Copyright (C) 2003-2007 The Frugalware Developer Team. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".
This document documents the work of the Frugalware Security Team. Primarily it's for new developers or for existing developers who started to work in the Security Team.
The security team opens a new task in the BTS, with a [SEC] prefix.
The maintainer fixes the issue in -current and decides if the issue needs fixing in -stable or not. If yes, then changes the status of the task to "Fixed in -current", otherwise closes the task.
If there is no patch for the issue yet, then set the status to "Researching". This indicates that you, the maintainer knows the problem, just you don't have enough resources to fix it.
The security team regularly searches for "Fixed in -current" bugs, fixes the issue in -stable and releases a new FSA.
Check if the backport is ready (the binary packages should be uploaded for each arch).
Update the frugalware/xml/security.xml file in the homepage-ng repo and check if the mail is sent to the frugalware-security list. If not, then ask on -devel what can be the problem.
Subscribe to Secunia Security Advisories List at http://secunia.com/secunia_security_advisories/ page. This is the best place to notice issues.
Read the mails one-by-one and check if the advisory affects -current or -stable.
Open a task in BTS if necessary. Please fill in the form correctly, provide a patch if you can.
You can also read other mailing list, like https://lists.grok.org.uk/mailman/listinfo/full-disclosure, but secunia monitors them, so you won't miss anything. (You just notice things later.)
Secunia announces sec issues days after they released so there is a good chance to find a patch.
First of all sometimes upstream fixes it with a new version.
Fixed in cvs/svn/whatever and you are able to find the patch (unlike PHP)
If these two fails, there is http://security.ubuntu.com/ubuntu/pool. Secunia also mails you if the bug fixen in ubuntu, so steal the patch from them :) You only need the $package-$pkgver.diff.gz. There is a changelog in it, where you can find the filename of the fix.
It's also a good idea to take a look on redhat/gentoo bugzilla. They attach fixes most the time.
So it's good to read the secunia mails carefully as you'll always know when the patch is available.
This document is for developers who want to publish a git repository on the Frugalware FTP Server and on the Frugalware Gitweb Interface.
Since a repository consists of plain files, we can and should place them on the ftp server (/home/ftp). To prevent further problems, always use the server name "git.frugalware.org", currently it's an alias of genesis.frugalware.org.
First decide if it's a personal repository or a team one. For example if you create a repository to update to a newer python version, then probably you will do all the work, create it under /pub/other/people/nick/reponame. Simply create a dir, issue git init and push at least one commit to there.
If you want to allow others to push to your repo, then you want to allow them to lock your repo. This requires
chmod g+w .git
Now anyone can git clone it, using a full mirror, for example ftp://ftp12.frugalware.org/mirrors/ftp.frugalware.org/pub/.
If the repository is a team one, then create it under /pub/other. In this case probably you want the gitweb interface, too. To use it:
Update the file .git/description inside the repo with a short (less than 80 chars) description.
Create the file .git/owner inside the repo containing your name, without your email address.
Push a relative symlink to the homepage-ng repository, see the existing ones as a reference.
After some time (a maximum of 30 minutes) it should appear at http://git.frugalware.org/.
Currently you need hooks for the following reasons: . If you don't use bare repositories, then the content outside .git won't be updated automatically, you need a hook to do so.
If you want CIA notification.
If you want sending mails to the Frugalware-git mailing list.
If you want to let other be able to clone your repository via dumb protocols like http or rsync. (This means that if you disable this hook, it won't be accessible anonymously!)
For the last one:
chmod +x .git/hooks/post-update
For the others:
ln -sf /home/ftp/pub/other/git-hooks/git-hooks.py .git/hooks/post-receive
There are many different ways to contribute to Frugalware. You can write documentation, translate the existing ones to your native language (or any other language you want to) maintain packages or making them better whith adding features whatever.
If you are a programmer you can help us in developing our applications. These are: pacman-g2, gfpm, fwlive, frugalwareutils, setup etc. See git.frugalware.org for different project repositories.
You can also start new projects. If you show some code we can surely host your project too if it's frugalware related. For example you want to write kfpm :)
|
Important
|
After each title in brackets you can find the target audience. |
You can read the details on our Translations documentation page.
In the first part i will cover the necessary informations for those who do not have developer status yet.
In the second part we will set up the necessary config files.
First of all, we ask you to read the following documentations carefully. If you do not want to deal with packages, just want to code it's usually enough to read the git documentation as we store our code in git repositories.
man makepkg
man pacman-g2
man repoman
man FrugalBuild
man fwmakepkg
I know, it is boring reading documentation, but you have to know that writing them is even worse so do not ask questions when there is the answer in the documentation. If you can not understand something feel free to join #frugalware@irc.freenode.net and ask.
The frugalware-current repo is the development repo for the packages.
When you want to get it you need the git package. Let's get it:
# pacman-g2 -S git
Now create a git directory where you can hold all your repos. You can choose any other name of course.
$ mkdir -p ~/git $ cd ~/git
Now clone the repo with git:
$ git clone git://git.frugalware.org/pub/frugalware/frugalware-current current $ cd current
Now be patient while git clones all the objects and then checks out the files. Also you can use other mirrors as well.
First of all you need the repo of the program. In this example i will use pacman-g2, but the steps are very similar. NOTE: Most of our programs need the translations repo to compile)
$ mkdir -p ~/git $ cd ~/git $ git clone git://git.frugalware.org/pub/other/translations (optional) $ git clone git://git.frugalware.org/pub/other/pacman-g2/pacman-g2 $ cd pacman-g2
Now you should setup up your identity.
$ git config --global user.name "Your Name" $ git config --global user.email email@addr.ess
Now you can make your changes. When finished run
$ git diff
in the repository.
|
Tip
|
You can also use git diff . (note the dot in the end). In that case git will show the changes recursively in the current directory. It is very handy when you have lot of uncommitted changes in your repo. |
If you satisfied with the changes run
$ git commit -a
to commit all your changes.
If you want to cherry-pick hunks from your changes:
$ dg record
or using native git commands:
$ git add -p; git commit
Without committing your changes you can not send nor push (just developers) it.
|
Tip
|
With frugalware-* repos it's recommended to use repoman rec which is a wrapper for dg record. It sets up the patch name properly so you only need to deal with the details. |
Here comes the final step. Send in the patch(es)!
$ git format-patch <hash> $ git send-email --to frugalware-devel@frugalware.org .
<hash> is the sha1 of the last patch you do not want to submit. Run
$ git log
and you'll see the hash. Also, you can just use your existing mail client and send the patch(es) as an attachment.
If everything goes fine your patch should show up on the frugalware-devel mailing list soon.
|
Note
|
You have to subscribe to the frugalware-devel mailing list and set up your SMTP server properly (if you use git send-email). |
Once you get a developer account, you have the right to request the following services:
BTS access (so that we can assign tasks to you)
git write access (you'll always get this, except if you are working on the artwork or so)
voice on the #frugalware.dev channel
a @frugalware.org mail address (with imaps/pop3s access)
Public and private devspace. The first is in the /pub/other/people/nick dir and this is mirrored (you must not put private stuff to there). The later is your ~/public_html dir: it is not mirrored and there is no backup for it. Though you may temporarily put private stuff to there.
a @frugalware.org jabber account if you want one
What you should do:
You should read the frugalware-devel mailing list. When you're asked, please try to respond.
If you push patches to git, you should subscribe to the frugalware-git mailing list. This is list has a big traffic since a new mail is sent for each patch. If you don't have time to read it, subscribe then set the "I would like to receive no mail" option. Also take care that your subscribing email equals to the one you set using git config user.email
Also it's good if you can join the user and developer channel when you're online.
Let us see what you should set up to get it work. I will also give some tips which can make your life easier.
Read this page, we collected a set of tricks when we converted from darcs to git.
It is time to set up some necessary things. We start with the frugalware-current repo. Make sure that you are in the root of the frugalware-current repo. Also do not forget to change the username to your login name on git.frugalware.org.
$ git config remote.origin.url 'username@git.frugalware.org:/home/ftp/pub/frugalware/frugalware-current' $ git config remote.origin.receivepack "sudo -u vmiklos git-receive-pack"
|
Important
|
Do not edit the second line! So that vmiklos have to be vmiklos. It's because he is the current owner of that repo. |
As you will use repoman to upload the packages (and many other things as you'll see) we should set it up now. This step is also necessary. Open ~/.repoman.conf with your favourite editor and add the following lines:
fst_root=~/git
current_servers=("username@git.frugalware.org:/home/ftp/pub/frugalware/frugalware-current")
stable_servers=("username@git.frugalware.org:/home/ftp/pub/frugalware/frugalware-stable")
stable_pushonly="y"
Where fst_root is the directory where you store your git repos. Username is your login on git.frugalware.org. For details see man repoman.
As from now use the following command from package's directory to push your changes.
$ repoman push
It will check the FrugalBuild using fblint, then records your changes, pushes them, uploads the fpms and finally creates the changelog, updates the fdb etc. So you are done if there was no error message.
In repo's main directory:
$ git config remote.origin.url 'username@git.frugalware.org:/home/ftp/pub/other/pacman-g2/pacman-g2' $ git config remote.origin.receivepack "sudo -u owner git-receive-pack"
Do not forget to change the username and repository path. For paths refer to the gitweb interface.
|
Note
|
The owner for pacman-g2, frugalwareutils, pacman-tools is usually vmiklos. |
You should always review what you would push before you perform the action:
$ git fetch $ git rebase origin/master $ git log origin/master..master
Then you can use
$ git push
to send in your changes.
|
Note
|
The dg push wrapper does exactly this for you. |
You MUST follow this HOWTO when bumping GNOME to a new version (even a minor version).
To start, packages must be compiled in the order listed below (if you find a change that needs making to this list, poke AlexExtreme). If it is a major bump (2.14 to 2.16, for example), it is wise to rebuild most of the GNOME packages.
libxml2
libxslt
gnome-common
intltool
scrollkeeper
gtk-doc
glib
libIDL
ORBit2
libbonobo
fontconfig
Render
Xrender
cairo
Xft
pango
atk
shared-mime-info
gtk*
gtk+2-engines
gconf
desktop-file-utils
gnome-mime-data
avahi
dbus
hal
gnome-vfs
audiofile
esd
libgnome
libart_lgpl
libglade
libgnomecanvas
libbonoboui
hicolor-icon-theme
icon-naming-utils
gnome-icon-theme
gnome-keyring
libgnomeui
startup-notification
gtk-engines
gnome-themes
gnome-doc-utils
gnome-desktop
libwnck
libgpg-error
libgcrypt
libtasn1
opencdk
gnutls
libsoup
firefox
evolution-data-server
pygobject (*)
pycairo
pygtk (*)
gnome-menus
gnome-panel
metacity
gstreamer
liboil
libxklavier
libgnomekbd
libcroco
librsvg
gail
eel
gst-plugins-base
nautilus
control-center
gnome-session
vte
gnome-terminal
libgtop
gucharmap
gnome-applets
libgsf
libgnomecups
libgnomeprint
libgnomeprintui
yelp
bug-buddy
gtksourceview
pyorbit (*)
gnome-python (*)
nautilus-cd-burner
gst-plugins-good
libmusicbrainz
iso-codes
totem
gnome-media
gnome-python-desktop (*)
gedit
eog
gconf-editor
gnome-utils
gnome-system-monitor
gnome-netstatus
gcalctool
zenity
at-spi
libgail-gnome
gnome-speech
gnome-mag
gnopernicus (missing from repo)
gok (missing from repo)
epiphany
epiphany-extensions
gob2
gnome-games
gnome-user-docs
file-roller
gnome-nettool
vino
gnome-volume-manager
gnome-backgrounds
sound-juicer
gtkhtml
gal
pilot-link (if needed, not a gnome part)
gnome-pilot
gnome-pilot-conduits
gnome-spell
evolution
evolution-webcal
evolution-exchange
gdm
ekiga
poppler
evince
dasher
gnome-power-manager
gnome-keyring-manager
deskbar-applet
fast-user-switch-applet
gnome-screensaver
pessulus
sabayon
gnome-cups-manager
(*) - don't use Fsplit on this package.
|
Note
|
all *sharp and all bindings need to be split |
Never, i repeat, NEVER bump a version without doing the following:
Download the new version's tarball and extract it
Run ./configure —help and look in configure.in to check for new dependencies (even optional ones) and consider whether to use them or not. Consult all devels about whether it is a good idea to use the optional dependencies.
Check for dependencies that are no longer needed and remove them from the FrugalBuild
Check GConf schemas. Sometimes they have been renamed, or new ones have been added Not doing this can cause a lot of problems.
Check the Changelog and NEWS file for the package. Sometimes there may be API/ABI changes that need to be considered before bumping.
Check if _F_gnome_{scrollkeeper,mime,desktop} are needed in the new version.
When all this has been done, update the FrugalBuild with new sha1sums, pkgver, depends, GConf schemas and _F_gnome_* values (add gnome-scriptlet to Finclude if necessary)
Build the package and push.
The aim of this howto is to show what's the procedure of a stable Frugalware release. The to-be-created release in this howto is 0.5, the previous release is 0.4.
Just because I don't know where to document this, here is the command line what I use to sync changes from -current to -testing before a release:
$ rsync -avP --delete-after frugalware-current/ frugalware-testing/
send a mail to -devel about "please stop version and release bumps"
check if the artwork has been updated completely. see this mail from Nadfoka on what items should be checked
ask someone to update the screenshots
sync the archs, checkpkgs shouldn't have any red pkg in it's output
run gensync to rebuild the fdbs
generate isos and test if everything is ok (ie. install from cd1-cd2 on i686, and start kde, or something)
tag the release using git tag
Copy the full tree on genesis:
$ cd /home/ftp/pub/frugalware $ cp -av frugalware-current frugalware-0.5
Now one have two tree. All what one should do in -current is to bump —from-tag version to 0.5 in tools/genpkgs.
rename the frugalware-current fdbs to frugalware
rebuild the initrd with
STABLE = true
in the Makefile
- s/-current// in tools/mkpkglst
- update VERSION in docs/Makefile
- update `\.git/description`
- update kernel FrugalBuild to hardwire the kernel release (`\_F_kernel_rel`)
- update `/source/include/kernel-module.sh` (s/=/>=/) and rebuild the fdbs
again
- run the just modified genpkgs to regenerate the ChangeLog.txt to start from
the 0.4 tag to the 0.5 tag
- update pacman{,-tools} so that -stable will be the default on -Syu / repoman
upd, not -current
- upload the fdbs to the mysql db using fpm2db, just run all2db.sh from the
/tools dir
- create a new chroot tarball for each arch
generate isos, test all of them (net,cd,dvd for each arch)
create an usb stick installer tarball for each arch
create an tftp boot image for each arch
check if the upgrade from 0.4->0.5 works or not, probably a simple -Syu is not enough, then write a howto
put the isos online and wait at least 24h so that the mirrors will be in sync at release time
create torrents for the isos and make sure at least one machine seeds them
add the new version to the bts
write an announcement, put it out to somewhere and ask Alex or LGee to spellcheck it
push it to the homepage-ng repo
mark the release as "done" in /frugalware/xml/roadmap.xml (homepage-ng repo) and add the proper newsid value
update the topic of #frugalware
update the freshmeat entry
find a codename
update roadmap.xml
Done!
| ID | User | Package | Group | Package |
|---|---|---|---|---|
| 000 | root | shadow | root | shadow |
| 001 | bin | shadow | bin | shadow |
| 002 | daemon | shadow | daemon | shadow |
| 003 | adm | shadow | sys | shadow |
| 004 | lp | shadow | adm | shadow |
| 005 | sync | shadow | tty | shadow |
| 006 | shutdown | shadow | disk | shadow |
| 007 | halt | shadow | lp | shadow |
| 008 | shadow | mem | shadow | |
| 009 | news | shadow | kmem | shadow |
| 010 | uucp | shadow | wheel | shadow |
| 011 | operator | shadow | floppy | shadow |
| 012 | syncpkgd | pacman-tools | shadow | |
| 013 | news | shadow | ||
| 014 | ftp | shadow | uucp | shadow |
| 015 | man | shadow | ||
| 016 | cdrom | shadow | ||
| 017 | scanner | shadow | ||
| 018 | privoxy | privoxy | privoxy | privoxy |
| 019 | fst | pacman | audio | shadow |
| 020 | nx | freenx | games | shadow |
| 021 | slocate | slocate | ||
| 022 | utmp | shadow | ||
| 023 | camera | shadow | ||
| 024 | video | shadow | ||
| 025 | smmsp | shadow | smmsp | shadow |
| 026 | clamav | clamav | clamav | clamav |
| 027 | mysql | shadow | mysql | shadow |
| 028 | rsyncd | rsync | rsyncd | rsync |
| 029 | _ntp | openntpd | _ntp | openntpd |
| 030 | storage | shadow | ||
| 031 | pgdb | postgresql | pgdb | postgresql |
| 032 | rpc | shadow | rpc | shadow |
| 033 | sshd | shadow | sshd | shadow |
| 034 | scponly | scponly | scponly | scponly |
| 035 | sbox | scratchbox | ||
| 036 | rlocate | rlocate | ||
| 037 | netdev | shadow | ||
| 038 | messagebus | dbus | messagebus | dbus |
| 039 | hald | hal | hald | hal |
| 040 | amavis | amavisd-new | amavis | amavisd-new |
| 041 | ejabberd | ejabberd | ejabberd | ejabberd |
| 042 | gdm | shadow | gdm | shadow |
| 043 | shadow | shadow | ||
| 044 | beagleindex | beagle | beagleindex | beagle |
| 045 | partimag | partimage | partimag | partimage |
| 046 | sabayon | sabayon | sabayon | sabayon |
| 047 | munin | munin and munin-node | munin | munin and munin-node |
| 048 | ccache | ccache | ||
| 049 | ||||
| 050 | ftp | shadow | ||
| 051 | telnetd | shadow | ||
| 052 | ||||
| 053 | ||||
| 054 | ||||
| 055 | ||||
| 056 | ||||
| 057 | ||||
| 058 | ||||
| 059 | ||||
| 060 | grsec_procview | kernel-grsec | ||
| 061 | grsec_audit | kernel-grsec | ||
| 062 | grsec_tpe | kernel-grsec | ||
| 063 | grsec_s_all | kernel-grsec | ||
| 064 | grsec_s_client | kernel-grsec | ||
| 065 | grsec_s_server | kernel-grsec | ||
| 066 | ||||
| 067 | ||||
| 068 | ||||
| 069 | ||||
| 070 | ||||
| 071 | ||||
| 072 | ||||
| 073 | postfix | postfix | postfix | postfix |
| 074 | ||||
| 075 | postdrop | postfix | ||
| 076 | ||||
| 077 | dspam | dspam | dspam | dspam |
| 078 | ||||
| 079 | ||||
| 080 | mailman | mailman | mailman | mailman |
| 081 | ||||
| 082 | ||||
| 083 | ||||
| 084 | avahi | avahi | avahi | avahi |
| 085 | firebird | firebird | firebird | firebird |
| 086 | ||||
| 087 | ||||
| 088 | ||||
| 089 | ||||
| 090 | pop | shadow | pop | shadow |
| 091 | ||||
| 092 | ||||
| 093 | ||||
| 094 | ||||
| 095 | ||||
| 096 | ||||
| 097 | ||||
| 098 | nobody | shadow | ||
| 099 | nobody | shadow | nogroups | shadow |
| 100 | shadow | users | shadow | |
| 101 | shadow | console | shadow | |
| 102 | ||||
| 103 | ||||
| 104 | distccd | distcc | distccd | distcc |
| 105 | ||||
| 106 | ||||
| 107 | ||||
| 108 | ||||
| 109 | postgrey | postgrey | ||
| 110 | ||||
| 111 | ||||
| 112 | ||||
| 113 | logcheck | logcheck | logcheck | logcheck |
| 114 | ||||
| 115 | ||||
| 116 | ||||
| 117 | ||||
| 118 | ||||
| 119 | ||||
| 120 | ||||
| 121 | ||||
| 122 | ||||
| 123 | ||||
| 124 | ||||
| 125 | ||||
| 126 | ||||
| 127 | ||||
| 128 | ||||
| 129 | ||||
| 130 | ||||
| 131 | ||||
| 132 | ||||
| 133 | ||||
| 134 | ||||
| 135 | ||||
| 136 | ||||
| 137 | ||||
| 138 | ||||
| 139 | ||||
| 140 | ||||
| 141 | ||||
| 142 | ||||
| 143 | ||||
| 144 | ||||
| 145 | ||||
| 146 | ||||
| 147 | ||||
| 148 | ||||
| 149 | ||||
| 150 | ||||
| 151 | ||||
| 152 | ||||
| 153 | ||||
| 154 | ||||
| 155 | ||||
| 156 | ||||
| 157 | ||||
| 158 | ||||
| 159 | ||||
| 160 | ||||
| 161 | ||||
| 162 | ||||
| 163 | ||||
| 164 | ||||
| 165 | ||||
| 166 | ||||
| 167 | ||||
| 168 | ||||
| 169 | ||||
| 170 | ||||
| 171 | ||||
| 172 | ||||
| 173 | ||||
| 174 | ||||
| 175 | ||||
| 176 | ||||
| 177 | ||||
| 178 | ||||
| 179 | ||||
| 180 | ||||
| 181 | ||||
| 182 | ||||
| 183 | ||||
| 184 | ||||
| 185 | ||||
| 186 | ||||
| 187 | ||||
| 188 | ||||
| 189 | ||||
| 190 | ||||
| 191 | ||||
| 192 | ||||
| 193 | ||||
| 194 | ||||
| 195 | ||||
| 196 | ||||
| 197 | ||||
| 198 | ||||
| 199 | ||||
| 200 | ||||
| 201 | ||||
| 202 | ||||
| 203 | ||||
| 204 | ||||
| 205 | ||||
| 206 | ||||
| 207 | ||||
| 208 | ||||
| 209 | ||||
| 210 | ||||
| 211 | ||||
| 212 | ||||
| 213 | ||||
| 214 | ||||
| 215 | ||||
| 216 | ||||
| 217 | ||||
| 218 | ||||
| 219 | ||||
| 220 | ||||
| 221 | ||||
| 222 | ||||
| 223 | ||||
| 224 | ||||
| 225 | ||||
| 226 | ||||
| 227 | ||||
| 228 | ||||
| 229 | ||||
| 230 | ||||
| 231 | ||||
| 232 | ||||
| 233 | ||||
| 234 | ||||
| 235 | ||||
| 236 | ||||
| 237 | ||||
| 238 | ||||
| 239 | ||||
| 240 | ||||
| 241 | ||||
| 242 | ||||
| 243 | ||||
| 244 | ||||
| 245 | ||||
| 246 | ||||
| 247 | ||||
| 248 | ||||
| 249 | ||||
| 250 | ||||
| 251 | ||||
| 252 | ||||
| 253 | ||||
| 254 | ||||
| 255 | ||||
| 256 | ||||
| 257 | ||||
| 258 | ||||
| 259 | ||||
| 260 | ||||
| 261 | ||||
| 262 | ||||
| 263 | ||||
| 264 | ||||
| 265 | ||||
| 266 | ||||
| 267 | ||||
| 268 | ||||
| 269 | ||||
| 270 | ||||
| 271 | ||||
| 272 | ||||
| 273 | ||||
| 274 | ||||
| 275 | ||||
| 276 | ||||
| 277 | ||||
| 278 | ||||
| 279 | ||||
| 280 | ||||
| 281 | ||||
| 282 | ||||
| 283 | ||||
| 284 | ||||
| 285 | ||||
| 286 | ||||
| 287 | ||||
| 288 | ||||
| 289 | ||||
| 290 | ||||
| 291 | ||||
| 292 | ||||
| 293 | ||||
| 294 | ||||
| 295 | ||||
| 296 | ||||
| 297 | ||||
| 298 | ||||
| 299 | ||||
| 300 | ||||
| 301 | ||||
| 302 | ||||
| 303 | ||||
| 304 | ||||
| 305 | ||||
| 306 | ||||
| 307 | ||||
| 308 | ||||
| 309 | ||||
| 310 | ||||
| 311 | ||||
| 312 | ||||
| 313 | ||||
| 314 | ||||
| 315 | ||||
| 316 | ||||
| 317 | ||||
| 318 | ||||
| 319 | ||||
| 320 | ||||
| 321 | ||||
| 322 | ||||
| 323 | ||||
| 324 | ||||
| 325 | ||||
| 326 | ||||
| 327 | ||||
| 328 | ||||
| 329 | ||||
| 330 | ||||
| 331 | ||||
| 332 | ||||
| 333 | ||||
| 334 | ||||
| 335 | ||||
| 336 | ||||
| 337 | ||||
| 338 | ||||
| 339 | ||||
| 340 | ||||
| 341 | ||||
| 342 | ||||
| 343 | ||||
| 344 | ||||
| 345 | ||||
| 346 | ||||
| 347 | ||||
| 348 | ||||
| 349 | ||||
| 350 | ||||
| 351 | ||||
| 352 | ||||
| 353 | ||||
| 354 | ||||
| 355 | ||||
| 356 | ||||
| 357 | ||||
| 358 | ||||
| 359 | ||||
| 360 | ||||
| 361 | ||||
| 362 | ||||
| 363 | ||||
| 364 | ||||
| 365 | ||||
| 366 | ||||
| 367 | ||||
| 368 | ||||
| 369 | ||||
| 370 | ||||
| 371 | ||||
| 372 | ||||
| 373 | ||||
| 374 | ||||
| 375 | ||||
| 376 | ||||
| 377 | ||||
| 378 | ||||
| 379 | ||||
| 380 | ||||
| 381 | ||||
| 382 | ||||
| 383 | ||||
| 384 | ||||
| 385 | ||||
| 386 | ||||
| 387 | ||||
| 388 | ||||
| 389 | ||||
| 390 | ||||
| 391 | ||||
| 392 | ||||
| 393 | ||||
| 394 | ||||
| 395 | ||||
| 396 | ||||
| 397 |