--- gss-ntlmssp-0.7.0.orig/README.txt
+++ gss-ntlmssp-0.7.0/README.txt
@@ -0,0 +1,76 @@
+
+GSS-NTLMSSP
+===========
+
+This is a mechglue plugin for the GSSAPI library that implements NTLM
+authentication.
+
+So far it has been built and tested only with the libgssapi implementation
+that comes with MIT Kerberos 1.11
+
+OID Space
+=========
+
+The Samba Project kindly donated this OID space: 1.3.6.1.4.1.7165.655.1.x
+
+BUILDING
+========
+
+See BUILD.txt
+
+
+TESTING
+=======
+
+Testsuite:
+----------
+
+Run ./ntlmssptest at your leisure, it just insures that the crypto is
+working correctly.
+
+Real testing:
+-------------
+
+There are exactly 2 configuration knobs at this point, and both need to
+be set right.
+
+1. The gss configruation file.
+
+In order to load the mechanism into GSSAPI copy the content of the file
+examples/mech.ntlmssp into /etc/gss/mech
+If you are installing in a non standard path check that the location
+of the shared object matches where you installed it in your system
+
+2. The credentials file
+
+Set the environment variable NTLM_USER_FILE to a path to a file with
+your NTLM cedentials in it.
+The file format is the same as the one used by the gss ntlm mechanism
+that can be found in Heimdal. Super simple, one or more lines with:
+DOMAIN:USERNAME:PASSWORD as elements separated by ':'
+
+For example:
+ADDOM:Administrator:Passw0rd
+
+Testing Application:
+--------------------
+
+So far the only application that seem to properly use GSSAPI and
+therfore will work unmodified is Firefox. I tried also Curl, but even
+after making some patches to let it use the builtin SPNEGO implementation
+of GSSAPI it seem that the code is hardcoded to believe there will always
+only ever be one roundtrip. This is not necessarily true with the krb5
+mechanism although it works with that with current implementations.
+I will need more patches for curl, meanwhile use firefox.
+
+The server: I am using a Windows Server with IIS installed and Windows
+Authentication enabled.
+
+In Firefox go in about:config and set the string list named
+network.negotiate-auth.trusted-uris to your Windows server domain
+name suffix. This is necessary otherwise Firefox will not even attempt to
+perform negotiation, regardles of the Mechanism used.
+
+Example:
+network.negotiate-auth.trusted-uris = .addom.example.com
+
--- gss-ntlmssp-0.7.0.orig/debian/changelog
+++ gss-ntlmssp-0.7.0/debian/changelog
@@ -0,0 +1,24 @@
+gss-ntlmssp (0.7.0-2) unstable; urgency=medium
+
+  * rules: Disable tests until failure on big endian architectures
+    has been resolved upstream. (Closes: #845080)
+
+ -- Timo Aaltonen <tjaalton@debian.org>  Tue, 22 Nov 2016 17:45:44 +0200
+
+gss-ntlmssp (0.7.0-1) unstable; urgency=medium
+
+  * New upstream release.
+  * rules, control: Use quilt, run ntlmssptest.
+  * add-openssl-1.1.0-compat.diff: Add support for openssl 1.1.0.
+    (Closes: #828334)
+  * control: Bump policy to 3.9.8, no changes.
+  * control: Use https VCS urls.
+  * control: Add zlib1g-dev to build-depends.
+
+ -- Timo Aaltonen <tjaalton@debian.org>  Mon, 19 Sep 2016 15:20:38 +0300
+
+gss-ntlmssp (0.6.0-1) unstable; urgency=low
+
+  * Initial release (Closes: #795647)
+
+ -- Timo Aaltonen <tjaalton@debian.org>  Sun, 16 Aug 2015 03:27:03 +0300
--- gss-ntlmssp-0.7.0.orig/debian/compat
+++ gss-ntlmssp-0.7.0/debian/compat
@@ -0,0 +1 @@
+9
--- gss-ntlmssp-0.7.0.orig/debian/control
+++ gss-ntlmssp-0.7.0/debian/control
@@ -0,0 +1,61 @@
+Source: gss-ntlmssp
+Priority: optional
+Maintainer: Timo Aaltonen <tjaalton@debian.org>
+Build-Depends: debhelper (>= 9),
+ dh-autoreconf,
+ docbook-xsl,
+ docbook-xml,
+ doxygen,
+ libkrb5-dev,
+ libunistring-dev,
+ libssl-dev,
+ libwbclient-dev,
+ libxml2-dev,
+ libxml2-utils,
+ libxslt1-dev,
+ pkg-config,
+ quilt,
+ xsltproc,
+ zlib1g-dev,
+Standards-Version: 3.9.8
+Section: libs
+Homepage: https://fedorahosted.org/gss-ntlmssp/
+Vcs-Git: https://anonscm.debian.org/git/collab-maint/gss-ntlmssp.git
+Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/gss-ntlmssp.git
+
+Package: gss-ntlmssp-dev
+Section: libdevel
+Architecture: any
+Depends: gss-ntlmssp (= ${binary:Version}), ${misc:Depends}
+Description: GSSAPI NTLMSSP Mechanism -- development headers
+ GSS-NTLMSSP is a GSSAPI mechanism plugin that implements NTLMSSP. 
+ NTLMSSP is a Microsoft Security Provider that implements various 
+ versions and falvors of the NTLM challenge-response family.
+ .
+ GSS-NTLMSSP, implements both NTLM and NTLMv2 and all the various 
+ security variants to the key exchange that Microsoft introduced and 
+ documented over time.
+ .
+ This code implements the NTLMSSP mechanism as a GSSAPI loadable 
+ mechanism and has been tested to work with MIT Kerberos' 1.11 
+ implementation of GSSAPI.
+ .
+ This package supplies the development header.
+
+Package: gss-ntlmssp
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: GSSAPI NTLMSSP Mechanism -- MIT GSSAPI plugin
+ GSS-NTLMSSP is a GSSAPI mechanism plugin that implements NTLMSSP. 
+ NTLMSSP is a Microsoft Security Provider that implements various 
+ versions and falvors of the NTLM challenge-response family.
+ .
+ GSS-NTLMSSP, implements both NTLM and NTLMv2 and all the various 
+ security variants to the key exchange that Microsoft introduced and 
+ documented over time.
+ .
+ This code implements the NTLMSSP mechanism as a GSSAPI loadable 
+ mechanism and has been tested to work with MIT Kerberos' 1.11 
+ implementation of GSSAPI.
+ .
+ This package supplies the MIT GSSAPI plugin.
--- gss-ntlmssp-0.7.0.orig/debian/copyright
+++ gss-ntlmssp-0.7.0/debian/copyright
@@ -0,0 +1,28 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: gss-ntlmssp
+Source: https://fedorahosted.org/gss-ntlmssp/
+
+Files: *
+Copyright: 2013, 2014 Simo Sorce <simo@samba.org> 
+License: LGPL-3+
+
+Files: debian/*
+Copyright: 2015 Timo Aaltonen <tjaalton@debian.org>
+License: LGPL-3+
+
+License: LGPL-3+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU Lesser General
+ Public License version 3 can be found in "/usr/share/common-licenses/LGPL-3".
--- gss-ntlmssp-0.7.0.orig/debian/gss-ntlmssp-dev.install
+++ gss-ntlmssp-0.7.0/debian/gss-ntlmssp-dev.install
@@ -0,0 +1 @@
+usr/include/*
--- gss-ntlmssp-0.7.0.orig/debian/gss-ntlmssp.docs
+++ gss-ntlmssp-0.7.0/debian/gss-ntlmssp.docs
@@ -0,0 +1 @@
+README.txt
--- gss-ntlmssp-0.7.0.orig/debian/gss-ntlmssp.install
+++ gss-ntlmssp-0.7.0/debian/gss-ntlmssp.install
@@ -0,0 +1,3 @@
+etc/gss/mech.d
+usr/lib/*/gssntlmssp/
+usr/share/man/man8
--- gss-ntlmssp-0.7.0.orig/debian/patches/add-openssl-1.1.0-compat.diff
+++ gss-ntlmssp-0.7.0/debian/patches/add-openssl-1.1.0-compat.diff
@@ -0,0 +1,146 @@
+From 46b3661617a24007c54d670baeec46304f521bde Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 29 Jun 2016 11:15:11 -0400
+Subject: [PATCH] Add compatibility with OpenSSL 1.1.0
+
+In their continued wisdom OpenSSL developers keep breaking APIs left and right
+with very poor documentation and forward/backward source compatibility.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ src/crypto.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++------------
+ 1 file changed, 48 insertions(+), 12 deletions(-)
+
+diff --git a/src/crypto.c b/src/crypto.c
+index 9fe69f9..33a0c3e 100644
+--- a/src/crypto.c
++++ b/src/crypto.c
+@@ -27,6 +27,32 @@
+ 
+ #include "crypto.h"
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++HMAC_CTX *HMAC_CTX_new(void)
++{
++    HMAC_CTX *ctx;
++
++    ctx = OPENSSL_malloc(sizeof(HMAC_CTX));
++    if (!ctx) return NULL;
++
++    HMAC_CTX_init(ctx);
++
++    return ctx;
++}
++
++void HMAC_CTX_free(HMAC_CTX *ctx)
++{
++    if (ctx == NULL) return;
++
++    HMAC_CTX_cleanup(ctx);
++    OPENSSL_free(ctx);
++}
++
++#define EVP_MD_CTX_new EVP_MD_CTX_create
++#define EVP_MD_CTX_free EVP_MD_CTX_destroy
++
++#endif
++
+ int RAND_BUFFER(struct ntlm_buffer *random)
+ {
+     int ret;
+@@ -42,30 +68,34 @@ int HMAC_MD5_IOV(struct ntlm_buffer *key,
+                  struct ntlm_iov *iov,
+                  struct ntlm_buffer *result)
+ {
+-    HMAC_CTX hmac_ctx;
++    HMAC_CTX *hmac_ctx;
+     unsigned int len;
+     size_t i;
+     int ret = 0;
+ 
+     if (result->length != 16) return EINVAL;
+ 
+-    HMAC_CTX_init(&hmac_ctx);
++    hmac_ctx = HMAC_CTX_new();
++    if (!hmac_ctx) {
++        ret = ERR_CRYPTO;
++        goto done;
++    }
+ 
+-    ret = HMAC_Init_ex(&hmac_ctx, key->data, key->length, EVP_md5(), NULL);
++    ret = HMAC_Init_ex(hmac_ctx, key->data, key->length, EVP_md5(), NULL);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+     }
+ 
+     for (i = 0; i < iov->num; i++) {
+-        ret = HMAC_Update(&hmac_ctx, iov->data[i]->data, iov->data[i]->length);
++        ret = HMAC_Update(hmac_ctx, iov->data[i]->data, iov->data[i]->length);
+         if (ret == 0) {
+             ret = ERR_CRYPTO;
+             goto done;
+         }
+     }
+ 
+-    ret = HMAC_Final(&hmac_ctx, result->data, &len);
++    ret = HMAC_Final(hmac_ctx, result->data, &len);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+@@ -74,7 +104,7 @@ int HMAC_MD5_IOV(struct ntlm_buffer *key,
+     ret = 0;
+ 
+ done:
+-    HMAC_CTX_cleanup(&hmac_ctx);
++    HMAC_CTX_free(hmac_ctx);
+     return ret;
+ }
+ 
+@@ -93,26 +123,32 @@ static int mdx_hash(const EVP_MD *type,
+                     struct ntlm_buffer *payload,
+                     struct ntlm_buffer *result)
+ {
+-    EVP_MD_CTX ctx;
++    EVP_MD_CTX *ctx;
+     unsigned int len;
+     int ret;
+ 
+     if (result->length != 16) return EINVAL;
+ 
+-    EVP_MD_CTX_init(&ctx);
+-    ret = EVP_DigestInit_ex(&ctx, type, NULL);
++    ctx = EVP_MD_CTX_new();
++    if (!ctx) {
++        ret = ERR_CRYPTO;
++        goto done;
++    }
++
++    EVP_MD_CTX_init(ctx);
++    ret = EVP_DigestInit_ex(ctx, type, NULL);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+     }
+ 
+-    ret = EVP_DigestUpdate(&ctx, payload->data, payload->length);
++    ret = EVP_DigestUpdate(ctx, payload->data, payload->length);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+     }
+ 
+-    ret = EVP_DigestFinal_ex(&ctx, result->data, &len);
++    ret = EVP_DigestFinal_ex(ctx, result->data, &len);
+     if (ret == 0) {
+         ret = ERR_CRYPTO;
+         goto done;
+@@ -121,7 +157,7 @@ static int mdx_hash(const EVP_MD *type,
+     ret = 0;
+ 
+ done:
+-    EVP_MD_CTX_cleanup(&ctx);
++    if (ctx) EVP_MD_CTX_free(ctx);
+     return ret;
+ }
+ 
--- gss-ntlmssp-0.7.0.orig/debian/patches/dont-use-network.diff
+++ gss-ntlmssp-0.7.0/debian/patches/dont-use-network.diff
@@ -0,0 +1,12 @@
+diff --git a/man/gssntlmssp.8.xml b/man/gssntlmssp.8.xml
+index 0cbbe7d..436033c 100644
+--- a/man/gssntlmssp.8.xml
++++ b/man/gssntlmssp.8.xml
+@@ -1,6 +1,6 @@
+ <?xml version="1.0" encoding="UTF-8"?>
+ <!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
+-"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
++"/usr/share/xml/docbook/schema/dtd/4.4/docbookx.dtd">
+ <reference>
+ <title>GSSAPI NTLM mechanism manual page</title>
+ <refentry>
--- gss-ntlmssp-0.7.0.orig/debian/patches/series
+++ gss-ntlmssp-0.7.0/debian/patches/series
@@ -0,0 +1,2 @@
+dont-use-network.diff
+add-openssl-1.1.0-compat.diff
--- gss-ntlmssp-0.7.0.orig/debian/rules
+++ gss-ntlmssp-0.7.0/debian/rules
@@ -0,0 +1,35 @@
+#!/usr/bin/make -f
+# See debhelper(7) (uncomment to enable)
+# output every command that modifies files on the build system.
+#DH_VERBOSE = 1
+
+# see EXAMPLES in dpkg-buildflags(1) and read /usr/share/dpkg/*
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/default.mk
+
+# see FEATURE AREAS in dpkg-buildflags(1)
+#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+
+# see ENVIRONMENT in dpkg-buildflags(1)
+# package maintainers to append CFLAGS
+#export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic
+# package maintainers to append LDFLAGS
+#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+
+# main packaging script based on dh7 syntax
+%:
+	dh $@ --with autoreconf,quilt
+
+override_dh_auto_test:
+#	./ntlmssptest
+
+override_dh_auto_install:
+	dh_auto_install --destdir debian/tmp
+	find debian/tmp -name '*.la' -exec rm -f {} ';'
+	rm -r debian/tmp/usr/share/locale
+	mkdir -p debian/tmp/etc/gss/mech.d
+	install -pm644 examples/mech.ntlmssp debian/tmp/etc/gss/mech.d
+
+override_dh_install:	
+	dh_install --fail-missing
--- gss-ntlmssp-0.7.0.orig/debian/source/format
+++ gss-ntlmssp-0.7.0/debian/source/format
@@ -0,0 +1 @@
+1.0
--- gss-ntlmssp-0.7.0.orig/debian/watch
+++ gss-ntlmssp-0.7.0/debian/watch
@@ -0,0 +1,3 @@
+version=3
+https://fedorahosted.org/released/gss-ntlmssp/gssntlmssp-(.*)\.tar\.gz
+
--- gss-ntlmssp-0.7.0.orig/examples/test_user_file.txt
+++ gss-ntlmssp-0.7.0/examples/test_user_file.txt
@@ -0,0 +1 @@
+TESTDOM:testuser:testpassword
--- gss-ntlmssp-0.7.0.orig/po/gssntlmssp.pot
+++ gss-ntlmssp-0.7.0/po/gssntlmssp.pot
@@ -0,0 +1,167 @@
+# GSS-NTLMSSP Translation Template file.
+# Copyright (C) 2015 Simo Sorce <simo@samba.org>
+# This file is distributed under the same license as the gssntlmssp package.
+# Simo Sorce <simo@samba.org>, 2015.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: gssntlmssp 0.5.0\n"
+"Report-Msgid-Bugs-To: simo@samba.org\n"
+"POT-Creation-Date: 2015-02-20 09:49-0500\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: src/gss_err.c:24
+msgid "Unknown Error"
+msgstr ""
+
+#. ERR_DECODE
+#: src/gss_err.c:25
+msgid "Failed to decode data"
+msgstr ""
+
+#. ERR_ENCODE
+#: src/gss_err.c:26
+msgid "Failed to encode data"
+msgstr ""
+
+#. ERR_CRYPTO
+#: src/gss_err.c:27
+msgid "Crypto routine failure"
+msgstr ""
+
+#. ERR_NOARG
+#: src/gss_err.c:28
+msgid "A required argument is missing"
+msgstr ""
+
+#. ERR_BADARG
+#: src/gss_err.c:29
+msgid "Invalid value in argument"
+msgstr ""
+
+#. ERR_NONAME
+#: src/gss_err.c:30
+msgid "Name is empty"
+msgstr ""
+
+#. ERR_NOSRVNAME
+#: src/gss_err.c:31
+msgid "Not a server name"
+msgstr ""
+
+#. ERR_NOUSRNAME
+#: src/gss_err.c:32
+msgid "Not a user name"
+msgstr ""
+
+#. ERR_BADLMLEVEL
+#: src/gss_err.c:33
+msgid "Bad LM compatibility Level"
+msgstr ""
+
+#. ERR_IMPOSSIBLE
+#: src/gss_err.c:34
+msgid "An impossible error occurred"
+msgstr ""
+
+#. ERR_BADCTX
+#: src/gss_err.c:35
+msgid "Invalid or incomplete context"
+msgstr ""
+
+#. ERR_WRONGCTX
+#: src/gss_err.c:36
+msgid "Wrong context type"
+msgstr ""
+
+#. ERR_WRONGMSG
+#: src/gss_err.c:37
+msgid "Wrong message type"
+msgstr ""
+
+#. ERR_REQNEGFLAG
+#: src/gss_err.c:38
+msgid "A required Negotiate flag was not provided"
+msgstr ""
+
+#. ERR_FAILNEGFLAGS
+#: src/gss_err.c:39
+msgid "Failed to negotiate a common set of flags"
+msgstr ""
+
+#. ERR_BADNEGFLAGS
+#: src/gss_err.c:40
+msgid "Invalid combinations of negotiate flags"
+msgstr ""
+
+#. ERR_NOSRVCRED
+#: src/gss_err.c:41
+msgid "Not a server credential type"
+msgstr ""
+
+#. ERR_NOUSRCRED
+#: src/gss_err.c:42
+msgid "Not a user credential type"
+msgstr ""
+
+#. ERR_BADCRED
+#: src/gss_err.c:43
+msgid "Invalid or unknown credential"
+msgstr ""
+
+#. ERR_NOTOKEN
+#: src/gss_err.c:44
+msgid "Empty or missing token"
+msgstr ""
+
+#. ERR_NOTSUPPORTED
+#: src/gss_err.c:45
+msgid "Feature not supported"
+msgstr ""
+
+#. ERR_NOTAVAIL
+#: src/gss_err.c:46
+msgid "Feature not available"
+msgstr ""
+
+#. ERR_NAMETOOLONG
+#: src/gss_err.c:47
+msgid "Name is too long"
+msgstr ""
+
+#. ERR_NOBINDINGS
+#: src/gss_err.c:48
+msgid "Required channel bingings are not available"
+msgstr ""
+
+#. ERR_TIMESKEW
+#: src/gss_err.c:49
+msgid "Server and client clocks are too far apart"
+msgstr ""
+
+#. ERR_EXPIRED
+#: src/gss_err.c:50
+msgid "Expired"
+msgstr ""
+
+#. ERR_KEYLEN
+#: src/gss_err.c:51
+msgid "Invalid key length"
+msgstr ""
+
+#. ERR_NONTLMV1
+#: src/gss_err.c:52
+msgid "NTLM version 1 not allowed"
+msgstr ""
+
+#. ERR_NOUSRFOUND
+#: src/gss_err.c:53
+msgid "User not found"
+msgstr ""
--- gss-ntlmssp-0.7.0.orig/po/zanata.xml
+++ gss-ntlmssp-0.7.0/po/zanata.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<config xmlns="http://zanata.org/namespace/config/">
+    <url>https://fedora.zanata.org/</url>
+    <project>gss-ntlmssp</project>
+    <project-version>master</project-version>
+    <project-type>gettext</project-type>
+    <src-dir>.</src-dir>
+    <trans-dir>.</trans-dir>
+    <locales>
+        <locale>sq</locale>
+        <locale>ar</locale>
+        <locale>as</locale>
+        <locale>ast</locale>
+        <locale>bal</locale>
+        <locale>eu</locale>
+        <locale>bn</locale>
+        <locale>bn-IN</locale>
+        <locale>brx</locale>
+        <locale>bs</locale>
+        <locale>br</locale>
+        <locale>bg</locale>
+        <locale>ca</locale>
+        <locale>zh-CN</locale>
+        <locale>zh-HK</locale>
+        <locale>zh-TW</locale>
+        <locale>kw</locale>
+        <locale>kw-GB</locale>
+        <locale>cs</locale>
+        <locale>da</locale>
+        <locale>nl</locale>
+        <locale>en-GB</locale>
+        <locale>eo</locale>
+        <locale>et</locale>
+        <locale>fi</locale>
+        <locale>fr</locale>
+        <locale>gl</locale>
+        <locale>ka</locale>
+        <locale>de</locale>
+        <locale>el</locale>
+        <locale>gu</locale>
+        <locale>he</locale>
+        <locale>hi</locale>
+        <locale>hu</locale>
+        <locale>is</locale>
+        <locale>id</locale>
+        <locale>ia</locale>
+        <locale>it</locale>
+        <locale>ja</locale>
+        <locale>kn</locale>
+        <locale>kk</locale>
+        <locale>km</locale>
+        <locale>ky</locale>
+        <locale>ko</locale>
+        <locale>lt</locale>
+        <locale>nds</locale>
+        <locale>mk</locale>
+        <locale>mai</locale>
+        <locale>ms</locale>
+        <locale>ml</locale>
+        <locale>mr</locale>
+        <locale>mn</locale>
+        <locale>ne</locale>
+        <locale>nb</locale>
+        <locale>nn</locale>
+        <locale>or</locale>
+        <locale>pa</locale>
+        <locale>fa</locale>
+        <locale>pl</locale>
+        <locale>pt</locale>
+        <locale>pt-BR</locale>
+        <locale>ro</locale>
+        <locale>ru</locale>
+        <locale>sr</locale>
+        <locale>sr@latin</locale>
+        <locale>si</locale>
+        <locale>sk</locale>
+        <locale>sl</locale>
+        <locale>es</locale>
+        <locale>sv</locale>
+        <locale>tg</locale>
+        <locale>ta</locale>
+        <locale>te</locale>
+        <locale>bo</locale>
+        <locale>tr</locale>
+        <locale>uk</locale>
+        <locale>ur</locale>
+        <locale>wba</locale>
+        <locale>cy</locale>
+        <locale>lv</locale>
+        <locale>kw@uccor</locale>
+        <locale>kw@kkcor</locale>
+        <locale>af</locale>
+        <locale>am</locale>
+        <locale>be</locale>
+        <locale>hr</locale>
+        <locale>de-CH</locale>
+        <locale>th</locale>
+        <locale>vi</locale>
+        <locale>zu</locale>
+        <locale>ilo</locale>
+        <locale>nso</locale>
+        <locale>tw</locale>
+        <locale>yo</locale>
+        <locale>anp</locale>
+    </locales>
+    <rules/>
+</config>