Re: (ITS#8618) ldapsearch - unexpected behavior with
by arekkusu@r42.ch
I was referring to best practice/RFC regarding what is a valid hostname.
My example was intentionally provocative. I think rejecting hostname containing
the '://' construct is actually a good idea. Those would be problematic for
parsing and such broken hostname are unlikely to ever be use.
Been reading a bit more (1) and I think internationalized domain are also not an
issue as they have a ASCII representation. So the only real concern I can think
of at this point is underscore. But I could be missing something...
I am still not convinced about having addition verification beside:
- What the DNS standard says (RFC2181)
- Prohibiting hostname that would cause cause an issue with parsing ('://')
Why do the 'host' and 'dig' command does not seem to place any restriction when
querying for A records ? (would be interested to see how other software handle
this)
Andew: Did you manage to find out why the behavior with '-h' option and both '
--h' and '-p' option was different ?
Best, Alex
(1) https://stackoverflow.com/questions/2180465/can-domain-name-subdomains-have-
an-underscore-in-it
PS: Andrew: In my client (evolution) your previous plain text email did show up
as base64 encoded. (had to use 'base64 -d' to read them). I did not remember
outlook making it so hard to send plain text email (!)
On Sat, 2018-03-03 at 10:29 +0000, michael(a)stroeder.com wrote:
> Alexandre Rosenberg wrote:
> > Micheal, you are *right* about the man page saying _hostname_. Indeed
> > OpenLDAP
> > only accepting hostname as per best practice/RFC might be the most correct
> > behavior.
>
> There is no relevant RFC or best practice, only the man-page. And the -h
> and -p arguments come from the old UMich LDAP times.
>
> > However we can not change this behavior without breakable. consider:
>
> AFAICS backward compability has only be provided to those ancient Umich
> or Netscape Directory tools. So IMO LDAP URI does not have to be accepted.
>
> > - Underscore are not that uncommon with Active Directory
> > - What about
> > - ... (probably more)
>
> If you want to fix something for 2.4.x to match what the man-page says
> you could effectively reject LDAP URI by simply rejecting colons and
> slashes. Those chars are never in even seriously broken hostnames. If
> they were they would cause more interop issues anyway.
>
> > Therefore I believe such change could only be done in a major release. And
> > at
> > that point we might just remove the depreciated '-h' option altogether.
>
> Agreed. 2.5 release chould IMO simply remove options -h and -p.
>
> Ciao, Michael.
>
>
>
2 years, 10 months
RE: (ITS#8618) ldapsearch - unexpected behavior with
by andrew.lawrence@siemens.com
I am using Outlook and in addition to sending messages with HTML by default=
it also uses some kind of encoding if you select plain text. I have spent =
most of the afternoon trying to turn this off and hopefully I have now been=
successful.
I followed the instructions to upload the patch (andrew-lawrence-180303.pa=
tch) to ftp://openldap.org/incoming/. I am not sure if it was successful a=
s I cannot see the contents of the folder.
The attached file is derived from OpenLDAP Software. All of the modificatio=
ns to OpenLDAP Software represented in the following patch(es) were develop=
ed by Siemens Rail Automation Holdings Limited. Siemens Rail Automation Hol=
dings Limited has not assigned rights and/or interest in this work to any p=
arty. I, Andrew Lawrence am authorized by Siemens Rail Automation Holdings =
Limited, my employer, to release this work under the following terms.
Siemens Rail Automation Holdings Limited hereby place the following modific=
ations to OpenLDAP Software (and only these modifications) into the public =
domain. Hence, these modifications may be freely used and/or redistributed =
for any purpose with or without attribution and/or other notice.
Cheers,
Andy
-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com]
Sent: 02 March 2018 22:53
To: Lawrence, Andy (MO MM R&D UK IXL); openldap-its(a)OpenLDAP.org
Subject: Re: (ITS#8618) ldapsearch - unexpected behavior with
andrew.lawrence(a)siemens.com wrote:
> --_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_
> Content-Type: multipart/alternative;
> boundary=3D"_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5M=
SXww9_"
>
> --_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_
> Content-Type: text/plain; charset=3D"iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> I believe the following patch addresses this problem. I am still a bit
> conf=3D used about what constitutes a DNS name. Alex has suggested they
> should cont=3D ain an underscore. My colleague who reviewed the code had
> a different opini=3D on.
>
>
>
> I am also not sure what to do about copyright headers and whether it
> is acc=3D eptable or not for me to add them into the files.
Please read the Contributing guidelines.
Please do not use HTML email.
Please demonstrate a basic ability to read and follow directions, otherwise=
your patch will be discarded. It's not like the information is hard to fin=
d, everything is linked from the front page of the web site.
http://www.openldap.org/devel/contributing.html
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
2 years, 10 months
Re: (ITS#8618) ldapsearch - unexpected behavior with
by michael@stroeder.com
Alexandre Rosenberg wrote:
> Micheal, you are *right* about the man page saying _hostname_. Indeed OpenLDAP
> only accepting hostname as per best practice/RFC might be the most correct
> behavior.
There is no relevant RFC or best practice, only the man-page. And the -h
and -p arguments come from the old UMich LDAP times.
> However we can not change this behavior without breakable. consider:
AFAICS backward compability has only be provided to those ancient Umich
or Netscape Directory tools. So IMO LDAP URI does not have to be accepted.
> - Underscore are not that uncommon with Active Directory
> - What about internationalized DNS name
> - ... (probably more)
If you want to fix something for 2.4.x to match what the man-page says
you could effectively reject LDAP URI by simply rejecting colons and
slashes. Those chars are never in even seriously broken hostnames. If
they were they would cause more interop issues anyway.
> Therefore I believe such change could only be done in a major release. And at
> that point we might just remove the depreciated '-h' option altogether.
Agreed. 2.5 release chould IMO simply remove options -h and -p.
Ciao, Michael.
2 years, 10 months
RE: (ITS#8618) ldapsearch - unexpected behavior with
by andrew.lawrence@siemens.com
SSBmb2xsb3dlZCB0aGUgaW5zdHJ1Y3Rpb25zIHRvIHVwbG9hZCB0aGUgcGF0Y2ggIChhbmRyZXct
bGF3cmVuY2UtMTgwMzAzLnBhdGNoKSAgdG8gZnRwOi8vb3BlbmxkYXAub3JnL2luY29taW5nLy4g
SSBhbSBub3Qgc3VyZSBpZiBpdCB3YXMgc3VjY2Vzc2Z1bCBhcyBJIGNhbm5vdCBzZWUgdGhlIGNv
bnRlbnRzIG9mIHRoZSBmb2xkZXIuDQoNClRoZSBhdHRhY2hlZCBmaWxlIGlzIGRlcml2ZWQgZnJv
bSBPcGVuTERBUCBTb2Z0d2FyZS4gQWxsIG9mIHRoZSBtb2RpZmljYXRpb25zIHRvIE9wZW5MREFQ
IFNvZnR3YXJlIHJlcHJlc2VudGVkIGluIHRoZSBmb2xsb3dpbmcgcGF0Y2goZXMpIHdlcmUgZGV2
ZWxvcGVkIGJ5IFNpZW1lbnMgUmFpbCBBdXRvbWF0aW9uIEhvbGRpbmdzIExpbWl0ZWQuIFNpZW1l
bnMgUmFpbCBBdXRvbWF0aW9uIEhvbGRpbmdzIExpbWl0ZWQgaGFzIG5vdCBhc3NpZ25lZCByaWdo
dHMgYW5kL29yIGludGVyZXN0IGluIHRoaXMgd29yayB0byBhbnkgcGFydHkuIEksIEFuZHJldyBM
YXdyZW5jZSBhbSBhdXRob3JpemVkIGJ5IFNpZW1lbnMgUmFpbCBBdXRvbWF0aW9uIEhvbGRpbmdz
IExpbWl0ZWQsIG15IGVtcGxveWVyLCB0byByZWxlYXNlIHRoaXMgd29yayB1bmRlciB0aGUgZm9s
bG93aW5nIHRlcm1zLg0KDQpTaWVtZW5zIFJhaWwgQXV0b21hdGlvbiBIb2xkaW5ncyBMaW1pdGVk
IGhlcmVieSBwbGFjZSB0aGUgZm9sbG93aW5nIG1vZGlmaWNhdGlvbnMgdG8gT3BlbkxEQVAgU29m
dHdhcmUgKGFuZCBvbmx5IHRoZXNlIG1vZGlmaWNhdGlvbnMpIGludG8gdGhlIHB1YmxpYyBkb21h
aW4uIEhlbmNlLCB0aGVzZSBtb2RpZmljYXRpb25zIG1heSBiZSBmcmVlbHkgdXNlZCBhbmQvb3Ig
cmVkaXN0cmlidXRlZCBmb3IgYW55IHB1cnBvc2Ugd2l0aCBvciB3aXRob3V0IGF0dHJpYnV0aW9u
IGFuZC9vciBvdGhlciBub3RpY2UuDQoNCkNoZWVycywNCkFuZHkNCg0KLS0tLS1PcmlnaW5hbCBN
ZXNzYWdlLS0tLS0NCkZyb206IEhvd2FyZCBDaHUgW21haWx0bzpoeWNAc3ltYXMuY29tXSANClNl
bnQ6IDAyIE1hcmNoIDIwMTggMjI6NTMNClRvOiBMYXdyZW5jZSwgQW5keSAoTU8gTU0gUiZEIFVL
IElYTCk7IG9wZW5sZGFwLWl0c0BPcGVuTERBUC5vcmcNClN1YmplY3Q6IFJlOiAoSVRTIzg2MTgp
IGxkYXBzZWFyY2ggLSB1bmV4cGVjdGVkIGJlaGF2aW9yIHdpdGgNCg0KYW5kcmV3Lmxhd3JlbmNl
QHNpZW1lbnMuY29tIHdyb3RlOg0KPiAtLV8wMDRfNENGNzEwMjI5Nzg3QTA0MTlCRjkyQzkzMDRE
QzY0NDZFNzkyN0FERUZUSFc5OUVJNU1TWHd3OV8NCj4gQ29udGVudC1UeXBlOiBtdWx0aXBhcnQv
YWx0ZXJuYXRpdmU7DQo+IAlib3VuZGFyeT0iXzAwMF80Q0Y3MTAyMjk3ODdBMDQxOUJGOTJDOTMw
NERDNjQ0NkU3OTI3QURFRlRIVzk5RUk1TVNYd3c5XyINCj4gDQo+IC0tXzAwMF80Q0Y3MTAyMjk3
ODdBMDQxOUJGOTJDOTMwNERDNjQ0NkU3OTI3QURFRlRIVzk5RUk1TVNYd3c5Xw0KPiBDb250ZW50
LVR5cGU6IHRleHQvcGxhaW47IGNoYXJzZXQ9Imlzby04ODU5LTEiDQo+IENvbnRlbnQtVHJhbnNm
ZXItRW5jb2Rpbmc6IHF1b3RlZC1wcmludGFibGUNCj4gDQo+IEkgYmVsaWV2ZSB0aGUgZm9sbG93
aW5nIHBhdGNoIGFkZHJlc3NlcyB0aGlzIHByb2JsZW0uIEkgYW0gc3RpbGwgYSBiaXQgDQo+IGNv
bmY9IHVzZWQgYWJvdXQgd2hhdCBjb25zdGl0dXRlcyBhIEROUyBuYW1lLiBBbGV4IGhhcyBzdWdn
ZXN0ZWQgdGhleSANCj4gc2hvdWxkIGNvbnQ9IGFpbiBhbiB1bmRlcnNjb3JlLiBNeSBjb2xsZWFn
dWUgd2hvIHJldmlld2VkIHRoZSBjb2RlIGhhZCANCj4gYSBkaWZmZXJlbnQgb3Bpbmk9IG9uLg0K
PiANCj4gDQo+IA0KPiBJIGFtIGFsc28gbm90IHN1cmUgd2hhdCB0byBkbyBhYm91dCBjb3B5cmln
aHQgaGVhZGVycyBhbmQgd2hldGhlciBpdCANCj4gaXMgYWNjPSBlcHRhYmxlIG9yIG5vdCBmb3Ig
bWUgdG8gYWRkIHRoZW0gaW50byB0aGUgZmlsZXMuDQoNClBsZWFzZSByZWFkIHRoZSBDb250cmli
dXRpbmcgZ3VpZGVsaW5lcy4NClBsZWFzZSBkbyBub3QgdXNlIEhUTUwgZW1haWwuDQoNClBsZWFz
ZSBkZW1vbnN0cmF0ZSBhIGJhc2ljIGFiaWxpdHkgdG8gcmVhZCBhbmQgZm9sbG93IGRpcmVjdGlv
bnMsIG90aGVyd2lzZSB5b3VyIHBhdGNoIHdpbGwgYmUgZGlzY2FyZGVkLiBJdCdzIG5vdCBsaWtl
IHRoZSBpbmZvcm1hdGlvbiBpcyBoYXJkIHRvIGZpbmQsIGV2ZXJ5dGhpbmcgaXMgbGlua2VkIGZy
b20gdGhlIGZyb250IHBhZ2Ugb2YgdGhlIHdlYiBzaXRlLg0KDQpodHRwOi8vd3d3Lm9wZW5sZGFw
Lm9yZy9kZXZlbC9jb250cmlidXRpbmcuaHRtbA0KDQotLSANCiAgIC0tIEhvd2FyZCBDaHUNCiAg
IENUTywgU3ltYXMgQ29ycC4gICAgICAgICAgIGh0dHA6Ly93d3cuc3ltYXMuY29tDQogICBEaXJl
Y3RvciwgSGlnaGxhbmQgU3VuICAgICBodHRwOi8vaGlnaGxhbmRzdW4uY29tL2h5Yy8NCiAgIENo
aWVmIEFyY2hpdGVjdCwgT3BlbkxEQVAgIGh0dHA6Ly93d3cub3BlbmxkYXAub3JnL3Byb2plY3Qv
DQo=
2 years, 10 months
Re: (ITS#8618) ldapsearch - unexpected behavior with
by arekkusu@r42.ch
I am also not a C programmer. I've not even looked at patch at this point.
I agree best practice says hostname are limited to specific ASCII characters.
And underscore are indeed not included.
However DNS name in general only have very few restriction (RFC2181) (2).
I did some tests using the 'host' and 'dig' command and they do not perform
additional validation. For example (2):
$ host 'ldap://.test.com'
ldap://.test.com has address 69.172.200.109
I would expect C library for resolving DNS names to already enforce those basic
constrain. I believe we should be careful about performing additional
validation/restriction.
Micheal, you are *right* about the man page saying _hostname_. Indeed OpenLDAP
only accepting hostname as per best practice/RFC might be the most correct
behavior. However we can not change this behavior without breakable. consider:
- Underscore are not that uncommon with Active Directory
- What about internationalized DNS name
- ... (probably more)
Therefore I believe such change could only be done in a major release. And at
that point we might just remove the depreciated '-h' option altogether.
I don't know how OpenLDAP code work. I have a suspicion it might
transform hostname + port into a URI.
The ITC shows that (for some cases) hostname are handled differently when:
1. Using only '-h' without '-p'
2. Using both '-h' and '-p'
And this is clearly not a correct behavior.
Best, Alex
(1)
See RFC for reference but essentially:
- A full domain name is limited to 255 octets (including the separators)
- Each part of the domain (label) can be between 1 and 63 octets
(2)
test.com DNS seems to simply return the same A record for any subdomain
(wildcard). It highlights that wierd name like works at the DNS level.
PS: I exchanged a few email regarding DNS/hostname with Lawrence off the list. I
believe this email summarizes the main points from my perspective.
On Fri, 2018-03-02 at 18:48 +0000, michael(a)stroeder.com wrote:
> andrew.lawrence(a)siemens.com wrote:
> > I believe the following patch addresses this problem. I am still a
> > bit conf used about what constitutes a DNS name. Alex has suggested
> > they should contain an underscore. My colleague who reviewed the code
> > had a different opinion.
>
> Disclaimer: Since I'm not a C programmer I did not really review your
> patch in detail but just want to add some general notes.
>
> 1. Reviewing this ticket my is that the only problem is that
> -h also accepts a LDAP URI because -H should be used instead.
> IIRC -h was only meant to take an IP address or hostname.
> Therefore I'd strongly recommend to simply reject an LDAP URI for -h.
> Is that your goal?
>
> 2. The term "DNS name" is a bit too blurry. In case of option -h it
> should be an IP address or . And according to best practices
> hostnames SHOULD NOT contain underscores.
> Whether you _allow_ underscores to accommodate some strange setups is
> your decision.
>
> Ciao, .
>
>
>
2 years, 10 months
Re: (ITS#8618) ldapsearch - unexpected behavior with
by hyc@symas.com
andrew.lawrence(a)siemens.com wrote:
> --_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_
> Content-Type: multipart/alternative;
> boundary="_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_"
>
> --_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> I believe the following patch addresses this problem. I am still a bit conf=
> used about what constitutes a DNS name. Alex has suggested they should cont=
> ain an underscore. My colleague who reviewed the code had a different opini=
> on.
>
>
>
> I am also not sure what to do about copyright headers and whether it is acc=
> eptable or not for me to add them into the files.
Please read the Contributing guidelines.
Please do not use HTML email.
Please demonstrate a basic ability to read and follow directions, otherwise
your patch will be discarded. It's not like the information is hard to find,
everything is linked from the front page of the web site.
http://www.openldap.org/devel/contributing.html
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
2 years, 10 months
RE: (ITS#8618) ldapsearch - unexpected behavior with
by andrew.lawrence@siemens.com
SGkgTWljaGFlbCwNCg0KTXkgZ29hbCB3YXMgdG8gb25seSBhbGxvdyB2YWxpZCBob3N0bmFtZXMg
d2hlbiB1c2luZyB0aGUgLWggb3B0aW9uLiBBICBiaXByb2R1Y3Qgb2YgdGhpcyBpcyB0aGF0IGxk
YXAgdXJpcyBhcmUgYWxzbyByZWplY3RlZC4NCg0KVGhlIHBhdGNoIHJlamVjdHMgaG9zdG5hbWVz
IHdpdGggdW5kZXJzY29yZXMgYXMgYmVpbmcgaW52YWxpZC4gSSBoYWQgaGVhcmQgc2V2ZXJhbCBv
cGluaW9ucyB3aGVuIHdyaXRpbmcgdGhlIHBhdGNoIGFuZCBvbmUgb2YgdGhlbSB3YXMgdGhhdCBB
Y3RpdmUgRGlyZWN0b3J5IGFsbG93cyB1bmRlcnNjb3JlcyBpbiBob3N0bmFtZXMuDQoNCkFuZHkN
Cg0KLS0tLS1PcmlnaW5hbCBNZXNzYWdlLS0tLS0NCkZyb206IE1pY2hhZWwgU3Ryw7ZkZXIgW21h
aWx0bzptaWNoYWVsQHN0cm9lZGVyLmNvbV0NClNlbnQ6IDAyIE1hcmNoIDIwMTggMTg6NDgNClRv
OiBMYXdyZW5jZSwgQW5keSAoTU8gTU0gUiZEIFVLIElYTCk7IG9wZW5sZGFwLWl0c0BPcGVuTERB
UC5vcmcNClN1YmplY3Q6IFJlOiAoSVRTIzg2MTgpIGxkYXBzZWFyY2ggLSB1bmV4cGVjdGVkIGJl
aGF2aW9yIHdpdGgNCg0KYW5kcmV3Lmxhd3JlbmNlQHNpZW1lbnMuY29tIHdyb3RlOg0KPiBJIGJl
bGlldmUgdGhlIGZvbGxvd2luZyBwYXRjaCBhZGRyZXNzZXMgdGhpcyBwcm9ibGVtLiBJIGFtIHN0
aWxsIGEgYml0DQo+IGNvbmYgdXNlZCBhYm91dCB3aGF0IGNvbnN0aXR1dGVzIGEgRE5TIG5hbWUu
IEFsZXggaGFzIHN1Z2dlc3RlZCB0aGV5DQo+IHNob3VsZCBjb250YWluIGFuIHVuZGVyc2NvcmUu
IE15IGNvbGxlYWd1ZSB3aG8gcmV2aWV3ZWQgdGhlIGNvZGUgaGFkIGENCj4gZGlmZmVyZW50IG9w
aW5pb24uDQpEaXNjbGFpbWVyOiBTaW5jZSBJJ20gbm90IGEgQyBwcm9ncmFtbWVyIEkgZGlkIG5v
dCByZWFsbHkgcmV2aWV3IHlvdXIgcGF0Y2ggaW4gZGV0YWlsIGJ1dCBqdXN0IHdhbnQgdG8gYWRk
IHNvbWUgZ2VuZXJhbCBub3Rlcy4NCg0KMS4gUmV2aWV3aW5nIHRoaXMgdGlja2V0IG15IGltcHJl
c3Npb24gaXMgdGhhdCB0aGUgb25seSBwcm9ibGVtIGlzIHRoYXQgLWggYWxzbyBhY2NlcHRzIGEg
TERBUCBVUkkgYmVjYXVzZSAtSCBzaG91bGQgYmUgdXNlZCBpbnN0ZWFkLg0KSUlSQyAtaCB3YXMg
b25seSBtZWFudCB0byB0YWtlIGFuIElQIGFkZHJlc3Mgb3IgaG9zdG5hbWUuDQpUaGVyZWZvcmUg
SSdkIHN0cm9uZ2x5IHJlY29tbWVuZCB0byBzaW1wbHkgcmVqZWN0IGFuIExEQVAgVVJJIGZvciAt
aC4NCklzIHRoYXQgeW91ciBnb2FsPw0KDQoyLiBUaGUgdGVybSAiRE5TIG5hbWUiIGlzIGEgYml0
IHRvbyBibHVycnkuIEluIGNhc2Ugb2Ygb3B0aW9uIC1oIGl0IHNob3VsZCBiZSBhbiBJUCBhZGRy
ZXNzIG9yIF9ob3N0bmFtZV8uIEFuZCBhY2NvcmRpbmcgdG8gYmVzdCBwcmFjdGljZXMgaG9zdG5h
bWVzIFNIT1VMRCBOT1QgY29udGFpbiB1bmRlcnNjb3Jlcy4NCldoZXRoZXIgeW91IF9hbGxvd18g
dW5kZXJzY29yZXMgdG8gYWNjb21tb2RhdGUgc29tZSBzdHJhbmdlIHNldHVwcyBpcyB5b3VyIGRl
Y2lzaW9uLg0KDQpDaWFvLCBNaWNoYWVsLg0K
2 years, 10 months
Re: (ITS#8618) ldapsearch - unexpected behavior with
by michael@stroeder.com
andrew.lawrence(a)siemens.com wrote:
> I believe the following patch addresses this problem. I am still a
> bit conf used about what constitutes a DNS name. Alex has suggested
> they should contain an underscore. My colleague who reviewed the code
> had a different opinion.
Disclaimer: Since I'm not a C programmer I did not really review your
patch in detail but just want to add some general notes.
1. Reviewing this ticket my impression is that the only problem is that
-h also accepts a LDAP URI because -H should be used instead.
IIRC -h was only meant to take an IP address or hostname.
Therefore I'd strongly recommend to simply reject an LDAP URI for -h.
Is that your goal?
2. The term "DNS name" is a bit too blurry. In case of option -h it
should be an IP address or _hostname_. And according to best practices
hostnames SHOULD NOT contain underscores.
Whether you _allow_ underscores to accommodate some strange setups is
your decision.
Ciao, Michael.
2 years, 10 months
Re: (ITS#8618) ldapsearch - unexpected behavior with
by andrew.lawrence@siemens.com
--_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_
Content-Type: multipart/alternative;
boundary="_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_"
--_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I believe the following patch addresses this problem. I am still a bit conf=
used about what constitutes a DNS name. Alex has suggested they should cont=
ain an underscore. My colleague who reviewed the code had a different opini=
on.
I am also not sure what to do about copyright headers and whether it is acc=
eptable or not for me to add them into the files.
>From b3d02c8478edaa877b39f3d8824b54dc7b70146d Mon Sep 17 00:00:00 2001
From: Andrew Lawrence <andrew.lawrence(a)siemens.com>
Date: Thu, 25 Jan 2018 22:15:14 +0000
Subject: [PATCH] Added host name validation
Removed spurious include
Fixed review comments
Fixed additional review comments regarding errorcode and underscore
---
clients/tools/common.c | 14 ++++++++++++--
include/ldap_pvt.h | 4 ++++
libraries/libldap/url.c | 32 ++++++++++++++++++++++++++++++++
3 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/clients/tools/common.c b/clients/tools/common.c
index 5eb41aa..821b006 100644
--- a/clients/tools/common.c
+++ b/clients/tools/common.c
@@ -5,6 +5,7 @@
* Copyright 1998-2017 The OpenLDAP Foundation.
* Portions Copyright 2003 Kurt D. Zeilenga.
* Portions Copyright 2003 IBM Corporation.
+ * Portions Copyright 2018 Siemens Rail Automation Holdings Limited.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -1242,7 +1243,16 @@ tool_conn_setup( int dont, void (*private_setup)( LD=
AP * ) )
int rc;
if( ( ldaphost !=3D NULL || ldapport ) && ( ldapuri =3D=3D N=
ULL ) ) {
- /* construct URL */
+
+ rc =3D ldap_validate_hostname(ldaphost);
+ if (rc !=3D LDAP_URL_SUCCESS) {
+ fprintf( stderr,
+ "Invalid host name %s\n",
+ ldaphost);
+ exit( EXIT_FAILURE );
+ }
+
+ /* construct URL */
LDAPURLDesc url;
memset( &url, 0, sizeof(url));
@@ -1394,7 +1404,7 @@ dnssrv_free:;
fprintf( stderr,
"Could not create LDAP session handle for URI=
=3D%s (%d): %s\n",
ldapuri, rc, ldap_err2string(rc) );
- exit( EXIT_FAILURE );
+ exit( EXIT_FAILURE );
}
if( private_setup ) private_setup( ld );
diff --git a/include/ldap_pvt.h b/include/ldap_pvt.h
index f1d93ac..6d1a6cb 100644
--- a/include/ldap_pvt.h
+++ b/include/ldap_pvt.h
@@ -2,6 +2,7 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2017 The OpenLDAP Foundation.
+ * Portions Copyright 2018 Siemens Rail Automation Holdings Limited.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -68,6 +69,9 @@ LDAP_F (int) ldap_url_parselist_ext LDAP_P((
const char *sep,
unsigned flags ));
+LDAP_F (int) ldap_validate_hostname LDAP_P((
+ const char *hostname ));
+
LDAP_F (char *) ldap_url_list2urls LDAP_P((
struct ldap_url_desc *ludlist ));
diff --git a/libraries/libldap/url.c b/libraries/libldap/url.c
index b65e2b9..2702fec 100644
--- a/libraries/libldap/url.c
+++ b/libraries/libldap/url.c
@@ -3,6 +3,7 @@
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
* Copyright 1998-2017 The OpenLDAP Foundation.
+ * Portions Copyright 2018 Siemens Rail Automation Holdings Limited.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -36,6 +37,7 @@
#include <stdio.h>
+
#include <ac/stdlib.h>
#include <ac/ctype.h>
@@ -1325,6 +1327,36 @@ ldap_url_parselist_ext (LDAPURLDesc **ludlist, const=
char *url, const char *sep,
}
int
+ldap_validate_hostname (const char *url)
+{
+ assert( url !=3D NULL );
+
+ // Empty host names are invalid
+ if (strlen(url) =3D=3D 0) {
+ return LDAP_URL_ERR_BADHOST;
+ }
+
+ int prevalnum =3D 0;
+ int labelcount =3D 0;
+ int i;
+
+ for (i=3D0; url[i] !=3D '\0'; i++) {
+ if (!(isalnum(url[i]) || url[i] =3D=3D '.' || url[i] =3D=3D=
'-') ||
+ (labelcount =3D=3D 0 && url[i] =3D=3D '.'&& !(i =3D=3D 0=
&& url[i+1] =3D=3D '\0')) ||
+ i =3D=3D 255 || labelcount =3D=3D 63) {
+ // We have an invalid hostname. Fail.
+ return LDAP_URL_ERR_BADHOST;
+ } else if (url[i] =3D=3D '.') {
+ labelcount =3D 0;
+ } else {
+ labelcount++;
+ }
+ }
+
+ return LDAP_URL_SUCCESS;
+}
+
+int
ldap_url_parsehosts(
LDAPURLDesc **ludlist,
const char *hosts,
--
libgit2 0.26.0
With best regards,
Dr Andrew Lawrence
Siemens Rail Automation Holdings Limited
MO MM R&D UK IXL
17 Langley Park Way
Chippenham SN15 1GG, Gro=DFbritannien und Nordirland
mailto:andrew.lawrence@siemens.com
www.siemens.com/rail-automation<http://www.siemens.com/rail-automation>
www.siemens.com/ingenuityforlife<https://siemens.com/ingenuityforlife>
www.siemens.com/ingenuityforlife
Siemens Rail Automation Holdings Limited - registered office: Faraday House=
, Sir William Siemens Square, Frimley Camberley GU16 8QD. Registered No. 00=
016033
--_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Diso-8859-=
1">
<meta name=3D"Generator" content=3D"Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Arial","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";
mso-fareast-language:EN-GB;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-GB" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">I believe the follo=
wing patch addresses this problem. I am still a bit confused about what con=
stitutes a DNS name. Alex has suggested they should
contain an underscore. My colleague who reviewed the code had a different =
opinion.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p> </o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">I am also not sure =
what to do about copyright headers and whether it is acceptable or not for =
me to add them into the files.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p> </o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">From b3d02c8478edaa=
877b39f3d8824b54dc7b70146d Mon Sep 17 00:00:00 2001<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">From: Andrew Lawren=
ce <andrew.lawrence(a)siemens.com><o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">Date: Thu, 25 Jan 2=
018 22:15:14 +0000<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">Subject: [PATCH] Ad=
ded host name validation<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p> </o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">Removed spurious in=
clude<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p> </o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">Fixed review commen=
ts<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p> </o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">Fixed additional re=
view comments regarding errorcode and underscore<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">---<o:p></o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">clients/tools/commo=
n.c | 14 ++++++++++++=
--<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">include/ldap_pvt.h&=
nbsp; | 4 ++++<o:p></o:p></sp=
an></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">libraries/libldap/u=
rl.c | 32 +++++++++++++=
+++++++++++++++=
++++<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">3 files changed, 48=
insertions(+), 2 deletions(-)<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p> </o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">diff --git a/client=
s/tools/common.c b/clients/tools/common.c<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">index 5eb41aa..821b=
006 100644<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">--- a/clients/tools=
/common.c<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+++ b/c=
lients/tools/common.c<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">@@ -5,6 +5,7 @@=
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * Copyright =
1998-2017 The OpenLDAP Foundation.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * Portions C=
opyright 2003 Kurt D. Zeilenga.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * Portions C=
opyright 2003 IBM Corporation.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ * Portions Co=
pyright 2018 Siemens Rail Automation Holdings Limited.<o:p></o:p></span></p=
>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * All rights=
reserved.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> *<o:p></o:p>=
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * Redistribu=
tion and use in source and binary forms, with or without<o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">@@ -1242,7 +124=
3,16 @@ tool_conn_setup( int dont, void (*private_setup)( LDAP * ) )<o:p></=
o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; int rc;<o:p></o=
:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; if( ( lda=
phost !=3D NULL || ldapport ) && ( ldapuri =3D=3D NULL ) ) {<o:p></=
o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">- =
&nb=
sp; /* construct URL */<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;  =
; rc =3D ldap_validate_hostname(ldaphos=
t);<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;  =
; if (rc !=3D LDAP_URL_SUCCESS) {<o:p><=
/o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;  =
; &n=
bsp; fprintf( stderr,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;  =
; &n=
bsp; "Invalid host name %s\n",<o:p></o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;  =
; &n=
bsp; ldaphost);<o:p></o:p><=
/span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;  =
; &n=
bsp; exit( EXIT_FAILURE );<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; &nbs=
p; }<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; &nbs=
p; /* construct URL */<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; &nbs=
p; LDAPURLDesc url;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; &nbs=
p; memset( &url, 0, sizeof(url));<o:p></o=
:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">@@ -1394,7 +140=
4,7 @@ dnssrv_free:;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; &nbs=
p; fprintf( stderr,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; &nbs=
p; &=
nbsp; "Could not create LDAP session handle for URI=3D%s (%d): %s\n&qu=
ot;,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; &nbs=
p; &=
nbsp; ldapuri, rc, ldap_err2string(rc) );<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">- =
&nb=
sp; exit( EXIT_FAILURE );<o:p></o:p></span></=
p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; &nbs=
p; exit( EXIT_FAILURE );<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; }<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; if( priva=
te_setup ) private_setup( ld );<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">diff --git a/includ=
e/ldap_pvt.h b/include/ldap_pvt.h<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">index f1d93ac..6d1a=
6cb 100644<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">--- a/include/ldap_=
pvt.h<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+++ b/i=
nclude/ldap_pvt.h<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">@@ -2,6 +2,7 @@=
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">/* This work is par=
t of OpenLDAP Software <http://www.openldap.org/>.<o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> *
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * Copyr=
ight 1998-2017 The OpenLDAP Foundation.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ * Portions Co=
pyright 2018 Siemens Rail Automation Holdings Limited.<o:p></o:p></span></p=
>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * All rights=
reserved.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> *<o:p></o:p>=
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * Redistribu=
tion and use in source and binary forms, with or without<o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">@@ -68,6 +69,9 =
@@ LDAP_F (int) ldap_url_parselist_ext LDAP_P((<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; const char *sep,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; unsigned flags ));<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+LDAP_F (int) l=
dap_validate_hostname LDAP_P((<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; const char *hostname ));<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">LDAP_F (char *) lda=
p_url_list2urls LDAP_P((<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; struct ldap_url_desc *ludlist ));<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">diff --git a/librar=
ies/libldap/url.c b/libraries/libldap/url.c<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">index b65e2b9..2702=
fec 100644<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">--- a/libraries/lib=
ldap/url.c<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+++ b/l=
ibraries/libldap/url.c<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">@@ -3,6 +3,7 @@=
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">/* This work is par=
t of OpenLDAP Software <http://www.openldap.org/>.<o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> *<o:p></o:p>=
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * Copyright =
1998-2017 The OpenLDAP Foundation.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ * Portions Co=
pyright 2018 Siemens Rail Automation Holdings Limited.<o:p></o:p></span></p=
>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * All rights=
reserved.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> *<o:p></o:p>=
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> * Redistribu=
tion and use in source and binary forms, with or without<o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">@@ -36,6 +37,7 =
@@<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> #include <=
stdio.h><o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">#include <ac/std=
lib.h><o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">#include <ac/cty=
pe.h><o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">@@ -1325,6 +132=
7,36 @@ ldap_url_parselist_ext (LDAPURLDesc **ludlist, const char *url, con=
st char *sep,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">}<o:p></o:p></span>=
</p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"><o:p></o:p></span><=
/p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> int<o:p></o:p=
></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ldap_validate_=
hostname (const char *url)<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+{<o:p></o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; assert( url !=3D NULL );<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; // Empty host names are invalid<o:p></o:p></span></p=
>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; if (strlen(url) =3D=3D 0) {<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; return LDA=
P_URL_ERR_BADHOST;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; }<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; int prevalnum =3D 0;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; int labelcount =3D 0;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; int i;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; for (i=3D0; url[i] !=3D '\0'; i++) {<o:p></o=
:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; if (!(isa=
lnum(url[i]) || url[i] =3D=3D '.' || url[i] =3D=3D '-') ||<o:p></o:p></span=
></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; &nbs=
p; (labelcount =3D=3D 0 && url[i] =3D=3D '.'&& !(i =
=3D=3D 0 && url[i+1] =3D=3D '\0')) ||<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; &nbs=
p; i =3D=3D 255 || labelcount =3D=3D 63) {
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;  =
; // We have an invalid hostname. Fail.=
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; &nbs=
p; return LDAP_URL_ERR_BADHOST;<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; } else if =
(url[i] =3D=3D '.') {<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;  =
; labelcount =3D 0;<o:p></o:p></span></=
p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; } else {<o=
:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp;  =
; labelcount++;<o:p></o:p></spa=
n></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; } &nb=
sp;
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; }<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+ &n=
bsp; return LDAP_URL_SUCCESS;<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+}<o:p></o:p></=
span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+<o:p></o:p></s=
pan></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">+int<o:p></o:p>=
</span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">ldap_url_parsehosts=
(<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; LDAPURLDesc **ludlist,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB"> &=
nbsp; const char *hosts,<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">--<o:p></o:p></span=
></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Co=
urier New";color:black;mso-fareast-language:EN-GB">libgit2 0.26.0<o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ar=
ial","sans-serif""><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ar=
ial","sans-serif""><o:p> </o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:10.0pt;font-family:"Ar=
ial","sans-serif";mso-fareast-language:EN-GB">With best rega=
rds,<br>
Dr Andrew Lawrence<br>
<br>
Siemens Rail Automation Holdings Limited<br>
MO MM R&D UK IXL<br>
17 Langley Park Way<br>
Chippenham SN15 1GG, Gro=DFbritannien und Nordirland<br>
<a href=3D"mailto:andrew.lawrence@siemens.com"><span style=3D"color:blue">m=
ailto:andrew.lawrence@siemens.com</span></a><br>
<a href=3D"http://www.siemens.com/rail-automation"><span style=3D"color:blu=
e">www.siemens.com/rail-automation</span></a><br>
<a href=3D"https://siemens.com/ingenuityforlife"><span style=3D"color:blue"=
>www.siemens.com/ingenuityforlife</span></a><br>
</span><span style=3D"font-size:10.0pt;font-family:"Arial","=
sans-serif";mso-fareast-language:EN-GB"><img border=3D"0" width=3D"300=
" height=3D"109" id=3D"_x0000_i1025" src=3D"cid:image003.png@01D3B24C.628B2=
0A0" alt=3D"www.siemens.com/ingenuityforlife"></span><span style=3D"font-si=
ze:10.0pt;font-family:"Arial","sans-serif";mso-fareast-=
language:EN-GB"><br>
</span><span style=3D"font-size:8.0pt;font-family:"Arial","s=
ans-serif";mso-fareast-language:EN-GB">Siemens Rail Automation Holding=
s Limited - registered office: Faraday House, Sir William Siemens Square, F=
rimley Camberley GU16 8QD. Registered No. 00016033</span><span style=3D"mso=
-fareast-language:EN-GB"><o:p></o:p></span></p>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
--_000_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_--
--_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_
Content-Type: image/png; name="image003.png"
Content-Description: image003.png
Content-Disposition: inline; filename="image003.png"; size=9561;
creation-date="Fri, 02 Mar 2018 17:32:42 GMT";
modification-date="Fri, 02 Mar 2018 17:32:42 GMT"
Content-ID: <image003.png(a)01D3B24C.628B20A0>
Content-Transfer-Encoding: base64
iVBORw0KGgoAAAANSUhEUgAAASwAAABtCAYAAAAbDlwIAAAAAXNSR0ICQMB9xQAAAAlwSFlzAAAS
dAAAEnQB3mYfeAAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmljZX/tNXEAACTZSURBVHja
7Z0HfFVV8sdDEwEV7AURsQOWdYtrR1HsiAX76q5rL+ti278FlCotQAgdpPcWeu8ltEDoEDpKgNB7
lTD/+Z73brh5vEBCQPLi/Pjczwv33XvOmXPu/O7MnDnnRYnBYDBECKKsCwwGQ6TACMtgMEQMjLAM
BkPEwAjLYDBEDIywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZDxMAI
y2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQM
jLAMBkPEwAjLYDBEDIywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZD
xMAIy2AwRAzOGmH9dvSobNi3T5bt3CmLtm+Xpfr5y969suPQoZPee1SPI3o//1LdcWKkBo+jmfzn
rnflZ66s1KOpp9wP3Juu3qB8GcqdJVlEUuVohuWFypKaenI5jh4NtPNIWtlHMyXnoSNHZL2Orxvv
HVkbb4PhrBAWJLNg2zbptWKFVJsxQz4cM1b+MXy4vDJsmLwxYoS8O3asVJk8RWrNni2dly2T2Zs3
yyGfEvEX5FY/MVG+nzZdqul1VafPkB+nTZMey5fLpv3709V3UO/tu2qVu6bqjJnu+nTHnPBH1Zkz
9Z7pMvrXX2Xvb7+5sg5rWTM2bZJo6oyPP3a9+/80qT5rlozZsCFT/bD54EHprn3wg7abetLVq+eG
rVkjOw8fTnfPVr2nl8r4vdZddVZCJmSZo+cTVG7tn4QEiU9JSVfedJWl4ew5UnVqvLvO1a/X/qDt
6b96tSPs48ZPj6QdO6T5vHny/ZQp2vZpEr1gvqzdsyesnAe1jLlbt0rnpKXyrcr1wZgxOt4j5BUd
89d1vN8JjndN7bvOy5bLEi3bYMgRhLVZ36S9lYTeGDxYrv25vUTFNJWoeg0kqlZtiapRU6Jq1pKo
Oj9JVH09V7++XNSihbw/ebJsUUX1cFgVoKcqetFWrfXe+hLVrLle21CifvpJHhk0SOYqGfqB0lcc
OTJQZsNGges5YptJVFOO2PBHA8qsK1UmTpQNQRLco8TVcP48ubSZ3le7jkQ1bxE4KC+6saujsirh
Dl97M8L4Devl2q5dVYZ6EtWo8bGy+FvrfV+JfHUICSSpRVJp0OBA3fTdyWThfJMYiaqr/dSkidSc
OzetLKiorpLOhdRJ/3Mtf1Ouln9Xt24yY3OKe8H4cUj/P0DJ7MZ2P0tU9Rpadj25pEMnGb9+/XEy
phw8IJ2XLJFXBg6UK9q2DbSFMaP9jLV/vPX8pa3byI9KoEfFYDjLhIV10mTBArmhTVvJx4MKIaBU
jQKKzoOfdvD/aj+4485+/WStug1+wsLKuLhFS6fYroygEjwycIAkhiGsp0aMDFzj1ekUWRWzYXTg
XLiDNv7wo3yqxLHOR1gNVMmvpAy+j/WThP5do5aUVsWMW73KtTMj4Aq30HKiohsF6oIkvHbRJpXl
w9FjjiMsXKjnVfkdwTRucnJZOAdZ/VDDfX6nVpifsOpoGy6CfHlZ0AbK4qhVRwo3bKgvi0nOqgsl
rDi1/m5p2871D2NwRfsOMiGEsHDz6iTOkVItW0o+yqcttBOZ/ePNuHBQ1o/V5emRo44jSYPhdyUs
lHdMcrLc07FjQDl40/I2V4Ur1KaN3NKjp5RXRawweJDcowR1fbfuUhAi0zd42T59ZNXu3emUve+K
lfrGbhd4+Fu2UtJrIgUaNJCnhw6Reeou+rFLCauyKr8jRurFMvMOSM+zbEIPrlel/0otvA0HDriy
cA1jlHRLtgxad5RB/XwqEaOIhRs3lvemTJatJ4jLJKqL9NKQIQGFhSDUskgrR4kjj9b76fjxssZH
1GDZrl3y8tChAYXHsuJ67s1IFs5RPuQVGys/KUH5CStaZSnepnWgHVzrlcU9WsdNXbupO7fluLEc
vHat3N6pU8BSUiIqoZbiJJ8rzDVDlNRuwqryW4MxsXKu9lPpnj3VGtbxVov4Lh3vEp07S95GjdxL
4HF1FQ+nporBcNYIC5fu7QkTpGCDgOmPcubXN/ud+uBGz58vo/XtPH3LZpm5ZYtMSUmREUpubRct
kq8nTpKac+bIxn370hPWylVyBS4lBISSNYmVAo2i5dlhQ2V+GMJ6Ra0kdy2KiGKqAt3cvYd8Mm2a
xC5aLI0XLpRGC9If0eo+NUpMlKmqiPuDMSwsrKZ6bUnqVAvEkRR/88nhXMNGUlYJOHHLlgz7o1VS
klzM9R7hQr5eOdrGPEqW/9H+WhtCWMshrGHDAgSEHJCLkn5pleUzlaWRtq2JXxb39wInR+MF82W2
r00QFtdeDalQHmXRDtrAp7bhXH0RfDNzuqwPEnYaGUFYSjKO6PS6Euo++glr+e5d8sboUQF3Lyhj
fiXQu/r2lZaLF7vxnqFtYbwn6XgP/fVXablwgXyh7ndT/Txw5IhppeHsERaxl9K9ewfcAt78Sh6F
oqPlo4kTZG9qxg8ngelfVWkPBAnjOMLCLXKE1VQKaHkVMyCsl/2ExaGK9oxadJBkVpCOsBpEB5Qb
4oB0OBe0+oopiUC4e8Mo3h5tz6eqmI4kIDiPePyEpWVkirCoVy2hSirLvG1bsyQLhNXYIywsNs/q
pEyPfPV8SbWkRiihhCUsXPIwhDVuw3q5pkuXQDsZb5XnvKZN5XMl1RMh5cB+Wb9vr1lYhrNLWPO2
bZOS6uY5N8tZOOoaKIFUUvdmdPI62Xk489Pa2SIsL0CthPX84MEyJyTelSXCqt9Q8qpi5/e7cxCW
1lNQFfVFtTCWKsGEYowq8/1qWTpl177Io/fl13LyelZaVglLLdaXVJakXTuzT1jOhWx+TBZcOf0O
t3jToUAs60gmCGu4ElzR9h0C40OZ2ifnqUv68sgRMmNTihsTgyHHEtbiHTvkpp69AhYWpKGKmUcf
5HP0eKBPX4mZmygLlTz2KSGcLNx6WghLlfzZQYOUsLJmlaQjLFXWIqrU1yn5lOjeXc6FPFBODlXi
yzt2lKG//JJOHuyGL2fOkkJYHdqG/HrtNXpvcVX4ghBEMH6UVcKqrLIQkD9lwlIChziLKMmcQzs8
K4s69LubOnWWPmvWpMlwMsIaoy7flVhY0cFZWS0zj34WUbkrxPWX5uqeLtNnYp/PcjYYcgxhJe/b
J88MHy55iWHxEDMljmLoQ5xPSexKffve36eP1FFlTti0yZHSGSEsyCro6lSIi5MJGze6a8jzIm4S
ehxJTU1HOGmE1aaNmxG8WJX9ubFj5MMpU+Q62oMFiVzqEkI6NadPl22HDvr6Ya9UGDgokIYREyOX
q7tF2sa96tLl9dyxU3AJn+4fJ9NTUlzfcHjt3x/8JGEzNKcqjbDatXPB7sLaL48OGSqPDR8hVzI+
Xt9qe/LqGFXRdro+0fsIut/WKWPCmqtj8NigwZKP7+l3rC1nPTaX/CrblUpcj/TvL/Vnz5b5mzeL
wZCjCOugPug9V66QEq1aBaavIQ2UgoeYqfnglPxVqhwP9+4j38VPkykbN4TNXs8WYVFXcOaseOcu
8syo0fJRfLy8q4Tzjiokx7/1eH3sWPlMP1HCg754SjoLq0ZNOV/l+ffkSTJq3Tp5ZMCAgBxe/EeV
9TE9Fx+Mk6Hs7ZOSpBTfV68hBZs3c/lho5KTpZKSuXO/skpYkJzWdbXK8qzK8v7UqfKeJ4t+vj1x
oryphFpl2jTnlocnrJ9dOsH52j+fTJosfZWMKpM6Adl4bmqdn+R2tZiGaFtx5oar5Xgbs4QZEBZ9
/vPixVKkadNA+gf9wXhRVsyxFIwSzZrJ42ph105IkGn6orLIlSFHEBbYffiQy6AuTt5PnTrBqfZm
AYuEhzlo+eDinKtE9ESvnhIzb64sD8lFyjZhcT1K2rxlME+pbjAfKHjwd9Vqkl+VtOGcObLdF29J
R1i1akleleXF0aNdlvf/zZolRZANhYRMlHQuVkus1dKl7l7SHCqNHiMFabOWX0q/67J8uctXqjw0
SEJZJSxPlhaeLPWOyVK/fiBfS+tC9t4rV2ZMWBCo1vlPJWrqbJyYKPmwFpGFOrTN+bX8jydNcvfO
27pF7uraLTALGIawQMr+/fKZkublseSs1T6WtEt9HEHXnKOYEttTSlytFy2Udfv3mUYazj5hgWR9
iOslzpE/6du6GK4hSoYC8/B60/tYDZxXl6uYPuz/VSVZu3t32ts324TFWz6o5Hm0nrxqJeQhhuMd
KJEq+UW160gjdVm2ZUhYqoQxTeThIUNknbq8E9W9/AtxG6wOvodEtKyv1GoBvyipkX7gZFOyK9er
l1tHifVZkex1L/B9yoTVMNj+oBxKWHloY7VqUlBl73ciwlJrkb6oQPB+506JVzftrl69A7IQb2Nc
6tSVcj16OHJep+16VC1hl2OVAWEB5KuhRH6buoTnM6vqkkeDrrkX2A+6tVhixVu2lJozpssWXxqF
wXDWCAvgYrGGDZfrDlWAC/QBzgtJeDNKrYNuCIqib/BLVCFqz5gpm4IPcbZjWCiKln1Jx45y94A4
eVoJ4Aklnce9Y+hQKde/v0vsZD3ffl9qwnGE1aSJ3D9okIvREQf794gRASX30hy0/S/GDZBEbdPg
1aulODKpkudp3FheGzfOlUmO2UP94wLKfCqEpZ+Xduwk96j7+aTK/8TQY3I8pq5d+X79pPKoUW4N
5AkJS8ssN2CgzN26zc0ERifMlry8VLCyIBZtX3Gtq6aSOORUoV//gIV0AsJy4639N2ldsnyg1tut
Sujn6ZilG28vlw3rS9tRSq3U6Hnz1SK3mURDDiAsD6zPS9Q3eeOEBKdUFzRvHlAAT0G8xFBV8Bu6
dpeJGzZmn7C8tXeqnOXj4qTv2jWyQq23FUoEy71j9y5nZazSz13qrh31BauPJ6wYR1jrg4mtPyXO
lTzNmh3LqNfP6zt1lsqqrBWURAoFl/SUUPmaLF7s7lmybZvcq+6Qm4w4lVlCJZLHVJah69YFZNl9
TA4+2RlhtZ4PnZELS1hKcLO3BmZOIaDSPXoEEmSdBdxa8ukY3dCjp3w8darcQZtjAkttSnTNmLC8
upJVloSUFKk9c6aU6907EN/CsqJsz00MrqO8Q627+Vu3isGQYwjLw04lBXYRaLNggVSM6x+IA7nU
h6C7EMzd6pS0zF2PvdNvVfbTGlhEvCDk2pMhQ8IKEsuI9evlbyTIQrxBVyq/klBBlaOAl/ag7toL
g4bIymCOFqR9d58+p05YWteLKsty3/KlzCAcYT0EYQWz4Ynd/aTu+3lqDabN7AZnMi/v0lUuVCLO
G0zhOBlh+bFZLeUpem3s3ER5ROXO1zS46NpLnFUCLqr/767jvd8y3g05jbD8mLxxg7w6cqQUhVQa
x6RNq6OczZXQQOppIizysGadYPlMVghrXZBYcFu/nTIlveUQDKS7+JlaJHljY6WGbxHyHCWse7JJ
WC9oGxZlcVuWkxEWWLxtq9xOwq+3dhFCoc4gweQNvlCyQlj++kevT5aX1I0ujKXGEUynuEj/jk5M
lO22T5bhbBAWbhWxjIOZWHLRfNEiucYFrBsEyCg469Z2yZLTR1hq5VQaPFhmbc1G4qiPsH7xEQv7
fBWBeNJicm2OxeRIwuzaVfr98svpIywts7LKsuRUE0dPQFj0HTs8FPN2xPDWPHopFRlYWMTA9mdi
vGlDmyWL5BIv1SG4hrGYjlMbfQ72WGKp4WwQFg/vZH2g+6syE8dgMTTKwAO5N3gQZF26c4e8PW6c
nA+xoCQoub7dL2zfXoYElfxIdoPuwbVtd/fpK22SktzOCTM3bZIZ2q5jxyaZvnGjxK/f4DKyvQ38
9maCsNiP61E9lw+rxIvHBZfcIEsoEWWbsFTB71NZOixf7uSYdZwsKS6pNH7DRlmupHbQ52adjLAA
Y1KO9tWtf8x1847grhahhLVNLaNxycluvHF5t2Uw3nO0798YMyYQ2/MWpjdoINd07CTjk9fbvliG
s0NY5CB9OW2alNaHvGz7DvLkiJHypipklenT5JtZs+T/Zs6Uf0+aLA8OGuh2MWDZjjczVaBOHXUb
hqdZENlOawjGYYro/dequ3Nrr95ud4Uy/qNnLynTpauU1rZ8PnGS1h2IN+1TZT8ZYe1SZWwyb54U
i4kJxN+8tANtayG9r8/Klen2e8oWYQW3gzlPZSmlspTVdh8nC0e3blJa+/MrUkT27skSYZHrjwt7
WfNgnpyXTHoCwlq5Z49LR7lFXzy3duokz4wapeM7ST4PjvfXOt5v6//v7R8nRVu1OjbeasUVql9f
Xh87TpL37TfNNJwdwiLQ+tb48YGsZxIZlTjyqWJeoA/8xS1bykWsK3T7Jfk2siMBUq//c5cuMm7d
urQALCv5++ibO/1+WI0lv76ZmdYPtx/WC/79sLyUA9+eV2E3viO59bvv5Yl+cTJzS8B1ZPcFNiG8
hjLY10vvv3vAgOO2B56nSn9r9+7H2qdyFWBmUl23BSGxpgSC7uQ8QQbBrW8gj0/GjZc1YXYcdfto
eTuthsqS0YaE9OX3VeWZ/v3TrTmMVsK6irWEP1Z3ZT4QFxc2rkebn9R707LWfcuIqJNM+4k+wlq2
e7e8zi6vWmdU9eruOsa3aHC8L1Q5C3hJtjGxgYN0kJo1nTU34yTLswxGWGcUuASfxcdLfhRNScBl
SKPwLNMJ7izqttvlPErH4mG1UJ7u2096rFol/rkiCKvb0qVSiIedMiAFrB1Vunvj+klCSFyKHUfL
k0lOtrW3P1Ojxsd2+8yIsGoHCatv/zTC2nPkN6mdOEcu4P6v/+cU+MZevdJtMAgIFr+lFhLJlp5s
5yghxarltSMkv4glKWVZl0dfUC+Kq7L8S63QlSHlElh/sl+/QJn1G2ROFo+wVJaKSjpJvh0kasxN
VHdM+/HLr1yZZXv2lPjNm8KOYcPERCmMRUufUzf1Mp4q2/lqcY1VF9ADGw9+OH5CgOBoa0bjjawN
AwmlV+nLhN1UB/q2sjEYzgphEbPgByUq9Okrt7RuLdepdXS1vqFZBHu5vnk5rmrRQkrqm/tmdRmf
0Ae3ekKCiy+FgjfvyLVr5UElitLqCpXp3kPK6D23aZnvjh93XPCZuMnHU+PdNWU6dgpcf7IDN0qt
hjJt2sgXEyamuYRYeR2SkqR8D70mtrkr88UxY1ziqB8HlFR7rVwh5Tp0lJL16kkpJdcHyS0KY72w
S8Vr6ubhspVRt66MklfZdu2k1vTpLoPeD/KpqqilSrvKdO2aOVk41GUro6Ty1cSJ6dzMn5cluX4s
oxYOZb46ZrS61OG33Jmt7XxPZS2j40cbXR+p9VtaXcryAwa6Rese2Fa53aLFcp/WfYtacKX0YLyv
0PG+jPHWTzfeeq5Mx45SUd3q2uoqrsjixIHBCOuMAOOeXTuX79whE5PXSb8VK6WtPtAxanHU0zc3
v4DTbP586bJkiYzVNyx5TRntOklZW9XFnK0KQj7PtI0pEs+OpXosDbNlCfGipB07Zep6vTZ4fdqR
kvERz7VqNazwlcmOB7Rttn4/Vd1UriGX61CYtrJGcOyaNdJZXcieahGO0/aFyyvaqxbXQiXmKfr9
NAL9GwLtXK2W0MGQ6+lDJgGm6rXxem2mZdFruYd7/f3K0hkny6/rnKyLlJT2ZJBhjuwbVfbpyevd
LqyubP2k3fyykX+PK2aF6TN+AWe8jid78LdetEga63jXZbznzpVYHe+u2i+TtN4t+/fbLqOGnENY
oYRz8EiqKsZvTqm3BQ9cNx7y1Fw0N3Q4qLgQ1R81JoPUkBGzgseN9xFLWzBkHfbLzwaDIWJghGUw
GCIGRlgGgyFiYIRlMBgiBkZYBoMhYmCEZTAYIgZGWAaDIWKQqwmLJMZ169bJ8uXLZecfLJMa2ffv
3y979+6V307zVi0HDhyQ7du3n/ZyDYaTIVcTFiT1+eefy6OPPio9evRIt+VxbsERfi8wTKb4xo0b
ncwdO3aUX3x7cGUXhw8floEDB0q9evVk1KhRcvDgwTPSr6mpqY4QU0P21eL/4eSlDbt375a1a9c6
Mk21n7zPlcjVhDV37lz5+9//LlFRUfLf//43Vz7EK1askDFjxkhSUlI6RR4yZIhcd911csMNN8iE
CRNOS11YVv369ZP77rtPLrnkErn33nulZ8+esm/f6f15Ll40tH/48OGyNWRN6XqWMU2bJosXL043
nitXrpSPP/5Y/va3v0mVKlVkSXDTR0PuQq4lLCyBAQMGOIW96KKLpGHDhrnSwoqPj5dXX31Vnn76
aUdcyJicnCzvvPOOI2q+W7Vq1WmpC0utQoUKcsEFF8iDDz4oL730ktSoUUO2bdt22uTZs2eP/Pjj
j3LnnXc66ziUsJDlm2++ce34+eefnTUF2rdvL0WLFpWCBQtK2bJl3f8P26/v5DrkWsLCPahbt64U
K1ZMHnjgAZkxY0aulHP16tVSrVo1eeyxx6Rr166OsOLi4qR48eJy+eWXy8yZM09LPcTCcC8hq2ee
eUamTp0qiYmJznrbE7J3V3awcOFCufbaayVv3rxSs2ZNORSyt/uOHTukefPmctddd8l//vMf2cAi
9AULpFy5cnLeeec5smvUqJGzzojhGXIXci1hpaSkSKVKlZyV8a9//Us2b978u9SL2/R7v9mpE0Vn
cgEQX0JurJQNWfyBiBMRSfny5eWcc86Rtm3bnjE5KBuLGAsKlz4cIK2JEyfKyJEjHVk2aNDAyfvn
P//ZWZcA99gsrNyHXEtYxHZKlSrlHuTatWs7y8P9IMbBg+4hP5TFX2XhvhMpAGUTR+ndu7eMHj3a
EaQ/xkJ9KOSRTG6lciruK2VT51dffeXkfu+992RLFn8dKCMMGjRIChUqJFdddZUjizMB4lJPPfWU
nHvuuRIdHX3CvkJO+pSxfPvttx2Rfv3116fV2jMYYf1umDJlilxxxRXOJezSpYs7RzCXmMvjjz8u
nTt3znRZixYtcm9x7sHSQClClYn40Ysvvih/+tOfXFAaK2fNmjVp9aKAX375pYs5nQwQH9fh7vmJ
C8Lzuzko7bJly9ICzAS/IZNHHnnEKT1xLMiT8jIiaO4h9QNCzgh8h3t9/vnnu7jSpk2bsj0+tJ1y
/aQ+bNgwKVKkiKsHly4zYDxwB6+//noXqPePi9/yPGwpGEZYORUoZ7du3VwMBzdh/Pjx7jwEcvPN
N6fNGnrKSHC+T58+TnH9YFqdWTDckzJlyjiXCDfz+++/l1mzZqVdxzQ/JMX3BIQJ/uKOTZo0yX0/
f/58ufXWWyVfvnyOyDwQe4EMUSwPEFT16tXloYcekm+//VaO+BS6e/fubiZs3Lhxrt3MmGFV/POf
/5SEhAQXFH/33XddnAmL47bbbnMkyvefffaZ9OrVK51rPG/ePEdq//jHPxzBZ2TRcA9l0J8tWrRw
1it9hWuGC0bMjDhabGysI0cP9PfkyZPl1+DWx5Br69atXf/x4qA9/oB9mzZt3Njcfffdrm2hgJiJ
m+32bR9NXO3SSy91lpmfdKdPn+7qefbZZ11IoGOHDmntMBhh5SgwcwQxEAthJgsFg3yGDh3qpuOZ
RULpUbiqVavKTTfd5AipXbt26R568pgIAF922WWOPJ5//nmnUBAB9wMUjhk6zr/88svStGlTp3Af
ffRRWr2tWrVyAWHqHTFihLPQqIvg9SuvvOLa5ZEV9/zlL39x5eHqeMDi+utf/+rO4/IhI4QIAaOw
kBlxuw8//NCRVYkSJdz0PkTCpAP3Pffcc2kW2tKlS+WNN95w57mWeJBHWPQBhITS9+/f3xEohMsM
HNYMBPDJJ5/Id9995wgU6+biiy+WkiVLuv9j0SA3biSzlFxLH0Ce9DPt4TpeKh5hYenRVsj2008/
PY5cINS33nrLWXgQPWMH2VMmMlAmVhkueZMmTVzfknZBf/DyuK5UKUeIBiOsHAfe+lhQWDq4YRAE
0+P/+9//5EJ1EWvVquWUmwcbBcFyyJ8/v3v4UVSUDTK4/fbb3WwbDzplonhch1XCrBmWEd+hqNTF
TN2bb77pZqk8S4bZNFw04j9Mw3Mf90CC1MtsGC4qeVQASw8CgYhwkSAxCACiQDEvvPBC+eGHHxxh
MSvoETDtpd2QLGVTp0e+XIdrjOJiAWH5oMiURxsgd3+sCzKDFMlhQ37cNNoJ6UJcWH+epcp5SAgL
DkLEDf/iiy9ceVietI3rOK6++moXVxs8eLDrT/rPc3khKKxD5MF99q9MgJi8lwIWLtbXnDlzHIEx
fp4c9D/EhTvsET6zw1hftB231mCEleOA64FlhaLhpgACuk888YQUVuLgTY71ceONNzpLiLc/ikXO
FrEossS5n4ee71Gmli1bOuXFrYuJiXEWwdixY930ukckkCPKDinhljLLhRJi8WCdQCaQFfWigLhX
3E+ZtIkycU+x6rCmyCSHiCACys+TJ49TetoLCeNeQYT33HNPWjY7bhbKS3a/ZzFBUMjD+ddff10q
V67srDLKox9CA9XIhRUJCVM27UVGXF5cPGYeIX3OQTBYP7SdGFLp0qXdAclC1p5VSH0QJ0QbbvIC
d++FF15wbaSf/Offf//9NBLCBaZvSdegjRAmMS9IFDeTlAcIlGshbQgSEuMFxtgYjLByHIhzEFOC
KHARAIrmWQXXXHONXHnllU55saiIiXjuEdYTb3CPsMgWhzBQQqwrrB9IDHfotddec9YRiu2RG2SH
YqA8vPHvv/9+F4iHsFAkFPLhhx92iki9KBiu6y233OIC5FgeWA4oIQqJRQP5oOxYb7QB5cOVwi2F
ZCFbYmpYKygy9UEUXjwJ4kImZkupG5KjvcR3vFQIP7AOifvRHkj3gw8+cPXiqnnxNqwkZMGimj17
tjuHZVm4cGFnyZHg2aFDB2fZ0d9YTXtDfhzWD9qK+0h5uJKAupGZscLlpM0QO8ACYxIE+ZG3b9++
jkghROKIvKxoH5YkpH86JgoMRlhnBASg77jjDveA42IBSMQjIQ5iR8RCPGAl8D1LO7CmiCvh2mBh
QGIoO2kSKCBEgrtBNjWJk82aNXPWBy4kVkLFihVdOdyHImE18T2kBcF5wXhA4JyysWJwXWgT7g7k
h/WFEnszZrhYEBiu63pVzh1B5cSSINaE5QEJQmjcC6n4ZwdR8k6dOjmCRaEzG9MhQRPXq379+mnL
cLA6ISEmNch6h/xJeYCUkRmrDReavsa1PBlhcD0WJy8E+ohYFWTPi6JOnTquDQUKFHCfHiBpyBo3
ERffA2MNuWKVQmbICQHT78TqcLUhWUuBMMLKEcAFwj1DkXBvAJYBf+NeEPANl5SI20hcC4UjHoSS
EQPh7c9sIZYCiotyhuYioRDUCcFgkWBt+JfEQICkRoSrl3gPyop7hhsFUEDq8Aef+Rt3Cctie/BX
pLHUsCIhOc/Vos2Ux5o7P2FBNpAsioySZ2a9HRYjBImVw73+tApv8gCCwarCzfW7cySBUo9/ZvRE
YOEykyBYwlidvAAYD4DVjMWKZYvFiFxYcLSLSYDQ9Yz0PbOEWNoE33mJMDYcjD9jvD3kl8INRlhn
BSguDyxvVBTODxQuK4ugcY8IljMT5mVTM9OXEY5k4zf2cOl27dqVqQztzCSWhl7DTCMzolh6zNBl
BvQjRIRrjKUYrm24YricfisH8JJgsiMrW/tAPLwcsDo98gZMIGAZEdfzEkZZH4q1iDUVDlwHaWMZ
cg1WK5MJxADJz7JMeCOsHAWIKTsLnlE03EJv1o7AL2/rM5XpnRUyOpW+IEhPXI8Zx3B5TuHABAaW
DURHTOv32PECoiHeFdoPEAzfcZ6xIZ5FPI4xOlFfQm7E/CBPrCr+b3t5RSZsx9ETgLcxKQLEhHAh
sDIIgBMjizTgUpEAi6vFFjGZXRiM1cSkA6SdkYV1NkAeFu4h1iIzh4Y/BoywwgBXBuVkpo44GEpL
MJzAOLNWkZgxjRvETB9T/KGu24kAQRFXIpkVNzKn7ICABUacEKuXmUDDHwNGWGFATIacLWbSmFXD
rSD4S84RW55E2rYlECxBZ5InveTVrIAgPgF0LMusLho/U8ClIz7FODFT6l/eZMi9MMIKAeSEguIC
oQxeZjizXbgfrF2LNJB+wOwmaRu5SbGx/gjCk+zrX19oyL0wwgqBtycTmdmkIQBmq8gwJx0gs7sI
5BQQbCYHDHfWS8jMTcDSwuqzPdz/GDDCCgEzSEyD4/55WfIkYGKhsGOBt2VMJICZNG9NJesos+oK
Ggw5DUZYIeBtTZ4VGdRkauNOPfnkky6J0VtgHAlg+p5lP6Qx4AqSnmAwRDqMsMKAKXO2iSFQTcIo
6/LIYYqk+A9rBEmWJPZGSoPBkBtghJUBiImwBIblMriEkQZmBrEUQzclNBgiGUZYJwDLRAhaR+IS
DlzXE217bDBEIoywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZDxMAI
y2AwRAyMsAwGQ8TACMtgMEQMjLAMBkPEwAjLYDBEDIywDAZDxMAIy2AwRAyMsAwGQ8TACMtgMEQM
jLAMBkPEwAjLYDBEDIywDAZDxOD/AfJ2nuAo4uJvAAAAAElFTkSuQmCC
--_004_4CF710229787A0419BF92C9304DC6446E7927ADEFTHW99EI5MSXww9_--
2 years, 10 months