ALP-pool/shadow
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 shadow revision 45f99913f2a794e57cd95c2bbc9705c7

Browse Source
This commit is contained in:
Adrian Schröter 2024-01-19 16:36:54 +01:00
commit 7fd7222e5f
16 changed files with 3182 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

28
disable_new_audit_function.patch Normal file
View File

@ -0,0 +1,28 @@
Index: shadow-4.5/src/lastlog.c
===================================================================
--- shadow-4.5.orig/src/lastlog.c
+++ shadow-4.5/src/lastlog.c
@@ -221,12 +221,15 @@ static void update_one (/*@null@*/const
strcpy (ll.ll_host, "localhost");
#endif
strcpy (ll.ll_line, "lastlog");
+/*
#ifdef WITH_AUDIT
audit_logger (AUDIT_ACCT_UNLOCK, Prog,
"clearing-lastlog",
pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
#endif
+*/
}
+/*
#ifdef WITH_AUDIT
else {
audit_logger (AUDIT_ACCT_UNLOCK, Prog,
@@ -234,6 +237,7 @@ static void update_one (/*@null@*/const
pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
}
#endif
+*/
if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
fprintf (stderr,

BIN
pamd.tar.bz2 (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
shadow-4.14.3.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
shadow-4.14.3.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmWlu4sACgkQnowa+77/
2zKCIw//Ts0DjkUGf8j7T6SyLGBWpK0pMxXRFxK4SNlLAsirMMAvxjKZH59YpyY3
G2RR7UdRDBHRFSQaWERW3B9YTwzyu9ficYCvQO3Jq/sYSBkuF59R0Q8pPB1zB0t2
sRX+9IGdk6en6NTEmfehjbTb7oaf7etsMHe1UK4hgfQA22Pse8pMI1+9mcsNRIaK
gFsJl9oXV2qwyJXCqkMfatYD7gF5rTJPTa8fXlBC4dqx6/ew9wzfG7Pu+9OXrX6W
TosrwjYrpe00NhHlhN5iJoWyCUALipVazXgHW5zhGfvoIcYh97pJVm1FpLJS2l6C
u3Y7A6HnKCaWFsIvWbmuop2ldFMgZgmtJkwcse9v8K0ZC/ncqWMp9VVEdMnbgfFe
eGvQKwpwj+B9LPx++s4H4NGt8iOtBAFZ4nmKXGNMegmgiMUbakdmiPpOwKQuS0kD
5lTWBQRbaxFuAxTxKy+i2cb5nEF1ZjQk/G9K8JilgFLSMefLHXliA7kNXK+pOtAC
eib17E9U20B0Mr0o7aDrBmJR/UoGmxmjIHL0OtXqvOWeT8aFCemKsjyv+E0v6Gva
es6PukZA0AzoWoJDtl7BpN6nKQNhHr68pm4QxuEW/g3FsoY0Zd1d8bChjVeyg9qZ
NZJ9peXzf4uNcakHgJJ7fHnN+nw89UAZap+21RO1a3vEQh590kU=
=vpSr
-----END PGP SIGNATURE-----

286
shadow-login_defs-check.sh Normal file
View File

@ -0,0 +1,286 @@
#!/bin/bash
# login.defs and lib/getdef.c contain support for third party variables.
# It also contains support for variables that are unusable in installations with PAM support enabled.
# This script generates a list of used and unused variables in login.defs
# with respect to the current configuration.
# Arguments: arguments of osc build
# If the shadow-login_defs-check-unused.lst is generated, you should
# update login.defs.
set -o errexit
echo "Preparing..."
# Check for required commands
which quilt >/dev/null
which osc >/dev/null
# login.defs is shared with util-linux login, su and runuser.
# Extract list of referenced variables.
if ! test -f openSUSE:Factory/util-linux/BUILD/*/configure.ac ; then
echo "Checking out util-linux..."
if test -d ../util-linux ; then
echo -n "../util-linux found. Are you preparing new version? (y/N) "
read
if test "${REPLY:0:1}" = "y" ; then
mkdir -p openSUSE:Factory
cp -a ../util-linux openSUSE:Factory/
else
osc co openSUSE:Factory util-linux
fi
else
osc co openSUSE:Factory util-linux
fi
cd openSUSE:Factory/util-linux
quilt setup -d BUILD util-linux.spec
cd BUILD/*
quilt push -a
cd ../../../..
fi
echo "Extracting variables from util-linux..."
cd openSUSE:Factory/util-linux/BUILD/*
(
grep -rh getlogindefs . |
sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
grep -rh logindefs_setenv . |
sed -n 's/^.*logindefs_setenv*("[A-Z0-9_]*", "\([A-Z0-9_]*\)".*$/\1/p'
) |
LC_ALL=C sort -u >../../../../shadow-login_defs-check-util-linux.lst
cd ../../../..
# login.defs is shared pam_unix*.so, pam_faildelay.so and pam_umask.so.
# Extract list of referenced variables.
if ! test -f openSUSE:Factory/pam/BUILD/*/configure.ac ; then
echo "Checking out pam..."
if test -d ../pam ; then
echo -n "../pam found. Are you preparing new version? (y/N) "
read
if test "${REPLY:0:1}" = "y" ; then
mkdir -p openSUSE:Factory
cp -a ../pam openSUSE:Factory/
else
osc co openSUSE:Factory pam
fi
else
osc co openSUSE:Factory pam
fi
cd openSUSE:Factory/pam
quilt setup -d BUILD pam.spec
cd BUILD/*
quilt push -a
cd ../../../..
fi
echo "Extracting variables from pam..."
cd openSUSE:Factory/pam/BUILD/*
grep -rh LOGIN_DEFS . |
sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' |
LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst
cd ../../../..
if ! test -f shadow-login_defs-check-build/stamp ; then
echo "Performing preprocessing of shadow by osc..."
if ! test -f shadow.spec.shadow-login_defs-check-save ; then
cp -a shadow.spec shadow.spec.shadow-login_defs-check-save
# In case of shadow, variables extraction is more complicated. The list
# depends on configure options, so we have to perform a fake build and
# extract variables from prepreocessed sources.
# sed -i '/^%make_build/i\_smp_mpflags="%{?_smp_mpflags} -k CPPFLAGS=\\"-E\\""' shadow.spec
sed -i 's/^%make_build/%make_build -k CPPFLAGS=\\"-E\\"/' shadow.spec
if cmp -s shadow.spec shadow.spec.shadow-login_defs-check-save ; then
echo "$0: Please fix sed expression modifying shadow.spec."
mv shadow.spec.shadow-login_defs-check-save shadow.spec
exit 1
fi
fi
if osc build "$@" ; then
echo "This build command was expected to fail, but it succeeded."
echo "$0: Please fix sed expression modifying shadow.spec."
mv shadow.spec.shadow-login_defs-check-save shadow.spec
exit 1
else
echo "This build command was expected to fail."
echo ""
fi
mv shadow.spec.shadow-login_defs-check-save shadow.spec
BUILD_ROOT=$(osc lbl | sed -n 's/^.*Using BUILD_ROOT=//p')
BUILD_DIR=$(osc lbl | sed -n 's/^.* cd //p' | head -n1)
rm -rf shadow-login_defs-check-build
mkdir shadow-login_defs-check-build
cp -a "$BUILD_ROOT/$BUILD_DIR"/shadow-* shadow-login_defs-check-build/
touch shadow-login_defs-check-build/stamp
fi
echo "Extracting list of deleted binaries..."
sed -n 's~rm %{buildroot}/%{_\(s\|\)bindir}/\(.*\)$~\2~p' <shadow.spec >shadow-login_defs-check-deleted.lst
# The build above is optional only for case of failure or edits in the
# code below. If any other build was performed, don't expect correct
# results.
cd shadow-login_defs-check-build/shadow-*
echo "Extracting variables from etc/login.defs..."
# Extract variables referenced in login.defs, both active and commented out.
sed -n "s/^#//;s/\([A-Z0-9_]*\)\([[:space:]].*\|\)$/\1/p" <etc/login.defs | sed '/^$/d' | uniq | sed '/^$/d' >../../shadow-login_defs-check-login_defs.lst
LC_ALL=C sort -u ../../shadow-login_defs-check-login_defs.lst >../../shadow-login_defs-check-login_defs-sorted.lst
echo "Extracting variables from lib/getdef.c..."
# Extract variables referenced in lib/getdef.c using current defines.
sed -n 's/^\(},\|\) {"\([A-Z0-9_]*\)", /\2/p' <lib/libshadow_la-getdef.o >../../shadow-login_defs-check-getdef.lst
LC_ALL=C sort -u ../../shadow-login_defs-check-getdef.lst >../../shadow-login_defs-check-getdef-sorted.lst
echo "Extracting variables from shadow..."
# Extract variables referenced in preprocessed files.
grep -r '\(getdef[a-z_]*\|call_script\|is_listed\) *( *"[A-Za-z0-9_]*"' |
grep '[^ ]*\.o:' >../../shadow-login_defs-check-shadow.log
cd ../..
export RC=0
echo ""
echo ""
echo "Performing checks..."
sed '
s/^.*\(getdef[a-z_]*\|call_script\|is_listed*\) *( *"\([A-Za-z0-9_]*\)".*$/\2/
' <shadow-login_defs-check-shadow.log | LC_ALL=C sort -u >../../shadow-login_defs-check-shadow-all.lst
sed 's%^\(.*\)%/^.*\\\/\1\.o:/d%' <shadow-login_defs-check-deleted.lst >shadow-login_defs-check-deleted.sed
sed -f shadow-login_defs-check-deleted.sed <shadow-login_defs-check-shadow.log |
sed '
s/^.*\(getdef[a-z_]*\|call_script\|is_listed*\) *( *"\([A-Za-z0-9_]*\)".*$/\2/
' | LC_ALL=C sort -u >shadow-login_defs-check-shadow-used.lst
if ! test -s shadow-login_defs-check-deleted.sed ; then
echo " BUG: Empty shadow-login_defs-check-deleted.sed Results will be unreliable!"
if test $RC -le 4 ; then export RC=4 ; fi
fi
echo ""
echo "Checking that variables in login.defs are referred only once..."
if test $(wc -l shadow-login_defs-check-login_defs.lst | sed 's/ .*//') != $(wc -l shadow-login_defs-check-login_defs-sorted.lst | sed 's/ .*//') ; then
echo " ERROR: Some variable referred at more places of login.defs!"
LC_ALL=C sort shadow-login_defs-check-login_defs.lst >shadow-login_defs-check-login_defs-sorted-nu.lst
diff shadow-login_defs-check-login_defs-sorted-nu.lst shadow-login_defs-check-login_defs-sorted.lst
if test $RC -le 3 ; then export RC=3 ; fi
fi
echo ""
echo "Checking that variables in lib/getdef.c are referred only once..."
if test $(wc -l shadow-login_defs-check-getdef.lst | sed 's/ .*//') != $(wc -l shadow-login_defs-check-getdef-sorted.lst | sed 's/ .*//') ; then
echo " ERROR: Some variable referred at more places of lib/getdef.c!"
LC_ALL=C sort shadow-login_defs-check-getdef.lst >shadow-login_defs-check-getdef-sorted-nu.lst
diff shadow-login_defs-check-getdef-sorted-nu.lst shadow-login_defs-check-getdef-sorted.lst
if test $RC -le 3 ; then export RC=3 ; fi
fi
cat shadow-login_defs-check-shadow-used.lst shadow-login_defs-check-util-linux.lst shadow-login_defs-check-pam.lst | LC_ALL=C sort -u >shadow-login_defs-check-all-used.lst
# RC inside pipe cannot be read directly. Use 3 for a real stdout inside the pipe, and use stdout for RC.
exec 3>&1
function report_packages() {
echo -n " ("
grep -l $1 shadow-login_defs-check-{shadow-used,util-linux,pam}.lst |
sed 's/shadow-login_defs-check-//;s/\.lst//;s/-used//;s/$/, /;$s/, $//' |
tr -d '\n'
echo -n ")"
}
# Extracting variables from shadow is not capable to identify compiled-but-unused library code.
# This function will identify known false matches.
function falsematch() {
case "$1" in
# MAIL_* used by library call mailcheck() used only by login.c that is deleted in the spec.
MAIL_* ) return 0 ;;
# FTMP_FILE used by library call failtmp() used only by login.c that is deleted in the spec.
FTMP_FILE ) return 0 ;;
# ISSUE_FILE used by library call login_prompt() used only by login.c that is deleted in the spec.
ISSUE_FILE ) return 0 ;;
# PREVENT_NO_AUTH us used only by login.c and su.c that are deleted in the spec.
PREVENT_NO_AUTH ) return 0 ;;
* ) return 1 ;;
esac
}
echo ""
echo "Checking that all used variables are covered by login.defs..."
RC=$(cat shadow-login_defs-check-all-used.lst | (
while read ; do
if falsematch "$REPLY" ; then
echo " FALSE MATCH: Variable $REPLY is not present in login.defs$(report_packages $REPLY)" >&3
continue
fi
if ! grep -q -x "$REPLY" shadow-login_defs-check-login_defs-sorted.lst ; then
echo " NOTICE: Variable $REPLY is not present in login.defs$(report_packages $REPLY)" >&3
if test $RC -le 2 ; then RC=2 ; fi
fi
done
echo $RC
) )
echo ""
echo "Checking that all used variables are covered by lib/getdef.c..."
RC=$(cat shadow-login_defs-check-all-used.lst | (
while read ; do
if falsematch "$REPLY" ; then continue ; fi
if ! grep -q -x "$REPLY" shadow-login_defs-check-getdef.lst ; then
echo " ERROR: Variable $REPLY is missing in the parser$(report_packages $REPLY)" >&3
if test $RC -le 3 ; then RC=3 ; fi
fi
done
echo $RC
) )
echo ""
echo "Checking that all used variables referred in login.defs are valid..."
RC=$(cat shadow-login_defs-check-login_defs.lst | (
while read ; do
if ! grep -q -x "$REPLY" shadow-login_defs-check-all-used.lst ; then
echo " ERROR: Failed to find reference for $REPLY" >&3
if test $RC -le 3 ; then RC=3 ; fi
fi
if ! grep -q -x "$REPLY" shadow-login_defs-check-getdef.lst ; then
echo " BUG: Parser does not contain reference for $REPLY" >&3
if test $RC -le 4 ; then RC=4 ; fi
fi
done
echo $RC
) )
echo ""
echo ""
echo "All checks finished."
echo -n "Result: "
case $RC in
0) echo "OK." ;;
1) echo "Notices only. Action is optional." ;;
2) echo "Warnings only. Evaluation is needed." ;;
3) echo "Errors found. Fix is recommended." ;;
4) echo "Fatal error. Fix has to be done." ;;
esac
if test $RC -ge 1 ; then
exit 1
fi
echo "
If you ported shadow-util-linux.patch to the new util-linux version,
please submit these updates:
Change in util-linux.spec:"
sed -n 's/^Version:[[:space:]]*/Requires: login_defs-support-for-util-linux >= /p' <openSUSE\:Factory/util-linux/util-linux.spec
echo "Change in shadow.spec:"
sed -n 's/^Version:[[:space:]]*/Provides: login_defs-support-for-util-linux = /p' <openSUSE\:Factory/util-linux/util-linux.spec
echo "
If you ported shadow-login_defs-unused-by-pam.patch to the new pam version,
please submit these updates:
Change in pam.spec:"
sed -n 's/^Version:[[:space:]]*/Requires: login_defs-support-for-pam >= /p' <openSUSE\:Factory/pam/pam.spec
echo "Change in shadow.spec:"
sed -n 's/^Version:[[:space:]]*/Provides: login_defs-support-for-pam = /p' <openSUSE\:Factory/pam/pam.spec

72
shadow-login_defs-comments.patch Normal file
View File

@ -0,0 +1,72 @@
Improve comments in login.defs.
Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -3,8 +3,6 @@
# Some variables are used by login(1), su(1) and runuser(1) from util-linux
# package as well pam pam_unix(8) from pam package.
#
-# $Id$
-#
#
# Delay in seconds before being allowed another attempt after a login failure
@@ -99,11 +97,14 @@ ENV_PATH /bin:/usr/bin
ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
-# If this variable is set to "yes", su will always set path. every su
-# call will overwrite the PATH variable.
+# If this variable is set to "yes" (default is "no"), su will always set
+# path. every su call will overwrite the PATH variable.
#
# Per default, only "su -" will set a new PATH.
#
+# The recommended value is "yes". The default "no" behavior could have
+# a security implication in applications that use commands without path.
+#
ALWAYS_SET_PATH no
#
@@ -148,6 +149,11 @@ PASS_WARN_AGE 7
#
# Min/max values for automatic uid selection in useradd(8)
#
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
+# UIDs for dynamically allocated administrative and system accounts.
+# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
+# allocated user accounts.
+#
UID_MIN 1000
UID_MAX 60000
# System accounts
@@ -161,6 +167,11 @@ SUB_UID_COUNT 65536
#
# Min/max values for automatic gid selection in groupadd(8)
#
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
+# GIDs for dynamically allocated administrative and system groups.
+# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
+# allocated groups.
+#
GID_MIN 1000
GID_MAX 60000
# System accounts
@@ -196,7 +207,6 @@ LOGIN_TIMEOUT 60
CHFN_RESTRICT rwh
#
-# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
@@ -211,7 +221,6 @@ CHFN_RESTRICT rwh
#MD5_CRYPT_ENAB no
#
-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
# If set to MD5, MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password

148
shadow-login_defs-suse.patch Normal file
View File

@ -0,0 +1,148 @@
Set login.defs defaults for SUSE Linux.
Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -3,6 +3,9 @@
# Some variables are used by login(1), su(1) and runuser(1) from util-linux
# package as well pam pam_unix(8) from pam package.
#
+# For more, see login.defs(5). Please note that SUSE supports only variables
+# listed here! Not listed variables from login.defs(5) have no effect.
+#
#
# Delay in seconds before being allowed another attempt after a login failure
@@ -52,8 +55,8 @@ CONSOLE /etc/securetty
# If defined, ":" delimited list of "message of the day" files to
# be displayed upon login.
#
-MOTD_FILE /etc/motd
-#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+MOTD_FILE ""
+#MOTD_FILE /etc/motd:/usr/share/misc/motd
#
# If set to "yes", login stops display content specified by MOTD_FILE after
@@ -73,8 +76,8 @@ MOTD_FILE /etc/motd
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
-HUSHLOGIN_FILE .hushlogin
-#HUSHLOGIN_FILE /etc/hushlogins
+#HUSHLOGIN_FILE .hushlogin
+HUSHLOGIN_FILE /etc/hushlogins
# If this variable is set to "yes", hostname will be suppressed in the
# login: prompt.
@@ -93,9 +96,9 @@ HUSHLOGIN_FILE .hushlogin
# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
# (and falback for login).
#
-ENV_PATH /bin:/usr/bin
-ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
-#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
+ENV_PATH /usr/local/bin:/bin:/usr/bin
+ENV_ROOTPATH /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+#ENV_SUPATH /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# If this variable is set to "yes" (default is "no"), su will always set
# path. every su call will overwrite the PATH variable.
@@ -105,7 +108,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b
# The recommended value is "yes". The default "no" behavior could have
# a security implication in applications that use commands without path.
#
-ALWAYS_SET_PATH no
+ALWAYS_SET_PATH yes
#
# Terminal permissions
@@ -119,7 +122,7 @@ ALWAYS_SET_PATH no
# set TTYPERM to either 622 or 600.
#
TTYGROUP tty
-TTYPERM 0600
+TTYPERM 0620
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -133,7 +136,7 @@ UMASK 022
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
# home directories.
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
-#HOME_MODE 0700
+HOME_MODE 0700
#
# Password aging controls:
@@ -157,8 +160,8 @@ PASS_WARN_AGE 7
UID_MIN 1000
UID_MAX 60000
# System accounts
-SYS_UID_MIN 101
-SYS_UID_MAX 999
+SYS_UID_MIN 100
+SYS_UID_MAX 499
# Extra per user uids
SUB_UID_MIN 100000
SUB_UID_MAX 600100000
@@ -175,8 +178,8 @@ SUB_UID_COUNT 65536
GID_MIN 1000
GID_MAX 60000
# System accounts
-SYS_GID_MIN 101
-SYS_GID_MAX 999
+SYS_GID_MIN 100
+SYS_GID_MAX 499
# Extra per user group ids
SUB_GID_MIN 100000
SUB_GID_MAX 600100000
@@ -185,7 +188,7 @@ SUB_GID_COUNT 65536
#
# Max number of login(1) retries if password is bad
#
-LOGIN_RETRIES 5
+LOGIN_RETRIES 3
#
# Tell login to only re-prompt for the password if authentication
@@ -207,18 +210,9 @@ LOGIN_TIMEOUT 60
CHFN_RESTRICT rwh
#
-# If set to "yes", new passwords will be encrypted using the MD5-based
-# algorithm compatible with the one used by recent releases of FreeBSD.
-# It supports passwords of unlimited length and longer salt strings.
-# Set to "no" if you need to copy encrypted passwords to other systems
-# which don't understand the new algorithm. Default is "no".
-#
-# Note: If you use PAM, it is recommended to use a value consistent with
-# the PAM modules configuration.
-#
-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+# This variable is deprecated. Use ENCRYPT_METHOD instead!
#
-#MD5_CRYPT_ENAB no
+#MD5_CRYPT_ENAB DO_NOT_USE
#
# If set to MD5, MD5-based algorithm will be used for encrypting password
@@ -233,7 +227,7 @@ CHFN_RESTRICT rwh
# Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
-#ENCRYPT_METHOD DES
+ENCRYPT_METHOD SHA512
#
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
@@ -322,7 +316,7 @@ USERGROUPS_ENAB yes
# This option is overridden with the -M or -m flags on the useradd(8)
# command-line.
#
-#CREATE_HOME yes
+CREATE_HOME yes
#
# Force use shadow, even if shadow passwd & shadow group files are

285
shadow-login_defs-unused-by-pam.patch Normal file
View File

@ -0,0 +1,285 @@
Remove variables that are present in login.defs, but shadow with the
current configuration (e. g. with PAM) does not use them.
It also includes variables used by the current configuration, but deleted
in the spec file.
shadow-login_defs-unused-check.sh makes possible to verify that it is
still up to date.
Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -12,11 +12,6 @@
FAIL_DELAY 3
#
-# Enable logging and display of /var/log/faillog login(1) failure info.
-#
-FAILLOG_ENAB yes
-
-#
# Enable display of unknown usernames when login(1) failures are recorded.
#
LOG_UNKFAIL_ENAB no
@@ -27,11 +22,6 @@ LOG_UNKFAIL_ENAB no
LOG_OK_LOGINS no
#
-# Enable logging and display of /var/log/lastlog login(1) time info.
-#
-LASTLOG_ENAB yes
-
-#
# Limit the highest user ID number for which the lastlog entries should
# be updated.
#
@@ -41,29 +31,6 @@ LASTLOG_ENAB yes
#LASTLOG_UID_MAX
#
-# Enable checking and display of mailbox status upon login.
-#
-# Disable if the shell startup files already check for mail
-# ("mailx -e" or equivalent).
-#
-MAIL_CHECK_ENAB yes
-
-#
-# Enable additional checks upon password changes.
-#
-OBSCURE_CHECKS_ENAB yes
-
-#
-# Enable checking of time restrictions specified in /etc/porttime.
-#
-PORTTIME_CHECKS_ENAB yes
-
-#
-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
-#
-QUOTAS_ENAB yes
-
-#
# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
#
@@ -91,46 +58,12 @@ MOTD_FILE /etc/motd
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
#
-# If defined, this file will be output before each login(1) prompt.
-#
-#ISSUE_FILE /etc/issue
-
-#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format similar to "vt100 tty01".
#
#TTYTYPE_FILE /etc/ttytype
#
-# If defined, login(1) failures will be logged here in a utmp format.
-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
-#
-FTMP_FILE /var/log/btmp
-
-#
-# If defined, name of file whose presence will inhibit non-root
-# logins. The content of this file should be a message indicating
-# why logins are inhibited.
-#
-NOLOGINS_FILE /etc/nologin
-
-#
-# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then ps(1) will display the
-# command as "-su". If not defined, then ps(1) will display the
-# name of the shell actually being run, e.g. something like "-sh".
-#
-SU_NAME su
-
-#
-# *REQUIRED*
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you _do_ define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/spool/mail
-#MAIL_FILE .mail
-
-#
# If defined, file which inhibits all the usual chatter during the login
# sequence. If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file. If not a full pathname, then
@@ -140,21 +73,6 @@ HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
#
-# If defined, either a TZ environment parameter spec or the
-# fully-rooted pathname of a file containing such a spec.
-#
-#ENV_TZ TZ=CST6CDT
-#ENV_TZ /etc/tzname
-
-#
-# If defined, an HZ environment parameter spec.
-#
-# for Linux/x86
-ENV_HZ HZ=100
-# For Linux/Alpha...
-#ENV_HZ HZ=1024
-
-#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
@@ -180,17 +98,13 @@ TTYPERM 0600
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# ULIMIT Default "ulimit" value.
#
# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
KILLCHAR 025
-#ULIMIT 2097152
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -211,28 +125,13 @@ UMASK 022
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
# PASS_WARN_AGE Number of days warning given before a password expires.
#
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
-PASS_MIN_LEN 5
PASS_WARN_AGE 7
#
-# If "yes", the user must be listed as a member of the first gid 0 group
-# in /etc/group (called "root" on most Linux systems) to be able to "su"
-# to uid 0 accounts. If the group doesn't exist or is empty, no one
-# will be able to "su" to uid 0.
-#
-SU_WHEEL_ONLY no
-
-#
-# If compiled with cracklib support, sets the path to the dictionaries
-#
-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
-
-#
# Min/max values for automatic uid selection in useradd(8)
#
UID_MIN 1000
@@ -269,28 +168,6 @@ LOGIN_RETRIES 5
LOGIN_TIMEOUT 60
#
-# Maximum number of attempts to change password if rejected (too easy)
-#
-PASS_CHANGE_TRIES 5
-
-#
-# Warn about weak passwords (but still allow them) if you are root.
-#
-PASS_ALWAYS_WARN yes
-
-#
-# Number of significant characters in the password for crypt().
-# Default is 8, don't change unless your crypt() is better.
-# Ignored if MD5_CRYPT_ENAB set to "yes".
-#
-#PASS_MAX_LEN 8
-
-#
-# Require password before chfn(1)/chsh(1) can make any changes.
-#
-CHFN_AUTH yes
-
-#
# Which fields may be changed by regular users using chfn(1) - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
@@ -299,13 +176,6 @@ CHFN_AUTH yes
CHFN_RESTRICT rwh
#
-# Password prompt (%s will be replaced by user name).
-#
-# XXX - it doesn't work correctly yet, for now leave it commented out
-# to use the default which is just "Password: ".
-#LOGIN_STRING "%s's Password: "
-
-#
# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
@@ -354,45 +224,6 @@ CHFN_RESTRICT rwh
#SHA_CRYPT_MAX_ROUNDS 5000
#
-# Only works if ENCRYPT_METHOD is set to BCRYPT.
-#
-# Define the number of BCRYPT rounds.
-# With a lot of rounds, it is more difficult to brute-force the password.
-# However, more CPU resources will be needed to authenticate users if
-# this value is increased.
-#
-# If not specified, 13 rounds will be attempted.
-# If only one of the MIN or MAX values is set, then this value will be used.
-# If MIN > MAX, the highest value will be used.
-#
-#BCRYPT_MIN_ROUNDS 13
-#BCRYPT_MAX_ROUNDS 13
-
-#
-# Only works if ENCRYPT_METHOD is set to YESCRYPT.
-#
-# Define the YESCRYPT cost factor.
-# With a higher cost factor, it is more difficult to brute-force the password.
-# However, more CPU time and more memory will be needed to authenticate users
-# if this value is increased.
-#
-# If not specified, a cost factor of 5 will be used.
-# The value must be within the 1-11 range.
-#
-#YESCRYPT_COST_FACTOR 5
-
-#
-# List of groups to add to the user's supplementary group set
-# when logging in from the console (as determined by the CONSOLE
-# setting). Default is none.
-#
-# Use with caution - it is possible for users to gain permanent
-# access to these groups, even when not logged in from the console.
-# How to do it is left as an exercise for the reader...
-#
-#CONSOLE_GROUPS floppy:audio:cdrom
-
-#
# Should login be allowed if we can't cd to the home directory?
# Default is no.
#
@@ -407,12 +238,6 @@ DEFAULT_HOME yes
NONEXISTENT /nonexistent
#
-# If this file exists and is readable, login environment will be
-# read from it. Every line should be in the form name=value.
-#
-ENVIRON_FILE /etc/environment
-
-#
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).

139
shadow-util-linux.patch Normal file
View File

@ -0,0 +1,139 @@
Add variables referred by util-linux login, runuser and su, but not by
shadow.
Delete variables used by shadow implementation of login, su and runuser
that has no use in util-linux implementation.
Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -1,5 +1,7 @@
#
# /etc/login.defs - Configuration control definitions for the shadow package.
+# Some variables are used by login(1), su(1) and runuser(1) from util-linux
+# package as well pam pam_unix(8) from pam package.
#
# $Id$
#
@@ -17,9 +19,8 @@ FAIL_DELAY 3
LOG_UNKFAIL_ENAB no
#
-# Enable logging of successful logins
+# Enable "syslog" logging of newgrp(1) and sg(1) activity.
#
-LOG_OK_LOGINS no
#
# Limit the highest user ID number for which the lastlog entries should
@@ -31,10 +32,9 @@ LOG_OK_LOGINS no
#LASTLOG_UID_MAX
#
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition
+# to sulog file logging.
#
-SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
#
@@ -58,6 +58,12 @@ MOTD_FILE /etc/motd
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
#
+# If set to "yes", login stops display content specified by MOTD_FILE after
+# the first accessible item in the list.
+#
+#MOTD_FIRSTONLY no
+
+#
# If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format similar to "vt100 tty01".
#
@@ -72,12 +78,33 @@ MOTD_FILE /etc/motd
HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
+# If this variable is set to "yes", hostname will be suppressed in the
+# login: prompt.
+#LOGIN_PLAIN_PROMPT no
+
#
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH PATH=/bin:/usr/bin
+#
+# ENV_PATH: The default PATH settings for non-root.
+#
+# ENV_ROOTPATH: The default PATH settings for root
+# (used by login, su and runuser).
+#
+# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
+# (and falback for login).
+#
+ENV_PATH /bin:/usr/bin
+ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
+#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
+
+# If this variable is set to "yes", su will always set path. every su
+# call will overwrite the PATH variable.
+#
+# Per default, only "su -" will set a new PATH.
+#
+ALWAYS_SET_PATH no
#
# Terminal permissions
@@ -93,19 +120,6 @@ ENV_PATH PATH=/bin:/usr/bin
TTYGROUP tty
TTYPERM 0600
-#
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
@@ -163,6 +177,12 @@ SUB_GID_COUNT 65536
LOGIN_RETRIES 5
#
+# Tell login to only re-prompt for the password if authentication
+# failed, but the username is valid. The default value is no.
+#
+LOGIN_KEEP_USERNAME no
+
+#
# Max time in seconds for login(1)
#
LOGIN_TIMEOUT 60
@@ -315,14 +335,6 @@ CHARACTER_CLASS [ABCDEFGHIJKLMNO
#GRANT_AUX_GROUP_SUBIDS yes
#
-# Prevents an empty password field to be interpreted as "no authentication
-# required".
-# Set to "yes" to prevent for all accounts
-# Set to "superuser" to prevent for UID 0 / root (default)
-# Set to "no" to not prevent for any account (dangerous, historical default)
-PREVENT_NO_AUTH superuser
-
-#
# Select the HMAC cryptography algorithm.
# Used in pam_timestamp module to calculate the keyed-hash message
# authentication code.

1081
shadow.changes Normal file
View File

File diff suppressed because it is too large Load Diff

667
shadow.keyring Normal file
View File

@ -0,0 +1,667 @@
Serge Hallyn <serge@hallyn.com>
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFdP52sBEADlYeZv86QBwFAdQAXDM4J/8S4itUzVdbT/VLgsD/Rwy24nPgYG
4CaYyekBcrAeUBSAv6jP5fmofKYgiPzoJZjBn/4THk0O5gnX8X8xrEpONroksNvK
9dv/EgbrYoFbHpifLcoL7G+7ZvMU5bN5a5Zt1pfaru9FWaWFOZfy+iSU04KvOuPk
7vOYM1+smgnVJWx4SMcfqisO6qqYeRQm2Vm6ZfvHvt86wCdOkVbErRCNmKekaCxd
Pedx7zEFe8evGaqrpQn0PJ9sw/l1HqtKHD80fGp57fUCsbu4H6E4acsKgI+btlJh
dPknuz/fNoSWN/ifr+Kb4OtsHA8fyYqSO6Nqxbj97/IdcIxcasbvVoorqbLdE6+3
GNzqrmVCh6wZWOOAMlD3a2KJHM9rS7r9K117CAr96VLwv2o5bL82sNRl1iH3OltU
Y9/mvpLHxJUOdbK9dMZ9pVGDZhXj9ZzbG01Ylc8pl2Q/Od55bJjIZD20V20vm4J0
AP0A9l6dtQsi5kqfg8AtOsZc9o9RD3rE9WLkXtYiRFrvI6if8C2mydPKflU+L061
+pLw4MeKEsXXDkBjeTQIvKXtca9iZQxJi374XeUu2yAIiuRSfb30C7RdcX9Bwzk0
HLFP1OsXOVMTt6w9oiYnQ3yR2yaSeX6U7bvumZFuSwh+RTCIzpO6po+x7QARAQAB
tCRDaHJpc3RpYW4gQnJhdW5lciA8Y2JyYXVuZXJAc3VzZS5kZT6IRgQQEQIABgUC
V216YAAKCRBJNgs7HfuhZOnxAKDmGfKHuex5iSPel0BrcU2nrBo6VQCg3cKVvSGo
ie7iseyA6DoUL/0RrFCIRgQQEQIABgUCV3AffwAKCRA4mlY8wnKhJnsAAJ9ni9Ra
0+GYkwrJZM/31a9wgpbqTQCfYF3g2jYzmaV7bZDhvo7rP4E3kUSIRgQQEQIABgUC
V3JksQAKCRBdQqD6ppg2fouqAJwI3RpqSBaiqmtmeuHg1m771/9w0gCdGJf/7ZbE
dzQl9BqPtUnvbCUScluJARwEEAECAAYFAldv6zMACgkQYouCpvbsIhoRcwgAnnzD
IRkmnt44u1FN4WWCAPolbi3HzcQXyDLm4/5/DXrL/h7OhLSzmOXKGXpQJR5LXVeY
L3Ikb1ZCBv0BxBQWLoR3fq0Ulv+o0vrNGbYLeb9XqfjPYvRb+KIYC8o10Y9vs9MQ
S9ZdGAed8q3zawsuop+vwBEGaEQEeJZudYFRnOEux9Mnq6d9DwDftKCGfP+TjjkN
uhOdoQMK0ZvVShcLpc4yDuf3qeBaL0jSKGcdNAyqFmnE93ud5ZxD3GeRI+Mx+p7S
TTVMKvxFxTPxH+wt7nTVi39k53A1frHvOjZ7ZSf2b7ouKxUV1SQL5aPCgKW/pIHK
mwF/f9IZzPgPi7AjGYkCHAQQAQIABgUCV3AfhAAKCRBSlCSj/5Eqy3YeD/9PPubd
Yn/QCjuu3WqgtpGfSb9F3ogMnc4mUZ8QAmVYKGWzHAogLr8V/CwCgCV1LCDbo00g
1R4ecs2FlNFBGTiGqNSFXCsf8ka7r2ArZ1/BNP63l7MYpAsK8n89dnOSN8HxuDeV
RafcGpF1HZsG4PqcoMAqkvXR6ssgkg7jZ2X9ttbEWWarAJPmzV2jlKjnAXwJDvIK
pNHm71hoFrbBBraeq/K2tv670uZIFwZ1Wgm8QiuZXUbfZSSQmiu3Et5khnx6iDY7
jc+bRNYfCHZKo220mDU5EltKwBAM5X5rcWSXfZsWX8ytyVrmRIb1Cq8oQ1BzVvMQ
sMhtdMyoDLBlQ9vuH6eiNlADumBBCpHX0U4CaJ/5dUPV0YMuw7gtIXOiQ9FIEoWs
50yr8c5jZ8upbeFg7fYY0I0vIn9z7BigwOr3j5tuQbhjrmgTYNGGfSOfK/ukGgpd
+f+dleJCur9bdD9mFots1Op1A9AaKzs5VZGKi2/CUNqAMV3UV7/xt+5+xXMHBR2V
LHNynyBxqHwfpjPH1bu0d5R3ULsjX3qKBkdg/ogiANj2B43lewNUIeypY/jeG9dN
dLqrkXVSpJ4LN7u9L10kT8K8shDUznazGLPC0LNYSqG0/kPNtH7zEfP7b3QMixyz
GK3dF7ynC9WWBT+S6LcOdAAIAVS7LXnJQ4NjiIkCHAQQAQIABgUCV3E7PAAKCRB7
9ynV58gfoKNJD/0Z22zhbDtwnGK6GaiTWcSp8clBW6aBg2jo8kmle7K9XXH72byQ
KundNBiRbNLHIXTMPvpw7Thb5FGTk5+VR14YB2qO3MvCXRacBST+YsfzmJeVhs21
GLtvfEleTxc7Xd8KYvEY5IRHeq7OnJ0q7SZP7z/i9LytX4JObrVTpwpBFTqlUlrj
t+lzOCSAQGCnVTmdkryuh2j/sso6PbPS6IxA1f3RRn731rhZ41KIkteP7tJMAIkh
XnucHYm9UFdzT0NJLyDKiREvG1HW7E7OJO5jWudqbAhpTjeJl395miEFC9EDs3vO
wAj6ZwJ0B4ZiMvdBs1+KRt7CgkXoVcF5vABz8kbtfEQg8UfPK0qQMnvevQyQglCD
TWglSxbCOeZvABwZUCldvxcaSoQ1QsoOrMNTgADqv0RlPCqzBH5vLjFt/Iw6dXSr
g3cRvz8ztwrcgWE1CtVRs3i9xhCbHprP5rXp8UZXuTSH/6I8FInGhq/FWbI5uk2e
6G5KY4Jmo0lbJa1okX5T2eK3+eDCNGS2MfKMXnhFX1qY2LAzkjR5pfFtDmE0ZO26
7nUMdJcIGic/zXgU/hpY0uUwB0z17rV3Me77VO89NJS4UT1BKQUe55sxpJQS0u8D
o8CAgyD6CBU/ipMvqFtYqwPNp0jjfLlDjf4IJAEEpWV6Al9hX+v72GVwSIkCHAQQ
AQgABgUCV0/zrAAKCRD2MFllAQJtta13EADFWwQ2s8ENOx1KXJWm8v3merMm8jVS
zAJGwhp/sEJI01sBKMh4a8IUvvr9Twj5AIHnWjxDwzs/xowDjjx9HHjbUGQeu5bI
CFsCnccA+3PJkAGFB9OwDfvdMInacu8w0/TgGMUTPsAEG3S+gD3pwA5vfdUDeqiu
WlH3iElZkRFg8Xo4o+fn2msGFxVVfmTc66957uOtFGqCSIrMgOskkLGS0WSEW/v7
9xFyIrnLTd83omcJNBr/uaPqsee6NXv+/xxkf8E10Dms3XZtRiVPDHjBis7lobB+
q6P28e5M9e706BmlBvWNyDGE3dv6rKYqi4VUSC5tVacIpeP5M6QFRIa/KpcBFYce
S10M0zl0CCegm6/CjX+zvsWxO48yVpP0E+O+ML0MkxFxYdu44yLbBGy98Pr6nGVD
qTmZU0rVd92rNH9fLdGa6PdSvmV2K/3W3uFtcopvi3rnSRmY9j1zClJ2w37cuDOi
sCD1ZdA2aAUCgQRDjhqCSoozDbSmMeZ9d4WllIMIWKb4ZKs0zZyWY/qM2VOkxdBc
I/7s62TSSTm1fEInTXIiBb6GMVdqa6TCJUtxRrkNye0d+hehvPI3KILZcGokFa8/
PLVOGGAdhczhyOSVsVphvN90nUUbw9uxQG+TA0KysYH9HNDgOsO0o0K5AoHK9fQO
DtaizAC58tZq94kCHAQQAQgABgUCV25NmAAKCRBKI+NPoDNDbU91EACEj+L501sg
Z57NDvfwK21fPHDdpU49G8qjCGj8XgUWC4Aoilyp16WBzAf2Z+YOGbXX5jG/KgkT
JjkxvBY5vo6KX+THPc0l1l2AwSP4+gc/RcpJhvCajYW4UpPaOykPSeVj26ng7uIZ
qE6/THrDzbTa+nlHiw/qjW1KMR06m0B9zreh1NurBY9+ZPMbC8K6uXbAjGEDBPsZ
Bt7mhh0x2ZGirXcKSO0QPHnE1tl08/4toBWMzx4SzMvoLMREeLgsqrEx4UYNPMrK
eLZg7rTWNt6u51ekJaz7e3oLAScxEKeQ3+JsUgkdMYyI6jZWJhB8PBlU8B1Ukdxz
8W/DzFhJThNLsTSJ47f9H1/EBsXjiU8tLAyHjMqXW4jiicUXMm+6kKZ4bgirK9OI
5nbFm5v5LBQAZ5WxOANlELX1A6U+M6QbblqBDokdjsSHcRiGJBy6/+tF4hSyAWi2
ku4VMN6E4eLEPBmQT34l+PB9NHosYQbusSYmzd8ImMOwe6oSE0e4Dp4H2YCBjmj/
QqIadZkUUbyqRo4jMYjXcXukZoPeglcdfL3EOvTJ06w17xMivp4JjdJ2SIOfZ3sW
5SjegvsLNhubOp+tnBxgOgepXwDU/IsnOCCjWcs2ZGkV6bcWCe+6JLK7bFe6Iuo7
G+AI4egrPiV3B8ZCcugnG12zmBSEzGqv/4kCHAQQAQgABgUCV4PEHgAKCRAIw+qn
bsSODNzoD/4raTvmpU9GNDFPOs7sI8iyAsFgbYdvwCVptk9E4wq6bt91HVKXf5PY
bVX6R9zNIZ4tchQfRRtm323C5U7SFpQYok9Lae888o+rsBIhE9QHhbMp9k2Ze8Wj
dXVA8AhMYEQE7vtDD21qiuMl7YMdWWxdaJYdUdg1WKy5GVHyiOcGd1lSDQYblHpv
EzZNkDPdU6SCCApEz2LPA+obUJ7kaiYfynKJ7+BoQagWFE4TDxAQjLS915y79s5D
p/H4DaPKyuUKn6/inBx6Iy+y1KVP5HrkZUiKsB7oklTPhZsmDzsVye2kw0R5CENv
ydEcZiaRunWBnGzDbhquOHnZ4PPlb/l1mGbVt6+SqBdFwwmJvlYG0AReTm83f80+
TfVGMhoAB9OkHOPSYHOFZtmP4n1cFFDGubSrxqcqb+VkcvUW4gk33hC0zQsCdSHo
oBcgtMb0zjHMlTVfzcuJYAgQZ9AXufC9WN6Z/RoZNjXmZF5dMbJRv20ZxDzgBiZm
nt97dglPyGJBNZgKQkq77OHJPe9ExeMs69BwCn4K2d7//dMfOpXQRzM6Ld4K+arG
DXmHMUieYtYVxAFFZ9Pea3C+DHyDjE2rvYKVp7n9X3xMQf0v6eWtTJh8qzgToWjD
HR9o6s5bca9OjjH3N69vHuuOZ3xS7suOhmxwDTNU8V0tatLh4CTuxIkCHAQQAQoA
BgUCV0/4NAAKCRBd6JSaiZyNmbgmEACDOV8itTP6M1FEFtylwhSwikXEcNO+yQCl
7ciXXDUS8mDnxD5ungMDH4AK0617VS2xzvq6uag6hQNsdA6PTG5xHZ03/wCmKQPS
P6bGBAd8G2AsBFpJ1IAATm15u96ulpmHLUmvnFy2zJm5xPYMkZ0vEzd6VEjEWCLf
KmXiYrlWCXmy+T8Ki4MhXEAStg6o/0zswNdjWuWKwvwKxvQ+tKEIEcO0bNxKUH4p
GCSYlDMUmHwb8DWKUk9TP3r09Q4C4NHdfuUo6yYDjovVtbnaOVxqp0Z6N7QZ9PP2
xlYFBFNHv+EHYvrEahefelqQpGsDX8Dmb0jVxtniRImgMhfLRmid46pSQrIxPvJO
xYXID1Gb09eup9sfB33JhnIerKRNaIgRhy/kTm9yZ3jdQlR8p5iPGFu+9T4usK7H
IRN10lT1NoQdfe0zzectwCM/bMIk692cnJEtOvJ4GHg2NBmVoiXftdGraXHUBbKz
8CYrY570kRwoEIyLehI5d7UuTiRncRUVIoNk4UYuCIaQsx3DLYTbHcPTOy6y0FlR
GlMAMyDnSAhUOfwYGkOrhYG9AvVeibhAtfWmnWKkz+mLNXWaO+++Qyw2LVDY+WDL
gf5XoeZvEGND6xUW+FHRAJpayTwPROAgaRQUd+EtEWN/4L7qNF4TJzmr6e1N2JnY
SJi8tGekHIkCHAQQAQoABgUCV0/+ZQAKCRCWvoxv2J1lZcjQD/4m7R+L/90k67wv
QuapNbVB9T+3iDkna2yY9A0AW0hlmeFaVcPIgU54KEmNhP3buFPXNAMZyDiaWK3M
qbA+JKH8SlZ1OE/eDFWaxsOXmEQWYwLzwKL1DsNLYE6GsbdAvNFpYJTpLcZhhmT8
s+pIzVp7ou8B/nDdwA1CIVD2N6Wv57vNFkTkDBWD3Mv2Fl7TUhvA4CzKzWq8jOk2
H+x1hF6C47IfauOAhioEAdP0fg60+16JBHEt2uxRQLzDR80lELQUq9vq1mA8nJCT
RqEephaRgQLsxyMHSB0nrMWbZKj419kA6+OY/oLaTwma7ujPVFtZLTx1wzFYX54Z
GlrZf98cl+B+/Qhr4EOpAkwAyMweDRjEq4rYxUKSkHoe7HAztkzyLePbw8Ggmuhh
8AWVq6qabLeg8EVUrEQHh6ZA/bm4m+SfdlvNzBmV+zWAqFMvt+EV0hXVPFIGW9r9
mbQvGxkysDtC3ooMt/xiTskyzMyYdU+gcvGFZznyqWwatgfqywnLUeW5dVz1cluf
i0u6XCXYyrlMd49zl9NZwueMuEdWxlsvW8Q1y998iNOx8gk8x7qbpdkWGzih+lMa
fa44bNduF46AYPRxik7/ycxpU/Q/ghNnE/pZwWW34+pCsrpyq51eVi6SsG/PmkcM
fM/VDBmfBwVUXUfKfW8Ab9gT/G/R+okCHAQQAQoABgUCV3JirgAKCRAswFiKJZLS
yB0QEACnKdjk1Gt2oshEnuVM1MZ/I+LRRdK0OVn3+ZBeTqWZe7ZhM6xfEU2VGG+/
dqNF9gfvXHqL/BM6XFShUSDY9gf0vOEjxS9sGWYQ/QFIaLHJrIM/+UGHk71sgj48
HD4nZI9Hg8k0bBdhS829xn40KfkSSw3wmO6OF/a6VquRYGO6OI4/ZIYEvPqAQvuV
Ki8f/3uxkXTAD5ZIxyykD6hW8ZbxNoAeBeQ/96SSTRtIwW3P6iTY77UYq43aPmTV
a8OlSVDWYUwqOEZemtxJQ7HxQ/gBwpLa4xN5FGqWSHiDsmfHm4vU9XzpvYBUaJS6
Kxyk4cBm2hRpFXRO6Ohwl4uct6ByAPv10L/SxRAgTgLFsHVGRXcnG2XsPCON4Kck
kYxxZoPNoG5ilHrv9nDaVq2izx4j6YOtnjn1vEa/rRzH5r+q0HpwZc3q8erPLuSH
N9vjGae5jyhwDNCfJlRotYLOZocUwMPfgsFxA6hNHLu0uEKOUN4OnEV0INmYfzIl
X27iZYBo95HgTfnKis//kwnj901aujmAvtd733FAs+Y80AnGAKUKNUfEo01HwLVl
9cTtCU9yc/8S3CIqNw1W4Fvte1VaK8Ak06tF1eVgtPwN99yqIwYZtcBbIxYFHnx2
3JYVrIBKO3EHGQOKCN1LBMzPzHUjecARAQdChCPBQWTK4lzj8YkCPQQTAQoAJwUC
V0/w2wIbAwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRB7PDke/qk2
JHkPD/9JUJ1U7nc+TlqPo9PngVM3drBlTPATFVjQ3RK+Y7d4Zyvmgvp98QytGZ3N
Fakx2d1jJIDma7dx081vbUv0zW95DmT0rbUcVs6hhECzjMq48NZvzTM2MT56OiY4
9QSMbprFKugxcPaaMYnVNzj1j9grvcOOX+I5AjhU3JrzOZfmEGazxVB3zDSlU0CM
/B/a0xHkXGrer+1S2aY3hXNoPV4bp+hQ8duxGGk0xaKYt/v1e3Ln4P+5F/bNZWWO
0G6wIrhf7EkjTimBFX0hsaVtzPGPxdS29xU2+9Kes1EtaNMveR6hhmBn62F5zrxa
xssF16Kn2xPFRCE9xlg4/o5JW3MmWnznUm8nK9LAlUEfPTt615mpWX2zga5T+1x2
KJpjtRjAL0AC8hOVQTfCLjXl/RMeCRqv4uD1B/R1fxbODXeT4QSeQr1R53zg9l+x
idYSbEfczSa9+Ub/dlDutJIsVyHecQqxeHvuUjhsO4AlMP30FiZsgRGAUnge7YrU
OHn/UClqiaV2ZqVIW6gssNfu93u5t0cLCZqRS4q2ciGWgUHe59cudKplHZGl1cGP
CGuDRS1FjmLyru67UxATqzJAGz5KWwXJCsfni/EQASA3Lz71adEcD6PsE+BIpYbA
SBesXXrUrovJ0qUCX8UPuWVAe47a6FcMJNUQi6SY1/hRGX/1PokCQAQTAQoAKgIb
AwUJAeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAUCV3epzAIZAQAKCRB7PDke
/qk2JGryD/94714j4KfuxQZ9vRB3CpaQ7HV5JP/nSSq8NSIvrDlPjbYupzzUEocI
nUU2ue0LKXIKtSCgEwYlLEV4jskV3QFtVce+SBf3/A9k/aj98rKzP2gxncbhhV4Q
X0UNVXdFpYKZeTM7v4DcYNnO2lPXzFZSP0galwZEJ6m5615m+kgnESH52hYsPKSP
CvoMHUf2+xnHZOdP4iW4MmVKOomV7Vp6YO7O1W3C3v7NZZhlhL1B5xsCucM1ETKY
zRRqcyd3OBveGKc0ndycP7vEVKUpfwq4V65JCwbRN3yb/A9xNY3+9po+IuGCqzYQ
8EMqX55JHJxPV0f3JQFzRdMyT9uySsWc+zDCyAmaKFAL+VU8c/KSobmHJZDAFfZe
jJ55sUsF00Kiv3nuagA+oiUE+Q7PdOODMmmuWK/PL0gY54qfeBuTM0mfpPqEkvHO
Ag9rAYeX3IGCzNr47v3gaDPx6pOhnHyfiUM8LXOgNbhgU5AiuNYnAW8BRuzOgTw1
YhP9iOHkSsriWNVlh5zbkN3KmlfQmD4iJbkziCVm5NzM0BwWo7wR5wOMSawPV9Q5
B/pM6UXASbN5cBqD5os1ztjOGzoi1OkBg08k+YaK/ULk9MwFWwAMUwNStPzMMNa0
vOe+8Spyk2vOHXfQSib4JfNx2hkqAEe6AqGcrXyRLfzYjcskKRTO1YkCYwQwAQoA
TRYhBEiAuMm9DlEG/AcPT3s8OR7+qTYkBQJaw0vRLx0gVGhpcyBlbWFpbCBhZGRy
ZXNzIGlzIG5vdCBmdW5jdGlvbmFsIGFueW1vcmUuAAoJEHs8OR7+qTYkSmUP/2wr
eCtvKeArUMkfqFG91i0BFNVAbX+S5Y6mMt1nPdnaHdEE6KZnalkzhkUzxH64/6kQ
vkf1wBvYXEf2PtTJI9ja7fIOjvvwaXWsccgySPbW9ohDRXe2u9ctT+8BLZYbFhg7
xZmuxXRvIedbsk9e+JXjMKUNNVgbN+gyvwhd8XoUlqtkeAYoNEeDNbfaJJxPhivE
t1obB6ZQ1urPA1i6OsmREdCDWsLSEU+kAJo2jJ8xjVMXbM2F+FuxpUVJj3z7H2NQ
t4xSZPNCvkEQW+fhSy7B3pjMQxISTApxfva+/O7rUKMdUcai7IrOoMzLLqTYY+iX
IZh64pnZzbPMnkOFZry7XCOm0S4pgMLhHUAtVSEOx00jJ4SU+AbtN6dIPKyZZkb7
Y1OKNzY8mS8fjwSIMOm0qpUqg9gYyxOYEuIa8osmPGoRQNky8ScMRMQTv949fYSW
uUf+5+dHzUkBdQoxjoDHFjQZqYhaCr82Hf7DA9jE83ropAj8MhCcNgPvt2JSVpT8
Fywcg3GI1f+rRG++OTS7AZI80Lp22LrhhkLsXM7K4gH3PUT++NtlvGlYs6UblAIz
+0SLMNB0VksgdIeyPYDdcRglOFbP8KPn4BbVQZQ+4aQ19E/mVCUmKs4UUQLJyutf
Hu7dhtKbjb69a1VCgVwdrZGCm1ZjBFw1jaPynnfqtCVDaHJpc3RpYW4gQnJhdW5l
ciA8Y2JyYXVuZXJAc3VzZS5jb20+iEYEEBECAAYFAldtemAACgkQSTYLOx37oWTr
dACg0SuyQ6/plOa41H+Z+/Qh4JccIjkAoJHFJqfNZ3+kC1R4/q8jOE7TUKwEiEYE
EBECAAYFAldwH4EACgkQOJpWPMJyoSbhNACffM9G19hkBiTWQIXG/bP5siFVkmsA
niGb40WB2dpLfhFTZiTGwIx+VlPYiEYEEBECAAYFAldyZLEACgkQXUKg+qaYNn78
sACgujvn9FRgNhbkGX2HtJYOAQN/YM0AoNxKZzMlPTRwBvBDAn5AgEB71zw7iQEc
BBABAgAGBQJXb+szAAoJEGKLgqb27CIaD9cH/1epElOoE6pHP0jlocfgagaZh1hv
NjpI75htz9IRO0m+MhJl1hF7bQjAumYAvihRGiP7tY/as2+KzAdIdcN4r2g+DOzZ
19BRtrzxlag1AZbMBHLNnj9VaQlAlNumMJao7X06AedNpRlUja7XonqNbulrrWZP
+alZbw1ySjUarCwTCqvFm/OlFAMAd3ggTnu2AvFsVoRvYTfFzO75DsTCTJZCV7ge
Db62l5fRLfwhHxanL+htlnPXZ2GVdZAT1V0s52uAfSiKKMowJvHLF66y1/QhhDKO
4JO0bqnCSRduht+s3xvRtgEG6DlLZbjAbTXpbOfMrgy2JW90TNkvY+3MumWJAhwE
EAECAAYFAldwH4cACgkQUpQko/+RKsvVBg/+K0j3olxzT9a4XWRJPFuK+AnWSKu1
s+SUOXt5vqqheAS4Iytssg/U3HWWkR+2cxKgB2eAov9eu85evbQyT8/uREdUpOpe
lr+mCGzSYQvw7HLcwEASyopD5ITUs/rDu50zuw9JMVPdae12PoO+58crloJQhw4S
lL/9cZ1yDKS4vyAbihvsyamfaQNQIYylWto2zvfxQuvHv+rSHHjMrERh+aPm6ZC5
0v95LGhA6nPK8w+plAoEDfrUc7PmduMAxQ2wZSeFxxIDGtBnNZRbpT987fmVOWHo
uuTimPszSaFSutUkCOe9sHw8J3s1Ejq+FDYYcs9d+N5HFEIHMQ0wIh3r9/JXY0a4
lpmokwxZYYqxY6S07ttdygCnsc2TZX7pNoxR+cIl//HnsNQIBvuD9zv1PljtHi1X
tsoLvv95dlQxBug3mVcDci9y14e76eV0temhgwHXrXDQ/PsGvgkcyo43d1kP/4r0
lkGMHgH/qypKPxqAicMv4mhV02PwfE/sgKMSH2ZvCRxj4nFPvsqxVA0L2eOMqozx
aojroUoE1kzxEy9hGYBEqsNfk6IjvUVXGB7cVpOqc/wtM9AMBT/YIAAhuiOlB5bB
mlM5qqxWEnF30+AaXHTssk58YfsIT6HMiIBW46RYrjv9EhZ+328Sq8Rc5c2xE2Ri
0m4y/HpvoOaH28uJAhwEEAECAAYFAldxOzwACgkQe/cp1efIH6Avmw/8DjV1CyzK
zd3IDix9wg45NDC+ih9ARuujW8Vow+Rb3zjzwixkk+3/Mo11aygLTbWBjTE4FIOC
WkstknZpjuXaNZo4x0f7Amrw3FM7V9rCiPr/dyiBZW3dto21ImOmdXNGCjxt+1P8
/tDRr6H2dJahE2mkLTEGbQ9qpzebwmgC6epF3cgx/eQJk146Owrll5kdytfjyAP0
uAlXsrX2U45UEXDl8K8f5vgvGQ+9CQeaaLp5XVP5quSmRdMzPIkqHOWjQmKE9kr7
ovR+WQl3WO4vhYY1YKG4cNiVorjbnXyXlcvbpqW/ARjfEkdlnm5zEIogGWbBeh4i
bR9yFBXYS0x5PsKj+rTaKu6OvoYqtI/x7CL1YxpL3qXfocync/BYBu8Gyp340cQv
NYctKqHv98/gZGgRU/GBmdvSvZh5F5AJrswUzWfLqW3ocRLJR5F9lRedjMXv2JCP
kqzlVzAxPRjY4exBCpo8B/IbrGQB2v0pYwe5OtfyBdATbo5z5fxu86S35dZYZ45N
xdLP63FUQhmQvZAvh23WBHRGbk59MOzGBR+LwxGqNxlKr4dEISc0d+UabRyhIcwv
bL/Iz+NE6CXbbwHIe+Qv7Bv4z0SzBOXq9zDMMlqPOMNSQ4dXDOObWUzkpV725Bdc
kBca8O6iOYNWmrXbxVly01gJzDLYF5+80gGJAhwEEAEIAAYFAldP87EACgkQ9jBZ
ZQECbbXe+RAAuA5H0gr/FalV89UEUqk/yXzcOVvaTmcdykauUOzTjExTVTSx8aqR
Xe0raupNGSUYISoHzbpwpdfpuvEQPXgWpPX/GD3a5pzZE+dS4UdU6G4H+eFmuaSI
FEpDI+eFDWGKu8aPmJ6ZiYh/FGiPLR6PPq3ubENf1Oz+ukPVgQToRxE5oix/coDb
Ypa5wBQY6zSWiuxa313xb6pztAIjIM5b3kSTC1O0gssCAsJiNTgZaQj9uHxKbdNk
qZikAmf2auo8xDpR8iWvy1M6KrPf0aV2B0nHj2lVCkbAsbmcGqvvtDVNMWpFj5vp
+qz8EWsa4pYsKL7WF3n2yA7OJomvKjxO70zSiUZTMK++4SdaOCNMJqMAyjBZYbVa
/am50VRaENVPaqp2vK5hJhDGVrHB50NlDnjn9Rh6NzTCaROy3XOpJ18mGRp6+RDU
XE6BMwwPTK2oS8WtZNRnthFLpEiVrFlJHbUum6O2ujjjkC7eFGIcx13Hsf6FAQcN
exUY8nJdlXofiaeIk3X1ERBtl81hXGQk7Xs70EBQP4a/zHbEb7TEz7Z7TJ34uhtN
h8/1gPdvf+9BXJDOsA9e/CqqTNlt3WJWVrabybTi0Xk4kWscFlgZRdPW33czV9on
ZDUlzVObXolNCoz5yRv2WG7a+vUt56/HY30e1Ye0VztmIVUcYoMv6LqJAhwEEAEI
AAYFAlduTZgACgkQSiPjT6AzQ21gEw//aQRbWf8fXP7po3rX3xwNT7jBnhZEagcD
ICl0G80hUGG2HCCZqFlpFrS+h1qnohAmh4npOH+dC97obJRRmOpRW/C/aiDI47TI
lB+Omqoj1GL9BgfalL60VWXOay7k3tXxpxihWAHFz+TZPEpFFZYFZQmmfsyYiCXE
Pg0x/PeI3cfyuM/Ow300OtdvoZA5FcoaDxZwz1GoGm0K0PePFOhnu3hf8i0n0sj/
zkDwgp098mB27mDuj5dcV5I1GrD1RRuilPzqPLOOZ2SVBXiB3c8vfBZCEvIAo4Pk
JK8soECBbpXkTvi9Fgu3jJyAsMB0a3mnYkveTNVmJChD5WReV5DP6ubGwBWoOGx8
DqHt+hOwnAPCf5uaB1IIX7zw1Fg1p0veJPUTDfcAGYeVj0HmuqmjIDpD1uIr2oFN
UC4rLLPGWeQQs6zqSSun2E0z15A/ZnVo6Rt/eWpcn2YIYKpZqzVGSfWyblS1xOLB
4gwitFqLIhsEe5F0qh3sYqCwDStQkQupDH+RXAci6s5AXaHMVTpADq26rpMowgtG
VOs1kvUlv13LVgv41ONRlJRZ1OvUE4shdqR/5CS/KMqNaQq5HXbBMYNgBzx6Sbv2
oWuGxONJDXCRRU5TcJ/3ZNdOAwr+tOp8kM92zzBJnyz16btCaFJbyqQ4kqTkQ6A0
7PcJATIx7ZSJAhwEEAEIAAYFAleDxB4ACgkQCMPqp27EjgxUoQ/+MwI/WwwEvvZE
S6CC2QRepLx7CpZjQRPCygtRguo3AWkWl65PZJ9H8gPwQXTGF/VSMlMtCHTx1eqR
7TZFLN7tjh4nPmSTgDO+wZTIQ0GFA+h6WwzvtQR8VZ5fi4qUC+FyklAu2wVkU8Ow
WlKrji8rn38se4ENqJYNVbgDuBZtymHOC2MNSUIzOrcEtLo26l3EG+K/uBdxr8gB
HaNiTncUqP6bks1muSCu4uqIsZWiR/0fhpf6wJwd/zwFi/kP9oRuxfnocW3XGJxr
ZpKbJbxcKC+fC7zKYfoU3RhVA1EOeqhH7P15kPftgJUKR2LJ1d/DUc4C84n/u62l
v85eTy/joCdD78As4xGkKuq5Nriw/7U85OWR4y2JBbndEmwuFw/kCDUPHWw2unvM
/8RKBW24j3wLhwUoEYNVW6n11CjLsasJaaVv+7ROjLNRIHXjJ4YY024yKaLA0Ap1
Etkph7V8J4rvaz8ev81xhkdDWfZIkHbWnxHOTgEiwP3XxzWgQLbxKD1OoyaZRqTe
Isce+tdJD2lXl/oD5XRxuzPUD5wL0evaJoyph2i+0pBA5vnrgxsPbwrCKS+b2sQE
lye3qdg5ABfIEM0brW70I26TpbdZyjKhIaWedId9Uf1c0wqefilXzr/KC5TIL8yR
5wedH3dMCh2CnKh45fdpbgIl4scyuo6JAhwEEAEKAAYFAldP+DUACgkQXeiUmomc
jZkwXA/+JmYGXRay0OAFNzoh0OVxeCJp6yxyN9/w2H3U3d5M6Y/2moRcuOfg9Rk6
Q/PDddXtvfvOD5J8AD1RHVjjwAnQnaWnN5NsU5CNQ2OegNapMi82Uj4sPyWU7gt8
wGA7HXXhm8pLFnHJY9Bn+HvMW94bVbZ5wg0J0Qq4+yDdrj/pu0iYZcS2hLXelDGG
gtlTSK0+r0Ghw9AvigZNfZ9TDyPMQTm24zLpYBrKCBEhJEPCRa5fkiVt/kBPYiad
n+K60N3YqQnQq4r97pBQNBaQ9Hs0m2whDzZfjA/KKejaCHbR0pBN9CL+IIuqR9Fr
kjnNzO7k4wAJrt2P3fxJNcJ/1FsxzYCfeoNTi3CIfwT/R481YR6o3Q/+vp5AJkN1
XDGfE3U5idJc0u1zxo2CQKWxc1/WrcMz9N9o2imNohWNq2HkxnqHMrQ1upFH3spg
1JDjnwzJJoK/De0MJAAKWYyiyow7P3QGlryNc8X31kc5S2EX11asjm67RWzg5+re
05q2kuY0CIHUW2d0FVhsXCzLfZcMIdKsgzjCojVKAcu5cb7hW6nOYHnNi6Bha3ma
X73SvbltkLGmWK6/gKCssY85+RfkyMpWoFLKS9zMGyXHlHGs6vAF6m/AiiAHLsc7
jMk8Y3BJ3JjO8GMVoJRx0n6f8wtk5wlR4ijlCBWNZbQri8BAshOJAhwEEAEKAAYF
AldP/mkACgkQlr6Mb9idZWUqfA//U/Y4O+ABcoMDVKeYCWyDAPU14Xl1141pmBRy
nbczjNVw0H+GTn24LNiYJQL+RZl3fvDISfOFG/7wwKKah674WgPdEmVh3eMf9cAX
LJiz+IITGHxx21+aODh9QC02qU2VNtEfEg6xXKf6XuRdF0Oka3xRoRnzbQGj2Iau
qduP60DgHO0dKm6WG3MzV6Hmt0grjjE3VkHZ5KE5+tskZFgMQjuiR2eUhuk85Cjc
HytHH75nZ2RBM17goNUufmKtXwB8mk8fc25dQPf2AtryPslqqN6GrWSAvIyrZU8K
dnREiUjx2JTePxCYMTLizx2fzT2dvzoMUVzSzC0xByRYADKS3u9XCtR7p/Ji09LI
AHDRAJ5uTurZjqjr7f3ONKQJ/iK9xj9mDNpAIZIyBwRzFjMOMFoaMDlvhHAfmhzY
V2n+zmJj1kKGu9XYBD+mzC8bnEMaOah2shEuyQPsC7tNFsprBw4DwOIoF6B/BJEW
mFPj9vXKke0EtVGcmiNBw4iisyv0xztd2C/317rXpJmUQzczB1vymFXItBpfhkPp
90YaSv/BCmqrn62LdHYEVfm0C1HRxzoZiko46BKkgeRbU/LdDi/1wnHmgixiUpHe
QoKBZh53zwuvcK/f28gRIgDXYa47Bo0xmYf0czE6r4/CLuponWxfnQbSvlKFGSOh
deSdmGuJAhwEEAEKAAYFAldyYq8ACgkQLMBYiiWS0sjjvRAAgUeqFsCzGObAWU6s
G8rOWiFH2jJOXUdyQqSfAcc/yo3Xf9scNQZ80sLClGJNvnmHOSAbqqvxD9euD4wM
mbS3hWjGR3jFIQmjBrpYnPchGMhAkPu1A4iCL4XlRydcR6JCm2C/5pOWCYmL++1A
bOU/JqrD8tfELaXCHcXTVw50dRHcZHVlXgdsm3IKYwkY7+kNbwWvSsZMg/ieL54F
tCI2p1DUqPDbMXwo3zDAnxzgEjMDJN44zegceOJGHSVaZQnA03YwEvVGpceypuzl
XwoZ99na4hYjlFjn4BUNyznW/NqdZI8+lFaxl2RYenwheX8T/qG1U1uJvEwOZOnh
4TA6tFynpNEQB+IwhWJD/Pz1IRK3gJDyHmW5Mp+P/XVoEO2qSRXcWisiFhHtO7Dq
f/SXXsJ66wbcX9SJdG+ZsusXsG4B69SHBh7/lGRTC3F9LnHF+m49M30cqLhGxC0h
FpLUkdtvA/d99hKdyNsHJJiSoGbUBuX2+rOsoO1eNP/9wzpNjCJ55nIEPMtj9Rwm
10cyoA2dc4v/meUwOZ88SxSPbsBiLuYfCX6VKityEO48knlj6L8RBhm+al9bpKfq
36RCKfNUiKLbQx6phCZ2X6S6hs6iOGJztEYVBxnOIVF30Jz0EVmcUtaSuqJK3ZWp
2+LTEb4ToaUQ2RmPzSnXIk9tUhCJAj0EEwEKACcFAldP52sCGwMFCQHhM4AFCwkI
BwMFFQoJCAsFFgIDAQACHgECF4AACgkQezw5Hv6pNiSi1A//S3yusW6oqTktT/cw
XOoxxYuTLOLpYtArw3/gnnZ7OW9TbhnqrXNYM2juVxsIQfpBUp0NErUYDxRHktog
ENrOZo3cYwDGqPHtRKXA5a/SJpUunVKlZyLzxrM77FHQBtChy9XhlhT7PE79Mhpz
tbOTMmw2H08L8IkmVHJ02D8gC7YenyRR4h7/E6MBIggPLLFj6Ph9lGeRucvBf9Rr
K1veeAUY6pj8l9h3pB6kkJnmK9bXyzqhekdcRb4Z6JdHCi5vDbS/ATXnfw8PpNNL
CjECCHYMCQQE7vymlpAxbL3KU7NJiOCgIxXO2HVVDO2sr75rJng8ZlMoWDTVrgKt
HwxAriW2rVDCNXw1wjLtYdearLqg32W4dvW3l4Q3h7ILw5UsknCM9dwBulTtSHWD
KbQR0cRiyTsMCdAEllBCaLlxNGriANkCEx6H7k+kCfZEnajqesDt9JnuGTcg7DjZ
AR395bRRdbf4q+QOo0YSmZ01QrrzHiXLc47JB0egn2AFTnqTcmOSGJQMOfutPEIP
inmb1JzSeZZjEokdc/Ck5HxvNm7ch1fN72bYpshACPJjbV/oHmrBgxZm7eTXdiHU
xBYXW5dW8ZloqzeanmqHFpk9+hQTMgokoukz2dqmO3ezE04NnQV5Xd/YlNtshGs8
IXzIoa5t+HoDu/c/rOcf2oo/uZKJAmMEMAEKAE0WIQRIgLjJvQ5RBvwHD097PDke
/qk2JAUCWsNL6C8dIFRoaXMgZW1haWwgYWRkcmVzcyBpcyBub3QgZnVuY3Rpb25h
bCBhbnltb3JlLgAKCRB7PDke/qk2JLw4EADlSKzOsOcUYOn5R83vrP8UkGrQVzbO
FAQfUQlRDKhMfrw/uuKSBng+HrZSw01EHnLZkjq4l/EcZHP4syFqzE7gIzVeEvE0
9AtK+TD86P0iz/aW1LQ1SWW0tbRs/NhHJeuMXCQLbpZ99Iz0ulWNiOV0Pad9GmpB
aRgJCIiPRGcqdoCp6sjtkN/MF5f9XUA8FCSF8qyX7KUPOzrGP/phSOmnfZPrDEf7
8I+1SAy5lHXp/LAsjl+TFWWwe1y1n9m/O4YeqFktJeMScINjMAEP1+j2iLhY5zRT
hVVU1tMsxcmPKP2Irh3+3RaJpde4G4Qz1FAGZFAW6QfxGeQG3q5jwFHDvHzCgdBn
q109RQL9EDfECx+csvQD1EaddISeBitIlGrq7Cyr8EP3FsvChWSW2Utp/aXG/21H
EfE6D7+eL1R6Gij3acFLQlCKo192QOrj1roYyZhJ6R7hlVSP55o+7ASTAsHtVRr8
JATvaSyVpi/X9ts2V/3RwPV69Y0E+83/qZ67y0cFz6r6iAMz8ompZr1mowCtbwr1
Nfj73Ym7qcWgW7uOJ3k91NW92WjfmKnklbxqck4CL5fSmL404o7lgGxoAOrE8r5m
J4p675rgHRCL7FMM7gpsZCz/X+UIj/BTcE8VGnzcHmDUu7TBD9dug3X18FqKSFhd
gYixbYgAUHEGIbQxQ2hyaXN0aWFuIEJyYXVuZXIgPGNocmlzdGlhbi5icmF1bmVy
QG1haWxib3gub3JnPokCHAQQAQgABgUCV4PEHgAKCRAIw+qnbsSODB+OEACNEmqS
4GCjduzPImUBo5gQ5Jc8P+2JrCCtosc5Skawacjx9DlyHE2zyS65R7KS5sbQMfeH
eCrMFSrJim9HkMdomhS2IEp5FYkulKPZfblk//1wa1oAXGL6HWvxTQTnJsXCCaXJ
3KUQ2Sq+ifkaMgbohbtfeef8ochrv8N37T6kmSuHgnf7yDIorxs6vQBjVKg+kBSG
FAX/pOrKe7YMHBHTrEOAb7P51pbZmHE8hCl2GBOgkzo5Wv5jDfEbJHJKDN2sVYQO
CLwyTR6Vlo1F4u/7Tmb0mUhv/qozGSzTulI8zy1dOb25uUE3X+/CngnRt5oE4iQg
6mCAmRZnXX4JQQ/MPudQGuZDJafrKFrEJ2XG3/rZlee5Le3BoIWrR1ztiNe5tDOI
IPVRXckVcG2AaZFAv+ap6pdTdYUaDEO7FnKlcgfJvAYeBtYKQU38c6Ibf2AITnAv
8ZShBOatolhXOOKkXcQO8eNRicYphC1OYiHSfI8jbPsY9RKG1ZiGODrcQ3pE6wjU
OWj/6qRSPEdW+xuILHFxccMX6MJAJHSJsAOagCCP2W0P4bI2BbpMMYTuoI85FMVy
y3TpI+nDtutUiB2tYQE2V2ghhxweSNzmQZmUYD8vgwbY3Y7dmZ1Cij4BOL4eiGGa
Ecux7K/kViPanZ31R8E8Bt/5h1bighCkZzTsoYkCPQQTAQoAJwUCV3em/gIbAwUJ
AeEzgAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRB7PDke/qk2JKlAEADZHCn8
1KBK/sUvM4GEID8Fexn3wMf5GzWH80HjtNvBhEEztb9jsB303upgM4E0MI8ktGiP
ZDbDiaA7zbRwadLdwtCkwGOyR2NhvIpQemq1B8RRZ1hxJqXO7ITwCKi4AwkN9JzE
WOaAVGXnWxhbCH5c5yUWk0dg8rBf7CRrp52JHAN/Y4Q4TG0KrGQyhxkk84zYzKO9
ylIqBJgOCvYn0IOOrtU47XPFws/Ma+FCp9ZG+RD0bkA3kIcfKCCqmgj6HaWHcmBy
Oda91mtUpz6nnghUH2Wz8si0z9mtk6F+rd9YlJ8NyHQ6RbSfDbSKJ24eL++BOlh7
Z1QGvOYvdJjfaLKEp0Kh5v5nG7Ggp0AHVG2n54KOROIkKrJ0BKkvgXxa30Dh02tt
h/mgfEOipSziGU5fkVNsNaVsPSsonn/vTeRtuvMQ/91aBH6B/N7nu5VdQeqwYhN1
KWR4A+ffSrgORElolkMScJphA5HdknIF0EEH58pge6+lR1CnmTt8dkOiT7psTFIr
rbhP+STXRzGh2pJHpxIB5tQA4sMIDun5RzC5s30JsUfj6tn+nCDBQIUzxvBI+u0V
aBv8jk0S5tus51NPxzoht3+pgenosOd5sBMgnsHkrQX9LR+XxvogWL/kHEP+39Je
ApH/sgap/w0fM1XgCdlP2egyvOOJMEmzfjnmXokCZwQwAQoAURYhBEiAuMm9DlEG
/AcPT3s8OR7+qTYkBQJcM2ZvMx0gSSBubyBsb25nZXIgdXNlIG1haWxib3gub3Jn
IGFzIG15IGVtYWlsIHByb3ZpZGVyLgAKCRB7PDke/qk2JLlqD/4rSKQXvDC8q6h0
p3F1jEUi6wIphQ+yvHJk+s3M+fn7pQwD56Usbkxf44Dh/nyQVS29MFdwCsY+X4lr
zfvIq2oz5pzUZgped4kqEBDTptV9MyeVqe4tUAHN5gIgff2ibGO27H26/xn934J0
H0fHIB8U4hm3fVDyXQHd3vIsqHFkmcxw7WaA0EOwxjhi6bwYqXOkxPsh87oYCq15
Mu35IMuwgMdIuVp+eYMOYQG+sbQbviQDg0XnKjQbIv0+n7Q6rJi/0VngisMVIumi
ZN1n37VXts1yDYmmnxqUW2Yw/jnB7Ukvmt+bukDn0kfmxEFsrUgsmKL+pRwDjnr8
Q2+erYnLV5qa8ce6Ibb9rts4z6LibBcWF3qt3Jgkl6DkQabJoc4lIUutGgklEAQ9
TDOyjTFdGUOP+iQZWJkkHTnZCrSKDTPEsO6FnVUmN1UONADNcWy4KsuL46AlNrc+
8Pk4Gpv7zFoP52HvLSRf4LSOsZp1TlVspl6YRN2sycdgo8Vub2b225NxaI1svYqC
mf9aOojGolRM0X7zUOOJlUmM5eBx8EGIyZkom6hR0fNF+hsT375oMDgJm34tiwoA
ftClo5gWeOFjMHvmm3s7ChEq3ZGvDs1ghqP7JAy2hTJaBmCHfOvraNqS4TDpVfLW
EQMsbXnitYGdihx7Ac4ngce4hyK7g7QoQ2hyaXN0aWFuIEJyYXVuZXIgPGNocmlz
dGlhbkBicmF1bmVyLmlvPokCVwQTAQoAQQIbAwULCQgHAwUVCgkICwUWAgMBAAIe
AQIXgAIZARYhBEiAuMm9DlEG/AcPT3s8OR7+qTYkBQJb9ysMBQkGiHchAAoJEHs8
OR7+qTYkc2AP/2sAwsltyS/u+diAYeITNZl6iWZbodU5vhSeYC4V48ijalbkSLCa
v+2smW7Oos4KnXv5meivKT7apmGdyr28tYNVDD/ZENk8oukh+8hJWQ4yUGp0X488
0rRhcOIRtxkFUfdxjx1VTECC6a0bGXBvBeG0eYwQXWdCPTrLQUC4387RWSluwveB
QXzhe8NDXr2+XDZrCScHMyeD5AS5PTf79b2ZT2aohQSzm8klbiFXv9s0cirzTH9H
XpERtRzfxAImxmXAZBxYoHUVfEga9jf16Qnk+wYOn5H2DuSdEp4rIKc31cvD00h3
eY6iBAlHlys8poWmCoAXof7EccvzIYdYHKo3zOsT2Y0R+L/6q17CQfgbRfhO+Ko0
8egY59NukNIvtmCTwpBrdPdQAlzJMdm0aFAmPdFWk3gEH6znuTd0z6+/zZGpW9+/
iauZb5EuTzpBILNRHEsiuaw2HoZLoFRiZUN05YOxRU6xEizCMGyW7lZ9kKmqP8hm
9ficJ4SbNhowOQ6m79DIbD/aFQQpqkZ2gvis6xjH8mUCeuZmgniWqXyT076HQgIM
TDqH3mYf8SG8w2onx13QRCf3EOVEdMeF7cFjiNV5g2zSG+IrR2bZABf6ZyyKGLgP
gucOCA8WpqBsj3roUaj90szfLieZPn2p/lE+bnmIoiGRwPMbnlrTgvMutDBDaHJp
c3RpYW4gQnJhdW5lciA8Y2hyaXN0aWFuLmJyYXVuZXJAZ2V0ZW52Lm9yZz6JAlQE
EwEKAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQRIgLjJvQ5RBvwHD097
PDke/qk2JAUCW/crDAUJBoh3IQAKCRB7PDke/qk2JDQtEACv3JLjhaPoeR/yTbGc
ToP6TJXxRpylxXGn0IPwru86co+6LdwOHfjvzwB9py27EmluBjV/djGBb3eHJGQn
Zlr8N/NDVnPW+4aSFWsvpf0i6981CBv/r53fMuggjzfSvqNoZm3+LOMd+hmc+Y/q
yQ2GUzmQvplhOeal9S3pcClQjOIbryezp4zAqp6JCGBZso0gvhJjgnyqk/vdNQgl
rp773haudr09ieGdBMSBJfUW5qxUu24QZ0cr3gwzl62ipWybf5NtDsTkyt+7M+eJ
lzxH1l4GY/v1mo9MXG8nOM9rpB7KGm4TkNTC4pJ3DNn56Ues8O2u6ZMBfBosUKR8
PyTmXXw4jMYtrGTPBMiiUovoD6XnKZ0Eg7Rm8qQoDsKVxl/B0f8Lcz+wAQDsyfKT
KZYrkqV+88Zin5u2PzdpIpVOPjdCJ1xXhaV7fWlvcJQBhiSPwaR08uJROTj2R+gU
V3JBw9H7jSu1wyHy0YFHvs0orS+2a4UJEmmV1a6SY6k8Y/sQgAwtMIjVo0UYmCxb
VRdUIA/DQ/3PaVkepRD1vw6TjYeplziAsDfC/CKB/r0C/dCLFc4VWr+5qJB5xb0v
ioCI+n4yLw+QmMQmM/wK1x1T3/bcrjK737Kn7yXjTY/l/7d9NjAw4AoPaJqcRbXD
VbNUEwiBUlrUxxCPzLRV9EoNj7QwQ2hyaXN0aWFuIEJyYXVuZXIgPGNocmlzdGlh
bi5icmF1bmVyQHVidW50dS5jb20+iQJUBBMBCgA+AhsDBQsJCAcDBRUKCQgLBRYC
AwEAAh4BAheAFiEESIC4yb0OUQb8Bw9Pezw5Hv6pNiQFAlv3Kw0FCQaIdyEACgkQ
ezw5Hv6pNiRnTg//ZLDZKDNO48q7vkcnhVADfTOwNbaGXHuVDlNwc8a7Si/5ZyeQ
TWcBwmwCfqfymCk2npFyvMNGGK8ZAikeLuL5mtvjFv5w294k/ZhHj0+oKm8o+Qyx
/cBd27iMnj+YWdOwjKdUNM/s59EXCWl6oFXCwW2vz3Zi6nhBoD2E5fOkjIkhodWJ
uwwEbtx/32NR8kDfRnbdDqYpSS0kzBUmMtJajJMxzDN1GpQE/sK/vo2TS5RbTKho
uXoWnqbH4jwA1n7+HVYFlHgKdtFu5m0zfwW/Sh4jkKSyhVSeX1cENmfsk+PeZESw
AesjvX3Q3LdOwwpx8jARtd09NyMYSVvHrvWuo3+cFTcp6L4Ie/uHpSSuo6e5G44i
PlGci+Wv/0wfIRbSncFYt/RYYwCCXOCYDjggOU3xFePP1s0Sm7YAhbnvqGt5N0Pm
o6tRUi6z5GSjb64Ip3DLfnl0Jf55uI8qZEO03mNR9zhxyHuNImIzg1fwh8x/F5n3
q/Pq9y3SPPIGMyPBBKjLkjHgSo/wUD50sQl8odjb0DAA+Bac6IL4+d9qPWnI/sag
YHYSL+idMC4WCmsGGPHomkjmY/VN6bulRNMNH1TeoSz2SYMvobhOM+9XnZYgZiJ9
HoQojGrWfTXRUgdUM+1J/ljUHBlkezUgg3QnmD8VhDVS10/ojg5i3ghkF6K0M0No
cmlzdGlhbiBCcmF1bmVyIDxjaHJpc3RpYW4uYnJhdW5lckBjYW5vbmljYWwuY29t
PokCVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBEiAuMm9DlEG
/AcPT3s8OR7+qTYkBQJb9ysNBQkGiHchAAoJEHs8OR7+qTYkMxsP/j04JSrxfoSc
V3vpRoTaXWitQCS387w7/2x/xXpWolH78p8uRpxLveGMug5NzDcwrzjlGSGDGANI
nxmcwbF13nJQlzJm+TlbsEW/zQOyfaGaI6w5nBfOJICojWQxk6p69eQ6QcDDqNE3
upH9Oz4w3NmdO1Sp+CjsUxonUjhs7ydi/lhG4i6prIhGRKB8gLOnVX3zBRH1ZVFC
T+tog94QuQYSgTo5zOsIaLWGtAonhMNjEQI5Eg90A26M+axfsQPjdzh8KNMSu9mx
uyzdpUtvG9UBdyeIOYeuGWGOrx8WdeVj413jM5HsJ4dfBBgQV4vICO0ht66h2w1W
/hL4tEUG5VLgyRDWjVS+Qy4a7z7UkcgySeX+tgbPRfmWr+zXWEX4LCmjoTqZqZAn
gUHDluHLWBRbwRdyaCsBYdEzq69wx01DgbHItl0EGo/ROllOS8rQ3RbQZINAms2O
BHuGbbz5JVZsc2D+VdzIk0vJHCeewgstvXp7Nz/RSiePEvQcaefSWbKttxnEKNYR
xkb+qax1AKLlPA/SZF7d12j9/EL3tK7Zjx7Cr5P5WvMZEGYZM9foRWuEg+UVwhln
0g0zq9KzNS84hSCqefV+gIPN20hSBcg5rXVDdmJKogomZgn2s4kxpp7G3Nq/hced
kjHYWr/3+j9hM2ZmwMcE4FAxY7qQ4H58uQINBFdP52sBEACrmefWFd6G8Ml25aK9
qQLHn79CbZOAANqXxqLx3//WaFlgprjyARQzlA+y15KoStx4stS0b8EDrh/l8TwD
skfqQVAtjfNkapkq5OMCBTgT+4FvC4pB6sOPBKIG/1ZBvYTWC5f2ud7JcljvFeo0
LsgSk1g1rPrXJCyRPzR413iUKHm/TsD95yTpFiC7SJZvlswPga+WJXjaVyVMe6h/
ZsZsldQDRl23hxj8juO8cX5TEyxFVNEA1ov8uhdoSsYeMAt8EWjetm4GOfJKEPh+
6evv7ArX/s79BBADavA4IgeeaDGphR+3GbC4fNUDsQFUF1ykzKQP339x93Ksz01c
5Ec99TINk+XxQ8RrkaUw+Lu9rHKSqHNPOB8gquk4exowH/WJSiw6/A9igTmNOLpj
jncJwkHSmNbmq6kA3xyhrTYLnLABKEXKkWyAkPD3QEVJjyuczg8EVsRzqKbuXDRk
FEKW+5diqEbL01iGZiiERVzhFc5RI3X+lCFHzgSPLKTyycpe1+hV1g4mQwZ9FCt8
JT+YtTTiRRngw2+/gLXd6bLQXsF7bgAvdJ46sWC0sEBdxCz/4+gVBmSOF9CppPzm
j5Ido4pEKm9PSUl10QmCdQ5pXeKuKqd0efHe7N5yb9MnlVshEntS3w4PSZ5vOCUf
zL/aD/TlapUTzJzedFvyejTlaQARAQABiQIlBBgBCgAPBQJXT+drAhsMBQkB4TOA
AAoJEHs8OR7+qTYkf10P+gKSUVj50ChiH87SSkgZQnM/0HIjHf+cXaLA034z7K9r
92jY1vg15JdOUMA0W+yMu2a6/XwhPUwcSoIDwSWZJrKh/B4ugW2jlFfSkPjZeN6O
D2zyY9f9tXQCUcZgOD55d70FtJkc5p6InQkZsz3s5yyL/9ivXA2+Kh/hDImn+GAn
JWbnBu+kvttzMJ4/GJqGcv1c3RSolHtGaXaEf2f6JzUoZkBJqy/VIjwen8aYoDbd
ZzDA3xjr2NgQlsG+4MJ7P3vkHhuIvTxuiykK7ArtLrsbuNgdWSb/L+Gt/SW3iwTs
iCpf7g7bmRvbUFIso7YCRA60spboNVoXfkrbU9qGsjrzrPITZwdPn0DZp47pPDTP
Jtb7hgmptc4ai4zafkVS2APBcq6nbRPJS+A5syR26THjwneDDFie9+bkBdnKoJvJ
oQNSUUZW/Glw9+Hjx6P0mIH/Jy/qIGxnBFvMgWNrRDk99KWP7Qs/6jfrMRlwiHKw
Z7QTtGySk+SUOzhXPXrFFv2pnGUTD86UAF2QhecKnE6WU4r93oRAEPes4rFCNJbr
MPPYToq/rk42Mshqwci7cRAh3YpnQOWBYmrC7k1gGX660NQzaPWf0xBfViB2XHB5
/lVBdMu4RUceHpzwkWGFh9R5CVLvwAIKGweUxlxhzpZUdusegcBWdumznycRBMu9
iQI8BBgBCgAmAhsMFiEESIC4yb0OUQb8Bw9Pezw5Hv6pNiQFAlw1Cx4FCQbGVzMA
CgkQezw5Hv6pNiSloRAAzMJHOujOAuf/G/XMcFfajBCr2RIiOfyHqEk+AVmtv3tk
7GiR4uhmrGfAqenm/5ZtacmM6TQQ5sGJle6ykYy5eSXQ0kE4JtSJnERsriNEzfq2
KTns64Jj8cjSi7hdJ/gF87K90mlgumAOdWL5Ac5Q4rf1gMru+mGn4aI9Bt5WdyuK
qBT5gyDijU6r0gdBHOSUpZwWUX09Hdiel/QNr9dWWJQkq2fB8b8QcIYRZdPq6GA9
gq/CdkyzSxauYiZ0SVRrqz1i746IWOgmzPF092gybZ6BUAtbcxuE4T5zI/fpDyUC
SuYwiqvxzVFalYluSbPu1AQNhcqZ9f6WYJi4XxR9m00GUM54AXFYgQLPMvbl44fF
IXrT4GT0W/w2qBadkzB2QSzNUsmt0SxtYxQihNVc+uqinbhlCv+jQc5k/bIPYoal
590JtLjfbzKeb32rsHzg1p0ylmbiIt5yO7zViBhlduXxEtev5YP8d1BSe1PWq8kB
1YrecOo8vrnktlaNKMt6hNI+Kfdorbs/udWDINYeZM/h3ld90lEhXTRPCk0QwvRT
4UOu0ZrfQ1TLPS3QktMW9fXtCeUwkzhEnrKprqblnv/xl2LDxrvDjV5ZSYYREL3r
YMocF5pw+Ru8fIJ06NIVoi2DBsOSpFLezimRGOPA2bFV+1bFEnvkWT1rVERQexe5
Ag0EV0/tswEQAOjK5IAk/BvEsQKDH0Vl6aEStKr7WTZp9iguT5XTW0YTqx/Re3/U
PmknfQsNnj9J2lJWBpPfbXl4DbTkYZtMqEzxS+O0RiZv5MZW6vVdb/AMw0bX/sxi
LFEBz3E35u3wNlCDfP/FypH2hbw9PoKsXVbzo6uUHE6KDIqewMYWpx1hFXJ6zhqT
Vn7Q/WukbL4PqnzTTNz6Kah5EuEhZvtDsuV0BCOBh/8ZwMgZWxfSFUnaNuNQxfba
JLmAXCf37myDQW1Sy7d8mOYIVDeEMpnXy7Lza0jYyJkMedaTOecRTVm6KfHaiue7
ioTFLXWNX/Wvx4ucSFOytRCgSo4Wt9HmY7sCDxYRjuaJfXRkS5+bJIjzV6mAJGPZ
KYJm5zjXZuwKQ/U5wB/StVz6ubtPOQl7n84Rgjuu6i+TqLvWrDSZlTqGylr/Kj41
sQRRDi7n6HdmEVkqDoBW1LpDzG5WAmoeNCaPQpfaG8BU2u49Xfe4b9B1U2QkUtFx
JWRWUa+z0F5OD78Dq5mWA5bO98DiKY9RyvvryXbZaF1jYJniD1NYde910zKmLpkQ
EuJSTdYBIIAT5aGkgeos7SaouWJwvQbH+OyKEWhsxqVjyJh38/nEe1XORkomfF9G
HYe5aRUyjavnsdNpW6XB8hgSNdhLkTuW+7OVx+FfXGaZwrxwlaAWGyO1ABEBAAGJ
BEQEGAEKAA8FAldP7bMCGwIFCQHhM4ACKQkQezw5Hv6pNiTBXSAEGQEKAAYFAldP
7bMACgkQjrBW1T7ssS31FQ/8D7yQAz0DEZKK7tCreHBGsxLBeVTkY5Ejang5BAXB
H9e4Z/3U/lvg9SMpIbZAdAjQnjccOEby7b94vhDmKCV31p+4kDO7k6w7ifjjXbB2
E2CH7iCQfhqEyiFhUzoo3p0PDMQ5IvDtm/rP6moh6wNyjdk+zBLJ0yNebk8OdDFA
g6blCFEyzNy/sDU7RjSr9eQ7xzQmwd2ThyUZ3kqGB7QIiNWshihXf39/Qopu05Ii
XcNW4K5UM/vyXAE9dTyq9IITOK3eHAzzPmrL7VhzveRDcdaRWUqdvEj7mvYdL2re
2EQSTdU1xFrNPH/zgLwGgCLmFKG+M82dbqGE2bBrBZvWmz39SRRXLi5QoimobOam
7+sbsG1EEVu1a5cTiBj6z8vNY7aguLVzfH2lDDecmOZQ7PIIWMPsSH0eLvdKSx8Q
sCNMkwAqoM8D65PMv77705ieFI03tWr/ifFLFpniTrgtCAR6LqfzI/rsPDA9fTUv
aG1VbHKp0aa0GkpnHdjXqLyPyfkjm72JvmdxfCuhi04uAhhpxcMQ3d1NX/bYn1y+
Eqi/saeKtKItvYlFvJIUyGRuvqUnTyOyuayZzOv6woDSuo0O/Xjsdhmqo0jMlxEN
uwWGlPIrsvqXw1m7GabRB0WofjoTcvCUGKGQsQswKn51+nWoN+GQU9edKWgVxZZw
fLEotw//eJgkeOr6mXhhWrgAeKd337KGLElOi2d1xuXY+5Ru4ZCBlWt9qSYu/aqc
Ghqz/X9twKGh5Y6k9bRtc7lOgyxgOLGFRflzP9tJ2D1LFPRu9heKlIjWWSegHdQZ
yRriBvtMUesdbk3rUSHp+2xt3BcSNB19s43O6EDShgQoo35vL9Q+BN/ByqzTm2JA
knVoXzH/mE4wIhPXIyaMvVv+HcV6umFe+NIpK0byLmf8Q3usOk6sZjVEJnbfGSnf
M9FRuaeEdIHyc0b9K0MQoV6Q4SPngkJIy/j/h6M4rATCIdn1zqX75lK9jb61VvVp
UGz0JVP0pZjacDnW56mAZwl7AyJatGINaKWcWkmWQp+G/k8A0T9Yk6blJnjSIyh5
qtd75ObNlbRFDbkGH8SwwRaU55KiGipet3N1Gx1jh9Lwy7DSHv0qFIqzj5AT+o0E
ae8UossVZBJoXhRCPz2CnANTrZM3XzHkEZJv+kiUMAnVrpvzBMw3P0p2QCd19hJt
vLS196xUsy3E5nPLi2AjjIEexBVM7f6k9tKv6/vhQtkFc+J/4PiQ7EysqGbOTfAp
xk588n0e2kYfjKv7FAT+U2R/pY/awTl+nsyQVrVZrSs343ynoRB9p/lE0jCvrvaI
T9YeqmeD1yRdJpmy4yFy3S2mux1BgI82JgCE06Hb0dg0lOSUJj+JBFsEGAEKACYC
GwIWIQRIgLjJvQ5RBvwHD097PDke/qk2JAUCXDULHgUJBsZQ6wIpwV0gBBkBCgAG
BQJXT+2zAAoJEI6wVtU+7LEt9RUP/A+8kAM9AxGSiu7Qq3hwRrMSwXlU5GORI2p4
OQQFwR/XuGf91P5b4PUjKSG2QHQI0J43HDhG8u2/eL4Q5igld9afuJAzu5OsO4n4
412wdhNgh+4gkH4ahMohYVM6KN6dDwzEOSLw7Zv6z+pqIesDco3ZPswSydMjXm5P
DnQxQIOm5QhRMszcv7A1O0Y0q/XkO8c0JsHdk4clGd5Khge0CIjVrIYoV39/f0KK
btOSIl3DVuCuVDP78lwBPXU8qvSCEzit3hwM8z5qy+1Yc73kQ3HWkVlKnbxI+5r2
HS9q3thEEk3VNcRazTx/84C8BoAi5hShvjPNnW6hhNmwawWb1ps9/UkUVy4uUKIp
qGzmpu/rG7BtRBFbtWuXE4gY+s/LzWO2oLi1c3x9pQw3nJjmUOzyCFjD7Eh9Hi73
SksfELAjTJMAKqDPA+uTzL+++9OYnhSNN7Vq/4nxSxaZ4k64LQgEei6n8yP67Dww
PX01L2htVWxyqdGmtBpKZx3Y16i8j8n5I5u9ib5ncXwroYtOLgIYacXDEN3dTV/2
2J9cvhKov7GnirSiLb2JRbySFMhkbr6lJ08jsrmsmczr+sKA0rqNDv147HYZqqNI
zJcRDbsFhpTyK7L6l8NZuxmm0QdFqH46E3LwlBihkLELMCp+dfp1qDfhkFPXnSlo
FcWWcHyxCRB7PDke/qk2JHnRD/wJU3TXpRyLHV0IwhmvOgyorgEGUN1zy20TwE0V
fhbBO9AavwTxlj5Oto/1CeNxV+m1j9MbRvkquSD99ZrfLhg5Ob6Rqc9MhGCNnRK2
EtOFOAJaMj2xVDkWM6+A3CS/L5x7trR6LvvMXuMyuJqmu4Lm171IxyjjPEIK8z05
BU7UlJCqk1Ux1H5OnJLa9D4zuAKjUZb69uC076EdTz0iEbAWcKcxGGAKMJc6wAWz
+eVWVK5Y0vFBjrZiXUY9sxNZ1W5/T1ePgPGOWY9BVnPK0PEeNS8ySE+p4sRbcM60
cc6yihuN2xVfcagyAa8GApWyhWl5Px0g2B8YVGLfwFcef5S3ia/yJ526kAosvcWJ
gHhqSYNOPKMj7BqD9sc25pqmOGMOq+o2pvTFi075KDjDmYqQ1F1CUwX+Vu+UByN2
OEIXa3KAp2Zgl4F9LUcUw5Pt1l0rNIbdDFsiYvoz9KOwGA0OhTUf6OtOSfUbZJHf
2Ewpr89BAKjGvZ1AhHZeSrutSmA/OLe7q5n9b50F4ENmd36DJ7WaQp9QfVmGjew0
3TG5mXpfuCKZXPL1oSk7oVP9h4NZ0u7mmbK3eyATxJllbYSeE7SoSwKN7Z9oLqUp
dVfJJHVjCKBI57tSkxTPN21BtcTnbja3iDnbFckF4lh4CpDavI2Msg7uZbfaXnZP
yTOYOpkBDQRPqCmUAQgAs+VspRgK/norWY7kooM0fst9FtxPoJFNA0jZQQd1paKz
rZszF/Rdnfs/qMybns+DT6sH0OcthMSkmy/Ita8GJhMWSM0w6ZtUOjd4Rvry28cG
627Ck6lvaz4l64lOckcLr1SZeDTlOk/z2rt/1Q/IhTe1OJlaTRVT5QfLwrwyftO2
dMSB/TF3vLmhERt79hC+zL/C+cNOVxHrk0/wiYsOjXc8I2XNRcplaBY57XrZfB2i
fuSQgdspQG58P8GSRzkYLC8WYTi+v86yURvBr44AftZfIs4JeJ9Azqo8sqECGSfp
n7h0dOsA6sLz+RfUWagofDHeIWLo6KeWtASnwMy33QARAQABtCBTZXJnZSBIYWxs
eW4gPHNlcmdlaEBrZXJuZWwub3JnPokBTgQTAQoAOBYhBGbQOH24XTIPhAgWbbF1
z6mPGSryBQJdq9HdAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJELF1z6mP
GSryDJwIAIk6S5V7s8g+AvvSP8ggPTfwaiuN45zHyTpfysuer4Cf1m6xSS7jt8Lm
zJUSw947qwukitoNE6coMqF9jI8GVU+tEqt2XICIe9cslh4bWdvTblIirCp2o2/S
JT/gDNVdIPacuNWHQ1JgLgv+XK6sivvLtQlawf4rOxMpuffICJfZ8hr2ma84IxtX
EQo832VPKURvlTzK+V5WvKwygWZfi3LrFfdHgFGtBPylRUuTdXUOhynJGFz0gTdw
yh2cvqimtZOw6tAp5E40Jo2jLt4+bHTl4OEFH4Qh3iwxQLWnTXT9OCOoOSmUbwuO
F3UNQG8RTC8jm4QrKv0MUof52KyrMNK0LFNlcmdlIEhhbGx5biAoa2VybmVsLm9y
ZykgPHNlcmdlQGhhbGx5bi5jb20+iQE4BBMBAgAiBQJPqCmUAhsDBgsJCAcDAgYV
CAIJCgsEFgIDAQIeAQIXgAAKCRCxdc+pjxkq8mHxCACb4jh2MM145x1q7G0EO+ay
atsEODZTORUZY7JLnwl7SM/w1KSik92qht8u8sLRMJeHj6HyZi2wtDuW2RfW5YEk
gldNs8xnXlKLACbMbpmB1YvQkR1rIgGjTF/IIn/b3j6s/4mP3Gj0uMOIAVySvLy8
L8U6COAmQ8CJTJDKL//9x0Ob+Tin3qmwNa57BiO+L1MPWbf0qoLnc+W2Ouevdzqn
kUVlOrTh/M6OB5BXsNumHYfNKgJ9UewC55OvM8H14/L3ckfX9OXRKm4P+LYWVnI1
gvxa50Do3E8CruQ51AhPd+2tTD87eLdRQmFB66nCzffbsxrjg+NqPf0viQGth1oX
uQENBE+oKZQBCADc9sYSnWAj3y6QE9sGNDUFaKpAFUsprpQ8LeA05nh3RUxYDd75
qc0ewtGR1+SlgpehKQfSXVQT254jM5lJanNDPYffk9k9lMwgSVoTP2QaszfDgir7
WKKQuj3dBwnmYHdIY2mq+eaAh/1cCU//ggdaATo4ENQhKTAIiuviGKBpYX/zHAlP
IvyFjERsBmq0woQKvDGsoQEObx1zu1GaTWeTSIEnHyRhajMQrKUAxSCh9Th2Vj6x
Ohvx9TK6li+ecxYuuBVP0Xllg1GdoQBC8KWITDOrU18suj1vEGK4YOzQQPxANs6I
81SvVddd2bh71cyAjhHr1kugw3PWQvLe4yHHABEBAAGJAR8EGAECAAkFAk+oKZQC
GwwACgkQsXXPqY8ZKvJrVAgAi7CVXJt8mZiN+yzwiZVlzrkRQduB2cgvGZD6Hm3M
Jc1aVA3Gh0tJcLo+SdutCOzKSmPRSsnWT19EKxpDMrc9j97Pi9SDrGyUOx7Bz8gK
jTI6BcfPNAhAyIr5Gr9SDyTx6tUduSmmErrvjYWP1/Jz7spInN2wQd5ZVRSvS/rN
ZGh1NU31oeWlbpkU0JpGbZkMXv4JIy+1caH5zzrcRMC9JFxfm/bYdaq+jHhMufnS
y0Qa3QgJkKvzxzvlIG9BaUmuNeR+XoA9ISEMQzAYXqxJQSL28Er9IVaNgtz5mqCM
f8vuDTPGpkYyqGnOjtQNF695wiA7CAr3/WTeiEl6kKsBFrkBDQRdq+CmAQgA6Tx0
yBi7hDuFTjrUQL8y3EiLBIPyLuWLNQHxLPEU+fJaCS8bYWKTmVSIMmYSy0t0Kbd2
lqmIm53NxOCX0BujjGCir5VspEI+TTTXskTZs1JsXdObGFocAeIG+FT9T6RHP6UO
dQTVKaHMZ3XKfWQK+Yb0yZaOJA+Qb28vHd3joMGeoc7rCfUAV4qIq7IKzWKC+1Pa
rP7b6LNj23J36zY73n7UINCyWpDwhA0/TRwVMmWOyTd2ZldBvpKTHFM0b4T/a8x1
RmFRtvtQgVQ6YV6Rm8Zkwh/2w0wkYJUg36/IwyETUwDXuIkbG0AVWp4w3jAD34wD
jPm52R6B1vGdbEu2DQARAQABiQJsBBgBCgAgFiEEZtA4fbhdMg+ECBZtsXXPqY8Z
KvIFAl2r4KYCGwIBQAkQsXXPqY8ZKvLAdCAEGQEKAB0WIQSpvT/xcHK223gPz5Q1
cNoXJwrOJAUCXavgpgAKCRA1cNoXJwrOJPZ8B/4+BLTyb1SKSz0tYCn0GlqJWfRJ
fH9diFMmZGvvxSsIeiBmy0ARPaFoupbAwijI6mJ7lW63GLZZdC3OwnUEdX0sH80/
ecVP8/1qxlfMW0EFFCwPDFbmKLbSGQcobXQzb5AaILSyx+LXONAUpto6nG+i7k+L
7MFC5PVFDrk1CsVhAjjN3ItueeJfYRmkOKksUl4azzzUdC3tGPBJS0CNdb0z+lBA
On8lYSOnoPdHjKzT9jhwluUJyLmszxSf9pW9dgYGoSmx12Ef3EamTQlNa0YB/DVr
Si9G/f0PW7Aby5dNCJQNMYaWWVeHOkuRwkG1PxV6iCIAZkL32ls1bkFTxxsXI4cH
/1D8cGYiqaPkxi9BkJD/9x/0B/2Bz6jZgDj8qDalJ/0YpmLN3cnw07Tk7phKxeoi
wGvaUgaPDiSWQTsbJF38pUxA7GsVj28Vx1LFC6SWcVR6IfvdEU/eex3PD4xGvgdy
lub0XR8KcHppTWCp/vh7/pCK/p3amrsPPLPHtkKbwFEtPYdlsV5hDoax04hiBbNZ
eq6uT/ryuUTUPsWj0or2Wass7Cuvt7PWk4scDyk8OFmHEjkPdmEOwtS7HdxoJR8V
0/9WlomKMY1zUdi3yaThTVBvpmVp9NhvvkX13rW/z8z8cBNnkqlP2CvRoaR/Cm3M
LCUEnzKlxEj0C5RQMJMBcga5AQ0EXavhYgEIAMd+iVOTx6FC3Ghv2PASeXsnxtb9
Af+aBjNf0m8WKTLgIS9xQbxgNJctG6AEptkBfAStRLIA5qOa0iYIpkJynEPbonJ1
2qvtlJ6b6g1h3AThYXQBjTQ89X+rlFzVGQsieqanjI+fiSNbDarOLQUbeJOrkfFu
kr34o5xloKENL/kwu1lDG/Y2GMxZRLe1aVJUXQg4FiEiaE+LNFbrUHxdNR2PE4Xu
JHetneHEiT/zXpvEF4MCisjJTGAHEC43rl7OqHU/GDdcW0udyf9v33LCFWTRLlgK
KHVyUrHVhVzbB2z1+xnxxh/bQXjgttIP3Zqn8LXiLnUNU5+ejJiuAwdwcn8AEQEA
AYkBNgQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJdq+FiAhsMAAoJELF1
z6mPGSry9/UH/0vOoYu6b57UxsJNR5dCMhsPYV7FFIX9uj5XIDo/bQt2RTMa2PuK
MbcDGINsDqHXqOFpZq5WDHhq0cEoIqhlkgj1uC77LLGw7mWyiaMbITQDlRzP9c9Q
j3NkGNKW6FTwR7LPh43kgXygO1StVADIdHapiw9hI52rF8FrNYy4oNRXhUcDPfn0
3akuIbF75saCHaYO/xoQeEqE+0qV82V/FT5tISMygkzgq+9zUhiA4XQjxiVhSK2c
Ai0iUTXZecyEueLk6zZ9vkD8JZagSirTFgxtLrnhVpUBJMOgffv5jmO/Sun4s+3J
bAdicmsFqw90hWmGNwa0F5HZ20rEVAwkdt25AQ0EXavhqwEIAMKECc/f8f0/CenK
kz3wXGEtlG46YLjtTt2tWYXdt9Z04ihVaYePanFtvuujyO3I3jUQNv2foU1CtOuV
yfZqX+TXqs0BUPXWwTCkMOyc/fEQ5u0BFJjWYtmr2sZY4Ag1juJsmzI7g3cnMLL9
LbjpbHRruFIT5rnv9NwG7PURn1XnCt9tdZ/d0h7vEaNkD37j67rjy8UElVVcwVGh
sCR8CkqwZ6ZwpQxE9wyq/Txb+v8qEJcohc5SWbYl70AtzHObokkW6cvRjNz+BcEp
nPfu10lbPO/8a16B96VDdjDGPj2shfNsFLaT8MtFfDAdjZRGlrfv3Wp4qFRlSUGr
jInvOLMAEQEAAYkBNgQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJdq+Gr
AhsgAAoJELF1z6mPGSryW4wH/3Xk9x+WUxeJNtm+5hOfe/KBsXQUbBz+JHGFjd9Y
Qw98jUvPNN1RfgtKf31b+FDKbk/cu+9bNLSfhKDz2AEREViogKRcVjJDy9XmmWQd
1oo+M4GHNYhpIt5ZK1d3CROIiqisLQsih64/gl9gboMcsUuHRkc3hVKUb2umCZPG
37hUdAvOmOMS7/0KCGS5pXnfsX+zegSKjps12siExYXiRpkxbF9MW7er6/6ukvHL
x4jHpgiZ5Sjt/9OqUiAOgUSQfhpAUJlaLxe9E3nj+ABs7LV+FOjtI64skqgqbYo5
VXobFSJhqFTog1+KmMznfsdKaOZQuZh3v3TtGUzkxoMUHPc=
=M8RS
-----END PGP PUBLIC KEY BLOCK-----
Alejandro Colomar <alx@kernel.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGI/tA8BEACYC5fPDOMDrT8SxNlsB9fRj9YAZt7okGtbCIlVuSPs81YMkeJm
BxtPPnps5Vw2whZS13zaoyPykMg6k+komDWctWQKIF0VgpVYtIuezq4q8kMNmKLc
MnHiZRKRh8dOqlK6jHcUlF8rBgQhk+RUBUPOqFEYeTveoZ9qqVmWhOVce5uUX01k
iU2SjoGAGkNDBqmOkhhVUSQg/AVcc4web6Gu184VUbOXx7J5MPpRmXE610fAUeeJ
1VzyB8U/hgPLrbZX3jQMJbcCSM+Qdxdr/gsptfx1XIm4NsvKXTUOpWg1DQFiQYTJ
FN6Kz0NKN6MV/3AqbKGtWDqKhFt3u3a7T+uUP/qzi9jma+DruQuzQztI6xnthZCb
RjFkQ/iUUtuGgmpOB14HrgwNaRjKWddzab+A7BL971Q3fFqDsvrntD+koYVUgTfq
ErcQo9ZdGRAUL5icyyDg4cC6xgjdmYfnX1s4Rlo3cXJXTZpIOx5AvZV6HYNNm9pu
EoPm5gjNtk4F+FENNjkB3c2ntFr2prpoxaN9ceNd8a1tkWAgh6ueFVA/tkd1hy+2
bP7e5+Nk9NjsWLvnL2slep1cX38DU9hx91t21+x/8hCxN4gqtvDJY/eqUZ2d0uAR
KhPEDZ8GzchxVtX9bGx1HSAVcdnkSzKIGFOJi3ivYqUEihXd5WQE57UovQARAQAB
tCJBbGVqYW5kcm8gQ29sb21hciA8YWx4QGtlcm5lbC5vcmc+iQJOBBMBCgA4FiEE
qTSFlM4xKDqCb73Y1XYz1EHiW7UFAmNDAAYCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
HgECF4AACgkQ1XYz1EHiW7Vm4g/+NDfrYWHAHSMBkQnTZdhrOFCR1tJsWTLABwe1
fMLBW7djLZMZweDMU76UBrucAEsarKkIHyhqpBES5EXwmlvKSnEhzPjXZ+PoHmM0
M8Lq7QFZ5IEbrhuJbvpfTCa0gleHKIVYCCeaf2AUpgwX1XMkG2mmRdvUDQ2M8NMH
ljM/OZ+6tBGpw7zvx1kYsSfBerlHxmLXlRxHrr9nWi7zXa+HrHZQAhopuufIb1we
8lI/gdfywq7s/e5Xelk4dnr/pEFx56G1vh0bc+zU36+C9gX5IXOJv2WrTmOfG3Am
gaJgWZapJQlPFEByk+2oJf5UOgPRhdX7qLR8mVnQ4EHM1sr9B6UGwcySZpVwag9n
51WhjgdqYoSPt9dpPSNfNavLJDR+paM0aEHi3/t3mGJSyOPM4E6ejrYk7791fOJF
0J3VhKr9KR1rMxQpE1kMs7qO1uUJvnF+opzrueMELffwTfDDyvY1bV/ZNou/MPi4
EbUJyZDvsq2shaKj/NB4nzYJIoGbUzUrz008buTagf+WZ+uTDIdOJbaVPcUUjtzr
21KifSWxcokNhqSIrsCLzCJkbiKEK7nUoOvl9q3Wl9L5CWAOflr5499iyGqxlJ+E
7xzerWy1ZqgQHJ3Zp0wVMgHTKvPsmDvwaXBvEZkrUQ4PnInWTNJ2yiNxJU/we7Xx
kxo4Qk20MUFsZWphbmRybyBDb2xvbWFyIEFuZHJlcyA8YWx4Lm1hbnBhZ2VzQGdt
YWlsLmNvbT6JAk4EEwEKADgWIQSpNIWUzjEoOoJvvdjVdjPUQeJbtQUCYj+0DwIb
AQULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDVdjPUQeJbtTdsD/97XSXo3Dqb
eaAWhjreKTwO9sPh9n79tS5CZMne44jvC7OCNGeFYq/MGyk0aDPcfN27dO4YSJXN
d82t2K5vC85W5+tbnREN+OTNy8b6U4XxpeQhHP7jr5xeQt0aTkUH3Eo+0mzUq4fS
hxMMch4FuDvMcohkOQs6LMKyvNo0jXAM3nE6nJeRipBjG5d8KKlx9dqmS5Zee9FA
YayikSFp77aSGIvWFejTS3YDaN/APotN1SheEWHtGRY1zvbPbGKJKMy/k8O0b0TJ
gGGe0RzFmPaQSCc/ZlpG2jk5BrnnspCDTq1I/2zcpgdwcR3/3Iuw2VAlOU48w7Qs
fZecvYw+8zlrsJlB/NNU6s1YzeTi37jo43aqgyw4E7iev18f14W2ZQuIQY36hUmf
4z49hAliWcoq7SZL6tsdmeQPjYWJb1lxds8s+iEH1PUsGObWUkjy1iIfJ+gXCe8E
uKZKPGY7RWwYoSBliCVVXfgmD2XQja9i3pjRiJ6S7sYjZnugNwFaVbeptHE8NL4J
Y3eRJpZdGizW58zTfxhvU/AjjDMhqqshW8ZSbAIRI05eGxzwk82qGq+cUVxsBeU8
7i9DbqNOF50cYyltYVVJ9qPAxO+5sBtW6rq+yxkLArjTlpIRJsrXSiFJFqAp7FkC
pUx66xvV8LgAVMKeD2o+Ae8mCTmYJfiCabkCDQRj2/4qARAAw4VXqcdlHsnCDqcC
x5U+nHDOMsyEqG7F8mivt9covXkGUGoLI3ZlGU/5EoRwQB91uHJMU9zJwumQ4tLs
szhOB/CNBSDZ4XTCcEej+dhQounRIdbY+DcXn4dVdx/mYCFPVb7OtUe68m6vyiai
2KG288QbjnkzNA222caPQNDy6NsIGh8V5WDKCa7Jk0Zti+tTdi+vhkFjk7+brh5I
qzahfuk/uVDWBUVT3OiNRywtouTBdfT33JhQyRqSMty6gjkkYyxX0QD5r5EIVrtr
gre6aBWw3dy64pVs9nxVBhVCH4h6PwReXFB4kfjgw82Q1/DkF/ZMsH8bPPtvjI1N
Yz+TMaLcUQX7fWlW7YbQSXSwF4mUSMYgdOZ8CTNQjKmpnpVhHYuL67cG26ev/+T4
OrcT103j/InLipKvYUC3HwFMbq2P/9edqf85d/Nl1KMdByJ3qVVFMuXjiJr0uf1K
oc7nfP3mqkPUHEdjsHnQnpNWZPBr5xs8iNtGmgltnJE2jacXFqtvJ6M9ugrMauoK
s5sNMhqvf/zyZiLWkcZ8bWi6cGl/JD1RS66ViFFmVeg5xpVgspUAsADCZLneTCAW
46DJ2Esq92afIVSz/AUtVjLUJyZIOBaVzY2JXR9s5/ePJAd4T42cg1Kdrdsi0dPY
MOwPjQBpiuetA4dCWeL5qucnSAUAEQEAAYkCPAQYAQoAJhYhBKk0hZTOMSg6gm+9
2NV2M9RB4lu1BQJj2/4qAhsMBQkB4TOAAAoJENV2M9RB4lu17J0P/3LN+ueOR4q4
G5KOnLA5+u1y84d0LI16Z43iAm2NyAWCNkvjGj3RqQD8ZwFmckulf05mhvLOcwxE
i8aAnEcsK4YfsGjgQRDJIChPnZCfssCkFVjfTyEcMgI4sr8hBjbp+ULL4LOnHu4B
LjWjeWc48dtVQ7qcetVw7u9ZABfRBPxVBgY8Idxv1qVOQE13P2sPzbYKsFz+2mH5
54VnMO64zqCbecxgV4NRFcTeNUaDgl6D7zNlNmh4j6c7sKjoEzYIVizApM4xMtOB
syL4fGXRcNtenuBDc/1/PeHdDhqGGlZds1RmTLJm+gCzVio4z5EXPJMKjAVBHapM
NMl4TiTay6gMG6QJMwkgVmS2F28wxj9KztkdnC+2YWJdWDeM07Le231X2hnRQE/D
epN4MouHofOB3I3WY+sSR2KUik9WceL+ICIvUisCNk3GvXVg6hYXIukN8ZR4Sf3A
rRPpePofDK0vZeWIGt6ZksVY9A3GQc0cMagqgCTK0gUxeDk/tPH8xyz/VvRZPGaC
GlzeSQ1giSwgNXX1FDfnGOdn/rJh/aoDl1PzTBjyZcZ15s9HSPA6h36TMgCrSCai
kWjbk8mOJhIhTbxclyI9JLu2AeKu+zP41Gi0AEEGkhFKZ9cG6cGG7AuSsiZ3OqOu
sym/ZKz1uuXGo1iJJgkZ2yiq3ox7KHMZuQINBGI/t3UBEACr9ldxakkNdKp/Pc8+
fRznR/+b29CfQWjOEv2njByhQa5CU18jMT6DIOokv2vU7xwaNJviBouaKWAIe5iy
a3BWHhRpk6e2WnST/X3Zxmm8NjBZAMVl1JXS/vDEDhUu76y/Z82YcHZi52fRXRr3
jwza/jGFyjLwem04G/CrS+tUHiWd3cbeh09LlQ/zN7cO8oOoYZWyoX0GNtXbUovy
ssdUt1RODrSVde+8ec7AQm8fg7mRt3HCXhjwrdLxvqVRgG3wYCR3TnzL+rGuhYxa
TEmbcjPLrKqSfZatsmVir1JJ2Cn8O9Ns5ROsqnulYa0foTo4LDwgqR82uel8mEaZ
EQh4B7ob8mvqPLKBHbQXVeRTxuqLdyd3W/2yu5nIUi7kA6CIm5mdK8MT6CiHqYYx
QD33HTN4OtFqrf3TbyjBG5wlzCD2mSrGB52FYgrkfSiKXBOxiqoFo++SpK1wSuHN
a2ge1hkIdlE8wEPDBDSRqPta8t8ZazNPuc5tR6g0B/JUTIa6r8bDk5NgNj8jrGqv
MvTWl+txcQ5uYo5OlvdiwHy2/YzEDhWcb1ls0faQQHn2CYFr6S9Ad9dOsMJZ2E29
K4v/apGnGEjLqqqXWfIxPBq01bZY1pQI8fy+PJkp8IHZfQ2RrmUFaSOufLOgQE7c
w8j/SxlSdbFrBZA7cMfGLPLT0QARAQABiQRsBBgBCgAgFiEEqTSFlM4xKDqCb73Y
1XYz1EHiW7UFAmI/t3UCGwICQAkQ1XYz1EHiW7XBdCAEGQEKAB0WIQTqOofwpOug
MORd8kCejBr7vv/bMgUCYj+3dQAKCRCejBr7vv/bMkq3D/48Y7jLfIB5jY9dzVCm
ikbuexOAb0YDSZQS3Pt6GnPryIm1gLaRt0jw8HWVI80bMRvTKvJ7D7+kc6GCLK90
MjxMBdlL/BfBFj8jNuVeaNfI7dTbon0kri56bMI3Ad/G7jryRcnPrRZo/nzGKcMD
WxV3tgZkamh0pHYWjSttt0fr8t2qXzK74XO3PnU1RkGY1QAlMa89FJXUyW+veFpy
AJWNW9zYVatjPKPyMLr8I7t9KLjviJBBWwE2fbXgvT58IqhqADKt+YJdXlNiD1Mn
ZaBbbBCO7Mn+aG+yAJBJKPqmjoN1dOXy1FtuNrHHnTYIHyoRD/IR1DtEwlIYHlhZ
+8uy2rXPMA/I8hSCxFgMEJaY8IzfP49sPvwFMfGgnEFk7jmTAczP7rwSeDuvRnWQ
ztJqu9PQp3Wmek/ea7WV93rBmI6Vipl8P69m3CzQErnuIZUutsjP0BaiU+hENoXu
ZmlV0MtnNix0j28sTIe49vtb5UTVRJjIwwI1BDGtM4Ukij9tNkDkntrTkpBE3MFk
9SYi8aAN99kBCNmkwRdY0opwNhGFJwBEwycv7I7d7s/Y79ZSuZBrjB6nB5gU+Xh1
tDdQZxzHLctnZ2cAjE8BcU2wrgZghWiRZ7YlI0bozXl6/VJaAVhZU7f6ebklXSYF
JwTrCwam8VbcgoiukMsdv831NmkPD/4sjSJfoqdE4kGHHX/S/N/Q8LiflefYivLX
X/WtGyRguuYH+8YDqGaCGco8IKmlRDhaME1achjMp/O808B2rxogpsLWu08AF4PJ
97w01RfjBr8aA5qvZXnCfAnmpRzQjDrjIuNOle834dXvOAANugR22dBbjv7MRtOp
Xn1whyAEJIwBeAgKe+p1zwWyQNv2Gq+9C0IQ2w4uJsodjNi6YzFnTvm3HulnNr4s
L+x/i+24iuz0Gf2KbGiR2FtCyKIek0N2NAhPquoI7L0HEP2FKh3OeEH0aCdFcZf/
Dw19fjqEROaJhVvSgTvXIVh3dnB4e7qlYsMSNQxqCcKQD4D79kjFrOygySU+6xMp
vUQvOiF46MrPx8KtfiuPTuEji0Y0F9qz1u5vqwelsg5vpoa12h9qSdX/uWKbRqqQ
x5gHERLoTXT7aMKYuDU3UAMxEEEOaXnOtWNlr3n4H7zMrZ3qvkTRRmGiH8iGkSFn
w2WO3rr/flfIQAJLSUH5lTmR4j/XBNtOGSAWKaRU3N5cX2zHcS5YxkaBx3u4Ew+D
qnBNL6oazpe1iaIoxsyC8MOFyoWHmv/ivv7FbpkWFHgN+R2nenIMiHuHQd/62/RC
PVEoGmaL+XCfSpmstYz9phejRW7LacBt4BMCV7ghqD6vYCR0QBoENp0V5mKyXQ6P
R2OsYRFGG7kCDQRiP7s5ARAAktZGlZIjclF0dkQxIpJ2cQ0FOEgzzG0hZzIfHzLW
T7HvuY0XHWAI64yZbDSdHkKTSKbVnrToCayBDu0oISa3gZh+cd5a+Igf4NsIkGNR
askGnmZYUM+RP1PzKPlVqdPIcXedZvTermRHIyO73f3p5kw+vDryGyubrt2n2IFb
J7SopNed2kXIs5dyk89mvJ+muPCDD5wYHbdXfpEH+KznROMHOVHzwfHYQ++finuw
2cjdJbAyZz6QSopAQeg46UEAk/aTGuI3cEFIzDq6cpqS8fvpbHGL5Oi657t2i1TL
zUCo/4FK027ZLkTXpcB8hbmKFWhfWueDx3aRNvbloJn7kq97RhnE3tgewi+syJsK
CrOlHc1rD8/JNL9lcr2yuSTmwY80QDVNU3U2ZeqLdxx47O31zR5VCpGu09Ro57bJ
j5YaMukwmYLiPwTExkTqqryf7QsLq47Tgd+0YnUyq79XEv067ow+FCxbIoSNlQWB
W2LbNi3JeNPCM0pWdgFuiQE2KFH0s4qulKxEbEtwpVXOH9fmUN23VkI1TnarfRlG
XgSdOISRbXa0O9Ta85BF/NtoBXRU4CtDdcmT7343PjRPbAF1ixU+KOhDDuaDBUV5
iD6BXqyHyL6rciYvqHQwmg2ztdFmTewapV112Vv2wpqvbyrzszTtMw8c92Y7Kfge
fY8AEQEAAYkCPAQYAQoAJhYhBKk0hZTOMSg6gm+92NV2M9RB4lu1BQJiP7s5AhsM
BQkB4TOAAAoJENV2M9RB4lu1mAsP/R/4E68Rt7oUI/30eTuiRb9C/Zx6EaZVIJBw
G2cwKB9GkU4vGR2PU1f25vym92fywSP9OavWyDeVqtN8Ar4U4CbD/L9f2JgZMTXr
HFgxU94uywKOxhLEL8ylgaU89l6af1BynBn3YU/mLQyMHAMTs0uaifjAedeNJq08
XWP3bVdxRywj/rqAf52KA9Y/C59mCfx4vmYu2r2jbwCCVWOsL5sgWyThyGKuNv1A
7+k0JYJlsJ8aro9sS0fjscvoyxajDX2u0Mq/dTbjFWiJQbdT2mWMgiOHxpGDGst9
NH5+JbYZGV/TfeJFDIAW/Pw3gktKt40IP2t6y5vjyUCHEEn2E6pfnr1XmY6EOae5
hPYJQNUbJw98RdpPPY3l4FY49M312v6dphAj2kBmMv7mbyLrIZoTsHw5Q++ig83V
i/I1u4tTvZomFn2po3MO3+QL0FTqzwPjiTyUmSO4rMi5EZiLJF5ITSaESFXNGQb4
UBTuXYgKXY4spWeYpSB2qREhrkXgXrDWEJBwIBJW4ppPI4hRhefGV6wHTRxF24No
iVPz4ABaTQFkvZbpyTT+DT0CL8tHMwF7Tq3wFQ4Rr82LBS/fWxgzeyYTgZwXXUFY
YqM7OXwJKVjlgC2B+OEwgXcdRxB4y5asd//D9wVeD0pfiWk+Ohmi/YF9WmFgmrWe
vK53nZUH
=V1ID
-----END PGP PUBLIC KEY BLOCK-----

23
shadow.service Normal file
View File

@ -0,0 +1,23 @@
[Unit]
Description=Verify integrity of password and group files
[Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=read-only
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
Type=oneshot
ExecStart=/usr/sbin/pwck -r
ExecStart=/usr/sbin/grpck -r
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7

388
shadow.spec Normal file
View File

@ -0,0 +1,388 @@
#
# spec file for package shadow
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%if ! %{defined _distconfdir}
%define _distconfdir %{_sysconfdir}
%else
%define no_config 1
%endif
Name: shadow
Version: 4.14.3
Release: 0
Summary: Utilities to Manage User and Group Accounts
License: BSD-3-Clause AND GPL-2.0-or-later
Group: System/Base
URL: https://github.com/shadow-maint/shadow
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
Source1: pamd.tar.bz2
Source2: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
Source3: %{name}.keyring
Source4: shadow.service
Source5: shadow.timer
# SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbrabec@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches.
Source40: shadow-login_defs-check.sh
# PATCH-FIX-SUSE shadow-login_defs-unused-by-pam.patch kukuk@suse.com -- Remove variables that have no use with PAM.
Patch0: shadow-login_defs-unused-by-pam.patch
# PATCH-FEATURE-SUSE useradd-default.patch kukuk@suse.com -- Change useradd defaults group to 1000.
Patch1: useradd-default.patch
# PATCH-FEATURE-SUSE shadow-util-linux.patch sbrabec@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific.
Patch2: shadow-util-linux.patch
# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
Patch3: shadow-login_defs-comments.patch
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
Patch4: shadow-login_defs-suse.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
Patch5: disable_new_audit_function.patch
BuildRequires: audit-devel > 2.3
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libacl-devel
BuildRequires: libattr-devel
BuildRequires: libselinux-devel
BuildRequires: libsemanage-devel
BuildRequires: libtool
BuildRequires: pam-devel
BuildRequires: xz
# we depend on libbsd or glibc >= 2.38 for the strlcpy() (and readpassphrase()) functions
BuildRequires: glibc-devel >= 2.38
Requires: login_defs >= %{version}
Requires(pre): group(root)
Requires(pre): group(shadow)
Requires(pre): permissions
Requires(pre): user(root)
Provides: pwdutils = 3.2.20
Obsoletes: pwdutils <= 3.2.19
Provides: useradd_or_adduser_dep
BuildRequires: libeconf-devel
%description
This package includes the necessary programs for converting plain
password files to the shadow password format and to manage user and
group accounts.
%package -n login_defs
Summary: The login.defs configuration file
# Virtual provides for supported variables in login.defs.
# It prevents references to unknown variables.
# Upgrade them only if shadow-util-linux.patch or
# encryption_method_nis.patch has to be ported!
# Call shadow-login_defs-check.sh before!
Group: System/Base
Provides: login_defs-support-for-pam = 1.5.2
Provides: login_defs-support-for-util-linux = 2.37
BuildArch: noarch
%description -n login_defs
This package contains the default login.defs configuration file
as used by util-linux, pam and shadow.
%package -n libsubid4
Summary: A library to manage subordinate uid and gid ranges
Group: System/Base
%description -n libsubid4
Utility library that provides a way to manage subid ranges.
%package -n libsubid-devel
Summary: Development files for libsubid4
Group: System/Base
Requires: libsubid4 = %{version}
%description -n libsubid-devel
Development files for libsubid4.
%prep
%setup -q -a 1
%patch0
%patch1
%patch2
%patch3
%patch4
%if 0%{?suse_version} < 1330
%patch5 -p1
%endif
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO
%build
export CFLAGS="%{optflags} -fpie"
export LDFLAGS="-pie"
autoreconf -fvi
%configure \
--enable-shadowgrp \
--enable-account-tools-setuid \
--with-audit \
--with-libpam \
--with-sha-crypt \
--with-acl \
--with-attr \
--with-nscd \
--with-selinux \
--without-libcrack \
--without-libbsd \
--with-group-name-max-length=32 \
--enable-vendordir=%{_distconfdir}
%make_build
# --disable-shared \ currently doesn't build with this. See https://github.com/shadow-maint/shadow/issues/336
%install
%make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
# Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389
%make_install -C man install-man
install -Dm644 %{SOURCE4} %{buildroot}%{_unitdir}/shadow.service
install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer
# add empty /etc/sub{u,g}id files
touch %{buildroot}/%{_sysconfdir}/subuid
touch %{buildroot}/%{_sysconfdir}/subgid
# Remove binaries we don't use.
rm %{buildroot}/%{_bindir}/groups
rm %{buildroot}/%{_mandir}/man1/groups.*
rm %{buildroot}/%{_mandir}/*/man1/groups.*
rm %{buildroot}/%{_sbindir}/grpconv
rm %{buildroot}/%{_mandir}/man8/grpconv.*
rm %{buildroot}/%{_mandir}/*/man8/grpconv.*
rm %{buildroot}/%{_sbindir}/grpunconv
rm %{buildroot}/%{_mandir}/man8/grpunconv.*
rm %{buildroot}/%{_mandir}/*/man8/grpunconv.*
rm %{buildroot}/%{_sbindir}/groupmems
rm %{buildroot}/%{_mandir}/man8/groupmems.*
rm %{buildroot}/%{_mandir}/*/man8/groupmems.*
rm %{buildroot}%{_sysconfdir}/pam.d/groupmems
rm %{buildroot}/%{_bindir}/login
rm %{buildroot}/%{_mandir}/man1/login.*
rm %{buildroot}/%{_mandir}/*/man1/login.*
rm %{buildroot}%{_sysconfdir}/pam.d/login
rm %{buildroot}/%{_bindir}/su
rm %{buildroot}/%{_mandir}/man1/su.*
rm %{buildroot}/%{_mandir}/*/man1/su.*
rm %{buildroot}/%{_mandir}/man5/suauth.*
rm %{buildroot}/%{_mandir}/*/man5/suauth.*
rm %{buildroot}%{_sysconfdir}/pam.d/su
rm %{buildroot}/%{_bindir}/faillog
rm %{buildroot}/%{_mandir}/man5/faillog.*
rm %{buildroot}/%{_mandir}/*/man5/faillog.*
rm %{buildroot}/%{_mandir}/man8/faillog.*
rm %{buildroot}/%{_mandir}/*/man8/faillog.*
rm %{buildroot}/%{_sbindir}/logoutd
rm %{buildroot}/%{_mandir}/man8/logoutd.*
rm %{buildroot}/%{_mandir}/*/man8/logoutd.*
rm %{buildroot}/%{_sbindir}/nologin
rm %{buildroot}/%{_mandir}/man8/nologin.*
rm %{buildroot}/%{_mandir}/*/man8/nologin.*
rm %{buildroot}/%{_sbindir}/chgpasswd
rm %{buildroot}/%{_mandir}/man8/chgpasswd.*
rm %{buildroot}/%{_mandir}/*/man8/chgpasswd.*
rm %{buildroot}%{_sysconfdir}/pam.d/chgpasswd
rm %{buildroot}/%{_mandir}/man3/getspnam.*
rm %{buildroot}/%{_mandir}/*/man3/getspnam.*
rm %{buildroot}/%{_mandir}/man5/gshadow.5*
rm %{buildroot}/%{_mandir}/*/man5/gshadow.5*
rm %{buildroot}/%{_mandir}/man5/passwd.5*
rm %{buildroot}/%{_mandir}/*/man5/passwd.5*
rm -rf %{buildroot}%{_mandir}/{??,??_??}
rm %{buildroot}/%{_libdir}/libsubid.{la,a}
# Move /etc to /usr/etc
if [ ! -d %{buildroot}%{_distconfdir} ]; then
mkdir -p %{buildroot}%{_distconfdir}
mkdir -p %{buildroot}%{_pam_vendordir}
mv %{buildroot}%{_sysconfdir}/login.defs %{buildroot}%{_distconfdir}
mv %{buildroot}%{_sysconfdir}/pam.d/* %{buildroot}%{_pam_vendordir}/
fi
mkdir -p %{buildroot}%{_sysconfdir}/login.defs.d
%find_lang shadow
%pre
%service_add_pre shadow.service shadow.timer
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%pre -n login_defs
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs.rpmsave.old ||:
%post
%set_permissions %{_bindir}/chage
%set_permissions %{_bindir}/chfn
%set_permissions %{_bindir}/chsh
%set_permissions %{_bindir}/expiry
%set_permissions %{_bindir}/gpasswd
%set_permissions %{_bindir}/newgrp
%set_permissions %{_bindir}/passwd
%set_permissions %{_bindir}/newgidmap
%set_permissions %{_bindir}/newuidmap
%service_add_post shadow.service shadow.timer
%verifyscript
%verify_permissions %{_bindir}/chage
%verify_permissions %{_bindir}/chfn
%verify_permissions %{_bindir}/chsh
%verify_permissions %{_bindir}/expiry
%verify_permissions %{_bindir}/gpasswd
%verify_permissions %{_bindir}/newgrp
%verify_permissions %{_bindir}/passwd
%verify_permissions %{_bindir}/newgidmap
%verify_permissions %{_bindir}/newuidmap
%preun
%service_del_preun shadow.service shadow.timer
%postun
%service_del_postun shadow.service shadow.timer
%posttrans
%if %{defined no_config}
# Migration to /usr/etc
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
%posttrans -n login_defs
# rpmsave file can be created by
# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3)
# - Migration to /usr/etc (after SLE15 and Leap 15)
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||:
%post -n libsubid4 -p /sbin/ldconfig
%postun -n libsubid4 -p /sbin/ldconfig
%files -f shadow.lang
%license COPYING
%doc NEWS doc/HOWTO README
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
%if %{defined no_config}
%{_pam_vendordir}/chage
%{_pam_vendordir}/chfn
%{_pam_vendordir}/chsh
%{_pam_vendordir}/passwd
%{_pam_vendordir}/chpasswd
%{_pam_vendordir}/groupadd
%{_pam_vendordir}/groupdel
%{_pam_vendordir}/groupmod
%{_pam_vendordir}/newusers
%{_pam_vendordir}/useradd
%{_pam_vendordir}/userdel
%{_pam_vendordir}/usermod
%else
%config %{_sysconfdir}/pam.d/chage
%config %{_sysconfdir}/pam.d/chfn
%config %{_sysconfdir}/pam.d/chsh
%config %{_sysconfdir}/pam.d/passwd
%config %{_sysconfdir}/pam.d/chpasswd
%config %{_sysconfdir}/pam.d/groupadd
%config %{_sysconfdir}/pam.d/groupdel
%config %{_sysconfdir}/pam.d/groupmod
%config %{_sysconfdir}/pam.d/newusers
%config %{_sysconfdir}/pam.d/useradd
%config %{_sysconfdir}/pam.d/userdel
%config %{_sysconfdir}/pam.d/usermod
%endif
%verify(not mode) %attr(2755,root,shadow) %{_bindir}/chage
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/chfn
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/chsh
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/expiry
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/gpasswd
%verify(not mode) %attr(4755,root,root) %{_bindir}/newgrp
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/passwd
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/newgidmap
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/newuidmap
%{_bindir}/sg
%{_bindir}/getsubids
%attr(0755,root,root) %{_sbindir}/groupadd
%attr(0755,root,root) %{_sbindir}/groupdel
%attr(0755,root,root) %{_sbindir}/groupmod
%{_sbindir}/grpck
%{_sbindir}/pwck
%attr(0755,root,root) %{_sbindir}/useradd
%attr(0755,root,root) %{_sbindir}/userdel
%attr(0755,root,root) %{_sbindir}/usermod
%{_sbindir}/pwconv
%{_sbindir}/pwunconv
%attr(0755,root,root) %{_sbindir}/chpasswd
%attr(0755,root,root) %{_sbindir}/newusers
%{_sbindir}/vipw
%{_sbindir}/vigr
%{_mandir}/man1/chage.1%{?ext_man}
%{_mandir}/man1/chfn.1%{?ext_man}
%{_mandir}/man1/chsh.1%{?ext_man}
%{_mandir}/man1/expiry.1%{?ext_man}
%{_mandir}/man1/gpasswd.1%{?ext_man}
%{_mandir}/man1/newgrp.1%{?ext_man}
%{_mandir}/man1/passwd.1%{?ext_man}
%{_mandir}/man1/sg.1%{?ext_man}
%{_mandir}/man3/shadow.3%{?ext_man}
%{_mandir}/man5/shadow.5%{?ext_man}
%{_mandir}/man8/chpasswd.8%{?ext_man}
%{_mandir}/man8/groupadd.8%{?ext_man}
%{_mandir}/man8/groupdel.8%{?ext_man}
%{_mandir}/man8/groupmod.8%{?ext_man}
%{_mandir}/man8/grpck.8%{?ext_man}
%{_mandir}/man8/newusers.8%{?ext_man}
%{_mandir}/man8/pwck.8%{?ext_man}
%{_mandir}/man8/pwconv.8%{?ext_man}
%{_mandir}/man8/pwunconv.8%{?ext_man}
%{_mandir}/man8/useradd.8%{?ext_man}
%{_mandir}/man8/userdel.8%{?ext_man}
%{_mandir}/man8/usermod.8%{?ext_man}
%{_mandir}/man8/vigr.8%{?ext_man}
%{_mandir}/man8/vipw.8%{?ext_man}
%{_mandir}/man5/subuid.5%{?ext_man}
%{_mandir}/man5/subgid.5%{?ext_man}
%{_mandir}/man1/newgidmap.1%{?ext_man}
%{_mandir}/man1/newuidmap.1%{?ext_man}
%{_mandir}/man1/getsubids.1%{?ext_man}
%{_unitdir}/*
%files -n login_defs
%dir %{_sysconfdir}/login.defs.d
%if %{defined no_config}
%attr(0644,root,root) %{_distconfdir}/login.defs
%else
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
%endif
%{_mandir}/man5/login.defs.5%{?ext_man}
%files -n libsubid4
%{_libdir}/libsubid.so.*
%files -n libsubid-devel
%dir %{_includedir}/shadow
%{_includedir}/shadow/subid.h
%{_libdir}/libsubid.so
%changelog

7
shadow.timer Normal file
View File

@ -0,0 +1,7 @@
[Unit]
Description=Daily verification of password and group files
[Timer]
OnCalendar=daily
AccuracySec=12h
Persistent=true

13
useradd-default.patch Normal file
View File

@ -0,0 +1,13 @@
Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -87,7 +87,7 @@ const char *Prog;
/*
* These defaults are used if there is no defaults file.
*/
-static gid_t def_group = 1000;
+static gid_t def_group = 100;
static const char *def_groups = "";
static const char *def_gname = "other";
static const char *def_home = "/home";