+esac
+
 SERIAL=$$
 
 # Create a CA key and a user certificate.
 ${SSHKEYGEN} -q -N '' -t ed25519  -f $OBJ/user_ca_key || \
 	fatal "ssh-keygen of user_ca_key failed"
-${SSHKEYGEN} -q -N '' -t rsa -f $OBJ/cert_user_key || \
+${SSHKEYGEN} -q -N '' -t ${userkeytype} -f $OBJ/cert_user_key || \
 	fatal "ssh-keygen of cert_user_key failed"
 ${SSHKEYGEN} -q -s $OBJ/user_ca_key -I "Joanne User" \
     -z $$ -n ${USER},mekmitasdigoat $OBJ/cert_user_key || \
@@ -30,11 +35,12 @@
 
 # Establish a AuthorizedPrincipalsCommand in /var/run where it will have
 # acceptable directory permissions.
-PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}"
+PRINCIPALS_COMMAND="/var/run/principals_command_${LOGNAME}.$$"
+trap "$SUDO rm -f ${PRINCIPALS_COMMAND}" 0
 cat << _EOF | $SUDO sh -c "cat > '$PRINCIPALS_COMMAND'"
 #!/bin/sh
 test "x\$1" != "x${LOGNAME}" && exit 1
-test "x\$2" != "xssh-rsa-cert-v01@openssh.com" && exit 1
+test "x\$2" != "xssh-${userkeytype}-cert-v01@openssh.com" && exit 1
 test "x\$3" != "xssh-ed25519" && exit 1
 test "x\$4" != "xJoanne User" && exit 1
 test "x\$5" != "x${SERIAL}" && exit 1
@@ -57,7 +63,7 @@
 
 if [ -x $PRINCIPALS_COMMAND ]; then
 	# Test explicitly-specified principals
-	for privsep in yes no ; do
+	for privsep in yes sandbox ; do
 		_prefix="privsep $privsep"
 
 		# Setup for AuthorizedPrincipalsCommand
Index: regress/scp-ssh-wrapper.sh
===================================================================
--- regress/scp-ssh-wrapper.sh
+++ regress/scp-ssh-wrapper.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-#       $OpenBSD: scp-ssh-wrapper.sh,v 1.3 2014/01/26 10:49:17 djm Exp $
+#       $OpenBSD: scp-ssh-wrapper.sh,v 1.4 2019/07/19 03:45:44 djm Exp $
 #       Placed in the Public Domain.
 
 printname () {
@@ -49,6 +49,18 @@
 	printname $BAD
 	echo "D0755 0 .."
 	echo "C755 2 file"
+	echo "X"
+	;;
+badserver_5)
+	echo "D0555 0 "
+	echo "X"
+	;;
+badserver_6)
+	echo "D0555 0 ."
+	echo "X"
+	;;
+badserver_7)
+	echo "C0755 2 extrafile"
 	echo "X"
 	;;
 *)
Index: regress/scp.sh
===================================================================
--- regress/scp.sh
+++ regress/scp.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: scp.sh,v 1.10 2014/01/26 10:49:17 djm Exp $
+#	$OpenBSD: scp.sh,v 1.11 2019/07/19 03:45:44 djm Exp $
 #	Placed in the Public Domain.
 
 tid="scp"
@@ -25,6 +25,7 @@
 scpclean() {
 	rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
 	mkdir ${DIR} ${DIR2}
+	chmod 755 ${DIR} ${DIR2}
 }
 
 verbose "$tid: simple copy local file to local file"
@@ -101,7 +102,7 @@
 	$SUDO rm ${DIR2}/copy
 fi
 
-for i in 0 1 2 3 4; do
+for i in 0 1 2 3 4 5 6 7; do
 	verbose "$tid: disallow bad server #$i"
 	SCPTESTMODE=badserver_$i
 	export DIR SCPTESTMODE
@@ -113,6 +114,15 @@
 	scpclean
 	$SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
 	[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
+
+	scpclean
+	$SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+	[ ! -w ${DIR2} ] && fail "allows target root attribute change"
+
+	scpclean
+	$SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+	[ -e ${DIR2}/extrafile ] && fail "allows unauth object creation"
+	rm -f ${DIR2}/extrafile
 done
 
 verbose "$tid: detect non-directory target"
Index: regress/sftp-chroot.sh
===================================================================
--- regress/sftp-chroot.sh
+++ regress/sftp-chroot.sh
@@ -1,11 +1,12 @@
-#	$OpenBSD: sftp-chroot.sh,v 1.6 2018/02/09 03:42:57 dtucker Exp $
+#	$OpenBSD: sftp-chroot.sh,v 1.7 2018/11/22 08:48:32 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="sftp in chroot"
 
 CHROOT=/var/run
-FILENAME=testdata_${USER}
+FILENAME=testdata_${USER}.$$
 PRIVDATA=${CHROOT}/${FILENAME}
+trap "${SUDO} rm -f ${PRIVDATA}" 0
 
 if [ -z "$SUDO" -a ! -w /var/run ]; then
 	echo "need SUDO to create file in /var/run, test won't work without"
@@ -28,5 +29,3 @@
     >>$TEST_REGRESS_LOGFILE 2>&1 || \
 	fatal "Fetch ${FILENAME} failed"
 cmp $PRIVDATA $COPY || fail "$PRIVDATA $COPY differ"
-
-$SUDO rm $PRIVDATA
Index: regress/sftp-cmds.sh
===================================================================
--- regress/sftp-cmds.sh
+++ regress/sftp-cmds.sh
@@ -77,7 +77,6 @@
 	|| fail "get failed"
 cmp $DATA ${COPY} || fail "corrupted copy after get"
 
-if [ "$os" != "cygwin" ]; then
 rm -f ${QUOTECOPY}
 cp $DATA ${QUOTECOPY}
 verbose "$tid: get filename with quotes"
@@ -85,7 +84,6 @@
 	|| fail "get failed"
 cmp ${COPY} ${QUOTECOPY} || fail "corrupted copy after get with quotes"
 rm -f ${QUOTECOPY} ${COPY}
-fi
 
 rm -f "$SPACECOPY" ${COPY}
 cp $DATA "$SPACECOPY"
@@ -136,13 +134,11 @@
 	${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed"
 cmp $DATA ${COPY} || fail "corrupted copy after put"
 
-if [ "$os" != "cygwin" ]; then
 rm -f ${QUOTECOPY}
 verbose "$tid: put filename with quotes"
 echo "put $DATA \"$QUOTECOPY_ARG\"" | \
 	${SFTP} -D ${SFTPSERVER} >/dev/null 2>&1 || fail "put failed"
 cmp $DATA ${QUOTECOPY} || fail "corrupted copy after put with quotes"
-fi
 
 rm -f "$SPACECOPY"
 verbose "$tid: put filename with spaces"
Index: regress/sshcfgparse.sh
===================================================================
--- regress/sshcfgparse.sh
+++ regress/sshcfgparse.sh
@@ -1,8 +1,15 @@
-#	$OpenBSD: sshcfgparse.sh,v 1.4 2018/07/04 13:51:12 djm Exp $
+#	$OpenBSD: sshcfgparse.sh,v 1.5 2019/07/23 13:32:48 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="ssh config parse"
 
+dsa=0
+for t in $SSH_KEYTYPES; do
+	case "$t" in
+		ssh-dss)	dsa=1 ;;
+	esac
+done
+
 expect_result_present() {
 	_str="$1" ; shift
 	for _expect in "$@" ; do
@@ -75,15 +82,17 @@
 expect_result_present "$f" "ssh-ed25519-cert-v01.*"
 expect_result_absent "$f" "ssh-ed25519" "ssh-dss"
 # Append to default set.
-# XXX this will break for !WITH_OPENSSL
-f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss-cert* host | \
-    awk '/^pubkeyacceptedkeytypes /{print $2}'`
-expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*"
-expect_result_absent "$f" "ssh-dss"
-f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss host | \
-    awk '/^pubkeyacceptedkeytypes /{print $2}'`
-expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss"
-expect_result_absent "$f" "ssh-dss-cert-v01.*"
+# This is not tested when built !WITH_OPENSSL
+if [ "$dsa" = "1" ]; then
+	f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss-cert* host | \
+	    awk '/^pubkeyacceptedkeytypes /{print $2}'`
+	expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*"
+	expect_result_absent "$f" "ssh-dss"
+	f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss host | \
+	    awk '/^pubkeyacceptedkeytypes /{print $2}'`
+	expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss"
+	expect_result_absent "$f" "ssh-dss-cert-v01.*"
+fi
 
 # cleanup
 rm -f $OBJ/ssh_config.[012]
Index: regress/sshsig.sh
===================================================================
--- /dev/null
+++ regress/sshsig.sh
@@ -0,0 +1,196 @@
+#	$OpenBSD: sshsig.sh,v 1.2 2019/10/04 03:39:19 djm Exp $
+#	Placed in the Public Domain.
+
+tid="sshsig"
+
+DATA2=$OBJ/${DATANAME}.2
+cat ${DATA} ${DATA} > ${DATA2}
+
+rm -f $OBJ/sshsig-*.sig $OBJ/wrong-key* $OBJ/sigca-key*
+
+sig_namespace="test-$$"
+sig_principal="user-$$@example.com"
+
+# Make a "wrong key"
+${SSHKEYGEN} -t ed25519 -f $OBJ/wrong-key -C "wrong trousers, Grommit" -N '' \
+	|| fatal "couldn't generate key"
+WRONG=$OBJ/wrong-key.pub
+
+# Make a CA key.
+${SSHKEYGEN} -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \
+	|| fatal "couldn't generate key"
+CA_PRIV=$OBJ/sigca-key
+CA_PUB=$OBJ/sigca-key.pub
+
+trace "start agent"
+eval `${SSHAGENT} -s` > /dev/null
+r=$?
+if [ $r -ne 0 ]; then
+	fatal "could not start ssh-agent: exit code $r"
+fi
+
+SIGNKEYS="$SSH_KEYTYPES"
+verbose "$tid: make certificates"
+for t in $SSH_KEYTYPES ; do
+	${SSHKEYGEN} -q -s $CA_PRIV -z $$ \
+	    -I "regress signature key for $USER" \
+	    -n $sig_principal $OBJ/${t} || \
+		fatal "couldn't sign ${t}"
+	SIGNKEYS="$SIGNKEYS ${t}-cert.pub"
+done
+
+for t in $SIGNKEYS; do
+	verbose "$tid: check signature for $t"
+	keybase=`basename $t .pub`
+	privkey=${OBJ}/`basename $t -cert.pub`
+	sigfile=${OBJ}/sshsig-${keybase}.sig
+	sigfile_agent=${OBJ}/sshsig-agent-${keybase}.sig
+	pubkey=${OBJ}/${keybase}.pub
+
+	${SSHKEYGEN} -vvv -Y sign -f ${OBJ}/$t -n $sig_namespace \
+		< $DATA > $sigfile 2>/dev/null || fail "sign using $t failed"
+
+	(printf "$sig_principal " ; cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 || \
+		fail "failed signature for $t key"
+
+	(printf "$sig_principal namespaces=\"$sig_namespace,whatever\" ";
+	 cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 || \
+		fail "failed signature for $t key w/ limited namespace"
+
+	# Invalid option
+	(printf "$sig_principal octopus " ; cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 && \
+		fail "accepted signature for $t key with bad signers option"
+
+	# Wrong key trusted.
+	(printf "$sig_principal " ; cat $WRONG) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 && \
+		fail "accepted signature for $t key with wrong key trusted"
+
+	# incorrect data
+	(printf "$sig_principal " ; cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA2 >/dev/null 2>&1 && \
+		fail "passed signature for wrong data with $t key"
+
+	# wrong principal in signers
+	(printf "josef.k@example.com " ; cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 && \
+		fail "accepted signature for $t key with wrong principal"
+
+	# wrong namespace
+	(printf "$sig_principal " ; cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n COWS_COWS_COWS \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 && \
+		fail "accepted signature for $t key with wrong namespace"
+
+	# namespace excluded by option
+	(printf "$sig_principal namespaces=\"whatever\" " ;
+	 cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 && \
+		fail "accepted signature for $t key with excluded namespace"
+
+	# public key in revoked keys file
+	cat $pubkey > $OBJ/revoked_keys
+	(printf "$sig_principal namespaces=\"whatever\" " ;
+	 cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		-r $OBJ/revoked_keys \
+		< $DATA >/dev/null 2>&1 && \
+		fail "accepted signature for $t key, but key is in revoked_keys"
+
+	# public key not revoked, but other are present in revoked_keysfile
+	cat $WRONG > $OBJ/revoked_keys
+	(printf "$sig_principal " ; cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		-r $OBJ/revoked_keys \
+		< $DATA >/dev/null 2>&1 || \
+		fail "couldn't verify signature for $t key, but key not in revoked_keys"
+
+	# check-novalidate with valid data
+	${SSHKEYGEN} -vvv -Y check-novalidate -s $sigfile -n $sig_namespace \
+		< $DATA >/dev/null 2>&1 || \
+		fail "failed to check valid signature for $t key"
+
+	# check-novalidate with invalid data
+	${SSHKEYGEN} -vvv -Y check-novalidate -s $sigfile -n $sig_namespace \
+		< $DATA2 >/dev/null 2>&1 && \
+		fail "sucessfully checked signature for $t key with invalid data"
+
+	# Check signing keys using ssh-agent.
+	${SSHADD} -D >/dev/null 2>&1 # Remove all previously-loaded keys.
+	${SSHADD} ${privkey} > /dev/null 2>&1 || fail "ssh-add failed"
+
+	# Move private key to ensure agent key is used
+	mv ${privkey} ${privkey}.tmp
+
+	${SSHKEYGEN} -vvv -Y sign -f $pubkey -n $sig_namespace \
+		< $DATA > $sigfile_agent 2>/dev/null || \
+		fail "ssh-agent based sign using $pubkey failed"
+	${SSHKEYGEN} -vvv -Y check-novalidate -s $sigfile_agent \
+		-n $sig_namespace < $DATA >/dev/null 2>&1 || \
+		fail "failed to check valid signature for $t key"
+
+	# Move private key back
+	mv ${privkey}.tmp ${privkey}
+
+	# Remaining tests are for certificates only.
+	case "$keybase" in
+		*-cert) ;;
+		*) continue ;;
+	esac
+
+
+	# correct CA key
+	(printf "$sig_principal cert-authority " ;
+	 cat $CA_PUB) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 || \
+		fail "failed signature for $t cert"
+
+	# signing key listed as cert-authority
+	(printf "$sig_principal cert-authority" ;
+	 cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 && \
+		fail "accepted signature with $t key listed as CA"
+
+	# CA key not flagged cert-authority
+	(printf "$sig_principal " ; cat $CA_PUB) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 && \
+		fail "accepted signature for $t cert with CA not marked"
+
+	# mismatch between cert principal and file
+	(printf "josef.k@example.com cert-authority" ;
+	 cat $CA_PUB) > $OBJ/allowed_signers
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 && \
+		fail "accepted signature for $t cert with wrong principal"
+done
+
+trace "kill agent"
+${SSHAGENT} -k > /dev/null
+
Index: regress/test-exec.sh
===================================================================
--- regress/test-exec.sh
+++ regress/test-exec.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: test-exec.sh,v 1.64 2018/08/10 01:35:49 dtucker Exp $
+#	$OpenBSD: test-exec.sh,v 1.66 2019/07/05 04:12:46 dtucker Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
@@ -12,10 +12,6 @@
 	BIN_SH=xpg4
 	export BIN_SH
 	;;
-CYGWIN_NT-5.0)
-	os=cygwin
-	TEST_SSH_IPV6=no
-	;;
 CYGWIN*)
 	os=cygwin
 	;;
@@ -156,13 +152,22 @@
 SCP_BIN=${SCP}
 
 if [ "x$USE_VALGRIND" != "x" ]; then
-	mkdir -p $OBJ/valgrind-out
+	rm -rf $OBJ/valgrind-out $OBJ/valgrind-vgdb
+	mkdir -p $OBJ/valgrind-out $OBJ/valgrind-vgdb
+	# When using sudo ensure low-priv tests can write pipes and logs.
+	if [ "x$SUDO" != "x" ]; then
+		chmod 777 $OBJ/valgrind-out $OBJ/valgrind-vgdb
+	fi
 	VG_TEST=`basename $SCRIPT .sh`
 
 	# Some tests are difficult to fix.
 	case "$VG_TEST" in
-	connect-privsep|reexec)
+	reexec)
 		VG_SKIP=1 ;;
+	sftp-chroot)
+		if [ "x${SUDO}" != "x" ]; then
+			VG_SKIP=1
+		fi ;;
 	esac
 
 	if [ x"$VG_SKIP" = "x" ]; then
@@ -175,6 +180,7 @@
 		VG_OPTS="--track-origins=yes $VG_LEAK"
 		VG_OPTS="$VG_OPTS --trace-children=yes"
 		VG_OPTS="$VG_OPTS --trace-children-skip=${VG_IGNORE}"
+		VG_OPTS="$VG_OPTS --vgdb-prefix=$OBJ/valgrind-vgdb/"
 		VG_PATH="valgrind"
 		if [ "x$VALGRIND_PATH" != "x" ]; then
 			VG_PATH="$VALGRIND_PATH"
@@ -469,11 +475,11 @@
 
 rm -f $OBJ/known_hosts $OBJ/authorized_keys_$USER
 
-SSH_KEYTYPES="rsa ed25519"
+SSH_KEYTYPES=`$SSH -Q key-plain`
 
-trace "generate keys"
 for t in ${SSH_KEYTYPES}; do
 	# generate user key
+	trace "generating key type $t"
 	if [ ! -f $OBJ/$t ] || [ ${SSHKEYGEN_BIN} -nt $OBJ/$t ]; then
 		rm -f $OBJ/$t
 		${SSHKEYGEN} -q -N '' -t $t  -f $OBJ/$t ||\
@@ -531,13 +537,13 @@
 	    >> $OBJ/authorized_keys_$USER
 
 	# Convert rsa2 host key to PuTTY format
-	cp $OBJ/rsa $OBJ/rsa_oldfmt
-	${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/rsa_oldfmt >/dev/null
-	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/rsa_oldfmt > \
+	cp $OBJ/ssh-rsa $OBJ/ssh-rsa_oldfmt
+	${SSHKEYGEN} -p -N '' -m PEM -f $OBJ/ssh-rsa_oldfmt >/dev/null
+	${SRC}/ssh2putty.sh 127.0.0.1 $PORT $OBJ/ssh-rsa_oldfmt > \
 	    ${OBJ}/.putty/sshhostkeys
-	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/rsa_oldfmt >> \
+	${SRC}/ssh2putty.sh 127.0.0.1 22 $OBJ/ssh-rsa_oldfmt >> \
 	    ${OBJ}/.putty/sshhostkeys
-	rm -f $OBJ/rsa_oldfmt
+	rm -f $OBJ/ssh-rsa_oldfmt
 
 	# Setup proxied session
 	mkdir -p ${OBJ}/.putty/sessions
@@ -585,6 +591,31 @@
 
 # kill sshd
 cleanup
+
+if [ "x$USE_VALGRIND" != "x" ]; then
+	# wait for any running process to complete
+	wait; sleep 1
+	VG_RESULTS=$(find $OBJ/valgrind-out -type f -print)
+	VG_RESULT_COUNT=0
+	VG_FAIL_COUNT=0
+	for i in $VG_RESULTS; do
+		if grep "ERROR SUMMARY" $i >/dev/null; then
+			VG_RESULT_COUNT=$(($VG_RESULT_COUNT + 1))
+			if ! grep "ERROR SUMMARY: 0 errors" $i >/dev/null; then
+				VG_FAIL_COUNT=$(($VG_FAIL_COUNT + 1))
+				RESULT=1
+				verbose valgrind failure $i
+				cat $i
+			fi
+		fi
+	done
+	if [ x"$VG_SKIP" != "x" ]; then
+		verbose valgrind skipped
+	else
+		verbose valgrind results $VG_RESULT_COUNT failures $VG_FAIL_COUNT
+	fi
+fi
+
 if [ $RESULT -eq 0 ]; then
 	verbose ok $tid
 else
Index: regress/unittests/Makefile
===================================================================
--- regress/unittests/Makefile
+++ regress/unittests/Makefile
@@ -1,7 +1,7 @@
-#	$OpenBSD: Makefile,v 1.10 2018/03/03 03:16:17 djm Exp $
+#	$OpenBSD: Makefile,v 1.11 2019/04/28 22:53:26 dtucker Exp $
 
 REGRESS_FAIL_EARLY?=	yes
 SUBDIR=	test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion
-SUBDIR+=authopt
+SUBDIR+=authopt misc
 
 .include <bsd.subdir.mk>
Index: regress/unittests/Makefile.inc
===================================================================
--- regress/unittests/Makefile.inc
+++ regress/unittests/Makefile.inc
@@ -1,8 +1,25 @@
-#	$OpenBSD: Makefile.inc,v 1.12 2017/12/21 00:41:22 djm Exp $
+#	$OpenBSD: Makefile.inc,v 1.13 2018/10/17 23:28:05 djm Exp $
 
+REGRESS_FAIL_EARLY?=	yes
+
 .include <bsd.own.mk>
 .include <bsd.obj.mk>
 
+# User-settable options
+UNITTEST_FAST?= no	# Skip slow tests (e.g. less intensive fuzzing).
+UNITTEST_SLOW?= no	# Include slower tests (e.g. more intensive fuzzing).
+UNITTEST_VERBOSE?= no	# Verbose test output (inc. per-test names).
+
+MALLOC_OPTIONS?=	CFGJRSUX
+TEST_ENV?=		MALLOC_OPTIONS=${MALLOC_OPTIONS}
+
+# XXX detect from ssh binary?
+OPENSSL?=	yes
+
+.if (${OPENSSL:L} == "yes")
+CFLAGS+=	-DWITH_OPENSSL
+.endif
+
 # enable warnings
 WARNINGS=Yes
 
@@ -49,5 +66,21 @@
 
 .PATH: ${.CURDIR}/${SSHREL}
 
+LDADD+= -lutil
+DPADD+= ${LIBUTIL}
+
+.if (${OPENSSL:L} == "yes")
 LDADD+= -lcrypto
 DPADD+= ${LIBCRYPTO}
+.endif
+
+UNITTEST_ARGS?=
+
+.if (${UNITTEST_VERBOSE:L} != "no")
+UNITTEST_ARGS+= -v
+.endif
+.if (${UNITTEST_FAST:L} != "no")
+UNITTEST_ARGS+= -f
+.elif (${UNITTEST_SLOW:L} != "no")
+UNITTEST_ARGS+= -F
+.endif
Index: regress/unittests/bitmap/tests.c
===================================================================
--- regress/unittests/bitmap/tests.c
+++ regress/unittests/bitmap/tests.c
@@ -16,7 +16,9 @@
 #include <stdlib.h>
 #include <string.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/bn.h>
+#endif
 
 #include "../test_helper/test_helper.h"
 
@@ -27,6 +29,7 @@
 void
 tests(void)
 {
+#ifdef WITH_OPENSSL
 	struct bitmap *b;
 	BIGNUM *bn;
 	size_t len;
@@ -131,5 +134,6 @@
 	bitmap_free(b);
 	BN_free(bn);
 	TEST_DONE();
+#endif
 }
 
Index: regress/unittests/conversion/tests.c
===================================================================
--- regress/unittests/conversion/tests.c
+++ regress/unittests/conversion/tests.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: tests.c,v 1.1 2017/03/14 01:20:29 dtucker Exp $ */
+/* 	$OpenBSD: tests.c,v 1.2 2019/06/14 04:03:48 djm Exp $ */
 /*
  * Regress test for conversions
  *
@@ -40,6 +40,8 @@
 	ASSERT_LONG_EQ(convtime("-9d"), -1);
 	
 	/* overflow */
+	snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX);
+	ASSERT_LONG_EQ(convtime(buf), -1);
 	snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX + 1);
 	ASSERT_LONG_EQ(convtime(buf), -1);
 
Index: regress/unittests/hostkeys/test_iterate.c
===================================================================
--- regress/unittests/hostkeys/test_iterate.c
+++ regress/unittests/hostkeys/test_iterate.c
@@ -57,7 +57,7 @@
 	int parse_key = (ctx->flags & HKF_WANT_PARSE_KEY) != 0;
 	const int matching = (ctx->flags & HKF_WANT_MATCH) != 0;
 	u_int expected_status, expected_match;
-	int expected_keytype;
+	int expected_keytype, skip = 0;
 
 	test_subtest_info("entry %zu/%zu, file line %ld",
 	    ctx->i + 1, ctx->nexpected, l->linenum);
@@ -92,13 +92,23 @@
 
 #ifndef OPENSSL_HAS_ECC
 	if (expected->l.keytype == KEY_ECDSA ||
-	    expected->no_parse_keytype == KEY_ECDSA) {
+	    expected->no_parse_keytype == KEY_ECDSA)
+		skip = 1;
+#endif /* OPENSSL_HAS_ECC */
+#ifndef WITH_OPENSSL
+	if (expected->l.keytype == KEY_DSA ||
+	    expected->no_parse_keytype == KEY_DSA ||
+	    expected->l.keytype == KEY_RSA ||
+	    expected->no_parse_keytype == KEY_RSA ||
+	    expected->l.keytype == KEY_ECDSA ||
+	    expected->no_parse_keytype == KEY_ECDSA)
+		skip = 1;
+#endif /* WITH_OPENSSL */
+	if (skip) {
 		expected_status = HKF_STATUS_INVALID;
 		expected_keytype = KEY_UNSPEC;
 		parse_key = 0;
 	}
-#endif
-
 	UPDATE_MATCH_STATUS(match_host_p);
 	UPDATE_MATCH_STATUS(match_host_s);
 	UPDATE_MATCH_STATUS(match_ipv4);
@@ -145,7 +155,15 @@
 #ifndef OPENSSL_HAS_ECC
 		if (expected[i].l.keytype == KEY_ECDSA)
 			continue;
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#ifndef WITH_OPENSSL
+		switch (expected[i].l.keytype) {
+		case KEY_RSA:
+		case KEY_DSA:
+		case KEY_ECDSA:
+			continue;
+		}
+#endif /* WITH_OPENSSL */
 		ASSERT_INT_EQ(sshkey_load_public(
 		    test_data_file(expected[i].key_file), &expected[i].l.key,
 		    NULL), 0);
Index: regress/unittests/kex/Makefile
===================================================================
--- regress/unittests/kex/Makefile
+++ regress/unittests/kex/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $
+#	$OpenBSD: Makefile,v 1.6 2019/01/21 12:35:20 djm Exp $
 
 PROG=test_kex
 SRCS=tests.c test_kex.c
@@ -9,12 +9,21 @@
 SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
 SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
 SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
-SRCS+=kex.c kexc25519.c kexc25519c.c kexc25519s.c kexdh.c kexdhc.c kexdhs.c
-SRCS+=kexecdh.c kexecdhc.c kexecdhs.c kexgex.c kexgexc.c kexgexs.c
-SRCS+=dh.c compat.c
-SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
+SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
 SRCS+=cipher-chachapoly.c chacha.c poly1305.c
-SRCS+=smult_curve25519_ref.c
+
+SRCS+=	kex.c
+SRCS+=	dh.c
+SRCS+=	kexdh.c
+SRCS+=	kexecdh.c
+SRCS+=	kexgex.c
+SRCS+=	kexgexc.c
+SRCS+=	kexgexs.c
+SRCS+=	kexc25519.c
+SRCS+=	smult_curve25519_ref.c
+SRCS+=	kexgen.c
+SRCS+=	kexsntrup4591761x25519.c
+SRCS+=	sntrup4591761.c
 
 SRCS+=digest-openssl.c
 #SRCS+=digest-libc.c
Index: regress/unittests/kex/test_kex.c
===================================================================
--- regress/unittests/kex/test_kex.c
+++ regress/unittests/kex/test_kex.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_kex.c,v 1.2 2015/07/10 06:23:25 markus Exp $ */
+/* 	$OpenBSD: test_kex.c,v 1.4 2019/01/21 12:35:20 djm Exp $ */
 /*
  * Regress test KEX
  *
@@ -24,8 +24,6 @@
 #include "packet.h"
 #include "myproposal.h"
 
-struct ssh *active_state = NULL; /* XXX - needed for linking */
-
 void kex_tests(void);
 static int do_debug = 0;
 
@@ -139,20 +137,21 @@
 	ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0);
 	ASSERT_PTR_NE(server2, NULL);
 	ASSERT_INT_EQ(ssh_add_hostkey(server2, private), 0);
-	kex_free(server2->kex);	/* XXX or should ssh_packet_set_state()? */
 	ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0);
 	ASSERT_INT_EQ(sshbuf_len(state), 0);
 	sshbuf_free(state);
 	ASSERT_PTR_NE(server2->kex, NULL);
 	/* XXX we need to set the callbacks */
-	server2->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
-	server2->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
+#ifdef WITH_OPENSSL
+	server2->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
+	server2->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
 	server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 	server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 #ifdef OPENSSL_HAS_ECC
-	server2->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
-#endif
-	server2->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+	server2->kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
+	server2->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
 	server2->kex->load_host_public_key = server->kex->load_host_public_key;
 	server2->kex->load_host_private_key = server->kex->load_host_private_key;
 	server2->kex->sign = server->kex->sign;
@@ -178,11 +177,13 @@
 static void
 do_kex(char *kex)
 {
+#ifdef WITH_OPENSSL
 	do_kex_with_key(kex, KEY_RSA, 2048);
 	do_kex_with_key(kex, KEY_DSA, 1024);
 #ifdef OPENSSL_HAS_ECC
 	do_kex_with_key(kex, KEY_ECDSA, 256);
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 	do_kex_with_key(kex, KEY_ED25519, 256);
 }
 
@@ -190,13 +191,15 @@
 kex_tests(void)
 {
 	do_kex("curve25519-sha256@libssh.org");
+#ifdef WITH_OPENSSL
 #ifdef OPENSSL_HAS_ECC
 	do_kex("ecdh-sha2-nistp256");
 	do_kex("ecdh-sha2-nistp384");
 	do_kex("ecdh-sha2-nistp521");
-#endif
+#endif /* OPENSSL_HAS_ECC */
 	do_kex("diffie-hellman-group-exchange-sha256");
 	do_kex("diffie-hellman-group-exchange-sha1");
 	do_kex("diffie-hellman-group14-sha1");
 	do_kex("diffie-hellman-group1-sha1");
+#endif /* WITH_OPENSSL */
 }
Index: regress/unittests/sshbuf/Makefile
===================================================================
--- regress/unittests/sshbuf/Makefile
+++ regress/unittests/sshbuf/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.6 2017/12/21 00:41:22 djm Exp $
+#	$OpenBSD: Makefile,v 1.7 2018/10/17 23:28:05 djm Exp $
 
 .include <bsd.regress.mk>
 
@@ -17,6 +17,5 @@
 SRCS+=atomicio.c
 
 run-regress-${PROG}: ${PROG}
-	env ${TEST_ENV} ./${PROG}
- 
+	env ${TEST_ENV} ./${PROG} ${UNITTEST_ARGS}
 
Index: regress/unittests/sshbuf/test_sshbuf_fuzz.c
===================================================================
--- regress/unittests/sshbuf/test_sshbuf_fuzz.c
+++ regress/unittests/sshbuf/test_sshbuf_fuzz.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_sshbuf_fuzz.c,v 1.1 2014/04/30 05:32:00 djm Exp $ */
+/* 	$OpenBSD: test_sshbuf_fuzz.c,v 1.2 2018/10/17 23:28:05 djm Exp $ */
 /*
  * Regress test for sshbuf.h buffer API
  *
@@ -30,9 +30,14 @@
 {
 	struct sshbuf *p1;
 	u_char *dp;
-	size_t sz, sz2, i;
+	size_t sz, sz2, i, ntests = NUM_FUZZ_TESTS;
 	u_int32_t r;
 	int ret;
+
+	if (test_is_fast())
+		ntests >>= 2;
+	if (test_is_slow())
+		ntests <<= 2;
 
 	/* NB. uses sshbuf internals */
 	TEST_START("fuzz alloc/dealloc");
Index: regress/unittests/sshbuf/test_sshbuf_getput_basic.c
===================================================================
--- regress/unittests/sshbuf/test_sshbuf_getput_basic.c
+++ regress/unittests/sshbuf/test_sshbuf_getput_basic.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_sshbuf_getput_basic.c,v 1.1 2014/04/30 05:32:00 djm Exp $ */
+/* 	$OpenBSD: test_sshbuf_getput_basic.c,v 1.2 2019/07/14 23:33:19 djm Exp $ */
 /*
  * Regress test for sshbuf.h buffer API
  *
@@ -479,6 +479,235 @@
 	ASSERT_INT_EQ(sshbuf_put_bignum2_bytes(p1, bn3, sizeof(bn3)), 0);
 	ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(bn_exp3));
 	ASSERT_MEM_EQ(sshbuf_ptr(p1), bn_exp3, sizeof(bn_exp3));
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_peek_u64");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_put(p1, x, sizeof(x)), 0);
+	ASSERT_INT_EQ(sshbuf_peek_u64(p1, 0, &v64), 0);
+	ASSERT_U64_EQ(v64, 0x1122334455667788ULL);
+	ASSERT_INT_EQ(sshbuf_peek_u64(p1, 2, &v64), 0);
+	ASSERT_U64_EQ(v64, 0x3344556677880099ULL);
+	ASSERT_INT_EQ(sshbuf_peek_u64(p1, 3, &v64), SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_peek_u64(p1, sizeof(x), &v64),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_peek_u64(p1, 1000, &v64),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_peek_u32");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_put(p1, x, sizeof(x)), 0);
+	ASSERT_INT_EQ(sshbuf_peek_u32(p1, 0, &v32), 0);
+	ASSERT_U32_EQ(v32, 0x11223344);
+	ASSERT_INT_EQ(sshbuf_peek_u32(p1, 6, &v32), 0);
+	ASSERT_U32_EQ(v32, 0x77880099);
+	ASSERT_INT_EQ(sshbuf_peek_u32(p1, 7, &v32), SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_peek_u32(p1, sizeof(x), &v32),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_peek_u32(p1, 1000, &v32),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_peek_u16");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_put(p1, x, sizeof(x)), 0);
+	ASSERT_INT_EQ(sshbuf_peek_u16(p1, 0, &v16), 0);
+	ASSERT_U16_EQ(v16, 0x1122);
+	ASSERT_INT_EQ(sshbuf_peek_u16(p1, 8, &v16), 0);
+	ASSERT_U16_EQ(v16, 0x99);
+	ASSERT_INT_EQ(sshbuf_peek_u16(p1, 9, &v16), SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_peek_u16(p1, sizeof(x), &v16),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_peek_u16(p1, 1000, &v16),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_peek_u8");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_put(p1, x, sizeof(x)), 0);
+	ASSERT_INT_EQ(sshbuf_peek_u8(p1, 0, &v8), 0);
+	ASSERT_U8_EQ(v8, 0x11);
+	ASSERT_INT_EQ(sshbuf_peek_u8(p1, 9, &v8), 0);
+	ASSERT_U8_EQ(v8, 0x99);
+	ASSERT_INT_EQ(sshbuf_peek_u8(p1, sizeof(x), &v8),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_peek_u8(p1, 1000, &v8),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_poke_u64");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke at start of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u64(p1, 0, 0xa1b2c3d4e5f60718ULL), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "a1b2c3d4e5f607180000");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke aligned with end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u64(p1, 2, 0xa1b2c3d4e5f60718ULL), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "0000a1b2c3d4e5f60718");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke past end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u64(p1, 3, 0xa1b2c3d4e5f60718ULL),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	ASSERT_INT_EQ(sshbuf_poke_u64(p1, 10, 0xa1b2c3d4e5f60718ULL),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	ASSERT_INT_EQ(sshbuf_poke_u64(p1, 1000, 0xa1b2c3d4e5f60718ULL),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	/* ensure failed pokes do not modify buffer */
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "00000000000000000000");
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_poke_u32");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke at start of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u32(p1, 0, 0xa1b2c3d4), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "a1b2c3d4000000000000");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke aligned with end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u32(p1, 6, 0xa1b2c3d4), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "000000000000a1b2c3d4");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke past end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u32(p1, 7, 0xa1b2c3d4),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	ASSERT_INT_EQ(sshbuf_poke_u32(p1, 10, 0xa1b2c3d4),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	ASSERT_INT_EQ(sshbuf_poke_u32(p1, 1000, 0xa1b2c3d4),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	/* ensure failed pokes do not modify buffer */
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "00000000000000000000");
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_poke_u16");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke at start of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u16(p1, 0, 0xa1b2), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "a1b20000000000000000");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke aligned with end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u16(p1, 8, 0xa1b2), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "0000000000000000a1b2");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke past end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u16(p1, 9, 0xa1b2),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	ASSERT_INT_EQ(sshbuf_poke_u16(p1, 10, 0xa1b2),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	ASSERT_INT_EQ(sshbuf_poke_u16(p1, 1000, 0xa1b2),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	/* ensure failed pokes do not modify buffer */
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "00000000000000000000");
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_poke_u8");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke at start of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u8(p1, 0, 0xa1), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "a1000000000000000000");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke aligned with end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u8(p1, 9, 0xa1), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "000000000000000000a1");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke past end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke_u8(p1, 10, 0xa1), SSH_ERR_NO_BUFFER_SPACE);
+	ASSERT_INT_EQ(sshbuf_poke_u8(p1, 1000, 0xa1), SSH_ERR_NO_BUFFER_SPACE);
+	/* ensure failed pokes do not modify buffer */
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "00000000000000000000");
+	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_poke");
+	p1 = sshbuf_new();
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke at start of buffer */
+	ASSERT_INT_EQ(sshbuf_poke(p1, 0, "hello!", 6), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "68656c6c6f2100000000");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke aligned with end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke(p1, 4, "hello!", 6), 0);
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "0000000068656c6c6f21");
+	free(s2);
+	sshbuf_reset(p1);
+	ASSERT_INT_EQ(sshbuf_reserve(p1, 10, NULL), 0);
+	/* poke past end of buffer */
+	ASSERT_INT_EQ(sshbuf_poke(p1, 7, "hello!", 6),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	ASSERT_INT_EQ(sshbuf_poke(p1, 10, "hello!", 6),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	ASSERT_INT_EQ(sshbuf_poke(p1, 1000, "hello!", 6),
+	    SSH_ERR_NO_BUFFER_SPACE);
+	/* ensure failed pokes do not modify buffer */
+	s2 = sshbuf_dtob16(p1);
+	ASSERT_PTR_NE(s2, NULL);
+	ASSERT_STRING_EQ(s2, "00000000000000000000");
 	sshbuf_free(p1);
 	TEST_DONE();
 }
Index: regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
===================================================================
--- regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
+++ regress/unittests/sshbuf/test_sshbuf_getput_crypto.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_sshbuf_getput_crypto.c,v 1.1 2014/04/30 05:32:00 djm Exp $ */
+/* 	$OpenBSD: test_sshbuf_getput_crypto.c,v 1.2 2019/01/21 12:29:35 djm Exp $ */
 /*
  * Regress test for sshbuf.h buffer API
  *
@@ -7,6 +7,8 @@
 
 #include "includes.h"
 
+#ifdef WITH_OPENSSL
+
 #include <sys/types.h>
 #include <sys/param.h>
 #include <stdio.h>
@@ -33,7 +35,6 @@
 {
 	struct sshbuf *p1;
 	BIGNUM *bn, *bn2;
-	/* This one has num_bits != num_bytes * 8 to test bignum1 encoding */
 	const char *hexbn1 = "0102030405060708090a0b0c0d0e0f10";
 	/* This one has MSB set to test bignum2 encoding negative-avoidance */
 	const char *hexbn2 = "f0e0d0c0b0a0908070605040302010007fff11";
@@ -77,54 +78,6 @@
 		ASSERT_INT_GT(BN_hex2bn(&bnn, b), 0); \
 	} while (0)
 
-	TEST_START("sshbuf_put_bignum1");
-	MKBN(hexbn1, bn);
-	p1 = sshbuf_new();
-	ASSERT_PTR_NE(p1, NULL);
-	ASSERT_INT_EQ(sshbuf_put_bignum1(p1, bn), 0);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn1) + 2);
-	ASSERT_U16_EQ(PEEK_U16(sshbuf_ptr(p1)), (u_int16_t)BN_num_bits(bn));
-	ASSERT_MEM_EQ(sshbuf_ptr(p1) + 2, expbn1, sizeof(expbn1));
-	BN_free(bn);
-	sshbuf_free(p1);
-	TEST_DONE();
-
-	TEST_START("sshbuf_put_bignum1 limited");
-	MKBN(hexbn1, bn);
-	p1 = sshbuf_new();
-	ASSERT_PTR_NE(p1, NULL);
-	ASSERT_INT_EQ(sshbuf_set_max_size(p1, sizeof(expbn1) + 1), 0);
-	r = sshbuf_put_bignum1(p1, bn);
-	ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
-	BN_free(bn);
-	sshbuf_free(p1);
-	TEST_DONE();
-
-	TEST_START("sshbuf_put_bignum1 bn2");
-	MKBN(hexbn2, bn);
-	p1 = sshbuf_new();
-	ASSERT_PTR_NE(p1, NULL);
-	ASSERT_INT_EQ(sshbuf_put_bignum1(p1, bn), 0);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn2) + 2);
-	ASSERT_U16_EQ(PEEK_U16(sshbuf_ptr(p1)), (u_int16_t)BN_num_bits(bn));
-	ASSERT_MEM_EQ(sshbuf_ptr(p1) + 2, expbn2, sizeof(expbn2));
-	BN_free(bn);
-	sshbuf_free(p1);
-	TEST_DONE();
-
-	TEST_START("sshbuf_put_bignum1 bn2 limited");
-	MKBN(hexbn2, bn);
-	p1 = sshbuf_new();
-	ASSERT_PTR_NE(p1, NULL);
-	ASSERT_INT_EQ(sshbuf_set_max_size(p1, sizeof(expbn1) + 1), 0);
-	r = sshbuf_put_bignum1(p1, bn);
-	ASSERT_INT_EQ(r, SSH_ERR_NO_BUFFER_SPACE);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 0);
-	BN_free(bn);
-	sshbuf_free(p1);
-	TEST_DONE();
-
 	TEST_START("sshbuf_put_bignum2");
 	MKBN(hexbn1, bn);
 	p1 = sshbuf_new();
@@ -174,88 +127,6 @@
 	sshbuf_free(p1);
 	TEST_DONE();
 
-	TEST_START("sshbuf_get_bignum1");
-	MKBN(hexbn1, bn);
-	p1 = sshbuf_new();
-	ASSERT_PTR_NE(p1, NULL);
-	ASSERT_INT_EQ(sshbuf_put_u16(p1, BN_num_bits(bn)), 0);
-	ASSERT_INT_EQ(sshbuf_put(p1, expbn1, sizeof(expbn1)), 0);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn1));
-	ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xd00f), 0);
-	bn2 = BN_new();
-	ASSERT_INT_EQ(sshbuf_get_bignum1(p1, bn2), 0);
-	ASSERT_BIGNUM_EQ(bn, bn2);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2);
-	BN_free(bn);
-	BN_free(bn2);
-	sshbuf_free(p1);
-	TEST_DONE();
-
-	TEST_START("sshbuf_get_bignum1 truncated");
-	MKBN(hexbn1, bn);
-	p1 = sshbuf_new();
-	ASSERT_PTR_NE(p1, NULL);
-	ASSERT_INT_EQ(sshbuf_put_u16(p1, BN_num_bits(bn)), 0);
-	ASSERT_INT_EQ(sshbuf_put(p1, expbn1, sizeof(expbn1) - 1), 0);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn1) - 1);
-	bn2 = BN_new();
-	r = sshbuf_get_bignum1(p1, bn2);
-	ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn1) - 1);
-	BN_free(bn);
-	BN_free(bn2);
-	sshbuf_free(p1);
-	TEST_DONE();
-
-	TEST_START("sshbuf_get_bignum1 giant");
-	MKBN(hexbn1, bn);
-	p1 = sshbuf_new();
-	ASSERT_PTR_NE(p1, NULL);
-	ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xffff), 0);
-	ASSERT_INT_EQ(sshbuf_reserve(p1, (0xffff + 7) / 8, NULL), 0);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + ((0xffff + 7) / 8));
-	bn2 = BN_new();
-	r = sshbuf_get_bignum1(p1, bn2);
-	ASSERT_INT_EQ(r, SSH_ERR_BIGNUM_TOO_LARGE);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + ((0xffff + 7) / 8));
-	BN_free(bn);
-	BN_free(bn2);
-	sshbuf_free(p1);
-	TEST_DONE();
-
-	TEST_START("sshbuf_get_bignum1 bn2");
-	MKBN(hexbn2, bn);
-	p1 = sshbuf_new();
-	ASSERT_PTR_NE(p1, NULL);
-	ASSERT_INT_EQ(sshbuf_put_u16(p1, BN_num_bits(bn)), 0);
-	ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2)), 0);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn2));
-	ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xd00f), 0);
-	bn2 = BN_new();
-	ASSERT_INT_EQ(sshbuf_get_bignum1(p1, bn2), 0);
-	ASSERT_BIGNUM_EQ(bn, bn2);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2);
-	BN_free(bn);
-	BN_free(bn2);
-	sshbuf_free(p1);
-	TEST_DONE();
-
-	TEST_START("sshbuf_get_bignum1 bn2 truncated");
-	MKBN(hexbn2, bn);
-	p1 = sshbuf_new();
-	ASSERT_PTR_NE(p1, NULL);
-	ASSERT_INT_EQ(sshbuf_put_u16(p1, BN_num_bits(bn)), 0);
-	ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2) - 1), 0);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn2) - 1);
-	bn2 = BN_new();
-	r = sshbuf_get_bignum1(p1, bn2);
-	ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
-	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2 + sizeof(expbn2) - 1);
-	BN_free(bn);
-	BN_free(bn2);
-	sshbuf_free(p1);
-	TEST_DONE();
-
 	TEST_START("sshbuf_get_bignum2");
 	MKBN(hexbn1, bn);
 	p1 = sshbuf_new();
@@ -264,8 +135,8 @@
 	ASSERT_INT_EQ(sshbuf_put(p1, expbn1, sizeof(expbn1)), 0);
 	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4 + sizeof(expbn1));
 	ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xd00f), 0);
-	bn2 = BN_new();
-	ASSERT_INT_EQ(sshbuf_get_bignum2(p1, bn2), 0);
+	bn2 = NULL;
+	ASSERT_INT_EQ(sshbuf_get_bignum2(p1, &bn2), 0);
 	ASSERT_BIGNUM_EQ(bn, bn2);
 	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2);
 	BN_free(bn);
@@ -279,8 +150,8 @@
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_put_u32(p1, BN_num_bytes(bn)), 0);
 	ASSERT_INT_EQ(sshbuf_put(p1, expbn1, sizeof(expbn1) - 1), 0);
-	bn2 = BN_new();
-	r = sshbuf_get_bignum2(p1, bn2);
+	bn2 = NULL;
+	r = sshbuf_get_bignum2(p1, &bn2);
 	ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
 	ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn1) + 3);
 	BN_free(bn);
@@ -294,8 +165,8 @@
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_put_u32(p1, 65536), 0);
 	ASSERT_INT_EQ(sshbuf_reserve(p1, 65536, NULL), 0);
-	bn2 = BN_new();
-	r = sshbuf_get_bignum2(p1, bn2);
+	bn2 = NULL;
+	r = sshbuf_get_bignum2(p1, &bn2);
 	ASSERT_INT_EQ(r, SSH_ERR_BIGNUM_TOO_LARGE);
 	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 65536 + 4);
 	BN_free(bn);
@@ -312,8 +183,8 @@
 	ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2)), 0);
 	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 4 + 1 + sizeof(expbn2));
 	ASSERT_INT_EQ(sshbuf_put_u16(p1, 0xd00f), 0);
-	bn2 = BN_new();
-	ASSERT_INT_EQ(sshbuf_get_bignum2(p1, bn2), 0);
+	bn2 = NULL;
+	ASSERT_INT_EQ(sshbuf_get_bignum2(p1, &bn2), 0);
 	ASSERT_BIGNUM_EQ(bn, bn2);
 	ASSERT_SIZE_T_EQ(sshbuf_len(p1), 2);
 	BN_free(bn);
@@ -328,8 +199,8 @@
 	ASSERT_INT_EQ(sshbuf_put_u32(p1, BN_num_bytes(bn) + 1), 0);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x00), 0);
 	ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2) - 1), 0);
-	bn2 = BN_new();
-	r = sshbuf_get_bignum2(p1, bn2);
+	bn2 = NULL;
+	r = sshbuf_get_bignum2(p1, &bn2);
 	ASSERT_INT_EQ(r, SSH_ERR_MESSAGE_INCOMPLETE);
 	ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn2) + 1 + 4 - 1);
 	BN_free(bn);
@@ -343,8 +214,8 @@
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_put_u32(p1, BN_num_bytes(bn)), 0);
 	ASSERT_INT_EQ(sshbuf_put(p1, expbn2, sizeof(expbn2)), 0);
-	bn2 = BN_new();
-	r = sshbuf_get_bignum2(p1, bn2);
+	bn2 = NULL;
+	r = sshbuf_get_bignum2(p1, &bn2);
 	ASSERT_INT_EQ(r, SSH_ERR_BIGNUM_IS_NEGATIVE);
 	ASSERT_SIZE_T_EQ(sshbuf_len(p1), sizeof(expbn2) + 4);
 	BN_free(bn);
@@ -407,3 +278,4 @@
 #endif
 }
 
+#endif /* WITH_OPENSSL */
Index: regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
===================================================================
--- regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
+++ regress/unittests/sshbuf/test_sshbuf_getput_fuzz.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_sshbuf_getput_fuzz.c,v 1.2 2014/05/02 02:54:00 djm Exp $ */
+/* 	$OpenBSD: test_sshbuf_getput_fuzz.c,v 1.4 2019/01/21 12:29:35 djm Exp $ */
 /*
  * Regress test for sshbuf.h buffer API
  *
@@ -32,10 +32,12 @@
 attempt_parse_blob(u_char *blob, size_t len)
 {
 	struct sshbuf *p1;
+#ifdef WITH_OPENSSL
 	BIGNUM *bn;
 #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
 	EC_KEY *eck;
-#endif
+#endif /* defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) */
+#endif /* WITH_OPENSSL */
 	u_char *s;
 	size_t l;
 	u_int8_t u8;
@@ -54,18 +56,17 @@
 		bzero(s, l);
 		free(s);
 	}
-	bn = BN_new();
-	sshbuf_get_bignum1(p1, bn);
+#ifdef WITH_OPENSSL
+	bn = NULL;
+	sshbuf_get_bignum2(p1, &bn);
 	BN_clear_free(bn);
-	bn = BN_new();
-	sshbuf_get_bignum2(p1, bn);
-	BN_clear_free(bn);
 #if defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256)
 	eck = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
 	ASSERT_PTR_NE(eck, NULL);
 	sshbuf_get_eckey(p1, eck);
 	EC_KEY_free(eck);
-#endif
+#endif /* defined(OPENSSL_HAS_ECC) && defined(OPENSSL_HAS_NISTP256) */
+#endif /* WITH_OPENSSL */
 	sshbuf_free(p1);
 }
 
@@ -92,10 +93,6 @@
 		/* string */
 		0x00, 0x00, 0x00, 0x09,
 		'O', ' ', 'G', 'o', 'r', 'g', 'o', 'n', '!',
-		/* bignum1 */
-		0x79,
-		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
-		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
 		/* bignum2 */
 		0x00, 0x00, 0x00, 0x14,
 		0x00,
@@ -115,11 +112,15 @@
 		0x55, 0x0f, 0x69, 0xd8, 0x0e, 0xc2, 0x3c, 0xd4,
 	};
 	struct fuzz *fuzz;
+	u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_2_BIT_FLIP |
+	    FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
+	    FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END;
 
+	if (test_is_fast())
+		fuzzers &= ~(FUZZ_2_BYTE_FLIP|FUZZ_2_BIT_FLIP);
+
 	TEST_START("fuzz blob parsing");
-	fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | FUZZ_2_BIT_FLIP |
-	    FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
-	    FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, blob, sizeof(blob));
+	fuzz = fuzz_begin(fuzzers, blob, sizeof(blob));
 	TEST_ONERROR(onerror, fuzz);
 	for(; !fuzz_done(fuzz); fuzz_next(fuzz))
 		attempt_parse_blob(blob, sizeof(blob));
Index: regress/unittests/sshbuf/test_sshbuf_misc.c
===================================================================
--- regress/unittests/sshbuf/test_sshbuf_misc.c
+++ regress/unittests/sshbuf/test_sshbuf_misc.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_sshbuf_misc.c,v 1.2 2016/05/03 13:48:33 djm Exp $ */
+/* 	$OpenBSD: test_sshbuf_misc.c,v 1.4 2019/07/16 22:16:49 djm Exp $ */
 /*
  * Regress test for sshbuf.h buffer API
  *
@@ -19,6 +19,7 @@
 #include "../test_helper/test_helper.h"
 
 #include "sshbuf.h"
+#include "ssherr.h"
 
 void sshbuf_misc_tests(void);
 
@@ -26,7 +27,7 @@
 sshbuf_misc_tests(void)
 {
 	struct sshbuf *p1;
-	char tmp[512], *p;
+	char tmp[512], msg[] = "imploring ping silence ping over", *p;
 	FILE *out;
 	size_t sz;
 
@@ -60,48 +61,48 @@
 	sshbuf_free(p1);
 	TEST_DONE();
 
-	TEST_START("sshbuf_dtob64 len 1");
+	TEST_START("sshbuf_dtob64_string len 1");
 	p1 = sshbuf_new();
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x11), 0);
-	p = sshbuf_dtob64(p1);
+	p = sshbuf_dtob64_string(p1, 0);
 	ASSERT_PTR_NE(p, NULL);
 	ASSERT_STRING_EQ(p, "EQ==");
 	free(p);
 	sshbuf_free(p1);
 	TEST_DONE();
 
-	TEST_START("sshbuf_dtob64 len 2");
+	TEST_START("sshbuf_dtob64_string len 2");
 	p1 = sshbuf_new();
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x11), 0);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x22), 0);
-	p = sshbuf_dtob64(p1);
+	p = sshbuf_dtob64_string(p1, 0);
 	ASSERT_PTR_NE(p, NULL);
 	ASSERT_STRING_EQ(p, "ESI=");
 	free(p);
 	sshbuf_free(p1);
 	TEST_DONE();
 
-	TEST_START("sshbuf_dtob64 len 3");
+	TEST_START("sshbuf_dtob64_string len 3");
 	p1 = sshbuf_new();
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x11), 0);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x22), 0);
 	ASSERT_INT_EQ(sshbuf_put_u8(p1, 0x33), 0);
-	p = sshbuf_dtob64(p1);
+	p = sshbuf_dtob64_string(p1, 0);
 	ASSERT_PTR_NE(p, NULL);
 	ASSERT_STRING_EQ(p, "ESIz");
 	free(p);
 	sshbuf_free(p1);
 	TEST_DONE();
 
-	TEST_START("sshbuf_dtob64 len 8191");
+	TEST_START("sshbuf_dtob64_string len 8191");
 	p1 = sshbuf_new();
 	ASSERT_PTR_NE(p1, NULL);
 	ASSERT_INT_EQ(sshbuf_reserve(p1, 8192, NULL), 0);
 	bzero(sshbuf_mutable_ptr(p1), 8192);
-	p = sshbuf_dtob64(p1);
+	p = sshbuf_dtob64_string(p1, 0);
 	ASSERT_PTR_NE(p, NULL);
 	ASSERT_SIZE_T_EQ(strlen(p), ((8191 + 2) / 3) * 4);
 	free(p);
@@ -162,6 +163,56 @@
 	p = sshbuf_dup_string(p1);
 	ASSERT_PTR_EQ(p, NULL);
 	sshbuf_free(p1);
+	TEST_DONE();
+
+	TEST_START("sshbuf_cmp");
+	p1 = sshbuf_from(msg, sizeof(msg) - 1);
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, "i", 1), 0);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, "j", 1), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, "imploring", 9), 0);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, "implored", 9), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 10, "ping", 4), 0);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 10, "ring", 4), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 28, "over", 4), 0);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 28, "rove", 4), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 28, "overt", 5),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 32, "ping", 4),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 1000, "silence", 7),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_cmp(p1, 0, msg, sizeof(msg) - 1), 0);
+	TEST_DONE();
+
+	TEST_START("sshbuf_find");
+	p1 = sshbuf_from(msg, sizeof(msg) - 1);
+	ASSERT_PTR_NE(p1, NULL);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, "i", 1, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 0);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, "j", 1, &sz), SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, "imploring", 9, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 0);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, "implored", 9, &sz),
+	    SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_find(p1, 3, "ping", 4, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 10);
+	ASSERT_INT_EQ(sshbuf_find(p1, 11, "ping", 4, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 23);
+	ASSERT_INT_EQ(sshbuf_find(p1, 20, "over", 4, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 28);
+	ASSERT_INT_EQ(sshbuf_find(p1, 28, "over", 4, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 28);
+	ASSERT_INT_EQ(sshbuf_find(p1, 28, "rove", 4, &sz),
+	    SSH_ERR_INVALID_FORMAT);
+	ASSERT_INT_EQ(sshbuf_find(p1, 28, "overt", 5, &sz),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_find(p1, 32, "ping", 4, &sz),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_find(p1, 1000, "silence", 7, &sz),
+	    SSH_ERR_MESSAGE_INCOMPLETE);
+	ASSERT_INT_EQ(sshbuf_find(p1, 0, msg + 1, sizeof(msg) - 2, &sz), 0);
+	ASSERT_SIZE_T_EQ(sz, 1);
 	TEST_DONE();
 }
 
Index: regress/unittests/sshbuf/tests.c
===================================================================
--- regress/unittests/sshbuf/tests.c
+++ regress/unittests/sshbuf/tests.c
@@ -20,7 +20,9 @@
 {
 	sshbuf_tests();
 	sshbuf_getput_basic_tests();
+#ifdef WITH_OPENSSL
 	sshbuf_getput_crypto_tests();
+#endif
 	sshbuf_misc_tests();
 	sshbuf_fuzz_tests();
 	sshbuf_getput_fuzz_tests();
Index: regress/unittests/sshkey/Makefile
===================================================================
--- regress/unittests/sshkey/Makefile
+++ regress/unittests/sshkey/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.5 2017/12/21 00:41:22 djm Exp $
+#	$OpenBSD: Makefile,v 1.6 2018/10/17 23:28:05 djm Exp $
 
 PROG=test_sshkey
 SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c
@@ -18,7 +18,7 @@
 REGRESS_TARGETS=run-regress-${PROG}
 
 run-regress-${PROG}: ${PROG}
-	env ${TEST_ENV} ./${PROG} -d ${.CURDIR}/testdata
+	env ${TEST_ENV} ./${PROG} ${UNITTEST_ARGS} -d ${.CURDIR}/testdata
 
 .include <bsd.regress.mk>
 
Index: regress/unittests/sshkey/common.c
===================================================================
--- regress/unittests/sshkey/common.c
+++ regress/unittests/sshkey/common.c
@@ -19,13 +19,15 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 #include <openssl/objects.h>
 #ifdef OPENSSL_HAS_NISTP256
 # include <openssl/ec.h>
-#endif
+#endif /* OPENSSL_HAS_NISTP256 */
+#endif /* WITH_OPENSSL */
 
 #include "openbsd-compat/openssl-compat.h"
 
@@ -72,6 +74,7 @@
 	return ret;
 }
 
+#ifdef WITH_OPENSSL
 BIGNUM *
 load_bignum(const char *name)
 {
@@ -160,4 +163,5 @@
 	DSA_get0_key(k->dsa, NULL, &priv_key);
 	return priv_key;
 }
+#endif /* WITH_OPENSSL */
 
Index: regress/unittests/sshkey/test_file.c
===================================================================
--- regress/unittests/sshkey/test_file.c
+++ regress/unittests/sshkey/test_file.c
@@ -19,13 +19,15 @@
 #include <string.h>
 #include <unistd.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
 #include <openssl/objects.h>
 #ifdef OPENSSL_HAS_NISTP256
 # include <openssl/ec.h>
-#endif
+#endif /* OPENSSL_HAS_NISTP256 */
+#endif /* WITH_OPENSSL */
 
 #include "../test_helper/test_helper.h"
 
@@ -44,7 +46,9 @@
 {
 	struct sshkey *k1, *k2;
 	struct sshbuf *buf, *pw;
+#ifdef WITH_OPENSSL
 	BIGNUM *a, *b, *c;
+#endif
 	char *cp;
 
 	TEST_START("load passphrase");
@@ -52,6 +56,7 @@
 	TEST_DONE();
 
 
+#ifdef WITH_OPENSSL
 	TEST_START("parse RSA from private");
 	buf = load_file("rsa_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
@@ -350,6 +355,7 @@
 
 	sshkey_free(k1);
 #endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("parse Ed25519 from private");
 	buf = load_file("ed25519_1");
Index: regress/unittests/sshkey/test_fuzz.c
===================================================================
--- regress/unittests/sshkey/test_fuzz.c
+++ regress/unittests/sshkey/test_fuzz.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_fuzz.c,v 1.8 2017/12/21 00:41:22 djm Exp $ */
+/* 	$OpenBSD: test_fuzz.c,v 1.9 2018/10/17 23:28:05 djm Exp $ */
 /*
  * Fuzz tests for key parsing
  *
@@ -51,14 +51,16 @@
 	struct sshkey *k1;
 	struct sshbuf *buf;
 	struct fuzz *fuzz;
+	u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP |
+	    FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END;
 
+	if (test_is_fast())
+		fuzzers &= ~FUZZ_1_BIT_FLIP;
+	if (test_is_slow())
+		fuzzers |= FUZZ_2_BIT_FLIP | FUZZ_2_BYTE_FLIP;
 	ASSERT_PTR_NE(buf = sshbuf_new(), NULL);
 	ASSERT_INT_EQ(sshkey_putb(k, buf), 0);
-	/* XXX need a way to run the tests in "slow, but complete" mode */
-	fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* XXX too slow FUZZ_2_BIT_FLIP | */
-	    FUZZ_1_BYTE_FLIP | /* XXX too slow FUZZ_2_BYTE_FLIP | */
-	    FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END,
-	    sshbuf_mutable_ptr(buf), sshbuf_len(buf));
+	fuzz = fuzz_begin(fuzzers, sshbuf_mutable_ptr(buf), sshbuf_len(buf));
 	ASSERT_INT_EQ(sshkey_from_blob(sshbuf_ptr(buf), sshbuf_len(buf),
 	    &k1), 0);
 	sshkey_free(k1);
@@ -77,12 +79,17 @@
 	struct fuzz *fuzz;
 	u_char *sig, c[] = "some junk to be signed";
 	size_t l;
+	u_int fuzzers = FUZZ_1_BIT_FLIP | FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
+	    FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END;
 
+	if (test_is_fast())
+		fuzzers &= ~FUZZ_2_BYTE_FLIP;
+	if (test_is_slow())
+		fuzzers |= FUZZ_2_BIT_FLIP;
+
 	ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c), sig_alg, 0), 0);
 	ASSERT_SIZE_T_GT(l, 0);
-	fuzz = fuzz_begin(FUZZ_1_BIT_FLIP | /* too slow FUZZ_2_BIT_FLIP | */
-	    FUZZ_1_BYTE_FLIP | FUZZ_2_BYTE_FLIP |
-	    FUZZ_TRUNCATE_START | FUZZ_TRUNCATE_END, sig, l);
+	fuzz = fuzz_begin(fuzzers, sig, l);
 	ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0), 0);
 	free(sig);
 	TEST_ONERROR(onerror, fuzz);
@@ -96,15 +103,17 @@
 	fuzz_cleanup(fuzz);
 }
 
+#define NUM_FAST_BASE64_TESTS	1024
+
 void
 sshkey_fuzz_tests(void)
 {
 	struct sshkey *k1;
 	struct sshbuf *buf, *fuzzed;
 	struct fuzz *fuzz;
-	int r;
+	int r, i;
 
-
+#ifdef WITH_OPENSSL
 	TEST_START("fuzz RSA private");
 	buf = load_file("rsa_1");
 	fuzz = fuzz_begin(FUZZ_BASE64, sshbuf_mutable_ptr(buf),
@@ -114,12 +123,14 @@
 	sshbuf_free(buf);
 	ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
 	TEST_ONERROR(onerror, fuzz);
-	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
+	for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
 		r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
 		ASSERT_INT_EQ(r, 0);
 		if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
 			sshkey_free(k1);
 		sshbuf_reset(fuzzed);
+		if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
+			break;
 	}
 	sshbuf_free(fuzzed);
 	fuzz_cleanup(fuzz);
@@ -134,12 +145,14 @@
 	sshbuf_free(buf);
 	ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
 	TEST_ONERROR(onerror, fuzz);
-	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
+	for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
 		r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
 		ASSERT_INT_EQ(r, 0);
 		if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
 			sshkey_free(k1);
 		sshbuf_reset(fuzzed);
+		if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
+			break;
 	}
 	sshbuf_free(fuzzed);
 	fuzz_cleanup(fuzz);
@@ -154,12 +167,14 @@
 	sshbuf_free(buf);
 	ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
 	TEST_ONERROR(onerror, fuzz);
-	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
+	for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
 		r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
 		ASSERT_INT_EQ(r, 0);
 		if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
 			sshkey_free(k1);
 		sshbuf_reset(fuzzed);
+		if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
+			break;
 	}
 	sshbuf_free(fuzzed);
 	fuzz_cleanup(fuzz);
@@ -174,12 +189,14 @@
 	sshbuf_free(buf);
 	ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
 	TEST_ONERROR(onerror, fuzz);
-	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
+	for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
 		r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
 		ASSERT_INT_EQ(r, 0);
 		if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
 			sshkey_free(k1);
 		sshbuf_reset(fuzzed);
+		if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
+			break;
 	}
 	sshbuf_free(fuzzed);
 	fuzz_cleanup(fuzz);
@@ -195,12 +212,14 @@
 	sshbuf_free(buf);
 	ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
 	TEST_ONERROR(onerror, fuzz);
-	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
+	for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
 		r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
 		ASSERT_INT_EQ(r, 0);
 		if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
 			sshkey_free(k1);
 		sshbuf_reset(fuzzed);
+		if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
+			break;
 	}
 	sshbuf_free(fuzzed);
 	fuzz_cleanup(fuzz);
@@ -215,17 +234,20 @@
 	sshbuf_free(buf);
 	ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
 	TEST_ONERROR(onerror, fuzz);
-	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
+	for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
 		r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
 		ASSERT_INT_EQ(r, 0);
 		if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
 			sshkey_free(k1);
 		sshbuf_reset(fuzzed);
+		if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
+			break;
 	}
 	sshbuf_free(fuzzed);
 	fuzz_cleanup(fuzz);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("fuzz Ed25519 private");
 	buf = load_file("ed25519_1");
@@ -236,17 +258,20 @@
 	sshbuf_free(buf);
 	ASSERT_PTR_NE(fuzzed = sshbuf_new(), NULL);
 	TEST_ONERROR(onerror, fuzz);
-	for(; !fuzz_done(fuzz); fuzz_next(fuzz)) {
+	for(i = 0; !fuzz_done(fuzz); i++, fuzz_next(fuzz)) {
 		r = sshbuf_put(fuzzed, fuzz_ptr(fuzz), fuzz_len(fuzz));
 		ASSERT_INT_EQ(r, 0);
 		if (sshkey_parse_private_fileblob(fuzzed, "", &k1, NULL) == 0)
 			sshkey_free(k1);
 		sshbuf_reset(fuzzed);
+		if (test_is_fast() && i >= NUM_FAST_BASE64_TESTS)
+			break;
 	}
 	sshbuf_free(fuzzed);
 	fuzz_cleanup(fuzz);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("fuzz RSA public");
 	buf = load_file("rsa_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
@@ -289,7 +314,8 @@
 	public_fuzz(k1);
 	sshkey_free(k1);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("fuzz Ed25519 public");
 	buf = load_file("ed25519_1");
@@ -305,6 +331,7 @@
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("fuzz RSA sig");
 	buf = load_file("rsa_1");
 	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
@@ -345,7 +372,8 @@
 	sig_fuzz(k1, NULL);
 	sshkey_free(k1);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("fuzz Ed25519 sig");
 	buf = load_file("ed25519_1");
@@ -356,5 +384,6 @@
 	TEST_DONE();
 
 /* XXX fuzz decoded new-format blobs too */
+/* XXX fuzz XMSS too */
 
 }
Index: regress/unittests/sshkey/test_sshkey.c
===================================================================
--- regress/unittests/sshkey/test_sshkey.c
+++ regress/unittests/sshkey/test_sshkey.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_sshkey.c,v 1.17 2018/09/13 09:03:20 djm Exp $ */
+/* 	$OpenBSD: test_sshkey.c,v 1.18 2019/06/21 04:21:45 djm Exp $ */
 /*
  * Regress test for sshkey.h key management API
  *
@@ -50,9 +50,10 @@
 	sshbuf_free(sect);
 }
 
+#ifdef WITH_OPENSSL
 static void
-build_cert(struct sshbuf *b, const struct sshkey *k, const char *type,
-    const struct sshkey *sign_key, const struct sshkey *ca_key,
+build_cert(struct sshbuf *b, struct sshkey *k, const char *type,
+    struct sshkey *sign_key, struct sshkey *ca_key,
     const char *sig_alg)
 {
 	struct sshbuf *ca_buf, *pk, *principals, *critopts, *exts;
@@ -110,6 +111,7 @@
 	sshbuf_free(principals);
 	sshbuf_free(pk);
 }
+#endif /* WITH_OPENSSL */
 
 static void
 signature_test(struct sshkey *k, struct sshkey *bad, const char *sig_alg,
@@ -176,10 +178,13 @@
 void
 sshkey_tests(void)
 {
-	struct sshkey *k1, *k2, *k3, *k4, *kr, *kd, *kf;
+	struct sshkey *k1, *k2, *k3, *kf;
+#ifdef WITH_OPENSSL
+	struct sshkey *k4, *kr, *kd;
 #ifdef OPENSSL_HAS_ECC
 	struct sshkey *ke;
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 	struct sshbuf *b;
 
 	TEST_START("new invalid");
@@ -193,6 +198,7 @@
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("new/free KEY_RSA");
 	k1 = sshkey_new(KEY_RSA);
 	ASSERT_PTR_NE(k1, NULL);
@@ -281,7 +287,8 @@
 	ASSERT_PTR_NE(EC_KEY_get0_public_key(ke->ecdsa), NULL);
 	ASSERT_PTR_NE(EC_KEY_get0_private_key(ke->ecdsa), NULL);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("generate KEY_ED25519");
 	ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0);
@@ -291,6 +298,7 @@
 	ASSERT_PTR_NE(kf->ed25519_sk, NULL);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("demote KEY_RSA");
 	ASSERT_INT_EQ(sshkey_from_private(kr, &k1), 0);
 	ASSERT_PTR_NE(k1, NULL);
@@ -338,7 +346,8 @@
 	ASSERT_INT_EQ(sshkey_equal(ke, k1), 1);
 	sshkey_free(k1);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("demote KEY_ED25519");
 	ASSERT_INT_EQ(sshkey_from_private(kf, &k1), 0);
@@ -354,17 +363,20 @@
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("equal mismatched key types");
 	ASSERT_INT_EQ(sshkey_equal(kd, kr), 0);
 #ifdef OPENSSL_HAS_ECC
 	ASSERT_INT_EQ(sshkey_equal(kd, ke), 0);
 	ASSERT_INT_EQ(sshkey_equal(kr, ke), 0);
 	ASSERT_INT_EQ(sshkey_equal(ke, kf), 0);
-#endif
+#endif /* OPENSSL_HAS_ECC */
 	ASSERT_INT_EQ(sshkey_equal(kd, kf), 0);
 	TEST_DONE();
+#endif /* WITH_OPENSSL */
 
 	TEST_START("equal different keys");
+#ifdef WITH_OPENSSL
 	ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &k1), 0);
 	ASSERT_INT_EQ(sshkey_equal(kr, k1), 0);
 	sshkey_free(k1);
@@ -375,17 +387,20 @@
 	ASSERT_INT_EQ(sshkey_generate(KEY_ECDSA, 256, &k1), 0);
 	ASSERT_INT_EQ(sshkey_equal(ke, k1), 0);
 	sshkey_free(k1);
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 	ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &k1), 0);
 	ASSERT_INT_EQ(sshkey_equal(kf, k1), 0);
 	sshkey_free(k1);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	sshkey_free(kr);
 	sshkey_free(kd);
 #ifdef OPENSSL_HAS_ECC
 	sshkey_free(ke);
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 	sshkey_free(kf);
 
 	TEST_START("certify key");
@@ -434,6 +449,7 @@
 	sshbuf_reset(b);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("sign and verify RSA");
 	k1 = get_private("rsa_1");
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_2.pub"), &k2,
@@ -479,7 +495,8 @@
 	sshkey_free(k1);
 	sshkey_free(k2);
 	TEST_DONE();
-#endif
+#endif /* OPENSSL_HAS_ECC */
+#endif /* WITH_OPENSSL */
 
 	TEST_START("sign and verify ED25519");
 	k1 = get_private("ed25519_1");
@@ -490,6 +507,7 @@
 	sshkey_free(k2);
 	TEST_DONE();
 
+#ifdef WITH_OPENSSL
 	TEST_START("nested certificate");
 	ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k1), 0);
 	ASSERT_INT_EQ(sshkey_load_public(test_data_file("rsa_1.pub"), &k2,
@@ -504,5 +522,5 @@
 	sshkey_free(k3);
 	sshbuf_free(b);
 	TEST_DONE();
-
+#endif /* WITH_OPENSSL */
 }
Index: regress/unittests/sshkey/testdata/ed25519_1_pw
===================================================================
--- regress/unittests/sshkey/testdata/ed25519_1_pw
+++ regress/unittests/sshkey/testdata/ed25519_1_pw
@@ -1,8 +1,8 @@
 -----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jYmMAAAAGYmNyeXB0AAAAGAAAABCus+kaow
-AUjHphacvRp98dAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIFOG6kY7Rf4UtCFv
-PwKgo/BztXck2xC4a2WyA34XtIwZAAAAoJaqqgiYQuElraJAmYOm7Tb4nJ3eI4oj9mQ52M
-/Yd+ION2Ur1v8BDewpDX+LHEYgKHo3Mlmcn2UyF+QJ+7xUCW7QCtk/4szrJzw74DlEl6mH
-T8PT/f/av7PpECBD/YD3NoDlB9OWm/Q4sHcxfBEKfTGD7s2Onn71HgrdEOPqd4Sj/IQigR
-drfjtXEMlD32k9n3dd2eS9x7AHWYaGFEMkOcY=
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDKT56mBA
+tXIMsWqmuuA2gdAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIFOG6kY7Rf4UtCFv
+PwKgo/BztXck2xC4a2WyA34XtIwZAAAAoC13U47yfUOSZJePNUAwWXuFOk3aOKwPM5PMvK
+0zwRnMZZjgn+tsMAYPwhsT3Mx3h5QzvVGFyFEqsiK7j4vAotD+LVQeBN5TwWbUBx4lnoGs
+3iAfYVDakO/gNvVBDDGOqv5kdCc4cgn5HacjHQLKOAx6KzHe7JFn7uCywMdVVQjlpI6LHb
+mHkaKiVX/C2oiRnsoe17HZ8Fxyt3vd1qNM8BE=
 -----END OPENSSH PRIVATE KEY-----
Index: regress/unittests/sshkey/tests.c
===================================================================
--- regress/unittests/sshkey/tests.c
+++ regress/unittests/sshkey/tests.c
@@ -7,8 +7,6 @@
 
 #include "includes.h"
 
-#include <openssl/evp.h>
-
 #include "../test_helper/test_helper.h"
 
 void sshkey_tests(void);
@@ -18,9 +16,6 @@
 void
 tests(void)
 {
-	OpenSSL_add_all_algorithms();
-	ERR_load_CRYPTO_strings();
-
 	sshkey_tests();
 	sshkey_file_tests();
 	sshkey_fuzz_tests();
Index: regress/unittests/test_helper/test_helper.h
===================================================================
--- regress/unittests/test_helper/test_helper.h
+++ regress/unittests/test_helper/test_helper.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: test_helper.h,v 1.8 2018/02/08 08:46:20 djm Exp $	*/
+/*	$OpenBSD: test_helper.h,v 1.9 2018/10/17 23:28:05 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
  *
@@ -27,8 +27,10 @@
 # include <stdint.h>
 #endif
 
+#ifdef WITH_OPENSSL
 #include <openssl/bn.h>
 #include <openssl/err.h>
+#endif
 
 enum test_predicate {
 	TEST_EQ, TEST_NE, TEST_LT, TEST_LE, TEST_GT, TEST_GE
@@ -45,12 +47,16 @@
 void test_done(void);
 int test_is_verbose(void);
 int test_is_quiet(void);
+int test_is_fast(void);
+int test_is_slow(void);
 void test_subtest_info(const char *fmt, ...)
     __attribute__((format(printf, 1, 2)));
 void ssl_err_check(const char *file, int line);
+#ifdef WITH_OPENSSL
 void assert_bignum(const char *file, int line,
     const char *a1, const char *a2,
     const BIGNUM *aa1, const BIGNUM *aa2, enum test_predicate pred);
+#endif
 void assert_string(const char *file, int line,
     const char *a1, const char *a2,
     const char *aa1, const char *aa2, enum test_predicate pred);
Index: regress/unittests/test_helper/test_helper.c
===================================================================
--- regress/unittests/test_helper/test_helper.c
+++ regress/unittests/test_helper/test_helper.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: test_helper.c,v 1.8 2018/02/08 08:46:20 djm Exp $	*/
+/*	$OpenBSD: test_helper.c,v 1.12 2019/08/02 01:41:24 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
  *
@@ -23,6 +23,7 @@
 #include <sys/param.h>
 #include <sys/uio.h>
 
+#include <stdarg.h>
 #include <fcntl.h>
 #include <stdio.h>
 #ifdef HAVE_STDINT_H
@@ -34,12 +35,16 @@
 #include <unistd.h>
 #include <signal.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/bn.h>
+#include <openssl/err.h>
+#endif
 
 #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H) && !defined(BROKEN_STRNVIS)
 # include <vis.h>
 #endif
 
+#include "entropy.h"
 #include "test_helper.h"
 #include "atomicio.h"
 
@@ -115,12 +120,19 @@
 static void *onerror_ctx = NULL;
 static const char *data_dir = NULL;
 static char subtest_info[512];
+static int fast = 0;
+static int slow = 0;
 
 int
 main(int argc, char **argv)
 {
 	int ch;
 
+	seed_rng();
+#ifdef WITH_OPENSSL
+	ERR_load_CRYPTO_strings();
+#endif
+
 	/* Handle systems without __progname */
 	if (__progname == NULL) {
 		__progname = strrchr(argv[0], '/');
@@ -134,8 +146,14 @@
 		}
 	}
 
-	while ((ch = getopt(argc, argv, "vqd:")) != -1) {
+	while ((ch = getopt(argc, argv, "Ffvqd:")) != -1) {
 		switch (ch) {
+		case 'F':
+			slow = 1;
+			break;
+		case 'f':
+			fast = 1;
+			break;
 		case 'd':
 			data_dir = optarg;
 			break;
@@ -167,17 +185,29 @@
 }
 
 int
-test_is_verbose()
+test_is_verbose(void)
 {
 	return verbose_mode;
 }
 
 int
-test_is_quiet()
+test_is_quiet(void)
 {
 	return quiet_mode;
 }
 
+int
+test_is_fast(void)
+{
+	return fast;
+}
+
+int
+test_is_slow(void)
+{
+	return slow;
+}
+
 const char *
 test_data_file(const char *name)
 {
@@ -262,6 +292,7 @@
 void
 ssl_err_check(const char *file, int line)
 {
+#ifdef WITH_OPENSSL
 	long openssl_error = ERR_get_error();
 
 	if (openssl_error == 0)
@@ -269,6 +300,10 @@
 
 	fprintf(stderr, "\n%s:%d: uncaught OpenSSL error: %s",
 	    file, line, ERR_error_string(openssl_error, NULL));
+#else /* WITH_OPENSSL */
+	fprintf(stderr, "\n%s:%d: uncaught OpenSSL error ",
+	    file, line);
+#endif /* WITH_OPENSSL */
 	abort();
 }
 
@@ -313,6 +348,7 @@
 	    a2 != NULL ? ", " : "", a2 != NULL ? a2 : "");
 }
 
+#ifdef WITH_OPENSSL
 void
 assert_bignum(const char *file, int line, const char *a1, const char *a2,
     const BIGNUM *aa1, const BIGNUM *aa2, enum test_predicate pred)
@@ -325,6 +361,7 @@
 	fprintf(stderr, "%12s = 0x%s\n", a2, BN_bn2hex(aa2));
 	test_die();
 }
+#endif
 
 void
 assert_string(const char *file, int line, const char *a1, const char *a2,
@@ -366,6 +403,8 @@
     const void *aa1, const void *aa2, size_t l, enum test_predicate pred)
 {
 	int r;
+	char *aa1_tohex = NULL;
+	char *aa2_tohex = NULL;
 
 	if (l == 0)
 		return;
@@ -376,8 +415,12 @@
 	r = memcmp(aa1, aa2, l);
 	TEST_CHECK_INT(r, pred);
 	test_header(file, line, a1, a2, "STRING", pred);
-	fprintf(stderr, "%12s = %s (len %zu)\n", a1, tohex(aa1, MIN(l, 256)), l);
-	fprintf(stderr, "%12s = %s (len %zu)\n", a2, tohex(aa2, MIN(l, 256)), l);
+	aa1_tohex = tohex(aa1, MIN(l, 256));
+	aa2_tohex = tohex(aa2, MIN(l, 256));
+	fprintf(stderr, "%12s = %s (len %zu)\n", a1, aa1_tohex, l);
+	fprintf(stderr, "%12s = %s (len %zu)\n", a2, aa2_tohex, l);
+	free(aa1_tohex);
+	free(aa2_tohex);
 	test_die();
 }
 
@@ -402,6 +445,7 @@
 	size_t where = -1;
 	int r;
 	char tmp[64];
+	char *aa1_tohex = NULL;
 
 	if (l == 0)
 		return;
@@ -411,8 +455,10 @@
 	r = memvalcmp(aa1, v, l, &where);
 	TEST_CHECK_INT(r, pred);
 	test_header(file, line, a1, NULL, "MEM_ZERO", pred);
+	aa1_tohex = tohex(aa1, MIN(l, 20));
 	fprintf(stderr, "%20s = %s%s (len %zu)\n", a1,
-	    tohex(aa1, MIN(l, 20)), l > 20 ? "..." : "", l);
+	    aa1_tohex, l > 20 ? "..." : "", l);
+	free(aa1_tohex);
 	snprintf(tmp, sizeof(tmp), "(%s)[%zu]", a1, where);
 	fprintf(stderr, "%20s = 0x%02x (expected 0x%02x)\n", tmp,
 	    ((u_char *)aa1)[where], v);
Index: regress/unittests/utf8/tests.c
===================================================================
--- regress/unittests/utf8/tests.c
+++ regress/unittests/utf8/tests.c
@@ -9,7 +9,9 @@
 #include "includes.h"
 
 #include <locale.h>
+#include <stdarg.h>
 #include <string.h>
+#include <stdio.h>
 
 #include "../test_helper/test_helper.h"
 
Index: sandbox-seccomp-filter.c
===================================================================
--- sandbox-seccomp-filter.c
+++ sandbox-seccomp-filter.c
@@ -42,6 +42,7 @@
 #include <sys/types.h>
 #include <sys/resource.h>
 #include <sys/prctl.h>
+#include <sys/mman.h>
 
 #include <linux/net.h>
 #include <linux/audit.h>
@@ -95,12 +96,12 @@
 	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW)
 #define SC_ALLOW_ARG(_nr, _arg_nr, _arg_val) \
 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 6), \
-	/* load and test first syscall argument, low word */ \
+	/* load and test syscall argument, low word */ \
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
 	    offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \
 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \
 	    ((_arg_val) & 0xFFFFFFFF), 0, 3), \
-	/* load and test first syscall argument, high word */ \
+	/* load and test syscall argument, high word */ \
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
 	    offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_HI_OFFSET), \
 	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, \
@@ -109,6 +110,24 @@
 	/* reload syscall number; all rules expect it in accumulator */ \
 	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
 		offsetof(struct seccomp_data, nr))
+/* Allow if syscall argument contains only values in mask */
+#define SC_ALLOW_ARG_MASK(_nr, _arg_nr, _arg_mask) \
+	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, (_nr), 0, 8), \
+	/* load, mask and test syscall argument, low word */ \
+	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
+	    offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_LO_OFFSET), \
+	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, ~((_arg_mask) & 0xFFFFFFFF)), \
+	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 4), \
+	/* load, mask and test syscall argument, high word */ \
+	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
+	    offsetof(struct seccomp_data, args[(_arg_nr)]) + ARG_HI_OFFSET), \
+	BPF_STMT(BPF_ALU+BPF_AND+BPF_K, \
+	    ~(((uint32_t)((uint64_t)(_arg_mask) >> 32)) & 0xFFFFFFFF)), \
+	BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, 0, 0, 1), \
+	BPF_STMT(BPF_RET+BPF_K, SECCOMP_RET_ALLOW), \
+	/* reload syscall number; all rules expect it in accumulator */ \
+	BPF_STMT(BPF_LD+BPF_W+BPF_ABS, \
+		offsetof(struct seccomp_data, nr))
 
 /* Syscall filtering set for preauth. */
 static const struct sock_filter preauth_insns[] = {
@@ -149,6 +168,15 @@
 #ifdef __NR_stat64
 	SC_DENY(__NR_stat64, EACCES),
 #endif
+#ifdef __NR_shmget
+	SC_DENY(__NR_shmget, EACCES),
+#endif
+#ifdef __NR_shmat
+	SC_DENY(__NR_shmat, EACCES),
+#endif
+#ifdef __NR_shmdt
+	SC_DENY(__NR_shmdt, EACCES),
+#endif
 
 	/* Syscalls to permit */
 #ifdef __NR_brk
@@ -197,11 +225,14 @@
 	SC_ALLOW(__NR_madvise),
 #endif
 #ifdef __NR_mmap
-	SC_ALLOW(__NR_mmap),
+	SC_ALLOW_ARG_MASK(__NR_mmap, 2, PROT_READ|PROT_WRITE|PROT_NONE),
 #endif
 #ifdef __NR_mmap2
-	SC_ALLOW(__NR_mmap2),
+	SC_ALLOW_ARG_MASK(__NR_mmap2, 2, PROT_READ|PROT_WRITE|PROT_NONE),
 #endif
+#ifdef __NR_mprotect
+	SC_ALLOW_ARG_MASK(__NR_mprotect, 2, PROT_READ|PROT_WRITE|PROT_NONE),
+#endif
 #ifdef __NR_mremap
 	SC_ALLOW(__NR_mremap),
 #endif
@@ -250,6 +281,9 @@
 	SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK),
 	SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
 	SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
+	SC_ALLOW_ARG(__NR_ioctl, 1, ZSECSENDCPRB),
+	/* Allow ioctls for EP11 crypto card on s390 */
+	SC_ALLOW_ARG(__NR_ioctl, 1, ZSENDEP11CPRB),
 #endif
 #if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT)
 	/*
Index: sandbox-systrace.c
===================================================================
--- sandbox-systrace.c
+++ sandbox-systrace.c
@@ -36,7 +36,6 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <limits.h>
 
 #include "atomicio.h"
 #include "log.h"
Index: scp.0
===================================================================
--- scp.0
+++ scp.0
@@ -4,8 +4,9 @@
      scp M-bM-^@M-^S secure copy (remote file copy program)
 
 SYNOPSIS
-     scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]
-         [-l limit] [-o ssh_option] [-P port] [-S program] source ... target
+     scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]
+         [-J destination] [-l limit] [-o ssh_option] [-P port] [-S program]
+         source ... target
 
 DESCRIPTION
      scp copies files between hosts on a network.  It uses ssh(1) for data
@@ -52,6 +53,14 @@
              key authentication is read.  This option is directly passed to
              ssh(1).
 
+     -J destination
+             Connect to the target host by first making an scp connection to
+             the jump host described by destination and then establishing a
+             TCP forwarding to the ultimate destination from there.  Multiple
+             jump hops may be specified separated by comma characters.  This
+             is a shortcut to specify a ProxyJump configuration directive.
+             This option is directly passed to ssh(1).
+
      -l limit
              Limits the used bandwidth, specified in Kbit/s.
 
@@ -91,7 +100,7 @@
                    HostbasedKeyTypes
                    HostKeyAlgorithms
                    HostKeyAlias
-                   HostName
+                   Hostname
                    IdentitiesOnly
                    IdentityAgent
                    IdentityFile
@@ -141,6 +150,16 @@
              Name of program to use for the encrypted connection.  The program
              must understand ssh(1) options.
 
+     -T      Disable strict filename checking.  By default when copying files
+             from a remote host to a local directory scp checks that the
+             received filenames match those requested on the command-line to
+             prevent the remote end from sending unexpected or unwanted files.
+             Because of differences in how various operating systems and
+             shells interpret filename wildcards, these checks may cause
+             wanted files to be rejected.  This option disables these checks
+             at the expense of fully trusting that the server will not send
+             unexpected filenames.
+
      -v      Verbose mode.  Causes scp and ssh(1) to print debugging messages
              about their progress.  This is helpful in debugging connection,
              authentication, and configuration problems.
@@ -160,4 +179,4 @@
      Timo Rinne <tri@iki.fi>
      Tatu Ylonen <ylo@cs.hut.fi>
 
-OpenBSD 6.4                   September 20, 2018                   OpenBSD 6.4
+OpenBSD 6.6                      June 12, 2019                     OpenBSD 6.6
Index: scp.1
===================================================================
--- scp.1
+++ scp.1
@@ -8,9 +8,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.81 2018/09/20 06:58:48 jmc Exp $
+.\" $OpenBSD: scp.1,v 1.86 2019/06/12 11:31:50 jmc Exp $
 .\"
-.Dd $Mdocdate: September 20 2018 $
+.Dd $Mdocdate: June 12 2019 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -22,6 +22,7 @@
 .Op Fl c Ar cipher
 .Op Fl F Ar ssh_config
 .Op Fl i Ar identity_file
+.Op Fl J Ar destination
 .Op Fl l Ar limit
 .Op Fl o Ar ssh_option
 .Op Fl P Ar port
@@ -106,6 +107,19 @@
 authentication is read.
 This option is directly passed to
 .Xr ssh 1 .
+.It Fl J Ar destination
+Connect to the target host by first making an
+.Nm
+connection to the jump host described by
+.Ar destination
+and then establishing a TCP forwarding to the ultimate destination from
+there.
+Multiple jump hops may be specified separated by comma characters.
+This is a shortcut to specify a
+.Cm ProxyJump
+configuration directive.
+This option is directly passed to
+.Xr ssh 1 .
 .It Fl l Ar limit
 Limits the used bandwidth, specified in Kbit/s.
 .It Fl o Ar ssh_option
@@ -150,7 +164,7 @@
 .It HostbasedKeyTypes
 .It HostKeyAlgorithms
 .It HostKeyAlias
-.It HostName
+.It Hostname
 .It IdentitiesOnly
 .It IdentityAgent
 .It IdentityFile
Index: scp.c
===================================================================
--- scp.c
+++ scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.204 2019/02/10 11:15:52 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.206 2019/09/09 02:31:19 dtucker Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -101,7 +101,7 @@
 #include <signal.h>
 #include <stdarg.h>
 #ifdef HAVE_STDINT_H
-#include <stdint.h>
+# include <stdint.h>
 #endif
 #include <stdio.h>
 #include <stdlib.h>
@@ -253,13 +253,13 @@
 	 * Reserve two descriptors so that the real pipes won't get
 	 * descriptors 0 and 1 because that will screw up dup2 below.
 	 */
-	if (pipe(reserved) < 0)
+	if (pipe(reserved) == -1)
 		fatal("pipe: %s", strerror(errno));
 
 	/* Create a socket pair for communicating with ssh. */
-	if (pipe(pin) < 0)
+	if (pipe(pin) == -1)
 		fatal("pipe: %s", strerror(errno));
-	if (pipe(pout) < 0)
+	if (pipe(pout) == -1)
 		fatal("pipe: %s", strerror(errno));
 
 	/* Free the reserved descriptors. */
@@ -401,6 +401,8 @@
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+	seed_rng();
+
 	msetlocale();
 
 	/* Copy argv, because we modify it */
@@ -424,7 +426,7 @@
 
 	fflag = Tflag = tflag = 0;
 	while ((ch = getopt(argc, argv,
-	    "dfl:prtTvBCc:i:P:q12346S:o:F:")) != -1) {
+	    "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) {
 		switch (ch) {
 		/* User-visible flags. */
 		case '1':
@@ -446,6 +448,7 @@
 		case 'c':
 		case 'i':
 		case 'F':
+		case 'J':
 			addargs(&remote_remote_args, "-%c", ch);
 			addargs(&remote_remote_args, "%s", optarg);
 			addargs(&args, "-%c", ch);
@@ -591,6 +594,7 @@
 	off_t *cnt = (off_t *)_cnt;
 
 	*cnt += s;
+	refresh_progress_meter(0);
 	if (limit_kbps > 0)
 		bandwidth_limit(&bwlimit, s);
 	return 0;
@@ -1062,7 +1066,7 @@
 	off_t i, statbytes;
 	size_t amt, nr;
 	int fd = -1, haderr, indx;
-	char *last, *name, buf[2048], encname[PATH_MAX];
+	char *last, *name, buf[PATH_MAX + 128], encname[PATH_MAX];
 	int len;
 
 	for (indx = 0; indx < argc; ++indx) {
@@ -1071,13 +1075,13 @@
 		len = strlen(name);
 		while (len > 1 && name[len-1] == '/')
 			name[--len] = '\0';
-		if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) < 0)
+		if ((fd = open(name, O_RDONLY|O_NONBLOCK, 0)) == -1)
 			goto syserr;
 		if (strchr(name, '\n') != NULL) {
 			strnvis(encname, name, sizeof(encname), VIS_NL);
 			name = encname;
 		}
-		if (fstat(fd, &stb) < 0) {
+		if (fstat(fd, &stb) == -1) {
 syserr:			run_err("%s: %s", name, strerror(errno));
 			goto next;
 		}
@@ -1151,7 +1155,7 @@
 		unset_nonblock(remout);
 
 		if (fd != -1) {
-			if (close(fd) < 0 && !haderr)
+			if (close(fd) == -1 && !haderr)
 				haderr = errno;
 			fd = -1;
 		}
@@ -1369,7 +1373,8 @@
 			SCREWUP("size out of range");
 		size = (off_t)ull;
 
-		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
+		if (*cp == '\0' || strchr(cp, '/') != NULL ||
+		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
 			run_err("error: unexpected filename: %s", cp);
 			exit(1);
 		}
@@ -1414,14 +1419,14 @@
 				/* Handle copying from a read-only
 				   directory */
 				mod_flag = 1;
-				if (mkdir(np, mode | S_IRWXU) < 0)
+				if (mkdir(np, mode | S_IRWXU) == -1)
 					goto bad;
 			}
 			vect[0] = xstrdup(np);
 			sink(1, vect, src);
 			if (setimes) {
 				setimes = 0;
-				if (utimes(vect[0], tv) < 0)
+				if (utimes(vect[0], tv) == -1)
 					run_err("%s: set times: %s",
 					    vect[0], strerror(errno));
 			}
@@ -1432,7 +1437,7 @@
 		}
 		omode = mode;
 		mode |= S_IWUSR;
-		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
+		if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) == -1) {
 bad:			run_err("%s: %s", np, strerror(errno));
 			continue;
 		}
@@ -1522,7 +1527,7 @@
 			stop_progress_meter();
 		if (setimes && wrerr == NO) {
 			setimes = 0;
-			if (utimes(np, tv) < 0) {
+			if (utimes(np, tv) == -1) {
 				run_err("%s: set times: %s",
 				    np, strerror(errno));
 				wrerr = DISPLAYED;
@@ -1595,7 +1600,8 @@
 {
 	(void) fprintf(stderr,
 	    "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
-	    "           [-l limit] [-o ssh_option] [-P port] [-S program] source ... target\n");
+	    "            [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
+	    "            [-S program] source ... target\n");
 	exit(1);
 }
 
@@ -1675,7 +1681,7 @@
 #ifdef HAVE_STRUCT_STAT_ST_BLKSIZE
 	struct stat stb;
 
-	if (fstat(fd, &stb) < 0) {
+	if (fstat(fd, &stb) == -1) {
 		run_err("fstat: %s", strerror(errno));
 		return (0);
 	}
Index: servconf.h
===================================================================
--- servconf.h
+++ servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.140 2019/04/18 18:56:16 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -75,6 +75,7 @@
 	char	*routing_domain;	/* Bind session to routing domain */
 
 	char   **host_key_files;	/* Files containing host keys. */
+	int	*host_key_file_userprovided; /* Key was specified by user. */
 	u_int	num_host_key_files;     /* Number of files for host keys. */
 	char   **host_cert_files;	/* Files containing host certs. */
 	u_int	num_host_cert_files;	/* Number of files for host certs. */
@@ -220,6 +221,8 @@
 	const char *laddress;	/* local address */
 	int lport;		/* local port */
 	const char *rdomain;	/* routing domain if available */
+	int test;		/* test mode, allow some attributes to be
+				 * unspecified */
 };
 
 
@@ -257,7 +260,7 @@
 		M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \
 	} while (0)
 
-struct connection_info *get_connection_info(int, int);
+struct connection_info *get_connection_info(struct ssh *, int, int);
 void	 initialize_server_options(ServerOptions *);
 void	 fill_default_server_options(ServerOptions *);
 int	 process_server_config_line(ServerOptions *, char *, const char *, int,
@@ -273,7 +276,7 @@
 void	 dump_config(ServerOptions *);
 char	*derelativise_path(const char *);
 void	 servconf_add_hostkey(const char *, const int,
-	    ServerOptions *, const char *path);
+	    ServerOptions *, const char *path, int);
 void	 servconf_add_hostcert(const char *, const int,
 	    ServerOptions *, const char *path);
 
Index: servconf.c
===================================================================
--- servconf.c
+++ servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.342 2018/09/20 23:40:16 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.352 2019/09/06 14:45:34 naddy Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -221,26 +221,40 @@
 }
 
 static void
-array_append(const char *file, const int line, const char *directive,
-    char ***array, u_int *lp, const char *s)
+array_append2(const char *file, const int line, const char *directive,
+    char ***array, int **iarray, u_int *lp, const char *s, int i)
 {
 
 	if (*lp >= INT_MAX)
 		fatal("%s line %d: Too many %s entries", file, line, directive);
 
+	if (iarray != NULL) {
+		*iarray = xrecallocarray(*iarray, *lp, *lp + 1,
+		    sizeof(**iarray));
+		(*iarray)[*lp] = i;
+	}
+
 	*array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
 	(*array)[*lp] = xstrdup(s);
 	(*lp)++;
 }
 
+static void
+array_append(const char *file, const int line, const char *directive,
+    char ***array, u_int *lp, const char *s)
+{
+	array_append2(file, line, directive, array, NULL, lp, s, 0);
+}
+
 void
 servconf_add_hostkey(const char *file, const int line,
-    ServerOptions *options, const char *path)
+    ServerOptions *options, const char *path, int userprovided)
 {
 	char *apath = derelativise_path(path);
 
-	array_append(file, line, "HostKey",
-	    &options->host_key_files, &options->num_host_key_files, apath);
+	array_append2(file, line, "HostKey",
+	    &options->host_key_files, &options->host_key_file_userprovided,
+	    &options->num_host_key_files, apath, userprovided);
 	free(apath);
 }
 
@@ -268,16 +282,16 @@
 	if (options->num_host_key_files == 0) {
 		/* fill default hostkeys for protocols */
 		servconf_add_hostkey("[default]", 0, options,
-		    _PATH_HOST_RSA_KEY_FILE);
+		    _PATH_HOST_RSA_KEY_FILE, 0);
 #ifdef OPENSSL_HAS_ECC
 		servconf_add_hostkey("[default]", 0, options,
-		    _PATH_HOST_ECDSA_KEY_FILE);
+		    _PATH_HOST_ECDSA_KEY_FILE, 0);
 #endif
 		servconf_add_hostkey("[default]", 0, options,
-		    _PATH_HOST_ED25519_KEY_FILE);
+		    _PATH_HOST_ED25519_KEY_FILE, 0);
 #ifdef WITH_XMSS
 		servconf_add_hostkey("[default]", 0, options,
-		    _PATH_HOST_XMSS_KEY_FILE);
+		    _PATH_HOST_XMSS_KEY_FILE, 0);
 #endif /* WITH_XMSS */
 	}
 	/* No certificates by default */
@@ -456,7 +470,6 @@
 		options->compression = 0;
 	}
 #endif
-
 }
 
 /* Keyword tokens. */
@@ -702,7 +715,7 @@
 	if (strcasecmp(path, "none") == 0)
 		return xstrdup("none");
 	expanded = tilde_expand_filename(path, getuid());
-	if (*expanded == '/')
+	if (path_absolute(expanded))
 		return expanded;
 	if (getcwd(cwd, sizeof(cwd)) == NULL)
 		fatal("%s: getcwd: %s", __func__, strerror(errno));
@@ -864,7 +877,7 @@
 {
 	u_int i;
 	int port;
-	char *host, *arg, *oarg;
+	char *host, *arg, *oarg, ch;
 	int where = opcode == sPermitOpen ? FORWARD_LOCAL : FORWARD_REMOTE;
 	const char *what = lookup_opcode_name(opcode);
 
@@ -882,8 +895,9 @@
 	/* Otherwise treat it as a list of permitted host:port */
 	for (i = 0; i < num_opens; i++) {
 		oarg = arg = xstrdup(opens[i]);
-		host = hpdelim(&arg);
-		if (host == NULL)
+		ch = '\0';
+		host = hpdelim2(&arg, &ch);
+		if (host == NULL || ch == '/')
 			fatal("%s: missing host in %s", __func__, what);
 		host = cleanhostname(host);
 		if (arg == NULL || ((port = permitopen_port(arg)) < 0))
@@ -909,12 +923,11 @@
 }
 
 struct connection_info *
-get_connection_info(int populate, int use_dns)
+get_connection_info(struct ssh *ssh, int populate, int use_dns)
 {
-	struct ssh *ssh = active_state; /* XXX */
 	static struct connection_info ci;
 
-	if (!populate)
+	if (ssh == NULL || !populate)
 		return &ci;
 	ci.host = auth_get_canonical_hostname(ssh, use_dns);
 	ci.address = ssh_remote_ipaddr(ssh);
@@ -1029,19 +1042,19 @@
 			return -1;
 		}
 		if (strcasecmp(attrib, "user") == 0) {
-			if (ci == NULL) {
+			if (ci == NULL || (ci->test && ci->user == NULL)) {
 				result = 0;
 				continue;
 			}
 			if (ci->user == NULL)
 				match_test_missing_fatal("User", "user");
-			if (match_pattern_list(ci->user, arg, 0) != 1)
+			if (match_usergroup_pattern_list(ci->user, arg) != 1)
 				result = 0;
 			else
 				debug("user %.100s matched 'User %.100s' at "
 				    "line %d", ci->user, arg, line);
 		} else if (strcasecmp(attrib, "group") == 0) {
-			if (ci == NULL) {
+			if (ci == NULL || (ci->test && ci->user == NULL)) {
 				result = 0;
 				continue;
 			}
@@ -1054,7 +1067,7 @@
 				result = 0;
 			}
 		} else if (strcasecmp(attrib, "host") == 0) {
-			if (ci == NULL) {
+			if (ci == NULL || (ci->test && ci->host == NULL)) {
 				result = 0;
 				continue;
 			}
@@ -1066,7 +1079,7 @@
 				debug("connection from %.100s matched 'Host "
 				    "%.100s' at line %d", ci->host, arg, line);
 		} else if (strcasecmp(attrib, "address") == 0) {
-			if (ci == NULL) {
+			if (ci == NULL || (ci->test && ci->address == NULL)) {
 				result = 0;
 				continue;
 			}
@@ -1085,7 +1098,7 @@
 				return -1;
 			}
 		} else if (strcasecmp(attrib, "localaddress") == 0){
-			if (ci == NULL) {
+			if (ci == NULL || (ci->test && ci->laddress == NULL)) {
 				result = 0;
 				continue;
 			}
@@ -1111,7 +1124,7 @@
 				    arg);
 				return -1;
 			}
-			if (ci == NULL) {
+			if (ci == NULL || (ci->test && ci->lport == -1)) {
 				result = 0;
 				continue;
 			}
@@ -1125,10 +1138,12 @@
 			else
 				result = 0;
 		} else if (strcasecmp(attrib, "rdomain") == 0) {
-			if (ci == NULL || ci->rdomain == NULL) {
+			if (ci == NULL || (ci->test && ci->rdomain == NULL)) {
 				result = 0;
 				continue;
 			}
+			if (ci->rdomain == NULL)
+				match_test_missing_fatal("RDomain", "rdomain");
 			if (match_pattern_list(ci->rdomain, arg, 0) != 1)
 				result = 0;
 			else
@@ -1201,7 +1216,7 @@
     const char *filename, int linenum, int *activep,
     struct connection_info *connectinfo)
 {
-	char *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
+	char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
 	int cmdline = 0, *intptr, value, value2, n, port;
 	SyslogFacility *log_facility_ptr;
 	LogLevel *log_level_ptr;
@@ -1301,8 +1316,10 @@
 			port = 0;
 			p = arg;
 		} else {
-			p = hpdelim(&arg);
-			if (p == NULL)
+			arg2 = NULL;
+			ch = '\0';
+			p = hpdelim2(&arg, &ch);
+			if (p == NULL || ch == '/')
 				fatal("%s line %d: bad address:port usage",
 				    filename, linenum);
 			p = cleanhostname(p);
@@ -1355,8 +1372,10 @@
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: missing file name.",
 			    filename, linenum);
-		if (*activep)
-			servconf_add_hostkey(filename, linenum, options, arg);
+		if (*activep) {
+			servconf_add_hostkey(filename, linenum,
+			    options, arg, 1);
+		}
 		break;
 
 	case sHostKeyAgent:
@@ -1425,7 +1444,8 @@
 			fatal("%s line %d: Missing argument.",
 			    filename, linenum);
 		if (*arg != '-' &&
-		    !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1))
+		    !sshkey_names_valid2(*arg == '+' || *arg == '^' ?
+		    arg + 1 : arg, 1))
 			fatal("%s line %d: Bad key types '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
 		if (*activep && *charptr == NULL)
@@ -1696,7 +1716,8 @@
 		arg = strdelim(&cp);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: Missing argument.", filename, linenum);
-		if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg))
+		if (*arg != '-' &&
+		    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
 		if (options->ciphers == NULL)
@@ -1707,7 +1728,8 @@
 		arg = strdelim(&cp);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: Missing argument.", filename, linenum);
-		if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg))
+		if (*arg != '-' &&
+		    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
 		if (options->macs == NULL)
@@ -1720,7 +1742,8 @@
 			fatal("%s line %d: Missing argument.",
 			    filename, linenum);
 		if (*arg != '-' &&
-		    !kex_names_valid(*arg == '+' ? arg + 1 : arg))
+		    !kex_names_valid(*arg == '+' || *arg == '^' ?
+		    arg + 1 : arg))
 			fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
 		if (options->kex_algorithms == NULL)
@@ -1928,8 +1951,9 @@
 				xasprintf(&arg2, "*:%s", arg);
 			} else {
 				arg2 = xstrdup(arg);
-				p = hpdelim(&arg);
-				if (p == NULL) {
+				ch = '\0';
+				p = hpdelim2(&arg, &ch);
+				if (p == NULL || ch == '/') {
 					fatal("%s line %d: missing host in %s",
 					    filename, linenum,
 					    lookup_opcode_name(opcode));
Index: serverloop.c
===================================================================
--- serverloop.c
+++ serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */
+/* $OpenBSD: serverloop.c,v 1.216 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -49,6 +49,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <pwd.h>
+#include <limits.h>
 #include <signal.h>
 #include <string.h>
 #include <termios.h>
@@ -98,7 +99,7 @@
 static volatile sig_atomic_t received_sigterm = 0;
 
 /* prototypes */
-static void server_init_dispatch(void);
+static void server_init_dispatch(struct ssh *);
 
 /* requested tunnel forwarding interface(s), shared with session.c */
 char *tun_fwd_ifnames = NULL;
@@ -122,7 +123,7 @@
 static void
 notify_setup(void)
 {
-	if (pipe(notify_pipe) < 0) {
+	if (pipe(notify_pipe) == -1) {
 		error("pipe(notify_pipe) failed %s", strerror(errno));
 	} else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) ||
 	    (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) {
@@ -179,11 +180,12 @@
 static void
 client_alive_check(struct ssh *ssh)
 {
-	int channel_id;
 	char remote_id[512];
+	int r, channel_id;
 
 	/* timeout, check to see how many we have had */
-	if (packet_inc_alive_timeouts() > options.client_alive_count_max) {
+	if (ssh_packet_inc_alive_timeouts(ssh) >
+	    options.client_alive_count_max) {
 		sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
 		logit("Timeout, client not responding from %s", remote_id);
 		cleanup_exit(255);
@@ -194,14 +196,17 @@
 	 * we should get back a failure
 	 */
 	if ((channel_id = channel_find_open(ssh)) == -1) {
-		packet_start(SSH2_MSG_GLOBAL_REQUEST);
-		packet_put_cstring("keepalive@openssh.com");
-		packet_put_char(1);	/* boolean: want reply */
+		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com"))
+		    != 0 ||
+		    (r = sshpkt_put_u8(ssh, 1)) != 0) /* boolean: want reply */
+			fatal("%s: %s", __func__, ssh_err(r));
 	} else {
 		channel_request_start(ssh, channel_id,
 		    "keepalive@openssh.com", 1);
 	}
-	packet_send();
+	if ((r = sshpkt_send(ssh)) != 0)
+		fatal("%s: %s", __func__, ssh_err(r));
 }
 
 /*
@@ -220,6 +225,7 @@
 	int ret;
 	time_t minwait_secs = 0;
 	int client_alive_scheduled = 0;
+	/* time we last heard from the client OR sent a keepalive */
 	static time_t last_client_time;
 
 	/* Allocate and update select() masks for channel descriptors. */
@@ -242,9 +248,10 @@
 		uint64_t keepalive_ms =
 		    (uint64_t)options.client_alive_interval * 1000;
 
-		client_alive_scheduled = 1;
-		if (max_time_ms == 0 || max_time_ms > keepalive_ms)
+		if (max_time_ms == 0 || max_time_ms > keepalive_ms) {
 			max_time_ms = keepalive_ms;
+			client_alive_scheduled = 1;
+		}
 	}
 
 #if 0
@@ -258,14 +265,14 @@
 	 * If we have buffered packet data going to the client, mark that
 	 * descriptor.
 	 */
-	if (packet_have_data_to_write())
+	if (ssh_packet_have_data_to_write(ssh))
 		FD_SET(connection_out, *writesetp);
 
 	/*
 	 * If child has terminated and there is enough buffer space to read
 	 * from it, then read as much as is available and exit.
 	 */
-	if (child_terminated && packet_not_very_much_data_to_write())
+	if (child_terminated && ssh_packet_not_very_much_data_to_write(ssh))
 		if (max_time_ms == 0 || client_alive_scheduled)
 			max_time_ms = 100;
 
@@ -288,14 +295,16 @@
 	} else if (client_alive_scheduled) {
 		time_t now = monotime();
 
-		if (ret == 0) { /* timeout */
+		/*
+		 * If the select timed out, or returned for some other reason
+		 * but we haven't heard from the client in time, send keepalive.
+		 */
+		if (ret == 0 || (last_client_time != 0 && last_client_time +
+		    options.client_alive_interval <= now)) {
 			client_alive_check(ssh);
+			last_client_time = now;
 		} else if (FD_ISSET(connection_in, *readsetp)) {
 			last_client_time = now;
-		} else if (last_client_time != 0 && last_client_time +
-		    options.client_alive_interval <= now) {
-			client_alive_check(ssh);
-			last_client_time = now;
 		}
 	}
 
@@ -309,7 +318,7 @@
 static int
 process_input(struct ssh *ssh, fd_set *readset, int connection_in)
 {
-	int len;
+	int r, len;
 	char buf[16384];
 
 	/* Read and buffer any input data from the client. */
@@ -319,7 +328,7 @@
 			verbose("Connection closed by %.100s port %d",
 			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 			return -1;
-		} else if (len < 0) {
+		} else if (len == -1) {
 			if (errno != EINTR && errno != EAGAIN &&
 			    errno != EWOULDBLOCK) {
 				verbose("Read error from remote host "
@@ -330,7 +339,10 @@
 			}
 		} else {
 			/* Buffer any received data. */
-			packet_process_incoming(buf, len);
+			if ((r = ssh_packet_process_incoming(ssh, buf, len))
+			    != 0)
+				fatal("%s: ssh_packet_process_incoming: %s",
+				    __func__, ssh_err(r));
 		}
 	}
 	return 0;
@@ -340,11 +352,16 @@
  * Sends data from internal buffers to client program stdin.
  */
 static void
-process_output(fd_set *writeset, int connection_out)
+process_output(struct ssh *ssh, fd_set *writeset, int connection_out)
 {
+	int r;
+
 	/* Send any buffered packet data to the client. */
-	if (FD_ISSET(connection_out, writeset))
-		packet_write_poll();
+	if (FD_ISSET(connection_out, writeset)) {
+		if ((r = ssh_packet_write_poll(ssh)) != 0)
+			fatal("%s: ssh_packet_write_poll: %s",
+			    __func__, ssh_err(r));
+	}
 }
 
 static void
@@ -367,7 +384,7 @@
 	if (child_terminated) {
 		debug("Received SIGCHLD.");
 		while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
-		    (pid < 0 && errno == EINTR))
+		    (pid == -1 && errno == EINTR))
 			if (pid > 0)
 				session_close_by_pid(ssh, pid, status);
 		child_terminated = 0;
@@ -387,8 +404,8 @@
 
 	signal(SIGCHLD, sigchld_handler);
 	child_terminated = 0;
-	connection_in = packet_get_connection_in();
-	connection_out = packet_get_connection_out();
+	connection_in = ssh_packet_get_connection_in(ssh);
+	connection_out = ssh_packet_get_connection_out(ssh);
 
 	if (!use_privsep) {
 		signal(SIGTERM, sigterm_handler);
@@ -401,18 +418,21 @@
 	max_fd = MAXIMUM(connection_in, connection_out);
 	max_fd = MAXIMUM(max_fd, notify_pipe[0]);
 
-	server_init_dispatch();
+	server_init_dispatch(ssh);
 
 	for (;;) {
 		process_buffered_input_packets(ssh);
 
 		if (!ssh_packet_is_rekeying(ssh) &&
-		    packet_not_very_much_data_to_write())
+		    ssh_packet_not_very_much_data_to_write(ssh))
 			channel_output_poll(ssh);
-		if (options.rekey_interval > 0 && !ssh_packet_is_rekeying(ssh))
-			rekey_timeout_ms = packet_get_rekey_timeout() * 1000;
-		else
+		if (options.rekey_interval > 0 &&
+		    !ssh_packet_is_rekeying(ssh)) {
+			rekey_timeout_ms = ssh_packet_get_rekey_timeout(ssh) *
+			    1000;
+		} else {
 			rekey_timeout_ms = 0;
+		}
 
 		wait_until_can_do_something(ssh, connection_in, connection_out,
 		    &readset, &writeset, &max_fd, &nalloc, rekey_timeout_ms);
@@ -428,7 +448,7 @@
 			channel_after_select(ssh, readset, writeset);
 		if (process_input(ssh, readset, connection_in) < 0)
 			break;
-		process_output(writeset, connection_out);
+		process_output(ssh, writeset, connection_out);
 	}
 	collect_children(ssh);
 
@@ -451,7 +471,7 @@
 	 * even if this was generated by something other than
 	 * the bogus CHANNEL_REQUEST we send for keepalives.
 	 */
-	packet_set_alive_timeouts(0);
+	ssh_packet_set_alive_timeouts(ssh, 0);
 	return 0;
 }
 
@@ -459,16 +479,28 @@
 server_request_direct_tcpip(struct ssh *ssh, int *reason, const char **errmsg)
 {
 	Channel *c = NULL;
-	char *target, *originator;
-	u_short target_port, originator_port;
+	char *target = NULL, *originator = NULL;
+	u_int target_port = 0, originator_port = 0;
+	int r;
 
-	target = packet_get_string(NULL);
-	target_port = packet_get_int();
-	originator = packet_get_string(NULL);
-	originator_port = packet_get_int();
-	packet_check_eom();
+	if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &target_port)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+	if (target_port > 0xFFFF) {
+		error("%s: invalid target port", __func__);
+		*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
+		goto out;
+	}
+	if (originator_port > 0xFFFF) {
+		error("%s: invalid originator port", __func__);
+		*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
+		goto out;
+	}
 
-	debug("%s: originator %s port %d, target %s port %d", __func__,
+	debug("%s: originator %s port %u, target %s port %u", __func__,
 	    originator, originator_port, target, target_port);
 
 	/* XXX fine grained permissions */
@@ -485,9 +517,9 @@
 			*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
 	}
 
+ out:
 	free(originator);
 	free(target);
-
 	return c;
 }
 
@@ -495,17 +527,23 @@
 server_request_direct_streamlocal(struct ssh *ssh)
 {
 	Channel *c = NULL;
-	char *target, *originator;
-	u_short originator_port;
+	char *target = NULL, *originator = NULL;
+	u_int originator_port = 0;
 	struct passwd *pw = the_authctxt->pw;
+	int r;
 
 	if (pw == NULL || !the_authctxt->valid)
 		fatal("%s: no/invalid user", __func__);
 
-	target = packet_get_string(NULL);
-	originator = packet_get_string(NULL);
-	originator_port = packet_get_int();
-	packet_check_eom();
+	if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+	if (originator_port > 0xFFFF) {
+		error("%s: invalid originator port", __func__);
+		goto out;
+	}
 
 	debug("%s: originator %s port %d, target %s", __func__,
 	    originator, originator_port, target);
@@ -522,9 +560,9 @@
 		    originator, originator_port, target);
 	}
 
+out:
 	free(originator);
 	free(target);
-
 	return c;
 }
 
@@ -532,27 +570,35 @@
 server_request_tun(struct ssh *ssh)
 {
 	Channel *c = NULL;
-	int mode, tun, sock;
+	u_int mode, tun;
+	int r, sock;
 	char *tmp, *ifname = NULL;
 
-	mode = packet_get_int();
+	if ((r = sshpkt_get_u32(ssh, &mode)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse mode", __func__);
 	switch (mode) {
 	case SSH_TUNMODE_POINTOPOINT:
 	case SSH_TUNMODE_ETHERNET:
 		break;
 	default:
-		packet_send_debug("Unsupported tunnel device mode.");
+		ssh_packet_send_debug(ssh, "Unsupported tunnel device mode.");
 		return NULL;
 	}
 	if ((options.permit_tun & mode) == 0) {
-		packet_send_debug("Server has rejected tunnel device "
+		ssh_packet_send_debug(ssh, "Server has rejected tunnel device "
 		    "forwarding");
 		return NULL;
 	}
 
-	tun = packet_get_int();
+	if ((r = sshpkt_get_u32(ssh, &tun)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse device", __func__);
+	if (tun > INT_MAX) {
+		debug("%s: invalid tun", __func__);
+		goto done;
+	}
 	if (auth_opts->force_tun_device != -1) {
-		if (tun != SSH_TUNID_ANY && auth_opts->force_tun_device != tun)
+		if (tun != SSH_TUNID_ANY &&
+		    auth_opts->force_tun_device != (int)tun)
 			goto done;
 		tun = auth_opts->force_tun_device;
 	}
@@ -585,7 +631,7 @@
 
  done:
 	if (c == NULL)
-		packet_send_debug("Failed to open the tunnel device.");
+		ssh_packet_send_debug(ssh, "Failed to open the tunnel device.");
 	return c;
 }
 
@@ -593,13 +639,15 @@
 server_request_session(struct ssh *ssh)
 {
 	Channel *c;
+	int r;
 
 	debug("input_session_request");
-	packet_check_eom();
+	if ((r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 
 	if (no_more_sessions) {
-		packet_disconnect("Possible attack: attempt to open a session "
-		    "after additional sessions disabled");
+		ssh_packet_disconnect(ssh, "Possible attack: attempt to open a "
+		    "session after additional sessions disabled");
 	}
 
 	/*
@@ -624,20 +672,22 @@
 server_input_channel_open(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Channel *c = NULL;
-	char *ctype;
+	char *ctype = NULL;
 	const char *errmsg = NULL;
-	int rchan, reason = SSH2_OPEN_CONNECT_FAILED;
-	u_int rmaxpack, rwindow, len;
+	int r, reason = SSH2_OPEN_CONNECT_FAILED;
+	u_int rchan = 0, rmaxpack = 0, rwindow = 0;
 
-	ctype = packet_get_string(&len);
-	rchan = packet_get_int();
-	rwindow = packet_get_int();
-	rmaxpack = packet_get_int();
-
-	debug("%s: ctype %s rchan %d win %d max %d", __func__,
+	if ((r = sshpkt_get_cstring(ssh, &ctype, NULL)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &rchan)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &rwindow)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+	debug("%s: ctype %s rchan %u win %u max %u", __func__,
 	    ctype, rchan, rwindow, rmaxpack);
 
-	if (strcmp(ctype, "session") == 0) {
+	if (rchan > INT_MAX) {
+		error("%s: invalid remote channel ID", __func__);
+	} else if (strcmp(ctype, "session") == 0) {
 		c = server_request_session(ssh);
 	} else if (strcmp(ctype, "direct-tcpip") == 0) {
 		c = server_request_direct_tcpip(ssh, &reason, &errmsg);
@@ -648,26 +698,32 @@
 	}
 	if (c != NULL) {
 		debug("%s: confirm %s", __func__, ctype);
-		c->remote_id = rchan;
+		c->remote_id = (int)rchan;
 		c->have_remote_id = 1;
 		c->remote_window = rwindow;
 		c->remote_maxpacket = rmaxpack;
 		if (c->type != SSH_CHANNEL_CONNECTING) {
-			packet_start(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION);
-			packet_put_int(c->remote_id);
-			packet_put_int(c->self);
-			packet_put_int(c->local_window);
-			packet_put_int(c->local_maxpacket);
-			packet_send();
+			if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION)) != 0 ||
+			    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
+			    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||
+			    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||
+			    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 ||
+			    (r = sshpkt_send(ssh)) != 0) {
+				sshpkt_fatal(ssh, r,
+				    "%s: send open confirm", __func__);
+			}
 		}
 	} else {
 		debug("%s: failure %s", __func__, ctype);
-		packet_start(SSH2_MSG_CHANNEL_OPEN_FAILURE);
-		packet_put_int(rchan);
-		packet_put_int(reason);
-		packet_put_cstring(errmsg ? errmsg : "open failed");
-		packet_put_cstring("");
-		packet_send();
+		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||
+		    (r = sshpkt_put_u32(ssh, rchan)) != 0 ||
+		    (r = sshpkt_put_u32(ssh, reason)) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, errmsg ? errmsg : "open failed")) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, "")) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0) {
+			sshpkt_fatal(ssh, r,
+			    "%s: send open failure", __func__);
+		}
 	}
 	free(ctype);
 	return 0;
@@ -730,9 +786,9 @@
 		    (r = sshbuf_put_string(sigbuf,
 		    ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
 		    (r = sshkey_puts(key, sigbuf)) != 0 ||
-		    (r = ssh->kex->sign(key_prv, key_pub, &sig, &slen,
+		    (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
 		    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
-		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0)) != 0 ||
+		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
 		    (r = sshbuf_put_string(resp, sig, slen)) != 0) {
 			error("%s: couldn't prepare signature: %s",
 			    __func__, ssh_err(r));
@@ -754,65 +810,66 @@
 static int
 server_input_global_request(int type, u_int32_t seq, struct ssh *ssh)
 {
-	char *rtype;
-	int want_reply;
+	char *rtype = NULL;
+	u_char want_reply = 0;
 	int r, success = 0, allocated_listen_port = 0;
+	u_int port = 0;
 	struct sshbuf *resp = NULL;
 	struct passwd *pw = the_authctxt->pw;
+	struct Forward fwd;
 
+	memset(&fwd, 0, sizeof(fwd));
 	if (pw == NULL || !the_authctxt->valid)
 		fatal("%s: no/invalid user", __func__);
 
-	rtype = packet_get_string(NULL);
-	want_reply = packet_get_char();
+	if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||
+	    (r = sshpkt_get_u8(ssh, &want_reply)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply);
 
 	/* -R style forwarding */
 	if (strcmp(rtype, "tcpip-forward") == 0) {
-		struct Forward fwd;
-
-		memset(&fwd, 0, sizeof(fwd));
-		fwd.listen_host = packet_get_string(NULL);
-		fwd.listen_port = (u_short)packet_get_int();
-		debug("%s: tcpip-forward listen %s port %d", __func__,
-		    fwd.listen_host, fwd.listen_port);
-
+		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||
+		    (r = sshpkt_get_u32(ssh, &port)) != 0)
+			sshpkt_fatal(ssh, r, "%s: parse tcpip-forward", __func__);
+		debug("%s: tcpip-forward listen %s port %u", __func__,
+		    fwd.listen_host, port);
+		if (port <= INT_MAX)
+			fwd.listen_port = (int)port;
 		/* check permissions */
-		if ((options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
+		if (port > INT_MAX ||
+		    (options.allow_tcp_forwarding & FORWARD_REMOTE) == 0 ||
 		    !auth_opts->permit_port_forwarding_flag ||
 		    options.disable_forwarding ||
 		    (!want_reply && fwd.listen_port == 0) ||
 		    (fwd.listen_port != 0 &&
 		     !bind_permitted(fwd.listen_port, pw->pw_uid))) {
 			success = 0;
-			packet_send_debug("Server has disabled port forwarding.");
+			ssh_packet_send_debug(ssh, "Server has disabled port forwarding.");
 		} else {
 			/* Start listening on the port */
 			success = channel_setup_remote_fwd_listener(ssh, &fwd,
 			    &allocated_listen_port, &options.fwd_opts);
 		}
-		free(fwd.listen_host);
 		if ((resp = sshbuf_new()) == NULL)
 			fatal("%s: sshbuf_new", __func__);
 		if (allocated_listen_port != 0 &&
 		    (r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)
 			fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r));
 	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
-		struct Forward fwd;
+		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||
+		    (r = sshpkt_get_u32(ssh, &port)) != 0)
+			sshpkt_fatal(ssh, r, "%s: parse cancel-tcpip-forward", __func__);
 
-		memset(&fwd, 0, sizeof(fwd));
-		fwd.listen_host = packet_get_string(NULL);
-		fwd.listen_port = (u_short)packet_get_int();
 		debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
-		    fwd.listen_host, fwd.listen_port);
-
-		success = channel_cancel_rport_listener(ssh, &fwd);
-		free(fwd.listen_host);
+		    fwd.listen_host, port);
+		if (port <= INT_MAX) {
+			fwd.listen_port = (int)port;
+			success = channel_cancel_rport_listener(ssh, &fwd);
+		}
 	} else if (strcmp(rtype, "streamlocal-forward@openssh.com") == 0) {
-		struct Forward fwd;
-
-		memset(&fwd, 0, sizeof(fwd));
-		fwd.listen_path = packet_get_string(NULL);
+		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)
+			sshpkt_fatal(ssh, r, "%s: parse streamlocal-forward@openssh.com", __func__);
 		debug("%s: streamlocal-forward listen path %s", __func__,
 		    fwd.listen_path);
 
@@ -822,39 +879,37 @@
 		    options.disable_forwarding ||
 		    (pw->pw_uid != 0 && !use_privsep)) {
 			success = 0;
-			packet_send_debug("Server has disabled "
+			ssh_packet_send_debug(ssh, "Server has disabled "
 			    "streamlocal forwarding.");
 		} else {
 			/* Start listening on the socket */
 			success = channel_setup_remote_fwd_listener(ssh,
 			    &fwd, NULL, &options.fwd_opts);
 		}
-		free(fwd.listen_path);
 	} else if (strcmp(rtype, "cancel-streamlocal-forward@openssh.com") == 0) {
-		struct Forward fwd;
-
-		memset(&fwd, 0, sizeof(fwd));
-		fwd.listen_path = packet_get_string(NULL);
+		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)
+			sshpkt_fatal(ssh, r, "%s: parse cancel-streamlocal-forward@openssh.com", __func__);
 		debug("%s: cancel-streamlocal-forward path %s", __func__,
 		    fwd.listen_path);
 
 		success = channel_cancel_rport_listener(ssh, &fwd);
-		free(fwd.listen_path);
 	} else if (strcmp(rtype, "no-more-sessions@openssh.com") == 0) {
 		no_more_sessions = 1;
 		success = 1;
 	} else if (strcmp(rtype, "hostkeys-prove-00@openssh.com") == 0) {
 		success = server_input_hostkeys_prove(ssh, &resp);
 	}
+	/* XXX sshpkt_get_end() */
 	if (want_reply) {
-		packet_start(success ?
-		    SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE);
-		if (success && resp != NULL)
-			ssh_packet_put_raw(ssh, sshbuf_ptr(resp),
-			    sshbuf_len(resp));
-		packet_send();
-		packet_write_wait();
+		if ((r = sshpkt_start(ssh, success ?
+		    SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE)) != 0 ||
+		    (success && resp != NULL && (r = sshpkt_putb(ssh, resp)) != 0) ||
+		    (r = sshpkt_send(ssh)) != 0 ||
+		    (r = ssh_packet_write_wait(ssh)) != 0)
+			sshpkt_fatal(ssh, r, "%s: send reply", __func__);
 	}
+	free(fwd.listen_host);
+	free(fwd.listen_path);
 	free(rtype);
 	sshbuf_free(resp);
 	return 0;
@@ -864,58 +919,64 @@
 server_input_channel_req(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Channel *c;
-	int id, reply, success = 0;
-	char *rtype;
+	int r, success = 0;
+	char *rtype = NULL;
+	u_char want_reply = 0;
+	u_int id = 0;
 
-	id = packet_get_int();
-	rtype = packet_get_string(NULL);
-	reply = packet_get_char();
+	if ((r = sshpkt_get_u32(ssh, &id)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||
+	    (r = sshpkt_get_u8(ssh, &want_reply)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 
-	debug("server_input_channel_req: channel %d request %s reply %d",
-	    id, rtype, reply);
+	debug("server_input_channel_req: channel %u request %s reply %d",
+	    id, rtype, want_reply);
 
-	if ((c = channel_lookup(ssh, id)) == NULL)
-		packet_disconnect("server_input_channel_req: "
-		    "unknown channel %d", id);
+	if (id >= INT_MAX || (c = channel_lookup(ssh, (int)id)) == NULL) {
+		ssh_packet_disconnect(ssh, "%s: unknown channel %d",
+		    __func__, id);
+	}
 	if (!strcmp(rtype, "eow@openssh.com")) {
-		packet_check_eom();
+		if ((r = sshpkt_get_end(ssh)) != 0)
+			sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 		chan_rcvd_eow(ssh, c);
 	} else if ((c->type == SSH_CHANNEL_LARVAL ||
 	    c->type == SSH_CHANNEL_OPEN) && strcmp(c->ctype, "session") == 0)
 		success = session_input_channel_req(ssh, c, rtype);
-	if (reply && !(c->flags & CHAN_CLOSE_SENT)) {
+	if (want_reply && !(c->flags & CHAN_CLOSE_SENT)) {
 		if (!c->have_remote_id)
 			fatal("%s: channel %d: no remote_id",
 			    __func__, c->self);
-		packet_start(success ?
-		    SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
-		packet_put_int(c->remote_id);
-		packet_send();
+		if ((r = sshpkt_start(ssh, success ?
+		    SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 ||
+		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0)
+			sshpkt_fatal(ssh, r, "%s: send reply", __func__);
 	}
 	free(rtype);
 	return 0;
 }
 
 static void
-server_init_dispatch(void)
+server_init_dispatch(struct ssh *ssh)
 {
 	debug("server_init_dispatch");
-	dispatch_init(&dispatch_protocol_error);
-	dispatch_set(SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
-	dispatch_set(SSH2_MSG_CHANNEL_DATA, &channel_input_data);
-	dispatch_set(SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
-	dispatch_set(SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
-	dispatch_set(SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);
-	dispatch_set(SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
-	dispatch_set(SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
-	dispatch_set(SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
-	dispatch_set(SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
-	dispatch_set(SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
+	ssh_dispatch_init(ssh, &dispatch_protocol_error);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_CLOSE, &channel_input_oclose);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_DATA, &channel_input_data);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EOF, &channel_input_ieof);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA, &channel_input_extended_data);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN, &server_input_channel_open);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_REQUEST, &server_input_channel_req);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_WINDOW_ADJUST, &channel_input_window_adjust);
+	ssh_dispatch_set(ssh, SSH2_MSG_GLOBAL_REQUEST, &server_input_global_request);
 	/* client_alive */
-	dispatch_set(SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive);
-	dispatch_set(SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
-	dispatch_set(SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
-	dispatch_set(SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_SUCCESS, &server_input_keep_alive);
+	ssh_dispatch_set(ssh, SSH2_MSG_CHANNEL_FAILURE, &server_input_keep_alive);
+	ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_SUCCESS, &server_input_keep_alive);
+	ssh_dispatch_set(ssh, SSH2_MSG_REQUEST_FAILURE, &server_input_keep_alive);
 	/* rekeying */
-	dispatch_set(SSH2_MSG_KEXINIT, &kex_input_kexinit);
+	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit);
 }
Index: session.c
===================================================================
--- session.c
+++ session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.307 2018/10/04 00:10:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.316 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -123,9 +123,6 @@
 int	do_exec(struct ssh *, Session *, const char *);
 void	do_login(struct ssh *, Session *, const char *);
 void	do_child(struct ssh *, Session *, const char *);
-#ifdef LOGIN_NEEDS_UTMPX
-static void	do_pre_login(Session *s);
-#endif
 void	do_motd(void);
 int	check_quietlogin(Session *, const char *);
 
@@ -142,7 +139,7 @@
 extern void destroy_sensitive_data(void);
 extern struct sshbuf *loginmsg;
 extern struct sshauthopt *auth_opts;
-char *tun_fwd_ifnames; /* serverloop.c */
+extern char *tun_fwd_ifnames; /* serverloop.c */
 
 /* original command from peer. */
 const char *original_command = NULL;
@@ -204,7 +201,7 @@
 
 	/* Create private directory for socket */
 	if (mkdtemp(auth_sock_dir) == NULL) {
-		packet_send_debug("Agent forwarding disabled: "
+		ssh_packet_send_debug(ssh, "Agent forwarding disabled: "
 		    "mkdtemp() failed: %.100s", strerror(errno));
 		restore_uid();
 		free(auth_sock_dir);
@@ -236,7 +233,9 @@
  authsock_err:
 	free(auth_sock_name);
 	if (auth_sock_dir != NULL) {
+		temporarily_use_uid(pw);
 		rmdir(auth_sock_dir);
+		restore_uid();
 		free(auth_sock_dir);
 	}
 	if (sock != -1)
@@ -359,7 +358,7 @@
 		else
 			channel_permit_all(ssh, FORWARD_REMOTE);
 	}
-	auth_debug_send();
+	auth_debug_send(ssh);
 
 	prepare_auth_info_file(authctxt->pw, authctxt->session_info);
 
@@ -400,17 +399,17 @@
 		fatal("do_exec_no_pty: no session");
 
 	/* Allocate pipes for communicating with the program. */
-	if (pipe(pin) < 0) {
+	if (pipe(pin) == -1) {
 		error("%s: pipe in: %.100s", __func__, strerror(errno));
 		return -1;
 	}
-	if (pipe(pout) < 0) {
+	if (pipe(pout) == -1) {
 		error("%s: pipe out: %.100s", __func__, strerror(errno));
 		close(pin[0]);
 		close(pin[1]);
 		return -1;
 	}
-	if (pipe(perr) < 0) {
+	if (pipe(perr) == -1) {
 		error("%s: pipe err: %.100s", __func__,
 		    strerror(errno));
 		close(pin[0]);
@@ -426,11 +425,11 @@
 		fatal("do_exec_no_pty: no session");
 
 	/* Uses socket pairs to communicate with the program. */
-	if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) < 0) {
+	if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) {
 		error("%s: socketpair #1: %.100s", __func__, strerror(errno));
 		return -1;
 	}
-	if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) < 0) {
+	if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) {
 		error("%s: socketpair #2: %.100s", __func__,
 		    strerror(errno));
 		close(inout[0]);
@@ -466,7 +465,7 @@
 		 * Create a new session and process group since the 4.4BSD
 		 * setlogin() affects the entire process group.
 		 */
-		if (setsid() < 0)
+		if (setsid() == -1)
 			error("setsid failed: %.100s", strerror(errno));
 
 #ifdef USE_PIPES
@@ -475,19 +474,19 @@
 		 * pair, and make the child side the standard input.
 		 */
 		close(pin[1]);
-		if (dup2(pin[0], 0) < 0)
+		if (dup2(pin[0], 0) == -1)
 			perror("dup2 stdin");
 		close(pin[0]);
 
 		/* Redirect stdout. */
 		close(pout[0]);
-		if (dup2(pout[1], 1) < 0)
+		if (dup2(pout[1], 1) == -1)
 			perror("dup2 stdout");
 		close(pout[1]);
 
 		/* Redirect stderr. */
 		close(perr[0]);
-		if (dup2(perr[1], 2) < 0)
+		if (dup2(perr[1], 2) == -1)
 			perror("dup2 stderr");
 		close(perr[1]);
 #else
@@ -498,12 +497,12 @@
 		 */
 		close(inout[1]);
 		close(err[1]);
-		if (dup2(inout[0], 0) < 0)	/* stdin */
+		if (dup2(inout[0], 0) == -1)	/* stdin */
 			perror("dup2 stdin");
-		if (dup2(inout[0], 1) < 0)	/* stdout (same as stdin) */
+		if (dup2(inout[0], 1) == -1)	/* stdout (same as stdin) */
 			perror("dup2 stdout");
 		close(inout[0]);
-		if (dup2(err[0], 2) < 0)	/* stderr */
+		if (dup2(err[0], 2) == -1)	/* stderr */
 			perror("dup2 stderr");
 		close(err[0]);
 #endif
@@ -521,7 +520,7 @@
 
 	s->pid = pid;
 	/* Set interactive/non-interactive mode. */
-	packet_set_interactive(s->display != NULL,
+	ssh_packet_set_interactive(ssh, s->display != NULL,
 	    options.ip_qos_interactive, options.ip_qos_bulk);
 
 	/*
@@ -548,7 +547,7 @@
 	 * Enter the interactive session.  Note: server_loop must be able to
 	 * handle the case that fdin and fdout are the same.
 	 */
-	session_set_fds(s, inout[1], inout[1], err[1],
+	session_set_fds(ssh, s, inout[1], inout[1], err[1],
 	    s->is_subsystem, 0);
 #endif
 	return 0;
@@ -578,14 +577,14 @@
 	 * Do this before forking (and cleanup in the child) so as to
 	 * detect and gracefully fail out-of-fd conditions.
 	 */
-	if ((fdout = dup(ptyfd)) < 0) {
+	if ((fdout = dup(ptyfd)) == -1) {
 		error("%s: dup #1: %s", __func__, strerror(errno));
 		close(ttyfd);
 		close(ptyfd);
 		return -1;
 	}
 	/* we keep a reference to the pty master */
-	if ((ptymaster = dup(ptyfd)) < 0) {
+	if ((ptymaster = dup(ptyfd)) == -1) {
 		error("%s: dup #2: %s", __func__, strerror(errno));
 		close(ttyfd);
 		close(ptyfd);
@@ -615,11 +614,11 @@
 		pty_make_controlling_tty(&ttyfd, s->tty);
 
 		/* Redirect stdin/stdout/stderr from the pseudo tty. */
-		if (dup2(ttyfd, 0) < 0)
+		if (dup2(ttyfd, 0) == -1)
 			error("dup2 stdin: %s", strerror(errno));
-		if (dup2(ttyfd, 1) < 0)
+		if (dup2(ttyfd, 1) == -1)
 			error("dup2 stdout: %s", strerror(errno));
-		if (dup2(ttyfd, 2) < 0)
+		if (dup2(ttyfd, 2) == -1)
 			error("dup2 stderr: %s", strerror(errno));
 
 		/* Close the extra descriptor for the pseudo tty. */
@@ -650,41 +649,12 @@
 
 	/* Enter interactive session. */
 	s->ptymaster = ptymaster;
-	packet_set_interactive(1, 
+	ssh_packet_set_interactive(ssh, 1,
 	    options.ip_qos_interactive, options.ip_qos_bulk);
 	session_set_fds(ssh, s, ptyfd, fdout, -1, 1, 1);
 	return 0;
 }
 
-#ifdef LOGIN_NEEDS_UTMPX
-static void
-do_pre_login(Session *s)
-{
-	struct ssh *ssh = active_state;	/* XXX */
-	socklen_t fromlen;
-	struct sockaddr_storage from;
-	pid_t pid = getpid();
-
-	/*
-	 * Get IP address of client. If the connection is not a socket, let
-	 * the address be 0.0.0.0.
-	 */
-	memset(&from, 0, sizeof(from));
-	fromlen = sizeof(from);
-	if (packet_connection_is_on_socket()) {
-		if (getpeername(packet_get_connection_in(),
-		    (struct sockaddr *)&from, &fromlen) < 0) {
-			debug("getpeername: %.100s", strerror(errno));
-			cleanup_exit(255);
-		}
-	}
-
-	record_utmp_only(pid, s->tty, s->pw->pw_name,
-	    session_get_remote_name_or_ip(ssh, utmp_len, options.use_dns),
-	    (struct sockaddr *)&from, fromlen);
-}
-#endif
-
 /*
  * This is called to fork and execute a command.  If another command is
  * to be forced, execute that instead.
@@ -783,9 +753,9 @@
 	 */
 	memset(&from, 0, sizeof(from));
 	fromlen = sizeof(from);
-	if (packet_connection_is_on_socket()) {
-		if (getpeername(packet_get_connection_in(),
-		    (struct sockaddr *)&from, &fromlen) < 0) {
+	if (ssh_packet_connection_is_on_socket(ssh)) {
+		if (getpeername(ssh_packet_get_connection_in(ssh),
+		    (struct sockaddr *)&from, &fromlen) == -1) {
 			debug("getpeername: %.100s", strerror(errno));
 			cleanup_exit(255);
 		}
@@ -1082,8 +1052,11 @@
 # endif /* HAVE_CYGWIN */
 #endif /* HAVE_LOGIN_CAP */
 
-	snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name);
-	child_set_env(&env, &envsize, "MAIL", buf);
+	if (!options.use_pam) {
+		snprintf(buf, sizeof buf, "%.200s/%.50s",
+		    _PATH_MAILDIR, pw->pw_name);
+		child_set_env(&env, &envsize, "MAIL", buf);
+	}
 
 	/* Normal systems set SHELL by default. */
 	child_set_env(&env, &envsize, "SHELL", shell);
@@ -1162,15 +1135,18 @@
 		char **p;
 
 		/*
-		 * Don't allow SSH_AUTH_INFO variables posted to PAM to leak
-		 * back into the environment.
+		 * Don't allow PAM-internal env vars to leak
+		 * back into the session environment.
 		 */
+#define PAM_ENV_BLACKLIST  "SSH_AUTH_INFO*,SSH_CONNECTION*"
 		p = fetch_pam_child_environment();
-		copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
+		copy_environment_blacklist(p, &env, &envsize,
+		    PAM_ENV_BLACKLIST);
 		free_pam_environment(p);
 
 		p = fetch_pam_environment();
-		copy_environment_blacklist(p, &env, &envsize, "SSH_AUTH_INFO*");
+		copy_environment_blacklist(p, &env, &envsize,
+		    PAM_ENV_BLACKLIST);
 		free_pam_environment(p);
 	}
 #endif /* USE_PAM */
@@ -1192,7 +1168,7 @@
 	    ssh_local_port(ssh));
 	child_set_env(&env, &envsize, "SSH_CLIENT", buf);
 
-	laddr = get_local_ipaddr(packet_get_connection_in());
+	laddr = get_local_ipaddr(ssh_packet_get_connection_in(ssh));
 	snprintf(buf, sizeof buf, "%.50s %d %.50s %d",
 	    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
 	    laddr, ssh_local_port(ssh));
@@ -1334,7 +1310,7 @@
 	char component[PATH_MAX];
 	struct stat st;
 
-	if (*path != '/')
+	if (!path_absolute(path))
 		fatal("chroot path does not begin at root");
 	if (strlen(path) >= sizeof(component))
 		fatal("chroot path too long");
@@ -1359,7 +1335,7 @@
 			    component, strerror(errno));
 		if (st.st_uid != 0 || (st.st_mode & 022) != 0)
 			fatal("bad ownership or modes for chroot "
-			    "directory %s\"%s\"", 
+			    "directory %s\"%s\"",
 			    cp == NULL ? "" : "component ", component);
 		if (!S_ISDIR(st.st_mode))
 			fatal("chroot path %s\"%s\" is not a directory",
@@ -1497,11 +1473,12 @@
 		auth_sock = -1;
 	}
 
-	if (packet_get_connection_in() == packet_get_connection_out())
-		close(packet_get_connection_in());
+	if (ssh_packet_get_connection_in(ssh) ==
+	    ssh_packet_get_connection_out(ssh))
+		close(ssh_packet_get_connection_in(ssh));
 	else {
-		close(packet_get_connection_in());
-		close(packet_get_connection_out());
+		close(ssh_packet_get_connection_in(ssh));
+		close(ssh_packet_get_connection_out(ssh));
 	}
 	/*
 	 * Close all descriptors related to channels.  They will still remain
@@ -1535,15 +1512,16 @@
 do_child(struct ssh *ssh, Session *s, const char *command)
 {
 	extern char **environ;
-	char **env;
-	char *argv[ARGV_MAX];
+	char **env, *argv[ARGV_MAX], remote_id[512];
 	const char *shell, *shell0;
 	struct passwd *pw = s->pw;
 	int r = 0;
 
+	sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
+
 	/* remove hostkey from the child's memory */
 	destroy_sensitive_data();
-	packet_clear_keys();
+	ssh_packet_clear_keys(ssh);
 
 	/* Force a password change */
 	if (s->authctxt->force_pwchange) {
@@ -1641,7 +1619,7 @@
 #endif
 
 	/* Change current directory to the user's home directory. */
-	if (chdir(pw->pw_dir) < 0) {
+	if (chdir(pw->pw_dir) == -1) {
 		/* Suppress missing homedir warning for chroot case */
 #ifdef HAVE_LOGIN_CAP
 		r = login_getcapbool(lc, "requirehome", 0);
@@ -1663,6 +1641,8 @@
 	signal(SIGPIPE, SIG_DFL);
 
 	if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
+		error("Connection from %s: refusing non-sftp session",
+		    remote_id);
 		printf("This service allows sftp connections only.\n");
 		fflush(NULL);
 		exit(1);
@@ -1905,11 +1885,14 @@
 static int
 session_window_change_req(struct ssh *ssh, Session *s)
 {
-	s->col = packet_get_int();
-	s->row = packet_get_int();
-	s->xpixel = packet_get_int();
-	s->ypixel = packet_get_int();
-	packet_check_eom();
+	int r;
+
+	if ((r = sshpkt_get_u32(ssh, &s->col)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &s->row)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
 	return 1;
 }
@@ -1917,22 +1900,23 @@
 static int
 session_pty_req(struct ssh *ssh, Session *s)
 {
-	u_int len;
+	int r;
 
 	if (!auth_opts->permit_pty_flag || !options.permit_tty) {
 		debug("Allocating a pty not permitted for this connection.");
 		return 0;
 	}
 	if (s->ttyfd != -1) {
-		packet_disconnect("Protocol error: you already have a pty.");
+		ssh_packet_disconnect(ssh, "Protocol error: you already have a pty.");
 		return 0;
 	}
 
-	s->term = packet_get_string(&len);
-	s->col = packet_get_int();
-	s->row = packet_get_int();
-	s->xpixel = packet_get_int();
-	s->ypixel = packet_get_int();
+	if ((r = sshpkt_get_cstring(ssh, &s->term, NULL)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &s->col)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &s->row)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &s->xpixel)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &s->ypixel)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 
 	if (strcmp(s->term, "") == 0) {
 		free(s->term);
@@ -1954,13 +1938,15 @@
 
 	ssh_tty_parse_modes(ssh, s->ttyfd);
 
+	if ((r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+
 	if (!use_privsep)
 		pty_setowner(s->pw, s->tty);
 
 	/* Set window size from the packet. */
 	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
 
-	packet_check_eom();
 	session_proctitle(s);
 	return 1;
 }
@@ -1969,13 +1955,13 @@
 session_subsystem_req(struct ssh *ssh, Session *s)
 {
 	struct stat st;
-	u_int len;
-	int success = 0;
+	int r, success = 0;
 	char *prog, *cmd;
 	u_int i;
 
-	s->subsys = packet_get_string(&len);
-	packet_check_eom();
+	if ((r = sshpkt_get_cstring(ssh, &s->subsys, NULL)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	debug2("subsystem request for %.100s by user %s", s->subsys,
 	    s->pw->pw_name);
 
@@ -1987,7 +1973,7 @@
 				s->is_subsystem = SUBSYSTEM_INT_SFTP;
 				debug("subsystem: %s", prog);
 			} else {
-				if (stat(prog, &st) < 0)
+				if (stat(prog, &st) == -1)
 					debug("subsystem: cannot stat %s: %s",
 					    prog, strerror(errno));
 				s->is_subsystem = SUBSYSTEM_EXT;
@@ -2008,19 +1994,23 @@
 static int
 session_x11_req(struct ssh *ssh, Session *s)
 {
-	int success;
+	int r, success;
+	u_char single_connection = 0;
 
 	if (s->auth_proto != NULL || s->auth_data != NULL) {
 		error("session_x11_req: session %d: "
 		    "x11 forwarding already active", s->self);
 		return 0;
 	}
-	s->single_connection = packet_get_char();
-	s->auth_proto = packet_get_string(NULL);
-	s->auth_data = packet_get_string(NULL);
-	s->screen = packet_get_int();
-	packet_check_eom();
+	if ((r = sshpkt_get_u8(ssh, &single_connection)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &s->auth_proto, NULL)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &s->auth_data, NULL)) != 0 ||
+	    (r = sshpkt_get_u32(ssh, &s->screen)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 
+	s->single_connection = single_connection;
+
 	if (xauth_valid_string(s->auth_proto) &&
 	    xauth_valid_string(s->auth_data))
 		success = session_setup_x11fwd(ssh, s);
@@ -2040,17 +2030,24 @@
 static int
 session_shell_req(struct ssh *ssh, Session *s)
 {
-	packet_check_eom();
+	int r;
+
+	if ((r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	return do_exec(ssh, s, NULL) == 0;
 }
 
 static int
 session_exec_req(struct ssh *ssh, Session *s)
 {
-	u_int len, success;
+	u_int success;
+	int r;
+	char *command = NULL;
 
-	char *command = packet_get_string(&len);
-	packet_check_eom();
+	if ((r = sshpkt_get_cstring(ssh, &command, NULL)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+
 	success = do_exec(ssh, s, command) == 0;
 	free(command);
 	return success;
@@ -2059,11 +2056,13 @@
 static int
 session_break_req(struct ssh *ssh, Session *s)
 {
+	int r;
 
-	packet_get_int();	/* ignored */
-	packet_check_eom();
+	if ((r = sshpkt_get_u32(ssh, NULL)) != 0 || /* ignore */
+	    (r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 
-	if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) < 0)
+	if (s->ptymaster == -1 || tcsendbreak(s->ptymaster, 0) == -1)
 		return 0;
 	return 1;
 }
@@ -2072,11 +2071,13 @@
 session_env_req(struct ssh *ssh, Session *s)
 {
 	char *name, *val;
-	u_int name_len, val_len, i;
+	u_int i;
+	int r;
 
-	name = packet_get_cstring(&name_len);
-	val = packet_get_cstring(&val_len);
-	packet_check_eom();
+	if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, &val, NULL)) != 0 ||
+	    (r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 
 	/* Don't set too many environment variables */
 	if (s->num_env > 128) {
@@ -2179,8 +2180,10 @@
 session_auth_agent_req(struct ssh *ssh, Session *s)
 {
 	static int called = 0;
+	int r;
 
-	packet_check_eom();
+	if ((r = sshpkt_get_end(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	if (!auth_opts->permit_agent_forwarding_flag ||
 	    !options.allow_agent_forwarding) {
 		debug("%s: agent forwarding disabled", __func__);
@@ -2283,7 +2286,7 @@
 	 * the pty cleanup, so that another process doesn't get this pty
 	 * while we're still cleaning up.
 	 */
-	if (s->ptymaster != -1 && close(s->ptymaster) < 0)
+	if (s->ptymaster != -1 && close(s->ptymaster) == -1)
 		error("close(s->ptymaster/%d): %s",
 		    s->ptymaster, strerror(errno));
 
@@ -2370,6 +2373,7 @@
 session_exit_message(struct ssh *ssh, Session *s, int status)
 {
 	Channel *c;
+	int r;
 
 	if ((c = channel_lookup(ssh, s->chanid)) == NULL)
 		fatal("%s: session %d: no channel %d",
@@ -2379,22 +2383,23 @@
 
 	if (WIFEXITED(status)) {
 		channel_request_start(ssh, s->chanid, "exit-status", 0);
-		packet_put_int(WEXITSTATUS(status));
-		packet_send();
+		if ((r = sshpkt_put_u32(ssh, WEXITSTATUS(status))) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0)
+			sshpkt_fatal(ssh, r, "%s: exit reply", __func__);
 	} else if (WIFSIGNALED(status)) {
 		channel_request_start(ssh, s->chanid, "exit-signal", 0);
-		packet_put_cstring(sig2name(WTERMSIG(status)));
-#ifdef WCOREDUMP
-		packet_put_char(WCOREDUMP(status)? 1 : 0);
-#else /* WCOREDUMP */
-		packet_put_char(0);
-#endif /* WCOREDUMP */
-		packet_put_cstring("");
-		packet_put_cstring("");
-		packet_send();
+#ifndef WCOREDUMP
+# define WCOREDUMP(x) (0)
+#endif
+		if ((r = sshpkt_put_cstring(ssh, sig2name(WTERMSIG(status)))) != 0 ||
+		    (r = sshpkt_put_u8(ssh, WCOREDUMP(status)? 1 : 0)) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, "")) != 0 ||
+		    (r = sshpkt_put_cstring(ssh, "")) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0)
+			sshpkt_fatal(ssh, r, "%s: exit reply", __func__);
 	} else {
 		/* Some weird exit cause.  Just exit. */
-		packet_disconnect("wait returned status %04x.", status);
+		ssh_packet_disconnect(ssh, "wait returned status %04x.", status);
 	}
 
 	/* disconnect channel */
@@ -2565,7 +2570,7 @@
 	u_int i;
 
 	if (!auth_opts->permit_x11_forwarding_flag) {
-		packet_send_debug("X11 forwarding disabled by key options.");
+		ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
 		return 0;
 	}
 	if (!options.x11_forwarding) {
@@ -2574,7 +2579,7 @@
 	}
 	if (options.xauth_location == NULL ||
 	    (stat(options.xauth_location, &st) == -1)) {
-		packet_send_debug("No xauth program; cannot forward X11.");
+		ssh_packet_send_debug(ssh, "No xauth program; cannot forward X11.");
 		return 0;
 	}
 	if (s->display != NULL) {
@@ -2593,7 +2598,7 @@
 	}
 
 	/* Set up a suitable value for the DISPLAY variable. */
-	if (gethostname(hostname, sizeof(hostname)) < 0)
+	if (gethostname(hostname, sizeof(hostname)) == -1)
 		fatal("gethostname: %.100s", strerror(errno));
 	/*
 	 * auth_display must be used as the displayname when the
@@ -2615,7 +2620,7 @@
 		he = gethostbyname(hostname);
 		if (he == NULL) {
 			error("Can't get IP address for X11 DISPLAY.");
-			packet_send_debug("Can't get IP address for X11 DISPLAY.");
+			ssh_packet_send_debug(ssh, "Can't get IP address for X11 DISPLAY.");
 			return 0;
 		}
 		memcpy(&my_addr, he->h_addr_list[0], sizeof(struct in_addr));
Index: sftp-client.h
===================================================================
--- sftp-client.h
+++ sftp-client.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.h,v 1.27 2015/05/08 06:45:13 djm Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.28 2019/01/16 23:23:45 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
@@ -90,6 +90,9 @@
 
 /* Set file attributes of open file 'handle' */
 int do_fsetstat(struct sftp_conn *, const u_char *, u_int, Attrib *);
+
+/* Set file attributes of 'path', not following symlinks */
+int do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a);
 
 /* Canonicalise 'path' - caller must free result */
 char *do_realpath(struct sftp_conn *, const char *);
Index: sftp-client.c
===================================================================
--- sftp-client.c
+++ sftp-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.130 2018/07/31 03:07:24 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.135 2019/10/04 04:31:59 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -86,6 +86,7 @@
 #define SFTP_EXT_FSTATVFS	0x00000004
 #define SFTP_EXT_HARDLINK	0x00000008
 #define SFTP_EXT_FSYNC		0x00000010
+#define SFTP_EXT_LSETSTAT	0x00000020
 	u_int exts;
 	u_int64_t limit_kbps;
 	struct bwlimit bwlimit_in, bwlimit_out;
@@ -101,7 +102,9 @@
 {
 	struct bwlimit *bwlimit = (struct bwlimit *)_bwlimit;
 
-	bandwidth_limit(bwlimit, amount);
+	refresh_progress_meter(0);
+	if (bwlimit != NULL)
+		bandwidth_limit(bwlimit, amount);
 	return 0;
 }
 
@@ -121,8 +124,8 @@
 	iov[1].iov_base = (u_char *)sshbuf_ptr(m);
 	iov[1].iov_len = sshbuf_len(m);
 
-	if (atomiciov6(writev, conn->fd_out, iov, 2,
-	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_out) !=
+	if (atomiciov6(writev, conn->fd_out, iov, 2, sftpio,
+	    conn->limit_kbps > 0 ? &conn->bwlimit_out : NULL) !=
 	    sshbuf_len(m) + sizeof(mlen))
 		fatal("Couldn't send packet: %s", strerror(errno));
 
@@ -138,8 +141,8 @@
 
 	if ((r = sshbuf_reserve(m, 4, &p)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	if (atomicio6(read, conn->fd_in, p, 4,
-	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in) != 4) {
+	if (atomicio6(read, conn->fd_in, p, 4, sftpio,
+	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) {
 		if (errno == EPIPE || errno == ECONNRESET)
 			fatal("Connection closed");
 		else
@@ -157,8 +160,8 @@
 
 	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	if (atomicio6(read, conn->fd_in, p, msg_len,
-	    conn->limit_kbps > 0 ? sftpio : NULL, &conn->bwlimit_in)
+	if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
+	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL)
 	    != msg_len) {
 		if (errno == EPIPE)
 			fatal("Connection closed");
@@ -463,6 +466,10 @@
 		    strcmp((char *)value, "1") == 0) {
 			ret->exts |= SFTP_EXT_FSYNC;
 			known = 1;
+		} else if (strcmp(name, "lsetstat@openssh.com") == 0 &&
+		    strcmp((char *)value, "1") == 0) {
+			ret->exts |= SFTP_EXT_LSETSTAT;
+			known = 1;
 		}
 		if (known) {
 			debug2("Server supports extension \"%s\" revision %s",
@@ -624,8 +631,7 @@
 				    __func__, ssh_err(r));
 				free(filename);
 				free(longname);
-				sshbuf_free(msg);
-				return -1;
+				goto out;
 			}
 
 			if (print_flag)
@@ -1096,7 +1102,6 @@
 
 	if ((msg = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
-	sshbuf_reset(msg);
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 ||
@@ -1125,7 +1130,6 @@
 
 	if ((msg = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
-	sshbuf_reset(msg);
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 ||
@@ -1138,6 +1142,38 @@
 }
 #endif
 
+int
+do_lsetstat(struct sftp_conn *conn, const char *path, Attrib *a)
+{
+	struct sshbuf *msg;
+	u_int status, id;
+	int r;
+
+	if ((conn->exts & SFTP_EXT_LSETSTAT) == 0) {
+		error("Server does not support lsetstat@openssh.com extension");
+		return -1;
+	}
+
+	id = conn->msg_id++;
+	if ((msg = sshbuf_new()) == NULL)
+		fatal("%s: sshbuf_new failed", __func__);
+	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
+	    (r = sshbuf_put_u32(msg, id)) != 0 ||
+	    (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
+	    (r = sshbuf_put_cstring(msg, path)) != 0 ||
+	    (r = encode_attrib(msg, a)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	send_msg(conn, msg);
+	sshbuf_free(msg);
+
+	status = get_status(conn, id);
+	if (status != SSH2_FX_OK)
+		error("Couldn't setstat on \"%s\": %s", path,
+		    fx2txt(status));
+
+	return status == SSH2_FX_OK ? 0 : -1;
+}
+
 static void
 send_read_request(struct sftp_conn *conn, u_int id, u_int64_t offset,
     u_int len, const u_char *handle, u_int handle_len)
@@ -1147,7 +1183,6 @@
 
 	if ((msg = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
-	sshbuf_reset(msg);
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_string(msg, handle, handle_len)) != 0 ||
@@ -1167,7 +1202,7 @@
 	struct sshbuf *msg;
 	u_char *handle;
 	int local_fd = -1, write_error;
-	int read_error, write_errno, reordered = 0, r;
+	int read_error, write_errno, lmodified = 0, reordered = 0, r;
 	u_int64_t offset = 0, size, highwater;
 	u_int mode, id, buflen, num_req, max_req, status = SSH2_FX_OK;
 	off_t progress_counter;
@@ -1337,6 +1372,7 @@
 			if (len > req->len)
 				fatal("Received more data than asked for "
 				    "%zu > %zu", len, req->len);
+			lmodified = 1;
 			if ((lseek(local_fd, req->offset, SEEK_SET) == -1 ||
 			    atomicio(vwrite, local_fd, data, len) != len) &&
 			    !write_error) {
@@ -1440,7 +1476,9 @@
 				error("Can't set times on \"%s\": %s",
 				    local_path, strerror(errno));
 		}
-		if (fsync_flag) {
+		if (resume_flag && !lmodified)
+			logit("File \"%s\" was not modified", local_path);
+		else if (fsync_flag) {
 			debug("syncing \"%s\"", local_path);
 			if (fsync(local_fd) == -1)
 				error("Couldn't sync file \"%s\": %s",
Index: sftp-common.c
===================================================================
--- sftp-common.c
+++ sftp-common.c
@@ -36,6 +36,7 @@
 #include <string.h>
 #include <time.h>
 #include <stdarg.h>
+#include <unistd.h>
 #ifdef HAVE_UTIL_H
 #include <util.h>
 #endif
Index: sftp-glob.c
===================================================================
--- sftp-glob.c
+++ sftp-glob.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-glob.c,v 1.27 2015/01/14 13:54:13 djm Exp $ */
+/* $OpenBSD: sftp-glob.c,v 1.28 2019/10/02 00:42:30 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -25,7 +25,6 @@
 #include <dirent.h>
 #include <stdlib.h>
 #include <string.h>
-#include <stdlib.h>
 
 #include "xmalloc.h"
 #include "sftp.h"
Index: sftp-realpath.c
===================================================================
--- /dev/null
+++ sftp-realpath.c
@@ -0,0 +1,226 @@
+/*	$OpenBSD: sftp-realpath.c,v 1.1 2019/07/05 04:55:40 djm Exp $ */
+/*
+ * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The names of the authors may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <stddef.h>
+#include <string.h>
+#include <unistd.h>
+#include <limits.h>
+
+#ifndef SYMLOOP_MAX
+# define SYMLOOP_MAX 32
+#endif
+
+/* XXX rewrite sftp-server to use POSIX realpath and remove this hack */
+
+char *sftp_realpath(const char *path, char *resolved);
+
+/*
+ * char *realpath(const char *path, char resolved[PATH_MAX]);
+ *
+ * Find the real name of path, by removing all ".", ".." and symlink
+ * components.  Returns (resolved) on success, or (NULL) on failure,
+ * in which case the path which caused trouble is left in (resolved).
+ */
+char *
+sftp_realpath(const char *path, char *resolved)
+{
+	struct stat sb;
+	char *p, *q, *s;
+	size_t left_len, resolved_len;
+	unsigned symlinks;
+	int serrno, slen, mem_allocated;
+	char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
+
+	if (path[0] == '\0') {
+		errno = ENOENT;
+		return (NULL);
+	}
+
+	serrno = errno;
+
+	if (resolved == NULL) {
+		resolved = malloc(PATH_MAX);
+		if (resolved == NULL)
+			return (NULL);
+		mem_allocated = 1;
+	} else
+		mem_allocated = 0;
+
+	symlinks = 0;
+	if (path[0] == '/') {
+		resolved[0] = '/';
+		resolved[1] = '\0';
+		if (path[1] == '\0')
+			return (resolved);
+		resolved_len = 1;
+		left_len = strlcpy(left, path + 1, sizeof(left));
+	} else {
+		if (getcwd(resolved, PATH_MAX) == NULL) {
+			if (mem_allocated)
+				free(resolved);
+			else
+				strlcpy(resolved, ".", PATH_MAX);
+			return (NULL);
+		}
+		resolved_len = strlen(resolved);
+		left_len = strlcpy(left, path, sizeof(left));
+	}
+	if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
+		errno = ENAMETOOLONG;
+		goto err;
+	}
+
+	/*
+	 * Iterate over path components in `left'.
+	 */
+	while (left_len != 0) {
+		/*
+		 * Extract the next path component and adjust `left'
+		 * and its length.
+		 */
+		p = strchr(left, '/');
+		s = p ? p : left + left_len;
+		if (s - left >= (ptrdiff_t)sizeof(next_token)) {
+			errno = ENAMETOOLONG;
+			goto err;
+		}
+		memcpy(next_token, left, s - left);
+		next_token[s - left] = '\0';
+		left_len -= s - left;
+		if (p != NULL)
+			memmove(left, s + 1, left_len + 1);
+		if (resolved[resolved_len - 1] != '/') {
+			if (resolved_len + 1 >= PATH_MAX) {
+				errno = ENAMETOOLONG;
+				goto err;
+			}
+			resolved[resolved_len++] = '/';
+			resolved[resolved_len] = '\0';
+		}
+		if (next_token[0] == '\0')
+			continue;
+		else if (strcmp(next_token, ".") == 0)
+			continue;
+		else if (strcmp(next_token, "..") == 0) {
+			/*
+			 * Strip the last path component except when we have
+			 * single "/"
+			 */
+			if (resolved_len > 1) {
+				resolved[resolved_len - 1] = '\0';
+				q = strrchr(resolved, '/') + 1;
+				*q = '\0';
+				resolved_len = q - resolved;
+			}
+			continue;
+		}
+
+		/*
+		 * Append the next path component and lstat() it. If
+		 * lstat() fails we still can return successfully if
+		 * there are no more path components left.
+		 */
+		resolved_len = strlcat(resolved, next_token, PATH_MAX);
+		if (resolved_len >= PATH_MAX) {
+			errno = ENAMETOOLONG;
+			goto err;
+		}
+		if (lstat(resolved, &sb) != 0) {
+			if (errno == ENOENT && p == NULL) {
+				errno = serrno;
+				return (resolved);
+			}
+			goto err;
+		}
+		if (S_ISLNK(sb.st_mode)) {
+			if (symlinks++ > SYMLOOP_MAX) {
+				errno = ELOOP;
+				goto err;
+			}
+			slen = readlink(resolved, symlink, sizeof(symlink) - 1);
+			if (slen < 0)
+				goto err;
+			symlink[slen] = '\0';
+			if (symlink[0] == '/') {
+				resolved[1] = 0;
+				resolved_len = 1;
+			} else if (resolved_len > 1) {
+				/* Strip the last path component. */
+				resolved[resolved_len - 1] = '\0';
+				q = strrchr(resolved, '/') + 1;
+				*q = '\0';
+				resolved_len = q - resolved;
+			}
+
+			/*
+			 * If there are any path components left, then
+			 * append them to symlink. The result is placed
+			 * in `left'.
+			 */
+			if (p != NULL) {
+				if (symlink[slen - 1] != '/') {
+					if (slen + 1 >=
+					    (ptrdiff_t)sizeof(symlink)) {
+						errno = ENAMETOOLONG;
+						goto err;
+					}
+					symlink[slen] = '/';
+					symlink[slen + 1] = 0;
+				}
+				left_len = strlcat(symlink, left, sizeof(symlink));
+				if (left_len >= sizeof(symlink)) {
+					errno = ENAMETOOLONG;
+					goto err;
+				}
+			}
+			left_len = strlcpy(left, symlink, sizeof(left));
+		}
+	}
+
+	/*
+	 * Remove trailing slash except when the resolved pathname
+	 * is a single "/".
+	 */
+	if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
+		resolved[resolved_len - 1] = '\0';
+	return (resolved);
+
+err:
+	if (mem_allocated)
+		free(resolved);
+	return (NULL);
+}
Index: sftp-server-main.c
===================================================================
--- sftp-server-main.c
+++ sftp-server-main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server-main.c,v 1.5 2016/02/15 09:47:49 dtucker Exp $ */
+/* $OpenBSD: sftp-server-main.c,v 1.6 2019/06/06 05:13:13 otto Exp $ */
 /*
  * Copyright (c) 2008 Markus Friedl.  All rights reserved.
  *
@@ -39,9 +39,10 @@
 {
 	struct passwd *user_pw;
 
-	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
+
+	seed_rng();
 
 	if ((user_pw = getpwuid(getuid())) == NULL) {
 		fprintf(stderr, "No user found for uid %lu\n",
Index: sftp-server.0
===================================================================
--- sftp-server.0
+++ sftp-server.0
@@ -93,4 +93,4 @@
 AUTHORS
      Markus Friedl <markus@openbsd.org>
 
-OpenBSD 6.4                    December 11, 2014                   OpenBSD 6.4
+OpenBSD 6.6                    December 11, 2014                   OpenBSD 6.6
Index: sftp-server.c
===================================================================
--- sftp-server.c
+++ sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.112 2018/06/01 03:33:53 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.117 2019/07/05 04:55:40 djm Exp $ */
 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
@@ -51,6 +51,8 @@
 #include "sftp.h"
 #include "sftp-common.h"
 
+char *sftp_realpath(const char *, char *); /* sftp-realpath.c */
+
 /* Our verbosity */
 static LogLevel log_level = SYSLOG_LEVEL_ERROR;
 
@@ -107,6 +109,7 @@
 static void process_extended_fstatvfs(u_int32_t id);
 static void process_extended_hardlink(u_int32_t id);
 static void process_extended_fsync(u_int32_t id);
+static void process_extended_lsetstat(u_int32_t id);
 static void process_extended(u_int32_t id);
 
 struct sftp_handler {
@@ -117,7 +120,7 @@
 	int does_write;		/* if nonzero, banned for readonly mode */
 };
 
-struct sftp_handler handlers[] = {
+static const struct sftp_handler handlers[] = {
 	/* NB. SSH2_FXP_OPEN does the readonly check in the handler itself */
 	{ "open", NULL, SSH2_FXP_OPEN, process_open, 0 },
 	{ "close", NULL, SSH2_FXP_CLOSE, process_close, 0 },
@@ -141,18 +144,19 @@
 };
 
 /* SSH2_FXP_EXTENDED submessages */
-struct sftp_handler extended_handlers[] = {
+static const struct sftp_handler extended_handlers[] = {
 	{ "posix-rename", "posix-rename@openssh.com", 0,
 	   process_extended_posix_rename, 1 },
 	{ "statvfs", "statvfs@openssh.com", 0, process_extended_statvfs, 0 },
 	{ "fstatvfs", "fstatvfs@openssh.com", 0, process_extended_fstatvfs, 0 },
 	{ "hardlink", "hardlink@openssh.com", 0, process_extended_hardlink, 1 },
 	{ "fsync", "fsync@openssh.com", 0, process_extended_fsync, 1 },
+	{ "lsetstat", "lsetstat@openssh.com", 0, process_extended_lsetstat, 1 },
 	{ NULL, NULL, 0, NULL, 0 }
 };
 
 static int
-request_permitted(struct sftp_handler *h)
+request_permitted(const struct sftp_handler *h)
 {
 	char *result;
 
@@ -285,9 +289,9 @@
 	HANDLE_FILE
 };
 
-Handle *handles = NULL;
-u_int num_handles = 0;
-int first_unused_handle = -1;
+static Handle *handles = NULL;
+static u_int num_handles = 0;
+static int first_unused_handle = -1;
 
 static void handle_unused(int i)
 {
@@ -666,6 +670,8 @@
 	    (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */
 	    /* fsync extension */
 	    (r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 ||
+	    (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */
+	    (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
 	    (r = sshbuf_put_cstring(msg, "1")) != 0) /* version */
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	send_msg(msg);
@@ -697,7 +703,7 @@
 		status = SSH2_FX_PERMISSION_DENIED;
 	} else {
 		fd = open(name, flags, mode);
-		if (fd < 0) {
+		if (fd == -1) {
 			status = errno_to_portable(errno);
 		} else {
 			handle = handle_new(HANDLE_FILE, name, fd, flags, NULL);
@@ -750,12 +756,12 @@
 	}
 	fd = handle_to_fd(handle);
 	if (fd >= 0) {
-		if (lseek(fd, off, SEEK_SET) < 0) {
+		if (lseek(fd, off, SEEK_SET) == -1) {
 			error("process_read: seek failed");
 			status = errno_to_portable(errno);
 		} else {
 			ret = read(fd, buf, len);
-			if (ret < 0) {
+			if (ret == -1) {
 				status = errno_to_portable(errno);
 			} else if (ret == 0) {
 				status = SSH2_FX_EOF;
@@ -791,13 +797,13 @@
 		status = SSH2_FX_FAILURE;
 	else {
 		if (!(handle_to_flags(handle) & O_APPEND) &&
-				lseek(fd, off, SEEK_SET) < 0) {
+				lseek(fd, off, SEEK_SET) == -1) {
 			status = errno_to_portable(errno);
 			error("process_write: seek failed");
 		} else {
 /* XXX ATOMICIO ? */
 			ret = write(fd, data, len);
-			if (ret < 0) {
+			if (ret == -1) {
 				error("process_write: write failed");
 				status = errno_to_portable(errno);
 			} else if ((size_t)ret == len) {
@@ -827,7 +833,7 @@
 	debug3("request %u: %sstat", id, do_lstat ? "l" : "");
 	verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
 	r = do_lstat ? lstat(name, &st) : stat(name, &st);
-	if (r < 0) {
+	if (r == -1) {
 		status = errno_to_portable(errno);
 	} else {
 		stat_to_attrib(&st, &a);
@@ -865,7 +871,7 @@
 	fd = handle_to_fd(handle);
 	if (fd >= 0) {
 		r = fstat(fd, &st);
-		if (r < 0) {
+		if (r == -1) {
 			status = errno_to_portable(errno);
 		} else {
 			stat_to_attrib(&st, &a);
@@ -889,6 +895,18 @@
 	return tv;
 }
 
+static struct timespec *
+attrib_to_ts(const Attrib *a)
+{
+	static struct timespec ts[2];
+
+	ts[0].tv_sec = a->atime;
+	ts[0].tv_nsec = 0;
+	ts[1].tv_sec = a->mtime;
+	ts[1].tv_nsec = 0;
+	return ts;
+}
+
 static void
 process_setstat(u_int32_t id)
 {
@@ -1063,7 +1081,7 @@
 /* XXX OVERFLOW ? */
 			snprintf(pathname, sizeof pathname, "%s%s%s", path,
 			    strcmp(path, "/") ? "/" : "", dp->d_name);
-			if (lstat(pathname, &st) < 0)
+			if (lstat(pathname, &st) == -1)
 				continue;
 			stat_to_attrib(&st, &(stats[count].attrib));
 			stats[count].name = xstrdup(dp->d_name);
@@ -1158,7 +1176,7 @@
 	}
 	debug3("request %u: realpath", id);
 	verbose("realpath \"%s\"", path);
-	if (realpath(path, resolvedname) == NULL) {
+	if (sftp_realpath(path, resolvedname) == NULL) {
 		send_status(id, errno_to_portable(errno));
 	} else {
 		Stat s;
@@ -1370,6 +1388,55 @@
 }
 
 static void
+process_extended_lsetstat(u_int32_t id)
+{
+	Attrib a;
+	char *name;
+	int r, status = SSH2_FX_OK;
+
+	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
+	    (r = decode_attrib(iqueue, &a)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+
+	debug("request %u: lsetstat name \"%s\"", id, name);
+	if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
+		/* nonsensical for links */
+		status = SSH2_FX_BAD_MESSAGE;
+		goto out;
+	}
+	if (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
+		logit("set \"%s\" mode %04o", name, a.perm);
+		r = fchmodat(AT_FDCWD, name,
+		    a.perm & 07777, AT_SYMLINK_NOFOLLOW);
+		if (r == -1)
+			status = errno_to_portable(errno);
+	}
+	if (a.flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
+		char buf[64];
+		time_t t = a.mtime;
+
+		strftime(buf, sizeof(buf), "%Y%m%d-%H:%M:%S",
+		    localtime(&t));
+		logit("set \"%s\" modtime %s", name, buf);
+		r = utimensat(AT_FDCWD, name,
+		    attrib_to_ts(&a), AT_SYMLINK_NOFOLLOW);
+		if (r == -1)
+			status = errno_to_portable(errno);
+	}
+	if (a.flags & SSH2_FILEXFER_ATTR_UIDGID) {
+		logit("set \"%s\" owner %lu group %lu", name,
+		    (u_long)a.uid, (u_long)a.gid);
+		r = fchownat(AT_FDCWD, name, a.uid, a.gid,
+		    AT_SYMLINK_NOFOLLOW);
+		if (r == -1)
+			status = errno_to_portable(errno);
+	}
+ out:
+	send_status(id, status);
+	free(name);
+}
+
+static void
 process_extended(u_int32_t id)
 {
 	char *request;
@@ -1509,7 +1576,6 @@
 	extern char *optarg;
 	extern char *__progname;
 
-	ssh_malloc_init();	/* must be called before any mallocs */
 	__progname = ssh_get_progname(argv[0]);
 	log_init(__progname, log_level, log_facility, log_stderr);
 
@@ -1662,7 +1728,7 @@
 		if (olen > 0)
 			FD_SET(out, wset);
 
-		if (select(max+1, rset, wset, NULL, NULL) < 0) {
+		if (select(max+1, rset, wset, NULL, NULL) == -1) {
 			if (errno == EINTR)
 				continue;
 			error("select: %s", strerror(errno));
@@ -1675,7 +1741,7 @@
 			if (len == 0) {
 				debug("read eof");
 				sftp_server_cleanup_exit(0);
-			} else if (len < 0) {
+			} else if (len == -1) {
 				error("read: %s", strerror(errno));
 				sftp_server_cleanup_exit(1);
 			} else if ((r = sshbuf_put(iqueue, buf, len)) != 0) {
@@ -1686,7 +1752,7 @@
 		/* send oqueue to stdout */
 		if (FD_ISSET(out, wset)) {
 			len = write(out, sshbuf_ptr(oqueue), olen);
-			if (len < 0) {
+			if (len == -1) {
 				error("write: %s", strerror(errno));
 				sftp_server_cleanup_exit(1);
 			} else if ((r = sshbuf_consume(oqueue, len)) != 0) {
Index: sftp.0
===================================================================
--- sftp.0
+++ sftp.0
@@ -5,9 +5,10 @@
 
 SYNOPSIS
      sftp [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
-          [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
-          [-o ssh_option] [-P port] [-R num_requests] [-S program]
-          [-s subsystem | sftp_server] destination
+          [-D sftp_server_path] [-F ssh_config] [-i identity_file]
+          [-J destination] [-l limit] [-o ssh_option] [-P port]
+          [-R num_requests] [-S program] [-s subsystem | sftp_server]
+          destination
 
 DESCRIPTION
      sftp is a file transfer program, similar to ftp(1), which performs all
@@ -52,14 +53,19 @@
              instead of stdin.  Since it lacks user interaction it should be
              used in conjunction with non-interactive authentication to
              obviate the need to enter a password at connection time (see
-             sshd(8) and ssh-keygen(1) for details).  A batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may
-             be used to indicate standard input.  sftp will abort if any of
-             the following commands fail: get, put, reget, reput, rename, ln,
-             rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp, lpwd, df,
-             symlink, and lmkdir.  Termination on error can be suppressed on a
-             command by command basis by prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y
-             character (for example, -rm /tmp/blah*).
+             sshd(8) and ssh-keygen(1) for details).
 
+             A batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may be used to indicate standard input.  sftp
+             will abort if any of the following commands fail: get, put,
+             reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod,
+             chown, chgrp, lpwd, df, symlink, and lmkdir.
+
+             Termination on error can be suppressed on a command by command
+             basis by prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y character (for example,
+             -rm /tmp/blah*).  Echo of the command may be suppressed by
+             prefixing the command with a M-bM-^@M-^X@M-bM-^@M-^Y character.  These two prefixes
+             may be combined in any order, for example -@ls /bsd.
+
      -C      Enables compression (via ssh's -C flag).
 
      -c cipher
@@ -83,6 +89,14 @@
              key authentication is read.  This option is directly passed to
              ssh(1).
 
+     -J destination
+             Connect to the target host by first making an sftp connection to
+             the jump host described by destination and then establishing a
+             TCP forwarding to the ultimate destination from there.  Multiple
+             jump hops may be specified separated by comma characters.  This
+             is a shortcut to specify a ProxyJump configuration directive.
+             This option is directly passed to ssh(1).
+
      -l limit
              Limits the used bandwidth, specified in Kbit/s.
 
@@ -123,7 +137,7 @@
                    HostbasedKeyTypes
                    HostKeyAlgorithms
                    HostKeyAlias
-                   HostName
+                   Hostname
                    IdentitiesOnly
                    IdentityAgent
                    IdentityFile
@@ -197,17 +211,20 @@
              Change remote directory to path.  If path is not specified, then
              change directory to the one the session started in.
 
-     chgrp grp path
-             Change group of file path to grp.  path may contain glob(7)
+     chgrp [-h] grp path
+             Change group of file path to grp.  If the -h flag is specified,
+             then symlinks will not be followed.  path may contain glob(7)
              characters and may match multiple files.  grp must be a numeric
              GID.
 
-     chmod mode path
-             Change permissions of file path to mode.  path may contain
+     chmod [-h] mode path
+             Change permissions of file path to mode.  If the -h flag is
+             specified, then symlinks will not be followed.  path may contain
              glob(7) characters and may match multiple files.
 
-     chown own path
-             Change owner of file path to own.  path may contain glob(7)
+     chown [-h] own path
+             Change owner of file path to own.  If the -h flag is specified,
+             then symlinks will not be followed.  path may contain glob(7)
              characters and may match multiple files.  own must be a numeric
              UID.
 
@@ -221,7 +238,7 @@
 
      exit    Quit sftp.
 
-     get [-afPpr] remote-path [local-path]
+     get [-afpR] remote-path [local-path]
              Retrieve the remote-path and store it on the local machine.  If
              the local path name is not specified, it is given the same name
              it has on the remote machine.  remote-path may contain glob(7)
@@ -238,10 +255,10 @@
              If the -f flag is specified, then fsync(2) will be called after
              the file transfer has completed to flush the file to disk.
 
-             If either the -P or -p flag is specified, then full file
-             permissions and access times are copied too.
+             If the -p flag is specified, then full file permissions and
+             access times are copied too.
 
-             If the -r flag is specified then directories will be copied
+             If the -R flag is specified then directories will be copied
              recursively.  Note that sftp does not follow symbolic links when
              performing recursive transfers.
 
@@ -309,7 +326,7 @@
      progress
              Toggle display of progress meter.
 
-     put [-afPpr] local-path [remote-path]
+     put [-afpR] local-path [remote-path]
              Upload local-path and store it on the remote machine.  If the
              remote path name is not specified, it is given the same name it
              has on the local machine.  local-path may contain glob(7)
@@ -328,10 +345,10 @@
              Note that this is only supported by servers that implement the
              "fsync@openssh.com" extension.
 
-             If either the -P or -p flag is specified, then full file
-             permissions and access times are copied too.
+             If the -p flag is specified, then full file permissions and
+             access times are copied too.
 
-             If the -r flag is specified then directories will be copied
+             If the -R flag is specified then directories will be copied
              recursively.  Note that sftp does not follow symbolic links when
              performing recursive transfers.
 
@@ -339,13 +356,13 @@
 
      quit    Quit sftp.
 
-     reget [-Ppr] remote-path [local-path]
+     reget [-fpR] remote-path [local-path]
              Resume download of remote-path.  Equivalent to get with the -a
              flag set.
 
-     reput [-Ppr] [local-path] remote-path
-             Resume upload of [local-path].  Equivalent to put with the -a
-             flag set.
+     reput [-fpR] local-path [remote-path]
+             Resume upload of local-path.  Equivalent to put with the -a flag
+             set.
 
      rename oldpath newpath
              Rename remote file from oldpath to newpath.
@@ -376,4 +393,4 @@
      T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
      filexfer-00.txt, January 2001, work in progress material.
 
-OpenBSD 6.4                   September 20, 2018                   OpenBSD 6.4
+OpenBSD 6.6                      June 19, 2019                     OpenBSD 6.6
Index: sftp.1
===================================================================
--- sftp.1
+++ sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.120 2018/09/20 06:58:48 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.127 2019/06/19 20:12:44 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 20 2018 $
+.Dd $Mdocdate: June 19 2019 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -37,6 +37,7 @@
 .Op Fl D Ar sftp_server_path
 .Op Fl F Ar ssh_config
 .Op Fl i Ar identity_file
+.Op Fl J Ar destination
 .Op Fl l Ar limit
 .Op Fl o Ar ssh_option
 .Op Fl P Ar port
@@ -127,6 +128,7 @@
 and
 .Xr ssh-keygen 1
 for details).
+.Pp
 A
 .Ar batchfile
 of
@@ -135,17 +137,23 @@
 .Nm
 will abort if any of the following
 commands fail:
-.Ic get , put , reget , reput, rename , ln ,
+.Ic get , put , reget , reput , rename , ln ,
 .Ic rm , mkdir , chdir , ls ,
 .Ic lchdir , chmod , chown ,
 .Ic chgrp , lpwd , df , symlink ,
 and
 .Ic lmkdir .
+.Pp
 Termination on error can be suppressed on a command by command basis by
 prefixing the command with a
 .Sq \-
 character (for example,
 .Ic -rm /tmp/blah* ) .
+Echo of the command may be suppressed by prefixing the command with a
+.Sq @
+character.
+These two prefixes may be combined in any order, for example
+.Ic -@ls /bsd .
 .It Fl C
 Enables compression (via ssh's
 .Fl C
@@ -174,6 +182,19 @@
 authentication is read.
 This option is directly passed to
 .Xr ssh 1 .
+.It Fl J Ar destination
+Connect to the target host by first making an
+.Nm
+connection to the jump host described by
+.Ar destination
+and then establishing a TCP forwarding to the ultimate destination from
+there.
+Multiple jump hops may be specified separated by comma characters.
+This is a shortcut to specify a
+.Cm ProxyJump
+configuration directive.
+This option is directly passed to
+.Xr ssh 1 .
 .It Fl l Ar limit
 Limits the used bandwidth, specified in Kbit/s.
 .It Fl o Ar ssh_option
@@ -220,7 +241,7 @@
 .It HostbasedKeyTypes
 .It HostKeyAlgorithms
 .It HostKeyAlias
-.It HostName
+.It Hostname
 .It IdentitiesOnly
 .It IdentityAgent
 .It IdentityFile
@@ -309,31 +330,52 @@
 If
 .Ar path
 is not specified, then change directory to the one the session started in.
-.It Ic chgrp Ar grp Ar path
+.It Xo Ic chgrp
+.Op Fl h
+.Ar grp
+.Ar path
+.Xc
 Change group of file
 .Ar path
 to
 .Ar grp .
+If the
+.Fl h
+flag is specified, then symlinks will not be followed.
 .Ar path
 may contain
 .Xr glob 7
 characters and may match multiple files.
 .Ar grp
 must be a numeric GID.
-.It Ic chmod Ar mode Ar path
+.It Xo Ic chmod
+.Op Fl h
+.Ar mode
+.Ar path
+.Xc
 Change permissions of file
 .Ar path
 to
 .Ar mode .
+If the
+.Fl h
+flag is specified, then symlinks will not be followed.
 .Ar path
 may contain
 .Xr glob 7
 characters and may match multiple files.
-.It Ic chown Ar own Ar path
+.It Xo Ic chown
+.Op Fl h
+.Ar own
+.Ar path
+.Xc
 Change owner of file
 .Ar path
 to
 .Ar own .
+If the
+.Fl h
+flag is specified, then symlinks will not be followed.
 .Ar path
 may contain
 .Xr glob 7
@@ -362,7 +404,7 @@
 Quit
 .Nm sftp .
 .It Xo Ic get
-.Op Fl afPpr
+.Op Fl afpR
 .Ar remote-path
 .Op Ar local-path
 .Xc
@@ -397,15 +439,19 @@
 will be called after the file transfer has completed to flush the file
 to disk.
 .Pp
-If either the
-.Fl P
-or
+If the
 .Fl p
+.\" undocumented redundant alias
+.\" or
+.\" .Fl P
 flag is specified, then full file permissions and access times are
 copied too.
 .Pp
 If the
-.Fl r
+.Fl R
+.\" undocumented redundant alias
+.\" or
+.\" .Fl r
 flag is specified then directories will be copied recursively.
 Note that
 .Nm
@@ -503,7 +549,7 @@
 .It Ic progress
 Toggle display of progress meter.
 .It Xo Ic put
-.Op Fl afPpr
+.Op Fl afpR
 .Ar local-path
 .Op Ar remote-path
 .Xc
@@ -539,15 +585,19 @@
 Note that this is only supported by servers that implement
 the "fsync@openssh.com" extension.
 .Pp
-If either the
-.Fl P
-or
+If the
 .Fl p
+.\" undocumented redundant alias
+.\" or
+.\" .Fl P
 flag is specified, then full file permissions and access times are
 copied too.
 .Pp
 If the
-.Fl r
+.Fl R
+.\" undocumented redundant alias
+.\" or
+.\" .Fl r
 flag is specified then directories will be copied recursively.
 Note that
 .Nm
@@ -558,7 +608,7 @@
 Quit
 .Nm sftp .
 .It Xo Ic reget
-.Op Fl Ppr
+.Op Fl fpR
 .Ar remote-path
 .Op Ar local-path
 .Xc
@@ -570,12 +620,12 @@
 .Fl a
 flag set.
 .It Xo Ic reput
-.Op Fl Ppr
-.Op Ar local-path
-.Ar remote-path
+.Op Fl fpR
+.Ar local-path
+.Op Ar remote-path
 .Xc
 Resume upload of
-.Op Ar local-path .
+.Ar local-path .
 Equivalent to
 .Ic put
 with the
Index: sftp.c
===================================================================
--- sftp.c
+++ sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.186 2018/09/07 04:26:56 dtucker Exp $ */
+/* $OpenBSD: sftp.c,v 1.195 2019/10/02 00:42:30 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -53,7 +53,6 @@
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
-#include <stdarg.h>
 
 #ifdef HAVE_UTIL_H
 # include <util.h>
@@ -278,15 +277,13 @@
 	printf("Available commands:\n"
 	    "bye                                Quit sftp\n"
 	    "cd path                            Change remote directory to 'path'\n"
-	    "chgrp grp path                     Change group of file 'path' to 'grp'\n"
-	    "chmod mode path                    Change permissions of file 'path' to 'mode'\n"
-	    "chown own path                     Change owner of file 'path' to 'own'\n"
+	    "chgrp [-h] grp path                Change group of file 'path' to 'grp'\n"
+	    "chmod [-h] mode path               Change permissions of file 'path' to 'mode'\n"
+	    "chown [-h] own path                Change owner of file 'path' to 'own'\n"
 	    "df [-hi] [path]                    Display statistics for current directory or\n"
 	    "                                   filesystem containing 'path'\n"
 	    "exit                               Quit sftp\n"
-	    "get [-afPpRr] remote [local]       Download file\n"
-	    "reget [-fPpRr] remote [local]      Resume download file\n"
-	    "reput [-fPpRr] [local] remote      Resume upload file\n"
+	    "get [-afpR] remote [local]         Download file\n"
 	    "help                               Display this help text\n"
 	    "lcd path                           Change local directory to 'path'\n"
 	    "lls [ls-options [path]]            Display local directory listing\n"
@@ -297,10 +294,12 @@
 	    "lumask umask                       Set local umask to 'umask'\n"
 	    "mkdir path                         Create remote directory\n"
 	    "progress                           Toggle display of progress meter\n"
-	    "put [-afPpRr] local [remote]       Upload file\n"
+	    "put [-afpR] local [remote]         Upload file\n"
 	    "pwd                                Display remote working directory\n"
 	    "quit                               Quit sftp\n"
+	    "reget [-fpR] remote [local]        Resume download file\n"
 	    "rename oldpath newpath             Rename remote file\n"
+	    "reput [-fpR] local [remote]        Resume upload file\n"
 	    "rm path                            Delete remote file\n"
 	    "rmdir path                         Remove remote directory\n"
 	    "symlink oldpath newpath            Symlink remote file\n"
@@ -389,7 +388,7 @@
 	char *abs_str;
 
 	/* Derelativise */
-	if (p && p[0] != '/') {
+	if (p && !path_absolute(p)) {
 		abs_str = path_append(pwd, p);
 		free(p);
 		return(abs_str);
@@ -562,6 +561,30 @@
 }
 
 static int
+parse_ch_flags(const char *cmd, char **argv, int argc, int *hflag)
+{
+	extern int opterr, optind, optopt, optreset;
+	int ch;
+
+	optind = optreset = 1;
+	opterr = 0;
+
+	*hflag = 0;
+	while ((ch = getopt(argc, argv, "h")) != -1) {
+		switch (ch) {
+		case 'h':
+			*hflag = 1;
+			break;
+		default:
+			error("%s: Invalid flag -%c", cmd, optopt);
+			return -1;
+		}
+	}
+
+	return optind;
+}
+
+static int
 parse_no_flags(const char *cmd, char **argv, int argc)
 {
 	extern int opterr, optind, optopt, optreset;
@@ -1296,7 +1319,7 @@
 }
 
 static int
-parse_args(const char **cpp, int *ignore_errors, int *aflag,
+parse_args(const char **cpp, int *ignore_errors, int *disable_echo, int *aflag,
 	  int *fflag, int *hflag, int *iflag, int *lflag, int *pflag,
 	  int *rflag, int *sflag,
     unsigned long *n_arg, char **path1, char **path2)
@@ -1310,13 +1333,23 @@
 	/* Skip leading whitespace */
 	cp = cp + strspn(cp, WHITESPACE);
 
-	/* Check for leading '-' (disable error processing) */
+	/*
+	 * Check for leading '-' (disable error processing) and '@' (suppress
+	 * command echo)
+	 */
 	*ignore_errors = 0;
-	if (*cp == '-') {
-		*ignore_errors = 1;
-		cp++;
-		cp = cp + strspn(cp, WHITESPACE);
+	*disable_echo = 0;
+	for (;*cp != '\0'; cp++) {
+		if (*cp == '-') {
+			*ignore_errors = 1;
+		} else if (*cp == '@') {
+			*disable_echo = 1;
+		} else {
+			/* all other characters terminate prefix processing */
+			break;
+		}
 	}
+	cp = cp + strspn(cp, WHITESPACE);
 
 	/* Ignore blank lines and lines which begin with comment '#' char */
 	if (*cp == '\0' || *cp == '#')
@@ -1446,7 +1479,7 @@
 		/* FALLTHROUGH */
 	case I_CHOWN:
 	case I_CHGRP:
-		if ((optidx = parse_no_flags(cmd, argv, argc)) == -1)
+		if ((optidx = parse_ch_flags(cmd, argv, argc, hflag)) == -1)
 			return -1;
 		/* Get numeric arg (mandatory) */
 		if (argc - optidx < 1)
@@ -1491,11 +1524,12 @@
 
 static int
 parse_dispatch_command(struct sftp_conn *conn, const char *cmd, char **pwd,
-    const char *startdir, int err_abort)
+    const char *startdir, int err_abort, int echo_command)
 {
+	const char *ocmd = cmd;
 	char *path1, *path2, *tmp;
-	int ignore_errors = 0, aflag = 0, fflag = 0, hflag = 0,
-	iflag = 0;
+	int ignore_errors = 0, disable_echo = 1;
+	int aflag = 0, fflag = 0, hflag = 0, iflag = 0;
 	int lflag = 0, pflag = 0, rflag = 0, sflag = 0;
 	int cmdnum, i;
 	unsigned long n_arg = 0;
@@ -1505,11 +1539,15 @@
 	glob_t g;
 
 	path1 = path2 = NULL;
-	cmdnum = parse_args(&cmd, &ignore_errors, &aflag, &fflag, &hflag,
-	    &iflag, &lflag, &pflag, &rflag, &sflag, &n_arg, &path1, &path2);
+	cmdnum = parse_args(&cmd, &ignore_errors, &disable_echo, &aflag, &fflag,
+	    &hflag, &iflag, &lflag, &pflag, &rflag, &sflag, &n_arg,
+	    &path1, &path2);
 	if (ignore_errors != 0)
 		err_abort = 0;
 
+	if (echo_command && !disable_echo)
+		mprintf("sftp> %s\n", ocmd);
+
 	memset(&g, 0, sizeof(g));
 
 	/* Perform command */
@@ -1608,7 +1646,7 @@
 
 		/* Strip pwd off beginning of non-absolute paths */
 		tmp = NULL;
-		if (*path1 != '/')
+		if (!path_absolute(path1))
 			tmp = *pwd;
 
 		path1 = make_absolute(path1, *pwd);
@@ -1660,7 +1698,8 @@
 			if (!quiet)
 				mprintf("Changing mode on %s\n",
 				    g.gl_pathv[i]);
-			err = do_setstat(conn, g.gl_pathv[i], &a);
+			err = (hflag ? do_lsetstat : do_setstat)(conn,
+			    g.gl_pathv[i], &a);
 			if (err != 0 && err_abort)
 				break;
 		}
@@ -1670,7 +1709,8 @@
 		path1 = make_absolute(path1, *pwd);
 		remote_glob(conn, path1, GLOB_NOCHECK, NULL, &g);
 		for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
-			if (!(aa = do_stat(conn, g.gl_pathv[i], 0))) {
+			if (!(aa = (hflag ? do_lstat : do_stat)(conn,
+			    g.gl_pathv[i], 0))) {
 				if (err_abort) {
 					err = -1;
 					break;
@@ -1698,7 +1738,8 @@
 					    g.gl_pathv[i]);
 				aa->gid = n_arg;
 			}
-			err = do_setstat(conn, g.gl_pathv[i], aa);
+			err = (hflag ? do_lsetstat : do_setstat)(conn,
+			    g.gl_pathv[i], aa);
 			if (err != 0 && err_abort)
 				break;
 		}
@@ -1936,7 +1977,7 @@
 		xasprintf(&tmp, "%s*", file);
 
 	/* Check if the path is absolute. */
-	isabs = tmp[0] == '/';
+	isabs = path_absolute(tmp);
 
 	memset(&g, 0, sizeof(g));
 	if (remote != LOCAL) {
@@ -2147,7 +2188,7 @@
 		el_set(el, EL_BIND, "^I", "ftp-complete", NULL);
 		/* enable ctrl-left-arrow and ctrl-right-arrow */
 		el_set(el, EL_BIND, "\\e[1;5C", "em-next-word", NULL);
-		el_set(el, EL_BIND, "\\e[5C", "em-next-word", NULL);
+		el_set(el, EL_BIND, "\\e\\e[C", "em-next-word", NULL);
 		el_set(el, EL_BIND, "\\e[1;5D", "ed-prev-word", NULL);
 		el_set(el, EL_BIND, "\\e\\e[D", "ed-prev-word", NULL);
 		/* make ^w match ksh behaviour */
@@ -2169,7 +2210,7 @@
 				mprintf("Changing to: %s\n", dir);
 			snprintf(cmd, sizeof cmd, "cd \"%s\"", dir);
 			if (parse_dispatch_command(conn, cmd,
-			    &remote_path, startdir, 1) != 0) {
+			    &remote_path, startdir, 1, 0) != 0) {
 				free(dir);
 				free(startdir);
 				free(remote_path);
@@ -2183,7 +2224,7 @@
 			    file2 == NULL ? "" : " ",
 			    file2 == NULL ? "" : file2);
 			err = parse_dispatch_command(conn, cmd,
-			    &remote_path, startdir, 1);
+			    &remote_path, startdir, 1, 0);
 			free(dir);
 			free(startdir);
 			free(remote_path);
@@ -2199,8 +2240,6 @@
 	interactive = !batchmode && isatty(STDIN_FILENO);
 	err = 0;
 	for (;;) {
-		char *cp;
-
 		signal(SIGINT, SIG_IGN);
 
 		if (el == NULL) {
@@ -2211,12 +2250,6 @@
 					printf("\n");
 				break;
 			}
-			if (!interactive) { /* Echo command */
-				mprintf("sftp> %s", cmd);
-				if (strlen(cmd) > 0 &&
-				    cmd[strlen(cmd) - 1] != '\n')
-					printf("\n");
-			}
 		} else {
 #ifdef USE_LIBEDIT
 			const char *line;
@@ -2235,16 +2268,14 @@
 #endif /* USE_LIBEDIT */
 		}
 
-		cp = strrchr(cmd, '\n');
-		if (cp)
-			*cp = '\0';
+		cmd[strcspn(cmd, "\n")] = '\0';
 
 		/* Handle user interrupts gracefully during commands */
 		interrupted = 0;
 		signal(SIGINT, cmd_interrupt);
 
 		err = parse_dispatch_command(conn, cmd, &remote_path,
-		    startdir, batchmode);
+		    startdir, batchmode, !interactive && el == NULL);
 		if (err != 0)
 			break;
 	}
@@ -2330,11 +2361,10 @@
 
 	fprintf(stderr,
 	    "usage: %s [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
-	    "          [-D sftp_server_path] [-F ssh_config] "
-	    "[-i identity_file] [-l limit]\n"
-	    "          [-o ssh_option] [-P port] [-R num_requests] "
-	    "[-S program]\n"
-	    "          [-s subsystem | sftp_server] destination\n",
+	    "          [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n"
+	    "          [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
+	    "          [-R num_requests] [-S program] [-s subsystem | sftp_server]\n"
+	    "          destination\n",
 	    __progname);
 	exit(1);
 }
@@ -2357,11 +2387,12 @@
 	size_t num_requests = DEFAULT_NUM_REQUESTS;
 	long long limit_kbps = 0;
 
-	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 	msetlocale();
 
+	seed_rng();
+
 	__progname = ssh_get_progname(argv[0]);
 	memset(&args, '\0', sizeof(args));
 	args.list = NULL;
@@ -2375,7 +2406,7 @@
 	infile = stdin;
 
 	while ((ch = getopt(argc, argv,
-	    "1246afhpqrvCc:D:i:l:o:s:S:b:B:F:P:R:")) != -1) {
+	    "1246afhpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
 		switch (ch) {
 		/* Passed through to ssh(1) */
 		case '4':
@@ -2385,6 +2416,7 @@
 			break;
 		/* Passed through to ssh(1) with argument */
 		case 'F':
+		case 'J':
 		case 'c':
 		case 'i':
 		case 'o':
@@ -2494,12 +2526,17 @@
 				port = tmp;
 			break;
 		default:
+			/* Try with user, host and path. */
 			if (parse_user_host_path(*argv, &user, &host,
-			    &file1) == -1) {
-				/* Treat as a plain hostname. */
-				host = xstrdup(*argv);
-				host = cleanhostname(host);
-			}
+			    &file1) == 0)
+				break;
+			/* Try with user and host. */
+			if (parse_user_host_port(*argv, &user, &host, NULL)
+			    == 0)
+				break;
+			/* Treat as a plain hostname. */
+			host = xstrdup(*argv);
+			host = cleanhostname(host);
 			break;
 		}
 		file2 = *(argv + 1);
Index: sntrup4591761.c
===================================================================
--- /dev/null
+++ sntrup4591761.c
@@ -0,0 +1,1083 @@
+/*  $OpenBSD: sntrup4591761.c,v 1.3 2019/01/30 19:51:15 markus Exp $ */
+
+/*
+ * Public Domain, Authors:
+ * - Daniel J. Bernstein
+ * - Chitchanok Chuengsatiansup
+ * - Tanja Lange
+ * - Christine van Vredendaal
+ */
+
+#include "includes.h"
+
+#include <string.h>
+#include "crypto_api.h"
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.h */
+#ifndef int32_sort_h
+#define int32_sort_h
+
+
+static void int32_sort(crypto_int32 *,int);
+
+#endif
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+static void minmax(crypto_int32 *x,crypto_int32 *y)
+{
+  crypto_uint32 xi = *x;
+  crypto_uint32 yi = *y;
+  crypto_uint32 xy = xi ^ yi;
+  crypto_uint32 c = yi - xi;
+  c ^= xy & (c ^ yi);
+  c >>= 31;
+  c = -c;
+  c &= xy;
+  *x = xi ^ c;
+  *y = yi ^ c;
+}
+
+static void int32_sort(crypto_int32 *x,int n)
+{
+  int top,p,q,i;
+
+  if (n < 2) return;
+  top = 1;
+  while (top < n - top) top += top;
+
+  for (p = top;p > 0;p >>= 1) {
+    for (i = 0;i < n - p;++i)
+      if (!(i & p))
+        minmax(x + i,x + i + p);
+    for (q = top;q > p;q >>= 1)
+      for (i = 0;i < n - q;++i)
+        if (!(i & p))
+          minmax(x + i + p,x + i + q);
+  }
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.h */
+#ifndef small_h
+#define small_h
+
+
+typedef crypto_int8 small;
+
+static void small_encode(unsigned char *,const small *);
+
+static void small_decode(small *,const unsigned char *);
+
+
+static void small_random(small *);
+
+static void small_random_weightw(small *);
+
+#endif
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/mod3.h */
+#ifndef mod3_h
+#define mod3_h
+
+
+/* -1 if x is nonzero, 0 otherwise */
+static inline int mod3_nonzero_mask(small x)
+{
+  return -x*x;
+}
+
+/* input between -100000 and 100000 */
+/* output between -1 and 1 */
+static inline small mod3_freeze(crypto_int32 a)
+{
+  a -= 3 * ((10923 * a) >> 15);
+  a -= 3 * ((89478485 * a + 134217728) >> 28);
+  return a;
+}
+
+static inline small mod3_minusproduct(small a,small b,small c)
+{
+  crypto_int32 A = a;
+  crypto_int32 B = b;
+  crypto_int32 C = c;
+  return mod3_freeze(A - B * C);
+}
+
+static inline small mod3_plusproduct(small a,small b,small c)
+{
+  crypto_int32 A = a;
+  crypto_int32 B = b;
+  crypto_int32 C = c;
+  return mod3_freeze(A + B * C);
+}
+
+static inline small mod3_product(small a,small b)
+{
+  return a * b;
+}
+
+static inline small mod3_sum(small a,small b)
+{
+  crypto_int32 A = a;
+  crypto_int32 B = b;
+  return mod3_freeze(A + B);
+}
+
+static inline small mod3_reciprocal(small a1)
+{
+  return a1;
+}
+
+static inline small mod3_quotient(small num,small den)
+{
+  return mod3_product(num,mod3_reciprocal(den));
+}
+
+#endif
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/modq.h */
+#ifndef modq_h
+#define modq_h
+
+
+typedef crypto_int16 modq;
+
+/* -1 if x is nonzero, 0 otherwise */
+static inline int modq_nonzero_mask(modq x)
+{
+  crypto_int32 r = (crypto_uint16) x;
+  r = -r;
+  r >>= 30;
+  return r;
+}
+
+/* input between -9000000 and 9000000 */
+/* output between -2295 and 2295 */
+static inline modq modq_freeze(crypto_int32 a)
+{
+  a -= 4591 * ((228 * a) >> 20);
+  a -= 4591 * ((58470 * a + 134217728) >> 28);
+  return a;
+}
+
+static inline modq modq_minusproduct(modq a,modq b,modq c)
+{
+  crypto_int32 A = a;
+  crypto_int32 B = b;
+  crypto_int32 C = c;
+  return modq_freeze(A - B * C);
+}
+
+static inline modq modq_plusproduct(modq a,modq b,modq c)
+{
+  crypto_int32 A = a;
+  crypto_int32 B = b;
+  crypto_int32 C = c;
+  return modq_freeze(A + B * C);
+}
+
+static inline modq modq_product(modq a,modq b)
+{
+  crypto_int32 A = a;
+  crypto_int32 B = b;
+  return modq_freeze(A * B);
+}
+
+static inline modq modq_square(modq a)
+{
+  crypto_int32 A = a;
+  return modq_freeze(A * A);
+}
+
+static inline modq modq_sum(modq a,modq b)
+{
+  crypto_int32 A = a;
+  crypto_int32 B = b;
+  return modq_freeze(A + B);
+}
+
+static inline modq modq_reciprocal(modq a1)
+{
+  modq a2 = modq_square(a1);
+  modq a3 = modq_product(a2,a1);
+  modq a4 = modq_square(a2);
+  modq a8 = modq_square(a4);
+  modq a16 = modq_square(a8);
+  modq a32 = modq_square(a16);
+  modq a35 = modq_product(a32,a3);
+  modq a70 = modq_square(a35);
+  modq a140 = modq_square(a70);
+  modq a143 = modq_product(a140,a3);
+  modq a286 = modq_square(a143);
+  modq a572 = modq_square(a286);
+  modq a1144 = modq_square(a572);
+  modq a1147 = modq_product(a1144,a3);
+  modq a2294 = modq_square(a1147);
+  modq a4588 = modq_square(a2294);
+  modq a4589 = modq_product(a4588,a1);
+  return a4589;
+}
+
+static inline modq modq_quotient(modq num,modq den)
+{
+  return modq_product(num,modq_reciprocal(den));
+}
+
+#endif
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/params.h */
+#ifndef params_h
+#define params_h
+
+#define q 4591
+/* XXX: also built into modq in various ways */
+
+#define qshift 2295
+#define p 761
+#define w 286
+
+#define rq_encode_len 1218
+#define small_encode_len 191
+
+#endif
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3.h */
+#ifndef r3_h
+#define r3_h
+
+
+static void r3_mult(small *,const small *,const small *);
+
+extern int r3_recip(small *,const small *);
+
+#endif
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.h */
+#ifndef rq_h
+#define rq_h
+
+
+static void rq_encode(unsigned char *,const modq *);
+
+static void rq_decode(modq *,const unsigned char *);
+
+static void rq_encoderounded(unsigned char *,const modq *);
+
+static void rq_decoderounded(modq *,const unsigned char *);
+
+static void rq_round3(modq *,const modq *);
+
+static void rq_mult(modq *,const modq *,const small *);
+
+int rq_recip3(modq *,const small *);
+
+#endif
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.h */
+#ifndef swap_h
+#define swap_h
+
+static void swap(void *,void *,int,int);
+
+#endif
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/dec.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+#ifdef KAT
+#endif
+
+
+int crypto_kem_sntrup4591761_dec(
+  unsigned char *k,
+  const unsigned char *cstr,
+  const unsigned char *sk
+)
+{
+  small f[p];
+  modq h[p];
+  small grecip[p];
+  modq c[p];
+  modq t[p];
+  small t3[p];
+  small r[p];
+  modq hr[p];
+  unsigned char rstr[small_encode_len];
+  unsigned char hash[64];
+  int i;
+  int result = 0;
+  int weight;
+
+  small_decode(f,sk);
+  small_decode(grecip,sk + small_encode_len);
+  rq_decode(h,sk + 2 * small_encode_len);
+
+  rq_decoderounded(c,cstr + 32);
+
+  rq_mult(t,c,f);
+  for (i = 0;i < p;++i) t3[i] = mod3_freeze(modq_freeze(3*t[i]));
+
+  r3_mult(r,t3,grecip);
+
+#ifdef KAT
+  {
+    int j;
+    printf("decrypt r:");
+    for (j = 0;j < p;++j)
+      if (r[j] == 1) printf(" +%d",j);
+      else if (r[j] == -1) printf(" -%d",j);
+    printf("\n");
+  }
+#endif
+
+  weight = 0;
+  for (i = 0;i < p;++i) weight += (1 & r[i]);
+  weight -= w;
+  result |= modq_nonzero_mask(weight); /* XXX: puts limit on p */
+
+  rq_mult(hr,h,r);
+  rq_round3(hr,hr);
+  for (i = 0;i < p;++i) result |= modq_nonzero_mask(hr[i] - c[i]);
+
+  small_encode(rstr,r);
+  crypto_hash_sha512(hash,rstr,sizeof rstr);
+  result |= crypto_verify_32(hash,cstr);
+
+  for (i = 0;i < 32;++i) k[i] = (hash[32 + i] & ~result);
+  return result;
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/enc.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+#ifdef KAT
+#endif
+
+
+int crypto_kem_sntrup4591761_enc(
+  unsigned char *cstr,
+  unsigned char *k,
+  const unsigned char *pk
+)
+{
+  small r[p];
+  modq h[p];
+  modq c[p];
+  unsigned char rstr[small_encode_len];
+  unsigned char hash[64];
+
+  small_random_weightw(r);
+
+#ifdef KAT
+  {
+    int i;
+    printf("encrypt r:");
+    for (i = 0;i < p;++i)
+      if (r[i] == 1) printf(" +%d",i);
+      else if (r[i] == -1) printf(" -%d",i);
+    printf("\n");
+  }
+#endif
+
+  small_encode(rstr,r);
+  crypto_hash_sha512(hash,rstr,sizeof rstr);
+
+  rq_decode(h,pk);
+  rq_mult(c,h,r);
+  rq_round3(c,c);
+
+  memcpy(k,hash + 32,32);
+  memcpy(cstr,hash,32);
+  rq_encoderounded(cstr + 32,c);
+
+  return 0;
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/keypair.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+#if crypto_kem_sntrup4591761_PUBLICKEYBYTES != rq_encode_len
+#error "crypto_kem_sntrup4591761_PUBLICKEYBYTES must match rq_encode_len"
+#endif
+#if crypto_kem_sntrup4591761_SECRETKEYBYTES != rq_encode_len + 2 * small_encode_len
+#error "crypto_kem_sntrup4591761_SECRETKEYBYTES must match rq_encode_len + 2 * small_encode_len"
+#endif
+
+int crypto_kem_sntrup4591761_keypair(unsigned char *pk,unsigned char *sk)
+{
+  small g[p];
+  small grecip[p];
+  small f[p];
+  modq f3recip[p];
+  modq h[p];
+
+  do
+    small_random(g);
+  while (r3_recip(grecip,g) != 0);
+
+  small_random_weightw(f);
+  rq_recip3(f3recip,f);
+
+  rq_mult(h,f3recip,g);
+
+  rq_encode(pk,h);
+  small_encode(sk,f);
+  small_encode(sk + small_encode_len,grecip);
+  memcpy(sk + 2 * small_encode_len,pk,rq_encode_len);
+
+  return 0;
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_mult.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+static void r3_mult(small *h,const small *f,const small *g)
+{
+  small fg[p + p - 1];
+  small result;
+  int i, j;
+
+  for (i = 0;i < p;++i) {
+    result = 0;
+    for (j = 0;j <= i;++j)
+      result = mod3_plusproduct(result,f[j],g[i - j]);
+    fg[i] = result;
+  }
+  for (i = p;i < p + p - 1;++i) {
+    result = 0;
+    for (j = i - p + 1;j < p;++j)
+      result = mod3_plusproduct(result,f[j],g[i - j]);
+    fg[i] = result;
+  }
+
+  for (i = p + p - 2;i >= p;--i) {
+    fg[i - p] = mod3_sum(fg[i - p],fg[i]);
+    fg[i - p + 1] = mod3_sum(fg[i - p + 1],fg[i]);
+  }
+
+  for (i = 0;i < p;++i)
+    h[i] = fg[i];
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_recip.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+/* caller must ensure that x-y does not overflow */
+static int smaller_mask_r3_recip(int x,int y)
+{
+  return (x - y) >> 31;
+}
+
+static void vectormod3_product(small *z,int len,const small *x,const small c)
+{
+  int i;
+  for (i = 0;i < len;++i) z[i] = mod3_product(x[i],c);
+}
+
+static void vectormod3_minusproduct(small *z,int len,const small *x,const small *y,const small c)
+{
+  int i;
+  for (i = 0;i < len;++i) z[i] = mod3_minusproduct(x[i],y[i],c);
+}
+
+static void vectormod3_shift(small *z,int len)
+{
+  int i;
+  for (i = len - 1;i > 0;--i) z[i] = z[i - 1];
+  z[0] = 0;
+}
+
+/*
+r = s^(-1) mod m, returning 0, if s is invertible mod m
+or returning -1 if s is not invertible mod m
+r,s are polys of degree <p
+m is x^p-x-1
+*/
+int r3_recip(small *r,const small *s)
+{
+  const int loops = 2*p + 1;
+  int loop;
+  small f[p + 1]; 
+  small g[p + 1]; 
+  small u[2*p + 2];
+  small v[2*p + 2];
+  small c;
+  int i;
+  int d = p;
+  int e = p;
+  int swapmask;
+
+  for (i = 2;i < p;++i) f[i] = 0;
+  f[0] = -1;
+  f[1] = -1;
+  f[p] = 1;
+  /* generalization: can initialize f to any polynomial m */
+  /* requirements: m has degree exactly p, nonzero constant coefficient */
+
+  for (i = 0;i < p;++i) g[i] = s[i];
+  g[p] = 0;
+
+  for (i = 0;i <= loops;++i) u[i] = 0;
+
+  v[0] = 1;
+  for (i = 1;i <= loops;++i) v[i] = 0;
+
+  loop = 0;
+  for (;;) {
+    /* e == -1 or d + e + loop <= 2*p */
+
+    /* f has degree p: i.e., f[p]!=0 */
+    /* f[i]==0 for i < p-d */
+
+    /* g has degree <=p (so it fits in p+1 coefficients) */
+    /* g[i]==0 for i < p-e */
+
+    /* u has degree <=loop (so it fits in loop+1 coefficients) */
+    /* u[i]==0 for i < p-d */
+    /* if invertible: u[i]==0 for i < loop-p (so can look at just p+1 coefficients) */
+
+    /* v has degree <=loop (so it fits in loop+1 coefficients) */
+    /* v[i]==0 for i < p-e */
+    /* v[i]==0 for i < loop-p (so can look at just p+1 coefficients) */
+
+    if (loop >= loops) break;
+
+    c = mod3_quotient(g[p],f[p]);
+
+    vectormod3_minusproduct(g,p + 1,g,f,c);
+    vectormod3_shift(g,p + 1);
+
+#ifdef SIMPLER
+    vectormod3_minusproduct(v,loops + 1,v,u,c);
+    vectormod3_shift(v,loops + 1);
+#else
+    if (loop < p) {
+      vectormod3_minusproduct(v,loop + 1,v,u,c);
+      vectormod3_shift(v,loop + 2);
+    } else {
+      vectormod3_minusproduct(v + loop - p,p + 1,v + loop - p,u + loop - p,c);
+      vectormod3_shift(v + loop - p,p + 2);
+    }
+#endif
+
+    e -= 1;
+
+    ++loop;
+
+    swapmask = smaller_mask_r3_recip(e,d) & mod3_nonzero_mask(g[p]);
+    swap(&e,&d,sizeof e,swapmask);
+    swap(f,g,(p + 1) * sizeof(small),swapmask);
+
+#ifdef SIMPLER
+    swap(u,v,(loops + 1) * sizeof(small),swapmask);
+#else
+    if (loop < p) {
+      swap(u,v,(loop + 1) * sizeof(small),swapmask);
+    } else {
+      swap(u + loop - p,v + loop - p,(p + 1) * sizeof(small),swapmask);
+    }
+#endif
+  }
+
+  c = mod3_reciprocal(f[p]);
+  vectormod3_product(r,p,u + p,c);
+  return smaller_mask_r3_recip(0,d);
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomsmall.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+static void small_random(small *g)
+{
+  int i;
+
+  for (i = 0;i < p;++i) {
+    crypto_uint32 r = small_random32();
+    g[i] = (small) (((1073741823 & r) * 3) >> 30) - 1;
+  }
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomweightw.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+static void small_random_weightw(small *f)
+{
+  crypto_int32 r[p];
+  int i;
+
+  for (i = 0;i < p;++i) r[i] = small_random32();
+  for (i = 0;i < w;++i) r[i] &= -2;
+  for (i = w;i < p;++i) r[i] = (r[i] & -3) | 1;
+  int32_sort(r,p);
+  for (i = 0;i < p;++i) f[i] = ((small) (r[i] & 3)) - 1;
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+static void rq_encode(unsigned char *c,const modq *f)
+{
+  crypto_int32 f0, f1, f2, f3, f4;
+  int i;
+
+  for (i = 0;i < p/5;++i) {
+    f0 = *f++ + qshift;
+    f1 = *f++ + qshift;
+    f2 = *f++ + qshift;
+    f3 = *f++ + qshift;
+    f4 = *f++ + qshift;
+    /* now want f0 + 6144*f1 + ... as a 64-bit integer */
+    f1 *= 3;
+    f2 *= 9;
+    f3 *= 27;
+    f4 *= 81;
+    /* now want f0 + f1<<11 + f2<<22 + f3<<33 + f4<<44 */
+    f0 += f1 << 11;
+    *c++ = f0; f0 >>= 8;
+    *c++ = f0; f0 >>= 8;
+    f0 += f2 << 6;
+    *c++ = f0; f0 >>= 8;
+    *c++ = f0; f0 >>= 8;
+    f0 += f3 << 1;
+    *c++ = f0; f0 >>= 8;
+    f0 += f4 << 4;
+    *c++ = f0; f0 >>= 8;
+    *c++ = f0; f0 >>= 8;
+    *c++ = f0;
+  }
+  /* XXX: using p mod 5 = 1 */
+  f0 = *f++ + qshift;
+  *c++ = f0; f0 >>= 8;
+  *c++ = f0;
+}
+
+static void rq_decode(modq *f,const unsigned char *c)
+{
+  crypto_uint32 c0, c1, c2, c3, c4, c5, c6, c7;
+  crypto_uint32 f0, f1, f2, f3, f4;
+  int i;
+
+  for (i = 0;i < p/5;++i) {
+    c0 = *c++;
+    c1 = *c++;
+    c2 = *c++;
+    c3 = *c++;
+    c4 = *c++;
+    c5 = *c++;
+    c6 = *c++;
+    c7 = *c++;
+
+    /* f0 + f1*6144 + f2*6144^2 + f3*6144^3 + f4*6144^4 */
+    /* = c0 + c1*256 + ... + c6*256^6 + c7*256^7 */
+    /* with each f between 0 and 4590 */
+
+    c6 += c7 << 8;
+    /* c6 <= 23241 = floor(4591*6144^4/2^48) */
+    /* f4 = (16/81)c6 + (1/1296)(c5+[0,1]) - [0,0.75] */
+    /* claim: 2^19 f4 < x < 2^19(f4+1) */
+    /* where x = 103564 c6 + 405(c5+1) */
+    /* proof: x - 2^19 f4 = (76/81)c6 + (37/81)c5 + 405 - (32768/81)[0,1] + 2^19[0,0.75] */
+    /* at least 405 - 32768/81 > 0 */
+    /* at most (76/81)23241 + (37/81)255 + 405 + 2^19 0.75 < 2^19 */
+    f4 = (103564*c6 + 405*(c5+1)) >> 19;
+
+    c5 += c6 << 8;
+    c5 -= (f4 * 81) << 4;
+    c4 += c5 << 8;
+
+    /* f0 + f1*6144 + f2*6144^2 + f3*6144^3 */
+    /* = c0 + c1*256 + c2*256^2 + c3*256^3 + c4*256^4 */
+    /* c4 <= 247914 = floor(4591*6144^3/2^32) */
+    /* f3 = (1/54)(c4+[0,1]) - [0,0.75] */
+    /* claim: 2^19 f3 < x < 2^19(f3+1) */
+    /* where x = 9709(c4+2) */
+    /* proof: x - 2^19 f3 = 19418 - (1/27)c4 - (262144/27)[0,1] + 2^19[0,0.75] */
+    /* at least 19418 - 247914/27 - 262144/27 > 0 */
+    /* at most 19418 + 2^19 0.75 < 2^19 */
+    f3 = (9709*(c4+2)) >> 19;
+
+    c4 -= (f3 * 27) << 1;
+    c3 += c4 << 8;
+    /* f0 + f1*6144 + f2*6144^2 */
+    /* = c0 + c1*256 + c2*256^2 + c3*256^3 */
+    /* c3 <= 10329 = floor(4591*6144^2/2^24) */
+    /* f2 = (4/9)c3 + (1/576)c2 + (1/147456)c1 + (1/37748736)c0 - [0,0.75] */
+    /* claim: 2^19 f2 < x < 2^19(f2+1) */
+    /* where x = 233017 c3 + 910(c2+2) */
+    /* proof: x - 2^19 f2 = 1820 + (1/9)c3 - (2/9)c2 - (32/9)c1 - (1/72)c0 + 2^19[0,0.75] */
+    /* at least 1820 - (2/9)255 - (32/9)255 - (1/72)255 > 0 */
+    /* at most 1820 + (1/9)10329 + 2^19 0.75 < 2^19 */
+    f2 = (233017*c3 + 910*(c2+2)) >> 19;
+
+    c2 += c3 << 8;
+    c2 -= (f2 * 9) << 6;
+    c1 += c2 << 8;
+    /* f0 + f1*6144 */
+    /* = c0 + c1*256 */
+    /* c1 <= 110184 = floor(4591*6144/2^8) */
+    /* f1 = (1/24)c1 + (1/6144)c0 - (1/6144)f0 */
+    /* claim: 2^19 f1 < x < 2^19(f1+1) */
+    /* where x = 21845(c1+2) + 85 c0 */
+    /* proof: x - 2^19 f1 = 43690 - (1/3)c1 - (1/3)c0 + 2^19 [0,0.75] */
+    /* at least 43690 - (1/3)110184 - (1/3)255 > 0 */
+    /* at most 43690 + 2^19 0.75 < 2^19 */
+    f1 = (21845*(c1+2) + 85*c0) >> 19;
+
+    c1 -= (f1 * 3) << 3;
+    c0 += c1 << 8;
+    f0 = c0;
+
+    *f++ = modq_freeze(f0 + q - qshift);
+    *f++ = modq_freeze(f1 + q - qshift);
+    *f++ = modq_freeze(f2 + q - qshift);
+    *f++ = modq_freeze(f3 + q - qshift);
+    *f++ = modq_freeze(f4 + q - qshift);
+  }
+
+  c0 = *c++;
+  c1 = *c++;
+  c0 += c1 << 8;
+  *f++ = modq_freeze(c0 + q - qshift);
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_mult.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+static void rq_mult(modq *h,const modq *f,const small *g)
+{
+  modq fg[p + p - 1];
+  modq result;
+  int i, j;
+
+  for (i = 0;i < p;++i) {
+    result = 0;
+    for (j = 0;j <= i;++j)
+      result = modq_plusproduct(result,f[j],g[i - j]);
+    fg[i] = result;
+  }
+  for (i = p;i < p + p - 1;++i) {
+    result = 0;
+    for (j = i - p + 1;j < p;++j)
+      result = modq_plusproduct(result,f[j],g[i - j]);
+    fg[i] = result;
+  }
+
+  for (i = p + p - 2;i >= p;--i) {
+    fg[i - p] = modq_sum(fg[i - p],fg[i]);
+    fg[i - p + 1] = modq_sum(fg[i - p + 1],fg[i]);
+  }
+
+  for (i = 0;i < p;++i)
+    h[i] = fg[i];
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_recip3.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+/* caller must ensure that x-y does not overflow */
+static int smaller_mask_rq_recip3(int x,int y)
+{
+  return (x - y) >> 31;
+}
+
+static void vectormodq_product(modq *z,int len,const modq *x,const modq c)
+{
+  int i;
+  for (i = 0;i < len;++i) z[i] = modq_product(x[i],c);
+}
+
+static void vectormodq_minusproduct(modq *z,int len,const modq *x,const modq *y,const modq c)
+{
+  int i;
+  for (i = 0;i < len;++i) z[i] = modq_minusproduct(x[i],y[i],c);
+}
+
+static void vectormodq_shift(modq *z,int len)
+{
+  int i;
+  for (i = len - 1;i > 0;--i) z[i] = z[i - 1];
+  z[0] = 0;
+}
+
+/*
+r = (3s)^(-1) mod m, returning 0, if s is invertible mod m
+or returning -1 if s is not invertible mod m
+r,s are polys of degree <p
+m is x^p-x-1
+*/
+int rq_recip3(modq *r,const small *s)
+{
+  const int loops = 2*p + 1;
+  int loop;
+  modq f[p + 1]; 
+  modq g[p + 1]; 
+  modq u[2*p + 2];
+  modq v[2*p + 2];
+  modq c;
+  int i;
+  int d = p;
+  int e = p;
+  int swapmask;
+
+  for (i = 2;i < p;++i) f[i] = 0;
+  f[0] = -1;
+  f[1] = -1;
+  f[p] = 1;
+  /* generalization: can initialize f to any polynomial m */
+  /* requirements: m has degree exactly p, nonzero constant coefficient */
+
+  for (i = 0;i < p;++i) g[i] = 3 * s[i];
+  g[p] = 0;
+
+  for (i = 0;i <= loops;++i) u[i] = 0;
+
+  v[0] = 1;
+  for (i = 1;i <= loops;++i) v[i] = 0;
+
+  loop = 0;
+  for (;;) {
+    /* e == -1 or d + e + loop <= 2*p */
+
+    /* f has degree p: i.e., f[p]!=0 */
+    /* f[i]==0 for i < p-d */
+
+    /* g has degree <=p (so it fits in p+1 coefficients) */
+    /* g[i]==0 for i < p-e */
+
+    /* u has degree <=loop (so it fits in loop+1 coefficients) */
+    /* u[i]==0 for i < p-d */
+    /* if invertible: u[i]==0 for i < loop-p (so can look at just p+1 coefficients) */
+
+    /* v has degree <=loop (so it fits in loop+1 coefficients) */
+    /* v[i]==0 for i < p-e */
+    /* v[i]==0 for i < loop-p (so can look at just p+1 coefficients) */
+
+    if (loop >= loops) break;
+
+    c = modq_quotient(g[p],f[p]);
+
+    vectormodq_minusproduct(g,p + 1,g,f,c);
+    vectormodq_shift(g,p + 1);
+
+#ifdef SIMPLER
+    vectormodq_minusproduct(v,loops + 1,v,u,c);
+    vectormodq_shift(v,loops + 1);
+#else
+    if (loop < p) {
+      vectormodq_minusproduct(v,loop + 1,v,u,c);
+      vectormodq_shift(v,loop + 2);
+    } else {
+      vectormodq_minusproduct(v + loop - p,p + 1,v + loop - p,u + loop - p,c);
+      vectormodq_shift(v + loop - p,p + 2);
+    }
+#endif
+
+    e -= 1;
+
+    ++loop;
+
+    swapmask = smaller_mask_rq_recip3(e,d) & modq_nonzero_mask(g[p]);
+    swap(&e,&d,sizeof e,swapmask);
+    swap(f,g,(p + 1) * sizeof(modq),swapmask);
+
+#ifdef SIMPLER
+    swap(u,v,(loops + 1) * sizeof(modq),swapmask);
+#else
+    if (loop < p) {
+      swap(u,v,(loop + 1) * sizeof(modq),swapmask);
+    } else {
+      swap(u + loop - p,v + loop - p,(p + 1) * sizeof(modq),swapmask);
+    }
+#endif
+  }
+
+  c = modq_reciprocal(f[p]);
+  vectormodq_product(r,p,u + p,c);
+  return smaller_mask_rq_recip3(0,d);
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_round3.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+static void rq_round3(modq *h,const modq *f)
+{
+  int i;
+
+  for (i = 0;i < p;++i)
+    h[i] = ((21846 * (f[i] + 2295) + 32768) >> 16) * 3 - 2295;
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_rounded.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+static void rq_encoderounded(unsigned char *c,const modq *f)
+{
+  crypto_int32 f0, f1, f2;
+  int i;
+
+  for (i = 0;i < p/3;++i) {
+    f0 = *f++ + qshift;
+    f1 = *f++ + qshift;
+    f2 = *f++ + qshift;
+    f0 = (21846 * f0) >> 16;
+    f1 = (21846 * f1) >> 16;
+    f2 = (21846 * f2) >> 16;
+    /* now want f0 + f1*1536 + f2*1536^2 as a 32-bit integer */
+    f2 *= 3;
+    f1 += f2 << 9;
+    f1 *= 3;
+    f0 += f1 << 9;
+    *c++ = f0; f0 >>= 8;
+    *c++ = f0; f0 >>= 8;
+    *c++ = f0; f0 >>= 8;
+    *c++ = f0;
+  }
+  /* XXX: using p mod 3 = 2 */
+  f0 = *f++ + qshift;
+  f1 = *f++ + qshift;
+  f0 = (21846 * f0) >> 16;
+  f1 = (21846 * f1) >> 16;
+  f1 *= 3;
+  f0 += f1 << 9;
+  *c++ = f0; f0 >>= 8;
+  *c++ = f0; f0 >>= 8;
+  *c++ = f0;
+}
+
+static void rq_decoderounded(modq *f,const unsigned char *c)
+{
+  crypto_uint32 c0, c1, c2, c3;
+  crypto_uint32 f0, f1, f2;
+  int i;
+
+  for (i = 0;i < p/3;++i) {
+    c0 = *c++;
+    c1 = *c++;
+    c2 = *c++;
+    c3 = *c++;
+
+    /* f0 + f1*1536 + f2*1536^2 */
+    /* = c0 + c1*256 + c2*256^2 + c3*256^3 */
+    /* with each f between 0 and 1530 */
+
+    /* f2 = (64/9)c3 + (1/36)c2 + (1/9216)c1 + (1/2359296)c0 - [0,0.99675] */
+    /* claim: 2^21 f2 < x < 2^21(f2+1) */
+    /* where x = 14913081*c3 + 58254*c2 + 228*(c1+2) */
+    /* proof: x - 2^21 f2 = 456 - (8/9)c0 + (4/9)c1 - (2/9)c2 + (1/9)c3 + 2^21 [0,0.99675] */
+    /* at least 456 - (8/9)255 - (2/9)255 > 0 */
+    /* at most 456 + (4/9)255 + (1/9)255 + 2^21 0.99675 < 2^21 */
+    f2 = (14913081*c3 + 58254*c2 + 228*(c1+2)) >> 21;
+
+    c2 += c3 << 8;
+    c2 -= (f2 * 9) << 2;
+    /* f0 + f1*1536 */
+    /* = c0 + c1*256 + c2*256^2 */
+    /* c2 <= 35 = floor((1530+1530*1536)/256^2) */
+    /* f1 = (128/3)c2 + (1/6)c1 + (1/1536)c0 - (1/1536)f0 */
+    /* claim: 2^21 f1 < x < 2^21(f1+1) */
+    /* where x = 89478485*c2 + 349525*c1 + 1365*(c0+1) */
+    /* proof: x - 2^21 f1 = 1365 - (1/3)c2 - (1/3)c1 - (1/3)c0 + (4096/3)f0 */
+    /* at least 1365 - (1/3)35 - (1/3)255 - (1/3)255 > 0 */
+    /* at most 1365 + (4096/3)1530 < 2^21 */
+    f1 = (89478485*c2 + 349525*c1 + 1365*(c0+1)) >> 21;
+
+    c1 += c2 << 8;
+    c1 -= (f1 * 3) << 1;
+
+    c0 += c1 << 8;
+    f0 = c0;
+
+    *f++ = modq_freeze(f0 * 3 + q - qshift);
+    *f++ = modq_freeze(f1 * 3 + q - qshift);
+    *f++ = modq_freeze(f2 * 3 + q - qshift);
+  }
+
+  c0 = *c++;
+  c1 = *c++;
+  c2 = *c++;
+
+  f1 = (89478485*c2 + 349525*c1 + 1365*(c0+1)) >> 21;
+
+  c1 += c2 << 8;
+  c1 -= (f1 * 3) << 1;
+
+  c0 += c1 << 8;
+  f0 = c0;
+
+  *f++ = modq_freeze(f0 * 3 + q - qshift);
+  *f++ = modq_freeze(f1 * 3 + q - qshift);
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+/* XXX: these functions rely on p mod 4 = 1 */
+
+/* all coefficients in -1, 0, 1 */
+static void small_encode(unsigned char *c,const small *f)
+{
+  small c0;
+  int i;
+
+  for (i = 0;i < p/4;++i) {
+    c0 = *f++ + 1;
+    c0 += (*f++ + 1) << 2;
+    c0 += (*f++ + 1) << 4;
+    c0 += (*f++ + 1) << 6;
+    *c++ = c0;
+  }
+  c0 = *f++ + 1;
+  *c++ = c0;
+}
+
+static void small_decode(small *f,const unsigned char *c)
+{
+  unsigned char c0;
+  int i;
+
+  for (i = 0;i < p/4;++i) {
+    c0 = *c++;
+    *f++ = ((small) (c0 & 3)) - 1; c0 >>= 2;
+    *f++ = ((small) (c0 & 3)) - 1; c0 >>= 2;
+    *f++ = ((small) (c0 & 3)) - 1; c0 >>= 2;
+    *f++ = ((small) (c0 & 3)) - 1;
+  }
+  c0 = *c++;
+  *f++ = ((small) (c0 & 3)) - 1;
+}
+
+/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.c */
+/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
+
+
+static void swap(void *x,void *y,int bytes,int mask)
+{
+  int i;
+  char xi, yi, c, t;
+
+  c = mask;
+  
+  for (i = 0;i < bytes;++i) {
+    xi = i[(char *) x];
+    yi = i[(char *) y];
+    t = c & (xi ^ yi);
+    xi ^= t;
+    yi ^= t;
+    i[(char *) x] = xi;
+    i[(char *) y] = yi;
+  }
+}
+
Index: sntrup4591761.sh
===================================================================
--- /dev/null
+++ sntrup4591761.sh
@@ -0,0 +1,57 @@
+#!/bin/sh
+#       $OpenBSD: sntrup4591761.sh,v 1.3 2019/01/30 19:51:15 markus Exp $
+#       Placed in the Public Domain.
+#
+AUTHOR="libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/implementors"
+FILES="
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.h
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.h
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/mod3.h
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/modq.h
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/params.h
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3.h
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.h
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.h
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/dec.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/enc.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/keypair.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_mult.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_recip.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomsmall.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomweightw.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_mult.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_recip3.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_round3.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_rounded.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.c
+	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.c
+"
+###
+
+set -e
+cd $1
+echo -n '/*  $'
+echo 'OpenBSD: $ */'
+echo
+echo '/*'
+echo ' * Public Domain, Authors:'
+sed -e '/Alphabetical order:/d' -e 's/^/ * - /' < $AUTHOR
+echo ' */'
+echo
+echo '#include <string.h>'
+echo '#include "crypto_api.h"'
+echo
+for i in $FILES; do
+	echo "/* from $i */"
+	b=$(basename $i .c)
+	grep \
+	   -v '#include' $i | \
+	   grep -v "extern crypto_int32 small_random32" |
+	   sed -e "s/crypto_kem_/crypto_kem_sntrup4591761_/g" \
+		-e "s/smaller_mask/smaller_mask_${b}/g" \
+		-e "s/^extern void /static void /" \
+		-e "s/^void /static void /"
+	echo
+done
Index: ssh-add.0
===================================================================
--- ssh-add.0
+++ ssh-add.0
@@ -4,9 +4,10 @@
      ssh-add M-bM-^@M-^S adds private key identities to the authentication agent
 
 SYNOPSIS
-     ssh-add [-cDdkLlqXx] [-E fingerprint_hash] [-t life] [file ...]
+     ssh-add [-cDdkLlqvXx] [-E fingerprint_hash] [-t life] [file ...]
      ssh-add -s pkcs11
      ssh-add -e pkcs11
+     ssh-add -T pubkey ...
 
 DESCRIPTION
      ssh-add adds private key identities to the authentication agent,
@@ -65,11 +66,20 @@
      -s pkcs11
              Add keys provided by the PKCS#11 shared library pkcs11.
 
+     -T pubkey ...
+             Tests whether the private keys that correspond to the specified
+             pubkey files are usable by performing sign and verify operations
+             on each.
+
      -t life
              Set a maximum lifetime when adding identities to an agent.  The
              lifetime may be specified in seconds or in a time format
              specified in sshd_config(5).
 
+     -v      Verbose mode.  Causes ssh-add to print debugging messages about
+             its progress.  This is helpful in debugging problems.  Multiple
+             -v options increase the verbosity.  The maximum is 3.
+
      -X      Unlock the agent.
 
      -x      Lock the agent with a password.
@@ -120,4 +130,4 @@
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 6.4                     August 29, 2017                    OpenBSD 6.4
+OpenBSD 6.6                    January 21, 2019                    OpenBSD 6.6
Index: ssh-add.1
===================================================================
--- ssh-add.1
+++ ssh-add.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.66 2017/08/29 13:05:58 jmc Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.69 2019/01/21 12:53:35 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 29 2017 $
+.Dd $Mdocdate: January 21 2019 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -43,7 +43,7 @@
 .Nd adds private key identities to the authentication agent
 .Sh SYNOPSIS
 .Nm ssh-add
-.Op Fl cDdkLlqXx
+.Op Fl cDdkLlqvXx
 .Op Fl E Ar fingerprint_hash
 .Op Fl t Ar life
 .Op Ar
@@ -51,6 +51,9 @@
 .Fl s Ar pkcs11
 .Nm ssh-add
 .Fl e Ar pkcs11
+.Nm ssh-add
+.Fl T
+.Ar pubkey ...
 .Sh DESCRIPTION
 .Nm
 adds private key identities to the authentication agent,
@@ -131,11 +134,25 @@
 .It Fl s Ar pkcs11
 Add keys provided by the PKCS#11 shared library
 .Ar pkcs11 .
+.It Fl T Ar pubkey ...
+Tests whether the private keys that correspond to the specified
+.Ar pubkey
+files are usable by performing sign and verify operations on each.
 .It Fl t Ar life
 Set a maximum lifetime when adding identities to an agent.
 The lifetime may be specified in seconds or in a time format
 specified in
 .Xr sshd_config 5 .
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+This is helpful in debugging problems.
+Multiple
+.Fl v
+options increase the verbosity.
+The maximum is 3.
 .It Fl X
 Unlock the agent.
 .It Fl x
Index: ssh-add.c
===================================================================
--- ssh-add.c
+++ ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.136 2018/09/19 02:03:02 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.141 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -40,8 +40,10 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 
-#include <openssl/evp.h>
-#include "openbsd-compat/openssl-compat.h"
+#ifdef WITH_OPENSSL
+# include <openssl/evp.h>
+# include "openbsd-compat/openssl-compat.h"
+#endif
 
 #include <errno.h>
 #include <fcntl.h>
@@ -203,7 +205,7 @@
 	if (strcmp(filename, "-") == 0) {
 		fd = STDIN_FILENO;
 		filename = "(stdin)";
-	} else if ((fd = open(filename, O_RDONLY)) < 0) {
+	} else if ((fd = open(filename, O_RDONLY)) == -1) {
 		perror(filename);
 		return -1;
 	}
@@ -418,6 +420,40 @@
 }
 
 static int
+test_key(int agent_fd, const char *filename)
+{
+	struct sshkey *key = NULL;
+	u_char *sig = NULL;
+	size_t slen = 0;
+	int r, ret = -1;
+	char data[1024];
+
+	if ((r = sshkey_load_public(filename, &key, NULL)) != 0) {
+		error("Couldn't read public key %s: %s", filename, ssh_err(r));
+		return -1;
+	}
+	arc4random_buf(data, sizeof(data));
+	if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data),
+	    NULL, 0)) != 0) {
+		error("Agent signature failed for %s: %s",
+		    filename, ssh_err(r));
+		goto done;
+	}
+	if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
+	    NULL, 0)) != 0) {
+		error("Signature verification failed for %s: %s",
+		    filename, ssh_err(r));
+		goto done;
+	}
+	/* success */
+	ret = 0;
+ done:
+	free(sig);
+	sshkey_free(key);
+	return ret;
+}
+
+static int
 list_identities(int agent_fd, int do_fp)
 {
 	char *fp;
@@ -524,7 +560,9 @@
 	fprintf(stderr, "  -X          Unlock agent.\n");
 	fprintf(stderr, "  -s pkcs11   Add keys from PKCS#11 provider.\n");
 	fprintf(stderr, "  -e pkcs11   Remove keys provided by PKCS#11 provider.\n");
+	fprintf(stderr, "  -T pubkey   Test if ssh-agent can access matching private key.\n");
 	fprintf(stderr, "  -q          Be quiet after a successful operation.\n");
+	fprintf(stderr, "  -v          Be more verbose.\n");
 }
 
 int
@@ -535,18 +573,17 @@
 	int agent_fd;
 	char *pkcs11provider = NULL;
 	int r, i, ch, deleting = 0, ret = 0, key_only = 0;
-	int xflag = 0, lflag = 0, Dflag = 0, qflag = 0;
+	int xflag = 0, lflag = 0, Dflag = 0, qflag = 0, Tflag = 0;
+	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
+	LogLevel log_level = SYSLOG_LEVEL_INFO;
 
-	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
 	__progname = ssh_get_progname(argv[0]);
 	seed_rng();
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-#endif
+	log_init(__progname, log_level, log_facility, 1);
 
 	setvbuf(stdout, NULL, _IOLBF, 0);
 
@@ -563,8 +600,14 @@
 		exit(2);
 	}
 
-	while ((ch = getopt(argc, argv, "klLcdDxXE:e:M:m:qs:t:")) != -1) {
+	while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:qs:t:")) != -1) {
 		switch (ch) {
+		case 'v':
+			if (log_level == SYSLOG_LEVEL_INFO)
+				log_level = SYSLOG_LEVEL_DEBUG1;
+			else if (log_level < SYSLOG_LEVEL_DEBUG3)
+				log_level++;
+			break;
 		case 'E':
 			fingerprint_hash = ssh_digest_alg_by_name(optarg);
 			if (fingerprint_hash == -1)
@@ -627,12 +670,16 @@
 		case 'q':
 			qflag = 1;
 			break;
+		case 'T':
+			Tflag = 1;
+			break;
 		default:
 			usage();
 			ret = 1;
 			goto done;
 		}
 	}
+	log_init(__progname, log_level, log_facility, 1);
 
 	if ((xflag != 0) + (lflag != 0) + (Dflag != 0) > 1)
 		fatal("Invalid combination of actions");
@@ -652,6 +699,14 @@
 
 	argc -= optind;
 	argv += optind;
+	if (Tflag) {
+		if (argc <= 0)
+			fatal("no keys to test");
+		for (r = i = 0; i < argc; i++)
+			r |= test_key(agent_fd, argv[i]);
+		ret = r == 0 ? 0 : 1;
+		goto done;
+	}
 	if (pkcs11provider != NULL) {
 		if (update_card(agent_fd, !deleting, pkcs11provider,
 		    qflag) == -1)
@@ -674,7 +729,7 @@
 		for (i = 0; default_files[i]; i++) {
 			snprintf(buf, sizeof(buf), "%s/%s", pw->pw_dir,
 			    default_files[i]);
-			if (stat(buf, &st) < 0)
+			if (stat(buf, &st) == -1)
 				continue;
 			if (do_file(agent_fd, deleting, key_only, buf,
 			    qflag) == -1)
Index: ssh-agent.0
===================================================================
--- ssh-agent.0
+++ ssh-agent.0
@@ -117,4 +117,4 @@
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 6.4                    November 30, 2016                   OpenBSD 6.4
+OpenBSD 6.6                    November 30, 2016                   OpenBSD 6.6
Index: ssh-agent.c
===================================================================
--- ssh-agent.c
+++ ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.231 2018/05/11 03:38:51 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.237 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -96,6 +96,8 @@
 
 /* Maximum accepted message length */
 #define AGENT_MAX_LEN	(256*1024)
+/* Maximum bytes to read from client socket */
+#define AGENT_RBUF_LEN	(4096)
 
 typedef enum {
 	AUTH_UNUSED,
@@ -267,6 +269,11 @@
 			return "rsa-sha2-256";
 		else if (flags & SSH_AGENT_RSA_SHA2_512)
 			return "rsa-sha2-512";
+	} else if (key->type == KEY_RSA_CERT) {
+		if (flags & SSH_AGENT_RSA_SHA2_256)
+			return "rsa-sha2-256-cert-v01@openssh.com";
+		else if (flags & SSH_AGENT_RSA_SHA2_512)
+			return "rsa-sha2-512-cert-v01@openssh.com";
 	}
 	return NULL;
 }
@@ -416,7 +423,10 @@
 		error("%s: decode private key: %s", __func__, ssh_err(r));
 		goto err;
 	}
-
+	if ((r = sshkey_shield_private(k)) != 0) {
+		error("%s: shield private key: %s", __func__, ssh_err(r));
+		goto err;
+	}
 	while (sshbuf_len(e->request)) {
 		if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) {
 			error("%s: buffer error: %s", __func__, ssh_err(r));
@@ -817,11 +827,11 @@
 
 	slen = sizeof(sunaddr);
 	fd = accept(sockets[socknum].fd, (struct sockaddr *)&sunaddr, &slen);
-	if (fd < 0) {
+	if (fd == -1) {
 		error("accept from AUTH_SOCKET: %s", strerror(errno));
 		return -1;
 	}
-	if (getpeereid(fd, &euid, &egid) < 0) {
+	if (getpeereid(fd, &euid, &egid) == -1) {
 		error("getpeereid %d failed: %s", fd, strerror(errno));
 		close(fd);
 		return -1;
@@ -839,7 +849,7 @@
 static int
 handle_conn_read(u_int socknum)
 {
-	char buf[1024];
+	char buf[AGENT_RBUF_LEN];
 	ssize_t len;
 	int r;
 
@@ -946,6 +956,7 @@
 	struct pollfd *pfd = *pfdp;
 	size_t i, j, npfd = 0;
 	time_t deadline;
+	int r;
 
 	/* Count active sockets */
 	for (i = 0; i < sockets_alloc; i++) {
@@ -983,8 +994,19 @@
 		case AUTH_CONNECTION:
 			pfd[j].fd = sockets[i].fd;
 			pfd[j].revents = 0;
-			/* XXX backoff when input buffer full */
-			pfd[j].events = POLLIN;
+			/*
+			 * Only prepare to read if we can handle a full-size
+			 * input read buffer and enqueue a max size reply..
+			 */
+			if ((r = sshbuf_check_reserve(sockets[i].input,
+			    AGENT_RBUF_LEN)) == 0 &&
+			    (r = sshbuf_check_reserve(sockets[i].output,
+			     AGENT_MAX_LEN)) == 0)
+				pfd[j].events = POLLIN;
+			else if (r != SSH_ERR_NO_BUFFER_SPACE) {
+				fatal("%s: buffer error: %s",
+				    __func__, ssh_err(r));
+			}
 			if (sshbuf_len(sockets[i].output) > 0)
 				pfd[j].events |= POLLOUT;
 			j++;
@@ -1082,7 +1104,6 @@
 	size_t npfd = 0;
 	u_int maxfds;
 
-	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
@@ -1095,10 +1116,6 @@
 	if (getrlimit(RLIMIT_NOFILE, &rlim) == -1)
 		fatal("%s: getrlimit: %s", __progname, strerror(errno));
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-#endif
-
 	__progname = ssh_get_progname(av[0]);
 	seed_rng();
 
@@ -1199,7 +1216,7 @@
 	 */
 #define SSH_AGENT_MIN_FDS (3+1+1+1+4)
 	if (rlim.rlim_cur < SSH_AGENT_MIN_FDS)
-		fatal("%s: file descriptior rlimit %lld too low (minimum %u)",
+		fatal("%s: file descriptor rlimit %lld too low (minimum %u)",
 		    __progname, (long long)rlim.rlim_cur, SSH_AGENT_MIN_FDS);
 	maxfds = rlim.rlim_cur - SSH_AGENT_MIN_FDS;
 
@@ -1295,7 +1312,7 @@
 #ifdef HAVE_SETRLIMIT
 	/* deny core dumps, since memory contains unencrypted private keys */
 	rlim.rlim_cur = rlim.rlim_max = 0;
-	if (setrlimit(RLIMIT_CORE, &rlim) < 0) {
+	if (setrlimit(RLIMIT_CORE, &rlim) == -1) {
 		error("setrlimit RLIMIT_CORE: %s", strerror(errno));
 		cleanup_exit(1);
 	}
@@ -1328,7 +1345,7 @@
 		if (parent_alive_interval != 0)
 			check_parent_exists();
 		(void) reaper();	/* remove expired keys */
-		if (result < 0) {
+		if (result == -1) {
 			if (saved_errno == EINTR)
 				continue;
 			fatal("poll: %s", strerror(saved_errno));
Index: ssh-ecdsa.c
===================================================================
--- ssh-ecdsa.c
+++ ssh-ecdsa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa.c,v 1.14 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: ssh-ecdsa.c,v 1.16 2019/01/21 09:54:11 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -151,15 +151,13 @@
 	}
 
 	/* parse signature */
-	if ((sig = ECDSA_SIG_new()) == NULL ||
-	    (sig_r = BN_new()) == NULL ||
-	    (sig_s = BN_new()) == NULL) {
-		ret = SSH_ERR_ALLOC_FAIL;
+	if (sshbuf_get_bignum2(sigbuf, &sig_r) != 0 ||
+	    sshbuf_get_bignum2(sigbuf, &sig_s) != 0) {
+		ret = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
-	if (sshbuf_get_bignum2(sigbuf, sig_r) != 0 ||
-	    sshbuf_get_bignum2(sigbuf, sig_s) != 0) {
-		ret = SSH_ERR_INVALID_FORMAT;
+	if ((sig = ECDSA_SIG_new()) == NULL) {
+		ret = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 	if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) {
Index: ssh-keygen.0
===================================================================
--- ssh-keygen.0
+++ ssh-keygen.0
@@ -4,31 +4,36 @@
      ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
 
 SYNOPSIS
-     ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]
-                [-N new_passphrase] [-C comment] [-f output_keyfile]
-     ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
-     ssh-keygen -i [-m key_format] [-f input_keyfile]
-     ssh-keygen -e [-m key_format] [-f input_keyfile]
+     ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]
+                [-N new_passphrase] [-t dsa | ecdsa | ed25519 | rsa]
+     ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]
+                [-P old_passphrase]
+     ssh-keygen -i [-f input_keyfile] [-m key_format]
+     ssh-keygen -e [-f input_keyfile] [-m key_format]
      ssh-keygen -y [-f input_keyfile]
-     ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
+     ssh-keygen -c [-C comment] [-f keyfile] [-P passphrase]
      ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
      ssh-keygen -B [-f input_keyfile]
      ssh-keygen -D pkcs11
-     ssh-keygen -F hostname [-f known_hosts_file] [-l]
+     ssh-keygen -F hostname [-lv] [-f known_hosts_file]
      ssh-keygen -H [-f known_hosts_file]
      ssh-keygen -R hostname [-f known_hosts_file]
-     ssh-keygen -r hostname [-f input_keyfile] [-g]
+     ssh-keygen -r hostname [-g] [-f input_keyfile]
      ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
-     ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
+     ssh-keygen -f input_file -T output_file [-v] [-a rounds] [-J num_lines]
                 [-j start_line] [-K checkpt] [-W generator]
-     ssh-keygen -s ca_key -I certificate_identity [-h] [-U]
-                [-D pkcs11_provider] [-n principals] [-O option]
-                [-V validity_interval] [-z serial_number] file ...
+     ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
+                [-n principals] [-O option] [-V validity_interval]
+                [-z serial_number] file ...
      ssh-keygen -L [-f input_keyfile]
      ssh-keygen -A [-f prefix_path]
      ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
                 file ...
      ssh-keygen -Q -f krl_file file ...
+     ssh-keygen -Y check-novalidate -n namespace -s signature_file
+     ssh-keygen -Y sign -f key_file -n namespace file ...
+     ssh-keygen -Y verify -f allowed_signers_file -I signer_identity
+                -n namespace -s signature_file [-r revocation_file]
 
 DESCRIPTION
      ssh-keygen generates, manages and converts authentication keys for
@@ -68,12 +73,18 @@
      or forgotten, a new key must be generated and the corresponding public
      key copied to other machines.
 
-     For keys stored in the newer OpenSSH format, there is also a comment
-     field in the key file that is only for convenience to the user to help
-     identify the key.  The comment can tell what the key is for, or whatever
-     is useful.  The comment is initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is
-     created, but can be changed using the -c option.
+     ssh-keygen will by default write keys in an OpenSSH-specific format.
+     This format is preferred as it offers better protection for keys at rest
+     as well as allowing storage of key comments within the private key file
+     itself.  The key comment may be useful to help identify the key.  The
+     comment is initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be
+     changed using the -c option.
 
+     It is still possible for ssh-keygen to write the previously-used PEM
+     format private keys using the -m flag.  This may be used when generating
+     new keys, and existing new-format keys may be converted using this option
+     in conjunction with the -p (change passphrase) flag.
+
      After a key is generated, instructions below detail where the keys should
      be placed to be activated.
 
@@ -88,12 +99,12 @@
              new host keys.
 
      -a rounds
-             When saving a private key this option specifies the number of KDF
-             (key derivation function) rounds used.  Higher numbers result in
-             slower passphrase verification and increased resistance to brute-
-             force password cracking (should the keys be stolen).
+             When saving a private key, this option specifies the number of
+             KDF (key derivation function) rounds used.  Higher numbers result
+             in slower passphrase verification and increased resistance to
+             brute-force password cracking (should the keys be stolen).
 
-             When screening DH-GEX candidates (using the -T command).  This
+             When screening DH-GEX candidates (using the -T command), this
              option specifies the number of primality tests to perform.
 
      -B      Show the bubblebabble digest of specified private or public key
@@ -101,8 +112,8 @@
 
      -b bits
              Specifies the number of bits in the key to create.  For RSA keys,
-             the minimum size is 1024 bits and the default is 2048 bits.
-             Generally, 2048 bits is considered sufficient.  DSA keys must be
+             the minimum size is 1024 bits and the default is 3072 bits.
+             Generally, 3072 bits is considered sufficient.  DSA keys must be
              exactly 1024 bits as specified by FIPS 186-2.  For ECDSA keys,
              the -b flag determines the key length by selecting from one of
              three elliptic curve sizes: 256, 384 or 521 bits.  Attempting to
@@ -119,10 +130,10 @@
              new comment.
 
      -D pkcs11
-             Download the RSA public keys provided by the PKCS#11 shared
-             library pkcs11.  When used in combination with -s, this option
-             indicates that a CA key resides in a PKCS#11 token (see the
-             CERTIFICATES section for details).
+             Download the public keys provided by the PKCS#11 shared library
+             pkcs11.  When used in combination with -s, this option indicates
+             that a CA key resides in a PKCS#11 token (see the CERTIFICATES
+             section for details).
 
      -E fingerprint_hash
              Specifies the hash algorithm used when displaying key
@@ -130,16 +141,17 @@
              default is M-bM-^@M-^\sha256M-bM-^@M-^].
 
      -e      This option will read a private or public OpenSSH key file and
-             print to stdout the key in one of the formats specified by the -m
-             option.  The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^].  This option
-             allows exporting OpenSSH keys for use by other programs,
+             print to stdout a public key in one of the formats specified by
+             the -m option.  The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^].  This
+             option allows exporting OpenSSH keys for use by other programs,
              including several commercial SSH implementations.
 
-     -F hostname
-             Search for the specified hostname in a known_hosts file, listing
-             any occurrences found.  This option is useful to find hashed host
-             names or addresses and may also be used in conjunction with the
-             -H option to print found keys in a hashed format.
+     -F hostname | [hostname]:port
+             Search for the specified hostname (with optional port number) in
+             a known_hosts file, listing any occurrences found.  This option
+             is useful to find hashed host names or addresses and may also be
+             used in conjunction with the -H option to print found keys in a
+             hashed format.
 
      -f filename
              Specifies the filename of the key file.
@@ -206,13 +218,17 @@
              generating candidate moduli for DH-GEX.
 
      -m key_format
-             Specify a key format for the -i (import) or -e (export)
-             conversion options.  The supported key formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^]
-             (RFC 4716/SSH2 public or private key), M-bM-^@M-^\PKCS8M-bM-^@M-^] (PEM PKCS8 public
-             key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key).  The default conversion format is
-             M-bM-^@M-^\RFC4716M-bM-^@M-^].  Setting a format of M-bM-^@M-^\PEMM-bM-^@M-^] when generating or updating
-             a supported private key type will cause the key to be stored in
-             the legacy PEM private key format.
+             Specify a key format for key generation, the -i (import), -e
+             (export) conversion options, and the -p change passphrase
+             operation.  The latter may be used to convert between OpenSSH
+             private key and PEM private key formats.  The supported key
+             formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^] (RFC 4716/SSH2 public or private key),
+             M-bM-^@M-^\PKCS8M-bM-^@M-^] (PKCS8 public or private key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key).
+             By default OpenSSH will write newly-generated private keys in its
+             own format, but when converting public keys for export the
+             default format is M-bM-^@M-^\RFC4716M-bM-^@M-^].  Setting a format of M-bM-^@M-^\PEMM-bM-^@M-^] when
+             generating or updating a supported private key type will cause
+             the key to be stored in the legacy PEM private key format.
 
      -N new_passphrase
              Provides the new passphrase.
@@ -301,10 +317,10 @@
 
      -q      Silence ssh-keygen.
 
-     -R hostname
-             Removes all keys belonging to hostname from a known_hosts file.
-             This option is useful to delete hashed hosts (see the -H option
-             above).
+     -R hostname | [hostname]:port
+             Removes all keys belonging to the specified hostname (with
+             optional port number) from a known_hosts file.  This option is
+             useful to delete hashed hosts (see the -H option above).
 
      -r hostname
              Print the SSHFP fingerprint resource record named hostname for
@@ -330,6 +346,11 @@
              Specifies the type of key to create.  The possible values are
              M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^].
 
+             This flag may also be used to specify the desired signature type
+             when signing certificates using an RSA CA key.  The available RSA
+             signature variants are M-bM-^@M-^\ssh-rsaM-bM-^@M-^] (SHA1 signatures, not
+             recommended), M-bM-^@M-^\rsa-sha2-256M-bM-^@M-^], and M-bM-^@M-^\rsa-sha2-512M-bM-^@M-^] (the default).
+
      -U      When used in combination with -s, this option indicates that a CA
              key resides in a ssh-agent(1).  See the CERTIFICATES section for
              more information.
@@ -376,10 +397,53 @@
      -y      This option will read a private OpenSSH format file and print an
              OpenSSH public key to stdout.
 
+     -Y sign
+             Cryptographically sign a file or some data using a SSH key.  When
+             signing, ssh-keygen accepts zero or more files to sign on the
+             command-line - if no files are specified then ssh-keygen will
+             sign data presented on standard input.  Signatures are written to
+             the path of the input file with M-bM-^@M-^\.sigM-bM-^@M-^] appended, or to standard
+             output if the message to be signed was read from standard input.
+
+             The key used for signing is specified using the -f option and may
+             refer to either a private key, or a public key with the private
+             half available via ssh-agent(1).  An additional signature
+             namespace, used to prevent signature confusion across different
+             domains of use (e.g. file signing vs email signing) must be
+             provided via the -n flag.  Namespaces are arbitrary strings, and
+             may include: M-bM-^@M-^\fileM-bM-^@M-^] for file signing, M-bM-^@M-^\emailM-bM-^@M-^] for email signing.
+             For custom uses, it is recommended to use names following a
+             NAMESPACE@YOUR.DOMAIN pattern to generate unambiguous namespaces.
+
+     -Y verify
+             Request to verify a signature generated using ssh-keygen -Y sign
+             as described above.  When verifying a signature, ssh-keygen
+             accepts a message on standard input and a signature namespace
+             using -n.  A file containing the corresponding signature must
+             also be supplied using the -s flag, along with the identity of
+             the signer using -I and a list of allowed signers via the -f
+             flag.  The format of the allowed signers file is documented in
+             the ALLOWED SIGNERS section below.  A file containing revoked
+             keys can be passed using the -r flag.  The revocation file may be
+             a KRL or a one-per-line list of public keys.  Successful
+             verification by an authorized signer is signalled by ssh-keygen
+
+     -Y check-novalidate
+             Checks that a signature generated using ssh-keygen -Y sign has a
+             valid structure.  This does not validate if a signature comes
+             from an authorized signer.  When testing a signature, ssh-keygen
+             accepts a message on standard input and a signature namespace
+             using -n.  A file containing the corresponding signature must
+             also be supplied using the -s flag.  Successful testing of the
+             signature is signalled by ssh-keygen returning a zero exit
+             status.
+
      -z serial_number
              Specifies a serial number to be embedded in the certificate to
-             distinguish this certificate from others from the same CA.  The
-             default serial number is zero.
+             distinguish this certificate from others from the same CA.  If
+             the serial_number is prefixed with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the
+             serial number will be incremented for each certificate signed on
+             a single command-line.  The default serial number is zero.
 
              When generating a KRL, the -z flag is used to specify a KRL
              version number.
@@ -542,6 +606,51 @@
      non-zero exit status.  A zero exit status will only be returned if no key
      was revoked.
 
+ALLOWED SIGNERS
+     When verifying signatures, ssh-keygen uses a simple list of identities
+     and keys to determine whether a signature comes from an authorized
+     source.  This "allowed signers" file uses a format patterned after the
+     AUTHORIZED_KEYS FILE FORMAT described in sshd(8).  Each line of the file
+     contains the following space-separated fields: principals, options,
+     keytype, base64-encoded key.  Empty lines and lines starting with a M-bM-^@M-^X#M-bM-^@M-^Y
+     are ignored as comments.
+
+     The principals field is a pattern-list (See PATTERNS in ssh_config(5))
+     consisting of one or more comma-separated USER@DOMAIN identity patterns
+     that are accepted for signing.  When verifying, the identity presented
+     via the -I -option must match a principals pattern in order for the
+     corresponding key to be considered acceptable for verification.
+
+     The options (if present) consist of comma-separated option
+     specifications.  No spaces are permitted, except within double quotes.
+     The following option specifications are supported (note that option
+     keywords are case-insensitive):
+
+     cert-authority
+             Indicates that this key is accepted as a certificate authority
+             (CA) and that certificates signed by this CA may be accepted for
+             verification.
+
+     namespaces="namespace-list"
+             Specifies a pattern-list of namespaces that are accepted for this
+             key.  If this option is present, the signature namespace embedded
+             in the signature object and presented on the verification
+             command-line must match the specified list before the key will be
+             considered acceptable.
+
+     When verifying signatures made by certificates, the expected principal
+     name must match both the principals pattern in the allowed signers file
+     and the principals embedded in the certificate itself.
+
+     An example allowed signers file:
+
+        # Comments allowed at start of line
+        user1@example.com,user2@example.com ssh-rsa AAAAX1...
+        # A certificate authority, trusted for all principals in a domain.
+        *@example.com cert-authority ssh-ed25519 AAAB4...
+        # A key that is accepted only for file signing.
+        user2@example.com namespaces="file" ssh-ed25519 AAA41...
+
 FILES
      ~/.ssh/id_dsa
      ~/.ssh/id_ecdsa
@@ -582,4 +691,4 @@
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 6.4                   September 12, 2018                   OpenBSD 6.4
+OpenBSD 6.6                     October 3, 2019                    OpenBSD 6.6
Index: ssh-keygen.1
===================================================================
--- ssh-keygen.1
+++ ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.150 2018/09/12 06:18:59 djm Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.171 2019/10/03 17:07:50 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,42 +35,43 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 12 2018 $
+.Dd $Mdocdate: October 3 2019 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
 .Nm ssh-keygen
 .Nd authentication key generation, management and conversion
 .Sh SYNOPSIS
-.Bk -words
 .Nm ssh-keygen
 .Op Fl q
 .Op Fl b Ar bits
-.Op Fl t Cm dsa | ecdsa | ed25519 | rsa
-.Op Fl N Ar new_passphrase
 .Op Fl C Ar comment
 .Op Fl f Ar output_keyfile
+.Op Fl m Ar format
+.Op Fl N Ar new_passphrase
+.Op Fl t Cm dsa | ecdsa | ed25519 | rsa
 .Nm ssh-keygen
 .Fl p
-.Op Fl P Ar old_passphrase
-.Op Fl N Ar new_passphrase
 .Op Fl f Ar keyfile
+.Op Fl m Ar format
+.Op Fl N Ar new_passphrase
+.Op Fl P Ar old_passphrase
 .Nm ssh-keygen
 .Fl i
-.Op Fl m Ar key_format
 .Op Fl f Ar input_keyfile
+.Op Fl m Ar key_format
 .Nm ssh-keygen
 .Fl e
-.Op Fl m Ar key_format
 .Op Fl f Ar input_keyfile
+.Op Fl m Ar key_format
 .Nm ssh-keygen
 .Fl y
 .Op Fl f Ar input_keyfile
 .Nm ssh-keygen
 .Fl c
-.Op Fl P Ar passphrase
 .Op Fl C Ar comment
 .Op Fl f Ar keyfile
+.Op Fl P Ar passphrase
 .Nm ssh-keygen
 .Fl l
 .Op Fl v
@@ -83,8 +84,8 @@
 .Fl D Ar pkcs11
 .Nm ssh-keygen
 .Fl F Ar hostname
+.Op Fl lv
 .Op Fl f Ar known_hosts_file
-.Op Fl l
 .Nm ssh-keygen
 .Fl H
 .Op Fl f Ar known_hosts_file
@@ -93,8 +94,8 @@
 .Op Fl f Ar known_hosts_file
 .Nm ssh-keygen
 .Fl r Ar hostname
-.Op Fl f Ar input_keyfile
 .Op Fl g
+.Op Fl f Ar input_keyfile
 .Nm ssh-keygen
 .Fl G Ar output_file
 .Op Fl v
@@ -102,8 +103,8 @@
 .Op Fl M Ar memory
 .Op Fl S Ar start_point
 .Nm ssh-keygen
-.Fl T Ar output_file
 .Fl f Ar input_file
+.Fl T Ar output_file
 .Op Fl v
 .Op Fl a Ar rounds
 .Op Fl J Ar num_lines
@@ -111,10 +112,9 @@
 .Op Fl K Ar checkpt
 .Op Fl W Ar generator
 .Nm ssh-keygen
-.Fl s Ar ca_key
 .Fl I Ar certificate_identity
-.Op Fl h
-.Op Fl U
+.Fl s Ar ca_key
+.Op Fl hU
 .Op Fl D Ar pkcs11_provider
 .Op Fl n Ar principals
 .Op Fl O Ar option
@@ -138,7 +138,22 @@
 .Fl Q
 .Fl f Ar krl_file
 .Ar
-.Ek
+.Nm ssh-keygen
+.Fl Y Cm check-novalidate
+.Fl n Ar namespace
+.Fl s Ar signature_file
+.Nm ssh-keygen
+.Fl Y Cm sign
+.Fl f Ar key_file
+.Fl n Ar namespace
+.Ar
+.Nm ssh-keygen
+.Fl Y Cm verify
+.Fl f Ar allowed_signers_file
+.Fl I Ar signer_identity
+.Fl n Ar namespace
+.Fl s Ar signature_file
+.Op Fl r Ar revocation_file
 .Sh DESCRIPTION
 .Nm
 generates, manages and converts authentication keys for
@@ -205,16 +220,28 @@
 If the passphrase is lost or forgotten, a new key must be generated
 and the corresponding public key copied to other machines.
 .Pp
-For keys stored in the newer OpenSSH format,
-there is also a comment field in the key file that is only for
-convenience to the user to help identify the key.
-The comment can tell what the key is for, or whatever is useful.
+.Nm
+will by default write keys in an OpenSSH-specific format.
+This format is preferred as it offers better protection for
+keys at rest as well as allowing storage of key comments within
+the private key file itself.
+The key comment may be useful to help identify the key.
 The comment is initialized to
 .Dq user@host
 when the key is created, but can be changed using the
 .Fl c
 option.
 .Pp
+It is still possible for
+.Nm
+to write the previously-used PEM format private keys using the
+.Fl m
+flag.
+This may be used when generating new keys, and existing new-format
+keys may be converted using this option in conjunction with the
+.Fl p
+(change passphrase) flag.
+.Pp
 After a key is generated, instructions below detail where the keys
 should be placed to be activated.
 .Pp
@@ -233,21 +260,21 @@
 .Pa /etc/rc
 to generate new host keys.
 .It Fl a Ar rounds
-When saving a private key this option specifies the number of KDF
+When saving a private key, this option specifies the number of KDF
 (key derivation function) rounds used.
 Higher numbers result in slower passphrase verification and increased
 resistance to brute-force password cracking (should the keys be stolen).
 .Pp
 When screening DH-GEX candidates (using the
 .Fl T
-command).
-This option specifies the number of primality tests to perform.
+command),
+this option specifies the number of primality tests to perform.
 .It Fl B
 Show the bubblebabble digest of specified private or public key file.
 .It Fl b Ar bits
 Specifies the number of bits in the key to create.
-For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
-Generally, 2048 bits is considered sufficient.
+For RSA keys, the minimum size is 1024 bits and the default is 3072 bits.
+Generally, 3072 bits is considered sufficient.
 DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
 For ECDSA keys, the
 .Fl b
@@ -265,7 +292,7 @@
 The program will prompt for the file containing the private keys, for
 the passphrase if the key has one, and for the new comment.
 .It Fl D Ar pkcs11
-Download the RSA public keys provided by the PKCS#11 shared library
+Download the public keys provided by the PKCS#11 shared library
 .Ar pkcs11 .
 When used in combination with
 .Fl s ,
@@ -282,16 +309,17 @@
 .Dq sha256 .
 .It Fl e
 This option will read a private or public OpenSSH key file and
-print to stdout the key in one of the formats specified by the
+print to stdout a public key in one of the formats specified by the
 .Fl m
 option.
 The default export format is
 .Dq RFC4716 .
 This option allows exporting OpenSSH keys for use by other programs, including
 several commercial SSH implementations.
-.It Fl F Ar hostname
+.It Fl F Ar hostname | [hostname]:port
 Search for the specified
 .Ar hostname
+(with optional port number)
 in a
 .Pa known_hosts
 file, listing any occurrences found.
@@ -391,20 +419,25 @@
 Specify the amount of memory to use (in megabytes) when generating
 candidate moduli for DH-GEX.
 .It Fl m Ar key_format
-Specify a key format for the
+Specify a key format for key generation, the
 .Fl i
-(import) or
+(import),
 .Fl e
-(export) conversion options.
+(export) conversion options, and the
+.Fl p
+change passphrase operation.
+The latter may be used to convert between OpenSSH private key and PEM
+private key formats.
 The supported key formats are:
 .Dq RFC4716
 (RFC 4716/SSH2 public or private key),
 .Dq PKCS8
-(PEM PKCS8 public key)
+(PKCS8 public or private key)
 or
 .Dq PEM
 (PEM public key).
-The default conversion format is
+By default OpenSSH will write newly-generated private keys in its own
+format, but when converting public keys for export the default format is
 .Dq RFC4716 .
 Setting a format of
 .Dq PEM
@@ -517,9 +550,10 @@
 .It Fl q
 Silence
 .Nm ssh-keygen .
-.It Fl R Ar hostname
-Removes all keys belonging to
+.It Fl R Ar hostname | [hostname]:port
+Removes all keys belonging to the specified
 .Ar hostname
+(with optional port number)
 from a
 .Pa known_hosts
 file.
@@ -557,6 +591,16 @@
 .Dq ed25519 ,
 or
 .Dq rsa .
+.Pp
+This flag may also be used to specify the desired signature type when
+signing certificates using an RSA CA key.
+The available RSA signature variants are
+.Dq ssh-rsa
+(SHA1 signatures, not recommended),
+.Dq rsa-sha2-256 ,
+and
+.Dq rsa-sha2-512
+(the default).
 .It Fl U
 When used in combination with
 .Fl s ,
@@ -617,9 +661,86 @@
 .It Fl y
 This option will read a private
 OpenSSH format file and print an OpenSSH public key to stdout.
+.It Fl Y Cm sign
+Cryptographically sign a file or some data using a SSH key.
+When signing,
+.Nm
+accepts zero or more files to sign on the command-line - if no files
+are specified then
+.Nm
+will sign data presented on standard input.
+Signatures are written to the path of the input file with
+.Dq .sig
+appended, or to standard output if the message to be signed was read from
+standard input.
+.Pp
+The key used for signing is specified using the
+.Fl f
+option and may refer to either a private key, or a public key with the private
+half available via
+.Xr ssh-agent 1 .
+An additional signature namespace, used to prevent signature confusion across
+different domains of use (e.g. file signing vs email signing) must be provided
+via the
+.Fl n
+flag.
+Namespaces are arbitrary strings, and may include:
+.Dq file
+for file signing,
+.Dq email
+for email signing.
+For custom uses, it is recommended to use names following a
+NAMESPACE@YOUR.DOMAIN pattern to generate unambiguous namespaces.
+.It Fl Y Cm verify
+Request to verify a signature generated using
+.Nm
+.Fl Y Cm sign
+as described above.
+When verifying a signature,
+.Nm
+accepts a message on standard input and a signature namespace using
+.Fl n .
+A file containing the corresponding signature must also be supplied using the
+.Fl s
+flag, along with the identity of the signer using
+.Fl I
+and a list of allowed signers via the
+.Fl f
+flag.
+The format of the allowed signers file is documented in the
+.Sx ALLOWED SIGNERS
+section below.
+A file containing revoked keys can be passed using the
+.Fl r
+flag.
+The revocation file may be a KRL or a one-per-line list of public keys.
+Successful verification by an authorized signer is signalled by
+.Nm
+.It Fl Y Cm check-novalidate
+Checks that a signature generated using
+.Nm
+.Fl Y Cm sign
+has a valid structure.
+This does not validate if a signature comes from an authorized signer.
+When testing a signature,
+.Nm
+accepts a message on standard input and a signature namespace using
+.Fl n .
+A file containing the corresponding signature must also be supplied using the
+.Fl s
+flag.
+Successful testing of the signature is signalled by
+.Nm
+returning a zero exit status.
 .It Fl z Ar serial_number
 Specifies a serial number to be embedded in the certificate to distinguish
 this certificate from others from the same CA.
+If the
+.Ar serial_number
+is prefixed with a
+.Sq +
+character, then the serial number will be incremented for each certificate
+signed on a single command-line.
 The default serial number is zero.
 .Pp
 When generating a KRL, the
@@ -847,6 +968,57 @@
 .Nm
 will exit with a non-zero exit status.
 A zero exit status will only be returned if no key was revoked.
+.Sh ALLOWED SIGNERS
+When verifying signatures,
+.Nm
+uses a simple list of identities and keys to determine whether a signature
+comes from an authorized source.
+This "allowed signers" file uses a format patterned after the
+AUTHORIZED_KEYS FILE FORMAT described in
+.Xr sshd 8 .
+Each line of the file contains the following space-separated fields:
+principals, options, keytype, base64-encoded key.
+Empty lines and lines starting with a
+.Ql #
+are ignored as comments.
+.Pp
+The principals field is a pattern-list (See PATTERNS in
+.Xr ssh_config 5 )
+consisting of one or more comma-separated USER@DOMAIN identity patterns
+that are accepted for signing.
+When verifying, the identity presented via the
+.Fl I option
+must match a principals pattern in order for the corresponding key to be
+considered acceptable for verification.
+.Pp
+The options (if present) consist of comma-separated option specifications.
+No spaces are permitted, except within double quotes.
+The following option specifications are supported (note that option keywords
+are case-insensitive):
+.Bl -tag -width Ds
+.It Cm cert-authority
+Indicates that this key is accepted as a certificate authority (CA) and
+that certificates signed by this CA may be accepted for verification.
+.It Cm namespaces="namespace-list"
+Specifies a pattern-list of namespaces that are accepted for this key.
+If this option is present, the signature namespace embedded in the
+signature object and presented on the verification command-line must
+match the specified list before the key will be considered acceptable.
+.El
+.Pp
+When verifying signatures made by certificates, the expected principal
+name must match both the principals pattern in the allowed signers file and
+the principals embedded in the certificate itself.
+.Pp
+An example allowed signers file:
+.Bd -literal -offset 3n
+# Comments allowed at start of line
+user1@example.com,user2@example.com ssh-rsa AAAAX1...
+# A certificate authority, trusted for all principals in a domain.
+*@example.com cert-authority ssh-ed25519 AAAB4...
+# A key that is accepted only for file signing.
+user2@example.com namespaces="file" ssh-ed25519 AAA41...
+.Ed
 .Sh FILES
 .Bl -tag -width Ds -compact
 .It Pa ~/.ssh/id_dsa
Index: ssh-keygen.c
===================================================================
--- ssh-keygen.c
+++ ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.322 2018/09/14 04:17:44 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.355 2019/10/03 17:07:50 jmc Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -24,6 +24,9 @@
 #include "openbsd-compat/openssl-compat.h"
 #endif
 
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
 #include <errno.h>
 #include <fcntl.h>
 #include <netdb.h>
@@ -43,7 +46,6 @@
 #include "xmalloc.h"
 #include "sshkey.h"
 #include "authfile.h"
-#include "uuencode.h"
 #include "sshbuf.h"
 #include "pathnames.h"
 #include "log.h"
@@ -60,6 +62,7 @@
 #include "digest.h"
 #include "utf8.h"
 #include "authfd.h"
+#include "sshsig.h"
 
 #ifdef WITH_OPENSSL
 # define DEFAULT_KEY_TYPE_NAME "rsa"
@@ -67,79 +70,52 @@
 # define DEFAULT_KEY_TYPE_NAME "ed25519"
 #endif
 
-/* Number of bits in the RSA/DSA key.  This value can be set on the command line. */
-#define DEFAULT_BITS		2048
+/*
+ * Default number of bits in the RSA, DSA and ECDSA keys.  These value can be
+ * overridden on the command line.
+ *
+ * These values, with the exception of DSA, provide security equivalent to at
+ * least 128 bits of security according to NIST Special Publication 800-57:
+ * Recommendation for Key Management Part 1 rev 4 section 5.6.1.
+ * For DSA it (and FIPS-186-4 section 4.2) specifies that the only size for
+ * which a 160bit hash is acceptable is 1kbit, and since ssh-dss specifies only
+ * SHA1 we limit the DSA key size 1k bits.
+ */
+#define DEFAULT_BITS		3072
 #define DEFAULT_BITS_DSA	1024
 #define DEFAULT_BITS_ECDSA	256
-u_int32_t bits = 0;
 
-/*
- * Flag indicating that we just want to change the passphrase.  This can be
- * set on the command line.
- */
-int change_passphrase = 0;
+static int quiet = 0;
 
-/*
- * Flag indicating that we just want to change the comment.  This can be set
- * on the command line.
- */
-int change_comment = 0;
-
-int quiet = 0;
-
-int log_level = SYSLOG_LEVEL_INFO;
-
-/* Flag indicating that we want to hash a known_hosts file */
-int hash_hosts = 0;
-/* Flag indicating that we want lookup a host in known_hosts file */
-int find_host = 0;
-/* Flag indicating that we want to delete a host from a known_hosts file */
-int delete_host = 0;
-
-/* Flag indicating that we want to show the contents of a certificate */
-int show_cert = 0;
-
 /* Flag indicating that we just want to see the key fingerprint */
-int print_fingerprint = 0;
-int print_bubblebabble = 0;
+static int print_fingerprint = 0;
+static int print_bubblebabble = 0;
 
 /* Hash algorithm to use for fingerprints. */
-int fingerprint_hash = SSH_FP_HASH_DEFAULT;
+static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
 
 /* The identity file name, given on the command line or entered by the user. */
-char identity_file[1024];
-int have_identity = 0;
+static char identity_file[PATH_MAX];
+static int have_identity = 0;
 
 /* This is set to the passphrase if given on the command line. */
-char *identity_passphrase = NULL;
+static char *identity_passphrase = NULL;
 
 /* This is set to the new passphrase if given on the command line. */
-char *identity_new_passphrase = NULL;
+static char *identity_new_passphrase = NULL;
 
-/* This is set to the new comment if given on the command line. */
-char *identity_comment = NULL;
-
-/* Path to CA key when certifying keys. */
-char *ca_key_path = NULL;
-
-/* Prefer to use agent keys for CA signing */
-int prefer_agent = 0;
-
-/* Certificate serial number */
-unsigned long long cert_serial = 0;
-
 /* Key type when certifying */
-u_int cert_key_type = SSH2_CERT_TYPE_USER;
+static u_int cert_key_type = SSH2_CERT_TYPE_USER;
 
 /* "key ID" of signed key */
-char *cert_key_id = NULL;
+static char *cert_key_id = NULL;
 
 /* Comma-separated list of principal names for certifying keys */
-char *cert_principals = NULL;
+static char *cert_principals = NULL;
 
 /* Validity period for certificates */
-u_int64_t cert_valid_from = 0;
-u_int64_t cert_valid_to = ~0ULL;
+static u_int64_t cert_valid_from = 0;
+static u_int64_t cert_valid_to = ~0ULL;
 
 /* Certificate options */
 #define CERTOPT_X_FWD	(1)
@@ -149,9 +125,9 @@
 #define CERTOPT_USER_RC	(1<<4)
 #define CERTOPT_DEFAULT	(CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \
 			 CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC)
-u_int32_t certflags_flags = CERTOPT_DEFAULT;
-char *certflags_command = NULL;
-char *certflags_src_addr = NULL;
+static u_int32_t certflags_flags = CERTOPT_DEFAULT;
+static char *certflags_command = NULL;
+static char *certflags_src_addr = NULL;
 
 /* Arbitrary extensions specified by user */
 struct cert_userext {
@@ -159,41 +135,37 @@
 	char *val;
 	int crit;
 };
-struct cert_userext *cert_userext;
-size_t ncert_userext;
+static struct cert_userext *cert_userext;
+static size_t ncert_userext;
 
 /* Conversion to/from various formats */
-int convert_to = 0;
-int convert_from = 0;
 enum {
 	FMT_RFC4716,
 	FMT_PKCS8,
 	FMT_PEM
 } convert_format = FMT_RFC4716;
-int print_public = 0;
-int print_generic = 0;
 
-char *key_type_name = NULL;
+static char *key_type_name = NULL;
 
 /* Load key from this PKCS#11 provider */
-char *pkcs11provider = NULL;
+static char *pkcs11provider = NULL;
 
-/* Use new OpenSSH private key format when writing SSH2 keys instead of PEM */
-int use_new_format = 1;
+/* Format for writing private keys */
+static int private_key_format = SSHKEY_PRIVATE_OPENSSH;
 
 /* Cipher for new-format private keys */
-char *new_format_cipher = NULL;
+static char *openssh_format_cipher = NULL;
 
 /*
  * Number of KDF rounds to derive new format keys /
  * number of primality trials when screening moduli.
  */
-int rounds = 0;
+static int rounds = 0;
 
 /* argv0 */
 extern char *__progname;
 
-char hostname[NI_MAXHOST];
+static char hostname[NI_MAXHOST];
 
 #ifdef WITH_OPENSSL
 /* moduli.c */
@@ -205,31 +177,30 @@
 static void
 type_bits_valid(int type, const char *name, u_int32_t *bitsp)
 {
-#ifdef WITH_OPENSSL
-	u_int maxbits, nid;
-#endif
-
 	if (type == KEY_UNSPEC)
 		fatal("unknown key type %s", key_type_name);
 	if (*bitsp == 0) {
 #ifdef WITH_OPENSSL
-		if (type == KEY_DSA)
+		u_int nid;
+
+		switch(type) {
+		case KEY_DSA:
 			*bitsp = DEFAULT_BITS_DSA;
-		else if (type == KEY_ECDSA) {
+			break;
+		case KEY_ECDSA:
 			if (name != NULL &&
 			    (nid = sshkey_ecdsa_nid_from_name(name)) > 0)
 				*bitsp = sshkey_curve_nid_to_bits(nid);
 			if (*bitsp == 0)
 				*bitsp = DEFAULT_BITS_ECDSA;
-		} else
-#endif
+			break;
+		case KEY_RSA:
 			*bitsp = DEFAULT_BITS;
+			break;
+		}
+#endif
 	}
 #ifdef WITH_OPENSSL
-	maxbits = (type == KEY_DSA) ?
-	    OPENSSL_DSA_MAX_MODULUS_BITS : OPENSSL_RSA_MAX_MODULUS_BITS;
-	if (*bitsp > maxbits)
-		fatal("key bits exceeds maximum %d", maxbits);
 	switch (type) {
 	case KEY_DSA:
 		if (*bitsp != 1024)
@@ -239,15 +210,46 @@
 		if (*bitsp < SSH_RSA_MINIMUM_MODULUS_SIZE)
 			fatal("Invalid RSA key length: minimum is %d bits",
 			    SSH_RSA_MINIMUM_MODULUS_SIZE);
+		else if (*bitsp > OPENSSL_RSA_MAX_MODULUS_BITS)
+			fatal("Invalid RSA key length: maximum is %d bits",
+			    OPENSSL_RSA_MAX_MODULUS_BITS);
 		break;
 	case KEY_ECDSA:
 		if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
 			fatal("Invalid ECDSA key length: valid lengths are "
+#ifdef OPENSSL_HAS_NISTP521
 			    "256, 384 or 521 bits");
+#else
+			    "256 or 384 bits");
+#endif
 	}
 #endif
 }
 
+/*
+ * Checks whether a file exists and, if so, asks the user whether they wish
+ * to overwrite it.
+ * Returns nonzero if the file does not already exist or if the user agrees to
+ * overwrite, or zero otherwise.
+ */
+static int
+confirm_overwrite(const char *filename)
+{
+	char yesno[3];
+	struct stat st;
+
+	if (stat(filename, &st) != 0)
+		return 1;
+	printf("%s already exists.\n", filename);
+	printf("Overwrite (y/n)? ");
+	fflush(stdout);
+	if (fgets(yesno, sizeof(yesno), stdin) == NULL)
+		return 0;
+	if (yesno[0] != 'y' && yesno[0] != 'Y')
+		return 0;
+	return 1;
+}
+
 static void
 ask_filename(struct passwd *pw, const char *prompt)
 {
@@ -297,13 +299,15 @@
 }
 
 static struct sshkey *
-load_identity(char *filename)
+load_identity(const char *filename, char **commentp)
 {
 	char *pass;
 	struct sshkey *prv;
 	int r;
 
-	if ((r = sshkey_load_private(filename, "", &prv, NULL)) == 0)
+	if (commentp != NULL)
+		*commentp = NULL;
+	if ((r = sshkey_load_private(filename, "", &prv, commentp)) == 0)
 		return prv;
 	if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
 		fatal("Load key \"%s\": %s", filename, ssh_err(r));
@@ -311,7 +315,7 @@
 		pass = xstrdup(identity_passphrase);
 	else
 		pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN);
-	r = sshkey_load_private(filename, pass, &prv, NULL);
+	r = sshkey_load_private(filename, pass, &prv, commentp);
 	explicit_bzero(pass, strlen(pass));
 	free(pass);
 	if (r != 0)
@@ -328,25 +332,30 @@
 static void
 do_convert_to_ssh2(struct passwd *pw, struct sshkey *k)
 {
-	size_t len;
-	u_char *blob;
-	char comment[61];
+	struct sshbuf *b;
+	char comment[61], *b64;
 	int r;
 
-	if ((r = sshkey_to_blob(k, &blob, &len)) != 0)
+	if ((b = sshbuf_new()) == NULL)
+		fatal("%s: sshbuf_new failed", __func__);
+	if ((r = sshkey_putb(k, b)) != 0)
 		fatal("key_to_blob failed: %s", ssh_err(r));
+	if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL)
+		fatal("%s: sshbuf_dtob64_string failed", __func__);
+
 	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
 	snprintf(comment, sizeof(comment),
 	    "%u-bit %s, converted by %s@%s from OpenSSH",
 	    sshkey_size(k), sshkey_type(k),
 	    pw->pw_name, hostname);
 
+	sshkey_free(k);
+	sshbuf_free(b);
+
 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
-	fprintf(stdout, "Comment: \"%s\"\n", comment);
-	dump_base64(stdout, blob, len);
+	fprintf(stdout, "Comment: \"%s\"\n%s", comment, b64);
 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_END);
-	sshkey_free(k);
-	free(blob);
+	free(b64);
 	exit(0);
 }
 
@@ -397,10 +406,10 @@
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which the key is");
-	if (stat(identity_file, &st) < 0)
+	if (stat(identity_file, &st) == -1)
 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
 	if ((r = sshkey_load_public(identity_file, &k, NULL)) != 0)
-		k = load_identity(identity_file);
+		k = load_identity(identity_file, NULL);
 	switch (convert_format) {
 	case FMT_RFC4716:
 		do_convert_to_ssh2(pw, k);
@@ -440,9 +449,8 @@
 }
 
 static struct sshkey *
-do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
+do_convert_private_ssh2(struct sshbuf *b)
 {
-	struct sshbuf *b;
 	struct sshkey *key = NULL;
 	char *type, *cipher;
 	u_char e1, e2, e3, *sig = NULL, data[] = "abcde12345";
@@ -454,15 +462,13 @@
 	BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
 	BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
 	BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
-	if ((b = sshbuf_from(blob, blen)) == NULL)
-		fatal("%s: sshbuf_from failed", __func__);
+
 	if ((r = sshbuf_get_u32(b, &magic)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
 	if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
 		error("bad magic 0x%x != 0x%x", magic,
 		    SSH_COM_PRIVATE_KEY_MAGIC);
-		sshbuf_free(b);
 		return NULL;
 	}
 	if ((r = sshbuf_get_u32(b, &i1)) != 0 ||
@@ -476,7 +482,6 @@
 	if (strcmp(cipher, "none") != 0) {
 		error("unsupported cipher %s", cipher);
 		free(cipher);
-		sshbuf_free(b);
 		free(type);
 		return NULL;
 	}
@@ -487,7 +492,6 @@
 	} else if (strstr(type, "rsa")) {
 		ktype = KEY_RSA;
 	} else {
-		sshbuf_free(b);
 		free(type);
 		return NULL;
 	}
@@ -534,7 +538,6 @@
 			fatal("%s: BN_new", __func__);
 		if (!BN_set_word(rsa_e, e)) {
 			BN_clear_free(rsa_e);
-			sshbuf_free(b);
 			sshkey_free(key);
 			return NULL;
 		}
@@ -562,9 +565,7 @@
 	}
 	rlen = sshbuf_len(b);
 	if (rlen != 0)
-		error("do_convert_private_ssh2_from_blob: "
-		    "remaining bytes in key blob %d", rlen);
-	sshbuf_free(b);
+		error("%s: remaining bytes in key blob %d", __func__, rlen);
 
 	/* try the key */
 	if (sshkey_sign(key, &sig, &slen, data, sizeof(data), NULL, 0) != 0 ||
@@ -609,10 +610,12 @@
 	int r, blen, escaped = 0;
 	u_int len;
 	char line[1024];
-	u_char blob[8096];
+	struct sshbuf *buf;
 	char encoded[8096];
 	FILE *fp;
 
+	if ((buf = sshbuf_new()) == NULL)
+		fatal("sshbuf_new failed");
 	if ((fp = fopen(identity_file, "r")) == NULL)
 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
 	encoded[0] = '\0';
@@ -642,12 +645,11 @@
 	    (encoded[len-2] == '=') &&
 	    (encoded[len-3] == '='))
 		encoded[len-3] = '\0';
-	blen = uudecode(encoded, blob, sizeof(blob));
-	if (blen < 0)
-		fatal("uudecode failed.");
+	if ((r = sshbuf_b64tod(buf, encoded)) != 0)
+		fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r));
 	if (*private)
-		*k = do_convert_private_ssh2_from_blob(blob, blen);
-	else if ((r = sshkey_from_blob(blob, blen, k)) != 0)
+		*k = do_convert_private_ssh2(buf);
+	else if ((r = sshkey_fromb(buf, k)) != 0)
 		fatal("decode blob failed: %s", ssh_err(r));
 	fclose(fp);
 }
@@ -723,7 +725,7 @@
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which the key is");
-	if (stat(identity_file, &st) < 0)
+	if (stat(identity_file, &st) == -1)
 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
 
 	switch (convert_format) {
@@ -780,16 +782,20 @@
 	struct sshkey *prv;
 	struct stat st;
 	int r;
+	char *comment = NULL;
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which the key is");
-	if (stat(identity_file, &st) < 0)
+	if (stat(identity_file, &st) == -1)
 		fatal("%s: %s", identity_file, strerror(errno));
-	prv = load_identity(identity_file);
+	prv = load_identity(identity_file, &comment);
 	if ((r = sshkey_write(prv, stdout)) != 0)
 		error("sshkey_write failed: %s", ssh_err(r));
 	sshkey_free(prv);
+	if (comment != NULL && *comment != '\0')
+		fprintf(stdout, " %s", comment);
 	fprintf(stdout, "\n");
+	free(comment);
 	exit(0);
 }
 
@@ -806,7 +812,7 @@
 	fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
 
-	pkcs11_init(0);
+	pkcs11_init(1);
 	nkeys = pkcs11_add_provider(pkcs11provider, NULL, &keys);
 	if (nkeys <= 0)
 		fatal("cannot read public key from pkcs11");
@@ -819,7 +825,7 @@
 				fatal("%s: sshkey_fingerprint fail", __func__);
 			printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
 			    fp, sshkey_type(keys[i]));
-			if (log_level >= SYSLOG_LEVEL_VERBOSE)
+			if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
 				printf("%s\n", ra);
 			free(ra);
 			free(fp);
@@ -867,7 +873,7 @@
 		fatal("%s: sshkey_fingerprint failed", __func__);
 	mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
 	    comment ? comment : "no comment", sshkey_type(public));
-	if (log_level >= SYSLOG_LEVEL_VERBOSE)
+	if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
 		printf("%s\n", ra);
 	free(ra);
 	free(fp);
@@ -881,7 +887,7 @@
 	struct sshkey *public = NULL;
 	int r;
 
-	if (stat(identity_file, &st) < 0)
+	if (stat(identity_file, &st) == -1)
 		fatal("%s: %s", path, strerror(errno));
 	if ((r = sshkey_load_public(path, &public, &comment)) != 0) {
 		debug("load public \"%s\": %s", path, ssh_err(r));
@@ -1015,6 +1021,7 @@
 		{ NULL, NULL, NULL }
 	};
 
+	u_int32_t bits = 0;
 	int first = 0;
 	struct stat st;
 	struct sshkey *private, *public;
@@ -1074,7 +1081,8 @@
 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
 		    hostname);
 		if ((r = sshkey_save_private(private, prv_tmp, "",
-		    comment, use_new_format, new_format_cipher, rounds)) != 0) {
+		    comment, private_key_format, openssh_format_cipher,
+		    rounds)) != 0) {
 			error("Saving key \"%s\" failed: %s",
 			    prv_tmp, ssh_err(r));
 			goto failnext;
@@ -1138,6 +1146,9 @@
 	int has_unhashed;	/* When hashing, original had unhashed hosts */
 	int found_key;		/* For find/delete, host was found */
 	int invalid;		/* File contained invalid items; don't delete */
+	int hash_hosts;		/* Hash hostnames as we go */
+	int find_host;		/* Search for specific hostname */
+	int delete_host;	/* Delete host from known_hosts */
 };
 
 static int
@@ -1157,7 +1168,7 @@
 		 */
 		if (was_hashed || has_wild || l->marker != MRK_NONE) {
 			fprintf(ctx->out, "%s\n", l->line);
-			if (has_wild && !find_host) {
+			if (has_wild && !ctx->find_host) {
 				logit("%s:%lu: ignoring host name "
 				    "with wildcard: %.64s", l->path,
 				    l->linenum, l->hosts);
@@ -1197,13 +1208,13 @@
 	struct known_hosts_ctx *ctx = (struct known_hosts_ctx *)_ctx;
 	enum sshkey_fp_rep rep;
 	int fptype;
-	char *fp;
+	char *fp = NULL, *ra = NULL;
 
 	fptype = print_bubblebabble ? SSH_DIGEST_SHA1 : fingerprint_hash;
 	rep =    print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_DEFAULT;
 
 	if (l->status == HKF_STATUS_MATCHED) {
-		if (delete_host) {
+		if (ctx->delete_host) {
 			if (l->marker != MRK_NONE) {
 				/* Don't remove CA and revocation lines */
 				fprintf(ctx->out, "%s\n", l->line);
@@ -1219,7 +1230,7 @@
 					    ctx->host, l->linenum);
 			}
 			return 0;
-		} else if (find_host) {
+		} else if (ctx->find_host) {
 			ctx->found_key = 1;
 			if (!quiet) {
 				printf("# Host %s found: line %lu %s\n",
@@ -1227,18 +1238,26 @@
 				    l->linenum, l->marker == MRK_CA ? "CA" :
 				    (l->marker == MRK_REVOKE ? "REVOKED" : ""));
 			}
-			if (hash_hosts)
+			if (ctx->hash_hosts)
 				known_hosts_hash(l, ctx);
 			else if (print_fingerprint) {
 				fp = sshkey_fingerprint(l->key, fptype, rep);
+				ra = sshkey_fingerprint(l->key,
+				    fingerprint_hash, SSH_FP_RANDOMART);
+				if (fp == NULL || ra == NULL)
+					fatal("%s: sshkey_fingerprint failed",
+					    __func__);
 				mprintf("%s %s %s %s\n", ctx->host,
 				    sshkey_type(l->key), fp, l->comment);
+				if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
+					printf("%s\n", ra);
+				free(ra);
 				free(fp);
 			} else
 				fprintf(ctx->out, "%s\n", l->line);
 			return 0;
 		}
-	} else if (delete_host) {
+	} else if (ctx->delete_host) {
 		/* Retain non-matching hosts when deleting */
 		if (l->status == HKF_STATUS_INVALID) {
 			ctx->invalid = 1;
@@ -1250,7 +1269,8 @@
 }
 
 static void
-do_known_hosts(struct passwd *pw, const char *name)
+do_known_hosts(struct passwd *pw, const char *name, int find_host,
+    int delete_host, int hash_hosts)
 {
 	char *cp, tmp[PATH_MAX], old[PATH_MAX];
 	int r, fd, oerrno, inplace = 0;
@@ -1269,6 +1289,9 @@
 	memset(&ctx, 0, sizeof(ctx));
 	ctx.out = stdout;
 	ctx.host = name;
+	ctx.hash_hosts = hash_hosts;
+	ctx.find_host = find_host;
+	ctx.delete_host = delete_host;
 
 	/*
 	 * Find hosts goes to stdout, hash and deletions happen in-place
@@ -1359,7 +1382,7 @@
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which the key is");
-	if (stat(identity_file, &st) < 0)
+	if (stat(identity_file, &st) == -1)
 		fatal("%s: %s", identity_file, strerror(errno));
 	/* Try to load the file with empty passphrase. */
 	r = sshkey_load_private(identity_file, "", &private, &comment);
@@ -1410,7 +1433,7 @@
 
 	/* Save the file using the new passphrase. */
 	if ((r = sshkey_save_private(private, identity_file, passphrase1,
-	    comment, use_new_format, new_format_cipher, rounds)) != 0) {
+	    comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
 		error("Saving key \"%s\" failed: %s.",
 		    identity_file, ssh_err(r));
 		explicit_bzero(passphrase1, strlen(passphrase1));
@@ -1433,7 +1456,8 @@
  * Print the SSHFP RR.
  */
 static int
-do_print_resource_record(struct passwd *pw, char *fname, char *hname)
+do_print_resource_record(struct passwd *pw, char *fname, char *hname,
+    int print_generic)
 {
 	struct sshkey *public;
 	char *comment = NULL;
@@ -1442,7 +1466,7 @@
 
 	if (fname == NULL)
 		fatal("%s: no filename", __func__);
-	if (stat(fname, &st) < 0) {
+	if (stat(fname, &st) == -1) {
 		if (errno == ENOENT)
 			return 0;
 		fatal("%s: %s", fname, strerror(errno));
@@ -1460,7 +1484,7 @@
  * Change the comment of a private key file.
  */
 static void
-do_change_comment(struct passwd *pw)
+do_change_comment(struct passwd *pw, const char *identity_comment)
 {
 	char new_comment[1024], *comment, *passphrase;
 	struct sshkey *private;
@@ -1471,7 +1495,7 @@
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which the key is");
-	if (stat(identity_file, &st) < 0)
+	if (stat(identity_file, &st) == -1)
 		fatal("%s: %s", identity_file, strerror(errno));
 	if ((r = sshkey_load_private(identity_file, "",
 	    &private, &comment)) == 0)
@@ -1498,7 +1522,7 @@
 	}
 
 	if (private->type != KEY_ED25519 && private->type != KEY_XMSS &&
-	    !use_new_format) {
+	    private_key_format != SSHKEY_PRIVATE_OPENSSH) {
 		error("Comments are only supported for keys stored in "
 		    "the new format (-o).");
 		explicit_bzero(passphrase, strlen(passphrase));
@@ -1506,14 +1530,14 @@
 		exit(1);
 	}
 	if (comment)
-		printf("Key now has comment '%s'\n", comment);
+		printf("Old comment: %s\n", comment);
 	else
-		printf("Key now has no comment\n");
+		printf("No existing comment\n");
 
 	if (identity_comment) {
 		strlcpy(new_comment, identity_comment, sizeof(new_comment));
 	} else {
-		printf("Enter new comment: ");
+		printf("New comment: ");
 		fflush(stdout);
 		if (!fgets(new_comment, sizeof(new_comment), stdin)) {
 			explicit_bzero(passphrase, strlen(passphrase));
@@ -1522,10 +1546,18 @@
 		}
 		new_comment[strcspn(new_comment, "\n")] = '\0';
 	}
+	if (comment != NULL && strcmp(comment, new_comment) == 0) {
+		printf("No change to comment\n");
+		free(passphrase);
+		sshkey_free(private);
+		free(comment);
+		exit(0);
+	}
 
 	/* Save the file using the new passphrase. */
 	if ((r = sshkey_save_private(private, identity_file, passphrase,
-	    new_comment, use_new_format, new_format_cipher, rounds)) != 0) {
+	    new_comment, private_key_format, openssh_format_cipher,
+	    rounds)) != 0) {
 		error("Saving key \"%s\" failed: %s",
 		    identity_file, ssh_err(r));
 		explicit_bzero(passphrase, strlen(passphrase));
@@ -1555,7 +1587,11 @@
 
 	free(comment);
 
-	printf("The comment in your key file has been changed.\n");
+	if (strlen(new_comment) > 0)
+		printf("Comment '%s' applied\n", new_comment);
+	else
+		printf("Comment removed\n");
+
 	exit(0);
 }
 
@@ -1661,7 +1697,7 @@
 
 /* Signer for sshkey_certify_custom that uses the agent */
 static int
-agent_signer(const struct sshkey *key, u_char **sigp, size_t *lenp,
+agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen,
     const char *alg, u_int compat, void *ctx)
 {
@@ -1672,7 +1708,9 @@
 }
 
 static void
-do_ca_sign(struct passwd *pw, int argc, char **argv)
+do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
+    unsigned long long cert_serial, int cert_serial_autoinc,
+    int argc, char **argv)
 {
 	int r, i, fd, found, agent_fd = -1;
 	u_int n;
@@ -1717,7 +1755,7 @@
 		ca->flags |= SSHKEY_FLAG_EXT;
 	} else {
 		/* CA key is assumed to be a private key on the filesystem */
-		ca = load_identity(tmp);
+		ca = load_identity(tmp, NULL);
 	}
 	free(tmp);
 
@@ -1742,7 +1780,7 @@
 		}
 		if (n > SSHKEY_CERT_MAX_PRINCIPALS)
 			fatal("Too many certificate principals specified");
-	
+
 		tmp = tilde_expand_filename(argv[i], pw->pw_uid);
 		if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)
 			fatal("%s: unable to open \"%s\": %s",
@@ -1812,6 +1850,8 @@
 
 		sshkey_free(public);
 		free(out);
+		if (cert_serial_autoinc)
+			cert_serial++;
 	}
 #ifdef ENABLE_PKCS11
 	pkcs11_terminate();
@@ -2003,8 +2043,9 @@
 	printf("        Type: %s %s certificate\n", sshkey_ssh_name(key),
 	    sshkey_cert_type(key));
 	printf("        Public key: %s %s\n", sshkey_type(key), key_fp);
-	printf("        Signing CA: %s %s\n",
-	    sshkey_type(key->cert->signature_key), ca_fp);
+	printf("        Signing CA: %s %s (using %s)\n",
+	    sshkey_type(key->cert->signature_key), ca_fp,
+	    key->cert->signature_type);
 	printf("        Key ID: \"%s\"\n", key->cert->key_id);
 	printf("        Serial: %llu\n", (unsigned long long)key->cert->serial);
 	printf("        Valid: %s\n", valid);
@@ -2047,7 +2088,7 @@
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which the key is");
-	if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) < 0)
+	if (strcmp(identity_file, "-") != 0 && stat(identity_file, &st) == -1)
 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
 
 	path = identity_file;
@@ -2297,7 +2338,9 @@
 }
 
 static void
-do_gen_krl(struct passwd *pw, int updating, int argc, char **argv)
+do_gen_krl(struct passwd *pw, int updating, const char *ca_key_path,
+    unsigned long long krl_version, const char *krl_comment,
+    int argc, char **argv)
 {
 	struct ssh_krl *krl;
 	struct stat sb;
@@ -2332,10 +2375,10 @@
 	else if ((krl = ssh_krl_init()) == NULL)
 		fatal("couldn't create KRL");
 
-	if (cert_serial != 0)
-		ssh_krl_set_version(krl, cert_serial);
-	if (identity_comment != NULL)
-		ssh_krl_set_comment(krl, identity_comment);
+	if (krl_version != 0)
+		ssh_krl_set_version(krl, krl_version);
+	if (krl_comment != NULL)
+		ssh_krl_set_comment(krl, krl_comment);
 
 	for (i = 0; i < argc; i++)
 		update_krl_from_file(pw, argv[i], wild_ca, ca, krl);
@@ -2383,17 +2426,298 @@
 	exit(ret);
 }
 
+static struct sshkey *
+load_sign_key(const char *keypath, const struct sshkey *pubkey)
+{
+	size_t i, slen, plen = strlen(keypath);
+	char *privpath = xstrdup(keypath);
+	const char *suffixes[] = { "-cert.pub", ".pub", NULL };
+	struct sshkey *ret = NULL, *privkey = NULL;
+	int r;
+
+	/*
+	 * If passed a public key filename, then try to locate the correponding
+	 * private key. This lets us specify certificates on the command-line
+	 * and have ssh-keygen find the appropriate private key.
+	 */
+	for (i = 0; suffixes[i]; i++) {
+		slen = strlen(suffixes[i]);
+		if (plen <= slen ||
+		    strcmp(privpath + plen - slen, suffixes[i]) != 0)
+			continue;
+		privpath[plen - slen] = '\0';
+		debug("%s: %s looks like a public key, using private key "
+		    "path %s instead", __func__, keypath, privpath);
+	}
+	if ((privkey = load_identity(privpath, NULL)) == NULL) {
+		error("Couldn't load identity %s", keypath);
+		goto done;
+	}
+	if (!sshkey_equal_public(pubkey, privkey)) {
+		error("Public key %s doesn't match private %s",
+		    keypath, privpath);
+		goto done;
+	}
+	if (sshkey_is_cert(pubkey) && !sshkey_is_cert(privkey)) {
+		/*
+		 * Graft the certificate onto the private key to make
+		 * it capable of signing.
+		 */
+		if ((r = sshkey_to_certified(privkey)) != 0) {
+			error("%s: sshkey_to_certified: %s", __func__,
+			    ssh_err(r));
+			goto done;
+		}
+		if ((r = sshkey_cert_copy(pubkey, privkey)) != 0) {
+			error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
+			goto done;
+		}
+	}
+	/* success */
+	ret = privkey;
+	privkey = NULL;
+ done:
+	sshkey_free(privkey);
+	free(privpath);
+	return ret;
+}
+
+static int
+sign_one(struct sshkey *signkey, const char *filename, int fd,
+    const char *sig_namespace, sshsig_signer *signer, void *signer_ctx)
+{
+	struct sshbuf *sigbuf = NULL, *abuf = NULL;
+	int r = SSH_ERR_INTERNAL_ERROR, wfd = -1, oerrno;
+	char *wfile = NULL;
+	char *asig = NULL;
+
+	if (!quiet) {
+		if (fd == STDIN_FILENO)
+			fprintf(stderr, "Signing data on standard input\n");
+		else
+			fprintf(stderr, "Signing file %s\n", filename);
+	}
+	if ((r = sshsig_sign_fd(signkey, NULL, fd, sig_namespace,
+	    &sigbuf, signer, signer_ctx)) != 0) {
+		error("Signing %s failed: %s", filename, ssh_err(r));
+		goto out;
+	}
+	if ((r = sshsig_armor(sigbuf, &abuf)) != 0) {
+		error("%s: sshsig_armor: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	if ((asig = sshbuf_dup_string(abuf)) == NULL) {
+		error("%s: buffer error", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+
+	if (fd == STDIN_FILENO) {
+		fputs(asig, stdout);
+		fflush(stdout);
+	} else {
+		xasprintf(&wfile, "%s.sig", filename);
+		if (confirm_overwrite(wfile)) {
+			if ((wfd = open(wfile, O_WRONLY|O_CREAT|O_TRUNC,
+			    0666)) == -1) {
+				oerrno = errno;
+				error("Cannot open %s: %s",
+				    wfile, strerror(errno));
+				errno = oerrno;
+				r = SSH_ERR_SYSTEM_ERROR;
+				goto out;
+			}
+			if (atomicio(vwrite, wfd, asig,
+			    strlen(asig)) != strlen(asig)) {
+				oerrno = errno;
+				error("Cannot write to %s: %s",
+				    wfile, strerror(errno));
+				errno = oerrno;
+				r = SSH_ERR_SYSTEM_ERROR;
+				goto out;
+			}
+			if (!quiet) {
+				fprintf(stderr, "Write signature to %s\n",
+				    wfile);
+			}
+		}
+	}
+	/* success */
+	r = 0;
+ out:
+	free(wfile);
+	free(asig);
+	sshbuf_free(abuf);
+	sshbuf_free(sigbuf);
+	if (wfd != -1)
+		close(wfd);
+	return r;
+}
+
+static int
+sign(const char *keypath, const char *sig_namespace, int argc, char **argv)
+{
+	int i, fd = -1, r, ret = -1;
+	int agent_fd = -1;
+	struct sshkey *pubkey = NULL, *privkey = NULL, *signkey = NULL;
+	sshsig_signer *signer = NULL;
+
+	/* Check file arguments. */
+	for (i = 0; i < argc; i++) {
+		if (strcmp(argv[i], "-") != 0)
+			continue;
+		if (i > 0 || argc > 1)
+			fatal("Cannot sign mix of paths and standard input");
+	}
+
+	if ((r = sshkey_load_public(keypath, &pubkey, NULL)) != 0) {
+		error("Couldn't load public key %s: %s", keypath, ssh_err(r));
+		goto done;
+	}
+
+	if ((r = ssh_get_authentication_socket(&agent_fd)) != 0)
+		debug("Couldn't get agent socket: %s", ssh_err(r));
+	else {
+		if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0)
+			signer = agent_signer;
+		else
+			debug("Couldn't find key in agent: %s", ssh_err(r));
+	}
+
+	if (signer == NULL) {
+		/* Not using agent - try to load private key */
+		if ((privkey = load_sign_key(keypath, pubkey)) == NULL)
+			goto done;
+		signkey = privkey;
+	} else {
+		/* Will use key in agent */
+		signkey = pubkey;
+	}
+
+	if (argc == 0) {
+		if ((r = sign_one(signkey, "(stdin)", STDIN_FILENO,
+		    sig_namespace, signer, &agent_fd)) != 0)
+			goto done;
+	} else {
+		for (i = 0; i < argc; i++) {
+			if (strcmp(argv[i], "-") == 0)
+				fd = STDIN_FILENO;
+			else if ((fd = open(argv[i], O_RDONLY)) == -1) {
+				error("Cannot open %s for signing: %s",
+				    argv[i], strerror(errno));
+				goto done;
+			}
+			if ((r = sign_one(signkey, argv[i], fd, sig_namespace,
+			    signer, &agent_fd)) != 0)
+				goto done;
+			if (fd != STDIN_FILENO)
+				close(fd);
+			fd = -1;
+		}
+	}
+
+	ret = 0;
+done:
+	if (fd != -1 && fd != STDIN_FILENO)
+		close(fd);
+	sshkey_free(pubkey);
+	sshkey_free(privkey);
+	return ret;
+}
+
+static int
+verify(const char *signature, const char *sig_namespace, const char *principal,
+    const char *allowed_keys, const char *revoked_keys)
+{
+	int r, ret = -1, sigfd = -1;
+	struct sshbuf *sigbuf = NULL, *abuf = NULL;
+	struct sshkey *sign_key = NULL;
+	char *fp = NULL;
+
+	if ((abuf = sshbuf_new()) == NULL)
+		fatal("%s: sshbuf_new() failed", __func__);
+
+	if ((sigfd = open(signature, O_RDONLY)) < 0) {
+		error("Couldn't open signature file %s", signature);
+		goto done;
+	}
+
+	if ((r = sshkey_load_file(sigfd, abuf)) != 0) {
+		error("Couldn't read signature file: %s", ssh_err(r));
+		goto done;
+	}
+	if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) {
+		error("%s: sshsig_armor: %s", __func__, ssh_err(r));
+		return r;
+	}
+	if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace,
+	    &sign_key)) != 0)
+		goto done; /* sshsig_verify() prints error */
+
+	if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
+	    SSH_FP_DEFAULT)) == NULL)
+		fatal("%s: sshkey_fingerprint failed", __func__);
+	debug("Valid (unverified) signature from key %s", fp);
+	free(fp);
+	fp = NULL;
+
+	if (revoked_keys != NULL) {
+		if ((r = sshkey_check_revoked(sign_key, revoked_keys)) != 0) {
+			debug3("sshkey_check_revoked failed: %s", ssh_err(r));
+			goto done;
+		}
+	}
+
+	if (allowed_keys != NULL &&
+	    (r = sshsig_check_allowed_keys(allowed_keys, sign_key,
+					   principal, sig_namespace)) != 0) {
+		debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r));
+		goto done;
+	}
+	/* success */
+	ret = 0;
+done:
+	if (!quiet) {
+		if (ret == 0) {
+			if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
+			    SSH_FP_DEFAULT)) == NULL) {
+				fatal("%s: sshkey_fingerprint failed",
+				    __func__);
+			}
+			if (principal == NULL) {
+				printf("Good \"%s\" signature with %s key %s\n",
+				       sig_namespace, sshkey_type(sign_key), fp);
+
+			} else {
+				printf("Good \"%s\" signature for %s with %s key %s\n",
+				       sig_namespace, principal,
+				       sshkey_type(sign_key), fp);
+			}
+		} else {
+			printf("Could not verify signature.\n");
+		}
+	}
+	if (sigfd != -1)
+		close(sigfd);
+	sshbuf_free(sigbuf);
+	sshbuf_free(abuf);
+	sshkey_free(sign_key);
+	free(fp);
+	return ret;
+}
+
 static void
 usage(void)
 {
 	fprintf(stderr,
-	    "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]\n"
-	    "                  [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
-	    "       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
-	    "       ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
-	    "       ssh-keygen -e [-m key_format] [-f input_keyfile]\n"
+	    "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n"
+	    "                  [-N new_passphrase] [-t dsa | ecdsa | ed25519 | rsa]\n"
+	    "       ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n"
+	    "                   [-P old_passphrase]\n"
+	    "       ssh-keygen -i [-f input_keyfile] [-m key_format]\n"
+	    "       ssh-keygen -e [-f input_keyfile] [-m key_format]\n"
 	    "       ssh-keygen -y [-f input_keyfile]\n"
-	    "       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
+	    "       ssh-keygen -c [-C comment] [-f keyfile] [-P passphrase]\n"
 	    "       ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
 	    "       ssh-keygen -B [-f input_keyfile]\n");
 #ifdef ENABLE_PKCS11
@@ -2401,23 +2725,27 @@
 	    "       ssh-keygen -D pkcs11\n");
 #endif
 	fprintf(stderr,
-	    "       ssh-keygen -F hostname [-f known_hosts_file] [-l]\n"
+	    "       ssh-keygen -F hostname [-lv] [-f known_hosts_file]\n"
 	    "       ssh-keygen -H [-f known_hosts_file]\n"
 	    "       ssh-keygen -R hostname [-f known_hosts_file]\n"
-	    "       ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
+	    "       ssh-keygen -r hostname [-g] [-f input_keyfile]\n"
 #ifdef WITH_OPENSSL
 	    "       ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
-	    "       ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
+	    "       ssh-keygen -f input_file -T output_file [-v] [-a rounds] [-J num_lines]\n"
 	    "                  [-j start_line] [-K checkpt] [-W generator]\n"
 #endif
-	    "       ssh-keygen -s ca_key -I certificate_identity [-h] [-U]\n"
-	    "                  [-D pkcs11_provider] [-n principals] [-O option]\n"
-	    "                  [-V validity_interval] [-z serial_number] file ...\n"
+	    "       ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]\n"
+	    "                  [-n principals] [-O option] [-V validity_interval]\n"
+	    "                  [-z serial_number] file ...\n"
 	    "       ssh-keygen -L [-f input_keyfile]\n"
-	    "       ssh-keygen -A\n"
+	    "       ssh-keygen -A [-f prefix_path]\n"
 	    "       ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"
 	    "                  file ...\n"
-	    "       ssh-keygen -Q -f krl_file file ...\n");
+	    "       ssh-keygen -Q -f krl_file file ...\n"
+	    "       ssh-keygen -Y check-novalidate -n namespace -s signature_file\n"
+	    "       ssh-keygen -Y sign -f key_file -n namespace file ...\n"
+	    "       ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n"
+	    "       		-n namespace -s signature_file [-r revocation_file]\n");
 	exit(1);
 }
 
@@ -2433,9 +2761,18 @@
 	struct passwd *pw;
 	struct stat st;
 	int r, opt, type, fd;
+	int change_passphrase = 0, change_comment = 0, show_cert = 0;
+	int find_host = 0, delete_host = 0, hash_hosts = 0;
 	int gen_all_hostkeys = 0, gen_krl = 0, update_krl = 0, check_krl = 0;
+	int prefer_agent = 0, convert_to = 0, convert_from = 0;
+	int print_public = 0, print_generic = 0, cert_serial_autoinc = 0;
+	unsigned long long cert_serial = 0;
+	char *identity_comment = NULL, *ca_key_path = NULL;
+	u_int32_t bits = 0;
 	FILE *f;
 	const char *errstr;
+	int log_level = SYSLOG_LEVEL_INFO;
+	char *sign_op = NULL;
 #ifdef WITH_OPENSSL
 	/* Moduli generation/screening */
 	char out_file[PATH_MAX], *checkpoint = NULL;
@@ -2448,38 +2785,35 @@
 	extern int optind;
 	extern char *optarg;
 
-	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
 	__progname = ssh_get_progname(argv[0]);
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-#endif
-	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
-
 	seed_rng();
 
+	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
+
 	msetlocale();
 
 	/* we need this for the home * directory.  */
 	pw = getpwuid(getuid());
 	if (!pw)
 		fatal("No user exists for uid %lu", (u_long)getuid());
-	if (gethostname(hostname, sizeof(hostname)) < 0)
+	if (gethostname(hostname, sizeof(hostname)) == -1)
 		fatal("gethostname: %s", strerror(errno));
 
-	/* Remaining characters: Ydw */
+	/* Remaining characters: dw */
 	while ((opt = getopt(argc, argv, "ABHLQUXceghiklopquvxy"
-	    "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Z:"
+	    "C:D:E:F:G:I:J:K:M:N:O:P:R:S:T:V:W:Y:Z:"
 	    "a:b:f:g:j:m:n:r:s:t:z:")) != -1) {
 		switch (opt) {
 		case 'A':
 			gen_all_hostkeys = 1;
 			break;
 		case 'b':
-			bits = (u_int32_t)strtonum(optarg, 10, 32768, &errstr);
+			bits = (u_int32_t)strtonum(optarg, 1, UINT32_MAX,
+			    &errstr);
 			if (errstr)
 				fatal("Bits has bad value %s (%s)",
 					optarg, errstr);
@@ -2520,11 +2854,12 @@
 			}
 			if (strcasecmp(optarg, "PKCS8") == 0) {
 				convert_format = FMT_PKCS8;
+				private_key_format = SSHKEY_PRIVATE_PKCS8;
 				break;
 			}
 			if (strcasecmp(optarg, "PEM") == 0) {
 				convert_format = FMT_PEM;
-				use_new_format = 0;
+				private_key_format = SSHKEY_PRIVATE_PEM;
 				break;
 			}
 			fatal("Unsupported conversion format \"%s\"", optarg);
@@ -2562,7 +2897,7 @@
 			add_cert_option(optarg);
 			break;
 		case 'Z':
-			new_format_cipher = optarg;
+			openssh_format_cipher = optarg;
 			break;
 		case 'C':
 			identity_comment = optarg;
@@ -2626,8 +2961,15 @@
 		case 'V':
 			parse_cert_times(optarg);
 			break;
+		case 'Y':
+			sign_op = optarg;
+			break;
 		case 'z':
 			errno = 0;
+			if (*optarg == '+') {
+				cert_serial_autoinc = 1;
+				optarg++;
+			}
 			cert_serial = strtoull(optarg, &ep, 10);
 			if (*optarg < '0' || *optarg > '9' || *ep != '\0' ||
 			    (errno == ERANGE && cert_serial == ULLONG_MAX))
@@ -2689,6 +3031,50 @@
 	argv += optind;
 	argc -= optind;
 
+	if (sign_op != NULL) {
+		if (cert_principals == NULL || *cert_principals == '\0') {
+			error("Too few arguments for sign/verify: "
+			    "missing namespace");
+			exit(1);
+		}
+		if (strncmp(sign_op, "sign", 4) == 0) {
+			if (!have_identity) {
+				error("Too few arguments for sign: "
+				    "missing key");
+				exit(1);
+			}
+			return sign(identity_file, cert_principals, argc, argv);
+		} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
+			if (ca_key_path == NULL) {
+				error("Too few arguments for check-novalidate: "
+				      "missing signature file");
+				exit(1);
+			}
+			return verify(ca_key_path, cert_principals,
+				      NULL, NULL, NULL);
+		} else if (strncmp(sign_op, "verify", 6) == 0) {
+			if (ca_key_path == NULL) {
+				error("Too few arguments for verify: "
+				    "missing signature file");
+				exit(1);
+			}
+			if (!have_identity) {
+				error("Too few arguments for sign: "
+				    "missing allowed keys file");
+				exit(1);
+			}
+			if (cert_key_id == NULL) {
+				error("Too few arguments for verify: "
+				    "missing principal ID");
+				exit(1);
+			}
+			return verify(ca_key_path, cert_principals,
+			    cert_key_id, identity_file, rr_hostname);
+		}
+		usage();
+		/* NOTREACHED */
+	}
+
 	if (ca_key_path != NULL) {
 		if (argc < 1 && !gen_krl) {
 			error("Too few arguments.");
@@ -2707,7 +3093,8 @@
 		usage();
 	}
 	if (gen_krl) {
-		do_gen_krl(pw, update_krl, argc, argv);
+		do_gen_krl(pw, update_krl, ca_key_path,
+		    cert_serial, identity_comment, argc, argv);
 		return (0);
 	}
 	if (check_krl) {
@@ -2717,12 +3104,15 @@
 	if (ca_key_path != NULL) {
 		if (cert_key_id == NULL)
 			fatal("Must specify key id (-I) when certifying");
-		do_ca_sign(pw, argc, argv);
+		do_ca_sign(pw, ca_key_path, prefer_agent,
+		    cert_serial, cert_serial_autoinc, argc, argv);
 	}
 	if (show_cert)
 		do_show_cert(pw);
-	if (delete_host || hash_hosts || find_host)
-		do_known_hosts(pw, rr_hostname);
+	if (delete_host || hash_hosts || find_host) {
+		do_known_hosts(pw, rr_hostname, find_host,
+		    delete_host, hash_hosts);
+	}
 	if (pkcs11provider != NULL)
 		do_download(pw);
 	if (print_fingerprint || print_bubblebabble)
@@ -2730,36 +3120,44 @@
 	if (change_passphrase)
 		do_change_passphrase(pw);
 	if (change_comment)
-		do_change_comment(pw);
+		do_change_comment(pw, identity_comment);
 #ifdef WITH_OPENSSL
 	if (convert_to)
 		do_convert_to(pw);
 	if (convert_from)
 		do_convert_from(pw);
-#endif
+#else /* WITH_OPENSSL */
+	if (convert_to || convert_from)
+		fatal("key conversion disabled at compile time");
+#endif /* WITH_OPENSSL */
 	if (print_public)
 		do_print_public(pw);
 	if (rr_hostname != NULL) {
 		unsigned int n = 0;
 
 		if (have_identity) {
-			n = do_print_resource_record(pw,
-			    identity_file, rr_hostname);
+			n = do_print_resource_record(pw, identity_file,
+			    rr_hostname, print_generic);
 			if (n == 0)
 				fatal("%s: %s", identity_file, strerror(errno));
 			exit(0);
 		} else {
 
 			n += do_print_resource_record(pw,
-			    _PATH_HOST_RSA_KEY_FILE, rr_hostname);
+			    _PATH_HOST_RSA_KEY_FILE, rr_hostname,
+			    print_generic);
 			n += do_print_resource_record(pw,
-			    _PATH_HOST_DSA_KEY_FILE, rr_hostname);
+			    _PATH_HOST_DSA_KEY_FILE, rr_hostname,
+			    print_generic);
 			n += do_print_resource_record(pw,
-			    _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
+			    _PATH_HOST_ECDSA_KEY_FILE, rr_hostname,
+			    print_generic);
 			n += do_print_resource_record(pw,
-			    _PATH_HOST_ED25519_KEY_FILE, rr_hostname);
+			    _PATH_HOST_ED25519_KEY_FILE, rr_hostname,
+			    print_generic);
 			n += do_print_resource_record(pw,
-			    _PATH_HOST_XMSS_KEY_FILE, rr_hostname);
+			    _PATH_HOST_XMSS_KEY_FILE, rr_hostname,
+			    print_generic);
 			if (n == 0)
 				fatal("no keys found.");
 			exit(0);
@@ -2834,11 +3232,11 @@
 	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
 	    pw->pw_dir, _PATH_SSH_USER_DIR);
 	if (strstr(identity_file, dotsshdir) != NULL) {
-		if (stat(dotsshdir, &st) < 0) {
+		if (stat(dotsshdir, &st) == -1) {
 			if (errno != ENOENT) {
 				error("Could not stat %s: %s", dotsshdir,
 				    strerror(errno));
-			} else if (mkdir(dotsshdir, 0700) < 0) {
+			} else if (mkdir(dotsshdir, 0700) == -1) {
 				error("Could not create directory '%s': %s",
 				    dotsshdir, strerror(errno));
 			} else if (!quiet)
@@ -2846,16 +3244,8 @@
 		}
 	}
 	/* If the file already exists, ask the user to confirm. */
-	if (stat(identity_file, &st) >= 0) {
-		char yesno[3];
-		printf("%s already exists.\n", identity_file);
-		printf("Overwrite (y/n)? ");
-		fflush(stdout);
-		if (fgets(yesno, sizeof(yesno), stdin) == NULL)
-			exit(1);
-		if (yesno[0] != 'y' && yesno[0] != 'Y')
-			exit(1);
-	}
+	if (!confirm_overwrite(identity_file))
+		exit(1);
 	/* Ask for a passphrase (twice). */
 	if (identity_passphrase)
 		passphrase1 = xstrdup(identity_passphrase);
@@ -2894,7 +3284,7 @@
 
 	/* Save the key with the given passphrase and comment. */
 	if ((r = sshkey_save_private(private, identity_file, passphrase1,
-	    comment, use_new_format, new_format_cipher, rounds)) != 0) {
+	    comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
 		error("Saving key \"%s\" failed: %s",
 		    identity_file, ssh_err(r));
 		explicit_bzero(passphrase1, strlen(passphrase1));
Index: ssh-keyscan.0
===================================================================
--- ssh-keyscan.0
+++ ssh-keyscan.0
@@ -93,4 +93,4 @@
      Davison <wayned@users.sourceforge.net> added support for protocol version
      2.
 
-OpenBSD 6.4                      March 5, 2018                     OpenBSD 6.4
+OpenBSD 6.6                      March 5, 2018                     OpenBSD 6.6
Index: ssh-keyscan.c
===================================================================
--- ssh-keyscan.c
+++ ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.120 2018/06/06 18:29:18 markus Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.130 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -19,7 +19,9 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 
+#ifdef WITH_OPENSSL
 #include <openssl/bn.h>
+#endif
 
 #include <netdb.h>
 #include <errno.h>
@@ -70,6 +72,8 @@
 
 int print_sshfp = 0;		/* Print SSHFP records instead of known_hosts */
 
+int found_one = 0;		/* Successfully found a key */
+
 #define MAXMAXFD 256
 
 /* The number of seconds after which to give up on a TCP connection */
@@ -83,8 +87,6 @@
 size_t read_wait_nfdset;
 int ncon;
 
-struct ssh *active_state = NULL; /* XXX needed for linking */
-
 /*
  * Keep a connection structure for each file descriptor.  The state
  * associated with file descriptor n is held in fdcon[n].
@@ -122,7 +124,7 @@
 #if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
 	struct rlimit rlfd;
 
-	if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
+	if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1)
 		return (-1);
 	if ((hard ? rlfd.rlim_max : rlfd.rlim_cur) == RLIM_INFINITY)
 		return SSH_SYSFDMAX;
@@ -143,10 +145,10 @@
 	if (lim <= 0)
 		return (-1);
 #if defined(HAVE_SETRLIMIT) && defined(RLIMIT_NOFILE)
-	if (getrlimit(RLIMIT_NOFILE, &rlfd) < 0)
+	if (getrlimit(RLIMIT_NOFILE, &rlfd) == -1)
 		return (-1);
 	rlfd.rlim_cur = lim;
-	if (setrlimit(RLIMIT_NOFILE, &rlfd) < 0)
+	if (setrlimit(RLIMIT_NOFILE, &rlfd) == -1)
 		return (-1);
 #elif defined (HAVE_SETDTABLESIZE)
 	setdtablesize(lim);
@@ -233,7 +235,12 @@
 		break;
 	case KT_RSA:
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
-		    "ssh-rsa-cert-v01@openssh.com" : "ssh-rsa";
+		    "rsa-sha2-512-cert-v01@openssh.com,"
+		    "rsa-sha2-256-cert-v01@openssh.com,"
+		    "ssh-rsa-cert-v01@openssh.com" :
+		    "rsa-sha2-512,"
+		    "rsa-sha2-256,"
+		    "ssh-rsa";
 		break;
 	case KT_ED25519:
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = get_cert ?
@@ -262,18 +269,19 @@
 		exit(1);
 	}
 #ifdef WITH_OPENSSL
-	c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
-	c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
-	c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
-	c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
-	c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
+	c->c_ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
+	c->c_ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
+	c->c_ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
+	c->c_ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
+	c->c_ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
 	c->c_ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 	c->c_ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
 # ifdef OPENSSL_HAS_ECC
-	c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+	c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
 # endif
 #endif
-	c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+	c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
+	c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
 	ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
 	/*
 	 * do the key-exchange until an error occurs or until
@@ -288,6 +296,8 @@
 	char *hostport;
 	const char *known_host, *hashed;
 
+	found_one = 1;
+
 	if (print_sshfp) {
 		export_dns_rr(host, key, stdout, 0);
 		return;
@@ -340,13 +350,13 @@
 	}
 	for (ai = aitop; ai; ai = ai->ai_next) {
 		s = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-		if (s < 0) {
+		if (s == -1) {
 			error("socket: %s", strerror(errno));
 			continue;
 		}
 		if (set_nonblock(s) == -1)
 			fatal("%s: set_nonblock(%d)", __func__, s);
-		if (connect(s, ai->ai_addr, ai->ai_addrlen) < 0 &&
+		if (connect(s, ai->ai_addr, ai->ai_addrlen) == -1 &&
 		    errno != EINPROGRESS)
 			error("connect (`%s'): %s", host, strerror(errno));
 		else
@@ -653,7 +663,6 @@
 	extern int optind;
 	extern char *optarg;
 
-	ssh_malloc_init();	/* must be called before any mallocs */
 	__progname = ssh_get_progname(argv[0]);
 	seed_rng();
 	TAILQ_INIT(&tq);
@@ -803,5 +812,5 @@
 	while (ncon > 0)
 		conloop();
 
-	return (0);
+	return found_one ? 0 : 1;
 }
Index: ssh-keysign.0
===================================================================
--- ssh-keysign.0
+++ ssh-keysign.0
@@ -49,4 +49,4 @@
 AUTHORS
      Markus Friedl <markus@openbsd.org>
 
-OpenBSD 6.4                    February 17, 2016                   OpenBSD 6.4
+OpenBSD 6.6                    February 17, 2016                   OpenBSD 6.6
Index: ssh-keysign.c
===================================================================
--- ssh-keysign.c
+++ ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.55 2018/07/27 05:34:42 dtucker Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.61 2019/10/02 00:42:30 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -31,6 +31,7 @@
 #endif
 #include <pwd.h>
 #include <stdarg.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
@@ -40,6 +41,7 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
+#include "openbsd-compat/openssl-compat.h"
 #endif
 
 #include "xmalloc.h"
@@ -55,11 +57,8 @@
 #include "pathnames.h"
 #include "readconf.h"
 #include "uidswap.h"
-#include "sshkey.h"
 #include "ssherr.h"
 
-struct ssh *active_state = NULL; /* XXX needed for linking */
-
 extern char *__progname;
 
 static int
@@ -173,11 +172,7 @@
 	u_char *signature, *data, rver;
 	char *host, *fp;
 	size_t slen, dlen;
-#ifdef WITH_OPENSSL
-	u_int32_t rnd[256];
-#endif
 
-	ssh_malloc_init();	/* must be called before any mallocs */
 	if (pledge("stdio rpath getpw dns id", NULL) != 0)
 		fatal("%s: pledge: %s", __progname, strerror(errno));
 
@@ -210,7 +205,8 @@
 
 	/* verify that ssh-keysign is enabled by the admin */
 	initialize_options(&options);
-	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "", &options, 0);
+	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "",
+	    &options, 0, NULL);
 	fill_default_options(&options);
 	if (options.enable_ssh_keysign != 1)
 		fatal("ssh-keysign not enabled in %s",
@@ -223,12 +219,6 @@
 	if (found == 0)
 		fatal("could not open any host key");
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-	arc4random_buf(rnd, sizeof(rnd));
-	RAND_seed(rnd, sizeof(rnd));
-#endif
-
 	found = 0;
 	for (i = 0; i < NUM_KEYTYPES; i++) {
 		keys[i] = NULL;
@@ -261,7 +251,7 @@
 	if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
 		fatal("%s: buffer error: %s", __progname, ssh_err(r));
 	if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
-		fatal("bad fd");
+		fatal("bad fd = %d", fd);
 	if ((host = get_local_name(fd)) == NULL)
 		fatal("cannot get local name for fd");
 
Index: ssh-pkcs11-client.c
===================================================================
--- ssh-pkcs11-client.c
+++ ssh-pkcs11-client.c
@@ -1,6 +1,7 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.10 2018/07/09 21:59:10 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.15 2019/01/21 12:53:35 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -30,6 +31,7 @@
 #include <unistd.h>
 #include <errno.h>
 
+#include <openssl/ecdsa.h>
 #include <openssl/rsa.h>
 
 #include "openbsd-compat/openssl-compat.h"
@@ -47,8 +49,8 @@
 
 /* borrows code from sftp-server and ssh-agent */
 
-int fd = -1;
-pid_t pid = -1;
+static int fd = -1;
+static pid_t pid = -1;
 
 static void
 send_msg(struct sshbuf *m)
@@ -113,22 +115,27 @@
 }
 
 static int
-pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
-    int padding)
+rsa_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, int padding)
 {
-	struct sshkey key;	/* XXX */
-	u_char *blob, *signature = NULL;
+	struct sshkey *key = NULL;
+	struct sshbuf *msg = NULL;
+	u_char *blob = NULL, *signature = NULL;
 	size_t blen, slen = 0;
 	int r, ret = -1;
-	struct sshbuf *msg;
 
 	if (padding != RSA_PKCS1_PADDING)
-		return (-1);
-	key.type = KEY_RSA;
-	key.rsa = rsa;
-	if ((r = sshkey_to_blob(&key, &blob, &blen)) != 0) {
+		goto fail;
+	key = sshkey_new(KEY_UNSPEC);
+	if (key == NULL) {
+		error("%s: sshkey_new failed", __func__);
+		goto fail;
+	}
+	key->type = KEY_RSA;
+	RSA_up_ref(rsa);
+	key->rsa = rsa;
+	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
 		error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
-		return -1;
+		goto fail;
 	}
 	if ((msg = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
@@ -137,7 +144,6 @@
 	    (r = sshbuf_put_string(msg, from, flen)) != 0 ||
 	    (r = sshbuf_put_u32(msg, 0)) != 0)
 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	free(blob);
 	send_msg(msg);
 	sshbuf_reset(msg);
 
@@ -150,22 +156,115 @@
 		}
 		free(signature);
 	}
+ fail:
+	free(blob);
+	sshkey_free(key);
 	sshbuf_free(msg);
 	return (ret);
 }
 
-/* redirect the private key encrypt operation to the ssh-pkcs11-helper */
+#ifdef HAVE_EC_KEY_METHOD_NEW
+static ECDSA_SIG *
+ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+    const BIGNUM *rp, EC_KEY *ec)
+{
+	struct sshkey *key = NULL;
+	struct sshbuf *msg = NULL;
+	ECDSA_SIG *ret = NULL;
+	const u_char *cp;
+	u_char *blob = NULL, *signature = NULL;
+	size_t blen, slen = 0;
+	int r, nid;
+
+	nid = sshkey_ecdsa_key_to_nid(ec);
+	if (nid < 0) {
+		error("%s: couldn't get curve nid", __func__);
+		goto fail;
+	}
+
+	key = sshkey_new(KEY_UNSPEC);
+	if (key == NULL) {
+		error("%s: sshkey_new failed", __func__);
+		goto fail;
+	}
+	key->ecdsa = ec;
+	key->ecdsa_nid = nid;
+	key->type = KEY_ECDSA;
+	EC_KEY_up_ref(ec);
+
+	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
+		error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
+		goto fail;
+	}
+	if ((msg = sshbuf_new()) == NULL)
+		fatal("%s: sshbuf_new failed", __func__);
+	if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
+	    (r = sshbuf_put_string(msg, blob, blen)) != 0 ||
+	    (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 ||
+	    (r = sshbuf_put_u32(msg, 0)) != 0)
+		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	send_msg(msg);
+	sshbuf_reset(msg);
+
+	if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
+		if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0)
+			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		cp = signature;
+		ret = d2i_ECDSA_SIG(NULL, &cp, slen);
+		free(signature);
+	}
+
+ fail:
+	free(blob);
+	sshkey_free(key);
+	sshbuf_free(msg);
+	return (ret);
+}
+#endif /* HAVE_EC_KEY_METHOD_NEW */
+
+static RSA_METHOD	*helper_rsa;
+#ifdef HAVE_EC_KEY_METHOD_NEW
+static EC_KEY_METHOD	*helper_ecdsa;
+#endif /* HAVE_EC_KEY_METHOD_NEW */
+
+/* redirect private key crypto operations to the ssh-pkcs11-helper */
+static void
+wrap_key(struct sshkey *k)
+{
+	if (k->type == KEY_RSA)
+		RSA_set_method(k->rsa, helper_rsa);
+#ifdef HAVE_EC_KEY_METHOD_NEW
+	else if (k->type == KEY_ECDSA)
+		EC_KEY_set_method(k->ecdsa, helper_ecdsa);
+#endif /* HAVE_EC_KEY_METHOD_NEW */
+	else
+		fatal("%s: unknown key type", __func__);
+}
+
 static int
-wrap_key(RSA *rsa)
+pkcs11_start_helper_methods(void)
 {
-	static RSA_METHOD *helper_rsa;
+	if (helper_rsa != NULL)
+		return (0);
 
+#ifdef HAVE_EC_KEY_METHOD_NEW
+	int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
+	    unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
+	if (helper_ecdsa != NULL)
+		return (0);
+	helper_ecdsa = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
+	if (helper_ecdsa == NULL)
+		return (-1);
+	EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);
+	EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);
+#endif /* HAVE_EC_KEY_METHOD_NEW */
+
 	if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
 		fatal("%s: RSA_meth_dup failed", __func__);
 	if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||
-	    !RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt))
+	    !RSA_meth_set_priv_enc(helper_rsa, rsa_encrypt))
 		fatal("%s: failed to prepare method", __func__);
-	RSA_set_method(rsa, helper_rsa);
+
 	return (0);
 }
 
@@ -173,7 +272,16 @@
 pkcs11_start_helper(void)
 {
 	int pair[2];
+	char *helper, *verbosity = NULL;
 
+	if (log_level_get() >= SYSLOG_LEVEL_DEBUG1)
+		verbosity = "-vvv";
+
+	if (pkcs11_start_helper_methods() == -1) {
+		error("pkcs11_start_helper_methods failed");
+		return (-1);
+	}
+
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1) {
 		error("socketpair: %s", strerror(errno));
 		return (-1);
@@ -189,10 +297,13 @@
 		}
 		close(pair[0]);
 		close(pair[1]);
-		execlp(_PATH_SSH_PKCS11_HELPER, _PATH_SSH_PKCS11_HELPER,
-		    (char *)NULL);
-		fprintf(stderr, "exec: %s: %s\n", _PATH_SSH_PKCS11_HELPER,
-		    strerror(errno));
+		helper = getenv("SSH_PKCS11_HELPER");
+		if (helper == NULL || strlen(helper) == 0)
+			helper = _PATH_SSH_PKCS11_HELPER;
+		debug("%s: starting %s %s", __func__, helper,
+		    verbosity == NULL ? "" : verbosity);
+		execlp(helper, helper, verbosity, (char *)NULL);
+		fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno));
 		_exit(1);
 	}
 	close(pair[1]);
@@ -204,7 +315,7 @@
 pkcs11_add_provider(char *name, char *pin, struct sshkey ***keysp)
 {
 	struct sshkey *k;
-	int r;
+	int r, type;
 	u_char *blob;
 	size_t blen;
 	u_int nkeys, i;
@@ -222,7 +333,8 @@
 	send_msg(msg);
 	sshbuf_reset(msg);
 
-	if (recv_msg(msg) == SSH2_AGENT_IDENTITIES_ANSWER) {
+	type = recv_msg(msg);
+	if (type == SSH2_AGENT_IDENTITIES_ANSWER) {
 		if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 		*keysp = xcalloc(nkeys, sizeof(struct sshkey *));
@@ -234,10 +346,13 @@
 				    __func__, ssh_err(r));
 			if ((r = sshkey_from_blob(blob, blen, &k)) != 0)
 				fatal("%s: bad key: %s", __func__, ssh_err(r));
-			wrap_key(k->rsa);
+			wrap_key(k);
 			(*keysp)[i] = k;
 			free(blob);
 		}
+	} else if (type == SSH2_AGENT_FAILURE) {
+		if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
+			nkeys = -1;
 	} else {
 		nkeys = -1;
 	}
Index: ssh-pkcs11-helper.0
===================================================================
--- ssh-pkcs11-helper.0
+++ ssh-pkcs11-helper.0
@@ -4,7 +4,7 @@
      ssh-pkcs11-helper M-bM-^@M-^S ssh-agent helper program for PKCS#11 support
 
 SYNOPSIS
-     ssh-pkcs11-helper
+     ssh-pkcs11-helper [-v]
 
 DESCRIPTION
      ssh-pkcs11-helper is used by ssh-agent(1) to access keys provided by a
@@ -13,6 +13,16 @@
      ssh-pkcs11-helper is not intended to be invoked by the user, but from
      ssh-agent(1).
 
+     A single option is supported:
+
+     -v      Verbose mode.  Causes ssh-pkcs11-helper to print debugging
+             messages about its progress.  This is helpful in debugging
+             problems.  Multiple -v options increase the verbosity.  The
+             maximum is 3.
+
+             Note that ssh-agent(1) will automatically pass the -v flag to
+             ssh-pkcs11-helper when it has itself been placed in debug mode.
+
 SEE ALSO
      ssh(1), ssh-add(1), ssh-agent(1)
 
@@ -22,4 +32,4 @@
 AUTHORS
      Markus Friedl <markus@openbsd.org>
 
-OpenBSD 6.4                      July 16, 2013                     OpenBSD 6.4
+OpenBSD 6.6                    January 21, 2019                    OpenBSD 6.6
Index: ssh-pkcs11-helper.8
===================================================================
--- ssh-pkcs11-helper.8
+++ ssh-pkcs11-helper.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $
+.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.5 2019/01/21 12:53:35 djm Exp $
 .\"
 .\" Copyright (c) 2010 Markus Friedl.  All rights reserved.
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 16 2013 $
+.Dd $Mdocdate: January 21 2019 $
 .Dt SSH-PKCS11-HELPER 8
 .Os
 .Sh NAME
@@ -22,6 +22,7 @@
 .Nd ssh-agent helper program for PKCS#11 support
 .Sh SYNOPSIS
 .Nm
+.Op Fl v
 .Sh DESCRIPTION
 .Nm
 is used by
@@ -31,6 +32,28 @@
 .Nm
 is not intended to be invoked by the user, but from
 .Xr ssh-agent 1 .
+.Pp
+A single option is supported:
+.Bl -tag -width Ds
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+This is helpful in debugging problems.
+Multiple
+.Fl v
+options increase the verbosity.
+The maximum is 3.
+.Pp
+Note that
+.Xr ssh-agent 1
+will automatically pass the
+.Fl v
+flag to
+.Nm
+when it has itself been placed in debug mode.
+.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
Index: ssh-pkcs11-helper.c
===================================================================
--- ssh-pkcs11-helper.c
+++ ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.14 2018/01/08 15:18:46 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.21 2019/09/06 05:23:55 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -24,10 +24,12 @@
 
 #include "openbsd-compat/sys-queue.h"
 
+#include <stdlib.h>
+#include <errno.h>
+#include <poll.h>
 #include <stdarg.h>
 #include <string.h>
 #include <unistd.h>
-#include <errno.h>
 
 #include "xmalloc.h"
 #include "sshbuf.h"
@@ -40,6 +42,8 @@
 
 #ifdef ENABLE_PKCS11
 
+#ifdef WITH_OPENSSL
+
 /* borrows code from sftp-server and ssh-agent */
 
 struct pkcs11_keyinfo {
@@ -110,7 +114,7 @@
 process_add(void)
 {
 	char *name, *pin;
-	struct sshkey **keys;
+	struct sshkey **keys = NULL;
 	int r, i, nkeys;
 	u_char *blob;
 	size_t blen;
@@ -139,11 +143,13 @@
 			free(blob);
 			add_key(keys[i], name);
 		}
-		free(keys);
 	} else {
 		if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		if ((r = sshbuf_put_u32(msg, -nkeys)) != 0)
+			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	}
+	free(keys);
 	free(pin);
 	free(name);
 	send_msg(msg);
@@ -194,13 +200,33 @@
 #ifdef WITH_OPENSSL
 			int ret;
 
-			slen = RSA_size(key->rsa);
-			signature = xmalloc(slen);
-			if ((ret = RSA_private_encrypt(dlen, data, signature,
-			    found->rsa, RSA_PKCS1_PADDING)) != -1) {
-				slen = ret;
-				ok = 0;
-			}
+			if (key->type == KEY_RSA) {
+				slen = RSA_size(key->rsa);
+				signature = xmalloc(slen);
+				ret = RSA_private_encrypt(dlen, data, signature,
+				    found->rsa, RSA_PKCS1_PADDING);
+				if (ret != -1) {
+					slen = ret;
+					ok = 0;
+				}
+#ifdef OPENSSL_HAS_ECC
+			} else if (key->type == KEY_ECDSA) {
+				u_int xslen = ECDSA_size(key->ecdsa);
+
+				signature = xmalloc(xslen);
+				/* "The parameter type is ignored." */
+				ret = ECDSA_sign(-1, data, dlen, signature,
+				    &xslen, found->ecdsa);
+				if (ret != 0)
+					ok = 0;
+				else
+					error("%s: ECDSA_sign"
+					    " returns %d", __func__, ret);
+				slen = xslen;
+#endif /* OPENSSL_HAS_ECC */
+			} else
+				error("%s: don't know how to sign with key "
+				    "type %d", __func__, (int)key->type);
 #endif /* WITH_OPENSSL */
 		}
 		sshkey_free(key);
@@ -287,27 +313,43 @@
 	_exit(i);
 }
 
+
 int
 main(int argc, char **argv)
 {
-	fd_set *rset, *wset;
-	int r, in, out, max, log_stderr = 0;
-	ssize_t len, olen, set_size;
+	int r, ch, in, out, max, log_stderr = 0;
+	ssize_t len;
 	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
 	LogLevel log_level = SYSLOG_LEVEL_ERROR;
 	char buf[4*4096];
-
 	extern char *__progname;
+	struct pollfd pfd[2];
 
-	ssh_malloc_init();	/* must be called before any mallocs */
+	__progname = ssh_get_progname(argv[0]);
+	seed_rng();
 	TAILQ_INIT(&pkcs11_keylist);
-	pkcs11_init(0);
 
-	seed_rng();
-	__progname = ssh_get_progname(argv[0]);
+	log_init(__progname, log_level, log_facility, log_stderr);
 
+	while ((ch = getopt(argc, argv, "v")) != -1) {
+		switch (ch) {
+		case 'v':
+			log_stderr = 1;
+			if (log_level == SYSLOG_LEVEL_ERROR)
+				log_level = SYSLOG_LEVEL_DEBUG1;
+			else if (log_level < SYSLOG_LEVEL_DEBUG3)
+				log_level++;
+			break;
+		default:
+			fprintf(stderr, "usage: %s [-v]\n", __progname);
+			exit(1);
+		}
+	}
+
 	log_init(__progname, log_level, log_facility, log_stderr);
 
+	pkcs11_init(0);
+
 	in = STDIN_FILENO;
 	out = STDOUT_FILENO;
 
@@ -322,14 +364,11 @@
 	if ((oqueue = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
 
-	set_size = howmany(max + 1, NFDBITS) * sizeof(fd_mask);
-	rset = xmalloc(set_size);
-	wset = xmalloc(set_size);
+	while (1) {
+		memset(pfd, 0, sizeof(pfd));
+		pfd[0].fd = in;
+		pfd[1].fd = out;
 
-	for (;;) {
-		memset(rset, 0, set_size);
-		memset(wset, 0, set_size);
-
 		/*
 		 * Ensure that we can read a full buffer and handle
 		 * the worst-case length packet it can generate,
@@ -337,23 +376,21 @@
 		 */
 		if ((r = sshbuf_check_reserve(iqueue, sizeof(buf))) == 0 &&
 		    (r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0)
-			FD_SET(in, rset);
+			pfd[0].events = POLLIN;
 		else if (r != SSH_ERR_NO_BUFFER_SPACE)
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 
-		olen = sshbuf_len(oqueue);
-		if (olen > 0)
-			FD_SET(out, wset);
+		if (sshbuf_len(oqueue) > 0)
+			pfd[1].events = POLLOUT;
 
-		if (select(max+1, rset, wset, NULL, NULL) < 0) {
-			if (errno == EINTR)
+		if ((r = poll(pfd, 2, -1 /* INFTIM */)) <= 0) {
+			if (r == 0 || errno == EINTR)
 				continue;
-			error("select: %s", strerror(errno));
-			cleanup_exit(2);
+			fatal("poll: %s", strerror(errno));
 		}
 
 		/* copy stdin to iqueue */
-		if (FD_ISSET(in, rset)) {
+		if ((pfd[0].revents & (POLLIN|POLLERR)) != 0) {
 			len = read(in, buf, sizeof buf);
 			if (len == 0) {
 				debug("read eof");
@@ -367,8 +404,9 @@
 			}
 		}
 		/* send oqueue to stdout */
-		if (FD_ISSET(out, wset)) {
-			len = write(out, sshbuf_ptr(oqueue), olen);
+		if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) {
+			len = write(out, sshbuf_ptr(oqueue),
+			    sshbuf_len(oqueue));
 			if (len < 0) {
 				error("write: %s", strerror(errno));
 				cleanup_exit(1);
@@ -389,6 +427,21 @@
 			fatal("%s: buffer error: %s", __func__, ssh_err(r));
 	}
 }
+
+#else /* WITH_OPENSSL */
+void
+cleanup_exit(int i)
+{
+	_exit(i);
+}
+
+int
+main(int argc, char **argv)
+{
+	fprintf(stderr, "PKCS#11 code is not enabled\n");
+	return 1;
+}
+#endif /* WITH_OPENSSL */
 #else /* ENABLE_PKCS11 */
 int
 main(int argc, char **argv)
Index: ssh-pkcs11.h
===================================================================
--- ssh-pkcs11.h
+++ ssh-pkcs11.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.h,v 1.4 2015/01/15 09:40:00 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.h,v 1.5 2019/01/20 22:51:37 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -14,10 +14,26 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
+
+/* Errors for pkcs11_add_provider() */
+#define	SSH_PKCS11_ERR_GENERIC			1
+#define	SSH_PKCS11_ERR_LOGIN_FAIL		2
+#define	SSH_PKCS11_ERR_NO_SLOTS			3
+#define	SSH_PKCS11_ERR_PIN_REQUIRED		4
+#define	SSH_PKCS11_ERR_PIN_LOCKED		5
+
 int	pkcs11_init(int);
 void	pkcs11_terminate(void);
 int	pkcs11_add_provider(char *, char *, struct sshkey ***);
 int	pkcs11_del_provider(char *);
+#ifdef WITH_PKCS11_KEYGEN
+struct sshkey *
+	pkcs11_gakp(char *, char *, unsigned int, char *, unsigned int,
+	    unsigned int, unsigned char, u_int32_t *);
+struct sshkey *
+	pkcs11_destroy_keypair(char *, char *, unsigned long, unsigned char,
+	    u_int32_t *);
+#endif
 
 #if !defined(WITH_OPENSSL) && defined(ENABLE_PKCS11)
 #undef ENABLE_PKCS11
Index: ssh-pkcs11.c
===================================================================
--- ssh-pkcs11.c
+++ ssh-pkcs11.c
@@ -1,6 +1,7 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.46 2019/10/01 10:22:53 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -19,20 +20,24 @@
 
 #ifdef ENABLE_PKCS11
 
-#include <sys/types.h>
 #ifdef HAVE_SYS_TIME_H
 # include <sys/time.h>
 #endif
+
+#include <sys/types.h>
 #include <stdarg.h>
 #include <stdio.h>
 
+#include <ctype.h>
 #include <string.h>
 #include <dlfcn.h>
 
 #include "openbsd-compat/sys-queue.h"
 #include "openbsd-compat/openssl-compat.h"
 
+#include <openssl/ecdsa.h>
 #include <openssl/x509.h>
+#include <openssl/err.h>
 
 #define CRYPTOKI_COMPAT
 #include "pkcs11.h"
@@ -67,14 +72,25 @@
 struct pkcs11_key {
 	struct pkcs11_provider	*provider;
 	CK_ULONG		slotidx;
-	int			(*orig_finish)(RSA *rsa);
-	RSA_METHOD		*rsa_method;
 	char			*keyid;
 	int			keyid_len;
 };
 
 int pkcs11_interactive = 0;
 
+#ifdef HAVE_EC_KEY_METHOD_NEW
+static void
+ossl_error(const char *msg)
+{
+	unsigned long    e;
+
+	error("%s: %s", __func__, msg);
+	while ((e = ERR_get_error()) != 0)
+		error("%s: libcrypto error: %.100s", __func__,
+		    ERR_error_string(e, NULL));
+}
+#endif /* HAVE_EC_KEY_METHOD_NEW */
+
 int
 pkcs11_init(int interactive)
 {
@@ -84,9 +100,9 @@
 }
 
 /*
- * finalize a provider shared libarary, it's no longer usable.
+ * finalize a provider shared library, it's no longer usable.
  * however, there might still be keys referencing this provider,
- * so the actuall freeing of memory is handled by pkcs11_provider_unref().
+ * so the actual freeing of memory is handled by pkcs11_provider_unref().
  * this is called when a provider gets unregistered.
  */
 static void
@@ -123,6 +139,7 @@
 	if (--p->refcount <= 0) {
 		if (p->valid)
 			error("pkcs11_provider_unref: %p still valid", p);
+		free(p->name);
 		free(p->slotlist);
 		free(p->slotinfo);
 		free(p);
@@ -171,23 +188,27 @@
 	return (-1);
 }
 
-/* openssl callback for freeing an RSA key */
-static int
-pkcs11_rsa_finish(RSA *rsa)
+static RSA_METHOD *rsa_method;
+static int rsa_idx = 0;
+#ifdef HAVE_EC_KEY_METHOD_NEW
+static EC_KEY_METHOD *ec_key_method;
+static int ec_key_idx = 0;
+#endif
+
+/* release a wrapped object */
+static void
+pkcs11_k11_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
+    long argl, void *argp)
 {
-	struct pkcs11_key	*k11;
-	int rv = -1;
+	struct pkcs11_key	*k11 = ptr;
 
-	if ((k11 = RSA_get_app_data(rsa)) != NULL) {
-		if (k11->orig_finish)
-			rv = k11->orig_finish(rsa);
-		if (k11->provider)
-			pkcs11_provider_unref(k11->provider);
-		RSA_meth_free(k11->rsa_method);
-		free(k11->keyid);
-		free(k11);
-	}
-	return (rv);
+	debug("%s: parent %p ptr %p idx %d", __func__, parent, ptr, idx);
+	if (k11 == NULL)
+		return;
+	if (k11->provider)
+		pkcs11_provider_unref(k11->provider);
+	free(k11->keyid);
+	free(k11);
 }
 
 /* find a single 'obj' for given attributes */
@@ -218,88 +239,202 @@
 	return (ret);
 }
 
-/* openssl callback doing the actual signing operation */
 static int
-pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
-    int padding)
+pkcs11_login_slot(struct pkcs11_provider *provider, struct pkcs11_slotinfo *si,
+    CK_USER_TYPE type)
 {
-	struct pkcs11_key	*k11;
+	char			*pin = NULL, prompt[1024];
+	CK_RV			 rv;
+
+	if (provider == NULL || si == NULL || !provider->valid) {
+		error("no pkcs11 (valid) provider found");
+		return (-1);
+	}
+
+	if (!pkcs11_interactive) {
+		error("need pin entry%s",
+		    (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH) ?
+		    " on reader keypad" : "");
+		return (-1);
+	}
+	if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
+		verbose("Deferring PIN entry to reader keypad.");
+	else {
+		snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ",
+		    si->token.label);
+		if ((pin = read_passphrase(prompt, RP_ALLOW_EOF)) == NULL) {
+			debug("%s: no pin specified", __func__);
+			return (-1);	/* bail out */
+		}
+	}
+	rv = provider->function_list->C_Login(si->session, type, (u_char *)pin,
+	    (pin != NULL) ? strlen(pin) : 0);
+	if (pin != NULL)
+		freezero(pin, strlen(pin));
+	if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
+		error("C_Login failed: %lu", rv);
+		return (-1);
+	}
+	si->logged_in = 1;
+	return (0);
+}
+
+static int
+pkcs11_login(struct pkcs11_key *k11, CK_USER_TYPE type)
+{
+	if (k11 == NULL || k11->provider == NULL || !k11->provider->valid) {
+		error("no pkcs11 (valid) provider found");
+		return (-1);
+	}
+
+	return pkcs11_login_slot(k11->provider,
+	    &k11->provider->slotinfo[k11->slotidx], type);
+}
+
+
+static int
+pkcs11_check_obj_bool_attrib(struct pkcs11_key *k11, CK_OBJECT_HANDLE obj,
+    CK_ATTRIBUTE_TYPE type, int *val)
+{
 	struct pkcs11_slotinfo	*si;
 	CK_FUNCTION_LIST	*f;
-	CK_OBJECT_HANDLE	obj;
-	CK_ULONG		tlen = 0;
-	CK_RV			rv;
-	CK_OBJECT_CLASS	private_key_class = CKO_PRIVATE_KEY;
-	CK_BBOOL		true_val = CK_TRUE;
-	CK_MECHANISM		mech = {
-		CKM_RSA_PKCS, NULL_PTR, 0
-	};
-	CK_ATTRIBUTE		key_filter[] = {
-		{CKA_CLASS, NULL, sizeof(private_key_class) },
-		{CKA_ID, NULL, 0},
-		{CKA_SIGN, NULL, sizeof(true_val) }
-	};
-	char			*pin = NULL, prompt[1024];
-	int			rval = -1;
+	CK_BBOOL		flag = 0;
+	CK_ATTRIBUTE		attr;
+	CK_RV			 rv;
 
-	key_filter[0].pValue = &private_key_class;
-	key_filter[2].pValue = &true_val;
+	*val = 0;
 
-	if ((k11 = RSA_get_app_data(rsa)) == NULL) {
-		error("RSA_get_app_data failed for rsa %p", rsa);
+	if (!k11->provider || !k11->provider->valid) {
+		error("no pkcs11 (valid) provider found");
 		return (-1);
 	}
+
+	f = k11->provider->function_list;
+	si = &k11->provider->slotinfo[k11->slotidx];
+
+	attr.type = type;
+	attr.pValue = &flag;
+	attr.ulValueLen = sizeof(flag);
+
+	rv = f->C_GetAttributeValue(si->session, obj, &attr, 1);
+	if (rv != CKR_OK) {
+		error("C_GetAttributeValue failed: %lu", rv);
+		return (-1);
+	}
+	*val = flag != 0;
+	debug("%s: provider %p slot %lu object %lu: attrib %lu = %d",
+	    __func__, k11->provider, k11->slotidx, obj, type, *val);
+	return (0);
+}
+
+static int
+pkcs11_get_key(struct pkcs11_key *k11, CK_MECHANISM_TYPE mech_type)
+{
+	struct pkcs11_slotinfo	*si;
+	CK_FUNCTION_LIST	*f;
+	CK_OBJECT_HANDLE	 obj;
+	CK_RV			 rv;
+	CK_OBJECT_CLASS		 private_key_class;
+	CK_BBOOL		 true_val;
+	CK_MECHANISM		 mech;
+	CK_ATTRIBUTE		 key_filter[3];
+	int			 always_auth = 0;
+	int			 did_login = 0;
+
 	if (!k11->provider || !k11->provider->valid) {
-		error("no pkcs11 (valid) provider for rsa %p", rsa);
+		error("no pkcs11 (valid) provider found");
 		return (-1);
 	}
+
 	f = k11->provider->function_list;
 	si = &k11->provider->slotinfo[k11->slotidx];
+
 	if ((si->token.flags & CKF_LOGIN_REQUIRED) && !si->logged_in) {
-		if (!pkcs11_interactive) {
-			error("need pin entry%s", (si->token.flags &
-			    CKF_PROTECTED_AUTHENTICATION_PATH) ?
-			    " on reader keypad" : "");
+		if (pkcs11_login(k11, CKU_USER) < 0) {
+			error("login failed");
 			return (-1);
 		}
-		if (si->token.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
-			verbose("Deferring PIN entry to reader keypad.");
-		else {
-			snprintf(prompt, sizeof(prompt),
-			    "Enter PIN for '%s': ", si->token.label);
-			pin = read_passphrase(prompt, RP_ALLOW_EOF);
-			if (pin == NULL)
-				return (-1);	/* bail out */
-		}
-		rv = f->C_Login(si->session, CKU_USER, (u_char *)pin,
-		    (pin != NULL) ? strlen(pin) : 0);
-		if (pin != NULL) {
-			explicit_bzero(pin, strlen(pin));
-			free(pin);
-		}
-		if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
-			error("C_Login failed: %lu", rv);
-			return (-1);
-		}
-		si->logged_in = 1;
+		did_login = 1;
 	}
+
+	memset(&key_filter, 0, sizeof(key_filter));
+	private_key_class = CKO_PRIVATE_KEY;
+	key_filter[0].type = CKA_CLASS;
+	key_filter[0].pValue = &private_key_class;
+	key_filter[0].ulValueLen = sizeof(private_key_class);
+
+	key_filter[1].type = CKA_ID;
 	key_filter[1].pValue = k11->keyid;
 	key_filter[1].ulValueLen = k11->keyid_len;
+
+	true_val = CK_TRUE;
+	key_filter[2].type = CKA_SIGN;
+	key_filter[2].pValue = &true_val;
+	key_filter[2].ulValueLen = sizeof(true_val);
+
 	/* try to find object w/CKA_SIGN first, retry w/o */
 	if (pkcs11_find(k11->provider, k11->slotidx, key_filter, 3, &obj) < 0 &&
 	    pkcs11_find(k11->provider, k11->slotidx, key_filter, 2, &obj) < 0) {
 		error("cannot find private key");
-	} else if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {
+		return (-1);
+	}
+
+	memset(&mech, 0, sizeof(mech));
+	mech.mechanism = mech_type;
+	mech.pParameter = NULL_PTR;
+	mech.ulParameterLen = 0;
+
+	if ((rv = f->C_SignInit(si->session, &mech, obj)) != CKR_OK) {
 		error("C_SignInit failed: %lu", rv);
-	} else {
-		/* XXX handle CKR_BUFFER_TOO_SMALL */
-		tlen = RSA_size(rsa);
-		rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen);
-		if (rv == CKR_OK) 
-			rval = tlen;
-		else 
-			error("C_Sign failed: %lu", rv);
+		return (-1);
 	}
+
+	pkcs11_check_obj_bool_attrib(k11, obj, CKA_ALWAYS_AUTHENTICATE,
+	    &always_auth); /* ignore errors here */
+	if (always_auth && !did_login) {
+		debug("%s: always-auth key", __func__);
+		if (pkcs11_login(k11, CKU_CONTEXT_SPECIFIC) < 0) {
+			error("login failed for always-auth key");
+			return (-1);
+		}
+	}
+
+	return (0);
+}
+
+/* openssl callback doing the actual signing operation */
+static int
+pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
+    int padding)
+{
+	struct pkcs11_key	*k11;
+	struct pkcs11_slotinfo	*si;
+	CK_FUNCTION_LIST	*f;
+	CK_ULONG		tlen = 0;
+	CK_RV			rv;
+	int			rval = -1;
+
+	if ((k11 = RSA_get_ex_data(rsa, rsa_idx)) == NULL) {
+		error("RSA_get_ex_data failed for rsa %p", rsa);
+		return (-1);
+	}
+
+	if (pkcs11_get_key(k11, CKM_RSA_PKCS) == -1) {
+		error("pkcs11_get_key failed");
+		return (-1);
+	}
+
+	f = k11->provider->function_list;
+	si = &k11->provider->slotinfo[k11->slotidx];
+	tlen = RSA_size(rsa);
+
+	/* XXX handle CKR_BUFFER_TOO_SMALL */
+	rv = f->C_Sign(si->session, (CK_BYTE *)from, flen, to, &tlen);
+	if (rv == CKR_OK)
+		rval = tlen;
+	else
+		error("C_Sign failed: %lu", rv);
+
 	return (rval);
 }
 
@@ -310,14 +445,37 @@
 	return (-1);
 }
 
+static int
+pkcs11_rsa_start_wrapper(void)
+{
+	if (rsa_method != NULL)
+		return (0);
+	rsa_method = RSA_meth_dup(RSA_get_default_method());
+	if (rsa_method == NULL)
+		return (-1);
+	rsa_idx = RSA_get_ex_new_index(0, "ssh-pkcs11-rsa",
+	    NULL, NULL, pkcs11_k11_free);
+	if (rsa_idx == -1)
+		return (-1);
+	if (!RSA_meth_set1_name(rsa_method, "pkcs11") ||
+	    !RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) ||
+	    !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) {
+		error("%s: setup pkcs11 method failed", __func__);
+		return (-1);
+	}
+	return (0);
+}
+
 /* redirect private key operations for rsa key to pkcs11 token */
 static int
 pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
     CK_ATTRIBUTE *keyid_attrib, RSA *rsa)
 {
 	struct pkcs11_key	*k11;
-	const RSA_METHOD	*def = RSA_get_default_method();
 
+	if (pkcs11_rsa_start_wrapper() == -1)
+		return (-1);
+
 	k11 = xcalloc(1, sizeof(*k11));
 	k11->provider = provider;
 	provider->refcount++;	/* provider referenced by RSA key */
@@ -328,22 +486,126 @@
 		k11->keyid = xmalloc(k11->keyid_len);
 		memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
 	}
-	k11->rsa_method = RSA_meth_dup(def);
-	if (k11->rsa_method == NULL)
-		fatal("%s: RSA_meth_dup failed", __func__);
-	k11->orig_finish = RSA_meth_get_finish(def);
-	if (!RSA_meth_set1_name(k11->rsa_method, "pkcs11") ||
-	    !RSA_meth_set_priv_enc(k11->rsa_method,
-	    pkcs11_rsa_private_encrypt) ||
-	    !RSA_meth_set_priv_dec(k11->rsa_method,
-	    pkcs11_rsa_private_decrypt) ||
-	    !RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish))
-		fatal("%s: setup pkcs11 method failed", __func__);
-	RSA_set_method(rsa, k11->rsa_method);
-	RSA_set_app_data(rsa, k11);
+
+	RSA_set_method(rsa, rsa_method);
+	RSA_set_ex_data(rsa, rsa_idx, k11);
 	return (0);
 }
 
+#ifdef HAVE_EC_KEY_METHOD_NEW
+/* openssl callback doing the actual signing operation */
+static ECDSA_SIG *
+ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
+    const BIGNUM *rp, EC_KEY *ec)
+{
+	struct pkcs11_key	*k11;
+	struct pkcs11_slotinfo	*si;
+	CK_FUNCTION_LIST	*f;
+	CK_ULONG		siglen = 0, bnlen;
+	CK_RV			rv;
+	ECDSA_SIG		*ret = NULL;
+	u_char			*sig;
+	BIGNUM			*r = NULL, *s = NULL;
+
+	if ((k11 = EC_KEY_get_ex_data(ec, ec_key_idx)) == NULL) {
+		ossl_error("EC_KEY_get_key_method_data failed for ec");
+		return (NULL);
+	}
+
+	if (pkcs11_get_key(k11, CKM_ECDSA) == -1) {
+		error("pkcs11_get_key failed");
+		return (NULL);
+	}
+
+	f = k11->provider->function_list;
+	si = &k11->provider->slotinfo[k11->slotidx];
+
+	siglen = ECDSA_size(ec);
+	sig = xmalloc(siglen);
+
+	/* XXX handle CKR_BUFFER_TOO_SMALL */
+	rv = f->C_Sign(si->session, (CK_BYTE *)dgst, dgst_len, sig, &siglen);
+	if (rv != CKR_OK) {
+		error("C_Sign failed: %lu", rv);
+		goto done;
+	}
+	if (siglen < 64 || siglen > 132 || siglen % 2) {
+		ossl_error("d2i_ECDSA_SIG failed");
+		goto done;
+	}
+	bnlen = siglen/2;
+	if ((ret = ECDSA_SIG_new()) == NULL) {
+		error("ECDSA_SIG_new failed");
+		goto done;
+	}
+	if ((r = BN_bin2bn(sig, bnlen, NULL)) == NULL ||
+	    (s = BN_bin2bn(sig+bnlen, bnlen, NULL)) == NULL) {
+		ossl_error("d2i_ECDSA_SIG failed");
+		ECDSA_SIG_free(ret);
+		ret = NULL;
+		goto done;
+	}
+	if (!ECDSA_SIG_set0(ret, r, s)) {
+		error("%s: ECDSA_SIG_set0 failed", __func__);
+		ECDSA_SIG_free(ret);
+		ret = NULL;
+		goto done;
+	}
+	r = s = NULL; /* now owned by ret */
+	/* success */
+ done:
+	BN_free(r);
+	BN_free(s);
+	free(sig);
+
+	return (ret);
+}
+
+static int
+pkcs11_ecdsa_start_wrapper(void)
+{
+	int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
+	    unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
+
+	if (ec_key_method != NULL)
+		return (0);
+	ec_key_idx = EC_KEY_get_ex_new_index(0, "ssh-pkcs11-ecdsa",
+	    NULL, NULL, pkcs11_k11_free);
+	if (ec_key_idx == -1)
+		return (-1);
+	ec_key_method = EC_KEY_METHOD_new(EC_KEY_OpenSSL());
+	if (ec_key_method == NULL)
+		return (-1);
+	EC_KEY_METHOD_get_sign(ec_key_method, &orig_sign, NULL, NULL);
+	EC_KEY_METHOD_set_sign(ec_key_method, orig_sign, NULL, ecdsa_do_sign);
+	return (0);
+}
+
+static int
+pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
+    CK_ATTRIBUTE *keyid_attrib, EC_KEY *ec)
+{
+	struct pkcs11_key	*k11;
+
+	if (pkcs11_ecdsa_start_wrapper() == -1)
+		return (-1);
+
+	k11 = xcalloc(1, sizeof(*k11));
+	k11->provider = provider;
+	provider->refcount++;	/* provider referenced by ECDSA key */
+	k11->slotidx = slotidx;
+	/* identify key object on smartcard */
+	k11->keyid_len = keyid_attrib->ulValueLen;
+	k11->keyid = xmalloc(k11->keyid_len);
+	memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
+
+	EC_KEY_set_method(ec, ec_key_method);
+	EC_KEY_set_ex_data(ec, ec_key_idx, k11);
+
+	return (0);
+}
+#endif /* HAVE_EC_KEY_METHOD_NEW */
+
 /* remove trailing spaces */
 static void
 rmspace(u_char *buf, size_t len)
@@ -364,83 +626,49 @@
  * if pin == NULL we delay login until key use
  */
 static int
-pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin)
+pkcs11_open_session(struct pkcs11_provider *p, CK_ULONG slotidx, char *pin,
+    CK_ULONG user)
 {
-	CK_RV			rv;
+	struct pkcs11_slotinfo	*si;
 	CK_FUNCTION_LIST	*f;
+	CK_RV			rv;
 	CK_SESSION_HANDLE	session;
-	int			login_required;
+	int			login_required, ret;
 
 	f = p->function_list;
-	login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED;
-	if (pin && login_required && !strlen(pin)) {
+	si = &p->slotinfo[slotidx];
+
+	login_required = si->token.flags & CKF_LOGIN_REQUIRED;
+
+	/* fail early before opening session */
+	if (login_required && !pkcs11_interactive &&
+	    (pin == NULL || strlen(pin) == 0)) {
 		error("pin required");
-		return (-1);
+		return (-SSH_PKCS11_ERR_PIN_REQUIRED);
 	}
 	if ((rv = f->C_OpenSession(p->slotlist[slotidx], CKF_RW_SESSION|
-	    CKF_SERIAL_SESSION, NULL, NULL, &session))
-	    != CKR_OK) {
+	    CKF_SERIAL_SESSION, NULL, NULL, &session)) != CKR_OK) {
 		error("C_OpenSession failed: %lu", rv);
 		return (-1);
 	}
-	if (login_required && pin) {
-		rv = f->C_Login(session, CKU_USER,
-		    (u_char *)pin, strlen(pin));
+	if (login_required && pin != NULL && strlen(pin) != 0) {
+		rv = f->C_Login(session, user, (u_char *)pin, strlen(pin));
 		if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) {
 			error("C_Login failed: %lu", rv);
+			ret = (rv == CKR_PIN_LOCKED) ?
+			    -SSH_PKCS11_ERR_PIN_LOCKED :
+			    -SSH_PKCS11_ERR_LOGIN_FAIL;
 			if ((rv = f->C_CloseSession(session)) != CKR_OK)
 				error("C_CloseSession failed: %lu", rv);
-			return (-1);
+			return (ret);
 		}
-		p->slotinfo[slotidx].logged_in = 1;
+		si->logged_in = 1;
 	}
-	p->slotinfo[slotidx].session = session;
+	si->session = session;
 	return (0);
 }
 
-/*
- * lookup public keys for token in slot identified by slotidx,
- * add 'wrapped' public keys to the 'keysp' array and increment nkeys.
- * keysp points to an (possibly empty) array with *nkeys keys.
- */
-static int pkcs11_fetch_keys_filter(struct pkcs11_provider *, CK_ULONG,
-    CK_ATTRIBUTE [], CK_ATTRIBUTE [3], struct sshkey ***, int *)
-	__attribute__((__bounded__(__minbytes__,4, 3 * sizeof(CK_ATTRIBUTE))));
-
 static int
-pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
-    struct sshkey ***keysp, int *nkeys)
-{
-	CK_OBJECT_CLASS	pubkey_class = CKO_PUBLIC_KEY;
-	CK_OBJECT_CLASS	cert_class = CKO_CERTIFICATE;
-	CK_ATTRIBUTE		pubkey_filter[] = {
-		{ CKA_CLASS, NULL, sizeof(pubkey_class) }
-	};
-	CK_ATTRIBUTE		cert_filter[] = {
-		{ CKA_CLASS, NULL, sizeof(cert_class) }
-	};
-	CK_ATTRIBUTE		pubkey_attribs[] = {
-		{ CKA_ID, NULL, 0 },
-		{ CKA_MODULUS, NULL, 0 },
-		{ CKA_PUBLIC_EXPONENT, NULL, 0 }
-	};
-	CK_ATTRIBUTE		cert_attribs[] = {
-		{ CKA_ID, NULL, 0 },
-		{ CKA_SUBJECT, NULL, 0 },
-		{ CKA_VALUE, NULL, 0 }
-	};
-	pubkey_filter[0].pValue = &pubkey_class;
-	cert_filter[0].pValue = &cert_class;
-
-	if (pkcs11_fetch_keys_filter(p, slotidx, pubkey_filter, pubkey_attribs,
-	    keysp, nkeys) < 0 ||
-	    pkcs11_fetch_keys_filter(p, slotidx, cert_filter, cert_attribs,
-	    keysp, nkeys) < 0)
-		return (-1);
-	return (0);
-}
-
-static int
 pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key)
 {
 	int i;
@@ -451,6 +679,368 @@
 	return (0);
 }
 
+#ifdef HAVE_EC_KEY_METHOD_NEW
+static struct sshkey *
+pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
+    CK_OBJECT_HANDLE *obj)
+{
+	CK_ATTRIBUTE		 key_attr[3];
+	CK_SESSION_HANDLE	 session;
+	CK_FUNCTION_LIST	*f = NULL;
+	CK_RV			 rv;
+	ASN1_OCTET_STRING	*octet = NULL;
+	EC_KEY			*ec = NULL;
+	EC_GROUP		*group = NULL;
+	struct sshkey		*key = NULL;
+	const unsigned char	*attrp = NULL;
+	int			 i;
+	int			 nid;
+
+	memset(&key_attr, 0, sizeof(key_attr));
+	key_attr[0].type = CKA_ID;
+	key_attr[1].type = CKA_EC_POINT;
+	key_attr[2].type = CKA_EC_PARAMS;
+
+	session = p->slotinfo[slotidx].session;
+	f = p->function_list;
+
+	/* figure out size of the attributes */
+	rv = f->C_GetAttributeValue(session, *obj, key_attr, 3);
+	if (rv != CKR_OK) {
+		error("C_GetAttributeValue failed: %lu", rv);
+		return (NULL);
+	}
+
+	/*
+	 * Allow CKA_ID (always first attribute) to be empty, but
+	 * ensure that none of the others are zero length.
+	 * XXX assumes CKA_ID is always first.
+	 */
+	if (key_attr[1].ulValueLen == 0 ||
+	    key_attr[2].ulValueLen == 0) {
+		error("invalid attribute length");
+		return (NULL);
+	}
+
+	/* allocate buffers for attributes */
+	for (i = 0; i < 3; i++)
+		if (key_attr[i].ulValueLen > 0)
+			key_attr[i].pValue = xcalloc(1, key_attr[i].ulValueLen);
+
+	/* retrieve ID, public point and curve parameters of EC key */
+	rv = f->C_GetAttributeValue(session, *obj, key_attr, 3);
+	if (rv != CKR_OK) {
+		error("C_GetAttributeValue failed: %lu", rv);
+		goto fail;
+	}
+
+	ec = EC_KEY_new();
+	if (ec == NULL) {
+		error("EC_KEY_new failed");
+		goto fail;
+	}
+
+	attrp = key_attr[2].pValue;
+	group = d2i_ECPKParameters(NULL, &attrp, key_attr[2].ulValueLen);
+	if (group == NULL) {
+		ossl_error("d2i_ECPKParameters failed");
+		goto fail;
+	}
+
+	if (EC_KEY_set_group(ec, group) == 0) {
+		ossl_error("EC_KEY_set_group failed");
+		goto fail;
+	}
+
+	if (key_attr[1].ulValueLen <= 2) {
+		error("CKA_EC_POINT too small");
+		goto fail;
+	}
+
+	attrp = key_attr[1].pValue;
+	octet = d2i_ASN1_OCTET_STRING(NULL, &attrp, key_attr[1].ulValueLen);
+	if (octet == NULL) {
+		ossl_error("d2i_ASN1_OCTET_STRING failed");
+		goto fail;
+	}
+	attrp = octet->data;
+	if (o2i_ECPublicKey(&ec, &attrp, octet->length) == NULL) {
+		ossl_error("o2i_ECPublicKey failed");
+		goto fail;
+	}
+
+	nid = sshkey_ecdsa_key_to_nid(ec);
+	if (nid < 0) {
+		error("couldn't get curve nid");
+		goto fail;
+	}
+
+	if (pkcs11_ecdsa_wrap(p, slotidx, &key_attr[0], ec))
+		goto fail;
+
+	key = sshkey_new(KEY_UNSPEC);
+	if (key == NULL) {
+		error("sshkey_new failed");
+		goto fail;
+	}
+
+	key->ecdsa = ec;
+	key->ecdsa_nid = nid;
+	key->type = KEY_ECDSA;
+	key->flags |= SSHKEY_FLAG_EXT;
+	ec = NULL;	/* now owned by key */
+
+fail:
+	for (i = 0; i < 3; i++)
+		free(key_attr[i].pValue);
+	if (ec)
+		EC_KEY_free(ec);
+	if (group)
+		EC_GROUP_free(group);
+	if (octet)
+		ASN1_OCTET_STRING_free(octet);
+
+	return (key);
+}
+#endif /* HAVE_EC_KEY_METHOD_NEW */
+
+static struct sshkey *
+pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
+    CK_OBJECT_HANDLE *obj)
+{
+	CK_ATTRIBUTE		 key_attr[3];
+	CK_SESSION_HANDLE	 session;
+	CK_FUNCTION_LIST	*f = NULL;
+	CK_RV			 rv;
+	RSA			*rsa = NULL;
+	BIGNUM			*rsa_n, *rsa_e;
+	struct sshkey		*key = NULL;
+	int			 i;
+
+	memset(&key_attr, 0, sizeof(key_attr));
+	key_attr[0].type = CKA_ID;
+	key_attr[1].type = CKA_MODULUS;
+	key_attr[2].type = CKA_PUBLIC_EXPONENT;
+
+	session = p->slotinfo[slotidx].session;
+	f = p->function_list;
+
+	/* figure out size of the attributes */
+	rv = f->C_GetAttributeValue(session, *obj, key_attr, 3);
+	if (rv != CKR_OK) {
+		error("C_GetAttributeValue failed: %lu", rv);
+		return (NULL);
+	}
+
+	/*
+	 * Allow CKA_ID (always first attribute) to be empty, but
+	 * ensure that none of the others are zero length.
+	 * XXX assumes CKA_ID is always first.
+	 */
+	if (key_attr[1].ulValueLen == 0 ||
+	    key_attr[2].ulValueLen == 0) {
+		error("invalid attribute length");
+		return (NULL);
+	}
+
+	/* allocate buffers for attributes */
+	for (i = 0; i < 3; i++)
+		if (key_attr[i].ulValueLen > 0)
+			key_attr[i].pValue = xcalloc(1, key_attr[i].ulValueLen);
+
+	/* retrieve ID, modulus and public exponent of RSA key */
+	rv = f->C_GetAttributeValue(session, *obj, key_attr, 3);
+	if (rv != CKR_OK) {
+		error("C_GetAttributeValue failed: %lu", rv);
+		goto fail;
+	}
+
+	rsa = RSA_new();
+	if (rsa == NULL) {
+		error("RSA_new failed");
+		goto fail;
+	}
+
+	rsa_n = BN_bin2bn(key_attr[1].pValue, key_attr[1].ulValueLen, NULL);
+	rsa_e = BN_bin2bn(key_attr[2].pValue, key_attr[2].ulValueLen, NULL);
+	if (rsa_n == NULL || rsa_e == NULL) {
+		error("BN_bin2bn failed");
+		goto fail;
+	}
+	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL))
+		fatal("%s: set key", __func__);
+	rsa_n = rsa_e = NULL; /* transferred */
+
+	if (pkcs11_rsa_wrap(p, slotidx, &key_attr[0], rsa))
+		goto fail;
+
+	key = sshkey_new(KEY_UNSPEC);
+	if (key == NULL) {
+		error("sshkey_new failed");
+		goto fail;
+	}
+
+	key->rsa = rsa;
+	key->type = KEY_RSA;
+	key->flags |= SSHKEY_FLAG_EXT;
+	rsa = NULL;	/* now owned by key */
+
+fail:
+	for (i = 0; i < 3; i++)
+		free(key_attr[i].pValue);
+	RSA_free(rsa);
+
+	return (key);
+}
+
+static struct sshkey *
+pkcs11_fetch_x509_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
+    CK_OBJECT_HANDLE *obj)
+{
+	CK_ATTRIBUTE		 cert_attr[3];
+	CK_SESSION_HANDLE	 session;
+	CK_FUNCTION_LIST	*f = NULL;
+	CK_RV			 rv;
+	X509			*x509 = NULL;
+	EVP_PKEY		*evp;
+	RSA			*rsa = NULL;
+#ifdef OPENSSL_HAS_ECC
+	EC_KEY			*ec = NULL;
+#endif
+	struct sshkey		*key = NULL;
+	int			 i;
+#ifdef HAVE_EC_KEY_METHOD_NEW
+	int			 nid;
+#endif
+	const u_char		 *cp;
+
+	memset(&cert_attr, 0, sizeof(cert_attr));
+	cert_attr[0].type = CKA_ID;
+	cert_attr[1].type = CKA_SUBJECT;
+	cert_attr[2].type = CKA_VALUE;
+
+	session = p->slotinfo[slotidx].session;
+	f = p->function_list;
+
+	/* figure out size of the attributes */
+	rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3);
+	if (rv != CKR_OK) {
+		error("C_GetAttributeValue failed: %lu", rv);
+		return (NULL);
+	}
+
+	/*
+	 * Allow CKA_ID (always first attribute) to be empty, but
+	 * ensure that none of the others are zero length.
+	 * XXX assumes CKA_ID is always first.
+	 */
+	if (cert_attr[1].ulValueLen == 0 ||
+	    cert_attr[2].ulValueLen == 0) {
+		error("invalid attribute length");
+		return (NULL);
+	}
+
+	/* allocate buffers for attributes */
+	for (i = 0; i < 3; i++)
+		if (cert_attr[i].ulValueLen > 0)
+			cert_attr[i].pValue = xcalloc(1, cert_attr[i].ulValueLen);
+
+	/* retrieve ID, subject and value of certificate */
+	rv = f->C_GetAttributeValue(session, *obj, cert_attr, 3);
+	if (rv != CKR_OK) {
+		error("C_GetAttributeValue failed: %lu", rv);
+		goto fail;
+	}
+
+	x509 = X509_new();
+	if (x509 == NULL) {
+		error("x509_new failed");
+		goto fail;
+	}
+
+	cp = cert_attr[2].pValue;
+	if (d2i_X509(&x509, &cp, cert_attr[2].ulValueLen) == NULL) {
+		error("d2i_x509 failed");
+		goto fail;
+	}
+
+	evp = X509_get_pubkey(x509);
+	if (evp == NULL) {
+		error("X509_get_pubkey failed");
+		goto fail;
+	}
+
+	if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) {
+		if (EVP_PKEY_get0_RSA(evp) == NULL) {
+			error("invalid x509; no rsa key");
+			goto fail;
+		}
+		if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) == NULL) {
+			error("RSAPublicKey_dup failed");
+			goto fail;
+		}
+
+		if (pkcs11_rsa_wrap(p, slotidx, &cert_attr[0], rsa))
+			goto fail;
+
+		key = sshkey_new(KEY_UNSPEC);
+		if (key == NULL) {
+			error("sshkey_new failed");
+			goto fail;
+		}
+
+		key->rsa = rsa;
+		key->type = KEY_RSA;
+		key->flags |= SSHKEY_FLAG_EXT;
+		rsa = NULL;	/* now owned by key */
+#ifdef HAVE_EC_KEY_METHOD_NEW
+	} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
+		if (EVP_PKEY_get0_EC_KEY(evp) == NULL) {
+			error("invalid x509; no ec key");
+			goto fail;
+		}
+		if ((ec = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(evp))) == NULL) {
+			error("EC_KEY_dup failed");
+			goto fail;
+		}
+
+		nid = sshkey_ecdsa_key_to_nid(ec);
+		if (nid < 0) {
+			error("couldn't get curve nid");
+			goto fail;
+		}
+
+		if (pkcs11_ecdsa_wrap(p, slotidx, &cert_attr[0], ec))
+			goto fail;
+
+		key = sshkey_new(KEY_UNSPEC);
+		if (key == NULL) {
+			error("sshkey_new failed");
+			goto fail;
+		}
+
+		key->ecdsa = ec;
+		key->ecdsa_nid = nid;
+		key->type = KEY_ECDSA;
+		key->flags |= SSHKEY_FLAG_EXT;
+		ec = NULL;	/* now owned by key */
+#endif /* HAVE_EC_KEY_METHOD_NEW */
+	} else
+		error("unknown certificate key type");
+
+fail:
+	for (i = 0; i < 3; i++)
+		free(cert_attr[i].pValue);
+	X509_free(x509);
+	RSA_free(rsa);
+#ifdef OPENSSL_HAS_ECC
+	EC_KEY_free(ec);
+#endif
+
+	return (key);
+}
+
+#if 0
 static int
 have_rsa_key(const RSA *rsa)
 {
@@ -459,140 +1049,402 @@
 	RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);
 	return rsa_n != NULL && rsa_e != NULL;
 }
+#endif
 
+/*
+ * lookup certificates for token in slot identified by slotidx,
+ * add 'wrapped' public keys to the 'keysp' array and increment nkeys.
+ * keysp points to an (possibly empty) array with *nkeys keys.
+ */
 static int
-pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
-    CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3],
+pkcs11_fetch_certs(struct pkcs11_provider *p, CK_ULONG slotidx,
     struct sshkey ***keysp, int *nkeys)
 {
-	struct sshkey		*key;
-	RSA			*rsa;
-	X509 			*x509;
-	EVP_PKEY		*evp;
-	int			i;
-	const u_char		*cp;
-	CK_RV			rv;
-	CK_OBJECT_HANDLE	obj;
-	CK_ULONG		nfound;
-	CK_SESSION_HANDLE	session;
-	CK_FUNCTION_LIST	*f;
+	struct sshkey		*key = NULL;
+	CK_OBJECT_CLASS		 key_class;
+	CK_ATTRIBUTE		 key_attr[1];
+	CK_SESSION_HANDLE	 session;
+	CK_FUNCTION_LIST	*f = NULL;
+	CK_RV			 rv;
+	CK_OBJECT_HANDLE	 obj;
+	CK_ULONG		 n = 0;
+	int			 ret = -1;
 
-	f = p->function_list;
+	memset(&key_attr, 0, sizeof(key_attr));
+	memset(&obj, 0, sizeof(obj));
+
+	key_class = CKO_CERTIFICATE;
+	key_attr[0].type = CKA_CLASS;
+	key_attr[0].pValue = &key_class;
+	key_attr[0].ulValueLen = sizeof(key_class);
+
 	session = p->slotinfo[slotidx].session;
-	/* setup a filter the looks for public keys */
-	if ((rv = f->C_FindObjectsInit(session, filter, 1)) != CKR_OK) {
+	f = p->function_list;
+
+	rv = f->C_FindObjectsInit(session, key_attr, 1);
+	if (rv != CKR_OK) {
 		error("C_FindObjectsInit failed: %lu", rv);
-		return (-1);
+		goto fail;
 	}
+
 	while (1) {
-		/* XXX 3 attributes in attribs[] */
-		for (i = 0; i < 3; i++) {
-			attribs[i].pValue = NULL;
-			attribs[i].ulValueLen = 0;
+		CK_CERTIFICATE_TYPE	ck_cert_type;
+
+		rv = f->C_FindObjects(session, &obj, 1, &n);
+		if (rv != CKR_OK) {
+			error("C_FindObjects failed: %lu", rv);
+			goto fail;
 		}
-		if ((rv = f->C_FindObjects(session, &obj, 1, &nfound)) != CKR_OK
-		    || nfound == 0)
+		if (n == 0)
 			break;
-		/* found a key, so figure out size of the attributes */
-		if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
-		    != CKR_OK) {
+
+		memset(&ck_cert_type, 0, sizeof(ck_cert_type));
+		memset(&key_attr, 0, sizeof(key_attr));
+		key_attr[0].type = CKA_CERTIFICATE_TYPE;
+		key_attr[0].pValue = &ck_cert_type;
+		key_attr[0].ulValueLen = sizeof(ck_cert_type);
+
+		rv = f->C_GetAttributeValue(session, obj, key_attr, 1);
+		if (rv != CKR_OK) {
 			error("C_GetAttributeValue failed: %lu", rv);
-			continue;
+			goto fail;
 		}
-		/*
-		 * Allow CKA_ID (always first attribute) to be empty, but
-		 * ensure that none of the others are zero length.
-		 * XXX assumes CKA_ID is always first.
-		 */
-		if (attribs[1].ulValueLen == 0 ||
-		    attribs[2].ulValueLen == 0) {
+
+		switch (ck_cert_type) {
+		case CKC_X_509:
+			key = pkcs11_fetch_x509_pubkey(p, slotidx, &obj);
+			break;
+		default:
+			/* XXX print key type? */
+			key = NULL;
+			error("skipping unsupported certificate type");
+		}
+
+		if (key == NULL) {
+			error("failed to fetch key");
 			continue;
 		}
-		/* allocate buffers for attributes */
-		for (i = 0; i < 3; i++) {
-			if (attribs[i].ulValueLen > 0) {
-				attribs[i].pValue = xmalloc(
-				    attribs[i].ulValueLen);
-			}
+
+		if (pkcs11_key_included(keysp, nkeys, key)) {
+			sshkey_free(key);
+		} else {
+			/* expand key array and add key */
+			*keysp = xrecallocarray(*keysp, *nkeys,
+			    *nkeys + 1, sizeof(struct sshkey *));
+			(*keysp)[*nkeys] = key;
+			*nkeys = *nkeys + 1;
+			debug("have %d keys", *nkeys);
 		}
+	}
 
-		/*
-		 * retrieve ID, modulus and public exponent of RSA key,
-		 * or ID, subject and value for certificates.
-		 */
-		rsa = NULL;
-		if ((rv = f->C_GetAttributeValue(session, obj, attribs, 3))
-		    != CKR_OK) {
+	ret = 0;
+fail:
+	rv = f->C_FindObjectsFinal(session);
+	if (rv != CKR_OK) {
+		error("C_FindObjectsFinal failed: %lu", rv);
+		ret = -1;
+	}
+
+	return (ret);
+}
+
+/*
+ * lookup public keys for token in slot identified by slotidx,
+ * add 'wrapped' public keys to the 'keysp' array and increment nkeys.
+ * keysp points to an (possibly empty) array with *nkeys keys.
+ */
+static int
+pkcs11_fetch_keys(struct pkcs11_provider *p, CK_ULONG slotidx,
+    struct sshkey ***keysp, int *nkeys)
+{
+	struct sshkey		*key = NULL;
+	CK_OBJECT_CLASS		 key_class;
+	CK_ATTRIBUTE		 key_attr[1];
+	CK_SESSION_HANDLE	 session;
+	CK_FUNCTION_LIST	*f = NULL;
+	CK_RV			 rv;
+	CK_OBJECT_HANDLE	 obj;
+	CK_ULONG		 n = 0;
+	int			 ret = -1;
+
+	memset(&key_attr, 0, sizeof(key_attr));
+	memset(&obj, 0, sizeof(obj));
+
+	key_class = CKO_PUBLIC_KEY;
+	key_attr[0].type = CKA_CLASS;
+	key_attr[0].pValue = &key_class;
+	key_attr[0].ulValueLen = sizeof(key_class);
+
+	session = p->slotinfo[slotidx].session;
+	f = p->function_list;
+
+	rv = f->C_FindObjectsInit(session, key_attr, 1);
+	if (rv != CKR_OK) {
+		error("C_FindObjectsInit failed: %lu", rv);
+		goto fail;
+	}
+
+	while (1) {
+		CK_KEY_TYPE	ck_key_type;
+
+		rv = f->C_FindObjects(session, &obj, 1, &n);
+		if (rv != CKR_OK) {
+			error("C_FindObjects failed: %lu", rv);
+			goto fail;
+		}
+		if (n == 0)
+			break;
+
+		memset(&ck_key_type, 0, sizeof(ck_key_type));
+		memset(&key_attr, 0, sizeof(key_attr));
+		key_attr[0].type = CKA_KEY_TYPE;
+		key_attr[0].pValue = &ck_key_type;
+		key_attr[0].ulValueLen = sizeof(ck_key_type);
+
+		rv = f->C_GetAttributeValue(session, obj, key_attr, 1);
+		if (rv != CKR_OK) {
 			error("C_GetAttributeValue failed: %lu", rv);
-		} else if (attribs[1].type == CKA_MODULUS ) {
-			if ((rsa = RSA_new()) == NULL) {
-				error("RSA_new failed");
-			} else {
-				BIGNUM *rsa_n, *rsa_e;
+			goto fail;
+		}
 
-				rsa_n = BN_bin2bn(attribs[1].pValue,
-				    attribs[1].ulValueLen, NULL);
-				rsa_e = BN_bin2bn(attribs[2].pValue,
-				    attribs[2].ulValueLen, NULL);
-				if (rsa_n != NULL && rsa_e != NULL) {
-					if (!RSA_set0_key(rsa,
-					    rsa_n, rsa_e, NULL))
-						fatal("%s: set key", __func__);
-					rsa_n = rsa_e = NULL; /* transferred */
-				}
-				BN_free(rsa_n);
-				BN_free(rsa_e);
-			}
-		} else {
-			cp = attribs[2].pValue;
-			if ((x509 = X509_new()) == NULL) {
-				error("X509_new failed");
-			} else if (d2i_X509(&x509, &cp, attribs[2].ulValueLen)
-			    == NULL) {
-				error("d2i_X509 failed");
-			} else if ((evp = X509_get_pubkey(x509)) == NULL ||
-			    EVP_PKEY_base_id(evp) != EVP_PKEY_RSA ||
-			    EVP_PKEY_get0_RSA(evp) == NULL) {
-				debug("X509_get_pubkey failed or no rsa");
-			} else if ((rsa = RSAPublicKey_dup(
-			    EVP_PKEY_get0_RSA(evp))) == NULL) {
-				error("RSAPublicKey_dup");
-			}
-			X509_free(x509);
+		switch (ck_key_type) {
+		case CKK_RSA:
+			key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj);
+			break;
+#ifdef HAVE_EC_KEY_METHOD_NEW
+		case CKK_ECDSA:
+			key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj);
+			break;
+#endif /* HAVE_EC_KEY_METHOD_NEW */
+		default:
+			/* XXX print key type? */
+			key = NULL;
+			error("skipping unsupported key type");
 		}
-		if (rsa && have_rsa_key(rsa) &&
-		    pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
-			if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
-				fatal("sshkey_new failed");
-			key->rsa = rsa;
-			key->type = KEY_RSA;
-			key->flags |= SSHKEY_FLAG_EXT;
-			if (pkcs11_key_included(keysp, nkeys, key)) {
-				sshkey_free(key);
-			} else {
-				/* expand key array and add key */
-				*keysp = xrecallocarray(*keysp, *nkeys,
-				    *nkeys + 1, sizeof(struct sshkey *));
-				(*keysp)[*nkeys] = key;
-				*nkeys = *nkeys + 1;
-				debug("have %d keys", *nkeys);
-			}
-		} else if (rsa) {
-			RSA_free(rsa);
+
+		if (key == NULL) {
+			error("failed to fetch key");
+			continue;
 		}
-		for (i = 0; i < 3; i++)
-			free(attribs[i].pValue);
+
+		if (pkcs11_key_included(keysp, nkeys, key)) {
+			sshkey_free(key);
+		} else {
+			/* expand key array and add key */
+			*keysp = xrecallocarray(*keysp, *nkeys,
+			    *nkeys + 1, sizeof(struct sshkey *));
+			(*keysp)[*nkeys] = key;
+			*nkeys = *nkeys + 1;
+			debug("have %d keys", *nkeys);
+		}
 	}
-	if ((rv = f->C_FindObjectsFinal(session)) != CKR_OK)
+
+	ret = 0;
+fail:
+	rv = f->C_FindObjectsFinal(session);
+	if (rv != CKR_OK) {
 		error("C_FindObjectsFinal failed: %lu", rv);
-	return (0);
+		ret = -1;
+	}
+
+	return (ret);
 }
 
-/* register a new provider, fails if provider already exists */
-int
-pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)
+#ifdef WITH_PKCS11_KEYGEN
+#define FILL_ATTR(attr, idx, typ, val, len) \
+	{ (attr[idx]).type=(typ); (attr[idx]).pValue=(val); (attr[idx]).ulValueLen=len; idx++; }
+
+static struct sshkey *
+pkcs11_rsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx,
+    char *label, CK_ULONG bits, CK_BYTE keyid, u_int32_t *err)
 {
+	struct pkcs11_slotinfo	*si;
+	char			*plabel = label ? label : "";
+	int			 npub = 0, npriv = 0;
+	CK_RV			 rv;
+	CK_FUNCTION_LIST	*f;
+	CK_SESSION_HANDLE	 session;
+	CK_BBOOL		 true_val = CK_TRUE, false_val = CK_FALSE;
+	CK_OBJECT_HANDLE	 pubKey, privKey;
+	CK_ATTRIBUTE		 tpub[16], tpriv[16];
+	CK_MECHANISM		 mech = {
+	    CKM_RSA_PKCS_KEY_PAIR_GEN, NULL_PTR, 0
+	};
+	CK_BYTE			 pubExponent[] = {
+	    0x01, 0x00, 0x01 /* RSA_F4 in bytes */
+	};
+	pubkey_filter[0].pValue = &pubkey_class;
+	cert_filter[0].pValue = &cert_class;
+
+	*err = 0;
+
+	FILL_ATTR(tpub, npub, CKA_TOKEN, &true_val, sizeof(true_val));
+	FILL_ATTR(tpub, npub, CKA_LABEL, plabel, strlen(plabel));
+	FILL_ATTR(tpub, npub, CKA_ENCRYPT, &false_val, sizeof(false_val));
+	FILL_ATTR(tpub, npub, CKA_VERIFY, &true_val, sizeof(true_val));
+	FILL_ATTR(tpub, npub, CKA_VERIFY_RECOVER, &false_val,
+	    sizeof(false_val));
+	FILL_ATTR(tpub, npub, CKA_WRAP, &false_val, sizeof(false_val));
+	FILL_ATTR(tpub, npub, CKA_DERIVE, &false_val, sizeof(false_val));
+	FILL_ATTR(tpub, npub, CKA_MODULUS_BITS, &bits, sizeof(bits));
+	FILL_ATTR(tpub, npub, CKA_PUBLIC_EXPONENT, pubExponent,
+	    sizeof(pubExponent));
+	FILL_ATTR(tpub, npub, CKA_ID, &keyid, sizeof(keyid));
+
+	FILL_ATTR(tpriv, npriv, CKA_TOKEN,  &true_val, sizeof(true_val));
+	FILL_ATTR(tpriv, npriv, CKA_LABEL,  plabel, strlen(plabel));
+	FILL_ATTR(tpriv, npriv, CKA_PRIVATE,  &true_val, sizeof(true_val));
+	FILL_ATTR(tpriv, npriv, CKA_SENSITIVE,  &true_val, sizeof(true_val));
+	FILL_ATTR(tpriv, npriv, CKA_DECRYPT,  &false_val, sizeof(false_val));
+	FILL_ATTR(tpriv, npriv, CKA_SIGN,  &true_val, sizeof(true_val));
+	FILL_ATTR(tpriv, npriv, CKA_SIGN_RECOVER,  &false_val,
+	    sizeof(false_val));
+	FILL_ATTR(tpriv, npriv, CKA_UNWRAP,  &false_val, sizeof(false_val));
+	FILL_ATTR(tpriv, npriv, CKA_DERIVE,  &false_val, sizeof(false_val));
+	FILL_ATTR(tpriv, npriv, CKA_ID, &keyid, sizeof(keyid));
+
+	f = p->function_list;
+	si = &p->slotinfo[slotidx];
+	session = si->session;
+
+	if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv,
+	    &pubKey, &privKey)) != CKR_OK) {
+		error("%s: key generation failed: error 0x%lx", __func__, rv);
+		*err = rv;
+		return NULL;
+	}
+
+	return pkcs11_fetch_rsa_pubkey(p, slotidx, &pubKey);
+}
+
+static int
+pkcs11_decode_hex(const char *hex, unsigned char **dest, size_t *rlen)
+{
+	size_t	i, len;
+	char	ptr[3];
+
+	if (dest)
+		*dest = NULL;
+	if (rlen)
+		*rlen = 0;
+
+	if ((len = strlen(hex)) % 2)
+		return -1;
+	len /= 2;
+
+	*dest = xmalloc(len);
+
+	ptr[2] = '\0';
+	for (i = 0; i < len; i++) {
+		ptr[0] = hex[2 * i];
+		ptr[1] = hex[(2 * i) + 1];
+		if (!isxdigit(ptr[0]) || !isxdigit(ptr[1]))
+			return -1;
+		(*dest)[i] = (unsigned char)strtoul(ptr, NULL, 16);
+	}
+
+	if (rlen)
+		*rlen = len;
+
+	return 0;
+}
+
+static struct ec_curve_info {
+	const char	*name;
+	const char	*oid;
+	const char	*oid_encoded;
+	size_t		 size;
+} ec_curve_infos[] = {
+	{"prime256v1",	"1.2.840.10045.3.1.7",	"06082A8648CE3D030107", 256},
+	{"secp384r1",	"1.3.132.0.34",		"06052B81040022",	384},
+	{"secp521r1",	"1.3.132.0.35",		"06052B81040023",	521},
+	{NULL,		NULL,			NULL,			0},
+};
+
+static struct sshkey *
+pkcs11_ecdsa_generate_private_key(struct pkcs11_provider *p, CK_ULONG slotidx,
+    char *label, CK_ULONG bits, CK_BYTE keyid, u_int32_t *err)
+{
+	struct pkcs11_slotinfo	*si;
+	char			*plabel = label ? label : "";
+	int			 i;
+	size_t			 ecparams_size;
+	unsigned char		*ecparams = NULL;
+	int			 npub = 0, npriv = 0;
+	CK_RV			 rv;
+	CK_FUNCTION_LIST	*f;
+	CK_SESSION_HANDLE	 session;
+	CK_BBOOL		 true_val = CK_TRUE, false_val = CK_FALSE;
+	CK_OBJECT_HANDLE	 pubKey, privKey;
+	CK_MECHANISM		 mech = {
+	    CKM_EC_KEY_PAIR_GEN, NULL_PTR, 0
+	};
+	CK_ATTRIBUTE		 tpub[16], tpriv[16];
+
+	*err = 0;
+
+	for (i = 0; ec_curve_infos[i].name; i++) {
+		if (ec_curve_infos[i].size == bits)
+			break;
+	}
+	if (!ec_curve_infos[i].name) {
+		error("%s: invalid key size %lu", __func__, bits);
+		return NULL;
+	}
+	if (pkcs11_decode_hex(ec_curve_infos[i].oid_encoded, &ecparams,
+	    &ecparams_size) == -1) {
+		error("%s: invalid oid", __func__);
+		return NULL;
+	}
+
+	FILL_ATTR(tpub, npub, CKA_TOKEN, &true_val, sizeof(true_val));
+	FILL_ATTR(tpub, npub, CKA_LABEL, plabel, strlen(plabel));
+	FILL_ATTR(tpub, npub, CKA_ENCRYPT, &false_val, sizeof(false_val));
+	FILL_ATTR(tpub, npub, CKA_VERIFY, &true_val, sizeof(true_val));
+	FILL_ATTR(tpub, npub, CKA_VERIFY_RECOVER, &false_val,
+	    sizeof(false_val));
+	FILL_ATTR(tpub, npub, CKA_WRAP, &false_val, sizeof(false_val));
+	FILL_ATTR(tpub, npub, CKA_DERIVE, &false_val, sizeof(false_val));
+	FILL_ATTR(tpub, npub, CKA_EC_PARAMS, ecparams, ecparams_size);
+	FILL_ATTR(tpub, npub, CKA_ID, &keyid, sizeof(keyid));
+
+	FILL_ATTR(tpriv, npriv, CKA_TOKEN, &true_val, sizeof(true_val));
+	FILL_ATTR(tpriv, npriv, CKA_LABEL, plabel, strlen(plabel));
+	FILL_ATTR(tpriv, npriv, CKA_PRIVATE, &true_val, sizeof(true_val));
+	FILL_ATTR(tpriv, npriv, CKA_SENSITIVE, &true_val, sizeof(true_val));
+	FILL_ATTR(tpriv, npriv, CKA_DECRYPT, &false_val, sizeof(false_val));
+	FILL_ATTR(tpriv, npriv, CKA_SIGN, &true_val, sizeof(true_val));
+	FILL_ATTR(tpriv, npriv, CKA_SIGN_RECOVER, &false_val,
+	    sizeof(false_val));
+	FILL_ATTR(tpriv, npriv, CKA_UNWRAP, &false_val, sizeof(false_val));
+	FILL_ATTR(tpriv, npriv, CKA_DERIVE, &false_val, sizeof(false_val));
+	FILL_ATTR(tpriv, npriv, CKA_ID, &keyid, sizeof(keyid));
+
+	f = p->function_list;
+	si = &p->slotinfo[slotidx];
+	session = si->session;
+
+	if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv,
+	    &pubKey, &privKey)) != CKR_OK) {
+		error("%s: key generation failed: error 0x%lx", __func__, rv);
+		*err = rv;
+		return NULL;
+	}
+
+	return pkcs11_fetch_ecdsa_pubkey(p, slotidx, &pubKey);
+}
+#endif /* WITH_PKCS11_KEYGEN */
+
+/*
+ * register a new provider, fails if provider already exists. if
+ * keyp is provided, fetch keys.
+ */
+static int
+pkcs11_register_provider(char *provider_id, char *pin, struct sshkey ***keyp,
+    struct pkcs11_provider **providerp, CK_ULONG user)
+{
 	int nkeys, need_finalize = 0;
+	int ret = -1;
 	struct pkcs11_provider *p = NULL;
 	void *handle = NULL;
 	CK_RV (*getfunctionlist)(CK_FUNCTION_LIST **);
@@ -601,13 +1453,19 @@
 	CK_TOKEN_INFO *token;
 	CK_ULONG i;
 
-	*keyp = NULL;
+	if (providerp == NULL)
+		goto fail;
+	*providerp = NULL;
+
+	if (keyp != NULL)
+		*keyp = NULL;
+
 	if (pkcs11_provider_lookup(provider_id) != NULL) {
 		debug("%s: provider already registered: %s",
 		    __func__, provider_id);
 		goto fail;
 	}
-	/* open shared pkcs11-libarary */
+	/* open shared pkcs11-library */
 	if ((handle = dlopen(provider_id, RTLD_NOW)) == NULL) {
 		error("dlopen %s failed: %s", provider_id, dlerror());
 		goto fail;
@@ -655,6 +1513,7 @@
 	if (p->nslots == 0) {
 		debug("%s: provider %s returned no slots", __func__,
 		    provider_id);
+		ret = -SSH_PKCS11_ERR_NO_SLOTS;
 		goto fail;
 	}
 	p->slotlist = xcalloc(p->nslots, sizeof(CK_SLOT_ID));
@@ -690,43 +1549,272 @@
 		    provider_id, (unsigned long)i,
 		    token->label, token->manufacturerID, token->model,
 		    token->serialNumber, token->flags);
-		/* open session, login with pin and retrieve public keys */
-		if (pkcs11_open_session(p, i, pin) == 0)
+		/*
+		 * open session, login with pin and retrieve public
+		 * keys (if keyp is provided)
+		 */
+		if ((ret = pkcs11_open_session(p, i, pin, user)) != 0 ||
+		    keyp == NULL)
+			continue;
+		pkcs11_fetch_keys(p, i, keyp, &nkeys);
+		pkcs11_fetch_certs(p, i, keyp, &nkeys);
+		if (nkeys == 0 && !p->slotinfo[i].logged_in &&
+		    pkcs11_interactive) {
+			/*
+			 * Some tokens require login before they will
+			 * expose keys.
+			 */
+			if (pkcs11_login_slot(p, &p->slotinfo[i],
+			    CKU_USER) < 0) {
+				error("login failed");
+				continue;
+			}
 			pkcs11_fetch_keys(p, i, keyp, &nkeys);
+			pkcs11_fetch_certs(p, i, keyp, &nkeys);
+		}
 	}
-	if (nkeys > 0) {
-		TAILQ_INSERT_TAIL(&pkcs11_providers, p, next);
-		p->refcount++;	/* add to provider list */
-		return (nkeys);
-	}
-	debug("%s: provider %s returned no keys", __func__, provider_id);
-	/* don't add the provider, since it does not have any keys */
+
+	/* now owned by caller */
+	*providerp = p;
+
+	TAILQ_INSERT_TAIL(&pkcs11_providers, p, next);
+	p->refcount++;	/* add to provider list */
+
+	return (nkeys);
 fail:
 	if (need_finalize && (rv = f->C_Finalize(NULL)) != CKR_OK)
 		error("C_Finalize for provider %s failed: %lu",
 		    provider_id, rv);
 	if (p) {
+		free(p->name);
 		free(p->slotlist);
 		free(p->slotinfo);
 		free(p);
 	}
 	if (handle)
 		dlclose(handle);
-	return (-1);
+	return (ret);
 }
 
-#else
+/*
+ * register a new provider and get number of keys hold by the token,
+ * fails if provider already exists
+ */
+int
+pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)
+{
+	struct pkcs11_provider *p = NULL;
+	int nkeys;
 
+	nkeys = pkcs11_register_provider(provider_id, pin, keyp, &p, CKU_USER);
+
+	/* no keys found or some other error, de-register provider */
+	if (nkeys <= 0 && p != NULL) {
+		TAILQ_REMOVE(&pkcs11_providers, p, next);
+		pkcs11_provider_finalize(p);
+		pkcs11_provider_unref(p);
+	}
+	if (nkeys == 0)
+		debug("%s: provider %s returned no keys", __func__,
+		    provider_id);
+
+	return (nkeys);
+}
+
+#ifdef WITH_PKCS11_KEYGEN
+struct sshkey *
+pkcs11_gakp(char *provider_id, char *pin, unsigned int slotidx, char *label,
+    unsigned int type, unsigned int bits, unsigned char keyid, u_int32_t *err)
+{
+	struct pkcs11_provider	*p = NULL;
+	struct pkcs11_slotinfo	*si;
+	CK_FUNCTION_LIST	*f;
+	CK_SESSION_HANDLE	 session;
+	struct sshkey		*k = NULL;
+	int			 ret = -1, reset_pin = 0, reset_provider = 0;
+	CK_RV			 rv;
+
+	*err = 0;
+
+	if ((p = pkcs11_provider_lookup(provider_id)) != NULL)
+		debug("%s: provider \"%s\" available", __func__, provider_id);
+	else if ((ret = pkcs11_register_provider(provider_id, pin, NULL, &p,
+	    CKU_SO)) < 0) {
+		debug("%s: could not register provider %s", __func__,
+		    provider_id);
+		goto out;
+	} else
+		reset_provider = 1;
+
+	f = p->function_list;
+	si = &p->slotinfo[slotidx];
+	session = si->session;
+
+	if ((rv = f->C_SetOperationState(session , pin, strlen(pin),
+	    CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) {
+		debug("%s: could not supply SO pin: %lu", __func__, rv);
+		reset_pin = 0;
+	} else
+		reset_pin = 1;
+
+	switch (type) {
+	case KEY_RSA:
+		if ((k = pkcs11_rsa_generate_private_key(p, slotidx, label,
+		    bits, keyid, err)) == NULL) {
+			debug("%s: failed to generate RSA key", __func__);
+			goto out;
+		}
+		break;
+	case KEY_ECDSA:
+		if ((k = pkcs11_ecdsa_generate_private_key(p, slotidx, label,
+		    bits, keyid, err)) == NULL) {
+			debug("%s: failed to generate ECDSA key", __func__);
+			goto out;
+		}
+		break;
+	default:
+		*err = SSH_PKCS11_ERR_GENERIC;
+		debug("%s: unknown type %d", __func__, type);
+		goto out;
+	}
+
+out:
+	if (reset_pin)
+		f->C_SetOperationState(session , NULL, 0, CK_INVALID_HANDLE,
+		    CK_INVALID_HANDLE);
+
+	if (reset_provider)
+		pkcs11_del_provider(provider_id);
+
+	return (k);
+}
+
+struct sshkey *
+pkcs11_destroy_keypair(char *provider_id, char *pin, unsigned long slotidx,
+    unsigned char keyid, u_int32_t *err)
+{
+	struct pkcs11_provider	*p = NULL;
+	struct pkcs11_slotinfo	*si;
+	struct sshkey		*k = NULL;
+	int			 reset_pin = 0, reset_provider = 0;
+	CK_ULONG		 nattrs;
+	CK_FUNCTION_LIST	*f;
+	CK_SESSION_HANDLE	 session;
+	CK_ATTRIBUTE		 attrs[16];
+	CK_OBJECT_CLASS		 key_class;
+	CK_KEY_TYPE		 key_type;
+	CK_OBJECT_HANDLE	 obj = CK_INVALID_HANDLE;
+	CK_RV			 rv;
+
+	*err = 0;
+
+	if ((p = pkcs11_provider_lookup(provider_id)) != NULL) {
+		debug("%s: using provider \"%s\"", __func__, provider_id);
+	} else if (pkcs11_register_provider(provider_id, pin, NULL, &p,
+	    CKU_SO) < 0) {
+		debug("%s: could not register provider %s", __func__,
+		    provider_id);
+		goto out;
+	} else
+		reset_provider = 1;
+
+	f = p->function_list;
+	si = &p->slotinfo[slotidx];
+	session = si->session;
+
+	if ((rv = f->C_SetOperationState(session , pin, strlen(pin),
+	    CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) {
+		debug("%s: could not supply SO pin: %lu", __func__, rv);
+		reset_pin = 0;
+	} else
+		reset_pin = 1;
+
+	/* private key */
+	nattrs = 0;
+	key_class = CKO_PRIVATE_KEY;
+	FILL_ATTR(attrs, nattrs, CKA_CLASS, &key_class, sizeof(key_class));
+	FILL_ATTR(attrs, nattrs, CKA_ID, &keyid, sizeof(keyid));
+
+	if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 &&
+	    obj != CK_INVALID_HANDLE) {
+		if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) {
+			debug("%s: could not destroy private key 0x%hhx",
+			    __func__, keyid);
+			*err = rv;
+			goto out;
+		}
+	}
+
+	/* public key */
+	nattrs = 0;
+	key_class = CKO_PUBLIC_KEY;
+	FILL_ATTR(attrs, nattrs, CKA_CLASS, &key_class, sizeof(key_class));
+	FILL_ATTR(attrs, nattrs, CKA_ID, &keyid, sizeof(keyid));
+
+	if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 &&
+	    obj != CK_INVALID_HANDLE) {
+
+		/* get key type */
+		nattrs = 0;
+		FILL_ATTR(attrs, nattrs, CKA_KEY_TYPE, &key_type,
+		    sizeof(key_type));
+		rv = f->C_GetAttributeValue(session, obj, attrs, nattrs);
+		if (rv != CKR_OK) {
+			debug("%s: could not get key type of public key 0x%hhx",
+			    __func__, keyid);
+			*err = rv;
+			key_type = -1;
+		}
+		if (key_type == CKK_RSA)
+			k = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj);
+		else if (key_type == CKK_ECDSA)
+			k = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj);
+
+		if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) {
+			debug("%s: could not destroy public key 0x%hhx",
+			    __func__, keyid);
+			*err = rv;
+			goto out;
+		}
+	}
+
+out:
+	if (reset_pin)
+		f->C_SetOperationState(session , NULL, 0, CK_INVALID_HANDLE,
+		    CK_INVALID_HANDLE);
+
+	if (reset_provider)
+		pkcs11_del_provider(provider_id);
+
+	return (k);
+}
+#endif /* WITH_PKCS11_KEYGEN */
+#else /* ENABLE_PKCS11 */
+
+#include <sys/types.h>
+#include <stdarg.h>
+#include <stdio.h>
+
+#include "log.h"
+#include "sshkey.h"
+
 int
 pkcs11_init(int interactive)
 {
-	return (0);
+	error("%s: dlopen() not supported", __func__);
+	return (-1);
 }
 
+int
+pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)
+{
+	error("%s: dlopen() not supported", __func__);
+	return (-1);
+}
+
 void
 pkcs11_terminate(void)
 {
-	return;
+	error("%s: dlopen() not supported", __func__);
 }
-
 #endif /* ENABLE_PKCS11 */
Index: ssh.h
===================================================================
--- ssh.h
+++ ssh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.h,v 1.88 2018/06/06 18:29:18 markus Exp $ */
+/* $OpenBSD: ssh.h,v 1.89 2018/12/27 03:25:25 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -93,3 +93,7 @@
 
 /* Listen backlog for sshd, ssh-agent and forwarding sockets */
 #define SSH_LISTEN_BACKLOG		128
+
+/* Limits for banner exchange */
+#define SSH_MAX_BANNER_LEN		8192
+#define SSH_MAX_PRE_BANNER_LINES	1024
Index: ssh.0
===================================================================
--- ssh.0
+++ ssh.0
@@ -130,7 +130,7 @@
 
      -I pkcs11
              Specify the PKCS#11 shared library ssh should use to communicate
-             with a PKCS#11 token providing the user's private RSA key.
+             with a PKCS#11 token providing keys for user authentication.
 
      -i identity_file
              Selects a file from which the identity (private key) for public
@@ -150,6 +150,10 @@
              TCP forwarding to the ultimate destination from there.  Multiple
              jump hops may be specified separated by comma characters.  This
              is a shortcut to specify a ProxyJump configuration directive.
+             Note that configuration directives supplied on the command-line
+             generally apply to the destination host and not any specified
+             jump hosts.  Use ~/.ssh/config to specify configuration for jump
+             hosts.
 
      -K      Enables GSSAPI-based authentication and forwarding (delegation)
              of GSSAPI credentials to the server.
@@ -267,7 +271,7 @@
                    HostbasedKeyTypes
                    HostKeyAlgorithms
                    HostKeyAlias
-                   HostName
+                   Hostname
                    IdentitiesOnly
                    IdentityAgent
                    IdentityFile
@@ -594,36 +598,30 @@
              to stderr.
 
 TCP FORWARDING
-     Forwarding of arbitrary TCP connections over the secure channel can be
+     Forwarding of arbitrary TCP connections over a secure channel can be
      specified either on the command line or in a configuration file.  One
      possible application of TCP forwarding is a secure connection to a mail
      server; another is going through firewalls.
 
-     In the example below, we look at encrypting communication between an IRC
-     client and server, even though the IRC server does not directly support
-     encrypted communications.  This works as follows: the user connects to
-     the remote host using ssh, specifying a port to be used to forward
-     connections to the remote server.  After that it is possible to start the
-     service which is to be encrypted on the client machine, connecting to the
-     same local port, and ssh will encrypt and forward the connection.
+     In the example below, we look at encrypting communication for an IRC
+     client, even though the IRC server it connects to does not directly
+     support encrypted communication.  This works as follows: the user
+     connects to the remote host using ssh, specifying the ports to be used to
+     forward the connection.  After that it is possible to start the program
+     locally, and ssh will encrypt and forward the connection to the remote
+     server.
 
-     The following example tunnels an IRC session from client machine
-     M-bM-^@M-^\127.0.0.1M-bM-^@M-^] (localhost) to remote server M-bM-^@M-^\server.example.comM-bM-^@M-^]:
+     The following example tunnels an IRC session from the client to an IRC
+     server at M-bM-^@M-^\server.example.comM-bM-^@M-^], joining channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname
+     M-bM-^@M-^\pinkyM-bM-^@M-^], using the standard IRC port, 6667:
 
-         $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
-         $ irc -c '#users' -p 1234 pinky 127.0.0.1
+         $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10
+         $ irc -c '#users' pinky IRC/127.0.0.1
 
-     This tunnels a connection to IRC server M-bM-^@M-^\server.example.comM-bM-^@M-^], joining
-     channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname M-bM-^@M-^\pinkyM-bM-^@M-^], using port 1234.  It doesn't matter
-     which port is used, as long as it's greater than 1023 (remember, only
-     root can open sockets on privileged ports) and doesn't conflict with any
-     ports already in use.  The connection is forwarded to port 6667 on the
-     remote server, since that's the standard port for IRC services.
-
      The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is
      specified to allow an amount of time (10 seconds, in the example) to
-     start the service which is to be tunnelled.  If no connections are made
-     within the time specified, ssh will exit.
+     start the program which is going to use the tunnel.  If no connections
+     are made within the time specified, ssh will exit.
 
 X11 FORWARDING
      If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the
@@ -979,4 +977,4 @@
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 6.4                   September 20, 2018                   OpenBSD 6.4
+OpenBSD 6.6                      June 12, 2019                     OpenBSD 6.6
Index: ssh.1
===================================================================
--- ssh.1
+++ ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.399 2018/09/20 06:58:48 jmc Exp $
-.Dd $Mdocdate: September 20 2018 $
+.\" $OpenBSD: ssh.1,v 1.403 2019/06/12 11:31:50 jmc Exp $
+.Dd $Mdocdate: June 12 2019 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -270,8 +270,8 @@
 .It Fl I Ar pkcs11
 Specify the PKCS#11 shared library
 .Nm
-should use to communicate with a PKCS#11 token providing the user's
-private RSA key.
+should use to communicate with a PKCS#11 token providing keys for user
+authentication.
 .Pp
 .It Fl i Ar identity_file
 Selects a file from which the identity (private key) for
@@ -308,6 +308,11 @@
 This is a shortcut to specify a
 .Cm ProxyJump
 configuration directive.
+Note that configuration directives supplied on the command-line generally
+apply to the destination host and not any specified jump hosts.
+Use
+.Pa ~/.ssh/config
+to specify configuration for jump hosts.
 .Pp
 .It Fl K
 Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
@@ -499,7 +504,7 @@
 .It HostbasedKeyTypes
 .It HostKeyAlgorithms
 .It HostKeyAlias
-.It HostName
+.It Hostname
 .It IdentitiesOnly
 .It IdentityAgent
 .It IdentityFile
@@ -1085,49 +1090,35 @@
 when errors are being written to stderr.
 .El
 .Sh TCP FORWARDING
-Forwarding of arbitrary TCP connections over the secure channel can
-be specified either on the command line or in a configuration file.
+Forwarding of arbitrary TCP connections over a secure channel
+can be specified either on the command line or in a configuration file.
 One possible application of TCP forwarding is a secure connection to a
 mail server; another is going through firewalls.
 .Pp
-In the example below, we look at encrypting communication between
-an IRC client and server, even though the IRC server does not directly
-support encrypted communications.
+In the example below, we look at encrypting communication for an IRC client,
+even though the IRC server it connects to does not directly
+support encrypted communication.
 This works as follows:
 the user connects to the remote host using
 .Nm ,
-specifying a port to be used to forward connections
-to the remote server.
-After that it is possible to start the service which is to be encrypted
-on the client machine,
-connecting to the same local port,
+specifying the ports to be used to forward the connection.
+After that it is possible to start the program locally,
 and
 .Nm
-will encrypt and forward the connection.
+will encrypt and forward the connection to the remote server.
 .Pp
-The following example tunnels an IRC session from client machine
-.Dq 127.0.0.1
-(localhost)
-to remote server
-.Dq server.example.com :
-.Bd -literal -offset 4n
-$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
-$ irc -c '#users' -p 1234 pinky 127.0.0.1
-.Ed
-.Pp
-This tunnels a connection to IRC server
+The following example tunnels an IRC session from the client
+to an IRC server at
 .Dq server.example.com ,
 joining channel
 .Dq #users ,
 nickname
 .Dq pinky ,
-using port 1234.
-It doesn't matter which port is used,
-as long as it's greater than 1023
-(remember, only root can open sockets on privileged ports)
-and doesn't conflict with any ports already in use.
-The connection is forwarded to port 6667 on the remote server,
-since that's the standard port for IRC services.
+using the standard IRC port, 6667:
+.Bd -literal -offset 4n
+$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10
+$ irc -c '#users' pinky IRC/127.0.0.1
+.Ed
 .Pp
 The
 .Fl f
@@ -1137,7 +1128,7 @@
 .Dq sleep 10
 is specified to allow an amount of time
 (10 seconds, in the example)
-to start the service which is to be tunnelled.
+to start the program which is going to use the tunnel.
 If no connections are made within the time specified,
 .Nm
 will exit.
Index: ssh.c
===================================================================
--- ssh.c
+++ ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.494 2018/10/03 06:38:35 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.507 2019/09/13 04:27:35 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -162,7 +162,7 @@
 
 /*
  * Name of the host we are connecting to.  This is the name given on the
- * command line, or the HostName specified for the user-supplied name in a
+ * command line, or the Hostname specified for the user-supplied name in a
  * configuration file.
  */
 char *host;
@@ -236,7 +236,8 @@
 {
 	char strport[NI_MAXSERV];
 	struct addrinfo hints, *res;
-	int gaierr, loglevel = SYSLOG_LEVEL_DEBUG1;
+	int gaierr;
+	LogLevel loglevel = SYSLOG_LEVEL_DEBUG1;
 
 	if (port <= 0)
 		port = default_ssh_port();
@@ -527,7 +528,8 @@
  * file if the user specifies a config file on the command line.
  */
 static void
-process_config_files(const char *host_name, struct passwd *pw, int post_canon)
+process_config_files(const char *host_name, struct passwd *pw, int final_pass,
+    int *want_final_pass)
 {
 	char buf[PATH_MAX];
 	int r;
@@ -535,7 +537,8 @@
 	if (config != NULL) {
 		if (strcasecmp(config, "none") != 0 &&
 		    !read_config_file(config, pw, host, host_name, &options,
-		    SSHCONF_USERCONF | (post_canon ? SSHCONF_POSTCANON : 0)))
+		    SSHCONF_USERCONF | (final_pass ? SSHCONF_FINAL : 0),
+		    want_final_pass))
 			fatal("Can't open user config file %.100s: "
 			    "%.100s", config, strerror(errno));
 	} else {
@@ -544,12 +547,12 @@
 		if (r > 0 && (size_t)r < sizeof(buf))
 			(void)read_config_file(buf, pw, host, host_name,
 			    &options, SSHCONF_CHECKPERM | SSHCONF_USERCONF |
-			    (post_canon ? SSHCONF_POSTCANON : 0));
+			    (final_pass ? SSHCONF_FINAL : 0), want_final_pass);
 
 		/* Read systemwide configuration file after user config. */
 		(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,
 		    host, host_name, &options,
-		    post_canon ? SSHCONF_POSTCANON : 0);
+		    final_pass ? SSHCONF_FINAL : 0, want_final_pass);
 	}
 }
 
@@ -581,7 +584,7 @@
 {
 	struct ssh *ssh = NULL;
 	int i, r, opt, exit_status, use_syslog, direct, timeout_ms;
-	int was_addr, config_test = 0, opt_terminated = 0;
+	int was_addr, config_test = 0, opt_terminated = 0, want_final_pass = 0;
 	char *p, *cp, *line, *argv0, buf[PATH_MAX], *logfile;
 	char cname[NI_MAXHOST];
 	struct stat st;
@@ -593,7 +596,6 @@
 	struct ssh_digest_ctx *md;
 	u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
 
-	ssh_malloc_init();	/* must be called before any mallocs */
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
@@ -610,6 +612,8 @@
 	av = saved_av;
 #endif
 
+	seed_rng();
+
 	/*
 	 * Discard other fds that are hanging around. These can cause problem
 	 * with backgrounded ssh processes started by ControlPersist.
@@ -647,7 +651,6 @@
 	if ((ssh = ssh_alloc_session_state()) == NULL)
 		fatal("Couldn't allocate session state");
 	channel_init_channels(ssh);
-	active_state = ssh; /* XXX legacy API compat */
 
 	/* Parse command-line arguments. */
 	host = NULL;
@@ -770,7 +773,7 @@
 			break;
 		case 'i':
 			p = tilde_expand_filename(optarg, getuid());
-			if (stat(p, &st) < 0)
+			if (stat(p, &st) == -1)
 				fprintf(stderr, "Warning: Identity file %s "
 				    "not accessible: %s.\n", p,
 				    strerror(errno));
@@ -787,8 +790,11 @@
 #endif
 			break;
 		case 'J':
-			if (options.jump_host != NULL)
-				fatal("Only a single -J option permitted");
+			if (options.jump_host != NULL) {
+				fatal("Only a single -J option is permitted "
+				    "(use commas to separate multiple "
+				    "jump hops)");
+			}
 			if (options.proxy_command != NULL)
 				fatal("Cannot specify -J with ProxyCommand");
 			if (parse_jump(optarg, &options, 1) == -1)
@@ -816,7 +822,7 @@
 			fprintf(stderr, "%s, %s\n",
 			    SSH_RELEASE,
 #ifdef WITH_OPENSSL
-			    SSLeay_version(SSLEAY_VERSION)
+			    OpenSSL_version(OPENSSL_VERSION)
 #else
 			    "without OpenSSL"
 #endif
@@ -871,7 +877,7 @@
 			}
 			break;
 		case 'c':
-			if (!ciphers_valid(*optarg == '+' ?
+			if (!ciphers_valid(*optarg == '+' || *optarg == '^' ?
 			    optarg + 1 : optarg)) {
 				fprintf(stderr, "Unknown cipher type '%s'\n",
 				    optarg);
@@ -1036,11 +1042,6 @@
 
 	host_arg = xstrdup(host);
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-	ERR_load_crypto_strings();
-#endif
-
 	/* Initialize the command to execute on remote host. */
 	if ((command = sshbuf_new()) == NULL)
 		fatal("sshbuf_new failed");
@@ -1085,14 +1086,16 @@
 	if (debug_flag)
 		logit("%s, %s", SSH_RELEASE,
 #ifdef WITH_OPENSSL
-		    SSLeay_version(SSLEAY_VERSION)
+		    OpenSSL_version(OPENSSL_VERSION)
 #else
 		    "without OpenSSL"
 #endif
 		);
 
 	/* Parse the configuration files */
-	process_config_files(host_arg, pw, 0);
+	process_config_files(host_arg, pw, 0, &want_final_pass);
+	if (want_final_pass)
+		debug("configuration requests final Match pass");
 
 	/* Hostname canonicalisation needs a few options filled. */
 	fill_default_options_for_canonicalization(&options);
@@ -1149,12 +1152,17 @@
 	 * If canonicalisation is enabled then re-parse the configuration
 	 * files as new stanzas may match.
 	 */
-	if (options.canonicalize_hostname != 0) {
-		debug("Re-reading configuration after hostname "
-		    "canonicalisation");
+	if (options.canonicalize_hostname != 0 && !want_final_pass) {
+		debug("hostname canonicalisation enabled, "
+		    "will re-parse configuration");
+		want_final_pass = 1;
+	}
+
+	if (want_final_pass) {
+		debug("re-parsing configuration");
 		free(options.hostname);
 		options.hostname = xstrdup(host);
-		process_config_files(host_arg, pw, 1);
+		process_config_files(host_arg, pw, 1, NULL);
 		/*
 		 * Address resolution happens early with canonicalisation
 		 * enabled and the port number may have changed since, so
@@ -1264,8 +1272,6 @@
 		tty_flag = 0;
 	}
 
-	seed_rng();
-
 	if (options.user == NULL)
 		options.user = xstrdup(pw->pw_name);
 
@@ -1344,7 +1350,7 @@
 		int sock;
 		if ((sock = muxclient(options.control_path)) >= 0) {
 			ssh_packet_set_connection(ssh, sock, sock);
-			packet_set_mux();
+			ssh_packet_set_mux(ssh);
 			goto skip_connect;
 		}
 	}
@@ -1363,7 +1369,7 @@
 	timeout_ms = options.connection_timeout * 1000;
 
 	/* Open a connection to the remote host. */
-	if (ssh_connect(ssh, host, addrs, &hostaddr, options.port,
+	if (ssh_connect(ssh, host_arg, host, addrs, &hostaddr, options.port,
 	    options.address_family, options.connection_attempts,
 	    &timeout_ms, options.tcp_keep_alive) != 0)
  		exit(255);
@@ -1371,11 +1377,9 @@
 	if (addrs != NULL)
 		freeaddrinfo(addrs);
 
-	packet_set_timeout(options.server_alive_interval,
+	ssh_packet_set_timeout(ssh, options.server_alive_interval,
 	    options.server_alive_count_max);
 
-	ssh = active_state; /* XXX */
-
 	if (timeout_ms > 0)
 		debug3("timeout: %d ms remain after connect", timeout_ms);
 
@@ -1422,7 +1426,7 @@
 	if (config == NULL) {
 		r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
 		    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
-		if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+		if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) == -1) {
 #ifdef WITH_SELINUX
 			ssh_selinux_setfscreatecon(buf);
 #endif
@@ -1486,10 +1490,10 @@
 	signal(SIGCHLD, main_sigchld_handler);
 
 	/* Log into the remote system.  Never returns if the login fails. */
-	ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr,
+	ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr,
 	    options.port, pw, timeout_ms);
 
-	if (packet_connection_is_on_socket()) {
+	if (ssh_packet_connection_is_on_socket(ssh)) {
 		verbose("Authenticated to %s ([%s]:%d).", host,
 		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 	} else {
@@ -1523,7 +1527,7 @@
 
  skip_connect:
 	exit_status = ssh_session2(ssh, pw);
-	packet_close();
+	ssh_packet_close(ssh);
 
 	if (options.control_path != NULL && muxserver_sock != -1)
 		unlink(options.control_path);
@@ -1589,7 +1593,7 @@
 		control_persist_detach();
 	debug("forking to background");
 	fork_after_authentication_flag = 0;
-	if (daemon(1, 1) < 0)
+	if (daemon(1, 1) == -1)
 		fatal("daemon() failed: %.200s", strerror(errno));
 }
 
@@ -1598,6 +1602,8 @@
 ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt)
 {
 	struct Forward *rfwd = (struct Forward *)ctxt;
+	u_int port;
+	int r;
 
 	/* XXX verbose() on failure? */
 	debug("remote forward %s for: listen %s%s%d, connect %s:%d",
@@ -1609,12 +1615,25 @@
 	    rfwd->connect_host, rfwd->connect_port);
 	if (rfwd->listen_path == NULL && rfwd->listen_port == 0) {
 		if (type == SSH2_MSG_REQUEST_SUCCESS) {
-			rfwd->allocated_port = packet_get_int();
-			logit("Allocated port %u for remote forward to %s:%d",
-			    rfwd->allocated_port,
-			    rfwd->connect_host, rfwd->connect_port);
-			channel_update_permission(ssh,
-			    rfwd->handle, rfwd->allocated_port);
+			if ((r = sshpkt_get_u32(ssh, &port)) != 0)
+				fatal("%s: %s", __func__, ssh_err(r));
+			if (port > 65535) {
+				error("Invalid allocated port %u for remote "
+				    "forward to %s:%d", port,
+				    rfwd->connect_host, rfwd->connect_port);
+				/* Ensure failure processing runs below */
+				type = SSH2_MSG_REQUEST_FAILURE;
+				channel_update_permission(ssh,
+				    rfwd->handle, -1);
+			} else {
+				rfwd->allocated_port = (int)port;
+				logit("Allocated port %u for remote "
+				    "forward to %s:%d",
+				    rfwd->allocated_port, rfwd->connect_host,
+				    rfwd->connect_port);
+				channel_update_permission(ssh,
+				    rfwd->handle, rfwd->allocated_port);
+			}
 		} else {
 			channel_update_permission(ssh, rfwd->handle, -1);
 		}
@@ -1670,8 +1689,8 @@
 	debug3("%s: %s:%d", __func__, options.stdio_forward_host,
 	    options.stdio_forward_port);
 
-	if ((in = dup(STDIN_FILENO)) < 0 ||
-	    (out = dup(STDOUT_FILENO)) < 0)
+	if ((in = dup(STDIN_FILENO)) == -1 ||
+	    (out = dup(STDOUT_FILENO)) == -1)
 		fatal("channel_connect_stdio_fwd: dup() in/out failed");
 	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
 	    options.stdio_forward_port, in, out)) == NULL)
@@ -1771,7 +1790,7 @@
 {
 	extern char **environ;
 	const char *display;
-	int interactive = tty_flag;
+	int r, interactive = tty_flag;
 	char *proto = NULL, *data = NULL;
 
 	if (!success)
@@ -1797,11 +1816,12 @@
 	if (options.forward_agent) {
 		debug("Requesting authentication agent forwarding.");
 		channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0);
-		packet_send();
+		if ((r = sshpkt_send(ssh)) != 0)
+			fatal("%s: %s", __func__, ssh_err(r));
 	}
 
 	/* Tell the packet module whether this is an interactive session. */
-	packet_set_interactive(interactive,
+	ssh_packet_set_interactive(ssh, interactive,
 	    options.ip_qos_interactive, options.ip_qos_bulk);
 
 	client_session2_setup(ssh, id, tty_flag, subsystem_flag, getenv("TERM"),
@@ -1823,7 +1843,7 @@
 	out = dup(STDOUT_FILENO);
 	err = dup(STDERR_FILENO);
 
-	if (in < 0 || out < 0 || err < 0)
+	if (in == -1 || out == -1 || err == -1)
 		fatal("dup() in/out/err failed");
 
 	/* enable nonblocking unless tty */
@@ -1858,7 +1878,7 @@
 static int
 ssh_session2(struct ssh *ssh, struct passwd *pw)
 {
-	int devnull, id = -1;
+	int r, devnull, id = -1;
 	char *cp, *tun_fwd_ifname = NULL;
 
 	/* XXX should be pre-session */
@@ -1888,7 +1908,7 @@
 	}
 
 	/* Start listening for multiplex clients */
-	if (!packet_get_mux())
+	if (!ssh_packet_get_mux(ssh))
 		muxserver_listen(ssh);
 
 	/*
@@ -1922,7 +1942,7 @@
 	if (!no_shell_flag)
 		id = ssh_session2_open(ssh);
 	else {
-		packet_set_interactive(
+		ssh_packet_set_interactive(ssh,
 		    options.control_master == SSHCTL_MASTER_NO,
 		    options.ip_qos_interactive, options.ip_qos_bulk);
 	}
@@ -1931,10 +1951,12 @@
 	if (options.control_master == SSHCTL_MASTER_NO &&
 	    (datafellows & SSH_NEW_OPENSSH)) {
 		debug("Requesting no-more-sessions@openssh.com");
-		packet_start(SSH2_MSG_GLOBAL_REQUEST);
-		packet_put_cstring("no-more-sessions@openssh.com");
-		packet_put_char(0);
-		packet_send();
+		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
+		    (r = sshpkt_put_cstring(ssh,
+		    "no-more-sessions@openssh.com")) != 0 ||
+		    (r = sshpkt_put_u8(ssh, 0)) != 0 ||
+		    (r = sshpkt_send(ssh)) != 0)
+			fatal("%s: %s", __func__, ssh_err(r));
 	}
 
 	/* Execute a local command */
@@ -1952,7 +1974,7 @@
 		if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1)
 			error("%s: open %s: %s", __func__,
 			    _PATH_DEVNULL, strerror(errno));
-		if (dup2(devnull, STDOUT_FILENO) < 0)
+		if (dup2(devnull, STDOUT_FILENO) == -1)
 			fatal("%s: dup2() stdout failed", __func__);
 		if (devnull > STDERR_FILENO)
 			close(devnull);
@@ -2139,7 +2161,7 @@
 	int status;
 
 	while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
-	    (pid < 0 && errno == EINTR))
+	    (pid == -1 && errno == EINTR))
 		;
 	errno = save_errno;
 }
Index: ssh_api.c
===================================================================
--- ssh_api.c
+++ ssh_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.8 2017/04/30 23:13:25 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.18 2019/09/13 04:36:43 dtucker Exp $ */
 /*
  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
  *
@@ -17,6 +17,11 @@
 
 #include "includes.h"
 
+#include <sys/types.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+
 #include "ssh_api.h"
 #include "compat.h"
 #include "log.h"
@@ -29,17 +34,19 @@
 #include "ssherr.h"
 #include "sshbuf.h"
 
+#include "openbsd-compat/openssl-compat.h"
+
 #include <string.h>
 
 int	_ssh_exchange_banner(struct ssh *);
-int	_ssh_send_banner(struct ssh *, char **);
-int	_ssh_read_banner(struct ssh *, char **);
+int	_ssh_send_banner(struct ssh *, struct sshbuf *);
+int	_ssh_read_banner(struct ssh *, struct sshbuf *);
 int	_ssh_order_hostkeyalgs(struct ssh *);
 int	_ssh_verify_host_key(struct sshkey *, struct ssh *);
 struct sshkey *_ssh_host_public_key(int, int, struct ssh *);
 struct sshkey *_ssh_host_private_key(int, int, struct ssh *);
-int	_ssh_host_key_sign(struct sshkey *, struct sshkey *,
-    u_char **, size_t *, const u_char *, size_t, const char *, u_int);
+int	_ssh_host_key_sign(struct ssh *, struct sshkey *, struct sshkey *,
+    u_char **, size_t *, const u_char *, size_t, const char *);
 
 /*
  * stubs for the server side implementation of kex.
@@ -48,7 +55,10 @@
 int	use_privsep = 0;
 int	mm_sshkey_sign(struct sshkey *, u_char **, u_int *,
     u_char *, u_int, char *, u_int);
+
+#ifdef WITH_OPENSSL
 DH	*mm_choose_dh(int, int, int);
+#endif
 
 /* Define these two variables here so that they are part of the library */
 u_char *session_id2 = NULL;
@@ -61,11 +71,13 @@
 	return (-1);
 }
 
+#ifdef WITH_OPENSSL
 DH *
 mm_choose_dh(int min, int nbits, int max)
 {
 	return (NULL);
 }
+#endif
 
 /* API */
 
@@ -79,9 +91,7 @@
 	int r;
 
 	if (!called) {
-#ifdef WITH_OPENSSL
-		OpenSSL_add_all_algorithms();
-#endif /* WITH_OPENSSL */
+		seed_rng();
 		called = 1;
 	}
 
@@ -92,42 +102,44 @@
 
 	/* Initialize key exchange */
 	proposal = kex_params ? kex_params->proposal : myproposal;
-	if ((r = kex_new(ssh, proposal, &ssh->kex)) != 0) {
+	if ((r = kex_ready(ssh, proposal)) != 0) {
 		ssh_free(ssh);
 		return r;
 	}
 	ssh->kex->server = is_server;
 	if (is_server) {
 #ifdef WITH_OPENSSL
-		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
-		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
-		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
-		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
-		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
+		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
+		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
+		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
+		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
+		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 # ifdef OPENSSL_HAS_ECC
-		ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
 # endif
 #endif /* WITH_OPENSSL */
-		ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
+		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
+		ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
 		ssh->kex->load_host_public_key=&_ssh_host_public_key;
 		ssh->kex->load_host_private_key=&_ssh_host_private_key;
 		ssh->kex->sign=&_ssh_host_key_sign;
 	} else {
 #ifdef WITH_OPENSSL
-		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
-		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
-		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
-		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
-		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
+		ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
+		ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
+		ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
+		ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
+		ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
 		ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
 		ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
 # ifdef OPENSSL_HAS_ECC
-		ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+		ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
 # endif
 #endif /* WITH_OPENSSL */
-		ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
+		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
+		ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
 		ssh->kex->verify_host_key =&_ssh_verify_host_key;
 	}
 	*sshp = ssh;
@@ -236,8 +248,8 @@
 	 * enough data.
 	 */
 	*typep = SSH_MSG_NONE;
-	if (ssh->kex->client_version_string == NULL ||
-	    ssh->kex->server_version_string == NULL)
+	if (sshbuf_len(ssh->kex->client_version) == 0 ||
+	    sshbuf_len(ssh->kex->server_version) == 0)
 		return _ssh_exchange_banner(ssh);
 	/*
 	 * If we enough data and a dispatch function then
@@ -312,39 +324,44 @@
 
 /* Read other side's version identification. */
 int
-_ssh_read_banner(struct ssh *ssh, char **bannerp)
+_ssh_read_banner(struct ssh *ssh, struct sshbuf *banner)
 {
-	struct sshbuf *input;
-	const char *s;
-	char buf[256], remote_version[256];	/* must be same size! */
+	struct sshbuf *input = ssh_packet_get_input(ssh);
 	const char *mismatch = "Protocol mismatch.\r\n";
-	int r, remote_major, remote_minor;
-	size_t i, n, j, len;
+	const u_char *s = sshbuf_ptr(input);
+	u_char c;
+	char *cp = NULL, *remote_version = NULL;
+	int r = 0, remote_major, remote_minor, expect_nl;
+	size_t n, j;
 
-	*bannerp = NULL;
-	input = ssh_packet_get_input(ssh);
-	len = sshbuf_len(input);
-	s = (const char *)sshbuf_ptr(input);
 	for (j = n = 0;;) {
-		for (i = 0; i < sizeof(buf) - 1; i++) {
-			if (j >= len)
-				return (0);
-			buf[i] = s[j++];
-			if (buf[i] == '\r') {
-				buf[i] = '\n';
-				buf[i + 1] = 0;
-				continue;		/**XXX wait for \n */
+		sshbuf_reset(banner);
+		expect_nl = 0;
+		for (;;) {
+			if (j >= sshbuf_len(input))
+				return 0; /* insufficient data in input buf */
+			c = s[j++];
+			if (c == '\r') {
+				expect_nl = 1;
+				continue;
 			}
-			if (buf[i] == '\n') {
-				buf[i + 1] = 0;
+			if (c == '\n')
 				break;
-			}
+			if (expect_nl)
+				goto bad;
+			if ((r = sshbuf_put_u8(banner, c)) != 0)
+				return r;
+			if (sshbuf_len(banner) > SSH_MAX_BANNER_LEN)
+				goto bad;
 		}
-		buf[sizeof(buf) - 1] = 0;
-		if (strncmp(buf, "SSH-", 4) == 0)
+		if (sshbuf_len(banner) >= 4 &&
+		    memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0)
 			break;
-		debug("ssh_exchange_identification: %s", buf);
-		if (ssh->kex->server || ++n > 65536) {
+		debug("%s: %.*s", __func__, (int)sshbuf_len(banner),
+		    sshbuf_ptr(banner));
+		/* Accept lines before banner only on client */
+		if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) {
+  bad:
 			if ((r = sshbuf_put(ssh_packet_get_output(ssh),
 			   mismatch, strlen(mismatch))) != 0)
 				return r;
@@ -354,13 +371,22 @@
 	if ((r = sshbuf_consume(input, j)) != 0)
 		return r;
 
+	/* XXX remote version must be the same size as banner for sscanf */
+	if ((cp = sshbuf_dup_string(banner)) == NULL ||
+	    (remote_version = calloc(1, sshbuf_len(banner))) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+
 	/*
 	 * Check that the versions match.  In future this might accept
 	 * several versions and set appropriate flags to handle them.
 	 */
-	if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
-	    &remote_major, &remote_minor, remote_version) != 3)
-		return SSH_ERR_INVALID_FORMAT;
+	if (sscanf(cp, "SSH-%d.%d-%[^\n]\n",
+	    &remote_major, &remote_minor, remote_version) != 3) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
 	debug("Remote protocol version %d.%d, remote software version %.100s",
 	    remote_major, remote_minor, remote_version);
 
@@ -370,28 +396,33 @@
 		remote_minor = 0;
 	}
 	if (remote_major != 2)
-		return SSH_ERR_PROTOCOL_MISMATCH;
-	chop(buf);
-	debug("Remote version string %.100s", buf);
-	if ((*bannerp = strdup(buf)) == NULL)
-		return SSH_ERR_ALLOC_FAIL;
-	return 0;
+		r = SSH_ERR_PROTOCOL_MISMATCH;
+
+	debug("Remote version string %.100s", cp);
+ out:
+	free(cp);
+	free(remote_version);
+	return r;
 }
 
 /* Send our own protocol version identification. */
 int
-_ssh_send_banner(struct ssh *ssh, char **bannerp)
+_ssh_send_banner(struct ssh *ssh, struct sshbuf *banner)
 {
-	char buf[256];
+	char *cp;
 	int r;
 
-	snprintf(buf, sizeof buf, "SSH-2.0-%.100s\r\n", SSH_VERSION);
-	if ((r = sshbuf_put(ssh_packet_get_output(ssh), buf, strlen(buf))) != 0)
+	if ((r = sshbuf_putf(banner, "SSH-2.0-%.100s\r\n", SSH_VERSION)) != 0)
 		return r;
-	chop(buf);
-	debug("Local version string %.100s", buf);
-	if ((*bannerp = strdup(buf)) == NULL)
+	if ((r = sshbuf_putb(ssh_packet_get_output(ssh), banner)) != 0)
+		return r;
+	/* Remove trailing \r\n */
+	if ((r = sshbuf_consume_end(banner, 2)) != 0)
+		return r;
+	if ((cp = sshbuf_dup_string(banner)) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
+	debug("Local version string %.100s", cp);
+	free(cp);
 	return 0;
 }
 
@@ -408,25 +439,25 @@
 
 	r = 0;
 	if (kex->server) {
-		if (kex->server_version_string == NULL)
-			r = _ssh_send_banner(ssh, &kex->server_version_string);
+		if (sshbuf_len(ssh->kex->server_version) == 0)
+			r = _ssh_send_banner(ssh, ssh->kex->server_version);
 		if (r == 0 &&
-		    kex->server_version_string != NULL &&
-		    kex->client_version_string == NULL)
-			r = _ssh_read_banner(ssh, &kex->client_version_string);
+		    sshbuf_len(ssh->kex->server_version) != 0 &&
+		    sshbuf_len(ssh->kex->client_version) == 0)
+			r = _ssh_read_banner(ssh, ssh->kex->client_version);
 	} else {
-		if (kex->server_version_string == NULL)
-			r = _ssh_read_banner(ssh, &kex->server_version_string);
+		if (sshbuf_len(ssh->kex->server_version) == 0)
+			r = _ssh_read_banner(ssh, ssh->kex->server_version);
 		if (r == 0 &&
-		    kex->server_version_string != NULL &&
-		    kex->client_version_string == NULL)
-			r = _ssh_send_banner(ssh, &kex->client_version_string);
+		    sshbuf_len(ssh->kex->server_version) != 0 &&
+		    sshbuf_len(ssh->kex->client_version) == 0)
+			r = _ssh_send_banner(ssh, ssh->kex->client_version);
 	}
 	if (r != 0)
 		return r;
 	/* start initial kex as soon as we have exchanged the banners */
-	if (kex->server_version_string != NULL &&
-	    kex->client_version_string != NULL) {
+	if (sshbuf_len(ssh->kex->server_version) != 0 &&
+	    sshbuf_len(ssh->kex->client_version) != 0) {
 		if ((r = _ssh_order_hostkeyalgs(ssh)) != 0 ||
 		    (r = kex_send_kexinit(ssh)) != 0)
 			return r;
@@ -532,9 +563,10 @@
 }
 
 int
-_ssh_host_key_sign(struct sshkey *privkey, struct sshkey *pubkey,
-    u_char **signature, size_t *slen, const u_char *data, size_t dlen,
-    const char *alg, u_int compat)
+_ssh_host_key_sign(struct ssh *ssh, struct sshkey *privkey,
+    struct sshkey *pubkey, u_char **signature, size_t *slen,
+    const u_char *data, size_t dlen, const char *alg)
 {
-	return sshkey_sign(privkey, signature, slen, data, dlen, alg, compat);
+	return sshkey_sign(privkey, signature, slen, data, dlen,
+	    alg, ssh->compat);
 }
Index: ssh_config
===================================================================
--- ssh_config
+++ ssh_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh_config,v 1.33 2017/05/07 23:12:57 djm Exp $
+#	$OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -34,7 +34,6 @@
 #   IdentityFile ~/.ssh/id_ecdsa
 #   IdentityFile ~/.ssh/id_ed25519
 #   Port 22
-#   Protocol 2
 #   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
 #   MACs hmac-md5,hmac-sha1,umac-64@openssh.com
 #   EscapeChar ~
Index: ssh_config.0
===================================================================
--- ssh_config.0
+++ ssh_config.0
@@ -54,23 +54,29 @@
              Match keyword) to be used only when the conditions following the
              Match keyword are satisfied.  Match conditions are specified
              using one or more criteria or the single token all which always
-             matches.  The available criteria keywords are: canonical, exec,
-             host, originalhost, user, and localuser.  The all criteria must
-             appear alone or immediately after canonical.  Other criteria may
-             be combined arbitrarily.  All criteria but all and canonical
-             require an argument.  Criteria may be negated by prepending an
-             exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y).
+             matches.  The available criteria keywords are: canonical, final,
+             exec, host, originalhost, user, and localuser.  The all criteria
+             must appear alone or immediately after canonical or final.  Other
+             criteria may be combined arbitrarily.  All criteria but all,
+             canonical, and final require an argument.  Criteria may be
+             negated by prepending an exclamation mark (M-bM-^@M-^X!M-bM-^@M-^Y).
 
              The canonical keyword matches only when the configuration file is
              being re-parsed after hostname canonicalization (see the
-             CanonicalizeHostname option.)  This may be useful to specify
-             conditions that work with canonical host names only.  The exec
-             keyword executes the specified command under the user's shell.
-             If the command returns a zero exit status then the condition is
-             considered true.  Commands containing whitespace characters must
-             be quoted.  Arguments to exec accept the tokens described in the
-             TOKENS section.
+             CanonicalizeHostname option).  This may be useful to specify
+             conditions that work with canonical host names only.
 
+             The final keyword requests that the configuration be re-parsed
+             (regardless of whether CanonicalizeHostname is enabled), and
+             matches only during this final pass.  If CanonicalizeHostname is
+             enabled, then canonical and final match during the same pass.
+
+             The exec keyword executes the specified command under the user's
+             shell.  If the command returns a zero exit status then the
+             condition is considered true.  Commands containing whitespace
+             characters must be quoted.  Arguments to exec accept the tokens
+             described in the TOKENS section.
+
              The other keywords' criteria must be single entries or comma-
              separated lists and may use the wildcard and negation operators
              described in the PATTERNS section.  The criteria for the host
@@ -165,7 +171,7 @@
              Specifies which algorithms are allowed for signing of
              certificates by certificate authorities (CAs).  The default is:
 
-                   ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+                   ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
                    ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 
              ssh(1) will not accept host certificates signed using algorithms
@@ -200,12 +206,14 @@
 
      Ciphers
              Specifies the ciphers allowed and their order of preference.
-             Multiple ciphers must be comma-separated.  If the specified value
+             Multiple ciphers must be comma-separated.  If the specified list
              begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified ciphers will be
              appended to the default set instead of replacing them.  If the
-             specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
+             specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
              ciphers (including wildcards) will be removed from the default
-             set instead of replacing them.
+             set instead of replacing them.  If the specified list begins with
+             a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified ciphers will be placed at the
+             head of the default set.
 
              The supported ciphers are:
 
@@ -249,8 +257,9 @@
      ConnectTimeout
              Specifies the timeout (in seconds) used when connecting to the
              SSH server, instead of using the default system TCP timeout.
-             This value is used only when the target is down or really
-             unreachable, not when it refuses the connection.
+             This timeout is applied both to establishing the connection and
+             to performing the initial SSH protocol handshake and key
+             exchange.
 
      ControlMaster
              Enables the sharing of multiple sessions over a single network
@@ -439,12 +448,14 @@
      HostbasedKeyTypes
              Specifies the key types that will be used for hostbased
              authentication as a comma-separated list of patterns.
-             Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
+             Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
              then the specified key types will be appended to the default set
-             instead of replacing them.  If the specified value begins with a
+             instead of replacing them.  If the specified list begins with a
              M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards)
              will be removed from the default set instead of replacing them.
-             The default for this option is:
+             If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the
+             specified key types will be placed at the head of the default
+             set.  The default for this option is:
 
                 ecdsa-sha2-nistp256-cert-v01@openssh.com,
                 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -459,12 +470,14 @@
 
      HostKeyAlgorithms
              Specifies the host key algorithms that the client wants to use in
-             order of preference.  Alternately if the specified value begins
+             order of preference.  Alternately if the specified list begins
              with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified key types will be
              appended to the default set instead of replacing them.  If the
-             specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
+             specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
              key types (including wildcards) will be removed from the default
-             set instead of replacing them.  The default for this option is:
+             set instead of replacing them.  If the specified list begins with
+             a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified key types will be placed at
+             the head of the default set.  The default for this option is:
 
                 ecdsa-sha2-nistp256-cert-v01@openssh.com,
                 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -488,19 +501,20 @@
              option is useful for tunneling SSH connections or for multiple
              servers running on a single host.
 
-     HostName
+     Hostname
              Specifies the real host name to log into.  This can be used to
              specify nicknames or abbreviations for hosts.  Arguments to
-             HostName accept the tokens described in the TOKENS section.
+             Hostname accept the tokens described in the TOKENS section.
              Numeric IP addresses are also permitted (both on the command line
-             and in HostName specifications).  The default is the name given
+             and in Hostname specifications).  The default is the name given
              on the command line.
 
      IdentitiesOnly
-             Specifies that ssh(1) should only use the authentication identity
-             and certificate files explicitly configured in the ssh_config
-             files or passed on the ssh(1) command-line, even if ssh-agent(1)
-             or a PKCS11Provider offers more identities.  The argument to this
+             Specifies that ssh(1) should only use the configured
+             authentication identity and certificate files (either the default
+             files, or those explicitly configured in the ssh_config files or
+             passed on the ssh(1) command-line), even if ssh-agent(1) or a
+             PKCS11Provider offers more identities.  The argument to this
              keyword must be yes or no (the default).  This option is intended
              for situations where ssh-agent offers many different identities.
 
@@ -591,19 +605,20 @@
 
      KexAlgorithms
              Specifies the available KEX (Key Exchange) algorithms.  Multiple
-             algorithms must be comma-separated.  Alternately if the specified
-             value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
-             will be appended to the default set instead of replacing them.
-             If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
-             specified methods (including wildcards) will be removed from the
-             default set instead of replacing them.  The default is:
+             algorithms must be comma-separated.  If the specified list begins
+             with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will be appended
+             to the default set instead of replacing them.  If the specified
+             list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified methods
+             (including wildcards) will be removed from the default set
+             instead of replacing them.  If the specified list begins with a
+             M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified methods will be placed at the
+             head of the default set.  The default is:
 
                    curve25519-sha256,curve25519-sha256@libssh.org,
                    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                    diffie-hellman-group-exchange-sha256,
                    diffie-hellman-group16-sha512,
                    diffie-hellman-group18-sha512,
-                   diffie-hellman-group-exchange-sha1,
                    diffie-hellman-group14-sha256,
                    diffie-hellman-group14-sha1
 
@@ -650,12 +665,14 @@
      MACs    Specifies the MAC (message authentication code) algorithms in
              order of preference.  The MAC algorithm is used for data
              integrity protection.  Multiple algorithms must be comma-
-             separated.  If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
+             separated.  If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
              then the specified algorithms will be appended to the default set
-             instead of replacing them.  If the specified value begins with a
+             instead of replacing them.  If the specified list begins with a
              M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including
              wildcards) will be removed from the default set instead of
-             replacing them.
+             replacing them.  If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y
+             character, then the specified algorithms will be placed at the
+             head of the default set.
 
              The algorithms that contain "-etm" calculate the MAC after
              encryption (encrypt-then-mac).  These are considered safer and
@@ -690,10 +707,11 @@
              be yes or no (the default).
 
      PKCS11Provider
-             Specifies which PKCS#11 provider to use.  The argument to this
-             keyword is the PKCS#11 shared library ssh(1) should use to
-             communicate with a PKCS#11 token providing the user's private RSA
-             key.
+             Specifies which PKCS#11 provider to use or none to indicate that
+             no provider should be used (the default).  The argument to this
+             keyword is a path to the PKCS#11 shared library ssh(1) should use
+             to communicate with a PKCS#11 token providing keys for user
+             authentication.
 
      Port    Specifies the port number to connect on the remote host.  The
              default is 22.
@@ -718,7 +736,7 @@
              should read from its standard input and write to its standard
              output.  It should eventually connect an sshd(8) server running
              on some machine, or execute sshd -i somewhere.  Host key
-             management will be done using the HostName of the host being
+             management will be done using the Hostname of the host being
              connected (defaulting to the name typed by the user).  Setting
              the command to none disables this option entirely.  Note that
              CheckHostIP is not available for connects with a proxy command.
@@ -741,6 +759,11 @@
              whichever is specified first will prevent later instances of the
              other from taking effect.
 
+             Note also that the configuration for the destination host (either
+             supplied via the command-line or the configuration file) is not
+             generally applied to jump hosts.  ~/.ssh/config should be used if
+             specific configuration is required for jump hosts.
+
      ProxyUseFdpass
              Specifies that ProxyCommand will pass a connected file descriptor
              back to ssh(1) instead of continuing to execute and pass data.
@@ -748,13 +771,15 @@
 
      PubkeyAcceptedKeyTypes
              Specifies the key types that will be used for public key
-             authentication as a comma-separated list of patterns.
-             Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
-             then the key types after it will be appended to the default
-             instead of replacing it.  If the specified value begins with a
-             M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards)
-             will be removed from the default set instead of replacing them.
-             The default for this option is:
+             authentication as a comma-separated list of patterns.  If the
+             specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the key types
+             after it will be appended to the default instead of replacing it.
+             If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
+             specified key types (including wildcards) will be removed from
+             the default set instead of replacing them.  If the specified list
+             begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified key types will be
+             placed at the head of the default set.  The default for this
+             option is:
 
                 ecdsa-sha2-nistp256-cert-v01@openssh.com,
                 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -865,7 +890,7 @@
              therefore will not be spoofable.  The TCP keepalive option
              enabled by TCPKeepAlive is spoofable.  The server alive mechanism
              is valuable when the client or server depend on knowing when a
-             connection has become inactive.
+             connection has become unresponsive.
 
              The default value is 3.  If, for example, ServerAliveInterval
              (see below) is set to 15 and ServerAliveCountMax is left at the
@@ -1069,7 +1094,7 @@
      ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and
      %u.
 
-     HostName accepts the tokens %% and %h.
+     Hostname accepts the tokens %% and %h.
 
      IdentityAgent and IdentityFile accept the tokens %%, %d, %h, %i, %l, %r,
      and %u.
@@ -1077,7 +1102,7 @@
      LocalCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T,
      and %u.
 
-     ProxyCommand accepts the tokens %%, %h, %p, and %r.
+     ProxyCommand accepts the tokens %%, %h, %n, %p, and %r.
 
      RemoteCommand accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and
      %u.
@@ -1087,8 +1112,7 @@
              This is the per-user configuration file.  The format of this file
              is described above.  This file is used by the SSH client.
              Because of the potential for abuse, this file must have strict
-             permissions: read/write for the user, and not accessible by
-             others.
+             permissions: read/write for the user, and not writable by others.
 
      /etc/ssh/ssh_config
              Systemwide configuration file.  This file provides defaults for
@@ -1106,4 +1130,4 @@
      created OpenSSH.  Markus Friedl contributed the support for SSH protocol
      versions 1.5 and 2.0.
 
-OpenBSD 6.4                     October 3, 2018                    OpenBSD 6.4
+OpenBSD 6.6                   September 13, 2019                   OpenBSD 6.6
Index: ssh_config.5
===================================================================
--- ssh_config.5
+++ ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.286 2018/10/03 06:38:35 djm Exp $
-.Dd $Mdocdate: October 3 2018 $
+.\" $OpenBSD: ssh_config.5,v 1.304 2019/09/13 04:52:34 djm Exp $
+.Dd $Mdocdate: September 13 2019 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -139,6 +139,7 @@
 which always matches.
 The available criteria keywords are:
 .Cm canonical ,
+.Cm final ,
 .Cm exec ,
 .Cm host ,
 .Cm originalhost ,
@@ -148,12 +149,15 @@
 The
 .Cm all
 criteria must appear alone or immediately after
-.Cm canonical .
+.Cm canonical
+or
+.Cm final .
 Other criteria may be combined arbitrarily.
 All criteria but
-.Cm all
+.Cm all ,
+.Cm canonical ,
 and
-.Cm canonical
+.Cm final
 require an argument.
 Criteria may be negated by prepending an exclamation mark
 .Pq Sq !\& .
@@ -163,10 +167,24 @@
 keyword matches only when the configuration file is being re-parsed
 after hostname canonicalization (see the
 .Cm CanonicalizeHostname
-option.)
+option).
 This may be useful to specify conditions that work with canonical host
 names only.
+.Pp
 The
+.Cm final
+keyword requests that the configuration be re-parsed (regardless of whether
+.Cm CanonicalizeHostname
+is enabled), and matches only during this final pass.
+If
+.Cm CanonicalizeHostname
+is enabled, then
+.Cm canonical
+and
+.Cm final
+match during the same pass.
+.Pp
+The
 .Cm exec
 keyword executes the specified command under the user's shell.
 If the command returns a zero exit status then the condition is considered true.
@@ -343,7 +361,7 @@
 by certificate authorities (CAs).
 The default is:
 .Bd -literal -offset indent
-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
@@ -404,14 +422,18 @@
 .It Cm Ciphers
 Specifies the ciphers allowed and their order of preference.
 Multiple ciphers must be comma-separated.
-If the specified value begins with a
+If the specified list begins with a
 .Sq +
 character, then the specified ciphers will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified ciphers (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified ciphers will be placed at the head of the
+default set.
 .Pp
 The supported ciphers are:
 .Bd -literal -offset indent
@@ -467,8 +489,8 @@
 .It Cm ConnectTimeout
 Specifies the timeout (in seconds) used when connecting to the
 SSH server, instead of using the default system TCP timeout.
-This value is used only when the target is down or really unreachable,
-not when it refuses the connection.
+This timeout is applied both to establishing the connection and to performing
+the initial SSH protocol handshake and key exchange.
 .It Cm ControlMaster
 Enables the sharing of multiple sessions over a single network connection.
 When set to
@@ -768,14 +790,18 @@
 .It Cm HostbasedKeyTypes
 Specifies the key types that will be used for hostbased authentication
 as a comma-separated list of patterns.
-Alternately if the specified value begins with a
+Alternately if the specified list begins with a
 .Sq +
 character, then the specified key types will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified key types will be placed at the head of the
+default set.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -796,14 +822,18 @@
 .It Cm HostKeyAlgorithms
 Specifies the host key algorithms
 that the client wants to use in order of preference.
-Alternately if the specified value begins with a
+Alternately if the specified list begins with a
 .Sq +
 character, then the specified key types will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified key types will be placed at the head of the
+default set.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -827,28 +857,28 @@
 in the host key database files and when validating host certificates.
 This option is useful for tunneling SSH connections
 or for multiple servers running on a single host.
-.It Cm HostName
+.It Cm Hostname
 Specifies the real host name to log into.
 This can be used to specify nicknames or abbreviations for hosts.
 Arguments to
-.Cm HostName
+.Cm Hostname
 accept the tokens described in the
 .Sx TOKENS
 section.
 Numeric IP addresses are also permitted (both on the command line and in
-.Cm HostName
+.Cm Hostname
 specifications).
 The default is the name given on the command line.
 .It Cm IdentitiesOnly
 Specifies that
 .Xr ssh 1
-should only use the authentication identity and certificate files explicitly
-configured in the
+should only use the configured authentication identity and certificate files
+(either the default files, or those explicitly configured in the
 .Nm
 files
 or passed on the
 .Xr ssh 1
-command-line,
+command-line),
 even if
 .Xr ssh-agent 1
 or a
@@ -1025,14 +1055,18 @@
 .It Cm KexAlgorithms
 Specifies the available KEX (Key Exchange) algorithms.
 Multiple algorithms must be comma-separated.
-Alternately if the specified value begins with a
+If the specified list begins with a
 .Sq +
 character, then the specified methods will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified methods (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified methods will be placed at the head of the
+default set.
 The default is:
 .Bd -literal -offset indent
 curve25519-sha256,curve25519-sha256@libssh.org,
@@ -1040,7 +1074,6 @@
 diffie-hellman-group-exchange-sha256,
 diffie-hellman-group16-sha512,
 diffie-hellman-group18-sha512,
-diffie-hellman-group-exchange-sha1,
 diffie-hellman-group14-sha256,
 diffie-hellman-group14-sha1
 .Ed
@@ -1107,14 +1140,18 @@
 in order of preference.
 The MAC algorithm is used for data integrity protection.
 Multiple algorithms must be comma-separated.
-If the specified value begins with a
+If the specified list begins with a
 .Sq +
 character, then the specified algorithms will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified algorithms (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified algorithms will be placed at the head of the
+default set.
 .Pp
 The algorithms that contain
 .Qq -etm
@@ -1163,11 +1200,13 @@
 .Cm no
 (the default).
 .It Cm PKCS11Provider
-Specifies which PKCS#11 provider to use.
-The argument to this keyword is the PKCS#11 shared library
+Specifies which PKCS#11 provider to use or
+.Cm none
+to indicate that no provider should be used (the default).
+The argument to this keyword is a path to the PKCS#11 shared library
 .Xr ssh 1
-should use to communicate with a PKCS#11 token providing the user's
-private RSA key.
+should use to communicate with a PKCS#11 token providing keys for user
+authentication.
 .It Cm Port
 Specifies the port number to connect on the remote host.
 The default is 22.
@@ -1203,8 +1242,8 @@
 .Ic sshd -i
 somewhere.
 Host key management will be done using the
-HostName of the host being connected (defaulting to the name typed by
-the user).
+.Cm Hostname
+of the host being connected (defaulting to the name typed by the user).
 Setting the command to
 .Cm none
 disables this option entirely.
@@ -1245,6 +1284,12 @@
 .Cm ProxyCommand
 option - whichever is specified first will prevent later instances of the
 other from taking effect.
+.Pp
+Note also that the configuration for the destination host (either supplied
+via the command-line or the configuration file) is not generally applied
+to jump hosts.
+.Pa ~/.ssh/config
+should be used if specific configuration is required for jump hosts.
 .It Cm ProxyUseFdpass
 Specifies that
 .Cm ProxyCommand
@@ -1256,14 +1301,18 @@
 .It Cm PubkeyAcceptedKeyTypes
 Specifies the key types that will be used for public key authentication
 as a comma-separated list of patterns.
-Alternately if the specified value begins with a
+If the specified list begins with a
 .Sq +
 character, then the key types after it will be appended to the default
 instead of replacing it.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified key types will be placed at the head of the
+default set.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -1301,9 +1350,7 @@
 .Sq 4G ,
 depending on the cipher.
 The optional second value is specified in seconds and may use any of the
-units documented in the
-.Sx TIME FORMATS
-section of
+units documented in the TIME FORMATS section of
 .Xr sshd_config 5 .
 The default value for
 .Cm RekeyLimit
@@ -1437,7 +1484,7 @@
 .Cm TCPKeepAlive
 is spoofable.
 The server alive mechanism is valuable when the client or
-server depend on knowing when a connection has become inactive.
+server depend on knowing when a connection has become unresponsive.
 .Pp
 The default value is 3.
 If, for example,
@@ -1762,7 +1809,7 @@
 .Cm ControlPath
 accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.
 .Pp
-.Cm HostName
+.Cm Hostname
 accepts the tokens %% and %h.
 .Pp
 .Cm IdentityAgent
@@ -1774,7 +1821,7 @@
 accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, %T, and %u.
 .Pp
 .Cm ProxyCommand
-accepts the tokens %%, %h, %p, and %r.
+accepts the tokens %%, %h, %n, %p, and %r.
 .Pp
 .Cm RemoteCommand
 accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u.
@@ -1785,7 +1832,7 @@
 The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
-read/write for the user, and not accessible by others.
+read/write for the user, and not writable by others.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
 This file provides defaults for those
Index: sshbuf-getput-basic.c
===================================================================
--- sshbuf-getput-basic.c
+++ sshbuf-getput-basic.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-getput-basic.c,v 1.7 2017/06/01 04:51:58 djm Exp $	*/
+/*	$OpenBSD: sshbuf-getput-basic.c,v 1.9 2019/09/06 04:53:27 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -24,6 +24,9 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
 
 #include "ssherr.h"
 #include "sshbuf.h"
@@ -93,7 +96,94 @@
 	return 0;
 }
 
+static int
+check_offset(const struct sshbuf *buf, int wr, size_t offset, size_t len)
+{
+	if (sshbuf_ptr(buf) == NULL) /* calls sshbuf_check_sanity() */
+		return SSH_ERR_INTERNAL_ERROR;
+	if (offset >= SIZE_MAX - len)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (offset + len > sshbuf_len(buf)) {
+		return wr ?
+		    SSH_ERR_NO_BUFFER_SPACE : SSH_ERR_MESSAGE_INCOMPLETE;
+	}
+	return 0;
+}
+
+static int
+check_roffset(const struct sshbuf *buf, size_t offset, size_t len,
+    const u_char **p)
+{
+	int r;
+
+	*p = NULL;
+	if ((r = check_offset(buf, 0, offset, len)) != 0)
+		return r;
+	*p = sshbuf_ptr(buf) + offset;
+	return 0;
+}
+
 int
+sshbuf_peek_u64(const struct sshbuf *buf, size_t offset, u_int64_t *valp)
+{
+	const u_char *p = NULL;
+	int r;
+
+	if (valp != NULL)
+		*valp = 0;
+	if ((r = check_roffset(buf, offset, 8, &p)) != 0)
+		return r;
+	if (valp != NULL)
+		*valp = PEEK_U64(p);
+	return 0;
+}
+
+int
+sshbuf_peek_u32(const struct sshbuf *buf, size_t offset, u_int32_t *valp)
+{
+	const u_char *p = NULL;
+	int r;
+
+	if (valp != NULL)
+		*valp = 0;
+	if ((r = check_roffset(buf, offset, 4, &p)) != 0)
+		return r;
+	if (valp != NULL)
+		*valp = PEEK_U32(p);
+	return 0;
+}
+
+int
+sshbuf_peek_u16(const struct sshbuf *buf, size_t offset, u_int16_t *valp)
+{
+	const u_char *p = NULL;
+	int r;
+
+	if (valp != NULL)
+		*valp = 0;
+	if ((r = check_roffset(buf, offset, 2, &p)) != 0)
+		return r;
+	if (valp != NULL)
+		*valp = PEEK_U16(p);
+	return 0;
+}
+
+int
+sshbuf_peek_u8(const struct sshbuf *buf, size_t offset, u_char *valp)
+{
+	const u_char *p = NULL;
+	int r;
+
+	if (valp != NULL)
+		*valp = 0;
+	if ((r = check_roffset(buf, offset, 1, &p)) != 0)
+		return r;
+	if (valp != NULL)
+		*valp = *p;
+	return 0;
+}
+
+int
 sshbuf_get_string(struct sshbuf *buf, u_char **valp, size_t *lenp)
 {
 	const u_char *val;
@@ -341,6 +431,80 @@
 	if ((r = sshbuf_reserve(buf, 1, &p)) < 0)
 		return r;
 	p[0] = val;
+	return 0;
+}
+
+static int
+check_woffset(struct sshbuf *buf, size_t offset, size_t len, u_char **p)
+{
+	int r;
+
+	*p = NULL;
+	if ((r = check_offset(buf, 1, offset, len)) != 0)
+		return r;
+	if (sshbuf_mutable_ptr(buf) == NULL)
+		return SSH_ERR_BUFFER_READ_ONLY;
+	*p = sshbuf_mutable_ptr(buf) + offset;
+	return 0;
+}
+
+int
+sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val)
+{
+	u_char *p = NULL;
+	int r;
+
+	if ((r = check_woffset(buf, offset, 8, &p)) != 0)
+		return r;
+	POKE_U64(p, val);
+	return 0;
+}
+
+int
+sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val)
+{
+	u_char *p = NULL;
+	int r;
+
+	if ((r = check_woffset(buf, offset, 4, &p)) != 0)
+		return r;
+	POKE_U32(p, val);
+	return 0;
+}
+
+int
+sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val)
+{
+	u_char *p = NULL;
+	int r;
+
+	if ((r = check_woffset(buf, offset, 2, &p)) != 0)
+		return r;
+	POKE_U16(p, val);
+	return 0;
+}
+
+int
+sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val)
+{
+	u_char *p = NULL;
+	int r;
+
+	if ((r = check_woffset(buf, offset, 1, &p)) != 0)
+		return r;
+	*p = val;
+	return 0;
+}
+
+int
+sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len)
+{
+	u_char *p = NULL;
+	int r;
+
+	if ((r = check_woffset(buf, offset, len, &p)) != 0)
+		return r;
+	memcpy(p, v, len);
 	return 0;
 }
 
Index: sshbuf-getput-crypto.c
===================================================================
--- sshbuf-getput-crypto.c
+++ sshbuf-getput-crypto.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-getput-crypto.c,v 1.5 2016/01/12 23:42:54 djm Exp $	*/
+/*	$OpenBSD: sshbuf-getput-crypto.c,v 1.7 2019/01/21 09:54:11 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -32,41 +32,24 @@
 #include "sshbuf.h"
 
 int
-sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v)
+sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp)
 {
+	BIGNUM *v;
 	const u_char *d;
 	size_t len;
 	int r;
 
+	if (valp != NULL)
+		*valp = NULL;
 	if ((r = sshbuf_get_bignum2_bytes_direct(buf, &d, &len)) != 0)
 		return r;
-	if (v != NULL && BN_bin2bn(d, len, v) == NULL)
-		return SSH_ERR_ALLOC_FAIL;
-	return 0;
-}
-
-int
-sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v)
-{
-	const u_char *d = sshbuf_ptr(buf);
-	u_int16_t len_bits;
-	size_t len_bytes;
-
-	/* Length in bits */
-	if (sshbuf_len(buf) < 2)
-		return SSH_ERR_MESSAGE_INCOMPLETE;
-	len_bits = PEEK_U16(d);
-	len_bytes = (len_bits + 7) >> 3;
-	if (len_bytes > SSHBUF_MAX_BIGNUM)
-		return SSH_ERR_BIGNUM_TOO_LARGE;
-	if (sshbuf_len(buf) < 2 + len_bytes)
-		return SSH_ERR_MESSAGE_INCOMPLETE;
-	if (v != NULL && BN_bin2bn(d + 2, len_bytes, v) == NULL)
-		return SSH_ERR_ALLOC_FAIL;
-	if (sshbuf_consume(buf, 2 + len_bytes) != 0) {
-		SSHBUF_DBG(("SSH_ERR_INTERNAL_ERROR"));
-		SSHBUF_ABORT();
-		return SSH_ERR_INTERNAL_ERROR;
+	if (valp != NULL) {
+		if ((v = BN_new()) == NULL ||
+		    BN_bin2bn(d, len, v) == NULL) {
+			BN_clear_free(v);
+			return SSH_ERR_ALLOC_FAIL;
+		}
+		*valp = v;
 	}
 	return 0;
 }
@@ -161,28 +144,6 @@
 		explicit_bzero(d, sizeof(d));
 		return r;
 	}
-	explicit_bzero(d, sizeof(d));
-	return 0;
-}
-
-int
-sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v)
-{
-	int r, len_bits = BN_num_bits(v);
-	size_t len_bytes = (len_bits + 7) / 8;
-	u_char d[SSHBUF_MAX_BIGNUM], *dp;
-
-	if (len_bits < 0 || len_bytes > SSHBUF_MAX_BIGNUM)
-		return SSH_ERR_INVALID_ARGUMENT;
-	if (BN_bn2bin(v, d) != (int)len_bytes)
-		return SSH_ERR_INTERNAL_ERROR; /* Shouldn't happen */
-	if ((r = sshbuf_reserve(buf, len_bytes + 2, &dp)) < 0) {
-		explicit_bzero(d, sizeof(d));
-		return r;
-	}
-	POKE_U16(dp, len_bits);
-	if (len_bytes != 0)
-		memcpy(dp + 2, d, len_bytes);
 	explicit_bzero(d, sizeof(d));
 	return 0;
 }
Index: sshbuf-misc.c
===================================================================
--- sshbuf-misc.c
+++ sshbuf-misc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-misc.c,v 1.6 2016/05/02 08:49:03 djm Exp $	*/
+/*	$OpenBSD: sshbuf-misc.c,v 1.11 2019/07/30 05:04:49 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -23,7 +23,7 @@
 #include <errno.h>
 #include <stdlib.h>
 #ifdef HAVE_STDINT_H
-#include <stdint.h>
+# include <stdint.h>
 #endif
 #include <stdio.h>
 #include <limits.h>
@@ -89,24 +89,58 @@
 	return ret;
 }
 
+int
+sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap)
+{
+	size_t i, slen = 0;
+	char *s = NULL;
+	int r;
+
+	if (d == NULL || b64 == NULL || sshbuf_len(d) >= SIZE_MAX / 2)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (sshbuf_len(d) == 0)
+		return 0;
+	slen = ((sshbuf_len(d) + 2) / 3) * 4 + 1;
+	if ((s = malloc(slen)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if (b64_ntop(sshbuf_ptr(d), sshbuf_len(d), s, slen) == -1) {
+		r = SSH_ERR_INTERNAL_ERROR;
+		goto fail;
+	}
+	if (wrap) {
+		for (i = 0; s[i] != '\0'; i++) {
+			if ((r = sshbuf_put_u8(b64, s[i])) != 0)
+				goto fail;
+			if (i % 70 == 69 && (r = sshbuf_put_u8(b64, '\n')) != 0)
+				goto fail;
+		}
+		if ((i - 1) % 70 != 69 && (r = sshbuf_put_u8(b64, '\n')) != 0)
+			goto fail;
+	} else {
+		if ((r = sshbuf_put(b64, s, strlen(s))) != 0)
+			goto fail;
+	}
+	/* Success */
+	r = 0;
+ fail:
+	freezero(s, slen);
+	return r;
+}
+
 char *
-sshbuf_dtob64(struct sshbuf *buf)
+sshbuf_dtob64_string(const struct sshbuf *buf, int wrap)
 {
-	size_t len = sshbuf_len(buf), plen;
-	const u_char *p = sshbuf_ptr(buf);
+	struct sshbuf *tmp;
 	char *ret;
-	int r;
 
-	if (len == 0)
-		return strdup("");
-	plen = ((len + 2) / 3) * 4 + 1;
-	if (SIZE_MAX / 2 <= len || (ret = malloc(plen)) == NULL)
+	if ((tmp = sshbuf_new()) == NULL)
 		return NULL;
-	if ((r = b64_ntop(p, len, ret, plen)) == -1) {
-		explicit_bzero(ret, plen);
-		free(ret);
+	if (sshbuf_dtob64(buf, tmp, wrap) != 0) {
+		sshbuf_free(tmp);
 		return NULL;
 	}
+	ret = sshbuf_dup_string(tmp);
+	sshbuf_free(tmp);
 	return ret;
 }
 
@@ -159,3 +193,39 @@
 	return r;
 }
 
+int
+sshbuf_cmp(const struct sshbuf *b, size_t offset,
+    const void *s, size_t len)
+{
+	if (sshbuf_ptr(b) == NULL)
+		return SSH_ERR_INTERNAL_ERROR;
+	if (offset > SSHBUF_SIZE_MAX || len > SSHBUF_SIZE_MAX || len == 0)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (offset + len > sshbuf_len(b))
+		return SSH_ERR_MESSAGE_INCOMPLETE;
+	if (timingsafe_bcmp(sshbuf_ptr(b) + offset, s, len) != 0)
+		return SSH_ERR_INVALID_FORMAT;
+	return 0;
+}
+
+int
+sshbuf_find(const struct sshbuf *b, size_t start_offset,
+    const void *s, size_t len, size_t *offsetp)
+{
+	void *p;
+
+	if (offsetp != NULL)
+		*offsetp = 0;
+	if (sshbuf_ptr(b) == NULL)
+		return SSH_ERR_INTERNAL_ERROR;
+	if (start_offset > SSHBUF_SIZE_MAX || len > SSHBUF_SIZE_MAX || len == 0)
+		return SSH_ERR_INVALID_ARGUMENT;
+	if (start_offset > sshbuf_len(b) || start_offset + len > sshbuf_len(b))
+		return SSH_ERR_MESSAGE_INCOMPLETE;
+	if ((p = memmem(sshbuf_ptr(b) + start_offset,
+	    sshbuf_len(b) - start_offset, s, len)) == NULL)
+		return SSH_ERR_INVALID_FORMAT;
+	if (offsetp != NULL)
+		*offsetp = (const u_char *)p - sshbuf_ptr(b);
+	return 0;
+}
Index: sshbuf.h
===================================================================
--- sshbuf.h
+++ sshbuf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.h,v 1.11 2018/07/09 21:56:06 markus Exp $	*/
+/*	$OpenBSD: sshbuf.h,v 1.18 2019/09/06 05:23:55 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -176,7 +176,27 @@
 int	sshbuf_put_u16(struct sshbuf *buf, u_int16_t val);
 int	sshbuf_put_u8(struct sshbuf *buf, u_char val);
 
+/* Functions to peek at the contents of a buffer without modifying it. */
+int	sshbuf_peek_u64(const struct sshbuf *buf, size_t offset,
+    u_int64_t *valp);
+int	sshbuf_peek_u32(const struct sshbuf *buf, size_t offset,
+    u_int32_t *valp);
+int	sshbuf_peek_u16(const struct sshbuf *buf, size_t offset,
+    u_int16_t *valp);
+int	sshbuf_peek_u8(const struct sshbuf *buf, size_t offset,
+    u_char *valp);
+
 /*
+ * Functions to poke values into an exisiting buffer (e.g. a length header
+ * to a packet). The destination bytes must already exist in the buffer.
+ */
+int sshbuf_poke_u64(struct sshbuf *buf, size_t offset, u_int64_t val);
+int sshbuf_poke_u32(struct sshbuf *buf, size_t offset, u_int32_t val);
+int sshbuf_poke_u16(struct sshbuf *buf, size_t offset, u_int16_t val);
+int sshbuf_poke_u8(struct sshbuf *buf, size_t offset, u_char val);
+int sshbuf_poke(struct sshbuf *buf, size_t offset, void *v, size_t len);
+
+/*
  * Functions to extract or store SSH wire encoded strings (u32 len || data)
  * The "cstring" variants admit no \0 characters in the string contents.
  * Caller must free *valp.
@@ -202,7 +222,6 @@
 /* Another variant: "peeks" into the buffer without modifying it */
 int	sshbuf_peek_string_direct(const struct sshbuf *buf, const u_char **valp,
 	    size_t *lenp);
-/* XXX peek_u8 / peek_u32 */
 
 /*
  * Functions to extract or store SSH wire encoded bignums and elliptic
@@ -212,10 +231,8 @@
 int	sshbuf_get_bignum2_bytes_direct(struct sshbuf *buf,
 	    const u_char **valp, size_t *lenp);
 #ifdef WITH_OPENSSL
-int	sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM *v);
-int	sshbuf_get_bignum1(struct sshbuf *buf, BIGNUM *v);
+int	sshbuf_get_bignum2(struct sshbuf *buf, BIGNUM **valp);
 int	sshbuf_put_bignum2(struct sshbuf *buf, const BIGNUM *v);
-int	sshbuf_put_bignum1(struct sshbuf *buf, const BIGNUM *v);
 # ifdef OPENSSL_HAS_ECC
 int	sshbuf_get_ec(struct sshbuf *buf, EC_POINT *v, const EC_GROUP *g);
 int	sshbuf_get_eckey(struct sshbuf *buf, EC_KEY *v);
@@ -234,10 +251,38 @@
 char	*sshbuf_dtob16(struct sshbuf *buf);
 
 /* Encode the contents of the buffer as base64 */
-char	*sshbuf_dtob64(struct sshbuf *buf);
+char	*sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
+int	sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
 
 /* Decode base64 data and append it to the buffer */
 int	sshbuf_b64tod(struct sshbuf *buf, const char *b64);
+
+/*
+ * Tests whether the buffer contains the specified byte sequence at the
+ * specified offset. Returns 0 on successful match, or a ssherr.h code
+ * otherwise. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
+ * present but the buffer contents did not match those supplied. Zero-
+ * length comparisons are not allowed.
+ *
+ * If sufficient data is present to make a comparison, then it is
+ * performed with timing independent of the value of the data. If
+ * insufficient data is present then the comparison is not attempted at
+ * all.
+ */
+int	sshbuf_cmp(const struct sshbuf *b, size_t offset,
+    const void *s, size_t len);
+
+/*
+ * Searches the buffer for the specified string. Returns 0 on success
+ * and updates *offsetp with the offset of the first match, relative to
+ * the start of the buffer. Otherwise sshbuf_find will return a ssherr.h
+ * error code. SSH_ERR_INVALID_FORMAT indicates sufficient bytes were
+ * present in the buffer for a match to be possible but none was found.
+ * Searches for zero-length data are not allowed.
+ */
+int
+sshbuf_find(const struct sshbuf *b, size_t start_offset,
+    const void *s, size_t len, size_t *offsetp);
 
 /*
  * Duplicate the contents of a buffer to a string (caller to free).
Index: sshbuf.c
===================================================================
--- sshbuf.c
+++ sshbuf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.c,v 1.12 2018/07/09 21:56:06 markus Exp $	*/
+/*	$OpenBSD: sshbuf.c,v 1.13 2018/11/16 06:10:29 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -143,13 +143,8 @@
 	 */
 	if (sshbuf_check_sanity(buf) != 0)
 		return;
+
 	/*
-	 * If we are a child, the free our parent to decrement its reference
-	 * count and possibly free it.
-	 */
-	sshbuf_free(buf->parent);
-	buf->parent = NULL;
-	/*
 	 * If we are a parent with still-extant children, then don't free just
 	 * yet. The last child's call to sshbuf_free should decrement our
 	 * refcount to 0 and trigger the actual free.
@@ -157,6 +152,14 @@
 	buf->refcount--;
 	if (buf->refcount > 0)
 		return;
+
+	/*
+	 * If we are a child, the free our parent to decrement its reference
+	 * count and possibly free it.
+	 */
+	sshbuf_free(buf->parent);
+	buf->parent = NULL;
+
 	if (!buf->readonly) {
 		explicit_bzero(buf->d, buf->alloc);
 		free(buf->d);
Index: sshconnect.h
===================================================================
--- sshconnect.h
+++ sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.35 2018/07/19 10:28:47 dtucker Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.39 2019/09/13 04:27:35 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -33,27 +33,24 @@
 struct addrinfo;
 struct ssh;
 
-int	 ssh_connect(struct ssh *, const char *, struct addrinfo *,
-	    struct sockaddr_storage *, u_short, int, int, int *, int);
+int	 ssh_connect(struct ssh *, const char *, const char *,
+	    struct addrinfo *, struct sockaddr_storage *, u_short,
+	    int, int, int *, int);
 void	 ssh_kill_proxy_command(void);
 
-void	 ssh_login(Sensitive *, const char *, struct sockaddr *, u_short,
-    struct passwd *, int);
+void	 ssh_login(struct ssh *, Sensitive *, const char *,
+    struct sockaddr *, u_short, struct passwd *, int);
 
-void	 ssh_exchange_identification(int);
-
 int	 verify_host_key(char *, struct sockaddr *, struct sshkey *);
 
 void	 get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short,
     char **, char **);
 
-void	 ssh_kex(char *, struct sockaddr *);
-void	 ssh_kex2(char *, struct sockaddr *, u_short);
+void	 ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short);
 
-void	 ssh_userauth1(const char *, const char *, char *, Sensitive *);
-void	 ssh_userauth2(const char *, const char *, char *, Sensitive *);
+void	 ssh_userauth2(struct ssh *ssh, const char *, const char *,
+    char *, Sensitive *);
 
-void	 ssh_put_password(char *);
 int	 ssh_local_cmd(const char *);
 
-void	 maybe_add_key_to_agent(char *, const struct sshkey *, char *, char *);
+void	 maybe_add_key_to_agent(char *, struct sshkey *, char *, char *);
Index: sshconnect.c
===================================================================
--- sshconnect.c
+++ sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.305 2018/09/20 03:30:44 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.319 2019/09/13 04:31:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -56,7 +56,6 @@
 #include "compat.h"
 #include "sshkey.h"
 #include "sshconnect.h"
-#include "hostfile.h"
 #include "log.h"
 #include "misc.h"
 #include "readconf.h"
@@ -68,9 +67,8 @@
 #include "authfile.h"
 #include "ssherr.h"
 #include "authfd.h"
+#include "kex.h"
 
-char *client_version_string = NULL;
-char *server_version_string = NULL;
 struct sshkey *previous_host_key = NULL;
 
 static int matching_host_key_dns = 0;
@@ -78,6 +76,7 @@
 static pid_t proxy_command_pid = 0;
 
 /* import */
+extern int debug_flag;
 extern Options options;
 extern char *__progname;
 
@@ -87,25 +86,47 @@
 /* Expand a proxy command */
 static char *
 expand_proxy_command(const char *proxy_command, const char *user,
-    const char *host, int port)
+    const char *host, const char *host_arg, int port)
 {
 	char *tmp, *ret, strport[NI_MAXSERV];
 
 	snprintf(strport, sizeof strport, "%d", port);
 	xasprintf(&tmp, "exec %s", proxy_command);
-	ret = percent_expand(tmp, "h", host, "p", strport,
-	    "r", options.user, (char *)NULL);
+	ret = percent_expand(tmp,
+	    "h", host,
+	    "n", host_arg,
+	    "p", strport,
+	    "r", options.user,
+	    (char *)NULL);
 	free(tmp);
 	return ret;
 }
 
+static void
+stderr_null(void)
+{
+	int devnull;
+
+	if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
+		error("Can't open %s for stderr redirection: %s",
+		    _PATH_DEVNULL, strerror(errno));
+		return;
+	}
+	if (devnull == STDERR_FILENO)
+		return;
+	if (dup2(devnull, STDERR_FILENO) == -1)
+		error("Cannot redirect stderr to %s", _PATH_DEVNULL);
+	if (devnull > STDERR_FILENO)
+		close(devnull);
+}
+
 /*
  * Connect to the given ssh server using a proxy command that passes a
  * a connected fd back to us.
  */
 static int
-ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port,
-    const char *proxy_command)
+ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host,
+    const char *host_arg, u_short port, const char *proxy_command)
 {
 	char *command_string;
 	int sp[2], sock;
@@ -115,12 +136,12 @@
 	if ((shell = getenv("SHELL")) == NULL)
 		shell = _PATH_BSHELL;
 
-	if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) < 0)
+	if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) == -1)
 		fatal("Could not create socketpair to communicate with "
 		    "proxy dialer: %.100s", strerror(errno));
 
 	command_string = expand_proxy_command(proxy_command, options.user,
-	    host, port);
+	    host_arg, host, port);
 	debug("Executing proxy dialer command: %.500s", command_string);
 
 	/* Fork and execute the proxy command. */
@@ -130,20 +151,24 @@
 		close(sp[1]);
 		/* Redirect stdin and stdout. */
 		if (sp[0] != 0) {
-			if (dup2(sp[0], 0) < 0)
+			if (dup2(sp[0], 0) == -1)
 				perror("dup2 stdin");
 		}
 		if (sp[0] != 1) {
-			if (dup2(sp[0], 1) < 0)
+			if (dup2(sp[0], 1) == -1)
 				perror("dup2 stdout");
 		}
 		if (sp[0] >= 2)
 			close(sp[0]);
 
 		/*
-		 * Stderr is left as it is so that error messages get
-		 * printed on the user's terminal.
+		 * Stderr is left for non-ControlPersist connections is so
+		 * error messages may be printed on the user's terminal.
 		 */
+		if (!debug_flag && options.control_path != NULL &&
+		    options.control_persist)
+			stderr_null();
+
 		argv[0] = shell;
 		argv[1] = "-c";
 		argv[2] = command_string;
@@ -158,7 +183,7 @@
 		exit(1);
 	}
 	/* Parent. */
-	if (pid < 0)
+	if (pid == -1)
 		fatal("fork failed: %.100s", strerror(errno));
 	close(sp[0]);
 	free(command_string);
@@ -182,8 +207,8 @@
  * Connect to the given ssh server using a proxy command.
  */
 static int
-ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
-    const char *proxy_command)
+ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg,
+    u_short port, const char *proxy_command)
 {
 	char *command_string;
 	int pin[2], pout[2];
@@ -194,12 +219,12 @@
 		shell = _PATH_BSHELL;
 
 	/* Create pipes for communicating with the proxy. */
-	if (pipe(pin) < 0 || pipe(pout) < 0)
+	if (pipe(pin) == -1 || pipe(pout) == -1)
 		fatal("Could not create pipes to communicate with the proxy: %.100s",
 		    strerror(errno));
 
 	command_string = expand_proxy_command(proxy_command, options.user,
-	    host, port);
+	    host_arg, host, port);
 	debug("Executing proxy command: %.500s", command_string);
 
 	/* Fork and execute the proxy command. */
@@ -209,18 +234,24 @@
 		/* Redirect stdin and stdout. */
 		close(pin[1]);
 		if (pin[0] != 0) {
-			if (dup2(pin[0], 0) < 0)
+			if (dup2(pin[0], 0) == -1)
 				perror("dup2 stdin");
 			close(pin[0]);
 		}
 		close(pout[0]);
-		if (dup2(pout[1], 1) < 0)
+		if (dup2(pout[1], 1) == -1)
 			perror("dup2 stdout");
 		/* Cannot be 1 because pin allocated two descriptors. */
 		close(pout[1]);
 
-		/* Stderr is left as it is so that error messages get
-		   printed on the user's terminal. */
+		/*
+		 * Stderr is left for non-ControlPersist connections is so
+		 * error messages may be printed on the user's terminal.
+		 */
+		if (!debug_flag && options.control_path != NULL &&
+		    options.control_persist)
+			stderr_null();
+
 		argv[0] = shell;
 		argv[1] = "-c";
 		argv[2] = command_string;
@@ -234,7 +265,7 @@
 		exit(1);
 	}
 	/* Parent. */
-	if (pid < 0)
+	if (pid == -1)
 		fatal("fork failed: %.100s", strerror(errno));
 	else
 		proxy_command_pid = pid; /* save pid to clean up later */
@@ -343,7 +374,7 @@
 	char ntop[NI_MAXHOST];
 
 	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
-	if (sock < 0) {
+	if (sock == -1) {
 		error("socket: %s", strerror(errno));
 		return -1;
 	}
@@ -369,10 +400,6 @@
 			error("getaddrinfo: no addrs");
 			goto fail;
 		}
-		if (res->ai_addrlen > sizeof(bindaddr)) {
-			error("%s: addr doesn't fit", __func__);
-			goto fail;
-		}
 		memcpy(&bindaddr, res->ai_addr, res->ai_addrlen);
 		bindaddrlen = res->ai_addrlen;
 	} else if (options.bind_interface != NULL) {
@@ -420,73 +447,6 @@
 }
 
 /*
- * Wait up to *timeoutp milliseconds for fd to be readable. Updates
- * *timeoutp with time remaining.
- * Returns 0 if fd ready or -1 on timeout or error (see errno).
- */
-static int
-waitrfd(int fd, int *timeoutp)
-{
-	struct pollfd pfd;
-	struct timeval t_start;
-	int oerrno, r;
-
-	monotime_tv(&t_start);
-	pfd.fd = fd;
-	pfd.events = POLLIN;
-	for (; *timeoutp >= 0;) {
-		r = poll(&pfd, 1, *timeoutp);
-		oerrno = errno;
-		ms_subtract_diff(&t_start, timeoutp);
-		errno = oerrno;
-		if (r > 0)
-			return 0;
-		else if (r == -1 && errno != EAGAIN)
-			return -1;
-		else if (r == 0)
-			break;
-	}
-	/* timeout */
-	errno = ETIMEDOUT;
-	return -1;
-}
-
-static int
-timeout_connect(int sockfd, const struct sockaddr *serv_addr,
-    socklen_t addrlen, int *timeoutp)
-{
-	int optval = 0;
-	socklen_t optlen = sizeof(optval);
-
-	/* No timeout: just do a blocking connect() */
-	if (*timeoutp <= 0)
-		return connect(sockfd, serv_addr, addrlen);
-
-	set_nonblock(sockfd);
-	if (connect(sockfd, serv_addr, addrlen) == 0) {
-		/* Succeeded already? */
-		unset_nonblock(sockfd);
-		return 0;
-	} else if (errno != EINPROGRESS)
-		return -1;
-
-	if (waitrfd(sockfd, timeoutp) == -1)
-		return -1;
-
-	/* Completed or failed */
-	if (getsockopt(sockfd, SOL_SOCKET, SO_ERROR, &optval, &optlen) == -1) {
-		debug("getsockopt: %s", strerror(errno));
-		return -1;
-	}
-	if (optval != 0) {
-		errno = optval;
-		return -1;
-	}
-	unset_nonblock(sockfd);
-	return 0;
-}
-
-/*
  * Opens a TCP/IP connection to the remote server on the given host.
  * The address of the remote host will be returned in hostaddr.
  * If port is 0, the default port will be used.
@@ -500,7 +460,7 @@
     struct sockaddr_storage *hostaddr, u_short port, int family,
     int connection_attempts, int *timeout_ms, int want_keepalive)
 {
-	int on = 1;
+	int on = 1, saved_timeout_ms = *timeout_ms;
 	int oerrno, sock = -1, attempt;
 	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
 	struct addrinfo *ai;
@@ -544,6 +504,7 @@
 				continue;
 			}
 
+			*timeout_ms = saved_timeout_ms;
 			if (timeout_connect(sock, ai->ai_addr, ai->ai_addrlen,
 			    timeout_ms) >= 0) {
 				/* Successful connection. */
@@ -574,158 +535,65 @@
 	/* Set SO_KEEPALIVE if requested. */
 	if (want_keepalive &&
 	    setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
-	    sizeof(on)) < 0)
+	    sizeof(on)) == -1)
 		error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
 
 	/* Set the connection. */
 	if (ssh_packet_set_connection(ssh, sock, sock) == NULL)
 		return -1; /* ssh_packet_set_connection logs error */
 
-        return 0;
+	return 0;
 }
 
 int
-ssh_connect(struct ssh *ssh, const char *host, struct addrinfo *addrs,
-    struct sockaddr_storage *hostaddr, u_short port, int family,
-    int connection_attempts, int *timeout_ms, int want_keepalive)
+ssh_connect(struct ssh *ssh, const char *host, const char *host_arg,
+    struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port,
+    int family, int connection_attempts, int *timeout_ms, int want_keepalive)
 {
+	int in, out;
+
 	if (options.proxy_command == NULL) {
 		return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
 		    family, connection_attempts, timeout_ms, want_keepalive);
 	} else if (strcmp(options.proxy_command, "-") == 0) {
-		if ((ssh_packet_set_connection(ssh,
-		    STDIN_FILENO, STDOUT_FILENO)) == NULL)
+		if ((in = dup(STDIN_FILENO)) == -1 ||
+		    (out = dup(STDOUT_FILENO)) == -1) {
+			if (in >= 0)
+				close(in);
+			error("%s: dup() in/out failed", __func__);
 			return -1; /* ssh_packet_set_connection logs error */
+		}
+		if ((ssh_packet_set_connection(ssh, in, out)) == NULL)
+			return -1; /* ssh_packet_set_connection logs error */
 		return 0;
 	} else if (options.proxy_use_fdpass) {
-		return ssh_proxy_fdpass_connect(ssh, host, port,
+		return ssh_proxy_fdpass_connect(ssh, host, host_arg, port,
 		    options.proxy_command);
 	}
-	return ssh_proxy_connect(ssh, host, port, options.proxy_command);
+	return ssh_proxy_connect(ssh, host, host_arg, port,
+	    options.proxy_command);
 }
 
-static void
-send_client_banner(int connection_out, int minor1)
-{
-	/* Send our own protocol version identification. */
-	xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
-	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
-	if (atomicio(vwrite, connection_out, client_version_string,
-	    strlen(client_version_string)) != strlen(client_version_string))
-		fatal("write: %.100s", strerror(errno));
-	chop(client_version_string);
-	debug("Local version string %.100s", client_version_string);
-}
-
-/*
- * Waits for the server identification string, and sends our own
- * identification string.
- */
-void
-ssh_exchange_identification(int timeout_ms)
-{
-	char buf[256], remote_version[256];	/* must be same size! */
-	int remote_major, remote_minor, mismatch;
-	int connection_in = packet_get_connection_in();
-	int connection_out = packet_get_connection_out();
-	u_int i, n;
-	size_t len;
-	int rc;
-
-	send_client_banner(connection_out, 0);
-
-	/* Read other side's version identification. */
-	for (n = 0;;) {
-		for (i = 0; i < sizeof(buf) - 1; i++) {
-			if (timeout_ms > 0) {
-				rc = waitrfd(connection_in, &timeout_ms);
-				if (rc == -1 && errno == ETIMEDOUT) {
-					fatal("Connection timed out during "
-					    "banner exchange");
-				} else if (rc == -1) {
-					fatal("%s: %s",
-					    __func__, strerror(errno));
-				}
-			}
-
-			len = atomicio(read, connection_in, &buf[i], 1);
-			if (len != 1 && errno == EPIPE)
-				fatal("ssh_exchange_identification: "
-				    "Connection closed by remote host");
-			else if (len != 1)
-				fatal("ssh_exchange_identification: "
-				    "read: %.100s", strerror(errno));
-			if (buf[i] == '\r') {
-				buf[i] = '\n';
-				buf[i + 1] = 0;
-				continue;		/**XXX wait for \n */
-			}
-			if (buf[i] == '\n') {
-				buf[i + 1] = 0;
-				break;
-			}
-			if (++n > 65536)
-				fatal("ssh_exchange_identification: "
-				    "No banner received");
-		}
-		buf[sizeof(buf) - 1] = 0;
-		if (strncmp(buf, "SSH-", 4) == 0)
-			break;
-		debug("ssh_exchange_identification: %s", buf);
-	}
-	server_version_string = xstrdup(buf);
-
-	/*
-	 * Check that the versions match.  In future this might accept
-	 * several versions and set appropriate flags to handle them.
-	 */
-	if (sscanf(server_version_string, "SSH-%d.%d-%[^\n]\n",
-	    &remote_major, &remote_minor, remote_version) != 3)
-		fatal("Bad remote protocol version identification: '%.100s'", buf);
-	debug("Remote protocol version %d.%d, remote software version %.100s",
-	    remote_major, remote_minor, remote_version);
-
-	active_state->compat = compat_datafellows(remote_version);
-	mismatch = 0;
-
-	switch (remote_major) {
-	case 2:
-		break;
-	case 1:
-		if (remote_minor != 99)
-			mismatch = 1;
-		break;
-	default:
-		mismatch = 1;
-		break;
-	}
-	if (mismatch)
-		fatal("Protocol major versions differ: %d vs. %d",
-		    PROTOCOL_MAJOR_2, remote_major);
-	if ((datafellows & SSH_BUG_RSASIGMD5) != 0)
-		logit("Server version \"%.100s\" uses unsafe RSA signature "
-		    "scheme; disabling use of RSA keys", remote_version);
-	chop(server_version_string);
-}
-
 /* defaults to 'no' */
 static int
-confirm(const char *prompt)
+confirm(const char *prompt, const char *fingerprint)
 {
 	const char *msg, *again = "Please type 'yes' or 'no': ";
+	const char *again_fp = "Please type 'yes', 'no' or the fingerprint: ";
 	char *p;
 	int ret = -1;
 
 	if (options.batch_mode)
 		return 0;
-	for (msg = prompt;;msg = again) {
+	for (msg = prompt;;msg = fingerprint ? again_fp : again) {
 		p = read_passphrase(msg, RP_ECHO);
 		if (p == NULL)
 			return 0;
 		p[strcspn(p, "\n")] = '\0';
 		if (p[0] == '\0' || strcasecmp(p, "no") == 0)
 			ret = 0;
-		else if (strcasecmp(p, "yes") == 0)
+		else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
+		    strcasecmp(p, fingerprint) == 0))
 			ret = 1;
 		free(p);
 		if (ret != -1)
@@ -853,7 +721,7 @@
 	char msg[1024];
 	const char *type;
 	const struct hostkey_entry *host_found, *ip_found;
-	int len, cancelled_forwarding = 0;
+	int len, cancelled_forwarding = 0, confirmed;
 	int local = sockaddr_is_local(hostaddr);
 	int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
 	int hostkey_trusted = 0; /* Known or explicitly accepted by user */
@@ -925,7 +793,7 @@
 		ip_status = check_key_in_hostkeys(ip_hostkeys, host_key,
 		    &ip_found);
 		if (host_status == HOST_CHANGED &&
-		    (ip_status != HOST_CHANGED || 
+		    (ip_status != HOST_CHANGED ||
 		    (ip_found != NULL &&
 		    !sshkey_equal(ip_found->key, host_found->key))))
 			host_ip_differ = 1;
@@ -1028,14 +896,15 @@
 			    "established%s\n"
 			    "%s key fingerprint is %s.%s%s\n%s"
 			    "Are you sure you want to continue connecting "
-			    "(yes/no)? ",
+			    "(yes/no/[fingerprint])? ",
 			    host, ip, msg1, type, fp,
 			    options.visual_host_key ? "\n" : "",
 			    options.visual_host_key ? ra : "",
 			    msg2);
 			free(ra);
+			confirmed = confirm(msg, fp);
 			free(fp);
-			if (!confirm(msg))
+			if (!confirmed)
 				goto fail;
 			hostkey_trusted = 1; /* user explicitly confirmed */
 		}
@@ -1229,7 +1098,7 @@
 		    SSH_STRICT_HOSTKEY_ASK) {
 			strlcat(msg, "\nAre you sure you want "
 			    "to continue connecting (yes/no)? ", sizeof(msg));
-			if (!confirm(msg))
+			if (!confirm(msg, NULL))
 				goto fail;
 		} else if (options.strict_host_key_checking !=
 		    SSH_STRICT_HOSTKEY_OFF) {
@@ -1401,7 +1270,7 @@
  * This function does not require super-user privileges.
  */
 void
-ssh_login(Sensitive *sensitive, const char *orighost,
+ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
     struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms)
 {
 	char *host;
@@ -1415,37 +1284,21 @@
 	lowercase(host);
 
 	/* Exchange protocol version identification strings with the server. */
-	ssh_exchange_identification(timeout_ms);
+	if (kex_exchange_identification(ssh, timeout_ms, NULL) != 0)
+		cleanup_exit(255); /* error already logged */
 
 	/* Put the connection into non-blocking mode. */
-	packet_set_nonblocking();
+	ssh_packet_set_nonblocking(ssh);
 
 	/* key exchange */
 	/* authenticate user */
 	debug("Authenticating to %s:%d as '%s'", host, port, server_user);
-	ssh_kex2(host, hostaddr, port);
-	ssh_userauth2(local_user, server_user, host, sensitive);
+	ssh_kex2(ssh, host, hostaddr, port);
+	ssh_userauth2(ssh, local_user, server_user, host, sensitive);
 	free(local_user);
+	free(host);
 }
 
-void
-ssh_put_password(char *password)
-{
-	int size;
-	char *padded;
-
-	if (datafellows & SSH_BUG_PASSWORDPAD) {
-		packet_put_cstring(password);
-		return;
-	}
-	size = ROUNDUP(strlen(password) + 1, 32);
-	padded = xcalloc(1, size);
-	strlcpy(padded, password, size);
-	packet_put_string(padded, size);
-	explicit_bzero(padded, size);
-	free(padded);
-}
-
 /* print all known host keys for a given host, but skip keys of given type */
 static int
 show_other_keys(struct hostkeys *hostkeys, struct sshkey *key)
@@ -1552,7 +1405,7 @@
 }
 
 void
-maybe_add_key_to_agent(char *authfile, const struct sshkey *private,
+maybe_add_key_to_agent(char *authfile, struct sshkey *private,
     char *comment, char *passphrase)
 {
 	int auth_sock = -1, r;
Index: sshconnect2.c
===================================================================
--- sshconnect2.c
+++ sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.288 2018/10/11 03:48:04 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.308 2019/08/05 11:50:33 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -155,11 +155,10 @@
 }
 
 void
-ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
+ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
 {
 	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 	char *s, *all_key;
-	struct kex *kex;
 	int r;
 
 	xxx_host = host;
@@ -195,40 +194,38 @@
 	}
 
 	if (options.rekey_limit || options.rekey_interval)
-		packet_set_rekey_limits(options.rekey_limit,
+		ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
 		    options.rekey_interval);
 
 	/* start key exchange */
-	if ((r = kex_setup(active_state, myproposal)) != 0)
+	if ((r = kex_setup(ssh, myproposal)) != 0)
 		fatal("kex_setup: %s", ssh_err(r));
-	kex = active_state->kex;
 #ifdef WITH_OPENSSL
-	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
-	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_client;
-	kex->kex[KEX_DH_GRP14_SHA256] = kexdh_client;
-	kex->kex[KEX_DH_GRP16_SHA512] = kexdh_client;
-	kex->kex[KEX_DH_GRP18_SHA512] = kexdh_client;
-	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
-	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+	ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
+	ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
+	ssh->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_client;
+	ssh->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_client;
+	ssh->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_client;
+	ssh->kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
+	ssh->kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
 # ifdef OPENSSL_HAS_ECC
-	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+	ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client;
 # endif
 #endif
-	kex->kex[KEX_C25519_SHA256] = kexc25519_client;
-	kex->client_version_string=client_version_string;
-	kex->server_version_string=server_version_string;
-	kex->verify_host_key=&verify_host_key_callback;
+	ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
+	ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
+	ssh->kex->verify_host_key=&verify_host_key_callback;
 
-	ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);
+	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
 
 	/* remove ext-info from the KEX proposals for rekeying */
 	myproposal[PROPOSAL_KEX_ALGS] =
 	    compat_kex_proposal(options.kex_algorithms);
-	if ((r = kex_prop2buf(kex->my, myproposal)) != 0)
+	if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
 		fatal("kex_prop2buf: %s", ssh_err(r));
 
-	session_id2 = kex->session_id;
-	session_id2_len = kex->session_id_len;
+	session_id2 = ssh->kex->session_id;
+	session_id2_len = ssh->kex->session_id_len;
 
 #ifdef DEBUG_KEXDH
 	/* send 1st encrypted/maced/compressed message */
@@ -268,7 +265,11 @@
 	struct cauthmethod *method;
 	sig_atomic_t success;
 	char *authlist;
-	int attempt;
+#ifdef GSSAPI
+	/* gssapi */
+	gss_OID_set gss_supported_mechs;
+	u_int mech_tried;
+#endif
 	/* pubkey */
 	struct idlist keys;
 	int agent_fd;
@@ -278,49 +279,51 @@
 	const char *active_ktype;
 	/* kbd-interactive */
 	int info_req_seen;
+	int attempt_kbdint;
+	/* password */
+	int attempt_passwd;
 	/* generic */
 	void *methoddata;
 };
 
 struct cauthmethod {
 	char	*name;		/* string to compare against server's list */
-	int	(*userauth)(Authctxt *authctxt);
-	void	(*cleanup)(Authctxt *authctxt);
+	int	(*userauth)(struct ssh *ssh);
+	void	(*cleanup)(struct ssh *ssh);
 	int	*enabled;	/* flag in option struct that enables method */
 	int	*batch_flag;	/* flag in option struct that disables method */
 };
 
-int	input_userauth_service_accept(int, u_int32_t, struct ssh *);
-int	input_userauth_ext_info(int, u_int32_t, struct ssh *);
-int	input_userauth_success(int, u_int32_t, struct ssh *);
-int	input_userauth_success_unexpected(int, u_int32_t, struct ssh *);
-int	input_userauth_failure(int, u_int32_t, struct ssh *);
-int	input_userauth_banner(int, u_int32_t, struct ssh *);
-int	input_userauth_error(int, u_int32_t, struct ssh *);
-int	input_userauth_info_req(int, u_int32_t, struct ssh *);
-int	input_userauth_pk_ok(int, u_int32_t, struct ssh *);
-int	input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
+static int input_userauth_service_accept(int, u_int32_t, struct ssh *);
+static int input_userauth_ext_info(int, u_int32_t, struct ssh *);
+static int input_userauth_success(int, u_int32_t, struct ssh *);
+static int input_userauth_failure(int, u_int32_t, struct ssh *);
+static int input_userauth_banner(int, u_int32_t, struct ssh *);
+static int input_userauth_error(int, u_int32_t, struct ssh *);
+static int input_userauth_info_req(int, u_int32_t, struct ssh *);
+static int input_userauth_pk_ok(int, u_int32_t, struct ssh *);
+static int input_userauth_passwd_changereq(int, u_int32_t, struct ssh *);
 
-int	userauth_none(Authctxt *);
-int	userauth_pubkey(Authctxt *);
-int	userauth_passwd(Authctxt *);
-int	userauth_kbdint(Authctxt *);
-int	userauth_hostbased(Authctxt *);
+static int userauth_none(struct ssh *);
+static int userauth_pubkey(struct ssh *);
+static int userauth_passwd(struct ssh *);
+static int userauth_kbdint(struct ssh *);
+static int userauth_hostbased(struct ssh *);
 
 #ifdef GSSAPI
-int	userauth_gssapi(Authctxt *authctxt);
-int	input_gssapi_response(int type, u_int32_t, struct ssh *);
-int	input_gssapi_token(int type, u_int32_t, struct ssh *);
-int	input_gssapi_hash(int type, u_int32_t, struct ssh *);
-int	input_gssapi_error(int, u_int32_t, struct ssh *);
-int	input_gssapi_errtok(int, u_int32_t, struct ssh *);
+static int userauth_gssapi(struct ssh *);
+static void userauth_gssapi_cleanup(struct ssh *);
+static int input_gssapi_response(int type, u_int32_t, struct ssh *);
+static int input_gssapi_token(int type, u_int32_t, struct ssh *);
+static int input_gssapi_error(int, u_int32_t, struct ssh *);
+static int input_gssapi_errtok(int, u_int32_t, struct ssh *);
 #endif
 
-void	userauth(Authctxt *, char *);
+void	userauth(struct ssh *, char *);
 
-static int sign_and_send_pubkey(struct ssh *ssh, Authctxt *, Identity *);
+static void pubkey_cleanup(struct ssh *);
+static int sign_and_send_pubkey(struct ssh *ssh, Identity *);
 static void pubkey_prepare(Authctxt *);
-static void pubkey_cleanup(Authctxt *);
 static void pubkey_reset(Authctxt *);
 static struct sshkey *load_identity_file(Identity *);
 
@@ -332,7 +335,7 @@
 #ifdef GSSAPI
 	{"gssapi-with-mic",
 		userauth_gssapi,
-		NULL,
+		userauth_gssapi_cleanup,
 		&options.gss_authentication,
 		NULL},
 #endif
@@ -365,10 +368,9 @@
 };
 
 void
-ssh_userauth2(const char *local_user, const char *server_user, char *host,
-    Sensitive *sensitive)
+ssh_userauth2(struct ssh *ssh, const char *local_user,
+    const char *server_user, char *host, Sensitive *sensitive)
 {
-	struct ssh *ssh = active_state;
 	Authctxt authctxt;
 	int r;
 
@@ -379,7 +381,6 @@
 
 	/* setup authentication context */
 	memset(&authctxt, 0, sizeof(authctxt));
-	pubkey_prepare(&authctxt);
 	authctxt.server_user = server_user;
 	authctxt.local_user = local_user;
 	authctxt.host = host;
@@ -391,9 +392,18 @@
 	authctxt.sensitive = sensitive;
 	authctxt.active_ktype = authctxt.oktypes = authctxt.ktypes = NULL;
 	authctxt.info_req_seen = 0;
+	authctxt.attempt_kbdint = 0;
+	authctxt.attempt_passwd = 0;
+#if GSSAPI
+	authctxt.gss_supported_mechs = NULL;
+	authctxt.mech_tried = 0;
+#endif
 	authctxt.agent_fd = -1;
-	if (authctxt.method == NULL)
-		fatal("ssh_userauth2: internal error: cannot send userauth none request");
+	pubkey_prepare(&authctxt);
+	if (authctxt.method == NULL) {
+		fatal("%s: internal error: cannot send userauth none request",
+		    __func__);
+	}
 
 	if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||
@@ -405,9 +415,9 @@
 	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info);
 	ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept);
 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success);	/* loop until success */
+	pubkey_cleanup(ssh);
 	ssh->authctxt = NULL;
 
-	pubkey_cleanup(&authctxt);
 	ssh_dispatch_range(ssh, SSH2_MSG_USERAUTH_MIN, SSH2_MSG_USERAUTH_MAX, NULL);
 
 	if (!authctxt.success)
@@ -416,10 +426,9 @@
 }
 
 /* ARGSUSED */
-int
+static int
 input_userauth_service_accept(int type, u_int32_t seq, struct ssh *ssh)
 {
-	Authctxt *authctxt = ssh->authctxt;
 	int r;
 
 	if (ssh_packet_remaining(ssh) > 0) {
@@ -437,7 +446,7 @@
 	debug("SSH2_MSG_SERVICE_ACCEPT received");
 
 	/* initial userauth request */
-	userauth_none(authctxt);
+	userauth_none(ssh);
 
 	ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_error);
 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
@@ -449,19 +458,19 @@
 }
 
 /* ARGSUSED */
-int
+static int
 input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh)
 {
 	return kex_input_ext_info(type, seqnr, ssh);
 }
 
 void
-userauth(Authctxt *authctxt, char *authlist)
+userauth(struct ssh *ssh, char *authlist)
 {
-	struct ssh *ssh = active_state; /* XXX */
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 
 	if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
-		authctxt->method->cleanup(authctxt);
+		authctxt->method->cleanup(ssh);
 
 	free(authctxt->methoddata);
 	authctxt->methoddata = NULL;
@@ -483,7 +492,7 @@
 		    SSH2_MSG_USERAUTH_PER_METHOD_MAX, NULL);
 
 		/* and try new method */
-		if (method->userauth(authctxt) != 0) {
+		if (method->userauth(ssh) != 0) {
 			debug2("we sent a %s packet, wait for reply", method->name);
 			break;
 		} else {
@@ -494,50 +503,53 @@
 }
 
 /* ARGSUSED */
-int
+static int
 input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
 {
-	fatal("input_userauth_error: bad message during authentication: "
-	    "type %d", type);
+	fatal("%s: bad message during authentication: type %d", __func__, type);
 	return 0;
 }
 
 /* ARGSUSED */
-int
+static int
 input_userauth_banner(int type, u_int32_t seq, struct ssh *ssh)
 {
-	char *msg, *lang;
-	u_int len;
+	char *msg = NULL;
+	size_t len;
+	int r;
 
 	debug3("%s", __func__);
-	msg = packet_get_string(&len);
-	lang = packet_get_string(NULL);
+	if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 ||
+	    (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0)
+		goto out;
 	if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO)
 		fmprintf(stderr, "%s", msg);
+	r = 0;
+ out:
 	free(msg);
-	free(lang);
-	return 0;
+	return r;
 }
 
 /* ARGSUSED */
-int
+static int
 input_userauth_success(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
 
 	if (authctxt == NULL)
-		fatal("input_userauth_success: no authentication context");
+		fatal("%s: no authentication context", __func__);
 	free(authctxt->authlist);
 	authctxt->authlist = NULL;
 	if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
-		authctxt->method->cleanup(authctxt);
+		authctxt->method->cleanup(ssh);
 	free(authctxt->methoddata);
 	authctxt->methoddata = NULL;
 	authctxt->success = 1;			/* break out */
 	return 0;
 }
 
-int
+#if 0
+static int
 input_userauth_success_unexpected(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
@@ -549,22 +561,22 @@
 	    authctxt->method->name);
 	return 0;
 }
+#endif
 
 /* ARGSUSED */
-int
+static int
 input_userauth_failure(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
 	char *authlist = NULL;
 	u_char partial;
-	int r;
 
 	if (authctxt == NULL)
 		fatal("input_userauth_failure: no authentication context");
 
-	if ((r = sshpkt_get_cstring(ssh, &authlist, NULL)) != 0 ||
-	    (r = sshpkt_get_u8(ssh, &partial)) != 0 ||
-	    (r = sshpkt_get_end(ssh)) != 0)
+	if (sshpkt_get_cstring(ssh, &authlist, NULL) != 0 ||
+	    sshpkt_get_u8(ssh, &partial) != 0 ||
+	    sshpkt_get_end(ssh) != 0)
 		goto out;
 
 	if (partial != 0) {
@@ -574,7 +586,7 @@
 	}
 	debug("Authentications that can continue: %s", authlist);
 
-	userauth(authctxt, authlist);
+	userauth(ssh, authlist);
 	authlist = NULL;
  out:
 	free(authlist);
@@ -606,7 +618,7 @@
 }
 
 /* ARGSUSED */
-int
+static int
 input_userauth_pk_ok(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
@@ -661,7 +673,7 @@
 	}
 	ident = format_identity(id);
 	debug("Server accepts key: %s", ident);
-	sent = sign_and_send_pubkey(ssh, authctxt, id);
+	sent = sign_and_send_pubkey(ssh, id);
 	r = 0;
  done:
 	sshkey_free(key);
@@ -672,40 +684,41 @@
 
 	/* try another method if we did not send a packet */
 	if (r == 0 && sent == 0)
-		userauth(authctxt, NULL);
+		userauth(ssh, NULL);
 	return r;
 }
 
 #ifdef GSSAPI
-int
-userauth_gssapi(Authctxt *authctxt)
+static int
+userauth_gssapi(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state; /* XXX */
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	Gssctxt *gssctxt = NULL;
-	static gss_OID_set gss_supported = NULL;
-	static u_int mech = 0;
 	OM_uint32 min;
 	int r, ok = 0;
+	gss_OID mech = NULL;
 
 	/* Try one GSSAPI method at a time, rather than sending them all at
 	 * once. */
 
-	if (gss_supported == NULL)
-		gss_indicate_mechs(&min, &gss_supported);
+	if (authctxt->gss_supported_mechs == NULL)
+		gss_indicate_mechs(&min, &authctxt->gss_supported_mechs);
 
-	/* Check to see if the mechanism is usable before we offer it */
-	while (mech < gss_supported->count && !ok) {
+	/* Check to see whether the mechanism is usable before we offer it */
+	while (authctxt->mech_tried < authctxt->gss_supported_mechs->count &&
+	    !ok) {
+		mech = &authctxt->gss_supported_mechs->
+		    elements[authctxt->mech_tried];
 		/* My DER encoding requires length<128 */
-		if (gss_supported->elements[mech].length < 128 &&
-		    ssh_gssapi_check_mechanism(&gssctxt,
-		    &gss_supported->elements[mech], authctxt->host)) {
+		if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt,
+		    mech, authctxt->host)) {
 			ok = 1; /* Mechanism works */
 		} else {
-			mech++;
+			authctxt->mech_tried++;
 		}
 	}
 
-	if (!ok)
+	if (!ok || mech == NULL)
 		return 0;
 
 	authctxt->methoddata=(void *)gssctxt;
@@ -715,14 +728,10 @@
 	    (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, 1)) != 0 ||
-	    (r = sshpkt_put_u32(ssh,
-	    (gss_supported->elements[mech].length) + 2)) != 0 ||
+	    (r = sshpkt_put_u32(ssh, (mech->length) + 2)) != 0 ||
 	    (r = sshpkt_put_u8(ssh, SSH_GSS_OIDTYPE)) != 0 ||
-	    (r = sshpkt_put_u8(ssh,
-	    gss_supported->elements[mech].length)) != 0 ||
-	    (r = sshpkt_put(ssh,
-	    gss_supported->elements[mech].elements,
-	    gss_supported->elements[mech].length)) != 0 ||
+	    (r = sshpkt_put_u8(ssh, mech->length)) != 0 ||
+	    (r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
 		fatal("%s: %s", __func__, ssh_err(r));
 
@@ -731,11 +740,24 @@
 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERROR, &input_gssapi_error);
 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, &input_gssapi_errtok);
 
-	mech++; /* Move along to next candidate */
+	authctxt->mech_tried++; /* Move along to next candidate */
 
 	return 1;
 }
 
+static void
+userauth_gssapi_cleanup(struct ssh *ssh)
+{
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
+	Gssctxt *gssctxt = (Gssctxt *)authctxt->methoddata;
+
+	ssh_gssapi_delete_ctx(&gssctxt);
+	authctxt->methoddata = NULL;
+
+	free(authctxt->gss_supported_mechs);
+	authctxt->gss_supported_mechs = NULL;
+}
+
 static OM_uint32
 process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok)
 {
@@ -803,7 +825,7 @@
 }
 
 /* ARGSUSED */
-int
+static int
 input_gssapi_response(int type, u_int32_t plen, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
@@ -824,7 +846,7 @@
 	    oidv[0] != SSH_GSS_OIDTYPE ||
 	    oidv[1] != oidlen - 2) {
 		debug("Badly encoded mechanism OID received");
-		userauth(authctxt, NULL);
+		userauth(ssh, NULL);
 		goto ok;
 	}
 
@@ -837,7 +859,7 @@
 	if (GSS_ERROR(process_gssapi_token(ssh, GSS_C_NO_BUFFER))) {
 		/* Start again with next method on list */
 		debug("Trying to start again");
-		userauth(authctxt, NULL);
+		userauth(ssh, NULL);
 		goto ok;
 	}
  ok:
@@ -848,7 +870,7 @@
 }
 
 /* ARGSUSED */
-int
+static int
 input_gssapi_token(int type, u_int32_t plen, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
@@ -871,7 +893,7 @@
 
 	/* Start again with the next method in the list */
 	if (GSS_ERROR(status)) {
-		userauth(authctxt, NULL);
+		userauth(ssh, NULL);
 		/* ok */
 	}
 	r = 0;
@@ -881,7 +903,7 @@
 }
 
 /* ARGSUSED */
-int
+static int
 input_gssapi_errtok(int type, u_int32_t plen, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
@@ -916,7 +938,7 @@
 }
 
 /* ARGSUSED */
-int
+static int
 input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh)
 {
 	char *msg = NULL;
@@ -937,10 +959,10 @@
 }
 #endif /* GSSAPI */
 
-int
-userauth_none(Authctxt *authctxt)
+static int
+userauth_none(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state; /* XXX */
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	int r;
 
 	/* initial userauth request */
@@ -953,25 +975,22 @@
 	return 1;
 }
 
-int
-userauth_passwd(Authctxt *authctxt)
+static int
+userauth_passwd(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state; /* XXX */
-	static int attempt = 0;
-	char prompt[256];
-	char *password;
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
+	char *password, *prompt = NULL;
 	const char *host = options.host_key_alias ?  options.host_key_alias :
 	    authctxt->host;
 	int r;
 
-	if (attempt++ >= options.number_of_password_prompts)
+	if (authctxt->attempt_passwd++ >= options.number_of_password_prompts)
 		return 0;
 
-	if (attempt != 1)
+	if (authctxt->attempt_passwd != 1)
 		error("Permission denied, please try again.");
 
-	snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
-	    authctxt->server_user, host);
+	xasprintf(&prompt, "%s@%s's password: ", authctxt->server_user, host);
 	password = read_passphrase(prompt, 0);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
@@ -983,7 +1002,8 @@
 	    (r = sshpkt_send(ssh)) != 0)
 		fatal("%s: %s", __func__, ssh_err(r));
 
-	if (password)
+	free(prompt);
+	if (password != NULL)
 		freezero(password, strlen(password));
 
 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ,
@@ -996,7 +1016,7 @@
  * parse PASSWD_CHANGEREQ, prompt user and send SSH2_MSG_USERAUTH_REQUEST
  */
 /* ARGSUSED */
-int
+static int
 input_userauth_passwd_changereq(int type, u_int32_t seqnr, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
@@ -1180,8 +1200,9 @@
 }
 
 static int
-sign_and_send_pubkey(struct ssh *ssh, Authctxt *authctxt, Identity *id)
+sign_and_send_pubkey(struct ssh *ssh, Identity *id)
 {
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	struct sshbuf *b = NULL;
 	Identity *private_id, *sign_id = NULL;
 	u_char *signature = NULL;
@@ -1339,8 +1360,9 @@
 }
 
 static int
-send_pubkey_test(struct ssh *ssh, Authctxt *authctxt, Identity *id)
+send_pubkey_test(struct ssh *ssh, Identity *id)
 {
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	u_char *blob = NULL;
 	char *alg = NULL;
 	size_t bloblen;
@@ -1382,10 +1404,10 @@
 {
 	struct sshkey *private = NULL;
 	char prompt[300], *passphrase, *comment;
-	int r, perm_ok = 0, quit = 0, i;
+	int r, quit = 0, i;
 	struct stat st;
 
-	if (stat(id->filename, &st) < 0) {
+	if (stat(id->filename, &st) == -1) {
 		(id->userprovided ? logit : debug3)("no such identity: %s: %s",
 		    id->filename, strerror(errno));
 		return NULL;
@@ -1404,7 +1426,7 @@
 			}
 		}
 		switch ((r = sshkey_load_private_type(KEY_UNSPEC, id->filename,
-		    passphrase, &private, &comment, &perm_ok))) {
+		    passphrase, &private, &comment))) {
 		case 0:
 			break;
 		case SSH_ERR_KEY_WRONG_PASSPHRASE:
@@ -1616,12 +1638,15 @@
 }
 
 static void
-pubkey_cleanup(Authctxt *authctxt)
+pubkey_cleanup(struct ssh *ssh)
 {
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	Identity *id;
 
-	if (authctxt->agent_fd != -1)
+	if (authctxt->agent_fd != -1) {
 		ssh_close_authentication_socket(authctxt->agent_fd);
+		authctxt->agent_fd = -1;
+	}
 	for (id = TAILQ_FIRST(&authctxt->keys); id;
 	    id = TAILQ_FIRST(&authctxt->keys)) {
 		TAILQ_REMOVE(&authctxt->keys, id, next);
@@ -1654,10 +1679,10 @@
 	return 1;
 }
 
-int
-userauth_pubkey(Authctxt *authctxt)
+static int
+userauth_pubkey(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state; /* XXX */
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	Identity *id;
 	int sent = 0;
 	char *ident;
@@ -1678,7 +1703,7 @@
 				ident = format_identity(id);
 				debug("Offering public key: %s", ident);
 				free(ident);
-				sent = send_pubkey_test(ssh, authctxt, id);
+				sent = send_pubkey_test(ssh, id);
 			}
 		} else {
 			debug("Trying private key: %s", id->filename);
@@ -1686,8 +1711,7 @@
 			if (id->key != NULL) {
 				if (try_identity(id)) {
 					id->isprivate = 1;
-					sent = sign_and_send_pubkey(ssh,
-					    authctxt, id);
+					sent = sign_and_send_pubkey(ssh, id);
 				}
 				sshkey_free(id->key);
 				id->key = NULL;
@@ -1703,17 +1727,16 @@
 /*
  * Send userauth request message specifying keyboard-interactive method.
  */
-int
-userauth_kbdint(Authctxt *authctxt)
+static int
+userauth_kbdint(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state; /* XXX */
-	static int attempt = 0;
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	int r;
 
-	if (attempt++ >= options.number_of_password_prompts)
+	if (authctxt->attempt_kbdint++ >= options.number_of_password_prompts)
 		return 0;
 	/* disable if no SSH2_MSG_USERAUTH_INFO_REQUEST has been seen */
-	if (attempt > 1 && !authctxt->info_req_seen) {
+	if (authctxt->attempt_kbdint > 1 && !authctxt->info_req_seen) {
 		debug3("userauth_kbdint: disable: no info_req_seen");
 		ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, NULL);
 		return 0;
@@ -1737,7 +1760,7 @@
 /*
  * parse INFO_REQUEST, prompt user and send INFO_RESPONSE
  */
-int
+static int
 input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh)
 {
 	Authctxt *authctxt = ssh->authctxt;
@@ -1803,20 +1826,21 @@
 }
 
 static int
-ssh_keysign(struct sshkey *key, u_char **sigp, size_t *lenp,
+ssh_keysign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen)
 {
 	struct sshbuf *b;
 	struct stat st;
 	pid_t pid;
-	int i, r, to[2], from[2], status, sock = packet_get_connection_in();
+	int r, to[2], from[2], status;
+	int sock = ssh_packet_get_connection_in(ssh);
 	u_char rversion = 0, version = 2;
 	void (*osigchld)(int);
 
 	*sigp = NULL;
 	*lenp = 0;
 
-	if (stat(_PATH_SSH_KEY_SIGN, &st) < 0) {
+	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
 		error("%s: not installed: %s", __func__, strerror(errno));
 		return -1;
 	}
@@ -1824,34 +1848,35 @@
 		error("%s: fflush: %s", __func__, strerror(errno));
 		return -1;
 	}
-	if (pipe(to) < 0) {
+	if (pipe(to) == -1) {
 		error("%s: pipe: %s", __func__, strerror(errno));
 		return -1;
 	}
-	if (pipe(from) < 0) {
+	if (pipe(from) == -1) {
 		error("%s: pipe: %s", __func__, strerror(errno));
 		return -1;
 	}
-	if ((pid = fork()) < 0) {
+	if ((pid = fork()) == -1) {
 		error("%s: fork: %s", __func__, strerror(errno));
 		return -1;
 	}
 	osigchld = signal(SIGCHLD, SIG_DFL);
 	if (pid == 0) {
-		/* keep the socket on exec */
-		fcntl(sock, F_SETFD, 0);
 		close(from[0]);
-		if (dup2(from[1], STDOUT_FILENO) < 0)
+		if (dup2(from[1], STDOUT_FILENO) == -1)
 			fatal("%s: dup2: %s", __func__, strerror(errno));
 		close(to[1]);
-		if (dup2(to[0], STDIN_FILENO) < 0)
+		if (dup2(to[0], STDIN_FILENO) == -1)
 			fatal("%s: dup2: %s", __func__, strerror(errno));
 		close(from[1]);
 		close(to[0]);
-		/* Close everything but stdio and the socket */
-		for (i = STDERR_FILENO + 1; i < sock; i++)
-			close(i);
+
+		if (dup2(sock, STDERR_FILENO + 1) == -1)
+			fatal("%s: dup2: %s", __func__, strerror(errno));
+		sock = STDERR_FILENO + 1;
+		fcntl(sock, F_SETFD, 0);	/* keep the socket on exec */
 		closefrom(sock + 1);
+
 		debug3("%s: [child] pid=%ld, exec %s",
 		    __func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
 		execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
@@ -1860,6 +1885,7 @@
 	}
 	close(from[1]);
 	close(to[0]);
+	sock = STDERR_FILENO + 1;
 
 	if ((b = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
@@ -1879,7 +1905,7 @@
 	}
 
 	errno = 0;
-	while (waitpid(pid, &status, 0) < 0) {
+	while (waitpid(pid, &status, 0) == -1) {
 		if (errno != EINTR) {
 			error("%s: waitpid %ld: %s",
 			    __func__, (long)pid, strerror(errno));
@@ -1916,10 +1942,10 @@
 	return 0;
 }
 
-int
-userauth_hostbased(Authctxt *authctxt)
+static int
+userauth_hostbased(struct ssh *ssh)
 {
-	struct ssh *ssh = active_state; /* XXX */
+	Authctxt *authctxt = (Authctxt *)ssh->authctxt;
 	struct sshkey *private = NULL;
 	struct sshbuf *b = NULL;
 	u_char *sig = NULL, *keyblob = NULL;
@@ -1983,7 +2009,8 @@
 	    __func__, sshkey_ssh_name(private), fp);
 
 	/* figure out a name for the client host */
-	if ((lname = get_local_name(packet_get_connection_in())) == NULL) {
+	lname = get_local_name(ssh_packet_get_connection_in(ssh));
+	if (lname == NULL) {
 		error("%s: cannot get local ipaddr/name", __func__);
 		goto out;
 	}
@@ -2017,9 +2044,8 @@
 #ifdef DEBUG_PK
 	sshbuf_dump(b, stderr);
 #endif
-	r = ssh_keysign(private, &sig, &siglen,
-	    sshbuf_ptr(b), sshbuf_len(b));
-	if (r != 0) {
+	if ((r = ssh_keysign(ssh, private, &sig, &siglen,
+	    sshbuf_ptr(b), sshbuf_len(b))) != 0) {
 		error("sign using hostkey %s %s failed",
 		    sshkey_ssh_name(private), fp);
 		goto out;
Index: sshd.0
===================================================================
--- sshd.0
+++ sshd.0
@@ -650,4 +650,4 @@
      versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
      for privilege separation.
 
-OpenBSD 6.4                      July 22, 2018                     OpenBSD 6.4
+OpenBSD 6.6                      July 22, 2018                     OpenBSD 6.6
Index: sshd.c
===================================================================
--- sshd.c
+++ sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.516 2018/09/21 12:23:17 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.537 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -151,45 +151,38 @@
  * configuration, optionally using connection information provided by the
  * "-C" flag.
  */
-int test_flag = 0;
+static int test_flag = 0;
 
 /* Flag indicating that the daemon is being started from inetd. */
-int inetd_flag = 0;
+static int inetd_flag = 0;
 
 /* Flag indicating that sshd should not detach and become a daemon. */
-int no_daemon_flag = 0;
+static int no_daemon_flag = 0;
 
 /* debug goes to stderr unless inetd_flag is set */
-int log_stderr = 0;
+static int log_stderr = 0;
 
 /* Saved arguments to main(). */
-char **saved_argv;
-int saved_argc;
+static char **saved_argv;
+static int saved_argc;
 
 /* re-exec */
-int rexeced_flag = 0;
-int rexec_flag = 1;
-int rexec_argc = 0;
-char **rexec_argv;
+static int rexeced_flag = 0;
+static int rexec_flag = 1;
+static int rexec_argc = 0;
+static char **rexec_argv;
 
 /*
  * The sockets that the server is listening; this is used in the SIGHUP
  * signal handler.
  */
 #define	MAX_LISTEN_SOCKS	16
-int listen_socks[MAX_LISTEN_SOCKS];
-int num_listen_socks = 0;
+static int listen_socks[MAX_LISTEN_SOCKS];
+static int num_listen_socks = 0;
 
-/*
- * the client's version string, passed by sshd2 in compat mode. if != NULL,
- * sshd will skip the version-number exchange
- */
-char *client_version_string = NULL;
-char *server_version_string = NULL;
-
 /* Daemon's agent connection */
 int auth_sock = -1;
-int have_agent = 0;
+static int have_agent = 0;
 
 /*
  * Any really sensitive data in the application is contained in this
@@ -220,9 +213,26 @@
 /* record remote hostname or ip */
 u_int utmp_len = HOST_NAME_MAX+1;
 
-/* options.max_startup sized array of fd ints */
-int *startup_pipes = NULL;
-int startup_pipe;		/* in child */
+/*
+ * startup_pipes/flags are used for tracking children of the listening sshd
+ * process early in their lifespans. This tracking is needed for three things:
+ *
+ * 1) Implementing the MaxStartups limit of concurrent unauthenticated
+ *    connections.
+ * 2) Avoiding a race condition for SIGHUP processing, where child processes
+ *    may have listen_socks open that could collide with main listener process
+ *    after it restarts.
+ * 3) Ensuring that rexec'd sshd processes have received their initial state
+ *    from the parent listen process before handling SIGHUP.
+ *
+ * Child processes signal that they have completed closure of the listen_socks
+ * and (if applicable) received their rexec state by sending a char over their
+ * sock. Child processes signal that authentication has completed by closing
+ * the sock (or by exiting).
+ */
+static int *startup_pipes = NULL;
+static int *startup_flags = NULL;	/* Indicates child closed listener */
+static int startup_pipe = -1;		/* in child */
 
 /* variables used for privilege separation */
 int use_privsep = -1;
@@ -230,8 +240,9 @@
 int privsep_is_preauth = 1;
 static int privsep_chroot = 1;
 
-/* global authentication context */
+/* global connection state and authentication contexts */
 Authctxt *the_authctxt = NULL;
+struct ssh *the_active_state;
 
 /* global key/cert auth options. XXX move to permanent ssh->authctxt? */
 struct sshauthopt *auth_opts = NULL;
@@ -248,7 +259,7 @@
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
 void demote_sensitive_data(void);
-static void do_ssh2_kex(void);
+static void do_ssh2_kex(struct ssh *);
 
 /*
  * Close all listening sockets
@@ -334,7 +345,7 @@
 	int status;
 
 	while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
-	    (pid < 0 && errno == EINTR))
+	    (pid == -1 && errno == EINTR))
 		;
 	errno = save_errno;
 }
@@ -358,113 +369,13 @@
 		kill(0, SIGTERM);
 	}
 
+	/* XXX pre-format ipaddr/port so we don't need to access active_state */
 	/* Log error and exit. */
 	sigdie("Timeout before authentication for %s port %d",
-	    ssh_remote_ipaddr(active_state), ssh_remote_port(active_state));
+	    ssh_remote_ipaddr(the_active_state),
+	    ssh_remote_port(the_active_state));
 }
 
-static void
-sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out)
-{
-	u_int i;
-	int remote_major, remote_minor;
-	char *s;
-	char buf[256];			/* Must not be larger than remote_version. */
-	char remote_version[256];	/* Must be at least as big as buf. */
-
-	xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n",
-	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
-	    *options.version_addendum == '\0' ? "" : " ",
-	    options.version_addendum);
-
-	/* Send our protocol version identification. */
-	if (atomicio(vwrite, sock_out, server_version_string,
-	    strlen(server_version_string))
-	    != strlen(server_version_string)) {
-		logit("Could not write ident string to %s port %d",
-		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
-		cleanup_exit(255);
-	}
-
-	/* Read other sides version identification. */
-	memset(buf, 0, sizeof(buf));
-	for (i = 0; i < sizeof(buf) - 1; i++) {
-		if (atomicio(read, sock_in, &buf[i], 1) != 1) {
-			logit("Did not receive identification string "
-			    "from %s port %d",
-			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
-			cleanup_exit(255);
-		}
-		if (buf[i] == '\r') {
-			buf[i] = 0;
-			/* Kludge for F-Secure Macintosh < 1.0.2 */
-			if (i == 12 &&
-			    strncmp(buf, "SSH-1.5-W1.0", 12) == 0)
-				break;
-			continue;
-		}
-		if (buf[i] == '\n') {
-			buf[i] = 0;
-			break;
-		}
-	}
-	buf[sizeof(buf) - 1] = 0;
-	client_version_string = xstrdup(buf);
-
-	/*
-	 * Check that the versions match.  In future this might accept
-	 * several versions and set appropriate flags to handle them.
-	 */
-	if (sscanf(client_version_string, "SSH-%d.%d-%[^\n]\n",
-	    &remote_major, &remote_minor, remote_version) != 3) {
-		s = "Protocol mismatch.\n";
-		(void) atomicio(vwrite, sock_out, s, strlen(s));
-		logit("Bad protocol version identification '%.100s' "
-		    "from %s port %d", client_version_string,
-		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
-		close(sock_in);
-		close(sock_out);
-		cleanup_exit(255);
-	}
-	debug("Client protocol version %d.%d; client software version %.100s",
-	    remote_major, remote_minor, remote_version);
-
-	ssh->compat = compat_datafellows(remote_version);
-
-	if ((ssh->compat & SSH_BUG_PROBE) != 0) {
-		logit("probed from %s port %d with %s.  Don't panic.",
-		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
-		    client_version_string);
-		cleanup_exit(255);
-	}
-	if ((ssh->compat & SSH_BUG_SCANNER) != 0) {
-		logit("scanned from %s port %d with %s.  Don't panic.",
-		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
-		    client_version_string);
-		cleanup_exit(255);
-	}
-	if ((ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
-		logit("Client version \"%.100s\" uses unsafe RSA signature "
-		    "scheme; disabling use of RSA keys", remote_version);
-	}
-
-	chop(server_version_string);
-	debug("Local version string %.200s", server_version_string);
-
-	if (remote_major != 2 &&
-	    !(remote_major == 1 && remote_minor == 99)) {
-		s = "Protocol major versions differ.\n";
-		(void) atomicio(vwrite, sock_out, s, strlen(s));
-		close(sock_in);
-		close(sock_out);
-		logit("Protocol major versions differ for %s port %d: "
-		    "%.200s vs. %.200s",
-		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
-		    server_version_string, client_version_string);
-		cleanup_exit(255);
-	}
-}
-
 /* Destroy the host and server keys.  They will no longer be needed. */
 void
 destroy_sensitive_data(void)
@@ -557,14 +468,14 @@
 		debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
 		    (u_int)privsep_pw->pw_gid);
 		gidset[0] = privsep_pw->pw_gid;
-		if (setgroups(1, gidset) < 0)
+		if (setgroups(1, gidset) == -1)
 			fatal("setgroups: %.100s", strerror(errno));
 		permanently_set_uid(privsep_pw);
 	}
 }
 
 static int
-privsep_preauth(Authctxt *authctxt)
+privsep_preauth(struct ssh *ssh)
 {
 	int status, r;
 	pid_t pid;
@@ -573,7 +484,7 @@
 	/* Set up unprivileged child process to deal with network data */
 	pmonitor = monitor_init();
 	/* Store a pointer to the kex for later rekeying */
-	pmonitor->m_pkex = &active_state->kex;
+	pmonitor->m_pkex = &ssh->kex;
 
 	if (use_privsep == PRIVSEP_ON)
 		box = ssh_sandbox_init(pmonitor);
@@ -594,10 +505,10 @@
 		}
 		if (box != NULL)
 			ssh_sandbox_parent_preauth(box, pid);
-		monitor_child_preauth(authctxt, pmonitor);
+		monitor_child_preauth(ssh, pmonitor);
 
 		/* Wait for the child's exit status */
-		while (waitpid(pid, &status, 0) < 0) {
+		while (waitpid(pid, &status, 0) == -1) {
 			if (errno == EINTR)
 				continue;
 			pmonitor->m_pid = -1;
@@ -633,7 +544,7 @@
 }
 
 static void
-privsep_postauth(Authctxt *authctxt)
+privsep_postauth(struct ssh *ssh, Authctxt *authctxt)
 {
 #ifdef DISABLE_FD_PASSING
 	if (1) {
@@ -654,8 +565,8 @@
 	else if (pmonitor->m_pid != 0) {
 		verbose("User child is on pid %ld", (long)pmonitor->m_pid);
 		sshbuf_reset(loginmsg);
-		monitor_clear_keystate(pmonitor);
-		monitor_child_postauth(pmonitor);
+		monitor_clear_keystate(ssh, pmonitor);
+		monitor_child_postauth(ssh, pmonitor);
 
 		/* NEVERREACHED */
 		exit(0);
@@ -676,13 +587,13 @@
 
  skip:
 	/* It is safe now to apply the key state */
-	monitor_apply_keystate(pmonitor);
+	monitor_apply_keystate(ssh, pmonitor);
 
 	/*
 	 * Tell the packet layer that authentication was successful, since
 	 * this information is not part of the key state.
 	 */
-	packet_set_authenticated();
+	ssh_packet_set_authenticated(ssh);
 }
 
 static void
@@ -849,7 +760,7 @@
 	char *fp;
 
 	/* Some clients cannot cope with the hostkeys message, skip those. */
-	if (datafellows & SSH_BUG_HOSTKEYS)
+	if (ssh->compat & SSH_BUG_HOSTKEYS)
 		return;
 
 	if ((buf = sshbuf_new()) == NULL)
@@ -865,21 +776,29 @@
 		    sshkey_ssh_name(key), fp);
 		free(fp);
 		if (nkeys == 0) {
-			packet_start(SSH2_MSG_GLOBAL_REQUEST);
-			packet_put_cstring("hostkeys-00@openssh.com");
-			packet_put_char(0); /* want-reply */
+			/*
+			 * Start building the request when we find the
+			 * first usable key.
+			 */
+			if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
+			    (r = sshpkt_put_cstring(ssh, "hostkeys-00@openssh.com")) != 0 ||
+			    (r = sshpkt_put_u8(ssh, 0)) != 0) /* want reply */
+				sshpkt_fatal(ssh, r, "%s: start request", __func__);
 		}
+		/* Append the key to the request */
 		sshbuf_reset(buf);
 		if ((r = sshkey_putb(key, buf)) != 0)
 			fatal("%s: couldn't put hostkey %d: %s",
 			    __func__, i, ssh_err(r));
-		packet_put_string(sshbuf_ptr(buf), sshbuf_len(buf));
+		if ((r = sshpkt_put_stringb(ssh, buf)) != 0)
+			sshpkt_fatal(ssh, r, "%s: append key", __func__);
 		nkeys++;
 	}
 	debug3("%s: sent %u hostkeys", __func__, nkeys);
 	if (nkeys == 0)
 		fatal("%s: no hostkeys", __func__);
-	packet_send();
+	if ((r = sshpkt_send(ssh)) != 0)
+		sshpkt_fatal(ssh, r, "%s: send", __func__);
 	sshbuf_free(buf);
 }
 
@@ -917,7 +836,7 @@
 	fprintf(stderr, "%s, %s\n",
 	    SSH_RELEASE,
 #ifdef WITH_OPENSSL
-	    SSLeay_version(SSLEAY_VERSION)
+	    OpenSSL_version(OPENSSL_VERSION)
 #else
 	    "without OpenSSL"
 #endif
@@ -999,14 +918,9 @@
 {
 	int fd;
 
-	startup_pipe = -1;
 	if (rexeced_flag) {
 		close(REEXEC_CONFIG_PASS_FD);
 		*sock_in = *sock_out = dup(STDIN_FILENO);
-		if (!debug_flag) {
-			startup_pipe = dup(REEXEC_STARTUP_PIPE_FD);
-			close(REEXEC_STARTUP_PIPE_FD);
-		}
 	} else {
 		*sock_in = dup(STDIN_FILENO);
 		*sock_out = dup(STDOUT_FILENO);
@@ -1053,7 +967,7 @@
 		/* Create socket for listening. */
 		listen_sock = socket(ai->ai_family, ai->ai_socktype,
 		    ai->ai_protocol);
-		if (listen_sock < 0) {
+		if (listen_sock == -1) {
 			/* kernel may not support ipv6 */
 			verbose("socket: %.100s", strerror(errno));
 			continue;
@@ -1082,7 +996,7 @@
 		debug("Bind to port %s on %s.", strport, ntop);
 
 		/* Bind the socket to the desired port. */
-		if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+		if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) == -1) {
 			error("Bind to port %s on %s failed: %.200s.",
 			    strport, ntop, strerror(errno));
 			close(listen_sock);
@@ -1092,7 +1006,7 @@
 		num_listen_socks++;
 
 		/* Start listening on the port. */
-		if (listen(listen_sock, SSH_LISTEN_BACKLOG) < 0)
+		if (listen(listen_sock, SSH_LISTEN_BACKLOG) == -1)
 			fatal("listen on [%s]:%s: %.100s",
 			    ntop, strport, strerror(errno));
 		logit("Server listening on %s port %s%s%s.",
@@ -1131,8 +1045,9 @@
 {
 	fd_set *fdset;
 	int i, j, ret, maxfd;
-	int startups = 0;
+	int startups = 0, listening = 0, lameduck = 0;
 	int startup_p[2] = { -1 , -1 };
+	char c = 0;
 	struct sockaddr_storage from;
 	socklen_t fromlen;
 	pid_t pid;
@@ -1146,6 +1061,7 @@
 			maxfd = listen_socks[i];
 	/* pipes connected to unauthenticated childs */
 	startup_pipes = xcalloc(options.max_startups, sizeof(int));
+	startup_flags = xcalloc(options.max_startups, sizeof(int));
 	for (i = 0; i < options.max_startups; i++)
 		startup_pipes[i] = -1;
 
@@ -1154,8 +1070,15 @@
 	 * the daemon is killed with a signal.
 	 */
 	for (;;) {
-		if (received_sighup)
-			sighup_restart();
+		if (received_sighup) {
+			if (!lameduck) {
+				debug("Received SIGHUP; waiting for children");
+				close_listen_socks();
+				lameduck = 1;
+			}
+			if (listening <= 0)
+				sighup_restart();
+		}
 		free(fdset);
 		fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
 		    sizeof(fd_mask));
@@ -1168,7 +1091,7 @@
 
 		/* Wait in select until there is a connection. */
 		ret = select(maxfd+1, fdset, NULL, NULL, NULL);
-		if (ret < 0 && errno != EINTR)
+		if (ret == -1 && errno != EINTR)
 			error("select: %.100s", strerror(errno));
 		if (received_sigterm) {
 			logit("Received signal %d; terminating.",
@@ -1178,29 +1101,47 @@
 				unlink(options.pid_file);
 			exit(received_sigterm == SIGTERM ? 0 : 255);
 		}
-		if (ret < 0)
+		if (ret == -1)
 			continue;
 
-		for (i = 0; i < options.max_startups; i++)
-			if (startup_pipes[i] != -1 &&
-			    FD_ISSET(startup_pipes[i], fdset)) {
-				/*
-				 * the read end of the pipe is ready
-				 * if the child has closed the pipe
-				 * after successful authentication
-				 * or if the child has died
-				 */
+		for (i = 0; i < options.max_startups; i++) {
+			if (startup_pipes[i] == -1 ||
+			    !FD_ISSET(startup_pipes[i], fdset))
+				continue;
+			switch (read(startup_pipes[i], &c, sizeof(c))) {
+			case -1:
+				if (errno == EINTR || errno == EAGAIN)
+					continue;
+				if (errno != EPIPE) {
+					error("%s: startup pipe %d (fd=%d): "
+					    "read %s", __func__, i,
+					    startup_pipes[i], strerror(errno));
+				}
+				/* FALLTHROUGH */
+			case 0:
+				/* child exited or completed auth */
 				close(startup_pipes[i]);
 				startup_pipes[i] = -1;
 				startups--;
+				if (startup_flags[i])
+					listening--;
+				break;
+			case 1:
+				/* child has finished preliminaries */
+				if (startup_flags[i]) {
+					listening--;
+					startup_flags[i] = 0;
+				}
+				break;
 			}
+		}
 		for (i = 0; i < num_listen_socks; i++) {
 			if (!FD_ISSET(listen_socks[i], fdset))
 				continue;
 			fromlen = sizeof(from);
 			*newsock = accept(listen_socks[i],
 			    (struct sockaddr *)&from, &fromlen);
-			if (*newsock < 0) {
+			if (*newsock == -1) {
 				if (errno != EINTR && errno != EWOULDBLOCK &&
 				    errno != ECONNABORTED && errno != EAGAIN)
 					error("accept: %.100s",
@@ -1247,6 +1188,7 @@
 					if (maxfd < startup_p[0])
 						maxfd = startup_p[0];
 					startups++;
+					startup_flags[j] = 1;
 					break;
 				}
 
@@ -1272,7 +1214,7 @@
 					send_rexec_state(config_s[0], cfg);
 					close(config_s[0]);
 				}
-				break;
+				return;
 			}
 
 			/*
@@ -1281,13 +1223,14 @@
 			 * parent continues listening.
 			 */
 			platform_pre_fork();
+			listening++;
 			if ((pid = fork()) == 0) {
 				/*
 				 * Child.  Close the listening and
 				 * max_startup sockets.  Start using
 				 * the accepted socket. Reinitialize
 				 * logging (since our pid has changed).
-				 * We break out of the loop to handle
+				 * We return from this function to handle
 				 * the connection.
 				 */
 				platform_post_fork_child();
@@ -1302,12 +1245,23 @@
 				    log_stderr);
 				if (rexec_flag)
 					close(config_s[0]);
-				break;
+				else {
+					/*
+					 * Signal parent that the preliminaries
+					 * for this child are complete. For the
+					 * re-exec case, this happens after the
+					 * child has received the rexec state
+					 * from the server.
+					 */
+					(void)atomicio(vwrite, startup_pipe,
+					    "\0", 1);
+				}
+				return;
 			}
 
 			/* Parent.  Stay in the loop. */
 			platform_post_fork_parent(pid);
-			if (pid < 0)
+			if (pid == -1)
 				error("fork: %.100s", strerror(errno));
 			else
 				debug("Forked child %ld.", (long)pid);
@@ -1334,10 +1288,6 @@
 #endif
 			explicit_bzero(rnd, sizeof(rnd));
 		}
-
-		/* child process check (or debug mode) */
-		if (num_listen_socks < 0)
-			break;
 	}
 }
 
@@ -1364,7 +1314,7 @@
 
 	memset(&from, 0, sizeof(from));
 	if (getpeername(sock_in, (struct sockaddr *)&from,
-	    &fromlen) < 0)
+	    &fromlen) == -1)
 		return;
 	if (from.ss_family != AF_INET)
 		return;
@@ -1425,7 +1375,7 @@
 
 static void
 accumulate_host_timing_secret(struct sshbuf *server_cfg,
-    const struct sshkey *key)
+    struct sshkey *key)
 {
 	static struct ssh_digest_ctx *ctx;
 	u_char *hash;
@@ -1483,8 +1433,6 @@
 	Authctxt *authctxt;
 	struct connection_info *connection_info = NULL;
 
-	ssh_malloc_init();	/* must be called before any mallocs */
-
 #ifdef HAVE_SECUREWARE
 	(void)set_auth_parameters(ac, av);
 #endif
@@ -1510,6 +1458,8 @@
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+	seed_rng();
+
 	/* Initialize configuration options to their default values. */
 	initialize_server_options(&options);
 
@@ -1588,7 +1538,7 @@
 			break;
 		case 'h':
 			servconf_add_hostkey("[command-line]", 0,
-			    &options, optarg);
+			    &options, optarg, 1);
 			break;
 		case 't':
 			test_flag = 1;
@@ -1597,7 +1547,7 @@
 			test_flag = 2;
 			break;
 		case 'C':
-			connection_info = get_connection_info(0, 0);
+			connection_info = get_connection_info(ssh, 0, 0);
 			if (parse_server_match_testspec(connection_info,
 			    optarg) == -1)
 				exit(1);
@@ -1624,17 +1574,13 @@
 	}
 	if (rexeced_flag || inetd_flag)
 		rexec_flag = 0;
-	if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
+	if (!test_flag && rexec_flag && !path_absolute(av[0]))
 		fatal("sshd re-exec requires execution with an absolute path");
 	if (rexeced_flag)
 		closefrom(REEXEC_MIN_FREE_FD);
 	else
 		closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
 
-#ifdef WITH_OPENSSL
-	OpenSSL_add_all_algorithms();
-#endif
-
 	/* If requested, redirect the logs to the specified logfile. */
 	if (logfile != NULL)
 		log_redirect_stderr_to(logfile);
@@ -1669,16 +1615,24 @@
 	/* Fetch our configuration */
 	if ((cfg = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __func__);
-	if (rexeced_flag)
+	if (rexeced_flag) {
 		recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg);
+		if (!debug_flag) {
+			startup_pipe = dup(REEXEC_STARTUP_PIPE_FD);
+			close(REEXEC_STARTUP_PIPE_FD);
+			/*
+			 * Signal parent that this child is at a point where
+			 * they can go away if they have a SIGHUP pending.
+			 */
+			(void)atomicio(vwrite, startup_pipe, "\0", 1);
+		}
+	}
 	else if (strcasecmp(config_file_name, "none") != 0)
 		load_server_config(config_file_name, cfg);
 
 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
 	    cfg, NULL);
 
-	seed_rng();
-
 	/* Fill in default values for those options not explicitly set. */
 	fill_default_server_options(&options);
 
@@ -1723,7 +1677,7 @@
 
 	debug("sshd version %s, %s", SSH_VERSION,
 #ifdef WITH_OPENSSL
-	    SSLeay_version(SSLEAY_VERSION)
+	    OpenSSL_version(OPENSSL_VERSION)
 #else
 	    "without OpenSSL"
 #endif
@@ -1760,15 +1714,24 @@
 	}
 
 	for (i = 0; i < options.num_host_key_files; i++) {
+		int ll = options.host_key_file_userprovided[i] ?
+		    SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_DEBUG1;
+
 		if (options.host_key_files[i] == NULL)
 			continue;
 		if ((r = sshkey_load_private(options.host_key_files[i], "",
 		    &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
-			error("Error loading host key \"%s\": %s",
+			do_log2(ll, "Unable to load host key \"%s\": %s",
 			    options.host_key_files[i], ssh_err(r));
+		if (r == 0 && (r = sshkey_shield_private(key)) != 0) {
+			do_log2(ll, "Unable to shield host key \"%s\": %s",
+			    options.host_key_files[i], ssh_err(r));
+			sshkey_free(key);
+			key = NULL;
+		}
 		if ((r = sshkey_load_public(options.host_key_files[i],
 		    &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
-			error("Error loading host key \"%s\": %s",
+			do_log2(ll, "Unable to load host key \"%s\": %s",
 			    options.host_key_files[i], ssh_err(r));
 		if (pubkey == NULL && key != NULL)
 			if ((r = sshkey_from_private(key, &pubkey)) != 0)
@@ -1785,7 +1748,7 @@
 			keytype = key->type;
 			accumulate_host_timing_secret(cfg, key);
 		} else {
-			error("Could not load host key: %s",
+			do_log2(ll, "Unable to load host key: %s",
 			    options.host_key_files[i]);
 			sensitive_data.host_keys[i] = NULL;
 			sensitive_data.host_pubkeys[i] = NULL;
@@ -1883,7 +1846,8 @@
 		 * use a blank one that will cause no predicate to match.
 		 */
 		if (connection_info == NULL)
-			connection_info = get_connection_info(0, 0);
+			connection_info = get_connection_info(ssh, 0, 0);
+		connection_info->test = 1;
 		parse_server_match_config(&options, connection_info);
 		dump_config(&options);
 	}
@@ -1931,7 +1895,7 @@
 	already_daemon = daemonized();
 	if (!(debug_flag || inetd_flag || no_daemon_flag || already_daemon)) {
 
-		if (daemon(0, 0) < 0)
+		if (daemon(0, 0) == -1)
 			fatal("daemon() failed: %.200s", strerror(errno));
 
 		disconnect_controlling_tty();
@@ -1994,7 +1958,7 @@
 	 * controlling terminal which will result in "could not set
 	 * controlling tty" errors.
 	 */
-	if (!debug_flag && !inetd_flag && setsid() < 0)
+	if (!debug_flag && !inetd_flag && setsid() == -1)
 		error("setsid: %.100s", strerror(errno));
 #endif
 
@@ -2058,9 +2022,10 @@
 	 * Register our connection.  This turns encryption off because we do
 	 * not have a key.
 	 */
-	packet_set_connection(sock_in, sock_out);
-	packet_set_server();
-	ssh = active_state; /* XXX */
+	if ((ssh = ssh_packet_set_connection(NULL, sock_in, sock_out)) == NULL)
+		fatal("Unable to create connection");
+	the_active_state = ssh;
+	ssh_packet_set_server(ssh);
 
 	check_ip_options(ssh);
 
@@ -2070,8 +2035,8 @@
 	process_permitopen(ssh, &options);
 
 	/* Set SO_KEEPALIVE if requested. */
-	if (options.tcp_keep_alive && packet_connection_is_on_socket() &&
-	    setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
+	if (options.tcp_keep_alive && ssh_packet_connection_is_on_socket(ssh) &&
+	    setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) == -1)
 		error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
 
 	if ((remote_port = ssh_remote_port(ssh)) < 0) {
@@ -2116,11 +2081,14 @@
 	if (!debug_flag)
 		alarm(options.login_grace_time);
 
-	sshd_exchange_identification(ssh, sock_in, sock_out);
-	packet_set_nonblocking();
+	if (kex_exchange_identification(ssh, -1, options.version_addendum) != 0)
+		cleanup_exit(255); /* error already logged */
 
+	ssh_packet_set_nonblocking(ssh);
+
 	/* allocate authentication context */
 	authctxt = xcalloc(1, sizeof(*authctxt));
+	ssh->authctxt = authctxt;
 
 	authctxt->loginmsg = loginmsg;
 
@@ -2137,7 +2105,7 @@
 	auth_debug_reset();
 
 	if (use_privsep) {
-		if (privsep_preauth(authctxt) == 1)
+		if (privsep_preauth(ssh) == 1)
 			goto authenticated;
 	} else if (have_agent) {
 		if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
@@ -2148,16 +2116,16 @@
 
 	/* perform the key exchange */
 	/* authenticate user and start session */
-	do_ssh2_kex();
-	do_authentication2(authctxt);
+	do_ssh2_kex(ssh);
+	do_authentication2(ssh);
 
 	/*
 	 * If we use privilege separation, the unprivileged child transfers
 	 * the current keystate and exits
 	 */
 	if (use_privsep) {
-		mm_send_keystate(pmonitor);
-		packet_clear_keys();
+		mm_send_keystate(ssh, pmonitor);
+		ssh_packet_clear_keys(ssh);
 		exit(0);
 	}
 
@@ -2175,7 +2143,7 @@
 	}
 
 #ifdef SSH_AUDIT_EVENTS
-	audit_event(SSH_AUTH_SUCCESS);
+	audit_event(ssh, SSH_AUTH_SUCCESS);
 #endif
 
 #ifdef GSSAPI
@@ -2197,11 +2165,11 @@
 	 * file descriptor passing.
 	 */
 	if (use_privsep) {
-		privsep_postauth(authctxt);
+		privsep_postauth(ssh, authctxt);
 		/* the monitor process [priv] will not return */
 	}
 
-	packet_set_timeout(options.client_alive_interval,
+	ssh_packet_set_timeout(ssh, options.client_alive_interval,
 	    options.client_alive_count_max);
 
 	/* Try to send all our hostkeys to the client */
@@ -2211,7 +2179,7 @@
 	do_authenticated(ssh, authctxt);
 
 	/* The connection has been terminated. */
-	packet_get_bytes(&ibytes, &obytes);
+	ssh_packet_get_bytes(ssh, &ibytes, &obytes);
 	verbose("Transferred: sent %llu, received %llu bytes",
 	    (unsigned long long)obytes, (unsigned long long)ibytes);
 
@@ -2223,10 +2191,10 @@
 #endif /* USE_PAM */
 
 #ifdef SSH_AUDIT_EVENTS
-	PRIVSEP(audit_event(SSH_CONNECTION_CLOSE));
+	PRIVSEP(audit_event(ssh, SSH_CONNECTION_CLOSE));
 #endif
 
-	packet_close();
+	ssh_packet_close(ssh);
 
 	if (use_privsep)
 		mm_terminate();
@@ -2235,32 +2203,42 @@
 }
 
 int
-sshd_hostkey_sign(struct sshkey *privkey, struct sshkey *pubkey,
-    u_char **signature, size_t *slenp, const u_char *data, size_t dlen,
-    const char *alg, u_int flag)
+sshd_hostkey_sign(struct ssh *ssh, struct sshkey *privkey,
+    struct sshkey *pubkey, u_char **signature, size_t *slenp,
+    const u_char *data, size_t dlen, const char *alg)
 {
 	int r;
 
-	if (privkey) {
-		if (PRIVSEP(sshkey_sign(privkey, signature, slenp, data, dlen,
-		    alg, datafellows)) < 0)
-			fatal("%s: key_sign failed", __func__);
-	} else if (use_privsep) {
-		if (mm_sshkey_sign(pubkey, signature, slenp, data, dlen,
-		    alg, datafellows) < 0)
-			fatal("%s: pubkey_sign failed", __func__);
+	if (use_privsep) {
+		if (privkey) {
+			if (mm_sshkey_sign(ssh, privkey, signature, slenp,
+			    data, dlen, alg, ssh->compat) < 0)
+				fatal("%s: privkey sign failed", __func__);
+		} else {
+			if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
+			    data, dlen, alg, ssh->compat) < 0)
+				fatal("%s: pubkey sign failed", __func__);
+		}
 	} else {
-		if ((r = ssh_agent_sign(auth_sock, pubkey, signature, slenp,
-		    data, dlen, alg, datafellows)) != 0)
-			fatal("%s: ssh_agent_sign failed: %s",
-			    __func__, ssh_err(r));
+		if (privkey) {
+			if (sshkey_sign(privkey, signature, slenp, data, dlen,
+			    alg, ssh->compat) < 0)
+				fatal("%s: privkey sign failed", __func__);
+		} else {
+			if ((r = ssh_agent_sign(auth_sock, pubkey,
+			    signature, slenp, data, dlen, alg,
+			    ssh->compat)) != 0) {
+				fatal("%s: agent sign failed: %s",
+				    __func__, ssh_err(r));
+			}
+		}
 	}
 	return 0;
 }
 
 /* SSH2 key exchange */
 static void
-do_ssh2_kex(void)
+do_ssh2_kex(struct ssh *ssh)
 {
 	char *myproposal[PROPOSAL_MAX] = { KEX_SERVER };
 	struct kex *kex;
@@ -2281,38 +2259,36 @@
 	}
 
 	if (options.rekey_limit || options.rekey_interval)
-		packet_set_rekey_limits(options.rekey_limit,
+		ssh_packet_set_rekey_limits(ssh, options.rekey_limit,
 		    options.rekey_interval);
 
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
 	    list_hostkey_types());
 
 	/* start key exchange */
-	if ((r = kex_setup(active_state, myproposal)) != 0)
+	if ((r = kex_setup(ssh, myproposal)) != 0)
 		fatal("kex_setup: %s", ssh_err(r));
-	kex = active_state->kex;
+	kex = ssh->kex;
 #ifdef WITH_OPENSSL
-	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
-	kex->kex[KEX_DH_GRP14_SHA1] = kexdh_server;
-	kex->kex[KEX_DH_GRP14_SHA256] = kexdh_server;
-	kex->kex[KEX_DH_GRP16_SHA512] = kexdh_server;
-	kex->kex[KEX_DH_GRP18_SHA512] = kexdh_server;
+	kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
+	kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
+	kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
+	kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
+	kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 # ifdef OPENSSL_HAS_ECC
-	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+	kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
 # endif
 #endif
-	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
-	kex->server = 1;
-	kex->client_version_string=client_version_string;
-	kex->server_version_string=server_version_string;
+	kex->kex[KEX_C25519_SHA256] = kex_gen_server;
+	kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
 	kex->load_host_public_key=&get_hostkey_public_by_type;
 	kex->load_host_private_key=&get_hostkey_private_by_type;
 	kex->host_key_index=&get_hostkey_index;
 	kex->sign = sshd_hostkey_sign;
 
-	ssh_dispatch_run_fatal(active_state, DISPATCH_BLOCK, &kex->done);
+	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);
 
 	session_id2 = kex->session_id;
 	session_id2_len = kex->session_id_len;
@@ -2331,10 +2307,8 @@
 void
 cleanup_exit(int i)
 {
-	struct ssh *ssh = active_state; /* XXX */
-
-	if (the_authctxt) {
-		do_cleanup(ssh, the_authctxt);
+	if (the_active_state != NULL && the_authctxt != NULL) {
+		do_cleanup(the_active_state, the_authctxt);
 		if (use_privsep && privsep_is_preauth &&
 		    pmonitor != NULL && pmonitor->m_pid > 1) {
 			debug("Killing privsep child %d", pmonitor->m_pid);
@@ -2346,8 +2320,8 @@
 	}
 #ifdef SSH_AUDIT_EVENTS
 	/* done after do_cleanup so it can cancel the PAM auth 'thread' */
-	if (!use_privsep || mm_is_monitor())
-		audit_event(SSH_CONNECTION_ABANDON);
+	if (the_active_state != NULL && (!use_privsep || mm_is_monitor()))
+		audit_event(the_active_state, SSH_CONNECTION_ABANDON);
 #endif
 	_exit(i);
 }
Index: sshd_config.0
===================================================================
--- sshd_config.0
+++ sshd_config.0
@@ -210,7 +210,7 @@
              Specifies which algorithms are allowed for signing of
              certificates by certificate authorities (CAs).  The default is:
 
-                   ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+                   ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
                    ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 
              Certificates signed using other algorithms will not be accepted
@@ -249,11 +249,13 @@
 
      Ciphers
              Specifies the ciphers allowed.  Multiple ciphers must be comma-
-             separated.  If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
+             separated.  If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
              then the specified ciphers will be appended to the default set
-             instead of replacing them.  If the specified value begins with a
+             instead of replacing them.  If the specified list begins with a
              M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards)
              will be removed from the default set instead of replacing them.
+             If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the
+             specified ciphers will be placed at the head of the default set.
 
              The supported ciphers are:
 
@@ -288,7 +290,7 @@
              spoofable.  The TCP keepalive option enabled by TCPKeepAlive is
              spoofable.  The client alive mechanism is valuable when the
              client or server depend on knowing when a connection has become
-             inactive.
+             unresponsive.
 
              The default value is 3.  If ClientAliveInterval is set to 15, and
              ClientAliveCountMax is left at the default, unresponsive SSH
@@ -393,12 +395,14 @@
      HostbasedAcceptedKeyTypes
              Specifies the key types that will be accepted for hostbased
              authentication as a list of comma-separated patterns.
-             Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
+             Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
              then the specified key types will be appended to the default set
-             instead of replacing them.  If the specified value begins with a
+             instead of replacing them.  If the specified list begins with a
              M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards)
              will be removed from the default set instead of replacing them.
-             The default for this option is:
+             If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the
+             specified key types will be placed at the head of the default
+             set.  The default for this option is:
 
                 ecdsa-sha2-nistp256-cert-v01@openssh.com,
                 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -524,12 +528,13 @@
      KexAlgorithms
              Specifies the available KEX (Key Exchange) algorithms.  Multiple
              algorithms must be comma-separated.  Alternately if the specified
-             value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods
-             will be appended to the default set instead of replacing them.
-             If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the
-             specified methods (including wildcards) will be removed from the
-             default set instead of replacing them.  The supported algorithms
-             are:
+             list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods will
+             be appended to the default set instead of replacing them.  If the
+             specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified
+             methods (including wildcards) will be removed from the default
+             set instead of replacing them.  If the specified list begins with
+             a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified methods will be placed at the
+             head of the default set.  The supported algorithms are:
 
                    curve25519-sha256
                    curve25519-sha256@libssh.org
@@ -588,11 +593,14 @@
      MACs    Specifies the available MAC (message authentication code)
              algorithms.  The MAC algorithm is used for data integrity
              protection.  Multiple algorithms must be comma-separated.  If the
-             specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
+             specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified
              algorithms will be appended to the default set instead of
-             replacing them.  If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y
+             replacing them.  If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y
              character, then the specified algorithms (including wildcards)
              will be removed from the default set instead of replacing them.
+             If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the
+             specified algorithms will be placed at the head of the default
+             set.
 
              The algorithms that contain "-etm" calculate the MAC after
              encryption (encrypt-then-mac).  These are considered safer and
@@ -637,7 +645,7 @@
              the single token All which matches all criteria.  The available
              criteria are User, Group, Host, LocalAddress, LocalPort, RDomain,
              and Address (with RDomain representing the rdomain(4) on which
-             the connection was received.)
+             the connection was received).
 
              The match patterns may consist of single entries or comma-
              separated lists and may use the wildcard and negation operators
@@ -668,7 +676,7 @@
              PermitTTY, PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes,
              PubkeyAuthentication, RekeyLimit, RevokedKeys, RDomain, SetEnv,
              StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys,
-             X11DisplayOffset, X11Forwarding and X11UseLocalHost.
+             X11DisplayOffset, X11Forwarding and X11UseLocalhost.
 
      MaxAuthTries
              Specifies the maximum number of authentication attempts permitted
@@ -725,9 +733,9 @@
              listen requests are permitted.  Note that the GatewayPorts option
              may further restrict which addresses may be listened on.  Note
              also that ssh(1) will request a listen host of M-bM-^@M-^\localhostM-bM-^@M-^] if no
-             listen host was specifically requested, and this this name is
-             treated differently to explicit localhost addresses of
-             M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and M-bM-^@M-^\::1M-bM-^@M-^].
+             listen host was specifically requested, and this name is treated
+             differently to explicit localhost addresses of M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and
+             M-bM-^@M-^\::1M-bM-^@M-^].
 
      PermitOpen
              Specifies the destinations to which TCP port forwarding is
@@ -811,12 +819,14 @@
      PubkeyAcceptedKeyTypes
              Specifies the key types that will be accepted for public key
              authentication as a list of comma-separated patterns.
-             Alternately if the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
+             Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character,
              then the specified key types will be appended to the default set
-             instead of replacing them.  If the specified value begins with a
+             instead of replacing them.  If the specified list begins with a
              M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified key types (including wildcards)
              will be removed from the default set instead of replacing them.
-             The default for this option is:
+             If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the
+             specified key types will be placed at the head of the default
+             set.  The default for this option is:
 
                 ecdsa-sha2-nistp256-cert-v01@openssh.com,
                 ecdsa-sha2-nistp384-cert-v01@openssh.com,
@@ -1089,4 +1099,4 @@
      versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
      for privilege separation.
 
-OpenBSD 6.4                   September 20, 2018                   OpenBSD 6.4
+OpenBSD 6.6                    September 6, 2019                   OpenBSD 6.6
Index: sshd_config.5
===================================================================
--- sshd_config.5
+++ sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.282 2018/09/20 03:28:06 djm Exp $
-.Dd $Mdocdate: September 20 2018 $
+.\" $OpenBSD: sshd_config.5,v 1.290 2019/09/06 14:45:34 naddy Exp $
+.Dd $Mdocdate: September 6 2019 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -277,9 +277,7 @@
 will refuse to start.
 .It Cm AuthorizedKeysFile
 Specifies the file that contains the public keys used for user authentication.
-The format is described in the
-.Sx AUTHORIZED_KEYS FILE FORMAT
-section of
+The format is described in the AUTHORIZED_KEYS FILE FORMAT section of
 .Xr sshd 8 .
 Arguments to
 .Cm AuthorizedKeysFile
@@ -387,7 +385,7 @@
 by certificate authorities (CAs).
 The default is:
 .Bd -literal -offset indent
-ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
@@ -456,14 +454,18 @@
 .It Cm Ciphers
 Specifies the ciphers allowed.
 Multiple ciphers must be comma-separated.
-If the specified value begins with a
+If the specified list begins with a
 .Sq +
 character, then the specified ciphers will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified ciphers (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified ciphers will be placed at the head of the
+default set.
 .Pp
 The supported ciphers are:
 .Pp
@@ -514,7 +516,7 @@
 .Cm TCPKeepAlive
 is spoofable.
 The client alive mechanism is valuable when the client or
-server depend on knowing when a connection has become inactive.
+server depend on knowing when a connection has become unresponsive.
 .Pp
 The default value is 3.
 If
@@ -670,14 +672,18 @@
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
 as a list of comma-separated patterns.
-Alternately if the specified value begins with a
+Alternately if the specified list begins with a
 .Sq +
 character, then the specified key types will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified key types will be placed at the head of the
+default set.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
@@ -875,14 +881,18 @@
 .It Cm KexAlgorithms
 Specifies the available KEX (Key Exchange) algorithms.
 Multiple algorithms must be comma-separated.
-Alternately if the specified value begins with a
+Alternately if the specified list begins with a
 .Sq +
 character, then the specified methods will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified methods (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified methods will be placed at the head of the
+default set.
 The supported algorithms are:
 .Pp
 .Bl -item -compact -offset indent
@@ -992,14 +1002,18 @@
 Specifies the available MAC (message authentication code) algorithms.
 The MAC algorithm is used for data integrity protection.
 Multiple algorithms must be comma-separated.
-If the specified value begins with a
+If the specified list begins with a
 .Sq +
 character, then the specified algorithms will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified algorithms (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified algorithms will be placed at the head of the
+default set.
 .Pp
 The algorithms that contain
 .Qq -etm
@@ -1084,7 +1098,7 @@
 .Cm RDomain
 representing the
 .Xr rdomain 4
-on which the connection was received.)
+on which the connection was received).
 .Pp
 The match patterns may consist of single entries or comma-separated
 lists and may use the wildcard and negation operators described in the
@@ -1157,7 +1171,7 @@
 .Cm X11DisplayOffset ,
 .Cm X11Forwarding
 and
-.Cm X11UseLocalHost .
+.Cm X11UseLocalhost .
 .It Cm MaxAuthTries
 Specifies the maximum number of authentication attempts permitted per
 connection.
@@ -1237,7 +1251,7 @@
 .Xr ssh 1
 will request a listen host of
 .Dq localhost
-if no listen host was specifically requested, and this this name is
+if no listen host was specifically requested, and this name is
 treated differently to explicit localhost addresses of
 .Dq 127.0.0.1
 and
@@ -1397,14 +1411,18 @@
 .It Cm PubkeyAcceptedKeyTypes
 Specifies the key types that will be accepted for public key authentication
 as a list of comma-separated patterns.
-Alternately if the specified value begins with a
+Alternately if the specified list begins with a
 .Sq +
 character, then the specified key types will be appended to the default set
 instead of replacing them.
-If the specified value begins with a
+If the specified list begins with a
 .Sq -
 character, then the specified key types (including wildcards) will be removed
 from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified key types will be placed at the head of the
+default set.
 The default for this option is:
 .Bd -literal -offset 3n
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
Index: sshkey-xmss.c
===================================================================
--- sshkey-xmss.c
+++ sshkey-xmss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey-xmss.c,v 1.3 2018/07/09 21:59:10 markus Exp $ */
+/* $OpenBSD: sshkey-xmss.c,v 1.6 2019/10/09 00:02:57 djm Exp $ */
 /*
  * Copyright (c) 2017 Markus Friedl.  All rights reserved.
  *
@@ -467,18 +467,18 @@
 	}
 	if ((filename = k->xmss_filename) == NULL)
 		goto done;
-	if (asprintf(&lockfile, "%s.lock", filename) < 0 ||
-	    asprintf(&statefile, "%s.state", filename) < 0 ||
-	    asprintf(&ostatefile, "%s.ostate", filename) < 0) {
+	if (asprintf(&lockfile, "%s.lock", filename) == -1 ||
+	    asprintf(&statefile, "%s.state", filename) == -1 ||
+	    asprintf(&ostatefile, "%s.ostate", filename) == -1) {
 		ret = SSH_ERR_ALLOC_FAIL;
 		goto done;
 	}
-	if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) < 0) {
+	if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
 		PRINT("%s: cannot open/create: %s", __func__, lockfile);
 		goto done;
 	}
-	while (flock(lockfd, LOCK_EX|LOCK_NB) < 0) {
+	while (flock(lockfd, LOCK_EX|LOCK_NB) == -1) {
 		if (errno != EWOULDBLOCK) {
 			ret = SSH_ERR_SYSTEM_ERROR;
 			PRINT("%s: cannot lock: %s", __func__, lockfile);
@@ -594,9 +594,9 @@
 	state->idx = idx;
 	if ((filename = k->xmss_filename) == NULL)
 		goto done;
-	if (asprintf(&statefile, "%s.state", filename) < 0 ||
-	    asprintf(&ostatefile, "%s.ostate", filename) < 0 ||
-	    asprintf(&nstatefile, "%s.nstate", filename) < 0) {
+	if (asprintf(&statefile, "%s.state", filename) == -1 ||
+	    asprintf(&ostatefile, "%s.ostate", filename) == -1 ||
+	    asprintf(&nstatefile, "%s.nstate", filename) == -1) {
 		ret = SSH_ERR_ALLOC_FAIL;
 		goto done;
 	}
@@ -613,7 +613,7 @@
 		PRINT("%s: ENCRYPT FAILED: %d", __func__, ret);
 		goto done;
 	}
-	if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) < 0) {
+	if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
 		PRINT("%s: open new state file: %s", __func__, nstatefile);
 		goto done;
@@ -632,13 +632,13 @@
 		close(fd);
 		goto done;
 	}
-	if (fsync(fd) < 0) {
+	if (fsync(fd) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
 		PRINT("%s: sync new state file: %s", __func__, nstatefile);
 		close(fd);
 		goto done;
 	}
-	if (close(fd) < 0) {
+	if (close(fd) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
 		PRINT("%s: close new state file: %s", __func__, nstatefile);
 		goto done;
@@ -652,7 +652,7 @@
 			goto done;
 		}
 	}
-	if (rename(nstatefile, statefile) < 0) {
+	if (rename(nstatefile, statefile) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
 		PRINT("%s: rename %s to %s", __func__, nstatefile, statefile);
 		goto done;
@@ -977,7 +977,8 @@
 		goto out;
 	}
 	/* check that an appropriate amount of auth data is present */
-	if (sshbuf_len(encoded) < encrypted_len + authlen) {
+	if (sshbuf_len(encoded) < authlen ||
+	    sshbuf_len(encoded) - authlen < encrypted_len) {
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
Index: sshkey.h
===================================================================
--- sshkey.h
+++ sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.30 2018/09/14 04:17:44 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.34 2019/09/03 08:31:20 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -33,6 +33,7 @@
 #include <openssl/dsa.h>
 # ifdef OPENSSL_HAS_ECC
 #  include <openssl/ec.h>
+#  include <openssl/ecdsa.h>
 # else /* OPENSSL_HAS_ECC */
 #  define EC_KEY	void
 #  define EC_GROUP	void
@@ -87,6 +88,13 @@
 	SSHKEY_SERIALIZE_INFO = 254,
 };
 
+/* Private key disk formats */
+enum sshkey_private_format {
+	SSHKEY_PRIVATE_OPENSSH = 0,
+	SSHKEY_PRIVATE_PEM = 1,
+	SSHKEY_PRIVATE_PKCS8 = 2,
+};
+
 /* key is stored in external hardware */
 #define SSHKEY_FLAG_EXT		0x0001
 
@@ -122,6 +130,10 @@
 	u_char	*xmss_sk;
 	u_char	*xmss_pk;
 	struct sshkey_cert *cert;
+	u_char	*shielded_private;
+	size_t	shielded_len;
+	u_char	*shield_prekey;
+	size_t	shield_prekey_len;
 };
 
 #define	ED25519_SK_SZ	crypto_sign_ed25519_SECRETKEYBYTES
@@ -145,6 +157,11 @@
 
 int		 sshkey_generate(int type, u_int bits, struct sshkey **keyp);
 int		 sshkey_from_private(const struct sshkey *, struct sshkey **);
+
+int		 sshkey_is_shielded(struct sshkey *);
+int		 sshkey_shield_private(struct sshkey *);
+int		 sshkey_unshield_private(struct sshkey *);
+
 int	 sshkey_type_from_name(const char *);
 int	 sshkey_is_cert(const struct sshkey *);
 int	 sshkey_type_is_cert(int);
@@ -160,7 +177,7 @@
 
 int	 sshkey_certify(struct sshkey *, struct sshkey *, const char *);
 /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */
-typedef int sshkey_certify_signer(const struct sshkey *, u_char **, size_t *,
+typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *,
     const u_char *, size_t, const char *, u_int, void *);
 int	 sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *,
     sshkey_certify_signer *, void *);
@@ -191,27 +208,28 @@
 int	 sshkey_plain_to_blob(const struct sshkey *, u_char **, size_t *);
 int	 sshkey_putb_plain(const struct sshkey *, struct sshbuf *);
 
-int	 sshkey_sign(const struct sshkey *, u_char **, size_t *,
+int	 sshkey_sign(struct sshkey *, u_char **, size_t *,
     const u_char *, size_t, const char *, u_int);
 int	 sshkey_verify(const struct sshkey *, const u_char *, size_t,
     const u_char *, size_t, const char *, u_int);
 int	 sshkey_check_sigtype(const u_char *, size_t, const char *);
 const char *sshkey_sigalg_by_name(const char *);
+int	 sshkey_get_sigtype(const u_char *, size_t, char **);
 
 /* for debug */
 void	sshkey_dump_ec_point(const EC_GROUP *, const EC_POINT *);
 void	sshkey_dump_ec_key(const EC_KEY *);
 
 /* private key parsing and serialisation */
-int	sshkey_private_serialize(const struct sshkey *key, struct sshbuf *buf);
-int	sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *buf,
+int	sshkey_private_serialize(struct sshkey *key, struct sshbuf *buf);
+int	sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf,
     enum sshkey_serialize_rep);
 int	sshkey_private_deserialize(struct sshbuf *buf,  struct sshkey **keyp);
 
 /* private key file format parsing and serialisation */
 int	sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
     const char *passphrase, const char *comment,
-    int force_new_format, const char *new_format_cipher, int new_format_rounds);
+    int format, const char *openssh_format_cipher, int openssh_format_rounds);
 int	sshkey_parse_private_fileblob(struct sshbuf *buffer,
     const char *passphrase, struct sshkey **keyp, char **commentp);
 int	sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
@@ -230,7 +248,7 @@
 int	 sshkey_enable_maxsign(struct sshkey *, u_int32_t);
 u_int32_t sshkey_signatures_left(const struct sshkey *);
 int	 sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *);
-int	 sshkey_private_serialize_maxsign(const struct sshkey *key, struct sshbuf *buf,
+int	 sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf,
     u_int32_t maxsign, sshkey_printfn *pr);
 
 #ifdef SSHKEY_INTERNAL
Index: sshkey.c
===================================================================
--- sshkey.c
+++ sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.72 2018/10/11 00:52:46 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.84 2019/10/09 00:04:42 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -43,6 +43,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <resolv.h>
+#include <time.h>
 #ifdef HAVE_UTIL_H
 #include <util.h>
 #endif /* HAVE_UTIL_H */
@@ -55,10 +56,12 @@
 #include "digest.h"
 #define SSHKEY_INTERNAL
 #include "sshkey.h"
-#include "sshkey-xmss.h"
 #include "match.h"
 
+#ifdef WITH_XMSS
+#include "sshkey-xmss.h"
 #include "xmss_fast.h"
+#endif
 
 #include "openbsd-compat/openssl-compat.h"
 
@@ -76,11 +79,18 @@
 /* Version identification string for SSH v1 identity files. */
 #define LEGACY_BEGIN		"SSH PRIVATE KEY FILE FORMAT 1.1\n"
 
-int	sshkey_private_serialize_opt(const struct sshkey *key,
+/*
+ * Constants relating to "shielding" support; protection of keys expected
+ * to remain in memory for long durations
+ */
+#define SSHKEY_SHIELD_PREKEY_LEN	(16 * 1024)
+#define SSHKEY_SHIELD_CIPHER		"aes256-ctr" /* XXX want AES-EME* */
+#define SSHKEY_SHIELD_PREKEY_HASH	SSH_DIGEST_SHA512
+
+int	sshkey_private_serialize_opt(struct sshkey *key,
     struct sshbuf *buf, enum sshkey_serialize_rep);
 static int sshkey_from_blob_internal(struct sshbuf *buf,
     struct sshkey **keyp, int allow_cert);
-static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep);
 
 /* Supported key types */
 struct keytype {
@@ -602,6 +612,8 @@
 	}
 	if (sshkey_is_cert(k))
 		cert_free(k->cert);
+	freezero(k->shielded_private, k->shielded_len);
+	freezero(k->shield_prekey, k->shield_prekey_len);
 	freezero(k, sizeof(*k));
 }
 
@@ -938,7 +950,6 @@
 	char *ret;
 	size_t plen = strlen(alg) + 1;
 	size_t rlen = ((dgst_raw_len + 2) / 3) * 4 + plen + 1;
-	int r;
 
 	if (dgst_raw_len > 65536 || (ret = calloc(1, rlen)) == NULL)
 		return NULL;
@@ -946,8 +957,7 @@
 	strlcat(ret, ":", rlen);
 	if (dgst_raw_len == 0)
 		return ret;
-	if ((r = b64_ntop(dgst_raw, dgst_raw_len,
-	    ret + plen, rlen - plen)) == -1) {
+	if (b64_ntop(dgst_raw, dgst_raw_len, ret + plen, rlen - plen) == -1) {
 		freezero(ret, rlen);
 		return NULL;
 	}
@@ -1392,7 +1402,7 @@
 		return SSH_ERR_ALLOC_FAIL;
 	if ((r = sshkey_putb(key, b)) != 0)
 		goto out;
-	if ((uu = sshbuf_dtob64(b)) == NULL) {
+	if ((uu = sshbuf_dtob64_string(b, 0)) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -1867,6 +1877,218 @@
 	return r;
 }
 
+int
+sshkey_is_shielded(struct sshkey *k)
+{
+	return k != NULL && k->shielded_private != NULL;
+}
+
+int
+sshkey_shield_private(struct sshkey *k)
+{
+	struct sshbuf *prvbuf = NULL;
+	u_char *prekey = NULL, *enc = NULL, keyiv[SSH_DIGEST_MAX_LENGTH];
+	struct sshcipher_ctx *cctx = NULL;
+	const struct sshcipher *cipher;
+	size_t i, enclen = 0;
+	struct sshkey *kswap = NULL, tmp;
+	int r = SSH_ERR_INTERNAL_ERROR;
+
+#ifdef DEBUG_PK
+	fprintf(stderr, "%s: entering for %s\n", __func__, sshkey_ssh_name(k));
+#endif
+	if ((cipher = cipher_by_name(SSHKEY_SHIELD_CIPHER)) == NULL) {
+		r = SSH_ERR_INVALID_ARGUMENT;
+		goto out;
+	}
+	if (cipher_keylen(cipher) + cipher_ivlen(cipher) >
+	    ssh_digest_bytes(SSHKEY_SHIELD_PREKEY_HASH)) {
+		r = SSH_ERR_INTERNAL_ERROR;
+		goto out;
+	}
+
+	/* Prepare a random pre-key, and from it an ephemeral key */
+	if ((prekey = malloc(SSHKEY_SHIELD_PREKEY_LEN)) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	arc4random_buf(prekey, SSHKEY_SHIELD_PREKEY_LEN);
+	if ((r = ssh_digest_memory(SSHKEY_SHIELD_PREKEY_HASH,
+	    prekey, SSHKEY_SHIELD_PREKEY_LEN,
+	    keyiv, SSH_DIGEST_MAX_LENGTH)) != 0)
+		goto out;
+#ifdef DEBUG_PK
+	fprintf(stderr, "%s: key+iv\n", __func__);
+	sshbuf_dump_data(keyiv, ssh_digest_bytes(SSHKEY_SHIELD_PREKEY_HASH),
+	    stderr);
+#endif
+	if ((r = cipher_init(&cctx, cipher, keyiv, cipher_keylen(cipher),
+	    keyiv + cipher_keylen(cipher), cipher_ivlen(cipher), 1)) != 0)
+		goto out;
+
+	/* Serialise and encrypt the private key using the ephemeral key */
+	if ((prvbuf = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0)
+		goto out;
+	if ((r = sshkey_private_serialize_opt(k, prvbuf,
+	     SSHKEY_SERIALIZE_FULL)) != 0)
+		goto out;
+	/* pad to cipher blocksize */
+	i = 0;
+	while (sshbuf_len(prvbuf) % cipher_blocksize(cipher)) {
+		if ((r = sshbuf_put_u8(prvbuf, ++i & 0xff)) != 0)
+			goto out;
+	}
+#ifdef DEBUG_PK
+	fprintf(stderr, "%s: serialised\n", __func__);
+	sshbuf_dump(prvbuf, stderr);
+#endif
+	/* encrypt */
+	enclen = sshbuf_len(prvbuf);
+	if ((enc = malloc(enclen)) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = cipher_crypt(cctx, 0, enc,
+	    sshbuf_ptr(prvbuf), sshbuf_len(prvbuf), 0, 0)) != 0)
+		goto out;
+#ifdef DEBUG_PK
+	fprintf(stderr, "%s: encrypted\n", __func__);
+	sshbuf_dump_data(enc, enclen, stderr);
+#endif
+
+	/* Make a scrubbed, public-only copy of our private key argument */
+	if ((r = sshkey_from_private(k, &kswap)) != 0)
+		goto out;
+
+	/* Swap the private key out (it will be destroyed below) */
+	tmp = *kswap;
+	*kswap = *k;
+	*k = tmp;
+
+	/* Insert the shielded key into our argument */
+	k->shielded_private = enc;
+	k->shielded_len = enclen;
+	k->shield_prekey = prekey;
+	k->shield_prekey_len = SSHKEY_SHIELD_PREKEY_LEN;
+	enc = prekey = NULL; /* transferred */
+	enclen = 0;
+
+	/* success */
+	r = 0;
+
+ out:
+	/* XXX behaviour on error - invalidate original private key? */
+	cipher_free(cctx);
+	explicit_bzero(keyiv, sizeof(keyiv));
+	explicit_bzero(&tmp, sizeof(tmp));
+	freezero(enc, enclen);
+	freezero(prekey, SSHKEY_SHIELD_PREKEY_LEN);
+	sshkey_free(kswap);
+	sshbuf_free(prvbuf);
+	return r;
+}
+
+int
+sshkey_unshield_private(struct sshkey *k)
+{
+	struct sshbuf *prvbuf = NULL;
+	u_char pad, *cp, keyiv[SSH_DIGEST_MAX_LENGTH];
+	struct sshcipher_ctx *cctx = NULL;
+	const struct sshcipher *cipher;
+	size_t i;
+	struct sshkey *kswap = NULL, tmp;
+	int r = SSH_ERR_INTERNAL_ERROR;
+
+#ifdef DEBUG_PK
+	fprintf(stderr, "%s: entering for %s\n", __func__, sshkey_ssh_name(k));
+#endif
+	if (!sshkey_is_shielded(k))
+		return 0; /* nothing to do */
+
+	if ((cipher = cipher_by_name(SSHKEY_SHIELD_CIPHER)) == NULL) {
+		r = SSH_ERR_INVALID_ARGUMENT;
+		goto out;
+	}
+	if (cipher_keylen(cipher) + cipher_ivlen(cipher) >
+	    ssh_digest_bytes(SSHKEY_SHIELD_PREKEY_HASH)) {
+		r = SSH_ERR_INTERNAL_ERROR;
+		goto out;
+	}
+	/* check size of shielded key blob */
+	if (k->shielded_len < cipher_blocksize(cipher) ||
+	    (k->shielded_len % cipher_blocksize(cipher)) != 0) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+
+	/* Calculate the ephemeral key from the prekey */
+	if ((r = ssh_digest_memory(SSHKEY_SHIELD_PREKEY_HASH,
+	    k->shield_prekey, k->shield_prekey_len,
+	    keyiv, SSH_DIGEST_MAX_LENGTH)) != 0)
+		goto out;
+	if ((r = cipher_init(&cctx, cipher, keyiv, cipher_keylen(cipher),
+	    keyiv + cipher_keylen(cipher), cipher_ivlen(cipher), 0)) != 0)
+		goto out;
+#ifdef DEBUG_PK
+	fprintf(stderr, "%s: key+iv\n", __func__);
+	sshbuf_dump_data(keyiv, ssh_digest_bytes(SSHKEY_SHIELD_PREKEY_HASH),
+	    stderr);
+#endif
+
+	/* Decrypt and parse the shielded private key using the ephemeral key */
+	if ((prvbuf = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_reserve(prvbuf, k->shielded_len, &cp)) != 0)
+		goto out;
+	/* decrypt */
+#ifdef DEBUG_PK
+	fprintf(stderr, "%s: encrypted\n", __func__);
+	sshbuf_dump_data(k->shielded_private, k->shielded_len, stderr);
+#endif
+	if ((r = cipher_crypt(cctx, 0, cp,
+	    k->shielded_private, k->shielded_len, 0, 0)) != 0)
+		goto out;
+#ifdef DEBUG_PK
+	fprintf(stderr, "%s: serialised\n", __func__);
+	sshbuf_dump(prvbuf, stderr);
+#endif
+	/* Parse private key */
+	if ((r = sshkey_private_deserialize(prvbuf, &kswap)) != 0)
+		goto out;
+	/* Check deterministic padding */
+	i = 0;
+	while (sshbuf_len(prvbuf)) {
+		if ((r = sshbuf_get_u8(prvbuf, &pad)) != 0)
+			goto out;
+		if (pad != (++i & 0xff)) {
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
+	}
+
+	/* Swap the parsed key back into place */
+	tmp = *kswap;
+	*kswap = *k;
+	*k = tmp;
+
+	/* success */
+	r = 0;
+
+ out:
+	cipher_free(cctx);
+	explicit_bzero(keyiv, sizeof(keyiv));
+	explicit_bzero(&tmp, sizeof(tmp));
+	sshkey_free(kswap);
+	sshbuf_free(prvbuf);
+	return r;
+}
+
 static int
 cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf)
 {
@@ -1978,7 +2200,8 @@
 	if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
 	    sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0)
 		goto out;
-	if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0)
+	if ((ret = sshkey_get_sigtype(sig, slen,
+	    &key->cert->signature_type)) != 0)
 		goto out;
 
 	/* Success */
@@ -2056,13 +2279,8 @@
 			ret = SSH_ERR_ALLOC_FAIL;
 			goto out;
 		}
-		if ((rsa_e = BN_new()) == NULL ||
-		    (rsa_n = BN_new()) == NULL) {
-			ret = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		if (sshbuf_get_bignum2(b, rsa_e) != 0 ||
-		    sshbuf_get_bignum2(b, rsa_n) != 0) {
+		if (sshbuf_get_bignum2(b, &rsa_e) != 0 ||
+		    sshbuf_get_bignum2(b, &rsa_n) != 0) {
 			ret = SSH_ERR_INVALID_FORMAT;
 			goto out;
 		}
@@ -2089,17 +2307,10 @@
 			ret = SSH_ERR_ALLOC_FAIL;
 			goto out;
 		}
-		if ((dsa_p = BN_new()) == NULL ||
-		    (dsa_q = BN_new()) == NULL ||
-		    (dsa_g = BN_new()) == NULL ||
-		    (dsa_pub_key = BN_new()) == NULL) {
-			ret = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
-		if (sshbuf_get_bignum2(b, dsa_p) != 0 ||
-		    sshbuf_get_bignum2(b, dsa_q) != 0 ||
-		    sshbuf_get_bignum2(b, dsa_g) != 0 ||
-		    sshbuf_get_bignum2(b, dsa_pub_key) != 0) {
+		if (sshbuf_get_bignum2(b, &dsa_p) != 0 ||
+		    sshbuf_get_bignum2(b, &dsa_q) != 0 ||
+		    sshbuf_get_bignum2(b, &dsa_g) != 0 ||
+		    sshbuf_get_bignum2(b, &dsa_pub_key) != 0) {
 			ret = SSH_ERR_INVALID_FORMAT;
 			goto out;
 		}
@@ -2292,8 +2503,8 @@
 	return r;
 }
 
-static int
-get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
+int
+sshkey_get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
 {
 	int r;
 	struct sshbuf *b = NULL;
@@ -2375,7 +2586,7 @@
 		return 0;
 	if ((expected_alg = sshkey_sigalg_by_name(requested_alg)) == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
-	if ((r = get_sigtype(sig, siglen, &sigtype)) != 0)
+	if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0)
 		return r;
 	r = strcmp(expected_alg, sigtype) == 0;
 	free(sigtype);
@@ -2383,41 +2594,55 @@
 }
 
 int
-sshkey_sign(const struct sshkey *key,
+sshkey_sign(struct sshkey *key,
     u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen, const char *alg, u_int compat)
 {
+	int was_shielded = sshkey_is_shielded(key);
+	int r2, r = SSH_ERR_INTERNAL_ERROR;
+
 	if (sigp != NULL)
 		*sigp = NULL;
 	if (lenp != NULL)
 		*lenp = 0;
 	if (datalen > SSH_KEY_MAX_SIGN_DATA_SIZE)
 		return SSH_ERR_INVALID_ARGUMENT;
+	if ((r = sshkey_unshield_private(key)) != 0)
+		return r;
 	switch (key->type) {
 #ifdef WITH_OPENSSL
 	case KEY_DSA_CERT:
 	case KEY_DSA:
-		return ssh_dss_sign(key, sigp, lenp, data, datalen, compat);
+		r = ssh_dss_sign(key, sigp, lenp, data, datalen, compat);
+		break;
 # ifdef OPENSSL_HAS_ECC
 	case KEY_ECDSA_CERT:
 	case KEY_ECDSA:
-		return ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat);
+		r = ssh_ecdsa_sign(key, sigp, lenp, data, datalen, compat);
+		break;
 # endif /* OPENSSL_HAS_ECC */
 	case KEY_RSA_CERT:
 	case KEY_RSA:
-		return ssh_rsa_sign(key, sigp, lenp, data, datalen, alg);
+		r = ssh_rsa_sign(key, sigp, lenp, data, datalen, alg);
+		break;
 #endif /* WITH_OPENSSL */
 	case KEY_ED25519:
 	case KEY_ED25519_CERT:
-		return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
+		r = ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
+		break;
 #ifdef WITH_XMSS
 	case KEY_XMSS:
 	case KEY_XMSS_CERT:
-		return ssh_xmss_sign(key, sigp, lenp, data, datalen, compat);
+		r = ssh_xmss_sign(key, sigp, lenp, data, datalen, compat);
+		break;
 #endif /* WITH_XMSS */
 	default:
-		return SSH_ERR_KEY_TYPE_UNKNOWN;
+		r = SSH_ERR_KEY_TYPE_UNKNOWN;
+		break;
 	}
+	if (was_shielded && (r2 = sshkey_shield_private(key)) != 0)
+		return r2;
+	return r;
 }
 
 /*
@@ -2538,6 +2763,13 @@
 	    strcmp(alg, k->cert->signature_type) != 0)
 		return SSH_ERR_INVALID_ARGUMENT;
 
+	/*
+	 * If no signing algorithm or signature_type was specified and we're
+	 * using a RSA key, then default to a good signature algorithm.
+	 */
+	if (alg == NULL && ca->type == KEY_RSA)
+		alg = "rsa-sha2-512";
+
 	if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
 		return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
 
@@ -2630,7 +2862,7 @@
 	    sshbuf_len(cert), alg, 0, signer_ctx)) != 0)
 		goto out;
 	/* Check and update signature_type against what was actually used */
-	if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
+	if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
 		goto out;
 	if (alg != NULL && strcmp(alg, sigtype) != 0) {
 		ret = SSH_ERR_SIGN_ALG_UNSUPPORTED;
@@ -2655,7 +2887,7 @@
 }
 
 static int
-default_key_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen,
     const char *alg, u_int compat, void *ctx)
 {
@@ -2765,15 +2997,21 @@
 }
 
 int
-sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b,
+sshkey_private_serialize_opt(struct sshkey *key, struct sshbuf *buf,
     enum sshkey_serialize_rep opts)
 {
 	int r = SSH_ERR_INTERNAL_ERROR;
+	int was_shielded = sshkey_is_shielded(key);
+	struct sshbuf *b = NULL;
 #ifdef WITH_OPENSSL
 	const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q;
 	const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dsa_priv_key;
 #endif /* WITH_OPENSSL */
 
+	if ((r = sshkey_unshield_private(key)) != 0)
+		return r;
+	if ((b = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
 	if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0)
 		goto out;
 	switch (key->type) {
@@ -2899,14 +3137,23 @@
 		r = SSH_ERR_INVALID_ARGUMENT;
 		goto out;
 	}
-	/* success */
+	/*
+	 * success (but we still need to append the output to buf after
+	 * possibly re-shielding the private key)
+	 */
 	r = 0;
  out:
+	if (was_shielded)
+		r = sshkey_shield_private(key);
+	if (r == 0)
+		r = sshbuf_putb(buf, b);
+	sshbuf_free(b);
+
 	return r;
 }
 
 int
-sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b)
+sshkey_private_serialize(struct sshkey *key, struct sshbuf *b)
 {
 	return sshkey_private_serialize_opt(key, b,
 	    SSHKEY_SERIALIZE_DEFAULT);
@@ -2941,20 +3188,12 @@
 			r = SSH_ERR_ALLOC_FAIL;
 			goto out;
 		}
-		if ((dsa_p = BN_new()) == NULL ||
-		    (dsa_q = BN_new()) == NULL ||
-		    (dsa_g = BN_new()) == NULL ||
-		    (dsa_pub_key = BN_new()) == NULL ||
-		    (dsa_priv_key = BN_new()) == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
+		if ((r = sshbuf_get_bignum2(buf, &dsa_p)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &dsa_q)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &dsa_g)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &dsa_pub_key)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0)
 			goto out;
-		}
-		if ((r = sshbuf_get_bignum2(buf, dsa_p)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, dsa_q)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, dsa_g)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, dsa_pub_key)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0)
-			goto out;
 		if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) {
 			r = SSH_ERR_LIBCRYPTO_ERROR;
 			goto out;
@@ -2967,13 +3206,13 @@
 		dsa_pub_key = dsa_priv_key = NULL; /* transferred */
 		break;
 	case KEY_DSA_CERT:
-		if ((dsa_priv_key = BN_new()) == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
 		if ((r = sshkey_froms(buf, &k)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0)
+		    (r = sshbuf_get_bignum2(buf, &dsa_priv_key)) != 0)
 			goto out;
+		if (k->type != type) {
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
 		if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) {
 			r = SSH_ERR_LIBCRYPTO_ERROR;
 			goto out;
@@ -2997,12 +3236,12 @@
 			goto out;
 		}
 		k->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
-		if (k->ecdsa  == NULL || (exponent = BN_new()) == NULL) {
+		if (k->ecdsa  == NULL) {
 			r = SSH_ERR_LIBCRYPTO_ERROR;
 			goto out;
 		}
 		if ((r = sshbuf_get_eckey(buf, k->ecdsa)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, exponent)))
+		    (r = sshbuf_get_bignum2(buf, &exponent)))
 			goto out;
 		if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {
 			r = SSH_ERR_LIBCRYPTO_ERROR;
@@ -3014,13 +3253,14 @@
 			goto out;
 		break;
 	case KEY_ECDSA_CERT:
-		if ((exponent = BN_new()) == NULL) {
-			r = SSH_ERR_LIBCRYPTO_ERROR;
-			goto out;
-		}
 		if ((r = sshkey_froms(buf, &k)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, exponent)) != 0)
+		    (r = sshbuf_get_bignum2(buf, &exponent)) != 0)
 			goto out;
+		if (k->type != type ||
+		    k->ecdsa_nid != sshkey_ecdsa_nid_from_name(tname)) {
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
 		if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {
 			r = SSH_ERR_LIBCRYPTO_ERROR;
 			goto out;
@@ -3036,22 +3276,13 @@
 			r = SSH_ERR_ALLOC_FAIL;
 			goto out;
 		}
-		if ((rsa_n = BN_new()) == NULL ||
-		    (rsa_e = BN_new()) == NULL ||
-		    (rsa_d = BN_new()) == NULL ||
-		    (rsa_iqmp = BN_new()) == NULL ||
-		    (rsa_p = BN_new()) == NULL ||
-		    (rsa_q = BN_new()) == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
+		if ((r = sshbuf_get_bignum2(buf, &rsa_n)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &rsa_e)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &rsa_d)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &rsa_iqmp)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0)
 			goto out;
-		}
-		if ((r = sshbuf_get_bignum2(buf, rsa_n)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, rsa_e)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, rsa_q)) != 0)
-			goto out;
 		if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, rsa_d)) {
 			r = SSH_ERR_LIBCRYPTO_ERROR;
 			goto out;
@@ -3068,19 +3299,16 @@
 			goto out;
 		break;
 	case KEY_RSA_CERT:
-		if ((rsa_d = BN_new()) == NULL ||
-		    (rsa_iqmp = BN_new()) == NULL ||
-		    (rsa_p = BN_new()) == NULL ||
-		    (rsa_q = BN_new()) == NULL) {
-			r = SSH_ERR_ALLOC_FAIL;
-			goto out;
-		}
 		if ((r = sshkey_froms(buf, &k)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 ||
-		    (r = sshbuf_get_bignum2(buf, rsa_q)) != 0)
+		    (r = sshbuf_get_bignum2(buf, &rsa_d)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &rsa_iqmp)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &rsa_p)) != 0 ||
+		    (r = sshbuf_get_bignum2(buf, &rsa_q)) != 0)
 			goto out;
+		if (k->type != type) {
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
 		if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) {
 			r = SSH_ERR_LIBCRYPTO_ERROR;
 			goto out;
@@ -3118,13 +3346,17 @@
 		    (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 ||
 		    (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0)
 			goto out;
+		if (k->type != type) {
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
 		if (pklen != ED25519_PK_SZ || sklen != ED25519_SK_SZ) {
 			r = SSH_ERR_INVALID_FORMAT;
 			goto out;
 		}
 		k->ed25519_pk = ed25519_pk;
 		k->ed25519_sk = ed25519_sk;
-		ed25519_pk = ed25519_sk = NULL;
+		ed25519_pk = ed25519_sk = NULL; /* transferred */
 		break;
 #ifdef WITH_XMSS
 	case KEY_XMSS:
@@ -3155,7 +3387,7 @@
 		    (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 ||
 		    (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0)
 			goto out;
-		if (strcmp(xmss_name, k->xmss_name)) {
+		if (k->type != type || strcmp(xmss_name, k->xmss_name) != 0) {
 			r = SSH_ERR_INVALID_FORMAT;
 			goto out;
 		}
@@ -3393,7 +3625,7 @@
 #endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
 
 static int
-sshkey_private_to_blob2(const struct sshkey *prv, struct sshbuf *blob,
+sshkey_private_to_blob2(struct sshkey *prv, struct sshbuf *blob,
     const char *passphrase, const char *comment, const char *ciphername,
     int rounds)
 {
@@ -3495,26 +3727,13 @@
 	    sshbuf_ptr(encrypted), sshbuf_len(encrypted), 0, authlen)) != 0)
 		goto out;
 
-	/* uuencode */
-	if ((b64 = sshbuf_dtob64(encoded)) == NULL) {
-		r = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
-
 	sshbuf_reset(blob);
-	if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0)
+
+	/* assemble uuencoded key */
+	if ((r = sshbuf_put(blob, MARK_BEGIN, MARK_BEGIN_LEN)) != 0 ||
+	    (r = sshbuf_dtob64(encoded, blob, 1)) != 0 ||
+	    (r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0)
 		goto out;
-	for (i = 0; i < strlen(b64); i++) {
-		if ((r = sshbuf_put_u8(blob, b64[i])) != 0)
-			goto out;
-		/* insert line breaks */
-		if (i % 70 == 69 && (r = sshbuf_put_u8(blob, '\n')) != 0)
-			goto out;
-	}
-	if (i % 70 != 69 && (r = sshbuf_put_u8(blob, '\n')) != 0)
-		goto out;
-	if ((r = sshbuf_put(blob, MARK_END, MARK_END_LEN)) != 0)
-		goto out;
 
 	/* success */
 	r = 0;
@@ -3675,7 +3894,8 @@
 	}
 
 	/* check that an appropriate amount of auth data is present */
-	if (sshbuf_len(decoded) < encrypted_len + authlen) {
+	if (sshbuf_len(decoded) < authlen ||
+	    sshbuf_len(decoded) - authlen < encrypted_len) {
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
@@ -3761,37 +3981,62 @@
 
 
 #ifdef WITH_OPENSSL
-/* convert SSH v2 key in OpenSSL PEM format */
+/* convert SSH v2 key to PEM or PKCS#8 format */
 static int
-sshkey_private_pem_to_blob(struct sshkey *key, struct sshbuf *blob,
-    const char *_passphrase, const char *comment)
+sshkey_private_to_blob_pem_pkcs8(struct sshkey *key, struct sshbuf *buf,
+    int format, const char *_passphrase, const char *comment)
 {
+	int was_shielded = sshkey_is_shielded(key);
 	int success, r;
 	int blen, len = strlen(_passphrase);
 	u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
 	const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_128_cbc() : NULL;
 	char *bptr;
 	BIO *bio = NULL;
+	struct sshbuf *blob;
+	EVP_PKEY *pkey = NULL;
 
 	if (len > 0 && len <= 4)
 		return SSH_ERR_PASSPHRASE_TOO_SHORT;
-	if ((bio = BIO_new(BIO_s_mem())) == NULL)
+	if ((blob = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
+ 	if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if (format == SSHKEY_PRIVATE_PKCS8 && (pkey = EVP_PKEY_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+ 	}
+	if ((r = sshkey_unshield_private(key)) != 0)
+		goto out;
 
 	switch (key->type) {
 	case KEY_DSA:
-		success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
-		    cipher, passphrase, len, NULL, NULL);
+		if (format == SSHKEY_PRIVATE_PEM) {
+			success = PEM_write_bio_DSAPrivateKey(bio, key->dsa,
+			    cipher, passphrase, len, NULL, NULL);
+		} else {
+			success = EVP_PKEY_set1_DSA(pkey, key->dsa);
+		}
 		break;
 #ifdef OPENSSL_HAS_ECC
 	case KEY_ECDSA:
-		success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
-		    cipher, passphrase, len, NULL, NULL);
+		if (format == SSHKEY_PRIVATE_PEM) {
+			success = PEM_write_bio_ECPrivateKey(bio, key->ecdsa,
+			    cipher, passphrase, len, NULL, NULL);
+		} else {
+			success = EVP_PKEY_set1_EC_KEY(pkey, key->ecdsa);
+		}
 		break;
 #endif
 	case KEY_RSA:
-		success = PEM_write_bio_RSAPrivateKey(bio, key->rsa,
-		    cipher, passphrase, len, NULL, NULL);
+		if (format == SSHKEY_PRIVATE_PEM) {
+			success = PEM_write_bio_RSAPrivateKey(bio, key->rsa,
+			    cipher, passphrase, len, NULL, NULL);
+		} else {
+			success = EVP_PKEY_set1_RSA(pkey, key->rsa);
+		}
 		break;
 	default:
 		success = 0;
@@ -3801,6 +4046,13 @@
 		r = SSH_ERR_LIBCRYPTO_ERROR;
 		goto out;
 	}
+	if (format == SSHKEY_PRIVATE_PKCS8) {
+		if ((success = PEM_write_bio_PrivateKey(bio, pkey, cipher,
+		    passphrase, len, NULL, NULL)) == 0) {
+			r = SSH_ERR_LIBCRYPTO_ERROR;
+			goto out;
+		}
+	}
 	if ((blen = BIO_get_mem_data(bio, &bptr)) <= 0) {
 		r = SSH_ERR_INTERNAL_ERROR;
 		goto out;
@@ -3809,6 +4061,13 @@
 		goto out;
 	r = 0;
  out:
+	if (was_shielded)
+		r = sshkey_shield_private(key);
+	if (r == 0)
+		r = sshbuf_putb(buf, blob);
+
+	EVP_PKEY_free(pkey);
+	sshbuf_free(blob);
 	BIO_free(bio);
 	return r;
 }
@@ -3818,29 +4077,38 @@
 int
 sshkey_private_to_fileblob(struct sshkey *key, struct sshbuf *blob,
     const char *passphrase, const char *comment,
-    int force_new_format, const char *new_format_cipher, int new_format_rounds)
+    int format, const char *openssh_format_cipher, int openssh_format_rounds)
 {
 	switch (key->type) {
 #ifdef WITH_OPENSSL
 	case KEY_DSA:
 	case KEY_ECDSA:
 	case KEY_RSA:
-		if (force_new_format) {
-			return sshkey_private_to_blob2(key, blob, passphrase,
-			    comment, new_format_cipher, new_format_rounds);
-		}
-		return sshkey_private_pem_to_blob(key, blob,
-		    passphrase, comment);
+		break; /* see below */
 #endif /* WITH_OPENSSL */
 	case KEY_ED25519:
 #ifdef WITH_XMSS
 	case KEY_XMSS:
 #endif /* WITH_XMSS */
 		return sshkey_private_to_blob2(key, blob, passphrase,
-		    comment, new_format_cipher, new_format_rounds);
+		    comment, openssh_format_cipher, openssh_format_rounds);
 	default:
 		return SSH_ERR_KEY_TYPE_UNKNOWN;
 	}
+
+#ifdef WITH_OPENSSL
+	switch (format) {
+	case SSHKEY_PRIVATE_OPENSSH:
+		return sshkey_private_to_blob2(key, blob, passphrase,
+		    comment, openssh_format_cipher, openssh_format_rounds);
+	case SSHKEY_PRIVATE_PEM:
+	case SSHKEY_PRIVATE_PKCS8:
+		return sshkey_private_to_blob_pem_pkcs8(key, blob,
+		    format, passphrase, comment);
+	default:
+		return SSH_ERR_INVALID_ARGUMENT;
+	}
+#endif /* WITH_OPENSSL */
 }
 
 
@@ -4083,7 +4351,7 @@
  * maxsign times.
  */
 int
-sshkey_private_serialize_maxsign(const struct sshkey *k, struct sshbuf *b,
+sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b,
     u_int32_t maxsign, sshkey_printfn *pr)
 {
 	int r, rupdate;
@@ -4137,7 +4405,7 @@
 }
 #else
 int
-sshkey_private_serialize_maxsign(const struct sshkey *k, struct sshbuf *b,
+sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b,
     u_int32_t maxsign, sshkey_printfn *pr)
 {
 	return sshkey_private_serialize_opt(k, b, SSHKEY_SERIALIZE_DEFAULT);
Index: sshlogin.c
===================================================================
--- sshlogin.c
+++ sshlogin.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshlogin.c,v 1.33 2018/07/09 21:26:02 markus Exp $ */
+/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
Index: sshpty.c
===================================================================
--- sshpty.c
+++ sshpty.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshpty.c,v 1.31 2016/11/29 03:54:50 dtucker Exp $ */
+/* $OpenBSD: sshpty.c,v 1.34 2019/07/04 16:20:10 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -68,7 +68,7 @@
 	int i;
 
 	i = openpty(ptyfd, ttyfd, NULL, NULL, NULL);
-	if (i < 0) {
+	if (i == -1) {
 		error("openpty: %.100s", strerror(errno));
 		return 0;
 	}
@@ -86,9 +86,9 @@
 pty_release(const char *tty)
 {
 #if !defined(__APPLE_PRIVPTY__) && !defined(HAVE_OPENPTY)
-	if (chown(tty, (uid_t) 0, (gid_t) 0) < 0)
+	if (chown(tty, (uid_t) 0, (gid_t) 0) == -1)
 		error("chown %.100s 0 0 failed: %.100s", tty, strerror(errno));
-	if (chmod(tty, (mode_t) 0666) < 0)
+	if (chmod(tty, (mode_t) 0666) == -1)
 		error("chmod %.100s 0666 failed: %.100s", tty, strerror(errno));
 #endif /* !__APPLE_PRIVPTY__ && !HAVE_OPENPTY */
 }
@@ -108,7 +108,7 @@
 		close(fd);
 	}
 #endif /* TIOCNOTTY */
-	if (setsid() < 0)
+	if (setsid() == -1)
 		error("setsid: %.100s", strerror(errno));
 
 	/*
@@ -131,14 +131,14 @@
 		error("SETPGRP %s",strerror(errno));
 #endif /* NEED_SETPGRP */
 	fd = open(tty, O_RDWR);
-	if (fd < 0)
+	if (fd == -1)
 		error("%.100s: %.100s", tty, strerror(errno));
 	else
 		close(fd);
 
 	/* Verify that we now have a controlling tty. */
 	fd = open(_PATH_TTY, O_WRONLY);
-	if (fd < 0)
+	if (fd == -1)
 		error("open /dev/tty failed - could not set controlling tty: %.100s",
 		    strerror(errno));
 	else
@@ -171,6 +171,8 @@
 
 	/* Determine the group to make the owner of the tty. */
 	grp = getgrnam("tty");
+	if (grp == NULL)
+		debug("%s: no tty group", __func__);
 	gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid;
 	mode = (grp != NULL) ? 0620 : 0600;
 
@@ -179,7 +181,7 @@
 	 * Warn but continue if filesystem is read-only and the uids match/
 	 * tty is owned by root.
 	 */
-	if (stat(tty, &st))
+	if (stat(tty, &st) == -1)
 		fatal("stat(%.100s) failed: %.100s", tty,
 		    strerror(errno));
 
@@ -188,7 +190,7 @@
 #endif
 
 	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
-		if (chown(tty, pw->pw_uid, gid) < 0) {
+		if (chown(tty, pw->pw_uid, gid) == -1) {
 			if (errno == EROFS &&
 			    (st.st_uid == pw->pw_uid || st.st_uid == 0))
 				debug("chown(%.100s, %u, %u) failed: %.100s",
@@ -202,7 +204,7 @@
 	}
 
 	if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) {
-		if (chmod(tty, mode) < 0) {
+		if (chmod(tty, mode) == -1) {
 			if (errno == EROFS &&
 			    (st.st_mode & (S_IRGRP | S_IROTH)) == 0)
 				debug("chmod(%.100s, 0%o) failed: %.100s",
Index: sshsig.h
===================================================================
--- /dev/null
+++ sshsig.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright (c) 2019 Google LLC
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef SSHSIG_H
+#define SSHSIG_H
+
+struct sshbuf;
+struct sshkey;
+struct sshsigopt;
+
+typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
+    const u_char *, size_t, const char *, u_int, void *);
+
+/* Buffer-oriented API */
+
+/*
+ * Creates a detached SSH signature for a given buffer.
+ * Returns 0 on success or a negative SSH_ERR_* error code on failure.
+ * out is populated with the detached signature, or NULL on failure.
+ */
+int sshsig_signb(struct sshkey *key, const char *hashalg,
+    const struct sshbuf *message, const char *sig_namespace,
+    struct sshbuf **out, sshsig_signer *signer, void *signer_ctx);
+
+/*
+ * Verifies that a detached signature is valid and optionally returns key
+ * used to sign via argument.
+ * Returns 0 on success or a negative SSH_ERR_* error code on failure.
+ */
+int sshsig_verifyb(struct sshbuf *signature,
+    const struct sshbuf *message, const char *sig_namespace,
+    struct sshkey **sign_keyp);
+
+/* File/FD-oriented API */
+
+/*
+ * Creates a detached SSH signature for a given file.
+ * Returns 0 on success or a negative SSH_ERR_* error code on failure.
+ * out is populated with the detached signature, or NULL on failure.
+ */
+int sshsig_sign_fd(struct sshkey *key, const char *hashalg,
+    int fd, const char *sig_namespace, struct sshbuf **out,
+    sshsig_signer *signer, void *signer_ctx);
+
+/*
+ * Verifies that a detached signature over a file is valid and optionally
+ * returns key used to sign via argument.
+ * Returns 0 on success or a negative SSH_ERR_* error code on failure.
+ */
+int sshsig_verify_fd(struct sshbuf *signature, int fd,
+    const char *sig_namespace, struct sshkey **sign_keyp);
+
+/* Utility functions */
+
+/*
+ * Return a base64 encoded "ASCII armoured" version of a raw signature.
+ */
+int sshsig_armor(const struct sshbuf *blob, struct sshbuf **out);
+
+/*
+ * Decode a base64 encoded armoured signature to a raw signature.
+ */
+int sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out);
+
+/*
+ * Checks whether a particular key/principal/namespace is permitted by
+ * an allowed_keys file. Returns 0 on success.
+ */
+int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
+    const char *principal, const char *ns);
+
+/* Parse zero or more allowed_keys signature options */
+struct sshsigopt *sshsigopt_parse(const char *opts,
+    const char *path, u_long linenum, const char **errstrp);
+
+/* Free signature options */
+void sshsigopt_free(struct sshsigopt *opts);
+
+#endif /* SSHSIG_H */
Index: sshsig.c
===================================================================
--- /dev/null
+++ sshsig.c
@@ -0,0 +1,801 @@
+/*
+ * Copyright (c) 2019 Google LLC
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "authfd.h"
+#include "authfile.h"
+#include "log.h"
+#include "misc.h"
+#include "sshbuf.h"
+#include "sshsig.h"
+#include "ssherr.h"
+#include "sshkey.h"
+#include "match.h"
+#include "digest.h"
+
+#define SIG_VERSION		0x01
+#define MAGIC_PREAMBLE		"SSHSIG"
+#define MAGIC_PREAMBLE_LEN	(sizeof(MAGIC_PREAMBLE) - 1)
+#define BEGIN_SIGNATURE		"-----BEGIN SSH SIGNATURE-----\n"
+#define END_SIGNATURE		"-----END SSH SIGNATURE-----"
+#define RSA_SIGN_ALG		"rsa-sha2-512" /* XXX maybe make configurable */
+#define RSA_SIGN_ALLOWED	"rsa-sha2-512,rsa-sha2-256"
+#define HASHALG_DEFAULT		"sha512" /* XXX maybe make configurable */
+#define HASHALG_ALLOWED		"sha256,sha512"
+
+int
+sshsig_armor(const struct sshbuf *blob, struct sshbuf **out)
+{
+	struct sshbuf *buf = NULL;
+	int r = SSH_ERR_INTERNAL_ERROR;
+
+	*out = NULL;
+
+	if ((buf = sshbuf_new()) == NULL) {
+		error("%s: sshbuf_new failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+
+	if ((r = sshbuf_put(buf, BEGIN_SIGNATURE,
+	    sizeof(BEGIN_SIGNATURE)-1)) != 0) {
+		error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r));
+		goto out;
+	}
+
+	if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) {
+		error("%s: Couldn't base64 encode signature blob: %s",
+		    __func__, ssh_err(r));
+		goto out;
+	}
+
+	if ((r = sshbuf_put(buf, END_SIGNATURE,
+	    sizeof(END_SIGNATURE)-1)) != 0 ||
+	    (r = sshbuf_put_u8(buf, '\n')) != 0) {
+		error("%s: sshbuf_put failed: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	/* success */
+	*out = buf;
+	buf = NULL; /* transferred */
+	r = 0;
+ out:
+	sshbuf_free(buf);
+	return r;
+}
+
+int
+sshsig_dearmor(struct sshbuf *sig, struct sshbuf **out)
+{
+	int r;
+	size_t eoffset = 0;
+	struct sshbuf *buf = NULL;
+	struct sshbuf *sbuf = NULL;
+	char *b64 = NULL;
+
+	if ((sbuf = sshbuf_fromb(sig)) == NULL) {
+		error("%s: sshbuf_fromb failed", __func__);
+		return SSH_ERR_ALLOC_FAIL;
+	}
+
+	if ((r = sshbuf_cmp(sbuf, 0,
+	    BEGIN_SIGNATURE, sizeof(BEGIN_SIGNATURE)-1)) != 0) {
+		error("Couldn't parse signature: missing header");
+		goto done;
+	}
+
+	if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) {
+		error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r));
+		goto done;
+	}
+
+	if ((r = sshbuf_find(sbuf, 0, "\n" END_SIGNATURE,
+	    sizeof("\n" END_SIGNATURE)-1, &eoffset)) != 0) {
+		error("Couldn't parse signature: missing footer");
+		goto done;
+	}
+
+	if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) {
+		error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r));
+		goto done;
+	}
+
+	if ((b64 = sshbuf_dup_string(sbuf)) == NULL) {
+		error("%s: sshbuf_dup_string failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto done;
+	}
+
+	if ((buf = sshbuf_new()) == NULL) {
+		error("%s: sshbuf_new() failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto done;
+	}
+
+	if ((r = sshbuf_b64tod(buf, b64)) != 0) {
+		error("Couldn't decode signature: %s", ssh_err(r));
+		goto done;
+	}
+
+	/* success */
+	*out = buf;
+	r = 0;
+	buf = NULL; /* transferred */
+done:
+	sshbuf_free(buf);
+	sshbuf_free(sbuf);
+	free(b64);
+	return r;
+}
+
+static int
+sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
+    const struct sshbuf *h_message, const char *sig_namespace,
+    struct sshbuf **out, sshsig_signer *signer, void *signer_ctx)
+{
+	int r;
+	size_t slen = 0;
+	u_char *sig = NULL;
+	struct sshbuf *blob = NULL;
+	struct sshbuf *tosign = NULL;
+	const char *sign_alg = NULL;
+
+	if ((tosign = sshbuf_new()) == NULL ||
+	    (blob = sshbuf_new()) == NULL) {
+		error("%s: sshbuf_new failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto done;
+	}
+
+	if ((r = sshbuf_put(tosign, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 ||
+	    (r = sshbuf_put_cstring(tosign, sig_namespace)) != 0 ||
+	    (r = sshbuf_put_string(tosign, NULL, 0)) != 0 || /* reserved */
+	    (r = sshbuf_put_cstring(tosign, hashalg)) != 0 ||
+	    (r = sshbuf_put_stringb(tosign, h_message)) != 0) {
+		error("Couldn't construct message to sign: %s", ssh_err(r));
+		goto done;
+	}
+
+	/* If using RSA keys then default to a good signature algorithm */
+	if (sshkey_type_plain(key->type) == KEY_RSA)
+		sign_alg = RSA_SIGN_ALG;
+
+	if (signer != NULL) {
+		if ((r = signer(key, &sig, &slen,
+		    sshbuf_ptr(tosign), sshbuf_len(tosign),
+		    sign_alg, 0, signer_ctx)) != 0) {
+			error("Couldn't sign message: %s", ssh_err(r));
+			goto done;
+		}
+	} else {
+		if ((r = sshkey_sign(key, &sig, &slen,
+		    sshbuf_ptr(tosign), sshbuf_len(tosign),
+		    sign_alg, 0)) != 0) {
+			error("Couldn't sign message: %s", ssh_err(r));
+			goto done;
+		}
+	}
+
+	if ((r = sshbuf_put(blob, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 ||
+	    (r = sshbuf_put_u32(blob, SIG_VERSION)) != 0 ||
+	    (r = sshkey_puts(key, blob)) != 0 ||
+	    (r = sshbuf_put_cstring(blob, sig_namespace)) != 0 ||
+	    (r = sshbuf_put_string(blob, NULL, 0)) != 0 || /* reserved */
+	    (r = sshbuf_put_cstring(blob, hashalg)) != 0 ||
+	    (r = sshbuf_put_string(blob, sig, slen)) != 0) {
+		error("Couldn't populate blob: %s", ssh_err(r));
+		goto done;
+	}
+
+	*out = blob;
+	blob = NULL;
+	r = 0;
+done:
+	free(sig);
+	sshbuf_free(blob);
+	sshbuf_free(tosign);
+	return r;
+}
+
+/* Check preamble and version. */
+static int
+sshsig_parse_preamble(struct sshbuf *buf)
+{
+	int r = SSH_ERR_INTERNAL_ERROR;
+	uint32_t sversion;
+
+	if ((r = sshbuf_cmp(buf, 0, MAGIC_PREAMBLE, MAGIC_PREAMBLE_LEN)) != 0 ||
+	    (r = sshbuf_consume(buf, (sizeof(MAGIC_PREAMBLE)-1))) != 0 ||
+	    (r = sshbuf_get_u32(buf, &sversion)) != 0) {
+		error("Couldn't verify signature: invalid format");
+		return r;
+	}
+
+	if (sversion > SIG_VERSION) {
+		error("Signature version %lu is larger than supported "
+		    "version %u", (unsigned long)sversion, SIG_VERSION);
+		return SSH_ERR_INVALID_FORMAT;
+	}
+	return 0;
+}
+
+static int
+sshsig_check_hashalg(const char *hashalg)
+{
+	if (hashalg == NULL ||
+	    match_pattern_list(hashalg, HASHALG_ALLOWED, 0) == 1)
+		return 0;
+	error("%s: unsupported hash algorithm \"%.100s\"", __func__, hashalg);
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+
+static int
+sshsig_peek_hashalg(struct sshbuf *signature, char **hashalgp)
+{
+	struct sshbuf *buf = NULL;
+	char *hashalg = NULL;
+	int r = SSH_ERR_INTERNAL_ERROR;
+
+	if (hashalgp != NULL)
+		*hashalgp = NULL;
+	if ((buf = sshbuf_fromb(signature)) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = sshsig_parse_preamble(buf)) != 0)
+		goto done;
+	if ((r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0 ||
+	    (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0 ||
+	    (r = sshbuf_get_string(buf, NULL, NULL)) != 0 ||
+	    (r = sshbuf_get_cstring(buf, &hashalg, NULL)) != 0 ||
+	    (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0) {
+		error("Couldn't parse signature blob: %s", ssh_err(r));
+		goto done;
+	}
+
+	/* success */
+	r = 0;
+	*hashalgp = hashalg;
+	hashalg = NULL;
+ done:
+	free(hashalg);
+	sshbuf_free(buf);
+	return r;
+}
+
+static int
+sshsig_wrap_verify(struct sshbuf *signature, const char *hashalg,
+    const struct sshbuf *h_message, const char *expect_namespace,
+    struct sshkey **sign_keyp)
+{
+	int r = SSH_ERR_INTERNAL_ERROR;
+	struct sshbuf *buf = NULL, *toverify = NULL;
+	struct sshkey *key = NULL;
+	const u_char *sig;
+	char *got_namespace = NULL, *sigtype = NULL, *sig_hashalg = NULL;
+	size_t siglen;
+
+	debug("%s: verify message length %zu", __func__, sshbuf_len(h_message));
+	if (sign_keyp != NULL)
+		*sign_keyp = NULL;
+
+	if ((toverify = sshbuf_new()) == NULL) {
+		error("%s: sshbuf_new failed", __func__);
+		r = SSH_ERR_ALLOC_FAIL;
+		goto done;
+	}
+	if ((r = sshbuf_put(toverify, MAGIC_PREAMBLE,
+	    MAGIC_PREAMBLE_LEN)) != 0 ||
+	    (r = sshbuf_put_cstring(toverify, expect_namespace)) != 0 ||
+	    (r = sshbuf_put_string(toverify, NULL, 0)) != 0 || /* reserved */
+	    (r = sshbuf_put_cstring(toverify, hashalg)) != 0 ||
+	    (r = sshbuf_put_stringb(toverify, h_message)) != 0) {
+		error("Couldn't construct message to verify: %s", ssh_err(r));
+		goto done;
+	}
+
+	if ((r = sshsig_parse_preamble(signature)) != 0)
+		goto done;
+
+	if ((r = sshkey_froms(signature, &key)) != 0 ||
+	    (r = sshbuf_get_cstring(signature, &got_namespace, NULL)) != 0 ||
+	    (r = sshbuf_get_string(signature, NULL, NULL)) != 0 ||
+	    (r = sshbuf_get_cstring(signature, &sig_hashalg, NULL)) != 0 ||
+	    (r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) {
+		error("Couldn't parse signature blob: %s", ssh_err(r));
+		goto done;
+	}
+
+	if (sshbuf_len(signature) != 0) {
+		error("Signature contains trailing data");
+		r = SSH_ERR_INVALID_FORMAT;
+		goto done;
+	}
+
+	if (strcmp(expect_namespace, got_namespace) != 0) {
+		error("Couldn't verify signature: namespace does not match");
+		debug("%s: expected namespace \"%s\" received \"%s\"",
+		    __func__, expect_namespace, got_namespace);
+		r = SSH_ERR_SIGNATURE_INVALID;
+		goto done;
+	}
+	if (strcmp(hashalg, sig_hashalg) != 0) {
+		error("Couldn't verify signature: hash algorithm mismatch");
+		debug("%s: expected algorithm \"%s\" received \"%s\"",
+		    __func__, hashalg, sig_hashalg);
+		r = SSH_ERR_SIGNATURE_INVALID;
+		goto done;
+	}
+	/* Ensure that RSA keys use an acceptable signature algorithm */
+	if (sshkey_type_plain(key->type) == KEY_RSA) {
+		if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) {
+			error("Couldn't verify signature: unable to get "
+			    "signature type: %s", ssh_err(r));
+			goto done;
+		}
+		if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED, 0) != 1) {
+			error("Couldn't verify signature: unsupported RSA "
+			    "signature algorithm %s", sigtype);
+			r = SSH_ERR_SIGN_ALG_UNSUPPORTED;
+			goto done;
+		}
+	}
+	if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify),
+	    sshbuf_len(toverify), NULL, 0)) != 0) {
+		error("Signature verification failed: %s", ssh_err(r));
+		goto done;
+	}
+
+	/* success */
+	r = 0;
+	if (sign_keyp != NULL) {
+		*sign_keyp = key;
+		key = NULL; /* transferred */
+	}
+done:
+	free(got_namespace);
+	free(sigtype);
+	free(sig_hashalg);
+	sshbuf_free(buf);
+	sshbuf_free(toverify);
+	sshkey_free(key);
+	return r;
+}
+
+static int
+hash_buffer(const struct sshbuf *m, const char *hashalg, struct sshbuf **bp)
+{
+	char *hex, hash[SSH_DIGEST_MAX_LENGTH];
+	int alg, r = SSH_ERR_INTERNAL_ERROR;
+	struct sshbuf *b = NULL;
+
+	*bp = NULL;
+	memset(hash, 0, sizeof(hash));
+
+	if ((r = sshsig_check_hashalg(hashalg)) != 0)
+		return r;
+	if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) {
+		error("%s: can't look up hash algorithm %s",
+		    __func__, hashalg);
+		return SSH_ERR_INTERNAL_ERROR;
+	}
+	if ((r = ssh_digest_buffer(alg, m, hash, sizeof(hash))) != 0) {
+		error("%s: ssh_digest_buffer failed: %s", __func__, ssh_err(r));
+		return r;
+	}
+	if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) {
+		debug3("%s: final hash: %s", __func__, hex);
+		freezero(hex, strlen(hex));
+	}
+	if ((b = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) {
+		error("%s: sshbuf_put: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	*bp = b;
+	b = NULL; /* transferred */
+	/* success */
+	r = 0;
+ out:
+	sshbuf_free(b);
+	explicit_bzero(hash, sizeof(hash));
+	return 0;
+}
+
+int
+sshsig_signb(struct sshkey *key, const char *hashalg,
+    const struct sshbuf *message, const char *sig_namespace,
+    struct sshbuf **out, sshsig_signer *signer, void *signer_ctx)
+{
+	struct sshbuf *b = NULL;
+	int r = SSH_ERR_INTERNAL_ERROR;
+
+	if (hashalg == NULL)
+		hashalg = HASHALG_DEFAULT;
+	if (out != NULL)
+		*out = NULL;
+	if ((r = hash_buffer(message, hashalg, &b)) != 0) {
+		error("%s: hash_buffer failed: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out,
+	    signer, signer_ctx)) != 0)
+		goto out;
+	/* success */
+	r = 0;
+ out:
+	sshbuf_free(b);
+	return r;
+}
+
+int
+sshsig_verifyb(struct sshbuf *signature, const struct sshbuf *message,
+    const char *expect_namespace, struct sshkey **sign_keyp)
+{
+	struct sshbuf *b = NULL;
+	int r = SSH_ERR_INTERNAL_ERROR;
+	char *hashalg = NULL;
+
+	if (sign_keyp != NULL)
+		*sign_keyp = NULL;
+
+	if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
+		return r;
+	debug("%s: signature made with hash \"%s\"", __func__, hashalg);
+	if ((r = hash_buffer(message, hashalg, &b)) != 0) {
+		error("%s: hash_buffer failed: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
+	    sign_keyp)) != 0)
+		goto out;
+	/* success */
+	r = 0;
+ out:
+	sshbuf_free(b);
+	free(hashalg);
+	return r;
+}
+
+static int
+hash_file(int fd, const char *hashalg, struct sshbuf **bp)
+{
+	char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH];
+	ssize_t n, total = 0;
+	struct ssh_digest_ctx *ctx;
+	int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR;
+	struct sshbuf *b = NULL;
+
+	*bp = NULL;
+	memset(hash, 0, sizeof(hash));
+
+	if ((r = sshsig_check_hashalg(hashalg)) != 0)
+		return r;
+	if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) {
+		error("%s: can't look up hash algorithm %s",
+		    __func__, hashalg);
+		return SSH_ERR_INTERNAL_ERROR;
+	}
+	if ((ctx = ssh_digest_start(alg)) == NULL) {
+		error("%s: ssh_digest_start failed", __func__);
+		return SSH_ERR_INTERNAL_ERROR;
+	}
+	for (;;) {
+		if ((n = read(fd, rbuf, sizeof(rbuf))) == -1) {
+			if (errno == EINTR || errno == EAGAIN)
+				continue;
+			oerrno = errno;
+			error("%s: read: %s", __func__, strerror(errno));
+			ssh_digest_free(ctx);
+			errno = oerrno;
+			r = SSH_ERR_SYSTEM_ERROR;
+			goto out;
+		} else if (n == 0) {
+			debug2("%s: hashed %zu bytes", __func__, total);
+			break; /* EOF */
+		}
+		total += (size_t)n;
+		if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) {
+			error("%s: ssh_digest_update: %s",
+			    __func__, ssh_err(r));
+			goto out;
+		}
+	}
+	if ((r = ssh_digest_final(ctx, hash, sizeof(hash))) != 0) {
+		error("%s: ssh_digest_final: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) {
+		debug3("%s: final hash: %s", __func__, hex);
+		freezero(hex, strlen(hex));
+	}
+	if ((b = sshbuf_new()) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) {
+		error("%s: sshbuf_put: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	*bp = b;
+	b = NULL; /* transferred */
+	/* success */
+	r = 0;
+ out:
+	sshbuf_free(b);
+	ssh_digest_free(ctx);
+	explicit_bzero(hash, sizeof(hash));
+	return 0;
+}
+
+int
+sshsig_sign_fd(struct sshkey *key, const char *hashalg,
+    int fd, const char *sig_namespace, struct sshbuf **out,
+    sshsig_signer *signer, void *signer_ctx)
+{
+	struct sshbuf *b = NULL;
+	int r = SSH_ERR_INTERNAL_ERROR;
+
+	if (hashalg == NULL)
+		hashalg = HASHALG_DEFAULT;
+	if (out != NULL)
+		*out = NULL;
+	if ((r = hash_file(fd, hashalg, &b)) != 0) {
+		error("%s: hash_file failed: %s", __func__, ssh_err(r));
+		return r;
+	}
+	if ((r = sshsig_wrap_sign(key, hashalg, b, sig_namespace, out,
+	    signer, signer_ctx)) != 0)
+		goto out;
+	/* success */
+	r = 0;
+ out:
+	sshbuf_free(b);
+	return r;
+}
+
+int
+sshsig_verify_fd(struct sshbuf *signature, int fd,
+    const char *expect_namespace, struct sshkey **sign_keyp)
+{
+	struct sshbuf *b = NULL;
+	int r = SSH_ERR_INTERNAL_ERROR;
+	char *hashalg = NULL;
+
+	if (sign_keyp != NULL)
+		*sign_keyp = NULL;
+
+	if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
+		return r;
+	debug("%s: signature made with hash \"%s\"", __func__, hashalg);
+	if ((r = hash_file(fd, hashalg, &b)) != 0) {
+		error("%s: hash_file failed: %s", __func__, ssh_err(r));
+		goto out;
+	}
+	if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
+	    sign_keyp)) != 0)
+		goto out;
+	/* success */
+	r = 0;
+ out:
+	sshbuf_free(b);
+	free(hashalg);
+	return r;
+}
+
+struct sshsigopt {
+	int ca;
+	char *namespaces;
+};
+
+struct sshsigopt *
+sshsigopt_parse(const char *opts, const char *path, u_long linenum,
+    const char **errstrp)
+{
+	struct sshsigopt *ret;
+	int r;
+	const char *errstr = NULL;
+
+	if ((ret = calloc(1, sizeof(*ret))) == NULL)
+		return NULL;
+	if (opts == NULL || *opts == '\0')
+		return ret; /* Empty options yields empty options :) */
+
+	while (*opts && *opts != ' ' && *opts != '\t') {
+		/* flag options */
+		if ((r = opt_flag("cert-authority", 0, &opts)) != -1) {
+			ret->ca = 1;
+		} else if (opt_match(&opts, "namespaces")) {
+			if (ret->namespaces != NULL) {
+				errstr = "multiple \"namespaces\" clauses";
+				goto fail;
+			}
+			ret->namespaces = opt_dequote(&opts, &errstr);
+			if (ret->namespaces == NULL)
+				goto fail;
+		}
+		/*
+		 * Skip the comma, and move to the next option
+		 * (or break out if there are no more).
+		 */
+		if (*opts == '\0' || *opts == ' ' || *opts == '\t')
+			break;		/* End of options. */
+		/* Anything other than a comma is an unknown option */
+		if (*opts != ',') {
+			errstr = "unknown key option";
+			goto fail;
+		}
+		opts++;
+		if (*opts == '\0') {
+			errstr = "unexpected end-of-options";
+			goto fail;
+		}
+	}
+	/* success */
+	return ret;
+ fail:
+	if (errstrp != NULL)
+		*errstrp = errstr;
+	sshsigopt_free(ret);
+	return NULL;
+}
+
+void
+sshsigopt_free(struct sshsigopt *opts)
+{
+	if (opts == NULL)
+		return;
+	free(opts->namespaces);
+	free(opts);
+}
+
+static int
+check_allowed_keys_line(const char *path, u_long linenum, char *line,
+    const struct sshkey *sign_key, const char *principal,
+    const char *sig_namespace)
+{
+	struct sshkey *found_key = NULL;
+	char *cp, *opts = NULL, *identities = NULL;
+	int r, found = 0;
+	const char *reason = NULL;
+	struct sshsigopt *sigopts = NULL;
+
+	if ((found_key = sshkey_new(KEY_UNSPEC)) == NULL) {
+		error("%s: sshkey_new failed", __func__);
+		return SSH_ERR_ALLOC_FAIL;
+	}
+
+	/* format: identity[,identity...] [option[,option...]] key */
+	cp = line;
+	cp = cp + strspn(cp, " \t"); /* skip leading whitespace */
+	if (*cp == '#' || *cp == '\0')
+		goto done;
+	if ((identities = strdelimw(&cp)) == NULL) {
+		error("%s:%lu: invalid line", path, linenum);
+		goto done;
+	}
+	if (match_pattern_list(principal, identities, 0) != 1) {
+		/* principal didn't match */
+		goto done;
+	}
+	debug("%s: %s:%lu: matched principal \"%s\"",
+	    __func__, path, linenum, principal);
+
+	if (sshkey_read(found_key, &cp) != 0) {
+		/* no key? Check for options */
+		opts = cp;
+		if (sshkey_advance_past_options(&cp) != 0) {
+			error("%s:%lu: invalid options",
+			    path, linenum);
+			goto done;
+		}
+		*cp++ = '\0';
+		skip_space(&cp);
+		if (sshkey_read(found_key, &cp) != 0) {
+			error("%s:%lu: invalid key", path,
+			    linenum);
+			goto done;
+		}
+	}
+	debug3("%s:%lu: options %s", path, linenum, opts == NULL ? "" : opts);
+	if ((sigopts = sshsigopt_parse(opts, path, linenum, &reason)) == NULL) {
+		error("%s:%lu: bad options: %s", path, linenum, reason);
+		goto done;
+	}
+
+	/* Check whether options preclude the use of this key */
+	if (sigopts->namespaces != NULL &&
+	    match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) {
+		error("%s:%lu: key is not permitted for use in signature "
+		    "namespace \"%s\"", path, linenum, sig_namespace);
+		goto done;
+	}
+
+	if (!sigopts->ca && sshkey_equal(found_key, sign_key)) {
+		/* Exact match of key */
+		debug("%s:%lu: matched key and principal", path, linenum);
+		/* success */
+		found = 1;
+	} else if (sigopts->ca && sshkey_is_cert(sign_key) &&
+	    sshkey_equal_public(sign_key->cert->signature_key, found_key)) {
+		/* Match of certificate's CA key */
+		if ((r = sshkey_cert_check_authority(sign_key, 0, 1,
+		    principal, &reason)) != 0) {
+			error("%s:%lu: certificate not authorized: %s",
+			    path, linenum, reason);
+			goto done;
+		}
+		debug("%s:%lu: matched certificate CA key", path, linenum);
+		/* success */
+		found = 1;
+	} else {
+		/* Principal matched but key didn't */
+		goto done;
+	}
+ done:
+	sshkey_free(found_key);
+	sshsigopt_free(sigopts);
+	return found ? 0 : SSH_ERR_KEY_NOT_FOUND;
+}
+
+int
+sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
+    const char *principal, const char *sig_namespace)
+{
+	FILE *f = NULL;
+	char *line = NULL;
+	size_t linesize = 0;
+	u_long linenum = 0;
+	int r, oerrno;
+
+	/* Check key and principal against file */
+	if ((f = fopen(path, "r")) == NULL) {
+		oerrno = errno;
+		error("Unable to open allowed keys file \"%s\": %s",
+		    path, strerror(errno));
+		errno = oerrno;
+		return SSH_ERR_SYSTEM_ERROR;
+	}
+
+	while (getline(&line, &linesize, f) != -1) {
+		linenum++;
+		r = check_allowed_keys_line(path, linenum, line, sign_key,
+		    principal, sig_namespace);
+		free(line);
+		line = NULL;
+		if (r == SSH_ERR_KEY_NOT_FOUND)
+			continue;
+		else if (r == 0) {
+			/* success */
+			fclose(f);
+			return 0;
+		} else
+			break;
+	}
+	/* Either we hit an error parsing or we simply didn't find the key */
+	fclose(f);
+	free(line);
+	return r == 0 ? SSH_ERR_KEY_NOT_FOUND : r;
+}
Index: uidswap.c
===================================================================
--- uidswap.c
+++ uidswap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */
+/* $OpenBSD: uidswap.c,v 1.42 2019/06/28 13:35:04 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -84,12 +84,12 @@
 	temporarily_use_uid_effective = 1;
 
 	saved_egroupslen = getgroups(0, NULL);
-	if (saved_egroupslen < 0)
+	if (saved_egroupslen == -1)
 		fatal("getgroups: %.100s", strerror(errno));
 	if (saved_egroupslen > 0) {
 		saved_egroups = xreallocarray(saved_egroups,
 		    saved_egroupslen, sizeof(gid_t));
-		if (getgroups(saved_egroupslen, saved_egroups) < 0)
+		if (getgroups(saved_egroupslen, saved_egroups) == -1)
 			fatal("getgroups: %.100s", strerror(errno));
 	} else { /* saved_egroupslen == 0 */
 		free(saved_egroups);
@@ -98,17 +98,17 @@
 
 	/* set and save the user's groups */
 	if (user_groupslen == -1 || user_groups_uid != pw->pw_uid) {
-		if (initgroups(pw->pw_name, pw->pw_gid) < 0)
+		if (initgroups(pw->pw_name, pw->pw_gid) == -1)
 			fatal("initgroups: %s: %.100s", pw->pw_name,
 			    strerror(errno));
 
 		user_groupslen = getgroups(0, NULL);
-		if (user_groupslen < 0)
+		if (user_groupslen == -1)
 			fatal("getgroups: %.100s", strerror(errno));
 		if (user_groupslen > 0) {
 			user_groups = xreallocarray(user_groups,
 			    user_groupslen, sizeof(gid_t));
-			if (getgroups(user_groupslen, user_groups) < 0)
+			if (getgroups(user_groupslen, user_groups) == -1)
 				fatal("getgroups: %.100s", strerror(errno));
 		} else { /* user_groupslen == 0 */
 			free(user_groups);
@@ -117,17 +117,17 @@
 		user_groups_uid = pw->pw_uid;
 	}
 	/* Set the effective uid to the given (unprivileged) uid. */
-	if (setgroups(user_groupslen, user_groups) < 0)
+	if (setgroups(user_groupslen, user_groups) == -1)
 		fatal("setgroups: %.100s", strerror(errno));
 #ifndef SAVED_IDS_WORK_WITH_SETEUID
 	/* Propagate the privileged gid to all of our gids. */
-	if (setgid(getegid()) < 0)
+	if (setgid(getegid()) == -1)
 		debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno));
 	/* Propagate the privileged uid to all of our uids. */
-	if (setuid(geteuid()) < 0)
+	if (setuid(geteuid()) == -1)
 		debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno));
 #endif /* SAVED_IDS_WORK_WITH_SETEUID */
-	if (setegid(pw->pw_gid) < 0)
+	if (setegid(pw->pw_gid) == -1)
 		fatal("setegid %u: %.100s", (u_int)pw->pw_gid,
 		    strerror(errno));
 	if (seteuid(pw->pw_uid) == -1)
@@ -152,9 +152,9 @@
 #ifdef SAVED_IDS_WORK_WITH_SETEUID
 	debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid);
 	/* Set the effective uid back to the saved privileged uid. */
-	if (seteuid(saved_euid) < 0)
+	if (seteuid(saved_euid) == -1)
 		fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno));
-	if (setegid(saved_egid) < 0)
+	if (setegid(saved_egid) == -1)
 		fatal("setegid %u: %.100s", (u_int)saved_egid, strerror(errno));
 #else /* SAVED_IDS_WORK_WITH_SETEUID */
 	/*
@@ -162,11 +162,13 @@
 	 * Propagate the real uid (usually more privileged) to effective uid
 	 * as well.
 	 */
-	setuid(getuid());
-	setgid(getgid());
+	if (setuid(getuid()) == -1)
+		fatal("%s: setuid failed: %s", __func__, strerror(errno));
+	if (setgid(getgid()) == -1)
+		fatal("%s: setgid failed: %s", __func__, strerror(errno));
 #endif /* SAVED_IDS_WORK_WITH_SETEUID */
 
-	if (setgroups(saved_egroupslen, saved_egroups) < 0)
+	if (setgroups(saved_egroupslen, saved_egroups) == -1)
 		fatal("setgroups: %.100s", strerror(errno));
 	temporarily_use_uid_effective = 0;
 }
@@ -190,7 +192,7 @@
 	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
 	    (u_int)pw->pw_gid);
 
-	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0)
+	if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1)
 		fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
 
 #ifdef __APPLE__
@@ -198,12 +200,12 @@
 	 * OS X requires initgroups after setgid to opt back into
 	 * memberd support for >16 supplemental groups.
 	 */
-	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
+	if (initgroups(pw->pw_name, pw->pw_gid) == -1)
 		fatal("initgroups %.100s %u: %.100s",
 		    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
 #endif
 
-	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
+	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1)
 		fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 
 #ifndef NO_UID_RESTORATION_TEST
Index: umac.h
===================================================================
--- umac.h
+++ umac.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.h,v 1.3 2013/07/22 12:20:02 djm Exp $ */
+/* $OpenBSD: umac.h,v 1.4 2019/06/07 14:18:48 dtucker Exp $ */
 /* -----------------------------------------------------------------------
  * 
  * umac.h -- C Implementation UMAC Message Authentication
@@ -39,7 +39,7 @@
   * at http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ (search for
   * "Barreto"). The only two files needed are rijndael-alg-fst.c and
   * rijndael-alg-fst.h.
-  * Brian Gladman's version is distributed with GNU Public lisence
+  * Brian Gladman's version is distributed with GNU Public license
   * and can be found at http://fp.gladman.plus.com/AES/index.htm. It
   * includes a fast IA-32 assembly version.
   *
@@ -107,7 +107,7 @@
                long        len);
 
 int uhash_final(uhash_ctx_t ctx,
-              u_char        ouput[]);
+              u_char        output[]);
 
 int uhash(uhash_ctx_t ctx,
         u_char       *input,
Index: uuencode.h
===================================================================
--- uuencode.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/* $OpenBSD: uuencode.h,v 1.14 2010/08/31 11:54:45 djm Exp $ */
-
-/*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-int	 uuencode(const u_char *, u_int, char *, size_t);
-int	 uudecode(const char *, u_char *, size_t);
-void	 dump_base64(FILE *, const u_char *, u_int);
Index: uuencode.c
===================================================================
--- uuencode.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/* $OpenBSD: uuencode.c,v 1.28 2015/04/24 01:36:24 deraadt Exp $ */
-/*
- * Copyright (c) 2000 Markus Friedl.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <resolv.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "xmalloc.h"
-#include "uuencode.h"
-
-/*
- * Encode binary 'src' of length 'srclength', writing base64-encoded text
- * to 'target' of size 'targsize'. Will always nul-terminate 'target'.
- * Returns the number of bytes stored in 'target' or -1 on error (inc.
- * 'targsize' too small).
- */
-int
-uuencode(const u_char *src, u_int srclength,
-    char *target, size_t targsize)
-{
-	return __b64_ntop(src, srclength, target, targsize);
-}
-
-/*
- * Decode base64-encoded 'src' into buffer 'target' of 'targsize' bytes.
- * Will skip leading and trailing whitespace. Returns the number of bytes
- * stored in 'target' or -1 on error (inc. targsize too small).
- */
-int
-uudecode(const char *src, u_char *target, size_t targsize)
-{
-	int len;
-	char *encoded, *p;
-
-	/* copy the 'readonly' source */
-	encoded = xstrdup(src);
-	/* skip whitespace and data */
-	for (p = encoded; *p == ' ' || *p == '\t'; p++)
-		;
-	for (; *p != '\0' && *p != ' ' && *p != '\t'; p++)
-		;
-	/* and remove trailing whitespace because __b64_pton needs this */
-	*p = '\0';
-	len = __b64_pton(encoded, target, targsize);
-	free(encoded);
-	return len;
-}
-
-void
-dump_base64(FILE *fp, const u_char *data, u_int len)
-{
-	char *buf;
-	int i, n;
-
-	if (len > 65536) {
-		fprintf(fp, "dump_base64: len > 65536\n");
-		return;
-	}
-	buf = xreallocarray(NULL, 2, len);
-	n = uuencode(data, len, buf, 2*len);
-	for (i = 0; i < n; i++) {
-		fprintf(fp, "%c", buf[i]);
-		if (i % 70 == 69)
-			fprintf(fp, "\n");
-	}
-	if (i % 70 != 69)
-		fprintf(fp, "\n");
-	free(buf);
-}
Index: version.h
===================================================================
--- version.h
+++ version.h
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.83 2018/10/10 16:43:49 deraadt Exp $ */
+/* $OpenBSD: version.h,v 1.85 2019/10/09 00:04:57 djm Exp $ */
 
-#define SSH_VERSION	"OpenSSH_7.9"
+#define SSH_VERSION	"OpenSSH_8.1"
 
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
Index: xmalloc.h
===================================================================
--- xmalloc.h
+++ xmalloc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmalloc.h,v 1.17 2017/05/31 09:15:42 deraadt Exp $ */
+/* $OpenBSD: xmalloc.h,v 1.18 2019/06/06 05:13:13 otto Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -16,7 +16,6 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-void	 ssh_malloc_init(void);
 void	*xmalloc(size_t);
 void	*xcalloc(size_t, size_t);
 void	*xreallocarray(void *, size_t, size_t);
Index: xmalloc.c
===================================================================
--- xmalloc.c
+++ xmalloc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmalloc.c,v 1.34 2017/05/31 09:15:42 deraadt Exp $ */
+/* $OpenBSD: xmalloc.c,v 1.35 2019/06/06 05:13:13 otto Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -17,7 +17,7 @@
 
 #include <stdarg.h>
 #ifdef HAVE_STDINT_H
-#include <stdint.h>
+# include <stdint.h>
 #endif
 #include <stdio.h>
 #include <stdlib.h>
@@ -26,15 +26,9 @@
 #include "xmalloc.h"
 #include "log.h"
 
-void
-ssh_malloc_init(void)
-{
 #if defined(__OpenBSD__)
-	extern char *malloc_options;
-
-	malloc_options = "S";
+char *malloc_options = "S";
 #endif /* __OpenBSD__ */
-}
 
 void *
 xmalloc(size_t size)
Index: xmss_commons.c
===================================================================
--- xmss_commons.c
+++ xmss_commons.c
@@ -13,7 +13,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #ifdef HAVE_STDINT_H
-#include <stdint.h>
+# include <stdint.h>
 #endif
 
 void to_byte(unsigned char *out, unsigned long long in, uint32_t bytes)
Index: xmss_fast.c
===================================================================
--- xmss_fast.c
+++ xmss_fast.c
@@ -12,7 +12,7 @@
 #include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_STDINT_H
-#include <stdint.h>
+# include <stdint.h>
 #endif
 
 #include "xmss_fast.h"
Index: xmss_hash.c
===================================================================
--- xmss_hash.c
+++ xmss_hash.c
@@ -15,7 +15,7 @@
 
 #include <stddef.h>
 #ifdef HAVE_STDINT_H
-#include <stdint.h>
+# include <stdint.h>
 #endif
 #include <stdio.h>
 #include <string.h>
Index: xmss_hash_address.c
===================================================================
--- xmss_hash_address.c
+++ xmss_hash_address.c
@@ -9,7 +9,7 @@
 #ifdef WITH_XMSS
 
 #ifdef HAVE_STDINT_H
-#include <stdint.h>
+# include <stdint.h>
 #endif
 #include "xmss_hash_address.h"	/* prototypes */
 
Index: xmss_wots.c
===================================================================
--- xmss_wots.c
+++ xmss_wots.c
@@ -11,7 +11,7 @@
 
 #include <stdlib.h>
 #ifdef HAVE_STDINT_H
-#include <stdint.h>
+# include <stdint.h>
 #endif
 #include <limits.h>
 #include "xmss_commons.h"