commit 439d58769bd64bbad36279188539209f2d4c2b07
author Treehugger Robot <treehugger-gerrit@google.com> Wed Oct 27 23:54:08 2021 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Oct 27 23:54:08 2021 +0000
tree 6a4709841e622abaad951691e859a4ef59044903
parent 393ead3e4a22c473a4d316e47f9bbda36f638188
parent aa1e1baec4e1cdc49d0ee7aec83d07e30adaf19f

Merge "Merge commit 'bf944e3794eff5413f2df1ef37cddf96918c6bde' into HEAD"

.depend

diff --git a/.depend b/.depend
index 1ccc1dc..a94a82d 100644
--- a/.depend
+++ b/.depend
@@ -2,179 +2,182 @@
 # Run "make depend" to rebuild.
 
 # DO NOT DELETE
-addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h match.h log.h
-atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
-audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
-auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
-auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
-auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
-auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h authfile.h
-auth.o: monitor_wrap.h ssherr.h compat.h channels.h
-auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
-auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h canohost.h monitor_wrap.h pathnames.h
-auth2-hostbased.o: ssherr.h match.h
-auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h misc.h servconf.h ssherr.h
-auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h misc.h servconf.h compat.h ssh2.h ssherr.h monitor_wrap.h
-auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
-auth2-pubkey.o: canohost.h monitor_wrap.h authfile.h match.h ssherr.h channels.h session.h sk-api.h
-auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h log.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h uidswap.h auth-options.h
+addr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h
+addrmatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h match.h log.h ssherr.h
+atomicio.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h
+audit-bsm.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+audit-linux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+audit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth-bsdauth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h sshkey.h misc.h servconf.h uidswap.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth-options.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h log.h sshbuf.h misc.h sshkey.h match.h ssh2.h auth-options.h
+auth-pam.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h sshbuf.h ssherr.h log.h misc.h servconf.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h
+auth-rhosts.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h uidswap.h pathnames.h log.h ssherr.h misc.h sshbuf.h sshkey.h servconf.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth-shadow.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth-sia.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth.o: authfile.h monitor_wrap.h compat.h channels.h
+auth.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h groupaccess.h log.h ssherr.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h canohost.h uidswap.h packet.h dispatch.h
+auth2-chall.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h misc.h servconf.h
+auth2-gss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+auth2-hostbased.o: canohost.h monitor_wrap.h pathnames.h match.h
+auth2-hostbased.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth2-kbdint.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h log.h ssherr.h misc.h servconf.h
+auth2-none.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h misc.h servconf.h compat.h ssh2.h monitor_wrap.h
+auth2-passwd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h ssherr.h log.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h monitor_wrap.h misc.h servconf.h
+auth2-pubkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h kex.h mac.h crypto_api.h sshbuf.h log.h ssherr.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+auth2-pubkey.o: pathnames.h uidswap.h auth-options.h canohost.h monitor_wrap.h authfile.h match.h channels.h session.h sk-api.h
 auth2.o: digest.h
-auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h ssherr.h monitor_wrap.h
-authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h atomicio.h misc.h ssherr.h
-authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h ssherr.h krl.h
-bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
-canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h canohost.h misc.h
-chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
-channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
-cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
-cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
-cipher-chachapoly-libcrypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshbuf.h ssherr.h cipher-chachapoly.h chacha.h poly1305.h
-cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
-cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
-clientloop.o: myproposal.h log.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h ssherr.h hostfile.h
-compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h match.h kex.h mac.h crypto_api.h
-dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
-digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h ssherr.h
-dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
-entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
-ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
-groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h
-gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
-hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
-hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h misc.h ssherr.h digest.h hmac.h
-kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h match.h
-kex.o: misc.h monitor.h ssherr.h sshbuf.h digest.h
-kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
-kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
-kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h ssherr.h
-kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-kexsntrup4591761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h
-krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h
-log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h ssherr.h
-logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
-mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
-match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
-md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssh.h sshbuf.h ssherr.h
-moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h ssherr.h sk-api.h
-monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
-monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h monitor_fdpass.h
-monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h
-monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h ssherr.h
-msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
-mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h ssherr.h
-nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
-packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h canohost.h misc.h channels.h ssh.h
-packet.o: packet.h dispatch.h ssherr.h sshbuf.h
-platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h
-platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
-poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
-progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
-readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
+auth2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h atomicio.h xmalloc.h ssh2.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h pathnames.h monitor_wrap.h
+authfd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h compat.h log.h ssherr.h atomicio.h misc.h
+authfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h ssh.h log.h ssherr.h authfile.h misc.h atomicio.h sshkey.h sshbuf.h krl.h
+bitmap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h bitmap.h
+canohost.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h canohost.h misc.h
+chacha.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h chacha.h
+channels.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h ssherr.h sshbuf.h packet.h dispatch.h log.h misc.h channels.h compat.h canohost.h sshkey.h authfd.h pathnames.h match.h
+cipher-aes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h
+cipher-aesctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher-aesctr.h rijndael.h
+cipher-chachapoly-libcrypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+cipher-chachapoly.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h cipher-chachapoly.h chacha.h poly1305.h
+cipher-ctr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+cipher.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h misc.h sshbuf.h ssherr.h digest.h openbsd-compat/openssl-compat.h
+cleanup.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
+clientloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h packet.h dispatch.h sshbuf.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h
+clientloop.o: myproposal.h log.h ssherr.h misc.h readconf.h clientloop.h sshconnect.h authfd.h atomicio.h sshpty.h match.h msg.h hostfile.h
+compat.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h log.h ssherr.h match.h kex.h mac.h crypto_api.h
+dh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+digest-libc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h digest.h
+digest-openssl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+dispatch.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh2.h log.h ssherr.h dispatch.h packet.h openbsd-compat/sys-queue.h compat.h
+dns.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h ssherr.h dns.h log.h digest.h
+ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ge25519.h fe25519.h sc25519.h
+entropy.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+fatal.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
+fe25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h
+ge25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h fe25519.h crypto_api.h sc25519.h ge25519.h ge25519_base.data
+groupaccess.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h groupaccess.h match.h log.h ssherr.h
+gss-genr.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+gss-serv-krb5.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+gss-serv.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
+hmac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h digest.h hmac.h
+hostfile.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h sshkey.h hostfile.h log.h ssherr.h misc.h pathnames.h digest.h hmac.h sshbuf.h
+kex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh.h ssh2.h atomicio.h version.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h
+kex.o: match.h misc.h monitor.h sshbuf.h digest.h
+kexc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h sshbuf.h digest.h ssherr.h ssh2.h
+kexdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexecdh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
+kexgen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshkey.h kex.h mac.h crypto_api.h log.h ssherr.h packet.h openbsd-compat/sys-queue.h dispatch.h ssh2.h sshbuf.h digest.h
+kexgex.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexgexc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexgexs.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+kexsntrup761x25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h
+krl.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h sshbuf.h ssherr.h sshkey.h authfile.h misc.h log.h digest.h bitmap.h utf8.h krl.h
+log.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h match.h
+loginrec.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h hostfile.h ssh.h loginrec.h log.h ssherr.h atomicio.h packet.h openbsd-compat/sys-queue.h dispatch.h canohost.h auth.h auth-pam.h audit.h sshbuf.h
+logintest.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h loginrec.h
+mac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h digest.h hmac.h umac.h mac.h misc.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
+match.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h match.h misc.h
+md5crypt.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h log.h ssherr.h ssh.h sshbuf.h
+moduli.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+monitor.o: chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h dh.h packet.h dispatch.h auth-options.h sshpty.h channels.h session.h sshlogin.h canohost.h log.h ssherr.h misc.h servconf.h monitor.h monitor_wrap.h monitor_fdpass.h compat.h ssh2.h authfd.h match.h sk-api.h
+monitor.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h openbsd-compat/openssl-compat.h atomicio.h xmalloc.h ssh.h sshkey.h sshbuf.h hostfile.h auth.h auth-pam.h audit.h loginrec.h cipher.h cipher-chachapoly.h
+monitor_fdpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h monitor_fdpass.h
+monitor_wrap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h
+monitor_wrap.o: loginrec.h auth-options.h packet.h dispatch.h log.h ssherr.h monitor.h monitor_wrap.h atomicio.h monitor_fdpass.h misc.h channels.h session.h servconf.h
+msg.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshbuf.h ssherr.h log.h atomicio.h msg.h misc.h
+mux.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h log.h ssherr.h ssh.h ssh2.h pathnames.h misc.h match.h sshbuf.h channels.h msg.h packet.h dispatch.h monitor_fdpass.h sshpty.h sshkey.h readconf.h clientloop.h
+nchan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h ssh2.h sshbuf.h ssherr.h packet.h dispatch.h channels.h compat.h log.h
+packet.o: channels.h ssh.h packet.h dispatch.h sshbuf.h
+packet.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h compat.h ssh2.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h digest.h log.h ssherr.h canohost.h misc.h
+platform-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+platform-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+platform-tracing.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h
+platform.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h misc.h servconf.h openbsd-compat/sys-queue.h sshkey.h hostfile.h auth.h auth-pam.h audit.h loginrec.h
+poly1305.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h poly1305.h
+progressmeter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h progressmeter.h atomicio.h misc.h utf8.h
+readconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h ssherr.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h pathnames.h log.h sshkey.h misc.h readconf.h match.h kex.h mac.h crypto_api.h
 readconf.o: uidswap.h myproposal.h digest.h
-readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssh.h uidswap.h
-rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
-sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
-scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h atomicio.h pathnames.h log.h misc.h progressmeter.h utf8.h
-servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h
-servconf.o: mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h ssherr.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
-serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
-serverloop.o: rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h ssherr.h
-session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
+readpass.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h misc.h pathnames.h log.h ssherr.h ssh.h uidswap.h
+rijndael.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h rijndael.h
+sandbox-capsicum.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-darwin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-null.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-pledge.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-rlimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-seccomp-filter.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-solaris.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sandbox-systrace.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sc25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sc25519.h crypto_api.h
+scp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h xmalloc.h ssh.h atomicio.h pathnames.h log.h ssherr.h misc.h progressmeter.h utf8.h sftp-common.h sftp-client.h
+servconf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/glob.h openbsd-compat/sys-queue.h xmalloc.h ssh.h log.h ssherr.h sshbuf.h misc.h servconf.h compat.h pathnames.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h
+servconf.o: kex.h mac.h crypto_api.h match.h channels.h groupaccess.h canohost.h packet.h dispatch.h hostfile.h auth.h auth-pam.h audit.h loginrec.h myproposal.h digest.h
+serverloop.o: cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h hostfile.h auth.h auth-pam.h audit.h loginrec.h session.h auth-options.h serverloop.h
+serverloop.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h packet.h dispatch.h sshbuf.h log.h ssherr.h misc.h servconf.h canohost.h sshpty.h channels.h compat.h ssh2.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
+session.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h sshbuf.h ssherr.h match.h uidswap.h compat.h channels.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h
 session.o: rijndael.h hostfile.h auth.h auth-pam.h audit.h loginrec.h auth-options.h authfd.h pathnames.h log.h misc.h servconf.h sshlogin.h serverloop.h canohost.h session.h kex.h mac.h crypto_api.h monitor_wrap.h sftp.h atomicio.h
-sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
-sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
-sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
-sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sftp.h misc.h xmalloc.h
-sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
-sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h pathnames.h misc.h utf8.h sftp.h ssherr.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
-sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sntrup4591761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
-ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h ssherr.h digest.h ssh-sk.h
-ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h authfd.h compat.h log.h misc.h digest.h ssherr.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h
-ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h
-ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h digest.h
-ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h sshbuf.h sshkey.h ssherr.h ssh.h
-ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssherr.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h
-ssh-keyscan.o: atomicio.h misc.h hostfile.h ssherr.h ssh_api.h ssh2.h dns.h
-ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
-ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h ssherr.h
-ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h misc.h sshkey.h authfd.h ssh-pkcs11.h ssherr.h
-ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h sshkey.h
-ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-sk-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h sshkey.h msg.h digest.h pathnames.h ssh-sk.h misc.h
-ssh-sk-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h sshkey.h authfd.h misc.h sshbuf.h msg.h uidswap.h ssherr.h ssh-sk.h
-ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels.h
-ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h ssherr.h myproposal.h utf8.h
-ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h authfile.h misc.h
-ssh_api.o: version.h myproposal.h ssherr.h sshbuf.h openbsd-compat/openssl-compat.h
-sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
-sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h
-sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
-sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
+sftp-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssherr.h sshbuf.h log.h atomicio.h progressmeter.h misc.h utf8.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
+sftp-common.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssherr.h sshbuf.h log.h misc.h sftp.h sftp-common.h
+sftp-glob.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sftp.h sftp-common.h sftp-client.h openbsd-compat/glob.h
+sftp-realpath.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sftp-server-main.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sftp.h misc.h xmalloc.h
+sftp-server.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshbuf.h ssherr.h log.h misc.h match.h uidswap.h sftp.h sftp-common.h
+sftp.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h pathnames.h misc.h utf8.h sftp.h sshbuf.h sftp-common.h sftp-client.h openbsd-compat/glob.h
+sk-usbhid.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sntrup761.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+srclimit.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h addr.h canohost.h log.h ssherr.h misc.h srclimit.h xmalloc.h
+ssh-add.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h ssh.h log.h ssherr.h sshkey.h sshbuf.h authfd.h authfile.h pathnames.h misc.h digest.h ssh-sk.h sk-api.h
+ssh-agent.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h sshkey.h authfd.h compat.h log.h ssherr.h misc.h digest.h match.h msg.h pathnames.h ssh-pkcs11.h sk-api.h
+ssh-dss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-ecdsa-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h sshbuf.h ssherr.h digest.h sshkey.h
+ssh-ecdsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-ed25519-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h digest.h
+ssh-ed25519.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h log.h ssherr.h sshbuf.h sshkey.h ssh.h
+ssh-keygen.o: cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h
+ssh-keygen.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h sshkey.h authfile.h sshbuf.h pathnames.h log.h ssherr.h misc.h match.h hostfile.h dns.h ssh.h ssh2.h ssh-pkcs11.h atomicio.h krl.h digest.h utf8.h authfd.h sshsig.h ssh-sk.h sk-api.h cipher.h
+ssh-keyscan.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h sshbuf.h sshkey.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h kex.h mac.h crypto_api.h compat.h myproposal.h packet.h dispatch.h log.h
+ssh-keyscan.o: ssherr.h atomicio.h misc.h hostfile.h ssh_api.h ssh2.h dns.h
+ssh-keysign.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h ssh.h ssh2.h misc.h sshbuf.h authfile.h msg.h canohost.h pathnames.h readconf.h uidswap.h
+ssh-pkcs11-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-pkcs11-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h sshbuf.h log.h ssherr.h misc.h sshkey.h authfd.h ssh-pkcs11.h
+ssh-pkcs11.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshkey.h
+ssh-rsa.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-sk-client.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h sshbuf.h sshkey.h msg.h digest.h pathnames.h ssh-sk.h misc.h
+ssh-sk-helper.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h sshkey.h authfd.h misc.h sshbuf.h msg.h uidswap.h ssh-sk.h
+ssh-sk.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+ssh.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/openssl-compat.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h canohost.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h packet.h dispatch.h sshbuf.h channels.h
+ssh.o: sshkey.h authfd.h authfile.h pathnames.h clientloop.h log.h ssherr.h misc.h readconf.h sshconnect.h kex.h mac.h crypto_api.h sshpty.h match.h msg.h version.h myproposal.h utf8.h
+ssh_api.o: authfile.h misc.h version.h myproposal.h sshbuf.h openbsd-compat/openssl-compat.h
+ssh_api.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssh_api.h openbsd-compat/sys-queue.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h ssh.h ssh2.h packet.h dispatch.h compat.h log.h ssherr.h
+sshbuf-getput-basic.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
+sshbuf-getput-crypto.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sshbuf-io.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h atomicio.h
+sshbuf-misc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h
+sshbuf.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ssherr.h sshbuf.h misc.h
 sshconnect.o: authfd.h kex.h mac.h crypto_api.h
-sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h ssherr.h
-sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
-sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h ssherr.h utf8.h ssh-sk.h sk-api.h
-sshd.o: cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h ssherr.h sk-api.h
-sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h
+sshconnect.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h hostfile.h ssh.h sshbuf.h packet.h openbsd-compat/sys-queue.h dispatch.h compat.h sshkey.h sshconnect.h log.h ssherr.h misc.h readconf.h atomicio.h dns.h monitor_fdpass.h ssh2.h version.h authfile.h
+sshconnect2.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshbuf.h packet.h dispatch.h compat.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h sshkey.h kex.h mac.h crypto_api.h
+sshconnect2.o: myproposal.h sshconnect.h authfile.h dh.h authfd.h log.h ssherr.h misc.h readconf.h match.h canohost.h msg.h pathnames.h uidswap.h hostfile.h utf8.h ssh-sk.h sk-api.h
+sshd.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h ./openbsd-compat/sys-tree.h openbsd-compat/sys-queue.h xmalloc.h ssh.h ssh2.h sshpty.h packet.h dispatch.h log.h ssherr.h sshbuf.h misc.h match.h servconf.h uidswap.h compat.h cipher.h cipher-chachapoly.h chacha.h
+sshd.o: poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h kex.h mac.h crypto_api.h myproposal.h authfile.h pathnames.h atomicio.h canohost.h hostfile.h auth.h auth-pam.h audit.h loginrec.h authfd.h msg.h channels.h session.h monitor.h monitor_wrap.h ssh-sandbox.h auth-options.h version.h sk-api.h srclimit.h dh.h
 ssherr.o: ssherr.h
-sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
-sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h
-sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h misc.h
-sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h misc.h sshbuf.h sshsig.h ssherr.h sshkey.h match.h digest.h
-sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
-ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h compat.h sshbuf.h ssherr.h ttymodes.h
-uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h uidswap.h xmalloc.h
-umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
-umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
-utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
-verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
-xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h
-xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
-xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sshkey-xmss.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+sshkey.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h ssh2.h ssherr.h misc.h sshbuf.h cipher.h cipher-chachapoly.h chacha.h poly1305.h cipher-aesctr.h rijndael.h digest.h sshkey.h match.h ssh-sk.h openbsd-compat/openssl-compat.h
+sshlogin.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshlogin.h ssherr.h loginrec.h log.h sshbuf.h misc.h servconf.h openbsd-compat/sys-queue.h
+sshpty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h log.h ssherr.h misc.h
+sshsig.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h authfd.h authfile.h log.h ssherr.h misc.h sshbuf.h sshsig.h sshkey.h match.h digest.h
+sshtty.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h sshpty.h
+ttymodes.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h packet.h openbsd-compat/sys-queue.h dispatch.h log.h ssherr.h compat.h sshbuf.h ttymodes.h
+uidswap.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h log.h ssherr.h uidswap.h xmalloc.h
+umac.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
+umac128.o: umac.c includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h umac.h misc.h rijndael.h
+utf8.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h utf8.h
+verify.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h crypto_api.h
+xmalloc.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h xmalloc.h log.h ssherr.h
+xmss_commons.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+xmss_fast.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+xmss_hash.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+xmss_hash_address.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h
+xmss_wots.o: includes.h config.h defines.h platform.h openbsd-compat/openbsd-compat.h openbsd-compat/base64.h openbsd-compat/sigact.h openbsd-compat/readpassphrase.h openbsd-compat/vis.h openbsd-compat/getrrsetbyname.h openbsd-compat/sha1.h openbsd-compat/sha2.h openbsd-compat/md5.h openbsd-compat/blf.h openbsd-compat/fnmatch.h openbsd-compat/getopt.h openbsd-compat/bsd-signal.h openbsd-compat/bsd-misc.h openbsd-compat/bsd-setres_id.h openbsd-compat/bsd-statvfs.h openbsd-compat/bsd-waitpid.h openbsd-compat/bsd-poll.h openbsd-compat/fake-rfc2553.h openbsd-compat/bsd-cygwin_util.h openbsd-compat/port-aix.h openbsd-compat/port-irix.h openbsd-compat/port-linux.h openbsd-compat/port-solaris.h openbsd-compat/port-net.h openbsd-compat/port-uw.h openbsd-compat/bsd-nextstep.h entropy.h

.github/ci-status.md

diff --git a/.github/ci-status.md b/.github/ci-status.md
new file mode 100644
index 0000000..0ad8bf5
--- /dev/null
+++ b/.github/ci-status.md
@@ -0,0 +1,4 @@
+[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml)
+[![C/C++ CI self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/selfhosted.yml)
+[![Upstream self-hosted](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml/badge.svg)](https://github.com/openssh/openssh-portable-selfhosted/actions/workflows/upstream.yml)
+[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)

.github/configs

diff --git a/.github/configs b/.github/configs
new file mode 100755
index 0000000..12578c0
--- /dev/null
+++ b/.github/configs
@@ -0,0 +1,170 @@
+#!/bin/sh
+#
+# usage: configs vmname test_config (or '' for default)
+#
+# Sets the following variables:
+# CONFIGFLAGS           options to ./configure
+# SSHD_CONFOPTS         sshd_config options
+# TEST_TARGET           make target used when testing.  defaults to "tests".
+# LTESTS
+
+config=$1
+
+TEST_TARGET="tests"
+LTESTS=""
+SKIP_LTESTS=""
+SUDO=sudo	# run with sudo by default
+TEST_SSH_UNSAFE_PERMISSIONS=1
+
+CONFIGFLAGS=""
+LIBCRYPTOFLAGS=""
+
+case "$config" in
+    default|sol64)
+	;;
+    c89)
+	CC="gcc"
+	CFLAGS="-Wall -std=c89 -pedantic -Werror=vla"
+	CONFIGFLAGS="--without-openssl --without-zlib"
+	TEST_TARGET=t-exec
+	;;
+    kitchensink)
+	CONFIGFLAGS="--with-kerberos5 --with-libedit --with-pam"
+	CONFIGFLAGS="${CONFIGFLAGS} --with-security-key-builtin --with-selinux"
+	CONFIGFLAGS="${CONFIGFLAGS} --with-cflags=-DSK_DEBUG"
+	;;
+    hardenedmalloc)
+	CONFIGFLAGS="--with-ldflags=-lhardened_malloc"
+	;;
+    kerberos5)
+	CONFIGFLAGS="--with-kerberos5"
+	;;
+    libedit)
+	CONFIGFLAGS="--with-libedit"
+	;;
+    pam-krb5)
+	CONFIGFLAGS="--with-pam --with-kerberos5"
+	SSHD_CONFOPTS="UsePam yes"
+	;;
+    *pam)
+	CONFIGFLAGS="--with-pam"
+	SSHD_CONFOPTS="UsePam yes"
+	;;
+    libressl-*)
+	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/libressl --with-rpath=-Wl,-rpath,"
+	;;
+    openssl-*)
+	LIBCRYPTOFLAGS="--with-ssl-dir=/opt/openssl --with-rpath=-Wl,-rpath,"
+	;;
+    selinux)
+	CONFIGFLAGS="--with-selinux"
+	;;
+    sk)
+	CONFIGFLAGS="--with-security-key-builtin"
+        ;;
+    without-openssl)
+	LIBCRYPTOFLAGS="--without-openssl"
+	TEST_TARGET=t-exec
+	;;
+    valgrind-[1-4]|valgrind-unit)
+	# rlimit sandbox and FORTIFY_SOURCE confuse Valgrind.
+	CONFIGFLAGS="--without-sandbox --without-hardening"
+	CONFIGFLAGS="$CONFIGFLAGS --with-cppflags=-D_FORTIFY_SOURCE=0"
+	TEST_TARGET="t-exec USE_VALGRIND=1"
+	TEST_SSH_ELAPSED_TIMES=1
+	export TEST_SSH_ELAPSED_TIMES
+	# Valgrind slows things down enough that the agent timeout test
+	# won't reliably pass, and the unit tests run longer than allowed
+	# by github so split into three separate tests.
+	tests2="rekey integrity"
+	tests3="krl forward-control sshsig"
+	tests4="cert-userkey cert-hostkey kextype sftp-perm keygen-comment"
+	case "$config" in
+	    valgrind-1)
+		# All tests except agent-timeout (which is flaky under valgrind)
+		#) and slow ones that run separately to increase parallelism.
+		SKIP_LTESTS="agent-timeout ${tests2} ${tests3} ${tests4}"
+		;;
+	    valgrind-2)
+		LTESTS="${tests2}"
+		;;
+	    valgrind-3)
+		LTESTS="${tests3}"
+		;;
+	    valgrind-4)
+		LTESTS="${tests4}"
+		;;
+	    valgrind-unit)
+		TEST_TARGET="unit USE_VALGRIND=1"
+		;;
+	esac
+	;;
+    *)
+	echo "Unknown configuration $config"
+	exit 1
+	;;
+esac
+
+# The Solaris 64bit targets are special since they need a non-flag arg.
+case "$config" in
+    sol64*)
+	CONFIGFLAGS="x86_64 --with-cflags=-m64 --with-ldflags=-m64 ${CONFIGFLAGS}"
+	LIBCRYPTOFLAGS="--with-ssl-dir=/usr/local/ssl64"
+	;;
+esac
+
+case "${TARGET_HOST}" in
+    dfly58*|dfly60*)
+	# scp 3-way connection hangs on these so skip until sorted.
+	SKIP_LTESTS=scp3
+	;;
+    hurd)
+	SKIP_LTESTS="forwarding multiplex proxy-connect hostkey-agent agent-ptrace"
+	;;
+    minix3)
+	CC="clang"
+	LIBCRYPTOFLAGS="--without-openssl"
+	# Minix does not have a loopback interface so we have to skip any
+	# test that relies on it.
+	TEST_TARGET=t-exec
+	SKIP_LTESTS="addrmatch cfgparse key-options reexec agent connect"
+	SKIP_LTESTS="$SKIP_LTESTS keyscan rekey allow-deny-users connect-uri"
+	SKIP_LTESTS="$SKIP_LTESTS knownhosts-command sftp-uri brokenkeys"
+	SKIP_LTESTS="$SKIP_LTESTS exit-status login-timeout stderr-data"
+	SKIP_LTESTS="$SKIP_LTESTS cfgmatch forward-control multiplex transfer"
+	SKIP_LTESTS="$SKIP_LTESTS cfgmatchlisten forwarding reconfigure"
+	SUDO=""
+	;;
+    nbsd4)
+	# System compiler will ICE on some files with fstack-protector
+	CONFIGFLAGS="${CONFIGFLAGS} --without-hardening"
+	;;
+    sol10|sol11)
+	# sol10 VM is 32bit and the unit tests are slow.
+	# sol11 has 4 test configs so skip unit tests to speed up.
+	TEST_TARGET="tests SKIP_UNIT=1"
+	;;
+    win10)
+	# No sudo on Windows.
+	SUDO=""
+	;;
+esac
+
+# If we have a local openssl/libressl, use that.
+if [ -z "${LIBCRYPTOFLAGS}" ]; then
+	# last-match
+	for i in /usr/local /usr/local/ssl /usr/local/opt/openssl; do
+		if [ -x ${i}/bin/openssl ]; then
+			LIBCRYPTOFLAGS="--with-ssl-dir=${i}"
+		fi
+	done
+fi
+
+CONFIGFLAGS="${CONFIGFLAGS} ${LIBCRYPTOFLAGS}"
+
+if [ -x "$(which plink 2>/dev/null)" ]; then
+	REGRESS_INTEROP_PUTTY=yes
+	export REGRESS_INTEROP_PUTTY
+fi
+
+export CC CFLAGS LTESTS SUDO TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS

.github/configure.sh

diff --git a/.github/configure.sh b/.github/configure.sh
new file mode 100755
index 0000000..e098730
--- /dev/null
+++ b/.github/configure.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+. .github/configs $1
+
+set -x
+./configure ${CONFIGFLAGS}

.github/run_test.sh

diff --git a/.github/run_test.sh b/.github/run_test.sh
new file mode 100755
index 0000000..adf2568
--- /dev/null
+++ b/.github/run_test.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+. .github/configs $1
+
+[ -z "${SUDO}" ] || ${SUDO} mkdir -p /var/empty
+
+set -ex
+
+output_failed_logs() {
+    for i in regress/failed*; do
+        if [ -f "$i" ]; then
+            echo -------------------------------------------------------------------------
+            echo LOGFILE $i
+            cat $i
+            echo -------------------------------------------------------------------------
+        fi
+    done
+}
+trap output_failed_logs 0
+
+if [ -z "${LTESTS}" ]; then
+    make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}"
+else
+    make ${TEST_TARGET} SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}"
+fi
+
+if [ ! -z "${SSHD_CONFOPTS}" ]; then
+    echo "rerunning t-exec with TEST_SSH_SSHD_CONFOPTS='${SSHD_CONFOPTS}'"
+    if [ -z "${LTESTS}" ]; then
+        make t-exec SKIP_LTESTS="${SKIP_LTESTS}" TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}"
+    else
+        make t-exec SKIP_LTESTS="${SKIP_LTESTS}" LTESTS="${LTESTS}" TEST_SSH_SSHD_CONFOPTS="${SSHD_CONFOPTS}"
+    fi
+fi

.github/setup_ci.sh

diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
new file mode 100755
index 0000000..107c049
--- /dev/null
+++ b/.github/setup_ci.sh
@@ -0,0 +1,117 @@
+#!/bin/sh
+
+case $(./config.guess) in
+*-darwin*)
+	brew install automake
+	exit 0
+	;;
+esac
+
+TARGETS=$@
+
+PACKAGES=""
+INSTALL_FIDO_PPA="no"
+export DEBIAN_FRONTEND=noninteractive
+
+#echo "Setting up for '$TARGETS'"
+
+set -ex
+
+lsb_release -a
+
+if [ "${TARGETS}" = "kitchensink" ]; then
+	TARGETS="kerberos5 libedit pam sk selinux"
+fi
+
+for TARGET in $TARGETS; do
+    case $TARGET in
+    default|without-openssl|without-zlib|c89)
+        # nothing to do
+        ;;
+    kerberos5)
+        PACKAGES="$PACKAGES heimdal-dev"
+        #PACKAGES="$PACKAGES libkrb5-dev"
+        ;;
+    libedit)
+        PACKAGES="$PACKAGES libedit-dev"
+        ;;
+    *pam)
+        PACKAGES="$PACKAGES libpam0g-dev"
+        ;;
+    sk)
+        INSTALL_FIDO_PPA="yes"
+        PACKAGES="$PACKAGES libfido2-dev libu2f-host-dev libcbor-dev"
+        ;;
+    selinux)
+        PACKAGES="$PACKAGES libselinux1-dev selinux-policy-dev"
+        ;;
+    hardenedmalloc)
+        INSTALL_HARDENED_MALLOC=yes
+       ;;
+    openssl-noec)
+	INSTALL_OPENSSL=OpenSSL_1_1_1k
+	SSLCONFOPTS="no-ec"
+	;;
+    openssl-*)
+        INSTALL_OPENSSL=$(echo ${TARGET} | cut -f2 -d-)
+        case ${INSTALL_OPENSSL} in
+          1.1.1_stable)	INSTALL_OPENSSL="OpenSSL_1_1_1-stable" ;;
+          1.*)	INSTALL_OPENSSL="OpenSSL_$(echo ${INSTALL_OPENSSL} | tr . _)" ;;
+          3.*)	INSTALL_OPENSSL="openssl-${INSTALL_OPENSSL}" ;;
+        esac
+        PACKAGES="${PACKAGES} putty-tools"
+       ;;
+    libressl-*)
+        INSTALL_LIBRESSL=$(echo ${TARGET} | cut -f2 -d-)
+        case ${INSTALL_LIBRESSL} in
+          master) ;;
+          *) INSTALL_LIBRESSL="v$(echo ${TARGET} | cut -f2 -d-)" ;;
+        esac
+        PACKAGES="${PACKAGES} putty-tools"
+       ;;
+    valgrind*)
+       PACKAGES="$PACKAGES valgrind"
+       ;;
+    *) echo "Invalid option '${TARGET}'"
+        exit 1
+        ;;
+    esac
+done
+
+if [ "yes" = "$INSTALL_FIDO_PPA" ]; then
+    sudo apt update -qq
+    sudo apt install -qy software-properties-common
+    sudo apt-add-repository -y ppa:yubico/stable
+fi
+
+if [ "x" != "x$PACKAGES" ]; then 
+    sudo apt update -qq
+    sudo apt install -qy $PACKAGES
+fi
+
+if [ "${INSTALL_HARDENED_MALLOC}" = "yes" ]; then
+    (cd ${HOME} &&
+     git clone https://github.com/GrapheneOS/hardened_malloc.git &&
+     cd ${HOME}/hardened_malloc &&
+     make -j2 && sudo cp libhardened_malloc.so /usr/lib/)
+fi
+
+if [ ! -z "${INSTALL_OPENSSL}" ]; then
+    (cd ${HOME} &&
+     git clone https://github.com/openssl/openssl.git &&
+     cd ${HOME}/openssl &&
+     git checkout ${INSTALL_OPENSSL} &&
+     ./config no-threads shared ${SSLCONFOPTS} \
+         --prefix=/opt/openssl &&
+     make && sudo make install_sw)
+fi
+
+if [ ! -z "${INSTALL_LIBRESSL}" ]; then
+    (mkdir -p ${HOME}/libressl && cd ${HOME}/libressl &&
+     git clone https://github.com/libressl-portable/portable.git &&
+     cd ${HOME}/libressl/portable &&
+     git checkout ${INSTALL_LIBRESSL} &&
+     sh update.sh && sh autogen.sh &&
+     ./configure --prefix=/opt/libressl &&
+     make -j2 && sudo make install)
+fi

.github/workflows/c-cpp.yml

diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
new file mode 100644
index 0000000..152ddaa
--- /dev/null
+++ b/.github/workflows/c-cpp.yml
@@ -0,0 +1,81 @@
+name: C/C++ CI
+
+on:
+  push:
+    branches: [ master, ci ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  ci:
+    if: github.repository != 'openssh/openssh-portable-selfhosted'
+    strategy:
+      fail-fast: false
+      matrix:
+        # First we test all OSes in the default configuration.
+        os: [ubuntu-20.04, ubuntu-18.04, macos-10.15, macos-11.0]
+        configs: [default]
+        # Then we include any extra configs we want to test for specific VMs.
+        # Valgrind slows things down quite a bit, so start them first.
+        include:
+          - { os: ubuntu-20.04, configs: valgrind-1 }
+          - { os: ubuntu-20.04, configs: valgrind-2 }
+          - { os: ubuntu-20.04, configs: valgrind-3 }
+          - { os: ubuntu-20.04, configs: valgrind-4 }
+          - { os: ubuntu-20.04, configs: valgrind-unit }
+          - { os: ubuntu-20.04, configs: c89 }
+          - { os: ubuntu-20.04, configs: pam }
+          - { os: ubuntu-20.04, configs: kitchensink }
+          - { os: ubuntu-20.04, configs: hardenedmalloc }
+          - { os: ubuntu-latest, configs: libressl-master }
+          - { os: ubuntu-latest, configs: libressl-2.2.9 }
+          - { os: ubuntu-latest, configs: libressl-2.8.3 }
+          - { os: ubuntu-latest, configs: libressl-3.0.2 }
+          - { os: ubuntu-latest, configs: libressl-3.2.6 }
+          - { os: ubuntu-latest, configs: libressl-3.3.4 }
+          - { os: ubuntu-latest, configs: libressl-3.4.0 }
+          - { os: ubuntu-latest, configs: openssl-master }
+          - { os: ubuntu-latest, configs: openssl-noec }
+          - { os: ubuntu-latest, configs: openssl-1.0.1 }
+          - { os: ubuntu-latest, configs: openssl-1.0.1u }
+          - { os: ubuntu-latest, configs: openssl-1.0.2u }
+          - { os: ubuntu-latest, configs: openssl-1.1.0h }
+          - { os: ubuntu-latest, configs: openssl-1.1.1 }
+          - { os: ubuntu-latest, configs: openssl-1.1.1k }
+          - { os: ubuntu-latest, configs: openssl-3.0.0 }
+          - { os: ubuntu-latest, configs: openssl-1.1.1_stable } # stable branch
+          - { os: ubuntu-latest, configs: openssl-3.0 }          # stable branch
+          - { os: ubuntu-18.04, configs: pam }
+          - { os: ubuntu-18.04, configs: kerberos5 }
+          - { os: ubuntu-18.04, configs: libedit }
+          - { os: ubuntu-18.04, configs: sk }
+          - { os: ubuntu-18.04, configs: selinux }
+          - { os: ubuntu-18.04, configs: kitchensink }
+          - { os: ubuntu-18.04, configs: without-openssl }
+          - { os: macos-10.15,  configs: pam }
+          - { os: macos-11.0,   configs: pam }
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: setup CI system
+      run: ./.github/setup_ci.sh ${{ matrix.configs }}
+    - name: autoreconf
+      run: autoreconf
+    - name: configure
+      run: ./.github/configure.sh ${{ matrix.configs }}
+    - name: make
+      run: make -j2
+    - name: make tests
+      run: ./.github/run_test.sh ${{ matrix.configs }}
+      env:
+        TEST_SSH_UNSAFE_PERMISSIONS: 1
+    - name: save logs
+      if: failure()
+      uses: actions/upload-artifact@v2
+      with:
+        name: ${{ matrix.os }}-${{ matrix.configs }}-logs
+        path: |
+          config.h
+          config.log
+          regress/*.log
+          regress/valgrind-out/

.github/workflows/selfhosted.yml

diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml
new file mode 100644
index 0000000..df6eca7
--- /dev/null
+++ b/.github/workflows/selfhosted.yml
@@ -0,0 +1,93 @@
+name: C/C++ CI self-hosted
+
+on:
+  push:
+    branches: [ master, ci ]
+
+jobs:
+  selfhosted:
+    if: github.repository == 'openssh/openssh-portable-selfhosted'
+    runs-on: ${{ matrix.os }}
+    env:
+      TARGET_HOST: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      # We use a matrix in two parts: firstly all of the VMs are tested with the
+      # default config.  "os" corresponds to a label associated with the worker.
+      matrix:
+        os:
+          - ARM64
+          - bbone
+          - dfly30
+          - dfly48
+          - dfly58
+          - dfly60
+          - fbsd6
+          - fbsd10
+          - fbsd12
+          - fbsd13
+          - hurd
+          - minix3
+          # - nbsd2
+          - nbsd3
+          - nbsd4
+          - nbsd8
+          - nbsd9
+          - obsd51
+          - obsd67
+          - obsd68
+          - obsd69
+          - obsdsnap
+          - openindiana
+          # - rocky84
+          - sol10
+          - sol11
+          - win10
+        configs:
+          - default
+        # Then we include any extra configs we want to test for specific VMs.
+        include:
+          - { os: ARM64,  configs: pam }
+          - { os: dfly30, configs: without-openssl}
+          - { os: dfly48, configs: pam }
+          - { os: dfly58, configs: pam }
+          - { os: dfly60, configs: pam }
+          - { os: fbsd6,  configs: pam }
+          - { os: fbsd10, configs: pam }
+          - { os: fbsd12, configs: pam }
+          - { os: fbsd13, configs: pam }
+          - { os: nbsd8,  configs: pam }
+          - { os: nbsd9,  configs: pam }
+          - { os: openindiana, configs: pam }
+          # - { os: rocky84, configs: pam }
+          - { os: sol10,  configs: pam }
+          - { os: sol11,  configs: pam-krb5 }
+          - { os: sol11,  configs: sol64 }
+          # - { os: sol11,  configs: sol64-pam }
+    steps:
+    - uses: actions/checkout@v2
+    - name: autoreconf
+      run: autoreconf
+    - name: shutdown VM if running
+      run: vmshutdown
+    - name: startup VM
+      run: vmstartup
+    - name: configure
+      run: vmrun ./.github/configure.sh ${{ matrix.configs }}
+    - name: make
+      run: vmrun make
+    - name: make tests
+      run: vmrun ./.github/run_test.sh ${{ matrix.configs }}
+    - name: save logs
+      if: failure()
+      uses: actions/upload-artifact@v2
+      with:
+        name: ${{ matrix.os }}-${{ matrix.configs }}-logs
+        path: |
+          config.h
+          config.log
+          regress/*.log
+          regress/valgrind-out/
+    - name: shutdown VM
+      if: always()
+      run: vmshutdown

.github/workflows/upstream.yml

diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml
new file mode 100644
index 0000000..f0493c1
--- /dev/null
+++ b/.github/workflows/upstream.yml
@@ -0,0 +1,43 @@
+name: Upstream self-hosted
+
+on:
+  push:
+    branches: [ master, ci ]
+
+jobs:
+  selfhosted:
+    if: github.repository == 'openssh/openssh-portable-selfhosted'
+    runs-on: ${{ matrix.os }}
+    env:
+      TARGET_HOST: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ obsdsnap, obsdsnap-i386, obsd69, obsd68 ]
+        configs: [ default, without-openssl ]
+    steps:
+    - uses: actions/checkout@v2
+    - name: shutdown VM if running
+      run: vmshutdown
+    - name: startup VM
+      run: vmstartup
+    - name: update source
+      run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh"
+    - name: make clean
+      run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean"
+    - name: make
+      run: vmrun "cd /usr/src/usr.bin/ssh && if test '${{ matrix.configs }}' = 'without-openssl'; then make OPENSSL=no; else make; fi"
+    - name: make install
+      run: vmrun "cd /usr/src/usr.bin/ssh && sudo make install"
+    - name: make tests
+      run: vmrun "cd /usr/src/regress/usr.bin/ssh && make obj && make clean && if test '${{ matrix.configs }}' = 'without-openssl'; then make SUDO=sudo OPENSSL=no; else make SUDO=sudo; fi"
+    - name: save logs
+      if: failure()
+      uses: actions/upload-artifact@v2
+      with:
+        name: ${{ matrix.os }}-${{ matrix.configs }}-logs
+        path: |
+          /usr/obj/regress/usr.bin/ssh/*.log
+    - name: shutdown VM
+      if: always()
+      run: vmshutdown

.gitignore

diff --git a/.gitignore b/.gitignore
index 34a9572..5e4ae5a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,9 +2,11 @@
 buildpkg.sh
 config.h
 config.h.in
+config.h.in~
 config.log
 config.status
 configure
+aclocal.m4
 openbsd-compat/Makefile
 openbsd-compat/regress/Makefile
 openssh.xml
@@ -30,4 +32,5 @@
 ssh-sk-helper
 sshd
 !regress/misc/fuzz-harness/Makefile
+!regress/unittests/sshsig/Makefile
 tags

.skipped-commit-ids

diff --git a/.skipped-commit-ids b/.skipped-commit-ids
index 611d109..1de7817 100644
--- a/.skipped-commit-ids
+++ b/.skipped-commit-ids
@@ -19,6 +19,10 @@
 7b7b619c1452a459310b0cf4391c5757c6bdbc0f	moduli update
 5010ff08f7ad92082e87dde098b20f5c24921a8f	moduli regen script update
 3bcae7a754db3fc5ad3cab63dd46774edb35b8ae	moduli regen script update
+52ff0e3205036147b2499889353ac082e505ea54	moduli update
+07b5031e9f49f2b69ac5e85b8da4fc9e393992a0	Makefile.inc
+cc12a9029833d222043aecd252d654965c351a69	moduli-gen Makefile
+7ac6c252d2a5be8fbad4c66d9d35db507c9dac5b	moduli update
 
 Old upstream tree:
 

Android.bp

diff --git a/Android.bp b/Android.bp
index f48e340..6b016bf 100644
--- a/Android.bp
+++ b/Android.bp
@@ -74,6 +74,7 @@
     defaults: ["ssh_defaults"],
     cflags: ["-DENABLE_SK"],
     srcs: [
+        "addr.c",
         "addrmatch.c",
         "atomicio.c",
         "authfd.c",
@@ -109,7 +110,7 @@
         "kexgen.c",
         "kexgex.c",
         "kexgexc.c",
-        "kexsntrup4591761x25519.c",
+        "kexsntrup761x25519.c",
         "krl.c",
         "log.c",
         "mac.c",
@@ -158,8 +159,8 @@
         "readpass.c",
         "rijndael.c",
         "sc25519.c",
-        "sntrup4591761.c",
         "smult_curve25519_ref.c",
+        "sntrup761.c",
         "ssh-dss.c",
         "ssh-ecdsa.c",
         "ssh-ecdsa-sk.c",
@@ -217,6 +218,9 @@
     defaults: ["ssh_defaults"],
     srcs: [
         "scp.c",
+        "sftp-client.c",
+        "sftp-common.c",
+        "sftp-glob.c",
         "progressmeter.c",
     ],
     shared_libs: ["libssh"],
@@ -264,6 +268,7 @@
         "sftp-common.c",
         "sftp-realpath.c",
         "sftp-server.c",
+        "srclimit.c",
         "sshd.c",
         "sshlogin.c",
         "sshpty.c",

INSTALL

diff --git a/INSTALL b/INSTALL
index 443ff9f..dddd912 100644
--- a/INSTALL
+++ b/INSTALL
@@ -97,11 +97,12 @@
 Autoconf:
 
 If you modify configure.ac or configure doesn't exist (eg if you checked
-the code out of git yourself) then you will need autoconf-2.69 to rebuild
-the automatically generated files by running "autoreconf".  Earlier
-versions may also work but this is not guaranteed.
+the code out of git yourself) then you will need autoconf-2.69 and
+automake-1.16.1 to rebuild the automatically generated files by running
+"autoreconf".  Earlier versions may also work but this is not guaranteed.
 
 http://www.gnu.org/software/autoconf/
+http://www.gnu.org/software/automake/
 
 Basic Security Module (BSM):
 
@@ -120,7 +121,8 @@
 libfido2:
 
 libfido2 allows the use of hardware security keys over USB.  libfido2
-in turn depends on libcbor.
+in turn depends on libcbor.  libfido2 >= 1.5.0 is strongly recommended.
+Limited functionality is possible with earlier libfido2 versions.
 
 https://github.com/Yubico/libfido2
 https://github.com/pjk/libcbor
@@ -221,6 +223,11 @@
 
 --with-ssl-engine enables Libre/OpenSSL's (hardware) ENGINE support
 
+--without-openssl builds without using OpenSSL.  Only a subset of ciphers
+and algorithms are supported in this configuration.
+
+--without-zlib builds without zlib.  This disables the Compression option.
+
 --with-4in6 Check for IPv4 in IPv6 mapped addresses and convert them to
 real (AF_INET) IPv4 addresses. Works around some quirks on Linux.
 
@@ -254,8 +261,8 @@
 (${prefix}/etc or whatever you specified with --sysconfdir during
 configuration).
 
-If you have configured OpenSSH with EGD support, ensure that EGD is
-running and has collected some Entropy.
+If you have configured OpenSSH with EGD/prngd support, ensure that EGD or
+prngd is running and has collected some entropy first.
 
 For more information on configuration, please refer to the manual pages
 for sshd, ssh and ssh-agent.

LICENCE

diff --git a/LICENCE b/LICENCE
index a2278a0..5999c5e 100644
--- a/LICENCE
+++ b/LICENCE
@@ -314,6 +314,68 @@
 	* authorization.                                                           *
 	****************************************************************************/
 
+       The Blowfish cipher implementation is licensed by Niels Provis under
+       a 4-clause BSD license:
+
+         * Blowfish - a fast block cipher designed by Bruce Schneier
+         *
+         * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
+         * All rights reserved.
+         *
+         * Redistribution and use in source and binary forms, with or without
+         * modification, are permitted provided that the following conditions
+         * are met:
+         * 1. Redistributions of source code must retain the above copyright
+         *    notice, this list of conditions and the following disclaimer.
+         * 2. Redistributions in binary form must reproduce the above copyright
+         *    notice, this list of conditions and the following disclaimer in the
+         *    documentation and/or other materials provided with the distribution.
+         * 3. All advertising materials mentioning features or use of this software
+         *    must display the following acknowledgement:
+         *      This product includes software developed by Niels Provos.
+         * 4. The name of the author may not be used to endorse or promote products
+         *    derived from this software without specific prior written permission.
+         *
+         * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+         * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+         * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+         * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+         * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+         * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+         * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+         * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+         * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+         * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+       Some replacement code is licensed by the NetBSD foundation under a
+       2-clause BSD license:
+
+         * Copyright (c) 2001 The NetBSD Foundation, Inc.
+         * All rights reserved.
+         *
+         * This code is derived from software contributed to The NetBSD Foundation
+         * by Todd Vierling.
+         *
+         * Redistribution and use in source and binary forms, with or without
+         * modification, are permitted provided that the following conditions
+         * are met:
+         * 1. Redistributions of source code must retain the above copyright
+         *    notice, this list of conditions and the following disclaimer.
+         * 2. Redistributions in binary form must reproduce the above copyright
+         *    notice, this list of conditions and the following disclaimer in the
+         *    documentation and/or other materials provided with the distribution.
+         *
+         * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+         * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+         * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+         * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+         * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+         * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+         * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+         * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+         * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+         * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+         * POSSIBILITY OF SUCH DAMAGE.
 
 ------
 $OpenBSD: LICENCE,v 1.20 2017/04/30 23:26:16 djm Exp $

METADATA

diff --git a/METADATA b/METADATA
index eef037a..aeee37f 100644
--- a/METADATA
+++ b/METADATA
@@ -11,7 +11,7 @@
     type: GIT
     value: "https://github.com/openssh/openssh-portable"
   }
-  version: "8.3p1"
-  last_upgrade_date { year: 2020 month: 8 day: 20 }
+  version: "8.8p1"
+  last_upgrade_date { year: 2021 month: 10 day: 21 }
   license_type: NOTICE
 }

Makefile.in

diff --git a/Makefile.in b/Makefile.in
index c9e4294..b029384 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -16,6 +16,7 @@
 piddir=@piddir@
 srcdir=@srcdir@
 top_srcdir=@top_srcdir@
+abs_top_srcdir=@abs_top_srcdir@
 
 DESTDIR=
 VPATH=@srcdir@
@@ -49,7 +50,6 @@
 LIBS=@LIBS@
 K5LIBS=@K5LIBS@
 GSSLIBS=@GSSLIBS@
-SSHLIBS=@SSHLIBS@
 SSHDLIBS=@SSHDLIBS@
 LIBEDIT=@LIBEDIT@
 LIBFIDO2=@LIBFIDO2@
@@ -58,7 +58,6 @@
 RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 SED=@SED@
-ENT=@ENT@
 XAUTH_PATH=@XAUTH_PATH@
 LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
 LDFLAGS_NOPIE=-L. -Lopenbsd-compat/ @LDFLAGS_NOPIE@
@@ -97,7 +96,7 @@
 	cipher-ctr.o cleanup.o \
 	compat.o fatal.o hostfile.o \
 	log.o match.o moduli.o nchan.o packet.o \
-	readpass.o ttymodes.o xmalloc.o addrmatch.o \
+	readpass.o ttymodes.o xmalloc.o addr.o addrmatch.o \
 	atomicio.o dispatch.o mac.o misc.o utf8.o \
 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-ecdsa-sk.o \
 	ssh-ed25519-sk.o ssh-rsa.o dh.o \
@@ -108,7 +107,7 @@
 	hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
 	kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \
 	kexgexc.o kexgexs.o \
-	sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \
+	kexsntrup761x25519.o sntrup761.o kexgen.o \
 	sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
 	sshbuf-io.o
 
@@ -127,12 +126,14 @@
 	monitor.o monitor_wrap.o auth-krb5.o \
 	auth2-gss.o gss-serv.o gss-serv-krb5.o \
 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
-	sftp-server.o sftp-common.o \
+	srclimit.o sftp-server.o sftp-common.o \
 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
 	sandbox-solaris.o uidswap.o $(SKOBJS)
 
-SCP_OBJS=	scp.o progressmeter.o
+SFTP_CLIENT_OBJS=sftp-common.o sftp-client.o sftp-glob.o
+
+SCP_OBJS=	scp.o progressmeter.o $(SFTP_CLIENT_OBJS)
 
 SSHADD_OBJS=	ssh-add.o $(SKOBJS)
 
@@ -150,7 +151,7 @@
 
 SFTPSERVER_OBJS=sftp-common.o sftp-server.o sftp-server-main.o
 
-SFTP_OBJS=	sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
+SFTP_OBJS=	sftp.o progressmeter.o $(SFTP_CLIENT_OBJS)
 
 MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out
 MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5
@@ -189,7 +190,7 @@
 $(SSHDOBJS): Makefile.in config.h
 configure-check: $(srcdir)/configure
 
-$(srcdir)/configure: configure.ac aclocal.m4
+$(srcdir)/configure: configure.ac $(srcdir)/m4/*.m4
 	@echo "ERROR: configure is out of date; please run ${AUTORECONF} (and configure)" 1>&2
 	@exit 1
 
@@ -206,7 +207,7 @@
 	$(RANLIB) $@
 
 ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
-	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS)
 
 sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
@@ -236,7 +237,7 @@
 	$(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 
 sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTPSERVER_OBJS)
-	$(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+	$(LD) -o $@ $(SFTPSERVER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
 
 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a $(SFTP_OBJS)
 	$(LD) -o $@ $(SFTP_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
@@ -273,10 +274,8 @@
 	rm -f regress/mkdtemp$(EXEEXT)
 	rm -f regress/unittests/test_helper/*.a
 	rm -f regress/unittests/test_helper/*.o
-	rm -f regress/unittests/sshbuf/*.o
-	rm -f regress/unittests/sshbuf/test_sshbuf$(EXEEXT)
-	rm -f regress/unittests/sshkey/*.o
-	rm -f regress/unittests/sshkey/test_sshkey$(EXEEXT)
+	rm -f regress/unittests/authopt/*.o
+	rm -f regress/unittests/authopt/test_authopt$(EXEEXT)
 	rm -f regress/unittests/bitmap/*.o
 	rm -f regress/unittests/bitmap/test_bitmap$(EXEEXT)
 	rm -f regress/unittests/conversion/*.o
@@ -287,10 +286,16 @@
 	rm -f regress/unittests/kex/test_kex$(EXEEXT)
 	rm -f regress/unittests/match/*.o
 	rm -f regress/unittests/match/test_match$(EXEEXT)
+	rm -f regress/unittests/misc/*.o
+	rm -f regress/unittests/misc/test_misc$(EXEEXT)
+	rm -f regress/unittests/sshbuf/*.o
+	rm -f regress/unittests/sshbuf/test_sshbuf$(EXEEXT)
+	rm -f regress/unittests/sshkey/*.o
+	rm -f regress/unittests/sshkey/test_sshkey$(EXEEXT)
+	rm -f regress/unittests/sshsig/*.o
+	rm -f regress/unittests/sshsig/test_sshsig$(EXEEXT)
 	rm -f regress/unittests/utf8/*.o
 	rm -f regress/unittests/utf8/test_utf8$(EXEEXT)
-	rm -f regress/misc/kexfuzz/*.o
-	rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT)
 	rm -f regress/misc/sk-dummy/*.o
 	rm -f regress/misc/sk-dummy/*.lo
 	rm -f regress/misc/sk-dummy/sk-dummy.so
@@ -306,10 +311,8 @@
 	rm -f regress/mkdtemp
 	rm -f regress/unittests/test_helper/*.a
 	rm -f regress/unittests/test_helper/*.o
-	rm -f regress/unittests/sshbuf/*.o
-	rm -f regress/unittests/sshbuf/test_sshbuf
-	rm -f regress/unittests/sshkey/*.o
-	rm -f regress/unittests/sshkey/test_sshkey
+	rm -f regress/unittests/authopt/*.o
+	rm -f regress/unittests/authopt/test_authopt
 	rm -f regress/unittests/bitmap/*.o
 	rm -f regress/unittests/bitmap/test_bitmap
 	rm -f regress/unittests/conversion/*.o
@@ -320,10 +323,16 @@
 	rm -f regress/unittests/kex/test_kex
 	rm -f regress/unittests/match/*.o
 	rm -f regress/unittests/match/test_match
+	rm -f regress/unittests/misc/*.o
+	rm -f regress/unittests/misc/test_misc
+	rm -f regress/unittests/sshbuf/*.o
+	rm -f regress/unittests/sshbuf/test_sshbuf
+	rm -f regress/unittests/sshkey/*.o
+	rm -f regress/unittests/sshkey/test_sshkey
+	rm -f regress/unittests/sshsig/*.o
+	rm -f regress/unittests/sshsig/test_sshsig
 	rm -f regress/unittests/utf8/*.o
 	rm -f regress/unittests/utf8/test_utf8
-	rm -f regress/misc/kexfuzz/*.o
-	rm -f regress/misc/kexfuzz/kexfuzz$(EXEEXT)
 	(cd openbsd-compat && $(MAKE) distclean)
 	if test -d pkg ; then \
 		rm -fr pkg ; \
@@ -486,15 +495,17 @@
 
 regress-prep:
 	$(MKDIR_P) `pwd`/regress/unittests/test_helper
-	$(MKDIR_P) `pwd`/regress/unittests/sshbuf
-	$(MKDIR_P) `pwd`/regress/unittests/sshkey
+	$(MKDIR_P) `pwd`/regress/unittests/authopt
 	$(MKDIR_P) `pwd`/regress/unittests/bitmap
 	$(MKDIR_P) `pwd`/regress/unittests/conversion
 	$(MKDIR_P) `pwd`/regress/unittests/hostkeys
 	$(MKDIR_P) `pwd`/regress/unittests/kex
 	$(MKDIR_P) `pwd`/regress/unittests/match
+	$(MKDIR_P) `pwd`/regress/unittests/misc
+	$(MKDIR_P) `pwd`/regress/unittests/sshbuf
+	$(MKDIR_P) `pwd`/regress/unittests/sshkey
+	$(MKDIR_P) `pwd`/regress/unittests/sshsig
 	$(MKDIR_P) `pwd`/regress/unittests/utf8
-	$(MKDIR_P) `pwd`/regress/misc/kexfuzz
 	$(MKDIR_P) `pwd`/regress/misc/sk-dummy
 	[ -f `pwd`/regress/Makefile ] || \
 	    ln -s `cd $(srcdir) && pwd`/regress/Makefile `pwd`/regress/Makefile
@@ -559,6 +570,17 @@
 	    regress/unittests/test_helper/libtest_helper.a \
 	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
+UNITTESTS_TEST_SSHSIG_OBJS=\
+	sshsig.o \
+	regress/unittests/sshsig/tests.o \
+	$(SKOBJS)
+
+regress/unittests/sshsig/test_sshsig$(EXEEXT): ${UNITTESTS_TEST_SSHSIG_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHSIG_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
 UNITTESTS_TEST_BITMAP_OBJS=\
 	regress/unittests/bitmap/tests.o
 
@@ -568,6 +590,18 @@
 	    regress/unittests/test_helper/libtest_helper.a \
 	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
+UNITTESTS_TEST_AUTHOPT_OBJS=\
+	regress/unittests/authopt/tests.o \
+	auth-options.o \
+	$(SKOBJS)
+
+regress/unittests/authopt/test_authopt$(EXEEXT): \
+    ${UNITTESTS_TEST_AUTHOPT_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_AUTHOPT_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
 UNITTESTS_TEST_CONVERSION_OBJS=\
 	regress/unittests/conversion/tests.o
 
@@ -611,6 +645,21 @@
 	    regress/unittests/test_helper/libtest_helper.a \
 	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
+UNITTESTS_TEST_MISC_OBJS=\
+	regress/unittests/misc/tests.o \
+	regress/unittests/misc/test_parse.o \
+	regress/unittests/misc/test_expand.o \
+	regress/unittests/misc/test_convtime.o \
+	regress/unittests/misc/test_argv.o \
+	regress/unittests/misc/test_strdelim.o
+
+regress/unittests/misc/test_misc$(EXEEXT): \
+    ${UNITTESTS_TEST_MISC_OBJS} \
+    regress/unittests/test_helper/libtest_helper.a libssh.a
+	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_MISC_OBJS) \
+	    regress/unittests/test_helper/libtest_helper.a \
+	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+
 UNITTESTS_TEST_UTF8_OBJS=\
 	regress/unittests/utf8/tests.o
 
@@ -621,14 +670,6 @@
 	    regress/unittests/test_helper/libtest_helper.a \
 	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
-MISC_KEX_FUZZ_OBJS=\
-	regress/misc/kexfuzz/kexfuzz.o \
-	$(SKOBJS)
-
-regress/misc/kexfuzz/kexfuzz$(EXEEXT): ${MISC_KEX_FUZZ_OBJS} libssh.a
-	$(LD) -o $@ $(LDFLAGS) $(MISC_KEX_FUZZ_OBJS) \
-	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
-
 # These all need to be compiled -fPIC, so they are treated differently.
 SK_DUMMY_OBJS=\
 	regress/misc/sk-dummy/sk-dummy.lo \
@@ -653,15 +694,17 @@
 	$(SK_DUMMY_LIBRARY)
 
 regress-unit-binaries: regress-prep $(REGRESSLIBS) \
-	regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
-	regress/unittests/sshkey/test_sshkey$(EXEEXT) \
+	regress/unittests/authopt/test_authopt$(EXEEXT) \
 	regress/unittests/bitmap/test_bitmap$(EXEEXT) \
 	regress/unittests/conversion/test_conversion$(EXEEXT) \
 	regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
 	regress/unittests/kex/test_kex$(EXEEXT) \
 	regress/unittests/match/test_match$(EXEEXT) \
-	regress/unittests/utf8/test_utf8$(EXEEXT) \
-	regress/misc/kexfuzz/kexfuzz$(EXEEXT)
+	regress/unittests/misc/test_misc$(EXEEXT) \
+	regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
+	regress/unittests/sshkey/test_sshkey$(EXEEXT) \
+	regress/unittests/sshsig/test_sshsig$(EXEEXT) \
+	regress/unittests/utf8/test_utf8$(EXEEXT)
 
 tests:	file-tests t-exec interop-tests unit
 	echo all tests passed
@@ -672,6 +715,7 @@
 	$(MAKE) \
 		.OBJDIR="$${BUILDDIR}/regress" \
 		.CURDIR="`pwd`" \
+		OBJ="$${BUILDDIR}/regress" \
 		$@ && echo $@ tests passed
 
 interop-tests t-exec file-tests: regress-prep regress-binaries $(TARGETS)
@@ -698,6 +742,7 @@
 		TEST_SSH_PKCS11_HELPER="$${BUILDDIR}/ssh-pkcs11-helper" \
 		TEST_SSH_SK_HELPER="$${BUILDDIR}/ssh-sk-helper" \
 		TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server" \
+		TEST_SSH_MODULI_FILE="$(abs_top_srcdir)/moduli" \
 		TEST_SSH_PLINK="plink" \
 		TEST_SSH_PUTTYGEN="puttygen" \
 		TEST_SSH_CONCH="conch" \

PROTOCOL

diff --git a/PROTOCOL b/PROTOCOL
index c702fca..3141cda 100644
--- a/PROTOCOL
+++ b/PROTOCOL
@@ -140,7 +140,7 @@
 NB. due to certain broken SSH implementations aborting upon receipt
 of this message (in contravention of RFC4254 section 5.4), this
 message is only sent to OpenSSH peers (identified by banner).
-Other SSH implementations may be whitelisted to receive this message
+Other SSH implementations may be listed to receive this message
 upon request.
 
 2.2. connection: disallow additional sessions extension
@@ -169,7 +169,7 @@
 NB. due to certain broken SSH implementations aborting upon receipt
 of this message, the no-more-sessions request is only sent to OpenSSH
 servers (identified by banner). Other SSH implementations may be
-whitelisted to receive this message upon request.
+listed to receive this message upon request.
 
 2.3. connection: Tunnel forward extension "tun@openssh.com"
 
@@ -292,6 +292,7 @@
 
 	byte		SSH_MSG_GLOBAL_REQUEST
 	string		"hostkeys-00@openssh.com"
+	char		0 /* want-reply */
 	string[]	hostkeys
 
 Upon receiving this message, a client should check which of the
@@ -465,6 +466,84 @@
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
+3.7. sftp: Extension request "lsetstat@openssh.com"
+
+This request is like the "setstat" command, but sets file attributes on
+symlinks.  It is implemented as a SSH_FXP_EXTENDED request with the
+following format:
+
+	uint32		id
+	string		"lsetstat@openssh.com"
+	string		path
+	ATTRS		attrs
+
+See the "setstat" command for more details.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+3.8. sftp: Extension request "limits@openssh.com"
+
+This request is used to determine various limits the server might impose.
+Clients should not attempt to exceed these limits as the server might sever
+the connection immediately.
+
+	uint32		id
+	string		"limits@openssh.com"
+
+The server will respond with a SSH_FXP_EXTENDED_REPLY reply:
+
+	uint32		id
+	uint64		max-packet-length
+	uint64		max-read-length
+	uint64		max-write-length
+	uint64		max-open-handles
+
+The 'max-packet-length' applies to the total number of bytes in a
+single SFTP packet.  Servers SHOULD set this at least to 34000.
+
+The 'max-read-length' is the largest length in a SSH_FXP_READ packet.
+Even if the client requests a larger size, servers will usually respond
+with a shorter SSH_FXP_DATA packet.  Servers SHOULD set this at least to
+32768.
+
+The 'max-write-length' is the largest length in a SSH_FXP_WRITE packet
+the server will accept.  Servers SHOULD set this at least to 32768.
+
+The 'max-open-handles' is the maximum number of active handles that the
+server allows (e.g. handles created by SSH_FXP_OPEN and SSH_FXP_OPENDIR
+packets).  Servers MAY count internal file handles against this limit
+(e.g. system logging or stdout/stderr), so clients SHOULD NOT expect to
+open this many handles in practice.
+
+If the server doesn't enforce a specific limit, then the field may be
+set to 0.  This implies the server relies on the OS to enforce limits
+(e.g. available memory or file handles), and such limits might be
+dynamic.  The client SHOULD take care to not try to exceed reasonable
+limits.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
+3.9. sftp: Extension request "expand-path@openssh.com"
+
+This request supports canonicalisation of relative paths and
+those that need tilde-expansion, i.e. "~", "~/..." and "~user/..."
+These paths are expanded using shell-like rules and the resultant
+path is canonicalised similarly to SSH2_FXP_REALPATH.
+
+It is implemented as a SSH_FXP_EXTENDED request with the following
+format:
+
+	uint32		id
+	string		"expand-path@openssh.com"
+	string		path
+
+Its reply is the same format as that of SSH2_FXP_REALPATH.
+
+This extension is advertised in the SSH_FXP_VERSION hello with version
+"1".
+
 4. Miscellaneous changes
 
 4.1 Public key format
@@ -496,4 +575,4 @@
 PROTOCOL.mux over a Unix domain socket for communications between a
 master instance and later clients.
 
-$OpenBSD: PROTOCOL,v 1.37 2020/02/21 00:04:43 dtucker Exp $
+$OpenBSD: PROTOCOL,v 1.42 2021/08/09 23:47:44 djm Exp $

PROTOCOL.agent

diff --git a/PROTOCOL.agent b/PROTOCOL.agent
index da33819..ed47146 100644
--- a/PROTOCOL.agent
+++ b/PROTOCOL.agent
@@ -1,5 +1,5 @@
 This file used to contain a description of the SSH agent protocol
-implemented by OpenSSH. It has since been superseded by an Internet-
-draft that is available from:
+implemented by OpenSSH. It has since been superseded by
+https://tools.ietf.org/html/draft-miller-ssh-agent-04
 
-https://tools.ietf.org/html/draft-miller-ssh-agent-02
+$OpenBSD: PROTOCOL.agent,v 1.14 2020/10/06 07:12:04 dtucker Exp $

PROTOCOL.certkeys

diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index 1fce870..68622e6 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -45,7 +45,7 @@
     rsa-sha2-512-cert-v01@openssh.com
 
 These RSA/SHA-2 types should not appear in keys at rest or transmitted
-on their wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms
+on the wire, but do appear in a SSH_MSG_KEXINIT's host-key algorithms
 field or in the "public key algorithm name" field of a "publickey"
 SSH_USERAUTH_REQUEST to indicate that the signature will use the
 specified algorithm.
@@ -159,12 +159,11 @@
 curve and public key are respectively the ECDSA "[identifier]" and "Q"
 defined in section 3.1 of RFC5656.
 
-pk is the encoded Ed25519 public key as defined by
-draft-josefsson-eddsa-ed25519-03.
+pk is the encoded Ed25519 public key as defined by RFC8032.
 
 serial is an optional certificate serial number set by the CA to
 provide an abbreviated way to refer to certificates from that CA.
-If a CA does not wish to number its certificates it must set this
+If a CA does not wish to number its certificates, it must set this
 field to zero.
 
 type specifies whether this certificate is for identification of a user
@@ -217,13 +216,13 @@
 up to, and including the signature key. Signatures are computed and
 encoded according to the rules defined for the CA's public key algorithm
 (RFC4253 section 6.6 for ssh-rsa and ssh-dss, RFC5656 for the ECDSA
-types), and draft-josefsson-eddsa-ed25519-03 for Ed25519.
+types, and RFC8032 for Ed25519).
 
 Critical options
 ----------------
 
 The critical options section of the certificate specifies zero or more
-options on the certificates validity. The format of this field
+options on the certificate's validity. The format of this field
 is a sequence of zero or more tuples:
 
     string       name
@@ -234,7 +233,7 @@
 
 The name field identifies the option and the data field encodes
 option-specific information (see below). All options are
-"critical", if an implementation does not recognise a option
+"critical"; if an implementation does not recognise a option,
 then the validating party should refuse to accept the certificate.
 
 Custom options should append the originating author or organisation's
@@ -256,10 +255,18 @@
                                       for authentication. Addresses are
                                       specified in CIDR format (nn.nn.nn.nn/nn
                                       or hhhh::hhhh/nn).
-                                      If this option is not present then
+                                      If this option is not present, then
                                       certificates may be presented from any
                                       source address.
 
+verify-required         empty         Flag indicating that signatures made
+                                      with this certificate must assert FIDO
+                                      user verification (e.g. PIN or
+                                      biometric). This option only makes sense
+                                      for the U2F/FIDO security key types that
+                                      support this feature in their signature
+                                      formats.
+
 Extensions
 ----------
 
@@ -280,11 +287,11 @@
 
 Name                    Format        Description
 -----------------------------------------------------------------------------
-no-presence-required    empty         Flag indicating that signatures made
+no-touch-required       empty         Flag indicating that signatures made
                                       with this certificate need not assert
-                                      user presence. This option only make
-                                      sense for the U2F/FIDO security key
-                                      types that support this feature in
+                                      FIDO user presence. This option only
+                                      makes sense for the U2F/FIDO security
+                                      key types that support this feature in
                                       their signature formats.
 
 permit-X11-forwarding   empty         Flag indicating that X11 forwarding
@@ -298,7 +305,7 @@
 
 permit-port-forwarding  empty         Flag indicating that port-forwarding
                                       should be allowed. If this option is
-                                      not present then no port forwarding will
+                                      not present, then no port forwarding will
                                       be allowed.
 
 permit-pty              empty         Flag indicating that PTY allocation
@@ -311,4 +318,4 @@
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.17 2019/11/25 00:57:51 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.19 2021/06/05 13:47:00 naddy Exp $

PROTOCOL.key

diff --git a/PROTOCOL.key b/PROTOCOL.key
index 959bd7a..38df268 100644
--- a/PROTOCOL.key
+++ b/PROTOCOL.key
@@ -35,9 +35,9 @@
 
 	uint32	checkint
 	uint32	checkint
-	string	privatekey1
+	byte[]	privatekey1
 	string	comment1
-	string	privatekey2
+	byte[]	privatekey2
 	string	comment2
 	...
 	string	privatekeyN
@@ -48,6 +48,9 @@
 	...
 	char	padlen % 255
 
+where each private key is encoded using the same rules as used for
+SSH agent.
+
 Before the key is encrypted, a random integer is assigned
 to both checkint fields so successful decryption can be
 quickly checked by verifying that both checkint fields
@@ -65,4 +68,4 @@
 are used with empty passphrases. The options if the KDF "none"
 are the empty string.
 
-$OpenBSD: PROTOCOL.key,v 1.1 2013/12/06 13:34:54 markus Exp $
+$OpenBSD: PROTOCOL.key,v 1.2 2021/05/07 02:29:40 djm Exp $

PROTOCOL.sshsig

diff --git a/PROTOCOL.sshsig b/PROTOCOL.sshsig
index 720e1f1..78457dd 100644
--- a/PROTOCOL.sshsig
+++ b/PROTOCOL.sshsig
@@ -71,7 +71,7 @@
 signature algorithm must be "rsa-sha2-512" or "rsa-sha2-256" (i.e.
 not the legacy RSA-SHA1 "ssh-rsa").
 
-This blob is encoded as a string using the RFC4243 encoding
+This blob is encoded as a string using the RFC4253 encoding
 rules and base64 encoded to form the middle part of the
 armored signature.
 
@@ -97,3 +97,4 @@
 The data is concatenated and passed to the SSH signing
 function.
 
+$OpenBSD: PROTOCOL.sshsig,v 1.4 2020/08/31 00:17:41 djm Exp $

PROTOCOL.u2f

diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 917e669..f8ca56b 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -39,6 +39,13 @@
 primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
 standard specifies additional key types, including one based on Ed25519.
 
+Use of U2F security keys does not automatically imply multi-factor
+authentication. From sshd's perspective, a security key constitutes a
+single factor of authentication, even if protected by a PIN or biometric
+authentication.  To enable multi-factor authentication in ssh, please
+refer to the AuthenticationMethods option in sshd_config(5).
+
+
 SSH U2F Key formats
 -------------------
 
@@ -147,6 +154,16 @@
 case, OpenSSH optionally allows retaining the attestation information
 at the time of key generation. It will take the following format:
 
+	string		"ssh-sk-attest-v01"
+	string		attestation certificate
+	string		enrollment signature
+	string		authenticator data (CBOR encoded)
+	uint32		reserved flags
+	string		reserved string
+
+A previous version of this format, emitted prior to OpenSSH 8.4 omitted
+the authenticator data.
+
 	string		"ssh-sk-attest-v00"
 	string		attestation certificate
 	string		enrollment signature
@@ -202,6 +219,32 @@
 	byte		flags
 	uint32		counter
 
+webauthn signatures
+-------------------
+
+The W3C/FIDO webauthn[1] standard defines a mechanism for a web browser to
+interact with FIDO authentication tokens. This standard builds upon the
+FIDO standards, but requires different signature contents to raw FIDO
+messages. OpenSSH supports ECDSA/p256 webauthn signatures through the
+"webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature algorithm.
+
+The wire encoding for a webauthn-sk-ecdsa-sha2-nistp256@openssh.com
+signature is similar to the sk-ecdsa-sha2-nistp256@openssh.com format:
+
+	string		"webauthn-sk-ecdsa-sha2-nistp256@openssh.com"
+	string		ecdsa_signature
+	byte		flags
+	uint32		counter
+	string		origin
+	string		clientData
+	string		extensions
+
+Where "origin" is the HTTP origin making the signature, "clientData" is
+the JSON-like structure signed by the browser and "extensions" are any
+extensions used in making the signature.
+
+[1] https://www.w3.org/TR/webauthn-2/
+
 ssh-agent protocol extensions
 -----------------------------
 
@@ -234,87 +277,15 @@
 loaded middleware libraries to communicate with security keys, but offer
 support for the common case of USB HID security keys internally.
 
-The middleware library need only expose a handful of functions:
-
-	#define SSH_SK_VERSION_MAJOR		0x00050000 /* API version */
-	#define SSH_SK_VERSION_MAJOR_MASK	0xffff0000
-
-	/* Flags */
-	#define SSH_SK_USER_PRESENCE_REQD	0x01
-	#define SSH_SK_USER_VERIFICATION_REQD	0x04
-	#define SSH_SK_RESIDENT_KEY		0x20
-
-	/* Algs */
-	#define SSH_SK_ECDSA                   0x00
-	#define SSH_SK_ED25519                 0x01
-
-	/* Error codes */
-	#define SSH_SK_ERR_GENERAL		-1
-	#define SSH_SK_ERR_UNSUPPORTED		-2
-	#define SSH_SK_ERR_PIN_REQUIRED		-3
-	#define SSH_SK_ERR_DEVICE_NOT_FOUND	-4
-
-	struct sk_enroll_response {
-		uint8_t *public_key;
-		size_t public_key_len;
-		uint8_t *key_handle;
-		size_t key_handle_len;
-		uint8_t *signature;
-		size_t signature_len;
-		uint8_t *attestation_cert;
-		size_t attestation_cert_len;
-	};
-
-	struct sk_sign_response {
-		uint8_t flags;
-		uint32_t counter;
-		uint8_t *sig_r;
-		size_t sig_r_len;
-		uint8_t *sig_s;
-		size_t sig_s_len;
-	};
-
-	struct sk_resident_key {
-		uint32_t alg;
-		size_t slot;
-		char *application;
-		struct sk_enroll_response key;
-	};
-
-	struct sk_option {
-		char *name;
-		char *value;
-		uint8_t important;
-	};
-
-	/* Return the version of the middleware API */
-	uint32_t sk_api_version(void);
-
-	/* Enroll a U2F key (private key generation) */
-	int sk_enroll(uint32_t alg,
-	    const uint8_t *challenge, size_t challenge_len,
-	    const char *application, uint8_t flags, const char *pin,
-	    struct sk_option **options,
-	    struct sk_enroll_response **enroll_response);
-
-	/* Sign a challenge */
-	int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
-	    const char *application,
-	    const uint8_t *key_handle, size_t key_handle_len,
-	    uint8_t flags, const char *pin, struct sk_option **options,
-	    struct sk_sign_response **sign_response);
-
-	/* Enumerate all resident keys */
-	int sk_load_resident_keys(const char *pin, struct sk_option **options,
-	    struct sk_resident_key ***rks, size_t *nrks);
-
-The SSH_SK_VERSION_MAJOR should be incremented for each incompatible
+The middleware library need only expose a handful of functions and
+numbers listed in sk-api.h. Included in the defined numbers is a
+SSH_SK_VERSION_MAJOR that should be incremented for each incompatible
 API change.
 
-The options may be used to pass miscellaneous options to the middleware
-as a NULL-terminated array of pointers to struct sk_option. The middleware
-may ignore unsupported or unknown options unless the "important" flag is
-set, in which case it should return failure if an unsupported option is
+miscellaneous options may be passed to the middleware as a NULL-
+terminated array of pointers to struct sk_option. The middleware may
+ignore unsupported or unknown options unless the "required" flag is set,
+in which case it should return failure if an unsupported option is
 requested.
 
 At present the following options names are supported:
@@ -335,3 +306,4 @@
 ssh-pkcs11-helper to provide address-space containment of the
 middleware from ssh-agent.
 
+$OpenBSD: PROTOCOL.u2f,v 1.26 2020/09/09 03:08:01 djm Exp $

README

diff --git a/README b/README
index cae4c28..329aaed 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
-See https://www.openssh.com/releasenotes.html#8.3p1 for the release notes.
+See https://www.openssh.com/releasenotes.html#8.8p1 for the release notes.
 
 Please read https://www.openssh.com/report.html for bug reporting
 instructions and note that we do not use Github for bug reporting or

README.md

diff --git a/README.md b/README.md
index 28fb43d..de47177 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,6 @@
 # Portable OpenSSH
 
+[![C/C++ CI](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml/badge.svg)](https://github.com/openssh/openssh-portable/actions/workflows/c-cpp.yml)
 [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh)
 
 OpenSSH is a complete implementation of the SSH protocol (version 2) for secure remote login, command execution and file transfer. It includes a client ``ssh`` and server ``sshd``, file transfer utilities ``scp`` and ``sftp`` as well as tools for key generation (``ssh-keygen``), run-time key storage (``ssh-agent``) and a number of supporting programs.
@@ -27,9 +28,13 @@
 
 ### Dependencies
 
-Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers, and [zlib](https://www.zlib.net/). ``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms.
+Portable OpenSSH is built using autoconf and make. It requires a working C compiler, standard library and headers.
 
-FIDO security token support need [libfido2](https://github.com/Yubico/libfido2) and its dependencies. Also, certain platforms and build-time options may require additional dependencies, see README.platform for details.
+``libcrypto`` from either [LibreSSL](https://www.libressl.org/) or [OpenSSL](https://www.openssl.org) may also be used, but OpenSSH may be built without it supporting a subset of crypto algorithms.
+
+[zlib](https://www.zlib.net/) is optional; without it transport compression is not supported.
+
+FIDO security token support needs [libfido2](https://github.com/Yubico/libfido2) and its dependencies. Also, certain platforms and build-time options may require additional dependencies; see README.platform for details.
 
 ### Building a release
 
@@ -43,7 +48,7 @@
 ```
 
 See the [Build-time Customisation](#build-time-customisation) section below for configure options. If you plan on installing OpenSSH to your system, then you will usually want to specify destination paths.
- 
+
 ### Building from git
 
 If building from git, you'll need [autoconf](https://www.gnu.org/software/autoconf/) installed to build the ``configure`` script. The following commands will check out and build portable OpenSSH from git:

README.platform

diff --git a/README.platform b/README.platform
index 9210e07..7b754ba 100644
--- a/README.platform
+++ b/README.platform
@@ -1,19 +1,19 @@
 This file contains notes about OpenSSH on specific platforms.
 
 AIX
----
-As of OpenSSH 3.8p1, sshd will now honour an accounts password expiry
-settings, where previously it did not.  Because of this, it's possible for
-sites that have used OpenSSH's sshd exclusively to have accounts which
-have passwords expired longer than the inactive time (ie the "Weeks between
-password EXPIRATION and LOCKOUT" setting in SMIT or the maxexpired
-chuser attribute).
+
+Beginning with OpenSSH 3.8p1, sshd will honour an account's password
+expiry settings, where prior to that it did not.  Because of this,
+it's possible for sites that have used OpenSSH's sshd exclusively to
+have accounts which have passwords expired longer than the inactive time
+(ie the "Weeks between password EXPIRATION and LOCKOUT" setting in SMIT
+or the maxexpired chuser attribute).
 
 Accounts in this state must have their passwords reset manually by the
 administrator.  As a precaution, it is recommended that the administrative
 passwords be reset before upgrading from OpenSSH <3.8.
 
-As of OpenSSH 4.0, configure will attempt to detect if your version
+As of OpenSSH 4.0p1, configure will attempt to detect if your version
 and maintenance level of AIX has a working getaddrinfo, and will use it
 if found.  This will enable IPv6 support.  If for some reason configure
 gets it wrong, or if you want to build binaries to work on earlier MLs

README.version

diff --git a/README.version b/README.version
index 030d77d..02c1f0a 100644
--- a/README.version
+++ b/README.version
@@ -1,4 +1,4 @@
-URL: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz
-Version: 8.3p1
+URL: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.8p1.tar.gz
+Version: 8.8p1
 BugComponent: 180238
 Owners: adelva, cloud-android-devs

addr.c

diff --git a/addr.c b/addr.c
new file mode 100644
index 0000000..ba0fad4
--- /dev/null
+++ b/addr.c
@@ -0,0 +1,423 @@
+/* $OpenBSD: addr.c,v 1.1 2021/01/09 11:58:50 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <netdb.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "addr.h"
+
+#define _SA(x)	((struct sockaddr *)(x))
+
+int
+addr_unicast_masklen(int af)
+{
+	switch (af) {
+	case AF_INET:
+		return 32;
+	case AF_INET6:
+		return 128;
+	default:
+		return -1;
+	}
+}
+
+static inline int
+masklen_valid(int af, u_int masklen)
+{
+	switch (af) {
+	case AF_INET:
+		return masklen <= 32 ? 0 : -1;
+	case AF_INET6:
+		return masklen <= 128 ? 0 : -1;
+	default:
+		return -1;
+	}
+}
+
+int
+addr_xaddr_to_sa(const struct xaddr *xa, struct sockaddr *sa, socklen_t *len,
+    u_int16_t port)
+{
+	struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
+	struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
+
+	if (xa == NULL || sa == NULL || len == NULL)
+		return -1;
+
+	switch (xa->af) {
+	case AF_INET:
+		if (*len < sizeof(*in4))
+			return -1;
+		memset(sa, '\0', sizeof(*in4));
+		*len = sizeof(*in4);
+#ifdef SOCK_HAS_LEN
+		in4->sin_len = sizeof(*in4);
+#endif
+		in4->sin_family = AF_INET;
+		in4->sin_port = htons(port);
+		memcpy(&in4->sin_addr, &xa->v4, sizeof(in4->sin_addr));
+		break;
+	case AF_INET6:
+		if (*len < sizeof(*in6))
+			return -1;
+		memset(sa, '\0', sizeof(*in6));
+		*len = sizeof(*in6);
+#ifdef SOCK_HAS_LEN
+		in6->sin6_len = sizeof(*in6);
+#endif
+		in6->sin6_family = AF_INET6;
+		in6->sin6_port = htons(port);
+		memcpy(&in6->sin6_addr, &xa->v6, sizeof(in6->sin6_addr));
+#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
+		in6->sin6_scope_id = xa->scope_id;
+#endif
+		break;
+	default:
+		return -1;
+	}
+	return 0;
+}
+
+/*
+ * Convert struct sockaddr to struct xaddr
+ * Returns 0 on success, -1 on failure.
+ */
+int
+addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
+{
+	struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
+	struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
+
+	memset(xa, '\0', sizeof(*xa));
+
+	switch (sa->sa_family) {
+	case AF_INET:
+		if (slen < (socklen_t)sizeof(*in4))
+			return -1;
+		xa->af = AF_INET;
+		memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
+		break;
+	case AF_INET6:
+		if (slen < (socklen_t)sizeof(*in6))
+			return -1;
+		xa->af = AF_INET6;
+		memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
+#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
+		xa->scope_id = in6->sin6_scope_id;
+#endif
+		break;
+	default:
+		return -1;
+	}
+
+	return 0;
+}
+
+int
+addr_invert(struct xaddr *n)
+{
+	int i;
+
+	if (n == NULL)
+		return -1;
+
+	switch (n->af) {
+	case AF_INET:
+		n->v4.s_addr = ~n->v4.s_addr;
+		return 0;
+	case AF_INET6:
+		for (i = 0; i < 4; i++)
+			n->addr32[i] = ~n->addr32[i];
+		return 0;
+	default:
+		return -1;
+	}
+}
+
+/*
+ * Calculate a netmask of length 'l' for address family 'af' and
+ * store it in 'n'.
+ * Returns 0 on success, -1 on failure.
+ */
+int
+addr_netmask(int af, u_int l, struct xaddr *n)
+{
+	int i;
+
+	if (masklen_valid(af, l) != 0 || n == NULL)
+		return -1;
+
+	memset(n, '\0', sizeof(*n));
+	switch (af) {
+	case AF_INET:
+		n->af = AF_INET;
+		if (l == 0)
+			return 0;
+		n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
+		return 0;
+	case AF_INET6:
+		n->af = AF_INET6;
+		for (i = 0; i < 4 && l >= 32; i++, l -= 32)
+			n->addr32[i] = 0xffffffffU;
+		if (i < 4 && l != 0)
+			n->addr32[i] = htonl((0xffffffff << (32 - l)) &
+			    0xffffffff);
+		return 0;
+	default:
+		return -1;
+	}
+}
+
+int
+addr_hostmask(int af, u_int l, struct xaddr *n)
+{
+	if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1)
+		return -1;
+	return 0;
+}
+
+/*
+ * Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
+ * Returns 0 on success, -1 on failure.
+ */
+int
+addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
+{
+	int i;
+
+	if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
+		return -1;
+
+	memcpy(dst, a, sizeof(*dst));
+	switch (a->af) {
+	case AF_INET:
+		dst->v4.s_addr &= b->v4.s_addr;
+		return 0;
+	case AF_INET6:
+		dst->scope_id = a->scope_id;
+		for (i = 0; i < 4; i++)
+			dst->addr32[i] &= b->addr32[i];
+		return 0;
+	default:
+		return -1;
+	}
+}
+
+int
+addr_cmp(const struct xaddr *a, const struct xaddr *b)
+{
+	int i;
+
+	if (a->af != b->af)
+		return (a->af == AF_INET6 ? 1 : -1);
+
+	switch (a->af) {
+	case AF_INET:
+		/*
+		 * Can't just subtract here as 255.255.255.255 - 0.0.0.0 is
+		 * too big to fit into a signed int
+		 */
+		if (a->v4.s_addr == b->v4.s_addr)
+			return 0;
+		return (ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1);
+	case AF_INET6:;
+		/*
+		 * Do this a byte at a time to avoid the above issue and
+		 * any endian problems
+		 */
+		for (i = 0; i < 16; i++)
+			if (a->addr8[i] - b->addr8[i] != 0)
+				return (a->addr8[i] - b->addr8[i]);
+		if (a->scope_id == b->scope_id)
+			return (0);
+		return (a->scope_id > b->scope_id ? 1 : -1);
+	default:
+		return (-1);
+	}
+}
+
+int
+addr_is_all0s(const struct xaddr *a)
+{
+	int i;
+
+	switch (a->af) {
+	case AF_INET:
+		return (a->v4.s_addr == 0 ? 0 : -1);
+	case AF_INET6:;
+		for (i = 0; i < 4; i++)
+			if (a->addr32[i] != 0)
+				return -1;
+		return 0;
+	default:
+		return -1;
+	}
+}
+
+/*
+ * Test whether host portion of address 'a', as determined by 'masklen'
+ * is all zeros.
+ * Returns 0 on if host portion of address is all-zeros,
+ * -1 if not all zeros or on failure.
+ */
+int
+addr_host_is_all0s(const struct xaddr *a, u_int masklen)
+{
+	struct xaddr tmp_addr, tmp_mask, tmp_result;
+
+	memcpy(&tmp_addr, a, sizeof(tmp_addr));
+	if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
+		return -1;
+	if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1)
+		return -1;
+	return addr_is_all0s(&tmp_result);
+}
+
+/*
+ * Parse string address 'p' into 'n'
+ * Returns 0 on success, -1 on failure.
+ */
+int
+addr_pton(const char *p, struct xaddr *n)
+{
+	struct addrinfo hints, *ai;
+
+	memset(&hints, '\0', sizeof(hints));
+	hints.ai_flags = AI_NUMERICHOST;
+
+	if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
+		return -1;
+
+	if (ai == NULL || ai->ai_addr == NULL)
+		return -1;
+
+	if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen,
+	    n) == -1) {
+		freeaddrinfo(ai);
+		return -1;
+	}
+
+	freeaddrinfo(ai);
+	return 0;
+}
+
+int
+addr_sa_pton(const char *h, const char *s, struct sockaddr *sa, socklen_t slen)
+{
+	struct addrinfo hints, *ai;
+
+	memset(&hints, '\0', sizeof(hints));
+	hints.ai_flags = AI_NUMERICHOST;
+
+	if (h == NULL || getaddrinfo(h, s, &hints, &ai) != 0)
+		return -1;
+
+	if (ai == NULL || ai->ai_addr == NULL)
+		return -1;
+
+	if (sa != NULL) {
+		if (slen < ai->ai_addrlen)
+			return -1;
+		memcpy(sa, &ai->ai_addr, ai->ai_addrlen);
+	}
+
+	freeaddrinfo(ai);
+	return 0;
+}
+
+int
+addr_ntop(const struct xaddr *n, char *p, size_t len)
+{
+	struct sockaddr_storage ss;
+	socklen_t slen = sizeof(ss);
+
+	if (addr_xaddr_to_sa(n, _SA(&ss), &slen, 0) == -1)
+		return -1;
+	if (n == NULL || p == NULL || len == 0)
+		return -1;
+	if (getnameinfo(_SA(&ss), slen, p, len, NULL, 0,
+	    NI_NUMERICHOST) == -1)
+		return -1;
+
+	return 0;
+}
+
+/*
+ * Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z).
+ * Return -1 on parse error, -2 on inconsistency or 0 on success.
+ */
+int
+addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
+{
+	struct xaddr tmp;
+	long unsigned int masklen = 999;
+	char addrbuf[64], *mp, *cp;
+
+	/* Don't modify argument */
+	if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
+		return -1;
+
+	if ((mp = strchr(addrbuf, '/')) != NULL) {
+		*mp = '\0';
+		mp++;
+		masklen = strtoul(mp, &cp, 10);
+		if (*mp == '\0' || *cp != '\0' || masklen > 128)
+			return -1;
+	}
+
+	if (addr_pton(addrbuf, &tmp) == -1)
+		return -1;
+
+	if (mp == NULL)
+		masklen = addr_unicast_masklen(tmp.af);
+	if (masklen_valid(tmp.af, masklen) == -1)
+		return -2;
+	if (addr_host_is_all0s(&tmp, masklen) != 0)
+		return -2;
+
+	if (n != NULL)
+		memcpy(n, &tmp, sizeof(*n));
+	if (l != NULL)
+		*l = masklen;
+
+	return 0;
+}
+
+int
+addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen)
+{
+	struct xaddr tmp_mask, tmp_result;
+
+	if (host->af != net->af)
+		return -1;
+
+	if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
+		return -1;
+	if (addr_and(&tmp_result, host, &tmp_mask) == -1)
+		return -1;
+	return addr_cmp(&tmp_result, net);
+}

addr.h

diff --git a/addr.h b/addr.h
new file mode 100644
index 0000000..5eff026
--- /dev/null
+++ b/addr.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2004,2005 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* Address handling routines */
+
+#ifndef _ADDR_H
+#define _ADDR_H
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+struct xaddr {
+	sa_family_t	af;
+	union {
+		struct in_addr		v4;
+		struct in6_addr		v6;
+		u_int8_t		addr8[16];
+		u_int16_t		addr16[8];
+		u_int32_t		addr32[4];
+	} xa;		    /* 128-bit address */
+	u_int32_t	scope_id;	/* iface scope id for v6 */
+#define v4	xa.v4
+#define v6	xa.v6
+#define addr8	xa.addr8
+#define addr16	xa.addr16
+#define addr32	xa.addr32
+};
+
+int addr_unicast_masklen(int af);
+int addr_xaddr_to_sa(const struct xaddr *xa, struct sockaddr *sa,
+    socklen_t *len, u_int16_t port);
+int addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa);
+int addr_netmask(int af, u_int l, struct xaddr *n);
+int addr_hostmask(int af, u_int l, struct xaddr *n);
+int addr_invert(struct xaddr *n);
+int addr_pton(const char *p, struct xaddr *n);
+int addr_sa_pton(const char *h, const char *s, struct sockaddr *sa,
+    socklen_t slen);
+int addr_pton_cidr(const char *p, struct xaddr *n, u_int *l);
+int addr_ntop(const struct xaddr *n, char *p, size_t len);
+int addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b);
+int addr_cmp(const struct xaddr *a, const struct xaddr *b);
+int addr_is_all0s(const struct xaddr *n);
+int addr_host_is_all0s(const struct xaddr *n, u_int masklen);
+int addr_netmatch(const struct xaddr *host, const struct xaddr *net,
+    u_int masklen);
+#endif /* _ADDR_H */

addrmatch.c

diff --git a/addrmatch.c b/addrmatch.c
index 5a402d0..b0dc096 100644
--- a/addrmatch.c
+++ b/addrmatch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: addrmatch.c,v 1.14 2018/07/31 03:07:24 djm Exp $ */
+/*	$OpenBSD: addrmatch.c,v 1.17 2021/04/03 06:18:40 djm Exp $ */
 
 /*
  * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org>
@@ -29,337 +29,10 @@
 #include <stdio.h>
 #include <stdarg.h>
 
+#include "addr.h"
 #include "match.h"
 #include "log.h"
 
-struct xaddr {
-	sa_family_t	af;
-	union {
-		struct in_addr		v4;
-		struct in6_addr		v6;
-		u_int8_t		addr8[16];
-		u_int32_t		addr32[4];
-	} xa;		    /* 128-bit address */
-	u_int32_t	scope_id;	/* iface scope id for v6 */
-#define v4	xa.v4
-#define v6	xa.v6
-#define addr8	xa.addr8
-#define addr32	xa.addr32
-};
-
-static int
-addr_unicast_masklen(int af)
-{
-	switch (af) {
-	case AF_INET:
-		return 32;
-	case AF_INET6:
-		return 128;
-	default:
-		return -1;
-	}
-}
-
-static inline int
-masklen_valid(int af, u_int masklen)
-{
-	switch (af) {
-	case AF_INET:
-		return masklen <= 32 ? 0 : -1;
-	case AF_INET6:
-		return masklen <= 128 ? 0 : -1;
-	default:
-		return -1;
-	}
-}
-
-/*
- * Convert struct sockaddr to struct xaddr
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_sa_to_xaddr(struct sockaddr *sa, socklen_t slen, struct xaddr *xa)
-{
-	struct sockaddr_in *in4 = (struct sockaddr_in *)sa;
-	struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)sa;
-
-	memset(xa, '\0', sizeof(*xa));
-
-	switch (sa->sa_family) {
-	case AF_INET:
-		if (slen < (socklen_t)sizeof(*in4))
-			return -1;
-		xa->af = AF_INET;
-		memcpy(&xa->v4, &in4->sin_addr, sizeof(xa->v4));
-		break;
-	case AF_INET6:
-		if (slen < (socklen_t)sizeof(*in6))
-			return -1;
-		xa->af = AF_INET6;
-		memcpy(&xa->v6, &in6->sin6_addr, sizeof(xa->v6));
-#ifdef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
-		xa->scope_id = in6->sin6_scope_id;
-#endif
-		break;
-	default:
-		return -1;
-	}
-
-	return 0;
-}
-
-/*
- * Calculate a netmask of length 'l' for address family 'af' and
- * store it in 'n'.
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_netmask(int af, u_int l, struct xaddr *n)
-{
-	int i;
-
-	if (masklen_valid(af, l) != 0 || n == NULL)
-		return -1;
-
-	memset(n, '\0', sizeof(*n));
-	switch (af) {
-	case AF_INET:
-		n->af = AF_INET;
-		if (l == 0)
-			return 0;
-		n->v4.s_addr = htonl((0xffffffff << (32 - l)) & 0xffffffff);
-		return 0;
-	case AF_INET6:
-		n->af = AF_INET6;
-		for (i = 0; i < 4 && l >= 32; i++, l -= 32)
-			n->addr32[i] = 0xffffffffU;
-		if (i < 4 && l != 0)
-			n->addr32[i] = htonl((0xffffffff << (32 - l)) &
-			    0xffffffff);
-		return 0;
-	default:
-		return -1;
-	}
-}
-
-/*
- * Perform logical AND of addresses 'a' and 'b', storing result in 'dst'.
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_and(struct xaddr *dst, const struct xaddr *a, const struct xaddr *b)
-{
-	int i;
-
-	if (dst == NULL || a == NULL || b == NULL || a->af != b->af)
-		return -1;
-
-	memcpy(dst, a, sizeof(*dst));
-	switch (a->af) {
-	case AF_INET:
-		dst->v4.s_addr &= b->v4.s_addr;
-		return 0;
-	case AF_INET6:
-		dst->scope_id = a->scope_id;
-		for (i = 0; i < 4; i++)
-			dst->addr32[i] &= b->addr32[i];
-		return 0;
-	default:
-		return -1;
-	}
-}
-
-/*
- * Compare addresses 'a' and 'b'
- * Return 0 if addresses are identical, -1 if (a < b) or 1 if (a > b)
- */
-static int
-addr_cmp(const struct xaddr *a, const struct xaddr *b)
-{
-	int i;
-
-	if (a->af != b->af)
-		return a->af == AF_INET6 ? 1 : -1;
-
-	switch (a->af) {
-	case AF_INET:
-		if (a->v4.s_addr == b->v4.s_addr)
-			return 0;
-		return ntohl(a->v4.s_addr) > ntohl(b->v4.s_addr) ? 1 : -1;
-	case AF_INET6:
-		for (i = 0; i < 16; i++)
-			if (a->addr8[i] - b->addr8[i] != 0)
-				return a->addr8[i] > b->addr8[i] ? 1 : -1;
-		if (a->scope_id == b->scope_id)
-			return 0;
-		return a->scope_id > b->scope_id ? 1 : -1;
-	default:
-		return -1;
-	}
-}
-
-/*
- * Parse string address 'p' into 'n'
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_pton(const char *p, struct xaddr *n)
-{
-	struct addrinfo hints, *ai = NULL;
-	int ret = -1;
-
-	memset(&hints, '\0', sizeof(hints));
-	hints.ai_flags = AI_NUMERICHOST;
-
-	if (p == NULL || getaddrinfo(p, NULL, &hints, &ai) != 0)
-		goto out;
-	if (ai == NULL || ai->ai_addr == NULL)
-		goto out;
-	if (n != NULL && addr_sa_to_xaddr(ai->ai_addr, ai->ai_addrlen, n) == -1)
-		goto out;
-	/* success */
-	ret = 0;
- out:
-	if (ai != NULL)
-		freeaddrinfo(ai);
-	return ret;
-}
-
-/*
- * Perform bitwise negation of address
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_invert(struct xaddr *n)
-{
-	int i;
-
-	if (n == NULL)
-		return (-1);
-
-	switch (n->af) {
-	case AF_INET:
-		n->v4.s_addr = ~n->v4.s_addr;
-		return (0);
-	case AF_INET6:
-		for (i = 0; i < 4; i++)
-			n->addr32[i] = ~n->addr32[i];
-		return (0);
-	default:
-		return (-1);
-	}
-}
-
-/*
- * Calculate a netmask of length 'l' for address family 'af' and
- * store it in 'n'.
- * Returns 0 on success, -1 on failure.
- */
-static int
-addr_hostmask(int af, u_int l, struct xaddr *n)
-{
-	if (addr_netmask(af, l, n) == -1 || addr_invert(n) == -1)
-		return (-1);
-	return (0);
-}
-
-/*
- * Test whether address 'a' is all zeros (i.e. 0.0.0.0 or ::)
- * Returns 0 on if address is all-zeros, -1 if not all zeros or on failure.
- */
-static int
-addr_is_all0s(const struct xaddr *a)
-{
-	int i;
-
-	switch (a->af) {
-	case AF_INET:
-		return (a->v4.s_addr == 0 ? 0 : -1);
-	case AF_INET6:;
-		for (i = 0; i < 4; i++)
-			if (a->addr32[i] != 0)
-				return (-1);
-		return (0);
-	default:
-		return (-1);
-	}
-}
-
-/*
- * Test whether host portion of address 'a', as determined by 'masklen'
- * is all zeros.
- * Returns 0 on if host portion of address is all-zeros,
- * -1 if not all zeros or on failure.
- */
-static int
-addr_host_is_all0s(const struct xaddr *a, u_int masklen)
-{
-	struct xaddr tmp_addr, tmp_mask, tmp_result;
-
-	memcpy(&tmp_addr, a, sizeof(tmp_addr));
-	if (addr_hostmask(a->af, masklen, &tmp_mask) == -1)
-		return (-1);
-	if (addr_and(&tmp_result, &tmp_addr, &tmp_mask) == -1)
-		return (-1);
-	return (addr_is_all0s(&tmp_result));
-}
-
-/*
- * Parse a CIDR address (x.x.x.x/y or xxxx:yyyy::/z).
- * Return -1 on parse error, -2 on inconsistency or 0 on success.
- */
-static int
-addr_pton_cidr(const char *p, struct xaddr *n, u_int *l)
-{
-	struct xaddr tmp;
-	long unsigned int masklen = 999;
-	char addrbuf[64], *mp, *cp;
-
-	/* Don't modify argument */
-	if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf))
-		return -1;
-
-	if ((mp = strchr(addrbuf, '/')) != NULL) {
-		*mp = '\0';
-		mp++;
-		masklen = strtoul(mp, &cp, 10);
-		if (*mp == '\0' || *cp != '\0' || masklen > 128)
-			return -1;
-	}
-
-	if (addr_pton(addrbuf, &tmp) == -1)
-		return -1;
-
-	if (mp == NULL)
-		masklen = addr_unicast_masklen(tmp.af);
-	if (masklen_valid(tmp.af, masklen) == -1)
-		return -2;
-	if (addr_host_is_all0s(&tmp, masklen) != 0)
-		return -2;
-
-	if (n != NULL)
-		memcpy(n, &tmp, sizeof(*n));
-	if (l != NULL)
-		*l = masklen;
-
-	return 0;
-}
-
-static int
-addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen)
-{
-	struct xaddr tmp_mask, tmp_result;
-
-	if (host->af != net->af)
-		return -1;
-
-	if (addr_netmask(host->af, masklen, &tmp_mask) == -1)
-		return -1;
-	if (addr_and(&tmp_result, host, &tmp_mask) == -1)
-		return -1;
-	return addr_cmp(&tmp_result, net);
-}
-
 /*
  * Match "addr" against list pattern list "_list", which may contain a
  * mix of CIDR addresses and old-school wildcards.
@@ -381,7 +54,7 @@
 	int ret = 0, r;
 
 	if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
-		debug2("%s: couldn't parse address %.100s", __func__, addr);
+		debug2_f("couldn't parse address %.100s", addr);
 		return 0;
 	}
 	if ((o = list = strdup(_list)) == NULL)
@@ -397,13 +70,13 @@
 		/* Prefer CIDR address matching */
 		r = addr_pton_cidr(cp, &match_addr, &masklen);
 		if (r == -2) {
-			debug2("%s: inconsistent mask length for "
-			    "match network \"%.100s\"", __func__, cp);
+			debug2_f("inconsistent mask length for "
+			    "match network \"%.100s\"", cp);
 			ret = -2;
 			break;
 		} else if (r == 0) {
 			if (addr != NULL && addr_netmatch(&try_addr,
-                           &match_addr, masklen) == 0) {
+			    &match_addr, masklen) == 0) {
  foundit:
 				if (neg) {
 					ret = -1;
@@ -441,15 +114,14 @@
 	int ret = 0, r;
 
 	if (addr != NULL && addr_pton(addr, &try_addr) != 0) {
-		debug2("%s: couldn't parse address %.100s", __func__, addr);
+		debug2_f("couldn't parse address %.100s", addr);
 		return 0;
 	}
 	if ((o = list = strdup(_list)) == NULL)
 		return -1;
 	while ((cp = strsep(&list, ",")) != NULL) {
 		if (*cp == '\0') {
-			error("%s: empty entry in list \"%.100s\"",
-			    __func__, o);
+			error_f("empty entry in list \"%.100s\"", o);
 			ret = -1;
 			break;
 		}
@@ -462,15 +134,14 @@
 
 		/* Stop junk from reaching getaddrinfo. +3 is for masklen */
 		if (strlen(cp) > INET6_ADDRSTRLEN + 3) {
-			error("%s: list entry \"%.100s\" too long",
-			    __func__, cp);
+			error_f("list entry \"%.100s\" too long", cp);
 			ret = -1;
 			break;
 		}
 #define VALID_CIDR_CHARS "0123456789abcdefABCDEF.:/"
 		if (strspn(cp, VALID_CIDR_CHARS) != strlen(cp)) {
-			error("%s: list entry \"%.100s\" contains invalid "
-			    "characters", __func__, cp);
+			error_f("list entry \"%.100s\" contains invalid "
+			    "characters", cp);
 			ret = -1;
 		}
 

audit-bsm.c

diff --git a/audit-bsm.c b/audit-bsm.c
index 0ba16c7..ccfcf6f 100644
--- a/audit-bsm.c
+++ b/audit-bsm.c
@@ -129,7 +129,7 @@
  * getaudit_addr() is only present on IPv6 capable machines.
  */
 #if defined(HAVE_AUG_GET_MACHINE) || !defined(HAVE_GETAUDIT_ADDR)
-extern int 	aug_get_machine(char *, u_int32_t *, u_int32_t *);
+extern int aug_get_machine(char *, u_int32_t *, u_int32_t *);
 #else
 static int
 aug_get_machine(char *host, u_int32_t *addr, u_int32_t *type)
@@ -183,41 +183,41 @@
 	scf_value_t *value = NULL;
 	int ret = 0;
 
+	/*
+	 * The man page for getacna on Solaris 10 states we should return -2
+	 * in case of error and set errno to indicate the error. We don't
+	 * bother with errno here, though, since the only use of this function
+	 * below doesn't check for errors anyway.
+	*/
 	handle = scf_handle_create(SCF_VERSION);
 	if (handle == NULL) 
-	        return -2; /* The man page for getacna on Solaris 10 states
-			      we should return -2 in case of error and set
-			      errno to indicate the error. We don't bother
-			      with errno here, though, since the only use
-			      of this function below doesn't check for errors
-			      anyway. 
-			   */
+		return -2;
 
 	ret = scf_handle_bind(handle);
 	if (ret == -1) 
-	        return -2;
+		return -2;
 
 	property = scf_property_create(handle);
 	if (property == NULL) 
-	        return -2;
+		return -2;
 
 	ret = scf_handle_decode_fmri(handle, 
-	     "svc:/system/auditd:default/:properties/preselection/naflags",
-				     NULL, NULL, NULL, NULL, property, 0);
+	    "svc:/system/auditd:default/:properties/preselection/naflags",
+	    NULL, NULL, NULL, NULL, property, 0);
 	if (ret == -1) 
-	        return -2;
+		return -2;
 
 	value = scf_value_create(handle);
 	if (value == NULL) 
-	        return -2;
+		return -2;
 
 	ret = scf_property_get_value(property, value);
 	if (ret == -1) 
-	        return -2;
+		return -2;
 
 	ret = scf_value_get_astring(value, auditstring, len);
 	if (ret == -1) 
-	        return -2;
+		return -2;
 
 	scf_value_destroy(value);
 	scf_property_destroy(property);
@@ -280,9 +280,10 @@
 	(void) au_write(ad, AUToReturnFunc(typ, rc));
 
 #ifdef BROKEN_BSM_API
-	/* The last argument is the event modifier flags. For
-	   some seemingly undocumented reason it was added in
-	   Solaris 11. */
+	/*
+	 * The last argument is the event modifier flags. For some seemingly
+	 * undocumented reason it was added in Solaris 11.
+	 */
 	rc = au_close(ad, AU_TO_WRITE, event_no, 0);
 #else
 	rc = au_close(ad, AU_TO_WRITE, event_no);

auth-krb5.c

diff --git a/auth-krb5.c b/auth-krb5.c
index 3096f1c..c99e4e4 100644
--- a/auth-krb5.c
+++ b/auth-krb5.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-krb5.c,v 1.23 2018/07/09 21:35:50 markus Exp $ */
+/* $OpenBSD: auth-krb5.c,v 1.24 2021/04/03 06:18:40 djm Exp $ */
 /*
  *    Kerberos v5 authentication and ticket-passing routines.
  *
@@ -99,7 +99,7 @@
 #ifdef HEIMDAL
 # ifdef HAVE_KRB5_CC_NEW_UNIQUE
 	problem = krb5_cc_new_unique(authctxt->krb5_ctx,
-	     krb5_mcc_ops.prefix, NULL, &ccache);
+	    krb5_mcc_ops.prefix, NULL, &ccache);
 # else
 	problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, &ccache);
 # endif
@@ -123,7 +123,7 @@
 
 # ifdef HAVE_KRB5_CC_NEW_UNIQUE
 	problem = krb5_cc_new_unique(authctxt->krb5_ctx,
-	     krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
+	    krb5_fcc_ops.prefix, NULL, &authctxt->krb5_fwd_ccache);
 # else
 	problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
 	    &authctxt->krb5_fwd_ccache);
@@ -163,17 +163,18 @@
 		goto out;
 	}
 
-	problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
+	problem = ssh_krb5_cc_gen(authctxt->krb5_ctx,
+	    &authctxt->krb5_fwd_ccache);
 	if (problem)
 		goto out;
 
-	problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
-				     authctxt->krb5_user);
+	problem = krb5_cc_initialize(authctxt->krb5_ctx,
+	    authctxt->krb5_fwd_ccache, authctxt->krb5_user);
 	if (problem)
 		goto out;
 
-	problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache,
-				 &creds);
+	problem = krb5_cc_store_cred(authctxt->krb5_ctx,
+	    authctxt->krb5_fwd_ccache, &creds);
 	if (problem)
 		goto out;
 #endif
@@ -202,7 +203,7 @@
 		if (authctxt->krb5_ctx != NULL && problem!=-1) {
 			errmsg = krb5_get_error_message(authctxt->krb5_ctx,
 			    problem);
- 			debug("Kerberos password authentication failed: %s",
+			debug("Kerberos password authentication failed: %s",
 			    errmsg);
 			krb5_free_error_message(authctxt->krb5_ctx, errmsg);
 		} else

auth-options.c

diff --git a/auth-options.c b/auth-options.c
index 696ba6a..335f032 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.92 2020/03/06 18:15:38 markus Exp $ */
+/* $OpenBSD: auth-options.c,v 1.97 2021/07/24 01:55:19 djm Exp $ */
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
  *
@@ -79,7 +79,7 @@
 	int r, ret = -1, found;
 
 	if ((c = sshbuf_fromb(oblob)) == NULL) {
-		error("%s: sshbuf_fromb failed", __func__);
+		error_f("sshbuf_fromb failed");
 		goto out;
 	}
 
@@ -88,8 +88,7 @@
 		data = NULL;
 		if ((r = sshbuf_get_cstring(c, &name, NULL)) != 0 ||
 		    (r = sshbuf_froms(c, &data)) != 0) {
-			error("Unable to parse certificate options: %s",
-			    ssh_err(r));
+			error_r(r, "Unable to parse certificate options");
 			goto out;
 		}
 		debug3("found certificate option \"%.100s\" len %zu",
@@ -119,11 +118,14 @@
 			}
 		}
 		if (!found && (which & OPTIONS_CRITICAL) != 0) {
-			if (strcmp(name, "force-command") == 0) {
+			if (strcmp(name, "verify-required") == 0) {
+				opts->require_verify = 1;
+				found = 1;
+			} else if (strcmp(name, "force-command") == 0) {
 				if ((r = sshbuf_get_cstring(data, &command,
 				    NULL)) != 0) {
-					error("Unable to parse \"%s\" "
-					    "section: %s", name, ssh_err(r));
+					error_r(r, "Unable to parse \"%s\" "
+					    "section", name);
 					goto out;
 				}
 				if (opts->force_command != NULL) {
@@ -134,12 +136,11 @@
 				}
 				opts->force_command = command;
 				found = 1;
-			}
-			if (strcmp(name, "source-address") == 0) {
+			} else if (strcmp(name, "source-address") == 0) {
 				if ((r = sshbuf_get_cstring(data, &allowed,
 				    NULL)) != 0) {
-					error("Unable to parse \"%s\" "
-					    "section: %s", name, ssh_err(r));
+					error_r(r, "Unable to parse \"%s\" "
+					    "section", name);
 					goto out;
 				}
 				if (opts->required_from_host_cert != NULL) {
@@ -323,6 +324,7 @@
 	struct sshauthopt *ret = NULL;
 	const char *errstr = "unknown error";
 	uint64_t valid_before;
+	size_t i, l;
 
 	if (errstrp != NULL)
 		*errstrp = NULL;
@@ -351,6 +353,8 @@
 			ret->permit_x11_forwarding_flag = r == 1;
 		} else if ((r = opt_flag("touch-required", 1, &opts)) != -1) {
 			ret->no_require_user_presence = r != 1; /* NB. flip */
+		} else if ((r = opt_flag("verify-required", 1, &opts)) != -1) {
+			ret->require_verify = r == 1;
 		} else if ((r = opt_flag("pty", 1, &opts)) != -1) {
 			ret->permit_pty_flag = r == 1;
 		} else if ((r = opt_flag("user-rc", 1, &opts)) != -1) {
@@ -394,7 +398,7 @@
 			    valid_before < ret->valid_before)
 				ret->valid_before = valid_before;
 		} else if (opt_match(&opts, "environment")) {
-			if (ret->nenv > INT_MAX) {
+			if (ret->nenv > SSH_AUTHOPT_ENV_MAX) {
 				errstr = "too many environment strings";
 				goto fail;
 			}
@@ -406,25 +410,41 @@
 				errstr = "invalid environment string";
 				goto fail;
 			}
-			if ((cp = strdup(opt)) == NULL)
+			if ((cp = strdup(opt)) == NULL) {
+				free(opt);
 				goto alloc_fail;
-			cp[tmp - opt] = '\0'; /* truncate at '=' */
+			}
+			l = (size_t)(tmp - opt);
+			cp[l] = '\0'; /* truncate at '=' */
 			if (!valid_env_name(cp)) {
 				free(cp);
 				free(opt);
 				errstr = "invalid environment string";
 				goto fail;
 			}
-			free(cp);
-			/* Append it. */
-			oarray = ret->env;
-			if ((ret->env = recallocarray(ret->env, ret->nenv,
-			    ret->nenv + 1, sizeof(*ret->env))) == NULL) {
-				free(opt);
-				ret->env = oarray; /* put it back for cleanup */
-				goto alloc_fail;
+			/* Check for duplicates; XXX O(n*log(n)) */
+			for (i = 0; i < ret->nenv; i++) {
+				if (strncmp(ret->env[i], cp, l) == 0 &&
+				    ret->env[i][l] == '=')
+					break;
 			}
-			ret->env[ret->nenv++] = opt;
+			free(cp);
+			/* First match wins */
+			if (i >= ret->nenv) {
+				/* Append it. */
+				oarray = ret->env;
+				if ((ret->env = recallocarray(ret->env,
+				    ret->nenv, ret->nenv + 1,
+				    sizeof(*ret->env))) == NULL) {
+					free(opt);
+					/* put it back for cleanup */
+					ret->env = oarray;
+					goto alloc_fail;
+				}
+				ret->env[ret->nenv++] = opt;
+				opt = NULL; /* transferred */
+			}
+			free(opt);
 		} else if (opt_match(&opts, "permitopen")) {
 			if (handle_permit(&opts, 0, &ret->permitopen,
 			    &ret->npermitopen, &errstr) != 0)
@@ -572,6 +592,7 @@
 	}
 
 #define OPTFLAG_AND(x) ret->x = (primary->x == 1) && (additional->x == 1)
+#define OPTFLAG_OR(x) ret->x = (primary->x == 1) || (additional->x == 1)
 	/* Permissive flags are logical-AND (i.e. must be set in both) */
 	OPTFLAG_AND(permit_port_forwarding_flag);
 	OPTFLAG_AND(permit_agent_forwarding_flag);
@@ -579,6 +600,8 @@
 	OPTFLAG_AND(permit_pty_flag);
 	OPTFLAG_AND(permit_user_rc);
 	OPTFLAG_AND(no_require_user_presence);
+	/* Restrictive flags are logical-OR (i.e. must be set in either) */
+	OPTFLAG_OR(require_verify);
 #undef OPTFLAG_AND
 
 	/* Earliest expiry time should win */
@@ -649,6 +672,7 @@
 	OPTSCALAR(force_tun_device);
 	OPTSCALAR(valid_before);
 	OPTSCALAR(no_require_user_presence);
+	OPTSCALAR(require_verify);
 #undef OPTSCALAR
 #define OPTSTRING(x) \
 	do { \
@@ -781,7 +805,8 @@
 	    (r = sshbuf_put_u8(m, opts->permit_user_rc)) != 0 ||
 	    (r = sshbuf_put_u8(m, opts->restricted)) != 0 ||
 	    (r = sshbuf_put_u8(m, opts->cert_authority)) != 0 ||
-	    (r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0)
+	    (r = sshbuf_put_u8(m, opts->no_require_user_presence)) != 0 ||
+	    (r = sshbuf_put_u8(m, opts->require_verify)) != 0)
 		return r;
 
 	/* Simple integer options */
@@ -802,7 +827,7 @@
 	    (r = serialise_nullable_string(m,
 	    untrusted ? NULL : opts->required_from_host_cert)) != 0 ||
 	    (r = serialise_nullable_string(m,
-	     untrusted ? NULL : opts->required_from_host_keys)) != 0)
+	    untrusted ? NULL : opts->required_from_host_keys)) != 0)
 		return r;
 
 	/* Array options */
@@ -844,6 +869,7 @@
 	OPT_FLAG(restricted);
 	OPT_FLAG(cert_authority);
 	OPT_FLAG(no_require_user_presence);
+	OPT_FLAG(require_verify);
 #undef OPT_FLAG
 
 	/* Simple integer options */

auth-options.h

diff --git a/auth-options.h b/auth-options.h
index d96ffed..6e29b72 100644
--- a/auth-options.h
+++ b/auth-options.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.h,v 1.29 2019/11/25 00:54:23 djm Exp $ */
+/* $OpenBSD: auth-options.h,v 1.31 2021/07/23 03:57:20 djm Exp $ */
 
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
@@ -23,7 +23,10 @@
 struct sshkey;
 
 /* Maximum number of permitopen/permitlisten directives to accept */
-#define SSH_AUTHOPT_PERMIT_MAX 4096
+#define SSH_AUTHOPT_PERMIT_MAX	4096
+
+/* Maximum number of environment directives to accept */
+#define SSH_AUTHOPT_ENV_MAX	1024
 
 /*
  * sshauthopt represents key options parsed from authorized_keys or
@@ -71,6 +74,8 @@
 
 	/* Key requires user presence asserted */
 	int no_require_user_presence;
+	/* Key requires user verification (e.g. PIN) */
+	int require_verify;
 };
 
 struct sshauthopt *sshauthopt_new(void);

auth-pam.c

diff --git a/auth-pam.c b/auth-pam.c
index 5a3ba09..29034e4 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -375,7 +375,11 @@
 			error("PAM: pam_putenv: %s",
 			    pam_strerror(sshpam_handle, r));
 		}
-		/* XXX leak env? */
+		/*
+		 * XXX this possibly leaks env because it is not documented
+		 * what pam_putenv() does with it. Does it copy it? Does it
+		 * take ownweship? We don't know, so it's safest just to leak.
+		 */
 	}
 #endif
 }
@@ -685,6 +689,12 @@
 	const char *pam_user, *user = authctxt->user;
 	const char **ptr_pam_user = &pam_user;
 
+#if defined(PAM_SUN_CODEBASE) && defined(PAM_MAX_RESP_SIZE)
+	/* Protect buggy PAM implementations from excessively long usernames */
+	if (strlen(user) >= PAM_MAX_RESP_SIZE)
+		fatal("Username too long from %s port %d",
+		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
+#endif
 	if (sshpam_handle == NULL) {
 		if (ssh == NULL) {
 			fatal("%s: called initially with no "
@@ -717,9 +727,9 @@
 		 */
 		sshpam_rhost = xstrdup(auth_get_canonical_hostname(ssh,
 		    options.use_dns));
-	        sshpam_laddr = get_local_ipaddr(
+		sshpam_laddr = get_local_ipaddr(
 		    ssh_packet_get_connection_in(ssh));
-	        xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
+		xasprintf(&sshpam_conninfo, "SSH_CONNECTION=%.50s %d %.50s %d",
 		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
 		    sshpam_laddr, ssh_local_port(ssh));
 	}
@@ -876,6 +886,7 @@
 		case PAM_AUTH_ERR:
 			debug3("PAM: %s", pam_strerror(sshpam_handle, type));
 			if (**prompts != NULL && strlen(**prompts) != 0) {
+				free(*info);
 				*info = **prompts;
 				**prompts = NULL;
 				*num = 0;
@@ -1382,6 +1393,5 @@
 	sshpam_maxtries_reached = 1;
 	options.password_authentication = 0;
 	options.kbd_interactive_authentication = 0;
-	options.challenge_response_authentication = 0;
 }
 #endif /* USE_PAM */

auth-passwd.c

diff --git a/auth-passwd.c b/auth-passwd.c
index 24fcb67..347d91e 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-passwd.c,v 1.47 2018/07/09 21:26:02 markus Exp $ */
+/* $OpenBSD: auth-passwd.c,v 1.48 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -152,14 +152,14 @@
 		if ((r = sshbuf_putf(loginmsg,
 		    "Your password will expire in %lld day%s.\n",
 		    daysleft, daysleft == 1 ? "" : "s")) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 	if (actimeleft != 0 && actimeleft < acwarntime) {
 		daysleft = actimeleft / DAY + 1;
 		if ((r = sshbuf_putf(loginmsg,
 		    "Your account will expire in %lld day%s.\n",
 		    daysleft, daysleft == 1 ? "" : "s")) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 }
 

auth-rhosts.c

diff --git a/auth-rhosts.c b/auth-rhosts.c
index e81321b..0bc4d42 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.52 2020/04/17 03:30:05 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.53 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -223,7 +223,7 @@
 	if (!rhosts_files[rhosts_file_index] &&
 	    stat(_PATH_RHOSTS_EQUIV, &st) == -1 &&
 	    stat(_PATH_SSH_HOSTS_EQUIV, &st) == -1) {
-		debug3("%s: no hosts access files exist", __func__);
+		debug3_f("no hosts access files exist");
 		return 0;
 	}
 
@@ -232,7 +232,7 @@
 	 * shosts.equiv.
 	 */
 	if (pw->pw_uid == 0)
-		debug3("%s: root user, ignoring system hosts files", __func__);
+		debug3_f("root user, ignoring system hosts files");
 	else {
 		if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
 		    client_user, pw->pw_name)) {

auth.c

diff --git a/auth.c b/auth.c
index 7aabc8e..e92c5fc 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.146 2020/01/31 22:42:45 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.153 2021/07/05 00:50:25 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -352,27 +352,29 @@
 
 	free(extra);
 
-#ifdef CUSTOM_FAILED_LOGIN
-	if (authenticated == 0 && !authctxt->postponed &&
-	    (strcmp(method, "password") == 0 ||
-	    strncmp(method, "keyboard-interactive", 20) == 0 ||
-	    strcmp(method, "challenge-response") == 0))
-		record_failed_login(ssh, authctxt->user,
-		    auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
-# ifdef WITH_AIXAUTHENTICATE
+#if defined(CUSTOM_FAILED_LOGIN) || defined(SSH_AUDIT_EVENTS)
+	if (authenticated == 0 && !(authctxt->postponed || partial)) {
+		/* Log failed login attempt */
+# ifdef CUSTOM_FAILED_LOGIN
+		if (strcmp(method, "password") == 0 ||
+		    strncmp(method, "keyboard-interactive", 20) == 0 ||
+		    strcmp(method, "challenge-response") == 0)
+			record_failed_login(ssh, authctxt->user,
+			    auth_get_canonical_hostname(ssh, options.use_dns), "ssh");
+# endif
+# ifdef SSH_AUDIT_EVENTS
+		audit_event(ssh, audit_classify_auth(method));
+# endif
+	}
+#endif
+#if defined(CUSTOM_FAILED_LOGIN) && defined(WITH_AIXAUTHENTICATE)
 	if (authenticated)
 		sys_auth_record_login(authctxt->user,
 		    auth_get_canonical_hostname(ssh, options.use_dns), "ssh",
 		    loginmsg);
-# endif
-#endif
-#ifdef SSH_AUDIT_EVENTS
-	if (authenticated == 0 && !authctxt->postponed)
-		audit_event(ssh, audit_classify_auth(method));
 #endif
 }
 
-
 void
 auth_maxtries_exceeded(struct ssh *ssh)
 {
@@ -468,7 +470,7 @@
 	const struct hostkey_entry *found;
 
 	hostkeys = init_hostkeys();
-	load_hostkeys(hostkeys, host, sysfile);
+	load_hostkeys(hostkeys, host, sysfile, 0);
 	if (userfile != NULL) {
 		user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
 		if (options.strict_modes &&
@@ -482,7 +484,7 @@
 			    user_hostfile);
 		} else {
 			temporarily_use_uid(pw);
-			load_hostkeys(hostkeys, host, user_hostfile);
+			load_hostkeys(hostkeys, host, user_hostfile, 0);
 			restore_uid();
 		}
 		free(user_hostfile);
@@ -492,10 +494,10 @@
 		error("WARNING: revoked key for %s attempted authentication",
 		    host);
 	else if (host_status == HOST_OK)
-		debug("%s: key for %s found at %s:%ld", __func__,
+		debug_f("key for %s found at %s:%ld",
 		    found->host, found->file, found->line);
 	else
-		debug("%s: key for host %s not found", __func__, host);
+		debug_f("key for host %s not found", host);
 
 	free_hostkeys(hostkeys);
 
@@ -514,7 +516,7 @@
 	if ((fd = open(file, O_RDONLY|O_NONBLOCK)) == -1) {
 		if (log_missing || errno != ENOENT)
 			debug("Could not open %s '%s': %s", file_type, file,
-			   strerror(errno));
+			    strerror(errno));
 		return NULL;
 	}
 
@@ -569,11 +571,15 @@
 #endif
 	struct passwd *pw;
 	struct connection_info *ci;
+	u_int i;
 
 	ci = get_connection_info(ssh, 1, options.use_dns);
 	ci->user = user;
 	parse_server_match_config(&options, &includes, ci);
 	log_change_level(options.log_level);
+	log_verbose_reset();
+	for (i = 0; i < options.num_log_verbose; i++)
+		log_verbose_add(options.log_verbose[i]);
 	process_permitopen(ssh, &options);
 
 #if defined(_AIX) && defined(HAVE_SETAUTHDB)
@@ -608,7 +614,7 @@
 	if (!allowed_user(ssh, pw))
 		return (NULL);
 #ifdef HAVE_LOGIN_CAP
-	if ((lc = login_getclass(pw->pw_class)) == NULL) {
+	if ((lc = login_getpwclass(pw)) == NULL) {
 		debug("unable to get login class: %s", user);
 		return (NULL);
 	}
@@ -639,7 +645,7 @@
 	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
 	    SSH_FP_DEFAULT)) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
-		error("%s: fingerprint key: %s", __func__, ssh_err(r));
+		error_fr(r, "fingerprint key");
 		goto out;
 	}
 
@@ -652,9 +658,9 @@
 		    sshkey_type(key), fp, options.revoked_keys_file);
 		goto out;
 	default:
-		error("Error checking authentication key %s %s in "
-		    "revoked keys file %s: %s", sshkey_type(key), fp,
-		    options.revoked_keys_file, ssh_err(r));
+		error_r(r, "Error checking authentication key %s %s in "
+		    "revoked keys file %s", sshkey_type(key), fp,
+		    options.revoked_keys_file);
 		goto out;
 	}
 
@@ -680,7 +686,7 @@
 	vsnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
 	if ((r = sshbuf_put_cstring(auth_debug, buf)) != 0)
-		fatal("%s: sshbuf_put_cstring: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_put_cstring");
 }
 
 void
@@ -693,8 +699,7 @@
 		return;
 	while (sshbuf_len(auth_debug) != 0) {
 		if ((r = sshbuf_get_cstring(auth_debug, &msg, NULL)) != 0)
-			fatal("%s: sshbuf_get_cstring: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_get_cstring");
 		ssh_packet_send_debug(ssh, "%s", msg);
 		free(msg);
 	}
@@ -706,7 +711,7 @@
 	if (auth_debug != NULL)
 		sshbuf_reset(auth_debug);
 	else if ((auth_debug = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 }
 
 struct passwd *
@@ -737,9 +742,7 @@
  * be freed. NB. this will usually trigger a DNS query the first time it is
  * called.
  * This function does additional checks on the hostname to mitigate some
- * attacks on legacy rhosts-style authentication.
- * XXX is RhostsRSAAuthentication vulnerable to these?
- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?)
+ * attacks on based on conflation of hostnames and IP addresses.
  */
 
 static char *
@@ -846,158 +849,6 @@
 	}
 }
 
-/*
- * Runs command in a subprocess with a minimal environment.
- * Returns pid on success, 0 on failure.
- * The child stdout and stderr maybe captured, left attached or sent to
- * /dev/null depending on the contents of flags.
- * "tag" is prepended to log messages.
- * NB. "command" is only used for logging; the actual command executed is
- * av[0].
- */
-pid_t
-subprocess(const char *tag, struct passwd *pw, const char *command,
-    int ac, char **av, FILE **child, u_int flags)
-{
-	FILE *f = NULL;
-	struct stat st;
-	int fd, devnull, p[2], i;
-	pid_t pid;
-	char *cp, errmsg[512];
-	u_int envsize;
-	char **child_env;
-
-	if (child != NULL)
-		*child = NULL;
-
-	debug3("%s: %s command \"%s\" running as %s (flags 0x%x)", __func__,
-	    tag, command, pw->pw_name, flags);
-
-	/* Check consistency */
-	if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
-	    (flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) {
-		error("%s: inconsistent flags", __func__);
-		return 0;
-	}
-	if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) {
-		error("%s: inconsistent flags/output", __func__);
-		return 0;
-	}
-
-	/*
-	 * If executing an explicit binary, then verify the it exists
-	 * and appears safe-ish to execute
-	 */
-	if (!path_absolute(av[0])) {
-		error("%s path is not absolute", tag);
-		return 0;
-	}
-	temporarily_use_uid(pw);
-	if (stat(av[0], &st) == -1) {
-		error("Could not stat %s \"%s\": %s", tag,
-		    av[0], strerror(errno));
-		restore_uid();
-		return 0;
-	}
-	if (safe_path(av[0], &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) {
-		error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);
-		restore_uid();
-		return 0;
-	}
-	/* Prepare to keep the child's stdout if requested */
-	if (pipe(p) == -1) {
-		error("%s: pipe: %s", tag, strerror(errno));
-		restore_uid();
-		return 0;
-	}
-	restore_uid();
-
-	switch ((pid = fork())) {
-	case -1: /* error */
-		error("%s: fork: %s", tag, strerror(errno));
-		close(p[0]);
-		close(p[1]);
-		return 0;
-	case 0: /* child */
-		/* Prepare a minimal environment for the child. */
-		envsize = 5;
-		child_env = xcalloc(sizeof(*child_env), envsize);
-		child_set_env(&child_env, &envsize, "PATH", _PATH_STDPATH);
-		child_set_env(&child_env, &envsize, "USER", pw->pw_name);
-		child_set_env(&child_env, &envsize, "LOGNAME", pw->pw_name);
-		child_set_env(&child_env, &envsize, "HOME", pw->pw_dir);
-		if ((cp = getenv("LANG")) != NULL)
-			child_set_env(&child_env, &envsize, "LANG", cp);
-
-		for (i = 0; i < NSIG; i++)
-			ssh_signal(i, SIG_DFL);
-
-		if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
-			error("%s: open %s: %s", tag, _PATH_DEVNULL,
-			    strerror(errno));
-			_exit(1);
-		}
-		if (dup2(devnull, STDIN_FILENO) == -1) {
-			error("%s: dup2: %s", tag, strerror(errno));
-			_exit(1);
-		}
-
-		/* Set up stdout as requested; leave stderr in place for now. */
-		fd = -1;
-		if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
-			fd = p[1];
-		else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
-			fd = devnull;
-		if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
-			error("%s: dup2: %s", tag, strerror(errno));
-			_exit(1);
-		}
-		closefrom(STDERR_FILENO + 1);
-
-		/* Don't use permanently_set_uid() here to avoid fatal() */
-		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
-			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
-			    strerror(errno));
-			_exit(1);
-		}
-		if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
-			error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
-			    strerror(errno));
-			_exit(1);
-		}
-		/* stdin is pointed to /dev/null at this point */
-		if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
-		    dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
-			error("%s: dup2: %s", tag, strerror(errno));
-			_exit(1);
-		}
-
-		execve(av[0], av, child_env);
-		error("%s exec \"%s\": %s", tag, command, strerror(errno));
-		_exit(127);
-	default: /* parent */
-		break;
-	}
-
-	close(p[1]);
-	if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
-		close(p[0]);
-	else if ((f = fdopen(p[0], "r")) == NULL) {
-		error("%s: fdopen: %s", tag, strerror(errno));
-		close(p[0]);
-		/* Don't leave zombie child */
-		kill(pid, SIGTERM);
-		while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
-			;
-		return 0;
-	}
-	/* Success */
-	debug3("%s: %s pid %ld", __func__, tag, (long)pid);
-	if (child != NULL)
-		*child = f;
-	return pid;
-}
-
 /* These functions link key/cert options to the auth framework */
 
 /* Log sshauthopt options locally and (optionally) for remote transmission */
@@ -1014,21 +865,22 @@
 
 	snprintf(buf, sizeof(buf), "%d", opts->force_tun_device);
 	/* Try to keep this alphabetically sorted */
-	snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
+	snprintf(msg, sizeof(msg), "key options:%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
 	    opts->permit_agent_forwarding_flag ? " agent-forwarding" : "",
 	    opts->force_command == NULL ? "" : " command",
 	    do_env ?  " environment" : "",
 	    opts->valid_before == 0 ? "" : "expires",
+	    opts->no_require_user_presence ? " no-touch-required" : "",
 	    do_permitopen ?  " permitopen" : "",
 	    do_permitlisten ?  " permitlisten" : "",
 	    opts->permit_port_forwarding_flag ? " port-forwarding" : "",
 	    opts->cert_principals == NULL ? "" : " principals",
 	    opts->permit_pty_flag ? " pty" : "",
+	    opts->require_verify ? " uv" : "",
 	    opts->force_tun_device == -1 ? "" : " tun=",
 	    opts->force_tun_device == -1 ? "" : buf,
 	    opts->permit_user_rc ? " user-rc" : "",
-	    opts->permit_x11_forwarding_flag ? " x11-forwarding" : "",
-	    opts->no_require_user_presence ? " no-touch-required" : "");
+	    opts->permit_x11_forwarding_flag ? " x11-forwarding" : "");
 
 	debug("%s: %s", loc, msg);
 	if (do_remote)
@@ -1076,7 +928,7 @@
 	struct sshauthopt *old = auth_opts;
 	const char *emsg = NULL;
 
-	debug("%s: setting new authentication options", __func__);
+	debug_f("setting new authentication options");
 	if ((auth_opts = sshauthopt_merge(old, opts, &emsg)) == NULL) {
 		error("Inconsistent authentication options: %s", emsg);
 		return -1;
@@ -1090,7 +942,7 @@
 {
 	struct sshauthopt *restricted;
 
-	debug("%s: restricting session", __func__);
+	debug_f("restricting session");
 
 	/* A blank sshauthopt defaults to permitting nothing */
 	restricted = sshauthopt_new();
@@ -1098,7 +950,7 @@
 	restricted->restricted = 1;
 
 	if (auth_activate_options(ssh, restricted) != 0)
-		fatal("%s: failed to restrict session", __func__);
+		fatal_f("failed to restrict session");
 	sshauthopt_free(restricted);
 }
 
@@ -1173,8 +1025,7 @@
 		case -1:
 		default:
 			/* invalid */
-			error("%s: Certificate source-address invalid",
-			    loc);
+			error("%s: Certificate source-address invalid", loc);
 			/* FALLTHROUGH */
 		case 0:
 			logit("%s: Authentication tried for %.100s with valid "

auth.h

diff --git a/auth.h b/auth.h
index becc672..43c7d3d 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.100 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.101 2020/12/22 00:12:22 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -225,12 +225,6 @@
 
 struct passwd *fakepw(void);
 
-#define	SSH_SUBPROCESS_STDOUT_DISCARD  (1)     /* Discard stdout */
-#define	SSH_SUBPROCESS_STDOUT_CAPTURE  (1<<1)  /* Redirect stdout */
-#define	SSH_SUBPROCESS_STDERR_DISCARD  (1<<2)  /* Discard stderr */
-pid_t	subprocess(const char *, struct passwd *,
-    const char *, int, char **, FILE **, u_int flags);
-
 int	 sys_auth_passwd(struct ssh *, const char *);
 
 #if defined(KRB5) && !defined(HEIMDAL)

auth2-chall.c

diff --git a/auth2-chall.c b/auth2-chall.c
index 3acd0a8..021df82 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-chall.c,v 1.53 2020/02/26 13:40:09 jsg Exp $ */
+/* $OpenBSD: auth2-chall.c,v 1.54 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Per Allansson.  All rights reserved.
@@ -112,15 +112,14 @@
 	kbdintctxt = xcalloc(1, sizeof(KbdintAuthctxt));
 	if (strcmp(devs, "") == 0) {
 		if ((b = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new failed", __func__);
+			fatal_f("sshbuf_new failed");
 		for (i = 0; devices[i]; i++) {
 			if ((r = sshbuf_putf(b, "%s%s",
 			    sshbuf_len(b) ? "," : "", devices[i]->name)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "buffer error");
 		}
 		if ((kbdintctxt->devices = sshbuf_dup_string(b)) == NULL)
-			fatal("%s: sshbuf_dup_string failed", __func__);
+			fatal_f("sshbuf_dup_string failed");
 		sshbuf_free(b);
 	} else {
 		kbdintctxt->devices = xstrdup(devs);
@@ -268,15 +267,15 @@
 	    (r = sshpkt_put_cstring(ssh, instr)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language not used */
 	    (r = sshpkt_put_u32(ssh, kbdintctxt->nreq)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "start packet");
 	for (i = 0; i < kbdintctxt->nreq; i++) {
 		if ((r = sshpkt_put_cstring(ssh, prompts[i])) != 0 ||
 		    (r = sshpkt_put_u8(ssh, echo_on[i])) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble packet");
 	}
 	if ((r = sshpkt_send(ssh)) != 0 ||
 	    (r = ssh_packet_write_wait(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 
 	for (i = 0; i < kbdintctxt->nreq; i++)
 		free(prompts[i]);
@@ -299,29 +298,29 @@
 	char **response = NULL;
 
 	if (authctxt == NULL)
-		fatal("input_userauth_info_response: no authctxt");
+		fatal_f("no authctxt");
 	kbdintctxt = authctxt->kbdintctxt;
 	if (kbdintctxt == NULL || kbdintctxt->ctxt == NULL)
-		fatal("input_userauth_info_response: no kbdintctxt");
+		fatal_f("no kbdintctxt");
 	if (kbdintctxt->device == NULL)
-		fatal("input_userauth_info_response: no device");
+		fatal_f("no device");
 
 	authctxt->postponed = 0;	/* reset */
 	if ((r = sshpkt_get_u32(ssh, &nresp)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 	if (nresp != kbdintctxt->nreq)
-		fatal("input_userauth_info_response: wrong number of replies");
+		fatal_f("wrong number of replies");
 	if (nresp > 100)
-		fatal("input_userauth_info_response: too many replies");
+		fatal_f("too many replies");
 	if (nresp > 0) {
 		response = xcalloc(nresp, sizeof(char *));
-		for (i = 0; i < nresp; i++)
-			if ((r = sshpkt_get_cstring(ssh, &response[i],
-			    NULL)) != 0)
-				fatal("%s: %s", __func__, ssh_err(r));
+		for (i = 0; i < nresp; i++) {
+			if ((r = sshpkt_get_cstring(ssh, &response[i], NULL)) != 0)
+				fatal_fr(r, "parse response");
+		}
 	}
 	if ((r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
 	res = kbdintctxt->device->respond(kbdintctxt->ctxt, nresp, response);
 

auth2-gss.c

diff --git a/auth2-gss.c b/auth2-gss.c
index 9351e04..60e3696 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-gss.c,v 1.29 2018/07/31 03:10:27 djm Exp $ */
+/* $OpenBSD: auth2-gss.c,v 1.32 2021/01/27 10:15:08 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -44,6 +44,7 @@
 #include "misc.h"
 #include "servconf.h"
 #include "packet.h"
+#include "kex.h"
 #include "ssh-gss.h"
 #include "monitor_wrap.h"
 
@@ -71,7 +72,7 @@
 	u_char *doid = NULL;
 
 	if ((r = sshpkt_get_u32(ssh, &mechs)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
 	if (mechs == 0) {
 		debug("Mechanism negotiation is not supported");
@@ -85,7 +86,7 @@
 
 		present = 0;
 		if ((r = sshpkt_get_string(ssh, &doid, &len)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse oid");
 
 		if (len > 2 && doid[0] == SSH_GSS_OIDTYPE &&
 		    doid[1] == len - 2) {
@@ -104,7 +105,7 @@
 	}
 
 	if (!authctxt->valid || authctxt->user == NULL) {
-		debug2("%s: disabled because of invalid user", __func__);
+		debug2_f("disabled because of invalid user");
 		free(doid);
 		return (0);
 	}
@@ -123,7 +124,7 @@
 	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE)) != 0 ||
 	    (r = sshpkt_put_string(ssh, doid, len)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 
 	free(doid);
 
@@ -152,7 +153,7 @@
 	gssctxt = authctxt->methoddata;
 	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
 	recv_tok.value = p;
 	recv_tok.length = len;
@@ -168,7 +169,7 @@
 			    (r = sshpkt_put_string(ssh, send_tok.value,
 			    send_tok.length)) != 0 ||
 			    (r = sshpkt_send(ssh)) != 0)
-				fatal("%s: %s", __func__, ssh_err(r));
+				fatal_fr(r, "send ERRTOK packet");
 		}
 		authctxt->postponed = 0;
 		ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@@ -180,7 +181,7 @@
 			    (r = sshpkt_put_string(ssh, send_tok.value,
 			    send_tok.length)) != 0 ||
 			    (r = sshpkt_send(ssh)) != 0)
-				fatal("%s: %s", __func__, ssh_err(r));
+				fatal_fr(r, "send TOKEN packet");
 		}
 		if (maj_status == GSS_S_COMPLETE) {
 			ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL);
@@ -216,7 +217,7 @@
 	gssctxt = authctxt->methoddata;
 	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 	recv_tok.value = p;
 	recv_tok.length = len;
 
@@ -258,7 +259,7 @@
 	 */
 
 	if ((r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
 	authenticated = PRIVSEP(ssh_gssapi_userok(authctxt->user));
 
@@ -293,16 +294,16 @@
 	gssctxt = authctxt->methoddata;
 
 	if ((r = sshpkt_get_string(ssh, &p, &len)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mic.value = p;
 	mic.length = len;
 	ssh_gssapi_buildmic(b, authctxt->user, authctxt->service,
-	    "gssapi-with-mic");
+	    "gssapi-with-mic", ssh->kex->session_id);
 
 	if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
-		fatal("%s: sshbuf_mutable_ptr failed", __func__);
+		fatal_f("sshbuf_mutable_ptr failed");
 	gssbuf.length = sshbuf_len(b);
 
 	if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic))))

auth2-hostbased.c

diff --git a/auth2-hostbased.c b/auth2-hostbased.c
index 5e9b7c6..3a29126 100644
--- a/auth2-hostbased.c
+++ b/auth2-hostbased.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-hostbased.c,v 1.42 2019/11/25 00:51:37 djm Exp $ */
+/* $OpenBSD: auth2-hostbased.c,v 1.47 2021/07/23 03:37:52 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -35,6 +35,7 @@
 #include "xmalloc.h"
 #include "ssh2.h"
 #include "packet.h"
+#include "kex.h"
 #include "sshbuf.h"
 #include "log.h"
 #include "misc.h"
@@ -54,8 +55,6 @@
 
 /* import */
 extern ServerOptions options;
-extern u_char *session_id2;
-extern u_int session_id2_len;
 
 static int
 userauth_hostbased(struct ssh *ssh)
@@ -74,9 +73,9 @@
 	    (r = sshpkt_get_cstring(ssh, &chost, NULL)) != 0 ||
 	    (r = sshpkt_get_cstring(ssh, &cuser, NULL)) != 0 ||
 	    (r = sshpkt_get_string(ssh, &sig, &slen)) != 0)
-		fatal("%s: packet parsing: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
-	debug("%s: cuser %s chost %s pkalg %s slen %zu", __func__,
+	debug_f("cuser %s chost %s pkalg %s slen %zu",
 	    cuser, chost, pkalg, slen);
 #ifdef DEBUG_PK
 	debug("signature:");
@@ -85,21 +84,21 @@
 	pktype = sshkey_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */
-		logit("%s: unsupported public key algorithm: %s",
-		    __func__, pkalg);
+		logit_f("unsupported public key algorithm: %s",
+		    pkalg);
 		goto done;
 	}
 	if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
-		error("%s: key_from_blob: %s", __func__, ssh_err(r));
+		error_fr(r, "key_from_blob");
 		goto done;
 	}
 	if (key == NULL) {
-		error("%s: cannot decode key: %s", __func__, pkalg);
+		error_f("cannot decode key: %s", pkalg);
 		goto done;
 	}
 	if (key->type != pktype) {
-		error("%s: type mismatch for decoded key "
-		    "(received %d, expected %d)", __func__, key->type, pktype);
+		error_f("type mismatch for decoded key "
+		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
 	if (sshkey_type_plain(key->type) == KEY_RSA &&
@@ -108,28 +107,28 @@
 		    "signature format");
 		goto done;
 	}
-	if (match_pattern_list(pkalg, options.hostbased_key_types, 0) != 1) {
-		logit("%s: key type %s not in HostbasedAcceptedKeyTypes",
-		    __func__, sshkey_type(key));
+	if (match_pattern_list(pkalg, options.hostbased_accepted_algos, 0) != 1) {
+		logit_f("key type %s not in HostbasedAcceptedAlgorithms",
+		    sshkey_type(key));
 		goto done;
 	}
 	if ((r = sshkey_check_cert_sigtype(key,
 	    options.ca_sign_algorithms)) != 0) {
-		logit("%s: certificate signature algorithm %s: %s", __func__,
+		logit_fr(r, "certificate signature algorithm %s",
 		    (key->cert == NULL || key->cert->signature_type == NULL) ?
-		    "(null)" : key->cert->signature_type, ssh_err(r));
+		    "(null)" : key->cert->signature_type);
 		goto done;
 	}
 
 	if (!authctxt->valid || authctxt->user == NULL) {
-		debug2("%s: disabled because of invalid user", __func__);
+		debug2_f("disabled because of invalid user");
 		goto done;
 	}
 
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	/* reconstruct packet */
-	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
+	if ((r = sshbuf_put_stringb(b, ssh->kex->session_id)) != 0 ||
 	    (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 	    (r = sshbuf_put_cstring(b, authctxt->user)) != 0 ||
 	    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
@@ -138,7 +137,7 @@
 	    (r = sshbuf_put_string(b, pkblob, blen)) != 0 ||
 	    (r = sshbuf_put_cstring(b, chost)) != 0 ||
 	    (r = sshbuf_put_cstring(b, cuser)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reconstruct packet");
 #ifdef DEBUG_PK
 	sshbuf_dump(b, stderr);
 #endif
@@ -157,7 +156,7 @@
 	auth2_record_key(authctxt, authenticated, key);
 	sshbuf_free(b);
 done:
-	debug2("%s: authenticated %d", __func__, authenticated);
+	debug2_f("authenticated %d", authenticated);
 	sshkey_free(key);
 	free(pkalg);
 	free(pkblob);
@@ -183,7 +182,7 @@
 	resolvedname = auth_get_canonical_hostname(ssh, options.use_dns);
 	ipaddr = ssh_remote_ipaddr(ssh);
 
-	debug2("%s: chost %s resolvedname %s ipaddr %s", __func__,
+	debug2_f("chost %s resolvedname %s ipaddr %s",
 	    chost, resolvedname, ipaddr);
 
 	if (((len = strlen(chost)) > 0) && chost[len - 1] == '.') {
@@ -193,9 +192,8 @@
 
 	if (options.hostbased_uses_name_from_packet_only) {
 		if (auth_rhosts2(pw, cuser, chost, chost) == 0) {
-			debug2("%s: auth_rhosts2 refused "
-			    "user \"%.100s\" host \"%.100s\" (from packet)",
-			    __func__, cuser, chost);
+			debug2_f("auth_rhosts2 refused user \"%.100s\" "
+			    "host \"%.100s\" (from packet)", cuser, chost);
 			return 0;
 		}
 		lookup = chost;
@@ -205,17 +203,17 @@
 			    "client sends %s, but we resolve %s to %s",
 			    chost, ipaddr, resolvedname);
 		if (auth_rhosts2(pw, cuser, resolvedname, ipaddr) == 0) {
-			debug2("%s: auth_rhosts2 refused "
+			debug2_f("auth_rhosts2 refused "
 			    "user \"%.100s\" host \"%.100s\" addr \"%.100s\"",
-			    __func__, cuser, resolvedname, ipaddr);
+			    cuser, resolvedname, ipaddr);
 			return 0;
 		}
 		lookup = resolvedname;
 	}
-	debug2("%s: access allowed by auth_rhosts2", __func__);
+	debug2_f("access allowed by auth_rhosts2");
 
 	if (sshkey_is_cert(key) &&
-	    sshkey_cert_check_authority(key, 1, 0, lookup, &reason)) {
+	    sshkey_cert_check_authority_now(key, 1, 0, 0, lookup, &reason)) {
 		error("%s", reason);
 		auth_debug_add("%s", reason);
 		return 0;
@@ -237,7 +235,7 @@
 		if (sshkey_is_cert(key)) {
 			if ((fp = sshkey_fingerprint(key->cert->signature_key,
 			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
-				fatal("%s: sshkey_fingerprint fail", __func__);
+				fatal_f("sshkey_fingerprint fail");
 			verbose("Accepted certificate ID \"%s\" signed by "
 			    "%s CA %s from %s@%s", key->cert->key_id,
 			    sshkey_type(key->cert->signature_key), fp,
@@ -245,7 +243,7 @@
 		} else {
 			if ((fp = sshkey_fingerprint(key,
 			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
-				fatal("%s: sshkey_fingerprint fail", __func__);
+				fatal_f("sshkey_fingerprint fail");
 			verbose("Accepted %s public key %s from %s@%s",
 			    sshkey_type(key), fp, cuser, lookup);
 		}

auth2-kbdint.c

diff --git a/auth2-kbdint.c b/auth2-kbdint.c
index e23d2ed..037139d 100644
--- a/auth2-kbdint.c
+++ b/auth2-kbdint.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-kbdint.c,v 1.11 2019/11/13 04:47:52 deraadt Exp $ */
+/* $OpenBSD: auth2-kbdint.c,v 1.13 2021/07/02 05:11:20 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -52,11 +52,11 @@
 	if ((r = sshpkt_get_cstring(ssh, &lang, NULL)) != 0 ||
 	    (r = sshpkt_get_cstring(ssh, &devs, NULL)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
 	debug("keyboard-interactive devs %s", devs);
 
-	if (options.challenge_response_authentication)
+	if (options.kbd_interactive_authentication)
 		authenticated = auth2_challenge(ssh, devs);
 
 	free(devs);

auth2-none.c

diff --git a/auth2-none.c b/auth2-none.c
index f457c37..a69fb2a 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.22 2018/07/09 21:35:50 markus Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.23 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -65,7 +65,7 @@
 
 	none_enabled = 0;
 	if ((r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
 	/* no password authentication in Android. */
 #if !defined(ANDROID)

auth2-passwd.c

diff --git a/auth2-passwd.c b/auth2-passwd.c
index 2d0b2af..8e7fa73 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-passwd.c,v 1.18 2020/02/26 13:40:09 jsg Exp $ */
+/* $OpenBSD: auth2-passwd.c,v 1.19 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -60,7 +60,7 @@
 	    (r = sshpkt_get_cstring(ssh, &password, &len)) != 0 ||
 	    (change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) ||
 	    (r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
 	if (change)
 		logit("password change not supported");

auth2-pubkey.c

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 815ea0f..9e32259 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.99 2020/02/06 22:30:54 naddy Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.109 2021/07/23 03:37:52 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -47,6 +47,7 @@
 #include "ssh.h"
 #include "ssh2.h"
 #include "packet.h"
+#include "kex.h"
 #include "sshbuf.h"
 #include "log.h"
 #include "misc.h"
@@ -72,8 +73,6 @@
 
 /* import */
 extern ServerOptions options;
-extern u_char *session_id2;
-extern u_int session_id2_len;
 
 static char *
 format_key(const struct sshkey *key)
@@ -97,24 +96,24 @@
 	u_char *pkblob = NULL, *sig = NULL, have_sig;
 	size_t blen, slen;
 	int r, pktype;
-	int req_presence = 0, authenticated = 0;
+	int req_presence = 0, req_verify = 0, authenticated = 0;
 	struct sshauthopt *authopts = NULL;
 	struct sshkey_sig_details *sig_details = NULL;
 
 	if ((r = sshpkt_get_u8(ssh, &have_sig)) != 0 ||
 	    (r = sshpkt_get_cstring(ssh, &pkalg, NULL)) != 0 ||
 	    (r = sshpkt_get_string(ssh, &pkblob, &blen)) != 0)
-		fatal("%s: parse request failed: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
 	if (log_level_get() >= SYSLOG_LEVEL_DEBUG2) {
 		char *keystring;
 		struct sshbuf *pkbuf;
 
 		if ((pkbuf = sshbuf_from(pkblob, blen)) == NULL)
-			fatal("%s: sshbuf_from failed", __func__);
+			fatal_f("sshbuf_from failed");
 		if ((keystring = sshbuf_dtob64_string(pkbuf, 0)) == NULL)
-			fatal("%s: sshbuf_dtob64 failed", __func__);
-		debug2("%s: %s user %s %s public key %s %s", __func__,
+			fatal_f("sshbuf_dtob64 failed");
+		debug2_f("%s user %s %s public key %s %s",
 		    authctxt->valid ? "valid" : "invalid", authctxt->user,
 		    have_sig ? "attempting" : "querying", pkalg, keystring);
 		sshbuf_free(pkbuf);
@@ -124,21 +123,20 @@
 	pktype = sshkey_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC) {
 		/* this is perfectly legal */
-		verbose("%s: unsupported public key algorithm: %s",
-		    __func__, pkalg);
+		verbose_f("unsupported public key algorithm: %s", pkalg);
 		goto done;
 	}
 	if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
-		error("%s: could not parse key: %s", __func__, ssh_err(r));
+		error_fr(r, "parse key");
 		goto done;
 	}
 	if (key == NULL) {
-		error("%s: cannot decode key: %s", __func__, pkalg);
+		error_f("cannot decode key: %s", pkalg);
 		goto done;
 	}
 	if (key->type != pktype) {
-		error("%s: type mismatch for decoded key "
-		    "(received %d, expected %d)", __func__, key->type, pktype);
+		error_f("type mismatch for decoded key "
+		    "(received %d, expected %d)", key->type, pktype);
 		goto done;
 	}
 	if (sshkey_type_plain(key->type) == KEY_RSA &&
@@ -151,16 +149,16 @@
 		logit("refusing previously-used %s key", sshkey_type(key));
 		goto done;
 	}
-	if (match_pattern_list(pkalg, options.pubkey_key_types, 0) != 1) {
-		logit("%s: key type %s not in PubkeyAcceptedKeyTypes",
-		    __func__, sshkey_ssh_name(key));
+	if (match_pattern_list(pkalg, options.pubkey_accepted_algos, 0) != 1) {
+		logit_f("key type %s not in PubkeyAcceptedAlgorithms",
+		    sshkey_ssh_name(key));
 		goto done;
 	}
 	if ((r = sshkey_check_cert_sigtype(key,
 	    options.ca_sign_algorithms)) != 0) {
-		logit("%s: certificate signature algorithm %s: %s", __func__,
+		logit_fr(r, "certificate signature algorithm %s",
 		    (key->cert == NULL || key->cert->signature_type == NULL) ?
-		    "(null)" : key->cert->signature_type, ssh_err(r));
+		    "(null)" : key->cert->signature_type);
 		goto done;
 	}
 	key_s = format_key(key);
@@ -168,29 +166,23 @@
 		ca_s = format_key(key->cert->signature_key);
 
 	if (have_sig) {
-		debug3("%s: have %s signature for %s%s%s",
-		    __func__, pkalg, key_s,
-		    ca_s == NULL ? "" : " CA ",
-		    ca_s == NULL ? "" : ca_s);
+		debug3_f("have %s signature for %s%s%s", pkalg, key_s,
+		    ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
 		if ((r = sshpkt_get_string(ssh, &sig, &slen)) != 0 ||
 		    (r = sshpkt_get_end(ssh)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse signature packet");
 		if ((b = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new failed", __func__);
+			fatal_f("sshbuf_new failed");
 		if (ssh->compat & SSH_OLD_SESSIONID) {
-			if ((r = sshbuf_put(b, session_id2,
-			    session_id2_len)) != 0)
-				fatal("%s: sshbuf_put session id: %s",
-				    __func__, ssh_err(r));
+			if ((r = sshbuf_putb(b, ssh->kex->session_id)) != 0)
+				fatal_fr(r, "put old session id");
 		} else {
-			if ((r = sshbuf_put_string(b, session_id2,
-			    session_id2_len)) != 0)
-				fatal("%s: sshbuf_put_string session id: %s",
-				    __func__, ssh_err(r));
+			if ((r = sshbuf_put_stringb(b,
+			    ssh->kex->session_id)) != 0)
+				fatal_fr(r, "put session id");
 		}
 		if (!authctxt->valid || authctxt->user == NULL) {
-			debug2("%s: disabled because of invalid user",
-			    __func__);
+			debug2_f("disabled because of invalid user");
 			goto done;
 		}
 		/* reconstruct packet */
@@ -204,8 +196,7 @@
 		    (r = sshbuf_put_u8(b, have_sig)) != 0 ||
 		    (r = sshbuf_put_cstring(b, pkalg)) != 0 ||
 		    (r = sshbuf_put_string(b, pkblob, blen)) != 0)
-			fatal("%s: build packet failed: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "reconstruct packet");
 #ifdef DEBUG_PK
 		sshbuf_dump(b, stderr);
 #endif
@@ -221,9 +212,8 @@
 		if (authenticated == 1 && sig_details != NULL) {
 			auth2_record_info(authctxt, "signature count = %u",
 			    sig_details->sk_counter);
-			debug("%s: sk_counter = %u, sk_flags = 0x%02x",
-			    __func__, sig_details->sk_counter,
-			    sig_details->sk_flags);
+			debug_f("sk_counter = %u, sk_flags = 0x%02x",
+			    sig_details->sk_counter, sig_details->sk_flags);
 			req_presence = (options.pubkey_auth_options &
 			    PUBKEYAUTH_TOUCH_REQUIRED) ||
 			    !authopts->no_require_user_presence;
@@ -239,20 +229,31 @@
 				authenticated = 0;
 				goto done;
 			}
+			req_verify = (options.pubkey_auth_options &
+			    PUBKEYAUTH_VERIFY_REQUIRED) ||
+			    authopts->require_verify;
+			if (req_verify && (sig_details->sk_flags &
+			    SSH_SK_USER_VERIFICATION_REQD) == 0) {
+				error("public key %s signature for %s%s from "
+				    "%.128s port %d rejected: user "
+				    "verification requirement not met ", key_s,
+				    authctxt->valid ? "" : "invalid user ",
+				    authctxt->user, ssh_remote_ipaddr(ssh),
+				    ssh_remote_port(ssh));
+				authenticated = 0;
+				goto done;
+			}
 		}
 		auth2_record_key(authctxt, authenticated, key);
 	} else {
-		debug("%s: test pkalg %s pkblob %s%s%s",
-		    __func__, pkalg, key_s,
-		    ca_s == NULL ? "" : " CA ",
-		    ca_s == NULL ? "" : ca_s);
+		debug_f("test pkalg %s pkblob %s%s%s", pkalg, key_s,
+		    ca_s == NULL ? "" : " CA ", ca_s == NULL ? "" : ca_s);
 
 		if ((r = sshpkt_get_end(ssh)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse packet");
 
 		if (!authctxt->valid || authctxt->user == NULL) {
-			debug2("%s: disabled because of invalid user",
-			    __func__);
+			debug2_f("disabled because of invalid user");
 			goto done;
 		}
 		/* XXX fake reply and always send PK_OK ? */
@@ -270,16 +271,16 @@
 			    (r = sshpkt_put_string(ssh, pkblob, blen)) != 0 ||
 			    (r = sshpkt_send(ssh)) != 0 ||
 			    (r = ssh_packet_write_wait(ssh)) != 0)
-				fatal("%s: %s", __func__, ssh_err(r));
+				fatal_fr(r, "send packet");
 			authctxt->postponed = 1;
 		}
 	}
 done:
 	if (authenticated == 1 && auth_activate_options(ssh, authopts) != 0) {
-		debug("%s: key options inconsistent with existing", __func__);
+		debug_f("key options inconsistent with existing");
 		authenticated = 0;
 	}
-	debug2("%s: authenticated %d pkalg %s", __func__, authenticated, pkalg);
+	debug2_f("authenticated %d pkalg %s", authenticated, pkalg);
 
 	sshbuf_free(b);
 	sshauthopt_free(authopts);
@@ -474,7 +475,8 @@
 	}
 
 	/* Turn the command into an argument vector */
-	if (argv_split(options.authorized_principals_command, &ac, &av) != 0) {
+	if (argv_split(options.authorized_principals_command,
+	    &ac, &av, 0) != 0) {
 		error("AuthorizedPrincipalsCommand \"%s\" contains "
 		    "invalid quotes", options.authorized_principals_command);
 		goto out;
@@ -486,20 +488,20 @@
 	}
 	if ((ca_fp = sshkey_fingerprint(cert->signature_key,
 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
-		error("%s: sshkey_fingerprint failed", __func__);
+		error_f("sshkey_fingerprint failed");
 		goto out;
 	}
 	if ((key_fp = sshkey_fingerprint(key,
 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
-		error("%s: sshkey_fingerprint failed", __func__);
+		error_f("sshkey_fingerprint failed");
 		goto out;
 	}
 	if ((r = sshkey_to_base64(cert->signature_key, &catext)) != 0) {
-		error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_to_base64 failed");
 		goto out;
 	}
 	if ((r = sshkey_to_base64(key, &keytext)) != 0) {
-		error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_to_base64 failed");
 		goto out;
 	}
 	snprintf(serial_s, sizeof(serial_s), "%llu",
@@ -521,16 +523,17 @@
 		    "s", serial_s,
 		    (char *)NULL);
 		if (tmp == NULL)
-			fatal("%s: percent_expand failed", __func__);
+			fatal_f("percent_expand failed");
 		free(av[i]);
 		av[i] = tmp;
 	}
 	/* Prepare a printable command for logs, etc. */
 	command = argv_assemble(ac, av);
 
-	if ((pid = subprocess("AuthorizedPrincipalsCommand", runas_pw, command,
+	if ((pid = subprocess("AuthorizedPrincipalsCommand", command,
 	    ac, av, &f,
-	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
+	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
+	    runas_pw, temporarily_use_uid, restore_uid)) == 0)
 		goto out;
 
 	uid_swapped = 1;
@@ -584,7 +587,7 @@
 		*authoptsp = NULL;
 
 	if ((found = sshkey_new(want_keytype)) == NULL) {
-		debug3("%s: keytype %d failed", __func__, want_keytype);
+		debug3_f("keytype %d failed", want_keytype);
 		goto out;
 	}
 
@@ -626,7 +629,7 @@
 	/* We have a candidate key, perform authorisation checks */
 	if ((fp = sshkey_fingerprint(found,
 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
-		fatal("%s: fingerprint failed", __func__);
+		fatal_f("fingerprint failed");
 
 	debug("%s: matching %s found: %s %s", loc,
 	    sshkey_is_cert(key) ? "CA" : "key", sshkey_type(found), fp);
@@ -671,8 +674,9 @@
 		reason = "Certificate does not contain an authorized principal";
 		goto fail_reason;
 	}
-	if (sshkey_cert_check_authority(key, 0, 0,
-	   keyopts->cert_principals == NULL ? pw->pw_name : NULL, &reason) != 0)
+	if (sshkey_cert_check_authority_now(key, 0, 0, 0,
+	    keyopts->cert_principals == NULL ? pw->pw_name : NULL,
+	    &reason) != 0)
 		goto fail_reason;
 
 	verbose("Accepted certificate ID \"%s\" (serial %llu) "
@@ -683,7 +687,7 @@
 
  success:
 	if (finalopts == NULL)
-		fatal("%s: internal error: missing options", __func__);
+		fatal_f("internal error: missing options");
 	if (authoptsp != NULL) {
 		*authoptsp = finalopts;
 		finalopts = NULL;
@@ -762,9 +766,9 @@
 
 	if ((r = sshkey_in_file(key->cert->signature_key,
 	    options.trusted_user_ca_keys, 1, 0)) != 0) {
-		debug2("%s: CA %s %s is not listed in %s: %s", __func__,
+		debug2_fr(r, "CA %s %s is not listed in %s",
 		    sshkey_type(key->cert->signature_key), ca_fp,
-		    options.trusted_user_ca_keys, ssh_err(r));
+		    options.trusted_user_ca_keys);
 		goto out;
 	}
 	/*
@@ -783,14 +787,14 @@
 		found_principal = 1;
 	/* If principals file or command is specified, then require a match */
 	use_authorized_principals = principals_file != NULL ||
-            options.authorized_principals_command != NULL;
+	    options.authorized_principals_command != NULL;
 	if (!found_principal && use_authorized_principals) {
 		reason = "Certificate does not contain an authorized principal";
 		goto fail_reason;
 	}
 	if (use_authorized_principals && principals_opts == NULL)
-		fatal("%s: internal error: missing principals_opts", __func__);
-	if (sshkey_cert_check_authority(key, 0, 1,
+		fatal_f("internal error: missing principals_opts");
+	if (sshkey_cert_check_authority_now(key, 0, 1, 0,
 	    use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
 		goto fail_reason;
 
@@ -914,23 +918,23 @@
 	/* Prepare AuthorizedKeysCommand */
 	if ((key_fp = sshkey_fingerprint(key, options.fingerprint_hash,
 	    SSH_FP_DEFAULT)) == NULL) {
-		error("%s: sshkey_fingerprint failed", __func__);
+		error_f("sshkey_fingerprint failed");
 		goto out;
 	}
 	if ((r = sshkey_to_base64(key, &keytext)) != 0) {
-		error("%s: sshkey_to_base64 failed: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_to_base64 failed");
 		goto out;
 	}
 
 	/* Turn the command into an argument vector */
-	if (argv_split(options.authorized_keys_command, &ac, &av) != 0) {
+	if (argv_split(options.authorized_keys_command, &ac, &av, 0) != 0) {
 		error("AuthorizedKeysCommand \"%s\" contains invalid quotes",
-		    command);
+		    options.authorized_keys_command);
 		goto out;
 	}
 	if (ac == 0) {
 		error("AuthorizedKeysCommand \"%s\" yielded no arguments",
-		    command);
+		    options.authorized_keys_command);
 		goto out;
 	}
 	snprintf(uidstr, sizeof(uidstr), "%llu",
@@ -945,7 +949,7 @@
 		    "k", keytext,
 		    (char *)NULL);
 		if (tmp == NULL)
-			fatal("%s: percent_expand failed", __func__);
+			fatal_f("percent_expand failed");
 		free(av[i]);
 		av[i] = tmp;
 	}
@@ -966,9 +970,10 @@
 		xasprintf(&command, "%s %s", av[0], av[1]);
 	}
 
-	if ((pid = subprocess("AuthorizedKeysCommand", runas_pw, command,
+	if ((pid = subprocess("AuthorizedKeysCommand", command,
 	    ac, av, &f,
-	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD)) == 0)
+	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_STDERR_DISCARD,
+	    runas_pw, temporarily_use_uid, restore_uid)) == 0)
 		goto out;
 
 	uid_swapped = 1;

auth2.c

diff --git a/auth2.c b/auth2.c
index 91aaf34..84d0ed1 100644
--- a/auth2.c
+++ b/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.158 2020/03/06 18:16:21 markus Exp $ */
+/* $OpenBSD: auth2.c,v 1.161 2021/04/03 06:18:40 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -61,8 +61,6 @@
 
 /* import */
 extern ServerOptions options;
-extern u_char *session_id2;
-extern u_int session_id2_len;
 extern struct sshbuf *loginmsg;
 
 /* methods */
@@ -145,7 +143,7 @@
 	    (r = sshpkt_put_cstring(ssh, msg)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language, unused */
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 	debug("%s: sent", __func__);
 }
 
@@ -230,13 +228,13 @@
 	double delay;
 
 	(void)snprintf(b, sizeof b, "%llu%s",
-	     (unsigned long long)options.timing_secret, user);
+	    (unsigned long long)options.timing_secret, user);
 	if (ssh_digest_memory(SSH_DIGEST_SHA512, b, strlen(b), hash, len) != 0)
-		fatal("%s: ssh_digest_memory", __func__);
+		fatal_f("ssh_digest_memory");
 	/* 0-4.2 ms of delay */
 	delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
 	freezero(hash, len);
-	debug3("%s: user specific delay %0.3lfms", __func__, delay/1000);
+	debug3_f("user specific delay %0.3lfms", delay/1000);
 	return MIN_FAIL_DELAY_SECONDS + delay;
 }
 
@@ -252,8 +250,8 @@
 
 	ts.tv_sec = remain;
 	ts.tv_nsec = (remain - ts.tv_sec) * 1000000000;
-	debug3("%s: elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)",
-	    __func__, elapsed*1000, remain*1000, req*1000);
+	debug3_f("elapsed %0.3lfms, delaying %0.3lfms (requested %0.3lfms)",
+	    elapsed*1000, remain*1000, req*1000);
 	nanosleep(&ts, NULL);
 }
 
@@ -286,8 +284,7 @@
 		authctxt->user = xstrdup(user);
 		if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
 			authctxt->valid = 1;
-			debug2("%s: setting up authctxt for %s",
-			    __func__, user);
+			debug2_f("setting up authctxt for %s", user);
 		} else {
 			/* Invalid user, fake password information */
 			authctxt->pw = fakepw();
@@ -390,20 +387,20 @@
 
 #ifdef USE_PAM
 	if (options.use_pam && authenticated) {
-		int r;
+		int r, success = PRIVSEP(do_pam_account());
 
-		if (!PRIVSEP(do_pam_account())) {
-			/* if PAM returned a message, send it to the user */
-			if (sshbuf_len(loginmsg) > 0) {
-				if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
-					fatal("%s: buffer error: %s",
-					    __func__, ssh_err(r));
-				userauth_send_banner(ssh, sshbuf_ptr(loginmsg));
-				if ((r = ssh_packet_write_wait(ssh)) != 0) {
-					sshpkt_fatal(ssh, r,
-					    "%s: send PAM banner", __func__);
-				}
+		/* If PAM returned a message, send it to the user. */
+		if (sshbuf_len(loginmsg) > 0) {
+			if ((r = sshbuf_put(loginmsg, "\0", 1)) != 0)
+				fatal("%s: buffer error: %s",
+				    __func__, ssh_err(r));
+			userauth_send_banner(ssh, sshbuf_ptr(loginmsg));
+			if ((r = ssh_packet_write_wait(ssh)) != 0) {
+				sshpkt_fatal(ssh, r,
+				    "%s: send PAM banner", __func__);
 			}
+		}
+		if (!success) {
 			fatal("Access denied for user %s by PAM account "
 			    "configuration", authctxt->user);
 		}
@@ -417,7 +414,7 @@
 		if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_SUCCESS)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0 ||
 		    (r = ssh_packet_write_wait(ssh)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send success packet");
 		/* now we can break out */
 		authctxt->success = 1;
 		ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
@@ -433,14 +430,14 @@
 			auth_maxtries_exceeded(ssh);
 		}
 		methods = authmethods_get(authctxt);
-		debug3("%s: failure partial=%d next methods=\"%s\"", __func__,
+		debug3_f("failure partial=%d next methods=\"%s\"",
 		    partial, methods);
 		if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_FAILURE)) != 0 ||
 		    (r = sshpkt_put_cstring(ssh, methods)) != 0 ||
 		    (r = sshpkt_put_u8(ssh, partial)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0 ||
 		    (r = ssh_packet_write_wait(ssh)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send failure packet");
 		free(methods);
 	}
 }
@@ -478,7 +475,7 @@
 	int i, r;
 
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	for (i = 0; authmethods[i] != NULL; i++) {
 		if (strcmp(authmethods[i]->name, "none") == 0)
 			continue;
@@ -490,10 +487,10 @@
 			continue;
 		if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) ? "," : "",
 		    authmethods[i]->name)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 	if ((list = sshbuf_dup_string(b)) == NULL)
-		fatal("%s: sshbuf_dup_string failed", __func__);
+		fatal_f("sshbuf_dup_string failed");
 	sshbuf_free(b);
 	return list;
 }
@@ -585,7 +582,7 @@
 
 	if (options.num_auth_methods == 0)
 		return 0;
-	debug3("%s: checking methods", __func__);
+	debug3_f("checking methods");
 	authctxt->auth_methods = xcalloc(options.num_auth_methods,
 	    sizeof(*authctxt->auth_methods));
 	authctxt->num_auth_methods = 0;
@@ -673,7 +670,7 @@
 {
 	u_int i, found = 0;
 
-	debug3("%s: updating methods list after \"%s\"", __func__, method);
+	debug3_f("updating methods list after \"%s\"", method);
 	for (i = 0; i < authctxt->num_auth_methods; i++) {
 		if (!remove_method(&(authctxt->auth_methods[i]), method,
 		    submethod))
@@ -688,7 +685,7 @@
 	}
 	/* This should not happen, but would be bad if it did */
 	if (!found)
-		fatal("%s: method not in AuthenticationMethods", __func__);
+		fatal_f("method not in AuthenticationMethods");
 	return 0;
 }
 
@@ -706,7 +703,7 @@
 auth2_record_info(Authctxt *authctxt, const char *fmt, ...)
 {
 	va_list ap;
-        int i;
+	int i;
 
 	free(authctxt->auth_method_info);
 	authctxt->auth_method_info = NULL;
@@ -716,7 +713,7 @@
 	va_end(ap);
 
 	if (i == -1)
-		fatal("%s: vasprintf failed", __func__);
+		fatal_f("vasprintf failed");
 }
 
 /*
@@ -732,7 +729,7 @@
 	int r;
 
 	if ((r = sshkey_from_private(key, &dup)) != 0)
-		fatal("%s: copy key: %s", __func__, ssh_err(r));
+		fatal_fr(r, "copy key");
 	sshkey_free(authctxt->auth_method_key);
 	authctxt->auth_method_key = dup;
 
@@ -741,11 +738,11 @@
 
 	/* If authenticated, make sure we don't accept this key again */
 	if ((r = sshkey_from_private(key, &dup)) != 0)
-		fatal("%s: copy key: %s", __func__, ssh_err(r));
+		fatal_fr(r, "copy key");
 	if (authctxt->nprev_keys >= INT_MAX ||
 	    (tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys,
 	    authctxt->nprev_keys + 1, sizeof(*authctxt->prev_keys))) == NULL)
-		fatal("%s: reallocarray failed", __func__);
+		fatal_f("reallocarray failed");
 	authctxt->prev_keys = tmp;
 	authctxt->prev_keys[authctxt->nprev_keys] = dup;
 	authctxt->nprev_keys++;
@@ -763,7 +760,7 @@
 		if (sshkey_equal_public(key, authctxt->prev_keys[i])) {
 			fp = sshkey_fingerprint(authctxt->prev_keys[i],
 			    options.fingerprint_hash, SSH_FP_DEFAULT);
-			debug3("%s: key already used: %s %s", __func__,
+			debug3_f("key already used: %s %s",
 			    sshkey_type(authctxt->prev_keys[i]),
 			    fp == NULL ? "UNKNOWN" : fp);
 			free(fp);
@@ -785,35 +782,34 @@
 
 	if (authctxt->session_info == NULL) {
 		if ((authctxt->session_info = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new", __func__);
+			fatal_f("sshbuf_new");
 	}
 
 	/* Append method[/submethod] */
 	if ((r = sshbuf_putf(authctxt->session_info, "%s%s%s",
 	    method, submethod == NULL ? "" : "/",
 	    submethod == NULL ? "" : submethod)) != 0)
-		fatal("%s: append method: %s", __func__, ssh_err(r));
+		fatal_fr(r, "append method");
 
 	/* Append key if present */
 	if (authctxt->auth_method_key != NULL) {
 		if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
 		    (r = sshkey_format_text(authctxt->auth_method_key,
 		    authctxt->session_info)) != 0)
-			fatal("%s: append key: %s", __func__, ssh_err(r));
+			fatal_fr(r, "append key");
 	}
 
 	if (authctxt->auth_method_info != NULL) {
 		/* Ensure no ambiguity here */
 		if (strchr(authctxt->auth_method_info, '\n') != NULL)
-			fatal("%s: auth_method_info contains \\n", __func__);
+			fatal_f("auth_method_info contains \\n");
 		if ((r = sshbuf_put_u8(authctxt->session_info, ' ')) != 0 ||
 		    (r = sshbuf_putf(authctxt->session_info, "%s",
 		    authctxt->auth_method_info)) != 0) {
-			fatal("%s: append method info: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "append method info");
 		}
 	}
 	if ((r = sshbuf_put_u8(authctxt->session_info, '\n')) != 0)
-		fatal("%s: append: %s", __func__, ssh_err(r));
+		fatal_fr(r, "append");
 }
 

authfd.c

diff --git a/authfd.c b/authfd.c
index 4b647a6..9f092f7 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.123 2020/03/06 18:24:39 markus Exp $ */
+/* $OpenBSD: authfd.c,v 1.127 2021/01/26 00:46:17 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -62,7 +62,7 @@
 #include "ssherr.h"
 
 #define MAX_AGENT_IDENTITIES	2048		/* Max keys in agent reply */
-#define MAX_AGENT_REPLY_LEN	(256 * 1024) 	/* Max bytes in agent reply */
+#define MAX_AGENT_REPLY_LEN	(256 * 1024)	/* Max bytes in agent reply */
 
 /* macro to check for "agent failure" message */
 #define agent_failed(x) \
@@ -177,6 +177,27 @@
 	return 0;
 }
 
+/* Communicate with agent: sent request, read and decode status reply */
+static int
+ssh_request_reply_decode(int sock, struct sshbuf *request)
+{
+	struct sshbuf *reply;
+	int r;
+	u_char type;
+
+	if ((reply = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	if ((r = ssh_request_reply(sock, request, reply)) != 0 ||
+	    (r = sshbuf_get_u8(reply, &type)) != 0 ||
+	    (r = decode_reply(type)) != 0)
+		goto out;
+	/* success */
+	r = 0;
+ out:
+	sshbuf_free(reply);
+	return r;
+}
+
 /*
  * Closes the agent socket if it should be closed (depends on how it was
  * obtained).  The argument must have been returned by
@@ -200,13 +221,11 @@
 	if ((msg = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
 	if ((r = sshbuf_put_u8(msg, type)) != 0 ||
-	    (r = sshbuf_put_cstring(msg, password)) != 0)
+	    (r = sshbuf_put_cstring(msg, password)) != 0 ||
+	    (r = ssh_request_reply_decode(sock, msg)) != 0)
 		goto out;
-	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
-		goto out;
-	if ((r = sshbuf_get_u8(msg, &type)) != 0)
-		goto out;
-	r = decode_reply(type);
+	/* success */
+	r = 0;
  out:
 	sshbuf_free(msg);
 	return r;
@@ -336,7 +355,7 @@
  * Returns 0 if found, or a negative SSH_ERR_* error code on failure.
  */
 int
-ssh_agent_has_key(int sock, struct sshkey *key)
+ssh_agent_has_key(int sock, const struct sshkey *key)
 {
 	int r, ret = SSH_ERR_KEY_NOT_FOUND;
 	size_t i;
@@ -507,7 +526,7 @@
 		    SSH2_AGENTC_ADD_IDENTITY;
 		if ((r = sshbuf_put_u8(msg, type)) != 0 ||
 		    (r = sshkey_private_serialize_maxsign(key, msg, maxsign,
-		    NULL)) != 0 ||
+		    0)) != 0 ||
 		    (r = sshbuf_put_cstring(msg, comment)) != 0)
 			goto out;
 		break;
@@ -519,11 +538,10 @@
 	    (r = encode_constraints(msg, life, confirm, maxsign,
 	    provider)) != 0)
 		goto out;
-	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+	if ((r = ssh_request_reply_decode(sock, msg)) != 0)
 		goto out;
-	if ((r = sshbuf_get_u8(msg, &type)) != 0)
-		goto out;
-	r = decode_reply(type);
+	/* success */
+	r = 0;
  out:
 	sshbuf_free(msg);
 	return r;
@@ -534,11 +552,11 @@
  * This call is intended only for use by ssh-add(1) and like applications.
  */
 int
-ssh_remove_identity(int sock, struct sshkey *key)
+ssh_remove_identity(int sock, const struct sshkey *key)
 {
 	struct sshbuf *msg;
 	int r;
-	u_char type, *blob = NULL;
+	u_char *blob = NULL;
 	size_t blen;
 
 	if ((msg = sshbuf_new()) == NULL)
@@ -555,11 +573,10 @@
 		r = SSH_ERR_INVALID_ARGUMENT;
 		goto out;
 	}
-	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+	if ((r = ssh_request_reply_decode(sock, msg)) != 0)
 		goto out;
-	if ((r = sshbuf_get_u8(msg, &type)) != 0)
-		goto out;
-	r = decode_reply(type);
+	/* success */
+	r = 0;
  out:
 	if (blob != NULL)
 		freezero(blob, blen);
@@ -595,11 +612,10 @@
 	if (constrained &&
 	    (r = encode_constraints(msg, life, confirm, 0, NULL)) != 0)
 		goto out;
-	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+	if ((r = ssh_request_reply_decode(sock, msg)) != 0)
 		goto out;
-	if ((r = sshbuf_get_u8(msg, &type)) != 0)
-		goto out;
-	r = decode_reply(type);
+	/* success */
+	r = 0;
  out:
 	sshbuf_free(msg);
 	return r;
@@ -626,11 +642,10 @@
 		return SSH_ERR_ALLOC_FAIL;
 	if ((r = sshbuf_put_u8(msg, type)) != 0)
 		goto out;
-	if ((r = ssh_request_reply(sock, msg, msg)) != 0)
+	if ((r = ssh_request_reply_decode(sock, msg)) != 0)
 		goto out;
-	if ((r = sshbuf_get_u8(msg, &type)) != 0)
-		goto out;
-	r = decode_reply(type);
+	/* success */
+	r = 0;
  out:
 	sshbuf_free(msg);
 	return r;

authfd.h

diff --git a/authfd.h b/authfd.h
index c3bf625..4fbf82f 100644
--- a/authfd.h
+++ b/authfd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.h,v 1.48 2019/12/21 02:19:13 djm Exp $ */
+/* $OpenBSD: authfd.h,v 1.49 2020/06/26 05:03:36 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -33,8 +33,8 @@
 int	ssh_add_identity_constrained(int sock, struct sshkey *key,
 	    const char *comment, u_int life, u_int confirm, u_int maxsign,
 	    const char *provider);
-int	ssh_agent_has_key(int sock, struct sshkey *key);
-int	ssh_remove_identity(int sock, struct sshkey *key);
+int	ssh_agent_has_key(int sock, const struct sshkey *key);
+int	ssh_remove_identity(int sock, const struct sshkey *key);
 int	ssh_update_card(int sock, int add, const char *reader_id,
 	    const char *pin, u_int life, u_int confirm);
 int	ssh_remove_all_identities(int sock, int version);

authfile.c

diff --git a/authfile.c b/authfile.c
index 35ccf57..946f50c 100644
--- a/authfile.c
+++ b/authfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfile.c,v 1.140 2020/04/17 07:15:11 djm Exp $ */
+/* $OpenBSD: authfile.c,v 1.141 2020/06/18 23:33:38 djm Exp $ */
 /*
  * Copyright (c) 2000, 2013 Markus Friedl.  All rights reserved.
  *
@@ -263,7 +263,7 @@
 sshkey_load_public(const char *filename, struct sshkey **keyp, char **commentp)
 {
 	char *pubfile = NULL;
-	int r;
+	int r, oerrno;
 
 	if (keyp != NULL)
 		*keyp = NULL;
@@ -283,8 +283,14 @@
 	if ((r = sshkey_load_pubkey_from_private(filename, keyp)) == 0)
 		goto out;
 
+	/* Pretend we couldn't find the key */
+	r = SSH_ERR_SYSTEM_ERROR;
+	errno = ENOENT;
+
  out:
+	oerrno = errno;
 	free(pubfile);
+	errno = oerrno;
 	return r;
 }
 

buildpkg.sh.in

diff --git a/buildpkg.sh.in b/buildpkg.sh.in
index 4ccc5f8..15555cd 100644
--- a/buildpkg.sh.in
+++ b/buildpkg.sh.in
@@ -268,7 +268,7 @@
 	touch space
 else
 	cat > space << _EOF
-# extra space required by start/stop links added by installf 
+# extra space required by start/stop links added by installf
 # in postinstall
 $TEST_DIR/etc/rc0.d/${SYSVINITSTOPT}${SYSVINIT_NAME} 0 1
 $TEST_DIR/etc/rc2.d/${SYSVINITSTART}${SYSVINIT_NAME} 0 1
@@ -293,7 +293,7 @@
 #
 if [ "\${PRE_INS_STOP}" = "yes" ]
 then
-	if [ $DO_SMF -eq 1 ] 
+	if [ $DO_SMF -eq 1 ]
 	then
 		svcadm disable $OPENSSH_FMRI
 	else
@@ -326,7 +326,7 @@
 
 if [ $DO_SMF -eq 1 ]
 then
-	# Delete the existing service, if it exists, then import the 
+	# Delete the existing service, if it exists, then import the
 	# new one.
 	if svcs $OPENSSH_FMRI > /dev/null 2>&1
 	then
@@ -438,7 +438,7 @@
 cat > preremove << _EOF
 #! ${SCRIPT_SHELL}
 #
-if [ $DO_SMF -eq 1 ] 
+if [ $DO_SMF -eq 1 ]
 then
 	svcadm disable $OPENSSH_FMRI
 else

canohost.c

diff --git a/canohost.c b/canohost.c
index abea9c6..a810da0 100644
--- a/canohost.c
+++ b/canohost.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: canohost.c,v 1.74 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: canohost.c,v 1.75 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -96,7 +96,7 @@
 		/* Get the address in ascii. */
 		if ((r = getnameinfo((struct sockaddr *)&addr, addrlen, ntop,
 		    sizeof(ntop), NULL, 0, flags)) != 0) {
-			error("%s: getnameinfo %d failed: %s", __func__,
+			error_f("getnameinfo %d failed: %s",
 			    flags, ssh_gai_strerror(r));
 			return NULL;
 		}
@@ -141,7 +141,7 @@
 
 	/* Handle the case where we were passed a pipe */
 	if (gethostname(myname, sizeof(myname)) == -1) {
-		verbose("%s: gethostname: %s", __func__, strerror(errno));
+		verbose_f("gethostname: %s", strerror(errno));
 		host = xstrdup("UNKNOWN");
 	} else {
 		host = xstrdup(myname);
@@ -186,7 +186,7 @@
 	/* Return port number. */
 	if ((r = getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
 	    strport, sizeof(strport), NI_NUMERICSERV)) != 0)
-		fatal("%s: getnameinfo NI_NUMERICSERV failed: %s", __func__,
+		fatal_f("getnameinfo NI_NUMERICSERV failed: %s",
 		    ssh_gai_strerror(r));
 	return atoi(strport);
 }

chacha.h

diff --git a/chacha.h b/chacha.h
index 7620525..19a61e2 100644
--- a/chacha.h
+++ b/chacha.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: chacha.h,v 1.4 2016/08/27 04:04:56 guenther Exp $ */
+/* $OpenBSD: chacha.h,v 1.5 2021/04/03 05:54:14 djm Exp $ */
 
 /*
 chacha-merged.c version 20080118
@@ -16,7 +16,7 @@
 	u_int input[16];
 };
 
-#define CHACHA_MINKEYLEN 	16
+#define CHACHA_MINKEYLEN	16
 #define CHACHA_NONCELEN		8
 #define CHACHA_CTRLEN		8
 #define CHACHA_STATELEN		(CHACHA_NONCELEN+CHACHA_CTRLEN)

channels.c

diff --git a/channels.c b/channels.c
index 95a51e2..1c714c8 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.398 2020/04/25 06:59:36 dtucker Exp $ */
+/* $OpenBSD: channels.c,v 1.408 2021/09/14 11:04:21 mbuhl Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -228,7 +228,7 @@
 	struct ssh_channels *sc;
 
 	if ((sc = calloc(1, sizeof(*sc))) == NULL)
-		fatal("%s: allocation failed", __func__);
+		fatal_f("allocation failed");
 	sc->channels_alloc = 10;
 	sc->channels = xcalloc(sc->channels_alloc, sizeof(*sc->channels));
 	sc->IPv4or6 = AF_UNSPEC;
@@ -243,12 +243,12 @@
 	Channel *c;
 
 	if (id < 0 || (u_int)id >= ssh->chanctxt->channels_alloc) {
-		logit("%s: %d: bad id", __func__, id);
+		logit_f("%d: bad id", id);
 		return NULL;
 	}
 	c = ssh->chanctxt->channels[id];
 	if (c == NULL) {
-		logit("%s: %d: bad id: channel free", __func__, id);
+		logit_f("%d: bad id: channel free", id);
 		return NULL;
 	}
 	return c;
@@ -333,7 +333,27 @@
 #endif
 
 	/* enable nonblocking mode */
-	if (nonblock) {
+	c->restore_block = 0;
+	if (nonblock == CHANNEL_NONBLOCK_STDIO) {
+		/*
+		 * Special handling for stdio file descriptors: do not set
+		 * non-blocking mode if they are TTYs. Otherwise prepare to
+		 * restore their blocking state on exit to avoid interfering
+		 * with other programs that follow.
+		 */
+		if (rfd != -1 && !isatty(rfd) && fcntl(rfd, F_GETFL) == 0) {
+			c->restore_block |= CHANNEL_RESTORE_RFD;
+			set_nonblock(rfd);
+		}
+		if (wfd != -1 && !isatty(wfd) && fcntl(wfd, F_GETFL) == 0) {
+			c->restore_block |= CHANNEL_RESTORE_WFD;
+			set_nonblock(wfd);
+		}
+		if (efd != -1 && !isatty(efd) && fcntl(efd, F_GETFL) == 0) {
+			c->restore_block |= CHANNEL_RESTORE_EFD;
+			set_nonblock(efd);
+		}
+	} else if (nonblock) {
 		if (rfd != -1)
 			set_nonblock(rfd);
 		if (wfd != -1)
@@ -354,6 +374,7 @@
 	struct ssh_channels *sc = ssh->chanctxt;
 	u_int i, found;
 	Channel *c;
+	int r;
 
 	/* Try to find a free slot where to put the new channel. */
 	for (i = 0; i < sc->channels_alloc; i++) {
@@ -370,8 +391,8 @@
 		 */
 		found = sc->channels_alloc;
 		if (sc->channels_alloc > CHANNELS_MAX_CHANNELS)
-			fatal("%s: internal error: channels_alloc %d too big",
-			    __func__, sc->channels_alloc);
+			fatal_f("internal error: channels_alloc %d too big",
+			    sc->channels_alloc);
 		sc->channels = xrecallocarray(sc->channels, sc->channels_alloc,
 		    sc->channels_alloc + 10, sizeof(*sc->channels));
 		sc->channels_alloc += 10;
@@ -382,7 +403,9 @@
 	if ((c->input = sshbuf_new()) == NULL ||
 	    (c->output = sshbuf_new()) == NULL ||
 	    (c->extended = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
+	if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0)
+		fatal_fr(r, "sshbuf_set_max_size");
 	c->ostate = CHAN_OUTPUT_OPEN;
 	c->istate = CHAN_INPUT_OPEN;
 	channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, 0);
@@ -419,17 +442,23 @@
 }
 
 int
-channel_close_fd(struct ssh *ssh, int *fdp)
+channel_close_fd(struct ssh *ssh, Channel *c, int *fdp)
 {
 	struct ssh_channels *sc = ssh->chanctxt;
-	int ret = 0, fd = *fdp;
+	int ret, fd = *fdp;
 
-	if (fd != -1) {
-		ret = close(fd);
-		*fdp = -1;
-		if (fd == sc->channel_max_fd)
-			channel_find_maxfd(sc);
-	}
+	if (fd == -1)
+		return 0;
+
+	if ((*fdp == c->rfd && (c->restore_block & CHANNEL_RESTORE_RFD) != 0) ||
+	   (*fdp == c->wfd && (c->restore_block & CHANNEL_RESTORE_WFD) != 0) ||
+	   (*fdp == c->efd && (c->restore_block & CHANNEL_RESTORE_EFD) != 0))
+		(void)fcntl(*fdp, F_SETFL, 0);	/* restore blocking */
+
+	ret = close(fd);
+	*fdp = -1;
+	if (fd == sc->channel_max_fd)
+		channel_find_maxfd(sc);
 	return ret;
 }
 
@@ -439,13 +468,13 @@
 {
 	int sock = c->sock, rfd = c->rfd, wfd = c->wfd, efd = c->efd;
 
-	channel_close_fd(ssh, &c->sock);
+	channel_close_fd(ssh, c, &c->sock);
 	if (rfd != sock)
-		channel_close_fd(ssh, &c->rfd);
+		channel_close_fd(ssh, c, &c->rfd);
 	if (wfd != sock && wfd != rfd)
-		channel_close_fd(ssh, &c->wfd);
+		channel_close_fd(ssh, c, &c->wfd);
 	if (efd != sock && efd != rfd && efd != wfd)
-		channel_close_fd(ssh, &c->efd);
+		channel_close_fd(ssh, c, &c->efd);
 }
 
 static void
@@ -489,7 +518,7 @@
 		return &sc->remote_perms;
 		break;
 	default:
-		fatal("%s: invalid forwarding direction %d", __func__, where);
+		fatal_f("invalid forwarding direction %d", where);
 	}
 }
 
@@ -510,7 +539,7 @@
 		*npermpp = &pset->num_permitted_admin;
 		break;
 	default:
-		fatal("%s: invalid forwarding client %d", __func__, who);
+		fatal_f("invalid forwarding client %d", who);
 	}
 }
 
@@ -527,7 +556,7 @@
 	permission_set_get_array(ssh, who, where, &permp, &npermp);
 
 	if (*npermp >= INT_MAX)
-		fatal("%s: %s overflow", __func__, fwd_ident(who, where));
+		fatal_f("%s overflow", fwd_ident(who, where));
 
 	*permp = xrecallocarray(*permp, *npermp, *npermp + 1, sizeof(**permp));
 	n = (*npermp)++;
@@ -567,8 +596,7 @@
 		    channel_rfwd_bind_host(perm->listen_host))) != 0 ||
 		    (r = sshpkt_put_u32(ssh, perm->listen_port)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0) {
-			fatal("%s: channel %i: %s", __func__,
-			    c->self, ssh_err(r));
+			fatal_fr(r, "channel %i", c->self);
 		}
 		fwd_perm_clear(perm); /* unregister */
 	}
@@ -601,8 +629,14 @@
 	debug("channel %d: free: %s, nchannels %u", c->self,
 	    c->remote_name ? c->remote_name : "???", n);
 
-	if (c->type == SSH_CHANNEL_MUX_CLIENT)
+	if (c->type == SSH_CHANNEL_MUX_CLIENT) {
 		mux_remove_remote_forwardings(ssh, c);
+		free(c->mux_ctx);
+		c->mux_ctx = NULL;
+	} else if (c->type == SSH_CHANNEL_MUX_LISTENER) {
+		free(c->mux_ctx);
+		c->mux_ctx = NULL;
+	}
 
 	if (log_level_get() >= SYSLOG_LEVEL_DEBUG3) {
 		s = channel_open_message(ssh);
@@ -696,7 +730,7 @@
 			case SSH_CHANNEL_X11_LISTENER:
 			case SSH_CHANNEL_UNIX_LISTENER:
 			case SSH_CHANNEL_RUNIX_LISTENER:
-				channel_close_fd(ssh, &c->sock);
+				channel_close_fd(ssh, c, &c->sock);
 				channel_free(ssh, c);
 				break;
 			}
@@ -764,7 +798,7 @@
 		case SSH_CHANNEL_MUX_PROXY:
 			return 1;
 		default:
-			fatal("%s: bad channel type %d", __func__, c->type);
+			fatal_f("bad channel type %d", c->type);
 			/* NOTREACHED */
 		}
 	}
@@ -806,7 +840,7 @@
 		case SSH_CHANNEL_X11_OPEN:
 			return i;
 		default:
-			fatal("%s: bad channel type %d", __func__, c->type);
+			fatal_f("bad channel type %d", c->type);
 			/* NOTREACHED */
 		}
 	}
@@ -863,10 +897,10 @@
 	char *cp, *ret;
 
 	if ((buf = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_putf(buf,
 	    "The following connections are open:\r\n")) != 0)
-		fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_putf");
 	for (i = 0; i < ssh->chanctxt->channels_alloc; i++) {
 		c = ssh->chanctxt->channels[i];
 		if (c == NULL)
@@ -897,18 +931,17 @@
 			if ((r = sshbuf_putf(buf, "  #%d %.300s (%s)\r\n",
 			    c->self, c->remote_name, cp)) != 0) {
 				free(cp);
-				fatal("%s: sshbuf_putf: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "sshbuf_putf");
 			}
 			free(cp);
 			continue;
 		default:
-			fatal("%s: bad channel type %d", __func__, c->type);
+			fatal_f("bad channel type %d", c->type);
 			/* NOTREACHED */
 		}
 	}
 	if ((ret = sshbuf_dup_string(buf)) == NULL)
-		fatal("%s: sshbuf_dup_string", __func__);
+		fatal_f("sshbuf_dup_string");
 	sshbuf_free(buf);
 	return ret;
 }
@@ -923,7 +956,7 @@
 	    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0) {
-		fatal("%s: channel %i: open: %s", where, c->self, ssh_err(r));
+		fatal_r(r, "%s: channel %i: open", where, c->self);
 	}
 }
 
@@ -940,7 +973,7 @@
 	debug2("channel %d: send open", id);
 	open_preamble(ssh, __func__, c, c->ctype);
 	if ((r = sshpkt_send(ssh)) != 0)
-		fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r));
+		fatal_fr(r, "channel %i", c->self);
 }
 
 void
@@ -950,18 +983,18 @@
 	int r;
 
 	if (c == NULL) {
-		logit("%s: %d: unknown channel id", __func__, id);
+		logit_f("%d: unknown channel id", id);
 		return;
 	}
 	if (!c->have_remote_id)
-		fatal(":%s: channel %d: no remote id", __func__, c->self);
+		fatal_f("channel %d: no remote id", c->self);
 
 	debug2("channel %d: request %s confirm %d", id, service, wantconfirm);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, service)) != 0 ||
 	    (r = sshpkt_put_u8(ssh, wantconfirm)) != 0) {
-		fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r));
+		fatal_fr(r, "channel %i", c->self);
 	}
 }
 
@@ -973,7 +1006,7 @@
 	Channel *c;
 
 	if ((c = channel_lookup(ssh, id)) == NULL)
-		fatal("%s: %d: bad id", __func__, id);
+		fatal_f("%d: bad id", id);
 
 	cc = xcalloc(1, sizeof(*cc));
 	cc->cb = cb;
@@ -989,7 +1022,7 @@
 	Channel *c = channel_lookup(ssh, id);
 
 	if (c == NULL) {
-		logit("%s: %d: bad id", __func__, id);
+		logit_f("%d: bad id", id);
 		return;
 	}
 	c->open_confirm = fn;
@@ -1003,7 +1036,7 @@
 	Channel *c = channel_by_id(ssh, id);
 
 	if (c == NULL) {
-		logit("%s: %d: bad id", __func__, id);
+		logit_f("%d: bad id", id);
 		return;
 	}
 	c->detach_user = fn;
@@ -1016,7 +1049,7 @@
 	Channel *c = channel_by_id(ssh, id);
 
 	if (c == NULL) {
-		logit("%s: %d: bad id", __func__, id);
+		logit_f("%d: bad id", id);
 		return;
 	}
 	c->detach_user = NULL;
@@ -1030,7 +1063,7 @@
 	Channel *c = channel_lookup(ssh, id);
 
 	if (c == NULL) {
-		logit("%s: %d: bad id", __func__, id);
+		logit_f("%d: bad id", id);
 		return;
 	}
 	c->input_filter = ifn;
@@ -1049,7 +1082,7 @@
 	if (c == NULL || c->type != SSH_CHANNEL_LARVAL)
 		fatal("channel_activate for non-larval channel %d.", id);
 	if (!c->have_remote_id)
-		fatal(":%s: channel %d: no remote id", __func__, c->self);
+		fatal_f("channel %d: no remote id", c->self);
 
 	channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, is_tty);
 	c->type = SSH_CHANNEL_OPEN;
@@ -1059,7 +1092,7 @@
 	    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r));
+		fatal_fr(r, "channel %i", c->self);
 }
 
 static void
@@ -1288,24 +1321,21 @@
 	    (r = sshbuf_get(input, &s4_req.command, 1)) != 0 ||
 	    (r = sshbuf_get(input, &s4_req.dest_port, 2)) != 0 ||
 	    (r = sshbuf_get(input, &s4_req.dest_addr, 4)) != 0) {
-		debug("channels %d: decode socks4: %s", c->self, ssh_err(r));
+		debug_r(r, "channels %d: decode socks4", c->self);
 		return -1;
 	}
 	have = sshbuf_len(input);
 	p = sshbuf_ptr(input);
 	if (memchr(p, '\0', have) == NULL) {
-		error("channel %d: decode socks4: user not nul terminated",
-		    c->self);
+		error("channel %d: decode socks4: unterminated user", c->self);
 		return -1;
 	}
 	len = strlen(p);
 	debug2("channel %d: decode socks4: user %s/%d", c->self, p, len);
 	len++; /* trailing '\0' */
 	strlcpy(username, p, sizeof(username));
-	if ((r = sshbuf_consume(input, len)) != 0) {
-		fatal("%s: channel %d: consume: %s", __func__,
-		    c->self, ssh_err(r));
-	}
+	if ((r = sshbuf_consume(input, len)) != 0)
+		fatal_fr(r, "channel %d: consume", c->self);
 	free(c->path);
 	c->path = NULL;
 	if (need == 1) {			/* SOCKS4: one string */
@@ -1329,10 +1359,8 @@
 			return -1;
 		}
 		c->path = xstrdup(p);
-		if ((r = sshbuf_consume(input, len)) != 0) {
-			fatal("%s: channel %d: consume: %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		if ((r = sshbuf_consume(input, len)) != 0)
+			fatal_fr(r, "channel %d: consume", c->self);
 	}
 	c->host_port = ntohs(s4_req.dest_port);
 
@@ -1348,10 +1376,8 @@
 	s4_rsp.command = 90;			/* cd: req granted */
 	s4_rsp.dest_port = 0;			/* ignored */
 	s4_rsp.dest_addr.s_addr = INADDR_ANY;	/* ignored */
-	if ((r = sshbuf_put(output, &s4_rsp, sizeof(s4_rsp))) != 0) {
-		fatal("%s: channel %d: append reply: %s", __func__,
-		    c->self, ssh_err(r));
-	}
+	if ((r = sshbuf_put(output, &s4_rsp, sizeof(s4_rsp))) != 0)
+		fatal_fr(r, "channel %d: append reply", c->self);
 	return 1;
 }
 
@@ -1404,16 +1430,12 @@
 			    c->self);
 			return -1;
 		}
-		if ((r = sshbuf_consume(input, nmethods + 2)) != 0) {
-			fatal("%s: channel %d: consume: %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		if ((r = sshbuf_consume(input, nmethods + 2)) != 0)
+			fatal_fr(r, "channel %d: consume", c->self);
 		/* version, method */
 		if ((r = sshbuf_put_u8(output, 0x05)) != 0 ||
-		    (r = sshbuf_put_u8(output, SSH_SOCKS5_NOAUTH)) != 0) {
-			fatal("%s: channel %d: append reply: %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		    (r = sshbuf_put_u8(output, SSH_SOCKS5_NOAUTH)) != 0)
+			fatal_fr(r, "channel %d: append reply", c->self);
 		c->flags |= SSH_SOCKS5_AUTHDONE;
 		debug2("channel %d: socks5 auth done", c->self);
 		return 0;				/* need more */
@@ -1450,20 +1472,16 @@
 		need++;
 	if (have < need)
 		return 0;
-	if ((r = sshbuf_consume(input, sizeof(s5_req))) != 0) {
-		fatal("%s: channel %d: consume: %s", __func__,
-		    c->self, ssh_err(r));
-	}
+	if ((r = sshbuf_consume(input, sizeof(s5_req))) != 0)
+		fatal_fr(r, "channel %d: consume", c->self);
 	if (s5_req.atyp == SSH_SOCKS5_DOMAIN) {
 		/* host string length */
-		if ((r = sshbuf_consume(input, 1)) != 0) {
-			fatal("%s: channel %d: consume: %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		if ((r = sshbuf_consume(input, 1)) != 0)
+			fatal_fr(r, "channel %d: consume", c->self);
 	}
 	if ((r = sshbuf_get(input, &dest_addr, addrlen)) != 0 ||
 	    (r = sshbuf_get(input, &dest_port, 2)) != 0) {
-		debug("channel %d: parse addr/port: %s", c->self, ssh_err(r));
+		debug_r(r, "channel %d: parse addr/port", c->self);
 		return -1;
 	}
 	dest_addr[addrlen] = '\0';
@@ -1495,22 +1513,22 @@
 	if ((r = sshbuf_put(output, &s5_rsp, sizeof(s5_rsp))) != 0 ||
 	    (r = sshbuf_put_u32(output, ntohl(INADDR_ANY))) != 0 ||
 	    (r = sshbuf_put(output, &dest_port, sizeof(dest_port))) != 0)
-		fatal("%s: channel %d: append reply: %s", __func__,
-		    c->self, ssh_err(r));
+		fatal_fr(r, "channel %d: append reply", c->self);
 	return 1;
 }
 
 Channel *
 channel_connect_stdio_fwd(struct ssh *ssh,
-    const char *host_to_connect, u_short port_to_connect, int in, int out)
+    const char *host_to_connect, u_short port_to_connect,
+    int in, int out, int nonblock)
 {
 	Channel *c;
 
-	debug("%s %s:%d", __func__, host_to_connect, port_to_connect);
+	debug_f("%s:%d", host_to_connect, port_to_connect);
 
 	c = channel_new(ssh, "stdio-forward", SSH_CHANNEL_OPENING, in, out,
 	    -1, CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
-	    0, "stdio-forward", /*nonblock*/0);
+	    0, "stdio-forward", nonblock);
 
 	c->path = xstrdup(host_to_connect);
 	c->host_port = port_to_connect;
@@ -1595,10 +1613,8 @@
 	/* sshbuf_dump(c->output, stderr); */
 	/* EOF received */
 	if (c->flags & CHAN_EOF_RCVD) {
-		if ((r = sshbuf_consume(c->output, have)) != 0) {
-			fatal("%s: channel %d: consume: %s",
-			    __func__, c->self, ssh_err(r));
-		}
+		if ((r = sshbuf_consume(c->output, have)) != 0)
+			fatal_fr(r, "channel %d: consume", c->self);
 		rdynamic_close(ssh, c);
 		return;
 	}
@@ -1630,13 +1646,10 @@
 			    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 			    (r = sshpkt_put_stringb(ssh, c->input)) != 0 ||
 			    (r = sshpkt_send(ssh)) != 0) {
-				fatal("%s: channel %i: rdynamic: %s", __func__,
-				    c->self, ssh_err(r));
+				fatal_fr(r, "channel %i: rdynamic", c->self);
 			}
-			if ((r = sshbuf_consume(c->input, len)) != 0) {
-				fatal("%s: channel %d: consume: %s",
-				    __func__, c->self, ssh_err(r));
-			}
+			if ((r = sshbuf_consume(c->input, len)) != 0)
+				fatal_fr(r, "channel %d: consume", c->self);
 			c->remote_window -= len;
 		}
 	} else if (rdynamic_connect_finish(ssh, c) < 0) {
@@ -1665,7 +1678,7 @@
 	if (c->single_connection) {
 		oerrno = errno;
 		debug2("single_connection: closing X11 listener.");
-		channel_close_fd(ssh, &c->sock);
+		channel_close_fd(ssh, c, &c->sock);
 		chan_mark_dead(ssh, c);
 		errno = oerrno;
 	}
@@ -1689,11 +1702,10 @@
 	open_preamble(ssh, __func__, nc, "x11");
 	if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, remote_port)) != 0) {
-		fatal("%s: channel %i: reply %s", __func__,
-		    c->self, ssh_err(r));
+		fatal_fr(r, "channel %i: reply", c->self);
 	}
 	if ((r = sshpkt_send(ssh)) != 0)
-		fatal("%s: channel %i: send %s", __func__, c->self, ssh_err(r));
+		fatal_fr(r, "channel %i: send", c->self);
 	free(remote_ipaddr);
 }
 
@@ -1724,46 +1736,34 @@
 	if (strcmp(rtype, "direct-tcpip") == 0) {
 		/* target host, port */
 		if ((r = sshpkt_put_cstring(ssh, c->path)) != 0 ||
-		    (r = sshpkt_put_u32(ssh, c->host_port)) != 0) {
-			fatal("%s: channel %i: reply %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		    (r = sshpkt_put_u32(ssh, c->host_port)) != 0)
+			fatal_fr(r, "channel %i: reply", c->self);
 	} else if (strcmp(rtype, "direct-streamlocal@openssh.com") == 0) {
 		/* target path */
-		if ((r = sshpkt_put_cstring(ssh, c->path)) != 0) {
-			fatal("%s: channel %i: reply %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		if ((r = sshpkt_put_cstring(ssh, c->path)) != 0)
+			fatal_fr(r, "channel %i: reply", c->self);
 	} else if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) {
 		/* listen path */
-		if ((r = sshpkt_put_cstring(ssh, c->path)) != 0) {
-			fatal("%s: channel %i: reply %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		if ((r = sshpkt_put_cstring(ssh, c->path)) != 0)
+			fatal_fr(r, "channel %i: reply", c->self);
 	} else {
 		/* listen address, port */
 		if ((r = sshpkt_put_cstring(ssh, c->path)) != 0 ||
-		    (r = sshpkt_put_u32(ssh, local_port)) != 0) {
-			fatal("%s: channel %i: reply %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		    (r = sshpkt_put_u32(ssh, local_port)) != 0)
+			fatal_fr(r, "channel %i: reply", c->self);
 	}
 	if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) {
 		/* reserved for future owner/mode info */
-		if ((r = sshpkt_put_cstring(ssh, "")) != 0) {
-			fatal("%s: channel %i: reply %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		if ((r = sshpkt_put_cstring(ssh, "")) != 0)
+			fatal_fr(r, "channel %i: reply", c->self);
 	} else {
 		/* originator host and port */
 		if ((r = sshpkt_put_cstring(ssh, remote_ipaddr)) != 0 ||
-		    (r = sshpkt_put_u32(ssh, (u_int)remote_port)) != 0) {
-			fatal("%s: channel %i: reply %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		    (r = sshpkt_put_u32(ssh, (u_int)remote_port)) != 0)
+			fatal_fr(r, "channel %i: reply", c->self);
 	}
 	if ((r = sshpkt_send(ssh)) != 0)
-		fatal("%s: channel %i: send %s", __func__, c->self, ssh_err(r));
+		fatal_fr(r, "channel %i: send", c->self);
 	free(remote_ipaddr);
 	free(local_ipaddr);
 }
@@ -1863,7 +1863,7 @@
 	    0, "accepted auth socket", 1);
 	open_preamble(ssh, __func__, nc, "auth-agent@openssh.com");
 	if ((r = sshpkt_send(ssh)) != 0)
-		fatal("%s: channel %i: %s", __func__, c->self, ssh_err(r));
+		fatal_fr(r, "channel %i", c->self);
 }
 
 static void
@@ -1876,7 +1876,7 @@
 	if (!FD_ISSET(c->sock, writeset))
 		return;
 	if (!c->have_remote_id)
-		fatal(":%s: channel %d: no remote id", __func__, c->self);
+		fatal_f("channel %d: no remote id", c->self);
 	/* for rdynamic the OPEN_CONFIRMATION has been sent already */
 	isopen = (c->type == SSH_CHANNEL_RDYNAMIC_FINISH);
 	if (getsockopt(c->sock, SOL_SOCKET, SO_ERROR, &err, &sz) == -1) {
@@ -1896,13 +1896,9 @@
 			    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 			    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||
 			    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||
-			    (r = sshpkt_put_u32(ssh, c->local_maxpacket))
-			    != 0)
-				fatal("%s: channel %i: confirm: %s", __func__,
-				    c->self, ssh_err(r));
-			if ((r = sshpkt_send(ssh)) != 0)
-				fatal("%s: channel %i: %s", __func__, c->self,
-				    ssh_err(r));
+			    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0 ||
+			    (r = sshpkt_send(ssh)) != 0)
+				fatal_fr(r, "channel %i open confirm", c->self);
 		}
 	} else {
 		debug("channel %d: connection failed: %s",
@@ -1927,13 +1923,9 @@
 			    (r = sshpkt_put_u32(ssh,
 			    SSH2_OPEN_CONNECT_FAILED)) != 0 ||
 			    (r = sshpkt_put_cstring(ssh, strerror(err))) != 0 ||
-			    (r = sshpkt_put_cstring(ssh, "")) != 0) {
-				fatal("%s: channel %i: failure: %s", __func__,
-				    c->self, ssh_err(r));
-			}
-			if ((r = sshpkt_send(ssh)) != 0)
-				fatal("%s: channel %i: %s", __func__, c->self,
-				    ssh_err(r));
+			    (r = sshpkt_put_cstring(ssh, "")) != 0 ||
+			    (r = sshpkt_send(ssh)) != 0)
+				fatal_fr(r, "channel %i: failure", c->self);
 			chan_mark_dead(ssh, c);
 		}
 	}
@@ -1958,7 +1950,7 @@
 	    ((errno == EAGAIN || errno == EWOULDBLOCK) && !force)))
 		return 1;
 #ifndef PTY_ZEROREAD
- 	if (len <= 0) {
+	if (len <= 0) {
 #else
 	if ((!c->isatty && len <= 0) ||
 	    (c->isatty && (len < 0 || (len == 0 && errno != 0)))) {
@@ -1981,12 +1973,9 @@
 		}
 	} else if (c->datagram) {
 		if ((r = sshbuf_put_string(c->input, buf, len)) != 0)
-			fatal("%s: channel %d: put datagram: %s", __func__,
-			    c->self, ssh_err(r));
-	} else if ((r = sshbuf_put(c->input, buf, len)) != 0) {
-		fatal("%s: channel %d: put data: %s", __func__,
-		    c->self, ssh_err(r));
-	}
+			fatal_fr(r, "channel %i: put datagram", c->self);
+	} else if ((r = sshbuf_put(c->input, buf, len)) != 0)
+		fatal_fr(r, "channel %i: put data", c->self);
 	return 1;
 }
 
@@ -2016,8 +2005,7 @@
 		}
 	} else if (c->datagram) {
 		if ((r = sshbuf_get_string(c->output, &data, &dlen)) != 0)
-			fatal("%s: channel %d: get datagram: %s", __func__,
-			    c->self, ssh_err(r));
+			fatal_fr(r, "channel %i: get datagram", c->self);
 		buf = data;
 	} else {
 		buf = data = sshbuf_mutable_ptr(c->output);
@@ -2069,15 +2057,12 @@
 			 */
 			if ((r = sshpkt_msg_ignore(ssh, 4+len)) != 0 ||
 			    (r = sshpkt_send(ssh)) != 0)
-				fatal("%s: channel %d: ignore: %s",
-				    __func__, c->self, ssh_err(r));
+				fatal_fr(r, "channel %i: ignore", c->self);
 		}
 	}
 #endif /* BROKEN_TCGETATTR_ICANON */
-	if ((r = sshbuf_consume(c->output, len)) != 0) {
-		fatal("%s: channel %d: consume: %s",
-		    __func__, c->self, ssh_err(r));
-	}
+	if ((r = sshbuf_consume(c->output, len)) != 0)
+		fatal_fr(r, "channel %i: consume", c->self);
  out:
 	c->local_consumed += olen - sshbuf_len(c->output);
 
@@ -2102,12 +2087,10 @@
 		return 1;
 	if (len <= 0) {
 		debug2("channel %d: closing write-efd %d", c->self, c->efd);
-		channel_close_fd(ssh, &c->efd);
+		channel_close_fd(ssh, c, &c->efd);
 	} else {
-		if ((r = sshbuf_consume(c->extended, len)) != 0) {
-			fatal("%s: channel %d: consume: %s",
-			    __func__, c->self, ssh_err(r));
-		}
+		if ((r = sshbuf_consume(c->extended, len)) != 0)
+			fatal_fr(r, "channel %i: consume", c->self);
 		c->local_consumed += len;
 	}
 	return 1;
@@ -2132,18 +2115,12 @@
 	    errno == EWOULDBLOCK) && !force)))
 		return 1;
 	if (len <= 0) {
-		debug2("channel %d: closing read-efd %d",
-		    c->self, c->efd);
-		channel_close_fd(ssh, &c->efd);
-	} else {
-		if (c->extended_usage == CHAN_EXTENDED_IGNORE) {
-			debug3("channel %d: discard efd",
-			    c->self);
-		} else if ((r = sshbuf_put(c->extended, buf, len)) != 0) {
-			fatal("%s: channel %d: append: %s",
-			    __func__, c->self, ssh_err(r));
-		}
-	}
+		debug2("channel %d: closing read-efd %d", c->self, c->efd);
+		channel_close_fd(ssh, c, &c->efd);
+	} else if (c->extended_usage == CHAN_EXTENDED_IGNORE)
+		debug3("channel %d: discard efd", c->self);
+	else if ((r = sshbuf_put(c->extended, buf, len)) != 0)
+		fatal_fr(r, "channel %i: append", c->self);
 	return 1;
 }
 
@@ -2177,19 +2154,16 @@
 	    c->local_window < c->local_window_max/2) &&
 	    c->local_consumed > 0) {
 		if (!c->have_remote_id)
-			fatal(":%s: channel %d: no remote id",
-			    __func__, c->self);
+			fatal_f("channel %d: no remote id", c->self);
 		if ((r = sshpkt_start(ssh,
 		    SSH2_MSG_CHANNEL_WINDOW_ADJUST)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, c->local_consumed)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0) {
-			fatal("%s: channel %i: %s", __func__,
-			    c->self, ssh_err(r));
+			fatal_fr(r, "channel %i", c->self);
 		}
-		debug2("channel %d: window %d sent adjust %d",
-		    c->self, c->local_window,
-		    c->local_consumed);
+		debug2("channel %d: window %d sent adjust %d", c->self,
+		    c->local_window, c->local_consumed);
 		c->local_window += c->local_consumed;
 		c->local_consumed = 0;
 	}
@@ -2224,10 +2198,8 @@
 			    c->self, c->rfd, len);
 			chan_read_failed(ssh, c);
 			return 0;
-		} else if ((r = sshbuf_put(c->input, buf, len)) != 0) {
-			fatal("%s: channel %d: append: %s",
-			    __func__, c->self, ssh_err(r));
-		}
+		} else if ((r = sshbuf_put(c->input, buf, len)) != 0)
+			fatal_fr(r, "channel %i: append", c->self);
 	}
 	return sshbuf_len(c->input);
 }
@@ -2288,8 +2260,7 @@
 		return;
 	}
 	if ((r = sshbuf_consume(c->output, len)) != 0)
-		fatal("%s: channel %d: consume: %s", __func__,
-		    c->self, ssh_err(r));
+		fatal_fr(r, "channel %i: consume", c->self);
 }
 
 static void
@@ -2323,15 +2294,14 @@
 	addrlen = sizeof(addr);
 	if ((newsock = accept(c->sock, (struct sockaddr*)&addr,
 	    &addrlen)) == -1) {
-		error("%s accept: %s", __func__, strerror(errno));
+		error_f("accept: %s", strerror(errno));
 		if (errno == EMFILE || errno == ENFILE)
 			c->notbefore = monotime() + 1;
 		return;
 	}
 
 	if (getpeereid(newsock, &euid, &egid) == -1) {
-		error("%s getpeereid failed: %s", __func__,
-		    strerror(errno));
+		error_f("getpeereid failed: %s", strerror(errno));
 		close(newsock);
 		return;
 	}
@@ -2345,7 +2315,7 @@
 	    newsock, newsock, -1, c->local_window_max,
 	    c->local_maxpacket, 0, "mux-control", 1);
 	nc->mux_rcb = c->mux_rcb;
-	debug3("%s: new mux channel %d fd %d", __func__, nc->self, nc->sock);
+	debug3_f("new mux channel %d fd %d", nc->self, nc->sock);
 	/* establish state */
 	nc->mux_rcb(ssh, nc);
 	/* mux state transitions must not elicit protocol messages */
@@ -2358,8 +2328,8 @@
 	chan_fn **pre, **post;
 
 	if ((pre = calloc(SSH_CHANNEL_MAX_TYPE, sizeof(*pre))) == NULL ||
-	   (post = calloc(SSH_CHANNEL_MAX_TYPE, sizeof(*post))) == NULL)
-		fatal("%s: allocation failed", __func__);
+	    (post = calloc(SSH_CHANNEL_MAX_TYPE, sizeof(*post))) == NULL)
+		fatal_f("allocation failed");
 
 	pre[SSH_CHANNEL_OPEN] =			&channel_pre_open;
 	pre[SSH_CHANNEL_X11_OPEN] =		&channel_pre_x11_open;
@@ -2451,8 +2421,8 @@
 				 * Collect the time that the earliest
 				 * channel comes off pause.
 				 */
-				debug3("%s: chan %d: skip for %d more seconds",
-				    __func__, c->self,
+				debug3_f("chan %d: skip for %d more "
+				    "seconds", c->self,
 				    (int)(c->notbefore - now));
 				if (*unpause_secs == 0 ||
 				    (c->notbefore - now) < *unpause_secs)
@@ -2462,8 +2432,8 @@
 		channel_garbage_collect(ssh, c);
 	}
 	if (unpause_secs != NULL && *unpause_secs != 0)
-		debug3("%s: first channel unpauses in %d seconds",
-		    __func__, (int)*unpause_secs);
+		debug3_f("first channel unpauses in %d seconds",
+		    (int)*unpause_secs);
 }
 
 /*
@@ -2562,13 +2532,12 @@
 	}
 
 	if (!c->have_remote_id)
-		fatal(":%s: channel %d: no remote id", __func__, c->self);
+		fatal_f("channel %d: no remote id", c->self);
 
 	if (c->datagram) {
 		/* Check datagram will fit; drop if not */
 		if ((r = sshbuf_get_string_direct(c->input, &pkt, &plen)) != 0)
-			fatal("%s: channel %d: get datagram: %s", __func__,
-			    c->self, ssh_err(r));
+			fatal_fr(r, "channel %i: get datagram", c->self);
 		/*
 		 * XXX this does tail-drop on the datagram queue which is
 		 * usually suboptimal compared to head-drop. Better to have
@@ -2582,10 +2551,8 @@
 		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 		    (r = sshpkt_put_string(ssh, pkt, plen)) != 0 ||
-		    (r = sshpkt_send(ssh)) != 0) {
-			fatal("%s: channel %i: datagram: %s", __func__,
-			    c->self, ssh_err(r));
-		}
+		    (r = sshpkt_send(ssh)) != 0)
+			fatal_fr(r, "channel %i: send datagram", c->self);
 		c->remote_window -= plen;
 		return;
 	}
@@ -2600,13 +2567,10 @@
 	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_DATA)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 	    (r = sshpkt_put_string(ssh, sshbuf_ptr(c->input), len)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0) {
-		fatal("%s: channel %i: data: %s", __func__,
-		    c->self, ssh_err(r));
-	}
+	    (r = sshpkt_send(ssh)) != 0)
+		fatal_fr(r, "channel %i: send data", c->self);
 	if ((r = sshbuf_consume(c->input, len)) != 0)
-		fatal("%s: channel %i: consume: %s", __func__,
-		    c->self, ssh_err(r));
+		fatal_fr(r, "channel %i: consume", c->self);
 	c->remote_window -= len;
 }
 
@@ -2631,18 +2595,15 @@
 	if (len == 0)
 		return;
 	if (!c->have_remote_id)
-		fatal(":%s: channel %d: no remote id", __func__, c->self);
+		fatal_f("channel %d: no remote id", c->self);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EXTENDED_DATA)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, SSH2_EXTENDED_DATA_STDERR)) != 0 ||
 	    (r = sshpkt_put_string(ssh, sshbuf_ptr(c->extended), len)) != 0 ||
-	    (r = sshpkt_send(ssh)) != 0) {
-		fatal("%s: channel %i: data: %s", __func__,
-		    c->self, ssh_err(r));
-	}
+	    (r = sshpkt_send(ssh)) != 0)
+		fatal_fr(r, "channel %i: data", c->self);
 	if ((r = sshbuf_consume(c->extended, len)) != 0)
-		fatal("%s: channel %i: consume: %s", __func__,
-		    c->self, ssh_err(r));
+		fatal_fr(r, "channel %i: consume", c->self);
 	c->remote_window -= len;
 	debug2("channel %d: sent ext data %zu", c->self, len);
 }
@@ -2739,11 +2700,11 @@
 	/* sshbuf_dump(downstream->input, stderr); */
 	if ((r = sshbuf_get_string_direct(downstream->input, &cp, &have))
 	    != 0) {
-		error("%s: malformed message: %s", __func__, ssh_err(r));
+		error_fr(r, "parse");
 		return -1;
 	}
 	if (have < 2) {
-		error("%s: short message", __func__);
+		error_f("short message");
 		return -1;
 	}
 	type = cp[1];
@@ -2751,29 +2712,29 @@
 	cp += 2;
 	have -= 2;
 	if (ssh_packet_log_type(type))
-		debug3("%s: channel %u: down->up: type %u", __func__,
+		debug3_f("channel %u: down->up: type %u",
 		    downstream->self, type);
 
 	switch (type) {
 	case SSH2_MSG_CHANNEL_OPEN:
 		if ((original = sshbuf_from(cp, have)) == NULL ||
 		    (modified = sshbuf_new()) == NULL) {
-			error("%s: alloc", __func__);
+			error_f("alloc");
 			goto out;
 		}
 		if ((r = sshbuf_get_cstring(original, &ctype, NULL)) != 0 ||
 		    (r = sshbuf_get_u32(original, &id)) != 0) {
-			error("%s: parse error %s", __func__, ssh_err(r));
+			error_fr(r, "parse");
 			goto out;
 		}
 		c = channel_new(ssh, "mux proxy", SSH_CHANNEL_MUX_PROXY,
-		   -1, -1, -1, 0, 0, 0, ctype, 1);
+		    -1, -1, -1, 0, 0, 0, ctype, 1);
 		c->mux_ctx = downstream;	/* point to mux client */
 		c->mux_downstream_id = id;	/* original downstream id */
 		if ((r = sshbuf_put_cstring(modified, ctype)) != 0 ||
 		    (r = sshbuf_put_u32(modified, c->self)) != 0 ||
 		    (r = sshbuf_putb(modified, original)) != 0) {
-			error("%s: compose error %s", __func__, ssh_err(r));
+			error_fr(r, "compose");
 			channel_free(ssh, c);
 			goto out;
 		}
@@ -2785,16 +2746,16 @@
 		 */
 		if ((original = sshbuf_from(cp, have)) == NULL ||
 		    (modified = sshbuf_new()) == NULL) {
-			error("%s: alloc", __func__);
+			error_f("alloc");
 			goto out;
 		}
 		if ((r = sshbuf_get_u32(original, &remote_id)) != 0 ||
 		    (r = sshbuf_get_u32(original, &id)) != 0) {
-			error("%s: parse error %s", __func__, ssh_err(r));
+			error_fr(r, "parse");
 			goto out;
 		}
 		c = channel_new(ssh, "mux proxy", SSH_CHANNEL_MUX_PROXY,
-		   -1, -1, -1, 0, 0, 0, "mux-down-connect", 1);
+		    -1, -1, -1, 0, 0, 0, "mux-down-connect", 1);
 		c->mux_ctx = downstream;	/* point to mux client */
 		c->mux_downstream_id = id;
 		c->remote_id = remote_id;
@@ -2802,33 +2763,33 @@
 		if ((r = sshbuf_put_u32(modified, remote_id)) != 0 ||
 		    (r = sshbuf_put_u32(modified, c->self)) != 0 ||
 		    (r = sshbuf_putb(modified, original)) != 0) {
-			error("%s: compose error %s", __func__, ssh_err(r));
+			error_fr(r, "compose");
 			channel_free(ssh, c);
 			goto out;
 		}
 		break;
 	case SSH2_MSG_GLOBAL_REQUEST:
 		if ((original = sshbuf_from(cp, have)) == NULL) {
-			error("%s: alloc", __func__);
+			error_f("alloc");
 			goto out;
 		}
 		if ((r = sshbuf_get_cstring(original, &ctype, NULL)) != 0) {
-			error("%s: parse error %s", __func__, ssh_err(r));
+			error_fr(r, "parse");
 			goto out;
 		}
 		if (strcmp(ctype, "tcpip-forward") != 0) {
-			error("%s: unsupported request %s", __func__, ctype);
+			error_f("unsupported request %s", ctype);
 			goto out;
 		}
 		if ((r = sshbuf_get_u8(original, NULL)) != 0 ||
 		    (r = sshbuf_get_cstring(original, &listen_host, NULL)) != 0 ||
 		    (r = sshbuf_get_u32(original, &listen_port)) != 0) {
-			error("%s: parse error %s", __func__, ssh_err(r));
+			error_fr(r, "parse");
 			goto out;
 		}
 		if (listen_port > 65535) {
-			error("%s: tcpip-forward for %s: bad port %u",
-			    __func__, listen_host, listen_port);
+			error_f("tcpip-forward for %s: bad port %u",
+			    listen_host, listen_port);
 			goto out;
 		}
 		/* Record that connection to this host/port is permitted. */
@@ -2852,14 +2813,14 @@
 		if ((r = sshpkt_start(ssh, type)) != 0 ||
 		    (r = sshpkt_putb(ssh, modified)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0) {
-			error("%s: send %s", __func__, ssh_err(r));
+			error_fr(r, "send");
 			goto out;
 		}
 	} else {
 		if ((r = sshpkt_start(ssh, type)) != 0 ||
 		    (r = sshpkt_put(ssh, cp, have)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0) {
-			error("%s: send %s", __func__, ssh_err(r));
+			error_fr(r, "send");
 			goto out;
 		}
 	}
@@ -2910,18 +2871,17 @@
 	case SSH2_MSG_CHANNEL_REQUEST:
 		break;
 	default:
-		debug2("%s: channel %u: unsupported type %u", __func__,
-		    c->self, type);
+		debug2_f("channel %u: unsupported type %u", c->self, type);
 		return 0;
 	}
 	if ((b = sshbuf_new()) == NULL) {
-		error("%s: alloc reply", __func__);
+		error_f("alloc reply");
 		goto out;
 	}
 	/* get remaining payload (after id) */
 	cp = sshpkt_ptr(ssh, &len);
 	if (cp == NULL) {
-		error("%s: no packet", __func__);
+		error_f("no packet");
 		goto out;
 	}
 	/* translate id and send to muxclient */
@@ -2930,13 +2890,12 @@
 	    (r = sshbuf_put_u32(b, c->mux_downstream_id)) != 0 ||
 	    (r = sshbuf_put(b, cp, len)) != 0 ||
 	    (r = sshbuf_put_stringb(downstream->output, b)) != 0) {
-		error("%s: compose for muxclient %s", __func__, ssh_err(r));
+		error_fr(r, "compose muxclient");
 		goto out;
 	}
 	/* sshbuf_dump(b, stderr); */
 	if (ssh_packet_log_type(type))
-		debug3("%s: channel %u: up->down: type %u", __func__, c->self,
-		    type);
+		debug3_f("channel %u: up->down: type %u", c->self, type);
  out:
 	/* update state */
 	switch (type) {
@@ -2968,11 +2927,11 @@
 	int r;
 
 	if ((r = sshpkt_get_u32(ssh, &id)) != 0) {
-		error("%s: parse id: %s", where, ssh_err(r));
+		error_r(r, "%s: parse id", where);
 		ssh_packet_disconnect(ssh, "Invalid %s message", what);
 	}
 	if (id > INT_MAX) {
-		error("%s: bad channel id %u: %s", where, id, ssh_err(r));
+		error_r(r, "%s: bad channel id %u", where, id);
 		ssh_packet_disconnect(ssh, "Invalid %s channel id", what);
 	}
 	return (int)id;
@@ -3013,8 +2972,7 @@
 	/* Get the data. */
 	if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0 ||
             (r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: channel %d: get data: %s", __func__,
-		    c->self, ssh_err(r));
+		fatal_fr(r, "channel %i: get data", c->self);
 
 	win_len = data_len;
 	if (c->datagram)
@@ -3045,11 +3003,9 @@
 
 	if (c->datagram) {
 		if ((r = sshbuf_put_string(c->output, data, data_len)) != 0)
-			fatal("%s: channel %d: append datagram: %s",
-			    __func__, c->self, ssh_err(r));
+			fatal_fr(r, "channel %i: append datagram", c->self);
 	} else if ((r = sshbuf_put(c->output, data, data_len)) != 0)
-		fatal("%s: channel %d: append data: %s",
-		    __func__, c->self, ssh_err(r));
+		fatal_fr(r, "channel %i: append data", c->self);
 
 	return 0;
 }
@@ -3070,7 +3026,7 @@
 		return 0;
 	}
 	if (c->flags & CHAN_EOF_RCVD) {
-		if (datafellows & SSH_BUG_EXTEOF)
+		if (ssh->compat & SSH_BUG_EXTEOF)
 			debug("channel %d: accepting ext data after eof",
 			    c->self);
 		else
@@ -3079,7 +3035,7 @@
 	}
 
 	if ((r = sshpkt_get_u32(ssh, &tcode)) != 0) {
-		error("%s: parse tcode: %s", __func__, ssh_err(r));
+		error_fr(r, "parse tcode");
 		ssh_packet_disconnect(ssh, "Invalid extended_data message");
 	}
 	if (c->efd == -1 ||
@@ -3090,7 +3046,7 @@
 	}
 	if ((r = sshpkt_get_string_direct(ssh, &data, &data_len)) != 0 ||
             (r = sshpkt_get_end(ssh)) != 0) {
-		error("%s: parse data: %s", __func__, ssh_err(r));
+		error_fr(r, "parse data");
 		ssh_packet_disconnect(ssh, "Invalid extended_data message");
 	}
 
@@ -3102,7 +3058,7 @@
 	debug2("channel %d: rcvd ext data %zu", c->self, data_len);
 	/* XXX sshpkt_getb? */
 	if ((r = sshbuf_put(c->extended, data, data_len)) != 0)
-		error("%s: append: %s", __func__, ssh_err(r));
+		error_fr(r, "append");
 	c->local_window -= data_len;
 	return 0;
 }
@@ -3114,7 +3070,7 @@
 	int r;
 
         if ((r = sshpkt_get_end(ssh)) != 0) {
-		error("%s: parse data: %s", __func__, ssh_err(r));
+		error_fr(r, "parse data");
 		ssh_packet_disconnect(ssh, "Invalid ieof message");
 	}
 
@@ -3141,7 +3097,7 @@
 	if (channel_proxy_upstream(c, type, seq, ssh))
 		return 0;
         if ((r = sshpkt_get_end(ssh)) != 0) {
-		error("%s: parse data: %s", __func__, ssh_err(r));
+		error_fr(r, "parse data");
 		ssh_packet_disconnect(ssh, "Invalid oclose message");
 	}
 	chan_rcvd_oclose(ssh, c);
@@ -3168,7 +3124,7 @@
 	    (r = sshpkt_get_u32(ssh, &remote_window)) != 0 ||
 	    (r = sshpkt_get_u32(ssh, &remote_maxpacket)) != 0 ||
             (r = sshpkt_get_end(ssh)) != 0) {
-		error("%s: window/maxpacket: %s", __func__, ssh_err(r));
+		error_fr(r, "window/maxpacket");
 		ssh_packet_disconnect(ssh, "Invalid open confirmation message");
 	}
 
@@ -3177,9 +3133,9 @@
 	c->remote_maxpacket = remote_maxpacket;
 	c->type = SSH_CHANNEL_OPEN;
 	if (c->open_confirm) {
-		debug2("%s: channel %d: callback start", __func__, c->self);
+		debug2_f("channel %d: callback start", c->self);
 		c->open_confirm(ssh, c->self, 1, c->open_confirm_ctx);
-		debug2("%s: channel %d: callback done", __func__, c->self);
+		debug2_f("channel %d: callback done", c->self);
 	}
 	debug2("channel %d: open confirm rwindow %u rmax %u", c->self,
 	    c->remote_window, c->remote_maxpacket);
@@ -3216,23 +3172,23 @@
 		ssh_packet_disconnect(ssh, "Received open failure for "
 		    "non-opening channel %d.", c->self);
 	if ((r = sshpkt_get_u32(ssh, &reason)) != 0) {
-		error("%s: reason: %s", __func__, ssh_err(r));
+		error_fr(r, "parse reason");
 		ssh_packet_disconnect(ssh, "Invalid open failure message");
 	}
 	/* skip language */
 	if ((r = sshpkt_get_cstring(ssh, &msg, NULL)) != 0 ||
 	    (r = sshpkt_get_string_direct(ssh, NULL, NULL)) != 0 ||
             (r = sshpkt_get_end(ssh)) != 0) {
-		error("%s: message/lang: %s", __func__, ssh_err(r));
+		error_fr(r, "parse msg/lang");
 		ssh_packet_disconnect(ssh, "Invalid open failure message");
 	}
 	logit("channel %d: open failed: %s%s%s", c->self,
 	    reason2txt(reason), msg ? ": ": "", msg ? msg : "");
 	free(msg);
 	if (c->open_confirm) {
-		debug2("%s: channel %d: callback start", __func__, c->self);
+		debug2_f("channel %d: callback start", c->self);
 		c->open_confirm(ssh, c->self, 0, c->open_confirm_ctx);
-		debug2("%s: channel %d: callback done", __func__, c->self);
+		debug2_f("channel %d: callback done", c->self);
 	}
 	/* Schedule the channel for cleanup/deletion. */
 	chan_mark_dead(ssh, c);
@@ -3257,7 +3213,7 @@
 		return 0;
 	if ((r = sshpkt_get_u32(ssh, &adjust)) != 0 ||
             (r = sshpkt_get_end(ssh)) != 0) {
-		error("%s: adjust: %s", __func__, ssh_err(r));
+		error_fr(r, "parse adjust");
 		ssh_packet_disconnect(ssh, "Invalid window adjust message");
 	}
 	debug2("channel %d: rcvd adjust %u", c->self, adjust);
@@ -3279,10 +3235,10 @@
 	/* Reset keepalive timeout */
 	ssh_packet_set_alive_timeouts(ssh, 0);
 
-	debug2("%s: type %d id %d", __func__, type, id);
+	debug2_f("type %d id %d", type, id);
 
 	if ((c = channel_lookup(ssh, id)) == NULL) {
-		logit("%s: %d: unknown", __func__, id);
+		logit_f("%d: unknown", id);
 		return 0;
 	}
 	if (channel_proxy_upstream(c, type, seq, ssh))
@@ -3333,7 +3289,7 @@
 		if (fwd_opts->gateway_ports)
 			wildcard = 1;
 	} else if (fwd_opts->gateway_ports || is_client) {
-		if (((datafellows & SSH_OLD_FORWARD_ADDR) &&
+		if (((ssh->compat & SSH_OLD_FORWARD_ADDR) &&
 		    strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) ||
 		    *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 ||
 		    (!is_client && fwd_opts->gateway_ports == 1)) {
@@ -3407,8 +3363,8 @@
 	/* Determine the bind address, cf. channel_fwd_bind_addr() comment */
 	addr = channel_fwd_bind_addr(ssh, fwd->listen_host, &wildcard,
 	    is_client, fwd_opts);
-	debug3("%s: type %d wildcard %d addr %s", __func__,
-	    type, wildcard, (addr == NULL) ? "NULL" : addr);
+	debug3_f("type %d wildcard %d addr %s", type, wildcard,
+	    (addr == NULL) ? "NULL" : addr);
 
 	/*
 	 * getaddrinfo returns a loopback address if the hostname is
@@ -3425,7 +3381,7 @@
 			ssh_packet_disconnect(ssh, "getaddrinfo: fatal error: %s",
 			    ssh_gai_strerror(r));
 		} else {
-			error("%s: getaddrinfo(%.64s): %s", __func__, addr,
+			error_f("getaddrinfo(%.64s): %s", addr,
 			    ssh_gai_strerror(r));
 		}
 		return 0;
@@ -3457,7 +3413,7 @@
 		if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, sizeof(ntop),
 		    strport, sizeof(strport),
 		    NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
-			error("%s: getnameinfo failed", __func__);
+			error_f("getnameinfo failed");
 			continue;
 		}
 		/* Create a port to listen for the host. */
@@ -3494,7 +3450,6 @@
 		}
 		/* Start listening for connections on the socket. */
 		if (listen(sock, SSH_LISTEN_BACKLOG) == -1) {
-			error("listen: %.100s", strerror(errno));
 			error("listen [%s]:%s: %.100s", ntop, strport,
 			    strerror(errno));
 			close(sock);
@@ -3522,15 +3477,14 @@
 		c->host_port = fwd->connect_port;
 		c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
 		if (fwd->listen_port == 0 && allocated_listen_port != NULL &&
-		    !(datafellows & SSH_BUG_DYNAMIC_RPORT))
+		    !(ssh->compat & SSH_BUG_DYNAMIC_RPORT))
 			c->listening_port = *allocated_listen_port;
 		else
 			c->listening_port = fwd->listen_port;
 		success = 1;
 	}
 	if (success == 0)
-		error("%s: cannot listen to port: %d", __func__,
-		    fwd->listen_port);
+		error_f("cannot listen to port: %d", fwd->listen_port);
 	freeaddrinfo(aitop);
 	return success;
 }
@@ -3573,7 +3527,7 @@
 		port = PORT_STREAMLOCAL;
 		break;
 	default:
-		error("%s: unexpected channel type %d", __func__, type);
+		error_f("unexpected channel type %d", type);
 		return 0;
 	}
 
@@ -3586,7 +3540,7 @@
 		return 0;
 	}
 
-	debug3("%s: type %d path %s", __func__, type, fwd->listen_path);
+	debug3_f("type %d path %s", type, fwd->listen_path);
 
 	/* Start a Unix domain listener. */
 	omask = umask(fwd_opts->streamlocal_bind_mask);
@@ -3621,7 +3575,7 @@
 		if (c == NULL || c->type != SSH_CHANNEL_RPORT_LISTENER)
 			continue;
 		if (strcmp(c->path, host) == 0 && c->listening_port == port) {
-			debug2("%s: close channel %d", __func__, i);
+			debug2_f("close channel %d", i);
 			channel_free(ssh, c);
 			found = 1;
 		}
@@ -3643,7 +3597,7 @@
 		if (c->path == NULL)
 			continue;
 		if (strcmp(c->path, path) == 0) {
-			debug2("%s: close channel %d", __func__, i);
+			debug2_f("close channel %d", i);
 			channel_free(ssh, c);
 			found = 1;
 		}
@@ -3691,7 +3645,7 @@
 		    (c->listening_addr != NULL && addr == NULL))
 			continue;
 		if (addr == NULL || strcmp(c->listening_addr, addr) == 0) {
-			debug2("%s: close channel %d", __func__, i);
+			debug2_f("close channel %d", i);
 			channel_free(ssh, c);
 			found = 1;
 		}
@@ -3707,7 +3661,7 @@
 	int found = 0;
 
 	if (path == NULL) {
-		error("%s: no path specified.", __func__);
+		error_f("no path specified.");
 		return 0;
 	}
 
@@ -3718,7 +3672,7 @@
 		if (c->listening_addr == NULL)
 			continue;
 		if (strcmp(c->listening_addr, path) == 0) {
-			debug2("%s: close channel %d", __func__, i);
+			debug2_f("close channel %d", i);
 			channel_free(ssh, c);
 			found = 1;
 		}
@@ -3890,8 +3844,7 @@
 		    (r = sshpkt_put_cstring(ssh, fwd->listen_path)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0 ||
 		    (r = ssh_packet_write_wait(ssh)) != 0)
-			fatal("%s: request streamlocal: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "request streamlocal");
 	} else {
 		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
 		    (r = sshpkt_put_cstring(ssh, "tcpip-forward")) != 0 ||
@@ -3901,8 +3854,7 @@
 		    (r = sshpkt_put_u32(ssh, fwd->listen_port)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0 ||
 		    (r = ssh_packet_write_wait(ssh)) != 0)
-			fatal("%s: request tcpip-forward: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "request tcpip-forward");
 	}
 	/* Assume that server accepts the request */
 	success = 1;
@@ -4010,7 +3962,7 @@
 		perm = NULL;
 	}
 	if (perm == NULL) {
-		debug("%s: requested forward not found", __func__);
+		debug_f("requested forward not found");
 		return -1;
 	}
 	if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
@@ -4019,7 +3971,7 @@
 	    (r = sshpkt_put_cstring(ssh, channel_rfwd_bind_host(host))) != 0 ||
 	    (r = sshpkt_put_u32(ssh, port)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: send cancel: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send cancel");
 
 	fwd_perm_clear(perm); /* unregister */
 
@@ -4046,7 +3998,7 @@
 		perm = NULL;
 	}
 	if (perm == NULL) {
-		debug("%s: requested forward not found", __func__);
+		debug_f("requested forward not found");
 		return -1;
 	}
 	if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
@@ -4055,13 +4007,13 @@
 	    (r = sshpkt_put_u8(ssh, 0)) != 0 || /* want reply */
 	    (r = sshpkt_put_cstring(ssh, path)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: send cancel: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send cancel");
 
 	fwd_perm_clear(perm); /* unregister */
 
 	return 0;
 }
- 
+
 /*
  * Request cancellation of remote forwarding of a connection from local side.
  */
@@ -4150,8 +4102,8 @@
 	struct permission_set *pset = &ssh->chanctxt->local_perms;
 
 	if (idx < 0 || (u_int)idx >= pset->num_permitted_user) {
-		debug("%s: index out of range: %d num_permitted_user %d",
-		    __func__, idx, pset->num_permitted_user);
+		debug_f("index out of range: %d num_permitted_user %d",
+		    idx, pset->num_permitted_user);
 		return;
 	}
 	debug("%s allowed port %d for forwarding to host %s port %d",
@@ -4163,7 +4115,7 @@
 		fwd_perm_clear(&pset->permitted_user[idx]);
 	else {
 		pset->permitted_user[idx].listen_port =
-		    (datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport;
+		    (ssh->compat & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport;
 	}
 }
 
@@ -4218,7 +4170,7 @@
 			continue;
 		}
 		if (set_nonblock(sock) == -1)
-			fatal("%s: set_nonblock(%d)", __func__, sock);
+			fatal_f("set_nonblock(%d)", sock);
 		if (connect(sock, cctx->ai->ai_addr,
 		    cctx->ai->ai_addrlen) == -1 && errno != EINPROGRESS) {
 			debug("connect_next: host %.100s ([%.100s]:%s): "
@@ -4521,8 +4473,7 @@
 		    (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0)
-			fatal("%s: channel %u: send window-change: %s",
-			    __func__, i, ssh_err(r));
+			fatal_fr(r, "channel %u; send window-change", i);
 	}
 }
 
@@ -4546,10 +4497,8 @@
 	    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->self)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->local_window)) != 0 ||
-	    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0) {
-		fatal("%s: channel %i: confirm: %s", __func__,
-		    c->self, ssh_err(r));
-	}
+	    (r = sshpkt_put_u32(ssh, c->local_maxpacket)) != 0)
+		fatal_fr(r, "channel %i; confirm", c->self);
 	return c;
 }
 
@@ -4557,9 +4506,28 @@
 static int
 rdynamic_connect_finish(struct ssh *ssh, Channel *c)
 {
+	struct ssh_channels *sc = ssh->chanctxt;
+	struct permission_set *pset = &sc->local_perms;
+	struct permission *perm;
 	struct channel_connect cctx;
+	u_int i, permit_adm = 1;
 	int sock;
 
+	if (pset->num_permitted_admin > 0) {
+		permit_adm = 0;
+		for (i = 0; i < pset->num_permitted_admin; i++) {
+			perm = &pset->permitted_admin[i];
+			if (open_match(perm, c->path, c->host_port)) {
+				permit_adm = 1;
+				break;
+			}
+		}
+	}
+	if (!permit_adm) {
+		debug_f("requested forward not permitted");
+		return -1;
+	}
+
 	memset(&cctx, 0, sizeof(cctx));
 	sock = connect_to_helper(ssh, c->path, c->host_port, SOCK_STREAM, NULL,
 	    NULL, &cctx, NULL, NULL);
@@ -4636,8 +4604,8 @@
 			if (x11_use_localhost)
 				set_reuseaddr(sock);
 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) {
-				debug2("%s: bind port %d: %.100s", __func__,
-				    port, strerror(errno));
+				debug2_f("bind port %d: %.100s", port,
+				    strerror(errno));
 				close(sock);
 				for (n = 0; n < num_socks; n++)
 					close(socks[n]);
@@ -4895,9 +4863,10 @@
 		/* Extract real authentication data. */
 		sc->x11_saved_data = xmalloc(data_len);
 		for (i = 0; i < data_len; i++) {
-			if (sscanf(data + 2 * i, "%2x", &value) != 1)
+			if (sscanf(data + 2 * i, "%2x", &value) != 1) {
 				fatal("x11_request_forwarding: bad "
 				    "authentication data: %.100s", data);
+			}
 			sc->x11_saved_data[i] = value;
 		}
 		sc->x11_saved_data_len = data_len;
@@ -4919,6 +4888,6 @@
 	    (r = sshpkt_put_u32(ssh, screen_number)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0 ||
 	    (r = ssh_packet_write_wait(ssh)) != 0)
-		fatal("%s: send x11-req: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send x11-req");
 	free(new_data);
 }

channels.h

diff --git a/channels.h b/channels.h
index c8ae0d9..6bf86b0 100644
--- a/channels.h
+++ b/channels.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.h,v 1.133 2020/01/25 22:49:38 djm Exp $ */
+/* $OpenBSD: channels.h,v 1.138 2021/05/19 01:24:05 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -52,17 +52,27 @@
 #define SSH_CHANNEL_DYNAMIC		13
 #define SSH_CHANNEL_ZOMBIE		14	/* Almost dead. */
 #define SSH_CHANNEL_MUX_LISTENER	15	/* Listener for mux conn. */
-#define SSH_CHANNEL_MUX_CLIENT		16	/* Conn. to mux slave */
+#define SSH_CHANNEL_MUX_CLIENT		16	/* Conn. to mux client */
 #define SSH_CHANNEL_ABANDONED		17	/* Abandoned session, eg mux */
 #define SSH_CHANNEL_UNIX_LISTENER	18	/* Listening on a domain socket. */
 #define SSH_CHANNEL_RUNIX_LISTENER	19	/* Listening to a R-style domain socket. */
-#define SSH_CHANNEL_MUX_PROXY		20	/* proxy channel for mux-slave */
+#define SSH_CHANNEL_MUX_PROXY		20	/* proxy channel for mux-client */
 #define SSH_CHANNEL_RDYNAMIC_OPEN	21	/* reverse SOCKS, parsing request */
 #define SSH_CHANNEL_RDYNAMIC_FINISH	22	/* reverse SOCKS, finishing connect */
 #define SSH_CHANNEL_MAX_TYPE		23
 
 #define CHANNEL_CANCEL_PORT_STATIC	-1
 
+/* nonblocking flags for channel_new */
+#define CHANNEL_NONBLOCK_LEAVE	0 /* don't modify non-blocking state */
+#define CHANNEL_NONBLOCK_SET	1 /* set non-blocking state */
+#define CHANNEL_NONBLOCK_STDIO	2 /* set non-blocking and restore on close */
+
+/* c->restore_block mask flags */
+#define CHANNEL_RESTORE_RFD	0x01
+#define CHANNEL_RESTORE_WFD	0x02
+#define CHANNEL_RESTORE_EFD	0x04
+
 /* TCP forwarding */
 #define FORWARD_DENY		0
 #define FORWARD_REMOTE		(1)
@@ -139,6 +149,7 @@
 				 * to a matching pre-select handler.
 				 * this way post-select handlers are not
 				 * accidentally called if a FD gets reused */
+	int	restore_block;	/* fd mask to restore blocking status */
 	struct sshbuf *input;	/* data read from socket, to be sent over
 				 * encrypted connection */
 	struct sshbuf *output;	/* data received over encrypted connection for
@@ -177,7 +188,7 @@
 	channel_filter_cleanup_fn *filter_cleanup;
 
 	/* keep boundaries */
-	int     		datagram;
+	int			datagram;
 
 	/* non-blocking connect */
 	/* XXX make this a pointer so the structure can be opaque */
@@ -187,7 +198,7 @@
 	mux_callback_fn		*mux_rcb;
 	void			*mux_ctx;
 	int			mux_pause;
-	int     		mux_downstream_id;
+	int			mux_downstream_id;
 };
 
 #define CHAN_EXTENDED_IGNORE		0
@@ -223,6 +234,9 @@
 /* Read buffer size */
 #define CHAN_RBUF	(16*1024)
 
+/* Maximum channel input buffer size */
+#define CHAN_INPUT_MAX	(16*1024*1024)
+
 /* Hard limit on number of channels */
 #define CHANNELS_MAX_CHANNELS	(16*1024)
 
@@ -263,7 +277,7 @@
 void	 channel_register_status_confirm(struct ssh *, int,
 	    channel_confirm_cb *, channel_confirm_abandon_cb *, void *);
 void	 channel_cancel_cleanup(struct ssh *, int);
-int	 channel_close_fd(struct ssh *, int *);
+int	 channel_close_fd(struct ssh *, Channel *, int *);
 void	 channel_send_window_changes(struct ssh *);
 
 /* mux proxy support */
@@ -286,7 +300,7 @@
 /* file descriptor handling (read/write) */
 
 void	 channel_prepare_select(struct ssh *, fd_set **, fd_set **, int *,
-	     u_int*, time_t*);
+	    u_int*, time_t*);
 void     channel_after_select(struct ssh *, fd_set *, fd_set *);
 void     channel_output_poll(struct ssh *);
 
@@ -310,7 +324,7 @@
 	    char *, char *, int *, const char **);
 Channel *channel_connect_to_path(struct ssh *, const char *, char *, char *);
 Channel	*channel_connect_stdio_fwd(struct ssh *, const char*,
-	    u_short, int, int);
+	    u_short, int, int, int);
 Channel	*channel_connect_by_listen_address(struct ssh *, const char *,
 	    u_short, char *, char *);
 Channel	*channel_connect_by_listen_path(struct ssh *, const char *,

cipher.c

diff --git a/cipher.c b/cipher.c
index 8195199..5b3a86d 100644
--- a/cipher.c
+++ b/cipher.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cipher.c,v 1.117 2020/04/03 04:27:03 djm Exp $ */
+/* $OpenBSD: cipher.c,v 1.119 2021/04/03 06:18:40 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -91,8 +91,6 @@
 	{ "aes128-cbc",		16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
 	{ "aes192-cbc",		16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
 	{ "aes256-cbc",		16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
-	{ "rijndael-cbc@lysator.liu.se",
-				16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
 	{ "aes128-ctr",		16, 16, 0, 0, 0, EVP_aes_128_ctr },
 	{ "aes192-ctr",		16, 24, 0, 0, 0, EVP_aes_192_ctr },
 	{ "aes256-ctr",		16, 32, 0, 0, 0, EVP_aes_256_ctr },
@@ -496,10 +494,10 @@
 #endif
 	if (cipher_authlen(c)) {
 		if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
-		   len, iv))
-		       return SSH_ERR_LIBCRYPTO_ERROR;
+		    len, iv))
+			return SSH_ERR_LIBCRYPTO_ERROR;
 	} else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
-	       return SSH_ERR_LIBCRYPTO_ERROR;
+		return SSH_ERR_LIBCRYPTO_ERROR;
 #endif
 	return 0;
 }

clientloop.c

diff --git a/clientloop.c b/clientloop.c
index da396c7..da14d15 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.344 2020/04/24 02:19:40 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.370 2021/08/29 23:44:07 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -115,15 +115,6 @@
 /* import options */
 extern Options options;
 
-/* Flag indicating that stdin should be redirected from /dev/null. */
-extern int stdin_null_flag;
-
-/* Flag indicating that no shell has been requested */
-extern int no_shell_flag;
-
-/* Flag indicating that ssh should daemonise after authentication is complete */
-extern int fork_after_authentication_flag;
-
 /* Control socket */
 extern int muxserver_sock; /* XXX use mux_client_cleanup() instead */
 
@@ -162,6 +153,7 @@
 static int need_rekeying;	/* Set to non-zero if rekeying is requested. */
 static int session_closed;	/* In SSH2: login session closed. */
 static u_int x11_refuse_time;	/* If >0, refuse x11 opens after this time. */
+static time_t server_alive_time;	/* Time to do server_alive_check */
 
 static void client_init_dispatch(struct ssh *ssh);
 int	session_ident = -1;
@@ -232,13 +224,13 @@
 	} else if (channel_still_open(ssh)) {
 		/* some client connections are still open */
 		if (control_persist_exit_time > 0)
-			debug2("%s: cancel scheduled exit", __func__);
+			debug2_f("cancel scheduled exit");
 		control_persist_exit_time = 0;
 	} else if (control_persist_exit_time <= 0) {
 		/* a client connection has recently closed */
 		control_persist_exit_time = monotime() +
 			(time_t)options.control_persist_timeout;
-		debug2("%s: schedule exit in %d seconds", __func__,
+		debug2_f("schedule exit in %d seconds",
 		    options.control_persist_timeout);
 	}
 	/* else we are already counting down to the timeout */
@@ -306,7 +298,7 @@
 			if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
 			    display + 10)) < 0 ||
 			    (size_t)r >= sizeof(xdisplay)) {
-				error("%s: display name too long", __func__);
+				error_f("display name too long");
 				return -1;
 			}
 			display = xdisplay;
@@ -321,15 +313,14 @@
 			 */
 			mktemp_proto(xauthdir, sizeof(xauthdir));
 			if (mkdtemp(xauthdir) == NULL) {
-				error("%s: mkdtemp: %s",
-				    __func__, strerror(errno));
+				error_f("mkdtemp: %s", strerror(errno));
 				return -1;
 			}
 			do_unlink = 1;
 			if ((r = snprintf(xauthfile, sizeof(xauthfile),
 			    "%s/xauthfile", xauthdir)) < 0 ||
 			    (size_t)r >= sizeof(xauthfile)) {
-				error("%s: xauthfile path too long", __func__);
+				error_f("xauthfile path too long");
 				rmdir(xauthdir);
 				return -1;
 			}
@@ -355,7 +346,7 @@
 				    SSH_X11_PROTO, x11_timeout_real,
 				    _PATH_DEVNULL);
 			}
-			debug2("%s: xauth command: %s", __func__, cmd);
+			debug2_f("xauth command: %s", cmd);
 
 			if (timeout != 0 && x11_refuse_time == 0) {
 				now = monotime() + 1;
@@ -444,7 +435,7 @@
 	if (!received_window_change_signal)
 		return;
 	received_window_change_signal = 0;
-	debug2("%s: changed", __func__);
+	debug2_f("changed");
 	channel_send_window_changes(ssh);
 }
 
@@ -467,6 +458,13 @@
 }
 
 static void
+schedule_server_alive_check(void)
+{
+	if (options.server_alive_interval > 0)
+		server_alive_time = monotime() + options.server_alive_interval;
+}
+
+static void
 server_alive_check(struct ssh *ssh)
 {
 	int r;
@@ -479,9 +477,10 @@
 	    (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com")) != 0 ||
 	    (r = sshpkt_put_u8(ssh, 1)) != 0 ||		/* boolean: want reply */
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: send packet: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 	/* Insert an empty placeholder to maintain ordering */
 	client_register_global_confirm(NULL, NULL);
+	schedule_server_alive_check();
 }
 
 /*
@@ -495,7 +494,7 @@
 {
 	struct timeval tv, *tvp;
 	int timeout_secs;
-	time_t minwait_secs = 0, server_alive_time = 0, now = monotime();
+	time_t minwait_secs = 0, now = monotime();
 	int r, ret;
 
 	/* Add any selections by the channel mechanism. */
@@ -524,10 +523,8 @@
 	 */
 
 	timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */
-	if (options.server_alive_interval > 0) {
-		timeout_secs = options.server_alive_interval;
-		server_alive_time = now + options.server_alive_interval;
-	}
+	if (options.server_alive_interval > 0)
+		timeout_secs = MAXIMUM(server_alive_time - now, 0);
 	if (options.rekey_interval > 0 && !rekeying)
 		timeout_secs = MINIMUM(timeout_secs,
 		    ssh_packet_get_rekey_timeout(ssh));
@@ -557,23 +554,21 @@
 		 */
 		memset(*readsetp, 0, *nallocp);
 		memset(*writesetp, 0, *nallocp);
-
 		if (errno == EINTR)
 			return;
 		/* Note: we might still have data in the buffers. */
 		if ((r = sshbuf_putf(stderr_buffer,
 		    "select: %s\r\n", strerror(errno))) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_putf");
 		quit_pending = 1;
-	} else if (ret == 0) {
+	} else if (options.server_alive_interval > 0 && !FD_ISSET(connection_in,
+	    *readsetp) && monotime() >= server_alive_time)
 		/*
-		 * Timeout.  Could have been either keepalive or rekeying.
-		 * Keepalive we check here, rekeying is checked in clientloop.
+		 * ServerAlive check is needed. We can't rely on the select
+		 * timing out since traffic on the client side such as port
+		 * forwards can keep waking it up.
 		 */
-		if (server_alive_time != 0 && server_alive_time <= monotime())
-			server_alive_check(ssh);
-	}
-
+		server_alive_check(ssh);
 }
 
 static void
@@ -613,6 +608,7 @@
 	 * the packet subsystem.
 	 */
 	if (FD_ISSET(connection_in, readset)) {
+		schedule_server_alive_check();
 		/* Read as much as possible. */
 		len = read(connection_in, buf, sizeof(buf));
 		if (len == 0) {
@@ -623,8 +619,7 @@
 			if ((r = sshbuf_putf(stderr_buffer,
 			    "Connection to %.300s closed by remote host.\r\n",
 			    host)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "sshbuf_putf");
 			quit_pending = 1;
 			return;
 		}
@@ -644,8 +639,7 @@
 			if ((r = sshbuf_putf(stderr_buffer,
 			    "Read from remote host %.300s: %.100s\r\n",
 			    host, strerror(errno))) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "sshbuf_putf");
 			quit_pending = 1;
 			return;
 		}
@@ -693,10 +687,11 @@
 		 * their stderr.
 		 */
 		if (tochan) {
+			debug3_f("channel %d: mux request: %s", c->self,
+			    cr->request_type);
 			if ((r = sshbuf_put(c->extended, errmsg,
 			    strlen(errmsg))) != 0)
-				fatal("%s: buffer error %s", __func__,
-				    ssh_err(r));
+				fatal_fr(r, "sshbuf_put");
 		} else
 			error("%s", errmsg);
 		if (cr->action == CONFIRM_TTY) {
@@ -744,8 +739,8 @@
 	last_gc = TAILQ_LAST(&global_confirms, global_confirms);
 	if (last_gc && last_gc->cb == cb && last_gc->ctx == ctx) {
 		if (++last_gc->ref_count >= INT_MAX)
-			fatal("%s: last_gc->ref_count = %d",
-			    __func__, last_gc->ref_count);
+			fatal_f("last_gc->ref_count = %d",
+			    last_gc->ref_count);
 		return;
 	}
 
@@ -908,7 +903,7 @@
 
 	if ((r = sshbuf_putf(b,
 	    "%c?\r\nSupported escape sequences:\r\n", escape_char)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_putf");
 
 	suppress_flags =
 	    (mux_client ? SUPPRESS_MUXCLIENT : 0) |
@@ -920,14 +915,14 @@
 			continue;
 		if ((r = sshbuf_putf(b, " %c%-3s - %s\r\n",
 		    escape_char, esc_txt[i].cmd, esc_txt[i].text)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_putf");
 	}
 
 	if ((r = sshbuf_putf(b,
 	    " %c%c   - send the escape character by typing it twice\r\n"
 	    "(Note that escapes are only recognized immediately after "
 	    "newline.)\r\n", escape_char, escape_char)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_putf");
 }
 
 /*
@@ -967,8 +962,7 @@
 				/* Terminate the connection. */
 				if ((r = sshbuf_putf(berr, "%c.\r\n",
 				    efc->escape_char)) != 0)
-					fatal("%s: buffer error: %s",
-					    __func__, ssh_err(r));
+					fatal_fr(r, "sshbuf_putf");
 				if (c && c->ctl_chan != -1) {
 					chan_read_failed(ssh, c);
 					chan_write_failed(ssh, c);
@@ -997,16 +991,14 @@
 					    "%c%s escape not available to "
 					    "multiplexed sessions\r\n",
 					    efc->escape_char, b)) != 0)
-						fatal("%s: buffer error: %s",
-						    __func__, ssh_err(r));
+						fatal_fr(r, "sshbuf_putf");
 					continue;
 				}
 				/* Suspend the program. Inform the user */
 				if ((r = sshbuf_putf(berr,
 				    "%c^Z [suspend ssh]\r\n",
 				    efc->escape_char)) != 0)
-					fatal("%s: buffer error: %s",
-					    __func__, ssh_err(r));
+					fatal_fr(r, "sshbuf_putf");
 
 				/* Restore terminal modes and suspend. */
 				client_suspend_self(bin, bout, berr);
@@ -1017,17 +1009,15 @@
 			case 'B':
 				if ((r = sshbuf_putf(berr,
 				    "%cB\r\n", efc->escape_char)) != 0)
-					fatal("%s: buffer error: %s",
-					    __func__, ssh_err(r));
+					fatal_fr(r, "sshbuf_putf");
 				channel_request_start(ssh, c->self, "break", 0);
 				if ((r = sshpkt_put_u32(ssh, 1000)) != 0 ||
 				    (r = sshpkt_send(ssh)) != 0)
-					fatal("%s: send packet: %s", __func__,
-					    ssh_err(r));
+					fatal_fr(r, "send packet");
 				continue;
 
 			case 'R':
-				if (datafellows & SSH_BUG_NOREKEY)
+				if (ssh->compat & SSH_BUG_NOREKEY)
 					logit("Server does not "
 					    "support re-keying");
 				else
@@ -1043,8 +1033,7 @@
 					if ((r = sshbuf_putf(berr,
 					    "%c%c [Logging to syslog]\r\n",
 					    efc->escape_char, ch)) != 0)
-						fatal("%s: buffer error: %s",
-						    __func__, ssh_err(r));
+						fatal_fr(r, "sshbuf_putf");
 					continue;
 				}
 				if (ch == 'V' && options.log_level >
@@ -1057,8 +1046,7 @@
 				    "%c%c [LogLevel %s]\r\n",
 				    efc->escape_char, ch,
 				    log_level_name(options.log_level))) != 0)
-					fatal("%s: buffer error: %s",
-					    __func__, ssh_err(r));
+					fatal_fr(r, "sshbuf_putf");
 				continue;
 
 			case '&':
@@ -1076,11 +1064,9 @@
 				/* Stop listening for new connections. */
 				channel_stop_listening(ssh);
 
-				if ((r = sshbuf_putf(berr,
-				    "%c& [backgrounded]\n", efc->escape_char))
-				     != 0)
-					fatal("%s: buffer error: %s",
-					    __func__, ssh_err(r));
+				if ((r = sshbuf_putf(berr, "%c& "
+				    "[backgrounded]\n", efc->escape_char)) != 0)
+					fatal_fr(r, "sshbuf_putf");
 
 				/* Fork into background. */
 				pid = fork();
@@ -1095,8 +1081,7 @@
 				/* The child continues serving connections. */
 				/* fake EOF on stdin */
 				if ((r = sshbuf_put_u8(bin, 4)) != 0)
-					fatal("%s: buffer error: %s",
-					    __func__, ssh_err(r));
+					fatal_fr(r, "sshbuf_put_u8");
 				return -1;
 			case '?':
 				print_escape_help(berr, efc->escape_char,
@@ -1107,12 +1092,10 @@
 			case '#':
 				if ((r = sshbuf_putf(berr, "%c#\r\n",
 				    efc->escape_char)) != 0)
-					fatal("%s: buffer error: %s",
-					    __func__, ssh_err(r));
+					fatal_fr(r, "sshbuf_putf");
 				s = channel_open_message(ssh);
 				if ((r = sshbuf_put(berr, s, strlen(s))) != 0)
-					fatal("%s: buffer error: %s",
-					    __func__, ssh_err(r));
+					fatal_fr(r, "sshbuf_put");
 				free(s);
 				continue;
 
@@ -1126,8 +1109,7 @@
 				if (ch != efc->escape_char) {
 					if ((r = sshbuf_put_u8(bin,
 					    efc->escape_char)) != 0)
-						fatal("%s: buffer error: %s",
-						    __func__, ssh_err(r));
+						fatal_fr(r, "sshbuf_put_u8");
 					bytes++;
 				}
 				/* Escaped characters fall through here */
@@ -1154,7 +1136,7 @@
 		 */
 		last_was_cr = (ch == '\r' || ch == '\n');
 		if ((r = sshbuf_put_u8(bin, ch)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_put_u8");
 		bytes++;
 	}
 	return bytes;
@@ -1232,7 +1214,6 @@
 	int r, max_fd = 0, max_fd2 = 0, len;
 	u_int64_t ibytes, obytes;
 	u_int nalloc = 0;
-	char buf[100];
 
 	debug("Entering interactive session.");
 
@@ -1241,30 +1222,30 @@
 		debug("pledge: id");
 		if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd proc exec id tty",
 		    NULL) == -1)
-			fatal("%s pledge(): %s", __func__, strerror(errno));
+			fatal_f("pledge(): %s", strerror(errno));
 
 	} else if (options.forward_x11 || options.permit_local_command) {
 		debug("pledge: exec");
 		if (pledge("stdio rpath wpath cpath unix inet dns proc exec tty",
 		    NULL) == -1)
-			fatal("%s pledge(): %s", __func__, strerror(errno));
+			fatal_f("pledge(): %s", strerror(errno));
 
 	} else if (options.update_hostkeys) {
 		debug("pledge: filesystem full");
 		if (pledge("stdio rpath wpath cpath unix inet dns proc tty",
 		    NULL) == -1)
-			fatal("%s pledge(): %s", __func__, strerror(errno));
+			fatal_f("pledge(): %s", strerror(errno));
 
 	} else if (!option_clear_or_none(options.proxy_command) ||
-	    fork_after_authentication_flag) {
+	    options.fork_after_authentication) {
 		debug("pledge: proc");
 		if (pledge("stdio cpath unix inet dns proc tty", NULL) == -1)
-			fatal("%s pledge(): %s", __func__, strerror(errno));
+			fatal_f("pledge(): %s", strerror(errno));
 
 	} else {
 		debug("pledge: network");
 		if (pledge("stdio unix inet dns proc tty", NULL) == -1)
-			fatal("%s pledge(): %s", __func__, strerror(errno));
+			fatal_f("pledge(): %s", strerror(errno));
 	}
 
 	start_time = monotime_double();
@@ -1280,7 +1261,7 @@
 
 	/* Initialize buffer. */
 	if ((stderr_buffer = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	client_init_dispatch(ssh);
 
@@ -1314,6 +1295,8 @@
 		    client_channel_closed, 0);
 	}
 
+	schedule_server_alive_check();
+
 	/* Main loop of the client for the interactive session mode. */
 	while (!quit_pending) {
 
@@ -1329,8 +1312,7 @@
 			/* manual rekey request */
 			debug("need rekeying");
 			if ((r = kex_start_rekex(ssh)) != 0)
-				fatal("%s: kex_start_rekex: %s", __func__,
-				    ssh_err(r));
+				fatal_fr(r, "kex_start_rekex");
 			need_rekeying = 0;
 		} else {
 			/*
@@ -1370,6 +1352,10 @@
 		if (quit_pending)
 			break;
 
+		/* A timeout may have triggered rekeying */
+		if ((r = ssh_packet_check_rekey(ssh)) != 0)
+			fatal_fr(r, "cannot start rekeying");
+
 		/*
 		 * Send as much buffered packet data as possible to the
 		 * sender.
@@ -1407,34 +1393,27 @@
 	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||	/* language tag */
 	    (r = sshpkt_send(ssh)) != 0 ||
 	    (r = ssh_packet_write_wait(ssh)) != 0)
-		fatal("%s: send disconnect: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send disconnect");
 
 	channel_free_all(ssh);
 
 	if (have_pty)
 		leave_raw_mode(options.request_tty == REQUEST_TTY_FORCE);
 
-	/* restore blocking io */
-	if (!isatty(fileno(stdin)))
-		unset_nonblock(fileno(stdin));
-	if (!isatty(fileno(stdout)))
-		unset_nonblock(fileno(stdout));
-	if (!isatty(fileno(stderr)))
-		unset_nonblock(fileno(stderr));
-
 	/*
 	 * If there was no shell or command requested, there will be no remote
 	 * exit status to be returned.  In that case, clear error code if the
 	 * connection was deliberately terminated at this end.
 	 */
-	if (no_shell_flag && received_signal == SIGTERM) {
+	if (options.session_type == SESSION_TYPE_NONE &&
+	    received_signal == SIGTERM) {
 		received_signal = 0;
 		exit_status = 0;
 	}
 
 	if (received_signal) {
 		verbose("Killed by signal %d.", (int) received_signal);
-		cleanup_exit(0);
+		cleanup_exit(255);
 	}
 
 	/*
@@ -1444,7 +1423,7 @@
 	if (have_pty && options.log_level != SYSLOG_LEVEL_QUIET) {
 		if ((r = sshbuf_putf(stderr_buffer,
 		    "Connection to %.64s closed.\r\n", host)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_putf");
 	}
 
 	/* Output any buffered data for stderr. */
@@ -1455,11 +1434,10 @@
 		if (len < 0 || (u_int)len != sshbuf_len(stderr_buffer))
 			error("Write failed flushing stderr buffer.");
 		else if ((r = sshbuf_consume(stderr_buffer, len)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_consume");
 	}
 
 	/* Clear and free any buffers. */
-	explicit_bzero(buf, sizeof(buf));
 	sshbuf_free(stderr_buffer);
 
 	/* Report bytes transferred, and transfer rates. */
@@ -1493,15 +1471,15 @@
 	    (r = sshpkt_get_cstring(ssh, &originator_address, NULL)) != 0 ||
 	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: parse packet: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
-	debug("%s: listen %s port %d, originator %s port %d", __func__,
+	debug_f("listen %s port %d, originator %s port %d",
 	    listen_address, listen_port, originator_address, originator_port);
 
 	if (listen_port > 0xffff)
-		error("%s: invalid listen port", __func__);
+		error_f("invalid listen port");
 	else if (originator_port > 0xffff)
-		error("%s: invalid originator port", __func__);
+		error_f("invalid originator port");
 	else {
 		c = channel_connect_by_listen_address(ssh,
 		    listen_address, listen_port, "forwarded-tcpip",
@@ -1510,7 +1488,7 @@
 
 	if (c != NULL && c->type == SSH_CHANNEL_MUX_CLIENT) {
 		if ((b = sshbuf_new()) == NULL) {
-			error("%s: alloc reply", __func__);
+			error_f("alloc reply");
 			goto out;
 		}
 		/* reconstruct and send to muxclient */
@@ -1525,8 +1503,7 @@
 		    (r = sshbuf_put_cstring(b, originator_address)) != 0 ||
 		    (r = sshbuf_put_u32(b, originator_port)) != 0 ||
 		    (r = sshbuf_put_stringb(c->output, b)) != 0) {
-			error("%s: compose for muxclient %s", __func__,
-			    ssh_err(r));
+			error_fr(r, "compose for muxclient");
 			goto out;
 		}
 	}
@@ -1550,9 +1527,9 @@
 	if ((r = sshpkt_get_cstring(ssh, &listen_path, NULL)) != 0 ||
 	    (r = sshpkt_get_string(ssh, NULL, NULL)) != 0 ||	/* reserved */
 	    (r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: parse packet: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 
-	debug("%s: request: %s", __func__, listen_path);
+	debug_f("request: %s", listen_path);
 
 	c = channel_connect_by_listen_path(ssh, listen_path,
 	    "forwarded-streamlocal@openssh.com", "forwarded-streamlocal");
@@ -1582,7 +1559,7 @@
 	if ((r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||
 	    (r = sshpkt_get_u32(ssh, &originator_port)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0)
-		fatal("%s: parse packet: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse packet");
 	/* XXX check permission */
 	/* XXX range check originator port? */
 	debug("client_request_x11: request from %s %u", originator,
@@ -1617,8 +1594,7 @@
 	}
 	if (r != 0) {
 		if (r != SSH_ERR_AGENT_NOT_PRESENT)
-			debug("%s: ssh_get_authentication_socket: %s",
-			    __func__, ssh_err(r));
+			debug_fr(r, "ssh_get_authentication_socket");
 		return NULL;
 	}
 	c = channel_new(ssh, "authentication agent connection",
@@ -1779,16 +1755,15 @@
 			exit_status = exitval;
 		} else {
 			/* Probably for a mux channel that has already closed */
-			debug("%s: no sink for exit-status on channel %d",
-			    __func__, id);
+			debug_f("no sink for exit-status on channel %d",
+			    id);
 		}
 		if ((r = sshpkt_get_end(ssh)) != 0)
 			goto out;
 	}
 	if (reply && c != NULL && !(c->flags & CHAN_CLOSE_SENT)) {
 		if (!c->have_remote_id)
-			fatal("%s: channel %d: no remote_id",
-			    __func__, c->self);
+			fatal_f("channel %d: no remote_id", c->self);
 		if ((r = sshpkt_start(ssh, success ?
 		    SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
@@ -1808,12 +1783,13 @@
 	/*
 	 * Keys received from the server and a flag for each indicating
 	 * whether they already exist in known_hosts.
-	 * keys_seen is filled in by hostkeys_find() and later (for new
+	 * keys_match is filled in by hostkeys_find() and later (for new
 	 * keys) by client_global_hostkeys_private_confirm().
 	 */
 	struct sshkey **keys;
-	int *keys_seen;
-	size_t nkeys, nnew;
+	u_int *keys_match;	/* mask of HKF_MATCH_* from hostfile.h */
+	int *keys_verified;	/* flag for new keys verified by server */
+	size_t nkeys, nnew, nincomplete; /* total, new keys, incomplete match */
 
 	/*
 	 * Keys that are in known_hosts, but were not present in the update
@@ -1822,6 +1798,12 @@
 	 */
 	struct sshkey **old_keys;
 	size_t nold;
+
+	/* Various special cases. */
+	int complex_hostspec;	/* wildcard or manual pattern-list host name */
+	int ca_available;	/* saw CA key for this host */
+	int old_key_seen;	/* saw old key with other name/addr */
+	int other_name_seen;	/* saw key with other name/addr */
 };
 
 static void
@@ -1834,7 +1816,8 @@
 	for (i = 0; i < ctx->nkeys; i++)
 		sshkey_free(ctx->keys[i]);
 	free(ctx->keys);
-	free(ctx->keys_seen);
+	free(ctx->keys_match);
+	free(ctx->keys_verified);
 	for (i = 0; i < ctx->nold; i++)
 		sshkey_free(ctx->old_keys[i]);
 	free(ctx->old_keys);
@@ -1843,6 +1826,30 @@
 	free(ctx);
 }
 
+/*
+ * Returns non-zero if a known_hosts hostname list is not of a form that
+ * can be handled by UpdateHostkeys. These include wildcard hostnames and
+ * hostnames lists that do not follow the form host[,ip].
+ */
+static int
+hostspec_is_complex(const char *hosts)
+{
+	char *cp;
+
+	/* wildcard */
+	if (strchr(hosts, '*') != NULL || strchr(hosts, '?') != NULL)
+		return 1;
+	/* single host/ip = ok */
+	if ((cp = strchr(hosts, ',')) == NULL)
+		return 0;
+	/* more than two entries on the line */
+	if (strchr(cp + 1, ',') != NULL)
+		return 1;
+	/* XXX maybe parse cp+1 and ensure it is an IP? */
+	return 0;
+}
+
+/* callback to search for ctx->keys in known_hosts */
 static int
 hostkeys_find(struct hostkey_foreach_line *l, void *_ctx)
 {
@@ -1850,25 +1857,73 @@
 	size_t i;
 	struct sshkey **tmp;
 
-	if (l->status != HKF_STATUS_MATCHED || l->key == NULL)
+	if (l->key == NULL)
 		return 0;
+	if (l->status != HKF_STATUS_MATCHED) {
+		/* Record if one of the keys appears on a non-matching line */
+		for (i = 0; i < ctx->nkeys; i++) {
+			if (sshkey_equal(l->key, ctx->keys[i])) {
+				ctx->other_name_seen = 1;
+				debug3_f("found %s key under different "
+				    "name/addr at %s:%ld",
+				    sshkey_ssh_name(ctx->keys[i]),
+				    l->path, l->linenum);
+				return 0;
+			}
+		}
+		return 0;
+	}
+	/* Don't proceed if revocation or CA markers are present */
+	/* XXX relax this */
+	if (l->marker != MRK_NONE) {
+		debug3_f("hostkeys file %s:%ld has CA/revocation marker",
+		    l->path, l->linenum);
+		ctx->complex_hostspec = 1;
+		return 0;
+	}
+
+	/* If CheckHostIP is enabled, then check for mismatched hostname/addr */
+	if (ctx->ip_str != NULL && strchr(l->hosts, ',') != NULL) {
+		if ((l->match & HKF_MATCH_HOST) == 0) {
+			/* Record if address matched a different hostname. */
+			ctx->other_name_seen = 1;
+			debug3_f("found address %s against different hostname "
+			    "at %s:%ld", ctx->ip_str, l->path, l->linenum);
+			return 0;
+		} else if ((l->match & HKF_MATCH_IP) == 0) {
+			/* Record if hostname matched a different address. */
+			ctx->other_name_seen = 1;
+			debug3_f("found hostname %s against different address "
+			    "at %s:%ld", ctx->host_str, l->path, l->linenum);
+		}
+	}
+
+	/*
+	 * UpdateHostkeys is skipped for wildcard host names and hostnames
+	 * that contain more than two entries (ssh never writes these).
+	 */
+	if (hostspec_is_complex(l->hosts)) {
+		debug3_f("hostkeys file %s:%ld complex host specification",
+		    l->path, l->linenum);
+		ctx->complex_hostspec = 1;
+		return 0;
+	}
 
 	/* Mark off keys we've already seen for this host */
 	for (i = 0; i < ctx->nkeys; i++) {
-		if (sshkey_equal(l->key, ctx->keys[i])) {
-			debug3("%s: found %s key at %s:%ld", __func__,
-			    sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum);
-			ctx->keys_seen[i] = 1;
-			return 0;
-		}
+		if (!sshkey_equal(l->key, ctx->keys[i]))
+			continue;
+		debug3_f("found %s key at %s:%ld",
+		    sshkey_ssh_name(ctx->keys[i]), l->path, l->linenum);
+		ctx->keys_match[i] |= l->match;
+		return 0;
 	}
 	/* This line contained a key that not offered by the server */
-	debug3("%s: deprecated %s key at %s:%ld", __func__,
-	    sshkey_ssh_name(l->key), l->path, l->linenum);
+	debug3_f("deprecated %s key at %s:%ld", sshkey_ssh_name(l->key),
+	    l->path, l->linenum);
 	if ((tmp = recallocarray(ctx->old_keys, ctx->nold, ctx->nold + 1,
 	    sizeof(*ctx->old_keys))) == NULL)
-		fatal("%s: recallocarray failed nold = %zu",
-		    __func__, ctx->nold);
+		fatal_f("recallocarray failed nold = %zu", ctx->nold);
 	ctx->old_keys = tmp;
 	ctx->old_keys[ctx->nold++] = l->key;
 	l->key = NULL;
@@ -1876,6 +1931,63 @@
 	return 0;
 }
 
+/* callback to search for ctx->old_keys in known_hosts under other names */
+static int
+hostkeys_check_old(struct hostkey_foreach_line *l, void *_ctx)
+{
+	struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx;
+	size_t i;
+	int hashed;
+
+	/* only care about lines that *don't* match the active host spec */
+	if (l->status == HKF_STATUS_MATCHED || l->key == NULL)
+		return 0;
+
+	hashed = l->match & (HKF_MATCH_HOST_HASHED|HKF_MATCH_IP_HASHED);
+	for (i = 0; i < ctx->nold; i++) {
+		if (!sshkey_equal(l->key, ctx->old_keys[i]))
+			continue;
+		debug3_f("found deprecated %s key at %s:%ld as %s",
+		    sshkey_ssh_name(ctx->old_keys[i]), l->path, l->linenum,
+		    hashed ? "[HASHED]" : l->hosts);
+		ctx->old_key_seen = 1;
+		break;
+	}
+	return 0;
+}
+
+/*
+ * Check known_hosts files for deprecated keys under other names. Returns 0
+ * on success or -1 on failure. Updates ctx->old_key_seen if deprecated keys
+ * exist under names other than the active hostname/IP.
+ */
+static int
+check_old_keys_othernames(struct hostkeys_update_ctx *ctx)
+{
+	size_t i;
+	int r;
+
+	debug2_f("checking for %zu deprecated keys", ctx->nold);
+	for (i = 0; i < options.num_user_hostfiles; i++) {
+		debug3_f("searching %s for %s / %s",
+		    options.user_hostfiles[i], ctx->host_str,
+		    ctx->ip_str ? ctx->ip_str : "(none)");
+		if ((r = hostkeys_foreach(options.user_hostfiles[i],
+		    hostkeys_check_old, ctx, ctx->host_str, ctx->ip_str,
+		    HKF_WANT_PARSE_KEY, 0)) != 0) {
+			if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) {
+				debug_f("hostkeys file %s does not exist",
+				    options.user_hostfiles[i]);
+				continue;
+			}
+			error_fr(r, "hostkeys_foreach failed for %s",
+			    options.user_hostfiles[i]);
+			return -1;
+		}
+	}
+	return 0;
+}
+
 static void
 hostkey_change_preamble(LogLevel loglevel)
 {
@@ -1895,11 +2007,11 @@
 	struct stat sb;
 
 	for (i = 0; i < ctx->nkeys; i++) {
-		if (ctx->keys_seen[i] != 2)
+		if (!ctx->keys_verified[i])
 			continue;
 		if ((fp = sshkey_fingerprint(ctx->keys[i],
 		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
-			fatal("%s: sshkey_fingerprint failed", __func__);
+			fatal_f("sshkey_fingerprint failed");
 		if (first && asking)
 			hostkey_change_preamble(loglevel);
 		do_log2(loglevel, "Learned new hostkey: %s %s",
@@ -1910,7 +2022,7 @@
 	for (i = 0; i < ctx->nold; i++) {
 		if ((fp = sshkey_fingerprint(ctx->old_keys[i],
 		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
-			fatal("%s: sshkey_fingerprint failed", __func__);
+			fatal_f("sshkey_fingerprint failed");
 		if (first && asking)
 			hostkey_change_preamble(loglevel);
 		do_log2(loglevel, "Deprecating obsolete hostkey: %s %s",
@@ -1959,11 +2071,12 @@
 		 */
 		if (stat(options.user_hostfiles[i], &sb) != 0) {
 			if (errno == ENOENT) {
-				debug("%s: known hosts file %s does not exist",
-				    __func__, strerror(errno));
+				debug_f("known hosts file %s does not "
+				    "exist", options.user_hostfiles[i]);
 			} else {
-				error("%s: known hosts file %s inaccessible",
-				    __func__, strerror(errno));
+				error_f("known hosts file %s "
+				    "inaccessible: %s",
+				    options.user_hostfiles[i], strerror(errno));
 			}
 			continue;
 		}
@@ -1972,8 +2085,8 @@
 		    i == 0 ? ctx->keys : NULL, i == 0 ? ctx->nkeys : 0,
 		    options.hash_known_hosts, 0,
 		    options.fingerprint_hash)) != 0) {
-			error("%s: hostfile_replace_entries failed for %s: %s",
-			    __func__, options.user_hostfiles[i], ssh_err(r));
+			error_fr(r, "hostfile_replace_entries failed for %s",
+			    options.user_hostfiles[i]);
 		}
 	}
 }
@@ -1990,7 +2103,7 @@
 	size_t siglen;
 
 	if (ctx->nnew == 0)
-		fatal("%s: ctx->nnew == 0", __func__); /* sanity */
+		fatal_f("ctx->nnew == 0"); /* sanity */
 	if (type != SSH2_MSG_REQUEST_SUCCESS) {
 		error("Server failed to confirm ownership of "
 		    "private host keys");
@@ -2001,31 +2114,26 @@
 	    sshkey_type_from_name(ssh->kex->hostkey_alg));
 
 	if ((signdata = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
-	/* Don't want to accidentally accept an unbound signature */
-	if (ssh->kex->session_id_len == 0)
-		fatal("%s: ssh->kex->session_id_len == 0", __func__);
+		fatal_f("sshbuf_new failed");
 	/*
 	 * Expect a signature for each of the ctx->nnew private keys we
 	 * haven't seen before. They will be in the same order as the
-	 * ctx->keys where the corresponding ctx->keys_seen[i] == 0.
+	 * ctx->keys where the corresponding ctx->keys_match[i] == 0.
 	 */
 	for (ndone = i = 0; i < ctx->nkeys; i++) {
-		if (ctx->keys_seen[i])
+		if (ctx->keys_match[i])
 			continue;
 		/* Prepare data to be signed: session ID, unique string, key */
 		sshbuf_reset(signdata);
 		if ( (r = sshbuf_put_cstring(signdata,
 		    "hostkeys-prove-00@openssh.com")) != 0 ||
-		    (r = sshbuf_put_string(signdata, ssh->kex->session_id,
-		    ssh->kex->session_id_len)) != 0 ||
+		    (r = sshbuf_put_stringb(signdata,
+		    ssh->kex->session_id)) != 0 ||
 		    (r = sshkey_puts(ctx->keys[i], signdata)) != 0)
-			fatal("%s: failed to prepare signature: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "compose signdata");
 		/* Extract and verify signature */
 		if ((r = sshpkt_get_string_direct(ssh, &sig, &siglen)) != 0) {
-			error("%s: couldn't parse message: %s",
-			    __func__, ssh_err(r));
+			error_fr(r, "parse sig");
 			goto out;
 		}
 		/*
@@ -2034,23 +2142,26 @@
 		 */
 		use_kexsigtype = kexsigtype == KEY_RSA &&
 		    sshkey_type_plain(ctx->keys[i]->type) == KEY_RSA;
+		debug3_f("verify %s key %zu using %s sigalg",
+		    sshkey_type(ctx->keys[i]), i,
+		    use_kexsigtype ? ssh->kex->hostkey_alg : "default");
 		if ((r = sshkey_verify(ctx->keys[i], sig, siglen,
 		    sshbuf_ptr(signdata), sshbuf_len(signdata),
 		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL, 0,
 		    NULL)) != 0) {
-			error("%s: server gave bad signature for %s key %zu",
-			    __func__, sshkey_type(ctx->keys[i]), i);
+			error_fr(r, "server gave bad signature for %s key %zu",
+			    sshkey_type(ctx->keys[i]), i);
 			goto out;
 		}
 		/* Key is good. Mark it as 'seen' */
-		ctx->keys_seen[i] = 2;
+		ctx->keys_verified[i] = 1;
 		ndone++;
 	}
+	/* Shouldn't happen */
 	if (ndone != ctx->nnew)
-		fatal("%s: ndone != ctx->nnew (%zu / %zu)", __func__,
-		    ndone, ctx->nnew);  /* Shouldn't happen */
+		fatal_f("ndone != ctx->nnew (%zu / %zu)", ndone, ctx->nnew);
 	if ((r = sshpkt_get_end(ssh)) != 0) {
-		error("%s: protocol error", __func__);
+		error_f("protocol error");
 		goto out;
 	}
 
@@ -2096,9 +2207,10 @@
 	static int hostkeys_seen = 0; /* XXX use struct ssh */
 	extern struct sockaddr_storage hostaddr; /* XXX from ssh.c */
 	struct hostkeys_update_ctx *ctx = NULL;
+	u_int want;
 
 	if (hostkeys_seen)
-		fatal("%s: server already sent hostkeys", __func__);
+		fatal_f("server already sent hostkeys");
 	if (options.update_hostkeys == SSH_UPDATE_HOSTKEYS_ASK &&
 	    options.batch_mode)
 		return 1; /* won't ask in batchmode, so don't even try */
@@ -2110,59 +2222,59 @@
 		sshkey_free(key);
 		key = NULL;
 		if ((r = sshpkt_get_string_direct(ssh, &blob, &len)) != 0) {
-			error("%s: couldn't parse message: %s",
-			    __func__, ssh_err(r));
+			error_fr(r, "parse key");
 			goto out;
 		}
 		if ((r = sshkey_from_blob(blob, len, &key)) != 0) {
-			do_log2(r == SSH_ERR_KEY_TYPE_UNKNOWN ?
+			do_log2_fr(r, r == SSH_ERR_KEY_TYPE_UNKNOWN ?
 			    SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_ERROR,
-			    "%s: parse key: %s", __func__, ssh_err(r));
+			    "convert key");
 			continue;
 		}
 		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT);
-		debug3("%s: received %s key %s", __func__,
-		    sshkey_type(key), fp);
+		debug3_f("received %s key %s", sshkey_type(key), fp);
 		free(fp);
 
 		if (!key_accepted_by_hostkeyalgs(key)) {
-			debug3("%s: %s key not permitted by HostkeyAlgorithms",
-			    __func__, sshkey_ssh_name(key));
+			debug3_f("%s key not permitted by "
+			    "HostkeyAlgorithms", sshkey_ssh_name(key));
 			continue;
 		}
 		/* Skip certs */
 		if (sshkey_is_cert(key)) {
-			debug3("%s: %s key is a certificate; skipping",
-			    __func__, sshkey_ssh_name(key));
+			debug3_f("%s key is a certificate; skipping",
+			    sshkey_ssh_name(key));
 			continue;
 		}
 		/* Ensure keys are unique */
 		for (i = 0; i < ctx->nkeys; i++) {
 			if (sshkey_equal(key, ctx->keys[i])) {
-				error("%s: received duplicated %s host key",
-				    __func__, sshkey_ssh_name(key));
+				error_f("received duplicated %s host key",
+				    sshkey_ssh_name(key));
 				goto out;
 			}
 		}
 		/* Key is good, record it */
 		if ((tmp = recallocarray(ctx->keys, ctx->nkeys, ctx->nkeys + 1,
 		    sizeof(*ctx->keys))) == NULL)
-			fatal("%s: recallocarray failed nkeys = %zu",
-			    __func__, ctx->nkeys);
+			fatal_f("recallocarray failed nkeys = %zu",
+			    ctx->nkeys);
 		ctx->keys = tmp;
 		ctx->keys[ctx->nkeys++] = key;
 		key = NULL;
 	}
 
 	if (ctx->nkeys == 0) {
-		debug("%s: server sent no hostkeys", __func__);
+		debug_f("server sent no hostkeys");
 		goto out;
 	}
 
-	if ((ctx->keys_seen = calloc(ctx->nkeys,
-	    sizeof(*ctx->keys_seen))) == NULL)
-		fatal("%s: calloc failed", __func__);
+	if ((ctx->keys_match = calloc(ctx->nkeys,
+	    sizeof(*ctx->keys_match))) == NULL ||
+	    (ctx->keys_verified = calloc(ctx->nkeys,
+	    sizeof(*ctx->keys_verified))) == NULL)
+		fatal_f("calloc failed");
 
 	get_hostfile_hostname_ipaddr(host,
 	    options.check_host_ip ? (struct sockaddr *)&hostaddr : NULL,
@@ -2171,69 +2283,108 @@
 
 	/* Find which keys we already know about. */
 	for (i = 0; i < options.num_user_hostfiles; i++) {
-		debug("%s: searching %s for %s / %s", __func__,
+		debug_f("searching %s for %s / %s",
 		    options.user_hostfiles[i], ctx->host_str,
 		    ctx->ip_str ? ctx->ip_str : "(none)");
 		if ((r = hostkeys_foreach(options.user_hostfiles[i],
 		    hostkeys_find, ctx, ctx->host_str, ctx->ip_str,
-		    HKF_WANT_PARSE_KEY|HKF_WANT_MATCH)) != 0) {
+		    HKF_WANT_PARSE_KEY, 0)) != 0) {
 			if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) {
-				debug("%s: hostkeys file %s does not exist",
-				    __func__, options.user_hostfiles[i]);
+				debug_f("hostkeys file %s does not exist",
+				    options.user_hostfiles[i]);
 				continue;
 			}
-			error("%s: hostkeys_foreach failed for %s: %s",
-			    __func__, options.user_hostfiles[i], ssh_err(r));
+			error_fr(r, "hostkeys_foreach failed for %s",
+			    options.user_hostfiles[i]);
 			goto out;
 		}
 	}
 
 	/* Figure out if we have any new keys to add */
-	ctx->nnew = 0;
+	ctx->nnew = ctx->nincomplete = 0;
+	want = HKF_MATCH_HOST | ( options.check_host_ip ? HKF_MATCH_IP : 0);
 	for (i = 0; i < ctx->nkeys; i++) {
-		if (!ctx->keys_seen[i])
+		if (ctx->keys_match[i] == 0)
 			ctx->nnew++;
+		if ((ctx->keys_match[i] & want) != want)
+			ctx->nincomplete++;
 	}
 
-	debug3("%s: %zu keys from server: %zu new, %zu retained. %zu to remove",
-	    __func__, ctx->nkeys, ctx->nnew, ctx->nkeys - ctx->nnew, ctx->nold);
+	debug3_f("%zu server keys: %zu new, %zu retained, "
+	    "%zu incomplete match. %zu to remove", ctx->nkeys, ctx->nnew,
+	    ctx->nkeys - ctx->nnew - ctx->nincomplete,
+	    ctx->nincomplete, ctx->nold);
 
-	if (ctx->nnew == 0 && ctx->nold != 0) {
-		/* We have some keys to remove. Just do it. */
-		update_known_hosts(ctx);
-	} else if (ctx->nnew != 0) {
-		/*
-		 * We have received hitherto-unseen keys from the server.
-		 * Ask the server to confirm ownership of the private halves.
-		 */
-		debug3("%s: asking server to prove ownership for %zu keys",
-		    __func__, ctx->nnew);
-		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
-		    (r = sshpkt_put_cstring(ssh,
-		    "hostkeys-prove-00@openssh.com")) != 0 ||
-		    (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */
-			fatal("%s: cannot prepare packet: %s",
-			    __func__, ssh_err(r));
-		if ((buf = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new", __func__);
-		for (i = 0; i < ctx->nkeys; i++) {
-			if (ctx->keys_seen[i])
-				continue;
-			sshbuf_reset(buf);
-			if ((r = sshkey_putb(ctx->keys[i], buf)) != 0)
-				fatal("%s: sshkey_putb: %s",
-				    __func__, ssh_err(r));
-			if ((r = sshpkt_put_stringb(ssh, buf)) != 0)
-				fatal("%s: sshpkt_put_string: %s",
-				    __func__, ssh_err(r));
+	if (ctx->nnew == 0 && ctx->nold == 0) {
+		debug_f("no new or deprecated keys from server");
+		goto out;
+	}
+
+	/* Various reasons why we cannot proceed with the update */
+	if (ctx->complex_hostspec) {
+		debug_f("CA/revocation marker, manual host list or wildcard "
+		    "host pattern found, skipping UserKnownHostsFile update");
+		goto out;
+	}
+	if (ctx->other_name_seen) {
+		debug_f("host key found matching a different name/address, "
+		    "skipping UserKnownHostsFile update");
+		goto out;
+	}
+	/*
+	 * If removing keys, check whether they appear under different
+	 * names/addresses and refuse to proceed if they do. This avoids
+	 * cases such as hosts with multiple names becoming inconsistent
+	 * with regards to CheckHostIP entries.
+	 * XXX UpdateHostkeys=force to override this (and other) checks?
+	 */
+	if (ctx->nold != 0) {
+		if (check_old_keys_othernames(ctx) != 0)
+			goto out; /* error already logged */
+		if (ctx->old_key_seen) {
+			debug_f("key(s) for %s%s%s exist under other names; "
+			    "skipping UserKnownHostsFile update",
+			    ctx->host_str, ctx->ip_str == NULL ? "" : ",",
+			    ctx->ip_str == NULL ? "" : ctx->ip_str);
+			goto out;
 		}
-		if ((r = sshpkt_send(ssh)) != 0)
-			fatal("%s: sshpkt_send: %s", __func__, ssh_err(r));
-		client_register_global_confirm(
-		    client_global_hostkeys_private_confirm, ctx);
-		ctx = NULL;  /* will be freed in callback */
 	}
 
+	if (ctx->nnew == 0) {
+		/*
+		 * We have some keys to remove or fix matching for.
+		 * We can proceed to do this without requiring a fresh proof
+		 * from the server.
+		 */
+		update_known_hosts(ctx);
+		goto out;
+	}
+	/*
+	 * We have received previously-unseen keys from the server.
+	 * Ask the server to confirm ownership of the private halves.
+	 */
+	debug3_f("asking server to prove ownership for %zu keys", ctx->nnew);
+	if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh,
+	    "hostkeys-prove-00@openssh.com")) != 0 ||
+	    (r = sshpkt_put_u8(ssh, 1)) != 0) /* bool: want reply */
+		fatal_fr(r, "prepare hostkeys-prove");
+	if ((buf = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new");
+	for (i = 0; i < ctx->nkeys; i++) {
+		if (ctx->keys_match[i])
+			continue;
+		sshbuf_reset(buf);
+		if ((r = sshkey_putb(ctx->keys[i], buf)) != 0 ||
+		    (r = sshpkt_put_stringb(ssh, buf)) != 0)
+			fatal_fr(r, "assemble hostkeys-prove");
+	}
+	if ((r = sshpkt_send(ssh)) != 0)
+		fatal_fr(r, "send hostkeys-prove");
+	client_register_global_confirm(
+	    client_global_hostkeys_private_confirm, ctx);
+	ctx = NULL;  /* will be freed in callback */
+
 	/* Success */
  out:
 	hostkeys_update_ctx_free(ctx);
@@ -2273,6 +2424,19 @@
 	return r;
 }
 
+static void
+client_send_env(struct ssh *ssh, int id, const char *name, const char *val)
+{
+	int r;
+
+	debug("channel %d: setting env %s = \"%s\"", id, name, val);
+	channel_request_start(ssh, id, "env", 0);
+	if ((r = sshpkt_put_cstring(ssh, name)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, val)) != 0 ||
+	    (r = sshpkt_send(ssh)) != 0)
+		fatal_fr(r, "send setenv");
+}
+
 void
 client_session2_setup(struct ssh *ssh, int id, int want_tty, int want_subsystem,
     const char *term, struct termios *tiop, int in_fd, struct sshbuf *cmd,
@@ -2282,10 +2446,10 @@
 	char *name, *val;
 	Channel *c = NULL;
 
-	debug2("%s: id %d", __func__, id);
+	debug2_f("id %d", id);
 
 	if ((c = channel_lookup(ssh, id)) == NULL)
-		fatal("%s: channel %d: unknown channel", __func__, id);
+		fatal_f("channel %d: unknown channel", id);
 
 	ssh_packet_set_interactive(ssh, want_tty,
 	    options.ip_qos_interactive, options.ip_qos_bulk);
@@ -2305,12 +2469,12 @@
 		    (r = sshpkt_put_u32(ssh, (u_int)ws.ws_row)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, (u_int)ws.ws_xpixel)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, (u_int)ws.ws_ypixel)) != 0)
-			fatal("%s: build packet: %s", __func__, ssh_err(r));
+			fatal_fr(r, "build pty-req");
 		if (tiop == NULL)
 			tiop = get_saved_tio();
 		ssh_tty_make_modes(ssh, -1, tiop);
 		if ((r = sshpkt_send(ssh)) != 0)
-			fatal("%s: send packet: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send pty-req");
 		/* XXX wait for reply */
 		c->client_tty = 1;
 	}
@@ -2339,15 +2503,7 @@
 				free(name);
 				continue;
 			}
-
-			debug("Sending env %s = %s", name, val);
-			channel_request_start(ssh, id, "env", 0);
-			if ((r = sshpkt_put_cstring(ssh, name)) != 0 ||
-			    (r = sshpkt_put_cstring(ssh, val)) != 0 ||
-			    (r = sshpkt_send(ssh)) != 0) {
-				fatal("%s: send packet: %s",
-				    __func__, ssh_err(r));
-			}
+			client_send_env(ssh, id, name, val);
 			free(name);
 		}
 	}
@@ -2359,13 +2515,7 @@
 			continue;
 		}
 		*val++ = '\0';
-
-		debug("Setting env %s = %s", name, val);
-		channel_request_start(ssh, id, "env", 0);
-		if ((r = sshpkt_put_cstring(ssh, name)) != 0 ||
-		    (r = sshpkt_put_cstring(ssh, val)) != 0 ||
-		    (r = sshpkt_send(ssh)) != 0)
-			fatal("%s: send packet: %s", __func__, ssh_err(r));
+		client_send_env(ssh, id, name, val);
 		free(name);
 	}
 
@@ -2387,14 +2537,12 @@
 		}
 		if ((r = sshpkt_put_stringb(ssh, cmd)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0)
-			fatal("%s: send command: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send command");
 	} else {
 		channel_request_start(ssh, id, "shell", 1);
 		client_expect_confirm(ssh, id, "shell", CONFIRM_CLOSE);
-		if ((r = sshpkt_send(ssh)) != 0) {
-			fatal("%s: send shell request: %s",
-			    __func__, ssh_err(r));
-		}
+		if ((r = sshpkt_send(ssh)) != 0)
+			fatal_fr(r, "send shell");
 	}
 }
 
@@ -2433,7 +2581,7 @@
 	 * If we are in persist mode, or don't have a shell, signal that we
 	 * should close when all active channels are closed.
 	 */
-	if (options.control_persist || no_shell_flag) {
+	if (options.control_persist || options.session_type == SESSION_TYPE_NONE) {
 		session_closed = 1;
 		setproctitle("[stopped mux]");
 	}

compat.c

diff --git a/compat.c b/compat.c
index 0624dc6..0dbea68 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.113 2018/08/13 02:41:05 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.119 2021/09/10 05:46:09 djm Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -38,11 +38,9 @@
 #include "match.h"
 #include "kex.h"
 
-int datafellows = 0;
-
-/* datafellows bug compatibility */
-u_int
-compat_datafellows(const char *version)
+/* determine bug flags from SSH protocol banner */
+void
+compat_banner(struct ssh *ssh, const char *version)
 {
 	int i;
 	static struct {
@@ -65,11 +63,12 @@
 		{ "OpenSSH_6.5*,"
 		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD|
 					SSH_BUG_SIGTYPE},
+		{ "OpenSSH_7.4*",	SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE|
+					SSH_BUG_SIGTYPE74},
 		{ "OpenSSH_7.0*,"
 		  "OpenSSH_7.1*,"
 		  "OpenSSH_7.2*,"
 		  "OpenSSH_7.3*,"
-		  "OpenSSH_7.4*,"
 		  "OpenSSH_7.5*,"
 		  "OpenSSH_7.6*,"
 		  "OpenSSH_7.7*",	SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE},
@@ -145,89 +144,63 @@
 	};
 
 	/* process table, return first match */
+	ssh->compat = 0;
 	for (i = 0; check[i].pat; i++) {
 		if (match_pattern_list(version, check[i].pat, 0) == 1) {
-			debug("match: %s pat %s compat 0x%08x",
+			debug_f("match: %s pat %s compat 0x%08x",
 			    version, check[i].pat, check[i].bugs);
-			datafellows = check[i].bugs;	/* XXX for now */
-			return check[i].bugs;
+			ssh->compat = check[i].bugs;
+			return;
 		}
 	}
-	debug("no match: %s", version);
-	return 0;
-}
-
-#define	SEP	","
-int
-proto_spec(const char *spec)
-{
-	char *s, *p, *q;
-	int ret = SSH_PROTO_UNKNOWN;
-
-	if (spec == NULL)
-		return ret;
-	q = s = strdup(spec);
-	if (s == NULL)
-		return ret;
-	for ((p = strsep(&q, SEP)); p && *p != '\0'; (p = strsep(&q, SEP))) {
-		switch (atoi(p)) {
-		case 2:
-			ret |= SSH_PROTO_2;
-			break;
-		default:
-			logit("ignoring bad proto spec: '%s'.", p);
-			break;
-		}
-	}
-	free(s);
-	return ret;
+	debug_f("no match: %s", version);
 }
 
 char *
-compat_cipher_proposal(char *cipher_prop)
+compat_cipher_proposal(struct ssh *ssh, char *cipher_prop)
 {
-	if (!(datafellows & SSH_BUG_BIGENDIANAES))
+	if (!(ssh->compat & SSH_BUG_BIGENDIANAES))
 		return cipher_prop;
-	debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
-	if ((cipher_prop = match_filter_blacklist(cipher_prop, "aes*")) == NULL)
-		fatal("match_filter_blacklist failed");
-	debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
+	debug2_f("original cipher proposal: %s", cipher_prop);
+	if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL)
+		fatal("match_filter_denylist failed");
+	debug2_f("compat cipher proposal: %s", cipher_prop);
 	if (*cipher_prop == '\0')
 		fatal("No supported ciphers found");
 	return cipher_prop;
 }
 
 char *
-compat_pkalg_proposal(char *pkalg_prop)
+compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop)
 {
-	if (!(datafellows & SSH_BUG_RSASIGMD5))
+	if (!(ssh->compat & SSH_BUG_RSASIGMD5))
 		return pkalg_prop;
-	debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
-	if ((pkalg_prop = match_filter_blacklist(pkalg_prop, "ssh-rsa")) == NULL)
-		fatal("match_filter_blacklist failed");
-	debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
+	debug2_f("original public key proposal: %s", pkalg_prop);
+	if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL)
+		fatal("match_filter_denylist failed");
+	debug2_f("compat public key proposal: %s", pkalg_prop);
 	if (*pkalg_prop == '\0')
 		fatal("No supported PK algorithms found");
 	return pkalg_prop;
 }
 
 char *
-compat_kex_proposal(char *p)
+compat_kex_proposal(struct ssh *ssh, char *p)
 {
-	if ((datafellows & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
+	if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0)
 		return p;
-	debug2("%s: original KEX proposal: %s", __func__, p);
-	if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
-		if ((p = match_filter_blacklist(p,
+	debug2_f("original KEX proposal: %s", p);
+	if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0)
+		if ((p = match_filter_denylist(p,
 		    "curve25519-sha256@libssh.org")) == NULL)
-			fatal("match_filter_blacklist failed");
-	if ((datafellows & SSH_OLD_DHGEX) != 0) {
-		if ((p = match_filter_blacklist(p,
+			fatal("match_filter_denylist failed");
+	if ((ssh->compat & SSH_OLD_DHGEX) != 0) {
+		if ((p = match_filter_denylist(p,
 		    "diffie-hellman-group-exchange-sha256,"
 		    "diffie-hellman-group-exchange-sha1")) == NULL)
-			fatal("match_filter_blacklist failed");
+			fatal("match_filter_denylist failed");
 	}
-	debug2("%s: compat KEX proposal: %s", __func__, p);
+	debug2_f("compat KEX proposal: %s", p);
 	if (*p == '\0')
 		fatal("No supported key exchange algorithms found");
 	return p;

compat.h

diff --git a/compat.h b/compat.h
index d611d33..167409b 100644
--- a/compat.h
+++ b/compat.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.h,v 1.54 2018/08/13 02:41:05 djm Exp $ */
+/* $OpenBSD: compat.h,v 1.57 2021/06/06 03:40:39 djm Exp $ */
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -27,14 +27,9 @@
 #ifndef COMPAT_H
 #define COMPAT_H
 
-#define	SSH_PROTO_UNKNOWN	0x00
-#define	SSH_PROTO_1		0x01
-#define	SSH_PROTO_1_PREFERRED	0x02
-#define	SSH_PROTO_2		0x04
-
 #define SSH_BUG_UTF8TTYMODE	0x00000001
 #define SSH_BUG_SIGTYPE		0x00000002
-/* #define unused		0x00000004 */
+#define SSH_BUG_SIGTYPE74	0x00000004
 /* #define unused		0x00000008 */
 #define SSH_OLD_SESSIONID	0x00000010
 /* #define unused		0x00000020 */
@@ -63,11 +58,10 @@
 #define SSH_BUG_HOSTKEYS	0x20000000
 #define SSH_BUG_DHGEX_LARGE	0x40000000
 
-u_int    compat_datafellows(const char *);
-int	 proto_spec(const char *);
-char	*compat_cipher_proposal(char *);
-char	*compat_pkalg_proposal(char *);
-char	*compat_kex_proposal(char *);
+struct ssh;
 
-extern int datafellows;
+void    compat_banner(struct ssh *, const char *);
+char	*compat_cipher_proposal(struct ssh *, char *);
+char	*compat_pkalg_proposal(struct ssh *, char *);
+char	*compat_kex_proposal(struct ssh *, char *);
 #endif

configure.ac

diff --git a/configure.ac b/configure.ac
index 4603837..413913a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -14,12 +14,23 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.583 $)
+AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
 
-AC_CONFIG_HEADER([config.h])
+AC_CONFIG_HEADERS([config.h])
 AC_PROG_CC([cc gcc])
+
+# XXX relax this after reimplementing logit() etc.
+AC_MSG_CHECKING([if $CC supports C99-style variadic macros])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+int f(int a, int b, int c) { return a + b + c; }
+#define F(a, ...) f(a, __VA_ARGS__)
+]], [[return F(1, 2, -3);]])],
+	[ AC_MSG_RESULT([yes]) ],
+	[ AC_MSG_ERROR([*** OpenSSH requires support for C99-style variadic macros]) ]
+)
+
 AC_CANONICAL_HOST
 AC_C_BIGENDIAN
 
@@ -34,8 +45,6 @@
 AC_PATH_PROG([CAT], [cat])
 AC_PATH_PROG([KILL], [kill])
 AC_PATH_PROG([SED], [sed])
-AC_PATH_PROG([ENT], [ent])
-AC_SUBST([ENT])
 AC_PATH_PROG([TEST_MINUS_S_SH], [bash])
 AC_PATH_PROG([TEST_MINUS_S_SH], [ksh])
 AC_PATH_PROG([TEST_MINUS_S_SH], [sh])
@@ -164,6 +173,7 @@
 	OSSH_CHECK_CFLAG_COMPILE([-Wformat-security])
 	OSSH_CHECK_CFLAG_COMPILE([-Wsizeof-pointer-memaccess])
 	OSSH_CHECK_CFLAG_COMPILE([-Wpointer-sign], [-Wno-pointer-sign])
+	OSSH_CHECK_CFLAG_COMPILE([-Wunused-parameter], [-Wno-unused-parameter])
 	OSSH_CHECK_CFLAG_COMPILE([-Wunused-result], [-Wno-unused-result])
 	OSSH_CHECK_CFLAG_COMPILE([-Wimplicit-fallthrough])
 	OSSH_CHECK_CFLAG_COMPILE([-fno-strict-aliasing])
@@ -287,6 +297,26 @@
 	 [compiler does not accept __attribute__ on prototype args]) ]
 )
 
+AC_MSG_CHECKING([if compiler supports variable length arrays])
+AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM([[#include <stdlib.h>]],
+    [[ int i; for (i=0; i<3; i++){int a[i]; a[i-1]=0;} exit(0); ]])],
+    [ AC_MSG_RESULT([yes])
+      AC_DEFINE(VARIABLE_LENGTH_ARRAYS, [1],
+	 [compiler supports variable length arrays]) ],
+    [ AC_MSG_RESULT([no]) ]
+)
+
+AC_MSG_CHECKING([if compiler accepts variable declarations after code])
+AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM([[#include <stdlib.h>]],
+    [[ int a; a = 1; int b = 1; exit(a-b); ]])],
+    [ AC_MSG_RESULT([yes])
+      AC_DEFINE(VARIABLE_DECLARATION_AFTER_CODE, [1],
+	 [compiler variable declarations after code]) ],
+    [ AC_MSG_RESULT([no]) ]
+)
+
 if test "x$no_attrib_nonnull" != "x1" ; then
 	AC_DEFINE([HAVE_ATTRIBUTE__NONNULL__], [1], [Have attribute nonnull])
 fi
@@ -424,6 +454,7 @@
 	sys/ndir.h \
 	sys/poll.h \
 	sys/prctl.h \
+	sys/procctl.h \
 	sys/pstat.h \
 	sys/ptrace.h \
 	sys/random.h \
@@ -652,7 +683,9 @@
 *-*-darwin*)
 	use_pie=auto
 	AC_MSG_CHECKING([if we have working getaddrinfo])
-	AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include <mach-o/dyld.h>
+	AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <mach-o/dyld.h>
+#include <stdlib.h>
 main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16))
 		exit(0);
 	else
@@ -912,6 +945,9 @@
 			;;
 		esac
 		;;
+	riscv64-*)
+		seccomp_audit_arch=AUDIT_ARCH_RISCV64
+		;;
 	esac
 	if test "x$seccomp_audit_arch" != "x" ; then
 		AC_MSG_RESULT(["$seccomp_audit_arch"])
@@ -1233,7 +1269,7 @@
 esac
 
 AC_MSG_CHECKING([compiler and flags for sanity])
-AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]], [[ exit(0); ]])],
+AC_RUN_IFELSE([AC_LANG_PROGRAM([[ #include <stdlib.h> ]], [[ exit(0); ]])],
 	[	AC_MSG_RESULT([yes]) ],
 	[
 		AC_MSG_RESULT([no])
@@ -1257,6 +1293,7 @@
 				[AC_LANG_SOURCE([[
 #include <libgen.h>
 #include <string.h>
+#include <stdlib.h>
 
 int main(int argc, char **argv) {
     char *s, buf[32];
@@ -1420,6 +1457,10 @@
 AC_SEARCH_LIBS([inet_ntop], [resolv nsl])
 AC_SEARCH_LIBS([gethostbyname], [resolv nsl])
 
+# Some Linux distribtions ship the BSD libc hashing functions in
+# separate libraries.
+AC_SEARCH_LIBS([SHA256Update], [md bsd])
+
 # "Particular Function Checks"
 # see https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Functions.html
 AC_FUNC_STRFTIME
@@ -1508,7 +1549,9 @@
 AC_RUN_IFELSE(
 	[AC_LANG_PROGRAM([[
 #include <sys/types.h>
-#include <dirent.h>]],
+#include <dirent.h>
+#include <stdlib.h>
+	]],
 	[[
 	struct dirent d;
 	exit(sizeof(d.d_name)<=sizeof(char));
@@ -1622,7 +1665,10 @@
 		)
 		AC_MSG_CHECKING([if libedit version is compatible])
 		AC_COMPILE_IFELSE(
-		    [AC_LANG_PROGRAM([[ #include <histedit.h> ]],
+		    [AC_LANG_PROGRAM([[
+#include <histedit.h>
+#include <stdlib.h>
+		    ]],
 		    [[
 	int i = H_SETSIZE;
 	el_init("", NULL, NULL, NULL);
@@ -1774,6 +1820,7 @@
 	err \
 	errx \
 	explicit_bzero \
+	explicit_memset \
 	fchmod \
 	fchmodat \
 	fchown \
@@ -1809,6 +1856,7 @@
 	llabs \
 	localtime_r \
 	login_getcapbool \
+	login_getpwclass \
 	md5_crypt \
 	memmem \
 	memmove \
@@ -1821,6 +1869,8 @@
 	pledge \
 	poll \
 	prctl \
+	procctl \
+	pselect \
 	pstat \
 	raise \
 	readpassphrase \
@@ -1971,7 +2021,7 @@
 
 dnl check if we need -D_REENTRANT for localtime_r declaration.
 AC_CHECK_DECL([localtime_r], [],
-	[ saved_CPPFLAGS="$CFLAGS"
+	[ saved_CPPFLAGS="$CPPFLAGS"
 	  CPPFLAGS="$CPPFLAGS -D_REENTRANT"
 	  unset ac_cv_have_decl_localtime_r
 	  AC_CHECK_DECL([localtime_r], [],
@@ -2112,7 +2162,11 @@
 
 AC_MSG_CHECKING([for working fflush(NULL)])
 AC_RUN_IFELSE(
-	[AC_LANG_PROGRAM([[#include <stdio.h>]], [[fflush(NULL); exit(0);]])],
+	[AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <stdlib.h>
+	]],
+	[[fflush(NULL); exit(0);]])],
 	AC_MSG_RESULT([yes]),
 	[AC_MSG_RESULT([no])
 	 AC_DEFINE([FFLUSH_NULL_BUG], [1],
@@ -2148,7 +2202,10 @@
 if test "x$ac_cv_func_snprintf" = "xyes" ; then
 	AC_MSG_CHECKING([whether snprintf correctly terminates long strings])
 	AC_RUN_IFELSE(
-		[AC_LANG_PROGRAM([[ #include <stdio.h> ]],
+		[AC_LANG_PROGRAM([[
+#include <stdio.h>
+#include <stdlib.h>
+		]],
 		[[
 	char b[5];
 	snprintf(b,5,"123456789");
@@ -2171,6 +2228,8 @@
 		[AC_LANG_PROGRAM([[
 #include <sys/types.h>
 #include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
 		]],
 		[[
 	size_t a = 1, b = 2;
@@ -2257,39 +2316,14 @@
         ])
 fi
 
-dnl see whether mkstemp() requires XXXXXX
-if test "x$ac_cv_func_mkdtemp" = "xyes" ; then
-AC_MSG_CHECKING([for (overly) strict mkstemp])
-AC_RUN_IFELSE(
-	[AC_LANG_PROGRAM([[
-#include <stdlib.h>
-	]], [[
-	char template[]="conftest.mkstemp-test";
-	if (mkstemp(template) == -1)
-		exit(1);
-	unlink(template);
-	exit(0);
-	]])],
-	[
-		AC_MSG_RESULT([no])
-	],
-	[
-		AC_MSG_RESULT([yes])
-		AC_DEFINE([HAVE_STRICT_MKSTEMP], [1], [Silly mkstemp()])
-	],
-	[
-		AC_MSG_RESULT([yes])
-		AC_DEFINE([HAVE_STRICT_MKSTEMP])
-	]
-)
-fi
-
 dnl make sure that openpty does not reacquire controlling terminal
 if test ! -z "$check_for_openpty_ctty_bug"; then
 	AC_MSG_CHECKING([if openpty correctly handles controlling tty])
 	AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
 #include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
 #include <sys/fcntl.h>
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -2336,6 +2370,7 @@
 	AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
 #include <stdio.h>
+#include <stdlib.h>
 #include <sys/socket.h>
 #include <netdb.h>
 #include <errno.h>
@@ -2404,6 +2439,7 @@
 	AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
 #include <stdio.h>
+#include <stdlib.h>
 #include <sys/socket.h>
 #include <netdb.h>
 #include <errno.h>
@@ -2466,7 +2502,10 @@
 
 if test "x$check_for_conflicting_getspnam" = "x1"; then
 	AC_MSG_CHECKING([for conflicting getspnam in shadow.h])
-	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <shadow.h> ]],
+	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+#include <shadow.h>
+#include <stdlib.h>
+		]],
 		[[ exit(0); ]])],
 		[
 			AC_MSG_RESULT([no])
@@ -2496,6 +2535,7 @@
 #include <signal.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 #include <vis.h>
 static void sighandler(int sig) { _exit(1); }
 		]], [[
@@ -2524,6 +2564,7 @@
 #include <sys/time.h>
 #include <stdlib.h>
 #include <signal.h>
+#include <unistd.h>
 static void sighandler(int sig) { }
 		]], [[
 	int r;
@@ -2680,6 +2721,7 @@
 	AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
 	#include <stdio.h>
+	#include <stdlib.h>
 	#include <string.h>
 	#include <openssl/opensslv.h>
 	#include <openssl/crypto.h>
@@ -2721,7 +2763,8 @@
 				;;
 			101*)   ;; # 1.1.x
 			200*)   ;; # LibreSSL
-			300*)   ;; # OpenSSL development branch.
+			300*)   ;; # OpenSSL 3
+			301*)   ;; # OpenSSL development branch.
 		        *)
 				AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
 		                ;;
@@ -2741,6 +2784,7 @@
 	AC_MSG_CHECKING([whether OpenSSL's headers match the library])
 	AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
+	#include <stdlib.h>
 	#include <string.h>
 	#include <openssl/opensslv.h>
 	#include <openssl/crypto.h>
@@ -2841,6 +2885,7 @@
 		EVP_CIPHER_CTX_iv \
 		EVP_CIPHER_CTX_iv_noconst \
 		EVP_CIPHER_CTX_get_iv \
+		EVP_CIPHER_CTX_get_updated_iv \
 		EVP_CIPHER_CTX_set_iv \
 		RSA_get0_crt_params \
 		RSA_get0_factors \
@@ -2880,6 +2925,7 @@
 	AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
 	AC_LINK_IFELSE(
 		[AC_LANG_PROGRAM([[
+	#include <stdlib.h>
 	#include <string.h>
 	#include <openssl/evp.h>
 		]], [[
@@ -2899,6 +2945,7 @@
 	AC_MSG_CHECKING([whether OpenSSL has AES CTR via EVP])
 	AC_LINK_IFELSE(
 		[AC_LANG_PROGRAM([[
+	#include <stdlib.h>
 	#include <string.h>
 	#include <openssl/evp.h>
 		]], [[
@@ -2920,6 +2967,7 @@
 	AC_MSG_CHECKING([whether OpenSSL has AES GCM via EVP])
 	AC_LINK_IFELSE(
 		[AC_LANG_PROGRAM([[
+	#include <stdlib.h>
 	#include <string.h>
 	#include <openssl/evp.h>
 		]], [[
@@ -2947,6 +2995,7 @@
 	AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
 	AC_LINK_IFELSE(
 		[AC_LANG_PROGRAM([[
+	#include <stdlib.h>
 	#include <string.h>
 	#include <openssl/evp.h>
 		]], [[
@@ -3033,6 +3082,7 @@
 		  AC_MSG_CHECKING([if OpenSSL's NID_secp521r1 is functional])
 		  AC_RUN_IFELSE(
 			[AC_LANG_PROGRAM([[
+	#include <stdlib.h>
 	#include <openssl/ec.h>
 	#include <openssl/ecdh.h>
 	#include <openssl/ecdsa.h>
@@ -3053,7 +3103,6 @@
 		AC_MSG_RESULT([no])
 	)
 
-	COMMENT_OUT_ECC="#no ecc#"
 	TEST_SSH_ECC=no
 
 	if test x$enable_nistp256 = x1 || test x$enable_nistp384 = x1 || \
@@ -3068,7 +3117,6 @@
 		AC_DEFINE([OPENSSL_HAS_NISTP256], [1],
 		    [libcrypto has NID_X9_62_prime256v1])
 		TEST_SSH_ECC=yes
-		COMMENT_OUT_ECC=""
 	else
 		unsupported_algorithms="$unsupported_algorithms \
 			ecdsa-sha2-nistp256 \
@@ -3078,7 +3126,6 @@
 	if test x$enable_nistp384 = x1; then
 		AC_DEFINE([OPENSSL_HAS_NISTP384], [1], [libcrypto has NID_secp384r1])
 		TEST_SSH_ECC=yes
-		COMMENT_OUT_ECC=""
 	else
 		unsupported_algorithms="$unsupported_algorithms \
 			ecdsa-sha2-nistp384 \
@@ -3088,7 +3135,6 @@
 	if test x$enable_nistp521 = x1; then
 		AC_DEFINE([OPENSSL_HAS_NISTP521], [1], [libcrypto has NID_secp521r1])
 		TEST_SSH_ECC=yes
-		COMMENT_OUT_ECC=""
 	else
 		unsupported_algorithms="$unsupported_algorithms \
 			ecdh-sha2-nistp521 \
@@ -3097,7 +3143,6 @@
 	fi
 
 	AC_SUBST([TEST_SSH_ECC])
-	AC_SUBST([COMMENT_OUT_ECC])
 else
 	AC_CHECK_LIB([crypt], [crypt], [LIBS="$LIBS -lcrypt"])
 	AC_CHECK_FUNCS([crypt])
@@ -3173,6 +3218,16 @@
 		], [ AC_MSG_ERROR([no usable libfido2 found]) ],
 		[ $OTHERLIBS ]
 	)
+	saved_LIBS="$LIBS"
+	LIBS="$LIBS $LIBFIDO2"
+	AC_CHECK_FUNCS([ \
+		fido_cred_prot \
+		fido_cred_set_prot \
+		fido_dev_get_touch_begin \
+		fido_dev_get_touch_status \
+		fido_dev_supports_cred_prot \
+	])
+	LIBS="$saved_LIBS"
 	AC_CHECK_HEADER([fido.h], [],
 		AC_MSG_ERROR([missing fido.h from libfido2]))
 	AC_CHECK_HEADER([fido/credman.h], [],
@@ -3205,6 +3260,7 @@
 	AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded])
 	AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
+	#include <stdlib.h>
 	#include <string.h>
 	#include <openssl/rand.h>
 		]], [[
@@ -3616,7 +3672,7 @@
   LIBS="$LIBS -liberty";
 fi
 
-# Check for  long long datatypes
+# Check for long long datatypes
 AC_CHECK_TYPES([long long, unsigned long long, long double])
 
 # Check datatype sizes
@@ -3624,6 +3680,16 @@
 AC_CHECK_SIZEOF([int])
 AC_CHECK_SIZEOF([long int])
 AC_CHECK_SIZEOF([long long int])
+AC_CHECK_SIZEOF([time_t], [], [[
+    #include <sys/types.h>
+    #ifdef HAVE_SYS_TIME_H
+    # include <sys/time.h>
+    #endif
+    #ifdef HAVE_TIME_H
+    # include <time.h>
+    #endif
+	]]
+)
 
 # Sanity check long long for some platforms (AIX)
 if test "x$ac_cv_sizeof_long_long_int" = "x4" ; then
@@ -3636,6 +3702,7 @@
 	AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
 #include <stdio.h>
+#include <stdlib.h>
 /* Why is this so damn hard? */
 #ifdef __GNUC__
 # undef __GNUC__
@@ -3924,7 +3991,7 @@
 
 TYPE_SOCKLEN_T
 
-AC_CHECK_TYPES([sig_atomic_t], , , [#include <signal.h>])
+AC_CHECK_TYPES([sig_atomic_t, sighandler_t], , , [#include <signal.h>])
 AC_CHECK_TYPES([fsblkcnt_t, fsfilcnt_t], , , [
 #include <sys/types.h>
 #ifdef HAVE_SYS_BITYPES_H
@@ -4101,8 +4168,6 @@
 		[define if you have struct addrinfo data type])
 fi
 
-AC_HEADER_TIME
-
 AC_CACHE_CHECK([for struct timeval], ac_cv_have_struct_timeval, [
 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <sys/time.h> ]],
 	[[ struct timeval tv; tv.tv_sec = 1;]])],
@@ -4117,15 +4182,11 @@
 
 AC_CACHE_CHECK([for struct timespec], ac_cv_have_struct_timespec, [
 	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
-    #ifdef TIME_WITH_SYS_TIME
+    #ifdef HAVE_SYS_TIME_H
     # include <sys/time.h>
+    #endif
+    #ifdef HAVE_TIME_H
     # include <time.h>
-    #else
-    # ifdef HAVE_SYS_TIME_H
-    #  include <sys/time.h>
-    # else
-    #  include <time.h>
-    # endif
     #endif
 	]],
 	[[ struct timespec ts; ts.tv_sec = 1;]])],
@@ -4151,6 +4212,7 @@
 	AC_RUN_IFELSE(
 		[AC_LANG_SOURCE([[
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_SNPRINTF
 main()
@@ -4195,6 +4257,7 @@
 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmp.h], [HAVE_TIME_IN_UTMP])
 OSSH_CHECK_HEADER_FOR_FIELD([ut_time], [utmpx.h], [HAVE_TIME_IN_UTMPX])
 OSSH_CHECK_HEADER_FOR_FIELD([ut_tv], [utmpx.h], [HAVE_TV_IN_UTMPX])
+OSSH_CHECK_HEADER_FOR_FIELD([ut_ss], [utmpx.h], [HAVE_SS_IN_UTMPX])
 
 AC_CHECK_MEMBERS([struct stat.st_blksize])
 AC_CHECK_MEMBERS([struct stat.st_mtim])
@@ -4253,6 +4316,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
+#include <stdlib.h>
 		]], [[
 #ifdef msg_accrights
 #error "msg_accrights is a macro"
@@ -4314,6 +4378,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/uio.h>
+#include <stdlib.h>
 		]], [[
 #ifdef msg_control
 #error "msg_control is a macro"
@@ -4334,7 +4399,7 @@
 fi
 
 AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname, [
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
 		[[ extern char *__progname; printf("%s", __progname); ]])],
 	[ ac_cv_libc_defines___progname="yes" ],
 	[ ac_cv_libc_defines___progname="no"
@@ -4406,7 +4471,7 @@
 fi
 
 AC_CACHE_CHECK([if libc defines sys_errlist], ac_cv_libc_defines_sys_errlist, [
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
 [[ extern const char *const sys_errlist[]; printf("%s", sys_errlist[0]);]])],
 	[ ac_cv_libc_defines_sys_errlist="yes" ],
 	[ ac_cv_libc_defines_sys_errlist="no"
@@ -4419,7 +4484,7 @@
 
 
 AC_CACHE_CHECK([if libc defines sys_nerr], ac_cv_libc_defines_sys_nerr, [
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ #include <stdio.h> ]],
 [[ extern int sys_nerr; printf("%i", sys_nerr);]])],
 	[ ac_cv_libc_defines_sys_nerr="yes" ],
 	[ ac_cv_libc_defines_sys_nerr="no"
@@ -4513,13 +4578,10 @@
 			  LIBS="$LIBS -lselinux"
 			],
 			AC_MSG_ERROR([SELinux support requires libselinux library]))
-		SSHLIBS="$SSHLIBS $LIBSELINUX"
-		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
 		AC_CHECK_FUNCS([getseuserbyname get_default_context_with_level])
-		LIBS="$save_LIBS"
+		LIBS="$save_LIBS $LIBSELINUX"
 	fi ]
 )
-AC_SUBST([SSHLIBS])
 AC_SUBST([SSHDLIBS])
 
 # Check whether user wants Kerberos 5 support
@@ -4536,22 +4598,30 @@
 		AC_DEFINE([KRB5], [1], [Define if you want Kerberos 5 support])
 		KRB5_MSG="yes"
 
-		AC_PATH_TOOL([KRB5CONF], [krb5-config],
-			     [$KRB5ROOT/bin/krb5-config],
-			     [$KRB5ROOT/bin:$PATH])
-		if test -x $KRB5CONF ; then
-			K5CFLAGS="`$KRB5CONF --cflags`"
-			K5LIBS="`$KRB5CONF --libs`"
+		AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
+		use_pkgconfig_for_krb5=
+		if test "x$PKGCONFIG" != "xno"; then
+			AC_MSG_CHECKING([if $PKGCONFIG knows about kerberos5])
+			if "$PKGCONFIG" krb5; then
+				AC_MSG_RESULT([yes])
+				use_pkgconfig_for_krb5=yes
+			else
+				AC_MSG_RESULT([no])
+			fi
+		fi
+		if test "x$use_pkgconfig_for_krb5" = "xyes"; then
+			K5CFLAGS=`$PKGCONFIG --cflags krb5`
+			K5LIBS=`$PKGCONFIG --libs krb5`
 			CPPFLAGS="$CPPFLAGS $K5CFLAGS"
 
 			AC_MSG_CHECKING([for gssapi support])
-			if $KRB5CONF | grep gssapi >/dev/null ; then
+			if "$PKGCONFIG" krb5-gssapi; then
 				AC_MSG_RESULT([yes])
 				AC_DEFINE([GSSAPI], [1],
 					[Define this if you want GSSAPI
 					support in the version 2 protocol])
-				GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
-				GSSLIBS="`$KRB5CONF --libs gssapi`"
+				GSSCFLAGS="`$PKGCONFIG --cflags krb5-gssapi`"
+				GSSLIBS="`$PKGCONFIG --libs krb5-gssapi`"
 				CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
 			else
 				AC_MSG_RESULT([no])
@@ -4566,51 +4636,82 @@
 				[AC_MSG_RESULT([no])
 			])
 		else
-			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
-			LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
-			AC_MSG_CHECKING([whether we are using Heimdal])
-			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
-				]], [[ char *tmp = heimdal_version; ]])],
+			AC_PATH_TOOL([KRB5CONF], [krb5-config],
+				     [$KRB5ROOT/bin/krb5-config],
+				     [$KRB5ROOT/bin:$PATH])
+			if test -x $KRB5CONF ; then
+				K5CFLAGS="`$KRB5CONF --cflags`"
+				K5LIBS="`$KRB5CONF --libs`"
+				CPPFLAGS="$CPPFLAGS $K5CFLAGS"
+
+				AC_MSG_CHECKING([for gssapi support])
+				if $KRB5CONF | grep gssapi >/dev/null ; then
+					AC_MSG_RESULT([yes])
+					AC_DEFINE([GSSAPI], [1],
+						[Define this if you want GSSAPI
+						support in the version 2 protocol])
+					GSSCFLAGS="`$KRB5CONF --cflags gssapi`"
+					GSSLIBS="`$KRB5CONF --libs gssapi`"
+					CPPFLAGS="$CPPFLAGS $GSSCFLAGS"
+				else
+					AC_MSG_RESULT([no])
+				fi
+				AC_MSG_CHECKING([whether we are using Heimdal])
+				AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
+					]], [[ char *tmp = heimdal_version; ]])],
 					[ AC_MSG_RESULT([yes])
-					 AC_DEFINE([HEIMDAL])
-					 K5LIBS="-lkrb5"
-					 K5LIBS="$K5LIBS -lcom_err -lasn1"
-					 AC_CHECK_LIB([roken], [net_write],
-					   [K5LIBS="$K5LIBS -lroken"])
-					 AC_CHECK_LIB([des], [des_cbc_encrypt],
-					   [K5LIBS="$K5LIBS -ldes"])
-				       ], [ AC_MSG_RESULT([no])
-					 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
-			])
-			AC_SEARCH_LIBS([dn_expand], [resolv])
-
-			AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
-				[ AC_DEFINE([GSSAPI])
-				  GSSLIBS="-lgssapi_krb5" ],
-				[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
-					[ AC_DEFINE([GSSAPI])
-					  GSSLIBS="-lgssapi" ],
-					[ AC_CHECK_LIB([gss], [gss_init_sec_context],
-						[ AC_DEFINE([GSSAPI])
-						  GSSLIBS="-lgss" ],
-						AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
-					])
+					AC_DEFINE([HEIMDAL], [1],
+					[Define this if you are using the Heimdal
+					version of Kerberos V5]) ],
+					[AC_MSG_RESULT([no])
 				])
+			else
+				CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include"
+				LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib"
+				AC_MSG_CHECKING([whether we are using Heimdal])
+				AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <krb5.h>
+					]], [[ char *tmp = heimdal_version; ]])],
+						[ AC_MSG_RESULT([yes])
+						 AC_DEFINE([HEIMDAL])
+						 K5LIBS="-lkrb5"
+						 K5LIBS="$K5LIBS -lcom_err -lasn1"
+						 AC_CHECK_LIB([roken], [net_write],
+						   [K5LIBS="$K5LIBS -lroken"])
+						 AC_CHECK_LIB([des], [des_cbc_encrypt],
+						   [K5LIBS="$K5LIBS -ldes"])
+					       ], [ AC_MSG_RESULT([no])
+						 K5LIBS="-lkrb5 -lk5crypto -lcom_err"
+				])
+				AC_SEARCH_LIBS([dn_expand], [resolv])
 
-			AC_CHECK_HEADER([gssapi.h], ,
-				[ unset ac_cv_header_gssapi_h
-				  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
-				  AC_CHECK_HEADERS([gssapi.h], ,
-					AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
-				  )
-				]
-			)
+				AC_CHECK_LIB([gssapi_krb5], [gss_init_sec_context],
+					[ AC_DEFINE([GSSAPI])
+					  GSSLIBS="-lgssapi_krb5" ],
+					[ AC_CHECK_LIB([gssapi], [gss_init_sec_context],
+						[ AC_DEFINE([GSSAPI])
+						  GSSLIBS="-lgssapi" ],
+						[ AC_CHECK_LIB([gss], [gss_init_sec_context],
+							[ AC_DEFINE([GSSAPI])
+							  GSSLIBS="-lgss" ],
+							AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]))
+						])
+					])
 
-			oldCPP="$CPPFLAGS"
-			CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
-			AC_CHECK_HEADER([gssapi_krb5.h], ,
-					[ CPPFLAGS="$oldCPP" ])
+				AC_CHECK_HEADER([gssapi.h], ,
+					[ unset ac_cv_header_gssapi_h
+					  CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+					  AC_CHECK_HEADERS([gssapi.h], ,
+						AC_MSG_WARN([Cannot find any suitable gss-api header - build may fail])
+					  )
+					]
+				)
 
+				oldCPP="$CPPFLAGS"
+				CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi"
+				AC_CHECK_HEADER([gssapi_krb5.h], ,
+						[ CPPFLAGS="$oldCPP" ])
+
+			fi
 		fi
 		if test -n "${rpath_opt}" ; then
 			LDFLAGS="$LDFLAGS ${rpath_opt}${KRB5ROOT}/lib"
@@ -4731,6 +4832,7 @@
 	    AC_RUN_IFELSE(
 		[AC_LANG_PROGRAM([[
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
@@ -4975,6 +5077,7 @@
 			[AC_LANG_PROGRAM([[
 /* find out what STDPATH is */
 #include <stdio.h>
+#include <stdlib.h>
 #ifdef HAVE_PATHS_H
 # include <paths.h>
 #endif
@@ -5480,9 +5583,6 @@
 if test ! -z "${SSHDLIBS}"; then
 echo "         +for sshd: ${SSHDLIBS}"
 fi
-if test ! -z "${SSHLIBS}"; then
-echo "          +for ssh: ${SSHLIBS}"
-fi
 
 echo ""
 

contrib/Makefile

diff --git a/contrib/Makefile b/contrib/Makefile
index 3a36387..45d878b 100644
--- a/contrib/Makefile
+++ b/contrib/Makefile
@@ -1,7 +1,7 @@
 PKG_CONFIG = pkg-config
 
 all:
-	@echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
+	@echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssk-askpass3"
 
 gnome-ssh-askpass1: gnome-ssh-askpass1.c
 	$(CC) $(CFLAGS) `gnome-config --cflags gnome gnomeui` \
@@ -13,9 +13,9 @@
 		gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
 		`$(PKG_CONFIG) --libs gtk+-2.0 x11`
 
-gnome-ssh-askpass3: gnome-ssh-askpass2.c
+gnome-ssh-askpass3: gnome-ssh-askpass3.c
 	$(CC) $(CFLAGS) `$(PKG_CONFIG) --cflags gtk+-3.0` \
-		gnome-ssh-askpass2.c -o gnome-ssh-askpass3 \
+		gnome-ssh-askpass3.c -o gnome-ssh-askpass3 \
 		`$(PKG_CONFIG) --libs gtk+-3.0 x11`
 
 clean:

contrib/gnome-ssh-askpass1.c

diff --git a/contrib/gnome-ssh-askpass1.c b/contrib/gnome-ssh-askpass1.c
index 4d51032..4c92c17 100644
--- a/contrib/gnome-ssh-askpass1.c
+++ b/contrib/gnome-ssh-askpass1.c
@@ -137,9 +137,10 @@
 	gnome_dialog_close(GNOME_DIALOG(dialog));
 	return (result == 0 ? 0 : -1);
 
-	/* At least one grab failed - ungrab what we got, and report
-	   the failure to the user.  Note that XGrabServer() cannot
-	   fail.  */
+	/*
+	 * At least one grab failed - ungrab what we got, and report the
+	 * failure to the user. Note that XGrabServer() cannot fail.
+	 */
  nograbkb:
 	gdk_pointer_ungrab(GDK_CURRENT_TIME);
  nograb:

contrib/gnome-ssh-askpass2.c

diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
index bc83a2d..a62f981 100644
--- a/contrib/gnome-ssh-askpass2.c
+++ b/contrib/gnome-ssh-askpass2.c
@@ -56,9 +56,11 @@
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
+
 #include <X11/Xlib.h>
 #include <gtk/gtk.h>
 #include <gdk/gdkx.h>
+#include <gdk/gdkkeysyms.h>
 
 static void
 report_failed_grab (GtkWidget *parent_window, const char *what)
@@ -66,11 +68,9 @@
 	GtkWidget *err;
 
 	err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
-				     GTK_MESSAGE_ERROR,
-				     GTK_BUTTONS_CLOSE,
-				     "Could not grab %s. "
-				     "A malicious client may be eavesdropping "
-				     "on your session.", what);
+	    GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE,
+	    "Could not grab %s. A malicious client may be eavesdropping "
+	    "on your session.", what);
 	gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
 
 	gtk_dialog_run(GTK_DIALOG(err));
@@ -85,6 +85,67 @@
 	gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
 }
 
+static gboolean
+check_none(GtkWidget *widget, GdkEventKey *event, gpointer dialog)
+{
+	switch (event->keyval) {
+	case GDK_KEY_Escape:
+		/* esc -> close dialog */
+		gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_CLOSE);
+		return TRUE;
+	case GDK_KEY_Tab:
+		/* tab -> focus close button */
+		gtk_widget_grab_focus(gtk_dialog_get_widget_for_response(
+		    dialog, GTK_RESPONSE_CLOSE));
+		return TRUE;
+	default:
+		/* eat all other key events */
+		return TRUE;
+	}
+}
+
+static int
+parse_env_hex_color(const char *env, GdkColor *c)
+{
+	const char *s;
+	unsigned long ul;
+	char *ep;
+	size_t n;
+
+	if ((s = getenv(env)) == NULL)
+		return 0;
+
+	memset(c, 0, sizeof(*c));
+
+	/* Permit hex rgb or rrggbb optionally prefixed by '#' or '0x' */
+	if (*s == '#')
+		s++;
+	else if (strncmp(s, "0x", 2) == 0)
+		s += 2;
+	n = strlen(s);
+	if (n != 3 && n != 6)
+		goto bad;
+	ul = strtoul(s, &ep, 16);
+	if (*ep != '\0' || ul > 0xffffff) {
+ bad:
+		fprintf(stderr, "Invalid $%s - invalid hex color code\n", env);
+		return 0;
+	}
+	/* Valid hex sequence; expand into a GdkColor */
+	if (n == 3) {
+		/* 4-bit RGB */
+		c->red = ((ul >> 8) & 0xf) << 12;
+		c->green = ((ul >> 4) & 0xf) << 12;
+		c->blue = (ul & 0xf) << 12;
+	} else {
+		/* 8-bit RGB */
+		c->red = ((ul >> 16) & 0xff) << 8;
+		c->green = ((ul >> 8) & 0xff) << 8;
+		c->blue = (ul & 0xff) << 8;
+	}
+	return 1;
+}
+
 static int
 passphrase_dialog(char *message, int prompt_type)
 {
@@ -94,11 +155,16 @@
 	int buttons, default_response;
 	GtkWidget *parent_window, *dialog, *entry;
 	GdkGrabStatus status;
+	GdkColor fg, bg;
+	int fg_set = 0, bg_set = 0;
 
 	grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
 	grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
 	grab_tries = 0;
 
+	fg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_FG_COLOR", &fg);
+	bg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_BG_COLOR", &bg);
+
 	/* Create an invisible parent window so that GtkDialog doesn't
 	 * complain.  */
 	parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
@@ -127,17 +193,38 @@
 	gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response);
 	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
 
-	if (prompt_type == PROMPT_ENTRY) {
+	if (fg_set)
+		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
+	if (bg_set)
+		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
+
+	if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {
 		entry = gtk_entry_new();
+		if (fg_set)
+			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
+		if (bg_set)
+			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
 		gtk_box_pack_start(
 		    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
 		    entry, FALSE, FALSE, 0);
 		gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
 		gtk_widget_grab_focus(entry);
-		gtk_widget_show(entry);
-		/* Make <enter> close dialog */
-		g_signal_connect(G_OBJECT(entry), "activate",
-				 G_CALLBACK(ok_dialog), dialog);
+		if (prompt_type == PROMPT_ENTRY) {
+			gtk_widget_show(entry);
+			/* Make <enter> close dialog */
+			g_signal_connect(G_OBJECT(entry), "activate",
+					 G_CALLBACK(ok_dialog), dialog);
+		} else {
+			/*
+			 * Ensure the 'close' button is not focused by default
+			 * but is still reachable via tab. This is a bit of a
+			 * hack - it uses a hidden entry that responds to a
+			 * couple of keypress events (escape and tab only).
+			 */
+			gtk_widget_realize(entry);
+			g_signal_connect(G_OBJECT(entry), "key_press_event",
+			    G_CALLBACK(check_none), dialog);
+		}
 	}
 
 	/* Grab focus */

contrib/gnome-ssh-askpass3.c

diff --git a/contrib/gnome-ssh-askpass3.c b/contrib/gnome-ssh-askpass3.c
new file mode 100644
index 0000000..e1a0533
--- /dev/null
+++ b/contrib/gnome-ssh-askpass3.c
@@ -0,0 +1,305 @@
+/*
+ * Copyright (c) 2000-2002 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* GTK2 support by Nalin Dahyabhai <nalin@redhat.com> */
+
+/*
+ * This is a simple GNOME SSH passphrase grabber. To use it, set the
+ * environment variable SSH_ASKPASS to point to the location of
+ * gnome-ssh-askpass before calling "ssh-add < /dev/null".
+ *
+ * There is only two run-time options: if you set the environment variable
+ * "GNOME_SSH_ASKPASS_GRAB_SERVER=true" then gnome-ssh-askpass will grab
+ * the X server. If you set "GNOME_SSH_ASKPASS_GRAB_POINTER=true", then the
+ * pointer will be grabbed too. These may have some benefit to security if
+ * you don't trust your X server. We grab the keyboard always.
+ */
+
+#define GRAB_TRIES	16
+#define GRAB_WAIT	250 /* milliseconds */
+
+#define PROMPT_ENTRY	0
+#define PROMPT_CONFIRM	1
+#define PROMPT_NONE	2
+
+/*
+ * Compile with:
+ *
+ * cc -Wall `pkg-config --cflags gtk+-2.0` \
+ *    gnome-ssh-askpass2.c -o gnome-ssh-askpass \
+ *    `pkg-config --libs gtk+-2.0`
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <X11/Xlib.h>
+#include <gtk/gtk.h>
+#include <gdk/gdkx.h>
+#include <gdk/gdkkeysyms.h>
+
+static void
+ok_dialog(GtkWidget *entry, gpointer dialog)
+{
+	g_return_if_fail(GTK_IS_DIALOG(dialog));
+	gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
+}
+
+static gboolean
+check_none(GtkWidget *widget, GdkEventKey *event, gpointer dialog)
+{
+	switch (event->keyval) {
+	case GDK_KEY_Escape:
+		/* esc -> close dialog */
+		gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_CLOSE);
+		return TRUE;
+	case GDK_KEY_Tab:
+		/* tab -> focus close button */
+		gtk_widget_grab_focus(gtk_dialog_get_widget_for_response(
+		    dialog, GTK_RESPONSE_CLOSE));
+		return TRUE;
+	default:
+		/* eat all other key events */
+		return TRUE;
+	}
+}
+
+static int
+parse_env_hex_color(const char *env, GdkColor *c)
+{
+	const char *s;
+	unsigned long ul;
+	char *ep;
+	size_t n;
+
+	if ((s = getenv(env)) == NULL)
+		return 0;
+
+	memset(c, 0, sizeof(*c));
+
+	/* Permit hex rgb or rrggbb optionally prefixed by '#' or '0x' */
+	if (*s == '#')
+		s++;
+	else if (strncmp(s, "0x", 2) == 0)
+		s += 2;
+	n = strlen(s);
+	if (n != 3 && n != 6)
+		goto bad;
+	ul = strtoul(s, &ep, 16);
+	if (*ep != '\0' || ul > 0xffffff) {
+ bad:
+		fprintf(stderr, "Invalid $%s - invalid hex color code\n", env);
+		return 0;
+	}
+	/* Valid hex sequence; expand into a GdkColor */
+	if (n == 3) {
+		/* 4-bit RGB */
+		c->red = ((ul >> 8) & 0xf) << 12;
+		c->green = ((ul >> 4) & 0xf) << 12;
+		c->blue = (ul & 0xf) << 12;
+	} else {
+		/* 8-bit RGB */
+		c->red = ((ul >> 16) & 0xff) << 8;
+		c->green = ((ul >> 8) & 0xff) << 8;
+		c->blue = (ul & 0xff) << 8;
+	}
+	return 1;
+}
+
+static int
+passphrase_dialog(char *message, int prompt_type)
+{
+	const char *failed;
+	char *passphrase, *local;
+	int result, grab_tries, grab_server, grab_pointer;
+	int buttons, default_response;
+	GtkWidget *parent_window, *dialog, *entry, *err;
+	GdkGrabStatus status;
+	GdkColor fg, bg;
+	GdkSeat *seat;
+	GdkDisplay *display;
+	GdkSeatCapabilities caps;
+	int fg_set = 0, bg_set = 0;
+
+	grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL);
+	grab_pointer = (getenv("GNOME_SSH_ASKPASS_GRAB_POINTER") != NULL);
+	grab_tries = 0;
+
+	fg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_FG_COLOR", &fg);
+	bg_set = parse_env_hex_color("GNOME_SSH_ASKPASS_BG_COLOR", &bg);
+
+	/* Create an invisible parent window so that GtkDialog doesn't
+	 * complain.  */
+	parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
+
+	switch (prompt_type) {
+	case PROMPT_CONFIRM:
+		buttons = GTK_BUTTONS_YES_NO;
+		default_response = GTK_RESPONSE_YES;
+		break;
+	case PROMPT_NONE:
+		buttons = GTK_BUTTONS_CLOSE;
+		default_response = GTK_RESPONSE_CLOSE;
+		break;
+	default:
+		buttons = GTK_BUTTONS_OK_CANCEL;
+		default_response = GTK_RESPONSE_OK;
+		break;
+	}
+
+	dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
+	    GTK_MESSAGE_QUESTION, buttons, "%s", message);
+
+	gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
+	gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
+	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+	gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response);
+	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+
+	if (fg_set)
+		gtk_widget_modify_fg(dialog, GTK_STATE_NORMAL, &fg);
+	if (bg_set)
+		gtk_widget_modify_bg(dialog, GTK_STATE_NORMAL, &bg);
+
+	if (prompt_type == PROMPT_ENTRY || prompt_type == PROMPT_NONE) {
+		entry = gtk_entry_new();
+		if (fg_set)
+			gtk_widget_modify_fg(entry, GTK_STATE_NORMAL, &fg);
+		if (bg_set)
+			gtk_widget_modify_bg(entry, GTK_STATE_NORMAL, &bg);
+		gtk_box_pack_start(
+		    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
+		    entry, FALSE, FALSE, 0);
+		gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+		gtk_widget_grab_focus(entry);
+		if (prompt_type == PROMPT_ENTRY) {
+			gtk_widget_show(entry);
+			/* Make <enter> close dialog */
+			g_signal_connect(G_OBJECT(entry), "activate",
+					 G_CALLBACK(ok_dialog), dialog);
+		} else {
+			/*
+			 * Ensure the 'close' button is not focused by default
+			 * but is still reachable via tab. This is a bit of a
+			 * hack - it uses a hidden entry that responds to a
+			 * couple of keypress events (escape and tab only).
+			 */
+			gtk_widget_realize(entry);
+			g_signal_connect(G_OBJECT(entry), "key_press_event",
+			    G_CALLBACK(check_none), dialog);
+		}
+	}
+	/* Grab focus */
+	gtk_widget_show_now(dialog);
+	display = gtk_widget_get_display(GTK_WIDGET(dialog));
+	seat = gdk_display_get_default_seat(display);
+	caps = GDK_SEAT_CAPABILITY_KEYBOARD;
+	if (grab_pointer)
+		caps |= GDK_SEAT_CAPABILITY_ALL_POINTING;
+	if (grab_server)
+		caps = GDK_SEAT_CAPABILITY_ALL;
+	for (;;) {
+		status = gdk_seat_grab(seat, gtk_widget_get_window(dialog),
+		    caps, TRUE, NULL, NULL, NULL, NULL);
+		if (status == GDK_GRAB_SUCCESS)
+			break;
+		usleep(GRAB_WAIT * 1000);
+		if (++grab_tries > GRAB_TRIES)
+			goto nograb;
+	}
+
+	result = gtk_dialog_run(GTK_DIALOG(dialog));
+
+	/* Ungrab */
+	gdk_seat_ungrab(seat);
+	gdk_display_flush(display);
+
+	/* Report passphrase if user selected OK */
+	if (prompt_type == PROMPT_ENTRY) {
+		passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
+		if (result == GTK_RESPONSE_OK) {
+			local = g_locale_from_utf8(passphrase,
+			    strlen(passphrase), NULL, NULL, NULL);
+			if (local != NULL) {
+				puts(local);
+				memset(local, '\0', strlen(local));
+				g_free(local);
+			} else {
+				puts(passphrase);
+			}
+		}
+		/* Zero passphrase in memory */
+		memset(passphrase, '\b', strlen(passphrase));
+		gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+		memset(passphrase, '\0', strlen(passphrase));
+		g_free(passphrase);
+	}
+
+	gtk_widget_destroy(dialog);
+	if (result != GTK_RESPONSE_OK && result != GTK_RESPONSE_YES)
+		return -1;
+	return 0;
+
+ nograb:
+	gtk_widget_destroy(dialog);
+	err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
+	    GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE,
+	    "Could not grab input. A malicious client may be eavesdropping "
+	    "on your session.");
+	gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER);
+	gtk_dialog_run(GTK_DIALOG(err));
+	gtk_widget_destroy(err);
+	return -1;
+}
+
+int
+main(int argc, char **argv)
+{
+	char *message, *prompt_mode;
+	int result, prompt_type = PROMPT_ENTRY;
+
+	gtk_init(&argc, &argv);
+
+	if (argc > 1) {
+		message = g_strjoinv(" ", argv + 1);
+	} else {
+		message = g_strdup("Enter your OpenSSH passphrase:");
+	}
+
+	if ((prompt_mode = getenv("SSH_ASKPASS_PROMPT")) != NULL) {
+		if (strcasecmp(prompt_mode, "confirm") == 0)
+			prompt_type = PROMPT_CONFIRM;
+		else if (strcasecmp(prompt_mode, "none") == 0)
+			prompt_type = PROMPT_NONE;
+	}
+
+	setvbuf(stdout, 0, _IONBF, 0);
+	result = passphrase_dialog(message, prompt_type);
+	g_free(message);
+
+	return (result);
+}

contrib/redhat/openssh.spec

diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index dcd57aa..2905db0 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%global ver 8.3p1
+%global ver 8.8p1
 %global rel 1%{?dist}
 
 # OpenSSH privilege separation requires a user & group ID
@@ -363,8 +363,10 @@
 %attr(0755,root,root) %dir %{_libexecdir}/openssh
 %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
+%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
 %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
 %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
+%attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
 %endif
 %if %{scard}
 %attr(0755,root,root) %dir %{_datadir}/openssh
@@ -422,6 +424,9 @@
 %endif
 
 %changelog
+* Mon Jul 20 2020 Damien Miller <djm@mindrto.org>
+- Add ssh-sk-helper and corresponding manual page.
+
 * Sat Feb 10 2018 Darren Tucker <dtucker@dtucker.net>
 - Update openssl-devel dependency to match current requirements.
 - Handle Fedora >=6 openssl 1.0 compat libs.

contrib/redhat/sshd.init.old

diff --git a/contrib/redhat/sshd.init.old b/contrib/redhat/sshd.init.old
deleted file mode 100755
index 8a30f7d..0000000
--- a/contrib/redhat/sshd.init.old
+++ /dev/null
@@ -1,155 +0,0 @@
-#!/bin/bash
-#
-# Init file for OpenSSH server daemon
-#
-# chkconfig: 2345 55 25
-# description: OpenSSH server daemon
-#
-# processname: sshd
-# config: /etc/ssh/ssh_host_key
-# config: /etc/ssh/ssh_host_key.pub
-# config: /etc/ssh/ssh_random_seed
-# config: /etc/ssh/sshd_config
-# pidfile: /var/run/sshd.pid
-
-# source function library
-. /etc/rc.d/init.d/functions
-
-# pull in sysconfig settings
-[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
-
-RETVAL=0
-prog="sshd"
-
-# Some functions to make the below more readable
-KEYGEN=/usr/bin/ssh-keygen
-SSHD=/usr/sbin/sshd
-RSA_KEY=/etc/ssh/ssh_host_rsa_key
-DSA_KEY=/etc/ssh/ssh_host_dsa_key
-PID_FILE=/var/run/sshd.pid
-
-my_success() {
-  local msg
-  if [ $# -gt 1 ]; then
-    msg="$2"
-  else
-    msg="done"
-  fi
-  case "`type -type success`" in
-    function)
-      success "$1"
-    ;;
-    *)
-      echo -n "${msg}"
-    ;;
-  esac
-}
-my_failure() {
-  local msg
-  if [ $# -gt 1 ]; then
-    msg="$2"
-  else
-    msg="FAILED"
-  fi
-  case "`type -type failure`" in
-    function)
-      failure "$1"
-    ;;
-    *)
-      echo -n "${msg}"
-    ;;
-  esac
-}
-do_rsa_keygen() {
-	if [ ! -s $RSA_KEY ]; then
-		echo -n "Generating SSH2 RSA host key: "
-		if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $RSA_KEY
-			chmod 644 $RSA_KEY.pub
-			my_success "RSA key generation"
-			echo
-		else
-			my_failure "RSA key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-do_dsa_keygen() {
-	if [ ! -s $DSA_KEY ]; then
-		echo -n "Generating SSH2 DSA host key: "
-		if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
-			chmod 600 $DSA_KEY
-			chmod 644 $DSA_KEY.pub
-			my_success "DSA key generation"
-			echo
-		else
-			my_failure "DSA key generation"
-			echo
-			exit 1
-		fi
-	fi
-}
-do_restart_sanity_check() {
-	$SSHD -t
-	RETVAL=$?
-	if [ ! "$RETVAL" = 0 ]; then
-		my_failure "Configuration file or keys"
-		echo
-	fi
-}
-
-
-case "$1" in
-	start)
-		# Create keys if necessary
-		do_rsa_keygen;
-		do_dsa_keygen;
-		
-		echo -n "Starting sshd: "
-		if [ ! -f $PID_FILE ] ; then
-			sshd $OPTIONS
-			RETVAL=$?
-			if [ "$RETVAL" = "0" ] ; then
-				my_success "sshd startup" "sshd"
-				touch /var/lock/subsys/sshd
-			else
-				my_failure "sshd startup" ""
-			fi
-		fi
-		echo
-		;;
-	stop)
-		echo -n "Shutting down sshd: "
-		if [ -f $PID_FILE ] ; then
-			killproc sshd
-			RETVAL=$?
-			[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sshd
-		fi
-		echo
-		;;
-	restart)
-		do_restart_sanity_check
-		$0 stop
-		$0 start
-		RETVAL=$?
-		;;
-	condrestart)
-		if [ -f /var/lock/subsys/sshd ] ; then
-			do_restart_sanity_check
-			$0 stop
-			$0 start
-			RETVAL=$?
-		fi
-		;;
-	status)
-		status sshd
-		RETVAL=$?
-		;;
-	*)
-		echo "Usage: sshd {start|stop|restart|status|condrestart}"
-		exit 1
-		;;
-esac
-
-exit $RETVAL

contrib/redhat/sshd.pam.old

diff --git a/contrib/redhat/sshd.pam.old b/contrib/redhat/sshd.pam.old
deleted file mode 100644
index 26dcb34..0000000
--- a/contrib/redhat/sshd.pam.old
+++ /dev/null
@@ -1,8 +0,0 @@
-#%PAM-1.0
-auth       required     /lib/security/pam_pwdb.so shadow nodelay
-auth       required     /lib/security/pam_nologin.so
-account    required     /lib/security/pam_pwdb.so
-password   required     /lib/security/pam_cracklib.so
-password   required     /lib/security/pam_pwdb.so shadow nullok use_authtok
-session    required     /lib/security/pam_pwdb.so
-session    required     /lib/security/pam_limits.so

contrib/ssh-copy-id

diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index b83b836..cd122de 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -1,6 +1,8 @@
 #!/bin/sh
 
-# Copyright (c) 1999-2016 Philip Hands <phil@hands.com>
+# Copyright (c) 1999-2020 Philip Hands <phil@hands.com>
+#               2020 Matthias Blümel <blaimi@blaimi.de>
+#               2017 Sebastien Boyron <seb@boyron.eu>
 #               2013 Martin Kletzander <mkletzan@redhat.com>
 #               2010 Adeodato =?iso-8859-1?Q?Sim=F3?= <asp16@alu.ua.es>
 #               2010 Eric Moret <eric.moret@gmail.com>
@@ -33,13 +35,15 @@
 # Shell script to install your public key(s) on a remote machine
 # See the ssh-copy-id(1) man page for details
 
+# shellcheck shell=dash
+
 # check that we have something mildly sane as our shell, or try to find something better
 if false ^ printf "%s: WARNING: ancient shell, hunting for a more modern one... " "$0"
 then
   SANE_SH=${SANE_SH:-/usr/bin/ksh}
   if printf 'true ^ false\n' | "$SANE_SH"
   then
-    printf "'%s' seems viable.\n" "$SANE_SH"
+    printf "'%s' seems viable.\\n" "$SANE_SH"
     exec "$SANE_SH" "$0" "$@"
   else
     cat <<-EOF
@@ -51,36 +55,39 @@
 	  a bug describing your setup, and the shell you used to make it work.
 
 	EOF
-    printf "%s: ERROR: Less dimwitted shell required.\n" "$0"
+    printf '%s: ERROR: Less dimwitted shell required.\n' "$0"
     exit 1
   fi
 fi
 
-most_recent_id="$(cd "$HOME" ; ls -t .ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)"
-DEFAULT_PUB_ID_FILE="${most_recent_id:+$HOME/}$most_recent_id"
+# shellcheck disable=SC2010
+DEFAULT_PUB_ID_FILE=$(ls -t "${HOME}"/.ssh/id*.pub 2>/dev/null | grep -v -- '-cert.pub$' | head -n 1)
+SSH="ssh -a -x"
+umask 0177
 
 usage () {
-  printf 'Usage: %s [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
+  printf 'Usage: %s [-h|-?|-f|-n|-s] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [[-o <ssh -o options>] ...] [user@]hostname\n' "$0" >&2
   printf '\t-f: force mode -- copy keys without trying to check if they are already installed\n' >&2
   printf '\t-n: dry run    -- no keys are actually copied\n' >&2
+  printf '\t-s: use sftp   -- use sftp instead of executing remote-commands. Can be useful if the remote only allows sftp\n' >&2
   printf '\t-h|-?: print this help\n' >&2
   exit 1
 }
 
 # escape any single quotes in an argument
 quote() {
-  printf "%s\n" "$1" | sed -e "s/'/'\\\\''/g"
+  printf '%s\n' "$1" | sed -e "s/'/'\\\\''/g"
 }
 
 use_id_file() {
-  local L_ID_FILE="$1"
+  L_ID_FILE="$1"
 
   if [ -z "$L_ID_FILE" ] ; then
-    printf "%s: ERROR: no ID file found\n" "$0"
+    printf '%s: ERROR: no ID file found\n' "$0"
     exit 1
   fi
 
-  if expr "$L_ID_FILE" : ".*\.pub$" >/dev/null ; then
+  if expr "$L_ID_FILE" : '.*\.pub$' >/dev/null ; then
     PUB_ID_FILE="$L_ID_FILE"
   else
     PUB_ID_FILE="$L_ID_FILE.pub"
@@ -91,9 +98,9 @@
   # check that the files are readable
   for f in "$PUB_ID_FILE" ${PRIV_ID_FILE:+"$PRIV_ID_FILE"} ; do
     ErrMSG=$( { : < "$f" ; } 2>&1 ) || {
-      local L_PRIVMSG=""
+      L_PRIVMSG=""
       [ "$f" = "$PRIV_ID_FILE" ] && L_PRIVMSG="	(to install the contents of '$PUB_ID_FILE' anyway, look at the -f option)"
-      printf "\n%s: ERROR: failed to open ID file '%s': %s\n" "$0" "$f" "$(printf "%s\n%s\n" "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')"
+      printf "\\n%s: ERROR: failed to open ID file '%s': %s\\n" "$0" "$f" "$(printf '%s\n%s\n' "$ErrMSG" "$L_PRIVMSG" | sed -e 's/.*: *//')"
       exit 1
     }
   done
@@ -105,80 +112,36 @@
   GET_ID="ssh-add -L"
 fi
 
-while test "$#" -gt 0
+while getopts "i:o:p:F:fnsh?" OPT
 do
-  [ "${SEEN_OPT_I}" ] && expr "$1" : "[-]i" >/dev/null && {
-        printf "\n%s: ERROR: -i option must not be specified more than once\n\n" "$0"
-        usage
-  }
-
-  OPT= OPTARG=
-  # implement something like getopt to avoid Solaris pain
-  case "$1" in
-    -i?*|-o?*|-p?*)
-      OPT="$(printf -- "$1"|cut -c1-2)"
-      OPTARG="$(printf -- "$1"|cut -c3-)"
-      shift
-      ;;
-    -o|-p)
-      OPT="$1"
-      OPTARG="$2"
-      shift 2
-      ;;
-    -i)
-      OPT="$1"
-      test "$#" -le 2 || expr "$2" : "[-]" >/dev/null || {
-        OPTARG="$2"
-        shift
-      }
-      shift
-      ;;
-    -f|-n|-h|-\?)
-      OPT="$1"
-      OPTARG=
-      shift
-      ;;
-    --)
-      shift
-      while test "$#" -gt 0
-      do
-        SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
-        shift
-      done
-      break
-      ;;
-    -*)
-      printf "\n%s: ERROR: invalid option (%s)\n\n" "$0" "$1"
-      usage
-      ;;
-    *)
-      SAVEARGS="${SAVEARGS:+$SAVEARGS }'$(quote "$1")'"
-      shift
-      continue
-      ;;
-  esac
-
   case "$OPT" in
-    -i)
+    i)
+      [ "${SEEN_OPT_I}" ] && {
+        printf '\n%s: ERROR: -i option must not be specified more than once\n\n' "$0"
+        usage
+      }
       SEEN_OPT_I="yes"
       use_id_file "${OPTARG:-$DEFAULT_PUB_ID_FILE}"
       ;;
-    -o|-p)
-      SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }$OPT '$(quote "$OPTARG")'"
+    o|p|F)
+      SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }-$OPT '$(quote "${OPTARG}")'"
       ;;
-    -f)
+    f)
       FORCED=1
       ;;
-    -n)
+    n)
       DRY_RUN=1
       ;;
-    -h|-\?)
+    s)
+      SFTP=sftp
+      ;;
+    h|\?)
       usage
       ;;
   esac
 done 
-
-eval set -- "$SAVEARGS"
+#shift all args to keep only USER_HOST
+shift $((OPTIND-1))
 
 if [ $# = 0 ] ; then
   usage
@@ -189,71 +152,74 @@
 fi
 
 # drop trailing colon
-USER_HOST=$(printf "%s\n" "$1" | sed 's/:$//')
+USER_HOST="$*"
 # tack the hostname onto SSH_OPTS
 SSH_OPTS="${SSH_OPTS:+$SSH_OPTS }'$(quote "$USER_HOST")'"
 # and populate "$@" for later use (only way to get proper quoting of options)
 eval set -- "$SSH_OPTS"
 
+# shellcheck disable=SC2086
 if [ -z "$(eval $GET_ID)" ] && [ -r "${PUB_ID_FILE:=$DEFAULT_PUB_ID_FILE}" ] ; then
   use_id_file "$PUB_ID_FILE"
 fi
 
+# shellcheck disable=SC2086
 if [ -z "$(eval $GET_ID)" ] ; then
   printf '%s: ERROR: No identities found\n' "$0" >&2
   exit 1
 fi
 
+# filter_ids()
+# tries to log in using the keys piped to it, and filters out any that work
+filter_ids() {
+  L_SUCCESS="$1"
+  L_TMP_ID_FILE="$SCRATCH_DIR"/popids_tmp_id
+  L_OUTPUT_FILE="$SCRATCH_DIR"/popids_output
+
+  # repopulate "$@" inside this function
+  eval set -- "$SSH_OPTS"
+
+  while read -r ID || [ "$ID" ] ; do
+    printf '%s\n' "$ID" > "$L_TMP_ID_FILE"
+
+    # the next line assumes $PRIV_ID_FILE only set if using a single id file - this
+    # assumption will break if we implement the possibility of multiple -i options.
+    # The point being that if file based, ssh needs the private key, which it cannot
+    # find if only given the contents of the .pub file in an unrelated tmpfile
+    $SSH -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
+      -o ControlPath=none \
+      -o LogLevel=INFO \
+      -o PreferredAuthentications=publickey \
+      -o IdentitiesOnly=yes "$@" exit >"$L_OUTPUT_FILE" 2>&1 </dev/null
+    if [ "$?" = "$L_SUCCESS" ] || {
+         [ "$SFTP" ] && grep 'allows sftp connections only' "$L_OUTPUT_FILE" >/dev/null
+         # this error counts as a success if we're setting up an sftp connection
+       }
+    then
+      : > "$L_TMP_ID_FILE"
+    else
+      grep 'Permission denied' "$L_OUTPUT_FILE" >/dev/null || {
+        sed -e 's/^/ERROR: /' <"$L_OUTPUT_FILE" >"$L_TMP_ID_FILE"
+        cat >/dev/null #consume the other keys, causing loop to end
+      }
+    fi
+
+    cat "$L_TMP_ID_FILE"
+  done
+}
+
 # populate_new_ids() uses several global variables ($USER_HOST, $SSH_OPTS ...)
 # and has the side effect of setting $NEW_IDS
 populate_new_ids() {
-  local L_SUCCESS="$1"
-
   if [ "$FORCED" ] ; then
+    # shellcheck disable=SC2086
     NEW_IDS=$(eval $GET_ID)
     return
   fi
 
-  # repopulate "$@" inside this function 
-  eval set -- "$SSH_OPTS"
-
-  umask 0177
-  local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX)
-  if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then
-    printf '%s: ERROR: mktemp failed\n' "$0" >&2
-    exit 1
-  fi
-  local L_CLEANUP="rm -f \"$L_TMP_ID_FILE\" \"${L_TMP_ID_FILE}.stderr\""
-  trap "$L_CLEANUP" EXIT TERM INT QUIT
   printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
-  NEW_IDS=$(
-    eval $GET_ID | {
-      while read ID || [ "$ID" ] ; do
-        printf '%s\n' "$ID" > "$L_TMP_ID_FILE"
-
-        # the next line assumes $PRIV_ID_FILE only set if using a single id file - this
-        # assumption will break if we implement the possibility of multiple -i options.
-        # The point being that if file based, ssh needs the private key, which it cannot
-        # find if only given the contents of the .pub file in an unrelated tmpfile
-        ssh -i "${PRIV_ID_FILE:-$L_TMP_ID_FILE}" \
-            -o ControlPath=none \
-            -o LogLevel=INFO \
-            -o PreferredAuthentications=publickey \
-            -o IdentitiesOnly=yes "$@" exit 2>"$L_TMP_ID_FILE.stderr" </dev/null
-        if [ "$?" = "$L_SUCCESS" ] ; then
-          : > "$L_TMP_ID_FILE"
-        else
-          grep 'Permission denied' "$L_TMP_ID_FILE.stderr" >/dev/null || {
-            sed -e 's/^/ERROR: /' <"$L_TMP_ID_FILE.stderr" >"$L_TMP_ID_FILE"
-            cat >/dev/null #consume the other keys, causing loop to end
-          }
-        fi
-
-        cat "$L_TMP_ID_FILE"
-      done
-    }
-  )
-  eval "$L_CLEANUP" && trap - EXIT TERM INT QUIT
+  # shellcheck disable=SC2086
+  NEW_IDS=$(eval $GET_ID | filter_ids $1)
 
   if expr "$NEW_IDS" : "^ERROR: " >/dev/null ; then
     printf '\n%s: %s\n\n' "$0" "$NEW_IDS" >&2
@@ -261,43 +227,130 @@
   fi
   if [ -z "$NEW_IDS" ] ; then
     printf '\n%s: WARNING: All keys were skipped because they already exist on the remote system.\n' "$0" >&2
-    printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' "$0" >&2
+    printf '\t\t(if you think this is a mistake, you may want to use -f option)\n\n' >&2
     exit 0
   fi
   printf '%s: INFO: %d key(s) remain to be installed -- if you are prompted now it is to install the new keys\n' "$0" "$(printf '%s\n' "$NEW_IDS" | wc -l)" >&2
 }
 
-REMOTE_VERSION=$(ssh -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 |
+# installkey_sh [target_path]
+#    produce a one-liner to add the keys to remote authorized_keys file
+#    optionally takes an alternative path for authorized_keys
+installkeys_sh() {
+  AUTH_KEY_FILE=${1:-.ssh/authorized_keys}
+  AUTH_KEY_DIR=$(dirname "${AUTH_KEY_FILE}")
+
+  # In setting INSTALLKEYS_SH:
+  #    the tr puts it all on one line (to placate tcsh)
+  #      (hence the excessive use of semi-colons (;) )
+  # then in the command:
+  #    cd to be at $HOME, just in case;
+  #    the -z `tail ...` checks for a trailing newline. The echo adds one if was missing
+  #    the cat adds the keys we're getting via STDIN
+  #    and if available restorecon is used to restore the SELinux context
+  INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
+	cd;
+	umask 077;
+	mkdir -p "${AUTH_KEY_DIR}" &&
+		{ [ -z \`tail -1c ${AUTH_KEY_FILE} 2>/dev/null\` ] ||
+			echo >> "${AUTH_KEY_FILE}" || exit 1; } &&
+		cat >> "${AUTH_KEY_FILE}" || exit 1;
+	if type restorecon >/dev/null 2>&1; then
+		restorecon -F "${AUTH_KEY_DIR}" "${AUTH_KEY_FILE}";
+	fi
+	EOF
+  )
+
+  # to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
+  printf "exec sh -c '%s'" "${INSTALLKEYS_SH}"
+}
+
+#shellcheck disable=SC2120 # the 'eval set' confuses this
+installkeys_via_sftp() {
+
+  # repopulate "$@" inside this function
+  eval set -- "$SSH_OPTS"
+
+  L_KEYS=$SCRATCH_DIR/authorized_keys
+  L_SHARED_CON=$SCRATCH_DIR/master-conn
+  $SSH -f -N -M -S "$L_SHARED_CON" "$@"
+  L_CLEANUP="$SSH -S $L_SHARED_CON -O exit 'ignored' >/dev/null 2>&1 ; $SCRATCH_CLEANUP"
+  #shellcheck disable=SC2064
+  trap "$L_CLEANUP" EXIT TERM INT QUIT
+  sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
+	-get .ssh/authorized_keys $L_KEYS
+	EOF
+  # add a newline or create file if it's missing, same like above
+  [ -z "$(tail -1c "$L_KEYS" 2>/dev/null)" ] || echo >> "$L_KEYS"
+  # append the keys being piped in here
+  cat >> "$L_KEYS"
+  sftp -b - -o "ControlPath=$L_SHARED_CON" "ignored" <<-EOF || return 1
+	-mkdir .ssh
+	chmod 700 .ssh
+	put $L_KEYS .ssh/authorized_keys
+	chmod 600 .ssh/authorized_keys
+	EOF
+  #shellcheck disable=SC2064
+  eval "$L_CLEANUP" && trap "$SCRATCH_CLEANUP" EXIT TERM INT QUIT
+}
+
+
+# create a scratch dir for any temporary files needed
+if SCRATCH_DIR=$(mktemp -d ~/.ssh/ssh-copy-id.XXXXXXXXXX) &&
+    [ "$SCRATCH_DIR" ] && [ -d "$SCRATCH_DIR" ]
+then
+  chmod 0700 "$SCRATCH_DIR"
+  SCRATCH_CLEANUP="rm -rf \"$SCRATCH_DIR\""
+  #shellcheck disable=SC2064
+  trap "$SCRATCH_CLEANUP" EXIT TERM INT QUIT
+else
+  printf '%s: ERROR: failed to create required temporary directory under ~/.ssh\n' "$0" >&2
+  exit 1
+fi
+
+REMOTE_VERSION=$($SSH -v -o PreferredAuthentications=',' -o ControlPath=none "$@" 2>&1 |
                  sed -ne 's/.*remote software version //p')
 
+# shellcheck disable=SC2029
 case "$REMOTE_VERSION" in
   NetScreen*)
     populate_new_ids 1
     for KEY in $(printf "%s" "$NEW_IDS" | cut -d' ' -f2) ; do
-      KEY_NO=$(($KEY_NO + 1))
-      printf "%s\n" "$KEY" | grep ssh-dss >/dev/null || {
+      KEY_NO=$((KEY_NO + 1))
+      printf '%s\n' "$KEY" | grep ssh-dss >/dev/null || {
          printf '%s: WARNING: Non-dsa key (#%d) skipped (NetScreen only supports DSA keys)\n' "$0" "$KEY_NO" >&2
          continue
       }
-      [ "$DRY_RUN" ] || printf 'set ssh pka-dsa key %s\nsave\nexit\n' "$KEY" | ssh -T "$@" >/dev/null 2>&1
+      [ "$DRY_RUN" ] || printf 'set ssh pka-dsa key %s\nsave\nexit\n' "$KEY" | $SSH -T "$@" >/dev/null 2>&1
       if [ $? = 255 ] ; then
         printf '%s: ERROR: installation of key #%d failed (please report a bug describing what caused this, so that we can make this message useful)\n' "$0" "$KEY_NO" >&2
       else
-        ADDED=$(($ADDED + 1))
+        ADDED=$((ADDED + 1))
       fi
     done
     if [ -z "$ADDED" ] ; then
       exit 1
     fi
     ;;
+  dropbear*)
+    populate_new_ids 0
+    [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
+      $SSH "$@" "$(installkeys_sh /etc/dropbear/authorized_keys)" \
+      || exit 1
+    ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
+    ;;
   *)
     # Assuming that the remote host treats ~/.ssh/authorized_keys as one might expect
     populate_new_ids 0
-    # in ssh below - to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
-    #     'cd' to be at $HOME; add a newline if it's missing; and all on one line, because tcsh.
-    [ "$DRY_RUN" ] || printf '%s\n' "$NEW_IDS" | \
-      ssh "$@" "exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && { [ -z "'`tail -1c .ssh/authorized_keys 2>/dev/null`'" ] || echo >> .ssh/authorized_keys ; } && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi'" \
-      || exit 1
+    if ! [ "$DRY_RUN" ] ; then
+      printf '%s\n' "$NEW_IDS" | \
+        if [ "$SFTP" ] ; then
+          #shellcheck disable=SC2119
+          installkeys_via_sftp
+        else
+          $SSH "$@" "$(installkeys_sh)"
+        fi || exit 1
+    fi
     ADDED=$(printf '%s\n' "$NEW_IDS" | wc -l)
     ;;
 esac
@@ -315,7 +368,7 @@
 
 	Number of key(s) added: $ADDED
 
-	Now try logging into the machine, with:   "ssh $SSH_OPTS"
+	Now try logging into the machine, with:   "${SFTP:-ssh} $SSH_OPTS"
 	and check to make sure that only the key(s) you wanted were added.
 
 	EOF

contrib/ssh-copy-id.1

diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
index ae75c79..c141a29 100644
--- a/contrib/ssh-copy-id.1
+++ b/contrib/ssh-copy-id.1
@@ -1,5 +1,5 @@
 .ig \"  -*- nroff -*-
-Copyright (c) 1999-2013 hands.com Ltd. <http://hands.com/>
+Copyright (c) 1999-2020 hands.com Ltd. <http://hands.com/>
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
@@ -31,6 +31,7 @@
 .Nm
 .Op Fl f
 .Op Fl n
+.Op Fl s
 .Op Fl i Op Ar identity_file
 .Op Fl p Ar port
 .Op Fl o Ar ssh_option
@@ -84,6 +85,12 @@
 .It Fl n
 do a dry-run.  Instead of installing keys on the remote system simply
 prints the key(s) that would have been installed.
+.It Fl s
+SFTP mode: usually the public keys are installed by executing commands on the remote side.
+With this option the user's
+.Pa ~/.ssh/authorized_keys
+file will be downloaded, modified locally and uploaded with sftp.
+This option is useful if the server has restrictions on commands which can be used on the remote side.
 .It Fl h , Fl ?
 Print Usage summary
 .It Fl p Ar port , Fl o Ar ssh_option

contrib/suse/openssh.spec

diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index a278905..ee320c7 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
 
 Summary:	OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:		openssh
-Version:	8.3p1
+Version:	8.8p1
 URL:		https://www.openssh.com/
 Release:	1
 Source0:	openssh-%{version}.tar.gz
@@ -75,6 +75,8 @@
 This package contains an X Window System passphrase dialog for OpenSSH.
 
 %changelog
+* Mon Jul 20 2020 Damien Miller <djm@mindrto.org>
+- Add ssh-sk-helper and corresponding manual page.
 * Wed Oct 26 2005 Iain Morgan <imorgan@nas.nasa.gov>
 - Removed accidental inclusion of --without-zlib-version-check
 * Tue Oct 25 2005 Iain Morgan <imorgan@nas.nasa.gov>
@@ -211,6 +213,7 @@
 %attr(0755,root,root) %{_libdir}/ssh/sftp-server
 %attr(4711,root,root) %{_libdir}/ssh/ssh-keysign
 %attr(0755,root,root) %{_libdir}/ssh/ssh-pkcs11-helper
+%attr(0755,root,root) %{_libdir}/ssh/ssh-sk-helper
 %attr(0644,root,root) %doc %{_mandir}/man1/scp.1*
 %attr(0644,root,root) %doc %{_mandir}/man1/sftp.1*
 %attr(0644,root,root) %doc %{_mandir}/man1/ssh.1*
@@ -224,6 +227,7 @@
 %attr(0644,root,root) %doc %{_mandir}/man8/sftp-server.8*
 %attr(0644,root,root) %doc %{_mandir}/man8/ssh-keysign.8*
 %attr(0644,root,root) %doc %{_mandir}/man8/ssh-pkcs11-helper.8*
+%attr(0644,root,root) %doc %{_mandir}/man8/ssh-sk-helper.8*
 %attr(0644,root,root) %doc %{_mandir}/man8/sshd.8*
 %attr(0644,root,root) /var/adm/fillup-templates/sysconfig.ssh
 

crypto_api.h

diff --git a/crypto_api.h b/crypto_api.h
index eb05251..5c3d97e 100644
--- a/crypto_api.h
+++ b/crypto_api.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto_api.h,v 1.5 2019/01/21 10:20:12 djm Exp $ */
+/* $OpenBSD: crypto_api.h,v 1.7 2021/01/08 02:33:13 dtucker Exp $ */
 
 /*
  * Assembled from generated headers and source files by Markus Friedl.
@@ -21,6 +21,8 @@
 typedef uint16_t crypto_uint16;
 typedef int32_t crypto_int32;
 typedef uint32_t crypto_uint32;
+typedef int64_t crypto_int64;
+typedef uint64_t crypto_uint64;
 
 #define randombytes(buf, buf_len) arc4random_buf((buf), (buf_len))
 #define small_random32() arc4random()
@@ -42,15 +44,15 @@
     const unsigned char *, unsigned long long, const unsigned char *);
 int	crypto_sign_ed25519_keypair(unsigned char *, unsigned char *);
 
-#define crypto_kem_sntrup4591761_PUBLICKEYBYTES 1218
-#define crypto_kem_sntrup4591761_SECRETKEYBYTES 1600
-#define crypto_kem_sntrup4591761_CIPHERTEXTBYTES 1047
-#define crypto_kem_sntrup4591761_BYTES 32
+#define crypto_kem_sntrup761_PUBLICKEYBYTES 1158
+#define crypto_kem_sntrup761_SECRETKEYBYTES 1763
+#define crypto_kem_sntrup761_CIPHERTEXTBYTES 1039
+#define crypto_kem_sntrup761_BYTES 32
 
-int	crypto_kem_sntrup4591761_enc(unsigned char *cstr, unsigned char *k,
+int	crypto_kem_sntrup761_enc(unsigned char *cstr, unsigned char *k,
     const unsigned char *pk);
-int	crypto_kem_sntrup4591761_dec(unsigned char *k,
+int	crypto_kem_sntrup761_dec(unsigned char *k,
     const unsigned char *cstr, const unsigned char *sk);
-int	crypto_kem_sntrup4591761_keypair(unsigned char *pk, unsigned char *sk);
+int	crypto_kem_sntrup761_keypair(unsigned char *pk, unsigned char *sk);
 
 #endif /* crypto_api_h */

defines.h

diff --git a/defines.h b/defines.h
index b8ea88b..857abb8 100644
--- a/defines.h
+++ b/defines.h
@@ -304,6 +304,12 @@
 typedef unsigned long long uintmax_t;
 #endif
 
+#if SIZEOF_TIME_T == SIZEOF_LONG_LONG_INT
+# define SSH_TIME_T_MAX LLONG_MAX
+#else
+# define SSH_TIME_T_MAX INT_MAX
+#endif
+
 #ifndef HAVE_U_CHAR
 typedef unsigned char u_char;
 # define HAVE_U_CHAR
@@ -829,10 +835,6 @@
 # define getgroups(a,b) ((a)==0 && (b)==NULL ? NGROUPS_MAX : getgroups((a),(b)))
 #endif
 
-#if defined(HAVE_MMAP) && defined(BROKEN_MMAP)
-# undef HAVE_MMAP
-#endif
-
 #ifndef IOV_MAX
 # if defined(_XOPEN_IOV_MAX)
 #  define	IOV_MAX		_XOPEN_IOV_MAX
@@ -898,4 +900,11 @@
 # define USE_SYSTEM_GLOB
 #endif
 
+/*
+ * sntrup761 uses variable length arrays and c99-style declarations after code,
+ * so only enable if the compiler supports them.
+ */
+#if defined(VARIABLE_LENGTH_ARRAYS) && defined(VARIABLE_DECLARATION_AFTER_CODE)
+# define USE_SNTRUP761X25519 1
+#endif
 #endif /* _DEFINES_H */

dh.c

diff --git a/dh.c b/dh.c
index 7cb135d..ce2eb47 100644
--- a/dh.c
+++ b/dh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.c,v 1.71 2019/09/06 06:08:11 djm Exp $ */
+/* $OpenBSD: dh.c,v 1.74 2021/04/03 06:18:40 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  *
@@ -45,6 +45,18 @@
 
 #include "openbsd-compat/openssl-compat.h"
 
+static const char *moduli_filename;
+
+void dh_set_moduli_file(const char *filename)
+{
+	moduli_filename = filename;
+}
+
+static const char * get_moduli_filename(void)
+{
+	return moduli_filename ? moduli_filename : _PATH_DH_MODULI;
+}
+
 static int
 parse_prime(int linenum, char *line, struct dhgroup *dhg)
 {
@@ -152,9 +164,9 @@
 	int best, bestcount, which, linenum;
 	struct dhgroup dhg;
 
-	if ((f = fopen(_PATH_DH_MODULI, "r")) == NULL) {
+	if ((f = fopen(get_moduli_filename(), "r")) == NULL) {
 		logit("WARNING: could not open %s (%s), using fixed modulus",
-		    _PATH_DH_MODULI, strerror(errno));
+		    get_moduli_filename(), strerror(errno));
 		return (dh_new_group_fallback(max));
 	}
 
@@ -185,7 +197,8 @@
 
 	if (bestcount == 0) {
 		fclose(f);
-		logit("WARNING: no suitable primes in %s", _PATH_DH_MODULI);
+		logit("WARNING: no suitable primes in %s",
+		    get_moduli_filename());
 		return (dh_new_group_fallback(max));
 	}
 	which = arc4random_uniform(bestcount);
@@ -210,7 +223,7 @@
 	fclose(f);
 	if (bestcount != which + 1) {
 		logit("WARNING: selected prime disappeared in %s, giving up",
-		    _PATH_DH_MODULI);
+		    get_moduli_filename());
 		return (dh_new_group_fallback(max));
 	}
 
@@ -240,7 +253,7 @@
 	}
 
 	if ((tmp = BN_new()) == NULL) {
-		error("%s: BN_new failed", __func__);
+		error_f("BN_new failed");
 		return 0;
 	}
 	if (!BN_sub(tmp, dh_p, BN_value_one()) ||
@@ -261,7 +274,7 @@
 	 */
 	if (bits_set < 4) {
 		logit("invalid public DH value (%d/%d)",
-		   bits_set, BN_num_bits(dh_p));
+		    bits_set, BN_num_bits(dh_p));
 		return 0;
 	}
 	return 1;
@@ -458,7 +471,7 @@
 DH *
 dh_new_group_fallback(int max)
 {
-	debug3("%s: requested max size %d", __func__, max);
+	debug3_f("requested max size %d", max);
 	if (max < 3072) {
 		debug3("using 2k bit group 14");
 		return dh_new_group14();

dh.h

diff --git a/dh.h b/dh.h
index 5d6df62..c6326a3 100644
--- a/dh.h
+++ b/dh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh.h,v 1.18 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: dh.h,v 1.19 2021/03/12 04:08:19 dtucker Exp $ */
 
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
@@ -47,6 +47,7 @@
 int	 dh_pub_is_valid(const DH *, const BIGNUM *);
 
 u_int	 dh_estimate(int);
+void	 dh_set_moduli_file(const char *);
 
 /*
  * Max value from RFC4419.

digest-openssl.c

diff --git a/digest-openssl.c b/digest-openssl.c
index dbbea42..e073a80 100644
--- a/digest-openssl.c
+++ b/digest-openssl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest-openssl.c,v 1.7 2017/05/08 22:57:38 djm Exp $ */
+/* $OpenBSD: digest-openssl.c,v 1.9 2020/10/29 02:52:43 djm Exp $ */
 /*
  * Copyright (c) 2013 Damien Miller <djm@mindrot.org>
  *
@@ -56,11 +56,11 @@
 
 /* NB. Indexed directly by algorithm number */
 const struct ssh_digest digests[] = {
-	{ SSH_DIGEST_MD5,	"MD5",	 	16,	EVP_md5 },
-	{ SSH_DIGEST_SHA1,	"SHA1",	 	20,	EVP_sha1 },
-	{ SSH_DIGEST_SHA256,	"SHA256", 	32,	EVP_sha256 },
+	{ SSH_DIGEST_MD5,	"MD5",		16,	EVP_md5 },
+	{ SSH_DIGEST_SHA1,	"SHA1",		20,	EVP_sha1 },
+	{ SSH_DIGEST_SHA256,	"SHA256",	32,	EVP_sha256 },
 	{ SSH_DIGEST_SHA384,	"SHA384",	48,	EVP_sha384 },
-	{ SSH_DIGEST_SHA512,	"SHA512", 	64,	EVP_sha512 },
+	{ SSH_DIGEST_SHA512,	"SHA512",	64,	EVP_sha512 },
 	{ -1,			NULL,		0,	NULL },
 };
 

dns.c

diff --git a/dns.c b/dns.c
index cb375c8..5a078d1 100644
--- a/dns.c
+++ b/dns.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.c,v 1.38 2018/02/23 15:58:37 markus Exp $ */
+/* $OpenBSD: dns.c,v 1.41 2021/07/19 03:13:28 dtucker Exp $ */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -75,6 +75,7 @@
 
 /*
  * Read SSHFP parameters from key buffer.
+ * Caller must free digest which is allocated by sshkey_fingerprint_raw().
  */
 static int
 dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type,
@@ -86,32 +87,21 @@
 	switch (key->type) {
 	case KEY_RSA:
 		*algorithm = SSHFP_KEY_RSA;
-		if (!*digest_type)
-			*digest_type = SSHFP_HASH_SHA1;
 		break;
 	case KEY_DSA:
 		*algorithm = SSHFP_KEY_DSA;
-		if (!*digest_type)
-			*digest_type = SSHFP_HASH_SHA1;
 		break;
 	case KEY_ECDSA:
 		*algorithm = SSHFP_KEY_ECDSA;
-		if (!*digest_type)
-			*digest_type = SSHFP_HASH_SHA256;
 		break;
 	case KEY_ED25519:
 		*algorithm = SSHFP_KEY_ED25519;
-		if (!*digest_type)
-			*digest_type = SSHFP_HASH_SHA256;
 		break;
 	case KEY_XMSS:
 		*algorithm = SSHFP_KEY_XMSS;
-		if (!*digest_type)
-			*digest_type = SSHFP_HASH_SHA256;
 		break;
 	default:
 		*algorithm = SSHFP_KEY_RESERVED; /* 0 */
-		*digest_type = SSHFP_HASH_RESERVED; /* 0 */
 	}
 
 	switch (*digest_type) {
@@ -128,13 +118,11 @@
 	if (*algorithm && *digest_type) {
 		if ((r = sshkey_fingerprint_raw(key, fp_alg, digest,
 		    digest_len)) != 0)
-			fatal("%s: sshkey_fingerprint_raw: %s", __func__,
-			   ssh_err(r));
+			fatal_fr(r, "sshkey_fingerprint_raw");
 		success = 1;
 	} else {
 		*digest = NULL;
 		*digest_len = 0;
-		success = 0;
 	}
 
 	return success;
@@ -213,7 +201,6 @@
 	struct rrsetinfo *fingerprints = NULL;
 
 	u_int8_t hostkey_algorithm;
-	u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED;
 	u_char *hostkey_digest;
 	size_t hostkey_digest_len;
 
@@ -255,16 +242,6 @@
 		    fingerprints->rri_nrdatas);
 	}
 
-	/* Initialize default host key parameters */
-	if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type,
-	    &hostkey_digest, &hostkey_digest_len, hostkey)) {
-		error("Error calculating host key fingerprint.");
-#if !defined(ANDROID)
-		freerrset(fingerprints);
-#endif
-		return -1;
-	}
-
 	if (fingerprints->rri_nrdatas)
 		*flags |= DNS_VERIFY_FOUND;
 
@@ -280,39 +257,45 @@
 			verbose("Error parsing fingerprint from DNS.");
 			continue;
 		}
+		debug3_f("checking SSHFP type %d fptype %d", dnskey_algorithm,
+		    dnskey_digest_type);
 
-		if (hostkey_digest_type != dnskey_digest_type) {
-			hostkey_digest_type = dnskey_digest_type;
-			free(hostkey_digest);
-
-			/* Initialize host key parameters */
-			if (!dns_read_key(&hostkey_algorithm,
-			    &hostkey_digest_type, &hostkey_digest,
-			    &hostkey_digest_len, hostkey)) {
-				error("Error calculating key fingerprint.");
+		/* Calculate host key fingerprint. */
+		if (!dns_read_key(&hostkey_algorithm, &dnskey_digest_type,
+		    &hostkey_digest, &hostkey_digest_len, hostkey)) {
+			error("Error calculating key fingerprint.");
 #if !defined(ANDROID)
-				freerrset(fingerprints);
+			freerrset(fingerprints);
 #endif
-				return -1;
-			}
+			return -1;
 		}
 
 		/* Check if the current key is the same as the given key */
 		if (hostkey_algorithm == dnskey_algorithm &&
-		    hostkey_digest_type == dnskey_digest_type) {
-			if (hostkey_digest_len == dnskey_digest_len &&
-			    timingsafe_bcmp(hostkey_digest, dnskey_digest,
-			    hostkey_digest_len) == 0)
+		    hostkey_digest_len == dnskey_digest_len) {
+			if (timingsafe_bcmp(hostkey_digest, dnskey_digest,
+			    hostkey_digest_len) == 0) {
+				debug_f("matched SSHFP type %d fptype %d",
+				    dnskey_algorithm, dnskey_digest_type);
 				*flags |= DNS_VERIFY_MATCH;
+			} else {
+				debug_f("failed SSHFP type %d fptype %d",
+				    dnskey_algorithm, dnskey_digest_type);
+				*flags |= DNS_VERIFY_FAILED;
+			}
 		}
 		free(dnskey_digest);
+		free(hostkey_digest); /* from sshkey_fingerprint_raw() */
 	}
 
-	free(hostkey_digest); /* from sshkey_fingerprint_raw() */
 #if !defined(ANDROID)
 	freerrset(fingerprints);
 #endif
 
+	/* If any fingerprint failed to validate, return failure. */
+	if (*flags & DNS_VERIFY_FAILED)
+		*flags &= ~DNS_VERIFY_MATCH;
+
 	if (*flags & DNS_VERIFY_FOUND)
 		if (*flags & DNS_VERIFY_MATCH)
 			debug("matching host key fingerprint found in DNS");
@@ -360,7 +343,7 @@
 
 	/* No SSHFP record was generated at all */
 	if (success == 0) {
-		error("%s: unsupported algorithm and/or digest_type", __func__);
+		error_f("unsupported algorithm and/or digest_type");
 	}
 
 	return success;

dns.h

diff --git a/dns.h b/dns.h
index 91f3c63..c9b61c4 100644
--- a/dns.h
+++ b/dns.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dns.h,v 1.18 2018/02/23 15:58:37 markus Exp $ */
+/* $OpenBSD: dns.h,v 1.19 2021/07/19 03:13:28 dtucker Exp $ */
 
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
@@ -50,6 +50,7 @@
 #define DNS_VERIFY_FOUND	0x00000001
 #define DNS_VERIFY_MATCH	0x00000002
 #define DNS_VERIFY_SECURE	0x00000004
+#define DNS_VERIFY_FAILED	0x00000008
 
 int	verify_host_key_dns(const char *, struct sockaddr *,
     struct sshkey *, int *);

entropy.c

diff --git a/entropy.c b/entropy.c
index 19ddeea..a4088e4 100644
--- a/entropy.c
+++ b/entropy.c
@@ -29,20 +29,12 @@
 #ifdef WITH_OPENSSL
 
 #include <sys/types.h>
-#include <sys/socket.h>
-#ifdef HAVE_SYS_UN_H
-# include <sys/un.h>
-#endif
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
 
 #include <errno.h>
 #include <signal.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <stddef.h> /* for offsetof */
 
 #include <openssl/rand.h>
 #include <openssl/crypto.h>
@@ -67,121 +59,6 @@
  */
 #ifndef OPENSSL_PRNG_ONLY
 
-/*
- * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
- * listening either on 'tcp_port', or via Unix domain socket at *
- * 'socket_path'.
- * Either a non-zero tcp_port or a non-null socket_path must be
- * supplied.
- * Returns 0 on success, -1 on error
- */
-int
-get_random_bytes_prngd(unsigned char *buf, int len,
-    unsigned short tcp_port, char *socket_path)
-{
-	int fd, addr_len, rval, errors;
-	u_char msg[2];
-	struct sockaddr_storage addr;
-	struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
-	struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
-	sshsig_t old_sigpipe;
-
-	/* Sanity checks */
-	if (socket_path == NULL && tcp_port == 0)
-		fatal("You must specify a port or a socket");
-	if (socket_path != NULL &&
-	    strlen(socket_path) >= sizeof(addr_un->sun_path))
-		fatal("Random pool path is too long");
-	if (len <= 0 || len > 255)
-		fatal("Too many bytes (%d) to read from PRNGD", len);
-
-	memset(&addr, '\0', sizeof(addr));
-
-	if (tcp_port != 0) {
-		addr_in->sin_family = AF_INET;
-		addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-		addr_in->sin_port = htons(tcp_port);
-		addr_len = sizeof(*addr_in);
-	} else {
-		addr_un->sun_family = AF_UNIX;
-		strlcpy(addr_un->sun_path, socket_path,
-		    sizeof(addr_un->sun_path));
-		addr_len = offsetof(struct sockaddr_un, sun_path) +
-		    strlen(socket_path) + 1;
-	}
-
-	old_sigpipe = ssh_signal(SIGPIPE, SIG_IGN);
-
-	errors = 0;
-	rval = -1;
-reopen:
-	fd = socket(addr.ss_family, SOCK_STREAM, 0);
-	if (fd == -1) {
-		error("Couldn't create socket: %s", strerror(errno));
-		goto done;
-	}
-
-	if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
-		if (tcp_port != 0) {
-			error("Couldn't connect to PRNGD port %d: %s",
-			    tcp_port, strerror(errno));
-		} else {
-			error("Couldn't connect to PRNGD socket \"%s\": %s",
-			    addr_un->sun_path, strerror(errno));
-		}
-		goto done;
-	}
-
-	/* Send blocking read request to PRNGD */
-	msg[0] = 0x02;
-	msg[1] = len;
-
-	if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) {
-		if (errno == EPIPE && errors < 10) {
-			close(fd);
-			errors++;
-			goto reopen;
-		}
-		error("Couldn't write to PRNGD socket: %s",
-		    strerror(errno));
-		goto done;
-	}
-
-	if (atomicio(read, fd, buf, len) != (size_t)len) {
-		if (errno == EPIPE && errors < 10) {
-			close(fd);
-			errors++;
-			goto reopen;
-		}
-		error("Couldn't read from PRNGD socket: %s",
-		    strerror(errno));
-		goto done;
-	}
-
-	rval = 0;
-done:
-	ssh_signal(SIGPIPE, old_sigpipe);
-	if (fd != -1)
-		close(fd);
-	return rval;
-}
-
-static int
-seed_from_prngd(unsigned char *buf, size_t bytes)
-{
-#ifdef PRNGD_PORT
-	debug("trying egd/prngd port %d", PRNGD_PORT);
-	if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
-		return 0;
-#endif
-#ifdef PRNGD_SOCKET
-	debug("trying egd/prngd socket %s", PRNGD_SOCKET);
-	if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
-		return 0;
-#endif
-	return -1;
-}
-
 void
 rexec_send_rng_seed(struct sshbuf *m)
 {

fatal.c

diff --git a/fatal.c b/fatal.c
index 5e5aa3f..16fbd32 100644
--- a/fatal.c
+++ b/fatal.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: fatal.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: fatal.c,v 1.11 2020/10/19 08:07:08 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -34,12 +34,13 @@
 /* Fatal messages.  This function never returns. */
 
 void
-fatal(const char *fmt,...)
+sshfatal(const char *file, const char *func, int line, int showfunc,
+    LogLevel level, const char *suffix, const char *fmt, ...)
 {
 	va_list args;
 
 	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_FATAL, fmt, args);
+	sshlogv(file, func, line, showfunc, level, suffix, fmt, args);
 	va_end(args);
 	cleanup_exit(255);
 }

gss-genr.c

diff --git a/gss-genr.c b/gss-genr.c
index d56257b..6852805 100644
--- a/gss-genr.c
+++ b/gss-genr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gss-genr.c,v 1.26 2018/07/10 09:13:30 djm Exp $ */
+/* $OpenBSD: gss-genr.c,v 1.28 2021/01/27 10:05:28 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
@@ -44,9 +44,6 @@
 
 #include "ssh-gss.h"
 
-extern u_char *session_id2;
-extern u_int session_id2_len;
-
 /* sshbuf_get for gss_buffer_desc */
 int
 ssh_gssapi_get_buffer_desc(struct sshbuf *b, gss_buffer_desc *g)
@@ -115,7 +112,7 @@
 	int r;
 
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	if (major_status != NULL)
 		*major_status = ctxt->major;
@@ -130,7 +127,7 @@
 
 		if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 ||
 		    (r = sshbuf_put_u8(b, '\n')) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble GSS_CODE");
 
 		gss_release_buffer(&lmin, &msg);
 	} while (ctx != 0);
@@ -142,13 +139,13 @@
 
 		if ((r = sshbuf_put(b, msg.value, msg.length)) != 0 ||
 		    (r = sshbuf_put_u8(b, '\n')) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble MECH_CODE");
 
 		gss_release_buffer(&lmin, &msg);
 	} while (ctx != 0);
 
 	if ((r = sshbuf_put_u8(b, '\n')) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble newline");
 	ret = xstrdup((const char *)sshbuf_ptr(b));
 	sshbuf_free(b);
 	return (ret);
@@ -259,17 +256,17 @@
 
 void
 ssh_gssapi_buildmic(struct sshbuf *b, const char *user, const char *service,
-    const char *context)
+    const char *context, const struct sshbuf *session_id)
 {
 	int r;
 
 	sshbuf_reset(b);
-	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
+	if ((r = sshbuf_put_stringb(b, session_id)) != 0 ||
 	    (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 	    (r = sshbuf_put_cstring(b, user)) != 0 ||
 	    (r = sshbuf_put_cstring(b, service)) != 0 ||
 	    (r = sshbuf_put_cstring(b, context)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble buildmic");
 }
 
 int

hash.c

diff --git a/hash.c b/hash.c
index fb81e47..b4f8f6c 100644
--- a/hash.c
+++ b/hash.c
@@ -1,5 +1,3 @@
-/* $OpenBSD: hash.c,v 1.4 2017/12/14 21:07:39 naddy Exp $ */
-
 /* $OpenBSD: hash.c,v 1.6 2019/11/29 00:11:21 djm Exp $ */
 /*
  * Public domain. Author: Christian Weisgerber <naddy@openbsd.org>

hostfile.c

diff --git a/hostfile.c b/hostfile.c
index a4a3559..ce00cd7 100644
--- a/hostfile.c
+++ b/hostfile.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.c,v 1.79 2020/03/06 18:25:12 markus Exp $ */
+/* $OpenBSD: hostfile.c,v 1.91 2021/07/05 01:16:46 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -57,14 +57,11 @@
 #include "hostfile.h"
 #include "log.h"
 #include "misc.h"
+#include "pathnames.h"
 #include "ssherr.h"
 #include "digest.h"
 #include "hmac.h"
-
-struct hostkeys {
-	struct hostkey_entry *entries;
-	u_int num_entries;
-};
+#include "sshbuf.h"
 
 /* XXX hmac is too easy to dictionary attack; use bcrypt? */
 
@@ -140,12 +137,12 @@
 	    ssh_hmac_init(ctx, salt, len) < 0 ||
 	    ssh_hmac_update(ctx, host, strlen(host)) < 0 ||
 	    ssh_hmac_final(ctx, result, sizeof(result)))
-		fatal("%s: ssh_hmac failed", __func__);
+		fatal_f("ssh_hmac failed");
 	ssh_hmac_free(ctx);
 
 	if (__b64_ntop(salt, len, uu_salt, sizeof(uu_salt)) == -1 ||
 	    __b64_ntop(result, len, uu_result, sizeof(uu_result)) == -1)
-		fatal("%s: __b64_ntop failed", __func__);
+		fatal_f("__b64_ntop failed");
 
 	snprintf(encoded, sizeof(encoded), "%s%s%c%s", HASH_MAGIC, uu_salt,
 	    HASH_DELIM, uu_result);
@@ -245,7 +242,7 @@
 		return 0;
 	}
 
-	debug3("%s: found %skey type %s in file %s:%lu", __func__,
+	debug3_f("found %skey type %s in file %s:%lu",
 	    l->marker == MRK_NONE ? "" :
 	    (l->marker == MRK_CA ? "ca " : "revoked "),
 	    sshkey_type(l->key), l->path, l->linenum);
@@ -259,6 +256,7 @@
 	hostkeys->entries[hostkeys->num_entries].key = l->key;
 	l->key = NULL; /* steal it */
 	hostkeys->entries[hostkeys->num_entries].marker = l->marker;
+	hostkeys->entries[hostkeys->num_entries].note = l->note;
 	hostkeys->num_entries++;
 	ctx->num_loaded++;
 
@@ -266,7 +264,8 @@
 }
 
 void
-load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path)
+load_hostkeys_file(struct hostkeys *hostkeys, const char *host,
+    const char *path, FILE *f, u_int note)
 {
 	int r;
 	struct load_callback_ctx ctx;
@@ -275,15 +274,28 @@
 	ctx.num_loaded = 0;
 	ctx.hostkeys = hostkeys;
 
-	if ((r = hostkeys_foreach(path, record_hostkey, &ctx, host, NULL,
-	    HKF_WANT_MATCH|HKF_WANT_PARSE_KEY)) != 0) {
+	if ((r = hostkeys_foreach_file(path, f, record_hostkey, &ctx, host,
+	    NULL, HKF_WANT_MATCH|HKF_WANT_PARSE_KEY, note)) != 0) {
 		if (r != SSH_ERR_SYSTEM_ERROR && errno != ENOENT)
-			debug("%s: hostkeys_foreach failed for %s: %s",
-			    __func__, path, ssh_err(r));
+			debug_fr(r, "hostkeys_foreach failed for %s", path);
 	}
 	if (ctx.num_loaded != 0)
-		debug3("%s: loaded %lu keys from %s", __func__,
-		    ctx.num_loaded, host);
+		debug3_f("loaded %lu keys from %s", ctx.num_loaded, host);
+}
+
+void
+load_hostkeys(struct hostkeys *hostkeys, const char *host, const char *path,
+    u_int note)
+{
+	FILE *f;
+
+	if ((f = fopen(path, "r")) == NULL) {
+		debug_f("fopen %s: %s", path, strerror(errno));
+		return;
+	}
+
+	load_hostkeys_file(hostkeys, host, path, f, note);
+	fclose(f);
 }
 
 void
@@ -337,7 +349,7 @@
  */
 static HostStatus
 check_hostkeys_by_key_or_type(struct hostkeys *hostkeys,
-    struct sshkey *k, int keytype, const struct hostkey_entry **found)
+    struct sshkey *k, int keytype, int nid, const struct hostkey_entry **found)
 {
 	u_int i;
 	HostStatus end_return = HOST_NEW;
@@ -353,6 +365,10 @@
 		if (k == NULL) {
 			if (hostkeys->entries[i].key->type != keytype)
 				continue;
+			if (nid != -1 &&
+			    sshkey_type_plain(keytype) == KEY_ECDSA &&
+			    hostkeys->entries[i].key->ecdsa_nid != nid)
+				continue;
 			end_return = HOST_FOUND;
 			if (found != NULL)
 				*found = hostkeys->entries + i;
@@ -375,7 +391,7 @@
 					*found = hostkeys->entries + i;
 				break;
 			}
-			/* A non-maching key exists */
+			/* A non-matching key exists */
 			end_return = HOST_CHANGED;
 			if (found != NULL)
 				*found = hostkeys->entries + i;
@@ -395,17 +411,29 @@
 {
 	if (key == NULL)
 		fatal("no key to look up");
-	return check_hostkeys_by_key_or_type(hostkeys, key, 0, found);
+	return check_hostkeys_by_key_or_type(hostkeys, key, 0, -1, found);
 }
 
 int
-lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype,
+lookup_key_in_hostkeys_by_type(struct hostkeys *hostkeys, int keytype, int nid,
     const struct hostkey_entry **found)
 {
-	return (check_hostkeys_by_key_or_type(hostkeys, NULL, keytype,
+	return (check_hostkeys_by_key_or_type(hostkeys, NULL, keytype, nid,
 	    found) == HOST_FOUND);
 }
 
+int
+lookup_marker_in_hostkeys(struct hostkeys *hostkeys, int want_marker)
+{
+	u_int i;
+
+	for (i = 0; i < hostkeys->num_entries; i++) {
+		if (hostkeys->entries[i].marker == (HostkeyMarker)want_marker)
+			return 1;
+	}
+	return 0;
+}
+
 static int
 write_host_entry(FILE *f, const char *host, const char *ip,
     const struct sshkey *key, int store_hash)
@@ -418,7 +446,7 @@
 
 	if (store_hash) {
 		if ((hashed_host = host_hash(lhost, NULL, 0)) == NULL) {
-			error("%s: host_hash failed", __func__);
+			error_f("host_hash failed");
 			free(lhost);
 			return 0;
 		}
@@ -432,12 +460,53 @@
 	if ((r = sshkey_write(key, f)) == 0)
 		success = 1;
 	else
-		error("%s: sshkey_write failed: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_write");
 	fputc('\n', f);
+	/* If hashing is enabled, the IP address needs to go on its own line */
+	if (success && store_hash && ip != NULL)
+		success = write_host_entry(f, ip, NULL, key, 1);
 	return success;
 }
 
 /*
+ * Create user ~/.ssh directory if it doesn't exist and we want to write to it.
+ * If notify is set, a message will be emitted if the directory is created.
+ */
+void
+hostfile_create_user_ssh_dir(const char *filename, int notify)
+{
+	char *dotsshdir = NULL, *p;
+	size_t len;
+	struct stat st;
+
+	if ((p = strrchr(filename, '/')) == NULL)
+		return;
+	len = p - filename;
+	dotsshdir = tilde_expand_filename("~/" _PATH_SSH_USER_DIR, getuid());
+	if (strlen(dotsshdir) > len || strncmp(filename, dotsshdir, len) != 0)
+		goto out; /* not ~/.ssh prefixed */
+	if (stat(dotsshdir, &st) == 0)
+		goto out; /* dir already exists */
+	else if (errno != ENOENT)
+		error("Could not stat %s: %s", dotsshdir, strerror(errno));
+	else {
+#ifdef WITH_SELINUX
+		ssh_selinux_setfscreatecon(dotsshdir);
+#endif
+		if (mkdir(dotsshdir, 0700) == -1)
+			error("Could not create directory '%.200s' (%s).",
+			    dotsshdir, strerror(errno));
+		else if (notify)
+			logit("Created directory '%s'.", dotsshdir);
+#ifdef WITH_SELINUX
+		ssh_selinux_setfscreatecon(NULL);
+#endif
+	}
+ out:
+	free(dotsshdir);
+}
+
+/*
  * Appends an entry to the host file.  Returns false if the entry could not
  * be appended.
  */
@@ -450,6 +519,7 @@
 
 	if (key == NULL)
 		return 1;	/* XXX ? */
+	hostfile_create_user_ssh_dir(filename, 0);
 	f = fopen(filename, "a");
 	if (!f)
 		return 0;
@@ -461,8 +531,8 @@
 struct host_delete_ctx {
 	FILE *out;
 	int quiet;
-	const char *host;
-	int *skip_keys; /* XXX split for host/ip? might want to ensure both */
+	const char *host, *ip;
+	u_int *match_keys;	/* mask of HKF_MATCH_* for this key */
 	struct sshkey * const *keys;
 	size_t nkeys;
 	int modified;
@@ -475,26 +545,21 @@
 	int loglevel = ctx->quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_VERBOSE;
 	size_t i;
 
-	if (l->status == HKF_STATUS_MATCHED) {
-		if (l->marker != MRK_NONE) {
-			/* Don't remove CA and revocation lines */
-			fprintf(ctx->out, "%s\n", l->line);
-			return 0;
-		}
-
+	/* Don't remove CA and revocation lines */
+	if (l->status == HKF_STATUS_MATCHED && l->marker == MRK_NONE) {
 		/*
 		 * If this line contains one of the keys that we will be
 		 * adding later, then don't change it and mark the key for
 		 * skipping.
 		 */
 		for (i = 0; i < ctx->nkeys; i++) {
-			if (sshkey_equal(ctx->keys[i], l->key)) {
-				ctx->skip_keys[i] = 1;
-				fprintf(ctx->out, "%s\n", l->line);
-				debug3("%s: %s key already at %s:%ld", __func__,
-				    sshkey_type(l->key), l->path, l->linenum);
-				return 0;
-			}
+			if (!sshkey_equal(ctx->keys[i], l->key))
+				continue;
+			ctx->match_keys[i] |= l->match;
+			fprintf(ctx->out, "%s\n", l->line);
+			debug3_f("%s key already at %s:%ld",
+			    sshkey_type(l->key), l->path, l->linenum);
+			return 0;
 		}
 
 		/*
@@ -525,15 +590,19 @@
 	int loglevel = quiet ? SYSLOG_LEVEL_DEBUG1 : SYSLOG_LEVEL_VERBOSE;
 	struct host_delete_ctx ctx;
 	char *fp, *temp = NULL, *back = NULL;
+	const char *what;
 	mode_t omask;
 	size_t i;
+	u_int want;
 
 	omask = umask(077);
 
 	memset(&ctx, 0, sizeof(ctx));
 	ctx.host = host;
+	ctx.ip = ip;
 	ctx.quiet = quiet;
-	if ((ctx.skip_keys = calloc(nkeys, sizeof(*ctx.skip_keys))) == NULL)
+
+	if ((ctx.match_keys = calloc(nkeys, sizeof(*ctx.match_keys))) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
 	ctx.keys = keys;
 	ctx.nkeys = nkeys;
@@ -550,43 +619,65 @@
 
 	if ((fd = mkstemp(temp)) == -1) {
 		oerrno = errno;
-		error("%s: mkstemp: %s", __func__, strerror(oerrno));
+		error_f("mkstemp: %s", strerror(oerrno));
 		r = SSH_ERR_SYSTEM_ERROR;
 		goto fail;
 	}
 	if ((ctx.out = fdopen(fd, "w")) == NULL) {
 		oerrno = errno;
 		close(fd);
-		error("%s: fdopen: %s", __func__, strerror(oerrno));
+		error_f("fdopen: %s", strerror(oerrno));
 		r = SSH_ERR_SYSTEM_ERROR;
 		goto fail;
 	}
 
-	/* Remove all entries for the specified host from the file */
+	/* Remove stale/mismatching entries for the specified host */
 	if ((r = hostkeys_foreach(filename, host_delete, &ctx, host, ip,
-	    HKF_WANT_PARSE_KEY)) != 0) {
+	    HKF_WANT_PARSE_KEY, 0)) != 0) {
 		oerrno = errno;
-		error("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
+		error_fr(r, "hostkeys_foreach");
 		goto fail;
 	}
 
-	/* Add the requested keys */
+	/* Re-add the requested keys */
+	want = HKF_MATCH_HOST | (ip == NULL ? 0 : HKF_MATCH_IP);
 	for (i = 0; i < nkeys; i++) {
-		if (ctx.skip_keys[i])
+		if ((want & ctx.match_keys[i]) == want)
 			continue;
 		if ((fp = sshkey_fingerprint(keys[i], hash_alg,
 		    SSH_FP_DEFAULT)) == NULL) {
 			r = SSH_ERR_ALLOC_FAIL;
 			goto fail;
 		}
-		do_log2(loglevel, "%s%sAdding new key for %s to %s: %s %s",
-		    quiet ? __func__ : "", quiet ? ": " : "", host, filename,
+		/* write host/ip */
+		what = "";
+		if (ctx.match_keys[i] == 0) {
+			what = "Adding new key";
+			if (!write_host_entry(ctx.out, host, ip,
+			    keys[i], store_hash)) {
+				r = SSH_ERR_INTERNAL_ERROR;
+				goto fail;
+			}
+		} else if ((want & ~ctx.match_keys[i]) == HKF_MATCH_HOST) {
+			what = "Fixing match (hostname)";
+			if (!write_host_entry(ctx.out, host, NULL,
+			    keys[i], store_hash)) {
+				r = SSH_ERR_INTERNAL_ERROR;
+				goto fail;
+			}
+		} else if ((want & ~ctx.match_keys[i]) == HKF_MATCH_IP) {
+			what = "Fixing match (address)";
+			if (!write_host_entry(ctx.out, ip, NULL,
+			    keys[i], store_hash)) {
+				r = SSH_ERR_INTERNAL_ERROR;
+				goto fail;
+			}
+		}
+		do_log2(loglevel, "%s%s%s for %s%s%s to %s: %s %s",
+		    quiet ? __func__ : "", quiet ? ": " : "", what,
+		    host, ip == NULL ? "" : ",", ip == NULL ? "" : ip, filename,
 		    sshkey_ssh_name(keys[i]), fp);
 		free(fp);
-		if (!write_host_entry(ctx.out, host, ip, keys[i], store_hash)) {
-			r = SSH_ERR_INTERNAL_ERROR;
-			goto fail;
-		}
 		ctx.modified = 1;
 	}
 	fclose(ctx.out);
@@ -596,30 +687,28 @@
 		/* Backup the original file and replace it with the temporary */
 		if (unlink(back) == -1 && errno != ENOENT) {
 			oerrno = errno;
-			error("%s: unlink %.100s: %s", __func__,
-			    back, strerror(errno));
+			error_f("unlink %.100s: %s", back, strerror(errno));
 			r = SSH_ERR_SYSTEM_ERROR;
 			goto fail;
 		}
 		if (link(filename, back) == -1) {
 			oerrno = errno;
-			error("%s: link %.100s to %.100s: %s", __func__,
-			    filename, back, strerror(errno));
+			error_f("link %.100s to %.100s: %s", filename,
+			    back, strerror(errno));
 			r = SSH_ERR_SYSTEM_ERROR;
 			goto fail;
 		}
 		if (rename(temp, filename) == -1) {
 			oerrno = errno;
-			error("%s: rename \"%s\" to \"%s\": %s", __func__,
-			    temp, filename, strerror(errno));
+			error_f("rename \"%s\" to \"%s\": %s", temp,
+			    filename, strerror(errno));
 			r = SSH_ERR_SYSTEM_ERROR;
 			goto fail;
 		}
 	} else {
 		/* No changes made; just delete the temporary file */
 		if (unlink(temp) != 0)
-			error("%s: unlink \"%s\": %s", __func__,
-			    temp, strerror(errno));
+			error_f("unlink \"%s\": %s", temp, strerror(errno));
 	}
 
 	/* success */
@@ -631,7 +720,7 @@
 	free(back);
 	if (ctx.out != NULL)
 		fclose(ctx.out);
-	free(ctx.skip_keys);
+	free(ctx.match_keys);
 	umask(omask);
 	if (r == SSH_ERR_SYSTEM_ERROR)
 		errno = oerrno;
@@ -657,10 +746,9 @@
 }
 
 int
-hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
-    const char *host, const char *ip, u_int options)
+hostkeys_foreach_file(const char *path, FILE *f, hostkeys_foreach_fn *callback,
+    void *ctx, const char *host, const char *ip, u_int options, u_int note)
 {
-	FILE *f;
 	char *line = NULL, ktype[128];
 	u_long linenum = 0;
 	char *cp, *cp2;
@@ -673,10 +761,7 @@
 	memset(&lineinfo, 0, sizeof(lineinfo));
 	if (host == NULL && (options & HKF_WANT_MATCH) != 0)
 		return SSH_ERR_INVALID_ARGUMENT;
-	if ((f = fopen(path, "r")) == NULL)
-		return SSH_ERR_SYSTEM_ERROR;
 
-	debug3("%s: reading file \"%s\"", __func__, path);
 	while (getline(&line, &linesize, f) != -1) {
 		linenum++;
 		line[strcspn(line, "\n")] = '\0';
@@ -690,6 +775,7 @@
 		lineinfo.marker = MRK_NONE;
 		lineinfo.status = HKF_STATUS_OK;
 		lineinfo.keytype = KEY_UNSPEC;
+		lineinfo.note = note;
 
 		/* Skip any leading whitespace, comments and empty lines. */
 		for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
@@ -704,8 +790,7 @@
 		}
 
 		if ((lineinfo.marker = check_markers(&cp)) == MRK_ERROR) {
-			verbose("%s: invalid marker at %s:%lu",
-			    __func__, path, linenum);
+			verbose_f("invalid marker at %s:%lu", path, linenum);
 			if ((options & HKF_WANT_MATCH) == 0)
 				goto bad;
 			continue;
@@ -721,8 +806,8 @@
 		if (host != NULL) {
 			if ((s = match_maybe_hashed(host, lineinfo.hosts,
 			    &hashed)) == -1) {
-				debug2("%s: %s:%ld: bad host hash \"%.32s\"",
-				    __func__, path, linenum, lineinfo.hosts);
+				debug2_f("%s:%ld: bad host hash \"%.32s\"",
+				    path, linenum, lineinfo.hosts);
 				goto bad;
 			}
 			if (s == 1) {
@@ -734,9 +819,9 @@
 			if (ip != NULL) {
 				if ((s = match_maybe_hashed(ip, lineinfo.hosts,
 				    &hashed)) == -1) {
-					debug2("%s: %s:%ld: bad ip hash "
-					    "\"%.32s\"", __func__, path,
-					    linenum, lineinfo.hosts);
+					debug2_f("%s:%ld: bad ip hash "
+					    "\"%.32s\"", path, linenum,
+					    lineinfo.hosts);
 					goto bad;
 				}
 				if (s == 1) {
@@ -771,7 +856,7 @@
 			 * lines.
 			 */
 			if ((lineinfo.key = sshkey_new(KEY_UNSPEC)) == NULL) {
-				error("%s: sshkey_new failed", __func__);
+				error_f("sshkey_new failed");
 				r = SSH_ERR_ALLOC_FAIL;
 				break;
 			}
@@ -827,6 +912,24 @@
 	sshkey_free(lineinfo.key);
 	free(lineinfo.line);
 	free(line);
+	return r;
+}
+
+int
+hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
+    const char *host, const char *ip, u_int options, u_int note)
+{
+	FILE *f;
+	int r, oerrno;
+
+	if ((f = fopen(path, "r")) == NULL)
+		return SSH_ERR_SYSTEM_ERROR;
+
+	debug3_f("reading file \"%s\"", path);
+	r = hostkeys_foreach_file(path, f, callback, ctx, host, ip,
+	    options, note);
+	oerrno = errno;
 	fclose(f);
+	errno = oerrno;
 	return r;
 }

hostfile.h

diff --git a/hostfile.h b/hostfile.h
index bd21043..a24a4e3 100644
--- a/hostfile.h
+++ b/hostfile.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostfile.h,v 1.24 2015/02/16 22:08:57 djm Exp $ */
+/* $OpenBSD: hostfile.h,v 1.29 2021/01/26 00:51:30 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -28,17 +28,25 @@
 	u_long line;
 	struct sshkey *key;
 	HostkeyMarker marker;
+	u_int note; /* caller-specific note/flag */
 };
-struct hostkeys;
+struct hostkeys {
+	struct hostkey_entry *entries;
+	u_int num_entries;
+};
 
 struct hostkeys *init_hostkeys(void);
-void	 load_hostkeys(struct hostkeys *, const char *, const char *);
+void	 load_hostkeys(struct hostkeys *, const char *,
+    const char *, u_int);
+void	 load_hostkeys_file(struct hostkeys *, const char *,
+    const char *, FILE *, u_int note);
 void	 free_hostkeys(struct hostkeys *);
 
 HostStatus check_key_in_hostkeys(struct hostkeys *, struct sshkey *,
     const struct hostkey_entry **);
-int	 lookup_key_in_hostkeys_by_type(struct hostkeys *, int,
+int	 lookup_key_in_hostkeys_by_type(struct hostkeys *, int, int,
     const struct hostkey_entry **);
+int	 lookup_marker_in_hostkeys(struct hostkeys *, int);
 
 int	 hostfile_read_key(char **, u_int *, struct sshkey *);
 int	 add_host_to_hostfile(const char *, const char *,
@@ -92,6 +100,7 @@
 	int keytype;	/* Type of key; KEY_UNSPEC for invalid/comment lines */
 	struct sshkey *key; /* Key, if parsed ok and HKF_WANT_MATCH_HOST set */
 	const char *comment; /* Any comment following the key */
+	u_int note;	/* caller-specified note copied from arguments */
 };
 
 /*
@@ -102,7 +111,13 @@
 typedef int hostkeys_foreach_fn(struct hostkey_foreach_line *l, void *ctx);
 
 /* Iterate over a hostkeys file */
-int hostkeys_foreach(const char *path, hostkeys_foreach_fn *callback, void *ctx,
-    const char *host, const char *ip, u_int options);
+int hostkeys_foreach(const char *path,
+    hostkeys_foreach_fn *callback, void *ctx,
+    const char *host, const char *ip, u_int options, u_int note);
+int hostkeys_foreach_file(const char *path, FILE *f,
+    hostkeys_foreach_fn *callback, void *ctx,
+    const char *host, const char *ip, u_int options, u_int note);
+
+void hostfile_create_user_ssh_dir(const char *, int);
 
 #endif

int32_minmax.inc

diff --git a/int32_minmax.inc b/int32_minmax.inc
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/int32_minmax.inc

kex.c

diff --git a/kex.c b/kex.c
index 09c7258..709a0ec 100644
--- a/kex.c
+++ b/kex.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.c,v 1.158 2020/03/13 04:01:56 djm Exp $ */
+/* $OpenBSD: kex.c,v 1.168 2021/04/03 06:18:40 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  *
@@ -110,8 +110,10 @@
 #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
 	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
 	{ KEX_CURVE25519_SHA256_OLD, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
-	{ KEX_SNTRUP4591761X25519_SHA512, KEX_KEM_SNTRUP4591761X25519_SHA512, 0,
+#ifdef USE_SNTRUP761X25519
+	{ KEX_SNTRUP761X25519_SHA512, KEX_KEM_SNTRUP761X25519_SHA512, 0,
 	    SSH_DIGEST_SHA512 },
+#endif
 #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
 	{ NULL, 0, -1, -1},
 };
@@ -247,7 +249,7 @@
 		list = tmp;
 	} else if (*list == '-') {
 		/* Remove names from default list */
-		if ((*listp = match_filter_blacklist(def, list + 1)) == NULL) {
+		if ((*listp = match_filter_denylist(def, list + 1)) == NULL) {
 			r = SSH_ERR_ALLOC_FAIL;
 			goto fail;
 		}
@@ -284,7 +286,7 @@
 			goto fail;
 		}
 		free(matching);
-		if ((matching = match_filter_whitelist(all, cp)) == NULL) {
+		if ((matching = match_filter_allowlist(all, cp)) == NULL) {
 			r = SSH_ERR_ALLOC_FAIL;
 			goto fail;
 		}
@@ -360,14 +362,13 @@
 		goto out;
 	}
 	if ((r = sshbuf_consume(b, KEX_COOKIE_LEN)) != 0) { /* skip cookie */
-		error("%s: consume cookie: %s", __func__, ssh_err(r));
+		error_fr(r, "consume cookie");
 		goto out;
 	}
 	/* extract kex init proposal strings */
 	for (i = 0; i < PROPOSAL_MAX; i++) {
 		if ((r = sshbuf_get_cstring(b, &(proposal[i]), NULL)) != 0) {
-			error("%s: parse proposal %u: %s", __func__,
-			    i, ssh_err(r));
+			error_fr(r, "parse proposal %u", i);
 			goto out;
 		}
 		debug2("%s: %s", proposal_names[i], proposal[i]);
@@ -375,7 +376,7 @@
 	/* first kex follows / reserved */
 	if ((r = sshbuf_get_u8(b, &v)) != 0 ||	/* first_kex_follows */
 	    (r = sshbuf_get_u32(b, &i)) != 0) {	/* reserved */
-		error("%s: parse: %s", __func__, ssh_err(r));
+		error_fr(r, "parse");
 		goto out;
 	}
 	if (first_kex_follows != NULL)
@@ -404,7 +405,7 @@
 }
 
 /* ARGSUSED */
-static int
+int
 kex_protocol_error(int type, u_int32_t seq, struct ssh *ssh)
 {
 	int r;
@@ -439,7 +440,7 @@
 	    (r = sshpkt_put_cstring(ssh, "server-sig-algs")) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, algs)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0) {
-		error("%s: compose: %s", __func__, ssh_err(r));
+		error_fr(r, "compose");
 		goto out;
 	}
 	/* success */
@@ -491,14 +492,14 @@
 		if (strcmp(name, "server-sig-algs") == 0) {
 			/* Ensure no \0 lurking in value */
 			if (memchr(val, '\0', vlen) != NULL) {
-				error("%s: nul byte in %s", __func__, name);
+				error_f("nul byte in %s", name);
 				return SSH_ERR_INVALID_FORMAT;
 			}
-			debug("%s: %s=<%s>", __func__, name, val);
+			debug_f("%s=<%s>", name, val);
 			kex->server_sig_algs = val;
 			val = NULL;
 		} else
-			debug("%s: %s (unrecognised)", __func__, name);
+			debug_f("%s (unrecognised)", name);
 		free(name);
 		free(val);
 	}
@@ -536,7 +537,7 @@
 	int r;
 
 	if (kex == NULL) {
-		error("%s: no hex", __func__);
+		error_f("no kex");
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	if (kex->flags & KEX_INIT_SENT)
@@ -545,12 +546,12 @@
 
 	/* generate a random cookie */
 	if (sshbuf_len(kex->my) < KEX_COOKIE_LEN) {
-		error("%s: bad kex length: %zu < %d", __func__,
+		error_f("bad kex length: %zu < %d",
 		    sshbuf_len(kex->my), KEX_COOKIE_LEN);
 		return SSH_ERR_INVALID_FORMAT;
 	}
 	if ((cookie = sshbuf_mutable_ptr(kex->my)) == NULL) {
-		error("%s: buffer error", __func__);
+		error_f("buffer error");
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	arc4random_buf(cookie, KEX_COOKIE_LEN);
@@ -558,7 +559,7 @@
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXINIT)) != 0 ||
 	    (r = sshpkt_putb(ssh, kex->my)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0) {
-		error("%s: compose reply: %s", __func__, ssh_err(r));
+		error_fr(r, "compose reply");
 		return r;
 	}
 	debug("SSH2_MSG_KEXINIT sent");
@@ -578,7 +579,7 @@
 
 	debug("SSH2_MSG_KEXINIT received");
 	if (kex == NULL) {
-		error("%s: no hex", __func__);
+		error_f("no kex");
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL);
@@ -589,13 +590,13 @@
 	/* discard packet */
 	for (i = 0; i < KEX_COOKIE_LEN; i++) {
 		if ((r = sshpkt_get_u8(ssh, NULL)) != 0) {
-			error("%s: discard cookie: %s", __func__, ssh_err(r));
+			error_fr(r, "discard cookie");
 			return r;
 		}
 	}
 	for (i = 0; i < PROPOSAL_MAX; i++) {
 		if ((r = sshpkt_get_string(ssh, NULL, NULL)) != 0) {
-			error("%s: discard proposal: %s", __func__, ssh_err(r));
+			error_fr(r, "discard proposal");
 			return r;
 		}
 	}
@@ -623,7 +624,7 @@
 	if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL)
 		return (kex->kex[kex->kex_type])(ssh);
 
-	error("%s: unknown kex type %u", __func__, kex->kex_type);
+	error_f("unknown kex type %u", kex->kex_type);
 	return SSH_ERR_INTERNAL_ERROR;
 }
 
@@ -636,7 +637,8 @@
 	    (kex->peer = sshbuf_new()) == NULL ||
 	    (kex->my = sshbuf_new()) == NULL ||
 	    (kex->client_version = sshbuf_new()) == NULL ||
-	    (kex->server_version = sshbuf_new()) == NULL) {
+	    (kex->server_version = sshbuf_new()) == NULL ||
+	    (kex->session_id = sshbuf_new()) == NULL) {
 		kex_free(kex);
 		return NULL;
 	}
@@ -696,7 +698,7 @@
 	sshbuf_free(kex->client_version);
 	sshbuf_free(kex->server_version);
 	sshbuf_free(kex->client_pub);
-	free(kex->session_id);
+	sshbuf_free(kex->session_id);
 	free(kex->failed_choice);
 	free(kex->hostkey_alg);
 	free(kex->name);
@@ -739,11 +741,11 @@
 kex_start_rekex(struct ssh *ssh)
 {
 	if (ssh->kex == NULL) {
-		error("%s: no kex", __func__);
+		error_f("no kex");
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	if (ssh->kex->done == 0) {
-		error("%s: requested twice", __func__);
+		error_f("requested twice");
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	ssh->kex->done = 0;
@@ -758,7 +760,7 @@
 	if (name == NULL)
 		return SSH_ERR_NO_CIPHER_ALG_MATCH;
 	if ((enc->cipher = cipher_by_name(name)) == NULL) {
-		error("%s: unsupported cipher %s", __func__, name);
+		error_f("unsupported cipher %s", name);
 		free(name);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
@@ -780,7 +782,7 @@
 	if (name == NULL)
 		return SSH_ERR_NO_MAC_ALG_MATCH;
 	if (mac_setup(mac, name) < 0) {
-		error("%s: unsupported MAC %s", __func__, name);
+		error_f("unsupported MAC %s", name);
 		free(name);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
@@ -807,7 +809,7 @@
 	if (strcmp(name, "none") == 0) {
 		comp->type = COMP_NONE;
 	} else {
-		error("%s: unsupported compression scheme %s", __func__, name);
+		error_f("unsupported compression scheme %s", name);
 		free(name);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
@@ -826,7 +828,7 @@
 	if (k->name == NULL)
 		return SSH_ERR_NO_KEX_ALG_MATCH;
 	if ((kexalg = kex_alg_by_name(k->name)) == NULL) {
-		error("%s: unsupported KEX method %s", __func__, k->name);
+		error_f("unsupported KEX method %s", k->name);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	k->kex_type = kexalg->type;
@@ -838,6 +840,7 @@
 static int
 choose_hostkeyalg(struct kex *k, char *client, char *server)
 {
+	free(k->hostkey_alg);
 	k->hostkey_alg = match_list(client, server, NULL);
 
 	debug("kex: host key algorithm: %s",
@@ -846,8 +849,7 @@
 		return SSH_ERR_NO_HOSTKEY_ALG_MATCH;
 	k->hostkey_type = sshkey_type_from_name(k->hostkey_alg);
 	if (k->hostkey_type == KEY_UNSPEC) {
-		error("%s: unsupported hostkey algorithm %s", __func__,
-		    k->hostkey_alg);
+		error_f("unsupported hostkey algorithm %s", k->hostkey_alg);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	k->hostkey_nid = sshkey_ecdsa_nid_from_name(k->hostkey_alg);
@@ -1014,11 +1016,10 @@
 	    ssh_digest_update_buffer(hashctx, shared_secret) != 0 ||
 	    ssh_digest_update(hashctx, hash, hashlen) != 0 ||
 	    ssh_digest_update(hashctx, &c, 1) != 0 ||
-	    ssh_digest_update(hashctx, kex->session_id,
-	    kex->session_id_len) != 0 ||
+	    ssh_digest_update_buffer(hashctx, kex->session_id) != 0 ||
 	    ssh_digest_final(hashctx, digest, mdsz) != 0) {
 		r = SSH_ERR_LIBCRYPTO_ERROR;
-		error("%s: KEX hash failed", __func__);
+		error_f("KEX hash failed");
 		goto out;
 	}
 	ssh_digest_free(hashctx);
@@ -1035,7 +1036,7 @@
 		    ssh_digest_update(hashctx, hash, hashlen) != 0 ||
 		    ssh_digest_update(hashctx, digest, have) != 0 ||
 		    ssh_digest_final(hashctx, digest + have, mdsz) != 0) {
-			error("%s: KDF failed", __func__);
+			error_f("KDF failed");
 			r = SSH_ERR_LIBCRYPTO_ERROR;
 			goto out;
 		}
@@ -1066,12 +1067,16 @@
 	int r;
 
 	/* save initial hash as session id */
-	if (kex->session_id == NULL) {
-		kex->session_id_len = hashlen;
-		kex->session_id = malloc(kex->session_id_len);
-		if (kex->session_id == NULL)
-			return SSH_ERR_ALLOC_FAIL;
-		memcpy(kex->session_id, hash, kex->session_id_len);
+	if ((kex->flags & KEX_INITIAL) != 0) {
+		if (sshbuf_len(kex->session_id) != 0) {
+			error_f("already have session ID at kex");
+			return SSH_ERR_INTERNAL_ERROR;
+		}
+		if ((r = sshbuf_put(kex->session_id, hash, hashlen)) != 0)
+			return r;
+	} else if (sshbuf_len(kex->session_id) == 0) {
+		error_f("no session ID in rekex");
+		return SSH_ERR_INTERNAL_ERROR;
 	}
 	for (i = 0; i < NKEYS; i++) {
 		if ((r = derive_key(ssh, 'A'+i, kex->we_need, hash, hashlen,
@@ -1100,7 +1105,7 @@
 	*prvp = NULL;
 	if (kex->load_host_public_key == NULL ||
 	    kex->load_host_private_key == NULL) {
-		error("%s: missing hostkey loader", __func__);
+		error_f("missing hostkey loader");
 		return SSH_ERR_INVALID_ARGUMENT;
 	}
 	*pubp = kex->load_host_public_key(kex->hostkey_type,
@@ -1118,7 +1123,7 @@
 	struct kex *kex = ssh->kex;
 
 	if (kex->verify_host_key == NULL) {
-		error("%s: missing hostkey verifier", __func__);
+		error_f("missing hostkey verifier");
 		return SSH_ERR_INVALID_ARGUMENT;
 	}
 	if (server_host_key->type != kex->hostkey_type ||
@@ -1155,7 +1160,7 @@
 	    msg, strlen(msg)) != strlen(msg) ||
 	    atomicio(vwrite, ssh_packet_get_connection_out(ssh),
 	    crnl, strlen(crnl)) != strlen(crnl))
-		error("%s: write: %.100s", __func__, strerror(errno));
+		error_f("write: %.100s", strerror(errno));
 }
 
 /*
@@ -1183,11 +1188,11 @@
 	if (version_addendum != NULL && *version_addendum == '\0')
 		version_addendum = NULL;
 	if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n",
-	   PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
 	    version_addendum == NULL ? "" : " ",
 	    version_addendum == NULL ? "" : version_addendum)) != 0) {
 		oerrno = errno;
-		error("%s: sshbuf_putf: %s", __func__, ssh_err(r));
+		error_fr(r, "sshbuf_putf");
 		goto out;
 	}
 
@@ -1195,18 +1200,18 @@
 	    sshbuf_mutable_ptr(our_version),
 	    sshbuf_len(our_version)) != sshbuf_len(our_version)) {
 		oerrno = errno;
-		debug("%s: write: %.100s", __func__, strerror(errno));
+		debug_f("write: %.100s", strerror(errno));
 		r = SSH_ERR_SYSTEM_ERROR;
 		goto out;
 	}
 	if ((r = sshbuf_consume_end(our_version, 2)) != 0) { /* trim \r\n */
 		oerrno = errno;
-		error("%s: sshbuf_consume_end: %s", __func__, ssh_err(r));
+		error_fr(r, "sshbuf_consume_end");
 		goto out;
 	}
 	our_version_string = sshbuf_dup_string(our_version);
 	if (our_version_string == NULL) {
-		error("%s: sshbuf_dup_string failed", __func__);
+		error_f("sshbuf_dup_string failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -1217,8 +1222,8 @@
 		if (n >= SSH_MAX_PRE_BANNER_LINES) {
 			send_error(ssh, "No SSH identification string "
 			    "received.");
-			error("%s: No SSH version received in first %u lines "
-			    "from server", __func__, SSH_MAX_PRE_BANNER_LINES);
+			error_f("No SSH version received in first %u lines "
+			    "from server", SSH_MAX_PRE_BANNER_LINES);
 			r = SSH_ERR_INVALID_FORMAT;
 			goto out;
 		}
@@ -1237,8 +1242,7 @@
 					goto out;
 				} else if (r == -1) {
 					oerrno = errno;
-					error("%s: %s",
-					    __func__, strerror(errno));
+					error_f("%s", strerror(errno));
 					r = SSH_ERR_SYSTEM_ERROR;
 					goto out;
 				}
@@ -1247,14 +1251,12 @@
 			len = atomicio(read, ssh_packet_get_connection_in(ssh),
 			    &c, 1);
 			if (len != 1 && errno == EPIPE) {
-				error("%s: Connection closed by remote host",
-				    __func__);
+				error_f("Connection closed by remote host");
 				r = SSH_ERR_CONN_CLOSED;
 				goto out;
 			} else if (len != 1) {
 				oerrno = errno;
-				error("%s: read: %.100s",
-				    __func__, strerror(errno));
+				error_f("read: %.100s", strerror(errno));
 				r = SSH_ERR_SYSTEM_ERROR;
 				goto out;
 			}
@@ -1265,18 +1267,17 @@
 			if (c == '\n')
 				break;
 			if (c == '\0' || expect_nl) {
-				error("%s: banner line contains invalid "
-				    "characters", __func__);
+				error_f("banner line contains invalid "
+				    "characters");
 				goto invalid;
 			}
 			if ((r = sshbuf_put_u8(peer_version, c)) != 0) {
 				oerrno = errno;
-				error("%s: sshbuf_put: %s",
-				    __func__, ssh_err(r));
+				error_fr(r, "sshbuf_put");
 				goto out;
 			}
 			if (sshbuf_len(peer_version) > SSH_MAX_BANNER_LEN) {
-				error("%s: banner line too long", __func__);
+				error_f("banner line too long");
 				goto invalid;
 			}
 		}
@@ -1286,26 +1287,26 @@
 			break;
 		/* If not, then just log the line and continue */
 		if ((cp = sshbuf_dup_string(peer_version)) == NULL) {
-			error("%s: sshbuf_dup_string failed", __func__);
+			error_f("sshbuf_dup_string failed");
 			r = SSH_ERR_ALLOC_FAIL;
 			goto out;
 		}
 		/* Do not accept lines before the SSH ident from a client */
 		if (ssh->kex->server) {
-			error("%s: client sent invalid protocol identifier "
-			    "\"%.256s\"", __func__, cp);
+			error_f("client sent invalid protocol identifier "
+			    "\"%.256s\"", cp);
 			free(cp);
 			goto invalid;
 		}
-		debug("%s: banner line %zu: %s", __func__, n, cp);
+		debug_f("banner line %zu: %s", n, cp);
 		free(cp);
 	}
 	peer_version_string = sshbuf_dup_string(peer_version);
 	if (peer_version_string == NULL)
-		error("%s: sshbuf_dup_string failed", __func__);
+		error_f("sshbuf_dup_string failed");
 	/* XXX must be same size for sscanf */
 	if ((remote_version = calloc(1, sshbuf_len(peer_version))) == NULL) {
-		error("%s: calloc failed", __func__);
+		error_f("calloc failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -1325,7 +1326,7 @@
 	}
 	debug("Remote protocol version %d.%d, remote software version %.100s",
 	    remote_major, remote_minor, remote_version);
-	ssh->compat = compat_datafellows(remote_version);
+	compat_banner(ssh, remote_version);
 
 	mismatch = 0;
 	switch (remote_major) {

kex.h

diff --git a/kex.h b/kex.h
index a5ae6ac..9605ed5 100644
--- a/kex.h
+++ b/kex.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: kex.h,v 1.109 2019/09/06 05:23:55 djm Exp $ */
+/* $OpenBSD: kex.h,v 1.114 2021/01/31 22:55:29 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -62,7 +62,7 @@
 #define	KEX_ECDH_SHA2_NISTP521		"ecdh-sha2-nistp521"
 #define	KEX_CURVE25519_SHA256		"curve25519-sha256"
 #define	KEX_CURVE25519_SHA256_OLD	"curve25519-sha256@libssh.org"
-#define	KEX_SNTRUP4591761X25519_SHA512	"sntrup4591761x25519-sha512@tinyssh.org"
+#define	KEX_SNTRUP761X25519_SHA512	"sntrup761x25519-sha512@openssh.com"
 
 #define COMP_NONE	0
 /* pre-auth compression (COMP_ZLIB) is only supported in the client */
@@ -101,7 +101,7 @@
 	KEX_DH_GEX_SHA256,
 	KEX_ECDH_SHA2,
 	KEX_C25519_SHA256,
-	KEX_KEM_SNTRUP4591761X25519_SHA512,
+	KEX_KEM_SNTRUP761X25519_SHA512,
 	KEX_MAX
 };
 
@@ -132,8 +132,6 @@
 struct ssh;
 
 struct kex {
-	u_char	*session_id;
-	size_t	session_id_len;
 	struct newkeys	*newkeys[MODE_MAX];
 	u_int	we_need;
 	u_int	dh_need;
@@ -149,6 +147,7 @@
 	struct sshbuf *peer;
 	struct sshbuf *client_version;
 	struct sshbuf *server_version;
+	struct sshbuf *session_id;
 	sig_atomic_t done;
 	u_int	flags;
 	int	hash_alg;
@@ -168,7 +167,7 @@
 	const EC_GROUP *ec_group;	/* ECDH */
 	u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 + KEM */
 	u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
-	u_char sntrup4591761_client_key[crypto_kem_sntrup4591761_SECRETKEYBYTES]; /* KEM */
+	u_char sntrup761_client_key[crypto_kem_sntrup761_SECRETKEYBYTES]; /* KEM */
 	struct sshbuf *client_pub;
 };
 
@@ -194,6 +193,7 @@
 int	 kex_send_kexinit(struct ssh *);
 int	 kex_input_kexinit(int, u_int32_t, struct ssh *);
 int	 kex_input_ext_info(int, u_int32_t, struct ssh *);
+int	 kex_protocol_error(int, u_int32_t, struct ssh *);
 int	 kex_derive_keys(struct ssh *, u_char *, u_int, const struct sshbuf *);
 int	 kex_send_newkeys(struct ssh *);
 int	 kex_start_rekex(struct ssh *);
@@ -218,10 +218,10 @@
     struct sshbuf **);
 int	 kex_c25519_dec(struct kex *, const struct sshbuf *, struct sshbuf **);
 
-int	 kex_kem_sntrup4591761x25519_keypair(struct kex *);
-int	 kex_kem_sntrup4591761x25519_enc(struct kex *, const struct sshbuf *,
+int	 kex_kem_sntrup761x25519_keypair(struct kex *);
+int	 kex_kem_sntrup761x25519_enc(struct kex *, const struct sshbuf *,
     struct sshbuf **, struct sshbuf **);
-int	 kex_kem_sntrup4591761x25519_dec(struct kex *, const struct sshbuf *,
+int	 kex_kem_sntrup761x25519_dec(struct kex *, const struct sshbuf *,
     struct sshbuf **);
 
 int	 kex_dh_keygen(struct kex *);

kexdh.c

diff --git a/kexdh.c b/kexdh.c
index 67133e3..c1084f2 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdh.c,v 1.32 2019/01/21 10:40:11 djm Exp $ */
+/* $OpenBSD: kexdh.c,v 1.34 2020/12/04 02:29:25 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
@@ -29,9 +29,9 @@
 
 #include <sys/types.h>
 
-#include <signal.h>
 #include <stdio.h>
 #include <string.h>
+#include <signal.h>
 
 #include "openbsd-compat/openssl-compat.h"
 #include <openssl/dh.h>
@@ -42,6 +42,7 @@
 #include "digest.h"
 #include "ssherr.h"
 #include "dh.h"
+#include "log.h"
 
 int
 kex_dh_keygen(struct kex *kex)
@@ -193,6 +194,7 @@
 	*shared_secretp = buf;
 	buf = NULL;
  out:
+	BN_free(dh_pub);
 	DH_free(kex->dh);
 	kex->dh = NULL;
 	sshbuf_free(buf);

kexgen.c

diff --git a/kexgen.c b/kexgen.c
index 69348b9..bde2805 100644
--- a/kexgen.c
+++ b/kexgen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgen.c,v 1.4 2019/11/25 00:51:37 djm Exp $ */
+/* $OpenBSD: kexgen.c,v 1.7 2021/04/03 06:18:40 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
@@ -117,8 +117,8 @@
 	case KEX_C25519_SHA256:
 		r = kex_c25519_keypair(kex);
 		break;
-	case KEX_KEM_SNTRUP4591761X25519_SHA512:
-		r = kex_kem_sntrup4591761x25519_keypair(kex);
+	case KEX_KEM_SNTRUP761X25519_SHA512:
+		r = kex_kem_sntrup761x25519_keypair(kex);
 		break;
 	default:
 		r = SSH_ERR_INVALID_ARGUMENT;
@@ -148,6 +148,9 @@
 	size_t slen, hashlen;
 	int r;
 
+	debug("SSH2_MSG_KEX_ECDH_REPLY received");
+	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_REPLY, &kex_protocol_error);
+
 	/* hostkey */
 	if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
 		goto out;
@@ -185,8 +188,8 @@
 	case KEX_C25519_SHA256:
 		r = kex_c25519_dec(kex, server_blob, &shared_secret);
 		break;
-	case KEX_KEM_SNTRUP4591761X25519_SHA512:
-		r = kex_kem_sntrup4591761x25519_dec(kex, server_blob,
+	case KEX_KEM_SNTRUP761X25519_SHA512:
+		r = kex_kem_sntrup761x25519_dec(kex, server_blob,
 		    &shared_secret);
 		break;
 	default:
@@ -220,8 +223,8 @@
 out:
 	explicit_bzero(hash, sizeof(hash));
 	explicit_bzero(kex->c25519_client_key, sizeof(kex->c25519_client_key));
-	explicit_bzero(kex->sntrup4591761_client_key,
-	    sizeof(kex->sntrup4591761_client_key));
+	explicit_bzero(kex->sntrup761_client_key,
+	    sizeof(kex->sntrup761_client_key));
 	sshbuf_free(server_host_key_blob);
 	free(signature);
 	sshbuf_free(tmp);
@@ -254,6 +257,9 @@
 	size_t slen, hashlen;
 	int r;
 
+	debug("SSH2_MSG_KEX_ECDH_INIT received");
+	ssh_dispatch_set(ssh, SSH2_MSG_KEX_ECDH_INIT, &kex_protocol_error);
+
 	if ((r = kex_load_hostkey(ssh, &server_host_private,
 	    &server_host_public)) != 0)
 		goto out;
@@ -282,8 +288,8 @@
 		r = kex_c25519_enc(kex, client_pubkey, &server_pubkey,
 		    &shared_secret);
 		break;
-	case KEX_KEM_SNTRUP4591761X25519_SHA512:
-		r = kex_kem_sntrup4591761x25519_enc(kex, client_pubkey,
+	case KEX_KEM_SNTRUP761X25519_SHA512:
+		r = kex_kem_sntrup761x25519_enc(kex, client_pubkey,
 		    &server_pubkey, &shared_secret);
 		break;
 	default:
@@ -316,7 +322,7 @@
 
 	/* sign H */
 	if ((r = kex->sign(ssh, server_host_private, server_host_public,
-	     &signature, &slen, hash, hashlen, kex->hostkey_alg)) != 0)
+	    &signature, &slen, hash, hashlen, kex->hostkey_alg)) != 0)
 		goto out;
 
 	/* send server hostkey, ECDH pubkey 'Q_S' and signed H */

kexgexc.c

diff --git a/kexgexc.c b/kexgexc.c
index 323a659..4a2e741 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexc.c,v 1.35 2019/11/25 00:51:37 djm Exp $ */
+/* $OpenBSD: kexgexc.c,v 1.37 2021/01/31 22:55:29 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -68,7 +68,7 @@
 	kex->min = DH_GRP_MIN;
 	kex->max = DH_GRP_MAX;
 	kex->nbits = nbits;
-	if (datafellows & SSH_BUG_DHGEX_LARGE)
+	if (ssh->compat & SSH_BUG_DHGEX_LARGE)
 		kex->nbits = MINIMUM(kex->nbits, 4096);
 	/* New GEX request */
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST)) != 0 ||
@@ -83,6 +83,7 @@
 	fprintf(stderr, "\nmin = %d, nbits = %d, max = %d\n",
 	    kex->min, kex->nbits, kex->max);
 #endif
+	debug("expecting SSH2_MSG_KEX_DH_GEX_GROUP");
 	ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP,
 	    &input_kex_dh_gex_group);
 	r = 0;
@@ -98,7 +99,8 @@
 	const BIGNUM *pub_key;
 	int r, bits;
 
-	debug("got SSH2_MSG_KEX_DH_GEX_GROUP");
+	debug("SSH2_MSG_KEX_DH_GEX_GROUP received");
+	ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, &kex_protocol_error);
 
 	if ((r = sshpkt_get_bignum2(ssh, &p)) != 0 ||
 	    (r = sshpkt_get_bignum2(ssh, &g)) != 0 ||
@@ -130,7 +132,7 @@
 	BN_print_fp(stderr, pub_key);
 	fprintf(stderr, "\n");
 #endif
-	ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL);
+	debug("expecting SSH2_MSG_KEX_DH_GEX_REPLY");
 	ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply);
 	r = 0;
 out:
@@ -153,7 +155,9 @@
 	size_t slen, hashlen;
 	int r;
 
-	debug("got SSH2_MSG_KEX_DH_GEX_REPLY");
+	debug("SSH2_MSG_KEX_DH_GEX_REPLY received");
+	ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &kex_protocol_error);
+
 	/* key, cert */
 	if ((r = sshpkt_getb_froms(ssh, &server_host_key_blob)) != 0)
 		goto out;

kexgexs.c

diff --git a/kexgexs.c b/kexgexs.c
index 8ee3aac..f0fbcb9 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.42 2019/01/23 00:30:41 djm Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.43 2021/01/31 22:55:29 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -77,6 +77,8 @@
 	const BIGNUM *dh_p, *dh_g;
 
 	debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
+	ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REQUEST, &kex_protocol_error);
+
 	if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
 	    (r = sshpkt_get_u32(ssh, &nbits)) != 0 ||
 	    (r = sshpkt_get_u32(ssh, &max)) != 0 ||
@@ -136,6 +138,9 @@
 	size_t slen, hashlen;
 	int r;
 
+	debug("SSH2_MSG_KEX_DH_GEX_INIT received");
+	ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &kex_protocol_error);
+
 	if ((r = kex_load_hostkey(ssh, &server_host_private,
 	    &server_host_public)) != 0)
 		goto out;

kexsntrup761x25519.c

diff --git a/kexsntrup4591761x25519.c b/kexsntrup761x25519.c
similarity index 73%
rename from kexsntrup4591761x25519.c
rename to kexsntrup761x25519.c
index 3b9b664..e3007fa 100644
--- a/kexsntrup4591761x25519.c
+++ b/kexsntrup761x25519.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexsntrup4591761x25519.c,v 1.3 2019/01/21 10:40:11 djm Exp $ */
+/* $OpenBSD: kexsntrup761x25519.c,v 1.1 2020/12/29 00:59:15 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
@@ -25,6 +25,8 @@
 
 #include "includes.h"
 
+#ifdef USE_SNTRUP761X25519
+
 #include <sys/types.h>
 
 #include <stdio.h>
@@ -38,7 +40,7 @@
 #include "ssherr.h"
 
 int
-kex_kem_sntrup4591761x25519_keypair(struct kex *kex)
+kex_kem_sntrup761x25519_keypair(struct kex *kex)
 {
 	struct sshbuf *buf = NULL;
 	u_char *cp = NULL;
@@ -47,15 +49,15 @@
 
 	if ((buf = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
-	need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
+	need = crypto_kem_sntrup761_PUBLICKEYBYTES + CURVE25519_SIZE;
 	if ((r = sshbuf_reserve(buf, need, &cp)) != 0)
 		goto out;
-	crypto_kem_sntrup4591761_keypair(cp, kex->sntrup4591761_client_key);
+	crypto_kem_sntrup761_keypair(cp, kex->sntrup761_client_key);
 #ifdef DEBUG_KEXECDH
-	dump_digest("client public key sntrup4591761:", cp,
-	    crypto_kem_sntrup4591761_PUBLICKEYBYTES);
+	dump_digest("client public key sntrup761:", cp,
+	    crypto_kem_sntrup761_PUBLICKEYBYTES);
 #endif
-	cp += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
+	cp += crypto_kem_sntrup761_PUBLICKEYBYTES;
 	kexc25519_keygen(kex->c25519_client_key, cp);
 #ifdef DEBUG_KEXECDH
 	dump_digest("client public key c25519:", cp, CURVE25519_SIZE);
@@ -68,7 +70,7 @@
 }
 
 int
-kex_kem_sntrup4591761x25519_enc(struct kex *kex,
+kex_kem_sntrup761x25519_enc(struct kex *kex,
    const struct sshbuf *client_blob, struct sshbuf **server_blobp,
    struct sshbuf **shared_secretp)
 {
@@ -85,17 +87,17 @@
 	*shared_secretp = NULL;
 
 	/* client_blob contains both KEM and ECDH client pubkeys */
-	need = crypto_kem_sntrup4591761_PUBLICKEYBYTES + CURVE25519_SIZE;
+	need = crypto_kem_sntrup761_PUBLICKEYBYTES + CURVE25519_SIZE;
 	if (sshbuf_len(client_blob) != need) {
 		r = SSH_ERR_SIGNATURE_INVALID;
 		goto out;
 	}
 	client_pub = sshbuf_ptr(client_blob);
 #ifdef DEBUG_KEXECDH
-	dump_digest("client public key sntrup4591761:", client_pub,
-	    crypto_kem_sntrup4591761_PUBLICKEYBYTES);
+	dump_digest("client public key sntrup761:", client_pub,
+	    crypto_kem_sntrup761_PUBLICKEYBYTES);
 	dump_digest("client public key 25519:",
-	    client_pub + crypto_kem_sntrup4591761_PUBLICKEYBYTES,
+	    client_pub + crypto_kem_sntrup761_PUBLICKEYBYTES,
 	    CURVE25519_SIZE);
 #endif
 	/* allocate buffer for concatenation of KEM key and ECDH shared key */
@@ -104,7 +106,7 @@
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
+	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup761_BYTES,
 	    &kem_key)) != 0)
 		goto out;
 	/* allocate space for encrypted KEM key and ECDH pub key */
@@ -112,16 +114,16 @@
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
+	need = crypto_kem_sntrup761_CIPHERTEXTBYTES + CURVE25519_SIZE;
 	if ((r = sshbuf_reserve(server_blob, need, &ciphertext)) != 0)
 		goto out;
 	/* generate and encrypt KEM key with client key */
-	crypto_kem_sntrup4591761_enc(ciphertext, kem_key, client_pub);
+	crypto_kem_sntrup761_enc(ciphertext, kem_key, client_pub);
 	/* generate ECDH key pair, store server pubkey after ciphertext */
-	server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
+	server_pub = ciphertext + crypto_kem_sntrup761_CIPHERTEXTBYTES;
 	kexc25519_keygen(server_key, server_pub);
 	/* append ECDH shared key */
-	client_pub += crypto_kem_sntrup4591761_PUBLICKEYBYTES;
+	client_pub += crypto_kem_sntrup761_PUBLICKEYBYTES;
 	if ((r = kexc25519_shared_key_ext(server_key, client_pub, buf, 1)) < 0)
 		goto out;
 	if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
@@ -129,7 +131,7 @@
 #ifdef DEBUG_KEXECDH
 	dump_digest("server public key 25519:", server_pub, CURVE25519_SIZE);
 	dump_digest("server cipher text:", ciphertext,
-	    crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
+	    crypto_kem_sntrup761_CIPHERTEXTBYTES);
 	dump_digest("server kem key:", kem_key, sizeof(kem_key));
 	dump_digest("concatenation of KEM key and ECDH shared key:",
 	    sshbuf_ptr(buf), sshbuf_len(buf));
@@ -155,7 +157,7 @@
 }
 
 int
-kex_kem_sntrup4591761x25519_dec(struct kex *kex,
+kex_kem_sntrup761x25519_dec(struct kex *kex,
     const struct sshbuf *server_blob, struct sshbuf **shared_secretp)
 {
 	struct sshbuf *buf = NULL;
@@ -167,16 +169,16 @@
 
 	*shared_secretp = NULL;
 
-	need = crypto_kem_sntrup4591761_CIPHERTEXTBYTES + CURVE25519_SIZE;
+	need = crypto_kem_sntrup761_CIPHERTEXTBYTES + CURVE25519_SIZE;
 	if (sshbuf_len(server_blob) != need) {
 		r = SSH_ERR_SIGNATURE_INVALID;
 		goto out;
 	}
 	ciphertext = sshbuf_ptr(server_blob);
-	server_pub = ciphertext + crypto_kem_sntrup4591761_CIPHERTEXTBYTES;
+	server_pub = ciphertext + crypto_kem_sntrup761_CIPHERTEXTBYTES;
 #ifdef DEBUG_KEXECDH
 	dump_digest("server cipher text:", ciphertext,
-	    crypto_kem_sntrup4591761_CIPHERTEXTBYTES);
+	    crypto_kem_sntrup761_CIPHERTEXTBYTES);
 	dump_digest("server public key c25519:", server_pub, CURVE25519_SIZE);
 #endif
 	/* hash concatenation of KEM key and ECDH shared key */
@@ -184,18 +186,18 @@
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup4591761_BYTES,
+	if ((r = sshbuf_reserve(buf, crypto_kem_sntrup761_BYTES,
 	    &kem_key)) != 0)
 		goto out;
-	decoded = crypto_kem_sntrup4591761_dec(kem_key, ciphertext,
-	    kex->sntrup4591761_client_key);
+	decoded = crypto_kem_sntrup761_dec(kem_key, ciphertext,
+	    kex->sntrup761_client_key);
 	if ((r = kexc25519_shared_key_ext(kex->c25519_client_key, server_pub,
 	    buf, 1)) < 0)
 		goto out;
 	if ((r = ssh_digest_buffer(kex->hash_alg, buf, hash, sizeof(hash))) != 0)
 		goto out;
 #ifdef DEBUG_KEXECDH
-	dump_digest("client kem key:", kem_key, sizeof(kem_key));
+	dump_digest("client kem key:", kem_key, crypto_kem_sntrup761_BYTES);
 	dump_digest("concatenation of KEM key and ECDH shared key:",
 	    sshbuf_ptr(buf), sshbuf_len(buf));
 #endif
@@ -217,3 +219,33 @@
 	sshbuf_free(buf);
 	return r;
 }
+
+#else
+
+#include "ssherr.h"
+
+struct kex;
+struct sshbuf;
+struct sshkey;
+
+int
+kex_kem_sntrup761x25519_keypair(struct kex *kex)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+
+int
+kex_kem_sntrup761x25519_enc(struct kex *kex,
+   const struct sshbuf *client_blob, struct sshbuf **server_blobp,
+   struct sshbuf **shared_secretp)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+
+int
+kex_kem_sntrup761x25519_dec(struct kex *kex,
+    const struct sshbuf *server_blob, struct sshbuf **shared_secretp)
+{
+	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
+}
+#endif /* USE_SNTRUP761X25519 */

krl.c

diff --git a/krl.c b/krl.c
index c431f70..17b88ed 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.50 2020/04/03 05:48:57 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.53 2021/06/04 06:19:07 djm Exp $ */
 
 #include "includes.h"
 
@@ -44,7 +44,7 @@
 
 /* #define DEBUG_KRL */
 #ifdef DEBUG_KRL
-# define KRL_DBG(x) debug3 x
+# define KRL_DBG(x) debug3_f x
 #else
 # define KRL_DBG(x)
 #endif
@@ -61,7 +61,7 @@
 };
 static int serial_cmp(struct revoked_serial *a, struct revoked_serial *b);
 RB_HEAD(revoked_serial_tree, revoked_serial);
-RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp);
+RB_GENERATE_STATIC(revoked_serial_tree, revoked_serial, tree_entry, serial_cmp)
 
 /* Tree of key IDs */
 struct revoked_key_id {
@@ -70,7 +70,7 @@
 };
 static int key_id_cmp(struct revoked_key_id *a, struct revoked_key_id *b);
 RB_HEAD(revoked_key_id_tree, revoked_key_id);
-RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp);
+RB_GENERATE_STATIC(revoked_key_id_tree, revoked_key_id, tree_entry, key_id_cmp)
 
 /* Tree of blobs (used for keys and fingerprints) */
 struct revoked_blob {
@@ -80,7 +80,7 @@
 };
 static int blob_cmp(struct revoked_blob *a, struct revoked_blob *b);
 RB_HEAD(revoked_blob_tree, revoked_blob);
-RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp);
+RB_GENERATE_STATIC(revoked_blob_tree, revoked_blob, tree_entry, blob_cmp)
 
 /* Tracks revoked certs for a single CA */
 struct revoked_certs {
@@ -241,8 +241,7 @@
 	RB_INIT(&rc->revoked_serials);
 	RB_INIT(&rc->revoked_key_ids);
 	TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry);
-	KRL_DBG(("%s: new CA %s", __func__,
-	    ca_key == NULL ? "*" : sshkey_type(ca_key)));
+	KRL_DBG(("new CA %s", ca_key == NULL ? "*" : sshkey_type(ca_key)));
 	*rcp = rc;
 	return 0;
 }
@@ -252,7 +251,7 @@
 {
 	struct revoked_serial rs, *ers, *crs, *irs;
 
-	KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi));
+	KRL_DBG(("insert %llu:%llu", lo, hi));
 	memset(&rs, 0, sizeof(rs));
 	rs.lo = lo;
 	rs.hi = hi;
@@ -264,15 +263,14 @@
 		memcpy(irs, &rs, sizeof(*irs));
 		ers = RB_INSERT(revoked_serial_tree, rt, irs);
 		if (ers != NULL) {
-			KRL_DBG(("%s: bad: ers != NULL", __func__));
+			KRL_DBG(("bad: ers != NULL"));
 			/* Shouldn't happen */
 			free(irs);
 			return SSH_ERR_INTERNAL_ERROR;
 		}
 		ers = irs;
 	} else {
-		KRL_DBG(("%s: overlap found %llu:%llu", __func__,
-		    ers->lo, ers->hi));
+		KRL_DBG(("overlap found %llu:%llu", ers->lo, ers->hi));
 		/*
 		 * The inserted entry overlaps an existing one. Grow the
 		 * existing entry.
@@ -290,33 +288,31 @@
 
 	/* Check predecessors */
 	while ((crs = RB_PREV(revoked_serial_tree, rt, ers)) != NULL) {
-		KRL_DBG(("%s: pred %llu:%llu", __func__, crs->lo, crs->hi));
+		KRL_DBG(("pred %llu:%llu", crs->lo, crs->hi));
 		if (ers->lo != 0 && crs->hi < ers->lo - 1)
 			break;
 		/* This entry overlaps. */
 		if (crs->lo < ers->lo) {
 			ers->lo = crs->lo;
-			KRL_DBG(("%s: pred extend %llu:%llu", __func__,
-			    ers->lo, ers->hi));
+			KRL_DBG(("pred extend %llu:%llu", ers->lo, ers->hi));
 		}
 		RB_REMOVE(revoked_serial_tree, rt, crs);
 		free(crs);
 	}
 	/* Check successors */
 	while ((crs = RB_NEXT(revoked_serial_tree, rt, ers)) != NULL) {
-		KRL_DBG(("%s: succ %llu:%llu", __func__, crs->lo, crs->hi));
+		KRL_DBG(("succ %llu:%llu", crs->lo, crs->hi));
 		if (ers->hi != (u_int64_t)-1 && crs->lo > ers->hi + 1)
 			break;
 		/* This entry overlaps. */
 		if (crs->hi > ers->hi) {
 			ers->hi = crs->hi;
-			KRL_DBG(("%s: succ extend %llu:%llu", __func__,
-			    ers->lo, ers->hi));
+			KRL_DBG(("succ extend %llu:%llu", ers->lo, ers->hi));
 		}
 		RB_REMOVE(revoked_serial_tree, rt, crs);
 		free(crs);
 	}
-	KRL_DBG(("%s: done, final %llu:%llu", __func__, ers->lo, ers->hi));
+	KRL_DBG(("done, final %llu:%llu", ers->lo, ers->hi));
 	return 0;
 }
 
@@ -352,7 +348,7 @@
 	if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)
 		return r;
 
-	KRL_DBG(("%s: revoke %s", __func__, key_id));
+	KRL_DBG(("revoke %s", key_id));
 	if ((rki = calloc(1, sizeof(*rki))) == NULL ||
 	    (rki->key_id = strdup(key_id)) == NULL) {
 		free(rki);
@@ -411,7 +407,7 @@
 	size_t len;
 	int r;
 
-	debug3("%s: revoke type %s", __func__, sshkey_type(key));
+	debug3_f("revoke type %s", sshkey_type(key));
 	if ((r = plain_key_blob(key, &blob, &len)) != 0)
 		return r;
 	return revoke_blob(&krl->revoked_keys, blob, len);
@@ -437,7 +433,7 @@
 int
 ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len)
 {
-	debug3("%s: revoke by sha1", __func__);
+	debug3_f("revoke by sha1");
 	if (len != 20)
 		return SSH_ERR_INVALID_FORMAT;
 	return revoke_by_hash(&krl->revoked_sha1s, p, len);
@@ -446,7 +442,7 @@
 int
 ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len)
 {
-	debug3("%s: revoke by sha256", __func__);
+	debug3_f("revoke by sha256");
 	if (len != 32)
 		return SSH_ERR_INVALID_FORMAT;
 	return revoke_by_hash(&krl->revoked_sha256s, p, len);
@@ -542,9 +538,9 @@
 		*force_new_section = 1;
 		cost = cost_bitmap_restart;
 	}
-	KRL_DBG(("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
+	KRL_DBG(("contig %llu last_gap %llu next_gap %llu final %d, costs:"
 	    "list %llu range %llu bitmap %llu new bitmap %llu, "
-	    "selected 0x%02x%s", __func__, (long long unsigned)contig,
+	    "selected 0x%02x%s", (long long unsigned)contig,
 	    (long long unsigned)last_gap, (long long unsigned)next_gap, final,
 	    (long long unsigned)cost_list, (long long unsigned)cost_range,
 	    (long long unsigned)cost_bitmap,
@@ -602,7 +598,7 @@
 	for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials);
 	     rs != NULL;
 	     rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
-		KRL_DBG(("%s: serial %llu:%llu state 0x%02x", __func__,
+		KRL_DBG(("serial %llu:%llu state 0x%02x",
 		    (long long unsigned)rs->lo, (long long unsigned)rs->hi,
 		    state));
 
@@ -622,7 +618,7 @@
 		 */
 		if (state != 0 && (force_new_sect || next_state != state ||
 		    state == KRL_SECTION_CERT_SERIAL_RANGE)) {
-			KRL_DBG(("%s: finish state 0x%02x", __func__, state));
+			KRL_DBG(("finish state 0x%02x", state));
 			switch (state) {
 			case KRL_SECTION_CERT_SERIAL_LIST:
 			case KRL_SECTION_CERT_SERIAL_RANGE:
@@ -642,7 +638,7 @@
 
 		/* If we are starting a new section then prepare it now */
 		if (next_state != state || force_new_sect) {
-			KRL_DBG(("%s: start state 0x%02x", __func__,
+			KRL_DBG(("start state 0x%02x",
 			    next_state));
 			state = next_state;
 			sshbuf_reset(sect);
@@ -678,7 +674,7 @@
 			break;
 		case KRL_SECTION_CERT_SERIAL_BITMAP:
 			if (rs->lo - bitmap_start > INT_MAX) {
-				error("%s: insane bitmap gap", __func__);
+				error_f("insane bitmap gap");
 				goto out;
 			}
 			for (i = 0; i < contig; i++) {
@@ -694,8 +690,7 @@
 	}
 	/* Flush the remaining section, if any */
 	if (state != 0) {
-		KRL_DBG(("%s: serial final flush for state 0x%02x",
-		    __func__, state));
+		KRL_DBG(("serial final flush for state 0x%02x", state));
 		switch (state) {
 		case KRL_SECTION_CERT_SERIAL_LIST:
 		case KRL_SECTION_CERT_SERIAL_RANGE:
@@ -711,12 +706,12 @@
 		    (r = sshbuf_put_stringb(buf, sect)) != 0)
 			goto out;
 	}
-	KRL_DBG(("%s: serial done ", __func__));
+	KRL_DBG(("serial done "));
 
 	/* Now output a section for any revocations by key ID */
 	sshbuf_reset(sect);
 	RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {
-		KRL_DBG(("%s: key ID %s", __func__, rki->key_id));
+		KRL_DBG(("key ID %s", rki->key_id));
 		if ((r = sshbuf_put_cstring(sect, rki->key_id)) != 0)
 			goto out;
 	}
@@ -772,7 +767,7 @@
 	/* Finally, output sections for revocations by public key/hash */
 	sshbuf_reset(sect);
 	RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
-		KRL_DBG(("%s: key len %zu ", __func__, rb->len));
+		KRL_DBG(("key len %zu ", rb->len));
 		if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
 			goto out;
 	}
@@ -783,7 +778,7 @@
 	}
 	sshbuf_reset(sect);
 	RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) {
-		KRL_DBG(("%s: hash len %zu ", __func__, rb->len));
+		KRL_DBG(("hash len %zu ", rb->len));
 		if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
 			goto out;
 	}
@@ -795,7 +790,7 @@
 	}
 	sshbuf_reset(sect);
 	RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha256s) {
-		KRL_DBG(("%s: hash len %zu ", __func__, rb->len));
+		KRL_DBG(("hash len %zu ", rb->len));
 		if ((r = sshbuf_put_string(sect, rb->blob, rb->len)) != 0)
 			goto out;
 	}
@@ -807,16 +802,16 @@
 	}
 
 	for (i = 0; i < nsign_keys; i++) {
-		KRL_DBG(("%s: signature key %s", __func__,
-		    sshkey_ssh_name(sign_keys[i])));
+		KRL_DBG(("sig key %s", sshkey_ssh_name(sign_keys[i])));
 		if ((r = sshbuf_put_u8(buf, KRL_SECTION_SIGNATURE)) != 0 ||
 		    (r = sshkey_puts(sign_keys[i], buf)) != 0)
 			goto out;
-
+		/* XXX support sk-* keys */
 		if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
-		    sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL, 0)) != 0)
+		    sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL,
+		    NULL, 0)) != 0)
 			goto out;
-		KRL_DBG(("%s: signature sig len %zu", __func__, slen));
+		KRL_DBG(("signature sig len %zu", slen));
 		if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
 			goto out;
 	}
@@ -873,7 +868,7 @@
 		if ((r = sshbuf_get_u8(buf, &type)) != 0 ||
 		    (r = sshbuf_froms(buf, &subsect)) != 0)
 			goto out;
-		KRL_DBG(("%s: subsection type 0x%02x", __func__, type));
+		KRL_DBG(("subsection type 0x%02x", type));
 		/* sshbuf_dump(subsect, stderr); */
 
 		switch (type) {
@@ -910,7 +905,7 @@
 			nbits = bitmap_nbits(bitmap);
 			for (serial = 0; serial < (u_int64_t)nbits; serial++) {
 				if (serial > 0 && serial_lo + serial == 0) {
-					error("%s: bitmap wraps u64", __func__);
+					error_f("bitmap wraps u64");
 					r = SSH_ERR_INVALID_FORMAT;
 					goto out;
 				}
@@ -969,7 +964,7 @@
 		if ((r = sshbuf_get_string(sect, &rdata, &rlen)) != 0)
 			return r;
 		if (expected_len != 0 && rlen != expected_len) {
-			error("%s: bad length", __func__);
+			error_f("bad length");
 			free(rdata);
 			return SSH_ERR_INVALID_FORMAT;
 		}
@@ -1000,7 +995,7 @@
 	*krlp = NULL;
 	if (sshbuf_len(buf) < sizeof(KRL_MAGIC) - 1 ||
 	    memcmp(sshbuf_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) {
-		debug3("%s: not a KRL", __func__);
+		debug3_f("not a KRL");
 		return SSH_ERR_KRL_BAD_MAGIC;
 	}
 
@@ -1013,7 +1008,7 @@
 		goto out;
 
 	if ((krl = ssh_krl_init()) == NULL) {
-		error("%s: alloc failed", __func__);
+		error_f("alloc failed");
 		goto out;
 	}
 
@@ -1050,7 +1045,7 @@
 		if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
 		    (r = sshbuf_get_string_direct(copy, &blob, &blen)) != 0)
 			goto out;
-		KRL_DBG(("%s: first pass, section 0x%02x", __func__, type));
+		KRL_DBG(("first pass, section 0x%02x", type));
 		if (type != KRL_SECTION_SIGNATURE) {
 			if (sig_seen) {
 				error("KRL contains non-signature section "
@@ -1126,7 +1121,7 @@
 		if ((r = sshbuf_get_u8(copy, &type)) != 0 ||
 		    (r = sshbuf_froms(copy, &sect)) != 0)
 			goto out;
-		KRL_DBG(("%s: second pass, section 0x%02x", __func__, type));
+		KRL_DBG(("second pass, section 0x%02x", type));
 
 		switch (type) {
 		case KRL_SECTION_CERTIFICATES:
@@ -1229,7 +1224,7 @@
 	rki.key_id = key->cert->key_id;
 	erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);
 	if (erki != NULL) {
-		KRL_DBG(("%s: revoked by key ID", __func__));
+		KRL_DBG(("revoked by key ID"));
 		return SSH_ERR_KEY_REVOKED;
 	}
 
@@ -1244,7 +1239,7 @@
 	rs.lo = rs.hi = key->cert->serial;
 	ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);
 	if (ers != NULL) {
-		KRL_DBG(("%s: revoked serial %llu matched %llu:%llu", __func__,
+		KRL_DBG(("revoked serial %llu matched %llu:%llu",
 		    key->cert->serial, ers->lo, ers->hi));
 		return SSH_ERR_KEY_REVOKED;
 	}
@@ -1267,7 +1262,7 @@
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
 	free(rb.blob);
 	if (erb != NULL) {
-		KRL_DBG(("%s: revoked by key SHA1", __func__));
+		KRL_DBG(("revoked by key SHA1"));
 		return SSH_ERR_KEY_REVOKED;
 	}
 	memset(&rb, 0, sizeof(rb));
@@ -1277,7 +1272,7 @@
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha256s, &rb);
 	free(rb.blob);
 	if (erb != NULL) {
-		KRL_DBG(("%s: revoked by key SHA256", __func__));
+		KRL_DBG(("revoked by key SHA256"));
 		return SSH_ERR_KEY_REVOKED;
 	}
 
@@ -1288,7 +1283,7 @@
 	erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
 	free(rb.blob);
 	if (erb != NULL) {
-		KRL_DBG(("%s: revoked by explicit key", __func__));
+		KRL_DBG(("revoked by explicit key"));
 		return SSH_ERR_KEY_REVOKED;
 	}
 
@@ -1311,7 +1306,7 @@
 			return r;
 	}
 
-	KRL_DBG(("%s: %llu no match", __func__, key->cert->serial));
+	KRL_DBG(("%llu no match", key->cert->serial));
 	return 0;
 }
 
@@ -1320,15 +1315,15 @@
 {
 	int r;
 
-	KRL_DBG(("%s: checking key", __func__));
+	KRL_DBG(("checking key"));
 	if ((r = is_key_revoked(krl, key)) != 0)
 		return r;
 	if (sshkey_is_cert(key)) {
-		debug2("%s: checking CA key", __func__);
+		debug2_f("checking CA key");
 		if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0)
 			return r;
 	}
-	KRL_DBG(("%s: key okay", __func__));
+	KRL_DBG(("key okay"));
 	return 0;
 }
 
@@ -1347,7 +1342,7 @@
 	}
 	if ((r = ssh_krl_from_blob(krlbuf, &krl, NULL, 0)) != 0)
 		goto out;
-	debug2("%s: checking KRL %s", __func__, path);
+	debug2_f("checking KRL %s", path);
 	r = ssh_krl_check_key(krl, key);
  out:
 	sshbuf_free(krlbuf);
@@ -1384,7 +1379,7 @@
 	RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
 		if ((r = sshkey_from_blob(rb->blob, rb->len, &key)) != 0) {
 			ret = SSH_ERR_INVALID_FORMAT;
-			error("Parse key in KRL: %s", ssh_err(r));
+			error_r(r, "parse KRL key");
 			continue;
 		}
 		if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,

log.c

diff --git a/log.c b/log.c
index d9c2d13..99bf046 100644
--- a/log.c
+++ b/log.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.c,v 1.51 2018/07/27 12:03:17 markus Exp $ */
+/* $OpenBSD: log.c,v 1.60 2021/09/16 15:11:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -51,14 +51,17 @@
 #endif
 
 #include "log.h"
+#include "match.h"
 
 static LogLevel log_level = SYSLOG_LEVEL_INFO;
 static int log_on_stderr = 1;
 static int log_stderr_fd = STDERR_FILENO;
 static int log_facility = LOG_AUTH;
-static char *argv0;
+static const char *argv0;
 static log_handler_fn *log_handler;
 static void *log_handler_ctx;
+static char **log_verbose;
+static size_t nlog_verbose;
 
 extern char *__progname;
 
@@ -157,96 +160,30 @@
 	return NULL;
 }
 
-/* Error messages that should be logged. */
-
 void
-error(const char *fmt,...)
+log_verbose_add(const char *s)
 {
-	va_list args;
+	char **tmp;
 
-	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_ERROR, fmt, args);
-	va_end(args);
+	/* Ignore failures here */
+	if ((tmp = recallocarray(log_verbose, nlog_verbose, nlog_verbose + 1,
+	    sizeof(*log_verbose))) != NULL) {
+		log_verbose = tmp;
+		if ((log_verbose[nlog_verbose] = strdup(s)) != NULL)
+			nlog_verbose++;
+	}
 }
 
 void
-sigdie(const char *fmt,...)
+log_verbose_reset(void)
 {
-#ifdef DO_LOG_SAFE_IN_SIGHAND
-	va_list args;
+	size_t i;
 
-	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_FATAL, fmt, args);
-	va_end(args);
-#endif
-	_exit(1);
-}
-
-void
-logdie(const char *fmt,...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_INFO, fmt, args);
-	va_end(args);
-	cleanup_exit(255);
-}
-
-/* Log this message (information that usually should go to the log). */
-
-void
-logit(const char *fmt,...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_INFO, fmt, args);
-	va_end(args);
-}
-
-/* More detailed messages (information that does not need to go to the log). */
-
-void
-verbose(const char *fmt,...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_VERBOSE, fmt, args);
-	va_end(args);
-}
-
-/* Debugging messages that should not be logged during normal operation. */
-
-void
-debug(const char *fmt,...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_DEBUG1, fmt, args);
-	va_end(args);
-}
-
-void
-debug2(const char *fmt,...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_DEBUG2, fmt, args);
-	va_end(args);
-}
-
-void
-debug3(const char *fmt,...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_DEBUG3, fmt, args);
-	va_end(args);
+	for (i = 0; i < nlog_verbose; i++)
+		free(log_verbose[i]);
+	free(log_verbose);
+	log_verbose = NULL;
+	nlog_verbose = 0;
 }
 
 /*
@@ -254,7 +191,8 @@
  */
 
 void
-log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr)
+log_init(const char *av0, LogLevel level, SyslogFacility facility,
+    int on_stderr)
 {
 #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
 	struct syslog_data sdata = SYSLOG_DATA_INIT;
@@ -370,9 +308,17 @@
 {
 	int fd;
 
+	if (logfile == NULL) {
+		if (log_stderr_fd != STDERR_FILENO) {
+			close(log_stderr_fd);
+			log_stderr_fd = STDERR_FILENO;
+		}
+		return;
+	}
+
 	if ((fd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0600)) == -1) {
 		fprintf(stderr, "Couldn't open logfile %s: %s\n", logfile,
-		     strerror(errno));
+		    strerror(errno));
 		exit(1);
 	}
 	log_stderr_fd = fd;
@@ -387,18 +333,9 @@
 	log_handler_ctx = ctx;
 }
 
-void
-do_log2(LogLevel level, const char *fmt,...)
-{
-	va_list args;
-
-	va_start(args, fmt);
-	do_log(level, fmt, args);
-	va_end(args);
-}
-
-void
-do_log(LogLevel level, const char *fmt, va_list args)
+static void
+do_log(LogLevel level, int force, const char *suffix, const char *fmt,
+    va_list args)
 {
 #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
 	struct syslog_data sdata = SYSLOG_DATA_INIT;
@@ -409,8 +346,9 @@
 	int pri = LOG_INFO;
 	int saved_errno = errno;
 	log_handler_fn *tmp_handler;
+	const char *progname = argv0 != NULL ? argv0 : __progname;
 
-	if (level > log_level)
+	if (!force && level > log_level)
 		return;
 
 	switch (level) {
@@ -453,28 +391,110 @@
 	} else {
 		vsnprintf(msgbuf, sizeof(msgbuf), fmt, args);
 	}
+	if (suffix != NULL) {
+		snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", msgbuf, suffix);
+		strlcpy(msgbuf, fmtbuf, sizeof(msgbuf));
+	}
 	strnvis(fmtbuf, msgbuf, sizeof(fmtbuf),
 	    log_on_stderr ? LOG_STDERR_VIS : LOG_SYSLOG_VIS);
 	if (log_handler != NULL) {
 		/* Avoid recursion */
 		tmp_handler = log_handler;
 		log_handler = NULL;
-		tmp_handler(level, fmtbuf, log_handler_ctx);
+		tmp_handler(level, force, fmtbuf, log_handler_ctx);
 		log_handler = tmp_handler;
 	} else if (log_on_stderr) {
-		snprintf(msgbuf, sizeof msgbuf, "%.*s\r\n",
+		snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
+		    (log_on_stderr > 1) ? progname : "",
+		    (log_on_stderr > 1) ? ": " : "",
 		    (int)sizeof msgbuf - 3, fmtbuf);
 		(void)write(log_stderr_fd, msgbuf, strlen(msgbuf));
 	} else {
 #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
-		openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
+		openlog_r(progname, LOG_PID, log_facility, &sdata);
 		syslog_r(pri, &sdata, "%.500s", fmtbuf);
 		closelog_r(&sdata);
 #else
-		openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
+		openlog(progname, LOG_PID, log_facility);
 		syslog(pri, "%.500s", fmtbuf);
 		closelog();
 #endif
 	}
 	errno = saved_errno;
 }
+
+void
+sshlog(const char *file, const char *func, int line, int showfunc,
+    LogLevel level, const char *suffix, const char *fmt, ...)
+{
+	va_list args;
+
+	va_start(args, fmt);
+	sshlogv(file, func, line, showfunc, level, suffix, fmt, args);
+	va_end(args);
+}
+
+void
+sshlogdie(const char *file, const char *func, int line, int showfunc,
+    LogLevel level, const char *suffix, const char *fmt, ...)
+{
+	va_list args;
+
+	va_start(args, fmt);
+	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_INFO,
+	    suffix, fmt, args);
+	va_end(args);
+	cleanup_exit(255);
+}
+
+void
+sshsigdie(const char *file, const char *func, int line, int showfunc,
+    LogLevel level, const char *suffix, const char *fmt, ...)
+{
+	va_list args;
+
+	va_start(args, fmt);
+	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+	    suffix, fmt, args);
+	va_end(args);
+	_exit(1);
+}
+
+void
+sshlogv(const char *file, const char *func, int line, int showfunc,
+    LogLevel level, const char *suffix, const char *fmt, va_list args)
+{
+	char tag[128], fmt2[MSGBUFSIZ + 128];
+	int forced = 0;
+	const char *cp;
+	size_t i;
+
+	snprintf(tag, sizeof(tag), "%.48s:%.48s():%d (pid=%ld)",
+	    (cp = strrchr(file, '/')) == NULL ? file : cp + 1, func, line,
+	    (long)getpid());
+	for (i = 0; i < nlog_verbose; i++) {
+		if (match_pattern_list(tag, log_verbose[i], 0) == 1) {
+			forced = 1;
+			break;
+		}
+	}
+
+	if (forced)
+		snprintf(fmt2, sizeof(fmt2), "%s: %s", tag, fmt);
+	else if (showfunc)
+		snprintf(fmt2, sizeof(fmt2), "%s: %s", func, fmt);
+	else
+		strlcpy(fmt2, fmt, sizeof(fmt2));
+
+	do_log(level, forced, suffix, fmt2, args);
+}
+
+void
+sshlogdirect(LogLevel level, int forced, const char *fmt, ...)
+{
+	va_list args;
+
+	va_start(args, fmt);
+	do_log(level, forced, NULL, fmt, args);
+	va_end(args);
+}

log.h

diff --git a/log.h b/log.h
index 78cda28..6218b41 100644
--- a/log.h
+++ b/log.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: log.h,v 1.24 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: log.h,v 1.33 2021/04/15 16:24:31 markus Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -16,6 +16,7 @@
 #define SSH_LOG_H
 
 #include <stdarg.h> /* va_list */
+#include "ssherr.h" /* ssh_err() */
 
 /* Supported syslog facilities and levels. */
 typedef enum {
@@ -48,36 +49,84 @@
 	SYSLOG_LEVEL_NOT_SET = -1
 }       LogLevel;
 
-typedef void (log_handler_fn)(LogLevel, const char *, void *);
+typedef void (log_handler_fn)(LogLevel, int, const char *, void *);
 
-void     log_init(char *, LogLevel, SyslogFacility, int);
+void     log_init(const char *, LogLevel, SyslogFacility, int);
 LogLevel log_level_get(void);
 int      log_change_level(LogLevel);
 int      log_is_on_stderr(void);
 void     log_redirect_stderr_to(const char *);
+void	 log_verbose_add(const char *);
+void	 log_verbose_reset(void);
 
 SyslogFacility	log_facility_number(char *);
-const char * 	log_facility_name(SyslogFacility);
+const char *	log_facility_name(SyslogFacility);
 LogLevel	log_level_number(char *);
 const char *	log_level_name(LogLevel);
 
-void     fatal(const char *, ...) __attribute__((noreturn))
-    __attribute__((format(printf, 1, 2)));
-void     error(const char *, ...) __attribute__((format(printf, 1, 2)));
-void     sigdie(const char *, ...)  __attribute__((noreturn))
-    __attribute__((format(printf, 1, 2)));
-void     logdie(const char *, ...) __attribute__((noreturn))
-    __attribute__((format(printf, 1, 2)));
-void     logit(const char *, ...) __attribute__((format(printf, 1, 2)));
-void     verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
-void     debug(const char *, ...) __attribute__((format(printf, 1, 2)));
-void     debug2(const char *, ...) __attribute__((format(printf, 1, 2)));
-void     debug3(const char *, ...) __attribute__((format(printf, 1, 2)));
-
-
 void	 set_log_handler(log_handler_fn *, void *);
-void	 do_log2(LogLevel, const char *, ...)
-    __attribute__((format(printf, 2, 3)));
-void	 do_log(LogLevel, const char *, va_list);
 void	 cleanup_exit(int) __attribute__((noreturn));
+
+void	 sshlog(const char *, const char *, int, int,
+    LogLevel, const char *, const char *, ...)
+    __attribute__((format(printf, 7, 8)));
+void	 sshlogv(const char *, const char *, int, int,
+    LogLevel, const char *, const char *, va_list);
+void	 sshsigdie(const char *, const char *, int, int,
+    LogLevel, const char *, const char *, ...) __attribute__((noreturn))
+    __attribute__((format(printf, 7, 8)));
+void	 sshlogdie(const char *, const char *, int, int,
+    LogLevel, const char *, const char *, ...) __attribute__((noreturn))
+    __attribute__((format(printf, 7, 8)));
+void	 sshfatal(const char *, const char *, int, int,
+    LogLevel, const char *, const char *, ...) __attribute__((noreturn))
+    __attribute__((format(printf, 7, 8)));
+void	 sshlogdirect(LogLevel, int, const char *, ...)
+    __attribute__((format(printf, 3, 4)));
+
+#define do_log2(level, ...)	sshlog(__FILE__, __func__, __LINE__, 0, level, NULL, __VA_ARGS__)
+#define debug3(...)		sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG3, NULL, __VA_ARGS__)
+#define debug2(...)		sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG2, NULL, __VA_ARGS__)
+#define debug(...)		sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG1, NULL, __VA_ARGS__)
+#define verbose(...)		sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_VERBOSE, NULL, __VA_ARGS__)
+#define logit(...)		sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_INFO, NULL, __VA_ARGS__)
+#define error(...)		sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
+#define fatal(...)		sshfatal(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_FATAL, NULL, __VA_ARGS__)
+#define logdie(...)		sshlogdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
+#define sigdie(...)		sshsigdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
+
+/* Variants that prepend the caller's function */
+#define do_log2_f(level, ...)	sshlog(__FILE__, __func__, __LINE__, 1, level, NULL, __VA_ARGS__)
+#define debug3_f(...)		sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG3, NULL, __VA_ARGS__)
+#define debug2_f(...)		sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG2, NULL, __VA_ARGS__)
+#define debug_f(...)		sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG1, NULL, __VA_ARGS__)
+#define verbose_f(...)		sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_VERBOSE, NULL, __VA_ARGS__)
+#define logit_f(...)		sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_INFO, NULL, __VA_ARGS__)
+#define error_f(...)		sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
+#define fatal_f(...)		sshfatal(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_FATAL, NULL, __VA_ARGS__)
+#define logdie_f(...)		sshlogdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
+#define sigdie_f(...)		sshsigdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__)
+
+/* Variants that appends a ssh_err message */
+#define do_log2_r(r, level, ...) sshlog(__FILE__, __func__, __LINE__, 0, level, ssh_err(r), __VA_ARGS__)
+#define debug3_r(r, ...)	sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG3, ssh_err(r), __VA_ARGS__)
+#define debug2_r(r, ...)	sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG2, ssh_err(r), __VA_ARGS__)
+#define debug_r(r, ...)		sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_DEBUG1, ssh_err(r), __VA_ARGS__)
+#define verbose_r(r, ...)	sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_VERBOSE, ssh_err(r), __VA_ARGS__)
+#define logit_r(r, ...)		sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_INFO, ssh_err(r), __VA_ARGS__)
+#define error_r(r, ...)		sshlog(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
+#define fatal_r(r, ...)		sshfatal(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_FATAL, ssh_err(r), __VA_ARGS__)
+#define logdie_r(r, ...)	sshlogdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
+#define sigdie_r(r, ...)	sshsigdie(__FILE__, __func__, __LINE__, 0, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
+#define do_log2_fr(r, level, ...) sshlog(__FILE__, __func__, __LINE__, 1, level, ssh_err(r), __VA_ARGS__)
+#define debug3_fr(r, ...)	sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG3, ssh_err(r), __VA_ARGS__)
+#define debug2_fr(r, ...)	sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG2, ssh_err(r), __VA_ARGS__)
+#define debug_fr(r, ...)	sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_DEBUG1, ssh_err(r), __VA_ARGS__)
+#define verbose_fr(r, ...)	sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_VERBOSE, ssh_err(r), __VA_ARGS__)
+#define logit_fr(r, ...)	sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_INFO, ssh_err(r), __VA_ARGS__)
+#define error_fr(r, ...)	sshlog(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
+#define fatal_fr(r, ...)	sshfatal(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_FATAL, ssh_err(r), __VA_ARGS__)
+#define logdie_fr(r, ...)	sshlogdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
+#define sigdie_fr(r, ...)	sshsigdie(__FILE__, __func__, __LINE__, 1, SYSLOG_LEVEL_ERROR, ssh_err(r), __VA_ARGS__)
+
 #endif

loginrec.c

diff --git a/loginrec.c b/loginrec.c
index e5289de..ea058fd 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -778,6 +778,9 @@
 	strncpy(utx->ut_host, li->hostname,
 	    MIN_SIZEOF(utx->ut_host, li->hostname));
 # endif
+# ifdef HAVE_SS_IN_UTMPX
+	utx->ut_ss = li->hostaddr.sa_storage;
+# endif
 # ifdef HAVE_ADDR_IN_UTMPX
 	/* this is just a 32-bit IP address */
 	if (li->hostaddr.sa.sa_family == AF_INET)

loginrec.h

diff --git a/loginrec.h b/loginrec.h
index 62cc0e7..02bceb6 100644
--- a/loginrec.h
+++ b/loginrec.h
@@ -94,7 +94,7 @@
 void login_free_entry(struct logininfo *li);
 /* fill out a pre-allocated structure with useful information */
 int login_init_entry(struct logininfo *li, pid_t pid, const char *username,
-		     const char *hostname, const char *line);
+    const char *hostname, const char *line);
 /* place the current time in a logininfo struct */
 void login_set_current_time(struct logininfo *li);
 

logintest.c

diff --git a/logintest.c b/logintest.c
index 4897ae0..6ee1cdc 100644
--- a/logintest.c
+++ b/logintest.c
@@ -62,21 +62,21 @@
 {
 	/* yes I know how nasty this is */
 	printf("struct logininfo %s = {\n\t"
-	       "progname\t'%s'\n\ttype\t\t%d\n\t"
-	       "pid\t\t%d\n\tuid\t\t%d\n\t"
-	       "line\t\t'%s'\n\tusername\t'%s'\n\t"
-	       "hostname\t'%s'\n\texit\t\t%d\n\ttermination\t%d\n\t"
-	       "tv_sec\t%d\n\ttv_usec\t%d\n\t"
-	       "struct login_netinfo hostaddr {\n\t\t"
-	       "struct sockaddr sa {\n"
-	       "\t\t\tfamily\t%d\n\t\t}\n"
-	       "\t}\n"
-	       "}\n",
-	       descname, li->progname, li->type,
-	       li->pid, li->uid, li->line,
-	       li->username, li->hostname, li->exit,
-	       li->termination, li->tv_sec, li->tv_usec,
-	       li->hostaddr.sa.sa_family);
+	    "progname\t'%s'\n\ttype\t\t%d\n\t"
+	    "pid\t\t%d\n\tuid\t\t%d\n\t"
+	    "line\t\t'%s'\n\tusername\t'%s'\n\t"
+	    "hostname\t'%s'\n\texit\t\t%d\n\ttermination\t%d\n\t"
+	    "tv_sec\t%d\n\ttv_usec\t%d\n\t"
+	    "struct login_netinfo hostaddr {\n\t\t"
+	    "struct sockaddr sa {\n"
+	    "\t\t\tfamily\t%d\n\t\t}\n"
+	    "\t}\n"
+	    "}\n",
+	    descname, li->progname, li->type,
+	    li->pid, li->uid, li->line,
+	    li->username, li->hostname, li->exit,
+	    li->termination, li->tv_sec, li->tv_usec,
+	    li->hostaddr.sa.sa_family);
 }
 
 
@@ -118,7 +118,7 @@
 		/* NOTE: this is messy, but typically a program wouldn't have to set
 		 *  any of this, a sockaddr_in* would be already prepared */
 		memcpy((void *)&(sa_in4.sin_addr), (void *)&(he->h_addr_list[0][0]),
-		       sizeof(struct in_addr));
+		    sizeof(struct in_addr));
 		login_set_addr(li1, (struct sockaddr *) &sa_in4, sizeof(sa_in4));
 		strlcpy(li1->hostname, "localhost", sizeof(li1->hostname));
 	}
@@ -145,8 +145,8 @@
 	t1 = login_get_lastlog_time(getuid());
 	strlcpy(s_t1, ctime(&t1), sizeof(s_t1));
 	printf("Before logging in:\n\tcurrent time is %d - %s\t"
-	       "lastlog time is %d - %s\n",
-	       (int)t0, s_t0, (int)t1, s_t1);
+	    "lastlog time is %d - %s\n",
+	    (int)t0, s_t0, (int)t1, s_t1);
 #endif
 
 	printf("Performing a login on line %s ", stripline);
@@ -172,10 +172,10 @@
 	printf("at %d - %s", (int)logouttime, s_logouttime);
 #endif
 	printf("\nThe root login shown above should be gone.\n"
-	       "If the root login hasn't gone, but another user on the same\n"
-	       "pty has, this is OK - we're hacking it here, and there\n"
-	       "shouldn't be two users on one pty in reality...\n"
-	       "-- ('who' output follows)\n");
+	    "If the root login hasn't gone, but another user on the same\n"
+	    "pty has, this is OK - we're hacking it here, and there\n"
+	    "shouldn't be two users on one pty in reality...\n"
+	    "-- ('who' output follows)\n");
 	login_logout(li1);
 
 	system(cmdstring);
@@ -187,24 +187,24 @@
 	printf("After logging in, lastlog time is %d - %s\n", (int)t2, s_t2);
 	if (t1 == t2)
 		printf("The lastlog times before and after logging in are the "
-		       "same.\nThis indicates that lastlog is ** NOT WORKING "
-		       "CORRECTLY **\n");
+		    "same.\nThis indicates that lastlog is ** NOT WORKING "
+		    "CORRECTLY **\n");
 	else if (t0 != t2)
 		/* We can be off by a second or so, even when recording works fine.
 		 * I'm not 100% sure why, but it's true. */
 		printf("** The login time and the lastlog time differ.\n"
-		       "** This indicates that lastlog is either recording the "
-		       "wrong time,\n** or retrieving the wrong entry.\n"
-		       "If it's off by less than %d second(s) "
-		       "run the test again.\n", PAUSE_BEFORE_LOGOUT);
+		    "** This indicates that lastlog is either recording the "
+		    "wrong time,\n** or retrieving the wrong entry.\n"
+		    "If it's off by less than %d second(s) "
+		    "run the test again.\n", PAUSE_BEFORE_LOGOUT);
 	else
 		printf("lastlog agrees with the login time. This is a good thing.\n");
 
 #endif
 
 	printf("--\nThe output of 'last' shown next should have "
-	       "an entry for root \n  on %s for the time shown above:\n--\n",
-	       stripline);
+	    "an entry for root \n  on %s for the time shown above:\n--\n",
+	    stripline);
 	snprintf(cmdstring, sizeof(cmdstring), "last | grep '%s ' | head -3",
 		 stripline);
 	system(cmdstring);

m4/openssh.m4

diff --git a/aclocal.m4 b/m4/openssh.m4
similarity index 90%
rename from aclocal.m4
rename to m4/openssh.m4
index 25ecc49..4f9c379 100644
--- a/aclocal.m4
+++ b/m4/openssh.m4
@@ -15,12 +15,23 @@
 #include <stdlib.h>
 #include <stdio.h>
 int main(int argc, char **argv) {
+	(void)argv;
 	/* Some math to catch -ftrapv problems in the toolchain */
 	int i = 123 * argc, j = 456 + argc, k = 789 - argc;
 	float l = i * 2.1;
 	double m = l / 0.5;
 	long long int n = argc * 12345LL, o = 12345LL * (long long int)argc;
 	printf("%d %d %d %f %f %lld %lld\n", i, j, k, l, m, n, o);
+	/*
+	 * Test fallthrough behaviour.  clang 10's -Wimplicit-fallthrough does
+	 * not understand comments and we don't use the "fallthrough" attribute
+	 * that it's looking for.
+	 */
+	switch(i){
+	case 0: j += i;
+		/* FALLTHROUGH */
+	default: j += k;
+	}
 	exit(0);
 }
 	]])],
@@ -52,6 +63,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 int main(int argc, char **argv) {
+	(void)argv;
 	/* Some math to catch -ftrapv problems in the toolchain */
 	int i = 123 * argc, j = 456 + argc, k = 789 - argc;
 	float l = i * 2.1;
@@ -90,6 +102,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 int main(int argc, char **argv) {
+	(void)argv;
 	/* Some math to catch -ftrapv problems in the toolchain */
 	int i = 123 * argc, j = 456 + argc, k = 789 - argc;
 	float l = i * 2.1;
@@ -118,7 +131,7 @@
 dnl Does AC_EGREP_HEADER on 'header' for the string 'field'
 dnl If found, set 'symbol' to be defined. Cache the result.
 dnl TODO: This is not foolproof, better to compile and read from there
-AC_DEFUN(OSSH_CHECK_HEADER_FOR_FIELD, [
+AC_DEFUN([OSSH_CHECK_HEADER_FOR_FIELD], [
 # look for field '$1' in header '$2'
 	dnl This strips characters illegal to m4 from the header filename
 	ossh_safe=`echo "$2" | sed 'y%./+-%__p_%'`
@@ -158,14 +171,15 @@
 	 curl_cv_socklen_t_equiv=
 	 for arg2 in "struct sockaddr" void; do
 	    for t in int size_t unsigned long "unsigned long"; do
-	       AC_TRY_COMPILE([
-		  #include <sys/types.h>
-		  #include <sys/socket.h>
-
-		  int getpeername (int, $arg2 *, $t *);
-	       ],[
-		  $t len;
-		  getpeername(0,0,&len);
+	       AC_COMPILE_IFELSE([
+		  AC_LANG_PROGRAM([[
+		    #include <sys/types.h>
+		    #include <sys/socket.h>
+		    int getpeername (int, $arg2 *, $t *);
+		  ]], [[
+		    $t len;
+		    getpeername(0,0,&len);
+		  ]])
 	       ],[
 		  curl_cv_socklen_t_equiv="$t"
 		  break

match.c

diff --git a/match.c b/match.c
index 3a8fa9d..3ac854d 100644
--- a/match.c
+++ b/match.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.c,v 1.41 2019/11/13 04:47:52 deraadt Exp $ */
+/* $OpenBSD: match.c,v 1.43 2020/11/03 22:53:12 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,7 +53,6 @@
  * Returns true if the given string matches the pattern (which may contain ?
  * and * as wildcards), and zero if it does not match.
  */
-
 int
 match_pattern(const char *s, const char *pattern)
 {
@@ -63,8 +62,9 @@
 			return !*s;
 
 		if (*pattern == '*') {
-			/* Skip the asterisk. */
-			pattern++;
+			/* Skip this and any consecutive asterisks. */
+			while (*pattern == '*')
+				pattern++;
 
 			/* If at end of pattern, accept immediately. */
 			if (!*pattern)
@@ -309,13 +309,13 @@
 
 /*
  * Filter proposal using pattern-list filter.
- * "blacklist" determines sense of filter:
+ * "denylist" determines sense of filter:
  * non-zero indicates that items matching filter should be excluded.
  * zero indicates that only items matching filter should be included.
  * returns NULL on allocation error, otherwise caller must free result.
  */
 static char *
-filter_list(const char *proposal, const char *filter, int blacklist)
+filter_list(const char *proposal, const char *filter, int denylist)
 {
 	size_t len = strlen(proposal) + 1;
 	char *fix_prop = malloc(len);
@@ -333,7 +333,7 @@
 	*fix_prop = '\0';
 	while ((cp = strsep(&tmp, ",")) != NULL) {
 		r = match_pattern_list(cp, filter, 0);
-		if ((blacklist && r != 1) || (!blacklist && r == 1)) {
+		if ((denylist && r != 1) || (!denylist && r == 1)) {
 			if (*fix_prop != '\0')
 				strlcat(fix_prop, ",", len);
 			strlcat(fix_prop, cp, len);
@@ -348,7 +348,7 @@
  * the 'filter' pattern list. Caller must free returned string.
  */
 char *
-match_filter_blacklist(const char *proposal, const char *filter)
+match_filter_denylist(const char *proposal, const char *filter)
 {
 	return filter_list(proposal, filter, 1);
 }
@@ -358,7 +358,7 @@
  * the 'filter' pattern list. Caller must free returned string.
  */
 char *
-match_filter_whitelist(const char *proposal, const char *filter)
+match_filter_allowlist(const char *proposal, const char *filter)
 {
 	return filter_list(proposal, filter, 0);
 }

match.h

diff --git a/match.h b/match.h
index 3a8a6ec..312ca6e 100644
--- a/match.h
+++ b/match.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: match.h,v 1.19 2019/03/06 22:14:23 dtucker Exp $ */
+/* $OpenBSD: match.h,v 1.20 2020/07/05 23:59:45 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -21,8 +21,8 @@
 int	 match_host_and_ip(const char *, const char *, const char *);
 int	 match_user(const char *, const char *, const char *, const char *);
 char	*match_list(const char *, const char *, u_int *);
-char	*match_filter_blacklist(const char *, const char *);
-char	*match_filter_whitelist(const char *, const char *);
+char	*match_filter_denylist(const char *, const char *);
+char	*match_filter_allowlist(const char *, const char *);
 
 /* addrmatch.c */
 int	 addr_match_list(const char *, const char *);

misc.c

diff --git a/misc.c b/misc.c
index 48ff6af..597f9f1 100644
--- a/misc.c
+++ b/misc.c
@@ -1,29 +1,23 @@
-/* $OpenBSD: misc.c,v 1.147 2020/04/25 06:59:36 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.170 2021/09/26 14:01:03 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
- * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
+ * Copyright (c) 2005-2020 Damien Miller.  All rights reserved.
+ * Copyright (c) 2004 Henning Brauer <henning@openbsd.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+
 #include "includes.h"
 
 #include <sys/types.h>
@@ -62,6 +56,7 @@
 #ifdef HAVE_PATHS_H
 # include <paths.h>
 #include <pwd.h>
+#include <grp.h>
 #endif
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
@@ -91,6 +86,20 @@
 
 }
 
+/* remove whitespace from end of string */
+void
+rtrim(char *s)
+{
+	size_t i;
+
+	if ((i = strlen(s)) == 0)
+		return;
+	for (i--; i > 0; i--) {
+		if (isspace((int)s[i]))
+			s[i] = '\0';
+	}
+}
+
 /* set/unset filedescriptor to non-blocking */
 int
 set_nonblock(int fd)
@@ -237,6 +246,60 @@
 #endif
 }
 
+int
+get_sock_af(int fd)
+{
+	struct sockaddr_storage to;
+	socklen_t tolen = sizeof(to);
+
+	memset(&to, 0, sizeof(to));
+	if (getsockname(fd, (struct sockaddr *)&to, &tolen) == -1)
+		return -1;
+#ifdef IPV4_IN_IPV6
+	if (to.ss_family == AF_INET6 &&
+	    IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
+		return AF_INET;
+#endif
+	return to.ss_family;
+}
+
+void
+set_sock_tos(int fd, int tos)
+{
+#ifndef IP_TOS_IS_BROKEN
+	int af;
+
+	switch ((af = get_sock_af(fd))) {
+	case -1:
+		/* assume not a socket */
+		break;
+	case AF_INET:
+# ifdef IP_TOS
+		debug3_f("set socket %d IP_TOS 0x%02x", fd, tos);
+		if (setsockopt(fd, IPPROTO_IP, IP_TOS,
+		    &tos, sizeof(tos)) == -1) {
+			error("setsockopt socket %d IP_TOS %d: %s:",
+			    fd, tos, strerror(errno));
+		}
+# endif /* IP_TOS */
+		break;
+	case AF_INET6:
+# ifdef IPV6_TCLASS
+		debug3_f("set socket %d IPV6_TCLASS 0x%02x", fd, tos);
+		if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS,
+		    &tos, sizeof(tos)) == -1) {
+			error("setsockopt socket %d IPV6_TCLASS %d: %.100s:",
+			    fd, tos, strerror(errno));
+		}
+# endif /* IPV6_TCLASS */
+		break;
+	default:
+		debug2_f("unsupported socket family %d", af);
+		break;
+	}
+#endif /* IP_TOS_IS_BROKEN */
+}
+
 /*
  * Wait up to *timeoutp milliseconds for events on fd. Updates
  * *timeoutp with time remaining.
@@ -249,17 +312,17 @@
 	struct timeval t_start;
 	int oerrno, r;
 
-	monotime_tv(&t_start);
 	pfd.fd = fd;
 	pfd.events = events;
 	for (; *timeoutp >= 0;) {
+		monotime_tv(&t_start);
 		r = poll(&pfd, 1, *timeoutp);
 		oerrno = errno;
 		ms_subtract_diff(&t_start, timeoutp);
 		errno = oerrno;
 		if (r > 0)
 			return 0;
-		else if (r == -1 && errno != EAGAIN)
+		else if (r == -1 && errno != EAGAIN && errno != EINTR)
 			return -1;
 		else if (r == 0)
 			break;
@@ -298,12 +361,17 @@
 		return connect(sockfd, serv_addr, addrlen);
 
 	set_nonblock(sockfd);
-	if (connect(sockfd, serv_addr, addrlen) == 0) {
-		/* Succeeded already? */
-		unset_nonblock(sockfd);
-		return 0;
-	} else if (errno != EINPROGRESS)
-		return -1;
+	for (;;) {
+		if (connect(sockfd, serv_addr, addrlen) == 0) {
+			/* Succeeded already? */
+			unset_nonblock(sockfd);
+			return 0;
+		} else if (errno == EINTR)
+			continue;
+		else if (errno != EINPROGRESS)
+			return -1;
+		break;
+	}
 
 	if (waitfd(sockfd, timeoutp, POLLIN | POLLOUT) == -1)
 		return -1;
@@ -392,7 +460,7 @@
 	struct passwd *copy = xcalloc(1, sizeof(*copy));
 
 	copy->pw_name = xstrdup(pw->pw_name);
-	copy->pw_passwd = pw->pw_passwd ? xstrdup(pw->pw_passwd) : NULL;
+	copy->pw_passwd = xstrdup(pw->pw_passwd == NULL ? "*" : pw->pw_passwd);
 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
 	copy->pw_gecos = xstrdup(pw->pw_gecos);
 #endif
@@ -490,10 +558,10 @@
  *
  * Return -1 if time string is invalid.
  */
-long
+int
 convtime(const char *s)
 {
-	long total, secs, multiplier = 1;
+	long total, secs, multiplier;
 	const char *p;
 	char *endp;
 
@@ -507,10 +575,11 @@
 	while (*p) {
 		secs = strtol(p, &endp, 10);
 		if (p == endp ||
-		    (errno == ERANGE && (secs == LONG_MIN || secs == LONG_MAX)) ||
+		    (errno == ERANGE && (secs == INT_MIN || secs == INT_MAX)) ||
 		    secs < 0)
 			return -1;
 
+		multiplier = 1;
 		switch (*endp++) {
 		case '\0':
 			endp--;
@@ -537,10 +606,10 @@
 		default:
 			return -1;
 		}
-		if (secs >= LONG_MAX / multiplier)
+		if (secs > INT_MAX / multiplier)
 			return -1;
 		secs *= multiplier;
-		if  (total >= LONG_MAX - secs)
+		if  (total > INT_MAX - secs)
 			return -1;
 		total += secs;
 		if (total < 0)
@@ -551,6 +620,43 @@
 	return total;
 }
 
+#define TF_BUFS	8
+#define TF_LEN	9
+
+const char *
+fmt_timeframe(time_t t)
+{
+	char		*buf;
+	static char	 tfbuf[TF_BUFS][TF_LEN];	/* ring buffer */
+	static int	 idx = 0;
+	unsigned int	 sec, min, hrs, day;
+	unsigned long long	week;
+
+	buf = tfbuf[idx++];
+	if (idx == TF_BUFS)
+		idx = 0;
+
+	week = t;
+
+	sec = week % 60;
+	week /= 60;
+	min = week % 60;
+	week /= 60;
+	hrs = week % 24;
+	week /= 24;
+	day = week % 7;
+	week /= 7;
+
+	if (week > 0)
+		snprintf(buf, TF_LEN, "%02lluw%01ud%02uh", week, day, hrs);
+	else if (day > 0)
+		snprintf(buf, TF_LEN, "%01ud%02uh%02um", day, hrs, min);
+	else
+		snprintf(buf, TF_LEN, "%02u:%02u:%02u", hrs, min, sec);
+
+	return (buf);
+}
+
 /*
  * Returns a standardized host+port identifier string.
  * Caller must free returned string.
@@ -1010,29 +1116,37 @@
  * Expands tildes in the file name.  Returns data allocated by xmalloc.
  * Warning: this calls getpw*.
  */
-char *
-tilde_expand_filename(const char *filename, uid_t uid)
+int
+tilde_expand(const char *filename, uid_t uid, char **retp)
 {
 	const char *path, *sep;
 	char user[128], *ret;
 	struct passwd *pw;
 	u_int len, slash;
 
-	if (*filename != '~')
-		return (xstrdup(filename));
+	if (*filename != '~') {
+		*retp = xstrdup(filename);
+		return 0;
+	}
 	filename++;
 
 	path = strchr(filename, '/');
 	if (path != NULL && path > filename) {		/* ~user/path */
 		slash = path - filename;
-		if (slash > sizeof(user) - 1)
-			fatal("tilde_expand_filename: ~username too long");
+		if (slash > sizeof(user) - 1) {
+			error_f("~username too long");
+			return -1;
+		}
 		memcpy(user, filename, slash);
 		user[slash] = '\0';
-		if ((pw = getpwnam(user)) == NULL)
-			fatal("tilde_expand_filename: No such user %s", user);
-	} else if ((pw = getpwuid(uid)) == NULL)	/* ~/path */
-		fatal("tilde_expand_filename: No such uid %ld", (long)uid);
+		if ((pw = getpwnam(user)) == NULL) {
+			error_f("No such user %s", user);
+			return -1;
+		}
+	} else if ((pw = getpwuid(uid)) == NULL) {	/* ~/path */
+		error_f("No such uid %ld", (long)uid);
+		return -1;
+	}
 
 	/* Make sure directory has a trailing '/' */
 	len = strlen(pw->pw_dir);
@@ -1045,85 +1159,201 @@
 	if (path != NULL)
 		filename = path + 1;
 
-	if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX)
-		fatal("tilde_expand_filename: Path too long");
+	if (xasprintf(&ret, "%s%s%s", pw->pw_dir, sep, filename) >= PATH_MAX) {
+		error_f("Path too long");
+		return -1;
+	}
 
-	return (ret);
+	*retp = ret;
+	return 0;
+}
+
+char *
+tilde_expand_filename(const char *filename, uid_t uid)
+{
+	char *ret;
+
+	if (tilde_expand(filename, uid, &ret) != 0)
+		cleanup_exit(255);
+	return ret;
 }
 
 /*
- * Expand a string with a set of %[char] escapes. A number of escapes may be
- * specified as (char *escape_chars, char *replacement) pairs. The list must
- * be terminated by a NULL escape_char. Returns replaced string in memory
- * allocated by xmalloc.
+ * Expand a string with a set of %[char] escapes and/or ${ENVIRONMENT}
+ * substitutions.  A number of escapes may be specified as
+ * (char *escape_chars, char *replacement) pairs. The list must be terminated
+ * by a NULL escape_char. Returns replaced string in memory allocated by
+ * xmalloc which the caller must free.
  */
-char *
-percent_expand(const char *string, ...)
+static char *
+vdollar_percent_expand(int *parseerror, int dollar, int percent,
+    const char *string, va_list ap)
 {
 #define EXPAND_MAX_KEYS	16
-	u_int num_keys, i;
+	u_int num_keys = 0, i;
 	struct {
 		const char *key;
 		const char *repl;
 	} keys[EXPAND_MAX_KEYS];
 	struct sshbuf *buf;
-	va_list ap;
-	int r;
-	char *ret;
+	int r, missingvar = 0;
+	char *ret = NULL, *var, *varend, *val;
+	size_t len;
 
 	if ((buf = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
+	if (parseerror == NULL)
+		fatal_f("null parseerror arg");
+	*parseerror = 1;
 
-	/* Gather keys */
-	va_start(ap, string);
-	for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
-		keys[num_keys].key = va_arg(ap, char *);
-		if (keys[num_keys].key == NULL)
-			break;
-		keys[num_keys].repl = va_arg(ap, char *);
-		if (keys[num_keys].repl == NULL)
-			fatal("%s: NULL replacement", __func__);
+	/* Gather keys if we're doing percent expansion. */
+	if (percent) {
+		for (num_keys = 0; num_keys < EXPAND_MAX_KEYS; num_keys++) {
+			keys[num_keys].key = va_arg(ap, char *);
+			if (keys[num_keys].key == NULL)
+				break;
+			keys[num_keys].repl = va_arg(ap, char *);
+			if (keys[num_keys].repl == NULL) {
+				fatal_f("NULL replacement for token %s",
+				    keys[num_keys].key);
+			}
+		}
+		if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL)
+			fatal_f("too many keys");
+		if (num_keys == 0)
+			fatal_f("percent expansion without token list");
 	}
-	if (num_keys == EXPAND_MAX_KEYS && va_arg(ap, char *) != NULL)
-		fatal("%s: too many keys", __func__);
-	va_end(ap);
 
 	/* Expand string */
 	for (i = 0; *string != '\0'; string++) {
-		if (*string != '%') {
- append:
-			if ((r = sshbuf_put_u8(buf, *string)) != 0) {
-				fatal("%s: sshbuf_put_u8: %s",
-				    __func__, ssh_err(r));
+		/* Optionally process ${ENVIRONMENT} expansions. */
+		if (dollar && string[0] == '$' && string[1] == '{') {
+			string += 2;  /* skip over '${' */
+			if ((varend = strchr(string, '}')) == NULL) {
+				error_f("environment variable '%s' missing "
+				    "closing '}'", string);
+				goto out;
 			}
+			len = varend - string;
+			if (len == 0) {
+				error_f("zero-length environment variable");
+				goto out;
+			}
+			var = xmalloc(len + 1);
+			(void)strlcpy(var, string, len + 1);
+			if ((val = getenv(var)) == NULL) {
+				error_f("env var ${%s} has no value", var);
+				missingvar = 1;
+			} else {
+				debug3_f("expand ${%s} -> '%s'", var, val);
+				if ((r = sshbuf_put(buf, val, strlen(val))) !=0)
+					fatal_fr(r, "sshbuf_put ${}");
+			}
+			free(var);
+			string += len;
+			continue;
+		}
+
+		/*
+		 * Process percent expansions if we have a list of TOKENs.
+		 * If we're not doing percent expansion everything just gets
+		 * appended here.
+		 */
+		if (*string != '%' || !percent) {
+ append:
+			if ((r = sshbuf_put_u8(buf, *string)) != 0)
+				fatal_fr(r, "sshbuf_put_u8 %%");
 			continue;
 		}
 		string++;
 		/* %% case */
 		if (*string == '%')
 			goto append;
-		if (*string == '\0')
-			fatal("%s: invalid format", __func__);
+		if (*string == '\0') {
+			error_f("invalid format");
+			goto out;
+		}
 		for (i = 0; i < num_keys; i++) {
 			if (strchr(keys[i].key, *string) != NULL) {
 				if ((r = sshbuf_put(buf, keys[i].repl,
-				    strlen(keys[i].repl))) != 0) {
-					fatal("%s: sshbuf_put: %s",
-					    __func__, ssh_err(r));
-				}
+				    strlen(keys[i].repl))) != 0)
+					fatal_fr(r, "sshbuf_put %%-repl");
 				break;
 			}
 		}
-		if (i >= num_keys)
-			fatal("%s: unknown key %%%c", __func__, *string);
+		if (i >= num_keys) {
+			error_f("unknown key %%%c", *string);
+			goto out;
+		}
 	}
-	if ((ret = sshbuf_dup_string(buf)) == NULL)
-		fatal("%s: sshbuf_dup_string failed", __func__);
+	if (!missingvar && (ret = sshbuf_dup_string(buf)) == NULL)
+		fatal_f("sshbuf_dup_string failed");
+	*parseerror = 0;
+ out:
 	sshbuf_free(buf);
-	return ret;
+	return *parseerror ? NULL : ret;
 #undef EXPAND_MAX_KEYS
 }
 
+/*
+ * Expand only environment variables.
+ * Note that although this function is variadic like the other similar
+ * functions, any such arguments will be unused.
+ */
+
+char *
+dollar_expand(int *parseerr, const char *string, ...)
+{
+	char *ret;
+	int err;
+	va_list ap;
+
+	va_start(ap, string);
+	ret = vdollar_percent_expand(&err, 1, 0, string, ap);
+	va_end(ap);
+	if (parseerr != NULL)
+		*parseerr = err;
+	return ret;
+}
+
+/*
+ * Returns expanded string or NULL if a specified environment variable is
+ * not defined, or calls fatal if the string is invalid.
+ */
+char *
+percent_expand(const char *string, ...)
+{
+	char *ret;
+	int err;
+	va_list ap;
+
+	va_start(ap, string);
+	ret = vdollar_percent_expand(&err, 0, 1, string, ap);
+	va_end(ap);
+	if (err)
+		fatal_f("failed");
+	return ret;
+}
+
+/*
+ * Returns expanded string or NULL if a specified environment variable is
+ * not defined, or calls fatal if the string is invalid.
+ */
+char *
+percent_dollar_expand(const char *string, ...)
+{
+	char *ret;
+	int err;
+	va_list ap;
+
+	va_start(ap, string);
+	ret = vdollar_percent_expand(&err, 1, 1, string, ap);
+	va_end(ap);
+	if (err)
+		fatal_f("failed");
+	return ret;
+}
+
 int
 tun_open(int tun, int mode, char **ifname)
 {
@@ -1153,16 +1383,16 @@
 				break;
 		}
 	} else {
-		debug("%s: invalid tunnel %u", __func__, tun);
+		debug_f("invalid tunnel %u", tun);
 		return -1;
 	}
 
 	if (fd == -1) {
-		debug("%s: %s open: %s", __func__, name, strerror(errno));
+		debug_f("%s open: %s", name, strerror(errno));
 		return -1;
 	}
 
-	debug("%s: %s mode %d fd %d", __func__, name, mode, fd);
+	debug_f("%s mode %d fd %d", name, mode, fd);
 
 	/* Bring interface up if it is not already */
 	snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", tunbase, tun);
@@ -1170,16 +1400,16 @@
 		goto failed;
 
 	if (ioctl(sock, SIOCGIFFLAGS, &ifr) == -1) {
-		debug("%s: get interface %s flags: %s", __func__,
-		    ifr.ifr_name, strerror(errno));
+		debug_f("get interface %s flags: %s", ifr.ifr_name,
+		    strerror(errno));
 		goto failed;
 	}
 
 	if (!(ifr.ifr_flags & IFF_UP)) {
 		ifr.ifr_flags |= IFF_UP;
 		if (ioctl(sock, SIOCSIFFLAGS, &ifr) == -1) {
-			debug("%s: activate interface %s: %s", __func__,
-			    ifr.ifr_name, strerror(errno));
+			debug_f("activate interface %s: %s", ifr.ifr_name,
+			    strerror(errno));
 			goto failed;
 		}
 	}
@@ -1530,7 +1760,7 @@
 	}
 	r = snprintf(s, len, "/tmp/ssh-XXXXXXXXXXXX");
 	if (r < 0 || (size_t)r >= len)
-		fatal("%s: template string too short", __func__);
+		fatal_f("template string too short");
 }
 
 static const struct {
@@ -1617,8 +1847,7 @@
 	sunaddr.sun_family = AF_UNIX;
 	if (strlcpy(sunaddr.sun_path, path,
 	    sizeof(sunaddr.sun_path)) >= sizeof(sunaddr.sun_path)) {
-		error("%s: path \"%s\" too long for Unix domain socket",
-		    __func__, path);
+		error_f("path \"%s\" too long for Unix domain socket", path);
 		errno = ENAMETOOLONG;
 		return -1;
 	}
@@ -1626,7 +1855,7 @@
 	sock = socket(PF_UNIX, SOCK_STREAM, 0);
 	if (sock == -1) {
 		saved_errno = errno;
-		error("%s: socket: %.100s", __func__, strerror(errno));
+		error_f("socket: %.100s", strerror(errno));
 		errno = saved_errno;
 		return -1;
 	}
@@ -1636,16 +1865,14 @@
 	}
 	if (bind(sock, (struct sockaddr *)&sunaddr, sizeof(sunaddr)) == -1) {
 		saved_errno = errno;
-		error("%s: cannot bind to path %s: %s",
-		    __func__, path, strerror(errno));
+		error_f("cannot bind to path %s: %s", path, strerror(errno));
 		close(sock);
 		errno = saved_errno;
 		return -1;
 	}
 	if (listen(sock, backlog) == -1) {
 		saved_errno = errno;
-		error("%s: cannot listen on path %s: %s",
-		    __func__, path, strerror(errno));
+		error_f("cannot listen on path %s: %s", path, strerror(errno));
 		close(sock);
 		unlink(path);
 		errno = saved_errno;
@@ -1721,14 +1948,13 @@
 	return 1;
 }
 
-
 /*
  * Splits 's' into an argument vector. Handles quoted string and basic
  * escape characters (\\, \", \'). Caller must free the argument vector
  * and its members.
  */
 int
-argv_split(const char *s, int *argcp, char ***argvp)
+argv_split(const char *s, int *argcp, char ***argvp, int terminate_on_comment)
 {
 	int r = SSH_ERR_INTERNAL_ERROR;
 	int argc = 0, quote, i, j;
@@ -1741,14 +1967,10 @@
 		/* Skip leading whitespace */
 		if (s[i] == ' ' || s[i] == '\t')
 			continue;
-
+		if (terminate_on_comment && s[i] == '#')
+			break;
 		/* Start of a token */
 		quote = 0;
-		if (s[i] == '\\' &&
-		    (s[i + 1] == '\'' || s[i + 1] == '\"' || s[i + 1] == '\\'))
-			i++;
-		else if (s[i] == '\'' || s[i] == '"')
-			quote = s[i++];
 
 		argv = xreallocarray(argv, (argc + 2), sizeof(*argv));
 		arg = argv[argc++] = xcalloc(1, strlen(s + i) + 1);
@@ -1759,7 +1981,8 @@
 			if (s[i] == '\\') {
 				if (s[i + 1] == '\'' ||
 				    s[i + 1] == '\"' ||
-				    s[i + 1] == '\\') {
+				    s[i + 1] == '\\' ||
+				    (quote == 0 && s[i + 1] == ' ')) {
 					i++; /* Skip '\' */
 					arg[j++] = s[i];
 				} else {
@@ -1768,8 +1991,10 @@
 				}
 			} else if (quote == 0 && (s[i] == ' ' || s[i] == '\t'))
 				break; /* done */
+			else if (quote == 0 && (s[i] == '\"' || s[i] == '\''))
+				quote = s[i]; /* quote start */
 			else if (quote != 0 && s[i] == quote)
-				break; /* done */
+				quote = 0; /* quote end */
 			else
 				arg[j++] = s[i];
 		}
@@ -1809,7 +2034,7 @@
 	struct sshbuf *buf, *arg;
 
 	if ((buf = sshbuf_new()) == NULL || (arg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	for (i = 0; i < argc; i++) {
 		ws = 0;
@@ -1834,17 +2059,16 @@
 				break;
 			}
 			if (r != 0)
-				fatal("%s: sshbuf_put_u8: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "sshbuf_put_u8");
 		}
 		if ((i != 0 && (r = sshbuf_put_u8(buf, ' ')) != 0) ||
 		    (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0) ||
 		    (r = sshbuf_putb(buf, arg)) != 0 ||
 		    (ws != 0 && (r = sshbuf_put_u8(buf, '"')) != 0))
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble");
 	}
 	if ((ret = malloc(sshbuf_len(buf) + 1)) == NULL)
-		fatal("%s: malloc failed", __func__);
+		fatal_f("malloc failed");
 	memcpy(ret, sshbuf_ptr(buf), sshbuf_len(buf));
 	ret[sshbuf_len(buf)] = '\0';
 	sshbuf_free(buf);
@@ -1852,6 +2076,36 @@
 	return ret;
 }
 
+char *
+argv_next(int *argcp, char ***argvp)
+{
+	char *ret = (*argvp)[0];
+
+	if (*argcp > 0 && ret != NULL) {
+		(*argcp)--;
+		(*argvp)++;
+	}
+	return ret;
+}
+
+void
+argv_consume(int *argcp)
+{
+	*argcp = 0;
+}
+
+void
+argv_free(char **av, int ac)
+{
+	int i;
+
+	if (av == NULL)
+		return;
+	for (i = 0; i < ac; i++)
+		free(av[i]);
+	free(av);
+}
+
 /* Returns 0 if pid exited cleanly, non-zero otherwise */
 int
 exited_cleanly(pid_t pid, const char *tag, const char *cmd, int quiet)
@@ -1860,7 +2114,7 @@
 
 	while (waitpid(pid, &status, 0) == -1) {
 		if (errno != EINTR) {
-			error("%s: waitpid: %s", tag, strerror(errno));
+			error("%s waitpid: %s", tag, strerror(errno));
 			return -1;
 		}
 	}
@@ -2156,10 +2410,13 @@
 	return 0;
 }
 
+/* On OpenBSD time_t is int64_t which is long long. */
+/* #define SSH_TIME_T_MAX LLONG_MAX */
+
 void
 format_absolute_time(uint64_t t, char *buf, size_t len)
 {
-	time_t tt = t > INT_MAX ? INT_MAX : t; /* XXX revisit in 2038 :P */
+	time_t tt = t > SSH_TIME_T_MAX ? SSH_TIME_T_MAX : t;
 	struct tm tm;
 
 	localtime_r(&tt, &tm);
@@ -2254,6 +2511,32 @@
 	return 0;
 }
 
+void
+opt_array_append2(const char *file, const int line, const char *directive,
+    char ***array, int **iarray, u_int *lp, const char *s, int i)
+{
+
+	if (*lp >= INT_MAX)
+		fatal("%s line %d: Too many %s entries", file, line, directive);
+
+	if (iarray != NULL) {
+		*iarray = xrecallocarray(*iarray, *lp, *lp + 1,
+		    sizeof(**iarray));
+		(*iarray)[*lp] = i;
+	}
+
+	*array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
+	(*array)[*lp] = xstrdup(s);
+	(*lp)++;
+}
+
+void
+opt_array_append(const char *file, const int line, const char *directive,
+    char ***array, u_int *lp, const char *s)
+{
+	opt_array_append2(file, line, directive, array, NULL, lp, s, 0);
+}
+
 sshsig_t
 ssh_signal(int signum, sshsig_t handler)
 {
@@ -2273,3 +2556,214 @@
 	}
 	return osa.sa_handler;
 }
+
+int
+stdfd_devnull(int do_stdin, int do_stdout, int do_stderr)
+{
+	int devnull, ret = 0;
+
+	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+		error_f("open %s: %s", _PATH_DEVNULL,
+		    strerror(errno));
+		return -1;
+	}
+	if ((do_stdin && dup2(devnull, STDIN_FILENO) == -1) ||
+	    (do_stdout && dup2(devnull, STDOUT_FILENO) == -1) ||
+	    (do_stderr && dup2(devnull, STDERR_FILENO) == -1)) {
+		error_f("dup2: %s", strerror(errno));
+		ret = -1;
+	}
+	if (devnull > STDERR_FILENO)
+		close(devnull);
+	return ret;
+}
+
+/*
+ * Runs command in a subprocess with a minimal environment.
+ * Returns pid on success, 0 on failure.
+ * The child stdout and stderr maybe captured, left attached or sent to
+ * /dev/null depending on the contents of flags.
+ * "tag" is prepended to log messages.
+ * NB. "command" is only used for logging; the actual command executed is
+ * av[0].
+ */
+pid_t
+subprocess(const char *tag, const char *command,
+    int ac, char **av, FILE **child, u_int flags,
+    struct passwd *pw, privdrop_fn *drop_privs, privrestore_fn *restore_privs)
+{
+	FILE *f = NULL;
+	struct stat st;
+	int fd, devnull, p[2], i;
+	pid_t pid;
+	char *cp, errmsg[512];
+	u_int nenv = 0;
+	char **env = NULL;
+
+	/* If dropping privs, then must specify user and restore function */
+	if (drop_privs != NULL && (pw == NULL || restore_privs == NULL)) {
+		error("%s: inconsistent arguments", tag); /* XXX fatal? */
+		return 0;
+	}
+	if (pw == NULL && (pw = getpwuid(getuid())) == NULL) {
+		error("%s: no user for current uid", tag);
+		return 0;
+	}
+	if (child != NULL)
+		*child = NULL;
+
+	debug3_f("%s command \"%s\" running as %s (flags 0x%x)",
+	    tag, command, pw->pw_name, flags);
+
+	/* Check consistency */
+	if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
+	    (flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0) {
+		error_f("inconsistent flags");
+		return 0;
+	}
+	if (((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0) != (child == NULL)) {
+		error_f("inconsistent flags/output");
+		return 0;
+	}
+
+	/*
+	 * If executing an explicit binary, then verify the it exists
+	 * and appears safe-ish to execute
+	 */
+	if (!path_absolute(av[0])) {
+		error("%s path is not absolute", tag);
+		return 0;
+	}
+	if (drop_privs != NULL)
+		drop_privs(pw);
+	if (stat(av[0], &st) == -1) {
+		error("Could not stat %s \"%s\": %s", tag,
+		    av[0], strerror(errno));
+		goto restore_return;
+	}
+	if ((flags & SSH_SUBPROCESS_UNSAFE_PATH) == 0 &&
+	    safe_path(av[0], &st, NULL, 0, errmsg, sizeof(errmsg)) != 0) {
+		error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);
+		goto restore_return;
+	}
+	/* Prepare to keep the child's stdout if requested */
+	if (pipe(p) == -1) {
+		error("%s: pipe: %s", tag, strerror(errno));
+ restore_return:
+		if (restore_privs != NULL)
+			restore_privs();
+		return 0;
+	}
+	if (restore_privs != NULL)
+		restore_privs();
+
+	switch ((pid = fork())) {
+	case -1: /* error */
+		error("%s: fork: %s", tag, strerror(errno));
+		close(p[0]);
+		close(p[1]);
+		return 0;
+	case 0: /* child */
+		/* Prepare a minimal environment for the child. */
+		if ((flags & SSH_SUBPROCESS_PRESERVE_ENV) == 0) {
+			nenv = 5;
+			env = xcalloc(sizeof(*env), nenv);
+			child_set_env(&env, &nenv, "PATH", _PATH_STDPATH);
+			child_set_env(&env, &nenv, "USER", pw->pw_name);
+			child_set_env(&env, &nenv, "LOGNAME", pw->pw_name);
+			child_set_env(&env, &nenv, "HOME", pw->pw_dir);
+			if ((cp = getenv("LANG")) != NULL)
+				child_set_env(&env, &nenv, "LANG", cp);
+		}
+
+		for (i = 1; i < NSIG; i++)
+			ssh_signal(i, SIG_DFL);
+
+		if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
+			error("%s: open %s: %s", tag, _PATH_DEVNULL,
+			    strerror(errno));
+			_exit(1);
+		}
+		if (dup2(devnull, STDIN_FILENO) == -1) {
+			error("%s: dup2: %s", tag, strerror(errno));
+			_exit(1);
+		}
+
+		/* Set up stdout as requested; leave stderr in place for now. */
+		fd = -1;
+		if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) != 0)
+			fd = p[1];
+		else if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0)
+			fd = devnull;
+		if (fd != -1 && dup2(fd, STDOUT_FILENO) == -1) {
+			error("%s: dup2: %s", tag, strerror(errno));
+			_exit(1);
+		}
+		closefrom(STDERR_FILENO + 1);
+
+		if (geteuid() == 0 &&
+		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
+			error("%s: initgroups(%s, %u): %s", tag,
+			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
+			_exit(1);
+		}
+		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
+			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
+			    strerror(errno));
+			_exit(1);
+		}
+		if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
+			error("%s: setresuid %u: %s", tag, (u_int)pw->pw_uid,
+			    strerror(errno));
+			_exit(1);
+		}
+		/* stdin is pointed to /dev/null at this point */
+		if ((flags & SSH_SUBPROCESS_STDOUT_DISCARD) != 0 &&
+		    dup2(STDIN_FILENO, STDERR_FILENO) == -1) {
+			error("%s: dup2: %s", tag, strerror(errno));
+			_exit(1);
+		}
+		if (env != NULL)
+			execve(av[0], av, env);
+		else
+			execv(av[0], av);
+		error("%s %s \"%s\": %s", tag, env == NULL ? "execv" : "execve",
+		    command, strerror(errno));
+		_exit(127);
+	default: /* parent */
+		break;
+	}
+
+	close(p[1]);
+	if ((flags & SSH_SUBPROCESS_STDOUT_CAPTURE) == 0)
+		close(p[0]);
+	else if ((f = fdopen(p[0], "r")) == NULL) {
+		error("%s: fdopen: %s", tag, strerror(errno));
+		close(p[0]);
+		/* Don't leave zombie child */
+		kill(pid, SIGTERM);
+		while (waitpid(pid, NULL, 0) == -1 && errno == EINTR)
+			;
+		return 0;
+	}
+	/* Success */
+	debug3_f("%s pid %ld", tag, (long)pid);
+	if (child != NULL)
+		*child = f;
+	return pid;
+}
+
+const char *
+lookup_env_in_list(const char *env, char * const *envs, size_t nenvs)
+{
+	size_t i, envlen;
+
+	envlen = strlen(env);
+	for (i = 0; i < nenvs; i++) {
+		if (strncmp(envs[i], env, envlen) == 0 &&
+		    envs[i][envlen] == '=') {
+			return envs[i] + envlen + 1;
+		}
+	}
+	return NULL;
+}

misc.h

diff --git a/misc.h b/misc.h
index 4a05db2..2e2dca5 100644
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.84 2020/01/24 23:54:40 djm Exp $ */
+/* $OpenBSD: misc.h,v 1.98 2021/08/09 23:47:44 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -18,6 +18,7 @@
 #include <sys/time.h>
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <stdio.h>
 
 /* Data structure for representing a forwarding request. */
 struct Forward {
@@ -44,6 +45,7 @@
 /* misc.c */
 
 char	*chop(char *);
+void	 rtrim(char *);
 void	skip_space(char **);
 char	*strdelim(char **);
 char	*strdelimw(char **);
@@ -53,6 +55,8 @@
 int	 set_reuseaddr(int);
 char	*get_rdomain(int);
 int	 set_rdomain(int, const char *);
+int	 get_sock_af(int);
+void	 set_sock_tos(int, int);
 int	 waitrfd(int, int *);
 int	 timeout_connect(int, const struct sockaddr *, socklen_t, int *);
 int	 a2port(const char *);
@@ -65,9 +69,14 @@
 int	 parse_user_host_path(const char *, char **, char **, char **);
 int	 parse_user_host_port(const char *, char **, char **, int *);
 int	 parse_uri(const char *, const char *, char **, char **, int *, char **);
-long	 convtime(const char *);
+int	 convtime(const char *);
+const char *fmt_timeframe(time_t t);
+int	 tilde_expand(const char *, uid_t, char **);
 char	*tilde_expand_filename(const char *, uid_t);
+
+char	*dollar_expand(int *, const char *string, ...);
 char	*percent_expand(const char *, ...) __attribute__((__sentinel__));
+char	*percent_dollar_expand(const char *, ...) __attribute__((__sentinel__));
 char	*tohex(const void *, size_t);
 void	 xextendf(char **s, const char *sep, const char *fmt, ...)
     __attribute__((__format__ (printf, 3, 4))) __attribute__((__nonnull__ (3)));
@@ -86,12 +95,23 @@
 int	 parse_absolute_time(const char *, uint64_t *);
 void	 format_absolute_time(uint64_t, char *, size_t);
 int	 path_absolute(const char *);
+int	 stdfd_devnull(int, int, int);
 
 void	 sock_set_v6only(int);
 
 struct passwd *pwcopy(struct passwd *);
 const char *ssh_gai_strerror(int);
 
+typedef void privdrop_fn(struct passwd *);
+typedef void privrestore_fn(void);
+#define	SSH_SUBPROCESS_STDOUT_DISCARD	(1)     /* Discard stdout */
+#define	SSH_SUBPROCESS_STDOUT_CAPTURE	(1<<1)  /* Redirect stdout */
+#define	SSH_SUBPROCESS_STDERR_DISCARD	(1<<2)  /* Discard stderr */
+#define	SSH_SUBPROCESS_UNSAFE_PATH	(1<<3)	/* Don't check for safe cmd */
+#define	SSH_SUBPROCESS_PRESERVE_ENV	(1<<4)	/* Keep parent environment */
+pid_t subprocess(const char *, const char *, int, char **, FILE **, u_int,
+    struct passwd *, privdrop_fn *, privrestore_fn *);
+
 typedef struct arglist arglist;
 struct arglist {
 	char    **list;
@@ -99,9 +119,9 @@
 	u_int   nalloc;
 };
 void	 addargs(arglist *, char *, ...)
-	     __attribute__((format(printf, 2, 3)));
+	    __attribute__((format(printf, 2, 3)));
 void	 replacearg(arglist *, u_int, char *, ...)
-	     __attribute__((format(printf, 3, 4)));
+	    __attribute__((format(printf, 3, 4)));
 void	 freeargs(arglist *);
 
 int	 tun_open(int, int, char **);
@@ -156,23 +176,36 @@
 void mktemp_proto(char *, size_t);
 
 void	 child_set_env(char ***envp, u_int *envsizep, const char *name,
-	     const char *value);
+	    const char *value);
+const char *lookup_env_in_list(const char *env,
+	    char * const *envs, size_t nenvs);
 
-int	 argv_split(const char *, int *, char ***);
+int	 argv_split(const char *, int *, char ***, int);
 char	*argv_assemble(int, char **argv);
+char	*argv_next(int *, char ***);
+void	 argv_consume(int *);
+void	 argv_free(char **, int);
+
 int	 exited_cleanly(pid_t, const char *, const char *, int);
 
 struct stat;
 int	 safe_path(const char *, struct stat *, const char *, uid_t,
-	     char *, size_t);
+	    char *, size_t);
 int	 safe_path_fd(int, const char *, struct passwd *,
-	     char *err, size_t errlen);
+	    char *err, size_t errlen);
 
 /* authorized_key-style options parsing helpers */
 int	opt_flag(const char *opt, int allow_negate, const char **optsp);
 char	*opt_dequote(const char **sp, const char **errstrp);
 int	opt_match(const char **opts, const char *term);
 
+/* readconf/servconf option lists */
+void	opt_array_append(const char *file, const int line,
+	    const char *directive, char ***array, u_int *lp, const char *s);
+void	opt_array_append2(const char *file, const int line,
+	    const char *directive, char ***array, int **iarray, u_int *lp,
+	    const char *s, int i);
+
 /* readpass.c */
 
 #define RP_ECHO			0x0001
@@ -186,7 +219,8 @@
 int	 ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
 struct notifier_ctx *notify_start(int, const char *, ...)
 	__attribute__((format(printf, 2, 3)));
-void	notify_complete(struct notifier_ctx *);
+void	notify_complete(struct notifier_ctx *, const char *, ...)
+	__attribute__((format(printf, 2, 3)));
 
 #define MINIMUM(a, b)	(((a) < (b)) ? (a) : (b))
 #define MAXIMUM(a, b)	(((a) > (b)) ? (a) : (b))
@@ -194,4 +228,5 @@
 
 typedef void (*sshsig_t)(int);
 sshsig_t ssh_signal(int, sshsig_t);
+
 #endif /* _MISC_H */

moduli

diff --git a/moduli b/moduli
index 10e8544..81afe33 100644
--- a/moduli
+++ b/moduli
@@ -1,415 +1,450 @@
-#    $OpenBSD: moduli,v 1.26 2020/02/20 05:41:50 dtucker Exp $
+#    $OpenBSD: moduli,v 1.30 2021/05/17 07:22:45 dtucker Exp $
 # Time Type Tests Tries Size Generator Modulus
-20191022074127 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C0FFE0C2D7
-20191022074138 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C0FFEE1D33
-20191022074152 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1000302CF
-20191022074200 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10009CAA3
-20191022074209 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1000E102F
-20191022074218 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10017AEC3
-20191022074224 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1001AC4BF
-20191022074243 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10036E7A7
-20191022074322 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C100727D9F
-20191022074342 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10091E09B
-20191022074428 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C100DB96B3
-20191022074435 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C100E315C3
-20191022074440 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C100E4BB67
-20191022074450 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C100EFF477
-20191022074526 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10125A5DB
-20191022074629 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1019192BB
-20191022074654 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C101BD818B
-20191022074721 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C101E63DAF
-20191022074911 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C102A7DFE7
-20191022074915 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C102A7EDF7
-20191022074926 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C102B62DA3
-20191022075007 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C102F7B693
-20191022075045 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1033B1D1F
-20191022075211 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C103CDEA43
-20191022075252 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10417630B
-20191022075337 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10462BA5F
-20191022075408 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C104906FA3
-20191022075418 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1049C8563
-20191022075526 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10516447B
-20191022075538 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C105263DC3
-20191022075545 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1052B9CB3
-20191022075648 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C105985083
-20191022075711 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C105B6F457
-20191022075721 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C105C3BB0B
-20191022075832 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1064323B3
-20191022075846 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C106578B1F
-20191022075941 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C106B58ADF
-20191022075955 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C106CA5743
-20191022080041 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10715FF37
-20191022080105 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1073A7C3B
-20191022080147 2 6 100 2047 5 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C10782FEF7
-20191022080206 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1079A53A3
-20191022080212 2 6 100 2047 2 E854C2A5759DFE93314B4F76AA4E7A249192AD0B0C70B1E62F3E0B4A37D181C7D1A233312886ED675788CBBC2B384D16C0CA8E5DED996C54F68568F21D6A2333E189848A5271AC0CA6F3DAAAE469F98E1B5223CB4253653FA82242C4D29AD65E878EA91522C51CF98774952FDD9453406B4AB50A7CDFA97BB4650F601DEC496C5839F98CD774BC0F9B57581633771865F175F3D72EFAB15D377CAB2EFBD812D6F13FAD3181323BDBD95BF44703FF38225883FDF4A536DA17F8C3441459AF90528DDA015E85A978C0ABB4708407B9394C8DFB4B654348131E7EA91FCF853C44D055ADEEAE40486AF9E1724D55CA27F97F7563A82EA86B661ED02383C1079CA49B
-20191022080437 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC6254F1CC3
-20191022080445 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC6255528FF
-20191022080450 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC625566D5F
-20191022080507 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC6256E3B7F
-20191022080516 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62573826F
-20191022080529 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC6258313D7
-20191022080539 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC6258FAE9F
-20191022080552 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC625A1898B
-20191022080620 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC625CCD3BB
-20191022080644 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC625F373DF
-20191022080653 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC625FE7A37
-20191022080713 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62618F277
-20191022080742 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC6264B5263
-20191022080848 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC626BEAA8B
-20191022080900 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC626CD618F
-20191022080911 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC626D33B5B
-20191022080939 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62703D917
-20191022081024 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC6273B779B
-20191022081034 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC627427EAB
-20191022081413 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62802E907
-20191022081751 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC628B7905F
-20191022081834 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC628DBDDF3
-20191022081843 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC628DD29D3
-20191022081901 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC628E650F7
-20191022081950 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC6290B1487
-20191022082140 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62959CDF7
-20191022082225 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC6297568D7
-20191022082400 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC629B7AC1B
-20191022082607 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62A2EF923
-20191022082624 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62A3A2537
-20191022082651 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62A50145F
-20191022082739 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62A77164B
-20191022082909 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62AD303A7
-20191022082923 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62AD5CF33
-20191022083101 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62B343BEF
-20191022083132 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62B47F117
-20191022083152 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62B53A7EB
-20191022083332 2 6 100 2047 5 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62B9ED527
-20191022083541 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62BFDF373
-20191022083653 2 6 100 2047 2 C66D2C1883042B443CFE0A10A9DE4F2120CB375E93A50CEF11ADD1B8F8ED9923BBE9E231DDC9F241621E6FC0DC320B783086E419F0D746394CECDE3E7AE09E87956DB1ED4E517A9661F6361EA745ECB5841BB8B7A12AA7ECE0CB262D6462AE527E1D4562DB853E712CAAC8971C17A3D4D3A98187A3E78A0FFBF46C94A4EAA09CD4E81973862E8DE4EC5A64ED78C4524300ED4727A365FFE41F5EF11325038F788DE6ECC6B93D77B6435F333AED77FFC5EE20D166E9766BCEFF7A0399601CAD4E1D746C59A5C0775375F76F2CC92F7222854A179902F3F324AC56996CC6AAA3612051EB7AF7EFB3F199FFD5A0661B6B8ECFB8E71C256DF5275B932FC62C3DC8A3
-20191022092407 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA50A338107
-20191022094427 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA50B5A745B
-20191022095026 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA50BB26CFB
-20191022095757 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA50C22C577
-20191022100015 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA50C3FB8DF
-20191022101519 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA50D2350DB
-20191022102519 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA50DB8BE5F
-20191022103601 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA50E50FDAB
-20191022105902 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA50FDC58C3
-20191022110723 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA510777B23
-20191022111301 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA510E968FF
-20191022111931 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA51168241F
-20191022112616 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA511E89D1F
-20191022115052 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA513DB748F
-20191022121302 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA515D683FB
-20191022121526 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA5160BAA4B
-20191022121542 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA5160BED3B
-20191022121601 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA5160E3E63
-20191022121811 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA5164A2E73
-20191022122332 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA517055113
-20191022122412 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA517133383
-20191022122637 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA517638283
-20191022122836 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA5179FD6A7
-20191022123100 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA517EAE913
-20191022123327 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA5182B9D27
-20191022123424 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA518407A6B
-20191022123511 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA5184FB45B
-20191022123600 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA51863E15F
-20191022123622 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA518664AB7
-20191022124625 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA519AC1C6B
-20191022124824 2 6 100 3071 5 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA519E8D89F
-20191022125143 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA51A5644B3
-20191022125456 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA51AC223CB
-20191022130231 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA51BC05D9B
-20191022130435 2 6 100 3071 2 D00135D249B408C9C43A9853424ACA3EDF29C91A8760DB5CE2C29A213031753FCBF3A8892770E231C072CA20C6EE29FAD67E50456D8E08CEADB2741F25A802DB85BD3A1F2DDEA57736D8E19AFDE970D9C2345E6A0B734D296DA2773A565F509DF0C637A2611C59D93E22F88D1600FD6798D6251F8F6F6AD12654A7DF7DBD559F4BCF140BBCA454F23F75DDF40531DE17AE102D98E69CF4A027E5614C2ADB4E724F41EF72C6C54F5132379E53787F916D1164FF74EE411A513515F4BE5DC64712B0E786A690520BA4ACC7B4F95CDCF1D39F5D41D8725FA194AD1CDA0604F67FA4C30B342FF8334DF973090113EF54EC82BB7184356A5D076CCEE598FEEE728A9C6DAE101CF412CCCF320F430CF1754E10D24F876B11DF347DF662E58EAF1642D7D4ABDE5F097EF9C8EF567D33D11AA7F7C8DCC6E2BAA2702CF21832F33215A8B4D8CF5026FB71C4892B7D57F692EAB9463FE4BA79DCE00442BBD41F0E539BFDF58151B295B4B52C43EE071E0DB45EFBCF7C2402C2719283B2188A7BA51BFF7E23
-20191022130821 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EDF6A052B
-20191022131106 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EDFBF6B4B
-20191022131309 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EDFFDD323
-20191022131339 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE008716B
-20191022131426 2 6 100 3071 5 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE01A5ECF
-20191022131921 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE0BF992B
-20191022132230 2 6 100 3071 5 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE127F08F
-20191022132941 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE226E25B
-20191022133745 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE33AB123
-20191022134534 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE44106F3
-20191022134625 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE455482B
-20191022134720 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE46CCF9B
-20191022134822 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE489D84B
-20191022135012 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE4C1DAE3
-20191022135216 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE5043D3B
-20191022135757 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE57878BB
-20191022140734 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE6BA655B
-20191022142332 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE8EAF59B
-20191022142420 2 6 100 3071 5 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE8FD9DD7
-20191022142754 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE9733DBB
-20191022142817 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE975F4B3
-20191022142942 2 6 100 3071 5 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EE9A37157
-20191022144132 2 6 100 3071 5 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEB21454F
-20191022144147 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEB22B7DB
-20191022144244 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEB38090B
-20191022144542 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEB95B34B
-20191022145051 2 6 100 3071 5 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEC40A7FF
-20191022145134 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEC502BF3
-20191022145406 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EECA2580B
-20191022145505 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EECBDBF73
-20191022150136 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EED9F7463
-20191022150745 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEE758BDB
-20191022151026 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEECBE16B
-20191022151204 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEEFDA69B
-20191022151244 2 6 100 3071 5 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEF0D0497
-20191022151301 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEF0FF43B
-20191022151431 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEF3CEEB3
-20191022151535 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EEF5CB1A3
-20191022152032 2 6 100 3071 5 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EF00699A7
-20191022152057 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EF00EFCAB
-20191022152637 2 6 100 3071 2 DF2C9C2AE196431BA2F72808B4B3BEE51B068BC569BB83E2E500DF23BB7A3034053999EC562CC1DD8064F2F026E557D069B42670BD4AEFB0ABD18C6BEF70FA0CDC33A59CA1B4E92576A87A81140834C7F8F6BB3BD3C0B1ABBC39E3F85348B097157EAB5115CDCE8A1274D3E95A1A77A0FF34C11ECBCC54C0B95F2A37FFDD00ECD37C74137358475F72FD37B6580DB272E469D382B7A22FBE9859E8C5CC42CCFE2E2E0EF51F90697E0CE7459FE037B8870CBE7C636160F98E6B3FD98EBADC5749E1DFFE5118C757886D668C4355018A78E76593A4268D5783507A31A12625DDE4DB30DF12233756F3690681E3E91BDB2BB4D36A6B1E77F23C7EC39B57582203E4FC4AFC2AAB33D10BC4A1EE6687A6524B9A0BA6ED3347764E880FBB6B645EF091E42567813FA31A97B39F185BFB303CEC2EAE412913351C926B3F14A5EAE1CEA771F333374DA7CF83D16C3048367B05432BEDC88DF66F92D8942ACED0E83E804B8CFE8A75BD9AB504D09B286EC7FB175A2A6DA848CD7AB3503877077EF0D0F343
-20191022162825 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D813960B5FB
-20191022170230 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D813B823183
-20191022173749 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D813DBE76FF
-20191022182715 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8140DADF3B
-20191022183421 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814147138B
-20191022184621 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8142020493
-20191022185705 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8142A5D767
-20191022190031 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8142D4B05F
-20191022190457 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D81431290D7
-20191022190552 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814318C56F
-20191022191638 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8143BDC2DB
-20191022191758 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8143CAE497
-20191022192300 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8144142F3F
-20191022195622 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814632A81B
-20191022195854 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8146547CD3
-20191022200200 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D81467EFE3F
-20191022205134 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D81499F9BF3
-20191022211317 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814AF7C2DF
-20191022212155 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814B7B777F
-20191022213552 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814C560507
-20191022215648 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814DA0CEEB
-20191022215902 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814DBD146B
-20191022221214 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814E8802CF
-20191022222728 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D814F6F35AB
-20191022224558 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8150919C63
-20191022224953 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8150C9F1CF
-20191022225735 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D81513C4A13
-20191022234711 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D81544BEA1B
-20191023000745 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D81558FF6DB
-20191023002021 2 6 100 4095 2 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D81564FD2C3
-20191023002706 2 6 100 4095 5 CC199B2E429DD1809E193696BF0F2AB45FFC1E077B916F4E9E453876787A644C71CB859FC28B47CEA27D037E3B1F36EE8F5ACFB5D7315177F67A65CBCCB359E658120697DAFB3695C560A2693A7F1D7B22A1F8DF14987A2615D3E2E2C99232DDCF03F12248975CF039EE2DB522CEBC0391B6AA2CC7E45866DDC19D62E6A835C8347F6A447E6A6266DDFAD3197405E66C932E4A1213186F67F843E1962FD311F97062775E1FE9D0DE2525187275D01694AD66E670A40BA284BEE0FB7C64D1A79C2A18786E819FCF996631115EC212F37584F7203E6F0EE60C3963BF148A288D68B2800AF662CBBCDF8235A8DC206968ED54E3EB7C4D233C98804AE2A70DC47E995535F98C0DEBDBFDAFA8E532C6EB998925A0EEA652957973DC7643B1B5C66FF2D22C3205E96D67D1A67D2EBB9AAEC446A29EB0687550F78C18A398422EC07954B9A730FEDBAA0AD5ED90BB892C80A77AE5D27DA0DA0D3EC3075C10C86948F0B3D3DC2393673B226A3F6364DFF3D027B38BA51481461C1BF5F3C3FFBBEEADC882B5D0F4C5F59D977AB6E00A25066D8BF473481A1EA441A896D46C829DB1A489CB09FD9E1B1D09B4F1B854041583FAD18D6D303487DE1DC89D87F599920FA8EEDD4A3B64A520C3EC3AB670E93C89D0D43BC858FD991A78DDEBA72A5998DAD5AAE0123FF9E0F2E344C42E5581FFAAC36E54644B1AC1C021A7D6E9096D8156B28D27
-20191023011355 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1460883F
-20191023012442 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1509A3E3
-20191023014214 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1620E157
-20191023015245 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC16C48533
-20191023020841 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC17C54673
-20191023021754 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1857058B
-20191023021829 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1857094B
-20191023022432 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC18B12DFF
-20191023030433 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1B390A47
-20191023031027 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1B90EEA7
-20191023031756 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1C00CBAB
-20191023032601 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1C810F3B
-20191023041220 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC1F6D731B
-20191023044241 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2154D00B
-20191023050540 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC22C34F7F
-20191023053137 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC24636123
-20191023054409 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC25224B73
-20191023055524 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC25D1FFDB
-20191023060757 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2694C58B
-20191023061045 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC26B834E3
-20191023061921 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2738F1C3
-20191023063046 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC27F1807B
-20191023070045 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC29CDC52B
-20191023071942 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2AFB0F2B
-20191023074553 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2C984AAB
-20191023074939 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2CCC9613
-20191023075554 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2D28BCCF
-20191023075639 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2D2BA71B
-20191023080618 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2DBACC87
-20191023083736 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC2FAEE4A3
-20191023084930 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC30617C97
-20191023085843 2 6 100 4095 2 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC30EE1283
-20191023090057 2 6 100 4095 5 E742CC22AC8196AB705E8DB89387F5DBFB15A97C6B3E188CBD4C792BC874928A0148F33791BBFB4E82989EC1F4C5C4FBF002A329190728BFC02AAFD8218102045AF53F8650CAD3E6B98544A1567576B26AD72F6CEBC0F7CF15EB5A62D4678A0E4A0AE868F759BAA31EB27083AAE879248068FAD7FEDD7673689E4C22010278DF2EB37E9FAF353C5A66F0B5916A9812AC91B581B0428D5C9A8D4CEAEAE5B9D11BA3692EBDC9D86C56B0F44CC0771ED405915ED4253A19F58913CB84758666F7D533E2C52E07B06788EE3AA292C9EF6A6183411892166710781DD188F88BBEECE87F6F1CFBADC954D7061B9F0F5F2C6A7754498D868AE526C8F440D1BFAF8F70059A96760EECB594F9518DDCAC1478FAF387D0703A4A57D1A66701076FA15F4E7E9BC6B0407DA00FA1112B6BE13867669FB21F8D8241C11252ECC5F15816FBC447BC0DE3089629EC03B4F14B6D8C12EA1884379BED5C4B39BA1E3D07BC6C4B5295D4629B5E2503C4775B944D5F2617C4D95527E79EC7EA2CF7E116A1FF95EEFF00A79ABAC3D35524D7C64B8D4199381BFC9DEB3BFE19E0AEEE9B2B864FA74F8C478EE5B6693DD7B6F1E87066EEE9CC0E51F9999E0EC914D96BF86958F0ABFDB6EEA5BD347F6A91C6F4FCC4785E924C76979D0309DABA023B44E4AEA5439696F501D58ACE247D49865FAB169422CAA151DB57A5C4EFF392E56467702ECC31091E2F
-20191023150040 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44442FE9DE33
-20191023185353 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444434DA83FB
-20191023202543 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444436C35ABB
-20191023212301 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444437F75207
-20191024004920 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44443C4BC217
-20191024005456 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44443C62147B
-20191024013830 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44443D4436C7
-20191024020328 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44443DC27DCB
-20191024022030 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44443E12DF8B
-20191024041749 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E4444401CCD8B
-20191024071132 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444442526417
-20191024071851 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E4444426F0F73
-20191024093118 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444445307603
-20191024095518 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444445A39BD3
-20191024150723 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44444BF198DF
-20191024180500 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44444F817E93
-20191024182834 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44444FF6FAA7
-20191024190019 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444450947417
-20191024190629 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444450ACC83B
-20191024234818 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44445664815B
-20191025002527 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E4444571ED7D7
-20191025090114 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44446188A3EB
-20191025105729 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444463CF6B53
-20191025125212 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44446611F15B
-20191025133454 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E444466DDD74B
-20191025164443 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44446A87280B
-20191025173652 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44446B808D0F
-20191025182518 2 6 100 6143 5 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44446C72A18F
-20191025210336 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44446F8C312B
-20191025210946 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44446FA296A3
-20191025213641 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E4444701DD76B
-20191025214012 2 6 100 6143 2 F67B301557C55AD46F6DAA869BA8D47C6F0427967EA2FAA689023BE705A7BE78E0F15EF3CE6E1987046EB157869E4C7E9B8956C77298C890B27625010664B31A3C2D4108DF8C107452C5325FCF42D35352C5266216132537F79E9616490BB1DAA074F6FE115C99BF54BA7F1376DE63D03548B97DA359494AE445FF444A315672671FF890B4042CA45A76D1DCEA9F1B7805A6A041A0C7B034818030D63D48873A210A7F7BBDA29E2E659CC81FFDFA2C5DB73579A55DC72C97D81490D81E432222566C75B7951EFDFB69FE1411F6A5D3184D9506847EA5C4FDA3EB48A02ED763C1943A0CA01BC097DA347A1E7C0B2D2856E101EEC5718B7374148D9C31AEA79593C404A0D6F623A38C893B7D2A838DBF65DFCD08C4EE41F168928339CC53DD56D80606F865EB4A188F69AA6B4B7E8D66F87B76F75C420DD5CF015A46F6EDED8F173FCBF541AFC74615A2D088C366966F504B185AE363A5A61E327CDE1C95DEA36A4B371D92D757555FFDC51438254C94B4F0BC14D7F5C7B4214F704BDC4900E398A8EAC4A5AD3EDA128CEE6F7F480E79F4090AC08195B58EF86DAFA09B498BD8BCEE3D4E24A947DA115B1971725EE052502826583E92B86333D938A30D95C4C2DFBB29EB9092C282C86D2FA3D738BAE93B1A2A3A9A86E4693C5887577E5B6770928111BB4E4F58F9CA1845FEC6F92337C38483E6DBEA1C05986D7350D1C4CB9C5C5C4FF9B261C8F8B4A543071118A58B5AC46EBE92808B17C740B7EEF556F5258F576E50A3F2890BFBE4F29DE83A1984453D3E1CCCDB9E5C90846FC222682F51E1F3C12F51127A9B42F9F7B90C5DECC63F2C53DA5162B14BFB3ECC1D872D035EE58A3927766CCF3BF9A87B03B1E2FB87FE265B77B41FBD397B12BEAA86424D14440B5896E47A6867D054BDAC00C2DB7AB2BF882F07C7B6AC98CC9937E5ADA6AC48C65D5929E614CD71E72EA57EF5DC6B5BF464629A6A3DB4739AA760C059846C971E6C1AD7260622B450EBF395D2E4D0A554DCF3683A3AD6870838CE795435971B6D9380091F17470348F56E4E8E8EB660E60CB4F20BF89DB8B71E44447026470B
-20191026005042 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E05623363
-20191026075212 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E0E59DF2F
-20191026134748 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E15C2570B
-20191026141044 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E1634BA8F
-20191026152621 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E17BF036F
-20191026153744 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E17F17297
-20191026161846 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E18BFBD0B
-20191026183157 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E1B69DDFB
-20191026183823 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E1B80AE83
-20191026184938 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E1BAFB703
-20191026215453 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E1F57BDAB
-20191027005434 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E23020867
-20191027042709 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E27606193
-20191027062047 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E29A86A4F
-20191027071632 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E2AC3EFB3
-20191027092825 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E2D67AD13
-20191027104355 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E2EE2E4EF
-20191027105052 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E2EFD8C0F
-20191027112952 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E2FC1013F
-20191027134854 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E327D6FDB
-20191027141251 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E32EE5767
-20191027160720 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E352B49DB
-20191027164412 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E35E01D13
-20191027165524 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E36100063
-20191027184917 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E382743F7
-20191027205847 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E3A93CA6B
-20191027210626 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E3AAFB96F
-20191027211813 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E3AE1DE63
-20191027213244 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E3B21B0FF
-20191027213714 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E3B2E39F7
-20191027221420 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E3BD9058F
-20191028002356 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E3E45B4B3
-20191028005652 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E3ED864BB
-20191028014800 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E3FC45A63
-20191028021443 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E40396033
-20191028041626 2 6 100 6143 2 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E42827263
-20191028054443 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E44349037
-20191028102149 2 6 100 6143 5 CA8BE2F0F45FB0E6A14758704CB3E994D1CC39121A04E6441CD99BB5147478C39229902EF283CD0F2D7E51EA756E65DF0A2457307EADDDC7715A527708C8EE041DE44AFE8BBFED0C5C7130EF8B89E817469B9768C6C9016C6AF5CD9E6F8563A1837747B61D25872F44D8482C5986C5322ADC7CC68FC4EF025E2CEBB933E78CCBD70E4D223DA4F5F6683F2B7802088333A51F0CEDBA0D15D3B31637778A0F86BE61FDD1392F4CEA58DECFA99D5087F31B753180FBE456959CF7615FCE40B34D0C188B1011C15882B3F62AA4BA89B240B03F285AB0E8AF85C1AA68A127C567E9784B04CB2553AE64CD42BD90F234A86A6D75A2E4EE81343128C786F878C21F60BFDEC0620311448953945CA88637C98E475CF3195404FE19208D6629CCBD307B1B79222A9BCAD27953104E4AF38259A6C2136F82A3A29D339AADECCC09C02ABC0D42A3203CFE7894A1D3CDB5E9D5A7612845279E73D7CC6C7D4D54C2C0AE19C3D1E20354765954DCE9CF70F3CA106B3DEBA6BC882C2575297AA4B98C8E42D8FBD80DDE92F4BF375DD9238AE28337624BCFC76ACE419713B1F7F3CA35D4F9A5565FBC921890A7D652C91AE7E8DA2AD289CB6616BB0F7D3DB181DAA2833F329B38C8E85BA87E19C734C0B77855D89913FF6C527F758FFF3CF33BE405C5C64B1E57E0F4F7EF042B06D871F1AFA181E51ED505622E6FD466705756DE48C81BE86748E337F6A2032C35A88A364A258F39830998AACFF3FA1ADF5960D62FC3D8AFFEE1D7D812F0049EC558DCA9644ED0A7A8BFAB58C2238346F357F6D8649105FBD1C62EB6D3E59E6B3086AEE1BD4C950535303FCE17EB74B764F6D77DDCEF05BF931228DE728001136B56960482A757E3CE14B920BAC72B5C5280EE99BFD689A2439778482A2333979F82987B8C1CA01D894C22CB4321D80A09C164D24DDEA39021F2A6E465138862ECECC2451B83A9478C5728D5FBBDCE0233792B5A27BC7E3E723D12AF6D4A5F6561179D0B6EDD3225F3A80CA5B265672647AA0E4EFBC9DB202632E18B23D57B86AD545668A9B09791FEAF168EC99BAD63ACF8D29CFB4C3E48BF4367
-20191028204729 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C56962C57
-20191029074748 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C5E6F0DD7
-20191029104921 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C601D891B
-20191029115340 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C607A9FFB
-20191029123325 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C60BE442B
-20191029222629 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C677977AB
-20191030071819 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C6D9F6A8F
-20191030072920 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C6DB5BB43
-20191030132209 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C71C9F707
-20191031002135 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C794F4DFF
-20191031064758 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C7DA1F51F
-20191031135153 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C8253C3EB
-20191031201815 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C869AF937
-20191101055219 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C8B9A2CE7
-20191101065855 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C8BFA04D3
-20191101102927 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C8D496B7F
-20191101162017 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C90C40057
-20191102073643 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077C993C9B5F
-20191103030038 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CA2EF80F3
-20191103040704 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CA394AF43
-20191103144920 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CAA0B72CF
-20191104025539 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CB128D89F
-20191104104258 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CB5D65BBB
-20191104110623 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CB609F2DB
-20191104113147 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CB6451277
-20191104123416 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CB6E19D8B
-20191104181953 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CBA5B05EB
-20191104182450 2 6 100 7679 2 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CBA5E4023
-20191104230444 2 6 100 7679 5 F606CDE6712F7C0B69FF0872BAB21EBEAEA36BE53D9E03097D8FCE89594F90ECE8E7F1D6CF9D78821617B32D0D7EE46D8BE6EAB108638001AF1F99329DE3588362EA7677FF962ABC2E4B8CFEAB07C8C88774BE6DD9DD6178CFF6A93A51287903937C9E62F060DA0615DCCB8AFE87A19B185B5B85CC3D6821FAEB3D760AF97903A46B12294F2CDEACF50EC055D68FF2DF84EC8355C0D27565AA1CA5F8517E9ACCAFE804EEF55C63B1EAE4484F821A0B92B9E68EB8A894BBB168286BAD5CE14CC2554424585B15DD70D6CE9F63DAED7F902A818B0B1BC303BF059DF20A5D382610F06676243CA0D30C544F5DE34DC983EB51219B268BC0502423BFA9C03338790B480C61230CE1558D500061057F75DCA5E8509DA30A3BBD93CA0E3D88C8CE0B78FDD9E2BFF8F3CDBF7822859E95F9B0FB1F9AC9A89BD44BDFF8012595DF79639BB49A82410F9EC687B50C5456BEA8B477F7BE5027EBD2F3FE3CEA491DF200B7667EBFF889580E47E89DCC13B841BF958FE7575D8DA4BE8D4BF9EE9908A3C8A3F110E477BA188FE1AFDF611D2E0C8D733DABEE52AECC818530C6C92EE28E0CEEEAF2A984C89F7574B5BDE62FB29C4A232642B21BF5ACAF8D6385CFF2CD4B97C48CF5080229EA4EFCAA046787630A134726A7F89BC0AF4DBD09B9BDAC79CDFD8307D39188A59F9C7BB89B45DBFCF6B3AF44A7F3F2A770DB517F7999E4EBFE0FF6F63C91BA8444B666F2300101F91ADA39012DAA4E1E96C87F1F55CC4D663FC455F57E226C8A1A53720BE73B71ABC6DE64ED339A67F883648CC507DE479CE1ACED66FFFE06829861F40E681B333A1FC00EBFB64512ADB25593BFEF23494D70A70478454DEB92ECC86485288F3FF5DE146AA289C864AA55643F278A3E20DF06CC818AA4EBEE29347131087436C57F82693375B776C1EF5D30E637684DBD17EFE4BBBBF7C14DA4FE4BFC86150553D52792D08C2A5EE35916CCBB3C0718BDD3F631B2458DB029FE32644C190492F7167E9B776793FCA8FDAF35084087FADEBA654ECDC24EECADE28B0420A1152CEEAF14628EF69D516E6074D022AE1E3B9B5260C61978E03CFFD8B61087EDBD2A09C35AD250E3265D72D8B12B4F33F490B417118CDC531349C1EA65CE5FC69B712D4228BC39141C7D4871135157CFDA899ECA2AF93FD11DAC3C5F7E77A9FA6B51092FA5F19A2A087EF03F6D2BE7F669F8E1BE72884AA6581CD90CE74141C5B827B3EB04D1F157549B9807F1214A95D5F07FBD3E47A8413EE740071F456B3780CE2E4F48CC2E499A9B4CCBB4B3D363D1FD73AC4A32F83E673AA460A9CF140994664AF6029B0113F522D45CDBFB23EFA647077CBD2DEB3F
-20191105091836 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E0D0129FB
-20191105100933 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E0D92A647
-20191105234826 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E171AE8D3
-20191106052238 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E1AEC5E43
-20191106071634 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E1C312BF3
-20191106092936 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E1DAE275B
-20191106120421 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E1F6DBD13
-20191106122445 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E1FA1E1AB
-20191107014126 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E28AC4177
-20191107144145 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E31696647
-20191107152955 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E31EAE00F
-20191107170414 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E32F54973
-20191107235721 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E37818C57
-20191108191832 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E4357C06B
-20191108224321 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E458BA9C7
-20191109135352 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E4D13F4BF
-20191109143346 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E4D7EBEC3
-20191110001842 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E542DA06B
-20191110175307 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E6046F9BF
-20191110192342 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E61370307
-20191110200757 2 6 100 7679 2 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E61A90673
-20191111005215 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E64BD2F0F
-20191111221634 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E728AB85F
-20191112130746 2 6 100 7679 5 E67A1BA3549A22E8E5008979650D6C7742558513C6C407C4B9CC87E394E8BF9E5DE7248841813BC72DE6BB56EA086A49C69031D2521204BC8EAA0D85B4F2016A4423BF24CCC2A94B7385325A11ADD338ABEDF6B7C444870597F9B05411942D235EBA9CA762F7F2912C1540063C167FE87E0B38B1A4EEC9FA5096102F114577F8D335448B6D6DB022890A33E378EC2D70BE921782CFA0477575E3D867696F5367011BE83025E30AC6173A33A425A9830BC9BD2BC66F561A8906137F68F4F215EA7D228145E4BD5314FDC950CC9CA61523723A9079E728368A6A96193AE3488D48ED7AD61D5B3EA5E4EB6F599963B6B556C0A1D5F174EF0A99F422E665703A6A4FFC588C73DA3D07C287CD9AC5F1065FFB3FE20CCFDEDDC9BA9A39431A2FFA1F94E8B7A3EBD6FBF64BDF9A9C20577AEA1436F08DEBFBD4FB34769DAB061F7B5661E0CB2E5159FF553D7A1E25C4550725EDE6661B633D564BE574FE007177D8C2A54541780D171EB4D2C30768099B2B8F4E81DC8E9A1DCE9BCEE9E23FE7A6854C9DDA08844559A6622257C856BDD221A29A298F840EABECB4D38013FF3403C634C26FA057BB9201D96E0A7D0C07492D7455A213C44978144BAA88804F5DACD544F8F3213F31B552C7BFB9561E63E8E9CDAA1DC427DCB7358C6ADC03B433413C605C34355DFCB2A32788D1D52041957C4C9B5BA9443DC8B6D1E4F0980C4E81607EAADB26D4352BD5823872AA7496A85242A6FD50FEE7DDA4F920ED3A42FAA475936999A5CE55B96F45637AE551335237E71C9C4D8884ACCFF1A48D02999BAF6D38B42BCA344087BF1A43479C10D76E86071D2DF1D68C2E785B5C1B327EC5B112989AA5F605CC3435AC904760EF369D29BFF2C2B754ACFA892A0647588AC306B5CF44A37EDF22E063B42726EF05EF1B2DF80BE136844F0C7CDFD57FF68E66CEFF27D92C0434F292242B086E2CED408973644E9CDFF0C22462400236FD87E03AE69DBBAD4AE3E2213A8888325A16CC3A83A092D1DFB22CFD7AA5C071016862FEAE4735221C4F5F062B6D82DAA38611B0EB0E2C220F2817C50D4B886C0B408D0A1CB00A0E9F4F3CAA9A1414DFB422DFF4309CE6EA70E0AECDD2AA7ABEF84FC207C8DAAC4B5C95DBD46B954FDBE7F0B270FFBD704E7B542BFB87B231F0805AE6D5253C462C0A43B8E7AF7030BA31768E68744E51EBAE8271242834A9CF88506421B918510AD3710395D58A032D176C45FC935DA0510E88F807B7D7E2129980275B0786859E10E849B5C1DC2EFE247398362F2E868162E7BDF241B3749ACDB2BCB2705026F0A40F6E2A91348DFF8CE4FE28FDAA47AC4A5E45C42FC9A4676A0D8E7C1545A7
-20191112235240 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C09B051E7
-20191113080333 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C0DFA4497
-20191113172045 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C12AC18C7
-20191113200551 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C144987EF
-20191113222215 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C15AC15DF
-20191114105339 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C1D643593
-20191114122810 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C1E6B7F8F
-20191114130017 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C1EBA7C07
-20191114145117 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C1FE5ED4B
-20191114151102 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C2010EB4F
-20191114175356 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C21C7632B
-20191115033149 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C27E226FB
-20191115034007 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C27EDDB17
-20191115161656 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C2FC179BB
-20191115163508 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C2FE8BBD3
-20191116013312 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C35152223
-20191116104137 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C3AB548F3
-20191116131152 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C3C3644FF
-20191116180544 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C3F1E201B
-20191116195637 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C402E471F
-20191117014351 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C42FE585F
-20191117195700 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C4DBF75DF
-20191117204232 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C4E2912E7
-20191118131732 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C54343CD3
-20191118210639 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C57F77453
-20191119125926 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C6021DE6B
-20191119132613 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C6059AE27
-20191119133140 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C605D833F
-20191119133605 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C605F151B
-20191119174042 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C6292A3C3
-20191120093944 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C690A0B53
-20191120141650 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C6B4934D3
-20191120221735 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C6F3A553F
-20191121110820 2 6 100 8191 5 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C75814AB7
-20191121112452 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C759A62B3
-20191122050747 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C7E3D2D43
-20191122111758 2 6 100 8191 2 D57E3B56BFA7F8444B8BF4E425C7CDA8AD8013E4403F9987C70B1B973D9478B38CD2759C98B9E195EE06098BAF739F101F8290E0FCD9DB25C5F5502A90F748ADB2AD6F0A40A38FD44F2EB548395B070B31A81216B1A2B7A5EAE6186C57C6BC574D2428BD62871A3AD9B54E6ACF35DA9F56F2291472A90BC400196FA4B033AB8D3A17C3023E5425052B5222A2755B6F7D4CEA80EC6F2BD26B72A76E37C880651AB32EE51B86B90D23B02290996988BF8767292883CCBE693A8FA065D1CE6F8496F8D3DB5661006B0180F9C020278CF96F36D0ED9242A5139FAE3E7008CCDC9F962338A7B8D41873970B4BAA183B633FAA6E5229230100F9BBD0927B4423F9840DC0544D83798B16C114C6929AF89C0797724635194B25BF53107CB65713FB08214AFBDC05AF993C3F9CFE929A92A52D3C97816C667EB79F8F26F619CFD41C1D792C9BFB825E473E510D4633063312625BD91F22E590CFF97CB5DB0AED2784CB15683C5BE6CD73201F42CD7FA28019BB60CFD088B5B2AC3CCE1A96E01167E0C5042AB744C50230CB8935BDCA020BE2A20E00CD04F8BEF55B64B1E8064C149697C1D313872E29E29931ECCF7130EDC842F44A72B2847BD5C2E438E462E28B47E11235E892690391296FABAF2FC029FD508F71719553335248746C578AF4CAE7AF768D51A5AC6E3D996A3DE66A801FAB6B8E80C66138BAB8167518FB1C50A7BEE0D5001E6F01BBCCAB83B0C43FE8103B4FFEC26CA4C820D4AA68FCDE6EECB04E31D87F3D9CC0C195B74E06F1D01CBD7E0F59CAE1FE3AB92E3AF215A752CFFD564D5BDD7853C85E129CCC25B1052A6A669BCF0AF862CB9E44B360E2BB6623DEA2160A76B9679BBA4B62C698DF07D7E042F4DE85A470832B1D7811B4B0EBDE0A8BBEF1F3F57A7CE6E8A8C4E44CF6511602824ABAA41D7F74CC2037C8477549D00A6A69D3F6A93EE6A9B2565FCAA26FFCD7A0097F6F18DE8D80533F8EAE28589EF4381B3AF7E95F183D2FA4B15AEA21BD1965479B0A604508E14DB4CC0D9288F5062D3DA5C33B0295F6A9D9F1AD935AA51C0F7811D19FFACF5514E9BF5D5A545FA318CC5F6BA875BEEDB9E4953BB2285D391E12AC37DD0BC41871CC9D74D546EABC0B20243685633BDA2020419C3DBF7E945D4359DCF4531C7E74C1B0058C6248E4FA9FC87E098A393DB2691EAF0AF4CEA5F6B5AE6175A3EC913A6B2E92BAB9CC9050F765EAD13669CD564345AD9E1BDE7994C792BD01DF349D1D3C72E3FD3EE91CA3372093B6870526BDE5AAEF2B4E0CE260D37CC479EC8162650FE9FA8677DFCCBDB74EE3872F248780F4197D2E56681B04327447DB13AF873CD3988C2B700E1BEB238B644DD53D814537324B83F47E32D891DB4931B4829B53B3195DDBF79780679FAEB0286B451A7DCECC22E949E9A38464F41F17E6AB426337F7ECDA9C8060C9F3
-20191122234859 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DAF157FE93
-20191123201736 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DAFCEA8A33
-20191124005345 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DAFF68AA23
-20191124051934 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB01DD44F3
-20191124175034 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB08BB417B
-20191124192622 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB0982C193
-20191124193739 2 6 100 8191 5 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB099260CF
-20191126025656 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB17A0CF23
-20191126161223 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB1EB9E26B
-20191126172830 2 6 100 8191 5 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB1F5ED407
-20191126180617 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB1FAB6403
-20191127080548 2 6 100 8191 5 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB2553EA77
-20191127104644 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB2687A623
-20191128121203 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB33239063
-20191128204858 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB378CE753
-20191128233841 2 6 100 8191 5 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB38F8E4F7
-20191129040635 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB3A6C67AB
-20191129112243 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB3C63FFFB
-20191129184106 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB3F9FFF83
-20191129203059 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB4088D083
-20191129215650 2 6 100 8191 5 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB4136E127
-20191130171835 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB4AD7F26B
-20191130173733 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB4AF317A3
-20191201235534 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB56C3B47B
-20191202030655 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB58188EDB
-20191202063054 2 6 100 8191 2 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB59B534A3
-20191203125547 2 6 100 8191 5 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB685D06E7
-20191203140741 2 6 100 8191 5 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB68EF9D27
-20191203185147 2 6 100 8191 5 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB6B3D290F
-20191203211916 2 6 100 8191 5 F4ED1ADCB74B5BB2954322A6646A37DE50F1FEB9359C83B8837A73263FE7BE52044678EE53D4CDB16268F07754FC0C29BAB897CC643E127AF81546E061B8A0E9B357E710DFAF666BD09AE898B40EBCA5A9E77A530CC677B5D019AD2D0292733F496B0624F430F99AE1BB8AF400D2A72CEE17CBAD9C3E517D80039E6A7F6588319FF3BE22BA517530486A4F10BAB6281FE724B0B0FB785D9733B7095245355226D4B653D3E4F7AAF16E63E523A1A6F092919882203281A2A348BE3F5B601C7BC1C35057B021E8916C71FCCFF9A694D4952D89BF0502FA7A1F044B9062514B636A10510DCB953F46596D592887FB782FD24C44A2C4CF4137986A219DDD909BB34A05719DDA26B402302BC6127B46DDD2F93B6E1155BC4F994F7FFE58E5FF3A6688FD14AB60A9DC804A88871236097275E7D47F71F8C9CDBA687BA04E9E67147E80C56FC04184D4F8BC3F1B8CDB659D99D6B8DA26B954C0315BE6552F27DBF56480A3DDCD88B9C5AE487A903F3EACCD53CE09C7D96DB5E77B57123B81E684D7E3AF19AAF7FD810DA177481EE4FE6323B4FBFBBFD694AC14BFBFFDE6416ABB497C00FA56C29D440AC8E7B464600BA71E814BD25F25BC79628F61B01E5CDB5313B31CAA4EAC88C5D9BAA91FCB3CA0C2F7AE477C17B63033329967E6C92DE4AA47C5A1D376FF71D8B88DEADAD8E7D6549DB04F92EADF16047909D5A11E4AE819194D4B11B242990AD47A1CD55CDCEA6D58496899713D410899A744B81E3890C745DDC916ED878BCA835A278E4C95198B06203DFC9F01124F2C77A392868360410D7AC4D5A21A615480DF3CB2BDB11F3E1D2A0E81C59912563C52CAF4CB71039B3A949EE582A3F5909A7853B15B523BBB798C70B8D9159A52EBF8A433A8C8CB2CA635CEA770AEC861D8BEB687335AA775ED7CDCDA49A0A8B1EF6900204225C00E830026A37805E57D5629BB4B646A1CF435AC83A10E98CEC0F756B7C4F487FD714AAD76F662155E3D755FAF903B26581A7696420C4A77A07F10957D89551892813A0D20FEDFFE90829581D1F1C39863207AC1F1E01691BFFACFF3273679CA8241D77F74CC193170BA2CC33A9E9571FFF86412F892396EE936F5EB58A0649934B98479C3306988264D5CA4AF726B3BFBB24FF552A8C1AFEE336B83BC3070357721B3453A13E37341D01FDD779DC807BBA07F26D3372C58BF5828F1A48F3E4D7CF83E629256CBD4ED91BA03EB00D666C3957196F5034D3A91F19FB3E06DA1293B4635A88D5CD49AE5DFA8377C717865B72F66407A83EAA4F6A7077CAC4C220FEBB74B2160A98051655D67403C15E54C0227C63F95F806A0BF2C57D7522272A572F1FD5761432DB53A9CB91EFE65A3E33E090C913EB1BCF45CB9518D818DF39EE8FA1BE8B7338902714CD2EF0B918066ED0573CB6E347908A097F48266D921A6DB6C6CE027
+20210510040256 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B6F7F372F
+20210510040337 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B6FC9DF33
+20210510040415 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B700C2C43
+20210510040454 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7052E7EF
+20210510040524 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B708A4C17
+20210510040600 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B70CAD2BF
+20210510040723 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B716449C3
+20210510040743 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B718416DF
+20210510040805 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B71A5291B
+20210510040833 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B71D2EB43
+20210510040926 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7233C20B
+20210510040945 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7250533F
+20210510040952 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7255E727
+20210510041013 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7276D7F7
+20210510041024 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7285067B
+20210510041122 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B72EF5963
+20210510041140 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B730BC05B
+20210510041146 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B730F5103
+20210510041159 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7321C19B
+20210510041220 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7341D4E3
+20210510041337 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B73D507FB
+20210510041353 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B73EBBAB3
+20210510041423 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B741F0C37
+20210510041442 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B743B9717
+20210510041457 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B74537023
+20210510041516 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B74718223
+20210510041554 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B74B62DE7
+20210510041603 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B74BF7D13
+20210510041611 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B74C76FC7
+20210510041709 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7534B763
+20210510041738 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B75649FDB
+20210510041815 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B75A664CB
+20210510041822 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B75AAA067
+20210510041829 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B75B05003
+20210510041939 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B76327F4B
+20210510042001 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B7657FF9F
+20210510042024 2 6 100 2047 5 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B767BF81F
+20210510042108 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B76CC8253
+20210510042208 2 6 100 2047 2 C7CE688A891B095F8844E2381248DFAE8FA10F704F18EC478287964C92B6931F4DCEF6250CEE631DC7217BB9BCEDF38B29FBFE1E62C4461F3B4FB0DD872C3D7B1AF59DF757564EFFEADFBCD4529760A9B8F277E31BAF8F986BB5C5298ECF5E0760977111396ACB3782D2F6D91B6059160F28A667B6BD61ABDCFBDA374930FFF31A2620DF9AA6BFE8C2C27E78A8423FDD0DBDAF6D3E52EC80E345D5D64D5F6B20BD8D12E13D415788B69868EBA41360E1C88A25BE04B7E0182284276EC4E3BF2CE45C373C2E43C6B575C2A579209FEAEA885E20C11471DD884942266B9E3847B8839FC2A79F8F1594ADD8A10ABAC9C7881B2CF99D762B5E2E7A0BC52B773A4483
+20210510042307 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DB9689F57
+20210510042318 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DB9759EDB
+20210510042544 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBA901DE3
+20210510042605 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBAAFDBFF
+20210510042627 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBAD1CA43
+20210510042651 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBAF89D2B
+20210510042714 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBB1B9777
+20210510042739 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBB467097
+20210510042750 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBB55E393
+20210510042822 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBB90099F
+20210510042827 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBB9285DB
+20210510042900 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBBCC8583
+20210510042912 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBBDABFB3
+20210510042934 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBBFE3253
+20210510043037 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBC711233
+20210510043054 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBC8A48CB
+20210510043100 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBC8DDC1F
+20210510043115 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBCA597AF
+20210510043209 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBD076783
+20210510043220 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBD14801B
+20210510043228 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBD1D92AB
+20210510043239 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBD28D563
+20210510043253 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBD3BDADB
+20210510043313 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBD5D71B3
+20210510043347 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBD9B7913
+20210510043419 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBDD144B7
+20210510043448 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBE03F6C3
+20210510043524 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBE40DB47
+20210510043553 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBE70EA8F
+20210510043611 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBE8DE163
+20210510043637 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBEB894F7
+20210510043702 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBEE0932B
+20210510043916 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DBFDE81CB
+20210510043947 2 6 100 2047 5 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DC015B74F
+20210510044005 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DC02F7D33
+20210510044107 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DC0A0FCAB
+20210510044154 2 6 100 2047 2 C9E8F5A2E2CD5EF3BA0F9EEC69453B2B69DC4E7B7A250B773348A24D152ED220DDE0084C99D5F24904BA1D98907FBEB17DC1BA0E347D7B0A370A57CE6AC47D0339B639F4BCD0CF1FF1B10EE95513CF3CF9A912CFBACFBB779B4D696778940E7A0D0B43CADC0908358EA85CF8B1E8E5AAEA96BACFFDA93C9DAF9B717717302BEB039E4A17BBC93CE228E9AA9D35D560B3A6F1C60A7FD610D8449C6C0828464FB8DBD3F328371449BCF34FD693927F63F58047FD190B30EF16B45157C7ABCA21347C12BC652B2A4C5024963400DB5131B67D371691C6C27081C433CA7C158CB99F6E4C89E744EA42018DB79D6FF78BB316B700370B813B81112456D75DC0F49F4B
+20210510053053 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86B3A3D47
+20210510053442 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86BCD69AB
+20210510053741 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86C3A162B
+20210510054118 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86CC74307
+20210510054156 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86CD6DE3B
+20210510054349 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86D19E8FF
+20210510054413 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86D2241CB
+20210510054752 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86DB1B4E3
+20210510054845 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86DCDC3BB
+20210510054924 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86DDEE687
+20210510055001 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86DF020FF
+20210510055111 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86E180E17
+20210510055701 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86EF8B7BF
+20210510055743 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86F0C6C87
+20210510055803 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86F1109C7
+20210510060103 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86F7F624B
+20210510060223 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C86FAC18FB
+20210510060508 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C870107F57
+20210510060612 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C8703506C3
+20210510060937 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C870B83A93
+20210510061232 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C87126000B
+20210510061957 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C872490677
+20210510062551 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C8732DEDB3
+20210510062658 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C873531EB7
+20210510062742 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C87366FEE7
+20210510063155 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C874081463
+20210510063849 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C875123D83
+20210510064051 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C8755C16E7
+20210510064226 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C87592B08F
+20210510064313 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C875AB115B
+20210510064513 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C875F0FD83
+20210510064532 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C875F527EB
+20210510065000 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C876A1697B
+20210510065226 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C876F8D863
+20210510065300 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C87707C4B3
+20210510065704 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C877A257DF
+20210510070047 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C87830DAD3
+20210510070120 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C8783E739F
+20210510070516 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C878D7A903
+20210510070822 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C8794BBDA7
+20210510070848 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C8795478CB
+20210510071106 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C879A76417
+20210510071125 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C879ABD2EF
+20210510071236 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C879D1F7B3
+20210510071324 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C879EA4373
+20210510071838 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C87AB188F3
+20210510072228 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C87B417867
+20210510072939 2 6 100 3071 5 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C87C51C617
+20210510073226 2 6 100 3071 2 EAC054F0A6595901FCD8F7F8FCC4BA738ED1B3A5EBCBA6F7616CAF48A071E1407283441719C3FE1C10D43799F3BF87492ABDBF0F3B0662504AE552C6B670DB5F75553BAEE273BEFA160C918C0C1039AAB3BC058505CA05328B198C797296B70B2F5F73BAB292EDE06955F59541F73EF820DC7F4BFD4DE54C99F16A798266472540D8819F43ED29390271A2A57785AAD3B8BC142D7F3C5A179D6E4DE94C37DC0D278807119989836DA3A8DB918A2786D41753F774F5760095306B15AF307D86E6A9681950F2510C3FB3FC39820F216EA08689D085A89434CF3D98EB5ABFFCEDCBD0E6AAFE9C9BE072814730678B9082B5B62CA113D9243C83199C940D18D748D64B929A94F68268C8D5B976A32041580B2BFFD5D5FE21A338F65FB1FC494416BA804A920AEF90353F4924D30183908D2C56ECBDC381446CB0F8F4162B3F9C050FF4B226EBFC86D7DEFFB20445255A836762B18183E9F932B8775C21CBECB9C31B64A855FF4D1B5B77E6EDBC31776FD0AD5C23E53603074C118F6936C87CB8ECB3
+20210510073413 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5861ADE7
+20210510074044 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5964B90B
+20210510074255 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC59B421B3
+20210510074440 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC59F2A617
+20210510074524 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5A07E733
+20210510074635 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5A2EFED3
+20210510074720 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5A47453B
+20210510074829 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5A6E33CB
+20210510075104 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5ACF8A13
+20210510075335 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5B2E9B03
+20210510075857 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5C027EC3
+20210510080304 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5CA07843
+20210510080325 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5CA5F02F
+20210510080534 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5CF54017
+20210510080630 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5D12D9E7
+20210510080911 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5D77D397
+20210510081204 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5DE0D19F
+20210510081331 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5E111063
+20210510081720 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5EA68ABF
+20210510081858 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC5EE2D9A3
+20210510082830 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC60582ADB
+20210510083201 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC60E0CE7B
+20210510083743 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC61BA35A3
+20210510083915 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC61EDA4A3
+20210510083946 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC61FA1EB3
+20210510084019 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC6208EA33
+20210510084631 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC62F8C84F
+20210510084729 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC6317E0DB
+20210510085604 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC6466EE77
+20210510085645 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC64795C1B
+20210510085906 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC64D0DEFB
+20210510090053 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC650DE7D3
+20210510090401 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC6582AF03
+20210510090527 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC65B4635F
+20210510090743 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC6608EE2B
+20210510090837 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC66237853
+20210510090953 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC66503AC7
+20210510091517 2 6 100 3071 2 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC671C2453
+20210510091543 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC6724D557
+20210510091752 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC67729FB7
+20210510091814 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC67785967
+20210510092259 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC683152FF
+20210510092315 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC68333ECF
+20210510092433 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC685EC3F7
+20210510092808 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC68E5574F
+20210510093246 2 6 100 3071 5 E2F748529B9B801FBAF3AE42C75013A5C4C959A756D496B01A6E1145DB55AA31F408A8DEA8B8573506C76D8AF81C9A3F4D5D4B838D34C30C54D3886448581ABD74D6D95F8B0D4DA21A8E3C6D127657A93354E028D65AC9CFFBCFBD0DEC0EA4F7CBB1018C9618612FB2A5837631AFC614AD2D5FC45EC872EC8816CCB96841A4DC14307159F83F694C90472DA3BB20E9EAC91D1F21770CDC6A037855520D80102005651A54BF12D9BAB8ADB4149ED37B5BD851825B596887DC4E47E55FC0D7B3AE7FFA43F95CCE340942FBEC7E593A16AEAC11CA1136902A2917BC096E8B16CA28D0AC2A58B46DA69B9908CFDB5DC16B391B4DD5C1A8346DB2CDB22447E44FF1567D85B90CD8016029C33D9DE2C992AC73A8155693DDE84FCBB760D88FEA847AEB13EF8058E11E81A7ED0666794272E362F60EF252BD5E3890D85EB6297F99BFA82A7FA94F33EC9804D02E50C56C7856C7B923987825C79A22BF9188AC61E936AC48A40B73EBE61C1C8724315AEA4D1E5AB2889C2251F9A771493955AC6995B96F
+20210510104920 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EC48D7683
+20210510110208 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EC56E987F
+20210510111200 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EC618B3B3
+20210510112429 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EC6F9E69B
+20210510112617 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EC7137A93
+20210510120850 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ECA1DD60F
+20210510121344 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ECA6D1937
+20210510123540 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ECBF2F10B
+20210510124120 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ECC51479B
+20210510125020 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ECCED89CB
+20210510125127 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ECCF8FDBB
+20210510130049 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ECD9C8A1B
+20210510131341 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ECE7F859F
+20210510140804 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ED25225A7
+20210510140916 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ED25E3747
+20210510141423 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ED2B414E3
+20210510144848 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ED519CD53
+20210510150859 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ED68073DB
+20210510151356 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ED6D0558B
+20210510151823 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ED71A5973
+20210510153129 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ED7F992C3
+20210510155953 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27ED9EDF273
+20210510160542 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EDA4F6463
+20210510161006 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EDA97EB6F
+20210510161446 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EDAE44433
+20210510164007 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EDCA3DB53
+20210510164752 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EDD296153
+20210510170111 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EDE0FAFB7
+20210510171053 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EDEB6FD4F
+20210510172049 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EDF621333
+20210510174942 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EE15B9E07
+20210510175641 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EE1CEFE0F
+20210510180112 2 6 100 4095 2 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EE2138F1B
+20210510180610 2 6 100 4095 5 E3508586273EAF882533D9104A0F6FF5818343120ECFA2DF8002402FEA175CD1C418C3CBCE3B8C3B8897FA169C9C9521399321A353ED16DE7EDFD5F28F3F8C1B5F52F368C463B3A1AB5CF5816666973A70FA756A6A2F70313D2830D490541C09F40E7ABDCA7EE76A625F19B87D4336196CBEBEB5491E4365D7DFDF56384A3DFE662628171820829B5628694A4B4915954CF89391F3C06D9A4DF618CD54406A1198F4DF74EA2DDF55244076A5BD9295DD516B9346A98EC225F16968CA804B94F2CF67B0A4CC23A679766476CD8033CA3532230AB83092D78AB138653BAC3FE96C2E6A91387E2D7263B72CC0FEB5443233BD5C137351A4EEC65954845938DE8137C0E3F70D9932E18E4C771BD0ED3D11CDAF4EA9745D3C2C8C32E2F4C7302425A96720F939C9A32BA9475EC974D57326605F5B0402FD6431096AC965246DDEA5AD8B2B0C24A86FDA4CC9397DCE101DF441AEC0FB887CB17F61A25D2C5945BA2DC45766E939CE1210C5D0E9A8BD229EA308E995B6A99164BAC0F3985010C4AC7C36F0BBB3118A17FB1963E865AF49FD77FB4E1BA3D9551C3FAEA77CCD7A7D588294DE9EA3B8DB6A8CC98DA8C567CDAB709A287F5D53453267841E6113B3A06DF01038B6A83FA6AA4A645BB43D276B71C6EA65A98A4E9C839D38CFEDCE176C5480E8BD8AEEAB20FC1C89B889672D980C5C121545CFD4BECECE53E9CEE27EE2635EA7
+20210510182139 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D4CADABDF
+20210510182246 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D4CBA2FDF
+20210510183239 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D4D6A3817
+20210510185138 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D4EBD743B
+20210510190703 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D4FD39563
+20210510191012 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D50038993
+20210510193403 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D51B59F6F
+20210510193504 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D51BFEACB
+20210510193712 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D51DE6847
+20210510200016 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D538092BB
+20210510202408 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D552B8EA3
+20210510204717 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D56C3E03F
+20210510210552 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D580CD59F
+20210510211223 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D587C16C7
+20210510211607 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D58B825A3
+20210510212131 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D5914A563
+20210510212930 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D599D3C2B
+20210510214640 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D5AD02FBB
+20210510221404 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D5CBD7BCB
+20210510224430 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D5EDD3847
+20210510224732 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D5F0BA233
+20210510230510 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D604292FB
+20210510231041 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D609E882B
+20210510232117 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D61508923
+20210510232533 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D619565D7
+20210510232612 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D6198BB57
+20210510235513 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D63970EA3
+20210511001630 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D650D625F
+20210511002532 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D65AD01CB
+20210511002655 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D65BD0E3F
+20210511004533 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D6707A94F
+20210511005704 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D67CFB01F
+20210511011635 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D6922CFE7
+20210511012416 2 6 100 4095 5 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D69A4C92F
+20210511012915 2 6 100 4095 2 C0CF9D192A5E67E12DB4EBB35F3DD5A93041B217DDC24746828F760867A58487DCC1318CEB5929A76AB776A38F78415D03207716AFB66462B964A8B64E26D54306DFC888AF824BD68D46FD93EB19835F5CA576CDF7D57281B5A2D443CA10B94C9D091680FAE8AFDC9E862E7B8AA8EB9C5964A7A6DCF33D07735325CDC0AC2E0CB1AD72398FD23D9F375C766E55060C7E9556F16933363BD73288755FCFBE99FBEF5FEF5CDBE525AC7C1AB26CE56316568FA790082931F4015CE0BB432797A80617BEF82B448D8CF568A2EEF1CC594A4CAB3FAE7CB97866833D9BD646BB4A6850AAC1D6C8011C486C9FAB4AF5FB7C1591734B3D9FB3F46E6A07F61D1AA78B19B4C96AAE67ABCDC1218D205277054711CD88C39D93913AAFED002C96950852971C044779E8C44452321A72B50802658F1E62759B5155AE21FDC3F0CBFA1BF06E35147ED4E328E1D6FFF1BC67CE4EC4D7872797759891D74E53BD496BD7E54C6F28E8E2D60E0CC5381E136465C551BA03B91D112F50F4F84208C2AE35C7CE712F230539E5CE5211D87C56074EC6E53A0A1FFB811B9580F7045D14B89C0E6CEC5B12834317944BB2D743926BD2EFF4D8CD19E7A85C58E0CD4BAF7D7915F4A8EC46CB20FF3B82ED5C8D30F5A4CAA07E0C8CCEE173FC59C3444CEB672220B98F8065A9DD5244BAAA6D44347100D2D4FABC8FB7E6746848E0E9CFD2C6AD701D69F74C0B
+20210511102814 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056C4ADADD7
+20210511104622 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056C75C31DB
+20210511105027 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056C7F679E3
+20210511110103 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056C98961DF
+20210511113326 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056CE694ADB
+20210511113553 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056CEBCB733
+20210511120155 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056D29CD07B
+20210511121150 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056D40F2B2B
+20210511125715 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056DADDC183
+20210511133230 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056E00C0173
+20210511134118 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056E14EC08B
+20210511135454 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056E34379F3
+20210511140822 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056E531D6AF
+20210511142133 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056E71D2267
+20210511144054 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056E9EE160F
+20210511144259 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056EA31E3A3
+20210511144958 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056EB339A53
+20210511145731 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056EC45903B
+20210511150937 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056EDFF14D7
+20210511151422 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056EEA51A4F
+20210511154856 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056F391E0D3
+20210511160239 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056F5802B47
+20210511161337 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056F704FF83
+20210511163831 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056FA993EF7
+20210511164110 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056FAF3096F
+20210511164534 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056FB84285B
+20210511170505 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7056FE524F93
+20210511172712 2 6 100 6143 2 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A70570166A98B
+20210511174145 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7057036F804F
+20210511180342 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A7057068862E7
+20210511183715 2 6 100 6143 5 EE2D1C3A0CC149C6675914AEFB8A3B27C939CB721B7D7D2AECDF4464406D6B59DF4C01ABE292F37396B097215BCF049F98D5B7CBA342EF5DFE31668084E83E783AC5C21CB152C08EE0BBAB4CC8F261AFD378F97D5044BC6BD3E555ADCF508ABC26E4CAF8D0B84EDDA7E78B56B89A497BC4D5A1D5C14D1A535777D4BBA17540B64F3E2695C5B134275A2F94D1388C0F666573454ED38B3E0CAA04BF5551662A429B54153795935493FE7E3C8130EE4568A278C2FF362D070FA4D10462B347E382EE340DF1EBBDBFEFAD66AB4B2296E982EC7F0947F6BF7845E8C40F9A7B4934727781E2D129C2E055227C3CD063BBFF14DE2958D6B4D3D3EF54ECA8757C3D102B98B6C97BE8087FE6B8ABC4B7D61AB491842E37A53890081C73359B4B878570BE3B30E557B819DBEC06F1291965419B7EAD74F1ADF900E771781024B44E5669DDA88FD9C62496764EA5CE3E791EB4CCDA3E4B665355C9EC92EF18046331332886B79DC3710C36F02D2EB260246AE83459514EF00FC5857CAC8562D4DD522FA4575ECD1BACA7313A1C91F72863DFC8AF0732C9025862525CF33E5EC545D356C620C70F16D2BDD22A9BD9A25469D21C70D437FA08ED36550A2EEEF3545EFDC5A0C0FCC1070A99B2D5EFC1A32D764AEE21DC38FD6086813C01F09298B41B3EFC7F34DB201EC538901C8E05A3B3295519042CF631226BBAF9A9F8A3C4BD6B00E24CD048A14ACA7C8B9EC1C1931853909EFF8B1FBCA46C9CB9E42BE7253E7F25A97C6D50E970EF8CEFE1C70C8A3254F5402F3DCC62A5A34B477A8B452352B6CB2BFC1F372130DBC4960DCD20088DB50B39998ECCB0CD2F797F7267529DB9A63B7BE8691F9B6155EFFAEEBDB8EE7FCA2EDD9DCC92B5DDCF536E87DA064010A15CA505885DEC6499E4B1408580A3F854E1C50BEA96D4B47D9022B004F426F1F69C7580573F60BA80045BA799FB486C1AB3E363D75DA7C2BE5E256001E728B4850BA99184068CFF7A87B25C95F43E17B35BEBFA4711A1307EA545B1BA97D13F752EB7CD6F42BA4776098D71C02E4961480D18AE898D2EBCD61E897041CB1A70570B38F77F
+20210511193129 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FD7E2FF33
+20210511195502 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FDB6A44F3
+20210511195827 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FDBE676FF
+20210511204743 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FE346C16B
+20210511205051 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FE3B37BA7
+20210511210241 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FE56FF4F7
+20210511211006 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FE685FDFB
+20210511211804 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FE7B482E3
+20210511213559 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FEA624573
+20210511214955 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FEC6A1563
+20210511220820 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FEF28F693
+20210511221550 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FF0410367
+20210511222301 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FF14E2BAF
+20210511223017 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FF25C4F8B
+20210511223717 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FF358C9EF
+20210511224022 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FF3C5C0C7
+20210511224934 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FF5128EE7
+20210511225354 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FF5AC9E43
+20210511225504 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FF5CE8FCF
+20210511230424 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FF71E9D43
+20210511233003 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FFAD91657
+20210511233554 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FFBAD309B
+20210511233732 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FFBE1CC5B
+20210511235930 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E297FFF12F2D3
+20210512001430 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E298001373093
+20210512002303 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E2980026463FB
+20210512004700 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E298005D412AF
+20210512011719 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E29800A1EF6AF
+20210512012230 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E29800AD88A43
+20210512012724 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E29800B84DE0F
+20210512013230 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E29800C3AA1EF
+20210512013650 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E29800CCDD483
+20210512015950 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E2980100A0E43
+20210512020847 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E2980114782B7
+20210512022553 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E298013B2C213
+20210512022729 2 6 100 6143 5 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E298013E47BAF
+20210512025425 2 6 100 6143 2 F58340194C3306C216EBA34FD995EAF9AF7B4471283E848F4B029734B8BCEBCD8E52D560FFF982CE43FF8B4743C8048BC6D4338C8B93AC9F00C5A9564A840146DE9539AD56551E9187BFC36282EE41C27355F3620B33561B868295222A693A11F5817C1A4306DAD1071FB2D38DE9462DBC4778784F4BD5B27F2FD173C360611E6A21FB82A494BEC22F4ABF1F5AA692B784E15FB737684C0ECC5B8D55FD023C52DE35464CA1AAA8F3F949F1BE6C194CB7C0DD0E5BA261A216CFC40D7DEA492929D777F6B8636A4C05D58652836E70E5956173BFD976CF08406210630C4489534639053F069285A6E55B851423BB3714647681FB05D545F941E69FE5756C500328991387212418E4C54146FBEF4A6D2481DE817DCAE3E1EEDE8E617357630B734FEFD566BB0338D8EE564F35518E59AF81F67AD190E45906A0832515515D6CCD73DE76FE730694CEED007F333DB1F6F9A026655F950751EF85AC1E571A3DA7203D1E53D4D93F521AE1AD75360DE1AD187EFE3A396F40AFED9C7797681A857003A7EA20C2203D2E40419253C6706FD30EAABC972CAA9C5C97B48DC734472D310E0DEE896862407E24A243EEE1E02309A6C7E1E53CD953B93FF54283ACE51B298BB1C92FF0A172948EF0CF8D239A5849D8E3D7AAC4486FB746501F3318145B042E62CA6EB70544E31581687DD67D8AD73FFB39DD71DA00E7F3738890D65610CAA049A5CD99AD928F98D3CFBD9A706E8908A2F51712B03562CB057F99431E0746B98DEE0D367DFC93CA546E26A44A72F47122FABCA47900D76A42B29C9160C46B40F811A1B8BA8651C7CEB1200DED520709D9CC0B21A20C9519084DA66A91158CE7A82674374580134EEA025BB0185807DF2A5B1EDEFEFA8D247A84B787E2597F8BF72ED6F570F32AACA50D10E94DB679FF68CE35AF77537EA4CB7928F7EDD5CABB65E32C0D88FACCFC51C2146BF3FDA433B76F09234552FC069312C38677AD95D501AF829B0A1484FEF9A2F804F0ECD4990079B66568956C34212CE0E483CF7C78D1E638893082826C15E7CA78004D04AC95EE36ED5200EBB74FA39E2980179E503B
+20210510215238 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39D65FCF63
+20210510222355 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39D8F2D76B
+20210510231559 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39DD6E0D13
+20210510234158 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39DFA06E23
+20210511000641 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39E1BC772F
+20210511003255 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39E3F4AA7F
+20210511015501 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39EAF7F0CB
+20210511030805 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39F104A8AF
+20210511031420 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39F182BAA3
+20210511032555 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39F276EC07
+20210511033918 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39F38CC9EB
+20210511041948 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39F6EA1CBF
+20210511044846 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39F9459AA7
+20210511045936 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F39FA227747
+20210511061456 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A0049A573
+20210511070958 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A04A6FA53
+20210511071633 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A0529E6FB
+20210511090443 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A0DE2A39B
+20210511091529 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A0EBA9D9B
+20210511092043 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A0F1F1753
+20210512033258 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A16919EA3
+20210512055407 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A217F863B
+20210512065219 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A2603970B
+20210512071046 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A27671DBF
+20210512080928 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A2BE5B26B
+20210512082250 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A2CE9961F
+20210512093942 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A32BF8C6B
+20210512101658 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A358BA32B
+20210512111206 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A39AF5083
+20210512111445 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A39D9B197
+20210512111520 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A39DC61F3
+20210512120145 2 6 100 7679 5 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A3D4F7B0F
+20210512135337 2 6 100 7679 2 C260CF005EEA851908A07073F58C88D37464F6C4353E3652C60C64BB441FAB9B7FB9F6CBB9D8073D3FE935B70EA1F508B2AF0E89899E9B6FD2B0E0583386A56CDADB39C1E362175A28F278B43A478B8506B1592C5A1DB8F33CE21C43CC5763DE1218C349755906B8D975B9DA963936BC01F7D79C5928C25E602D5B838892C62FDD61FAD8D0E189A70EC5891239BF69A75C87ACF1DC8DC50B359A9DC624FF7F92627B5D29748D84549AA6A831A35742E579A206F56DB0AD497AA834B877538C8045F3EE38A189AF9FFFBFC36FA4758EF1334DA487353514C0C406DB6B38E9327895D73DA4E92042EA6880336392E7E8342A1A7526816FEC68E95C995C9388779636AF8A45F54274EBDDD439AA16EE284FAF1E5459C99372083CF1531730F0354BF7E9C0733A3E785E82D99D270870B97D303F2A968C1469041D62277A14DFA2B279991C7E3C45DFEE93192650BF89D46218932FEB1C357EFA71A7F669F42FA4417F7053AEA70D43646CFDBCF7C05A1ABF53D1B5CA701BB6281097C600F951EDDEB258722C6EBA5A663BEB51CDA38D36584D6566BA1878558A7B2D32B28675D1FB2463C8C8AA5CC9CCBD733F3D741BDDC3F0F9532AAA1BB6E039F59B3CE4E5566440DEABF306861EAC945A4DDB2BC7E1B4096D92EB6901C7B83EB8980128935FCB70E82E855BBE41A9438BE84ACC738F818E5E3EDBA0AEE97CDB1634BABB6B1928BB43EDFB053DE5B3B4F0194A4D79D2EDB949D94B197F5D9406AAD368D5EEC0212A0BCA174F2BFFAACFAF2C51AE1F39DCDD849B04C0AE98935C80E62F63755F9B740343A28A5A7B93D8F5FA63E9C322BF46F484911A3B5581F9039F0A930E77AF641EEA0D1734D59B28B13280A9641382D3E489E069F2D659491F261B5FB7B4B7C7AE823D3C426FDEFD75734AD97DC4359E30BA7E99E073D8D6FD1C6B0F01006F33C829528E46565CE86F781228E2D22D7A5AA4C9E6B53DDACF380404CD9D2B2CDE31C6ECA679AA6A997AC53F9E9A429BFF636A008488447622ACFD6754E17048D0E7F7DF03CE0DE64F9FCAE47A46718D8212D620688A598D3B6AFEC54C762D4AE8AA0BA7B1AC97B8F9766BAF71EAE16D5E2B5614AC4FA5E20A0BCD622134AC7B08E00B8020D580F2C28CA1D15BDA1981CCE0E0AB5CDE942DFCC578EFF0C250B874E638705294A00724F9ED1329DA93179CAA869EE4BBAAD9F29993945745A5116840906BA4DCF9E303CE0947D4FD59C7964CC001882C001FB188697652B0A949624A983DA2099443191F6DD4EF89B705CCC825FC16C4AC5FD63D932901DE28AEEAB0DF883F44A6F0923B54A9477A3B521D8E12DD10453931E00E9F3A45A535C3
+20210512141816 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EBF1F48AF
+20210512151944 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EC46EAC57
+20210512152457 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EC4D2E37F
+20210512160220 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EC805627F
+20210512161859 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EC96E198B
+20210512165622 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979ECC946B97
+20210512182636 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979ED42A027B
+20210512183805 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979ED519CAFB
+20210512184521 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979ED5AD365F
+20210512185310 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979ED648AE4B
+20210512204010 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EDF2ADBE7
+20210512204459 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EDF86656B
+20210512215034 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EE4F3F8BF
+20210512215957 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EE5AFAD1B
+20210512232130 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EEC537383
+20210513002903 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EF1CC9B5B
+20210513010529 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EF4AF06D7
+20210513024603 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EFC954793
+20210513024649 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979EFC9C854B
+20210513034549 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F013F0FB3
+20210513035644 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F02144FBB
+20210513040521 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F02B7D0AB
+20210513041837 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F03B639A3
+20210513051930 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F08737F53
+20210513054050 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F0A117EFF
+20210513061420 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F0CA24113
+20210513062114 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F0D21BC27
+20210513063330 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F0E0CA30F
+20210513071712 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F1165FA43
+20210513072642 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F1213296F
+20210513075016 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F13D7F69F
+20210513080859 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F15405513
+20210513082937 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F16D0AEC7
+20210513084916 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F184559A3
+20210513101622 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F1ED0663B
+20210513103219 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F1FF64A7B
+20210513105336 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F217BF603
+20210513120417 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F26CCF6D3
+20210513122242 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F28222B57
+20210513122833 2 6 100 7679 2 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F2886B733
+20210513132056 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F2C65CDC7
+20210513133945 2 6 100 7679 5 FAFDEC5D38380C2FFBEDCDA1262E4817F274B6544BB0A1904CF571375327EDF0105410A3F584F9A15982937EB5A64E30206DA90D66B89BF48EC74E7F40FB957673193875E02B88101A4FE81C47EBCB8451386AAEC6EA69F967310C79D8CC71BE07F669C3094E5F2CD314FF0FDD08256EFDFC03EF43C4704684CEEBBBFC48D48C920B2AC3CC15010D7EE49049D52B12E6E9228BF0482C174747EA40E558D88CACA9F143A496236C120DE560FDD7B2A1175407D333103C025E8EAE424AC5BADA1A354428B451F594BE605000CA3B2773B2D91FEDBBAF2E58DE2F03461A9F8D90B84209F66D7203E92774AB5B83809BAFFCC8D32ACB1B0AD4D1C2D37CED00654FB7517A56FE35CD364967D541D336C0E2CF96303B3BD1FBBC12D5DCF3D8F343BD2DD0EA3B5FA0062DC9A426A36DD27FD9C8E76DBB7FFE97BA3B27BDE53B017D7C9DFA6A4354FC95F3DAD99172290423EB507B574D6CEAF38A4AE227FD44541A29560020EA2EC10C5213E1EBC7A686AFA770A09C28E0D1EFB46AD409D2C58B8A4EF2E740957BCE903FF63D0B5E6BCF7E8C2B8F85DB93FC96E78BE2002603FF9AC2ACF368269FE034D6A5F8BFC6249FD140E85E9435C8B03D9390F1D0FD44519C21D174F7901BAB95DE7C91A1BFB9EB1079C584A71392A72768B2C2748145835AE7A5509B3C59539F46B5E0DF6955B84687C454679C9D87198605D78D1B551F502A5ACD915F55C919763C2F1206A0ADD5F651031A76EA0D102D064CBE24F919D3CF333D1EA0E89C1CA9E7D115802FC38757A50C97849D41E03C5F1EB8485CDDB55464E44172B0DE3D4F94A5AD01ECE4D70E17181225418F4205ABA526FA1D8C493749243D626C1D6A3170AD9D7DA551F3642229428803E81782D49355CB6CCEE08AB7583CA3A73354F2942BC6225E07788E542B1E2A9B46724D8A8EE0BE6F79CCDF78B10FC78FF3E15FFBC2EF1FFF4F53A328C7850BC0DAF358823712FF3609B981377D64FD274C578FFE92A6AE74F6F6A37907BD6B71FDA8C492C15BF9F820360709CFE9C5DFB03196120DF85D7D730DBA4CDFC36F2760227A5EAA27AA255935616A3833609B890B2445FC82D7A70B798DCB71E7C5B868AF06577FDDD034B63FF8A5CEEE3A1BBCD4CC61AF7A21D812E5987B35EF262FCCDFE85FF02E21E95C20C66357D8C813C672AFF03D9B4023E94E4397596BEA7F642D14DDA48D455EE0EBC7979D7AAD8994DC9A0DB84F1EE247C71E3D3A5626455CABC9C91BBAA98E2DD96EDA9EC0CDE2130236907A41D227CC515E1B139D278BC9F1DC231BDBDD76C400564D3200B2F61980B679BE9D8BF9D37BA5C0CB681E5054431A61CBF3979F2DC4BF6F
+20210513144224 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB1974BC3929B
+20210513153319 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB1974F77AE5B
+20210513202423 2 6 100 8191 5 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB1976458B21F
+20210513231705 2 6 100 8191 5 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197705C37B7
+20210513233042 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB1977149F50B
+20210513233427 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197718133B3
+20210514021221 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB1977C49F803
+20210514033618 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB19781E711FB
+20210514034136 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB1978239BC2B
+20210514061321 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB1978C43CECB
+20210514081550 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB1979429D64B
+20210514112414 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197A0360BD3
+20210514115310 2 6 100 8191 5 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197A2059F5F
+20210514125653 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197A6070053
+20210514135322 2 6 100 8191 5 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197A992D4D7
+20210514152842 2 6 100 8191 5 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197AF853A37
+20210514153107 2 6 100 8191 5 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197AFA14327
+20210514162047 2 6 100 8191 5 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197B2B7330F
+20210514163234 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197B36A5C3B
+20210514173058 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197B701F873
+20210514181258 2 6 100 8191 5 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197B999E087
+20210514182942 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197BA9B3683
+20210514191337 2 6 100 8191 5 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197BD4793EF
+20210514193708 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197BEACFC3B
+20210514205734 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197C391340B
+20210514221328 2 6 100 8191 2 D352935F33D9BC205912B919A6C5F18F76C30A32F6C0390249B48383BA4F31098BF5B6B2ACE6A745344840435A6C9A0DBF8E268F0463420452610E9A624590DC2CD57490F709DFFC5A54630DE486C73DB3C377B87C919F90BA88A7B41627351E6BEADBA605C2C625833BB95E9F34892A5D15DDF216D1A549FCFA819D7567D99015B1C3944254B87680222859779EA64C26FCEF82F34FE28E765DE3DDBCB9B3664E7896B18B93B9AA3A69944E8CEB93C18F671E2A75D6C1061B23AF8B913911A73099EA5B0F527C054B8A71B335A65CE680F02DC58D27FDBBA83EE263DD9E171B190F1CDB173BF56BB93407074B1899E8D59832EF383BCF6FB145E0F8A4A7484A2F8F4178D0A8DF9B8B920FF1250BF88BE770FD43D7EF2F4B998D86628A676173384FA95CB6B8A2599F8D5BFAA9E7C025CF29A9E1A8818B90CF2568CB8F3C003BC22B873374ACEF560B114B6B3EA0ED1701CE77A34E2723FB377BD67D480E3BF6A4E71763ED85C4E5F034A8E1761B1424AC67CFD1727157A43EEAD2168622F43967A4494E3C3D92E41EF47B7425D13D746CF617F9BB0F7CF04C093261541B6BAD54E3ED418AA1044C21FCC95B3416E6648FC576AECA4A82F2E69CE017A982407FAB0B656B56933908F1FD739686102F68805B8C605CF88952AEE1257382DE39D777527416FBED01472FE9C947AD58968D7FF2847328265584C2E93F7DF92CA891122AF48B9549020D2FAC44913C2DB5DAE20434E477FC5AF527E3D16D13B5586131FA1CC6AB1D522A1EFDA51B84D82BCBC0E76F00E0C790A9C07D0CD81088A6E972BB453B0D72AACF78BE9506B25301A473C0F4E6DF46B6517C73D9809F5319DA70BD22C0C17D90A0A26080E262D9DFB50B21AABFB60D76E655B78B2C4A4EDE0D32CE1BBD3F05F49C12B30DA10A13BAA95F907A1306F4FAFA251D8F6E16B6A5EB177D7777FFAB5A875B3D27D250B496B3EDCF818020A27D1CF30EF135AA50CF05B70D1FBCFAB92C7D0CC17E3AB813D23233BEDB187FAB1406BB9397760F905658A124923E6F97F947EF88572CC3F50F16FC716DEA622F9878462113A5E43CFA165D80B531843CB024CC310FB4FD80788A67ABCADDD99BD5A26D1FDB72FA5DF44C84085D7EA30393ABA8E7CB659489DE64CAECC4E2E6779E80CAC156B5957C30B89F073E97BD013CE3E7D260917C1B3C46F6AF0B77A2109E7A81DBB20745B4FD4B33BCC08FD30F554C5EF9B6E69CBD225A498D2D51CA440B83205DF7AE9020AF2595F3CC648907EA05C2F4063C835606A4598A7E9CF67710332A938B1FF851A6697F9A38FFA2CCF2BBD6A00F8437794DA285A8E298CCF2D5497DCA6065D8E0AD829172FBF4D10F75BE58F97FB2D272DD9B57C5659910BDF70D78C45FDFE135DC75F8DBB69F78EF068CBEA5F9FC8940D45AB9928C9002EA165CBBFFB197C828281B
+20210515004609 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7B7D0AF33
+20210515010402 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7B90F73BF
+20210515020359 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7BD3DCDAB
+20210515020859 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7BD8C099F
+20210515024607 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7C01A4257
+20210515042745 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7C7338DAF
+20210515064126 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7D05D5BDB
+20210515065958 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7D190DF9B
+20210515070456 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7D1DF4F37
+20210515073228 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7D3BDC2E3
+20210515082306 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7D7180387
+20210515083006 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7D78B18B3
+20210515090500 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7D9CF96DF
+20210515092343 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7DB040157
+20210515100730 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7DDEA0AE3
+20210515102122 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7DED3CFBB
+20210515111047 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7E218ED8B
+20210515112711 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7E32683E3
+20210515130646 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7E9836B47
+20210515144634 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7EFF3474F
+20210515145430 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7F06C080F
+20210515151337 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7F1A0735F
+20210515155550 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7F4535AFB
+20210515170646 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7F8D31C5B
+20210515182201 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE7FD9B5FC3
+20210515190839 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE80086B9E7
+20210515195013 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE80312E5FF
+20210515215158 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE80ABDE71B
+20210515222330 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE80CB1A273
+20210515223057 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE80D1F22DF
+20210516000343 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE812D0CF63
+20210516001402 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE813696F87
+20210516033418 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE81F94FB1B
+20210516034751 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE820609413
+20210516043347 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE8232145B3
+20210516043651 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE82348D01F
+20210516052501 2 6 100 8191 5 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE8262E1FE7
+20210516061031 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE828E7F28B
+20210516070338 2 6 100 8191 2 DD4A2D5D7B10514C9CBEB91330C309D38566FF0D418584030168693F4060DE64CC996D4F9D446AEF0F5C78E4BCFD2067A117FF78EDB5E248F494F0F6AAF718220D801EE111F50E6FD20092C3C4CFF0452384E6EF948624A85ACB5A40280F32E0C1824BF0D7215F20DC356DCF39DB382083F4CAB942564DEDA2B38211789A707CA0388E27191F3238E75B8FA352A37BA743CB80351DB5DC8F4F5CFD79C920102A838B5EE973E4F95253B43B0E327F31CBBBD7932E13C2DB0F43CCE1FB609DFE4140CA3B048CFB3C929AB9685EBFFD09F08625727583AE0E4AB61DDE47807E124D84F3FCA43FC92A7AA931FBE193CC609611FC30E873F1988D92251DF49C1E2A9126C63FA3FE19C4D9066FEC94693CBCC0951624C3F410F729F9539D35C848D924C29CF512ED032AA4B5AC4A2440197C81D5EBA6A5A9CBC11F4660FFE7597F60E6AF25944E425D724606ABFCB84878D66CE017D3ED6B07CA4FCA5B5CFA57C82FCCF1172850678F63F6F2277F242C1DACB5D16D2BC5EC611C45751A8AFC3179CEFA82334172D326B3CFCB9FB43B2E981AB6BC4033CC2E7BB57E6A19A74953E1E5E7A2E4463E3C3C950ACC5128D1DC543A6BB34C3AE3F4C33818923C1911329D5BA8D6AF1ED5915E1A1E0824CC612898AF0B0EBB553D5760AD00913D60A5649C860B3FCA1049A55BC24045298537BAA1E47B9C779FF24654889FF6162DFF3DF787E53CE4D1355AAF425B9B7CACE1C9FE076D61BD6A1887155813C7C922ABF8D161B546A94D091365D7EF693532B7CB2352F73EB8E4CB75E5771E21C2691C1AB114880E0AB104869DA6425900EF55A5B95FED252DC1D70B2473B26AEFFBCD5569F895D16B50F030B7EB2846985D185880F2B4624622F28CDD73CAEBBC318187AD69432EF31B38831E67222CCBA64DFBF0937A297E3473421506E7AA1D30DABE3841E8F58D6C6B1D0596867D80ADA9A9ADD06A1FB634DBF7B1FEF67DBABFF52538C4563B90FD343F711822EA17054A9FD1D61B9FD78CD083345E7544853B5D284CC73082C2042BFF6C2614FB1F129F7B7E2C07DFF784DCC5859A8306A33807ED27958C3FFD25F13537F869248BE6E4B3ADD9F03E5DF976D1BCEE46C30B5E79AFCF5233F3E4FE05EE6E5AA17A0E44BD67B1ED69F51F5EF287E531FA51B4FA545BC0C3EFB16D8424518AE27498DFBCBF79D129CA3AF38108C86266527435FC27AFA4201609B974EC1CEF0741BC478676736135E5E2BA6297C061E585CE267A99CB411505FC26A2E54209C94D6757CA9B71127B401DEB364D0A86C4C22A5A65CDD2504C57602959D2DB6E8BAC42720A76B8910D08852AE79D91F195A046D86BC3D88660ECC6BAB9CA26B765B45C6DC2571685EE8F25EEBC7B7FEE5AE00B492CF90CFC2C2348F92D2C0D4776FC611CB1F7064E40230E74302CF83A93F177A53CE82C2463FB

monitor.c

diff --git a/monitor.c b/monitor.c
index b454cc1..677641c 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.210 2020/03/13 03:17:07 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.228 2021/08/11 05:20:17 djm Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -104,7 +104,6 @@
 /* Imports */
 extern ServerOptions options;
 extern u_int utmp_len;
-extern u_char session_id[];
 extern struct sshbuf *loginmsg;
 extern struct sshauthopt *auth_opts; /* XXX move to permanent ssh->authctxt? */
 
@@ -121,8 +120,6 @@
 int mm_answer_authpassword(struct ssh *, int, struct sshbuf *);
 int mm_answer_bsdauthquery(struct ssh *, int, struct sshbuf *);
 int mm_answer_bsdauthrespond(struct ssh *, int, struct sshbuf *);
-int mm_answer_skeyquery(struct ssh *, int, struct sshbuf *);
-int mm_answer_skeyrespond(struct ssh *, int, struct sshbuf *);
 int mm_answer_keyallowed(struct ssh *, int, struct sshbuf *);
 int mm_answer_keyverify(struct ssh *, int, struct sshbuf *);
 int mm_answer_pty(struct ssh *, int, struct sshbuf *);
@@ -160,7 +157,7 @@
 /* local state for key verify */
 static u_char *key_blob = NULL;
 static size_t key_bloblen = 0;
-static int key_blobtype = MM_NOKEY;
+static u_int key_blobtype = MM_NOKEY;
 static struct sshauthopt *key_opts = NULL;
 static char *hostbased_cuser = NULL;
 static char *hostbased_chost = NULL;
@@ -309,8 +306,7 @@
 			if (authenticated &&
 			    !auth2_update_methods_lists(authctxt,
 			    auth_method, auth_submethod)) {
-				debug3("%s: method %s: partial", __func__,
-				    auth_method);
+				debug3_f("method %s: partial", auth_method);
 				authenticated = 0;
 				partial = 1;
 			}
@@ -318,8 +314,8 @@
 
 		if (authenticated) {
 			if (!(ent->flags & MON_AUTHDECIDE))
-				fatal("%s: unexpected authentication from %d",
-				    __func__, ent->type);
+				fatal_f("unexpected authentication from %d",
+				    ent->type);
 			if (authctxt->pw->pw_uid == 0 &&
 			    !auth_root_allowed(ssh, auth_method))
 				authenticated = 0;
@@ -352,12 +348,11 @@
 	}
 
 	if (!authctxt->valid)
-		fatal("%s: authenticated invalid user", __func__);
+		fatal_f("authenticated invalid user");
 	if (strcmp(auth_method, "unknown") == 0)
-		fatal("%s: authentication method name unknown", __func__);
+		fatal_f("authentication method name unknown");
 
-	debug("%s: %s has been authenticated by privileged process",
-	    __func__, authctxt->user);
+	debug_f("user %s authenticated by privileged process", authctxt->user);
 	ssh->authctxt = NULL;
 	ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
 
@@ -420,47 +415,47 @@
 monitor_read_log(struct monitor *pmonitor)
 {
 	struct sshbuf *logmsg;
-	u_int len, level;
+	u_int len, level, forced;
 	char *msg;
 	u_char *p;
 	int r;
 
 	if ((logmsg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 
 	/* Read length */
 	if ((r = sshbuf_reserve(logmsg, 4, &p)) != 0)
-		fatal("%s: reserve: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reserve len");
 	if (atomicio(read, pmonitor->m_log_recvfd, p, 4) != 4) {
 		if (errno == EPIPE) {
 			sshbuf_free(logmsg);
-			debug("%s: child log fd closed", __func__);
+			debug_f("child log fd closed");
 			close(pmonitor->m_log_recvfd);
 			pmonitor->m_log_recvfd = -1;
 			return -1;
 		}
-		fatal("%s: log fd read: %s", __func__, strerror(errno));
+		fatal_f("log fd read: %s", strerror(errno));
 	}
 	if ((r = sshbuf_get_u32(logmsg, &len)) != 0)
-		fatal("%s: get len: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse len");
 	if (len <= 4 || len > 8192)
-		fatal("%s: invalid log message length %u", __func__, len);
+		fatal_f("invalid log message length %u", len);
 
 	/* Read severity, message */
 	sshbuf_reset(logmsg);
 	if ((r = sshbuf_reserve(logmsg, len, &p)) != 0)
-		fatal("%s: reserve: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reserve msg");
 	if (atomicio(read, pmonitor->m_log_recvfd, p, len) != len)
-		fatal("%s: log fd read: %s", __func__, strerror(errno));
+		fatal_f("log fd read: %s", strerror(errno));
 	if ((r = sshbuf_get_u32(logmsg, &level)) != 0 ||
+	    (r = sshbuf_get_u32(logmsg, &forced)) != 0 ||
 	    (r = sshbuf_get_cstring(logmsg, &msg, NULL)) != 0)
-		fatal("%s: decode: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	/* Log it */
 	if (log_level_name(level) == NULL)
-		fatal("%s: invalid log level %u (corrupted message?)",
-		    __func__, level);
-	do_log2(level, "%s [preauth]", msg);
+		fatal_f("invalid log level %u (corrupted message?)", level);
+	sshlogdirect(level, forced, "%s [preauth]", msg);
 
 	sshbuf_free(logmsg);
 	free(msg);
@@ -486,7 +481,7 @@
 		if (poll(pfd, pfd[1].fd == -1 ? 1 : 2, -1) == -1) {
 			if (errno == EINTR || errno == EAGAIN)
 				continue;
-			fatal("%s: poll: %s", __func__, strerror(errno));
+			fatal_f("poll: %s", strerror(errno));
 		}
 		if (pfd[1].revents) {
 			/*
@@ -501,13 +496,13 @@
 	}
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 
 	mm_request_receive(pmonitor->m_sendfd, m);
 	if ((r = sshbuf_get_u8(m, &type)) != 0)
-		fatal("%s: decode: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type");
 
-	debug3("%s: checking request %d", __func__, type);
+	debug3_f("checking request %d", type);
 
 	while (ent->f != NULL) {
 		if (ent->type == type)
@@ -517,15 +512,13 @@
 
 	if (ent->f != NULL) {
 		if (!(ent->flags & MON_PERMIT))
-			fatal("%s: unpermitted request %d", __func__,
-			    type);
+			fatal_f("unpermitted request %d", type);
 		ret = (*ent->f)(ssh, pmonitor->m_sendfd, m);
 		sshbuf_free(m);
 
 		/* The child may use this request only once, disable it */
 		if (ent->flags & MON_ONCE) {
-			debug2("%s: %d used once, disabling now", __func__,
-			    type);
+			debug2_f("%d used once, disabling now", type);
 			ent->flags &= ~MON_PERMIT;
 		}
 
@@ -535,7 +528,7 @@
 		return ret;
 	}
 
-	fatal("%s: unsupported request: %d", __func__, type);
+	fatal_f("unsupported request: %d", type);
 
 	/* NOTREACHED */
 	return (-1);
@@ -580,21 +573,19 @@
 	if ((r = sshbuf_get_u32(m, &min)) != 0 ||
 	    (r = sshbuf_get_u32(m, &want)) != 0 ||
 	    (r = sshbuf_get_u32(m, &max)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
-	debug3("%s: got parameters: %d %d %d",
-	    __func__, min, want, max);
+	debug3_f("got parameters: %d %d %d", min, want, max);
 	/* We need to check here, too, in case the child got corrupted */
 	if (max < min || want < min || max < want)
-		fatal("%s: bad parameters: %d %d %d",
-		    __func__, min, want, max);
+		fatal_f("bad parameters: %d %d %d", min, want, max);
 
 	sshbuf_reset(m);
 
 	dh = choose_dh(min, want, max);
 	if (dh == NULL) {
 		if ((r = sshbuf_put_u8(m, 0)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble empty");
 		return (0);
 	} else {
 		/* Send first bignum */
@@ -602,7 +593,7 @@
 		if ((r = sshbuf_put_u8(m, 1)) != 0 ||
 		    (r = sshbuf_put_bignum2(m, dh_p)) != 0 ||
 		    (r = sshbuf_put_bignum2(m, dh_g)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble");
 
 		DH_free(dh);
 	}
@@ -624,15 +615,15 @@
 	u_int keyid, compat;
 	const char proof_req[] = "hostkeys-prove-00@openssh.com";
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 
 	if ((r = sshbuf_get_u32(m, &keyid)) != 0 ||
 	    (r = sshbuf_get_string(m, &p, &datlen)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &alg, &alglen)) != 0 ||
 	    (r = sshbuf_get_u32(m, &compat)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (keyid > INT_MAX)
-		fatal("%s: invalid key ID", __func__);
+		fatal_f("invalid key ID");
 
 	/*
 	 * Supported KEX types use SHA1 (20 bytes), SHA256 (32 bytes),
@@ -651,21 +642,20 @@
 		 * the client sent us.
 		 */
 		if (session_id2_len == 0) /* hostkeys is never first */
-			fatal("%s: bad data length: %zu", __func__, datlen);
+			fatal_f("bad data length: %zu", datlen);
 		if ((key = get_hostkey_public_by_index(keyid, ssh)) == NULL)
-			fatal("%s: no hostkey for index %d", __func__, keyid);
+			fatal_f("no hostkey for index %d", keyid);
 		if ((sigbuf = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new", __func__);
+			fatal_f("sshbuf_new");
 		if ((r = sshbuf_put_cstring(sigbuf, proof_req)) != 0 ||
 		    (r = sshbuf_put_string(sigbuf, session_id2,
 		    session_id2_len)) != 0 ||
 		    (r = sshkey_puts(key, sigbuf)) != 0)
-			fatal("%s: couldn't prepare private key "
-			    "proof buffer: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble private key proof");
 		if (datlen != sshbuf_len(sigbuf) ||
 		    memcmp(p, sshbuf_ptr(sigbuf), sshbuf_len(sigbuf)) != 0)
-			fatal("%s: bad data length: %zu, hostkey proof len %zu",
-			    __func__, datlen, sshbuf_len(sigbuf));
+			fatal_f("bad data length: %zu, hostkey proof len %zu",
+			    datlen, sshbuf_len(sigbuf));
 		sshbuf_free(sigbuf);
 		is_proof = 1;
 	}
@@ -679,25 +669,22 @@
 
 	if ((key = get_hostkey_by_index(keyid)) != NULL) {
 		if ((r = sshkey_sign(key, &signature, &siglen, p, datlen, alg,
-		    options.sk_provider, compat)) != 0)
-			fatal("%s: sshkey_sign failed: %s",
-			    __func__, ssh_err(r));
+		    options.sk_provider, NULL, compat)) != 0)
+			fatal_fr(r, "sign");
 	} else if ((key = get_hostkey_public_by_index(keyid, ssh)) != NULL &&
 	    auth_sock > 0) {
 		if ((r = ssh_agent_sign(auth_sock, key, &signature, &siglen,
-		    p, datlen, alg, compat)) != 0) {
-			fatal("%s: ssh_agent_sign failed: %s",
-			    __func__, ssh_err(r));
-		}
+		    p, datlen, alg, compat)) != 0)
+			fatal_fr(r, "agent sign");
 	} else
-		fatal("%s: no hostkey from index %d", __func__, keyid);
+		fatal_f("no hostkey from index %d", keyid);
 
-	debug3("%s: %s signature %p(%zu)", __func__,
-	    is_proof ? "hostkey proof" : "KEX", signature, siglen);
+	debug3_f("%s %s signature len=%zu", alg,
+	    is_proof ? "hostkey proof" : "KEX", siglen);
 
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_string(m, signature, siglen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	free(alg);
 	free(p);
@@ -711,8 +698,14 @@
 	return (0);
 }
 
-/* Retrieves the password entry and also checks if the user is permitted */
+#define PUTPW(b, id) \
+	do { \
+		if ((r = sshbuf_put_string(b, \
+		    &pwent->id, sizeof(pwent->id))) != 0) \
+			fatal_fr(r, "assemble %s", #id); \
+	} while (0)
 
+/* Retrieves the password entry and also checks if the user is permitted */
 int
 mm_answer_pwnamallow(struct ssh *ssh, int sock, struct sshbuf *m)
 {
@@ -721,13 +714,13 @@
 	int r, allowed = 0;
 	u_int i;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 
 	if (authctxt->attempt++ != 0)
-		fatal("%s: multiple attempts for getpwnam", __func__);
+		fatal_f("multiple attempts for getpwnam");
 
 	if ((r = sshbuf_get_cstring(m, &username, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	pwent = getpwnamallow(ssh, username);
 
@@ -739,7 +732,7 @@
 
 	if (pwent == NULL) {
 		if ((r = sshbuf_put_u8(m, 0)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble fakepw");
 		authctxt->pw = fakepw();
 		goto out;
 	}
@@ -748,10 +741,18 @@
 	authctxt->pw = pwent;
 	authctxt->valid = 1;
 
-	/* XXX don't sent pwent to unpriv; send fake class/dir/shell too */
-	if ((r = sshbuf_put_u8(m, 1)) != 0 ||
-	    (r = sshbuf_put_string(m, pwent, sizeof(*pwent))) != 0 ||
-	    (r = sshbuf_put_cstring(m, pwent->pw_name)) != 0 ||
+	/* XXX send fake class/dir/shell, etc. */
+	if ((r = sshbuf_put_u8(m, 1)) != 0)
+		fatal_fr(r, "assemble ok");
+	PUTPW(m, pw_uid);
+	PUTPW(m, pw_gid);
+#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
+	PUTPW(m, pw_change);
+#endif
+#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
+	PUTPW(m, pw_expire);
+#endif
+	if ((r = sshbuf_put_cstring(m, pwent->pw_name)) != 0 ||
 	    (r = sshbuf_put_cstring(m, "*")) != 0 ||
 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
 	    (r = sshbuf_put_cstring(m, pwent->pw_gecos)) != 0 ||
@@ -761,26 +762,23 @@
 #endif
 	    (r = sshbuf_put_cstring(m, pwent->pw_dir)) != 0 ||
 	    (r = sshbuf_put_cstring(m, pwent->pw_shell)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble pw");
 
  out:
 	ssh_packet_set_log_preamble(ssh, "%suser %s",
 	    authctxt->valid ? "authenticating" : "invalid ", authctxt->user);
 	if ((r = sshbuf_put_string(m, &options, sizeof(options))) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble options");
 
 #define M_CP_STROPT(x) do { \
-		if (options.x != NULL) { \
-			if ((r = sshbuf_put_cstring(m, options.x)) != 0) \
-				fatal("%s: buffer error: %s", \
-				    __func__, ssh_err(r)); \
-		} \
+		if (options.x != NULL && \
+		    (r = sshbuf_put_cstring(m, options.x)) != 0) \
+			fatal_fr(r, "assemble %s", #x); \
 	} while (0)
 #define M_CP_STRARRAYOPT(x, nx) do { \
 		for (i = 0; i < options.nx; i++) { \
 			if ((r = sshbuf_put_cstring(m, options.x[i])) != 0) \
-				fatal("%s: buffer error: %s", \
-				    __func__, ssh_err(r)); \
+				fatal_fr(r, "assemble %s", #x); \
 		} \
 	} while (0)
 	/* See comment in servconf.h */
@@ -795,10 +793,10 @@
 		 * run to it's packet_disconnect(), but it must not allow any
 		 * authentication to succeed.
 		 */
-		debug("%s: no valid authentication method lists", __func__);
+		debug_f("no valid authentication method lists");
 	}
 
-	debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
+	debug3_f("sending MONITOR_ANS_PWNAM: %d", allowed);
 	mm_request_send(sock, MONITOR_ANS_PWNAM, m);
 
 	/* Allow service/style information on the auth context */
@@ -821,7 +819,7 @@
 	sshbuf_reset(m);
 	banner = auth2_read_banner();
 	if ((r = sshbuf_put_cstring(m, banner != NULL ? banner : "")) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 	mm_request_send(sock, MONITOR_ANS_AUTH2_READ_BANNER, m);
 	free(banner);
 
@@ -837,9 +835,8 @@
 
 	if ((r = sshbuf_get_cstring(m, &authctxt->service, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &authctxt->style, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	debug3("%s: service=%s, style=%s",
-	    __func__, authctxt->service, authctxt->style);
+		fatal_fr(r, "parse");
+	debug3_f("service=%s, style=%s", authctxt->service, authctxt->style);
 
 	if (strlen(authctxt->style) == 0) {
 		free(authctxt->style);
@@ -889,10 +886,10 @@
 	size_t plen = 0;
 
 	if (!options.password_authentication)
-		fatal("%s: password authentication not enabled", __func__);
+		fatal_f("password authentication not enabled");
 #if !defined(ANDROID)
 	if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	/* Only authenticate if the context is valid */
 	authenticated = options.password_authentication &&
 	    auth_password(ssh, passwd);
@@ -904,13 +901,14 @@
 
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_u32(m, authenticated)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 #ifdef USE_PAM
 	if ((r = sshbuf_put_u32(m, sshpam_get_maxtries_reached())) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble PAM");
 #endif
 
 	debug3("%s: sending result %d", __func__, authenticated);
+	debug3_f("sending result %d", authenticated);
 	mm_request_send(sock, MONITOR_ANS_AUTHPASSWORD, m);
 
 	call_count++;
@@ -933,19 +931,19 @@
 	int r;
 
 	if (!options.kbd_interactive_authentication)
-		fatal("%s: kbd-int authentication not enabled", __func__);
+		fatal_f("kbd-int authentication not enabled");
 	success = bsdauth_query(authctxt, &name, &infotxt, &numprompts,
 	    &prompts, &echo_on) < 0 ? 0 : 1;
 
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_u32(m, success)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 	if (success) {
 		if ((r = sshbuf_put_cstring(m, prompts[0])) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble prompt");
 	}
 
-	debug3("%s: sending challenge success: %u", __func__, success);
+	debug3_f("sending challenge success: %u", success);
 	mm_request_send(sock, MONITOR_ANS_BSDAUTHQUERY, m);
 
 	if (success) {
@@ -965,23 +963,23 @@
 	int r, authok;
 
 	if (!options.kbd_interactive_authentication)
-		fatal("%s: kbd-int authentication not enabled", __func__);
+		fatal_f("kbd-int authentication not enabled");
 	if (authctxt->as == NULL)
-		fatal("%s: no bsd auth session", __func__);
+		fatal_f("no bsd auth session");
 
 	if ((r = sshbuf_get_cstring(m, &response, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	authok = options.challenge_response_authentication &&
+		fatal_fr(r, "parse");
+	authok = options.kbd_interactive_authentication &&
 	    auth_userresponse(authctxt->as, response, 0);
 	authctxt->as = NULL;
-	debug3("%s: <%s> = <%d>", __func__, response, authok);
+	debug3_f("<%s> = <%d>", response, authok);
 	free(response);
 
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_u32(m, authok)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
-	debug3("%s: sending authenticated: %d", __func__, authok);
+	debug3_f("sending authenticated: %d", authok);
 	mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m);
 
 	auth_method = "keyboard-interactive";
@@ -1160,25 +1158,23 @@
 	struct sshkey *key = NULL;
 	char *cuser, *chost;
 	u_int pubkey_auth_attempt;
-	enum mm_keytype type = 0;
+	u_int type = 0;
 	int r, allowed = 0;
 	struct sshauthopt *opts = NULL;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &cuser, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
 	    (r = sshkey_froms(m, &key)) != 0 ||
 	    (r = sshbuf_get_u32(m, &pubkey_auth_attempt)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-
-	debug3("%s: key_from_blob: %p", __func__, key);
+		fatal_fr(r, "parse");
 
 	if (key != NULL && authctxt->valid) {
 		/* These should not make it past the privsep child */
 		if (sshkey_type_plain(key->type) == KEY_RSA &&
-		    (datafellows & SSH_BUG_RSASIGMD5) != 0)
-			fatal("%s: passed a SSH_BUG_RSASIGMD5 key", __func__);
+		    (ssh->compat & SSH_BUG_RSASIGMD5) != 0)
+			fatal_f("passed a SSH_BUG_RSASIGMD5 key");
 
 		switch (type) {
 		case MM_USERKEY:
@@ -1188,7 +1184,7 @@
 			if (auth2_key_already_used(authctxt, key))
 				break;
 			if (!key_base_type_match(auth_method, key,
-			    options.pubkey_key_types))
+			    options.pubkey_accepted_algos))
 				break;
 			allowed = user_key_allowed(ssh, authctxt->pw, key,
 			    pubkey_auth_attempt, &opts);
@@ -1200,7 +1196,7 @@
 			if (auth2_key_already_used(authctxt, key))
 				break;
 			if (!key_base_type_match(auth_method, key,
-			    options.hostbased_key_types))
+			    options.hostbased_accepted_algos))
 				break;
 			allowed = hostbased_key_allowed(ssh, authctxt->pw,
 			    cuser, chost, key);
@@ -1209,13 +1205,13 @@
 			    cuser, chost);
 			break;
 		default:
-			fatal("%s: unknown key type %d", __func__, type);
+			fatal_f("unknown key type %u", type);
 			break;
 		}
 	}
 
-	debug3("%s: %s authentication%s: %s key is %s", __func__,
-	    auth_method, pubkey_auth_attempt ? "" : " test",
+	debug3_f("%s authentication%s: %s key is %s", auth_method,
+	    pubkey_auth_attempt ? "" : " test",
 	    (key == NULL || !authctxt->valid) ? "invalid" : sshkey_type(key),
 	    allowed ? "allowed" : "not allowed");
 
@@ -1227,7 +1223,7 @@
 	if (allowed) {
 		/* Save temporarily for comparison in verify */
 		if ((r = sshkey_to_blob(key, &key_blob, &key_bloblen)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshkey_to_blob");
 		key_blobtype = type;
 		key_opts = opts;
 		hostbased_cuser = cuser;
@@ -1242,9 +1238,9 @@
 
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_u32(m, allowed)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 	if (opts != NULL && (r = sshauthopt_serialise(opts, m, 1)) != 0)
-		fatal("%s: sshauthopt_serialise: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshauthopt_serialise");
 	mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
 
 	if (!allowed)
@@ -1254,7 +1250,7 @@
 }
 
 static int
-monitor_valid_userblob(const u_char *data, u_int datalen)
+monitor_valid_userblob(struct ssh *ssh, const u_char *data, u_int datalen)
 {
 	struct sshbuf *b;
 	const u_char *p;
@@ -1264,9 +1260,9 @@
 	int r, fail = 0;
 
 	if ((b = sshbuf_from(data, datalen)) == NULL)
-		fatal("%s: sshbuf_from", __func__);
+		fatal_f("sshbuf_from");
 
-	if (datafellows & SSH_OLD_SESSIONID) {
+	if (ssh->compat & SSH_OLD_SESSIONID) {
 		p = sshbuf_ptr(b);
 		len = sshbuf_len(b);
 		if ((session_id2 == NULL) ||
@@ -1274,21 +1270,21 @@
 		    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
 			fail++;
 		if ((r = sshbuf_consume(b, session_id2_len)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "consume");
 	} else {
 		if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse sessionid");
 		if ((session_id2 == NULL) ||
 		    (len != session_id2_len) ||
 		    (timingsafe_bcmp(p, session_id2, session_id2_len) != 0))
 			fail++;
 	}
 	if ((r = sshbuf_get_u8(b, &type)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type");
 	if (type != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
 	if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse userstyle");
 	xasprintf(&userstyle, "%s%s%s", authctxt->user,
 	    authctxt->style ? ":" : "",
 	    authctxt->style ? authctxt->style : "");
@@ -1301,17 +1297,17 @@
 	free(cp);
 	if ((r = sshbuf_skip_string(b)) != 0 ||	/* service */
 	    (r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse method");
 	if (strcmp("publickey", cp) != 0)
 		fail++;
 	free(cp);
 	if ((r = sshbuf_get_u8(b, &type)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse pktype");
 	if (type == 0)
 		fail++;
 	if ((r = sshbuf_skip_string(b)) != 0 ||	/* pkalg */
 	    (r = sshbuf_skip_string(b)) != 0)	/* pkblob */
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse pk");
 	if (sshbuf_len(b) != 0)
 		fail++;
 	sshbuf_free(b);
@@ -1330,9 +1326,9 @@
 	u_char type;
 
 	if ((b = sshbuf_from(data, datalen)) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse sessionid");
 
 	if ((session_id2 == NULL) ||
 	    (len != session_id2_len) ||
@@ -1340,11 +1336,11 @@
 		fail++;
 
 	if ((r = sshbuf_get_u8(b, &type)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type");
 	if (type != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
 	if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse userstyle");
 	xasprintf(&userstyle, "%s%s%s", authctxt->user,
 	    authctxt->style ? ":" : "",
 	    authctxt->style ? authctxt->style : "");
@@ -1357,17 +1353,17 @@
 	free(cp);
 	if ((r = sshbuf_skip_string(b)) != 0 ||	/* service */
 	    (r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse method");
 	if (strcmp(cp, "hostbased") != 0)
 		fail++;
 	free(cp);
 	if ((r = sshbuf_skip_string(b)) != 0 ||	/* pkalg */
 	    (r = sshbuf_skip_string(b)) != 0)	/* pkblob */
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse pk");
 
 	/* verify client host, strip trailing dot if necessary */
 	if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse host");
 	if (((len = strlen(cp)) > 0) && cp[len - 1] == '.')
 		cp[len - 1] = '\0';
 	if (strcmp(cp, chost) != 0)
@@ -1376,7 +1372,7 @@
 
 	/* verify client user */
 	if ((r = sshbuf_get_cstring(b, &cp, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse ruser");
 	if (strcmp(cp, cuser) != 0)
 		fail++;
 	free(cp);
@@ -1394,18 +1390,19 @@
 	const u_char *signature, *data, *blob;
 	char *sigalg = NULL, *fp = NULL;
 	size_t signaturelen, datalen, bloblen;
-	int r, ret, req_presence = 0, valid_data = 0, encoded_ret;
+	int r, ret, req_presence = 0, req_verify = 0, valid_data = 0;
+	int encoded_ret;
 	struct sshkey_sig_details *sig_details = NULL;
 
 	if ((r = sshbuf_get_string_direct(m, &blob, &bloblen)) != 0 ||
 	    (r = sshbuf_get_string_direct(m, &signature, &signaturelen)) != 0 ||
 	    (r = sshbuf_get_string_direct(m, &data, &datalen)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	if (hostbased_cuser == NULL || hostbased_chost == NULL ||
 	  !monitor_allowed_key(blob, bloblen))
-		fatal("%s: bad key, not previously allowed", __func__);
+		fatal_f("bad key, not previously allowed");
 
 	/* Empty signature algorithm means NULL. */
 	if (*sigalg == '\0') {
@@ -1415,11 +1412,11 @@
 
 	/* XXX use sshkey_froms here; need to change key_blob, etc. */
 	if ((r = sshkey_from_blob(blob, bloblen, &key)) != 0)
-		fatal("%s: bad public key blob: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse key");
 
 	switch (key_blobtype) {
 	case MM_USERKEY:
-		valid_data = monitor_valid_userblob(data, datalen);
+		valid_data = monitor_valid_userblob(ssh, data, datalen);
 		auth_method = "publickey";
 		break;
 	case MM_HOSTKEY:
@@ -1432,15 +1429,17 @@
 		break;
 	}
 	if (!valid_data)
-		fatal("%s: bad signature data blob", __func__);
+		fatal_f("bad %s signature data blob",
+		    key_blobtype == MM_USERKEY ? "userkey" :
+		    (key_blobtype == MM_HOSTKEY ? "hostkey" : "unknown"));
 
 	if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
 	    SSH_FP_DEFAULT)) == NULL)
-		fatal("%s: sshkey_fingerprint failed", __func__);
+		fatal_f("sshkey_fingerprint failed");
 
 	ret = sshkey_verify(key, signature, signaturelen, data, datalen,
 	    sigalg, ssh->compat, &sig_details);
-	debug3("%s: %s %p signature %s%s%s", __func__, auth_method, key,
+	debug3_f("%s %s signature %s%s%s", auth_method, sshkey_type(key),
 	    (ret == 0) ? "verified" : "unverified",
 	    (ret != 0) ? ": " : "", (ret != 0) ? ssh_err(ret) : "");
 
@@ -1459,6 +1458,18 @@
 			    ssh_remote_port(ssh));
 			ret = SSH_ERR_SIGNATURE_INVALID;
 		}
+		req_verify = (options.pubkey_auth_options &
+		    PUBKEYAUTH_VERIFY_REQUIRED) || key_opts->require_verify;
+		if (req_verify &&
+		    (sig_details->sk_flags & SSH_SK_USER_VERIFICATION_REQD) == 0) {
+			error("public key %s %s signature for %s%s from %.128s "
+			    "port %d rejected: user verification requirement "
+			    "not met ", sshkey_type(key), fp,
+			    authctxt->valid ? "" : "invalid user ",
+			    authctxt->user, ssh_remote_ipaddr(ssh),
+			    ssh_remote_port(ssh));
+			ret = SSH_ERR_SIGNATURE_INVALID;
+		}
 	}
 	auth2_record_key(authctxt, ret == 0, key);
 
@@ -1472,11 +1483,11 @@
 	encoded_ret = (ret != 0);
 	if ((r = sshbuf_put_u32(m, encoded_ret)) != 0 ||
 	    (r = sshbuf_put_u8(m, sig_details != NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 	if (sig_details != NULL) {
 		if ((r = sshbuf_put_u32(m, sig_details->sk_counter)) != 0 ||
 		    (r = sshbuf_put_u8(m, sig_details->sk_flags)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "assemble sk");
 	}
 	sshkey_sig_details_free(sig_details);
 	mm_request_send(sock, MONITOR_ANS_KEYVERIFY, m);
@@ -1516,9 +1527,9 @@
 static void
 mm_session_close(Session *s)
 {
-	debug3("%s: session %d pid %ld", __func__, s->self, (long)s->pid);
+	debug3_f("session %d pid %ld", s->self, (long)s->pid);
 	if (s->ttyfd != -1) {
-		debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd);
+		debug3_f("tty %s ptyfd %d", s->tty, s->ptyfd);
 		session_pty_cleanup2(s);
 	}
 	session_unused(s->self);
@@ -1531,7 +1542,7 @@
 	Session *s;
 	int r, res, fd0;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	sshbuf_reset(m);
 	s = session_new();
@@ -1547,11 +1558,11 @@
 
 	if ((r = sshbuf_put_u32(m, 1)) != 0 ||
 	    (r = sshbuf_put_cstring(m, s->tty)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	/* We need to trick ttyslot */
 	if (dup2(s->ttyfd, 0) == -1)
-		fatal("%s: dup2", __func__);
+		fatal_f("dup2");
 
 	mm_record_login(ssh, s, authctxt->pw);
 
@@ -1560,28 +1571,28 @@
 
 	/* send messages generated by record_login */
 	if ((r = sshbuf_put_stringb(m, loginmsg)) != 0)
-		fatal("%s: put login message: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble loginmsg");
 	sshbuf_reset(loginmsg);
 
 	mm_request_send(sock, MONITOR_ANS_PTY, m);
 
 	if (mm_send_fd(sock, s->ptyfd) == -1 ||
 	    mm_send_fd(sock, s->ttyfd) == -1)
-		fatal("%s: send fds failed", __func__);
+		fatal_f("send fds failed");
 
 	/* make sure nothing uses fd 0 */
 	if ((fd0 = open(_PATH_DEVNULL, O_RDONLY)) == -1)
-		fatal("%s: open(/dev/null): %s", __func__, strerror(errno));
+		fatal_f("open(/dev/null): %s", strerror(errno));
 	if (fd0 != 0)
-		error("%s: fd0 %d != 0", __func__, fd0);
+		error_f("fd0 %d != 0", fd0);
 
-	/* slave is not needed */
+	/* slave side of pty is not needed */
 	close(s->ttyfd);
 	s->ttyfd = s->ptyfd;
 	/* no need to dup() because nobody closes ptyfd */
 	s->ptymaster = s->ptyfd;
 
-	debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ttyfd);
+	debug3_f("tty %s ptyfd %d", s->tty, s->ttyfd);
 
 	return (0);
 
@@ -1589,7 +1600,7 @@
 	if (s != NULL)
 		mm_session_close(s);
 	if ((r = sshbuf_put_u32(m, 0)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble 0");
 	mm_request_send(sock, MONITOR_ANS_PTY, m);
 	return (0);
 }
@@ -1601,10 +1612,10 @@
 	char *tty;
 	int r;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if ((r = sshbuf_get_cstring(m, &tty, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse tty");
 	if ((s = session_by_tty(tty)) != NULL)
 		mm_session_close(s);
 	sshbuf_reset(m);
@@ -1618,7 +1629,7 @@
 	extern struct monitor *pmonitor;
 	int res, status;
 
-	debug3("%s: tearing down sessions", __func__);
+	debug3_f("tearing down sessions");
 
 	/* The child is terminating */
 	session_destroy_all(ssh, &mm_session_close);
@@ -1700,33 +1711,39 @@
 	struct kex *kex;
 	int r;
 
-	debug3("%s: packet_set_state", __func__);
+	debug3_f("packet_set_state");
 	if ((r = ssh_packet_set_state(ssh, child_state)) != 0)
-                fatal("%s: packet_set_state: %s", __func__, ssh_err(r));
+		fatal_fr(r, "packet_set_state");
 	sshbuf_free(child_state);
 	child_state = NULL;
-
-	if ((kex = ssh->kex) != NULL) {
-		/* XXX set callbacks */
+	if ((kex = ssh->kex) == NULL)
+		fatal_f("internal error: ssh->kex == NULL");
+	if (session_id2_len != sshbuf_len(ssh->kex->session_id)) {
+		fatal_f("incorrect session id length %zu (expected %u)",
+		    sshbuf_len(ssh->kex->session_id), session_id2_len);
+	}
+	if (memcmp(sshbuf_ptr(ssh->kex->session_id), session_id2,
+	    session_id2_len) != 0)
+		fatal_f("session ID mismatch");
+	/* XXX set callbacks */
 #ifdef WITH_OPENSSL
-		kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
-		kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
-		kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
-		kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
-		kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
-		kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
-		kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
+	kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
+	kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
+	kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
+	kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
+	kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
+	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
+	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
 # ifdef OPENSSL_HAS_ECC
-		kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
+	kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
 # endif
 #endif /* WITH_OPENSSL */
-		kex->kex[KEX_C25519_SHA256] = kex_gen_server;
-		kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
-		kex->load_host_public_key=&get_hostkey_public_by_type;
-		kex->load_host_private_key=&get_hostkey_private_by_type;
-		kex->host_key_index=&get_hostkey_index;
-		kex->sign = sshd_hostkey_sign;
-	}
+	kex->kex[KEX_C25519_SHA256] = kex_gen_server;
+	kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
+	kex->load_host_public_key=&get_hostkey_public_by_type;
+	kex->load_host_private_key=&get_hostkey_private_by_type;
+	kex->host_key_index=&get_hostkey_index;
+	kex->sign = sshd_hostkey_sign;
 }
 
 /* This function requires careful sanity checking */
@@ -1734,13 +1751,13 @@
 void
 mm_get_keystate(struct ssh *ssh, struct monitor *pmonitor)
 {
-	debug3("%s: Waiting for new keys", __func__);
+	debug3_f("Waiting for new keys");
 
 	if ((child_state = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT,
 	    child_state);
-	debug3("%s: GOT new keys", __func__);
+	debug3_f("GOT new keys");
 }
 
 
@@ -1760,7 +1777,7 @@
 #endif
 
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, pair) == -1)
-		fatal("%s: socketpair: %s", __func__, strerror(errno));
+		fatal_f("socketpair: %s", strerror(errno));
 #ifdef SO_ZEROIZE
 	if (setsockopt(pair[0], SOL_SOCKET, SO_ZEROIZE, &on, sizeof(on)) == -1)
 		error("setsockopt SO_ZEROIZE(0): %.100s", strerror(errno));
@@ -1774,7 +1791,7 @@
 
 	if (do_logfds) {
 		if (pipe(pair) == -1)
-			fatal("%s: pipe: %s", __func__, strerror(errno));
+			fatal_f("pipe: %s", strerror(errno));
 		FD_CLOSEONEXEC(pair[0]);
 		FD_CLOSEONEXEC(pair[1]);
 		mon->m_log_recvfd = pair[0];
@@ -1813,10 +1830,10 @@
 	int r;
 
 	if (!options.gss_authentication)
-		fatal("%s: GSSAPI authentication not enabled", __func__);
+		fatal_f("GSSAPI authentication not enabled");
 
 	if ((r = sshbuf_get_string(m, &p, &len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	goid.elements = p;
 	goid.length = len;
 
@@ -1826,7 +1843,7 @@
 
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_u32(m, major)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(sock, MONITOR_ANS_GSSSETUP, m);
 
@@ -1846,10 +1863,10 @@
 	int r;
 
 	if (!options.gss_authentication)
-		fatal("%s: GSSAPI authentication not enabled", __func__);
+		fatal_f("GSSAPI authentication not enabled");
 
 	if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "ssh_gssapi_get_buffer_desc");
 	major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
 	free(in.value);
 
@@ -1857,7 +1874,7 @@
 	if ((r = sshbuf_put_u32(m, major)) != 0 ||
 	    (r = sshbuf_put_string(m, out.value, out.length)) != 0 ||
 	    (r = sshbuf_put_u32(m, flags)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 	mm_request_send(sock, MONITOR_ANS_GSSSTEP, m);
 
 	gss_release_buffer(&minor, &out);
@@ -1878,11 +1895,11 @@
 	int r;
 
 	if (!options.gss_authentication)
-		fatal("%s: GSSAPI authentication not enabled", __func__);
+		fatal_f("GSSAPI authentication not enabled");
 
 	if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 ||
 	    (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "ssh_gssapi_get_buffer_desc");
 
 	ret = ssh_gssapi_checkmic(gsscontext, &gssbuf, &mic);
 
@@ -1891,7 +1908,7 @@
 
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_u32(m, ret)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(sock, MONITOR_ANS_GSSCHECKMIC, m);
 
@@ -1908,15 +1925,15 @@
 	const char *displayname;
 
 	if (!options.gss_authentication)
-		fatal("%s: GSSAPI authentication not enabled", __func__);
+		fatal_f("GSSAPI authentication not enabled");
 
 	authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
 
 	sshbuf_reset(m);
 	if ((r = sshbuf_put_u32(m, authenticated)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
-	debug3("%s: sending result %d", __func__, authenticated);
+	debug3_f("sending result %d", authenticated);
 	mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m);
 
 	auth_method = "gssapi-with-mic";

monitor_fdpass.c

diff --git a/monitor_fdpass.c b/monitor_fdpass.c
index d766edc..a07727a 100644
--- a/monitor_fdpass.c
+++ b/monitor_fdpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_fdpass.c,v 1.21 2016/02/29 20:22:36 jca Exp $ */
+/* $OpenBSD: monitor_fdpass.c,v 1.22 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Copyright 2001 Niels Provos <provos@citi.umich.edu>
  * All rights reserved.
@@ -89,17 +89,16 @@
 	pfd.events = POLLOUT;
 	while ((n = sendmsg(sock, &msg, 0)) == -1 &&
 	    (errno == EAGAIN || errno == EINTR)) {
-		debug3("%s: sendmsg(%d): %s", __func__, fd, strerror(errno));
+		debug3_f("sendmsg(%d): %s", fd, strerror(errno));
 		(void)poll(&pfd, 1, -1);
 	}
 	if (n == -1) {
-		error("%s: sendmsg(%d): %s", __func__, fd,
-		    strerror(errno));
+		error_f("sendmsg(%d): %s", fd, strerror(errno));
 		return -1;
 	}
 
 	if (n != 1) {
-		error("%s: sendmsg: expected sent 1 got %zd", __func__, n);
+		error_f("sendmsg: expected sent 1 got %zd", n);
 		return -1;
 	}
 	return 0;
@@ -145,35 +144,34 @@
 	pfd.events = POLLIN;
 	while ((n = recvmsg(sock, &msg, 0)) == -1 &&
 	    (errno == EAGAIN || errno == EINTR)) {
-		debug3("%s: recvmsg: %s", __func__, strerror(errno));
+		debug3_f("recvmsg: %s", strerror(errno));
 		(void)poll(&pfd, 1, -1);
 	}
 	if (n == -1) {
-		error("%s: recvmsg: %s", __func__, strerror(errno));
+		error_f("recvmsg: %s", strerror(errno));
 		return -1;
 	}
 
 	if (n != 1) {
-		error("%s: recvmsg: expected received 1 got %zd", __func__, n);
+		error_f("recvmsg: expected received 1 got %zd", n);
 		return -1;
 	}
 
 #ifdef HAVE_ACCRIGHTS_IN_MSGHDR
 	if (msg.msg_accrightslen != sizeof(fd)) {
-		error("%s: no fd", __func__);
+		error_f("no fd");
 		return -1;
 	}
 #else
 	cmsg = CMSG_FIRSTHDR(&msg);
 	if (cmsg == NULL) {
-		error("%s: no message header", __func__);
+		error_f("no message header");
 		return -1;
 	}
 
 #ifndef BROKEN_CMSG_TYPE
 	if (cmsg->cmsg_type != SCM_RIGHTS) {
-		error("%s: expected type %d got %d", __func__,
-		    SCM_RIGHTS, cmsg->cmsg_type);
+		error_f("expected %d got %d", SCM_RIGHTS, cmsg->cmsg_type);
 		return -1;
 	}
 #endif
@@ -181,7 +179,7 @@
 #endif
 	return fd;
 #else
-	error("%s: file descriptor passing not supported", __func__);
+	error_f("file descriptor passing not supported");
 	return -1;
 #endif
 }

monitor_wrap.c

diff --git a/monitor_wrap.c b/monitor_wrap.c
index 001a8fa..748333c 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.117 2019/12/15 18:57:30 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.123 2021/04/15 16:24:31 markus Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -82,7 +82,7 @@
 extern ServerOptions options;
 
 void
-mm_log_handler(LogLevel level, const char *msg, void *ctx)
+mm_log_handler(LogLevel level, int forced, const char *msg, void *ctx)
 {
 	struct sshbuf *log_msg;
 	struct monitor *mon = (struct monitor *)ctx;
@@ -90,21 +90,22 @@
 	size_t len;
 
 	if (mon->m_log_sendfd == -1)
-		fatal("%s: no log channel", __func__);
+		fatal_f("no log channel");
 
 	if ((log_msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	if ((r = sshbuf_put_u32(log_msg, 0)) != 0 || /* length; filled below */
 	    (r = sshbuf_put_u32(log_msg, level)) != 0 ||
+	    (r = sshbuf_put_u32(log_msg, forced)) != 0 ||
 	    (r = sshbuf_put_cstring(log_msg, msg)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 	if ((len = sshbuf_len(log_msg)) < 4 || len > 0xffffffff)
-		fatal("%s: bad length %zu", __func__, len);
+		fatal_f("bad length %zu", len);
 	POKE_U32(sshbuf_mutable_ptr(log_msg), len - 4);
 	if (atomicio(vwrite, mon->m_log_sendfd,
 	    sshbuf_mutable_ptr(log_msg), len) != len)
-		fatal("%s: write: %s", __func__, strerror(errno));
+		fatal_f("write: %s", strerror(errno));
 	sshbuf_free(log_msg);
 }
 
@@ -124,16 +125,16 @@
 	size_t mlen = sshbuf_len(m);
 	u_char buf[5];
 
-	debug3("%s entering: type %d", __func__, type);
+	debug3_f("entering, type %d", type);
 
 	if (mlen >= 0xffffffff)
-		fatal("%s: bad length %zu", __func__, mlen);
+		fatal_f("bad length %zu", mlen);
 	POKE_U32(buf, mlen + 1);
 	buf[4] = (u_char) type;		/* 1st byte of payload is mesg-type */
 	if (atomicio(vwrite, sock, buf, sizeof(buf)) != sizeof(buf))
-		fatal("%s: write: %s", __func__, strerror(errno));
+		fatal_f("write: %s", strerror(errno));
 	if (atomicio(vwrite, sock, sshbuf_mutable_ptr(m), mlen) != mlen)
-		fatal("%s: write: %s", __func__, strerror(errno));
+		fatal_f("write: %s", strerror(errno));
 }
 
 void
@@ -143,21 +144,21 @@
 	u_int msg_len;
 	int r;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if (atomicio(read, sock, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno == EPIPE)
 			cleanup_exit(255);
-		fatal("%s: read: %s", __func__, strerror(errno));
+		fatal_f("read: %s", strerror(errno));
 	}
 	msg_len = PEEK_U32(buf);
 	if (msg_len > 256 * 1024)
-		fatal("%s: read: bad msg_len %d", __func__, msg_len);
+		fatal_f("read: bad msg_len %d", msg_len);
 	sshbuf_reset(m);
 	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reserve");
 	if (atomicio(read, sock, p, msg_len) != msg_len)
-		fatal("%s: read: %s", __func__, strerror(errno));
+		fatal_f("read: %s", strerror(errno));
 }
 
 void
@@ -166,14 +167,13 @@
 	u_char rtype;
 	int r;
 
-	debug3("%s entering: type %d", __func__, type);
+	debug3_f("entering, type %d", type);
 
 	mm_request_receive(sock, m);
 	if ((r = sshbuf_get_u8(m, &rtype)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (rtype != type)
-		fatal("%s: read: rtype %d != type %d", __func__,
-		    rtype, type);
+		fatal_f("read: rtype %d != type %d", rtype, type);
 }
 
 #ifdef WITH_OPENSSL
@@ -186,27 +186,27 @@
 	struct sshbuf *m;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u32(m, min)) != 0 ||
 	    (r = sshbuf_put_u32(m, nbits)) != 0 ||
 	    (r = sshbuf_put_u32(m, max)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_MODULI, m);
 
-	debug3("%s: waiting for MONITOR_ANS_MODULI", __func__);
+	debug3_f("waiting for MONITOR_ANS_MODULI");
 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_MODULI, m);
 
 	if ((r = sshbuf_get_u8(m, &success)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse success");
 	if (success == 0)
-		fatal("%s: MONITOR_ANS_MODULI failed", __func__);
+		fatal_f("MONITOR_ANS_MODULI failed");
 
 	if ((r = sshbuf_get_bignum2(m, &p)) != 0 ||
 	    (r = sshbuf_get_bignum2(m, &g)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse group");
 
-	debug3("%s: remaining %zu", __func__, sshbuf_len(m));
+	debug3_f("remaining %zu", sshbuf_len(m));
 	sshbuf_free(m);
 
 	return (dh_new_group(g, p));
@@ -216,33 +216,42 @@
 int
 mm_sshkey_sign(struct ssh *ssh, struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen, const char *hostkey_alg,
-    const char *sk_provider, u_int compat)
+    const char *sk_provider, const char *sk_pin, u_int compat)
 {
 	struct kex *kex = *pmonitor->m_pkex;
 	struct sshbuf *m;
 	u_int ndx = kex->host_key_index(key, 0, ssh);
 	int r;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u32(m, ndx)) != 0 ||
 	    (r = sshbuf_put_string(m, data, datalen)) != 0 ||
 	    (r = sshbuf_put_cstring(m, hostkey_alg)) != 0 ||
 	    (r = sshbuf_put_u32(m, compat)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_SIGN, m);
 
-	debug3("%s: waiting for MONITOR_ANS_SIGN", __func__);
+	debug3_f("waiting for MONITOR_ANS_SIGN");
 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_SIGN, m);
 	if ((r = sshbuf_get_string(m, sigp, lenp)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	sshbuf_free(m);
 
 	return (0);
 }
 
+#define GETPW(b, id) \
+	do { \
+		if ((r = sshbuf_get_string_direct(b, &p, &len)) != 0) \
+			fatal_fr(r, "parse pw %s", #id); \
+		if (len != sizeof(pw->id)) \
+			fatal_fr(r, "bad length for %s", #id); \
+		memcpy(&pw->id, p, len); \
+	} while (0)
+
 struct passwd *
 mm_getpwnamallow(struct ssh *ssh, const char *username)
 {
@@ -255,20 +264,20 @@
 	u_char ok;
 	const u_char *p;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_cstring(m, username)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PWNAM, m);
 
-	debug3("%s: waiting for MONITOR_ANS_PWNAM", __func__);
+	debug3_f("waiting for MONITOR_ANS_PWNAM");
 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PWNAM, m);
 
 	if ((r = sshbuf_get_u8(m, &ok)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse success");
 	if (ok == 0) {
 		pw = NULL;
 		goto out;
@@ -276,12 +285,14 @@
 
 	/* XXX don't like passing struct passwd like this */
 	pw = xcalloc(sizeof(*pw), 1);
-	if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	if (len != sizeof(*pw))
-		fatal("%s: struct passwd size mismatch", __func__);
-	memcpy(pw, p, sizeof(*pw));
-
+	GETPW(m, pw_uid);
+	GETPW(m, pw_gid);
+#ifdef HAVE_STRUCT_PASSWD_PW_CHANGE
+	GETPW(m, pw_change);
+#endif
+#ifdef HAVE_STRUCT_PASSWD_PW_EXPIRE
+	GETPW(m, pw_expire);
+#endif
 	if ((r = sshbuf_get_cstring(m, &pw->pw_name, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &pw->pw_passwd, NULL)) != 0 ||
 #ifdef HAVE_STRUCT_PASSWD_PW_GECOS
@@ -292,24 +303,21 @@
 #endif
 	    (r = sshbuf_get_cstring(m, &pw->pw_dir, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &pw->pw_shell, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse pw");
 
 out:
 	/* copy options block as a Match directive may have changed some */
 	if ((r = sshbuf_get_string_direct(m, &p, &len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse opts");
 	if (len != sizeof(*newopts))
-		fatal("%s: option block size mismatch", __func__);
+		fatal_f("option block size mismatch");
 	newopts = xcalloc(sizeof(*newopts), 1);
 	memcpy(newopts, p, sizeof(*newopts));
 
 #define M_CP_STROPT(x) do { \
-		if (newopts->x != NULL) { \
-			if ((r = sshbuf_get_cstring(m, \
-			    &newopts->x, NULL)) != 0) \
-				fatal("%s: buffer error: %s", \
-				    __func__, ssh_err(r)); \
-		} \
+		if (newopts->x != NULL && \
+		    (r = sshbuf_get_cstring(m, &newopts->x, NULL)) != 0) \
+			fatal_fr(r, "parse %s", #x); \
 	} while (0)
 #define M_CP_STRARRAYOPT(x, nx) do { \
 		newopts->x = newopts->nx == 0 ? \
@@ -317,8 +325,7 @@
 		for (i = 0; i < newopts->nx; i++) { \
 			if ((r = sshbuf_get_cstring(m, \
 			    &newopts->x[i], NULL)) != 0) \
-				fatal("%s: buffer error: %s", \
-				    __func__, ssh_err(r)); \
+				fatal_fr(r, "parse %s", #x); \
 		} \
 	} while (0)
 	/* See comment in servconf.h */
@@ -328,6 +335,9 @@
 
 	copy_set_server_options(&options, newopts, 1);
 	log_change_level(options.log_level);
+	log_verbose_reset();
+	for (i = 0; i < options.num_log_verbose; i++)
+		log_verbose_add(options.log_verbose[i]);
 	process_permitopen(ssh, &options);
 	free(newopts);
 
@@ -343,17 +353,17 @@
 	char *banner;
 	int r;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTH2_READ_BANNER, m);
 	sshbuf_reset(m);
 
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_AUTH2_READ_BANNER, m);
 	if ((r = sshbuf_get_cstring(m, &banner, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	sshbuf_free(m);
 
 	/* treat empty banner as missing banner */
@@ -372,13 +382,13 @@
 	struct sshbuf *m;
 	int r;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_cstring(m, service)) != 0 ||
 	    (r = sshbuf_put_cstring(m, style ? style : "")) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHSERV, m);
 
@@ -395,32 +405,31 @@
 	u_int maxtries = 0;
 #endif
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_cstring(m, password)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHPASSWORD, m);
 
-	debug3("%s: waiting for MONITOR_ANS_AUTHPASSWORD", __func__);
+	debug3_f("waiting for MONITOR_ANS_AUTHPASSWORD");
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_AUTHPASSWORD, m);
 
 	if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 #ifdef USE_PAM
 	if ((r = sshbuf_get_u32(m, &maxtries)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse PAM");
 	if (maxtries > INT_MAX)
-		fatal("%s: bad maxtries %u", __func__, maxtries);
+		fatal_fr(r, "bad maxtries");
 	sshpam_set_maxtries_reached(maxtries);
 #endif
 
 	sshbuf_free(m);
 
-	debug3("%s: user %sauthenticated",
-	    __func__, authenticated ? "" : "not ");
+	debug3_f("user %sauthenticated", authenticated ? "" : "not ");
 	return (authenticated);
 }
 
@@ -447,33 +456,31 @@
 	int r, allowed = 0;
 	struct sshauthopt *opts = NULL;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if (authoptp != NULL)
 		*authoptp = NULL;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u32(m, type)) != 0 ||
 	    (r = sshbuf_put_cstring(m, user ? user : "")) != 0 ||
 	    (r = sshbuf_put_cstring(m, host ? host : "")) != 0 ||
 	    (r = sshkey_puts(key, m)) != 0 ||
 	    (r = sshbuf_put_u32(m, pubkey_auth_attempt)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYALLOWED, m);
 
-	debug3("%s: waiting for MONITOR_ANS_KEYALLOWED", __func__);
+	debug3_f("waiting for MONITOR_ANS_KEYALLOWED");
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_KEYALLOWED, m);
 
 	if ((r = sshbuf_get_u32(m, &allowed)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	if (allowed && type == MM_USERKEY) {
-		if ((r = sshauthopt_deserialise(m, &opts)) != 0)
-			fatal("%s: sshauthopt_deserialise: %s",
-			    __func__, ssh_err(r));
-	}
+		fatal_fr(r, "parse");
+	if (allowed && type == MM_USERKEY &&
+	    (r = sshauthopt_deserialise(m, &opts)) != 0)
+		fatal_fr(r, "sshauthopt_deserialise");
 	sshbuf_free(m);
 
 	if (authoptp != NULL) {
@@ -502,31 +509,31 @@
 	u_char sig_details_present, flags;
 	u_int counter;
 
-	debug3("%s entering", __func__);
+	debug3_f("entering");
 
 	if (sig_detailsp != NULL)
 		*sig_detailsp = NULL;
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshkey_puts(key, m)) != 0 ||
 	    (r = sshbuf_put_string(m, sig, siglen)) != 0 ||
 	    (r = sshbuf_put_string(m, data, datalen)) != 0 ||
 	    (r = sshbuf_put_cstring(m, sigalg == NULL ? "" : sigalg)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_KEYVERIFY, m);
 
-	debug3("%s: waiting for MONITOR_ANS_KEYVERIFY", __func__);
+	debug3_f("waiting for MONITOR_ANS_KEYVERIFY");
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_KEYVERIFY, m);
 
 	if ((r = sshbuf_get_u32(m, &encoded_ret)) != 0 ||
 	    (r = sshbuf_get_u8(m, &sig_details_present)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (sig_details_present && encoded_ret == 0) {
 		if ((r = sshbuf_get_u32(m, &counter)) != 0 ||
 		    (r = sshbuf_get_u8(m, &flags)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse sig_details");
 		if (sig_detailsp != NULL) {
 			*sig_detailsp = xcalloc(1, sizeof(**sig_detailsp));
 			(*sig_detailsp)->sk_counter = counter;
@@ -548,12 +555,11 @@
 	int r;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = ssh_packet_get_state(ssh, m)) != 0)
-		fatal("%s: get_state failed: %s",
-		    __func__, ssh_err(r));
+		fatal_fr(r, "ssh_packet_get_state");
 	mm_request_send(monitor->m_recvfd, MONITOR_REQ_KEYEXPORT, m);
-	debug3("%s: Finished sending state", __func__);
+	debug3_f("Finished sending state");
 	sshbuf_free(m);
 }
 
@@ -567,7 +573,7 @@
 	/* Kludge: ensure there are fds free to receive the pty/tty */
 	if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
 	    (tmp2 = dup(pmonitor->m_recvfd)) == -1) {
-		error("%s: cannot allocate fds for pty", __func__);
+		error_f("cannot allocate fds for pty");
 		if (tmp1 > 0)
 			close(tmp1);
 		if (tmp2 > 0)
@@ -578,34 +584,34 @@
 	close(tmp2);
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTY, m);
 
-	debug3("%s: waiting for MONITOR_ANS_PTY", __func__);
+	debug3_f("waiting for MONITOR_ANS_PTY");
 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PTY, m);
 
 	if ((r = sshbuf_get_u32(m, &success)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse success");
 	if (success == 0) {
-		debug3("%s: pty alloc failed", __func__);
+		debug3_f("pty alloc failed");
 		sshbuf_free(m);
 		return (0);
 	}
 	if ((r = sshbuf_get_cstring(m, &p, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &msg, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	sshbuf_free(m);
 
 	strlcpy(namebuf, p, namebuflen); /* Possible truncation */
 	free(p);
 
 	if ((r = sshbuf_put(loginmsg, msg, strlen(msg))) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "put loginmsg");
 	free(msg);
 
 	if ((*ptyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1 ||
 	    (*ttyfd = mm_receive_fd(pmonitor->m_recvfd)) == -1)
-		fatal("%s: receive fds failed", __func__);
+		fatal_f("receive fds failed");
 
 	/* Success */
 	return (1);
@@ -620,9 +626,9 @@
 	if (s->ttyfd == -1)
 		return;
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_cstring(m, s->tty)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assmble");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PTYCLEANUP, m);
 	sshbuf_free(m);
 
@@ -795,7 +801,7 @@
 	struct sshbuf *m;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_TERM, m);
 	sshbuf_free(m);
 }
@@ -821,31 +827,31 @@
 	char *challenge;
 	int r;
 
-	debug3("%s: entering", __func__);
+	debug3_f("entering");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHQUERY, m);
 
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_BSDAUTHQUERY, m);
 	if ((r = sshbuf_get_u32(m, &success)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse success");
 	if (success == 0) {
-		debug3("%s: no challenge", __func__);
+		debug3_f("no challenge");
 		sshbuf_free(m);
 		return (-1);
 	}
 
 	/* Get the challenge, and format the response */
 	if ((r = sshbuf_get_cstring(m, &challenge, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse challenge");
 	sshbuf_free(m);
 
 	mm_chall_setup(name, infotxt, numprompts, prompts, echo_on);
 	(*prompts)[0] = challenge;
 
-	debug3("%s: received challenge: %s", __func__, challenge);
+	debug3_f("received challenge: %s", challenge);
 
 	return (0);
 }
@@ -856,21 +862,21 @@
 	struct sshbuf *m;
 	int r, authok;
 
-	debug3("%s: entering", __func__);
+	debug3_f("entering");
 	if (numresponses != 1)
 		return (-1);
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_cstring(m, responses[0])) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_BSDAUTHRESPOND, m);
 
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_BSDAUTHRESPOND, m);
 
 	if ((r = sshbuf_get_u32(m, &authok)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	sshbuf_free(m);
 
 	return ((authok == 0) ? -1 : 0);
@@ -924,15 +930,15 @@
 	*ctx = NULL;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_string(m, goid->elements, goid->length)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSETUP, m);
 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSETUP, m);
 
 	if ((r = sshbuf_get_u32(m, &major)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	sshbuf_free(m);
 	return (major);
@@ -948,19 +954,19 @@
 	int r;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_string(m, in->value, in->length)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSSTEP, m);
 	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_GSSSTEP, m);
 
 	if ((r = sshbuf_get_u32(m, &major)) != 0 ||
 	    (r = ssh_gssapi_get_buffer_desc(m, out)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (flagsp != NULL) {
 		if ((r = sshbuf_get_u32(m, &flags)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse flags");
 		*flagsp = flags;
 	}
 
@@ -977,17 +983,17 @@
 	int r;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_string(m, gssbuf->value, gssbuf->length)) != 0 ||
 	    (r = sshbuf_put_string(m, gssmic->value, gssmic->length)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSCHECKMIC, m);
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_GSSCHECKMIC, m);
 
 	if ((r = sshbuf_get_u32(m, &major)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	sshbuf_free(m);
 	return(major);
 }
@@ -999,17 +1005,17 @@
 	int r, authenticated = 0;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_GSSUSEROK, m);
 	mm_request_receive_expect(pmonitor->m_recvfd,
 	    MONITOR_ANS_GSSUSEROK, m);
 
 	if ((r = sshbuf_get_u32(m, &authenticated)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	sshbuf_free(m);
-	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
+	debug3_f("user %sauthenticated", authenticated ? "" : "not ");
 	return (authenticated);
 }
 #endif /* GSSAPI */

monitor_wrap.h

diff --git a/monitor_wrap.h b/monitor_wrap.h
index 23ab096..a163b67 100644
--- a/monitor_wrap.h
+++ b/monitor_wrap.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.h,v 1.44 2019/11/25 00:51:37 djm Exp $ */
+/* $OpenBSD: monitor_wrap.h,v 1.47 2021/04/15 16:24:31 markus Exp $ */
 
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
@@ -40,13 +40,14 @@
 struct sshauthopt;
 struct sshkey_sig_details;
 
-void mm_log_handler(LogLevel, const char *, void *);
+void mm_log_handler(LogLevel, int, const char *, void *);
 int mm_is_monitor(void);
 #ifdef WITH_OPENSSL
 DH *mm_choose_dh(int, int, int);
 #endif
 int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *,
-    const u_char *, size_t, const char *, const char *, u_int compat);
+    const u_char *, size_t, const char *, const char *,
+    const char *, u_int compat);
 void mm_inform_authserv(char *, char *);
 struct passwd *mm_getpwnamallow(struct ssh *, const char *);
 char *mm_auth2_read_banner(void);

msg.c

diff --git a/msg.c b/msg.c
index 99c25cd..d22c4e4 100644
--- a/msg.c
+++ b/msg.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: msg.c,v 1.18 2020/01/22 04:49:16 djm Exp $ */
+/* $OpenBSD: msg.c,v 1.20 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -47,16 +47,16 @@
 	u_char buf[5];
 	u_int mlen = sshbuf_len(m);
 
-	debug3("%s: type %u", __func__, (unsigned int)type & 0xff);
+	debug3_f("type %u", (unsigned int)type & 0xff);
 
 	put_u32(buf, mlen + 1);
 	buf[4] = type;		/* 1st byte of payload is mesg-type */
 	if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) {
-		error("%s: write: %s", __func__, strerror(errno));
+		error_f("write: %s", strerror(errno));
 		return (-1);
 	}
 	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(m), mlen) != mlen) {
-		error("%s: write: %s", __func__, strerror(errno));
+		error_f("write: %s", strerror(errno));
 		return (-1);
 	}
 	return (0);
@@ -73,21 +73,21 @@
 
 	if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
 		if (errno != EPIPE)
-			error("%s: read header: %s", __func__, strerror(errno));
+			error_f("read header: %s", strerror(errno));
 		return (-1);
 	}
 	msg_len = get_u32(buf);
-	if (msg_len > 256 * 1024) {
-		error("%s: read: bad msg_len %u", __func__, msg_len);
+	if (msg_len > sshbuf_max_size(m)) {
+		error_f("read: bad msg_len %u", msg_len);
 		return (-1);
 	}
 	sshbuf_reset(m);
 	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "reserve");
 		return -1;
 	}
 	if (atomicio(read, fd, p, msg_len) != msg_len) {
-		error("%s: read: %s", __func__, strerror(errno));
+		error_f("read: %s", strerror(errno));
 		return (-1);
 	}
 	return (0);

mux.c

diff --git a/mux.c b/mux.c
index fb31ad4..4c0eb42 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.82 2020/04/30 17:12:20 markus Exp $ */
+/* $OpenBSD: mux.c,v 1.91 2021/07/23 04:00:59 djm Exp $ */
 /*
  * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
  *
@@ -71,9 +71,7 @@
 /* from ssh.c */
 extern int tty_flag;
 extern Options options;
-extern int stdin_null_flag;
 extern char *host;
-extern int subsystem_flag;
 extern struct sshbuf *command;
 extern volatile sig_atomic_t quit_pending;
 
@@ -187,20 +185,20 @@
 	{ 0, NULL }
 };
 
-/* Cleanup callback fired on closure of mux slave _session_ channel */
+/* Cleanup callback fired on closure of mux client _session_ channel */
 /* ARGSUSED */
 static void
 mux_master_session_cleanup_cb(struct ssh *ssh, int cid, void *unused)
 {
 	Channel *cc, *c = channel_by_id(ssh, cid);
 
-	debug3("%s: entering for channel %d", __func__, cid);
+	debug3_f("entering for channel %d", cid);
 	if (c == NULL)
-		fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
+		fatal_f("channel_by_id(%i) == NULL", cid);
 	if (c->ctl_chan != -1) {
 		if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL)
-			fatal("%s: channel %d missing control channel %d",
-			    __func__, c->self, c->ctl_chan);
+			fatal_f("channel %d missing control channel %d",
+			    c->self, c->ctl_chan);
 		c->ctl_chan = -1;
 		cc->remote_id = 0;
 		cc->have_remote_id = 0;
@@ -209,26 +207,26 @@
 	channel_cancel_cleanup(ssh, c->self);
 }
 
-/* Cleanup callback fired on closure of mux slave _control_ channel */
+/* Cleanup callback fired on closure of mux client _control_ channel */
 /* ARGSUSED */
 static void
 mux_master_control_cleanup_cb(struct ssh *ssh, int cid, void *unused)
 {
 	Channel *sc, *c = channel_by_id(ssh, cid);
 
-	debug3("%s: entering for channel %d", __func__, cid);
+	debug3_f("entering for channel %d", cid);
 	if (c == NULL)
-		fatal("%s: channel_by_id(%i) == NULL", __func__, cid);
+		fatal_f("channel_by_id(%i) == NULL", cid);
 	if (c->have_remote_id) {
 		if ((sc = channel_by_id(ssh, c->remote_id)) == NULL)
-			fatal("%s: channel %d missing session channel %u",
-			    __func__, c->self, c->remote_id);
+			fatal_f("channel %d missing session channel %u",
+			    c->self, c->remote_id);
 		c->remote_id = 0;
 		c->have_remote_id = 0;
 		sc->ctl_chan = -1;
 		if (sc->type != SSH_CHANNEL_OPEN &&
 		    sc->type != SSH_CHANNEL_OPENING) {
-			debug2("%s: channel %d: not open", __func__, sc->self);
+			debug2_f("channel %d: not open", sc->self);
 			chan_mark_dead(ssh, sc);
 		} else {
 			if (sc->istate == CHAN_INPUT_OPEN)
@@ -251,7 +249,7 @@
 		return 0;
 	ret = snprintf(name, sizeof(name), "%.*s", (int)(cp - env), env);
 	if (ret <= 0 || (size_t)ret >= sizeof(name)) {
-		error("%s: name '%.100s...' too long", __func__, env);
+		error_f("name '%.100s...' too long", env);
 		return 0;
 	}
 
@@ -273,21 +271,21 @@
 	int r;
 
 	if (state == NULL)
-		fatal("%s: channel %d: c->mux_ctx == NULL", __func__, c->self);
+		fatal_f("channel %d: c->mux_ctx == NULL", c->self);
 	if (state->hello_rcvd) {
-		error("%s: HELLO received twice", __func__);
+		error_f("HELLO received twice");
 		return -1;
 	}
 	if ((r = sshbuf_get_u32(m, &ver)) != 0) {
-		error("%s: malformed message: %s", __func__, ssh_err(r));
+		error_fr(r, "parse");
 		return -1;
 	}
 	if (ver != SSHMUX_VER) {
-		error("%s: unsupported multiplexing protocol version %u "
-		    "(expected %u)", __func__, ver, SSHMUX_VER);
+		error_f("unsupported multiplexing protocol version %u "
+		    "(expected %u)", ver, SSHMUX_VER);
 		return -1;
 	}
-	debug2("%s: channel %d slave version %u", __func__, c->self, ver);
+	debug2_f("channel %d client version %u", c->self, ver);
 
 	/* No extensions are presently defined */
 	while (sshbuf_len(m) > 0) {
@@ -296,12 +294,11 @@
 
 		if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 ||
 		    (r = sshbuf_get_string_direct(m, NULL, &value_len)) != 0) {
-			error("%s: malformed extension: %s",
-			    __func__, ssh_err(r));
+			error_fr(r, "parse extension");
 			return -1;
 		}
-		debug2("%s: Unrecognised extension \"%s\" length %zu",
-		    __func__, name, value_len);
+		debug2_f("Unrecognised extension \"%s\" length %zu",
+		    name, value_len);
 		free(name);
 	}
 	state->hello_rcvd = 1;
@@ -316,7 +313,7 @@
 
 	if ((r = sshbuf_put_u32(reply, MUX_S_OK)) != 0 ||
 	    (r = sshbuf_put_u32(reply, rid)) != 0)
-		fatal("%s: reply: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reply");
 }
 
 /* Enqueue an error response to the reply buffer */
@@ -328,7 +325,7 @@
 	if ((r = sshbuf_put_u32(reply, type)) != 0 ||
 	    (r = sshbuf_put_u32(reply, rid)) != 0 ||
 	    (r = sshbuf_put_cstring(reply, msg)) != 0)
-		fatal("%s: reply: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reply");
 }
 
 static int
@@ -363,7 +360,7 @@
 		free(cctx->env);
 		free(cctx->term);
 		free(cctx);
-		error("%s: malformed message", __func__);
+		error_f("malformed message");
 		return -1;
 	}
 
@@ -380,29 +377,28 @@
 		cctx->env[env_len++] = cp;
 		cctx->env[env_len] = NULL;
 		if (env_len > MUX_MAX_ENV_VARS) {
-			error("%s: >%d environment variables received, "
-			    "ignoring additional", __func__, MUX_MAX_ENV_VARS);
+			error_f(">%d environment variables received, "
+			    "ignoring additional", MUX_MAX_ENV_VARS);
 			break;
 		}
 	}
 
-	debug2("%s: channel %d: request tty %d, X %d, agent %d, subsys %d, "
-	    "term \"%s\", cmd \"%s\", env %u", __func__, c->self,
+	debug2_f("channel %d: request tty %d, X %d, agent %d, subsys %d, "
+	    "term \"%s\", cmd \"%s\", env %u", c->self,
 	    cctx->want_tty, cctx->want_x_fwd, cctx->want_agent_fwd,
 	    cctx->want_subsys, cctx->term, cmd, env_len);
 
 	if ((cctx->cmd = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put(cctx->cmd, cmd, strlen(cmd))) != 0)
-		fatal("%s: sshbuf_put: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_put");
 	free(cmd);
 	cmd = NULL;
 
 	/* Gather fds from client */
 	for(i = 0; i < 3; i++) {
 		if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
-			error("%s: failed to receive fd %d from slave",
-			    __func__, i);
+			error_f("failed to receive fd %d from client", i);
 			for (j = 0; j < i; j++)
 				close(new_fd[j]);
 			for (j = 0; j < env_len; j++)
@@ -417,12 +413,12 @@
 		}
 	}
 
-	debug3("%s: got fds stdin %d, stdout %d, stderr %d", __func__,
+	debug3_f("got fds stdin %d, stdout %d, stderr %d",
 	    new_fd[0], new_fd[1], new_fd[2]);
 
 	/* XXX support multiple child sessions in future */
 	if (c->have_remote_id) {
-		debug2("%s: session already open", __func__);
+		debug2_f("session already open");
 		reply_error(reply, MUX_S_FAILURE, rid,
 		    "Multiple sessions not supported");
  cleanup:
@@ -443,7 +439,7 @@
 	if (options.control_master == SSHCTL_MASTER_ASK ||
 	    options.control_master == SSHCTL_MASTER_AUTO_ASK) {
 		if (!ask_permission("Allow shared connection to %s? ", host)) {
-			debug2("%s: session refused by user", __func__);
+			debug2_f("session refused by user");
 			reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
 			    "Permission denied");
 			goto cleanup;
@@ -452,15 +448,7 @@
 
 	/* Try to pick up ttymodes from client before it goes raw */
 	if (cctx->want_tty && tcgetattr(new_fd[0], &cctx->tio) == -1)
-		error("%s: tcgetattr: %s", __func__, strerror(errno));
-
-	/* enable nonblocking unless tty */
-	if (!isatty(new_fd[0]))
-		set_nonblock(new_fd[0]);
-	if (!isatty(new_fd[1]))
-		set_nonblock(new_fd[1]);
-	if (!isatty(new_fd[2]))
-		set_nonblock(new_fd[2]);
+		error_f("tcgetattr: %s", strerror(errno));
 
 	window = CHAN_SES_WINDOW_DEFAULT;
 	packetmax = CHAN_SES_PACKET_DEFAULT;
@@ -471,10 +459,10 @@
 
 	nc = channel_new(ssh, "session", SSH_CHANNEL_OPENING,
 	    new_fd[0], new_fd[1], new_fd[2], window, packetmax,
-	    CHAN_EXTENDED_WRITE, "client-session", /*nonblock*/0);
+	    CHAN_EXTENDED_WRITE, "client-session", CHANNEL_NONBLOCK_STDIO);
 
 	nc->ctl_chan = c->self;		/* link session -> control channel */
-	c->remote_id = nc->self; 	/* link control -> session channel */
+	c->remote_id = nc->self;	/* link control -> session channel */
 	c->have_remote_id = 1;
 
 	if (cctx->want_tty && escape_char != 0xffffffff) {
@@ -484,8 +472,8 @@
 		    client_new_escape_filter_ctx((int)escape_char));
 	}
 
-	debug2("%s: channel_new: %d linked to control channel %d",
-	    __func__, nc->self, nc->ctl_chan);
+	debug2_f("channel_new: %d linked to control channel %d",
+	    nc->self, nc->ctl_chan);
 
 	channel_send_open(ssh, nc->self);
 	channel_register_open_confirm(ssh, nc->self, mux_session_confirm, cctx);
@@ -503,13 +491,13 @@
 {
 	int r;
 
-	debug2("%s: channel %d: alive check", __func__, c->self);
+	debug2_f("channel %d: alive check", c->self);
 
 	/* prepare reply */
 	if ((r = sshbuf_put_u32(reply, MUX_S_ALIVE)) != 0 ||
 	    (r = sshbuf_put_u32(reply, rid)) != 0 ||
 	    (r = sshbuf_put_u32(reply, (u_int)getpid())) != 0)
-		fatal("%s: reply: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reply");
 
 	return 0;
 }
@@ -518,13 +506,13 @@
 mux_master_process_terminate(struct ssh *ssh, u_int rid,
     Channel *c, struct sshbuf *m, struct sshbuf *reply)
 {
-	debug2("%s: channel %d: terminate request", __func__, c->self);
+	debug2_f("channel %d: terminate request", c->self);
 
 	if (options.control_master == SSHCTL_MASTER_ASK ||
 	    options.control_master == SSHCTL_MASTER_AUTO_ASK) {
 		if (!ask_permission("Terminate shared connection to %s? ",
 		    host)) {
-			debug2("%s: termination refused by user", __func__);
+			debug2_f("termination refused by user");
 			reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
 			    "Permission denied");
 			return 0;
@@ -556,7 +544,7 @@
 		xasprintf(&ret, "dynamic forward %.200s:%d -> *",
 		    (fwd->listen_host == NULL) ?
 		    (options.fwd_opts.gateway_ports ? "*" : "LOCALHOST") :
-		     fwd->listen_host, fwd->listen_port);
+		    fwd->listen_host, fwd->listen_port);
 		break;
 	case MUX_FWD_REMOTE:
 		xasprintf(&ret, "remote forward %.200s:%d -> %.200s:%d",
@@ -568,7 +556,7 @@
 		    fwd->connect_host, fwd->connect_port);
 		break;
 	default:
-		fatal("%s: unknown forward type %u", __func__, ftype);
+		fatal_f("unknown forward type %u", ftype);
 	}
 	return ret;
 }
@@ -615,11 +603,11 @@
 
 	if ((c = channel_by_id(ssh, fctx->cid)) == NULL) {
 		/* no channel for reply */
-		error("%s: unknown channel", __func__);
+		error_f("unknown channel");
 		return;
 	}
 	if ((out = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if (fctx->fid >= options.num_remote_forwards ||
 	    (options.remote_forwards[fctx->fid].connect_path == NULL &&
 	    options.remote_forwards[fctx->fid].connect_host == NULL)) {
@@ -627,15 +615,14 @@
 		goto fail;
 	}
 	rfwd = &options.remote_forwards[fctx->fid];
-	debug("%s: %s for: listen %d, connect %s:%d", __func__,
+	debug_f("%s for: listen %d, connect %s:%d",
 	    type == SSH2_MSG_REQUEST_SUCCESS ? "success" : "failure",
 	    rfwd->listen_port, rfwd->connect_path ? rfwd->connect_path :
 	    rfwd->connect_host, rfwd->connect_port);
 	if (type == SSH2_MSG_REQUEST_SUCCESS) {
 		if (rfwd->listen_port == 0) {
 			if ((r = sshpkt_get_u32(ssh, &port)) != 0)
-				fatal("%s: packet error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse port");
 			if (port > 65535) {
 				fatal("Invalid allocated port %u for "
 				    "mux remote forward to %s:%d", port,
@@ -650,9 +637,9 @@
 			    (r = sshbuf_put_u32(out, fctx->rid)) != 0 ||
 			    (r = sshbuf_put_u32(out,
 			    rfwd->allocated_port)) != 0)
-				fatal("%s: reply: %s", __func__, ssh_err(r));
+				fatal_fr(r, "reply");
 			channel_update_permission(ssh, rfwd->handle,
-			   rfwd->allocated_port);
+			    rfwd->allocated_port);
 		} else {
 			reply_ok(out, fctx->rid);
 		}
@@ -667,8 +654,8 @@
 			xasprintf(&failmsg, "remote port forwarding failed for "
 			    "listen port %d", rfwd->listen_port);
 
-                debug2("%s: clearing registered forwarding for listen %d, "
-		    "connect %s:%d", __func__, rfwd->listen_port,
+		debug2_f("clearing registered forwarding for listen %d, "
+		    "connect %s:%d", rfwd->listen_port,
 		    rfwd->connect_path ? rfwd->connect_path :
 		    rfwd->connect_host, rfwd->connect_port);
 
@@ -679,15 +666,15 @@
 		memset(rfwd, 0, sizeof(*rfwd));
 	}
  fail:
-	error("%s: %s", __func__, failmsg);
+	error_f("%s", failmsg);
 	reply_error(out, MUX_S_FAILURE, fctx->rid, failmsg);
 	free(failmsg);
  out:
 	if ((r = sshbuf_put_stringb(c->output, out)) != 0)
-		fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r));
+		fatal_fr(r, "enqueue");
 	sshbuf_free(out);
 	if (c->mux_pause <= 0)
-		fatal("%s: mux_pause %d", __func__, c->mux_pause);
+		fatal_f("mux_pause %d", c->mux_pause);
 	c->mux_pause = 0; /* start processing messages again */
 }
 
@@ -712,7 +699,7 @@
 	    (r = sshbuf_get_u32(m, &cport)) != 0 ||
 	    (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
 	    (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
-		error("%s: malformed message", __func__);
+		error_f("malformed message");
 		ret = -1;
 		goto out;
 	}
@@ -737,12 +724,12 @@
 	else
 		fwd.connect_host = connect_addr;
 
-	debug2("%s: channel %d: request %s", __func__, c->self,
+	debug2_f("channel %d: request %s", c->self,
 	    (fwd_desc = format_forward(ftype, &fwd)));
 
 	if (ftype != MUX_FWD_LOCAL && ftype != MUX_FWD_REMOTE &&
 	    ftype != MUX_FWD_DYNAMIC) {
-		logit("%s: invalid forwarding type %u", __func__, ftype);
+		logit_f("invalid forwarding type %u", ftype);
  invalid:
 		free(listen_addr);
 		free(connect_addr);
@@ -751,26 +738,25 @@
 		return 0;
 	}
 	if (ftype == MUX_FWD_DYNAMIC && fwd.listen_path) {
-		logit("%s: streamlocal and dynamic forwards "
-		    "are mutually exclusive", __func__);
+		logit_f("streamlocal and dynamic forwards "
+		    "are mutually exclusive");
 		goto invalid;
 	}
 	if (fwd.listen_port != PORT_STREAMLOCAL && fwd.listen_port >= 65536) {
-		logit("%s: invalid listen port %u", __func__,
-		    fwd.listen_port);
+		logit_f("invalid listen port %u", fwd.listen_port);
 		goto invalid;
 	}
 	if ((fwd.connect_port != PORT_STREAMLOCAL &&
 	    fwd.connect_port >= 65536) ||
 	    (ftype != MUX_FWD_DYNAMIC && ftype != MUX_FWD_REMOTE &&
 	    fwd.connect_port == 0)) {
-		logit("%s: invalid connect port %u", __func__,
+		logit_f("invalid connect port %u",
 		    fwd.connect_port);
 		goto invalid;
 	}
 	if (ftype != MUX_FWD_DYNAMIC && fwd.connect_host == NULL &&
 	    fwd.connect_path == NULL) {
-		logit("%s: missing connect host", __func__);
+		logit_f("missing connect host");
 		goto invalid;
 	}
 
@@ -782,8 +768,7 @@
 			if (compare_forward(&fwd,
 			    options.local_forwards + i)) {
  exists:
-				debug2("%s: found existing forwarding",
-				    __func__);
+				debug2_f("found existing forwarding");
 				reply_ok(reply, rid);
 				goto out;
 			}
@@ -795,13 +780,13 @@
 				continue;
 			if (fwd.listen_port != 0)
 				goto exists;
-			debug2("%s: found allocated port", __func__);
+			debug2_f("found allocated port");
 			if ((r = sshbuf_put_u32(reply,
 			    MUX_S_REMOTE_PORT)) != 0 ||
 			    (r = sshbuf_put_u32(reply, rid)) != 0 ||
 			    (r = sshbuf_put_u32(reply,
 			    options.remote_forwards[i].allocated_port)) != 0)
-				fatal("%s: reply: %s", __func__, ssh_err(r));
+				fatal_fr(r, "reply FWD_REMOTE");
 			goto out;
 		}
 		break;
@@ -810,7 +795,7 @@
 	if (options.control_master == SSHCTL_MASTER_ASK ||
 	    options.control_master == SSHCTL_MASTER_AUTO_ASK) {
 		if (!ask_permission("Open %s on %s?", fwd_desc, host)) {
-			debug2("%s: forwarding refused by user", __func__);
+			debug2_f("forwarding refused by user");
 			reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
 			    "Permission denied");
 			goto out;
@@ -821,7 +806,7 @@
 		if (!channel_setup_local_fwd_listener(ssh, &fwd,
 		    &options.fwd_opts)) {
  fail:
-			logit("%s: requested %s failed", __func__, fwd_desc);
+			logit_f("requested %s failed", fwd_desc);
 			reply_error(reply, MUX_S_FAILURE, rid,
 			    "Port forwarding failed");
 			goto out;
@@ -879,7 +864,7 @@
 	    (r = sshbuf_get_u32(m, &cport)) != 0 ||
 	    (lport != (u_int)PORT_STREAMLOCAL && lport > 65535) ||
 	    (cport != (u_int)PORT_STREAMLOCAL && cport > 65535)) {
-		error("%s: malformed message", __func__);
+		error_f("malformed message");
 		ret = -1;
 		goto out;
 	}
@@ -905,7 +890,7 @@
 	else
 		fwd.connect_host = connect_addr;
 
-	debug2("%s: channel %d: request cancel %s", __func__, c->self,
+	debug2_f("channel %d: request cancel %s", c->self,
 	    (fwd_desc = format_forward(ftype, &fwd)));
 
 	/* make sure this has been requested */
@@ -984,18 +969,16 @@
 	    (r = sshbuf_get_cstring(m, &chost, NULL)) != 0 ||
 	    (r = sshbuf_get_u32(m, &cport)) != 0) {
 		free(chost);
-		error("%s: malformed message", __func__);
+		error_f("malformed message");
 		return -1;
 	}
 
-	debug2("%s: channel %d: request stdio fwd to %s:%u",
-	    __func__, c->self, chost, cport);
+	debug2_f("channel %d: stdio fwd to %s:%u", c->self, chost, cport);
 
 	/* Gather fds from client */
 	for(i = 0; i < 2; i++) {
 		if ((new_fd[i] = mm_receive_fd(c->sock)) == -1) {
-			error("%s: failed to receive fd %d from slave",
-			    __func__, i);
+			error_f("failed to receive fd %d from client", i);
 			for (j = 0; j < i; j++)
 				close(new_fd[j]);
 			free(chost);
@@ -1007,12 +990,11 @@
 		}
 	}
 
-	debug3("%s: got fds stdin %d, stdout %d", __func__,
-	    new_fd[0], new_fd[1]);
+	debug3_f("got fds stdin %d, stdout %d", new_fd[0], new_fd[1]);
 
 	/* XXX support multiple child sessions in future */
 	if (c->have_remote_id) {
-		debug2("%s: session already open", __func__);
+		debug2_f("session already open");
 		reply_error(reply, MUX_S_FAILURE, rid,
 		    "Multiple sessions not supported");
  cleanup:
@@ -1026,28 +1008,22 @@
 	    options.control_master == SSHCTL_MASTER_AUTO_ASK) {
 		if (!ask_permission("Allow forward to %s:%u? ",
 		    chost, cport)) {
-			debug2("%s: stdio fwd refused by user", __func__);
+			debug2_f("stdio fwd refused by user");
 			reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
 			    "Permission denied");
 			goto cleanup;
 		}
 	}
 
-	/* enable nonblocking unless tty */
-	if (!isatty(new_fd[0]))
-		set_nonblock(new_fd[0]);
-	if (!isatty(new_fd[1]))
-		set_nonblock(new_fd[1]);
-
-	nc = channel_connect_stdio_fwd(ssh, chost, cport, new_fd[0], new_fd[1]);
+	nc = channel_connect_stdio_fwd(ssh, chost, cport, new_fd[0], new_fd[1],
+	    CHANNEL_NONBLOCK_STDIO);
 	free(chost);
 
 	nc->ctl_chan = c->self;		/* link session -> control channel */
-	c->remote_id = nc->self; 	/* link control -> session channel */
+	c->remote_id = nc->self;	/* link control -> session channel */
 	c->have_remote_id = 1;
 
-	debug2("%s: channel_new: %d linked to control channel %d",
-	    __func__, nc->self, nc->ctl_chan);
+	debug2_f("channel_new: %d control %d", nc->self, nc->ctl_chan);
 
 	channel_register_cleanup(ssh, nc->self,
 	    mux_master_session_cleanup_cb, 1);
@@ -1071,38 +1047,38 @@
 	int r;
 
 	if (cctx == NULL)
-		fatal("%s: cctx == NULL", __func__);
+		fatal_f("cctx == NULL");
 	if ((c = channel_by_id(ssh, id)) == NULL)
-		fatal("%s: no channel for id %d", __func__, id);
+		fatal_f("no channel for id %d", id);
 	if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL)
-		fatal("%s: channel %d lacks control channel %d", __func__,
+		fatal_f("channel %d lacks control channel %d",
 		    id, c->ctl_chan);
 	if ((reply = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 
 	if (!success) {
-		debug3("%s: sending failure reply", __func__);
+		debug3_f("sending failure reply");
 		reply_error(reply, MUX_S_FAILURE, cctx->rid,
 		    "Session open refused by peer");
 		/* prepare reply */
 		goto done;
 	}
 
-	debug3("%s: sending success reply", __func__);
+	debug3_f("sending success reply");
 	/* prepare reply */
 	if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 ||
 	    (r = sshbuf_put_u32(reply, cctx->rid)) != 0 ||
 	    (r = sshbuf_put_u32(reply, c->self)) != 0)
-		fatal("%s: reply: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reply");
 
  done:
 	/* Send reply */
 	if ((r = sshbuf_put_stringb(cc->output, reply)) != 0)
-		fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r));
+		fatal_fr(r, "enqueue");
 	sshbuf_free(reply);
 
 	if (cc->mux_pause <= 0)
-		fatal("%s: mux_pause %d", __func__, cc->mux_pause);
+		fatal_f("mux_pause %d", cc->mux_pause);
 	cc->mux_pause = 0; /* start processing messages again */
 	c->open_confirm_ctx = NULL;
 	free(cctx);
@@ -1112,13 +1088,13 @@
 mux_master_process_stop_listening(struct ssh *ssh, u_int rid,
     Channel *c, struct sshbuf *m, struct sshbuf *reply)
 {
-	debug("%s: channel %d: stop listening", __func__, c->self);
+	debug_f("channel %d: stop listening", c->self);
 
 	if (options.control_master == SSHCTL_MASTER_ASK ||
 	    options.control_master == SSHCTL_MASTER_AUTO_ASK) {
 		if (!ask_permission("Disable further multiplexing on shared "
 		    "connection to %s? ", host)) {
-			debug2("%s: stop listen refused by user", __func__);
+			debug2_f("stop listen refused by user");
 			reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
 			    "Permission denied");
 			return 0;
@@ -1144,17 +1120,17 @@
 {
 	int r;
 
-	debug("%s: channel %d: proxy request", __func__, c->self);
+	debug_f("channel %d: proxy request", c->self);
 
 	c->mux_rcb = channel_proxy_downstream;
 	if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 ||
 	    (r = sshbuf_put_u32(reply, rid)) != 0)
-		fatal("%s: reply: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reply");
 
 	return 0;
 }
 
-/* Channel callbacks fired on read/write from mux slave fd */
+/* Channel callbacks fired on read/write from mux client fd */
 static int
 mux_master_read_cb(struct ssh *ssh, Channel *c)
 {
@@ -1164,7 +1140,7 @@
 	int r, ret = -1;
 
 	if ((out = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 
 	/* Setup ctx and  */
 	if (c->mux_ctx == NULL) {
@@ -1176,12 +1152,11 @@
 		/* Send hello */
 		if ((r = sshbuf_put_u32(out, MUX_MSG_HELLO)) != 0 ||
 		    (r = sshbuf_put_u32(out, SSHMUX_VER)) != 0)
-			fatal("%s: reply: %s", __func__, ssh_err(r));
+			fatal_fr(r, "reply");
 		/* no extensions */
 		if ((r = sshbuf_put_stringb(c->output, out)) != 0)
-			fatal("%s: sshbuf_put_stringb: %s",
-			    __func__, ssh_err(r));
-		debug3("%s: channel %d: hello sent", __func__, c->self);
+			fatal_fr(r, "enqueue");
+		debug3_f("channel %d: hello sent", c->self);
 		ret = 0;
 		goto out;
 	}
@@ -1189,21 +1164,21 @@
 	/* Channel code ensures that we receive whole packets */
 	if ((r = sshbuf_froms(c->input, &in)) != 0) {
  malf:
-		error("%s: malformed message", __func__);
+		error_f("malformed message");
 		goto out;
 	}
 
 	if ((r = sshbuf_get_u32(in, &type)) != 0)
 		goto malf;
-	debug3("%s: channel %d packet type 0x%08x len %zu",
-	    __func__, c->self, type, sshbuf_len(in));
+	debug3_f("channel %d packet type 0x%08x len %zu", c->self,
+	    type, sshbuf_len(in));
 
 	if (type == MUX_MSG_HELLO)
 		rid = 0;
 	else {
 		if (!state->hello_rcvd) {
-			error("%s: expected MUX_MSG_HELLO(0x%08x), "
-			    "received 0x%08x", __func__, MUX_MSG_HELLO, type);
+			error_f("expected MUX_MSG_HELLO(0x%08x), "
+			    "received 0x%08x", MUX_MSG_HELLO, type);
 			goto out;
 		}
 		if ((r = sshbuf_get_u32(in, &rid)) != 0)
@@ -1218,16 +1193,14 @@
 		}
 	}
 	if (mux_master_handlers[i].handler == NULL) {
-		error("%s: unsupported mux message 0x%08x", __func__, type);
+		error_f("unsupported mux message 0x%08x", type);
 		reply_error(out, MUX_S_FAILURE, rid, "unsupported request");
 		ret = 0;
 	}
 	/* Enqueue reply packet */
-	if (sshbuf_len(out) != 0) {
-		if ((r = sshbuf_put_stringb(c->output, out)) != 0)
-			fatal("%s: sshbuf_put_stringb: %s",
-			    __func__, ssh_err(r));
-	}
+	if (sshbuf_len(out) != 0 &&
+	    (r = sshbuf_put_stringb(c->output, out)) != 0)
+		fatal_fr(r, "enqueue");
  out:
 	sshbuf_free(in);
 	sshbuf_free(out);
@@ -1241,21 +1214,19 @@
 	Channel *mux_chan;
 	int r;
 
-	debug3("%s: channel %d: exit message, exitval %d", __func__, c->self,
-	    exitval);
+	debug3_f("channel %d: exit message, exitval %d", c->self, exitval);
 
 	if ((mux_chan = channel_by_id(ssh, c->ctl_chan)) == NULL)
-		fatal("%s: channel %d missing mux channel %d",
-		    __func__, c->self, c->ctl_chan);
+		fatal_f("channel %d missing mux %d", c->self, c->ctl_chan);
 
 	/* Append exit message packet to control socket output queue */
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, MUX_S_EXIT_MESSAGE)) != 0 ||
 	    (r = sshbuf_put_u32(m, c->self)) != 0 ||
 	    (r = sshbuf_put_u32(m, exitval)) != 0 ||
 	    (r = sshbuf_put_stringb(mux_chan->output, m)) != 0)
-		fatal("%s: reply: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reply");
 	sshbuf_free(m);
 }
 
@@ -1266,19 +1237,18 @@
 	Channel *mux_chan;
 	int r;
 
-	debug3("%s: channel %d: TTY alloc failed", __func__, c->self);
+	debug3_f("channel %d: TTY alloc failed", c->self);
 
 	if ((mux_chan = channel_by_id(ssh, c->ctl_chan)) == NULL)
-		fatal("%s: channel %d missing mux channel %d",
-		    __func__, c->self, c->ctl_chan);
+		fatal_f("channel %d missing mux %d", c->self, c->ctl_chan);
 
 	/* Append exit message packet to control socket output queue */
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, MUX_S_TTY_ALLOC_FAIL)) != 0 ||
 	    (r = sshbuf_put_u32(m, c->self)) != 0 ||
 	    (r = sshbuf_put_stringb(mux_chan->output, m)) != 0)
-		fatal("%s: reply: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reply");
 	sshbuf_free(m);
 }
 
@@ -1313,7 +1283,7 @@
 	rbuf[sizeof(rbuf) - 1] = '\0';
 	options.control_path = NULL;
 	xasprintf(&options.control_path, "%s.%s", orig_control_path, rbuf);
-	debug3("%s: temporary control path %s", __func__, options.control_path);
+	debug3_f("temporary control path %s", options.control_path);
 
 	old_umask = umask(0177);
 	muxserver_sock = unix_listener(options.control_path, 64, 0);
@@ -1342,7 +1312,7 @@
 	/* Now atomically "move" the mux socket into position */
 	if (link(options.control_path, orig_control_path) != 0) {
 		if (errno != EEXIST) {
-			fatal("%s: link mux listener %s => %s: %s", __func__,
+			fatal_f("link mux listener %s => %s: %s",
 			    options.control_path, orig_control_path,
 			    strerror(errno));
 		}
@@ -1362,7 +1332,7 @@
 	    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
 	    0, options.control_path, 1);
 	mux_listener_channel->mux_rcb = mux_master_read_cb;
-	debug3("%s: mux listener channel %d fd %d", __func__,
+	debug3_f("mux listener channel %d fd %d",
 	    mux_listener_channel->self, mux_listener_channel->sock);
 }
 
@@ -1377,17 +1347,17 @@
 	struct sshbuf *reply;
 
 	if (cctx == NULL)
-		fatal("%s: cctx == NULL", __func__);
+		fatal_f("cctx == NULL");
 	if ((c = channel_by_id(ssh, id)) == NULL)
-		fatal("%s: no channel for id %d", __func__, id);
+		fatal_f("no channel for id %d", id);
 	if ((cc = channel_by_id(ssh, c->ctl_chan)) == NULL)
-		fatal("%s: channel %d lacks control channel %d", __func__,
+		fatal_f("channel %d lacks control channel %d",
 		    id, c->ctl_chan);
 	if ((reply = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 
 	if (!success) {
-		debug3("%s: sending failure reply", __func__);
+		debug3_f("sending failure reply");
 		reply_error(reply, MUX_S_FAILURE, cctx->rid,
 		    "Session open refused by peer");
 		goto done;
@@ -1416,27 +1386,27 @@
 		debug("Requesting authentication agent forwarding.");
 		channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0);
 		if ((r = sshpkt_send(ssh)) != 0)
-			fatal("%s: packet error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send");
 	}
 
 	client_session2_setup(ssh, id, cctx->want_tty, cctx->want_subsys,
 	    cctx->term, &cctx->tio, c->rfd, cctx->cmd, cctx->env);
 
-	debug3("%s: sending success reply", __func__);
+	debug3_f("sending success reply");
 	/* prepare reply */
 	if ((r = sshbuf_put_u32(reply, MUX_S_SESSION_OPENED)) != 0 ||
 	    (r = sshbuf_put_u32(reply, cctx->rid)) != 0 ||
 	    (r = sshbuf_put_u32(reply, c->self)) != 0)
-		fatal("%s: reply: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reply");
 
  done:
 	/* Send reply */
 	if ((r = sshbuf_put_stringb(cc->output, reply)) != 0)
-		fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r));
+		fatal_fr(r, "enqueue");
 	sshbuf_free(reply);
 
 	if (cc->mux_pause <= 0)
-		fatal("%s: mux_pause %d", __func__, cc->mux_pause);
+		fatal_f("mux_pause %d", cc->mux_pause);
 	cc->mux_pause = 0; /* start processing messages again */
 	c->open_confirm_ctx = NULL;
 	sshbuf_free(cctx->cmd);
@@ -1485,7 +1455,7 @@
 	pfd.fd = fd;
 	pfd.events = POLLIN;
 	if ((r = sshbuf_reserve(b, need, &p)) != 0)
-		fatal("%s: reserve: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reserve");
 	for (have = 0; have < need; ) {
 		if (muxclient_terminate) {
 			errno = EINTR;
@@ -1527,9 +1497,9 @@
 	pfd.fd = fd;
 	pfd.events = POLLOUT;
 	if ((queue = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_stringb(queue, m)) != 0)
-		fatal("%s: sshbuf_put_stringb: %s", __func__, ssh_err(r));
+		fatal_fr(r, "enqueue");
 
 	need = sshbuf_len(queue);
 	ptr = sshbuf_ptr(queue);
@@ -1578,10 +1548,10 @@
 	int r, oerrno;
 
 	if ((queue = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if (mux_client_read(fd, queue, 4) != 0) {
 		if ((oerrno = errno) == EPIPE)
-			debug3("%s: read header failed: %s", __func__,
+			debug3_f("read header failed: %s",
 			    strerror(errno));
 		sshbuf_free(queue);
 		errno = oerrno;
@@ -1590,14 +1560,14 @@
 	need = PEEK_U32(sshbuf_ptr(queue));
 	if (mux_client_read(fd, queue, need) != 0) {
 		oerrno = errno;
-		debug3("%s: read body failed: %s", __func__, strerror(errno));
+		debug3_f("read body failed: %s", strerror(errno));
 		sshbuf_free(queue);
 		errno = oerrno;
 		return -1;
 	}
 	if ((r = sshbuf_get_string_direct(queue, &ptr, &have)) != 0 ||
 	    (r = sshbuf_put(m, ptr, have)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "dequeue");
 	sshbuf_free(queue);
 	return 0;
 }
@@ -1610,14 +1580,14 @@
 	int r, ret = -1;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, MUX_MSG_HELLO)) != 0 ||
 	    (r = sshbuf_put_u32(m, SSHMUX_VER)) != 0)
-		fatal("%s: hello: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble hello");
 	/* no extensions */
 
 	if (mux_client_write_packet(fd, m) != 0) {
-		debug("%s: write packet: %s", __func__, strerror(errno));
+		debug_f("write packet: %s", strerror(errno));
 		goto out;
 	}
 
@@ -1625,33 +1595,31 @@
 
 	/* Read their HELLO */
 	if (mux_client_read_packet(fd, m) != 0) {
-		debug("%s: read packet failed", __func__);
+		debug_f("read packet failed");
 		goto out;
 	}
 
 	if ((r = sshbuf_get_u32(m, &type)) != 0)
-		fatal("%s: decode type: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type");
 	if (type != MUX_MSG_HELLO) {
-		error("%s: expected HELLO (%u) received %u",
-		    __func__, MUX_MSG_HELLO, type);
+		error_f("expected HELLO (%u) got %u", MUX_MSG_HELLO, type);
 		goto out;
 	}
 	if ((r = sshbuf_get_u32(m, &ver)) != 0)
-		fatal("%s: decode version: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse version");
 	if (ver != SSHMUX_VER) {
 		error("Unsupported multiplexing protocol version %d "
 		    "(expected %d)", ver, SSHMUX_VER);
 		goto out;
 	}
-	debug2("%s: master version %u", __func__, ver);
+	debug2_f("master version %u", ver);
 	/* No extensions are presently defined */
 	while (sshbuf_len(m) > 0) {
 		char *name = NULL;
 
 		if ((r = sshbuf_get_cstring(m, &name, NULL)) != 0 ||
 		    (r = sshbuf_skip_string(m)) != 0) { /* value */
-			error("%s: malformed extension: %s",
-			    __func__, ssh_err(r));
+			error_fr(r, "parse extension");
 			goto out;
 		}
 		debug2("Unrecognised master extension \"%s\"", name);
@@ -1672,16 +1640,16 @@
 	u_int pid, type, rid;
 	int r;
 
-	debug3("%s: entering", __func__);
+	debug3_f("entering");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, MUX_C_ALIVE_CHECK)) != 0 ||
 	    (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
-		fatal("%s: request: %s", __func__, ssh_err(r));
+		fatal_fr(r, "assemble");
 
 	if (mux_client_write_packet(fd, m) != 0)
-		fatal("%s: write packet: %s", __func__, strerror(errno));
+		fatal_f("write packet: %s", strerror(errno));
 
 	sshbuf_reset(m);
 
@@ -1692,23 +1660,23 @@
 	}
 
 	if ((r = sshbuf_get_u32(m, &type)) != 0)
-		fatal("%s: decode type: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type");
 	if (type != MUX_S_ALIVE) {
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
-		fatal("%s: master returned error: %s", __func__, e);
+			fatal_fr(r, "parse error message");
+		fatal_f("master returned error: %s", e);
 	}
 
 	if ((r = sshbuf_get_u32(m, &rid)) != 0)
-		fatal("%s: decode remote ID: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse remote ID");
 	if (rid != muxclient_request_id)
-		fatal("%s: out of sequence reply: my id %u theirs %u",
-		    __func__, muxclient_request_id, rid);
+		fatal_f("out of sequence reply: my id %u theirs %u",
+		    muxclient_request_id, rid);
 	if ((r = sshbuf_get_u32(m, &pid)) != 0)
-		fatal("%s: decode PID: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse PID");
 	sshbuf_free(m);
 
-	debug3("%s: done pid = %u", __func__, pid);
+	debug3_f("done pid = %u", pid);
 
 	muxclient_request_id++;
 
@@ -1723,16 +1691,16 @@
 	u_int type, rid;
 	int r;
 
-	debug3("%s: entering", __func__);
+	debug3_f("entering");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, MUX_C_TERMINATE)) != 0 ||
 	    (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
-		fatal("%s: request: %s", __func__, ssh_err(r));
+		fatal_fr(r, "request");
 
 	if (mux_client_write_packet(fd, m) != 0)
-		fatal("%s: write packet: %s", __func__, strerror(errno));
+		fatal_f("write packet: %s", strerror(errno));
 
 	sshbuf_reset(m);
 
@@ -1743,30 +1711,28 @@
 			sshbuf_free(m);
 			return;
 		}
-		fatal("%s: read from master failed: %s",
-		    __func__, strerror(errno));
+		fatal_f("read from master failed: %s", strerror(errno));
 	}
 
 	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
 	    (r = sshbuf_get_u32(m, &rid)) != 0)
-		fatal("%s: decode: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (rid != muxclient_request_id)
-		fatal("%s: out of sequence reply: my id %u theirs %u",
-		    __func__, muxclient_request_id, rid);
+		fatal_f("out of sequence reply: my id %u theirs %u",
+		    muxclient_request_id, rid);
 	switch (type) {
 	case MUX_S_OK:
 		break;
 	case MUX_S_PERMISSION_DENIED:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse error message");
 		fatal("Master refused termination request: %s", e);
 	case MUX_S_FAILURE:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
-		fatal("%s: termination request failed: %s", __func__, e);
+			fatal_fr(r, "parse error message");
+		fatal_f("termination request failed: %s", e);
 	default:
-		fatal("%s: unexpected response from master 0x%08x",
-		    __func__, type);
+		fatal_f("unexpected response from master 0x%08x", type);
 	}
 	sshbuf_free(m);
 	muxclient_request_id++;
@@ -1804,7 +1770,7 @@
 		chost = fwd->connect_host;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, type)) != 0 ||
 	    (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 ||
 	    (r = sshbuf_put_u32(m, ftype)) != 0 ||
@@ -1812,10 +1778,10 @@
 	    (r = sshbuf_put_u32(m, fwd->listen_port)) != 0 ||
 	    (r = sshbuf_put_cstring(m, chost)) != 0 ||
 	    (r = sshbuf_put_u32(m, fwd->connect_port)) != 0)
-		fatal("%s: request: %s", __func__, ssh_err(r));
+		fatal_fr(r, "request");
 
 	if (mux_client_write_packet(fd, m) != 0)
-		fatal("%s: write packet: %s", __func__, strerror(errno));
+		fatal_f("write packet: %s", strerror(errno));
 
 	sshbuf_reset(m);
 
@@ -1827,19 +1793,19 @@
 
 	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
 	    (r = sshbuf_get_u32(m, &rid)) != 0)
-		fatal("%s: decode: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (rid != muxclient_request_id)
-		fatal("%s: out of sequence reply: my id %u theirs %u",
-		    __func__, muxclient_request_id, rid);
+		fatal_f("out of sequence reply: my id %u theirs %u",
+		    muxclient_request_id, rid);
 
 	switch (type) {
 	case MUX_S_OK:
 		break;
 	case MUX_S_REMOTE_PORT:
 		if (cancel_flag)
-			fatal("%s: got MUX_S_REMOTE_PORT for cancel", __func__);
+			fatal_f("got MUX_S_REMOTE_PORT for cancel");
 		if ((r = sshbuf_get_u32(m, &fwd->allocated_port)) != 0)
-			fatal("%s: decode port: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse port");
 		verbose("Allocated port %u for remote forward to %s:%d",
 		    fwd->allocated_port,
 		    fwd->connect_host ? fwd->connect_host : "",
@@ -1849,19 +1815,18 @@
 		break;
 	case MUX_S_PERMISSION_DENIED:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse error message");
 		sshbuf_free(m);
 		error("Master refused forwarding request: %s", e);
 		return -1;
 	case MUX_S_FAILURE:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse error message");
 		sshbuf_free(m);
-		error("%s: forwarding request failed: %s", __func__, e);
+		error_f("forwarding request failed: %s", e);
 		return -1;
 	default:
-		fatal("%s: unexpected response from master 0x%08x",
-		    __func__, type);
+		fatal_f("unexpected response from master 0x%08x", type);
 	}
 	sshbuf_free(m);
 
@@ -1874,7 +1839,7 @@
 {
 	int i, ret = 0;
 
-	debug3("%s: %s forwardings: %d local, %d remote", __func__,
+	debug3_f("%s forwardings: %d local, %d remote",
 	    cancel_flag ? "cancel" : "request",
 	    options.num_local_forwards, options.num_remote_forwards);
 
@@ -1899,48 +1864,44 @@
 {
 	struct sshbuf *m;
 	char *e;
-	const char *term;
+	const char *term = NULL;
 	u_int echar, rid, sid, esid, exitval, type, exitval_seen;
 	extern char **environ;
-	int r, i, devnull, rawmode;
+	int r, i, rawmode;
 
-	debug3("%s: entering", __func__);
+	debug3_f("entering");
 
 	if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
-		error("%s: master alive request failed", __func__);
+		error_f("master alive request failed");
 		return -1;
 	}
 
 	ssh_signal(SIGPIPE, SIG_IGN);
 
-	if (stdin_null_flag) {
-		if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
-			fatal("open(/dev/null): %s", strerror(errno));
-		if (dup2(devnull, STDIN_FILENO) == -1)
-			fatal("dup2: %s", strerror(errno));
-		if (devnull > STDERR_FILENO)
-			close(devnull);
-	}
+	if (options.stdin_null && stdfd_devnull(1, 0, 0) == -1)
+		fatal_f("stdfd_devnull failed");
 
-	if ((term = getenv("TERM")) == NULL)
-		term = "";
+	if ((term = lookup_env_in_list("TERM", options.setenv,
+	    options.num_setenv)) == NULL || *term == '\0')
+		term = getenv("TERM");
+
 	echar = 0xffffffff;
 	if (options.escape_char != SSH_ESCAPECHAR_NONE)
 	    echar = (u_int)options.escape_char;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, MUX_C_NEW_SESSION)) != 0 ||
 	    (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 ||
 	    (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */
 	    (r = sshbuf_put_u32(m, tty_flag)) != 0 ||
 	    (r = sshbuf_put_u32(m, options.forward_x11)) != 0 ||
 	    (r = sshbuf_put_u32(m, options.forward_agent)) != 0 ||
-	    (r = sshbuf_put_u32(m, subsystem_flag)) != 0 ||
+	    (r = sshbuf_put_u32(m, options.session_type == SESSION_TYPE_SUBSYSTEM)) != 0 ||
 	    (r = sshbuf_put_u32(m, echar)) != 0 ||
-	    (r = sshbuf_put_cstring(m, term)) != 0 ||
+	    (r = sshbuf_put_cstring(m, term == NULL ? "" : term)) != 0 ||
 	    (r = sshbuf_put_stringb(m, command)) != 0)
-		fatal("%s: request: %s", __func__, ssh_err(r));
+		fatal_fr(r, "request");
 
 	/* Pass environment */
 	if (options.num_send_env > 0 && environ != NULL) {
@@ -1948,69 +1909,67 @@
 			if (!env_permitted(environ[i]))
 				continue;
 			if ((r = sshbuf_put_cstring(m, environ[i])) != 0)
-				fatal("%s: request: %s", __func__, ssh_err(r));
+				fatal_fr(r, "request sendenv");
 		}
 	}
 	for (i = 0; i < options.num_setenv; i++) {
 		if ((r = sshbuf_put_cstring(m, options.setenv[i])) != 0)
-			fatal("%s: request: %s", __func__, ssh_err(r));
+			fatal_fr(r, "request setenv");
 	}
 
 	if (mux_client_write_packet(fd, m) != 0)
-		fatal("%s: write packet: %s", __func__, strerror(errno));
+		fatal_f("write packet: %s", strerror(errno));
 
 	/* Send the stdio file descriptors */
 	if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
 	    mm_send_fd(fd, STDOUT_FILENO) == -1 ||
 	    mm_send_fd(fd, STDERR_FILENO) == -1)
-		fatal("%s: send fds failed", __func__);
+		fatal_f("send fds failed");
 
-	debug3("%s: session request sent", __func__);
+	debug3_f("session request sent");
 
 	/* Read their reply */
 	sshbuf_reset(m);
 	if (mux_client_read_packet(fd, m) != 0) {
-		error("%s: read from master failed: %s",
-		    __func__, strerror(errno));
+		error_f("read from master failed: %s", strerror(errno));
 		sshbuf_free(m);
 		return -1;
 	}
 
 	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
 	    (r = sshbuf_get_u32(m, &rid)) != 0)
-		fatal("%s: decode: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (rid != muxclient_request_id)
-		fatal("%s: out of sequence reply: my id %u theirs %u",
-		    __func__, muxclient_request_id, rid);
+		fatal_f("out of sequence reply: my id %u theirs %u",
+		    muxclient_request_id, rid);
 
 	switch (type) {
 	case MUX_S_SESSION_OPENED:
 		if ((r = sshbuf_get_u32(m, &sid)) != 0)
-			fatal("%s: decode ID: %s", __func__, ssh_err(r));
-		debug("%s: master session id: %u", __func__, sid);
+			fatal_fr(r, "parse session ID");
+		debug_f("master session id: %u", sid);
 		break;
 	case MUX_S_PERMISSION_DENIED:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse error message");
 		error("Master refused session request: %s", e);
 		sshbuf_free(m);
 		return -1;
 	case MUX_S_FAILURE:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
-		error("%s: session request failed: %s", __func__, e);
+			fatal_fr(r, "parse error message");
+		error_f("session request failed: %s", e);
 		sshbuf_free(m);
 		return -1;
 	default:
 		sshbuf_free(m);
-		error("%s: unexpected response from master 0x%08x",
-		    __func__, type);
+		error_f("unexpected response from master 0x%08x", type);
 		return -1;
 	}
 	muxclient_request_id++;
 
 	if (pledge("stdio proc tty", NULL) == -1)
-		fatal("%s pledge(): %s", __func__, strerror(errno));
+		fatal_f("pledge(): %s", strerror(errno));
 	platform_pledge_mux();
 
 	ssh_signal(SIGHUP, control_client_sighandler);
@@ -2034,40 +1993,34 @@
 		if (mux_client_read_packet(fd, m) != 0)
 			break;
 		if ((r = sshbuf_get_u32(m, &type)) != 0)
-			fatal("%s: decode type: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse type");
 		switch (type) {
 		case MUX_S_TTY_ALLOC_FAIL:
 			if ((r = sshbuf_get_u32(m, &esid)) != 0)
-				fatal("%s: decode ID: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse session ID");
 			if (esid != sid)
-				fatal("%s: tty alloc fail on unknown session: "
-				    "my id %u theirs %u",
-				    __func__, sid, esid);
+				fatal_f("tty alloc fail on unknown session: "
+				    "my id %u theirs %u", sid, esid);
 			leave_raw_mode(options.request_tty ==
 			    REQUEST_TTY_FORCE);
 			rawmode = 0;
 			continue;
 		case MUX_S_EXIT_MESSAGE:
 			if ((r = sshbuf_get_u32(m, &esid)) != 0)
-				fatal("%s: decode ID: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse session ID");
 			if (esid != sid)
-				fatal("%s: exit on unknown session: "
-				    "my id %u theirs %u",
-				    __func__, sid, esid);
+				fatal_f("exit on unknown session: "
+				    "my id %u theirs %u", sid, esid);
 			if (exitval_seen)
-				fatal("%s: exitval sent twice", __func__);
+				fatal_f("exitval sent twice");
 			if ((r = sshbuf_get_u32(m, &exitval)) != 0)
-				fatal("%s: decode exit value: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse exitval");
 			exitval_seen = 1;
 			continue;
 		default:
 			if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-				fatal("%s: decode error: %s",
-				    __func__, ssh_err(r));
-			fatal("%s: master returned error: %s", __func__, e);
+				fatal_fr(r, "parse error message");
+			fatal_f("master returned error: %s", e);
 		}
 	}
 
@@ -2099,12 +2052,12 @@
 	int r;
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, MUX_C_PROXY)) != 0 ||
 	    (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
-		fatal("%s: request: %s", __func__, ssh_err(r));
+		fatal_fr(r, "request");
 	if (mux_client_write_packet(fd, m) != 0)
-		fatal("%s: write packet: %s", __func__, strerror(errno));
+		fatal_f("write packet: %s", strerror(errno));
 
 	sshbuf_reset(m);
 
@@ -2115,18 +2068,18 @@
 	}
 	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
 	    (r = sshbuf_get_u32(m, &rid)) != 0)
-		fatal("%s: decode: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (rid != muxclient_request_id)
-		fatal("%s: out of sequence reply: my id %u theirs %u",
-		    __func__, muxclient_request_id, rid);
+		fatal_f("out of sequence reply: my id %u theirs %u",
+		    muxclient_request_id, rid);
 	if (type != MUX_S_PROXY) {
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
-		fatal("%s: master returned error: %s", __func__, e);
+			fatal_fr(r, "parse error message");
+		fatal_f("master returned error: %s", e);
 	}
 	sshbuf_free(m);
 
-	debug3("%s: done", __func__);
+	debug3_f("done");
 	muxclient_request_id++;
 	return 0;
 }
@@ -2137,85 +2090,77 @@
 	struct sshbuf *m;
 	char *e;
 	u_int type, rid, sid;
-	int r, devnull;
+	int r;
 
-	debug3("%s: entering", __func__);
+	debug3_f("entering");
 
 	if ((muxserver_pid = mux_client_request_alive(fd)) == 0) {
-		error("%s: master alive request failed", __func__);
+		error_f("master alive request failed");
 		return -1;
 	}
 
 	ssh_signal(SIGPIPE, SIG_IGN);
 
-	if (stdin_null_flag) {
-		if ((devnull = open(_PATH_DEVNULL, O_RDONLY)) == -1)
-			fatal("open(/dev/null): %s", strerror(errno));
-		if (dup2(devnull, STDIN_FILENO) == -1)
-			fatal("dup2: %s", strerror(errno));
-		if (devnull > STDERR_FILENO)
-			close(devnull);
-	}
+	if (options.stdin_null && stdfd_devnull(1, 0, 0) == -1)
+		fatal_f("stdfd_devnull failed");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, MUX_C_NEW_STDIO_FWD)) != 0 ||
 	    (r = sshbuf_put_u32(m, muxclient_request_id)) != 0 ||
 	    (r = sshbuf_put_string(m, NULL, 0)) != 0 || /* reserved */
 	    (r = sshbuf_put_cstring(m, options.stdio_forward_host)) != 0 ||
 	    (r = sshbuf_put_u32(m, options.stdio_forward_port)) != 0)
-		fatal("%s: request: %s", __func__, ssh_err(r));
+		fatal_fr(r, "request");
 
 	if (mux_client_write_packet(fd, m) != 0)
-		fatal("%s: write packet: %s", __func__, strerror(errno));
+		fatal_f("write packet: %s", strerror(errno));
 
 	/* Send the stdio file descriptors */
 	if (mm_send_fd(fd, STDIN_FILENO) == -1 ||
 	    mm_send_fd(fd, STDOUT_FILENO) == -1)
-		fatal("%s: send fds failed", __func__);
+		fatal_f("send fds failed");
 
 	if (pledge("stdio proc tty", NULL) == -1)
-		fatal("%s pledge(): %s", __func__, strerror(errno));
+		fatal_f("pledge(): %s", strerror(errno));
 	platform_pledge_mux();
 
-	debug3("%s: stdio forward request sent", __func__);
+	debug3_f("stdio forward request sent");
 
 	/* Read their reply */
 	sshbuf_reset(m);
 
 	if (mux_client_read_packet(fd, m) != 0) {
-		error("%s: read from master failed: %s",
-		    __func__, strerror(errno));
+		error_f("read from master failed: %s", strerror(errno));
 		sshbuf_free(m);
 		return -1;
 	}
 
 	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
 	    (r = sshbuf_get_u32(m, &rid)) != 0)
-		fatal("%s: decode: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (rid != muxclient_request_id)
-		fatal("%s: out of sequence reply: my id %u theirs %u",
-		    __func__, muxclient_request_id, rid);
+		fatal_f("out of sequence reply: my id %u theirs %u",
+		    muxclient_request_id, rid);
 	switch (type) {
 	case MUX_S_SESSION_OPENED:
 		if ((r = sshbuf_get_u32(m, &sid)) != 0)
-			fatal("%s: decode ID: %s", __func__, ssh_err(r));
-		debug("%s: master session id: %u", __func__, sid);
+			fatal_fr(r, "parse session ID");
+		debug_f("master session id: %u", sid);
 		break;
 	case MUX_S_PERMISSION_DENIED:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse error message");
 		sshbuf_free(m);
 		fatal("Master refused stdio forwarding request: %s", e);
 	case MUX_S_FAILURE:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse error message");
 		sshbuf_free(m);
 		fatal("Stdio forwarding request failed: %s", e);
 	default:
 		sshbuf_free(m);
-		error("%s: unexpected response from master 0x%08x",
-		    __func__, type);
+		error_f("unexpected response from master 0x%08x", type);
 		return -1;
 	}
 	muxclient_request_id++;
@@ -2233,10 +2178,9 @@
 		if (errno == EPIPE ||
 		    (errno == EINTR && muxclient_terminate != 0))
 			return 0;
-		fatal("%s: mux_client_read_packet: %s",
-		    __func__, strerror(errno));
+		fatal_f("mux_client_read_packet: %s", strerror(errno));
 	}
-	fatal("%s: master returned unexpected message %u", __func__, type);
+	fatal_f("master returned unexpected message %u", type);
 }
 
 static void
@@ -2247,45 +2191,43 @@
 	u_int type, rid;
 	int r;
 
-	debug3("%s: entering", __func__);
+	debug3_f("entering");
 
 	if ((m = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	if ((r = sshbuf_put_u32(m, MUX_C_STOP_LISTENING)) != 0 ||
 	    (r = sshbuf_put_u32(m, muxclient_request_id)) != 0)
-		fatal("%s: request: %s", __func__, ssh_err(r));
+		fatal_fr(r, "request");
 
 	if (mux_client_write_packet(fd, m) != 0)
-		fatal("%s: write packet: %s", __func__, strerror(errno));
+		fatal_f("write packet: %s", strerror(errno));
 
 	sshbuf_reset(m);
 
 	/* Read their reply */
 	if (mux_client_read_packet(fd, m) != 0)
-		fatal("%s: read from master failed: %s",
-		    __func__, strerror(errno));
+		fatal_f("read from master failed: %s", strerror(errno));
 
 	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
 	    (r = sshbuf_get_u32(m, &rid)) != 0)
-		fatal("%s: decode: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (rid != muxclient_request_id)
-		fatal("%s: out of sequence reply: my id %u theirs %u",
-		    __func__, muxclient_request_id, rid);
+		fatal_f("out of sequence reply: my id %u theirs %u",
+		    muxclient_request_id, rid);
 
 	switch (type) {
 	case MUX_S_OK:
 		break;
 	case MUX_S_PERMISSION_DENIED:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse error message");
 		fatal("Master refused stop listening request: %s", e);
 	case MUX_S_FAILURE:
 		if ((r = sshbuf_get_cstring(m, &e, NULL)) != 0)
-			fatal("%s: decode error: %s", __func__, ssh_err(r));
-		fatal("%s: stop listening request failed: %s", __func__, e);
+			fatal_fr(r, "parse error message");
+		fatal_f("stop listening request failed: %s", e);
 	default:
-		fatal("%s: unexpected response from master 0x%08x",
-		    __func__, type);
+		fatal_f("unexpected response from master 0x%08x", type);
 	}
 	sshbuf_free(m);
 	muxclient_request_id++;
@@ -2323,10 +2265,10 @@
 	if (strlcpy(addr.sun_path, path,
 	    sizeof(addr.sun_path)) >= sizeof(addr.sun_path))
 		fatal("ControlPath too long ('%s' >= %u bytes)", path,
-		     (unsigned int)sizeof(addr.sun_path));
+		    (unsigned int)sizeof(addr.sun_path));
 
 	if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) == -1)
-		fatal("%s socket(): %s", __func__, strerror(errno));
+		fatal_f("socket(): %s", strerror(errno));
 
 	if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
 		switch (muxclient_command) {
@@ -2353,7 +2295,7 @@
 	set_nonblock(sock);
 
 	if (mux_client_hello_exchange(sock) != 0) {
-		error("%s: master hello exchange failed", __func__);
+		error_f("master hello exchange failed");
 		close(sock);
 		return -1;
 	}
@@ -2361,7 +2303,7 @@
 	switch (muxclient_command) {
 	case SSHMUX_COMMAND_ALIVE_CHECK:
 		if ((pid = mux_client_request_alive(sock)) == 0)
-			fatal("%s: master alive check failed", __func__);
+			fatal_f("master alive check failed");
 		fprintf(stderr, "Master running (pid=%u)\r\n", pid);
 		exit(0);
 	case SSHMUX_COMMAND_TERMINATE:
@@ -2371,11 +2313,11 @@
 		exit(0);
 	case SSHMUX_COMMAND_FORWARD:
 		if (mux_client_forwards(sock, 0) != 0)
-			fatal("%s: master forward request failed", __func__);
+			fatal_f("master forward request failed");
 		exit(0);
 	case SSHMUX_COMMAND_OPEN:
 		if (mux_client_forwards(sock, 0) != 0) {
-			error("%s: master forward request failed", __func__);
+			error_f("master forward request failed");
 			return -1;
 		}
 		mux_client_request_session(sock);
@@ -2390,8 +2332,7 @@
 		exit(0);
 	case SSHMUX_COMMAND_CANCEL_FWD:
 		if (mux_client_forwards(sock, 1) != 0)
-			error("%s: master cancel forward request failed",
-			    __func__);
+			error_f("master cancel forward request failed");
 		exit(0);
 	case SSHMUX_COMMAND_PROXY:
 		mux_client_proxy(sock);

myproposal.h

diff --git a/myproposal.h b/myproposal.h
index 5312e60..6d79937 100644
--- a/myproposal.h
+++ b/myproposal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: myproposal.h,v 1.67 2020/01/24 00:28:57 djm Exp $ */
+/* $OpenBSD: myproposal.h,v 1.69 2021/08/29 23:53:10 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -38,24 +38,22 @@
 #define KEX_CLIENT_KEX KEX_SERVER_KEX
 
 #define	KEX_DEFAULT_PK_ALG	\
+	"ssh-ed25519-cert-v01@openssh.com," \
 	"ecdsa-sha2-nistp256-cert-v01@openssh.com," \
 	"ecdsa-sha2-nistp384-cert-v01@openssh.com," \
 	"ecdsa-sha2-nistp521-cert-v01@openssh.com," \
-	"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \
-	"ssh-ed25519-cert-v01@openssh.com," \
 	"sk-ssh-ed25519-cert-v01@openssh.com," \
+	"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com," \
 	"rsa-sha2-512-cert-v01@openssh.com," \
 	"rsa-sha2-256-cert-v01@openssh.com," \
-	"ssh-rsa-cert-v01@openssh.com," \
+	"ssh-ed25519," \
 	"ecdsa-sha2-nistp256," \
 	"ecdsa-sha2-nistp384," \
 	"ecdsa-sha2-nistp521," \
-	"sk-ecdsa-sha2-nistp256@openssh.com," \
-	"ssh-ed25519," \
 	"sk-ssh-ed25519@openssh.com," \
+	"sk-ecdsa-sha2-nistp256@openssh.com," \
 	"rsa-sha2-512," \
-	"rsa-sha2-256," \
-	"ssh-rsa"
+	"rsa-sha2-256"
 
 #define	KEX_SERVER_ENCRYPT \
 	"chacha20-poly1305@openssh.com," \
@@ -80,12 +78,12 @@
 
 /* Not a KEX value, but here so all the algorithm defaults are together */
 #define	SSH_ALLOWED_CA_SIGALGS	\
+	"ssh-ed25519," \
 	"ecdsa-sha2-nistp256," \
 	"ecdsa-sha2-nistp384," \
 	"ecdsa-sha2-nistp521," \
-	"sk-ecdsa-sha2-nistp256@openssh.com," \
-	"ssh-ed25519," \
 	"sk-ssh-ed25519@openssh.com," \
+	"sk-ecdsa-sha2-nistp256@openssh.com," \
 	"rsa-sha2-512," \
 	"rsa-sha2-256"
 

nchan.c

diff --git a/nchan.c b/nchan.c
index 1e96eb6..7ef3a35 100644
--- a/nchan.c
+++ b/nchan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: nchan.c,v 1.70 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: nchan.c,v 1.73 2021/05/19 01:24:05 djm Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -185,12 +185,11 @@
 	switch (c->istate) {
 	case CHAN_INPUT_WAIT_DRAIN:
 		if (!c->have_remote_id)
-			fatal("%s: channel %d: no remote_id",
-			    __func__, c->self);
+			fatal_f("channel %d: no remote_id", c->self);
 		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_EOF)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0)
-			fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send CHANNEL_EOF");
 		c->flags |= CHAN_EOF_SENT;
 		break;
 	default:
@@ -214,12 +213,11 @@
 		error("channel %d: already sent close", c->self);
 	} else {
 		if (!c->have_remote_id)
-			fatal("%s: channel %d: no remote_id",
-			    __func__, c->self);
+			fatal_f("channel %d: no remote_id", c->self);
 		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0)
-			fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send CHANNEL_EOF");
 		c->flags |= CHAN_CLOSE_SENT;
 	}
 }
@@ -235,16 +233,16 @@
 		    c->self);
 		return;
 	}
-	if (!(datafellows & SSH_NEW_OPENSSH))
+	if (!(ssh->compat & SSH_NEW_OPENSSH))
 		return;
 	if (!c->have_remote_id)
-		fatal("%s: channel %d: no remote_id", __func__, c->self);
+		fatal_f("channel %d: no remote_id", c->self);
 	if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_REQUEST)) != 0 ||
 	    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, "eow@openssh.com")) != 0 ||
 	    (r = sshpkt_put_u8(ssh, 0)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: send CHANNEL_EOF: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send CHANNEL_EOF");
 }
 
 /* shared */
@@ -336,7 +334,7 @@
 	}
 	if (c->istate != CHAN_INPUT_CLOSED || c->ostate != CHAN_OUTPUT_CLOSED)
 		return 0;
-	if ((datafellows & SSH_BUG_EXTEOF) &&
+	if ((ssh->compat & SSH_BUG_EXTEOF) &&
 	    c->extended_usage == CHAN_EXTENDED_WRITE &&
 	    c->efd != -1 &&
 	    sshbuf_len(c->extended) > 0) {
@@ -376,22 +374,20 @@
 	if (c->type == SSH_CHANNEL_LARVAL)
 		return;
 	/* shutdown failure is allowed if write failed already */
-	debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
-	    c->self, __func__, c->istate, c->ostate, c->sock, c->wfd, c->efd,
+	debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])",
+	    c->self, c->istate, c->ostate, c->sock, c->wfd, c->efd,
 	    channel_format_extended_usage(c));
 	if (c->sock != -1) {
 		if (shutdown(c->sock, SHUT_WR) == -1) {
-			debug2("channel %d: %s: shutdown() failed for "
-			    "fd %d [i%d o%d]: %.100s", c->self, __func__,
-			    c->sock, c->istate, c->ostate,
-			    strerror(errno));
+			debug2_f("channel %d: shutdown() failed for "
+			    "fd %d [i%d o%d]: %.100s", c->self, c->sock,
+			    c->istate, c->ostate, strerror(errno));
 		}
 	} else {
-		if (channel_close_fd(ssh, &c->wfd) < 0) {
-			logit("channel %d: %s: close() failed for "
-			    "fd %d [i%d o%d]: %.100s",
-			    c->self, __func__, c->wfd, c->istate, c->ostate,
-			    strerror(errno));
+		if (channel_close_fd(ssh, c, &c->wfd) < 0) {
+			logit_f("channel %d: close() failed for "
+			    "fd %d [i%d o%d]: %.100s", c->self, c->wfd,
+			    c->istate, c->ostate, strerror(errno));
 		}
 	}
 }
@@ -401,8 +397,8 @@
 {
 	if (c->type == SSH_CHANNEL_LARVAL)
 		return;
-	debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
-	    c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd,
+	debug2_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])",
+	    c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd,
 	    channel_format_extended_usage(c));
 	if (c->sock != -1) {
 		/*
@@ -411,17 +407,15 @@
 		 * HP-UX may return ENOTCONN also.
 		 */
 		if (shutdown(c->sock, SHUT_RD) == -1 && errno != ENOTCONN) {
-			error("channel %d: %s: shutdown() failed for "
-			    "fd %d [i%d o%d]: %.100s",
-			    c->self, __func__, c->sock, c->istate, c->ostate,
- 			    strerror(errno));
+			error_f("channel %d: shutdown() failed for "
+			    "fd %d [i%d o%d]: %.100s", c->self, c->sock,
+			    c->istate, c->ostate, strerror(errno));
 		}
 	} else {
-		if (channel_close_fd(ssh, &c->rfd) < 0) {
-			logit("channel %d: %s: close() failed for "
-			    "fd %d [i%d o%d]: %.100s",
-			    c->self, __func__, c->rfd, c->istate, c->ostate,
-			    strerror(errno));
+		if (channel_close_fd(ssh, c, &c->rfd) < 0) {
+			logit_f("channel %d: close() failed for "
+			    "fd %d [i%d o%d]: %.100s", c->self, c->rfd,
+			    c->istate, c->ostate, strerror(errno));
 		}
 	}
 }
@@ -434,13 +428,12 @@
 	if (c->extended_usage != CHAN_EXTENDED_READ &&
 	    c->extended_usage != CHAN_EXTENDED_IGNORE)
 		return;
-	debug2("channel %d: %s (i%d o%d sock %d wfd %d efd %d [%s])",
-	    c->self, __func__, c->istate, c->ostate, c->sock, c->rfd, c->efd,
+	debug_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])",
+	    c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd,
 	    channel_format_extended_usage(c));
-	if (channel_close_fd(ssh, &c->efd) < 0) {
-		logit("channel %d: %s: close() failed for "
-		    "extended fd %d [i%d o%d]: %.100s",
-		    c->self, __func__, c->efd, c->istate, c->ostate,
-		    strerror(errno));
+	if (channel_close_fd(ssh, c, &c->efd) < 0) {
+		logit_f("channel %d: close() failed for "
+		    "extended fd %d [i%d o%d]: %.100s", c->self, c->efd,
+		    c->istate, c->ostate, strerror(errno));
 	}
 }

openbsd-compat/Makefile.in

diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 3eb188f..5d53bef 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -79,6 +79,7 @@
 	bsd-nextstep.o \
 	bsd-openpty.o \
 	bsd-poll.o \
+	bsd-pselect.o \
 	bsd-setres_id.o \
 	bsd-signal.o \
 	bsd-snprintf.o \
@@ -94,6 +95,7 @@
 PORTS=	port-aix.o \
 	port-irix.o \
 	port-linux.o \
+	port-prngd.o \
 	port-solaris.o \
 	port-net.o \
 	port-uw.o

openbsd-compat/arc4random.c

diff --git a/openbsd-compat/arc4random.c b/openbsd-compat/arc4random.c
index 578f69f..14853ab 100644
--- a/openbsd-compat/arc4random.c
+++ b/openbsd-compat/arc4random.c
@@ -88,7 +88,7 @@
 static void
 getrnd(u_char *s, size_t len)
 {
-	int fd;
+	int fd, save_errno;
 	ssize_t r;
 	size_t o = 0;
 
@@ -97,8 +97,14 @@
 		return;
 #endif /* HAVE_GETRANDOM */
 
-	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1)
-		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV, strerror(errno));
+	if ((fd = open(SSH_RANDOM_DEV, O_RDONLY)) == -1) {
+		save_errno = errno;
+		/* Try egd/prngd before giving up. */
+		if (seed_from_prngd(s, len) == 0)
+			return;
+		fatal("Couldn't open %s: %s", SSH_RANDOM_DEV,
+		    strerror(save_errno));
+	}
 	while (o < len) {
 		r = read(fd, s + o, len - o);
 		if (r < 0) {

openbsd-compat/base64.c

diff --git a/openbsd-compat/base64.c b/openbsd-compat/base64.c
index 9e74667..b7dce09 100644
--- a/openbsd-compat/base64.c
+++ b/openbsd-compat/base64.c
@@ -211,7 +211,7 @@
 			break;
 
 		pos = strchr(Base64, ch);
-		if (pos == 0) 		/* A non-base64 character. */
+		if (pos == 0)		/* A non-base64 character. */
 			return (-1);
 
 		switch (state) {

openbsd-compat/bcrypt_pbkdf.c

diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c
index 7852345..62728d3 100644
--- a/openbsd-compat/bcrypt_pbkdf.c
+++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -15,6 +15,8 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+/* OPENBSD ORIGINAL: lib/libutil/bcrypt_pbkdf.c */
+
 #include "includes.h"
 
 #ifndef HAVE_BCRYPT_PBKDF
@@ -91,7 +93,7 @@
 		cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
 		    &j);
 	for (i = 0; i < 64; i++)
-		blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));
+		blf_enc(&state, cdata, sizeof(cdata) / (sizeof(uint64_t)));
 
 	/* copy out */
 	for (i = 0; i < BCRYPT_WORDS; i++) {

openbsd-compat/bsd-misc.h

diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index 3a7dd6f..2206e1a 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -20,6 +20,7 @@
 #include "includes.h"
 
 char *ssh_get_progname(char *);
+int seed_from_prngd(unsigned char *, size_t);
 
 #ifndef HAVE_SETSID
 #define setsid() setpgrp(0, getpid())
@@ -125,6 +126,11 @@
 pid_t getpgid(pid_t);
 #endif
 
+#ifndef HAVE_PSELECT
+int pselect(int, fd_set *, fd_set *, fd_set *, const struct timespec *,
+    const sigset_t *);
+#endif
+
 #ifndef HAVE_ENDGRENT
 # define endgrent() do { } while(0)
 #endif

openbsd-compat/bsd-poll.h

diff --git a/openbsd-compat/bsd-poll.h b/openbsd-compat/bsd-poll.h
index 17945f5..8420ca1 100644
--- a/openbsd-compat/bsd-poll.h
+++ b/openbsd-compat/bsd-poll.h
@@ -32,7 +32,7 @@
 #define	_COMPAT_POLL_H_
 
 typedef struct pollfd {
-	int 	fd;
+	int	fd;
 	short	events;
 	short	revents;
 } pollfd_t;

openbsd-compat/bsd-pselect.c

diff --git a/openbsd-compat/bsd-pselect.c b/openbsd-compat/bsd-pselect.c
new file mode 100644
index 0000000..b363208
--- /dev/null
+++ b/openbsd-compat/bsd-pselect.c
@@ -0,0 +1,205 @@
+/*
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ * Copyright (c) 2021 Darren Tucker (dtucker at dtucker net).
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_PSELECT
+
+#include <sys/types.h>
+#include <sys/time.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "log.h"
+#include "misc.h"      /* for set_nonblock */
+
+#ifndef HAVE_SIGHANDLER_T
+typedef void (*sighandler_t)(int);
+#endif
+
+static sighandler_t saved_sighandler[_NSIG];
+
+/*
+ * Set up the descriptors.  Because they are close-on-exec, in the case
+ * where sshd's re-exec fails notify_pipe will still point to a descriptor
+ * that was closed by the exec attempt but if that descriptor has been
+ * reopened then we'll attempt to use that.  Ensure that notify_pipe is
+ * outside of the range used by sshd re-exec but within NFDBITS (so we don't
+ * need to expand the fd_sets).
+ */
+#define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4)
+static int
+pselect_notify_setup_fd(int *fd)
+{
+	int r;
+
+	if ((r = fcntl(*fd, F_DUPFD, REEXEC_MIN_FREE_FD)) < 0 ||
+	    fcntl(r, F_SETFD, FD_CLOEXEC) < 0 || r >= FD_SETSIZE)
+		return -1;
+	(void)close(*fd);
+	return (*fd = r);
+}
+
+/*
+ * we write to this pipe if a SIGCHLD is caught in order to avoid
+ * the race between select() and child_terminated
+ */
+static pid_t notify_pid;
+static int notify_pipe[2];
+static void
+pselect_notify_setup(void)
+{
+	static int initialized;
+
+	if (initialized && notify_pid == getpid())
+		return;
+	if (notify_pid == 0)
+		debug3_f("initializing");
+	else {
+		debug3_f("pid changed, reinitializing");
+		if (notify_pipe[0] != -1)
+			close(notify_pipe[0]);
+		if (notify_pipe[1] != -1)
+			close(notify_pipe[1]);
+	}
+	if (pipe(notify_pipe) == -1) {
+		error("pipe(notify_pipe) failed %s", strerror(errno));
+	} else if (pselect_notify_setup_fd(&notify_pipe[0]) == -1 ||
+	    pselect_notify_setup_fd(&notify_pipe[1]) == -1) {
+		error("fcntl(notify_pipe, ...) failed %s", strerror(errno));
+		close(notify_pipe[0]);
+		close(notify_pipe[1]);
+	} else {
+		set_nonblock(notify_pipe[0]);
+		set_nonblock(notify_pipe[1]);
+		notify_pid = getpid();
+		debug3_f("pid %d saved %d pipe0 %d pipe1 %d", getpid(),
+		    notify_pid, notify_pipe[0], notify_pipe[1]);
+		initialized = 1;
+		return;
+	}
+	notify_pipe[0] = -1;    /* read end */
+	notify_pipe[1] = -1;    /* write end */
+}
+static void
+pselect_notify_parent(void)
+{
+	if (notify_pipe[1] != -1)
+		(void)write(notify_pipe[1], "", 1);
+}
+static void
+pselect_notify_prepare(fd_set *readset)
+{
+	if (notify_pipe[0] != -1)
+		FD_SET(notify_pipe[0], readset);
+}
+static void
+pselect_notify_done(fd_set *readset)
+{
+	char c;
+
+	if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) {
+		while (read(notify_pipe[0], &c, 1) != -1)
+			debug2_f("reading");
+		FD_CLR(notify_pipe[0], readset);
+	}
+}
+
+/*ARGSUSED*/
+static void
+pselect_sig_handler(int sig)
+{
+	int save_errno = errno;
+
+	pselect_notify_parent();
+	if (saved_sighandler[sig] != NULL)
+		(*saved_sighandler[sig])(sig);  /* call original handler */
+	errno = save_errno;
+}
+
+/*
+ * A minimal implementation of pselect(2), built on top of select(2).
+ */
+
+int
+pselect(int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds,
+    const struct timespec *timeout, const sigset_t *mask)
+{
+	int ret, sig, saved_errno, unmasked = 0;
+	sigset_t osig;
+	struct sigaction sa, osa;
+	struct timeval tv, *tvp = NULL;
+
+	if (timeout != NULL) {
+		tv.tv_sec = timeout->tv_sec;
+		tv.tv_usec = timeout->tv_nsec / 1000;
+		tvp = &tv;
+	}
+	if (mask == NULL)  /* no signal mask, just call select */
+		return select(nfds, readfds, writefds, exceptfds, tvp);
+
+	/* For each signal we're unmasking, install our handler if needed. */
+	for (sig = 0; sig < _NSIG; sig++) {
+		if (sig == SIGKILL || sig == SIGSTOP || sigismember(mask, sig))
+			continue;
+		if (sigaction(sig, NULL, &sa) == 0 &&
+		    sa.sa_handler != SIG_IGN && sa.sa_handler != SIG_DFL) {
+			unmasked = 1;
+			if (sa.sa_handler == pselect_sig_handler)
+				continue;
+			sa.sa_handler = pselect_sig_handler;
+			if (sigaction(sig, &sa, &osa) == 0) {
+				debug3_f("installing signal handler for %s, "
+				    "previous %p", strsignal(sig),
+				     osa.sa_handler);
+				saved_sighandler[sig] = osa.sa_handler;
+			}
+		}
+	}
+	if (unmasked) {
+		pselect_notify_setup();
+		pselect_notify_prepare(readfds);
+		nfds = MAX(nfds, notify_pipe[0] + 1);
+	}
+
+	/* Unmask signals, call select then restore signal mask. */
+	sigprocmask(SIG_SETMASK, mask, &osig);
+	ret = select(nfds, readfds, writefds, exceptfds, tvp);
+	saved_errno = errno;
+	sigprocmask(SIG_SETMASK, &osig, NULL);
+
+	if (unmasked)
+		pselect_notify_done(readfds);
+	errno = saved_errno;
+	return ret;
+}
+#endif

openbsd-compat/bsd-snprintf.c

diff --git a/openbsd-compat/bsd-snprintf.c b/openbsd-compat/bsd-snprintf.c
index f041121..b9eaee1 100644
--- a/openbsd-compat/bsd-snprintf.c
+++ b/openbsd-compat/bsd-snprintf.c
@@ -135,13 +135,13 @@
 #define DP_S_DONE    7
 
 /* format flags - Bits */
-#define DP_F_MINUS 	(1 << 0)
-#define DP_F_PLUS  	(1 << 1)
-#define DP_F_SPACE 	(1 << 2)
-#define DP_F_NUM   	(1 << 3)
-#define DP_F_ZERO  	(1 << 4)
-#define DP_F_UP    	(1 << 5)
-#define DP_F_UNSIGNED 	(1 << 6)
+#define DP_F_MINUS	(1 << 0)
+#define DP_F_PLUS	(1 << 1)
+#define DP_F_SPACE	(1 << 2)
+#define DP_F_NUM	(1 << 3)
+#define DP_F_ZERO	(1 << 4)
+#define DP_F_UP		(1 << 5)
+#define DP_F_UNSIGNED	(1 << 6)
 
 /* Conversion Flags */
 #define DP_C_SHORT   1
@@ -592,7 +592,7 @@
 
 #ifdef DEBUG_SNPRINTF
 	printf("zpad: %d, spad: %d, min: %d, max: %d, place: %d\n",
-	       zpadlen, spadlen, min, max, place);
+	    zpadlen, spadlen, min, max, place);
 #endif
 
 	/* Spaces */

openbsd-compat/bsd-waitpid.h

diff --git a/openbsd-compat/bsd-waitpid.h b/openbsd-compat/bsd-waitpid.h
index b551268..bd61b69 100644
--- a/openbsd-compat/bsd-waitpid.h
+++ b/openbsd-compat/bsd-waitpid.h
@@ -40,7 +40,7 @@
 #define WEXITSTATUS(w)	(int)(WIFEXITED(w) ? ((_W_INT(w) >> 8) & 0377) : -1)
 #define WTERMSIG(w)	(int)(WIFSIGNALED(w) ? (_W_INT(w) & 0177) : -1)
 #define WCOREFLAG	0x80
-#define WCOREDUMP(w) 	((_W_INT(w)) & WCOREFLAG)
+#define WCOREDUMP(w)	((_W_INT(w)) & WCOREFLAG)
 
 /* Prototype */
 pid_t waitpid(int, int *, int);

openbsd-compat/explicit_bzero.c

diff --git a/openbsd-compat/explicit_bzero.c b/openbsd-compat/explicit_bzero.c
index 7a2fa35..4ffc655 100644
--- a/openbsd-compat/explicit_bzero.c
+++ b/openbsd-compat/explicit_bzero.c
@@ -15,7 +15,15 @@
 
 #ifndef HAVE_EXPLICIT_BZERO
 
-#ifdef HAVE_MEMSET_S
+#ifdef HAVE_EXPLICIT_MEMSET
+
+void
+explicit_bzero(void *p, size_t n)
+{
+	(void)explicit_memset(p, 0, n);
+}
+
+#elif defined(HAVE_MEMSET_S)
 
 void
 explicit_bzero(void *p, size_t n)

openbsd-compat/getopt_long.c

diff --git a/openbsd-compat/getopt_long.c b/openbsd-compat/getopt_long.c
index e289474..1a5001f 100644
--- a/openbsd-compat/getopt_long.c
+++ b/openbsd-compat/getopt_long.c
@@ -87,7 +87,7 @@
 /* return values */
 #define	BADCH		(int)'?'
 #define	BADARG		((*options == ':') ? (int)':' : (int)'?')
-#define	INORDER 	(int)1
+#define	INORDER		(int)1
 
 #define	EMSG		""
 

openbsd-compat/libressl-api-compat.c

diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
index fdadd4e..4d30322 100644
--- a/openbsd-compat/libressl-api-compat.c
+++ b/openbsd-compat/libressl-api-compat.c
@@ -284,7 +284,7 @@
 	if ((r->dmp1 == NULL && dmp1 == NULL) ||
 	    (r->dmq1 == NULL && dmq1 == NULL) ||
 	    (r->iqmp == NULL && iqmp == NULL))
-	       	return 0;
+		return 0;
 
 	if (dmp1 != NULL) {
 		BN_free(r->dmp1);

openbsd-compat/memmem.c

diff --git a/openbsd-compat/memmem.c b/openbsd-compat/memmem.c
index 3e5e6b5..2637401 100644
--- a/openbsd-compat/memmem.c
+++ b/openbsd-compat/memmem.c
@@ -1,69 +1,196 @@
-/*	$OpenBSD: memmem.c,v 1.4 2015/08/31 02:53:57 guenther Exp $ */
-/*-
- * Copyright (c) 2005 Pascal Gloor <pascal.gloor@spale.com>
+/*	$OpenBSD: memmem.c,v 1.5 2020/04/16 12:39:28 claudio Exp $ */
+
+/*
+ * Copyright (c) 2005-2020 Rich Felker, et al.
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+ * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+ * TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  */
 
+/* OPENBSD ORIGINAL: lib/libc/string/memmem.c */
+
 #include "includes.h"
 
 #ifndef HAVE_MEMMEM
 
 #include <string.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+
+static char *
+twobyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
+{
+	uint16_t nw = n[0]<<8 | n[1], hw = h[0]<<8 | h[1];
+	for (h+=2, k-=2; k; k--, hw = hw<<8 | *h++)
+		if (hw == nw) return (char *)h-2;
+	return hw == nw ? (char *)h-2 : 0;
+}
+
+static char *
+threebyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
+{
+	uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8;
+	uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8;
+	for (h+=3, k-=3; k; k--, hw = (hw|*h++)<<8)
+		if (hw == nw) return (char *)h-3;
+	return hw == nw ? (char *)h-3 : 0;
+}
+
+static char *
+fourbyte_memmem(const unsigned char *h, size_t k, const unsigned char *n)
+{
+	uint32_t nw = n[0]<<24 | n[1]<<16 | n[2]<<8 | n[3];
+	uint32_t hw = h[0]<<24 | h[1]<<16 | h[2]<<8 | h[3];
+	for (h+=4, k-=4; k; k--, hw = hw<<8 | *h++)
+		if (hw == nw) return (char *)h-4;
+	return hw == nw ? (char *)h-4 : 0;
+}
+
+#if 0
+/* In -portable, defines.h ensures that these are already defined. */
+#define MAX(a,b) ((a)>(b)?(a):(b))
+#define MIN(a,b) ((a)<(b)?(a):(b))
+#endif
+
+#define BITOP(a,b,op) \
+ ((a)[(size_t)(b)/(8*sizeof *(a))] op (size_t)1<<((size_t)(b)%(8*sizeof *(a))))
 
 /*
- * Find the first occurrence of the byte string s in byte string l.
+ * Maxime Crochemore and Dominique Perrin, Two-way string-matching,
+ * Journal of the ACM, 38(3):651-675, July 1991.
  */
+static char *
+twoway_memmem(const unsigned char *h, const unsigned char *z,
+    const unsigned char *n, size_t l)
+{
+	size_t i, ip, jp, k, p, ms, p0, mem, mem0;
+	size_t byteset[32 / sizeof(size_t)] = { 0 };
+	size_t shift[256];
+
+	/* Computing length of needle and fill shift table */
+	for (i=0; i<l; i++)
+		BITOP(byteset, n[i], |=), shift[n[i]] = i+1;
+
+	/* Compute maximal suffix */
+	ip = -1; jp = 0; k = p = 1;
+	while (jp+k<l) {
+		if (n[ip+k] == n[jp+k]) {
+			if (k == p) {
+				jp += p;
+				k = 1;
+			} else k++;
+		} else if (n[ip+k] > n[jp+k]) {
+			jp += k;
+			k = 1;
+			p = jp - ip;
+		} else {
+			ip = jp++;
+			k = p = 1;
+		}
+	}
+	ms = ip;
+	p0 = p;
+
+	/* And with the opposite comparison */
+	ip = -1; jp = 0; k = p = 1;
+	while (jp+k<l) {
+		if (n[ip+k] == n[jp+k]) {
+			if (k == p) {
+				jp += p;
+				k = 1;
+			} else k++;
+		} else if (n[ip+k] < n[jp+k]) {
+			jp += k;
+			k = 1;
+			p = jp - ip;
+		} else {
+			ip = jp++;
+			k = p = 1;
+		}
+	}
+	if (ip+1 > ms+1) ms = ip;
+	else p = p0;
+
+	/* Periodic needle? */
+	if (memcmp(n, n+p, ms+1)) {
+		mem0 = 0;
+		p = MAX(ms, l-ms-1) + 1;
+	} else mem0 = l-p;
+	mem = 0;
+
+	/* Search loop */
+	for (;;) {
+		/* If remainder of haystack is shorter than needle, done */
+		if (z-h < l) return 0;
+
+		/* Check last byte first; advance by shift on mismatch */
+		if (BITOP(byteset, h[l-1], &)) {
+			k = l-shift[h[l-1]];
+			if (k) {
+				if (k < mem) k = mem;
+				h += k;
+				mem = 0;
+				continue;
+			}
+		} else {
+			h += l;
+			mem = 0;
+			continue;
+		}
+
+		/* Compare right half */
+		for (k=MAX(ms+1,mem); k<l && n[k] == h[k]; k++);
+		if (k < l) {
+			h += k-ms;
+			mem = 0;
+			continue;
+		}
+		/* Compare left half */
+		for (k=ms+1; k>mem && n[k-1] == h[k-1]; k--);
+		if (k <= mem) return (char *)h;
+		h += p;
+		mem = mem0;
+	}
+}
 
 void *
-memmem(const void *l, size_t l_len, const void *s, size_t s_len)
+memmem(const void *h0, size_t k, const void *n0, size_t l)
 {
-	const char *cur, *last;
-	const char *cl = l;
-	const char *cs = s;
+	const unsigned char *h = h0, *n = n0;
 
-	/* a zero length needle should just return the haystack */
-	if (s_len == 0)
-		return (void *)cl;
+	/* Return immediately on empty needle */
+	if (!l) return (void *)h;
 
-	/* "s" must be smaller or equal to "l" */
-	if (l_len < s_len)
-		return NULL;
+	/* Return immediately when needle is longer than haystack */
+	if (k<l) return 0;
 
-	/* special case where s_len == 1 */
-	if (s_len == 1)
-		return memchr(l, *cs, l_len);
+	/* Use faster algorithms for short needles */
+	h = memchr(h0, *n, k);
+	if (!h || l==1) return (void *)h;
+	k -= h - (const unsigned char *)h0;
+	if (k<l) return 0;
+	if (l==2) return twobyte_memmem(h, k, n);
+	if (l==3) return threebyte_memmem(h, k, n);
+	if (l==4) return fourbyte_memmem(h, k, n);
 
-	/* the last position where its possible to find "s" in "l" */
-	last = cl + l_len - s_len;
-
-	for (cur = cl; cur <= last; cur++)
-		if (cur[0] == cs[0] && memcmp(cur, cs, s_len) == 0)
-			return (void *)cur;
-
-	return NULL;
+	return twoway_memmem(h, h+k, n, l);
 }
 DEF_WEAK(memmem);
 #endif /* HAVE_MEMMEM */

openbsd-compat/mktemp.c

diff --git a/openbsd-compat/mktemp.c b/openbsd-compat/mktemp.c
index 4eb52f4..ac922c1 100644
--- a/openbsd-compat/mktemp.c
+++ b/openbsd-compat/mktemp.c
@@ -34,7 +34,7 @@
 #include <ctype.h>
 #include <unistd.h>
 
-#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
+#if !defined(HAVE_MKDTEMP)
 
 #define MKTEMP_NAME	0
 #define MKTEMP_FILE	1
@@ -138,4 +138,4 @@
 	return(error ? NULL : path);
 }
 
-#endif /* !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP) */
+#endif /* !defined(HAVE_MKDTEMP) */

openbsd-compat/openbsd-compat.h

diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index e5fd6f5..a7209ce 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -48,6 +48,11 @@
 #include "blf.h"
 #include "fnmatch.h"
 
+#if defined(HAVE_LOGIN_CAP) && !defined(HAVE_LOGIN_GETPWCLASS)
+# include <login_cap.h>
+# define login_getpwclass(pw) login_getclass(pw->pw_class)
+#endif
+
 #ifndef HAVE_BASENAME
 char *basename(const char *path);
 #endif
@@ -122,7 +127,7 @@
 char *strptime(const char *buf, const char *fmt, struct tm *tm);
 #endif
 
-#if !defined(HAVE_MKDTEMP) || defined(HAVE_STRICT_MKSTEMP)
+#if !defined(HAVE_MKDTEMP)
 int mkstemps(char *path, int slen);
 int mkstemp(char *path);
 char *mkdtemp(char *path);
@@ -190,9 +195,9 @@
 #endif
 
 /* Home grown routines */
+#include "bsd-signal.h"
 #include "bsd-misc.h"
 #include "bsd-setres_id.h"
-#include "bsd-signal.h"
 #include "bsd-statvfs.h"
 #include "bsd-waitpid.h"
 #include "bsd-poll.h"

openbsd-compat/openssl-compat.h

diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 388ae8a..8ca50b5 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -113,8 +113,12 @@
 #endif /* HAVE_DSA_SET0_KEY */
 
 #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
+# ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
+#  define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
+# else /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
 int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
     unsigned char *iv, size_t len);
+# endif /* HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV */
 #endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
 
 #ifndef HAVE_EVP_CIPHER_CTX_SET_IV

openbsd-compat/port-aix.c

diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index e0d3eba..2ac9bad 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -445,7 +445,7 @@
 	char *cp, *grplist, *grp;
 	gid_t gid;
 	int ret = 0, ngroups = 0, maxgroups;
-	long l;
+	long long ll;
 
 	maxgroups = *grpcnt;
 
@@ -463,12 +463,12 @@
 
 	/* copy each entry from getgrset into group list */
 	while ((grp = strsep(&grplist, ",")) != NULL) {
-		l = strtol(grp, NULL, 10);
-		if (ngroups >= maxgroups || l == LONG_MIN || l == LONG_MAX) {
+		ll = strtoll(grp, NULL, 10);
+		if (ngroups >= maxgroups || ll < 0 || ll > UID_MAX) {
 			ret = -1;
 			goto out;
 		}
-		gid = (gid_t)l;
+		gid = (gid_t)ll;
 		if (gid == pgid)
 			continue;	/* we have already added primary gid */
 		groups[ngroups++] = gid;

openbsd-compat/port-linux.c

diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index f46094f..77cb821 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -55,11 +55,10 @@
 }
 
 /* Return the default security context for the given username */
-static security_context_t
+static char *
 ssh_selinux_getctxbyname(char *pwname)
 {
-	security_context_t sc = NULL;
-	char *sename = NULL, *lvl = NULL;
+	char *sc = NULL, *sename = NULL, *lvl = NULL;
 	int r;
 
 #ifdef HAVE_GETSEUSERBYNAME
@@ -105,7 +104,7 @@
 void
 ssh_selinux_setup_exec_context(char *pwname)
 {
-	security_context_t user_ctx = NULL;
+	char *user_ctx = NULL;
 
 	if (!ssh_selinux_enabled())
 		return;
@@ -136,9 +135,7 @@
 void
 ssh_selinux_setup_pty(char *pwname, const char *tty)
 {
-	security_context_t new_tty_ctx = NULL;
-	security_context_t user_ctx = NULL;
-	security_context_t old_tty_ctx = NULL;
+	char *new_tty_ctx = NULL, *user_ctx = NULL, *old_tty_ctx = NULL;
 	security_class_t chrclass;
 
 	if (!ssh_selinux_enabled())
@@ -182,18 +179,18 @@
 {
 	int len, newlen;
 	char *oldctx, *newctx, *cx;
-	void (*switchlog) (const char *fmt,...) = logit;
+	LogLevel log_level = SYSLOG_LEVEL_INFO;
 
 	if (!ssh_selinux_enabled())
 		return;
 
-	if (getcon((security_context_t *)&oldctx) < 0) {
+	if (getcon(&oldctx) < 0) {
 		logit("%s: getcon failed with %s", __func__, strerror(errno));
 		return;
 	}
 	if ((cx = index(oldctx, ':')) == NULL || (cx = index(cx + 1, ':')) ==
 	    NULL) {
-		logit ("%s: unparsable context %s", __func__, oldctx);
+		logit("%s: unparsable context %s", __func__, oldctx);
 		return;
 	}
 
@@ -203,7 +200,7 @@
 	 */
 	if (strncmp(cx, SSH_SELINUX_UNCONFINED_TYPE,
 	    sizeof(SSH_SELINUX_UNCONFINED_TYPE) - 1) == 0)
-		switchlog = debug3;
+		log_level = SYSLOG_LEVEL_DEBUG3;
 
 	newlen = strlen(oldctx) + strlen(newname) + 1;
 	newctx = xmalloc(newlen);
@@ -215,8 +212,8 @@
 	debug3("%s: setting context from '%s' to '%s'", __func__,
 	    oldctx, newctx);
 	if (setcon(newctx) < 0)
-		switchlog("%s: setcon %s from %s failed with %s", __func__,
-		    newctx, oldctx, strerror(errno));
+		do_log2(log_level, "%s: setcon %s from %s failed with %s",
+		    __func__, newctx, oldctx, strerror(errno));
 	free(oldctx);
 	free(newctx);
 }
@@ -224,7 +221,7 @@
 void
 ssh_selinux_setfscreatecon(const char *path)
 {
-	security_context_t context;
+	char *context;
 
 	if (!ssh_selinux_enabled())
 		return;

openbsd-compat/port-net.c

diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c
index 617bffc..198e73f 100644
--- a/openbsd-compat/port-net.c
+++ b/openbsd-compat/port-net.c
@@ -26,6 +26,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <stdarg.h>
+#include <stdio.h>
 #include <string.h>
 #include <unistd.h>
 
@@ -67,7 +68,7 @@
 	if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE,
 	    name, strlen(name)) == -1) {
 		error("%s: setsockopt(%d, SO_BINDTODEVICE, %s): %s",
-		      __func__, fd, name, strerror(errno));
+		    __func__, fd, name, strerror(errno));
 		return -1;
 	}
 	return 0;
@@ -209,8 +210,11 @@
 {
 	struct ifreq ifr;
 	char name[100];
-	int fd = -1, sock, flag;
+	int fd = -1, sock;
 	const char *tunbase = "tun";
+#if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
+	int flag;
+#endif
 
 	if (ifname != NULL)
 		*ifname = NULL;
@@ -247,8 +251,8 @@
 	}
 
 	/* Turn on tunnel headers */
-	flag = 1;
 #if defined(TUNSIFHEAD) && !defined(SSH_TUN_PREPEND_AF)
+	flag = 1;
 	if (mode != SSH_TUNMODE_ETHERNET &&
 	    ioctl(fd, TUNSIFHEAD, &flag) == -1) {
 		debug("%s: ioctl(%d, TUNSIFHEAD, 1): %s", __func__, fd,

openbsd-compat/port-prngd.c

diff --git a/openbsd-compat/port-prngd.c b/openbsd-compat/port-prngd.c
new file mode 100644
index 0000000..6afa8f9
--- /dev/null
+++ b/openbsd-compat/port-prngd.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright (c) 2001 Damien Miller.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifdef HAVE_SYS_UN_H
+# include <sys/un.h>
+#endif
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include <errno.h>
+#include <signal.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <stddef.h> /* for offsetof */
+
+#include "atomicio.h"
+#include "misc.h"
+#include "log.h"
+
+#if defined(PRNGD_PORT) || defined(PRNGD_SOCKET)
+/*
+ * EGD/PRNGD interface.
+ *
+ * Collect 'len' bytes of entropy into 'buf' from PRNGD/EGD daemon
+ * listening either on 'tcp_port', or via Unix domain socket at *
+ * 'socket_path'.
+ * Either a non-zero tcp_port or a non-null socket_path must be
+ * supplied.
+ * Returns 0 on success, -1 on error
+ */
+static int
+get_random_bytes_prngd(unsigned char *buf, int len,
+    unsigned short tcp_port, char *socket_path)
+{
+	int fd, addr_len, rval, errors;
+	u_char msg[2];
+	struct sockaddr_storage addr;
+	struct sockaddr_in *addr_in = (struct sockaddr_in *)&addr;
+	struct sockaddr_un *addr_un = (struct sockaddr_un *)&addr;
+	sshsig_t old_sigpipe;
+
+	/* Sanity checks */
+	if (socket_path == NULL && tcp_port == 0)
+		fatal("You must specify a port or a socket");
+	if (socket_path != NULL &&
+	    strlen(socket_path) >= sizeof(addr_un->sun_path))
+		fatal("Random pool path is too long");
+	if (len <= 0 || len > 255)
+		fatal("Too many bytes (%d) to read from PRNGD", len);
+
+	memset(&addr, '\0', sizeof(addr));
+
+	if (tcp_port != 0) {
+		addr_in->sin_family = AF_INET;
+		addr_in->sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+		addr_in->sin_port = htons(tcp_port);
+		addr_len = sizeof(*addr_in);
+	} else {
+		addr_un->sun_family = AF_UNIX;
+		strlcpy(addr_un->sun_path, socket_path,
+		    sizeof(addr_un->sun_path));
+		addr_len = offsetof(struct sockaddr_un, sun_path) +
+		    strlen(socket_path) + 1;
+	}
+
+	old_sigpipe = ssh_signal(SIGPIPE, SIG_IGN);
+
+	errors = 0;
+	rval = -1;
+reopen:
+	fd = socket(addr.ss_family, SOCK_STREAM, 0);
+	if (fd == -1) {
+		error("Couldn't create socket: %s", strerror(errno));
+		goto done;
+	}
+
+	if (connect(fd, (struct sockaddr*)&addr, addr_len) == -1) {
+		if (tcp_port != 0) {
+			error("Couldn't connect to PRNGD port %d: %s",
+			    tcp_port, strerror(errno));
+		} else {
+			error("Couldn't connect to PRNGD socket \"%s\": %s",
+			    addr_un->sun_path, strerror(errno));
+		}
+		goto done;
+	}
+
+	/* Send blocking read request to PRNGD */
+	msg[0] = 0x02;
+	msg[1] = len;
+
+	if (atomicio(vwrite, fd, msg, sizeof(msg)) != sizeof(msg)) {
+		if (errno == EPIPE && errors < 10) {
+			close(fd);
+			errors++;
+			goto reopen;
+		}
+		error("Couldn't write to PRNGD socket: %s",
+		    strerror(errno));
+		goto done;
+	}
+
+	if (atomicio(read, fd, buf, len) != (size_t)len) {
+		if (errno == EPIPE && errors < 10) {
+			close(fd);
+			errors++;
+			goto reopen;
+		}
+		error("Couldn't read from PRNGD socket: %s",
+		    strerror(errno));
+		goto done;
+	}
+
+	rval = 0;
+done:
+	ssh_signal(SIGPIPE, old_sigpipe);
+	if (fd != -1)
+		close(fd);
+	return rval;
+}
+#endif /* PRNGD_PORT || PRNGD_SOCKET */
+
+int
+seed_from_prngd(unsigned char *buf, size_t bytes)
+{
+#ifdef PRNGD_PORT
+	debug("trying egd/prngd port %d", PRNGD_PORT);
+	if (get_random_bytes_prngd(buf, bytes, PRNGD_PORT, NULL) == 0)
+		return 0;
+#endif
+#ifdef PRNGD_SOCKET
+	debug("trying egd/prngd socket %s", PRNGD_SOCKET);
+	if (get_random_bytes_prngd(buf, bytes, 0, PRNGD_SOCKET) == 0)
+		return 0;
+#endif
+	return -1;
+}

openbsd-compat/port-solaris.c

diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index 7d5a28c..b84fbff 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -17,8 +17,6 @@
 #include "config.h"
 #include "includes.h"
 
-#ifdef USE_SOLARIS_PROCESS_CONTRACTS
-
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/param.h>
@@ -31,12 +29,14 @@
 #include <string.h>
 #include <unistd.h>
 
+#include "log.h"
+
+#ifdef USE_SOLARIS_PROCESS_CONTRACTS
+
 #include <libcontract.h>
 #include <sys/contract/process.h>
 #include <sys/ctfs.h>
 
-#include "log.h"
-
 #define CT_TEMPLATE	CTFS_ROOT "/process/template"
 #define CT_LATEST	CTFS_ROOT "/process/latest"
 

openbsd-compat/port-uw.c

diff --git a/openbsd-compat/port-uw.c b/openbsd-compat/port-uw.c
index 1322131..074f80c 100644
--- a/openbsd-compat/port-uw.c
+++ b/openbsd-compat/port-uw.c
@@ -143,7 +143,7 @@
 		if (pw_password == NULL)
 			fatal("ia_get_logpwd: Unable to get the shadow passwd");
 		ia_closeinfo(uinfo);
-	 	return pw_password;
+		return pw_password;
 	}
 	else
 		fatal("ia_openinfo: Unable to open the shadow passwd file");

openbsd-compat/regress/Makefile.in

diff --git a/openbsd-compat/regress/Makefile.in b/openbsd-compat/regress/Makefile.in
index c5aae61..dd8cdc4 100644
--- a/openbsd-compat/regress/Makefile.in
+++ b/openbsd-compat/regress/Makefile.in
@@ -7,7 +7,7 @@
 CC=@CC@
 LD=@LD@
 CFLAGS=@CFLAGS@
-CPPFLAGS=-I. -I.. -I$(srcdir) -I$(srcdir)/.. @CPPFLAGS@ @DEFS@
+CPPFLAGS=-I. -I.. -I../.. -I$(srcdir) -I$(srcdir)/.. -I$(srcdir)/../.. @CPPFLAGS@ @DEFS@
 EXEEXT=@EXEEXT@
 LIBCOMPAT=../libopenbsd-compat.a
 LIBS=@LIBS@

openbsd-compat/regress/closefromtest.c

diff --git a/openbsd-compat/regress/closefromtest.c b/openbsd-compat/regress/closefromtest.c
index 82ffeb9..7a69fb2 100644
--- a/openbsd-compat/regress/closefromtest.c
+++ b/openbsd-compat/regress/closefromtest.c
@@ -14,6 +14,8 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include "includes.h"
+
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -24,8 +26,6 @@
 
 #define NUM_OPENS 10
 
-int closefrom(int);
-
 void
 fail(char *msg)
 {

openbsd-compat/regress/opensslvertest.c

diff --git a/openbsd-compat/regress/opensslvertest.c b/openbsd-compat/regress/opensslvertest.c
index 5d019b5..43825b2 100644
--- a/openbsd-compat/regress/opensslvertest.c
+++ b/openbsd-compat/regress/opensslvertest.c
@@ -14,6 +14,8 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include "includes.h"
+
 #include <stdio.h>
 #include <stdlib.h>
 

openbsd-compat/regress/snprintftest.c

diff --git a/openbsd-compat/regress/snprintftest.c b/openbsd-compat/regress/snprintftest.c
index 6dc2e22..a3134db 100644
--- a/openbsd-compat/regress/snprintftest.c
+++ b/openbsd-compat/regress/snprintftest.c
@@ -17,6 +17,8 @@
 
 #define BUFSZ 2048
 
+#include "includes.h"
+
 #include <sys/types.h>
 #include <stdlib.h>
 #include <stdio.h>

openbsd-compat/regress/strduptest.c

diff --git a/openbsd-compat/regress/strduptest.c b/openbsd-compat/regress/strduptest.c
index 7f6d779..8a3ccf7 100644
--- a/openbsd-compat/regress/strduptest.c
+++ b/openbsd-compat/regress/strduptest.c
@@ -14,6 +14,8 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include "includes.h"
+
 #include <stdlib.h>
 #include <string.h>
 

openbsd-compat/regress/strtonumtest.c

diff --git a/openbsd-compat/regress/strtonumtest.c b/openbsd-compat/regress/strtonumtest.c
index 50ca5bd..46bd2b9 100644
--- a/openbsd-compat/regress/strtonumtest.c
+++ b/openbsd-compat/regress/strtonumtest.c
@@ -17,6 +17,8 @@
 
 /* OPENBSD ORIGINAL: regress/lib/libc/strtonum/strtonumtest.c */
 
+#include "includes.h"
+
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>

openbsd-compat/regress/utimensattest.c

diff --git a/openbsd-compat/regress/utimensattest.c b/openbsd-compat/regress/utimensattest.c
index 24312e5..bbc66c4 100644
--- a/openbsd-compat/regress/utimensattest.c
+++ b/openbsd-compat/regress/utimensattest.c
@@ -14,6 +14,8 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include "includes.h"
+
 #include <sys/types.h>
 #include <sys/stat.h>
 

openbsd-compat/setenv.c

diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c
index 373b701..86954c2 100644
--- a/openbsd-compat/setenv.c
+++ b/openbsd-compat/setenv.c
@@ -39,7 +39,9 @@
 #include <string.h>
 
 extern char **environ;
+#ifndef HAVE_SETENV
 static char **lastenv;				/* last value of environ */
+#endif
 
 /* OpenSSH Portable: __findenv is from getenv.c rev 1.8, made static */
 /*

openbsd-compat/sha2.c

diff --git a/openbsd-compat/sha2.c b/openbsd-compat/sha2.c
index e36cc24..4f2ad8f 100644
--- a/openbsd-compat/sha2.c
+++ b/openbsd-compat/sha2.c
@@ -45,7 +45,7 @@
 #define MAKE_CLONE(x, y)	void __ssh_compat_make_clone_##x_##y(void)
 
 #include <string.h>
-#include <sha2.h>
+#include "openbsd-compat/sha2.h"
 
 /*
  * UNROLLED TRANSFORM LOOP NOTE:
@@ -159,7 +159,7 @@
  *   same "backwards" definition.
  */
 /* Shift-right (used in SHA-224, SHA-256, SHA-384, and SHA-512): */
-#define R(b,x) 		((x) >> (b))
+#define R(b,x)		((x) >> (b))
 /* 32-bit Rotate-right (used in SHA-224 and SHA-256): */
 #define S32(b,x)	(((x) >> (b)) | ((x) << (32 - (b))))
 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */

openbsd-compat/strtonum.c

diff --git a/openbsd-compat/strtonum.c b/openbsd-compat/strtonum.c
index 87f2f24..130d896 100644
--- a/openbsd-compat/strtonum.c
+++ b/openbsd-compat/strtonum.c
@@ -26,9 +26,9 @@
 #include <limits.h>
 #include <errno.h>
 
-#define INVALID 	1
-#define TOOSMALL 	2
-#define TOOLARGE 	3
+#define INVALID		1
+#define TOOSMALL	2
+#define TOOLARGE	3
 
 long long
 strtonum(const char *numstr, long long minval, long long maxval,

openbsd-compat/sys-queue.h

diff --git a/openbsd-compat/sys-queue.h b/openbsd-compat/sys-queue.h
index 5108f39..816c15c 100644
--- a/openbsd-compat/sys-queue.h
+++ b/openbsd-compat/sys-queue.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: queue.h,v 1.36 2012/04/11 13:29:14 naddy Exp $	*/
+/*	$OpenBSD: queue.h,v 1.45 2018/07/12 14:22:54 sashan Exp $	*/
 /*	$NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $	*/
 
 /*
@@ -41,94 +41,97 @@
  * Require for OS/X and other platforms that have old/broken/incomplete
  * <sys/queue.h>.
  */
-#undef SLIST_HEAD
-#undef SLIST_HEAD_INITIALIZER
-#undef SLIST_ENTRY
-#undef SLIST_FOREACH_PREVPTR
-#undef SLIST_FOREACH_SAFE
-#undef SLIST_FIRST
-#undef SLIST_END
-#undef SLIST_EMPTY
-#undef SLIST_NEXT
-#undef SLIST_FOREACH
-#undef SLIST_INIT
-#undef SLIST_INSERT_AFTER
-#undef SLIST_INSERT_HEAD
-#undef SLIST_REMOVE_HEAD
-#undef SLIST_REMOVE_AFTER
-#undef SLIST_REMOVE
-#undef SLIST_REMOVE_NEXT
-#undef LIST_HEAD
-#undef LIST_HEAD_INITIALIZER
-#undef LIST_ENTRY
-#undef LIST_FIRST
-#undef LIST_END
-#undef LIST_EMPTY
-#undef LIST_NEXT
-#undef LIST_FOREACH
-#undef LIST_FOREACH_SAFE
-#undef LIST_INIT
-#undef LIST_INSERT_AFTER
-#undef LIST_INSERT_BEFORE
-#undef LIST_INSERT_HEAD
-#undef LIST_REMOVE
-#undef LIST_REPLACE
-#undef SIMPLEQ_HEAD
-#undef SIMPLEQ_HEAD_INITIALIZER
-#undef SIMPLEQ_ENTRY
-#undef SIMPLEQ_FIRST
-#undef SIMPLEQ_END
-#undef SIMPLEQ_EMPTY
-#undef SIMPLEQ_NEXT
-#undef SIMPLEQ_FOREACH
-#undef SIMPLEQ_FOREACH_SAFE
-#undef SIMPLEQ_INIT
-#undef SIMPLEQ_INSERT_HEAD
-#undef SIMPLEQ_INSERT_TAIL
-#undef SIMPLEQ_INSERT_AFTER
-#undef SIMPLEQ_REMOVE_HEAD
-#undef TAILQ_HEAD
-#undef TAILQ_HEAD_INITIALIZER
-#undef TAILQ_ENTRY
-#undef TAILQ_FIRST
-#undef TAILQ_END
-#undef TAILQ_NEXT
-#undef TAILQ_LAST
-#undef TAILQ_PREV
-#undef TAILQ_EMPTY
-#undef TAILQ_FOREACH
-#undef TAILQ_FOREACH_REVERSE
-#undef TAILQ_FOREACH_SAFE
-#undef TAILQ_FOREACH_REVERSE_SAFE
-#undef TAILQ_INIT
-#undef TAILQ_INSERT_HEAD
-#undef TAILQ_INSERT_TAIL
-#undef TAILQ_INSERT_AFTER
-#undef TAILQ_INSERT_BEFORE
-#undef TAILQ_REMOVE
-#undef TAILQ_REPLACE
-#undef CIRCLEQ_HEAD
-#undef CIRCLEQ_HEAD_INITIALIZER
+#undef CIRCLEQ_EMPTY
+#undef CIRCLEQ_END
 #undef CIRCLEQ_ENTRY
 #undef CIRCLEQ_FIRST
-#undef CIRCLEQ_LAST
-#undef CIRCLEQ_END
-#undef CIRCLEQ_NEXT
-#undef CIRCLEQ_PREV
-#undef CIRCLEQ_EMPTY
 #undef CIRCLEQ_FOREACH
 #undef CIRCLEQ_FOREACH_REVERSE
+#undef CIRCLEQ_HEAD
+#undef CIRCLEQ_HEAD_INITIALIZER
 #undef CIRCLEQ_INIT
 #undef CIRCLEQ_INSERT_AFTER
 #undef CIRCLEQ_INSERT_BEFORE
 #undef CIRCLEQ_INSERT_HEAD
 #undef CIRCLEQ_INSERT_TAIL
+#undef CIRCLEQ_LAST
+#undef CIRCLEQ_NEXT
+#undef CIRCLEQ_PREV
 #undef CIRCLEQ_REMOVE
 #undef CIRCLEQ_REPLACE
+#undef LIST_EMPTY
+#undef LIST_END
+#undef LIST_ENTRY
+#undef LIST_FIRST
+#undef LIST_FOREACH
+#undef LIST_FOREACH_SAFE
+#undef LIST_HEAD
+#undef LIST_HEAD_INITIALIZER
+#undef LIST_INIT
+#undef LIST_INSERT_AFTER
+#undef LIST_INSERT_BEFORE
+#undef LIST_INSERT_HEAD
+#undef LIST_NEXT
+#undef LIST_REMOVE
+#undef LIST_REPLACE
+#undef SIMPLEQ_CONCAT
+#undef SIMPLEQ_EMPTY
+#undef SIMPLEQ_END
+#undef SIMPLEQ_ENTRY
+#undef SIMPLEQ_FIRST
+#undef SIMPLEQ_FOREACH
+#undef SIMPLEQ_FOREACH_SAFE
+#undef SIMPLEQ_HEAD
+#undef SIMPLEQ_HEAD_INITIALIZER
+#undef SIMPLEQ_INIT
+#undef SIMPLEQ_INSERT_AFTER
+#undef SIMPLEQ_INSERT_HEAD
+#undef SIMPLEQ_INSERT_TAIL
+#undef SIMPLEQ_NEXT
+#undef SIMPLEQ_REMOVE_AFTER
+#undef SIMPLEQ_REMOVE_HEAD
+#undef SLIST_EMPTY
+#undef SLIST_END
+#undef SLIST_ENTRY
+#undef SLIST_FIRST
+#undef SLIST_FOREACH
+#undef SLIST_FOREACH_PREVPTR
+#undef SLIST_FOREACH_SAFE
+#undef SLIST_HEAD
+#undef SLIST_HEAD_INITIALIZER
+#undef SLIST_INIT
+#undef SLIST_INSERT_AFTER
+#undef SLIST_INSERT_HEAD
+#undef SLIST_NEXT
+#undef SLIST_REMOVE
+#undef SLIST_REMOVE_AFTER
+#undef SLIST_REMOVE_HEAD
+#undef SLIST_REMOVE_NEXT
+#undef TAILQ_CONCAT
+#undef TAILQ_EMPTY
+#undef TAILQ_END
+#undef TAILQ_ENTRY
+#undef TAILQ_FIRST
+#undef TAILQ_FOREACH
+#undef TAILQ_FOREACH_REVERSE
+#undef TAILQ_FOREACH_REVERSE_SAFE
+#undef TAILQ_FOREACH_SAFE
+#undef TAILQ_HEAD
+#undef TAILQ_HEAD_INITIALIZER
+#undef TAILQ_INIT
+#undef TAILQ_INSERT_AFTER
+#undef TAILQ_INSERT_BEFORE
+#undef TAILQ_INSERT_HEAD
+#undef TAILQ_INSERT_TAIL
+#undef TAILQ_LAST
+#undef TAILQ_NEXT
+#undef TAILQ_PREV
+#undef TAILQ_REMOVE
+#undef TAILQ_REPLACE
 
 /*
- * This file defines five types of data structures: singly-linked lists, 
- * lists, simple queues, tail queues, and circular queues.
+ * This file defines five types of data structures: singly-linked lists,
+ * lists, simple queues, tail queues and XOR simple queues.
  *
  *
  * A singly-linked list is headed by a single forward pointer. The elements
@@ -148,7 +151,7 @@
  * or after an existing element or at the head of the list. A list
  * may only be traversed in the forward direction.
  *
- * A simple queue is headed by a pair of pointers, one the head of the
+ * A simple queue is headed by a pair of pointers, one to the head of the
  * list and the other to the tail of the list. The elements are singly
  * linked to save space, so elements can only be removed from the
  * head of the list. New elements can be added to the list before or after
@@ -162,19 +165,17 @@
  * after an existing element, at the head of the list, or at the end of
  * the list. A tail queue may be traversed in either direction.
  *
- * A circle queue is headed by a pair of pointers, one to the head of the
- * list and the other to the tail of the list. The elements are doubly
- * linked so that an arbitrary element can be removed without a need to
- * traverse the list. New elements can be added to the list before or after
- * an existing element, at the head of the list, or at the end of the list.
- * A circle queue may be traversed in either direction, but has a more
- * complex end of list detection.
+ * An XOR simple queue is used in the same way as a regular simple queue.
+ * The difference is that the head structure also includes a "cookie" that
+ * is XOR'd with the queue pointer (first, last or next) to generate the
+ * real pointer value.
  *
  * For details on the use of these macros, see the queue(3) manual page.
  */
 
 #if defined(QUEUE_MACRO_DEBUG) || (defined(_KERNEL) && defined(DIAGNOSTIC))
-#define _Q_INVALIDATE(a) (a) = ((void *)-1)
+#define _Q_INVALID ((void *)-1)
+#define _Q_INVALIDATE(a) (a) = _Q_INVALID
 #else
 #define _Q_INVALIDATE(a)
 #endif
@@ -186,15 +187,15 @@
 struct name {								\
 	struct type *slh_first;	/* first element */			\
 }
- 
+
 #define	SLIST_HEAD_INITIALIZER(head)					\
 	{ NULL }
- 
+
 #define SLIST_ENTRY(type)						\
 struct {								\
 	struct type *sle_next;	/* next element */			\
 }
- 
+
 /*
  * Singly-linked List access methods.
  */
@@ -248,8 +249,8 @@
 			curelm = curelm->field.sle_next;		\
 		curelm->field.sle_next =				\
 		    curelm->field.sle_next->field.sle_next;		\
-		_Q_INVALIDATE((elm)->field.sle_next);			\
 	}								\
+	_Q_INVALIDATE((elm)->field.sle_next);				\
 } while (0)
 
 /*
@@ -270,7 +271,7 @@
 }
 
 /*
- * List access methods
+ * List access methods.
  */
 #define	LIST_FIRST(head)		((head)->lh_first)
 #define	LIST_END(head)			NULL
@@ -407,6 +408,94 @@
 		(head)->sqh_last = &(elm)->field.sqe_next;		\
 } while (0)
 
+#define SIMPLEQ_CONCAT(head1, head2) do {				\
+	if (!SIMPLEQ_EMPTY((head2))) {					\
+		*(head1)->sqh_last = (head2)->sqh_first;		\
+		(head1)->sqh_last = (head2)->sqh_last;			\
+		SIMPLEQ_INIT((head2));					\
+	}								\
+} while (0)
+
+/*
+ * XOR Simple queue definitions.
+ */
+#define XSIMPLEQ_HEAD(name, type)					\
+struct name {								\
+	struct type *sqx_first;	/* first element */			\
+	struct type **sqx_last;	/* addr of last next element */		\
+	unsigned long sqx_cookie;					\
+}
+
+#define XSIMPLEQ_ENTRY(type)						\
+struct {								\
+	struct type *sqx_next;	/* next element */			\
+}
+
+/*
+ * XOR Simple queue access methods.
+ */
+#define XSIMPLEQ_XOR(head, ptr)	    ((__typeof(ptr))((head)->sqx_cookie ^ \
+					(unsigned long)(ptr)))
+#define	XSIMPLEQ_FIRST(head)	    XSIMPLEQ_XOR(head, ((head)->sqx_first))
+#define	XSIMPLEQ_END(head)	    NULL
+#define	XSIMPLEQ_EMPTY(head)	    (XSIMPLEQ_FIRST(head) == XSIMPLEQ_END(head))
+#define	XSIMPLEQ_NEXT(head, elm, field)    XSIMPLEQ_XOR(head, ((elm)->field.sqx_next))
+
+
+#define XSIMPLEQ_FOREACH(var, head, field)				\
+	for ((var) = XSIMPLEQ_FIRST(head);				\
+	    (var) != XSIMPLEQ_END(head);				\
+	    (var) = XSIMPLEQ_NEXT(head, var, field))
+
+#define	XSIMPLEQ_FOREACH_SAFE(var, head, field, tvar)			\
+	for ((var) = XSIMPLEQ_FIRST(head);				\
+	    (var) && ((tvar) = XSIMPLEQ_NEXT(head, var, field), 1);	\
+	    (var) = (tvar))
+
+/*
+ * XOR Simple queue functions.
+ */
+#define	XSIMPLEQ_INIT(head) do {					\
+	arc4random_buf(&(head)->sqx_cookie, sizeof((head)->sqx_cookie)); \
+	(head)->sqx_first = XSIMPLEQ_XOR(head, NULL);			\
+	(head)->sqx_last = XSIMPLEQ_XOR(head, &(head)->sqx_first);	\
+} while (0)
+
+#define XSIMPLEQ_INSERT_HEAD(head, elm, field) do {			\
+	if (((elm)->field.sqx_next = (head)->sqx_first) ==		\
+	    XSIMPLEQ_XOR(head, NULL))					\
+		(head)->sqx_last = XSIMPLEQ_XOR(head, &(elm)->field.sqx_next); \
+	(head)->sqx_first = XSIMPLEQ_XOR(head, (elm));			\
+} while (0)
+
+#define XSIMPLEQ_INSERT_TAIL(head, elm, field) do {			\
+	(elm)->field.sqx_next = XSIMPLEQ_XOR(head, NULL);		\
+	*(XSIMPLEQ_XOR(head, (head)->sqx_last)) = XSIMPLEQ_XOR(head, (elm)); \
+	(head)->sqx_last = XSIMPLEQ_XOR(head, &(elm)->field.sqx_next);	\
+} while (0)
+
+#define XSIMPLEQ_INSERT_AFTER(head, listelm, elm, field) do {		\
+	if (((elm)->field.sqx_next = (listelm)->field.sqx_next) ==	\
+	    XSIMPLEQ_XOR(head, NULL))					\
+		(head)->sqx_last = XSIMPLEQ_XOR(head, &(elm)->field.sqx_next); \
+	(listelm)->field.sqx_next = XSIMPLEQ_XOR(head, (elm));		\
+} while (0)
+
+#define XSIMPLEQ_REMOVE_HEAD(head, field) do {				\
+	if (((head)->sqx_first = XSIMPLEQ_XOR(head,			\
+	    (head)->sqx_first)->field.sqx_next) == XSIMPLEQ_XOR(head, NULL)) \
+		(head)->sqx_last = XSIMPLEQ_XOR(head, &(head)->sqx_first); \
+} while (0)
+
+#define XSIMPLEQ_REMOVE_AFTER(head, elm, field) do {			\
+	if (((elm)->field.sqx_next = XSIMPLEQ_XOR(head,			\
+	    (elm)->field.sqx_next)->field.sqx_next)			\
+	    == XSIMPLEQ_XOR(head, NULL))				\
+		(head)->sqx_last = 					\
+		    XSIMPLEQ_XOR(head, &(elm)->field.sqx_next);		\
+} while (0)
+
+
 /*
  * Tail queue definitions.
  */
@@ -425,8 +514,8 @@
 	struct type **tqe_prev;	/* address of previous next element */	\
 }
 
-/* 
- * tail queue access methods 
+/*
+ * Tail queue access methods.
  */
 #define	TAILQ_FIRST(head)		((head)->tqh_first)
 #define	TAILQ_END(head)			NULL
@@ -527,133 +616,13 @@
 	_Q_INVALIDATE((elm)->field.tqe_next);				\
 } while (0)
 
-/*
- * Circular queue definitions.
- */
-#define CIRCLEQ_HEAD(name, type)					\
-struct name {								\
-	struct type *cqh_first;		/* first element */		\
-	struct type *cqh_last;		/* last element */		\
-}
-
-#define CIRCLEQ_HEAD_INITIALIZER(head)					\
-	{ CIRCLEQ_END(&head), CIRCLEQ_END(&head) }
-
-#define CIRCLEQ_ENTRY(type)						\
-struct {								\
-	struct type *cqe_next;		/* next element */		\
-	struct type *cqe_prev;		/* previous element */		\
-}
-
-/*
- * Circular queue access methods 
- */
-#define	CIRCLEQ_FIRST(head)		((head)->cqh_first)
-#define	CIRCLEQ_LAST(head)		((head)->cqh_last)
-#define	CIRCLEQ_END(head)		((void *)(head))
-#define	CIRCLEQ_NEXT(elm, field)	((elm)->field.cqe_next)
-#define	CIRCLEQ_PREV(elm, field)	((elm)->field.cqe_prev)
-#define	CIRCLEQ_EMPTY(head)						\
-	(CIRCLEQ_FIRST(head) == CIRCLEQ_END(head))
-
-#define CIRCLEQ_FOREACH(var, head, field)				\
-	for((var) = CIRCLEQ_FIRST(head);				\
-	    (var) != CIRCLEQ_END(head);					\
-	    (var) = CIRCLEQ_NEXT(var, field))
-
-#define	CIRCLEQ_FOREACH_SAFE(var, head, field, tvar)			\
-	for ((var) = CIRCLEQ_FIRST(head);				\
-	    (var) != CIRCLEQ_END(head) &&				\
-	    ((tvar) = CIRCLEQ_NEXT(var, field), 1);			\
-	    (var) = (tvar))
-
-#define CIRCLEQ_FOREACH_REVERSE(var, head, field)			\
-	for((var) = CIRCLEQ_LAST(head);					\
-	    (var) != CIRCLEQ_END(head);					\
-	    (var) = CIRCLEQ_PREV(var, field))
-
-#define	CIRCLEQ_FOREACH_REVERSE_SAFE(var, head, headname, field, tvar)	\
-	for ((var) = CIRCLEQ_LAST(head, headname);			\
-	    (var) != CIRCLEQ_END(head) && 				\
-	    ((tvar) = CIRCLEQ_PREV(var, headname, field), 1);		\
-	    (var) = (tvar))
-
-/*
- * Circular queue functions.
- */
-#define	CIRCLEQ_INIT(head) do {						\
-	(head)->cqh_first = CIRCLEQ_END(head);				\
-	(head)->cqh_last = CIRCLEQ_END(head);				\
+#define TAILQ_CONCAT(head1, head2, field) do {				\
+	if (!TAILQ_EMPTY(head2)) {					\
+		*(head1)->tqh_last = (head2)->tqh_first;		\
+		(head2)->tqh_first->field.tqe_prev = (head1)->tqh_last;	\
+		(head1)->tqh_last = (head2)->tqh_last;			\
+		TAILQ_INIT((head2));					\
+	}								\
 } while (0)
 
-#define CIRCLEQ_INSERT_AFTER(head, listelm, elm, field) do {		\
-	(elm)->field.cqe_next = (listelm)->field.cqe_next;		\
-	(elm)->field.cqe_prev = (listelm);				\
-	if ((listelm)->field.cqe_next == CIRCLEQ_END(head))		\
-		(head)->cqh_last = (elm);				\
-	else								\
-		(listelm)->field.cqe_next->field.cqe_prev = (elm);	\
-	(listelm)->field.cqe_next = (elm);				\
-} while (0)
-
-#define CIRCLEQ_INSERT_BEFORE(head, listelm, elm, field) do {		\
-	(elm)->field.cqe_next = (listelm);				\
-	(elm)->field.cqe_prev = (listelm)->field.cqe_prev;		\
-	if ((listelm)->field.cqe_prev == CIRCLEQ_END(head))		\
-		(head)->cqh_first = (elm);				\
-	else								\
-		(listelm)->field.cqe_prev->field.cqe_next = (elm);	\
-	(listelm)->field.cqe_prev = (elm);				\
-} while (0)
-
-#define CIRCLEQ_INSERT_HEAD(head, elm, field) do {			\
-	(elm)->field.cqe_next = (head)->cqh_first;			\
-	(elm)->field.cqe_prev = CIRCLEQ_END(head);			\
-	if ((head)->cqh_last == CIRCLEQ_END(head))			\
-		(head)->cqh_last = (elm);				\
-	else								\
-		(head)->cqh_first->field.cqe_prev = (elm);		\
-	(head)->cqh_first = (elm);					\
-} while (0)
-
-#define CIRCLEQ_INSERT_TAIL(head, elm, field) do {			\
-	(elm)->field.cqe_next = CIRCLEQ_END(head);			\
-	(elm)->field.cqe_prev = (head)->cqh_last;			\
-	if ((head)->cqh_first == CIRCLEQ_END(head))			\
-		(head)->cqh_first = (elm);				\
-	else								\
-		(head)->cqh_last->field.cqe_next = (elm);		\
-	(head)->cqh_last = (elm);					\
-} while (0)
-
-#define	CIRCLEQ_REMOVE(head, elm, field) do {				\
-	if ((elm)->field.cqe_next == CIRCLEQ_END(head))			\
-		(head)->cqh_last = (elm)->field.cqe_prev;		\
-	else								\
-		(elm)->field.cqe_next->field.cqe_prev =			\
-		    (elm)->field.cqe_prev;				\
-	if ((elm)->field.cqe_prev == CIRCLEQ_END(head))			\
-		(head)->cqh_first = (elm)->field.cqe_next;		\
-	else								\
-		(elm)->field.cqe_prev->field.cqe_next =			\
-		    (elm)->field.cqe_next;				\
-	_Q_INVALIDATE((elm)->field.cqe_prev);				\
-	_Q_INVALIDATE((elm)->field.cqe_next);				\
-} while (0)
-
-#define CIRCLEQ_REPLACE(head, elm, elm2, field) do {			\
-	if (((elm2)->field.cqe_next = (elm)->field.cqe_next) ==		\
-	    CIRCLEQ_END(head))						\
-		(head).cqh_last = (elm2);				\
-	else								\
-		(elm2)->field.cqe_next->field.cqe_prev = (elm2);	\
-	if (((elm2)->field.cqe_prev = (elm)->field.cqe_prev) ==		\
-	    CIRCLEQ_END(head))						\
-		(head).cqh_first = (elm2);				\
-	else								\
-		(elm2)->field.cqe_prev->field.cqe_next = (elm2);	\
-	_Q_INVALIDATE((elm)->field.cqe_prev);				\
-	_Q_INVALIDATE((elm)->field.cqe_next);				\
-} while (0)
-
-#endif	/* !_FAKE_QUEUE_H_ */
+#endif	/* !_SYS_QUEUE_H_ */

opensshd.init.in

diff --git a/opensshd.init.in b/opensshd.init.in
index 99e5a51..2517248 100755
--- a/opensshd.init.in
+++ b/opensshd.init.in
@@ -17,26 +17,6 @@
 PidFile=`grep "^PidFile" ${sysconfdir}/sshd_config | tr "=" " " | awk '{print $2}'`
 [ X$PidFile = X ]  ||  PIDFILE=$PidFile
 SSH_KEYGEN=$prefix/bin/ssh-keygen
-HOST_KEY_DSA=$sysconfdir/ssh_host_dsa_key
-HOST_KEY_RSA=$sysconfdir/ssh_host_rsa_key
-@COMMENT_OUT_ECC@HOST_KEY_ECDSA=$sysconfdir/ssh_host_ecdsa_key
-HOST_KEY_ED25519=$sysconfdir/ssh_host_ed25519_key
-
-
-checkkeys() {
-    if [ ! -f $HOST_KEY_DSA ]; then
-	${SSH_KEYGEN} -t dsa -f ${HOST_KEY_DSA} -N ""
-    fi
-    if [ ! -f $HOST_KEY_RSA ]; then
-	${SSH_KEYGEN} -t rsa -f ${HOST_KEY_RSA} -N ""
-    fi
-@COMMENT_OUT_ECC@    if [ ! -f $HOST_KEY_ECDSA ]; then
-@COMMENT_OUT_ECC@	${SSH_KEYGEN} -t ecdsa -f ${HOST_KEY_ECDSA} -N ""
-@COMMENT_OUT_ECC@    fi
-    if [ ! -f $HOST_KEY_ED25519 ]; then
-	${SSH_KEYGEN} -t ed25519 -f ${HOST_KEY_ED25519} -N ""
-    fi
-}
 
 stop_service() {
     if [  -r $PIDFILE  -a  ! -z ${PIDFILE}  ]; then
@@ -54,7 +34,7 @@
     # XXX we will opt out at this time. - Bal
 
     # Check to see if we have keys that need to be made
-    checkkeys
+    ${SSH_KEYGEN} -A
 
     # Start SSHD
     echo "starting $SSHD... \c"         ; $SSHD

packet.c

diff --git a/packet.c b/packet.c
index e7abb34..9908994 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.c,v 1.291 2020/03/06 18:20:44 markus Exp $ */
+/* $OpenBSD: packet.c,v 1.301 2021/07/16 09:00:23 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -282,7 +282,8 @@
 int
 ssh_packet_is_rekeying(struct ssh *ssh)
 {
-	return ssh->state->rekeying || ssh->kex->done == 0;
+	return ssh->state->rekeying ||
+	    (ssh->kex != NULL && ssh->kex->done == 0);
 }
 
 /*
@@ -296,13 +297,13 @@
 	int r;
 
 	if (none == NULL) {
-		error("%s: cannot load cipher 'none'", __func__);
+		error_f("cannot load cipher 'none'");
 		return NULL;
 	}
 	if (ssh == NULL)
 		ssh = ssh_alloc_session_state();
 	if (ssh == NULL) {
-		error("%s: could not allocate state", __func__);
+		error_f("could not allocate state");
 		return NULL;
 	}
 	state = ssh->state;
@@ -312,7 +313,7 @@
 	    (const u_char *)"", 0, NULL, 0, CIPHER_ENCRYPT)) != 0 ||
 	    (r = cipher_init(&state->receive_context, none,
 	    (const u_char *)"", 0, NULL, 0, CIPHER_DECRYPT)) != 0) {
-		error("%s: cipher_init failed: %s", __func__, ssh_err(r));
+		error_fr(r, "cipher_init failed");
 		free(ssh); /* XXX need ssh_free_session_state? */
 		return NULL;
 	}
@@ -345,6 +346,8 @@
 {
 	ssh->state->mux = 1;
 	ssh->state->rekeying = 0;
+	kex_free(ssh->kex);
+	ssh->kex = NULL;
 }
 
 int
@@ -472,19 +475,7 @@
 int
 ssh_packet_connection_af(struct ssh *ssh)
 {
-	struct sockaddr_storage to;
-	socklen_t tolen = sizeof(to);
-
-	memset(&to, 0, sizeof(to));
-	if (getsockname(ssh->state->connection_out, (struct sockaddr *)&to,
-	    &tolen) == -1)
-		return 0;
-#ifdef IPV4_IN_IPV6
-	if (to.ss_family == AF_INET6 &&
-	    IN6_IS_ADDR_V4MAPPED(&((struct sockaddr_in6 *)&to)->sin6_addr))
-		return AF_INET;
-#endif
-	return to.ss_family;
+	return get_sock_af(ssh->state->connection_out);
 }
 
 /* Sets the connection into non-blocking mode. */
@@ -651,6 +642,8 @@
 		ssh->remote_ipaddr = NULL;
 		free(ssh->state);
 		ssh->state = NULL;
+		kex_free(ssh->kex);
+		ssh->kex = NULL;
 	}
 }
 
@@ -691,7 +684,7 @@
 ssh_packet_init_compression(struct ssh *ssh)
 {
 	if (!ssh->state->compression_buffer &&
-	   ((ssh->state->compression_buffer = sshbuf_new()) == NULL))
+	    ((ssh->state->compression_buffer = sshbuf_new()) == NULL))
 		return SSH_ERR_ALLOC_FAIL;
 	return 0;
 }
@@ -892,12 +885,12 @@
 		max_blocks = &state->max_blocks_in;
 	}
 	if (state->newkeys[mode] != NULL) {
-		debug("%s: rekeying %s, input %llu bytes %llu blocks, "
-		   "output %llu bytes %llu blocks", __func__, dir,
-		   (unsigned long long)state->p_read.bytes,
-		   (unsigned long long)state->p_read.blocks,
-		   (unsigned long long)state->p_send.bytes,
-		   (unsigned long long)state->p_send.blocks);
+		debug_f("rekeying %s, input %llu bytes %llu blocks, "
+		    "output %llu bytes %llu blocks", dir,
+		    (unsigned long long)state->p_read.bytes,
+		    (unsigned long long)state->p_read.blocks,
+		    (unsigned long long)state->p_send.bytes,
+		    (unsigned long long)state->p_send.blocks);
 		kex_free_newkeys(state->newkeys[mode]);
 		state->newkeys[mode] = NULL;
 	}
@@ -915,7 +908,7 @@
 			return r;
 	}
 	mac->enabled = 1;
-	DBG(debug("%s: cipher_init_context: %s", __func__, dir));
+	DBG(debug_f("cipher_init_context: %s", dir));
 	cipher_free(*ccp);
 	*ccp = NULL;
 	if ((r = cipher_init(ccp, enc->cipher, enc->key, enc->key_len,
@@ -932,7 +925,7 @@
 	   explicit_bzero(mac->key, mac->key_len); */
 	if ((comp->type == COMP_ZLIB ||
 	    (comp->type == COMP_DELAYED &&
-	     state->after_authentication)) && comp->enabled == 0) {
+	    state->after_authentication)) && comp->enabled == 0) {
 		if ((r = ssh_packet_init_compression(ssh)) < 0)
 			return r;
 		if (mode == MODE_OUT) {
@@ -1009,6 +1002,15 @@
 	    (state->p_read.blocks > state->max_blocks_in));
 }
 
+int
+ssh_packet_check_rekey(struct ssh *ssh)
+{
+	if (!ssh_packet_need_rekeying(ssh, 0))
+		return 0;
+	debug3_f("rekex triggered");
+	return kex_start_rekex(ssh);
+}
+
 /*
  * Delayed compression for SSH2 is enabled after authentication:
  * This happens on the server side after a SSH2_MSG_USERAUTH_SUCCESS is sent,
@@ -1138,8 +1140,8 @@
 		if (tmp > state->extra_pad)
 			return SSH_ERR_INVALID_ARGUMENT;
 		pad = state->extra_pad - tmp;
-		DBG(debug3("%s: adding %d (len %d padlen %d extra_pad %d)",
-		    __func__, pad, len, padlen, state->extra_pad));
+		DBG(debug3_f("adding %d (len %d padlen %d extra_pad %d)",
+		    pad, len, padlen, state->extra_pad));
 		tmp = padlen;
 		padlen += pad;
 		/* Check whether padlen calculation overflowed */
@@ -1254,7 +1256,7 @@
 	 */
 	if ((need_rekey || state->rekeying) && !ssh_packet_type_is_kex(type)) {
 		if (need_rekey)
-			debug3("%s: rekex triggered", __func__);
+			debug3_f("rekex triggered");
 		debug("enqueue packet: %u", type);
 		p = calloc(1, sizeof(*p));
 		if (p == NULL)
@@ -1296,8 +1298,7 @@
 			 */
 			if (ssh_packet_need_rekeying(ssh,
 			    sshbuf_len(p->payload))) {
-				debug3("%s: queued packet triggered rekex",
-				    __func__);
+				debug3_f("queued packet triggered rekex");
 				return kex_start_rekex(ssh);
 			}
 			debug("dequeue packet: %u", type);
@@ -1416,7 +1417,7 @@
 	int r;
 
 	if ((r = ssh_packet_read_seqnr(ssh, &type, NULL)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "read");
 	return type;
 }
 
@@ -1474,7 +1475,7 @@
 	    (r = sshbuf_get_u8(state->incoming_packet, typep)) != 0)
 		return r;
 	if (ssh_packet_log_type(*typep))
-		debug3("%s: type %u", __func__, *typep);
+		debug3_f("type %u", *typep);
 	/* sshbuf_dump(state->incoming_packet, stderr); */
 	/* reset for next packet */
 	state->packlen = 0;
@@ -1703,12 +1704,8 @@
 	/* reset for next packet */
 	state->packlen = 0;
 
-	/* do we need to rekey? */
-	if (ssh_packet_need_rekeying(ssh, 0)) {
-		debug3("%s: rekex triggered", __func__);
-		if ((r = kex_start_rekex(ssh)) != 0)
-			return r;
-	}
+	if ((r = ssh_packet_check_rekey(ssh)) != 0)
+		return r;
  out:
 	return r;
 }
@@ -1831,7 +1828,7 @@
 	    (r = sshpkt_put_cstring(ssh, "")) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0 ||
 	    (r = ssh_packet_write_wait(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send DEBUG");
 }
 
 void
@@ -1887,15 +1884,13 @@
 	default:
 		if (vasprintf(&tag, fmt, ap) == -1) {
 			ssh_packet_clear_keys(ssh);
-			logdie("%s: could not allocate failure message",
-			    __func__);
+			logdie_f("could not allocate failure message");
 		}
 		ssh_packet_clear_keys(ssh);
 		errno = oerrno;
-		logdie("%s%sConnection %s %s: %s",
+		logdie_r(r, "%s%sConnection %s %s",
 		    tag != NULL ? tag : "", tag != NULL ? ": " : "",
-		    ssh->state->server_side ? "from" : "to",
-		    remote_id, ssh_err(r));
+		    ssh->state->server_side ? "from" : "to", remote_id);
 	}
 }
 
@@ -1908,7 +1903,7 @@
 	sshpkt_vfatal(ssh, r, fmt, ap);
 	/* NOTREACHED */
 	va_end(ap);
-	logdie("%s: should have exited", __func__);
+	logdie_f("should have exited");
 }
 
 /*
@@ -2067,30 +2062,9 @@
 void
 ssh_packet_set_tos(struct ssh *ssh, int tos)
 {
-#ifndef IP_TOS_IS_BROKEN
 	if (!ssh_packet_connection_is_on_socket(ssh) || tos == INT_MAX)
 		return;
-	switch (ssh_packet_connection_af(ssh)) {
-# ifdef IP_TOS
-	case AF_INET:
-		debug3("%s: set IP_TOS 0x%02x", __func__, tos);
-		if (setsockopt(ssh->state->connection_in,
-		    IPPROTO_IP, IP_TOS, &tos, sizeof(tos)) == -1)
-			error("setsockopt IP_TOS %d: %.100s:",
-			    tos, strerror(errno));
-		break;
-# endif /* IP_TOS */
-# ifdef IPV6_TCLASS
-	case AF_INET6:
-		debug3("%s: set IPV6_TCLASS 0x%02x", __func__, tos);
-		if (setsockopt(ssh->state->connection_in,
-		    IPPROTO_IPV6, IPV6_TCLASS, &tos, sizeof(tos)) == -1)
-			error("setsockopt IPV6_TCLASS %d: %.100s:",
-			    tos, strerror(errno));
-		break;
-# endif /* IPV6_TCLASS */
-	}
-#endif /* IP_TOS_IS_BROKEN */
+	set_sock_tos(ssh->state->connection_in, tos);
 }
 
 /* Informs that the current session is interactive.  Sets IP flags for that. */
@@ -2111,8 +2085,7 @@
 	if (!ssh_packet_connection_is_on_socket(ssh))
 		return;
 	set_nodelay(state->connection_in);
-	ssh_packet_set_tos(ssh, interactive ? qos_interactive :
-	    qos_bulk);
+	ssh_packet_set_tos(ssh, interactive ? qos_interactive : qos_bulk);
 }
 
 /* Returns true if the current connection is interactive. */
@@ -2211,7 +2184,7 @@
 {
 	int r;
 
-	debug("%s: called", __func__);
+	debug_f("called");
 	/* This was set in net child, but is not visible in user child */
 	ssh->state->after_authentication = 1;
 	ssh->state->rekeying = 0;
@@ -2228,9 +2201,7 @@
 {
 	int r;
 
-	if ((r = sshbuf_put_string(m, kex->session_id,
-	    kex->session_id_len)) != 0 ||
-	    (r = sshbuf_put_u32(m, kex->we_need)) != 0 ||
+	if ((r = sshbuf_put_u32(m, kex->we_need)) != 0 ||
 	    (r = sshbuf_put_cstring(m, kex->hostkey_alg)) != 0 ||
 	    (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 ||
 	    (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 ||
@@ -2239,6 +2210,7 @@
 	    (r = sshbuf_put_stringb(m, kex->peer)) != 0 ||
 	    (r = sshbuf_put_stringb(m, kex->client_version)) != 0 ||
 	    (r = sshbuf_put_stringb(m, kex->server_version)) != 0 ||
+	    (r = sshbuf_put_stringb(m, kex->session_id)) != 0 ||
 	    (r = sshbuf_put_u32(m, kex->flags)) != 0)
 		return r;
 	return 0;
@@ -2391,8 +2363,7 @@
 
 	if ((kex = kex_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
-	if ((r = sshbuf_get_string(m, &kex->session_id, &kex->session_id_len)) != 0 ||
-	    (r = sshbuf_get_u32(m, &kex->we_need)) != 0 ||
+	if ((r = sshbuf_get_u32(m, &kex->we_need)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &kex->hostkey_alg, NULL)) != 0 ||
 	    (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 ||
 	    (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 ||
@@ -2401,6 +2372,7 @@
 	    (r = sshbuf_get_stringb(m, kex->peer)) != 0 ||
 	    (r = sshbuf_get_stringb(m, kex->client_version)) != 0 ||
 	    (r = sshbuf_get_stringb(m, kex->server_version)) != 0 ||
+	    (r = sshbuf_get_stringb(m, kex->session_id)) != 0 ||
 	    (r = sshbuf_get_u32(m, &kex->flags)) != 0)
 		goto out;
 	kex->server = 1;
@@ -2445,7 +2417,7 @@
 	    (r = sshbuf_get_u64(m, &state->p_read.bytes)) != 0)
 		return r;
 	/*
-	 * We set the time here so that in post-auth privsep slave we
+	 * We set the time here so that in post-auth privsep child we
 	 * count from the completion of the authentication.
 	 */
 	state->rekey_time = monotime();
@@ -2467,7 +2439,7 @@
 
 	if (sshbuf_len(m))
 		return SSH_ERR_INVALID_FORMAT;
-	debug3("%s: done", __func__);
+	debug3_f("done");
 	return 0;
 }
 
@@ -2658,7 +2630,7 @@
 	cp = sshbuf_mutable_ptr(state->outgoing_packet);
 	type = cp[5];
 	if (ssh_packet_log_type(type))
-		debug3("%s: type %u", __func__, type);
+		debug3_f("type %u", type);
 	/* drop everything, but the connection protocol */
 	if (type >= SSH2_MSG_CONNECTION_MIN &&
 	    type <= SSH2_MSG_CONNECTION_MAX) {

packet.h

diff --git a/packet.h b/packet.h
index c2544bd..2ad0e70 100644
--- a/packet.h
+++ b/packet.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: packet.h,v 1.92 2020/03/06 18:11:10 markus Exp $ */
+/* $OpenBSD: packet.h,v 1.93 2021/07/16 09:00:23 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -105,6 +105,7 @@
 void	 ssh_clear_newkeys(struct ssh *, int);
 
 int	 ssh_packet_is_rekeying(struct ssh *);
+int	 ssh_packet_check_rekey(struct ssh *);
 void     ssh_packet_set_protocol_flags(struct ssh *, u_int);
 u_int	 ssh_packet_get_protocol_flags(struct ssh *);
 void	 ssh_packet_set_tos(struct ssh *, int);

platform-tracing.c

diff --git a/platform-tracing.c b/platform-tracing.c
index 4c80a28..0daf2a8 100644
--- a/platform-tracing.c
+++ b/platform-tracing.c
@@ -17,6 +17,9 @@
 #include "includes.h"
 
 #include <sys/types.h>
+#ifdef HAVE_SYS_PROCCTL_H
+#include <sys/procctl.h>
+#endif
 #if defined(HAVE_SYS_PRCTL_H)
 #include <sys/prctl.h>	/* For prctl() and PR_SET_DUMPABLE */
 #endif
@@ -33,6 +36,13 @@
 void
 platform_disable_tracing(int strict)
 {
+#if defined(HAVE_PROCCTL) && defined(PROC_TRACE_CTL)
+	/* On FreeBSD, we should make this process untraceable */
+	int disable_trace = PROC_TRACE_CTL_DISABLE;
+
+	if (procctl(P_PID, 0, PROC_TRACE_CTL, &disable_trace) && strict)
+		fatal("unable to make the process untraceable");
+#endif
 #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
 	/* Disable ptrace on Linux without sgid bit */
 	if (prctl(PR_SET_DUMPABLE, 0) != 0 && strict)

readconf.c

diff --git a/readconf.c b/readconf.c
index 2afcbae..bcca6ed 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.329 2020/04/24 03:33:21 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.363 2021/09/16 05:36:03 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -145,14 +145,15 @@
 	oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
 	oGatewayPorts, oExitOnForwardFailure,
 	oPasswordAuthentication,
-	oChallengeResponseAuthentication, oXAuthLocation,
+	oXAuthLocation,
 	oIdentityFile, oHostname, oPort, oRemoteForward, oLocalForward,
+	oPermitRemoteOpen,
 	oCertificateFile, oAddKeysToAgent, oIdentityAgent,
 	oUser, oEscapeChar, oProxyCommand,
 	oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
 	oBatchMode, oCheckHostIP, oStrictHostKeyChecking, oCompression,
 	oTCPKeepAlive, oNumberOfPasswordPrompts,
-	oLogFacility, oLogLevel, oCiphers, oMacs,
+	oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs,
 	oPubkeyAuthentication,
 	oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
 	oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
@@ -166,13 +167,14 @@
 	oTunnel, oTunnelDevice,
 	oLocalCommand, oPermitLocalCommand, oRemoteCommand,
 	oVisualHostKey,
-	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
+	oKexAlgorithms, oIPQoS, oRequestTTY, oSessionType, oStdinNull,
+	oForkAfterAuthentication, oIgnoreUnknown, oProxyUseFdpass,
 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
 	oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
-	oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
-	oPubkeyAcceptedKeyTypes, oCASignatureAlgorithms, oProxyJump,
-	oSecurityKeyProvider,
+	oFingerprintHash, oUpdateHostkeys, oHostbasedAcceptedAlgorithms,
+	oPubkeyAcceptedAlgorithms, oCASignatureAlgorithms, oProxyJump,
+	oSecurityKeyProvider, oKnownHostsCommand,
 	oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
@@ -227,12 +229,12 @@
 	{ "passwordauthentication", oPasswordAuthentication },
 	{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
 	{ "kbdinteractivedevices", oKbdInteractiveDevices },
+	{ "challengeresponseauthentication", oKbdInteractiveAuthentication }, /* alias */
+	{ "skeyauthentication", oKbdInteractiveAuthentication }, /* alias */
+	{ "tisauthentication", oKbdInteractiveAuthentication },  /* alias */
 	{ "pubkeyauthentication", oPubkeyAuthentication },
 	{ "dsaauthentication", oPubkeyAuthentication },		    /* alias */
 	{ "hostbasedauthentication", oHostbasedAuthentication },
-	{ "challengeresponseauthentication", oChallengeResponseAuthentication },
-	{ "skeyauthentication", oUnsupported },
-	{ "tisauthentication", oChallengeResponseAuthentication },  /* alias */
 	{ "identityfile", oIdentityFile },
 	{ "identityfile2", oIdentityFile },			/* obsolete */
 	{ "identitiesonly", oIdentitiesOnly },
@@ -247,6 +249,7 @@
 	{ "macs", oMacs },
 	{ "remoteforward", oRemoteForward },
 	{ "localforward", oLocalForward },
+	{ "permitremoteopen", oPermitRemoteOpen },
 	{ "user", oUser },
 	{ "host", oHost },
 	{ "match", oMatch },
@@ -263,6 +266,7 @@
 	{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
 	{ "syslogfacility", oLogFacility },
 	{ "loglevel", oLogLevel },
+	{ "logverbose", oLogVerbose },
 	{ "dynamicforward", oDynamicForward },
 	{ "preferredauthentications", oPreferredAuthentications },
 	{ "hostkeyalgorithms", oHostKeyAlgorithms },
@@ -294,6 +298,9 @@
 	{ "kexalgorithms", oKexAlgorithms },
 	{ "ipqos", oIPQoS },
 	{ "requesttty", oRequestTTY },
+	{ "sessiontype", oSessionType },
+	{ "stdinnull", oStdinNull },
+	{ "forkafterauthentication", oForkAfterAuthentication },
 	{ "proxyusefdpass", oProxyUseFdpass },
 	{ "canonicaldomains", oCanonicalDomains },
 	{ "canonicalizefallbacklocal", oCanonicalizeFallbackLocal },
@@ -305,23 +312,33 @@
 	{ "revokedhostkeys", oRevokedHostKeys },
 	{ "fingerprinthash", oFingerprintHash },
 	{ "updatehostkeys", oUpdateHostkeys },
-	{ "hostbasedkeytypes", oHostbasedKeyTypes },
-	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
+	{ "hostbasedacceptedalgorithms", oHostbasedAcceptedAlgorithms },
+	{ "hostbasedkeytypes", oHostbasedAcceptedAlgorithms }, /* obsolete */
+	{ "pubkeyacceptedalgorithms", oPubkeyAcceptedAlgorithms },
+	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedAlgorithms }, /* obsolete */
 	{ "ignoreunknown", oIgnoreUnknown },
 	{ "proxyjump", oProxyJump },
 	{ "securitykeyprovider", oSecurityKeyProvider },
+	{ "knownhostscommand", oKnownHostsCommand },
 
 	{ NULL, oBadOption }
 };
 
-static char *kex_default_pk_alg_filtered;
+static const char *lookup_opcode_name(OpCodes code);
 
 const char *
 kex_default_pk_alg(void)
 {
-	if (kex_default_pk_alg_filtered == NULL)
-		fatal("kex_default_pk_alg not initialized.");
-	return kex_default_pk_alg_filtered;
+	static char *pkalgs;
+
+	if (pkalgs == NULL) {
+		char *all_key;
+
+		all_key = sshkey_alg_list(0, 0, 1, ',');
+		pkalgs = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
+		free(all_key);
+	}
+	return pkalgs;
 }
 
 char *
@@ -337,7 +354,7 @@
 	    ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
 	    ssh_digest_update(md, user, strlen(user)) < 0 ||
 	    ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
-		fatal("%s: mux digest failed", __func__);
+		fatal_f("mux digest failed");
 	ssh_digest_free(md);
 	return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
 }
@@ -445,7 +462,7 @@
 	for (i = 0; i < options->num_certificate_files; i++) {
 		if (options->certificate_file_userprovided[i] == userprovided &&
 		    strcmp(options->certificate_files[i], path) == 0) {
-			debug2("%s: ignoring duplicate key %s", __func__, path);
+			debug2_f("ignoring duplicate key %s", path);
 			return;
 		}
 	}
@@ -476,7 +493,7 @@
 	for (i = 0; i < options->num_identity_files; i++) {
 		if (options->identity_file_userprovided[i] == userprovided &&
 		    strcmp(options->identity_files[i], path) == 0) {
-			debug2("%s: ignoring duplicate key %s", __func__, path);
+			debug2_f("ignoring duplicate key %s", path);
 			free(path);
 			return;
 		}
@@ -509,7 +526,7 @@
 {
 	char *shell;
 	pid_t pid;
-	int devnull, status;
+	int status;
 
 	if ((shell = getenv("SHELL")) == NULL)
 		shell = _PATH_BSHELL;
@@ -519,23 +536,14 @@
 		    shell, strerror(errno));
 	}
 
-	/* Need this to redirect subprocess stdin/out */
-	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
-		fatal("open(/dev/null): %s", strerror(errno));
-
 	debug("Executing command: '%.500s'", cmd);
 
 	/* Fork and execute the command. */
 	if ((pid = fork()) == 0) {
 		char *argv[4];
 
-		/* Redirect child stdin and stdout. Leave stderr */
-		if (dup2(devnull, STDIN_FILENO) == -1)
-			fatal("dup2: %s", strerror(errno));
-		if (dup2(devnull, STDOUT_FILENO) == -1)
-			fatal("dup2: %s", strerror(errno));
-		if (devnull > STDERR_FILENO)
-			close(devnull);
+		if (stdfd_devnull(1, 1, 0) == -1)
+			fatal_f("stdfd_devnull failed");
 		closefrom(STDERR_FILENO + 1);
 
 		argv[0] = shell;
@@ -552,13 +560,11 @@
 	}
 	/* Parent. */
 	if (pid == -1)
-		fatal("%s: fork: %.100s", __func__, strerror(errno));
-
-	close(devnull);
+		fatal_f("fork: %.100s", strerror(errno));
 
 	while (waitpid(pid, &status, 0) == -1) {
 		if (errno != EINTR && errno != EAGAIN)
-			fatal("%s: waitpid: %s", __func__, strerror(errno));
+			fatal_f("waitpid: %s", strerror(errno));
 	}
 	if (!WIFEXITED(status)) {
 		error("command '%.100s' exited abnormally", cmd);
@@ -601,25 +607,33 @@
 	debug2("checking match for '%s' host %s originally %s",
 	    cp, host, original_host);
 	while ((oattrib = attrib = strdelim(&cp)) && *attrib != '\0') {
-		criteria = NULL;
+		/* Terminate on comment */
+		if (*attrib == '#') {
+			cp = NULL; /* mark all arguments consumed */
+			break;
+		}
+		arg = criteria = NULL;
 		this_result = 1;
 		if ((negate = attrib[0] == '!'))
 			attrib++;
-		/* criteria "all" and "canonical" have no argument */
+		/* Criterion "all" has no argument and must appear alone */
 		if (strcasecmp(attrib, "all") == 0) {
-			if (attributes > 1 ||
-			    ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
+			if (attributes > 1 || ((arg = strdelim(&cp)) != NULL &&
+			    *arg != '\0' && *arg != '#')) {
 				error("%.200s line %d: '%s' cannot be combined "
 				    "with other Match attributes",
 				    filename, linenum, oattrib);
 				result = -1;
 				goto out;
 			}
+			if (arg != NULL && *arg == '#')
+				cp = NULL; /* mark all arguments consumed */
 			if (result)
 				result = negate ? 0 : 1;
 			goto out;
 		}
 		attributes++;
+		/* criteria "final" and "canonical" have no argument */
 		if (strcasecmp(attrib, "canonical") == 0 ||
 		    strcasecmp(attrib, "final") == 0) {
 			/*
@@ -638,7 +652,8 @@
 			continue;
 		}
 		/* All other criteria require an argument */
-		if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
+		if ((arg = strdelim(&cp)) == NULL ||
+		    *arg == '\0' || *arg == '#') {
 			error("Missing Match criteria for %s", attrib);
 			result = -1;
 			goto out;
@@ -664,7 +679,7 @@
 			if (r == (negate ? 1 : 0))
 				this_result = result = 0;
 		} else if (strcasecmp(attrib, "exec") == 0) {
-			char *conn_hash_hex;
+			char *conn_hash_hex, *keyalias;
 
 			if (gethostname(thishost, sizeof(thishost)) == -1)
 				fatal("gethostname: %s", strerror(errno));
@@ -674,13 +689,16 @@
 			snprintf(uidstr, sizeof(uidstr), "%llu",
 			    (unsigned long long)pw->pw_uid);
 			conn_hash_hex = ssh_connection_hash(thishost, host,
-			   portstr, ruser);
+			    portstr, ruser);
+			keyalias = options->host_key_alias ?
+			    options->host_key_alias : host;
 
 			cmd = percent_expand(arg,
 			    "C", conn_hash_hex,
 			    "L", shorthost,
 			    "d", pw->pw_dir,
 			    "h", host,
+			    "k", keyalias,
 			    "l", thishost,
 			    "n", original_host,
 			    "p", portstr,
@@ -735,7 +753,7 @@
 static void
 rm_env(Options *options, const char *arg, const char *filename, int linenum)
 {
-	int i, j;
+	int i, j, onum_send_env = options->num_send_env;
 	char *cp;
 
 	/* Remove an environment variable */
@@ -758,6 +776,11 @@
 		options->num_send_env--;
 		/* NB. don't increment i */
 	}
+	if (onum_send_env != options->num_send_env) {
+		options->send_env = xrecallocarray(options->send_env,
+		    onum_send_env, options->num_send_env,
+		    sizeof(*options->send_env));
+	}
 }
 
 /*
@@ -853,6 +876,12 @@
 	{ "auto",			REQUEST_TTY_AUTO },
 	{ NULL, -1 }
 };
+static const struct multistate multistate_sessiontype[] = {
+	{ "none",			SESSION_TYPE_NONE },
+	{ "subsystem",			SESSION_TYPE_SUBSYSTEM },
+	{ "default",			SESSION_TYPE_DEFAULT },
+	{ NULL, -1 }
+};
 static const struct multistate multistate_canonicalizehostname[] = {
 	{ "true",			SSH_CANONICALISE_YES },
 	{ "false",			SSH_CANONICALISE_NO },
@@ -869,6 +898,23 @@
 	{ NULL, -1 }
 };
 
+static int
+parse_multistate_value(const char *arg, const char *filename, int linenum,
+    const struct multistate *multistate_ptr)
+{
+	int i;
+
+	if (!arg || *arg == '\0') {
+		error("%s line %d: missing argument.", filename, linenum);
+		return -1;
+	}
+	for (i = 0; multistate_ptr[i].key != NULL; i++) {
+		if (strcasecmp(arg, multistate_ptr[i].key) == 0)
+			return multistate_ptr[i].value;
+	}
+	return -1;
+}
+
 /*
  * Processes a single option line as used in the configuration files. This
  * only sets those values that have not already been set.
@@ -888,9 +934,9 @@
     const char *original_host, char *line, const char *filename,
     int linenum, int *activep, int flags, int *want_final_pass, int depth)
 {
-	char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
-	char **cpptr, fwdarg[256];
-	u_int i, *uintptr, max_entries = 0;
+	char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p, ch;
+	char **cpptr, ***cppptr, fwdarg[256];
+	u_int i, *uintptr, uvalue, max_entries = 0;
 	int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
 	int remotefwd, dynamicfwd;
 	LogLevel *log_level_ptr;
@@ -902,6 +948,9 @@
 	struct allowed_cname *cname;
 	glob_t gl;
 	const char *errstr;
+	char **oav = NULL, **av;
+	int oac = 0, ac;
+	int ret = -1;
 
 	if (activep == NULL) { /* We are processing a command line directive */
 		cmdline = 1;
@@ -917,43 +966,63 @@
 		line[len] = '\0';
 	}
 
-	s = line;
+	str = line;
 	/* Get the keyword. (Each line is supposed to begin with a keyword). */
-	if ((keyword = strdelim(&s)) == NULL)
+	if ((keyword = strdelim(&str)) == NULL)
 		return 0;
 	/* Ignore leading whitespace. */
 	if (*keyword == '\0')
-		keyword = strdelim(&s);
+		keyword = strdelim(&str);
 	if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
 		return 0;
 	/* Match lowercase keyword */
 	lowercase(keyword);
 
+	/* Prepare to parse remainder of line */
+	if (str != NULL)
+		str += strspn(str, WHITESPACE);
+	if (str == NULL || *str == '\0') {
+		error("%s line %d: no argument after keyword \"%s\"",
+		    filename, linenum, keyword);
+		return -1;
+	}
 	opcode = parse_token(keyword, filename, linenum,
 	    options->ignored_unknown);
+	if (argv_split(str, &oac, &oav, 1) != 0) {
+		error("%s line %d: invalid quotes", filename, linenum);
+		return -1;
+	}
+	ac = oac;
+	av = oav;
 
 	switch (opcode) {
 	case oBadOption:
 		/* don't panic, but count bad options */
-		return -1;
+		goto out;
 	case oIgnore:
-		return 0;
+		argv_consume(&ac);
+		break;
 	case oIgnoredUnknownOption:
 		debug("%s line %d: Ignored unknown option \"%s\"",
 		    filename, linenum, keyword);
-		return 0;
+		argv_consume(&ac);
+		break;
 	case oConnectTimeout:
 		intptr = &options->connection_timeout;
 parse_time:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing time value.",
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%s line %d: missing time value.",
 			    filename, linenum);
+			goto out;
+		}
 		if (strcmp(arg, "none") == 0)
 			value = -1;
-		else if ((value = convtime(arg)) == -1)
-			fatal("%s line %d: invalid time value.",
+		else if ((value = convtime(arg)) == -1) {
+			error("%s line %d: invalid time value.",
 			    filename, linenum);
+			goto out;
+		}
 		if (*activep && *intptr == -1)
 			*intptr = value;
 		break;
@@ -961,10 +1030,12 @@
 	case oForwardAgent:
 		intptr = &options->forward_agent;
 
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing argument.",
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%s line %d: missing argument.",
 			    filename, linenum);
+			goto out;
+		}
 
 		value = -1;
 		multistate_ptr = multistate_flag;
@@ -991,20 +1062,13 @@
  parse_flag:
 		multistate_ptr = multistate_flag;
  parse_multistate:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing argument.",
-			    filename, linenum);
-		value = -1;
-		for (i = 0; multistate_ptr[i].key != NULL; i++) {
-			if (strcasecmp(arg, multistate_ptr[i].key) == 0) {
-				value = multistate_ptr[i].value;
-				break;
-			}
-		}
-		if (value == -1)
-			fatal("%s line %d: unsupported option \"%s\".",
+		arg = argv_next(&ac, &av);
+		if ((value = parse_multistate_value(arg, filename, linenum,
+		    multistate_ptr)) == -1) {
+			error("%s line %d: unsupported option \"%s\".",
 			    filename, linenum, arg);
+			goto out;
+		}
 		if (*activep && *intptr == -1)
 			*intptr = value;
 		break;
@@ -1045,10 +1109,6 @@
 		intptr = &options->hostbased_authentication;
 		goto parse_flag;
 
-	case oChallengeResponseAuthentication:
-		intptr = &options->challenge_response_authentication;
-		goto parse_flag;
-
 	case oGssAuthentication:
 		intptr = &options->gss_authentication;
 		goto parse_flag;
@@ -1093,25 +1153,31 @@
 		goto parse_int;
 
 	case oRekeyLimit:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename,
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.", filename,
 			    linenum);
+			goto out;
+		}
 		if (strcmp(arg, "default") == 0) {
 			val64 = 0;
 		} else {
-			if (scan_scaled(arg, &val64) == -1)
-				fatal("%.200s line %d: Bad number '%s': %s",
+			if (scan_scaled(arg, &val64) == -1) {
+				error("%.200s line %d: Bad number '%s': %s",
 				    filename, linenum, arg, strerror(errno));
-			if (val64 != 0 && val64 < 16)
-				fatal("%.200s line %d: RekeyLimit too small",
+				goto out;
+			}
+			if (val64 != 0 && val64 < 16) {
+				error("%.200s line %d: RekeyLimit too small",
 				    filename, linenum);
+				goto out;
+			}
 		}
 		if (*activep && options->rekey_limit == -1)
 			options->rekey_limit = val64;
-		if (s != NULL) { /* optional rekey interval present */
-			if (strcmp(s, "none") == 0) {
-				(void)strdelim(&s);	/* discard */
+		if (ac != 0) { /* optional rekey interval present */
+			if (strcmp(av[0], "none") == 0) {
+				(void)argv_next(&ac, &av);	/* discard */
 				break;
 			}
 			intptr = &options->rekey_interval;
@@ -1120,31 +1186,40 @@
 		break;
 
 	case oIdentityFile:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
+			    filename, linenum);
+			goto out;
+		}
 		if (*activep) {
 			intptr = &options->num_identity_files;
-			if (*intptr >= SSH_MAX_IDENTITY_FILES)
-				fatal("%.200s line %d: Too many identity files specified (max %d).",
-				    filename, linenum, SSH_MAX_IDENTITY_FILES);
+			if (*intptr >= SSH_MAX_IDENTITY_FILES) {
+				error("%.200s line %d: Too many identity files "
+				    "specified (max %d).", filename, linenum,
+				    SSH_MAX_IDENTITY_FILES);
+				goto out;
+			}
 			add_identity_file(options, NULL,
 			    arg, flags & SSHCONF_USERCONF);
 		}
 		break;
 
 	case oCertificateFile:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
 			    filename, linenum);
+			goto out;
+		}
 		if (*activep) {
 			intptr = &options->num_certificate_files;
 			if (*intptr >= SSH_MAX_CERTIFICATE_FILES) {
-				fatal("%.200s line %d: Too many certificate "
+				error("%.200s line %d: Too many certificate "
 				    "files specified (max %d).",
 				    filename, linenum,
 				    SSH_MAX_CERTIFICATE_FILES);
+				goto out;
 			}
 			add_certificate_file(options, arg,
 			    flags & SSHCONF_USERCONF);
@@ -1158,10 +1233,12 @@
 	case oUser:
 		charptr = &options->user;
 parse_string:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
 			    filename, linenum);
+			goto out;
+		}
 		if (*activep && *charptr == NULL)
 			*charptr = xstrdup(arg);
 		break;
@@ -1171,16 +1248,35 @@
 		uintptr = &options->num_system_hostfiles;
 		max_entries = SSH_MAX_HOSTS_FILES;
 parse_char_array:
-		if (*activep && *uintptr == 0) {
-			while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
-				if ((*uintptr) >= max_entries)
-					fatal("%s line %d: "
-					    "too many known hosts files.",
-					    filename, linenum);
+		i = 0;
+		value = *uintptr == 0; /* was array empty when we started? */
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0') {
+				error("%s line %d: keyword %s empty argument",
+				    filename, linenum, keyword);
+				goto out;
+			}
+			/* Allow "none" only in first position */
+			if (strcasecmp(arg, "none") == 0) {
+				if (i > 0 || ac > 0) {
+					error("%s line %d: keyword %s \"none\" "
+					    "argument must appear alone.",
+					    filename, linenum, keyword);
+					goto out;
+				}
+			}
+			i++;
+			if (*activep && value) {
+				if ((*uintptr) >= max_entries) {
+					error("%s line %d: too many %s "
+					    "entries.", filename, linenum,
+					    keyword);
+					goto out;
+				}
 				cpptr[(*uintptr)++] = xstrdup(arg);
 			}
 		}
-		return 0;
+		break;
 
 	case oUserKnownHostsFile:
 		cpptr = (char **)&options->user_hostfiles;
@@ -1216,40 +1312,56 @@
 		charptr = &options->sk_provider;
 		goto parse_string;
 
+	case oKnownHostsCommand:
+		charptr = &options->known_hosts_command;
+		goto parse_command;
+
 	case oProxyCommand:
 		charptr = &options->proxy_command;
 		/* Ignore ProxyCommand if ProxyJump already specified */
 		if (options->jump_host != NULL)
 			charptr = &options->jump_host; /* Skip below */
 parse_command:
-		if (s == NULL)
-			fatal("%.200s line %d: Missing argument.", filename, linenum);
-		len = strspn(s, WHITESPACE "=");
+		if (str == NULL) {
+			error("%.200s line %d: Missing argument.",
+			    filename, linenum);
+			goto out;
+		}
+		len = strspn(str, WHITESPACE "=");
 		if (*activep && *charptr == NULL)
-			*charptr = xstrdup(s + len);
-		return 0;
+			*charptr = xstrdup(str + len);
+		argv_consume(&ac);
+		break;
 
 	case oProxyJump:
-		if (s == NULL) {
-			fatal("%.200s line %d: Missing argument.",
+		if (str == NULL) {
+			error("%.200s line %d: Missing argument.",
 			    filename, linenum);
+			goto out;
 		}
-		len = strspn(s, WHITESPACE "=");
-		if (parse_jump(s + len, options, *activep) == -1) {
-			fatal("%.200s line %d: Invalid ProxyJump \"%s\"",
-			    filename, linenum, s + len);
+		len = strspn(str, WHITESPACE "=");
+		/* XXX use argv? */
+		if (parse_jump(str + len, options, *activep) == -1) {
+			error("%.200s line %d: Invalid ProxyJump \"%s\"",
+			    filename, linenum, str + len);
+			goto out;
 		}
-		return 0;
+		argv_consume(&ac);
+		break;
 
 	case oPort:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
 			    filename, linenum);
+			goto out;
+		}
 		value = a2port(arg);
-		if (value <= 0)
-			fatal("%.200s line %d: Bad port '%s'.",
+		if (value <= 0) {
+			error("%.200s line %d: Bad port '%s'.",
 			    filename, linenum, arg);
+			goto out;
+		}
 		if (*activep && options->port == -1)
 			options->port = value;
 		break;
@@ -1257,113 +1369,169 @@
 	case oConnectionAttempts:
 		intptr = &options->connection_attempts;
 parse_int:
-		arg = strdelim(&s);
-		if ((errstr = atoi_err(arg, &value)) != NULL)
-			fatal("%s line %d: integer value %s.",
+		arg = argv_next(&ac, &av);
+		if ((errstr = atoi_err(arg, &value)) != NULL) {
+			error("%s line %d: integer value %s.",
 			    filename, linenum, errstr);
+			goto out;
+		}
 		if (*activep && *intptr == -1)
 			*intptr = value;
 		break;
 
 	case oCiphers:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
+			    filename, linenum);
+			goto out;
+		}
 		if (*arg != '-' &&
-		    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
-			fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
+		    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)){
+			error("%.200s line %d: Bad SSH2 cipher spec '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
+			goto out;
+		}
 		if (*activep && options->ciphers == NULL)
 			options->ciphers = xstrdup(arg);
 		break;
 
 	case oMacs:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
+			    filename, linenum);
+			goto out;
+		}
 		if (*arg != '-' &&
-		    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
-			fatal("%.200s line %d: Bad SSH2 MAC spec '%s'.",
+		    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) {
+			error("%.200s line %d: Bad SSH2 MAC spec '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
+			goto out;
+		}
 		if (*activep && options->macs == NULL)
 			options->macs = xstrdup(arg);
 		break;
 
 	case oKexAlgorithms:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
 			    filename, linenum);
+			goto out;
+		}
 		if (*arg != '-' &&
 		    !kex_names_valid(*arg == '+' || *arg == '^' ?
-		    arg + 1 : arg))
-			fatal("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
+		    arg + 1 : arg)) {
+			error("%.200s line %d: Bad SSH2 KexAlgorithms '%s'.",
 			    filename, linenum, arg ? arg : "<NONE>");
+			goto out;
+		}
 		if (*activep && options->kex_algorithms == NULL)
 			options->kex_algorithms = xstrdup(arg);
 		break;
 
 	case oHostKeyAlgorithms:
 		charptr = &options->hostkeyalgorithms;
-parse_keytypes:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
+parse_pubkey_algos:
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
 			    filename, linenum);
+			goto out;
+		}
 		if (*arg != '-' &&
 		    !sshkey_names_valid2(*arg == '+' || *arg == '^' ?
-		    arg + 1 : arg, 1))
-			fatal("%s line %d: Bad key types '%s'.",
-				filename, linenum, arg ? arg : "<NONE>");
+		    arg + 1 : arg, 1)) {
+			error("%s line %d: Bad key types '%s'.",
+			    filename, linenum, arg ? arg : "<NONE>");
+			goto out;
+		}
 		if (*activep && *charptr == NULL)
 			*charptr = xstrdup(arg);
 		break;
 
 	case oCASignatureAlgorithms:
 		charptr = &options->ca_sign_algorithms;
-		goto parse_keytypes;
+		goto parse_pubkey_algos;
 
 	case oLogLevel:
 		log_level_ptr = &options->log_level;
-		arg = strdelim(&s);
+		arg = argv_next(&ac, &av);
 		value = log_level_number(arg);
-		if (value == SYSLOG_LEVEL_NOT_SET)
-			fatal("%.200s line %d: unsupported log level '%s'",
+		if (value == SYSLOG_LEVEL_NOT_SET) {
+			error("%.200s line %d: unsupported log level '%s'",
 			    filename, linenum, arg ? arg : "<NONE>");
+			goto out;
+		}
 		if (*activep && *log_level_ptr == SYSLOG_LEVEL_NOT_SET)
 			*log_level_ptr = (LogLevel) value;
 		break;
 
 	case oLogFacility:
 		log_facility_ptr = &options->log_facility;
-		arg = strdelim(&s);
+		arg = argv_next(&ac, &av);
 		value = log_facility_number(arg);
-		if (value == SYSLOG_FACILITY_NOT_SET)
-			fatal("%.200s line %d: unsupported log facility '%s'",
+		if (value == SYSLOG_FACILITY_NOT_SET) {
+			error("%.200s line %d: unsupported log facility '%s'",
 			    filename, linenum, arg ? arg : "<NONE>");
+			goto out;
+		}
 		if (*log_facility_ptr == -1)
 			*log_facility_ptr = (SyslogFacility) value;
 		break;
 
+	case oLogVerbose:
+		cppptr = &options->log_verbose;
+		uintptr = &options->num_log_verbose;
+		i = 0;
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0') {
+				error("%s line %d: keyword %s empty argument",
+				    filename, linenum, keyword);
+				goto out;
+			}
+			/* Allow "none" only in first position */
+			if (strcasecmp(arg, "none") == 0) {
+				if (i > 0 || ac > 0) {
+					error("%s line %d: keyword %s \"none\" "
+					    "argument must appear alone.",
+					    filename, linenum, keyword);
+					goto out;
+				}
+			}
+			i++;
+			if (*activep && *uintptr == 0) {
+				*cppptr = xrecallocarray(*cppptr, *uintptr,
+				    *uintptr + 1, sizeof(**cppptr));
+				(*cppptr)[(*uintptr)++] = xstrdup(arg);
+			}
+		}
+		break;
+
 	case oLocalForward:
 	case oRemoteForward:
 	case oDynamicForward:
-		arg = strdelim(&s);
-		if (arg == NULL || *arg == '\0')
-			fatal("%.200s line %d: Missing port argument.",
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
 			    filename, linenum);
+			goto out;
+		}
 
 		remotefwd = (opcode == oRemoteForward);
 		dynamicfwd = (opcode == oDynamicForward);
 
 		if (!dynamicfwd) {
-			arg2 = strdelim(&s);
+			arg2 = argv_next(&ac, &av);
 			if (arg2 == NULL || *arg2 == '\0') {
 				if (remotefwd)
 					dynamicfwd = 1;
-				else
-					fatal("%.200s line %d: Missing target "
+				else {
+					error("%.200s line %d: Missing target "
 					    "argument.", filename, linenum);
+					goto out;
+				}
 			} else {
 				/* construct a string for parse_forward */
 				snprintf(fwdarg, sizeof(fwdarg), "%s:%s", arg,
@@ -1373,9 +1541,11 @@
 		if (dynamicfwd)
 			strlcpy(fwdarg, arg, sizeof(fwdarg));
 
-		if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0)
-			fatal("%.200s line %d: Bad forwarding specification.",
+		if (parse_forward(&fwd, fwdarg, dynamicfwd, remotefwd) == 0) {
+			error("%.200s line %d: Bad forwarding specification.",
 			    filename, linenum);
+			goto out;
+		}
 
 		if (*activep) {
 			if (remotefwd) {
@@ -1386,19 +1556,73 @@
 		}
 		break;
 
+	case oPermitRemoteOpen:
+		uintptr = &options->num_permitted_remote_opens;
+		cppptr = &options->permitted_remote_opens;
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0')
+			fatal("%s line %d: missing %s specification",
+			    filename, linenum, lookup_opcode_name(opcode));
+		uvalue = *uintptr;	/* modified later */
+		if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
+			if (*activep && uvalue == 0) {
+				*uintptr = 1;
+				*cppptr = xcalloc(1, sizeof(**cppptr));
+				(*cppptr)[0] = xstrdup(arg);
+			}
+			break;
+		}
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			arg2 = xstrdup(arg);
+			ch = '\0';
+			p = hpdelim2(&arg, &ch);
+			if (p == NULL || ch == '/') {
+				fatal("%s line %d: missing host in %s",
+				    filename, linenum,
+				    lookup_opcode_name(opcode));
+			}
+			p = cleanhostname(p);
+			/*
+			 * don't want to use permitopen_port to avoid
+			 * dependency on channels.[ch] here.
+			 */
+			if (arg == NULL ||
+			    (strcmp(arg, "*") != 0 && a2port(arg) <= 0)) {
+				fatal("%s line %d: bad port number in %s",
+				    filename, linenum,
+				    lookup_opcode_name(opcode));
+			}
+			if (*activep && uvalue == 0) {
+				opt_array_append(filename, linenum,
+				    lookup_opcode_name(opcode),
+				    cppptr, uintptr, arg2);
+			}
+			free(arg2);
+		}
+		break;
+
 	case oClearAllForwardings:
 		intptr = &options->clear_forwardings;
 		goto parse_flag;
 
 	case oHost:
-		if (cmdline)
-			fatal("Host directive not supported as a command-line "
+		if (cmdline) {
+			error("Host directive not supported as a command-line "
 			    "option");
+			goto out;
+		}
 		*activep = 0;
 		arg2 = NULL;
-		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
-			if ((flags & SSHCONF_NEVERMATCH) != 0)
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0') {
+				error("%s line %d: keyword %s empty argument",
+				    filename, linenum, keyword);
+				goto out;
+			}
+			if ((flags & SSHCONF_NEVERMATCH) != 0) {
+				argv_consume(&ac);
 				break;
+			}
 			negated = *arg == '!';
 			if (negated)
 				arg++;
@@ -1409,6 +1633,7 @@
 					    "for %.100s", filename, linenum,
 					    arg);
 					*activep = 0;
+					argv_consume(&ac);
 					break;
 				}
 				if (!*activep)
@@ -1419,27 +1644,40 @@
 		if (*activep)
 			debug("%.200s line %d: Applying options for %.100s",
 			    filename, linenum, arg2);
-		/* Avoid garbage check below, as strdelim is done. */
-		return 0;
+		break;
 
 	case oMatch:
-		if (cmdline)
-			fatal("Host directive not supported as a command-line "
+		if (cmdline) {
+			error("Host directive not supported as a command-line "
 			    "option");
-		value = match_cfg_line(options, &s, pw, host, original_host,
+			goto out;
+		}
+		value = match_cfg_line(options, &str, pw, host, original_host,
 		    flags & SSHCONF_FINAL, want_final_pass,
 		    filename, linenum);
-		if (value < 0)
-			fatal("%.200s line %d: Bad Match condition", filename,
+		if (value < 0) {
+			error("%.200s line %d: Bad Match condition", filename,
 			    linenum);
+			goto out;
+		}
 		*activep = (flags & SSHCONF_NEVERMATCH) ? 0 : value;
+		/*
+		 * If match_cfg_line() didn't consume all its arguments then
+		 * arrange for the extra arguments check below to fail.
+		 */
+
+		if (str == NULL || *str == '\0')
+			argv_consume(&ac);
 		break;
 
 	case oEscapeChar:
 		intptr = &options->escape_char;
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
+			    filename, linenum);
+			goto out;
+		}
 		if (strcmp(arg, "none") == 0)
 			value = SSH_ESCAPECHAR_NONE;
 		else if (arg[1] == '\0')
@@ -1448,10 +1686,9 @@
 		    (u_char) arg[1] >= 64 && (u_char) arg[1] < 128)
 			value = (u_char) arg[1] & 31;
 		else {
-			fatal("%.200s line %d: Bad escape character.",
+			error("%.200s line %d: Bad escape character.",
 			    filename, linenum);
-			/* NOTREACHED */
-			value = 0;	/* Avoid compiler warning. */
+			goto out;
 		}
 		if (*activep && *intptr == -1)
 			*intptr = value;
@@ -1479,10 +1716,12 @@
 		goto parse_int;
 
 	case oSendEnv:
-		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
-			if (strchr(arg, '=') != NULL)
-				fatal("%s line %d: Invalid environment name.",
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0' || strchr(arg, '=') != NULL) {
+				error("%s line %d: Invalid environment name.",
 				    filename, linenum);
+				goto out;
+			}
 			if (!*activep)
 				continue;
 			if (*arg == '-') {
@@ -1491,9 +1730,11 @@
 				continue;
 			} else {
 				/* Adding an env var */
-				if (options->num_send_env >= INT_MAX)
-					fatal("%s line %d: too many send env.",
+				if (options->num_send_env >= INT_MAX) {
+					error("%s line %d: too many send env.",
 					    filename, linenum);
+					goto out;
+				}
 				options->send_env = xrecallocarray(
 				    options->send_env, options->num_send_env,
 				    options->num_send_env + 1,
@@ -1506,16 +1747,20 @@
 
 	case oSetEnv:
 		value = options->num_setenv;
-		while ((arg = strdelimw(&s)) != NULL && *arg != '\0') {
-			if (strchr(arg, '=') == NULL)
-				fatal("%s line %d: Invalid SetEnv.",
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (strchr(arg, '=') == NULL) {
+				error("%s line %d: Invalid SetEnv.",
 				    filename, linenum);
+				goto out;
+			}
 			if (!*activep || value != 0)
 				continue;
 			/* Adding a setenv var */
-			if (options->num_setenv >= INT_MAX)
-				fatal("%s line %d: too many SetEnv.",
+			if (options->num_setenv >= INT_MAX) {
+				error("%s line %d: too many SetEnv.",
 				    filename, linenum);
+				goto out;
+			}
 			options->setenv = xrecallocarray(
 			    options->setenv, options->num_setenv,
 			    options->num_setenv + 1, sizeof(*options->setenv));
@@ -1535,10 +1780,12 @@
 	case oControlPersist:
 		/* no/false/yes/true, or a time spec */
 		intptr = &options->control_persist;
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing ControlPersist"
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing ControlPersist"
 			    " argument.", filename, linenum);
+			goto out;
+		}
 		value = 0;
 		value2 = 0;	/* timeout */
 		if (strcmp(arg, "no") == 0 || strcmp(arg, "false") == 0)
@@ -1547,9 +1794,11 @@
 			value = 1;
 		else if ((value2 = convtime(arg)) >= 0)
 			value = 1;
-		else
-			fatal("%.200s line %d: Bad ControlPersist argument.",
+		else {
+			error("%.200s line %d: Bad ControlPersist argument.",
 			    filename, linenum);
+			goto out;
+		}
 		if (*activep && *intptr == -1) {
 			*intptr = value;
 			options->control_persist_timeout = value2;
@@ -1566,13 +1815,19 @@
 		goto parse_multistate;
 
 	case oTunnelDevice:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename, linenum);
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
+			    filename, linenum);
+			goto out;
+		}
 		value = a2tun(arg, &value2);
-		if (value == SSH_TUNID_ERR)
-			fatal("%.200s line %d: Bad tun device.", filename, linenum);
-		if (*activep) {
+		if (value == SSH_TUNID_ERR) {
+			error("%.200s line %d: Bad tun device.",
+			    filename, linenum);
+			goto out;
+		}
+		if (*activep && options->tun_local == -1) {
 			options->tun_local = value;
 			options->tun_remote = value2;
 		}
@@ -1595,11 +1850,18 @@
 		goto parse_flag;
 
 	case oInclude:
-		if (cmdline)
-			fatal("Include directive not supported as a "
+		if (cmdline) {
+			error("Include directive not supported as a "
 			    "command-line option");
+			goto out;
+		}
 		value = 0;
-		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0') {
+				error("%s line %d: keyword %s empty argument",
+				    filename, linenum, keyword);
+				goto out;
+			}
 			/*
 			 * Ensure all paths are anchored. User configuration
 			 * files may begin with '~/' but system configurations
@@ -1607,9 +1869,11 @@
 			 * as living in ~/.ssh for user configurations or
 			 * /etc/ssh for system ones.
 			 */
-			if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0)
-				fatal("%.200s line %d: bad include path %s.",
+			if (*arg == '~' && (flags & SSHCONF_USERCONF) == 0) {
+				error("%.200s line %d: bad include path %s.",
 				    filename, linenum, arg);
+				goto out;
+			}
 			if (!path_absolute(arg) && *arg != '~') {
 				xasprintf(&arg2, "%s/%s",
 				    (flags & SSHCONF_USERCONF) ?
@@ -1623,9 +1887,11 @@
 				    "files",filename, linenum, arg2);
 				free(arg2);
 				continue;
-			} else if (r != 0)
-				fatal("%.200s line %d: glob failed for %s.",
+			} else if (r != 0) {
+				error("%.200s line %d: glob failed for %s.",
 				    filename, linenum, arg2);
+				goto out;
+			}
 			free(arg2);
 			oactive = *activep;
 			for (i = 0; i < gl.gl_pathc; i++) {
@@ -1639,9 +1905,11 @@
 				    (oactive ? 0 : SSHCONF_NEVERMATCH),
 				    activep, want_final_pass, depth + 1);
 				if (r != 1 && errno != ENOENT) {
-					fatal("Can't open user config file "
+					error("Can't open user config file "
 					    "%.100s: %.100s", gl.gl_pathv[i],
 					    strerror(errno));
+					globfree(&gl);
+					goto out;
 				}
 				/*
 				 * don't let Match in includes clobber the
@@ -1654,21 +1922,25 @@
 			globfree(&gl);
 		}
 		if (value != 0)
-			return value;
+			ret = value;
 		break;
 
 	case oIPQoS:
-		arg = strdelim(&s);
-		if ((value = parse_ipqos(arg)) == -1)
-			fatal("%s line %d: Bad IPQoS value: %s",
+		arg = argv_next(&ac, &av);
+		if ((value = parse_ipqos(arg)) == -1) {
+			error("%s line %d: Bad IPQoS value: %s",
 			    filename, linenum, arg);
-		arg = strdelim(&s);
+			goto out;
+		}
+		arg = argv_next(&ac, &av);
 		if (arg == NULL)
 			value2 = value;
-		else if ((value2 = parse_ipqos(arg)) == -1)
-			fatal("%s line %d: Bad IPQoS value: %s",
+		else if ((value2 = parse_ipqos(arg)) == -1) {
+			error("%s line %d: Bad IPQoS value: %s",
 			    filename, linenum, arg);
-		if (*activep) {
+			goto out;
+		}
+		if (*activep && options->ip_qos_interactive == -1) {
 			options->ip_qos_interactive = value;
 			options->ip_qos_bulk = value2;
 		}
@@ -1679,6 +1951,19 @@
 		multistate_ptr = multistate_requesttty;
 		goto parse_multistate;
 
+	case oSessionType:
+		intptr = &options->session_type;
+		multistate_ptr = multistate_sessiontype;
+		goto parse_multistate;
+
+	case oStdinNull:
+		intptr = &options->stdin_null;
+		goto parse_flag;
+
+	case oForkAfterAuthentication:
+		intptr = &options->fork_after_authentication;
+		goto parse_flag;
+
 	case oIgnoreUnknown:
 		charptr = &options->ignored_unknown;
 		goto parse_string;
@@ -1689,16 +1974,36 @@
 
 	case oCanonicalDomains:
 		value = options->num_canonical_domains != 0;
-		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
+		i = 0;
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0') {
+				error("%s line %d: keyword %s empty argument",
+				    filename, linenum, keyword);
+				goto out;
+			}
+			/* Allow "none" only in first position */
+			if (strcasecmp(arg, "none") == 0) {
+				if (i > 0 || ac > 0) {
+					error("%s line %d: keyword %s \"none\" "
+					    "argument must appear alone.",
+					    filename, linenum, keyword);
+					goto out;
+				}
+			}
+			i++;
 			if (!valid_domain(arg, 1, &errstr)) {
-				fatal("%s line %d: %s", filename, linenum,
+				error("%s line %d: %s", filename, linenum,
 				    errstr);
+				goto out;
 			}
 			if (!*activep || value)
 				continue;
-			if (options->num_canonical_domains >= MAX_CANON_DOMAINS)
-				fatal("%s line %d: too many hostname suffixes.",
+			if (options->num_canonical_domains >=
+			    MAX_CANON_DOMAINS) {
+				error("%s line %d: too many hostname suffixes.",
 				    filename, linenum);
+				goto out;
+			}
 			options->canonical_domains[
 			    options->num_canonical_domains++] = xstrdup(arg);
 		}
@@ -1706,26 +2011,43 @@
 
 	case oCanonicalizePermittedCNAMEs:
 		value = options->num_permitted_cnames != 0;
-		while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
-			/* Either '*' for everything or 'list:list' */
-			if (strcmp(arg, "*") == 0)
+		i = 0;
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			/*
+			 * Either 'none' (only in first position), '*' for
+			 * everything or 'list:list'
+			 */
+			if (strcasecmp(arg, "none") == 0) {
+				if (i > 0 || ac > 0) {
+					error("%s line %d: keyword %s \"none\" "
+					    "argument must appear alone.",
+					    filename, linenum, keyword);
+					goto out;
+				}
+				arg2 = "";
+			} else if (strcmp(arg, "*") == 0) {
 				arg2 = arg;
-			else {
+			} else {
 				lowercase(arg);
 				if ((arg2 = strchr(arg, ':')) == NULL ||
 				    arg2[1] == '\0') {
-					fatal("%s line %d: "
+					error("%s line %d: "
 					    "Invalid permitted CNAME \"%s\"",
 					    filename, linenum, arg);
+					goto out;
 				}
 				*arg2 = '\0';
 				arg2++;
 			}
+			i++;
 			if (!*activep || value)
 				continue;
-			if (options->num_permitted_cnames >= MAX_CANON_DOMAINS)
-				fatal("%s line %d: too many permitted CNAMEs.",
+			if (options->num_permitted_cnames >=
+			    MAX_CANON_DOMAINS) {
+				error("%s line %d: too many permitted CNAMEs.",
 				    filename, linenum);
+				goto out;
+			}
 			cname = options->permitted_cnames +
 			    options->num_permitted_cnames++;
 			cname->source_list = xstrdup(arg);
@@ -1747,13 +2069,18 @@
 		goto parse_flag;
 
 	case oStreamLocalBindMask:
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing StreamLocalBindMask argument.", filename, linenum);
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing StreamLocalBindMask "
+			    "argument.", filename, linenum);
+			goto out;
+		}
 		/* Parse mode in octal format */
 		value = strtol(arg, &endofnumber, 8);
-		if (arg == endofnumber || value < 0 || value > 0777)
-			fatal("%.200s line %d: Bad mask.", filename, linenum);
+		if (arg == endofnumber || value < 0 || value > 0777) {
+			error("%.200s line %d: Bad mask.", filename, linenum);
+			goto out;
+		}
 		options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
 		break;
 
@@ -1767,13 +2094,17 @@
 
 	case oFingerprintHash:
 		intptr = &options->fingerprint_hash;
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
 			    filename, linenum);
-		if ((value = ssh_digest_alg_by_name(arg)) == -1)
-			fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
+			goto out;
+		}
+		if ((value = ssh_digest_alg_by_name(arg)) == -1) {
+			error("%.200s line %d: Invalid hash algorithm \"%s\".",
 			    filename, linenum, arg);
+			goto out;
+		}
 		if (*activep && *intptr == -1)
 			*intptr = value;
 		break;
@@ -1783,30 +2114,69 @@
 		multistate_ptr = multistate_yesnoask;
 		goto parse_multistate;
 
-	case oHostbasedKeyTypes:
-		charptr = &options->hostbased_key_types;
-		goto parse_keytypes;
+	case oHostbasedAcceptedAlgorithms:
+		charptr = &options->hostbased_accepted_algos;
+		goto parse_pubkey_algos;
 
-	case oPubkeyAcceptedKeyTypes:
-		charptr = &options->pubkey_key_types;
-		goto parse_keytypes;
+	case oPubkeyAcceptedAlgorithms:
+		charptr = &options->pubkey_accepted_algos;
+		goto parse_pubkey_algos;
 
 	case oAddKeysToAgent:
-		intptr = &options->add_keys_to_agent;
-		multistate_ptr = multistate_yesnoaskconfirm;
-		goto parse_multistate;
+		arg = argv_next(&ac, &av);
+		arg2 = argv_next(&ac, &av);
+		value = parse_multistate_value(arg, filename, linenum,
+		    multistate_yesnoaskconfirm);
+		value2 = 0; /* unlimited lifespan by default */
+		if (value == 3 && arg2 != NULL) {
+			/* allow "AddKeysToAgent confirm 5m" */
+			if ((value2 = convtime(arg2)) == -1 ||
+			    value2 > INT_MAX) {
+				error("%s line %d: invalid time value.",
+				    filename, linenum);
+				goto out;
+			}
+		} else if (value == -1 && arg2 == NULL) {
+			if ((value2 = convtime(arg)) == -1 ||
+			    value2 > INT_MAX) {
+				error("%s line %d: unsupported option",
+				    filename, linenum);
+				goto out;
+			}
+			value = 1; /* yes */
+		} else if (value == -1 || arg2 != NULL) {
+			error("%s line %d: unsupported option",
+			    filename, linenum);
+			goto out;
+		}
+		if (*activep && options->add_keys_to_agent == -1) {
+			options->add_keys_to_agent = value;
+			options->add_keys_to_agent_lifespan = value2;
+		}
+		break;
 
 	case oIdentityAgent:
 		charptr = &options->identity_agent;
-		arg = strdelim(&s);
-		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			error("%.200s line %d: Missing argument.",
 			    filename, linenum);
+			goto out;
+		}
   parse_agent_path:
 		/* Extra validation if the string represents an env var. */
-		if (arg[0] == '$' && !valid_env_name(arg + 1)) {
-			fatal("%.200s line %d: Invalid environment name %s.",
+		if ((arg2 = dollar_expand(&r, arg)) == NULL || r) {
+			error("%.200s line %d: Invalid environment expansion "
+			    "%s.", filename, linenum, arg);
+			goto out;
+		}
+		free(arg2);
+		/* check for legacy environment format */
+		if (arg[0] == '$' && arg[1] != '{' &&
+		    !valid_env_name(arg + 1)) {
+			error("%.200s line %d: Invalid environment name %s.",
 			    filename, linenum, arg);
+			goto out;
 		}
 		if (*activep && *charptr == NULL)
 			*charptr = xstrdup(arg);
@@ -1815,23 +2185,33 @@
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
-		return 0;
+		argv_consume(&ac);
+		break;
 
 	case oUnsupported:
 		error("%s line %d: Unsupported option \"%s\"",
 		    filename, linenum, keyword);
-		return 0;
+		argv_consume(&ac);
+		break;
 
 	default:
-		fatal("%s: Unimplemented opcode %d", __func__, opcode);
+		error("%s line %d: Unimplemented opcode %d",
+		    filename, linenum, opcode);
+		goto out;
 	}
 
 	/* Check that there is no garbage at end of line. */
-	if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
-		fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
-		    filename, linenum, arg);
+	if (ac > 0) {
+		error("%.200s line %d: keyword %s extra arguments "
+		    "at end of line", filename, linenum, keyword);
+		goto out;
 	}
-	return 0;
+
+	/* success */
+	ret = 0;
+ out:
+	argv_free(oav, oac);
+	return ret;
 }
 
 /*
@@ -1888,6 +2268,11 @@
 	while (getline(&line, &linesize, f) != -1) {
 		/* Update line number counter. */
 		linenum++;
+		/*
+		 * Trim out comments and strip whitespace.
+		 * NB - preserve newlines, they are needed to reproduce
+		 * line numbers later for error messages.
+		 */
 		if (process_config_line_depth(options, pw, host, original_host,
 		    line, filename, linenum, activep, flags, want_final_pass,
 		    depth) != 0)
@@ -1909,6 +2294,20 @@
 }
 
 /*
+ * Returns 1 if CanonicalizePermittedCNAMEs have been specified, 0 otherwise.
+ * Allowed to be called on non-final configuration.
+ */
+int
+config_has_permitted_cnames(Options *options)
+{
+	if (options->num_permitted_cnames == 1 &&
+	    strcasecmp(options->permitted_cnames[0].source_list, "none") == 0 &&
+	    strcmp(options->permitted_cnames[0].target_list, "") == 0)
+		return 0;
+	return options->num_permitted_cnames > 0;
+}
+
+/*
  * Initializes options to special values that indicate that they have not yet
  * been set.  Read_config_file will only set options with this value. Options
  * are processed in the following order: command line, user config file,
@@ -1933,7 +2332,6 @@
 	options->fwd_opts.streamlocal_bind_mask = (mode_t)-1;
 	options->fwd_opts.streamlocal_bind_unlink = -1;
 	options->pubkey_authentication = -1;
-	options->challenge_response_authentication = -1;
 	options->gss_authentication = -1;
 	options->gss_deleg_creds = -1;
 	options->password_authentication = -1;
@@ -1956,7 +2354,9 @@
 	options->hostkeyalgorithms = NULL;
 	options->ca_sign_algorithms = NULL;
 	options->num_identity_files = 0;
+	memset(options->identity_keys, 0, sizeof(options->identity_keys));
 	options->num_certificate_files = 0;
+	memset(options->certificates, 0, sizeof(options->certificates));
 	options->hostname = NULL;
 	options->host_key_alias = NULL;
 	options->proxy_command = NULL;
@@ -1972,8 +2372,12 @@
 	options->num_local_forwards = 0;
 	options->remote_forwards = NULL;
 	options->num_remote_forwards = 0;
+	options->permitted_remote_opens = NULL;
+	options->num_permitted_remote_opens = 0;
 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
 	options->log_level = SYSLOG_LEVEL_NOT_SET;
+	options->num_log_verbose = 0;
+	options->log_verbose = NULL;
 	options->preferred_authentications = NULL;
 	options->bind_address = NULL;
 	options->bind_interface = NULL;
@@ -2003,11 +2407,15 @@
 	options->permit_local_command = -1;
 	options->remote_command = NULL;
 	options->add_keys_to_agent = -1;
+	options->add_keys_to_agent_lifespan = -1;
 	options->identity_agent = NULL;
 	options->visual_host_key = -1;
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
 	options->request_tty = -1;
+	options->session_type = -1;
+	options->stdin_null = -1;
+	options->fork_after_authentication = -1;
 	options->proxy_use_fdpass = -1;
 	options->ignored_unknown = NULL;
 	options->num_canonical_domains = 0;
@@ -2018,8 +2426,9 @@
 	options->revoked_host_keys = NULL;
 	options->fingerprint_hash = -1;
 	options->update_hostkeys = -1;
-	options->hostbased_key_types = NULL;
-	options->pubkey_key_types = NULL;
+	options->hostbased_accepted_algos = NULL;
+	options->pubkey_accepted_algos = NULL;
+	options->known_hosts_command = NULL;
 }
 
 /*
@@ -2041,12 +2450,12 @@
  * Called after processing other sources of option data, this fills those
  * options for which no value has been specified with their default values.
  */
-void
+int
 fill_default_options(Options * options)
 {
 	char *all_cipher, *all_mac, *all_kex, *all_key, *all_sig;
 	char *def_cipher, *def_mac, *def_kex, *def_key, *def_sig;
-	int r;
+	int ret = 0, r;
 
 	if (options->forward_agent == -1)
 		options->forward_agent = 0;
@@ -2070,7 +2479,7 @@
 		clear_forwardings(options);
 
 	if (options->xauth_location == NULL)
-		options->xauth_location = _PATH_XAUTH;
+		options->xauth_location = xstrdup(_PATH_XAUTH);
 	if (options->fwd_opts.gateway_ports == -1)
 		options->fwd_opts.gateway_ports = 0;
 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
@@ -2079,8 +2488,6 @@
 		options->fwd_opts.streamlocal_bind_unlink = 0;
 	if (options->pubkey_authentication == -1)
 		options->pubkey_authentication = 1;
-	if (options->challenge_response_authentication == -1)
-		options->challenge_response_authentication = 1;
 	if (options->gss_authentication == -1)
 		options->gss_authentication = 0;
 	if (options->gss_deleg_creds == -1)
@@ -2094,7 +2501,7 @@
 	if (options->batch_mode == -1)
 		options->batch_mode = 0;
 	if (options->check_host_ip == -1)
-		options->check_host_ip = 1;
+		options->check_host_ip = 0;
 	if (options->strict_host_key_checking == -1)
 		options->strict_host_key_checking = SSH_STRICT_HOSTKEY_ASK;
 	if (options->compression == -1)
@@ -2110,8 +2517,10 @@
 	if (options->number_of_password_prompts == -1)
 		options->number_of_password_prompts = 3;
 	/* options->hostkeyalgorithms, default set in myproposals.h */
-	if (options->add_keys_to_agent == -1)
+	if (options->add_keys_to_agent == -1) {
 		options->add_keys_to_agent = 0;
+		options->add_keys_to_agent_lifespan = 0;
+	}
 	if (options->num_identity_files == 0) {
 		add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_RSA, 0);
 		add_identity_file(options, "~/", _PATH_SSH_CLIENT_ID_DSA, 0);
@@ -2134,8 +2543,15 @@
 		options->system_hostfiles[options->num_system_hostfiles++] =
 		    xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
 	}
-	if (options->update_hostkeys == -1)
+	if (options->update_hostkeys == -1) {
+		if (options->verify_host_key_dns <= 0 &&
+		    (options->num_user_hostfiles == 0 ||
+		    (options->num_user_hostfiles == 1 && strcmp(options->
+		    user_hostfiles[0], _PATH_SSH_USER_HOSTFILE) == 0)))
+			options->update_hostkeys = SSH_UPDATE_HOSTKEYS_YES;
+		else
 			options->update_hostkeys = SSH_UPDATE_HOSTKEYS_NO;
+	}
 	if (options->num_user_hostfiles == 0) {
 		options->user_hostfiles[options->num_user_hostfiles++] =
 		    xstrdup(_PATH_SSH_USER_HOSTFILE);
@@ -2186,6 +2602,12 @@
 		options->ip_qos_bulk = IPTOS_DSCP_CS1;
 	if (options->request_tty == -1)
 		options->request_tty = REQUEST_TTY_AUTO;
+	if (options->session_type == -1)
+		options->session_type = SESSION_TYPE_DEFAULT;
+	if (options->stdin_null == -1)
+		options->stdin_null = 0;
+	if (options->fork_after_authentication == -1)
+		options->fork_after_authentication = 0;
 	if (options->proxy_use_fdpass == -1)
 		options->proxy_use_fdpass = 0;
 	if (options->canonicalize_max_dots == -1)
@@ -2211,34 +2633,26 @@
 	all_key = sshkey_alg_list(0, 0, 1, ',');
 	all_sig = sshkey_alg_list(0, 1, 1, ',');
 	/* remove unsupported algos from default lists */
-	def_cipher = match_filter_whitelist(KEX_CLIENT_ENCRYPT, all_cipher);
-	def_mac = match_filter_whitelist(KEX_CLIENT_MAC, all_mac);
-	def_kex = match_filter_whitelist(KEX_CLIENT_KEX, all_kex);
-	def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key);
-	def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig);
+	def_cipher = match_filter_allowlist(KEX_CLIENT_ENCRYPT, all_cipher);
+	def_mac = match_filter_allowlist(KEX_CLIENT_MAC, all_mac);
+	def_kex = match_filter_allowlist(KEX_CLIENT_KEX, all_kex);
+	def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
+	def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig);
 #define ASSEMBLE(what, defaults, all) \
 	do { \
 		if ((r = kex_assemble_names(&options->what, \
-		    defaults, all)) != 0) \
-			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
+		    defaults, all)) != 0) { \
+			error_fr(r, "%s", #what); \
+			goto fail; \
+		} \
 	} while (0)
 	ASSEMBLE(ciphers, def_cipher, all_cipher);
 	ASSEMBLE(macs, def_mac, all_mac);
 	ASSEMBLE(kex_algorithms, def_kex, all_kex);
-	ASSEMBLE(hostbased_key_types, def_key, all_key);
-	ASSEMBLE(pubkey_key_types, def_key, all_key);
+	ASSEMBLE(hostbased_accepted_algos, def_key, all_key);
+	ASSEMBLE(pubkey_accepted_algos, def_key, all_key);
 	ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
 #undef ASSEMBLE
-	free(all_cipher);
-	free(all_mac);
-	free(all_kex);
-	free(all_key);
-	free(all_sig);
-	free(def_cipher);
-	free(def_mac);
-	free(def_kex);
-	kex_default_pk_alg_filtered = def_key; /* save for later use */
-	free(def_sig);
 
 #define CLEAR_ON_NONE(v) \
 	do { \
@@ -2254,17 +2668,124 @@
 	CLEAR_ON_NONE(options->revoked_host_keys);
 	CLEAR_ON_NONE(options->pkcs11_provider);
 	CLEAR_ON_NONE(options->sk_provider);
+	CLEAR_ON_NONE(options->known_hosts_command);
 	if (options->jump_host != NULL &&
 	    strcmp(options->jump_host, "none") == 0 &&
 	    options->jump_port == 0 && options->jump_user == NULL) {
 		free(options->jump_host);
 		options->jump_host = NULL;
 	}
+	if (options->num_permitted_cnames == 1 &&
+	    !config_has_permitted_cnames(options)) {
+		/* clean up CanonicalizePermittedCNAMEs=none */
+		free(options->permitted_cnames[0].source_list);
+		free(options->permitted_cnames[0].target_list);
+		memset(options->permitted_cnames, '\0',
+		    sizeof(*options->permitted_cnames));
+		options->num_permitted_cnames = 0;
+	}
 	/* options->identity_agent distinguishes NULL from 'none' */
 	/* options->user will be set in the main program if appropriate */
 	/* options->hostname will be set in the main program if appropriate */
 	/* options->host_key_alias should not be set by default */
 	/* options->preferred_authentications will be set in ssh */
+
+	/* success */
+	ret = 0;
+ fail:
+	free(all_cipher);
+	free(all_mac);
+	free(all_kex);
+	free(all_key);
+	free(all_sig);
+	free(def_cipher);
+	free(def_mac);
+	free(def_kex);
+	free(def_key);
+	free(def_sig);
+	return ret;
+}
+
+void
+free_options(Options *o)
+{
+	int i;
+
+	if (o == NULL)
+		return;
+
+#define FREE_ARRAY(type, n, a) \
+	do { \
+		type _i; \
+		for (_i = 0; _i < (n); _i++) \
+			free((a)[_i]); \
+	} while (0)
+
+	free(o->forward_agent_sock_path);
+	free(o->xauth_location);
+	FREE_ARRAY(u_int, o->num_log_verbose, o->log_verbose);
+	free(o->log_verbose);
+	free(o->ciphers);
+	free(o->macs);
+	free(o->hostkeyalgorithms);
+	free(o->kex_algorithms);
+	free(o->ca_sign_algorithms);
+	free(o->hostname);
+	free(o->host_key_alias);
+	free(o->proxy_command);
+	free(o->user);
+	FREE_ARRAY(u_int, o->num_system_hostfiles, o->system_hostfiles);
+	FREE_ARRAY(u_int, o->num_user_hostfiles, o->user_hostfiles);
+	free(o->preferred_authentications);
+	free(o->bind_address);
+	free(o->bind_interface);
+	free(o->pkcs11_provider);
+	free(o->sk_provider);
+	for (i = 0; i < o->num_identity_files; i++) {
+		free(o->identity_files[i]);
+		sshkey_free(o->identity_keys[i]);
+	}
+	for (i = 0; i < o->num_certificate_files; i++) {
+		free(o->certificate_files[i]);
+		sshkey_free(o->certificates[i]);
+	}
+	free(o->identity_agent);
+	for (i = 0; i < o->num_local_forwards; i++) {
+		free(o->local_forwards[i].listen_host);
+		free(o->local_forwards[i].listen_path);
+		free(o->local_forwards[i].connect_host);
+		free(o->local_forwards[i].connect_path);
+	}
+	free(o->local_forwards);
+	for (i = 0; i < o->num_remote_forwards; i++) {
+		free(o->remote_forwards[i].listen_host);
+		free(o->remote_forwards[i].listen_path);
+		free(o->remote_forwards[i].connect_host);
+		free(o->remote_forwards[i].connect_path);
+	}
+	free(o->remote_forwards);
+	free(o->stdio_forward_host);
+	FREE_ARRAY(int, o->num_send_env, o->send_env);
+	free(o->send_env);
+	FREE_ARRAY(int, o->num_setenv, o->setenv);
+	free(o->setenv);
+	free(o->control_path);
+	free(o->local_command);
+	free(o->remote_command);
+	FREE_ARRAY(int, o->num_canonical_domains, o->canonical_domains);
+	for (i = 0; i < o->num_permitted_cnames; i++) {
+		free(o->permitted_cnames[i].source_list);
+		free(o->permitted_cnames[i].target_list);
+	}
+	free(o->revoked_host_keys);
+	free(o->hostbased_accepted_algos);
+	free(o->pubkey_accepted_algos);
+	free(o->jump_user);
+	free(o->jump_host);
+	free(o->jump_extra);
+	free(o->ignored_unknown);
+	explicit_bzero(o, sizeof(*o));
+#undef FREE_ARRAY
 }
 
 struct fwdarg {
@@ -2350,12 +2871,19 @@
 {
 	struct fwdarg fwdargs[4];
 	char *p, *cp;
-	int i;
+	int i, err;
 
 	memset(fwd, 0, sizeof(*fwd));
 	memset(fwdargs, 0, sizeof(fwdargs));
 
-	cp = p = xstrdup(fwdspec);
+	/*
+	 * We expand environment variables before checking if we think they're
+	 * paths so that if ${VAR} expands to a fully qualified path it is
+	 * treated as a path.
+	 */
+	cp = p = dollar_expand(&err, fwdspec);
+	if (p == NULL || err)
+		return 0;
 
 	/* skip leading spaces */
 	while (isspace((u_char)*cp))
@@ -2451,7 +2979,10 @@
 	if (fwd->connect_host != NULL &&
 	    strlen(fwd->connect_host) >= NI_MAXHOST)
 		goto fail_free;
-	/* XXX - if connecting to a remote socket, max sun len may not match this host */
+	/*
+	 * XXX - if connecting to a remote socket, max sun len may not
+	 * match this host
+	 */
 	if (fwd->connect_path != NULL &&
 	    strlen(fwd->connect_path) >= PATH_MAX_SUN)
 		goto fail_free;
@@ -2481,11 +3012,17 @@
 {
 	char *orig, *sdup, *cp;
 	char *host = NULL, *user = NULL;
-	int ret = -1, port = -1, first;
+	int r, ret = -1, port = -1, first;
 
 	active &= o->proxy_command == NULL && o->jump_host == NULL;
 
 	orig = sdup = xstrdup(s);
+
+	/* Remove comment and trailing whitespace */
+	if ((cp = strchr(orig, '#')) != NULL)
+		*cp = '\0';
+	rtrim(orig);
+
 	first = active;
 	do {
 		if (strcasecmp(s, "none") == 0)
@@ -2497,13 +3034,15 @@
 
 		if (first) {
 			/* First argument and configuration is active */
-			if (parse_ssh_uri(cp, &user, &host, &port) == -1 ||
-			    parse_user_host_port(cp, &user, &host, &port) != 0)
+			r = parse_ssh_uri(cp, &user, &host, &port);
+			if (r == -1 || (r == 1 &&
+			    parse_user_host_port(cp, &user, &host, &port) != 0))
 				goto out;
 		} else {
 			/* Subsequent argument or inactive configuration */
-			if (parse_ssh_uri(cp, NULL, NULL, NULL) == -1 ||
-			    parse_user_host_port(cp, NULL, NULL, NULL) != 0)
+			r = parse_ssh_uri(cp, NULL, NULL, NULL);
+			if (r == -1 || (r == 1 &&
+			    parse_user_host_port(cp, NULL, NULL, NULL) != 0))
 				goto out;
 		}
 		first = 0; /* only check syntax for subsequent hosts */
@@ -2536,12 +3075,27 @@
 int
 parse_ssh_uri(const char *uri, char **userp, char **hostp, int *portp)
 {
-	char *path;
-	int r;
+	char *user = NULL, *host = NULL, *path = NULL;
+	int r, port;
 
-	r = parse_uri("ssh", uri, userp, hostp, portp, &path);
+	r = parse_uri("ssh", uri, &user, &host, &port, &path);
 	if (r == 0 && path != NULL)
 		r = -1;		/* path not allowed */
+	if (r == 0) {
+		if (userp != NULL) {
+			*userp = user;
+			user = NULL;
+		}
+		if (hostp != NULL) {
+			*hostp = host;
+			host = NULL;
+		}
+		if (portp != NULL)
+			*portp = port;
+	}
+	free(user);
+	free(host);
+	free(path);
 	return r;
 }
 
@@ -2577,6 +3131,8 @@
 		return fmt_multistate_int(val, multistate_tunnel);
 	case oRequestTTY:
 		return fmt_multistate_int(val, multistate_requesttty);
+	case oSessionType:
+		return fmt_multistate_int(val, multistate_sessiontype);
 	case oCanonicalizeHostname:
 		return fmt_multistate_int(val, multistate_canonicalizehostname);
 	case oAddKeysToAgent:
@@ -2641,6 +3197,8 @@
 	u_int i;
 
 	printf("%s", lookup_opcode_name(code));
+	if (count == 0)
+		printf(" none");
 	for (i = 0; i < count; i++)
 		printf(" %s",  vals[i]);
 	printf("\n");
@@ -2699,7 +3257,7 @@
 	all_key = sshkey_alg_list(0, 0, 1, ',');
 	if ((r = kex_assemble_names(&o->hostkeyalgorithms, kex_default_pk_alg(),
 	    all_key)) != 0)
-		fatal("%s: expand HostKeyAlgorithms: %s", __func__, ssh_err(r));
+		fatal_fr(r, "expand HostKeyAlgorithms");
 	free(all_key);
 
 	/* Most interesting options first: user, host, port */
@@ -2708,12 +3266,10 @@
 	dump_cfg_int(oPort, o->port);
 
 	/* Flag options */
-	dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent);
 	dump_cfg_fmtint(oAddressFamily, o->address_family);
 	dump_cfg_fmtint(oBatchMode, o->batch_mode);
 	dump_cfg_fmtint(oCanonicalizeFallbackLocal, o->canonicalize_fallback_local);
 	dump_cfg_fmtint(oCanonicalizeHostname, o->canonicalize_hostname);
-	dump_cfg_fmtint(oChallengeResponseAuthentication, o->challenge_response_authentication);
 	dump_cfg_fmtint(oCheckHostIP, o->check_host_ip);
 	dump_cfg_fmtint(oCompression, o->compression);
 	dump_cfg_fmtint(oControlMaster, o->control_master);
@@ -2738,6 +3294,9 @@
 	dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
 	dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
 	dump_cfg_fmtint(oRequestTTY, o->request_tty);
+	dump_cfg_fmtint(oSessionType, o->session_type);
+	dump_cfg_fmtint(oStdinNull, o->stdin_null);
+	dump_cfg_fmtint(oForkAfterAuthentication, o->fork_after_authentication);
 	dump_cfg_fmtint(oStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
 	dump_cfg_fmtint(oStrictHostKeyChecking, o->strict_host_key_checking);
 	dump_cfg_fmtint(oTCPKeepAlive, o->tcp_keep_alive);
@@ -2761,7 +3320,7 @@
 	dump_cfg_string(oControlPath, o->control_path);
 	dump_cfg_string(oHostKeyAlgorithms, o->hostkeyalgorithms);
 	dump_cfg_string(oHostKeyAlias, o->host_key_alias);
-	dump_cfg_string(oHostbasedKeyTypes, o->hostbased_key_types);
+	dump_cfg_string(oHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos);
 	dump_cfg_string(oIdentityAgent, o->identity_agent);
 	dump_cfg_string(oIgnoreUnknown, o->ignored_unknown);
 	dump_cfg_string(oKbdInteractiveDevices, o->kbd_interactive_devices);
@@ -2776,9 +3335,10 @@
 #endif
 	dump_cfg_string(oSecurityKeyProvider, o->sk_provider);
 	dump_cfg_string(oPreferredAuthentications, o->preferred_authentications);
-	dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
+	dump_cfg_string(oPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos);
 	dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
 	dump_cfg_string(oXAuthLocation, o->xauth_location);
+	dump_cfg_string(oKnownHostsCommand, o->known_hosts_command);
 
 	/* Forwards */
 	dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards);
@@ -2793,9 +3353,27 @@
 	dump_cfg_strarray_oneline(oUserKnownHostsFile, o->num_user_hostfiles, o->user_hostfiles);
 	dump_cfg_strarray(oSendEnv, o->num_send_env, o->send_env);
 	dump_cfg_strarray(oSetEnv, o->num_setenv, o->setenv);
+	dump_cfg_strarray_oneline(oLogVerbose,
+	    o->num_log_verbose, o->log_verbose);
 
 	/* Special cases */
 
+	/* PermitRemoteOpen */
+	if (o->num_permitted_remote_opens == 0)
+		printf("%s any\n", lookup_opcode_name(oPermitRemoteOpen));
+	else
+		dump_cfg_strarray_oneline(oPermitRemoteOpen,
+		    o->num_permitted_remote_opens, o->permitted_remote_opens);
+
+	/* AddKeysToAgent */
+	if (o->add_keys_to_agent_lifespan <= 0)
+		dump_cfg_fmtint(oAddKeysToAgent, o->add_keys_to_agent);
+	else {
+		printf("addkeystoagent%s %d\n",
+		    o->add_keys_to_agent == 3 ? " confirm" : "",
+		    o->add_keys_to_agent_lifespan);
+	}
+
 	/* oForwardAgent */
 	if (o->forward_agent_sock_path == NULL)
 		dump_cfg_fmtint(oForwardAgent, o->forward_agent);
@@ -2821,14 +3399,14 @@
 	printf("\n");
 
 	/* oCanonicalizePermittedCNAMEs */
-	if ( o->num_permitted_cnames > 0) {
-		printf("canonicalizePermittedcnames");
-		for (i = 0; i < o->num_permitted_cnames; i++) {
-			printf(" %s:%s", o->permitted_cnames[i].source_list,
-			    o->permitted_cnames[i].target_list);
-		}
-		printf("\n");
+	printf("canonicalizePermittedcnames");
+	if (o->num_permitted_cnames == 0)
+		printf(" none");
+	for (i = 0; i < o->num_permitted_cnames; i++) {
+		printf(" %s:%s", o->permitted_cnames[i].source_list,
+		    o->permitted_cnames[i].target_list);
 	}
+	printf("\n");
 
 	/* oControlPersist */
 	if (o->control_persist == 0 || o->control_persist_timeout == 0)

readconf.h

diff --git a/readconf.h b/readconf.h
index e143a10..f24719f 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.133 2020/04/03 02:27:12 dtucker Exp $ */
+/* $OpenBSD: readconf.h,v 1.145 2021/09/15 06:56:01 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -38,8 +38,6 @@
 	struct ForwardOptions fwd_opts;	/* forwarding options */
 	int     pubkey_authentication;	/* Try ssh2 pubkey authentication. */
 	int     hostbased_authentication;	/* ssh2's rhosts_rsa */
-	int     challenge_response_authentication;
-					/* Try S/Key or TIS, authentication. */
 	int     gss_authentication;	/* Try GSS authentication */
 	int     gss_deleg_creds;	/* Delegate GSS credentials */
 	int     password_authentication;	/* Try password
@@ -55,7 +53,8 @@
 	int	ip_qos_bulk;		/* IP ToS/DSCP/class for bulk traffic */
 	SyslogFacility log_facility;	/* Facility for system logging. */
 	LogLevel log_level;	/* Level for logging. */
-
+	u_int	num_log_verbose;	/* Verbose log overrides */
+	char   **log_verbose;
 	int     port;		/* Port to connect. */
 	int     address_family;
 	int     connection_attempts;	/* Max attempts (seconds) before
@@ -97,6 +96,7 @@
 	struct sshkey *certificates[SSH_MAX_CERTIFICATE_FILES];
 
 	int	add_keys_to_agent;
+	int	add_keys_to_agent_lifespan;
 	char   *identity_agent;		/* Optional path to ssh-agent socket */
 
 	/* Local TCP/IP forward requests. */
@@ -108,6 +108,10 @@
 	struct Forward *remote_forwards;
 	int	clear_forwardings;
 
+	/* Restrict remote dynamic forwarding */
+	char  **permitted_remote_opens;
+	u_int	num_permitted_remote_opens;
+
 	/* stdio forwarding (-W) host and port */
 	char   *stdio_forward_host;
 	int	stdio_forward_port;
@@ -142,6 +146,9 @@
 	int	visual_host_key;
 
 	int	request_tty;
+	int	session_type;
+	int	stdin_null;
+	int	fork_after_authentication;
 
 	int	proxy_use_fdpass;
 
@@ -159,14 +166,16 @@
 
 	int	 update_hostkeys; /* one of SSH_UPDATE_HOSTKEYS_* */
 
-	char   *hostbased_key_types;
-	char   *pubkey_key_types;
+	char   *hostbased_accepted_algos;
+	char   *pubkey_accepted_algos;
 
 	char   *jump_user;
 	char   *jump_host;
 	int	jump_port;
 	char   *jump_extra;
 
+	char   *known_hosts_command;
+
 	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
 }       Options;
 
@@ -185,6 +194,10 @@
 #define REQUEST_TTY_YES		2
 #define REQUEST_TTY_FORCE	3
 
+#define SESSION_TYPE_NONE	0
+#define SESSION_TYPE_SUBSYSTEM	1
+#define SESSION_TYPE_DEFAULT	2
+
 #define SSHCONF_CHECKPERM	1  /* check permissions on config file */
 #define SSHCONF_USERCONF	2  /* user provided config file not system */
 #define SSHCONF_FINAL		4  /* Final pass over config, after canon. */
@@ -203,8 +216,9 @@
 char	*ssh_connection_hash(const char *thishost, const char *host,
     const char *portstr, const char *user);
 void     initialize_options(Options *);
-void     fill_default_options(Options *);
+int      fill_default_options(Options *);
 void	 fill_default_options_for_canonicalization(Options *);
+void	 free_options(Options *o);
 int	 process_config_line(Options *, struct passwd *, const char *,
     const char *, char *, const char *, int, int *, int);
 int	 read_config_file(const char *, struct passwd *, const char *,
@@ -214,6 +228,7 @@
 int	 parse_ssh_uri(const char *, char **, char **, int *);
 int	 default_ssh_port(void);
 int	 option_clear_or_none(const char *);
+int	 config_has_permitted_cnames(Options *);
 void	 dump_client_config(Options *o, const char *host);
 
 void	 add_local_forward(Options *, const struct Forward *);

readpass.c

diff --git a/readpass.c b/readpass.c
index 974d67f..39af25c 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.61 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: readpass.c,v 1.69 2021/07/23 05:56:47 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -58,27 +58,27 @@
 	void (*osigchld)(int);
 
 	if (fflush(stdout) != 0)
-		error("%s: fflush: %s", __func__, strerror(errno));
+		error_f("fflush: %s", strerror(errno));
 	if (askpass == NULL)
 		fatal("internal error: askpass undefined");
 	if (pipe(p) == -1) {
-		error("%s: pipe: %s", __func__, strerror(errno));
+		error_f("pipe: %s", strerror(errno));
 		return NULL;
 	}
 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 	if ((pid = fork()) == -1) {
-		error("%s: fork: %s", __func__, strerror(errno));
+		error_f("fork: %s", strerror(errno));
 		ssh_signal(SIGCHLD, osigchld);
 		return NULL;
 	}
 	if (pid == 0) {
 		close(p[0]);
 		if (dup2(p[1], STDOUT_FILENO) == -1)
-			fatal("%s: dup2: %s", __func__, strerror(errno));
+			fatal_f("dup2: %s", strerror(errno));
 		if (env_hint != NULL)
 			setenv("SSH_ASKPASS_PROMPT", env_hint, 1);
 		execlp(askpass, askpass, msg, (char *)NULL);
-		fatal("%s: exec(%s): %s", __func__, askpass, strerror(errno));
+		fatal_f("exec(%s): %s", askpass, strerror(errno));
 	}
 	close(p[1]);
 
@@ -117,21 +117,36 @@
  * Reads a passphrase from /dev/tty with echo turned off/on.  Returns the
  * passphrase (allocated with xmalloc).  Exits if EOF is encountered. If
  * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no
- * tty is available
+ * tty is or askpass program is available
  */
 char *
 read_passphrase(const char *prompt, int flags)
 {
 	char cr = '\r', *askpass = NULL, *ret, buf[1024];
-	int rppflags, use_askpass = 0, ttyfd;
+	int rppflags, ttyfd, use_askpass = 0, allow_askpass = 0;
 	const char *askpass_hint = NULL;
+	const char *s;
+
+	if ((s = getenv("DISPLAY")) != NULL)
+		allow_askpass = *s != '\0';
+	if ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) != NULL) {
+		if (strcasecmp(s, "force") == 0) {
+			use_askpass = 1;
+			allow_askpass = 1;
+		} else if (strcasecmp(s, "prefer") == 0)
+			use_askpass = allow_askpass;
+		else if (strcasecmp(s, "never") == 0)
+			allow_askpass = 0;
+	}
 
 	rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
-	if (flags & RP_USE_ASKPASS)
+	if (use_askpass)
+		debug_f("requested to askpass");
+	else if (flags & RP_USE_ASKPASS)
 		use_askpass = 1;
 	else if (flags & RP_ALLOW_STDIN) {
 		if (!isatty(STDIN_FILENO)) {
-			debug("read_passphrase: stdin is not a tty");
+			debug_f("stdin is not a tty");
 			use_askpass = 1;
 		}
 	} else {
@@ -147,16 +162,16 @@
 			(void)write(ttyfd, &cr, 1);
 			close(ttyfd);
 		} else {
-			debug("read_passphrase: can't open %s: %s", _PATH_TTY,
+			debug_f("can't open %s: %s", _PATH_TTY,
 			    strerror(errno));
 			use_askpass = 1;
 		}
 	}
 
-	if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL)
+	if ((flags & RP_USE_ASKPASS) && !allow_askpass)
 		return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");
 
-	if (use_askpass && getenv("DISPLAY")) {
+	if (use_askpass && allow_askpass) {
 		if (getenv(SSH_ASKPASS_ENV))
 			askpass = getenv(SSH_ASKPASS_ENV);
 		else
@@ -207,6 +222,14 @@
 	return (allowed);
 }
 
+static void
+writemsg(const char *msg)
+{
+	(void)write(STDERR_FILENO, "\r", 1);
+	(void)write(STDERR_FILENO, msg, strlen(msg));
+	(void)write(STDERR_FILENO, "\r\n", 2);
+}
+
 struct notifier_ctx {
 	pid_t pid;
 	void (*osigchld)(int);
@@ -217,66 +240,80 @@
 {
 	va_list args;
 	char *prompt = NULL;
-	int devnull;
-	pid_t pid;
-	void (*osigchld)(int);
-	const char *askpass;
-	struct notifier_ctx *ret;
+	pid_t pid = -1;
+	void (*osigchld)(int) = NULL;
+	const char *askpass, *s;
+	struct notifier_ctx *ret = NULL;
 
 	va_start(args, fmt);
 	xvasprintf(&prompt, fmt, args);
 	va_end(args);
 
 	if (fflush(NULL) != 0)
-		error("%s: fflush: %s", __func__, strerror(errno));
+		error_f("fflush: %s", strerror(errno));
 	if (!force_askpass && isatty(STDERR_FILENO)) {
-		(void)write(STDERR_FILENO, "\r", 1);
-		(void)write(STDERR_FILENO, prompt, strlen(prompt));
-		(void)write(STDERR_FILENO, "\r\n", 2);
-		free(prompt);
-		return NULL;
+		writemsg(prompt);
+		goto out_ctx;
 	}
 	if ((askpass = getenv("SSH_ASKPASS")) == NULL)
 		askpass = _PATH_SSH_ASKPASS_DEFAULT;
-	if (getenv("DISPLAY") == NULL || *askpass == '\0') {
-		debug3("%s: cannot notify", __func__);
-		free(prompt);
-		return NULL;
+	if (*askpass == '\0') {
+		debug3_f("cannot notify: no askpass");
+		goto out;
+	}
+	if (getenv("DISPLAY") == NULL &&
+	    ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) == NULL ||
+	    strcmp(s, "force") != 0)) {
+		debug3_f("cannot notify: no display");
+		goto out;
 	}
 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 	if ((pid = fork()) == -1) {
-		error("%s: fork: %s", __func__, strerror(errno));
+		error_f("fork: %s", strerror(errno));
 		ssh_signal(SIGCHLD, osigchld);
 		free(prompt);
 		return NULL;
 	}
 	if (pid == 0) {
-		if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1)
-			fatal("%s: open %s", __func__, strerror(errno));
-		if (dup2(devnull, STDIN_FILENO) == -1 ||
-		    dup2(devnull, STDOUT_FILENO) == -1)
-			fatal("%s: dup2: %s", __func__, strerror(errno));
+		if (stdfd_devnull(1, 1, 0) == -1)
+			fatal_f("stdfd_devnull failed");
 		closefrom(STDERR_FILENO + 1);
 		setenv("SSH_ASKPASS_PROMPT", "none", 1); /* hint to UI */
 		execlp(askpass, askpass, prompt, (char *)NULL);
-		error("%s: exec(%s): %s", __func__, askpass, strerror(errno));
+		error_f("exec(%s): %s", askpass, strerror(errno));
 		_exit(1);
 		/* NOTREACHED */
 	}
+ out_ctx:
 	if ((ret = calloc(1, sizeof(*ret))) == NULL) {
 		kill(pid, SIGTERM);
-		fatal("%s: calloc failed", __func__);
+		fatal_f("calloc failed");
 	}
 	ret->pid = pid;
 	ret->osigchld = osigchld;
+ out:
 	free(prompt);
 	return ret;
 }
 
 void
-notify_complete(struct notifier_ctx *ctx)
+notify_complete(struct notifier_ctx *ctx, const char *fmt, ...)
 {
 	int ret;
+	char *msg = NULL;
+	va_list args;
+
+	if (ctx != NULL && fmt != NULL && ctx->pid == -1) {
+		/*
+		 * notify_start wrote to stderr, so send conclusion message
+		 * there too
+		*/
+		va_start(args, fmt);
+		xvasprintf(&msg, fmt, args);
+		va_end(args);
+		writemsg(msg);
+		free(msg);
+	}
 
 	if (ctx == NULL || ctx->pid <= 0) {
 		free(ctx);
@@ -288,7 +325,7 @@
 			break;
 	}
 	if (ret == -1)
-		fatal("%s: waitpid: %s", __func__, strerror(errno));
+		fatal_f("waitpid: %s", strerror(errno));
 	ssh_signal(SIGCHLD, ctx->osigchld);
 	free(ctx);
 }

regress/Makefile

diff --git a/regress/Makefile b/regress/Makefile
index 62794d2..0b5ad45 100644
--- a/regress/Makefile
+++ b/regress/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.108 2020/04/20 04:44:47 djm Exp $
+#	$OpenBSD: Makefile,v 1.117 2021/09/03 04:11:13 dtucker Exp $
 
 tests:		prep file-tests t-exec unit
 
@@ -21,11 +21,13 @@
 
 LTESTS= 	connect \
 		proxy-connect \
+		sshfp-connect \
 		connect-privsep \
 		connect-uri \
 		proto-version \
 		proto-mismatch \
 		exit-status \
+		exit-status-signal \
 		envpass \
 		transfer \
 		banner \
@@ -41,12 +43,17 @@
 		agent-getpeereid \
 		agent-timeout \
 		agent-ptrace \
+		agent-subprocess \
 		keyscan \
 		keygen-change \
+		keygen-comment \
 		keygen-convert \
+		keygen-knownhosts \
 		keygen-moduli \
+		keygen-sshfp \
 		key-options \
 		scp \
+		scp3 \
 		scp-uri \
 		sftp \
 		sftp-chroot \
@@ -83,7 +90,6 @@
 		multipubkey \
 		limit-keytype \
 		hostkey-agent \
-		keygen-knownhosts \
 		hostkey-rotate \
 		principals-command \
 		cert-file \
@@ -92,7 +98,7 @@
 		allow-deny-users \
 		authinfo \
 		sshsig \
-		keygen-comment
+		knownhosts-command
 
 
 INTEROP_TESTS=	putty-transfer putty-ciphers putty-kex conch-ciphers
@@ -113,7 +119,7 @@
 		host.ecdsa-sha2-nistp521 host.ssh-dss host.ssh-ed25519 \
 		host.ssh-rsa host_ca_key* host_krl_* host_revoked_* key.* \
 		key.dsa-* key.ecdsa-* key.ed25519-512 \
-		key.ed25519-512.pub key.rsa-* keys-command-args kh.* \
+		key.ed25519-512.pub key.rsa-* keys-command-args kh.* askpass \
 		known_hosts known_hosts-cert known_hosts.* krl-* ls.copy \
 		modpipe netcat no_identity_config \
 		pidfile putty.rsa2 ready regress.log remote_pid \
@@ -121,9 +127,9 @@
 		rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \
 		scp-ssh-wrapper.scp setuid-allowed sftp-server.log \
 		sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \
-		ssh-rsa_oldfmt \
+		ssh-rsa_oldfmt knownhosts_command \
 		ssh_config ssh_config.* ssh_proxy ssh_proxy_bak \
-		ssh_proxy_envpass sshd.log sshd_config sshd_config_minimal \
+		ssh_proxy_* sshd.log sshd_config sshd_config.* \
 		sshd_config.* sshd_proxy sshd_proxy.* sshd_proxy_bak \
 		sshd_proxy_orig t10.out t10.out.pub t12.out t12.out.pub \
 		t2.out t3.out t6.out1 t6.out2 t7.out t7.out.pub \
@@ -247,15 +253,20 @@
 		V="" ; \
 		test "x${USE_VALGRIND}" = "x" || \
 		    V=${.CURDIR}/valgrind-unit.sh ; \
-		$$V ${.OBJDIR}/unittests/sshbuf/test_sshbuf ; \
-		$$V ${.OBJDIR}/unittests/sshkey/test_sshkey \
+		 $$V ${.OBJDIR}/unittests/sshbuf/test_sshbuf ; \
+		 $$V ${.OBJDIR}/unittests/sshkey/test_sshkey \
 			-d ${.CURDIR}/unittests/sshkey/testdata ; \
+		$$V ${.OBJDIR}/unittests/sshsig/test_sshsig \
+			-d ${.CURDIR}/unittests/sshsig/testdata ; \
+		$$V ${.OBJDIR}/unittests/authopt/test_authopt \
+			-d ${.CURDIR}/unittests/authopt/testdata ; \
 		$$V ${.OBJDIR}/unittests/bitmap/test_bitmap ; \
 		$$V ${.OBJDIR}/unittests/conversion/test_conversion ; \
 		$$V ${.OBJDIR}/unittests/kex/test_kex ; \
 		$$V ${.OBJDIR}/unittests/hostkeys/test_hostkeys \
 			-d ${.CURDIR}/unittests/hostkeys/testdata ; \
 		$$V ${.OBJDIR}/unittests/match/test_match ; \
+		$$V ${.OBJDIR}/unittests/misc/test_misc ; \
 		if test "x${TEST_SSH_UTF8}" = "xyes"  ; then \
 			$$V ${.OBJDIR}/unittests/utf8/test_utf8 ; \
 		fi \

regress/addrmatch.sh

diff --git a/regress/addrmatch.sh b/regress/addrmatch.sh
index e7d29c3..26e0c99 100644
--- a/regress/addrmatch.sh
+++ b/regress/addrmatch.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: addrmatch.sh,v 1.5 2020/03/13 03:18:45 djm Exp $
+#	$OpenBSD: addrmatch.sh,v 1.6 2020/08/28 03:17:13 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="address match"
@@ -52,5 +52,17 @@
 run_trial user ::5 somehost ::2 5678 match4 "IP6 localport"
 fi
 
+#
+# Check that we catch invalid address/mask in Match Address/Localaddress
+#
+for i in 10.0.1.0/8 10.0.0.1/24 2000:aa:bb:01::/56; do
+    for a in address localaddress; do
+	verbose "test invalid Match $a $i"
+	echo "Match $a $i" > $OBJ/sshd_proxy
+	${SUDO} ${SSHD} -f $OBJ/sshd_proxy -t >/dev/null 2>&1 && \
+	    fail "accepted invalid match $a $i"
+    done
+done
+
 cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 rm $OBJ/sshd_proxy_bak

regress/agent-getpeereid.sh

diff --git a/regress/agent-getpeereid.sh b/regress/agent-getpeereid.sh
index 5243408..2874100 100644
--- a/regress/agent-getpeereid.sh
+++ b/regress/agent-getpeereid.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent-getpeereid.sh,v 1.11 2019/11/26 23:43:10 djm Exp $
+#	$OpenBSD: agent-getpeereid.sh,v 1.13 2021/09/01 00:50:27 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="disallow agent attach from other uid"
@@ -10,19 +10,15 @@
 if config_defined HAVE_GETPEEREID HAVE_GETPEERUCRED HAVE_SO_PEERCRED ; then
 	:
 else
-	echo "skipped (not supported on this platform)"
-	exit 0
+	skip "skipped (not supported on this platform)"
 fi
 case "x$SUDO" in
 	xsudo) sudo=1;;
-	xdoas) ;;
+	xdoas|xdoas\ *) ;;
 	x)
-		echo "need SUDO to switch to uid $UNPRIV"
-		echo SKIPPED
-		exit 0 ;;
+		skip "need SUDO to switch to uid $UNPRIV" ;;
 	*)
-		echo "unsupported $SUDO - "doas" and "sudo" are allowed"
-		exit 0 ;;
+		skip "unsupported $SUDO - "doas" and "sudo" are allowed" ;;
 esac
 
 trace "start agent"

regress/agent-pkcs11.sh

diff --git a/regress/agent-pkcs11.sh b/regress/agent-pkcs11.sh
index fbbaea5..268a70d 100644
--- a/regress/agent-pkcs11.sh
+++ b/regress/agent-pkcs11.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent-pkcs11.sh,v 1.7 2019/11/26 23:43:10 djm Exp $
+#	$OpenBSD: agent-pkcs11.sh,v 1.9 2021/07/25 12:13:03 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="pkcs11 agent test"
@@ -62,16 +62,16 @@
 trace "generating keys"
 RSA=${DIR}/RSA
 EC=${DIR}/EC
-openssl genpkey -algorithm rsa > $RSA
-openssl pkcs8 -nocrypt -in $RSA |\
+$OPENSSL_BIN genpkey -algorithm rsa > $RSA
+$OPENSSL_BIN pkcs8 -nocrypt -in $RSA |\
     softhsm2-util --slot "$slot" --label 01 --id 01 --pin "$TEST_SSH_PIN" --import /dev/stdin
-openssl genpkey \
+$OPENSSL_BIN genpkey \
     -genparam \
     -algorithm ec \
     -pkeyopt ec_paramgen_curve:prime256v1 |\
-    openssl genpkey \
+    $OPENSSL_BIN genpkey \
     -paramfile /dev/stdin > $EC
-openssl pkcs8 -nocrypt -in $EC |\
+$OPENSSL_BIN pkcs8 -nocrypt -in $EC |\
     softhsm2-util --slot "$slot" --label 02 --id 02 --pin "$TEST_SSH_PIN" --import /dev/stdin
 
 trace "start agent"

regress/agent-subprocess.sh

diff --git a/regress/agent-subprocess.sh b/regress/agent-subprocess.sh
new file mode 100644
index 0000000..2f36d70
--- /dev/null
+++ b/regress/agent-subprocess.sh
@@ -0,0 +1,22 @@
+#	$OpenBSD: agent-subprocess.sh,v 1.1 2020/06/19 05:07:09 dtucker Exp $
+#	Placed in the Public Domain.
+
+tid="agent subprocess"
+
+trace "ensure agent exits when run as subprocess"
+${SSHAGENT} sh -c "echo \$SSH_AGENT_PID >$OBJ/pidfile; sleep 1"
+
+pid=`cat $OBJ/pidfile`
+
+# Currently ssh-agent polls every 10s so we need to wait at least that long.
+n=12
+while kill -0 $pid >/dev/null 2>&1 && test "$n" -gt "0"; do
+	n=$(($n - 1))
+	sleep 1
+done
+
+if test "$n" -eq "0"; then
+	fail "agent still running"
+fi
+
+rm -f $OBJ/pidfile

regress/agent.sh

diff --git a/regress/agent.sh b/regress/agent.sh
index 3940365..f187b67 100644
--- a/regress/agent.sh
+++ b/regress/agent.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: agent.sh,v 1.17 2019/12/21 02:33:07 djm Exp $
+#	$OpenBSD: agent.sh,v 1.20 2021/02/25 03:27:34 djm Exp $
 #	Placed in the Public Domain.
 
 tid="simple agent test"
@@ -45,17 +45,20 @@
 	# add to authorized keys
 	cat $OBJ/$t-agent.pub >> $OBJ/authorized_keys_$USER
 	# add private key to agent
-	${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
+	${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		fail "ssh-add failed exit code $?"
 	fi
 	# add private key to second agent
-	SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent #> /dev/null 2>&1
+	SSH_AUTH_SOCK=$FW_SSH_AUTH_SOCK ${SSHADD} $OBJ/$t-agent > /dev/null 2>&1
 	if [ $? -ne 0 ]; then
 		fail "ssh-add failed exit code $?"
 	fi
-	# Remove private key to ensure that we aren't accidentally using it.
-	rm -f $OBJ/$t-agent
+	# Move private key to ensure that we aren't accidentally using it.
+	# Keep the corresponding public keys/certs around for later use.
+	mv -f $OBJ/$t-agent $OBJ/$t-agent-private
+	cp -f $OBJ/$t-agent.pub $OBJ/$t-agent-private.pub
+	cp -f $OBJ/$t-agent-cert.pub $OBJ/$t-agent-private-cert.pub
 done
 
 # Remove explicit identity directives from ssh_proxy
@@ -84,8 +87,8 @@
 for t in ${SSH_KEYTYPES}; do
 	trace "connect via agent using $t key"
 	if [ "$t" = "ssh-dss" ]; then
-		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/ssh_proxy
-		echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $OBJ/sshd_proxy
+		echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/ssh_proxy
+		echo "PubkeyAcceptedAlgorithms +ssh-dss" >> $OBJ/sshd_proxy
 	fi
 	${SSH} -F $OBJ/ssh_proxy -i $OBJ/$t-agent.pub -oIdentitiesOnly=yes \
 		somehost exit 52
@@ -152,12 +155,72 @@
     fi
 done
 
+## Deletion tests.
+
 trace "delete all agent keys"
 ${SSHADD} -D > /dev/null 2>&1
 r=$?
 if [ $r -ne 0 ]; then
 	fail "ssh-add -D failed: exit code $r"
 fi
+# make sure they're gone
+${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 1 ]; then
+	fail "ssh-add -l returned unexpected exit code: $r"
+fi
+trace "readd keys"
+# re-add keys/certs to agent
+for t in ${SSH_KEYTYPES}; do
+	${SSHADD} $OBJ/$t-agent-private >/dev/null 2>&1 || \
+		fail "ssh-add failed exit code $?"
+done
+# make sure they are there
+${SSHADD} -l > /dev/null 2>&1
+r=$?
+if [ $r -ne 0 ]; then
+	fail "ssh-add -l failed: exit code $r"
+fi
+
+check_key_absent() {
+	${SSHADD} -L | grep "^$1 " >/dev/null
+	if [ $? -eq 0 ]; then
+		fail "$1 key unexpectedly present"
+	fi
+}
+check_key_present() {
+	${SSHADD} -L | grep "^$1 " >/dev/null
+	if [ $? -ne 0 ]; then
+		fail "$1 key missing from agent"
+	fi
+}
+
+# delete the ed25519 key
+trace "delete single key by file"
+${SSHADD} -qdk $OBJ/ssh-ed25519-agent || fail "ssh-add -d ed25519 failed"
+check_key_absent ssh-ed25519
+check_key_present ssh-ed25519-cert-v01@openssh.com
+# Put key/cert back.
+${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \
+	fail "ssh-add failed exit code $?"
+check_key_present ssh-ed25519
+# Delete both key and certificate.
+trace "delete key/cert by file"
+${SSHADD} -qd $OBJ/ssh-ed25519-agent || fail "ssh-add -d ed25519 failed"
+check_key_absent ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
+# Put key/cert back.
+${SSHADD} $OBJ/ssh-ed25519-agent-private >/dev/null 2>&1 || \
+	fail "ssh-add failed exit code $?"
+check_key_present ssh-ed25519
+# Delete certificate via stdin
+${SSHADD} -qd - < $OBJ/ssh-ed25519-agent-cert.pub || fail "ssh-add -d - failed"
+check_key_present ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
+# Delete key via stdin
+${SSHADD} -qd - < $OBJ/ssh-ed25519-agent.pub || fail "ssh-add -d - failed"
+check_key_absent ssh-ed25519
+check_key_absent ssh-ed25519-cert-v01@openssh.com
 
 trace "kill agent"
 ${SSHAGENT} -k > /dev/null

regress/allow-deny-users.sh

diff --git a/regress/allow-deny-users.sh b/regress/allow-deny-users.sh
index 5c38951..6c053ee 100644
--- a/regress/allow-deny-users.sh
+++ b/regress/allow-deny-users.sh
@@ -1,6 +1,6 @@
 # Public Domain
 # Zev Weiss, 2016
-# $OpenBSD: allow-deny-users.sh,v 1.5 2018/07/13 02:13:50 djm Exp $
+# $OpenBSD: allow-deny-users.sh,v 1.6 2021/06/07 00:00:50 djm Exp $
 
 tid="AllowUsers/DenyUsers"
 
@@ -20,10 +20,8 @@
 	failmsg="$4"
 
 	cp $OBJ/sshd_proxy.orig $OBJ/sshd_proxy
-	echo DenyUsers="$deny" >> $OBJ/sshd_proxy
-	echo AllowUsers="$allow" >> $OBJ/sshd_proxy
-
-	start_sshd -oDenyUsers="$deny" -oAllowUsers="$allow"
+	test -z "$deny" || echo DenyUsers="$deny" >> $OBJ/sshd_proxy
+	test -z "$allow" || echo AllowUsers="$allow" >> $OBJ/sshd_proxy
 
 	${SSH} -F $OBJ/ssh_proxy "$me@somehost" true
 	status=$?

regress/banner.sh

diff --git a/regress/banner.sh b/regress/banner.sh
index 0d9654f..a84feb5 100644
--- a/regress/banner.sh
+++ b/regress/banner.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: banner.sh,v 1.3 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: banner.sh,v 1.4 2021/08/08 06:38:33 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="banner"
@@ -37,7 +37,9 @@
 
 trace "test suppress banner (-q)"
 verbose "test $tid: suppress banner (-q)"
-( ${SSH} -q -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
+# ssh-log-wrapper drops "-q" to preserve debug output so use ssh directly
+# for just this test.
+( ${REAL_SSH} -q -F $OBJ/ssh_proxy otherhost true 2>$OBJ/banner.out && \
 	cmp $OBJ/empty.in $OBJ/banner.out ) || \
 	fail "suppress banner (-q)"
 

regress/cert-hostkey.sh

diff --git a/regress/cert-hostkey.sh b/regress/cert-hostkey.sh
index 097bf84..de8652b 100644
--- a/regress/cert-hostkey.sh
+++ b/regress/cert-hostkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-hostkey.sh,v 1.23 2020/01/03 03:02:26 djm Exp $
+#	$OpenBSD: cert-hostkey.sh,v 1.25 2021/06/08 22:30:27 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified host keys"
@@ -29,12 +29,12 @@
 done
 (
 	echo "HostKeyAlgorithms ${types}"
-	echo "PubkeyAcceptedKeyTypes *"
+	echo "PubkeyAcceptedAlgorithms *"
 ) >> $OBJ/ssh_proxy
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
 (
 	echo "HostKeyAlgorithms *"
-	echo "PubkeyAcceptedKeyTypes *"
+	echo "PubkeyAcceptedAlgorithms *"
 ) >> $OBJ/sshd_proxy_bak
 
 HOSTS='localhost-with-alias,127.0.0.1,::1'
@@ -283,11 +283,17 @@
 	) > $OBJ/sshd_proxy
 
 	${SSH} -oUserKnownHostsFile=$OBJ/known_hosts-cert \
-	    -oGlobalKnownHostsFile=$OBJ/known_hosts-cert \
-		-F $OBJ/ssh_proxy somehost true
+	    -oGlobalKnownHostsFile=none -F $OBJ/ssh_proxy somehost true
 	if [ $? -ne 0 ]; then
 		fail "ssh cert connect failed"
 	fi
+	# Also check that it works when the known_hosts file is not in the
+	# first array position.
+	${SSH} -oUserKnownHostsFile="/dev/null $OBJ/known_hosts-cert" \
+	    -oGlobalKnownHostsFile=none -F $OBJ/ssh_proxy somehost true
+	if [ $? -ne 0 ]; then
+		fail "ssh cert connect failed known_hosts 2nd"
+	fi
 done
 
 # Wrong certificate

regress/cert-userkey.sh

diff --git a/regress/cert-userkey.sh b/regress/cert-userkey.sh
index 91596fa..baa6903 100644
--- a/regress/cert-userkey.sh
+++ b/regress/cert-userkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cert-userkey.sh,v 1.25 2020/01/03 03:02:26 djm Exp $
+#	$OpenBSD: cert-userkey.sh,v 1.26 2021/02/25 03:27:34 djm Exp $
 #	Placed in the Public Domain.
 
 tid="certified user keys"
@@ -71,11 +71,11 @@
 			echo "AuthorizedPrincipalsFile " \
 			    "$OBJ/authorized_principals_%u"
 			echo "TrustedUserCAKeys $OBJ/user_ca_key.pub"
-			echo "PubkeyAcceptedKeyTypes ${t}"
+			echo "PubkeyAcceptedAlgorithms ${t}"
 		) > $OBJ/sshd_proxy
 		(
 			cat $OBJ/ssh_proxy_bak
-			echo "PubkeyAcceptedKeyTypes ${t}"
+			echo "PubkeyAcceptedAlgorithms ${t}"
 		) > $OBJ/ssh_proxy
 
 		# Missing authorized_principals
@@ -149,11 +149,11 @@
 		(
 			cat $OBJ/sshd_proxy_bak
 			echo "UsePrivilegeSeparation $privsep"
-			echo "PubkeyAcceptedKeyTypes ${t}"
+			echo "PubkeyAcceptedAlgorithms ${t}"
 		) > $OBJ/sshd_proxy
 		(
 			cat $OBJ/ssh_proxy_bak
-			echo "PubkeyAcceptedKeyTypes ${t}"
+			echo "PubkeyAcceptedAlgorithms ${t}"
 		) > $OBJ/ssh_proxy
 
 		# Wrong principals list
@@ -204,12 +204,12 @@
 			(
 				cat $OBJ/sshd_proxy_bak
 				echo "UsePrivilegeSeparation $privsep"
-				echo "PubkeyAcceptedKeyTypes ${t}"
+				echo "PubkeyAcceptedAlgorithms ${t}"
 				echo "$extra_sshd"
 			) > $OBJ/sshd_proxy
 			(
 				cat $OBJ/ssh_proxy_bak
-				echo "PubkeyAcceptedKeyTypes ${t}"
+				echo "PubkeyAcceptedAlgorithms ${t}"
 			) > $OBJ/ssh_proxy
 
 			${SSH} -i $OBJ/cert_user_key_${ktype} \
@@ -224,7 +224,7 @@
 				cat $OBJ/sshd_proxy_bak
 				echo "UsePrivilegeSeparation $privsep"
 				echo "RevokedKeys $OBJ/cert_user_key_revoked"
-				echo "PubkeyAcceptedKeyTypes ${t}"
+				echo "PubkeyAcceptedAlgorithms ${t}"
 				echo "$extra_sshd"
 			) > $OBJ/sshd_proxy
 			cp $OBJ/cert_user_key_${ktype}.pub \
@@ -257,7 +257,7 @@
 		(
 			cat $OBJ/sshd_proxy_bak
 			echo "RevokedKeys $OBJ/user_ca_key.pub"
-			echo "PubkeyAcceptedKeyTypes ${t}"
+			echo "PubkeyAcceptedAlgorithms ${t}"
 			echo "$extra_sshd"
 		) > $OBJ/sshd_proxy
 		${SSH} -i $OBJ/cert_user_key_${ktype} -F $OBJ/ssh_proxy \
@@ -270,7 +270,7 @@
 	verbose "$tid: $auth CA does not authenticate"
 	(
 		cat $OBJ/sshd_proxy_bak
-		echo "PubkeyAcceptedKeyTypes ${t}"
+		echo "PubkeyAcceptedAlgorithms ${t}"
 		echo "$extra_sshd"
 	) > $OBJ/sshd_proxy
 	verbose "$tid: ensure CA key does not authenticate user"
@@ -308,7 +308,7 @@
 				echo > $OBJ/authorized_keys_$USER
 				echo "TrustedUserCAKeys $OBJ/user_ca_key.pub" \
 				    >> $OBJ/sshd_proxy
-				echo "PubkeyAcceptedKeyTypes ${t}*" \
+				echo "PubkeyAcceptedAlgorithms ${t}*" \
 				    >> $OBJ/sshd_proxy
 				if test "x$auth_opt" != "x" ; then
 					echo $auth_opt >> $OBJ/sshd_proxy

regress/cfginclude.sh

diff --git a/regress/cfginclude.sh b/regress/cfginclude.sh
index 2fc39ce..f5b492f 100644
--- a/regress/cfginclude.sh
+++ b/regress/cfginclude.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cfginclude.sh,v 1.2 2016/05/03 15:30:46 dtucker Exp $
+#	$OpenBSD: cfginclude.sh,v 1.3 2021/06/08 06:52:43 djm Exp $
 #	Placed in the Public Domain.
 
 tid="config include"
@@ -10,7 +10,7 @@
 Match host a
 	Hostname aa
 
-Match host b
+Match host b # comment
 	Hostname bb
 	Include $OBJ/ssh_config.i.*
 
@@ -19,10 +19,10 @@
 	Hostname cc
 
 Match host m
-	Include $OBJ/ssh_config.i.*
+	Include $OBJ/ssh_config.i.* # comment
 
 Host d
-	Hostname dd
+	Hostname dd # comment
 
 Host e
 	Hostname ee
@@ -47,17 +47,17 @@
 Match host b
 	Hostname bbb
 
-Match host c
+Match host c # comment
 	Hostname ccc
 
-Host d
+Host d # comment
 	Hostname ddd
 
 Host e
 	Hostname eee
 
 Host f
-	Hostname fff
+	Hostname fff # comment
 _EOF
 
 cat > $OBJ/ssh_config.i.2 << _EOF
@@ -142,7 +142,7 @@
 
 # cleanup
 rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out
-#	$OpenBSD: cfginclude.sh,v 1.2 2016/05/03 15:30:46 dtucker Exp $
+#	$OpenBSD: cfginclude.sh,v 1.3 2021/06/08 06:52:43 djm Exp $
 #	Placed in the Public Domain.
 
 tid="config include"
@@ -185,11 +185,11 @@
 Match host a
 	Hostname aaa
 
-Match host b
+Match host b # comment
 	Hostname bbb
 
 Match host c
-	Hostname ccc
+	Hostname ccc # comment
 
 Host d
 	Hostname ddd
@@ -220,8 +220,8 @@
 Host f
 	Hostname ffff
 
-Match all
-	Hostname xxxx
+Match all # comment
+	Hostname xxxx # comment
 _EOF
 
 trial() {

regress/cfgmatch.sh

diff --git a/regress/cfgmatch.sh b/regress/cfgmatch.sh
index 6620c84..05a6668 100644
--- a/regress/cfgmatch.sh
+++ b/regress/cfgmatch.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: cfgmatch.sh,v 1.12 2019/04/18 18:57:16 dtucker Exp $
+#	$OpenBSD: cfgmatch.sh,v 1.13 2021/06/08 06:52:43 djm Exp $
 #	Placed in the Public Domain.
 
 tid="sshd_config match"
@@ -39,16 +39,16 @@
 }
 
 cp $OBJ/sshd_proxy $OBJ/sshd_proxy_bak
-echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_config
+echo "PermitOpen 127.0.0.1:1 # comment" >>$OBJ/sshd_config
 echo "Match Address 127.0.0.1" >>$OBJ/sshd_config
 echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_config
 
 grep -v AuthorizedKeysFile $OBJ/sshd_proxy_bak > $OBJ/sshd_proxy
-echo "AuthorizedKeysFile /dev/null" >>$OBJ/sshd_proxy
+echo "AuthorizedKeysFile /dev/null # comment" >>$OBJ/sshd_proxy
 echo "PermitOpen 127.0.0.1:1" >>$OBJ/sshd_proxy
 echo "Match user $USER" >>$OBJ/sshd_proxy
 echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy
-echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
+echo "Match Address 127.0.0.1 # comment" >>$OBJ/sshd_proxy
 echo "PermitOpen 127.0.0.1:2 127.0.0.1:3 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
 
 ${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \

regress/connect-privsep.sh

diff --git a/regress/connect-privsep.sh b/regress/connect-privsep.sh
index b6abb65..8970340 100644
--- a/regress/connect-privsep.sh
+++ b/regress/connect-privsep.sh
@@ -16,13 +16,12 @@
 
 ${SSH} -F $OBJ/ssh_proxy 999.999.999.999 true
 if [ $? -ne 0 ]; then
-	# XXX replace this with fail once sandbox has stabilised
-	warn "ssh privsep/sandbox+proxyconnect failed"
+	fail "ssh privsep/sandbox+proxyconnect failed"
 fi
 
 # Because sandbox is sensitive to changes in libc, especially malloc, retest
 # with every malloc.conf option (and none).
-if [ -z "TEST_MALLOC_OPTIONS" ]; then
+if [ -z "$TEST_MALLOC_OPTIONS" ]; then
 	mopts="C F G J R S U X < >"
 else
 	mopts=`echo $TEST_MALLOC_OPTIONS | sed 's/./& /g'`

regress/dhgex.sh

diff --git a/regress/dhgex.sh b/regress/dhgex.sh
index ae64a9f..6dd4cfe 100644
--- a/regress/dhgex.sh
+++ b/regress/dhgex.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: dhgex.sh,v 1.6 2019/10/06 11:49:50 dtucker Exp $
+#	$OpenBSD: dhgex.sh,v 1.7 2020/12/21 22:48:41 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="dhgex"
@@ -58,4 +58,4 @@
 check 3072 `${SSH} -Q cipher | grep 128`
 check 7680 `${SSH} -Q cipher | grep 192`
 check 8192 `${SSH} -Q cipher | grep 256`
-check 8192 rijndael-cbc@lysator.liu.se chacha20-poly1305@openssh.com
+check 8192 chacha20-poly1305@openssh.com

regress/ed25519_openssh.prv

diff --git a/regress/ed25519_openssh.prv b/regress/ed25519_openssh.prv
new file mode 100644
index 0000000..9f191b7
--- /dev/null
+++ b/regress/ed25519_openssh.prv
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDE8/0FM7Yw6xc53QpiZUQAh/LK2mEAwNDNYdSR6GIGIwAAAKC+Cfdzvgn3
+cwAAAAtzc2gtZWQyNTUxOQAAACDE8/0FM7Yw6xc53QpiZUQAh/LK2mEAwNDNYdSR6GIGIw
+AAAEBm+60DgH0WMW7Z5oyvu1dxo7MaXe5RRMWTMJCfLkHexMTz/QUztjDrFzndCmJlRACH
+8sraYQDA0M1h1JHoYgYjAAAAGWR0dWNrZXJAcXVvbGwuZHR1Y2tlci5uZXQBAgME
+-----END OPENSSH PRIVATE KEY-----

regress/ed25519_openssh.pub

diff --git a/regress/ed25519_openssh.pub b/regress/ed25519_openssh.pub
new file mode 100644
index 0000000..9103631
--- /dev/null
+++ b/regress/ed25519_openssh.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMTz/QUztjDrFzndCmJlRACH8sraYQDA0M1h1JHoYgYj

regress/exit-status-signal.sh

diff --git a/regress/exit-status-signal.sh b/regress/exit-status-signal.sh
new file mode 100644
index 0000000..1b3af0d
--- /dev/null
+++ b/regress/exit-status-signal.sh
@@ -0,0 +1,24 @@
+# This test performs validation that ssh client is not successive on being terminated
+
+tid="exit status on signal"
+
+# spawn client in background
+rm -f $OBJ/remote_pid
+${SSH} -F $OBJ/ssh_proxy somehost 'echo $$ >'$OBJ'/remote_pid; sleep 444' &
+ssh_pid=$!
+
+# wait for it to start
+n=20
+while [ ! -f $OBJ/remote_pid ] && [ $n -gt 0 ]; do
+	n=$(($n - 1))
+	sleep 1
+done
+
+kill $ssh_pid
+wait $ssh_pid
+exit_code=$?
+
+if [ $exit_code -eq 0 ]; then
+	fail "ssh client should fail on signal"
+fi
+

regress/forward-control.sh

diff --git a/regress/forward-control.sh b/regress/forward-control.sh
index 3b1f69a..02f7667 100644
--- a/regress/forward-control.sh
+++ b/regress/forward-control.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: forward-control.sh,v 1.7 2018/06/07 14:29:43 djm Exp $
+#	$OpenBSD: forward-control.sh,v 1.8 2021/05/07 09:23:40 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="sshd control of local and remote forwarding"
@@ -46,7 +46,7 @@
 	wait_for_file_to_appear $READY || \
 		fatal "check_lfwd ssh fail: $_message"
 	${SSH} -F $OBJ/ssh_config -p $LFWD_PORT \
-	    -oConnectionAttempts=4 host true >/dev/null 2>&1
+	    -oConnectionAttempts=10 host true >/dev/null 2>&1
 	_result=$?
 	kill $_sshpid `cat $READY` 2>/dev/null
 	wait_for_process_to_exit $_sshpid
@@ -76,7 +76,7 @@
 	_result=$?
 	if test $_result -eq 0 ; then
 		${SSH} -F $OBJ/ssh_config -p $RFWD_PORT \
-		    -oConnectionAttempts=4 host true >/dev/null 2>&1
+		    -oConnectionAttempts=10 host true >/dev/null 2>&1
 		_result=$?
 		kill $_sshpid `cat $READY` 2>/dev/null
 		wait_for_process_to_exit $_sshpid

regress/forwarding.sh

diff --git a/regress/forwarding.sh b/regress/forwarding.sh
index cd634f2..a72bd3a 100644
--- a/regress/forwarding.sh
+++ b/regress/forwarding.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: forwarding.sh,v 1.23 2019/07/20 09:50:58 dtucker Exp $
+#	$OpenBSD: forwarding.sh,v 1.24 2021/05/07 09:23:40 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="local and remote forwarding"
@@ -29,7 +29,7 @@
 ${SSH} -S $CTL -N -M -F $OBJ/ssh_config -f $fwd somehost
 
 trace "transfer over forwarded channels and check result"
-${SSH} -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=4' \
+${SSH} -F $OBJ/ssh_config -p$last -o 'ConnectionAttempts=10' \
 	somehost cat ${DATA} > ${COPY}
 test -s ${COPY}		|| fail "failed copy of ${DATA}"
 cmp ${DATA} ${COPY}	|| fail "corrupted copy of ${DATA}"
@@ -110,7 +110,7 @@
 ${SSH} -S $CTL -N -M -F $OBJ/ssh_config -f somehost
 
 trace "config file: transfer over forwarded channels and check result"
-${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=4' \
+${SSH} -F $OBJ/ssh_config -p${base}02 -o 'ConnectionAttempts=10' \
 	somehost cat ${DATA} > ${COPY}
 test -s ${COPY}		|| fail "failed copy of ${DATA}"
 cmp ${DATA} ${COPY}	|| fail "corrupted copy of ${DATA}"
@@ -124,7 +124,7 @@
 ${SSH} -S $CTL.1 -N -M -f -F $OBJ/ssh_config -L[$OBJ/unix-1.fwd]:[$OBJ/unix-2.fwd] somehost
 ${SSH} -S $CTL.2 -N -M -f -F $OBJ/ssh_config -R[$OBJ/unix-2.fwd]:[$OBJ/unix-3.fwd] somehost
 ${SSH} -S $CTL.3 -N -M -f -F $OBJ/ssh_config -L[$OBJ/unix-3.fwd]:127.0.0.1:$PORT somehost
-${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=4' \
+${SSH} -F $OBJ/ssh_config -p${base}01 -o 'ConnectionAttempts=10' \
 	somehost cat ${DATA} > ${COPY}
 test -s ${COPY}			|| fail "failed copy ${DATA}"
 cmp ${DATA} ${COPY}		|| fail "corrupted copy of ${DATA}"

regress/hostkey-rotate.sh

diff --git a/regress/hostkey-rotate.sh b/regress/hostkey-rotate.sh
index c3e100c..0ae0c3d 100644
--- a/regress/hostkey-rotate.sh
+++ b/regress/hostkey-rotate.sh
@@ -1,12 +1,34 @@
-#	$OpenBSD: hostkey-rotate.sh,v 1.8 2019/11/26 23:43:10 djm Exp $
+#	$OpenBSD: hostkey-rotate.sh,v 1.9 2020/10/07 06:38:16 djm Exp $
 #	Placed in the Public Domain.
 
 tid="hostkey rotate"
 
-rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig
+#
+# GNU (f)grep <=2.18, as shipped by FreeBSD<=12 and NetBSD<=9 will occasionally
+# fail to find ssh host keys in the hostkey-rotate test.  If we have those
+# versions, use awk instead.
+# See # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258616
+#
+case `grep --version 2>&1 | awk '/GNU grep/{print $4}'` in
+2.19)			fgrep=good ;;
+1.*|2.?|2.?.?|2.1?)	fgrep=bad ;;	# stock GNU grep
+2.5.1*)			fgrep=bad ;;	# FreeBSD and NetBSD
+*)			fgrep=good ;;
+esac
+if test "x$fgrep" = "xbad"; then
+	fgrep()
+{
+	awk 'BEGIN{e=1} {if (index($0,"'$1'")>0){e=0;print}} END{exit e}' $2
+}
+fi
+
+rm -f $OBJ/hkr.* $OBJ/ssh_proxy.orig $OBJ/ssh_proxy.orig
 
 grep -vi 'hostkey' $OBJ/sshd_proxy > $OBJ/sshd_proxy.orig
+mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig
+grep -vi 'globalknownhostsfile' $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy
 echo "UpdateHostkeys=yes" >> $OBJ/ssh_proxy
+echo "GlobalKnownHostsFile=none" >> $OBJ/ssh_proxy
 rm $OBJ/known_hosts
 
 # The "primary" key type is ed25519 since it's supported even when built

regress/key-options.sh

diff --git a/regress/key-options.sh b/regress/key-options.sh
index 097f46e..2f3d66e 100644
--- a/regress/key-options.sh
+++ b/regress/key-options.sh
@@ -9,7 +9,7 @@
 
 # Allocating ptys can require privileges on some platforms.
 skip_pty=""
-if ! config_defined HAVE_OPENPTY && [ "x$SUDO" == "x" ]; then
+if ! config_defined HAVE_OPENPTY && [ "x$SUDO" = "x" ]; then
 	skip_pty="no openpty(3) and SUDO not set"
 fi
 

regress/keygen-convert.sh

diff --git a/regress/keygen-convert.sh b/regress/keygen-convert.sh
index fce110e..9565658 100644
--- a/regress/keygen-convert.sh
+++ b/regress/keygen-convert.sh
@@ -1,40 +1,54 @@
-#	$OpenBSD: keygen-convert.sh,v 1.2 2019/07/23 07:55:29 dtucker Exp $
+#	$OpenBSD: keygen-convert.sh,v 1.6 2021/07/24 02:57:28 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="convert keys"
 
-types=""
-for i in ${SSH_KEYTYPES}; do
-	case "$i" in
-		ssh-dss)	types="$types dsa" ;;
-		ssh-rsa)	types="$types rsa" ;;
-	esac
-done
+cat > $OBJ/askpass <<EOD
+#!/bin/sh
+echo hunter2
+EOD
+chmod u+x $OBJ/askpass
 
-for t in $types; do
+if ${SSHKEYGEN} -? 2>&1 | grep "ssh-keygen -e" >/dev/null; then
+	test_import_export=1
+fi
+
+for t in ${SSH_KEYTYPES}; do
 	# generate user key for agent
 	trace "generating $t key"
 	rm -f $OBJ/$t-key
 	${SSHKEYGEN} -q -N "" -t $t -f $OBJ/$t-key
 
-	trace "export $t private to rfc4716 public"
-	${SSHKEYGEN} -q -e -f $OBJ/$t-key >$OBJ/$t-key-rfc || \
-	    fail "export $t private to rfc4716 public"
+	if test "x$test_import_export" = "x1"; then
+		trace "export $t private to rfc4716 public"
+		${SSHKEYGEN} -q -e -f $OBJ/$t-key >$OBJ/$t-key-rfc || \
+		    fail "export $t private to rfc4716 public"
 
-	trace "export $t public to rfc4716 public"
-	${SSHKEYGEN} -q -e -f $OBJ/$t-key.pub >$OBJ/$t-key-rfc.pub || \
-	    fail "$t public to rfc4716 public"
+		trace "export $t public to rfc4716 public"
+		${SSHKEYGEN} -q -e -f $OBJ/$t-key.pub >$OBJ/$t-key-rfc.pub || \
+		    fail "$t public to rfc4716 public"
 
-	cmp $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub || \
-	    fail "$t rfc4716 exports differ between public and private"
+		cmp $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub || \
+		    fail "$t rfc4716 exports differ between public and private"
 
-	trace "import $t rfc4716 public"
-	${SSHKEYGEN} -q -i -f $OBJ/$t-key-rfc >$OBJ/$t-rfc-imported || \
-	    fail "$t import rfc4716 public"
+		trace "import $t rfc4716 public"
+		${SSHKEYGEN} -q -i -f $OBJ/$t-key-rfc >$OBJ/$t-rfc-imported || \
+		    fail "$t import rfc4716 public"
 
-	cut -f1,2 -d " " $OBJ/$t-key.pub >$OBJ/$t-key-nocomment.pub
-	cmp $OBJ/$t-key-nocomment.pub $OBJ/$t-rfc-imported || \
-	    fail "$t imported differs from original"
+		cut -f1,2 -d " " $OBJ/$t-key.pub >$OBJ/$t-key-nocomment.pub
+		cmp $OBJ/$t-key-nocomment.pub $OBJ/$t-rfc-imported || \
+		    fail "$t imported differs from original"
+	fi
+
+	trace "set passphrase $t"
+	${SSHKEYGEN} -q -p -P '' -N 'hunter2' -f $OBJ/$t-key >/dev/null || \
+	    fail "$t set passphrase failed"
+
+	trace "export $t to public with passphrase"
+	SSH_ASKPASS=$OBJ/askpass SSH_ASKPASS_REQUIRE=force \
+	    ${SSHKEYGEN} -y -f $OBJ/$t-key >$OBJ/$t-key-nocomment.pub
+	cmp $OBJ/$t-key.pub $OBJ/$t-key-nocomment.pub || \
+	    fail "$t exported pubkey differs from generated"
 
 	rm -f $OBJ/$t-key $OBJ/$t-key.pub $OBJ/$t-key-rfc $OBJ/$t-key-rfc.pub \
 	    $OBJ/$t-rfc-imported $OBJ/$t-key-nocomment.pub

regress/keygen-sshfp.sh

diff --git a/regress/keygen-sshfp.sh b/regress/keygen-sshfp.sh
new file mode 100644
index 0000000..2abf9ad
--- /dev/null
+++ b/regress/keygen-sshfp.sh
@@ -0,0 +1,29 @@
+#	$OpenBSD: keygen-sshfp.sh,v 1.2 2021/07/19 02:29:28 dtucker Exp $
+#	Placed in the Public Domain.
+
+tid="keygen-sshfp"
+
+trace "keygen fingerprints"
+fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \
+    awk '$5=="1"{print $6}'`
+if [ "$fp" != "8a8647a7567e202ce317e62606c799c53d4c121f" ]; then
+	fail "keygen fingerprint sha1"
+fi
+fp=`${SSHKEYGEN} -r test -f ${SRC}/ed25519_openssh.pub | \
+    awk '$5=="2"{print $6}'`
+if [ "$fp" != \
+    "54a506fb849aafb9f229cf78a94436c281efcb4ae67c8a430e8c06afcb5ee18f" ]; then
+	fail "keygen fingerprint sha256"
+fi
+
+if ${SSH} -Q key-plain | grep ssh-rsa >/dev/null; then
+	fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="1"{print $6}'`
+	if [ "$fp" != "99c79cc09f5f81069cc017cdf9552cfc94b3b929" ]; then
+		fail "keygen fingerprint sha1"
+	fi
+	fp=`${SSHKEYGEN} -r test -f ${SRC}/rsa_openssh.pub | awk '$5=="2"{print $6}'`
+	if [ "$fp" != \
+	    "e30d6b9eb7a4de495324e4d5870b8220577993ea6af417e8e4a4f1c5bf01a9b6" ]; then
+		fail "keygen fingerprint sha256"
+	fi
+fi

regress/keys-command.sh

diff --git a/regress/keys-command.sh b/regress/keys-command.sh
index 33b6e7b..a3acf5e 100644
--- a/regress/keys-command.sh
+++ b/regress/keys-command.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: keys-command.sh,v 1.6 2019/07/25 08:48:11 dtucker Exp $
+#	$OpenBSD: keys-command.sh,v 1.7 2021/09/01 00:50:27 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="authorized keys from command"
@@ -77,5 +77,5 @@
 		fail "connect failed"
 	fi
 else
-	echo "SKIPPED: $KEY_COMMAND not executable (/var/run mounted noexec?)"
+	skip "$KEY_COMMAND not executable (/var/run mounted noexec?)"
 fi

regress/keytype.sh

diff --git a/regress/keytype.sh b/regress/keytype.sh
index 20a8cea..f1c0451 100644
--- a/regress/keytype.sh
+++ b/regress/keytype.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: keytype.sh,v 1.10 2019/12/16 02:39:05 djm Exp $
+#	$OpenBSD: keytype.sh,v 1.11 2021/02/25 03:27:34 djm Exp $
 #	Placed in the Public Domain.
 
 tid="login with different key types"
@@ -58,13 +58,13 @@
 		(
 			grep -v HostKey $OBJ/sshd_proxy_bak
 			echo HostKey $OBJ/key.$ht
-			echo PubkeyAcceptedKeyTypes $user_type
+			echo PubkeyAcceptedAlgorithms $user_type
 			echo HostKeyAlgorithms $host_type
 		) > $OBJ/sshd_proxy
 		(
 			grep -v IdentityFile $OBJ/ssh_proxy_bak
 			echo IdentityFile $OBJ/key.$ut
-			echo PubkeyAcceptedKeyTypes $user_type
+			echo PubkeyAcceptedAlgorithms $user_type
 			echo HostKeyAlgorithms $host_type
 		) > $OBJ/ssh_proxy
 		(

regress/knownhosts-command.sh

diff --git a/regress/knownhosts-command.sh b/regress/knownhosts-command.sh
new file mode 100644
index 0000000..8472ec8
--- /dev/null
+++ b/regress/knownhosts-command.sh
@@ -0,0 +1,55 @@
+#	$OpenBSD: knownhosts-command.sh,v 1.3 2021/08/30 01:15:45 djm Exp $
+#	Placed in the Public Domain.
+
+tid="known hosts command "
+
+rm -f $OBJ/knownhosts_command $OBJ/ssh_proxy_khc
+cp $OBJ/ssh_proxy $OBJ/ssh_proxy_orig
+
+( grep -vi GlobalKnownHostsFile $OBJ/ssh_proxy_orig | \
+    grep -vi UserKnownHostsFile;
+  echo "GlobalKnownHostsFile none" ;
+  echo "UserKnownHostsFile none" ;
+  echo "KnownHostsCommand $OBJ/knownhosts_command '%t' '%K' '%u'" ;
+) > $OBJ/ssh_proxy
+
+verbose "simple connection"
+cat > $OBJ/knownhosts_command << _EOF
+#!/bin/sh
+cat $OBJ/known_hosts
+_EOF
+chmod a+x $OBJ/knownhosts_command
+${SSH} -F $OBJ/ssh_proxy x true || fail "ssh connect failed"
+
+verbose "no keys"
+cat > $OBJ/knownhosts_command << _EOF
+#!/bin/sh
+exit 0
+_EOF
+chmod a+x $OBJ/knownhosts_command
+${SSH} -F $OBJ/ssh_proxy x true && fail "ssh connect succeeded with no keys"
+
+verbose "bad exit status"
+cat > $OBJ/knownhosts_command << _EOF
+#!/bin/sh
+cat $OBJ/known_hosts
+exit 1
+_EOF
+chmod a+x $OBJ/knownhosts_command
+${SSH} -F $OBJ/ssh_proxy x true && fail "ssh connect succeeded with bad exit"
+
+for keytype in ${SSH_HOSTKEY_TYPES} ; do
+	algs=$keytype
+	test "x$keytype" = "xssh-dss" && continue
+	test "x$keytype" = "xssh-rsa" && algs=ssh-rsa,rsa-sha2-256,rsa-sha2-512
+	verbose "keytype $keytype"
+	cat > $OBJ/knownhosts_command << _EOF
+#!/bin/sh
+die() { echo "\$@" 1>&2 ; exit 1; }
+test "x\$1" = "x$keytype" || die "wrong keytype \$1 (expected $keytype)"
+test "x\$3" = "x$LOGNAME" || die "wrong username \$3 (expected $LOGNAME)"
+grep -- "\$1.*\$2" $OBJ/known_hosts
+_EOF
+	${SSH} -F $OBJ/ssh_proxy -oHostKeyAlgorithms=$algs x true ||
+	    fail "ssh connect failed for keytype $x"
+done

regress/limit-keytype.sh

diff --git a/regress/limit-keytype.sh b/regress/limit-keytype.sh
index 010a88c..7127de0 100644
--- a/regress/limit-keytype.sh
+++ b/regress/limit-keytype.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: limit-keytype.sh,v 1.9 2019/12/16 02:39:05 djm Exp $
+#	$OpenBSD: limit-keytype.sh,v 1.10 2021/02/25 03:27:34 djm Exp $
 #	Placed in the Public Domain.
 
 tid="restrict pubkey type"
@@ -69,7 +69,7 @@
  	) > $OBJ/sshd_proxy
 }
 
-# Return the required parameter for PubkeyAcceptedKeyTypes corresponding to
+# Return the required parameter for PubkeyAcceptedAlgorithms corresponding to
 # the supplied key type.
 keytype() {
 	case "$1" in
@@ -92,14 +92,14 @@
 # Allow plain Ed25519 and RSA. The certificate should fail.
 verbose "allow $ktype2,$ktype1"
 prepare_config \
-	"PubkeyAcceptedKeyTypes `keytype $ktype2`,`keytype $ktype1`"
+	"PubkeyAcceptedAlgorithms `keytype $ktype2`,`keytype $ktype1`"
 ${SSH} $certopts proxy true && fatal "cert succeeded"
 ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
 ${SSH} $opts -i $OBJ/user_key2 proxy true || fatal "key2 failed"
 
 # Allow Ed25519 only.
 verbose "allow $ktype1"
-prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype1`"
+prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype1`"
 ${SSH} $certopts proxy true && fatal "cert succeeded"
 ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
 if [ "$ktype1" != "$ktype2" ]; then
@@ -108,15 +108,15 @@
 
 # Allow all certs. Plain keys should fail.
 verbose "allow cert only"
-prepare_config "PubkeyAcceptedKeyTypes *-cert-v01@openssh.com"
+prepare_config "PubkeyAcceptedAlgorithms *-cert-v01@openssh.com"
 ${SSH} $certopts proxy true || fatal "cert failed"
 ${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded"
 ${SSH} $opts -i $OBJ/user_key2 proxy true && fatal "key2 succeeded"
 
 # Allow RSA in main config, Ed25519 for non-existent user.
 verbose "match w/ no match"
-prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype2`" \
-	"Match user x$USER" "PubkeyAcceptedKeyTypes +`keytype $ktype1`"
+prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype2`" \
+	"Match user x$USER" "PubkeyAcceptedAlgorithms +`keytype $ktype1`"
 ${SSH} $certopts proxy true && fatal "cert succeeded"
 if [ "$ktype1" != "$ktype2" ]; then
 	${SSH} $opts -i $OBJ/user_key1 proxy true && fatal "key1 succeeded"
@@ -125,8 +125,8 @@
 
 # Allow only DSA in main config, Ed25519 for user.
 verbose "match w/ matching"
-prepare_config "PubkeyAcceptedKeyTypes `keytype $ktype4`" \
-	"Match user $USER" "PubkeyAcceptedKeyTypes +`keytype $ktype1`"
+prepare_config "PubkeyAcceptedAlgorithms `keytype $ktype4`" \
+	"Match user $USER" "PubkeyAcceptedAlgorithms +`keytype $ktype1`"
 ${SSH} $certopts proxy true || fatal "cert failed"
 ${SSH} $opts -i $OBJ/user_key1 proxy true || fatal "key1 failed"
 ${SSH} $opts -i $OBJ/user_key4 proxy true && fatal "key4 succeeded"

regress/misc/Makefile

diff --git a/regress/misc/Makefile b/regress/misc/Makefile
index cf95f26..b9149f2 100644
--- a/regress/misc/Makefile
+++ b/regress/misc/Makefile
@@ -1,3 +1,3 @@
-SUBDIR=		kexfuzz sk-dummy
+SUBDIR=		sk-dummy
 
 .include <bsd.subdir.mk>

regress/misc/fuzz-harness/Makefile

diff --git a/regress/misc/fuzz-harness/Makefile b/regress/misc/fuzz-harness/Makefile
index 64fbdba..e879fcd 100644
--- a/regress/misc/fuzz-harness/Makefile
+++ b/regress/misc/fuzz-harness/Makefile
@@ -1,38 +1,52 @@
 # NB. libssh and libopenbsd-compat should be built with the same sanitizer opts.
-CXX=clang++-6.0
-FUZZ_FLAGS=-fsanitize=address,undefined -fsanitize-coverage=edge,trace-pc
+CC=clang-11
+CXX=clang++-11
+FUZZ_FLAGS=-fsanitize=address,fuzzer -fno-omit-frame-pointer
 FUZZ_LIBS=-lFuzzer
 
 CXXFLAGS=-O2 -g -Wall -Wextra -Wno-unused-parameter -I ../../.. $(FUZZ_FLAGS)
+CFLAGS=$(CXXFLAGS)
 LDFLAGS=-L ../../.. -L ../../../openbsd-compat -g $(FUZZ_FLAGS)
 LIBS=-lssh -lopenbsd-compat -lcrypto -lfido2 -lcbor $(FUZZ_LIBS)
-COMMON_OBJS=ssh-sk-null.o
+SK_NULL_OBJS=ssh-sk-null.o
+COMMON_DEPS=../../../libssh.a
 
 TARGETS=pubkey_fuzz sig_fuzz authopt_fuzz sshsig_fuzz \
-	sshsigopt_fuzz privkey_fuzz
+	sshsigopt_fuzz privkey_fuzz kex_fuzz agent_fuzz
 
 all: $(TARGETS)
 
 .cc.o:
 	$(CXX) $(CXXFLAGS) -c $< -o $@
 
-pubkey_fuzz: pubkey_fuzz.o $(COMMON_OBJS)
-	$(CXX) -o $@ pubkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
+pubkey_fuzz: pubkey_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
+	$(CXX) -o $@ pubkey_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(LIBS)
 
-sig_fuzz: sig_fuzz.o $(COMMON_OBJS)
-	$(CXX) -o $@ sig_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
+sig_fuzz: sig_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
+	$(CXX) -o $@ sig_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(LIBS)
 
-authopt_fuzz: authopt_fuzz.o $(COMMON_OBJS)
-	$(CXX) -o $@ authopt_fuzz.o $(COMMON_OBJS) ../../../auth-options.o $(LDFLAGS) $(LIBS)
+authopt_fuzz: authopt_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
+	$(CXX) -o $@ authopt_fuzz.o $(SK_NULL_OBJS) ../../../auth-options.o $(LDFLAGS) $(LIBS)
 
-sshsig_fuzz: sshsig_fuzz.o $(COMMON_OBJS)
-	$(CXX) -o $@ sshsig_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
+sshsig_fuzz: sshsig_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
+	$(CXX) -o $@ sshsig_fuzz.o $(SK_NULL_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
 
-sshsigopt_fuzz: sshsigopt_fuzz.o $(COMMON_OBJS)
-	$(CXX) -o $@ sshsigopt_fuzz.o $(COMMON_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
+sshsigopt_fuzz: sshsigopt_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
+	$(CXX) -o $@ sshsigopt_fuzz.o $(SK_NULL_OBJS) ../../../sshsig.o $(LDFLAGS) $(LIBS)
 
-privkey_fuzz: privkey_fuzz.o $(COMMON_OBJS)
-	$(CXX) -o $@ privkey_fuzz.o $(COMMON_OBJS) $(LDFLAGS) $(LIBS)
+privkey_fuzz: privkey_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
+	$(CXX) -o $@ privkey_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(LIBS)
+
+kex_fuzz: kex_fuzz.o $(SK_NULL_OBJS) $(COMMON_DEPS)
+	$(CXX) -o $@ kex_fuzz.o $(SK_NULL_OBJS) $(LDFLAGS) $(LIBS) -lz
+
+agent_fuzz: agent_fuzz.o agent_fuzz_helper.o sk-dummy.o ../../../ssh-sk.o $(COMMON_DEPS)
+	$(CXX) -o $@ agent_fuzz.o agent_fuzz_helper.o sk-dummy.o ../../../ssh-sk.o $(LDFLAGS) $(LIBS) -lz
+
+agent_fuzz_helper.o: agent_fuzz_helper.c ../../../ssh-agent.c
+
+sk-dummy.o: ../sk-dummy/sk-dummy.c
+	$(CC) $(CFLAGS) -c -o $@ ../sk-dummy/sk-dummy.c -DSK_DUMMY_INTEGRATE=1 $(LDFLAGS)
 
 clean:
 	-rm -f *.o $(TARGETS)

regress/misc/fuzz-harness/agent_fuzz.cc

diff --git a/regress/misc/fuzz-harness/agent_fuzz.cc b/regress/misc/fuzz-harness/agent_fuzz.cc
new file mode 100644
index 0000000..ad85b2f
--- /dev/null
+++ b/regress/misc/fuzz-harness/agent_fuzz.cc
@@ -0,0 +1,15 @@
+// cc_fuzz_target test for ssh-agent.
+extern "C" {
+
+#include <stdint.h>
+#include <sys/types.h>
+
+extern void test_one(const uint8_t* s, size_t slen);
+
+int LLVMFuzzerTestOneInput(const uint8_t* s, size_t slen)
+{
+	test_one(s, slen);
+	return 0;
+}
+
+} // extern

regress/misc/fuzz-harness/agent_fuzz_helper.c

diff --git a/regress/misc/fuzz-harness/agent_fuzz_helper.c b/regress/misc/fuzz-harness/agent_fuzz_helper.c
new file mode 100644
index 0000000..1d41982
--- /dev/null
+++ b/regress/misc/fuzz-harness/agent_fuzz_helper.c
@@ -0,0 +1,177 @@
+#include "fixed-keys.h"
+#include <assert.h>
+
+#define main(ac, av) xxxmain(ac, av)
+#include "../../../ssh-agent.c"
+
+void test_one(const uint8_t* s, size_t slen);
+
+static int
+devnull_or_die(void)
+{
+	int fd;
+
+	if ((fd = open("/dev/null", O_RDWR)) == -1) {
+		error_f("open /dev/null: %s", strerror(errno));
+		abort();
+	}
+	return fd;
+}
+
+static struct sshkey *
+pubkey_or_die(const char *s)
+{
+	char *tmp, *cp;
+	struct sshkey *pubkey;
+	int r;
+
+	tmp = cp = xstrdup(s);
+	if ((pubkey = sshkey_new(KEY_UNSPEC)) == NULL)
+		abort();
+	if ((r = sshkey_read(pubkey, &cp)) != 0) {
+		error_fr(r, "parse");
+		abort();
+	}
+	free(tmp);
+	return pubkey;
+}
+
+static struct sshkey *
+privkey_or_die(const char *s)
+{
+	int r;
+	struct sshbuf *b;
+	struct sshkey *privkey;
+
+	if ((b = sshbuf_from(s, strlen(s))) == NULL) {
+		error_f("sshbuf_from failed");
+		abort();
+	}
+	if ((r = sshkey_parse_private_fileblob(b, "", &privkey, NULL)) != 0) {
+		error_fr(r, "parse");
+		abort();
+	}
+	sshbuf_free(b);
+	return privkey;
+}
+
+static void
+add_key(const char *privkey, const char *certpath)
+{
+	Identity *id;
+	int r;
+	struct sshkey *cert;
+
+	id = xcalloc(1, sizeof(Identity));
+	TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
+	idtab->nentries++;
+	id->key = privkey_or_die(privkey);
+	id->comment = xstrdup("rhododaktulos Eos");
+	if (sshkey_is_sk(id->key))
+		id->sk_provider = xstrdup("internal");
+
+	/* Now the cert too */
+	id = xcalloc(1, sizeof(Identity));
+	TAILQ_INSERT_TAIL(&idtab->idlist, id, next);
+	idtab->nentries++;
+	id->key = privkey_or_die(privkey);
+	cert = pubkey_or_die(certpath);
+	if ((r = sshkey_to_certified(id->key)) != 0) {
+		error_fr(r, "sshkey_to_certified");
+		abort();
+	}
+	if ((r = sshkey_cert_copy(cert, id->key)) != 0) {
+		error_fr(r, "sshkey_cert_copy");
+		abort();
+	}
+	sshkey_free(cert);
+	id->comment = xstrdup("outis");
+	if (sshkey_is_sk(id->key))
+		id->sk_provider = xstrdup("internal");
+}
+
+static void
+cleanup_idtab(void)
+{
+	Identity *id;
+
+	if (idtab == NULL) return;
+	for (id = TAILQ_FIRST(&idtab->idlist); id;
+	    id = TAILQ_FIRST(&idtab->idlist)) {
+		TAILQ_REMOVE(&idtab->idlist, id, next);
+		free_identity(id);
+	}
+	free(idtab);
+	idtab = NULL;
+}
+
+static void
+reset_idtab(void)
+{
+	cleanup_idtab();
+	idtab_init();
+	// Load keys.
+	add_key(PRIV_RSA, CERT_RSA);
+	add_key(PRIV_DSA, CERT_DSA);
+	add_key(PRIV_ECDSA, CERT_ECDSA);
+	add_key(PRIV_ED25519, CERT_ED25519);
+	add_key(PRIV_ECDSA_SK, CERT_ECDSA_SK);
+	add_key(PRIV_ED25519_SK, CERT_ED25519_SK);
+}
+
+static void
+cleanup_sockettab(void)
+{
+	u_int i;
+	for (i = 0; i < sockets_alloc; i++) {
+		if (sockets[i].type != AUTH_UNUSED)
+			close_socket(sockets + i);
+	}
+	free(sockets);
+	sockets = NULL;
+	sockets_alloc = 0;
+}
+
+static void
+reset_sockettab(int devnull)
+{
+	int fd;
+
+	cleanup_sockettab();
+	if ((fd = dup(devnull)) == -1) {
+		error_f("dup: %s", strerror(errno));
+		abort();
+	}
+	new_socket(AUTH_CONNECTION, fd);
+	assert(sockets[0].type == AUTH_CONNECTION);
+	assert(sockets[0].fd == fd);
+}
+
+#define MAX_MESSAGES 256
+void
+test_one(const uint8_t* s, size_t slen)
+{
+	static int devnull = -1;
+	size_t i, olen, nlen;
+
+	if (devnull == -1) {
+		log_init(__progname, SYSLOG_LEVEL_DEBUG3,
+		    SYSLOG_FACILITY_AUTH, 1);
+		devnull = devnull_or_die();
+		allowed_providers = xstrdup("");
+		setenv("DISPLAY", "", 1); /* ban askpass */
+	}
+
+	reset_idtab();
+	reset_sockettab(devnull);
+	(void)sshbuf_put(sockets[0].input, s, slen);
+	for (i = 0; i < MAX_MESSAGES; i++) {
+		olen = sshbuf_len(sockets[0].input);
+		process_message(0);
+		nlen = sshbuf_len(sockets[0].input);
+		if (nlen == 0 || nlen == olen)
+			break;
+	}
+	cleanup_idtab();
+	cleanup_sockettab();
+}

regress/misc/fuzz-harness/fixed-keys.h

diff --git a/regress/misc/fuzz-harness/fixed-keys.h b/regress/misc/fuzz-harness/fixed-keys.h
new file mode 100644
index 0000000..c6e7c6c
--- /dev/null
+++ b/regress/misc/fuzz-harness/fixed-keys.h
@@ -0,0 +1,119 @@
+/*
+ * Some keys used by fuzzers
+ */
+
+#define PRIV_RSA \
+"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
+"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn\n"\
+"NhAAAAAwEAAQAAAQEA3+epf+VGKoGPaAZXrf6S0cyumQnddkGBnVFX0A5eh37RtLug0qY5\n"\
+"thxsBUbGGVr9mTd2QXwLujBwYg5l1MP/Fmg+5312Zgx9pHmS+qKULbar0hlNgptNEb+aNU\n"\
+"d3o9qg3aXqXm7+ZnjAV05ef/mxNRN2ZvuEkw7cRppTJcbBI+vF3lXuCXnX2klDI95Gl2AW\n"\
+"3WHRtanqLHZXuBkjjRBDKc7MUq/GP1hmLiAd95dvU7fZjRlIEsP84zGEI1Fb0L/kmPHcOt\n"\
+"iVfHft8CtmC9v6+94JrOiPBBNScV+dyrgAGPsdKdr/1vIpQmCNiI8s3PCiD8J7ZiBaYm0I\n"\
+"8fq5G/qnUwAAA7ggw2dXIMNnVwAAAAdzc2gtcnNhAAABAQDf56l/5UYqgY9oBlet/pLRzK\n"\
+"6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZm\n"\
+"DH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGml\n"\
+"MlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29T\n"\
+"t9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v\n"\
+"/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdTAAAAAwEAAQAAAQEArWm5B4tFasppjUHM\n"\
+"SsAuajtCxtizI1Hc10EW59cZM4vvUzE2f6+qZvdgWj3UU/L7Et23w0QVuSCnCerox379ZB\n"\
+"ddEOFFAAiQjwBx65hbd4RRUymxtIQfjq18++LcMJW1nbVQ7c69ThQbtALIggmbS+ZE/8Gx\n"\
+"jkwmIrCH0Ww8TlpsPe+mNHuyNk7UEZoXLm22lNLqq5qkIL5JgT6M2iNJpMOJy9/CKi6kO4\n"\
+"JPuVwjdG4C5pBPaMN3KJ1IvAlSlLGNaXnfXcn85gWfsCjsZmH3liey2NJamqp/w83BrKUg\n"\
+"YZvMR2qeWZaKkFTahpzN5KRK1BFeB37O0P84Dzh1biDX8QAAAIEAiWXW8ePYFwLpa2mFIh\n"\
+"VvRTdcrN70rVK5eWVaL3pyS4vGA56Jixq86dHveOnbSY+iNb1jQidtXc8SWUt2wtHqZ32h\n"\
+"Lji9/hMSKqe9SEP3xvDRDmUJqsVw0ySyrFrzm4160QY6RKU3CIQCVFslMZ9fxmrfZ/hxoU\n"\
+"0X3FVsxmC4+kwAAACBAPOc1YERpV6PjANBrGR+1o1RCdACbm5myc42QzSNIaOZmgrYs+Gt\n"\
+"7+EcoqSdbJzHJNCNQfF+A+vjbIkFiuZqq/5wwr59qXx5OAlijLB/ywwKmTWq6lp//Zxny+\n"\
+"ka3sIGNO14eQvmxNDnlLL+RIZleCTEKBXSW6CZhr+uHMZFKKMtAAAAgQDrSkm+LbILB7H9\n"\
+"jxEBZLhv53aAn4u81kFKQOJ7PzzpBGSoD12i7oIJu5siSD5EKDNVEr+SvCf0ISU3BuMpzl\n"\
+"t3YrPrHRheOFhn5e3j0e//zB8rBC0DGB4CtTDdeh7rOXUL4K0pz+8wEpNkV62SWxhC6NRW\n"\
+"I79JhtGkh+GtcnkEfwAAAAAB\n"\
+"-----END OPENSSH PRIVATE KEY-----\n"
+#define PUB_RSA \
+"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDf56l/5UYqgY9oBlet/pLRzK6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZmDH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGmlMlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29Tt9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdT"
+#define CERT_RSA \
+"ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg89JX6OBMYDSxER8fnU5y8xxeMCHR/hI0uVqdEhNyCpcAAAADAQABAAABAQDf56l/5UYqgY9oBlet/pLRzK6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZmDH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGmlMlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29Tt9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdTAAAAAAAAA+0AAAABAAAAB3VseXNzZXMAAAAXAAAAB3VseXNzZXMAAAAIb2R5c3NldXMAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgM9BeYRUxUuZ4VHJp8oxVaA8OS/z+5EFPCZwQNq1nMwMAAABTAAAAC3NzaC1lZDI1NTE5AAAAQGCDA6PWw4x9bHQl0w7NqifHepumqD3dmyMx+hZGuPRon+TsyCjfytu7hWmV7l9XUF0fPQNFQ7FGat5e+7YUNgE= id_rsa.pub"
+#define PRIV_DSA \
+"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
+"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsgAAAAdzc2gtZH\n"\
+"NzAAAAgQCsGTfjpQ465EOkfQXJM9BOvfRQE0fqlykAls+ncz+T7hrbeScRu8xpwzsznJNm\n"\
+"xlW8o6cUDiHmBJ5OHgamUC9N7YJeU/6fnOAZifgN8mqK6k8pKHuje8ANOiYgHLl0yiASQA\n"\
+"3//qMyzZ+W/hemoLSmLAbEqlfWVeyYx+wta1Vm+QAAABUAvWyehvUvdHvQxavYgS5p0t5Q\n"\
+"d7UAAACBAIRA9Yy+f4Kzqpv/qICPO3zk42UuP7WAhSW2nCbQdLlCiSTxcjKgcvXNRckwJP\n"\
+"44JjSHOtJy/AMtJrPIbLYG6KuWTdBlEHFiG6DafvLG+qPMSL2bPjXTOhuOMbCHIZ+5WBkW\n"\
+"THeG/Nv11iI01Of9V6tXkig23K370flkRkXFi9MdAAAAgCt6YUcQkNwG7B/e5M1FZsLP9O\n"\
+"kVB3BwLAOjmWdHpyhu3HpwSJa3XLEvhXN0i6IVI2KgPo/2GtYA6rHt14L+6u1pmhh8sAvQ\n"\
+"ksp3qZB+xh/NP+hBqf0sbHX0yYbzKOvI5SCc/kKK6yagcBZOsubM/KC8TxyVgmD5c6WzYs\n"\
+"h5TEpvAAAB2PHjRbbx40W2AAAAB3NzaC1kc3MAAACBAKwZN+OlDjrkQ6R9Bckz0E699FAT\n"\
+"R+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4B\n"\
+"mJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1r\n"\
+"VWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS\n"\
+"4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIb\n"\
+"oNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRc\n"\
+"WL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SL\n"\
+"ohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJ\n"\
+"z+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8AAAAUUA+OGldMi76ClO/sstpdbBUE\n"\
+"lq8AAAAAAQI=\n"\
+"-----END OPENSSH PRIVATE KEY-----\n"
+#define PUB_DSA \
+"ssh-dss AAAAB3NzaC1kc3MAAACBAKwZN+OlDjrkQ6R9Bckz0E699FATR+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4BmJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1rVWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIboNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRcWL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SLohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJz+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8="
+#define CERT_DSA \
+"ssh-dss-cert-v01@openssh.com AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNzaC5jb20AAAAguF716Yub+vVKNlONKLsfxGYWkRe/PyjfYdGRTsFaDvAAAACBAKwZN+OlDjrkQ6R9Bckz0E699FATR+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4BmJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1rVWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIboNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRcWL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SLohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJz+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8AAAAAAAAD6AAAAAEAAAAHdWx5c3NlcwAAABcAAAAHdWx5c3NlcwAAAAhvZHlzc2V1cwAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAFMAAAALc3NoLWVkMjU1MTkAAABAjMQEZcbdUYJBjIC4GxByFDOb8tv71vDZdx7irHwaqIjx5rzpJUuOV1r8ZO4kY+Yaiun1yrWj2QYkfJrHBvD1DA== id_dsa.pub"
+#define PRIV_ECDSA \
+"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
+"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS\n"\
+"1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTDJ0VlMv+0rguNzaJ1DF2KueHaxRSQ\n"\
+"6LpIxGbulrg1a8RPbnMXwag5GcDiDllD2lDUJUuBEWyjXA0rZoZX35ELAAAAoE/Bbr5PwW\n"\
+"6+AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43N\n"\
+"onUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQ\n"\
+"sAAAAhAIhE6hCID5oOm1TDktc++KFKyScjLifcZ6Cgv5xSSyLOAAAAAAECAwQFBgc=\n"\
+"-----END OPENSSH PRIVATE KEY-----\n"
+#define PUB_ECDSA \
+"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43NonUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQs="
+#define CERT_ECDSA \
+"ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgVJZuM/1AOe6n++qRWMyUuAThYqLvvQxj5CGflLODp60AAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43NonUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQsAAAAAAAAD6QAAAAEAAAAHdWx5c3NlcwAAABcAAAAHdWx5c3NlcwAAAAhvZHlzc2V1cwAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAFMAAAALc3NoLWVkMjU1MTkAAABAtdJpcF6ZmQL+ueices4QZeL7AK8Xuo08jyLgiolhjKy2jj4LSUki4aX/ZeZeJuby1ovGrfaeFAgx3itPLR7IAQ== id_ecdsa.pub"
+#define PRIV_ED25519 \
+"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
+"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW\n"\
+"QyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAIhWlP99VpT/\n"\
+"fQAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAw\n"\
+"AAAEDE1rlcMC0s0X3TKVZAOVavZOywwkXw8tO5dLObxaCMEDPQXmEVMVLmeFRyafKMVWgP\n"\
+"Dkv8/uRBTwmcEDatZzMDAAAAAAECAwQF\n"\
+"-----END OPENSSH PRIVATE KEY-----\n"
+#define PUB_ED25519 \
+"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMD"
+#define CERT_ED25519 \
+"ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIMDQjYH6XRzH3j3MW1DdjCoAfvrHfgjnVGF+sLK0pBfqAAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMDAAAAAAAAA+sAAAABAAAAB3VseXNzZXMAAAAXAAAAB3VseXNzZXMAAAAIb2R5c3NldXMAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgM9BeYRUxUuZ4VHJp8oxVaA8OS/z+5EFPCZwQNq1nMwMAAABTAAAAC3NzaC1lZDI1NTE5AAAAQBj0og+s09/HpwdHZbzN0twooKPDWWrxGfnP1Joy6cDnY2BCSQ7zg9vbq11kLF8H/sKOTZWAQrUZ7LlChOu9Ogw= id_ed25519.pub"
+#define PRIV_ECDSA_SK \
+"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
+"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAfwAAACJzay1lY2\n"\
+"RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAACG5pc3RwMjU2AAAAQQTYyU76zop1\n"\
+"VOb4DfKWYnR5b0TOC3zw8DzObAfHWB5o6xls+tOYiEleXvIEi00Da2iCK47habZTOhLyeB\n"\
+"X2Avu5AAAABHNzaDoAAAGYqUAQSKlAEEgAAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBv\n"\
+"cGVuc3NoLmNvbQAAAAhuaXN0cDI1NgAAAEEE2MlO+s6KdVTm+A3ylmJ0eW9Ezgt88PA8zm\n"\
+"wHx1geaOsZbPrTmIhJXl7yBItNA2togiuO4Wm2UzoS8ngV9gL7uQAAAARzc2g6AQAAAOMt\n"\
+"LS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUhjQ0FRRUVJSHFsZjNsWTkxZFhwUn\n"\
+"dYZDBrS0lYWmNpeDRRcDBNSU15Ny9JMUxXSTFuWG9Bb0dDQ3FHU000OQpBd0VIb1VRRFFn\n"\
+"QUUyTWxPK3M2S2RWVG0rQTN5bG1KMGVXOUV6Z3Q4OFBBOHptd0h4MWdlYU9zWmJQclRtSW\n"\
+"hKClhsN3lCSXROQTJ0b2dpdU80V20yVXpvUzhuZ1Y5Z0w3dVE9PQotLS0tLUVORCBFQyBQ\n"\
+"UklWQVRFIEtFWS0tLS0tCgAAAAAAAAAbZGptQGRqbS5zeWQuY29ycC5nb29nbGUuY29tAQ\n"\
+"IDBAUG\n"\
+"-----END OPENSSH PRIVATE KEY-----\n"
+#define PUB_ECDSA_SK \
+"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBNjJTvrOinVU5vgN8pZidHlvRM4LfPDwPM5sB8dYHmjrGWz605iISV5e8gSLTQNraIIrjuFptlM6EvJ4FfYC+7kAAAAEc3NoOg=="
+#define CERT_ECDSA_SK \
+"sk-ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAK3NrLWVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKLHtIca++5VoDrUAXU/KqGJZ7jZEnuJSTvt7VrYY9foAAAAIbmlzdHAyNTYAAABBBNjJTvrOinVU5vgN8pZidHlvRM4LfPDwPM5sB8dYHmjrGWz605iISV5e8gSLTQNraIIrjuFptlM6EvJ4FfYC+7kAAAAEc3NoOgAAAAAAAAPqAAAAAQAAAAd1bHlzc2VzAAAAFwAAAAd1bHlzc2VzAAAACG9keXNzZXVzAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMDAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEB1naZOQDLaDr+fwn6E9x8/8HeiaUubDzPexfNQMz+m/7RD0gd5uJhHYUfDb5+/sIx1I7bUEeRIDkBbmZ2foo0E"
+#define PRIV_ED25519_SK \
+"-----BEGIN OPENSSH PRIVATE KEY-----\n"\
+"b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAABpzay1zc2\n"\
+"gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACCTJtH10vWhIDxd62edvMLg9u2cwYKyqa7332je\n"\
+"RArHjAAAAARzc2g6AAAAwN7vvE3e77xNAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY2\n"\
+"9tAAAAIJMm0fXS9aEgPF3rZ528wuD27ZzBgrKprvffaN5ECseMAAAABHNzaDoBAAAAQEsS\n"\
+"xLFiVzfpH2mt9xh8i/zmHV646Hud4QruNBAGNl8gkybR9dL1oSA8XetnnbzC4PbtnMGCsq\n"\
+"mu999o3kQKx4wAAAAAAAAAG2RqbUBkam0uc3lkLmNvcnAuZ29vZ2xlLmNvbQECAwQFBg==\n"\
+"-----END OPENSSH PRIVATE KEY-----\n"
+#define PUB_ED25519_SK \
+"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJMm0fXS9aEgPF3rZ528wuD27ZzBgrKprvffaN5ECseMAAAABHNzaDo="
+#define CERT_ED25519_SK \
+"sk-ssh-ed25519-cert-v01@openssh.com AAAAI3NrLXNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJiT+C/VLMWholFZ4xhOyJr0nSLZSFRIM3I07wUNTRPaAAAAIJMm0fXS9aEgPF3rZ528wuD27ZzBgrKprvffaN5ECseMAAAABHNzaDoAAAAAAAAD7AAAAAEAAAAHdWx5c3NlcwAAABcAAAAHdWx5c3NlcwAAAAhvZHlzc2V1cwAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAFMAAAALc3NoLWVkMjU1MTkAAABAX0Pu13B94pVR3qq8MJQGkOS1Cd7AAM1k6O2VSwyDPM/LfsWIQ4ywgxDmk3hjXWOY7BqljuMxo5VO4JymEIhQBA=="

regress/misc/fuzz-harness/kex_fuzz.cc

diff --git a/regress/misc/fuzz-harness/kex_fuzz.cc b/regress/misc/fuzz-harness/kex_fuzz.cc
new file mode 100644
index 0000000..4740a7c
--- /dev/null
+++ b/regress/misc/fuzz-harness/kex_fuzz.cc
@@ -0,0 +1,461 @@
+// libfuzzer driver for key exchange fuzzing.
+
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+extern "C" {
+
+#include "includes.h"
+#include "ssherr.h"
+#include "ssh_api.h"
+#include "sshbuf.h"
+#include "packet.h"
+#include "myproposal.h"
+#include "xmalloc.h"
+#include "authfile.h"
+#include "log.h"
+
+#include "fixed-keys.h"
+
+// Define if you want to generate traces.
+/* #define STANDALONE 1 */
+
+static int prepare_key(struct shared_state *st, int keytype, int bits);
+
+struct shared_state {
+	size_t nkeys;
+	struct sshkey **privkeys, **pubkeys;
+};
+
+struct test_state {
+	struct sshbuf *smsgs, *cmsgs; /* output, for standalone mode */
+	struct sshbuf *sin, *cin; /* input; setup per-test in do_kex_with_key */
+	struct sshbuf *s_template, *c_template; /* main copy of input */
+};
+
+static int
+do_send_and_receive(struct ssh *from, struct ssh *to,
+    struct sshbuf *store, int clobber, size_t *n)
+{
+	u_char type;
+	size_t len;
+	const u_char *buf;
+	int r;
+
+	for (*n = 0;; (*n)++) {
+		if ((r = ssh_packet_next(from, &type)) != 0) {
+			debug_fr(r, "ssh_packet_next");
+			return r;
+		}
+		if (type != 0)
+			return 0;
+		buf = ssh_output_ptr(from, &len);
+		debug_f("%zu%s", len, clobber ? " ignore" : "");
+		if (len == 0)
+			return 0;
+		if ((r = ssh_output_consume(from, len)) != 0) {
+			debug_fr(r, "ssh_output_consume");
+			return r;
+		}
+		if (store != NULL && (r = sshbuf_put(store, buf, len)) != 0) {
+			debug_fr(r, "sshbuf_put");
+			return r;
+		}
+		if (!clobber && (r = ssh_input_append(to, buf, len)) != 0) {
+			debug_fr(r, "ssh_input_append");
+			return r;
+		}
+	}
+}
+
+static int
+run_kex(struct test_state *ts, struct ssh *client, struct ssh *server)
+{
+	int r = 0;
+	size_t cn, sn;
+
+	/* If fuzzing, replace server/client input */
+	if (ts->sin != NULL) {
+		if ((r = ssh_input_append(server, sshbuf_ptr(ts->sin),
+		    sshbuf_len(ts->sin))) != 0) {
+			error_fr(r, "ssh_input_append");
+			return r;
+		}
+		sshbuf_reset(ts->sin);
+	}
+	if (ts->cin != NULL) {
+		if ((r = ssh_input_append(client, sshbuf_ptr(ts->cin),
+		    sshbuf_len(ts->cin))) != 0) {
+			error_fr(r, "ssh_input_append");
+			return r;
+		}
+		sshbuf_reset(ts->cin);
+	}
+	while (!server->kex->done || !client->kex->done) {
+		cn = sn = 0;
+		debug_f("S:");
+		if ((r = do_send_and_receive(server, client,
+		    ts->smsgs, ts->cin != NULL, &sn)) != 0) {
+			debug_fr(r, "S->C");
+			break;
+		}
+		debug_f("C:");
+		if ((r = do_send_and_receive(client, server,
+		    ts->cmsgs, ts->sin != NULL, &cn)) != 0) {
+			debug_fr(r, "C->S");
+			break;
+		}
+		if (cn == 0 && sn == 0) {
+			debug_f("kex stalled");
+			r = SSH_ERR_PROTOCOL_ERROR;
+			break;
+		}
+	}
+	debug_fr(r, "done");
+	return r;
+}
+
+static void
+store_key(struct shared_state *st, struct sshkey *pubkey,
+    struct sshkey *privkey)
+{
+	if (st == NULL || pubkey->type < 0 || pubkey->type > INT_MAX ||
+	    privkey->type != pubkey->type ||
+	    ((size_t)pubkey->type < st->nkeys &&
+	     st->pubkeys[pubkey->type] != NULL))
+		abort();
+	if ((size_t)pubkey->type >= st->nkeys) {
+		st->pubkeys = (struct sshkey **)xrecallocarray(st->pubkeys,
+		    st->nkeys, pubkey->type + 1, sizeof(*st->pubkeys));
+		st->privkeys = (struct sshkey **)xrecallocarray(st->privkeys,
+		    st->nkeys, privkey->type + 1, sizeof(*st->privkeys));
+		st->nkeys = privkey->type + 1;
+	}
+	debug_f("store %s at %d", sshkey_ssh_name(pubkey), pubkey->type);
+	st->pubkeys[pubkey->type] = pubkey;
+	st->privkeys[privkey->type] = privkey;
+}
+
+static int
+prepare_keys(struct shared_state *st)
+{
+	if (prepare_key(st, KEY_RSA, 2048) != 0 ||
+	    prepare_key(st, KEY_DSA, 1024) != 0 ||
+	    prepare_key(st, KEY_ECDSA, 256) != 0 ||
+	    prepare_key(st, KEY_ED25519, 256) != 0) {
+		error_f("key prepare failed");
+		return -1;
+	}
+	return 0;
+}
+
+static struct sshkey *
+get_pubkey(struct shared_state *st, int keytype)
+{
+	if (st == NULL || keytype < 0 || (size_t)keytype >= st->nkeys ||
+	    st->pubkeys == NULL || st->pubkeys[keytype] == NULL)
+		abort();
+	return st->pubkeys[keytype];
+}
+
+static struct sshkey *
+get_privkey(struct shared_state *st, int keytype)
+{
+	if (st == NULL || keytype < 0 || (size_t)keytype >= st->nkeys ||
+	    st->privkeys == NULL || st->privkeys[keytype] == NULL)
+		abort();
+	return st->privkeys[keytype];
+}
+
+static int
+do_kex_with_key(struct shared_state *st, struct test_state *ts,
+    const char *kex, int keytype)
+{
+	struct ssh *client = NULL, *server = NULL;
+	struct sshkey *privkey = NULL, *pubkey = NULL;
+	struct sshbuf *state = NULL;
+	struct kex_params kex_params;
+	const char *ccp, *proposal[PROPOSAL_MAX] = { KEX_CLIENT };
+	char *myproposal[PROPOSAL_MAX] = {0}, *keyname = NULL;
+	int i, r;
+
+	ts->cin = ts->sin = NULL;
+	if (ts->c_template != NULL &&
+	    (ts->cin = sshbuf_fromb(ts->c_template)) == NULL)
+		abort();
+	if (ts->s_template != NULL &&
+	    (ts->sin = sshbuf_fromb(ts->s_template)) == NULL)
+		abort();
+
+	pubkey = get_pubkey(st, keytype);
+	privkey = get_privkey(st, keytype);
+	keyname = xstrdup(sshkey_ssh_name(privkey));
+	if (ts->cin != NULL) {
+		debug_f("%s %s clobber client %zu", kex, keyname,
+		    sshbuf_len(ts->cin));
+	} else if (ts->sin != NULL) {
+		debug_f("%s %s clobber server %zu", kex, keyname,
+		    sshbuf_len(ts->sin));
+	} else
+		debug_f("%s %s noclobber", kex, keyname);
+
+	for (i = 0; i < PROPOSAL_MAX; i++) {
+		ccp = proposal[i];
+#ifdef CIPHER_NONE_AVAIL
+		if (i == PROPOSAL_ENC_ALGS_CTOS || i == PROPOSAL_ENC_ALGS_STOC)
+			ccp = "none";
+#endif
+		if (i == PROPOSAL_SERVER_HOST_KEY_ALGS)
+			ccp = keyname;
+		else if (i == PROPOSAL_KEX_ALGS && kex != NULL)
+			ccp = kex;
+		if ((myproposal[i] = strdup(ccp)) == NULL) {
+			error_f("strdup prop %d", i);
+			goto fail;
+		}
+	}
+	memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
+	if ((r = ssh_init(&client, 0, &kex_params)) != 0) {
+		error_fr(r, "init client");
+		goto fail;
+	}
+	if ((r = ssh_init(&server, 1, &kex_params)) != 0) {
+		error_fr(r, "init server");
+		goto fail;
+	}
+	if ((r = ssh_add_hostkey(server, privkey)) != 0 ||
+	    (r = ssh_add_hostkey(client, pubkey)) != 0) {
+		error_fr(r, "add hostkeys");
+		goto fail;
+	}
+	if ((r = run_kex(ts, client, server)) != 0) {
+		error_fr(r, "kex");
+		goto fail;
+	}
+	/* XXX rekex, set_state, etc */
+ fail:
+	for (i = 0; i < PROPOSAL_MAX; i++)
+		free(myproposal[i]);
+	sshbuf_free(ts->sin);
+	sshbuf_free(ts->cin);
+	sshbuf_free(state);
+	ssh_free(client);
+	ssh_free(server);
+	free(keyname);
+	return r;
+}
+
+static int
+prepare_key(struct shared_state *st, int kt, int bits)
+{
+	const char *pubstr = NULL;
+	const char *privstr = NULL;
+	char *tmp, *cp;
+	struct sshkey *privkey = NULL, *pubkey = NULL;
+	struct sshbuf *b = NULL;
+	int r;
+
+	switch (kt) {
+	case KEY_RSA:
+		pubstr = PUB_RSA;
+		privstr = PRIV_RSA;
+		break;
+	case KEY_DSA:
+		pubstr = PUB_DSA;
+		privstr = PRIV_DSA;
+		break;
+	case KEY_ECDSA:
+		pubstr = PUB_ECDSA;
+		privstr = PRIV_ECDSA;
+		break;
+	case KEY_ED25519:
+		pubstr = PUB_ED25519;
+		privstr = PRIV_ED25519;
+		break;
+	default:
+		abort();
+	}
+	if ((b = sshbuf_from(privstr, strlen(privstr))) == NULL)
+		abort();
+	if ((r = sshkey_parse_private_fileblob(b, "", &privkey, NULL)) != 0) {
+		error_fr(r, "priv %d", kt);
+		abort();
+	}
+	sshbuf_free(b);
+	tmp = cp = xstrdup(pubstr);
+	if ((pubkey = sshkey_new(KEY_UNSPEC)) == NULL)
+		abort();
+	if ((r = sshkey_read(pubkey, &cp)) != 0) {
+		error_fr(r, "pub %d", kt);
+		abort();
+	}
+	free(tmp);
+
+	store_key(st, pubkey, privkey);
+	return 0;
+}
+
+#if defined(STANDALONE)
+
+#if 0 /* use this if generating new keys to embed above */
+static int
+prepare_key(struct shared_state *st, int keytype, int bits)
+{
+	struct sshkey *privkey = NULL, *pubkey = NULL;
+	int r;
+
+	if ((r = sshkey_generate(keytype, bits, &privkey)) != 0) {
+		error_fr(r, "generate");
+		abort();
+	}
+	if ((r = sshkey_from_private(privkey, &pubkey)) != 0) {
+		error_fr(r, "make pubkey");
+		abort();
+	}
+	store_key(st, pubkey, privkey);
+	return 0;
+}
+#endif
+
+int main(void)
+{
+	static struct shared_state *st;
+	struct test_state *ts;
+	const int keytypes[] = { KEY_RSA, KEY_DSA, KEY_ECDSA, KEY_ED25519, -1 };
+	const char *kextypes[] = {
+		"sntrup761x25519-sha512@openssh.com",
+		"curve25519-sha256@libssh.org",
+		"ecdh-sha2-nistp256",
+		"diffie-hellman-group1-sha1",
+		"diffie-hellman-group-exchange-sha1",
+		NULL,
+	};
+	int i, j;
+	char *path;
+	FILE *f;
+
+	log_init("kex_fuzz", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1);
+
+	if (st == NULL) {
+		st = (struct shared_state *)xcalloc(1, sizeof(*st));
+		prepare_keys(st);
+	}
+	/* Run each kex method for each key and save client/server packets */
+	for (i = 0; keytypes[i] != -1; i++) {
+		for (j = 0; kextypes[j] != NULL; j++) {
+			ts = (struct test_state *)xcalloc(1, sizeof(*ts));
+			ts->smsgs = sshbuf_new();
+			ts->cmsgs = sshbuf_new();
+			do_kex_with_key(st, ts, kextypes[j], keytypes[i]);
+			xasprintf(&path, "S2C-%s-%s",
+			    kextypes[j], sshkey_type(st->pubkeys[keytypes[i]]));
+			debug_f("%s", path);
+			if ((f = fopen(path, "wb+")) == NULL)
+				abort();
+			if (fwrite(sshbuf_ptr(ts->smsgs), 1,
+			    sshbuf_len(ts->smsgs), f) != sshbuf_len(ts->smsgs))
+				abort();
+			fclose(f);
+			free(path);
+			//sshbuf_dump(ts->smsgs, stderr);
+			xasprintf(&path, "C2S-%s-%s",
+			    kextypes[j], sshkey_type(st->pubkeys[keytypes[i]]));
+			debug_f("%s", path);
+			if ((f = fopen(path, "wb+")) == NULL)
+				abort();
+			if (fwrite(sshbuf_ptr(ts->cmsgs), 1,
+			    sshbuf_len(ts->cmsgs), f) != sshbuf_len(ts->cmsgs))
+				abort();
+			fclose(f);
+			free(path);
+			//sshbuf_dump(ts->cmsgs, stderr);
+			sshbuf_free(ts->smsgs);
+			sshbuf_free(ts->cmsgs);
+			free(ts);
+		}
+	}
+	for (i = 0; keytypes[i] != -1; i++) {
+		xasprintf(&path, "%s.priv",
+		    sshkey_type(st->privkeys[keytypes[i]]));
+		debug_f("%s", path);
+		if (sshkey_save_private(st->privkeys[keytypes[i]], path,
+		    "", "", SSHKEY_PRIVATE_OPENSSH, NULL, 0) != 0)
+			abort();
+		free(path);
+		xasprintf(&path, "%s.pub",
+		    sshkey_type(st->pubkeys[keytypes[i]]));
+		debug_f("%s", path);
+		if (sshkey_save_public(st->pubkeys[keytypes[i]], path, "") != 0)
+			abort();
+		free(path);
+	}
+}
+#else /* !STANDALONE */
+static void
+do_kex(struct shared_state *st, struct test_state *ts, const char *kex)
+{
+	do_kex_with_key(st, ts, kex, KEY_RSA);
+	do_kex_with_key(st, ts, kex, KEY_DSA);
+	do_kex_with_key(st, ts, kex, KEY_ECDSA);
+	do_kex_with_key(st, ts, kex, KEY_ED25519);
+}
+
+static void
+kex_tests(struct shared_state *st, struct test_state *ts)
+{
+	do_kex(st, ts, "sntrup761x25519-sha512@openssh.com");
+	do_kex(st, ts, "curve25519-sha256@libssh.org");
+	do_kex(st, ts, "ecdh-sha2-nistp256");
+	do_kex(st, ts, "diffie-hellman-group1-sha1");
+	do_kex(st, ts, "diffie-hellman-group-exchange-sha1");
+}
+
+int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+	static struct shared_state *st;
+	struct test_state *ts;
+	u_char crbuf[SSH_MAX_PRE_BANNER_LINES * 4];
+	u_char zbuf[4096] = {0};
+	static LogLevel loglevel = SYSLOG_LEVEL_INFO;
+
+	if (st == NULL) {
+		if (getenv("DEBUG") != NULL || getenv("KEX_FUZZ_DEBUG") != NULL)
+			loglevel = SYSLOG_LEVEL_DEBUG3;
+		log_init("kex_fuzz",
+		    loglevel, SYSLOG_FACILITY_AUTH, 1);
+		st = (struct shared_state *)xcalloc(1, sizeof(*st));
+		prepare_keys(st);
+	}
+
+	/* Ensure that we can complete (fail) banner exchange at least */
+	memset(crbuf, '\n', sizeof(crbuf));
+
+	ts = (struct test_state *)xcalloc(1, sizeof(*ts));
+	if ((ts->s_template = sshbuf_new()) == NULL ||
+	    sshbuf_put(ts->s_template, data, size) != 0 ||
+	    sshbuf_put(ts->s_template, crbuf, sizeof(crbuf)) != 0 ||
+	    sshbuf_put(ts->s_template, zbuf, sizeof(zbuf)) != 0)
+		abort();
+	kex_tests(st, ts);
+	sshbuf_free(ts->s_template);
+	free(ts);
+
+	ts = (struct test_state *)xcalloc(1, sizeof(*ts));
+	if ((ts->c_template = sshbuf_new()) == NULL ||
+	    sshbuf_put(ts->c_template, data, size) != 0 ||
+	    sshbuf_put(ts->c_template, crbuf, sizeof(crbuf)) != 0 ||
+	    sshbuf_put(ts->c_template, zbuf, sizeof(zbuf)) != 0)
+		abort();
+	kex_tests(st, ts);
+	sshbuf_free(ts->c_template);
+	free(ts);
+
+	return 0;
+}
+#endif /* STANDALONE */
+} /* extern "C" */

regress/misc/fuzz-harness/testdata/README

diff --git a/regress/misc/fuzz-harness/testdata/README b/regress/misc/fuzz-harness/testdata/README
new file mode 100644
index 0000000..7520530
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/README
@@ -0,0 +1,4 @@
+This is preparatory data for fuzzing testing including scripts and test keys,
+corresponding to ../fixed-keys that are used in the fuzz tests and consequent
+fuzzing seed corpora. They should not be changed unless the affected seed
+corpora are also regenerated.

regress/misc/fuzz-harness/testdata/create-agent-corpus.sh

diff --git a/regress/misc/fuzz-harness/testdata/create-agent-corpus.sh b/regress/misc/fuzz-harness/testdata/create-agent-corpus.sh
new file mode 100755
index 0000000..1043b9f
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/create-agent-corpus.sh
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# Exercise ssh-agent to generate fuzzing corpus
+
+# XXX assumes agent hacked up with sk-dummy.o and ssh-sk.o linked directly
+#     and dumping of e->request for each message.
+
+set -xe
+SSH_AUTH_SOCK=$PWD/sock
+rm -f agent-[0-9]* $SSH_AUTH_SOCK
+export SSH_AUTH_SOCK
+../../../../ssh-agent -D -a $SSH_AUTH_SOCK &
+sleep 1
+AGENT_PID=$!
+trap "kill $AGENT_PID" EXIT
+
+PRIV="id_dsa id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk id_rsa"
+
+# add keys
+ssh-add $PRIV
+
+# sign
+ssh-add -T *.pub
+
+# list
+ssh-add -l
+
+# remove individually
+ssh-add -d $PRIV
+
+# re-add with constraints
+ssh-add -c -t 3h $PRIV
+
+# delete all
+ssh-add -D
+
+# attempt to add a PKCS#11 token
+ssh-add -s /fake || :
+
+# attempt to delete PKCS#11
+ssh-add -e /fake || :
+
+ssh-add -L
+

regress/misc/fuzz-harness/testdata/id_dsa

diff --git a/regress/misc/fuzz-harness/testdata/id_dsa b/regress/misc/fuzz-harness/testdata/id_dsa
new file mode 100644
index 0000000..88bf556
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_dsa
@@ -0,0 +1,21 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABsgAAAAdzc2gtZH
+NzAAAAgQCsGTfjpQ465EOkfQXJM9BOvfRQE0fqlykAls+ncz+T7hrbeScRu8xpwzsznJNm
+xlW8o6cUDiHmBJ5OHgamUC9N7YJeU/6fnOAZifgN8mqK6k8pKHuje8ANOiYgHLl0yiASQA
+3//qMyzZ+W/hemoLSmLAbEqlfWVeyYx+wta1Vm+QAAABUAvWyehvUvdHvQxavYgS5p0t5Q
+d7UAAACBAIRA9Yy+f4Kzqpv/qICPO3zk42UuP7WAhSW2nCbQdLlCiSTxcjKgcvXNRckwJP
+44JjSHOtJy/AMtJrPIbLYG6KuWTdBlEHFiG6DafvLG+qPMSL2bPjXTOhuOMbCHIZ+5WBkW
+THeG/Nv11iI01Of9V6tXkig23K370flkRkXFi9MdAAAAgCt6YUcQkNwG7B/e5M1FZsLP9O
+kVB3BwLAOjmWdHpyhu3HpwSJa3XLEvhXN0i6IVI2KgPo/2GtYA6rHt14L+6u1pmhh8sAvQ
+ksp3qZB+xh/NP+hBqf0sbHX0yYbzKOvI5SCc/kKK6yagcBZOsubM/KC8TxyVgmD5c6WzYs
+h5TEpvAAAB2PHjRbbx40W2AAAAB3NzaC1kc3MAAACBAKwZN+OlDjrkQ6R9Bckz0E699FAT
+R+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4B
+mJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1r
+VWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS
+4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIb
+oNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRc
+WL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SL
+ohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJ
+z+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8AAAAUUA+OGldMi76ClO/sstpdbBUE
+lq8AAAAAAQI=
+-----END OPENSSH PRIVATE KEY-----

regress/misc/fuzz-harness/testdata/id_dsa-cert.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_dsa-cert.pub b/regress/misc/fuzz-harness/testdata/id_dsa-cert.pub
new file mode 100644
index 0000000..3afb87f
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_dsa-cert.pub
@@ -0,0 +1 @@
+ssh-dss-cert-v01@openssh.com AAAAHHNzaC1kc3MtY2VydC12MDFAb3BlbnNzaC5jb20AAAAguF716Yub+vVKNlONKLsfxGYWkRe/PyjfYdGRTsFaDvAAAACBAKwZN+OlDjrkQ6R9Bckz0E699FATR+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4BmJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1rVWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIboNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRcWL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SLohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJz+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8AAAAAAAAD6AAAAAEAAAAHdWx5c3NlcwAAABcAAAAHdWx5c3NlcwAAAAhvZHlzc2V1cwAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAFMAAAALc3NoLWVkMjU1MTkAAABAjMQEZcbdUYJBjIC4GxByFDOb8tv71vDZdx7irHwaqIjx5rzpJUuOV1r8ZO4kY+Yaiun1yrWj2QYkfJrHBvD1DA== id_dsa.pub

regress/misc/fuzz-harness/testdata/id_dsa.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_dsa.pub b/regress/misc/fuzz-harness/testdata/id_dsa.pub
new file mode 100644
index 0000000..6f91c4e
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_dsa.pub
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAKwZN+OlDjrkQ6R9Bckz0E699FATR+qXKQCWz6dzP5PuGtt5JxG7zGnDOzOck2bGVbyjpxQOIeYEnk4eBqZQL03tgl5T/p+c4BmJ+A3yaorqTykoe6N7wA06JiAcuXTKIBJADf/+ozLNn5b+F6agtKYsBsSqV9ZV7JjH7C1rVWb5AAAAFQC9bJ6G9S90e9DFq9iBLmnS3lB3tQAAAIEAhED1jL5/grOqm/+ogI87fOTjZS4/tYCFJbacJtB0uUKJJPFyMqBy9c1FyTAk/jgmNIc60nL8Ay0ms8hstgboq5ZN0GUQcWIboNp+8sb6o8xIvZs+NdM6G44xsIchn7lYGRZMd4b82/XWIjTU5/1Xq1eSKDbcrfvR+WRGRcWL0x0AAACAK3phRxCQ3AbsH97kzUVmws/06RUHcHAsA6OZZ0enKG7cenBIlrdcsS+Fc3SLohUjYqA+j/Ya1gDqse3Xgv7q7WmaGHywC9CSynepkH7GH80/6EGp/SxsdfTJhvMo68jlIJz+QorrJqBwFk6y5sz8oLxPHJWCYPlzpbNiyHlMSm8=

regress/misc/fuzz-harness/testdata/id_ecdsa

diff --git a/regress/misc/fuzz-harness/testdata/id_ecdsa b/regress/misc/fuzz-harness/testdata/id_ecdsa
new file mode 100644
index 0000000..c1a96c6
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ecdsa
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTDJ0VlMv+0rguNzaJ1DF2KueHaxRSQ
+6LpIxGbulrg1a8RPbnMXwag5GcDiDllD2lDUJUuBEWyjXA0rZoZX35ELAAAAoE/Bbr5PwW
+6+AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43N
+onUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQ
+sAAAAhAIhE6hCID5oOm1TDktc++KFKyScjLifcZ6Cgv5xSSyLOAAAAAAECAwQFBgc=
+-----END OPENSSH PRIVATE KEY-----

regress/misc/fuzz-harness/testdata/id_ecdsa-cert.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_ecdsa-cert.pub b/regress/misc/fuzz-harness/testdata/id_ecdsa-cert.pub
new file mode 100644
index 0000000..9de5999
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ecdsa-cert.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAKGVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgVJZuM/1AOe6n++qRWMyUuAThYqLvvQxj5CGflLODp60AAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43NonUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQsAAAAAAAAD6QAAAAEAAAAHdWx5c3NlcwAAABcAAAAHdWx5c3NlcwAAAAhvZHlzc2V1cwAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAFMAAAALc3NoLWVkMjU1MTkAAABAtdJpcF6ZmQL+ueices4QZeL7AK8Xuo08jyLgiolhjKy2jj4LSUki4aX/ZeZeJuby1ovGrfaeFAgx3itPLR7IAQ== id_ecdsa.pub

regress/misc/fuzz-harness/testdata/id_ecdsa.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_ecdsa.pub b/regress/misc/fuzz-harness/testdata/id_ecdsa.pub
new file mode 100644
index 0000000..30a7cc2
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ecdsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMMnRWUy/7SuC43NonUMXYq54drFFJDoukjEZu6WuDVrxE9ucxfBqDkZwOIOWUPaUNQlS4ERbKNcDStmhlffkQs=

regress/misc/fuzz-harness/testdata/id_ecdsa_sk

diff --git a/regress/misc/fuzz-harness/testdata/id_ecdsa_sk b/regress/misc/fuzz-harness/testdata/id_ecdsa_sk
new file mode 100644
index 0000000..5a364ed
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ecdsa_sk
@@ -0,0 +1,14 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAfwAAACJzay1lY2
+RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAACG5pc3RwMjU2AAAAQQTYyU76zop1
+VOb4DfKWYnR5b0TOC3zw8DzObAfHWB5o6xls+tOYiEleXvIEi00Da2iCK47habZTOhLyeB
+X2Avu5AAAABHNzaDoAAAGYqUAQSKlAEEgAAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBv
+cGVuc3NoLmNvbQAAAAhuaXN0cDI1NgAAAEEE2MlO+s6KdVTm+A3ylmJ0eW9Ezgt88PA8zm
+wHx1geaOsZbPrTmIhJXl7yBItNA2togiuO4Wm2UzoS8ngV9gL7uQAAAARzc2g6AQAAAOMt
+LS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUhjQ0FRRUVJSHFsZjNsWTkxZFhwUn
+dYZDBrS0lYWmNpeDRRcDBNSU15Ny9JMUxXSTFuWG9Bb0dDQ3FHU000OQpBd0VIb1VRRFFn
+QUUyTWxPK3M2S2RWVG0rQTN5bG1KMGVXOUV6Z3Q4OFBBOHptd0h4MWdlYU9zWmJQclRtSW
+hKClhsN3lCSXROQTJ0b2dpdU80V20yVXpvUzhuZ1Y5Z0w3dVE9PQotLS0tLUVORCBFQyBQ
+UklWQVRFIEtFWS0tLS0tCgAAAAAAAAAbZGptQGRqbS5zeWQuY29ycC5nb29nbGUuY29tAQ
+IDBAUG
+-----END OPENSSH PRIVATE KEY-----

regress/misc/fuzz-harness/testdata/id_ecdsa_sk-cert.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_ecdsa_sk-cert.pub b/regress/misc/fuzz-harness/testdata/id_ecdsa_sk-cert.pub
new file mode 100644
index 0000000..14040fa
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ecdsa_sk-cert.pub
@@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAK3NrLWVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgKLHtIca++5VoDrUAXU/KqGJZ7jZEnuJSTvt7VrYY9foAAAAIbmlzdHAyNTYAAABBBNjJTvrOinVU5vgN8pZidHlvRM4LfPDwPM5sB8dYHmjrGWz605iISV5e8gSLTQNraIIrjuFptlM6EvJ4FfYC+7kAAAAEc3NoOgAAAAAAAAPqAAAAAQAAAAd1bHlzc2VzAAAAFwAAAAd1bHlzc2VzAAAACG9keXNzZXVzAAAAAAAAAAD//////////wAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMDAAAAUwAAAAtzc2gtZWQyNTUxOQAAAEB1naZOQDLaDr+fwn6E9x8/8HeiaUubDzPexfNQMz+m/7RD0gd5uJhHYUfDb5+/sIx1I7bUEeRIDkBbmZ2foo0E djm@djm.syd.corp.google.com

regress/misc/fuzz-harness/testdata/id_ecdsa_sk.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_ecdsa_sk.pub b/regress/misc/fuzz-harness/testdata/id_ecdsa_sk.pub
new file mode 100644
index 0000000..1b5e829
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ecdsa_sk.pub
@@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBNjJTvrOinVU5vgN8pZidHlvRM4LfPDwPM5sB8dYHmjrGWz605iISV5e8gSLTQNraIIrjuFptlM6EvJ4FfYC+7kAAAAEc3NoOg== djm@djm.syd.corp.google.com

regress/misc/fuzz-harness/testdata/id_ed25519

diff --git a/regress/misc/fuzz-harness/testdata/id_ed25519 b/regress/misc/fuzz-harness/testdata/id_ed25519
new file mode 100644
index 0000000..6a7fbac
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAIhWlP99VpT/
+fQAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAw
+AAAEDE1rlcMC0s0X3TKVZAOVavZOywwkXw8tO5dLObxaCMEDPQXmEVMVLmeFRyafKMVWgP
+Dkv8/uRBTwmcEDatZzMDAAAAAAECAwQF
+-----END OPENSSH PRIVATE KEY-----

regress/misc/fuzz-harness/testdata/id_ed25519-cert.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_ed25519-cert.pub b/regress/misc/fuzz-harness/testdata/id_ed25519-cert.pub
new file mode 100644
index 0000000..6a95fed
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ed25519-cert.pub
@@ -0,0 +1 @@
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIMDQjYH6XRzH3j3MW1DdjCoAfvrHfgjnVGF+sLK0pBfqAAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMDAAAAAAAAA+sAAAABAAAAB3VseXNzZXMAAAAXAAAAB3VseXNzZXMAAAAIb2R5c3NldXMAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgM9BeYRUxUuZ4VHJp8oxVaA8OS/z+5EFPCZwQNq1nMwMAAABTAAAAC3NzaC1lZDI1NTE5AAAAQBj0og+s09/HpwdHZbzN0twooKPDWWrxGfnP1Joy6cDnY2BCSQ7zg9vbq11kLF8H/sKOTZWAQrUZ7LlChOu9Ogw= id_ed25519.pub

regress/misc/fuzz-harness/testdata/id_ed25519.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_ed25519.pub b/regress/misc/fuzz-harness/testdata/id_ed25519.pub
new file mode 100644
index 0000000..87b6174
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ed25519.pub
@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPQXmEVMVLmeFRyafKMVWgPDkv8/uRBTwmcEDatZzMD
+

regress/misc/fuzz-harness/testdata/id_ed25519_sk

diff --git a/regress/misc/fuzz-harness/testdata/id_ed25519_sk b/regress/misc/fuzz-harness/testdata/id_ed25519_sk
new file mode 100644
index 0000000..9dcda6c
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ed25519_sk
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAABpzay1zc2
+gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACCTJtH10vWhIDxd62edvMLg9u2cwYKyqa7332je
+RArHjAAAAARzc2g6AAAAwN7vvE3e77xNAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY2
+9tAAAAIJMm0fXS9aEgPF3rZ528wuD27ZzBgrKprvffaN5ECseMAAAABHNzaDoBAAAAQEsS
+xLFiVzfpH2mt9xh8i/zmHV646Hud4QruNBAGNl8gkybR9dL1oSA8XetnnbzC4PbtnMGCsq
+mu999o3kQKx4wAAAAAAAAAG2RqbUBkam0uc3lkLmNvcnAuZ29vZ2xlLmNvbQECAwQFBg==
+-----END OPENSSH PRIVATE KEY-----

regress/misc/fuzz-harness/testdata/id_ed25519_sk-cert.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_ed25519_sk-cert.pub b/regress/misc/fuzz-harness/testdata/id_ed25519_sk-cert.pub
new file mode 100644
index 0000000..9e41eec
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ed25519_sk-cert.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519-cert-v01@openssh.com AAAAI3NrLXNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJiT+C/VLMWholFZ4xhOyJr0nSLZSFRIM3I07wUNTRPaAAAAIJMm0fXS9aEgPF3rZ528wuD27ZzBgrKprvffaN5ECseMAAAABHNzaDoAAAAAAAAD7AAAAAEAAAAHdWx5c3NlcwAAABcAAAAHdWx5c3NlcwAAAAhvZHlzc2V1cwAAAAAAAAAA//////////8AAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAz0F5hFTFS5nhUcmnyjFVoDw5L/P7kQU8JnBA2rWczAwAAAFMAAAALc3NoLWVkMjU1MTkAAABAX0Pu13B94pVR3qq8MJQGkOS1Cd7AAM1k6O2VSwyDPM/LfsWIQ4ywgxDmk3hjXWOY7BqljuMxo5VO4JymEIhQBA== djm@djm.syd.corp.google.com

regress/misc/fuzz-harness/testdata/id_ed25519_sk.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_ed25519_sk.pub b/regress/misc/fuzz-harness/testdata/id_ed25519_sk.pub
new file mode 100644
index 0000000..38d1984
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_ed25519_sk.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJMm0fXS9aEgPF3rZ528wuD27ZzBgrKprvffaN5ECseMAAAABHNzaDo= djm@djm.syd.corp.google.com

regress/misc/fuzz-harness/testdata/id_rsa

diff --git a/regress/misc/fuzz-harness/testdata/id_rsa b/regress/misc/fuzz-harness/testdata/id_rsa
new file mode 100644
index 0000000..574fecf
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_rsa
@@ -0,0 +1,27 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAQEA3+epf+VGKoGPaAZXrf6S0cyumQnddkGBnVFX0A5eh37RtLug0qY5
+thxsBUbGGVr9mTd2QXwLujBwYg5l1MP/Fmg+5312Zgx9pHmS+qKULbar0hlNgptNEb+aNU
+d3o9qg3aXqXm7+ZnjAV05ef/mxNRN2ZvuEkw7cRppTJcbBI+vF3lXuCXnX2klDI95Gl2AW
+3WHRtanqLHZXuBkjjRBDKc7MUq/GP1hmLiAd95dvU7fZjRlIEsP84zGEI1Fb0L/kmPHcOt
+iVfHft8CtmC9v6+94JrOiPBBNScV+dyrgAGPsdKdr/1vIpQmCNiI8s3PCiD8J7ZiBaYm0I
+8fq5G/qnUwAAA7ggw2dXIMNnVwAAAAdzc2gtcnNhAAABAQDf56l/5UYqgY9oBlet/pLRzK
+6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZm
+DH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGml
+MlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29T
+t9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v
+/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdTAAAAAwEAAQAAAQEArWm5B4tFasppjUHM
+SsAuajtCxtizI1Hc10EW59cZM4vvUzE2f6+qZvdgWj3UU/L7Et23w0QVuSCnCerox379ZB
+ddEOFFAAiQjwBx65hbd4RRUymxtIQfjq18++LcMJW1nbVQ7c69ThQbtALIggmbS+ZE/8Gx
+jkwmIrCH0Ww8TlpsPe+mNHuyNk7UEZoXLm22lNLqq5qkIL5JgT6M2iNJpMOJy9/CKi6kO4
+JPuVwjdG4C5pBPaMN3KJ1IvAlSlLGNaXnfXcn85gWfsCjsZmH3liey2NJamqp/w83BrKUg
+YZvMR2qeWZaKkFTahpzN5KRK1BFeB37O0P84Dzh1biDX8QAAAIEAiWXW8ePYFwLpa2mFIh
+VvRTdcrN70rVK5eWVaL3pyS4vGA56Jixq86dHveOnbSY+iNb1jQidtXc8SWUt2wtHqZ32h
+Lji9/hMSKqe9SEP3xvDRDmUJqsVw0ySyrFrzm4160QY6RKU3CIQCVFslMZ9fxmrfZ/hxoU
+0X3FVsxmC4+kwAAACBAPOc1YERpV6PjANBrGR+1o1RCdACbm5myc42QzSNIaOZmgrYs+Gt
+7+EcoqSdbJzHJNCNQfF+A+vjbIkFiuZqq/5wwr59qXx5OAlijLB/ywwKmTWq6lp//Zxny+
+ka3sIGNO14eQvmxNDnlLL+RIZleCTEKBXSW6CZhr+uHMZFKKMtAAAAgQDrSkm+LbILB7H9
+jxEBZLhv53aAn4u81kFKQOJ7PzzpBGSoD12i7oIJu5siSD5EKDNVEr+SvCf0ISU3BuMpzl
+t3YrPrHRheOFhn5e3j0e//zB8rBC0DGB4CtTDdeh7rOXUL4K0pz+8wEpNkV62SWxhC6NRW
+I79JhtGkh+GtcnkEfwAAAAAB
+-----END OPENSSH PRIVATE KEY-----

regress/misc/fuzz-harness/testdata/id_rsa-cert.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_rsa-cert.pub b/regress/misc/fuzz-harness/testdata/id_rsa-cert.pub
new file mode 100644
index 0000000..01761a3
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_rsa-cert.pub
@@ -0,0 +1 @@
+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg89JX6OBMYDSxER8fnU5y8xxeMCHR/hI0uVqdEhNyCpcAAAADAQABAAABAQDf56l/5UYqgY9oBlet/pLRzK6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZmDH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGmlMlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29Tt9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdTAAAAAAAAA+0AAAABAAAAB3VseXNzZXMAAAAXAAAAB3VseXNzZXMAAAAIb2R5c3NldXMAAAAAAAAAAP//////////AAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgM9BeYRUxUuZ4VHJp8oxVaA8OS/z+5EFPCZwQNq1nMwMAAABTAAAAC3NzaC1lZDI1NTE5AAAAQGCDA6PWw4x9bHQl0w7NqifHepumqD3dmyMx+hZGuPRon+TsyCjfytu7hWmV7l9XUF0fPQNFQ7FGat5e+7YUNgE= id_rsa.pub

regress/misc/fuzz-harness/testdata/id_rsa.pub

diff --git a/regress/misc/fuzz-harness/testdata/id_rsa.pub b/regress/misc/fuzz-harness/testdata/id_rsa.pub
new file mode 100644
index 0000000..05015e1
--- /dev/null
+++ b/regress/misc/fuzz-harness/testdata/id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDf56l/5UYqgY9oBlet/pLRzK6ZCd12QYGdUVfQDl6HftG0u6DSpjm2HGwFRsYZWv2ZN3ZBfAu6MHBiDmXUw/8WaD7nfXZmDH2keZL6opQttqvSGU2Cm00Rv5o1R3ej2qDdpepebv5meMBXTl5/+bE1E3Zm+4STDtxGmlMlxsEj68XeVe4JedfaSUMj3kaXYBbdYdG1qeosdle4GSONEEMpzsxSr8Y/WGYuIB33l29Tt9mNGUgSw/zjMYQjUVvQv+SY8dw62JV8d+3wK2YL2/r73gms6I8EE1JxX53KuAAY+x0p2v/W8ilCYI2Ijyzc8KIPwntmIFpibQjx+rkb+qdT

regress/misc/kexfuzz/Makefile

diff --git a/regress/misc/kexfuzz/Makefile b/regress/misc/kexfuzz/Makefile
deleted file mode 100644
index ede5e2f..0000000
--- a/regress/misc/kexfuzz/Makefile
+++ /dev/null
@@ -1,101 +0,0 @@
-#	$OpenBSD: Makefile,v 1.8 2020/04/03 04:07:48 djm Exp $
-
-.include <bsd.own.mk>
-.include <bsd.obj.mk>
-
-# XXX detect from ssh binary?
-SSH1?=		no
-OPENSSL?=	yes
-
-PROG=	kexfuzz
-SRCS=	kexfuzz.c
-
-SSHREL=../../../../../usr.bin/ssh
-.PATH: ${.CURDIR}/${SSHREL}
-# From usr.bin/ssh
-SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
-SRCS+=atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c ssh-dss.c
-SRCS+=ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
-SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
-SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
-SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
-SRCS+=cipher-chachapoly.c chacha.c poly1305.c utf8.c
-SRCS+=sshbuf-io.c ssh-ecdsa-sk.c ssh-ed25519-sk.c msg.c ssh-sk-client.c
-
-SRCS+=	kex.c
-SRCS+=	dh.c
-SRCS+=	kexdh.c
-SRCS+=	kexecdh.c
-SRCS+=	kexgex.c
-SRCS+=	kexgexc.c
-SRCS+=	kexgexs.c
-SRCS+=	kexc25519.c
-SRCS+=	smult_curve25519_ref.c
-SRCS+=	kexgen.c
-SRCS+=	kexsntrup4591761x25519.c
-SRCS+=	sntrup4591761.c
-
-SRCS+=digest-openssl.c
-#SRCS+=digest-libc.c
-
-NOMAN=	1
-
-.if (${OPENSSL:L} == "yes")
-CFLAGS+=	-DWITH_OPENSSL
-.else
-# SSH v.1 requires OpenSSL.
-SSH1=		no
-.endif
-
-.if (${SSH1:L} == "yes")
-CFLAGS+=	-DWITH_SSH1
-.endif
-
-LDADD+= -lfido2 -lcbor -lusbhid
-DPADD+= ${LIBFIDO2} ${LIBCBOR} ${LIBUSBHID}
-
-# enable warnings
-WARNINGS=Yes
-
-DEBUG=-g
-CFLAGS+=	-fstack-protector-all
-CDIAGFLAGS=	-Wall
-CDIAGFLAGS+=	-Wextra
-CDIAGFLAGS+=	-Werror
-CDIAGFLAGS+=	-Wchar-subscripts
-CDIAGFLAGS+=	-Wcomment
-CDIAGFLAGS+=	-Wformat
-CDIAGFLAGS+=	-Wformat-security
-CDIAGFLAGS+=	-Wimplicit
-CDIAGFLAGS+=	-Winline
-CDIAGFLAGS+=	-Wmissing-declarations
-CDIAGFLAGS+=	-Wmissing-prototypes
-CDIAGFLAGS+=	-Wparentheses
-CDIAGFLAGS+=	-Wpointer-arith
-CDIAGFLAGS+=	-Wreturn-type
-CDIAGFLAGS+=	-Wshadow
-CDIAGFLAGS+=	-Wsign-compare
-CDIAGFLAGS+=	-Wstrict-aliasing
-CDIAGFLAGS+=	-Wstrict-prototypes
-CDIAGFLAGS+=	-Wswitch
-CDIAGFLAGS+=	-Wtrigraphs
-CDIAGFLAGS+=	-Wuninitialized
-CDIAGFLAGS+=	-Wunused
-CDIAGFLAGS+=	-Wno-unused-parameter
-.if ${COMPILER_VERSION:L} != "gcc3"
-CDIAGFLAGS+=	-Wold-style-definition
-.endif
-
-
-CFLAGS+=-I${.CURDIR}/${SSHREL}
-
-LDADD+= -lutil -lz
-DPADD+= ${LIBUTIL} ${LIBZ}
-
-.if (${OPENSSL:L} == "yes")
-LDADD+= -lcrypto
-DPADD+= ${LIBCRYPTO}
-.endif
-
-.include <bsd.prog.mk>
-

regress/misc/kexfuzz/README

diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README
deleted file mode 100644
index 504c26f..0000000
--- a/regress/misc/kexfuzz/README
+++ /dev/null
@@ -1,34 +0,0 @@
-This is a harness to help with fuzzing KEX.
-
-To use it, you first set it to count packets in each direction:
-
-./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c
-S2C: 29
-C2S: 31
-
-Then get it to record a particular packet (in this case the 4th
-packet from client->server):
-
-./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
-    -d -D C2S -i 3 -f packet_3
-
-Fuzz the packet somehow:
-
-dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example
-
-Then re-run the key exchange substituting the modified packet in
-its original sequence:
-
-./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
-    -r -D C2S -i 3 -f packet_3
-
-A comprehensive KEX fuzz run would fuzz every packet in both
-directions for each key exchange type and every hostkey type.
-This will take some time.
-
-Limitations: kexfuzz can't change the ordering of packets at
-present. It is limited to replacing individual packets with
-fuzzed variants with the same type. It really should allow
-insertion, deletion on replacement of packets too.
-
-$OpenBSD: README,v 1.3 2017/10/20 02:13:41 djm Exp $

regress/misc/kexfuzz/kexfuzz.c

diff --git a/regress/misc/kexfuzz/kexfuzz.c b/regress/misc/kexfuzz/kexfuzz.c
deleted file mode 100644
index 56697c9..0000000
--- a/regress/misc/kexfuzz/kexfuzz.c
+++ /dev/null
@@ -1,453 +0,0 @@
-/* 	$OpenBSD: kexfuzz.c,v 1.6 2020/01/26 00:09:50 djm Exp $ */
-/*
- * Fuzz harness for KEX code
- *
- * Placed in the public domain
- */
-
-#include "includes.h"
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <stdio.h>
-#ifdef HAVE_STDINT_H
-# include <stdint.h>
-#endif
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#ifdef HAVE_ERR_H
-# include <err.h>
-#endif
-
-#include "ssherr.h"
-#include "ssh_api.h"
-#include "sshbuf.h"
-#include "packet.h"
-#include "myproposal.h"
-#include "authfile.h"
-#include "log.h"
-
-void kex_tests(void);
-static int do_debug = 0;
-
-enum direction { S2C, C2S };
-
-struct hook_ctx {
-	struct ssh *client, *server, *server2;
-	int *c2s, *s2c;
-	int trigger_direction, packet_index;
-	const char *dump_path;
-	struct sshbuf *replace_data;
-};
-
-static int
-packet_hook(struct ssh *ssh, struct sshbuf *packet, u_char *typep, void *_ctx)
-{
-	struct hook_ctx *ctx = (struct hook_ctx *)_ctx;
-	int mydirection = ssh == ctx->client ? S2C : C2S;
-	int *packet_count = mydirection == S2C ? ctx->s2c : ctx->c2s;
-	FILE *dumpfile;
-	int r;
-
-	if (do_debug) {
-		printf("%s packet %d type %u:\n",
-		    mydirection == S2C ? "s2c" : "c2s",
-		    *packet_count, *typep);
-		sshbuf_dump(packet, stdout);
-	}
-	if (mydirection == ctx->trigger_direction &&
-	    ctx->packet_index == *packet_count) {
-		if (ctx->replace_data != NULL) {
-			sshbuf_reset(packet);
-			/* Type is first byte of packet */
-			if ((r = sshbuf_get_u8(ctx->replace_data,
-			    typep)) != 0 ||
-			    (r = sshbuf_putb(packet, ctx->replace_data)) != 0)
-				return r;
-			if (do_debug) {
-				printf("***** replaced packet type %u\n",
-				    *typep);
-				sshbuf_dump(packet, stdout);
-			}
-		} else if (ctx->dump_path != NULL) {
-			if ((dumpfile = fopen(ctx->dump_path, "w+")) == NULL)
-				err(1, "fopen %s", ctx->dump_path);
-			/* Write { type, packet } */
-			if (fwrite(typep, 1, 1, dumpfile) != 1)
-				err(1, "fwrite type %s", ctx->dump_path);
-			if (sshbuf_len(packet) != 0 &&
-			    fwrite(sshbuf_ptr(packet), sshbuf_len(packet),
-			    1, dumpfile) != 1)
-				err(1, "fwrite body %s", ctx->dump_path);
-			if (do_debug) {
-				printf("***** dumped packet type %u len %zu\n",
-				    *typep, sshbuf_len(packet));
-			}
-			fclose(dumpfile);
-			/* No point in continuing */
-			exit(0);
-		}
-	}
-	(*packet_count)++;
-	return 0;
-}
-
-static int
-do_send_and_receive(struct ssh *from, struct ssh *to)
-{
-	u_char type;
-	size_t len;
-	const u_char *buf;
-	int r;
-
-	for (;;) {
-		if ((r = ssh_packet_next(from, &type)) != 0) {
-			fprintf(stderr, "ssh_packet_next: %s\n", ssh_err(r));
-			return r;
-		}
-
-		if (type != 0)
-			return 0;
-		buf = ssh_output_ptr(from, &len);
-		if (len == 0)
-			return 0;
-		if ((r = ssh_input_append(to, buf, len)) != 0) {
-			debug("ssh_input_append: %s", ssh_err(r));
-			return r;
-		}
-		if ((r = ssh_output_consume(from, len)) != 0) {
-			debug("ssh_output_consume: %s", ssh_err(r));
-			return r;
-		}
-	}
-}
-
-/* Minimal test_helper.c scaffholding to make this standalone */
-const char *in_test = NULL;
-#define TEST_START(a)	\
-	do { \
-		in_test = (a); \
-		if (do_debug) \
-			fprintf(stderr, "test %s starting\n", in_test); \
-	} while (0)
-#define TEST_DONE()	\
-	do { \
-		if (do_debug) \
-			fprintf(stderr, "test %s done\n", \
-			    in_test ? in_test : "???"); \
-		in_test = NULL; \
-	} while(0)
-#define ASSERT_INT_EQ(a, b) \
-	do { \
-		if ((int)(a) != (int)(b)) { \
-			fprintf(stderr, "%s %s:%d " \
-			    "%s (%d) != expected %s (%d)\n", \
-			    in_test ? in_test : "(none)", \
-			    __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \
-			exit(2); \
-		} \
-	} while (0)
-#define ASSERT_INT_GE(a, b) \
-	do { \
-		if ((int)(a) < (int)(b)) { \
-			fprintf(stderr, "%s %s:%d " \
-			    "%s (%d) < expected %s (%d)\n", \
-			    in_test ? in_test : "(none)", \
-			    __func__, __LINE__, #a, (int)(a), #b, (int)(b)); \
-			exit(2); \
-		} \
-	} while (0)
-#define ASSERT_PTR_NE(a, b) \
-	do { \
-		if ((a) == (b)) { \
-			fprintf(stderr, "%s %s:%d " \
-			    "%s (%p) != expected %s (%p)\n", \
-			    in_test ? in_test : "(none)", \
-			    __func__, __LINE__, #a, (a), #b, (b)); \
-			exit(2); \
-		} \
-	} while (0)
-
-
-static void
-run_kex(struct ssh *client, struct ssh *server)
-{
-	int r = 0;
-
-	while (!server->kex->done || !client->kex->done) {
-		if ((r = do_send_and_receive(server, client)) != 0) {
-			debug("do_send_and_receive S2C: %s", ssh_err(r));
-			break;
-		}
-		if ((r = do_send_and_receive(client, server)) != 0) {
-			debug("do_send_and_receive C2S: %s", ssh_err(r));
-			break;
-		}
-	}
-	if (do_debug)
-		printf("done: %s\n", ssh_err(r));
-	ASSERT_INT_EQ(r, 0);
-	ASSERT_INT_EQ(server->kex->done, 1);
-	ASSERT_INT_EQ(client->kex->done, 1);
-}
-
-static void
-do_kex_with_key(const char *kex, struct sshkey *prvkey, int *c2s, int *s2c,
-    int direction, int packet_index,
-    const char *dump_path, struct sshbuf *replace_data)
-{
-	struct ssh *client = NULL, *server = NULL, *server2 = NULL;
-	struct sshkey *pubkey = NULL;
-	struct sshbuf *state;
-	struct kex_params kex_params;
-	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
-	char *keyname = NULL;
-	struct hook_ctx hook_ctx;
-
-	TEST_START("sshkey_from_private");
-	ASSERT_INT_EQ(sshkey_from_private(prvkey, &pubkey), 0);
-	TEST_DONE();
-
-	TEST_START("ssh_init");
-	memcpy(kex_params.proposal, myproposal, sizeof(myproposal));
-	if (kex != NULL)
-		kex_params.proposal[PROPOSAL_KEX_ALGS] = strdup(kex);
-	keyname = strdup(sshkey_ssh_name(prvkey));
-	ASSERT_PTR_NE(keyname, NULL);
-	kex_params.proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = keyname;
-	ASSERT_INT_EQ(ssh_init(&client, 0, &kex_params), 0);
-	ASSERT_INT_EQ(ssh_init(&server, 1, &kex_params), 0);
-	ASSERT_INT_EQ(ssh_init(&server2, 1, NULL), 0);
-	ASSERT_PTR_NE(client, NULL);
-	ASSERT_PTR_NE(server, NULL);
-	ASSERT_PTR_NE(server2, NULL);
-	TEST_DONE();
-
-	hook_ctx.c2s = c2s;
-	hook_ctx.s2c = s2c;
-	hook_ctx.trigger_direction = direction;
-	hook_ctx.packet_index = packet_index;
-	hook_ctx.dump_path = dump_path;
-	hook_ctx.replace_data = replace_data;
-	hook_ctx.client = client;
-	hook_ctx.server = server;
-	hook_ctx.server2 = server2;
-	ssh_packet_set_input_hook(client, packet_hook, &hook_ctx);
-	ssh_packet_set_input_hook(server, packet_hook, &hook_ctx);
-	ssh_packet_set_input_hook(server2, packet_hook, &hook_ctx);
-
-	TEST_START("ssh_add_hostkey");
-	ASSERT_INT_EQ(ssh_add_hostkey(server, prvkey), 0);
-	ASSERT_INT_EQ(ssh_add_hostkey(client, pubkey), 0);
-	TEST_DONE();
-
-	TEST_START("kex");
-	run_kex(client, server);
-	TEST_DONE();
-
-	TEST_START("rekeying client");
-	ASSERT_INT_EQ(kex_send_kexinit(client), 0);
-	run_kex(client, server);
-	TEST_DONE();
-
-	TEST_START("rekeying server");
-	ASSERT_INT_EQ(kex_send_kexinit(server), 0);
-	run_kex(client, server);
-	TEST_DONE();
-
-	TEST_START("ssh_packet_get_state");
-	state = sshbuf_new();
-	ASSERT_PTR_NE(state, NULL);
-	ASSERT_INT_EQ(ssh_packet_get_state(server, state), 0);
-	ASSERT_INT_GE(sshbuf_len(state), 1);
-	TEST_DONE();
-
-	TEST_START("ssh_packet_set_state");
-	ASSERT_INT_EQ(ssh_add_hostkey(server2, prvkey), 0);
-	kex_free(server2->kex);	/* XXX or should ssh_packet_set_state()? */
-	ASSERT_INT_EQ(ssh_packet_set_state(server2, state), 0);
-	ASSERT_INT_EQ(sshbuf_len(state), 0);
-	sshbuf_free(state);
-	ASSERT_PTR_NE(server2->kex, NULL);
-	/* XXX we need to set the callbacks */
-#ifdef WITH_OPENSSL
-	server2->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
-	server2->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_server;
-	server2->kex->kex[KEX_DH_GRP14_SHA256] = kex_gen_server;
-	server2->kex->kex[KEX_DH_GRP16_SHA512] = kex_gen_server;
-	server2->kex->kex[KEX_DH_GRP18_SHA512] = kex_gen_server;
-	server2->kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
-	server2->kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
-# ifdef OPENSSL_HAS_ECC
-	server2->kex->kex[KEX_ECDH_SHA2] = kex_gen_server;
-# endif
-#endif
-	server2->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
-	server2->kex->load_host_public_key = server->kex->load_host_public_key;
-	server2->kex->load_host_private_key = server->kex->load_host_private_key;
-	server2->kex->sign = server->kex->sign;
-	TEST_DONE();
-
-	TEST_START("rekeying server2");
-	ASSERT_INT_EQ(kex_send_kexinit(server2), 0);
-	run_kex(client, server2);
-	ASSERT_INT_EQ(kex_send_kexinit(client), 0);
-	run_kex(client, server2);
-	TEST_DONE();
-
-	TEST_START("cleanup");
-	sshkey_free(pubkey);
-	ssh_free(client);
-	ssh_free(server);
-	ssh_free(server2);
-	free(keyname);
-	TEST_DONE();
-}
-
-static void
-usage(void)
-{
-	fprintf(stderr,
-	    "Usage: kexfuzz [-hcdrv] [-D direction] [-f data_file]\n"
-	    "               [-K kex_alg] [-k private_key] [-i packet_index]\n"
-	    "\n"
-	    "Options:\n"
-	    "    -h               Display this help\n"
-	    "    -c               Count packets sent during KEX\n"
-	    "    -d               Dump mode: record KEX packet to data file\n"
-	    "    -r               Replace mode: replace packet with data file\n"
-	    "    -v               Turn on verbose logging\n"
-	    "    -D S2C|C2S       Packet direction for replacement or dump\n"
-	    "    -f data_file     Path to data file for replacement or dump\n"
-	    "    -K kex_alg       Name of KEX algorithm to test (see below)\n"
-	    "    -k private_key   Path to private key file\n"
-	    "    -i packet_index  Index of packet to replace or dump (from 0)\n"
-	    "\n"
-	    "Available KEX algorithms: %s\n", kex_alg_list(' '));
-}
-
-static void
-badusage(const char *bad)
-{
-	fprintf(stderr, "Invalid options\n");
-	fprintf(stderr, "%s\n", bad);
-	usage();
-	exit(1);
-}
-
-int
-main(int argc, char **argv)
-{
-	int ch, fd, r;
-	int count_flag = 0, dump_flag = 0, replace_flag = 0;
-	int packet_index = -1, direction = -1;
-	int s2c = 0, c2s = 0; /* packet counts */
-	const char *kex = NULL, *kpath = NULL, *data_path = NULL;
-	struct sshkey *key = NULL;
-	struct sshbuf *replace_data = NULL;
-
-	setvbuf(stdout, NULL, _IONBF, 0);
-	while ((ch = getopt(argc, argv, "hcdrvD:f:K:k:i:")) != -1) {
-		switch (ch) {
-		case 'h':
-			usage();
-			return 0;
-		case 'c':
-			count_flag = 1;
-			break;
-		case 'd':
-			dump_flag = 1;
-			break;
-		case 'r':
-			replace_flag = 1;
-			break;
-		case 'v':
-			do_debug = 1;
-			break;
-
-		case 'D':
-			if (strcasecmp(optarg, "s2c") == 0)
-				direction = S2C;
-			else if (strcasecmp(optarg, "c2s") == 0)
-				direction = C2S;
-			else
-				badusage("Invalid direction (-D)");
-			break;
-		case 'f':
-			data_path = optarg;
-			break;
-		case 'K':
-			kex = optarg;
-			break;
-		case 'k':
-			kpath = optarg;
-			break;
-		case 'i':
-			packet_index = atoi(optarg);
-			if (packet_index < 0)
-				badusage("Invalid packet index");
-			break;
-		default:
-			badusage("unsupported flag");
-		}
-	}
-	argc -= optind;
-	argv += optind;
-
-	log_init(argv[0], do_debug ? SYSLOG_LEVEL_DEBUG3 : SYSLOG_LEVEL_INFO,
-	    SYSLOG_FACILITY_USER, 1);
-
-	/* Must select a single mode */
-	if ((count_flag + dump_flag + replace_flag) != 1)
-		badusage("Must select one mode: -c, -d or -r");
-	/* KEX type is mandatory */
-	if (kex == NULL || !kex_names_valid(kex) || strchr(kex, ',') != NULL)
-		badusage("Missing or invalid kex type (-K flag)");
-	/* Valid key is mandatory */
-	if (kpath == NULL)
-		badusage("Missing private key (-k flag)");
-	if ((fd = open(kpath, O_RDONLY)) == -1)
-		err(1, "open %s", kpath);
-	if ((r = sshkey_load_private_type_fd(fd, KEY_UNSPEC, NULL,
-	    &key, NULL)) != 0)
-		errx(1, "Unable to load key %s: %s", kpath, ssh_err(r));
-	close(fd);
-	/* XXX check that it is a private key */
-	/* XXX support certificates */
-	if (key == NULL || key->type == KEY_UNSPEC)
-		badusage("Invalid key file (-k flag)");
-
-	/* Replace (fuzz) mode */
-	if (replace_flag) {
-		if (packet_index == -1 || direction == -1 || data_path == NULL)
-			badusage("Replace (-r) mode must specify direction "
-			    "(-D) packet index (-i) and data path (-f)");
-		if ((r = sshbuf_load_file(data_path, &replace_data)) != 0)
-			errx(1, "read %s: %s", data_path, ssh_err(r));
-	}
-
-	/* Dump mode */
-	if (dump_flag) {
-		if (packet_index == -1 || direction == -1 || data_path == NULL)
-			badusage("Dump (-d) mode must specify direction "
-			    "(-D), packet index (-i) and data path (-f)");
-	}
-
-	/* Count mode needs no further flags */
-
-	do_kex_with_key(kex, key, &c2s, &s2c,
-	    direction, packet_index,
-	    dump_flag ? data_path : NULL,
-	    replace_flag ? replace_data : NULL);
-	sshkey_free(key);
-	sshbuf_free(replace_data);
-
-	if (count_flag) {
-		printf("S2C: %d\n", s2c);
-		printf("C2S: %d\n", c2s);
-	}
-
-	return 0;
-}

regress/misc/sk-dummy/fatal.c

diff --git a/regress/misc/sk-dummy/fatal.c b/regress/misc/sk-dummy/fatal.c
index 7cdc74b..c6e4b5d 100644
--- a/regress/misc/sk-dummy/fatal.c
+++ b/regress/misc/sk-dummy/fatal.c
@@ -1,20 +1,27 @@
 /* public domain */
 
+#include "includes.h"
+
 #include <stdlib.h>
 #include <stdio.h>
 #include <stdarg.h>
 #include <unistd.h>
 
-void fatal(char *fmt, ...);
+#include "log.h"
 
 void
-fatal(char *fmt, ...)
+sshfatal(const char *file, const char *func, int line, int showfunc,
+    LogLevel level, const char *suffix, const char *fmt, ...)
 {
 	va_list ap;
 
+	if (showfunc)
+		fprintf(stderr, "%s: ", func);
 	va_start(ap, fmt);
 	vfprintf(stderr, fmt, ap);
 	va_end(ap);
+	if (suffix != NULL)
+		fprintf(stderr, ": %s", suffix);
 	fputc('\n', stderr);
 	_exit(1);
 }

regress/misc/sk-dummy/sk-dummy.c

diff --git a/regress/misc/sk-dummy/sk-dummy.c b/regress/misc/sk-dummy/sk-dummy.c
index f3acb2f..4003362 100644
--- a/regress/misc/sk-dummy/sk-dummy.c
+++ b/regress/misc/sk-dummy/sk-dummy.c
@@ -47,10 +47,17 @@
 	} while (0)
 #endif
 
-#if SSH_SK_VERSION_MAJOR != 0x00050000
+#if SSH_SK_VERSION_MAJOR != 0x00070000
 # error SK API has changed, sk-dummy.c needs an update
 #endif
 
+#ifdef SK_DUMMY_INTEGRATE
+# define sk_api_version		ssh_sk_api_version
+# define sk_enroll		ssh_sk_enroll
+# define sk_sign		ssh_sk_sign
+# define sk_load_resident_keys	ssh_sk_load_resident_keys
+#endif /* !SK_STANDALONE */
+
 static void skdebug(const char *func, const char *fmt, ...)
     __attribute__((__format__ (printf, 2, 3)));
 

regress/multiplex.sh

diff --git a/regress/multiplex.sh b/regress/multiplex.sh
index 817ddbf..4744fa3 100644
--- a/regress/multiplex.sh
+++ b/regress/multiplex.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: multiplex.sh,v 1.32 2020/01/25 02:57:53 dtucker Exp $
+#	$OpenBSD: multiplex.sh,v 1.33 2020/06/24 15:16:23 markus Exp $
 #	Placed in the Public Domain.
 
 make_tmpdir
@@ -97,22 +97,24 @@
 rm -f ${COPY} $OBJ/unix-[123].fwd
 
 for s in 0 1 4 5 44; do
-	trace "exit status $s over multiplexed connection"
-	verbose "test $tid: status $s"
-	${SSH} -F $OBJ/ssh_config -S $CTL otherhost exit $s
+   for mode in "" "-Oproxy"; do
+	trace "exit status $s over multiplexed connection ($mode)"
+	verbose "test $tid: status $s ($mode)"
+	${SSH} -F $OBJ/ssh_config -S $CTL $mode otherhost exit $s
 	r=$?
 	if [ $r -ne $s ]; then
 		fail "exit code mismatch: $r != $s"
 	fi
 
 	# same with early close of stdout/err
-	trace "exit status $s with early close over multiplexed connection"
-	${SSH} -F $OBJ/ssh_config -S $CTL -n otherhost \
+	trace "exit status $s with early close over multiplexed connection ($mode)"
+	${SSH} -F $OBJ/ssh_config -S $CTL -n $mode otherhost \
                 exec sh -c \'"sleep 2; exec > /dev/null 2>&1; sleep 3; exit $s"\'
 	r=$?
 	if [ $r -ne $s ]; then
 		fail "exit code (with sleep) mismatch: $r != $s"
 	fi
+   done
 done
 
 verbose "test $tid: cmd check"

regress/multipubkey.sh

diff --git a/regress/multipubkey.sh b/regress/multipubkey.sh
index 9b22733..8cdda1a 100644
--- a/regress/multipubkey.sh
+++ b/regress/multipubkey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: multipubkey.sh,v 1.3 2019/12/11 18:47:14 djm Exp $
+#	$OpenBSD: multipubkey.sh,v 1.4 2021/06/07 01:16:34 djm Exp $
 #	Placed in the Public Domain.
 
 tid="multiple pubkey"
@@ -31,27 +31,35 @@
 opts="-oProtocol=2 -F $OBJ/ssh_proxy -oIdentitiesOnly=yes"
 opts="$opts -i $OBJ/cert_user_key1 -i $OBJ/user_key1 -i $OBJ/user_key2"
 
-for privsep in yes ; do
+for match in no yes ; do
 	(
-		grep -v "Protocol"  $OBJ/sshd_proxy.orig
+		cat  $OBJ/sshd_proxy.orig
 		echo "Protocol 2"
-		echo "UsePrivilegeSeparation $privsep"
-		echo "AuthenticationMethods publickey,publickey"
 		echo "TrustedUserCAKeys $OBJ/user_ca_key.pub"
 		echo "AuthorizedPrincipalsFile $OBJ/authorized_principals_%u"
  	) > $OBJ/sshd_proxy
+	if test "$match" = "yes" ; then
+		echo "AuthenticationMethods none" >> $OBJ/sshd_proxy
+		echo "PubkeyAuthentication no" >> $OBJ/sshd_proxy
+		echo "Match all" >> $OBJ/sshd_proxy
+		echo "PubkeyAuthentication yes" >> $OBJ/sshd_proxy
+	fi
+	echo "AuthenticationMethods publickey,publickey" >> $OBJ/sshd_proxy
 
 	# Single key should fail.
+	trace "match $match single key"
 	rm -f $OBJ/authorized_principals_$USER
 	cat $OBJ/user_key1.pub > $OBJ/authorized_keys_$USER
 	${SSH} $opts proxy true && fail "ssh succeeded with key"
 
 	# Single key with same-public cert should fail.
+	trace "match $match pubkey + identical cert"
 	echo mekmitasdigoat > $OBJ/authorized_principals_$USER
 	cat $OBJ/user_key1.pub > $OBJ/authorized_keys_$USER
 	${SSH} $opts proxy true && fail "ssh succeeded with key+cert"
 
 	# Multiple plain keys should succeed.
+	trace "match $match multiple public"
 	rm -f $OBJ/authorized_principals_$USER
 	cat $OBJ/user_key1.pub $OBJ/user_key2.pub > \
 	    $OBJ/authorized_keys_$USER
@@ -59,6 +67,7 @@
 	# Cert and different key should succeed
 
 	# Key and different-public cert should succeed.
+	trace "match $match pubkey + different cert"
 	echo mekmitasdigoat > $OBJ/authorized_principals_$USER
 	cat $OBJ/user_key2.pub > $OBJ/authorized_keys_$USER
 	${SSH} $opts proxy true || fail "ssh failed with key/cert"

regress/netcat.c

diff --git a/regress/netcat.c b/regress/netcat.c
index fe94dd9..20ec3f5 100644
--- a/regress/netcat.c
+++ b/regress/netcat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: netcat.c,v 1.126 2014/10/30 16:08:31 tedu Exp $ */
+/* $OpenBSD: netcat.c,v 1.131 2015/09/03 23:06:28 sobrado Exp $ */
 /*
  * Copyright (c) 2001 Eric Jackson <ericj@monkey.org>
  *
@@ -44,14 +44,15 @@
 #include <netinet/ip.h>
 
 #include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
 #include <netdb.h>
+#include <signal.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
-#include <fcntl.h>
-#include <limits.h>
 #include "atomicio.h"
 
 #ifdef HAVE_POLL_H
@@ -68,6 +69,9 @@
 # include <sys/byteorder.h>
 #endif
 
+/* rename to avoid collision in libssh */
+#define timeout_connect netcat_timeout_connect
+
 /* Telnet options from arpa/telnet.h */
 #define IAC	255
 #define DONT	254
@@ -133,7 +137,7 @@
 int	unix_bind(char *);
 int	unix_connect(char *);
 int	unix_listen(char *);
-void	set_common_sockopts(int);
+void	set_common_sockopts(int, int);
 int	map_tos(char *, int *);
 void	report_connect(const struct sockaddr *, socklen_t);
 void	usage(int);
@@ -162,6 +166,8 @@
 	uport = NULL;
 	sv = NULL;
 
+	signal(SIGPIPE, SIG_IGN);
+
 	while ((ch = getopt(argc, argv,
 	    "46DdFhI:i:klNnO:P:p:rSs:tT:UuV:vw:X:x:z")) != -1) {
 		switch (ch) {
@@ -648,7 +654,7 @@
 			freeaddrinfo(ares);
 		}
 
-		set_common_sockopts(s);
+		set_common_sockopts(s, res0->ai_family);
 
 		if (timeout_connect(s, res0->ai_addr, res0->ai_addrlen) == 0)
 			break;
@@ -748,7 +754,7 @@
 		if (ret == -1)
 			err(1, "setsockopt SO_REUSEADDR");
 #endif
-		set_common_sockopts(s);
+		set_common_sockopts(s, res0->ai_family);
 
 		if (bind(s, (struct sockaddr *)res0->ai_addr,
 		    res0->ai_addrlen) == 0)
@@ -1034,17 +1040,17 @@
 
 	bzero(&pfd, sizeof(pfd));
 	pfd.fd = STDOUT_FILENO;
+	pfd.events = POLLOUT;
 	for (;;) {
 		r = sendmsg(STDOUT_FILENO, &msg, 0);
 		if (r == -1) {
 			if (errno == EAGAIN || errno == EINTR) {
-				pfd.events = POLLOUT;
 				if (poll(&pfd, 1, -1) == -1)
 					err(1, "poll");
 				continue;
 			}
 			err(1, "sendmsg");
-		} else if (r == -1)
+		} else if (r != 1)
 			errx(1, "sendmsg: unexpected return value %zd", r);
 		else
 			break;
@@ -1168,7 +1174,7 @@
 }
 
 void
-set_common_sockopts(int s)
+set_common_sockopts(int s, int af)
 {
 	int x = 1;
 
@@ -1184,10 +1190,19 @@
 			&x, sizeof(x)) == -1)
 			err(1, "setsockopt");
 	}
-#ifdef IP_TOS
+#if defined(IP_TOS) && defined(IPV6_TCLASS)
 	if (Tflag != -1) {
-		if (setsockopt(s, IPPROTO_IP, IP_TOS,
-		    &Tflag, sizeof(Tflag)) == -1)
+		int proto, option;
+
+		if (af == AF_INET6) {
+			proto = IPPROTO_IPV6;
+			option = IPV6_TCLASS;
+		} else {
+			proto = IPPROTO_IP;
+			option = IP_TOS;
+		}
+
+		if (setsockopt(s, proto, option, &Tflag, sizeof(Tflag)) == -1)
 			err(1, "set IP ToS");
 	}
 #endif
@@ -1321,7 +1336,7 @@
 {
 	fprintf(stderr,
 	    "usage: nc [-46DdFhklNnrStUuvz] [-I length] [-i interval] [-O length]\n"
-	    "\t  [-P proxy_username] [-p source_port] [-s source] [-T ToS]\n"
+	    "\t  [-P proxy_username] [-p source_port] [-s source] [-T toskeyword]\n"
 	    "\t  [-V rtable] [-w timeout] [-X proxy_protocol]\n"
 	    "\t  [-x proxy_address[:port]] [destination] [port]\n");
 	if (ret)

regress/percent.sh

diff --git a/regress/percent.sh b/regress/percent.sh
index 2e891f6..7ed4184 100644
--- a/regress/percent.sh
+++ b/regress/percent.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: percent.sh,v 1.6 2020/04/10 00:54:03 dtucker Exp $
+#	$OpenBSD: percent.sh,v 1.13 2021/07/25 12:13:03 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="percent expansions"
@@ -25,12 +25,21 @@
 
 	trace "test $opt=$arg $expect"
 	rm -f $OBJ/actual
+	got=""
 	case "$opt" in
 	localcommand)
 		${SSH} -F $OBJ/ssh_proxy -o $opt="echo '$arg' >$OBJ/actual" \
 		    somehost true
 		got=`cat $OBJ/actual`
 		;;
+	userknownhostsfile)
+		# Move the userknownhosts file to what the expansion says,
+		# make sure ssh works then put it back.
+		mv "$OBJ/known_hosts" "$OBJ/$expect"
+		${SSH} -F $OBJ/ssh_proxy -o $opt="$OBJ/$arg" somehost true && \
+			got="$expect"
+		mv "$OBJ/$expect" "$OBJ/known_hosts"
+		;;
 	matchexec)
 		(cat $OBJ/ssh_proxy && \
 		 echo "Match Exec \"echo '$arg' >$OBJ/actual\"") \
@@ -55,34 +64,56 @@
 }
 
 for i in matchexec localcommand remotecommand controlpath identityagent \
-    forwardagent localforward remoteforward; do
-	verbose $tid $i
-	if [ "$i" = "localcommand" ]; then
-		REMUSER=$USER
+    forwardagent localforward remoteforward userknownhostsfile; do
+	verbose $tid $i percent
+	case "$i" in
+	localcommand|userknownhostsfile)
+		# Any test that's going to actually make a connection needs
+		# to use the real username.
+		REMUSER=$USER ;;
+	*)
+		REMUSER=remuser ;;
+	esac
+	if [ "$i" = "$localcommand" ]; then
 		trial $i '%T' NONE
-	else
-		REMUSER=remuser
 	fi
 	# Matches implementation in readconf.c:ssh_connection_hash()
 	HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" |
-	    openssl sha1 | cut -f2 -d' '`
+	    $OPENSSL_BIN sha1 | cut -f2 -d' '`
 	trial $i '%%' '%'
 	trial $i '%C' $HASH
 	trial $i '%i' $USERID
 	trial $i '%h' 127.0.0.1
-	trial $i '%d' $HOME
 	trial $i '%L' $HOST
 	trial $i '%l' $HOSTNAME
 	trial $i '%n' somehost
+	trial $i '%k' localhost-with-alias
 	trial $i '%p' $PORT
 	trial $i '%r' $REMUSER
 	trial $i '%u' $USER
-	trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
-	    "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
+	# We can't specify a full path outside the regress dir, so skip tests
+	# containing %d for UserKnownHostsFile
+	if [ "$i" != "userknownhostsfile" ]; then
+		trial $i '%d' $HOME
+		trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
+		    "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
+	fi
 done
 
+# Subset of above since we don't expand shell-style variables on anything that
+# runs a command because the shell will expand those.
+for i in controlpath identityagent forwardagent localforward remoteforward \
+    userknownhostsfile; do
+	verbose $tid $i dollar
+	FOO=bar
+	export FOO
+	trial $i '${FOO}' $FOO
+done
+
+
 # A subset of options support tilde expansion
 for i in controlpath identityagent forwardagent; do
+	verbose $tid $i tilde
 	trial $i '~' $HOME/
 	trial $i '~/.ssh' $HOME/.ssh
 done

regress/putty-ciphers.sh

diff --git a/regress/putty-ciphers.sh b/regress/putty-ciphers.sh
index 708c288..5b8e25a 100644
--- a/regress/putty-ciphers.sh
+++ b/regress/putty-ciphers.sh
@@ -1,11 +1,17 @@
-#	$OpenBSD: putty-ciphers.sh,v 1.7 2020/01/23 03:35:07 dtucker Exp $
+#	$OpenBSD: putty-ciphers.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="putty ciphers"
 
 if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
-	echo "putty interop tests not enabled"
-	exit 0
+	skip "putty interop tests not enabled"
+fi
+
+# Re-enable ssh-rsa on older PuTTY versions.
+oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`"
+if [ "x$oldver" = "xyes" ]; then
+	echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy
+	echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
 fi
 
 for c in aes 3des aes128-ctr aes192-ctr aes256-ctr chacha20 ; do

regress/putty-kex.sh

diff --git a/regress/putty-kex.sh b/regress/putty-kex.sh
index 686d0e1..c75802a 100644
--- a/regress/putty-kex.sh
+++ b/regress/putty-kex.sh
@@ -1,11 +1,17 @@
-#	$OpenBSD: putty-kex.sh,v 1.5 2020/01/23 03:24:38 dtucker Exp $
+#	$OpenBSD: putty-kex.sh,v 1.9 2021/09/01 03:16:06 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="putty KEX"
 
 if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
-	echo "putty interop tests not enabled"
-	exit 0
+	skip "putty interop tests not enabled"
+fi
+
+# Re-enable ssh-rsa on older PuTTY versions.
+oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`"
+if [ "x$oldver" = "xyes" ]; then
+	echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy
+	echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
 fi
 
 for k in dh-gex-sha1 dh-group1-sha1 dh-group14-sha1 ecdh ; do

regress/putty-transfer.sh

diff --git a/regress/putty-transfer.sh b/regress/putty-transfer.sh
index 14b4102..a6864f9 100644
--- a/regress/putty-transfer.sh
+++ b/regress/putty-transfer.sh
@@ -1,11 +1,17 @@
-#	$OpenBSD: putty-transfer.sh,v 1.7 2020/01/23 11:19:12 dtucker Exp $
+#	$OpenBSD: putty-transfer.sh,v 1.11 2021/09/01 03:16:06 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="putty transfer data"
 
 if test "x$REGRESS_INTEROP_PUTTY" != "xyes" ; then
-	echo "putty interop tests not enabled"
-	exit 0
+	skip "putty interop tests not enabled"
+fi
+
+# Re-enable ssh-rsa on older PuTTY versions.
+oldver="`${PLINK} --version | awk '/plink: Release/{if ($3<0.76)print "yes"}'`"
+if [ "x$oldver" = "xyes" ]; then
+	echo "HostKeyAlgorithms +ssh-rsa" >> ${OBJ}/sshd_proxy
+	echo "PubkeyAcceptedKeyTypes +ssh-rsa" >> ${OBJ}/sshd_proxy
 fi
 
 if [ "`${SSH} -Q compression`" = "none" ]; then

regress/reconfigure.sh

diff --git a/regress/reconfigure.sh b/regress/reconfigure.sh
index dd15edd..d5b4e98 100644
--- a/regress/reconfigure.sh
+++ b/regress/reconfigure.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: reconfigure.sh,v 1.6 2017/04/30 23:34:55 djm Exp $
+#	$OpenBSD: reconfigure.sh,v 1.9 2021/06/10 09:46:28 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="simple connect after reconfigure"
@@ -41,3 +41,25 @@
 if [ $? -ne 0 ]; then
 	fail "ssh connect with failed after reconfigure"
 fi
+
+trace "reconfigure with active clients"
+${SSH} -F $OBJ/ssh_config somehost sleep 10  # authenticated client
+${NC} -d 127.0.0.1 $PORT >/dev/null &  # unauthenticated client
+PID=`$SUDO cat $PIDFILE`
+rm -f $PIDFILE
+$SUDO kill -HUP $PID
+
+trace "wait for sshd to restart"
+i=0;
+while [ ! -f $PIDFILE -a $i -lt 10 ]; do
+	i=`expr $i + 1`
+	sleep $i
+done
+
+test -f $PIDFILE || fatal "sshd did not restart"
+
+trace "connect after restart with active clients"
+${SSH} -F $OBJ/ssh_config somehost true
+if [ $? -ne 0 ]; then
+	fail "ssh connect with failed after reconfigure"
+fi

regress/rekey.sh

diff --git a/regress/rekey.sh b/regress/rekey.sh
index fd6a02c..61723cd 100644
--- a/regress/rekey.sh
+++ b/regress/rekey.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: rekey.sh,v 1.18 2018/04/10 00:14:10 djm Exp $
+#	$OpenBSD: rekey.sh,v 1.19 2021/07/19 05:08:54 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="rekey"
@@ -71,7 +71,7 @@
 	verbose "client rekeylimit default ${s}"
 	rm -f ${COPY} ${LOG}
 	${SSH} < ${DATA} -oCompression=no -oRekeyLimit="default $s" -F \
-		$OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 3"
+		$OBJ/ssh_proxy somehost "cat >${COPY};sleep $s;sleep 10"
 	if [ $? -ne 0 ]; then
 		fail "ssh failed"
 	fi
@@ -88,7 +88,7 @@
 	verbose "client rekeylimit default ${s} no data"
 	rm -f ${COPY} ${LOG}
 	${SSH} -oCompression=no -oRekeyLimit="default $s" -F \
-		$OBJ/ssh_proxy somehost "sleep $s;sleep 3"
+		$OBJ/ssh_proxy somehost "sleep $s;sleep 10"
 	if [ $? -ne 0 ]; then
 		fail "ssh failed"
 	fi
@@ -124,7 +124,7 @@
 	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
 	echo "rekeylimit default ${s}" >>$OBJ/sshd_proxy
 	rm -f ${COPY} ${LOG}
-	${SSH} -oCompression=no -F $OBJ/ssh_proxy somehost "sleep $s;sleep 3"
+	${SSH} -oCompression=no -F $OBJ/ssh_proxy somehost "sleep $s;sleep 10"
 	if [ $? -ne 0 ]; then
 		fail "ssh failed"
 	fi

regress/scp-uri.sh

diff --git a/regress/scp-uri.sh b/regress/scp-uri.sh
index c03d8bb..20ac3c8 100644
--- a/regress/scp-uri.sh
+++ b/regress/scp-uri.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: scp-uri.sh,v 1.2 2017/12/11 11:41:56 dtucker Exp $
+#	$OpenBSD: scp-uri.sh,v 1.4 2021/08/10 03:35:45 djm Exp $
 #	Placed in the Public Domain.
 
 tid="scp-uri"
@@ -12,7 +12,6 @@
 SRC=`dirname ${SCRIPT}`
 cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp
 chmod 755 ${OBJ}/scp-ssh-wrapper.scp
-scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp"
 export SCP # used in scp-ssh-wrapper.scp
 
 scpclean() {
@@ -24,47 +23,55 @@
 cp $OBJ/ssh_config $OBJ/ssh_config.orig
 egrep -v '^	+(Port|User)	+.*$' $OBJ/ssh_config.orig > $OBJ/ssh_config
 
-verbose "$tid: simple copy local file to remote file"
-scpclean
-$SCP $scpopts ${DATA} "scp://${USER}@somehost:${PORT}/${COPY}" || fail "copy failed"
-cmp ${DATA} ${COPY} || fail "corrupted copy"
+for mode in scp sftp ; do
+	tag="$tid: $mode mode"
+	if test $mode = scp ; then
+		scpopts="-O -q -S ${OBJ}/scp-ssh-wrapper.scp"
+	else
+		scpopts="-s -D ${SFTPSERVER}"
+	fi
+	verbose "$tag: simple copy local file to remote file"
+	scpclean
+	$SCP $scpopts ${DATA} "scp://${USER}@somehost:${PORT}/${COPY}" || fail "copy failed"
+	cmp ${DATA} ${COPY} || fail "corrupted copy"
 
-verbose "$tid: simple copy remote file to local file"
-scpclean
-$SCP $scpopts "scp://${USER}@somehost:${PORT}/${DATA}" ${COPY} || fail "copy failed"
-cmp ${DATA} ${COPY} || fail "corrupted copy"
+	verbose "$tag: simple copy remote file to local file"
+	scpclean
+	$SCP $scpopts "scp://${USER}@somehost:${PORT}/${DATA}" ${COPY} || fail "copy failed"
+	cmp ${DATA} ${COPY} || fail "corrupted copy"
 
-verbose "$tid: simple copy local file to remote dir"
-scpclean
-cp ${DATA} ${COPY}
-$SCP $scpopts ${COPY} "scp://${USER}@somehost:${PORT}/${DIR}" || fail "copy failed"
-cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+	verbose "$tag: simple copy local file to remote dir"
+	scpclean
+	cp ${DATA} ${COPY}
+	$SCP $scpopts ${COPY} "scp://${USER}@somehost:${PORT}/${DIR}" || fail "copy failed"
+	cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
 
-verbose "$tid: simple copy remote file to local dir"
-scpclean
-cp ${DATA} ${COPY}
-$SCP $scpopts "scp://${USER}@somehost:${PORT}/${COPY}" ${DIR} || fail "copy failed"
-cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+	verbose "$tag: simple copy remote file to local dir"
+	scpclean
+	cp ${DATA} ${COPY}
+	$SCP $scpopts "scp://${USER}@somehost:${PORT}/${COPY}" ${DIR} || fail "copy failed"
+	cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
 
-verbose "$tid: recursive local dir to remote dir"
-scpclean
-rm -rf ${DIR2}
-cp ${DATA} ${DIR}/copy
-$SCP $scpopts -r ${DIR} "scp://${USER}@somehost:${PORT}/${DIR2}" || fail "copy failed"
-for i in $(cd ${DIR} && echo *); do
-	cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy"
+	verbose "$tag: recursive local dir to remote dir"
+	scpclean
+	rm -rf ${DIR2}
+	cp ${DATA} ${DIR}/copy
+	$SCP $scpopts -r ${DIR} "scp://${USER}@somehost:${PORT}/${DIR2}" || fail "copy failed"
+	for i in $(cd ${DIR} && echo *); do
+		cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy"
+	done
+
+	verbose "$tag: recursive remote dir to local dir"
+	scpclean
+	rm -rf ${DIR2}
+	cp ${DATA} ${DIR}/copy
+	$SCP $scpopts -r "scp://${USER}@somehost:${PORT}/${DIR}" ${DIR2} || fail "copy failed"
+	for i in $(cd ${DIR} && echo *); do
+		cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy"
+	done
+
+	# TODO: scp -3
 done
 
-verbose "$tid: recursive remote dir to local dir"
-scpclean
-rm -rf ${DIR2}
-cp ${DATA} ${DIR}/copy
-$SCP $scpopts -r "scp://${USER}@somehost:${PORT}/${DIR}" ${DIR2} || fail "copy failed"
-for i in $(cd ${DIR} && echo *); do
-	cmp ${DIR}/$i ${DIR2}/$i || fail "corrupted copy"
-done
-
-# TODO: scp -3
-
 scpclean
 rm -f ${OBJ}/scp-ssh-wrapper.exe

regress/scp.sh

diff --git a/regress/scp.sh b/regress/scp.sh
index 62400ef..358a8df 100644
--- a/regress/scp.sh
+++ b/regress/scp.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: scp.sh,v 1.11 2019/07/19 03:45:44 djm Exp $
+#	$OpenBSD: scp.sh,v 1.13 2021/08/10 03:35:45 djm Exp $
 #	Placed in the Public Domain.
 
 tid="scp"
@@ -19,7 +19,6 @@
 SRC=`dirname ${SCRIPT}`
 cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp
 chmod 755 ${OBJ}/scp-ssh-wrapper.scp
-scpopts="-q -S ${OBJ}/scp-ssh-wrapper.scp"
 export SCP # used in scp-ssh-wrapper.scp
 
 scpclean() {
@@ -28,109 +27,117 @@
 	chmod 755 ${DIR} ${DIR2}
 }
 
-verbose "$tid: simple copy local file to local file"
-scpclean
-$SCP $scpopts ${DATA} ${COPY} || fail "copy failed"
-cmp ${DATA} ${COPY} || fail "corrupted copy"
-
-verbose "$tid: simple copy local file to remote file"
-scpclean
-$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
-cmp ${DATA} ${COPY} || fail "corrupted copy"
-
-verbose "$tid: simple copy remote file to local file"
-scpclean
-$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed"
-cmp ${DATA} ${COPY} || fail "corrupted copy"
-
-verbose "$tid: simple copy local file to remote dir"
-scpclean
-cp ${DATA} ${COPY}
-$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
-cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
-
-verbose "$tid: simple copy local file to local dir"
-scpclean
-cp ${DATA} ${COPY}
-$SCP $scpopts ${COPY} ${DIR} || fail "copy failed"
-cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
-
-verbose "$tid: simple copy remote file to local dir"
-scpclean
-cp ${DATA} ${COPY}
-$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed"
-cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
-
-verbose "$tid: recursive local dir to remote dir"
-scpclean
-rm -rf ${DIR2}
-cp ${DATA} ${DIR}/copy
-$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
-diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
-
-verbose "$tid: recursive local dir to local dir"
-scpclean
-rm -rf ${DIR2}
-cp ${DATA} ${DIR}/copy
-$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed"
-diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
-
-verbose "$tid: recursive remote dir to local dir"
-scpclean
-rm -rf ${DIR2}
-cp ${DATA} ${DIR}/copy
-$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
-diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
-
-verbose "$tid: shell metacharacters"
-scpclean
-(cd ${DIR} && \
-touch '`touch metachartest`' && \
-$SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \
-[ ! -f metachartest ] ) || fail "shell metacharacters"
-
-if [ ! -z "$SUDO" ]; then
-	verbose "$tid: skipped file after scp -p with failed chown+utimes"
+for mode in scp sftp ; do
+	tag="$tid: $mode mode"
+	if test $mode = scp ; then
+		scpopts="-O -q -S ${OBJ}/scp-ssh-wrapper.scp"
+	else
+		scpopts="-s -D ${SFTPSERVER}"
+	fi
+	verbose "tid: simple copy local file to local file"
 	scpclean
-	cp -p ${DATA} ${DIR}/copy
-	cp -p ${DATA} ${DIR}/copy2
-	cp ${DATA} ${DIR2}/copy
-	chmod 660 ${DIR2}/copy
-	$SUDO chown root ${DIR2}/copy
-	$SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1
-	$SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
-	$SUDO rm ${DIR2}/copy
-fi
+	$SCP $scpopts ${DATA} ${COPY} || fail "copy failed"
+	cmp ${DATA} ${COPY} || fail "corrupted copy"
 
-for i in 0 1 2 3 4 5 6 7; do
-	verbose "$tid: disallow bad server #$i"
-	SCPTESTMODE=badserver_$i
-	export DIR SCPTESTMODE
+	verbose "$tag: simple copy local file to remote file"
 	scpclean
-	$SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null
-	[ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir"
-	[ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode"
+	$SCP $scpopts ${DATA} somehost:${COPY} || fail "copy failed"
+	cmp ${DATA} ${COPY} || fail "corrupted copy"
 
+	verbose "$tag: simple copy remote file to local file"
 	scpclean
-	$SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
-	[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
+	$SCP $scpopts somehost:${DATA} ${COPY} || fail "copy failed"
+	cmp ${DATA} ${COPY} || fail "corrupted copy"
 
+	verbose "$tag: simple copy local file to remote dir"
 	scpclean
-	$SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
-	[ ! -w ${DIR2} ] && fail "allows target root attribute change"
+	cp ${DATA} ${COPY}
+	$SCP $scpopts ${COPY} somehost:${DIR} || fail "copy failed"
+	cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
 
+	verbose "$tag: simple copy local file to local dir"
 	scpclean
-	$SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
-	[ -e ${DIR2}/extrafile ] && fail "allows unauth object creation"
-	rm -f ${DIR2}/extrafile
+	cp ${DATA} ${COPY}
+	$SCP $scpopts ${COPY} ${DIR} || fail "copy failed"
+	cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+	verbose "$tag: simple copy remote file to local dir"
+	scpclean
+	cp ${DATA} ${COPY}
+	$SCP $scpopts somehost:${COPY} ${DIR} || fail "copy failed"
+	cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+	verbose "$tag: recursive local dir to remote dir"
+	scpclean
+	rm -rf ${DIR2}
+	cp ${DATA} ${DIR}/copy
+	$SCP $scpopts -r ${DIR} somehost:${DIR2} || fail "copy failed"
+	diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+	verbose "$tag: recursive local dir to local dir"
+	scpclean
+	rm -rf ${DIR2}
+	cp ${DATA} ${DIR}/copy
+	$SCP $scpopts -r ${DIR} ${DIR2} || fail "copy failed"
+	diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+	verbose "$tag: recursive remote dir to local dir"
+	scpclean
+	rm -rf ${DIR2}
+	cp ${DATA} ${DIR}/copy
+	$SCP $scpopts -r somehost:${DIR} ${DIR2} || fail "copy failed"
+	diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+
+	verbose "$tag: shell metacharacters"
+	scpclean
+	(cd ${DIR} && \
+	 touch '`touch metachartest`' && \
+	 $SCP $scpopts *metachar* ${DIR2} 2>/dev/null; \
+	 [ ! -f metachartest ] ) || fail "shell metacharacters"
+
+	if [ ! -z "$SUDO" ]; then
+		verbose "$tag: skipped file after scp -p with failed chown+utimes"
+		scpclean
+		cp -p ${DATA} ${DIR}/copy
+		cp -p ${DATA} ${DIR}/copy2
+		cp ${DATA} ${DIR2}/copy
+		chmod 660 ${DIR2}/copy
+		$SUDO chown root ${DIR2}/copy
+		$SCP -p $scpopts somehost:${DIR}/\* ${DIR2} >/dev/null 2>&1
+		$SUDO diff ${DIFFOPT} ${DIR} ${DIR2} || fail "corrupted copy"
+		$SUDO rm ${DIR2}/copy
+	fi
+
+	for i in 0 1 2 3 4 5 6 7; do
+		verbose "$tag: disallow bad server #$i"
+		SCPTESTMODE=badserver_$i
+		export DIR SCPTESTMODE
+		scpclean
+		$SCP $scpopts somehost:${DATA} ${DIR} >/dev/null 2>/dev/null
+		[ -d {$DIR}/rootpathdir ] && fail "allows dir relative to root dir"
+		[ -d ${DIR}/dotpathdir ] && fail "allows dir creation in non-recursive mode"
+
+		scpclean
+		$SCP -r $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+		[ -d ${DIR}/dotpathdir ] && fail "allows dir creation outside of subdir"
+
+		scpclean
+		$SCP -pr $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+		[ ! -w ${DIR2} ] && fail "allows target root attribute change"
+
+		scpclean
+		$SCP $scpopts somehost:${DATA} ${DIR2} >/dev/null 2>/dev/null
+		[ -e ${DIR2}/extrafile ] && fail "allows unauth object creation"
+		rm -f ${DIR2}/extrafile
+	done
+
+	verbose "$tag: detect non-directory target"
+	scpclean
+	echo a > ${COPY}
+	echo b > ${COPY2}
+	$SCP $scpopts ${DATA} ${COPY} ${COPY2}
+	cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target"
 done
 
-verbose "$tid: detect non-directory target"
-scpclean
-echo a > ${COPY}
-echo b > ${COPY2}
-$SCP $scpopts ${DATA} ${COPY} ${COPY2}
-cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target"
-
 scpclean
 rm -f ${OBJ}/scp-ssh-wrapper.scp

regress/scp3.sh

diff --git a/regress/scp3.sh b/regress/scp3.sh
new file mode 100644
index 0000000..f71b156
--- /dev/null
+++ b/regress/scp3.sh
@@ -0,0 +1,60 @@
+#	$OpenBSD: scp3.sh,v 1.3 2021/08/10 03:35:45 djm Exp $
+#	Placed in the Public Domain.
+
+tid="scp3"
+
+#set -x
+
+COPY2=${OBJ}/copy2
+DIR=${COPY}.dd
+DIR2=${COPY}.dd2
+
+SRC=`dirname ${SCRIPT}`
+cp ${SRC}/scp-ssh-wrapper.sh ${OBJ}/scp-ssh-wrapper.scp
+chmod 755 ${OBJ}/scp-ssh-wrapper.scp
+export SCP # used in scp-ssh-wrapper.scp
+
+scpclean() {
+	rm -rf ${COPY} ${COPY2} ${DIR} ${DIR2}
+	mkdir ${DIR} ${DIR2}
+	chmod 755 ${DIR} ${DIR2}
+}
+
+for mode in scp sftp ; do
+	scpopts="-F${OBJ}/ssh_proxy -S ${SSH} -q"
+	tag="$tid: $mode mode"
+	if test $mode = scp ; then
+		scpopts="$scpopts -O"
+	else
+		scpopts="-s -D ${SFTPSERVER}"
+	fi
+
+	verbose "$tag: simple copy remote file to remote file"
+	scpclean
+	$SCP $scpopts -3 hostA:${DATA} hostB:${COPY} || fail "copy failed"
+	cmp ${DATA} ${COPY} || fail "corrupted copy"
+
+	verbose "$tag: simple copy remote file to remote dir"
+	scpclean
+	cp ${DATA} ${COPY}
+	$SCP $scpopts -3 hostA:${COPY} hostB:${DIR} || fail "copy failed"
+	cmp ${COPY} ${DIR}/copy || fail "corrupted copy"
+
+	verbose "$tag: recursive remote dir to remote dir"
+	scpclean
+	rm -rf ${DIR2}
+	cp ${DATA} ${DIR}/copy
+	$SCP $scpopts -3r hostA:${DIR} hostB:${DIR2} || fail "copy failed"
+	diff -r ${DIR} ${DIR2} || fail "corrupted copy"
+	diff -r ${DIR2} ${DIR} || fail "corrupted copy"
+
+	verbose "$tag: detect non-directory target"
+	scpclean
+	echo a > ${COPY}
+	echo b > ${COPY2}
+	$SCP $scpopts -3 hostA:${DATA} hostA:${COPY} hostB:${COPY2}
+	cmp ${COPY} ${COPY2} >/dev/null && fail "corrupt target"
+done
+
+scpclean
+rm -f ${OBJ}/scp-ssh-wrapper.exe

regress/servcfginclude.sh

diff --git a/regress/servcfginclude.sh b/regress/servcfginclude.sh
index b25c8fa..518a703 100644
--- a/regress/servcfginclude.sh
+++ b/regress/servcfginclude.sh
@@ -9,17 +9,17 @@
 
 Match host b
 	Banner /bb
-	Include $OBJ/sshd_config.i.*
+	Include $OBJ/sshd_config.i.* # comment
 
 Match host c
-	Include $OBJ/sshd_config.i.*
+	Include $OBJ/sshd_config.i.* # comment
 	Banner /cc
 
 Match host m
 	Include $OBJ/sshd_config.i.*
 
 Match Host d
-	Banner /dd
+	Banner /dd # comment
 
 Match Host e
 	Banner /ee
@@ -64,7 +64,7 @@
 Match host b
 	Banner /bbbb
 
-Match host c
+Match host c # comment
 	Banner /cccc
 
 Match Host d
@@ -146,9 +146,43 @@
 _EOF
 
 trace "disallow invalid with no argument"
-${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x -T \
     -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \
 	fail "sshd allowed Include with no argument"
 
+# Ensure the Include before any Match block works as expected (bug #3122)
+cat > $OBJ/sshd_config.i << _EOF
+Banner /xx
+HostKey $OBJ/host.ssh-ed25519
+Include $OBJ/sshd_config.i.2
+Match host a
+	Banner /aaaa
+_EOF
+cat > $OBJ/sshd_config.i.2 << _EOF
+Match host a
+	Banner /aa
+_EOF
+
+trace "Include before match blocks"
+trial a /aa "included file before match blocks is properly evaluated"
+
+# Port in included file is correctly interpretted (bug #3169)
+cat > $OBJ/sshd_config.i << _EOF
+Include $OBJ/sshd_config.i.2
+Port 7722
+_EOF
+cat > $OBJ/sshd_config.i.2 << _EOF
+HostKey $OBJ/host.ssh-ed25519
+_EOF
+
+trace "Port after included files"
+${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i -T \
+    -C "host=x,user=test,addr=127.0.0.1" > $OBJ/sshd_config.out || \
+	fail "failed to parse Port after included files"
+_port=`grep -i '^port ' $OBJ/sshd_config.out | awk '{print $2}'`
+if test "x7722" != "x$_port" ; then
+	fail "The Port in included file was intertepretted wrongly. Expected 7722, got $_port"
+fi
+
 # cleanup
 rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out

regress/sftp-chroot.sh

diff --git a/regress/sftp-chroot.sh b/regress/sftp-chroot.sh
index 5acc4d2..a7766fe 100644
--- a/regress/sftp-chroot.sh
+++ b/regress/sftp-chroot.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sftp-chroot.sh,v 1.7 2018/11/22 08:48:32 dtucker Exp $
+#	$OpenBSD: sftp-chroot.sh,v 1.8 2021/09/01 00:50:27 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="sftp in chroot"
@@ -9,14 +9,11 @@
 trap "${SUDO} rm -f ${PRIVDATA}" 0
 
 if [ -z "$SUDO" -a ! -w /var/run ]; then
-	echo "need SUDO to create file in /var/run, test won't work without"
-	echo SKIPPED
-	exit 0
+	skip "need SUDO to create file in /var/run, test won't work without"
 fi
 
 if ! $OBJ/check-perm -m chroot "$CHROOT" ; then
-  echo "skipped: $CHROOT is unsuitable as ChrootDirectory"
-  exit 0
+  skip "$CHROOT is unsuitable as ChrootDirectory"
 fi
 
 $SUDO sh -c "echo mekmitastdigoat > $PRIVDATA" || \

regress/sftp-perm.sh

diff --git a/regress/sftp-perm.sh b/regress/sftp-perm.sh
index 304ca0a..de96a14 100644
--- a/regress/sftp-perm.sh
+++ b/regress/sftp-perm.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sftp-perm.sh,v 1.2 2013/10/17 22:00:18 djm Exp $
+#	$OpenBSD: sftp-perm.sh,v 1.3 2021/03/31 21:59:26 djm Exp $
 #	Placed in the Public Domain.
 
 tid="sftp permissions"
@@ -220,13 +220,15 @@
 	"test ! -d ${COPY}.dd" \
 	"test -d ${COPY}.dd"
 
-perm_test \
-	"posix-rename" \
-	"realpath,stat,lstat" \
-	"rename $COPY ${COPY}.1" \
-	"touch $COPY" \
-	"test -f ${COPY}.1 -a ! -f $COPY" \
-	"test -f $COPY -a ! -f ${COPY}.1"
+# Can't readily test this because the client falls back to traditional rename.
+# XXX maybe there is a behaviorial difference we can test for?
+#perm_test \
+#	"posix-rename" \
+#	"realpath,stat,lstat" \
+#	"rename $COPY ${COPY}.1" \
+#	"touch $COPY" \
+#	"test -f ${COPY}.1 -a ! -f $COPY" \
+#	"test -f $COPY -a ! -f ${COPY}.1"
 
 perm_test \
 	"rename" \

regress/ssh2putty.sh

diff --git a/regress/ssh2putty.sh b/regress/ssh2putty.sh
index dcb975d..9b08310 100755
--- a/regress/ssh2putty.sh
+++ b/regress/ssh2putty.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-#	$OpenBSD: ssh2putty.sh,v 1.5 2019/11/21 05:18:47 tb Exp $
+#	$OpenBSD: ssh2putty.sh,v 1.9 2021/07/25 12:13:03 dtucker Exp $
 
 if test "x$1" = "x" -o "x$2" = "x" -o "x$3" = "x" ; then
 	echo "Usage: ssh2putty hostname port ssh-private-key"
@@ -10,6 +10,8 @@
 PORT=$2
 KEYFILE=$3
 
+OPENSSL_BIN="${OPENSSL_BIN:-openssl}"
+
 # XXX - support DSA keys too
 if grep "BEGIN RSA PRIVATE KEY" $KEYFILE >/dev/null 2>&1 ; then
 	:
@@ -19,13 +21,13 @@
 fi
 
 public_exponent=`
-	openssl rsa -noout -text -in $KEYFILE | grep ^publicExponent |
+	$OPENSSL_BIN rsa -noout -text -in $KEYFILE | grep ^publicExponent |
 	sed 's/.*(//;s/).*//'
 `
 test $? -ne 0 && exit 1
 
 modulus=`
-	openssl rsa -noout -modulus -in $KEYFILE | grep ^Modulus= |
+	$OPENSSL_BIN rsa -noout -modulus -in $KEYFILE | grep ^Modulus= |
 	sed 's/^Modulus=/0x/' | tr A-Z a-z
 `
 test $? -ne 0 && exit 1

regress/sshcfgparse.sh

diff --git a/regress/sshcfgparse.sh b/regress/sshcfgparse.sh
index fc72a0a..504853d 100644
--- a/regress/sshcfgparse.sh
+++ b/regress/sshcfgparse.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshcfgparse.sh,v 1.6 2019/12/21 02:33:07 djm Exp $
+#	$OpenBSD: sshcfgparse.sh,v 1.9 2021/06/08 07:05:27 dtucker Exp $
 #	Placed in the Public Domain.
 
 tid="ssh config parse"
@@ -32,7 +32,7 @@
 verbose "reparse minimal config"
 (${SSH} -G -F $OBJ/ssh_config somehost >$OBJ/ssh_config.1 &&
  ${SSH} -G -F $OBJ/ssh_config.1 somehost >$OBJ/ssh_config.2 &&
- diff $OBJ/ssh_config.1 $OBJ/ssh_config.2) || fail "reparse minimal config"
+ diff $OBJ/ssh_config.1 $OBJ/ssh_config.2) || fail "failed to reparse minimal"
 
 verbose "ssh -W opts"
 f=`${SSH} -GF $OBJ/ssh_config host | awk '/exitonforwardfailure/{print $2}'`
@@ -62,34 +62,34 @@
 f=`${SSH} -GF $OBJ/ssh_config baz@host -o user=foo -l bar baz@host | awk '/^user /{print $2}'`
 test "$f" = "baz" || fail "user first match user@host, expected 'baz' got '$f'"
 
-verbose "pubkeyacceptedkeytypes"
+verbose "pubkeyacceptedalgorithms"
 # Default set
-f=`${SSH} -GF none host | awk '/^pubkeyacceptedkeytypes /{print $2}'`
+f=`${SSH} -GF none host | awk '/^pubkeyacceptedalgorithms /{print $2}'`
 expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*"
 expect_result_absent "$f" "ssh-dss"
 # Explicit override
-f=`${SSH} -GF none -opubkeyacceptedkeytypes=ssh-ed25519 host | \
-    awk '/^pubkeyacceptedkeytypes /{print $2}'`
+f=`${SSH} -GF none -opubkeyacceptedalgorithms=ssh-ed25519 host | \
+    awk '/^pubkeyacceptedalgorithms /{print $2}'`
 expect_result_present "$f" "ssh-ed25519"
 expect_result_absent "$f" "ssh-ed25519-cert-v01.*" "ssh-dss"
 # Removal from default set
-f=`${SSH} -GF none -opubkeyacceptedkeytypes=-ssh-ed25519-cert* host | \
-    awk '/^pubkeyacceptedkeytypes /{print $2}'`
+f=`${SSH} -GF none -opubkeyacceptedalgorithms=-ssh-ed25519-cert* host | \
+    awk '/^pubkeyacceptedalgorithms /{print $2}'`
 expect_result_present "$f" "ssh-ed25519"
 expect_result_absent "$f" "ssh-ed25519-cert-v01.*" "ssh-dss"
-f=`${SSH} -GF none -opubkeyacceptedkeytypes=-ssh-ed25519 host | \
-    awk '/^pubkeyacceptedkeytypes /{print $2}'`
+f=`${SSH} -GF none -opubkeyacceptedalgorithms=-ssh-ed25519 host | \
+    awk '/^pubkeyacceptedalgorithms /{print $2}'`
 expect_result_present "$f" "ssh-ed25519-cert-v01.*"
 expect_result_absent "$f" "ssh-ed25519" "ssh-dss"
 # Append to default set.
 # This is not tested when built !WITH_OPENSSL
 if [ "$dsa" = "1" ]; then
-	f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss-cert* host | \
-	    awk '/^pubkeyacceptedkeytypes /{print $2}'`
+	f=`${SSH} -GF none -opubkeyacceptedalgorithms=+ssh-dss-cert* host | \
+	    awk '/^pubkeyacceptedalgorithms /{print $2}'`
 	expect_result_present "$f" "ssh-ed25519" "ssh-dss-cert-v01.*"
 	expect_result_absent "$f" "ssh-dss"
-	f=`${SSH} -GF none -opubkeyacceptedkeytypes=+ssh-dss host | \
-	    awk '/^pubkeyacceptedkeytypes /{print $2}'`
+	f=`${SSH} -GF none -opubkeyacceptedalgorithms=+ssh-dss host | \
+	    awk '/^pubkeyacceptedalgorithms /{print $2}'`
 	expect_result_present "$f" "ssh-ed25519" "ssh-ed25519-cert-v01.*" "ssh-dss"
 	expect_result_absent "$f" "ssh-dss-cert-v01.*"
 fi
@@ -104,5 +104,16 @@
 f=`${SSH} -GF none '-oforwardagent=SSH_AUTH_SOCK.forward' host | awk '/^forwardagent /{print$2}'`
 expect_result_present "$f" "SSH_AUTH_SOCK.forward"
 
+verbose "command line override"
+cat >$OBJ/ssh_config.0 <<EOD
+Host *
+    IPQoS af21 cs1
+    TunnelDevice 1:2
+EOD
+f=`${SSH} -GF $OBJ/ssh_config.0 -oipqos=cs1 host | awk '/^ipqos /{print$2}'`
+expect_result_present "$f" "cs1"
+f=`${SSH} -GF $OBJ/ssh_config.0 -otunneldevice=3:4 host | awk '/^tunneldevice /{print$2}'`
+expect_result_present "$f" "3:4"
+
 # cleanup
 rm -f $OBJ/ssh_config.[012]

regress/sshfp-connect.sh

diff --git a/regress/sshfp-connect.sh b/regress/sshfp-connect.sh
new file mode 100644
index 0000000..f786469
--- /dev/null
+++ b/regress/sshfp-connect.sh
@@ -0,0 +1,66 @@
+#	$OpenBSD: sshfp-connect.sh,v 1.4 2021/09/01 00:50:27 dtucker Exp $
+#	Placed in the Public Domain.
+
+# This test requires external setup and thus is skipped unless
+# TEST_SSH_SSHFP_DOMAIN is set.  It requires:
+# 1) A DNSSEC-enabled domain, which TEST_SSH_SSHFP_DOMAIN points to.
+# 2) A DNSSEC-validating resolver such as unwind(8).
+# 3) The following SSHFP records with fingerprints from rsa_openssh.pub
+#    in that domain that are expected to succeed:
+#      sshtest: valid sha1 and sha256 fingerprints.
+#      sshtest-sha{1,256}, : valid fingerprints for that type only.
+#    and the following records that are expected to fail:
+#      sshtest-bad: invalid sha1 fingerprint and good sha256 fingerprint
+#      sshtest-sha{1,256}-bad: invalid fingerprints for that type only.
+#
+# sshtest IN SSHFP 1 1 99C79CC09F5F81069CC017CDF9552CFC94B3B929
+# sshtest IN SSHFP 1 2 E30D6B9EB7A4DE495324E4D5870B8220577993EA6AF417E8E4A4F1C5 BF01A9B6
+# sshtest-sha1 IN SSHFP 1 1 99C79CC09F5F81069CC017CDF9552CFC94B3B929
+# sshtest-sha256 IN SSHFP 1 2 E30D6B9EB7A4DE495324E4D5870B8220577993EA6AF417E8E4A4F1C5 BF01A9B6
+# sshtest-bad IN SSHFP 1 2 E30D6B9EB7A4DE495324E4D5870B8220577993EA6AF417E8E4A4F1C5 BF01A9B6
+# sshtest-bad IN SSHFP 1 1 99C79CC09F5F81069CC017CDF9552CFC94B3B928
+# sshtest-sha1-bad IN SSHFP 1 1 99D79CC09F5F81069CC017CDF9552CFC94B3B929
+# sshtest-sha256-bad IN SSHFP 1 2 E30D6B9EB7A4DE495324E4D5870B8220577993EA6AF417E8E4A4F1C5 BF01A9B5
+
+tid="sshfp connect"
+
+if ! $SSH -Q key-plain | grep ssh-rsa >/dev/null; then
+	skip "RSA keys not supported."
+elif [ -z "${TEST_SSH_SSHFP_DOMAIN}" ]; then
+	skip "TEST_SSH_SSHFP_DOMAIN not set."
+else
+	# Set RSA host key to match fingerprints above.
+	mv $OBJ/sshd_proxy $OBJ/sshd_proxy.orig
+	$SUDO cp $SRC/rsa_openssh.prv $OBJ/host.ssh-rsa
+	$SUDO chmod 600 $OBJ/host.ssh-rsa
+	sed -e "s|$OBJ/ssh-rsa|$OBJ/host.ssh-rsa|" \
+	    $OBJ/sshd_proxy.orig > $OBJ/sshd_proxy
+
+	# Zero out known hosts and key aliases to force use of SSHFP records.
+	> $OBJ/known_hosts
+	mv $OBJ/ssh_proxy $OBJ/ssh_proxy.orig
+	sed -e "/HostKeyAlias.*localhost-with-alias/d" \
+	    -e "/Hostname.*127.0.0.1/d" \
+	    $OBJ/ssh_proxy.orig > $OBJ/ssh_proxy
+
+	for n in sshtest sshtest-sha1 sshtest-sha256; do
+		trace "sshfp connect $n good fingerprint"
+		host="${n}.dtucker.net"
+		opts="-F $OBJ/ssh_proxy -o VerifyHostKeyDNS=yes "
+		opts="$opts -o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256"
+		host="${n}.${TEST_SSH_SSHFP_DOMAIN}"
+		SSH_CONNECTION=`${SSH} $opts $host 'echo $SSH_CONNECTION'`
+		if [ $? -ne 0 ]; then
+			fail "ssh sshfp connect failed"
+		fi
+		if [ "$SSH_CONNECTION" != "UNKNOWN 65535 UNKNOWN 65535" ]; then
+			fail "bad SSH_CONNECTION: $SSH_CONNECTION"
+		fi
+
+		trace "sshfp connect $n bad fingerprint"
+		host="${n}-bad.${TEST_SSH_SSHFP_DOMAIN}"
+		if ${SSH} $opts ${host} true; then
+			fail "sshfp-connect succeeded with bad SSHFP record"
+		fi
+	done
+fi

regress/sshsig.sh

diff --git a/regress/sshsig.sh b/regress/sshsig.sh
index 1e2f9dd..fc300a8 100644
--- a/regress/sshsig.sh
+++ b/regress/sshsig.sh
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshsig.sh,v 1.4 2020/03/13 03:18:45 djm Exp $
+#	$OpenBSD: sshsig.sh,v 1.7 2021/08/11 08:55:04 djm Exp $
 #	Placed in the Public Domain.
 
 tid="sshsig"
@@ -12,12 +12,13 @@
 sig_principal="user-$$@example.com"
 
 # Make a "wrong key"
-${SSHKEYGEN} -t ed25519 -f $OBJ/wrong-key -C "wrong trousers, Grommit" -N '' \
+${SSHKEYGEN} -q -t ed25519 -f $OBJ/wrong-key \
+	-C "wrong trousers, Grommit" -N '' \
 	|| fatal "couldn't generate key"
 WRONG=$OBJ/wrong-key.pub
 
 # Make a CA key.
-${SSHKEYGEN} -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \
+${SSHKEYGEN} -q -t ed25519 -f $OBJ/sigca-key -C "CA" -N '' \
 	|| fatal "couldn't generate key"
 CA_PRIV=$OBJ/sigca-key
 CA_PUB=$OBJ/sigca-key.pub
@@ -63,6 +64,17 @@
 		< $DATA >/dev/null 2>&1 || \
 		fail "failed signature for $t key w/ limited namespace"
 
+	(printf "$sig_principal namespaces=\"$sig_namespace,whatever\" ";
+	 cat $pubkey) > $OBJ/allowed_signers
+	${SSHKEYGEN} -q -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		-O print-pubkey \
+		< $DATA | cut -d' ' -f1-2 > ${OBJ}/${keybase}-fromsig.pub || \
+		fail "failed signature for $t key w/ print-pubkey"
+	cut -d' ' -f1-2 ${OBJ}/${keybase}.pub > ${OBJ}/${keybase}-strip.pub
+	diff -r ${OBJ}/${keybase}-strip.pub ${OBJ}/${keybase}-fromsig.pub || \
+		fail "print-pubkey differs from signature key"
+
 	# Invalid option
 	(printf "$sig_principal octopus " ; cat $pubkey) > $OBJ/allowed_signers
 	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
@@ -106,6 +118,34 @@
 		< $DATA >/dev/null 2>&1 && \
 		fail "accepted signature for $t key with excluded namespace"
 
+	( printf "$sig_principal " ;
+	  printf "valid-after=\"19800101\",valid-before=\"19900101\" " ;
+	  cat $pubkey) > $OBJ/allowed_signers
+
+	# key lifespan valid
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		-Overify-time=19850101 \
+		< $DATA >/dev/null 2>&1 || \
+		fail "failed signature for $t key with valid expiry interval"
+	# key not yet valid
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		-Overify-time=19790101 \
+		< $DATA >/dev/null 2>&1 && \
+		fail "failed signature for $t not-yet-valid key"
+	# key expired
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		-Overify-time=19910101 \
+		< $DATA >/dev/null 2>&1 && \
+		fail "failed signature for $t with expired key"
+	# NB. assumes we're not running this test in the 1980s
+	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
+		-I $sig_principal -f $OBJ/allowed_signers \
+		< $DATA >/dev/null 2>&1 && \
+		fail "failed signature for $t with expired key"
+
 	# public key in revoked keys file
 	cat $pubkey > $OBJ/revoked_keys
 	(printf "$sig_principal namespaces=\"whatever\" " ;
@@ -116,7 +156,7 @@
 		< $DATA >/dev/null 2>&1 && \
 		fail "accepted signature for $t key, but key is in revoked_keys"
 
-	# public key not revoked, but other are present in revoked_keysfile
+	# public key not revoked, but others are present in revoked_keysfile
 	cat $WRONG > $OBJ/revoked_keys
 	(printf "$sig_principal " ; cat $pubkey) > $OBJ/allowed_signers
 	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
@@ -168,7 +208,7 @@
 		fail "failed signature for $t cert"
 
 	# signing key listed as cert-authority
-	(printf "$sig_principal cert-authority" ;
+	(printf "$sig_principal cert-authority " ;
 	 cat $pubkey) > $OBJ/allowed_signers
 	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
 		-I $sig_principal -f $OBJ/allowed_signers \
@@ -183,7 +223,7 @@
 		fail "accepted signature for $t cert with CA not marked"
 
 	# mismatch between cert principal and file
-	(printf "josef.k@example.com cert-authority" ;
+	(printf "josef.k@example.com cert-authority " ;
 	 cat $CA_PUB) > $OBJ/allowed_signers
 	${SSHKEYGEN} -vvv -Y verify -s $sigfile -n $sig_namespace \
 		-I $sig_principal -f $OBJ/allowed_signers \

regress/test-exec.sh

diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 5dc975d..415422e 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -1,21 +1,11 @@
-#	$OpenBSD: test-exec.sh,v 1.76 2020/04/04 23:04:41 dtucker Exp $
+#	$OpenBSD: test-exec.sh,v 1.87 2021/09/01 00:50:27 dtucker Exp $
 #	Placed in the Public Domain.
 
 #SUDO=sudo
 
-# Unbreak GNU head(1)
-_POSIX2_VERSION=199209
-export _POSIX2_VERSION
-
-case `uname -s 2>/dev/null` in
-OSF1*)
-	BIN_SH=xpg4
-	export BIN_SH
-	;;
-CYGWIN*)
-	os=cygwin
-	;;
-esac
+if [ ! -x "$TEST_SSH_ELAPSED_TIMES" ]; then
+	STARTTIME=`date '+%s'`
+fi
 
 if [ ! -z "$TEST_SSH_PORT" ]; then
 	PORT="$TEST_SSH_PORT"
@@ -23,26 +13,6 @@
 	PORT=4242
 fi
 
-# If configure tells us to use a different egrep, create a wrapper function
-# to call it.  This means we don't need to change all the tests that depend
-# on a good implementation.
-if test "x${EGREP}" != "x"; then
-	egrep ()
-{
-	 ${EGREP} "$@"
-}
-fi
-
-if [ -x /usr/ucb/whoami ]; then
-	USER=`/usr/ucb/whoami`
-elif whoami >/dev/null 2>&1; then
-	USER=`whoami`
-elif logname >/dev/null 2>&1; then
-	USER=`logname`
-else
-	USER=`id -un`
-fi
-
 OBJ=$1
 if [ "x$OBJ" = "x" ]; then
 	echo '$OBJ not defined'
@@ -69,6 +39,46 @@
 fi
 unset SSH_AUTH_SOCK
 
+# Portable-specific settings.
+
+if [ -x /usr/ucb/whoami ]; then
+	USER=`/usr/ucb/whoami`
+elif whoami >/dev/null 2>&1; then
+	USER=`whoami`
+elif logname >/dev/null 2>&1; then
+	USER=`logname`
+else
+	USER=`id -un`
+fi
+if test -z "$LOGNAME"; then
+	LOGNAME="${USER}"
+	export LOGNAME
+fi
+
+# Unbreak GNU head(1)
+_POSIX2_VERSION=199209
+export _POSIX2_VERSION
+
+case `uname -s 2>/dev/null` in
+OSF1*)
+	BIN_SH=xpg4
+	export BIN_SH
+	;;
+CYGWIN*)
+	os=cygwin
+	;;
+esac
+
+# If configure tells us to use a different egrep, create a wrapper function
+# to call it.  This means we don't need to change all the tests that depend
+# on a good implementation.
+if test "x${EGREP}" != "x"; then
+	egrep ()
+{
+	 ${EGREP} "$@"
+}
+fi
+
 SRC=`dirname ${SCRIPT}`
 
 # defaults
@@ -92,6 +102,7 @@
 
 # Tools used by multiple tests
 NC=$OBJ/netcat
+OPENSSL_BIN="${OPENSSL_BIN:-openssl}"
 
 if [ "x$TEST_SSH_SSH" != "x" ]; then
 	SSH="${TEST_SSH_SSH}"
@@ -147,6 +158,9 @@
 if [ "x$TEST_SSH_SK_HELPER" != "x" ]; then
 	SSH_SK_HELPER="${TEST_SSH_SK_HELPER}"
 fi
+if [ "x$TEST_SSH_OPENSSL" != "x" ]; then
+	OPENSSL_BIN="${TEST_SSH_OPENSSL}"
+fi
 
 # Path to sshd must be absolute for rexec
 case "$SSHD" in
@@ -242,10 +256,15 @@
 >$TEST_REGRESS_LOGFILE
 
 # Create wrapper ssh with logging.  We can't just specify "SSH=ssh -E..."
-# because sftp and scp don't handle spaces in arguments.
+# because sftp and scp don't handle spaces in arguments.  scp and sftp like
+# to use -q so we remove those to preserve our debug logging.  In the rare
+# instance where -q is desirable -qq is equivalent and is not removed.
 SSHLOGWRAP=$OBJ/ssh-log-wrapper.sh
-echo "#!/bin/sh" > $SSHLOGWRAP
-echo "exec ${SSH} -E${TEST_SSH_LOGFILE} "'"$@"' >>$SSHLOGWRAP
+cat >$SSHLOGWRAP <<EOD
+#!/bin/sh
+for i in "\$@";do shift;case "\$i" in -q):;; *) set -- "\$@" "\$i";;esac;done
+exec ${SSH} -E${TEST_SSH_LOGFILE} "\$@"
+EOD
 
 chmod a+rx $OBJ/ssh-log-wrapper.sh
 REAL_SSH="$SSH"
@@ -315,10 +334,27 @@
 		cksum
 	elif have_prog sum; then
 		sum
+	elif [ -x ${OPENSSL_BIN} ]; then
+		${OPENSSL_BIN} md5
 	else
 		wc -c
 	fi
 }
+
+# Some platforms don't have hostname at all, but on others uname -n doesn't
+# provide the fully qualified name we need, so in the former case we create
+# our own hostname function.
+if ! have_prog hostname; then
+	hostname() {
+		uname -n
+	}
+fi
+
+make_tmpdir ()
+{
+	SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
+	    fatal "failed to create temporary directory"
+}
 # End of portable specific functions
 
 stop_sshd ()
@@ -352,12 +388,6 @@
 	fi
 }
 
-make_tmpdir ()
-{
-	SSH_REGRESS_TMP="$($OBJ/mkdtemp openssh-XXXXXXXX)" || \
-	    fatal "failed to create temporary directory"
-}
-
 # helper
 cleanup ()
 {
@@ -372,6 +402,11 @@
 		rm -rf "$SSH_REGRESS_TMP"
 	fi
 	stop_sshd
+	if [ ! -z "$TEST_SSH_ELAPSED_TIMES" ]; then
+		now=`date '+%s'`
+		elapsed=$(($now - $STARTTIME))
+		echo elapsed $elapsed `basename $SCRIPT .sh`
+	fi
 }
 
 start_debug_log ()
@@ -407,12 +442,6 @@
 	fi
 }
 
-warn ()
-{
-	echo "WARNING: $@" >>$TEST_SSH_LOGFILE
-	echo "WARNING: $@"
-}
-
 fail ()
 {
 	save_debug_log "FAIL: $@"
@@ -433,6 +462,14 @@
 	exit $RESULT
 }
 
+# Skip remaining tests in script.
+skip ()
+{
+	echo "SKIPPED: $@"
+	cleanup
+	exit $RESULT
+}
+
 RESULT=0
 PIDFILE=$OBJ/pidfile
 
@@ -457,7 +494,7 @@
 # but if you aren't careful with permissions then the unit tests could
 # be abused to locally escalate privileges.
 if [ ! -z "$TEST_SSH_UNSAFE_PERMISSIONS" ]; then
-	echo "StrictModes no" >> $OBJ/sshd_config
+	echo "	StrictModes no" >> $OBJ/sshd_config
 else
 	# check and warn if excessive permissions are likely to cause failures.
 	unsafe=""
@@ -485,6 +522,11 @@
 	fi
 fi
 
+if [ ! -z "$TEST_SSH_MODULI_FILE" ]; then
+	trace "adding modulifile='$TEST_SSH_MODULI_FILE' to sshd_config"
+	echo "	ModuliFile '$TEST_SSH_MODULI_FILE'" >> $OBJ/sshd_config
+fi
+
 if [ ! -z "$TEST_SSH_SSHD_CONFOPTS" ]; then
 	trace "adding sshd_config option $TEST_SSH_SSHD_CONFOPTS"
 	echo "$TEST_SSH_SSHD_CONFOPTS" >> $OBJ/sshd_config
@@ -574,7 +616,7 @@
 	) >> $OBJ/known_hosts
 
 	# use key as host key, too
-	$SUDO cp $OBJ/$t $OBJ/host.$t
+	(umask 077; $SUDO cp $OBJ/$t $OBJ/host.$t)
 	echo HostKey $OBJ/host.$t >> $OBJ/sshd_config
 
 	# don't use SUDO for proxy connect
@@ -588,10 +630,11 @@
 	REGRESS_INTEROP_CONCH=yes
 fi
 
-# If PuTTY is present and we are running a PuTTY test, prepare keys and
-# configuration
+# If PuTTY is present, new enough and we are running a PuTTY test, prepare
+# keys and configuration.
 REGRESS_INTEROP_PUTTY=no
-if test -x "$PUTTYGEN" -a -x "$PLINK" ; then
+if test -x "$PUTTYGEN" -a -x "$PLINK" &&
+    "$PUTTYGEN" --help 2>&1 | grep -- --new-passphrase >/dev/null; then
 	REGRESS_INTEROP_PUTTY=yes
 fi
 case "$SCRIPT" in
@@ -604,13 +647,13 @@
 
 	# Add a PuTTY key to authorized_keys
 	rm -f ${OBJ}/putty.rsa2
-	if ! puttygen -t rsa -o ${OBJ}/putty.rsa2 \
+	if ! "$PUTTYGEN" -t rsa -o ${OBJ}/putty.rsa2 \
 	    --random-device=/dev/urandom \
 	    --new-passphrase /dev/null < /dev/null > /dev/null; then
-		echo "Your installed version of PuTTY is too old to support --new-passphrase; trying without (may require manual interaction) ..." >&2
-		puttygen -t rsa -o ${OBJ}/putty.rsa2 < /dev/null > /dev/null
+		echo "Your installed version of PuTTY is too old to support --new-passphrase, skipping test" >&2
+		exit 1
 	fi
-	puttygen -O public-openssh ${OBJ}/putty.rsa2 \
+	"$PUTTYGEN" -O public-openssh ${OBJ}/putty.rsa2 \
 	    >> $OBJ/authorized_keys_$USER
 
 	# Convert rsa2 host key to PuTTY format
@@ -634,8 +677,6 @@
 
 	PUTTYDIR=${OBJ}/.putty
 	export PUTTYDIR
-
-	REGRESS_INTEROP_PUTTY=yes
 fi
 
 # create a proxy version of the client config

regress/unittests/Makefile

diff --git a/regress/unittests/Makefile b/regress/unittests/Makefile
index 4e56e11..4d26b74 100644
--- a/regress/unittests/Makefile
+++ b/regress/unittests/Makefile
@@ -1,7 +1,7 @@
-#	$OpenBSD: Makefile,v 1.11 2019/04/28 22:53:26 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.12 2020/06/19 04:34:21 djm Exp $
 
 REGRESS_FAIL_EARLY?=	yes
 SUBDIR=	test_helper sshbuf sshkey bitmap kex hostkeys utf8 match conversion
-SUBDIR+=authopt misc
+SUBDIR+=authopt misc sshsig
 
 .include <bsd.subdir.mk>

regress/unittests/authopt/Makefile

diff --git a/regress/unittests/authopt/Makefile b/regress/unittests/authopt/Makefile
index e8edc7b..71a7be5 100644
--- a/regress/unittests/authopt/Makefile
+++ b/regress/unittests/authopt/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.5 2020/04/06 09:43:55 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.6 2021/01/09 12:24:30 dtucker Exp $
 
 PROG=test_authopt
 SRCS=tests.c
@@ -10,7 +10,7 @@
 SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
 SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
 SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
-SRCS+=addrmatch.c bitmap.c
+SRCS+=addr.c addrmatch.c bitmap.c
 SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
 SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
 SRCS+=ssh-ed25519-sk.c sk-usbhid.c

regress/unittests/authopt/tests.c

diff --git a/regress/unittests/authopt/tests.c b/regress/unittests/authopt/tests.c
index 0e8aacb..9873c09 100644
--- a/regress/unittests/authopt/tests.c
+++ b/regress/unittests/authopt/tests.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: tests.c,v 1.1 2018/03/03 03:16:17 djm Exp $ */
+/* 	$OpenBSD: tests.c,v 1.2 2021/07/24 01:54:23 djm Exp $ */
 
 /*
  * Regress test for keys options functions.
@@ -6,14 +6,18 @@
  * Placed in the public domain
  */
 
+#include "includes.h"
+
 #include <sys/types.h>
 #include <sys/param.h>
 #include <stdio.h>
+#ifdef HAVE_STDINT_H
 #include <stdint.h>
+#endif
 #include <stdlib.h>
 #include <string.h>
 
-#include "test_helper.h"
+#include "../test_helper/test_helper.h"
 
 #include "sshkey.h"
 #include "authfile.h"
@@ -268,6 +272,8 @@
 	} while (0)
 	ARRAY_TEST("environment", "environment=\"foo=1\",environment=\"bar=2\"",
 	    env, nenv, "foo=1,bar=2");
+	ARRAY_TEST("environment", "environment=\"foo=1\",environment=\"foo=2\"",
+	    env, nenv, "foo=1");
 	ARRAY_TEST("permitopen", "permitopen=\"foo:123\",permitopen=\"bar:*\"",
 	    permitopen, npermitopen, "foo:123,bar:*");
 #undef ARRAY_TEST

regress/unittests/conversion/Makefile

diff --git a/regress/unittests/conversion/Makefile b/regress/unittests/conversion/Makefile
index 8b2a09c..5793c49 100644
--- a/regress/unittests/conversion/Makefile
+++ b/regress/unittests/conversion/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.2 2017/12/21 00:41:22 djm Exp $
+#	$OpenBSD: Makefile,v 1.4 2021/01/09 12:24:30 dtucker Exp $
 
 PROG=test_conversion
 SRCS=tests.c
@@ -6,6 +6,7 @@
 # From usr.bin/ssh
 SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
 SRCS+=atomicio.c misc.c xmalloc.c log.c uidswap.c cleanup.c fatal.c ssherr.c
+SRCS+=match.c addr.c addrmatch.c
 
 REGRESS_TARGETS=run-regress-${PROG}
 

regress/unittests/conversion/tests.c

diff --git a/regress/unittests/conversion/tests.c b/regress/unittests/conversion/tests.c
index ae1154d..bbdc5f5 100644
--- a/regress/unittests/conversion/tests.c
+++ b/regress/unittests/conversion/tests.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: tests.c,v 1.2 2019/06/14 04:03:48 djm Exp $ */
+/* 	$OpenBSD: tests.c,v 1.3 2021/01/18 11:43:34 dtucker Exp $ */
 /*
  * Regress test for conversions
  *
@@ -26,28 +26,28 @@
 	char buf[1024];
 
 	TEST_START("conversion_convtime");
-	ASSERT_LONG_EQ(convtime("0"), 0);
-	ASSERT_LONG_EQ(convtime("1"), 1);
-	ASSERT_LONG_EQ(convtime("1S"), 1);
+	ASSERT_INT_EQ(convtime("0"), 0);
+	ASSERT_INT_EQ(convtime("1"), 1);
+	ASSERT_INT_EQ(convtime("1S"), 1);
 	/* from the examples in the comment above the function */
-	ASSERT_LONG_EQ(convtime("90m"), 5400);
-	ASSERT_LONG_EQ(convtime("1h30m"), 5400);
-	ASSERT_LONG_EQ(convtime("2d"), 172800);
-	ASSERT_LONG_EQ(convtime("1w"), 604800);
+	ASSERT_INT_EQ(convtime("90m"), 5400);
+	ASSERT_INT_EQ(convtime("1h30m"), 5400);
+	ASSERT_INT_EQ(convtime("2d"), 172800);
+	ASSERT_INT_EQ(convtime("1w"), 604800);
 
 	/* negative time is not allowed */
-	ASSERT_LONG_EQ(convtime("-7"), -1);
-	ASSERT_LONG_EQ(convtime("-9d"), -1);
+	ASSERT_INT_EQ(convtime("-7"), -1);
+	ASSERT_INT_EQ(convtime("-9d"), -1);
 	
 	/* overflow */
-	snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX);
-	ASSERT_LONG_EQ(convtime(buf), -1);
-	snprintf(buf, sizeof buf, "%llu", (unsigned long long)LONG_MAX + 1);
-	ASSERT_LONG_EQ(convtime(buf), -1);
+	snprintf(buf, sizeof buf, "%llu", (unsigned long long)INT_MAX);
+	ASSERT_INT_EQ(convtime(buf), INT_MAX);
+	snprintf(buf, sizeof buf, "%llu", (unsigned long long)INT_MAX + 1);
+	ASSERT_INT_EQ(convtime(buf), -1);
 
 	/* overflow with multiplier */
-	snprintf(buf, sizeof buf, "%lluM", (unsigned long long)LONG_MAX/60 + 1);
-	ASSERT_LONG_EQ(convtime(buf), -1);
-	ASSERT_LONG_EQ(convtime("1000000000000000000000w"), -1);
+	snprintf(buf, sizeof buf, "%lluM", (unsigned long long)INT_MAX/60 + 1);
+	ASSERT_INT_EQ(convtime(buf), -1);
+	ASSERT_INT_EQ(convtime("1000000000000000000000w"), -1);
 	TEST_DONE();
 }

regress/unittests/hostkeys/Makefile

diff --git a/regress/unittests/hostkeys/Makefile b/regress/unittests/hostkeys/Makefile
index d841d96..9a53423 100644
--- a/regress/unittests/hostkeys/Makefile
+++ b/regress/unittests/hostkeys/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.8 2020/04/06 09:43:56 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.9 2021/01/09 12:24:30 dtucker Exp $
 
 PROG=test_hostkeys
 SRCS=tests.c test_iterate.c
@@ -8,7 +8,7 @@
 SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
 SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
 SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
-SRCS+=addrmatch.c bitmap.c hostfile.c
+SRCS+=addr.c addrmatch.c bitmap.c hostfile.c
 SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
 SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
 SRCS+=ssh-ed25519-sk.c sk-usbhid.c

regress/unittests/hostkeys/test_iterate.c

diff --git a/regress/unittests/hostkeys/test_iterate.c b/regress/unittests/hostkeys/test_iterate.c
index 5904121..a5b17d7 100644
--- a/regress/unittests/hostkeys/test_iterate.c
+++ b/regress/unittests/hostkeys/test_iterate.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_iterate.c,v 1.6 2018/07/16 03:09:59 djm Exp $ */
+/* 	$OpenBSD: test_iterate.c,v 1.7 2020/12/21 01:31:06 djm Exp $ */
 /*
  * Regress test for hostfile.h hostkeys_foreach()
  *
@@ -194,6 +194,7 @@
 		KEY_UNSPEC,			/* key type */
 		NULL,				/* deserialised key */
 		NULL,				/* comment */
+		0,				/* note */
 	} },
 	{ "dsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
@@ -207,6 +208,7 @@
 		KEY_DSA,
 		NULL,	/* filled at runtime */
 		"DSA #1",
+		0,
 	} },
 	{ "ecdsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
@@ -220,6 +222,7 @@
 		KEY_ECDSA,
 		NULL,	/* filled at runtime */
 		"ECDSA #1",
+		0,
 	} },
 	{ "ed25519_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
@@ -233,6 +236,7 @@
 		KEY_ED25519,
 		NULL,	/* filled at runtime */
 		"ED25519 #1",
+		0,
 	} },
 	{ "rsa_1.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
@@ -246,6 +250,7 @@
 		KEY_RSA,
 		NULL,	/* filled at runtime */
 		"RSA #1",
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -259,6 +264,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -272,6 +278,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ "dsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
@@ -285,6 +292,7 @@
 		KEY_DSA,
 		NULL,	/* filled at runtime */
 		"DSA #2",
+		0,
 	} },
 	{ "ecdsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
@@ -298,6 +306,7 @@
 		KEY_ECDSA,
 		NULL,	/* filled at runtime */
 		"ECDSA #2",
+		0,
 	} },
 	{ "ed25519_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
@@ -311,6 +320,7 @@
 		KEY_ED25519,
 		NULL,	/* filled at runtime */
 		"ED25519 #2",
+		0,
 	} },
 	{ "rsa_2.pub" , -1, -1, HKF_MATCH_HOST, 0, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
@@ -324,6 +334,7 @@
 		KEY_RSA,
 		NULL,	/* filled at runtime */
 		"RSA #2",
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -337,6 +348,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -350,6 +362,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ "dsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
@@ -363,6 +376,7 @@
 		KEY_DSA,
 		NULL,	/* filled at runtime */
 		"DSA #3",
+		0,
 	} },
 	{ "ecdsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
@@ -376,6 +390,7 @@
 		KEY_ECDSA,
 		NULL,	/* filled at runtime */
 		"ECDSA #3",
+		0,
 	} },
 	{ "ed25519_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
@@ -389,6 +404,7 @@
 		KEY_ED25519,
 		NULL,	/* filled at runtime */
 		"ED25519 #3",
+		0,
 	} },
 	{ "rsa_3.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, HKF_MATCH_IP, HKF_MATCH_IP, -1, {
 		NULL,
@@ -402,6 +418,7 @@
 		KEY_RSA,
 		NULL,	/* filled at runtime */
 		"RSA #3",
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -415,6 +432,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -428,6 +446,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ "dsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
@@ -441,6 +460,7 @@
 		KEY_DSA,
 		NULL,	/* filled at runtime */
 		"DSA #5",
+		0,
 	} },
 	{ "ecdsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
@@ -454,6 +474,7 @@
 		KEY_ECDSA,
 		NULL,	/* filled at runtime */
 		"ECDSA #5",
+		0,
 	} },
 	{ "ed25519_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
@@ -467,6 +488,7 @@
 		KEY_ED25519,
 		NULL,	/* filled at runtime */
 		"ED25519 #5",
+		0,
 	} },
 	{ "rsa_5.pub" , -1, -1, 0, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, -1, {
 		NULL,
@@ -480,6 +502,7 @@
 		KEY_RSA,
 		NULL,	/* filled at runtime */
 		"RSA #5",
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -493,6 +516,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	/*
 	 * The next series have each key listed multiple times, as the
@@ -511,6 +535,7 @@
 		KEY_DSA,
 		NULL,	/* filled at runtime */
 		"DSA #6",
+		0,
 	} },
 	{ "dsa_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
 		NULL,
@@ -524,6 +549,7 @@
 		KEY_DSA,
 		NULL,	/* filled at runtime */
 		"DSA #6",
+		0,
 	} },
 	{ "dsa_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
 		NULL,
@@ -537,6 +563,7 @@
 		KEY_DSA,
 		NULL,	/* filled at runtime */
 		"DSA #6",
+		0,
 	} },
 	{ "ecdsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
 		NULL,
@@ -550,6 +577,7 @@
 		KEY_ECDSA,
 		NULL,	/* filled at runtime */
 		"ECDSA #6",
+		0,
 	} },
 	{ "ecdsa_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
 		NULL,
@@ -563,6 +591,7 @@
 		KEY_ECDSA,
 		NULL,	/* filled at runtime */
 		"ECDSA #6",
+		0,
 	} },
 	{ "ecdsa_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
 		NULL,
@@ -576,6 +605,7 @@
 		KEY_ECDSA,
 		NULL,	/* filled at runtime */
 		"ECDSA #6",
+		0,
 	} },
 	{ "ed25519_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
 		NULL,
@@ -589,6 +619,7 @@
 		KEY_ED25519,
 		NULL,	/* filled at runtime */
 		"ED25519 #6",
+		0,
 	} },
 	{ "ed25519_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
 		NULL,
@@ -602,6 +633,7 @@
 		KEY_ED25519,
 		NULL,	/* filled at runtime */
 		"ED25519 #6",
+		0,
 	} },
 	{ "ed25519_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
 		NULL,
@@ -615,6 +647,7 @@
 		KEY_ED25519,
 		NULL,	/* filled at runtime */
 		"ED25519 #6",
+		0,
 	} },
 	{ "rsa_6.pub" , -1, -1, HKF_MATCH_HOST|HKF_MATCH_HOST_HASHED, 0, 0, 0, -1, {
 		NULL,
@@ -628,6 +661,7 @@
 		KEY_RSA,
 		NULL,	/* filled at runtime */
 		"RSA #6",
+		0,
 	} },
 	{ "rsa_6.pub" , -1, -1, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, 0, -1, {
 		NULL,
@@ -641,6 +675,7 @@
 		KEY_RSA,
 		NULL,	/* filled at runtime */
 		"RSA #6",
+		0,
 	} },
 	{ "rsa_6.pub" , -1, -1, 0, 0, 0, HKF_MATCH_IP|HKF_MATCH_IP_HASHED, -1, {
 		NULL,
@@ -654,6 +689,7 @@
 		KEY_RSA,
 		NULL,	/* filled at runtime */
 		"RSA #6",
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -667,6 +703,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -680,6 +717,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -693,6 +731,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ "ed25519_4.pub" , -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
@@ -706,6 +745,7 @@
 		KEY_ED25519,
 		NULL,	/* filled at runtime */
 		"ED25519 #4",
+		0,
 	} },
 	{ "ecdsa_4.pub" , -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
 		NULL,
@@ -719,6 +759,7 @@
 		KEY_ECDSA,
 		NULL,	/* filled at runtime */
 		"ECDSA #4",
+		0,
 	} },
 	{ "dsa_4.pub" , -1, -1, HKF_MATCH_HOST, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
@@ -732,6 +773,7 @@
 		KEY_DSA,
 		NULL,	/* filled at runtime */
 		"DSA #4",
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -745,6 +787,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -758,6 +801,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, 0, 0, 0, -1, {
 		NULL,
@@ -771,6 +815,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
@@ -784,6 +829,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, HKF_MATCH_HOST, 0, 0, 0, -1, {
 		NULL,
@@ -797,6 +843,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
@@ -810,6 +857,7 @@
 		KEY_UNSPEC,
 		NULL,
 		NULL,
+		0,
 	} },
 	{ NULL, -1, -1, 0, HKF_MATCH_HOST, 0, 0, -1, {
 		NULL,
@@ -823,6 +871,7 @@
 		KEY_UNSPEC,
 		NULL,	/* filled at runtime */
 		NULL,
+		0,
 	} },
 	{ NULL, HKF_STATUS_OK, KEY_RSA, HKF_MATCH_HOST, 0, 0, 0, -1, {
 		NULL,
@@ -836,6 +885,7 @@
 		KEY_UNSPEC,
 		NULL,	/* filled at runtime */
 		NULL,
+		0,
 	} },
 };
 
@@ -853,7 +903,7 @@
 	ctx.flags = HKF_WANT_PARSE_KEY;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, NULL, NULL, ctx.flags), 0);
+	    check, &ctx, NULL, NULL, ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -864,7 +914,7 @@
 	ctx.flags = 0;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, NULL, NULL, ctx.flags), 0);
+	    check, &ctx, NULL, NULL, ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -876,7 +926,7 @@
 	ctx.match_host_p = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "prometheus.example.com", NULL, ctx.flags), 0);
+	    check, &ctx, "prometheus.example.com", NULL, ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -888,7 +938,7 @@
 	ctx.match_host_s = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "sisyphus.example.com", NULL, ctx.flags), 0);
+	    check, &ctx, "sisyphus.example.com", NULL, ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -900,7 +950,7 @@
 	ctx.match_host_p = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "prometheus.example.com", NULL, ctx.flags), 0);
+	    check, &ctx, "prometheus.example.com", NULL, ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -912,7 +962,7 @@
 	ctx.match_host_s = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "sisyphus.example.com", NULL, ctx.flags), 0);
+	    check, &ctx, "sisyphus.example.com", NULL, ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -923,7 +973,7 @@
 	ctx.flags = 0;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "actaeon.example.org", NULL, ctx.flags), 0);
+	    check, &ctx, "actaeon.example.org", NULL, ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -934,7 +984,7 @@
 	ctx.flags = HKF_WANT_MATCH;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "actaeon.example.org", NULL, ctx.flags), 0);
+	    check, &ctx, "actaeon.example.org", NULL, ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -946,7 +996,7 @@
 	ctx.match_ipv4 = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "tiresias.example.org", "192.0.2.1", ctx.flags), 0);
+	    check, &ctx, "tiresias.example.org", "192.0.2.1", ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -958,7 +1008,8 @@
 	ctx.match_ipv6 = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "tiresias.example.org", "2001:db8::1", ctx.flags), 0);
+	    check, &ctx, "tiresias.example.org", "2001:db8::1",
+	    ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -970,7 +1021,7 @@
 	ctx.match_ipv4 = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "tiresias.example.org", "192.0.2.1", ctx.flags), 0);
+	    check, &ctx, "tiresias.example.org", "192.0.2.1", ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -982,7 +1033,8 @@
 	ctx.match_ipv6 = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "tiresias.example.org", "2001:db8::1", ctx.flags), 0);
+	    check, &ctx, "tiresias.example.org", "2001:db8::1",
+	    ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -993,7 +1045,8 @@
 	ctx.flags = 0;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "tiresias.example.org", "192.168.0.1", ctx.flags), 0);
+	    check, &ctx, "tiresias.example.org", "192.168.0.1",
+	    ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -1004,7 +1057,7 @@
 	ctx.flags = HKF_WANT_MATCH;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "tiresias.example.org", "::1", ctx.flags), 0);
+	    check, &ctx, "tiresias.example.org", "::1", ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -1017,7 +1070,7 @@
 	ctx.match_ipv4 = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "sisyphus.example.com", "192.0.2.1", ctx.flags), 0);
+	    check, &ctx, "sisyphus.example.com", "192.0.2.1", ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -1031,7 +1084,7 @@
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
 	    check, &ctx, "prometheus.example.com",
-	    "2001:db8::1", ctx.flags), 0);
+	    "2001:db8::1", ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -1044,7 +1097,7 @@
 	ctx.match_ipv4 = 1;
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
-	    check, &ctx, "sisyphus.example.com", "192.0.2.1", ctx.flags), 0);
+	    check, &ctx, "sisyphus.example.com", "192.0.2.1", ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 
@@ -1058,7 +1111,7 @@
 	prepare_expected(expected_full, ctx.nexpected);
 	ASSERT_INT_EQ(hostkeys_foreach(test_data_file("known_hosts"),
 	    check, &ctx, "prometheus.example.com",
-	    "2001:db8::1", ctx.flags), 0);
+	    "2001:db8::1", ctx.flags, 0), 0);
 	cleanup_expected(expected_full, ctx.nexpected);
 	TEST_DONE();
 }

regress/unittests/kex/Makefile

diff --git a/regress/unittests/kex/Makefile b/regress/unittests/kex/Makefile
index 1c5d68c..50b117c 100644
--- a/regress/unittests/kex/Makefile
+++ b/regress/unittests/kex/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.10 2020/04/06 09:43:56 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.12 2021/01/09 12:24:30 dtucker Exp $
 
 PROG=test_kex
 SRCS=tests.c test_kex.c
@@ -8,7 +8,7 @@
 SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
 SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
 SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
-SRCS+=addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
+SRCS+=addr.c addrmatch.c bitmap.c packet.c dispatch.c canohost.c ssh_api.c
 SRCS+=compat.c ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
 SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
 SRCS+=ssh-ed25519-sk.c sk-usbhid.c
@@ -23,8 +23,8 @@
 SRCS+=	kexc25519.c
 SRCS+=	smult_curve25519_ref.c
 SRCS+=	kexgen.c
-SRCS+=	kexsntrup4591761x25519.c
-SRCS+=	sntrup4591761.c
+SRCS+=	kexsntrup761x25519.c
+SRCS+=	sntrup761.c
 SRCS+=	utf8.c
 
 SRCS+=digest-openssl.c

regress/unittests/kex/test_kex.c

diff --git a/regress/unittests/kex/test_kex.c b/regress/unittests/kex/test_kex.c
index 0e7cd9e..3bd71a9 100644
--- a/regress/unittests/kex/test_kex.c
+++ b/regress/unittests/kex/test_kex.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_kex.c,v 1.4 2019/01/21 12:35:20 djm Exp $ */
+/* 	$OpenBSD: test_kex.c,v 1.5 2020/12/29 01:02:15 djm Exp $ */
 /*
  * Regress test KEX
  *
@@ -152,6 +152,7 @@
 #endif /* OPENSSL_HAS_ECC */
 #endif /* WITH_OPENSSL */
 	server2->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
+	server2->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
 	server2->kex->load_host_public_key = server->kex->load_host_public_key;
 	server2->kex->load_host_private_key = server->kex->load_host_private_key;
 	server2->kex->sign = server->kex->sign;
@@ -201,5 +202,8 @@
 	do_kex("diffie-hellman-group-exchange-sha1");
 	do_kex("diffie-hellman-group14-sha1");
 	do_kex("diffie-hellman-group1-sha1");
+# ifdef USE_SNTRUP761X25519
+	do_kex("sntrup761x25519-sha512@openssh.com");
+# endif /* USE_SNTRUP761X25519 */
 #endif /* WITH_OPENSSL */
 }

regress/unittests/match/Makefile

diff --git a/regress/unittests/match/Makefile b/regress/unittests/match/Makefile
index 87e7582..939163d 100644
--- a/regress/unittests/match/Makefile
+++ b/regress/unittests/match/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.4 2017/12/21 03:01:49 djm Exp $
+#	$OpenBSD: Makefile,v 1.5 2021/01/09 12:24:31 dtucker Exp $
 
 PROG=test_match
 SRCS=tests.c
@@ -6,7 +6,7 @@
 # From usr.bin/ssh
 SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
 SRCS+=match.c misc.c log.c uidswap.c fatal.c ssherr.c addrmatch.c xmalloc.c
-SRCS+=cleanup.c atomicio.c
+SRCS+=cleanup.c atomicio.c addr.c
 
 REGRESS_TARGETS=run-regress-${PROG}
 

regress/unittests/match/tests.c

diff --git a/regress/unittests/match/tests.c b/regress/unittests/match/tests.c
index 3d9af55..4fefaf4 100644
--- a/regress/unittests/match/tests.c
+++ b/regress/unittests/match/tests.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: tests.c,v 1.5 2018/07/04 13:51:45 djm Exp $ */
+/* 	$OpenBSD: tests.c,v 1.7 2020/07/15 06:43:16 dtucker Exp $ */
 /*
  * Regress test for matching functions
  *
@@ -105,7 +105,7 @@
 
 #define CHECK_FILTER(string,filter,expected) \
 	do { \
-		char *result = match_filter_blacklist((string), (filter)); \
+		char *result = match_filter_denylist((string), (filter)); \
 		ASSERT_STRING_EQ(result, expected); \
 		free(result); \
 	} while (0)

regress/unittests/misc/Makefile

diff --git a/regress/unittests/misc/Makefile b/regress/unittests/misc/Makefile
index 06e954c..656ae44 100644
--- a/regress/unittests/misc/Makefile
+++ b/regress/unittests/misc/Makefile
@@ -1,12 +1,27 @@
-#	$OpenBSD: Makefile,v 1.1 2019/04/28 22:53:26 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.7 2021/05/21 03:48:07 djm Exp $
 
 PROG=test_misc
 SRCS=tests.c
+SRCS+=	test_convtime.c
+SRCS+=	test_expand.c
+SRCS+=	test_parse.c
+SRCS+=	test_argv.c
+SRCS+=	test_strdelim.c
 
 # From usr.bin/ssh/Makefile.inc
-SRCS+=sshbuf.c sshbuf-getput-basic.c ssherr.c log.c xmalloc.c misc.c
-# From usr/bin/ssh/sshd/Makefile
-SRCS+=atomicio.c cleanup.c fatal.c
+SRCS+=	sshbuf.c
+SRCS+=	sshbuf-getput-basic.c
+SRCS+=	sshbuf-misc.c
+SRCS+=	ssherr.c
+SRCS+=	log.c
+SRCS+=	xmalloc.c
+SRCS+=	misc.c
+SRCS+=	match.c
+SRCS+=	addr.c
+SRCS+=	addrmatch.c
+
+# From usr.bin/ssh/sshd/Makefile
+SRCS+=	atomicio.c cleanup.c fatal.c
 
 REGRESS_TARGETS=run-regress-${PROG}
 

regress/unittests/misc/test_argv.c

diff --git a/regress/unittests/misc/test_argv.c b/regress/unittests/misc/test_argv.c
new file mode 100644
index 0000000..2cfebf2
--- /dev/null
+++ b/regress/unittests/misc/test_argv.c
@@ -0,0 +1,187 @@
+/* 	$OpenBSD: test_argv.c,v 1.3 2021/06/08 07:40:12 djm Exp $ */
+/*
+ * Regress test for misc argv handling functions.
+ *
+ * Placed in the public domain.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include "../test_helper/test_helper.h"
+
+#include "log.h"
+#include "misc.h"
+
+void test_argv(void);
+
+void
+test_argv(void)
+{
+	char **av = NULL;
+	int ac = 0;
+
+#define RESET_ARGV() \
+	do { \
+		argv_free(av, ac); \
+		av = NULL; \
+		ac = -1; \
+	} while (0)
+
+	TEST_START("empty args");
+	ASSERT_INT_EQ(argv_split("", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 0);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_PTR_EQ(av[0], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("    ", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 0);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_PTR_EQ(av[0], NULL);
+	RESET_ARGV();
+	TEST_DONE();
+
+	TEST_START("trivial args");
+	ASSERT_INT_EQ(argv_split("leamas", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "leamas");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("smiley leamas", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 2);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "smiley");
+	ASSERT_STRING_EQ(av[1], "leamas");
+	ASSERT_PTR_EQ(av[2], NULL);
+	RESET_ARGV();
+	TEST_DONE();
+
+	TEST_START("quoted");
+	ASSERT_INT_EQ(argv_split("\"smiley\"", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "smiley");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("leamas \" smiley \"", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 2);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "leamas");
+	ASSERT_STRING_EQ(av[1], " smiley ");
+	ASSERT_PTR_EQ(av[2], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("\"smiley leamas\"", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "smiley leamas");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("smiley\" leamas\" liz", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 2);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "smiley leamas");
+	ASSERT_STRING_EQ(av[1], "liz");
+	ASSERT_PTR_EQ(av[2], NULL);
+	RESET_ARGV();
+	TEST_DONE();
+
+	TEST_START("escaped");
+	ASSERT_INT_EQ(argv_split("\\\"smiley\\'", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "\"smiley'");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("'\\'smiley\\\"'", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "'smiley\"");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("smiley\\'s leamas\\'", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 2);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "smiley's");
+	ASSERT_STRING_EQ(av[1], "leamas'");
+	ASSERT_PTR_EQ(av[2], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("leamas\\\\smiley", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "leamas\\smiley");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("leamas\\\\ \\\\smiley", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 2);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "leamas\\");
+	ASSERT_STRING_EQ(av[1], "\\smiley");
+	ASSERT_PTR_EQ(av[2], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("smiley\\ leamas", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "smiley leamas");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	TEST_DONE();
+
+	TEST_START("quoted escaped");
+	ASSERT_INT_EQ(argv_split("'smiley\\ leamas'", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "smiley\\ leamas");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("\"smiley\\ leamas\"", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "smiley\\ leamas");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	TEST_DONE();
+
+	TEST_START("comments");
+	ASSERT_INT_EQ(argv_split("# gold", &ac, &av, 0), 0);
+	ASSERT_INT_EQ(ac, 2);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "#");
+	ASSERT_STRING_EQ(av[1], "gold");
+	ASSERT_PTR_EQ(av[2], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("# gold", &ac, &av, 1), 0);
+	ASSERT_INT_EQ(ac, 0);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_PTR_EQ(av[0], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("leamas#gold", &ac, &av, 1), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "leamas#gold");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("\"leamas # gold\"", &ac, &av, 1), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "leamas # gold");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	ASSERT_INT_EQ(argv_split("\"leamas\"#gold", &ac, &av, 1), 0);
+	ASSERT_INT_EQ(ac, 1);
+	ASSERT_PTR_NE(av, NULL);
+	ASSERT_STRING_EQ(av[0], "leamas#gold");
+	ASSERT_PTR_EQ(av[1], NULL);
+	RESET_ARGV();
+	TEST_DONE();
+
+	/* XXX test char *argv_assemble(int argc, char **argv) */
+}

regress/unittests/misc/test_convtime.c

diff --git a/regress/unittests/misc/test_convtime.c b/regress/unittests/misc/test_convtime.c
new file mode 100644
index 0000000..8f9be89
--- /dev/null
+++ b/regress/unittests/misc/test_convtime.c
@@ -0,0 +1,59 @@
+/* 	$OpenBSD: test_convtime.c,v 1.1 2021/03/19 03:25:01 djm Exp $ */
+/*
+ * Regress test for misc time conversion functions.
+ *
+ * Placed in the public domain.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include "../test_helper/test_helper.h"
+
+#include "log.h"
+#include "misc.h"
+
+void test_convtime(void);
+
+void
+test_convtime(void)
+{
+	char buf[1024];
+
+	TEST_START("misc_convtime");
+	ASSERT_INT_EQ(convtime("0"), 0);
+	ASSERT_INT_EQ(convtime("1"), 1);
+	ASSERT_INT_EQ(convtime("2s"), 2);
+	ASSERT_INT_EQ(convtime("3m"), 180);
+	ASSERT_INT_EQ(convtime("1m30"), 90);
+	ASSERT_INT_EQ(convtime("1m30s"), 90);
+	ASSERT_INT_EQ(convtime("1h1s"), 3601);
+	ASSERT_INT_EQ(convtime("1h30m"), 90 * 60);
+	ASSERT_INT_EQ(convtime("1d"), 24 * 60 * 60);
+	ASSERT_INT_EQ(convtime("1w"), 7 * 24 * 60 * 60);
+	ASSERT_INT_EQ(convtime("1w2d3h4m5"), 788645);
+	ASSERT_INT_EQ(convtime("1w2d3h4m5s"), 788645);
+	/* any negative number or error returns -1 */
+	ASSERT_INT_EQ(convtime("-1"),  -1);
+	ASSERT_INT_EQ(convtime(""),  -1);
+	ASSERT_INT_EQ(convtime("trout"),  -1);
+	ASSERT_INT_EQ(convtime("-77"),  -1);
+	/* boundary conditions */
+	snprintf(buf, sizeof buf, "%llu", (long long unsigned)INT_MAX);
+	ASSERT_INT_EQ(convtime(buf), INT_MAX);
+	snprintf(buf, sizeof buf, "%llu", (long long unsigned)INT_MAX + 1);
+	ASSERT_INT_EQ(convtime(buf), -1);
+	ASSERT_INT_EQ(convtime("3550w5d3h14m7s"), 2147483647);
+#if INT_MAX == 2147483647
+	ASSERT_INT_EQ(convtime("3550w5d3h14m8s"), -1);
+#endif
+	TEST_DONE();
+}

regress/unittests/misc/test_expand.c

diff --git a/regress/unittests/misc/test_expand.c b/regress/unittests/misc/test_expand.c
new file mode 100644
index 0000000..513c69b
--- /dev/null
+++ b/regress/unittests/misc/test_expand.c
@@ -0,0 +1,90 @@
+/* 	$OpenBSD: test_expand.c,v 1.2 2021/04/06 09:07:33 dtucker Exp $ */
+/*
+ * Regress test for misc string expansion functions.
+ *
+ * Placed in the public domain.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include "../test_helper/test_helper.h"
+
+#include "log.h"
+#include "misc.h"
+
+void test_expand(void);
+
+void
+test_expand(void)
+{
+	int parseerr;
+	char *ret;
+
+	TEST_START("dollar_expand");
+	ASSERT_INT_EQ(setenv("FOO", "bar", 1), 0);
+	ASSERT_INT_EQ(setenv("BAR", "baz", 1), 0);
+	(void)unsetenv("BAZ");
+#define ASSERT_DOLLAR_EQ(x, y) do { \
+	char *str = dollar_expand(NULL, (x)); \
+	ASSERT_STRING_EQ(str, (y)); \
+	free(str); \
+} while(0)
+	ASSERT_DOLLAR_EQ("${FOO}", "bar");
+	ASSERT_DOLLAR_EQ(" ${FOO}", " bar");
+	ASSERT_DOLLAR_EQ("${FOO} ", "bar ");
+	ASSERT_DOLLAR_EQ(" ${FOO} ", " bar ");
+	ASSERT_DOLLAR_EQ("${FOO}${BAR}", "barbaz");
+	ASSERT_DOLLAR_EQ(" ${FOO} ${BAR}", " bar baz");
+	ASSERT_DOLLAR_EQ("${FOO}${BAR} ", "barbaz ");
+	ASSERT_DOLLAR_EQ(" ${FOO} ${BAR} ", " bar baz ");
+	ASSERT_DOLLAR_EQ("$", "$");
+	ASSERT_DOLLAR_EQ(" $", " $");
+	ASSERT_DOLLAR_EQ("$ ", "$ ");
+
+	/* suppress error messages for error handing tests */
+	log_init("test_misc", SYSLOG_LEVEL_QUIET, SYSLOG_FACILITY_AUTH, 1);
+	/* error checking, non existent variable */
+	ret = dollar_expand(&parseerr, "a${BAZ}");
+	ASSERT_PTR_EQ(ret, NULL); ASSERT_INT_EQ(parseerr, 0);
+	ret = dollar_expand(&parseerr, "${BAZ}b");
+	ASSERT_PTR_EQ(ret, NULL); ASSERT_INT_EQ(parseerr, 0);
+	ret = dollar_expand(&parseerr, "a${BAZ}b");
+	ASSERT_PTR_EQ(ret, NULL); ASSERT_INT_EQ(parseerr, 0);
+	/* invalid format */
+	ret = dollar_expand(&parseerr, "${");
+	ASSERT_PTR_EQ(ret, NULL); ASSERT_INT_EQ(parseerr, 1);
+	ret = dollar_expand(&parseerr, "${F");
+	ASSERT_PTR_EQ(ret, NULL); ASSERT_INT_EQ(parseerr, 1);
+	ret = dollar_expand(&parseerr, "${FO");
+	ASSERT_PTR_EQ(ret, NULL); ASSERT_INT_EQ(parseerr, 1);
+	/* empty variable name */
+	ret = dollar_expand(&parseerr, "${}");
+	ASSERT_PTR_EQ(ret, NULL); ASSERT_INT_EQ(parseerr, 1);
+	/* restore loglevel to default */
+	log_init("test_misc", SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_AUTH, 1);
+	TEST_DONE();
+
+	TEST_START("percent_expand");
+	ASSERT_STRING_EQ(percent_expand("%%", "%h", "foo", NULL), "%");
+	ASSERT_STRING_EQ(percent_expand("%h", "h", "foo", NULL), "foo");
+	ASSERT_STRING_EQ(percent_expand("%h ", "h", "foo", NULL), "foo ");
+	ASSERT_STRING_EQ(percent_expand(" %h", "h", "foo", NULL), " foo");
+	ASSERT_STRING_EQ(percent_expand(" %h ", "h", "foo", NULL), " foo ");
+	ASSERT_STRING_EQ(percent_expand(" %a%b ", "a", "foo", "b", "bar", NULL),
+	    " foobar ");
+	TEST_DONE();
+
+	TEST_START("percent_dollar_expand");
+	ASSERT_STRING_EQ(percent_dollar_expand("%h${FOO}", "h", "foo", NULL),
+	    "foobar");
+	TEST_DONE();
+}

regress/unittests/misc/test_parse.c

diff --git a/regress/unittests/misc/test_parse.c b/regress/unittests/misc/test_parse.c
new file mode 100644
index 0000000..727ff3d
--- /dev/null
+++ b/regress/unittests/misc/test_parse.c
@@ -0,0 +1,86 @@
+/* 	$OpenBSD: test_parse.c,v 1.1 2021/03/19 03:25:01 djm Exp $ */
+/*
+ * Regress test for misc user/host/URI parsing functions.
+ *
+ * Placed in the public domain.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include "../test_helper/test_helper.h"
+
+#include "log.h"
+#include "misc.h"
+
+void test_parse(void);
+
+void
+test_parse(void)
+{
+	int port;
+	char *user, *host, *path;
+
+	TEST_START("misc_parse_user_host_path");
+	ASSERT_INT_EQ(parse_user_host_path("someuser@some.host:some/path",
+	    &user, &host, &path), 0);
+	ASSERT_STRING_EQ(user, "someuser");
+	ASSERT_STRING_EQ(host, "some.host");
+	ASSERT_STRING_EQ(path, "some/path");
+	free(user); free(host); free(path);
+	TEST_DONE();
+
+	TEST_START("misc_parse_user_ipv4_path");
+	ASSERT_INT_EQ(parse_user_host_path("someuser@1.22.33.144:some/path",
+	    &user, &host, &path), 0);
+	ASSERT_STRING_EQ(user, "someuser");
+	ASSERT_STRING_EQ(host, "1.22.33.144");
+	ASSERT_STRING_EQ(path, "some/path");
+	free(user); free(host); free(path);
+	TEST_DONE();
+
+	TEST_START("misc_parse_user_[ipv4]_path");
+	ASSERT_INT_EQ(parse_user_host_path("someuser@[1.22.33.144]:some/path",
+	    &user, &host, &path), 0);
+	ASSERT_STRING_EQ(user, "someuser");
+	ASSERT_STRING_EQ(host, "1.22.33.144");
+	ASSERT_STRING_EQ(path, "some/path");
+	free(user); free(host); free(path);
+	TEST_DONE();
+
+	TEST_START("misc_parse_user_[ipv4]_nopath");
+	ASSERT_INT_EQ(parse_user_host_path("someuser@[1.22.33.144]:",
+	    &user, &host, &path), 0);
+	ASSERT_STRING_EQ(user, "someuser");
+	ASSERT_STRING_EQ(host, "1.22.33.144");
+	ASSERT_STRING_EQ(path, ".");
+	free(user); free(host); free(path);
+	TEST_DONE();
+
+	TEST_START("misc_parse_user_ipv6_path");
+	ASSERT_INT_EQ(parse_user_host_path("someuser@[::1]:some/path",
+	    &user, &host, &path), 0);
+	ASSERT_STRING_EQ(user, "someuser");
+	ASSERT_STRING_EQ(host, "::1");
+	ASSERT_STRING_EQ(path, "some/path");
+	free(user); free(host); free(path);
+	TEST_DONE();
+
+	TEST_START("misc_parse_uri");
+	ASSERT_INT_EQ(parse_uri("ssh", "ssh://someuser@some.host:22/some/path",
+	    &user, &host, &port, &path), 0);
+	ASSERT_STRING_EQ(user, "someuser");
+	ASSERT_STRING_EQ(host, "some.host");
+	ASSERT_INT_EQ(port, 22);
+	ASSERT_STRING_EQ(path, "some/path");
+	free(user); free(host); free(path);
+	TEST_DONE();
+}

regress/unittests/misc/test_strdelim.c

diff --git a/regress/unittests/misc/test_strdelim.c b/regress/unittests/misc/test_strdelim.c
new file mode 100644
index 0000000..1d9133d
--- /dev/null
+++ b/regress/unittests/misc/test_strdelim.c
@@ -0,0 +1,202 @@
+/* 	$OpenBSD: test_strdelim.c,v 1.2 2021/05/21 03:59:01 djm Exp $ */
+/*
+ * Regress test for misc strdelim() and co
+ *
+ * Placed in the public domain.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+
+#include "../test_helper/test_helper.h"
+
+#include "log.h"
+#include "misc.h"
+#include "xmalloc.h"
+
+void test_strdelim(void);
+
+void
+test_strdelim(void)
+{
+	char *orig, *str, *cp;
+
+#define START_STRING(x)	orig = str = xstrdup(x)
+#define DONE_STRING()	free(orig)
+
+	TEST_START("empty");
+	START_STRING("");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "");	/* XXX arguable */
+	cp = strdelim(&str);
+	ASSERT_PTR_EQ(cp, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("whitespace");
+	START_STRING("	");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "");	/* XXX better as NULL */
+	ASSERT_STRING_EQ(str, "");
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("trivial");
+	START_STRING("blob");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob");
+	cp = strdelim(&str);
+	ASSERT_PTR_EQ(cp, NULL);
+	ASSERT_PTR_EQ(str, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("trivial whitespace");
+	START_STRING("blob   ");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob");
+	ASSERT_STRING_EQ(str, "");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "");	/* XXX better as NULL */
+	ASSERT_PTR_EQ(str, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("multi");
+	START_STRING("blob1 blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob1");
+	ASSERT_STRING_EQ(str, "blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob2");
+	ASSERT_PTR_EQ(str, NULL);
+	cp = strdelim(&str);
+	ASSERT_PTR_EQ(cp, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("multi whitespace");
+	START_STRING("blob1	 	blob2  	 	");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob1");
+	ASSERT_STRING_EQ(str, "blob2  	 	");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "");	/* XXX better as NULL */
+	ASSERT_PTR_EQ(str, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("multi equals");
+	START_STRING("blob1=blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob1");
+	ASSERT_STRING_EQ(str, "blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob2");
+	ASSERT_PTR_EQ(str, NULL);
+	cp = strdelim(&str);
+	ASSERT_PTR_EQ(cp, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("multi too many equals");
+	START_STRING("blob1==blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob1");	/* XXX better returning NULL early */
+	ASSERT_STRING_EQ(str, "=blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "");
+	ASSERT_STRING_EQ(str, "blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob2");	/* XXX should (but can't) reject */
+	ASSERT_PTR_EQ(str, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("multi equals strdelimw");
+	START_STRING("blob1=blob2");
+	cp = strdelimw(&str);
+	ASSERT_STRING_EQ(cp, "blob1=blob2");
+	ASSERT_PTR_EQ(str, NULL);
+	cp = strdelimw(&str);
+	ASSERT_PTR_EQ(cp, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("quoted");
+	START_STRING("\"blob\"");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "");	/* XXX better as NULL */
+	ASSERT_PTR_EQ(str, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("quoted multi");
+	START_STRING("\"blob1\" blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob1");
+	ASSERT_STRING_EQ(str, "blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob2");
+	ASSERT_PTR_EQ(str, NULL);
+	cp = strdelim(&str);
+	ASSERT_PTR_EQ(cp, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("quoted multi reverse");
+	START_STRING("blob1 \"blob2\"");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob1");
+	ASSERT_STRING_EQ(str, "\"blob2\"");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob2");
+	ASSERT_STRING_EQ(str, "");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "");	/* XXX better as NULL */
+	ASSERT_PTR_EQ(str, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("quoted multi middle");
+	START_STRING("blob1 \"blob2\" blob3");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob1");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob2");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob3");
+	cp = strdelim(&str);
+	ASSERT_PTR_EQ(cp, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("badquote");
+	START_STRING("\"blob");
+	cp = strdelim(&str);
+	ASSERT_PTR_EQ(cp, NULL);
+	DONE_STRING();
+	TEST_DONE();
+
+	TEST_START("oops quote");
+	START_STRING("\"blob\\\"");
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "blob\\");	/* XXX wrong */
+	cp = strdelim(&str);
+	ASSERT_STRING_EQ(cp, "");
+	DONE_STRING();
+	TEST_DONE();
+
+}

regress/unittests/misc/tests.c

diff --git a/regress/unittests/misc/tests.c b/regress/unittests/misc/tests.c
index ed775eb..b0b7cd4 100644
--- a/regress/unittests/misc/tests.c
+++ b/regress/unittests/misc/tests.c
@@ -1,79 +1,38 @@
-/* 	$OpenBSD: tests.c,v 1.1 2019/04/28 22:53:26 dtucker Exp $ */
+/* 	$OpenBSD: tests.c,v 1.7 2021/05/21 03:48:07 djm Exp $ */
 /*
  * Regress test for misc helper functions.
  *
  * Placed in the public domain.
  */
 
+#include "includes.h"
+
 #include <sys/types.h>
 #include <sys/param.h>
 #include <stdio.h>
+#ifdef HAVE_STDINT_H
 #include <stdint.h>
+#endif
 #include <stdlib.h>
 #include <string.h>
 
-#include "test_helper.h"
+#include "../test_helper/test_helper.h"
 
+#include "log.h"
 #include "misc.h"
 
+void test_parse(void);
+void test_convtime(void);
+void test_expand(void);
+void test_argv(void);
+void test_strdelim(void);
+
 void
 tests(void)
 {
-	int port;
-	char *user, *host, *path;
-
-	TEST_START("misc_parse_user_host_path");
-	ASSERT_INT_EQ(parse_user_host_path("someuser@some.host:some/path",
-	    &user, &host, &path), 0);
-	ASSERT_STRING_EQ(user, "someuser");
-	ASSERT_STRING_EQ(host, "some.host");
-	ASSERT_STRING_EQ(path, "some/path");
-	free(user); free(host); free(path);
-	TEST_DONE();
-
-	TEST_START("misc_parse_user_ipv4_path");
-	ASSERT_INT_EQ(parse_user_host_path("someuser@1.22.33.144:some/path",
-	    &user, &host, &path), 0);
-	ASSERT_STRING_EQ(user, "someuser");
-	ASSERT_STRING_EQ(host, "1.22.33.144");
-	ASSERT_STRING_EQ(path, "some/path");
-	free(user); free(host); free(path);
-	TEST_DONE();
-
-	TEST_START("misc_parse_user_[ipv4]_path");
-	ASSERT_INT_EQ(parse_user_host_path("someuser@[1.22.33.144]:some/path",
-	    &user, &host, &path), 0);
-	ASSERT_STRING_EQ(user, "someuser");
-	ASSERT_STRING_EQ(host, "1.22.33.144");
-	ASSERT_STRING_EQ(path, "some/path");
-	free(user); free(host); free(path);
-	TEST_DONE();
-
-	TEST_START("misc_parse_user_[ipv4]_nopath");
-	ASSERT_INT_EQ(parse_user_host_path("someuser@[1.22.33.144]:",
-	    &user, &host, &path), 0);
-	ASSERT_STRING_EQ(user, "someuser");
-	ASSERT_STRING_EQ(host, "1.22.33.144");
-	ASSERT_STRING_EQ(path, ".");
-	free(user); free(host); free(path);
-	TEST_DONE();
-
-	TEST_START("misc_parse_user_ipv6_path");
-	ASSERT_INT_EQ(parse_user_host_path("someuser@[::1]:some/path",
-	    &user, &host, &path), 0);
-	ASSERT_STRING_EQ(user, "someuser");
-	ASSERT_STRING_EQ(host, "::1");
-	ASSERT_STRING_EQ(path, "some/path");
-	free(user); free(host); free(path);
-	TEST_DONE();
-
-	TEST_START("misc_parse_uri");
-	ASSERT_INT_EQ(parse_uri("ssh", "ssh://someuser@some.host:22/some/path",
-	    &user, &host, &port, &path), 0);
-	ASSERT_STRING_EQ(user, "someuser");
-	ASSERT_STRING_EQ(host, "some.host");
-	ASSERT_INT_EQ(port, 22);
-	ASSERT_STRING_EQ(path, "some/path");
-	free(user); free(host); free(path);
-	TEST_DONE();
+	test_parse();
+	test_convtime();
+	test_expand();
+	test_argv();
+	test_strdelim();
 }

regress/unittests/sshbuf/Makefile

diff --git a/regress/unittests/sshbuf/Makefile b/regress/unittests/sshbuf/Makefile
index 5f6c442..a8ddfaf 100644
--- a/regress/unittests/sshbuf/Makefile
+++ b/regress/unittests/sshbuf/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.8 2020/01/26 00:09:50 djm Exp $
+#	$OpenBSD: Makefile,v 1.10 2021/01/09 12:24:31 dtucker Exp $
 
 #	$OpenBSD: Makefile,v 1.8 2020/01/26 00:09:50 djm Exp $
 
@@ -15,6 +15,7 @@
 # From usr.bin/ssh
 SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
 SRCS+=sshbuf-io.c atomicio.c misc.c xmalloc.c log.c fatal.c ssherr.c cleanup.c
+SRCS+=match.c addr.c addrmatch.c
 
 run-regress-${PROG}: ${PROG}
 	env ${TEST_ENV} ./${PROG} ${UNITTEST_ARGS}

regress/unittests/sshkey/Makefile

diff --git a/regress/unittests/sshkey/Makefile b/regress/unittests/sshkey/Makefile
index 29c9b3b..d4a8923 100644
--- a/regress/unittests/sshkey/Makefile
+++ b/regress/unittests/sshkey/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.10 2020/04/06 09:43:56 dtucker Exp $
+#	$OpenBSD: Makefile,v 1.11 2021/01/09 12:24:31 dtucker Exp $
 
 PROG=test_sshkey
 SRCS=tests.c test_sshkey.c test_file.c test_fuzz.c common.c
@@ -8,7 +8,7 @@
 SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
 SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
 SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
-SRCS+=addrmatch.c bitmap.c
+SRCS+=addr.c addrmatch.c bitmap.c
 SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
 SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
 SRCS+=ssh-ed25519-sk.c sk-usbhid.c

regress/unittests/sshkey/mktestdata.sh

diff --git a/regress/unittests/sshkey/mktestdata.sh b/regress/unittests/sshkey/mktestdata.sh
index 8efe6dd..fcd78e9 100755
--- a/regress/unittests/sshkey/mktestdata.sh
+++ b/regress/unittests/sshkey/mktestdata.sh
@@ -1,5 +1,5 @@
 #!/bin/sh
-# $OpenBSD: mktestdata.sh,v 1.10 2020/05/01 04:03:14 djm Exp $
+# $OpenBSD: mktestdata.sh,v 1.11 2020/06/19 03:48:49 djm Exp $
 
 PW=mekmitasdigoat
 
@@ -70,6 +70,15 @@
 
 cd testdata
 
+if [ -f ../../../misc/sk-dummy/sk-dummy.so ] ; then
+	SK_DUMMY=../../../misc/sk-dummy/sk-dummy.so
+elif [ -f ../../../misc/sk-dummy/obj/sk-dummy.so ] ; then
+	SK_DUMMY=../../../misc/sk-dummy/obj/sk-dummy.so
+else
+	echo "Can't find sk-dummy.so" 1>&2
+	exit 1
+fi
+
 rm -f rsa_1 dsa_1 ecdsa_1 ed25519_1
 rm -f rsa_2 dsa_2 ecdsa_2 ed25519_2
 rm -f rsa_n dsa_n ecdsa_n # new-format keys
@@ -81,11 +90,20 @@
 ssh-keygen -t dsa -b 1024 -C "DSA test key #1" -N "" -f dsa_1 -m PEM
 ssh-keygen -t ecdsa -b 256 -C "ECDSA test key #1" -N "" -f ecdsa_1 -m PEM
 ssh-keygen -t ed25519 -C "ED25519 test key #1" -N "" -f ed25519_1
+ssh-keygen -w "$SK_DUMMY" -t ecdsa-sk -C "ECDSA-SK test key #1" \
+    -N "" -f ecdsa_sk1
+ssh-keygen -w "$SK_DUMMY" -t ed25519-sk -C "ED25519-SK test key #1" \
+    -N "" -f ed25519_sk1
+
 
 ssh-keygen -t rsa -b 2048 -C "RSA test key #2" -N "" -f rsa_2 -m PEM
 ssh-keygen -t dsa -b 1024 -C "DSA test key #2" -N "" -f dsa_2 -m PEM
 ssh-keygen -t ecdsa -b 521 -C "ECDSA test key #2" -N "" -f ecdsa_2 -m PEM
-ssh-keygen -t ed25519 -C "ED25519 test key #1" -N "" -f ed25519_2
+ssh-keygen -t ed25519 -C "ED25519 test key #2" -N "" -f ed25519_2
+ssh-keygen -w "$SK_DUMMY" -t ecdsa-sk -C "ECDSA-SK test key #2" \
+    -N "" -f ecdsa_sk2
+ssh-keygen -w "$SK_DUMMY" -t ed25519-sk -C "ED25519-SK test key #2" \
+    -N "" -f ed25519_sk2
 
 cp rsa_1 rsa_n
 cp dsa_1 dsa_n
@@ -99,6 +117,8 @@
 cp dsa_1 dsa_1_pw
 cp ecdsa_1 ecdsa_1_pw
 cp ed25519_1 ed25519_1_pw
+cp ecdsa_sk1 ecdsa_sk1_pw
+cp ed25519_sk1 ed25519_sk1_pw
 cp rsa_1 rsa_n_pw
 cp dsa_1 dsa_n_pw
 cp ecdsa_1 ecdsa_n_pw
@@ -107,6 +127,8 @@
 ssh-keygen -pf dsa_1_pw -m PEM -N "$PW"
 ssh-keygen -pf ecdsa_1_pw -m PEM -N "$PW"
 ssh-keygen -pf ed25519_1_pw -N "$PW"
+ssh-keygen -pf ecdsa_sk1_pw -m PEM -N "$PW"
+ssh-keygen -pf ed25519_sk1_pw -N "$PW"
 ssh-keygen -pf rsa_n_pw -N "$PW"
 ssh-keygen -pf dsa_n_pw -N "$PW"
 ssh-keygen -pf ecdsa_n_pw -N "$PW"
@@ -117,7 +139,7 @@
 dsa_params dsa_1 dsa_1.param
 ecdsa_params ecdsa_1 ecdsa_1.param
 ecdsa_params ecdsa_2 ecdsa_2.param
-# XXX ed25519 params
+# XXX ed25519, *sk params
 
 ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
     -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
@@ -131,6 +153,13 @@
 ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
     -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
     -V 19990101:20110101 -z 4 ed25519_1.pub
+ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
+    -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
+    -V 19990101:20110101 -z 4 ecdsa_sk1.pub
+ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
+    -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
+    -V 19990101:20110101 -z 4 ed25519_sk1.pub
+
 
 # Make a few RSA variant signature too.
 cp rsa_1 rsa_1_sha1
@@ -152,30 +181,42 @@
     -V 19990101:20110101 -z 7 ecdsa_1.pub
 ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
     -V 19990101:20110101 -z 8 ed25519_1.pub
+ssh-keygen -s ecdsa_1 -I julius -n host1,host2 -h \
+    -V 19990101:20110101 -z 7 ecdsa_sk1.pub
+ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
+    -V 19990101:20110101 -z 8 ed25519_sk1.pub
 
 ssh-keygen -lf rsa_1 | awk '{print $2}' > rsa_1.fp
 ssh-keygen -lf dsa_1 | awk '{print $2}' > dsa_1.fp
 ssh-keygen -lf ecdsa_1 | awk '{print $2}' > ecdsa_1.fp
 ssh-keygen -lf ed25519_1 | awk '{print $2}' > ed25519_1.fp
+ssh-keygen -lf ecdsa_sk1 | awk '{print $2}' > ecdsa_sk1.fp
+ssh-keygen -lf ed25519_sk1 | awk '{print $2}' > ed25519_sk1.fp
 ssh-keygen -lf rsa_2 | awk '{print $2}' > rsa_2.fp
 ssh-keygen -lf dsa_2 | awk '{print $2}' > dsa_2.fp
 ssh-keygen -lf ecdsa_2 | awk '{print $2}' > ecdsa_2.fp
 ssh-keygen -lf ed25519_2 | awk '{print $2}' > ed25519_2.fp
+ssh-keygen -lf ecdsa_sk2 | awk '{print $2}' > ecdsa_sk2.fp
+ssh-keygen -lf ed25519_sk2 | awk '{print $2}' > ed25519_sk2.fp
 
+ssh-keygen -lf rsa_1-cert.pub  | awk '{print $2}' > rsa_1-cert.fp
 ssh-keygen -lf dsa_1-cert.pub  | awk '{print $2}' > dsa_1-cert.fp
 ssh-keygen -lf ecdsa_1-cert.pub  | awk '{print $2}' > ecdsa_1-cert.fp
 ssh-keygen -lf ed25519_1-cert.pub  | awk '{print $2}' > ed25519_1-cert.fp
-ssh-keygen -lf rsa_1-cert.pub  | awk '{print $2}' > rsa_1-cert.fp
+ssh-keygen -lf ecdsa_sk1-cert.pub  | awk '{print $2}' > ecdsa_sk1-cert.fp
+ssh-keygen -lf ed25519_sk1-cert.pub  | awk '{print $2}' > ed25519_sk1-cert.fp
 
 ssh-keygen -Bf rsa_1 | awk '{print $2}' > rsa_1.fp.bb
 ssh-keygen -Bf dsa_1 | awk '{print $2}' > dsa_1.fp.bb
 ssh-keygen -Bf ecdsa_1 | awk '{print $2}' > ecdsa_1.fp.bb
 ssh-keygen -Bf ed25519_1 | awk '{print $2}' > ed25519_1.fp.bb
+ssh-keygen -Bf ecdsa_sk1 | awk '{print $2}' > ecdsa_sk1.fp.bb
+ssh-keygen -Bf ed25519_sk1 | awk '{print $2}' > ed25519_sk1.fp.bb
 ssh-keygen -Bf rsa_2 | awk '{print $2}' > rsa_2.fp.bb
 ssh-keygen -Bf dsa_2 | awk '{print $2}' > dsa_2.fp.bb
 ssh-keygen -Bf ecdsa_2 | awk '{print $2}' > ecdsa_2.fp.bb
 ssh-keygen -Bf ed25519_2 | awk '{print $2}' > ed25519_2.fp.bb
-
-# XXX Extend ssh-keygen to do detached signatures (better to test/fuzz against)
+ssh-keygen -Bf ecdsa_sk2 | awk '{print $2}' > ecdsa_sk2.fp.bb
+ssh-keygen -Bf ed25519_sk2 | awk '{print $2}' > ed25519_sk2.fp.bb
 
 echo "$PW" > pw

regress/unittests/sshkey/test_file.c

diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c
index 55627bc..7d76733 100644
--- a/regress/unittests/sshkey/test_file.c
+++ b/regress/unittests/sshkey/test_file.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_file.c,v 1.8 2018/09/13 09:03:20 djm Exp $ */
+/* 	$OpenBSD: test_file.c,v 1.9 2020/06/19 03:48:49 djm Exp $ */
 /*
  * Regress test for sshkey.h key management API
  *
@@ -422,6 +422,137 @@
 
 	sshkey_free(k1);
 
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
+	TEST_START("parse ECDSA-SK from private");
+	buf = load_file("ecdsa_sk1");
+	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
+	sshbuf_free(buf);
+	ASSERT_PTR_NE(k1, NULL);
+	ASSERT_INT_EQ(k1->type, KEY_ECDSA_SK);
+	TEST_DONE();
+
+	TEST_START("parse ECDSA-SK from private w/ passphrase");
+	buf = load_file("ecdsa_sk1_pw");
+	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+	    (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
+	sshbuf_free(buf);
+	ASSERT_PTR_NE(k2, NULL);
+	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+	sshkey_free(k2);
+	TEST_DONE();
+
+	TEST_START("load ECDSA-SK from public");
+	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ecdsa_sk1.pub"), &k2,
+	    NULL), 0);
+	ASSERT_PTR_NE(k2, NULL);
+	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+	sshkey_free(k2);
+	TEST_DONE();
+
+	TEST_START("load ECDSA-SK cert");
+	ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ecdsa_sk1"), &k2), 0);
+	ASSERT_PTR_NE(k2, NULL);
+	ASSERT_INT_EQ(k2->type, KEY_ECDSA_SK_CERT);
+	ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
+	ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
+	TEST_DONE();
+
+	TEST_START("ECDSA-SK key hex fingerprint");
+	buf = load_text_file("ecdsa_sk1.fp");
+	cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
+	ASSERT_PTR_NE(cp, NULL);
+	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+	sshbuf_free(buf);
+	free(cp);
+	TEST_DONE();
+
+	TEST_START("ECDSA-SK cert hex fingerprint");
+	buf = load_text_file("ecdsa_sk1-cert.fp");
+	cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
+	ASSERT_PTR_NE(cp, NULL);
+	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+	sshbuf_free(buf);
+	free(cp);
+	sshkey_free(k2);
+	TEST_DONE();
+
+	TEST_START("ECDSA-SK key bubblebabble fingerprint");
+	buf = load_text_file("ecdsa_sk1.fp.bb");
+	cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
+	ASSERT_PTR_NE(cp, NULL);
+	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+	sshbuf_free(buf);
+	free(cp);
+	TEST_DONE();
+
+	sshkey_free(k1);
+#endif
+
+	TEST_START("parse Ed25519-SK from private");
+	buf = load_file("ed25519_sk1");
+	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf, "", &k1, NULL), 0);
+	sshbuf_free(buf);
+	ASSERT_PTR_NE(k1, NULL);
+	ASSERT_INT_EQ(k1->type, KEY_ED25519_SK);
+	/* XXX check key contents */
+	TEST_DONE();
+
+	TEST_START("parse Ed25519-SK from private w/ passphrase");
+	buf = load_file("ed25519_sk1_pw");
+	ASSERT_INT_EQ(sshkey_parse_private_fileblob(buf,
+	    (const char *)sshbuf_ptr(pw), &k2, NULL), 0);
+	sshbuf_free(buf);
+	ASSERT_PTR_NE(k2, NULL);
+	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+	sshkey_free(k2);
+	TEST_DONE();
+
+	TEST_START("load Ed25519-SK from public");
+	ASSERT_INT_EQ(sshkey_load_public(test_data_file("ed25519_sk1.pub"),
+	    &k2, NULL), 0);
+	ASSERT_PTR_NE(k2, NULL);
+	ASSERT_INT_EQ(sshkey_equal(k1, k2), 1);
+	sshkey_free(k2);
+	TEST_DONE();
+
+	TEST_START("load Ed25519-SK cert");
+	ASSERT_INT_EQ(sshkey_load_cert(test_data_file("ed25519_sk1"), &k2), 0);
+	ASSERT_PTR_NE(k2, NULL);
+	ASSERT_INT_EQ(k2->type, KEY_ED25519_SK_CERT);
+	ASSERT_INT_EQ(sshkey_equal(k1, k2), 0);
+	ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
+	TEST_DONE();
+
+	TEST_START("Ed25519-SK key hex fingerprint");
+	buf = load_text_file("ed25519_sk1.fp");
+	cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA256, SSH_FP_BASE64);
+	ASSERT_PTR_NE(cp, NULL);
+	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+	sshbuf_free(buf);
+	free(cp);
+	TEST_DONE();
+
+	TEST_START("Ed25519-SK cert hex fingerprint");
+	buf = load_text_file("ed25519_sk1-cert.fp");
+	cp = sshkey_fingerprint(k2, SSH_DIGEST_SHA256, SSH_FP_BASE64);
+	ASSERT_PTR_NE(cp, NULL);
+	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+	sshbuf_free(buf);
+	free(cp);
+	sshkey_free(k2);
+	TEST_DONE();
+
+	TEST_START("Ed25519-SK key bubblebabble fingerprint");
+	buf = load_text_file("ed25519_sk1.fp.bb");
+	cp = sshkey_fingerprint(k1, SSH_DIGEST_SHA1, SSH_FP_BUBBLEBABBLE);
+	ASSERT_PTR_NE(cp, NULL);
+	ASSERT_STRING_EQ(cp, (const char *)sshbuf_ptr(buf));
+	sshbuf_free(buf);
+	free(cp);
+	TEST_DONE();
+
+	sshkey_free(k1);
+
 	sshbuf_free(pw);
 
 }

regress/unittests/sshkey/test_fuzz.c

diff --git a/regress/unittests/sshkey/test_fuzz.c b/regress/unittests/sshkey/test_fuzz.c
index 3598118..f111446 100644
--- a/regress/unittests/sshkey/test_fuzz.c
+++ b/regress/unittests/sshkey/test_fuzz.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_fuzz.c,v 1.11 2019/11/25 10:32:35 djm Exp $ */
+/* 	$OpenBSD: test_fuzz.c,v 1.12 2020/08/27 03:55:22 djm Exp $ */
 /*
  * Fuzz tests for key parsing
  *
@@ -88,7 +88,7 @@
 		fuzzers |= FUZZ_2_BIT_FLIP;
 
 	ASSERT_INT_EQ(sshkey_sign(k, &sig, &l, c, sizeof(c),
-	    sig_alg, NULL, 0), 0);
+	    sig_alg, NULL, NULL, 0), 0);
 	ASSERT_SIZE_T_GT(l, 0);
 	fuzz = fuzz_begin(fuzzers, sig, l);
 	ASSERT_INT_EQ(sshkey_verify(k, sig, l, c, sizeof(c), NULL, 0, NULL), 0);

regress/unittests/sshkey/test_sshkey.c

diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
index 025bb98..7dc20cc 100644
--- a/regress/unittests/sshkey/test_sshkey.c
+++ b/regress/unittests/sshkey/test_sshkey.c
@@ -1,4 +1,4 @@
-/* 	$OpenBSD: test_sshkey.c,v 1.20 2019/11/25 10:32:35 djm Exp $ */
+/* 	$OpenBSD: test_sshkey.c,v 1.21 2020/08/27 03:55:22 djm Exp $ */
 /*
  * Regress test for sshkey.h key management API
  *
@@ -101,7 +101,7 @@
 	ASSERT_INT_EQ(sshbuf_put_string(b, NULL, 0), 0); /* reserved */
 	ASSERT_INT_EQ(sshbuf_put_stringb(b, ca_buf), 0); /* signature key */
 	ASSERT_INT_EQ(sshkey_sign(sign_key, &sigblob, &siglen,
-	    sshbuf_ptr(b), sshbuf_len(b), sig_alg, NULL, 0), 0);
+	    sshbuf_ptr(b), sshbuf_len(b), sig_alg, NULL, NULL, 0), 0);
 	ASSERT_INT_EQ(sshbuf_put_string(b, sigblob, siglen), 0); /* signature */
 
 	free(sigblob);
@@ -120,7 +120,8 @@
 	size_t len;
 	u_char *sig;
 
-	ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg, NULL, 0), 0);
+	ASSERT_INT_EQ(sshkey_sign(k, &sig, &len, d, l, sig_alg,
+	    NULL, NULL, 0), 0);
 	ASSERT_SIZE_T_GT(len, 8);
 	ASSERT_PTR_NE(sig, NULL);
 	ASSERT_INT_EQ(sshkey_verify(k, sig, len, d, l, NULL, 0, NULL), 0);
@@ -437,7 +438,7 @@
 	put_opt(k1->cert->extensions, "permit-X11-forwarding", NULL);
 	put_opt(k1->cert->extensions, "permit-agent-forwarding", NULL);
 	ASSERT_INT_EQ(sshkey_from_private(k2, &k1->cert->signature_key), 0);
-	ASSERT_INT_EQ(sshkey_certify(k1, k2, NULL, NULL), 0);
+	ASSERT_INT_EQ(sshkey_certify(k1, k2, NULL, NULL, NULL), 0);
 	b = sshbuf_new();
 	ASSERT_PTR_NE(b, NULL);
 	ASSERT_INT_EQ(sshkey_putb(k1, b), 0);

regress/unittests/sshkey/testdata/ecdsa_sk1

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk1 b/regress/unittests/sshkey/testdata/ecdsa_sk1
new file mode 100644
index 0000000..b51fb73
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk1
@@ -0,0 +1,13 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAfwAAACJzay1lY2
+RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAACG5pc3RwMjU2AAAAQQRnVT5Cji1D
+Ge2+q2X0vATh6LYnODV+DJrshJorr5GnipW29RfuaDXs0WB6XBej9dOLazVRDjQrtV19Qg
+O6cfkFAAAABHNzaDoAAAGQuPdnP7j3Zz8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBv
+cGVuc3NoLmNvbQAAAAhuaXN0cDI1NgAAAEEEZ1U+Qo4tQxntvqtl9LwE4ei2Jzg1fgya7I
+SaK6+Rp4qVtvUX7mg17NFgelwXo/XTi2s1UQ40K7VdfUIDunH5BQAAAARzc2g6AQAAAOMt
+LS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUhjQ0FRRUVJRURmVFB4YzA0alN5Zk
+Z5NlhoV1pTVlpzcnU5ZFlaSVpTOWhjeVFhcDlVT29Bb0dDQ3FHU000OQpBd0VIb1VRRFFn
+QUVaMVUrUW80dFF4bnR2cXRsOUx3RTRlaTJKemcxZmd5YTdJU2FLNitScDRxVnR2VVg3bW
+cxCjdORmdlbHdYby9YVGkyczFVUTQwSzdWZGZVSUR1bkg1QlE9PQotLS0tLUVORCBFQyBQ
+UklWQVRFIEtFWS0tLS0tCgAAAAAAAAAURUNEU0EtU0sgdGVzdCBrZXkgIzEBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

regress/unittests/sshkey/testdata/ecdsa_sk1-cert.fp

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk1-cert.fp b/regress/unittests/sshkey/testdata/ecdsa_sk1-cert.fp
new file mode 100644
index 0000000..d192145
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk1-cert.fp
@@ -0,0 +1 @@
+SHA256:Go7HO0CVPYG+BSDSk9ZUJBKGSrtBExp6obTa9iqzIUo

regress/unittests/sshkey/testdata/ecdsa_sk1-cert.pub

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk1-cert.pub b/regress/unittests/sshkey/testdata/ecdsa_sk1-cert.pub
new file mode 100644
index 0000000..9586c61
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk1-cert.pub
@@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256-cert-v01@openssh.com AAAAK3NrLWVjZHNhLXNoYTItbmlzdHAyNTYtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgE012YoSBE9hEC2FRzblcSx784JNo2A4g611A7I75YMMAAAAIbmlzdHAyNTYAAABBBGdVPkKOLUMZ7b6rZfS8BOHotic4NX4MmuyEmiuvkaeKlbb1F+5oNezRYHpcF6P104trNVEONCu1XX1CA7px+QUAAAAEc3NoOgAAAAAAAAAHAAAAAgAAAAZqdWxpdXMAAAASAAAABWhvc3QxAAAABWhvc3QyAAAAADaLg2AAAAAATR3h4AAAAAAAAAAAAAAAAAAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAEEEAlTtPiWUHubBeCys4Xp0QF91dYARpkyqtCnzg10HRS+ZDgkMrSUvPPG+Ge8iqtnB951MBxDq9FqDFIkhQBYXDAAAAGQAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAEkAAAAhALY+eXRJjVGnMk38Sm5S+H5CloNq757ypsoxt+WYoadtAAAAIA42/mAhUfLij1GY7wl+OFrI+icB/t4tGiEUZmhx6Foo ECDSA-SK test key #1

regress/unittests/sshkey/testdata/ecdsa_sk1.fp

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk1.fp b/regress/unittests/sshkey/testdata/ecdsa_sk1.fp
new file mode 100644
index 0000000..d192145
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk1.fp
@@ -0,0 +1 @@
+SHA256:Go7HO0CVPYG+BSDSk9ZUJBKGSrtBExp6obTa9iqzIUo

regress/unittests/sshkey/testdata/ecdsa_sk1.fp.bb

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk1.fp.bb b/regress/unittests/sshkey/testdata/ecdsa_sk1.fp.bb
new file mode 100644
index 0000000..cb9f4dd
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk1.fp.bb
@@ -0,0 +1 @@
+xovem-sacac-dageg-vovoc-symyz-bozal-cibiv-cyvat-vylyn-romib-hoxax

regress/unittests/sshkey/testdata/ecdsa_sk1.pub

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk1.pub b/regress/unittests/sshkey/testdata/ecdsa_sk1.pub
new file mode 100644
index 0000000..c3b21e0
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk1.pub
@@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGdVPkKOLUMZ7b6rZfS8BOHotic4NX4MmuyEmiuvkaeKlbb1F+5oNezRYHpcF6P104trNVEONCu1XX1CA7px+QUAAAAEc3NoOg== ECDSA-SK test key #1

regress/unittests/sshkey/testdata/ecdsa_sk1_pw

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk1_pw b/regress/unittests/sshkey/testdata/ecdsa_sk1_pw
new file mode 100644
index 0000000..4fa23a7
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk1_pw
@@ -0,0 +1,14 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABB6vcJVx2
+cPc7yYRROup8VnAAAAEAAAAAEAAAB/AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3Bl
+bnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGdVPkKOLUMZ7b6rZfS8BOHotic4NX4MmuyEmi
+uvkaeKlbb1F+5oNezRYHpcF6P104trNVEONCu1XX1CA7px+QUAAAAEc3NoOgAAAZBrvCxe
+xFz0bvzXwaPhrUHBeNCoZy/wNKDx0kxlxUPuA+lgOvy5l3lT3yxxd0qj5PQB+NTcuz8AAE
+1f7aSWQNZSifox3COsBGoHV9C8i+glcxiBKheAZD+EBnRGjG8kbcaLhuYDW/I39qNe8lHW
+YSDjmvsT55Hy0IAtVRAXizDoXKNdFPTZisC67WyOSJ3ED7Fy4bfT4ApbvhoFTwjikZBEhy
+LOad1sbJa4eT19TsskYfQdnJf8sjAmCMOZY4ZV0FiNW5XZOp8nIal1oyULPfzTAm6oaeFN
+0ImCSU3U8h4wUQ8q/3XvBWtTKycZaoou0AwPoP0QN95Ywte7FHezNPb/n8KD7k0S6h9XAX
+UcBeCe5NHyov/0ZzA2p737hzm3w+MXGOboTQMu8WFXeGh4m7QH2o8ZJdgBhM5JF17uii+Q
+ppGoPWHf33MXwB3wxWmKZ0ua0f9AVLkQ2DfFszUoBJE/kcHRd4kj4Q4FWXeMBN0GoH8gdE
+gRWIlxn2/FAOce/BFPzzdP87H0jwz7SdcuVO1L
+-----END OPENSSH PRIVATE KEY-----

regress/unittests/sshkey/testdata/ecdsa_sk2

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk2 b/regress/unittests/sshkey/testdata/ecdsa_sk2
new file mode 100644
index 0000000..19db5a3
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk2
@@ -0,0 +1,13 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAfwAAACJzay1lY2
+RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAACG5pc3RwMjU2AAAAQQSTl+SR6rTg
+lOZmcQkCtJ3Pd+lWinezo/gHk4oZdZcTQsmEYs766BlWGuB2Bz3qQRLa6cXsP+4K9kAjAJ
+7zdoFUAAAABHNzaDoAAAGQ1qllJtapZSYAAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBv
+cGVuc3NoLmNvbQAAAAhuaXN0cDI1NgAAAEEEk5fkkeq04JTmZnEJArSdz3fpVop3s6P4B5
+OKGXWXE0LJhGLO+ugZVhrgdgc96kES2unF7D/uCvZAIwCe83aBVAAAAARzc2g6AQAAAOMt
+LS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUhjQ0FRRUVJSkxwVkxnSTVvdkRlOW
+VMWmZodCs5WWlMaitnam0rTXhHTXg5NndiRWw0Wm9Bb0dDQ3FHU000OQpBd0VIb1VRRFFn
+QUVrNWZra2VxMDRKVG1abkVKQXJTZHozZnBWb3AzczZQNEI1T0tHWFdYRTBMSmhHTE8rdW
+daClZocmdkZ2M5NmtFUzJ1bkY3RC91Q3ZaQUl3Q2U4M2FCVkE9PQotLS0tLUVORCBFQyBQ
+UklWQVRFIEtFWS0tLS0tCgAAAAAAAAAURUNEU0EtU0sgdGVzdCBrZXkgIzIBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

regress/unittests/sshkey/testdata/ecdsa_sk2.fp

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk2.fp b/regress/unittests/sshkey/testdata/ecdsa_sk2.fp
new file mode 100644
index 0000000..1bc99ea
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk2.fp
@@ -0,0 +1 @@
+SHA256:pz8VkgtRY3r50F4zSuzRlmq9c6vPTpJXLKKOgkyUcKE

regress/unittests/sshkey/testdata/ecdsa_sk2.fp.bb

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk2.fp.bb b/regress/unittests/sshkey/testdata/ecdsa_sk2.fp.bb
new file mode 100644
index 0000000..bfee765
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk2.fp.bb
@@ -0,0 +1 @@
+xobel-gavur-gorym-pedop-rarob-bunek-gucer-lofeg-syhaf-fylur-zoxix

regress/unittests/sshkey/testdata/ecdsa_sk2.pub

diff --git a/regress/unittests/sshkey/testdata/ecdsa_sk2.pub b/regress/unittests/sshkey/testdata/ecdsa_sk2.pub
new file mode 100644
index 0000000..2629d95
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ecdsa_sk2.pub
@@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJOX5JHqtOCU5mZxCQK0nc936VaKd7Oj+AeTihl1lxNCyYRizvroGVYa4HYHPepBEtrpxew/7gr2QCMAnvN2gVQAAAAEc3NoOg== ECDSA-SK test key #2

regress/unittests/sshkey/testdata/ed25519_sk1

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk1 b/regress/unittests/sshkey/testdata/ed25519_sk1
new file mode 100644
index 0000000..4196d9c
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk1
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAABpzay1zc2
+gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACAhaP5OS1PPOt7uumAvXlDtte9EHbqIT1EZEJ2y
+2v3XMwAAAARzc2g6AAAAuBocY6UaHGOlAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY2
+9tAAAAICFo/k5LU8863u66YC9eUO2170QduohPURkQnbLa/dczAAAABHNzaDoBAAAAQJYq
+lGHhFoA25/q8X/rdTqDAb7dhqs4ehhd/w8x99CwiIWj+TktTzzre7rpgL15Q7bXvRB26iE
+9RGRCdstr91zMAAAAAAAAAFkVEMjU1MTktU0sgdGVzdCBrZXkgIzEBAgM=
+-----END OPENSSH PRIVATE KEY-----

regress/unittests/sshkey/testdata/ed25519_sk1-cert.fp

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk1-cert.fp b/regress/unittests/sshkey/testdata/ed25519_sk1-cert.fp
new file mode 100644
index 0000000..a6bb1a9
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk1-cert.fp
@@ -0,0 +1 @@
+SHA256:6WZVJ44bqhAWLVP4Ns0TDkoSQSsZo/h2K+mEvOaNFbw

regress/unittests/sshkey/testdata/ed25519_sk1-cert.pub

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk1-cert.pub b/regress/unittests/sshkey/testdata/ed25519_sk1-cert.pub
new file mode 100644
index 0000000..3c72c26
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk1-cert.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519-cert-v01@openssh.com AAAAI3NrLXNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJr7CuMntQKvHoUshx374fJLFEkyxKsEOBA1H6hk5scoAAAAICFo/k5LU8863u66YC9eUO2170QduohPURkQnbLa/dczAAAABHNzaDoAAAAAAAAACAAAAAIAAAAGanVsaXVzAAAAEgAAAAVob3N0MQAAAAVob3N0MgAAAAA2i4NgAAAAAE0d4eAAAAAAAAAAAAAAAAAAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIOo/0xneV3iM2qWEo5RUwvUYa2bjff292T5vvuXRomGQAAAAUwAAAAtzc2gtZWQyNTUxOQAAAECgsRGLDh1SI3m66MRp9D2iLP4wabQ0OrDgGidk7LsVn2XZHV5jBZN1RtNfe6PBMeVzfRtGUzOg18sO7H7uU+EC ED25519-SK test key #1

regress/unittests/sshkey/testdata/ed25519_sk1.fp

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk1.fp b/regress/unittests/sshkey/testdata/ed25519_sk1.fp
new file mode 100644
index 0000000..a6bb1a9
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk1.fp
@@ -0,0 +1 @@
+SHA256:6WZVJ44bqhAWLVP4Ns0TDkoSQSsZo/h2K+mEvOaNFbw

regress/unittests/sshkey/testdata/ed25519_sk1.fp.bb

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk1.fp.bb b/regress/unittests/sshkey/testdata/ed25519_sk1.fp.bb
new file mode 100644
index 0000000..1bfe20a
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk1.fp.bb
@@ -0,0 +1 @@
+xucac-vusip-tydoz-dudad-nerif-raran-tezun-cogyd-pamoh-bahef-ruxix

regress/unittests/sshkey/testdata/ed25519_sk1.pub

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk1.pub b/regress/unittests/sshkey/testdata/ed25519_sk1.pub
new file mode 100644
index 0000000..60fe00c
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk1.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAICFo/k5LU8863u66YC9eUO2170QduohPURkQnbLa/dczAAAABHNzaDo= ED25519-SK test key #1

regress/unittests/sshkey/testdata/ed25519_sk1_pw

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk1_pw b/regress/unittests/sshkey/testdata/ed25519_sk1_pw
new file mode 100644
index 0000000..1c29ff0
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk1_pw
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABDr5R9Yf/
+ucEh0Ns6c34tcIAAAAEAAAAAEAAABKAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29t
+AAAAICFo/k5LU8863u66YC9eUO2170QduohPURkQnbLa/dczAAAABHNzaDoAAADA2T6owx
+OSgKz4DvLnS3UJ/renbuew5mbkIWB1/y8xd3y5Usm08iUCAlKxep9dVRQvmyoTrc/7rHOM
+DkokNw+WgKambnlYT/9QfqViZ9iCBtbdmhLM6ksUCgQefvquRyXoJxlWstjXUll6Ru+ZbT
+H//Ss8C1bYtAiXR68OQ+rhDrvQxA9P8J1sGIlkuV3h8YXddSpyBW2Sn0LTHHBXYZo86cXZ
+G4Lnc8aGYm65eqdHgkfRmht3eS8DTdzEBfBNH5Ml
+-----END OPENSSH PRIVATE KEY-----

regress/unittests/sshkey/testdata/ed25519_sk2

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk2 b/regress/unittests/sshkey/testdata/ed25519_sk2
new file mode 100644
index 0000000..b9b7489
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk2
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAABpzay1zc2
+gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACAV8fu1Sc31QLK2R/zGPdN3ve5xuFvDc7mEAWxb
+aI+YcwAAAARzc2g6AAAAuJCMX5uQjF+bAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY2
+9tAAAAIBXx+7VJzfVAsrZH/MY903e97nG4W8NzuYQBbFtoj5hzAAAABHNzaDoBAAAAQObE
+PajcKI1W30EKOhBb6u+Fgx464kf7EjnqDSg4l7gAFfH7tUnN9UCytkf8xj3Td73ucbhbw3
+O5hAFsW2iPmHMAAAAAAAAAFkVEMjU1MTktU0sgdGVzdCBrZXkgIzIBAgM=
+-----END OPENSSH PRIVATE KEY-----

regress/unittests/sshkey/testdata/ed25519_sk2.fp

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk2.fp b/regress/unittests/sshkey/testdata/ed25519_sk2.fp
new file mode 100644
index 0000000..1c4369a
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk2.fp
@@ -0,0 +1 @@
+SHA256:b9BVPS5vuU4yu/FgweojLLg6zbfmBBoWLUgibdxxsoo

regress/unittests/sshkey/testdata/ed25519_sk2.fp.bb

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk2.fp.bb b/regress/unittests/sshkey/testdata/ed25519_sk2.fp.bb
new file mode 100644
index 0000000..f5fd9ef
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk2.fp.bb
@@ -0,0 +1 @@
+xemac-tizim-dihep-supar-zupib-cukak-pasis-febeg-dyguv-hutec-dyxox

regress/unittests/sshkey/testdata/ed25519_sk2.pub

diff --git a/regress/unittests/sshkey/testdata/ed25519_sk2.pub b/regress/unittests/sshkey/testdata/ed25519_sk2.pub
new file mode 100644
index 0000000..c7ed9f5
--- /dev/null
+++ b/regress/unittests/sshkey/testdata/ed25519_sk2.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBXx+7VJzfVAsrZH/MY903e97nG4W8NzuYQBbFtoj5hzAAAABHNzaDo= ED25519-SK test key #2

regress/unittests/sshsig/Makefile

diff --git a/regress/unittests/sshsig/Makefile b/regress/unittests/sshsig/Makefile
new file mode 100644
index 0000000..65564d1
--- /dev/null
+++ b/regress/unittests/sshsig/Makefile
@@ -0,0 +1,25 @@
+#	$OpenBSD: Makefile,v 1.2 2021/01/09 12:24:31 dtucker Exp $
+
+PROG=test_sshsig
+SRCS=tests.c
+
+# From usr.bin/ssh
+SRCS+=sshbuf-getput-basic.c sshbuf-getput-crypto.c sshbuf-misc.c sshbuf.c
+SRCS+=sshbuf-io.c atomicio.c sshkey.c authfile.c cipher.c log.c ssh-rsa.c
+SRCS+=ssh-dss.c ssh-ecdsa.c ssh-ed25519.c mac.c umac.c umac128.c hmac.c misc.c
+SRCS+=ssherr.c uidswap.c cleanup.c xmalloc.c match.c krl.c fatal.c
+SRCS+=addr.c addrmatch.c bitmap.c sshsig.c
+SRCS+=ed25519.c hash.c ge25519.c fe25519.c sc25519.c verify.c
+SRCS+=cipher-chachapoly.c chacha.c poly1305.c ssh-ecdsa-sk.c ssh-sk.c
+SRCS+=ssh-ed25519-sk.c sk-usbhid.c
+
+SRCS+=digest-openssl.c
+#SRCS+=digest-libc.c
+SRCS+=utf8.c
+
+REGRESS_TARGETS=run-regress-${PROG}
+
+run-regress-${PROG}: ${PROG}
+	env ${TEST_ENV} ./${PROG} ${UNITTEST_ARGS} -d ${.CURDIR}/testdata
+
+.include <bsd.regress.mk>

regress/unittests/sshsig/mktestdata.sh

diff --git a/regress/unittests/sshsig/mktestdata.sh b/regress/unittests/sshsig/mktestdata.sh
new file mode 100755
index 0000000..d2300f9
--- /dev/null
+++ b/regress/unittests/sshsig/mktestdata.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+# $OpenBSD: mktestdata.sh,v 1.1 2020/06/19 04:32:09 djm Exp $
+
+NAMESPACE=unittest
+
+set -ex
+
+cd testdata
+
+if [ -f ../../../misc/sk-dummy/sk-dummy.so ] ; then
+	SK_DUMMY=../../../misc/sk-dummy/sk-dummy.so
+elif [ -f ../../../misc/sk-dummy/obj/sk-dummy.so ] ; then
+	SK_DUMMY=../../../misc/sk-dummy/obj/sk-dummy.so
+else
+	echo "Can't find sk-dummy.so" 1>&2
+	exit 1
+fi
+
+rm -f signed-data namespace
+rm -f rsa dsa ecdsa ed25519 ecdsa_sk ed25519_sk
+rm -f rsa.sig dsa.sig ecdsa.sig ed25519.sig ecdsa_sk.sig ed25519_sk.sig
+
+printf "This is a test, this is only a test" > signed-data
+printf "$NAMESPACE" > namespace
+
+ssh-keygen -t rsa -C "RSA test" -N "" -f rsa -m PEM
+ssh-keygen -t dsa -C "DSA test" -N "" -f dsa -m PEM
+ssh-keygen -t ecdsa -C "ECDSA test" -N "" -f ecdsa -m PEM
+ssh-keygen -t ed25519 -C "ED25519 test key" -N "" -f ed25519
+ssh-keygen -w "$SK_DUMMY" -t ecdsa-sk -C "ECDSA-SK test key" \
+    -N "" -f ecdsa_sk
+ssh-keygen -w "$SK_DUMMY" -t ed25519-sk -C "ED25519-SK test key" \
+    -N "" -f ed25519_sk
+
+ssh-keygen -Y sign -f rsa -n $NAMESPACE - < signed-data > rsa.sig
+ssh-keygen -Y sign -f dsa -n $NAMESPACE - < signed-data > dsa.sig
+ssh-keygen -Y sign -f ecdsa -n $NAMESPACE - < signed-data > ecdsa.sig
+ssh-keygen -Y sign -f ed25519 -n $NAMESPACE - < signed-data > ed25519.sig
+ssh-keygen -w "$SK_DUMMY" \
+	-Y sign -f ecdsa_sk -n $NAMESPACE - < signed-data > ecdsa_sk.sig
+ssh-keygen -w "$SK_DUMMY" \
+	-Y sign -f ed25519_sk -n $NAMESPACE - < signed-data > ed25519_sk.sig

regress/unittests/sshsig/testdata/dsa

diff --git a/regress/unittests/sshsig/testdata/dsa b/regress/unittests/sshsig/testdata/dsa
new file mode 100644
index 0000000..7c0063e
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/dsa
@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCXpndQdz2mQVnk+lYOF3nxDT+h6SiJmUvBFhnFWBv8tG4pTOkb
+EwGufLEzGpzjTj+3bjVau7LFt37AFrqs4Num272BWNsYNIjOlGPgq7Xjv32FN00x
+JYh1DoRs1cGGnvohlsWEamGGhTHD1a9ipctPEBV+NrxtZMrl+pO/ZZg8vQIVAKJB
+P3iNYSpSuW74+q4WxLCuK8O3AoGAQldE+BIuxlvoG1IFiWesx0CU+H2KO0SEZc9A
+SX/qjOabh0Fb78ofTlEf9gWHFfat8SvSJQIOPMVlb76Lio8AAMT8Eaa/qQKKYmQL
+dNq4MLhhjxx5KLGt6J2JyFPExCv+qnHYHD59ngtLwKyqGjpSC8LPLktdXn8W/Aad
+Ly1K7+MCgYBsMHBczhSeUh8w7i20CVg4OlNTmfJRVU2tO6OpMxZ/quitRm3hLKSN
+u4xRkvHJwi4LhQtv1SXvLI5gs5P3gCG8tsIAiyCqLinHha63iBdJpqhnV/x/j7dB
+yJr3xJbnmLdWLkkCtNk1Ir1/CuEz+ufAyLGdKWksEAu1UUlb501BkwIVAILIa3Rg
+0h7J9lQpHJphvF3K0M1T
+-----END DSA PRIVATE KEY-----

regress/unittests/sshsig/testdata/dsa.pub

diff --git a/regress/unittests/sshsig/testdata/dsa.pub b/regress/unittests/sshsig/testdata/dsa.pub
new file mode 100644
index 0000000..e77aa7e
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/dsa.pub
@@ -0,0 +1 @@
+ssh-dss AAAAB3NzaC1kc3MAAACBAJemd1B3PaZBWeT6Vg4XefENP6HpKImZS8EWGcVYG/y0bilM6RsTAa58sTManONOP7duNVq7ssW3fsAWuqzg26bbvYFY2xg0iM6UY+CrteO/fYU3TTEliHUOhGzVwYae+iGWxYRqYYaFMcPVr2Kly08QFX42vG1kyuX6k79lmDy9AAAAFQCiQT94jWEqUrlu+PquFsSwrivDtwAAAIBCV0T4Ei7GW+gbUgWJZ6zHQJT4fYo7RIRlz0BJf+qM5puHQVvvyh9OUR/2BYcV9q3xK9IlAg48xWVvvouKjwAAxPwRpr+pAopiZAt02rgwuGGPHHkosa3onYnIU8TEK/6qcdgcPn2eC0vArKoaOlILws8uS11efxb8Bp0vLUrv4wAAAIBsMHBczhSeUh8w7i20CVg4OlNTmfJRVU2tO6OpMxZ/quitRm3hLKSNu4xRkvHJwi4LhQtv1SXvLI5gs5P3gCG8tsIAiyCqLinHha63iBdJpqhnV/x/j7dByJr3xJbnmLdWLkkCtNk1Ir1/CuEz+ufAyLGdKWksEAu1UUlb501Bkw== DSA test

regress/unittests/sshsig/testdata/dsa.sig

diff --git a/regress/unittests/sshsig/testdata/dsa.sig b/regress/unittests/sshsig/testdata/dsa.sig
new file mode 100644
index 0000000..0b14ad6
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/dsa.sig
@@ -0,0 +1,13 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAbEAAAAHc3NoLWRzcwAAAIEAl6Z3UHc9pkFZ5PpWDhd58Q0/oekoiZ
+lLwRYZxVgb/LRuKUzpGxMBrnyxMxqc404/t241Wruyxbd+wBa6rODbptu9gVjbGDSIzpRj
+4Ku14799hTdNMSWIdQ6EbNXBhp76IZbFhGphhoUxw9WvYqXLTxAVfja8bWTK5fqTv2WYPL
+0AAAAVAKJBP3iNYSpSuW74+q4WxLCuK8O3AAAAgEJXRPgSLsZb6BtSBYlnrMdAlPh9ijtE
+hGXPQEl/6ozmm4dBW+/KH05RH/YFhxX2rfEr0iUCDjzFZW++i4qPAADE/BGmv6kCimJkC3
+TauDC4YY8ceSixreidichTxMQr/qpx2Bw+fZ4LS8Csqho6UgvCzy5LXV5/FvwGnS8tSu/j
+AAAAgGwwcFzOFJ5SHzDuLbQJWDg6U1OZ8lFVTa07o6kzFn+q6K1GbeEspI27jFGS8cnCLg
+uFC2/VJe8sjmCzk/eAIby2wgCLIKouKceFrreIF0mmqGdX/H+Pt0HImvfElueYt1YuSQK0
+2TUivX8K4TP658DIsZ0paSwQC7VRSVvnTUGTAAAACHVuaXR0ZXN0AAAAAAAAAAZzaGE1MT
+IAAAA3AAAAB3NzaC1kc3MAAAAodi5lr0pqBpO76OY4N1CtfR85BCgZ95qfVjP/e9lToj0q
+lwjSJJXUjw==
+-----END SSH SIGNATURE-----

regress/unittests/sshsig/testdata/ecdsa

diff --git a/regress/unittests/sshsig/testdata/ecdsa b/regress/unittests/sshsig/testdata/ecdsa
new file mode 100644
index 0000000..55fb440
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ecdsa
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFg0ZCSEB5LNeLsXYL25g3kqEWsqh52DR+yNOjyQJqyZoAoGCCqGSM49
+AwEHoUQDQgAE3sud88FV0N8FPspZSV7LWqj6uPPLRZiSsenNuEYAteWPyDgrZsWb
+LzXBuUJucepaCNuW/QWgHBRbrjWj3ERm3A==
+-----END EC PRIVATE KEY-----

regress/unittests/sshsig/testdata/ecdsa.pub

diff --git a/regress/unittests/sshsig/testdata/ecdsa.pub b/regress/unittests/sshsig/testdata/ecdsa.pub
new file mode 100644
index 0000000..14ec6cf
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ecdsa.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN7LnfPBVdDfBT7KWUley1qo+rjzy0WYkrHpzbhGALXlj8g4K2bFmy81wblCbnHqWgjblv0FoBwUW641o9xEZtw= ECDSA test

regress/unittests/sshsig/testdata/ecdsa.sig

diff --git a/regress/unittests/sshsig/testdata/ecdsa.sig b/regress/unittests/sshsig/testdata/ecdsa.sig
new file mode 100644
index 0000000..7978157
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ecdsa.sig
@@ -0,0 +1,7 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAE
+EE3sud88FV0N8FPspZSV7LWqj6uPPLRZiSsenNuEYAteWPyDgrZsWbLzXBuUJucepaCNuW
+/QWgHBRbrjWj3ERm3AAAAAh1bml0dGVzdAAAAAAAAAAGc2hhNTEyAAAAZQAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAASgAAACEAycVNsTlE+XEZYyYiDxWZlliruf/pPMhEEMR/XLdQ
+a4MAAAAhALQt+5gES7L3uKGptHB6UZQMuZ2WyI0C6FJs4v6AtMIU
+-----END SSH SIGNATURE-----

regress/unittests/sshsig/testdata/ecdsa_sk

diff --git a/regress/unittests/sshsig/testdata/ecdsa_sk b/regress/unittests/sshsig/testdata/ecdsa_sk
new file mode 100644
index 0000000..62ae44c
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ecdsa_sk
@@ -0,0 +1,13 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAfwAAACJzay1lY2
+RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAACG5pc3RwMjU2AAAAQQSg1WuY0XE+
+VexOsrJsFYuxyVoe6eQ/oXmyz2pEHKZw9moyWehv+Fs7oZWFp3JVmOtybKQ6dvfUZYauQE
+/Ov4PAAAAABHNzaDoAAAGI6iV41+oleNcAAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBv
+cGVuc3NoLmNvbQAAAAhuaXN0cDI1NgAAAEEEoNVrmNFxPlXsTrKybBWLsclaHunkP6F5ss
+9qRBymcPZqMlnob/hbO6GVhadyVZjrcmykOnb31GWGrkBPzr+DwAAAAARzc2g6AQAAAOMt
+LS0tLUJFR0lOIEVDIFBSSVZBVEUgS0VZLS0tLS0KTUhjQ0FRRUVJQm9oeW54M2tpTFVEeS
+t5UjU3WXBXSU5KektnU1p6WnV2VTljYXFla3JGcW9Bb0dDQ3FHU000OQpBd0VIb1VRRFFn
+QUVvTlZybU5GeFBsWHNUckt5YkJXTHNjbGFIdW5rUDZGNXNzOXFSQnltY1BacU1sbm9iL2
+hiCk82R1ZoYWR5VlpqcmNteWtPbmIzMUdXR3JrQlB6citEd0E9PQotLS0tLUVORCBFQyBQ
+UklWQVRFIEtFWS0tLS0tCgAAAAAAAAARRUNEU0EtU0sgdGVzdCBrZXk=
+-----END OPENSSH PRIVATE KEY-----

regress/unittests/sshsig/testdata/ecdsa_sk.pub

diff --git a/regress/unittests/sshsig/testdata/ecdsa_sk.pub b/regress/unittests/sshsig/testdata/ecdsa_sk.pub
new file mode 100644
index 0000000..385ebf1
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ecdsa_sk.pub
@@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBKDVa5jRcT5V7E6ysmwVi7HJWh7p5D+hebLPakQcpnD2ajJZ6G/4WzuhlYWnclWY63JspDp299Rlhq5AT86/g8AAAAAEc3NoOg== ECDSA-SK test key

regress/unittests/sshsig/testdata/ecdsa_sk.sig

diff --git a/regress/unittests/sshsig/testdata/ecdsa_sk.sig b/regress/unittests/sshsig/testdata/ecdsa_sk.sig
new file mode 100644
index 0000000..86de360
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ecdsa_sk.sig
@@ -0,0 +1,8 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
+AAAAhuaXN0cDI1NgAAAEEEoNVrmNFxPlXsTrKybBWLsclaHunkP6F5ss9qRBymcPZqMlno
+b/hbO6GVhadyVZjrcmykOnb31GWGrkBPzr+DwAAAAARzc2g6AAAACHVuaXR0ZXN0AAAAAA
+AAAAZzaGE1MTIAAAB3AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20A
+AABIAAAAIHohGwyy8iKT3zwd1TYA9V/Ioo7h/3zCJUtyq/Qigt/HAAAAIGzidTwq7D/kFa
+7Xjcp/KkdbIs4MfQpfAW/0OciajlpzARI0Vng=
+-----END SSH SIGNATURE-----

regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.pub

diff --git a/regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.pub b/regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.pub
new file mode 100644
index 0000000..1597302
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.pub
@@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBBRGwDjs4HhJFcn4tJ5Gr72KcmRmCS1OirETxaXvnsNApgoOLF1a/7rxldfSMHm73eT1nhHe97W8qicPPEAKDJQAAAALbWluZHJvdC5vcmc=

regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.sig

diff --git a/regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.sig b/regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.sig
new file mode 100644
index 0000000..4bdd8ed
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ecdsa_sk_webauthn.sig
@@ -0,0 +1,13 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAIYAAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
+AAAAhuaXN0cDI1NgAAAEEEFEbAOOzgeEkVyfi0nkavvYpyZGYJLU6KsRPFpe+ew0CmCg4s
+XVr/uvGV19Iwebvd5PWeEd73tbyqJw88QAoMlAAAAAttaW5kcm90Lm9yZwAAAAh1bml0dG
+VzdAAAAAAAAAAGc2hhNTEyAAABhwAAACt3ZWJhdXRobi1zay1lY2RzYS1zaGEyLW5pc3Rw
+MjU2QG9wZW5zc2guY29tAAAASQAAACBj2oMT9tb5wRXe6mdmf4/lgAO8wrgr95ouozwNg4
+itnQAAACEAtU9g5wz3HchUiLfLD6plr9T4TiJ32lVCrATSjpiy0SMBAAADHwAAABdodHRw
+czovL3d3dy5taW5kcm90Lm9yZwAAAON7InR5cGUiOiJ3ZWJhdXRobi5nZXQiLCJjaGFsbG
+VuZ2UiOiJVMU5JVTBsSEFBQUFDSFZ1YVhSMFpYTjBBQUFBQUFBQUFBWnphR0UxTVRJQUFB
+QkFMTHU4WmdjU3h0Nk1zRlV6dWlaZ0c2R3dNZEo5ZDd4ZUU3WW9SSXcwZzlpSEpfd3NGRD
+cxbzRXbHllenZGV0VqYnFRMHFDN0Z3R3Bqa2pVUVAtTmQ2dyIsIm9yaWdpbiI6Imh0dHBz
+Oi8vd3d3Lm1pbmRyb3Qub3JnIiwiY3Jvc3NPcmlnaW4iOmZhbHNlfQAAAAA=
+-----END SSH SIGNATURE-----

regress/unittests/sshsig/testdata/ed25519

diff --git a/regress/unittests/sshsig/testdata/ed25519 b/regress/unittests/sshsig/testdata/ed25519
new file mode 100644
index 0000000..b44a63d
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCJYs0iDdw0Fe/FTzY1b78I4H/j+R6mz2AmLtwTjHYwBAAAAJjpGas/6Rmr
+PwAAAAtzc2gtZWQyNTUxOQAAACCJYs0iDdw0Fe/FTzY1b78I4H/j+R6mz2AmLtwTjHYwBA
+AAAEDpSKRA1QKW6kYiQftGRWh+H0fNekzYLG6c3bzseoCpEolizSIN3DQV78VPNjVvvwjg
+f+P5HqbPYCYu3BOMdjAEAAAAEEVEMjU1MTkgdGVzdCBrZXkBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----

regress/unittests/sshsig/testdata/ed25519.pub

diff --git a/regress/unittests/sshsig/testdata/ed25519.pub b/regress/unittests/sshsig/testdata/ed25519.pub
new file mode 100644
index 0000000..b078e45
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIlizSIN3DQV78VPNjVvvwjgf+P5HqbPYCYu3BOMdjAE ED25519 test key

regress/unittests/sshsig/testdata/ed25519.sig

diff --git a/regress/unittests/sshsig/testdata/ed25519.sig b/regress/unittests/sshsig/testdata/ed25519.sig
new file mode 100644
index 0000000..8e8ff2a
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ed25519.sig
@@ -0,0 +1,6 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgiWLNIg3cNBXvxU82NW+/COB/4/
+keps9gJi7cE4x2MAQAAAAIdW5pdHRlc3QAAAAAAAAABnNoYTUxMgAAAFMAAAALc3NoLWVk
+MjU1MTkAAABAihQsbUzuNEFflk5Tw1+H9aLS7tZQk0RG8KW1DtOmDYYnWe3D3UKiG3fcJa
+DNg4vBWp1j1gLRiBMOF+gwYNegDg==
+-----END SSH SIGNATURE-----

regress/unittests/sshsig/testdata/ed25519_sk

diff --git a/regress/unittests/sshsig/testdata/ed25519_sk b/regress/unittests/sshsig/testdata/ed25519_sk
new file mode 100644
index 0000000..3a434ec
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ed25519_sk
@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAABpzay1zc2
+gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACCbGg2F0GK7nOm4pQmAyCuGEjnhvs5q0TtjPbdN
+//+yxwAAAARzc2g6AAAAuBw56jAcOeowAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY2
+9tAAAAIJsaDYXQYruc6bilCYDIK4YSOeG+zmrRO2M9t03//7LHAAAABHNzaDoBAAAAQFXc
+6dCwWewIk1EBofAouGZApW8+s0XekXenxtb78+x0mxoNhdBiu5zpuKUJgMgrhhI54b7Oat
+E7Yz23Tf//sscAAAAAAAAAE0VEMjU1MTktU0sgdGVzdCBrZXkBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

regress/unittests/sshsig/testdata/ed25519_sk.pub

diff --git a/regress/unittests/sshsig/testdata/ed25519_sk.pub b/regress/unittests/sshsig/testdata/ed25519_sk.pub
new file mode 100644
index 0000000..71051ec
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ed25519_sk.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJsaDYXQYruc6bilCYDIK4YSOeG+zmrRO2M9t03//7LHAAAABHNzaDo= ED25519-SK test key

regress/unittests/sshsig/testdata/ed25519_sk.sig

diff --git a/regress/unittests/sshsig/testdata/ed25519_sk.sig b/regress/unittests/sshsig/testdata/ed25519_sk.sig
new file mode 100644
index 0000000..49b6818
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/ed25519_sk.sig
@@ -0,0 +1,7 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAEoAAAAac2stc3NoLWVkMjU1MTlAb3BlbnNzaC5jb20AAAAgmxoNhd
+Biu5zpuKUJgMgrhhI54b7OatE7Yz23Tf//sscAAAAEc3NoOgAAAAh1bml0dGVzdAAAAAAA
+AAAGc2hhNTEyAAAAZwAAABpzay1zc2gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAAEAi+7eTjW
+/+LQ2M+sCD+KFtH1n7VFFJon/SZFsxODyV8cWTlFKj617Ys1Ur5TV6uaEXQhck8rBA2oQI
+HTPANLIPARI0Vng=
+-----END SSH SIGNATURE-----

regress/unittests/sshsig/testdata/namespace

diff --git a/regress/unittests/sshsig/testdata/namespace b/regress/unittests/sshsig/testdata/namespace
new file mode 100644
index 0000000..1570cd5
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/namespace
@@ -0,0 +1 @@
+unittest
\ No newline at end of file

regress/unittests/sshsig/testdata/rsa

diff --git a/regress/unittests/sshsig/testdata/rsa b/regress/unittests/sshsig/testdata/rsa
new file mode 100644
index 0000000..228fad7
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/rsa
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEA386lmjRHtJpyj87BrS+ssMmtvc/1SPN0gXTPs9jZ1hYAq98P
+ca3/RYVM4HaSu6COztQJ2ZnZD3Te/XeBnIU2mfuvQEl+DiwisGeNglVyRCi7787f
+PFFfcxzZfDa7EB2qY8S3oaSGZK8QqzuGwmGAImjlQXz6J+HCd/eD/58GoCSSirIE
+CFWCAt+uNrOC/EmgAzsbfcfaIbbVzA40tlgU3hO2J42kddz8CisDTtDKQABFcOaQ
+ZycSfn7HDP+WgXLXXBUI9wVM1Tif1f+9MX08xIsvCvGzo7yLgbbTFLSGr5SkA+tO
+rYuoA7V8fge0id/3pnVtG1Ui3I7vejeAwf0HZqtFeBEnOwkIJFmZeMtFeOVf+4ki
+4h1rDqAvSscNvMtLp6OXpbAATATAuEWEkIQBl1rngnEe0iC9iU9itKMW6qJ4FtIb
+4ACH1EoU1x8vqrFecg2hvqfk5CZBJIbV28JFuGjac3OxBZ17Fqb8ljomUir1GrET
+2z66NMgb5TjDD7BVAgMBAAECggGACfjDGCPMLhfTkuS7bGP7ZcUWoKZrX1y5jCsQ
+NgsraYaBcSb3ITGHdimCS139G68DreN0rOVV7oJejRyOAdNNo367SDn+C9ObmBCF
+FZGJDdBiz0SAXceiYRaf+hDWNNmdheR16hXShxnlvDtivbZqZx4VWN2gp7Y/W+kD
+UJhdSzVV8igMVfK5YDdnI7jL1UHSh1JS3z/QUEA9NmJLpvQ1uc9XBlwhP78g27Me
+6pwS5tccQPOE65OqF0i+xa19nzbmnC940Y34yZeI/UE+PYaO2+asapvOfu/sboBH
+Yb5BuWXVEkSeRWI23SpuZbmfNTtVgiRoRqOvqM4G88LkhYjZ6xpDggxQwJiShiiD
+oWCucs0v3pX8H8/LbGs8l50SGI5nzUqAdZ7/QQucU/GuDiQtampntkLEDgf9KIw/
+SDrtCw1E9fnCWj4Z71IYfepY9bVY6QUEcfTdnDcYSY1Z5tVpzeMHVLeo0lbNVZv9
+2qmPnjjP/IvWbjjwu/PHpUWkUs0BAoHBAPx4YwPXWYgWnesMKXkjAHyO5KA4EyBr
++rcEmOZkZDibC8PKYzIK2ztptuthahVovW20R/QJhJkO5teGZMeGPFq+floCeC5P
+la9CEYGYcTrzgSe1QM9IGMr1vGI1KIWck7VkJ0bkKoY40uIJSVZxnyG9pEpcwYSp
+tnOqA/f5YZUFctWvXUz46OfiLKstXLrcrGIU7YRmLv2rW9twnpJYTzE98g3KpVJ2
+TI1pyvrDTdGeAQUTGCAjpviY6XR5d020vQKBwQDi76wsGLQ3XLI+OAE95Ljo0Mcl
++KdJPVVQPq/VcjKgZQndFloflMRrmgNHme9gmsHOrf8DLZvEDbtT+gbmWslMFZQ9
+om1kR404gfuGmfIYdBdOwWjuBLsZs3pfqDB4Xa3NkxljwOMYTp035n0r2UMFaSy3
+gvpW7fsdPOGAJsqNhSw/JNHcokHeBm7VbV0aD7tSyIghmARb5c98fmrSPbiEo8mP
+ITIZlgbfZCq2KuXY4q16R3QvlpuSwitVobLR/3kCgcEAueH5JM7dQHFGe9RMhL/c
+j9i1Q7GFg4183lsoKBkqIPMmylSsjB+qIihHYS4r6O9g6PCfOXH4iqiKFY0BjlWr
+AjTW2naO/aniz1KZiQ0v8PNv2Eh/Gx4+AtDCjpwM5bLOnfLLaEp9dK1JttqXgGnP
+fAwgdg+s+3votWgr29tkmU+VqPagfxeUg4Xm1XFkoL/wu5Yk+iIx3trXms1kMuOK
+CvtMyBK3fetTmZqWs+Iv3XGz1oSkcqVNPiN3XyY/TJsRAoG/Q17jvjOXTNg4EkCO
+HdHJE1Tnyl4HS7bpnOj/Sl6cqQFV7Ey2dKm1pjwSvS714bgP0UvWaRshIxLwif2w
+DrLlD7FYUPPnhd24Dw6HnW4WcSwFv1uryv2cjgS6T6ueuB0Xe/AvmW2p/Y1ZHz9N
+6baWLwUKQXCg4S3FXui0CVd6yoi+mgBUTSveYguG29WbziDde7YMs+xtXtravhrJ
+m6C3Jql5LQSt2uqvH6KdC3ewxLKGzcZot7f+d5MtSj6216ECgcEA9PGmWeUkhVuW
+Xz2c9iBeHwCtmDso7gVwxNnHqdqirB4f1nDCGbrJS7hz5Ss7/wfzekP2W5if2P6U
+JPUdfykAQgALNn1twAtj1a+UAp31ZWu8JK/Qzt4hLJPBxzMo7MenJq189JmYmDnm
+6D5d9vDLCW15gCZua89GZa8K8V50lYyeHBOHAyzNTfNlnMBkHyP645+nqpuEWzIT
+3mCe2OAbl60o8VvvVUlAQyQ/ObLq37HHEoDu0U/YAnP157cxpa84
+-----END RSA PRIVATE KEY-----

regress/unittests/sshsig/testdata/rsa.pub

diff --git a/regress/unittests/sshsig/testdata/rsa.pub b/regress/unittests/sshsig/testdata/rsa.pub
new file mode 100644
index 0000000..30142ac
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfzqWaNEe0mnKPzsGtL6ywya29z/VI83SBdM+z2NnWFgCr3w9xrf9FhUzgdpK7oI7O1AnZmdkPdN79d4GchTaZ+69ASX4OLCKwZ42CVXJEKLvvzt88UV9zHNl8NrsQHapjxLehpIZkrxCrO4bCYYAiaOVBfPon4cJ394P/nwagJJKKsgQIVYIC3642s4L8SaADOxt9x9ohttXMDjS2WBTeE7YnjaR13PwKKwNO0MpAAEVw5pBnJxJ+fscM/5aBctdcFQj3BUzVOJ/V/70xfTzEiy8K8bOjvIuBttMUtIavlKQD606ti6gDtXx+B7SJ3/emdW0bVSLcju96N4DB/Qdmq0V4ESc7CQgkWZl4y0V45V/7iSLiHWsOoC9Kxw28y0uno5elsABMBMC4RYSQhAGXWueCcR7SIL2JT2K0oxbqongW0hvgAIfUShTXHy+qsV5yDaG+p+TkJkEkhtXbwkW4aNpzc7EFnXsWpvyWOiZSKvUasRPbPro0yBvlOMMPsFU= RSA test

regress/unittests/sshsig/testdata/rsa.sig

diff --git a/regress/unittests/sshsig/testdata/rsa.sig b/regress/unittests/sshsig/testdata/rsa.sig
new file mode 100644
index 0000000..15a032e
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/rsa.sig
@@ -0,0 +1,19 @@
+-----BEGIN SSH SIGNATURE-----
+U1NIU0lHAAAAAQAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAN/OpZo0R7Saco/Owa0vrL
+DJrb3P9UjzdIF0z7PY2dYWAKvfD3Gt/0WFTOB2krugjs7UCdmZ2Q903v13gZyFNpn7r0BJ
+fg4sIrBnjYJVckQou+/O3zxRX3Mc2Xw2uxAdqmPEt6GkhmSvEKs7hsJhgCJo5UF8+ifhwn
+f3g/+fBqAkkoqyBAhVggLfrjazgvxJoAM7G33H2iG21cwONLZYFN4TtieNpHXc/AorA07Q
+ykAARXDmkGcnEn5+xwz/loFy11wVCPcFTNU4n9X/vTF9PMSLLwrxs6O8i4G20xS0hq+UpA
+PrTq2LqAO1fH4HtInf96Z1bRtVItyO73o3gMH9B2arRXgRJzsJCCRZmXjLRXjlX/uJIuId
+aw6gL0rHDbzLS6ejl6WwAEwEwLhFhJCEAZda54JxHtIgvYlPYrSjFuqieBbSG+AAh9RKFN
+cfL6qxXnINob6n5OQmQSSG1dvCRbho2nNzsQWdexam/JY6JlIq9RqxE9s+ujTIG+U4ww+w
+VQAAAAh1bml0dGVzdAAAAAAAAAAGc2hhNTEyAAABlAAAAAxyc2Etc2hhMi01MTIAAAGACi
+nEpBrQxZi0yOrrT6h98JFfZh0XXioih4fzmvtoV0yOReWClS+otGgXoJyZHcbaKNOjDwSM
+rIkUoX6OUJmtHYP0HRELnKw35m33LdBPXpFGS4tRS7NeSpvc04KtjT6jYXY9FjWy5hcn17
+Sxc/3DnJqLgJBur8acY7FeIzpWmKixPd/dGkEjdWoD9gO6szLczGuQgrOdYmSRL4yKadTJ
+lVjz5OSeKSYYGQy33US2XQassRRNYf4e9byTA3DKvHa/OcTt7lFerea0kZdDpAboqffz7T
+Yaw/hFskAYLIEdTW3aoXBGHSOvu8AkDOtb7qwuxGSQ27pjkDLDNsp1ceCFaCaQ6X83RZuK
+ACv9JUBI5KaSf81e0bs0KezJKkhB9czeZ6dk96qISbgayEBnvhYgXvUDKtHn7HzNlCJKfK
+5ABhNxfGG2CD+NKqcrndwFgS1sQO3hbA84zPQb26ShBovT8ytHBmW1F8ZK4O9Bz61Q6EZK
+vs/u6xP6LUean/so5daa
+-----END SSH SIGNATURE-----

regress/unittests/sshsig/testdata/signed-data

diff --git a/regress/unittests/sshsig/testdata/signed-data b/regress/unittests/sshsig/testdata/signed-data
new file mode 100644
index 0000000..7df4bed
--- /dev/null
+++ b/regress/unittests/sshsig/testdata/signed-data
@@ -0,0 +1 @@
+This is a test, this is only a test
\ No newline at end of file

regress/unittests/sshsig/tests.c

diff --git a/regress/unittests/sshsig/tests.c b/regress/unittests/sshsig/tests.c
new file mode 100644
index 0000000..bf59d58
--- /dev/null
+++ b/regress/unittests/sshsig/tests.c
@@ -0,0 +1,139 @@
+/* 	$OpenBSD: tests.c,v 1.2 2020/06/22 06:00:06 djm Exp $ */
+/*
+ * Regress test for sshbuf.h buffer API
+ *
+ * Placed in the public domain
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+
+#include "ssherr.h"
+#include "authfile.h"
+#include "sshkey.h"
+#include "sshbuf.h"
+#include "sshsig.h"
+#include "log.h"
+
+#include "../test_helper/test_helper.h"
+
+static struct sshbuf *
+load_file(const char *name)
+{
+	struct sshbuf *ret = NULL;
+
+	ASSERT_INT_EQ(sshbuf_load_file(test_data_file(name), &ret), 0);
+	ASSERT_PTR_NE(ret, NULL);
+	return ret;
+}
+
+static struct sshkey *
+load_key(const char *name)
+{
+	struct sshkey *ret = NULL;
+	ASSERT_INT_EQ(sshkey_load_public(test_data_file(name), &ret, NULL), 0);
+	ASSERT_PTR_NE(ret, NULL);
+	return ret;
+}
+
+static void
+check_sig(const char *keyname, const char *signame, const struct sshbuf *msg,
+    const char *namespace)
+{
+	struct sshkey *k, *sign_key;
+	struct sshbuf *sig, *rawsig;
+	struct sshkey_sig_details *sig_details;
+
+	k = load_key(keyname);
+	sig = load_file(signame);
+	sign_key = NULL;
+	sig_details = NULL;
+	rawsig = NULL;
+	ASSERT_INT_EQ(sshsig_dearmor(sig, &rawsig), 0);
+	ASSERT_INT_EQ(sshsig_verifyb(rawsig, msg, namespace,
+	    &sign_key, &sig_details), 0);
+	ASSERT_INT_EQ(sshkey_equal(k, sign_key), 1);
+	sshkey_free(k);
+	sshkey_free(sign_key);
+	sshkey_sig_details_free(sig_details);
+	sshbuf_free(sig);
+	sshbuf_free(rawsig);
+}
+
+void
+tests(void)
+{
+	struct sshbuf *msg;
+	char *namespace;
+
+#if 0
+        log_init("test_sshsig", SYSLOG_LEVEL_DEBUG3, SYSLOG_FACILITY_AUTH, 1);
+#endif
+
+#ifdef WITH_OPENSSL
+	OpenSSL_add_all_algorithms();
+	ERR_load_CRYPTO_strings();
+#endif
+
+	TEST_START("load data");
+	msg = load_file("namespace");
+	namespace = sshbuf_dup_string(msg);
+	ASSERT_PTR_NE(namespace, NULL);
+	sshbuf_free(msg);
+	msg = load_file("signed-data");
+	TEST_DONE();
+
+#ifdef WITH_OPENSSL
+	TEST_START("check RSA signature");
+	check_sig("rsa.pub", "rsa.sig", msg, namespace);
+	TEST_DONE();
+
+	TEST_START("check DSA signature");
+	check_sig("dsa.pub", "dsa.sig", msg, namespace);
+	TEST_DONE();
+
+#ifdef OPENSSL_HAS_ECC
+	TEST_START("check ECDSA signature");
+	check_sig("ecdsa.pub", "ecdsa.sig", msg, namespace);
+	TEST_DONE();
+#endif
+#endif
+
+	TEST_START("check ED25519 signature");
+	check_sig("ed25519.pub", "ed25519.sig", msg, namespace);
+	TEST_DONE();
+
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
+	TEST_START("check ECDSA-SK signature");
+	check_sig("ecdsa_sk.pub", "ecdsa_sk.sig", msg, namespace);
+	TEST_DONE();
+#endif
+
+	TEST_START("check ED25519-SK signature");
+	check_sig("ed25519_sk.pub", "ed25519_sk.sig", msg, namespace);
+	TEST_DONE();
+
+#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
+	TEST_START("check ECDSA-SK webauthn signature");
+	check_sig("ecdsa_sk_webauthn.pub", "ecdsa_sk_webauthn.sig",
+	    msg, namespace);
+ 	TEST_DONE();
+#endif
+
+	sshbuf_free(msg);
+	free(namespace);
+}

regress/unittests/sshsig/webauthn.html

diff --git a/regress/unittests/sshsig/webauthn.html b/regress/unittests/sshsig/webauthn.html
new file mode 100644
index 0000000..1869c8b
--- /dev/null
+++ b/regress/unittests/sshsig/webauthn.html
@@ -0,0 +1,766 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+<title>webauthn test</title>
+</head>
+<body onload="init()">
+<h1>webauthn test</h1>
+<p>
+This is a demo/test page for generating FIDO keys and signatures in SSH
+formats. The page initially displays a form to generate a FIDO key and
+convert it to a SSH public key.
+</p>
+<p>
+Once a key has been generated, an additional form will be displayed to
+allow signing of data using the just-generated key. The data may be signed
+as either a raw SSH signature or wrapped in a sshsig message (the latter is
+easier to test using command-line tools.
+</p>
+<p>
+Lots of debugging is printed along the way.
+</p>
+<h2>Enroll</h2>
+<span id="error" style="color: #800; font-weight: bold; font-size: 150%;"></span>
+<form id="enrollform">
+<table>
+<tr>
+<td><b>Username:</b></td>
+<td><input id="username" type="text" size="20" name="user" value="test" /></td>
+</tr>
+<tr><td></td><td><input id="assertsubmit" type="submit" value="submit" /></td></tr>
+</table>
+</form>
+<span id="enrollresult" style="visibility: hidden;">
+<h2>clientData</h2>
+<pre id="enrollresultjson" style="color: #008; font-family: monospace;"></pre>
+<h2>attestationObject raw</h2>
+<pre id="enrollresultraw" style="color: #008; font-family: monospace;"></pre>
+<h2>attestationObject</h2>
+<pre id="enrollresultattestobj" style="color: #008; font-family: monospace;"></pre>
+<h2>key handle</h2>
+<pre id="keyhandle" style="color: #008; font-family: monospace;"></pre>
+<h2>authData raw</h2>
+<pre id="enrollresultauthdataraw" style="color: #008; font-family: monospace;"></pre>
+<h2>authData</h2>
+<pre id="enrollresultauthdata" style="color: #008; font-family: monospace;"></pre>
+<h2>SSH pubkey blob</h2>
+<pre id="enrollresultpkblob" style="color: #008; font-family: monospace;"></pre>
+<h2>SSH pubkey string</h2>
+<pre id="enrollresultpk" style="color: #008; font-family: monospace;"></pre>
+<h2>SSH private key string</h2>
+<pre id="enrollresultprivkey" style="color: #008; font-family: monospace;"></pre>
+</span>
+<span id="assertsection" style="visibility: hidden;">
+<h2>Assert</h2>
+<form id="assertform">
+<span id="asserterror" style="color: #800; font-weight: bold;"></span>
+<table>
+<tr>
+<td><b>Data to sign:</b></td>
+<td><input id="message" type="text" size="20" name="message" value="test" /></td>
+</tr>
+<tr>
+<td><input id="message_sshsig" type="checkbox" checked /> use sshsig format</td>
+</tr>
+<tr>
+<td><b>Signature namespace:</b></td>
+<td><input id="message_namespace" type="text" size="20" name="namespace" value="test" /></td>
+</tr>
+<tr><td></td><td><input type="submit" value="submit" /></td></tr>
+</table>
+</form>
+</span>
+<span id="assertresult" style="visibility: hidden;">
+<h2>clientData</h2>
+<pre id="assertresultjson" style="color: #008; font-family: monospace;"></pre>
+<h2>signature raw</h2>
+<pre id="assertresultsigraw" style="color: #008; font-family: monospace;"></pre>
+<h2>authenticatorData raw</h2>
+<pre id="assertresultauthdataraw" style="color: #008; font-family: monospace;"></pre>
+<h2>authenticatorData</h2>
+<pre id="assertresultauthdata" style="color: #008; font-family: monospace;"></pre>
+<h2>signature in SSH format</h2>
+<pre id="assertresultsshsigraw" style="color: #008; font-family: monospace;"></pre>
+<h2>signature in SSH format (base64 encoded)</h2>
+<pre id="assertresultsshsigb64" style="color: #008; font-family: monospace;"></pre>
+</span>
+</body>
+<script>
+// ------------------------------------------------------------------
+// a crappy CBOR decoder - 20200401 djm@openbsd.org
+
+var CBORDecode = function(buffer) {
+	this.buf = buffer
+	this.v = new DataView(buffer)
+	this.offset = 0
+}
+
+CBORDecode.prototype.empty = function() {
+	return this.offset >= this.buf.byteLength
+}
+
+CBORDecode.prototype.getU8 = function() {
+	let r = this.v.getUint8(this.offset)
+	this.offset += 1
+	return r
+}
+
+CBORDecode.prototype.getU16 = function() {
+	let r = this.v.getUint16(this.offset)
+	this.offset += 2
+	return r
+}
+
+CBORDecode.prototype.getU32 = function() {
+	let r = this.v.getUint32(this.offset)
+	this.offset += 4
+	return r
+}
+
+CBORDecode.prototype.getU64 = function() {
+	let r = this.v.getUint64(this.offset)
+	this.offset += 8
+	return r
+}
+
+CBORDecode.prototype.getCBORTypeLen = function() {
+	let tl, t, l
+	tl = this.getU8()
+	t = (tl & 0xe0) >> 5
+	l = tl & 0x1f
+	return [t, this.decodeInteger(l)]
+}
+
+CBORDecode.prototype.decodeInteger = function(len) {
+	switch (len) {
+	case 0x18: return this.getU8()
+	case 0x19: return this.getU16()
+	case 0x20: return this.getU32()
+	case 0x21: return this.getU64()
+	default:
+		if (len <= 23) {
+			return len
+		}
+		throw new Error("Unsupported int type 0x" + len.toString(16))
+	}
+}
+
+CBORDecode.prototype.decodeNegint = function(len) {
+	let r = -(this.decodeInteger(len) + 1)
+	return r
+}
+
+CBORDecode.prototype.decodeByteString = function(len) {
+	let r = this.buf.slice(this.offset, this.offset + len)
+	this.offset += len
+	return r
+}
+
+CBORDecode.prototype.decodeTextString = function(len) {
+	let u8dec = new TextDecoder('utf-8')
+	r = u8dec.decode(this.decodeByteString(len))
+	return r
+}
+
+CBORDecode.prototype.decodeArray = function(len, level) {
+	let r = []
+	for (let i = 0; i < len; i++) {
+		let v = this.decodeInternal(level)
+		r.push(v)
+		// console.log("decodeArray level " + level.toString() + " index " + i.toString() + " value " + JSON.stringify(v))
+	}
+	return r
+}
+
+CBORDecode.prototype.decodeMap = function(len, level) {
+	let r = {}
+	for (let i = 0; i < len; i++) {
+		let k = this.decodeInternal(level)
+		let v = this.decodeInternal(level)
+		r[k] = v
+		// console.log("decodeMap level " + level.toString() + " key " + k.toString() + " value " + JSON.stringify(v))
+		// XXX check string keys, duplicates
+	}
+	return r
+}
+
+CBORDecode.prototype.decodePrimitive = function(t) {
+	switch (t) {
+	case 20: return false
+	case 21: return true
+	case 22: return null
+	case 23: return undefined
+	default:
+		throw new Error("Unsupported primitive 0x" + t.toString(2))
+	}
+}
+
+CBORDecode.prototype.decodeInternal = function(level) {
+	if (level > 256) {
+		throw new Error("CBOR nesting too deep")
+	}
+	let t, l, r
+	[t, l] = this.getCBORTypeLen()
+	// console.log("decode level " + level.toString() + " type " + t.toString() + " len " + l.toString())
+	switch (t) {
+		case 0:
+			r = this.decodeInteger(l)
+			break
+		case 1:
+			r = this.decodeNegint(l)
+			break
+		case 2:
+			r = this.decodeByteString(l)
+			break
+		case 3:
+			r = this.decodeTextString(l)
+			break
+		case 4:
+			r = this.decodeArray(l, level + 1)
+			break
+		case 5:
+			r = this.decodeMap(l, level + 1)
+			break
+		case 6:
+			console.log("XXX ignored semantic tag " + this.decodeInteger(l).toString())
+			break;
+		case 7:
+			r = this.decodePrimitive(l)
+			break
+		default:
+			throw new Error("Unsupported type 0x" + t.toString(2) + " len " + l.toString())
+	}
+	// console.log("decode level " + level.toString() + " value " + JSON.stringify(r))
+	return r
+}
+
+CBORDecode.prototype.decode = function() {
+	return this.decodeInternal(0)
+}
+
+// ------------------------------------------------------------------
+// a crappy SSH message packer - 20200401 djm@openbsd.org
+
+var SSHMSG = function() {
+	this.r = []
+}
+
+SSHMSG.prototype.length = function() {
+	let len = 0
+	for (buf of this.r) {
+		len += buf.length
+	}
+	return len
+}
+
+SSHMSG.prototype.serialise = function() {
+	let r = new ArrayBuffer(this.length())
+	let v = new Uint8Array(r)
+	let offset = 0
+	for (buf of this.r) {
+		v.set(buf, offset)
+		offset += buf.length
+	}
+	if (offset != r.byteLength) {
+		throw new Error("djm can't count")
+	}
+	return r
+}
+
+SSHMSG.prototype.serialiseBase64 = function(v) {
+	let b = this.serialise()
+	return btoa(String.fromCharCode(...new Uint8Array(b)));
+}
+
+SSHMSG.prototype.putU8 = function(v) {
+	this.r.push(new Uint8Array([v]))
+}
+
+SSHMSG.prototype.putU32 = function(v) {
+	this.r.push(new Uint8Array([
+		(v >> 24) & 0xff,
+		(v >> 16) & 0xff,
+		(v >> 8) & 0xff,
+		(v & 0xff)
+	]))
+}
+
+SSHMSG.prototype.put = function(v) {
+	this.r.push(new Uint8Array(v))
+}
+
+SSHMSG.prototype.putStringRaw = function(v) {
+	let enc = new TextEncoder();
+	let venc = enc.encode(v)
+	this.put(venc)
+}
+
+SSHMSG.prototype.putString = function(v) {
+	let enc = new TextEncoder();
+	let venc = enc.encode(v)
+	this.putU32(venc.length)
+	this.put(venc)
+}
+
+SSHMSG.prototype.putSSHMSG = function(v) {
+	let msg = v.serialise()
+	this.putU32(msg.byteLength)
+	this.put(msg)
+}
+
+SSHMSG.prototype.putBytes = function(v) {
+	this.putU32(v.byteLength)
+	this.put(v)
+}
+
+SSHMSG.prototype.putECPoint = function(x, y) {
+	let x8 = new Uint8Array(x)
+	let y8 = new Uint8Array(y)
+	this.putU32(1 + x8.length + y8.length)
+	this.putU8(0x04) // Uncompressed point format.
+	this.put(x8)
+	this.put(y8)
+}
+
+// ------------------------------------------------------------------
+// webauthn to SSH glue - djm@openbsd.org 20200408
+
+function error(msg, ...args) {
+	document.getElementById("error").innerText = msg
+	console.log(msg)
+	for (const arg of args) {
+		console.dir(arg)
+	}
+}
+function hexdump(buf) {
+	const hex = Array.from(new Uint8Array(buf)).map(
+		b => b.toString(16).padStart(2, "0"))
+	const fmt = new Array()
+	for (let i = 0; i < hex.length; i++) {
+		if ((i % 16) == 0) {
+			// Prepend length every 16 bytes.
+			fmt.push(i.toString(16).padStart(4, "0"))
+			fmt.push("  ")
+		}
+		fmt.push(hex[i])
+		fmt.push(" ")
+		if ((i % 16) == 15) {
+			fmt.push("\n")
+		}
+	}
+	return fmt.join("")
+}
+function enrollform_submit(event) {
+	event.preventDefault();
+	console.log("submitted")
+	username = event.target.elements.username.value
+	if (username === "") {
+		error("no username specified")
+		return false
+	}
+	enrollStart(username)
+}
+function enrollStart(username) {
+	let challenge = new Uint8Array(32)
+	window.crypto.getRandomValues(challenge)
+	let userid = new Uint8Array(8)
+	window.crypto.getRandomValues(userid)
+
+	console.log("challenge:" + btoa(challenge))
+	console.log("userid:" + btoa(userid))
+
+	let pkopts = {
+		challenge: challenge,
+		rp: {
+			name: "mindrot.org",
+			id: "mindrot.org",
+		},
+		user: {
+			id: userid,
+			name: username,
+			displayName: username,
+		},
+		authenticatorSelection: {
+			authenticatorAttachment: "cross-platform",
+			userVerification: "discouraged",
+		},
+		pubKeyCredParams: [{alg: -7, type: "public-key"}], // ES256
+		timeout: 30 * 1000,
+	};
+	console.dir(pkopts)
+	window.enrollOpts = pkopts
+	let credpromise = navigator.credentials.create({ publicKey: pkopts });
+	credpromise.then(enrollSuccess, enrollFailure)
+}
+function enrollFailure(result) {
+	error("Enroll failed", result)
+}
+function enrollSuccess(result) {
+	console.log("Enroll succeeded")
+	console.dir(result)
+	window.enrollResult = result
+	document.getElementById("enrollresult").style.visibility = "visible"
+
+	// Show the clientData
+	let u8dec = new TextDecoder('utf-8')
+	clientData = u8dec.decode(result.response.clientDataJSON)
+	document.getElementById("enrollresultjson").innerText = clientData
+
+	// Show the raw key handle.
+	document.getElementById("keyhandle").innerText = hexdump(result.rawId)
+
+	// Decode and show the attestationObject
+	document.getElementById("enrollresultraw").innerText = hexdump(result.response.attestationObject)
+	let aod = new CBORDecode(result.response.attestationObject)
+	let attestationObject = aod.decode()
+	console.log("attestationObject")
+	console.dir(attestationObject)
+	document.getElementById("enrollresultattestobj").innerText = JSON.stringify(attestationObject)
+
+	// Decode and show the authData
+	document.getElementById("enrollresultauthdataraw").innerText = hexdump(attestationObject.authData)
+	let authData = decodeAuthenticatorData(attestationObject.authData, true)
+	console.log("authData")
+	console.dir(authData)
+	window.enrollAuthData = authData
+	document.getElementById("enrollresultauthdata").innerText = JSON.stringify(authData)
+
+	// Reformat the pubkey as a SSH key for easy verification
+	window.rawKey = reformatPubkey(authData.attestedCredentialData.credentialPublicKey, window.enrollOpts.rp.id)
+	console.log("SSH pubkey blob")
+	console.dir(window.rawKey)
+	document.getElementById("enrollresultpkblob").innerText = hexdump(window.rawKey)
+	let pk64 = btoa(String.fromCharCode(...new Uint8Array(window.rawKey)));
+	let pk = "sk-ecdsa-sha2-nistp256@openssh.com " + pk64
+	document.getElementById("enrollresultpk").innerText = pk
+
+	// Format a private key too.
+	flags = 0x01 // SSH_SK_USER_PRESENCE_REQD
+	window.rawPrivkey = reformatPrivkey(authData.attestedCredentialData.credentialPublicKey, window.enrollOpts.rp.id, result.rawId, flags)
+	let privkeyFileBlob = privkeyFile(window.rawKey, window.rawPrivkey, window.enrollOpts.user.name, window.enrollOpts.rp.id)
+	let privk64 = btoa(String.fromCharCode(...new Uint8Array(privkeyFileBlob)));
+	let privkey = "-----BEGIN OPENSSH PRIVATE KEY-----\n" + wrapString(privk64, 70) + "-----END OPENSSH PRIVATE KEY-----\n"
+	document.getElementById("enrollresultprivkey").innerText = privkey
+
+	// Success: show the assertion form.
+	document.getElementById("assertsection").style.visibility = "visible"
+}
+
+function decodeAuthenticatorData(authData, expectCred) {
+	let r = new Object()
+	let v = new DataView(authData)
+
+	r.rpIdHash = authData.slice(0, 32)
+	r.flags = v.getUint8(32)
+	r.signCount = v.getUint32(33)
+
+	// Decode attestedCredentialData if present.
+	let offset = 37
+	let acd = new Object()
+	if (expectCred) {
+		acd.aaguid = authData.slice(offset, offset+16)
+		offset += 16
+		let credentialIdLength = v.getUint16(offset)     
+		offset += 2
+		acd.credentialIdLength = credentialIdLength
+		acd.credentialId = authData.slice(offset, offset+credentialIdLength)
+		offset += credentialIdLength
+		r.attestedCredentialData = acd
+	}
+	console.log("XXXXX " + offset.toString())
+	let pubkeyrest = authData.slice(offset, authData.byteLength)
+	let pkdecode = new CBORDecode(pubkeyrest)
+	if (expectCred) {
+		// XXX unsafe: doesn't mandate COSE canonical format.
+		acd.credentialPublicKey = pkdecode.decode()
+	}
+	if (!pkdecode.empty()) {
+		// Decode extensions if present.
+		r.extensions = pkdecode.decode()
+	}
+	return r
+}
+
+function wrapString(s, l) {
+	ret = ""
+	for (i = 0; i < s.length; i += l) {
+		ret += s.slice(i, i + l) + "\n"
+	}
+	return ret
+}
+
+function checkPubkey(pk) {
+	// pk is in COSE format. We only care about a tiny subset.
+	if (pk[1] != 2) {
+		console.dir(pk)
+		throw new Error("pubkey is not EC")
+	}
+	if (pk[-1] != 1) {
+		throw new Error("pubkey is not in P256")
+	}
+	if (pk[3] != -7) {
+		throw new Error("pubkey is not ES256")
+	}
+	if (pk[-2].byteLength != 32 || pk[-3].byteLength != 32) {
+		throw new Error("pubkey EC coords have bad length")
+	}
+}
+
+function reformatPubkey(pk, rpid) {
+	checkPubkey(pk)
+	let msg = new SSHMSG()
+	msg.putString("sk-ecdsa-sha2-nistp256@openssh.com")	// Key type
+	msg.putString("nistp256")				// Key curve
+	msg.putECPoint(pk[-2], pk[-3])				// EC key
+	msg.putString(rpid)					// RP ID
+	return msg.serialise()
+}
+
+function reformatPrivkey(pk, rpid, kh, flags) {
+	checkPubkey(pk)
+	let msg = new SSHMSG()
+	msg.putString("sk-ecdsa-sha2-nistp256@openssh.com")	// Key type
+	msg.putString("nistp256")				// Key curve
+	msg.putECPoint(pk[-2], pk[-3])				// EC key
+	msg.putString(rpid)					// RP ID
+	msg.putU8(flags)					// flags
+	msg.putBytes(kh)					// handle
+	msg.putString("")					// reserved
+	return msg.serialise()
+}
+
+function privkeyFile(pub, priv, user, rp) {
+	let innerMsg = new SSHMSG()
+	innerMsg.putU32(0xdeadbeef)				// check byte
+	innerMsg.putU32(0xdeadbeef)				// check byte
+	innerMsg.put(priv)					// privkey
+	innerMsg.putString("webauthn.html " + user + "@" + rp)	// comment
+	// Pad to cipher blocksize (8).
+	p = 1
+	while (innerMsg.length() % 8 != 0) {
+		innerMsg.putU8(p++)
+	}
+	let msg = new SSHMSG()
+	msg.putStringRaw("openssh-key-v1")			// Magic
+	msg.putU8(0)						// \0 terminate
+	msg.putString("none")					// cipher
+	msg.putString("none")					// KDF
+	msg.putString("")					// KDF options
+	msg.putU32(1)						// nkeys
+	msg.putBytes(pub)					// pubkey
+	msg.putSSHMSG(innerMsg)					// inner
+	//msg.put(innerMsg.serialise())				// inner
+	return msg.serialise()
+}
+
+async function assertform_submit(event) {
+	event.preventDefault();
+	console.log("submitted")
+	message = event.target.elements.message.value
+	if (message === "") {
+		error("no message specified")
+		return false
+	}
+	let enc = new TextEncoder()
+	let encmsg = enc.encode(message)
+	window.assertSignRaw = !event.target.elements.message_sshsig.checked
+	console.log("using sshsig ", !window.assertSignRaw)
+	if (window.assertSignRaw) {
+		assertStart(encmsg)
+		return
+	}
+	// Format a sshsig-style message.
+	window.sigHashAlg = "sha512"
+	let msghash = await crypto.subtle.digest("SHA-512", encmsg);
+	console.log("raw message hash")
+	console.dir(msghash)
+	window.sigNamespace = event.target.elements.message_namespace.value
+	let sigbuf = new SSHMSG()
+	sigbuf.put(enc.encode("SSHSIG"))
+	sigbuf.putString(window.sigNamespace)
+	sigbuf.putU32(0) // Reserved string
+	sigbuf.putString(window.sigHashAlg)
+	sigbuf.putBytes(msghash)
+	let msg = sigbuf.serialise()
+	console.log("sigbuf")
+	console.dir(msg)
+	assertStart(msg)
+}
+
+function assertStart(message) {
+	let assertReqOpts = {
+		challenge: message,
+		rpId: "mindrot.org",
+		allowCredentials: [{
+			type: 'public-key',
+			id: window.enrollResult.rawId,
+		}],
+		userVerification: "discouraged",
+		timeout: (30 * 1000),
+	}
+	console.log("assertReqOpts")
+	console.dir(assertReqOpts)
+	window.assertReqOpts = assertReqOpts
+	let assertpromise = navigator.credentials.get({
+		publicKey: assertReqOpts
+	});
+	assertpromise.then(assertSuccess, assertFailure)
+}
+function assertFailure(result) {
+	error("Assertion failed", result)
+}
+function linewrap(s) {
+	const linelen = 70
+	let ret = ""
+	for (let i = 0; i < s.length; i += linelen) {
+		end = i + linelen
+		if (end > s.length) {
+			end = s.length
+		}
+		if (i > 0) {
+			ret += "\n"
+		}
+		ret += s.slice(i, end)
+	}
+	return ret + "\n"
+}
+function assertSuccess(result) {
+	console.log("Assertion succeeded")
+	console.dir(result)
+	window.assertResult = result
+	document.getElementById("assertresult").style.visibility = "visible"
+
+	// show the clientData.
+	let u8dec = new TextDecoder('utf-8')
+	clientData = u8dec.decode(result.response.clientDataJSON)
+	document.getElementById("assertresultjson").innerText = clientData
+
+	// show the signature.
+	document.getElementById("assertresultsigraw").innerText = hexdump(result.response.signature)
+	
+	// decode and show the authData.
+	document.getElementById("assertresultauthdataraw").innerText = hexdump(result.response.authenticatorData)
+	authData = decodeAuthenticatorData(result.response.authenticatorData, false)
+	document.getElementById("assertresultauthdata").innerText = JSON.stringify(authData)
+
+	// Parse and reformat the signature to an SSH style signature.
+	let sshsig = reformatSignature(result.response.signature, clientData, authData)
+	document.getElementById("assertresultsshsigraw").innerText = hexdump(sshsig)
+	let sig64 = btoa(String.fromCharCode(...new Uint8Array(sshsig)));
+	if (window.assertSignRaw) {
+		document.getElementById("assertresultsshsigb64").innerText = sig64
+	} else {
+		document.getElementById("assertresultsshsigb64").innerText =
+		    "-----BEGIN SSH SIGNATURE-----\n" + linewrap(sig64) +
+		    "-----END SSH SIGNATURE-----\n";
+	}
+}
+
+function reformatSignature(sig, clientData, authData) {
+	if (sig.byteLength < 2) {
+		throw new Error("signature is too short")
+	}
+	let offset = 0
+	let v = new DataView(sig)
+	// Expect an ASN.1 SEQUENCE that exactly spans the signature.
+	if (v.getUint8(offset) != 0x30) {
+		throw new Error("signature not an ASN.1 sequence")
+	}
+	offset++
+	let seqlen = v.getUint8(offset)
+	offset++
+	if ((seqlen & 0x80) != 0 || seqlen != sig.byteLength - offset) {
+		throw new Error("signature has unexpected length " + seqlen.toString() + " vs expected " + (sig.byteLength - offset).toString())
+	}
+
+	// Parse 'r' INTEGER value.
+	if (v.getUint8(offset) != 0x02) {
+		throw new Error("signature r not an ASN.1 integer")
+	}
+	offset++
+	let rlen = v.getUint8(offset)
+	offset++
+	if ((rlen & 0x80) != 0 || rlen > sig.byteLength - offset) {
+		throw new Error("signature r has unexpected length " + rlen.toString() + " vs buffer " + (sig.byteLength - offset).toString())
+	}
+	let r = sig.slice(offset, offset + rlen)
+	offset += rlen
+	console.log("sig_r")
+	console.dir(r)
+
+	// Parse 's' INTEGER value.
+	if (v.getUint8(offset) != 0x02) {
+		throw new Error("signature r not an ASN.1 integer")
+	}
+	offset++
+	let slen = v.getUint8(offset)
+	offset++
+	if ((slen & 0x80) != 0 || slen > sig.byteLength - offset) {
+		throw new Error("signature s has unexpected length " + slen.toString() + " vs buffer " + (sig.byteLength - offset).toString())
+	}
+	let s = sig.slice(offset, offset + slen)
+	console.log("sig_s")
+	console.dir(s)
+	offset += slen
+
+	if (offset != sig.byteLength) {
+		throw new Error("unexpected final offset during signature parsing " + offset.toString() + " expected " + sig.byteLength.toString())
+	}
+	
+	// Reformat as an SSH signature.
+	let clientDataParsed = JSON.parse(clientData)
+	let innersig = new SSHMSG()
+	innersig.putBytes(r)
+	innersig.putBytes(s)
+
+	let rawsshsig = new SSHMSG()
+	rawsshsig.putString("webauthn-sk-ecdsa-sha2-nistp256@openssh.com")
+	rawsshsig.putSSHMSG(innersig)
+	rawsshsig.putU8(authData.flags)
+	rawsshsig.putU32(authData.signCount)
+	rawsshsig.putString(clientDataParsed.origin)
+	rawsshsig.putString(clientData)
+	if (authData.extensions == undefined) {
+		rawsshsig.putU32(0)
+	} else {
+		rawsshsig.putBytes(authData.extensions)
+	}
+
+	if (window.assertSignRaw) {
+		return rawsshsig.serialise()
+	}
+	// Format as SSHSIG.
+	let enc = new TextEncoder()
+	let sshsig = new SSHMSG()
+	sshsig.put(enc.encode("SSHSIG"))
+	sshsig.putU32(0x01) // Signature version.
+	sshsig.putBytes(window.rawKey)
+	sshsig.putString(window.sigNamespace)
+	sshsig.putU32(0) // Reserved string
+	sshsig.putString(window.sigHashAlg)
+	sshsig.putBytes(rawsshsig.serialise())
+	return sshsig.serialise()
+}
+
+function toggleNamespaceVisibility() {
+	const assertsigtype = document.getElementById('message_sshsig');
+	const assertsignamespace = document.getElementById('message_namespace');
+	assertsignamespace.disabled = !assertsigtype.checked;
+}
+
+function init() {
+	if (document.location.protocol != "https:") {
+		error("This page must be loaded via https")
+		const assertsubmit = document.getElementById('assertsubmit')
+		assertsubmit.disabled = true
+	}
+	const enrollform = document.getElementById('enrollform');
+	enrollform.addEventListener('submit', enrollform_submit);
+	const assertform = document.getElementById('assertform');
+	assertform.addEventListener('submit', assertform_submit);
+	const assertsigtype = document.getElementById('message_sshsig');
+	assertsigtype.onclick = toggleNamespaceVisibility;
+}
+</script>
+
+</html>

regress/valgrind-unit.sh

diff --git a/regress/valgrind-unit.sh b/regress/valgrind-unit.sh
index 4143ead..193289e 100755
--- a/regress/valgrind-unit.sh
+++ b/regress/valgrind-unit.sh
@@ -19,4 +19,6 @@
 	VG_PATH="$VALGRIND_PATH"
 fi
 
+mkdir -p "$OBJ/valgrind-out"
+
 exec $VG_PATH $VG_OPTS $UNIT_BINARY $UNIT_ARGS

sandbox-pledge.c

diff --git a/sandbox-pledge.c b/sandbox-pledge.c
index d28fc27..302f1cf 100644
--- a/sandbox-pledge.c
+++ b/sandbox-pledge.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-pledge.c,v 1.1 2015/10/09 01:37:08 deraadt Exp $ */
+/* $OpenBSD: sandbox-pledge.c,v 1.2 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Copyright (c) 2015 Theo de Raadt <deraadt@openbsd.org>
  *
@@ -46,7 +46,7 @@
 {
 	struct ssh_sandbox *box;
 
-	debug3("%s: preparing pledge sandbox", __func__);
+	debug3_f("preparing pledge sandbox");
 	box = xcalloc(1, sizeof(*box));
 	box->child_pid = 0;
 
@@ -57,14 +57,14 @@
 ssh_sandbox_child(struct ssh_sandbox *box)
 {
 	if (pledge("stdio", NULL) == -1)
-		fatal("%s: pledge()", __func__);
+		fatal_f("pledge()");
 }
 
 void
 ssh_sandbox_parent_finish(struct ssh_sandbox *box)
 {
 	free(box);
-	debug3("%s: finished", __func__);
+	debug3_f("finished");
 }
 
 void

sandbox-rlimit.c

diff --git a/sandbox-rlimit.c b/sandbox-rlimit.c
index 0bff3df..26c61d2 100644
--- a/sandbox-rlimit.c
+++ b/sandbox-rlimit.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sandbox-rlimit.c,v 1.4 2016/09/12 01:22:38 deraadt Exp $ */
+/* $OpenBSD: sandbox-rlimit.c,v 1.5 2020/10/18 11:32:01 djm Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller <djm@mindrot.org>
  *
@@ -49,7 +49,7 @@
 	 * Strictly, we don't need to maintain any state here but we need
 	 * to return non-NULL to satisfy the API.
 	 */
-	debug3("%s: preparing rlimit sandbox", __func__);
+	debug3_f("preparing rlimit sandbox");
 	box = xcalloc(1, sizeof(*box));
 	box->child_pid = 0;
 
@@ -65,18 +65,18 @@
 
 #ifndef SANDBOX_SKIP_RLIMIT_FSIZE
 	if (setrlimit(RLIMIT_FSIZE, &rl_zero) == -1)
-		fatal("%s: setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
-			__func__, strerror(errno));
+		fatal_f("setrlimit(RLIMIT_FSIZE, { 0, 0 }): %s",
+			strerror(errno));
 #endif
 #ifndef SANDBOX_SKIP_RLIMIT_NOFILE
 	if (setrlimit(RLIMIT_NOFILE, &rl_zero) == -1)
-		fatal("%s: setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
-			__func__, strerror(errno));
+		fatal_f("setrlimit(RLIMIT_NOFILE, { 0, 0 }): %s",
+			strerror(errno));
 #endif
 #ifdef HAVE_RLIMIT_NPROC
 	if (setrlimit(RLIMIT_NPROC, &rl_zero) == -1)
-		fatal("%s: setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
-			__func__, strerror(errno));
+		fatal_f("setrlimit(RLIMIT_NPROC, { 0, 0 }): %s",
+			strerror(errno));
 #endif
 }
 
@@ -84,7 +84,7 @@
 ssh_sandbox_parent_finish(struct ssh_sandbox *box)
 {
 	free(box);
-	debug3("%s: finished", __func__);
+	debug3_f("finished");
 }
 
 void

sandbox-seccomp-filter.c

diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
index e0768c0..798b24b 100644
--- a/sandbox-seccomp-filter.c
+++ b/sandbox-seccomp-filter.c
@@ -154,6 +154,9 @@
 #ifdef __NR_fstat64
 	SC_DENY(__NR_fstat64, EACCES),
 #endif
+#ifdef __NR_fstatat64
+	SC_DENY(__NR_fstatat64, EACCES),
+#endif
 #ifdef __NR_open
 	SC_DENY(__NR_open, EACCES),
 #endif
@@ -181,6 +184,9 @@
 #ifdef __NR_ipc
 	SC_DENY(__NR_ipc, EACCES),
 #endif
+#ifdef __NR_statx
+	SC_DENY(__NR_statx, EACCES),
+#endif
 
 	/* Syscalls to permit */
 #ifdef __NR_brk
@@ -204,6 +210,9 @@
 #ifdef __NR_futex
 	SC_ALLOW(__NR_futex),
 #endif
+#ifdef __NR_futex_time64
+	SC_ALLOW(__NR_futex_time64),
+#endif
 #ifdef __NR_geteuid
 	SC_ALLOW(__NR_geteuid),
 #endif
@@ -267,6 +276,9 @@
 #ifdef __NR_pselect6
 	SC_ALLOW(__NR_pselect6),
 #endif
+#ifdef __NR_pselect6_time64
+	SC_ALLOW(__NR_pselect6_time64),
+#endif
 #ifdef __NR_read
 	SC_ALLOW(__NR_read),
 #endif
@@ -372,7 +384,7 @@
 		fatal("%s: sigaction(SIGSYS): %s", __func__, strerror(errno));
 	if (sigprocmask(SIG_UNBLOCK, &mask, NULL) == -1)
 		fatal("%s: sigprocmask(SIGSYS): %s",
-		      __func__, strerror(errno));
+		    __func__, strerror(errno));
 }
 #endif /* SANDBOX_SECCOMP_FILTER_DEBUG */
 
@@ -401,13 +413,13 @@
 	debug3("%s: setting PR_SET_NO_NEW_PRIVS", __func__);
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1) {
 		debug("%s: prctl(PR_SET_NO_NEW_PRIVS): %s",
-		      __func__, strerror(errno));
+		    __func__, strerror(errno));
 		nnp_failed = 1;
 	}
 	debug3("%s: attaching seccomp filter program", __func__);
 	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &preauth_program) == -1)
 		debug("%s: prctl(PR_SET_SECCOMP): %s",
-		      __func__, strerror(errno));
+		    __func__, strerror(errno));
 	else if (nnp_failed)
 		fatal("%s: SECCOMP_MODE_FILTER activated but "
 		    "PR_SET_NO_NEW_PRIVS failed", __func__);

scp.1

diff --git a/scp.1 b/scp.1
index d5f65af..10cd4ef 100644
--- a/scp.1
+++ b/scp.1
@@ -8,9 +8,9 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $OpenBSD: scp.1,v 1.89 2020/04/30 18:28:37 jmc Exp $
+.\" $OpenBSD: scp.1,v 1.105 2021/09/20 06:53:56 djm Exp $
 .\"
-.Dd $Mdocdate: April 30 2020 $
+.Dd $Mdocdate: September 20 2021 $
 .Dt SCP 1
 .Os
 .Sh NAME
@@ -18,8 +18,9 @@
 .Nd OpenSSH secure file copy
 .Sh SYNOPSIS
 .Nm scp
-.Op Fl 346BCpqrTv
+.Op Fl 346ABCOpqRrsTv
 .Op Fl c Ar cipher
+.Op Fl D Ar sftp_server_path
 .Op Fl F Ar ssh_config
 .Op Fl i Ar identity_file
 .Op Fl J Ar destination
@@ -31,11 +32,12 @@
 .Sh DESCRIPTION
 .Nm
 copies files between hosts on a network.
+.Pp
 It uses
 .Xr ssh 1
 for data transfer, and uses the same authentication and provides the
-same security as
-.Xr ssh 1 .
+same security as a login session.
+.Pp
 .Nm
 will ask for passwords or passphrases if they are needed for
 authentication.
@@ -62,10 +64,10 @@
 .Pp
 When copying between two remote hosts, if the URI format is used, a
 .Ar port
-may only be specified on the
+cannot be specified on the
 .Ar target
 if the
-.Fl 3
+.Fl R
 option is used.
 .Pp
 The options are as follows:
@@ -74,10 +76,11 @@
 Copies between two remote hosts are transferred through the local host.
 Without this option the data is copied directly between the two remote
 hosts.
-Note that this option disables the progress meter and selects batch mode
-for the second host, since
+Note that, when using the original SCP protocol (the default), this option
+selects batch mode for the second host as
 .Nm
 cannot ask for passwords or passphrases for both hosts.
+This mode is the default.
 .It Fl 4
 Forces
 .Nm
@@ -86,6 +89,11 @@
 Forces
 .Nm
 to use IPv6 addresses only.
+.It Fl A
+Allows forwarding of
+.Xr ssh-agent 1
+to the remote system.
+The default is not to forward an authentication agent.
 .It Fl B
 Selects batch mode (prevents asking for passwords or passphrases).
 .It Fl C
@@ -99,6 +107,13 @@
 Selects the cipher to use for encrypting the data transfer.
 This option is directly passed to
 .Xr ssh 1 .
+.It Fl D Ar sftp_server_path
+When using the SFTP protocol support via
+.Fl s ,
+connect directly to a local SFTP server program rather than a
+remote one via
+.Xr ssh 1 .
+This option may be useful in debugging the client and server.
 .It Fl F Ar ssh_config
 Specifies an alternative
 per-user configuration file for
@@ -125,6 +140,14 @@
 .Xr ssh 1 .
 .It Fl l Ar limit
 Limits the used bandwidth, specified in Kbit/s.
+.It Fl O
+Use the original SCP protocol for file transfers instead of the SFTP protocol.
+Forcing the use of the SCP protocol may be necessary for servers that do
+not implement SFTP, for backwards-compatibility for particular filename
+wildcard patterns and for expanding paths with a
+.Sq ~
+prefix for older SFTP servers.
+This mode is the default.
 .It Fl o Ar ssh_option
 Can be used to pass options to
 .Nm ssh
@@ -149,7 +172,6 @@
 .It CanonicalizePermittedCNAMEs
 .It CASignatureAlgorithms
 .It CertificateFile
-.It ChallengeResponseAuthentication
 .It CheckHostIP
 .It Ciphers
 .It Compression
@@ -163,8 +185,8 @@
 .It GSSAPIDelegateCredentials
 .It HashKnownHosts
 .It Host
+.It HostbasedAcceptedAlgorithms
 .It HostbasedAuthentication
-.It HostbasedKeyTypes
 .It HostKeyAlgorithms
 .It HostKeyAlias
 .It Hostname
@@ -175,6 +197,7 @@
 .It KbdInteractiveAuthentication
 .It KbdInteractiveDevices
 .It KexAlgorithms
+.It KnownHostsCommand
 .It LogLevel
 .It MACs
 .It NoHostAuthenticationForLocalhost
@@ -185,7 +208,7 @@
 .It PreferredAuthentications
 .It ProxyCommand
 .It ProxyJump
-.It PubkeyAcceptedKeyTypes
+.It PubkeyAcceptedAlgorithms
 .It PubkeyAuthentication
 .It RekeyLimit
 .It SendEnv
@@ -205,14 +228,23 @@
 .Sq P ,
 because
 .Fl p
-is already reserved for preserving the times and modes of the file.
+is already reserved for preserving the times and mode bits of the file.
 .It Fl p
-Preserves modification times, access times, and modes from the
-original file.
+Preserves modification times, access times, and file mode bits from the
+source file.
 .It Fl q
 Quiet mode: disables the progress meter as well as warning and diagnostic
 messages from
 .Xr ssh 1 .
+.It Fl R
+Copies between two remote hosts are performed by connecting to the origin
+host and executing
+.Nm
+there.
+This requires that
+.Nm
+running on the origin host can authenticate to the destination host without
+requiring a password.
 .It Fl r
 Recursively copy entire directories.
 Note that
@@ -225,6 +257,8 @@
 The program must understand
 .Xr ssh 1
 options.
+.It Fl s
+Use the SFTP protocol for transfers rather than the original scp protocol.
 .It Fl T
 Disable strict filename checking.
 By default when copying files from a remote host to a local directory
@@ -254,6 +288,7 @@
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh_config 5 ,
+.Xr sftp-server 8 ,
 .Xr sshd 8
 .Sh HISTORY
 .Nm
@@ -263,3 +298,10 @@
 .Sh AUTHORS
 .An Timo Rinne Aq Mt tri@iki.fi
 .An Tatu Ylonen Aq Mt ylo@cs.hut.fi
+.Sh CAVEATS
+The original SCP protocol (used by default) requires execution of the
+remote user's shell to perform
+.Xr glob 3
+pattern matching.
+This requires careful quoting of any characters that have special meaning to
+the remote shell, such as quote characters.

scp.c

diff --git a/scp.c b/scp.c
index b4492a0..73ce855 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.210 2020/05/06 20:57:38 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.239 2021/09/20 06:53:56 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -97,6 +97,14 @@
 #ifdef HAVE_FNMATCH_H
 #include <fnmatch.h>
 #endif
+#ifdef USE_SYSTEM_GLOB
+# include <glob.h>
+#else
+# include "openbsd-compat/glob.h"
+#endif
+#ifdef HAVE_LIBGEN_H
+#include <libgen.h>
+#endif
 #include <limits.h>
 #include <locale.h>
 #include <pwd.h>
@@ -123,12 +131,15 @@
 #include "progressmeter.h"
 #include "utf8.h"
 
+#include "sftp-common.h"
+#include "sftp-client.h"
+
 extern char *__progname;
 
 #define COPY_BUFLEN	16384
 
-int do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout);
-int do_cmd2(char *host, char *remuser, int port, char *cmd, int fdin, int fdout);
+int do_cmd(char *, char *, char *, int, int, char *, int *, int *, pid_t *);
+int do_cmd2(char *, char *, int, char *, int, int);
 
 /* Struct for addargs */
 arglist args;
@@ -143,6 +154,7 @@
 
 /* This is set to non-zero to enable verbose mode. */
 int verbose_mode = 0;
+LogLevel log_level = SYSLOG_LEVEL_INFO;
 
 /* This is set to zero if the progressmeter is not desired. */
 int showprogress = 1;
@@ -151,7 +163,7 @@
  * This is set to non-zero if remote-remote copy should be piped
  * through this process.
  */
-int throughlocal = 0;
+int throughlocal = 1;
 
 /* Non-standard port to use for the ssh connection or -1. */
 int sshport = -1;
@@ -161,6 +173,13 @@
 
 /* This is used to store the pid of ssh_program */
 pid_t do_cmd_pid = -1;
+pid_t do_cmd_pid2 = -1;
+
+/* Needed for sftp */
+volatile sig_atomic_t interrupted = 0;
+
+int remote_glob(struct sftp_conn *, const char *, int,
+    int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */
 
 static void
 killchild(int signo)
@@ -169,6 +188,10 @@
 		kill(do_cmd_pid, signo ? signo : SIGTERM);
 		waitpid(do_cmd_pid, NULL, 0);
 	}
+	if (do_cmd_pid2 > 1) {
+		kill(do_cmd_pid2, signo ? signo : SIGTERM);
+		waitpid(do_cmd_pid2, NULL, 0);
+	}
 
 	if (signo)
 		_exit(1);
@@ -176,19 +199,26 @@
 }
 
 static void
-suspchild(int signo)
+suspone(int pid, int signo)
 {
 	int status;
 
-	if (do_cmd_pid > 1) {
-		kill(do_cmd_pid, signo);
-		while (waitpid(do_cmd_pid, &status, WUNTRACED) == -1 &&
+	if (pid > 1) {
+		kill(pid, signo);
+		while (waitpid(pid, &status, WUNTRACED) == -1 &&
 		    errno == EINTR)
 			;
-		kill(getpid(), SIGSTOP);
 	}
 }
 
+static void
+suspchild(int signo)
+{
+	suspone(do_cmd_pid, signo);
+	suspone(do_cmd_pid2, signo);
+	kill(getpid(), SIGSTOP);
+}
+
 static int
 do_local_cmd(arglist *a)
 {
@@ -238,14 +268,15 @@
  */
 
 int
-do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
+do_cmd(char *program, char *host, char *remuser, int port, int subsystem,
+    char *cmd, int *fdin, int *fdout, pid_t *pid)
 {
 	int pin[2], pout[2], reserved[2];
 
 	if (verbose_mode)
 		fmprintf(stderr,
 		    "Executing: program %s host %s, user %s, command %s\n",
-		    ssh_program, host,
+		    program, host,
 		    remuser ? remuser : "(unspecified)", cmd);
 
 	if (port == -1)
@@ -273,8 +304,8 @@
 	ssh_signal(SIGTTOU, suspchild);
 
 	/* Fork a child to execute the command on the remote host using ssh. */
-	do_cmd_pid = fork();
-	if (do_cmd_pid == 0) {
+	*pid = fork();
+	if (*pid == 0) {
 		/* Child. */
 		close(pin[1]);
 		close(pout[0]);
@@ -283,7 +314,7 @@
 		close(pin[0]);
 		close(pout[1]);
 
-		replacearg(&args, 0, "%s", ssh_program);
+		replacearg(&args, 0, "%s", program);
 		if (port != -1) {
 			addargs(&args, "-p");
 			addargs(&args, "%d", port);
@@ -292,14 +323,16 @@
 			addargs(&args, "-l");
 			addargs(&args, "%s", remuser);
 		}
+		if (subsystem)
+			addargs(&args, "-s");
 		addargs(&args, "--");
 		addargs(&args, "%s", host);
 		addargs(&args, "%s", cmd);
 
-		execvp(ssh_program, args.list);
-		perror(ssh_program);
+		execvp(program, args.list);
+		perror(program);
 		exit(1);
-	} else if (do_cmd_pid == -1) {
+	} else if (*pid == -1) {
 		fatal("fork: %s", strerror(errno));
 	}
 	/* Parent.  Close the other side, and return the local side. */
@@ -319,10 +352,11 @@
  * This way the input and output of two commands can be connected.
  */
 int
-do_cmd2(char *host, char *remuser, int port, char *cmd, int fdin, int fdout)
+do_cmd2(char *host, char *remuser, int port, char *cmd,
+    int fdin, int fdout)
 {
-	pid_t pid;
 	int status;
+	pid_t pid;
 
 	if (verbose_mode)
 		fmprintf(stderr,
@@ -373,34 +407,49 @@
 BUF *allocbuf(BUF *, int, int);
 void lostconn(int);
 int okname(char *);
-void run_err(const char *,...);
-int note_err(const char *,...);
+void run_err(const char *,...)
+    __attribute__((__format__ (printf, 1, 2)))
+    __attribute__((__nonnull__ (1)));
+int note_err(const char *,...)
+    __attribute__((__format__ (printf, 1, 2)));
 void verifydir(char *);
 
 struct passwd *pwd;
 uid_t userid;
-int errs, remin, remout;
+int errs, remin, remout, remin2, remout2;
 int Tflag, pflag, iamremote, iamrecursive, targetshouldbedirectory;
 
 #define	CMDNEEDS	64
 char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */
 
+enum scp_mode_e {
+	MODE_SCP,
+	MODE_SFTP
+};
+
 int response(void);
 void rsource(char *, struct stat *);
 void sink(int, char *[], const char *);
 void source(int, char *[]);
-void tolocal(int, char *[]);
-void toremote(int, char *[]);
+void tolocal(int, char *[], enum scp_mode_e, char *sftp_direct);
+void toremote(int, char *[], enum scp_mode_e, char *sftp_direct);
 void usage(void);
 
+void source_sftp(int, char *, char *, struct sftp_conn *);
+void sink_sftp(int, char *, const char *, struct sftp_conn *);
+void throughlocal_sftp(struct sftp_conn *, struct sftp_conn *,
+    char *, char *);
+
 int
 main(int argc, char **argv)
 {
 	int ch, fflag, tflag, status, n;
-	char **newargv;
+	char **newargv, *argv0;
 	const char *errstr;
 	extern char *optarg;
 	extern int optind;
+	enum scp_mode_e mode = MODE_SCP;
+	char *sftp_direct = NULL;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
@@ -410,6 +459,7 @@
 	msetlocale();
 
 	/* Copy argv, because we modify it */
+	argv0 = argv[0];
 	newargv = xcalloc(MAXIMUM(argc + 1, 1), sizeof(*newargv));
 	for (n = 0; n < argc; n++)
 		newargv[n] = xstrdup(argv[n]);
@@ -417,12 +467,13 @@
 
 	__progname = ssh_get_progname(argv[0]);
 
+	log_init(argv0, log_level, SYSLOG_FACILITY_USER, 2);
+
 	memset(&args, '\0', sizeof(args));
 	memset(&remote_remote_args, '\0', sizeof(remote_remote_args));
 	args.list = remote_remote_args.list = NULL;
 	addargs(&args, "%s", ssh_program);
 	addargs(&args, "-x");
-	addargs(&args, "-oForwardAgent=no");
 	addargs(&args, "-oPermitLocalCommand=no");
 	addargs(&args, "-oClearAllForwardings=yes");
 	addargs(&args, "-oRemoteCommand=none");
@@ -430,7 +481,7 @@
 
 	fflag = Tflag = tflag = 0;
 	while ((ch = getopt(argc, argv,
-	    "dfl:prtTvBCc:i:P:q12346S:o:F:J:")) != -1) {
+	    "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:")) != -1) {
 		switch (ch) {
 		/* User-visible flags. */
 		case '1':
@@ -439,15 +490,22 @@
 		case '2':
 			/* Ignored */
 			break;
+		case 'A':
 		case '4':
 		case '6':
 		case 'C':
 			addargs(&args, "-%c", ch);
 			addargs(&remote_remote_args, "-%c", ch);
 			break;
+		case 'D':
+			sftp_direct = optarg;
+			break;
 		case '3':
 			throughlocal = 1;
 			break;
+		case 'R':
+			throughlocal = 0;
+			break;
 		case 'o':
 		case 'c':
 		case 'i':
@@ -458,6 +516,12 @@
 			addargs(&args, "-%c", ch);
 			addargs(&args, "%s", optarg);
 			break;
+		case 'O':
+			mode = MODE_SCP;
+			break;
+		case 's':
+			mode = MODE_SFTP;
+			break;
 		case 'P':
 			sshport = a2port(optarg);
 			if (sshport <= 0)
@@ -487,6 +551,10 @@
 		case 'v':
 			addargs(&args, "-v");
 			addargs(&remote_remote_args, "-v");
+			if (verbose_mode == 0)
+				log_level = SYSLOG_LEVEL_DEBUG1;
+			else if (log_level < SYSLOG_LEVEL_DEBUG3)
+				log_level++;
 			verbose_mode = 1;
 			break;
 		case 'q':
@@ -520,6 +588,14 @@
 	argc -= optind;
 	argv += optind;
 
+	log_init(argv0, log_level, SYSLOG_FACILITY_USER, 2);
+
+	/* Do this last because we want the user to be able to override it */
+	addargs(&args, "-oForwardAgent=no");
+
+	if (iamremote)
+		mode = MODE_SCP;
+
 	if ((pwd = getpwuid(userid = getuid())) == NULL)
 		fatal("unknown user %u", (u_int) userid);
 
@@ -566,17 +642,17 @@
 	(void) ssh_signal(SIGPIPE, lostconn);
 
 	if (colon(argv[argc - 1]))	/* Dest is remote host. */
-		toremote(argc, argv);
+		toremote(argc, argv, mode, sftp_direct);
 	else {
 		if (targetshouldbedirectory)
 			verifydir(argv[argc - 1]);
-		tolocal(argc, argv);	/* Dest is local host. */
+		tolocal(argc, argv, mode, sftp_direct);	/* Dest is local host. */
 	}
 	/*
 	 * Finally check the exit status of the ssh process, if one was forked
 	 * and no error has occurred yet
 	 */
-	if (do_cmd_pid != -1 && errs == 0) {
+	if (do_cmd_pid != -1 && (mode == MODE_SFTP || errs == 0)) {
 		if (remin != -1)
 		    (void) close(remin);
 		if (remout != -1)
@@ -624,7 +700,7 @@
 
 static int
 parse_scp_uri(const char *uri, char **userp, char **hostp, int *portp,
-     char **pathp)
+    char **pathp)
 {
 	int r;
 
@@ -842,7 +918,7 @@
 			goto fail;
 		}
 		if (invalid)
-			fatal("%s: invalid brace pattern \"%s\"", __func__, cp);
+			fatal_f("invalid brace pattern \"%s\"", cp);
 		if (expanded) {
 			/*
 			 * Current entry expanded to new entries on the
@@ -881,14 +957,34 @@
 	return ret;
 }
 
+static struct sftp_conn *
+do_sftp_connect(char *host, char *user, int port, char *sftp_direct,
+   int *reminp, int *remoutp, int *pidp)
+{
+	if (sftp_direct == NULL) {
+		if (do_cmd(ssh_program, host, user, port, 1, "sftp",
+		    reminp, remoutp, pidp) < 0)
+			return NULL;
+
+	} else {
+		args.list = NULL;
+		addargs(&args, "sftp-server");
+		if (do_cmd(sftp_direct, host, NULL, -1, 0, "sftp",
+		    reminp, remoutp, pidp) < 0)
+			return NULL;
+	}
+	return do_init(*reminp, *remoutp, 32768, 64, limit_kbps);
+}
+
 void
-toremote(int argc, char **argv)
+toremote(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct)
 {
 	char *suser = NULL, *host = NULL, *src = NULL;
 	char *bp, *tuser, *thost, *targ;
 	int sport = -1, tport = -1;
+	struct sftp_conn *conn = NULL, *conn2 = NULL;
 	arglist alist;
-	int i, r;
+	int i, r, status;
 	u_int j;
 
 	memset(&alist, '\0', sizeof(alist));
@@ -909,10 +1005,6 @@
 			goto out;
 		}
 	}
-	if (tuser != NULL && !okname(tuser)) {
-		++errs;
-		goto out;
-	}
 
 	/* Parse source files */
 	for (i = 0; i < argc - 1; i++) {
@@ -933,24 +1025,77 @@
 			continue;
 		}
 		if (host && throughlocal) {	/* extended remote to remote */
-			xasprintf(&bp, "%s -f %s%s", cmd,
-			    *src == '-' ? "-- " : "", src);
-			if (do_cmd(host, suser, sport, bp, &remin, &remout) < 0)
-				exit(1);
-			free(bp);
-			xasprintf(&bp, "%s -t %s%s", cmd,
-			    *targ == '-' ? "-- " : "", targ);
-			if (do_cmd2(thost, tuser, tport, bp, remin, remout) < 0)
-				exit(1);
-			free(bp);
-			(void) close(remin);
-			(void) close(remout);
-			remin = remout = -1;
+			if (mode == MODE_SFTP) {
+				if (remin == -1) {
+					/* Connect to dest now */
+					conn = do_sftp_connect(thost, tuser,
+					    tport, sftp_direct,
+					    &remin, &remout, &do_cmd_pid);
+					if (conn == NULL) {
+						fatal("Unable to open "
+						    "destination connection");
+					}
+					debug3_f("origin in %d out %d pid %ld",
+					    remin, remout, (long)do_cmd_pid);
+				}
+				/*
+				 * XXX remember suser/host/sport and only
+				 * reconnect if they change between arguments.
+				 * would save reconnections for cases like
+				 * scp -3 hosta:/foo hosta:/bar hostb:
+				 */
+				/* Connect to origin now */
+				conn2 = do_sftp_connect(host, suser,
+				    sport, sftp_direct,
+				    &remin2, &remout2, &do_cmd_pid2);
+				if (conn2 == NULL) {
+					fatal("Unable to open "
+					    "source connection");
+				}
+				debug3_f("destination in %d out %d pid %ld",
+				    remin2, remout2, (long)do_cmd_pid2);
+				throughlocal_sftp(conn2, conn, src, targ);
+				(void) close(remin2);
+				(void) close(remout2);
+				remin2 = remout2 = -1;
+				if (waitpid(do_cmd_pid2, &status, 0) == -1)
+					++errs;
+				else if (!WIFEXITED(status) ||
+				    WEXITSTATUS(status) != 0)
+					++errs;
+				do_cmd_pid2 = -1;
+				continue;
+			} else {
+				xasprintf(&bp, "%s -f %s%s", cmd,
+				    *src == '-' ? "-- " : "", src);
+				if (do_cmd(ssh_program, host, suser, sport, 0,
+				    bp, &remin, &remout, &do_cmd_pid) < 0)
+					exit(1);
+				free(bp);
+				xasprintf(&bp, "%s -t %s%s", cmd,
+				    *targ == '-' ? "-- " : "", targ);
+				if (do_cmd2(thost, tuser, tport, bp,
+				    remin, remout) < 0)
+					exit(1);
+				free(bp);
+				(void) close(remin);
+				(void) close(remout);
+				remin = remout = -1;
+			}
 		} else if (host) {	/* standard remote to remote */
+			/*
+			 * Second remote user is passed to first remote side
+			 * via scp command-line. Ensure it contains no obvious
+			 * shell characters.
+			 */
+			if (tuser != NULL && !okname(tuser)) {
+				++errs;
+				continue;
+			}
 			if (tport != -1 && tport != SSH_DEFAULT_PORT) {
 				/* This would require the remote support URIs */
 				fatal("target port not supported with two "
-				    "remote hosts without the -3 option");
+				    "remote hosts and the -R option");
 			}
 
 			freeargs(&alist);
@@ -981,11 +1126,28 @@
 			if (do_local_cmd(&alist) != 0)
 				errs = 1;
 		} else {	/* local to remote */
+			if (mode == MODE_SFTP) {
+				if (remin == -1) {
+					/* Connect to remote now */
+					conn = do_sftp_connect(thost, tuser,
+					    tport, sftp_direct,
+					    &remin, &remout, &do_cmd_pid);
+					if (conn == NULL) {
+						fatal("Unable to open sftp "
+						    "connection");
+					}
+				}
+
+				/* The protocol */
+				source_sftp(1, argv[i], targ, conn);
+				continue;
+			}
+			/* SCP */
 			if (remin == -1) {
 				xasprintf(&bp, "%s -t %s%s", cmd,
 				    *targ == '-' ? "-- " : "", targ);
-				if (do_cmd(thost, tuser, tport, bp, &remin,
-				    &remout) < 0)
+				if (do_cmd(ssh_program, thost, tuser, tport, 0,
+				    bp, &remin, &remout, &do_cmd_pid) < 0)
 					exit(1);
 				if (response() < 0)
 					exit(1);
@@ -995,6 +1157,8 @@
 		}
 	}
 out:
+	if (mode == MODE_SFTP)
+		free(conn);
 	free(tuser);
 	free(thost);
 	free(targ);
@@ -1004,10 +1168,11 @@
 }
 
 void
-tolocal(int argc, char **argv)
+tolocal(int argc, char **argv, enum scp_mode_e mode, char *sftp_direct)
 {
 	char *bp, *host = NULL, *src = NULL, *suser = NULL;
 	arglist alist;
+	struct sftp_conn *conn = NULL;
 	int i, r, sport = -1;
 
 	memset(&alist, '\0', sizeof(alist));
@@ -1044,9 +1209,29 @@
 			continue;
 		}
 		/* Remote to local. */
+		if (mode == MODE_SFTP) {
+			conn = do_sftp_connect(host, suser, sport,
+			    sftp_direct, &remin, &remout, &do_cmd_pid);
+			if (conn == NULL) {
+				error("sftp connection failed");
+				++errs;
+				continue;
+			}
+
+			/* The protocol */
+			sink_sftp(1, argv[argc - 1], src, conn);
+
+			free(conn);
+			(void) close(remin);
+			(void) close(remout);
+			remin = remout = -1;
+			continue;
+		}
+		/* SCP */
 		xasprintf(&bp, "%s -f %s%s",
 		    cmd, *src == '-' ? "-- " : "", src);
-		if (do_cmd(host, suser, sport, bp, &remin, &remout) < 0) {
+		if (do_cmd(ssh_program, host, suser, sport, 0, bp,
+		    &remin, &remout, &do_cmd_pid) < 0) {
 			free(bp);
 			++errs;
 			continue;
@@ -1061,6 +1246,69 @@
 	free(src);
 }
 
+/* Prepare remote path, handling ~ by assuming cwd is the homedir */
+static char *
+prepare_remote_path(struct sftp_conn *conn, const char *path)
+{
+	/* Handle ~ prefixed paths */
+	if (*path != '~')
+		return xstrdup(path);
+	if (*path == '\0' || strcmp(path, "~") == 0)
+		return xstrdup(".");
+	if (strncmp(path, "~/", 2) == 0)
+		return xstrdup(path + 2);
+	if (can_expand_path(conn))
+		return do_expand_path(conn, path);
+	/* No protocol extension */
+	error("server expand-path extension is required "
+	    "for ~user paths in SFTP mode");
+	return NULL;
+}
+
+void
+source_sftp(int argc, char *src, char *targ, struct sftp_conn *conn)
+{
+	char *target = NULL, *filename = NULL, *abs_dst = NULL;
+	int target_is_dir;
+
+	if ((filename = basename(src)) == NULL)
+		fatal("basename %s: %s", src, strerror(errno));
+
+	/*
+	 * No need to glob here - the local shell already took care of
+	 * the expansions
+	 */
+	if ((target = prepare_remote_path(conn, targ)) == NULL)
+		cleanup_exit(255);
+	target_is_dir = remote_is_dir(conn, target);
+	if (targetshouldbedirectory && !target_is_dir) {
+		fatal("Target is not a directory, but more files selected "
+		    "for upload");
+	}
+	if (target_is_dir)
+		abs_dst = path_append(target, filename);
+	else {
+		abs_dst = target;
+		target = NULL;
+	}
+	debug3_f("copying local %s to remote %s", src, abs_dst);
+
+	if (local_is_dir(src) && iamrecursive) {
+		if (upload_dir(conn, src, abs_dst, pflag,
+		    SFTP_PROGRESS_ONLY, 0, 0, 1) != 0) {
+			error("failed to upload directory %s to %s",
+				src, abs_dst);
+			errs = 1;
+		}
+	} else if (do_upload(conn, src, abs_dst, pflag, 0, 0) != 0) {
+		error("failed to upload file %s to %s", src, abs_dst);
+		errs = 1;
+	}
+
+	free(abs_dst);
+	free(target);
+}
+
 void
 source(int argc, char **argv)
 {
@@ -1222,6 +1470,81 @@
 	(void) response();
 }
 
+void
+sink_sftp(int argc, char *dst, const char *src, struct sftp_conn *conn)
+{
+	char *abs_src = NULL;
+	char *abs_dst = NULL;
+	glob_t g;
+	char *filename, *tmp = NULL;
+	int i, r, err = 0;
+
+	memset(&g, 0, sizeof(g));
+	/*
+	 * Here, we need remote glob as SFTP can not depend on remote shell
+	 * expansions
+	 */
+
+	if ((abs_src = prepare_remote_path(conn, src)) == NULL) {
+		err = -1;
+		goto out;
+	}
+
+	debug3_f("copying remote %s to local %s", abs_src, dst);
+	if ((r = remote_glob(conn, abs_src, GLOB_MARK, NULL, &g)) != 0) {
+		if (r == GLOB_NOSPACE)
+			error("%s: too many glob matches", abs_src);
+		else
+			error("%s: %s", abs_src, strerror(ENOENT));
+		err = -1;
+		goto out;
+	}
+
+	if (g.gl_matchc > 1 && !local_is_dir(dst)) {
+		error("Multiple files match pattern, but destination "
+		    "\"%s\" is not a directory", dst);
+		err = -1;
+		goto out;
+	}
+
+	for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
+		tmp = xstrdup(g.gl_pathv[i]);
+		if ((filename = basename(tmp)) == NULL) {
+			error("basename %s: %s", tmp, strerror(errno));
+			err = -1;
+			goto out;
+		}
+
+		if (local_is_dir(dst))
+			abs_dst = path_append(dst, filename);
+		else
+			abs_dst = xstrdup(dst);
+
+		debug("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
+		if (globpath_is_dir(g.gl_pathv[i]) && iamrecursive) {
+			if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL,
+			    pflag, SFTP_PROGRESS_ONLY, 0, 0, 1) == -1)
+				err = -1;
+		} else {
+			if (do_download(conn, g.gl_pathv[i], abs_dst, NULL,
+			    pflag, 0, 0) == -1)
+				err = -1;
+		}
+		free(abs_dst);
+		abs_dst = NULL;
+		free(tmp);
+		tmp = NULL;
+	}
+
+out:
+	free(abs_src);
+	free(tmp);
+	globfree(&g);
+	if (err == -1)
+		errs = 1;
+}
+
+
 #define TYPE_OVERFLOW(type, val) \
 	((sizeof(type) == 4 && (val) > INT32_MAX) || \
 	 (sizeof(type) == 8 && (val) > INT64_MAX) || \
@@ -1273,7 +1596,7 @@
 		 * the requested destination file glob.
 		 */
 		if (brace_expand(src, &patterns, &npatterns) != 0)
-			fatal("%s: could not expand pattern", __func__);
+			fatal_f("could not expand pattern");
 	}
 	for (first = 1;; first = 0) {
 		cp = buf;
@@ -1417,8 +1740,7 @@
 				if (pflag)
 					(void) chmod(np, mode);
 			} else {
-				/* Handle copying from a read-only
-				   directory */
+				/* Handle copying from a read-only directory */
 				mod_flag = 1;
 				if (mkdir(np, mode | S_IRWXU) == -1)
 					goto bad;
@@ -1520,7 +1842,7 @@
 				}
 		}
 		if (close(ofd) == -1)
-			note_err(np, "%s: close: %s", np, strerror(errno));
+			note_err("%s: close: %s", np, strerror(errno));
 		(void) response();
 		if (showprogress)
 			stop_progress_meter();
@@ -1548,6 +1870,79 @@
 	exit(1);
 }
 
+void
+throughlocal_sftp(struct sftp_conn *from, struct sftp_conn *to,
+    char *src, char *targ)
+{
+	char *target = NULL, *filename = NULL, *abs_dst = NULL;
+	char *abs_src = NULL, *tmp = NULL;
+	glob_t g;
+	int i, r, targetisdir, err = 0;
+
+	if ((filename = basename(src)) == NULL)
+		fatal("basename %s: %s", src, strerror(errno));
+
+	if ((abs_src = prepare_remote_path(from, src)) == NULL ||
+	    (target = prepare_remote_path(to, targ)) == NULL)
+		cleanup_exit(255);
+	memset(&g, 0, sizeof(g));
+
+	targetisdir = remote_is_dir(to, target);
+	if (!targetisdir && targetshouldbedirectory) {
+		error("%s: destination is not a directory", target);
+		err = -1;
+		goto out;
+	}
+
+	debug3_f("copying remote %s to remote %s", abs_src, target);
+	if ((r = remote_glob(from, abs_src, GLOB_MARK, NULL, &g)) != 0) {
+		if (r == GLOB_NOSPACE)
+			error("%s: too many glob matches", abs_src);
+		else
+			error("%s: %s", abs_src, strerror(ENOENT));
+		err = -1;
+		goto out;
+	}
+
+	for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
+		tmp = xstrdup(g.gl_pathv[i]);
+		if ((filename = basename(tmp)) == NULL) {
+			error("basename %s: %s", tmp, strerror(errno));
+			err = -1;
+			goto out;
+		}
+
+		if (targetisdir)
+			abs_dst = path_append(target, filename);
+		else
+			abs_dst = xstrdup(target);
+
+		debug("Fetching %s to %s\n", g.gl_pathv[i], abs_dst);
+		if (globpath_is_dir(g.gl_pathv[i]) && iamrecursive) {
+			if (crossload_dir(from, to, g.gl_pathv[i], abs_dst,
+			    NULL, pflag, SFTP_PROGRESS_ONLY, 1) == -1)
+				err = -1;
+		} else {
+			if (do_crossload(from, to, g.gl_pathv[i], abs_dst, NULL,
+			    pflag) == -1)
+				err = -1;
+		}
+		free(abs_dst);
+		abs_dst = NULL;
+		free(tmp);
+		tmp = NULL;
+	}
+
+out:
+	free(abs_src);
+	free(abs_dst);
+	free(target);
+	free(tmp);
+	globfree(&g);
+	if (err == -1)
+		errs = 1;
+}
+
 int
 response(void)
 {
@@ -1590,9 +1985,9 @@
 usage(void)
 {
 	(void) fprintf(stderr,
-	    "usage: scp [-346BCpqrTv] [-c cipher] [-F ssh_config] [-i identity_file]\n"
-	    "            [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
-	    "            [-S program] source ... target\n");
+	    "usage: scp [-346ABCOpqRrsTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]\n"
+	    "           [-i identity_file] [-J destination] [-l limit]\n"
+	    "           [-o ssh_option] [-P port] [-S program] source ... target\n");
 	exit(1);
 }
 
@@ -1731,3 +2126,21 @@
 	else
 		exit(1);
 }
+
+void
+cleanup_exit(int i)
+{
+	if (remin > 0)
+		close(remin);
+	if (remout > 0)
+		close(remout);
+	if (remin2 > 0)
+		close(remin2);
+	if (remout2 > 0)
+		close(remout2);
+	if (do_cmd_pid > 0)
+		waitpid(do_cmd_pid, NULL, 0);
+	if (do_cmd_pid2 > 0)
+		waitpid(do_cmd_pid2, NULL, 0);
+	exit(i);
+}

servconf.c

diff --git a/servconf.c b/servconf.c
index f185031..e9351b8 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.363 2020/04/17 03:30:05 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.382 2021/09/06 00:36:01 millert Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -15,6 +15,7 @@
 
 #include <sys/types.h>
 #include <sys/socket.h>
+#include <sys/stat.h>
 #ifdef __OpenBSD__
 #include <sys/sysctl.h>
 #endif
@@ -78,8 +79,8 @@
     const char *, int);
 static void add_one_listen_addr(ServerOptions *, const char *,
     const char *, int);
-void parse_server_config_depth(ServerOptions *options, const char *filename,
-    struct sshbuf *conf, struct include_list *includes,
+static void parse_server_config_depth(ServerOptions *options,
+    const char *filename, struct sshbuf *conf, struct include_list *includes,
     struct connection_info *connectinfo, int flags, int *activep, int depth);
 
 /* Use of privilege separation or not */
@@ -125,13 +126,15 @@
 	options->tcp_keep_alive = -1;
 	options->log_facility = SYSLOG_FACILITY_NOT_SET;
 	options->log_level = SYSLOG_LEVEL_NOT_SET;
+	options->num_log_verbose = 0;
+	options->log_verbose = NULL;
 	options->hostbased_authentication = -1;
 	options->hostbased_uses_name_from_packet_only = -1;
-	options->hostbased_key_types = NULL;
+	options->hostbased_accepted_algos = NULL;
 	options->hostkeyalgorithms = NULL;
 	options->pubkey_authentication = -1;
 	options->pubkey_auth_options = -1;
-	options->pubkey_key_types = NULL;
+	options->pubkey_accepted_algos = NULL;
 	options->kerberos_authentication = -1;
 	options->kerberos_or_local_passwd = -1;
 	options->kerberos_ticket_cleanup = -1;
@@ -141,10 +144,9 @@
 	options->gss_strict_acceptor = -1;
 	options->password_authentication = -1;
 	options->kbd_interactive_authentication = -1;
-	options->challenge_response_authentication = -1;
 	options->permit_empty_passwd = -1;
 	options->permit_user_env = -1;
-	options->permit_user_env_whitelist = NULL;
+	options->permit_user_env_allowlist = NULL;
 	options->compression = -1;
 	options->rekey_limit = -1;
 	options->rekey_interval = -1;
@@ -166,6 +168,9 @@
 	options->max_startups_begin = -1;
 	options->max_startups_rate = -1;
 	options->max_startups = -1;
+	options->per_source_max_startups = -1;
+	options->per_source_masklen_ipv4 = -1;
+	options->per_source_masklen_ipv6 = -1;
 	options->max_authtries = -1;
 	options->max_sessions = -1;
 	options->banner = NULL;
@@ -216,22 +221,22 @@
 	all_key = sshkey_alg_list(0, 0, 1, ',');
 	all_sig = sshkey_alg_list(0, 1, 1, ',');
 	/* remove unsupported algos from default lists */
-	def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher);
-	def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac);
-	def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex);
-	def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key);
-	def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig);
+	def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher);
+	def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac);
+	def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex);
+	def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key);
+	def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig);
 #define ASSEMBLE(what, defaults, all) \
 	do { \
 		if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \
-			fatal("%s: %s: %s", __func__, #what, ssh_err(r)); \
+			fatal_fr(r, "%s", #what); \
 	} while (0)
 	ASSEMBLE(ciphers, def_cipher, all_cipher);
 	ASSEMBLE(macs, def_mac, all_mac);
 	ASSEMBLE(kex_algorithms, def_kex, all_kex);
 	ASSEMBLE(hostkeyalgorithms, def_key, all_key);
-	ASSEMBLE(hostbased_key_types, def_key, all_key);
-	ASSEMBLE(pubkey_key_types, def_key, all_key);
+	ASSEMBLE(hostbased_accepted_algos, def_key, all_key);
+	ASSEMBLE(pubkey_accepted_algos, def_key, all_key);
 	ASSEMBLE(ca_sign_algorithms, def_sig, all_sig);
 #undef ASSEMBLE
 	free(all_cipher);
@@ -246,39 +251,13 @@
 	free(def_sig);
 }
 
-static void
-array_append2(const char *file, const int line, const char *directive,
-    char ***array, int **iarray, u_int *lp, const char *s, int i)
-{
-
-	if (*lp >= INT_MAX)
-		fatal("%s line %d: Too many %s entries", file, line, directive);
-
-	if (iarray != NULL) {
-		*iarray = xrecallocarray(*iarray, *lp, *lp + 1,
-		    sizeof(**iarray));
-		(*iarray)[*lp] = i;
-	}
-
-	*array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
-	(*array)[*lp] = xstrdup(s);
-	(*lp)++;
-}
-
-static void
-array_append(const char *file, const int line, const char *directive,
-    char ***array, u_int *lp, const char *s)
-{
-	array_append2(file, line, directive, array, NULL, lp, s, 0);
-}
-
 void
 servconf_add_hostkey(const char *file, const int line,
     ServerOptions *options, const char *path, int userprovided)
 {
 	char *apath = derelativise_path(path);
 
-	array_append2(file, line, "HostKey",
+	opt_array_append2(file, line, "HostKey",
 	    &options->host_key_files, &options->host_key_file_userprovided,
 	    &options->num_host_key_files, apath, userprovided);
 	free(apath);
@@ -290,7 +269,7 @@
 {
 	char *apath = derelativise_path(path);
 
-	array_append(file, line, "HostCertificate",
+	opt_array_append(file, line, "HostCertificate",
 	    &options->host_cert_files, &options->num_host_cert_files, apath);
 	free(apath);
 }
@@ -329,6 +308,8 @@
 		add_listen_addr(options, NULL, NULL, 0);
 	if (options->pid_file == NULL)
 		options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
+	if (options->moduli_file == NULL)
+		options->moduli_file = xstrdup(_PATH_DH_MODULI);
 	if (options->login_grace_time == -1)
 		options->login_grace_time = 120;
 	if (options->permit_root_login == PERMIT_NOT_SET)
@@ -386,14 +367,12 @@
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
 	if (options->kbd_interactive_authentication == -1)
-		options->kbd_interactive_authentication = 0;
-	if (options->challenge_response_authentication == -1)
-		options->challenge_response_authentication = 1;
+		options->kbd_interactive_authentication = 1;
 	if (options->permit_empty_passwd == -1)
 		options->permit_empty_passwd = 0;
 	if (options->permit_user_env == -1) {
 		options->permit_user_env = 0;
-		options->permit_user_env_whitelist = NULL;
+		options->permit_user_env_allowlist = NULL;
 	}
 	if (options->compression == -1)
 #ifdef WITH_ZLIB
@@ -420,6 +399,12 @@
 		options->max_startups_rate = 30;		/* 30% */
 	if (options->max_startups_begin == -1)
 		options->max_startups_begin = 10;
+	if (options->per_source_max_startups == -1)
+		options->per_source_max_startups = INT_MAX;
+	if (options->per_source_masklen_ipv4 == -1)
+		options->per_source_masklen_ipv4 = 32;
+	if (options->per_source_masklen_ipv6 == -1)
+		options->per_source_masklen_ipv6 = 128;
 	if (options->max_authtries == -1)
 		options->max_authtries = DEFAULT_AUTH_FAIL_MAX;
 	if (options->max_sessions == -1)
@@ -431,11 +416,11 @@
 	if (options->client_alive_count_max == -1)
 		options->client_alive_count_max = 3;
 	if (options->num_authkeys_files == 0) {
-		array_append("[default]", 0, "AuthorizedKeysFiles",
+		opt_array_append("[default]", 0, "AuthorizedKeysFiles",
 		    &options->authorized_keys_files,
 		    &options->num_authkeys_files,
 		    _PATH_SSH_USER_PERMITTED_KEYS);
-		array_append("[default]", 0, "AuthorizedKeysFiles",
+		opt_array_append("[default]", 0, "AuthorizedKeysFiles",
 		    &options->authorized_keys_files,
 		    &options->num_authkeys_files,
 		    _PATH_SSH_USER_PERMITTED_KEYS2);
@@ -498,15 +483,6 @@
 		options->auth_methods[0] = NULL;
 		options->num_auth_methods = 0;
 	}
-
-#ifndef HAVE_MMAP
-	if (use_privsep && options->compression == 1) {
-		error("This platform does not support both privilege "
-		    "separation and compression");
-		error("Compression disabled");
-		options->compression = 0;
-	}
-#endif
 }
 
 /* Keyword tokens. */
@@ -516,23 +492,21 @@
 	sUsePAM,
 	/* Standard Options */
 	sPort, sHostKeyFile, sLoginGraceTime,
-	sPermitRootLogin, sLogFacility, sLogLevel,
-	sRhostsRSAAuthentication, sRSAAuthentication,
+	sPermitRootLogin, sLogFacility, sLogLevel, sLogVerbose,
 	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-	sKerberosGetAFSToken, sChallengeResponseAuthentication,
-	sPasswordAuthentication, sKbdInteractiveAuthentication,
-	sListenAddress, sAddressFamily,
+	sKerberosGetAFSToken, sPasswordAuthentication,
+	sKbdInteractiveAuthentication, sListenAddress, sAddressFamily,
 	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
 	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
 	sPermitTTY, sStrictModes, sEmptyPasswd, sTCPKeepAlive,
 	sPermitUserEnvironment, sAllowTcpForwarding, sCompression,
 	sRekeyLimit, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
-	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile,
-	sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedKeyTypes,
+	sIgnoreUserKnownHosts, sCiphers, sMacs, sPidFile, sModuliFile,
+	sGatewayPorts, sPubkeyAuthentication, sPubkeyAcceptedAlgorithms,
 	sXAuthLocation, sSubsystem, sMaxStartups, sMaxAuthTries, sMaxSessions,
 	sBanner, sUseDNS, sHostbasedAuthentication,
-	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
-	sHostKeyAlgorithms,
+	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedAlgorithms,
+	sHostKeyAlgorithms, sPerSourceMaxStartups, sPerSourceNetBlockSize,
 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
 	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
 	sAcceptEnv, sSetEnv, sPermitTunnel,
@@ -554,6 +528,7 @@
 #define SSHCFG_MATCH		0x02	/* allowed inside a Match section */
 #define SSHCFG_ALL		(SSHCFG_GLOBAL|SSHCFG_MATCH)
 #define SSHCFG_NEVERMATCH	0x04  /* Match never matches; internal only */
+#define SSHCFG_MATCH_ONLY	0x08  /* Match only in conditional blocks; internal only */
 
 /* Textual representation of the tokens. */
 static struct {
@@ -574,21 +549,25 @@
 	{ "hostdsakey", sHostKeyFile, SSHCFG_GLOBAL },		/* alias */
 	{ "hostkeyagent", sHostKeyAgent, SSHCFG_GLOBAL },
 	{ "pidfile", sPidFile, SSHCFG_GLOBAL },
+	{ "modulifile", sModuliFile, SSHCFG_GLOBAL },
 	{ "serverkeybits", sDeprecated, SSHCFG_GLOBAL },
 	{ "logingracetime", sLoginGraceTime, SSHCFG_GLOBAL },
 	{ "keyregenerationinterval", sDeprecated, SSHCFG_GLOBAL },
 	{ "permitrootlogin", sPermitRootLogin, SSHCFG_ALL },
 	{ "syslogfacility", sLogFacility, SSHCFG_GLOBAL },
 	{ "loglevel", sLogLevel, SSHCFG_ALL },
+	{ "logverbose", sLogVerbose, SSHCFG_ALL },
 	{ "rhostsauthentication", sDeprecated, SSHCFG_GLOBAL },
 	{ "rhostsrsaauthentication", sDeprecated, SSHCFG_ALL },
 	{ "hostbasedauthentication", sHostbasedAuthentication, SSHCFG_ALL },
 	{ "hostbasedusesnamefrompacketonly", sHostbasedUsesNameFromPacketOnly, SSHCFG_ALL },
-	{ "hostbasedacceptedkeytypes", sHostbasedAcceptedKeyTypes, SSHCFG_ALL },
+	{ "hostbasedacceptedalgorithms", sHostbasedAcceptedAlgorithms, SSHCFG_ALL },
+	{ "hostbasedacceptedkeytypes", sHostbasedAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */
 	{ "hostkeyalgorithms", sHostKeyAlgorithms, SSHCFG_GLOBAL },
 	{ "rsaauthentication", sDeprecated, SSHCFG_ALL },
 	{ "pubkeyauthentication", sPubkeyAuthentication, SSHCFG_ALL },
-	{ "pubkeyacceptedkeytypes", sPubkeyAcceptedKeyTypes, SSHCFG_ALL },
+	{ "pubkeyacceptedalgorithms", sPubkeyAcceptedAlgorithms, SSHCFG_ALL },
+	{ "pubkeyacceptedkeytypes", sPubkeyAcceptedAlgorithms, SSHCFG_ALL }, /* obsolete */
 	{ "pubkeyauthoptions", sPubkeyAuthOptions, SSHCFG_ALL },
 	{ "dsaauthentication", sPubkeyAuthentication, SSHCFG_GLOBAL }, /* alias */
 #ifdef KRB5
@@ -619,8 +598,8 @@
 #endif
 	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
 	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
-	{ "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL },
-	{ "skeyauthentication", sDeprecated, SSHCFG_GLOBAL },
+	{ "challengeresponseauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */
+	{ "skeyauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, /* alias */
 	{ "checkmail", sDeprecated, SSHCFG_GLOBAL },
 	{ "listenaddress", sListenAddress, SSHCFG_GLOBAL },
 	{ "addressfamily", sAddressFamily, SSHCFG_GLOBAL },
@@ -656,6 +635,8 @@
 	{ "gatewayports", sGatewayPorts, SSHCFG_ALL },
 	{ "subsystem", sSubsystem, SSHCFG_GLOBAL },
 	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
+	{ "persourcemaxstartups", sPerSourceMaxStartups, SSHCFG_GLOBAL },
+	{ "persourcenetblocksize", sPerSourceNetBlockSize, SSHCFG_GLOBAL },
 	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
 	{ "maxsessions", sMaxSessions, SSHCFG_ALL },
 	{ "banner", sBanner, SSHCFG_ALL },
@@ -759,7 +740,7 @@
 	if (path_absolute(expanded))
 		return expanded;
 	if (getcwd(cwd, sizeof(cwd)) == NULL)
-		fatal("%s: getcwd: %s", __func__, strerror(errno));
+		fatal_f("getcwd: %s", strerror(errno));
 	xasprintf(&ret, "%s/%s", cwd, expanded);
 	free(expanded);
 	return ret;
@@ -802,7 +783,7 @@
 	if (i >= options->num_listen_addrs) {
 		/* No entry for this rdomain; allocate one */
 		if (i >= INT_MAX)
-			fatal("%s: too many listen addresses", __func__);
+			fatal_f("too many listen addresses");
 		options->listen_addrs = xrecallocarray(options->listen_addrs,
 		    options->num_listen_addrs, options->num_listen_addrs + 1,
 		    sizeof(*options->listen_addrs));
@@ -939,10 +920,10 @@
 		ch = '\0';
 		host = hpdelim2(&arg, &ch);
 		if (host == NULL || ch == '/')
-			fatal("%s: missing host in %s", __func__, what);
+			fatal_f("missing host in %s", what);
 		host = cleanhostname(host);
 		if (arg == NULL || ((port = permitopen_port(arg)) < 0))
-			fatal("%s: bad port number in %s", __func__, what);
+			fatal_f("bad port number in %s", what);
 		/* Send it to channels layer */
 		channel_add_permission(ssh, FORWARD_ADM,
 		    where, host, port);
@@ -1067,18 +1048,29 @@
 		    ci->laddress ? ci->laddress : "(null)", ci->lport);
 
 	while ((attrib = strdelim(&cp)) && *attrib != '\0') {
+		/* Terminate on comment */
+		if (*attrib == '#') {
+			cp = NULL; /* mark all arguments consumed */
+			break;
+		}
+		arg = NULL;
 		attributes++;
+		/* Criterion "all" has no argument and must appear alone */
 		if (strcasecmp(attrib, "all") == 0) {
-			if (attributes != 1 ||
-			    ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
+			if (attributes > 1 || ((arg = strdelim(&cp)) != NULL &&
+			    *arg != '\0' && *arg != '#')) {
 				error("'all' cannot be combined with other "
 				    "Match attributes");
 				return -1;
 			}
+			if (arg != NULL && *arg == '#')
+				cp = NULL; /* mark all arguments consumed */
 			*condition = cp;
 			return 1;
 		}
-		if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
+		/* All other criteria require an argument */
+		if ((arg = strdelim(&cp)) == NULL ||
+		    *arg == '\0' || *arg == '#') {
 			error("Missing Match criteria for %s", attrib);
 			return -1;
 		}
@@ -1121,6 +1113,9 @@
 				    "%.100s' at line %d", ci->host, arg, line);
 		} else if (strcasecmp(attrib, "address") == 0) {
 			if (ci == NULL || (ci->test && ci->address == NULL)) {
+				if (addr_match_list(NULL, arg) != 0)
+					fatal("Invalid Match address argument "
+					    "'%s' at line %d", arg, line);
 				result = 0;
 				continue;
 			}
@@ -1140,6 +1135,10 @@
 			}
 		} else if (strcasecmp(attrib, "localaddress") == 0){
 			if (ci == NULL || (ci->test && ci->laddress == NULL)) {
+				if (addr_match_list(NULL, arg) != 0)
+					fatal("Invalid Match localaddress "
+					    "argument '%s' at line %d", arg,
+					    line);
 				result = 0;
 				continue;
 			}
@@ -1263,10 +1262,10 @@
 static int
 process_server_config_line_depth(ServerOptions *options, char *line,
     const char *filename, int linenum, int *activep,
-    struct connection_info *connectinfo, int inc_flags, int depth,
+    struct connection_info *connectinfo, int *inc_flags, int depth,
     struct include_list *includes)
 {
-	char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p;
+	char ch, *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
 	int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
 	SyslogFacility *log_facility_ptr;
 	LogLevel *log_level_ptr;
@@ -1278,6 +1277,9 @@
 	const char *errstr;
 	struct include_item *item;
 	glob_t gbuf;
+	char **oav = NULL, **av;
+	int oac = 0, ac;
+	int ret = -1;
 
 	/* Strip trailing whitespace. Allow \f (form feed) at EOL only */
 	if ((len = strlen(line)) == 0)
@@ -1288,32 +1290,43 @@
 		line[len] = '\0';
 	}
 
-	cp = line;
-	if ((arg = strdelim(&cp)) == NULL)
+	str = line;
+	if ((keyword = strdelim(&str)) == NULL)
 		return 0;
 	/* Ignore leading whitespace */
-	if (*arg == '\0')
-		arg = strdelim(&cp);
-	if (!arg || !*arg || *arg == '#')
+	if (*keyword == '\0')
+		keyword = strdelim(&str);
+	if (!keyword || !*keyword || *keyword == '#')
 		return 0;
+	if (str == NULL || *str == '\0') {
+		error("%s line %d: no argument after keyword \"%s\"",
+		    filename, linenum, keyword);
+		return -1;
+	}
 	intptr = NULL;
 	charptr = NULL;
-	opcode = parse_token(arg, filename, linenum, &flags);
+	opcode = parse_token(keyword, filename, linenum, &flags);
+
+	if (argv_split(str, &oac, &oav, 1) != 0) {
+		error("%s line %d: invalid quotes", filename, linenum);
+		return -1;
+	}
+	ac = oac;
+	av = oav;
 
 	if (activep == NULL) { /* We are processing a command line directive */
 		cmdline = 1;
 		activep = &cmdline;
 	}
 	if (*activep && opcode != sMatch && opcode != sInclude)
-		debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
+		debug3("%s:%d setting %s %s", filename, linenum, keyword, str);
 	if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
 		if (connectinfo == NULL) {
 			fatal("%s line %d: Directive '%s' is not allowed "
-			    "within a Match block", filename, linenum, arg);
+			    "within a Match block", filename, linenum, keyword);
 		} else { /* this is a directive we have already processed */
-			while (arg)
-				arg = strdelim(&cp);
-			return 0;
+			ret = 0;
+			goto out;
 		}
 	}
 
@@ -1325,15 +1338,17 @@
 
 	/* Standard Options */
 	case sBadOption:
-		return -1;
+		goto out;
 	case sPort:
 		/* ignore ports from configfile if cmdline specifies ports */
-		if (options->ports_from_cmdline)
-			return 0;
+		if (options->ports_from_cmdline) {
+			argv_consume(&ac);
+			break;
+		}
 		if (options->num_ports >= MAX_PORTS)
 			fatal("%s line %d: too many ports.",
 			    filename, linenum);
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: missing port number.",
 			    filename, linenum);
@@ -1346,7 +1361,7 @@
 	case sLoginGraceTime:
 		intptr = &options->login_grace_time;
  parse_time:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: missing time value.",
 			    filename, linenum);
@@ -1358,7 +1373,7 @@
 		break;
 
 	case sListenAddress:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (arg == NULL || *arg == '\0')
 			fatal("%s line %d: missing address",
 			    filename, linenum);
@@ -1383,16 +1398,15 @@
 		}
 		/* Optional routing table */
 		arg2 = NULL;
-		if ((arg = strdelim(&cp)) != NULL) {
+		if ((arg = argv_next(&ac, &av)) != NULL) {
 			if (strcmp(arg, "rdomain") != 0 ||
-			    (arg2 = strdelim(&cp)) == NULL)
+			    (arg2 = argv_next(&ac, &av)) == NULL)
 				fatal("%s line %d: bad ListenAddress syntax",
 				    filename, linenum);
 			if (!valid_rdomain(arg2))
 				fatal("%s line %d: bad routing domain",
 				    filename, linenum);
 		}
-
 		queue_listen_addr(options, p, arg2, port);
 
 		break;
@@ -1401,7 +1415,7 @@
 		intptr = &options->address_family;
 		multistate_ptr = multistate_addressfamily;
  parse_multistate:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: missing argument.",
 			    filename, linenum);
@@ -1420,7 +1434,7 @@
 		break;
 
 	case sHostKeyFile:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: missing file name.",
 			    filename, linenum);
@@ -1432,7 +1446,7 @@
 
 	case sHostKeyAgent:
 		charptr = &options->host_key_agent;
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: missing socket name.",
 			    filename, linenum);
@@ -1442,7 +1456,7 @@
 		break;
 
 	case sHostCertificate:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: missing file name.",
 			    filename, linenum);
@@ -1453,7 +1467,7 @@
 	case sPidFile:
 		charptr = &options->pid_file;
  parse_filename:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: missing file name.",
 			    filename, linenum);
@@ -1465,6 +1479,10 @@
 		}
 		break;
 
+	case sModuliFile:
+		charptr = &options->moduli_file;
+		goto parse_filename;
+
 	case sPermitRootLogin:
 		intptr = &options->permit_root_login;
 		multistate_ptr = multistate_permitrootlogin;
@@ -1489,10 +1507,10 @@
 		intptr = &options->hostbased_uses_name_from_packet_only;
 		goto parse_flag;
 
-	case sHostbasedAcceptedKeyTypes:
-		charptr = &options->hostbased_key_types;
- parse_keytypes:
-		arg = strdelim(&cp);
+	case sHostbasedAcceptedAlgorithms:
+		charptr = &options->hostbased_accepted_algos;
+ parse_pubkey_algos:
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: Missing argument.",
 			    filename, linenum);
@@ -1507,32 +1525,34 @@
 
 	case sHostKeyAlgorithms:
 		charptr = &options->hostkeyalgorithms;
-		goto parse_keytypes;
+		goto parse_pubkey_algos;
 
 	case sCASignatureAlgorithms:
 		charptr = &options->ca_sign_algorithms;
-		goto parse_keytypes;
+		goto parse_pubkey_algos;
 
 	case sPubkeyAuthentication:
 		intptr = &options->pubkey_authentication;
 		goto parse_flag;
 
-	case sPubkeyAcceptedKeyTypes:
-		charptr = &options->pubkey_key_types;
-		goto parse_keytypes;
+	case sPubkeyAcceptedAlgorithms:
+		charptr = &options->pubkey_accepted_algos;
+		goto parse_pubkey_algos;
 
 	case sPubkeyAuthOptions:
 		intptr = &options->pubkey_auth_options;
 		value = 0;
-		while ((arg = strdelim(&cp)) && *arg != '\0') {
+		while ((arg = argv_next(&ac, &av)) != NULL) {
 			if (strcasecmp(arg, "none") == 0)
 				continue;
 			if (strcasecmp(arg, "touch-required") == 0)
 				value |= PUBKEYAUTH_TOUCH_REQUIRED;
+			else if (strcasecmp(arg, "verify-required") == 0)
+				value |= PUBKEYAUTH_VERIFY_REQUIRED;
 			else {
-				fatal("%s line %d: unsupported "
-				    "PubkeyAuthOptions option %s",
-				    filename, linenum, arg);
+				error("%s line %d: unsupported %s option %s",
+				    filename, linenum, keyword, arg);
+				goto out;
 			}
 		}
 		if (*activep && *intptr == -1)
@@ -1575,10 +1595,6 @@
 		intptr = &options->kbd_interactive_authentication;
 		goto parse_flag;
 
-	case sChallengeResponseAuthentication:
-		intptr = &options->challenge_response_authentication;
-		goto parse_flag;
-
 	case sPrintMotd:
 		intptr = &options->print_motd;
 		goto parse_flag;
@@ -1594,10 +1610,10 @@
 	case sX11DisplayOffset:
 		intptr = &options->x11_display_offset;
  parse_int:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if ((errstr = atoi_err(arg, &value)) != NULL)
-			fatal("%s line %d: integer value %s.",
-			    filename, linenum, errstr);
+			fatal("%s line %d: %s integer value %s.",
+			    filename, linenum, keyword, errstr);
 		if (*activep && *intptr == -1)
 			*intptr = value;
 		break;
@@ -1632,11 +1648,11 @@
 
 	case sPermitUserEnvironment:
 		intptr = &options->permit_user_env;
-		charptr = &options->permit_user_env_whitelist;
-		arg = strdelim(&cp);
+		charptr = &options->permit_user_env_allowlist;
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing argument.",
-			    filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		value = 0;
 		p = NULL;
 		if (strcmp(arg, "yes") == 0)
@@ -1662,25 +1678,26 @@
 		goto parse_multistate;
 
 	case sRekeyLimit:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.", filename,
-			    linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if (strcmp(arg, "default") == 0) {
 			val64 = 0;
 		} else {
 			if (scan_scaled(arg, &val64) == -1)
-				fatal("%.200s line %d: Bad number '%s': %s",
-				    filename, linenum, arg, strerror(errno));
+				fatal("%.200s line %d: Bad %s number '%s': %s",
+				    filename, linenum, keyword,
+				    arg, strerror(errno));
 			if (val64 != 0 && val64 < 16)
-				fatal("%.200s line %d: RekeyLimit too small",
-				    filename, linenum);
+				fatal("%.200s line %d: %s too small",
+				    filename, linenum, keyword);
 		}
 		if (*activep && options->rekey_limit == -1)
 			options->rekey_limit = val64;
-		if (cp != NULL) { /* optional rekey interval present */
-			if (strcmp(cp, "none") == 0) {
-				(void)strdelim(&cp);	/* discard */
+		if (ac != 0) { /* optional rekey interval present */
+			if (strcmp(av[0], "none") == 0) {
+				(void)argv_next(&ac, &av);	/* discard */
 				break;
 			}
 			intptr = &options->rekey_interval;
@@ -1699,7 +1716,7 @@
 
 	case sLogFacility:
 		log_facility_ptr = &options->log_facility;
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		value = log_facility_number(arg);
 		if (value == SYSLOG_FACILITY_NOT_SET)
 			fatal("%.200s line %d: unsupported log facility '%s'",
@@ -1710,7 +1727,7 @@
 
 	case sLogLevel:
 		log_level_ptr = &options->log_level;
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		value = log_level_number(arg);
 		if (value == SYSLOG_LEVEL_NOT_SET)
 			fatal("%.200s line %d: unsupported log level '%s'",
@@ -1719,6 +1736,33 @@
 			*log_level_ptr = (LogLevel) value;
 		break;
 
+	case sLogVerbose:
+		found = options->num_log_verbose == 0;
+		i = 0;
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0') {
+				error("%s line %d: keyword %s empty argument",
+				    filename, linenum, keyword);
+				goto out;
+			}
+			/* Allow "none" only in first position */
+			if (strcasecmp(arg, "none") == 0) {
+				if (i > 0 || ac > 0) {
+					error("%s line %d: keyword %s \"none\" "
+					    "argument must appear alone.",
+					    filename, linenum, keyword);
+					goto out;
+				}
+			}
+			i++;
+			if (!found || !*activep)
+				continue;
+			opt_array_append(filename, linenum, keyword,
+			    &options->log_verbose, &options->num_log_verbose,
+			    arg);
+		}
+		break;
+
 	case sAllowTcpForwarding:
 		intptr = &options->allow_tcp_forwarding;
 		multistate_ptr = multistate_tcpfwd;
@@ -1738,55 +1782,51 @@
 		goto parse_flag;
 
 	case sAllowUsers:
-		while ((arg = strdelim(&cp)) && *arg != '\0') {
-			if (match_user(NULL, NULL, NULL, arg) == -1)
-				fatal("%s line %d: invalid AllowUsers pattern: "
-				    "\"%.100s\"", filename, linenum, arg);
+		chararrayptr = &options->allow_users;
+		uintptr = &options->num_allow_users;
+ parse_allowdenyusers:
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0' ||
+			    match_user(NULL, NULL, NULL, arg) == -1)
+				fatal("%s line %d: invalid %s pattern: \"%s\"",
+				    filename, linenum, keyword, arg);
 			if (!*activep)
 				continue;
-			array_append(filename, linenum, "AllowUsers",
-			    &options->allow_users, &options->num_allow_users,
-			    arg);
+			opt_array_append(filename, linenum, keyword,
+			    chararrayptr, uintptr, arg);
 		}
 		break;
 
 	case sDenyUsers:
-		while ((arg = strdelim(&cp)) && *arg != '\0') {
-			if (match_user(NULL, NULL, NULL, arg) == -1)
-				fatal("%s line %d: invalid DenyUsers pattern: "
-				    "\"%.100s\"", filename, linenum, arg);
-			if (!*activep)
-				continue;
-			array_append(filename, linenum, "DenyUsers",
-			    &options->deny_users, &options->num_deny_users,
-			    arg);
-		}
-		break;
+		chararrayptr = &options->deny_users;
+		uintptr = &options->num_deny_users;
+		goto parse_allowdenyusers;
 
 	case sAllowGroups:
-		while ((arg = strdelim(&cp)) && *arg != '\0') {
+		chararrayptr = &options->allow_groups;
+		uintptr = &options->num_allow_groups;
+ parse_allowdenygroups:
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0')
+				fatal("%s line %d: empty %s pattern",
+				    filename, linenum, keyword);
 			if (!*activep)
 				continue;
-			array_append(filename, linenum, "AllowGroups",
-			    &options->allow_groups, &options->num_allow_groups,
-			    arg);
+			opt_array_append(filename, linenum, keyword,
+			    chararrayptr, uintptr, arg);
 		}
 		break;
 
 	case sDenyGroups:
-		while ((arg = strdelim(&cp)) && *arg != '\0') {
-			if (!*activep)
-				continue;
-			array_append(filename, linenum, "DenyGroups",
-			    &options->deny_groups, &options->num_deny_groups,
-			    arg);
-		}
-		break;
+		chararrayptr = &options->deny_groups;
+		uintptr = &options->num_deny_groups;
+		goto parse_allowdenygroups;
 
 	case sCiphers:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: Missing argument.", filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if (*arg != '-' &&
 		    !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
 			fatal("%s line %d: Bad SSH2 cipher spec '%s'.",
@@ -1796,9 +1836,10 @@
 		break;
 
 	case sMacs:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: Missing argument.", filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if (*arg != '-' &&
 		    !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg))
 			fatal("%s line %d: Bad SSH2 mac spec '%s'.",
@@ -1808,10 +1849,10 @@
 		break;
 
 	case sKexAlgorithms:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: Missing argument.",
-			    filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if (*arg != '-' &&
 		    !kex_names_valid(*arg == '+' || *arg == '^' ?
 		    arg + 1 : arg))
@@ -1826,20 +1867,20 @@
 			fatal("%s line %d: too many subsystems defined.",
 			    filename, linenum);
 		}
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: Missing subsystem name.",
-			    filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if (!*activep) {
-			arg = strdelim(&cp);
+			arg = argv_next(&ac, &av);
 			break;
 		}
 		for (i = 0; i < options->num_subsystems; i++)
 			if (strcmp(arg, options->subsystem_name[i]) == 0)
-				fatal("%s line %d: Subsystem '%s' already defined.",
-				    filename, linenum, arg);
+				fatal("%s line %d: Subsystem '%s' "
+				    "already defined.", filename, linenum, arg);
 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: Missing subsystem command.",
 			    filename, linenum);
@@ -1848,7 +1889,7 @@
 		/* Collect arguments (separate to executable) */
 		p = xstrdup(arg);
 		len = strlen(p) + 1;
-		while ((arg = strdelim(&cp)) != NULL && *arg != '\0') {
+		while ((arg = argv_next(&ac, &av)) != NULL) {
 			len += 1 + strlen(arg);
 			p = xreallocarray(p, 1, len);
 			strlcat(p, " ", len);
@@ -1859,10 +1900,10 @@
 		break;
 
 	case sMaxStartups:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: Missing MaxStartups spec.",
-			    filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if ((n = sscanf(arg, "%d:%d:%d",
 		    &options->max_startups_begin,
 		    &options->max_startups_rate,
@@ -1871,15 +1912,54 @@
 			    options->max_startups ||
 			    options->max_startups_rate > 100 ||
 			    options->max_startups_rate < 1)
-				fatal("%s line %d: Illegal MaxStartups spec.",
-				    filename, linenum);
+				fatal("%s line %d: Invalid %s spec.",
+				    filename, linenum, keyword);
 		} else if (n != 1)
-			fatal("%s line %d: Illegal MaxStartups spec.",
-			    filename, linenum);
+			fatal("%s line %d: Invalid %s spec.",
+			    filename, linenum, keyword);
 		else
 			options->max_startups = options->max_startups_begin;
 		break;
 
+	case sPerSourceNetBlockSize:
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0')
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
+		switch (n = sscanf(arg, "%d:%d", &value, &value2)) {
+		case 2:
+			if (value2 < 0 || value2 > 128)
+				n = -1;
+			/* FALLTHROUGH */
+		case 1:
+			if (value < 0 || value > 32)
+				n = -1;
+		}
+		if (n != 1 && n != 2)
+			fatal("%s line %d: Invalid %s spec.",
+			    filename, linenum, keyword);
+		if (*activep) {
+			options->per_source_masklen_ipv4 = value;
+			options->per_source_masklen_ipv6 = value2;
+		}
+		break;
+
+	case sPerSourceMaxStartups:
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0')
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
+		if (strcmp(arg, "none") == 0) { /* no limit */
+			value = INT_MAX;
+		} else {
+			if ((errstr = atoi_err(arg, &value)) != NULL)
+				fatal("%s line %d: %s integer value %s.",
+				    filename, linenum, keyword, errstr);
+		}
+		if (*activep)
+			options->per_source_max_startups = value;
+		break;
+
 	case sMaxAuthTries:
 		intptr = &options->max_authtries;
 		goto parse_int;
@@ -1899,24 +1979,29 @@
 	 * AuthorizedKeysFile	/etc/ssh_keys/%u
 	 */
 	case sAuthorizedKeysFile:
-		if (*activep && options->num_authkeys_files == 0) {
-			while ((arg = strdelim(&cp)) && *arg != '\0') {
-				arg = tilde_expand_filename(arg, getuid());
-				array_append(filename, linenum,
-				    "AuthorizedKeysFile",
-				    &options->authorized_keys_files,
-				    &options->num_authkeys_files, arg);
-				free(arg);
+		uvalue = options->num_authkeys_files;
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0') {
+				error("%s line %d: keyword %s empty argument",
+				    filename, linenum, keyword);
+				goto out;
 			}
+			arg2 = tilde_expand_filename(arg, getuid());
+			if (*activep && uvalue == 0) {
+				opt_array_append(filename, linenum, keyword,
+				    &options->authorized_keys_files,
+				    &options->num_authkeys_files, arg2);
+			}
+			free(arg2);
 		}
-		return 0;
+		break;
 
 	case sAuthorizedPrincipalsFile:
 		charptr = &options->authorized_principals_file;
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing file name.",
-			    filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if (*activep && *charptr == NULL) {
 			*charptr = tilde_expand_filename(arg, getuid());
 			/* increase optional counter */
@@ -1934,13 +2019,13 @@
 		goto parse_int;
 
 	case sAcceptEnv:
-		while ((arg = strdelim(&cp)) && *arg != '\0') {
-			if (strchr(arg, '=') != NULL)
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0' || strchr(arg, '=') != NULL)
 				fatal("%s line %d: Invalid environment name.",
 				    filename, linenum);
 			if (!*activep)
 				continue;
-			array_append(filename, linenum, "AcceptEnv",
+			opt_array_append(filename, linenum, keyword,
 			    &options->accept_env, &options->num_accept_env,
 			    arg);
 		}
@@ -1948,23 +2033,23 @@
 
 	case sSetEnv:
 		uvalue = options->num_setenv;
-		while ((arg = strdelimw(&cp)) && *arg != '\0') {
-			if (strchr(arg, '=') == NULL)
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (*arg == '\0' || strchr(arg, '=') == NULL)
 				fatal("%s line %d: Invalid environment.",
 				    filename, linenum);
 			if (!*activep || uvalue != 0)
 				continue;
-			array_append(filename, linenum, "SetEnv",
+			opt_array_append(filename, linenum, keyword,
 			    &options->setenv, &options->num_setenv, arg);
 		}
 		break;
 
 	case sPermitTunnel:
 		intptr = &options->permit_tun;
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: Missing yes/point-to-point/"
-			    "ethernet/no argument.", filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		value = -1;
 		for (i = 0; tunmode_desc[i].val != -1; i++)
 			if (strcmp(tunmode_desc[i].text, arg) == 0) {
@@ -1972,8 +2057,8 @@
 				break;
 			}
 		if (value == -1)
-			fatal("%s line %d: Bad yes/point-to-point/ethernet/"
-			    "no argument: %s", filename, linenum, arg);
+			fatal("%s line %d: bad %s argument %s",
+			    filename, linenum, keyword, arg);
 		if (*activep && *intptr == -1)
 			*intptr = value;
 		break;
@@ -1984,7 +2069,12 @@
 			    "command-line option");
 		}
 		value = 0;
-		while ((arg2 = strdelim(&cp)) != NULL && *arg2 != '\0') {
+		while ((arg2 = argv_next(&ac, &av)) != NULL) {
+			if (*arg2 == '\0') {
+				error("%s line %d: keyword %s empty argument",
+				    filename, linenum, keyword);
+				goto out;
+			}
 			value++;
 			found = 0;
 			if (*arg2 != '/' && *arg2 != '~') {
@@ -2006,7 +2096,9 @@
 					parse_server_config_depth(options,
 					    item->filename, item->contents,
 					    includes, connectinfo,
-					    (oactive ? 0 : SSHCFG_NEVERMATCH),
+					    (*inc_flags & SSHCFG_MATCH_ONLY
+					        ? SSHCFG_MATCH_ONLY : (oactive
+					            ? 0 : SSHCFG_NEVERMATCH)),
 					    activep, depth + 1);
 				}
 				found = 1;
@@ -2022,9 +2114,8 @@
 			    filename, linenum, arg);
 			if ((r = glob(arg, 0, NULL, &gbuf)) != 0) {
 				if (r != GLOB_NOMATCH) {
-					fatal("%s line %d: include \"%s\" "
-					    "glob failed", filename,
-					    linenum, arg);
+					fatal("%s line %d: include \"%s\" glob "
+					    "failed", filename, linenum, arg);
 				}
 				/*
 				 * If no entry matched then record a
@@ -2038,23 +2129,23 @@
 				    item, entry);
 			}
 			if (gbuf.gl_pathc > INT_MAX)
-				fatal("%s: too many glob results", __func__);
+				fatal_f("too many glob results");
 			for (n = 0; n < (int)gbuf.gl_pathc; n++) {
 				debug2("%s line %d: including %s",
 				    filename, linenum, gbuf.gl_pathv[n]);
 				item = xcalloc(1, sizeof(*item));
 				item->selector = strdup(arg);
 				item->filename = strdup(gbuf.gl_pathv[n]);
-				if ((item->contents = sshbuf_new()) == NULL) {
-					fatal("%s: sshbuf_new failed",
-					    __func__);
-				}
+				if ((item->contents = sshbuf_new()) == NULL)
+					fatal_f("sshbuf_new failed");
 				load_server_config(item->filename,
 				    item->contents);
 				parse_server_config_depth(options,
 				    item->filename, item->contents,
 				    includes, connectinfo,
-				    (oactive ? 0 : SSHCFG_NEVERMATCH),
+				    (*inc_flags & SSHCFG_MATCH_ONLY
+				        ? SSHCFG_MATCH_ONLY : (oactive
+				            ? 0 : SSHCFG_NEVERMATCH)),
 				    activep, depth + 1);
 				*activep = oactive;
 				TAILQ_INSERT_TAIL(includes, item, entry);
@@ -2063,20 +2154,32 @@
 			free(arg);
 		}
 		if (value == 0) {
-			fatal("%s line %d: Include missing filename argument",
-			    filename, linenum);
+			fatal("%s line %d: %s missing filename argument",
+			    filename, linenum, keyword);
 		}
 		break;
 
 	case sMatch:
 		if (cmdline)
 			fatal("Match directive not supported as a command-line "
-			   "option");
-		value = match_cfg_line(&cp, linenum, connectinfo);
+			    "option");
+		value = match_cfg_line(&str, linenum,
+		    (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo));
 		if (value < 0)
 			fatal("%s line %d: Bad Match condition", filename,
 			    linenum);
-		*activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
+		*activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value;
+		/*
+		 * The MATCH_ONLY flag is applicable only until the first
+		 * match block.
+		 */
+		*inc_flags &= ~SSHCFG_MATCH_ONLY;
+		/*
+		 * If match_cfg_line() didn't consume all its arguments then
+		 * arrange for the extra arguments check below to fail.
+		 */
+		if (str == NULL || *str == '\0')
+			argv_consume(&ac);
 		break;
 
 	case sPermitListen:
@@ -2088,10 +2191,10 @@
 			uintptr = &options->num_permitted_opens;
 			chararrayptr = &options->permitted_opens;
 		}
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing %s specification",
-			    filename, linenum, lookup_opcode_name(opcode));
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		uvalue = *uintptr;	/* modified later */
 		if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
 			if (*activep && uvalue == 0) {
@@ -2102,7 +2205,7 @@
 			}
 			break;
 		}
-		for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
+		for (; arg != NULL && *arg != '\0'; arg = argv_next(&ac, &av)) {
 			if (opcode == sPermitListen &&
 			    strchr(arg, ':') == NULL) {
 				/*
@@ -2115,21 +2218,18 @@
 				ch = '\0';
 				p = hpdelim2(&arg, &ch);
 				if (p == NULL || ch == '/') {
-					fatal("%s line %d: missing host in %s",
-					    filename, linenum,
-					    lookup_opcode_name(opcode));
+					fatal("%s line %d: %s missing host",
+					    filename, linenum, keyword);
 				}
 				p = cleanhostname(p);
 			}
 			if (arg == NULL ||
 			    ((port = permitopen_port(arg)) < 0)) {
-				fatal("%s line %d: bad port number in %s",
-				    filename, linenum,
-				    lookup_opcode_name(opcode));
+				fatal("%s line %d: %s bad port number",
+				    filename, linenum, keyword);
 			}
 			if (*activep && uvalue == 0) {
-				array_append(filename, linenum,
-				    lookup_opcode_name(opcode),
+				opt_array_append(filename, linenum, keyword,
 				    chararrayptr, uintptr, arg2);
 			}
 			free(arg2);
@@ -2137,21 +2237,22 @@
 		break;
 
 	case sForceCommand:
-		if (cp == NULL || *cp == '\0')
-			fatal("%.200s line %d: Missing argument.", filename,
-			    linenum);
-		len = strspn(cp, WHITESPACE);
+		if (str == NULL || *str == '\0')
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
+		len = strspn(str, WHITESPACE);
 		if (*activep && options->adm_forced_command == NULL)
-			options->adm_forced_command = xstrdup(cp + len);
-		return 0;
+			options->adm_forced_command = xstrdup(str + len);
+		argv_consume(&ac);
+		break;
 
 	case sChrootDirectory:
 		charptr = &options->chroot_directory;
 
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing file name.",
-			    filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if (*activep && *charptr == NULL)
 			*charptr = xstrdup(arg);
 		break;
@@ -2166,10 +2267,10 @@
 
 	case sSecurityKeyProvider:
 		charptr = &options->sk_provider;
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing file name.",
-			    filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if (*activep && *charptr == NULL) {
 			*charptr = strcasecmp(arg, "internal") == 0 ?
 			    xstrdup(arg) : derelativise_path(arg);
@@ -2180,16 +2281,19 @@
 		break;
 
 	case sIPQoS:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0')
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if ((value = parse_ipqos(arg)) == -1)
-			fatal("%s line %d: Bad IPQoS value: %s",
-			    filename, linenum, arg);
-		arg = strdelim(&cp);
+			fatal("%s line %d: Bad %s value: %s",
+			    filename, linenum, keyword, arg);
+		arg = argv_next(&ac, &av);
 		if (arg == NULL)
 			value2 = value;
 		else if ((value2 = parse_ipqos(arg)) == -1)
-			fatal("%s line %d: Bad IPQoS value: %s",
-			    filename, linenum, arg);
+			fatal("%s line %d: Bad %s value: %s",
+			    filename, linenum, keyword, arg);
 		if (*activep) {
 			options->ip_qos_interactive = value;
 			options->ip_qos_bulk = value2;
@@ -2197,120 +2301,102 @@
 		break;
 
 	case sVersionAddendum:
-		if (cp == NULL || *cp == '\0')
-			fatal("%.200s line %d: Missing argument.", filename,
-			    linenum);
-		len = strspn(cp, WHITESPACE);
-		if (*activep && options->version_addendum == NULL) {
-			if (strcasecmp(cp + len, "none") == 0)
-				options->version_addendum = xstrdup("");
-			else if (strchr(cp + len, '\r') != NULL)
-				fatal("%.200s line %d: Invalid argument",
-				    filename, linenum);
-			else
-				options->version_addendum = xstrdup(cp + len);
+		if (str == NULL || *str == '\0')
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
+		len = strspn(str, WHITESPACE);
+		if (strchr(str + len, '\r') != NULL) {
+			fatal("%.200s line %d: Invalid %s argument",
+			    filename, linenum, keyword);
 		}
-		return 0;
+		if ((arg = strchr(line, '#')) != NULL) {
+			*arg = '\0';
+			rtrim(line);
+		}
+		if (*activep && options->version_addendum == NULL) {
+			if (strcasecmp(str + len, "none") == 0)
+				options->version_addendum = xstrdup("");
+			else
+				options->version_addendum = xstrdup(str + len);
+		}
+		argv_consume(&ac);
+		break;
 
 	case sAuthorizedKeysCommand:
-		if (cp == NULL)
-			fatal("%.200s line %d: Missing argument.", filename,
-			    linenum);
-		len = strspn(cp, WHITESPACE);
-		if (*activep && options->authorized_keys_command == NULL) {
-			if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
-				fatal("%.200s line %d: AuthorizedKeysCommand "
-				    "must be an absolute path",
-				    filename, linenum);
-			options->authorized_keys_command = xstrdup(cp + len);
+		charptr = &options->authorized_keys_command;
+ parse_command:
+		len = strspn(str, WHITESPACE);
+		if (str[len] != '/' && strcasecmp(str + len, "none") != 0) {
+			fatal("%.200s line %d: %s must be an absolute path",
+			    filename, linenum, keyword);
 		}
-		return 0;
+		if (*activep && options->authorized_keys_command == NULL)
+			*charptr = xstrdup(str + len);
+		argv_consume(&ac);
+		break;
 
 	case sAuthorizedKeysCommandUser:
 		charptr = &options->authorized_keys_command_user;
-
-		arg = strdelim(&cp);
-		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing AuthorizedKeysCommandUser "
-			    "argument.", filename, linenum);
+ parse_localuser:
+		arg = argv_next(&ac, &av);
+		if (!arg || *arg == '\0') {
+			fatal("%s line %d: missing %s argument.",
+			    filename, linenum, keyword);
+		}
 		if (*activep && *charptr == NULL)
 			*charptr = xstrdup(arg);
 		break;
 
 	case sAuthorizedPrincipalsCommand:
-		if (cp == NULL)
-			fatal("%.200s line %d: Missing argument.", filename,
-			    linenum);
-		len = strspn(cp, WHITESPACE);
-		if (*activep &&
-		    options->authorized_principals_command == NULL) {
-			if (cp[len] != '/' && strcasecmp(cp + len, "none") != 0)
-				fatal("%.200s line %d: "
-				    "AuthorizedPrincipalsCommand must be "
-				    "an absolute path", filename, linenum);
-			options->authorized_principals_command =
-			    xstrdup(cp + len);
-		}
-		return 0;
+		charptr = &options->authorized_principals_command;
+		goto parse_command;
 
 	case sAuthorizedPrincipalsCommandUser:
 		charptr = &options->authorized_principals_command_user;
-
-		arg = strdelim(&cp);
-		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing "
-			    "AuthorizedPrincipalsCommandUser argument.",
-			    filename, linenum);
-		if (*activep && *charptr == NULL)
-			*charptr = xstrdup(arg);
-		break;
+		goto parse_localuser;
 
 	case sAuthenticationMethods:
-		if (options->num_auth_methods == 0) {
-			value = 0; /* seen "any" pseudo-method */
-			value2 = 0; /* successfully parsed any method */
-			while ((arg = strdelim(&cp)) && *arg != '\0') {
-				if (strcmp(arg, "any") == 0) {
-					if (options->num_auth_methods > 0) {
-						fatal("%s line %d: \"any\" "
-						    "must appear alone in "
-						    "AuthenticationMethods",
-						    filename, linenum);
-					}
-					value = 1;
-				} else if (value) {
-					fatal("%s line %d: \"any\" must appear "
-					    "alone in AuthenticationMethods",
-					    filename, linenum);
-				} else if (auth2_methods_valid(arg, 0) != 0) {
-					fatal("%s line %d: invalid "
-					    "authentication method list.",
-					    filename, linenum);
+		found = options->num_auth_methods == 0;
+		value = 0; /* seen "any" pseudo-method */
+		value2 = 0; /* successfully parsed any method */
+		while ((arg = argv_next(&ac, &av)) != NULL) {
+			if (strcmp(arg, "any") == 0) {
+				if (options->num_auth_methods > 0) {
+					fatal("%s line %d: \"any\" must "
+					    "appear alone in %s",
+					    filename, linenum, keyword);
 				}
-				value2 = 1;
-				if (!*activep)
-					continue;
-				array_append(filename, linenum,
-				    "AuthenticationMethods",
-				    &options->auth_methods,
-				    &options->num_auth_methods, arg);
+				value = 1;
+			} else if (value) {
+				fatal("%s line %d: \"any\" must appear "
+				    "alone in %s", filename, linenum, keyword);
+			} else if (auth2_methods_valid(arg, 0) != 0) {
+				fatal("%s line %d: invalid %s method list.",
+				    filename, linenum, keyword);
 			}
-			if (value2 == 0) {
-				fatal("%s line %d: no AuthenticationMethods "
-				    "specified", filename, linenum);
-			}
+			value2 = 1;
+			if (!found || !*activep)
+				continue;
+			opt_array_append(filename, linenum, keyword,
+			    &options->auth_methods,
+			    &options->num_auth_methods, arg);
 		}
-		return 0;
+		if (value2 == 0) {
+			fatal("%s line %d: no %s specified",
+			    filename, linenum, keyword);
+		}
+		break;
 
 	case sStreamLocalBindMask:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%s line %d: missing StreamLocalBindMask "
-			    "argument.", filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		/* Parse mode in octal format */
 		value = strtol(arg, &p, 8);
 		if (arg == p || value < 0 || value > 0777)
-			fatal("%s line %d: Bad mask.", filename, linenum);
+			fatal("%s line %d: Invalid %s.",
+			    filename, linenum, keyword);
 		if (*activep)
 			options->fwd_opts.streamlocal_bind_mask = (mode_t)value;
 		break;
@@ -2320,13 +2406,13 @@
 		goto parse_flag;
 
 	case sFingerprintHash:
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
-			    filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if ((value = ssh_digest_alg_by_name(arg)) == -1)
-			fatal("%.200s line %d: Invalid hash algorithm \"%s\".",
-			    filename, linenum, arg);
+			fatal("%.200s line %d: Invalid %s algorithm \"%s\".",
+			    filename, linenum, keyword, arg);
 		if (*activep)
 			options->fingerprint_hash = value;
 		break;
@@ -2341,13 +2427,13 @@
 		    "platform.", filename, linenum);
 #endif
 		charptr = &options->routing_domain;
-		arg = strdelim(&cp);
+		arg = argv_next(&ac, &av);
 		if (!arg || *arg == '\0')
-			fatal("%.200s line %d: Missing argument.",
-			    filename, linenum);
+			fatal("%s line %d: %s missing argument.",
+			    filename, linenum, keyword);
 		if (strcasecmp(arg, "none") != 0 && strcmp(arg, "%D") != 0 &&
 		    !valid_rdomain(arg))
-			fatal("%s line %d: bad routing domain",
+			fatal("%s line %d: invalid routing domain",
 			    filename, linenum);
 		if (*activep && *charptr == NULL)
 			*charptr = xstrdup(arg);
@@ -2359,19 +2445,27 @@
 		do_log2(opcode == sIgnore ?
 		    SYSLOG_LEVEL_DEBUG2 : SYSLOG_LEVEL_INFO,
 		    "%s line %d: %s option %s", filename, linenum,
-		    opcode == sUnsupported ? "Unsupported" : "Deprecated", arg);
-		while (arg)
-		    arg = strdelim(&cp);
+		    opcode == sUnsupported ? "Unsupported" : "Deprecated",
+		    keyword);
+		argv_consume(&ac);
 		break;
 
 	default:
 		fatal("%s line %d: Missing handler for opcode %s (%d)",
-		    filename, linenum, arg, opcode);
+		    filename, linenum, keyword, opcode);
 	}
-	if ((arg = strdelim(&cp)) != NULL && *arg != '\0')
-		fatal("%s line %d: garbage at end of line; \"%.200s\".",
-		    filename, linenum, arg);
-	return 0;
+	/* Check that there is no garbage at end of line. */
+	if (ac > 0) {
+		error("%.200s line %d: keyword %s extra arguments "
+		    "at end of line", filename, linenum, keyword);
+		goto out;
+	}
+
+	/* success */
+	ret = 0;
+ out:
+	argv_free(oav, oac);
+	return ret;
 }
 
 int
@@ -2379,8 +2473,10 @@
     const char *filename, int linenum, int *activep,
     struct connection_info *connectinfo, struct include_list *includes)
 {
+	int inc_flags = 0;
+
 	return process_server_config_line_depth(options, line, filename,
-	    linenum, activep, connectinfo, 0, 0, includes);
+	    linenum, activep, connectinfo, &inc_flags, 0, includes);
 }
 
 
@@ -2389,35 +2485,38 @@
 void
 load_server_config(const char *filename, struct sshbuf *conf)
 {
+	struct stat st;
 	char *line = NULL, *cp;
 	size_t linesize = 0;
 	FILE *f;
 	int r, lineno = 0;
 
-	debug2("%s: filename %s", __func__, filename);
+	debug2_f("filename %s", filename);
 	if ((f = fopen(filename, "r")) == NULL) {
 		perror(filename);
 		exit(1);
 	}
 	sshbuf_reset(conf);
+	/* grow buffer, so realloc is avoided for large config files */
+	if (fstat(fileno(f), &st) == 0 && st.st_size > 0 &&
+	    (r = sshbuf_allocate(conf, st.st_size)) != 0)
+		fatal_fr(r, "allocate");
 	while (getline(&line, &linesize, f) != -1) {
 		lineno++;
 		/*
-		 * Trim out comments and strip whitespace
+		 * Strip whitespace
 		 * NB - preserve newlines, they are needed to reproduce
 		 * line numbers later for error messages
 		 */
-		if ((cp = strchr(line, '#')) != NULL)
-			memcpy(cp, "\n", 2);
 		cp = line + strspn(line, " \t\r");
 		if ((r = sshbuf_put(conf, cp, strlen(cp))) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_put");
 	}
 	free(line);
 	if ((r = sshbuf_put_u8(conf, 0)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_put_u8");
 	fclose(f);
-	debug2("%s: done config len = %zu", __func__, sshbuf_len(conf));
+	debug2_f("done config len = %zu", sshbuf_len(conf));
 }
 
 void
@@ -2461,12 +2560,12 @@
 			ci->lport = a2port(p + 6);
 			if (ci->lport == -1) {
 				fprintf(stderr, "Invalid port '%s' in test mode"
-				   " specification %s\n", p+6, p);
+				    " specification %s\n", p+6, p);
 				return -1;
 			}
 		} else {
 			fprintf(stderr, "Invalid test mode specification %s\n",
-			   p);
+			    p);
 			return -1;
 		}
 	}
@@ -2584,7 +2683,7 @@
 #undef M_CP_STRARRAYOPT
 
 #define SERVCONF_MAX_DEPTH	16
-void
+static void
 parse_server_config_depth(ServerOptions *options, const char *filename,
     struct sshbuf *conf, struct include_list *includes,
     struct connection_info *connectinfo, int flags, int *activep, int depth)
@@ -2595,14 +2694,15 @@
 	if (depth < 0 || depth > SERVCONF_MAX_DEPTH)
 		fatal("Too many recursive configuration includes");
 
-	debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf));
+	debug2_f("config %s len %zu%s", filename, sshbuf_len(conf),
+	    (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : ""));
 
 	if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL)
-		fatal("%s: sshbuf_dup_string failed", __func__);
+		fatal_f("sshbuf_dup_string failed");
 	linenum = 1;
 	while ((cp = strsep(&cbuf, "\n")) != NULL) {
 		if (process_server_config_line_depth(options, cp,
-		    filename, linenum++, activep, connectinfo, flags,
+		    filename, linenum++, activep, connectinfo, &flags,
 		    depth, includes) != 0)
 			bad_options++;
 	}
@@ -2610,7 +2710,6 @@
 	if (bad_options > 0)
 		fatal("%s: terminating, %d bad configuration options",
 		    filename, bad_options);
-	process_queued_listen_addrs(options);
 }
 
 void
@@ -2620,7 +2719,8 @@
 {
 	int active = connectinfo ? 0 : 1;
 	parse_server_config_depth(options, filename, conf, includes,
-	    connectinfo, 0, &active, 0);
+	    connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0);
+	process_queued_listen_addrs(options);
 }
 
 static const char *
@@ -2809,8 +2909,6 @@
 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
 	dump_cfg_fmtint(sKbdInteractiveAuthentication,
 	    o->kbd_interactive_authentication);
-	dump_cfg_fmtint(sChallengeResponseAuthentication,
-	    o->challenge_response_authentication);
 	dump_cfg_fmtint(sPrintMotd, o->print_motd);
 #ifndef DISABLE_LASTLOG
 	dump_cfg_fmtint(sPrintLastLog, o->print_lastlog);
@@ -2835,6 +2933,7 @@
 
 	/* string arguments */
 	dump_cfg_string(sPidFile, o->pid_file);
+	dump_cfg_string(sModuliFile, o->moduli_file);
 	dump_cfg_string(sXAuthLocation, o->xauth_location);
 	dump_cfg_string(sCiphers, o->ciphers);
 	dump_cfg_string(sMacs, o->macs);
@@ -2855,9 +2954,9 @@
 	dump_cfg_string(sHostKeyAgent, o->host_key_agent);
 	dump_cfg_string(sKexAlgorithms, o->kex_algorithms);
 	dump_cfg_string(sCASignatureAlgorithms, o->ca_sign_algorithms);
-	dump_cfg_string(sHostbasedAcceptedKeyTypes, o->hostbased_key_types);
+	dump_cfg_string(sHostbasedAcceptedAlgorithms, o->hostbased_accepted_algos);
 	dump_cfg_string(sHostKeyAlgorithms, o->hostkeyalgorithms);
-	dump_cfg_string(sPubkeyAcceptedKeyTypes, o->pubkey_key_types);
+	dump_cfg_string(sPubkeyAcceptedAlgorithms, o->pubkey_accepted_algos);
 #if defined(__OpenBSD__) || defined(HAVE_SYS_SET_PROCESS_RDOMAIN)
 	dump_cfg_string(sRDomain, o->routing_domain);
 #endif
@@ -2870,9 +2969,9 @@
 	dump_cfg_strarray_oneline(sAuthorizedKeysFile, o->num_authkeys_files,
 	    o->authorized_keys_files);
 	dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
-	     o->host_key_files);
+	    o->host_key_files);
 	dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
-	     o->host_cert_files);
+	    o->host_cert_files);
 	dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
 	dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
 	dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups);
@@ -2881,6 +2980,8 @@
 	dump_cfg_strarray(sSetEnv, o->num_setenv, o->setenv);
 	dump_cfg_strarray_oneline(sAuthenticationMethods,
 	    o->num_auth_methods, o->auth_methods);
+	dump_cfg_strarray_oneline(sLogVerbose,
+	    o->num_log_verbose, o->log_verbose);
 
 	/* other arguments */
 	for (i = 0; i < o->num_subsystems; i++)
@@ -2889,6 +2990,13 @@
 
 	printf("maxstartups %d:%d:%d\n", o->max_startups_begin,
 	    o->max_startups_rate, o->max_startups);
+	printf("persourcemaxstartups ");
+	if (o->per_source_max_startups == INT_MAX)
+		printf("none\n");
+	else
+		printf("%d\n", o->per_source_max_startups);
+	printf("persourcenetblocksize %d:%d\n", o->per_source_masklen_ipv4,
+	    o->per_source_masklen_ipv6);
 
 	s = NULL;
 	for (i = 0; tunmode_desc[i].val != -1; i++) {
@@ -2922,11 +3030,11 @@
 	}
 	printf("\n");
 
-	if (o->permit_user_env_whitelist == NULL) {
+	if (o->permit_user_env_allowlist == NULL) {
 		dump_cfg_fmtint(sPermitUserEnvironment, o->permit_user_env);
 	} else {
 		printf("permituserenvironment %s\n",
-		    o->permit_user_env_whitelist);
+		    o->permit_user_env_allowlist);
 	}
 
 	printf("pubkeyauthoptions");
@@ -2934,5 +3042,7 @@
 		printf(" none");
 	if (o->pubkey_auth_options & PUBKEYAUTH_TOUCH_REQUIRED)
 		printf(" touch-required");
+	if (o->pubkey_auth_options & PUBKEYAUTH_VERIFY_REQUIRED)
+		printf(" verify-required");
 	printf("\n");
 }

servconf.h

diff --git a/servconf.h b/servconf.h
index a420f39..dd5cbc1 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.144 2020/04/17 03:30:05 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.155 2021/07/02 05:11:21 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -50,7 +50,8 @@
 #define INTERNAL_SFTP_NAME	"internal-sftp"
 
 /* PubkeyAuthOptions flags */
-#define PUBKEYAUTH_TOUCH_REQUIRED	1
+#define PUBKEYAUTH_TOUCH_REQUIRED	(1)
+#define PUBKEYAUTH_VERIFY_REQUIRED	(1<<1)
 
 struct ssh;
 struct fwd_perm_list;
@@ -92,6 +93,7 @@
 
 	char   *host_key_agent;		/* ssh-agent socket for host keys. */
 	char   *pid_file;		/* Where to put our pid */
+	char   *moduli_file;		/* moduli file for DH-GEX */
 	int     login_grace_time;	/* Disconnect if no auth in this time
 					 * (sec). */
 	int     permit_root_login;	/* PERMIT_*, see above */
@@ -117,13 +119,15 @@
 	struct ForwardOptions fwd_opts;	/* forwarding options */
 	SyslogFacility log_facility;	/* Facility for system logging. */
 	LogLevel log_level;	/* Level for system logging. */
+	u_int	num_log_verbose;	/* Verbose log overrides */
+	char	**log_verbose;
 	int     hostbased_authentication;	/* If true, permit ssh2 hostbased auth */
 	int     hostbased_uses_name_from_packet_only; /* experimental */
-	char   *hostbased_key_types;	/* Key types allowed for hostbased */
+	char   *hostbased_accepted_algos; /* Algos allowed for hostbased */
 	char   *hostkeyalgorithms;	/* SSH2 server key types */
 	char   *ca_sign_algorithms;	/* Allowed CA signature algorithms */
 	int     pubkey_authentication;	/* If true, permit ssh2 pubkey authentication. */
-	char   *pubkey_key_types;	/* Key types allowed for public key */
+	char   *pubkey_accepted_algos;	/* Signature algos allowed for pubkey */
 	int	pubkey_auth_options;	/* -1 or mask of PUBKEYAUTH_* flags */
 	int     kerberos_authentication;	/* If true, permit Kerberos
 						 * authentication. */
@@ -142,11 +146,10 @@
 	int     password_authentication;	/* If true, permit password
 						 * authentication. */
 	int     kbd_interactive_authentication;	/* If true, permit */
-	int     challenge_response_authentication;
 	int     permit_empty_passwd;	/* If false, do not permit empty
 					 * passwords. */
 	int     permit_user_env;	/* If true, read ~/.ssh/environment */
-	char   *permit_user_env_whitelist; /* pattern-list whitelist */
+	char   *permit_user_env_allowlist; /* pattern-list of allowed env names */
 	int     compression;	/* If true, compression is allowed */
 	int	allow_tcp_forwarding; /* One of FORWARD_* */
 	int	allow_streamlocal_forwarding; /* One of FORWARD_* */
@@ -174,6 +177,9 @@
 	int	max_startups_begin;
 	int	max_startups_rate;
 	int	max_startups;
+	int	per_source_max_startups;
+	int	per_source_masklen_ipv4;
+	int	per_source_masklen_ipv6;
 	int	max_authtries;
 	int	max_sessions;
 	char   *banner;			/* SSH-2 banner message */
@@ -229,7 +235,7 @@
 struct connection_info {
 	const char *user;
 	const char *host;	/* possibly resolved hostname */
-	const char *address; 	/* remote address */
+	const char *address;	/* remote address */
 	const char *laddress;	/* local address */
 	int lport;		/* local port */
 	const char *rdomain;	/* routing domain if available */
@@ -250,7 +256,7 @@
 /*
  * These are string config options that must be copied between the
  * Match sub-config and the main config, and must be sent from the
- * privsep slave to the privsep master. We use a macro to ensure all
+ * privsep child to the privsep master. We use a macro to ensure all
  * the options are copied and the copies are done in the correct order.
  *
  * NB. an option must appear in servconf.c:copy_set_server_options() or
@@ -265,33 +271,35 @@
 		M_CP_STROPT(authorized_principals_file); \
 		M_CP_STROPT(authorized_principals_command); \
 		M_CP_STROPT(authorized_principals_command_user); \
-		M_CP_STROPT(hostbased_key_types); \
-		M_CP_STROPT(pubkey_key_types); \
+		M_CP_STROPT(hostbased_accepted_algos); \
+		M_CP_STROPT(pubkey_accepted_algos); \
 		M_CP_STROPT(ca_sign_algorithms); \
 		M_CP_STROPT(routing_domain); \
-		M_CP_STROPT(permit_user_env_whitelist); \
+		M_CP_STROPT(permit_user_env_allowlist); \
 		M_CP_STRARRAYOPT(authorized_keys_files, num_authkeys_files); \
 		M_CP_STRARRAYOPT(allow_users, num_allow_users); \
 		M_CP_STRARRAYOPT(deny_users, num_deny_users); \
 		M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \
 		M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \
 		M_CP_STRARRAYOPT(accept_env, num_accept_env); \
+		M_CP_STRARRAYOPT(setenv, num_setenv); \
 		M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \
 		M_CP_STRARRAYOPT(permitted_opens, num_permitted_opens); \
 		M_CP_STRARRAYOPT(permitted_listens, num_permitted_listens); \
+		M_CP_STRARRAYOPT(log_verbose, num_log_verbose); \
 	} while (0)
 
 struct connection_info *get_connection_info(struct ssh *, int, int);
 void	 initialize_server_options(ServerOptions *);
 void	 fill_default_server_options(ServerOptions *);
 int	 process_server_config_line(ServerOptions *, char *, const char *, int,
-	     int *, struct connection_info *, struct include_list *includes);
+	    int *, struct connection_info *, struct include_list *includes);
 void	 process_permitopen(struct ssh *ssh, ServerOptions *options);
 void	 load_server_config(const char *, struct sshbuf *);
 void	 parse_server_config(ServerOptions *, const char *, struct sshbuf *,
-	     struct include_list *includes, struct connection_info *);
+	    struct include_list *includes, struct connection_info *);
 void	 parse_server_match_config(ServerOptions *,
-	     struct include_list *includes, struct connection_info *);
+	    struct include_list *includes, struct connection_info *);
 int	 parse_server_match_testspec(struct connection_info *, char *);
 int	 server_match_spec_complete(struct connection_info *);
 void	 copy_set_server_options(ServerOptions *, ServerOptions *, int);

serverloop.c

diff --git a/serverloop.c b/serverloop.c
index 340b19a..e8cfb92 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: serverloop.c,v 1.222 2020/01/30 07:21:38 djm Exp $ */
+/* $OpenBSD: serverloop.c,v 1.228 2021/07/16 09:00:23 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -88,11 +88,6 @@
 
 static int no_more_sessions = 0; /* Disallow further sessions. */
 
-/*
- * This SIGCHLD kludge is used to detect when the child exits.  The server
- * will exit after that, as soon as forwarded connections have terminated.
- */
-
 static volatile sig_atomic_t child_terminated = 0;	/* The child has terminated. */
 
 /* Cleanup on signals (!use_privsep case only) */
@@ -115,59 +110,11 @@
 	return 1;
 }
 
-/*
- * we write to this pipe if a SIGCHLD is caught in order to avoid
- * the race between select() and child_terminated
- */
-static int notify_pipe[2];
-static void
-notify_setup(void)
-{
-	if (pipe(notify_pipe) == -1) {
-		error("pipe(notify_pipe) failed %s", strerror(errno));
-	} else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) ||
-	    (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) {
-		error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno));
-		close(notify_pipe[0]);
-		close(notify_pipe[1]);
-	} else {
-		set_nonblock(notify_pipe[0]);
-		set_nonblock(notify_pipe[1]);
-		return;
-	}
-	notify_pipe[0] = -1;	/* read end */
-	notify_pipe[1] = -1;	/* write end */
-}
-static void
-notify_parent(void)
-{
-	if (notify_pipe[1] != -1)
-		(void)write(notify_pipe[1], "", 1);
-}
-static void
-notify_prepare(fd_set *readset)
-{
-	if (notify_pipe[0] != -1)
-		FD_SET(notify_pipe[0], readset);
-}
-static void
-notify_done(fd_set *readset)
-{
-	char c;
-
-	if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
-		while (read(notify_pipe[0], &c, 1) != -1)
-			debug2("%s: reading", __func__);
-}
-
 /*ARGSUSED*/
 static void
 sigchld_handler(int sig)
 {
-	int save_errno = errno;
 	child_terminated = 1;
-	notify_parent();
-	errno = save_errno;
 }
 
 /*ARGSUSED*/
@@ -201,18 +148,18 @@
 		    (r = sshpkt_put_cstring(ssh, "keepalive@openssh.com"))
 		    != 0 ||
 		    (r = sshpkt_put_u8(ssh, 1)) != 0) /* boolean: want reply */
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose");
 	} else {
 		channel_request_start(ssh, channel_id,
 		    "keepalive@openssh.com", 1);
 	}
 	if ((r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send");
 }
 
 /*
- * Sleep in select() until we can do something.  This will initialize the
- * select masks.  Upon return, the masks will indicate which descriptors
+ * Sleep in pselect() until we can do something.  This will initialize the
+ * pselect masks.  Upon return, the masks will indicate which descriptors
  * have data or can accept data.  Optionally, a maximum time can be specified
  * for the duration of the wait (0 = infinite).
  */
@@ -220,16 +167,16 @@
 wait_until_can_do_something(struct ssh *ssh,
     int connection_in, int connection_out,
     fd_set **readsetp, fd_set **writesetp, int *maxfdp,
-    u_int *nallocp, u_int64_t max_time_ms)
+    u_int *nallocp, u_int64_t max_time_ms, sigset_t *sigsetp)
 {
-	struct timeval tv, *tvp;
+	struct timespec ts, *tsp;
 	int ret;
 	time_t minwait_secs = 0;
 	int client_alive_scheduled = 0;
 	/* time we last heard from the client OR sent a keepalive */
 	static time_t last_client_time;
 
-	/* Allocate and update select() masks for channel descriptors. */
+	/* Allocate and update pselect() masks for channel descriptors. */
 	channel_prepare_select(ssh, readsetp, writesetp, maxfdp,
 	    nallocp, &minwait_secs);
 
@@ -253,6 +200,8 @@
 			max_time_ms = keepalive_ms;
 			client_alive_scheduled = 1;
 		}
+		if (last_client_time == 0)
+			last_client_time = monotime();
 	}
 
 #if 0
@@ -260,7 +209,6 @@
 	if (channel_not_very_much_buffered_data())
 #endif
 	FD_SET(connection_in, *readsetp);
-	notify_prepare(*readsetp);
 
 	/*
 	 * If we have buffered packet data going to the client, mark that
@@ -278,26 +226,26 @@
 			max_time_ms = 100;
 
 	if (max_time_ms == 0)
-		tvp = NULL;
+		tsp = NULL;
 	else {
-		tv.tv_sec = max_time_ms / 1000;
-		tv.tv_usec = 1000 * (max_time_ms % 1000);
-		tvp = &tv;
+		ts.tv_sec = max_time_ms / 1000;
+		ts.tv_nsec = 1000000 * (max_time_ms % 1000);
+		tsp = &ts;
 	}
 
 	/* Wait for something to happen, or the timeout to expire. */
-	ret = select((*maxfdp)+1, *readsetp, *writesetp, NULL, tvp);
+	ret = pselect((*maxfdp)+1, *readsetp, *writesetp, NULL, tsp, sigsetp);
 
 	if (ret == -1) {
 		memset(*readsetp, 0, *nallocp);
 		memset(*writesetp, 0, *nallocp);
 		if (errno != EINTR)
-			error("select: %.100s", strerror(errno));
+			error("pselect: %.100s", strerror(errno));
 	} else if (client_alive_scheduled) {
 		time_t now = monotime();
 
 		/*
-		 * If the select timed out, or returned for some other reason
+		 * If the pselect timed out, or returned for some other reason
 		 * but we haven't heard from the client in time, send keepalive.
 		 */
 		if (ret == 0 || (last_client_time != 0 && last_client_time +
@@ -308,8 +256,6 @@
 			last_client_time = now;
 		}
 	}
-
-	notify_done(*readsetp);
 }
 
 /*
@@ -330,21 +276,17 @@
 			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
 			return -1;
 		} else if (len == -1) {
-			if (errno != EINTR && errno != EAGAIN &&
-			    errno != EWOULDBLOCK) {
-				verbose("Read error from remote host "
-				    "%.100s port %d: %.100s",
-				    ssh_remote_ipaddr(ssh),
-				    ssh_remote_port(ssh), strerror(errno));
-				cleanup_exit(255);
-			}
-		} else {
-			/* Buffer any received data. */
-			if ((r = ssh_packet_process_incoming(ssh, buf, len))
-			    != 0)
-				fatal("%s: ssh_packet_process_incoming: %s",
-				    __func__, ssh_err(r));
+			if (errno == EINTR || errno == EAGAIN ||
+			    errno == EWOULDBLOCK)
+				return 0;
+			verbose("Read error from remote host %s port %d: %s",
+			    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+			    strerror(errno));
+			cleanup_exit(255);
 		}
+		/* Buffer any received data. */
+		if ((r = ssh_packet_process_incoming(ssh, buf, len)) != 0)
+			fatal_fr(r, "ssh_packet_process_incoming");
 	}
 	return 0;
 }
@@ -376,13 +318,8 @@
 collect_children(struct ssh *ssh)
 {
 	pid_t pid;
-	sigset_t oset, nset;
 	int status;
 
-	/* block SIGCHLD while we check for dead children */
-	sigemptyset(&nset);
-	sigaddset(&nset, SIGCHLD);
-	sigprocmask(SIG_BLOCK, &nset, &oset);
 	if (child_terminated) {
 		debug("Received SIGCHLD.");
 		while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
@@ -391,19 +328,21 @@
 				session_close_by_pid(ssh, pid, status);
 		child_terminated = 0;
 	}
-	sigprocmask(SIG_SETMASK, &oset, NULL);
 }
 
 void
 server_loop2(struct ssh *ssh, Authctxt *authctxt)
 {
 	fd_set *readset = NULL, *writeset = NULL;
-	int max_fd;
+	int r, max_fd;
 	u_int nalloc = 0, connection_in, connection_out;
 	u_int64_t rekey_timeout_ms = 0;
+	sigset_t bsigset, osigset;
 
 	debug("Entering interactive session for SSH2.");
 
+	if (sigemptyset(&bsigset) == -1 || sigaddset(&bsigset, SIGCHLD) == -1)
+		error_f("bsigset setup: %s", strerror(errno));
 	ssh_signal(SIGCHLD, sigchld_handler);
 	child_terminated = 0;
 	connection_in = ssh_packet_get_connection_in(ssh);
@@ -415,10 +354,7 @@
 		ssh_signal(SIGQUIT, sigterm_handler);
 	}
 
-	notify_setup();
-
 	max_fd = MAXIMUM(connection_in, connection_out);
-	max_fd = MAXIMUM(max_fd, notify_pipe[0]);
 
 	server_init_dispatch(ssh);
 
@@ -436,8 +372,19 @@
 			rekey_timeout_ms = 0;
 		}
 
+		/*
+		 * Block SIGCHLD while we check for dead children, then pass
+		 * the old signal mask through to pselect() so that it'll wake
+		 * up immediately if a child exits after we've called waitpid().
+		 */
+		if (sigprocmask(SIG_BLOCK, &bsigset, &osigset) == -1)
+			error_f("bsigset sigprocmask: %s", strerror(errno));
+		collect_children(ssh);
 		wait_until_can_do_something(ssh, connection_in, connection_out,
-		    &readset, &writeset, &max_fd, &nalloc, rekey_timeout_ms);
+		    &readset, &writeset, &max_fd, &nalloc, rekey_timeout_ms,
+		    &osigset);
+		if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1)
+			error_f("osigset sigprocmask: %s", strerror(errno));
 
 		if (received_sigterm) {
 			logit("Exiting on signal %d", (int)received_sigterm);
@@ -445,11 +392,13 @@
 			cleanup_exit(255);
 		}
 
-		collect_children(ssh);
 		if (!ssh_packet_is_rekeying(ssh))
 			channel_after_select(ssh, readset, writeset);
 		if (process_input(ssh, readset, connection_in) < 0)
 			break;
+		/* A timeout may have triggered rekeying */
+		if ((r = ssh_packet_check_rekey(ssh)) != 0)
+			fatal_fr(r, "cannot start rekeying");
 		process_output(ssh, writeset, connection_out);
 	}
 	collect_children(ssh);
@@ -492,17 +441,17 @@
 	    (r = sshpkt_get_end(ssh)) != 0)
 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	if (target_port > 0xFFFF) {
-		error("%s: invalid target port", __func__);
+		error_f("invalid target port");
 		*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
 		goto out;
 	}
 	if (originator_port > 0xFFFF) {
-		error("%s: invalid originator port", __func__);
+		error_f("invalid originator port");
 		*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
 		goto out;
 	}
 
-	debug("%s: originator %s port %u, target %s port %u", __func__,
+	debug_f("originator %s port %u, target %s port %u",
 	    originator, originator_port, target, target_port);
 
 	/* XXX fine grained permissions */
@@ -535,7 +484,7 @@
 	int r;
 
 	if (pw == NULL || !the_authctxt->valid)
-		fatal("%s: no/invalid user", __func__);
+		fatal_f("no/invalid user");
 
 	if ((r = sshpkt_get_cstring(ssh, &target, NULL)) != 0 ||
 	    (r = sshpkt_get_cstring(ssh, &originator, NULL)) != 0 ||
@@ -543,11 +492,11 @@
 	    (r = sshpkt_get_end(ssh)) != 0)
 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	if (originator_port > 0xFFFF) {
-		error("%s: invalid originator port", __func__);
+		error_f("invalid originator port");
 		goto out;
 	}
 
-	debug("%s: originator %s port %d, target %s", __func__,
+	debug_f("originator %s port %d, target %s",
 	    originator, originator_port, target);
 
 	/* XXX fine grained permissions */
@@ -595,7 +544,7 @@
 	if ((r = sshpkt_get_u32(ssh, &tun)) != 0)
 		sshpkt_fatal(ssh, r, "%s: parse device", __func__);
 	if (tun > INT_MAX) {
-		debug("%s: invalid tun", __func__);
+		debug_f("invalid tun");
 		goto done;
 	}
 	if (auth_opts->force_tun_device != -1) {
@@ -684,7 +633,7 @@
 	    (r = sshpkt_get_u32(ssh, &rwindow)) != 0 ||
 	    (r = sshpkt_get_u32(ssh, &rmaxpack)) != 0)
 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
-	debug("%s: ctype %s rchan %u win %u max %u", __func__,
+	debug_f("ctype %s rchan %u win %u max %u",
 	    ctype, rchan, rwindow, rmaxpack);
 
 	if (strcmp(ctype, "session") == 0) {
@@ -697,7 +646,7 @@
 		c = server_request_tun(ssh);
 	}
 	if (c != NULL) {
-		debug("%s: confirm %s", __func__, ctype);
+		debug_f("confirm %s", ctype);
 		c->remote_id = rchan;
 		c->have_remote_id = 1;
 		c->remote_window = rwindow;
@@ -714,7 +663,7 @@
 			}
 		}
 	} else {
-		debug("%s: failure %s", __func__, ctype);
+		debug_f("failure %s", ctype);
 		if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_OPEN_FAILURE)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, rchan)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, reason)) != 0 ||
@@ -741,7 +690,7 @@
 	size_t blen, slen;
 
 	if ((resp = sshbuf_new()) == NULL || (sigbuf = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 
 	kexsigtype = sshkey_type_plain(
 	    sshkey_type_from_name(ssh->kex->hostkey_alg));
@@ -750,8 +699,7 @@
 		key = NULL;
 		if ((r = sshpkt_get_string_direct(ssh, &blob, &blen)) != 0 ||
 		    (r = sshkey_from_blob(blob, blen, &key)) != 0) {
-			error("%s: couldn't parse key: %s",
-			    __func__, ssh_err(r));
+			error_fr(r, "parse key");
 			goto out;
 		}
 		/*
@@ -759,8 +707,7 @@
 		 * before attempting to sign anything with it.
 		 */
 		if ((ndx = ssh->kex->host_key_index(key, 1, ssh)) == -1) {
-			error("%s: unknown host %s key",
-			    __func__, sshkey_type(key));
+			error_f("unknown host %s key", sshkey_type(key));
 			goto out;
 		}
 		/*
@@ -769,7 +716,7 @@
 		 */
 		if ((key_prv = get_hostkey_by_index(ndx)) == NULL &&
 		    (key_pub = get_hostkey_public_by_index(ndx, ssh)) == NULL) {
-			error("%s: can't retrieve hostkey %d", __func__, ndx);
+			error_f("can't retrieve hostkey %d", ndx);
 			goto out;
 		}
 		sshbuf_reset(sigbuf);
@@ -783,15 +730,14 @@
 		    sshkey_type_plain(key->type) == KEY_RSA;
 		if ((r = sshbuf_put_cstring(sigbuf,
 		    "hostkeys-prove-00@openssh.com")) != 0 ||
-		    (r = sshbuf_put_string(sigbuf,
-		    ssh->kex->session_id, ssh->kex->session_id_len)) != 0 ||
+		    (r = sshbuf_put_stringb(sigbuf,
+		    ssh->kex->session_id)) != 0 ||
 		    (r = sshkey_puts(key, sigbuf)) != 0 ||
 		    (r = ssh->kex->sign(ssh, key_prv, key_pub, &sig, &slen,
 		    sshbuf_ptr(sigbuf), sshbuf_len(sigbuf),
 		    use_kexsigtype ? ssh->kex->hostkey_alg : NULL)) != 0 ||
 		    (r = sshbuf_put_string(resp, sig, slen)) != 0) {
-			error("%s: couldn't prepare signature: %s",
-			    __func__, ssh_err(r));
+			error_fr(r, "assemble signature");
 			goto out;
 		}
 	}
@@ -820,19 +766,19 @@
 
 	memset(&fwd, 0, sizeof(fwd));
 	if (pw == NULL || !the_authctxt->valid)
-		fatal("%s: no/invalid user", __func__);
+		fatal_f("no/invalid user");
 
 	if ((r = sshpkt_get_cstring(ssh, &rtype, NULL)) != 0 ||
 	    (r = sshpkt_get_u8(ssh, &want_reply)) != 0)
 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
-	debug("%s: rtype %s want_reply %d", __func__, rtype, want_reply);
+	debug_f("rtype %s want_reply %d", rtype, want_reply);
 
 	/* -R style forwarding */
 	if (strcmp(rtype, "tcpip-forward") == 0) {
 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||
 		    (r = sshpkt_get_u32(ssh, &port)) != 0)
 			sshpkt_fatal(ssh, r, "%s: parse tcpip-forward", __func__);
-		debug("%s: tcpip-forward listen %s port %u", __func__,
+		debug_f("tcpip-forward listen %s port %u",
 		    fwd.listen_host, port);
 		if (port <= INT_MAX)
 			fwd.listen_port = (int)port;
@@ -843,7 +789,7 @@
 		    options.disable_forwarding ||
 		    (!want_reply && fwd.listen_port == 0) ||
 		    (fwd.listen_port != 0 &&
-		     !bind_permitted(fwd.listen_port, pw->pw_uid))) {
+		    !bind_permitted(fwd.listen_port, pw->pw_uid))) {
 			success = 0;
 			ssh_packet_send_debug(ssh, "Server has disabled port forwarding.");
 		} else {
@@ -852,16 +798,16 @@
 			    &allocated_listen_port, &options.fwd_opts);
 		}
 		if ((resp = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new", __func__);
+			fatal_f("sshbuf_new");
 		if (allocated_listen_port != 0 &&
 		    (r = sshbuf_put_u32(resp, allocated_listen_port)) != 0)
-			fatal("%s: sshbuf_put_u32: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_put_u32");
 	} else if (strcmp(rtype, "cancel-tcpip-forward") == 0) {
 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_host, NULL)) != 0 ||
 		    (r = sshpkt_get_u32(ssh, &port)) != 0)
 			sshpkt_fatal(ssh, r, "%s: parse cancel-tcpip-forward", __func__);
 
-		debug("%s: cancel-tcpip-forward addr %s port %d", __func__,
+		debug_f("cancel-tcpip-forward addr %s port %d",
 		    fwd.listen_host, port);
 		if (port <= INT_MAX) {
 			fwd.listen_port = (int)port;
@@ -870,7 +816,7 @@
 	} else if (strcmp(rtype, "streamlocal-forward@openssh.com") == 0) {
 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)
 			sshpkt_fatal(ssh, r, "%s: parse streamlocal-forward@openssh.com", __func__);
-		debug("%s: streamlocal-forward listen path %s", __func__,
+		debug_f("streamlocal-forward listen path %s",
 		    fwd.listen_path);
 
 		/* check permissions */
@@ -889,7 +835,7 @@
 	} else if (strcmp(rtype, "cancel-streamlocal-forward@openssh.com") == 0) {
 		if ((r = sshpkt_get_cstring(ssh, &fwd.listen_path, NULL)) != 0)
 			sshpkt_fatal(ssh, r, "%s: parse cancel-streamlocal-forward@openssh.com", __func__);
-		debug("%s: cancel-streamlocal-forward path %s", __func__,
+		debug_f("cancel-streamlocal-forward path %s",
 		    fwd.listen_path);
 
 		success = channel_cancel_rport_listener(ssh, &fwd);
@@ -945,8 +891,7 @@
 		success = session_input_channel_req(ssh, c, rtype);
 	if (want_reply && !(c->flags & CHAN_CLOSE_SENT)) {
 		if (!c->have_remote_id)
-			fatal("%s: channel %d: no remote_id",
-			    __func__, c->self);
+			fatal_f("channel %d: no remote_id", c->self);
 		if ((r = sshpkt_start(ssh, success ?
 		    SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE)) != 0 ||
 		    (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 ||

session.c

diff --git a/session.c b/session.c
index 449b84c..f9432bb 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.319 2020/03/13 03:17:07 djm Exp $ */
+/* $OpenBSD: session.c,v 1.329 2021/08/11 05:20:17 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -253,7 +253,7 @@
 	if (sshbuf_len(loginmsg) == 0)
 		return;
 	if ((r = sshbuf_put_u8(loginmsg, 0)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_put_u8");
 	printf("%s", (char *)sshbuf_ptr(loginmsg));
 	sshbuf_reset(loginmsg);
 }
@@ -269,16 +269,16 @@
 	temporarily_use_uid(pw);
 	auth_info_file = xstrdup("/tmp/sshauth.XXXXXXXXXXXXXXX");
 	if ((fd = mkstemp(auth_info_file)) == -1) {
-		error("%s: mkstemp: %s", __func__, strerror(errno));
+		error_f("mkstemp: %s", strerror(errno));
 		goto out;
 	}
 	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(info),
 	    sshbuf_len(info)) != sshbuf_len(info)) {
-		error("%s: write: %s", __func__, strerror(errno));
+		error_f("write: %s", strerror(errno));
 		goto out;
 	}
 	if (close(fd) != 0) {
-		error("%s: close: %s", __func__, strerror(errno));
+		error_f("close: %s", strerror(errno));
 		goto out;
 	}
 	success = 1;
@@ -305,11 +305,10 @@
 			tmp = cp = xstrdup(auth_opts->permitopen[i]);
 			/* This shouldn't fail as it has already been checked */
 			if ((host = hpdelim(&cp)) == NULL)
-				fatal("%s: internal error: hpdelim", __func__);
+				fatal_f("internal error: hpdelim");
 			host = cleanhostname(host);
 			if (cp == NULL || (port = permitopen_port(cp)) < 0)
-				fatal("%s: internal error: permitopen port",
-				    __func__);
+				fatal_f("internal error: permitopen port");
 			channel_add_permission(ssh,
 			    FORWARD_USER, FORWARD_LOCAL, host, port);
 			free(tmp);
@@ -321,11 +320,10 @@
 			tmp = cp = xstrdup(auth_opts->permitlisten[i]);
 			/* This shouldn't fail as it has already been checked */
 			if ((host = hpdelim(&cp)) == NULL)
-				fatal("%s: internal error: hpdelim", __func__);
+				fatal_f("internal error: hpdelim");
 			host = cleanhostname(host);
 			if (cp == NULL || (port = permitopen_port(cp)) < 0)
-				fatal("%s: internal error: permitlisten port",
-				    __func__);
+				fatal_f("internal error: permitlisten port");
 			channel_add_permission(ssh,
 			    FORWARD_USER, FORWARD_REMOTE, host, port);
 			free(tmp);
@@ -400,18 +398,17 @@
 
 	/* Allocate pipes for communicating with the program. */
 	if (pipe(pin) == -1) {
-		error("%s: pipe in: %.100s", __func__, strerror(errno));
+		error_f("pipe in: %.100s", strerror(errno));
 		return -1;
 	}
 	if (pipe(pout) == -1) {
-		error("%s: pipe out: %.100s", __func__, strerror(errno));
+		error_f("pipe out: %.100s", strerror(errno));
 		close(pin[0]);
 		close(pin[1]);
 		return -1;
 	}
 	if (pipe(perr) == -1) {
-		error("%s: pipe err: %.100s", __func__,
-		    strerror(errno));
+		error_f("pipe err: %.100s", strerror(errno));
 		close(pin[0]);
 		close(pin[1]);
 		close(pout[0]);
@@ -426,12 +423,11 @@
 
 	/* Uses socket pairs to communicate with the program. */
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, inout) == -1) {
-		error("%s: socketpair #1: %.100s", __func__, strerror(errno));
+		error_f("socketpair #1: %.100s", strerror(errno));
 		return -1;
 	}
 	if (socketpair(AF_UNIX, SOCK_STREAM, 0, err) == -1) {
-		error("%s: socketpair #2: %.100s", __func__,
-		    strerror(errno));
+		error_f("socketpair #2: %.100s", strerror(errno));
 		close(inout[0]);
 		close(inout[1]);
 		return -1;
@@ -443,7 +439,7 @@
 	/* Fork the child. */
 	switch ((pid = fork())) {
 	case -1:
-		error("%s: fork: %.100s", __func__, strerror(errno));
+		error_f("fork: %.100s", strerror(errno));
 #ifdef USE_PIPES
 		close(pin[0]);
 		close(pin[1]);
@@ -578,14 +574,14 @@
 	 * detect and gracefully fail out-of-fd conditions.
 	 */
 	if ((fdout = dup(ptyfd)) == -1) {
-		error("%s: dup #1: %s", __func__, strerror(errno));
+		error_f("dup #1: %s", strerror(errno));
 		close(ttyfd);
 		close(ptyfd);
 		return -1;
 	}
 	/* we keep a reference to the pty master */
 	if ((ptymaster = dup(ptyfd)) == -1) {
-		error("%s: dup #2: %s", __func__, strerror(errno));
+		error_f("dup #2: %s", strerror(errno));
 		close(ttyfd);
 		close(ptyfd);
 		close(fdout);
@@ -595,7 +591,7 @@
 	/* Fork the child. */
 	switch ((pid = fork())) {
 	case -1:
-		error("%s: fork: %.100s", __func__, strerror(errno));
+		error_f("fork: %.100s", strerror(errno));
 		close(fdout);
 		close(ptymaster);
 		close(ttyfd);
@@ -843,12 +839,12 @@
  * into the environment.  If the file does not exist, this does nothing.
  * Otherwise, it must consist of empty lines, comments (line starts with '#')
  * and assignments of the form name=value.  No other forms are allowed.
- * If whitelist is not NULL, then it is interpreted as a pattern list and
+ * If allowlist is not NULL, then it is interpreted as a pattern list and
  * only variable names that match it will be accepted.
  */
 static void
 read_environment_file(char ***env, u_int *envsize,
-	const char *filename, const char *whitelist)
+	const char *filename, const char *allowlist)
 {
 	FILE *f;
 	char *line = NULL, *cp, *value;
@@ -881,8 +877,8 @@
 		 */
 		*value = '\0';
 		value++;
-		if (whitelist != NULL &&
-		    match_pattern_list(cp, whitelist, 0) != 1)
+		if (allowlist != NULL &&
+		    match_pattern_list(cp, allowlist, 0) != 1)
 			continue;
 		child_set_env(env, envsize, cp, value);
 	}
@@ -924,7 +920,7 @@
 	 * interested in.
 	 */
 	read_environment_file(&tmpenv, &tmpenvsize, "/etc/default/login",
-	    options.permit_user_env_whitelist);
+	    options.permit_user_env_allowlist);
 
 	if (tmpenv == NULL)
 		return;
@@ -948,8 +944,8 @@
 
 #if defined(USE_PAM) || defined(HAVE_CYGWIN)
 static void
-copy_environment_blacklist(char **source, char ***env, u_int *envsize,
-    const char *blacklist)
+copy_environment_denylist(char **source, char ***env, u_int *envsize,
+    const char *denylist)
 {
 	char *var_name, *var_val;
 	int i;
@@ -965,8 +961,8 @@
 		}
 		*var_val++ = '\0';
 
-		if (blacklist == NULL ||
-		    match_pattern_list(var_name, blacklist, 0) != 1) {
+		if (denylist == NULL ||
+		    match_pattern_list(var_name, denylist, 0) != 1) {
 			debug3("Copy environment: %s=%s", var_name, var_val);
 			child_set_env(env, envsize, var_name, var_val);
 		}
@@ -980,7 +976,7 @@
 static void
 copy_environment(char **source, char ***env, u_int *envsize)
 {
-	copy_environment_blacklist(source, env, envsize, NULL);
+	copy_environment_denylist(source, env, envsize, NULL);
 }
 #endif
 
@@ -1093,7 +1089,7 @@
 		if ((cp = getenv("AUTHSTATE")) != NULL)
 			child_set_env(&env, &envsize, "AUTHSTATE", cp);
 		read_environment_file(&env, &envsize, "/etc/environment",
-		    options.permit_user_env_whitelist);
+		    options.permit_user_env_allowlist);
 	}
 #endif
 #ifdef KRB5
@@ -1111,12 +1107,12 @@
 		for (n = 0 ; n < auth_opts->nenv; n++) {
 			ocp = xstrdup(auth_opts->env[n]);
 			cp = strchr(ocp, '=');
-			if (*cp == '=') {
+			if (cp != NULL) {
 				*cp = '\0';
-				/* Apply PermitUserEnvironment whitelist */
-				if (options.permit_user_env_whitelist == NULL ||
+				/* Apply PermitUserEnvironment allowlist */
+				if (options.permit_user_env_allowlist == NULL ||
 				    match_pattern_list(ocp,
-				    options.permit_user_env_whitelist, 0) == 1)
+				    options.permit_user_env_allowlist, 0) == 1)
 					child_set_env(&env, &envsize,
 					    ocp, cp + 1);
 			}
@@ -1126,10 +1122,10 @@
 
 	/* read $HOME/.ssh/environment. */
 	if (options.permit_user_env) {
-		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
-		    pw->pw_dir);
+		snprintf(buf, sizeof buf, "%.200s/%s/environment",
+		    pw->pw_dir, _PATH_SSH_USER_DIR);
 		read_environment_file(&env, &envsize, buf,
-		    options.permit_user_env_whitelist);
+		    options.permit_user_env_allowlist);
 	}
 
 #ifdef USE_PAM
@@ -1144,15 +1140,15 @@
 		 * Don't allow PAM-internal env vars to leak
 		 * back into the session environment.
 		 */
-#define PAM_ENV_BLACKLIST  "SSH_AUTH_INFO*,SSH_CONNECTION*"
+#define PAM_ENV_DENYLIST  "SSH_AUTH_INFO*,SSH_CONNECTION*"
 		p = fetch_pam_child_environment();
-		copy_environment_blacklist(p, &env, &envsize,
-		    PAM_ENV_BLACKLIST);
+		copy_environment_denylist(p, &env, &envsize,
+		    PAM_ENV_DENYLIST);
 		free_pam_environment(p);
 
 		p = fetch_pam_environment();
-		copy_environment_blacklist(p, &env, &envsize,
-		    PAM_ENV_BLACKLIST);
+		copy_environment_denylist(p, &env, &envsize,
+		    PAM_ENV_DENYLIST);
 		free_pam_environment(p);
 	}
 #endif /* USE_PAM */
@@ -1208,19 +1204,21 @@
 do_rc_files(struct ssh *ssh, Session *s, const char *shell)
 {
 	FILE *f = NULL;
-	char cmd[1024];
+	char *cmd = NULL, *user_rc = NULL;
 	int do_xauth;
 	struct stat st;
 
 	do_xauth =
 	    s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
+	xasprintf(&user_rc, "%s/%s", s->pw->pw_dir, _PATH_SSH_USER_RC);
 
 	/* ignore _PATH_SSH_USER_RC for subsystems and admin forced commands */
 	if (!s->is_subsystem && options.adm_forced_command == NULL &&
 	    auth_opts->permit_user_rc && options.permit_user_rc &&
-	    stat(_PATH_SSH_USER_RC, &st) >= 0) {
-		snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
-		    shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
+	    stat(user_rc, &st) >= 0) {
+		if (xasprintf(&cmd, "%s -c '%s %s'", shell, _PATH_BSHELL,
+		    user_rc) == -1)
+			fatal_f("xasprintf: %s", strerror(errno));
 		if (debug_flag)
 			fprintf(stderr, "Running %s\n", cmd);
 		f = popen(cmd, "w");
@@ -1231,7 +1229,7 @@
 			pclose(f);
 		} else
 			fprintf(stderr, "Could not run %s\n",
-			    _PATH_SSH_USER_RC);
+			    user_rc);
 	} else if (stat(_PATH_SSH_SYSTEM_RC, &st) >= 0) {
 		if (debug_flag)
 			fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
@@ -1256,8 +1254,8 @@
 			    options.xauth_location, s->auth_display,
 			    s->auth_proto, s->auth_data);
 		}
-		snprintf(cmd, sizeof cmd, "%s -q -",
-		    options.xauth_location);
+		if (xasprintf(&cmd, "%s -q -", options.xauth_location) == -1)
+			fatal_f("xasprintf: %s", strerror(errno));
 		f = popen(cmd, "w");
 		if (f) {
 			fprintf(f, "remove %s\n",
@@ -1271,6 +1269,8 @@
 			    cmd);
 		}
 	}
+	free(cmd);
+	free(user_rc);
 }
 
 static void
@@ -1289,11 +1289,8 @@
 		return;
 	nl = def_nl;
 #endif
-	if (stat(nl, &sb) == -1) {
-		if (nl != def_nl)
-			free(nl);
+	if (stat(nl, &sb) == -1)
 		return;
-	}
 
 	/* /etc/nologin exists.  Print its contents if we can and exit. */
 	logit("User %.100s not allowed because %s exists", pw->pw_name, nl);
@@ -1334,10 +1331,10 @@
 			component[cp - path] = '\0';
 		}
 	
-		debug3("%s: checking '%s'", __func__, component);
+		debug3_f("checking '%s'", component);
 
 		if (stat(component, &st) != 0)
-			fatal("%s: stat(\"%s\"): %s", __func__,
+			fatal_f("stat(\"%s\"): %s",
 			    component, strerror(errno));
 		if (st.st_uid != 0 || (st.st_mode & 022) != 0)
 			fatal("bad ownership or modes for chroot "
@@ -1355,8 +1352,7 @@
 	if (chroot(path) == -1)
 		fatal("chroot(\"%s\"): %s", path, strerror(errno));
 	if (chdir("/") == -1)
-		fatal("%s: chdir(/) after chroot: %s",
-		    __func__, strerror(errno));
+		fatal_f("chdir(/) after chroot: %s", strerror(errno));
 	verbose("Changed root directory to \"%s\"", path);
 }
 
@@ -1394,7 +1390,7 @@
 
 		if (!in_chroot && options.chroot_directory != NULL &&
 		    strcasecmp(options.chroot_directory, "none") != 0) {
-                        tmp = tilde_expand_filename(options.chroot_directory,
+			tmp = tilde_expand_filename(options.chroot_directory,
 			    pw->pw_uid);
 			snprintf(uidstr, sizeof(uidstr), "%llu",
 			    (unsigned long long)pw->pw_uid);
@@ -1499,6 +1495,9 @@
 	 */
 	endpwent();
 
+	/* Stop directing logs to a high-numbered fd before we close it */
+	log_redirect_stderr_to(NULL);
+
 	/*
 	 * Close any extra open file descriptors so that we don't have them
 	 * hanging around in clients.  Note that we want to do this after
@@ -1722,11 +1721,11 @@
 void
 session_unused(int id)
 {
-	debug3("%s: session id %d unused", __func__, id);
+	debug3_f("session id %d unused", id);
 	if (id >= options.max_sessions ||
 	    id >= sessions_nalloc) {
-		fatal("%s: insane session id %d (max %d nalloc %d)",
-		    __func__, id, options.max_sessions, sessions_nalloc);
+		fatal_f("insane session id %d (max %d nalloc %d)",
+		    id, options.max_sessions, sessions_nalloc);
 	}
 	memset(&sessions[id], 0, sizeof(*sessions));
 	sessions[id].self = id;
@@ -1748,13 +1747,13 @@
 	if (sessions_first_unused == -1) {
 		if (sessions_nalloc >= options.max_sessions)
 			return NULL;
-		debug2("%s: allocate (allocated %d max %d)",
-		    __func__, sessions_nalloc, options.max_sessions);
+		debug2_f("allocate (allocated %d max %d)",
+		    sessions_nalloc, options.max_sessions);
 		tmp = xrecallocarray(sessions, sessions_nalloc,
 		    sessions_nalloc + 1, sizeof(*sessions));
 		if (tmp == NULL) {
-			error("%s: cannot allocate %d sessions",
-			    __func__, sessions_nalloc + 1);
+			error_f("cannot allocate %d sessions",
+			    sessions_nalloc + 1);
 			return NULL;
 		}
 		sessions = tmp;
@@ -1763,16 +1762,14 @@
 
 	if (sessions_first_unused >= sessions_nalloc ||
 	    sessions_first_unused < 0) {
-		fatal("%s: insane first_unused %d max %d nalloc %d",
-		    __func__, sessions_first_unused, options.max_sessions,
+		fatal_f("insane first_unused %d max %d nalloc %d",
+		    sessions_first_unused, options.max_sessions,
 		    sessions_nalloc);
 	}
 
 	s = &sessions[sessions_first_unused];
-	if (s->used) {
-		fatal("%s: session %d already used",
-		    __func__, sessions_first_unused);
-	}
+	if (s->used)
+		fatal_f("session %d already used", sessions_first_unused);
 	sessions_first_unused = s->next_unused;
 	s->used = 1;
 	s->next_unused = -1;
@@ -1788,12 +1785,11 @@
 	for (i = 0; i < sessions_nalloc; i++) {
 		Session *s = &sessions[i];
 
-		debug("dump: used %d next_unused %d session %d %p "
+		debug("dump: used %d next_unused %d session %d "
 		    "channel %d pid %ld",
 		    s->used,
 		    s->next_unused,
 		    s->self,
-		    s,
 		    s->chanid,
 		    (long)s->pid);
 	}
@@ -2142,35 +2138,33 @@
 
 	if ((r = sshpkt_get_cstring(ssh, &signame, NULL)) != 0 ||
 	    (r = sshpkt_get_end(ssh)) != 0) {
-		error("%s: parse packet: %s", __func__, ssh_err(r));
+		error_fr(r, "parse");
 		goto out;
 	}
 	if ((sig = name2sig(signame)) == -1) {
-		error("%s: unsupported signal \"%s\"", __func__, signame);
+		error_f("unsupported signal \"%s\"", signame);
 		goto out;
 	}
 	if (s->pid <= 0) {
-		error("%s: no pid for session %d", __func__, s->self);
+		error_f("no pid for session %d", s->self);
 		goto out;
 	}
 	if (s->forced || s->is_subsystem) {
-		error("%s: refusing to send signal %s to %s session", __func__,
+		error_f("refusing to send signal %s to %s session",
 		    signame, s->forced ? "forced-command" : "subsystem");
 		goto out;
 	}
 	if (!use_privsep || mm_is_monitor()) {
-		error("%s: session signalling requires privilege separation",
-		    __func__);
+		error_f("session signalling requires privilege separation");
 		goto out;
 	}
 
-	debug("%s: signal %s, killpg(%ld, %d)", __func__, signame,
-	    (long)s->pid, sig);
+	debug_f("signal %s, killpg(%ld, %d)", signame, (long)s->pid, sig);
 	temporarily_use_uid(s->pw);
 	r = killpg(s->pid, sig);
 	restore_uid();
 	if (r != 0) {
-		error("%s: killpg(%ld, %d): %s", __func__, (long)s->pid,
+		error_f("killpg(%ld, %d): %s", (long)s->pid,
 		    sig, strerror(errno));
 		goto out;
 	}
@@ -2192,7 +2186,7 @@
 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
 	if (!auth_opts->permit_agent_forwarding_flag ||
 	    !options.allow_agent_forwarding) {
-		debug("%s: agent forwarding disabled", __func__);
+		debug_f("agent forwarding disabled");
 		return 0;
 	}
 	if (called) {
@@ -2210,10 +2204,10 @@
 	Session *s;
 
 	if ((s = session_by_channel(c->self)) == NULL) {
-		logit("%s: no session %d req %.100s", __func__, c->self, rtype);
+		logit_f("no session %d req %.100s", c->self, rtype);
 		return 0;
 	}
-	debug("%s: session %d req %s", __func__, s->self, rtype);
+	debug_f("session %d req %s", s->self, rtype);
 
 	/*
 	 * a session is in LARVAL state until a shell, a command
@@ -2271,13 +2265,13 @@
 session_pty_cleanup2(Session *s)
 {
 	if (s == NULL) {
-		error("%s: no session", __func__);
+		error_f("no session");
 		return;
 	}
 	if (s->ttyfd == -1)
 		return;
 
-	debug("%s: session %d release %s", __func__, s->self, s->tty);
+	debug_f("session %d release %s", s->self, s->tty);
 
 	/* Record that the user has logged out. */
 	if (s->pid != 0)
@@ -2333,10 +2327,10 @@
 	Channel *c;
 
 	if ((c = channel_by_id(ssh, id)) == NULL) {
-		debug("%s: x11 channel %d missing", __func__, id);
+		debug_f("x11 channel %d missing", id);
 	} else {
 		/* Detach X11 listener */
-		debug("%s: detach x11 channel %d", __func__, id);
+		debug_f("detach x11 channel %d", id);
 		channel_cancel_cleanup(ssh, id);
 		if (c->ostate != CHAN_OUTPUT_CLOSED)
 			chan_mark_dead(ssh, c);
@@ -2349,13 +2343,13 @@
 	Session *s;
 	u_int i;
 
-	debug3("%s: channel %d", __func__, id);
+	debug3_f("channel %d", id);
 	channel_cancel_cleanup(ssh, id);
 	if ((s = session_by_x11_channel(id)) == NULL)
-		fatal("%s: no x11 channel %d", __func__, id);
+		fatal_f("no x11 channel %d", id);
 	for (i = 0; s->x11_chanids[i] != -1; i++) {
-		debug("%s: session %d: closing channel %d",
-		    __func__, s->self, s->x11_chanids[i]);
+		debug_f("session %d: closing channel %d",
+		    s->self, s->x11_chanids[i]);
 		/*
 		 * The channel "id" is already closing, but make sure we
 		 * close all of its siblings.
@@ -2382,10 +2376,9 @@
 	int r;
 
 	if ((c = channel_lookup(ssh, s->chanid)) == NULL)
-		fatal("%s: session %d: no channel %d",
-		    __func__, s->self, s->chanid);
-	debug("%s: session %d channel %d pid %ld",
-	    __func__, s->self, s->chanid, (long)s->pid);
+		fatal_f("session %d: no channel %d", s->self, s->chanid);
+	debug_f("session %d channel %d pid %ld",
+	    s->self, s->chanid, (long)s->pid);
 
 	if (WIFEXITED(status)) {
 		channel_request_start(ssh, s->chanid, "exit-status", 0);
@@ -2409,7 +2402,7 @@
 	}
 
 	/* disconnect channel */
-	debug("%s: release channel %d", __func__, s->chanid);
+	debug_f("release channel %d", s->chanid);
 
 	/*
 	 * Adjust cleanup callback attachment to send close messages when
@@ -2464,7 +2457,7 @@
 {
 	Session *s = session_by_pid(pid);
 	if (s == NULL) {
-		debug("%s: no session for pid %ld", __func__, (long)pid);
+		debug_f("no session for pid %ld", (long)pid);
 		return;
 	}
 	if (s->chanid != -1)
@@ -2485,13 +2478,12 @@
 	u_int i;
 
 	if (s == NULL) {
-		debug("%s: no session for id %d", __func__, id);
+		debug_f("no session for id %d", id);
 		return;
 	}
-	debug("%s: channel %d child %ld", __func__, id, (long)s->pid);
+	debug_f("channel %d child %ld", id, (long)s->pid);
 	if (s->pid != 0) {
-		debug("%s: channel %d: has child, ttyfd %d",
-		    __func__, id, s->ttyfd);
+		debug_f("channel %d: has child, ttyfd %d", id, s->ttyfd);
 		/*
 		 * delay detach of session, but release pty, since
 		 * the fd's to the child are already closed

sftp-client.c

diff --git a/sftp-client.c b/sftp-client.c
index 72f7fff..9de9afa 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.c,v 1.135 2019/10/04 04:31:59 djm Exp $ */
+/* $OpenBSD: sftp-client.c,v 1.155 2021/09/03 05:12:25 dtucker Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -37,6 +37,13 @@
 
 #include <dirent.h>
 #include <errno.h>
+#ifdef HAVE_POLL_H
+#include <poll.h>
+#else
+# ifdef HAVE_SYS_POLL_H
+#  include <sys/poll.h>
+# endif
+#endif
 #include <fcntl.h>
 #include <signal.h>
 #include <stdarg.h>
@@ -61,6 +68,12 @@
 extern volatile sig_atomic_t interrupted;
 extern int showprogress;
 
+/* Default size of buffer for up/download */
+#define DEFAULT_COPY_BUFLEN	32768
+
+/* Default number of concurrent outstanding requests */
+#define DEFAULT_NUM_REQUESTS	64
+
 /* Minimum amount of data to read at a time */
 #define MIN_READ_SIZE	512
 
@@ -77,7 +90,8 @@
 struct sftp_conn {
 	int fd_in;
 	int fd_out;
-	u_int transfer_buflen;
+	u_int download_buflen;
+	u_int upload_buflen;
 	u_int num_requests;
 	u_int version;
 	u_int msg_id;
@@ -87,15 +101,52 @@
 #define SFTP_EXT_HARDLINK	0x00000008
 #define SFTP_EXT_FSYNC		0x00000010
 #define SFTP_EXT_LSETSTAT	0x00000020
+#define SFTP_EXT_LIMITS		0x00000040
+#define SFTP_EXT_PATH_EXPAND	0x00000080
 	u_int exts;
 	u_int64_t limit_kbps;
 	struct bwlimit bwlimit_in, bwlimit_out;
 };
 
+/* Tracks in-progress requests during file transfers */
+struct request {
+	u_int id;
+	size_t len;
+	u_int64_t offset;
+	TAILQ_ENTRY(request) tq;
+};
+TAILQ_HEAD(requests, request);
+
 static u_char *
 get_handle(struct sftp_conn *conn, u_int expected_id, size_t *len,
     const char *errfmt, ...) __attribute__((format(printf, 4, 5)));
 
+static struct request *
+request_enqueue(struct requests *requests, u_int id, size_t len,
+    uint64_t offset)
+{
+	struct request *req;
+
+	req = xcalloc(1, sizeof(*req));
+	req->id = id;
+	req->len = len;
+	req->offset = offset;
+	TAILQ_INSERT_TAIL(requests, req, tq);
+	return req;
+}
+
+static struct request *
+request_find(struct requests *requests, u_int id)
+{
+	struct request *req;
+
+	for (req = TAILQ_FIRST(requests);
+	    req != NULL && req->id != id;
+	    req = TAILQ_NEXT(req, tq))
+		;
+	return req;
+}
+
 /* ARGSUSED */
 static int
 sftpio(void *_bwlimit, size_t amount)
@@ -139,8 +190,9 @@
 	u_char *p;
 	int r;
 
+	sshbuf_reset(m);
 	if ((r = sshbuf_reserve(m, 4, &p)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reserve");
 	if (atomicio6(read, conn->fd_in, p, 4, sftpio,
 	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL) != 4) {
 		if (errno == EPIPE || errno == ECONNRESET)
@@ -150,7 +202,7 @@
 	}
 
 	if ((r = sshbuf_get_u32(m, &msg_len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_get_u32");
 	if (msg_len > SFTP_MAX_MSG_LENGTH) {
 		do_log2(initial ? SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_FATAL,
 		    "Received message too long %u", msg_len);
@@ -159,7 +211,7 @@
 	}
 
 	if ((r = sshbuf_reserve(m, msg_len, &p)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "reserve");
 	if (atomicio6(read, conn->fd_in, p, msg_len, sftpio,
 	    conn->limit_kbps > 0 ? &conn->bwlimit_in : NULL)
 	    != msg_len) {
@@ -184,11 +236,11 @@
 	int r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, code)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_string(msg, s, len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(conn, msg);
 	debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id);
 	sshbuf_free(msg);
@@ -202,14 +254,15 @@
 	int r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, code)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_string(msg, s, len)) != 0 ||
 	    (r = encode_attrib(msg, a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(conn, msg);
-	debug3("Sent message fd %d T:%u I:%u", conn->fd_out, code, id);
+	debug3("Sent message fd %d T:%u I:%u F:0x%04x M:%05o",
+	    conn->fd_out, code, id, a->flags, a->perm);
 	sshbuf_free(msg);
 }
 
@@ -222,11 +275,11 @@
 	int r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	get_msg(conn, msg);
 	if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
 	    (r = sshbuf_get_u32(msg, &id)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 
 	if (id != expected_id)
 		fatal("ID mismatch (%u != %u)", id, expected_id);
@@ -235,7 +288,7 @@
 		    SSH2_FXP_STATUS, type);
 
 	if ((r = sshbuf_get_u32(msg, &status)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	sshbuf_free(msg);
 
 	debug3("SSH2_FXP_STATUS %u", status);
@@ -261,18 +314,18 @@
 	va_end(args);
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	get_msg(conn, msg);
 	if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
 	    (r = sshbuf_get_u32(msg, &id)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	if (id != expected_id)
 		fatal("%s: ID mismatch (%u != %u)",
 		    errfmt == NULL ? __func__ : errmsg, id, expected_id);
 	if (type == SSH2_FXP_STATUS) {
 		if ((r = sshbuf_get_u32(msg, &status)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse status");
 		if (errfmt != NULL)
 			error("%s: %s", errmsg, fx2txt(status));
 		sshbuf_free(msg);
@@ -282,12 +335,13 @@
 		    errfmt == NULL ? __func__ : errmsg, SSH2_FXP_HANDLE, type);
 
 	if ((r = sshbuf_get_string(msg, &handle, len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse handle");
 	sshbuf_free(msg);
 
 	return handle;
 }
 
+/* XXX returing &static is error-prone. Refactor to fill *Attrib argument */
 static Attrib *
 get_decode_stat(struct sftp_conn *conn, u_int expected_id, int quiet)
 {
@@ -298,21 +352,20 @@
 	static Attrib a;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	get_msg(conn, msg);
 
 	if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
 	    (r = sshbuf_get_u32(msg, &id)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
-	debug3("Received stat reply T:%u I:%u", type, id);
 	if (id != expected_id)
 		fatal("ID mismatch (%u != %u)", id, expected_id);
 	if (type == SSH2_FXP_STATUS) {
 		u_int status;
 
 		if ((r = sshbuf_get_u32(msg, &status)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse status");
 		if (quiet)
 			debug("Couldn't stat remote file: %s", fx2txt(status));
 		else
@@ -324,10 +377,12 @@
 		    SSH2_FXP_ATTRS, type);
 	}
 	if ((r = decode_attrib(msg, &a)) != 0) {
-		error("%s: couldn't decode attrib: %s", __func__, ssh_err(r));
+		error_fr(r, "decode_attrib");
 		sshbuf_free(msg);
 		return NULL;
 	}
+	debug3("Recevied stat reply T:%u I:%u F:0x%04x M:%05o",
+	    type, id, a.flags, a.perm);
 	sshbuf_free(msg);
 
 	return &a;
@@ -344,12 +399,12 @@
 	int r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	get_msg(conn, msg);
 
 	if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
 	    (r = sshbuf_get_u32(msg, &id)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("Received statvfs reply T:%u I:%u", type, id);
 	if (id != expected_id)
@@ -358,7 +413,7 @@
 		u_int status;
 
 		if ((r = sshbuf_get_u32(msg, &status)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse status");
 		if (quiet)
 			debug("Couldn't statvfs: %s", fx2txt(status));
 		else
@@ -382,7 +437,7 @@
 	    (r = sshbuf_get_u64(msg, &st->f_fsid)) != 0 ||
 	    (r = sshbuf_get_u64(msg, &flag)) != 0 ||
 	    (r = sshbuf_get_u64(msg, &st->f_namemax)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse statvfs");
 
 	st->f_flag = (flag & SSH2_FXE_STATVFS_ST_RDONLY) ? ST_RDONLY : 0;
 	st->f_flag |= (flag & SSH2_FXE_STATVFS_ST_NOSUID) ? ST_NOSUID : 0;
@@ -405,25 +460,26 @@
 	ret->msg_id = 1;
 	ret->fd_in = fd_in;
 	ret->fd_out = fd_out;
-	ret->transfer_buflen = transfer_buflen;
-	ret->num_requests = num_requests;
+	ret->download_buflen = ret->upload_buflen =
+	    transfer_buflen ? transfer_buflen : DEFAULT_COPY_BUFLEN;
+	ret->num_requests =
+	    num_requests ? num_requests : DEFAULT_NUM_REQUESTS;
 	ret->exts = 0;
 	ret->limit_kbps = 0;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_INIT)) != 0 ||
 	    (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	send_msg(ret, msg);
+		fatal_fr(r, "parse");
 
-	sshbuf_reset(msg);
+	send_msg(ret, msg);
 
 	get_msg_extended(ret, msg, 1);
 
 	/* Expecting a VERSION reply */
 	if ((r = sshbuf_get_u8(msg, &type)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type");
 	if (type != SSH2_FXP_VERSION) {
 		error("Invalid packet back from SSH2_FXP_INIT (type %u)",
 		    type);
@@ -432,7 +488,7 @@
 		return(NULL);
 	}
 	if ((r = sshbuf_get_u32(msg, &ret->version)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse version");
 
 	debug2("Remote version: %u", ret->version);
 
@@ -445,7 +501,7 @@
 
 		if ((r = sshbuf_get_cstring(msg, &name, NULL)) != 0 ||
 		    (r = sshbuf_get_string(msg, &value, &vlen)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse extension");
 		if (strcmp(name, "posix-rename@openssh.com") == 0 &&
 		    strcmp((char *)value, "1") == 0) {
 			ret->exts |= SFTP_EXT_POSIX_RENAME;
@@ -470,6 +526,14 @@
 		    strcmp((char *)value, "1") == 0) {
 			ret->exts |= SFTP_EXT_LSETSTAT;
 			known = 1;
+		} else if (strcmp(name, "limits@openssh.com") == 0 &&
+		    strcmp((char *)value, "1") == 0) {
+			ret->exts |= SFTP_EXT_LIMITS;
+			known = 1;
+		} else if (strcmp(name, "expand-path@openssh.com") == 0 &&
+		    strcmp((char *)value, "1") == 0) {
+			ret->exts |= SFTP_EXT_PATH_EXPAND;
+			known = 1;
 		}
 		if (known) {
 			debug2("Server supports extension \"%s\" revision %s",
@@ -483,16 +547,42 @@
 
 	sshbuf_free(msg);
 
+	/* Query the server for its limits */
+	if (ret->exts & SFTP_EXT_LIMITS) {
+		struct sftp_limits limits;
+		if (do_limits(ret, &limits) != 0)
+			fatal_f("limits failed");
+
+		/* If the caller did not specify, find a good value */
+		if (transfer_buflen == 0) {
+			ret->download_buflen = limits.read_length;
+			ret->upload_buflen = limits.write_length;
+			debug("Using server download size %u", ret->download_buflen);
+			debug("Using server upload size %u", ret->upload_buflen);
+		}
+
+		/* Use the server limit to scale down our value only */
+		if (num_requests == 0 && limits.open_handles) {
+			ret->num_requests =
+			    MINIMUM(DEFAULT_NUM_REQUESTS, limits.open_handles);
+			debug("Server handle limit %llu; using %u",
+			    (unsigned long long)limits.open_handles,
+			    ret->num_requests);
+		}
+	}
+
 	/* Some filexfer v.0 servers don't support large packets */
-	if (ret->version == 0)
-		ret->transfer_buflen = MINIMUM(ret->transfer_buflen, 20480);
+	if (ret->version == 0) {
+		ret->download_buflen = MINIMUM(ret->download_buflen, 20480);
+		ret->upload_buflen = MINIMUM(ret->upload_buflen, 20480);
+	}
 
 	ret->limit_kbps = limit_kbps;
 	if (ret->limit_kbps > 0) {
 		bandwidth_limit_init(&ret->bwlimit_in, ret->limit_kbps,
-		    ret->transfer_buflen);
+		    ret->download_buflen);
 		bandwidth_limit_init(&ret->bwlimit_out, ret->limit_kbps,
-		    ret->transfer_buflen);
+		    ret->upload_buflen);
 	}
 
 	return ret;
@@ -505,6 +595,60 @@
 }
 
 int
+do_limits(struct sftp_conn *conn, struct sftp_limits *limits)
+{
+	u_int id, msg_id;
+	u_char type;
+	struct sshbuf *msg;
+	int r;
+
+	if ((conn->exts & SFTP_EXT_LIMITS) == 0) {
+		error("Server does not support limits@openssh.com extension");
+		return -1;
+	}
+
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
+
+	id = conn->msg_id++;
+	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
+	    (r = sshbuf_put_u32(msg, id)) != 0 ||
+	    (r = sshbuf_put_cstring(msg, "limits@openssh.com")) != 0)
+		fatal_fr(r, "compose");
+	send_msg(conn, msg);
+	debug3("Sent message limits@openssh.com I:%u", id);
+
+	get_msg(conn, msg);
+
+	if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
+	    (r = sshbuf_get_u32(msg, &msg_id)) != 0)
+		fatal_fr(r, "parse");
+
+	debug3("Received limits reply T:%u I:%u", type, msg_id);
+	if (id != msg_id)
+		fatal("ID mismatch (%u != %u)", msg_id, id);
+	if (type != SSH2_FXP_EXTENDED_REPLY) {
+		debug_f("expected SSH2_FXP_EXTENDED_REPLY(%u) packet, got %u",
+		    SSH2_FXP_EXTENDED_REPLY, type);
+		/* Disable the limits extension */
+		conn->exts &= ~SFTP_EXT_LIMITS;
+		sshbuf_free(msg);
+		return 0;
+	}
+
+	memset(limits, 0, sizeof(*limits));
+	if ((r = sshbuf_get_u64(msg, &limits->packet_length)) != 0 ||
+	    (r = sshbuf_get_u64(msg, &limits->read_length)) != 0 ||
+	    (r = sshbuf_get_u64(msg, &limits->write_length)) != 0 ||
+	    (r = sshbuf_get_u64(msg, &limits->open_handles)) != 0)
+		fatal_fr(r, "parse limits");
+
+	sshbuf_free(msg);
+
+	return 0;
+}
+
+int
 do_close(struct sftp_conn *conn, const u_char *handle, u_int handle_len)
 {
 	u_int id, status;
@@ -512,13 +656,13 @@
 	int r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	id = conn->msg_id++;
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_CLOSE)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	send_msg(conn, msg);
 	debug3("Sent message SSH2_FXP_CLOSE I:%u", id);
 
@@ -549,11 +693,11 @@
 	id = conn->msg_id++;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPENDIR)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, path)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose OPENDIR");
 	send_msg(conn, msg);
 
 	handle = get_handle(conn, id, &handle_len,
@@ -578,7 +722,7 @@
 		if ((r = sshbuf_put_u8(msg, SSH2_FXP_READDIR)) != 0 ||
 		    (r = sshbuf_put_u32(msg, id)) != 0 ||
 		    (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose READDIR");
 		send_msg(conn, msg);
 
 		sshbuf_reset(msg);
@@ -587,7 +731,7 @@
 
 		if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
 		    (r = sshbuf_get_u32(msg, &id)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse");
 
 		debug3("Received reply T:%u I:%u", type, id);
 
@@ -598,8 +742,7 @@
 			u_int rstatus;
 
 			if ((r = sshbuf_get_u32(msg, &rstatus)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse status");
 			debug3("Received SSH2_FXP_STATUS %d", rstatus);
 			if (rstatus == SSH2_FX_EOF)
 				break;
@@ -610,9 +753,9 @@
 			    SSH2_FXP_NAME, type);
 
 		if ((r = sshbuf_get_u32(msg, &count)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse count");
 		if (count > SSHBUF_SIZE_MAX)
-			fatal("%s: nonsensical number of entries", __func__);
+			fatal_f("nonsensical number of entries");
 		if (count == 0)
 			break;
 		debug3("Received %d SSH2_FXP_NAME responses", count);
@@ -624,11 +767,9 @@
 			    NULL)) != 0 ||
 			    (r = sshbuf_get_cstring(msg, &longname,
 			    NULL)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse filenames");
 			if ((r = decode_attrib(msg, &a)) != 0) {
-				error("%s: couldn't decode attrib: %s",
-				    __func__, ssh_err(r));
+				error_fr(r, "couldn't decode attrib");
 				free(filename);
 				free(longname);
 				goto out;
@@ -828,8 +969,9 @@
 	return status == SSH2_FX_OK ? 0 : -1;
 }
 
-char *
-do_realpath(struct sftp_conn *conn, const char *path)
+/* Implements both the realpath and expand-path operations */
+static char *
+do_realpath_expand(struct sftp_conn *conn, const char *path, int expand)
 {
 	struct sshbuf *msg;
 	u_int expected_id, count, id;
@@ -837,18 +979,30 @@
 	Attrib a;
 	u_char type;
 	int r;
+	const char *what = "SSH2_FXP_REALPATH";
+
+	if (expand)
+		what = "expand-path@openssh.com";
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
 
 	expected_id = id = conn->msg_id++;
-	send_string_request(conn, id, SSH2_FXP_REALPATH, path,
-	    strlen(path));
-
-	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
-
+	if (expand) {
+		if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
+		    (r = sshbuf_put_u32(msg, id)) != 0 ||
+		    (r = sshbuf_put_cstring(msg,
+		    "expand-path@openssh.com")) != 0 ||
+		    (r = sshbuf_put_cstring(msg, path)) != 0)
+			fatal_fr(r, "compose %s", what);
+		send_msg(conn, msg);
+	} else {
+		send_string_request(conn, id, SSH2_FXP_REALPATH,
+		    path, strlen(path));
+	}
 	get_msg(conn, msg);
 	if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
 	    (r = sshbuf_get_u32(msg, &id)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	if (id != expected_id)
 		fatal("ID mismatch (%u != %u)", id, expected_id);
@@ -857,7 +1011,7 @@
 		u_int status;
 
 		if ((r = sshbuf_get_u32(msg, &status)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse status");
 		error("Couldn't canonicalize: %s", fx2txt(status));
 		sshbuf_free(msg);
 		return NULL;
@@ -866,17 +1020,16 @@
 		    SSH2_FXP_NAME, type);
 
 	if ((r = sshbuf_get_u32(msg, &count)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse count");
 	if (count != 1)
-		fatal("Got multiple names (%d) from SSH_FXP_REALPATH", count);
+		fatal("Got multiple names (%d) from %s", count, what);
 
 	if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 ||
 	    (r = decode_attrib(msg, &a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse filename/attrib");
 
-	debug3("SSH_FXP_REALPATH %s -> %s size %lu", path, filename,
-	    (unsigned long)a.size);
+	debug3("%s %s -> %s", what, path, filename);
 
 	free(longname);
 
@@ -885,6 +1038,28 @@
 	return(filename);
 }
 
+char *
+do_realpath(struct sftp_conn *conn, const char *path)
+{
+	return do_realpath_expand(conn, path, 0);
+}
+
+int
+can_expand_path(struct sftp_conn *conn)
+{
+	return (conn->exts & SFTP_EXT_PATH_EXPAND) != 0;
+}
+
+char *
+do_expand_path(struct sftp_conn *conn, const char *path)
+{
+	if (!can_expand_path(conn)) {
+		debug3_f("no server support, fallback to realpath");
+		return do_realpath_expand(conn, path, 0);
+	}
+	return do_realpath_expand(conn, path, 1);
+}
+
 int
 do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath,
     int force_legacy)
@@ -894,7 +1069,7 @@
 	int r, use_ext = (conn->exts & SFTP_EXT_POSIX_RENAME) && !force_legacy;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	/* Send rename request */
 	id = conn->msg_id++;
@@ -903,15 +1078,15 @@
 		    (r = sshbuf_put_u32(msg, id)) != 0 ||
 		    (r = sshbuf_put_cstring(msg,
 		    "posix-rename@openssh.com")) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose posix-rename");
 	} else {
 		if ((r = sshbuf_put_u8(msg, SSH2_FXP_RENAME)) != 0 ||
 		    (r = sshbuf_put_u32(msg, id)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose rename");
 	}
 	if ((r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, newpath)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose paths");
 	send_msg(conn, msg);
 	debug3("Sent message %s \"%s\" -> \"%s\"",
 	    use_ext ? "posix-rename@openssh.com" :
@@ -939,7 +1114,7 @@
 	}
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	/* Send link request */
 	id = conn->msg_id++;
@@ -948,10 +1123,10 @@
 	    (r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 ||
 	    (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, newpath)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(conn, msg);
 	debug3("Sent message hardlink@openssh.com \"%s\" -> \"%s\"",
-	       oldpath, newpath);
+	    oldpath, newpath);
 	sshbuf_free(msg);
 
 	status = get_status(conn, id);
@@ -975,7 +1150,7 @@
 	}
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	/* Send symlink request */
 	id = conn->msg_id++;
@@ -983,7 +1158,7 @@
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, oldpath)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, newpath)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(conn, msg);
 	debug3("Sent message SSH2_FXP_SYMLINK \"%s\" -> \"%s\"", oldpath,
 	    newpath);
@@ -1010,13 +1185,13 @@
 
 	/* Send fsync request */
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	id = conn->msg_id++;
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 ||
 	    (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(conn, msg);
 	debug3("Sent message fsync@openssh.com I:%u", id);
 	sshbuf_free(msg);
@@ -1043,12 +1218,12 @@
 	send_string_request(conn, id, SSH2_FXP_READLINK, path, strlen(path));
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	get_msg(conn, msg);
 	if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
 	    (r = sshbuf_get_u32(msg, &id)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	if (id != expected_id)
 		fatal("ID mismatch (%u != %u)", id, expected_id);
@@ -1057,7 +1232,7 @@
 		u_int status;
 
 		if ((r = sshbuf_get_u32(msg, &status)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse status");
 		error("Couldn't readlink: %s", fx2txt(status));
 		sshbuf_free(msg);
 		return(NULL);
@@ -1066,14 +1241,14 @@
 		    SSH2_FXP_NAME, type);
 
 	if ((r = sshbuf_get_u32(msg, &count)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse count");
 	if (count != 1)
 		fatal("Got multiple names (%d) from SSH_FXP_READLINK", count);
 
 	if ((r = sshbuf_get_cstring(msg, &filename, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(msg, &longname, NULL)) != 0 ||
 	    (r = decode_attrib(msg, &a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse filenames/attrib");
 
 	debug3("SSH_FXP_READLINK %s -> %s", path, filename);
 
@@ -1101,12 +1276,12 @@
 	id = conn->msg_id++;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 ||
 	    (r = sshbuf_put_cstring(msg, path)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(conn, msg);
 	sshbuf_free(msg);
 
@@ -1129,12 +1304,12 @@
 	id = conn->msg_id++;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 ||
 	    (r = sshbuf_put_string(msg, handle, handle_len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(conn, msg);
 	sshbuf_free(msg);
 
@@ -1156,13 +1331,13 @@
 
 	id = conn->msg_id++;
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
 	    (r = sshbuf_put_cstring(msg, path)) != 0 ||
 	    (r = encode_attrib(msg, a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(conn, msg);
 	sshbuf_free(msg);
 
@@ -1182,23 +1357,76 @@
 	int r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_READ)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_string(msg, handle, handle_len)) != 0 ||
 	    (r = sshbuf_put_u64(msg, offset)) != 0 ||
 	    (r = sshbuf_put_u32(msg, len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(conn, msg);
 	sshbuf_free(msg);
 }
 
+static int
+send_open(struct sftp_conn *conn, const char *path, const char *tag,
+    u_int openmode, Attrib *a, u_char **handlep, size_t *handle_lenp)
+{
+	Attrib junk;
+	u_char *handle;
+	size_t handle_len;
+	struct sshbuf *msg;
+	int r;
+	u_int id;
+
+	*handlep = NULL;
+	*handle_lenp = 0;
+
+	if (a == NULL) {
+		attrib_clear(&junk); /* Send empty attributes */
+		a = &junk;
+	}
+	/* Send open request */
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
+	id = conn->msg_id++;
+	if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
+	    (r = sshbuf_put_u32(msg, id)) != 0 ||
+	    (r = sshbuf_put_cstring(msg, path)) != 0 ||
+	    (r = sshbuf_put_u32(msg, openmode)) != 0 ||
+	    (r = encode_attrib(msg, a)) != 0)
+		fatal_fr(r, "compose %s open", tag);
+	send_msg(conn, msg);
+	sshbuf_free(msg);
+	debug3("Sent %s message SSH2_FXP_OPEN I:%u P:%s M:0x%04x",
+	    tag, id, path, openmode);
+	if ((handle = get_handle(conn, id, &handle_len,
+	    "%s open(\"%s\")", tag, path)) == NULL)
+		return -1;
+	/* success */
+	*handlep = handle;
+	*handle_lenp = handle_len;
+	return 0;
+}
+
+static const char *
+progress_meter_path(const char *path)
+{
+	const char *progresspath;
+
+	if ((progresspath = strrchr(path, '/')) == NULL)
+		return path;
+	progresspath++;
+	if (*progresspath == '\0')
+		return path;
+	return progresspath;
+}
+
 int
 do_download(struct sftp_conn *conn, const char *remote_path,
     const char *local_path, Attrib *a, int preserve_flag, int resume_flag,
     int fsync_flag)
 {
-	Attrib junk;
 	struct sshbuf *msg;
 	u_char *handle;
 	int local_fd = -1, write_error;
@@ -1208,13 +1436,7 @@
 	off_t progress_counter;
 	size_t handle_len;
 	struct stat st;
-	struct request {
-		u_int id;
-		size_t len;
-		u_int64_t offset;
-		TAILQ_ENTRY(request) tq;
-	};
-	TAILQ_HEAD(reqhead, request) requests;
+	struct requests requests;
 	struct request *req;
 	u_char type;
 
@@ -1240,29 +1462,12 @@
 	else
 		size = 0;
 
-	buflen = conn->transfer_buflen;
-	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
-
-	attrib_clear(&junk); /* Send empty attributes */
+	buflen = conn->download_buflen;
 
 	/* Send open request */
-	id = conn->msg_id++;
-	if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
-	    (r = sshbuf_put_u32(msg, id)) != 0 ||
-	    (r = sshbuf_put_cstring(msg, remote_path)) != 0 ||
-	    (r = sshbuf_put_u32(msg, SSH2_FXF_READ)) != 0 ||
-	    (r = encode_attrib(msg, &junk)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	send_msg(conn, msg);
-	debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
-
-	handle = get_handle(conn, id, &handle_len,
-	    "remote open(\"%s\")", remote_path);
-	if (handle == NULL) {
-		sshbuf_free(msg);
-		return(-1);
-	}
+	if (send_open(conn, remote_path, "remote", SSH2_FXF_READ, NULL,
+	    &handle, &handle_len) != 0)
+		return -1;
 
 	local_fd = open(local_path,
 	    O_WRONLY | O_CREAT | (resume_flag ? 0 : O_TRUNC), mode | S_IWUSR);
@@ -1287,7 +1492,6 @@
 			    "local file is larger than remote", local_path);
  fail:
 			do_close(conn, handle, handle_len);
-			sshbuf_free(msg);
 			free(handle);
 			if (local_fd != -1)
 				close(local_fd);
@@ -1301,8 +1505,13 @@
 	max_req = 1;
 	progress_counter = offset;
 
-	if (showprogress && size != 0)
-		start_progress_meter(remote_path, size, &progress_counter);
+	if (showprogress && size != 0) {
+		start_progress_meter(progress_meter_path(remote_path),
+		    size, &progress_counter);
+	}
+
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
 
 	while (num_req > 0 || max_req > 0) {
 		u_char *data;
@@ -1324,13 +1533,10 @@
 			    (unsigned long long)offset,
 			    (unsigned long long)offset + buflen - 1,
 			    num_req, max_req);
-			req = xcalloc(1, sizeof(*req));
-			req->id = conn->msg_id++;
-			req->len = buflen;
-			req->offset = offset;
+			req = request_enqueue(&requests, conn->msg_id++,
+			    buflen, offset);
 			offset += buflen;
 			num_req++;
-			TAILQ_INSERT_TAIL(&requests, req, tq);
 			send_read_request(conn, req->id, req->offset,
 			    req->len, handle, handle_len);
 		}
@@ -1339,22 +1545,17 @@
 		get_msg(conn, msg);
 		if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
 		    (r = sshbuf_get_u32(msg, &id)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse");
 		debug3("Received reply T:%u I:%u R:%d", type, id, max_req);
 
 		/* Find the request in our queue */
-		for (req = TAILQ_FIRST(&requests);
-		    req != NULL && req->id != id;
-		    req = TAILQ_NEXT(req, tq))
-			;
-		if (req == NULL)
+		if ((req = request_find(&requests, id)) == NULL)
 			fatal("Unexpected reply %u", id);
 
 		switch (type) {
 		case SSH2_FXP_STATUS:
 			if ((r = sshbuf_get_u32(msg, &status)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse status");
 			if (status != SSH2_FX_EOF)
 				read_error = 1;
 			max_req = 0;
@@ -1364,8 +1565,7 @@
 			break;
 		case SSH2_FXP_DATA:
 			if ((r = sshbuf_get_string(msg, &data, &len)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse data");
 			debug3("Received data %llu -> %llu",
 			    (unsigned long long)req->offset,
 			    (unsigned long long)req->offset + len - 1);
@@ -1415,7 +1615,7 @@
 					    (unsigned long long)offset,
 					    num_req);
 					max_req = 1;
-				} else if (max_req <= conn->num_requests) {
+				} else if (max_req < conn->num_requests) {
 					++max_req;
 				}
 			}
@@ -1495,12 +1695,12 @@
 static int
 download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
     int depth, Attrib *dirattrib, int preserve_flag, int print_flag,
-    int resume_flag, int fsync_flag)
+    int resume_flag, int fsync_flag, int follow_link_flag)
 {
 	int i, ret = 0;
 	SFTP_DIRENT **dir_entries;
 	char *filename, *new_src = NULL, *new_dst = NULL;
-	mode_t mode = 0777;
+	mode_t mode = 0777, tmpmode = mode;
 
 	if (depth >= MAX_DIR_DEPTH) {
 		error("Maximum directory depth exceeded: %d levels", depth);
@@ -1516,17 +1716,18 @@
 		error("\"%s\" is not a directory", src);
 		return -1;
 	}
-	if (print_flag)
+	if (print_flag && print_flag != SFTP_PROGRESS_ONLY)
 		mprintf("Retrieving %s\n", src);
 
-	if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS)
+	if (dirattrib->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
 		mode = dirattrib->perm & 01777;
-	else {
+		tmpmode = mode | (S_IWUSR|S_IXUSR);
+	} else {
 		debug("Server did not send permissions for "
 		    "directory \"%s\"", dst);
 	}
 
-	if (mkdir(dst, mode) == -1 && errno != EEXIST) {
+	if (mkdir(dst, tmpmode) == -1 && errno != EEXIST) {
 		error("mkdir %s: %s", dst, strerror(errno));
 		return -1;
 	}
@@ -1550,12 +1751,20 @@
 				continue;
 			if (download_dir_internal(conn, new_src, new_dst,
 			    depth + 1, &(dir_entries[i]->a), preserve_flag,
-			    print_flag, resume_flag, fsync_flag) == -1)
+			    print_flag, resume_flag,
+			    fsync_flag, follow_link_flag) == -1)
 				ret = -1;
-		} else if (S_ISREG(dir_entries[i]->a.perm) ) {
+		} else if (S_ISREG(dir_entries[i]->a.perm) ||
+		    (follow_link_flag && S_ISLNK(dir_entries[i]->a.perm))) {
+			/*
+			 * If this is a symlink then don't send the link's
+			 * Attrib. do_download() will do a FXP_STAT operation
+			 * and get the link target's attributes.
+			 */
 			if (do_download(conn, new_src, new_dst,
-			    &(dir_entries[i]->a), preserve_flag,
-			    resume_flag, fsync_flag) == -1) {
+			    S_ISLNK(dir_entries[i]->a.perm) ? NULL :
+			    &(dir_entries[i]->a),
+			    preserve_flag, resume_flag, fsync_flag) == -1) {
 				error("Download of file %s to %s failed",
 				    new_src, new_dst);
 				ret = -1;
@@ -1581,6 +1790,10 @@
 			    "\"%s\"", dst);
 	}
 
+	if (mode != tmpmode && chmod(dst, mode) == -1)
+		error("Can't set final mode on \"%s\": %s", dst,
+		    strerror(errno));
+
 	free_sftp_dirents(dir_entries);
 
 	return ret;
@@ -1589,7 +1802,7 @@
 int
 download_dir(struct sftp_conn *conn, const char *src, const char *dst,
     Attrib *dirattrib, int preserve_flag, int print_flag, int resume_flag,
-    int fsync_flag)
+    int fsync_flag, int follow_link_flag)
 {
 	char *src_canon;
 	int ret;
@@ -1600,7 +1813,8 @@
 	}
 
 	ret = download_dir_internal(conn, src_canon, dst, 0,
-	    dirattrib, preserve_flag, print_flag, resume_flag, fsync_flag);
+	    dirattrib, preserve_flag, print_flag, resume_flag, fsync_flag,
+	    follow_link_flag);
 	free(src_canon);
 	return ret;
 }
@@ -1620,14 +1834,8 @@
 	Attrib a, *c = NULL;
 	u_int32_t startid;
 	u_int32_t ackid;
-	struct outstanding_ack {
-		u_int id;
-		u_int len;
-		off_t offset;
-		TAILQ_ENTRY(outstanding_ack) tq;
-	};
-	TAILQ_HEAD(ackhead, outstanding_ack) acks;
-	struct outstanding_ack *ack = NULL;
+	struct request *ack = NULL;
+	struct requests acks;
 	size_t handle_len;
 
 	TAILQ_INIT(&acks);
@@ -1665,7 +1873,7 @@
 
 		if ((off_t)c->size >= sb.st_size) {
 			error("destination file bigger or same size as "
-			      "source file");
+			    "source file");
 			close(local_fd);
 			return -1;
 		}
@@ -1676,40 +1884,27 @@
 		}
 	}
 
-	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
-
 	/* Send open request */
-	id = conn->msg_id++;
-	if ((r = sshbuf_put_u8(msg, SSH2_FXP_OPEN)) != 0 ||
-	    (r = sshbuf_put_u32(msg, id)) != 0 ||
-	    (r = sshbuf_put_cstring(msg, remote_path)) != 0 ||
-	    (r = sshbuf_put_u32(msg, SSH2_FXF_WRITE|SSH2_FXF_CREAT|
-	    (resume ? SSH2_FXF_APPEND : SSH2_FXF_TRUNC))) != 0 ||
-	    (r = encode_attrib(msg, &a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	send_msg(conn, msg);
-	debug3("Sent message SSH2_FXP_OPEN I:%u P:%s", id, remote_path);
-
-	sshbuf_reset(msg);
-
-	handle = get_handle(conn, id, &handle_len,
-	    "remote open(\"%s\")", remote_path);
-	if (handle == NULL) {
+	if (send_open(conn, remote_path, "dest", SSH2_FXF_WRITE|SSH2_FXF_CREAT|
+	    (resume ? SSH2_FXF_APPEND : SSH2_FXF_TRUNC),
+	    &a, &handle, &handle_len) != 0) {
 		close(local_fd);
-		sshbuf_free(msg);
 		return -1;
 	}
 
+	id = conn->msg_id;
 	startid = ackid = id + 1;
-	data = xmalloc(conn->transfer_buflen);
+	data = xmalloc(conn->upload_buflen);
 
 	/* Read from local and write to remote */
 	offset = progress_counter = (resume ? c->size : 0);
-	if (showprogress)
-		start_progress_meter(local_path, sb.st_size,
-		    &progress_counter);
+	if (showprogress) {
+		start_progress_meter(progress_meter_path(local_path),
+		    sb.st_size, &progress_counter);
+	}
 
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
 	for (;;) {
 		int len;
 
@@ -1722,7 +1917,7 @@
 		if (interrupted || status != SSH2_FX_OK)
 			len = 0;
 		else do
-			len = read(local_fd, data, conn->transfer_buflen);
+			len = read(local_fd, data, conn->upload_buflen);
 		while ((len == -1) &&
 		    (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK));
 
@@ -1731,12 +1926,7 @@
 			    strerror(errno));
 
 		if (len != 0) {
-			ack = xcalloc(1, sizeof(*ack));
-			ack->id = ++id;
-			ack->offset = offset;
-			ack->len = len;
-			TAILQ_INSERT_TAIL(&acks, ack, tq);
-
+			ack = request_enqueue(&acks, ++id, len, offset);
 			sshbuf_reset(msg);
 			if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 ||
 			    (r = sshbuf_put_u32(msg, ack->id)) != 0 ||
@@ -1744,8 +1934,7 @@
 			    handle_len)) != 0 ||
 			    (r = sshbuf_put_u64(msg, offset)) != 0 ||
 			    (r = sshbuf_put_string(msg, data, len)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "compose");
 			send_msg(conn, msg);
 			debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%u",
 			    id, (unsigned long long)offset, len);
@@ -1763,35 +1952,29 @@
 			get_msg(conn, msg);
 			if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
 			    (r = sshbuf_get_u32(msg, &rid)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse");
 
 			if (type != SSH2_FXP_STATUS)
 				fatal("Expected SSH2_FXP_STATUS(%d) packet, "
 				    "got %d", SSH2_FXP_STATUS, type);
 
 			if ((r = sshbuf_get_u32(msg, &status)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse status");
 			debug3("SSH2_FXP_STATUS %u", status);
 
 			/* Find the request in our queue */
-			for (ack = TAILQ_FIRST(&acks);
-			    ack != NULL && ack->id != rid;
-			    ack = TAILQ_NEXT(ack, tq))
-				;
-			if (ack == NULL)
+			if ((ack = request_find(&acks, rid)) == NULL)
 				fatal("Can't find request for ID %u", rid);
 			TAILQ_REMOVE(&acks, ack, tq);
-			debug3("In write loop, ack for %u %u bytes at %lld",
-			    ack->id, ack->len, (long long)ack->offset);
+			debug3("In write loop, ack for %u %zu bytes at %lld",
+			    ack->id, ack->len, (unsigned long long)ack->offset);
 			++ackid;
 			progress_counter += ack->len;
 			free(ack);
 		}
 		offset += len;
 		if (offset < 0)
-			fatal("%s: offset < 0", __func__);
+			fatal_f("offset < 0");
 	}
 	sshbuf_free(msg);
 
@@ -1828,7 +2011,8 @@
 
 static int
 upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
-    int depth, int preserve_flag, int print_flag, int resume, int fsync_flag)
+    int depth, int preserve_flag, int print_flag, int resume, int fsync_flag,
+    int follow_link_flag)
 {
 	int ret = 0;
 	DIR *dirp;
@@ -1836,6 +2020,7 @@
 	char *filename, *new_src = NULL, *new_dst = NULL;
 	struct stat sb;
 	Attrib a, *dirattrib;
+	u_int32_t saved_perm;
 
 	if (depth >= MAX_DIR_DEPTH) {
 		error("Maximum directory depth exceeded: %d levels", depth);
@@ -1851,10 +2036,9 @@
 		error("\"%s\" is not a directory", src);
 		return -1;
 	}
-	if (print_flag)
+	if (print_flag && print_flag != SFTP_PROGRESS_ONLY)
 		mprintf("Entering %s\n", src);
 
-	attrib_clear(&a);
 	stat_to_attrib(&sb, &a);
 	a.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
 	a.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
@@ -1865,8 +2049,11 @@
 	/*
 	 * sftp lacks a portable status value to match errno EEXIST,
 	 * so if we get a failure back then we must check whether
-	 * the path already existed and is a directory.
+	 * the path already existed and is a directory.  Ensure we can
+	 * write to the directory we create for the duration of the transfer.
 	 */
+	saved_perm = a.perm;
+	a.perm |= (S_IWUSR|S_IXUSR);
 	if (do_mkdir(conn, dst, &a, 0) != 0) {
 		if ((dirattrib = do_stat(conn, dst, 0)) == NULL)
 			return -1;
@@ -1875,6 +2062,7 @@
 			return -1;
 		}
 	}
+	a.perm = saved_perm;
 
 	if ((dirp = opendir(src)) == NULL) {
 		error("Failed to open dir \"%s\": %s", src, strerror(errno));
@@ -1901,9 +2089,10 @@
 
 			if (upload_dir_internal(conn, new_src, new_dst,
 			    depth + 1, preserve_flag, print_flag, resume,
-			    fsync_flag) == -1)
+			    fsync_flag, follow_link_flag) == -1)
 				ret = -1;
-		} else if (S_ISREG(sb.st_mode)) {
+		} else if (S_ISREG(sb.st_mode) ||
+		    (follow_link_flag && S_ISLNK(sb.st_mode))) {
 			if (do_upload(conn, new_src, new_dst,
 			    preserve_flag, resume, fsync_flag) == -1) {
 				error("Uploading of file %s to %s failed!",
@@ -1924,7 +2113,8 @@
 
 int
 upload_dir(struct sftp_conn *conn, const char *src, const char *dst,
-    int preserve_flag, int print_flag, int resume, int fsync_flag)
+    int preserve_flag, int print_flag, int resume, int fsync_flag,
+    int follow_link_flag)
 {
 	char *dst_canon;
 	int ret;
@@ -1935,12 +2125,448 @@
 	}
 
 	ret = upload_dir_internal(conn, src, dst_canon, 0, preserve_flag,
-	    print_flag, resume, fsync_flag);
+	    print_flag, resume, fsync_flag, follow_link_flag);
 
 	free(dst_canon);
 	return ret;
 }
 
+static void
+handle_dest_replies(struct sftp_conn *to, const char *to_path, int synchronous,
+    u_int *nreqsp, u_int *write_errorp)
+{
+	struct sshbuf *msg;
+	u_char type;
+	u_int id, status;
+	int r;
+	struct pollfd pfd;
+
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
+
+	/* Try to eat replies from the upload side */
+	while (*nreqsp > 0) {
+		debug3_f("%u outstanding replies", *nreqsp);
+		if (!synchronous) {
+			/* Bail out if no data is ready to be read */
+			pfd.fd = to->fd_in;
+			pfd.events = POLLIN;
+			if ((r = poll(&pfd, 1, 0)) == -1) {
+				if (errno == EINTR)
+					break;
+				fatal_f("poll: %s", strerror(errno));
+			} else if (r == 0)
+				break; /* fd not ready */
+		}
+		sshbuf_reset(msg);
+		get_msg(to, msg);
+
+		if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
+		    (r = sshbuf_get_u32(msg, &id)) != 0)
+			fatal_fr(r, "dest parse");
+		debug3("Received dest reply T:%u I:%u R:%u", type, id, *nreqsp);
+		if (type != SSH2_FXP_STATUS) {
+			fatal_f("Expected SSH2_FXP_STATUS(%d) packet, got %d",
+			    SSH2_FXP_STATUS, type);
+		}
+		if ((r = sshbuf_get_u32(msg, &status)) != 0)
+			fatal_fr(r, "parse dest status");
+		debug3("dest SSH2_FXP_STATUS %u", status);
+		if (status != SSH2_FX_OK) {
+			/* record first error */
+			if (*write_errorp == 0)
+				*write_errorp = status;
+		}
+		/*
+		 * XXX this doesn't do full reply matching like do_upload and
+		 * so cannot gracefully truncate terminated uploads at a
+		 * high-water mark. ATM the only caller of this function (scp)
+		 * doesn't support transfer resumption, so this doesn't matter
+		 * a whole lot.
+		 *
+		 * To be safe, do_crossload truncates the destination file to
+		 * zero length on upload failure, since we can't trust the
+		 * server not to have reordered replies that could have
+		 * inserted holes where none existed in the source file.
+		 *
+		 * XXX we could get a more accutate progress bar if we updated
+		 * the counter based on the reply from the destination...
+		 */
+		(*nreqsp)--;
+	}
+	debug3_f("done: %u outstanding replies", *nreqsp);
+}
+
+int
+do_crossload(struct sftp_conn *from, struct sftp_conn *to,
+    const char *from_path, const char *to_path,
+    Attrib *a, int preserve_flag)
+{
+	struct sshbuf *msg;
+	int write_error, read_error, r;
+	u_int64_t offset = 0, size;
+	u_int id, buflen, num_req, max_req, status = SSH2_FX_OK;
+	u_int num_upload_req;
+	off_t progress_counter;
+	u_char *from_handle, *to_handle;
+	size_t from_handle_len, to_handle_len;
+	struct requests requests;
+	struct request *req;
+	u_char type;
+
+	TAILQ_INIT(&requests);
+
+	if (a == NULL && (a = do_stat(from, from_path, 0)) == NULL)
+		return -1;
+
+	if ((a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) &&
+	    (!S_ISREG(a->perm))) {
+		error("Cannot download non-regular file: %s", from_path);
+		return(-1);
+	}
+	if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
+		size = a->size;
+	else
+		size = 0;
+
+	buflen = from->download_buflen;
+	if (buflen > to->upload_buflen)
+		buflen = to->upload_buflen;
+
+	/* Send open request to read side */
+	if (send_open(from, from_path, "origin", SSH2_FXF_READ, NULL,
+	    &from_handle, &from_handle_len) != 0)
+		return -1;
+
+	/* Send open request to write side */
+	a->flags &= ~SSH2_FILEXFER_ATTR_SIZE;
+	a->flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
+	a->perm &= 0777;
+	if (!preserve_flag)
+		a->flags &= ~SSH2_FILEXFER_ATTR_ACMODTIME;
+	if (send_open(to, to_path, "dest",
+	    SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC, a,
+	    &to_handle, &to_handle_len) != 0) {
+		do_close(from, from_handle, from_handle_len);
+		return -1;
+	}
+
+	/* Read from remote "from" and write to remote "to" */
+	offset = 0;
+	write_error = read_error = num_req = num_upload_req = 0;
+	max_req = 1;
+	progress_counter = 0;
+
+	if (showprogress && size != 0) {
+		start_progress_meter(progress_meter_path(from_path),
+		    size, &progress_counter);
+	}
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
+	while (num_req > 0 || max_req > 0) {
+		u_char *data;
+		size_t len;
+
+		/*
+		 * Simulate EOF on interrupt: stop sending new requests and
+		 * allow outstanding requests to drain gracefully
+		 */
+		if (interrupted) {
+			if (num_req == 0) /* If we haven't started yet... */
+				break;
+			max_req = 0;
+		}
+
+		/* Send some more requests */
+		while (num_req < max_req) {
+			debug3("Request range %llu -> %llu (%d/%d)",
+			    (unsigned long long)offset,
+			    (unsigned long long)offset + buflen - 1,
+			    num_req, max_req);
+			req = request_enqueue(&requests, from->msg_id++,
+			    buflen, offset);
+			offset += buflen;
+			num_req++;
+			send_read_request(from, req->id, req->offset,
+			    req->len, from_handle, from_handle_len);
+		}
+
+		/* Try to eat replies from the upload side (nonblocking) */
+		handle_dest_replies(to, to_path, 0,
+		    &num_upload_req, &write_error);
+
+		sshbuf_reset(msg);
+		get_msg(from, msg);
+		if ((r = sshbuf_get_u8(msg, &type)) != 0 ||
+		    (r = sshbuf_get_u32(msg, &id)) != 0)
+			fatal_fr(r, "parse");
+		debug3("Received origin reply T:%u I:%u R:%d",
+		    type, id, max_req);
+
+		/* Find the request in our queue */
+		if ((req = request_find(&requests, id)) == NULL)
+			fatal("Unexpected reply %u", id);
+
+		switch (type) {
+		case SSH2_FXP_STATUS:
+			if ((r = sshbuf_get_u32(msg, &status)) != 0)
+				fatal_fr(r, "parse status");
+			if (status != SSH2_FX_EOF)
+				read_error = 1;
+			max_req = 0;
+			TAILQ_REMOVE(&requests, req, tq);
+			free(req);
+			num_req--;
+			break;
+		case SSH2_FXP_DATA:
+			if ((r = sshbuf_get_string(msg, &data, &len)) != 0)
+				fatal_fr(r, "parse data");
+			debug3("Received data %llu -> %llu",
+			    (unsigned long long)req->offset,
+			    (unsigned long long)req->offset + len - 1);
+			if (len > req->len)
+				fatal("Received more data than asked for "
+				    "%zu > %zu", len, req->len);
+
+			/* Write this chunk out to the destination */
+			sshbuf_reset(msg);
+			if ((r = sshbuf_put_u8(msg, SSH2_FXP_WRITE)) != 0 ||
+			    (r = sshbuf_put_u32(msg, to->msg_id++)) != 0 ||
+			    (r = sshbuf_put_string(msg, to_handle,
+			    to_handle_len)) != 0 ||
+			    (r = sshbuf_put_u64(msg, req->offset)) != 0 ||
+			    (r = sshbuf_put_string(msg, data, len)) != 0)
+				fatal_fr(r, "compose write");
+			send_msg(to, msg);
+			debug3("Sent message SSH2_FXP_WRITE I:%u O:%llu S:%zu",
+			    id, (unsigned long long)offset, len);
+			num_upload_req++;
+			progress_counter += len;
+			free(data);
+
+			if (len == req->len) {
+				TAILQ_REMOVE(&requests, req, tq);
+				free(req);
+				num_req--;
+			} else {
+				/* Resend the request for the missing data */
+				debug3("Short data block, re-requesting "
+				    "%llu -> %llu (%2d)",
+				    (unsigned long long)req->offset + len,
+				    (unsigned long long)req->offset +
+				    req->len - 1, num_req);
+				req->id = from->msg_id++;
+				req->len -= len;
+				req->offset += len;
+				send_read_request(from, req->id,
+				    req->offset, req->len,
+				    from_handle, from_handle_len);
+				/* Reduce the request size */
+				if (len < buflen)
+					buflen = MAXIMUM(MIN_READ_SIZE, len);
+			}
+			if (max_req > 0) { /* max_req = 0 iff EOF received */
+				if (size > 0 && offset > size) {
+					/* Only one request at a time
+					 * after the expected EOF */
+					debug3("Finish at %llu (%2d)",
+					    (unsigned long long)offset,
+					    num_req);
+					max_req = 1;
+				} else if (max_req < from->num_requests) {
+					++max_req;
+				}
+			}
+			break;
+		default:
+			fatal("Expected SSH2_FXP_DATA(%u) packet, got %u",
+			    SSH2_FXP_DATA, type);
+		}
+	}
+
+	if (showprogress && size)
+		stop_progress_meter();
+
+	/* Drain replies from the server (blocking) */
+	debug3_f("waiting for %u replies from destination", num_upload_req);
+	handle_dest_replies(to, to_path, 1, &num_upload_req, &write_error);
+
+	/* Sanity check */
+	if (TAILQ_FIRST(&requests) != NULL)
+		fatal("Transfer complete, but requests still in queue");
+	/* Truncate at 0 length on interrupt or error to avoid holes at dest */
+	if (read_error || write_error || interrupted) {
+		debug("truncating \"%s\" at 0", to_path);
+		do_close(to, to_handle, to_handle_len);
+		free(to_handle);
+		if (send_open(to, to_path, "dest",
+		    SSH2_FXF_WRITE|SSH2_FXF_CREAT|SSH2_FXF_TRUNC, a,
+		    &to_handle, &to_handle_len) != 0) {
+			error("truncation failed for \"%s\"", to_path);
+			to_handle = NULL;
+		}
+	}
+	if (read_error) {
+		error("Couldn't read from origin file \"%s\" : %s",
+		    from_path, fx2txt(status));
+		status = -1;
+		do_close(from, from_handle, from_handle_len);
+		if (to_handle != NULL)
+			do_close(to, to_handle, to_handle_len);
+	} else if (write_error) {
+		error("Couldn't write to \"%s\": %s",
+		    to_path, fx2txt(write_error));
+		status = SSH2_FX_FAILURE;
+		do_close(from, from_handle, from_handle_len);
+		if (to_handle != NULL)
+			do_close(to, to_handle, to_handle_len);
+	} else {
+		if (do_close(from, from_handle, from_handle_len) != 0 ||
+		    interrupted)
+			status = -1;
+		else
+			status = SSH2_FX_OK;
+		if (to_handle != NULL) {
+			/* Need to resend utimes after write */
+			if (preserve_flag)
+				do_fsetstat(to, to_handle, to_handle_len, a);
+			do_close(to, to_handle, to_handle_len);
+		}
+	}
+	sshbuf_free(msg);
+	free(from_handle);
+	free(to_handle);
+
+	return status == SSH2_FX_OK ? 0 : -1;
+}
+
+static int
+crossload_dir_internal(struct sftp_conn *from, struct sftp_conn *to,
+    const char *from_path, const char *to_path,
+    int depth, Attrib *dirattrib, int preserve_flag, int print_flag,
+    int follow_link_flag)
+{
+	int i, ret = 0;
+	SFTP_DIRENT **dir_entries;
+	char *filename, *new_from_path = NULL, *new_to_path = NULL;
+	mode_t mode = 0777;
+	Attrib curdir;
+
+	if (depth >= MAX_DIR_DEPTH) {
+		error("Maximum directory depth exceeded: %d levels", depth);
+		return -1;
+	}
+
+	if (dirattrib == NULL &&
+	    (dirattrib = do_stat(from, from_path, 1)) == NULL) {
+		error("Unable to stat remote directory \"%s\"", from_path);
+		return -1;
+	}
+	if (!S_ISDIR(dirattrib->perm)) {
+		error("\"%s\" is not a directory", from_path);
+		return -1;
+	}
+	if (print_flag && print_flag != SFTP_PROGRESS_ONLY)
+		mprintf("Retrieving %s\n", from_path);
+
+	curdir = *dirattrib; /* dirattrib will be clobbered */
+	curdir.flags &= ~SSH2_FILEXFER_ATTR_SIZE;
+	curdir.flags &= ~SSH2_FILEXFER_ATTR_UIDGID;
+	if ((curdir.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) == 0) {
+		debug("Origin did not send permissions for "
+		    "directory \"%s\"", to_path);
+		curdir.perm = S_IWUSR|S_IXUSR;
+		curdir.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
+	}
+	/* We need to be able to write to the directory while we transfer it */
+	mode = curdir.perm & 01777;
+	curdir.perm = mode | (S_IWUSR|S_IXUSR);
+
+	/*
+	 * sftp lacks a portable status value to match errno EEXIST,
+	 * so if we get a failure back then we must check whether
+	 * the path already existed and is a directory.  Ensure we can
+	 * write to the directory we create for the duration of the transfer.
+	 */
+	if (do_mkdir(to, to_path, &curdir, 0) != 0) {
+		if ((dirattrib = do_stat(to, to_path, 0)) == NULL)
+			return -1;
+		if (!S_ISDIR(dirattrib->perm)) {
+			error("\"%s\" exists but is not a directory", to_path);
+			return -1;
+		}
+	}
+	curdir.perm = mode;
+
+	if (do_readdir(from, from_path, &dir_entries) == -1) {
+		error("%s: Failed to get directory contents", from_path);
+		return -1;
+	}
+
+	for (i = 0; dir_entries[i] != NULL && !interrupted; i++) {
+		free(new_from_path);
+		free(new_to_path);
+
+		filename = dir_entries[i]->filename;
+		new_from_path = path_append(from_path, filename);
+		new_to_path = path_append(to_path, filename);
+
+		if (S_ISDIR(dir_entries[i]->a.perm)) {
+			if (strcmp(filename, ".") == 0 ||
+			    strcmp(filename, "..") == 0)
+				continue;
+			if (crossload_dir_internal(from, to,
+			    new_from_path, new_to_path,
+			    depth + 1, &(dir_entries[i]->a), preserve_flag,
+			    print_flag, follow_link_flag) == -1)
+				ret = -1;
+		} else if (S_ISREG(dir_entries[i]->a.perm) ||
+		    (follow_link_flag && S_ISLNK(dir_entries[i]->a.perm))) {
+			/*
+			 * If this is a symlink then don't send the link's
+			 * Attrib. do_download() will do a FXP_STAT operation
+			 * and get the link target's attributes.
+			 */
+			if (do_crossload(from, to, new_from_path, new_to_path,
+			    S_ISLNK(dir_entries[i]->a.perm) ? NULL :
+			    &(dir_entries[i]->a), preserve_flag) == -1) {
+				error("Transfer of file %s to %s failed",
+				    new_from_path, new_to_path);
+				ret = -1;
+			}
+		} else
+			logit("%s: not a regular file\n", new_from_path);
+
+	}
+	free(new_to_path);
+	free(new_from_path);
+
+	do_setstat(to, to_path, &curdir);
+
+	free_sftp_dirents(dir_entries);
+
+	return ret;
+}
+
+int
+crossload_dir(struct sftp_conn *from, struct sftp_conn *to,
+    const char *from_path, const char *to_path,
+    Attrib *dirattrib, int preserve_flag, int print_flag, int follow_link_flag)
+{
+	char *from_path_canon;
+	int ret;
+
+	if ((from_path_canon = do_realpath(from, from_path)) == NULL) {
+		error("Unable to canonicalize path \"%s\"", from_path);
+		return -1;
+	}
+
+	ret = crossload_dir_internal(from, to, from_path_canon, to_path, 0,
+	    dirattrib, preserve_flag, print_flag, follow_link_flag);
+	free(from_path_canon);
+	return ret;
+}
+
 char *
 path_append(const char *p1, const char *p2)
 {
@@ -1956,3 +2582,52 @@
 	return(ret);
 }
 
+char *
+make_absolute(char *p, const char *pwd)
+{
+	char *abs_str;
+
+	/* Derelativise */
+	if (p && !path_absolute(p)) {
+		abs_str = path_append(pwd, p);
+		free(p);
+		return(abs_str);
+	} else
+		return(p);
+}
+
+int
+remote_is_dir(struct sftp_conn *conn, const char *path)
+{
+	Attrib *a;
+
+	/* XXX: report errors? */
+	if ((a = do_stat(conn, path, 1)) == NULL)
+		return(0);
+	if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS))
+		return(0);
+	return(S_ISDIR(a->perm));
+}
+
+
+int
+local_is_dir(const char *path)
+{
+	struct stat sb;
+
+	/* XXX: report errors? */
+	if (stat(path, &sb) == -1)
+		return(0);
+
+	return(S_ISDIR(sb.st_mode));
+}
+
+/* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
+int
+globpath_is_dir(const char *pathname)
+{
+	size_t l = strlen(pathname);
+
+	return l > 0 && pathname[l - 1] == '/';
+}
+

sftp-client.h

diff --git a/sftp-client.h b/sftp-client.h
index 63a9b8b..7d0bd12 100644
--- a/sftp-client.h
+++ b/sftp-client.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-client.h,v 1.28 2019/01/16 23:23:45 djm Exp $ */
+/* $OpenBSD: sftp-client.h,v 1.34 2021/08/09 23:47:44 djm Exp $ */
 
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
@@ -53,6 +53,19 @@
 	u_int64_t f_namemax;
 };
 
+/* Used for limits response on the wire from the server */
+struct sftp_limits {
+	u_int64_t packet_length;
+	u_int64_t read_length;
+	u_int64_t write_length;
+	u_int64_t open_handles;
+};
+
+/* print flag values */
+#define SFTP_QUIET		0	/* be quiet during transfers */
+#define SFTP_PRINT		1	/* list files and show progress bar */
+#define SFTP_PROGRESS_ONLY	2	/* progress bar only */
+
 /*
  * Initialise a SSH filexfer connection. Returns NULL on error or
  * a pointer to a initialized sftp_conn struct on success.
@@ -61,6 +74,9 @@
 
 u_int sftp_proto_version(struct sftp_conn *);
 
+/* Query server limits */
+int do_limits(struct sftp_conn *, struct sftp_limits *);
+
 /* Close file referred to by 'handle' */
 int do_close(struct sftp_conn *, const u_char *, u_int);
 
@@ -97,11 +113,17 @@
 /* Canonicalise 'path' - caller must free result */
 char *do_realpath(struct sftp_conn *, const char *);
 
+/* Canonicalisation with tilde expansion (requires server extension) */
+char *do_expand_path(struct sftp_conn *, const char *);
+
+/* Returns non-zero if server can tilde-expand paths */
+int can_expand_path(struct sftp_conn *);
+
 /* Get statistics for filesystem hosting file at "path" */
 int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int);
 
 /* Rename 'oldpath' to 'newpath' */
-int do_rename(struct sftp_conn *, const char *, const char *, int force_legacy);
+int do_rename(struct sftp_conn *, const char *, const char *, int);
 
 /* Link 'oldpath' to 'newpath' */
 int do_hardlink(struct sftp_conn *, const char *, const char *);
@@ -124,7 +146,7 @@
  * times if 'pflag' is set
  */
 int download_dir(struct sftp_conn *, const char *, const char *,
-    Attrib *, int, int, int, int);
+    Attrib *, int, int, int, int, int);
 
 /*
  * Upload 'local_path' to 'remote_path'. Preserve permissions and times
@@ -137,9 +159,40 @@
  * times if 'pflag' is set
  */
 int upload_dir(struct sftp_conn *, const char *, const char *, int, int, int,
-    int);
+    int, int);
+
+/*
+ * Download a 'from_path' from the 'from' connection and upload it to
+ * to 'to' connection at 'to_path'.
+ */
+int
+do_crossload(struct sftp_conn *from, struct sftp_conn *to,
+    const char *from_path, const char *to_path,
+    Attrib *a, int preserve_flag);
+
+/*
+ * Recursively download a directory from 'from_path' from the 'from'
+ * connection and upload it to 'to' connection at 'to_path'.
+ */
+int crossload_dir(struct sftp_conn *from, struct sftp_conn *to,
+    const char *from_path, const char *to_path,
+    Attrib *dirattrib, int preserve_flag, int print_flag,
+    int follow_link_flag);
 
 /* Concatenate paths, taking care of slashes. Caller must free result. */
 char *path_append(const char *, const char *);
 
+/* Make absolute path if relative path and CWD is given. Does not modify
+ * original if the the path is already absolute. */
+char *make_absolute(char *, const char *);
+
+/* Check if remote path is directory */
+int remote_is_dir(struct sftp_conn *conn, const char *path);
+
+/* Check if local path is directory */
+int local_is_dir(const char *path);
+
+/* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
+int globpath_is_dir(const char *pathname);
+
 #endif

sftp-common.c

diff --git a/sftp-common.c b/sftp-common.c
index 677f27d..3ad5767 100644
--- a/sftp-common.c
+++ b/sftp-common.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-common.c,v 1.31 2018/09/13 15:23:32 millert Exp $ */
+/* $OpenBSD: sftp-common.c,v 1.32 2020/10/18 11:32:02 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2001 Damien Miller.  All rights reserved.
@@ -136,7 +136,7 @@
 		u_int i, count;
 
 		if ((r = sshbuf_get_u32(b, &count)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			return r;
 		for (i = 0; i < count; i++) {
 			if ((r = sshbuf_get_cstring(b, &type, NULL)) != 0 ||
 			    (r = sshbuf_get_string(b, &data, &dlen)) != 0)

sftp-realpath.c

diff --git a/sftp-realpath.c b/sftp-realpath.c
index 9ac4018..2ec779d 100644
--- a/sftp-realpath.c
+++ b/sftp-realpath.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sftp-realpath.c,v 1.1 2019/07/05 04:55:40 djm Exp $ */
+/*	$OpenBSD: sftp-realpath.c,v 1.2 2021/09/02 21:03:54 deraadt Exp $ */
 /*
  * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
  *
@@ -30,7 +30,6 @@
 #include "includes.h"
 
 #include <sys/types.h>
-#include <sys/param.h>
 #include <sys/stat.h>
 
 #include <errno.h>

sftp-server.8

diff --git a/sftp-server.8 b/sftp-server.8
index 4a55dab..5311bf9 100644
--- a/sftp-server.8
+++ b/sftp-server.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.28 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: sftp-server.8,v 1.31 2021/07/27 14:14:25 jmc Exp $
 .\"
 .\" Copyright (c) 2000 Markus Friedl.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: July 27 2021 $
 .Dt SFTP-SERVER 8
 .Os
 .Sh NAME
@@ -35,8 +35,8 @@
 .Op Fl d Ar start_directory
 .Op Fl f Ar log_facility
 .Op Fl l Ar log_level
-.Op Fl P Ar blacklisted_requests
-.Op Fl p Ar whitelisted_requests
+.Op Fl P Ar denied_requests
+.Op Fl p Ar allowed_requests
 .Op Fl u Ar umask
 .Ek
 .Nm
@@ -64,7 +64,7 @@
 Valid options are:
 .Bl -tag -width Ds
 .It Fl d Ar start_directory
-specifies an alternate starting directory for users.
+Specifies an alternate starting directory for users.
 The pathname may contain the following tokens that are expanded at runtime:
 %% is replaced by a literal '%',
 %d is replaced by the home directory of the user being authenticated,
@@ -99,30 +99,30 @@
 DEBUG and DEBUG1 are equivalent.
 DEBUG2 and DEBUG3 each specify higher levels of debugging output.
 The default is ERROR.
-.It Fl P Ar blacklisted_requests
-Specify a comma-separated list of SFTP protocol requests that are banned by
+.It Fl P Ar denied_requests
+Specifies a comma-separated list of SFTP protocol requests that are banned by
 the server.
 .Nm
-will reply to any blacklisted request with a failure.
+will reply to any denied request with a failure.
 The
 .Fl Q
 flag can be used to determine the supported request types.
-If both a blacklist and a whitelist are specified, then the blacklist is
-applied before the whitelist.
-.It Fl p Ar whitelisted_requests
-Specify a comma-separated list of SFTP protocol requests that are permitted
+If both denied and allowed lists are specified, then the denied list is
+applied before the allowed list.
+.It Fl p Ar allowed_requests
+Specifies a comma-separated list of SFTP protocol requests that are permitted
 by the server.
-All request types that are not on the whitelist will be logged and replied
+All request types that are not on the allowed list will be logged and replied
 to with a failure message.
 .Pp
 Care must be taken when using this feature to ensure that requests made
 implicitly by SFTP clients are permitted.
 .It Fl Q Ar protocol_feature
-Query protocol features supported by
+Queries protocol features supported by
 .Nm .
 At present the only feature that may be queried is
 .Dq requests ,
-which may be used for black or whitelisting (flags
+which may be used to deny or allow specific requests (flags
 .Fl P
 and
 .Fl p

sftp-server.c

diff --git a/sftp-server.c b/sftp-server.c
index 359204f..18d1949 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.117 2019/07/05 04:55:40 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.129 2021/08/09 23:47:44 djm Exp $ */
 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
@@ -19,6 +19,7 @@
 
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/resource.h>
 #ifdef HAVE_SYS_TIME_H
 # include <sys/time.h>
 #endif
@@ -53,6 +54,9 @@
 
 char *sftp_realpath(const char *, char *); /* sftp-realpath.c */
 
+/* Maximum data read that we are willing to accept */
+#define SFTP_MAX_READ_LENGTH (SFTP_MAX_MSG_LENGTH - 1024)
+
 /* Our verbosity */
 static LogLevel log_level = SYSLOG_LEVEL_ERROR;
 
@@ -74,7 +78,7 @@
 static int readonly;
 
 /* Requests that are allowed/denied */
-static char *request_whitelist, *request_blacklist;
+static char *request_allowlist, *request_denylist;
 
 /* portable attributes, etc. */
 typedef struct Stat Stat;
@@ -110,6 +114,8 @@
 static void process_extended_hardlink(u_int32_t id);
 static void process_extended_fsync(u_int32_t id);
 static void process_extended_lsetstat(u_int32_t id);
+static void process_extended_limits(u_int32_t id);
+static void process_extended_expand(u_int32_t id);
 static void process_extended(u_int32_t id);
 
 struct sftp_handler {
@@ -146,15 +152,30 @@
 /* SSH2_FXP_EXTENDED submessages */
 static const struct sftp_handler extended_handlers[] = {
 	{ "posix-rename", "posix-rename@openssh.com", 0,
-	   process_extended_posix_rename, 1 },
+	    process_extended_posix_rename, 1 },
 	{ "statvfs", "statvfs@openssh.com", 0, process_extended_statvfs, 0 },
 	{ "fstatvfs", "fstatvfs@openssh.com", 0, process_extended_fstatvfs, 0 },
 	{ "hardlink", "hardlink@openssh.com", 0, process_extended_hardlink, 1 },
 	{ "fsync", "fsync@openssh.com", 0, process_extended_fsync, 1 },
 	{ "lsetstat", "lsetstat@openssh.com", 0, process_extended_lsetstat, 1 },
+	{ "limits", "limits@openssh.com", 0, process_extended_limits, 0 },
+	{ "expand-path", "expand-path@openssh.com", 0,
+	    process_extended_expand, 0 },
 	{ NULL, NULL, 0, NULL, 0 }
 };
 
+static const struct sftp_handler *
+extended_handler_byname(const char *name)
+{
+	int i;
+
+	for (i = 0; extended_handlers[i].handler != NULL; i++) {
+		if (strcmp(name, extended_handlers[i].ext_name) == 0)
+			return &extended_handlers[i];
+	}
+	return NULL;
+}
+
 static int
 request_permitted(const struct sftp_handler *h)
 {
@@ -164,20 +185,20 @@
 		verbose("Refusing %s request in read-only mode", h->name);
 		return 0;
 	}
-	if (request_blacklist != NULL &&
-	    ((result = match_list(h->name, request_blacklist, NULL))) != NULL) {
+	if (request_denylist != NULL &&
+	    ((result = match_list(h->name, request_denylist, NULL))) != NULL) {
 		free(result);
-		verbose("Refusing blacklisted %s request", h->name);
+		verbose("Refusing denylisted %s request", h->name);
 		return 0;
 	}
-	if (request_whitelist != NULL &&
-	    ((result = match_list(h->name, request_whitelist, NULL))) != NULL) {
+	if (request_allowlist != NULL &&
+	    ((result = match_list(h->name, request_allowlist, NULL))) != NULL) {
 		free(result);
-		debug2("Permitting whitelisted %s request", h->name);
+		debug2("Permitting allowlisted %s request", h->name);
 		return 1;
 	}
-	if (request_whitelist != NULL) {
-		verbose("Refusing non-whitelisted %s request", h->name);
+	if (request_allowlist != NULL) {
+		verbose("Refusing non-allowlisted %s request", h->name);
 		return 0;
 	}
 	return 1;
@@ -489,7 +510,7 @@
 	int r;
 
 	if ((r = sshbuf_put_stringb(oqueue, m)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "enqueue");
 	sshbuf_reset(m);
 }
 
@@ -522,16 +543,16 @@
 	    (status != SSH2_FX_OK && status != SSH2_FX_EOF))
 		logit("sent status %s", status_to_message(status));
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_STATUS)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_u32(msg, status)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	if (version >= 3) {
 		if ((r = sshbuf_put_cstring(msg,
 		    status_to_message(status))) != 0 ||
 		    (r = sshbuf_put_cstring(msg, "")) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose message");
 	}
 	send_msg(msg);
 	sshbuf_free(msg);
@@ -543,11 +564,11 @@
 	int r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, type)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_string(msg, data, dlen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(msg);
 	sshbuf_free(msg);
 }
@@ -578,17 +599,17 @@
 	int i, r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_NAME)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_u32(msg, count)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	debug("request %u: sent names count %d", id, count);
 	for (i = 0; i < count; i++) {
 		if ((r = sshbuf_put_cstring(msg, stats[i].name)) != 0 ||
 		    (r = sshbuf_put_cstring(msg, stats[i].long_name)) != 0 ||
 		    (r = encode_attrib(msg, &stats[i].attrib)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose filenames/attrib");
 	}
 	send_msg(msg);
 	sshbuf_free(msg);
@@ -602,11 +623,11 @@
 
 	debug("request %u: sent attrib have 0x%x", id, a->flags);
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_ATTRS)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = encode_attrib(msg, a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(msg);
 	sshbuf_free(msg);
 }
@@ -622,7 +643,7 @@
 	flag |= (st->f_flag & ST_NOSUID) ? SSH2_FXE_STATVFS_ST_NOSUID : 0;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED_REPLY)) != 0 ||
 	    (r = sshbuf_put_u32(msg, id)) != 0 ||
 	    (r = sshbuf_put_u64(msg, st->f_bsize)) != 0 ||
@@ -636,11 +657,33 @@
 	    (r = sshbuf_put_u64(msg, FSID_TO_ULONG(st->f_fsid))) != 0 ||
 	    (r = sshbuf_put_u64(msg, flag)) != 0 ||
 	    (r = sshbuf_put_u64(msg, st->f_namemax)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(msg);
 	sshbuf_free(msg);
 }
 
+/*
+ * Prepare SSH2_FXP_VERSION extension advertisement for a single extension.
+ * The extension is checked for permission prior to advertisment.
+ */
+static int
+compose_extension(struct sshbuf *msg, const char *name, const char *ver)
+{
+	int r;
+	const struct sftp_handler *exthnd;
+
+	if ((exthnd = extended_handler_byname(name)) == NULL)
+		fatal_f("internal error: no handler for %s", name);
+	if (!request_permitted(exthnd)) {
+		debug2_f("refusing to advertise disallowed extension %s", name);
+		return 0;
+	}
+	if ((r = sshbuf_put_cstring(msg, name)) != 0 ||
+	    (r = sshbuf_put_cstring(msg, ver)) != 0)
+		fatal_fr(r, "compose %s", name);
+	return 0;
+}
+
 /* parse incoming */
 
 static void
@@ -650,30 +693,24 @@
 	int r;
 
 	if ((r = sshbuf_get_u32(iqueue, &version)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	verbose("received client version %u", version);
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_FXP_VERSION)) != 0 ||
-	    (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0 ||
-	    /* POSIX rename extension */
-	    (r = sshbuf_put_cstring(msg, "posix-rename@openssh.com")) != 0 ||
-	    (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */
-	    /* statvfs extension */
-	    (r = sshbuf_put_cstring(msg, "statvfs@openssh.com")) != 0 ||
-	    (r = sshbuf_put_cstring(msg, "2")) != 0 || /* version */
-	    /* fstatvfs extension */
-	    (r = sshbuf_put_cstring(msg, "fstatvfs@openssh.com")) != 0 ||
-	    (r = sshbuf_put_cstring(msg, "2")) != 0 || /* version */
-	    /* hardlink extension */
-	    (r = sshbuf_put_cstring(msg, "hardlink@openssh.com")) != 0 ||
-	    (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */
-	    /* fsync extension */
-	    (r = sshbuf_put_cstring(msg, "fsync@openssh.com")) != 0 ||
-	    (r = sshbuf_put_cstring(msg, "1")) != 0 || /* version */
-	    (r = sshbuf_put_cstring(msg, "lsetstat@openssh.com")) != 0 ||
-	    (r = sshbuf_put_cstring(msg, "1")) != 0) /* version */
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	    (r = sshbuf_put_u32(msg, SSH2_FILEXFER_VERSION)) != 0)
+		fatal_fr(r, "compose");
+
+	 /* extension advertisments */
+	compose_extension(msg, "posix-rename@openssh.com", "1");
+	compose_extension(msg, "statvfs@openssh.com", "2");
+	compose_extension(msg, "fstatvfs@openssh.com", "2");
+	compose_extension(msg, "hardlink@openssh.com", "1");
+	compose_extension(msg, "fsync@openssh.com", "1");
+	compose_extension(msg, "lsetstat@openssh.com", "1");
+	compose_extension(msg, "limits@openssh.com", "1");
+	compose_extension(msg, "expand-path@openssh.com", "1");
+
 	send_msg(msg);
 	sshbuf_free(msg);
 }
@@ -689,7 +726,7 @@
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
 	    (r = sshbuf_get_u32(iqueue, &pflags)) != 0 || /* portable flags */
 	    (r = decode_attrib(iqueue, &a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: open flags %d", id, pflags);
 	flags = flags_from_portable(pflags);
@@ -726,7 +763,7 @@
 	int r, handle, ret, status = SSH2_FX_FAILURE;
 
 	if ((r = get_handle(iqueue, &handle)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: close handle %u", id, handle);
 	handle_log_close(handle, NULL);
@@ -738,7 +775,8 @@
 static void
 process_read(u_int32_t id)
 {
-	u_char buf[64*1024];
+	static u_char *buf;
+	static size_t buflen;
 	u_int32_t len;
 	int r, handle, fd, ret, status = SSH2_FX_FAILURE;
 	u_int64_t off;
@@ -746,32 +784,45 @@
 	if ((r = get_handle(iqueue, &handle)) != 0 ||
 	    (r = sshbuf_get_u64(iqueue, &off)) != 0 ||
 	    (r = sshbuf_get_u32(iqueue, &len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
-	debug("request %u: read \"%s\" (handle %d) off %llu len %d",
+	debug("request %u: read \"%s\" (handle %d) off %llu len %u",
 	    id, handle_to_name(handle), handle, (unsigned long long)off, len);
-	if (len > sizeof buf) {
-		len = sizeof buf;
-		debug2("read change len %d", len);
+	if ((fd = handle_to_fd(handle)) == -1)
+		goto out;
+	if (len > SFTP_MAX_READ_LENGTH) {
+		debug2("read change len %u to %u", len, SFTP_MAX_READ_LENGTH);
+		len = SFTP_MAX_READ_LENGTH;
 	}
-	fd = handle_to_fd(handle);
-	if (fd >= 0) {
-		if (lseek(fd, off, SEEK_SET) == -1) {
-			error("process_read: seek failed");
-			status = errno_to_portable(errno);
-		} else {
-			ret = read(fd, buf, len);
-			if (ret == -1) {
-				status = errno_to_portable(errno);
-			} else if (ret == 0) {
-				status = SSH2_FX_EOF;
-			} else {
-				send_data(id, buf, ret);
-				status = SSH2_FX_OK;
-				handle_update_read(handle, ret);
-			}
-		}
+	if (len > buflen) {
+		debug3_f("allocate %zu => %u", buflen, len);
+		if ((buf = realloc(NULL, len)) == NULL)
+			fatal_f("realloc failed");
+		buflen = len;
 	}
+	if (lseek(fd, off, SEEK_SET) == -1) {
+		status = errno_to_portable(errno);
+		error_f("seek \"%.100s\": %s", handle_to_name(handle),
+		    strerror(errno));
+		goto out;
+	}
+	if (len == 0) {
+		/* weird, but not strictly disallowed */
+		ret = 0;
+	} else if ((ret = read(fd, buf, len)) == -1) {
+		status = errno_to_portable(errno);
+		error_f("read \"%.100s\": %s", handle_to_name(handle),
+		    strerror(errno));
+		goto out;
+	} else if (ret == 0) {
+		status = SSH2_FX_EOF;
+		goto out;
+	}
+	send_data(id, buf, ret);
+	handle_update_read(handle, ret);
+	/* success */
+	status = SSH2_FX_OK;
+ out:
 	if (status != SSH2_FX_OK)
 		send_status(id, status);
 }
@@ -787,7 +838,7 @@
 	if ((r = get_handle(iqueue, &handle)) != 0 ||
 	    (r = sshbuf_get_u64(iqueue, &off)) != 0 ||
 	    (r = sshbuf_get_string(iqueue, &data, &len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug("request %u: write \"%s\" (handle %d) off %llu len %zu",
 	    id, handle_to_name(handle), handle, (unsigned long long)off, len);
@@ -797,20 +848,22 @@
 		status = SSH2_FX_FAILURE;
 	else {
 		if (!(handle_to_flags(handle) & O_APPEND) &&
-				lseek(fd, off, SEEK_SET) == -1) {
+		    lseek(fd, off, SEEK_SET) == -1) {
 			status = errno_to_portable(errno);
-			error("process_write: seek failed");
+			error_f("seek \"%.100s\": %s", handle_to_name(handle),
+			    strerror(errno));
 		} else {
 /* XXX ATOMICIO ? */
 			ret = write(fd, data, len);
 			if (ret == -1) {
-				error("process_write: write failed");
 				status = errno_to_portable(errno);
+				error_f("write \"%.100s\": %s",
+				    handle_to_name(handle), strerror(errno));
 			} else if ((size_t)ret == len) {
 				status = SSH2_FX_OK;
 				handle_update_write(handle, ret);
 			} else {
-				debug2("nothing at all written");
+				debug2_f("nothing at all written");
 				status = SSH2_FX_FAILURE;
 			}
 		}
@@ -828,7 +881,7 @@
 	int r, status = SSH2_FX_FAILURE;
 
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: %sstat", id, do_lstat ? "l" : "");
 	verbose("%sstat name \"%s\"", do_lstat ? "l" : "", name);
@@ -865,7 +918,7 @@
 	int fd, r, handle, status = SSH2_FX_FAILURE;
 
 	if ((r = get_handle(iqueue, &handle)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	debug("request %u: fstat \"%s\" (handle %u)",
 	    id, handle_to_name(handle), handle);
 	fd = handle_to_fd(handle);
@@ -916,7 +969,7 @@
 
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
 	    (r = decode_attrib(iqueue, &a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug("request %u: setstat name \"%s\"", id, name);
 	if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
@@ -963,7 +1016,7 @@
 
 	if ((r = get_handle(iqueue, &handle)) != 0 ||
 	    (r = decode_attrib(iqueue, &a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug("request %u: fsetstat handle %d", id, handle);
 	fd = handle_to_fd(handle);
@@ -1027,7 +1080,7 @@
 	int r, handle, status = SSH2_FX_FAILURE;
 
 	if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: opendir", id);
 	logit("opendir \"%s\"", path);
@@ -1058,7 +1111,7 @@
 	int r, handle;
 
 	if ((r = get_handle(iqueue, &handle)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug("request %u: readdir \"%s\" (handle %d)", id,
 	    handle_to_name(handle), handle);
@@ -1112,7 +1165,7 @@
 	int r, status = SSH2_FX_FAILURE;
 
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: remove", id);
 	logit("remove name \"%s\"", name);
@@ -1131,7 +1184,7 @@
 
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
 	    (r = decode_attrib(iqueue, &a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
 	    a.perm & 07777 : 0777;
@@ -1150,7 +1203,7 @@
 	int r, status;
 
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: rmdir", id);
 	logit("rmdir name \"%s\"", name);
@@ -1168,7 +1221,7 @@
 	int r;
 
 	if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	if (path[0] == '\0') {
 		free(path);
@@ -1196,7 +1249,7 @@
 
 	if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: rename", id);
 	logit("rename old \"%s\" new \"%s\"", oldpath, newpath);
@@ -1255,7 +1308,7 @@
 	char *path;
 
 	if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: readlink", id);
 	verbose("readlink \"%s\"", path);
@@ -1280,7 +1333,7 @@
 
 	if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: symlink", id);
 	logit("symlink old \"%s\" new \"%s\"", oldpath, newpath);
@@ -1300,7 +1353,7 @@
 
 	if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: posix-rename", id);
 	logit("posix-rename old \"%s\" new \"%s\"", oldpath, newpath);
@@ -1319,7 +1372,7 @@
 	int r;
 
 	if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	debug3("request %u: statvfs", id);
 	logit("statvfs \"%s\"", path);
 
@@ -1327,7 +1380,7 @@
 		send_status(id, errno_to_portable(errno));
 	else
 		send_statvfs(id, &st);
-        free(path);
+	free(path);
 }
 
 static void
@@ -1337,7 +1390,7 @@
 	struct statvfs st;
 
 	if ((r = get_handle(iqueue, &handle)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	debug("request %u: fstatvfs \"%s\" (handle %u)",
 	    id, handle_to_name(handle), handle);
 	if ((fd = handle_to_fd(handle)) < 0) {
@@ -1358,7 +1411,7 @@
 
 	if ((r = sshbuf_get_cstring(iqueue, &oldpath, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(iqueue, &newpath, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug3("request %u: hardlink", id);
 	logit("hardlink old \"%s\" new \"%s\"", oldpath, newpath);
@@ -1375,7 +1428,7 @@
 	int handle, fd, r, status = SSH2_FX_OP_UNSUPPORTED;
 
 	if ((r = get_handle(iqueue, &handle)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	debug3("request %u: fsync (handle %u)", id, handle);
 	verbose("fsync \"%s\"", handle_to_name(handle));
 	if ((fd = handle_to_fd(handle)) < 0)
@@ -1396,7 +1449,7 @@
 
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
 	    (r = decode_attrib(iqueue, &a)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	debug("request %u: lsetstat name \"%s\"", id, name);
 	if (a.flags & SSH2_FILEXFER_ATTR_SIZE) {
@@ -1437,25 +1490,113 @@
 }
 
 static void
+process_extended_limits(u_int32_t id)
+{
+	struct sshbuf *msg;
+	int r;
+	uint64_t nfiles = 0;
+#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
+	struct rlimit rlim;
+#endif
+
+	debug("request %u: limits", id);
+
+#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE)
+	if (getrlimit(RLIMIT_NOFILE, &rlim) != -1 && rlim.rlim_cur > 5)
+		nfiles = rlim.rlim_cur - 5; /* stdio(3) + syslog + spare */
+#endif
+
+	if ((msg = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
+	if ((r = sshbuf_put_u8(msg, SSH2_FXP_EXTENDED_REPLY)) != 0 ||
+	    (r = sshbuf_put_u32(msg, id)) != 0 ||
+	    /* max-packet-length */
+	    (r = sshbuf_put_u64(msg, SFTP_MAX_MSG_LENGTH)) != 0 ||
+	    /* max-read-length */
+	    (r = sshbuf_put_u64(msg, SFTP_MAX_READ_LENGTH)) != 0 ||
+	    /* max-write-length */
+	    (r = sshbuf_put_u64(msg, SFTP_MAX_MSG_LENGTH - 1024)) != 0 ||
+	    /* max-open-handles */
+	    (r = sshbuf_put_u64(msg, nfiles)) != 0)
+		fatal_fr(r, "compose");
+	send_msg(msg);
+	sshbuf_free(msg);
+}
+
+static void
+process_extended_expand(u_int32_t id)
+{
+	char cwd[PATH_MAX], resolvedname[PATH_MAX];
+	char *path, *npath;
+	int r;
+	Stat s;
+
+	if ((r = sshbuf_get_cstring(iqueue, &path, NULL)) != 0)
+		fatal_fr(r, "parse");
+	if (getcwd(cwd, sizeof(cwd)) == NULL) {
+		send_status(id, errno_to_portable(errno));
+		goto out;
+	}
+
+	debug3("request %u: expand, original \"%s\"", id, path);
+	if (path[0] == '\0') {
+		/* empty path */
+		free(path);
+		path = xstrdup(".");
+	} else if (*path == '~') {
+		/* ~ expand path */
+		/* Special-case for "~" and "~/" to respect homedir flag */
+		if (strcmp(path, "~") == 0) {
+			free(path);
+			path = xstrdup(cwd);
+		} else if (strncmp(path, "~/", 2) == 0) {
+			npath = xstrdup(path + 2);
+			free(path);
+			xasprintf(&path, "%s/%s", cwd, npath);
+		} else {
+			/* ~user expansions */
+			if (tilde_expand(path, pw->pw_uid, &npath) != 0) {
+				send_status(id, errno_to_portable(EINVAL));
+				goto out;
+			}
+			free(path);
+			path = npath;
+		}
+	} else if (*path != '/') {
+		/* relative path */
+		xasprintf(&npath, "%s/%s", cwd, path);
+		free(path);
+		path = npath;
+	}
+	verbose("expand \"%s\"", path);
+	if (sftp_realpath(path, resolvedname) == NULL) {
+		send_status(id, errno_to_portable(errno));
+		goto out;
+	}
+	attrib_clear(&s.attrib);
+	s.name = s.long_name = resolvedname;
+	send_names(id, 1, &s);
+ out:
+	free(path);
+}
+
+static void
 process_extended(u_int32_t id)
 {
 	char *request;
-	int i, r;
+	int r;
+	const struct sftp_handler *exthand;
 
 	if ((r = sshbuf_get_cstring(iqueue, &request, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	for (i = 0; extended_handlers[i].handler != NULL; i++) {
-		if (strcmp(request, extended_handlers[i].ext_name) == 0) {
-			if (!request_permitted(&extended_handlers[i]))
-				send_status(id, SSH2_FX_PERMISSION_DENIED);
-			else
-				extended_handlers[i].handler(id);
-			break;
-		}
-	}
-	if (extended_handlers[i].handler == NULL) {
+		fatal_fr(r, "parse");
+	if ((exthand = extended_handler_byname(request)) == NULL) {
 		error("Unknown extended request \"%.100s\"", request);
 		send_status(id, SSH2_FX_OP_UNSUPPORTED);	/* MUST */
+	} else {
+		if (!request_permitted(exthand))
+			send_status(id, SSH2_FX_PERMISSION_DENIED);
+		else
+			exthand->handler(id);
 	}
 	free(request);
 }
@@ -1486,10 +1627,10 @@
 	if (buf_len < msg_len + 4)
 		return;
 	if ((r = sshbuf_consume(iqueue, 4)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "consume");
 	buf_len -= 4;
 	if ((r = sshbuf_get_u8(iqueue, &type)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type");
 
 	switch (type) {
 	case SSH2_FXP_INIT:
@@ -1500,14 +1641,14 @@
 		if (!init_done)
 			fatal("Received extended request before init");
 		if ((r = sshbuf_get_u32(iqueue, &id)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse extended ID");
 		process_extended(id);
 		break;
 	default:
 		if (!init_done)
 			fatal("Received %u request before init", type);
 		if ((r = sshbuf_get_u32(iqueue, &id)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse ID");
 		for (i = 0; handlers[i].handler != NULL; i++) {
 			if (type == handlers[i].type) {
 				if (!request_permitted(&handlers[i])) {
@@ -1534,7 +1675,7 @@
 	}
 	if (msg_len > consumed &&
 	    (r = sshbuf_consume(iqueue, msg_len - consumed)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "consume");
 }
 
 /* Cleanup handler that logs active handles upon normal exit */
@@ -1556,8 +1697,8 @@
 
 	fprintf(stderr,
 	    "usage: %s [-ehR] [-d start_directory] [-f log_facility] "
-	    "[-l log_level]\n\t[-P blacklisted_requests] "
-	    "[-p whitelisted_requests] [-u umask]\n"
+	    "[-l log_level]\n\t[-P denied_requests] "
+	    "[-p allowed_requests] [-u umask]\n"
 	    "       %s -Q protocol_feature\n",
 	    __progname, __progname);
 	exit(1);
@@ -1627,14 +1768,14 @@
 			free(cp);
 			break;
 		case 'p':
-			if (request_whitelist != NULL)
+			if (request_allowlist != NULL)
 				fatal("Permitted requests already set");
-			request_whitelist = xstrdup(optarg);
+			request_allowlist = xstrdup(optarg);
 			break;
 		case 'P':
-			if (request_blacklist != NULL)
+			if (request_denylist != NULL)
 				fatal("Refused requests already set");
-			request_blacklist = xstrdup(optarg);
+			request_denylist = xstrdup(optarg);
 			break;
 		case 'u':
 			errno = 0;
@@ -1692,9 +1833,9 @@
 		max = out;
 
 	if ((iqueue = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((oqueue = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	rset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
 	wset = xcalloc(howmany(max + 1, NFDBITS), sizeof(fd_mask));
@@ -1721,8 +1862,7 @@
 		    SFTP_MAX_MSG_LENGTH)) == 0)
 			FD_SET(in, rset);
 		else if (r != SSH_ERR_NO_BUFFER_SPACE)
-			fatal("%s: sshbuf_check_reserve failed: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "reserve");
 
 		olen = sshbuf_len(oqueue);
 		if (olen > 0)
@@ -1744,10 +1884,8 @@
 			} else if (len == -1) {
 				error("read: %s", strerror(errno));
 				sftp_server_cleanup_exit(1);
-			} else if ((r = sshbuf_put(iqueue, buf, len)) != 0) {
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
-			}
+			} else if ((r = sshbuf_put(iqueue, buf, len)) != 0)
+				fatal_fr(r, "sshbuf_put");
 		}
 		/* send oqueue to stdout */
 		if (FD_ISSET(out, wset)) {
@@ -1755,10 +1893,8 @@
 			if (len == -1) {
 				error("write: %s", strerror(errno));
 				sftp_server_cleanup_exit(1);
-			} else if ((r = sshbuf_consume(oqueue, len)) != 0) {
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
-			}
+			} else if ((r = sshbuf_consume(oqueue, len)) != 0)
+				fatal_fr(r, "consume");
 		}
 
 		/*
@@ -1770,7 +1906,6 @@
 		if (r == 0)
 			process();
 		else if (r != SSH_ERR_NO_BUFFER_SPACE)
-			fatal("%s: sshbuf_check_reserve: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "reserve");
 	}
 }

sftp.1

diff --git a/sftp.1 b/sftp.1
index a305b37..7eebeea 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.131 2020/04/23 21:28:09 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.138 2021/07/02 05:11:21 dtucker Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 23 2020 $
+.Dd $Mdocdate: July 2 2021 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -30,7 +30,7 @@
 .Nd OpenSSH secure file transfer
 .Sh SYNOPSIS
 .Nm sftp
-.Op Fl 46aCfNpqrv
+.Op Fl 46AaCfNpqrv
 .Op Fl B Ar buffer_size
 .Op Fl b Ar batchfile
 .Op Fl c Ar cipher
@@ -104,6 +104,11 @@
 Forces
 .Nm
 to use IPv6 addresses only.
+.It Fl A
+Allows forwarding of
+.Xr ssh-agent 1
+to the remote system.
+The default is not to forward an authentication agent.
 .It Fl a
 Attempt to continue interrupted transfers rather than overwriting
 existing partial or complete copies of files.
@@ -227,7 +232,6 @@
 .It CanonicalizePermittedCNAMEs
 .It CASignatureAlgorithms
 .It CertificateFile
-.It ChallengeResponseAuthentication
 .It CheckHostIP
 .It Ciphers
 .It Compression
@@ -241,8 +245,8 @@
 .It GSSAPIDelegateCredentials
 .It HashKnownHosts
 .It Host
+.It HostbasedAcceptedAlgorithms
 .It HostbasedAuthentication
-.It HostbasedKeyTypes
 .It HostKeyAlgorithms
 .It HostKeyAlias
 .It Hostname
@@ -253,6 +257,7 @@
 .It KbdInteractiveAuthentication
 .It KbdInteractiveDevices
 .It KexAlgorithms
+.It KnownHostsCommand
 .It LogLevel
 .It MACs
 .It NoHostAuthenticationForLocalhost
@@ -263,7 +268,7 @@
 .It PreferredAuthentications
 .It ProxyCommand
 .It ProxyJump
-.It PubkeyAcceptedKeyTypes
+.It PubkeyAcceptedAlgorithms
 .It PubkeyAuthentication
 .It RekeyLimit
 .It SendEnv
@@ -343,15 +348,18 @@
 .Ar path
 to
 .Ar grp .
-If the
-.Fl h
-flag is specified, then symlinks will not be followed.
 .Ar path
 may contain
 .Xr glob 7
 characters and may match multiple files.
 .Ar grp
 must be a numeric GID.
+.Pp
+If the
+.Fl h
+flag is specified, then symlinks will not be followed.
+Note that this is only supported by servers that implement
+the "lsetstat@openssh.com" extension.
 .It Xo Ic chmod
 .Op Fl h
 .Ar mode
@@ -361,13 +369,16 @@
 .Ar path
 to
 .Ar mode .
-If the
-.Fl h
-flag is specified, then symlinks will not be followed.
 .Ar path
 may contain
 .Xr glob 7
 characters and may match multiple files.
+.Pp
+If the
+.Fl h
+flag is specified, then symlinks will not be followed.
+Note that this is only supported by servers that implement
+the "lsetstat@openssh.com" extension.
 .It Xo Ic chown
 .Op Fl h
 .Ar own
@@ -377,15 +388,18 @@
 .Ar path
 to
 .Ar own .
-If the
-.Fl h
-flag is specified, then symlinks will not be followed.
 .Ar path
 may contain
 .Xr glob 7
 characters and may match multiple files.
 .Ar own
 must be a numeric UID.
+.Pp
+If the
+.Fl h
+flag is specified, then symlinks will not be followed.
+Note that this is only supported by servers that implement
+the "lsetstat@openssh.com" extension.
 .It Xo Ic df
 .Op Fl hi
 .Op Ar path

sftp.c

diff --git a/sftp.c b/sftp.c
index 2799e4a..418f312 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.200 2020/04/03 05:53:52 jmc Exp $ */
+/* $OpenBSD: sftp.c,v 1.212 2021/09/11 09:05:50 schwarze Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -70,9 +70,6 @@
 #include "sftp-common.h"
 #include "sftp-client.h"
 
-#define DEFAULT_COPY_BUFLEN	32768	/* Size of buffer for up/download */
-#define DEFAULT_NUM_REQUESTS	64	/* # concurrent outstanding requests */
-
 /* File to read commands from */
 FILE* infile;
 
@@ -82,7 +79,7 @@
 /* PID of ssh transport process */
 static volatile pid_t sshpid = -1;
 
-/* Suppress diagnositic messages */
+/* Suppress diagnostic messages */
 int quiet = 0;
 
 /* This is set to 0 if the progressmeter is not desired. */
@@ -255,6 +252,13 @@
 	errno = olderrno;
 }
 
+/* ARGSUSED */
+static void
+read_interrupt(int signo)
+{
+	interrupted = 1;
+}
+
 /*ARGSUSED*/
 static void
 sigchld_handler(int sig)
@@ -385,20 +389,6 @@
 	return (xstrdup(path));
 }
 
-static char *
-make_absolute(char *p, const char *pwd)
-{
-	char *abs_str;
-
-	/* Derelativise */
-	if (p && !path_absolute(p)) {
-		abs_str = path_append(pwd, p);
-		free(p);
-		return(abs_str);
-	} else
-		return(p);
-}
-
 static int
 parse_getput_flags(const char *cmd, char **argv, int argc,
     int *aflag, int *fflag, int *pflag, int *rflag)
@@ -608,40 +598,6 @@
 }
 
 static int
-is_dir(const char *path)
-{
-	struct stat sb;
-
-	/* XXX: report errors? */
-	if (stat(path, &sb) == -1)
-		return(0);
-
-	return(S_ISDIR(sb.st_mode));
-}
-
-static int
-remote_is_dir(struct sftp_conn *conn, const char *path)
-{
-	Attrib *a;
-
-	/* XXX: report errors? */
-	if ((a = do_stat(conn, path, 1)) == NULL)
-		return(0);
-	if (!(a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS))
-		return(0);
-	return(S_ISDIR(a->perm));
-}
-
-/* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
-static int
-pathname_is_dir(const char *pathname)
-{
-	size_t l = strlen(pathname);
-
-	return l > 0 && pathname[l - 1] == '/';
-}
-
-static int
 process_get(struct sftp_conn *conn, const char *src, const char *dst,
     const char *pwd, int pflag, int rflag, int resume, int fflag)
 {
@@ -670,7 +626,7 @@
 	 * If multiple matches then dst must be a directory or
 	 * unspecified.
 	 */
-	if (g.gl_matchc > 1 && dst != NULL && !is_dir(dst)) {
+	if (g.gl_matchc > 1 && dst != NULL && !local_is_dir(dst)) {
 		error("Multiple source paths, but destination "
 		    "\"%s\" is not a directory", dst);
 		err = -1;
@@ -687,7 +643,7 @@
 		}
 
 		if (g.gl_matchc == 1 && dst) {
-			if (is_dir(dst)) {
+			if (local_is_dir(dst)) {
 				abs_dst = path_append(dst, filename);
 			} else {
 				abs_dst = xstrdup(dst);
@@ -706,10 +662,11 @@
 		else if (!quiet && !resume)
 			mprintf("Fetching %s to %s\n",
 			    g.gl_pathv[i], abs_dst);
-		if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
+		/* XXX follow link flag */
+		if (globpath_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
 			if (download_dir(conn, g.gl_pathv[i], abs_dst, NULL,
 			    pflag || global_pflag, 1, resume,
-			    fflag || global_fflag) == -1)
+			    fflag || global_fflag, 0) == -1)
 				err = -1;
 		} else {
 			if (do_download(conn, g.gl_pathv[i], abs_dst, NULL,
@@ -792,17 +749,18 @@
 		}
 		free(tmp);
 
-                resume |= global_aflag;
+		resume |= global_aflag;
 		if (!quiet && resume)
 			mprintf("Resuming upload of %s to %s\n",
 			    g.gl_pathv[i], abs_dst);
 		else if (!quiet && !resume)
 			mprintf("Uploading %s to %s\n",
 			    g.gl_pathv[i], abs_dst);
-		if (pathname_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
+		/* XXX follow_link_flag */
+		if (globpath_is_dir(g.gl_pathv[i]) && (rflag || global_rflag)) {
 			if (upload_dir(conn, g.gl_pathv[i], abs_dst,
 			    pflag || global_pflag, 1, resume,
-			    fflag || global_fflag) == -1)
+			    fflag || global_fflag, 0) == -1)
 				err = -1;
 		} else {
 			if (do_upload(conn, g.gl_pathv[i], abs_dst,
@@ -939,7 +897,10 @@
 		return (rmul * strcmp(ap, bp));
 	else if (sort_flag & LS_TIME_SORT) {
 #if defined(HAVE_STRUCT_STAT_ST_MTIM)
-		return (rmul * timespeccmp(&as->st_mtim, &bs->st_mtim, <));
+		if (timespeccmp(&as->st_mtim, &bs->st_mtim, ==))
+			return 0;
+		return timespeccmp(&as->st_mtim, &bs->st_mtim, <) ?
+		    rmul : -rmul;
 #elif defined(HAVE_STRUCT_STAT_ST_MTIME)
 		return (rmul * NCMP(as->st_mtime, bs->st_mtime));
 #else
@@ -1172,7 +1133,7 @@
  * last argument's quote has been properly terminated or 0 otherwise.
  * This parameter is only of use if "sloppy" is set.
  */
-#define MAXARGS 	128
+#define MAXARGS		128
 #define MAXARGLEN	8192
 static char **
 makeargv(const char *arg, int *argcp, int sloppy, char *lastquote,
@@ -1330,7 +1291,7 @@
 	const char *cmd, *cp = *cpp;
 	char *cp2, **argv;
 	int base = 0;
-	long l;
+	long long ll;
 	int path1_mandatory = 0, i, cmdnum, optidx, argc;
 
 	/* Skip leading whitespace */
@@ -1488,16 +1449,16 @@
 		if (argc - optidx < 1)
 			goto need_num_arg;
 		errno = 0;
-		l = strtol(argv[optidx], &cp2, base);
+		ll = strtoll(argv[optidx], &cp2, base);
 		if (cp2 == argv[optidx] || *cp2 != '\0' ||
-		    ((l == LONG_MIN || l == LONG_MAX) && errno == ERANGE) ||
-		    l < 0) {
+		    ((ll == LLONG_MIN || ll == LLONG_MAX) && errno == ERANGE) ||
+		    ll < 0 || ll > UINT32_MAX) {
  need_num_arg:
 			error("You must supply a numeric argument "
 			    "to the %s command.", cmd);
 			return -1;
 		}
-		*n_arg = l;
+		*n_arg = ll;
 		if (cmdnum == I_LUMASK)
 			break;
 		/* Get pathname (mandatory) */
@@ -2101,7 +2062,7 @@
 
 	lf = el_line(el);
 	if (el_get(el, EL_CLIENTDATA, (void**)&complete_ctx) != 0)
-		fatal("%s: el_get failed", __func__);
+		fatal_f("el_get failed");
 
 	/* Figure out which argument the cursor points to */
 	cursor = lf->cursor - lf->buffer;
@@ -2243,14 +2204,24 @@
 	interactive = !batchmode && isatty(STDIN_FILENO);
 	err = 0;
 	for (;;) {
-		ssh_signal(SIGINT, SIG_IGN);
+		struct sigaction sa;
 
+		interrupted = 0;
+		memset(&sa, 0, sizeof(sa));
+		sa.sa_handler = interactive ? read_interrupt : killchild;
+		if (sigaction(SIGINT, &sa, NULL) == -1) {
+			debug3("sigaction(%s): %s", strsignal(SIGINT),
+			    strerror(errno));
+			break;
+		}
 		if (el == NULL) {
 			if (interactive)
 				printf("sftp> ");
 			if (fgets(cmd, sizeof(cmd), infile) == NULL) {
 				if (interactive)
 					printf("\n");
+				if (interrupted)
+					continue;
 				break;
 			}
 		} else {
@@ -2261,7 +2232,9 @@
 			if ((line = el_gets(el, &count)) == NULL ||
 			    count <= 0) {
 				printf("\n");
- 				break;
+				if (interrupted)
+					continue;
+				break;
 			}
 			history(hl, &hev, H_ENTER, line);
 			if (strlcpy(cmd, line, sizeof(cmd)) >= sizeof(cmd)) {
@@ -2363,7 +2336,7 @@
 	extern char *__progname;
 
 	fprintf(stderr,
-	    "usage: %s [-46aCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
+	    "usage: %s [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]\n"
 	    "          [-D sftp_server_path] [-F ssh_config] [-i identity_file]\n"
 	    "          [-J destination] [-l limit] [-o ssh_option] [-P port]\n"
 	    "          [-R num_requests] [-S program] [-s subsystem | sftp_server]\n"
@@ -2386,8 +2359,8 @@
 	extern int optind;
 	extern char *optarg;
 	struct sftp_conn *conn;
-	size_t copy_buffer_len = DEFAULT_COPY_BUFLEN;
-	size_t num_requests = DEFAULT_NUM_REQUESTS;
+	size_t copy_buffer_len = 0;
+	size_t num_requests = 0;
 	long long limit_kbps = 0;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
@@ -2401,7 +2374,6 @@
 	args.list = NULL;
 	addargs(&args, "%s", ssh_program);
 	addargs(&args, "-oForwardX11 no");
-	addargs(&args, "-oForwardAgent no");
 	addargs(&args, "-oPermitLocalCommand no");
 	addargs(&args, "-oClearAllForwardings yes");
 
@@ -2409,9 +2381,10 @@
 	infile = stdin;
 
 	while ((ch = getopt(argc, argv,
-	    "1246afhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
+	    "1246AafhNpqrvCc:D:i:l:o:s:S:b:B:F:J:P:R:")) != -1) {
 		switch (ch) {
 		/* Passed through to ssh(1) */
+		case 'A':
 		case '4':
 		case '6':
 		case 'C':
@@ -2511,6 +2484,9 @@
 		}
 	}
 
+	/* Do this last because we want the user to be able to override it */
+	addargs(&args, "-oForwardAgent no");
+
 	if (!isatty(STDERR_FILENO))
 		showprogress = 0;
 

sk-api.h

diff --git a/sk-api.h b/sk-api.h
index 1ecaa35..74921d4 100644
--- a/sk-api.h
+++ b/sk-api.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sk-api.h,v 1.9 2020/04/28 04:02:29 djm Exp $ */
+/* $OpenBSD: sk-api.h,v 1.12 2021/02/18 02:15:07 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -47,6 +47,8 @@
 	size_t signature_len;
 	uint8_t *attestation_cert;
 	size_t attestation_cert_len;
+	uint8_t *authdata;
+	size_t authdata_len;
 };
 
 struct sk_sign_response {
@@ -63,6 +65,7 @@
 	size_t slot;
 	char *application;
 	struct sk_enroll_response key;
+	uint8_t flags;
 };
 
 struct sk_option {
@@ -71,7 +74,7 @@
 	uint8_t required;
 };
 
-#define SSH_SK_VERSION_MAJOR		0x00050000 /* current API version */
+#define SSH_SK_VERSION_MAJOR		0x00070000 /* current API version */
 #define SSH_SK_VERSION_MAJOR_MASK	0xffff0000
 
 /* Return the version of the middleware API */
@@ -83,7 +86,7 @@
     struct sk_option **options, struct sk_enroll_response **enroll_response);
 
 /* Sign a challenge */
-int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
+int sk_sign(uint32_t alg, const uint8_t *data, size_t data_len,
     const char *application, const uint8_t *key_handle, size_t key_handle_len,
     uint8_t flags, const char *pin, struct sk_option **options,
     struct sk_sign_response **sign_response);

sk-usbhid.c

diff --git a/sk-usbhid.c b/sk-usbhid.c
index 2525082..4389808 100644
--- a/sk-usbhid.c
+++ b/sk-usbhid.c
@@ -1,5 +1,7 @@
+/* $OpenBSD: sk-usbhid.c,v 1.30 2021/05/31 06:48:42 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl
+ * Copyright (c) 2020 Pedro Martelletto
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -24,6 +26,7 @@
 #include <stdio.h>
 #include <stddef.h>
 #include <stdarg.h>
+#include <time.h>
 #ifdef HAVE_SHA2_H
 #include <sha2.h>
 #endif
@@ -40,9 +43,33 @@
 #include <fido.h>
 #include <fido/credman.h>
 
+/* backwards compat for libfido2 */
+#ifndef HAVE_FIDO_CRED_PROT
+#define fido_cred_prot(x) (0)
+#endif
+#ifndef HAVE_FIDO_CRED_SET_PROT
+#define fido_cred_set_prot(x, y) (FIDO_ERR_UNSUPPORTED_OPTION)
+#endif
+#ifndef HAVE_FIDO_DEV_SUPPORTS_CRED_PROT
+#define fido_dev_supports_cred_prot(x) (0)
+#endif
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_BEGIN
+#define fido_dev_get_touch_begin(x) (FIDO_ERR_UNSUPPORTED_OPTION)
+#endif
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
+#define fido_dev_get_touch_status(x, y, z) (FIDO_ERR_UNSUPPORTED_OPTION)
+#endif
+#ifndef FIDO_CRED_PROT_UV_REQUIRED
+#define FIDO_CRED_PROT_UV_REQUIRED 0
+#endif
+#ifndef FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID
+#define FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID 0
+#endif
+
 #ifndef SK_STANDALONE
 # include "log.h"
 # include "xmalloc.h"
+# include "misc.h"
 /*
  * If building as part of OpenSSH, then rename exported functions.
  * This must be done before including sk-api.h.
@@ -57,7 +84,16 @@
 
 /* #define SK_DEBUG 1 */
 
-#define MAX_FIDO_DEVICES	256
+#ifdef SK_DEBUG
+#define SSH_FIDO_INIT_ARG	FIDO_DEBUG
+#else
+#define SSH_FIDO_INIT_ARG	0
+#endif
+
+#define MAX_FIDO_DEVICES	8
+#define FIDO_POLL_MS		50
+#define SELECT_MS		15000
+#define POLL_SLEEP_NS		200000000
 
 /* Compatibility with OpenSSH 1.0.x */
 #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
@@ -68,6 +104,11 @@
 	} while (0)
 #endif
 
+struct sk_usbhid {
+	fido_dev_t *dev;
+	char *path;
+};
+
 /* Return the version of the middleware API */
 uint32_t sk_api_version(void);
 
@@ -77,7 +118,7 @@
     struct sk_option **options, struct sk_enroll_response **enroll_response);
 
 /* Sign a challenge */
-int sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
+int sk_sign(uint32_t alg, const uint8_t *data, size_t data_len,
     const char *application, const uint8_t *key_handle, size_t key_handle_len,
     uint8_t flags, const char *pin, struct sk_option **options,
     struct sk_sign_response **sign_response);
@@ -121,53 +162,185 @@
 	return SSH_SK_VERSION_MAJOR;
 }
 
-/* Select the first identified FIDO device attached to the system */
-static char *
-pick_first_device(void)
+static struct sk_usbhid *
+sk_open(const char *path)
 {
-	char *ret = NULL;
-	fido_dev_info_t *devlist = NULL;
-	size_t olen = 0;
+	struct sk_usbhid *sk;
 	int r;
-	const fido_dev_info_t *di;
 
-	if ((devlist = fido_dev_info_new(1)) == NULL) {
-		skdebug(__func__, "fido_dev_info_new failed");
-		goto out;
+	if (path == NULL) {
+		skdebug(__func__, "path == NULL");
+		return NULL;
 	}
-	if ((r = fido_dev_info_manifest(devlist, 1, &olen)) != FIDO_OK) {
-		skdebug(__func__, "fido_dev_info_manifest failed: %s",
+	if ((sk = calloc(1, sizeof(*sk))) == NULL) {
+		skdebug(__func__, "calloc sk failed");
+		return NULL;
+	}
+	if ((sk->path = strdup(path)) == NULL) {
+		skdebug(__func__, "strdup path failed");
+		free(sk);
+		return NULL;
+	}
+	if ((sk->dev = fido_dev_new()) == NULL) {
+		skdebug(__func__, "fido_dev_new failed");
+		free(sk->path);
+		free(sk);
+		return NULL;
+	}
+	if ((r = fido_dev_open(sk->dev, sk->path)) != FIDO_OK) {
+		skdebug(__func__, "fido_dev_open %s failed: %s", sk->path,
 		    fido_strerr(r));
-		goto out;
+		fido_dev_free(&sk->dev);
+		free(sk->path);
+		free(sk);
+		return NULL;
 	}
-	if (olen != 1) {
-		skdebug(__func__, "fido_dev_info_manifest bad len %zu", olen);
-		goto out;
-	}
-	di = fido_dev_info_ptr(devlist, 0);
-	if ((ret = strdup(fido_dev_info_path(di))) == NULL) {
-		skdebug(__func__, "fido_dev_info_path failed");
-		goto out;
-	}
- out:
-	fido_dev_info_free(&devlist, 1);
-	return ret;
+	return sk;
 }
 
-/* Check if the specified key handle exists on a given device. */
+static void
+sk_close(struct sk_usbhid *sk)
+{
+	if (sk == NULL)
+		return;
+	fido_dev_cancel(sk->dev); /* cancel any pending operation */
+	fido_dev_close(sk->dev);
+	fido_dev_free(&sk->dev);
+	free(sk->path);
+	free(sk);
+}
+
+static struct sk_usbhid **
+sk_openv(const fido_dev_info_t *devlist, size_t ndevs, size_t *nopen)
+{
+	const fido_dev_info_t *di;
+	struct sk_usbhid **skv;
+	size_t i;
+
+	*nopen = 0;
+	if ((skv = calloc(ndevs, sizeof(*skv))) == NULL) {
+		skdebug(__func__, "calloc skv failed");
+		return NULL;
+	}
+	for (i = 0; i < ndevs; i++) {
+		if ((di = fido_dev_info_ptr(devlist, i)) == NULL)
+			skdebug(__func__, "fido_dev_info_ptr failed");
+		else if ((skv[*nopen] = sk_open(fido_dev_info_path(di))) == NULL)
+			skdebug(__func__, "sk_open failed");
+		else
+			(*nopen)++;
+	}
+	if (*nopen == 0) {
+		for (i = 0; i < ndevs; i++)
+			sk_close(skv[i]);
+		free(skv);
+		skv = NULL;
+	}
+
+	return skv;
+}
+
+static void
+sk_closev(struct sk_usbhid **skv, size_t nsk)
+{
+	size_t i;
+
+	for (i = 0; i < nsk; i++)
+		sk_close(skv[i]);
+	free(skv);
+}
+
 static int
-try_device(fido_dev_t *dev, const uint8_t *message, size_t message_len,
-    const char *application, const uint8_t *key_handle, size_t key_handle_len)
+sk_touch_begin(struct sk_usbhid **skv, size_t nsk)
+{
+	size_t i, ok = 0;
+	int r;
+
+	for (i = 0; i < nsk; i++)
+		if ((r = fido_dev_get_touch_begin(skv[i]->dev)) != FIDO_OK)
+			skdebug(__func__, "fido_dev_get_touch_begin %s failed:"
+			    " %s", skv[i]->path, fido_strerr(r));
+		else
+			ok++;
+
+	return ok ? 0 : -1;
+}
+
+static int
+sk_touch_poll(struct sk_usbhid **skv, size_t nsk, int *touch, size_t *idx)
+{
+	struct timespec ts_pause;
+	size_t npoll, i;
+	int r;
+
+	ts_pause.tv_sec = 0;
+	ts_pause.tv_nsec = POLL_SLEEP_NS;
+	nanosleep(&ts_pause, NULL);
+	npoll = nsk;
+	for (i = 0; i < nsk; i++) {
+		if (skv[i] == NULL)
+			continue; /* device discarded */
+		skdebug(__func__, "polling %s", skv[i]->path);
+		if ((r = fido_dev_get_touch_status(skv[i]->dev, touch,
+		    FIDO_POLL_MS)) != FIDO_OK) {
+			skdebug(__func__, "fido_dev_get_touch_status %s: %s",
+			    skv[i]->path, fido_strerr(r));
+			sk_close(skv[i]); /* discard device */
+			skv[i] = NULL;
+			if (--npoll == 0) {
+				skdebug(__func__, "no device left to poll");
+				return -1;
+			}
+		} else if (*touch) {
+			*idx = i;
+			return 0;
+		}
+	}
+	*touch = 0;
+	return 0;
+}
+
+/* Calculate SHA256(m) */
+static int
+sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen)
+{
+#ifdef WITH_OPENSSL
+	u_int mdlen;
+#endif
+
+	if (dlen != 32)
+		return -1;
+#ifdef WITH_OPENSSL
+	mdlen = dlen;
+	if (!EVP_Digest(m, mlen, d, &mdlen, EVP_sha256(), NULL))
+		return -1;
+#else
+	SHA256Data(m, mlen, d);
+#endif
+	return 0;
+}
+
+/* Check if the specified key handle exists on a given sk. */
+static int
+sk_try(const struct sk_usbhid *sk, const char *application,
+    const uint8_t *key_handle, size_t key_handle_len)
 {
 	fido_assert_t *assert = NULL;
+	/* generate an invalid signature on FIDO2 tokens */
+	const char *data = "";
+	uint8_t message[32];
 	int r = FIDO_ERR_INTERNAL;
 
+	if (sha256_mem(data, strlen(data), message, sizeof(message)) != 0) {
+		skdebug(__func__, "hash message failed");
+		goto out;
+	}
 	if ((assert = fido_assert_new()) == NULL) {
 		skdebug(__func__, "fido_assert_new failed");
 		goto out;
 	}
 	if ((r = fido_assert_set_clientdata_hash(assert, message,
-	    message_len)) != FIDO_OK) {
+	    sizeof(message))) != FIDO_OK) {
 		skdebug(__func__, "fido_assert_set_clientdata_hash: %s",
 		    fido_strerr(r));
 		goto out;
@@ -185,7 +358,7 @@
 		skdebug(__func__, "fido_assert_up: %s", fido_strerr(r));
 		goto out;
 	}
-	r = fido_dev_get_assert(dev, assert, NULL);
+	r = fido_dev_get_assert(sk->dev, assert, NULL);
 	skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
 	if (r == FIDO_ERR_USER_PRESENCE_REQUIRED) {
 		/* U2F tokens may return this */
@@ -197,76 +370,122 @@
 	return r != FIDO_OK ? -1 : 0;
 }
 
-/* Iterate over configured devices looking for a specific key handle */
-static fido_dev_t *
-find_device(const char *path, const uint8_t *message, size_t message_len,
+static struct sk_usbhid *
+sk_select_by_cred(const fido_dev_info_t *devlist, size_t ndevs,
     const char *application, const uint8_t *key_handle, size_t key_handle_len)
 {
-	fido_dev_info_t *devlist = NULL;
-	fido_dev_t *dev = NULL;
-	size_t devlist_len = 0, i;
-	int r;
+	struct sk_usbhid **skv, *sk;
+	size_t skvcnt, i;
 
-	if (path != NULL) {
-		if ((dev = fido_dev_new()) == NULL) {
-			skdebug(__func__, "fido_dev_new failed");
-			return NULL;
-		}
-		if ((r = fido_dev_open(dev, path)) != FIDO_OK) {
-			skdebug(__func__, "fido_dev_open failed");
-			fido_dev_free(&dev);
-			return NULL;
-		}
-		return dev;
+	if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) {
+		skdebug(__func__, "sk_openv failed");
+		return NULL;
 	}
+	if (skvcnt == 1) {
+		sk = skv[0];
+		skv[0] = NULL;
+		goto out;
+	}
+	sk = NULL;
+	for (i = 0; i < skvcnt; i++) {
+		if (sk_try(skv[i], application, key_handle,
+		    key_handle_len) == 0) {
+			sk = skv[i];
+			skv[i] = NULL;
+			skdebug(__func__, "found key in %s", sk->path);
+			break;
+		}
+	}
+ out:
+	sk_closev(skv, skvcnt);
+	return sk;
+}
+
+static struct sk_usbhid *
+sk_select_by_touch(const fido_dev_info_t *devlist, size_t ndevs)
+{
+	struct sk_usbhid **skv, *sk;
+	struct timeval tv_start, tv_now, tv_delta;
+	size_t skvcnt, idx;
+	int touch, ms_remain;
+
+	if ((skv = sk_openv(devlist, ndevs, &skvcnt)) == NULL) {
+		skdebug(__func__, "sk_openv failed");
+		return NULL;
+	}
+	sk = NULL;
+	if (skvcnt < 2) {
+		if (skvcnt == 1) {
+			/* single candidate */
+			sk = skv[0];
+			skv[0] = NULL;
+		}
+		goto out;
+	}
+#ifndef HAVE_FIDO_DEV_GET_TOUCH_STATUS
+	skdebug(__func__, "libfido2 version does not support a feature needed for multiple tokens. Please upgrade to >=1.5.0");
+	goto out;
+#endif
+
+	if (sk_touch_begin(skv, skvcnt) == -1) {
+		skdebug(__func__, "sk_touch_begin failed");
+		goto out;
+	}
+	monotime_tv(&tv_start);
+	do {
+		if (sk_touch_poll(skv, skvcnt, &touch, &idx) == -1) {
+			skdebug(__func__, "sk_touch_poll failed");
+			goto out;
+		}
+		if (touch) {
+			sk = skv[idx];
+			skv[idx] = NULL;
+			goto out;
+		}
+		monotime_tv(&tv_now);
+		timersub(&tv_now, &tv_start, &tv_delta);
+		ms_remain = SELECT_MS - tv_delta.tv_sec * 1000 -
+		    tv_delta.tv_usec / 1000;
+	} while (ms_remain >= FIDO_POLL_MS);
+	skdebug(__func__, "timeout");
+out:
+	sk_closev(skv, skvcnt);
+	return sk;
+}
+
+static struct sk_usbhid *
+sk_probe(const char *application, const uint8_t *key_handle,
+    size_t key_handle_len)
+{
+	struct sk_usbhid *sk;
+	fido_dev_info_t *devlist;
+	size_t ndevs;
+	int r;
 
 	if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
 		skdebug(__func__, "fido_dev_info_new failed");
-		goto out;
+		return NULL;
 	}
 	if ((r = fido_dev_info_manifest(devlist, MAX_FIDO_DEVICES,
-	    &devlist_len)) != FIDO_OK) {
-		skdebug(__func__, "fido_dev_info_manifest: %s", fido_strerr(r));
-		goto out;
-	}
-
-	skdebug(__func__, "found %zu device(s)", devlist_len);
-
-	for (i = 0; i < devlist_len; i++) {
-		const fido_dev_info_t *di = fido_dev_info_ptr(devlist, i);
-
-		if (di == NULL) {
-			skdebug(__func__, "fido_dev_info_ptr %zu failed", i);
-			continue;
-		}
-		if ((path = fido_dev_info_path(di)) == NULL) {
-			skdebug(__func__, "fido_dev_info_path %zu failed", i);
-			continue;
-		}
-		skdebug(__func__, "trying device %zu: %s", i, path);
-		if ((dev = fido_dev_new()) == NULL) {
-			skdebug(__func__, "fido_dev_new failed");
-			continue;
-		}
-		if ((r = fido_dev_open(dev, path)) != FIDO_OK) {
-			skdebug(__func__, "fido_dev_open failed");
-			fido_dev_free(&dev);
-			continue;
-		}
-		if (try_device(dev, message, message_len, application,
-		    key_handle, key_handle_len) == 0) {
-			skdebug(__func__, "found key");
-			break;
-		}
-		fido_dev_close(dev);
-		fido_dev_free(&dev);
-	}
-
- out:
-	if (devlist != NULL)
+	    &ndevs)) != FIDO_OK) {
+		skdebug(__func__, "fido_dev_info_manifest failed: %s",
+		    fido_strerr(r));
 		fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
-
-	return dev;
+		return NULL;
+	}
+	skdebug(__func__, "%zu device(s) detected", ndevs);
+	if (ndevs == 0) {
+		sk = NULL;
+	} else if (application != NULL && key_handle != NULL) {
+		skdebug(__func__, "selecting sk by cred");
+		sk = sk_select_by_cred(devlist, ndevs, application, key_handle,
+		    key_handle_len);
+	} else {
+		skdebug(__func__, "selecting sk by touch");
+		sk = sk_select_by_touch(devlist, ndevs);
+	}
+	fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
+	return sk;
 }
 
 #ifdef WITH_OPENSSL
@@ -449,29 +668,29 @@
     struct sk_option **options, struct sk_enroll_response **enroll_response)
 {
 	fido_cred_t *cred = NULL;
-	fido_dev_t *dev = NULL;
 	const uint8_t *ptr;
-	uint8_t user_id[32];
+	uint8_t user_id[32], chall_hash[32];
+	struct sk_usbhid *sk = NULL;
 	struct sk_enroll_response *response = NULL;
 	size_t len;
+	int credprot;
 	int cose_alg;
 	int ret = SSH_SK_ERR_GENERAL;
 	int r;
 	char *device = NULL;
 
-#ifdef SK_DEBUG
-	fido_init(FIDO_DEBUG);
-#endif
+	fido_init(SSH_FIDO_INIT_ARG);
+
 	if (enroll_response == NULL) {
 		skdebug(__func__, "enroll_response == NULL");
 		goto out;
 	}
+	*enroll_response = NULL;
 	memset(user_id, 0, sizeof(user_id));
-	if (check_enroll_options(options, &device,
-	    user_id, sizeof(user_id)) != 0)
+	if (check_enroll_options(options, &device, user_id,
+	    sizeof(user_id)) != 0)
 		goto out; /* error already logged */
 
-	*enroll_response = NULL;
 	switch(alg) {
 #ifdef WITH_OPENSSL
 	case SSH_SK_ECDSA:
@@ -485,12 +704,15 @@
 		skdebug(__func__, "unsupported key type %d", alg);
 		goto out;
 	}
-	if (device == NULL && (device = pick_first_device()) == NULL) {
-		ret = SSH_SK_ERR_DEVICE_NOT_FOUND;
-		skdebug(__func__, "pick_first_device failed");
+	if (device != NULL)
+		sk = sk_open(device);
+	else
+		sk = sk_probe(NULL, NULL, 0);
+	if (sk == NULL) {
+		skdebug(__func__, "failed to find sk");
 		goto out;
 	}
-	skdebug(__func__, "using device %s", device);
+	skdebug(__func__, "using device %s", sk->path);
 	if ((cred = fido_cred_new()) == NULL) {
 		skdebug(__func__, "fido_cred_new failed");
 		goto out;
@@ -499,8 +721,13 @@
 		skdebug(__func__, "fido_cred_set_type: %s", fido_strerr(r));
 		goto out;
 	}
-	if ((r = fido_cred_set_clientdata_hash(cred, challenge,
-	    challenge_len)) != FIDO_OK) {
+	if (sha256_mem(challenge, challenge_len,
+	    chall_hash, sizeof(chall_hash)) != 0) {
+		skdebug(__func__, "hash challenge failed");
+		goto out;
+	}
+	if ((r = fido_cred_set_clientdata_hash(cred, chall_hash,
+	    sizeof(chall_hash))) != FIDO_OK) {
 		skdebug(__func__, "fido_cred_set_clientdata_hash: %s",
 		    fido_strerr(r));
 		goto out;
@@ -519,15 +746,34 @@
 		skdebug(__func__, "fido_cred_set_rp: %s", fido_strerr(r));
 		goto out;
 	}
-	if ((dev = fido_dev_new()) == NULL) {
-		skdebug(__func__, "fido_dev_new failed");
+	if ((flags & (SSH_SK_RESIDENT_KEY|SSH_SK_USER_VERIFICATION_REQD)) != 0) {
+#if !defined(HAVE_FIDO_DEV_SUPPORTS_CRED_PROT) || \
+    !defined(HAVE_FIDO_CRED_SET_PROT)
+		skdebug(__func__, "libfido2 version does not support a feature required for this operation. Please upgrade to >=1.5.0");
+		ret = SSH_SK_ERR_UNSUPPORTED;
 		goto out;
+		credprot = 0; (void)credprot; /* avoid warning */
+#endif
+		if (!fido_dev_supports_cred_prot(sk->dev)) {
+			skdebug(__func__, "%s does not support credprot, "
+			    "refusing to create unprotected "
+			    "resident/verify-required key", sk->path);
+			ret = SSH_SK_ERR_UNSUPPORTED;
+			goto out;
+		}
+		if ((flags & SSH_SK_USER_VERIFICATION_REQD))
+			credprot = FIDO_CRED_PROT_UV_REQUIRED;
+		else
+			credprot = FIDO_CRED_PROT_UV_OPTIONAL_WITH_ID;
+
+		if ((r = fido_cred_set_prot(cred, credprot)) != FIDO_OK) {
+			skdebug(__func__, "fido_cred_set_prot: %s",
+			    fido_strerr(r));
+			ret = fidoerr_to_skerr(r);
+			goto out;
+		}
 	}
-	if ((r = fido_dev_open(dev, device)) != FIDO_OK) {
-		skdebug(__func__, "fido_dev_open: %s", fido_strerr(r));
-		goto out;
-	}
-	if ((r = fido_dev_make_cred(dev, cred, pin)) != FIDO_OK) {
+	if ((r = fido_dev_make_cred(sk->dev, cred, pin)) != FIDO_OK) {
 		skdebug(__func__, "fido_dev_make_cred: %s", fido_strerr(r));
 		ret = fidoerr_to_skerr(r);
 		goto out;
@@ -574,7 +820,7 @@
 	}
 	if ((ptr = fido_cred_x5c_ptr(cred)) != NULL) {
 		len = fido_cred_x5c_len(cred);
-		debug3("%s: attestation cert len=%zu", __func__, len);
+		skdebug(__func__, "attestation cert len=%zu", len);
 		if ((response->attestation_cert = calloc(1, len)) == NULL) {
 			skdebug(__func__, "calloc attestation cert failed");
 			goto out;
@@ -582,6 +828,16 @@
 		memcpy(response->attestation_cert, ptr, len);
 		response->attestation_cert_len = len;
 	}
+	if ((ptr = fido_cred_authdata_ptr(cred)) != NULL) {
+		len = fido_cred_authdata_len(cred);
+		skdebug(__func__, "authdata len=%zu", len);
+		if ((response->authdata = calloc(1, len)) == NULL) {
+			skdebug(__func__, "calloc authdata failed");
+			goto out;
+		}
+		memcpy(response->authdata, ptr, len);
+		response->authdata_len = len;
+	}
 	*enroll_response = response;
 	response = NULL;
 	ret = 0;
@@ -592,15 +848,11 @@
 		free(response->key_handle);
 		free(response->signature);
 		free(response->attestation_cert);
+		free(response->authdata);
 		free(response);
 	}
-	if (dev != NULL) {
-		fido_dev_close(dev);
-		fido_dev_free(&dev);
-	}
-	if (cred != NULL) {
-		fido_cred_free(&cred);
-	}
+	sk_close(sk);
+	fido_cred_free(&cred);
 	return ret;
 }
 
@@ -714,26 +966,6 @@
 	return 0;
 }
 
-/* Calculate SHA256(m) */
-static int
-sha256_mem(const void *m, size_t mlen, u_char *d, size_t dlen)
-{
-#ifdef WITH_OPENSSL
-	u_int mdlen;
-#endif
-
-	if (dlen != 32)
-		return -1;
-#ifdef WITH_OPENSSL
-	mdlen = dlen;
-	if (!EVP_Digest(m, mlen, d, &mdlen, EVP_sha256(), NULL))
-		return -1;
-#else
-	SHA256Data(m, mlen, d);
-#endif
-	return 0;
-}
-
 int
 sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
     const char *application,
@@ -743,15 +975,13 @@
 {
 	fido_assert_t *assert = NULL;
 	char *device = NULL;
-	fido_dev_t *dev = NULL;
+	struct sk_usbhid *sk = NULL;
 	struct sk_sign_response *response = NULL;
 	uint8_t message[32];
 	int ret = SSH_SK_ERR_GENERAL;
 	int r;
 
-#ifdef SK_DEBUG
-	fido_init(FIDO_DEBUG);
-#endif
+	fido_init(SSH_FIDO_INIT_ARG);
 
 	if (sign_response == NULL) {
 		skdebug(__func__, "sign_response == NULL");
@@ -765,9 +995,14 @@
 		skdebug(__func__, "hash message failed");
 		goto out;
 	}
-	if ((dev = find_device(device, message, sizeof(message),
-	    application, key_handle, key_handle_len)) == NULL) {
-		skdebug(__func__, "couldn't find device for key handle");
+	if (device != NULL)
+		sk = sk_open(device);
+	else if (pin != NULL || (flags & SSH_SK_USER_VERIFICATION_REQD))
+		sk = sk_probe(NULL, NULL, 0);
+	else
+		sk = sk_probe(application, key_handle, key_handle_len);
+	if (sk == NULL) {
+		skdebug(__func__, "failed to find sk");
 		goto out;
 	}
 	if ((assert = fido_assert_new()) == NULL) {
@@ -795,8 +1030,15 @@
 		skdebug(__func__, "fido_assert_set_up: %s", fido_strerr(r));
 		goto out;
 	}
-	if ((r = fido_dev_get_assert(dev, assert, NULL)) != FIDO_OK) {
+	if (pin == NULL && (flags & SSH_SK_USER_VERIFICATION_REQD) &&
+	    (r = fido_assert_set_uv(assert, FIDO_OPT_TRUE)) != FIDO_OK) {
+		skdebug(__func__, "fido_assert_set_uv: %s", fido_strerr(r));
+		ret = FIDO_ERR_PIN_REQUIRED;
+		goto out;
+	}
+	if ((r = fido_dev_get_assert(sk->dev, assert, pin)) != FIDO_OK) {
 		skdebug(__func__, "fido_dev_get_assert: %s", fido_strerr(r));
+		ret = fidoerr_to_skerr(r);
 		goto out;
 	}
 	if ((response = calloc(1, sizeof(*response))) == NULL) {
@@ -820,22 +1062,16 @@
 		free(response->sig_s);
 		free(response);
 	}
-	if (dev != NULL) {
-		fido_dev_close(dev);
-		fido_dev_free(&dev);
-	}
-	if (assert != NULL) {
-		fido_assert_free(&assert);
-	}
+	sk_close(sk);
+	fido_assert_free(&assert);
 	return ret;
 }
 
 static int
-read_rks(const char *devpath, const char *pin,
+read_rks(struct sk_usbhid *sk, const char *pin,
     struct sk_resident_key ***rksp, size_t *nrksp)
 {
 	int ret = SSH_SK_ERR_GENERAL, r = -1;
-	fido_dev_t *dev = NULL;
 	fido_credman_metadata_t *metadata = NULL;
 	fido_credman_rp_t *rp = NULL;
 	fido_credman_rk_t *rk = NULL;
@@ -843,30 +1079,25 @@
 	const fido_cred_t *cred;
 	struct sk_resident_key *srk = NULL, **tmp;
 
-	if ((dev = fido_dev_new()) == NULL) {
-		skdebug(__func__, "fido_dev_new failed");
-		return ret;
-	}
-	if ((r = fido_dev_open(dev, devpath)) != FIDO_OK) {
-		skdebug(__func__, "fido_dev_open %s failed: %s",
-		    devpath, fido_strerr(r));
-		fido_dev_free(&dev);
-		return ret;
+	if (pin == NULL) {
+		skdebug(__func__, "no PIN specified");
+		ret = SSH_SK_ERR_PIN_REQUIRED;
+		goto out;
 	}
 	if ((metadata = fido_credman_metadata_new()) == NULL) {
 		skdebug(__func__, "alloc failed");
 		goto out;
 	}
 
-	if ((r = fido_credman_get_dev_metadata(dev, metadata, pin)) != 0) {
+	if ((r = fido_credman_get_dev_metadata(sk->dev, metadata, pin)) != 0) {
 		if (r == FIDO_ERR_INVALID_COMMAND) {
 			skdebug(__func__, "device %s does not support "
-			    "resident keys", devpath);
+			    "resident keys", sk->path);
 			ret = 0;
 			goto out;
 		}
 		skdebug(__func__, "get metadata for %s failed: %s",
-		    devpath, fido_strerr(r));
+		    sk->path, fido_strerr(r));
 		ret = fidoerr_to_skerr(r);
 		goto out;
 	}
@@ -877,14 +1108,14 @@
 		skdebug(__func__, "alloc rp failed");
 		goto out;
 	}
-	if ((r = fido_credman_get_dev_rp(dev, rp, pin)) != 0) {
+	if ((r = fido_credman_get_dev_rp(sk->dev, rp, pin)) != 0) {
 		skdebug(__func__, "get RPs for %s failed: %s",
-		    devpath, fido_strerr(r));
+		    sk->path, fido_strerr(r));
 		goto out;
 	}
 	nrp = fido_credman_rp_count(rp);
 	skdebug(__func__, "Device %s has resident keys for %zu RPs",
-	    devpath, nrp);
+	    sk->path, nrp);
 
 	/* Iterate over RP IDs that have resident keys */
 	for (i = 0; i < nrp; i++) {
@@ -901,10 +1132,10 @@
 			skdebug(__func__, "alloc rk failed");
 			goto out;
 		}
-		if ((r = fido_credman_get_dev_rk(dev, fido_credman_rp_id(rp, i),
-		    rk, pin)) != 0) {
+		if ((r = fido_credman_get_dev_rk(sk->dev,
+		    fido_credman_rp_id(rp, i), rk, pin)) != 0) {
 			skdebug(__func__, "get RKs for %s slot %zu failed: %s",
-			    devpath, i, fido_strerr(r));
+			    sk->path, i, fido_strerr(r));
 			goto out;
 		}
 		nrk = fido_credman_rk_count(rk);
@@ -918,8 +1149,9 @@
 				continue;
 			}
 			skdebug(__func__, "Device %s RP \"%s\" slot %zu: "
-			    "type %d", devpath, fido_credman_rp_id(rp, i), j,
-			    fido_cred_type(cred));
+			    "type %d flags 0x%02x prot 0x%02x", sk->path,
+			    fido_credman_rp_id(rp, i), j, fido_cred_type(cred),
+			    fido_cred_flags(cred), fido_cred_prot(cred));
 
 			/* build response entry */
 			if ((srk = calloc(1, sizeof(*srk))) == NULL ||
@@ -932,8 +1164,7 @@
 			}
 
 			srk->key.key_handle_len = fido_cred_id_len(cred);
-			memcpy(srk->key.key_handle,
-			    fido_cred_id_ptr(cred),
+			memcpy(srk->key.key_handle, fido_cred_id_ptr(cred),
 			    srk->key.key_handle_len);
 
 			switch (fido_cred_type(cred)) {
@@ -949,6 +1180,9 @@
 				goto out; /* XXX free rk and continue */
 			}
 
+			if (fido_cred_prot(cred) == FIDO_CRED_PROT_UV_REQUIRED)
+				srk->flags |=  SSH_SK_USER_VERIFICATION_REQD;
+
 			if ((r = pack_public_key(srk->alg, cred,
 			    &srk->key)) != 0) {
 				skdebug(__func__, "pack public key failed");
@@ -976,8 +1210,6 @@
 	}
 	fido_credman_rp_free(&rp);
 	fido_credman_rk_free(&rk);
-	fido_dev_close(dev);
-	fido_dev_free(&dev);
 	fido_credman_metadata_free(&metadata);
 	return ret;
 }
@@ -987,50 +1219,31 @@
     struct sk_resident_key ***rksp, size_t *nrksp)
 {
 	int ret = SSH_SK_ERR_GENERAL, r = -1;
-	fido_dev_info_t *devlist = NULL;
-	size_t i, ndev = 0, nrks = 0;
-	const fido_dev_info_t *di;
+	size_t i, nrks = 0;
 	struct sk_resident_key **rks = NULL;
+	struct sk_usbhid *sk = NULL;
 	char *device = NULL;
+
 	*rksp = NULL;
 	*nrksp = 0;
 
+	fido_init(SSH_FIDO_INIT_ARG);
+
 	if (check_sign_load_resident_options(options, &device) != 0)
 		goto out; /* error already logged */
-	if (device != NULL) {
-		skdebug(__func__, "trying %s", device);
-		if ((r = read_rks(device, pin, &rks, &nrks)) != 0) {
-			skdebug(__func__, "read_rks failed for %s", device);
-			ret = r;
-			goto out;
-		}
-	} else {
-		/* Try all devices */
-		if ((devlist = fido_dev_info_new(MAX_FIDO_DEVICES)) == NULL) {
-			skdebug(__func__, "fido_dev_info_new failed");
-			goto out;
-		}
-		if ((r = fido_dev_info_manifest(devlist,
-		    MAX_FIDO_DEVICES, &ndev)) != FIDO_OK) {
-			skdebug(__func__, "fido_dev_info_manifest failed: %s",
-			    fido_strerr(r));
-			goto out;
-		}
-		for (i = 0; i < ndev; i++) {
-			if ((di = fido_dev_info_ptr(devlist, i)) == NULL) {
-				skdebug(__func__, "no dev info at %zu", i);
-				continue;
-			}
-			skdebug(__func__, "trying %s", fido_dev_info_path(di));
-			if ((r = read_rks(fido_dev_info_path(di), pin,
-			    &rks, &nrks)) != 0) {
-				skdebug(__func__, "read_rks failed for %s",
-				    fido_dev_info_path(di));
-				/* remember last error */
-				ret = r;
-				continue;
-			}
-		}
+	if (device != NULL)
+		sk = sk_open(device);
+	else
+		sk = sk_probe(NULL, NULL, 0);
+	if (sk == NULL) {
+		skdebug(__func__, "failed to find sk");
+		goto out;
+	}
+	skdebug(__func__, "trying %s", sk->path);
+	if ((r = read_rks(sk, pin, &rks, &nrks)) != 0) {
+		skdebug(__func__, "read_rks failed for %s", sk->path);
+		ret = r;
+		goto out;
 	}
 	/* success, unless we have no keys but a specific error */
 	if (nrks > 0 || ret == SSH_SK_ERR_GENERAL)
@@ -1040,7 +1253,7 @@
 	rks = NULL;
 	nrks = 0;
  out:
-	free(device);
+	sk_close(sk);
 	for (i = 0; i < nrks; i++) {
 		free(rks[i]->application);
 		freezero(rks[i]->key.public_key, rks[i]->key.public_key_len);
@@ -1048,7 +1261,6 @@
 		freezero(rks[i], sizeof(*rks[i]));
 	}
 	free(rks);
-	fido_dev_info_free(&devlist, MAX_FIDO_DEVICES);
 	return ret;
 }
 

sntrup4591761.c

diff --git a/sntrup4591761.c b/sntrup4591761.c
deleted file mode 100644
index 61fe248..0000000
--- a/sntrup4591761.c
+++ /dev/null
@@ -1,1083 +0,0 @@
-/*  $OpenBSD: sntrup4591761.c,v 1.3 2019/01/30 19:51:15 markus Exp $ */
-
-/*
- * Public Domain, Authors:
- * - Daniel J. Bernstein
- * - Chitchanok Chuengsatiansup
- * - Tanja Lange
- * - Christine van Vredendaal
- */
-
-#include "includes.h"
-
-#include <string.h>
-#include "crypto_api.h"
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.h */
-#ifndef int32_sort_h
-#define int32_sort_h
-
-
-static void int32_sort(crypto_int32 *,int);
-
-#endif
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-static void minmax(crypto_int32 *x,crypto_int32 *y)
-{
-  crypto_uint32 xi = *x;
-  crypto_uint32 yi = *y;
-  crypto_uint32 xy = xi ^ yi;
-  crypto_uint32 c = yi - xi;
-  c ^= xy & (c ^ yi);
-  c >>= 31;
-  c = -c;
-  c &= xy;
-  *x = xi ^ c;
-  *y = yi ^ c;
-}
-
-static void int32_sort(crypto_int32 *x,int n)
-{
-  int top,p,q,i;
-
-  if (n < 2) return;
-  top = 1;
-  while (top < n - top) top += top;
-
-  for (p = top;p > 0;p >>= 1) {
-    for (i = 0;i < n - p;++i)
-      if (!(i & p))
-        minmax(x + i,x + i + p);
-    for (q = top;q > p;q >>= 1)
-      for (i = 0;i < n - q;++i)
-        if (!(i & p))
-          minmax(x + i + p,x + i + q);
-  }
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.h */
-#ifndef small_h
-#define small_h
-
-
-typedef crypto_int8 small;
-
-static void small_encode(unsigned char *,const small *);
-
-static void small_decode(small *,const unsigned char *);
-
-
-static void small_random(small *);
-
-static void small_random_weightw(small *);
-
-#endif
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/mod3.h */
-#ifndef mod3_h
-#define mod3_h
-
-
-/* -1 if x is nonzero, 0 otherwise */
-static inline int mod3_nonzero_mask(small x)
-{
-  return -x*x;
-}
-
-/* input between -100000 and 100000 */
-/* output between -1 and 1 */
-static inline small mod3_freeze(crypto_int32 a)
-{
-  a -= 3 * ((10923 * a) >> 15);
-  a -= 3 * ((89478485 * a + 134217728) >> 28);
-  return a;
-}
-
-static inline small mod3_minusproduct(small a,small b,small c)
-{
-  crypto_int32 A = a;
-  crypto_int32 B = b;
-  crypto_int32 C = c;
-  return mod3_freeze(A - B * C);
-}
-
-static inline small mod3_plusproduct(small a,small b,small c)
-{
-  crypto_int32 A = a;
-  crypto_int32 B = b;
-  crypto_int32 C = c;
-  return mod3_freeze(A + B * C);
-}
-
-static inline small mod3_product(small a,small b)
-{
-  return a * b;
-}
-
-static inline small mod3_sum(small a,small b)
-{
-  crypto_int32 A = a;
-  crypto_int32 B = b;
-  return mod3_freeze(A + B);
-}
-
-static inline small mod3_reciprocal(small a1)
-{
-  return a1;
-}
-
-static inline small mod3_quotient(small num,small den)
-{
-  return mod3_product(num,mod3_reciprocal(den));
-}
-
-#endif
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/modq.h */
-#ifndef modq_h
-#define modq_h
-
-
-typedef crypto_int16 modq;
-
-/* -1 if x is nonzero, 0 otherwise */
-static inline int modq_nonzero_mask(modq x)
-{
-  crypto_int32 r = (crypto_uint16) x;
-  r = -r;
-  r >>= 30;
-  return r;
-}
-
-/* input between -9000000 and 9000000 */
-/* output between -2295 and 2295 */
-static inline modq modq_freeze(crypto_int32 a)
-{
-  a -= 4591 * ((228 * a) >> 20);
-  a -= 4591 * ((58470 * a + 134217728) >> 28);
-  return a;
-}
-
-static inline modq modq_minusproduct(modq a,modq b,modq c)
-{
-  crypto_int32 A = a;
-  crypto_int32 B = b;
-  crypto_int32 C = c;
-  return modq_freeze(A - B * C);
-}
-
-static inline modq modq_plusproduct(modq a,modq b,modq c)
-{
-  crypto_int32 A = a;
-  crypto_int32 B = b;
-  crypto_int32 C = c;
-  return modq_freeze(A + B * C);
-}
-
-static inline modq modq_product(modq a,modq b)
-{
-  crypto_int32 A = a;
-  crypto_int32 B = b;
-  return modq_freeze(A * B);
-}
-
-static inline modq modq_square(modq a)
-{
-  crypto_int32 A = a;
-  return modq_freeze(A * A);
-}
-
-static inline modq modq_sum(modq a,modq b)
-{
-  crypto_int32 A = a;
-  crypto_int32 B = b;
-  return modq_freeze(A + B);
-}
-
-static inline modq modq_reciprocal(modq a1)
-{
-  modq a2 = modq_square(a1);
-  modq a3 = modq_product(a2,a1);
-  modq a4 = modq_square(a2);
-  modq a8 = modq_square(a4);
-  modq a16 = modq_square(a8);
-  modq a32 = modq_square(a16);
-  modq a35 = modq_product(a32,a3);
-  modq a70 = modq_square(a35);
-  modq a140 = modq_square(a70);
-  modq a143 = modq_product(a140,a3);
-  modq a286 = modq_square(a143);
-  modq a572 = modq_square(a286);
-  modq a1144 = modq_square(a572);
-  modq a1147 = modq_product(a1144,a3);
-  modq a2294 = modq_square(a1147);
-  modq a4588 = modq_square(a2294);
-  modq a4589 = modq_product(a4588,a1);
-  return a4589;
-}
-
-static inline modq modq_quotient(modq num,modq den)
-{
-  return modq_product(num,modq_reciprocal(den));
-}
-
-#endif
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/params.h */
-#ifndef params_h
-#define params_h
-
-#define q 4591
-/* XXX: also built into modq in various ways */
-
-#define qshift 2295
-#define p 761
-#define w 286
-
-#define rq_encode_len 1218
-#define small_encode_len 191
-
-#endif
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3.h */
-#ifndef r3_h
-#define r3_h
-
-
-static void r3_mult(small *,const small *,const small *);
-
-extern int r3_recip(small *,const small *);
-
-#endif
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.h */
-#ifndef rq_h
-#define rq_h
-
-
-static void rq_encode(unsigned char *,const modq *);
-
-static void rq_decode(modq *,const unsigned char *);
-
-static void rq_encoderounded(unsigned char *,const modq *);
-
-static void rq_decoderounded(modq *,const unsigned char *);
-
-static void rq_round3(modq *,const modq *);
-
-static void rq_mult(modq *,const modq *,const small *);
-
-int rq_recip3(modq *,const small *);
-
-#endif
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.h */
-#ifndef swap_h
-#define swap_h
-
-static void swap(void *,void *,int,int);
-
-#endif
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/dec.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-#ifdef KAT
-#endif
-
-
-int crypto_kem_sntrup4591761_dec(
-  unsigned char *k,
-  const unsigned char *cstr,
-  const unsigned char *sk
-)
-{
-  small f[p];
-  modq h[p];
-  small grecip[p];
-  modq c[p];
-  modq t[p];
-  small t3[p];
-  small r[p];
-  modq hr[p];
-  unsigned char rstr[small_encode_len];
-  unsigned char hash[64];
-  int i;
-  int result = 0;
-  int weight;
-
-  small_decode(f,sk);
-  small_decode(grecip,sk + small_encode_len);
-  rq_decode(h,sk + 2 * small_encode_len);
-
-  rq_decoderounded(c,cstr + 32);
-
-  rq_mult(t,c,f);
-  for (i = 0;i < p;++i) t3[i] = mod3_freeze(modq_freeze(3*t[i]));
-
-  r3_mult(r,t3,grecip);
-
-#ifdef KAT
-  {
-    int j;
-    printf("decrypt r:");
-    for (j = 0;j < p;++j)
-      if (r[j] == 1) printf(" +%d",j);
-      else if (r[j] == -1) printf(" -%d",j);
-    printf("\n");
-  }
-#endif
-
-  weight = 0;
-  for (i = 0;i < p;++i) weight += (1 & r[i]);
-  weight -= w;
-  result |= modq_nonzero_mask(weight); /* XXX: puts limit on p */
-
-  rq_mult(hr,h,r);
-  rq_round3(hr,hr);
-  for (i = 0;i < p;++i) result |= modq_nonzero_mask(hr[i] - c[i]);
-
-  small_encode(rstr,r);
-  crypto_hash_sha512(hash,rstr,sizeof rstr);
-  result |= crypto_verify_32(hash,cstr);
-
-  for (i = 0;i < 32;++i) k[i] = (hash[32 + i] & ~result);
-  return result;
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/enc.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-#ifdef KAT
-#endif
-
-
-int crypto_kem_sntrup4591761_enc(
-  unsigned char *cstr,
-  unsigned char *k,
-  const unsigned char *pk
-)
-{
-  small r[p];
-  modq h[p];
-  modq c[p];
-  unsigned char rstr[small_encode_len];
-  unsigned char hash[64];
-
-  small_random_weightw(r);
-
-#ifdef KAT
-  {
-    int i;
-    printf("encrypt r:");
-    for (i = 0;i < p;++i)
-      if (r[i] == 1) printf(" +%d",i);
-      else if (r[i] == -1) printf(" -%d",i);
-    printf("\n");
-  }
-#endif
-
-  small_encode(rstr,r);
-  crypto_hash_sha512(hash,rstr,sizeof rstr);
-
-  rq_decode(h,pk);
-  rq_mult(c,h,r);
-  rq_round3(c,c);
-
-  memcpy(k,hash + 32,32);
-  memcpy(cstr,hash,32);
-  rq_encoderounded(cstr + 32,c);
-
-  return 0;
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/keypair.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-#if crypto_kem_sntrup4591761_PUBLICKEYBYTES != rq_encode_len
-#error "crypto_kem_sntrup4591761_PUBLICKEYBYTES must match rq_encode_len"
-#endif
-#if crypto_kem_sntrup4591761_SECRETKEYBYTES != rq_encode_len + 2 * small_encode_len
-#error "crypto_kem_sntrup4591761_SECRETKEYBYTES must match rq_encode_len + 2 * small_encode_len"
-#endif
-
-int crypto_kem_sntrup4591761_keypair(unsigned char *pk,unsigned char *sk)
-{
-  small g[p];
-  small grecip[p];
-  small f[p];
-  modq f3recip[p];
-  modq h[p];
-
-  do
-    small_random(g);
-  while (r3_recip(grecip,g) != 0);
-
-  small_random_weightw(f);
-  rq_recip3(f3recip,f);
-
-  rq_mult(h,f3recip,g);
-
-  rq_encode(pk,h);
-  small_encode(sk,f);
-  small_encode(sk + small_encode_len,grecip);
-  memcpy(sk + 2 * small_encode_len,pk,rq_encode_len);
-
-  return 0;
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_mult.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-static void r3_mult(small *h,const small *f,const small *g)
-{
-  small fg[p + p - 1];
-  small result;
-  int i, j;
-
-  for (i = 0;i < p;++i) {
-    result = 0;
-    for (j = 0;j <= i;++j)
-      result = mod3_plusproduct(result,f[j],g[i - j]);
-    fg[i] = result;
-  }
-  for (i = p;i < p + p - 1;++i) {
-    result = 0;
-    for (j = i - p + 1;j < p;++j)
-      result = mod3_plusproduct(result,f[j],g[i - j]);
-    fg[i] = result;
-  }
-
-  for (i = p + p - 2;i >= p;--i) {
-    fg[i - p] = mod3_sum(fg[i - p],fg[i]);
-    fg[i - p + 1] = mod3_sum(fg[i - p + 1],fg[i]);
-  }
-
-  for (i = 0;i < p;++i)
-    h[i] = fg[i];
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_recip.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-/* caller must ensure that x-y does not overflow */
-static int smaller_mask_r3_recip(int x,int y)
-{
-  return (x - y) >> 31;
-}
-
-static void vectormod3_product(small *z,int len,const small *x,const small c)
-{
-  int i;
-  for (i = 0;i < len;++i) z[i] = mod3_product(x[i],c);
-}
-
-static void vectormod3_minusproduct(small *z,int len,const small *x,const small *y,const small c)
-{
-  int i;
-  for (i = 0;i < len;++i) z[i] = mod3_minusproduct(x[i],y[i],c);
-}
-
-static void vectormod3_shift(small *z,int len)
-{
-  int i;
-  for (i = len - 1;i > 0;--i) z[i] = z[i - 1];
-  z[0] = 0;
-}
-
-/*
-r = s^(-1) mod m, returning 0, if s is invertible mod m
-or returning -1 if s is not invertible mod m
-r,s are polys of degree <p
-m is x^p-x-1
-*/
-int r3_recip(small *r,const small *s)
-{
-  const int loops = 2*p + 1;
-  int loop;
-  small f[p + 1]; 
-  small g[p + 1]; 
-  small u[2*p + 2];
-  small v[2*p + 2];
-  small c;
-  int i;
-  int d = p;
-  int e = p;
-  int swapmask;
-
-  for (i = 2;i < p;++i) f[i] = 0;
-  f[0] = -1;
-  f[1] = -1;
-  f[p] = 1;
-  /* generalization: can initialize f to any polynomial m */
-  /* requirements: m has degree exactly p, nonzero constant coefficient */
-
-  for (i = 0;i < p;++i) g[i] = s[i];
-  g[p] = 0;
-
-  for (i = 0;i <= loops;++i) u[i] = 0;
-
-  v[0] = 1;
-  for (i = 1;i <= loops;++i) v[i] = 0;
-
-  loop = 0;
-  for (;;) {
-    /* e == -1 or d + e + loop <= 2*p */
-
-    /* f has degree p: i.e., f[p]!=0 */
-    /* f[i]==0 for i < p-d */
-
-    /* g has degree <=p (so it fits in p+1 coefficients) */
-    /* g[i]==0 for i < p-e */
-
-    /* u has degree <=loop (so it fits in loop+1 coefficients) */
-    /* u[i]==0 for i < p-d */
-    /* if invertible: u[i]==0 for i < loop-p (so can look at just p+1 coefficients) */
-
-    /* v has degree <=loop (so it fits in loop+1 coefficients) */
-    /* v[i]==0 for i < p-e */
-    /* v[i]==0 for i < loop-p (so can look at just p+1 coefficients) */
-
-    if (loop >= loops) break;
-
-    c = mod3_quotient(g[p],f[p]);
-
-    vectormod3_minusproduct(g,p + 1,g,f,c);
-    vectormod3_shift(g,p + 1);
-
-#ifdef SIMPLER
-    vectormod3_minusproduct(v,loops + 1,v,u,c);
-    vectormod3_shift(v,loops + 1);
-#else
-    if (loop < p) {
-      vectormod3_minusproduct(v,loop + 1,v,u,c);
-      vectormod3_shift(v,loop + 2);
-    } else {
-      vectormod3_minusproduct(v + loop - p,p + 1,v + loop - p,u + loop - p,c);
-      vectormod3_shift(v + loop - p,p + 2);
-    }
-#endif
-
-    e -= 1;
-
-    ++loop;
-
-    swapmask = smaller_mask_r3_recip(e,d) & mod3_nonzero_mask(g[p]);
-    swap(&e,&d,sizeof e,swapmask);
-    swap(f,g,(p + 1) * sizeof(small),swapmask);
-
-#ifdef SIMPLER
-    swap(u,v,(loops + 1) * sizeof(small),swapmask);
-#else
-    if (loop < p) {
-      swap(u,v,(loop + 1) * sizeof(small),swapmask);
-    } else {
-      swap(u + loop - p,v + loop - p,(p + 1) * sizeof(small),swapmask);
-    }
-#endif
-  }
-
-  c = mod3_reciprocal(f[p]);
-  vectormod3_product(r,p,u + p,c);
-  return smaller_mask_r3_recip(0,d);
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomsmall.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-static void small_random(small *g)
-{
-  int i;
-
-  for (i = 0;i < p;++i) {
-    crypto_uint32 r = small_random32();
-    g[i] = (small) (((1073741823 & r) * 3) >> 30) - 1;
-  }
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomweightw.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-static void small_random_weightw(small *f)
-{
-  crypto_int32 r[p];
-  int i;
-
-  for (i = 0;i < p;++i) r[i] = small_random32();
-  for (i = 0;i < w;++i) r[i] &= -2;
-  for (i = w;i < p;++i) r[i] = (r[i] & -3) | 1;
-  int32_sort(r,p);
-  for (i = 0;i < p;++i) f[i] = ((small) (r[i] & 3)) - 1;
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-static void rq_encode(unsigned char *c,const modq *f)
-{
-  crypto_int32 f0, f1, f2, f3, f4;
-  int i;
-
-  for (i = 0;i < p/5;++i) {
-    f0 = *f++ + qshift;
-    f1 = *f++ + qshift;
-    f2 = *f++ + qshift;
-    f3 = *f++ + qshift;
-    f4 = *f++ + qshift;
-    /* now want f0 + 6144*f1 + ... as a 64-bit integer */
-    f1 *= 3;
-    f2 *= 9;
-    f3 *= 27;
-    f4 *= 81;
-    /* now want f0 + f1<<11 + f2<<22 + f3<<33 + f4<<44 */
-    f0 += f1 << 11;
-    *c++ = f0; f0 >>= 8;
-    *c++ = f0; f0 >>= 8;
-    f0 += f2 << 6;
-    *c++ = f0; f0 >>= 8;
-    *c++ = f0; f0 >>= 8;
-    f0 += f3 << 1;
-    *c++ = f0; f0 >>= 8;
-    f0 += f4 << 4;
-    *c++ = f0; f0 >>= 8;
-    *c++ = f0; f0 >>= 8;
-    *c++ = f0;
-  }
-  /* XXX: using p mod 5 = 1 */
-  f0 = *f++ + qshift;
-  *c++ = f0; f0 >>= 8;
-  *c++ = f0;
-}
-
-static void rq_decode(modq *f,const unsigned char *c)
-{
-  crypto_uint32 c0, c1, c2, c3, c4, c5, c6, c7;
-  crypto_uint32 f0, f1, f2, f3, f4;
-  int i;
-
-  for (i = 0;i < p/5;++i) {
-    c0 = *c++;
-    c1 = *c++;
-    c2 = *c++;
-    c3 = *c++;
-    c4 = *c++;
-    c5 = *c++;
-    c6 = *c++;
-    c7 = *c++;
-
-    /* f0 + f1*6144 + f2*6144^2 + f3*6144^3 + f4*6144^4 */
-    /* = c0 + c1*256 + ... + c6*256^6 + c7*256^7 */
-    /* with each f between 0 and 4590 */
-
-    c6 += c7 << 8;
-    /* c6 <= 23241 = floor(4591*6144^4/2^48) */
-    /* f4 = (16/81)c6 + (1/1296)(c5+[0,1]) - [0,0.75] */
-    /* claim: 2^19 f4 < x < 2^19(f4+1) */
-    /* where x = 103564 c6 + 405(c5+1) */
-    /* proof: x - 2^19 f4 = (76/81)c6 + (37/81)c5 + 405 - (32768/81)[0,1] + 2^19[0,0.75] */
-    /* at least 405 - 32768/81 > 0 */
-    /* at most (76/81)23241 + (37/81)255 + 405 + 2^19 0.75 < 2^19 */
-    f4 = (103564*c6 + 405*(c5+1)) >> 19;
-
-    c5 += c6 << 8;
-    c5 -= (f4 * 81) << 4;
-    c4 += c5 << 8;
-
-    /* f0 + f1*6144 + f2*6144^2 + f3*6144^3 */
-    /* = c0 + c1*256 + c2*256^2 + c3*256^3 + c4*256^4 */
-    /* c4 <= 247914 = floor(4591*6144^3/2^32) */
-    /* f3 = (1/54)(c4+[0,1]) - [0,0.75] */
-    /* claim: 2^19 f3 < x < 2^19(f3+1) */
-    /* where x = 9709(c4+2) */
-    /* proof: x - 2^19 f3 = 19418 - (1/27)c4 - (262144/27)[0,1] + 2^19[0,0.75] */
-    /* at least 19418 - 247914/27 - 262144/27 > 0 */
-    /* at most 19418 + 2^19 0.75 < 2^19 */
-    f3 = (9709*(c4+2)) >> 19;
-
-    c4 -= (f3 * 27) << 1;
-    c3 += c4 << 8;
-    /* f0 + f1*6144 + f2*6144^2 */
-    /* = c0 + c1*256 + c2*256^2 + c3*256^3 */
-    /* c3 <= 10329 = floor(4591*6144^2/2^24) */
-    /* f2 = (4/9)c3 + (1/576)c2 + (1/147456)c1 + (1/37748736)c0 - [0,0.75] */
-    /* claim: 2^19 f2 < x < 2^19(f2+1) */
-    /* where x = 233017 c3 + 910(c2+2) */
-    /* proof: x - 2^19 f2 = 1820 + (1/9)c3 - (2/9)c2 - (32/9)c1 - (1/72)c0 + 2^19[0,0.75] */
-    /* at least 1820 - (2/9)255 - (32/9)255 - (1/72)255 > 0 */
-    /* at most 1820 + (1/9)10329 + 2^19 0.75 < 2^19 */
-    f2 = (233017*c3 + 910*(c2+2)) >> 19;
-
-    c2 += c3 << 8;
-    c2 -= (f2 * 9) << 6;
-    c1 += c2 << 8;
-    /* f0 + f1*6144 */
-    /* = c0 + c1*256 */
-    /* c1 <= 110184 = floor(4591*6144/2^8) */
-    /* f1 = (1/24)c1 + (1/6144)c0 - (1/6144)f0 */
-    /* claim: 2^19 f1 < x < 2^19(f1+1) */
-    /* where x = 21845(c1+2) + 85 c0 */
-    /* proof: x - 2^19 f1 = 43690 - (1/3)c1 - (1/3)c0 + 2^19 [0,0.75] */
-    /* at least 43690 - (1/3)110184 - (1/3)255 > 0 */
-    /* at most 43690 + 2^19 0.75 < 2^19 */
-    f1 = (21845*(c1+2) + 85*c0) >> 19;
-
-    c1 -= (f1 * 3) << 3;
-    c0 += c1 << 8;
-    f0 = c0;
-
-    *f++ = modq_freeze(f0 + q - qshift);
-    *f++ = modq_freeze(f1 + q - qshift);
-    *f++ = modq_freeze(f2 + q - qshift);
-    *f++ = modq_freeze(f3 + q - qshift);
-    *f++ = modq_freeze(f4 + q - qshift);
-  }
-
-  c0 = *c++;
-  c1 = *c++;
-  c0 += c1 << 8;
-  *f++ = modq_freeze(c0 + q - qshift);
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_mult.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-static void rq_mult(modq *h,const modq *f,const small *g)
-{
-  modq fg[p + p - 1];
-  modq result;
-  int i, j;
-
-  for (i = 0;i < p;++i) {
-    result = 0;
-    for (j = 0;j <= i;++j)
-      result = modq_plusproduct(result,f[j],g[i - j]);
-    fg[i] = result;
-  }
-  for (i = p;i < p + p - 1;++i) {
-    result = 0;
-    for (j = i - p + 1;j < p;++j)
-      result = modq_plusproduct(result,f[j],g[i - j]);
-    fg[i] = result;
-  }
-
-  for (i = p + p - 2;i >= p;--i) {
-    fg[i - p] = modq_sum(fg[i - p],fg[i]);
-    fg[i - p + 1] = modq_sum(fg[i - p + 1],fg[i]);
-  }
-
-  for (i = 0;i < p;++i)
-    h[i] = fg[i];
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_recip3.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-/* caller must ensure that x-y does not overflow */
-static int smaller_mask_rq_recip3(int x,int y)
-{
-  return (x - y) >> 31;
-}
-
-static void vectormodq_product(modq *z,int len,const modq *x,const modq c)
-{
-  int i;
-  for (i = 0;i < len;++i) z[i] = modq_product(x[i],c);
-}
-
-static void vectormodq_minusproduct(modq *z,int len,const modq *x,const modq *y,const modq c)
-{
-  int i;
-  for (i = 0;i < len;++i) z[i] = modq_minusproduct(x[i],y[i],c);
-}
-
-static void vectormodq_shift(modq *z,int len)
-{
-  int i;
-  for (i = len - 1;i > 0;--i) z[i] = z[i - 1];
-  z[0] = 0;
-}
-
-/*
-r = (3s)^(-1) mod m, returning 0, if s is invertible mod m
-or returning -1 if s is not invertible mod m
-r,s are polys of degree <p
-m is x^p-x-1
-*/
-int rq_recip3(modq *r,const small *s)
-{
-  const int loops = 2*p + 1;
-  int loop;
-  modq f[p + 1]; 
-  modq g[p + 1]; 
-  modq u[2*p + 2];
-  modq v[2*p + 2];
-  modq c;
-  int i;
-  int d = p;
-  int e = p;
-  int swapmask;
-
-  for (i = 2;i < p;++i) f[i] = 0;
-  f[0] = -1;
-  f[1] = -1;
-  f[p] = 1;
-  /* generalization: can initialize f to any polynomial m */
-  /* requirements: m has degree exactly p, nonzero constant coefficient */
-
-  for (i = 0;i < p;++i) g[i] = 3 * s[i];
-  g[p] = 0;
-
-  for (i = 0;i <= loops;++i) u[i] = 0;
-
-  v[0] = 1;
-  for (i = 1;i <= loops;++i) v[i] = 0;
-
-  loop = 0;
-  for (;;) {
-    /* e == -1 or d + e + loop <= 2*p */
-
-    /* f has degree p: i.e., f[p]!=0 */
-    /* f[i]==0 for i < p-d */
-
-    /* g has degree <=p (so it fits in p+1 coefficients) */
-    /* g[i]==0 for i < p-e */
-
-    /* u has degree <=loop (so it fits in loop+1 coefficients) */
-    /* u[i]==0 for i < p-d */
-    /* if invertible: u[i]==0 for i < loop-p (so can look at just p+1 coefficients) */
-
-    /* v has degree <=loop (so it fits in loop+1 coefficients) */
-    /* v[i]==0 for i < p-e */
-    /* v[i]==0 for i < loop-p (so can look at just p+1 coefficients) */
-
-    if (loop >= loops) break;
-
-    c = modq_quotient(g[p],f[p]);
-
-    vectormodq_minusproduct(g,p + 1,g,f,c);
-    vectormodq_shift(g,p + 1);
-
-#ifdef SIMPLER
-    vectormodq_minusproduct(v,loops + 1,v,u,c);
-    vectormodq_shift(v,loops + 1);
-#else
-    if (loop < p) {
-      vectormodq_minusproduct(v,loop + 1,v,u,c);
-      vectormodq_shift(v,loop + 2);
-    } else {
-      vectormodq_minusproduct(v + loop - p,p + 1,v + loop - p,u + loop - p,c);
-      vectormodq_shift(v + loop - p,p + 2);
-    }
-#endif
-
-    e -= 1;
-
-    ++loop;
-
-    swapmask = smaller_mask_rq_recip3(e,d) & modq_nonzero_mask(g[p]);
-    swap(&e,&d,sizeof e,swapmask);
-    swap(f,g,(p + 1) * sizeof(modq),swapmask);
-
-#ifdef SIMPLER
-    swap(u,v,(loops + 1) * sizeof(modq),swapmask);
-#else
-    if (loop < p) {
-      swap(u,v,(loop + 1) * sizeof(modq),swapmask);
-    } else {
-      swap(u + loop - p,v + loop - p,(p + 1) * sizeof(modq),swapmask);
-    }
-#endif
-  }
-
-  c = modq_reciprocal(f[p]);
-  vectormodq_product(r,p,u + p,c);
-  return smaller_mask_rq_recip3(0,d);
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_round3.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-static void rq_round3(modq *h,const modq *f)
-{
-  int i;
-
-  for (i = 0;i < p;++i)
-    h[i] = ((21846 * (f[i] + 2295) + 32768) >> 16) * 3 - 2295;
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_rounded.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-static void rq_encoderounded(unsigned char *c,const modq *f)
-{
-  crypto_int32 f0, f1, f2;
-  int i;
-
-  for (i = 0;i < p/3;++i) {
-    f0 = *f++ + qshift;
-    f1 = *f++ + qshift;
-    f2 = *f++ + qshift;
-    f0 = (21846 * f0) >> 16;
-    f1 = (21846 * f1) >> 16;
-    f2 = (21846 * f2) >> 16;
-    /* now want f0 + f1*1536 + f2*1536^2 as a 32-bit integer */
-    f2 *= 3;
-    f1 += f2 << 9;
-    f1 *= 3;
-    f0 += f1 << 9;
-    *c++ = f0; f0 >>= 8;
-    *c++ = f0; f0 >>= 8;
-    *c++ = f0; f0 >>= 8;
-    *c++ = f0;
-  }
-  /* XXX: using p mod 3 = 2 */
-  f0 = *f++ + qshift;
-  f1 = *f++ + qshift;
-  f0 = (21846 * f0) >> 16;
-  f1 = (21846 * f1) >> 16;
-  f1 *= 3;
-  f0 += f1 << 9;
-  *c++ = f0; f0 >>= 8;
-  *c++ = f0; f0 >>= 8;
-  *c++ = f0;
-}
-
-static void rq_decoderounded(modq *f,const unsigned char *c)
-{
-  crypto_uint32 c0, c1, c2, c3;
-  crypto_uint32 f0, f1, f2;
-  int i;
-
-  for (i = 0;i < p/3;++i) {
-    c0 = *c++;
-    c1 = *c++;
-    c2 = *c++;
-    c3 = *c++;
-
-    /* f0 + f1*1536 + f2*1536^2 */
-    /* = c0 + c1*256 + c2*256^2 + c3*256^3 */
-    /* with each f between 0 and 1530 */
-
-    /* f2 = (64/9)c3 + (1/36)c2 + (1/9216)c1 + (1/2359296)c0 - [0,0.99675] */
-    /* claim: 2^21 f2 < x < 2^21(f2+1) */
-    /* where x = 14913081*c3 + 58254*c2 + 228*(c1+2) */
-    /* proof: x - 2^21 f2 = 456 - (8/9)c0 + (4/9)c1 - (2/9)c2 + (1/9)c3 + 2^21 [0,0.99675] */
-    /* at least 456 - (8/9)255 - (2/9)255 > 0 */
-    /* at most 456 + (4/9)255 + (1/9)255 + 2^21 0.99675 < 2^21 */
-    f2 = (14913081*c3 + 58254*c2 + 228*(c1+2)) >> 21;
-
-    c2 += c3 << 8;
-    c2 -= (f2 * 9) << 2;
-    /* f0 + f1*1536 */
-    /* = c0 + c1*256 + c2*256^2 */
-    /* c2 <= 35 = floor((1530+1530*1536)/256^2) */
-    /* f1 = (128/3)c2 + (1/6)c1 + (1/1536)c0 - (1/1536)f0 */
-    /* claim: 2^21 f1 < x < 2^21(f1+1) */
-    /* where x = 89478485*c2 + 349525*c1 + 1365*(c0+1) */
-    /* proof: x - 2^21 f1 = 1365 - (1/3)c2 - (1/3)c1 - (1/3)c0 + (4096/3)f0 */
-    /* at least 1365 - (1/3)35 - (1/3)255 - (1/3)255 > 0 */
-    /* at most 1365 + (4096/3)1530 < 2^21 */
-    f1 = (89478485*c2 + 349525*c1 + 1365*(c0+1)) >> 21;
-
-    c1 += c2 << 8;
-    c1 -= (f1 * 3) << 1;
-
-    c0 += c1 << 8;
-    f0 = c0;
-
-    *f++ = modq_freeze(f0 * 3 + q - qshift);
-    *f++ = modq_freeze(f1 * 3 + q - qshift);
-    *f++ = modq_freeze(f2 * 3 + q - qshift);
-  }
-
-  c0 = *c++;
-  c1 = *c++;
-  c2 = *c++;
-
-  f1 = (89478485*c2 + 349525*c1 + 1365*(c0+1)) >> 21;
-
-  c1 += c2 << 8;
-  c1 -= (f1 * 3) << 1;
-
-  c0 += c1 << 8;
-  f0 = c0;
-
-  *f++ = modq_freeze(f0 * 3 + q - qshift);
-  *f++ = modq_freeze(f1 * 3 + q - qshift);
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-/* XXX: these functions rely on p mod 4 = 1 */
-
-/* all coefficients in -1, 0, 1 */
-static void small_encode(unsigned char *c,const small *f)
-{
-  small c0;
-  int i;
-
-  for (i = 0;i < p/4;++i) {
-    c0 = *f++ + 1;
-    c0 += (*f++ + 1) << 2;
-    c0 += (*f++ + 1) << 4;
-    c0 += (*f++ + 1) << 6;
-    *c++ = c0;
-  }
-  c0 = *f++ + 1;
-  *c++ = c0;
-}
-
-static void small_decode(small *f,const unsigned char *c)
-{
-  unsigned char c0;
-  int i;
-
-  for (i = 0;i < p/4;++i) {
-    c0 = *c++;
-    *f++ = ((small) (c0 & 3)) - 1; c0 >>= 2;
-    *f++ = ((small) (c0 & 3)) - 1; c0 >>= 2;
-    *f++ = ((small) (c0 & 3)) - 1; c0 >>= 2;
-    *f++ = ((small) (c0 & 3)) - 1;
-  }
-  c0 = *c++;
-  *f++ = ((small) (c0 & 3)) - 1;
-}
-
-/* from libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.c */
-/* See https://ntruprime.cr.yp.to/software.html for detailed documentation. */
-
-
-static void swap(void *x,void *y,int bytes,int mask)
-{
-  int i;
-  char xi, yi, c, t;
-
-  c = mask;
-  
-  for (i = 0;i < bytes;++i) {
-    xi = i[(char *) x];
-    yi = i[(char *) y];
-    t = c & (xi ^ yi);
-    xi ^= t;
-    yi ^= t;
-    i[(char *) x] = xi;
-    i[(char *) y] = yi;
-  }
-}
-

sntrup4591761.sh

diff --git a/sntrup4591761.sh b/sntrup4591761.sh
deleted file mode 100644
index e684c33..0000000
--- a/sntrup4591761.sh
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/sh
-#       $OpenBSD: sntrup4591761.sh,v 1.3 2019/01/30 19:51:15 markus Exp $
-#       Placed in the Public Domain.
-#
-AUTHOR="libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/implementors"
-FILES="
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.h
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/int32_sort.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.h
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/mod3.h
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/modq.h
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/params.h
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3.h
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.h
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.h
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/dec.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/enc.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/keypair.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_mult.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/r3_recip.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomsmall.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/randomweightw.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_mult.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_recip3.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_round3.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/rq_rounded.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/small.c
-	libpqcrypto-20180314/crypto_kem/sntrup4591761/ref/swap.c
-"
-###
-
-set -e
-cd $1
-echo -n '/*  $'
-echo 'OpenBSD: $ */'
-echo
-echo '/*'
-echo ' * Public Domain, Authors:'
-sed -e '/Alphabetical order:/d' -e 's/^/ * - /' < $AUTHOR
-echo ' */'
-echo
-echo '#include <string.h>'
-echo '#include "crypto_api.h"'
-echo
-for i in $FILES; do
-	echo "/* from $i */"
-	b=$(basename $i .c)
-	grep \
-	   -v '#include' $i | \
-	   grep -v "extern crypto_int32 small_random32" |
-	   sed -e "s/crypto_kem_/crypto_kem_sntrup4591761_/g" \
-		-e "s/smaller_mask/smaller_mask_${b}/g" \
-		-e "s/^extern void /static void /" \
-		-e "s/^void /static void /"
-	echo
-done

sntrup761.c

diff --git a/sntrup761.c b/sntrup761.c
new file mode 100644
index 0000000..c63e600
--- /dev/null
+++ b/sntrup761.c
@@ -0,0 +1,1273 @@
+/*  $OpenBSD: sntrup761.c,v 1.5 2021/01/08 02:33:13 dtucker Exp $ */
+
+/*
+ * Public Domain, Authors:
+ * - Daniel J. Bernstein
+ * - Chitchanok Chuengsatiansup
+ * - Tanja Lange
+ * - Christine van Vredendaal
+ */
+
+#include "includes.h"
+
+#ifdef USE_SNTRUP761X25519
+
+#include <string.h>
+#include "crypto_api.h"
+
+#define int8 crypto_int8
+#define uint8 crypto_uint8
+#define int16 crypto_int16
+#define uint16 crypto_uint16
+#define int32 crypto_int32
+#define uint32 crypto_uint32
+#define int64 crypto_int64
+#define uint64 crypto_uint64
+
+/* from supercop-20201130/crypto_sort/int32/portable4/int32_minmax.inc */
+#define int32_MINMAX(a,b) \
+do { \
+  int64_t ab = (int64_t)b ^ (int64_t)a; \
+  int64_t c = (int64_t)b - (int64_t)a; \
+  c ^= ab & (c ^ b); \
+  c >>= 31; \
+  c &= ab; \
+  a ^= c; \
+  b ^= c; \
+} while(0)
+
+/* from supercop-20201130/crypto_sort/int32/portable4/sort.c */
+
+
+static void crypto_sort_int32(void *array,long long n)
+{
+  long long top,p,q,r,i,j;
+  int32 *x = array;
+
+  if (n < 2) return;
+  top = 1;
+  while (top < n - top) top += top;
+
+  for (p = top;p >= 1;p >>= 1) {
+    i = 0;
+    while (i + 2 * p <= n) {
+      for (j = i;j < i + p;++j)
+        int32_MINMAX(x[j],x[j+p]);
+      i += 2 * p;
+    }
+    for (j = i;j < n - p;++j)
+      int32_MINMAX(x[j],x[j+p]);
+
+    i = 0;
+    j = 0;
+    for (q = top;q > p;q >>= 1) {
+      if (j != i) for (;;) {
+        if (j == n - q) goto done;
+        int32 a = x[j + p];
+        for (r = q;r > p;r >>= 1)
+          int32_MINMAX(a,x[j + r]);
+        x[j + p] = a;
+        ++j;
+        if (j == i + p) {
+          i += 2 * p;
+          break;
+        }
+      }
+      while (i + p <= n - q) {
+        for (j = i;j < i + p;++j) {
+          int32 a = x[j + p];
+          for (r = q;r > p;r >>= 1)
+            int32_MINMAX(a,x[j+r]);
+          x[j + p] = a;
+        }
+        i += 2 * p;
+      }
+      /* now i + p > n - q */
+      j = i;
+      while (j < n - q) {
+        int32 a = x[j + p];
+        for (r = q;r > p;r >>= 1)
+          int32_MINMAX(a,x[j+r]);
+        x[j + p] = a;
+        ++j;
+      }
+
+      done: ;
+    }
+  }
+}
+
+/* from supercop-20201130/crypto_sort/uint32/useint32/sort.c */
+
+/* can save time by vectorizing xor loops */
+/* can save time by integrating xor loops with int32_sort */
+
+static void crypto_sort_uint32(void *array,long long n)
+{
+  crypto_uint32 *x = array;
+  long long j;
+  for (j = 0;j < n;++j) x[j] ^= 0x80000000;
+  crypto_sort_int32(array,n);
+  for (j = 0;j < n;++j) x[j] ^= 0x80000000;
+}
+
+/* from supercop-20201130/crypto_kem/sntrup761/ref/uint32.c */
+
+/*
+CPU division instruction typically takes time depending on x.
+This software is designed to take time independent of x.
+Time still varies depending on m; user must ensure that m is constant.
+Time also varies on CPUs where multiplication is variable-time.
+There could be more CPU issues.
+There could also be compiler issues. 
+*/
+
+static void uint32_divmod_uint14(uint32 *q,uint16 *r,uint32 x,uint16 m)
+{
+  uint32 v = 0x80000000;
+  uint32 qpart;
+  uint32 mask;
+
+  v /= m;
+
+  /* caller guarantees m > 0 */
+  /* caller guarantees m < 16384 */
+  /* vm <= 2^31 <= vm+m-1 */
+  /* xvm <= 2^31 x <= xvm+x(m-1) */
+
+  *q = 0;
+
+  qpart = (x*(uint64)v)>>31;
+  /* 2^31 qpart <= xv <= 2^31 qpart + 2^31-1 */
+  /* 2^31 qpart m <= xvm <= 2^31 qpart m + (2^31-1)m */
+  /* 2^31 qpart m <= 2^31 x <= 2^31 qpart m + (2^31-1)m + x(m-1) */
+  /* 0 <= 2^31 newx <= (2^31-1)m + x(m-1) */
+  /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */
+  /* 0 <= newx <= (1-1/2^31)(2^14-1) + (2^32-1)((2^14-1)-1)/2^31 */
+
+  x -= qpart*m; *q += qpart;
+  /* x <= 49146 */
+
+  qpart = (x*(uint64)v)>>31;
+  /* 0 <= newx <= (1-1/2^31)m + x(m-1)/2^31 */
+  /* 0 <= newx <= m + 49146(2^14-1)/2^31 */
+  /* 0 <= newx <= m + 0.4 */
+  /* 0 <= newx <= m */
+
+  x -= qpart*m; *q += qpart;
+  /* x <= m */
+
+  x -= m; *q += 1;
+  mask = -(x>>31);
+  x += mask&(uint32)m; *q += mask;
+  /* x < m */
+
+  *r = x;
+}
+
+
+static uint16 uint32_mod_uint14(uint32 x,uint16 m)
+{
+  uint32 q;
+  uint16 r;
+  uint32_divmod_uint14(&q,&r,x,m);
+  return r;
+}
+
+/* from supercop-20201130/crypto_kem/sntrup761/ref/int32.c */
+
+static void int32_divmod_uint14(int32 *q,uint16 *r,int32 x,uint16 m)
+{
+  uint32 uq,uq2;
+  uint16 ur,ur2;
+  uint32 mask;
+
+  uint32_divmod_uint14(&uq,&ur,0x80000000+(uint32)x,m);
+  uint32_divmod_uint14(&uq2,&ur2,0x80000000,m);
+  ur -= ur2; uq -= uq2;
+  mask = -(uint32)(ur>>15);
+  ur += mask&m; uq += mask;
+  *r = ur; *q = uq;
+}
+
+
+static uint16 int32_mod_uint14(int32 x,uint16 m)
+{
+  int32 q;
+  uint16 r;
+  int32_divmod_uint14(&q,&r,x,m);
+  return r;
+}
+
+/* from supercop-20201130/crypto_kem/sntrup761/ref/paramsmenu.h */
+/* pick one of these three: */
+#define SIZE761
+#undef SIZE653
+#undef SIZE857
+
+/* pick one of these two: */
+#define SNTRUP /* Streamlined NTRU Prime */
+#undef LPR /* NTRU LPRime */
+
+/* from supercop-20201130/crypto_kem/sntrup761/ref/params.h */
+#ifndef params_H
+#define params_H
+
+/* menu of parameter choices: */
+
+
+/* what the menu means: */
+
+#if defined(SIZE761)
+#define p 761
+#define q 4591
+#define Rounded_bytes 1007
+#ifndef LPR
+#define Rq_bytes 1158
+#define w 286
+#else
+#define w 250
+#define tau0 2156
+#define tau1 114
+#define tau2 2007
+#define tau3 287
+#endif
+
+#elif defined(SIZE653)
+#define p 653
+#define q 4621
+#define Rounded_bytes 865
+#ifndef LPR
+#define Rq_bytes 994
+#define w 288
+#else
+#define w 252
+#define tau0 2175
+#define tau1 113
+#define tau2 2031
+#define tau3 290
+#endif
+
+#elif defined(SIZE857)
+#define p 857
+#define q 5167
+#define Rounded_bytes 1152
+#ifndef LPR
+#define Rq_bytes 1322
+#define w 322
+#else
+#define w 281
+#define tau0 2433
+#define tau1 101
+#define tau2 2265
+#define tau3 324
+#endif
+
+#else
+#error "no parameter set defined"
+#endif
+
+#ifdef LPR
+#define I 256
+#endif
+
+#endif
+
+/* from supercop-20201130/crypto_kem/sntrup761/ref/Decode.h */
+#ifndef Decode_H
+#define Decode_H
+
+
+/* Decode(R,s,M,len) */
+/* assumes 0 < M[i] < 16384 */
+/* produces 0 <= R[i] < M[i] */
+
+#endif
+
+/* from supercop-20201130/crypto_kem/sntrup761/ref/Decode.c */
+
+static void Decode(uint16 *out,const unsigned char *S,const uint16 *M,long long len)
+{
+  if (len == 1) {
+    if (M[0] == 1)
+      *out = 0;
+    else if (M[0] <= 256)
+      *out = uint32_mod_uint14(S[0],M[0]);
+    else
+      *out = uint32_mod_uint14(S[0]+(((uint16)S[1])<<8),M[0]);
+  }
+  if (len > 1) {
+    uint16 R2[(len+1)/2];
+    uint16 M2[(len+1)/2];
+    uint16 bottomr[len/2];
+    uint32 bottomt[len/2];
+    long long i;
+    for (i = 0;i < len-1;i += 2) {
+      uint32 m = M[i]*(uint32) M[i+1];
+      if (m > 256*16383) {
+        bottomt[i/2] = 256*256;
+        bottomr[i/2] = S[0]+256*S[1];
+        S += 2;
+        M2[i/2] = (((m+255)>>8)+255)>>8;
+      } else if (m >= 16384) {
+        bottomt[i/2] = 256;
+        bottomr[i/2] = S[0];
+        S += 1;
+        M2[i/2] = (m+255)>>8;
+      } else {
+        bottomt[i/2] = 1;
+        bottomr[i/2] = 0;
+        M2[i/2] = m;
+      }
+    }
+    if (i < len)
+      M2[i/2] = M[i];
+    Decode(R2,S,M2,(len+1)/2);
+    for (i = 0;i < len-1;i += 2) {
+      uint32 r = bottomr[i/2];
+      uint32 r1;
+      uint16 r0;
+      r += bottomt[i/2]*R2[i/2];
+      uint32_divmod_uint14(&r1,&r0,r,M[i]);
+      r1 = uint32_mod_uint14(r1,M[i+1]); /* only needed for invalid inputs */
+      *out++ = r0;
+      *out++ = r1;
+    }
+    if (i < len)
+      *out++ = R2[i/2];
+  }
+}
+
+/* from supercop-20201130/crypto_kem/sntrup761/ref/Encode.h */
+#ifndef Encode_H
+#define Encode_H
+
+
+/* Encode(s,R,M,len) */
+/* assumes 0 <= R[i] < M[i] < 16384 */
+
+#endif
+
+/* from supercop-20201130/crypto_kem/sntrup761/ref/Encode.c */
+
+/* 0 <= R[i] < M[i] < 16384 */
+static void Encode(unsigned char *out,const uint16 *R,const uint16 *M,long long len)
+{
+  if (len == 1) {
+    uint16 r = R[0];
+    uint16 m = M[0];
+    while (m > 1) {
+      *out++ = r;
+      r >>= 8;
+      m = (m+255)>>8;
+    }
+  }
+  if (len > 1) {
+    uint16 R2[(len+1)/2];
+    uint16 M2[(len+1)/2];
+    long long i;
+    for (i = 0;i < len-1;i += 2) {
+      uint32 m0 = M[i];
+      uint32 r = R[i]+R[i+1]*m0;
+      uint32 m = M[i+1]*m0;
+      while (m >= 16384) {
+        *out++ = r;
+        r >>= 8;
+        m = (m+255)>>8;
+      }
+      R2[i/2] = r;
+      M2[i/2] = m;
+    }
+    if (i < len) {
+      R2[i/2] = R[i];
+      M2[i/2] = M[i];
+    }
+    Encode(out,R2,M2,(len+1)/2);
+  }
+}
+
+/* from supercop-20201130/crypto_kem/sntrup761/ref/kem.c */
+
+#ifdef LPR
+#endif
+
+
+/* ----- masks */
+
+#ifndef LPR
+
+/* return -1 if x!=0; else return 0 */
+static int int16_nonzero_mask(int16 x)
+{
+  uint16 u = x; /* 0, else 1...65535 */
+  uint32 v = u; /* 0, else 1...65535 */
+  v = -v; /* 0, else 2^32-65535...2^32-1 */
+  v >>= 31; /* 0, else 1 */
+  return -v; /* 0, else -1 */
+}
+
+#endif
+
+/* return -1 if x<0; otherwise return 0 */
+static int int16_negative_mask(int16 x)
+{
+  uint16 u = x;
+  u >>= 15;
+  return -(int) u;
+  /* alternative with gcc -fwrapv: */
+  /* x>>15 compiles to CPU's arithmetic right shift */
+}
+
+/* ----- arithmetic mod 3 */
+
+typedef int8 small;
+
+/* F3 is always represented as -1,0,1 */
+/* so ZZ_fromF3 is a no-op */
+
+/* x must not be close to top int16 */
+static small F3_freeze(int16 x)
+{
+  return int32_mod_uint14(x+1,3)-1;
+}
+
+/* ----- arithmetic mod q */
+
+#define q12 ((q-1)/2)
+typedef int16 Fq;
+/* always represented as -q12...q12 */
+/* so ZZ_fromFq is a no-op */
+
+/* x must not be close to top int32 */
+static Fq Fq_freeze(int32 x)
+{
+  return int32_mod_uint14(x+q12,q)-q12;
+}
+
+#ifndef LPR
+
+static Fq Fq_recip(Fq a1)
+{ 
+  int i = 1;
+  Fq ai = a1;
+
+  while (i < q-2) {
+    ai = Fq_freeze(a1*(int32)ai);
+    i += 1;
+  }
+  return ai;
+} 
+
+#endif
+
+/* ----- Top and Right */
+
+#ifdef LPR
+#define tau 16
+
+static int8 Top(Fq C)
+{
+  return (tau1*(int32)(C+tau0)+16384)>>15;
+}
+
+static Fq Right(int8 T)
+{
+  return Fq_freeze(tau3*(int32)T-tau2);
+}
+#endif
+
+/* ----- small polynomials */
+
+#ifndef LPR
+
+/* 0 if Weightw_is(r), else -1 */
+static int Weightw_mask(small *r)
+{
+  int weight = 0;
+  int i;
+
+  for (i = 0;i < p;++i) weight += r[i]&1;
+  return int16_nonzero_mask(weight-w);
+}
+
+/* R3_fromR(R_fromRq(r)) */
+static void R3_fromRq(small *out,const Fq *r)
+{
+  int i;
+  for (i = 0;i < p;++i) out[i] = F3_freeze(r[i]);
+}
+
+/* h = f*g in the ring R3 */
+static void R3_mult(small *h,const small *f,const small *g)
+{
+  small fg[p+p-1];
+  small result;
+  int i,j;
+
+  for (i = 0;i < p;++i) {
+    result = 0;
+    for (j = 0;j <= i;++j) result = F3_freeze(result+f[j]*g[i-j]);
+    fg[i] = result;
+  }
+  for (i = p;i < p+p-1;++i) {
+    result = 0;
+    for (j = i-p+1;j < p;++j) result = F3_freeze(result+f[j]*g[i-j]);
+    fg[i] = result;
+  }
+
+  for (i = p+p-2;i >= p;--i) {
+    fg[i-p] = F3_freeze(fg[i-p]+fg[i]);
+    fg[i-p+1] = F3_freeze(fg[i-p+1]+fg[i]);
+  }
+
+  for (i = 0;i < p;++i) h[i] = fg[i];
+}
+
+/* returns 0 if recip succeeded; else -1 */
+static int R3_recip(small *out,const small *in)
+{ 
+  small f[p+1],g[p+1],v[p+1],r[p+1];
+  int i,loop,delta;
+  int sign,swap,t;
+  
+  for (i = 0;i < p+1;++i) v[i] = 0;
+  for (i = 0;i < p+1;++i) r[i] = 0;
+  r[0] = 1;
+  for (i = 0;i < p;++i) f[i] = 0;
+  f[0] = 1; f[p-1] = f[p] = -1;
+  for (i = 0;i < p;++i) g[p-1-i] = in[i];
+  g[p] = 0;
+    
+  delta = 1; 
+
+  for (loop = 0;loop < 2*p-1;++loop) {
+    for (i = p;i > 0;--i) v[i] = v[i-1];
+    v[0] = 0;
+    
+    sign = -g[0]*f[0];
+    swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]);
+    delta ^= swap&(delta^-delta);
+    delta += 1;
+    
+    for (i = 0;i < p+1;++i) {
+      t = swap&(f[i]^g[i]); f[i] ^= t; g[i] ^= t;
+      t = swap&(v[i]^r[i]); v[i] ^= t; r[i] ^= t;
+    }
+  
+    for (i = 0;i < p+1;++i) g[i] = F3_freeze(g[i]+sign*f[i]);
+    for (i = 0;i < p+1;++i) r[i] = F3_freeze(r[i]+sign*v[i]);
+
+    for (i = 0;i < p;++i) g[i] = g[i+1];
+    g[p] = 0;
+  }
+  
+  sign = f[0];
+  for (i = 0;i < p;++i) out[i] = sign*v[p-1-i];
+  
+  return int16_nonzero_mask(delta);
+} 
+
+#endif
+
+/* ----- polynomials mod q */
+
+/* h = f*g in the ring Rq */
+static void Rq_mult_small(Fq *h,const Fq *f,const small *g)
+{
+  Fq fg[p+p-1];
+  Fq result;
+  int i,j;
+
+  for (i = 0;i < p;++i) {
+    result = 0;
+    for (j = 0;j <= i;++j) result = Fq_freeze(result+f[j]*(int32)g[i-j]);
+    fg[i] = result;
+  }
+  for (i = p;i < p+p-1;++i) {
+    result = 0;
+    for (j = i-p+1;j < p;++j) result = Fq_freeze(result+f[j]*(int32)g[i-j]);
+    fg[i] = result;
+  }
+
+  for (i = p+p-2;i >= p;--i) {
+    fg[i-p] = Fq_freeze(fg[i-p]+fg[i]);
+    fg[i-p+1] = Fq_freeze(fg[i-p+1]+fg[i]);
+  }
+
+  for (i = 0;i < p;++i) h[i] = fg[i];
+}
+
+#ifndef LPR
+
+/* h = 3f in Rq */
+static void Rq_mult3(Fq *h,const Fq *f)
+{
+  int i;
+  
+  for (i = 0;i < p;++i) h[i] = Fq_freeze(3*f[i]);
+}
+
+/* out = 1/(3*in) in Rq */
+/* returns 0 if recip succeeded; else -1 */
+static int Rq_recip3(Fq *out,const small *in)
+{ 
+  Fq f[p+1],g[p+1],v[p+1],r[p+1];
+  int i,loop,delta;
+  int swap,t;
+  int32 f0,g0;
+  Fq scale;
+
+  for (i = 0;i < p+1;++i) v[i] = 0;
+  for (i = 0;i < p+1;++i) r[i] = 0;
+  r[0] = Fq_recip(3);
+  for (i = 0;i < p;++i) f[i] = 0;
+  f[0] = 1; f[p-1] = f[p] = -1;
+  for (i = 0;i < p;++i) g[p-1-i] = in[i];
+  g[p] = 0;
+
+  delta = 1;
+
+  for (loop = 0;loop < 2*p-1;++loop) {
+    for (i = p;i > 0;--i) v[i] = v[i-1];
+    v[0] = 0;
+
+    swap = int16_negative_mask(-delta) & int16_nonzero_mask(g[0]);
+    delta ^= swap&(delta^-delta);
+    delta += 1;
+
+    for (i = 0;i < p+1;++i) {
+      t = swap&(f[i]^g[i]); f[i] ^= t; g[i] ^= t;
+      t = swap&(v[i]^r[i]); v[i] ^= t; r[i] ^= t;
+    }
+
+    f0 = f[0];
+    g0 = g[0];
+    for (i = 0;i < p+1;++i) g[i] = Fq_freeze(f0*g[i]-g0*f[i]);
+    for (i = 0;i < p+1;++i) r[i] = Fq_freeze(f0*r[i]-g0*v[i]);
+
+    for (i = 0;i < p;++i) g[i] = g[i+1];
+    g[p] = 0;
+  }
+
+  scale = Fq_recip(f[0]);
+  for (i = 0;i < p;++i) out[i] = Fq_freeze(scale*(int32)v[p-1-i]);
+
+  return int16_nonzero_mask(delta);
+}
+
+#endif
+
+/* ----- rounded polynomials mod q */
+
+static void Round(Fq *out,const Fq *a)
+{
+  int i;
+  for (i = 0;i < p;++i) out[i] = a[i]-F3_freeze(a[i]);
+}
+
+/* ----- sorting to generate short polynomial */
+
+static void Short_fromlist(small *out,const uint32 *in)
+{
+  uint32 L[p];
+  int i;
+
+  for (i = 0;i < w;++i) L[i] = in[i]&(uint32)-2;
+  for (i = w;i < p;++i) L[i] = (in[i]&(uint32)-3)|1;
+  crypto_sort_uint32(L,p);
+  for (i = 0;i < p;++i) out[i] = (L[i]&3)-1;
+}
+
+/* ----- underlying hash function */
+
+#define Hash_bytes 32
+
+/* e.g., b = 0 means out = Hash0(in) */
+static void Hash_prefix(unsigned char *out,int b,const unsigned char *in,int inlen)
+{
+  unsigned char x[inlen+1];
+  unsigned char h[64];
+  int i;
+
+  x[0] = b;
+  for (i = 0;i < inlen;++i) x[i+1] = in[i];
+  crypto_hash_sha512(h,x,inlen+1);
+  for (i = 0;i < 32;++i) out[i] = h[i];
+}
+
+/* ----- higher-level randomness */
+
+static uint32 urandom32(void)
+{
+  unsigned char c[4];
+  uint32 out[4];
+
+  randombytes(c,4);
+  out[0] = (uint32)c[0];
+  out[1] = ((uint32)c[1])<<8;
+  out[2] = ((uint32)c[2])<<16;
+  out[3] = ((uint32)c[3])<<24;
+  return out[0]+out[1]+out[2]+out[3];
+}
+
+static void Short_random(small *out)
+{
+  uint32 L[p];
+  int i;
+
+  for (i = 0;i < p;++i) L[i] = urandom32();
+  Short_fromlist(out,L);
+}
+
+#ifndef LPR
+
+static void Small_random(small *out)
+{
+  int i;
+
+  for (i = 0;i < p;++i) out[i] = (((urandom32()&0x3fffffff)*3)>>30)-1;
+}
+
+#endif
+
+/* ----- Streamlined NTRU Prime Core */
+
+#ifndef LPR
+
+/* h,(f,ginv) = KeyGen() */
+static void KeyGen(Fq *h,small *f,small *ginv)
+{
+  small g[p];
+  Fq finv[p];
+  
+  for (;;) {
+    Small_random(g);
+    if (R3_recip(ginv,g) == 0) break;
+  }
+  Short_random(f);
+  Rq_recip3(finv,f); /* always works */
+  Rq_mult_small(h,finv,g);
+}
+
+/* c = Encrypt(r,h) */
+static void Encrypt(Fq *c,const small *r,const Fq *h)
+{
+  Fq hr[p];
+
+  Rq_mult_small(hr,h,r);
+  Round(c,hr);
+}
+
+/* r = Decrypt(c,(f,ginv)) */
+static void Decrypt(small *r,const Fq *c,const small *f,const small *ginv)
+{
+  Fq cf[p];
+  Fq cf3[p];
+  small e[p];
+  small ev[p];
+  int mask;
+  int i;
+
+  Rq_mult_small(cf,c,f);
+  Rq_mult3(cf3,cf);
+  R3_fromRq(e,cf3);
+  R3_mult(ev,e,ginv);
+
+  mask = Weightw_mask(ev); /* 0 if weight w, else -1 */
+  for (i = 0;i < w;++i) r[i] = ((ev[i]^1)&~mask)^1;
+  for (i = w;i < p;++i) r[i] = ev[i]&~mask;
+}
+  
+#endif
+
+/* ----- NTRU LPRime Core */
+
+#ifdef LPR
+
+/* (G,A),a = KeyGen(G); leaves G unchanged */
+static void KeyGen(Fq *A,small *a,const Fq *G)
+{
+  Fq aG[p];
+
+  Short_random(a);
+  Rq_mult_small(aG,G,a);
+  Round(A,aG);
+}
+
+/* B,T = Encrypt(r,(G,A),b) */
+static void Encrypt(Fq *B,int8 *T,const int8 *r,const Fq *G,const Fq *A,const small *b)
+{
+  Fq bG[p];
+  Fq bA[p];
+  int i;
+
+  Rq_mult_small(bG,G,b);
+  Round(B,bG);
+  Rq_mult_small(bA,A,b);
+  for (i = 0;i < I;++i) T[i] = Top(Fq_freeze(bA[i]+r[i]*q12));
+}
+
+/* r = Decrypt((B,T),a) */
+static void Decrypt(int8 *r,const Fq *B,const int8 *T,const small *a)
+{
+  Fq aB[p];
+  int i;
+
+  Rq_mult_small(aB,B,a);
+  for (i = 0;i < I;++i)
+    r[i] = -int16_negative_mask(Fq_freeze(Right(T[i])-aB[i]+4*w+1));
+}
+    
+#endif
+
+/* ----- encoding I-bit inputs */
+
+#ifdef LPR
+
+#define Inputs_bytes (I/8)
+typedef int8 Inputs[I]; /* passed by reference */
+
+static void Inputs_encode(unsigned char *s,const Inputs r)
+{
+  int i;
+  for (i = 0;i < Inputs_bytes;++i) s[i] = 0;
+  for (i = 0;i < I;++i) s[i>>3] |= r[i]<<(i&7);
+}
+
+#endif
+
+/* ----- Expand */
+
+#ifdef LPR
+
+static const unsigned char aes_nonce[16] = {0};
+
+static void Expand(uint32 *L,const unsigned char *k)
+{
+  int i;
+  crypto_stream_aes256ctr((unsigned char *) L,4*p,aes_nonce,k);
+  for (i = 0;i < p;++i) {
+    uint32 L0 = ((unsigned char *) L)[4*i];
+    uint32 L1 = ((unsigned char *) L)[4*i+1];
+    uint32 L2 = ((unsigned char *) L)[4*i+2];
+    uint32 L3 = ((unsigned char *) L)[4*i+3];
+    L[i] = L0+(L1<<8)+(L2<<16)+(L3<<24);
+  }
+}
+
+#endif
+
+/* ----- Seeds */
+
+#ifdef LPR
+
+#define Seeds_bytes 32
+
+static void Seeds_random(unsigned char *s)
+{
+  randombytes(s,Seeds_bytes);
+}
+
+#endif
+
+/* ----- Generator, HashShort */
+
+#ifdef LPR
+
+/* G = Generator(k) */
+static void Generator(Fq *G,const unsigned char *k)
+{
+  uint32 L[p];
+  int i;
+
+  Expand(L,k);
+  for (i = 0;i < p;++i) G[i] = uint32_mod_uint14(L[i],q)-q12;
+}
+
+/* out = HashShort(r) */
+static void HashShort(small *out,const Inputs r)
+{
+  unsigned char s[Inputs_bytes];
+  unsigned char h[Hash_bytes];
+  uint32 L[p];
+
+  Inputs_encode(s,r);
+  Hash_prefix(h,5,s,sizeof s);
+  Expand(L,h);
+  Short_fromlist(out,L);
+}
+
+#endif
+  
+/* ----- NTRU LPRime Expand */
+
+#ifdef LPR
+
+/* (S,A),a = XKeyGen() */
+static void XKeyGen(unsigned char *S,Fq *A,small *a)
+{
+  Fq G[p];
+
+  Seeds_random(S);
+  Generator(G,S);
+  KeyGen(A,a,G);
+}
+
+/* B,T = XEncrypt(r,(S,A)) */
+static void XEncrypt(Fq *B,int8 *T,const int8 *r,const unsigned char *S,const Fq *A)
+{
+  Fq G[p];
+  small b[p];
+
+  Generator(G,S);
+  HashShort(b,r);
+  Encrypt(B,T,r,G,A,b);
+}
+
+#define XDecrypt Decrypt
+
+#endif
+
+/* ----- encoding small polynomials (including short polynomials) */
+
+#define Small_bytes ((p+3)/4)
+
+/* these are the only functions that rely on p mod 4 = 1 */
+
+static void Small_encode(unsigned char *s,const small *f)
+{
+  small x;
+  int i;
+
+  for (i = 0;i < p/4;++i) {
+    x = *f++ + 1;
+    x += (*f++ + 1)<<2;
+    x += (*f++ + 1)<<4;
+    x += (*f++ + 1)<<6;
+    *s++ = x;
+  }
+  x = *f++ + 1;
+  *s++ = x;
+}
+
+static void Small_decode(small *f,const unsigned char *s)
+{
+  unsigned char x;
+  int i;
+
+  for (i = 0;i < p/4;++i) {
+    x = *s++;
+    *f++ = ((small)(x&3))-1; x >>= 2;
+    *f++ = ((small)(x&3))-1; x >>= 2;
+    *f++ = ((small)(x&3))-1; x >>= 2;
+    *f++ = ((small)(x&3))-1;
+  }
+  x = *s++;
+  *f++ = ((small)(x&3))-1;
+}
+
+/* ----- encoding general polynomials */
+
+#ifndef LPR
+
+static void Rq_encode(unsigned char *s,const Fq *r)
+{
+  uint16 R[p],M[p];
+  int i;
+  
+  for (i = 0;i < p;++i) R[i] = r[i]+q12;
+  for (i = 0;i < p;++i) M[i] = q;
+  Encode(s,R,M,p);
+}
+
+static void Rq_decode(Fq *r,const unsigned char *s)
+{
+  uint16 R[p],M[p];
+  int i;
+
+  for (i = 0;i < p;++i) M[i] = q;
+  Decode(R,s,M,p);
+  for (i = 0;i < p;++i) r[i] = ((Fq)R[i])-q12;
+}
+  
+#endif
+
+/* ----- encoding rounded polynomials */
+
+static void Rounded_encode(unsigned char *s,const Fq *r)
+{
+  uint16 R[p],M[p];
+  int i;
+
+  for (i = 0;i < p;++i) R[i] = ((r[i]+q12)*10923)>>15;
+  for (i = 0;i < p;++i) M[i] = (q+2)/3;
+  Encode(s,R,M,p);
+}
+
+static void Rounded_decode(Fq *r,const unsigned char *s)
+{
+  uint16 R[p],M[p];
+  int i;
+
+  for (i = 0;i < p;++i) M[i] = (q+2)/3;
+  Decode(R,s,M,p);
+  for (i = 0;i < p;++i) r[i] = R[i]*3-q12;
+}
+
+/* ----- encoding top polynomials */
+
+#ifdef LPR
+
+#define Top_bytes (I/2)
+
+static void Top_encode(unsigned char *s,const int8 *T)
+{
+  int i;
+  for (i = 0;i < Top_bytes;++i)
+    s[i] = T[2*i]+(T[2*i+1]<<4);
+}
+
+static void Top_decode(int8 *T,const unsigned char *s)
+{
+  int i;
+  for (i = 0;i < Top_bytes;++i) {
+    T[2*i] = s[i]&15;
+    T[2*i+1] = s[i]>>4;
+  }
+}
+
+#endif
+
+/* ----- Streamlined NTRU Prime Core plus encoding */
+
+#ifndef LPR
+
+typedef small Inputs[p]; /* passed by reference */
+#define Inputs_random Short_random
+#define Inputs_encode Small_encode
+#define Inputs_bytes Small_bytes
+
+#define Ciphertexts_bytes Rounded_bytes
+#define SecretKeys_bytes (2*Small_bytes)
+#define PublicKeys_bytes Rq_bytes
+
+/* pk,sk = ZKeyGen() */
+static void ZKeyGen(unsigned char *pk,unsigned char *sk)
+{
+  Fq h[p];
+  small f[p],v[p];
+
+  KeyGen(h,f,v);
+  Rq_encode(pk,h);
+  Small_encode(sk,f); sk += Small_bytes;
+  Small_encode(sk,v);
+}
+
+/* C = ZEncrypt(r,pk) */
+static void ZEncrypt(unsigned char *C,const Inputs r,const unsigned char *pk)
+{
+  Fq h[p];
+  Fq c[p];
+  Rq_decode(h,pk);
+  Encrypt(c,r,h);
+  Rounded_encode(C,c);
+}
+
+/* r = ZDecrypt(C,sk) */
+static void ZDecrypt(Inputs r,const unsigned char *C,const unsigned char *sk)
+{
+  small f[p],v[p];
+  Fq c[p];
+
+  Small_decode(f,sk); sk += Small_bytes;
+  Small_decode(v,sk);
+  Rounded_decode(c,C);
+  Decrypt(r,c,f,v);
+}
+
+#endif
+
+/* ----- NTRU LPRime Expand plus encoding */
+
+#ifdef LPR
+
+#define Ciphertexts_bytes (Rounded_bytes+Top_bytes)
+#define SecretKeys_bytes Small_bytes
+#define PublicKeys_bytes (Seeds_bytes+Rounded_bytes)
+
+static void Inputs_random(Inputs r)
+{
+  unsigned char s[Inputs_bytes];
+  int i;
+
+  randombytes(s,sizeof s);
+  for (i = 0;i < I;++i) r[i] = 1&(s[i>>3]>>(i&7));
+}
+
+/* pk,sk = ZKeyGen() */
+static void ZKeyGen(unsigned char *pk,unsigned char *sk)
+{
+  Fq A[p];
+  small a[p];
+
+  XKeyGen(pk,A,a); pk += Seeds_bytes;
+  Rounded_encode(pk,A);
+  Small_encode(sk,a);
+}
+
+/* c = ZEncrypt(r,pk) */
+static void ZEncrypt(unsigned char *c,const Inputs r,const unsigned char *pk)
+{
+  Fq A[p];
+  Fq B[p];
+  int8 T[I];
+
+  Rounded_decode(A,pk+Seeds_bytes);
+  XEncrypt(B,T,r,pk,A);
+  Rounded_encode(c,B); c += Rounded_bytes;
+  Top_encode(c,T);
+}
+
+/* r = ZDecrypt(C,sk) */
+static void ZDecrypt(Inputs r,const unsigned char *c,const unsigned char *sk)
+{
+  small a[p];
+  Fq B[p];
+  int8 T[I];
+
+  Small_decode(a,sk);
+  Rounded_decode(B,c);
+  Top_decode(T,c+Rounded_bytes);
+  XDecrypt(r,B,T,a);
+}
+
+#endif
+
+/* ----- confirmation hash */
+
+#define Confirm_bytes 32
+
+/* h = HashConfirm(r,pk,cache); cache is Hash4(pk) */
+static void HashConfirm(unsigned char *h,const unsigned char *r,const unsigned char *pk,const unsigned char *cache)
+{
+#ifndef LPR
+  unsigned char x[Hash_bytes*2];
+  int i;
+
+  Hash_prefix(x,3,r,Inputs_bytes);
+  for (i = 0;i < Hash_bytes;++i) x[Hash_bytes+i] = cache[i];
+#else
+  unsigned char x[Inputs_bytes+Hash_bytes];
+  int i;
+
+  for (i = 0;i < Inputs_bytes;++i) x[i] = r[i];
+  for (i = 0;i < Hash_bytes;++i) x[Inputs_bytes+i] = cache[i];
+#endif
+  Hash_prefix(h,2,x,sizeof x);
+}
+
+/* ----- session-key hash */
+
+/* k = HashSession(b,y,z) */
+static void HashSession(unsigned char *k,int b,const unsigned char *y,const unsigned char *z)
+{
+#ifndef LPR
+  unsigned char x[Hash_bytes+Ciphertexts_bytes+Confirm_bytes];
+  int i;
+
+  Hash_prefix(x,3,y,Inputs_bytes);
+  for (i = 0;i < Ciphertexts_bytes+Confirm_bytes;++i) x[Hash_bytes+i] = z[i];
+#else
+  unsigned char x[Inputs_bytes+Ciphertexts_bytes+Confirm_bytes];
+  int i;
+
+  for (i = 0;i < Inputs_bytes;++i) x[i] = y[i];
+  for (i = 0;i < Ciphertexts_bytes+Confirm_bytes;++i) x[Inputs_bytes+i] = z[i];
+#endif
+  Hash_prefix(k,b,x,sizeof x);
+}
+
+/* ----- Streamlined NTRU Prime and NTRU LPRime */
+
+/* pk,sk = KEM_KeyGen() */
+static void KEM_KeyGen(unsigned char *pk,unsigned char *sk)
+{
+  int i;
+
+  ZKeyGen(pk,sk); sk += SecretKeys_bytes;
+  for (i = 0;i < PublicKeys_bytes;++i) *sk++ = pk[i];
+  randombytes(sk,Inputs_bytes); sk += Inputs_bytes;
+  Hash_prefix(sk,4,pk,PublicKeys_bytes);
+}
+
+/* c,r_enc = Hide(r,pk,cache); cache is Hash4(pk) */
+static void Hide(unsigned char *c,unsigned char *r_enc,const Inputs r,const unsigned char *pk,const unsigned char *cache)
+{
+  Inputs_encode(r_enc,r);
+  ZEncrypt(c,r,pk); c += Ciphertexts_bytes;
+  HashConfirm(c,r_enc,pk,cache);
+}
+
+/* c,k = Encap(pk) */
+static void Encap(unsigned char *c,unsigned char *k,const unsigned char *pk)
+{
+  Inputs r;
+  unsigned char r_enc[Inputs_bytes];
+  unsigned char cache[Hash_bytes];
+
+  Hash_prefix(cache,4,pk,PublicKeys_bytes);
+  Inputs_random(r);
+  Hide(c,r_enc,r,pk,cache);
+  HashSession(k,1,r_enc,c);
+}
+
+/* 0 if matching ciphertext+confirm, else -1 */
+static int Ciphertexts_diff_mask(const unsigned char *c,const unsigned char *c2)
+{
+  uint16 differentbits = 0;
+  int len = Ciphertexts_bytes+Confirm_bytes;
+
+  while (len-- > 0) differentbits |= (*c++)^(*c2++);
+  return (1&((differentbits-1)>>8))-1;
+}
+
+/* k = Decap(c,sk) */
+static void Decap(unsigned char *k,const unsigned char *c,const unsigned char *sk)
+{
+  const unsigned char *pk = sk + SecretKeys_bytes;
+  const unsigned char *rho = pk + PublicKeys_bytes;
+  const unsigned char *cache = rho + Inputs_bytes;
+  Inputs r;
+  unsigned char r_enc[Inputs_bytes];
+  unsigned char cnew[Ciphertexts_bytes+Confirm_bytes];
+  int mask;
+  int i;
+
+  ZDecrypt(r,c,sk);
+  Hide(cnew,r_enc,r,pk,cache);
+  mask = Ciphertexts_diff_mask(c,cnew);
+  for (i = 0;i < Inputs_bytes;++i) r_enc[i] ^= mask&(r_enc[i]^rho[i]);
+  HashSession(k,1+mask,r_enc,c);
+}
+
+/* ----- crypto_kem API */
+
+
+int crypto_kem_sntrup761_keypair(unsigned char *pk,unsigned char *sk)
+{
+  KEM_KeyGen(pk,sk);
+  return 0;
+}
+
+int crypto_kem_sntrup761_enc(unsigned char *c,unsigned char *k,const unsigned char *pk)
+{
+  Encap(c,k,pk);
+  return 0;
+}
+
+int crypto_kem_sntrup761_dec(unsigned char *k,const unsigned char *c,const unsigned char *sk)
+{
+  Decap(k,c,sk);
+  return 0;
+}
+#endif /* USE_SNTRUP761X25519 */

sntrup761.sh

diff --git a/sntrup761.sh b/sntrup761.sh
new file mode 100644
index 0000000..5cd5f92
--- /dev/null
+++ b/sntrup761.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+#       $OpenBSD: sntrup761.sh,v 1.5 2021/01/08 02:33:13 dtucker Exp $
+#       Placed in the Public Domain.
+#
+AUTHOR="supercop-20201130/crypto_kem/sntrup761/ref/implementors"
+FILES="
+	supercop-20201130/crypto_sort/int32/portable4/int32_minmax.inc
+	supercop-20201130/crypto_sort/int32/portable4/sort.c
+	supercop-20201130/crypto_sort/uint32/useint32/sort.c
+	supercop-20201130/crypto_kem/sntrup761/ref/uint32.c
+	supercop-20201130/crypto_kem/sntrup761/ref/int32.c
+	supercop-20201130/crypto_kem/sntrup761/ref/paramsmenu.h
+	supercop-20201130/crypto_kem/sntrup761/ref/params.h
+	supercop-20201130/crypto_kem/sntrup761/ref/Decode.h
+	supercop-20201130/crypto_kem/sntrup761/ref/Decode.c
+	supercop-20201130/crypto_kem/sntrup761/ref/Encode.h
+	supercop-20201130/crypto_kem/sntrup761/ref/Encode.c
+	supercop-20201130/crypto_kem/sntrup761/ref/kem.c
+"
+###
+
+set -e
+cd $1
+echo -n '/*  $'
+echo 'OpenBSD: $ */'
+echo
+echo '/*'
+echo ' * Public Domain, Authors:'
+sed -e '/Alphabetical order:/d' -e 's/^/ * - /' < $AUTHOR
+echo ' */'
+echo
+echo '#include <string.h>'
+echo '#include "crypto_api.h"'
+echo
+# Map the types used in this code to the ones in crypto_api.h.  We use #define
+# instead of typedef since some systems have existing intXX types and do not
+# permit multiple typedefs even if they do not conflict.
+for t in int8 uint8 int16 uint16 int32 uint32 int64 uint64; do
+	echo "#define $t crypto_${t}"
+done
+echo
+for i in $FILES; do
+	echo "/* from $i */"
+	# Changes to all files:
+	#  - remove all includes, we inline everything required.
+	#  - make functions not required elsewhere static.
+	#  - rename the functions we do use.
+	#  - remove unneccesary defines and externs.
+	sed -e "/#include/d" \
+	    -e "s/crypto_kem_/crypto_kem_sntrup761_/g" \
+	    -e "s/^void /static void /g" \
+	    -e "s/^int16 /static int16 /g" \
+	    -e "s/^uint16 /static uint16 /g" \
+	    -e "/^extern /d" \
+	    -e '/CRYPTO_NAMESPACE/d' \
+	    -e "/^#define int32 crypto_int32/d" \
+	    $i | \
+	case "$i" in
+	# Use int64_t for intermediate values in int32_MINMAX to prevent signed
+	# 32-bit integer overflow when called by crypto_sort_uint32.
+	*/int32_minmax.inc)
+	    sed -e "s/int32 ab = b ^ a/int64_t ab = (int64_t)b ^ (int64_t)a/" \
+	        -e "s/int32 c = b - a/int64_t c = (int64_t)b - (int64_t)a/"
+	    ;;
+	*/int32/portable4/sort.c)
+	    sed -e "s/void crypto_sort/void crypto_sort_int32/g"
+	    ;;
+	*/uint32/useint32/sort.c)
+	    sed -e "s/void crypto_sort/void crypto_sort_uint32/g"
+	    ;;
+	# Remove unused function to prevent warning.
+	*/crypto_kem/sntrup761/ref/int32.c)
+	    sed -e '/ int32_div_uint14/,/^}$/d'
+	    ;;
+	# Remove unused function to prevent warning.
+	*/crypto_kem/sntrup761/ref/uint32.c)
+	    sed -e '/ uint32_div_uint14/,/^}$/d'
+	    ;;
+	# Default: pass through.
+	*)
+	    cat
+	    ;;
+	esac
+	echo
+done

srclimit.c

diff --git a/srclimit.c b/srclimit.c
new file mode 100644
index 0000000..5014ed7
--- /dev/null
+++ b/srclimit.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright (c) 2020 Darren Tucker <dtucker@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/socket.h>
+#include <sys/types.h>
+
+#include <limits.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "addr.h"
+#include "canohost.h"
+#include "log.h"
+#include "misc.h"
+#include "srclimit.h"
+#include "xmalloc.h"
+
+static int max_children, max_persource, ipv4_masklen, ipv6_masklen;
+
+/* Per connection state, used to enforce unauthenticated connection limit. */
+static struct child_info {
+	int id;
+	struct xaddr addr;
+} *child;
+
+void
+srclimit_init(int max, int persource, int ipv4len, int ipv6len)
+{
+	int i;
+
+	max_children = max;
+	ipv4_masklen = ipv4len;
+	ipv6_masklen = ipv6len;
+	max_persource = persource;
+	if (max_persource == INT_MAX)	/* no limit */
+		return;
+	debug("%s: max connections %d, per source %d, masks %d,%d", __func__,
+	    max, persource, ipv4len, ipv6len);
+	if (max <= 0)
+		fatal("%s: invalid number of sockets: %d", __func__, max);
+	child = xcalloc(max_children, sizeof(*child));
+	for (i = 0; i < max_children; i++)
+		child[i].id = -1;
+}
+
+/* returns 1 if connection allowed, 0 if not allowed. */
+int
+srclimit_check_allow(int sock, int id)
+{
+	struct xaddr xa, xb, xmask;
+	struct sockaddr_storage addr;
+	socklen_t addrlen = sizeof(addr);
+	struct sockaddr *sa = (struct sockaddr *)&addr;
+	int i, bits, first_unused, count = 0;
+	char xas[NI_MAXHOST];
+
+	if (max_persource == INT_MAX)	/* no limit */
+		return 1;
+
+	debug("%s: sock %d id %d limit %d", __func__, sock, id, max_persource);
+	if (getpeername(sock, sa, &addrlen) != 0)
+		return 1;	/* not remote socket? */
+	if (addr_sa_to_xaddr(sa, addrlen, &xa) != 0)
+		return 1;	/* unknown address family? */
+
+	/* Mask address off address to desired size. */
+	bits = xa.af == AF_INET ? ipv4_masklen : ipv6_masklen;
+	if (addr_netmask(xa.af, bits, &xmask) != 0 ||
+	    addr_and(&xb, &xa, &xmask) != 0) {
+		debug3("%s: invalid mask %d bits", __func__, bits);
+		return 1;
+	}
+
+	first_unused = max_children;
+	/* Count matching entries and find first unused one. */
+	for (i = 0; i < max_children; i++) {
+		if (child[i].id == -1) {
+			if (i < first_unused)
+				first_unused = i;
+		} else if (addr_cmp(&child[i].addr, &xb) == 0) {
+			count++;
+		}
+	}
+	if (addr_ntop(&xa, xas, sizeof(xas)) != 0) {
+		debug3("%s: addr ntop failed", __func__);
+		return 1;
+	}
+	debug3("%s: new unauthenticated connection from %s/%d, at %d of %d",
+	    __func__, xas, bits, count, max_persource);
+
+	if (first_unused == max_children) { /* no free slot found */
+		debug3("%s: no free slot", __func__);
+		return 0;
+	}
+	if (first_unused < 0 || first_unused >= max_children)
+		fatal("%s: internal error: first_unused out of range",
+		    __func__);
+
+	if (count >= max_persource)
+		return 0;
+
+	/* Connection allowed, store masked address. */
+	child[first_unused].id = id;
+	memcpy(&child[first_unused].addr, &xb, sizeof(xb));
+	return 1;
+}
+
+void
+srclimit_done(int id)
+{
+	int i;
+
+	if (max_persource == INT_MAX)	/* no limit */
+		return;
+
+	debug("%s: id %d", __func__, id);
+	/* Clear corresponding state entry. */
+	for (i = 0; i < max_children; i++) {
+		if (child[i].id == id) {
+			child[i].id = -1;
+			return;
+		}
+	}
+}

srclimit.h

diff --git a/srclimit.h b/srclimit.h
new file mode 100644
index 0000000..6e04f32
--- /dev/null
+++ b/srclimit.h
@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2020 Darren Tucker <dtucker@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+void	srclimit_init(int, int, int, int);
+int	srclimit_check_allow(int, int);
+void	srclimit_done(int);

ssh-add.1

diff --git a/ssh-add.1 b/ssh-add.1
index 58d4213..2786df5 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.79 2020/02/07 03:57:31 djm Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.81 2020/07/14 23:57:01 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 7 2020 $
+.Dd $Mdocdate: July 14 2020 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -113,6 +113,11 @@
 will append
 .Pa .pub
 and retry.
+If the argument list consists of
+.Dq -
+then
+.Nm
+will read public keys to be removed from standard input.
 .It Fl E Ar fingerprint_hash
 Specifies the hash algorithm used when displaying key fingerprints.
 Valid options are:
@@ -169,7 +174,7 @@
 .El
 .Sh ENVIRONMENT
 .Bl -tag -width Ds
-.It Ev "DISPLAY" and "SSH_ASKPASS"
+.It Ev "DISPLAY", "SSH_ASKPASS" and "SSH_ASKPASS_REQUIRE"
 If
 .Nm
 needs a passphrase, it will read the passphrase from the current
@@ -190,10 +195,26 @@
 from a
 .Pa .xsession
 or related script.
-(Note that on some machines it
-may be necessary to redirect the input from
-.Pa /dev/null
-to make this work.)
+.Pp
+.Ev SSH_ASKPASS_REQUIRE
+allows further control over the use of an askpass program.
+If this variable is set to
+.Dq never
+then
+.Nm
+will never attempt to use one.
+If it is set to
+.Dq prefer ,
+then
+.Nm
+will prefer to use the askpass program instead of the TTY when requesting
+passwords.
+Finally, if the variable is set to
+.Dq force ,
+then the askpass program will be used for all passphrase input regardless
+of whether
+.Ev DISPLAY
+is set.
 .It Ev SSH_AUTH_SOCK
 Identifies the path of a
 .Ux Ns -domain

ssh-add.c

diff --git a/ssh-add.c b/ssh-add.c
index a40198a..92192fc 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.155 2020/03/16 02:17:02 dtucker Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.160 2021/04/03 06:18:41 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -67,6 +67,7 @@
 #include "ssherr.h"
 #include "digest.h"
 #include "ssh-sk.h"
+#include "sk-api.h"
 
 /* argv0 */
 extern char *__progname;
@@ -90,7 +91,7 @@
 static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
 
 /* Default lifetime (0 == forever) */
-static long lifetime = 0;
+static int lifetime = 0;
 
 /* User has to confirm key use */
 static int confirm = 0;
@@ -111,25 +112,69 @@
 }
 
 static int
+delete_one(int agent_fd, const struct sshkey *key, const char *comment,
+    const char *path, int qflag)
+{
+	int r;
+
+	if ((r = ssh_remove_identity(agent_fd, key)) != 0) {
+		fprintf(stderr, "Could not remove identity \"%s\": %s\n",
+		    path, ssh_err(r));
+		return r;
+	}
+	if (!qflag) {
+		fprintf(stderr, "Identity removed: %s %s (%s)\n", path,
+		    sshkey_type(key), comment);
+	}
+	return 0;
+}
+
+static int
+delete_stdin(int agent_fd, int qflag)
+{
+	char *line = NULL, *cp;
+	size_t linesize = 0;
+	struct sshkey *key = NULL;
+	int lnum = 0, r, ret = -1;
+
+	while (getline(&line, &linesize, stdin) != -1) {
+		lnum++;
+		sshkey_free(key);
+		key = NULL;
+		line[strcspn(line, "\n")] = '\0';
+		cp = line + strspn(line, " \t");
+		if (*cp == '#' || *cp == '\0')
+			continue;
+		if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
+			fatal_f("sshkey_new");
+		if ((r = sshkey_read(key, &cp)) != 0) {
+			error_r(r, "(stdin):%d: invalid key", lnum);
+			continue;
+		}
+		if (delete_one(agent_fd, key, cp, "(stdin)", qflag) == 0)
+			ret = 0;
+	}
+	sshkey_free(key);
+	free(line);
+	return ret;
+}
+
+static int
 delete_file(int agent_fd, const char *filename, int key_only, int qflag)
 {
 	struct sshkey *public, *cert = NULL;
 	char *certpath = NULL, *comment = NULL;
 	int r, ret = -1;
 
+	if (strcmp(filename, "-") == 0)
+		return delete_stdin(agent_fd, qflag);
+
 	if ((r = sshkey_load_public(filename, &public,  &comment)) != 0) {
 		printf("Bad key file %s: %s\n", filename, ssh_err(r));
 		return -1;
 	}
-	if ((r = ssh_remove_identity(agent_fd, public)) == 0) {
-		if (!qflag) {
-			fprintf(stderr, "Identity removed: %s (%s)\n",
-			    filename, comment);
-		}
+	if (delete_one(agent_fd, public, comment, filename, qflag) == 0)
 		ret = 0;
-	} else
-		fprintf(stderr, "Could not remove identity \"%s\": %s\n",
-		    filename, ssh_err(r));
 
 	if (key_only)
 		goto out;
@@ -140,8 +185,7 @@
 	xasprintf(&certpath, "%s-cert.pub", filename);
 	if ((r = sshkey_load_public(certpath, &cert, &comment)) != 0) {
 		if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
-			error("Failed to load certificate \"%s\": %s",
-			    certpath, ssh_err(r));
+			error_r(r, "Failed to load certificate \"%s\"", certpath);
 		goto out;
 	}
 
@@ -149,15 +193,8 @@
 		fatal("Certificate %s does not match private key %s",
 		    certpath, filename);
 
-	if ((r = ssh_remove_identity(agent_fd, cert)) == 0) {
-		if (!qflag) {
-			fprintf(stderr, "Identity removed: %s (%s)\n",
-			    certpath, comment);
-		}
+	if (delete_one(agent_fd, cert, comment, certpath, qflag) == 0)
 		ret = 0;
-	} else
-		fprintf(stderr, "Could not remove identity \"%s\": %s\n",
-		    certpath, ssh_err(r));
 
  out:
 	sshkey_free(cert);
@@ -299,10 +336,10 @@
 			fprintf(stderr, "Skipping update: ");
 			if (left == minleft) {
 				fprintf(stderr,
-				   "required signatures left (%d).\n", left);
+				    "required signatures left (%d).\n", left);
 			} else {
 				fprintf(stderr,
-				   "more signatures left (%d) than"
+				    "more signatures left (%d) than"
 				    " required (%d).\n", left, minleft);
 			}
 			ssh_free_identitylist(idlist);
@@ -311,12 +348,20 @@
 		ssh_free_identitylist(idlist);
 	}
 
-	if (!sshkey_is_sk(private))
-		skprovider = NULL; /* Don't send constraint for other keys */
-	else if (skprovider == NULL) {
-		fprintf(stderr, "Cannot load authenticator-hosted key %s "
-		    "without provider\n", filename);
-		goto out;
+	if (sshkey_is_sk(private)) {
+		if (skprovider == NULL) {
+			fprintf(stderr, "Cannot load FIDO key %s "
+			    "without provider\n", filename);
+			goto out;
+		}
+		if ((private->sk_flags & SSH_SK_USER_VERIFICATION_REQD) != 0) {
+			fprintf(stderr, "FIDO verify-required key %s is not "
+			    "currently supported by ssh-agent\n", filename);
+			goto out;
+		}
+	} else {
+		/* Don't send provider constraint for other keys */
+		skprovider = NULL;
 	}
 
 	if ((r = ssh_add_identity_constrained(agent_fd, private, comment,
@@ -327,7 +372,7 @@
 			    filename, comment);
 			if (lifetime != 0) {
 				fprintf(stderr,
-				    "Lifetime set to %ld seconds\n", lifetime);
+				    "Lifetime set to %d seconds\n", lifetime);
 			}
 			if (confirm != 0) {
 				fprintf(stderr, "The user must confirm "
@@ -347,8 +392,7 @@
 	xasprintf(&certpath, "%s-cert.pub", filename);
 	if ((r = sshkey_load_public(certpath, &cert, NULL)) != 0) {
 		if (r != SSH_ERR_SYSTEM_ERROR || errno != ENOENT)
-			error("Failed to load certificate \"%s\": %s",
-			    certpath, ssh_err(r));
+			error_r(r, "Failed to load certificate \"%s\"", certpath);
 		goto out;
 	}
 
@@ -361,12 +405,12 @@
 
 	/* Graft with private bits */
 	if ((r = sshkey_to_certified(private)) != 0) {
-		error("%s: sshkey_to_certified: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_to_certified");
 		sshkey_free(cert);
 		goto out;
 	}
 	if ((r = sshkey_cert_copy(cert, private)) != 0) {
-		error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_cert_copy");
 		sshkey_free(cert);
 		goto out;
 	}
@@ -374,8 +418,8 @@
 
 	if ((r = ssh_add_identity_constrained(agent_fd, private, comment,
 	    lifetime, confirm, maxsign, skprovider)) != 0) {
-		error("Certificate %s (%s) add failed: %s", certpath,
-		    private->cert->key_id, ssh_err(r));
+		error_r(r, "Certificate %s (%s) add failed", certpath,
+		    private->cert->key_id);
 		goto out;
 	}
 	/* success */
@@ -383,7 +427,7 @@
 		fprintf(stderr, "Certificate added: %s (%s)\n", certpath,
 		    private->cert->key_id);
 		if (lifetime != 0) {
-			fprintf(stderr, "Lifetime set to %ld seconds\n",
+			fprintf(stderr, "Lifetime set to %d seconds\n",
 			    lifetime);
 		}
 		if (confirm != 0) {
@@ -438,20 +482,18 @@
 	char data[1024];
 
 	if ((r = sshkey_load_public(filename, &key, NULL)) != 0) {
-		error("Couldn't read public key %s: %s", filename, ssh_err(r));
+		error_r(r, "Couldn't read public key %s", filename);
 		return -1;
 	}
 	arc4random_buf(data, sizeof(data));
 	if ((r = ssh_agent_sign(agent_fd, key, &sig, &slen, data, sizeof(data),
 	    NULL, 0)) != 0) {
-		error("Agent signature failed for %s: %s",
-		    filename, ssh_err(r));
+		error_r(r, "Agent signature failed for %s", filename);
 		goto done;
 	}
 	if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
 	    NULL, 0, NULL)) != 0) {
-		error("Signature verification failed for %s: %s",
-		    filename, ssh_err(r));
+		error_r(r, "Signature verification failed for %s", filename);
 		goto done;
 	}
 	/* success */
@@ -546,13 +588,13 @@
 	pass = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
 	if ((r = sshsk_load_resident(skprovider, NULL, pass,
 	    &keys, &nkeys)) != 0) {
-		error("Unable to load resident keys: %s", ssh_err(r));
+		error_r(r, "Unable to load resident keys");
 		return r;
 	}
 	for (i = 0; i < nkeys; i++) {
 		if ((fp = sshkey_fingerprint(keys[i],
 		    fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
-			fatal("%s: sshkey_fingerprint failed", __func__);
+			fatal_f("sshkey_fingerprint failed");
 		if ((r = ssh_add_identity_constrained(agent_fd, keys[i], "",
 		    lifetime, confirm, maxsign, skprovider)) != 0) {
 			error("Unable to add key %s %s",
@@ -568,7 +610,7 @@
 			    sshkey_type(keys[i]), fp);
 			if (lifetime != 0) {
 				fprintf(stderr,
-				    "Lifetime set to %ld seconds\n", lifetime);
+				    "Lifetime set to %d seconds\n", lifetime);
 			}
 			if (confirm != 0) {
 				fprintf(stderr, "The user must confirm "

ssh-agent.1

diff --git a/ssh-agent.1 b/ssh-agent.1
index fff0db6..ed8c870 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.70 2019/12/21 20:22:34 naddy Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.72 2020/06/22 05:52:05 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 21 2019 $
+.Dd $Mdocdate: June 22 2020 $
 .Dt SSH-AGENT 1
 .Os
 .Sh NAME
@@ -46,9 +46,14 @@
 .Op Fl \&Dd
 .Op Fl a Ar bind_address
 .Op Fl E Ar fingerprint_hash
-.Op Fl P Ar provider_whitelist
+.Op Fl P Ar allowed_providers
 .Op Fl t Ar life
-.Op Ar command Op Ar arg ...
+.Nm ssh-agent
+.Op Fl a Ar bind_address
+.Op Fl E Ar fingerprint_hash
+.Op Fl P Ar allowed_providers
+.Op Fl t Ar life
+.Ar command Op Ar arg ...
 .Nm ssh-agent
 .Op Fl c | s
 .Fl k
@@ -97,19 +102,19 @@
 Kill the current agent (given by the
 .Ev SSH_AGENT_PID
 environment variable).
-.It Fl P Ar provider_whitelist
-Specify a pattern-list of acceptable paths for PKCS#11 and FIDO authenticator
-shared libraries that may be used with the
+.It Fl P Ar allowed_providers
+Specify a pattern-list of acceptable paths for PKCS#11 provider and FIDO
+authenticator middleware shared libraries that may be used with the
 .Fl S
 or
 .Fl s
 options to
 .Xr ssh-add 1 .
-Libraries that do not match the whitelist will be refused.
+Libraries that do not match the pattern list will be refused.
 See PATTERNS in
 .Xr ssh_config 5
 for a description of pattern-list syntax.
-The default whitelist is
+The default list is
 .Dq /usr/lib/*,/usr/local/lib/* .
 .It Fl s
 Generate Bourne shell commands on
@@ -152,7 +157,8 @@
 .Pp
 In both cases,
 .Xr ssh 1
-looks at these environment variables and uses them to establish a connection to the agent.
+looks at these environment variables
+and uses them to establish a connection to the agent.
 .Pp
 The agent initially does not have any private keys.
 Keys are added using

ssh-agent.c

diff --git a/ssh-agent.c b/ssh-agent.c
index e081413..48a47d4 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.257 2020/03/06 18:28:27 markus Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.278 2021/04/03 06:18:41 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -77,6 +77,7 @@
 
 #include "xmalloc.h"
 #include "ssh.h"
+#include "ssh2.h"
 #include "sshbuf.h"
 #include "sshkey.h"
 #include "authfd.h"
@@ -92,8 +93,8 @@
 #include "ssh-pkcs11.h"
 #include "sk-api.h"
 
-#ifndef DEFAULT_PROVIDER_WHITELIST
-# define DEFAULT_PROVIDER_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
+#ifndef DEFAULT_ALLOWED_PROVIDERS
+# define DEFAULT_ALLOWED_PROVIDERS "/usr/lib*/*,/usr/local/lib*/*"
 #endif
 
 /* Maximum accepted message length */
@@ -102,12 +103,12 @@
 #define AGENT_RBUF_LEN	(4096)
 
 typedef enum {
-	AUTH_UNUSED,
-	AUTH_SOCKET,
-	AUTH_CONNECTION
+	AUTH_UNUSED = 0,
+	AUTH_SOCKET = 1,
+	AUTH_CONNECTION = 2,
 } sock_type;
 
-typedef struct {
+typedef struct socket_entry {
 	int fd;
 	sock_type type;
 	struct sshbuf *input;
@@ -149,8 +150,8 @@
 char socket_name[PATH_MAX];
 char socket_dir[PATH_MAX];
 
-/* PKCS#11/Security key path whitelist */
-static char *provider_whitelist;
+/* Pattern-list of allowed PKCS#11/Security key paths */
+static char *allowed_providers;
 
 /* locking */
 #define LOCK_SIZE	32
@@ -163,19 +164,23 @@
 extern char *__progname;
 
 /* Default lifetime in seconds (0 == forever) */
-static long lifetime = 0;
+static int lifetime = 0;
 
 static int fingerprint_hash = SSH_FP_HASH_DEFAULT;
 
+/* Refuse signing of non-SSH messages for web-origin FIDO keys */
+static int restrict_websafe = 1;
+
 static void
 close_socket(SocketEntry *e)
 {
 	close(e->fd);
-	e->fd = -1;
-	e->type = AUTH_UNUSED;
 	sshbuf_free(e->input);
 	sshbuf_free(e->output);
 	sshbuf_free(e->request);
+	memset(e, '\0', sizeof(*e));
+	e->fd = -1;
+	e->type = AUTH_UNUSED;
 }
 
 static void
@@ -211,15 +216,16 @@
 
 /* Check confirmation of keysign request */
 static int
-confirm_key(Identity *id)
+confirm_key(Identity *id, const char *extra)
 {
 	char *p;
 	int ret = -1;
 
 	p = sshkey_fingerprint(id->key, fingerprint_hash, SSH_FP_DEFAULT);
 	if (p != NULL &&
-	    ask_permission("Allow use of key %s?\nKey fingerprint %s.",
-	    id->comment, p))
+	    ask_permission("Allow use of key %s?\nKey fingerprint %s.%s%s",
+	    id->comment, p,
+	    extra == NULL ? "" : "\n", extra == NULL ? "" : extra))
 		ret = 0;
 	free(p);
 
@@ -234,7 +240,7 @@
 	if ((r = sshbuf_put_u32(e->output, 1)) != 0 ||
 	    (r = sshbuf_put_u8(e->output, success ?
 	    SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 }
 
 /* send list of supported public keys to 'client' */
@@ -245,22 +251,23 @@
 	struct sshbuf *msg;
 	int r;
 
+	debug2_f("entering");
+
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
 	    (r = sshbuf_put_u32(msg, idtab->nentries)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	TAILQ_FOREACH(id, &idtab->idlist, next) {
-		if ((r = sshkey_puts_opts(id->key, msg, SSHKEY_SERIALIZE_INFO))
-		     != 0 ||
+		if ((r = sshkey_puts_opts(id->key, msg,
+		    SSHKEY_SERIALIZE_INFO)) != 0 ||
 		    (r = sshbuf_put_cstring(msg, id->comment)) != 0) {
-			error("%s: put key/comment: %s", __func__,
-			    ssh_err(r));
+			error_fr(r, "compose key/comment");
 			continue;
 		}
 	}
 	if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "enqueue");
 	sshbuf_free(msg);
 }
 
@@ -282,70 +289,213 @@
 	return NULL;
 }
 
+/*
+ * Attempt to parse the contents of a buffer as a SSH publickey userauth
+ * request, checking its contents for consistency and matching the embedded
+ * key against the one that is being used for signing.
+ * Note: does not modify msg buffer.
+ * Optionally extract the username and session ID from the request.
+ */
+static int
+parse_userauth_request(struct sshbuf *msg, const struct sshkey *expected_key,
+    char **userp, struct sshbuf **sess_idp)
+{
+	struct sshbuf *b = NULL, *sess_id = NULL;
+	char *user = NULL, *service = NULL, *method = NULL, *pkalg = NULL;
+	int r;
+	u_char t, sig_follows;
+	struct sshkey *mkey = NULL;
+
+	if (userp != NULL)
+		*userp = NULL;
+	if (sess_idp != NULL)
+		*sess_idp = NULL;
+	if ((b = sshbuf_fromb(msg)) == NULL)
+		fatal_f("sshbuf_fromb");
+
+	/* SSH userauth request */
+	if ((r = sshbuf_froms(b, &sess_id)) != 0)
+		goto out;
+	if (sshbuf_len(sess_id) == 0) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	if ((r = sshbuf_get_u8(b, &t)) != 0 || /* SSH2_MSG_USERAUTH_REQUEST */
+	    (r = sshbuf_get_cstring(b, &user, NULL)) != 0 || /* server user */
+	    (r = sshbuf_get_cstring(b, &service, NULL)) != 0 || /* service */
+	    (r = sshbuf_get_cstring(b, &method, NULL)) != 0 || /* method */
+	    (r = sshbuf_get_u8(b, &sig_follows)) != 0 || /* sig-follows */
+	    (r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0 || /* alg */
+	    (r = sshkey_froms(b, &mkey)) != 0) /* key */
+		goto out;
+	if (t != SSH2_MSG_USERAUTH_REQUEST ||
+	    sig_follows != 1 ||
+	    strcmp(service, "ssh-connection") != 0 ||
+	    !sshkey_equal(expected_key, mkey) ||
+	    sshkey_type_from_name(pkalg) != expected_key->type) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	if (strcmp(method, "publickey") != 0) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	if (sshbuf_len(b) != 0) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	/* success */
+	r = 0;
+	debug3_f("well formed userauth");
+	if (userp != NULL) {
+		*userp = user;
+		user = NULL;
+	}
+	if (sess_idp != NULL) {
+		*sess_idp = sess_id;
+		sess_id = NULL;
+	}
+ out:
+	sshbuf_free(b);
+	sshbuf_free(sess_id);
+	free(user);
+	free(service);
+	free(method);
+	free(pkalg);
+	sshkey_free(mkey);
+	return r;
+}
+
+/*
+ * Attempt to parse the contents of a buffer as a SSHSIG signature request.
+ * Note: does not modify buffer.
+ */
+static int
+parse_sshsig_request(struct sshbuf *msg)
+{
+	int r;
+	struct sshbuf *b;
+
+	if ((b = sshbuf_fromb(msg)) == NULL)
+		fatal_f("sshbuf_fromb");
+
+	if ((r = sshbuf_cmp(b, 0, "SSHSIG", 6)) != 0 ||
+	    (r = sshbuf_consume(b, 6)) != 0 ||
+	    (r = sshbuf_get_cstring(b, NULL, NULL)) != 0 || /* namespace */
+	    (r = sshbuf_get_string_direct(b, NULL, NULL)) != 0 || /* reserved */
+	    (r = sshbuf_get_cstring(b, NULL, NULL)) != 0 || /* hashalg */
+	    (r = sshbuf_get_string_direct(b, NULL, NULL)) != 0) /* H(msg) */
+		goto out;
+	if (sshbuf_len(b) != 0) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	/* success */
+	r = 0;
+ out:
+	sshbuf_free(b);
+	return r;
+}
+
+/*
+ * This function inspects a message to be signed by a FIDO key that has a
+ * web-like application string (i.e. one that does not begin with "ssh:".
+ * It checks that the message is one of those expected for SSH operations
+ * (pubkey userauth, sshsig, CA key signing) to exclude signing challenges
+ * for the web.
+ */
+static int
+check_websafe_message_contents(struct sshkey *key, struct sshbuf *data)
+{
+	if (parse_userauth_request(data, key, NULL, NULL) == 0) {
+		debug_f("signed data matches public key userauth request");
+		return 1;
+	}
+	if (parse_sshsig_request(data) == 0) {
+		debug_f("signed data matches SSHSIG signature request");
+		return 1;
+	}
+
+	/* XXX check CA signature operation */
+
+	error("web-origin key attempting to sign non-SSH message");
+	return 0;
+}
+
 /* ssh2 only */
 static void
 process_sign_request2(SocketEntry *e)
 {
-	const u_char *data;
 	u_char *signature = NULL;
-	size_t dlen, slen = 0;
+	size_t slen = 0;
 	u_int compat = 0, flags;
 	int r, ok = -1;
 	char *fp = NULL;
-	struct sshbuf *msg;
+	struct sshbuf *msg = NULL, *data = NULL;
 	struct sshkey *key = NULL;
 	struct identity *id;
 	struct notifier_ctx *notifier = NULL;
 
-	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+	debug_f("entering");
+
+	if ((msg = sshbuf_new()) == NULL || (data = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
 	if ((r = sshkey_froms(e->request, &key)) != 0 ||
-	    (r = sshbuf_get_string_direct(e->request, &data, &dlen)) != 0 ||
+	    (r = sshbuf_get_stringb(e->request, data)) != 0 ||
 	    (r = sshbuf_get_u32(e->request, &flags)) != 0) {
-		error("%s: couldn't parse request: %s", __func__, ssh_err(r));
+		error_fr(r, "parse");
 		goto send;
 	}
 
 	if ((id = lookup_identity(key)) == NULL) {
-		verbose("%s: %s key not found", __func__, sshkey_type(key));
+		verbose_f("%s key not found", sshkey_type(key));
 		goto send;
 	}
-	if (id->confirm && confirm_key(id) != 0) {
-		verbose("%s: user refused key", __func__);
+	if (id->confirm && confirm_key(id, NULL) != 0) {
+		verbose_f("user refused key");
 		goto send;
 	}
-	if (sshkey_is_sk(id->key) &&
-	    (id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
-		if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
-		    SSH_FP_DEFAULT)) == NULL)
-			fatal("%s: fingerprint failed", __func__);
-		notifier = notify_start(0,
-		    "Confirm user presence for key %s %s",
-		    sshkey_type(id->key), fp);
+	if (sshkey_is_sk(id->key)) {
+		if (strncmp(id->key->sk_application, "ssh:", 4) != 0 &&
+		    !check_websafe_message_contents(key, data)) {
+			/* error already logged */
+			goto send;
+		}
+		if ((id->key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
+			if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
+			    SSH_FP_DEFAULT)) == NULL)
+				fatal_f("fingerprint failed");
+			notifier = notify_start(0,
+			    "Confirm user presence for key %s %s",
+			    sshkey_type(id->key), fp);
+		}
 	}
+	/* XXX support PIN required FIDO keys */
 	if ((r = sshkey_sign(id->key, &signature, &slen,
-	    data, dlen, agent_decode_alg(key, flags),
-	    id->sk_provider, compat)) != 0) {
-		error("%s: sshkey_sign: %s", __func__, ssh_err(r));
+	    sshbuf_ptr(data), sshbuf_len(data), agent_decode_alg(key, flags),
+	    id->sk_provider, NULL, compat)) != 0) {
+		error_fr(r, "sshkey_sign");
 		goto send;
 	}
 	/* Success */
 	ok = 0;
  send:
-	notify_complete(notifier);
-	sshkey_free(key);
-	free(fp);
+	notify_complete(notifier, "User presence confirmed");
+
 	if (ok == 0) {
 		if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 ||
 		    (r = sshbuf_put_string(msg, signature, slen)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose");
 	} else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose failure");
 
 	if ((r = sshbuf_put_stringb(e->output, msg)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "enqueue");
 
+	sshbuf_free(data);
 	sshbuf_free(msg);
+	sshkey_free(key);
+	free(fp);
 	free(signature);
 }
 
@@ -357,24 +507,24 @@
 	struct sshkey *key = NULL;
 	Identity *id;
 
+	debug2_f("entering");
 	if ((r = sshkey_froms(e->request, &key)) != 0) {
-		error("%s: get key: %s", __func__, ssh_err(r));
+		error_fr(r, "parse key");
 		goto done;
 	}
 	if ((id = lookup_identity(key)) == NULL) {
-		debug("%s: key not found", __func__);
+		debug_f("key not found");
 		goto done;
 	}
 	/* We have this key, free it. */
 	if (idtab->nentries < 1)
-		fatal("%s: internal error: nentries %d",
-		    __func__, idtab->nentries);
+		fatal_f("internal error: nentries %d", idtab->nentries);
 	TAILQ_REMOVE(&idtab->idlist, id, next);
 	free_identity(id);
 	idtab->nentries--;
-	sshkey_free(key);
 	success = 1;
  done:
+	sshkey_free(key);
 	send_status(e, success);
 }
 
@@ -383,6 +533,7 @@
 {
 	Identity *id;
 
+	debug2_f("entering");
 	/* Loop over all identities and clear the keys. */
 	for (id = TAILQ_FIRST(&idtab->idlist); id;
 	    id = TAILQ_FIRST(&idtab->idlist)) {
@@ -423,125 +574,171 @@
 		return (deadline - now);
 }
 
+static int
+parse_key_constraint_extension(struct sshbuf *m, char **sk_providerp)
+{
+	char *ext_name = NULL;
+	int r;
+
+	if ((r = sshbuf_get_cstring(m, &ext_name, NULL)) != 0) {
+		error_fr(r, "parse constraint extension");
+		goto out;
+	}
+	debug_f("constraint ext %s", ext_name);
+	if (strcmp(ext_name, "sk-provider@openssh.com") == 0) {
+		if (sk_providerp == NULL) {
+			error_f("%s not valid here", ext_name);
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
+		if (*sk_providerp != NULL) {
+			error_f("%s already set", ext_name);
+			r = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
+		if ((r = sshbuf_get_cstring(m, sk_providerp, NULL)) != 0) {
+			error_fr(r, "parse %s", ext_name);
+			goto out;
+		}
+	} else {
+		error_f("unsupported constraint \"%s\"", ext_name);
+		r = SSH_ERR_FEATURE_UNSUPPORTED;
+		goto out;
+	}
+	/* success */
+	r = 0;
+ out:
+	free(ext_name);
+	return r;
+}
+
+static int
+parse_key_constraints(struct sshbuf *m, struct sshkey *k, time_t *deathp,
+    u_int *secondsp, int *confirmp, char **sk_providerp)
+{
+	u_char ctype;
+	int r;
+	u_int seconds, maxsign = 0;
+
+	while (sshbuf_len(m)) {
+		if ((r = sshbuf_get_u8(m, &ctype)) != 0) {
+			error_fr(r, "parse constraint type");
+			goto out;
+		}
+		switch (ctype) {
+		case SSH_AGENT_CONSTRAIN_LIFETIME:
+			if (*deathp != 0) {
+				error_f("lifetime already set");
+				r = SSH_ERR_INVALID_FORMAT;
+				goto out;
+			}
+			if ((r = sshbuf_get_u32(m, &seconds)) != 0) {
+				error_fr(r, "parse lifetime constraint");
+				goto out;
+			}
+			*deathp = monotime() + seconds;
+			*secondsp = seconds;
+			break;
+		case SSH_AGENT_CONSTRAIN_CONFIRM:
+			if (*confirmp != 0) {
+				error_f("confirm already set");
+				r = SSH_ERR_INVALID_FORMAT;
+				goto out;
+			}
+			*confirmp = 1;
+			break;
+		case SSH_AGENT_CONSTRAIN_MAXSIGN:
+			if (k == NULL) {
+				error_f("maxsign not valid here");
+				r = SSH_ERR_INVALID_FORMAT;
+				goto out;
+			}
+			if (maxsign != 0) {
+				error_f("maxsign already set");
+				r = SSH_ERR_INVALID_FORMAT;
+				goto out;
+			}
+			if ((r = sshbuf_get_u32(m, &maxsign)) != 0) {
+				error_fr(r, "parse maxsign constraint");
+				goto out;
+			}
+			if ((r = sshkey_enable_maxsign(k, maxsign)) != 0) {
+				error_fr(r, "enable maxsign");
+				goto out;
+			}
+			break;
+		case SSH_AGENT_CONSTRAIN_EXTENSION:
+			if ((r = parse_key_constraint_extension(m,
+			    sk_providerp)) != 0)
+				goto out; /* error already logged */
+			break;
+		default:
+			error_f("Unknown constraint %d", ctype);
+			r = SSH_ERR_FEATURE_UNSUPPORTED;
+			goto out;
+		}
+	}
+	/* success */
+	r = 0;
+ out:
+	return r;
+}
+
 static void
 process_add_identity(SocketEntry *e)
 {
 	Identity *id;
 	int success = 0, confirm = 0;
-	u_int seconds = 0, maxsign;
-	char *fp, *comment = NULL, *ext_name = NULL, *sk_provider = NULL;
+	char *fp, *comment = NULL, *sk_provider = NULL;
 	char canonical_provider[PATH_MAX];
 	time_t death = 0;
+	u_int seconds = 0;
 	struct sshkey *k = NULL;
-	u_char ctype;
 	int r = SSH_ERR_INTERNAL_ERROR;
 
+	debug2_f("entering");
 	if ((r = sshkey_private_deserialize(e->request, &k)) != 0 ||
 	    k == NULL ||
 	    (r = sshbuf_get_cstring(e->request, &comment, NULL)) != 0) {
-		error("%s: decode private key: %s", __func__, ssh_err(r));
-		goto err;
+		error_fr(r, "parse");
+		goto out;
 	}
-	while (sshbuf_len(e->request)) {
-		if ((r = sshbuf_get_u8(e->request, &ctype)) != 0) {
-			error("%s: buffer error: %s", __func__, ssh_err(r));
-			goto err;
-		}
-		switch (ctype) {
-		case SSH_AGENT_CONSTRAIN_LIFETIME:
-			if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) {
-				error("%s: bad lifetime constraint: %s",
-				    __func__, ssh_err(r));
-				goto err;
-			}
-			death = monotime() + seconds;
-			break;
-		case SSH_AGENT_CONSTRAIN_CONFIRM:
-			confirm = 1;
-			break;
-		case SSH_AGENT_CONSTRAIN_MAXSIGN:
-			if ((r = sshbuf_get_u32(e->request, &maxsign)) != 0) {
-				error("%s: bad maxsign constraint: %s",
-				    __func__, ssh_err(r));
-				goto err;
-			}
-			if ((r = sshkey_enable_maxsign(k, maxsign)) != 0) {
-				error("%s: cannot enable maxsign: %s",
-				    __func__, ssh_err(r));
-				goto err;
-			}
-			break;
-		case SSH_AGENT_CONSTRAIN_EXTENSION:
-			if ((r = sshbuf_get_cstring(e->request,
-			    &ext_name, NULL)) != 0) {
-				error("%s: cannot parse extension: %s",
-				    __func__, ssh_err(r));
-				goto err;
-			}
-			debug("%s: constraint ext %s", __func__, ext_name);
-			if (strcmp(ext_name, "sk-provider@openssh.com") == 0) {
-				if (sk_provider != NULL) {
-					error("%s already set", ext_name);
-					goto err;
-				}
-				if ((r = sshbuf_get_cstring(e->request,
-				    &sk_provider, NULL)) != 0) {
-					error("%s: cannot parse %s: %s",
-					    __func__, ext_name, ssh_err(r));
-					goto err;
-				}
-			} else {
-				error("%s: unsupported constraint \"%s\"",
-				    __func__, ext_name);
-				goto err;
-			}
-			free(ext_name);
-			break;
-		default:
-			error("%s: Unknown constraint %d", __func__, ctype);
- err:
-			free(sk_provider);
-			free(ext_name);
-			sshbuf_reset(e->request);
-			free(comment);
-			sshkey_free(k);
-			goto send;
-		}
+	if (parse_key_constraints(e->request, k, &death, &seconds, &confirm,
+	    &sk_provider) != 0) {
+		error_f("failed to parse constraints");
+		sshbuf_reset(e->request);
+		goto out;
 	}
+
 	if (sk_provider != NULL) {
 		if (!sshkey_is_sk(k)) {
 			error("Cannot add provider: %s is not an "
 			    "authenticator-hosted key", sshkey_type(k));
-			free(sk_provider);
-			goto send;
+			goto out;
 		}
 		if (strcasecmp(sk_provider, "internal") == 0) {
-			debug("%s: internal provider", __func__);
+			debug_f("internal provider");
 		} else {
 			if (realpath(sk_provider, canonical_provider) == NULL) {
 				verbose("failed provider \"%.100s\": "
 				    "realpath: %s", sk_provider,
 				    strerror(errno));
-				free(sk_provider);
-				goto send;
+				goto out;
 			}
 			free(sk_provider);
 			sk_provider = xstrdup(canonical_provider);
 			if (match_pattern_list(sk_provider,
-			    provider_whitelist, 0) != 1) {
+			    allowed_providers, 0) != 1) {
 				error("Refusing add key: "
-				    "provider %s not whitelisted", sk_provider);
-				free(sk_provider);
-				goto send;
+				    "provider %s not allowed", sk_provider);
+				goto out;
 			}
 		}
 	}
 	if ((r = sshkey_shield_private(k)) != 0) {
-		error("%s: shield private key: %s", __func__, ssh_err(r));
-		goto err;
+		error_fr(r, "shield private");
+		goto out;
 	}
-
-	success = 1;
 	if (lifetime && !death)
 		death = monotime() + lifetime;
 	if ((id = lookup_identity(k)) == NULL) {
@@ -555,6 +752,7 @@
 		free(id->comment);
 		free(id->sk_provider);
 	}
+	/* success */
 	id->key = k;
 	id->comment = comment;
 	id->death = death;
@@ -563,12 +761,20 @@
 
 	if ((fp = sshkey_fingerprint(k, SSH_FP_HASH_DEFAULT,
 	    SSH_FP_DEFAULT)) == NULL)
-		fatal("%s: sshkey_fingerprint failed", __func__);
-	debug("%s: add %s %s \"%.100s\" (life: %u) (confirm: %u) "
-	    "(provider: %s)", __func__, sshkey_ssh_name(k), fp, comment,
-	    seconds, confirm, sk_provider == NULL ? "none" : sk_provider);
+		fatal_f("sshkey_fingerprint failed");
+	debug_f("add %s %s \"%.100s\" (life: %u) (confirm: %u) "
+	    "(provider: %s)", sshkey_ssh_name(k), fp, comment, seconds,
+	    confirm, sk_provider == NULL ? "none" : sk_provider);
 	free(fp);
-send:
+	/* transferred */
+	k = NULL;
+	comment = NULL;
+	sk_provider = NULL;
+	success = 1;
+ out:
+	free(sk_provider);
+	free(comment);
+	sshkey_free(k);
 	send_status(e, success);
 }
 
@@ -582,13 +788,14 @@
 	static u_int fail_count = 0;
 	size_t pwlen;
 
+	debug2_f("entering");
 	/*
 	 * This is deliberately fatal: the user has requested that we lock,
 	 * but we can't parse their request properly. The only safe thing to
 	 * do is abort.
 	 */
 	if ((r = sshbuf_get_cstring(e->request, &passwd, &pwlen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (pwlen == 0) {
 		debug("empty password not supported");
 	} else if (locked && !lock) {
@@ -631,11 +838,11 @@
 	int r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
 	    (r = sshbuf_put_u32(msg, 0)) != 0 ||
 	    (r = sshbuf_put_stringb(e->output, msg)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	sshbuf_free(msg);
 }
 
@@ -646,51 +853,33 @@
 	char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX];
 	char **comments = NULL;
 	int r, i, count = 0, success = 0, confirm = 0;
-	u_int seconds;
+	u_int seconds = 0;
 	time_t death = 0;
-	u_char type;
 	struct sshkey **keys = NULL, *k;
 	Identity *id;
 
+	debug2_f("entering");
 	if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "parse");
 		goto send;
 	}
-
-	while (sshbuf_len(e->request)) {
-		if ((r = sshbuf_get_u8(e->request, &type)) != 0) {
-			error("%s: buffer error: %s", __func__, ssh_err(r));
-			goto send;
-		}
-		switch (type) {
-		case SSH_AGENT_CONSTRAIN_LIFETIME:
-			if ((r = sshbuf_get_u32(e->request, &seconds)) != 0) {
-				error("%s: buffer error: %s",
-				    __func__, ssh_err(r));
-				goto send;
-			}
-			death = monotime() + seconds;
-			break;
-		case SSH_AGENT_CONSTRAIN_CONFIRM:
-			confirm = 1;
-			break;
-		default:
-			error("%s: Unknown constraint type %d", __func__, type);
-			goto send;
-		}
+	if (parse_key_constraints(e->request, NULL, &death, &seconds, &confirm,
+	    NULL) != 0) {
+		error_f("failed to parse constraints");
+		goto send;
 	}
 	if (realpath(provider, canonical_provider) == NULL) {
 		verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",
 		    provider, strerror(errno));
 		goto send;
 	}
-	if (match_pattern_list(canonical_provider, provider_whitelist, 0) != 1) {
+	if (match_pattern_list(canonical_provider, allowed_providers, 0) != 1) {
 		verbose("refusing PKCS#11 add of \"%.100s\": "
-		    "provider not whitelisted", canonical_provider);
+		    "provider not allowed", canonical_provider);
 		goto send;
 	}
-	debug("%s: add %.100s", __func__, canonical_provider);
+	debug_f("add %.100s", canonical_provider);
 	if (lifetime && !death)
 		death = monotime() + lifetime;
 
@@ -714,6 +903,7 @@
 			idtab->nentries++;
 			success = 1;
 		}
+		/* XXX update constraints for existing keys */
 		sshkey_free(keys[i]);
 		free(comments[i]);
 	}
@@ -732,9 +922,10 @@
 	int r, success = 0;
 	Identity *id, *nxt;
 
+	debug2_f("entering");
 	if ((r = sshbuf_get_cstring(e->request, &provider, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(e->request, &pin, NULL)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "parse");
 		goto send;
 	}
 	free(pin);
@@ -745,7 +936,7 @@
 		goto send;
 	}
 
-	debug("%s: remove %.100s", __func__, canonical_provider);
+	debug_f("remove %.100s", canonical_provider);
 	for (id = TAILQ_FIRST(&idtab->idlist); id; id = nxt) {
 		nxt = TAILQ_NEXT(id, next);
 		/* Skip file--based keys */
@@ -760,15 +951,17 @@
 	if (pkcs11_del_provider(canonical_provider) == 0)
 		success = 1;
 	else
-		error("%s: pkcs11_del_provider failed", __func__);
+		error_f("pkcs11_del_provider failed");
 send:
 	free(provider);
 	send_status(e, success);
 }
 #endif /* ENABLE_PKCS11 */
 
-/* dispatch incoming messages */
-
+/*
+ * dispatch incoming message.
+ * returns 1 on success, 0 for incomplete messages or -1 on error.
+ */
 static int
 process_message(u_int socknum)
 {
@@ -778,10 +971,8 @@
 	int r;
 	SocketEntry *e;
 
-	if (socknum >= sockets_alloc) {
-		fatal("%s: socket number %u >= allocated %u",
-		    __func__, socknum, sockets_alloc);
-	}
+	if (socknum >= sockets_alloc)
+		fatal_f("sock %u >= allocated %u", socknum, sockets_alloc);
 	e = &sockets[socknum];
 
 	if (sshbuf_len(e->input) < 5)
@@ -789,8 +980,8 @@
 	cp = sshbuf_ptr(e->input);
 	msg_len = PEEK_U32(cp);
 	if (msg_len > AGENT_MAX_LEN) {
-		debug("%s: socket %u (fd=%d) message too long %u > %u",
-		    __func__, socknum, e->fd, msg_len, AGENT_MAX_LEN);
+		debug_f("socket %u (fd=%d) message too long %u > %u",
+		    socknum, e->fd, msg_len, AGENT_MAX_LEN);
 		return -1;
 	}
 	if (sshbuf_len(e->input) < msg_len + 4)
@@ -802,13 +993,13 @@
 	    (r = sshbuf_get_u8(e->request, &type)) != 0) {
 		if (r == SSH_ERR_MESSAGE_INCOMPLETE ||
 		    r == SSH_ERR_STRING_TOO_LARGE) {
-			debug("%s: buffer error: %s", __func__, ssh_err(r));
+			error_fr(r, "parse");
 			return -1;
 		}
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	}
 
-	debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type);
+	debug_f("socket %u (fd=%d) type %d", socknum, e->fd, type);
 
 	/* check whether agent is locked */
 	if (locked && type != SSH_AGENTC_UNLOCK) {
@@ -822,7 +1013,7 @@
 			/* send a fail message for all other request types */
 			send_status(e, 0);
 		}
-		return 0;
+		return 1;
 	}
 
 	switch (type) {
@@ -866,7 +1057,7 @@
 		send_status(e, 0);
 		break;
 	}
-	return 0;
+	return 1;
 }
 
 static void
@@ -874,6 +1065,8 @@
 {
 	u_int i, old_alloc, new_alloc;
 
+	debug_f("type = %s", type == AUTH_CONNECTION ? "CONNECTION" :
+	    (type == AUTH_SOCKET ? "SOCKET" : "UNKNOWN"));
 	set_nonblock(fd);
 
 	if (fd > max_fd)
@@ -882,28 +1075,25 @@
 	for (i = 0; i < sockets_alloc; i++)
 		if (sockets[i].type == AUTH_UNUSED) {
 			sockets[i].fd = fd;
-			if ((sockets[i].input = sshbuf_new()) == NULL)
-				fatal("%s: sshbuf_new failed", __func__);
-			if ((sockets[i].output = sshbuf_new()) == NULL)
-				fatal("%s: sshbuf_new failed", __func__);
-			if ((sockets[i].request = sshbuf_new()) == NULL)
-				fatal("%s: sshbuf_new failed", __func__);
+			if ((sockets[i].input = sshbuf_new()) == NULL ||
+			    (sockets[i].output = sshbuf_new()) == NULL ||
+			    (sockets[i].request = sshbuf_new()) == NULL)
+				fatal_f("sshbuf_new failed");
 			sockets[i].type = type;
 			return;
 		}
 	old_alloc = sockets_alloc;
 	new_alloc = sockets_alloc + 10;
-	sockets = xreallocarray(sockets, new_alloc, sizeof(sockets[0]));
+	sockets = xrecallocarray(sockets, old_alloc, new_alloc,
+	    sizeof(sockets[0]));
 	for (i = old_alloc; i < new_alloc; i++)
 		sockets[i].type = AUTH_UNUSED;
 	sockets_alloc = new_alloc;
 	sockets[old_alloc].fd = fd;
-	if ((sockets[old_alloc].input = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
-	if ((sockets[old_alloc].output = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
-	if ((sockets[old_alloc].request = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+	if ((sockets[old_alloc].input = sshbuf_new()) == NULL ||
+	    (sockets[old_alloc].output = sshbuf_new()) == NULL ||
+	    (sockets[old_alloc].request = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
 	sockets[old_alloc].type = type;
 }
 
@@ -948,16 +1138,20 @@
 		if (len == -1) {
 			if (errno == EAGAIN || errno == EINTR)
 				return 0;
-			error("%s: read error on socket %u (fd %d): %s",
-			    __func__, socknum, sockets[socknum].fd,
-			    strerror(errno));
+			error_f("read error on socket %u (fd %d): %s",
+			    socknum, sockets[socknum].fd, strerror(errno));
 		}
 		return -1;
 	}
 	if ((r = sshbuf_put(sockets[socknum].input, buf, len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	explicit_bzero(buf, sizeof(buf));
-	process_message(socknum);
+	for (;;) {
+		if ((r = process_message(socknum)) == -1)
+			return -1;
+		else if (r == 0)
+			break;
+	}
 	return 0;
 }
 
@@ -975,14 +1169,13 @@
 		if (len == -1) {
 			if (errno == EAGAIN || errno == EINTR)
 				return 0;
-			error("%s: read error on socket %u (fd %d): %s",
-			    __func__, socknum, sockets[socknum].fd,
-			    strerror(errno));
+			error_f("read error on socket %u (fd %d): %s",
+			    socknum, sockets[socknum].fd, strerror(errno));
 		}
 		return -1;
 	}
 	if ((r = sshbuf_consume(sockets[socknum].output, len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "consume");
 	return 0;
 }
 
@@ -1004,7 +1197,7 @@
 				break;
 		}
 		if (socknum >= sockets_alloc) {
-			error("%s: no socket for fd %d", __func__, pfd[i].fd);
+			error_f("no socket for fd %d", pfd[i].fd);
 			continue;
 		}
 		/* Process events */
@@ -1065,7 +1258,7 @@
 	}
 	if (npfd != *npfdp &&
 	    (pfd = recallocarray(pfd, *npfdp, npfd, sizeof(*pfd))) == NULL)
-		fatal("%s: recallocarray failed", __func__);
+		fatal_f("recallocarray failed");
 	*pfdp = pfd;
 	*npfdp = npfd;
 
@@ -1092,12 +1285,10 @@
 			if ((r = sshbuf_check_reserve(sockets[i].input,
 			    AGENT_RBUF_LEN)) == 0 &&
 			    (r = sshbuf_check_reserve(sockets[i].output,
-			     AGENT_MAX_LEN)) == 0)
+			    AGENT_MAX_LEN)) == 0)
 				pfd[j].events = POLLIN;
-			else if (r != SSH_ERR_NO_BUFFER_SPACE) {
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
-			}
+			else if (r != SSH_ERR_NO_BUFFER_SPACE)
+				fatal_fr(r, "reserve");
 			if (sshbuf_len(sockets[i].output) > 0)
 				pfd[j].events |= POLLOUT;
 			j++;
@@ -1126,7 +1317,7 @@
 {
 	if (cleanup_pid != 0 && getpid() != cleanup_pid)
 		return;
-	debug("%s: cleanup", __func__);
+	debug_f("cleanup");
 	if (socket_name[0])
 		unlink(socket_name);
 	if (socket_dir[0])
@@ -1170,7 +1361,9 @@
 {
 	fprintf(stderr,
 	    "usage: ssh-agent [-c | -s] [-Dd] [-a bind_address] [-E fingerprint_hash]\n"
-	    "                 [-P provider_whitelist] [-t life] [command [arg ...]]\n"
+	    "                 [-P allowed_providers] [-t life]\n"
+	    "       ssh-agent [-a bind_address] [-E fingerprint_hash] [-P allowed_providers]\n"
+	    "                 [-t life] command [arg ...]\n"
 	    "       ssh-agent [-c | -s] -k\n");
 	exit(1);
 }
@@ -1179,7 +1372,7 @@
 main(int ac, char **av)
 {
 	int c_flag = 0, d_flag = 0, D_flag = 0, k_flag = 0, s_flag = 0;
-	int sock, fd, ch, result, saved_errno;
+	int sock, ch, result, saved_errno;
 	char *shell, *format, *pidstr, *agentsocket = NULL;
 #ifdef HAVE_SETRLIMIT
 	struct rlimit rlim;
@@ -1212,7 +1405,7 @@
 	__progname = ssh_get_progname(av[0]);
 	seed_rng();
 
-	while ((ch = getopt(ac, av, "cDdksE:a:P:t:")) != -1) {
+	while ((ch = getopt(ac, av, "cDdksE:a:O:P:t:")) != -1) {
 		switch (ch) {
 		case 'E':
 			fingerprint_hash = ssh_digest_alg_by_name(optarg);
@@ -1227,10 +1420,16 @@
 		case 'k':
 			k_flag++;
 			break;
+		case 'O':
+			if (strcmp(optarg, "no-restrict-websafe") == 0)
+				restrict_websafe  = 0;
+			else
+				fatal("Unknown -O option");
+			break;
 		case 'P':
-			if (provider_whitelist != NULL)
+			if (allowed_providers != NULL)
 				fatal("-P option already specified");
-			provider_whitelist = xstrdup(optarg);
+			allowed_providers = xstrdup(optarg);
 			break;
 		case 's':
 			if (c_flag)
@@ -1266,8 +1465,8 @@
 	if (ac > 0 && (c_flag || k_flag || s_flag || d_flag || D_flag))
 		usage();
 
-	if (provider_whitelist == NULL)
-		provider_whitelist = xstrdup(DEFAULT_PROVIDER_WHITELIST);
+	if (allowed_providers == NULL)
+		allowed_providers = xstrdup(DEFAULT_ALLOWED_PROVIDERS);
 
 	if (ac == 0 && !c_flag && !s_flag) {
 		shell = getenv("SHELL");
@@ -1393,14 +1592,8 @@
 	}
 
 	(void)chdir("/");
-	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
-		/* XXX might close listen socket */
-		(void)dup2(fd, STDIN_FILENO);
-		(void)dup2(fd, STDOUT_FILENO);
-		(void)dup2(fd, STDERR_FILENO);
-		if (fd > 2)
-			close(fd);
-	}
+	if (stdfd_devnull(1, 1, 1) == -1)
+		error_f("stdfd_devnull failed");
 
 #ifdef HAVE_SETRLIMIT
 	/* deny core dumps, since memory contains unencrypted private keys */

ssh-ecdsa-sk.c

diff --git a/ssh-ecdsa-sk.c b/ssh-ecdsa-sk.c
index 981d60d..c6927ec 100644
--- a/ssh-ecdsa-sk.c
+++ b/ssh-ecdsa-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ecdsa-sk.c,v 1.5 2019/11/26 03:04:27 djm Exp $ */
+/* $OpenBSD: ssh-ecdsa-sk.c,v 1.8 2020/06/22 23:44:27 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2010 Damien Miller.  All rights reserved.
@@ -49,6 +49,7 @@
 #define SSHKEY_INTERNAL
 #include "sshkey.h"
 
+#ifndef OPENSSL_HAS_ECC
 /* ARGSUSED */
 int
 ssh_ecdsa_sk_verify(const struct sshkey *key,
@@ -56,15 +57,102 @@
     const u_char *data, size_t datalen, u_int compat,
     struct sshkey_sig_details **detailsp)
 {
-#ifdef OPENSSL_HAS_ECC
+	return SSH_ERR_FEATURE_UNSUPPORTED;
+}
+#else /* OPENSSL_HAS_ECC */
+
+/*
+ * Check FIDO/W3C webauthn signatures clientData field against the expected
+ * format and prepare a hash of it for use in signature verification.
+ *
+ * webauthn signatures do not sign the hash of the message directly, but
+ * instead sign a JSON-like "clientData" wrapper structure that contains the
+ * message hash along with a other information.
+ *
+ * Fortunately this structure has a fixed format so it is possible to verify
+ * that the hash of the signed message is present within the clientData
+ * structure without needing to implement any JSON parsing.
+ */
+static int
+webauthn_check_prepare_hash(const u_char *data, size_t datalen,
+    const char *origin, const struct sshbuf *wrapper,
+    uint8_t flags, const struct sshbuf *extensions,
+    u_char *msghash, size_t msghashlen)
+{
+	int r = SSH_ERR_INTERNAL_ERROR;
+	struct sshbuf *chall = NULL, *m = NULL;
+
+	if ((m = sshbuf_new()) == NULL ||
+	    (chall = sshbuf_from(data, datalen)) == NULL) {
+		r = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	/*
+	 * Ensure origin contains no quote character and that the flags are
+	 * consistent with what we received
+	 */
+	if (strchr(origin, '\"') != NULL ||
+	    (flags & 0x40) != 0 /* AD */ ||
+	    ((flags & 0x80) == 0 /* ED */) != (sshbuf_len(extensions) == 0)) {
+		r = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+
+	/*
+	 * Prepare the preamble to clientData that we expect, poking the
+	 * challenge and origin into their canonical positions in the
+	 * structure. The crossOrigin flag and any additional extension
+	 * fields present are ignored.
+	 */
+#define WEBAUTHN_0	"{\"type\":\"webauthn.get\",\"challenge\":\""
+#define WEBAUTHN_1	"\",\"origin\":\""
+#define WEBAUTHN_2	"\""
+	if ((r = sshbuf_put(m, WEBAUTHN_0, sizeof(WEBAUTHN_0) - 1)) != 0 ||
+	    (r = sshbuf_dtourlb64(chall, m, 0)) != 0 ||
+	    (r = sshbuf_put(m, WEBAUTHN_1, sizeof(WEBAUTHN_1) - 1)) != 0 ||
+	    (r = sshbuf_put(m, origin, strlen(origin))) != 0 ||
+	    (r = sshbuf_put(m, WEBAUTHN_2, sizeof(WEBAUTHN_2) - 1)) != 0)
+		goto out;
+#ifdef DEBUG_SK
+	fprintf(stderr, "%s: received origin: %s\n", __func__, origin);
+	fprintf(stderr, "%s: received clientData:\n", __func__);
+	sshbuf_dump(wrapper, stderr);
+	fprintf(stderr, "%s: expected clientData premable:\n", __func__);
+	sshbuf_dump(m, stderr);
+#endif
+	/* Check that the supplied clientData has the preamble we expect */
+	if ((r = sshbuf_cmp(wrapper, 0, sshbuf_ptr(m), sshbuf_len(m))) != 0)
+		goto out;
+
+	/* Prepare hash of clientData */
+	if ((r = ssh_digest_buffer(SSH_DIGEST_SHA256, wrapper,
+	    msghash, msghashlen)) != 0)
+		goto out;
+
+	/* success */
+	r = 0;
+ out:
+	sshbuf_free(chall);
+	sshbuf_free(m);
+	return r;
+}
+
+/* ARGSUSED */
+int
+ssh_ecdsa_sk_verify(const struct sshkey *key,
+    const u_char *signature, size_t signaturelen,
+    const u_char *data, size_t datalen, u_int compat,
+    struct sshkey_sig_details **detailsp)
+{
 	ECDSA_SIG *sig = NULL;
 	BIGNUM *sig_r = NULL, *sig_s = NULL;
 	u_char sig_flags;
 	u_char msghash[32], apphash[32], sighash[32];
 	u_int sig_counter;
-	int ret = SSH_ERR_INTERNAL_ERROR;
+	int is_webauthn = 0, ret = SSH_ERR_INTERNAL_ERROR;
 	struct sshbuf *b = NULL, *sigbuf = NULL, *original_signed = NULL;
-	char *ktype = NULL;
+	struct sshbuf *webauthn_wrapper = NULL, *webauthn_exts = NULL;
+	char *ktype = NULL, *webauthn_origin = NULL;
 	struct sshkey_sig_details *details = NULL;
 #ifdef DEBUG_SK
 	char *tmp = NULL;
@@ -83,16 +171,33 @@
 	/* fetch signature */
 	if ((b = sshbuf_from(signature, signaturelen)) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
-	if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
-	    sshbuf_froms(b, &sigbuf) != 0 ||
+	if ((details = calloc(1, sizeof(*details))) == NULL) {
+		ret = SSH_ERR_ALLOC_FAIL;
+		goto out;
+	}
+	if (sshbuf_get_cstring(b, &ktype, NULL) != 0) {
+		ret = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	if (strcmp(ktype, "webauthn-sk-ecdsa-sha2-nistp256@openssh.com") == 0)
+		is_webauthn = 1;
+	else if (strcmp(ktype, "sk-ecdsa-sha2-nistp256@openssh.com") != 0) {
+		ret = SSH_ERR_INVALID_FORMAT;
+		goto out;
+	}
+	if (sshbuf_froms(b, &sigbuf) != 0 ||
 	    sshbuf_get_u8(b, &sig_flags) != 0 ||
 	    sshbuf_get_u32(b, &sig_counter) != 0) {
 		ret = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
-	if (strcmp(sshkey_ssh_name_plain(key), ktype) != 0) {
-		ret = SSH_ERR_KEY_TYPE_MISMATCH;
-		goto out;
+	if (is_webauthn) {
+		if (sshbuf_get_cstring(b, &webauthn_origin, NULL) != 0 ||
+		    sshbuf_froms(b, &webauthn_wrapper) != 0 ||
+		    sshbuf_froms(b, &webauthn_exts) != 0) {
+			ret = SSH_ERR_INVALID_FORMAT;
+			goto out;
+		}
 	}
 	if (sshbuf_len(b) != 0) {
 		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
@@ -105,14 +210,11 @@
 		ret = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
-	if ((sig = ECDSA_SIG_new()) == NULL) {
-		ret = SSH_ERR_ALLOC_FAIL;
+	if (sshbuf_len(sigbuf) != 0) {
+		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
 		goto out;
 	}
-	if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) {
-		ret = SSH_ERR_LIBCRYPTO_ERROR;
-		goto out;
-	}
+
 #ifdef DEBUG_SK
 	fprintf(stderr, "%s: data: (len %zu)\n", __func__, datalen);
 	/* sshbuf_dump_data(data, datalen, stderr); */
@@ -122,20 +224,34 @@
 	free(tmp);
 	fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
 	    __func__, sig_flags, sig_counter);
+	if (is_webauthn) {
+		fprintf(stderr, "%s: webauthn origin: %s\n", __func__,
+		    webauthn_origin);
+		fprintf(stderr, "%s: webauthn_wrapper:\n", __func__);
+		sshbuf_dump(webauthn_wrapper, stderr);
+	}
 #endif
-	sig_r = sig_s = NULL; /* transferred */
-
-	if (sshbuf_len(sigbuf) != 0) {
-		ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
+	if ((sig = ECDSA_SIG_new()) == NULL) {
+		ret = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
+	if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) {
+		ret = SSH_ERR_LIBCRYPTO_ERROR;
+		goto out;
+	}
+	sig_r = sig_s = NULL; /* transferred */
 
 	/* Reconstruct data that was supposedly signed */
 	if ((original_signed = sshbuf_new()) == NULL) {
 		ret = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
-	if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen,
+	if (is_webauthn) {
+		if ((ret = webauthn_check_prepare_hash(data, datalen,
+		    webauthn_origin, webauthn_wrapper, sig_flags, webauthn_exts,
+		    msghash, sizeof(msghash))) != 0)
+			goto out;
+	} else if ((ret = ssh_digest_memory(SSH_DIGEST_SHA256, data, datalen,
 	    msghash, sizeof(msghash))) != 0)
 		goto out;
 	/* Application value is hashed before signature */
@@ -152,16 +268,13 @@
 	    apphash, sizeof(apphash))) != 0 ||
 	    (ret = sshbuf_put_u8(original_signed, sig_flags)) != 0 ||
 	    (ret = sshbuf_put_u32(original_signed, sig_counter)) != 0 ||
+	    (ret = sshbuf_putb(original_signed, webauthn_exts)) != 0 ||
 	    (ret = sshbuf_put(original_signed, msghash, sizeof(msghash))) != 0)
 		goto out;
 	/* Signature is over H(original_signed) */
 	if ((ret = ssh_digest_buffer(SSH_DIGEST_SHA256, original_signed,
 	    sighash, sizeof(sighash))) != 0)
 		goto out;
-	if ((details = calloc(1, sizeof(*details))) == NULL) {
-		ret = SSH_ERR_ALLOC_FAIL;
-		goto out;
-	}
 	details->sk_counter = sig_counter;
 	details->sk_flags = sig_flags;
 #ifdef DEBUG_SK
@@ -195,6 +308,9 @@
 	explicit_bzero(sighash, sizeof(msghash));
 	explicit_bzero(apphash, sizeof(apphash));
 	sshkey_sig_details_free(details);
+	sshbuf_free(webauthn_wrapper);
+	sshbuf_free(webauthn_exts);
+	free(webauthn_origin);
 	sshbuf_free(original_signed);
 	sshbuf_free(sigbuf);
 	sshbuf_free(b);
@@ -203,7 +319,6 @@
 	BN_clear_free(sig_s);
 	free(ktype);
 	return ret;
-#else
-	return SSH_ERR_INTERNAL_ERROR;
-#endif
 }
+
+#endif /* OPENSSL_HAS_ECC */

ssh-ed25519-sk.c

diff --git a/ssh-ed25519-sk.c b/ssh-ed25519-sk.c
index f784776..4393ca6 100644
--- a/ssh-ed25519-sk.c
+++ b/ssh-ed25519-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ed25519-sk.c,v 1.5 2020/02/26 13:40:09 jsg Exp $ */
+/* $OpenBSD: ssh-ed25519-sk.c,v 1.6 2020/10/18 11:32:02 djm Exp $ */
 /*
  * Copyright (c) 2019 Markus Friedl.  All rights reserved.
  *
@@ -139,8 +139,7 @@
 	}
 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
 	    key->ed25519_pk)) != 0) {
-		debug2("%s: crypto_sign_ed25519_open failed: %d",
-		    __func__, ret);
+		debug2_f("crypto_sign_ed25519_open failed: %d", ret);
 	}
 	if (ret != 0 || mlen != smlen - len) {
 		r = SSH_ERR_SIGNATURE_INVALID;

ssh-ed25519.c

diff --git a/ssh-ed25519.c b/ssh-ed25519.c
index 7dee827..23419f3 100644
--- a/ssh-ed25519.c
+++ b/ssh-ed25519.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-ed25519.c,v 1.8 2020/02/26 13:40:09 jsg Exp $ */
+/* $OpenBSD: ssh-ed25519.c,v 1.9 2020/10/18 11:32:02 djm Exp $ */
 /*
  * Copyright (c) 2013 Markus Friedl <markus@openbsd.org>
  *
@@ -140,8 +140,7 @@
 	memcpy(sm+len, data, datalen);
 	if ((ret = crypto_sign_ed25519_open(m, &mlen, sm, smlen,
 	    key->ed25519_pk)) != 0) {
-		debug2("%s: crypto_sign_ed25519_open failed: %d",
-		    __func__, ret);
+		debug2_f("crypto_sign_ed25519_open failed: %d", ret);
 	}
 	if (ret != 0 || mlen != datalen) {
 		r = SSH_ERR_SIGNATURE_INVALID;

ssh-gss.h

diff --git a/ssh-gss.h b/ssh-gss.h
index 36180d0..a8af117 100644
--- a/ssh-gss.h
+++ b/ssh-gss.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-gss.h,v 1.14 2018/07/10 09:13:30 djm Exp $ */
+/* $OpenBSD: ssh-gss.h,v 1.15 2021/01/27 10:05:28 djm Exp $ */
 /*
  * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
  *
@@ -122,7 +122,7 @@
 void ssh_gssapi_delete_ctx(Gssctxt **);
 OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
 void ssh_gssapi_buildmic(struct sshbuf *, const char *,
-    const char *, const char *);
+    const char *, const char *, const struct sshbuf *);
 int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
 
 /* In the server */

ssh-keygen.1

diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 059c1b0..f83f515 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.203 2020/04/03 02:26:56 djm Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.216 2021/08/11 08:54:17 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 3 2020 $
+.Dd $Mdocdate: August 11 2021 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -44,20 +44,24 @@
 .Sh SYNOPSIS
 .Nm ssh-keygen
 .Op Fl q
+.Op Fl a Ar rounds
 .Op Fl b Ar bits
 .Op Fl C Ar comment
 .Op Fl f Ar output_keyfile
 .Op Fl m Ar format
-.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
 .Op Fl N Ar new_passphrase
 .Op Fl O Ar option
+.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
 .Op Fl w Ar provider
+.Op Fl Z Ar cipher
 .Nm ssh-keygen
 .Fl p
+.Op Fl a Ar rounds
 .Op Fl f Ar keyfile
 .Op Fl m Ar format
 .Op Fl N Ar new_passphrase
 .Op Fl P Ar old_passphrase
+.Op Fl Z Ar cipher
 .Nm ssh-keygen
 .Fl i
 .Op Fl f Ar input_keyfile
@@ -71,6 +75,7 @@
 .Op Fl f Ar input_keyfile
 .Nm ssh-keygen
 .Fl c
+.Op Fl a Ar rounds
 .Op Fl C Ar comment
 .Op Fl f Ar keyfile
 .Op Fl P Ar passphrase
@@ -93,6 +98,7 @@
 .Op Fl f Ar known_hosts_file
 .Nm ssh-keygen
 .Fl K
+.Op Fl a Ar rounds
 .Op Fl w Ar provider
 .Nm ssh-keygen
 .Fl R Ar hostname
@@ -125,6 +131,7 @@
 .Op Fl f Ar input_keyfile
 .Nm ssh-keygen
 .Fl A
+.Op Fl a Ar rounds
 .Op Fl f Ar prefix_path
 .Nm ssh-keygen
 .Fl k
@@ -140,10 +147,12 @@
 .Ar
 .Nm ssh-keygen
 .Fl Y Cm find-principals
+.Op Fl O Ar option
 .Fl s Ar signature_file
 .Fl f Ar allowed_signers_file
 .Nm ssh-keygen
 .Fl Y Cm check-novalidate
+.Op Fl O Ar option
 .Fl n Ar namespace
 .Fl s Ar signature_file
 .Nm ssh-keygen
@@ -153,6 +162,7 @@
 .Ar
 .Nm ssh-keygen
 .Fl Y Cm verify
+.Op Fl O Ar option
 .Fl f Ar allowed_signers_file
 .Fl I Ar signer_identity
 .Fl n Ar namespace
@@ -248,7 +258,9 @@
 .Fl p
 (change passphrase) flag.
 .Pp
-After a key is generated, instructions below detail where the keys
+After a key is generated,
+.Nm
+will ask where the keys
 should be placed to be activated.
 .Pp
 The options are as follows:
@@ -267,9 +279,12 @@
 to generate new host keys.
 .It Fl a Ar rounds
 When saving a private key, this option specifies the number of KDF
-(key derivation function) rounds used.
+(key derivation function, currently
+.Xr bcrypt_pbkdf 3 )
+rounds used.
 Higher numbers result in slower passphrase verification and increased
 resistance to brute-force password cracking (should the keys be stolen).
+The default is 16 rounds.
 .It Fl B
 Show the bubblebabble digest of specified private or public key file.
 .It Fl b Ar bits
@@ -374,6 +389,8 @@
 Download resident keys from a FIDO authenticator.
 Public and private key files will be written to the current directory for
 each downloaded key.
+If multiple FIDO authenticators are attached, keys will be downloaded from
+the first touched authenticator.
 .It Fl k
 Generate a KRL file.
 In this mode,
@@ -503,10 +520,30 @@
 overriding the empty default username.
 Specifying a username may be useful when generating multiple resident keys
 for the same application name.
+.It Cm verify-required
+Indicate that this private key should require user verification for
+each signature.
+Not all FIDO tokens support this option.
+Currently PIN authentication is the only supported verification method,
+but other methods may be supported in the future.
 .It Cm write-attestation Ns = Ns Ar path
-May be used at key generation time to record the attestation certificate
+May be used at key generation time to record the attestation data
 returned from FIDO tokens during key generation.
-By default this information is discarded.
+Please note that this information is potentially sensitive.
+By default, this information is discarded.
+.El
+.Pp
+When performing signature-related options using the
+.Fl Y
+flag, the following options are accepted:
+.Bl -tag -width Ds
+.It Cm print-pubkey
+Print the full public key to standard output after signature verification.
+.It Cm verify-time Ns = Ns Ar timestamp
+Specifies a time to use when validating signatures instead of the current
+time.
+The time may be specified as a date in YYYYMMDD format or a time
+in YYYYMMDDHHMM[SS] format.
 .El
 .Pp
 The
@@ -617,7 +654,7 @@
 .Dq 20100101123000:20110101123000
 (valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
 .Dq -1d:20110101
-(valid from yesterday to midnight, January 1st, 2011).
+(valid from yesterday to midnight, January 1st, 2011),
 .Dq -1m:forever
 (valid from one minute ago and never expiring).
 .It Fl v
@@ -721,6 +758,13 @@
 .It Fl y
 This option will read a private
 OpenSSH format file and print an OpenSSH public key to stdout.
+.It Fl Z Ar cipher
+Specifies the cipher to use for encryption when writing an OpenSSH-format
+private key file.
+The list of available ciphers may be obtained using
+.Qq ssh -Q cipher .
+The default is
+.Dq aes256-ctr .
 .It Fl z Ar serial_number
 Specifies a serial number to be embedded in the certificate to distinguish
 this certificate from others from the same CA.
@@ -788,8 +832,7 @@
 .Pp
 Screened DH groups may be installed in
 .Pa /etc/moduli .
-It is important that this file contains moduli of a range of bit lengths and
-that both ends of a connection share common moduli.
+It is important that this file contains moduli of a range of bit lengths.
 .Pp
 A number of options are available for moduli generation and screening via the
 .Fl O
@@ -953,7 +996,7 @@
 Allows X11 forwarding.
 .Pp
 .It Ic no-touch-required
-Do not require signatures made using this key require demonstration
+Do not require signatures made using this key include demonstration
 of user presence (e.g. by having the user touch the authenticator).
 This option only makes sense for the FIDO authenticator algorithms
 .Cm ecdsa-sk
@@ -966,6 +1009,16 @@
 .Ar address_list
 is a comma-separated list of one or more address/netmask pairs in CIDR
 format.
+.Pp
+.It Ic verify-required
+Require signatures made using this key indicate that the user was first
+verified.
+This option only makes sense for the FIDO authenticator algorithms
+.Cm ecdsa-sk
+and
+.Cm ed25519-sk .
+Currently PIN authentication is the only supported verification method,
+but other methods may be supported in the future.
 .El
 .Pp
 At present, no standard options are valid for host keys.
@@ -976,7 +1029,7 @@
 option allows specification of certificate start and end times.
 A certificate that is presented at a time outside this range will not be
 considered valid.
-By default, certificates are valid from
+By default, certificates are valid from the
 .Ux
 Epoch to the distant future.
 .Pp
@@ -1080,7 +1133,7 @@
 .Ql #
 are ignored as comments.
 .Pp
-The principals field is a pattern-list (See PATTERNS in
+The principals field is a pattern-list (see PATTERNS in
 .Xr ssh_config 5 )
 consisting of one or more comma-separated USER@DOMAIN identity patterns
 that are accepted for signing.
@@ -1097,11 +1150,16 @@
 .It Cm cert-authority
 Indicates that this key is accepted as a certificate authority (CA) and
 that certificates signed by this CA may be accepted for verification.
-.It Cm namespaces="namespace-list"
+.It Cm namespaces Ns = Ns "namespace-list"
 Specifies a pattern-list of namespaces that are accepted for this key.
 If this option is present, the signature namespace embedded in the
 signature object and presented on the verification command-line must
 match the specified list before the key will be considered acceptable.
+.It Cm valid-after Ns = Ns "timestamp"
+Indicates that the key is valid for use at or after the specified timestamp,
+which may be a date in YYYYMMDD format or a time in YYYYMMDDHHMM[SS] format.
+.It Cm valid-before Ns = Ns "timestamp"
+Indicates that the key is valid for use at or before the specified timestamp.
 .El
 .Pp
 When verifying signatures made by certificates, the expected principal

ssh-keygen.c

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 2c5c75d..4b40768 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.409.2.1 2020/05/18 19:02:13 benno Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.437 2021/09/08 03:23:44 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -65,6 +65,7 @@
 #include "sshsig.h"
 #include "ssh-sk.h"
 #include "sk-api.h" /* XXX for SSH_SK_USER_PRESENCE_REQD; remove */
+#include "cipher.h"
 
 #ifdef WITH_OPENSSL
 # define DEFAULT_KEY_TYPE_NAME "rsa"
@@ -133,13 +134,13 @@
 static char *certflags_src_addr = NULL;
 
 /* Arbitrary extensions specified by user */
-struct cert_userext {
+struct cert_ext {
 	char *key;
 	char *val;
 	int crit;
 };
-static struct cert_userext *cert_userext;
-static size_t ncert_userext;
+static struct cert_ext *cert_ext;
+static size_t ncert_ext;
 
 /* Conversion to/from various formats */
 enum {
@@ -184,7 +185,7 @@
 		fatal("unknown key type %s", key_type_name);
 	if (*bitsp == 0) {
 #ifdef WITH_OPENSSL
-		u_int nid;
+		int nid;
 
 		switch(type) {
 		case KEY_DSA:
@@ -219,10 +220,11 @@
 		break;
 	case KEY_ECDSA:
 		if (sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
-			fatal("Invalid ECDSA key length: valid lengths are "
 #ifdef OPENSSL_HAS_NISTP521
+			fatal("Invalid ECDSA key length: valid lengths are "
 			    "256, 384 or 521 bits");
 #else
+			fatal("Invalid ECDSA key length: valid lengths are "
 			    "256 or 384 bits");
 #endif
 	}
@@ -321,7 +323,7 @@
 	if ((r = sshkey_load_private(filename, "", &prv, commentp)) == 0)
 		return prv;
 	if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
-		fatal("Load key \"%s\": %s", filename, ssh_err(r));
+		fatal_r(r, "Load key \"%s\"", filename);
 	if (identity_passphrase)
 		pass = xstrdup(identity_passphrase);
 	else
@@ -329,7 +331,7 @@
 	r = sshkey_load_private(filename, pass, &prv, commentp);
 	freezero(pass, strlen(pass));
 	if (r != 0)
-		fatal("Load key \"%s\": %s", filename, ssh_err(r));
+		fatal_r(r, "Load key \"%s\"", filename);
 	return prv;
 }
 
@@ -347,11 +349,11 @@
 	int r;
 
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshkey_putb(k, b)) != 0)
-		fatal("key_to_blob failed: %s", ssh_err(r));
+		fatal_fr(r, "put key");
 	if ((b64 = sshbuf_dtob64_string(b, 1)) == NULL)
-		fatal("%s: sshbuf_dtob64_string failed", __func__);
+		fatal_f("sshbuf_dtob64_string failed");
 
 	/* Comment + surrounds must fit into 72 chars (RFC 4716 sec 3.3) */
 	snprintf(comment, sizeof(comment),
@@ -388,7 +390,7 @@
 		break;
 #endif
 	default:
-		fatal("%s: unsupported key type %s", __func__, sshkey_type(k));
+		fatal_f("unsupported key type %s", sshkey_type(k));
 	}
 	exit(0);
 }
@@ -412,7 +414,7 @@
 		break;
 #endif
 	default:
-		fatal("%s: unsupported key type %s", __func__, sshkey_type(k));
+		fatal_f("unsupported key type %s", sshkey_type(k));
 	}
 	exit(0);
 }
@@ -441,7 +443,7 @@
 		do_convert_to_pem(k);
 		break;
 	default:
-		fatal("%s: unknown key format %d", __func__, convert_format);
+		fatal_f("unknown key format %d", convert_format);
 	}
 	exit(0);
 }
@@ -457,15 +459,15 @@
 	int r;
 
 	if ((r = sshbuf_get_u32(b, &bignum_bits)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	bytes = (bignum_bits + 7) / 8;
 	if (sshbuf_len(b) < bytes)
-		fatal("%s: input buffer too small: need %d have %zu",
-		    __func__, bytes, sshbuf_len(b));
+		fatal_f("input buffer too small: need %d have %zu",
+		    bytes, sshbuf_len(b));
 	if (BN_bin2bn(sshbuf_ptr(b), bytes, value) == NULL)
-		fatal("%s: BN_bin2bn failed", __func__);
+		fatal_f("BN_bin2bn failed");
 	if ((r = sshbuf_consume(b, bytes)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "consume");
 }
 
 static struct sshkey *
@@ -484,7 +486,7 @@
 	BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
 
 	if ((r = sshbuf_get_u32(b, &magic)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse magic");
 
 	if (magic != SSH_COM_PRIVATE_KEY_MAGIC) {
 		error("bad magic 0x%x != 0x%x", magic,
@@ -497,7 +499,7 @@
 	    (r = sshbuf_get_u32(b, &i2)) != 0 ||
 	    (r = sshbuf_get_u32(b, &i3)) != 0 ||
 	    (r = sshbuf_get_u32(b, &i4)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	debug("ignore (%d %d %d %d)", i1, i2, i3, i4);
 	if (strcmp(cipher, "none") != 0) {
 		error("unsupported cipher %s", cipher);
@@ -526,24 +528,24 @@
 		    (dsa_g = BN_new()) == NULL ||
 		    (dsa_pub_key = BN_new()) == NULL ||
 		    (dsa_priv_key = BN_new()) == NULL)
-			fatal("%s: BN_new", __func__);
+			fatal_f("BN_new");
 		buffer_get_bignum_bits(b, dsa_p);
 		buffer_get_bignum_bits(b, dsa_g);
 		buffer_get_bignum_bits(b, dsa_q);
 		buffer_get_bignum_bits(b, dsa_pub_key);
 		buffer_get_bignum_bits(b, dsa_priv_key);
 		if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g))
-			fatal("%s: DSA_set0_pqg failed", __func__);
+			fatal_f("DSA_set0_pqg failed");
 		dsa_p = dsa_q = dsa_g = NULL; /* transferred */
 		if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key))
-			fatal("%s: DSA_set0_key failed", __func__);
+			fatal_f("DSA_set0_key failed");
 		dsa_pub_key = dsa_priv_key = NULL; /* transferred */
 		break;
 	case KEY_RSA:
 		if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
 		    (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) ||
 		    (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0))
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse RSA");
 		e = e1;
 		debug("e %lx", e);
 		if (e < 30) {
@@ -555,7 +557,7 @@
 			debug("e %lx", e);
 		}
 		if ((rsa_e = BN_new()) == NULL)
-			fatal("%s: BN_new", __func__);
+			fatal_f("BN_new");
 		if (!BN_set_word(rsa_e, e)) {
 			BN_clear_free(rsa_e);
 			sshkey_free(key);
@@ -566,30 +568,30 @@
 		    (rsa_p = BN_new()) == NULL ||
 		    (rsa_q = BN_new()) == NULL ||
 		    (rsa_iqmp = BN_new()) == NULL)
-			fatal("%s: BN_new", __func__);
+			fatal_f("BN_new");
 		buffer_get_bignum_bits(b, rsa_d);
 		buffer_get_bignum_bits(b, rsa_n);
 		buffer_get_bignum_bits(b, rsa_iqmp);
 		buffer_get_bignum_bits(b, rsa_q);
 		buffer_get_bignum_bits(b, rsa_p);
 		if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d))
-			fatal("%s: RSA_set0_key failed", __func__);
+			fatal_f("RSA_set0_key failed");
 		rsa_n = rsa_e = rsa_d = NULL; /* transferred */
 		if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q))
-			fatal("%s: RSA_set0_factors failed", __func__);
+			fatal_f("RSA_set0_factors failed");
 		rsa_p = rsa_q = NULL; /* transferred */
 		if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
-			fatal("generate RSA parameters failed: %s", ssh_err(r));
+			fatal_fr(r, "generate RSA parameters");
 		BN_clear_free(rsa_iqmp);
 		break;
 	}
 	rlen = sshbuf_len(b);
 	if (rlen != 0)
-		error("%s: remaining bytes in key blob %d", __func__, rlen);
+		error_f("remaining bytes in key blob %d", rlen);
 
 	/* try the key */
 	if (sshkey_sign(key, &sig, &slen, data, sizeof(data),
-	    NULL, NULL, 0) != 0 ||
+	    NULL, NULL, NULL, 0) != 0 ||
 	    sshkey_verify(key, sig, slen, data, sizeof(data),
 	    NULL, 0, NULL) != 0) {
 		sshkey_free(key);
@@ -668,12 +670,12 @@
 	    (encoded[len-3] == '='))
 		encoded[len-3] = '\0';
 	if ((r = sshbuf_b64tod(buf, encoded)) != 0)
-		fatal("%s: base64 decoding failed: %s", __func__, ssh_err(r));
+		fatal_fr(r, "base64 decode");
 	if (*private) {
 		if ((*k = do_convert_private_ssh2(buf)) == NULL)
-			fatal("%s: private key conversion failed", __func__);
+			fatal_f("private key conversion failed");
 	} else if ((r = sshkey_fromb(buf, k)) != 0)
-		fatal("decode blob failed: %s", ssh_err(r));
+		fatal_fr(r, "parse key");
 	sshbuf_free(buf);
 	fclose(fp);
 }
@@ -687,7 +689,7 @@
 	if ((fp = fopen(identity_file, "r")) == NULL)
 		fatal("%s: %s: %s", __progname, identity_file, strerror(errno));
 	if ((pubkey = PEM_read_PUBKEY(fp, NULL, NULL, NULL)) == NULL) {
-		fatal("%s: %s is not a recognised public key format", __func__,
+		fatal_f("%s is not a recognised public key format",
 		    identity_file);
 	}
 	fclose(fp);
@@ -714,7 +716,7 @@
 		break;
 #endif
 	default:
-		fatal("%s: unsupported pubkey type %d", __func__,
+		fatal_f("unsupported pubkey type %d",
 		    EVP_PKEY_base_id(pubkey));
 	}
 	EVP_PKEY_free(pubkey);
@@ -737,7 +739,7 @@
 		fclose(fp);
 		return;
 	}
-	fatal("%s: unrecognised raw private key format", __func__);
+	fatal_f("unrecognised raw private key format");
 }
 
 static void
@@ -763,7 +765,7 @@
 		do_convert_from_pem(&k, &private);
 		break;
 	default:
-		fatal("%s: unknown key format %d", __func__, convert_format);
+		fatal_f("unknown key format %d", convert_format);
 	}
 
 	if (!private) {
@@ -788,8 +790,7 @@
 			    NULL, 0, NULL, NULL);
 			break;
 		default:
-			fatal("%s: unsupported key type %s", __func__,
-			    sshkey_type(k));
+			fatal_f("unsupported key type %s", sshkey_type(k));
 		}
 	}
 
@@ -814,11 +815,15 @@
 		fatal("%s: %s", identity_file, strerror(errno));
 	prv = load_identity(identity_file, &comment);
 	if ((r = sshkey_write(prv, stdout)) != 0)
-		error("sshkey_write failed: %s", ssh_err(r));
-	sshkey_free(prv);
+		fatal_fr(r, "write key");
 	if (comment != NULL && *comment != '\0')
 		fprintf(stdout, " %s", comment);
 	fprintf(stdout, "\n");
+	if (sshkey_is_sk(prv)) {
+		debug("sk_application: \"%s\", sk_flags 0x%02x",
+			prv->sk_application, prv->sk_flags);
+	}
+	sshkey_free(prv);
 	free(comment);
 	exit(0);
 }
@@ -846,7 +851,7 @@
 			ra = sshkey_fingerprint(keys[i], fingerprint_hash,
 			    SSH_FP_RANDOMART);
 			if (fp == NULL || ra == NULL)
-				fatal("%s: sshkey_fingerprint fail", __func__);
+				fatal_f("sshkey_fingerprint fail");
 			printf("%u %s %s (PKCS11 key)\n", sshkey_size(keys[i]),
 			    fp, sshkey_type(keys[i]));
 			if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
@@ -897,7 +902,7 @@
 	fp = sshkey_fingerprint(public, fptype, rep);
 	ra = sshkey_fingerprint(public, fingerprint_hash, SSH_FP_RANDOMART);
 	if (fp == NULL || ra == NULL)
-		fatal("%s: sshkey_fingerprint failed", __func__);
+		fatal_f("sshkey_fingerprint failed");
 	mprintf("%u %s %s (%s)\n", sshkey_size(public), fp,
 	    comment ? comment : "no comment", sshkey_type(public));
 	if (log_level_get() >= SYSLOG_LEVEL_VERBOSE)
@@ -917,12 +922,12 @@
 	if (stat(identity_file, &st) == -1)
 		fatal("%s: %s", path, strerror(errno));
 	if ((r = sshkey_load_public(path, &pubkey, &comment)) != 0)
-		debug("load public \"%s\": %s", path, ssh_err(r));
+		debug_r(r, "load public \"%s\"", path);
 	if (pubkey == NULL || comment == NULL || *comment == '\0') {
 		free(comment);
 		if ((r = sshkey_load_private(path, NULL,
 		    &privkey, &comment)) != 0)
-			debug("load private \"%s\": %s", path, ssh_err(r));
+			debug_r(r, "load private \"%s\"", path);
 	}
 	if (pubkey == NULL && privkey == NULL)
 		fatal("%s is not a key file.", path);
@@ -1102,18 +1107,17 @@
 		bits = 0;
 		type_bits_valid(type, NULL, &bits);
 		if ((r = sshkey_generate(type, bits, &private)) != 0) {
-			error("sshkey_generate failed: %s", ssh_err(r));
+			error_r(r, "sshkey_generate failed");
 			goto failnext;
 		}
 		if ((r = sshkey_from_private(private, &public)) != 0)
-			fatal("sshkey_from_private failed: %s", ssh_err(r));
+			fatal_fr(r, "sshkey_from_private");
 		snprintf(comment, sizeof comment, "%s@%s", pw->pw_name,
 		    hostname);
 		if ((r = sshkey_save_private(private, prv_tmp, "",
 		    comment, private_key_format, openssh_format_cipher,
 		    rounds)) != 0) {
-			error("Saving key \"%s\" failed: %s",
-			    prv_tmp, ssh_err(r));
+			error_r(r, "Saving key \"%s\" failed", prv_tmp);
 			goto failnext;
 		}
 		if ((fd = mkstemp(pub_tmp)) == -1) {
@@ -1124,8 +1128,8 @@
 		(void)fchmod(fd, 0644);
 		(void)close(fd);
 		if ((r = sshkey_save_public(public, pub_tmp, comment)) != 0) {
-			fatal("Unable to save public key to %s: %s",
-			    identity_file, ssh_err(r));
+			error_r(r, "Unable to save public key to %s",
+			    identity_file);
 			goto failnext;
 		}
 
@@ -1259,8 +1263,7 @@
 				ra = sshkey_fingerprint(l->key,
 				    fingerprint_hash, SSH_FP_RANDOMART);
 				if (fp == NULL || ra == NULL)
-					fatal("%s: sshkey_fingerprint failed",
-					    __func__);
+					fatal_f("sshkey_fingerprint failed");
 				mprintf("%s %s %s%s%s\n", ctx->host,
 				    sshkey_type(l->key), fp,
 				    l->comment[0] ? " " : "",
@@ -1292,6 +1295,7 @@
 	int r, fd, oerrno, inplace = 0;
 	struct known_hosts_ctx ctx;
 	u_int foreach_options;
+	struct stat sb;
 
 	if (!have_identity) {
 		cp = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
@@ -1301,6 +1305,8 @@
 		free(cp);
 		have_identity = 1;
 	}
+	if (stat(identity_file, &sb) != 0)
+		fatal("Cannot stat %s: %s", identity_file, strerror(errno));
 
 	memset(&ctx, 0, sizeof(ctx));
 	ctx.out = stdout;
@@ -1327,6 +1333,7 @@
 			unlink(tmp);
 			fatal("fdopen: %s", strerror(oerrno));
 		}
+		fchmod(fd, sb.st_mode & 0644);
 		inplace = 1;
 	}
 	/* XXX support identity_file == "-" for stdin */
@@ -1334,10 +1341,10 @@
 	foreach_options |= print_fingerprint ? HKF_WANT_PARSE_KEY : 0;
 	if ((r = hostkeys_foreach(identity_file, (find_host || !hash_hosts) ?
 	    known_hosts_find_delete : known_hosts_hash, &ctx, name, NULL,
-	    foreach_options)) != 0) {
+	    foreach_options, 0)) != 0) {
 		if (inplace)
 			unlink(tmp);
-		fatal("%s: hostkeys_foreach failed: %s", __func__, ssh_err(r));
+		fatal_fr(r, "hostkeys_foreach");
 	}
 
 	if (inplace)
@@ -1416,7 +1423,7 @@
 			goto badkey;
 	} else if (r != 0) {
  badkey:
-		fatal("Failed to load key %s: %s", identity_file, ssh_err(r));
+		fatal_r(r, "Failed to load key %s", identity_file);
 	}
 	if (comment)
 		mprintf("Key has comment '%s'\n", comment);
@@ -1448,8 +1455,7 @@
 	/* Save the file using the new passphrase. */
 	if ((r = sshkey_save_private(private, identity_file, passphrase1,
 	    comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
-		error("Saving key \"%s\" failed: %s.",
-		    identity_file, ssh_err(r));
+		error_r(r, "Saving key \"%s\" failed", identity_file);
 		freezero(passphrase1, strlen(passphrase1));
 		sshkey_free(private);
 		free(comment);
@@ -1477,15 +1483,14 @@
 	int r;
 
 	if (fname == NULL)
-		fatal("%s: no filename", __func__);
+		fatal_f("no filename");
 	if (stat(fname, &st) == -1) {
 		if (errno == ENOENT)
 			return 0;
 		fatal("%s: %s", fname, strerror(errno));
 	}
 	if ((r = sshkey_load_public(fname, &public, &comment)) != 0)
-		fatal("Failed to read v2 public key from \"%s\": %s.",
-		    fname, ssh_err(r));
+		fatal_r(r, "Failed to read v2 public key from \"%s\"", fname);
 	export_dns_rr(hname, public, stdout, print_generic);
 	sshkey_free(public);
 	free(comment);
@@ -1512,8 +1517,7 @@
 	    &private, &comment)) == 0)
 		passphrase = xstrdup("");
 	else if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
-		fatal("Cannot load private key \"%s\": %s.",
-		    identity_file, ssh_err(r));
+		fatal_r(r, "Cannot load private key \"%s\"", identity_file);
 	else {
 		if (identity_passphrase)
 			passphrase = xstrdup(identity_passphrase);
@@ -1526,8 +1530,8 @@
 		if ((r = sshkey_load_private(identity_file, passphrase,
 		    &private, &comment)) != 0) {
 			freezero(passphrase, strlen(passphrase));
-			fatal("Cannot load private key \"%s\": %s.",
-			    identity_file, ssh_err(r));
+			fatal_r(r, "Cannot load private key \"%s\"",
+			    identity_file);
 		}
 	}
 
@@ -1568,8 +1572,7 @@
 	if ((r = sshkey_save_private(private, identity_file, passphrase,
 	    new_comment, private_key_format, openssh_format_cipher,
 	    rounds)) != 0) {
-		error("Saving key \"%s\" failed: %s",
-		    identity_file, ssh_err(r));
+		error_r(r, "Saving key \"%s\" failed", identity_file);
 		freezero(passphrase, strlen(passphrase));
 		sshkey_free(private);
 		free(comment);
@@ -1577,14 +1580,12 @@
 	}
 	freezero(passphrase, strlen(passphrase));
 	if ((r = sshkey_from_private(private, &public)) != 0)
-		fatal("sshkey_from_private failed: %s", ssh_err(r));
+		fatal_fr(r, "sshkey_from_private");
 	sshkey_free(private);
 
 	strlcat(identity_file, ".pub", sizeof(identity_file));
-	if ((r = sshkey_save_public(public, identity_file, new_comment)) != 0) {
-		fatal("Unable to save public key to %s: %s",
-		    identity_file, ssh_err(r));
-	}
+	if ((r = sshkey_save_public(public, identity_file, new_comment)) != 0)
+		fatal_r(r, "Unable to save public key to %s", identity_file);
 	sshkey_free(public);
 	free(comment);
 
@@ -1597,31 +1598,32 @@
 }
 
 static void
-add_flag_option(struct sshbuf *c, const char *name)
+cert_ext_add(const char *key, const char *value, int iscrit)
 {
-	int r;
-
-	debug3("%s: %s", __func__, name);
-	if ((r = sshbuf_put_cstring(c, name)) != 0 ||
-	    (r = sshbuf_put_string(c, NULL, 0)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+	cert_ext = xreallocarray(cert_ext, ncert_ext + 1, sizeof(*cert_ext));
+	cert_ext[ncert_ext].key = xstrdup(key);
+	cert_ext[ncert_ext].val = value == NULL ? NULL : xstrdup(value);
+	cert_ext[ncert_ext].crit = iscrit;
+	ncert_ext++;
 }
 
-static void
-add_string_option(struct sshbuf *c, const char *name, const char *value)
+/* qsort(3) comparison function for certificate extensions */
+static int
+cert_ext_cmp(const void *_a, const void *_b)
 {
-	struct sshbuf *b;
+	const struct cert_ext *a = (const struct cert_ext *)_a;
+	const struct cert_ext *b = (const struct cert_ext *)_b;
 	int r;
 
-	debug3("%s: %s=%s", __func__, name, value);
-	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
-	if ((r = sshbuf_put_cstring(b, value)) != 0 ||
-	    (r = sshbuf_put_cstring(c, name)) != 0 ||
-	    (r = sshbuf_put_stringb(c, b)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-
-	sshbuf_free(b);
+	if (a->crit != b->crit)
+		return (a->crit < b->crit) ? -1 : 1;
+	if ((r = strcmp(a->key, b->key)) != 0)
+		return r;
+	if ((a->val == NULL) != (b->val == NULL))
+		return (a->val == NULL) ? -1 : 1;
+	if (a->val != NULL && (r = strcmp(a->val, b->val)) != 0)
+		return r;
+	return 0;
 }
 
 #define OPTIONS_CRITICAL	1
@@ -1629,44 +1631,62 @@
 static void
 prepare_options_buf(struct sshbuf *c, int which)
 {
+	struct sshbuf *b;
 	size_t i;
+	int r;
+	const struct cert_ext *ext;
 
+	if ((b = sshbuf_new()) == NULL)
+		fatal_f("sshbuf_new failed");
 	sshbuf_reset(c);
-	if ((which & OPTIONS_CRITICAL) != 0 &&
-	    certflags_command != NULL)
-		add_string_option(c, "force-command", certflags_command);
-	if ((which & OPTIONS_EXTENSIONS) != 0 &&
-	    (certflags_flags & CERTOPT_X_FWD) != 0)
-		add_flag_option(c, "permit-X11-forwarding");
-	if ((which & OPTIONS_EXTENSIONS) != 0 &&
-	    (certflags_flags & CERTOPT_AGENT_FWD) != 0)
-		add_flag_option(c, "permit-agent-forwarding");
-	if ((which & OPTIONS_EXTENSIONS) != 0 &&
-	    (certflags_flags & CERTOPT_PORT_FWD) != 0)
-		add_flag_option(c, "permit-port-forwarding");
-	if ((which & OPTIONS_EXTENSIONS) != 0 &&
-	    (certflags_flags & CERTOPT_PTY) != 0)
-		add_flag_option(c, "permit-pty");
-	if ((which & OPTIONS_EXTENSIONS) != 0 &&
-	    (certflags_flags & CERTOPT_USER_RC) != 0)
-		add_flag_option(c, "permit-user-rc");
-	if ((which & OPTIONS_EXTENSIONS) != 0 &&
-	    (certflags_flags & CERTOPT_NO_REQUIRE_USER_PRESENCE) != 0)
-		add_flag_option(c, "no-touch-required");
-	if ((which & OPTIONS_CRITICAL) != 0 &&
-	    certflags_src_addr != NULL)
-		add_string_option(c, "source-address", certflags_src_addr);
-	for (i = 0; i < ncert_userext; i++) {
-		if ((cert_userext[i].crit && (which & OPTIONS_EXTENSIONS)) ||
-		    (!cert_userext[i].crit && (which & OPTIONS_CRITICAL)))
+	for (i = 0; i < ncert_ext; i++) {
+		ext = &cert_ext[i];
+		if ((ext->crit && (which & OPTIONS_EXTENSIONS)) ||
+		    (!ext->crit && (which & OPTIONS_CRITICAL)))
 			continue;
-		if (cert_userext[i].val == NULL)
-			add_flag_option(c, cert_userext[i].key);
-		else {
-			add_string_option(c, cert_userext[i].key,
-			    cert_userext[i].val);
+		if (ext->val == NULL) {
+			/* flag option */
+			debug3_f("%s", ext->key);
+			if ((r = sshbuf_put_cstring(c, ext->key)) != 0 ||
+			    (r = sshbuf_put_string(c, NULL, 0)) != 0)
+				fatal_fr(r, "prepare flag");
+		} else {
+			/* key/value option */
+			debug3_f("%s=%s", ext->key, ext->val);
+			sshbuf_reset(b);
+			if ((r = sshbuf_put_cstring(c, ext->key)) != 0 ||
+			    (r = sshbuf_put_cstring(b, ext->val)) != 0 ||
+			    (r = sshbuf_put_stringb(c, b)) != 0)
+				fatal_fr(r, "prepare k/v");
 		}
 	}
+	sshbuf_free(b);
+}
+
+static void
+finalise_cert_exts(void)
+{
+	/* critical options */
+	if (certflags_command != NULL)
+		cert_ext_add("force-command", certflags_command, 1);
+	if (certflags_src_addr != NULL)
+		cert_ext_add("source-address", certflags_src_addr, 1);
+	/* extensions */
+	if ((certflags_flags & CERTOPT_X_FWD) != 0)
+		cert_ext_add("permit-X11-forwarding", NULL, 0);
+	if ((certflags_flags & CERTOPT_AGENT_FWD) != 0)
+		cert_ext_add("permit-agent-forwarding", NULL, 0);
+	if ((certflags_flags & CERTOPT_PORT_FWD) != 0)
+		cert_ext_add("permit-port-forwarding", NULL, 0);
+	if ((certflags_flags & CERTOPT_PTY) != 0)
+		cert_ext_add("permit-pty", NULL, 0);
+	if ((certflags_flags & CERTOPT_USER_RC) != 0)
+		cert_ext_add("permit-user-rc", NULL, 0);
+	if ((certflags_flags & CERTOPT_NO_REQUIRE_USER_PRESENCE) != 0)
+		cert_ext_add("no-touch-required", NULL, 0);
+	/* order lexically by key */
+	if (ncert_ext > 0)
+		qsort(cert_ext, ncert_ext, sizeof(*cert_ext), cert_ext_cmp);
 }
 
 static struct sshkey *
@@ -1677,12 +1697,11 @@
 	int r, i, nkeys;
 
 	if ((r = sshkey_load_public(path, &public, NULL)) != 0)
-		fatal("Couldn't load CA public key \"%s\": %s",
-		    path, ssh_err(r));
+		fatal_r(r, "Couldn't load CA public key \"%s\"", path);
 
 	nkeys = pkcs11_add_provider(pkcs11provider, identity_passphrase,
 	    &keys, NULL);
-	debug3("%s: %d keys", __func__, nkeys);
+	debug3_f("%d keys", nkeys);
 	if (nkeys <= 0)
 		fatal("cannot read public key from pkcs11");
 	for (i = 0; i < nkeys; i++) {
@@ -1704,7 +1723,8 @@
 static int
 agent_signer(struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen,
-    const char *alg, const char *provider, u_int compat, void *ctx)
+    const char *alg, const char *provider, const char *pin,
+    u_int compat, void *ctx)
 {
 	int *agent_fdp = (int *)ctx;
 
@@ -1721,7 +1741,7 @@
 	u_int n;
 	struct sshkey *ca, *public;
 	char valid[64], *otmp, *tmp, *cp, *out, *comment;
-	char *ca_fp = NULL, **plist = NULL;
+	char *ca_fp = NULL, **plist = NULL, *pin = NULL;
 	struct ssh_identitylist *agent_ids;
 	size_t j;
 	struct notifier_ctx *notifier = NULL;
@@ -1741,13 +1761,11 @@
 		 * agent.
 		 */
 		if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0)
-			fatal("Cannot load CA public key %s: %s",
-			    tmp, ssh_err(r));
+			fatal_r(r, "Cannot load CA public key %s", tmp);
 		if ((r = ssh_get_authentication_socket(&agent_fd)) != 0)
-			fatal("Cannot use public key for CA signature: %s",
-			    ssh_err(r));
+			fatal_r(r, "Cannot use public key for CA signature");
 		if ((r = ssh_fetch_identitylist(agent_fd, &agent_ids)) != 0)
-			fatal("Retrieve agent key list: %s", ssh_err(r));
+			fatal_r(r, "Retrieve agent key list");
 		found = 0;
 		for (j = 0; j < agent_ids->nkeys; j++) {
 			if (sshkey_equal(ca, agent_ids->keys[j])) {
@@ -1762,6 +1780,12 @@
 	} else {
 		/* CA key is assumed to be a private key on the filesystem */
 		ca = load_identity(tmp, NULL);
+		if (sshkey_is_sk(ca) &&
+		    (ca->sk_flags & SSH_SK_USER_VERIFICATION_REQD)) {
+			if ((pin = read_passphrase("Enter PIN for CA key: ",
+			    RP_ALLOW_STDIN)) == NULL)
+				fatal_f("couldn't read PIN");
+		}
 	}
 	free(tmp);
 
@@ -1776,6 +1800,7 @@
 	}
 	ca_fp = sshkey_fingerprint(ca, fingerprint_hash, SSH_FP_DEFAULT);
 
+	finalise_cert_exts();
 	for (i = 0; i < argc; i++) {
 		/* Split list of principals */
 		n = 0;
@@ -1794,16 +1819,14 @@
 
 		tmp = tilde_expand_filename(argv[i], pw->pw_uid);
 		if ((r = sshkey_load_public(tmp, &public, &comment)) != 0)
-			fatal("%s: unable to open \"%s\": %s",
-			    __func__, tmp, ssh_err(r));
+			fatal_r(r, "load pubkey \"%s\"", tmp);
 		if (sshkey_is_cert(public))
-			fatal("%s: key \"%s\" type %s cannot be certified",
-			    __func__, tmp, sshkey_type(public));
+			fatal_f("key \"%s\" type %s cannot be certified",
+			    tmp, sshkey_type(public));
 
 		/* Prepare certificate to sign */
 		if ((r = sshkey_to_certified(public)) != 0)
-			fatal("Could not upgrade key %s to certificate: %s",
-			    tmp, ssh_err(r));
+			fatal_r(r, "Could not upgrade key %s to certificate", tmp);
 		public->cert->type = cert_key_type;
 		public->cert->serial = (u_int64_t)cert_serial;
 		public->cert->key_id = xstrdup(cert_key_id);
@@ -1816,14 +1839,13 @@
 		    OPTIONS_EXTENSIONS);
 		if ((r = sshkey_from_private(ca,
 		    &public->cert->signature_key)) != 0)
-			fatal("sshkey_from_private (ca key): %s", ssh_err(r));
+			fatal_r(r, "sshkey_from_private (ca key)");
 
 		if (agent_fd != -1 && (ca->flags & SSHKEY_FLAG_EXT) != 0) {
 			if ((r = sshkey_certify_custom(public, ca,
-			    key_type_name, sk_provider, agent_signer,
+			    key_type_name, sk_provider, NULL, agent_signer,
 			    &agent_fd)) != 0)
-				fatal("Couldn't certify key %s via agent: %s",
-				    tmp, ssh_err(r));
+				fatal_r(r, "Couldn't certify %s via agent", tmp);
 		} else {
 			if (sshkey_is_sk(ca) &&
 			    (ca->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
@@ -1832,11 +1854,10 @@
 				    sshkey_type(ca), ca_fp);
 			}
 			r = sshkey_certify(public, ca, key_type_name,
-			    sk_provider);
-			notify_complete(notifier);
+			    sk_provider, pin);
+			notify_complete(notifier, "User presence confirmed");
 			if (r != 0)
-				fatal("Couldn't certify key %s: %s",
-				    tmp, ssh_err(r));
+				fatal_r(r, "Couldn't certify key %s", tmp);
 		}
 
 		if ((cp = strrchr(tmp, '.')) != NULL && strcmp(cp, ".pub") == 0)
@@ -1845,8 +1866,8 @@
 		free(tmp);
 
 		if ((r = sshkey_save_public(public, out, comment)) != 0) {
-			fatal("Unable to save public key to %s: %s",
-			    identity_file, ssh_err(r));
+			fatal_r(r, "Unable to save public key to %s",
+			    identity_file);
 		}
 
 		if (!quiet) {
@@ -1866,6 +1887,8 @@
 		if (cert_serial_autoinc)
 			cert_serial++;
 	}
+	if (pin != NULL)
+		freezero(pin, strlen(pin));
 	free(ca_fp);
 #ifdef ENABLE_PKCS11
 	pkcs11_terminate();
@@ -1986,17 +2009,12 @@
 			fatal("Invalid source-address list");
 		certflags_src_addr = xstrdup(val);
 	} else if (strncasecmp(opt, "extension:", 10) == 0 ||
-		   (iscrit = (strncasecmp(opt, "critical:", 9) == 0))) {
+		    (iscrit = (strncasecmp(opt, "critical:", 9) == 0))) {
 		val = xstrdup(strchr(opt, ':') + 1);
 		if ((cp = strchr(val, '=')) != NULL)
 			*cp++ = '\0';
-		cert_userext = xreallocarray(cert_userext, ncert_userext + 1,
-		    sizeof(*cert_userext));
-		cert_userext[ncert_userext].key = val;
-		cert_userext[ncert_userext].val = cp == NULL ?
-		    NULL : xstrdup(cp);
-		cert_userext[ncert_userext].crit = iscrit;
-		ncert_userext++;
+		cert_ext_add(val, cp, iscrit);
+		free(val);
 	} else
 		fatal("Unsupported certificate option \"%s\"", opt);
 }
@@ -2004,18 +2022,18 @@
 static void
 show_options(struct sshbuf *optbuf, int in_critical)
 {
-	char *name, *arg;
+	char *name, *arg, *hex;
 	struct sshbuf *options, *option = NULL;
 	int r;
 
 	if ((options = sshbuf_fromb(optbuf)) == NULL)
-		fatal("%s: sshbuf_fromb failed", __func__);
+		fatal_f("sshbuf_fromb failed");
 	while (sshbuf_len(options) != 0) {
 		sshbuf_free(option);
 		option = NULL;
 		if ((r = sshbuf_get_cstring(options, &name, NULL)) != 0 ||
 		    (r = sshbuf_froms(options, &option)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse option");
 		printf("                %s", name);
 		if (!in_critical &&
 		    (strcmp(name, "permit-X11-forwarding") == 0 ||
@@ -2029,15 +2047,17 @@
 		    (strcmp(name, "force-command") == 0 ||
 		    strcmp(name, "source-address") == 0)) {
 			if ((r = sshbuf_get_cstring(option, &arg, NULL)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse critical");
 			printf(" %s\n", arg);
 			free(arg);
-		} else {
-			printf(" UNKNOWN OPTION (len %zu)\n",
-			    sshbuf_len(option));
+		} else if (sshbuf_len(option) > 0) {
+			hex = sshbuf_dtob16(option);
+			printf(" UNKNOWN OPTION: %s (len %zu)\n",
+			    hex, sshbuf_len(option));
 			sshbuf_reset(option);
-		}
+			free(hex);
+		} else
+			printf(" UNKNOWN FLAG OPTION\n");
 		free(name);
 		if (sshbuf_len(option) != 0)
 			fatal("Option corrupt: extra data at end");
@@ -2056,7 +2076,7 @@
 	ca_fp = sshkey_fingerprint(key->cert->signature_key,
 	    fingerprint_hash, SSH_FP_DEFAULT);
 	if (key_fp == NULL || ca_fp == NULL)
-		fatal("%s: sshkey_fingerprint fail", __func__);
+		fatal_f("sshkey_fingerprint fail");
 	sshkey_format_cert_validity(key->cert, valid, sizeof(valid));
 
 	printf("        Type: %s %s certificate\n", sshkey_ssh_name(key),
@@ -2129,8 +2149,7 @@
 		if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
 			fatal("sshkey_new");
 		if ((r = sshkey_read(key, &cp)) != 0) {
-			error("%s:%lu: invalid key: %s", path,
-			    lnum, ssh_err(r));
+			error_r(r, "%s:%lu: invalid key", path, lnum);
 			continue;
 		}
 		if (!sshkey_is_cert(key)) {
@@ -2157,11 +2176,11 @@
 	int r;
 
 	if ((r = sshbuf_load_file(path, &krlbuf)) != 0)
-		fatal("Unable to load KRL: %s", ssh_err(r));
+		fatal_r(r, "Unable to load KRL %s", path);
 	/* XXX check sigs */
 	if ((r = ssh_krl_from_blob(krlbuf, krlp, NULL, 0)) != 0 ||
 	    *krlp == NULL)
-		fatal("Invalid KRL file: %s", ssh_err(r));
+		fatal_r(r, "Invalid KRL file %s", path);
 	sshbuf_free(krlbuf);
 }
 
@@ -2190,9 +2209,9 @@
 		tmp[tlen] = '\0';
 	}
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_b64tod(b, tmp)) != 0)
-		fatal("%s:%lu: decode hash failed: %s", file, lnum, ssh_err(r));
+		fatal_r(r, "%s:%lu: decode hash failed", file, lnum);
 	free(tmp);
 	*lenp = sshbuf_len(b);
 	*blobp = xmalloc(*lenp);
@@ -2278,8 +2297,7 @@
 			}
 			if (ssh_krl_revoke_cert_by_serial_range(krl,
 			    ca, serial, serial2) != 0) {
-				fatal("%s: revoke serial failed",
-				    __func__);
+				fatal_f("revoke serial failed");
 			}
 		} else if (strncasecmp(cp, "id:", 3) == 0) {
 			if (ca == NULL && !wild_ca) {
@@ -2289,15 +2307,14 @@
 			cp += 3;
 			cp = cp + strspn(cp, " \t");
 			if (ssh_krl_revoke_cert_by_key_id(krl, ca, cp) != 0)
-				fatal("%s: revoke key ID failed", __func__);
+				fatal_f("revoke key ID failed");
 		} else if (strncasecmp(cp, "hash:", 5) == 0) {
 			cp += 5;
 			cp = cp + strspn(cp, " \t");
 			hash_to_blob(cp, &blob, &blen, file, lnum);
 			r = ssh_krl_revoke_key_sha256(krl, blob, blen);
 			if (r != 0)
-				fatal("%s: revoke key failed: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "revoke key failed");
 		} else {
 			if (strncasecmp(cp, "key:", 4) == 0) {
 				cp += 4;
@@ -2319,8 +2336,7 @@
 			if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
 				fatal("sshkey_new");
 			if ((r = sshkey_read(key, &cp)) != 0)
-				fatal("%s:%lu: invalid key: %s",
-				    path, lnum, ssh_err(r));
+				fatal_r(r, "%s:%lu: invalid key", path, lnum);
 			if (was_explicit_key)
 				r = ssh_krl_revoke_key_explicit(krl, key);
 			else if (was_sha1) {
@@ -2340,8 +2356,7 @@
 			} else
 				r = ssh_krl_revoke_key(krl, key);
 			if (r != 0)
-				fatal("%s: revoke key failed: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "revoke key failed");
 			freezero(blob, blen);
 			blob = NULL;
 			blen = 0;
@@ -2381,8 +2396,7 @@
 		else {
 			tmp = tilde_expand_filename(ca_key_path, pw->pw_uid);
 			if ((r = sshkey_load_public(tmp, &ca, NULL)) != 0)
-				fatal("Cannot load CA public key %s: %s",
-				    tmp, ssh_err(r));
+				fatal_r(r, "Cannot load CA public key %s", tmp);
 			free(tmp);
 		}
 	}
@@ -2426,8 +2440,7 @@
 		krl_dump(krl, stdout);
 	for (i = 0; i < argc; i++) {
 		if ((r = sshkey_load_public(argv[i], &k, &comment)) != 0)
-			fatal("Cannot load public key %s: %s",
-			    argv[i], ssh_err(r));
+			fatal_r(r, "Cannot load public key %s", argv[i]);
 		r = ssh_krl_check_key(krl, k);
 		printf("%s%s%s%s: %s\n", argv[i],
 		    *comment ? " (" : "", comment, *comment ? ")" : "",
@@ -2461,8 +2474,8 @@
 		    strcmp(privpath + plen - slen, suffixes[i]) != 0)
 			continue;
 		privpath[plen - slen] = '\0';
-		debug("%s: %s looks like a public key, using private key "
-		    "path %s instead", __func__, keypath, privpath);
+		debug_f("%s looks like a public key, using private key "
+		    "path %s instead", keypath, privpath);
 	}
 	if ((privkey = load_identity(privpath, NULL)) == NULL) {
 		error("Couldn't load identity %s", keypath);
@@ -2479,12 +2492,11 @@
 		 * it capable of signing.
 		 */
 		if ((r = sshkey_to_certified(privkey)) != 0) {
-			error("%s: sshkey_to_certified: %s", __func__,
-			    ssh_err(r));
+			error_fr(r, "sshkey_to_certified");
 			goto done;
 		}
 		if ((r = sshkey_cert_copy(pubkey, privkey)) != 0) {
-			error("%s: sshkey_cert_copy: %s", __func__, ssh_err(r));
+			error_fr(r, "sshkey_cert_copy");
 			goto done;
 		}
 	}
@@ -2504,6 +2516,7 @@
 	struct sshbuf *sigbuf = NULL, *abuf = NULL;
 	int r = SSH_ERR_INTERNAL_ERROR, wfd = -1, oerrno;
 	char *wfile = NULL, *asig = NULL, *fp = NULL;
+	char *pin = NULL, *prompt = NULL;
 
 	if (!quiet) {
 		if (fd == STDIN_FILENO)
@@ -2511,26 +2524,34 @@
 		else
 			fprintf(stderr, "Signing file %s\n", filename);
 	}
-	if (signer == NULL && sshkey_is_sk(signkey) &&
-	    (signkey->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
-		if ((fp = sshkey_fingerprint(signkey, fingerprint_hash,
-		    SSH_FP_DEFAULT)) == NULL)
-			fatal("%s: sshkey_fingerprint failed", __func__);
-		fprintf(stderr, "Confirm user presence for key %s %s\n",
-		    sshkey_type(signkey), fp);
-		free(fp);
+	if (signer == NULL && sshkey_is_sk(signkey)) {
+		if ((signkey->sk_flags & SSH_SK_USER_VERIFICATION_REQD)) {
+			xasprintf(&prompt, "Enter PIN for %s key: ",
+			    sshkey_type(signkey));
+			if ((pin = read_passphrase(prompt,
+			    RP_ALLOW_STDIN)) == NULL)
+				fatal_f("couldn't read PIN");
+		}
+		if ((signkey->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
+			if ((fp = sshkey_fingerprint(signkey, fingerprint_hash,
+			    SSH_FP_DEFAULT)) == NULL)
+				fatal_f("fingerprint failed");
+			fprintf(stderr, "Confirm user presence for key %s %s\n",
+			    sshkey_type(signkey), fp);
+			free(fp);
+		}
 	}
-	if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, fd, sig_namespace,
-	    &sigbuf, signer, signer_ctx)) != 0) {
-		error("Signing %s failed: %s", filename, ssh_err(r));
+	if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, pin,
+	    fd, sig_namespace, &sigbuf, signer, signer_ctx)) != 0) {
+		error_r(r, "Signing %s failed", filename);
 		goto out;
 	}
 	if ((r = sshsig_armor(sigbuf, &abuf)) != 0) {
-		error("%s: sshsig_armor: %s", __func__, ssh_err(r));
+		error_fr(r, "sshsig_armor");
 		goto out;
 	}
 	if ((asig = sshbuf_dup_string(abuf)) == NULL) {
-		error("%s: buffer error", __func__);
+		error_f("buffer error");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -2569,7 +2590,10 @@
 	r = 0;
  out:
 	free(wfile);
+	free(prompt);
 	free(asig);
+	if (pin != NULL)
+		freezero(pin, strlen(pin));
 	sshbuf_free(abuf);
 	sshbuf_free(sigbuf);
 	if (wfd != -1)
@@ -2594,17 +2618,17 @@
 	}
 
 	if ((r = sshkey_load_public(keypath, &pubkey, NULL)) != 0) {
-		error("Couldn't load public key %s: %s", keypath, ssh_err(r));
+		error_r(r, "Couldn't load public key %s", keypath);
 		goto done;
 	}
 
 	if ((r = ssh_get_authentication_socket(&agent_fd)) != 0)
-		debug("Couldn't get agent socket: %s", ssh_err(r));
+		debug_r(r, "Couldn't get agent socket");
 	else {
 		if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0)
 			signer = agent_signer;
 		else
-			debug("Couldn't find key in agent: %s", ssh_err(r));
+			debug_r(r, "Couldn't find key in agent");
 	}
 
 	if (signer == NULL) {
@@ -2649,23 +2673,64 @@
 }
 
 static int
+sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep,
+    int *print_pubkey)
+{
+	size_t i;
+	time_t now;
+
+	*verify_timep = 0;
+	if (print_pubkey != NULL)
+		*print_pubkey = 0;
+	for (i = 0; i < nopts; i++) {
+		if (strncasecmp(opts[i], "verify-time=", 12) == 0) {
+			if (parse_absolute_time(opts[i] + 12,
+			    verify_timep) != 0 || *verify_timep == 0) {
+				error("Invalid \"verify-time\" option");
+				return SSH_ERR_INVALID_ARGUMENT;
+			}
+		} else if (print_pubkey &&
+		    strcasecmp(opts[i], "print-pubkey") == 0) {
+			*print_pubkey = 1;
+		} else {
+			error("Invalid option \"%s\"", opts[i]);
+			return SSH_ERR_INVALID_ARGUMENT;
+		}
+	}
+	if (*verify_timep == 0) {
+		if ((now = time(NULL)) < 0) {
+			error("Time is before epoch");
+			return SSH_ERR_INVALID_ARGUMENT;
+		}
+		*verify_timep = (uint64_t)now;
+	}
+	return 0;
+}
+
+static int
 sig_verify(const char *signature, const char *sig_namespace,
-    const char *principal, const char *allowed_keys, const char *revoked_keys)
+    const char *principal, const char *allowed_keys, const char *revoked_keys,
+    char * const *opts, size_t nopts)
 {
 	int r, ret = -1;
+	int print_pubkey = 0;
 	struct sshbuf *sigbuf = NULL, *abuf = NULL;
 	struct sshkey *sign_key = NULL;
 	char *fp = NULL;
 	struct sshkey_sig_details *sig_details = NULL;
+	uint64_t verify_time = 0;
+
+	if (sig_process_opts(opts, nopts, &verify_time, &print_pubkey) != 0)
+		goto done; /* error already logged */
 
 	memset(&sig_details, 0, sizeof(sig_details));
 	if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
-		error("Couldn't read signature file: %s", ssh_err(r));
+		error_r(r, "Couldn't read signature file");
 		goto done;
 	}
 
 	if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) {
-		error("%s: sshsig_armor: %s", __func__, ssh_err(r));
+		error_fr(r, "sshsig_armor");
 		goto done;
 	}
 	if ((r = sshsig_verify_fd(sigbuf, STDIN_FILENO, sig_namespace,
@@ -2674,26 +2739,25 @@
 
 	if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
 	    SSH_FP_DEFAULT)) == NULL)
-		fatal("%s: sshkey_fingerprint failed", __func__);
+		fatal_f("sshkey_fingerprint failed");
 	debug("Valid (unverified) signature from key %s", fp);
 	if (sig_details != NULL) {
-		debug2("%s: signature details: counter = %u, flags = 0x%02x",
-		    __func__, sig_details->sk_counter, sig_details->sk_flags);
+		debug2_f("signature details: counter = %u, flags = 0x%02x",
+		    sig_details->sk_counter, sig_details->sk_flags);
 	}
 	free(fp);
 	fp = NULL;
 
 	if (revoked_keys != NULL) {
 		if ((r = sshkey_check_revoked(sign_key, revoked_keys)) != 0) {
-			debug3("sshkey_check_revoked failed: %s", ssh_err(r));
+			debug3_fr(r, "sshkey_check_revoked");
 			goto done;
 		}
 	}
 
-	if (allowed_keys != NULL &&
-	    (r = sshsig_check_allowed_keys(allowed_keys, sign_key,
-					   principal, sig_namespace)) != 0) {
-		debug3("sshsig_check_allowed_keys failed: %s", ssh_err(r));
+	if (allowed_keys != NULL && (r = sshsig_check_allowed_keys(allowed_keys,
+	    sign_key, principal, sig_namespace, verify_time)) != 0) {
+		debug3_fr(r, "sshsig_check_allowed_keys");
 		goto done;
 	}
 	/* success */
@@ -2702,23 +2766,30 @@
 	if (!quiet) {
 		if (ret == 0) {
 			if ((fp = sshkey_fingerprint(sign_key, fingerprint_hash,
-			    SSH_FP_DEFAULT)) == NULL) {
-				fatal("%s: sshkey_fingerprint failed",
-				    __func__);
-			}
+			    SSH_FP_DEFAULT)) == NULL)
+				fatal_f("sshkey_fingerprint failed");
 			if (principal == NULL) {
 				printf("Good \"%s\" signature with %s key %s\n",
-				       sig_namespace, sshkey_type(sign_key), fp);
+				    sig_namespace, sshkey_type(sign_key), fp);
 
 			} else {
 				printf("Good \"%s\" signature for %s with %s key %s\n",
-				       sig_namespace, principal,
-				       sshkey_type(sign_key), fp);
+				    sig_namespace, principal,
+				    sshkey_type(sign_key), fp);
 			}
 		} else {
 			printf("Could not verify signature.\n");
 		}
 	}
+	/* Print the signature key if requested */
+	if (ret == 0 && print_pubkey && sign_key != NULL) {
+		if ((r = sshkey_write(sign_key, stdout)) == 0)
+			fputc('\n', stdout);
+		else {
+			error_r(r, "Could not print public key.\n");
+			ret = -1;
+		}
+	}
 	sshbuf_free(sigbuf);
 	sshbuf_free(abuf);
 	sshkey_free(sign_key);
@@ -2728,29 +2799,34 @@
 }
 
 static int
-sig_find_principals(const char *signature, const char *allowed_keys) {
+sig_find_principals(const char *signature, const char *allowed_keys,
+    char * const *opts, size_t nopts)
+{
 	int r, ret = -1;
 	struct sshbuf *sigbuf = NULL, *abuf = NULL;
 	struct sshkey *sign_key = NULL;
 	char *principals = NULL, *cp, *tmp;
+	uint64_t verify_time = 0;
+
+	if (sig_process_opts(opts, nopts, &verify_time, NULL) != 0)
+		goto done; /* error already logged */
 
 	if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
-		error("Couldn't read signature file: %s", ssh_err(r));
+		error_r(r, "Couldn't read signature file");
 		goto done;
 	}
 	if ((r = sshsig_dearmor(abuf, &sigbuf)) != 0) {
-		error("%s: sshsig_armor: %s", __func__, ssh_err(r));
+		error_fr(r, "sshsig_armor");
 		goto done;
 	}
 	if ((r = sshsig_get_pubkey(sigbuf, &sign_key)) != 0) {
-		error("%s: sshsig_get_pubkey: %s",
-		    __func__, ssh_err(r));
+		error_fr(r, "sshsig_get_pubkey");
 		goto done;
 	}
 	if ((r = sshsig_find_principals(allowed_keys, sign_key,
-	    &principals)) != 0) {
-		error("%s: sshsig_get_principal: %s",
-		      __func__, ssh_err(r));
+	    verify_time, &principals)) != 0) {
+		if (r != SSH_ERR_KEY_NOT_FOUND)
+			error_fr(r, "sshsig_find_principal");
 		goto done;
 	}
 	ret = 0;
@@ -2934,27 +3010,24 @@
 {
 	struct sshkey **keys;
 	size_t nkeys, i;
-	int r, ok = -1;
+	int r, ret = -1;
 	char *fp, *pin = NULL, *pass = NULL, *path, *pubpath;
 	const char *ext;
 
 	if (skprovider == NULL)
 		fatal("Cannot download keys without provider");
 
-	for (i = 0; i < 2; i++) {
-		if (i == 1) {
-			pin = read_passphrase("Enter PIN for authenticator: ",
-			    RP_ALLOW_STDIN);
-		}
-		if ((r = sshsk_load_resident(skprovider, device, pin,
-		    &keys, &nkeys)) != 0) {
-			if (i == 0 && r == SSH_ERR_KEY_WRONG_PASSPHRASE)
-				continue;
-			if (pin != NULL)
-				freezero(pin, strlen(pin));
-			error("Unable to load resident keys: %s", ssh_err(r));
-			return -1;
-		}
+	pin = read_passphrase("Enter PIN for authenticator: ", RP_ALLOW_STDIN);
+	if (!quiet) {
+		printf("You may need to touch your authenticator "
+		    "to authorize key download.\n");
+	}
+	if ((r = sshsk_load_resident(skprovider, device, pin,
+	    &keys, &nkeys)) != 0) {
+		if (pin != NULL)
+			freezero(pin, strlen(pin));
+		error_r(r, "Unable to load resident keys");
+		return -1;
 	}
 	if (nkeys == 0)
 		logit("No keys to download");
@@ -2970,8 +3043,8 @@
 		}
 		if ((fp = sshkey_fingerprint(keys[i],
 		    fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
-			fatal("%s: sshkey_fingerprint failed", __func__);
-		debug("%s: key %zu: %s %s %s (flags 0x%02x)", __func__, i,
+			fatal_f("sshkey_fingerprint failed");
+		debug_f("key %zu: %s %s %s (flags 0x%02x)", i,
 		    sshkey_type(keys[i]), fp, keys[i]->sk_application,
 		    keys[i]->sk_flags);
 		ext = skip_ssh_url_preamble(keys[i]->sk_application);
@@ -2991,8 +3064,7 @@
 		if ((r = sshkey_save_private(keys[i], path, pass,
 		    keys[i]->sk_application, private_key_format,
 		    openssh_format_cipher, rounds)) != 0) {
-			error("Saving key \"%s\" failed: %s",
-			    path, ssh_err(r));
+			error_r(r, "Saving key \"%s\" failed", path);
 			free(path);
 			break;
 		}
@@ -3009,8 +3081,7 @@
 		free(path);
 		if ((r = sshkey_save_public(keys[i], pubpath,
 		    keys[i]->sk_application)) != 0) {
-			error("Saving public key \"%s\" failed: %s",
-			    pubpath, ssh_err(r));
+			error_r(r, "Saving public key \"%s\" failed", pubpath);
 			free(pubpath);
 			break;
 		}
@@ -3018,28 +3089,51 @@
 	}
 
 	if (i >= nkeys)
-		ok = 0; /* success */
+		ret = 0; /* success */
 	if (pass != NULL)
 		freezero(pass, strlen(pass));
 	for (i = 0; i < nkeys; i++)
 		sshkey_free(keys[i]);
 	free(keys);
-	return ok ? 0 : -1;
+	return ret;
+}
+
+static void
+save_attestation(struct sshbuf *attest, const char *path)
+{
+	mode_t omask;
+	int r;
+
+	if (path == NULL)
+		return; /* nothing to do */
+	if (attest == NULL || sshbuf_len(attest) == 0)
+		fatal("Enrollment did not return attestation data");
+	omask = umask(077);
+	r = sshbuf_write_file(path, attest);
+	umask(omask);
+	if (r != 0)
+		fatal_r(r, "Unable to write attestation data \"%s\"", path);
+	if (!quiet)
+		printf("Your FIDO attestation certificate has been saved in "
+		    "%s\n", path);
 }
 
 static void
 usage(void)
 {
 	fprintf(stderr,
-	    "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n"
+	    "usage: ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile]\n"
+	    "                  [-m format] [-N new_passphrase] [-O option]\n"
 	    "                  [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n"
-	    "                  [-N new_passphrase] [-O option] [-w provider]\n"
-	    "       ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n"
-	    "                   [-P old_passphrase]\n"
+	    "                  [-w provider] [-Z cipher]\n"
+	    "       ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase]\n"
+	    "                   [-P old_passphrase] [-Z cipher]\n"
+#ifdef WITH_OPENSSL
 	    "       ssh-keygen -i [-f input_keyfile] [-m key_format]\n"
 	    "       ssh-keygen -e [-f input_keyfile] [-m key_format]\n"
+#endif
 	    "       ssh-keygen -y [-f input_keyfile]\n"
-	    "       ssh-keygen -c [-C comment] [-f keyfile] [-P passphrase]\n"
+	    "       ssh-keygen -c [-a rounds] [-C comment] [-f keyfile] [-P passphrase]\n"
 	    "       ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\n"
 	    "       ssh-keygen -B [-f input_keyfile]\n");
 #ifdef ENABLE_PKCS11
@@ -3049,7 +3143,7 @@
 	fprintf(stderr,
 	    "       ssh-keygen -F hostname [-lv] [-f known_hosts_file]\n"
 	    "       ssh-keygen -H [-f known_hosts_file]\n"
-	    "       ssh-keygen -K [-w provider]\n"
+	    "       ssh-keygen -K [-a rounds] [-w provider]\n"
 	    "       ssh-keygen -R hostname [-f known_hosts_file]\n"
 	    "       ssh-keygen -r hostname [-g] [-f input_keyfile]\n"
 #ifdef WITH_OPENSSL
@@ -3060,7 +3154,7 @@
 	    "                  [-n principals] [-O option] [-V validity_interval]\n"
 	    "                  [-z serial_number] file ...\n"
 	    "       ssh-keygen -L [-f input_keyfile]\n"
-	    "       ssh-keygen -A [-f prefix_path]\n"
+	    "       ssh-keygen -A [-a rounds] [-f prefix_path]\n"
 	    "       ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"
 	    "                  file ...\n"
 	    "       ssh-keygen -Q [-l] -f krl_file [file ...]\n"
@@ -3068,7 +3162,7 @@
 	    "       ssh-keygen -Y check-novalidate -n namespace -s signature_file\n"
 	    "       ssh-keygen -Y sign -f key_file -n namespace file ...\n"
 	    "       ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n"
-	    "       		-n namespace -s signature_file [-r revocation_file]\n");
+	    "                  -n namespace -s signature_file [-r revocation_file]\n");
 	exit(1);
 }
 
@@ -3078,11 +3172,10 @@
 int
 main(int argc, char **argv)
 {
-	char dotsshdir[PATH_MAX], comment[1024], *passphrase;
+	char comment[1024], *passphrase;
 	char *rr_hostname = NULL, *ep, *fp, *ra;
 	struct sshkey *private, *public;
 	struct passwd *pw;
-	struct stat st;
 	int r, opt, type;
 	int change_passphrase = 0, change_comment = 0, show_cert = 0;
 	int find_host = 0, delete_host = 0, hash_hosts = 0;
@@ -3093,7 +3186,7 @@
 	unsigned long long cert_serial = 0;
 	char *identity_comment = NULL, *ca_key_path = NULL, **opts = NULL;
 	char *sk_application = NULL, *sk_device = NULL, *sk_user = NULL;
-	char *sk_attestaion_path = NULL;
+	char *sk_attestation_path = NULL;
 	struct sshbuf *challenge = NULL, *attest = NULL;
 	size_t i, nopts = 0;
 	u_int32_t bits = 0;
@@ -3120,6 +3213,7 @@
 	pw = getpwuid(getuid());
 	if (!pw)
 		fatal("No user exists for uid %lu", (u_long)getuid());
+	pw = pwcopy(pw);
 	if (gethostname(hostname, sizeof(hostname)) == -1)
 		fatal("gethostname: %s", strerror(errno));
 
@@ -3225,6 +3319,9 @@
 			break;
 		case 'Z':
 			openssh_format_cipher = optarg;
+			if (cipher_by_name(openssh_format_cipher) == NULL)
+				fatal("Invalid OpenSSH-format cipher '%s'",
+				    openssh_format_cipher);
 			break;
 		case 'C':
 			identity_comment = optarg;
@@ -3333,15 +3430,16 @@
 		if (strncmp(sign_op, "find-principals", 15) == 0) {
 			if (ca_key_path == NULL) {
 				error("Too few arguments for find-principals:"
-				      "missing signature file");
+				    "missing signature file");
 				exit(1);
 			}
 			if (!have_identity) {
 				error("Too few arguments for find-principals:"
-				      "missing allowed keys file");
+				    "missing allowed keys file");
 				exit(1);
 			}
-			return sig_find_principals(ca_key_path, identity_file);
+			return sig_find_principals(ca_key_path, identity_file,
+			    opts, nopts);
 		} else if (strncmp(sign_op, "sign", 4) == 0) {
 			if (cert_principals == NULL ||
 			    *cert_principals == '\0') {
@@ -3359,11 +3457,11 @@
 		} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
 			if (ca_key_path == NULL) {
 				error("Too few arguments for check-novalidate: "
-				      "missing signature file");
+				    "missing signature file");
 				exit(1);
 			}
 			return sig_verify(ca_key_path, cert_principals,
-			    NULL, NULL, NULL);
+			    NULL, NULL, NULL, opts, nopts);
 		} else if (strncmp(sign_op, "verify", 6) == 0) {
 			if (cert_principals == NULL ||
 			    *cert_principals == '\0') {
@@ -3387,7 +3485,8 @@
 				exit(1);
 			}
 			return sig_verify(ca_key_path, cert_principals,
-			    cert_key_id, identity_file, rr_hostname);
+			    cert_key_id, identity_file, rr_hostname,
+			    opts, nopts);
 		}
 		error("Unsupported operation for -Y: \"%s\"", sign_op);
 		usage();
@@ -3532,6 +3631,8 @@
 		for (i = 0; i < nopts; i++) {
 			if (strcasecmp(opts[i], "no-touch-required") == 0) {
 				sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
+			} else if (strcasecmp(opts[i], "verify-required") == 0) {
+				sk_flags |= SSH_SK_USER_VERIFICATION_REQD;
 			} else if (strcasecmp(opts[i], "resident") == 0) {
 				sk_flags |= SSH_SK_RESIDENT_KEY;
 			} else if (strncasecmp(opts[i], "device=", 7) == 0) {
@@ -3541,13 +3642,13 @@
 			} else if (strncasecmp(opts[i], "challenge=", 10) == 0) {
 				if ((r = sshbuf_load_file(opts[i] + 10,
 				    &challenge)) != 0) {
-					fatal("Unable to load FIDO enrollment "
-					    "challenge \"%s\": %s",
-					    opts[i] + 10, ssh_err(r));
+					fatal_r(r, "Unable to load FIDO "
+					    "enrollment challenge \"%s\"",
+					    opts[i] + 10);
 				}
 			} else if (strncasecmp(opts[i],
 			    "write-attestation=", 18) == 0) {
-				sk_attestaion_path = opts[i] + 18;
+				sk_attestation_path = opts[i] + 18;
 			} else if (strncasecmp(opts[i],
 			    "application=", 12) == 0) {
 				sk_application = xstrdup(opts[i] + 12);
@@ -3564,9 +3665,15 @@
 			printf("You may need to touch your authenticator "
 			    "to authorize key generation.\n");
 		}
-		passphrase = NULL;
 		if ((attest = sshbuf_new()) == NULL)
 			fatal("sshbuf_new failed");
+		if ((sk_flags &
+		    (SSH_SK_USER_VERIFICATION_REQD|SSH_SK_RESIDENT_KEY))) {
+			passphrase = read_passphrase("Enter PIN for "
+			    "authenticator: ", RP_ALLOW_STDIN);
+		} else {
+			passphrase = NULL;
+		}
 		for (i = 0 ; ; i++) {
 			fflush(stdout);
 			r = sshsk_enroll(type, sk_provider, sk_device,
@@ -3576,10 +3683,9 @@
 			if (r == 0)
 				break;
 			if (r != SSH_ERR_KEY_WRONG_PASSPHRASE)
-				fatal("Key enrollment failed: %s", ssh_err(r));
-			else if (i > 0)
+				fatal_r(r, "Key enrollment failed");
+			else if (passphrase != NULL) {
 				error("PIN incorrect");
-			if (passphrase != NULL) {
 				freezero(passphrase, strlen(passphrase));
 				passphrase = NULL;
 			}
@@ -3587,6 +3693,11 @@
 				fatal("Too many incorrect PINs");
 			passphrase = read_passphrase("Enter PIN for "
 			    "authenticator: ", RP_ALLOW_STDIN);
+			if (!quiet) {
+				printf("You may need to touch your "
+				    "authenticator (again) to authorize "
+				    "key generation.\n");
+			}
 		}
 		if (passphrase != NULL) {
 			freezero(passphrase, strlen(passphrase));
@@ -3599,26 +3710,14 @@
 		break;
 	}
 	if ((r = sshkey_from_private(private, &public)) != 0)
-		fatal("sshkey_from_private failed: %s\n", ssh_err(r));
+		fatal_r(r, "sshkey_from_private");
 
 	if (!have_identity)
 		ask_filename(pw, "Enter file in which to save the key");
 
 	/* Create ~/.ssh directory if it doesn't already exist. */
-	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
-	    pw->pw_dir, _PATH_SSH_USER_DIR);
-	if (strstr(identity_file, dotsshdir) != NULL) {
-		if (stat(dotsshdir, &st) == -1) {
-			if (errno != ENOENT) {
-				error("Could not stat %s: %s", dotsshdir,
-				    strerror(errno));
-			} else if (mkdir(dotsshdir, 0700) == -1) {
-				error("Could not create directory '%s': %s",
-				    dotsshdir, strerror(errno));
-			} else if (!quiet)
-				printf("Created directory '%s'.\n", dotsshdir);
-		}
-	}
+	hostfile_create_user_ssh_dir(identity_file, !quiet);
+
 	/* If the file already exists, ask the user to confirm. */
 	if (!confirm_overwrite(identity_file))
 		exit(1);
@@ -3635,8 +3734,7 @@
 	/* Save the key with the given passphrase and comment. */
 	if ((r = sshkey_save_private(private, identity_file, passphrase,
 	    comment, private_key_format, openssh_format_cipher, rounds)) != 0) {
-		error("Saving key \"%s\" failed: %s",
-		    identity_file, ssh_err(r));
+		error_r(r, "Saving key \"%s\" failed", identity_file);
 		freezero(passphrase, strlen(passphrase));
 		exit(1);
 	}
@@ -3649,10 +3747,8 @@
 	}
 
 	strlcat(identity_file, ".pub", sizeof(identity_file));
-	if ((r = sshkey_save_public(public, identity_file, comment)) != 0) {
-		fatal("Unable to save public key to %s: %s",
-		    identity_file, ssh_err(r));
-	}
+	if ((r = sshkey_save_public(public, identity_file, comment)) != 0)
+		fatal_r(r, "Unable to save public key to %s", identity_file);
 
 	if (!quiet) {
 		fp = sshkey_fingerprint(public, fingerprint_hash,
@@ -3671,20 +3767,9 @@
 		free(fp);
 	}
 
-	if (sk_attestaion_path != NULL) {
-		if (attest == NULL || sshbuf_len(attest) == 0) {
-			fatal("Enrollment did not return attestation "
-			    "certificate");
-		}
-		if ((r = sshbuf_write_file(sk_attestaion_path, attest)) != 0) {
-			fatal("Unable to write attestation certificate "
-			    "\"%s\": %s", sk_attestaion_path, ssh_err(r));
-		}
-		if (!quiet) {
-			printf("Your FIDO attestation certificate has been "
-			    "saved in %s\n", sk_attestaion_path);
-		}
-	}
+	if (sk_attestation_path != NULL)
+		save_attestation(attest, sk_attestation_path);
+
 	sshbuf_free(attest);
 	sshkey_free(public);
 

ssh-keyscan.c

diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index a5e6440..7abbcbf 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keyscan.c,v 1.131 2019/12/15 19:47:10 djm Exp $ */
+/* $OpenBSD: ssh-keyscan.c,v 1.139 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
  *
@@ -293,7 +293,7 @@
 # endif
 #endif
 	c->c_ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
-	c->c_ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
+	c->c_ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client;
 	ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
 	/*
 	 * do the key-exchange until an error occurs or until
@@ -367,7 +367,7 @@
 			continue;
 		}
 		if (set_nonblock(s) == -1)
-			fatal("%s: set_nonblock(%d)", __func__, s);
+			fatal_f("set_nonblock(%d)", s);
 		if (connect(s, ai->ai_addr, ai->ai_addrlen) == -1 &&
 		    errno != EINPROGRESS)
 			error("connect (`%s'): %s", host, strerror(errno));
@@ -401,7 +401,7 @@
 	if (fdcon[s].c_status)
 		fatal("conalloc: attempt to reuse fdno %d", s);
 
-	debug3("%s: oname %s kt %d", __func__, oname, keytype);
+	debug3_f("oname %s kt %d", oname, keytype);
 	fdcon[s].c_fd = s;
 	fdcon[s].c_status = CS_CON;
 	fdcon[s].c_namebase = namebase;
@@ -522,11 +522,10 @@
 		fatal("ssh_packet_set_connection failed");
 	ssh_packet_set_timeout(c->c_ssh, timeout, 1);
 	ssh_set_app_data(c->c_ssh, c);	/* back link */
+	c->c_ssh->compat = 0;
 	if (sscanf(buf, "SSH-%d.%d-%[^\n]\n",
 	    &remote_major, &remote_minor, remote_version) == 3)
-		c->c_ssh->compat = compat_datafellows(remote_version);
-	else
-		c->c_ssh->compat = 0;
+		compat_banner(c->c_ssh, remote_version);
 	if (!ssh2_capable(remote_major, remote_minor)) {
 		debug("%s doesn't support ssh2", c->c_name);
 		confree(s);
@@ -584,16 +583,9 @@
 	monotime_tv(&now);
 	c = TAILQ_FIRST(&tq);
 
-	if (c && (c->c_tv.tv_sec > now.tv_sec ||
-	    (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec > now.tv_usec))) {
-		seltime = c->c_tv;
-		seltime.tv_sec -= now.tv_sec;
-		seltime.tv_usec -= now.tv_usec;
-		if (seltime.tv_usec < 0) {
-			seltime.tv_usec += 1000000;
-			seltime.tv_sec--;
-		}
-	} else
+	if (c && timercmp(&c->c_tv, &now, >))
+		timersub(&c->c_tv, &now, &seltime);
+	else
 		timerclear(&seltime);
 
 	r = xcalloc(read_wait_nfdset, sizeof(fd_mask));
@@ -616,8 +608,7 @@
 	free(e);
 
 	c = TAILQ_FIRST(&tq);
-	while (c && (c->c_tv.tv_sec < now.tv_sec ||
-	    (c->c_tv.tv_sec == now.tv_sec && c->c_tv.tv_usec < now.tv_usec))) {
+	while (c && timercmp(&c->c_tv, &now, <)) {
 		int s = c->c_fd;
 
 		c = TAILQ_NEXT(c, c_link);
@@ -643,14 +634,15 @@
 }
 
 void
-fatal(const char *fmt,...)
+sshfatal(const char *file, const char *func, int line, int showfunc,
+    LogLevel level, const char *suffix, const char *fmt, ...)
 {
 	va_list args;
 
 	va_start(args, fmt);
-	do_log(SYSLOG_LEVEL_FATAL, fmt, args);
+	sshlogv(file, func, line, showfunc, level, suffix, fmt, args);
 	va_end(args);
-	exit(255);
+	cleanup_exit(255);
 }
 
 static void
@@ -794,8 +786,7 @@
 		if (argv[j] == NULL)
 			fp = stdin;
 		else if ((fp = fopen(argv[j], "r")) == NULL)
-			fatal("%s: %s: %s", __progname, argv[j],
-			    strerror(errno));
+			fatal("%s: %s: %s", __progname, argv[j], strerror(errno));
 
 		while (getline(&line, &linesize, fp) != -1) {
 			/* Chomp off trailing whitespace and comments */
@@ -817,8 +808,7 @@
 		}
 
 		if (ferror(fp))
-			fatal("%s: %s: %s", __progname, argv[j],
-			    strerror(errno));
+			fatal("%s: %s: %s", __progname, argv[j], strerror(errno));
 
 		fclose(fp);
 	}

ssh-keysign.c

diff --git a/ssh-keysign.c b/ssh-keysign.c
index 3e3ea3e..d6ac98c 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keysign.c,v 1.63 2019/11/18 16:10:05 naddy Exp $ */
+/* $OpenBSD: ssh-keysign.c,v 1.67 2021/07/05 01:16:46 dtucker Exp $ */
 /*
  * Copyright (c) 2002 Markus Friedl.  All rights reserved.
  *
@@ -78,33 +78,33 @@
 	fail = 0;
 
 	if ((b = sshbuf_from(data, datalen)) == NULL)
-		fatal("%s: sshbuf_from failed", __func__);
+		fatal_f("sshbuf_from failed");
 
 	/* session id, currently limited to SHA1 (20 bytes) or SHA256 (32) */
 	if ((r = sshbuf_get_string(b, NULL, &len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse session ID");
 	if (len != 20 && len != 32)
 		fail++;
 
 	if ((r = sshbuf_get_u8(b, &type)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type");
 	if (type != SSH2_MSG_USERAUTH_REQUEST)
 		fail++;
 
 	/* server user */
 	if ((r = sshbuf_skip_string(b)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse user");
 
 	/* service */
 	if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse service");
 	if (strcmp("ssh-connection", p) != 0)
 		fail++;
 	free(p);
 
 	/* method */
 	if ((r = sshbuf_get_cstring(b, &p, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse method");
 	if (strcmp("hostbased", p) != 0)
 		fail++;
 	free(p);
@@ -112,13 +112,13 @@
 	/* pubkey */
 	if ((r = sshbuf_get_cstring(b, &pkalg, NULL)) != 0 ||
 	    (r = sshbuf_get_string(b, &pkblob, &blen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse pk");
 
 	pktype = sshkey_type_from_name(pkalg);
 	if (pktype == KEY_UNSPEC)
 		fail++;
 	else if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
-		error("%s: bad key blob: %s", __func__, ssh_err(r));
+		error_fr(r, "decode key");
 		fail++;
 	} else if (key->type != pktype)
 		fail++;
@@ -127,8 +127,8 @@
 
 	/* client host name, handle trailing dot */
 	if ((r = sshbuf_get_cstring(b, &p, &len)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	debug2("%s: check expect chost %s got %s", __func__, host, p);
+		fatal_fr(r, "parse hostname");
+	debug2_f("check expect chost %s got %s", host, p);
 	if (strlen(host) != len - 1)
 		fail++;
 	else if (p[len - 1] != '.')
@@ -139,7 +139,7 @@
 
 	/* local user */
 	if ((r = sshbuf_get_cstring(b, &luser, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse luser");
 
 	if (strcmp(pw->pw_name, luser) != 0)
 		fail++;
@@ -150,7 +150,7 @@
 		fail++;
 	sshbuf_free(b);
 
-	debug3("%s: fail %d", __func__, fail);
+	debug3_f("fail %d", fail);
 
 	if (fail)
 		sshkey_free(key);
@@ -207,7 +207,7 @@
 	initialize_options(&options);
 	(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, "", "",
 	    &options, 0, NULL);
-	fill_default_options(&options);
+	(void)fill_default_options(&options);
 	if (options.enable_ssh_keysign != 1)
 		fatal("ssh-keysign not enabled in %s",
 		    _PATH_HOST_CONFIG_FILE);
@@ -228,7 +228,7 @@
 		    NULL, &key, NULL);
 		close(key_fd[i]);
 		if (r != 0)
-			debug("parse key %d: %s", i, ssh_err(r));
+			debug_r(r, "parse key %d", i);
 		else if (key != NULL) {
 			keys[i] = key;
 			found = 1;
@@ -243,22 +243,23 @@
 	if ((b = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __progname);
 	if (ssh_msg_recv(STDIN_FILENO, b) < 0)
-		fatal("ssh_msg_recv failed");
+		fatal("%s: ssh_msg_recv failed", __progname);
 	if ((r = sshbuf_get_u8(b, &rver)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: buffer error", __progname);
 	if (rver != version)
-		fatal("bad version: received %d, expected %d", rver, version);
+		fatal("%s: bad version: received %d, expected %d",
+		    __progname, rver, version);
 	if ((r = sshbuf_get_u32(b, (u_int *)&fd)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: buffer error", __progname);
 	if (fd < 0 || fd == STDIN_FILENO || fd == STDOUT_FILENO)
-		fatal("bad fd = %d", fd);
+		fatal("%s: bad fd = %d", __progname, fd);
 	if ((host = get_local_name(fd)) == NULL)
-		fatal("cannot get local name for fd");
+		fatal("%s: cannot get local name for fd", __progname);
 
 	if ((r = sshbuf_get_string(b, &data, &dlen)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: buffer error", __progname);
 	if (valid_request(pw, host, &key, data, dlen) < 0)
-		fatal("not a valid request");
+		fatal("%s: not a valid request", __progname);
 	free(host);
 
 	found = 0;
@@ -273,21 +274,21 @@
 		if ((fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT)) == NULL)
 			fatal("%s: sshkey_fingerprint failed", __progname);
-		fatal("no matching hostkey found for key %s %s",
+		fatal("%s: no matching hostkey found for key %s %s", __progname,
 		    sshkey_type(key), fp ? fp : "");
 	}
 
 	if ((r = sshkey_sign(keys[i], &signature, &slen, data, dlen,
-	    NULL, NULL, 0)) != 0)
-		fatal("sshkey_sign failed: %s", ssh_err(r));
+	    NULL, NULL, NULL, 0)) != 0)
+		fatal_r(r, "%s: sshkey_sign failed", __progname);
 	free(data);
 
 	/* send reply */
 	sshbuf_reset(b);
 	if ((r = sshbuf_put_string(b, signature, slen)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: buffer error", __progname);
 	if (ssh_msg_send(STDOUT_FILENO, version, b) == -1)
-		fatal("ssh_msg_send failed");
+		fatal("%s: ssh_msg_send failed", __progname);
 
 	return (0);
 }

ssh-pkcs11-client.c

diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index 8a0ffef..e724736 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-client.c,v 1.16 2020/01/25 00:03:36 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11-client.c,v 1.17 2020/10/18 11:32:02 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -65,7 +65,7 @@
 	    sshbuf_len(m)) != sshbuf_len(m))
 		error("write to helper failed");
 	if ((r = sshbuf_consume(m, mlen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "consume");
 }
 
 static int
@@ -93,11 +93,11 @@
 			return (0); /* XXX */
 		}
 		if ((r = sshbuf_put(m, buf, l)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_put");
 		len -= l;
 	}
 	if ((r = sshbuf_get_u8(m, &c)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type");
 	return c;
 }
 
@@ -127,29 +127,29 @@
 		goto fail;
 	key = sshkey_new(KEY_UNSPEC);
 	if (key == NULL) {
-		error("%s: sshkey_new failed", __func__);
+		error_f("sshkey_new failed");
 		goto fail;
 	}
 	key->type = KEY_RSA;
 	RSA_up_ref(rsa);
 	key->rsa = rsa;
 	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
-		error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
+		error_fr(r, "encode key");
 		goto fail;
 	}
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
 	    (r = sshbuf_put_string(msg, blob, blen)) != 0 ||
 	    (r = sshbuf_put_string(msg, from, flen)) != 0 ||
 	    (r = sshbuf_put_u32(msg, 0)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(msg);
 	sshbuf_reset(msg);
 
 	if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
 		if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse");
 		if (slen <= (size_t)RSA_size(rsa)) {
 			memcpy(to, signature, slen);
 			ret = slen;
@@ -178,13 +178,13 @@
 
 	nid = sshkey_ecdsa_key_to_nid(ec);
 	if (nid < 0) {
-		error("%s: couldn't get curve nid", __func__);
+		error_f("couldn't get curve nid");
 		goto fail;
 	}
 
 	key = sshkey_new(KEY_UNSPEC);
 	if (key == NULL) {
-		error("%s: sshkey_new failed", __func__);
+		error_f("sshkey_new failed");
 		goto fail;
 	}
 	key->ecdsa = ec;
@@ -193,22 +193,22 @@
 	EC_KEY_up_ref(ec);
 
 	if ((r = sshkey_to_blob(key, &blob, &blen)) != 0) {
-		error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
+		error_fr(r, "encode key");
 		goto fail;
 	}
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH2_AGENTC_SIGN_REQUEST)) != 0 ||
 	    (r = sshbuf_put_string(msg, blob, blen)) != 0 ||
 	    (r = sshbuf_put_string(msg, dgst, dgst_len)) != 0 ||
 	    (r = sshbuf_put_u32(msg, 0)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(msg);
 	sshbuf_reset(msg);
 
 	if (recv_msg(msg) == SSH2_AGENT_SIGN_RESPONSE) {
 		if ((r = sshbuf_get_string(msg, &signature, &slen)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse");
 		cp = signature;
 		ret = d2i_ECDSA_SIG(NULL, &cp, slen);
 		free(signature);
@@ -238,7 +238,7 @@
 		EC_KEY_set_method(k->ecdsa, helper_ecdsa);
 #endif /* HAVE_EC_KEY_METHOD_NEW */
 	else
-		fatal("%s: unknown key type", __func__);
+		fatal_f("unknown key type");
 }
 
 static int
@@ -260,10 +260,10 @@
 #endif /* HAVE_EC_KEY_METHOD_NEW */
 
 	if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
-		fatal("%s: RSA_meth_dup failed", __func__);
+		fatal_f("RSA_meth_dup failed");
 	if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||
 	    !RSA_meth_set_priv_enc(helper_rsa, rsa_encrypt))
-		fatal("%s: failed to prepare method", __func__);
+		fatal_f("failed to prepare method");
 
 	return (0);
 }
@@ -300,7 +300,7 @@
 		helper = getenv("SSH_PKCS11_HELPER");
 		if (helper == NULL || strlen(helper) == 0)
 			helper = _PATH_SSH_PKCS11_HELPER;
-		debug("%s: starting %s %s", __func__, helper,
+		debug_f("starting %s %s", helper,
 		    verbosity == NULL ? "" : verbosity);
 		execlp(helper, helper, verbosity, (char *)NULL);
 		fprintf(stderr, "exec: %s: %s\n", helper, strerror(errno));
@@ -327,18 +327,18 @@
 		return (-1);
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH_AGENTC_ADD_SMARTCARD_KEY)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, name)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, pin)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(msg);
 	sshbuf_reset(msg);
 
 	type = recv_msg(msg);
 	if (type == SSH2_AGENT_IDENTITIES_ANSWER) {
 		if ((r = sshbuf_get_u32(msg, &nkeys)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse nkeys");
 		*keysp = xcalloc(nkeys, sizeof(struct sshkey *));
 		if (labelsp)
 			*labelsp = xcalloc(nkeys, sizeof(char *));
@@ -346,10 +346,9 @@
 			/* XXX clean up properly instead of fatal() */
 			if ((r = sshbuf_get_string(msg, &blob, &blen)) != 0 ||
 			    (r = sshbuf_get_cstring(msg, &label, NULL)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse key");
 			if ((r = sshkey_from_blob(blob, blen, &k)) != 0)
-				fatal("%s: bad key: %s", __func__, ssh_err(r));
+				fatal_fr(r, "decode key");
 			wrap_key(k);
 			(*keysp)[i] = k;
 			if (labelsp)
@@ -375,11 +374,11 @@
 	struct sshbuf *msg;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_put_u8(msg, SSH_AGENTC_REMOVE_SMARTCARD_KEY)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, name)) != 0 ||
 	    (r = sshbuf_put_cstring(msg, "")) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	send_msg(msg);
 	sshbuf_reset(msg);
 

ssh-pkcs11-helper.c

diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c
index d73e835..5ca8d03 100644
--- a/ssh-pkcs11-helper.c
+++ b/ssh-pkcs11-helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11-helper.c,v 1.23 2020/03/06 18:26:21 markus Exp $ */
+/* $OpenBSD: ssh-pkcs11-helper.c,v 1.25 2021/08/11 05:20:17 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  *
@@ -98,7 +98,8 @@
 	struct pkcs11_keyinfo *ki;
 
 	TAILQ_FOREACH(ki, &pkcs11_keylist, next) {
-		debug("check %p %s %s", ki, ki->providername, ki->label);
+		debug("check %s %s %s", sshkey_type(ki->key),
+		    ki->providername, ki->label);
 		if (sshkey_equal(k, ki->key))
 			return (ki->key);
 	}
@@ -111,7 +112,7 @@
 	int r;
 
 	if ((r = sshbuf_put_stringb(oqueue, m)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "enqueue");
 }
 
 static void
@@ -126,35 +127,30 @@
 	char **labels = NULL;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if ((nkeys = pkcs11_add_provider(name, pin, &keys, &labels)) > 0) {
 		if ((r = sshbuf_put_u8(msg,
 		    SSH2_AGENT_IDENTITIES_ANSWER)) != 0 ||
 		    (r = sshbuf_put_u32(msg, nkeys)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose");
 		for (i = 0; i < nkeys; i++) {
 			if ((r = sshkey_to_blob(keys[i], &blob, &blen)) != 0) {
-				debug("%s: sshkey_to_blob: %s",
-				    __func__, ssh_err(r));
+				debug_fr(r, "encode key");
 				continue;
 			}
 			if ((r = sshbuf_put_string(msg, blob, blen)) != 0 ||
 			    (r = sshbuf_put_cstring(msg, labels[i])) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "compose key");
 			free(blob);
 			add_key(keys[i], name, labels[i]);
 			free(labels[i]);
 		}
-	} else {
-		if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
-		if ((r = sshbuf_put_u32(msg, -nkeys)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
-	}
+	} else if ((r = sshbuf_put_u8(msg, SSH_AGENT_FAILURE)) != 0 ||
+	    (r = sshbuf_put_u32(msg, -nkeys)) != 0)
+		fatal_fr(r, "compose");
 	free(labels);
 	free(keys); /* keys themselves are transferred to pkcs11_keylist */
 	free(pin);
@@ -171,14 +167,14 @@
 	int r;
 
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((r = sshbuf_get_cstring(iqueue, &name, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(iqueue, &pin, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	del_keys_by_name(name);
 	if ((r = sshbuf_put_u8(msg, pkcs11_del_provider(name) == 0 ?
 	    SSH_AGENT_SUCCESS : SSH_AGENT_FAILURE)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 	free(pin);
 	free(name);
 	send_msg(msg);
@@ -198,10 +194,10 @@
 	if ((r = sshbuf_get_string(iqueue, &blob, &blen)) != 0 ||
 	    (r = sshbuf_get_string(iqueue, &data, &dlen)) != 0 ||
 	    (r = sshbuf_get_u32(iqueue, NULL)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 
 	if ((r = sshkey_from_blob(blob, blen, &key)) != 0)
-		error("%s: sshkey_from_blob: %s", __func__, ssh_err(r));
+		fatal_fr(r, "decode key");
 	else {
 		if ((found = lookup_key(key)) != NULL) {
 #ifdef WITH_OPENSSL
@@ -227,26 +223,25 @@
 				if (ret != 0)
 					ok = 0;
 				else
-					error("%s: ECDSA_sign"
-					    " returns %d", __func__, ret);
+					error_f("ECDSA_sign returned %d", ret);
 				slen = xslen;
 #endif /* OPENSSL_HAS_ECC */
 			} else
-				error("%s: don't know how to sign with key "
-				    "type %d", __func__, (int)key->type);
+				error_f("don't know how to sign with key "
+				    "type %d", (int)key->type);
 #endif /* WITH_OPENSSL */
 		}
 		sshkey_free(key);
 	}
 	if ((msg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if (ok == 0) {
 		if ((r = sshbuf_put_u8(msg, SSH2_AGENT_SIGN_RESPONSE)) != 0 ||
 		    (r = sshbuf_put_string(msg, signature, slen)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose response");
 	} else {
 		if ((r = sshbuf_put_u8(msg, SSH2_AGENT_FAILURE)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose failure response");
 	}
 	free(data);
 	free(blob);
@@ -278,7 +273,7 @@
 		return;
 	if ((r = sshbuf_consume(iqueue, 4)) != 0 ||
 	    (r = sshbuf_get_u8(iqueue, &type)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse type/len");
 	buf_len -= 4;
 	switch (type) {
 	case SSH_AGENTC_ADD_SMARTCARD_KEY:
@@ -309,7 +304,7 @@
 	}
 	if (msg_len > consumed) {
 		if ((r = sshbuf_consume(iqueue, msg_len - consumed)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "consume");
 	}
 }
 
@@ -356,14 +351,13 @@
 	log_init(__progname, log_level, log_facility, log_stderr);
 
 	pkcs11_init(0);
-
 	in = STDIN_FILENO;
 	out = STDOUT_FILENO;
 
 	if ((iqueue = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if ((oqueue = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	while (1) {
 		memset(pfd, 0, sizeof(pfd));
@@ -379,7 +373,7 @@
 		    (r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0)
 			pfd[0].events = POLLIN;
 		else if (r != SSH_ERR_NO_BUFFER_SPACE)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "reserve");
 
 		if (sshbuf_len(oqueue) > 0)
 			pfd[1].events = POLLOUT;
@@ -399,10 +393,8 @@
 			} else if (len < 0) {
 				error("read: %s", strerror(errno));
 				cleanup_exit(1);
-			} else if ((r = sshbuf_put(iqueue, buf, len)) != 0) {
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
-			}
+			} else if ((r = sshbuf_put(iqueue, buf, len)) != 0)
+				fatal_fr(r, "sshbuf_put");
 		}
 		/* send oqueue to stdout */
 		if ((pfd[1].revents & (POLLOUT|POLLHUP)) != 0) {
@@ -411,10 +403,8 @@
 			if (len < 0) {
 				error("write: %s", strerror(errno));
 				cleanup_exit(1);
-			} else if ((r = sshbuf_consume(oqueue, len)) != 0) {
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
-			}
+			} else if ((r = sshbuf_consume(oqueue, len)) != 0)
+				fatal_fr(r, "consume");
 		}
 
 		/*
@@ -425,7 +415,7 @@
 		if ((r = sshbuf_check_reserve(oqueue, MAX_MSG_LENGTH)) == 0)
 			process();
 		else if (r != SSH_ERR_NO_BUFFER_SPACE)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "reserve");
 	}
 }
 

ssh-pkcs11.c

diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index ec0e918..37a6b1b 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-pkcs11.c,v 1.49 2020/03/13 04:16:27 djm Exp $ */
+/* $OpenBSD: ssh-pkcs11.c,v 1.54 2021/08/11 05:20:17 djm Exp $ */
 /*
  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
@@ -46,6 +46,7 @@
 #include "misc.h"
 #include "sshkey.h"
 #include "ssh-pkcs11.h"
+#include "digest.h"
 #include "xmalloc.h"
 
 struct pkcs11_slotinfo {
@@ -84,10 +85,9 @@
 {
 	unsigned long    e;
 
-	error("%s: %s", __func__, msg);
+	error_f("%s", msg);
 	while ((e = ERR_get_error()) != 0)
-		error("%s: libcrypto error: %.100s", __func__,
-		    ERR_error_string(e, NULL));
+		error_f("libcrypto error: %s", ERR_error_string(e, NULL));
 }
 #endif /* HAVE_EC_KEY_METHOD_NEW */
 
@@ -111,8 +111,8 @@
 	CK_RV rv;
 	CK_ULONG i;
 
-	debug("pkcs11_provider_finalize: %p refcount %d valid %d",
-	    p, p->refcount, p->valid);
+	debug_f("provider \"%s\" refcount %d valid %d",
+	    p->name, p->refcount, p->valid);
 	if (!p->valid)
 		return;
 	for (i = 0; i < p->nslots; i++) {
@@ -135,10 +135,10 @@
 static void
 pkcs11_provider_unref(struct pkcs11_provider *p)
 {
-	debug("pkcs11_provider_unref: %p refcount %d", p, p->refcount);
+	debug_f("provider \"%s\" refcount %d", p->name, p->refcount);
 	if (--p->refcount <= 0) {
 		if (p->valid)
-			error("pkcs11_provider_unref: %p still valid", p);
+			error_f("provider \"%s\" still valid", p->name);
 		free(p->name);
 		free(p->slotlist);
 		free(p->slotinfo);
@@ -166,7 +166,7 @@
 	struct pkcs11_provider *p;
 
 	TAILQ_FOREACH(p, &pkcs11_providers, next) {
-		debug("check %p %s", p, p->name);
+		debug("check provider \"%s\"", p->name);
 		if (!strcmp(provider_id, p->name))
 			return (p);
 	}
@@ -202,7 +202,7 @@
 {
 	struct pkcs11_key	*k11 = ptr;
 
-	debug("%s: parent %p ptr %p idx %d", __func__, parent, ptr, idx);
+	debug_f("parent %p ptr %p idx %d", parent, ptr, idx);
 	if (k11 == NULL)
 		return;
 	if (k11->provider)
@@ -263,7 +263,7 @@
 		snprintf(prompt, sizeof(prompt), "Enter PIN for '%s': ",
 		    si->token.label);
 		if ((pin = read_passphrase(prompt, RP_ALLOW_EOF)) == NULL) {
-			debug("%s: no pin specified", __func__);
+			debug_f("no pin specified");
 			return (-1);	/* bail out */
 		}
 	}
@@ -337,8 +337,8 @@
 		return (-1);
 	}
 	*val = flag != 0;
-	debug("%s: provider %p slot %lu object %lu: attrib %lu = %d",
-	    __func__, k11->provider, k11->slotidx, obj, type, *val);
+	debug_f("provider \"%s\" slot %lu object %lu: attrib %lu = %d",
+	    k11->provider->name, k11->slotidx, obj, type, *val);
 	return (0);
 }
 
@@ -407,7 +407,7 @@
 	pkcs11_check_obj_bool_attrib(k11, obj, CKA_ALWAYS_AUTHENTICATE,
 	    &always_auth); /* ignore errors here */
 	if (always_auth && !did_login) {
-		debug("%s: always-auth key", __func__);
+		debug_f("always-auth key");
 		if (pkcs11_login(k11, CKU_CONTEXT_SPECIFIC) < 0) {
 			error("login failed for always-auth key");
 			return (-1);
@@ -430,7 +430,7 @@
 	int			rval = -1;
 
 	if ((k11 = RSA_get_ex_data(rsa, rsa_idx)) == NULL) {
-		error("RSA_get_ex_data failed for rsa %p", rsa);
+		error("RSA_get_ex_data failed");
 		return (-1);
 	}
 
@@ -475,7 +475,7 @@
 	if (!RSA_meth_set1_name(rsa_method, "pkcs11") ||
 	    !RSA_meth_set_priv_enc(rsa_method, pkcs11_rsa_private_encrypt) ||
 	    !RSA_meth_set_priv_dec(rsa_method, pkcs11_rsa_private_decrypt)) {
-		error("%s: setup pkcs11 method failed", __func__);
+		error_f("setup pkcs11 method failed");
 		return (-1);
 	}
 	return (0);
@@ -561,7 +561,7 @@
 		goto done;
 	}
 	if (!ECDSA_SIG_set0(ret, r, s)) {
-		error("%s: ECDSA_SIG_set0 failed", __func__);
+		error_f("ECDSA_SIG_set0 failed");
 		ECDSA_SIG_free(ret);
 		ret = NULL;
 		goto done;
@@ -883,7 +883,7 @@
 		goto fail;
 	}
 	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL))
-		fatal("%s: set key", __func__);
+		fatal_f("set key");
 	rsa_n = rsa_e = NULL; /* transferred */
 
 	if (pkcs11_rsa_wrap(p, slotidx, &key_attr[0], rsa))
@@ -973,7 +973,7 @@
 	}
 
 	/* Decode DER-encoded cert subject */
-	cp = cert_attr[2].pValue;
+	cp = cert_attr[1].pValue;
 	if ((x509_name = d2i_X509_NAME(NULL, &cp,
 	    cert_attr[1].ulValueLen)) == NULL ||
 	    (subject = X509_NAME_oneline(x509_name, NULL, 0)) == NULL)
@@ -1079,6 +1079,22 @@
 }
 #endif
 
+static void
+note_key(struct pkcs11_provider *p, CK_ULONG slotidx, const char *context,
+    struct sshkey *key)
+{
+	char *fp;
+
+	if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
+	    SSH_FP_DEFAULT)) == NULL) {
+		error_f("sshkey_fingerprint failed");
+		return;
+	}
+	debug2("%s: provider %s slot %lu: %s %s", context, p->name,
+	    (u_long)slotidx, sshkey_type(key), fp);
+	free(fp);
+}
+
 /*
  * lookup certificates for token in slot identified by slotidx,
  * add 'wrapped' public keys to the 'keysp' array and increment nkeys.
@@ -1154,8 +1170,9 @@
 			    ck_cert_type);
 			continue;
 		}
-
+		note_key(p, slotidx, __func__, key);
 		if (pkcs11_key_included(keysp, nkeys, key)) {
+			debug2_f("key already included");;
 			sshkey_free(key);
 		} else {
 			/* expand key array and add key */
@@ -1267,8 +1284,9 @@
 			error("failed to fetch key");
 			continue;
 		}
-
+		note_key(p, slotidx, __func__, key);
 		if (pkcs11_key_included(keysp, nkeys, key)) {
+			debug2_f("key already included");;
 			sshkey_free(key);
 		} else {
 			/* expand key array and add key */
@@ -1355,7 +1373,7 @@
 
 	if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv,
 	    &pubKey, &privKey)) != CKR_OK) {
-		error("%s: key generation failed: error 0x%lx", __func__, rv);
+		error_f("key generation failed: error 0x%lx", rv);
 		*err = rv;
 		return NULL;
 	}
@@ -1434,12 +1452,12 @@
 			break;
 	}
 	if (!ec_curve_infos[i].name) {
-		error("%s: invalid key size %lu", __func__, bits);
+		error_f("invalid key size %lu", bits);
 		return NULL;
 	}
 	if (pkcs11_decode_hex(ec_curve_infos[i].oid_encoded, &ecparams,
 	    &ecparams_size) == -1) {
-		error("%s: invalid oid", __func__);
+		error_f("invalid oid");
 		return NULL;
 	}
 
@@ -1472,7 +1490,7 @@
 
 	if ((rv = f->C_GenerateKeyPair(session, &mech, tpub, npub, tpriv, npriv,
 	    &pubKey, &privKey)) != CKR_OK) {
-		error("%s: key generation failed: error 0x%lx", __func__, rv);
+		error_f("key generation failed: error 0x%lx", rv);
 		*err = rv;
 		return NULL;
 	}
@@ -1510,8 +1528,7 @@
 		*labelsp = NULL;
 
 	if (pkcs11_provider_lookup(provider_id) != NULL) {
-		debug("%s: provider already registered: %s",
-		    __func__, provider_id);
+		debug_f("provider already registered: %s", provider_id);
 		goto fail;
 	}
 	/* open shared pkcs11-library */
@@ -1560,8 +1577,7 @@
 		goto fail;
 	}
 	if (p->nslots == 0) {
-		debug("%s: provider %s returned no slots", __func__,
-		    provider_id);
+		debug_f("provider %s returned no slots", provider_id);
 		ret = -SSH_PKCS11_ERR_NO_SLOTS;
 		goto fail;
 	}
@@ -1580,13 +1596,12 @@
 		if ((rv = f->C_GetTokenInfo(p->slotlist[i], token))
 		    != CKR_OK) {
 			error("C_GetTokenInfo for provider %s slot %lu "
-			    "failed: %lu", provider_id, (unsigned long)i, rv);
+			    "failed: %lu", provider_id, (u_long)i, rv);
 			continue;
 		}
 		if ((token->flags & CKF_TOKEN_INITIALIZED) == 0) {
-			debug2("%s: ignoring uninitialised token in "
-			    "provider %s slot %lu", __func__,
-			    provider_id, (unsigned long)i);
+			debug2_f("ignoring uninitialised token in "
+			    "provider %s slot %lu", provider_id, (u_long)i);
 			continue;
 		}
 		rmspace(token->label, sizeof(token->label));
@@ -1668,8 +1683,7 @@
 		pkcs11_provider_unref(p);
 	}
 	if (nkeys == 0)
-		debug("%s: provider %s returned no keys", __func__,
-		    provider_id);
+		debug_f("provider %s returned no keys", provider_id);
 
 	return (nkeys);
 }
@@ -1690,11 +1704,10 @@
 	*err = 0;
 
 	if ((p = pkcs11_provider_lookup(provider_id)) != NULL)
-		debug("%s: provider \"%s\" available", __func__, provider_id);
+		debug_f("provider \"%s\" available", provider_id);
 	else if ((ret = pkcs11_register_provider(provider_id, pin, NULL, NULL,
 	    &p, CKU_SO)) < 0) {
-		debug("%s: could not register provider %s", __func__,
-		    provider_id);
+		debug_f("could not register provider %s", provider_id);
 		goto out;
 	} else
 		reset_provider = 1;
@@ -1705,7 +1718,7 @@
 
 	if ((rv = f->C_SetOperationState(session , pin, strlen(pin),
 	    CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) {
-		debug("%s: could not supply SO pin: %lu", __func__, rv);
+		debug_f("could not supply SO pin: %lu", rv);
 		reset_pin = 0;
 	} else
 		reset_pin = 1;
@@ -1714,20 +1727,20 @@
 	case KEY_RSA:
 		if ((k = pkcs11_rsa_generate_private_key(p, slotidx, label,
 		    bits, keyid, err)) == NULL) {
-			debug("%s: failed to generate RSA key", __func__);
+			debug_f("failed to generate RSA key");
 			goto out;
 		}
 		break;
 	case KEY_ECDSA:
 		if ((k = pkcs11_ecdsa_generate_private_key(p, slotidx, label,
 		    bits, keyid, err)) == NULL) {
-			debug("%s: failed to generate ECDSA key", __func__);
+			debug_f("failed to generate ECDSA key");
 			goto out;
 		}
 		break;
 	default:
 		*err = SSH_PKCS11_ERR_GENERIC;
-		debug("%s: unknown type %d", __func__, type);
+		debug_f("unknown type %d", type);
 		goto out;
 	}
 
@@ -1762,10 +1775,10 @@
 	*err = 0;
 
 	if ((p = pkcs11_provider_lookup(provider_id)) != NULL) {
-		debug("%s: using provider \"%s\"", __func__, provider_id);
+		debug_f("using provider \"%s\"", provider_id);
 	} else if (pkcs11_register_provider(provider_id, pin, NULL, NULL, &p,
 	    CKU_SO) < 0) {
-		debug("%s: could not register provider %s", __func__,
+		debug_f("could not register provider %s",
 		    provider_id);
 		goto out;
 	} else
@@ -1777,7 +1790,7 @@
 
 	if ((rv = f->C_SetOperationState(session , pin, strlen(pin),
 	    CK_INVALID_HANDLE, CK_INVALID_HANDLE)) != CKR_OK) {
-		debug("%s: could not supply SO pin: %lu", __func__, rv);
+		debug_f("could not supply SO pin: %lu", rv);
 		reset_pin = 0;
 	} else
 		reset_pin = 1;
@@ -1791,8 +1804,8 @@
 	if (pkcs11_find(p, slotidx, attrs, nattrs, &obj) == 0 &&
 	    obj != CK_INVALID_HANDLE) {
 		if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) {
-			debug("%s: could not destroy private key 0x%hhx",
-			    __func__, keyid);
+			debug_f("could not destroy private key 0x%hhx",
+			    keyid);
 			*err = rv;
 			goto out;
 		}
@@ -1813,8 +1826,8 @@
 		    sizeof(key_type));
 		rv = f->C_GetAttributeValue(session, obj, attrs, nattrs);
 		if (rv != CKR_OK) {
-			debug("%s: could not get key type of public key 0x%hhx",
-			    __func__, keyid);
+			debug_f("could not get key type of public key 0x%hhx",
+			    keyid);
 			*err = rv;
 			key_type = -1;
 		}
@@ -1824,8 +1837,7 @@
 			k = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj);
 
 		if ((rv = f->C_DestroyObject(session, obj)) != CKR_OK) {
-			debug("%s: could not destroy public key 0x%hhx",
-			    __func__, keyid);
+			debug_f("could not destroy public key 0x%hhx", keyid);
 			*err = rv;
 			goto out;
 		}
@@ -1859,7 +1871,8 @@
 }
 
 int
-pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp)
+pkcs11_add_provider(char *provider_id, char *pin, struct sshkey ***keyp,
+    char ***labelsp)
 {
 	error("%s: dlopen() not supported", __func__);
 	return (-1);

ssh-sk-client.c

diff --git a/ssh-sk-client.c b/ssh-sk-client.c
index 8d7e6c3..e932590 100644
--- a/ssh-sk-client.c
+++ b/ssh-sk-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk-client.c,v 1.7 2020/01/23 07:10:22 dtucker Exp $ */
+/* $OpenBSD: ssh-sk-client.c,v 1.9 2021/04/03 06:18:41 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -47,7 +47,7 @@
 start_helper(int *fdp, pid_t *pidp, void (**osigchldp)(int))
 {
 	void (*osigchld)(int);
-	int oerrno, pair[2], r = SSH_ERR_INTERNAL_ERROR;
+	int oerrno, pair[2];
 	pid_t pid;
 	char *helper, *verbosity = NULL;
 
@@ -60,8 +60,7 @@
 		helper = _PATH_SSH_SK_HELPER;
 	if (access(helper, X_OK) != 0) {
 		oerrno = errno;
-		error("%s: helper \"%s\" unusable: %s", __func__, helper,
-		    strerror(errno));
+		error_f("helper \"%s\" unusable: %s", helper, strerror(errno));
 		errno = oerrno;
 		return SSH_ERR_SYSTEM_ERROR;
 	}
@@ -87,22 +86,22 @@
 	if (pid == 0) {
 		if ((dup2(pair[1], STDIN_FILENO) == -1) ||
 		    (dup2(pair[1], STDOUT_FILENO) == -1)) {
-			error("%s: dup2: %s", __func__, ssh_err(r));
+			error_f("dup2: %s", strerror(errno));
 			_exit(1);
 		}
 		close(pair[0]);
 		close(pair[1]);
 		closefrom(STDERR_FILENO + 1);
-		debug("%s: starting %s %s", __func__, helper,
+		debug_f("starting %s %s", helper,
 		    verbosity == NULL ? "" : verbosity);
 		execlp(helper, helper, verbosity, (char *)NULL);
-		error("%s: execlp: %s", __func__, strerror(errno));
+		error_f("execlp: %s", strerror(errno));
 		_exit(1);
 	}
 	close(pair[1]);
 
 	/* success */
-	debug3("%s: started pid=%ld", __func__, (long)pid);
+	debug3_f("started pid=%ld", (long)pid);
 	*fdp = pair[0];
 	*pidp = pid;
 	*osigchldp = osigchld;
@@ -114,7 +113,7 @@
 {
 	int status, oerrno;
 
-	debug3("%s: pid=%ld", __func__, (long)pid);
+	debug3_f("pid=%ld", (long)pid);
 
 	errno = 0;
 	while (waitpid(pid, &status, 0) == -1) {
@@ -123,15 +122,15 @@
 			continue;
 		}
 		oerrno = errno;
-		error("%s: waitpid: %s", __func__, strerror(errno));
+		error_f("waitpid: %s", strerror(errno));
 		errno = oerrno;
 		return SSH_ERR_SYSTEM_ERROR;
 	}
 	if (!WIFEXITED(status)) {
-		error("%s: helper exited abnormally", __func__);
+		error_f("helper exited abnormally");
 		return SSH_ERR_AGENT_FAILURE;
 	} else if (WEXITSTATUS(status) != 0) {
-		error("%s: helper exited with non-zero exit status", __func__);
+		error_f("helper exited with non-zero exit status");
 		return SSH_ERR_AGENT_FAILURE;
 	}
 	return 0;
@@ -158,40 +157,40 @@
 	/* Request preamble: type, log_on_stderr, log_level */
 	ll = log_level_get();
 	if ((r = sshbuf_put_u32(req, type)) != 0 ||
-	   (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 ||
-	   (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 ||
-	   (r = sshbuf_putb(req, msg)) != 0) {
-		error("%s: build: %s", __func__, ssh_err(r));
+	    (r = sshbuf_put_u8(req, log_is_on_stderr() != 0)) != 0 ||
+	    (r = sshbuf_put_u32(req, ll < 0 ? 0 : ll)) != 0 ||
+	    (r = sshbuf_putb(req, msg)) != 0) {
+		error_fr(r, "compose");
 		goto out;
 	}
 	if ((r = ssh_msg_send(fd, SSH_SK_HELPER_VERSION, req)) != 0) {
-		error("%s: send: %s", __func__, ssh_err(r));
+		error_fr(r, "send");
 		goto out;
 	}
 	if ((r = ssh_msg_recv(fd, resp)) != 0) {
-		error("%s: receive: %s", __func__, ssh_err(r));
+		error_fr(r, "receive");
 		goto out;
 	}
 	if ((r = sshbuf_get_u8(resp, &version)) != 0) {
-		error("%s: parse version: %s", __func__, ssh_err(r));
+		error_fr(r, "parse version");
 		goto out;
 	}
 	if (version != SSH_SK_HELPER_VERSION) {
-		error("%s: unsupported version: got %u, expected %u",
-		    __func__, version, SSH_SK_HELPER_VERSION);
+		error_f("unsupported version: got %u, expected %u",
+		    version, SSH_SK_HELPER_VERSION);
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
 	if ((r = sshbuf_get_u32(resp, &rtype)) != 0) {
-		error("%s: parse message type: %s", __func__, ssh_err(r));
+		error_fr(r, "parse message type");
 		goto out;
 	}
 	if (rtype == SSH_SK_HELPER_ERROR) {
 		if ((r = sshbuf_get_u32(resp, &rerr)) != 0) {
-			error("%s: parse error: %s", __func__, ssh_err(r));
+			error_fr(r, "parse");
 			goto out;
 		}
-		debug("%s: helper returned error -%u", __func__, rerr);
+		debug_f("helper returned error -%u", rerr);
 		/* OpenSSH error values are negative; encoded as -err on wire */
 		if (rerr == 0 || rerr >= INT_MAX)
 			r = SSH_ERR_INTERNAL_ERROR;
@@ -199,8 +198,8 @@
 			r = -(int)rerr;
 		goto out;
 	} else if (rtype != type) {
-		error("%s: helper returned incorrect message type %u, "
-		    "expecting %u", __func__, rtype, type);
+		error_f("helper returned incorrect message type %u, "
+		    "expecting %u", rtype, type);
 		r = SSH_ERR_INTERNAL_ERROR;
 		goto out;
 	}
@@ -250,7 +249,7 @@
 	}
 
 	if ((r = sshkey_private_serialize(key, kbuf)) != 0) {
-		error("%s: serialize private key: %s", __func__, ssh_err(r));
+		error_fr(r, "encode key");
 		goto out;
 	}
 	if ((r = sshbuf_put_stringb(req, kbuf)) != 0 ||
@@ -259,13 +258,13 @@
 	    (r = sshbuf_put_cstring(req, NULL)) != 0 || /* alg */
 	    (r = sshbuf_put_u32(req, compat)) != 0 ||
 	    (r = sshbuf_put_cstring(req, pin)) != 0) {
-		error("%s: compose: %s", __func__, ssh_err(r));
+		error_fr(r, "compose");
 		goto out;
 	}
 
 	if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT,
 	    SSH_FP_DEFAULT)) == NULL) {
-		error("%s: sshkey_fingerprint failed", __func__);
+		error_f("sshkey_fingerprint failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -273,12 +272,12 @@
 		goto out;
 
 	if ((r = sshbuf_get_string(resp, sigp, lenp)) != 0) {
-		error("%s: parse signature: %s", __func__, ssh_err(r));
+		error_fr(r, "parse signature");
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
 	if (sshbuf_len(resp) != 0) {
-		error("%s: trailing data in response", __func__);
+		error_f("trailing data in response");
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
@@ -334,7 +333,7 @@
 	    (r = sshbuf_put_u8(req, flags)) != 0 ||
 	    (r = sshbuf_put_cstring(req, pin)) != 0 ||
 	    (r = sshbuf_put_stringb(req, challenge_buf)) != 0) {
-		error("%s: compose: %s", __func__, ssh_err(r));
+		error_fr(r, "compose");
 		goto out;
 	}
 
@@ -343,21 +342,21 @@
 
 	if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
 	    (r = sshbuf_get_stringb(resp, abuf)) != 0) {
-		error("%s: parse signature: %s", __func__, ssh_err(r));
+		error_fr(r, "parse");
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
 	if (sshbuf_len(resp) != 0) {
-		error("%s: trailing data in response", __func__);
+		error_f("trailing data in response");
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
 	if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
-		error("Unable to parse private key: %s", ssh_err(r));
+		error_fr(r, "encode");
 		goto out;
 	}
 	if (attest != NULL && (r = sshbuf_putb(attest, abuf)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "encode attestation information");
 		goto out;
 	}
 
@@ -398,7 +397,7 @@
 	if ((r = sshbuf_put_cstring(req, provider_path)) != 0 ||
 	    (r = sshbuf_put_cstring(req, device)) != 0 ||
 	    (r = sshbuf_put_cstring(req, pin)) != 0) {
-		error("%s: compose: %s", __func__, ssh_err(r));
+		error_fr(r, "compose");
 		goto out;
 	}
 
@@ -409,21 +408,21 @@
 		/* key, comment */
 		if ((r = sshbuf_get_stringb(resp, kbuf)) != 0 ||
 		    (r = sshbuf_get_cstring(resp, NULL, NULL)) != 0) {
-			error("%s: parse signature: %s", __func__, ssh_err(r));
+			error_fr(r, "parse signature");
 			r = SSH_ERR_INVALID_FORMAT;
 			goto out;
 		}
 		if ((r = sshkey_private_deserialize(kbuf, &key)) != 0) {
-			error("Unable to parse private key: %s", ssh_err(r));
+			error_fr(r, "decode key");
 			goto out;
 		}
 		if ((tmp = recallocarray(keys, nkeys, nkeys + 1,
 		    sizeof(*keys))) == NULL) {
-			error("%s: recallocarray keys failed", __func__);
+			error_f("recallocarray keys failed");
 			goto out;
 		}
-		debug("%s: keys[%zu]: %s %s", __func__,
-		    nkeys, sshkey_type(key), key->sk_application);
+		debug_f("keys[%zu]: %s %s", nkeys, sshkey_type(key),
+		    key->sk_application);
 		keys = tmp;
 		keys[nkeys++] = key;
 		key = NULL;

ssh-sk-helper.c

diff --git a/ssh-sk-helper.c b/ssh-sk-helper.c
index 2f93ad7..21a0891 100644
--- a/ssh-sk-helper.c
+++ b/ssh-sk-helper.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk-helper.c,v 1.9 2020/01/25 23:13:09 djm Exp $ */
+/* $OpenBSD: ssh-sk-helper.c,v 1.11 2020/10/18 11:32:02 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -67,7 +67,7 @@
 	free(msg);
 
 	if (r >= 0)
-		fatal("%s: invalid error code %d", __func__, r);
+		fatal_f("invalid error code %d", r);
 
 	if ((resp = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __progname);
@@ -93,12 +93,12 @@
 {
 	int r = SSH_ERR_INTERNAL_ERROR;
 	struct sshbuf *resp, *kbuf;
-	struct sshkey *key;
+	struct sshkey *key = NULL;
 	uint32_t compat;
 	const u_char *message;
-	u_char *sig;
-	size_t msglen, siglen;
-	char *provider, *pin;
+	u_char *sig = NULL;
+	size_t msglen, siglen = 0;
+	char *provider = NULL, *pin = NULL;
 
 	if ((r = sshbuf_froms(req, &kbuf)) != 0 ||
 	    (r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
@@ -106,17 +106,19 @@
 	    (r = sshbuf_get_cstring(req, NULL, NULL)) != 0 || /* alg */
 	    (r = sshbuf_get_u32(req, &compat)) != 0 ||
 	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: parse", __progname);
 	if (sshbuf_len(req) != 0)
 		fatal("%s: trailing data in request", __progname);
 
 	if ((r = sshkey_private_deserialize(kbuf, &key)) != 0)
-		fatal("Unable to parse private key: %s", ssh_err(r));
-	if (!sshkey_is_sk(key))
-		fatal("Unsupported key type %s", sshkey_ssh_name(key));
+		fatal_r(r, "%s: Unable to parse private key", __progname);
+	if (!sshkey_is_sk(key)) {
+		fatal("%s: Unsupported key type %s",
+		    __progname, sshkey_ssh_name(key));
+	}
 
-	debug("%s: ready to sign with key %s, provider %s: "
-	    "msg len %zu, compat 0x%lx", __progname, sshkey_type(key),
+	debug_f("ready to sign with key %s, provider %s: "
+	    "msg len %zu, compat 0x%lx", sshkey_type(key),
 	    provider, msglen, (u_long)compat);
 
 	null_empty(&pin);
@@ -132,10 +134,13 @@
 
 	if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_SIGN)) != 0 ||
 	    (r = sshbuf_put_string(resp, sig, siglen)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: compose", __progname);
  out:
+	sshkey_free(key);
 	sshbuf_free(kbuf);
 	free(provider);
+	if (sig != NULL)
+		freezero(sig, siglen);
 	if (pin != NULL)
 		freezero(pin, strlen(pin));
 	return resp;
@@ -163,7 +168,7 @@
 	    (r = sshbuf_get_u8(req, &flags)) != 0 ||
 	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0 ||
 	    (r = sshbuf_froms(req, &challenge)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: parse", __progname);
 	if (sshbuf_len(req) != 0)
 		fatal("%s: trailing data in request", __progname);
 
@@ -186,11 +191,11 @@
 	if ((resp = sshbuf_new()) == NULL)
 		fatal("%s: sshbuf_new failed", __progname);
 	if ((r = sshkey_private_serialize(key, kbuf)) != 0)
-		fatal("%s: serialize private key: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: encode key", __progname);
 	if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_ENROLL)) != 0 ||
 	    (r = sshbuf_put_stringb(resp, kbuf)) != 0 ||
 	    (r = sshbuf_put_stringb(resp, attest)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: compose", __progname);
 
  out:
 	sshkey_free(key);
@@ -220,7 +225,7 @@
 	if ((r = sshbuf_get_cstring(req, &provider, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(req, &device, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(req, &pin, NULL)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: parse", __progname);
 	if (sshbuf_len(req) != 0)
 		fatal("%s: trailing data in request", __progname);
 
@@ -238,18 +243,17 @@
 		fatal("%s: sshbuf_new failed", __progname);
 
 	if ((r = sshbuf_put_u32(resp, SSH_SK_HELPER_LOAD_RESIDENT)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: compose", __progname);
 
 	for (i = 0; i < nkeys; i++) {
-		debug("%s: key %zu %s %s", __func__, i,
-		    sshkey_type(keys[i]), keys[i]->sk_application);
+		debug_f("key %zu %s %s", i, sshkey_type(keys[i]),
+		    keys[i]->sk_application);
 		sshbuf_reset(kbuf);
 		if ((r = sshkey_private_serialize(keys[i], kbuf)) != 0)
-			fatal("%s: serialize private key: %s",
-			    __progname, ssh_err(r));
+			fatal_r(r, "%s: encode key", __progname);
 		if ((r = sshbuf_put_stringb(resp, kbuf)) != 0 ||
 		    (r = sshbuf_put_cstring(resp, "")) != 0) /* comment */
-			fatal("%s: buffer error: %s", __progname, ssh_err(r));
+			fatal_r(r, "%s: compose key", __progname);
 	}
 
  out:
@@ -308,10 +312,10 @@
 	if (ssh_msg_recv(in, req) < 0)
 		fatal("ssh_msg_recv failed");
 	close(in);
-	debug("%s: received message len %zu", __progname, sshbuf_len(req));
+	debug_f("received message len %zu", sshbuf_len(req));
 
 	if ((r = sshbuf_get_u8(req, &version)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: parse version", __progname);
 	if (version != SSH_SK_HELPER_VERSION) {
 		fatal("unsupported version: received %d, expected %d",
 		    version, SSH_SK_HELPER_VERSION);
@@ -320,7 +324,7 @@
 	if ((r = sshbuf_get_u32(req, &rtype)) != 0 ||
 	    (r = sshbuf_get_u8(req, &log_stderr)) != 0 ||
 	    (r = sshbuf_get_u32(req, &ll)) != 0)
-		fatal("%s: buffer error: %s", __progname, ssh_err(r));
+		fatal_r(r, "%s: parse", __progname);
 
 	if (!vflag && log_level_name((LogLevel)ll) != NULL)
 		log_init(__progname, (LogLevel)ll, log_facility, log_stderr);
@@ -339,7 +343,7 @@
 		fatal("%s: unsupported request type %u", __progname, rtype);
 	}
 	sshbuf_free(req);
-	debug("%s: reply len %zu", __progname, sshbuf_len(resp));
+	debug_f("reply len %zu", sshbuf_len(resp));
 
 	if (ssh_msg_send(out, SSH_SK_HELPER_VERSION, resp) == -1)
 		fatal("ssh_msg_send failed");

ssh-sk.c

diff --git a/ssh-sk.c b/ssh-sk.c
index 1afb205..d254e77 100644
--- a/ssh-sk.c
+++ b/ssh-sk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-sk.c,v 1.30 2020/04/28 04:02:29 djm Exp $ */
+/* $OpenBSD: ssh-sk.c,v 1.35 2021/02/26 00:16:58 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -105,11 +105,11 @@
 		return NULL;
 	}
 	if ((ret = calloc(1, sizeof(*ret))) == NULL) {
-		error("%s: calloc failed", __func__);
+		error_f("calloc failed");
 		return NULL;
 	}
 	if ((ret->path = strdup(path)) == NULL) {
-		error("%s: strdup failed", __func__);
+		error_f("strdup failed");
 		goto fail;
 	}
 	/* Skip the rest if we're using the linked in middleware */
@@ -134,8 +134,8 @@
 		goto fail;
 	}
 	version = ret->sk_api_version();
-	debug("%s: provider %s implements version 0x%08lx", __func__,
-	    ret->path, (u_long)version);
+	debug_f("provider %s implements version 0x%08lx", ret->path,
+	    (u_long)version);
 	if ((version & SSH_SK_VERSION_MAJOR_MASK) != SSH_SK_VERSION_MAJOR) {
 		error("Provider \"%s\" implements unsupported "
 		    "version 0x%08lx (supported: 0x%08lx)",
@@ -174,6 +174,7 @@
 	freezero(r->public_key, r->public_key_len);
 	freezero(r->signature, r->signature_len);
 	freezero(r->attestation_cert, r->attestation_cert_len);
+	freezero(r->authdata, r->authdata_len);
 	freezero(r, sizeof(*r));
 }
 
@@ -199,7 +200,7 @@
 
 	*keyp = NULL;
 	if ((key = sshkey_new(KEY_ECDSA_SK)) == NULL) {
-		error("%s: sshkey_new failed", __func__);
+		error_f("sshkey_new failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -207,17 +208,17 @@
 	if ((key->ecdsa = EC_KEY_new_by_curve_name(key->ecdsa_nid)) == NULL ||
 	    (q = EC_POINT_new(EC_KEY_get0_group(key->ecdsa))) == NULL ||
 	    (b = sshbuf_new()) == NULL) {
-		error("%s: allocation failed", __func__);
+		error_f("allocation failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 	if ((r = sshbuf_put_string(b,
 	    resp->public_key, resp->public_key_len)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "sshbuf_put_string");
 		goto out;
 	}
 	if ((r = sshbuf_get_ec(b, q, EC_KEY_get0_group(key->ecdsa))) != 0) {
-		error("%s: parse key: %s", __func__, ssh_err(r));
+		error_fr(r, "parse");
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
@@ -228,7 +229,7 @@
 	}
 	if (EC_KEY_set_public_key(key->ecdsa, q) != 1) {
 		/* XXX assume it is a allocation error */
-		error("%s: allocation failed", __func__);
+		error_f("allocation failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -252,17 +253,17 @@
 
 	*keyp = NULL;
 	if (resp->public_key_len != ED25519_PK_SZ) {
-		error("%s: invalid size: %zu", __func__, resp->public_key_len);
+		error_f("invalid size: %zu", resp->public_key_len);
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
 	if ((key = sshkey_new(KEY_ED25519_SK)) == NULL) {
-		error("%s: sshkey_new failed", __func__);
+		error_f("sshkey_new failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 	if ((key->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
-		error("%s: malloc failed", __func__);
+		error_f("malloc failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -287,7 +288,7 @@
 
 	/* Check response validity */
 	if (resp->public_key == NULL || resp->key_handle == NULL) {
-		error("%s: sk_enroll response invalid", __func__);
+		error_f("sk_enroll response invalid");
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
@@ -303,25 +304,25 @@
 			goto out;
 		break;
 	default:
-		error("%s: unsupported algorithm %d", __func__, alg);
+		error_f("unsupported algorithm %d", alg);
 		r = SSH_ERR_INVALID_ARGUMENT;
 		goto out;
 	}
 	key->sk_flags = flags;
 	if ((key->sk_key_handle = sshbuf_new()) == NULL ||
 	    (key->sk_reserved = sshbuf_new()) == NULL) {
-		error("%s: allocation failed", __func__);
+		error_f("allocation failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 	if ((key->sk_application = strdup(application)) == NULL) {
-		error("%s: strdup application failed", __func__);
+		error_f("strdup application failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 	if ((r = sshbuf_put(key->sk_key_handle, resp->key_handle,
 	    resp->key_handle_len)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "put key handle");
 		goto out;
 	}
 	/* success */
@@ -373,18 +374,18 @@
 
 	if ((opts = recallocarray(opts, nopts, nopts + 2, /* extra for NULL */
 	    sizeof(*opts))) == NULL) {
-		error("%s: array alloc failed", __func__);
+		error_f("array alloc failed");
 		return SSH_ERR_ALLOC_FAIL;
 	}
 	*optsp = opts;
 	*noptsp = nopts + 1;
 	if ((opts[nopts] = calloc(1, sizeof(**opts))) == NULL) {
-		error("%s: alloc failed", __func__);
+		error_f("alloc failed");
 		return SSH_ERR_ALLOC_FAIL;
 	}
 	if ((opts[nopts]->name = strdup(name)) == NULL ||
 	    (opts[nopts]->value = strdup(value)) == NULL) {
-		error("%s: alloc failed", __func__);
+		error_f("alloc failed");
 		return SSH_ERR_ALLOC_FAIL;
 	}
 	opts[nopts]->required = required;
@@ -419,6 +420,31 @@
 	return ret;
 }
 
+
+static int
+fill_attestation_blob(const struct sk_enroll_response *resp,
+    struct sshbuf *attest)
+{
+	int r;
+
+	if (attest == NULL)
+		return 0; /* nothing to do */
+	if ((r = sshbuf_put_cstring(attest, "ssh-sk-attest-v01")) != 0 ||
+	    (r = sshbuf_put_string(attest,
+	    resp->attestation_cert, resp->attestation_cert_len)) != 0 ||
+	    (r = sshbuf_put_string(attest,
+	    resp->signature, resp->signature_len)) != 0 ||
+	    (r = sshbuf_put_string(attest,
+	    resp->authdata, resp->authdata_len)) != 0 ||
+	    (r = sshbuf_put_u32(attest, 0)) != 0 || /* resvd flags */
+	    (r = sshbuf_put_string(attest, NULL, 0)) != 0 /* resvd */) {
+		error_fr(r, "compose");
+		return r;
+	}
+	/* success */
+	return 0;
+}
+
 int
 sshsk_enroll(int type, const char *provider_path, const char *device,
     const char *application, const char *userid, uint8_t flags,
@@ -435,8 +461,8 @@
 	int r = SSH_ERR_INTERNAL_ERROR;
 	int alg;
 
-	debug("%s: provider \"%s\", device \"%s\", application \"%s\", "
-	    "userid \"%s\", flags 0x%02x, challenge len %zu%s", __func__,
+	debug_f("provider \"%s\", device \"%s\", application \"%s\", "
+	    "userid \"%s\", flags 0x%02x, challenge len %zu%s",
 	    provider_path, device, application, userid, flags,
 	    challenge_buf == NULL ? 0 : sshbuf_len(challenge_buf),
 	    (pin != NULL && *pin != '\0') ? " with-pin" : "");
@@ -458,22 +484,22 @@
 		alg = SSH_SK_ED25519;
 		break;
 	default:
-		error("%s: unsupported key type", __func__);
+		error_f("unsupported key type");
 		r = SSH_ERR_INVALID_ARGUMENT;
 		goto out;
 	}
 	if (provider_path == NULL) {
-		error("%s: missing provider", __func__);
+		error_f("missing provider");
 		r = SSH_ERR_INVALID_ARGUMENT;
 		goto out;
 	}
 	if (application == NULL || *application == '\0') {
-		error("%s: missing application", __func__);
+		error_f("missing application");
 		r = SSH_ERR_INVALID_ARGUMENT;
 		goto out;
 	}
 	if (challenge_buf == NULL) {
-		debug("%s: using random challenge", __func__);
+		debug_f("using random challenge");
 		arc4random_buf(randchall, sizeof(randchall));
 		challenge = randchall;
 		challenge_len = sizeof(randchall);
@@ -484,8 +510,7 @@
 	} else {
 		challenge = sshbuf_ptr(challenge_buf);
 		challenge_len = sshbuf_len(challenge_buf);
-		debug3("%s: using explicit challenge len=%zd",
-		    __func__, challenge_len);
+		debug3_f("using explicit challenge len=%zd", challenge_len);
 	}
 	if ((skp = sshsk_open(provider_path)) == NULL) {
 		r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
@@ -495,8 +520,7 @@
 	/* enroll key */
 	if ((r = skp->sk_enroll(alg, challenge, challenge_len, application,
 	    flags, pin, opts, &resp)) != 0) {
-		debug("%s: provider \"%s\" returned failure %d", __func__,
-		    provider_path, r);
+		debug_f("provider \"%s\" failure %d", provider_path, r);
 		r = skerr_to_ssherr(r);
 		goto out;
 	}
@@ -506,19 +530,9 @@
 		goto out;
 
 	/* Optionally fill in the attestation information */
-	if (attest != NULL) {
-		if ((r = sshbuf_put_cstring(attest,
-		    "ssh-sk-attest-v00")) != 0 ||
-		    (r = sshbuf_put_string(attest,
-		    resp->attestation_cert, resp->attestation_cert_len)) != 0 ||
-		    (r = sshbuf_put_string(attest,
-		    resp->signature, resp->signature_len)) != 0 ||
-		    (r = sshbuf_put_u32(attest, 0)) != 0 || /* resvd flags */
-		    (r = sshbuf_put_string(attest, NULL, 0)) != 0 /* resvd */) {
-			error("%s: buffer error: %s", __func__, ssh_err(r));
-			goto out;
-		}
-	}
+	if ((r = fill_attestation_blob(resp, attest)) != 0)
+		goto out;
+
 	/* success */
 	*keyp = key;
 	key = NULL; /* transferred */
@@ -541,7 +555,7 @@
 
 	/* Check response validity */
 	if (resp->sig_r == NULL || resp->sig_s == NULL) {
-		error("%s: sk_sign response invalid", __func__);
+		error_f("sk_sign response invalid");
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
@@ -554,13 +568,13 @@
 	    resp->sig_r, resp->sig_r_len)) != 0 ||
 	    (r = sshbuf_put_bignum2_bytes(inner_sig,
 	    resp->sig_s, resp->sig_s_len)) != 0) {
-		debug("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "compose inner");
 		goto out;
 	}
 	if ((r = sshbuf_put_stringb(sig, inner_sig)) != 0 ||
 	    (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
 	    (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
-		debug("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "compose");
 		goto out;
 	}
 #ifdef DEBUG_SK
@@ -585,7 +599,7 @@
 
 	/* Check response validity */
 	if (resp->sig_r == NULL) {
-		error("%s: sk_sign response invalid", __func__);
+		error_f("sk_sign response invalid");
 		r = SSH_ERR_INVALID_FORMAT;
 		goto out;
 	}
@@ -593,7 +607,7 @@
 	    resp->sig_r, resp->sig_r_len)) != 0 ||
 	    (r = sshbuf_put_u8(sig, resp->flags)) != 0 ||
 	    (r = sshbuf_put_u32(sig, resp->counter)) != 0) {
-		debug("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "compose");
 		goto out;
 	}
 #ifdef DEBUG_SK
@@ -617,7 +631,7 @@
 	struct sshbuf *inner_sig = NULL, *sig = NULL;
 	struct sk_option **opts = NULL;
 
-	debug("%s: provider \"%s\", key %s, flags 0x%02x%s", __func__,
+	debug_f("provider \"%s\", key %s, flags 0x%02x%s",
 	    provider_path, sshkey_type(key), key->sk_flags,
 	    (pin != NULL && *pin != '\0') ? " with-pin" : "");
 
@@ -648,11 +662,16 @@
 		r = SSH_ERR_INVALID_FORMAT; /* XXX sshsk_open return code? */
 		goto out;
 	}
-
+#ifdef DEBUG_SK
+	fprintf(stderr, "%s: sk_flags = 0x%02x, sk_application = \"%s\"\n",
+	    __func__, key->sk_flags, key->sk_application);
+	fprintf(stderr, "%s: sk_key_handle:\n", __func__);
+	sshbuf_dump(key->sk_key_handle, stderr);
+#endif
 	if ((r = skp->sk_sign(alg, data, datalen, key->sk_application,
 	    sshbuf_ptr(key->sk_key_handle), sshbuf_len(key->sk_key_handle),
 	    key->sk_flags, pin, opts, &resp)) != 0) {
-		debug("%s: sk_sign failed with code %d", __func__, r);
+		debug_f("sk_sign failed with code %d", r);
 		r = skerr_to_ssherr(r);
 		goto out;
 	}
@@ -662,7 +681,7 @@
 		goto out;
 	}
 	if ((r = sshbuf_put_cstring(sig, sshkey_ssh_name_plain(key))) != 0) {
-		debug("%s: buffer error (outer): %s", __func__, ssh_err(r));
+		error_fr(r, "compose outer");
 		goto out;
 	}
 	switch (type) {
@@ -680,8 +699,8 @@
 #ifdef DEBUG_SK
 	fprintf(stderr, "%s: sig_flags = 0x%02x, sig_counter = %u\n",
 	    __func__, resp->flags, resp->counter);
-	fprintf(stderr, "%s: hashed message:\n", __func__);
-	sshbuf_dump_data(message, sizeof(message), stderr);
+	fprintf(stderr, "%s: data to sign:\n", __func__);
+	sshbuf_dump_data(data, datalen, stderr);
 	fprintf(stderr, "%s: sigbuf:\n", __func__);
 	sshbuf_dump(sig, stderr);
 #endif
@@ -736,7 +755,7 @@
 	uint8_t flags;
 	struct sk_option **opts = NULL;
 
-	debug("%s: provider \"%s\"%s", __func__, provider_path,
+	debug_f("provider \"%s\"%s", provider_path,
 	    (pin != NULL && *pin != '\0') ? ", have-pin": "");
 
 	if (keysp == NULL || nkeysp == NULL)
@@ -756,9 +775,8 @@
 		goto out;
 	}
 	for (i = 0; i < nrks; i++) {
-		debug3("%s: rk %zu: slot = %zu, alg = %d, application = \"%s\"",
-		    __func__, i, rks[i]->slot, rks[i]->alg,
-		    rks[i]->application);
+		debug3_f("rk %zu: slot = %zu, alg = %d, application = \"%s\"",
+		    i, rks[i]->slot, rks[i]->alg, rks[i]->application);
 		/* XXX need better filter here */
 		if (strncmp(rks[i]->application, "ssh:", 4) != 0)
 			continue;
@@ -769,14 +787,15 @@
 		default:
 			continue;
 		}
-		/* XXX where to get flags? */
 		flags = SSH_SK_USER_PRESENCE_REQD|SSH_SK_RESIDENT_KEY;
+		if ((rks[i]->flags & SSH_SK_USER_VERIFICATION_REQD))
+			flags |= SSH_SK_USER_VERIFICATION_REQD;
 		if ((r = sshsk_key_from_response(rks[i]->alg,
 		    rks[i]->application, flags, &rks[i]->key, &key)) != 0)
 			goto out;
 		if ((tmp = recallocarray(keys, nkeys, nkeys + 1,
 		    sizeof(*tmp))) == NULL) {
-			error("%s: recallocarray failed", __func__);
+			error_f("recallocarray failed");
 			r = SSH_ERR_ALLOC_FAIL;
 			goto out;
 		}

ssh-xmss.c

diff --git a/ssh-xmss.c b/ssh-xmss.c
index ccd4c76..7bd3a96 100644
--- a/ssh-xmss.c
+++ b/ssh-xmss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-xmss.c,v 1.2 2020/02/26 13:40:09 jsg Exp $*/
+/* $OpenBSD: ssh-xmss.c,v 1.4 2020/10/19 22:49:23 dtucker Exp $*/
 /*
  * Copyright (c) 2017 Stefan-Lukas Gazdag.
  * Copyright (c) 2017 Markus Friedl.
@@ -62,7 +62,7 @@
 	smlen = slen = datalen + required_siglen;
 	if ((sig = malloc(slen)) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
-	if ((r = sshkey_xmss_get_state(key, error)) != 0)
+	if ((r = sshkey_xmss_get_state(key, 1)) != 0)
 		goto out;
 	if ((ret = xmss_sign(key->xmss_sk, sshkey_xmss_bds_state(key), sig, &smlen,
 	    data, datalen, sshkey_xmss_params(key))) != 0 || smlen <= datalen) {
@@ -90,7 +90,7 @@
 	/* success */
 	r = 0;
  out:
-	if ((ret = sshkey_xmss_update_state(key, error)) != 0) {
+	if ((ret = sshkey_xmss_update_state(key, 1)) != 0) {
 		/* discard signature since we cannot update the state */
 		if (r == 0 && sigp != NULL && *sigp != NULL) {
 			explicit_bzero(*sigp, len);
@@ -164,8 +164,7 @@
 	memcpy(sm+len, data, datalen);
 	if ((ret = xmss_sign_open(m, &mlen, sm, smlen,
 	    key->xmss_pk, sshkey_xmss_params(key))) != 0) {
-		debug2("%s: crypto_sign_xmss_open failed: %d",
-		    __func__, ret);
+		debug2_f("xmss_sign_open failed: %d", ret);
 	}
 	if (ret != 0 || mlen != datalen) {
 		r = SSH_ERR_SIGNATURE_INVALID;

ssh.1

diff --git a/ssh.1 b/ssh.1
index dce5f40..7efb238 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.412 2020/04/17 03:34:42 djm Exp $
-.Dd $Mdocdate: April 17 2020 $
+.\" $OpenBSD: ssh.1,v 1.427 2021/09/10 10:26:02 dtucker Exp $
+.Dd $Mdocdate: September 10 2021 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -65,7 +65,7 @@
 .Op Fl W Ar host : Ns Ar port
 .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun
 .Ar destination
-.Op Ar command
+.Op Ar command Op Ar argument ...
 .Sh DESCRIPTION
 .Nm
 (SSH client) is a program for logging into a remote machine and for
@@ -88,13 +88,18 @@
 .No ssh:// Oo user @ Oc hostname Op : port .
 .Sm on
 The user must prove
-his/her identity to the remote machine using one of several methods
+their identity to the remote machine using one of several methods
 (see below).
 .Pp
 If a
 .Ar command
 is specified,
-it is executed on the remote host instead of a login shell.
+it will be executed on the remote host instead of a login shell.
+A complete command line may be specified as
+.Ar command ,
+or it may have additional arguments.
+If supplied, the arguments will be appended to the command, separated by
+spaces, before it is sent to the server to be executed.
 .Pp
 The options are as follows:
 .Pp
@@ -259,6 +264,11 @@
 .Fl f
 will wait for all remote port forwards to be successfully established
 before placing itself in the background.
+Refer to the description of
+.Cm ForkAfterAuthentication
+in
+.Xr ssh_config 5
+for details.
 .Pp
 .It Fl G
 Causes
@@ -283,6 +293,10 @@
 .It Fl i Ar identity_file
 Selects a file from which the identity (private key) for
 public key authentication is read.
+You can also specify a public key file to use the corresponding
+private key that is loaded in
+.Xr ssh-agent 1
+when the private key file is not present locally.
 The default is
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
@@ -425,6 +439,11 @@
 .It Fl N
 Do not execute a remote command.
 This is useful for just forwarding ports.
+Refer to the description of
+.Cm SessionType
+in
+.Xr ssh_config 5
+for details.
 .Pp
 .It Fl n
 Redirects stdin from
@@ -446,6 +465,11 @@
 needs to ask for a password or passphrase; see also the
 .Fl f
 option.)
+Refer to the description of
+.Cm StdinNull
+in
+.Xr ssh_config 5
+for details.
 .Pp
 .It Fl O Ar ctl_cmd
 Control an active connection multiplexing master process.
@@ -485,7 +509,6 @@
 .It CanonicalizePermittedCNAMEs
 .It CASignatureAlgorithms
 .It CertificateFile
-.It ChallengeResponseAuthentication
 .It CheckHostIP
 .It Ciphers
 .It ClearAllForwardings
@@ -499,6 +522,7 @@
 .It EscapeChar
 .It ExitOnForwardFailure
 .It FingerprintHash
+.It ForkAfterAuthentication
 .It ForwardAgent
 .It ForwardX11
 .It ForwardX11Timeout
@@ -509,8 +533,8 @@
 .It GSSAPIDelegateCredentials
 .It HashKnownHosts
 .It Host
+.It HostbasedAcceptedAlgorithms
 .It HostbasedAuthentication
-.It HostbasedKeyTypes
 .It HostKeyAlgorithms
 .It HostKeyAlias
 .It Hostname
@@ -521,6 +545,7 @@
 .It KbdInteractiveAuthentication
 .It KbdInteractiveDevices
 .It KexAlgorithms
+.It KnownHostsCommand
 .It LocalCommand
 .It LocalForward
 .It LogLevel
@@ -530,13 +555,14 @@
 .It NumberOfPasswordPrompts
 .It PasswordAuthentication
 .It PermitLocalCommand
+.It PermitRemoteOpen
 .It PKCS11Provider
 .It Port
 .It PreferredAuthentications
 .It ProxyCommand
 .It ProxyJump
 .It ProxyUseFdpass
-.It PubkeyAcceptedKeyTypes
+.It PubkeyAcceptedAlgorithms
 .It PubkeyAuthentication
 .It RekeyLimit
 .It RemoteCommand
@@ -545,7 +571,9 @@
 .It SendEnv
 .It ServerAliveInterval
 .It ServerAliveCountMax
+.It SessionType
 .It SetEnv
+.It StdinNull
 .It StreamLocalBindMask
 .It StreamLocalBindUnlink
 .It StrictHostKeyChecking
@@ -566,10 +594,7 @@
 per-host basis in the configuration file.
 .Pp
 .It Fl Q Ar query_option
-Queries
-.Nm
-for the algorithms supported for the specified version 2.
-The available features are:
+Queries for the algorithms supported by one of the following features:
 .Ar cipher
 (supported symmetric ciphers),
 .Ar cipher-auth
@@ -702,6 +727,11 @@
 as a secure transport for other applications (e.g.\&
 .Xr sftp 1 ) .
 The subsystem is specified as the remote command.
+Refer to the description of
+.Cm SessionType
+in
+.Xr ssh_config 5
+for details.
 .Pp
 .It Fl T
 Disable pseudo-terminal allocation.
@@ -831,7 +861,7 @@
 GSSAPI-based authentication,
 host-based authentication,
 public key authentication,
-challenge-response authentication,
+keyboard-interactive authentication,
 and password authentication.
 Authentication methods are tried in the order specified above,
 though
@@ -906,7 +936,7 @@
 .Fl v
 flag).
 .Pp
-The user creates his/her key pair by running
+The user creates their key pair by running
 .Xr ssh-keygen 1 .
 This stores the private key in
 .Pa ~/.ssh/id_dsa
@@ -940,7 +970,7 @@
 The user should then copy the public key
 to
 .Pa ~/.ssh/authorized_keys
-in his/her home directory on the remote machine.
+in their home directory on the remote machine.
 The
 .Pa authorized_keys
 file corresponds to the conventional
@@ -969,11 +999,11 @@
 .Xr ssh_config 5
 for more information.
 .Pp
-Challenge-response authentication works as follows:
+Keyboard-interactive authentication works as follows:
 The server sends an arbitrary
 .Qq challenge
-text, and prompts for a response.
-Examples of challenge-response authentication include
+text and prompts for a response, possibly multiple times.
+Examples of keyboard-interactive authentication include
 .Bx
 Authentication (see
 .Xr login.conf 5 )
@@ -1409,6 +1439,25 @@
 may be necessary to redirect the input from
 .Pa /dev/null
 to make this work.)
+.It Ev SSH_ASKPASS_REQUIRE
+Allows further control over the use of an askpass program.
+If this variable is set to
+.Dq never
+then
+.Nm
+will never attempt to use one.
+If it is set to
+.Dq prefer ,
+then
+.Nm
+will prefer to use the askpass program instead of the TTY when requesting
+passwords.
+Finally, if the variable is set to
+.Dq force ,
+then the askpass program will be used for all passphrase input regardless
+of whether
+.Ev DISPLAY
+is set.
 .It Ev SSH_AUTH_SOCK
 Identifies the path of a
 .Ux Ns -domain

ssh.c

diff --git a/ssh.c b/ssh.c
index 98b6ce7..e6fe809 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.527 2020/04/10 00:52:07 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.569 2021/09/20 04:02:13 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -16,7 +16,7 @@
  * Copyright (c) 1999 Niels Provos.  All rights reserved.
  * Copyright (c) 2000, 2001, 2002, 2003 Markus Friedl.  All rights reserved.
  *
- * Modified to work with SSL by Niels Provos <provos@citi.umich.edu>
+ * Modified to work with SSLeay by Niels Provos <provos@citi.umich.edu>
  * in Canada (German citizen).
  *
  * Redistribution and use in source and binary forms, with or without
@@ -126,30 +126,14 @@
 /* Flag indicating whether a tty should be requested */
 int tty_flag = 0;
 
-/* don't exec a shell */
-int no_shell_flag = 0;
-
-/*
- * Flag indicating that nothing should be read from stdin.  This can be set
- * on the command line.
- */
-int stdin_null_flag = 0;
-
 /*
  * Flag indicating that the current process should be backgrounded and
- * a new slave launched in the foreground for ControlPersist.
+ * a new mux-client launched in the foreground for ControlPersist.
  */
 int need_controlpersist_detach = 0;
 
-/* Copies of flags for ControlPersist foreground slave */
-int ostdin_null_flag, ono_shell_flag, otty_flag, orequest_tty;
-
-/*
- * Flag indicating that ssh should fork after authentication.  This is useful
- * so that the passphrase can be entered manually, and then ssh goes to the
- * background.
- */
-int fork_after_authentication_flag = 0;
+/* Copies of flags for ControlPersist foreground mux-client */
+int ostdin_null_flag, osession_type, otty_flag, orequest_tty;
 
 /*
  * General data structure for command line options and options configurable
@@ -173,10 +157,6 @@
  */
 char *forward_agent_sock_path = NULL;
 
-/* Various strings used to to percent_expand() arguments */
-static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
-static char uidstr[32], *host_arg, *conn_hash_hex;
-
 /* socket address the host resolves to */
 struct sockaddr_storage hostaddr;
 
@@ -186,9 +166,6 @@
 /* command to be executed */
 struct sshbuf *command;
 
-/* Should we execute a command or invoke a subsystem? */
-int subsystem_flag = 0;
-
 /* # of replies received for global requests */
 static int forward_confirms_pending = -1;
 
@@ -208,13 +185,13 @@
 "           [-i identity_file] [-J [user@]host[:port]] [-L address]\n"
 "           [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
 "           [-Q query_option] [-R address] [-S ctl_path] [-W host:port]\n"
-"           [-w local_tun[:remote_tun]] destination [command]\n"
+"           [-w local_tun[:remote_tun]] destination [command [argument ...]]\n"
 	);
 	exit(255);
 }
 
-static int ssh_session2(struct ssh *, struct passwd *);
-static void load_public_identity_files(struct passwd *);
+static int ssh_session2(struct ssh *, const struct ssh_conn_info *);
+static void load_public_identity_files(const struct ssh_conn_info *);
 static void main_sigchld_handler(int);
 
 /* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */
@@ -231,35 +208,40 @@
 	}
 }
 
-#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \
-    "C", conn_hash_hex, \
-    "L", shorthost, \
-    "i", uidstr, \
-    "l", thishost, \
-    "n", host_arg, \
-    "p", portstr
-
 /*
  * Expands the set of percent_expand options used by the majority of keywords
  * in the client that support percent expansion.
  * Caller must free returned string.
  */
 static char *
-default_client_percent_expand(const char *str, const char *homedir,
-    const char *remhost, const char *remuser, const char *locuser)
+default_client_percent_expand(const char *str,
+    const struct ssh_conn_info *cinfo)
 {
 	return percent_expand(str,
-	    /* values from statics above */
-	    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
-	    /* values from arguments */
-	    "d", homedir,
-	    "h", remhost,
-	    "r", remuser,
-	    "u", locuser,
+	    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
 	    (char *)NULL);
 }
 
 /*
+ * Expands the set of percent_expand options used by the majority of keywords
+ * AND perform environment variable substitution.
+ * Caller must free returned string.
+ */
+static char *
+default_client_percent_dollar_expand(const char *str,
+    const struct ssh_conn_info *cinfo)
+{
+	char *ret;
+
+	ret = percent_dollar_expand(str,
+	    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
+	    (char *)NULL);
+	if (ret == NULL)
+		fatal("invalid environment variable expansion");
+	return ret;
+}
+
+/*
  * Attempt to resolve a host name / port to a set of addresses and
  * optionally return any CNAMEs encountered along the way.
  * Returns NULL on failure.
@@ -277,6 +259,7 @@
 		port = default_ssh_port();
 	if (cname != NULL)
 		*cname = '\0';
+	debug3_f("lookup %s:%d", name, port);
 
 	snprintf(strport, sizeof strport, "%d", port);
 	memset(&hints, 0, sizeof(hints));
@@ -294,8 +277,8 @@
 	}
 	if (cname != NULL && res->ai_canonname != NULL) {
 		if (strlcpy(cname, res->ai_canonname, clen) >= clen) {
-			error("%s: host \"%s\" cname \"%s\" too long (max %lu)",
-			    __func__, name,  res->ai_canonname, (u_long)clen);
+			error_f("host \"%s\" cname \"%s\" too long (max %lu)",
+			    name,  res->ai_canonname, (u_long)clen);
 			if (clen > 0)
 				*cname = '\0';
 		}
@@ -359,29 +342,27 @@
 	hints.ai_socktype = SOCK_STREAM;
 	hints.ai_flags = AI_NUMERICHOST|AI_NUMERICSERV;
 	if ((gaierr = getaddrinfo(name, strport, &hints, &res)) != 0) {
-		debug2("%s: could not resolve name %.100s as address: %s",
-		    __func__, name, ssh_gai_strerror(gaierr));
+		debug2_f("could not resolve name %.100s as address: %s",
+		    name, ssh_gai_strerror(gaierr));
 		return NULL;
 	}
 	if (res == NULL) {
-		debug("%s: getaddrinfo %.100s returned no addresses",
-		 __func__, name);
+		debug_f("getaddrinfo %.100s returned no addresses", name);
 		return NULL;
 	}
 	if (res->ai_next != NULL) {
-		debug("%s: getaddrinfo %.100s returned multiple addresses",
-		    __func__, name);
+		debug_f("getaddrinfo %.100s returned multiple addresses", name);
 		goto fail;
 	}
 	if ((gaierr = getnameinfo(res->ai_addr, res->ai_addrlen,
 	    addr, sizeof(addr), NULL, 0, NI_NUMERICHOST)) != 0) {
-		debug("%s: Could not format address for name %.100s: %s",
-		    __func__, name, ssh_gai_strerror(gaierr));
+		debug_f("Could not format address for name %.100s: %s",
+		    name, ssh_gai_strerror(gaierr));
 		goto fail;
 	}
 	if (strlcpy(caddr, addr, clen) >= clen) {
-		error("%s: host \"%s\" addr \"%s\" too long (max %lu)",
-		    __func__, name,  addr, (u_long)clen);
+		error_f("host \"%s\" addr \"%s\" too long (max %lu)",
+		    name,  addr, (u_long)clen);
 		if (clen > 0)
 			*caddr = '\0';
  fail:
@@ -402,7 +383,7 @@
 	int i;
 	struct allowed_cname *rule;
 
-	if (*cname == '\0' || options.num_permitted_cnames == 0 ||
+	if (*cname == '\0' || !config_has_permitted_cnames(&options) ||
 	    strcmp(*namep, cname) == 0)
 		return 0;
 	if (options.canonicalize_hostname == SSH_CANONICALISE_NO)
@@ -414,7 +395,7 @@
 	if (!direct &&
 	    options.canonicalize_hostname != SSH_CANONICALISE_ALWAYS)
 		return 0;
-	debug3("%s: check \"%s\" CNAME \"%s\"", __func__, *namep, cname);
+	debug3_f("check \"%s\" CNAME \"%s\"", *namep, cname);
 	for (i = 0; i < options.num_permitted_cnames; i++) {
 		rule = options.permitted_cnames + i;
 		if (match_pattern_list(*namep, rule->source_list, 1) != 1 ||
@@ -448,10 +429,10 @@
 	 */
 	if ((addrs = resolve_addr(*hostp, port,
 	    newname, sizeof(newname))) != NULL) {
-		debug2("%s: hostname %.100s is address", __func__, *hostp);
+		debug2_f("hostname %.100s is address", *hostp);
 		if (strcasecmp(*hostp, newname) != 0) {
-			debug2("%s: canonicalised address \"%s\" => \"%s\"",
-			    __func__, *hostp, newname);
+			debug2_f("canonicalised address \"%s\" => \"%s\"",
+			    *hostp, newname);
 			free(*hostp);
 			*hostp = xstrdup(newname);
 		}
@@ -464,8 +445,7 @@
 	 * attempts at canonicalisation.
 	 */
 	if (is_addr_fast(*hostp)) {
-		debug("%s: hostname %.100s is an unrecognised address",
-		    __func__, *hostp);
+		debug_f("hostname %.100s is an unrecognised address", *hostp);
 		return NULL;
 	}
 
@@ -484,7 +464,7 @@
 
 	/* If domain name is anchored, then resolve it now */
 	if ((*hostp)[strlen(*hostp) - 1] == '.') {
-		debug3("%s: name is fully qualified", __func__);
+		debug3_f("name is fully qualified");
 		fullhost = xstrdup(*hostp);
 		if ((addrs = resolve_host(fullhost, port, 0,
 		    newname, sizeof(newname))) != NULL)
@@ -500,16 +480,17 @@
 			ndots++;
 	}
 	if (ndots > options.canonicalize_max_dots) {
-		debug3("%s: not canonicalizing hostname \"%s\" (max dots %d)",
-		    __func__, *hostp, options.canonicalize_max_dots);
+		debug3_f("not canonicalizing hostname \"%s\" (max dots %d)",
+		    *hostp, options.canonicalize_max_dots);
 		return NULL;
 	}
 	/* Attempt each supplied suffix */
 	for (i = 0; i < options.num_canonical_domains; i++) {
+		if (strcasecmp(options.canonical_domains[i], "none") == 0)
+			break;
 		xasprintf(&fullhost, "%s.%s.", *hostp,
 		    options.canonical_domains[i]);
-		debug3("%s: attempting \"%s\" => \"%s\"", __func__,
-		    *hostp, fullhost);
+		debug3_f("attempting \"%s\" => \"%s\"", *hostp, fullhost);
 		if ((addrs = resolve_host(fullhost, port, 0,
 		    newname, sizeof(newname))) == NULL) {
 			free(fullhost);
@@ -530,7 +511,7 @@
  notfound:
 	if (!options.canonicalize_fallback_local)
 		fatal("%s: Could not resolve host \"%s\"", __progname, *hostp);
-	debug2("%s: host %s not found in any suffix", __func__, *hostp);
+	debug2_f("host %s not found in any suffix", *hostp);
 	return NULL;
 }
 
@@ -546,14 +527,14 @@
 		break;
 	case SSH_ERR_INTERNAL_ERROR:
 	case SSH_ERR_ALLOC_FAIL:
-		fatal("load %s \"%s\": %s", message, path, ssh_err(r));
+		fatal_r(r, "load %s \"%s\"", message, path);
 	case SSH_ERR_SYSTEM_ERROR:
 		/* Ignore missing files */
 		if (errno == ENOENT)
 			break;
 		/* FALLTHROUGH */
 	default:
-		error("load %s \"%s\": %s", message, path, ssh_err(r));
+		error_r(r, "load %s \"%s\"", message, path);
 		break;
 	}
 }
@@ -611,6 +592,25 @@
 	}
 }
 
+static void
+ssh_conn_info_free(struct ssh_conn_info *cinfo)
+{
+	if (cinfo == NULL)
+		return;
+	free(cinfo->conn_hash_hex);
+	free(cinfo->shorthost);
+	free(cinfo->uidstr);
+	free(cinfo->keyalias);
+	free(cinfo->thishost);
+	free(cinfo->host_arg);
+	free(cinfo->portstr);
+	free(cinfo->remhost);
+	free(cinfo->remuser);
+	free(cinfo->homedir);
+	free(cinfo->locuser);
+	free(cinfo);
+}
+
 /*
  * Main program for the ssh client.
  */
@@ -620,8 +620,8 @@
 	struct ssh *ssh = NULL;
 	int i, r, opt, exit_status, use_syslog, direct, timeout_ms;
 	int was_addr, config_test = 0, opt_terminated = 0, want_final_pass = 0;
-	char *p, *cp, *line, *argv0, buf[PATH_MAX], *logfile;
-	char cname[NI_MAXHOST];
+	char *p, *cp, *line, *argv0, *logfile, *host_arg;
+	char cname[NI_MAXHOST], thishost[NI_MAXHOST];
 	struct stat st;
 	struct passwd *pw;
 	extern int optind, optreset;
@@ -629,10 +629,18 @@
 	struct Forward fwd;
 	struct addrinfo *addrs = NULL;
 	size_t n, len;
+	u_int j;
+	struct ssh_conn_info *cinfo = NULL;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
 
+	/*
+	 * Discard other fds that are hanging around. These can cause problem
+	 * with backgrounded ssh processes started by ControlPersist.
+	 */
+	closefrom(STDERR_FILENO + 1);
+
 	__progname = ssh_get_progname(av[0]);
 
 #ifndef HAVE_SETPROCTITLE
@@ -648,12 +656,6 @@
 
 	seed_rng();
 
-	/*
-	 * Discard other fds that are hanging around. These can cause problem
-	 * with backgrounded ssh processes started by ControlPersist.
-	 */
-	closefrom(STDERR_FILENO + 1);
-
 	/* Get user data. */
 	pw = getpwuid(getuid());
 	if (!pw) {
@@ -709,11 +711,11 @@
 			options.address_family = AF_INET6;
 			break;
 		case 'n':
-			stdin_null_flag = 1;
+			options.stdin_null = 1;
 			break;
 		case 'f':
-			fork_after_authentication_flag = 1;
-			stdin_null_flag = 1;
+			options.fork_after_authentication = 1;
+			options.stdin_null = 1;
 			break;
 		case 'x':
 			options.forward_x11 = 0;
@@ -780,10 +782,12 @@
 			else if (strcmp(optarg, "key-plain") == 0)
 				cp = sshkey_alg_list(0, 1, 0, '\n');
 			else if (strcmp(optarg, "key-sig") == 0 ||
-			    strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 ||
+			    strcasecmp(optarg, "PubkeyAcceptedKeyTypes") == 0 || /* deprecated name */
+			    strcasecmp(optarg, "PubkeyAcceptedAlgorithms") == 0 ||
 			    strcasecmp(optarg, "HostKeyAlgorithms") == 0 ||
-			    strcasecmp(optarg, "HostbasedKeyTypes") == 0 ||
-			    strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0)
+			    strcasecmp(optarg, "HostbasedKeyTypes") == 0 || /* deprecated name */
+			    strcasecmp(optarg, "HostbasedAcceptedKeyTypes") == 0 || /* deprecated name */
+			    strcasecmp(optarg, "HostbasedAcceptedAlgorithms") == 0)
 				cp = sshkey_alg_list(0, 0, 1, '\n');
 			else if (strcmp(optarg, "sig") == 0)
 				cp = sshkey_alg_list(0, 1, 1, '\n');
@@ -869,13 +873,7 @@
 			break;
 		case 'V':
 			fprintf(stderr, "%s, %s\n",
-			    SSH_RELEASE,
-#ifdef WITH_OPENSSL
-			    OpenSSL_version(OPENSSL_VERSION)
-#else
-			    "without OpenSSL"
-#endif
-			);
+			    SSH_RELEASE, SSH_OPENSSL_VERSION);
 			if (opt == 'V')
 				exit(0);
 			break;
@@ -905,7 +903,7 @@
 				exit(255);
 			}
 			options.request_tty = REQUEST_TTY_NO;
-			no_shell_flag = 1;
+			options.session_type = SESSION_TYPE_NONE;
 			break;
 		case 'q':
 			options.log_level = SYSLOG_LEVEL_QUIET;
@@ -1008,7 +1006,10 @@
 #endif
 			break;
 		case 'N':
-			no_shell_flag = 1;
+			if (options.session_type != -1 &&
+			    options.session_type != SESSION_TYPE_NONE)
+				fatal("Cannot specify -N with -s/SessionType");
+			options.session_type = SESSION_TYPE_NONE;
 			options.request_tty = REQUEST_TTY_NO;
 			break;
 		case 'T':
@@ -1023,7 +1024,10 @@
 			free(line);
 			break;
 		case 's':
-			subsystem_flag = 1;
+			if (options.session_type != -1 &&
+			    options.session_type != SESSION_TYPE_SUBSYSTEM)
+				fatal("Cannot specify -s with -N/SessionType");
+			options.session_type = SESSION_TYPE_SUBSYSTEM;
 			break;
 		case 'S':
 			free(options.control_path);
@@ -1106,7 +1110,7 @@
 	 */
 	if (!ac) {
 		/* No command specified - execute shell on a tty. */
-		if (subsystem_flag) {
+		if (options.session_type == SESSION_TYPE_SUBSYSTEM) {
 			fprintf(stderr,
 			    "You must specify a subsystem to invoke.\n");
 			usage();
@@ -1116,8 +1120,7 @@
 		for (i = 0; i < ac; i++) {
 			if ((r = sshbuf_putf(command, "%s%s",
 			    i ? " " : "", av[i])) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "buffer error");
 		}
 	}
 
@@ -1137,13 +1140,7 @@
 	    !use_syslog);
 
 	if (debug_flag)
-		logit("%s, %s", SSH_RELEASE,
-#ifdef WITH_OPENSSL
-		    OpenSSL_version(OPENSSL_VERSION)
-#else
-		    "without OpenSSL"
-#endif
-		);
+		logit("%s, %s", SSH_RELEASE, SSH_OPENSSL_VERSION);
 
 	/* Parse the configuration files */
 	process_config_files(host_arg, pw, 0, &want_final_pass);
@@ -1190,7 +1187,7 @@
 	 */
 	direct = option_clear_or_none(options.proxy_command) &&
 	    options.jump_host == NULL;
-	if (addrs == NULL && options.num_permitted_cnames != 0 && (direct ||
+	if (addrs == NULL && config_has_permitted_cnames(&options) && (direct ||
 	    options.canonicalize_hostname == SSH_CANONICALISE_ALWAYS)) {
 		if ((addrs = resolve_host(host, options.port,
 		    direct, cname, sizeof(cname))) == NULL) {
@@ -1226,21 +1223,28 @@
 	}
 
 	/* Fill configuration defaults. */
-	fill_default_options(&options);
+	if (fill_default_options(&options) != 0)
+		cleanup_exit(255);
+
+	if (options.user == NULL)
+		options.user = xstrdup(pw->pw_name);
 
 	/*
 	 * If ProxyJump option specified, then construct a ProxyCommand now.
 	 */
 	if (options.jump_host != NULL) {
 		char port_s[8];
-		const char *sshbin = argv0;
+		const char *jumpuser = options.jump_user, *sshbin = argv0;
 		int port = options.port, jumpport = options.jump_port;
 
 		if (port <= 0)
 			port = default_ssh_port();
 		if (jumpport <= 0)
 			jumpport = default_ssh_port();
-		if (strcmp(options.jump_host, host) == 0 && port == jumpport)
+		if (jumpuser == NULL)
+			jumpuser = options.user;
+		if (strcmp(options.jump_host, host) == 0 && port == jumpport &&
+		    strcmp(options.user, jumpuser) == 0)
 			fatal("jumphost loop via %s", options.jump_host);
 
 		/*
@@ -1314,13 +1318,19 @@
 		fatal("Cannot execute command-line and remote command.");
 
 	/* Cannot fork to background if no command. */
-	if (fork_after_authentication_flag && sshbuf_len(command) == 0 &&
-	    options.remote_command == NULL && !no_shell_flag)
+	if (options.fork_after_authentication && sshbuf_len(command) == 0 &&
+	    options.remote_command == NULL &&
+	    options.session_type != SESSION_TYPE_NONE)
 		fatal("Cannot fork into background without a command "
 		    "to execute.");
 
 	/* reinit */
 	log_init(argv0, options.log_level, options.log_facility, !use_syslog);
+	for (j = 0; j < options.num_log_verbose; j++) {
+		if (strcasecmp(options.log_verbose[j], "none") == 0)
+			break;
+		log_verbose_add(options.log_verbose[j]);
+	}
 
 	if (options.request_tty == REQUEST_TTY_YES ||
 	    options.request_tty == REQUEST_TTY_FORCE)
@@ -1335,7 +1345,7 @@
 	    (muxclient_command && muxclient_command != SSHMUX_COMMAND_PROXY))
 		tty_flag = 0;
 	/* Do not allocate a tty if stdin is not a tty. */
-	if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
+	if ((!isatty(fileno(stdin)) || options.stdin_null) &&
 	    options.request_tty != REQUEST_TTY_FORCE) {
 		if (tty_flag)
 			logit("Pseudo-terminal will not be allocated because "
@@ -1343,20 +1353,25 @@
 		tty_flag = 0;
 	}
 
-	if (options.user == NULL)
-		options.user = xstrdup(pw->pw_name);
-
 	/* Set up strings used to percent_expand() arguments */
+	cinfo = xcalloc(1, sizeof(*cinfo));
 	if (gethostname(thishost, sizeof(thishost)) == -1)
 		fatal("gethostname: %s", strerror(errno));
-	strlcpy(shorthost, thishost, sizeof(shorthost));
-	shorthost[strcspn(thishost, ".")] = '\0';
-	snprintf(portstr, sizeof(portstr), "%d", options.port);
-	snprintf(uidstr, sizeof(uidstr), "%llu",
+	cinfo->thishost = xstrdup(thishost);
+	thishost[strcspn(thishost, ".")] = '\0';
+	cinfo->shorthost = xstrdup(thishost);
+	xasprintf(&cinfo->portstr, "%d", options.port);
+	xasprintf(&cinfo->uidstr, "%llu",
 	    (unsigned long long)pw->pw_uid);
-
-	conn_hash_hex = ssh_connection_hash(thishost, host, portstr,
-	    options.user);
+	cinfo->keyalias = xstrdup(options.host_key_alias ?
+	    options.host_key_alias : host_arg);
+	cinfo->conn_hash_hex = ssh_connection_hash(cinfo->thishost, host,
+	    cinfo->portstr, options.user);
+	cinfo->host_arg = xstrdup(host_arg);
+	cinfo->remhost = xstrdup(host);
+	cinfo->remuser = xstrdup(options.user);
+	cinfo->homedir = xstrdup(pw->pw_dir);
+	cinfo->locuser = xstrdup(pw->pw_name);
 
 	/*
 	 * Expand tokens in arguments. NB. LocalCommand is expanded later,
@@ -1367,26 +1382,25 @@
 		debug3("expanding RemoteCommand: %s", options.remote_command);
 		cp = options.remote_command;
 		options.remote_command = default_client_percent_expand(cp,
-		    pw->pw_dir, host, options.user, pw->pw_name);
+		    cinfo);
 		debug3("expanded RemoteCommand: %s", options.remote_command);
 		free(cp);
 		if ((r = sshbuf_put(command, options.remote_command,
 		    strlen(options.remote_command))) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "buffer error");
 	}
 
 	if (options.control_path != NULL) {
 		cp = tilde_expand_filename(options.control_path, getuid());
 		free(options.control_path);
-		options.control_path = default_client_percent_expand(cp,
-		    pw->pw_dir, host, options.user, pw->pw_name);
+		options.control_path = default_client_percent_dollar_expand(cp,
+		    cinfo);
 		free(cp);
 	}
 
 	if (options.identity_agent != NULL) {
 		p = tilde_expand_filename(options.identity_agent, getuid());
-		cp = default_client_percent_expand(p,
-		    pw->pw_dir, host, options.user, pw->pw_name);
+		cp = default_client_percent_dollar_expand(p, cinfo);
 		free(p);
 		free(options.identity_agent);
 		options.identity_agent = cp;
@@ -1395,19 +1409,55 @@
 	if (options.forward_agent_sock_path != NULL) {
 		p = tilde_expand_filename(options.forward_agent_sock_path,
 		    getuid());
-		cp = default_client_percent_expand(p,
-		    pw->pw_dir, host, options.user, pw->pw_name);
+		cp = default_client_percent_dollar_expand(p, cinfo);
 		free(p);
 		free(options.forward_agent_sock_path);
 		options.forward_agent_sock_path = cp;
+		if (stat(options.forward_agent_sock_path, &st) != 0) {
+			error("Cannot forward agent socket path \"%s\": %s",
+			    options.forward_agent_sock_path, strerror(errno));
+			if (options.exit_on_forward_failure)
+				cleanup_exit(255);
+		}
+	}
+
+	if (options.num_system_hostfiles > 0 &&
+	    strcasecmp(options.system_hostfiles[0], "none") == 0) {
+		if (options.num_system_hostfiles > 1)
+			fatal("Invalid GlobalKnownHostsFiles: \"none\" "
+			    "appears with other entries");
+		free(options.system_hostfiles[0]);
+		options.system_hostfiles[0] = NULL;
+		options.num_system_hostfiles = 0;
+	}
+
+	if (options.num_user_hostfiles > 0 &&
+	    strcasecmp(options.user_hostfiles[0], "none") == 0) {
+		if (options.num_user_hostfiles > 1)
+			fatal("Invalid UserKnownHostsFiles: \"none\" "
+			    "appears with other entries");
+		free(options.user_hostfiles[0]);
+		options.user_hostfiles[0] = NULL;
+		options.num_user_hostfiles = 0;
+	}
+	for (j = 0; j < options.num_user_hostfiles; j++) {
+		if (options.user_hostfiles[j] == NULL)
+			continue;
+		cp = tilde_expand_filename(options.user_hostfiles[j], getuid());
+		p = default_client_percent_dollar_expand(cp, cinfo);
+		if (strcmp(options.user_hostfiles[j], p) != 0)
+			debug3("expanded UserKnownHostsFile '%s' -> "
+			    "'%s'", options.user_hostfiles[j], p);
+		free(options.user_hostfiles[j]);
+		free(cp);
+		options.user_hostfiles[j] = p;
 	}
 
 	for (i = 0; i < options.num_local_forwards; i++) {
 		if (options.local_forwards[i].listen_path != NULL) {
 			cp = options.local_forwards[i].listen_path;
 			p = options.local_forwards[i].listen_path =
-			    default_client_percent_expand(cp,
-			    pw->pw_dir, host, options.user, pw->pw_name);
+			    default_client_percent_expand(cp, cinfo);
 			if (strcmp(cp, p) != 0)
 				debug3("expanded LocalForward listen path "
 				    "'%s' -> '%s'", cp, p);
@@ -1416,8 +1466,7 @@
 		if (options.local_forwards[i].connect_path != NULL) {
 			cp = options.local_forwards[i].connect_path;
 			p = options.local_forwards[i].connect_path =
-			    default_client_percent_expand(cp,
-			    pw->pw_dir, host, options.user, pw->pw_name);
+			    default_client_percent_expand(cp, cinfo);
 			if (strcmp(cp, p) != 0)
 				debug3("expanded LocalForward connect path "
 				    "'%s' -> '%s'", cp, p);
@@ -1429,8 +1478,7 @@
 		if (options.remote_forwards[i].listen_path != NULL) {
 			cp = options.remote_forwards[i].listen_path;
 			p = options.remote_forwards[i].listen_path =
-			    default_client_percent_expand(cp,
-			    pw->pw_dir, host, options.user, pw->pw_name);
+			    default_client_percent_expand(cp, cinfo);
 			if (strcmp(cp, p) != 0)
 				debug3("expanded RemoteForward listen path "
 				    "'%s' -> '%s'", cp, p);
@@ -1439,8 +1487,7 @@
 		if (options.remote_forwards[i].connect_path != NULL) {
 			cp = options.remote_forwards[i].connect_path;
 			p = options.remote_forwards[i].connect_path =
-			    default_client_percent_expand(cp,
-			    pw->pw_dir, host, options.user, pw->pw_name);
+			    default_client_percent_expand(cp, cinfo);
 			if (strcmp(cp, p) != 0)
 				debug3("expanded RemoteForward connect path "
 				    "'%s' -> '%s'", cp, p);
@@ -1491,13 +1538,16 @@
 			cleanup_exit(255); /* resolve_host logs the error */
 	}
 
-	timeout_ms = options.connection_timeout * 1000;
+	if (options.connection_timeout >= INT_MAX/1000)
+		timeout_ms = INT_MAX;
+	else
+		timeout_ms = options.connection_timeout * 1000;
 
 	/* Open a connection to the remote host. */
 	if (ssh_connect(ssh, host, host_arg, addrs, &hostaddr, options.port,
-	    options.address_family, options.connection_attempts,
+	    options.connection_attempts,
 	    &timeout_ms, options.tcp_keep_alive) != 0)
- 		exit(255);
+		exit(255);
 
 	if (addrs != NULL)
 		freeaddrinfo(addrs);
@@ -1523,13 +1573,13 @@
 		/* XXX check errors? */
 #define L_PUBKEY(p,o) do { \
 	if ((o) >= sensitive_data.nkeys) \
-		fatal("%s pubkey out of array bounds", __func__); \
+		fatal_f("pubkey out of array bounds"); \
 	check_load(sshkey_load_public(p, &(sensitive_data.keys[o]), NULL), \
 	    p, "pubkey"); \
 } while (0)
 #define L_CERT(p,o) do { \
 	if ((o) >= sensitive_data.nkeys) \
-		fatal("%s cert out of array bounds", __func__); \
+		fatal_f("cert out of array bounds"); \
 	check_load(sshkey_load_cert(p, &(sensitive_data.keys[o])), p, "cert"); \
 } while (0)
 
@@ -1547,24 +1597,8 @@
 		}
 	}
 
-	/* Create ~/.ssh * directory if it doesn't already exist. */
-	if (config == NULL) {
-		r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
-		    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
-		if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) == -1) {
-#ifdef WITH_SELINUX
-			ssh_selinux_setfscreatecon(buf);
-#endif
-			if (mkdir(buf, 0700) < 0)
-				error("Could not create directory '%.200s'.",
-				    buf);
-#ifdef WITH_SELINUX
-			ssh_selinux_setfscreatecon(NULL);
-#endif
-		}
-	}
 	/* load options.identity_files */
-	load_public_identity_files(pw);
+	load_public_identity_files(cinfo);
 
 	/* optionally set the SSH_AUTHSOCKET_ENV_NAME variable */
 	if (options.identity_agent &&
@@ -1573,7 +1607,8 @@
 			unsetenv(SSH_AUTHSOCKET_ENV_NAME);
 		} else {
 			cp = options.identity_agent;
-			if (cp[0] == '$') {
+			/* legacy (limited) format */
+			if (cp[0] == '$' && cp[1] != '{') {
 				if (!valid_env_name(cp + 1)) {
 					fatal("Invalid IdentityAgent "
 					    "environment variable name %s", cp);
@@ -1596,7 +1631,7 @@
 				fatal("Invalid ForwardAgent environment variable name %s", cp);
 			}
 			if ((p = getenv(cp + 1)) != NULL)
-				forward_agent_sock_path = p;
+				forward_agent_sock_path = xstrdup(p);
 			else
 				options.forward_agent = 0;
 			free(cp);
@@ -1615,14 +1650,7 @@
 
 	/* Log into the remote system.  Never returns if the login fails. */
 	ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr,
-	    options.port, pw, timeout_ms);
-
-	if (ssh_packet_connection_is_on_socket(ssh)) {
-		verbose("Authenticated to %s ([%s]:%d).", host,
-		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
-	} else {
-		verbose("Authenticated to %s (via proxy).", host);
-	}
+	    options.port, pw, timeout_ms, cinfo);
 
 	/* We no longer need the private host keys.  Clear them now. */
 	if (sensitive_data.nkeys != 0) {
@@ -1649,8 +1677,13 @@
 		options.certificate_files[i] = NULL;
 	}
 
+#ifdef ENABLE_PKCS11
+	(void)pkcs11_del_provider(options.pkcs11_provider);
+#endif
+
  skip_connect:
-	exit_status = ssh_session2(ssh, pw);
+	exit_status = ssh_session2(ssh, cinfo);
+	ssh_conn_info_free(cinfo);
 	ssh_packet_close(ssh);
 
 	if (options.control_path != NULL && muxserver_sock != -1)
@@ -1666,9 +1699,8 @@
 control_persist_detach(void)
 {
 	pid_t pid;
-	int devnull, keep_stderr;
 
-	debug("%s: backgrounding master process", __func__);
+	debug_f("backgrounding master process");
 
 	/*
 	 * master (current process) into the background, and make the
@@ -1676,16 +1708,17 @@
 	 */
 	switch ((pid = fork())) {
 	case -1:
-		fatal("%s: fork: %s", __func__, strerror(errno));
+		fatal_f("fork: %s", strerror(errno));
 	case 0:
 		/* Child: master process continues mainloop */
 		break;
 	default:
-		/* Parent: set up mux slave to connect to backgrounded master */
-		debug2("%s: background process is %ld", __func__, (long)pid);
-		stdin_null_flag = ostdin_null_flag;
+		/* Parent: set up mux client to connect to backgrounded master */
+		debug2_f("background process is %ld", (long)pid);
+		options.stdin_null = ostdin_null_flag;
 		options.request_tty = orequest_tty;
 		tty_flag = otty_flag;
+		options.session_type = osession_type;
 		close(muxserver_sock);
 		muxserver_sock = -1;
 		options.control_master = SSHCTL_MASTER_NO;
@@ -1693,18 +1726,8 @@
 		/* muxclient() doesn't return on success. */
 		fatal("Failed to connect to new control master");
 	}
-	if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) {
-		error("%s: open(\"/dev/null\"): %s", __func__,
-		    strerror(errno));
-	} else {
-		keep_stderr = log_is_on_stderr() && debug_flag;
-		if (dup2(devnull, STDIN_FILENO) == -1 ||
-		    dup2(devnull, STDOUT_FILENO) == -1 ||
-		    (!keep_stderr && dup2(devnull, STDERR_FILENO) == -1))
-			error("%s: dup2: %s", __func__, strerror(errno));
-		if (devnull > STDERR_FILENO)
-			close(devnull);
-	}
+	if (stdfd_devnull(1, 1, !(log_is_on_stderr() && debug_flag)) == -1)
+		error_f("stdfd_devnull failed");
 	daemon(1, 1);
 	setproctitle("%s [mux]", options.control_path);
 }
@@ -1716,9 +1739,11 @@
 	if (need_controlpersist_detach)
 		control_persist_detach();
 	debug("forking to background");
-	fork_after_authentication_flag = 0;
+	options.fork_after_authentication = 0;
 	if (daemon(1, 1) == -1)
 		fatal("daemon() failed: %.200s", strerror(errno));
+	if (stdfd_devnull(1, 1, !(log_is_on_stderr() && debug_flag)) == -1)
+		error_f("stdfd_devnull failed");
 }
 
 static void
@@ -1727,12 +1752,12 @@
 	if (forward_confirms_pending == -1)
 		return;
 	if (--forward_confirms_pending == 0) {
-		debug("%s: all expected forwarding replies received", __func__);
-		if (fork_after_authentication_flag)
+		debug_f("all expected forwarding replies received");
+		if (options.fork_after_authentication)
 			fork_postauth();
 	} else {
-		debug2("%s: %d expected forwarding replies remaining",
-		    __func__, forward_confirms_pending);
+		debug2_f("%d expected forwarding replies remaining",
+		    forward_confirms_pending);
 	}
 }
 
@@ -1755,7 +1780,7 @@
 	if (rfwd->listen_path == NULL && rfwd->listen_port == 0) {
 		if (type == SSH2_MSG_REQUEST_SUCCESS) {
 			if ((r = sshpkt_get_u32(ssh, &port)) != 0)
-				fatal("%s: %s", __func__, ssh_err(r));
+				fatal_fr(r, "parse packet");
 			if (port > 65535) {
 				error("Invalid allocated port %u for remote "
 				    "forward to %s:%d", port,
@@ -1768,7 +1793,8 @@
 				rfwd->allocated_port = (int)port;
 				logit("Allocated port %u for remote "
 				    "forward to %s:%d",
-				    rfwd->allocated_port, rfwd->connect_host,
+				    rfwd->allocated_port, rfwd->connect_path ?
+				    rfwd->connect_path : rfwd->connect_host,
 				    rfwd->connect_port);
 				channel_update_permission(ssh,
 				    rfwd->handle, rfwd->allocated_port);
@@ -1821,7 +1847,7 @@
 			cleanup_exit(255);
 	}
 
-	debug("%s: tunnel forward established, id=%d", __func__, id);
+	debug_f("tunnel forward established, id=%d", id);
 	forwarding_success();
 }
 
@@ -1834,25 +1860,67 @@
 	if (options.stdio_forward_host == NULL)
 		return;
 
-	debug3("%s: %s:%d", __func__, options.stdio_forward_host,
+	debug3_f("%s:%d", options.stdio_forward_host,
 	    options.stdio_forward_port);
 
 	if ((in = dup(STDIN_FILENO)) == -1 ||
 	    (out = dup(STDOUT_FILENO)) == -1)
-		fatal("channel_connect_stdio_fwd: dup() in/out failed");
+		fatal_f("dup() in/out failed");
 	if ((c = channel_connect_stdio_fwd(ssh, options.stdio_forward_host,
-	    options.stdio_forward_port, in, out)) == NULL)
-		fatal("%s: channel_connect_stdio_fwd failed", __func__);
+	    options.stdio_forward_port, in, out,
+	    CHANNEL_NONBLOCK_STDIO)) == NULL)
+		fatal_f("channel_connect_stdio_fwd failed");
 	channel_register_cleanup(ssh, c->self, client_cleanup_stdio_fwd, 0);
 	channel_register_open_confirm(ssh, c->self, ssh_stdio_confirm, NULL);
 }
 
 static void
+ssh_init_forward_permissions(struct ssh *ssh, const char *what, char **opens,
+    u_int num_opens)
+{
+	u_int i;
+	int port;
+	char *addr, *arg, *oarg, ch;
+	int where = FORWARD_LOCAL;
+
+	channel_clear_permission(ssh, FORWARD_ADM, where);
+	if (num_opens == 0)
+		return; /* permit any */
+
+	/* handle keywords: "any" / "none" */
+	if (num_opens == 1 && strcmp(opens[0], "any") == 0)
+		return;
+	if (num_opens == 1 && strcmp(opens[0], "none") == 0) {
+		channel_disable_admin(ssh, where);
+		return;
+	}
+	/* Otherwise treat it as a list of permitted host:port */
+	for (i = 0; i < num_opens; i++) {
+		oarg = arg = xstrdup(opens[i]);
+		ch = '\0';
+		addr = hpdelim2(&arg, &ch);
+		if (addr == NULL || ch == '/')
+			fatal_f("missing host in %s", what);
+		addr = cleanhostname(addr);
+		if (arg == NULL || ((port = permitopen_port(arg)) < 0))
+			fatal_f("bad port number in %s", what);
+		/* Send it to channels layer */
+		channel_add_permission(ssh, FORWARD_ADM,
+		    where, addr, port);
+		free(oarg);
+	}
+}
+
+static void
 ssh_init_forwarding(struct ssh *ssh, char **ifname)
 {
 	int success = 0;
 	int i;
 
+	ssh_init_forward_permissions(ssh, "permitremoteopen",
+	    options.permitted_remote_opens,
+	    options.num_permitted_remote_opens);
+
 	if (options.exit_on_forward_failure)
 		forward_confirms_pending = 0; /* track pending requests */
 	/* Initiate local TCP/IP port forwardings. */
@@ -1915,7 +1983,7 @@
 			error("Could not request tunnel forwarding.");
 	}
 	if (forward_confirms_pending > 0) {
-		debug("%s: expecting replies for %d forwards", __func__,
+		debug_f("expecting replies for %d forwards",
 		    forward_confirms_pending);
 	}
 }
@@ -1930,8 +1998,7 @@
 		if ((r = ssh_get_authentication_socket(NULL)) != 0) {
 			options.forward_agent = 0;
 			if (r != SSH_ERR_AGENT_NOT_PRESENT)
-				debug("ssh_get_authentication_socket: %s",
-				    ssh_err(r));
+				debug_r(r, "ssh_get_authentication_socket");
 		}
 	}
 }
@@ -1940,7 +2007,7 @@
 ssh_session2_setup(struct ssh *ssh, int id, int success, void *arg)
 {
 	extern char **environ;
-	const char *display;
+	const char *display, *term;
 	int r, interactive = tty_flag;
 	char *proto = NULL, *data = NULL;
 
@@ -1968,14 +2035,18 @@
 		debug("Requesting authentication agent forwarding.");
 		channel_request_start(ssh, id, "auth-agent-req@openssh.com", 0);
 		if ((r = sshpkt_send(ssh)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send packet");
 	}
 
 	/* Tell the packet module whether this is an interactive session. */
 	ssh_packet_set_interactive(ssh, interactive,
 	    options.ip_qos_interactive, options.ip_qos_bulk);
 
-	client_session2_setup(ssh, id, tty_flag, subsystem_flag, getenv("TERM"),
+	if ((term = lookup_env_in_list("TERM", options.setenv,
+	    options.num_setenv)) == NULL || *term == '\0')
+		term = getenv("TERM");
+	client_session2_setup(ssh, id, tty_flag,
+	    options.session_type == SESSION_TYPE_SUBSYSTEM, term,
 	    NULL, fileno(stdin), command, environ);
 }
 
@@ -1986,7 +2057,7 @@
 	Channel *c;
 	int window, packetmax, in, out, err;
 
-	if (stdin_null_flag) {
+	if (options.stdin_null) {
 		in = open(_PATH_DEVNULL, O_RDONLY);
 	} else {
 		in = dup(STDIN_FILENO);
@@ -1997,14 +2068,6 @@
 	if (in == -1 || out == -1 || err == -1)
 		fatal("dup() in/out/err failed");
 
-	/* enable nonblocking unless tty */
-	if (!isatty(in))
-		set_nonblock(in);
-	if (!isatty(out))
-		set_nonblock(out);
-	if (!isatty(err))
-		set_nonblock(err);
-
 	window = CHAN_SES_WINDOW_DEFAULT;
 	packetmax = CHAN_SES_PACKET_DEFAULT;
 	if (tty_flag) {
@@ -2014,12 +2077,12 @@
 	c = channel_new(ssh,
 	    "session", SSH_CHANNEL_OPENING, in, out, err,
 	    window, packetmax, CHAN_EXTENDED_WRITE,
-	    "client-session", /*nonblock*/0);
+	    "client-session", CHANNEL_NONBLOCK_STDIO);
 
-	debug3("%s: channel_new: %d", __func__, c->self);
+	debug3_f("channel_new: %d", c->self);
 
 	channel_send_open(ssh, c->self);
-	if (!no_shell_flag)
+	if (options.session_type != SESSION_TYPE_NONE)
 		channel_register_open_confirm(ssh, c->self,
 		    ssh_session2_setup, NULL);
 
@@ -2027,9 +2090,9 @@
 }
 
 static int
-ssh_session2(struct ssh *ssh, struct passwd *pw)
+ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo)
 {
-	int r, devnull, id = -1;
+	int r, id = -1;
 	char *cp, *tun_fwd_ifname = NULL;
 
 	/* XXX should be pre-session */
@@ -2042,11 +2105,7 @@
 		debug3("expanding LocalCommand: %s", options.local_command);
 		cp = options.local_command;
 		options.local_command = percent_expand(cp,
-		    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
-		    "d", pw->pw_dir,
-		    "h", host,
-		    "r", options.user,
-		    "u", pw->pw_name,
+		    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
 		    "T", tun_fwd_ifname == NULL ? "NONE" : tun_fwd_ifname,
 		    (char *)NULL);
 		debug3("expanded LocalCommand: %s", options.local_command);
@@ -2060,23 +2119,25 @@
 	/*
 	 * If we are in control persist mode and have a working mux listen
 	 * socket, then prepare to background ourselves and have a foreground
-	 * client attach as a control slave.
+	 * client attach as a control client.
 	 * NB. we must save copies of the flags that we override for
-	 * the backgrounding, since we defer attachment of the slave until
+	 * the backgrounding, since we defer attachment of the client until
 	 * after the connection is fully established (in particular,
 	 * async rfwd replies have been received for ExitOnForwardFailure).
 	 */
 	if (options.control_persist && muxserver_sock != -1) {
-		ostdin_null_flag = stdin_null_flag;
-		ono_shell_flag = no_shell_flag;
+		ostdin_null_flag = options.stdin_null;
+		osession_type = options.session_type;
 		orequest_tty = options.request_tty;
 		otty_flag = tty_flag;
-		stdin_null_flag = 1;
-		no_shell_flag = 1;
+		options.stdin_null = 1;
+		options.session_type = SESSION_TYPE_NONE;
 		tty_flag = 0;
-		if (!fork_after_authentication_flag)
+		if (!options.fork_after_authentication &&
+		    (osession_type != SESSION_TYPE_NONE ||
+		    options.stdio_forward_host != NULL))
 			need_controlpersist_detach = 1;
-		fork_after_authentication_flag = 1;
+		options.fork_after_authentication = 1;
 	}
 	/*
 	 * ControlPersist mux listen socket setup failed, attempt the
@@ -2085,7 +2146,7 @@
 	if (options.control_persist && muxserver_sock == -1)
 		ssh_init_stdio_forwarding(ssh);
 
-	if (!no_shell_flag)
+	if (options.session_type != SESSION_TYPE_NONE)
 		id = ssh_session2_open(ssh);
 	else {
 		ssh_packet_set_interactive(ssh,
@@ -2095,14 +2156,14 @@
 
 	/* If we don't expect to open a new session, then disallow it */
 	if (options.control_master == SSHCTL_MASTER_NO &&
-	    (datafellows & SSH_NEW_OPENSSH)) {
+	    (ssh->compat & SSH_NEW_OPENSSH)) {
 		debug("Requesting no-more-sessions@openssh.com");
 		if ((r = sshpkt_start(ssh, SSH2_MSG_GLOBAL_REQUEST)) != 0 ||
 		    (r = sshpkt_put_cstring(ssh,
 		    "no-more-sessions@openssh.com")) != 0 ||
 		    (r = sshpkt_put_u8(ssh, 0)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send packet");
 	}
 
 	/* Execute a local command */
@@ -2116,21 +2177,14 @@
 	 * NB. this can only happen after LocalCommand has completed,
 	 * as it may want to write to stdout.
 	 */
-	if (!need_controlpersist_detach) {
-		if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1)
-			error("%s: open %s: %s", __func__,
-			    _PATH_DEVNULL, strerror(errno));
-		if (dup2(devnull, STDOUT_FILENO) == -1)
-			fatal("%s: dup2() stdout failed", __func__);
-		if (devnull > STDERR_FILENO)
-			close(devnull);
-	}
+	if (!need_controlpersist_detach && stdfd_devnull(0, 1, 0) == -1)
+		error_f("stdfd_devnull failed");
 
 	/*
 	 * If requested and we are not interested in replies to remote
 	 * forwarding requests, then let ssh continue in the background.
 	 */
-	if (fork_after_authentication_flag) {
+	if (options.fork_after_authentication) {
 		if (options.exit_on_forward_failure &&
 		    options.num_remote_forwards > 0) {
 			debug("deferring postauth fork until remote forward "
@@ -2145,7 +2199,7 @@
 
 /* Loads all IdentityFile and CertificateFile keys */
 static void
-load_public_identity_files(struct passwd *pw)
+load_public_identity_files(const struct ssh_conn_info *cinfo)
 {
 	char *filename, *cp;
 	struct sshkey *public;
@@ -2201,8 +2255,7 @@
 			continue;
 		}
 		cp = tilde_expand_filename(options.identity_files[i], getuid());
-		filename = default_client_percent_expand(cp,
-		    pw->pw_dir, host, options.user, pw->pw_name);
+		filename = default_client_percent_dollar_expand(cp, cinfo);
 		free(cp);
 		check_load(sshkey_load_public(filename, &public, NULL),
 		    filename, "pubkey");
@@ -2232,8 +2285,8 @@
 			continue;
 		}
 		if (!sshkey_is_cert(public)) {
-			debug("%s: key %s type %s is not a certificate",
-			    __func__, cp, sshkey_type(public));
+			debug_f("key %s type %s is not a certificate",
+			    cp, sshkey_type(public));
 			sshkey_free(public);
 			free(cp);
 			continue;
@@ -2247,12 +2300,11 @@
 	}
 
 	if (options.num_certificate_files > SSH_MAX_CERTIFICATE_FILES)
-		fatal("%s: too many certificates", __func__);
+		fatal_f("too many certificates");
 	for (i = 0; i < options.num_certificate_files; i++) {
 		cp = tilde_expand_filename(options.certificate_files[i],
 		    getuid());
-		filename = default_client_percent_expand(cp,
-		    pw->pw_dir, host, options.user, pw->pw_name);
+		filename = default_client_percent_dollar_expand(cp, cinfo);
 		free(cp);
 
 		check_load(sshkey_load_public(filename, &public, NULL),
@@ -2266,8 +2318,8 @@
 			continue;
 		}
 		if (!sshkey_is_cert(public)) {
-			debug("%s: key %s type %s is not a certificate",
-			    __func__, filename, sshkey_type(public));
+			debug_f("key %s type %s is not a certificate",
+			    filename, sshkey_type(public));
 			sshkey_free(public);
 			free(filename);
 			continue;

ssh.h

diff --git a/ssh.h b/ssh.h
index dda6f61..8110c06 100644
--- a/ssh.h
+++ b/ssh.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.h,v 1.89 2018/12/27 03:25:25 djm Exp $ */
+/* $OpenBSD: ssh.h,v 1.90 2020/07/14 23:57:01 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -68,6 +68,11 @@
 #define SSH_ASKPASS_ENV		"SSH_ASKPASS"
 
 /*
+ * Environment variable to control whether or not askpass is used.
+ */
+#define SSH_ASKPASS_REQUIRE_ENV		"SSH_ASKPASS_REQUIRE"
+
+/*
  * Force host key length and server key length to differ by at least this
  * many bits.  This is to make double encryption with rsaref work.
  */

ssh2.h

diff --git a/ssh2.h b/ssh2.h
index f2e37c9..32ddae8 100644
--- a/ssh2.h
+++ b/ssh2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh2.h,v 1.18 2016/05/04 14:22:33 markus Exp $ */
+/* $OpenBSD: ssh2.h,v 1.19 2020/11/19 23:05:05 dtucker Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
  */
 
 /*
- * draft-ietf-secsh-architecture-05.txt
+ * RFC4251:
  *
  *   Transport layer protocol:
  *

ssh_api.c

diff --git a/ssh_api.c b/ssh_api.c
index e0b1955..d3c6617 100644
--- a/ssh_api.c
+++ b/ssh_api.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.c,v 1.19 2019/10/31 21:23:19 djm Exp $ */
+/* $OpenBSD: ssh_api.c,v 1.27 2021/04/03 06:18:41 djm Exp $ */
 /*
  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
  *
@@ -54,20 +54,16 @@
  */
 int	use_privsep = 0;
 int	mm_sshkey_sign(struct sshkey *, u_char **, u_int *,
-    const u_char *, u_int, const char *, const char *, u_int);
+    const u_char *, u_int, const char *, const char *, const char *, u_int);
 
 #ifdef WITH_OPENSSL
 DH	*mm_choose_dh(int, int, int);
 #endif
 
-/* Define these two variables here so that they are part of the library */
-u_char *session_id2 = NULL;
-u_int session_id2_len = 0;
-
 int
 mm_sshkey_sign(struct sshkey *key, u_char **sigp, u_int *lenp,
-    const u_char *data, u_int datalen, const char *alg, const char *sk_provider,
-    u_int compat)
+    const u_char *data, u_int datalen, const char *alg,
+    const char *sk_provider, const char *sk_pin, u_int compat)
 {
 	return (-1);
 }
@@ -85,7 +81,7 @@
 int
 ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params)
 {
-        char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
+	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 	struct ssh *ssh;
 	char **proposal;
 	static int called;
@@ -122,7 +118,7 @@
 # endif
 #endif /* WITH_OPENSSL */
 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server;
-		ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
+		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
 		ssh->kex->load_host_public_key=&_ssh_host_public_key;
 		ssh->kex->load_host_private_key=&_ssh_host_private_key;
 		ssh->kex->sign=&_ssh_host_key_sign;
@@ -140,7 +136,7 @@
 # endif
 #endif /* WITH_OPENSSL */
 		ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
-		ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
+		ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client;
 		ssh->kex->verify_host_key =&_ssh_verify_host_key;
 	}
 	*sshp = ssh;
@@ -152,7 +148,9 @@
 {
 	struct key_entry *k;
 
-	ssh_packet_close(ssh);
+	if (ssh == NULL)
+		return;
+
 	/*
 	 * we've only created the public keys variants in case we
 	 * are a acting as a server.
@@ -167,8 +165,7 @@
 		TAILQ_REMOVE(&ssh->private_keys, k, next);
 		free(k);
 	}
-	if (ssh->kex)
-		kex_free(ssh->kex);
+	ssh_packet_close(ssh);
 	free(ssh);
 }
 
@@ -358,13 +355,13 @@
 		if (sshbuf_len(banner) >= 4 &&
 		    memcmp(sshbuf_ptr(banner), "SSH-", 4) == 0)
 			break;
-		debug("%s: %.*s", __func__, (int)sshbuf_len(banner),
+		debug_f("%.*s", (int)sshbuf_len(banner),
 		    sshbuf_ptr(banner));
 		/* Accept lines before banner only on client */
 		if (ssh->kex->server || ++n > SSH_MAX_PRE_BANNER_LINES) {
   bad:
 			if ((r = sshbuf_put(ssh_packet_get_output(ssh),
-			   mismatch, strlen(mismatch))) != 0)
+			    mismatch, strlen(mismatch))) != 0)
 				return r;
 			return SSH_ERR_NO_PROTOCOL_VERSION;
 		}
@@ -391,7 +388,7 @@
 	debug("Remote protocol version %d.%d, remote software version %.100s",
 	    remote_major, remote_minor, remote_version);
 
-	ssh->compat = compat_datafellows(remote_version);
+	compat_banner(ssh, remote_version);
 	if  (remote_major == 1 && remote_minor == 99) {
 		remote_major = 2;
 		remote_minor = 0;
@@ -471,9 +468,9 @@
 {
 	struct key_entry *k;
 
-	debug3("%s: need %d", __func__, type);
+	debug3_f("need %d", type);
 	TAILQ_FOREACH(k, &ssh->public_keys, next) {
-		debug3("%s: check %s", __func__, sshkey_type(k->key));
+		debug3_f("check %s", sshkey_type(k->key));
 		if (k->key->type == type &&
 		    (type != KEY_ECDSA || k->key->ecdsa_nid == nid))
 			return (k->key);
@@ -486,9 +483,9 @@
 {
 	struct key_entry *k;
 
-	debug3("%s: need %d", __func__, type);
+	debug3_f("need %d", type);
 	TAILQ_FOREACH(k, &ssh->private_keys, next) {
-		debug3("%s: check %s", __func__, sshkey_type(k->key));
+		debug3_f("check %s", sshkey_type(k->key));
 		if (k->key->type == type &&
 		    (type != KEY_ECDSA || k->key->ecdsa_nid == nid))
 			return (k->key);
@@ -501,9 +498,9 @@
 {
 	struct key_entry *k;
 
-	debug3("%s: need %s", __func__, sshkey_type(hostkey));
+	debug3_f("need %s", sshkey_type(hostkey));
 	TAILQ_FOREACH(k, &ssh->public_keys, next) {
-		debug3("%s: check %s", __func__, sshkey_type(k->key));
+		debug3_f("check %s", sshkey_type(k->key));
 		if (sshkey_equal_public(hostkey, k->key))
 			return (0);	/* ok */
 	}
@@ -549,8 +546,8 @@
 		}
 	}
 	if (*replace != '\0') {
-		debug2("%s: orig/%d    %s", __func__, ssh->kex->server, orig);
-		debug2("%s: replace/%d %s", __func__, ssh->kex->server, replace);
+		debug2_f("orig/%d    %s", ssh->kex->server, orig);
+		debug2_f("replace/%d %s", ssh->kex->server, replace);
 		free(orig);
 		proposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = replace;
 		replace = NULL;	/* owned by proposal */
@@ -569,5 +566,5 @@
     const u_char *data, size_t dlen, const char *alg)
 {
 	return sshkey_sign(privkey, signature, slen, data, dlen,
-	    alg, NULL, ssh->compat);
+	    alg, NULL, NULL, ssh->compat);
 }

ssh_config

diff --git a/ssh_config b/ssh_config
index 5e8ef54..842ea86 100644
--- a/ssh_config
+++ b/ssh_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
+#	$OpenBSD: ssh_config,v 1.35 2020/07/17 03:43:42 dtucker Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -43,3 +43,4 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+#   UserKnownHostsFile ~/.ssh/known_hosts.d/%k

ssh_config.5

diff --git a/ssh_config.5 b/ssh_config.5
index dc010cc..170125a 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.325 2020/04/11 20:20:09 jmc Exp $
-.Dd $Mdocdate: April 11 2020 $
+.\" $OpenBSD: ssh_config.5,v 1.366 2021/09/25 09:40:33 kn Exp $
+.Dd $Mdocdate: September 25 2021 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -245,13 +245,22 @@
 If this option is set to
 .Cm no ,
 no keys are added to the agent.
+Alternately, this option may be specified as a time interval
+using the format described in the
+.Sx TIME FORMATS
+section of
+.Xr sshd_config 5
+to specify the key's lifetime in
+.Xr ssh-agent 1 ,
+after which it will automatically be removed.
 The argument must be
-.Cm yes ,
-.Cm confirm ,
-.Cm ask ,
-or
 .Cm no
-(the default).
+(the default),
+.Cm yes ,
+.Cm confirm
+(optionally followed by a time interval),
+.Cm ask
+or a time interval.
 .It Cm AddressFamily
 Specifies which address family to use when connecting.
 Valid arguments are
@@ -332,6 +341,11 @@
 and
 .Cm Match
 stanzas.
+A value of
+.Cm none
+disables the use of a
+.Cm ProxyJump
+host.
 .It Cm CanonicalizeMaxDots
 Specifies the maximum number of dot characters in a hostname before
 canonicalization is disabled.
@@ -358,15 +372,32 @@
 or
 .Qq *.c.example.com
 domains.
+.Pp
+A single argument of
+.Qq none
+causes no CNAMEs to be considered for canonicalization.
+This is the default behaviour.
 .It Cm CASignatureAlgorithms
 Specifies which algorithms are allowed for signing of certificates
 by certificate authorities (CAs).
 The default is:
 .Bd -literal -offset indent
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+ssh-ed25519,ecdsa-sha2-nistp256,
+ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+sk-ssh-ed25519@openssh.com,
+sk-ecdsa-sha2-nistp256@openssh.com,
+rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
+If the specified list begins with a
+.Sq +
+character, then the specified algorithms will be appended to the default set
+instead of replacing them.
+If the specified list begins with a
+.Sq -
+character, then the specified algorithms (including wildcards) will be removed
+from the default set instead of replacing them.
+.Pp
 .Xr ssh 1
 will not accept host certificates signed using algorithms other than those
 specified.
@@ -389,9 +420,11 @@
 .Pp
 Arguments to
 .Cm CertificateFile
-may use the tilde syntax to refer to a user's home directory
-or the tokens described in the
+may use the tilde syntax to refer to a user's home directory,
+the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 .Pp
 It is possible to have multiple certificate files specified in
@@ -400,17 +433,9 @@
 .Cm CertificateFile
 directives will add to the list of certificates used for
 authentication.
-.It Cm ChallengeResponseAuthentication
-Specifies whether to use challenge-response authentication.
-The argument to this keyword must be
-.Cm yes
-(the default)
-or
-.Cm no .
 .It Cm CheckHostIP
 If set to
 .Cm yes
-(the default),
 .Xr ssh 1
 will additionally check the host IP address in the
 .Pa known_hosts
@@ -421,7 +446,8 @@
 in the process, regardless of the setting of
 .Cm StrictHostKeyChecking .
 If the option is set to
-.Cm no ,
+.Cm no
+(the default),
 the check will not be executed.
 .It Cm Ciphers
 Specifies the ciphers allowed and their order of preference.
@@ -551,9 +577,11 @@
 to disable connection sharing.
 Arguments to
 .Cm ControlPath
-may use the tilde syntax to refer to a user's home directory
-or the tokens described in the
+may use the tilde syntax to refer to a user's home directory,
+the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 It is recommended that any
 .Cm ControlPath
@@ -669,6 +697,45 @@
 and
 .Cm sha256
 (the default).
+.It Cm ForkAfterAuthentication
+Requests
+.Nm ssh
+to go to background just before command execution.
+This is useful if
+.Nm ssh
+is going to ask for passwords or passphrases, but the user
+wants it in the background.
+This implies the
+.Cm StdinNull
+configuration option being set to
+.Dq yes .
+The recommended way to start X11 programs at a remote site is with
+something like
+.Ic ssh -f host xterm ,
+which is the same as
+.Ic ssh host xterm
+if the
+.Cm ForkAfterAuthentication
+configuration option is set to
+.Dq yes .
+.Pp
+If the
+.Cm ExitOnForwardFailure
+configuration option is set to
+.Dq yes ,
+then a client started with the
+.Cm ForkAfterAuthentication
+configuration option being set to
+.Dq yes
+will wait for all remote port forwards to be successfully established
+before placing itself in the background.
+The argument to this keyword must be
+.Cm yes
+(same as the
+.Fl f
+option) or
+.Cm no
+(the default).
 .It Cm ForwardAgent
 Specifies whether the connection to the authentication agent (if any)
 will be forwarded to the remote machine.
@@ -787,6 +854,44 @@
 will not be converted automatically,
 but may be manually hashed using
 .Xr ssh-keygen 1 .
+.It Cm HostbasedAcceptedAlgorithms
+Specifies the signature algorithms that will be used for hostbased
+authentication as a comma-separated list of patterns.
+Alternately if the specified list begins with a
+.Sq +
+character, then the specified signature algorithms will be appended
+to the default set instead of replacing them.
+If the specified list begins with a
+.Sq -
+character, then the specified signature algorithms (including wildcards)
+will be removed from the default set instead of replacing them.
+If the specified list begins with a
+.Sq ^
+character, then the specified signature algorithms will be placed
+at the head of the default set.
+The default for this option is:
+.Bd -literal -offset 3n
+ssh-ed25519-cert-v01@openssh.com,
+ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ecdsa-sha2-nistp521-cert-v01@openssh.com,
+sk-ssh-ed25519-cert-v01@openssh.com,
+sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
+rsa-sha2-512-cert-v01@openssh.com,
+rsa-sha2-256-cert-v01@openssh.com,
+ssh-ed25519,
+ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+sk-ssh-ed25519@openssh.com,
+sk-ecdsa-sha2-nistp256@openssh.com,
+rsa-sha2-512,rsa-sha2-256
+.Ed
+.Pp
+The
+.Fl Q
+option of
+.Xr ssh 1
+may be used to list supported signature algorithms.
+This was formerly named HostbasedKeyTypes.
 .It Cm HostbasedAuthentication
 Specifies whether to try rhosts based authentication with public key
 authentication.
@@ -795,79 +900,42 @@
 or
 .Cm no
 (the default).
-.It Cm HostbasedKeyTypes
-Specifies the key types that will be used for hostbased authentication
-as a comma-separated list of patterns.
-Alternately if the specified list begins with a
-.Sq +
-character, then the specified key types will be appended to the default set
-instead of replacing them.
-If the specified list begins with a
-.Sq -
-character, then the specified key types (including wildcards) will be removed
-from the default set instead of replacing them.
-If the specified list begins with a
-.Sq ^
-character, then the specified key types will be placed at the head of the
-default set.
-The default for this option is:
-.Bd -literal -offset 3n
-ecdsa-sha2-nistp256-cert-v01@openssh.com,
-ecdsa-sha2-nistp384-cert-v01@openssh.com,
-ecdsa-sha2-nistp521-cert-v01@openssh.com,
-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
-ssh-ed25519-cert-v01@openssh.com,
-sk-ssh-ed25519-cert-v01@openssh.com,
-rsa-sha2-512-cert-v01@openssh.com,
-rsa-sha2-256-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-sk-ecdsa-sha2-nistp256@openssh.com,
-ssh-ed25519,sk-ssh-ed25519@openssh.com,
-rsa-sha2-512,rsa-sha2-256,ssh-rsa
-.Ed
-.Pp
-The
-.Fl Q
-option of
-.Xr ssh 1
-may be used to list supported key types.
 .It Cm HostKeyAlgorithms
-Specifies the host key algorithms
+Specifies the host key signature algorithms
 that the client wants to use in order of preference.
 Alternately if the specified list begins with a
 .Sq +
-character, then the specified key types will be appended to the default set
-instead of replacing them.
+character, then the specified signature algorithms will be appended to
+the default set instead of replacing them.
 If the specified list begins with a
 .Sq -
-character, then the specified key types (including wildcards) will be removed
-from the default set instead of replacing them.
+character, then the specified signature algorithms (including wildcards)
+will be removed from the default set instead of replacing them.
 If the specified list begins with a
 .Sq ^
-character, then the specified key types will be placed at the head of the
-default set.
+character, then the specified signature algorithms will be placed
+at the head of the default set.
 The default for this option is:
 .Bd -literal -offset 3n
+ssh-ed25519-cert-v01@openssh.com,
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
 ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
-ssh-ed25519-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
+sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
+ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 sk-ecdsa-sha2-nistp256@openssh.com,
-ssh-ed25519,sk-ssh-ed25519@openssh.com,
-rsa-sha2-512,rsa-sha2-256,ssh-rsa
+sk-ssh-ed25519@openssh.com,
+rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
 If hostkeys are known for the destination host then this default is modified
 to prefer their algorithms.
 .Pp
-The list of available key types may also be obtained using
+The list of available signature algorithms may also be obtained using
 .Qq ssh -Q HostKeyAlgorithms .
 .It Cm HostKeyAlias
 Specifies an alias that should be used instead of the
@@ -934,9 +1002,11 @@
 .Pp
 Arguments to
 .Cm IdentityAgent
-may use the tilde syntax to refer to a user's home directory
-or the tokens described in the
+may use the tilde syntax to refer to a user's home directory,
+the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 .It Cm IdentityFile
 Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
@@ -1004,6 +1074,7 @@
 wildcards and, for user configurations, shell-like
 .Sq ~
 references to user home directories.
+Wildcards will be expanded and processed in lexical order.
 Files without absolute paths are assumed to be in
 .Pa ~/.ssh
 if included in a user configuration file or
@@ -1065,6 +1136,8 @@
 (the default)
 or
 .Cm no .
+.Cm ChallengeResponseAuthentication
+is a deprecated alias for this.
 .It Cm KbdInteractiveDevices
 Specifies the list of methods to use in keyboard-interactive authentication.
 Multiple method names must be comma-separated.
@@ -1080,15 +1153,15 @@
 Multiple algorithms must be comma-separated.
 If the specified list begins with a
 .Sq +
-character, then the specified methods will be appended to the default set
+character, then the specified algorithms will be appended to the default set
 instead of replacing them.
 If the specified list begins with a
 .Sq -
-character, then the specified methods (including wildcards) will be removed
+character, then the specified algorithms (including wildcards) will be removed
 from the default set instead of replacing them.
 If the specified list begins with a
 .Sq ^
-character, then the specified methods will be placed at the head of the
+character, then the specified algorithms will be placed at the head of the
 default set.
 The default is:
 .Bd -literal -offset indent
@@ -1102,6 +1175,31 @@
 .Pp
 The list of available key exchange algorithms may also be obtained using
 .Qq ssh -Q kex .
+.It Cm KnownHostsCommand
+Specifies a command to use to obtain a list of host keys, in addition to
+those listed in
+.Cm UserKnownHostsFile
+and
+.Cm GlobalKnownHostsFile .
+This command is executed after the files have been read.
+It may write host key lines to standard output in identical format to the
+usual files (described in the
+.Sx VERIFYING HOST KEYS
+section in
+.Xr ssh 1 ) .
+Arguments to
+.Cm KnownHostsCommand
+accept the tokens described in the
+.Sx TOKENS
+section.
+The command may be invoked multiple times per connection: once when preparing
+the preference list of host key algorithms to use, again to obtain the
+host key for the requested host name and, if
+.Cm CheckHostIP
+is enabled, one more time to obtain the host key matching the server's
+address.
+If the command exits abnormally or returns a non-zero exit status then the
+connection is terminated.
 .It Cm LocalCommand
 Specifies a command to execute on the local machine after successfully
 connecting to the server.
@@ -1152,8 +1250,10 @@
 empty address or
 .Sq *
 indicates that the port should be available from all interfaces.
-Unix domain socket paths accept the tokens described in the
+Unix domain socket paths may use the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 .It Cm LogLevel
 Gives the verbosity level that is used when logging messages from
@@ -1163,6 +1263,23 @@
 The default is INFO.
 DEBUG and DEBUG1 are equivalent.
 DEBUG2 and DEBUG3 each specify higher levels of verbose output.
+.It Cm LogVerbose
+Specify one or more overrides to LogLevel.
+An override consists of a pattern lists that matches the source file, function
+and line number to force detailed logging for.
+For example, an override pattern of:
+.Bd -literal -offset indent
+kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
+.Ed
+.Pp
+would enable detailed logging for line 1000 of
+.Pa kex.c ,
+everything in the
+.Fn kex_exchange_identification
+function, and all code in the
+.Pa packet.c
+file.
+This option is intended for debugging and no overrides are enabled by default.
 .It Cm MACs
 Specifies the MAC (message authentication code) algorithms
 in order of preference.
@@ -1227,6 +1344,42 @@
 or
 .Cm no
 (the default).
+.It Cm PermitRemoteOpen
+Specifies the destinations to which remote TCP port forwarding is permitted when
+.Cm RemoteForward
+is used as a SOCKS proxy.
+The forwarding specification must be one of the following forms:
+.Pp
+.Bl -item -offset indent -compact
+.It
+.Cm PermitRemoteOpen
+.Sm off
+.Ar host : port
+.Sm on
+.It
+.Cm PermitRemoteOpen
+.Sm off
+.Ar IPv4_addr : port
+.Sm on
+.It
+.Cm PermitRemoteOpen
+.Sm off
+.Ar \&[ IPv6_addr \&] : port
+.Sm on
+.El
+.Pp
+Multiple forwards may be specified by separating them with whitespace.
+An argument of
+.Cm any
+can be used to remove all restrictions and permit any forwarding requests.
+An argument of
+.Cm none
+can be used to prohibit all forwarding requests.
+The wildcard
+.Sq *
+can be used for host or port to allow all hosts or ports respectively.
+Otherwise, no pattern matching or address lookups are performed on supplied
+names.
 .It Cm PKCS11Provider
 Specifies which PKCS#11 provider to use or
 .Cm none
@@ -1307,6 +1460,9 @@
 .Cm ProxyJump
 host and then establishing a
 TCP forwarding to the ultimate target from there.
+Setting the host to
+.Cm none
+disables this option entirely.
 .Pp
 Note that this option will compete with the
 .Cm ProxyCommand
@@ -1326,40 +1482,40 @@
 instead of continuing to execute and pass data.
 The default is
 .Cm no .
-.It Cm PubkeyAcceptedKeyTypes
-Specifies the key types that will be used for public key authentication
-as a comma-separated list of patterns.
+.It Cm PubkeyAcceptedAlgorithms
+Specifies the signature algorithms that will be used for public key
+authentication as a comma-separated list of patterns.
 If the specified list begins with a
 .Sq +
-character, then the key types after it will be appended to the default
+character, then the algorithms after it will be appended to the default
 instead of replacing it.
 If the specified list begins with a
 .Sq -
-character, then the specified key types (including wildcards) will be removed
+character, then the specified algorithms (including wildcards) will be removed
 from the default set instead of replacing them.
 If the specified list begins with a
 .Sq ^
-character, then the specified key types will be placed at the head of the
+character, then the specified algorithms will be placed at the head of the
 default set.
 The default for this option is:
 .Bd -literal -offset 3n
+ssh-ed25519-cert-v01@openssh.com,
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
 ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
-ssh-ed25519-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
+sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
+ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
-ssh-ed25519,sk-ssh-ed25519@openssh.com,
-rsa-sha2-512,rsa-sha2-256,ssh-rsa
+rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
-The list of available key types may also be obtained using
-.Qq ssh -Q PubkeyAcceptedKeyTypes .
+The list of available signature algorithms may also be obtained using
+.Qq ssh -Q PubkeyAcceptedAlgorithms .
 .It Cm PubkeyAuthentication
 Specifies whether to try public key authentication.
 The argument to this keyword must be
@@ -1369,7 +1525,7 @@
 .Cm no .
 .It Cm RekeyLimit
 Specifies the maximum amount of data that may be transmitted before the
-session key is renegotiated, optionally followed a maximum amount of
+session key is renegotiated, optionally followed by a maximum amount of
 time that may pass before the session key is renegotiated.
 The first argument is specified in bytes and may have a suffix of
 .Sq K ,
@@ -1417,14 +1573,19 @@
 or a Unix domain socket path,
 otherwise if no destination argument is specified then the remote forwarding
 will be established as a SOCKS proxy.
+When acting as a SOCKS proxy the destination of the connection can be
+restricted by
+.Cm PermitRemoteOpen .
 .Pp
 IPv6 addresses can be specified by enclosing addresses in square brackets.
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Privileged ports can be forwarded only when
 logging in as root on the remote machine.
-Unix domain socket paths accept the tokens described in the
+Unix domain socket paths may use the tokens described in the
 .Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
 section.
 .Pp
 If the
@@ -1548,12 +1709,45 @@
 channel to request a response from the server.
 The default
 is 0, indicating that these messages will not be sent to the server.
+.It Cm SessionType
+May be used to either request invocation of a subsystem on the remote system,
+or to prevent the execution of a remote command at all.
+The latter is useful for just forwarding ports.
+The argument to this keyword must be
+.Cm none
+(same as the
+.Fl N
+option),
+.Cm subsystem
+(same as the
+.Fl s
+option) or
+.Cm default
+(shell or command execution).
 .It Cm SetEnv
 Directly specify one or more environment variables and their contents to
 be sent to the server.
 Similarly to
 .Cm SendEnv ,
-the server must be prepared to accept the environment variable.
+with the exception of the
+.Ev TERM
+variable, the server must be prepared to accept the environment variable.
+.It Cm StdinNull
+Redirects stdin from
+.Pa /dev/null
+(actually, prevents reading from stdin).
+Either this or the equivalent
+.Fl n
+option must be used when
+.Nm ssh
+is run in the background.
+The argument to this keyword must be
+.Cm yes
+(same as the
+.Fl n
+option) or
+.Cm no
+(the default).
 .It Cm StreamLocalBindMask
 Sets the octal file creation mode mask
 .Pq umask
@@ -1596,14 +1790,15 @@
 add all new hosts.
 .Pp
 If this flag is set to
-.Dq accept-new
-then ssh will automatically add new host keys to the user
-known hosts files, but will not permit connections to hosts with
+.Cm accept-new
+then ssh will automatically add new host keys to the user's
+.Pa known_hosts
+file, but will not permit connections to hosts with
 changed host keys.
 If this flag is set to
-.Dq no
+.Cm no
 or
-.Dq off ,
+.Cm off ,
 ssh will automatically add new host keys to the user known hosts files
 and allow connections to hosts with changed hostkeys to proceed,
 subject to some restrictions.
@@ -1694,16 +1889,24 @@
 This option allows learning alternate hostkeys for a server
 and supports graceful key rotation by allowing a server to send replacement
 public keys before old ones are removed.
+.Pp
 Additional hostkeys are only accepted if the key used to authenticate the
-host was already trusted or explicitly accepted by the user.
+host was already trusted or explicitly accepted by the user, the host was
+authenticated via
+.Cm UserKnownHostsFile
+(i.e. not
+.Cm GlobalKnownHostsFile )
+and the host was authenticated using a plain key and not a certificate.
 .Pp
 .Cm UpdateHostKeys
 is enabled by default if the user has not overridden the default
 .Cm UserKnownHostsFile
-setting, otherwise
+setting and has not enabled
+.Cm VerifyHostKeyDNS ,
+otherwise
 .Cm UpdateHostKeys
 will be set to
-.Cm ask .
+.Cm no .
 .Pp
 If
 .Cm UpdateHostKeys
@@ -1727,6 +1930,12 @@
 .It Cm UserKnownHostsFile
 Specifies one or more files to use for the user
 host key database, separated by whitespace.
+Each filename may use tilde notation to refer to the user's home directory,
+the tokens described in the
+.Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
+section.
 The default is
 .Pa ~/.ssh/known_hosts ,
 .Pa ~/.ssh/known_hosts2 .
@@ -1829,10 +2038,34 @@
 Hash of %l%h%p%r.
 .It %d
 Local user's home directory.
+.It %f
+The fingerprint of the server's host key.
+.It %H
+The
+.Pa known_hosts
+hostname or address that is being searched for.
 .It %h
 The remote hostname.
+.It \%%I
+A string describing the reason for a
+.Cm KnownHostsCommand
+execution: either
+.Cm ADDRESS
+when looking up a host by address (only when
+.Cm CheckHostIP
+is enabled),
+.Cm HOSTNAME
+when searching by hostname, or
+.Cm ORDER
+when preparing the host key algorithm preference list to use for the
+destination host.
 .It %i
 The local user ID.
+.It %K
+The base64 encoded host key.
+.It %k
+The host key alias if specified, otherwise the original remote hostname given
+on the command line.
 .It %L
 The local hostname.
 .It %l
@@ -1852,6 +2085,9 @@
 tunnel forwarding was requested, or
 .Qq NONE
 otherwise.
+.It %t
+The type of the server host key, e.g.
+.Cm ssh-ed25519 .
 .It %u
 The local username.
 .El
@@ -1860,12 +2096,17 @@
 .Cm ControlPath ,
 .Cm IdentityAgent ,
 .Cm IdentityFile ,
+.Cm KnownHostsCommand ,
 .Cm LocalForward ,
 .Cm Match exec ,
 .Cm RemoteCommand ,
+.Cm RemoteForward ,
 and
-.Cm RemoteForward
-accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u.
+.Cm UserKnownHostsFile
+accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.
+.Pp
+.Cm KnownHostsCommand
+additionally accepts the tokens %f, %H, %I, %K and %t.
 .Pp
 .Cm Hostname
 accepts the tokens %% and %h.
@@ -1875,6 +2116,30 @@
 .Pp
 .Cm ProxyCommand
 accepts the tokens %%, %h, %n, %p, and %r.
+.Sh ENVIRONMENT VARIABLES
+Arguments to some keywords can be expanded at runtime from environment
+variables on the client by enclosing them in
+.Ic ${} ,
+for example
+.Ic ${HOME}/.ssh
+would refer to the user's .ssh directory.
+If a specified environment variable does not exist then an error will be
+returned and the setting for that keyword will be ignored.
+.Pp
+The keywords
+.Cm CertificateFile ,
+.Cm ControlPath ,
+.Cm IdentityAgent ,
+.Cm IdentityFile ,
+.Cm KnownHostsCommand ,
+and
+.Cm UserKnownHostsFile
+support environment variables.
+The keywords
+.Cm LocalForward
+and
+.Cm RemoteForward
+support environment variables only for Unix domain socket paths.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa ~/.ssh/config

sshbuf-getput-basic.c

diff --git a/sshbuf-getput-basic.c b/sshbuf-getput-basic.c
index da834d0..9803fb5 100644
--- a/sshbuf-getput-basic.c
+++ b/sshbuf-getput-basic.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-getput-basic.c,v 1.10 2019/12/13 19:09:37 djm Exp $	*/
+/*	$OpenBSD: sshbuf-getput-basic.c,v 1.11 2020/06/05 03:25:35 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -338,6 +338,8 @@
 int
 sshbuf_putb(struct sshbuf *buf, const struct sshbuf *v)
 {
+	if (v == NULL)
+		return 0;
 	return sshbuf_put(buf, sshbuf_ptr(v), sshbuf_len(v));
 }
 

sshbuf-misc.c

diff --git a/sshbuf-misc.c b/sshbuf-misc.c
index 9b5aa20..80714d1 100644
--- a/sshbuf-misc.c
+++ b/sshbuf-misc.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf-misc.c,v 1.14 2020/02/26 13:40:09 jsg Exp $	*/
+/*	$OpenBSD: sshbuf-misc.c,v 1.17 2021/08/11 05:21:32 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -63,9 +63,9 @@
 }
 
 void
-sshbuf_dump(struct sshbuf *buf, FILE *f)
+sshbuf_dump(const struct sshbuf *buf, FILE *f)
 {
-	fprintf(f, "buffer %p len = %zu\n", buf, sshbuf_len(buf));
+	fprintf(f, "buffer len = %zu\n", sshbuf_len(buf));
 	sshbuf_dump_data(sshbuf_ptr(buf), sshbuf_len(buf), f);
 }
 
@@ -167,6 +167,49 @@
 	return 0;
 }
 
+int
+sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap)
+{
+	int r = SSH_ERR_INTERNAL_ERROR;
+	u_char *p;
+	struct sshbuf *b = NULL;
+	size_t i, l;
+
+	if ((b = sshbuf_new()) == NULL)
+		return SSH_ERR_ALLOC_FAIL;
+	/* Encode using regular base64; we'll transform it once done */
+	if ((r = sshbuf_dtob64(d, b, wrap)) != 0)
+		goto out;
+	/* remove padding from end of encoded string*/
+	for (;;) {
+		l = sshbuf_len(b);
+		if (l <= 1 || sshbuf_ptr(b) == NULL) {
+			r = SSH_ERR_INTERNAL_ERROR;
+			goto out;
+		}
+		if (sshbuf_ptr(b)[l - 1] != '=')
+			break;
+		if ((r = sshbuf_consume_end(b, 1)) != 0)
+			goto out;
+	}
+	/* Replace characters with rfc4648 equivalents */
+	l = sshbuf_len(b);
+	if ((p = sshbuf_mutable_ptr(b)) == NULL) {
+		r = SSH_ERR_INTERNAL_ERROR;
+		goto out;
+	}
+	for (i = 0; i < l; i++) {
+		if (p[i] == '+')
+			p[i] = '-';
+		else if (p[i] == '/')
+			p[i] = '_';
+	}
+	r = sshbuf_putb(b64, b);
+ out:
+	sshbuf_free(b);
+	return r;
+}
+
 char *
 sshbuf_dup_string(struct sshbuf *buf)
 {

sshbuf.h

diff --git a/sshbuf.h b/sshbuf.h
index 94392c8..2ad0e61 100644
--- a/sshbuf.h
+++ b/sshbuf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.h,v 1.21 2020/04/26 09:38:14 dtucker Exp $	*/
+/*	$OpenBSD: sshbuf.h,v 1.23 2020/06/22 05:54:10 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -242,7 +242,7 @@
 #endif /* WITH_OPENSSL */
 
 /* Dump the contents of the buffer in a human-readable format */
-void	sshbuf_dump(struct sshbuf *buf, FILE *f);
+void	sshbuf_dump(const struct sshbuf *buf, FILE *f);
 
 /* Dump specified memory in a human-readable format */
 void	sshbuf_dump_data(const void *s, size_t len, FILE *f);
@@ -253,6 +253,8 @@
 /* Encode the contents of the buffer as base64 */
 char	*sshbuf_dtob64_string(const struct sshbuf *buf, int wrap);
 int	sshbuf_dtob64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
+/* RFC4648 "base64url" encoding variant */
+int	sshbuf_dtourlb64(const struct sshbuf *d, struct sshbuf *b64, int wrap);
 
 /* Decode base64 data and append it to the buffer */
 int	sshbuf_b64tod(struct sshbuf *buf, const char *b64);

sshconnect.c

diff --git a/sshconnect.c b/sshconnect.c
index af08be4..fcf87bb 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.329 2020/03/13 04:01:56 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.355 2021/07/02 05:11:21 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -30,6 +30,7 @@
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
@@ -89,11 +90,14 @@
     const char *host, const char *host_arg, int port)
 {
 	char *tmp, *ret, strport[NI_MAXSERV];
+	const char *keyalias = options.host_key_alias ?
+	    options.host_key_alias : host_arg;
 
 	snprintf(strport, sizeof strport, "%d", port);
 	xasprintf(&tmp, "exec %s", proxy_command);
 	ret = percent_expand(tmp,
 	    "h", host,
+	    "k", keyalias,
 	    "n", host_arg,
 	    "p", strport,
 	    "r", options.user,
@@ -102,24 +106,6 @@
 	return ret;
 }
 
-static void
-stderr_null(void)
-{
-	int devnull;
-
-	if ((devnull = open(_PATH_DEVNULL, O_WRONLY)) == -1) {
-		error("Can't open %s for stderr redirection: %s",
-		    _PATH_DEVNULL, strerror(errno));
-		return;
-	}
-	if (devnull == STDERR_FILENO)
-		return;
-	if (dup2(devnull, STDERR_FILENO) == -1)
-		error("Cannot redirect stderr to %s", _PATH_DEVNULL);
-	if (devnull > STDERR_FILENO)
-		close(devnull);
-}
-
 /*
  * Connect to the given ssh server using a proxy command that passes a
  * a connected fd back to us.
@@ -166,8 +152,8 @@
 		 * error messages may be printed on the user's terminal.
 		 */
 		if (!debug_flag && options.control_path != NULL &&
-		    options.control_persist)
-			stderr_null();
+		    options.control_persist && stdfd_devnull(0, 0, 1) == -1)
+			error_f("stdfd_devnull failed");
 
 		argv[0] = shell;
 		argv[1] = "-c";
@@ -249,16 +235,18 @@
 		 * error messages may be printed on the user's terminal.
 		 */
 		if (!debug_flag && options.control_path != NULL &&
-		    options.control_persist)
-			stderr_null();
+		    options.control_persist && stdfd_devnull(0, 0, 1) == -1)
+			error_f("stdfd_devnull failed");
 
 		argv[0] = shell;
 		argv[1] = "-c";
 		argv[2] = command_string;
 		argv[3] = NULL;
 
-		/* Execute the proxy command.  Note that we gave up any
-		   extra privileges above. */
+		/*
+		 * Execute the proxy command.  Note that we gave up any
+		 * extra privileges above.
+		 */
 		ssh_signal(SIGPIPE, SIG_DFL);
 		execv(argv[0], argv);
 		perror(argv[0]);
@@ -329,8 +317,7 @@
 				    htonl(INADDR_LOOPBACK))
 					continue;
 				if (*rlenp < sizeof(struct sockaddr_in)) {
-					error("%s: v4 addr doesn't fit",
-					    __func__);
+					error_f("v4 addr doesn't fit");
 					return -1;
 				}
 				*rlenp = sizeof(struct sockaddr_in);
@@ -344,8 +331,7 @@
 				    IN6_IS_ADDR_LOOPBACK(v6addr)))
 					continue;
 				if (*rlenp < sizeof(struct sockaddr_in6)) {
-					error("%s: v6 addr doesn't fit",
-					    __func__);
+					error_f("v6 addr doesn't fit");
 					return -1;
 				}
 				*rlenp = sizeof(struct sockaddr_in6);
@@ -380,6 +366,10 @@
 	}
 	fcntl(sock, F_SETFD, FD_CLOEXEC);
 
+	/* Use interactive QOS (if specified) until authentication completed */
+	if (options.ip_qos_interactive != INT_MAX)
+		set_sock_tos(sock, options.ip_qos_interactive);
+
 	/* Bind the socket to an alternative local IP address */
 	if (options.bind_address == NULL && options.bind_interface == NULL)
 		return sock;
@@ -406,14 +396,14 @@
 #ifdef HAVE_IFADDRS_H
 		if ((r = getifaddrs(&ifaddrs)) != 0) {
 			error("getifaddrs: %s: %s", options.bind_interface,
-			      strerror(errno));
+			    strerror(errno));
 			goto fail;
 		}
 		bindaddrlen = sizeof(bindaddr);
 		if (check_ifaddrs(options.bind_interface, ai->ai_family,
 		    ifaddrs, &bindaddr, &bindaddrlen) != 0) {
 			logit("getifaddrs: %s: no suitable addresses",
-			      options.bind_interface);
+			    options.bind_interface);
 			goto fail;
 		}
 #else
@@ -422,15 +412,14 @@
 	}
 	if ((r = getnameinfo((struct sockaddr *)&bindaddr, bindaddrlen,
 	    ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST)) != 0) {
-		error("%s: getnameinfo failed: %s", __func__,
-		    ssh_gai_strerror(r));
+		error_f("getnameinfo failed: %s", ssh_gai_strerror(r));
 		goto fail;
 	}
 	if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
 		error("bind %s: %s", ntop, strerror(errno));
 		goto fail;
 	}
-	debug("%s: bound to %s", __func__, ntop);
+	debug_f("bound to %s", ntop);
 	/* success */
 	goto out;
 fail:
@@ -457,15 +446,15 @@
  */
 static int
 ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop,
-    struct sockaddr_storage *hostaddr, u_short port, int family,
-    int connection_attempts, int *timeout_ms, int want_keepalive)
+    struct sockaddr_storage *hostaddr, u_short port, int connection_attempts,
+    int *timeout_ms, int want_keepalive)
 {
 	int on = 1, saved_timeout_ms = *timeout_ms;
 	int oerrno, sock = -1, attempt;
 	char ntop[NI_MAXHOST], strport[NI_MAXSERV];
 	struct addrinfo *ai;
 
-	debug2("%s", __func__);
+	debug3_f("entering");
 	memset(ntop, 0, sizeof(ntop));
 	memset(strport, 0, sizeof(strport));
 
@@ -489,7 +478,7 @@
 			    ntop, sizeof(ntop), strport, sizeof(strport),
 			    NI_NUMERICHOST|NI_NUMERICSERV) != 0) {
 				oerrno = errno;
-				error("%s: getnameinfo failed", __func__);
+				error_f("getnameinfo failed");
 				errno = oerrno;
 				continue;
 			}
@@ -548,19 +537,19 @@
 int
 ssh_connect(struct ssh *ssh, const char *host, const char *host_arg,
     struct addrinfo *addrs, struct sockaddr_storage *hostaddr, u_short port,
-    int family, int connection_attempts, int *timeout_ms, int want_keepalive)
+    int connection_attempts, int *timeout_ms, int want_keepalive)
 {
 	int in, out;
 
 	if (options.proxy_command == NULL) {
 		return ssh_connect_direct(ssh, host, addrs, hostaddr, port,
-		    family, connection_attempts, timeout_ms, want_keepalive);
+		    connection_attempts, timeout_ms, want_keepalive);
 	} else if (strcmp(options.proxy_command, "-") == 0) {
 		if ((in = dup(STDIN_FILENO)) == -1 ||
 		    (out = dup(STDOUT_FILENO)) == -1) {
 			if (in >= 0)
 				close(in);
-			error("%s: dup() in/out failed", __func__);
+			error_f("dup() in/out failed");
 			return -1; /* ssh_packet_set_connection logs error */
 		}
 		if ((ssh_packet_set_connection(ssh, in, out)) == NULL)
@@ -594,7 +583,7 @@
 		if (p[0] == '\0' || strcasecmp(p, "no") == 0)
 			ret = 0;
 		else if (strcasecmp(p, "yes") == 0 || (fingerprint != NULL &&
-		    strcasecmp(p, fingerprint) == 0))
+		    strcmp(p, fingerprint) == 0))
 			ret = 1;
 		free(cp);
 		if (ret != -1)
@@ -603,32 +592,6 @@
 }
 
 static int
-check_host_cert(const char *host, const struct sshkey *key)
-{
-	const char *reason;
-	int r;
-
-	if (sshkey_cert_check_authority(key, 1, 0, host, &reason) != 0) {
-		error("%s", reason);
-		return 0;
-	}
-	if (sshbuf_len(key->cert->critical) != 0) {
-		error("Certificate for %s contains unsupported "
-		    "critical options(s)", host);
-		return 0;
-	}
-	if ((r = sshkey_check_cert_sigtype(key,
-	    options.ca_sign_algorithms)) != 0) {
-		logit("%s: certificate signature algorithm %s: %s", __func__,
-		    (key->cert == NULL || key->cert->signature_type == NULL) ?
-		    "(null)" : key->cert->signature_type, ssh_err(r));
-		return 0;
-	}
-
-	return 1;
-}
-
-static int
 sockaddr_is_local(struct sockaddr *hostaddr)
 {
 	switch (hostaddr->sa_family) {
@@ -677,7 +640,7 @@
 		if (options.proxy_command == NULL) {
 			if (getnameinfo(hostaddr, addrlen,
 			    ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0)
-			fatal("%s: getnameinfo failed", __func__);
+			fatal_f("getnameinfo failed");
 			*hostfile_ipaddr = put_host_port(ntop, port);
 		} else {
 			*hostfile_ipaddr = xstrdup("<no hostip for proxy "
@@ -701,6 +664,257 @@
 	}
 }
 
+/* returns non-zero if path appears in hostfiles, or 0 if not. */
+static int
+path_in_hostfiles(const char *path, char **hostfiles, u_int num_hostfiles)
+{
+	u_int i;
+
+	for (i = 0; i < num_hostfiles; i++) {
+		if (strcmp(path, hostfiles[i]) == 0)
+			return 1;
+	}
+	return 0;
+}
+
+struct find_by_key_ctx {
+	const char *host, *ip;
+	const struct sshkey *key;
+	char **names;
+	u_int nnames;
+};
+
+/* Try to replace home directory prefix (per $HOME) with a ~/ sequence */
+static char *
+try_tilde_unexpand(const char *path)
+{
+	char *home, *ret = NULL;
+	size_t l;
+
+	if (*path != '/')
+		return xstrdup(path);
+	if ((home = getenv("HOME")) == NULL || (l = strlen(home)) == 0)
+		return xstrdup(path);
+	if (strncmp(path, home, l) != 0)
+		return xstrdup(path);
+	/*
+	 * ensure we have matched on a path boundary: either the $HOME that
+	 * we just compared ends with a '/' or the next character of the path
+	 * must be a '/'.
+	 */
+	if (home[l - 1] != '/' && path[l] != '/')
+		return xstrdup(path);
+	if (path[l] == '/')
+		l++;
+	xasprintf(&ret, "~/%s", path + l);
+	return ret;
+}
+
+static int
+hostkeys_find_by_key_cb(struct hostkey_foreach_line *l, void *_ctx)
+{
+	struct find_by_key_ctx *ctx = (struct find_by_key_ctx *)_ctx;
+	char *path;
+
+	/* we are looking for keys with names that *do not* match */
+	if ((l->match & HKF_MATCH_HOST) != 0)
+		return 0;
+	/* not interested in marker lines */
+	if (l->marker != MRK_NONE)
+		return 0;
+	/* we are only interested in exact key matches */
+	if (l->key == NULL || !sshkey_equal(ctx->key, l->key))
+		return 0;
+	path = try_tilde_unexpand(l->path);
+	debug_f("found matching key in %s:%lu", path, l->linenum);
+	ctx->names = xrecallocarray(ctx->names,
+	    ctx->nnames, ctx->nnames + 1, sizeof(*ctx->names));
+	xasprintf(&ctx->names[ctx->nnames], "%s:%lu: %s", path, l->linenum,
+	    strncmp(l->hosts, HASH_MAGIC, strlen(HASH_MAGIC)) == 0 ?
+	    "[hashed name]" : l->hosts);
+	ctx->nnames++;
+	free(path);
+	return 0;
+}
+
+static int
+hostkeys_find_by_key_hostfile(const char *file, const char *which,
+    struct find_by_key_ctx *ctx)
+{
+	int r;
+
+	debug3_f("trying %s hostfile \"%s\"", which, file);
+	if ((r = hostkeys_foreach(file, hostkeys_find_by_key_cb, ctx,
+	    ctx->host, ctx->ip, HKF_WANT_PARSE_KEY, 0)) != 0) {
+		if (r == SSH_ERR_SYSTEM_ERROR && errno == ENOENT) {
+			debug_f("hostkeys file %s does not exist", file);
+			return 0;
+		}
+		error_fr(r, "hostkeys_foreach failed for %s", file);
+		return r;
+	}
+	return 0;
+}
+
+/*
+ * Find 'key' in known hosts file(s) that do not match host/ip.
+ * Used to display also-known-as information for previously-unseen hostkeys.
+ */
+static void
+hostkeys_find_by_key(const char *host, const char *ip, const struct sshkey *key,
+    char **user_hostfiles, u_int num_user_hostfiles,
+    char **system_hostfiles, u_int num_system_hostfiles,
+    char ***names, u_int *nnames)
+{
+	struct find_by_key_ctx ctx = {0, 0, 0, 0, 0};
+	u_int i;
+
+	*names = NULL;
+	*nnames = 0;
+
+	if (key == NULL || sshkey_is_cert(key))
+		return;
+
+	ctx.host = host;
+	ctx.ip = ip;
+	ctx.key = key;
+
+	for (i = 0; i < num_user_hostfiles; i++) {
+		if (hostkeys_find_by_key_hostfile(user_hostfiles[i],
+		    "user", &ctx) != 0)
+			goto fail;
+	}
+	for (i = 0; i < num_system_hostfiles; i++) {
+		if (hostkeys_find_by_key_hostfile(system_hostfiles[i],
+		    "system", &ctx) != 0)
+			goto fail;
+	}
+	/* success */
+	*names = ctx.names;
+	*nnames = ctx.nnames;
+	ctx.names = NULL;
+	ctx.nnames = 0;
+	return;
+ fail:
+	for (i = 0; i < ctx.nnames; i++)
+		free(ctx.names[i]);
+	free(ctx.names);
+}
+
+#define MAX_OTHER_NAMES	8 /* Maximum number of names to list */
+static char *
+other_hostkeys_message(const char *host, const char *ip,
+    const struct sshkey *key,
+    char **user_hostfiles, u_int num_user_hostfiles,
+    char **system_hostfiles, u_int num_system_hostfiles)
+{
+	char *ret = NULL, **othernames = NULL;
+	u_int i, n, num_othernames = 0;
+
+	hostkeys_find_by_key(host, ip, key,
+	    user_hostfiles, num_user_hostfiles,
+	    system_hostfiles, num_system_hostfiles,
+	    &othernames, &num_othernames);
+	if (num_othernames == 0)
+		return xstrdup("This key is not known by any other names");
+
+	xasprintf(&ret, "This host key is known by the following other "
+	    "names/addresses:");
+
+	n = num_othernames;
+	if (n > MAX_OTHER_NAMES)
+		n = MAX_OTHER_NAMES;
+	for (i = 0; i < n; i++) {
+		xextendf(&ret, "\n", "    %s", othernames[i]);
+	}
+	if (n < num_othernames) {
+		xextendf(&ret, "\n", "    (%d additional names omitted)",
+		    num_othernames - n);
+	}
+	for (i = 0; i < num_othernames; i++)
+		free(othernames[i]);
+	free(othernames);
+	return ret;
+}
+
+void
+load_hostkeys_command(struct hostkeys *hostkeys, const char *command_template,
+    const char *invocation, const struct ssh_conn_info *cinfo,
+    const struct sshkey *host_key, const char *hostfile_hostname)
+{
+	int r, i, ac = 0;
+	char *key_fp = NULL, *keytext = NULL, *tmp;
+	char *command = NULL, *tag = NULL, **av = NULL;
+	FILE *f = NULL;
+	pid_t pid;
+	void (*osigchld)(int);
+
+	xasprintf(&tag, "KnownHostsCommand-%s", invocation);
+
+	if (host_key != NULL) {
+		if ((key_fp = sshkey_fingerprint(host_key,
+		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+			fatal_f("sshkey_fingerprint failed");
+		if ((r = sshkey_to_base64(host_key, &keytext)) != 0)
+			fatal_fr(r, "sshkey_to_base64 failed");
+	}
+	/*
+	 * NB. all returns later this function should go via "out" to
+	 * ensure the original SIGCHLD handler is restored properly.
+	 */
+	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
+
+	/* Turn the command into an argument vector */
+	if (argv_split(command_template, &ac, &av, 0) != 0) {
+		error("%s \"%s\" contains invalid quotes", tag,
+		    command_template);
+		goto out;
+	}
+	if (ac == 0) {
+		error("%s \"%s\" yielded no arguments", tag,
+		    command_template);
+		goto out;
+	}
+	for (i = 1; i < ac; i++) {
+		tmp = percent_dollar_expand(av[i],
+		    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
+		    "H", hostfile_hostname,
+		    "I", invocation,
+		    "t", host_key == NULL ? "NONE" : sshkey_ssh_name(host_key),
+		    "f", key_fp == NULL ? "NONE" : key_fp,
+		    "K", keytext == NULL ? "NONE" : keytext,
+		    (char *)NULL);
+		if (tmp == NULL)
+			fatal_f("percent_expand failed");
+		free(av[i]);
+		av[i] = tmp;
+	}
+	/* Prepare a printable command for logs, etc. */
+	command = argv_assemble(ac, av);
+
+	if ((pid = subprocess(tag, command, ac, av, &f,
+	    SSH_SUBPROCESS_STDOUT_CAPTURE|SSH_SUBPROCESS_UNSAFE_PATH|
+	    SSH_SUBPROCESS_PRESERVE_ENV, NULL, NULL, NULL)) == 0)
+		goto out;
+
+	load_hostkeys_file(hostkeys, hostfile_hostname, tag, f, 1);
+
+	if (exited_cleanly(pid, tag, command, 0) != 0)
+		fatal("KnownHostsCommand failed");
+
+ out:
+	if (f != NULL)
+		fclose(f);
+	ssh_signal(SIGCHLD, osigchld);
+	for (i = 0; i < ac; i++)
+		free(av[i]);
+	free(av);
+	free(tag);
+	free(command);
+	free(key_fp);
+	free(keytext);
+}
+
 /*
  * check whether the supplied host key is valid, return -1 if the key
  * is not valid. user_hostfile[0] will not be updated if 'readonly' is true.
@@ -709,19 +923,20 @@
 #define RDONLY	1
 #define ROQUIET	2
 static int
-check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
-    struct sshkey *host_key, int readonly,
+check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
+    struct sockaddr *hostaddr, u_short port,
+    struct sshkey *host_key, int readonly, int clobber_port,
     char **user_hostfiles, u_int num_user_hostfiles,
-    char **system_hostfiles, u_int num_system_hostfiles)
+    char **system_hostfiles, u_int num_system_hostfiles,
+    const char *hostfile_command)
 {
-	HostStatus host_status;
-	HostStatus ip_status;
+	HostStatus host_status = -1, ip_status = -1;
 	struct sshkey *raw_key = NULL;
 	char *ip = NULL, *host = NULL;
 	char hostline[1000], *hostp, *fp, *ra;
 	char msg[1024];
-	const char *type;
-	const struct hostkey_entry *host_found, *ip_found;
+	const char *type, *fail_reason;
+	const struct hostkey_entry *host_found = NULL, *ip_found = NULL;
 	int len, cancelled_forwarding = 0, confirmed;
 	int local = sockaddr_is_local(hostaddr);
 	int r, want_cert = sshkey_is_cert(host_key), host_ip_differ = 0;
@@ -741,6 +956,7 @@
 	    options.host_key_alias == NULL) {
 		debug("Forcing accepting of host key for "
 		    "loopback/localhost.");
+		options.update_hostkeys = 0;
 		return 0;
 	}
 
@@ -748,7 +964,8 @@
 	 * Prepare the hostname and address strings used for hostkey lookup.
 	 * In some cases, these will have a port number appended.
 	 */
-	get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip);
+	get_hostfile_hostname_ipaddr(hostname, hostaddr,
+	    clobber_port ? 0 : port, &host, &ip);
 
 	/*
 	 * Turn off check_host_ip if the connection is to localhost, via proxy
@@ -760,17 +977,25 @@
 
 	host_hostkeys = init_hostkeys();
 	for (i = 0; i < num_user_hostfiles; i++)
-		load_hostkeys(host_hostkeys, host, user_hostfiles[i]);
+		load_hostkeys(host_hostkeys, host, user_hostfiles[i], 0);
 	for (i = 0; i < num_system_hostfiles; i++)
-		load_hostkeys(host_hostkeys, host, system_hostfiles[i]);
+		load_hostkeys(host_hostkeys, host, system_hostfiles[i], 0);
+	if (hostfile_command != NULL && !clobber_port) {
+		load_hostkeys_command(host_hostkeys, hostfile_command,
+		    "HOSTNAME", cinfo, host_key, host);
+	}
 
 	ip_hostkeys = NULL;
 	if (!want_cert && options.check_host_ip) {
 		ip_hostkeys = init_hostkeys();
 		for (i = 0; i < num_user_hostfiles; i++)
-			load_hostkeys(ip_hostkeys, ip, user_hostfiles[i]);
+			load_hostkeys(ip_hostkeys, ip, user_hostfiles[i], 0);
 		for (i = 0; i < num_system_hostfiles; i++)
-			load_hostkeys(ip_hostkeys, ip, system_hostfiles[i]);
+			load_hostkeys(ip_hostkeys, ip, system_hostfiles[i], 0);
+		if (hostfile_command != NULL && !clobber_port) {
+			load_hostkeys_command(ip_hostkeys, hostfile_command,
+			    "ADDRESS", cinfo, host_key, ip);
+		}
 	}
 
  retry:
@@ -786,6 +1011,14 @@
 	    &host_found);
 
 	/*
+	 * If there are no hostfiles, or if the hostkey was found via
+	 * KnownHostsCommand, then don't try to touch the disk.
+	 */
+	if (!readonly && (num_user_hostfiles == 0 ||
+	    (host_found != NULL && host_found->note != 0)))
+		readonly = RDONLY;
+
+	/*
 	 * Also perform check for the ip address, skip the check if we are
 	 * localhost, looking for a certificate, or the hostname was an ip
 	 * address to begin with.
@@ -808,10 +1041,40 @@
 		    host, type, want_cert ? "certificate" : "key");
 		debug("Found %s in %s:%lu", want_cert ? "CA key" : "key",
 		    host_found->file, host_found->line);
-		if (want_cert &&
-		    !check_host_cert(options.host_key_alias == NULL ?
-		    hostname : options.host_key_alias, host_key))
-			goto fail;
+		if (want_cert) {
+			if (sshkey_cert_check_host(host_key,
+			    options.host_key_alias == NULL ?
+			    hostname : options.host_key_alias, 0,
+			    options.ca_sign_algorithms, &fail_reason) != 0) {
+				error("%s", fail_reason);
+				goto fail;
+			}
+			/*
+			 * Do not attempt hostkey update if a certificate was
+			 * successfully matched.
+			 */
+			if (options.update_hostkeys != 0) {
+				options.update_hostkeys = 0;
+				debug3_f("certificate host key in use; "
+				    "disabling UpdateHostkeys");
+			}
+		}
+		/* Turn off UpdateHostkeys if key was in system known_hosts */
+		if (options.update_hostkeys != 0 &&
+		    (path_in_hostfiles(host_found->file,
+		    system_hostfiles, num_system_hostfiles) ||
+		    (ip_status == HOST_OK && ip_found != NULL &&
+		    path_in_hostfiles(ip_found->file,
+		    system_hostfiles, num_system_hostfiles)))) {
+			options.update_hostkeys = 0;
+			debug3_f("host key found in GlobalKnownHostsFile; "
+			    "disabling UpdateHostkeys");
+		}
+		if (options.update_hostkeys != 0 && host_found->note) {
+			options.update_hostkeys = 0;
+			debug3_f("host key found via KnownHostsCommand; "
+			    "disabling UpdateHostkeys");
+		}
 		if (options.check_host_ip && ip_status == HOST_NEW) {
 			if (readonly || want_cert)
 				logit("%s host key for IP address "
@@ -833,7 +1096,7 @@
 			ra = sshkey_fingerprint(host_key,
 			    options.fingerprint_hash, SSH_FP_RANDOMART);
 			if (fp == NULL || ra == NULL)
-				fatal("%s: sshkey_fingerprint fail", __func__);
+				fatal_f("sshkey_fingerprint failed");
 			logit("Host key fingerprint is %s\n%s", fp, ra);
 			free(ra);
 			free(fp);
@@ -842,11 +1105,13 @@
 		break;
 	case HOST_NEW:
 		if (options.host_key_alias == NULL && port != 0 &&
-		    port != SSH_DEFAULT_PORT) {
+		    port != SSH_DEFAULT_PORT && !clobber_port) {
 			debug("checking without port identifier");
-			if (check_host_key(hostname, hostaddr, 0, host_key,
-			    ROQUIET, user_hostfiles, num_user_hostfiles,
-			    system_hostfiles, num_system_hostfiles) == 0) {
+			if (check_host_key(hostname, cinfo, hostaddr, 0,
+			    host_key, ROQUIET, 1,
+			    user_hostfiles, num_user_hostfiles,
+			    system_hostfiles, num_system_hostfiles,
+			    hostfile_command) == 0) {
 				debug("found matching key w/out port");
 				break;
 			}
@@ -866,45 +1131,48 @@
 			goto fail;
 		} else if (options.strict_host_key_checking ==
 		    SSH_STRICT_HOSTKEY_ASK) {
-			char msg1[1024], msg2[1024];
+			char *msg1 = NULL, *msg2 = NULL;
 
-			if (show_other_keys(host_hostkeys, host_key))
-				snprintf(msg1, sizeof(msg1),
-				    "\nbut keys of different type are already"
-				    " known for this host.");
-			else
-				snprintf(msg1, sizeof(msg1), ".");
-			/* The default */
+			xasprintf(&msg1, "The authenticity of host "
+			    "'%.200s (%s)' can't be established", host, ip);
+
+			if (show_other_keys(host_hostkeys, host_key)) {
+				xextendf(&msg1, "\n", "but keys of different "
+				    "type are already known for this host.");
+			} else
+				xextendf(&msg1, "", ".");
+
 			fp = sshkey_fingerprint(host_key,
 			    options.fingerprint_hash, SSH_FP_DEFAULT);
 			ra = sshkey_fingerprint(host_key,
 			    options.fingerprint_hash, SSH_FP_RANDOMART);
 			if (fp == NULL || ra == NULL)
-				fatal("%s: sshkey_fingerprint fail", __func__);
-			msg2[0] = '\0';
+				fatal_f("sshkey_fingerprint failed");
+			xextendf(&msg1, "\n", "%s key fingerprint is %s.",
+			    type, fp);
+			if (options.visual_host_key)
+				xextendf(&msg1, "\n", "%s", ra);
 			if (options.verify_host_key_dns) {
-				if (matching_host_key_dns)
-					snprintf(msg2, sizeof(msg2),
-					    "Matching host key fingerprint"
-					    " found in DNS.\n");
-				else
-					snprintf(msg2, sizeof(msg2),
-					    "No matching host key fingerprint"
-					    " found in DNS.\n");
+				xextendf(&msg1, "\n",
+				    "%s host key fingerprint found in DNS.",
+				    matching_host_key_dns ?
+				    "Matching" : "No matching");
 			}
-			snprintf(msg, sizeof(msg),
-			    "The authenticity of host '%.200s (%s)' can't be "
-			    "established%s\n"
-			    "%s key fingerprint is %s.%s%s\n%s"
+			/* msg2 informs for other names matching this key */
+			if ((msg2 = other_hostkeys_message(host, ip, host_key,
+			    user_hostfiles, num_user_hostfiles,
+			    system_hostfiles, num_system_hostfiles)) != NULL)
+				xextendf(&msg1, "\n", "%s", msg2);
+
+			xextendf(&msg1, "\n",
 			    "Are you sure you want to continue connecting "
-			    "(yes/no/[fingerprint])? ",
-			    host, ip, msg1, type, fp,
-			    options.visual_host_key ? "\n" : "",
-			    options.visual_host_key ? ra : "",
-			    msg2);
+			    "(yes/no/[fingerprint])? ");
+
+			confirmed = confirm(msg1, fp);
 			free(ra);
-			confirmed = confirm(msg, fp);
 			free(fp);
+			free(msg1);
+			free(msg2);
 			if (!confirmed)
 				goto fail;
 			hostkey_trusted = 1; /* user explicitly confirmed */
@@ -1009,8 +1277,8 @@
 		 */
 		if (options.strict_host_key_checking !=
 		    SSH_STRICT_HOSTKEY_OFF) {
-			error("%s host key for %.200s has changed and you have "
-			    "requested strict checking.", type, host);
+			error("Host key for %.200s has changed and you have "
+			    "requested strict checking.", host);
 			goto fail;
 		}
 
@@ -1030,13 +1298,6 @@
 			error("Keyboard-interactive authentication is disabled"
 			    " to avoid man-in-the-middle attacks.");
 			options.kbd_interactive_authentication = 0;
-			options.challenge_response_authentication = 0;
-			cancelled_forwarding = 1;
-		}
-		if (options.challenge_response_authentication) {
-			error("Challenge/response authentication is disabled"
-			    " to avoid man-in-the-middle attacks.");
-			options.challenge_response_authentication = 0;
 			cancelled_forwarding = 1;
 		}
 		if (options.forward_agent) {
@@ -1065,6 +1326,11 @@
 			options.tun_open = SSH_TUNMODE_NO;
 			cancelled_forwarding = 1;
 		}
+		if (options.update_hostkeys != 0) {
+			error("UpdateHostkeys is disabled because the host "
+			    "key is not trusted.");
+			options.update_hostkeys = 0;
+		}
 		if (options.exit_on_forward_failure && cancelled_forwarding)
 			fatal("Error: forwarding disabled due to host key "
 			    "check failure");
@@ -1073,7 +1339,7 @@
 		 * XXX Should permit the user to change to use the new id.
 		 * This could be done by converting the host key to an
 		 * identifying sentence, tell that the host identifies itself
-		 * by that sentence, and ask the user if he/she wishes to
+		 * by that sentence, and ask the user if they wish to
 		 * accept the authentication.
 		 */
 		break;
@@ -1112,8 +1378,8 @@
 	}
 
 	if (!hostkey_trusted && options.update_hostkeys) {
-		debug("%s: hostkey not known or explicitly trusted: "
-		    "disabling UpdateHostkeys", __func__);
+		debug_f("hostkey not known or explicitly trusted: "
+		    "disabling UpdateHostkeys");
 		options.update_hostkeys = 0;
 	}
 
@@ -1133,10 +1399,9 @@
 		 */
 		debug("No matching CA found. Retry with plain key");
 		if ((r = sshkey_from_private(host_key, &raw_key)) != 0)
-			fatal("%s: sshkey_from_private: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "decode key");
 		if ((r = sshkey_drop_cert(raw_key)) != 0)
-			fatal("Couldn't drop certificate: %s", ssh_err(r));
+			fatal_r(r, "Couldn't drop certificate");
 		host_key = raw_key;
 		goto retry;
 	}
@@ -1152,7 +1417,8 @@
 
 /* returns 0 if key verifies or -1 if key does NOT verify */
 int
-verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
+verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
+    const struct ssh_conn_info *cinfo)
 {
 	u_int i;
 	int r = -1, flags = 0;
@@ -1161,7 +1427,7 @@
 
 	if ((fp = sshkey_fingerprint(host_key,
 	    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
-		error("%s: fingerprint host key: %s", __func__, ssh_err(r));
+		error_fr(r, "fingerprint host key");
 		r = -1;
 		goto out;
 	}
@@ -1169,8 +1435,7 @@
 	if (sshkey_is_cert(host_key)) {
 		if ((cafp = sshkey_fingerprint(host_key->cert->signature_key,
 		    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL) {
-			error("%s: fingerprint CA key: %s",
-			    __func__, ssh_err(r));
+			error_fr(r, "fingerprint CA key");
 			r = -1;
 			goto out;
 		}
@@ -1192,8 +1457,8 @@
 	}
 
 	if (sshkey_equal(previous_host_key, host_key)) {
-		debug2("%s: server host key %s %s matches cached key",
-		    __func__, sshkey_type(host_key), fp);
+		debug2_f("server host key %s %s matches cached key",
+		    sshkey_type(host_key), fp);
 		r = 0;
 		goto out;
 	}
@@ -1211,9 +1476,9 @@
 			r = -1;
 			goto out;
 		default:
-			error("Error checking host key %s %s in "
-			    "revoked keys file %s: %s", sshkey_type(host_key),
-			    fp, options.revoked_host_keys, ssh_err(r));
+			error_r(r, "Error checking host key %s %s in "
+			    "revoked keys file %s", sshkey_type(host_key),
+			    fp, options.revoked_host_keys);
 			r = -1;
 			goto out;
 		}
@@ -1247,9 +1512,10 @@
 			}
 		}
 	}
-	r = check_host_key(host, hostaddr, options.port, host_key, RDRW,
-	    options.user_hostfiles, options.num_user_hostfiles,
-	    options.system_hostfiles, options.num_system_hostfiles);
+	r = check_host_key(host, cinfo, hostaddr, options.port, host_key,
+	    RDRW, 0, options.user_hostfiles, options.num_user_hostfiles,
+	    options.system_hostfiles, options.num_system_hostfiles,
+	    options.known_hosts_command);
 
 out:
 	sshkey_free(plain);
@@ -1272,7 +1538,8 @@
  */
 void
 ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
-    struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms)
+    struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms,
+    const struct ssh_conn_info *cinfo)
 {
 	char *host;
 	char *server_user, *local_user;
@@ -1295,7 +1562,7 @@
 	/* key exchange */
 	/* authenticate user */
 	debug("Authenticating to %s:%d as '%s'", host, port, server_user);
-	ssh_kex2(ssh, host, hostaddr, port);
+	ssh_kex2(ssh, host, hostaddr, port, cinfo);
 	ssh_userauth2(ssh, local_user, server_user, host, sensitive);
 	free(local_user);
 	free(host);
@@ -1320,14 +1587,15 @@
 	for (i = 0; type[i] != -1; i++) {
 		if (type[i] == key->type)
 			continue;
-		if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found))
+		if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i],
+		    -1, &found))
 			continue;
 		fp = sshkey_fingerprint(found->key,
 		    options.fingerprint_hash, SSH_FP_DEFAULT);
 		ra = sshkey_fingerprint(found->key,
 		    options.fingerprint_hash, SSH_FP_RANDOMART);
 		if (fp == NULL || ra == NULL)
-			fatal("%s: sshkey_fingerprint fail", __func__);
+			fatal_f("sshkey_fingerprint fail");
 		logit("WARNING: %s key found for host %s\n"
 		    "in %s:%lu\n"
 		    "%s key fingerprint %s.",
@@ -1351,7 +1619,7 @@
 	fp = sshkey_fingerprint(host_key, options.fingerprint_hash,
 	    SSH_FP_DEFAULT);
 	if (fp == NULL)
-		fatal("%s: sshkey_fingerprint fail", __func__);
+		fatal_f("sshkey_fingerprint fail");
 
 	error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
 	error("@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @");
@@ -1430,7 +1698,8 @@
 	if (sshkey_is_sk(private))
 		skprovider = options.sk_provider;
 	if ((r = ssh_add_identity_constrained(auth_sock, private,
-	    comment == NULL ? authfile : comment, 0,
+	    comment == NULL ? authfile : comment,
+	    options.add_keys_to_agent_lifespan,
 	    (options.add_keys_to_agent == 3), 0, skprovider)) == 0)
 		debug("identity added to agent: %s", authfile);
 	else

sshconnect.h

diff --git a/sshconnect.h b/sshconnect.h
index 7c091e2..f518a9a 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.40 2020/01/25 07:17:18 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.46 2020/12/22 00:15:23 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -30,23 +30,56 @@
 	int		nkeys;
 };
 
+struct ssh_conn_info {
+	char *conn_hash_hex;
+	char *shorthost;
+	char *uidstr;
+	char *keyalias;
+	char *thishost;
+	char *host_arg;
+	char *portstr;
+	char *remhost;
+	char *remuser;
+	char *homedir;
+	char *locuser;
+};
+
 struct addrinfo;
 struct ssh;
+struct hostkeys;
+struct ssh_conn_info;
+
+/* default argument for client percent expansions */
+#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(conn_info) \
+	"C", conn_info->conn_hash_hex, \
+	"L", conn_info->shorthost, \
+	"i", conn_info->uidstr, \
+	"k", conn_info->keyalias, \
+	"l", conn_info->thishost, \
+	"n", conn_info->host_arg, \
+	"p", conn_info->portstr, \
+	"d", conn_info->homedir, \
+	"h", conn_info->remhost, \
+	"r", conn_info->remuser, \
+	"u", conn_info->locuser
 
 int	 ssh_connect(struct ssh *, const char *, const char *,
 	    struct addrinfo *, struct sockaddr_storage *, u_short,
-	    int, int, int *, int);
+	    int, int *, int);
 void	 ssh_kill_proxy_command(void);
 
 void	 ssh_login(struct ssh *, Sensitive *, const char *,
-    struct sockaddr *, u_short, struct passwd *, int);
+    struct sockaddr *, u_short, struct passwd *, int,
+    const struct ssh_conn_info *);
 
-int	 verify_host_key(char *, struct sockaddr *, struct sshkey *);
+int	 verify_host_key(char *, struct sockaddr *, struct sshkey *,
+    const struct ssh_conn_info *);
 
 void	 get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short,
     char **, char **);
 
-void	 ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short);
+void	 ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short,
+    const struct ssh_conn_info *);
 
 void	 ssh_userauth2(struct ssh *ssh, const char *, const char *,
     char *, Sensitive *);
@@ -55,3 +88,7 @@
 
 void	 maybe_add_key_to_agent(const char *, struct sshkey *,
     const char *, const char *);
+
+void	 load_hostkeys_command(struct hostkeys *, const char *,
+    const char *, const struct ssh_conn_info *,
+    const struct sshkey *, const char *);

sshconnect2.c

diff --git a/sshconnect2.c b/sshconnect2.c
index 1a6545e..fea50fa 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.321 2020/04/17 03:38:47 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.351 2021/07/23 05:24:02 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -33,6 +33,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <signal.h>
@@ -88,26 +89,39 @@
  * SSH2 key exchange
  */
 
-u_char *session_id2 = NULL;
-u_int session_id2_len = 0;
-
-char *xxx_host;
-struct sockaddr *xxx_hostaddr;
+static char *xxx_host;
+static struct sockaddr *xxx_hostaddr;
+static const struct ssh_conn_info *xxx_conn_info;
 
 static int
 verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
 {
-	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
+	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey,
+	    xxx_conn_info) == -1)
 		fatal("Host key verification failed.");
 	return 0;
 }
 
+/* Returns the first item from a comma-separated algorithm list */
 static char *
-order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+first_alg(const char *algs)
 {
-	char *oavail, *avail, *first, *last, *alg, *hostname, *ret;
+	char *ret, *cp;
+
+	ret = xstrdup(algs);
+	if ((cp = strchr(ret, ',')) != NULL)
+		*cp = '\0';
+	return ret;
+}
+
+static char *
+order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port,
+    const struct ssh_conn_info *cinfo)
+{
+	char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL;
+	char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL;
 	size_t maxlen;
-	struct hostkeys *hostkeys;
+	struct hostkeys *hostkeys = NULL;
 	int ktype;
 	u_int i;
 
@@ -115,10 +129,36 @@
 	get_hostfile_hostname_ipaddr(host, hostaddr, port, &hostname, NULL);
 	hostkeys = init_hostkeys();
 	for (i = 0; i < options.num_user_hostfiles; i++)
-		load_hostkeys(hostkeys, hostname, options.user_hostfiles[i]);
-	for (i = 0; i < options.num_system_hostfiles; i++)
-		load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]);
+		load_hostkeys(hostkeys, hostname, options.user_hostfiles[i], 0);
+	for (i = 0; i < options.num_system_hostfiles; i++) {
+		load_hostkeys(hostkeys, hostname,
+		    options.system_hostfiles[i], 0);
+	}
+	if (options.known_hosts_command != NULL) {
+		load_hostkeys_command(hostkeys, options.known_hosts_command,
+		    "ORDER", cinfo, NULL, host);
+	}
+	/*
+	 * If a plain public key exists that matches the type of the best
+	 * preference HostkeyAlgorithms, then use the whole list as is.
+	 * Note that we ignore whether the best preference algorithm is a
+	 * certificate type, as sshconnect.c will downgrade certs to
+	 * plain keys if necessary.
+	 */
+	best = first_alg(options.hostkeyalgorithms);
+	if (lookup_key_in_hostkeys_by_type(hostkeys,
+	    sshkey_type_plain(sshkey_type_from_name(best)),
+	    sshkey_ecdsa_nid_from_name(best), NULL)) {
+		debug3_f("have matching best-preference key type %s, "
+		    "using HostkeyAlgorithms verbatim", best);
+		ret = xstrdup(options.hostkeyalgorithms);
+		goto out;
+	}
 
+	/*
+	 * Otherwise, prefer the host key algorithms that match known keys
+	 * while keeping the ordering of HostkeyAlgorithms as much as possible.
+	 */
 	oavail = avail = xstrdup(options.hostkeyalgorithms);
 	maxlen = strlen(avail) + 1;
 	first = xmalloc(maxlen);
@@ -134,19 +174,35 @@
 
 	while ((alg = strsep(&avail, ",")) && *alg != '\0') {
 		if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
-			fatal("%s: unknown alg %s", __func__, alg);
-		if (lookup_key_in_hostkeys_by_type(hostkeys,
-		    sshkey_type_plain(ktype), NULL))
+			fatal_f("unknown alg %s", alg);
+		/*
+		 * If we have a @cert-authority marker in known_hosts then
+		 * prefer all certificate algorithms.
+		 */
+		if (sshkey_type_is_cert(ktype) &&
+		    lookup_marker_in_hostkeys(hostkeys, MRK_CA)) {
 			ALG_APPEND(first, alg);
-		else
-			ALG_APPEND(last, alg);
+			continue;
+		}
+		/* If the key appears in known_hosts then prefer it */
+		if (lookup_key_in_hostkeys_by_type(hostkeys,
+		    sshkey_type_plain(ktype),
+		    sshkey_ecdsa_nid_from_name(alg), NULL)) {
+			ALG_APPEND(first, alg);
+			continue;
+		}
+		/* Otherwise, put it last */
+		ALG_APPEND(last, alg);
 	}
 #undef ALG_APPEND
 	xasprintf(&ret, "%s%s%s", first,
 	    (*first == '\0' || *last == '\0') ? "" : ",", last);
 	if (*first != '\0')
-		debug3("%s: prefer hostkeyalgs: %s", __func__, first);
-
+		debug3_f("prefer hostkeyalgs: %s", first);
+	else
+		debug3_f("no algorithms matched; accept original");
+ out:
+	free(best);
 	free(first);
 	free(last);
 	free(hostname);
@@ -157,7 +213,8 @@
 }
 
 void
-ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
+    const struct ssh_conn_info *cinfo)
 {
 	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 	char *s, *all_key;
@@ -165,6 +222,7 @@
 
 	xxx_host = host;
 	xxx_hostaddr = hostaddr;
+	xxx_conn_info = cinfo;
 
 	/*
 	 * If the user has not specified HostkeyAlgorithms, or has only
@@ -178,18 +236,18 @@
 
 	/* Expand or fill in HostkeyAlgorithms */
 	all_key = sshkey_alg_list(0, 0, 1, ',');
-	if (kex_assemble_names(&options.hostkeyalgorithms,
-	    kex_default_pk_alg(), all_key) != 0)
-		fatal("%s: kex_assemble_namelist", __func__);
+	if ((r = kex_assemble_names(&options.hostkeyalgorithms,
+	    kex_default_pk_alg(), all_key)) != 0)
+		fatal_fr(r, "kex_assemble_namelist");
 	free(all_key);
 
 	if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL)
-		fatal("%s: kex_names_cat", __func__);
-	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s);
+		fatal_f("kex_names_cat");
+	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s);
 	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
-	    compat_cipher_proposal(options.ciphers);
+	    compat_cipher_proposal(ssh, options.ciphers);
 	myproposal[PROPOSAL_ENC_ALGS_STOC] =
-	    compat_cipher_proposal(options.ciphers);
+	    compat_cipher_proposal(ssh, options.ciphers);
 	myproposal[PROPOSAL_COMP_ALGS_CTOS] =
 	    myproposal[PROPOSAL_COMP_ALGS_STOC] =
 	    (char *)compression_alg_list(options.compression);
@@ -198,12 +256,12 @@
 	if (use_known_hosts_order) {
 		/* Query known_hosts and prefer algorithms that appear there */
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
-		    compat_pkalg_proposal(
-		    order_hostkeyalgs(host, hostaddr, port));
+		    compat_pkalg_proposal(ssh,
+		    order_hostkeyalgs(host, hostaddr, port, cinfo));
 	} else {
 		/* Use specified HostkeyAlgorithms exactly */
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
-		    compat_pkalg_proposal(options.hostkeyalgorithms);
+		    compat_pkalg_proposal(ssh, options.hostkeyalgorithms);
 	}
 
 	if (options.rekey_limit || options.rekey_interval)
@@ -212,7 +270,7 @@
 
 	/* start key exchange */
 	if ((r = kex_setup(ssh, myproposal)) != 0)
-		fatal("kex_setup: %s", ssh_err(r));
+		fatal_r(r, "kex_setup");
 #ifdef WITH_OPENSSL
 	ssh->kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_client;
 	ssh->kex->kex[KEX_DH_GRP14_SHA1] = kex_gen_client;
@@ -226,19 +284,16 @@
 # endif
 #endif
 	ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client;
-	ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client;
+	ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client;
 	ssh->kex->verify_host_key=&verify_host_key_callback;
 
 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &ssh->kex->done);
 
 	/* remove ext-info from the KEX proposals for rekeying */
 	myproposal[PROPOSAL_KEX_ALGS] =
-	    compat_kex_proposal(options.kex_algorithms);
+	    compat_kex_proposal(ssh, options.kex_algorithms);
 	if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0)
-		fatal("kex_prop2buf: %s", ssh_err(r));
-
-	session_id2 = ssh->kex->session_id;
-	session_id2_len = ssh->kex->session_id_len;
+		fatal_r(r, "kex_prop2buf");
 
 #ifdef DEBUG_KEXDH
 	/* send 1st encrypted/maced/compressed message */
@@ -246,7 +301,7 @@
 	    (r = sshpkt_put_cstring(ssh, "markus")) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0 ||
 	    (r = ssh_packet_write_wait(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 #endif
 }
 
@@ -387,8 +442,6 @@
 	Authctxt authctxt;
 	int r;
 
-	if (options.challenge_response_authentication)
-		options.kbd_interactive_authentication = 1;
 	if (options.preferred_authentications == NULL)
 		options.preferred_authentications = authmethods_get();
 
@@ -414,14 +467,13 @@
 	authctxt.agent_fd = -1;
 	pubkey_prepare(&authctxt);
 	if (authctxt.method == NULL) {
-		fatal("%s: internal error: cannot send userauth none request",
-		    __func__);
+		fatal_f("internal error: cannot send userauth none request");
 	}
 
 	if ((r = sshpkt_start(ssh, SSH2_MSG_SERVICE_REQUEST)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, "ssh-userauth")) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 
 	ssh->authctxt = &authctxt;
 	ssh_dispatch_init(ssh, &input_userauth_error);
@@ -435,7 +487,14 @@
 
 	if (!authctxt.success)
 		fatal("Authentication failed.");
-	debug("Authentication succeeded (%s).", authctxt.method->name);
+	if (ssh_packet_connection_is_on_socket(ssh)) {
+		verbose("Authenticated to %s ([%s]:%d) using \"%s\".", host,
+		    ssh_remote_ipaddr(ssh), ssh_remote_port(ssh),
+		    authctxt.method->name);
+	} else {
+		verbose("Authenticated to %s (via proxy) using \"%s\".", host,
+		    authctxt.method->name);
+	}
 }
 
 /* ARGSUSED */
@@ -519,7 +578,7 @@
 static int
 input_userauth_error(int type, u_int32_t seq, struct ssh *ssh)
 {
-	fatal("%s: bad message during authentication: type %d", __func__, type);
+	fatal_f("bad message during authentication: type %d", type);
 	return 0;
 }
 
@@ -531,7 +590,7 @@
 	size_t len;
 	int r;
 
-	debug3("%s", __func__);
+	debug3_f("entering");
 	if ((r = sshpkt_get_cstring(ssh, &msg, &len)) != 0 ||
 	    (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0)
 		goto out;
@@ -550,7 +609,7 @@
 	Authctxt *authctxt = ssh->authctxt;
 
 	if (authctxt == NULL)
-		fatal("%s: no authentication context", __func__);
+		fatal_f("no authentication context");
 	free(authctxt->authlist);
 	authctxt->authlist = NULL;
 	if (authctxt->method != NULL && authctxt->method->cleanup != NULL)
@@ -568,7 +627,7 @@
 	Authctxt *authctxt = ssh->authctxt;
 
 	if (authctxt == NULL)
-		fatal("%s: no authentication context", __func__);
+		fatal_f("no authentication context");
 
 	fatal("Unexpected authentication success during %s.",
 	    authctxt->method->name);
@@ -593,7 +652,8 @@
 		goto out;
 
 	if (partial != 0) {
-		verbose("Authenticated with partial success.");
+		verbose("Authenticated using \"%s\" with partial success.",
+		    authctxt->method->name);
 		/* reset state */
 		pubkey_reset(authctxt);
 	}
@@ -617,7 +677,7 @@
 	const char *note = "";
 
 	if (id->key != NULL) {
-	     fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
+		fp = sshkey_fingerprint(id->key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT);
 	}
 	if (id->key) {
@@ -658,11 +718,11 @@
 		goto done;
 
 	if ((pktype = sshkey_type_from_name(pkalg)) == KEY_UNSPEC) {
-		debug("%s: server sent unknown pkalg %s", __func__, pkalg);
+		debug_f("server sent unknown pkalg %s", pkalg);
 		goto done;
 	}
 	if ((r = sshkey_from_blob(pkblob, blen, &key)) != 0) {
-		debug("no key from blob. pkalg %s: %s", pkalg, ssh_err(r));
+		debug_r(r, "no key from blob. pkalg %s", pkalg);
 		goto done;
 	}
 	if (key->type != pktype) {
@@ -686,7 +746,7 @@
 	if (!found || id == NULL) {
 		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT);
-		error("%s: server replied with unknown key: %s %s", __func__,
+		error_f("server replied with unknown key: %s %s",
 		    sshkey_type(key), fp == NULL ? "<ERROR>" : fp);
 		goto done;
 	}
@@ -752,7 +812,7 @@
 	    (r = sshpkt_put_u8(ssh, mech->length)) != 0 ||
 	    (r = sshpkt_put(ssh, mech->elements, mech->length)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 
 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_RESPONSE, &input_gssapi_response);
 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_GSSAPI_TOKEN, &input_gssapi_token);
@@ -800,7 +860,7 @@
 		    (r = sshpkt_put_string(ssh, send_tok.value,
 		    send_tok.length)) != 0 ||
 		    (r = sshpkt_send(ssh)) != 0)
-			fatal("%s: %s", __func__, ssh_err(r));
+			fatal_fr(r, "send %u packet", type);
 
 		gss_release_buffer(&ms, &send_tok);
 	}
@@ -811,17 +871,18 @@
 			if ((r = sshpkt_start(ssh,
 			    SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE)) != 0 ||
 			    (r = sshpkt_send(ssh)) != 0)
-				fatal("%s: %s", __func__, ssh_err(r));
+				fatal_fr(r, "send completion");
 		} else {
 			struct sshbuf *b;
 
 			if ((b = sshbuf_new()) == NULL)
-				fatal("%s: sshbuf_new failed", __func__);
+				fatal_f("sshbuf_new failed");
 			ssh_gssapi_buildmic(b, authctxt->server_user,
-			    authctxt->service, "gssapi-with-mic");
+			    authctxt->service, "gssapi-with-mic",
+			    ssh->kex->session_id);
 
 			if ((gssbuf.value = sshbuf_mutable_ptr(b)) == NULL)
-				fatal("%s: sshbuf_mutable_ptr failed", __func__);
+				fatal_f("sshbuf_mutable_ptr failed");
 			gssbuf.length = sshbuf_len(b);
 
 			status = ssh_gssapi_sign(gssctxt, &gssbuf, &mic);
@@ -832,7 +893,7 @@
 				    (r = sshpkt_put_string(ssh, mic.value,
 				    mic.length)) != 0 ||
 				    (r = sshpkt_send(ssh)) != 0)
-					fatal("%s: %s", __func__, ssh_err(r));
+					fatal_fr(r, "send MIC");
 			}
 
 			sshbuf_free(b);
@@ -990,7 +1051,7 @@
 	    (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 	return 1;
 }
 
@@ -1019,7 +1080,7 @@
 	    (r = sshpkt_put_cstring(ssh, password)) != 0 ||
 	    (r = sshpkt_add_padding(ssh, 64)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 
 	free(prompt);
 	if (password != NULL)
@@ -1120,6 +1181,7 @@
 key_sig_algorithm(struct ssh *ssh, const struct sshkey *key)
 {
 	char *allowed, *oallowed, *cp, *tmp, *alg = NULL;
+	const char *server_sig_algs;
 
 	/*
 	 * The signature algorithm will only differ from the key algorithm
@@ -1128,23 +1190,32 @@
 	 */
 	if (ssh == NULL || ssh->kex->server_sig_algs == NULL ||
 	    (key->type != KEY_RSA && key->type != KEY_RSA_CERT) ||
-	    (key->type == KEY_RSA_CERT && (datafellows & SSH_BUG_SIGTYPE))) {
+	    (key->type == KEY_RSA_CERT && (ssh->compat & SSH_BUG_SIGTYPE))) {
 		/* Filter base key signature alg against our configuration */
 		return match_list(sshkey_ssh_name(key),
-		    options.pubkey_key_types, NULL);
+		    options.pubkey_accepted_algos, NULL);
 	}
 
 	/*
+	 * Workaround OpenSSH 7.4 bug: this version supports RSA/SHA-2 but
+	 * fails to advertise it via SSH2_MSG_EXT_INFO.
+	 */
+	server_sig_algs = ssh->kex->server_sig_algs;
+	if (key->type == KEY_RSA && (ssh->compat & SSH_BUG_SIGTYPE74))
+		server_sig_algs = "rsa-sha2-256,rsa-sha2-512";
+
+	/*
 	 * For RSA keys/certs, since these might have a different sig type:
-	 * find the first entry in PubkeyAcceptedKeyTypes of the right type
+	 * find the first entry in PubkeyAcceptedAlgorithms of the right type
 	 * that also appears in the supported signature algorithms list from
 	 * the server.
 	 */
-	oallowed = allowed = xstrdup(options.pubkey_key_types);
+	oallowed = allowed = xstrdup(options.pubkey_accepted_algos);
 	while ((cp = strsep(&allowed, ",")) != NULL) {
 		if (sshkey_type_from_name(cp) != key->type)
 			continue;
-		tmp = match_list(sshkey_sigalg_by_name(cp), ssh->kex->server_sig_algs, NULL);
+		tmp = match_list(sshkey_sigalg_by_name(cp),
+		    server_sig_algs, NULL);
 		if (tmp != NULL)
 			alg = xstrdup(cp);
 		free(tmp);
@@ -1160,9 +1231,9 @@
     const u_char *data, size_t datalen, u_int compat, const char *alg)
 {
 	struct sshkey *sign_key = NULL, *prv = NULL;
-	int r = SSH_ERR_INTERNAL_ERROR;
+	int retried = 0, r = SSH_ERR_INTERNAL_ERROR;
 	struct notifier_ctx *notifier = NULL;
-	char *fp = NULL;
+	char *fp = NULL, *pin = NULL, *prompt = NULL;
 
 	*sigp = NULL;
 	*lenp = 0;
@@ -1185,41 +1256,61 @@
 		if ((prv = load_identity_file(id)) == NULL)
 			return SSH_ERR_KEY_NOT_FOUND;
 		if (id->key != NULL && !sshkey_equal_public(prv, id->key)) {
-			error("%s: private key %s contents do not match public",
-			   __func__, id->filename);
+			error_f("private key %s contents do not match public",
+			    id->filename);
 			r = SSH_ERR_KEY_NOT_FOUND;
 			goto out;
 		}
 		sign_key = prv;
-		if (sshkey_is_sk(sign_key) &&
-		    (sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
-			/* XXX match batch mode should just skip these keys? */
-			if ((fp = sshkey_fingerprint(sign_key,
-			    options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
-				fatal("%s: sshkey_fingerprint", __func__);
-			notifier = notify_start(options.batch_mode,
-			    "Confirm user presence for key %s %s",
-			    sshkey_type(sign_key), fp);
-			free(fp);
+		if (sshkey_is_sk(sign_key)) {
+			if ((sign_key->sk_flags &
+			    SSH_SK_USER_VERIFICATION_REQD)) {
+ retry_pin:
+				xasprintf(&prompt, "Enter PIN for %s key %s: ",
+				    sshkey_type(sign_key), id->filename);
+				pin = read_passphrase(prompt, 0);
+			}
+			if ((sign_key->sk_flags & SSH_SK_USER_PRESENCE_REQD)) {
+				/* XXX should batch mode just skip these? */
+				if ((fp = sshkey_fingerprint(sign_key,
+				    options.fingerprint_hash,
+				    SSH_FP_DEFAULT)) == NULL)
+					fatal_f("fingerprint failed");
+				notifier = notify_start(options.batch_mode,
+				    "Confirm user presence for key %s %s",
+				    sshkey_type(sign_key), fp);
+				free(fp);
+			}
 		}
 	}
 	if ((r = sshkey_sign(sign_key, sigp, lenp, data, datalen,
-	    alg, options.sk_provider, compat)) != 0) {
-		debug("%s: sshkey_sign: %s", __func__, ssh_err(r));
+	    alg, options.sk_provider, pin, compat)) != 0) {
+		debug_fr(r, "sshkey_sign");
+		if (pin == NULL && !retried && sshkey_is_sk(sign_key) &&
+		    r == SSH_ERR_KEY_WRONG_PASSPHRASE) {
+			notify_complete(notifier, NULL);
+			notifier = NULL;
+			retried = 1;
+			goto retry_pin;
+		}
 		goto out;
 	}
+
 	/*
 	 * PKCS#11 tokens may not support all signature algorithms,
 	 * so check what we get back.
 	 */
 	if ((r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) {
-		debug("%s: sshkey_check_sigtype: %s", __func__, ssh_err(r));
+		debug_fr(r, "sshkey_check_sigtype");
 		goto out;
 	}
 	/* success */
 	r = 0;
  out:
-	notify_complete(notifier);
+	free(prompt);
+	if (pin != NULL)
+		freezero(pin, strlen(pin));
+	notify_complete(notifier, r == 0 ? "User presence confirmed" : NULL);
 	sshkey_free(prv);
 	return r;
 }
@@ -1259,7 +1350,7 @@
 	    SSH_FP_DEFAULT)) == NULL)
 		return 0;
 
-	debug3("%s: %s %s", __func__, sshkey_type(id->key), fp);
+	debug3_f("%s %s", sshkey_type(id->key), fp);
 
 	/*
 	 * If the key is an certificate, try to find a matching private key
@@ -1296,12 +1387,12 @@
 			}
 		}
 		if (sign_id != NULL) {
-			debug2("%s: using private key \"%s\"%s for "
-			    "certificate", __func__, id->filename,
-			    id->agent_fd != -1 ? " from agent" : "");
+			debug2_f("using private key \"%s\"%s for "
+			    "certificate", sign_id->filename,
+			    sign_id->agent_fd != -1 ? " from agent" : "");
 		} else {
-			debug("%s: no separate private key for certificate "
-			    "\"%s\"", __func__, id->filename);
+			debug_f("no separate private key for certificate "
+			    "\"%s\"", id->filename);
 		}
 	}
 
@@ -1319,26 +1410,21 @@
 		signature = NULL;
 		if ((alg = key_sig_algorithm(fallback_sigtype ? NULL : ssh,
 		    id->key)) == NULL) {
-			error("%s: no mutual signature supported", __func__);
+			error_f("no mutual signature supported");
 			goto out;
 		}
-		debug3("%s: signing using %s %s", __func__, alg, fp);
+		debug3_f("signing using %s %s", alg, fp);
 
 		sshbuf_free(b);
 		if ((b = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new failed", __func__);
-		if (datafellows & SSH_OLD_SESSIONID) {
-			if ((r = sshbuf_put(b, session_id2,
-			    session_id2_len)) != 0) {
-				fatal("%s: sshbuf_put: %s",
-				    __func__, ssh_err(r));
-			}
+			fatal_f("sshbuf_new failed");
+		if (ssh->compat & SSH_OLD_SESSIONID) {
+			if ((r = sshbuf_putb(b, ssh->kex->session_id)) != 0)
+				fatal_fr(r, "sshbuf_putb");
 		} else {
-			if ((r = sshbuf_put_string(b, session_id2,
-			    session_id2_len)) != 0) {
-				fatal("%s: sshbuf_put_string: %s",
-				    __func__, ssh_err(r));
-			}
+			if ((r = sshbuf_put_stringb(b,
+			    ssh->kex->session_id)) != 0)
+				fatal_fr(r, "sshbuf_put_stringb");
 		}
 		skip = sshbuf_len(b);
 		if ((r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
@@ -1348,13 +1434,12 @@
 		    (r = sshbuf_put_u8(b, 1)) != 0 ||
 		    (r = sshbuf_put_cstring(b, alg)) != 0 ||
 		    (r = sshkey_puts(id->key, b)) != 0) {
-			fatal("%s: assemble signed data: %s",
-			    __func__, ssh_err(r));
+			fatal_fr(r, "assemble signed data");
 		}
 
 		/* generate signature */
 		r = identity_sign(sign_id, &signature, &slen,
-		    sshbuf_ptr(b), sshbuf_len(b), datafellows, alg);
+		    sshbuf_ptr(b), sshbuf_len(b), ssh->compat, alg);
 		if (r == 0)
 			break;
 		else if (r == SSH_ERR_KEY_NOT_FOUND)
@@ -1369,30 +1454,30 @@
 			    loc, sshkey_type(id->key), fp);
 			continue;
 		}
-		error("%s: signing failed for %s \"%s\"%s: %s", __func__,
+		error_fr(r, "signing failed for %s \"%s\"%s",
 		    sshkey_type(sign_id->key), sign_id->filename,
-		    id->agent_fd != -1 ? " from agent" : "", ssh_err(r));
+		    id->agent_fd != -1 ? " from agent" : "");
 		goto out;
 	}
 	if (slen == 0 || signature == NULL) /* shouldn't happen */
-		fatal("%s: no signature", __func__);
+		fatal_f("no signature");
 
 	/* append signature */
 	if ((r = sshbuf_put_string(b, signature, slen)) != 0)
-		fatal("%s: append signature: %s", __func__, ssh_err(r));
+		fatal_fr(r, "append signature");
 
 #ifdef DEBUG_PK
 	sshbuf_dump(b, stderr);
 #endif
 	/* skip session id and packet type */
 	if ((r = sshbuf_consume(b, skip + 1)) != 0)
-		fatal("%s: consume: %s", __func__, ssh_err(r));
+		fatal_fr(r, "consume");
 
 	/* put remaining data from buffer into packet */
 	if ((r = sshpkt_start(ssh, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 	    (r = sshpkt_putb(ssh, b)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: enqueue request: %s", __func__, ssh_err(r));
+		fatal_fr(r, "enqueue request");
 
 	/* success */
 	sent = 1;
@@ -1416,13 +1501,13 @@
 	int sent = 0, r;
 
 	if ((alg = key_sig_algorithm(ssh, id->key)) == NULL) {
-		debug("%s: no mutual signature algorithm", __func__);
+		debug_f("no mutual signature algorithm");
 		goto out;
 	}
 
 	if ((r = sshkey_to_blob(id->key, &blob, &bloblen)) != 0) {
 		/* we cannot handle this key */
-		debug3("%s: cannot handle key", __func__);
+		debug3_f("cannot handle key");
 		goto out;
 	}
 	/* register callback for USERAUTH_PK_OK message */
@@ -1436,7 +1521,7 @@
 	    (r = sshpkt_put_cstring(ssh, alg)) != 0 ||
 	    (r = sshpkt_put_string(ssh, blob, bloblen)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 	sent = 1;
 
  out:
@@ -1454,8 +1539,9 @@
 	struct stat st;
 
 	if (stat(id->filename, &st) == -1) {
-		(id->userprovided ? logit : debug3)("no such identity: %s: %s",
-		    id->filename, strerror(errno));
+		do_log2(id->userprovided ?
+		    SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_DEBUG3,
+		    "no such identity: %s: %s", id->filename, strerror(errno));
 		return NULL;
 	}
 	snprintf(prompt, sizeof prompt,
@@ -1485,14 +1571,13 @@
 			break;
 		case SSH_ERR_SYSTEM_ERROR:
 			if (errno == ENOENT) {
-				debug2("Load key \"%s\": %s",
-				    id->filename, ssh_err(r));
+				debug2_r(r, "Load key \"%s\"", id->filename);
 				quit = 1;
 				break;
 			}
 			/* FALLTHROUGH */
 		default:
-			error("Load key \"%s\": %s", id->filename, ssh_err(r));
+			error_r(r, "Load key \"%s\"", id->filename);
 			quit = 1;
 			break;
 		}
@@ -1521,25 +1606,25 @@
 key_type_allowed_by_config(struct sshkey *key)
 {
 	if (match_pattern_list(sshkey_ssh_name(key),
-	    options.pubkey_key_types, 0) == 1)
+	    options.pubkey_accepted_algos, 0) == 1)
 		return 1;
 
 	/* RSA keys/certs might be allowed by alternate signature types */
 	switch (key->type) {
 	case KEY_RSA:
 		if (match_pattern_list("rsa-sha2-512",
-		    options.pubkey_key_types, 0) == 1)
+		    options.pubkey_accepted_algos, 0) == 1)
 			return 1;
 		if (match_pattern_list("rsa-sha2-256",
-		    options.pubkey_key_types, 0) == 1)
+		    options.pubkey_accepted_algos, 0) == 1)
 			return 1;
 		break;
 	case KEY_RSA_CERT:
 		if (match_pattern_list("rsa-sha2-512-cert-v01@openssh.com",
-		    options.pubkey_key_types, 0) == 1)
+		    options.pubkey_accepted_algos, 0) == 1)
 			return 1;
 		if (match_pattern_list("rsa-sha2-256-cert-v01@openssh.com",
-		    options.pubkey_key_types, 0) == 1)
+		    options.pubkey_accepted_algos, 0) == 1)
 			return 1;
 		break;
 	}
@@ -1549,8 +1634,8 @@
 
 /*
  * try keys in the following order:
- * 	1. certificates listed in the config file
- * 	2. other input certificates
+ *	1. certificates listed in the config file
+ *	2. other input certificates
  *	3. agent keys that are found in the config file
  *	4. other agent keys
  *	5. keys that are only listed in the config file
@@ -1576,15 +1661,14 @@
 		key = options.identity_keys[i];
 		if (key && key->cert &&
 		    key->cert->type != SSH2_CERT_TYPE_USER) {
-			debug("%s: ignoring certificate %s: not a user "
-			    "certificate",  __func__,
-			    options.identity_files[i]);
+			debug_f("ignoring certificate %s: not a user "
+			    "certificate", options.identity_files[i]);
 			continue;
 		}
 		if (key && sshkey_is_sk(key) && options.sk_provider == NULL) {
-			debug("%s: ignoring authenticator-hosted key %s as no "
+			debug_f("ignoring authenticator-hosted key %s as no "
 			    "SecurityKeyProvider has been specified",
-			    __func__, options.identity_files[i]);
+			    options.identity_files[i]);
 			continue;
 		}
 		options.identity_keys[i] = NULL;
@@ -1600,16 +1684,15 @@
 		key = options.certificates[i];
 		if (!sshkey_is_cert(key) || key->cert == NULL ||
 		    key->cert->type != SSH2_CERT_TYPE_USER) {
-			debug("%s: ignoring certificate %s: not a user "
-			    "certificate",  __func__,
-			    options.identity_files[i]);
+			debug_f("ignoring certificate %s: not a user "
+			    "certificate", options.identity_files[i]);
 			continue;
 		}
 		if (key && sshkey_is_sk(key) && options.sk_provider == NULL) {
-			debug("%s: ignoring authenticator-hosted key "
+			debug_f("ignoring authenticator-hosted key "
 			    "certificate %s as no "
 			    "SecurityKeyProvider has been specified",
-			    __func__, options.identity_files[i]);
+			    options.identity_files[i]);
 			continue;
 		}
 		id = xcalloc(1, sizeof(*id));
@@ -1622,12 +1705,10 @@
 	/* list of keys supported by the agent */
 	if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) {
 		if (r != SSH_ERR_AGENT_NOT_PRESENT)
-			debug("%s: ssh_get_authentication_socket: %s",
-			    __func__, ssh_err(r));
+			debug_fr(r, "ssh_get_authentication_socket");
 	} else if ((r = ssh_fetch_identitylist(agent_fd, &idlist)) != 0) {
 		if (r != SSH_ERR_AGENT_NO_IDENTITIES)
-			debug("%s: ssh_fetch_identitylist: %s",
-			    __func__, ssh_err(r));
+			debug_fr(r, "ssh_fetch_identitylist");
 		close(agent_fd);
 	} else {
 		for (j = 0; j < idlist->nkeys; j++) {
@@ -1658,10 +1739,7 @@
 		}
 		ssh_free_identitylist(idlist);
 		/* append remaining agent keys */
-		for (id = TAILQ_FIRST(&agent); id; id = TAILQ_FIRST(&agent)) {
-			TAILQ_REMOVE(&agent, id, next);
-			TAILQ_INSERT_TAIL(preferred, id, next);
-		}
+		TAILQ_CONCAT(preferred, &agent, next);
 		authctxt->agent_fd = agent_fd;
 	}
 	/* Prefer PKCS11 keys that are explicitly listed */
@@ -1687,15 +1765,12 @@
 		}
 	}
 	/* append remaining keys from the config file */
-	for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) {
-		TAILQ_REMOVE(&files, id, next);
-		TAILQ_INSERT_TAIL(preferred, id, next);
-	}
-	/* finally, filter by PubkeyAcceptedKeyTypes */
+	TAILQ_CONCAT(preferred, &files, next);
+	/* finally, filter by PubkeyAcceptedAlgorithms */
 	TAILQ_FOREACH_SAFE(id, preferred, next, id2) {
 		if (id->key != NULL && !key_type_allowed_by_config(id->key)) {
 			debug("Skipping %s key %s - "
-			    "not in PubkeyAcceptedKeyTypes",
+			    "corresponding algo not in PubkeyAcceptedAlgorithms",
 			    sshkey_ssh_name(id->key), id->filename);
 			TAILQ_REMOVE(preferred, id, next);
 			sshkey_free(id->key);
@@ -1710,7 +1785,7 @@
 		debug("Will attempt key: %s", ident);
 		free(ident);
 	}
-	debug2("%s: done", __func__);
+	debug2_f("done");
 }
 
 static void
@@ -1742,12 +1817,12 @@
 }
 
 static int
-try_identity(Identity *id)
+try_identity(struct ssh *ssh, Identity *id)
 {
 	if (!id->key)
 		return (0);
 	if (sshkey_type_plain(id->key->type) == KEY_RSA &&
-	    (datafellows & SSH_BUG_RSASIGMD5) != 0) {
+	    (ssh->compat & SSH_BUG_RSASIGMD5) != 0) {
 		debug("Skipped %s key %s for RSA/MD5 server",
 		    sshkey_type(id->key), id->filename);
 		return (0);
@@ -1775,7 +1850,7 @@
 		 * private key instead
 		 */
 		if (id->key != NULL) {
-			if (try_identity(id)) {
+			if (try_identity(ssh, id)) {
 				ident = format_identity(id);
 				debug("Offering public key: %s", ident);
 				free(ident);
@@ -1785,7 +1860,7 @@
 			debug("Trying private key: %s", id->filename);
 			id->key = load_identity_file(id);
 			if (id->key != NULL) {
-				if (try_identity(id)) {
+				if (try_identity(ssh, id)) {
 					id->isprivate = 1;
 					sent = sign_and_send_pubkey(ssh, id);
 				}
@@ -1827,7 +1902,7 @@
 	    (r = sshpkt_put_cstring(ssh, options.kbd_interactive_devices ?
 	    options.kbd_interactive_devices : "")) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0)
-		fatal("%s: %s", __func__, ssh_err(r));
+		fatal_fr(r, "send packet");
 
 	ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_INFO_REQUEST, &input_userauth_info_req);
 	return 1;
@@ -1841,15 +1916,15 @@
 {
 	Authctxt *authctxt = ssh->authctxt;
 	char *name = NULL, *inst = NULL, *lang = NULL, *prompt = NULL;
-	char *response = NULL;
+	char *display_prompt = NULL, *response = NULL;
 	u_char echo = 0;
 	u_int num_prompts, i;
 	int r;
 
-	debug2("input_userauth_info_req");
+	debug2_f("entering");
 
 	if (authctxt == NULL)
-		fatal("input_userauth_info_req: no authentication context");
+		fatal_f("no authentication context");
 
 	authctxt->info_req_seen = 1;
 
@@ -1874,17 +1949,22 @@
 	    (r = sshpkt_put_u32(ssh, num_prompts)) != 0)
 		goto out;
 
-	debug2("input_userauth_info_req: num_prompts %d", num_prompts);
+	debug2_f("num_prompts %d", num_prompts);
 	for (i = 0; i < num_prompts; i++) {
 		if ((r = sshpkt_get_cstring(ssh, &prompt, NULL)) != 0 ||
 		    (r = sshpkt_get_u8(ssh, &echo)) != 0)
 			goto out;
-		response = read_passphrase(prompt, echo ? RP_ECHO : 0);
+		if (asmprintf(&display_prompt, INT_MAX, NULL, "(%s@%s) %s",
+		    authctxt->server_user, options.host_key_alias ?
+		    options.host_key_alias : authctxt->host, prompt) == -1)
+			fatal_f("asmprintf failed");
+		response = read_passphrase(display_prompt, echo ? RP_ECHO : 0);
 		if ((r = sshpkt_put_cstring(ssh, response)) != 0)
 			goto out;
 		freezero(response, strlen(response));
 		free(prompt);
-		response = prompt = NULL;
+		free(display_prompt);
+		display_prompt = response = prompt = NULL;
 	}
 	/* done with parsing incoming message. */
 	if ((r = sshpkt_get_end(ssh)) != 0 ||
@@ -1895,6 +1975,7 @@
 	if (response)
 		freezero(response, strlen(response));
 	free(prompt);
+	free(display_prompt);
 	free(name);
 	free(inst);
 	free(lang);
@@ -1917,46 +1998,46 @@
 	*lenp = 0;
 
 	if (stat(_PATH_SSH_KEY_SIGN, &st) == -1) {
-		error("%s: not installed: %s", __func__, strerror(errno));
+		error_f("not installed: %s", strerror(errno));
 		return -1;
 	}
 	if (fflush(stdout) != 0) {
-		error("%s: fflush: %s", __func__, strerror(errno));
+		error_f("fflush: %s", strerror(errno));
 		return -1;
 	}
 	if (pipe(to) == -1) {
-		error("%s: pipe: %s", __func__, strerror(errno));
+		error_f("pipe: %s", strerror(errno));
 		return -1;
 	}
 	if (pipe(from) == -1) {
-		error("%s: pipe: %s", __func__, strerror(errno));
+		error_f("pipe: %s", strerror(errno));
 		return -1;
 	}
 	if ((pid = fork()) == -1) {
-		error("%s: fork: %s", __func__, strerror(errno));
+		error_f("fork: %s", strerror(errno));
 		return -1;
 	}
 	osigchld = ssh_signal(SIGCHLD, SIG_DFL);
 	if (pid == 0) {
 		close(from[0]);
 		if (dup2(from[1], STDOUT_FILENO) == -1)
-			fatal("%s: dup2: %s", __func__, strerror(errno));
+			fatal_f("dup2: %s", strerror(errno));
 		close(to[1]);
 		if (dup2(to[0], STDIN_FILENO) == -1)
-			fatal("%s: dup2: %s", __func__, strerror(errno));
+			fatal_f("dup2: %s", strerror(errno));
 		close(from[1]);
 		close(to[0]);
 
 		if (dup2(sock, STDERR_FILENO + 1) == -1)
-			fatal("%s: dup2: %s", __func__, strerror(errno));
+			fatal_f("dup2: %s", strerror(errno));
 		sock = STDERR_FILENO + 1;
 		fcntl(sock, F_SETFD, 0);	/* keep the socket on exec */
 		closefrom(sock + 1);
 
-		debug3("%s: [child] pid=%ld, exec %s",
-		    __func__, (long)getpid(), _PATH_SSH_KEY_SIGN);
+		debug3_f("[child] pid=%ld, exec %s",
+		    (long)getpid(), _PATH_SSH_KEY_SIGN);
 		execl(_PATH_SSH_KEY_SIGN, _PATH_SSH_KEY_SIGN, (char *)NULL);
-		fatal("%s: exec(%s): %s", __func__, _PATH_SSH_KEY_SIGN,
+		fatal_f("exec(%s): %s", _PATH_SSH_KEY_SIGN,
 		    strerror(errno));
 	}
 	close(from[1]);
@@ -1964,49 +2045,47 @@
 	sock = STDERR_FILENO + 1;
 
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	/* send # of sock, data to be signed */
 	if ((r = sshbuf_put_u32(b, sock)) != 0 ||
 	    (r = sshbuf_put_string(b, data, datalen)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "buffer error");
 	if (ssh_msg_send(to[1], version, b) == -1)
-		fatal("%s: couldn't send request", __func__);
+		fatal_f("couldn't send request");
 	sshbuf_reset(b);
 	r = ssh_msg_recv(from[0], b);
 	close(from[0]);
 	close(to[1]);
 	if (r < 0) {
-		error("%s: no reply", __func__);
+		error_f("no reply");
 		goto fail;
 	}
 
 	errno = 0;
 	while (waitpid(pid, &status, 0) == -1) {
 		if (errno != EINTR) {
-			error("%s: waitpid %ld: %s",
-			    __func__, (long)pid, strerror(errno));
+			error_f("waitpid %ld: %s", (long)pid, strerror(errno));
 			goto fail;
 		}
 	}
 	if (!WIFEXITED(status)) {
-		error("%s: exited abnormally", __func__);
+		error_f("exited abnormally");
 		goto fail;
 	}
 	if (WEXITSTATUS(status) != 0) {
-		error("%s: exited with status %d",
-		    __func__, WEXITSTATUS(status));
+		error_f("exited with status %d", WEXITSTATUS(status));
 		goto fail;
 	}
 	if ((r = sshbuf_get_u8(b, &rversion)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "buffer error");
 		goto fail;
 	}
 	if (rversion != version) {
-		error("%s: bad version", __func__);
+		error_f("bad version");
 		goto fail;
 	}
 	if ((r = sshbuf_get_string(b, sigp, lenp)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "buffer error");
  fail:
 		ssh_signal(SIGCHLD, osigchld);
 		sshbuf_free(b);
@@ -2030,12 +2109,12 @@
 	int i, r, success = 0;
 
 	if (authctxt->ktypes == NULL) {
-		authctxt->oktypes = xstrdup(options.hostbased_key_types);
+		authctxt->oktypes = xstrdup(options.hostbased_accepted_algos);
 		authctxt->ktypes = authctxt->oktypes;
 	}
 
 	/*
-	 * Work through each listed type pattern in HostbasedKeyTypes,
+	 * Work through each listed type pattern in HostbasedAcceptedAlgorithms,
 	 * trying each hostkey that matches the type in turn.
 	 */
 	for (;;) {
@@ -2044,8 +2123,7 @@
 		if (authctxt->active_ktype == NULL ||
 		    *authctxt->active_ktype == '\0')
 			break;
-		debug3("%s: trying key type %s", __func__,
-		    authctxt->active_ktype);
+		debug3_f("trying key type %s", authctxt->active_ktype);
 
 		/* check for a useful key */
 		private = NULL;
@@ -2078,42 +2156,41 @@
 
 	if ((fp = sshkey_fingerprint(private, options.fingerprint_hash,
 	    SSH_FP_DEFAULT)) == NULL) {
-		error("%s: sshkey_fingerprint failed", __func__);
+		error_f("sshkey_fingerprint failed");
 		goto out;
 	}
-	debug("%s: trying hostkey %s %s",
-	    __func__, sshkey_ssh_name(private), fp);
+	debug_f("trying hostkey %s %s", sshkey_ssh_name(private), fp);
 
 	/* figure out a name for the client host */
 	lname = get_local_name(ssh_packet_get_connection_in(ssh));
 	if (lname == NULL) {
-		error("%s: cannot get local ipaddr/name", __func__);
+		error_f("cannot get local ipaddr/name");
 		goto out;
 	}
 
 	/* XXX sshbuf_put_stringf? */
 	xasprintf(&chost, "%s.", lname);
-	debug2("%s: chost %s", __func__, chost);
+	debug2_f("chost %s", chost);
 
 	/* construct data */
 	if ((b = sshbuf_new()) == NULL) {
-		error("%s: sshbuf_new failed", __func__);
+		error_f("sshbuf_new failed");
 		goto out;
 	}
 	if ((r = sshkey_to_blob(private, &keyblob, &keylen)) != 0) {
-		error("%s: sshkey_to_blob: %s", __func__, ssh_err(r));
+		error_fr(r, "sshkey_to_blob");
 		goto out;
 	}
-	if ((r = sshbuf_put_string(b, session_id2, session_id2_len)) != 0 ||
+	if ((r = sshbuf_put_stringb(b, ssh->kex->session_id)) != 0 ||
 	    (r = sshbuf_put_u8(b, SSH2_MSG_USERAUTH_REQUEST)) != 0 ||
 	    (r = sshbuf_put_cstring(b, authctxt->server_user)) != 0 ||
 	    (r = sshbuf_put_cstring(b, authctxt->service)) != 0 ||
 	    (r = sshbuf_put_cstring(b, authctxt->method->name)) != 0 ||
-	    (r = sshbuf_put_cstring(b, sshkey_ssh_name(private))) != 0 ||
+	    (r = sshbuf_put_cstring(b, authctxt->active_ktype)) != 0 ||
 	    (r = sshbuf_put_string(b, keyblob, keylen)) != 0 ||
 	    (r = sshbuf_put_cstring(b, chost)) != 0 ||
 	    (r = sshbuf_put_cstring(b, authctxt->local_user)) != 0) {
-		error("%s: buffer error: %s", __func__, ssh_err(r));
+		error_fr(r, "buffer error");
 		goto out;
 	}
 
@@ -2130,13 +2207,13 @@
 	    (r = sshpkt_put_cstring(ssh, authctxt->server_user)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, authctxt->service)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, authctxt->method->name)) != 0 ||
-	    (r = sshpkt_put_cstring(ssh, sshkey_ssh_name(private))) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, authctxt->active_ktype)) != 0 ||
 	    (r = sshpkt_put_string(ssh, keyblob, keylen)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, chost)) != 0 ||
 	    (r = sshpkt_put_cstring(ssh, authctxt->local_user)) != 0 ||
 	    (r = sshpkt_put_string(ssh, sig, siglen)) != 0 ||
 	    (r = sshpkt_send(ssh)) != 0) {
-		error("%s: packet error: %s", __func__, ssh_err(r));
+		error_fr(r, "packet error");
 		goto out;
 	}
 	success = 1;
@@ -2245,17 +2322,16 @@
 	int r;
 
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	for (method = authmethods; method->name != NULL; method++) {
 		if (authmethod_is_enabled(method)) {
 			if ((r = sshbuf_putf(b, "%s%s",
 			    sshbuf_len(b) ? "," : "", method->name)) != 0)
-				fatal("%s: buffer error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "buffer error");
 		}
 	}
 	if ((list = sshbuf_dup_string(b)) == NULL)
-		fatal("%s: sshbuf_dup_string failed", __func__);
+		fatal_f("sshbuf_dup_string failed");
 	sshbuf_free(b);
 	return list;
 }

sshd.8

diff --git a/sshd.8 b/sshd.8
index c5f8987..ef38949 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.312 2020/01/25 06:03:10 djm Exp $
-.Dd $Mdocdate: January 25 2020 $
+.\" $OpenBSD: sshd.8,v 1.317 2021/09/10 11:38:38 dtucker Exp $
+.Dd $Mdocdate: September 10 2021 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -58,8 +58,7 @@
 .Nm
 (OpenSSH Daemon) is the daemon program for
 .Xr ssh 1 .
-Together these programs replace rlogin and rsh,
-and provide secure encrypted communications between two untrusted hosts
+It provides secure encrypted communications between two untrusted hosts
 over an insecure network.
 .Pp
 .Nm
@@ -107,7 +106,7 @@
 .Fl C
 options or as a comma-separated list.
 The keywords are
-.Dq addr,
+.Dq addr ,
 .Dq user ,
 .Dq host ,
 .Dq laddr ,
@@ -135,7 +134,9 @@
 Debug mode.
 The server sends verbose debug output to standard error,
 and does not put itself in the background.
-The server also will not fork and will only process one connection.
+The server also will not
+.Xr fork 2
+and will only process one connection.
 This option is only intended for debugging for the server.
 Multiple
 .Fl d
@@ -302,7 +303,12 @@
 forwarding TCP connections, or forwarding the authentication agent
 connection over the secure channel.
 .Pp
-After this, the client either requests a shell or execution of a command.
+After this, the client either requests an interactive shell or execution
+or a non-interactive command, which
+.Nm
+will execute via the user's shell using its
+.Fl c
+option.
 The sides then enter session mode.
 In this mode, either side may send
 data at any time, and such data is forwarded to/from the shell or
@@ -355,7 +361,8 @@
 option is set, runs it; else if
 .Pa /etc/ssh/sshrc
 exists, runs
-it; otherwise runs xauth.
+it; otherwise runs
+.Xr xauth 1 .
 The
 .Dq rc
 files are given the X11
@@ -631,6 +638,13 @@
 .Cm ecdsa-sk
 and
 .Cm ed25519-sk .
+.It Cm verify-required
+Require that signatures made using this key attest that they verified
+the user, e.g. via a PIN.
+This option only makes sense for the FIDO authenticator algorithms
+.Cm ecdsa-sk
+and
+.Cm ed25519-sk .
 .It Cm restrict
 Enable all restrictions, i.e. disable port, agent and X11 forwarding,
 as well as disabling PTY allocation
@@ -658,24 +672,25 @@
 .Pp
 An example authorized_keys file:
 .Bd -literal -offset 3n
-# Comments allowed at start of line
-ssh-rsa AAAAB3Nza...LiPk== user@example.net
-from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
-AAAAB2...19Q== john@example.net
-command="dump /home",no-pty,no-port-forwarding ssh-rsa
-AAAAC3...51R== example.net
-permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa
-AAAAB5...21S==
-permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa
-AAAAB5...21S==
-tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
-jane@example.net
-restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
-user@example.net
-restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
-user@example.net
-no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInN...Ko==
-user@example.net
+# Comments are allowed at start of line. Blank lines are allowed.
+# Plain key, no restrictions
+ssh-rsa ...
+# Forced command, disable PTY and all forwarding
+restrict,command="dump /home" ssh-rsa ...
+# Restriction of ssh -L forwarding destinations
+permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ...
+# Restriction of ssh -R forwarding listeners
+permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ...
+# Configuration for tunnel forwarding
+tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ...
+# Override of restriction to allow PTY allocation
+restrict,pty,command="nethack" ssh-rsa ...
+# Allow FIDO key without requiring touch
+no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ...
+# Require user-verification (e.g. PIN or biometric) for FIDO key
+verify-required sk-ecdsa-sha2-nistp256@openssh.com ...
+# Trust CA key, allow touch-less FIDO if requested in certificate
+cert-authority,no-touch-required,principals="user_a" ssh-rsa ...
 .Ed
 .Sh SSH_KNOWN_HOSTS FILE FORMAT
 The
@@ -688,7 +703,7 @@
 maintained automatically: whenever the user connects to an unknown host,
 its key is added to the per-user file.
 .Pp
-Each line in these files contains the following fields: markers (optional),
+Each line in these files contains the following fields: marker (optional),
 hostnames, keytype, base64-encoded key, comment.
 The fields are separated by spaces.
 .Pp

sshd.c

diff --git a/sshd.c b/sshd.c
index fba25e6..c738061 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.552 2020/03/13 04:01:57 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.578 2021/07/19 02:21:50 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -123,6 +123,8 @@
 #include "version.h"
 #include "ssherr.h"
 #include "sk-api.h"
+#include "srclimit.h"
+#include "dh.h"
 
 /* Re-exec fds */
 #define REEXEC_DEVCRYPTO_RESERVED_FD	(STDERR_FILENO + 1)
@@ -204,13 +206,6 @@
 static volatile sig_atomic_t received_sighup = 0;
 static volatile sig_atomic_t received_sigterm = 0;
 
-/* session identifier, used by RSA-auth */
-u_char session_id[16];
-
-/* same for ssh2 */
-u_char *session_id2 = NULL;
-u_int session_id2_len = 0;
-
 /* record remote hostname or ip */
 u_int utmp_len = HOST_NAME_MAX+1;
 
@@ -346,8 +341,6 @@
 	pid_t pid;
 	int status;
 
-	debug("main_sigchld_handler: %s", strsignal(sig));
-
 	while ((pid = waitpid(-1, &status, WNOHANG)) > 0 ||
 	    (pid == -1 && errno == EINTR))
 		;
@@ -373,11 +366,14 @@
 		kill(0, SIGTERM);
 	}
 
-	/* XXX pre-format ipaddr/port so we don't need to access active_state */
 	/* Log error and exit. */
-	sigdie("Timeout before authentication for %s port %d",
-	    ssh_remote_ipaddr(the_active_state),
-	    ssh_remote_port(the_active_state));
+	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
+		cleanup_exit(255); /* don't log in privsep child */
+	else {
+		sigdie("Timeout before authentication for %s port %d",
+		    ssh_remote_ipaddr(the_active_state),
+		    ssh_remote_port(the_active_state));
+	}
 }
 
 /* Destroy the host and server keys.  They will no longer be needed. */
@@ -410,9 +406,8 @@
 		if (sensitive_data.host_keys[i]) {
 			if ((r = sshkey_from_private(
 			    sensitive_data.host_keys[i], &tmp)) != 0)
-				fatal("could not demote host %s key: %s",
-				    sshkey_type(sensitive_data.host_keys[i]),
-				    ssh_err(r));
+				fatal_r(r, "could not demote host %s key",
+				    sshkey_type(sensitive_data.host_keys[i]));
 			sshkey_free(sensitive_data.host_keys[i]);
 			sensitive_data.host_keys[i] = tmp;
 		}
@@ -502,8 +497,7 @@
 		if (have_agent) {
 			r = ssh_get_authentication_socket(&auth_sock);
 			if (r != 0) {
-				error("Could not get agent socket: %s",
-				    ssh_err(r));
+				error_r(r, "Could not get agent socket");
 				have_agent = 0;
 			}
 		}
@@ -516,17 +510,17 @@
 			if (errno == EINTR)
 				continue;
 			pmonitor->m_pid = -1;
-			fatal("%s: waitpid: %s", __func__, strerror(errno));
+			fatal_f("waitpid: %s", strerror(errno));
 		}
 		privsep_is_preauth = 0;
 		pmonitor->m_pid = -1;
 		if (WIFEXITED(status)) {
 			if (WEXITSTATUS(status) != 0)
-				fatal("%s: preauth child exited with status %d",
-				    __func__, WEXITSTATUS(status));
+				fatal_f("preauth child exited with status %d",
+				    WEXITSTATUS(status));
 		} else if (WIFSIGNALED(status))
-			fatal("%s: preauth child terminated by signal %d",
-			    __func__, WTERMSIG(status));
+			fatal_f("preauth child terminated by signal %d",
+			    WTERMSIG(status));
 		if (box != NULL)
 			ssh_sandbox_parent_finish(box);
 		return 1;
@@ -606,12 +600,11 @@
 	int r;
 
 	if (match_pattern_list(s, options.hostkeyalgorithms, 0) != 1) {
-		debug3("%s: %s key not permitted by HostkeyAlgorithms",
-		    __func__, s);
+		debug3_f("%s key not permitted by HostkeyAlgorithms", s);
 		return;
 	}
 	if ((r = sshbuf_putf(b, "%s%s", sshbuf_len(b) > 0 ? "," : "", s)) != 0)
-		fatal("%s: sshbuf_putf: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_putf");
 }
 
 static char *
@@ -623,7 +616,7 @@
 	u_int i;
 
 	if ((b = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	for (i = 0; i < options.num_host_key_files; i++) {
 		key = sensitive_data.host_keys[i];
 		if (key == NULL)
@@ -668,9 +661,9 @@
 		}
 	}
 	if ((ret = sshbuf_dup_string(b)) == NULL)
-		fatal("%s: sshbuf_dup_string failed", __func__);
+		fatal_f("sshbuf_dup_string failed");
 	sshbuf_free(b);
-	debug("%s: %s", __func__, ret);
+	debug_f("%s", ret);
 	return ret;
 }
 
@@ -784,7 +777,7 @@
 		return;
 
 	if ((buf = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new", __func__);
+		fatal_f("sshbuf_new");
 	for (i = nkeys = 0; i < options.num_host_key_files; i++) {
 		key = get_hostkey_public_by_index(i, ssh);
 		if (key == NULL || key->type == KEY_UNSPEC ||
@@ -792,8 +785,7 @@
 			continue;
 		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT);
-		debug3("%s: key %d: %s %s", __func__, i,
-		    sshkey_ssh_name(key), fp);
+		debug3_f("key %d: %s %s", i, sshkey_ssh_name(key), fp);
 		free(fp);
 		if (nkeys == 0) {
 			/*
@@ -808,15 +800,14 @@
 		/* Append the key to the request */
 		sshbuf_reset(buf);
 		if ((r = sshkey_putb(key, buf)) != 0)
-			fatal("%s: couldn't put hostkey %d: %s",
-			    __func__, i, ssh_err(r));
+			fatal_fr(r, "couldn't put hostkey %d", i);
 		if ((r = sshpkt_put_stringb(ssh, buf)) != 0)
 			sshpkt_fatal(ssh, r, "%s: append key", __func__);
 		nkeys++;
 	}
-	debug3("%s: sent %u hostkeys", __func__, nkeys);
+	debug3_f("sent %u hostkeys", nkeys);
 	if (nkeys == 0)
-		fatal("%s: no hostkeys", __func__);
+		fatal_f("no hostkeys");
 	if ((r = sshpkt_send(ssh)) != 0)
 		sshpkt_fatal(ssh, r, "%s: send", __func__);
 	sshbuf_free(buf);
@@ -829,7 +820,7 @@
  * all connections are dropped for startups > max_startups
  */
 static int
-drop_connection(int startups)
+should_drop_connection(int startups)
 {
 	int p, r;
 
@@ -846,21 +837,73 @@
 	p += options.max_startups_rate;
 	r = arc4random_uniform(100);
 
-	debug("drop_connection: p %d, r %d", p, r);
+	debug_f("p %d, r %d", p, r);
 	return (r < p) ? 1 : 0;
 }
 
+/*
+ * Check whether connection should be accepted by MaxStartups.
+ * Returns 0 if the connection is accepted. If the connection is refused,
+ * returns 1 and attempts to send notification to client.
+ * Logs when the MaxStartups condition is entered or exited, and periodically
+ * while in that state.
+ */
+static int
+drop_connection(int sock, int startups, int notify_pipe)
+{
+	char *laddr, *raddr;
+	const char msg[] = "Exceeded MaxStartups\r\n";
+	static time_t last_drop, first_drop;
+	static u_int ndropped;
+	LogLevel drop_level = SYSLOG_LEVEL_VERBOSE;
+	time_t now;
+
+	now = monotime();
+	if (!should_drop_connection(startups) &&
+	    srclimit_check_allow(sock, notify_pipe) == 1) {
+		if (last_drop != 0 &&
+		    startups < options.max_startups_begin - 1) {
+			/* XXX maybe need better hysteresis here */
+			logit("exited MaxStartups throttling after %s, "
+			    "%u connections dropped",
+			    fmt_timeframe(now - first_drop), ndropped);
+			last_drop = 0;
+		}
+		return 0;
+	}
+
+#define SSHD_MAXSTARTUPS_LOG_INTERVAL	(5 * 60)
+	if (last_drop == 0) {
+		error("beginning MaxStartups throttling");
+		drop_level = SYSLOG_LEVEL_INFO;
+		first_drop = now;
+		ndropped = 0;
+	} else if (last_drop + SSHD_MAXSTARTUPS_LOG_INTERVAL < now) {
+		/* Periodic logs */
+		error("in MaxStartups throttling for %s, "
+		    "%u connections dropped",
+		    fmt_timeframe(now - first_drop), ndropped + 1);
+		drop_level = SYSLOG_LEVEL_INFO;
+	}
+	last_drop = now;
+	ndropped++;
+
+	laddr = get_local_ipaddr(sock);
+	raddr = get_peer_ipaddr(sock);
+	do_log2(drop_level, "drop connection #%d from [%s]:%d on [%s]:%d "
+	    "past MaxStartups", startups, raddr, get_peer_port(sock),
+	    laddr, get_local_port(sock));
+	free(laddr);
+	free(raddr);
+	/* best-effort notification to client */
+	(void)write(sock, msg, sizeof(msg) - 1);
+	return 1;
+}
+
 static void
 usage(void)
 {
-	fprintf(stderr, "%s, %s\n",
-	    SSH_RELEASE,
-#ifdef WITH_OPENSSL
-	    OpenSSL_version(OPENSSL_VERSION)
-#else
-	    "without OpenSSL"
-#endif
-	);
+	fprintf(stderr, "%s, %s\n", SSH_RELEASE, SSH_OPENSSL_VERSION);
 	fprintf(stderr,
 "usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]\n"
 "            [-E log_file] [-f config_file] [-g login_grace_time]\n"
@@ -876,18 +919,18 @@
 	struct include_item *item = NULL;
 	int r;
 
-	debug3("%s: entering fd = %d config len %zu", __func__, fd,
+	debug3_f("entering fd = %d config len %zu", fd,
 	    sshbuf_len(conf));
 
 	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	/* pack includes into a string */
 	TAILQ_FOREACH(item, &includes, entry) {
 		if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 ||
 		    (r = sshbuf_put_cstring(inc, item->filename)) != 0 ||
 		    (r = sshbuf_put_stringb(inc, item->contents)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "compose includes");
 	}
 
 	/*
@@ -902,17 +945,17 @@
 	 */
 	if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
 	    (r = sshbuf_put_stringb(m, inc)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose config");
 #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
 	rexec_send_rng_seed(m);
 #endif
 	if (ssh_msg_send(fd, 0, m) == -1)
-		fatal("%s: ssh_msg_send failed", __func__);
+		error_f("ssh_msg_send failed");
 
 	sshbuf_free(m);
 	sshbuf_free(inc);
 
-	debug3("%s: done", __func__);
+	debug3_f("done");
 }
 
 static void
@@ -924,50 +967,48 @@
 	int r;
 	struct include_item *item;
 
-	debug3("%s: entering fd = %d", __func__, fd);
+	debug3_f("entering fd = %d", fd);
 
 	if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if (ssh_msg_recv(fd, m) == -1)
-		fatal("%s: ssh_msg_recv failed", __func__);
+		fatal_f("ssh_msg_recv failed");
 	if ((r = sshbuf_get_u8(m, &ver)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse version");
 	if (ver != 0)
-		fatal("%s: rexec version mismatch", __func__);
+		fatal_f("rexec version mismatch");
 	if ((r = sshbuf_get_string(m, &cp, &len)) != 0 ||
 	    (r = sshbuf_get_stringb(m, inc)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse config");
 
 #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
 	rexec_recv_rng_seed(m);
 #endif
 
 	if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "sshbuf_put");
 
 	while (sshbuf_len(inc) != 0) {
 		item = xcalloc(1, sizeof(*item));
 		if ((item->contents = sshbuf_new()) == NULL)
-			fatal("%s: sshbuf_new failed", __func__);
+			fatal_f("sshbuf_new failed");
 		if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 ||
 		    (r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 ||
 		    (r = sshbuf_get_stringb(inc, item->contents)) != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse includes");
 		TAILQ_INSERT_TAIL(&includes, item, entry);
 	}
 
 	free(cp);
 	sshbuf_free(m);
 
-	debug3("%s: done", __func__);
+	debug3_f("done");
 }
 
 /* Accept a connection from inetd */
 static void
 server_accept_inetd(int *sock_in, int *sock_out)
 {
-	int fd;
-
 	if (rexeced_flag) {
 		close(REEXEC_CONFIG_PASS_FD);
 		*sock_in = *sock_out = dup(STDIN_FILENO);
@@ -980,14 +1021,8 @@
 	 * as our code for setting the descriptors won't work if
 	 * ttyfd happens to be one of those.
 	 */
-	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
-		dup2(fd, STDIN_FILENO);
-		dup2(fd, STDOUT_FILENO);
-		if (!log_stderr)
-			dup2(fd, STDERR_FILENO);
-		if (fd > (log_stderr ? STDERR_FILENO : STDOUT_FILENO))
-			close(fd);
-	}
+	if (stdfd_devnull(1, 1, !log_stderr) == -1)
+		error_f("stdfd_devnull failed");
 	debug("inetd sockets after dupping: %d, %d", *sock_in, *sock_out);
 }
 
@@ -1071,6 +1106,10 @@
 {
 	u_int i;
 
+	/* Initialise per-source limit tracking. */
+	srclimit_init(options.max_startups, options.per_source_max_startups,
+	    options.per_source_masklen_ipv4, options.per_source_masklen_ipv6);
+
 	for (i = 0; i < options.num_listen_addrs; i++) {
 		listen_on_addrs(&options.listen_addrs[i]);
 		freeaddrinfo(options.listen_addrs[i].addrs);
@@ -1102,6 +1141,7 @@
 	socklen_t fromlen;
 	pid_t pid;
 	u_char rnd[256];
+	sigset_t nsigset, osigset;
 
 	/* setup fd set for accept */
 	fdset = NULL;
@@ -1116,10 +1156,31 @@
 		startup_pipes[i] = -1;
 
 	/*
+	 * Prepare signal mask that we use to block signals that might set
+	 * received_sigterm or received_sighup, so that we are guaranteed
+	 * to immediately wake up the pselect if a signal is received after
+	 * the flag is checked.
+	 */
+	sigemptyset(&nsigset);
+	sigaddset(&nsigset, SIGHUP);
+	sigaddset(&nsigset, SIGCHLD);
+	sigaddset(&nsigset, SIGTERM);
+	sigaddset(&nsigset, SIGQUIT);
+
+	/*
 	 * Stay listening for connections until the system crashes or
 	 * the daemon is killed with a signal.
 	 */
 	for (;;) {
+		sigprocmask(SIG_BLOCK, &nsigset, &osigset);
+		if (received_sigterm) {
+			logit("Received signal %d; terminating.",
+			    (int) received_sigterm);
+			close_listen_socks();
+			if (options.pid_file != NULL)
+				unlink(options.pid_file);
+			exit(received_sigterm == SIGTERM ? 0 : 255);
+		}
 		if (ostartups != startups) {
 			setproctitle("%s [listener] %d of %d-%d startups",
 			    listener_proctitle, startups,
@@ -1132,8 +1193,10 @@
 				close_listen_socks();
 				lameduck = 1;
 			}
-			if (listening <= 0)
+			if (listening <= 0) {
+				sigprocmask(SIG_SETMASK, &osigset, NULL);
 				sighup_restart();
+			}
 		}
 		free(fdset);
 		fdset = xcalloc(howmany(maxfd + 1, NFDBITS),
@@ -1145,18 +1208,11 @@
 			if (startup_pipes[i] != -1)
 				FD_SET(startup_pipes[i], fdset);
 
-		/* Wait in select until there is a connection. */
-		ret = select(maxfd+1, fdset, NULL, NULL, NULL);
+		/* Wait until a connection arrives or a child exits. */
+		ret = pselect(maxfd+1, fdset, NULL, NULL, NULL, &osigset);
 		if (ret == -1 && errno != EINTR)
-			error("select: %.100s", strerror(errno));
-		if (received_sigterm) {
-			logit("Received signal %d; terminating.",
-			    (int) received_sigterm);
-			close_listen_socks();
-			if (options.pid_file != NULL)
-				unlink(options.pid_file);
-			exit(received_sigterm == SIGTERM ? 0 : 255);
-		}
+			error("pselect: %.100s", strerror(errno));
+		sigprocmask(SIG_SETMASK, &osigset, NULL);
 		if (ret == -1)
 			continue;
 
@@ -1169,14 +1225,15 @@
 				if (errno == EINTR || errno == EAGAIN)
 					continue;
 				if (errno != EPIPE) {
-					error("%s: startup pipe %d (fd=%d): "
-					    "read %s", __func__, i,
-					    startup_pipes[i], strerror(errno));
+					error_f("startup pipe %d (fd=%d): "
+					    "read %s", i, startup_pipes[i],
+					    strerror(errno));
 				}
 				/* FALLTHROUGH */
 			case 0:
 				/* child exited or completed auth */
 				close(startup_pipes[i]);
+				srclimit_done(startup_pipes[i]);
 				startup_pipes[i] = -1;
 				startups--;
 				if (startup_flags[i])
@@ -1206,28 +1263,13 @@
 					usleep(100 * 1000);
 				continue;
 			}
-			if (unset_nonblock(*newsock) == -1) {
-				close(*newsock);
+			if (unset_nonblock(*newsock) == -1 ||
+			    pipe(startup_p) == -1)
 				continue;
-			}
-			if (drop_connection(startups) == 1) {
-				char *laddr = get_local_ipaddr(*newsock);
-				char *raddr = get_peer_ipaddr(*newsock);
-				char msg[] = "Exceeded MaxStartups\r\n";
-
-				verbose("drop connection #%d from [%s]:%d "
-				    "on [%s]:%d past MaxStartups", startups,
-				    raddr, get_peer_port(*newsock),
-				    laddr, get_local_port(*newsock));
-				free(laddr);
-				free(raddr);
-				/* best-effort notification to client */
-				(void)write(*newsock, msg, strlen(msg));
+			if (drop_connection(*newsock, startups, startup_p[0])) {
 				close(*newsock);
-				continue;
-			}
-			if (pipe(startup_p) == -1) {
-				close(*newsock);
+				close(startup_p[0]);
+				close(startup_p[1]);
 				continue;
 			}
 
@@ -1328,9 +1370,9 @@
 			close(startup_p[1]);
 
 			if (rexec_flag) {
+				close(config_s[1]);
 				send_rexec_state(config_s[0], cfg);
 				close(config_s[0]);
-				close(config_s[1]);
 			}
 			close(*newsock);
 
@@ -1426,7 +1468,7 @@
 	if (rtable != ortable && setrtable(rtable) != 0)
 		fatal("Unable to set routing domain %d: %s",
 		    rtable, strerror(errno));
-	debug("%s: set routing domain %d (was %d)", __func__, rtable, ortable);
+	debug_f("set routing domain %d (was %d)", rtable, ortable);
 #else /* defined(__OpenBSD__) */
 	fatal("Unable to set routing domain: not supported in this platform");
 #endif
@@ -1443,16 +1485,16 @@
 	int r;
 
 	if (ctx == NULL && (ctx = ssh_digest_start(SSH_DIGEST_SHA512)) == NULL)
-		fatal("%s: ssh_digest_start", __func__);
+		fatal_f("ssh_digest_start");
 	if (key == NULL) { /* finalize */
 		/* add server config in case we are using agent for host keys */
 		if (ssh_digest_update(ctx, sshbuf_ptr(server_cfg),
 		    sshbuf_len(server_cfg)) != 0)
-			fatal("%s: ssh_digest_update", __func__);
+			fatal_f("ssh_digest_update");
 		len = ssh_digest_bytes(SSH_DIGEST_SHA512);
 		hash = xmalloc(len);
 		if (ssh_digest_final(ctx, hash, len) != 0)
-			fatal("%s: ssh_digest_final", __func__);
+			fatal_f("ssh_digest_final");
 		options.timing_secret = PEEK_U64(hash);
 		freezero(hash, len);
 		ssh_digest_free(ctx);
@@ -1460,11 +1502,11 @@
 		return;
 	}
 	if ((buf = sshbuf_new()) == NULL)
-		fatal("%s could not allocate buffer", __func__);
+		fatal_f("could not allocate buffer");
 	if ((r = sshkey_private_serialize(key, buf)) != 0)
-		fatal("sshkey_private_serialize: %s", ssh_err(r));
+		fatal_fr(r, "decode key");
 	if (ssh_digest_update(ctx, sshbuf_ptr(buf), sshbuf_len(buf)) != 0)
-		fatal("%s: ssh_digest_update", __func__);
+		fatal_f("ssh_digest_update");
 	sshbuf_reset(buf);
 	sshbuf_free(buf);
 }
@@ -1680,12 +1722,13 @@
 	 */
 	if (test_flag < 2 && connection_info != NULL)
 		fatal("Config test connection parameter (-C) provided without "
-		   "test mode (-T)");
+		    "test mode (-T)");
 
 	/* Fetch our configuration */
 	if ((cfg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	if (rexeced_flag) {
+		setproctitle("%s", "[rexeced]");
 		recv_rexec_state(REEXEC_CONFIG_PASS_FD, cfg);
 		if (!debug_flag) {
 			startup_pipe = dup(REEXEC_STARTUP_PIPE_FD);
@@ -1702,13 +1745,14 @@
 	parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
 	    cfg, &includes, NULL);
 
+#ifdef WITH_OPENSSL
+	if (options.moduli_file != NULL)
+		dh_set_moduli_file(options.moduli_file);
+#endif
+
 	/* Fill in default values for those options not explicitly set. */
 	fill_default_server_options(&options);
 
-	/* challenge-response is implemented via keyboard interactive */
-	if (options.challenge_response_authentication)
-		options.kbd_interactive_authentication = 1;
-
 	/* Check that options are sensible */
 	if (options.authorized_keys_command_user == NULL &&
 	    (options.authorized_keys_command != NULL &&
@@ -1744,13 +1788,7 @@
 		exit(1);
 	}
 
-	debug("sshd version %s, %s", SSH_VERSION,
-#ifdef WITH_OPENSSL
-	    OpenSSL_version(OPENSSL_VERSION)
-#else
-	    "without OpenSSL"
-#endif
-	);
+	debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
 
 	/* Store privilege separation user for later use if required. */
 	privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
@@ -1780,8 +1818,8 @@
 		if ((r = ssh_get_authentication_socket(NULL)) == 0)
 			have_agent = 1;
 		else
-			error("Could not connect to agent \"%s\": %s",
-			    options.host_key_agent, ssh_err(r));
+			error_r(r, "Could not connect to agent \"%s\"",
+			    options.host_key_agent);
 	}
 
 	for (i = 0; i < options.num_host_key_files; i++) {
@@ -1792,8 +1830,8 @@
 			continue;
 		if ((r = sshkey_load_private(options.host_key_files[i], "",
 		    &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
-			do_log2(ll, "Unable to load host key \"%s\": %s",
-			    options.host_key_files[i], ssh_err(r));
+			do_log2_r(r, ll, "Unable to load host key \"%s\"",
+			    options.host_key_files[i]);
 		if (sshkey_is_sk(key) &&
 		    key->sk_flags & SSH_SK_USER_PRESENCE_REQD) {
 			debug("host key %s requires user presence, ignoring",
@@ -1802,19 +1840,28 @@
 		}
 		if (r == 0 && key != NULL &&
 		    (r = sshkey_shield_private(key)) != 0) {
-			do_log2(ll, "Unable to shield host key \"%s\": %s",
-			    options.host_key_files[i], ssh_err(r));
+			do_log2_r(r, ll, "Unable to shield host key \"%s\"",
+			    options.host_key_files[i]);
 			sshkey_free(key);
 			key = NULL;
 		}
 		if ((r = sshkey_load_public(options.host_key_files[i],
 		    &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
-			do_log2(ll, "Unable to load host key \"%s\": %s",
-			    options.host_key_files[i], ssh_err(r));
-		if (pubkey == NULL && key != NULL)
+			do_log2_r(r, ll, "Unable to load host key \"%s\"",
+			    options.host_key_files[i]);
+		if (pubkey != NULL && key != NULL) {
+			if (!sshkey_equal(pubkey, key)) {
+				error("Public key for %s does not match "
+				    "private key", options.host_key_files[i]);
+				sshkey_free(pubkey);
+				pubkey = NULL;
+			}
+		}
+		if (pubkey == NULL && key != NULL) {
 			if ((r = sshkey_from_private(key, &pubkey)) != 0)
-				fatal("Could not demote key: \"%s\": %s",
-				    options.host_key_files[i], ssh_err(r));
+				fatal_r(r, "Could not demote key: \"%s\"",
+				    options.host_key_files[i]);
+		}
 		sensitive_data.host_keys[i] = key;
 		sensitive_data.host_pubkeys[i] = pubkey;
 
@@ -1872,8 +1919,8 @@
 			continue;
 		if ((r = sshkey_load_public(options.host_cert_files[i],
 		    &key, NULL)) != 0) {
-			error("Could not load host certificate \"%s\": %s",
-			    options.host_cert_files[i], ssh_err(r));
+			error_r(r, "Could not load host certificate \"%s\"",
+			    options.host_cert_files[i]);
 			continue;
 		}
 		if (!sshkey_is_cert(key)) {
@@ -1885,7 +1932,7 @@
 		/* Find matching private key */
 		for (j = 0; j < options.num_host_key_files; j++) {
 			if (sshkey_equal_public(key,
-			    sensitive_data.host_keys[j])) {
+			    sensitive_data.host_pubkeys[j])) {
 				sensitive_data.host_certificates[j] = key;
 				break;
 			}
@@ -1966,7 +2013,10 @@
 	/* Initialize the log (it is reinitialized below in case we forked). */
 	if (debug_flag && (!inetd_flag || rexeced_flag))
 		log_stderr = 1;
-	log_init(__progname, options.log_level, options.log_facility, log_stderr);
+	log_init(__progname, options.log_level,
+	    options.log_facility, log_stderr);
+	for (i = 0; i < options.num_log_verbose; i++)
+		log_verbose_add(options.log_verbose[i]);
 
 	/*
 	 * If not in debugging mode, not started from inetd and not already
@@ -1984,8 +2034,10 @@
 	/* Reinitialize the log (because of the fork above). */
 	log_init(__progname, options.log_level, options.log_facility, log_stderr);
 
-	/* Chdir to the root directory so that the current disk can be
-	   unmounted if desired. */
+	/*
+	 * Chdir to the root directory so that the current disk can be
+	 * unmounted if desired.
+	 */
 	if (chdir("/") == -1)
 		error("chdir(\"/\"): %s", strerror(errno));
 
@@ -2044,8 +2096,6 @@
 #endif
 
 	if (rexec_flag) {
-		int fd;
-
 		debug("rexec start in %d out %d newsock %d pipe %d sock %d",
 		    sock_in, sock_out, newsock, startup_pipe, config_s[0]);
 		dup2(newsock, STDIN_FILENO);
@@ -2061,6 +2111,7 @@
 		dup2(config_s[1], REEXEC_CONFIG_PASS_FD);
 		close(config_s[1]);
 
+		ssh_signal(SIGHUP, SIG_IGN); /* avoid reset to SIG_DFL */
 		execv(rexec_argv[0], rexec_argv);
 
 		/* Reexec has failed, fall back and continue */
@@ -2072,12 +2123,8 @@
 		/* Clean up fds */
 		close(REEXEC_CONFIG_PASS_FD);
 		newsock = sock_out = sock_in = dup(STDIN_FILENO);
-		if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
-			dup2(fd, STDIN_FILENO);
-			dup2(fd, STDOUT_FILENO);
-			if (fd > STDERR_FILENO)
-				close(fd);
-		}
+		if (stdfd_devnull(1, 1, 0) == -1)
+			error_f("stdfd_devnull failed");
 		debug("rexec cleanup in %d out %d newsock %d pipe %d sock %d",
 		    sock_in, sock_out, newsock, startup_pipe, config_s[0]);
 	}
@@ -2178,7 +2225,7 @@
 
 	/* prepare buffer to collect messages to display to user after login */
 	if ((loginmsg = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 	auth_debug_reset();
 
 	if (use_privsep) {
@@ -2186,7 +2233,7 @@
 			goto authenticated;
 	} else if (have_agent) {
 		if ((r = ssh_get_authentication_socket(&auth_sock)) != 0) {
-			error("Unable to get agent socket: %s", ssh_err(r));
+			error_r(r, "Unable to get agent socket");
 			have_agent = 0;
 		}
 	}
@@ -2289,26 +2336,25 @@
 	if (use_privsep) {
 		if (privkey) {
 			if (mm_sshkey_sign(ssh, privkey, signature, slenp,
-			    data, dlen, alg, options.sk_provider,
+			    data, dlen, alg, options.sk_provider, NULL,
 			    ssh->compat) < 0)
-				fatal("%s: privkey sign failed", __func__);
+				fatal_f("privkey sign failed");
 		} else {
 			if (mm_sshkey_sign(ssh, pubkey, signature, slenp,
-			    data, dlen, alg, options.sk_provider,
+			    data, dlen, alg, options.sk_provider, NULL,
 			    ssh->compat) < 0)
-				fatal("%s: pubkey sign failed", __func__);
+				fatal_f("pubkey sign failed");
 		}
 	} else {
 		if (privkey) {
 			if (sshkey_sign(privkey, signature, slenp, data, dlen,
-			    alg, options.sk_provider, ssh->compat) < 0)
-				fatal("%s: privkey sign failed", __func__);
+			    alg, options.sk_provider, NULL, ssh->compat) < 0)
+				fatal_f("privkey sign failed");
 		} else {
 			if ((r = ssh_agent_sign(auth_sock, pubkey,
 			    signature, slenp, data, dlen, alg,
 			    ssh->compat)) != 0) {
-				fatal("%s: agent sign failed: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "agent sign failed");
 			}
 		}
 	}
@@ -2323,11 +2369,11 @@
 	struct kex *kex;
 	int r;
 
-	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh,
 	    options.kex_algorithms);
-	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
+	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh,
 	    options.ciphers);
-	myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
+	myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(ssh,
 	    options.ciphers);
 	myproposal[PROPOSAL_MAC_ALGS_CTOS] =
 	    myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
@@ -2342,11 +2388,11 @@
 		    options.rekey_interval);
 
 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
-	    list_hostkey_types());
+	    ssh, list_hostkey_types());
 
 	/* start key exchange */
 	if ((r = kex_setup(ssh, myproposal)) != 0)
-		fatal("kex_setup: %s", ssh_err(r));
+		fatal_r(r, "kex_setup");
 	kex = ssh->kex;
 #ifdef WITH_OPENSSL
 	kex->kex[KEX_DH_GRP1_SHA1] = kex_gen_server;
@@ -2361,7 +2407,7 @@
 # endif
 #endif
 	kex->kex[KEX_C25519_SHA256] = kex_gen_server;
-	kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server;
+	kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server;
 	kex->load_host_public_key=&get_hostkey_public_by_type;
 	kex->load_host_private_key=&get_hostkey_private_by_type;
 	kex->host_key_index=&get_hostkey_index;
@@ -2369,15 +2415,13 @@
 
 	ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &kex->done);
 
-	session_id2 = kex->session_id;
-	session_id2_len = kex->session_id_len;
-
 #ifdef DEBUG_KEXDH
 	/* send 1st encrypted/maced/compressed message */
-	packet_start(SSH2_MSG_IGNORE);
-	packet_put_cstring("markus");
-	packet_send();
-	packet_write_wait();
+	if ((r = sshpkt_start(ssh, SSH2_MSG_IGNORE)) != 0 ||
+	    (r = sshpkt_put_cstring(ssh, "markus")) != 0 ||
+	    (r = sshpkt_send(ssh)) != 0 ||
+	    (r = ssh_packet_write_wait(ssh)) != 0)
+		fatal_fr(r, "send test");
 #endif
 	debug("KEX done");
 }
@@ -2392,9 +2436,10 @@
 		    pmonitor != NULL && pmonitor->m_pid > 1) {
 			debug("Killing privsep child %d", pmonitor->m_pid);
 			if (kill(pmonitor->m_pid, SIGKILL) != 0 &&
-			    errno != ESRCH)
-				error("%s: kill(%d): %s", __func__,
-				    pmonitor->m_pid, strerror(errno));
+			    errno != ESRCH) {
+				error_f("kill(%d): %s", pmonitor->m_pid,
+				    strerror(errno));
+			}
 		}
 	}
 #ifdef SSH_AUDIT_EVENTS

sshd_config

diff --git a/sshd_config b/sshd_config
index 19b7c91..c423eba 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+#	$OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -58,7 +58,7 @@
 #PermitEmptyPasswords no
 
 # Change to no to disable s/key passwords
-#ChallengeResponseAuthentication yes
+#KbdInteractiveAuthentication yes
 
 # Kerberos options
 #KerberosAuthentication no
@@ -72,13 +72,13 @@
 
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
+# be allowed through the KbdInteractiveAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
+# PAM authentication via KbdInteractiveAuthentication may bypass
 # the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
+# and KbdInteractiveAuthentication to 'no'.
 #UsePAM no
 
 #AllowAgentForwarding yes

sshd_config.5

diff --git a/sshd_config.5 b/sshd_config.5
index b294efc..a8d0545 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.311 2020/04/17 06:12:41 jmc Exp $
-.Dd $Mdocdate: April 17 2020 $
+.\" $OpenBSD: sshd_config.5,v 1.335 2021/09/03 05:25:50 dtucker Exp $
+.Dd $Mdocdate: September 3 2021 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -377,18 +377,24 @@
 by certificate authorities (CAs).
 The default is:
 .Bd -literal -offset indent
-ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
+ssh-ed25519,ecdsa-sha2-nistp256,
+ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+sk-ssh-ed25519@openssh.com,
+sk-ecdsa-sha2-nistp256@openssh.com,
+rsa-sha2-512,rsa-sha2-256
 .Ed
 .Pp
+If the specified list begins with a
+.Sq +
+character, then the specified algorithms will be appended to the default set
+instead of replacing them.
+If the specified list begins with a
+.Sq -
+character, then the specified algorithms (including wildcards) will be removed
+from the default set instead of replacing them.
+.Pp
 Certificates signed using other algorithms will not be accepted for
 public key or host-based authentication.
-.It Cm ChallengeResponseAuthentication
-Specifies whether challenge-response authentication is allowed (e.g. via
-PAM or through authentication styles supported in
-.Xr login.conf 5 )
-The default is
-.Cm yes .
 .It Cm ChrootDirectory
 Specifies the pathname of a directory to
 .Xr chroot 2
@@ -658,40 +664,42 @@
 This facility is provided to assist with operation on multi homed machines.
 The default is
 .Cm yes .
-.It Cm HostbasedAcceptedKeyTypes
-Specifies the key types that will be accepted for hostbased authentication
-as a list of comma-separated patterns.
+.It Cm HostbasedAcceptedAlgorithms
+Specifies the signature algorithms that will be accepted for hostbased
+authentication as a list of comma-separated patterns.
 Alternately if the specified list begins with a
 .Sq +
-character, then the specified key types will be appended to the default set
-instead of replacing them.
+character, then the specified signature algorithms will be appended to
+the default set instead of replacing them.
 If the specified list begins with a
 .Sq -
-character, then the specified key types (including wildcards) will be removed
-from the default set instead of replacing them.
+character, then the specified signature algorithms (including wildcards)
+will be removed from the default set instead of replacing them.
 If the specified list begins with a
 .Sq ^
-character, then the specified key types will be placed at the head of the
-default set.
+character, then the specified signature algorithms will be placed at
+the head of the default set.
 The default for this option is:
 .Bd -literal -offset 3n
+ssh-ed25519-cert-v01@openssh.com,
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
 ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
-ssh-ed25519-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
+sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,
+ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
-ssh-ed25519,sk-ssh-ed25519@openssh.com,
 rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
-The list of available key types may also be obtained using
-.Qq ssh -Q HostbasedAcceptedKeyTypes .
+The list of available signature algorithms may also be obtained using
+.Qq ssh -Q HostbasedAcceptedAlgorithms .
+This was formerly named HostbasedAcceptedKeyTypes.
 .It Cm HostbasedAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful public key client host authentication is allowed
@@ -754,26 +762,27 @@
 .Ev SSH_AUTH_SOCK
 environment variable.
 .It Cm HostKeyAlgorithms
-Specifies the host key algorithms
+Specifies the host key signature algorithms
 that the server offers.
 The default for this option is:
 .Bd -literal -offset 3n
+ssh-ed25519-cert-v01@openssh.com,
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
 ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
-ssh-ed25519-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
+sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,
+ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
-ssh-ed25519,sk-ssh-ed25519@openssh.com,
 rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
-The list of available key types may also be obtained using
+The list of available signature algorithms may also be obtained using
 .Qq ssh -Q HostKeyAlgorithms .
 .It Cm IgnoreRhosts
 Specifies whether to ignore per-user
@@ -817,7 +826,7 @@
 Include the specified configuration file(s).
 Multiple pathnames may be specified and each pathname may contain
 .Xr glob 7
-wildcards.
+wildcards that will be expanded and processed in lexical order.
 Files without absolute paths are assumed to be in
 .Pa /etc/ssh .
 An
@@ -870,15 +879,17 @@
 for non-interactive sessions.
 .It Cm KbdInteractiveAuthentication
 Specifies whether to allow keyboard-interactive authentication.
+All authentication styles from
+.Xr login.conf 5
+are supported.
+The default is
+.Cm yes .
 The argument to this keyword must be
 .Cm yes
 or
 .Cm no .
-The default is to use whatever value
 .Cm ChallengeResponseAuthentication
-is set to
-(by default
-.Cm yes ) .
+is a deprecated alias for this.
 .It Cm KerberosAuthentication
 Specifies whether the password provided by the user for
 .Cm PasswordAuthentication
@@ -909,15 +920,15 @@
 Multiple algorithms must be comma-separated.
 Alternately if the specified list begins with a
 .Sq +
-character, then the specified methods will be appended to the default set
+character, then the specified algorithms will be appended to the default set
 instead of replacing them.
 If the specified list begins with a
 .Sq -
-character, then the specified methods (including wildcards) will be removed
+character, then the specified algorithms (including wildcards) will be removed
 from the default set instead of replacing them.
 If the specified list begins with a
 .Sq ^
-character, then the specified methods will be placed at the head of the
+character, then the specified algorithms will be placed at the head of the
 default set.
 The supported algorithms are:
 .Pp
@@ -947,7 +958,7 @@
 .It
 ecdh-sha2-nistp521
 .It
-sntrup4591761x25519-sha512@tinyssh.org
+sntrup761x25519-sha512@openssh.com
 .El
 .Pp
 The default is:
@@ -1026,6 +1037,23 @@
 DEBUG and DEBUG1 are equivalent.
 DEBUG2 and DEBUG3 each specify higher levels of debugging output.
 Logging with a DEBUG level violates the privacy of users and is not recommended.
+.It Cm LogVerbose
+Specify one or more overrides to LogLevel.
+An override consists of a pattern lists that matches the source file, function
+and line number to force detailed logging for.
+For example, an override pattern of:
+.Bd -literal -offset indent
+kex.c:*:1000,*:kex_exchange_identification():*,packet.c:*
+.Ed
+.Pp
+would enable detailed logging for line 1000 of
+.Pa kex.c ,
+everything in the
+.Fn kex_exchange_identification
+function, and all code in the
+.Pa packet.c
+file.
+This option is intended for debugging and no overrides are enabled by default.
 .It Cm MACs
 Specifies the available MAC (message authentication code) algorithms.
 The MAC algorithm is used for data integrity protection.
@@ -1167,10 +1195,11 @@
 .Cm ClientAliveInterval ,
 .Cm DenyGroups ,
 .Cm DenyUsers ,
+.Cm DisableForwarding ,
 .Cm ForceCommand ,
 .Cm GatewayPorts ,
 .Cm GSSAPIAuthentication ,
-.Cm HostbasedAcceptedKeyTypes ,
+.Cm HostbasedAcceptedAlgorithms ,
 .Cm HostbasedAuthentication ,
 .Cm HostbasedUsesNameFromPacketOnly ,
 .Cm IgnoreRhosts ,
@@ -1189,7 +1218,7 @@
 .Cm PermitTTY ,
 .Cm PermitTunnel ,
 .Cm PermitUserRC ,
-.Cm PubkeyAcceptedKeyTypes ,
+.Cm PubkeyAcceptedAlgorithms ,
 .Cm PubkeyAuthentication ,
 .Cm RekeyLimit ,
 .Cm RevokedKeys ,
@@ -1235,6 +1264,16 @@
 if there are currently start (10) unauthenticated connections.
 The probability increases linearly and all connection attempts
 are refused if the number of unauthenticated connections reaches full (60).
+.It Cm ModuliFile
+Specifies the
+.Xr moduli 5
+file that contains the Diffie-Hellman groups used for the
+.Dq diffie-hellman-group-exchange-sha1
+and
+.Dq diffie-hellman-group-exchange-sha256
+key exchange methods.
+The default is
+.Pa /etc/moduli .
 .It Cm PasswordAuthentication
 Specifies whether password authentication is allowed.
 The default is
@@ -1407,6 +1446,23 @@
 file is executed.
 The default is
 .Cm yes .
+.It Cm PerSourceMaxStartups
+Specifies the number of unauthenticated connections allowed from a
+given source address, or
+.Dq none
+if there is no limit.
+This limit is applied in addition to
+.Cm MaxStartups ,
+whichever is lower.
+The default is
+.Cm none .
+.It Cm PerSourceNetBlockSize
+Specifies the number of bits of source address that are grouped together
+for the purposes of applying PerSourceMaxStartups limits.
+Values for IPv4 and optionally IPv6 may be specified, separated by a colon.
+The default is
+.Cm 32:128 ,
+which means each address is considered individually.
 .It Cm PidFile
 Specifies the file that contains the process ID of the
 SSH daemon, or
@@ -1440,47 +1496,49 @@
 or equivalent.)
 The default is
 .Cm yes .
-.It Cm PubkeyAcceptedKeyTypes
-Specifies the key types that will be accepted for public key authentication
-as a list of comma-separated patterns.
+.It Cm PubkeyAcceptedAlgorithms
+Specifies the signature algorithms that will be accepted for public key
+authentication as a list of comma-separated patterns.
 Alternately if the specified list begins with a
 .Sq +
-character, then the specified key types will be appended to the default set
+character, then the specified algorithms will be appended to the default set
 instead of replacing them.
 If the specified list begins with a
 .Sq -
-character, then the specified key types (including wildcards) will be removed
+character, then the specified algorithms (including wildcards) will be removed
 from the default set instead of replacing them.
 If the specified list begins with a
 .Sq ^
-character, then the specified key types will be placed at the head of the
+character, then the specified algorithms will be placed at the head of the
 default set.
 The default for this option is:
 .Bd -literal -offset 3n
+ssh-ed25519-cert-v01@openssh.com,
 ecdsa-sha2-nistp256-cert-v01@openssh.com,
 ecdsa-sha2-nistp384-cert-v01@openssh.com,
 ecdsa-sha2-nistp521-cert-v01@openssh.com,
-sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
-ssh-ed25519-cert-v01@openssh.com,
 sk-ssh-ed25519-cert-v01@openssh.com,
+sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,
 rsa-sha2-256-cert-v01@openssh.com,
 ssh-rsa-cert-v01@openssh.com,
+ssh-ed25519,
 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+sk-ssh-ed25519@openssh.com,
 sk-ecdsa-sha2-nistp256@openssh.com,
-ssh-ed25519,sk-ssh-ed25519@openssh.com,
 rsa-sha2-512,rsa-sha2-256,ssh-rsa
 .Ed
 .Pp
-The list of available key types may also be obtained using
-.Qq ssh -Q PubkeyAcceptedKeyTypes .
+The list of available signature algorithms may also be obtained using
+.Qq ssh -Q PubkeyAcceptedAlgorithms .
 .It Cm PubkeyAuthOptions
 Sets one or more public key authentication options.
-Two option keywords are currently supported:
+The supported keywords are:
 .Cm none
-(the default; indicating no additional options are enabled)
+(the default; indicating no additional options are enabled),
+.Cm touch-required
 and
-.Cm touch-required .
+.Cm verify-required .
 .Pp
 The
 .Cm touch-required
@@ -1497,14 +1555,24 @@
 The
 .Cm touch-required
 flag disables this override.
-This option has no effect for other, non-authenticator public key types.
+.Pp
+The
+.Cm verify-required
+option requires a FIDO key signature attest that the user was verified,
+e.g. via a PIN.
+.Pp
+Neither the
+.Cm touch-required
+or
+.Cm verify-required
+options have any effect for other, non-FIDO, public key types.
 .It Cm PubkeyAuthentication
 Specifies whether public key authentication is allowed.
 The default is
 .Cm yes .
 .It Cm RekeyLimit
 Specifies the maximum amount of data that may be transmitted before the
-session key is renegotiated, optionally followed a maximum amount of
+session key is renegotiated, optionally followed by a maximum amount of
 time that may pass before the session key is renegotiated.
 The first argument is specified in bytes and may have a suffix of
 .Sq K ,
@@ -1542,7 +1610,7 @@
 .It Cm RDomain
 Specifies an explicit routing domain that is applied after authentication
 has completed.
-The user session, as well and any forwarded or listening IP sockets,
+The user session, as well as any forwarded or listening IP sockets,
 will be bound to this
 .Xr rdomain 4 .
 If the routing domain is set to
@@ -1688,17 +1756,17 @@
 If set to
 .Cm yes
 this will enable PAM authentication using
-.Cm ChallengeResponseAuthentication
+.Cm KbdInteractiveAuthentication
 and
 .Cm PasswordAuthentication
 in addition to PAM account and session module processing for all
 authentication types.
 .Pp
-Because PAM challenge-response authentication usually serves an equivalent
+Because PAM keyboard-interactive authentication usually serves an equivalent
 role to password authentication, you should disable either
 .Cm PasswordAuthentication
 or
-.Cm ChallengeResponseAuthentication.
+.Cm KbdInteractiveAuthentication .
 .Pp
 If
 .Cm UsePAM

sshkey-xmss.c

diff --git a/sshkey-xmss.c b/sshkey-xmss.c
index 88e9ddf..f5235ef 100644
--- a/sshkey-xmss.c
+++ b/sshkey-xmss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey-xmss.c,v 1.8 2019/11/13 07:53:10 markus Exp $ */
+/* $OpenBSD: sshkey-xmss.c,v 1.11 2021/04/03 06:18:41 djm Exp $ */
 /*
  * Copyright (c) 2017 Markus Friedl.  All rights reserved.
  *
@@ -45,6 +45,7 @@
 #include "sshkey.h"
 #include "sshkey-xmss.h"
 #include "atomicio.h"
+#include "log.h"
 
 #include "xmss_fast.h"
 
@@ -79,7 +80,7 @@
 int	 sshkey_xmss_init_enc_key(struct sshkey *, const char *);
 void	 sshkey_xmss_free_bds(struct sshkey *);
 int	 sshkey_xmss_get_state_from_file(struct sshkey *, const char *,
-	    int *, sshkey_printfn *);
+	    int *, int);
 int	 sshkey_xmss_encrypt_state(const struct sshkey *, struct sshbuf *,
 	    struct sshbuf **);
 int	 sshkey_xmss_decrypt_state(const struct sshkey *, struct sshbuf *,
@@ -87,7 +88,8 @@
 int	 sshkey_xmss_serialize_enc_key(const struct sshkey *, struct sshbuf *);
 int	 sshkey_xmss_deserialize_enc_key(struct sshkey *, struct sshbuf *);
 
-#define PRINT(s...) do { if (pr) pr(s); } while (0)
+#define PRINT(...) do { if (printerror) sshlog(__FILE__, __func__, __LINE__, \
+    0, SYSLOG_LEVEL_ERROR, NULL, __VA_ARGS__); } while (0)
 
 int
 sshkey_xmss_init(struct sshkey *key, const char *name)
@@ -392,7 +394,7 @@
 
 int
 sshkey_xmss_get_state_from_file(struct sshkey *k, const char *filename,
-    int *have_file, sshkey_printfn *pr)
+    int *have_file, int printerror)
 {
 	struct sshbuf *b = NULL, *enc = NULL;
 	int ret = SSH_ERR_SYSTEM_ERROR, r, fd = -1;
@@ -403,7 +405,7 @@
 	if ((fd = open(filename, O_RDONLY)) >= 0) {
 		*have_file = 1;
 		if (atomicio(read, fd, buf, sizeof(buf)) != sizeof(buf)) {
-			PRINT("%s: corrupt state file: %s", __func__, filename);
+			PRINT("corrupt state file: %s", filename);
 			goto done;
 		}
 		len = PEEK_U32(buf);
@@ -412,7 +414,7 @@
 			goto done;
 		}
 		if (atomicio(read, fd, data, len) != len) {
-			PRINT("%s: cannot read blob: %s", __func__, filename);
+			PRINT("cannot read blob: %s", filename);
 			goto done;
 		}
 		if ((enc = sshbuf_from(data, len)) == NULL) {
@@ -440,7 +442,7 @@
 }
 
 int
-sshkey_xmss_get_state(const struct sshkey *k, sshkey_printfn *pr)
+sshkey_xmss_get_state(const struct sshkey *k, int printerror)
 {
 	struct ssh_xmss_state *state = k->xmss_state;
 	u_int32_t idx = 0;
@@ -475,27 +477,27 @@
 	}
 	if ((lockfd = open(lockfile, O_CREAT|O_RDONLY, 0600)) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
-		PRINT("%s: cannot open/create: %s", __func__, lockfile);
+		PRINT("cannot open/create: %s", lockfile);
 		goto done;
 	}
 	while (flock(lockfd, LOCK_EX|LOCK_NB) == -1) {
 		if (errno != EWOULDBLOCK) {
 			ret = SSH_ERR_SYSTEM_ERROR;
-			PRINT("%s: cannot lock: %s", __func__, lockfile);
+			PRINT("cannot lock: %s", lockfile);
 			goto done;
 		}
 		if (++tries > 10) {
 			ret = SSH_ERR_SYSTEM_ERROR;
-			PRINT("%s: giving up on: %s", __func__, lockfile);
+			PRINT("giving up on: %s", lockfile);
 			goto done;
 		}
 		usleep(1000*100*tries);
 	}
 	/* XXX no longer const */
 	if ((r = sshkey_xmss_get_state_from_file((struct sshkey *)k,
-	    statefile, &have_state, pr)) != 0) {
+	    statefile, &have_state, printerror)) != 0) {
 		if ((r = sshkey_xmss_get_state_from_file((struct sshkey *)k,
-		    ostatefile, &have_ostate, pr)) == 0) {
+		    ostatefile, &have_ostate, printerror)) == 0) {
 			state->allow_update = 1;
 			r = sshkey_xmss_forward_state(k, 1);
 			state->idx = PEEK_U32(k->xmss_sk);
@@ -506,13 +508,13 @@
 		/* check that bds state is initialized */
 		if (state->bds.auth == NULL)
 			goto done;
-		PRINT("%s: start from scratch idx 0: %u", __func__, state->idx);
+		PRINT("start from scratch idx 0: %u", state->idx);
 	} else if (r != 0) {
 		ret = r;
 		goto done;
 	}
 	if (state->idx + 1 < state->idx) {
-		PRINT("%s: state wrap: %u", __func__, state->idx);
+		PRINT("state wrap: %u", state->idx);
 		goto done;
 	}
 	state->have_state = have_state;
@@ -563,7 +565,7 @@
 }
 
 int
-sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr)
+sshkey_xmss_update_state(const struct sshkey *k, int printerror)
 {
 	struct ssh_xmss_state *state = k->xmss_state;
 	struct sshbuf *b = NULL, *enc = NULL;
@@ -587,8 +589,8 @@
 		ret = 0;
 		goto done;
 	} else if (idx != state->idx + 1) {
-		PRINT("%s: more than one signature happened: idx %u state %u",
-		     __func__, idx, state->idx);
+		PRINT("more than one signature happened: idx %u state %u",
+		    idx, state->idx);
 		goto done;
 	}
 	state->idx = idx;
@@ -606,55 +608,54 @@
 		goto done;
 	}
 	if ((ret = sshkey_xmss_serialize_state(k, b)) != 0) {
-		PRINT("%s: SERLIALIZE FAILED: %d", __func__, ret);
+		PRINT("SERLIALIZE FAILED: %d", ret);
 		goto done;
 	}
 	if ((ret = sshkey_xmss_encrypt_state(k, b, &enc)) != 0) {
-		PRINT("%s: ENCRYPT FAILED: %d", __func__, ret);
+		PRINT("ENCRYPT FAILED: %d", ret);
 		goto done;
 	}
 	if ((fd = open(nstatefile, O_CREAT|O_WRONLY|O_EXCL, 0600)) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
-		PRINT("%s: open new state file: %s", __func__, nstatefile);
+		PRINT("open new state file: %s", nstatefile);
 		goto done;
 	}
 	POKE_U32(buf, sshbuf_len(enc));
 	if (atomicio(vwrite, fd, buf, sizeof(buf)) != sizeof(buf)) {
 		ret = SSH_ERR_SYSTEM_ERROR;
-		PRINT("%s: write new state file hdr: %s", __func__, nstatefile);
+		PRINT("write new state file hdr: %s", nstatefile);
 		close(fd);
 		goto done;
 	}
 	if (atomicio(vwrite, fd, sshbuf_mutable_ptr(enc), sshbuf_len(enc)) !=
 	    sshbuf_len(enc)) {
 		ret = SSH_ERR_SYSTEM_ERROR;
-		PRINT("%s: write new state file data: %s", __func__, nstatefile);
+		PRINT("write new state file data: %s", nstatefile);
 		close(fd);
 		goto done;
 	}
 	if (fsync(fd) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
-		PRINT("%s: sync new state file: %s", __func__, nstatefile);
+		PRINT("sync new state file: %s", nstatefile);
 		close(fd);
 		goto done;
 	}
 	if (close(fd) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
-		PRINT("%s: close new state file: %s", __func__, nstatefile);
+		PRINT("close new state file: %s", nstatefile);
 		goto done;
 	}
 	if (state->have_state) {
 		unlink(ostatefile);
 		if (link(statefile, ostatefile)) {
 			ret = SSH_ERR_SYSTEM_ERROR;
-			PRINT("%s: backup state %s to %s", __func__, statefile,
-			    ostatefile);
+			PRINT("backup state %s to %s", statefile, ostatefile);
 			goto done;
 		}
 	}
 	if (rename(nstatefile, statefile) == -1) {
 		ret = SSH_ERR_SYSTEM_ERROR;
-		PRINT("%s: rename %s to %s", __func__, nstatefile, statefile);
+		PRINT("rename %s to %s", nstatefile, statefile);
 		goto done;
 	}
 	ret = 0;

sshkey-xmss.h

diff --git a/sshkey-xmss.h b/sshkey-xmss.h
index b9f8ead..32a12be 100644
--- a/sshkey-xmss.h
+++ b/sshkey-xmss.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey-xmss.h,v 1.1 2018/02/23 15:58:38 markus Exp $ */
+/* $OpenBSD: sshkey-xmss.h,v 1.3 2021/04/03 06:18:41 djm Exp $ */
 /*
  * Copyright (c) 2017 Markus Friedl.  All rights reserved.
  *
@@ -25,10 +25,10 @@
 #ifndef SSHKEY_XMSS_H
 #define SSHKEY_XMSS_H
 
-#define XMSS_SHA2_256_W16_H10_NAME "XMSS_SHA2-256_W16_H10"
-#define XMSS_SHA2_256_W16_H16_NAME "XMSS_SHA2-256_W16_H16"
-#define XMSS_SHA2_256_W16_H20_NAME "XMSS_SHA2-256_W16_H20"
-#define XMSS_DEFAULT_NAME	   XMSS_SHA2_256_W16_H10_NAME
+#define XMSS_SHA2_256_W16_H10_NAME	"XMSS_SHA2-256_W16_H10"
+#define XMSS_SHA2_256_W16_H16_NAME	"XMSS_SHA2-256_W16_H16"
+#define XMSS_SHA2_256_W16_H20_NAME	"XMSS_SHA2-256_W16_H20"
+#define XMSS_DEFAULT_NAME		XMSS_SHA2_256_W16_H10_NAME
 
 size_t	 sshkey_xmss_pklen(const struct sshkey *);
 size_t	 sshkey_xmss_sklen(const struct sshkey *);
@@ -37,7 +37,7 @@
 int	 sshkey_xmss_generate_private_key(struct sshkey *, u_int);
 int	 sshkey_xmss_serialize_state(const struct sshkey *, struct sshbuf *);
 int	 sshkey_xmss_serialize_state_opt(const struct sshkey *, struct sshbuf *,
-            enum sshkey_serialize_rep);
+	    enum sshkey_serialize_rep);
 int	 sshkey_xmss_serialize_pk_info(const struct sshkey *, struct sshbuf *,
 	    enum sshkey_serialize_rep);
 int	 sshkey_xmss_deserialize_state(struct sshkey *, struct sshbuf *);
@@ -47,10 +47,10 @@
 int	 sshkey_xmss_siglen(const struct sshkey *, size_t *);
 void	*sshkey_xmss_params(const struct sshkey *);
 void	*sshkey_xmss_bds_state(const struct sshkey *);
-int	 sshkey_xmss_get_state(const struct sshkey *, sshkey_printfn *);
+int	 sshkey_xmss_get_state(const struct sshkey *, int);
 int	 sshkey_xmss_enable_maxsign(struct sshkey *, u_int32_t);
 int	 sshkey_xmss_forward_state(const struct sshkey *, u_int32_t);
-int	 sshkey_xmss_update_state(const struct sshkey *, sshkey_printfn *);
+int	 sshkey_xmss_update_state(const struct sshkey *, int);
 u_int32_t sshkey_xmss_signatures_left(const struct sshkey *);
 
 #endif /* SSHKEY_XMSS_H */

sshkey.c

diff --git a/sshkey.c b/sshkey.c
index e7b464d..4e356dc 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.108 2020/04/11 10:16:11 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.119 2021/07/23 03:37:52 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -132,6 +132,8 @@
 #  endif /* OPENSSL_HAS_NISTP521 */
 	{ "sk-ecdsa-sha2-nistp256@openssh.com", "ECDSA-SK", NULL,
 	    KEY_ECDSA_SK, NID_X9_62_prime256v1, 0, 0 },
+	{ "webauthn-sk-ecdsa-sha2-nistp256@openssh.com", "ECDSA-SK", NULL,
+	    KEY_ECDSA_SK, NID_X9_62_prime256v1, 0, 1 },
 # endif /* OPENSSL_HAS_ECC */
 	{ "ssh-rsa-cert-v01@openssh.com", "RSA-CERT", NULL,
 	    KEY_RSA_CERT, 0, 1, 0 },
@@ -148,7 +150,7 @@
 	    KEY_ECDSA_CERT, NID_secp384r1, 1, 0 },
 #  ifdef OPENSSL_HAS_NISTP521
 	{ "ecdsa-sha2-nistp521-cert-v01@openssh.com", "ECDSA-CERT", NULL,
-	   KEY_ECDSA_CERT, NID_secp521r1, 1, 0 },
+	    KEY_ECDSA_CERT, NID_secp521r1, 1, 0 },
 #  endif /* OPENSSL_HAS_NISTP521 */
 	{ "sk-ecdsa-sha2-nistp256-cert-v01@openssh.com", "ECDSA-SK-CERT", NULL,
 	    KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 },
@@ -2033,7 +2035,7 @@
 	if (sshkey_is_shielded(k) && (r = sshkey_unshield_private(k)) != 0)
 		goto out;
 	if ((r = sshkey_private_serialize_opt(k, prvbuf,
-	     SSHKEY_SERIALIZE_SHIELD)) != 0)
+	    SSHKEY_SERIALIZE_SHIELD)) != 0)
 		goto out;
 	/* pad to cipher blocksize */
 	i = 0;
@@ -2725,7 +2727,7 @@
 sshkey_sign(struct sshkey *key,
     u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen,
-    const char *alg, const char *sk_provider, u_int compat)
+    const char *alg, const char *sk_provider, const char *sk_pin, u_int compat)
 {
 	int was_shielded = sshkey_is_shielded(key);
 	int r2, r = SSH_ERR_INTERNAL_ERROR;
@@ -2764,7 +2766,7 @@
 	case KEY_ECDSA_SK_CERT:
 	case KEY_ECDSA_SK:
 		r = sshsk_sign(sk_provider, key, sigp, lenp, data,
-		    datalen, compat, /* XXX PIN */ NULL);
+		    datalen, compat, sk_pin);
 		break;
 #ifdef WITH_XMSS
 	case KEY_XMSS:
@@ -2886,7 +2888,8 @@
 /* Sign a certified key, (re-)generating the signed certblob. */
 int
 sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
-    const char *sk_provider, sshkey_certify_signer *signer, void *signer_ctx)
+    const char *sk_provider, const char *sk_pin,
+    sshkey_certify_signer *signer, void *signer_ctx)
 {
 	struct sshbuf *principals = NULL;
 	u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32];
@@ -3024,7 +3027,7 @@
 
 	/* Sign the whole mess */
 	if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
-	    sshbuf_len(cert), alg, sk_provider, 0, signer_ctx)) != 0)
+	    sshbuf_len(cert), alg, sk_provider, sk_pin, 0, signer_ctx)) != 0)
 		goto out;
 	/* Check and update signature_type against what was actually used */
 	if ((ret = sshkey_get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
@@ -3054,33 +3057,36 @@
 static int
 default_key_sign(struct sshkey *key, u_char **sigp, size_t *lenp,
     const u_char *data, size_t datalen,
-    const char *alg, const char *sk_provider, u_int compat, void *ctx)
+    const char *alg, const char *sk_provider, const char *sk_pin,
+    u_int compat, void *ctx)
 {
 	if (ctx != NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
 	return sshkey_sign(key, sigp, lenp, data, datalen, alg,
-	    sk_provider, compat);
+	    sk_provider, sk_pin, compat);
 }
 
 int
 sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg,
-    const char *sk_provider)
+    const char *sk_provider, const char *sk_pin)
 {
-	return sshkey_certify_custom(k, ca, alg, sk_provider,
+	return sshkey_certify_custom(k, ca, alg, sk_provider, sk_pin,
 	    default_key_sign, NULL);
 }
 
 int
 sshkey_cert_check_authority(const struct sshkey *k,
-    int want_host, int require_principal,
-    const char *name, const char **reason)
+    int want_host, int require_principal, int wildcard_pattern,
+    uint64_t verify_time, const char *name, const char **reason)
 {
 	u_int i, principal_matches;
-	time_t now = time(NULL);
 
 	if (reason == NULL)
 		return SSH_ERR_INVALID_ARGUMENT;
-
+	if (!sshkey_is_cert(k)) {
+		*reason = "Key is not a certificate";
+		return SSH_ERR_KEY_CERT_INVALID;
+	}
 	if (want_host) {
 		if (k->cert->type != SSH2_CERT_TYPE_HOST) {
 			*reason = "Certificate invalid: not a host certificate";
@@ -3092,16 +3098,11 @@
 			return SSH_ERR_KEY_CERT_INVALID;
 		}
 	}
-	if (now < 0) {
-		/* yikes - system clock before epoch! */
+	if (verify_time < k->cert->valid_after) {
 		*reason = "Certificate invalid: not yet valid";
 		return SSH_ERR_KEY_CERT_INVALID;
 	}
-	if ((u_int64_t)now < k->cert->valid_after) {
-		*reason = "Certificate invalid: not yet valid";
-		return SSH_ERR_KEY_CERT_INVALID;
-	}
-	if ((u_int64_t)now >= k->cert->valid_before) {
+	if (verify_time >= k->cert->valid_before) {
 		*reason = "Certificate invalid: expired";
 		return SSH_ERR_KEY_CERT_INVALID;
 	}
@@ -3113,7 +3114,13 @@
 	} else if (name != NULL) {
 		principal_matches = 0;
 		for (i = 0; i < k->cert->nprincipals; i++) {
-			if (strcmp(name, k->cert->principals[i]) == 0) {
+			if (wildcard_pattern) {
+				if (match_pattern(k->cert->principals[i],
+				    name)) {
+					principal_matches = 1;
+					break;
+				}
+			} else if (strcmp(name, k->cert->principals[i]) == 0) {
 				principal_matches = 1;
 				break;
 			}
@@ -3127,32 +3134,58 @@
 	return 0;
 }
 
+int
+sshkey_cert_check_authority_now(const struct sshkey *k,
+    int want_host, int require_principal, int wildcard_pattern,
+    const char *name, const char **reason)
+{
+	time_t now;
+
+	if ((now = time(NULL)) < 0) {
+		/* yikes - system clock before epoch! */
+		*reason = "Certificate invalid: not yet valid";
+		return SSH_ERR_KEY_CERT_INVALID;
+	}
+	return sshkey_cert_check_authority(k, want_host, require_principal,
+	    wildcard_pattern, (uint64_t)now, name, reason);
+}
+
+int
+sshkey_cert_check_host(const struct sshkey *key, const char *host,
+    int wildcard_principals, const char *ca_sign_algorithms,
+    const char **reason)
+{
+	int r;
+
+	if ((r = sshkey_cert_check_authority_now(key, 1, 0, wildcard_principals,
+	    host, reason)) != 0)
+		return r;
+	if (sshbuf_len(key->cert->critical) != 0) {
+		*reason = "Certificate contains unsupported critical options";
+		return SSH_ERR_KEY_CERT_INVALID;
+	}
+	if (ca_sign_algorithms != NULL &&
+	    (r = sshkey_check_cert_sigtype(key, ca_sign_algorithms)) != 0) {
+		*reason = "Certificate signed with disallowed algorithm";
+		return SSH_ERR_KEY_CERT_INVALID;
+	}
+	return 0;
+}
+
 size_t
 sshkey_format_cert_validity(const struct sshkey_cert *cert, char *s, size_t l)
 {
-	char from[32], to[32], ret[64];
-	time_t tt;
-	struct tm *tm;
+	char from[32], to[32], ret[128];
 
 	*from = *to = '\0';
 	if (cert->valid_after == 0 &&
 	    cert->valid_before == 0xffffffffffffffffULL)
 		return strlcpy(s, "forever", l);
 
-	if (cert->valid_after != 0) {
-		/* XXX revisit INT_MAX in 2038 :) */
-		tt = cert->valid_after > INT_MAX ?
-		    INT_MAX : cert->valid_after;
-		tm = localtime(&tt);
-		strftime(from, sizeof(from), "%Y-%m-%dT%H:%M:%S", tm);
-	}
-	if (cert->valid_before != 0xffffffffffffffffULL) {
-		/* XXX revisit INT_MAX in 2038 :) */
-		tt = cert->valid_before > INT_MAX ?
-		    INT_MAX : cert->valid_before;
-		tm = localtime(&tt);
-		strftime(to, sizeof(to), "%Y-%m-%dT%H:%M:%S", tm);
-	}
+	if (cert->valid_after != 0)
+		format_absolute_time(cert->valid_after, from, sizeof(from));
+	if (cert->valid_before != 0xffffffffffffffffULL)
+		format_absolute_time(cert->valid_before, to, sizeof(to));
 
 	if (cert->valid_after == 0)
 		snprintf(ret, sizeof(ret), "before %s", to);
@@ -3376,10 +3409,12 @@
 sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
 {
 	char *tname = NULL, *curve = NULL, *xmss_name = NULL;
+	char *expect_sk_application = NULL;
 	struct sshkey *k = NULL;
 	size_t pklen = 0, sklen = 0;
 	int type, r = SSH_ERR_INTERNAL_ERROR;
 	u_char *ed25519_pk = NULL, *ed25519_sk = NULL;
+	u_char *expect_ed25519_pk = NULL;
 	u_char *xmss_pk = NULL, *xmss_sk = NULL;
 #ifdef WITH_OPENSSL
 	BIGNUM *exponent = NULL;
@@ -3412,6 +3447,14 @@
 			r = SSH_ERR_KEY_CERT_MISMATCH;
 			goto out;
 		}
+		/*
+		 * Several fields are redundant between certificate and
+		 * private key body, we require these to match.
+		 */
+		expect_sk_application = k->sk_application;
+		expect_ed25519_pk = k->ed25519_pk;
+		k->sk_application = NULL;
+		k->ed25519_pk = NULL;
 	} else {
 		if ((k = sshkey_new(type)) == NULL) {
 			r = SSH_ERR_ALLOC_FAIL;
@@ -3598,10 +3641,12 @@
 	case KEY_XMSS:
 	case KEY_XMSS_CERT:
 		if ((r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 ||
-		    (r = sshkey_xmss_init(k, xmss_name)) != 0 ||
 		    (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 ||
 		    (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0)
 			goto out;
+		if (type == KEY_XMSS &&
+		    (r = sshkey_xmss_init(k, xmss_name)) != 0)
+			goto out;
 		if (pklen != sshkey_xmss_pklen(k) ||
 		    sklen != sshkey_xmss_sklen(k)) {
 			r = SSH_ERR_INVALID_FORMAT;
@@ -3631,6 +3676,13 @@
 		break;
 	}
 #endif /* WITH_OPENSSL */
+	if ((expect_sk_application != NULL && (k->sk_application == NULL ||
+	    strcmp(expect_sk_application, k->sk_application) != 0)) ||
+	    (expect_ed25519_pk != NULL && (k->ed25519_pk == NULL ||
+	    memcmp(expect_ed25519_pk, k->ed25519_pk, ED25519_PK_SZ) != 0))) {
+		r = SSH_ERR_KEY_CERT_MISMATCH;
+		goto out;
+	}
 	/* success */
 	r = 0;
 	if (kp != NULL) {
@@ -3660,6 +3712,8 @@
 	free(xmss_name);
 	freezero(xmss_pk, pklen);
 	freezero(xmss_sk, sklen);
+	free(expect_sk_application);
+	free(expect_ed25519_pk);
 	return r;
 }
 
@@ -3903,7 +3957,7 @@
 
 	/* append private key and comment*/
 	if ((r = sshkey_private_serialize_opt(prv, encrypted,
-	     SSHKEY_SERIALIZE_FULL)) != 0 ||
+	    SSHKEY_SERIALIZE_FULL)) != 0 ||
 	    (r = sshbuf_put_cstring(encrypted, comment)) != 0)
 		goto out;
 
@@ -4329,14 +4383,14 @@
 		return SSH_ERR_PASSPHRASE_TOO_SHORT;
 	if ((blob = sshbuf_new()) == NULL)
 		return SSH_ERR_ALLOC_FAIL;
- 	if ((bio = BIO_new(BIO_s_mem())) == NULL) {
+	if ((bio = BIO_new(BIO_s_mem())) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 	if (format == SSHKEY_PRIVATE_PKCS8 && (pkey = EVP_PKEY_new()) == NULL) {
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
- 	}
+	}
 	if ((r = sshkey_unshield_private(key)) != 0)
 		goto out;
 
@@ -4546,12 +4600,12 @@
 	clear_libcrypto_errors();
 	if ((pk = PEM_read_bio_PrivateKey(bio, NULL, pem_passphrase_cb,
 	    (char *)passphrase)) == NULL) {
-	       /*
-		* libcrypto may return various ASN.1 errors when attempting
-		* to parse a key with an incorrect passphrase.
-		* Treat all format errors as "incorrect passphrase" if a
-		* passphrase was supplied.
-		*/
+		/*
+		 * libcrypto may return various ASN.1 errors when attempting
+		 * to parse a key with an incorrect passphrase.
+		 * Treat all format errors as "incorrect passphrase" if a
+		 * passphrase was supplied.
+		 */
 		if (passphrase != NULL && *passphrase != '\0')
 			r = SSH_ERR_KEY_WRONG_PASSPHRASE;
 		else
@@ -4698,7 +4752,7 @@
  */
 int
 sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b,
-    u_int32_t maxsign, sshkey_printfn *pr)
+    u_int32_t maxsign, int printerror)
 {
 	int r, rupdate;
 
@@ -4706,14 +4760,14 @@
 	    sshkey_type_plain(k->type) != KEY_XMSS)
 		return sshkey_private_serialize_opt(k, b,
 		    SSHKEY_SERIALIZE_DEFAULT);
-	if ((r = sshkey_xmss_get_state(k, pr)) != 0 ||
+	if ((r = sshkey_xmss_get_state(k, printerror)) != 0 ||
 	    (r = sshkey_private_serialize_opt(k, b,
 	    SSHKEY_SERIALIZE_STATE)) != 0 ||
 	    (r = sshkey_xmss_forward_state(k, maxsign)) != 0)
 		goto out;
 	r = 0;
 out:
-	if ((rupdate = sshkey_xmss_update_state(k, pr)) != 0) {
+	if ((rupdate = sshkey_xmss_update_state(k, printerror)) != 0) {
 		if (r == 0)
 			r = rupdate;
 	}
@@ -4752,7 +4806,7 @@
 #else
 int
 sshkey_private_serialize_maxsign(struct sshkey *k, struct sshbuf *b,
-    u_int32_t maxsign, sshkey_printfn *pr)
+    u_int32_t maxsign, int printerror)
 {
 	return sshkey_private_serialize_opt(k, b, SSHKEY_SERIALIZE_DEFAULT);
 }

sshkey.h

diff --git a/sshkey.h b/sshkey.h
index 9c1d4f6..6edc6c5 100644
--- a/sshkey.h
+++ b/sshkey.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.h,v 1.45 2020/04/08 00:08:46 djm Exp $ */
+/* $OpenBSD: sshkey.h,v 1.50 2021/07/23 03:37:52 djm Exp $ */
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -39,6 +39,7 @@
 #  define EC_GROUP	void
 #  define EC_POINT	void
 # endif /* OPENSSL_HAS_ECC */
+#define SSH_OPENSSL_VERSION OpenSSL_version(OPENSSL_VERSION)
 #else /* WITH_OPENSSL */
 # define BIGNUM		void
 # define RSA		void
@@ -46,6 +47,7 @@
 # define EC_KEY		void
 # define EC_GROUP	void
 # define EC_POINT	void
+#define SSH_OPENSSL_VERSION "without OpenSSL"
 #endif /* WITH_OPENSSL */
 
 #define SSH_RSA_MINIMUM_MODULUS_SIZE	1024
@@ -193,19 +195,24 @@
 int	 sshkey_to_certified(struct sshkey *);
 int	 sshkey_drop_cert(struct sshkey *);
 int	 sshkey_cert_copy(const struct sshkey *, struct sshkey *);
-int	 sshkey_cert_check_authority(const struct sshkey *, int, int,
+int	 sshkey_cert_check_authority(const struct sshkey *, int, int, int,
+    uint64_t, const char *, const char **);
+int	 sshkey_cert_check_authority_now(const struct sshkey *, int, int, int,
     const char *, const char **);
+int	 sshkey_cert_check_host(const struct sshkey *, const char *,
+    int , const char *, const char **);
 size_t	 sshkey_format_cert_validity(const struct sshkey_cert *,
     char *, size_t) __attribute__((__bounded__(__string__, 2, 3)));
 int	 sshkey_check_cert_sigtype(const struct sshkey *, const char *);
 
 int	 sshkey_certify(struct sshkey *, struct sshkey *,
-    const char *, const char *);
+    const char *, const char *, const char *);
 /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */
 typedef int sshkey_certify_signer(struct sshkey *, u_char **, size_t *,
-    const u_char *, size_t, const char *, const char *, u_int, void *);
+    const u_char *, size_t, const char *, const char *, const char *,
+    u_int, void *);
 int	 sshkey_certify_custom(struct sshkey *, struct sshkey *, const char *,
-    const char *, sshkey_certify_signer *, void *);
+    const char *, const char *, sshkey_certify_signer *, void *);
 
 int		 sshkey_ecdsa_nid_from_name(const char *);
 int		 sshkey_curve_name_to_nid(const char *);
@@ -234,7 +241,7 @@
 int	 sshkey_putb_plain(const struct sshkey *, struct sshbuf *);
 
 int	 sshkey_sign(struct sshkey *, u_char **, size_t *,
-    const u_char *, size_t, const char *, const char *, u_int);
+    const u_char *, size_t, const char *, const char *, const char *, u_int);
 int	 sshkey_verify(const struct sshkey *, const u_char *, size_t,
     const u_char *, size_t, const char *, u_int, struct sshkey_sig_details **);
 int	 sshkey_check_sigtype(const u_char *, size_t, const char *);
@@ -266,17 +273,12 @@
 int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *);
 
 /* stateful keys (e.g. XMSS) */
-#ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS
-typedef void sshkey_printfn(const char *, ...);
-#else
-typedef void sshkey_printfn(const char *, ...) __attribute__((format(printf, 1, 2)));
-#endif
 int	 sshkey_set_filename(struct sshkey *, const char *);
 int	 sshkey_enable_maxsign(struct sshkey *, u_int32_t);
 u_int32_t sshkey_signatures_left(const struct sshkey *);
-int	 sshkey_forward_state(const struct sshkey *, u_int32_t, sshkey_printfn *);
-int	 sshkey_private_serialize_maxsign(struct sshkey *key, struct sshbuf *buf,
-    u_int32_t maxsign, sshkey_printfn *pr);
+int	 sshkey_forward_state(const struct sshkey *, u_int32_t, int);
+int	 sshkey_private_serialize_maxsign(struct sshkey *key,
+    struct sshbuf *buf, u_int32_t maxsign, int);
 
 void	 sshkey_sig_details_free(struct sshkey_sig_details *);
 

sshlogin.c

diff --git a/sshlogin.c b/sshlogin.c
index 08d2600..82dd848 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshlogin.c,v 1.34 2019/06/28 13:35:04 deraadt Exp $ */
+/* $OpenBSD: sshlogin.c,v 1.35 2020/10/18 11:32:02 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -122,7 +122,7 @@
 			r = sshbuf_putf(loginmsg, "Last login: %s from %s\r\n",
 			    time_string, hostname);
 		if (r != 0)
-			fatal("%s: buffer error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "sshbuf_putf");
 	}
 # endif /* CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG */
 #endif /* NO_SSH_LASTLOG */

sshpty.c

diff --git a/sshpty.c b/sshpty.c
index bce09e2..cae0b97 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -27,6 +27,7 @@
 #endif
 #include <pwd.h>
 #include <stdarg.h>
+#include <stdio.h>
 #include <string.h>
 #include <termios.h>
 #ifdef HAVE_UTIL_H

sshsig.c

diff --git a/sshsig.c b/sshsig.c
index 15f9cea..d0d401a 100644
--- a/sshsig.c
+++ b/sshsig.c
@@ -1,3 +1,4 @@
+/* $OpenBSD: sshsig.c,v 1.21 2021/07/23 04:00:59 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -53,27 +54,26 @@
 	*out = NULL;
 
 	if ((buf = sshbuf_new()) == NULL) {
-		error("%s: sshbuf_new failed", __func__);
+		error_f("sshbuf_new failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
 
 	if ((r = sshbuf_put(buf, BEGIN_SIGNATURE,
 	    sizeof(BEGIN_SIGNATURE)-1)) != 0) {
-		error("%s: sshbuf_putf failed: %s", __func__, ssh_err(r));
+		error_fr(r, "sshbuf_putf");
 		goto out;
 	}
 
 	if ((r = sshbuf_dtob64(blob, buf, 1)) != 0) {
-		error("%s: Couldn't base64 encode signature blob: %s",
-		    __func__, ssh_err(r));
+		error_fr(r, "base64 encode signature");
 		goto out;
 	}
 
 	if ((r = sshbuf_put(buf, END_SIGNATURE,
 	    sizeof(END_SIGNATURE)-1)) != 0 ||
 	    (r = sshbuf_put_u8(buf, '\n')) != 0) {
-		error("%s: sshbuf_put failed: %s", __func__, ssh_err(r));
+		error_fr(r, "sshbuf_put");
 		goto out;
 	}
 	/* success */
@@ -95,7 +95,7 @@
 	char *b64 = NULL;
 
 	if ((sbuf = sshbuf_fromb(sig)) == NULL) {
-		error("%s: sshbuf_fromb failed", __func__);
+		error_f("sshbuf_fromb failed");
 		return SSH_ERR_ALLOC_FAIL;
 	}
 
@@ -106,7 +106,7 @@
 	}
 
 	if ((r = sshbuf_consume(sbuf, sizeof(BEGIN_SIGNATURE)-1)) != 0) {
-		error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r));
+		error_fr(r, "consume");
 		goto done;
 	}
 
@@ -117,24 +117,24 @@
 	}
 
 	if ((r = sshbuf_consume_end(sbuf, sshbuf_len(sbuf)-eoffset)) != 0) {
-		error("%s: sshbuf_consume failed: %s", __func__, ssh_err(r));
+		error_fr(r, "consume");
 		goto done;
 	}
 
 	if ((b64 = sshbuf_dup_string(sbuf)) == NULL) {
-		error("%s: sshbuf_dup_string failed", __func__);
+		error_f("sshbuf_dup_string failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto done;
 	}
 
 	if ((buf = sshbuf_new()) == NULL) {
-		error("%s: sshbuf_new() failed", __func__);
+		error_f("sshbuf_new() failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto done;
 	}
 
 	if ((r = sshbuf_b64tod(buf, b64)) != 0) {
-		error("Couldn't decode signature: %s", ssh_err(r));
+		error_fr(r, "decode base64");
 		goto done;
 	}
 
@@ -151,7 +151,7 @@
 
 static int
 sshsig_wrap_sign(struct sshkey *key, const char *hashalg,
-    const char *sk_provider, const struct sshbuf *h_message,
+    const char *sk_provider, const char *sk_pin, const struct sshbuf *h_message,
     const char *sig_namespace, struct sshbuf **out,
     sshsig_signer *signer, void *signer_ctx)
 {
@@ -164,7 +164,7 @@
 
 	if ((tosign = sshbuf_new()) == NULL ||
 	    (blob = sshbuf_new()) == NULL) {
-		error("%s: sshbuf_new failed", __func__);
+		error_f("sshbuf_new failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto done;
 	}
@@ -174,7 +174,7 @@
 	    (r = sshbuf_put_string(tosign, NULL, 0)) != 0 || /* reserved */
 	    (r = sshbuf_put_cstring(tosign, hashalg)) != 0 ||
 	    (r = sshbuf_put_stringb(tosign, h_message)) != 0) {
-		error("Couldn't construct message to sign: %s", ssh_err(r));
+		error_fr(r, "assemble message to sign");
 		goto done;
 	}
 
@@ -185,15 +185,15 @@
 	if (signer != NULL) {
 		if ((r = signer(key, &sig, &slen,
 		    sshbuf_ptr(tosign), sshbuf_len(tosign),
-		    sign_alg, sk_provider, 0, signer_ctx)) != 0) {
-			error("Couldn't sign message: %s", ssh_err(r));
+		    sign_alg, sk_provider, sk_pin, 0, signer_ctx)) != 0) {
+			error_r(r, "Couldn't sign message (signer)");
 			goto done;
 		}
 	} else {
 		if ((r = sshkey_sign(key, &sig, &slen,
 		    sshbuf_ptr(tosign), sshbuf_len(tosign),
-		    sign_alg, sk_provider, 0)) != 0) {
-			error("Couldn't sign message: %s", ssh_err(r));
+		    sign_alg, sk_provider, sk_pin, 0)) != 0) {
+			error_r(r, "Couldn't sign message");
 			goto done;
 		}
 	}
@@ -205,7 +205,7 @@
 	    (r = sshbuf_put_string(blob, NULL, 0)) != 0 || /* reserved */
 	    (r = sshbuf_put_cstring(blob, hashalg)) != 0 ||
 	    (r = sshbuf_put_string(blob, sig, slen)) != 0) {
-		error("Couldn't populate blob: %s", ssh_err(r));
+		error_fr(r, "assemble signature object");
 		goto done;
 	}
 
@@ -249,7 +249,7 @@
 	if (hashalg == NULL ||
 	    match_pattern_list(hashalg, HASHALG_ALLOWED, 0) == 1)
 		return 0;
-	error("%s: unsupported hash algorithm \"%.100s\"", __func__, hashalg);
+	error_f("unsupported hash algorithm \"%.100s\"", hashalg);
 	return SSH_ERR_SIGN_ALG_UNSUPPORTED;
 }
 
@@ -271,7 +271,7 @@
 	    (r = sshbuf_get_string(buf, NULL, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(buf, &hashalg, NULL)) != 0 ||
 	    (r = sshbuf_get_string_direct(buf, NULL, NULL)) != 0) {
-		error("Couldn't parse signature blob: %s", ssh_err(r));
+		error_fr(r, "parse signature object");
 		goto done;
 	}
 
@@ -297,14 +297,14 @@
 	char *got_namespace = NULL, *sigtype = NULL, *sig_hashalg = NULL;
 	size_t siglen;
 
-	debug("%s: verify message length %zu", __func__, sshbuf_len(h_message));
+	debug_f("verify message length %zu", sshbuf_len(h_message));
 	if (sig_details != NULL)
 		*sig_details = NULL;
 	if (sign_keyp != NULL)
 		*sign_keyp = NULL;
 
 	if ((toverify = sshbuf_new()) == NULL) {
-		error("%s: sshbuf_new failed", __func__);
+		error_f("sshbuf_new failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto done;
 	}
@@ -314,7 +314,7 @@
 	    (r = sshbuf_put_string(toverify, NULL, 0)) != 0 || /* reserved */
 	    (r = sshbuf_put_cstring(toverify, hashalg)) != 0 ||
 	    (r = sshbuf_put_stringb(toverify, h_message)) != 0) {
-		error("Couldn't construct message to verify: %s", ssh_err(r));
+		error_fr(r, "assemble message to verify");
 		goto done;
 	}
 
@@ -326,7 +326,7 @@
 	    (r = sshbuf_get_string(signature, NULL, NULL)) != 0 ||
 	    (r = sshbuf_get_cstring(signature, &sig_hashalg, NULL)) != 0 ||
 	    (r = sshbuf_get_string_direct(signature, &sig, &siglen)) != 0) {
-		error("Couldn't parse signature blob: %s", ssh_err(r));
+		error_fr(r, "parse signature object");
 		goto done;
 	}
 
@@ -338,23 +338,23 @@
 
 	if (strcmp(expect_namespace, got_namespace) != 0) {
 		error("Couldn't verify signature: namespace does not match");
-		debug("%s: expected namespace \"%s\" received \"%s\"",
-		    __func__, expect_namespace, got_namespace);
+		debug_f("expected namespace \"%s\" received \"%s\"",
+		    expect_namespace, got_namespace);
 		r = SSH_ERR_SIGNATURE_INVALID;
 		goto done;
 	}
 	if (strcmp(hashalg, sig_hashalg) != 0) {
 		error("Couldn't verify signature: hash algorithm mismatch");
-		debug("%s: expected algorithm \"%s\" received \"%s\"",
-		    __func__, hashalg, sig_hashalg);
+		debug_f("expected algorithm \"%s\" received \"%s\"",
+		    hashalg, sig_hashalg);
 		r = SSH_ERR_SIGNATURE_INVALID;
 		goto done;
 	}
 	/* Ensure that RSA keys use an acceptable signature algorithm */
 	if (sshkey_type_plain(key->type) == KEY_RSA) {
 		if ((r = sshkey_get_sigtype(sig, siglen, &sigtype)) != 0) {
-			error("Couldn't verify signature: unable to get "
-			    "signature type: %s", ssh_err(r));
+			error_r(r, "Couldn't verify signature: unable to get "
+			    "signature type");
 			goto done;
 		}
 		if (match_pattern_list(sigtype, RSA_SIGN_ALLOWED, 0) != 1) {
@@ -366,7 +366,7 @@
 	}
 	if ((r = sshkey_verify(key, sig, siglen, sshbuf_ptr(toverify),
 	    sshbuf_len(toverify), NULL, 0, sig_details)) != 0) {
-		error("Signature verification failed: %s", ssh_err(r));
+		error_r(r, "Signature verification failed");
 		goto done;
 	}
 
@@ -399,16 +399,15 @@
 	if ((r = sshsig_check_hashalg(hashalg)) != 0)
 		return r;
 	if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) {
-		error("%s: can't look up hash algorithm %s",
-		    __func__, hashalg);
+		error_f("can't look up hash algorithm %s", hashalg);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	if ((r = ssh_digest_buffer(alg, m, hash, sizeof(hash))) != 0) {
-		error("%s: ssh_digest_buffer failed: %s", __func__, ssh_err(r));
+		error_fr(r, "ssh_digest_buffer");
 		return r;
 	}
 	if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) {
-		debug3("%s: final hash: %s", __func__, hex);
+		debug3_f("final hash: %s", hex);
 		freezero(hex, strlen(hex));
 	}
 	if ((b = sshbuf_new()) == NULL) {
@@ -416,7 +415,7 @@
 		goto out;
 	}
 	if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) {
-		error("%s: sshbuf_put: %s", __func__, ssh_err(r));
+		error_fr(r, "sshbuf_put");
 		goto out;
 	}
 	*bp = b;
@@ -430,7 +429,8 @@
 }
 
 int
-sshsig_signb(struct sshkey *key, const char *hashalg, const char *sk_provider,
+sshsig_signb(struct sshkey *key, const char *hashalg,
+    const char *sk_provider, const char *sk_pin,
     const struct sshbuf *message, const char *sig_namespace,
     struct sshbuf **out, sshsig_signer *signer, void *signer_ctx)
 {
@@ -442,10 +442,10 @@
 	if (out != NULL)
 		*out = NULL;
 	if ((r = hash_buffer(message, hashalg, &b)) != 0) {
-		error("%s: hash_buffer failed: %s", __func__, ssh_err(r));
+		error_fr(r, "hash buffer");
 		goto out;
 	}
-	if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b,
+	if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b,
 	    sig_namespace, out, signer, signer_ctx)) != 0)
 		goto out;
 	/* success */
@@ -470,9 +470,9 @@
 		*sign_keyp = NULL;
 	if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
 		return r;
-	debug("%s: signature made with hash \"%s\"", __func__, hashalg);
+	debug_f("signature made with hash \"%s\"", hashalg);
 	if ((r = hash_buffer(message, hashalg, &b)) != 0) {
-		error("%s: hash_buffer failed: %s", __func__, ssh_err(r));
+		error_fr(r, "hash buffer");
 		goto out;
 	}
 	if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
@@ -501,12 +501,11 @@
 	if ((r = sshsig_check_hashalg(hashalg)) != 0)
 		return r;
 	if ((alg = ssh_digest_alg_by_name(hashalg)) == -1) {
-		error("%s: can't look up hash algorithm %s",
-		    __func__, hashalg);
+		error_f("can't look up hash algorithm %s", hashalg);
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	if ((ctx = ssh_digest_start(alg)) == NULL) {
-		error("%s: ssh_digest_start failed", __func__);
+		error_f("ssh_digest_start failed");
 		return SSH_ERR_INTERNAL_ERROR;
 	}
 	for (;;) {
@@ -514,28 +513,27 @@
 			if (errno == EINTR || errno == EAGAIN)
 				continue;
 			oerrno = errno;
-			error("%s: read: %s", __func__, strerror(errno));
+			error_f("read: %s", strerror(errno));
 			ssh_digest_free(ctx);
 			errno = oerrno;
 			r = SSH_ERR_SYSTEM_ERROR;
 			goto out;
 		} else if (n == 0) {
-			debug2("%s: hashed %zu bytes", __func__, total);
+			debug2_f("hashed %zu bytes", total);
 			break; /* EOF */
 		}
 		total += (size_t)n;
 		if ((r = ssh_digest_update(ctx, rbuf, (size_t)n)) != 0) {
-			error("%s: ssh_digest_update: %s",
-			    __func__, ssh_err(r));
+			error_fr(r, "ssh_digest_update");
 			goto out;
 		}
 	}
 	if ((r = ssh_digest_final(ctx, hash, sizeof(hash))) != 0) {
-		error("%s: ssh_digest_final: %s", __func__, ssh_err(r));
+		error_fr(r, "ssh_digest_final");
 		goto out;
 	}
 	if ((hex = tohex(hash, ssh_digest_bytes(alg))) != NULL) {
-		debug3("%s: final hash: %s", __func__, hex);
+		debug3_f("final hash: %s", hex);
 		freezero(hex, strlen(hex));
 	}
 	if ((b = sshbuf_new()) == NULL) {
@@ -543,7 +541,7 @@
 		goto out;
 	}
 	if ((r = sshbuf_put(b, hash, ssh_digest_bytes(alg))) != 0) {
-		error("%s: sshbuf_put: %s", __func__, ssh_err(r));
+		error_fr(r, "sshbuf_put");
 		goto out;
 	}
 	*bp = b;
@@ -558,7 +556,8 @@
 }
 
 int
-sshsig_sign_fd(struct sshkey *key, const char *hashalg, const char *sk_provider,
+sshsig_sign_fd(struct sshkey *key, const char *hashalg,
+    const char *sk_provider, const char *sk_pin,
     int fd, const char *sig_namespace, struct sshbuf **out,
     sshsig_signer *signer, void *signer_ctx)
 {
@@ -570,10 +569,10 @@
 	if (out != NULL)
 		*out = NULL;
 	if ((r = hash_file(fd, hashalg, &b)) != 0) {
-		error("%s: hash_file failed: %s", __func__, ssh_err(r));
+		error_fr(r, "hash_file");
 		return r;
 	}
-	if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, b,
+	if ((r = sshsig_wrap_sign(key, hashalg, sk_provider, sk_pin, b,
 	    sig_namespace, out, signer, signer_ctx)) != 0)
 		goto out;
 	/* success */
@@ -598,9 +597,9 @@
 		*sign_keyp = NULL;
 	if ((r = sshsig_peek_hashalg(signature, &hashalg)) != 0)
 		return r;
-	debug("%s: signature made with hash \"%s\"", __func__, hashalg);
+	debug_f("signature made with hash \"%s\"", hashalg);
 	if ((r = hash_file(fd, hashalg, &b)) != 0) {
-		error("%s: hash_file failed: %s", __func__, ssh_err(r));
+		error_fr(r, "hash_file");
 		goto out;
 	}
 	if ((r = sshsig_wrap_verify(signature, hashalg, b, expect_namespace,
@@ -617,6 +616,7 @@
 struct sshsigopt {
 	int ca;
 	char *namespaces;
+	uint64_t valid_after, valid_before;
 };
 
 struct sshsigopt *
@@ -625,6 +625,7 @@
 {
 	struct sshsigopt *ret;
 	int r;
+	char *opt;
 	const char *errstr = NULL;
 
 	if ((ret = calloc(1, sizeof(*ret))) == NULL)
@@ -644,6 +645,34 @@
 			ret->namespaces = opt_dequote(&opts, &errstr);
 			if (ret->namespaces == NULL)
 				goto fail;
+		} else if (opt_match(&opts, "valid-after")) {
+			if (ret->valid_after != 0) {
+				errstr = "multiple \"valid-after\" clauses";
+				goto fail;
+			}
+			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
+				goto fail;
+			if (parse_absolute_time(opt, &ret->valid_after) != 0 ||
+			    ret->valid_after == 0) {
+				free(opt);
+				errstr = "invalid \"valid-after\" time";
+				goto fail;
+			}
+			free(opt);
+		} else if (opt_match(&opts, "valid-before")) {
+			if (ret->valid_before != 0) {
+				errstr = "multiple \"valid-before\" clauses";
+				goto fail;
+			}
+			if ((opt = opt_dequote(&opts, &errstr)) == NULL)
+				goto fail;
+			if (parse_absolute_time(opt, &ret->valid_before) != 0 ||
+			    ret->valid_before == 0) {
+				free(opt);
+				errstr = "invalid \"valid-before\" time";
+				goto fail;
+			}
+			free(opt);
 		}
 		/*
 		 * Skip the comma, and move to the next option
@@ -662,6 +691,12 @@
 			goto fail;
 		}
 	}
+	/* final consistency check */
+	if (ret->valid_after != 0 && ret->valid_before != 0 &&
+	    ret->valid_before <= ret->valid_after) {
+		errstr = "\"valid-before\" time is before \"valid-after\"";
+		goto fail;
+	}
 	/* success */
 	return ret;
  fail:
@@ -710,7 +745,7 @@
 		goto out;
 	}
 	if ((principals = strdup(tmp)) == NULL) {
-		error("%s: strdup failed", __func__);
+		error_f("strdup failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -725,12 +760,12 @@
 			r = SSH_ERR_KEY_NOT_FOUND;
 			goto out;
 		}
-		debug("%s: %s:%lu: matched principal \"%s\"",
-		    __func__, path, linenum, required_principal);
+		debug_f("%s:%lu: matched principal \"%s\"",
+		    path, linenum, required_principal);
 	}
 
 	if ((key = sshkey_new(KEY_UNSPEC)) == NULL) {
-		error("%s: sshkey_new failed", __func__);
+		error_f("sshkey_new failed");
 		r = SSH_ERR_ALLOC_FAIL;
 		goto out;
 	}
@@ -780,12 +815,13 @@
 static int
 check_allowed_keys_line(const char *path, u_long linenum, char *line,
     const struct sshkey *sign_key, const char *principal,
-    const char *sig_namespace)
+    const char *sig_namespace, uint64_t verify_time)
 {
 	struct sshkey *found_key = NULL;
-	int r, found = 0;
+	int r, success = 0;
 	const char *reason = NULL;
 	struct sshsigopt *sigopts = NULL;
+	char tvalid[64], tverify[64];
 
 	/* Parse the line */
 	if ((r = parse_principals_key_and_options(path, linenum, line,
@@ -794,6 +830,24 @@
 		goto done;
 	}
 
+	if (!sigopts->ca && sshkey_equal(found_key, sign_key)) {
+		/* Exact match of key */
+		debug("%s:%lu: matched key", path, linenum);
+	} else if (sigopts->ca && sshkey_is_cert(sign_key) &&
+	    sshkey_equal_public(sign_key->cert->signature_key, found_key)) {
+		/* Match of certificate's CA key */
+		if ((r = sshkey_cert_check_authority(sign_key, 0, 1, 0,
+		    verify_time, principal, &reason)) != 0) {
+			error("%s:%lu: certificate not authorized: %s",
+			    path, linenum, reason);
+			goto done;
+		}
+		debug("%s:%lu: matched certificate CA key", path, linenum);
+	} else {
+		/* Didn't match key */
+		goto done;
+	}
+
 	/* Check whether options preclude the use of this key */
 	if (sigopts->namespaces != NULL &&
 	    match_pattern_list(sig_namespace, sigopts->namespaces, 0) != 1) {
@@ -802,36 +856,37 @@
 		goto done;
 	}
 
-	if (!sigopts->ca && sshkey_equal(found_key, sign_key)) {
-		/* Exact match of key */
-		debug("%s:%lu: matched key and principal", path, linenum);
-		/* success */
-		found = 1;
-	} else if (sigopts->ca && sshkey_is_cert(sign_key) &&
-	    sshkey_equal_public(sign_key->cert->signature_key, found_key)) {
-		/* Match of certificate's CA key */
-		if ((r = sshkey_cert_check_authority(sign_key, 0, 1,
-		    principal, &reason)) != 0) {
-			error("%s:%lu: certificate not authorized: %s",
-			    path, linenum, reason);
-			goto done;
-		}
-		debug("%s:%lu: matched certificate CA key", path, linenum);
-		/* success */
-		found = 1;
-	} else {
-		/* Principal matched but key didn't */
+	/* check key time validity */
+	format_absolute_time((uint64_t)verify_time, tverify, sizeof(tverify));
+	if (sigopts->valid_after != 0 &&
+	    (uint64_t)verify_time < sigopts->valid_after) {
+		format_absolute_time(sigopts->valid_after,
+		    tvalid, sizeof(tvalid));
+		error("%s:%lu: key is not yet valid: "
+		    "verify time %s < valid-after %s", path, linenum,
+		    tverify, tvalid);
 		goto done;
 	}
+	if (sigopts->valid_before != 0 &&
+	    (uint64_t)verify_time > sigopts->valid_before) {
+		format_absolute_time(sigopts->valid_before,
+		    tvalid, sizeof(tvalid));
+		error("%s:%lu: key has expired: "
+		    "verify time %s > valid-before %s", path, linenum,
+		    tverify, tvalid);
+		goto done;
+	}
+	success = 1;
+
  done:
 	sshkey_free(found_key);
 	sshsigopt_free(sigopts);
-	return found ? 0 : SSH_ERR_KEY_NOT_FOUND;
+	return success ? 0 : SSH_ERR_KEY_NOT_FOUND;
 }
 
 int
 sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
-    const char *principal, const char *sig_namespace)
+    const char *principal, const char *sig_namespace, uint64_t verify_time)
 {
 	FILE *f = NULL;
 	char *line = NULL;
@@ -851,9 +906,10 @@
 	while (getline(&line, &linesize, f) != -1) {
 		linenum++;
 		r = check_allowed_keys_line(path, linenum, line, sign_key,
-		    principal, sig_namespace);
+		    principal, sig_namespace, verify_time);
 		free(line);
 		line = NULL;
+		linesize = 0;
 		if (r == SSH_ERR_KEY_NOT_FOUND)
 			continue;
 		else if (r == 0) {
@@ -871,7 +927,7 @@
 
 static int
 cert_filter_principals(const char *path, u_long linenum,
-    char **principalsp, const struct sshkey *cert)
+    char **principalsp, const struct sshkey *cert, uint64_t verify_time)
 {
 	char *cp, *oprincipals, *principals;
 	const char *reason;
@@ -893,15 +949,15 @@
 			continue;
 		}
 		/* Check against principals list in certificate */
-		if ((r = sshkey_cert_check_authority(cert, 0, 1,
-		    cp, &reason)) != 0) {
+		if ((r = sshkey_cert_check_authority(cert, 0, 1, 0,
+		    verify_time, cp, &reason)) != 0) {
 			debug("%s:%lu: principal \"%s\" not authorized: %s",
 			    path, linenum, cp, reason);
 			continue;
 		}
 		if ((r = sshbuf_putf(nprincipals, "%s%s",
 		    sshbuf_len(nprincipals) != 0 ? "," : "", cp)) != 0) {
-			error("%s: buffer error", __func__);
+			error_f("buffer error");
 			goto out;
 		}
 	}
@@ -911,7 +967,7 @@
 		goto out;
 	}
 	if ((principals = sshbuf_dup_string(nprincipals)) == NULL) {
-		error("%s: buffer error", __func__);
+		error_f("buffer error");
 		goto out;
 	}
 	/* success */
@@ -925,7 +981,7 @@
 
 static int
 get_matching_principals_from_line(const char *path, u_long linenum, char *line,
-    const struct sshkey *sign_key, char **principalsp)
+    const struct sshkey *sign_key, uint64_t verify_time, char **principalsp)
 {
 	struct sshkey *found_key = NULL;
 	char *principals = NULL;
@@ -951,10 +1007,10 @@
 	    sshkey_equal_public(sign_key->cert->signature_key, found_key)) {
 		/* Remove principals listed in file but not allowed by cert */
 		if ((r = cert_filter_principals(path, linenum,
-		    &principals, sign_key)) != 0) {
+		    &principals, sign_key, verify_time)) != 0) {
 			/* error already displayed */
-			debug("%s:%lu: cert_filter_principals: %s",
-			    path, linenum, ssh_err(r));
+			debug_r(r, "%s:%lu: cert_filter_principals",
+			    path, linenum);
 			goto done;
 		}
 		debug("%s:%lu: matched certificate CA key", path, linenum);
@@ -977,7 +1033,7 @@
 
 int
 sshsig_find_principals(const char *path, const struct sshkey *sign_key,
-    char **principals)
+    uint64_t verify_time, char **principals)
 {
 	FILE *f = NULL;
 	char *line = NULL;
@@ -996,9 +1052,10 @@
 	while (getline(&line, &linesize, f) != -1) {
 		linenum++;
 		r = get_matching_principals_from_line(path, linenum, line,
-		    sign_key, principals);
+		    sign_key, verify_time, principals);
 		free(line);
 		line = NULL;
+		linesize = 0;
 		if (r == SSH_ERR_KEY_NOT_FOUND)
 			continue;
 		else if (r == 0) {

sshsig.h

diff --git a/sshsig.h b/sshsig.h
index 63cc1ad..b725c7d 100644
--- a/sshsig.h
+++ b/sshsig.h
@@ -1,3 +1,4 @@
+/* $OpenBSD: sshsig.h,v 1.10 2021/07/23 03:37:52 djm Exp $ */
 /*
  * Copyright (c) 2019 Google LLC
  *
@@ -23,7 +24,8 @@
 struct sshkey_sig_details;
 
 typedef int sshsig_signer(struct sshkey *, u_char **, size_t *,
-    const u_char *, size_t, const char *, const char *, u_int, void *);
+    const u_char *, size_t, const char *, const char *, const char *,
+    u_int, void *);
 
 /* Buffer-oriented API */
 
@@ -33,7 +35,7 @@
  * out is populated with the detached signature, or NULL on failure.
  */
 int sshsig_signb(struct sshkey *key, const char *hashalg,
-    const char *sk_provider, const struct sshbuf *message,
+    const char *sk_provider, const char *sk_pin, const struct sshbuf *message,
     const char *sig_namespace, struct sshbuf **out,
     sshsig_signer *signer, void *signer_ctx);
 
@@ -54,7 +56,8 @@
  * out is populated with the detached signature, or NULL on failure.
  */
 int sshsig_sign_fd(struct sshkey *key, const char *hashalg,
-    const char *sk_provider, int fd, const char *sig_namespace,
+    const char *sk_provider, const char *sk_pin,
+    int fd, const char *sig_namespace,
     struct sshbuf **out, sshsig_signer *signer, void *signer_ctx);
 
 /*
@@ -83,7 +86,7 @@
  * an allowed_keys file. Returns 0 on success.
  */
 int sshsig_check_allowed_keys(const char *path, const struct sshkey *sign_key,
-    const char *principal, const char *ns);
+    const char *principal, const char *ns, uint64_t verify_time);
 
 /* Parse zero or more allowed_keys signature options */
 struct sshsigopt *sshsigopt_parse(const char *opts,
@@ -99,6 +102,6 @@
  * 0 on success.
  */
 int sshsig_find_principals(const char *path, const struct sshkey *sign_key,
-    char **principal);
+    uint64_t verify_time, char **principal);
 
 #endif /* SSHSIG_H */

ttymodes.c

diff --git a/ttymodes.c b/ttymodes.c
index f0c2a5d..1d20ce8 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ttymodes.c,v 1.34 2018/07/09 21:20:26 markus Exp $ */
+/* $OpenBSD: ttymodes.c,v 1.36 2021/01/27 09:26:54 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -283,11 +283,11 @@
 	int r, ibaud, obaud;
 
 	if ((buf = sshbuf_new()) == NULL)
-		fatal("%s: sshbuf_new failed", __func__);
+		fatal_f("sshbuf_new failed");
 
 	if (tiop == NULL) {
 		if (fd == -1) {
-			debug("%s: no fd or tio", __func__);
+			debug_f("no fd or tio");
 			goto end;
 		}
 		if (tcgetattr(fd, &tio) == -1) {
@@ -304,23 +304,23 @@
 	    (r = sshbuf_put_u32(buf, obaud)) != 0 ||
 	    (r = sshbuf_put_u8(buf, TTY_OP_ISPEED)) != 0 ||
 	    (r = sshbuf_put_u32(buf, ibaud)) != 0)
-		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose");
 
 	/* Store values of mode flags. */
 #define TTYCHAR(NAME, OP) \
 	if ((r = sshbuf_put_u8(buf, OP)) != 0 || \
 	    (r = sshbuf_put_u32(buf, \
 	    special_char_encode(tio.c_cc[NAME]))) != 0) \
-		fatal("%s: buffer error: %s", __func__, ssh_err(r)); \
+		fatal_fr(r, "compose %s", #NAME);
 
 #define SSH_TTYMODE_IUTF8 42  /* for SSH_BUG_UTF8TTYMODE */
 
 #define TTYMODE(NAME, FIELD, OP) \
-	if (OP == SSH_TTYMODE_IUTF8 && (datafellows & SSH_BUG_UTF8TTYMODE)) { \
-		debug3("%s: SSH_BUG_UTF8TTYMODE", __func__); \
+	if (OP == SSH_TTYMODE_IUTF8 && (ssh->compat & SSH_BUG_UTF8TTYMODE)) { \
+		debug3_f("SSH_BUG_UTF8TTYMODE"); \
 	} else if ((r = sshbuf_put_u8(buf, OP)) != 0 || \
 	    (r = sshbuf_put_u32(buf, ((tio.FIELD & NAME) != 0))) != 0) \
-		fatal("%s: buffer error: %s", __func__, ssh_err(r)); \
+		fatal_fr(r, "compose %s", #NAME);
 
 #include "ttymodes.h"
 
@@ -331,7 +331,7 @@
 	/* Mark end of mode data. */
 	if ((r = sshbuf_put_u8(buf, TTY_OP_END)) != 0 ||
 	    (r = sshpkt_put_stringb(ssh, buf)) != 0)
-		fatal("%s: packet error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "compose end");
 	sshbuf_free(buf);
 }
 
@@ -351,11 +351,11 @@
 	size_t len;
 
 	if ((r = sshpkt_get_string_direct(ssh, &data, &len)) != 0)
-		fatal("%s: packet error: %s", __func__, ssh_err(r));
+		fatal_fr(r, "parse");
 	if (len == 0)
 		return;
 	if ((buf = sshbuf_from(data, len)) == NULL) {
-		error("%s: sshbuf_from failed", __func__);
+		error_f("sshbuf_from failed");
 		return;
 	}
 
@@ -371,15 +371,14 @@
 
 	while (sshbuf_len(buf) > 0) {
 		if ((r = sshbuf_get_u8(buf, &opcode)) != 0)
-			fatal("%s: packet error: %s", __func__, ssh_err(r));
+			fatal_fr(r, "parse opcode");
 		switch (opcode) {
 		case TTY_OP_END:
 			goto set;
 
 		case TTY_OP_ISPEED:
 			if ((r = sshbuf_get_u32(buf, &baud)) != 0)
-				fatal("%s: packet error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse ispeed");
 			if (failure != -1 &&
 			    cfsetispeed(&tio, baud_to_speed(baud)) == -1)
 				error("cfsetispeed failed for %d", baud);
@@ -387,8 +386,7 @@
 
 		case TTY_OP_OSPEED:
 			if ((r = sshbuf_get_u32(buf, &baud)) != 0)
-				fatal("%s: packet error: %s",
-				    __func__, ssh_err(r));
+				fatal_fr(r, "parse ospeed");
 			if (failure != -1 &&
 			    cfsetospeed(&tio, baud_to_speed(baud)) == -1)
 				error("cfsetospeed failed for %d", baud);
@@ -397,15 +395,13 @@
 #define TTYCHAR(NAME, OP) \
 		case OP: \
 			if ((r = sshbuf_get_u32(buf, &u)) != 0) \
-				fatal("%s: packet error: %s", __func__, \
-				    ssh_err(r)); \
+				fatal_fr(r, "parse %s", #NAME); \
 			tio.c_cc[NAME] = special_char_decode(u); \
 			break;
 #define TTYMODE(NAME, FIELD, OP) \
 		case OP: \
 			if ((r = sshbuf_get_u32(buf, &u)) != 0) \
-				fatal("%s: packet error: %s", __func__, \
-				    ssh_err(r)); \
+				fatal_fr(r, "parse %s", #NAME); \
 			if (u) \
 				tio.FIELD |= NAME; \
 			else \
@@ -429,12 +425,10 @@
 			 */
 			if (opcode > 0 && opcode < 160) {
 				if ((r = sshbuf_get_u32(buf, NULL)) != 0)
-					fatal("%s: packet error: %s", __func__,
-					    ssh_err(r));
+					fatal_fr(r, "parse arg");
 				break;
 			} else {
-				logit("%s: unknown opcode %d", __func__,
-				    opcode);
+				logit_f("unknown opcode %d", opcode);
 				goto set;
 			}
 		}
@@ -444,7 +438,7 @@
 	len = sshbuf_len(buf);
 	sshbuf_free(buf);
 	if (len > 0) {
-		logit("%s: %zu bytes left", __func__, len);
+		logit_f("%zu bytes left", len);
 		return;		/* Don't process bytes passed */
 	}
 	if (failure == -1)

uidswap.c

diff --git a/uidswap.c b/uidswap.c
index 285c5aa..d373859 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -57,7 +57,7 @@
    is not part of the posix specification. */
 #define SAVED_IDS_WORK_WITH_SETEUID
 /* Saved effective uid. */
-static uid_t 	saved_euid = 0;
+static uid_t	saved_euid = 0;
 static gid_t	saved_egid = 0;
 #endif
 

umac.c

diff --git a/umac.c b/umac.c
index 3d4e285..e5ec19f 100644
--- a/umac.c
+++ b/umac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.c,v 1.20 2020/03/13 03:17:07 djm Exp $ */
+/* $OpenBSD: umac.c,v 1.21 2021/04/03 06:58:30 djm Exp $ */
 /* -----------------------------------------------------------------------
  *
  * umac.c -- C Implementation UMAC Message Authentication
@@ -290,7 +290,7 @@
  * versions, one expects the entire message being hashed to be passed
  * in a single buffer and returns the hash result immediately. The second
  * allows the message to be passed in a sequence of buffers. In the
- * muliple-buffer interface, the client calls the routine nh_update() as
+ * multiple-buffer interface, the client calls the routine nh_update() as
  * many times as necessary. When there is no more data to be fed to the
  * hash, the client calls nh_final() which calculates the hash output.
  * Before beginning another hash calculation the nh_reset() routine

utf8.h

diff --git a/utf8.h b/utf8.h
index 9d6d9a3..09941d4 100644
--- a/utf8.h
+++ b/utf8.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: utf8.h,v 1.3 2020/05/01 06:28:52 djm Exp $ */
+/* $OpenBSD: utf8.h,v 1.4 2021/04/03 06:18:41 djm Exp $ */
 /*
  * Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
  *
@@ -17,12 +17,12 @@
 
 int	 vasnmprintf(char **, size_t, int *, const char *, va_list);
 int	 mprintf(const char *, ...)
-	     __attribute__((format(printf, 1, 2)));
+	    __attribute__((format(printf, 1, 2)));
 int	 fmprintf(FILE *, const char *, ...)
-	     __attribute__((format(printf, 2, 3)));
+	    __attribute__((format(printf, 2, 3)));
 int	 vfmprintf(FILE *, const char *, va_list);
 int	 snmprintf(char *, size_t, int *, const char *, ...)
-	     __attribute__((format(printf, 4, 5)));
+	    __attribute__((format(printf, 4, 5)));
 int	 asmprintf(char **, size_t, int *, const char *, ...)
-	     __attribute__((format(printf, 4, 5)));
+	    __attribute__((format(printf, 4, 5)));
 void	 msetlocale(void);

version.h

diff --git a/version.h b/version.h
index a2eca3e..eba7aca 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.87 2020/05/06 20:58:01 djm Exp $ */
+/* $OpenBSD: version.h,v 1.92 2021/09/26 14:01:11 djm Exp $ */
 
-#define SSH_VERSION	"OpenSSH_8.3"
+#define SSH_VERSION	"OpenSSH_8.8"
 
 #define SSH_PORTABLE	"p1"
 #define SSH_RELEASE	SSH_VERSION SSH_PORTABLE

xmalloc.h

diff --git a/xmalloc.h b/xmalloc.h
index abaf7ad..a6b8d23 100644
--- a/xmalloc.h
+++ b/xmalloc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmalloc.h,v 1.19 2019/11/12 22:32:48 djm Exp $ */
+/* $OpenBSD: xmalloc.h,v 1.20 2021/04/03 06:18:41 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -22,7 +22,6 @@
 void	*xrecallocarray(void *, size_t, size_t, size_t);
 char	*xstrdup(const char *);
 int	 xasprintf(char **, const char *, ...)
-                __attribute__((__format__ (printf, 2, 3)))
-                __attribute__((__nonnull__ (2)));
+    __attribute__((__format__ (printf, 2, 3))) __attribute__((__nonnull__ (2)));
 int	 xvasprintf(char **, const char *, va_list)
-		__attribute__((__nonnull__ (2)));
+    __attribute__((__nonnull__ (2)));