13.20

.gitattributes

@@ -0,0 +1,3 @@
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text

.lfsconfig

@@ -0,0 +1,2 @@
+[lfs]
+	url = https://artlfs.openeuler.openatom.cn/src-openEuler/postgresql-13

CVE-2021-23214.patch

@@ -1,108 +0,0 @@
-From e92ed93e8eb76ee0701b42d4f0ce94e6af3fc741 Mon Sep 17 00:00:00 2001
-From: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Mon, 8 Nov 2021 11:01:43 -0500
-Subject: [PATCH] Reject extraneous data after SSL or GSS encryption handshake.
-
-The server collects up to a bufferload of data whenever it reads data
-from the client socket.  When SSL or GSS encryption is requested
-during startup, any additional data received with the initial
-request message remained in the buffer, and would be treated as
-already-decrypted data once the encryption handshake completed.
-Thus, a man-in-the-middle with the ability to inject data into the
-TCP connection could stuff some cleartext data into the start of
-a supposedly encryption-protected database session.
-
-This could be abused to send faked SQL commands to the server,
-although that would only work if the server did not demand any
-authentication data.  (However, a server relying on SSL certificate
-authentication might well not do so.)
-
-To fix, throw a protocol-violation error if the internal buffer
-is not empty after the encryption handshake.
-
-Our thanks to Jacob Champion for reporting this problem.
-
-Security: CVE-2021-23214
----
- src/backend/libpq/pqcomm.c          | 12 ++++++++++++
- src/backend/postmaster/postmaster.c | 24 ++++++++++++++++++++++++
- src/include/libpq/libpq.h           |  1 +
- 3 files changed, 37 insertions(+)
-
-diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c
-index ee2cd86866da..93f2e0b81d32 100644
---- a/src/backend/libpq/pqcomm.c
-+++ b/src/backend/libpq/pqcomm.c
-@@ -1183,6 +1183,18 @@ pq_getstring(StringInfo s)
- 	}
- }
- 
-+/* --------------------------------
-+ *		pq_buffer_has_data		- is any buffered data available to read?
-+ *
-+ * This will *not* attempt to read more data.
-+ * --------------------------------
-+ */
-+bool
-+pq_buffer_has_data(void)
-+{
-+	return (PqRecvPointer < PqRecvLength);
-+}
-+
- 
- /* --------------------------------
-  *		pq_startmsgread - begin reading a message from the client.
-diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
-index 5775fc0c0910..1e0936e5b482 100644
---- a/src/backend/postmaster/postmaster.c
-+++ b/src/backend/postmaster/postmaster.c
-@@ -2049,6 +2049,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
- 			return STATUS_ERROR;
- #endif
- 
-+		/*
-+		 * At this point we should have no data already buffered.  If we do,
-+		 * it was received before we performed the SSL handshake, so it wasn't
-+		 * encrypted and indeed may have been injected by a man-in-the-middle.
-+		 * We report this case to the client.
-+		 */
-+		if (pq_buffer_has_data())
-+			ereport(FATAL,
-+					(errcode(ERRCODE_PROTOCOL_VIOLATION),
-+					 errmsg("received unencrypted data after SSL request"),
-+					 errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
-+
- 		/*
- 		 * regular startup packet, cancel, etc packet should follow, but not
- 		 * another SSL negotiation request, and a GSS request should only
-@@ -2081,6 +2093,18 @@ ProcessStartupPacket(Port *port, bool ssl_done, bool gss_done)
- 			return STATUS_ERROR;
- #endif
- 
-+		/*
-+		 * At this point we should have no data already buffered.  If we do,
-+		 * it was received before we performed the GSS handshake, so it wasn't
-+		 * encrypted and indeed may have been injected by a man-in-the-middle.
-+		 * We report this case to the client.
-+		 */
-+		if (pq_buffer_has_data())
-+			ereport(FATAL,
-+					(errcode(ERRCODE_PROTOCOL_VIOLATION),
-+					 errmsg("received unencrypted data after GSSAPI encryption request"),
-+					 errdetail("This could be either a client-software bug or evidence of an attempted man-in-the-middle attack.")));
-+
- 		/*
- 		 * regular startup packet, cancel, etc packet should follow, but not
- 		 * another GSS negotiation request, and an SSL request should only
-diff --git a/src/include/libpq/libpq.h b/src/include/libpq/libpq.h
-index b1152475ace5..54c5fa779773 100644
---- a/src/include/libpq/libpq.h
-+++ b/src/include/libpq/libpq.h
-@@ -72,6 +72,7 @@ extern int	pq_getmessage(StringInfo s, int maxlen);
- extern int	pq_getbyte(void);
- extern int	pq_peekbyte(void);
- extern int	pq_getbyte_if_available(unsigned char *c);
-+extern bool pq_buffer_has_data(void);
- extern int	pq_putbytes(const char *s, size_t len);
- 
- /*

CVE-2021-23222.patch

@@ -1,123 +0,0 @@
-From 844b3169204c28cd086c1b4fae4a2cbdd0540640 Mon Sep 17 00:00:00 2001
-From: Tom Lane <tgl@sss.pgh.pa.us>
-Date: Mon, 8 Nov 2021 11:14:56 -0500
-Subject: [PATCH] libpq: reject extraneous data after SSL or GSS encryption
- handshake.
-
-libpq collects up to a bufferload of data whenever it reads data from
-the socket.  When SSL or GSS encryption is requested during startup,
-any additional data received with the server's yes-or-no reply
-remained in the buffer, and would be treated as already-decrypted data
-once the encryption handshake completed.  Thus, a man-in-the-middle
-with the ability to inject data into the TCP connection could stuff
-some cleartext data into the start of a supposedly encryption-protected
-database session.
-
-This could probably be abused to inject faked responses to the
-client's first few queries, although other details of libpq's behavior
-make that harder than it sounds.  A different line of attack is to
-exfiltrate the client's password, or other sensitive data that might
-be sent early in the session.  That has been shown to be possible with
-a server vulnerable to CVE-2021-23214.
-
-To fix, throw a protocol-violation error if the internal buffer
-is not empty after the encryption handshake.
-
-Our thanks to Jacob Champion for reporting this problem.
-
-Security: CVE-2021-23222
----
- doc/src/sgml/protocol.sgml        | 28 ++++++++++++++++++++++++++++
- src/interfaces/libpq/fe-connect.c | 26 ++++++++++++++++++++++++++
- 2 files changed, 54 insertions(+)
-
-diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
-index e26619e1b53d..b692648fca47 100644
---- a/doc/src/sgml/protocol.sgml
-+++ b/doc/src/sgml/protocol.sgml
-@@ -1471,6 +1471,20 @@ SELCT 1/0;<!-- this typo is intentional -->
-     and proceed without requesting <acronym>SSL</acronym>.
-    </para>
- 
-+   <para>
-+    When <acronym>SSL</acronym> encryption can be performed, the server
-+    is expected to send only the single <literal>S</literal> byte and then
-+    wait for the frontend to initiate an <acronym>SSL</acronym> handshake.
-+    If additional bytes are available to read at this point, it likely
-+    means that a man-in-the-middle is attempting to perform a
-+    buffer-stuffing attack
-+    (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
-+    Frontends should be coded either to read exactly one byte from the
-+    socket before turning the socket over to their SSL library, or to
-+    treat it as a protocol violation if they find they have read additional
-+    bytes.
-+   </para>
-+
-    <para>
-     An initial SSLRequest can also be used in a connection that is being
-     opened to send a CancelRequest message.
-@@ -1532,6 +1546,20 @@ SELCT 1/0;<!-- this typo is intentional -->
-     encryption.
-    </para>
- 
-+   <para>
-+    When <acronym>GSSAPI</acronym> encryption can be performed, the server
-+    is expected to send only the single <literal>G</literal> byte and then
-+    wait for the frontend to initiate a <acronym>GSSAPI</acronym> handshake.
-+    If additional bytes are available to read at this point, it likely
-+    means that a man-in-the-middle is attempting to perform a
-+    buffer-stuffing attack
-+    (<ulink url="https://www.postgresql.org/support/security/CVE-2021-23222/">CVE-2021-23222</ulink>).
-+    Frontends should be coded either to read exactly one byte from the
-+    socket before turning the socket over to their GSSAPI library, or to
-+    treat it as a protocol violation if they find they have read additional
-+    bytes.
-+   </para>
-+
-    <para>
-     An initial GSSENCRequest can also be used in a connection that is being
-     opened to send a CancelRequest message.
-diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
-index f80f4e98d8e0..57aee9518308 100644
---- a/src/interfaces/libpq/fe-connect.c
-+++ b/src/interfaces/libpq/fe-connect.c
-@@ -3076,6 +3076,19 @@ PQconnectPoll(PGconn *conn)
- 				pollres = pqsecure_open_client(conn);
- 				if (pollres == PGRES_POLLING_OK)
- 				{
-+					/*
-+					 * At this point we should have no data already buffered.
-+					 * If we do, it was received before we performed the SSL
-+					 * handshake, so it wasn't encrypted and indeed may have
-+					 * been injected by a man-in-the-middle.
-+					 */
-+					if (conn->inCursor != conn->inEnd)
-+					{
-+						appendPQExpBufferStr(&conn->errorMessage,
-+											 libpq_gettext("received unencrypted data after SSL response\n"));
-+						goto error_return;
-+					}
-+
- 					/* SSL handshake done, ready to send startup packet */
- 					conn->status = CONNECTION_MADE;
- 					return PGRES_POLLING_WRITING;
-@@ -3175,6 +3188,19 @@ PQconnectPoll(PGconn *conn)
- 				pollres = pqsecure_open_gss(conn);
- 				if (pollres == PGRES_POLLING_OK)
- 				{
-+					/*
-+					 * At this point we should have no data already buffered.
-+					 * If we do, it was received before we performed the GSS
-+					 * handshake, so it wasn't encrypted and indeed may have
-+					 * been injected by a man-in-the-middle.
-+					 */
-+					if (conn->inCursor != conn->inEnd)
-+					{
-+						appendPQExpBufferStr(&conn->errorMessage,
-+											 libpq_gettext("received unencrypted data after GSSAPI encryption response\n"));
-+						goto error_return;
-+					}
-+
- 					/* All set for startup packet */
- 					conn->status = CONNECTION_MADE;
- 					return PGRES_POLLING_WRITING;

postgresql-12.22.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b
+size 21305304

postgresql-12.22.tar.bz2.sha256

@@ -0,0 +1 @@
+8df3c0474782589d3c6f374b5133b1bd14d168086edbc13c6e72e67dd4527a3b  postgresql-12.22.tar.bz2

postgresql-12.7.tar.bz2.sha256

@@ -1 +0,0 @@
-8490741f47c88edc8b6624af009ce19fda4dc9b31c4469ce2551d84075d5d995  postgresql-12.7.tar.bz2

postgresql-13.20-US.pdf

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:038f5c5fc78c805e75176c440e38338029487ca664e275a6f37de0f9c1a33eff
+size 13627275

postgresql-13.20.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288
+size 21730844

postgresql-13.20.tar.bz2.sha256

@@ -0,0 +1 @@
+8134b685724d15e60d93bea206fbe0f14c8295e84f1cc91d5a3928163e4fb288  postgresql-13.20.tar.bz2

postgresql-13.3-sw.patch

@@ -0,0 +1,66 @@
+diff -Naur postgresql-13.3.org/contrib/pgcrypto/crypt-blowfish.c postgresql-13.3.sw/contrib/pgcrypto/crypt-blowfish.c
+--- postgresql-13.3.org/contrib/pgcrypto/crypt-blowfish.c	2022-09-16 11:31:15.100000000 +0800
++++ postgresql-13.3.sw/contrib/pgcrypto/crypt-blowfish.c	2022-09-16 11:32:01.060000000 +0800
+@@ -41,7 +41,7 @@
+ #ifdef __i386__
+ #define BF_ASM				0	/* 1 */
+ #define BF_SCALE			1
+-#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__)
++#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__) || defined(__sw_64__)
+ #define BF_ASM				0
+ #define BF_SCALE			1
+ #else
+diff -Naur postgresql-13.3.org/src/include/port/atomics/arch-sw_64.h postgresql-13.3.sw/src/include/port/atomics/arch-sw_64.h
+--- postgresql-13.3.org/src/include/port/atomics/arch-sw_64.h	1970-01-01 08:00:00.000000000 +0800
++++ postgresql-13.3.sw/src/include/port/atomics/arch-sw_64.h	2022-09-16 13:37:10.630000000 +0800
+@@ -0,0 +1,26 @@
++/*-------------------------------------------------------------------------
++ *
++ * arch-arm.h
++ *	  Atomic operations considerations specific to ARM
++ *
++ * Portions Copyright (c) 2013-2020, PostgreSQL Global Development Group
++ *
++ * NOTES:
++ *
++ * src/include/port/atomics/arch-arm.h
++ *
++ *-------------------------------------------------------------------------
++ */
++
++/* intentionally no include guards, should only be included by atomics.h */
++#ifndef INSIDE_ATOMICS_H
++#error "should be included via atomics.h"
++#endif
++
++/*
++ * 64 bit atomics on ARM32 are implemented using kernel fallbacks and thus
++ * might be slow, so disable entirely. On ARM64 that problem doesn't exist.
++ */
++#if !defined(_sw_64__) 
++#define PG_DISABLE_64_BIT_ATOMICS
++#endif  /* __sw_64__ || __sw_64 */
+diff -Naur postgresql-13.3.org/src/include/port/atomics.h postgresql-13.3.sw/src/include/port/atomics.h
+--- postgresql-13.3.org/src/include/port/atomics.h	2022-09-16 11:31:15.640000000 +0800
++++ postgresql-13.3.sw/src/include/port/atomics.h	2022-09-16 13:36:15.370000000 +0800
+@@ -68,6 +68,8 @@
+ #include "port/atomics/arch-arm.h"
+ #elif defined(__i386__) || defined(__i386) || defined(__x86_64__)
+ #include "port/atomics/arch-x86.h"
++#elif defined(__sw_64__)
++#include "port/atomics/arch-sw_64.h"
+ #elif defined(__ia64__) || defined(__ia64)
+ #include "port/atomics/arch-ia64.h"
+ #elif defined(__ppc__) || defined(__powerpc__) || defined(__ppc64__) || defined(__powerpc64__)
+diff -Naur postgresql-13.3.org/src/include/storage/s_lock.h postgresql-13.3.sw/src/include/storage/s_lock.h
+--- postgresql-13.3.org/src/include/storage/s_lock.h	2022-09-16 11:31:15.560000000 +0800
++++ postgresql-13.3.sw/src/include/storage/s_lock.h	2022-09-16 11:43:30.940000000 +0800
+@@ -320,7 +320,7 @@
+  * We use the int-width variant of the builtin because it works on more chips
+  * than other widths.
+  */
+-#if defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(__aarch64)
++#if defined(__arm__) || defined(__arm) || defined(__aarch64__) || defined(__aarch64) || defined(__sw_64__) || defined(__sw_64)
+ #ifdef HAVE_GCC__SYNC_INT32_TAS
+ #define HAS_TEST_AND_SET
+ 

postgresql-13.3.tar.bz2.sha256

@@ -1 +0,0 @@
-3cd9454fa8c7a6255b6743b767700925ead1b9ab0d7a0f9dcb1151010f8eb4a1  postgresql-13.3.tar.bz2

postgresql-man.patch

@@ -6,8 +6,8 @@ RHBZ#948933).
 diff -up postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 postgresql-13.1/doc/src/sgml/man1/ecpg.1
 --- postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6	2020-11-09 23:38:03.000000000 +0100
 +++ postgresql-13.1/doc/src/sgml/man1/ecpg.1	2020-11-18 09:26:40.547324791 +0100
-@@ -81,6 +81,11 @@ ORACLE\&.
- Define a C preprocessor symbol\&.
+@@ -86,6 +86,11 @@
+ 1\&.
  .RE
  .PP
 +\fB\-h \fR
@@ -18,7 +18,7 @@ diff -up postgresql-13.1/doc/src/sgml/man1/ecpg.1.patch6 postgresql-13.1/doc/src
  \fB\-h\fR
  .RS 4
  Process header files\&. When this option is specified, the output file extension becomes
-@@ -144,6 +149,11 @@ Allow question mark as placeholder for c
+@@ -149,6 +154,11 @@
  .RE
  .RE
  .PP

postgresql-pgcrypto-openssl3-tests.patch

@@ -0,0 +1,102 @@
+diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out
+--- postgresql-13.4/contrib/pgcrypto/expected/pgp-decrypt.out	2021-08-09 16:49:05.000000000 -0400
++++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-decrypt.out	2021-09-01 08:16:48.138600886 -0400
+@@ -4,20 +4,6 @@
+ --  Checking ciphers
+ select pgp_sym_decrypt(dearmor('
+ -----BEGIN PGP MESSAGE-----
+-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
+-
+-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
+-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
+-=JcP+
+------END PGP MESSAGE-----
+-'), 'foobar');
+- pgp_sym_decrypt 
+------------------
+- Secret message.
+-(1 row)
+-
+-select pgp_sym_decrypt(dearmor('
+------BEGIN PGP MESSAGE-----
+ Comment: dat1.aes.sha1.mdc.s2k3.z0
+ 
+ jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
+diff -ur postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
+--- postgresql-13.4/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out	2021-08-09 16:49:05.000000000 -0400
++++ postgresql-13.4.patched/contrib/pgcrypto/expected/pgp-pubkey-decrypt.out	2021-09-01 08:05:27.750172653 -0400
+@@ -594,13 +594,6 @@
+ (1 row)
+ 
+ select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
+-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
+- pgp_pub_decrypt 
+------------------
+- Secret msg
+-(1 row)
+-
+-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
+ from keytbl, encdata where keytbl.id=3 and encdata.id=3;
+  pgp_pub_decrypt 
+ -----------------
+diff -ur postgresql-13.4/contrib/pgcrypto/Makefile postgresql-13.4.patched/contrib/pgcrypto/Makefile
+--- postgresql-13.4/contrib/pgcrypto/Makefile	2021-08-09 16:49:05.000000000 -0400
++++ postgresql-13.4.patched/contrib/pgcrypto/Makefile	2021-09-01 08:26:47.207164873 -0400
+@@ -5,7 +5,7 @@
+ INT_TESTS = sha2
+ 
+ OSSL_SRCS = openssl.c pgp-mpi-openssl.c
+-OSSL_TESTS = sha2 des 3des cast5
++OSSL_TESTS = sha2
+ 
+ ZLIB_TST = pgp-compression
+ ZLIB_OFF_TST = pgp-zlib-DISABLED
+@@ -49,12 +49,13 @@
+ 	pgcrypto--1.0--1.1.sql
+ PGFILEDESC = "pgcrypto - cryptographic functions"
+ 
+-REGRESS = init md5 sha1 hmac-md5 hmac-sha1 blowfish rijndael \
++REGRESS = init md5 sha1 hmac-md5 hmac-sha1 rijndael \
+ 	$(CF_TESTS) \
+-	crypt-des crypt-md5 crypt-blowfish crypt-xdes \
++	crypt-md5 \
+ 	pgp-armor pgp-decrypt pgp-encrypt $(CF_PGP_TESTS) \
+ 	pgp-pubkey-decrypt pgp-pubkey-encrypt pgp-info
+ 
++#REGRESS = init pgp-pubkey-decrypt pgp-decrypt \
+ EXTRA_CLEAN = gen-rtab
+ 
+ ifdef USE_PGXS
+diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql
+--- postgresql-13.4/contrib/pgcrypto/sql/pgp-decrypt.sql	2021-08-09 16:49:05.000000000 -0400
++++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-decrypt.sql	2021-09-01 08:16:12.525212175 -0400
+@@ -5,16 +5,6 @@
+ --  Checking ciphers
+ select pgp_sym_decrypt(dearmor('
+ -----BEGIN PGP MESSAGE-----
+-Comment: dat1.blowfish.sha1.mdc.s2k3.z0
+-
+-jA0EBAMCfFNwxnvodX9g0jwB4n4s26/g5VmKzVab1bX1SmwY7gvgvlWdF3jKisvS
+-yA6Ce1QTMK3KdL2MPfamsTUSAML8huCJMwYQFfE=
+-=JcP+
+------END PGP MESSAGE-----
+-'), 'foobar');
+-
+-select pgp_sym_decrypt(dearmor('
+------BEGIN PGP MESSAGE-----
+ Comment: dat1.aes.sha1.mdc.s2k3.z0
+ 
+ jA0EBwMCci97v0Q6Z0Zg0kQBsVf5Oe3iC+FBzUmuMV9KxmAyOMyjCc/5i8f1Eest
+diff -ur postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql
+--- postgresql-13.4/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql	2021-08-09 16:49:05.000000000 -0400
++++ postgresql-13.4.patched/contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql	2021-09-01 08:06:18.963732342 -0400
+@@ -606,9 +606,6 @@
+ from keytbl, encdata where keytbl.id=1 and encdata.id=1;
+ 
+ select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
+-from keytbl, encdata where keytbl.id=2 and encdata.id=2;
+-
+-select pgp_pub_decrypt(dearmor(data), dearmor(seckey))
+ from keytbl, encdata where keytbl.id=3 and encdata.id=3;
+ 
+ select pgp_pub_decrypt(dearmor(data), dearmor(seckey))

postgresql-setup-8.7.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1d674925d16951b7271c1ccacd17245c144c6203ce8191fc97326468e5a7fe17
+size 153274