Sync from SUSE:ALP:Source:Standard:1.0 shadow revision 45f99913f2a794e57cd95c2bbc9705c7

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

disable_new_audit_function.patch

@@ -0,0 +1,28 @@
+Index: shadow-4.5/src/lastlog.c
+===================================================================
+--- shadow-4.5.orig/src/lastlog.c
++++ shadow-4.5/src/lastlog.c
+@@ -221,12 +221,15 @@ static void update_one (/*@null@*/const
+ 		strcpy (ll.ll_host, "localhost");
+ #endif
+ 		strcpy (ll.ll_line, "lastlog");
++/*
+ #ifdef WITH_AUDIT
+ 		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+ 			"clearing-lastlog",
+ 			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+ #endif
++*/
+ 	}
++/*
+ #ifdef WITH_AUDIT
+ 	else {
+ 		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+@@ -234,6 +237,7 @@ static void update_one (/*@null@*/const
+ 			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+ 	}
+ #endif
++*/
+ 
+ 	if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
+ 			fprintf (stderr,

shadow-4.14.3.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmWlu4sACgkQnowa+77/
+2zKCIw//Ts0DjkUGf8j7T6SyLGBWpK0pMxXRFxK4SNlLAsirMMAvxjKZH59YpyY3
+G2RR7UdRDBHRFSQaWERW3B9YTwzyu9ficYCvQO3Jq/sYSBkuF59R0Q8pPB1zB0t2
+sRX+9IGdk6en6NTEmfehjbTb7oaf7etsMHe1UK4hgfQA22Pse8pMI1+9mcsNRIaK
+gFsJl9oXV2qwyJXCqkMfatYD7gF5rTJPTa8fXlBC4dqx6/ew9wzfG7Pu+9OXrX6W
+TosrwjYrpe00NhHlhN5iJoWyCUALipVazXgHW5zhGfvoIcYh97pJVm1FpLJS2l6C
+u3Y7A6HnKCaWFsIvWbmuop2ldFMgZgmtJkwcse9v8K0ZC/ncqWMp9VVEdMnbgfFe
+eGvQKwpwj+B9LPx++s4H4NGt8iOtBAFZ4nmKXGNMegmgiMUbakdmiPpOwKQuS0kD
+5lTWBQRbaxFuAxTxKy+i2cb5nEF1ZjQk/G9K8JilgFLSMefLHXliA7kNXK+pOtAC
+eib17E9U20B0Mr0o7aDrBmJR/UoGmxmjIHL0OtXqvOWeT8aFCemKsjyv+E0v6Gva
+es6PukZA0AzoWoJDtl7BpN6nKQNhHr68pm4QxuEW/g3FsoY0Zd1d8bChjVeyg9qZ
+NZJ9peXzf4uNcakHgJJ7fHnN+nw89UAZap+21RO1a3vEQh590kU=
+=vpSr
+-----END PGP SIGNATURE-----

shadow-login_defs-check.sh

@@ -0,0 +1,286 @@
+#!/bin/bash
+
+# login.defs and lib/getdef.c contain support for third party variables.
+# It also contains support for variables that are unusable in installations with PAM support enabled.
+# This script generates a list of used and unused variables in login.defs
+# with respect to the current configuration.
+# Arguments: arguments of osc build
+# If the shadow-login_defs-check-unused.lst is generated, you should
+# update login.defs.
+
+set -o errexit
+
+echo "Preparing..."
+
+# Check for required commands
+which quilt >/dev/null
+which osc >/dev/null
+
+# login.defs is shared with util-linux login, su and runuser.
+# Extract list of referenced variables.
+if ! test -f openSUSE:Factory/util-linux/BUILD/*/configure.ac ; then
+	echo "Checking out util-linux..."
+	if test -d ../util-linux ; then
+		echo -n "../util-linux found. Are you preparing new version? (y/N) "
+		read
+		if test "${REPLY:0:1}" = "y" ; then
+		mkdir -p openSUSE:Factory
+			cp -a ../util-linux openSUSE:Factory/
+		else
+			osc co openSUSE:Factory util-linux
+		fi
+	else
+		osc co openSUSE:Factory util-linux
+	fi
+	cd openSUSE:Factory/util-linux
+	quilt setup -d BUILD util-linux.spec
+	cd BUILD/*
+	quilt push -a
+	cd ../../../..
+fi
+
+echo "Extracting variables from util-linux..."
+cd openSUSE:Factory/util-linux/BUILD/*
+(
+	grep -rh getlogindefs . |
+		sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
+	grep -rh logindefs_setenv . |
+		sed -n 's/^.*logindefs_setenv*("[A-Z0-9_]*", "\([A-Z0-9_]*\)".*$/\1/p'
+) |
+	LC_ALL=C sort -u >../../../../shadow-login_defs-check-util-linux.lst
+cd ../../../..
+
+# login.defs is shared pam_unix*.so, pam_faildelay.so and pam_umask.so.
+# Extract list of referenced variables.
+if ! test -f openSUSE:Factory/pam/BUILD/*/configure.ac ; then
+	echo "Checking out pam..."
+	if test -d ../pam ; then
+		echo -n "../pam found. Are you preparing new version? (y/N) "
+		read
+		if test "${REPLY:0:1}" = "y" ; then
+		mkdir -p openSUSE:Factory
+			cp -a ../pam openSUSE:Factory/
+		else
+			osc co openSUSE:Factory pam
+		fi
+	else
+		osc co openSUSE:Factory pam
+	fi
+	cd openSUSE:Factory/pam
+	quilt setup -d BUILD pam.spec
+	cd BUILD/*
+	quilt push -a
+	cd ../../../..
+fi
+
+echo "Extracting variables from pam..."
+cd openSUSE:Factory/pam/BUILD/*
+grep -rh LOGIN_DEFS . |
+	sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' |
+	LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst
+cd ../../../..
+
+if ! test -f shadow-login_defs-check-build/stamp ; then
+	echo "Performing preprocessing of shadow by osc..."
+	if ! test -f shadow.spec.shadow-login_defs-check-save ; then
+		cp -a shadow.spec shadow.spec.shadow-login_defs-check-save
+
+# In case of shadow, variables extraction is more complicated. The list
+# depends on configure options, so we have to perform a fake build and
+# extract variables from prepreocessed sources.
+#		sed -i '/^%make_build/i\_smp_mpflags="%{?_smp_mpflags} -k CPPFLAGS=\\"-E\\""' shadow.spec
+		sed -i 's/^%make_build/%make_build -k CPPFLAGS=\\"-E\\"/' shadow.spec
+		if cmp -s shadow.spec shadow.spec.shadow-login_defs-check-save ; then
+			echo "$0: Please fix sed expression modifying shadow.spec."
+			mv shadow.spec.shadow-login_defs-check-save shadow.spec
+			exit 1
+		fi
+	fi
+
+	if osc build "$@" ; then
+		echo "This build command was expected to fail, but it succeeded."
+		echo "$0: Please fix sed expression modifying shadow.spec."
+		mv shadow.spec.shadow-login_defs-check-save shadow.spec
+		exit 1
+	else
+		echo "This build command was expected to fail."
+		echo ""
+	fi
+	mv shadow.spec.shadow-login_defs-check-save shadow.spec
+
+	BUILD_ROOT=$(osc lbl | sed -n 's/^.*Using BUILD_ROOT=//p')
+	BUILD_DIR=$(osc lbl | sed -n 's/^.* cd //p' | head -n1)
+	rm -rf shadow-login_defs-check-build
+	mkdir shadow-login_defs-check-build
+	cp -a "$BUILD_ROOT/$BUILD_DIR"/shadow-* shadow-login_defs-check-build/
+	touch shadow-login_defs-check-build/stamp
+fi
+
+echo "Extracting list of deleted binaries..."
+sed -n 's~rm %{buildroot}/%{_\(s\|\)bindir}/\(.*\)$~\2~p' <shadow.spec >shadow-login_defs-check-deleted.lst
+
+# The build above is optional only for case of failure or edits in the
+# code below. If any other build was performed, don't expect correct
+# results.
+
+cd shadow-login_defs-check-build/shadow-*
+
+echo "Extracting variables from etc/login.defs..."
+# Extract variables referenced in login.defs, both active and commented out.
+sed -n "s/^#//;s/\([A-Z0-9_]*\)\([[:space:]].*\|\)$/\1/p" <etc/login.defs | sed '/^$/d' | uniq | sed '/^$/d' >../../shadow-login_defs-check-login_defs.lst
+LC_ALL=C sort -u ../../shadow-login_defs-check-login_defs.lst >../../shadow-login_defs-check-login_defs-sorted.lst
+
+echo "Extracting variables from lib/getdef.c..."
+# Extract variables referenced in lib/getdef.c using current defines.
+sed -n 's/^\(},\|\) {"\([A-Z0-9_]*\)", /\2/p' <lib/libshadow_la-getdef.o >../../shadow-login_defs-check-getdef.lst
+LC_ALL=C sort -u ../../shadow-login_defs-check-getdef.lst >../../shadow-login_defs-check-getdef-sorted.lst
+
+echo "Extracting variables from shadow..."
+# Extract variables referenced in preprocessed files.
+grep -r '\(getdef[a-z_]*\|call_script\|is_listed\) *( *"[A-Za-z0-9_]*"' |
+	grep '[^ ]*\.o:' >../../shadow-login_defs-check-shadow.log
+
+cd ../..
+
+export RC=0
+echo ""
+echo ""
+echo "Performing checks..."
+
+sed '
+	s/^.*\(getdef[a-z_]*\|call_script\|is_listed*\) *( *"\([A-Za-z0-9_]*\)".*$/\2/
+'  <shadow-login_defs-check-shadow.log | LC_ALL=C sort -u >../../shadow-login_defs-check-shadow-all.lst
+
+sed 's%^\(.*\)%/^.*\\\/\1\.o:/d%' <shadow-login_defs-check-deleted.lst >shadow-login_defs-check-deleted.sed
+sed -f shadow-login_defs-check-deleted.sed <shadow-login_defs-check-shadow.log |
+	sed '
+	s/^.*\(getdef[a-z_]*\|call_script\|is_listed*\) *( *"\([A-Za-z0-9_]*\)".*$/\2/
+' | LC_ALL=C sort -u  >shadow-login_defs-check-shadow-used.lst
+
+if ! test -s shadow-login_defs-check-deleted.sed ; then
+	echo "  BUG: Empty shadow-login_defs-check-deleted.sed Results will be unreliable!"
+	if test $RC -le 4 ; then export RC=4 ; fi
+fi
+
+echo ""
+echo "Checking that variables in login.defs are referred only once..."
+if test $(wc -l shadow-login_defs-check-login_defs.lst | sed 's/ .*//') != $(wc -l shadow-login_defs-check-login_defs-sorted.lst | sed 's/ .*//') ; then
+	echo "  ERROR: Some variable referred at more places of login.defs!"
+	LC_ALL=C sort shadow-login_defs-check-login_defs.lst >shadow-login_defs-check-login_defs-sorted-nu.lst
+	diff shadow-login_defs-check-login_defs-sorted-nu.lst shadow-login_defs-check-login_defs-sorted.lst
+	if test $RC -le 3 ; then export RC=3 ; fi
+fi
+
+echo ""
+echo "Checking that variables in lib/getdef.c are referred only once..."
+if test $(wc -l shadow-login_defs-check-getdef.lst | sed 's/ .*//') != $(wc -l shadow-login_defs-check-getdef-sorted.lst | sed 's/ .*//') ; then
+	echo "  ERROR: Some variable referred at more places of lib/getdef.c!"
+	LC_ALL=C sort shadow-login_defs-check-getdef.lst >shadow-login_defs-check-getdef-sorted-nu.lst
+	diff shadow-login_defs-check-getdef-sorted-nu.lst shadow-login_defs-check-getdef-sorted.lst
+	if test $RC -le 3 ; then export RC=3 ; fi
+fi
+
+cat shadow-login_defs-check-shadow-used.lst shadow-login_defs-check-util-linux.lst shadow-login_defs-check-pam.lst | LC_ALL=C sort -u >shadow-login_defs-check-all-used.lst
+# RC inside pipe cannot be read directly. Use 3 for a real stdout inside the pipe, and use stdout for RC.
+exec 3>&1
+function report_packages() {
+	echo -n " ("
+	grep -l $1 shadow-login_defs-check-{shadow-used,util-linux,pam}.lst |
+		sed 's/shadow-login_defs-check-//;s/\.lst//;s/-used//;s/$/, /;$s/, $//' |
+		tr -d '\n'
+	echo -n ")"
+}
+
+# Extracting variables from shadow is not capable to identify compiled-but-unused library code.
+# This function will identify known false matches.
+function falsematch() {
+	case "$1" in
+# MAIL_* used by library call mailcheck() used only by login.c that is deleted in the spec.
+	MAIL_* ) return 0 ;;
+# FTMP_FILE used by library call failtmp() used only by login.c that is deleted in the spec.
+	FTMP_FILE ) return 0 ;;
+# ISSUE_FILE used by library call login_prompt() used only by login.c that is deleted in the spec.
+	ISSUE_FILE ) return 0 ;;
+# PREVENT_NO_AUTH us used only by login.c and su.c that are deleted in the spec.
+	PREVENT_NO_AUTH ) return 0 ;;
+	* ) return 1 ;;
+	esac
+}
+
+echo ""
+echo "Checking that all used variables are covered by login.defs..."
+RC=$(cat shadow-login_defs-check-all-used.lst | (
+	while read ; do
+		if falsematch "$REPLY" ; then
+			echo "  FALSE MATCH: Variable $REPLY is not present in login.defs$(report_packages $REPLY)" >&3
+			continue
+		fi
+		if ! grep -q -x "$REPLY" shadow-login_defs-check-login_defs-sorted.lst ; then
+			echo "  NOTICE: Variable $REPLY is not present in login.defs$(report_packages $REPLY)" >&3
+			if test $RC -le 2 ; then RC=2 ; fi
+		fi
+	done
+	echo $RC
+) )
+
+echo ""
+echo "Checking that all used variables are covered by lib/getdef.c..."
+RC=$(cat shadow-login_defs-check-all-used.lst | (
+	while read ; do
+		if falsematch "$REPLY" ; then continue ; fi
+		if ! grep -q -x "$REPLY" shadow-login_defs-check-getdef.lst ; then
+			echo "  ERROR: Variable $REPLY is missing in the parser$(report_packages $REPLY)" >&3
+			if test $RC -le 3 ; then RC=3 ; fi
+		fi
+	done
+	echo $RC
+) )
+
+echo ""
+echo "Checking that all used variables referred in login.defs are valid..."
+RC=$(cat shadow-login_defs-check-login_defs.lst | (
+	while read ; do
+		if ! grep -q -x "$REPLY" shadow-login_defs-check-all-used.lst ; then
+			echo "  ERROR: Failed to find reference for $REPLY" >&3
+			if test $RC -le 3 ; then RC=3 ; fi
+		fi
+		if ! grep -q -x "$REPLY" shadow-login_defs-check-getdef.lst ; then
+			echo "  BUG: Parser does not contain reference for $REPLY" >&3
+			if test $RC -le 4 ; then RC=4 ; fi
+		fi
+	done
+	echo $RC
+) )
+
+
+echo ""
+echo ""
+echo "All checks finished."
+echo -n "Result: "
+case $RC in
+0) echo "OK." ;;
+1) echo "Notices only. Action is optional." ;;
+2) echo "Warnings only. Evaluation is needed." ;;
+3) echo "Errors found. Fix is recommended." ;;
+4) echo "Fatal error. Fix has to be done." ;;
+esac
+
+if test $RC -ge 1 ; then
+	exit 1
+fi
+
+echo "
+If you ported shadow-util-linux.patch to the new util-linux version,
+please submit these updates:
+Change in util-linux.spec:"
+sed -n 's/^Version:[[:space:]]*/Requires:       login_defs-support-for-util-linux >= /p' <openSUSE\:Factory/util-linux/util-linux.spec
+echo "Change in shadow.spec:"
+sed -n 's/^Version:[[:space:]]*/Provides:       login_defs-support-for-util-linux = /p' <openSUSE\:Factory/util-linux/util-linux.spec
+
+echo "
+If you ported shadow-login_defs-unused-by-pam.patch to the new pam version,
+please submit these updates:
+Change in pam.spec:"
+sed -n 's/^Version:[[:space:]]*/Requires:       login_defs-support-for-pam >= /p' <openSUSE\:Factory/pam/pam.spec
+echo "Change in shadow.spec:"
+sed -n 's/^Version:[[:space:]]*/Provides:       login_defs-support-for-pam = /p' <openSUSE\:Factory/pam/pam.spec

shadow-login_defs-comments.patch

@@ -0,0 +1,72 @@
+Improve comments in login.defs.
+
+Index: etc/login.defs
+===================================================================
+--- etc/login.defs.orig
++++ etc/login.defs
+@@ -3,8 +3,6 @@
+ # Some variables are used by login(1), su(1) and runuser(1) from util-linux
+ # package as well pam pam_unix(8) from pam package.
+ #
+-#	$Id$
+-#
+ 
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -99,11 +97,14 @@ ENV_PATH	/bin:/usr/bin
+ ENV_ROOTPATH	/sbin:/bin:/usr/sbin:/usr/bin
+ #ENV_SUPATH	/sbin:/bin:/usr/sbin:/usr/bin
+ 
+-# If this variable is set to "yes", su will always set path. every su
+-# call will overwrite the PATH variable.
++# If this variable is set to "yes" (default is "no"), su will always set
++# path. every su call will overwrite the PATH variable.
+ #
+ # Per default, only "su -" will set a new PATH.
+ #
++# The recommended value is "yes". The default "no" behavior could have
++# a security implication in applications that use commands without path.
++#
+ ALWAYS_SET_PATH	no
+ 
+ #
+@@ -148,6 +149,11 @@ PASS_WARN_AGE	7
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
++# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
++# UIDs for dynamically allocated administrative and system accounts.
++# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
++# allocated user accounts.
++#
+ UID_MIN			 1000
+ UID_MAX			60000
+ # System accounts
+@@ -161,6 +167,11 @@ SUB_UID_COUNT		    65536
+ #
+ # Min/max values for automatic gid selection in groupadd(8)
+ #
++# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
++# GIDs for dynamically allocated administrative and system groups.
++# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
++# allocated groups.
++#
+ GID_MIN			 1000
+ GID_MAX			60000
+ # System accounts
+@@ -196,7 +207,6 @@ LOGIN_TIMEOUT		60
+ CHFN_RESTRICT		rwh
+ 
+ #
+-# Only works if compiled with MD5_CRYPT defined:
+ # If set to "yes", new passwords will be encrypted using the MD5-based
+ # algorithm compatible with the one used by recent releases of FreeBSD.
+ # It supports passwords of unlimited length and longer salt strings.
+@@ -211,7 +221,6 @@ CHFN_RESTRICT		rwh
+ #MD5_CRYPT_ENAB	no
+ 
+ #
+-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+ # If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password

shadow-login_defs-suse.patch

@@ -0,0 +1,148 @@
+Set login.defs defaults for SUSE Linux.
+
+Index: etc/login.defs
+===================================================================
+--- etc/login.defs.orig
++++ etc/login.defs
+@@ -3,6 +3,9 @@
+ # Some variables are used by login(1), su(1) and runuser(1) from util-linux
+ # package as well pam pam_unix(8) from pam package.
+ #
++# For more, see login.defs(5). Please note that SUSE supports only variables
++# listed here! Not listed variables from login.defs(5) have no effect.
++#
+ 
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -52,8 +55,8 @@ CONSOLE		/etc/securetty
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE	/etc/motd
+-#MOTD_FILE	/etc/motd:/usr/lib/news/news-motd
++MOTD_FILE	""
++#MOTD_FILE	/etc/motd:/usr/share/misc/motd
+ 
+ #
+ # If set to "yes", login stops display content specified by MOTD_FILE after
+@@ -73,8 +76,8 @@ MOTD_FILE	/etc/motd
+ # user's name or shell are found in the file.  If not a full pathname, then
+ # hushed mode will be enabled if the file exists in the user's home directory.
+ #
+-HUSHLOGIN_FILE	.hushlogin
+-#HUSHLOGIN_FILE	/etc/hushlogins
++#HUSHLOGIN_FILE	.hushlogin
++HUSHLOGIN_FILE	/etc/hushlogins
+ 
+ # If this variable is set to "yes", hostname will be suppressed in the
+ # login: prompt.
+@@ -93,9 +96,9 @@ HUSHLOGIN_FILE	.hushlogin
+ # ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
+ # (and falback for login).
+ #
+-ENV_PATH	/bin:/usr/bin
+-ENV_ROOTPATH	/sbin:/bin:/usr/sbin:/usr/bin
+-#ENV_SUPATH	/sbin:/bin:/usr/sbin:/usr/bin
++ENV_PATH	/usr/local/bin:/bin:/usr/bin
++ENV_ROOTPATH	/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
++#ENV_SUPATH	/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+ 
+ # If this variable is set to "yes" (default is "no"), su will always set
+ # path. every su call will overwrite the PATH variable.
+@@ -105,7 +108,7 @@ ENV_ROOTPATH	/sbin:/bin:/usr/sbin:/usr/b
+ # The recommended value is "yes". The default "no" behavior could have
+ # a security implication in applications that use commands without path.
+ #
+-ALWAYS_SET_PATH	no
++ALWAYS_SET_PATH	yes
+ 
+ #
+ # Terminal permissions
+@@ -119,7 +122,7 @@ ALWAYS_SET_PATH	no
+ # set TTYPERM to either 622 or 600.
+ #
+ TTYGROUP	tty
+-TTYPERM		0600
++TTYPERM		0620
+ 
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+@@ -133,7 +136,7 @@ UMASK		022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE	0700
++HOME_MODE	0700
+ 
+ #
+ # Password aging controls:
+@@ -157,8 +160,8 @@ PASS_WARN_AGE	7
+ UID_MIN			 1000
+ UID_MAX			60000
+ # System accounts
+-SYS_UID_MIN		  101
+-SYS_UID_MAX		  999
++SYS_UID_MIN		  100
++SYS_UID_MAX		  499
+ # Extra per user uids
+ SUB_UID_MIN		   100000
+ SUB_UID_MAX		600100000
+@@ -175,8 +178,8 @@ SUB_UID_COUNT		    65536
+ GID_MIN			 1000
+ GID_MAX			60000
+ # System accounts
+-SYS_GID_MIN		  101
+-SYS_GID_MAX		  999
++SYS_GID_MIN		  100
++SYS_GID_MAX		  499
+ # Extra per user group ids
+ SUB_GID_MIN		   100000
+ SUB_GID_MAX		600100000
+@@ -185,7 +188,7 @@ SUB_GID_COUNT		    65536
+ #
+ # Max number of login(1) retries if password is bad
+ #
+-LOGIN_RETRIES		5
++LOGIN_RETRIES		3
+ 
+ #
+ # Tell login to only re-prompt for the password if authentication
+@@ -207,18 +210,9 @@ LOGIN_TIMEOUT		60
+ CHFN_RESTRICT		rwh
+ 
+ #
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm.  Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
++# This variable is deprecated. Use ENCRYPT_METHOD instead!
+ #
+-#MD5_CRYPT_ENAB	no
++#MD5_CRYPT_ENAB	DO_NOT_USE
+ 
+ #
+ # If set to MD5, MD5-based algorithm will be used for encrypting password
+@@ -233,7 +227,7 @@ CHFN_RESTRICT		rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD SHA512
+ 
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+@@ -322,7 +316,7 @@ USERGROUPS_ENAB yes
+ # This option is overridden with the -M or -m flags on the useradd(8)
+ # command-line.
+ #
+-#CREATE_HOME     yes
++CREATE_HOME     yes
+ 
+ #
+ # Force use shadow, even if shadow passwd & shadow group files are

shadow-login_defs-unused-by-pam.patch

@@ -0,0 +1,285 @@
+Remove variables that are present in login.defs, but shadow with the
+current configuration (e. g. with PAM) does not use them.
+
+It also includes variables used by the current configuration, but deleted
+in the spec file.
+
+shadow-login_defs-unused-check.sh makes possible to verify that it is
+still up to date.
+
+Index: etc/login.defs
+===================================================================
+--- etc/login.defs.orig
++++ etc/login.defs
+@@ -12,11 +12,6 @@
+ FAIL_DELAY		3
+ 
+ #
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB		yes
+-
+-#
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB	no
+@@ -27,11 +22,6 @@ LOG_UNKFAIL_ENAB	no
+ LOG_OK_LOGINS		no
+ 
+ #
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB		yes
+-
+-#
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+ #
+@@ -41,29 +31,6 @@ LASTLOG_ENAB		yes
+ #LASTLOG_UID_MAX
+ 
+ #
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB		yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB	yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB	yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB		yes
+-
+-#
+ # Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+ # SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+ #
+@@ -91,46 +58,12 @@ MOTD_FILE	/etc/motd
+ #MOTD_FILE	/etc/motd:/usr/lib/news/news-motd
+ 
+ #
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE	/etc/issue
+-
+-#
+ # If defined, file which maps tty line to TERM environment parameter.
+ # Each line of the file is in a format similar to "vt100  tty01".
+ #
+ #TTYTYPE_FILE	/etc/ttytype
+ 
+ #
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE	/var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins.  The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE	/etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -".  For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su".  If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME		su
+-
+-#
+-# *REQUIRED*
+-#   Directory where mailboxes reside, _or_ name of file, relative to the
+-#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
+-#
+-MAIL_DIR	/var/spool/mail
+-#MAIL_FILE	.mail
+-
+-#
+ # If defined, file which inhibits all the usual chatter during the login
+ # sequence.  If a full pathname, then hushed mode will be enabled if the
+ # user's name or shell are found in the file.  If not a full pathname, then
+@@ -140,21 +73,6 @@ HUSHLOGIN_FILE	.hushlogin
+ #HUSHLOGIN_FILE	/etc/hushlogins
+ 
+ #
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ		TZ=CST6CDT
+-#ENV_TZ		/etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ		HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ		HZ=1024
+-
+-#
+ # *REQUIRED*  The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+@@ -180,17 +98,13 @@ TTYPERM		0600
+ #
+ #	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+ #	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+-#	ULIMIT		Default "ulimit" value.
+ #
+ # The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+ #
+ # Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+ #
+ ERASECHAR	0177
+ KILLCHAR	025
+-#ULIMIT		2097152
+ 
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+@@ -211,28 +125,13 @@ UMASK		022
+ #
+ #	PASS_MAX_DAYS	Maximum number of days a password may be used.
+ #	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+-#	PASS_MIN_LEN	Minimum acceptable password length.
+ #	PASS_WARN_AGE	Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS	99999
+ PASS_MIN_DAYS	0
+-PASS_MIN_LEN	5
+ PASS_WARN_AGE	7
+ 
+ #
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts.  If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY	no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
+-
+-#
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+ UID_MIN			 1000
+@@ -269,28 +168,6 @@ LOGIN_RETRIES		5
+ LOGIN_TIMEOUT		60
+ 
+ #
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES	5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN	yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN		8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH		yes
+-
+-#
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+ # phone, home phone).  If not defined, no changes are allowed.
+@@ -299,13 +176,6 @@ CHFN_AUTH		yes
+ CHFN_RESTRICT		rwh
+ 
+ #
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING		"%s's Password: "
+-
+-#
+ # Only works if compiled with MD5_CRYPT defined:
+ # If set to "yes", new passwords will be encrypted using the MD5-based
+ # algorithm compatible with the one used by recent releases of FreeBSD.
+@@ -354,45 +224,6 @@ CHFN_RESTRICT		rwh
+ #SHA_CRYPT_MAX_ROUNDS 5000
+ 
+ #
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+-#
+-# Only works if ENCRYPT_METHOD is set to YESCRYPT.
+-#
+-# Define the YESCRYPT cost factor.
+-# With a higher cost factor, it is more difficult to brute-force the password.
+-# However, more CPU time and more memory will be needed to authenticate users
+-# if this value is increased.
+-#
+-# If not specified, a cost factor of 5 will be used.
+-# The value must be within the 1-11 range.
+-#
+-#YESCRYPT_COST_FACTOR 5
+-
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting).  Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS		floppy:audio:cdrom
+-
+-#
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+ #
+@@ -407,12 +238,6 @@ DEFAULT_HOME	yes
+ NONEXISTENT	/nonexistent
+ 
+ #
+-# If this file exists and is readable, login environment will be
+-# read from it.  Every line should be in the form name=value.
+-#
+-ENVIRON_FILE	/etc/environment
+-
+-#
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+ # the user to be removed (passed as the first argument).

shadow-util-linux.patch

@@ -0,0 +1,139 @@
+Add variables referred by util-linux login, runuser and su, but not by
+shadow.
+
+Delete variables used by shadow implementation of login, su and runuser
+that has no use in util-linux implementation.
+
+Index: etc/login.defs
+===================================================================
+--- etc/login.defs.orig
++++ etc/login.defs
+@@ -1,5 +1,7 @@
+ #
+ # /etc/login.defs - Configuration control definitions for the shadow package.
++# Some variables are used by login(1), su(1) and runuser(1) from util-linux
++# package as well pam pam_unix(8) from pam package.
+ #
+ #	$Id$
+ #
+@@ -17,9 +19,8 @@ FAIL_DELAY		3
+ LOG_UNKFAIL_ENAB	no
+ 
+ #
+-# Enable logging of successful logins
++# Enable "syslog" logging of  newgrp(1) and sg(1) activity.
+ #
+-LOG_OK_LOGINS		no
+ 
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+@@ -31,10 +32,9 @@ LOG_OK_LOGINS		no
+ #LASTLOG_UID_MAX
+ 
+ #
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
++# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition
++# to sulog file logging.
+ #
+-SYSLOG_SU_ENAB		yes
+ SYSLOG_SG_ENAB		yes
+ 
+ #
+@@ -58,6 +58,12 @@ MOTD_FILE	/etc/motd
+ #MOTD_FILE	/etc/motd:/usr/lib/news/news-motd
+ 
+ #
++# If set to "yes", login stops display content specified by MOTD_FILE after
++# the first accessible item in the list.
++#
++#MOTD_FIRSTONLY	no
++
++#
+ # If defined, file which maps tty line to TERM environment parameter.
+ # Each line of the file is in a format similar to "vt100  tty01".
+ #
+@@ -72,12 +78,33 @@ MOTD_FILE	/etc/motd
+ HUSHLOGIN_FILE	.hushlogin
+ #HUSHLOGIN_FILE	/etc/hushlogins
+ 
++# If this variable is set to "yes", hostname will be suppressed in the
++# login: prompt.
++#LOGIN_PLAIN_PROMPT	no
++
+ #
+ # *REQUIRED*  The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH	PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH	PATH=/bin:/usr/bin
++#
++# ENV_PATH: The default PATH settings for non-root.
++#
++# ENV_ROOTPATH: The default PATH settings for root
++# (used by login, su and runuser).
++#
++# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
++# (and falback for login).
++#
++ENV_PATH	/bin:/usr/bin
++ENV_ROOTPATH	/sbin:/bin:/usr/sbin:/usr/bin
++#ENV_SUPATH	/sbin:/bin:/usr/sbin:/usr/bin
++
++# If this variable is set to "yes", su will always set path. every su
++# call will overwrite the PATH variable.
++#
++# Per default, only "su -" will set a new PATH.
++#
++ALWAYS_SET_PATH	no
+ 
+ #
+ # Terminal permissions
+@@ -93,19 +120,6 @@ ENV_PATH	PATH=/bin:/usr/bin
+ TTYGROUP	tty
+ TTYPERM		0600
+ 
+-#
+-# Login configuration initializations:
+-#
+-#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+-#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR	0177
+-KILLCHAR	025
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -163,6 +177,12 @@ SUB_GID_COUNT		    65536
+ LOGIN_RETRIES		5
+ 
+ #
++# Tell login to only re-prompt for the password if authentication
++# failed, but the username is valid. The default value is no.
++#
++LOGIN_KEEP_USERNAME	no
++
++#
+ # Max time in seconds for login(1)
+ #
+ LOGIN_TIMEOUT		60
+@@ -315,14 +335,6 @@ CHARACTER_CLASS         [ABCDEFGHIJKLMNO
+ #GRANT_AUX_GROUP_SUBIDS yes
+ 
+ #
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+-#
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+ # authentication code.

shadow.keyring

@@ -0,0 +1,667 @@
+Serge Hallyn <serge@hallyn.com>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFdP52sBEADlYeZv86QBwFAdQAXDM4J/8S4itUzVdbT/VLgsD/Rwy24nPgYG
+4CaYyekBcrAeUBSAv6jP5fmofKYgiPzoJZjBn/4THk0O5gnX8X8xrEpONroksNvK
+9dv/EgbrYoFbHpifLcoL7G+7ZvMU5bN5a5Zt1pfaru9FWaWFOZfy+iSU04KvOuPk
+7vOYM1+smgnVJWx4SMcfqisO6qqYeRQm2Vm6ZfvHvt86wCdOkVbErRCNmKekaCxd
+Pedx7zEFe8evGaqrpQn0PJ9sw/l1HqtKHD80fGp57fUCsbu4H6E4acsKgI+btlJh
+dPknuz/fNoSWN/ifr+Kb4OtsHA8fyYqSO6Nqxbj97/IdcIxcasbvVoorqbLdE6+3
+GNzqrmVCh6wZWOOAMlD3a2KJHM9rS7r9K117CAr96VLwv2o5bL82sNRl1iH3OltU
+Y9/mvpLHxJUOdbK9dMZ9pVGDZhXj9ZzbG01Ylc8pl2Q/Od55bJjIZD20V20vm4J0
+AP0A9l6dtQsi5kqfg8AtOsZc9o9RD3rE9WLkXtYiRFrvI6if8C2mydPKflU+L061
++pLw4MeKEsXXDkBjeTQIvKXtca9iZQxJi374XeUu2yAIiuRSfb30C7RdcX9Bwzk0
+HLFP1OsXOVMTt6w9oiYnQ3yR2yaSeX6U7bvumZFuSwh+RTCIzpO6po+x7QARAQAB
+tCRDaHJpc3RpYW4gQnJhdW5lciA8Y2JyYXVuZXJAc3VzZS5kZT6IRgQQEQIABgUC
+V216YAAKCRBJNgs7HfuhZOnxAKDmGfKHuex5iSPel0BrcU2nrBo6VQCg3cKVvSGo
+ie7iseyA6DoUL/0RrFCIRgQQEQIABgUCV3AffwAKCRA4mlY8wnKhJnsAAJ9ni9Ra
+0+GYkwrJZM/31a9wgpbqTQCfYF3g2jYzmaV7bZDhvo7rP4E3kUSIRgQQEQIABgUC
+V3JksQAKCRBdQqD6ppg2fouqAJwI3RpqSBaiqmtmeuHg1m771/9w0gCdGJf/7ZbE
+dzQl9BqPtUnvbCUScluJARwEEAECAAYFAldv6zMACgkQYouCpvbsIhoRcwgAnnzD
+IRkmnt44u1FN4WWCAPolbi3HzcQXyDLm4/5/DXrL/h7OhLSzmOXKGXpQJR5LXVeY
+L3Ikb1ZCBv0BxBQWLoR3fq0Ulv+o0vrNGbYLeb9XqfjPYvRb+KIYC8o10Y9vs9MQ
+S9ZdGAed8q3zawsuop+vwBEGaEQEeJZudYFRnOEux9Mnq6d9DwDftKCGfP+TjjkN
+uhOdoQMK0ZvVShcLpc4yDuf3qeBaL0jSKGcdNAyqFmnE93ud5ZxD3GeRI+Mx+p7S
+TTVMKvxFxTPxH+wt7nTVi39k53A1frHvOjZ7ZSf2b7ouKxUV1SQL5aPCgKW/pIHK
+mwF/f9IZzPgPi7AjGYkCHAQQAQIABgUCV3AfhAAKCRBSlCSj/5Eqy3YeD/9PPubd
+Yn/QCjuu3WqgtpGfSb9F3ogMnc4mUZ8QAmVYKGWzHAogLr8V/CwCgCV1LCDbo00g
+1R4ecs2FlNFBGTiGqNSFXCsf8ka7r2ArZ1/BNP63l7MYpAsK8n89dnOSN8HxuDeV
+RafcGpF1HZsG4PqcoMAqkvXR6ssgkg7jZ2X9ttbEWWarAJPmzV2jlKjnAXwJDvIK
+pNHm71hoFrbBBraeq/K2tv670uZIFwZ1Wgm8QiuZXUbfZSSQmiu3Et5khnx6iDY7
+jc+bRNYfCHZKo220mDU5EltKwBAM5X5rcWSXfZsWX8ytyVrmRIb1Cq8oQ1BzVvMQ
+sMhtdMyoDLBlQ9vuH6eiNlADumBBCpHX0U4CaJ/5dUPV0YMuw7gtIXOiQ9FIEoWs
+50yr8c5jZ8upbeFg7fYY0I0vIn9z7BigwOr3j5tuQbhjrmgTYNGGfSOfK/ukGgpd
++f+dleJCur9bdD9mFots1Op1A9AaKzs5VZGKi2/CUNqAMV3UV7/xt+5+xXMHBR2V
+LHNynyBxqHwfpjPH1bu0d5R3ULsjX3qKBkdg/ogiANj2B43lewNUIeypY/jeG9dN
+dLqrkXVSpJ4LN7u9L10kT8K8shDUznazGLPC0LNYSqG0/kPNtH7zEfP7b3QMixyz
+GK3dF7ynC9WWBT+S6LcOdAAIAVS7LXnJQ4NjiIkCHAQQAQIABgUCV3E7PAAKCRB7
+9ynV58gfoKNJD/0Z22zhbDtwnGK6GaiTWcSp8clBW6aBg2jo8kmle7K9XXH72byQ
+KundNBiRbNLHIXTMPvpw7Thb5FGTk5+VR14YB2qO3MvCXRacBST+YsfzmJeVhs21
+GLtvfEleTxc7Xd8KYvEY5IRHeq7OnJ0q7SZP7z/i9LytX4JObrVTpwpBFTqlUlrj
+t+lzOCSAQGCnVTmdkryuh2j/sso6PbPS6IxA1f3RRn731rhZ41KIkteP7tJMAIkh
+XnucHYm9UFdzT0NJLyDKiREvG1HW7E7OJO5jWudqbAhpTjeJl395miEFC9EDs3vO
+wAj6ZwJ0B4ZiMvdBs1+KRt7CgkXoVcF5vABz8kbtfEQg8UfPK0qQMnvevQyQglCD
+TWglSxbCOeZvABwZUCldvxcaSoQ1QsoOrMNTgADqv0RlPCqzBH5vLjFt/Iw6dXSr
+g3cRvz8ztwrcgWE1CtVRs3i9xhCbHprP5rXp8UZXuTSH/6I8FInGhq/FWbI5uk2e
+6G5KY4Jmo0lbJa1okX5T2eK3+eDCNGS2MfKMXnhFX1qY2LAzkjR5pfFtDmE0ZO26
+7nUMdJcIGic/zXgU/hpY0uUwB0z17rV3Me77VO89NJS4UT1BKQUe55sxpJQS0u8D
+o8CAgyD6CBU/ipMvqFtYqwPNp0jjfLlDjf4IJAEEpWV6Al9hX+v72GVwSIkCHAQQ
+AQgABgUCV0/zrAAKCRD2MFllAQJtta13EADFWwQ2s8ENOx1KXJWm8v3merMm8jVS
+zAJGwhp/sEJI01sBKMh4a8IUvvr9Twj5AIHnWjxDwzs/xowDjjx9HHjbUGQeu5bI
+CFsCnccA+3PJkAGFB9OwDfvdMInacu8w0/TgGMUTPsAEG3S+gD3pwA5vfdUDeqiu
+WlH3iElZkRFg8Xo4o+fn2msGFxVVfmTc66957uOtFGqCSIrMgOskkLGS0WSEW/v7
+9xFyIrnLTd83omcJNBr/uaPqsee6NXv+/xxkf8E10Dms3XZtRiVPDHjBis7lobB+
+q6P28e5M9e706BmlBvWNyDGE3dv6rKYqi4VUSC5tVacIpeP5M6QFRIa/KpcBFYce
+S10M0zl0CCegm6/CjX+zvsWxO48yVpP0E+O+ML0MkxFxYdu44yLbBGy98Pr6nGVD
+qTmZU0rVd92rNH9fLdGa6PdSvmV2K/3W3uFtcopvi3rnSRmY9j1zClJ2w37cuDOi
+sCD1ZdA2aAUCgQRDjhqCSoozDbSmMeZ9d4WllIMIWKb4ZKs0zZyWY/qM2VOkxdBc
+I/7s62TSSTm1fEInTXIiBb6GMVdqa6TCJUtxRrkNye0d+hehvPI3KILZcGokFa8/
+PLVOGGAdhczhyOSVsVphvN90nUUbw9uxQG+TA0KysYH9HNDgOsO0o0K5AoHK9fQO
+DtaizAC58tZq94kCHAQQAQgABgUCV25NmAAKCRBKI+NPoDNDbU91EACEj+L501sg
+Z57NDvfwK21fPHDdpU49G8qjCGj8XgUWC4Aoilyp16WBzAf2Z+YOGbXX5jG/KgkT
+JjkxvBY5vo6KX+THPc0l1l2AwSP4+gc/RcpJhvCajYW4UpPaOykPSeVj26ng7uIZ
+qE6/THrDzbTa+nlHiw/qjW1KMR06m0B9zreh1NurBY9+ZPMbC8K6uXbAjGEDBPsZ
+Bt7mhh0x2ZGirXcKSO0QPHnE1tl08/4toBWMzx4SzMvoLMREeLgsqrEx4UYNPMrK
+eLZg7rTWNt6u51ekJaz7e3oLAScxEKeQ3+JsUgkdMYyI6jZWJhB8PBlU8B1Ukdxz
+8W/DzFhJThNLsTSJ47f9H1/EBsXjiU8tLAyHjMqXW4jiicUXMm+6kKZ4bgirK9OI
+5nbFm5v5LBQAZ5WxOANlELX1A6U+M6QbblqBDokdjsSHcRiGJBy6/+tF4hSyAWi2
+ku4VMN6E4eLEPBmQT34l+PB9NHosYQbusSYmzd8ImMOwe6oSE0e4Dp4H2YCBjmj/
+QqIadZkUUbyqRo4jMYjXcXukZoPeglcdfL3EOvTJ06w17xMivp4JjdJ2SIOfZ3sW
+5SjegvsLNhubOp+tnBxgOgepXwDU/IsnOCCjWcs2ZGkV6bcWCe+6JLK7bFe6Iuo7
+G+AI4egrPiV3B8ZCcugnG12zmBSEzGqv/4kCHAQQAQgABgUCV4PEHgAKCRAIw+qn
+bsSODNzoD/4raTvmpU9GNDFPOs7sI8iyAsFgbYdvwCVptk9E4wq6bt91HVKXf5PY
+bVX6R9zNIZ4tchQfRRtm323C5U7SFpQYok9Lae888o+rsBIhE9QHhbMp9k2Ze8Wj
+dXVA8AhMYEQE7vtDD21qiuMl7YMdWWxdaJYdUdg1WKy5GVHyiOcGd1lSDQYblHpv
+EzZNkDPdU6SCCApEz2LPA+obUJ7kaiYfynKJ7+BoQagWFE4TDxAQjLS915y79s5D
+p/H4DaPKyuUKn6/inBx6Iy+y1KVP5HrkZUiKsB7oklTPhZsmDzsVye2kw0R5CENv
+ydEcZiaRunWBnGzDbhquOHnZ4PPlb/l1mGbVt6+SqBdFwwmJvlYG0AReTm83f80+
+TfVGMhoAB9OkHOPSYHOFZtmP4n1cFFDGubSrxqcqb+VkcvUW4gk33hC0zQsCdSHo
+oBcgtMb0zjHMlTVfzcuJYAgQZ9AXufC9WN6Z/RoZNjXmZF5dMbJRv20ZxDzgBiZm
+nt97dglPyGJBNZgKQkq77OHJPe9ExeMs69BwCn4K2d7//dMfOpXQRzM6Ld4K+arG
+DXmHMUieYtYVxAFFZ9Pea3C+DHyDjE2rvYKVp7n9X3xMQf0v6eWtTJh8qzgToWjD
+HR9o6s5bca9OjjH3N69vHuuOZ3xS7suOhmxwDTNU8V0tatLh4CTuxIkCHAQQAQoA
+BgUCV0/4NAAKCRBd6JSaiZyNmbgmEACDOV8itTP6M1FEFtylwhSwikXEcNO+yQCl
+7ciXXDUS8mDnxD5ungMDH4AK0617VS2xzvq6uag6hQNsdA6PTG5xHZ03/wCmKQPS
+P6bGBAd8G2AsBFpJ1IAATm15u96ulpmHLUmvnFy2zJm5xPYMkZ0vEzd6VEjEWCLf
+KmXiYrlWCXmy+T8Ki4MhXEAStg6o/0zswNdjWuWKwvwKxvQ+tKEIEcO0bNxKUH4p
+GCSYlDMUmHwb8DWKUk9TP3r09Q4C4NHdfuUo6yYDjovVtbnaOVxqp0Z6N7QZ9PP2
+xlYFBFNHv+EHYvrEahefelqQpGsDX8Dmb0jVxtniRImgMhfLRmid46pSQrIxPvJO
+xYXID1Gb09eup9sfB33JhnIerKRNaIgRhy/kTm9yZ3jdQlR8p5iPGFu+9T4usK7H
+IRN10lT1NoQdfe0zzectwCM/bMIk692cnJEtOvJ4GHg2NBmVoiXftdGraXHUBbKz
+8CYrY570kRwoEIyLehI5d7UuTiRncRUVIoNk4UYuCIaQsx3DLYTbHcPTOy6y0FlR
+GlMAMyDnSAhUOfwYGkOrhYG9AvVeibhAtfWmnWKkz+mLNXWaO+++Qyw2LVDY+WDL
+gf5XoeZvEGND6xUW+FHRAJpayTwPROAgaRQUd+EtEWN/4L7qNF4TJzmr6e1N2JnY
+SJi8tGekHIkCHAQQAQoABgUCV0/+ZQAKCRCWvoxv2J1lZcjQD/4m7R+L/90k67wv
+QuapNbVB9T+3iDkna2yY9A0AW0hlmeFaVcPIgU54KEmNhP3buFPXNAMZyDiaWK3M
+qbA+JKH8SlZ1OE/eDFWaxsOXmEQWYwLzwKL1DsNLYE6GsbdAvNFpYJTpLcZhhmT8
+s+pIzVp7ou8B/nDdwA1CIVD2N6Wv57vNFkTkDBWD3Mv2Fl7TUhvA4CzKzWq8jOk2
+H+x1hF6C47IfauOAhioEAdP0fg60+16JBHEt2uxRQLzDR80lELQUq9vq1mA8nJCT
+RqEephaRgQLsxyMHSB0nrMWbZKj419kA6+OY/oLaTwma7ujPVFtZLTx1wzFYX54Z
+GlrZf98cl+B+/Qhr4EOpAkwAyMweDRjEq4rYxUKSkHoe7HAztkzyLePbw8Ggmuhh
+8AWVq6qabLeg8EVUrEQHh6ZA/bm4m+SfdlvNzBmV+zWAqFMvt+EV0hXVPFIGW9r9
+mbQvGxkysDtC3ooMt/xiTskyzMyYdU+gcvGFZznyqWwatgfqywnLUeW5dVz1cluf
+i0u6XCXYyrlMd49zl9NZwueMuEdWxlsvW8Q1y998iNOx8gk8x7qbpdkWGzih+lMa
+fa44bNduF46AYPRxik7/ycxpU/Q/ghNnE/pZwWW34+pCsrpyq51eVi6SsG/PmkcM
+fM/VDBmfBwVUXUfKfW8Ab9gT/G/R+okCHAQQAQoABgUCV3JirgAKCRAswFiKJZLS
+yB0QEACnKdjk1Gt2oshEnuVM1MZ/I+LRRdK0OVn3+ZBeTqWZe7ZhM6xfEU2VGG+/
+dqNF9gfvXHqL/BM6XFShUSDY9gf0vOEjxS9sGWYQ/QFIaLHJrIM/+UGHk71sgj48
+HD4nZI9Hg8k0bBdhS829xn40KfkSSw3wmO6OF/a6VquRYGO6OI4/ZIYEvPqAQvuV
+Ki8f/3uxkXTAD5ZIxyykD6hW8ZbxNoAeBeQ/96SSTRtIwW3P6iTY77UYq43aPmTV
+a8OlSVDWYUwqOEZemtxJQ7HxQ/gBwpLa4xN5FGqWSHiDsmfHm4vU9XzpvYBUaJS6
+Kxyk4cBm2hRpFXRO6Ohwl4uct6ByAPv10L/SxRAgTgLFsHVGRXcnG2XsPCON4Kck
+kYxxZoPNoG5ilHrv9nDaVq2izx4j6YOtnjn1vEa/rRzH5r+q0HpwZc3q8erPLuSH
+N9vjGae5jyhwDNCfJlRotYLOZocUwMPfgsFxA6hNHLu0uEKOUN4OnEV0INmYfzIl
+X27iZYBo95HgTfnKis//kwnj901aujmAvtd733FAs+Y80AnGAKUKNUfEo01HwLVl
+9cTtCU9yc/8S3CIqNw1W4Fvte1VaK8Ak06tF1eVgtPwN99yqIwYZtcBbIxYFHnx2
+3JYVrIBKO3EHGQOKCN1LBMzPzHUjecARAQdChCPBQWTK4lzj8YkCPQQTAQoAJwUC
+V0/w2wIbAwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRB7PDke/qk2
+JHkPD/9JUJ1U7nc+TlqPo9PngVM3drBlTPATFVjQ3RK+Y7d4Zyvmgvp98QytGZ3N
+Fakx2d1jJIDma7dx081vbUv0zW95DmT0rbUcVs6hhECzjMq48NZvzTM2MT56OiY4
+9QSMbprFKugxcPaaMYnVNzj1j9grvcOOX+I5AjhU3JrzOZfmEGazxVB3zDSlU0CM
+/B/a0xHkXGrer+1S2aY3hXNoPV4bp+hQ8duxGGk0xaKYt/v1e3Ln4P+5F/bNZWWO
+0G6wIrhf7EkjTimBFX0hsaVtzPGPxdS29xU2+9Kes1EtaNMveR6hhmBn62F5zrxa
+xssF16Kn2xPFRCE9xlg4/o5JW3MmWnznUm8nK9LAlUEfPTt615mpWX2zga5T+1x2
+KJpjtRjAL0AC8hOVQTfCLjXl/RMeCRqv4uD1B/R1fxbODXeT4QSeQr1R53zg9l+x
+idYSbEfczSa9+Ub/dlDutJIsVyHecQqxeHvuUjhsO4AlMP30FiZsgRGAUnge7YrU
+OHn/UClqiaV2ZqVIW6gssNfu93u5t0cLCZqRS4q2ciGWgUHe59cudKplHZGl1cGP
+CGuDRS1FjmLyru67UxATqzJAGz5KWwXJCsfni/EQASA3Lz71adEcD6PsE+BIpYbA
+SBesXXrUrovJ0qUCX8UPuWVAe47a6FcMJNUQi6SY1/hRGX/1PokCQAQTAQoAKgIb
+AwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCV3epzAIZAQAKCRB7PDke
+/qk2JGryD/94714j4KfuxQZ9vRB3CpaQ7HV5JP/nSSq8NSIvrDlPjbYupzzUEocI
+nUU2ue0LKXIKtSCgEwYlLEV4jskV3QFtVce+SBf3/A9k/aj98rKzP2gxncbhhV4Q
+X0UNVXdFpYKZeTM7v4DcYNnO2lPXzFZSP0galwZEJ6m5615m+kgnESH52hYsPKSP
+CvoMHUf2+xnHZOdP4iW4MmVKOomV7Vp6YO7O1W3C3v7NZZhlhL1B5xsCucM1ETKY
+zRRqcyd3OBveGKc0ndycP7vEVKUpfwq4V65JCwbRN3yb/A9xNY3+9po+IuGCqzYQ
+8EMqX55JHJxPV0f3JQFzRdMyT9uySsWc+zDCyAmaKFAL+VU8c/KSobmHJZDAFfZe
+jJ55sUsF00Kiv3nuagA+oiUE+Q7PdOODMmmuWK/PL0gY54qfeBuTM0mfpPqEkvHO
+Ag9rAYeX3IGCzNr47v3gaDPx6pOhnHyfiUM8LXOgNbhgU5AiuNYnAW8BRuzOgTw1
+YhP9iOHkSsriWNVlh5zbkN3KmlfQmD4iJbkziCVm5NzM0BwWo7wR5wOMSawPV9Q5
+B/pM6UXASbN5cBqD5os1ztjOGzoi1OkBg08k+YaK/ULk9MwFWwAMUwNStPzMMNa0
+vOe+8Spyk2vOHXfQSib4JfNx2hkqAEe6AqGcrXyRLfzYjcskKRTO1YkCYwQwAQoA
+TRYhBEiAuMm9DlEG/AcPT3s8OR7+qTYkBQJaw0vRLx0gVGhpcyBlbWFpbCBhZGRy
+ZXNzIGlzIG5vdCBmdW5jdGlvbmFsIGFueW1vcmUuAAoJEHs8OR7+qTYkSmUP/2wr
+eCtvKeArUMkfqFG91i0BFNVAbX+S5Y6mMt1nPdnaHdEE6KZnalkzhkUzxH64/6kQ
+vkf1wBvYXEf2PtTJI9ja7fIOjvvwaXWsccgySPbW9ohDRXe2u9ctT+8BLZYbFhg7
+xZmuxXRvIedbsk9e+JXjMKUNNVgbN+gyvwhd8XoUlqtkeAYoNEeDNbfaJJxPhivE
+t1obB6ZQ1urPA1i6OsmREdCDWsLSEU+kAJo2jJ8xjVMXbM2F+FuxpUVJj3z7H2NQ
+t4xSZPNCvkEQW+fhSy7B3pjMQxISTApxfva+/O7rUKMdUcai7IrOoMzLLqTYY+iX
+IZh64pnZzbPMnkOFZry7XCOm0S4pgMLhHUAtVSEOx00jJ4SU+AbtN6dIPKyZZkb7
+Y1OKNzY8mS8fjwSIMOm0qpUqg9gYyxOYEuIa8osmPGoRQNky8ScMRMQTv949fYSW
+uUf+5+dHzUkBdQoxjoDHFjQZqYhaCr82Hf7DA9jE83ropAj8MhCcNgPvt2JSVpT8
+Fywcg3GI1f+rRG++OTS7AZI80Lp22LrhhkLsXM7K4gH3PUT++NtlvGlYs6UblAIz
++0SLMNB0VksgdIeyPYDdcRglOFbP8KPn4BbVQZQ+4aQ19E/mVCUmKs4UUQLJyutf
+Hu7dhtKbjb69a1VCgVwdrZGCm1ZjBFw1jaPynnfqtCVDaHJpc3RpYW4gQnJhdW5l
+ciA8Y2JyYXVuZXJAc3VzZS5jb20+iEYEEBECAAYFAldtemAACgkQSTYLOx37oWTr
+dACg0SuyQ6/plOa41H+Z+/Qh4JccIjkAoJHFJqfNZ3+kC1R4/q8jOE7TUKwEiEYE
+EBECAAYFAldwH4EACgkQOJpWPMJyoSbhNACffM9G19hkBiTWQIXG/bP5siFVkmsA
+niGb40WB2dpLfhFTZiTGwIx+VlPYiEYEEBECAAYFAldyZLEACgkQXUKg+qaYNn78
+sACgujvn9FRgNhbkGX2HtJYOAQN/YM0AoNxKZzMlPTRwBvBDAn5AgEB71zw7iQEc
+BBABAgAGBQJXb+szAAoJEGKLgqb27CIaD9cH/1epElOoE6pHP0jlocfgagaZh1hv
+NjpI75htz9IRO0m+MhJl1hF7bQjAumYAvihRGiP7tY/as2+KzAdIdcN4r2g+DOzZ
+19BRtrzxlag1AZbMBHLNnj9VaQlAlNumMJao7X06AedNpRlUja7XonqNbulrrWZP
++alZbw1ySjUarCwTCqvFm/OlFAMAd3ggTnu2AvFsVoRvYTfFzO75DsTCTJZCV7ge
+Db62l5fRLfwhHxanL+htlnPXZ2GVdZAT1V0s52uAfSiKKMowJvHLF66y1/QhhDKO
+4JO0bqnCSRduht+s3xvRtgEG6DlLZbjAbTXpbOfMrgy2JW90TNkvY+3MumWJAhwE
+EAECAAYFAldwH4cACgkQUpQko/+RKsvVBg/+K0j3olxzT9a4XWRJPFuK+AnWSKu1
+s+SUOXt5vqqheAS4Iytssg/U3HWWkR+2cxKgB2eAov9eu85evbQyT8/uREdUpOpe
+lr+mCGzSYQvw7HLcwEASyopD5ITUs/rDu50zuw9JMVPdae12PoO+58crloJQhw4S
+lL/9cZ1yDKS4vyAbihvsyamfaQNQIYylWto2zvfxQuvHv+rSHHjMrERh+aPm6ZC5
+0v95LGhA6nPK8w+plAoEDfrUc7PmduMAxQ2wZSeFxxIDGtBnNZRbpT987fmVOWHo
+uuTimPszSaFSutUkCOe9sHw8J3s1Ejq+FDYYcs9d+N5HFEIHMQ0wIh3r9/JXY0a4
+lpmokwxZYYqxY6S07ttdygCnsc2TZX7pNoxR+cIl//HnsNQIBvuD9zv1PljtHi1X
+tsoLvv95dlQxBug3mVcDci9y14e76eV0temhgwHXrXDQ/PsGvgkcyo43d1kP/4r0
+lkGMHgH/qypKPxqAicMv4mhV02PwfE/sgKMSH2ZvCRxj4nFPvsqxVA0L2eOMqozx
+aojroUoE1kzxEy9hGYBEqsNfk6IjvUVXGB7cVpOqc/wtM9AMBT/YIAAhuiOlB5bB
+mlM5qqxWEnF30+AaXHTssk58YfsIT6HMiIBW46RYrjv9EhZ+328Sq8Rc5c2xE2Ri
+0m4y/HpvoOaH28uJAhwEEAECAAYFAldxOzwACgkQe/cp1efIH6Avmw/8DjV1CyzK
+zd3IDix9wg45NDC+ih9ARuujW8Vow+Rb3zjzwixkk+3/Mo11aygLTbWBjTE4FIOC
+WkstknZpjuXaNZo4x0f7Amrw3FM7V9rCiPr/dyiBZW3dto21ImOmdXNGCjxt+1P8
+/tDRr6H2dJahE2mkLTEGbQ9qpzebwmgC6epF3cgx/eQJk146Owrll5kdytfjyAP0
+uAlXsrX2U45UEXDl8K8f5vgvGQ+9CQeaaLp5XVP5quSmRdMzPIkqHOWjQmKE9kr7
+ovR+WQl3WO4vhYY1YKG4cNiVorjbnXyXlcvbpqW/ARjfEkdlnm5zEIogGWbBeh4i
+bR9yFBXYS0x5PsKj+rTaKu6OvoYqtI/x7CL1YxpL3qXfocync/BYBu8Gyp340cQv
+NYctKqHv98/gZGgRU/GBmdvSvZh5F5AJrswUzWfLqW3ocRLJR5F9lRedjMXv2JCP
+kqzlVzAxPRjY4exBCpo8B/IbrGQB2v0pYwe5OtfyBdATbo5z5fxu86S35dZYZ45N
+xdLP63FUQhmQvZAvh23WBHRGbk59MOzGBR+LwxGqNxlKr4dEISc0d+UabRyhIcwv
+bL/Iz+NE6CXbbwHIe+Qv7Bv4z0SzBOXq9zDMMlqPOMNSQ4dXDOObWUzkpV725Bdc
+kBca8O6iOYNWmrXbxVly01gJzDLYF5+80gGJAhwEEAEIAAYFAldP87EACgkQ9jBZ
+ZQECbbXe+RAAuA5H0gr/FalV89UEUqk/yXzcOVvaTmcdykauUOzTjExTVTSx8aqR
+Xe0raupNGSUYISoHzbpwpdfpuvEQPXgWpPX/GD3a5pzZE+dS4UdU6G4H+eFmuaSI
+FEpDI+eFDWGKu8aPmJ6ZiYh/FGiPLR6PPq3ubENf1Oz+ukPVgQToRxE5oix/coDb
+Ypa5wBQY6zSWiuxa313xb6pztAIjIM5b3kSTC1O0gssCAsJiNTgZaQj9uHxKbdNk
+qZikAmf2auo8xDpR8iWvy1M6KrPf0aV2B0nHj2lVCkbAsbmcGqvvtDVNMWpFj5vp
++qz8EWsa4pYsKL7WF3n2yA7OJomvKjxO70zSiUZTMK++4SdaOCNMJqMAyjBZYbVa
+/am50VRaENVPaqp2vK5hJhDGVrHB50NlDnjn9Rh6NzTCaROy3XOpJ18mGRp6+RDU
+XE6BMwwPTK2oS8WtZNRnthFLpEiVrFlJHbUum6O2ujjjkC7eFGIcx13Hsf6FAQcN
+exUY8nJdlXofiaeIk3X1ERBtl81hXGQk7Xs70EBQP4a/zHbEb7TEz7Z7TJ34uhtN
+h8/1gPdvf+9BXJDOsA9e/CqqTNlt3WJWVrabybTi0Xk4kWscFlgZRdPW33czV9on
+ZDUlzVObXolNCoz5yRv2WG7a+vUt56/HY30e1Ye0VztmIVUcYoMv6LqJAhwEEAEI
+AAYFAlduTZgACgkQSiPjT6AzQ21gEw//aQRbWf8fXP7po3rX3xwNT7jBnhZEagcD
+ICl0G80hUGG2HCCZqFlpFrS+h1qnohAmh4npOH+dC97obJRRmOpRW/C/aiDI47TI
+lB+Omqoj1GL9BgfalL60VWXOay7k3tXxpxihWAHFz+TZPEpFFZYFZQmmfsyYiCXE
+Pg0x/PeI3cfyuM/Ow300OtdvoZA5FcoaDxZwz1GoGm0K0PePFOhnu3hf8i0n0sj/
+zkDwgp098mB27mDuj5dcV5I1GrD1RRuilPzqPLOOZ2SVBXiB3c8vfBZCEvIAo4Pk
+JK8soECBbpXkTvi9Fgu3jJyAsMB0a3mnYkveTNVmJChD5WReV5DP6ubGwBWoOGx8
+DqHt+hOwnAPCf5uaB1IIX7zw1Fg1p0veJPUTDfcAGYeVj0HmuqmjIDpD1uIr2oFN
+UC4rLLPGWeQQs6zqSSun2E0z15A/ZnVo6Rt/eWpcn2YIYKpZqzVGSfWyblS1xOLB
+4gwitFqLIhsEe5F0qh3sYqCwDStQkQupDH+RXAci6s5AXaHMVTpADq26rpMowgtG
+VOs1kvUlv13LVgv41ONRlJRZ1OvUE4shdqR/5CS/KMqNaQq5HXbBMYNgBzx6Sbv2
+oWuGxONJDXCRRU5TcJ/3ZNdOAwr+tOp8kM92zzBJnyz16btCaFJbyqQ4kqTkQ6A0
+7PcJATIx7ZSJAhwEEAEIAAYFAleDxB4ACgkQCMPqp27EjgxUoQ/+MwI/WwwEvvZE
+S6CC2QRepLx7CpZjQRPCygtRguo3AWkWl65PZJ9H8gPwQXTGF/VSMlMtCHTx1eqR
+7TZFLN7tjh4nPmSTgDO+wZTIQ0GFA+h6WwzvtQR8VZ5fi4qUC+FyklAu2wVkU8Ow
+WlKrji8rn38se4ENqJYNVbgDuBZtymHOC2MNSUIzOrcEtLo26l3EG+K/uBdxr8gB
+HaNiTncUqP6bks1muSCu4uqIsZWiR/0fhpf6wJwd/zwFi/kP9oRuxfnocW3XGJxr
+ZpKbJbxcKC+fC7zKYfoU3RhVA1EOeqhH7P15kPftgJUKR2LJ1d/DUc4C84n/u62l
+v85eTy/joCdD78As4xGkKuq5Nriw/7U85OWR4y2JBbndEmwuFw/kCDUPHWw2unvM
+/8RKBW24j3wLhwUoEYNVW6n11CjLsasJaaVv+7ROjLNRIHXjJ4YY024yKaLA0Ap1
+Etkph7V8J4rvaz8ev81xhkdDWfZIkHbWnxHOTgEiwP3XxzWgQLbxKD1OoyaZRqTe
+Isce+tdJD2lXl/oD5XRxuzPUD5wL0evaJoyph2i+0pBA5vnrgxsPbwrCKS+b2sQE
+lye3qdg5ABfIEM0brW70I26TpbdZyjKhIaWedId9Uf1c0wqefilXzr/KC5TIL8yR
+5wedH3dMCh2CnKh45fdpbgIl4scyuo6JAhwEEAEKAAYFAldP+DUACgkQXeiUmomc
+jZkwXA/+JmYGXRay0OAFNzoh0OVxeCJp6yxyN9/w2H3U3d5M6Y/2moRcuOfg9Rk6
+Q/PDddXtvfvOD5J8AD1RHVjjwAnQnaWnN5NsU5CNQ2OegNapMi82Uj4sPyWU7gt8
+wGA7HXXhm8pLFnHJY9Bn+HvMW94bVbZ5wg0J0Qq4+yDdrj/pu0iYZcS2hLXelDGG
+gtlTSK0+r0Ghw9AvigZNfZ9TDyPMQTm24zLpYBrKCBEhJEPCRa5fkiVt/kBPYiad
+n+K60N3YqQnQq4r97pBQNBaQ9Hs0m2whDzZfjA/KKejaCHbR0pBN9CL+IIuqR9Fr
+kjnNzO7k4wAJrt2P3fxJNcJ/1FsxzYCfeoNTi3CIfwT/R481YR6o3Q/+vp5AJkN1
+XDGfE3U5idJc0u1zxo2CQKWxc1/WrcMz9N9o2imNohWNq2HkxnqHMrQ1upFH3spg
+1JDjnwzJJoK/De0MJAAKWYyiyow7P3QGlryNc8X31kc5S2EX11asjm67RWzg5+re
+05q2kuY0CIHUW2d0FVhsXCzLfZcMIdKsgzjCojVKAcu5cb7hW6nOYHnNi6Bha3ma
+X73SvbltkLGmWK6/gKCssY85+RfkyMpWoFLKS9zMGyXHlHGs6vAF6m/AiiAHLsc7
+jMk8Y3BJ3JjO8GMVoJRx0n6f8wtk5wlR4ijlCBWNZbQri8BAshOJAhwEEAEKAAYF
+AldP/mkACgkQlr6Mb9idZWUqfA//U/Y4O+ABcoMDVKeYCWyDAPU14Xl1141pmBRy
+nbczjNVw0H+GTn24LNiYJQL+RZl3fvDISfOFG/7wwKKah674WgPdEmVh3eMf9cAX
+LJiz+IITGHxx21+aODh9QC02qU2VNtEfEg6xXKf6XuRdF0Oka3xRoRnzbQGj2Iau
+qduP60DgHO0dKm6WG3MzV6Hmt0grjjE3VkHZ5KE5+tskZFgMQjuiR2eUhuk85Cjc
+HytHH75nZ2RBM17goNUufmKtXwB8mk8fc25dQPf2AtryPslqqN6GrWSAvIyrZU8K
+dnREiUjx2JTePxCYMTLizx2fzT2dvzoMUVzSzC0xByRYADKS3u9XCtR7p/Ji09LI
+AHDRAJ5uTurZjqjr7f3ONKQJ/iK9xj9mDNpAIZIyBwRzFjMOMFoaMDlvhHAfmhzY
+V2n+zmJj1kKGu9XYBD+mzC8bnEMaOah2shEuyQPsC7tNFsprBw4DwOIoF6B/BJEW
+mFPj9vXKke0EtVGcmiNBw4iisyv0xztd2C/317rXpJmUQzczB1vymFXItBpfhkPp
+90YaSv/BCmqrn62LdHYEVfm0C1HRxzoZiko46BKkgeRbU/LdDi/1wnHmgixiUpHe
+QoKBZh53zwuvcK/f28gRIgDXYa47Bo0xmYf0czE6r4/CLuponWxfnQbSvlKFGSOh
+deSdmGuJAhwEEAEKAAYFAldyYq8ACgkQLMBYiiWS0sjjvRAAgUeqFsCzGObAWU6s
+G8rOWiFH2jJOXUdyQqSfAcc/yo3Xf9scNQZ80sLClGJNvnmHOSAbqqvxD9euD4wM
+mbS3hWjGR3jFIQmjBrpYnPchGMhAkPu1A4iCL4XlRydcR6JCm2C/5pOWCYmL++1A
+bOU/JqrD8tfELaXCHcXTVw50dRHcZHVlXgdsm3IKYwkY7+kNbwWvSsZMg/ieL54F
+tCI2p1DUqPDbMXwo3zDAnxzgEjMDJN44zegceOJGHSVaZQnA03YwEvVGpceypuzl
+XwoZ99na4hYjlFjn4BUNyznW/NqdZI8+lFaxl2RYenwheX8T/qG1U1uJvEwOZOnh
+4TA6tFynpNEQB+IwhWJD/Pz1IRK3gJDyHmW5Mp+P/XVoEO2qSRXcWisiFhHtO7Dq
+f/SXXsJ66wbcX9SJdG+ZsusXsG4B69SHBh7/lGRTC3F9LnHF+m49M30cqLhGxC0h
+FpLUkdtvA/d99hKdyNsHJJiSoGbUBuX2+rOsoO1eNP/9wzpNjCJ55nIEPMtj9Rwm
+10cyoA2dc4v/meUwOZ88SxSPbsBiLuYfCX6VKityEO48knlj6L8RBhm+al9bpKfq
+36RCKfNUiKLbQx6phCZ2X6S6hs6iOGJztEYVBxnOIVF30Jz0EVmcUtaSuqJK3ZWp
+2+LTEb4ToaUQ2RmPzSnXIk9tUhCJAj0EEwEKACcFAldP52sCGwMFCQHhM4AFCwkI
+BwMFFQoJCAsFFgIDAQACHgECF4AACgkQezw5Hv6pNiSi1A//S3yusW6oqTktT/cw
+XOoxxYuTLOLpYtArw3/gnnZ7OW9TbhnqrXNYM2juVxsIQfpBUp0NErUYDxRHktog
+ENrOZo3cYwDGqPHtRKXA5a/SJpUunVKlZyLzxrM77FHQBtChy9XhlhT7PE79Mhpz
+tbOTMmw2H08L8IkmVHJ02D8gC7YenyRR4h7/E6MBIggPLLFj6Ph9lGeRucvBf9Rr
+K1veeAUY6pj8l9h3pB6kkJnmK9bXyzqhekdcRb4Z6JdHCi5vDbS/ATXnfw8PpNNL
+CjECCHYMCQQE7vymlpAxbL3KU7NJiOCgIxXO2HVVDO2sr75rJng8ZlMoWDTVrgKt
+HwxAriW2rVDCNXw1wjLtYdearLqg32W4dvW3l4Q3h7ILw5UsknCM9dwBulTtSHWD
+KbQR0cRiyTsMCdAEllBCaLlxNGriANkCEx6H7k+kCfZEnajqesDt9JnuGTcg7DjZ
+AR395bRRdbf4q+QOo0YSmZ01QrrzHiXLc47JB0egn2AFTnqTcmOSGJQMOfutPEIP
+inmb1JzSeZZjEokdc/Ck5HxvNm7ch1fN72bYpshACPJjbV/oHmrBgxZm7eTXdiHU
+xBYXW5dW8ZloqzeanmqHFpk9+hQTMgokoukz2dqmO3ezE04NnQV5Xd/YlNtshGs8
+IXzIoa5t+HoDu/c/rOcf2oo/uZKJAmMEMAEKAE0WIQRIgLjJvQ5RBvwHD097PDke
+/qk2JAUCWsNL6C8dIFRoaXMgZW1haWwgYWRkcmVzcyBpcyBub3QgZnVuY3Rpb25h
+bCBhbnltb3JlLgAKCRB7PDke/qk2JLw4EADlSKzOsOcUYOn5R83vrP8UkGrQVzbO
+FAQfUQlRDKhMfrw/uuKSBng+HrZSw01EHnLZkjq4l/EcZHP4syFqzE7gIzVeEvE0
+9AtK+TD86P0iz/aW1LQ1SWW0tbRs/NhHJeuMXCQLbpZ99Iz0ulWNiOV0Pad9GmpB
+aRgJCIiPRGcqdoCp6sjtkN/MF5f9XUA8FCSF8qyX7KUPOzrGP/phSOmnfZPrDEf7
+8I+1SAy5lHXp/LAsjl+TFWWwe1y1n9m/O4YeqFktJeMScINjMAEP1+j2iLhY5zRT
+hVVU1tMsxcmPKP2Irh3+3RaJpde4G4Qz1FAGZFAW6QfxGeQG3q5jwFHDvHzCgdBn
+q109RQL9EDfECx+csvQD1EaddISeBitIlGrq7Cyr8EP3FsvChWSW2Utp/aXG/21H
+EfE6D7+eL1R6Gij3acFLQlCKo192QOrj1roYyZhJ6R7hlVSP55o+7ASTAsHtVRr8
+JATvaSyVpi/X9ts2V/3RwPV69Y0E+83/qZ67y0cFz6r6iAMz8ompZr1mowCtbwr1
+Nfj73Ym7qcWgW7uOJ3k91NW92WjfmKnklbxqck4CL5fSmL404o7lgGxoAOrE8r5m
+J4p675rgHRCL7FMM7gpsZCz/X+UIj/BTcE8VGnzcHmDUu7TBD9dug3X18FqKSFhd
+gYixbYgAUHEGIbQxQ2hyaXN0aWFuIEJyYXVuZXIgPGNocmlzdGlhbi5icmF1bmVy
+QG1haWxib3gub3JnPokCHAQQAQgABgUCV4PEHgAKCRAIw+qnbsSODB+OEACNEmqS
+4GCjduzPImUBo5gQ5Jc8P+2JrCCtosc5Skawacjx9DlyHE2zyS65R7KS5sbQMfeH
+eCrMFSrJim9HkMdomhS2IEp5FYkulKPZfblk//1wa1oAXGL6HWvxTQTnJsXCCaXJ
+3KUQ2Sq+ifkaMgbohbtfeef8ochrv8N37T6kmSuHgnf7yDIorxs6vQBjVKg+kBSG
+FAX/pOrKe7YMHBHTrEOAb7P51pbZmHE8hCl2GBOgkzo5Wv5jDfEbJHJKDN2sVYQO
+CLwyTR6Vlo1F4u/7Tmb0mUhv/qozGSzTulI8zy1dOb25uUE3X+/CngnRt5oE4iQg
+6mCAmRZnXX4JQQ/MPudQGuZDJafrKFrEJ2XG3/rZlee5Le3BoIWrR1ztiNe5tDOI
+IPVRXckVcG2AaZFAv+ap6pdTdYUaDEO7FnKlcgfJvAYeBtYKQU38c6Ibf2AITnAv
+8ZShBOatolhXOOKkXcQO8eNRicYphC1OYiHSfI8jbPsY9RKG1ZiGODrcQ3pE6wjU
+OWj/6qRSPEdW+xuILHFxccMX6MJAJHSJsAOagCCP2W0P4bI2BbpMMYTuoI85FMVy
+y3TpI+nDtutUiB2tYQE2V2ghhxweSNzmQZmUYD8vgwbY3Y7dmZ1Cij4BOL4eiGGa
+Ecux7K/kViPanZ31R8E8Bt/5h1bighCkZzTsoYkCPQQTAQoAJwUCV3em/gIbAwUJ
+AeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRB7PDke/qk2JKlAEADZHCn8
+1KBK/sUvM4GEID8Fexn3wMf5GzWH80HjtNvBhEEztb9jsB303upgM4E0MI8ktGiP
+ZDbDiaA7zbRwadLdwtCkwGOyR2NhvIpQemq1B8RRZ1hxJqXO7ITwCKi4AwkN9JzE
+WOaAVGXnWxhbCH5c5yUWk0dg8rBf7CRrp52JHAN/Y4Q4TG0KrGQyhxkk84zYzKO9
+ylIqBJgOCvYn0IOOrtU47XPFws/Ma+FCp9ZG+RD0bkA3kIcfKCCqmgj6HaWHcmBy
+Oda91mtUpz6nnghUH2Wz8si0z9mtk6F+rd9YlJ8NyHQ6RbSfDbSKJ24eL++BOlh7
+Z1QGvOYvdJjfaLKEp0Kh5v5nG7Ggp0AHVG2n54KOROIkKrJ0BKkvgXxa30Dh02tt
+h/mgfEOipSziGU5fkVNsNaVsPSsonn/vTeRtuvMQ/91aBH6B/N7nu5VdQeqwYhN1
+KWR4A+ffSrgORElolkMScJphA5HdknIF0EEH58pge6+lR1CnmTt8dkOiT7psTFIr
+rbhP+STXRzGh2pJHpxIB5tQA4sMIDun5RzC5s30JsUfj6tn+nCDBQIUzxvBI+u0V
+aBv8jk0S5tus51NPxzoht3+pgenosOd5sBMgnsHkrQX9LR+XxvogWL/kHEP+39Je
+ApH/sgap/w0fM1XgCdlP2egyvOOJMEmzfjnmXokCZwQwAQoAURYhBEiAuMm9DlEG
+/AcPT3s8OR7+qTYkBQJcM2ZvMx0gSSBubyBsb25nZXIgdXNlIG1haWxib3gub3Jn
+IGFzIG15IGVtYWlsIHByb3ZpZGVyLgAKCRB7PDke/qk2JLlqD/4rSKQXvDC8q6h0
+p3F1jEUi6wIphQ+yvHJk+s3M+fn7pQwD56Usbkxf44Dh/nyQVS29MFdwCsY+X4lr
+zfvIq2oz5pzUZgped4kqEBDTptV9MyeVqe4tUAHN5gIgff2ibGO27H26/xn934J0
+H0fHIB8U4hm3fVDyXQHd3vIsqHFkmcxw7WaA0EOwxjhi6bwYqXOkxPsh87oYCq15
+Mu35IMuwgMdIuVp+eYMOYQG+sbQbviQDg0XnKjQbIv0+n7Q6rJi/0VngisMVIumi
+ZN1n37VXts1yDYmmnxqUW2Yw/jnB7Ukvmt+bukDn0kfmxEFsrUgsmKL+pRwDjnr8
+Q2+erYnLV5qa8ce6Ibb9rts4z6LibBcWF3qt3Jgkl6DkQabJoc4lIUutGgklEAQ9
+TDOyjTFdGUOP+iQZWJkkHTnZCrSKDTPEsO6FnVUmN1UONADNcWy4KsuL46AlNrc+
+8Pk4Gpv7zFoP52HvLSRf4LSOsZp1TlVspl6YRN2sycdgo8Vub2b225NxaI1svYqC
+mf9aOojGolRM0X7zUOOJlUmM5eBx8EGIyZkom6hR0fNF+hsT375oMDgJm34tiwoA
+ftClo5gWeOFjMHvmm3s7ChEq3ZGvDs1ghqP7JAy2hTJaBmCHfOvraNqS4TDpVfLW
+EQMsbXnitYGdihx7Ac4ngce4hyK7g7QoQ2hyaXN0aWFuIEJyYXVuZXIgPGNocmlz
+dGlhbkBicmF1bmVyLmlvPokCVwQTAQoAQQIbAwULCQgHAwUVCgkICwUWAgMBAAIe
+AQIXgAIZARYhBEiAuMm9DlEG/AcPT3s8OR7+qTYkBQJb9ysMBQkGiHchAAoJEHs8
+OR7+qTYkc2AP/2sAwsltyS/u+diAYeITNZl6iWZbodU5vhSeYC4V48ijalbkSLCa
+v+2smW7Oos4KnXv5meivKT7apmGdyr28tYNVDD/ZENk8oukh+8hJWQ4yUGp0X488
+0rRhcOIRtxkFUfdxjx1VTECC6a0bGXBvBeG0eYwQXWdCPTrLQUC4387RWSluwveB
+QXzhe8NDXr2+XDZrCScHMyeD5AS5PTf79b2ZT2aohQSzm8klbiFXv9s0cirzTH9H
+XpERtRzfxAImxmXAZBxYoHUVfEga9jf16Qnk+wYOn5H2DuSdEp4rIKc31cvD00h3
+eY6iBAlHlys8poWmCoAXof7EccvzIYdYHKo3zOsT2Y0R+L/6q17CQfgbRfhO+Ko0
+8egY59NukNIvtmCTwpBrdPdQAlzJMdm0aFAmPdFWk3gEH6znuTd0z6+/zZGpW9+/
+iauZb5EuTzpBILNRHEsiuaw2HoZLoFRiZUN05YOxRU6xEizCMGyW7lZ9kKmqP8hm
+9ficJ4SbNhowOQ6m79DIbD/aFQQpqkZ2gvis6xjH8mUCeuZmgniWqXyT076HQgIM
+TDqH3mYf8SG8w2onx13QRCf3EOVEdMeF7cFjiNV5g2zSG+IrR2bZABf6ZyyKGLgP
+gucOCA8WpqBsj3roUaj90szfLieZPn2p/lE+bnmIoiGRwPMbnlrTgvMutDBDaHJp
+c3RpYW4gQnJhdW5lciA8Y2hyaXN0aWFuLmJyYXVuZXJAZ2V0ZW52Lm9yZz6JAlQE
+EwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQRIgLjJvQ5RBvwHD097
+PDke/qk2JAUCW/crDAUJBoh3IQAKCRB7PDke/qk2JDQtEACv3JLjhaPoeR/yTbGc
+ToP6TJXxRpylxXGn0IPwru86co+6LdwOHfjvzwB9py27EmluBjV/djGBb3eHJGQn
+Zlr8N/NDVnPW+4aSFWsvpf0i6981CBv/r53fMuggjzfSvqNoZm3+LOMd+hmc+Y/q
+yQ2GUzmQvplhOeal9S3pcClQjOIbryezp4zAqp6JCGBZso0gvhJjgnyqk/vdNQgl
+rp773haudr09ieGdBMSBJfUW5qxUu24QZ0cr3gwzl62ipWybf5NtDsTkyt+7M+eJ
+lzxH1l4GY/v1mo9MXG8nOM9rpB7KGm4TkNTC4pJ3DNn56Ues8O2u6ZMBfBosUKR8
+PyTmXXw4jMYtrGTPBMiiUovoD6XnKZ0Eg7Rm8qQoDsKVxl/B0f8Lcz+wAQDsyfKT
+KZYrkqV+88Zin5u2PzdpIpVOPjdCJ1xXhaV7fWlvcJQBhiSPwaR08uJROTj2R+gU
+V3JBw9H7jSu1wyHy0YFHvs0orS+2a4UJEmmV1a6SY6k8Y/sQgAwtMIjVo0UYmCxb
+VRdUIA/DQ/3PaVkepRD1vw6TjYeplziAsDfC/CKB/r0C/dCLFc4VWr+5qJB5xb0v
+ioCI+n4yLw+QmMQmM/wK1x1T3/bcrjK737Kn7yXjTY/l/7d9NjAw4AoPaJqcRbXD
+VbNUEwiBUlrUxxCPzLRV9EoNj7QwQ2hyaXN0aWFuIEJyYXVuZXIgPGNocmlzdGlh
+bi5icmF1bmVyQHVidW50dS5jb20+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYC
+AwEAAh4BAheAFiEESIC4yb0OUQb8Bw9Pezw5Hv6pNiQFAlv3Kw0FCQaIdyEACgkQ
+ezw5Hv6pNiRnTg//ZLDZKDNO48q7vkcnhVADfTOwNbaGXHuVDlNwc8a7Si/5ZyeQ
+TWcBwmwCfqfymCk2npFyvMNGGK8ZAikeLuL5mtvjFv5w294k/ZhHj0+oKm8o+Qyx
+/cBd27iMnj+YWdOwjKdUNM/s59EXCWl6oFXCwW2vz3Zi6nhBoD2E5fOkjIkhodWJ
+uwwEbtx/32NR8kDfRnbdDqYpSS0kzBUmMtJajJMxzDN1GpQE/sK/vo2TS5RbTKho
+uXoWnqbH4jwA1n7+HVYFlHgKdtFu5m0zfwW/Sh4jkKSyhVSeX1cENmfsk+PeZESw
+AesjvX3Q3LdOwwpx8jARtd09NyMYSVvHrvWuo3+cFTcp6L4Ie/uHpSSuo6e5G44i
+PlGci+Wv/0wfIRbSncFYt/RYYwCCXOCYDjggOU3xFePP1s0Sm7YAhbnvqGt5N0Pm
+o6tRUi6z5GSjb64Ip3DLfnl0Jf55uI8qZEO03mNR9zhxyHuNImIzg1fwh8x/F5n3
+q/Pq9y3SPPIGMyPBBKjLkjHgSo/wUD50sQl8odjb0DAA+Bac6IL4+d9qPWnI/sag
+YHYSL+idMC4WCmsGGPHomkjmY/VN6bulRNMNH1TeoSz2SYMvobhOM+9XnZYgZiJ9
+HoQojGrWfTXRUgdUM+1J/ljUHBlkezUgg3QnmD8VhDVS10/ojg5i3ghkF6K0M0No
+cmlzdGlhbiBCcmF1bmVyIDxjaHJpc3RpYW4uYnJhdW5lckBjYW5vbmljYWwuY29t
+PokCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEiAuMm9DlEG
+/AcPT3s8OR7+qTYkBQJb9ysNBQkGiHchAAoJEHs8OR7+qTYkMxsP/j04JSrxfoSc
+V3vpRoTaXWitQCS387w7/2x/xXpWolH78p8uRpxLveGMug5NzDcwrzjlGSGDGANI
+nxmcwbF13nJQlzJm+TlbsEW/zQOyfaGaI6w5nBfOJICojWQxk6p69eQ6QcDDqNE3
+upH9Oz4w3NmdO1Sp+CjsUxonUjhs7ydi/lhG4i6prIhGRKB8gLOnVX3zBRH1ZVFC
+T+tog94QuQYSgTo5zOsIaLWGtAonhMNjEQI5Eg90A26M+axfsQPjdzh8KNMSu9mx
+uyzdpUtvG9UBdyeIOYeuGWGOrx8WdeVj413jM5HsJ4dfBBgQV4vICO0ht66h2w1W
+/hL4tEUG5VLgyRDWjVS+Qy4a7z7UkcgySeX+tgbPRfmWr+zXWEX4LCmjoTqZqZAn
+gUHDluHLWBRbwRdyaCsBYdEzq69wx01DgbHItl0EGo/ROllOS8rQ3RbQZINAms2O
+BHuGbbz5JVZsc2D+VdzIk0vJHCeewgstvXp7Nz/RSiePEvQcaefSWbKttxnEKNYR
+xkb+qax1AKLlPA/SZF7d12j9/EL3tK7Zjx7Cr5P5WvMZEGYZM9foRWuEg+UVwhln
+0g0zq9KzNS84hSCqefV+gIPN20hSBcg5rXVDdmJKogomZgn2s4kxpp7G3Nq/hced
+kjHYWr/3+j9hM2ZmwMcE4FAxY7qQ4H58uQINBFdP52sBEACrmefWFd6G8Ml25aK9
+qQLHn79CbZOAANqXxqLx3//WaFlgprjyARQzlA+y15KoStx4stS0b8EDrh/l8TwD
+skfqQVAtjfNkapkq5OMCBTgT+4FvC4pB6sOPBKIG/1ZBvYTWC5f2ud7JcljvFeo0
+LsgSk1g1rPrXJCyRPzR413iUKHm/TsD95yTpFiC7SJZvlswPga+WJXjaVyVMe6h/
+ZsZsldQDRl23hxj8juO8cX5TEyxFVNEA1ov8uhdoSsYeMAt8EWjetm4GOfJKEPh+
+6evv7ArX/s79BBADavA4IgeeaDGphR+3GbC4fNUDsQFUF1ykzKQP339x93Ksz01c
+5Ec99TINk+XxQ8RrkaUw+Lu9rHKSqHNPOB8gquk4exowH/WJSiw6/A9igTmNOLpj
+jncJwkHSmNbmq6kA3xyhrTYLnLABKEXKkWyAkPD3QEVJjyuczg8EVsRzqKbuXDRk
+FEKW+5diqEbL01iGZiiERVzhFc5RI3X+lCFHzgSPLKTyycpe1+hV1g4mQwZ9FCt8
+JT+YtTTiRRngw2+/gLXd6bLQXsF7bgAvdJ46sWC0sEBdxCz/4+gVBmSOF9CppPzm
+j5Ido4pEKm9PSUl10QmCdQ5pXeKuKqd0efHe7N5yb9MnlVshEntS3w4PSZ5vOCUf
+zL/aD/TlapUTzJzedFvyejTlaQARAQABiQIlBBgBCgAPBQJXT+drAhsMBQkB4TOA
+AAoJEHs8OR7+qTYkf10P+gKSUVj50ChiH87SSkgZQnM/0HIjHf+cXaLA034z7K9r
+92jY1vg15JdOUMA0W+yMu2a6/XwhPUwcSoIDwSWZJrKh/B4ugW2jlFfSkPjZeN6O
+D2zyY9f9tXQCUcZgOD55d70FtJkc5p6InQkZsz3s5yyL/9ivXA2+Kh/hDImn+GAn
+JWbnBu+kvttzMJ4/GJqGcv1c3RSolHtGaXaEf2f6JzUoZkBJqy/VIjwen8aYoDbd
+ZzDA3xjr2NgQlsG+4MJ7P3vkHhuIvTxuiykK7ArtLrsbuNgdWSb/L+Gt/SW3iwTs
+iCpf7g7bmRvbUFIso7YCRA60spboNVoXfkrbU9qGsjrzrPITZwdPn0DZp47pPDTP
+Jtb7hgmptc4ai4zafkVS2APBcq6nbRPJS+A5syR26THjwneDDFie9+bkBdnKoJvJ
+oQNSUUZW/Glw9+Hjx6P0mIH/Jy/qIGxnBFvMgWNrRDk99KWP7Qs/6jfrMRlwiHKw
+Z7QTtGySk+SUOzhXPXrFFv2pnGUTD86UAF2QhecKnE6WU4r93oRAEPes4rFCNJbr
+MPPYToq/rk42Mshqwci7cRAh3YpnQOWBYmrC7k1gGX660NQzaPWf0xBfViB2XHB5
+/lVBdMu4RUceHpzwkWGFh9R5CVLvwAIKGweUxlxhzpZUdusegcBWdumznycRBMu9
+iQI8BBgBCgAmAhsMFiEESIC4yb0OUQb8Bw9Pezw5Hv6pNiQFAlw1Cx4FCQbGVzMA
+CgkQezw5Hv6pNiSloRAAzMJHOujOAuf/G/XMcFfajBCr2RIiOfyHqEk+AVmtv3tk
+7GiR4uhmrGfAqenm/5ZtacmM6TQQ5sGJle6ykYy5eSXQ0kE4JtSJnERsriNEzfq2
+KTns64Jj8cjSi7hdJ/gF87K90mlgumAOdWL5Ac5Q4rf1gMru+mGn4aI9Bt5WdyuK
+qBT5gyDijU6r0gdBHOSUpZwWUX09Hdiel/QNr9dWWJQkq2fB8b8QcIYRZdPq6GA9
+gq/CdkyzSxauYiZ0SVRrqz1i746IWOgmzPF092gybZ6BUAtbcxuE4T5zI/fpDyUC
+SuYwiqvxzVFalYluSbPu1AQNhcqZ9f6WYJi4XxR9m00GUM54AXFYgQLPMvbl44fF
+IXrT4GT0W/w2qBadkzB2QSzNUsmt0SxtYxQihNVc+uqinbhlCv+jQc5k/bIPYoal
+590JtLjfbzKeb32rsHzg1p0ylmbiIt5yO7zViBhlduXxEtev5YP8d1BSe1PWq8kB
+1YrecOo8vrnktlaNKMt6hNI+Kfdorbs/udWDINYeZM/h3ld90lEhXTRPCk0QwvRT
+4UOu0ZrfQ1TLPS3QktMW9fXtCeUwkzhEnrKprqblnv/xl2LDxrvDjV5ZSYYREL3r
+YMocF5pw+Ru8fIJ06NIVoi2DBsOSpFLezimRGOPA2bFV+1bFEnvkWT1rVERQexe5
+Ag0EV0/tswEQAOjK5IAk/BvEsQKDH0Vl6aEStKr7WTZp9iguT5XTW0YTqx/Re3/U
+PmknfQsNnj9J2lJWBpPfbXl4DbTkYZtMqEzxS+O0RiZv5MZW6vVdb/AMw0bX/sxi
+LFEBz3E35u3wNlCDfP/FypH2hbw9PoKsXVbzo6uUHE6KDIqewMYWpx1hFXJ6zhqT
+Vn7Q/WukbL4PqnzTTNz6Kah5EuEhZvtDsuV0BCOBh/8ZwMgZWxfSFUnaNuNQxfba
+JLmAXCf37myDQW1Sy7d8mOYIVDeEMpnXy7Lza0jYyJkMedaTOecRTVm6KfHaiue7
+ioTFLXWNX/Wvx4ucSFOytRCgSo4Wt9HmY7sCDxYRjuaJfXRkS5+bJIjzV6mAJGPZ
+KYJm5zjXZuwKQ/U5wB/StVz6ubtPOQl7n84Rgjuu6i+TqLvWrDSZlTqGylr/Kj41
+sQRRDi7n6HdmEVkqDoBW1LpDzG5WAmoeNCaPQpfaG8BU2u49Xfe4b9B1U2QkUtFx
+JWRWUa+z0F5OD78Dq5mWA5bO98DiKY9RyvvryXbZaF1jYJniD1NYde910zKmLpkQ
+EuJSTdYBIIAT5aGkgeos7SaouWJwvQbH+OyKEWhsxqVjyJh38/nEe1XORkomfF9G
+HYe5aRUyjavnsdNpW6XB8hgSNdhLkTuW+7OVx+FfXGaZwrxwlaAWGyO1ABEBAAGJ
+BEQEGAEKAA8FAldP7bMCGwIFCQHhM4ACKQkQezw5Hv6pNiTBXSAEGQEKAAYFAldP
+7bMACgkQjrBW1T7ssS31FQ/8D7yQAz0DEZKK7tCreHBGsxLBeVTkY5Ejang5BAXB
+H9e4Z/3U/lvg9SMpIbZAdAjQnjccOEby7b94vhDmKCV31p+4kDO7k6w7ifjjXbB2
+E2CH7iCQfhqEyiFhUzoo3p0PDMQ5IvDtm/rP6moh6wNyjdk+zBLJ0yNebk8OdDFA
+g6blCFEyzNy/sDU7RjSr9eQ7xzQmwd2ThyUZ3kqGB7QIiNWshihXf39/Qopu05Ii
+XcNW4K5UM/vyXAE9dTyq9IITOK3eHAzzPmrL7VhzveRDcdaRWUqdvEj7mvYdL2re
+2EQSTdU1xFrNPH/zgLwGgCLmFKG+M82dbqGE2bBrBZvWmz39SRRXLi5QoimobOam
+7+sbsG1EEVu1a5cTiBj6z8vNY7aguLVzfH2lDDecmOZQ7PIIWMPsSH0eLvdKSx8Q
+sCNMkwAqoM8D65PMv77705ieFI03tWr/ifFLFpniTrgtCAR6LqfzI/rsPDA9fTUv
+aG1VbHKp0aa0GkpnHdjXqLyPyfkjm72JvmdxfCuhi04uAhhpxcMQ3d1NX/bYn1y+
+Eqi/saeKtKItvYlFvJIUyGRuvqUnTyOyuayZzOv6woDSuo0O/Xjsdhmqo0jMlxEN
+uwWGlPIrsvqXw1m7GabRB0WofjoTcvCUGKGQsQswKn51+nWoN+GQU9edKWgVxZZw
+fLEotw//eJgkeOr6mXhhWrgAeKd337KGLElOi2d1xuXY+5Ru4ZCBlWt9qSYu/aqc
+Ghqz/X9twKGh5Y6k9bRtc7lOgyxgOLGFRflzP9tJ2D1LFPRu9heKlIjWWSegHdQZ
+yRriBvtMUesdbk3rUSHp+2xt3BcSNB19s43O6EDShgQoo35vL9Q+BN/ByqzTm2JA
+knVoXzH/mE4wIhPXIyaMvVv+HcV6umFe+NIpK0byLmf8Q3usOk6sZjVEJnbfGSnf
+M9FRuaeEdIHyc0b9K0MQoV6Q4SPngkJIy/j/h6M4rATCIdn1zqX75lK9jb61VvVp
+UGz0JVP0pZjacDnW56mAZwl7AyJatGINaKWcWkmWQp+G/k8A0T9Yk6blJnjSIyh5
+qtd75ObNlbRFDbkGH8SwwRaU55KiGipet3N1Gx1jh9Lwy7DSHv0qFIqzj5AT+o0E
+ae8UossVZBJoXhRCPz2CnANTrZM3XzHkEZJv+kiUMAnVrpvzBMw3P0p2QCd19hJt
+vLS196xUsy3E5nPLi2AjjIEexBVM7f6k9tKv6/vhQtkFc+J/4PiQ7EysqGbOTfAp
+xk588n0e2kYfjKv7FAT+U2R/pY/awTl+nsyQVrVZrSs343ynoRB9p/lE0jCvrvaI
+T9YeqmeD1yRdJpmy4yFy3S2mux1BgI82JgCE06Hb0dg0lOSUJj+JBFsEGAEKACYC
+GwIWIQRIgLjJvQ5RBvwHD097PDke/qk2JAUCXDULHgUJBsZQ6wIpwV0gBBkBCgAG
+BQJXT+2zAAoJEI6wVtU+7LEt9RUP/A+8kAM9AxGSiu7Qq3hwRrMSwXlU5GORI2p4
+OQQFwR/XuGf91P5b4PUjKSG2QHQI0J43HDhG8u2/eL4Q5igld9afuJAzu5OsO4n4
+412wdhNgh+4gkH4ahMohYVM6KN6dDwzEOSLw7Zv6z+pqIesDco3ZPswSydMjXm5P
+DnQxQIOm5QhRMszcv7A1O0Y0q/XkO8c0JsHdk4clGd5Khge0CIjVrIYoV39/f0KK
+btOSIl3DVuCuVDP78lwBPXU8qvSCEzit3hwM8z5qy+1Yc73kQ3HWkVlKnbxI+5r2
+HS9q3thEEk3VNcRazTx/84C8BoAi5hShvjPNnW6hhNmwawWb1ps9/UkUVy4uUKIp
+qGzmpu/rG7BtRBFbtWuXE4gY+s/LzWO2oLi1c3x9pQw3nJjmUOzyCFjD7Eh9Hi73
+SksfELAjTJMAKqDPA+uTzL+++9OYnhSNN7Vq/4nxSxaZ4k64LQgEei6n8yP67Dww
+PX01L2htVWxyqdGmtBpKZx3Y16i8j8n5I5u9ib5ncXwroYtOLgIYacXDEN3dTV/2
+2J9cvhKov7GnirSiLb2JRbySFMhkbr6lJ08jsrmsmczr+sKA0rqNDv147HYZqqNI
+zJcRDbsFhpTyK7L6l8NZuxmm0QdFqH46E3LwlBihkLELMCp+dfp1qDfhkFPXnSlo
+FcWWcHyxCRB7PDke/qk2JHnRD/wJU3TXpRyLHV0IwhmvOgyorgEGUN1zy20TwE0V
+fhbBO9AavwTxlj5Oto/1CeNxV+m1j9MbRvkquSD99ZrfLhg5Ob6Rqc9MhGCNnRK2
+EtOFOAJaMj2xVDkWM6+A3CS/L5x7trR6LvvMXuMyuJqmu4Lm171IxyjjPEIK8z05
+BU7UlJCqk1Ux1H5OnJLa9D4zuAKjUZb69uC076EdTz0iEbAWcKcxGGAKMJc6wAWz
++eVWVK5Y0vFBjrZiXUY9sxNZ1W5/T1ePgPGOWY9BVnPK0PEeNS8ySE+p4sRbcM60
+cc6yihuN2xVfcagyAa8GApWyhWl5Px0g2B8YVGLfwFcef5S3ia/yJ526kAosvcWJ
+gHhqSYNOPKMj7BqD9sc25pqmOGMOq+o2pvTFi075KDjDmYqQ1F1CUwX+Vu+UByN2
+OEIXa3KAp2Zgl4F9LUcUw5Pt1l0rNIbdDFsiYvoz9KOwGA0OhTUf6OtOSfUbZJHf
+2Ewpr89BAKjGvZ1AhHZeSrutSmA/OLe7q5n9b50F4ENmd36DJ7WaQp9QfVmGjew0
+3TG5mXpfuCKZXPL1oSk7oVP9h4NZ0u7mmbK3eyATxJllbYSeE7SoSwKN7Z9oLqUp
+dVfJJHVjCKBI57tSkxTPN21BtcTnbja3iDnbFckF4lh4CpDavI2Msg7uZbfaXnZP
+yTOYOpkBDQRPqCmUAQgAs+VspRgK/norWY7kooM0fst9FtxPoJFNA0jZQQd1paKz
+rZszF/Rdnfs/qMybns+DT6sH0OcthMSkmy/Ita8GJhMWSM0w6ZtUOjd4Rvry28cG
+627Ck6lvaz4l64lOckcLr1SZeDTlOk/z2rt/1Q/IhTe1OJlaTRVT5QfLwrwyftO2
+dMSB/TF3vLmhERt79hC+zL/C+cNOVxHrk0/wiYsOjXc8I2XNRcplaBY57XrZfB2i
+fuSQgdspQG58P8GSRzkYLC8WYTi+v86yURvBr44AftZfIs4JeJ9Azqo8sqECGSfp
+n7h0dOsA6sLz+RfUWagofDHeIWLo6KeWtASnwMy33QARAQABtCBTZXJnZSBIYWxs
+eW4gPHNlcmdlaEBrZXJuZWwub3JnPokBTgQTAQoAOBYhBGbQOH24XTIPhAgWbbF1
+z6mPGSryBQJdq9HdAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJELF1z6mP
+GSryDJwIAIk6S5V7s8g+AvvSP8ggPTfwaiuN45zHyTpfysuer4Cf1m6xSS7jt8Lm
+zJUSw947qwukitoNE6coMqF9jI8GVU+tEqt2XICIe9cslh4bWdvTblIirCp2o2/S
+JT/gDNVdIPacuNWHQ1JgLgv+XK6sivvLtQlawf4rOxMpuffICJfZ8hr2ma84IxtX
+EQo832VPKURvlTzK+V5WvKwygWZfi3LrFfdHgFGtBPylRUuTdXUOhynJGFz0gTdw
+yh2cvqimtZOw6tAp5E40Jo2jLt4+bHTl4OEFH4Qh3iwxQLWnTXT9OCOoOSmUbwuO
+F3UNQG8RTC8jm4QrKv0MUof52KyrMNK0LFNlcmdlIEhhbGx5biAoa2VybmVsLm9y
+ZykgPHNlcmdlQGhhbGx5bi5jb20+iQE4BBMBAgAiBQJPqCmUAhsDBgsJCAcDAgYV
+CAIJCgsEFgIDAQIeAQIXgAAKCRCxdc+pjxkq8mHxCACb4jh2MM145x1q7G0EO+ay
+atsEODZTORUZY7JLnwl7SM/w1KSik92qht8u8sLRMJeHj6HyZi2wtDuW2RfW5YEk
+gldNs8xnXlKLACbMbpmB1YvQkR1rIgGjTF/IIn/b3j6s/4mP3Gj0uMOIAVySvLy8
+L8U6COAmQ8CJTJDKL//9x0Ob+Tin3qmwNa57BiO+L1MPWbf0qoLnc+W2Ouevdzqn
+kUVlOrTh/M6OB5BXsNumHYfNKgJ9UewC55OvM8H14/L3ckfX9OXRKm4P+LYWVnI1
+gvxa50Do3E8CruQ51AhPd+2tTD87eLdRQmFB66nCzffbsxrjg+NqPf0viQGth1oX
+uQENBE+oKZQBCADc9sYSnWAj3y6QE9sGNDUFaKpAFUsprpQ8LeA05nh3RUxYDd75
+qc0ewtGR1+SlgpehKQfSXVQT254jM5lJanNDPYffk9k9lMwgSVoTP2QaszfDgir7
+WKKQuj3dBwnmYHdIY2mq+eaAh/1cCU//ggdaATo4ENQhKTAIiuviGKBpYX/zHAlP
+IvyFjERsBmq0woQKvDGsoQEObx1zu1GaTWeTSIEnHyRhajMQrKUAxSCh9Th2Vj6x
+Ohvx9TK6li+ecxYuuBVP0Xllg1GdoQBC8KWITDOrU18suj1vEGK4YOzQQPxANs6I
+81SvVddd2bh71cyAjhHr1kugw3PWQvLe4yHHABEBAAGJAR8EGAECAAkFAk+oKZQC
+GwwACgkQsXXPqY8ZKvJrVAgAi7CVXJt8mZiN+yzwiZVlzrkRQduB2cgvGZD6Hm3M
+Jc1aVA3Gh0tJcLo+SdutCOzKSmPRSsnWT19EKxpDMrc9j97Pi9SDrGyUOx7Bz8gK
+jTI6BcfPNAhAyIr5Gr9SDyTx6tUduSmmErrvjYWP1/Jz7spInN2wQd5ZVRSvS/rN
+ZGh1NU31oeWlbpkU0JpGbZkMXv4JIy+1caH5zzrcRMC9JFxfm/bYdaq+jHhMufnS
+y0Qa3QgJkKvzxzvlIG9BaUmuNeR+XoA9ISEMQzAYXqxJQSL28Er9IVaNgtz5mqCM
+f8vuDTPGpkYyqGnOjtQNF695wiA7CAr3/WTeiEl6kKsBFrkBDQRdq+CmAQgA6Tx0
+yBi7hDuFTjrUQL8y3EiLBIPyLuWLNQHxLPEU+fJaCS8bYWKTmVSIMmYSy0t0Kbd2
+lqmIm53NxOCX0BujjGCir5VspEI+TTTXskTZs1JsXdObGFocAeIG+FT9T6RHP6UO
+dQTVKaHMZ3XKfWQK+Yb0yZaOJA+Qb28vHd3joMGeoc7rCfUAV4qIq7IKzWKC+1Pa
+rP7b6LNj23J36zY73n7UINCyWpDwhA0/TRwVMmWOyTd2ZldBvpKTHFM0b4T/a8x1
+RmFRtvtQgVQ6YV6Rm8Zkwh/2w0wkYJUg36/IwyETUwDXuIkbG0AVWp4w3jAD34wD
+jPm52R6B1vGdbEu2DQARAQABiQJsBBgBCgAgFiEEZtA4fbhdMg+ECBZtsXXPqY8Z
+KvIFAl2r4KYCGwIBQAkQsXXPqY8ZKvLAdCAEGQEKAB0WIQSpvT/xcHK223gPz5Q1
+cNoXJwrOJAUCXavgpgAKCRA1cNoXJwrOJPZ8B/4+BLTyb1SKSz0tYCn0GlqJWfRJ
+fH9diFMmZGvvxSsIeiBmy0ARPaFoupbAwijI6mJ7lW63GLZZdC3OwnUEdX0sH80/
+ecVP8/1qxlfMW0EFFCwPDFbmKLbSGQcobXQzb5AaILSyx+LXONAUpto6nG+i7k+L
+7MFC5PVFDrk1CsVhAjjN3ItueeJfYRmkOKksUl4azzzUdC3tGPBJS0CNdb0z+lBA
+On8lYSOnoPdHjKzT9jhwluUJyLmszxSf9pW9dgYGoSmx12Ef3EamTQlNa0YB/DVr
+Si9G/f0PW7Aby5dNCJQNMYaWWVeHOkuRwkG1PxV6iCIAZkL32ls1bkFTxxsXI4cH
+/1D8cGYiqaPkxi9BkJD/9x/0B/2Bz6jZgDj8qDalJ/0YpmLN3cnw07Tk7phKxeoi
+wGvaUgaPDiSWQTsbJF38pUxA7GsVj28Vx1LFC6SWcVR6IfvdEU/eex3PD4xGvgdy
+lub0XR8KcHppTWCp/vh7/pCK/p3amrsPPLPHtkKbwFEtPYdlsV5hDoax04hiBbNZ
+eq6uT/ryuUTUPsWj0or2Wass7Cuvt7PWk4scDyk8OFmHEjkPdmEOwtS7HdxoJR8V
+0/9WlomKMY1zUdi3yaThTVBvpmVp9NhvvkX13rW/z8z8cBNnkqlP2CvRoaR/Cm3M
+LCUEnzKlxEj0C5RQMJMBcga5AQ0EXavhYgEIAMd+iVOTx6FC3Ghv2PASeXsnxtb9
+Af+aBjNf0m8WKTLgIS9xQbxgNJctG6AEptkBfAStRLIA5qOa0iYIpkJynEPbonJ1
+2qvtlJ6b6g1h3AThYXQBjTQ89X+rlFzVGQsieqanjI+fiSNbDarOLQUbeJOrkfFu
+kr34o5xloKENL/kwu1lDG/Y2GMxZRLe1aVJUXQg4FiEiaE+LNFbrUHxdNR2PE4Xu
+JHetneHEiT/zXpvEF4MCisjJTGAHEC43rl7OqHU/GDdcW0udyf9v33LCFWTRLlgK
+KHVyUrHVhVzbB2z1+xnxxh/bQXjgttIP3Zqn8LXiLnUNU5+ejJiuAwdwcn8AEQEA
+AYkBNgQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJdq+FiAhsMAAoJELF1
+z6mPGSry9/UH/0vOoYu6b57UxsJNR5dCMhsPYV7FFIX9uj5XIDo/bQt2RTMa2PuK
+MbcDGINsDqHXqOFpZq5WDHhq0cEoIqhlkgj1uC77LLGw7mWyiaMbITQDlRzP9c9Q
+j3NkGNKW6FTwR7LPh43kgXygO1StVADIdHapiw9hI52rF8FrNYy4oNRXhUcDPfn0
+3akuIbF75saCHaYO/xoQeEqE+0qV82V/FT5tISMygkzgq+9zUhiA4XQjxiVhSK2c
+Ai0iUTXZecyEueLk6zZ9vkD8JZagSirTFgxtLrnhVpUBJMOgffv5jmO/Sun4s+3J
+bAdicmsFqw90hWmGNwa0F5HZ20rEVAwkdt25AQ0EXavhqwEIAMKECc/f8f0/CenK
+kz3wXGEtlG46YLjtTt2tWYXdt9Z04ihVaYePanFtvuujyO3I3jUQNv2foU1CtOuV
+yfZqX+TXqs0BUPXWwTCkMOyc/fEQ5u0BFJjWYtmr2sZY4Ag1juJsmzI7g3cnMLL9
+LbjpbHRruFIT5rnv9NwG7PURn1XnCt9tdZ/d0h7vEaNkD37j67rjy8UElVVcwVGh
+sCR8CkqwZ6ZwpQxE9wyq/Txb+v8qEJcohc5SWbYl70AtzHObokkW6cvRjNz+BcEp
+nPfu10lbPO/8a16B96VDdjDGPj2shfNsFLaT8MtFfDAdjZRGlrfv3Wp4qFRlSUGr
+jInvOLMAEQEAAYkBNgQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJdq+Gr
+AhsgAAoJELF1z6mPGSryW4wH/3Xk9x+WUxeJNtm+5hOfe/KBsXQUbBz+JHGFjd9Y
+Qw98jUvPNN1RfgtKf31b+FDKbk/cu+9bNLSfhKDz2AEREViogKRcVjJDy9XmmWQd
+1oo+M4GHNYhpIt5ZK1d3CROIiqisLQsih64/gl9gboMcsUuHRkc3hVKUb2umCZPG
+37hUdAvOmOMS7/0KCGS5pXnfsX+zegSKjps12siExYXiRpkxbF9MW7er6/6ukvHL
+x4jHpgiZ5Sjt/9OqUiAOgUSQfhpAUJlaLxe9E3nj+ABs7LV+FOjtI64skqgqbYo5
+VXobFSJhqFTog1+KmMznfsdKaOZQuZh3v3TtGUzkxoMUHPc=
+=M8RS
+-----END PGP PUBLIC KEY BLOCK-----
+
+Alejandro Colomar <alx@kernel.org>
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGI/tA8BEACYC5fPDOMDrT8SxNlsB9fRj9YAZt7okGtbCIlVuSPs81YMkeJm
+BxtPPnps5Vw2whZS13zaoyPykMg6k+komDWctWQKIF0VgpVYtIuezq4q8kMNmKLc
+MnHiZRKRh8dOqlK6jHcUlF8rBgQhk+RUBUPOqFEYeTveoZ9qqVmWhOVce5uUX01k
+iU2SjoGAGkNDBqmOkhhVUSQg/AVcc4web6Gu184VUbOXx7J5MPpRmXE610fAUeeJ
+1VzyB8U/hgPLrbZX3jQMJbcCSM+Qdxdr/gsptfx1XIm4NsvKXTUOpWg1DQFiQYTJ
+FN6Kz0NKN6MV/3AqbKGtWDqKhFt3u3a7T+uUP/qzi9jma+DruQuzQztI6xnthZCb
+RjFkQ/iUUtuGgmpOB14HrgwNaRjKWddzab+A7BL971Q3fFqDsvrntD+koYVUgTfq
+ErcQo9ZdGRAUL5icyyDg4cC6xgjdmYfnX1s4Rlo3cXJXTZpIOx5AvZV6HYNNm9pu
+EoPm5gjNtk4F+FENNjkB3c2ntFr2prpoxaN9ceNd8a1tkWAgh6ueFVA/tkd1hy+2
+bP7e5+Nk9NjsWLvnL2slep1cX38DU9hx91t21+x/8hCxN4gqtvDJY/eqUZ2d0uAR
+KhPEDZ8GzchxVtX9bGx1HSAVcdnkSzKIGFOJi3ivYqUEihXd5WQE57UovQARAQAB
+tCJBbGVqYW5kcm8gQ29sb21hciA8YWx4QGtlcm5lbC5vcmc+iQJOBBMBCgA4FiEE
+qTSFlM4xKDqCb73Y1XYz1EHiW7UFAmNDAAYCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
+HgECF4AACgkQ1XYz1EHiW7Vm4g/+NDfrYWHAHSMBkQnTZdhrOFCR1tJsWTLABwe1
+fMLBW7djLZMZweDMU76UBrucAEsarKkIHyhqpBES5EXwmlvKSnEhzPjXZ+PoHmM0
+M8Lq7QFZ5IEbrhuJbvpfTCa0gleHKIVYCCeaf2AUpgwX1XMkG2mmRdvUDQ2M8NMH
+ljM/OZ+6tBGpw7zvx1kYsSfBerlHxmLXlRxHrr9nWi7zXa+HrHZQAhopuufIb1we
+8lI/gdfywq7s/e5Xelk4dnr/pEFx56G1vh0bc+zU36+C9gX5IXOJv2WrTmOfG3Am
+gaJgWZapJQlPFEByk+2oJf5UOgPRhdX7qLR8mVnQ4EHM1sr9B6UGwcySZpVwag9n
+51WhjgdqYoSPt9dpPSNfNavLJDR+paM0aEHi3/t3mGJSyOPM4E6ejrYk7791fOJF
+0J3VhKr9KR1rMxQpE1kMs7qO1uUJvnF+opzrueMELffwTfDDyvY1bV/ZNou/MPi4
+EbUJyZDvsq2shaKj/NB4nzYJIoGbUzUrz008buTagf+WZ+uTDIdOJbaVPcUUjtzr
+21KifSWxcokNhqSIrsCLzCJkbiKEK7nUoOvl9q3Wl9L5CWAOflr5499iyGqxlJ+E
+7xzerWy1ZqgQHJ3Zp0wVMgHTKvPsmDvwaXBvEZkrUQ4PnInWTNJ2yiNxJU/we7Xx
+kxo4Qk20MUFsZWphbmRybyBDb2xvbWFyIEFuZHJlcyA8YWx4Lm1hbnBhZ2VzQGdt
+YWlsLmNvbT6JAk4EEwEKADgWIQSpNIWUzjEoOoJvvdjVdjPUQeJbtQUCYj+0DwIb
+AQULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDVdjPUQeJbtTdsD/97XSXo3Dqb
+eaAWhjreKTwO9sPh9n79tS5CZMne44jvC7OCNGeFYq/MGyk0aDPcfN27dO4YSJXN
+d82t2K5vC85W5+tbnREN+OTNy8b6U4XxpeQhHP7jr5xeQt0aTkUH3Eo+0mzUq4fS
+hxMMch4FuDvMcohkOQs6LMKyvNo0jXAM3nE6nJeRipBjG5d8KKlx9dqmS5Zee9FA
+YayikSFp77aSGIvWFejTS3YDaN/APotN1SheEWHtGRY1zvbPbGKJKMy/k8O0b0TJ
+gGGe0RzFmPaQSCc/ZlpG2jk5BrnnspCDTq1I/2zcpgdwcR3/3Iuw2VAlOU48w7Qs
+fZecvYw+8zlrsJlB/NNU6s1YzeTi37jo43aqgyw4E7iev18f14W2ZQuIQY36hUmf
+4z49hAliWcoq7SZL6tsdmeQPjYWJb1lxds8s+iEH1PUsGObWUkjy1iIfJ+gXCe8E
+uKZKPGY7RWwYoSBliCVVXfgmD2XQja9i3pjRiJ6S7sYjZnugNwFaVbeptHE8NL4J
+Y3eRJpZdGizW58zTfxhvU/AjjDMhqqshW8ZSbAIRI05eGxzwk82qGq+cUVxsBeU8
+7i9DbqNOF50cYyltYVVJ9qPAxO+5sBtW6rq+yxkLArjTlpIRJsrXSiFJFqAp7FkC
+pUx66xvV8LgAVMKeD2o+Ae8mCTmYJfiCabkCDQRj2/4qARAAw4VXqcdlHsnCDqcC
+x5U+nHDOMsyEqG7F8mivt9covXkGUGoLI3ZlGU/5EoRwQB91uHJMU9zJwumQ4tLs
+szhOB/CNBSDZ4XTCcEej+dhQounRIdbY+DcXn4dVdx/mYCFPVb7OtUe68m6vyiai
+2KG288QbjnkzNA222caPQNDy6NsIGh8V5WDKCa7Jk0Zti+tTdi+vhkFjk7+brh5I
+qzahfuk/uVDWBUVT3OiNRywtouTBdfT33JhQyRqSMty6gjkkYyxX0QD5r5EIVrtr
+gre6aBWw3dy64pVs9nxVBhVCH4h6PwReXFB4kfjgw82Q1/DkF/ZMsH8bPPtvjI1N
+Yz+TMaLcUQX7fWlW7YbQSXSwF4mUSMYgdOZ8CTNQjKmpnpVhHYuL67cG26ev/+T4
+OrcT103j/InLipKvYUC3HwFMbq2P/9edqf85d/Nl1KMdByJ3qVVFMuXjiJr0uf1K
+oc7nfP3mqkPUHEdjsHnQnpNWZPBr5xs8iNtGmgltnJE2jacXFqtvJ6M9ugrMauoK
+s5sNMhqvf/zyZiLWkcZ8bWi6cGl/JD1RS66ViFFmVeg5xpVgspUAsADCZLneTCAW
+46DJ2Esq92afIVSz/AUtVjLUJyZIOBaVzY2JXR9s5/ePJAd4T42cg1Kdrdsi0dPY
+MOwPjQBpiuetA4dCWeL5qucnSAUAEQEAAYkCPAQYAQoAJhYhBKk0hZTOMSg6gm+9
+2NV2M9RB4lu1BQJj2/4qAhsMBQkB4TOAAAoJENV2M9RB4lu17J0P/3LN+ueOR4q4
+G5KOnLA5+u1y84d0LI16Z43iAm2NyAWCNkvjGj3RqQD8ZwFmckulf05mhvLOcwxE
+i8aAnEcsK4YfsGjgQRDJIChPnZCfssCkFVjfTyEcMgI4sr8hBjbp+ULL4LOnHu4B
+LjWjeWc48dtVQ7qcetVw7u9ZABfRBPxVBgY8Idxv1qVOQE13P2sPzbYKsFz+2mH5
+54VnMO64zqCbecxgV4NRFcTeNUaDgl6D7zNlNmh4j6c7sKjoEzYIVizApM4xMtOB
+syL4fGXRcNtenuBDc/1/PeHdDhqGGlZds1RmTLJm+gCzVio4z5EXPJMKjAVBHapM
+NMl4TiTay6gMG6QJMwkgVmS2F28wxj9KztkdnC+2YWJdWDeM07Le231X2hnRQE/D
+epN4MouHofOB3I3WY+sSR2KUik9WceL+ICIvUisCNk3GvXVg6hYXIukN8ZR4Sf3A
+rRPpePofDK0vZeWIGt6ZksVY9A3GQc0cMagqgCTK0gUxeDk/tPH8xyz/VvRZPGaC
+GlzeSQ1giSwgNXX1FDfnGOdn/rJh/aoDl1PzTBjyZcZ15s9HSPA6h36TMgCrSCai
+kWjbk8mOJhIhTbxclyI9JLu2AeKu+zP41Gi0AEEGkhFKZ9cG6cGG7AuSsiZ3OqOu
+sym/ZKz1uuXGo1iJJgkZ2yiq3ox7KHMZuQINBGI/t3UBEACr9ldxakkNdKp/Pc8+
+fRznR/+b29CfQWjOEv2njByhQa5CU18jMT6DIOokv2vU7xwaNJviBouaKWAIe5iy
+a3BWHhRpk6e2WnST/X3Zxmm8NjBZAMVl1JXS/vDEDhUu76y/Z82YcHZi52fRXRr3
+jwza/jGFyjLwem04G/CrS+tUHiWd3cbeh09LlQ/zN7cO8oOoYZWyoX0GNtXbUovy
+ssdUt1RODrSVde+8ec7AQm8fg7mRt3HCXhjwrdLxvqVRgG3wYCR3TnzL+rGuhYxa
+TEmbcjPLrKqSfZatsmVir1JJ2Cn8O9Ns5ROsqnulYa0foTo4LDwgqR82uel8mEaZ
+EQh4B7ob8mvqPLKBHbQXVeRTxuqLdyd3W/2yu5nIUi7kA6CIm5mdK8MT6CiHqYYx
+QD33HTN4OtFqrf3TbyjBG5wlzCD2mSrGB52FYgrkfSiKXBOxiqoFo++SpK1wSuHN
+a2ge1hkIdlE8wEPDBDSRqPta8t8ZazNPuc5tR6g0B/JUTIa6r8bDk5NgNj8jrGqv
+MvTWl+txcQ5uYo5OlvdiwHy2/YzEDhWcb1ls0faQQHn2CYFr6S9Ad9dOsMJZ2E29
+K4v/apGnGEjLqqqXWfIxPBq01bZY1pQI8fy+PJkp8IHZfQ2RrmUFaSOufLOgQE7c
+w8j/SxlSdbFrBZA7cMfGLPLT0QARAQABiQRsBBgBCgAgFiEEqTSFlM4xKDqCb73Y
+1XYz1EHiW7UFAmI/t3UCGwICQAkQ1XYz1EHiW7XBdCAEGQEKAB0WIQTqOofwpOug
+MORd8kCejBr7vv/bMgUCYj+3dQAKCRCejBr7vv/bMkq3D/48Y7jLfIB5jY9dzVCm
+ikbuexOAb0YDSZQS3Pt6GnPryIm1gLaRt0jw8HWVI80bMRvTKvJ7D7+kc6GCLK90
+MjxMBdlL/BfBFj8jNuVeaNfI7dTbon0kri56bMI3Ad/G7jryRcnPrRZo/nzGKcMD
+WxV3tgZkamh0pHYWjSttt0fr8t2qXzK74XO3PnU1RkGY1QAlMa89FJXUyW+veFpy
+AJWNW9zYVatjPKPyMLr8I7t9KLjviJBBWwE2fbXgvT58IqhqADKt+YJdXlNiD1Mn
+ZaBbbBCO7Mn+aG+yAJBJKPqmjoN1dOXy1FtuNrHHnTYIHyoRD/IR1DtEwlIYHlhZ
++8uy2rXPMA/I8hSCxFgMEJaY8IzfP49sPvwFMfGgnEFk7jmTAczP7rwSeDuvRnWQ
+ztJqu9PQp3Wmek/ea7WV93rBmI6Vipl8P69m3CzQErnuIZUutsjP0BaiU+hENoXu
+ZmlV0MtnNix0j28sTIe49vtb5UTVRJjIwwI1BDGtM4Ukij9tNkDkntrTkpBE3MFk
+9SYi8aAN99kBCNmkwRdY0opwNhGFJwBEwycv7I7d7s/Y79ZSuZBrjB6nB5gU+Xh1
+tDdQZxzHLctnZ2cAjE8BcU2wrgZghWiRZ7YlI0bozXl6/VJaAVhZU7f6ebklXSYF
+JwTrCwam8VbcgoiukMsdv831NmkPD/4sjSJfoqdE4kGHHX/S/N/Q8LiflefYivLX
+X/WtGyRguuYH+8YDqGaCGco8IKmlRDhaME1achjMp/O808B2rxogpsLWu08AF4PJ
+97w01RfjBr8aA5qvZXnCfAnmpRzQjDrjIuNOle834dXvOAANugR22dBbjv7MRtOp
+Xn1whyAEJIwBeAgKe+p1zwWyQNv2Gq+9C0IQ2w4uJsodjNi6YzFnTvm3HulnNr4s
+L+x/i+24iuz0Gf2KbGiR2FtCyKIek0N2NAhPquoI7L0HEP2FKh3OeEH0aCdFcZf/
+Dw19fjqEROaJhVvSgTvXIVh3dnB4e7qlYsMSNQxqCcKQD4D79kjFrOygySU+6xMp
+vUQvOiF46MrPx8KtfiuPTuEji0Y0F9qz1u5vqwelsg5vpoa12h9qSdX/uWKbRqqQ
+x5gHERLoTXT7aMKYuDU3UAMxEEEOaXnOtWNlr3n4H7zMrZ3qvkTRRmGiH8iGkSFn
+w2WO3rr/flfIQAJLSUH5lTmR4j/XBNtOGSAWKaRU3N5cX2zHcS5YxkaBx3u4Ew+D
+qnBNL6oazpe1iaIoxsyC8MOFyoWHmv/ivv7FbpkWFHgN+R2nenIMiHuHQd/62/RC
+PVEoGmaL+XCfSpmstYz9phejRW7LacBt4BMCV7ghqD6vYCR0QBoENp0V5mKyXQ6P
+R2OsYRFGG7kCDQRiP7s5ARAAktZGlZIjclF0dkQxIpJ2cQ0FOEgzzG0hZzIfHzLW
+T7HvuY0XHWAI64yZbDSdHkKTSKbVnrToCayBDu0oISa3gZh+cd5a+Igf4NsIkGNR
+askGnmZYUM+RP1PzKPlVqdPIcXedZvTermRHIyO73f3p5kw+vDryGyubrt2n2IFb
+J7SopNed2kXIs5dyk89mvJ+muPCDD5wYHbdXfpEH+KznROMHOVHzwfHYQ++finuw
+2cjdJbAyZz6QSopAQeg46UEAk/aTGuI3cEFIzDq6cpqS8fvpbHGL5Oi657t2i1TL
+zUCo/4FK027ZLkTXpcB8hbmKFWhfWueDx3aRNvbloJn7kq97RhnE3tgewi+syJsK
+CrOlHc1rD8/JNL9lcr2yuSTmwY80QDVNU3U2ZeqLdxx47O31zR5VCpGu09Ro57bJ
+j5YaMukwmYLiPwTExkTqqryf7QsLq47Tgd+0YnUyq79XEv067ow+FCxbIoSNlQWB
+W2LbNi3JeNPCM0pWdgFuiQE2KFH0s4qulKxEbEtwpVXOH9fmUN23VkI1TnarfRlG
+XgSdOISRbXa0O9Ta85BF/NtoBXRU4CtDdcmT7343PjRPbAF1ixU+KOhDDuaDBUV5
+iD6BXqyHyL6rciYvqHQwmg2ztdFmTewapV112Vv2wpqvbyrzszTtMw8c92Y7Kfge
+fY8AEQEAAYkCPAQYAQoAJhYhBKk0hZTOMSg6gm+92NV2M9RB4lu1BQJiP7s5AhsM
+BQkB4TOAAAoJENV2M9RB4lu1mAsP/R/4E68Rt7oUI/30eTuiRb9C/Zx6EaZVIJBw
+G2cwKB9GkU4vGR2PU1f25vym92fywSP9OavWyDeVqtN8Ar4U4CbD/L9f2JgZMTXr
+HFgxU94uywKOxhLEL8ylgaU89l6af1BynBn3YU/mLQyMHAMTs0uaifjAedeNJq08
+XWP3bVdxRywj/rqAf52KA9Y/C59mCfx4vmYu2r2jbwCCVWOsL5sgWyThyGKuNv1A
+7+k0JYJlsJ8aro9sS0fjscvoyxajDX2u0Mq/dTbjFWiJQbdT2mWMgiOHxpGDGst9
+NH5+JbYZGV/TfeJFDIAW/Pw3gktKt40IP2t6y5vjyUCHEEn2E6pfnr1XmY6EOae5
+hPYJQNUbJw98RdpPPY3l4FY49M312v6dphAj2kBmMv7mbyLrIZoTsHw5Q++ig83V
+i/I1u4tTvZomFn2po3MO3+QL0FTqzwPjiTyUmSO4rMi5EZiLJF5ITSaESFXNGQb4
+UBTuXYgKXY4spWeYpSB2qREhrkXgXrDWEJBwIBJW4ppPI4hRhefGV6wHTRxF24No
+iVPz4ABaTQFkvZbpyTT+DT0CL8tHMwF7Tq3wFQ4Rr82LBS/fWxgzeyYTgZwXXUFY
+YqM7OXwJKVjlgC2B+OEwgXcdRxB4y5asd//D9wVeD0pfiWk+Ohmi/YF9WmFgmrWe
+vK53nZUH
+=V1ID
+-----END PGP PUBLIC KEY BLOCK-----

shadow.service

@@ -0,0 +1,23 @@
+[Unit]
+Description=Verify integrity of password and group files
+
+[Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+ProtectSystem=full
+ProtectHome=read-only
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
+Type=oneshot
+ExecStart=/usr/sbin/pwck -r
+ExecStart=/usr/sbin/grpck -r
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7

shadow.spec

@@ -0,0 +1,388 @@
+#
+# spec file for package shadow
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%if ! %{defined _distconfdir}
+  %define _distconfdir %{_sysconfdir}
+%else
+  %define no_config 1
+%endif
+Name:           shadow
+Version:        4.14.3
+Release:        0
+Summary:        Utilities to Manage User and Group Accounts
+License:        BSD-3-Clause AND GPL-2.0-or-later
+Group:          System/Base
+URL:            https://github.com/shadow-maint/shadow
+Source0:        https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
+Source1:        pamd.tar.bz2
+Source2:        https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
+Source3:        %{name}.keyring
+Source4:        shadow.service
+Source5:        shadow.timer
+# SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbrabec@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches.
+Source40:       shadow-login_defs-check.sh
+# PATCH-FIX-SUSE shadow-login_defs-unused-by-pam.patch kukuk@suse.com -- Remove variables that have no use with PAM.
+Patch0:         shadow-login_defs-unused-by-pam.patch
+# PATCH-FEATURE-SUSE useradd-default.patch kukuk@suse.com -- Change useradd defaults group to 1000.
+Patch1:         useradd-default.patch
+# PATCH-FEATURE-SUSE shadow-util-linux.patch sbrabec@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific.
+Patch2:         shadow-util-linux.patch
+# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
+Patch3:         shadow-login_defs-comments.patch
+# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
+Patch4:         shadow-login_defs-suse.patch
+# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
+Patch5:         disable_new_audit_function.patch
+BuildRequires:  audit-devel > 2.3
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libacl-devel
+BuildRequires:  libattr-devel
+BuildRequires:  libselinux-devel
+BuildRequires:  libsemanage-devel
+BuildRequires:  libtool
+BuildRequires:  pam-devel
+BuildRequires:  xz
+# we depend on libbsd or glibc >= 2.38 for the strlcpy() (and readpassphrase()) functions
+BuildRequires:  glibc-devel >= 2.38
+Requires:       login_defs >= %{version}
+Requires(pre):  group(root)
+Requires(pre):  group(shadow)
+Requires(pre):  permissions
+Requires(pre):  user(root)
+Provides:       pwdutils = 3.2.20
+Obsoletes:      pwdutils <= 3.2.19
+Provides:       useradd_or_adduser_dep
+BuildRequires:  libeconf-devel
+
+%description
+This package includes the necessary programs for converting plain
+password files to the shadow password format and to manage user and
+group accounts.
+
+%package -n login_defs
+Summary:        The login.defs configuration file
+# Virtual provides for supported variables in login.defs.
+# It prevents references to unknown variables.
+# Upgrade them only if shadow-util-linux.patch or
+# encryption_method_nis.patch has to be ported!
+# Call shadow-login_defs-check.sh before!
+Group:          System/Base
+Provides:       login_defs-support-for-pam = 1.5.2
+Provides:       login_defs-support-for-util-linux = 2.37
+BuildArch:      noarch
+
+%description -n login_defs
+This package contains the default login.defs configuration file
+as used by util-linux, pam and shadow.
+
+%package -n libsubid4
+Summary:        A library to manage subordinate uid and gid ranges
+Group:          System/Base
+
+%description -n libsubid4
+Utility library that provides a way to manage subid ranges.
+
+%package -n libsubid-devel
+Summary:        Development files for libsubid4
+Group:          System/Base
+Requires:       libsubid4 = %{version}
+
+%description -n libsubid-devel
+Development files for libsubid4.
+
+%prep
+%setup -q -a 1
+%patch0
+%patch1
+%patch2
+%patch3
+%patch4
+%if 0%{?suse_version} < 1330
+%patch5 -p1
+%endif
+
+iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
+mv -v doc/HOWTO.utf8 doc/HOWTO
+
+%build
+export CFLAGS="%{optflags} -fpie"
+export LDFLAGS="-pie"
+
+autoreconf -fvi
+%configure \
+  --enable-shadowgrp \
+  --enable-account-tools-setuid \
+  --with-audit \
+  --with-libpam \
+  --with-sha-crypt \
+  --with-acl \
+  --with-attr \
+  --with-nscd \
+  --with-selinux \
+  --without-libcrack \
+  --without-libbsd \
+  --with-group-name-max-length=32 \
+  --enable-vendordir=%{_distconfdir}
+%make_build
+#  --disable-shared \ currently doesn't build with this. See https://github.com/shadow-maint/shadow/issues/336
+
+%install
+%make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
+# Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389
+%make_install -C man install-man
+
+install -Dm644 %{SOURCE4} %{buildroot}%{_unitdir}/shadow.service
+install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer
+
+# add empty /etc/sub{u,g}id files
+touch %{buildroot}/%{_sysconfdir}/subuid
+touch %{buildroot}/%{_sysconfdir}/subgid
+
+# Remove binaries we don't use.
+rm %{buildroot}/%{_bindir}/groups
+rm %{buildroot}/%{_mandir}/man1/groups.*
+rm %{buildroot}/%{_mandir}/*/man1/groups.*
+
+rm %{buildroot}/%{_sbindir}/grpconv
+rm %{buildroot}/%{_mandir}/man8/grpconv.*
+rm %{buildroot}/%{_mandir}/*/man8/grpconv.*
+rm %{buildroot}/%{_sbindir}/grpunconv
+rm %{buildroot}/%{_mandir}/man8/grpunconv.*
+rm %{buildroot}/%{_mandir}/*/man8/grpunconv.*
+
+rm %{buildroot}/%{_sbindir}/groupmems
+rm %{buildroot}/%{_mandir}/man8/groupmems.*
+rm %{buildroot}/%{_mandir}/*/man8/groupmems.*
+rm %{buildroot}%{_sysconfdir}/pam.d/groupmems
+
+rm %{buildroot}/%{_bindir}/login
+rm %{buildroot}/%{_mandir}/man1/login.*
+rm %{buildroot}/%{_mandir}/*/man1/login.*
+rm %{buildroot}%{_sysconfdir}/pam.d/login
+
+rm %{buildroot}/%{_bindir}/su
+rm %{buildroot}/%{_mandir}/man1/su.*
+rm %{buildroot}/%{_mandir}/*/man1/su.*
+rm %{buildroot}/%{_mandir}/man5/suauth.*
+rm %{buildroot}/%{_mandir}/*/man5/suauth.*
+rm %{buildroot}%{_sysconfdir}/pam.d/su
+
+rm %{buildroot}/%{_bindir}/faillog
+rm %{buildroot}/%{_mandir}/man5/faillog.*
+rm %{buildroot}/%{_mandir}/*/man5/faillog.*
+rm %{buildroot}/%{_mandir}/man8/faillog.*
+rm %{buildroot}/%{_mandir}/*/man8/faillog.*
+
+rm %{buildroot}/%{_sbindir}/logoutd
+rm %{buildroot}/%{_mandir}/man8/logoutd.*
+rm %{buildroot}/%{_mandir}/*/man8/logoutd.*
+rm %{buildroot}/%{_sbindir}/nologin
+rm %{buildroot}/%{_mandir}/man8/nologin.*
+rm %{buildroot}/%{_mandir}/*/man8/nologin.*
+
+rm %{buildroot}/%{_sbindir}/chgpasswd
+rm %{buildroot}/%{_mandir}/man8/chgpasswd.*
+rm %{buildroot}/%{_mandir}/*/man8/chgpasswd.*
+rm %{buildroot}%{_sysconfdir}/pam.d/chgpasswd
+
+rm %{buildroot}/%{_mandir}/man3/getspnam.*
+rm %{buildroot}/%{_mandir}/*/man3/getspnam.*
+rm %{buildroot}/%{_mandir}/man5/gshadow.5*
+rm %{buildroot}/%{_mandir}/*/man5/gshadow.5*
+rm %{buildroot}/%{_mandir}/man5/passwd.5*
+rm %{buildroot}/%{_mandir}/*/man5/passwd.5*
+
+rm -rf %{buildroot}%{_mandir}/{??,??_??}
+
+rm %{buildroot}/%{_libdir}/libsubid.{la,a}
+
+# Move /etc to /usr/etc
+if [ ! -d %{buildroot}%{_distconfdir} ]; then
+    mkdir -p %{buildroot}%{_distconfdir}
+    mkdir -p %{buildroot}%{_pam_vendordir}
+    mv %{buildroot}%{_sysconfdir}/login.defs %{buildroot}%{_distconfdir}
+    mv %{buildroot}%{_sysconfdir}/pam.d/* %{buildroot}%{_pam_vendordir}/
+fi
+mkdir -p %{buildroot}%{_sysconfdir}/login.defs.d
+
+%find_lang shadow
+
+%pre
+%service_add_pre shadow.service shadow.timer
+for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
+  test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
+done
+
+%pre -n login_defs
+test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs.rpmsave.old ||:
+
+%post
+%set_permissions %{_bindir}/chage
+%set_permissions %{_bindir}/chfn
+%set_permissions %{_bindir}/chsh
+%set_permissions %{_bindir}/expiry
+%set_permissions %{_bindir}/gpasswd
+%set_permissions %{_bindir}/newgrp
+%set_permissions %{_bindir}/passwd
+%set_permissions %{_bindir}/newgidmap
+%set_permissions %{_bindir}/newuidmap
+
+%service_add_post shadow.service shadow.timer
+
+%verifyscript
+%verify_permissions %{_bindir}/chage
+%verify_permissions %{_bindir}/chfn
+%verify_permissions %{_bindir}/chsh
+%verify_permissions %{_bindir}/expiry
+%verify_permissions %{_bindir}/gpasswd
+%verify_permissions %{_bindir}/newgrp
+%verify_permissions %{_bindir}/passwd
+%verify_permissions %{_bindir}/newgidmap
+%verify_permissions %{_bindir}/newuidmap
+
+%preun
+%service_del_preun shadow.service shadow.timer
+
+%postun
+%service_del_postun shadow.service shadow.timer
+
+%posttrans
+%if %{defined no_config}
+# Migration to /usr/etc
+for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
+  test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
+done
+%endif
+
+%posttrans -n login_defs
+# rpmsave file can be created by
+# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3)
+# - Migration to /usr/etc (after SLE15 and Leap 15)
+test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||:
+
+%post -n libsubid4 -p /sbin/ldconfig
+%postun -n libsubid4 -p /sbin/ldconfig
+
+%files -f shadow.lang
+%license COPYING
+%doc NEWS doc/HOWTO README
+%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
+%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
+%if %{defined no_config}
+%{_pam_vendordir}/chage
+%{_pam_vendordir}/chfn
+%{_pam_vendordir}/chsh
+%{_pam_vendordir}/passwd
+%{_pam_vendordir}/chpasswd
+%{_pam_vendordir}/groupadd
+%{_pam_vendordir}/groupdel
+%{_pam_vendordir}/groupmod
+%{_pam_vendordir}/newusers
+%{_pam_vendordir}/useradd
+%{_pam_vendordir}/userdel
+%{_pam_vendordir}/usermod
+%else
+%config %{_sysconfdir}/pam.d/chage
+%config %{_sysconfdir}/pam.d/chfn
+%config %{_sysconfdir}/pam.d/chsh
+%config %{_sysconfdir}/pam.d/passwd
+%config %{_sysconfdir}/pam.d/chpasswd
+%config %{_sysconfdir}/pam.d/groupadd
+%config %{_sysconfdir}/pam.d/groupdel
+%config %{_sysconfdir}/pam.d/groupmod
+%config %{_sysconfdir}/pam.d/newusers
+%config %{_sysconfdir}/pam.d/useradd
+%config %{_sysconfdir}/pam.d/userdel
+%config %{_sysconfdir}/pam.d/usermod
+%endif
+%verify(not mode) %attr(2755,root,shadow) %{_bindir}/chage
+%verify(not mode) %attr(4755,root,shadow) %{_bindir}/chfn
+%verify(not mode) %attr(4755,root,shadow) %{_bindir}/chsh
+%verify(not mode) %attr(4755,root,shadow) %{_bindir}/expiry
+%verify(not mode) %attr(4755,root,shadow) %{_bindir}/gpasswd
+%verify(not mode) %attr(4755,root,root) %{_bindir}/newgrp
+%verify(not mode) %attr(4755,root,shadow) %{_bindir}/passwd
+%verify(not mode) %attr(4755,root,shadow) %{_bindir}/newgidmap
+%verify(not mode) %attr(4755,root,shadow) %{_bindir}/newuidmap
+%{_bindir}/sg
+%{_bindir}/getsubids
+%attr(0755,root,root) %{_sbindir}/groupadd
+%attr(0755,root,root) %{_sbindir}/groupdel
+%attr(0755,root,root) %{_sbindir}/groupmod
+%{_sbindir}/grpck
+%{_sbindir}/pwck
+%attr(0755,root,root) %{_sbindir}/useradd
+%attr(0755,root,root) %{_sbindir}/userdel
+%attr(0755,root,root) %{_sbindir}/usermod
+%{_sbindir}/pwconv
+%{_sbindir}/pwunconv
+%attr(0755,root,root) %{_sbindir}/chpasswd
+%attr(0755,root,root) %{_sbindir}/newusers
+%{_sbindir}/vipw
+%{_sbindir}/vigr
+%{_mandir}/man1/chage.1%{?ext_man}
+%{_mandir}/man1/chfn.1%{?ext_man}
+%{_mandir}/man1/chsh.1%{?ext_man}
+%{_mandir}/man1/expiry.1%{?ext_man}
+%{_mandir}/man1/gpasswd.1%{?ext_man}
+%{_mandir}/man1/newgrp.1%{?ext_man}
+%{_mandir}/man1/passwd.1%{?ext_man}
+%{_mandir}/man1/sg.1%{?ext_man}
+%{_mandir}/man3/shadow.3%{?ext_man}
+%{_mandir}/man5/shadow.5%{?ext_man}
+%{_mandir}/man8/chpasswd.8%{?ext_man}
+%{_mandir}/man8/groupadd.8%{?ext_man}
+%{_mandir}/man8/groupdel.8%{?ext_man}
+%{_mandir}/man8/groupmod.8%{?ext_man}
+%{_mandir}/man8/grpck.8%{?ext_man}
+%{_mandir}/man8/newusers.8%{?ext_man}
+%{_mandir}/man8/pwck.8%{?ext_man}
+%{_mandir}/man8/pwconv.8%{?ext_man}
+%{_mandir}/man8/pwunconv.8%{?ext_man}
+%{_mandir}/man8/useradd.8%{?ext_man}
+%{_mandir}/man8/userdel.8%{?ext_man}
+%{_mandir}/man8/usermod.8%{?ext_man}
+%{_mandir}/man8/vigr.8%{?ext_man}
+%{_mandir}/man8/vipw.8%{?ext_man}
+%{_mandir}/man5/subuid.5%{?ext_man}
+%{_mandir}/man5/subgid.5%{?ext_man}
+%{_mandir}/man1/newgidmap.1%{?ext_man}
+%{_mandir}/man1/newuidmap.1%{?ext_man}
+%{_mandir}/man1/getsubids.1%{?ext_man}
+
+%{_unitdir}/*
+
+%files -n login_defs
+%dir %{_sysconfdir}/login.defs.d
+%if %{defined no_config}
+%attr(0644,root,root) %{_distconfdir}/login.defs
+%else
+%attr(0644,root,root) %config %{_sysconfdir}/login.defs
+%endif
+%{_mandir}/man5/login.defs.5%{?ext_man}
+
+%files -n libsubid4
+%{_libdir}/libsubid.so.*
+
+%files -n libsubid-devel
+%dir %{_includedir}/shadow
+%{_includedir}/shadow/subid.h
+%{_libdir}/libsubid.so
+
+%changelog

shadow.timer

@@ -0,0 +1,7 @@
+[Unit]
+Description=Daily verification of password and group files
+
+[Timer]
+OnCalendar=daily
+AccuracySec=12h
+Persistent=true

useradd-default.patch

@@ -0,0 +1,13 @@
+Index: src/useradd.c
+===================================================================
+--- src/useradd.c.orig
++++ src/useradd.c
+@@ -87,7 +87,7 @@ const char *Prog;
+ /*
+  * These defaults are used if there is no defaults file.
+  */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";