Upgrade to upstream 3.0.4rc2 release

Resolves Bug#1133959.
2014-09-08 13:04:08 +03:00 · 2014-09-08 13:04:08 +03:00 · 29de2eaf88
commit 29de2eaf88
parent 9bfd6e3a48
8 changed files with 47 additions and 582 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,3 +9,4 @@
 /freeradius-server-3.0.1.tar.bz2
 /freeradius-server-3.0.2.tar.bz2
 /freeradius-server-3.0.3.tar.bz2
 /freeradius-server-3.0.4rc2.tar.bz2
--- a/freeradius-case-insensitive-matching.patch
+++ b/freeradius-case-insensitive-matching.patch
@ -1,396 +0,0 @@
 commit dd648b44760b9041d5ea4279e78ee7fb4e5aa13d
 Author: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
 Date:   Tue May 13 11:52:21 2014 +0100
    Fix case insensitive matching in compiled regular expressions
 diff --git a/src/include/map.h b/src/include/map.h
 index ed73093..59732a1 100644
 --- a/src/include/map.h
 +++ b/src/include/map.h
@@ -155,11 +155,14 @@ typedef struct value_pair_tmpl_t {
 	union {
 		struct {
 -			value_data_t const	*value;	 //!< actual data
 -			size_t			length;  //!< of the vpd data
 +			value_data_t const	*value;		//!< actual data
 +			size_t			length;		//!< of the vpd data
 		} literal;
 		xlat_exp_t	*xlat;	 //!< pre-parsed xlat_exp_t
 -		regex_t		*preg;	 //!< pre-parsed regex_t
 +		struct {
 +			regex_t			*comp;		//!< pre-parsed regex_t
 +			bool			iflag;		//!< Case insensitive
 +		} preg;
 	} data;
 } value_pair_tmpl_t;
@@ -170,7 +173,9 @@ typedef struct value_pair_tmpl_t {
 #define vpt_tag		attribute.tag
 #define vpt_xlat	data.xlat
 -#define vpt_preg	data.preg
 +
 +#define vpt_preg	data.preg.comp
 +#define vpt_iflag	data.preg.iflag
 #define vpt_value	data.literal.value
 #define vpt_length	data.literal.length
 diff --git a/src/include/parser.h b/src/include/parser.h
 index 5126edd..6aa858a 100644
 --- a/src/include/parser.h
 +++ b/src/include/parser.h
@@ -73,7 +73,6 @@ struct fr_cond_t {
 		fr_cond_t  	*child;
 	} data;
 -	int		regex_i;
 	int		negate;
 	int		pass2_fixup;
 diff --git a/src/main/evaluate.c b/src/main/evaluate.c
 index 60351c9..c21ed4f 100644
 --- a/src/main/evaluate.c
 +++ b/src/main/evaluate.c
@@ -240,16 +240,13 @@ int radius_evaluate_tmpl(REQUEST *request, int modreturn, UNUSED int depth,
 }
 -static int do_regex(REQUEST *request, value_pair_map_t const *map, bool iflag)
 +static int do_regex(REQUEST *request, value_pair_map_t const *map)
 {
 	int compare, rcode, ret;
 -	int cflags = REG_EXTENDED;
 	regex_t reg, *preg;
 	char *lhs, *rhs;
 	regmatch_t rxmatch[REQUEST_MAX_REGEX + 1];
 -	if (iflag) cflags |= REG_ICASE;
 -
 	/*
 	 *  Expand and then compile it.
 	 */
@@ -262,7 +259,7 @@ static int do_regex(REQUEST *request, value_pair_map_t const *map, bool iflag)
 		}
 		rad_assert(rhs != NULL);
 -		compare = regcomp(&reg, rhs, cflags);
 +		compare = regcomp(&reg, rhs, REG_EXTENDED | (map->src->vpt_iflag ? REG_ICASE : 0));
 		if (compare != 0) {
 			if (debug_flag) {
 				char errbuf[128];
@@ -635,7 +632,7 @@ int radius_evaluate_map(REQUEST *request, UNUSED int modreturn, UNUSED int depth
 	 */
 	if ((map->src->type == VPT_TYPE_REGEX) ||
 	    (map->src->type == VPT_TYPE_REGEX_STRUCT)) {
 -		return do_regex(request, map, c->regex_i);
 +		return do_regex(request, map);
 	}
 #endif
 diff --git a/src/main/modcall.c b/src/main/modcall.c
 index 22ab00b..915c370 100644
 --- a/src/main/modcall.c
 +++ b/src/main/modcall.c
@@ -2829,7 +2829,7 @@ static bool pass2_regex_compile(CONF_ITEM const *ci, value_pair_tmpl_t *vpt)
 	talloc_set_destructor(preg, _free_compiled_regex);
 	if (!preg) return false;
 -	rcode = regcomp(preg, vpt->name, REG_EXTENDED);
 +	rcode = regcomp(preg, vpt->name, REG_EXTENDED | (vpt->vpt_iflag ? REG_ICASE : 0));
 	if (rcode != 0) {
 		char buffer[256];
 		regerror(rcode, preg, buffer, sizeof(buffer));
 diff --git a/src/main/parser.c b/src/main/parser.c
 index fcfd16e..738ca7f 100644
 --- a/src/main/parser.c
 +++ b/src/main/parser.c
@@ -340,7 +340,8 @@ static ssize_t condition_tokenize_cast(char const *start, DICT_ATTR const **pda,
  *  @param[out] error the parse error (if any)
  *  @return length of the string skipped, or when negative, the offset to the offending error
  */
 -static ssize_t condition_tokenize(TALLOC_CTX *ctx, CONF_ITEM *ci, char const *start, int brace, fr_cond_t **pcond, char const **error, int flags)
 +static ssize_t condition_tokenize(TALLOC_CTX *ctx, CONF_ITEM *ci, char const *start, int brace,
 +				  fr_cond_t **pcond, char const **error, int flags)
 {
 	ssize_t slen;
 	char const *p = start;
@@ -477,7 +478,8 @@ static ssize_t condition_tokenize(TALLOC_CTX *ctx, CONF_ITEM *ci, char const *st
 			rad_assert(c->data.vpt->type != VPT_TYPE_REGEX);
 		} else { /* it's an operator */
 -			int regex;
 +			bool regex;
 +			bool i_flag = false;
 			/*
 			 *	The next thing should now be a comparison operator.
@@ -613,7 +615,7 @@ static ssize_t condition_tokenize(TALLOC_CTX *ctx, CONF_ITEM *ci, char const *st
 				 *	Allow /foo/i
 				 */
 				if (p[slen] == 'i') {
 -					c->regex_i = true;
 +					i_flag = true;
 					slen++;
 				}
@@ -637,6 +639,10 @@ static ssize_t condition_tokenize(TALLOC_CTX *ctx, CONF_ITEM *ci, char const *st
 				return_0("Syntax error");
 			}
 +			if (c->data.map->src->type == VPT_TYPE_REGEX) {
 +				c->data.map->src->vpt_iflag = i_flag;
 +			}
 +
 			/*
 			 *	Could have been a reference to an attribute which is registered later.
 			 *	Mark it as being checked in pass2.
@@ -1074,7 +1080,6 @@ done:
 			rcode = radius_evaluate_map(NULL, 0, 0, c);
 			TALLOC_FREE(c->data.map);
 			c->cast = NULL;
 -			c->regex_i = false;
 			if (rcode) {
 				c->type = COND_TYPE_TRUE;
 			} else {
@@ -1097,7 +1102,6 @@ done:
 			int rcode;
 			rad_assert(c->cast == NULL);
 -			rad_assert(c->regex_i == false);
 			rcode = radius_evaluate_map(NULL, 0, 0, c);
 			if (rcode) {
 diff --git a/src/tests/keywords/if-regex-match b/src/tests/keywords/if-regex-match
 index f15e74f..f3e6aa9 100644
 --- a/src/tests/keywords/if-regex-match
 +++ b/src/tests/keywords/if-regex-match
@@ -1,16 +1,96 @@
 # PRE: if
 #
 -# May as well exercise the regular expression engine
 -if (User-Name !~ /^([0-9])_([0-9])?_([0-9]*)_([0-9]+)_([^_])_(6)_([7-8])/) {
 -	reject
 +
 +# Non matching on attribute ref
 +if (User-Name !~ /^([0-9])_([0-9])?_([0-9]*)_([0-9]+)_([^_])_(6)_([7-8])%{Tmp-String-0}/) {
 +	update reply {
 +		Filter-Id += 'Fail 0'
 +	}
 }
 -if ("%{User-Name}" !~ /^([0-9])_([0-9])?_([0-9]*)_([0-9]+)_([^_])_(6)_([7-8])/) {
 -	reject
 +# Matching on xlat expanded value
 +if ("%{User-Name}" !~ /^([0-9])_([0-9])?_([0-9]*)_([0-9]+)_([^_])_(6)_([7-8])%{Tmp-String-0}/) {
 +	update reply {
 +		Filter-Id += 'Fail 1'
 +	}
 }
 -if (User-Name =~ /^([0-9])_([0-9])?_([0-9]*)_([0-9]+)_([^_])_(6)_([7-8])/) {
 +# Matching on attribute ref with capture groups
 +if (User-Name =~ /^([0-9])_([0-9])?_([0-9]*)_([0-9]+)_([^_])_(6)_([7-8])%{Tmp-String-0}/) {
 +	# Test all the capture groups
 	update {
 		reply:User-Name := "%{7}_%{6}_%{5}_%{4}_%{3}_%{2}_%{1}_%{0}"
 	}
 }
 +else {
 +	update reply {
 +		Filter-Id += 'Fail 2'
 +	}
 +}
 +
 +# Checking capture groups are cleared out correctly
 +if (User-Name =~ /^([0-9])_%{Tmp-String-0}/) {
 +	if ("%{0}%{1}%{2}%{3}%{4}%{5}%{6}%{7}" != '1_1') {
 +		update reply {
 +			Filter-Id += 'Fail 3'
 +		}
 +	}
 +}
 +else {
 +	update reply {
 +		Filter-Id += 'Fail 3.5'
 +	}
 +}
 +
 +# Checking capture groups are cleared out correctly when there are no matches
 +if (User-Name =~ /^.%{Tmp-String-0}/) {
 +	if ("%{0}%{1}%{2}%{3}%{4}%{5}%{6}%{7}" != '1') {
 +		update reply {
 +			Filter-Id += 'Fail 4'
 +		}
 +	}
 +}
 +else {
 +	update reply {
 +		Filter-Id += 'Fail 4.5'
 +	}
 +}
 +
 +# compiled - ref - insensitive
 +if (Calling-Station-Id !~ /:roamyroam%{Tmp-String-0}$/i) {
 +	update reply {
 +		Filter-Id += 'Fail 5'
 +	}
 +}
 +
 +# compiled - expansion - insensitive
 +if ("%{Calling-Station-Id}" !~ /:roamyroam%{Tmp-String-0}$/i) {
 +	update reply {
 +		Filter-Id += 'Fail 6'
 +	}
 +}
 +
 +# compiled - enum - ref - insensitive
 +if (Service-Type !~ /^framed-user%{Tmp-String-0}$/i) {
 +	update reply {
 +		Filter-Id += 'Fail 7'
 +	}
 +}
 +
 +# compiled - enum - expansion - insensitive
 +if ("%{Service-Type}" !~ /^framed-user%{Tmp-String-0}$/i) {
 +	update reply {
 +		Filter-Id += 'Fail 8'
 +	}
 +}
 +
 +# compiled - enum - ref
 +if (Service-Type =~ /^framed-user%{Tmp-String-0}$/) {
 +	update reply {
 +		Filter-Id += 'Fail 9'
 +	}
 +}
 +
 +
 +
 +
 diff --git a/src/tests/keywords/if-regex-match-comp b/src/tests/keywords/if-regex-match-comp
 new file mode 100644
 index 0000000..8d68142
 --- /dev/null
 +++ b/src/tests/keywords/if-regex-match-comp
@@ -0,0 +1,94 @@
 +# PRE: if
 +#
 +
 +# Non matching on attribute ref
 +if (User-Name !~ /^([0-9])_([0-9])?_([0-9]*)_([0-9]+)_([^_])_(6)_([7-8])/) {
 +	update reply {
 +		Filter-Id += 'Fail 0'
 +	}
 +}
 +
 +# Matching on xlat expanded value
 +if ("%{User-Name}" !~ /^([0-9])_([0-9])?_([0-9]*)_([0-9]+)_([^_])_(6)_([7-8])/) {
 +	update reply {
 +		Filter-Id += 'Fail 1'
 +	}
 +}
 +
 +# Matching on attribute ref with capture groups
 +if (User-Name =~ /^([0-9])_([0-9])?_([0-9]*)_([0-9]+)_([^_])_(6)_([7-8])/) {
 +	# Test all the capture groups
 +	update {
 +		reply:User-Name := "%{7}_%{6}_%{5}_%{4}_%{3}_%{2}_%{1}_%{0}"
 +	}
 +}
 +else {
 +	update reply {
 +		Filter-Id += 'Fail 2'
 +	}
 +}
 +
 +# Checking capture groups are cleared out correctly
 +if (User-Name =~ /^([0-9])_/) {
 +	if ("%{0}%{1}%{2}%{3}%{4}%{5}%{6}%{7}" != '1_1') {
 +		update reply {
 +			Filter-Id += 'Fail 3'
 +		}
 +	}
 +}
 +else {
 +	update reply {
 +		Filter-Id += 'Fail 3.5'
 +	}
 +}
 +
 +# Checking capture groups are cleared out correctly when there are no matches
 +if (User-Name =~ /^./) {
 +	if ("%{0}%{1}%{2}%{3}%{4}%{5}%{6}%{7}" != '1') {
 +		update reply {
 +			Filter-Id += 'Fail 4'
 +		}
 +	}
 +}
 +else {
 +	update reply {
 +		Filter-Id += 'Fail 4.5'
 +	}
 +}
 +
 +# compiled - ref - insensitive
 +if (Calling-Station-Id !~ /:roamyroam$/i) {
 +	update reply {
 +		Filter-Id += 'Fail 5'
 +	}
 +}
 +
 +# compiled - expansion - insensitive
 +if ("%{Calling-Station-Id}" !~ /:roamyroam$/i) {
 +	update reply {
 +		Filter-Id += 'Fail 6'
 +	}
 +}
 +
 +# compiled - enum - ref - insensitive
 +if (Service-Type !~ /^framed-user$/i) {
 +	update reply {
 +		Filter-Id += 'Fail 7'
 +	}
 +}
 +
 +# compiled - enum - expansion - insensitive
 +if ("%{Service-Type}" !~ /^framed-user$/i) {
 +	update reply {
 +		Filter-Id += 'Fail 8'
 +	}
 +}
 +
 +# compiled - enum - ref
 +if (Service-Type =~ /^framed-user$/) {
 +	update reply {
 +		Filter-Id += 'Fail 9'
 +	}
 +}
 +
 +
 diff --git a/src/tests/keywords/if-regex-match-comp.attrs b/src/tests/keywords/if-regex-match-comp.attrs
 new file mode 100644
 index 0000000..ba7188d
 --- /dev/null
 +++ b/src/tests/keywords/if-regex-match-comp.attrs
@@ -0,0 +1,7 @@
 +User-Name = '1_2_3_4_5_6_7'
 +User-Password = 'hello'
 +Service-Type := 'Framed-User'
 +Calling-Station-ID := '00:11:22:33:44:55:66:ROAMYROAM'
 +
 +Response-Packet-Type == Access-Accept
 +User-Name == '7_6_5_4_3_2_1_1_2_3_4_5_6_7'
 diff --git a/src/tests/keywords/if-regex-match.attrs b/src/tests/keywords/if-regex-match.attrs
 index ab03050..ba7188d 100644
 --- a/src/tests/keywords/if-regex-match.attrs
 +++ b/src/tests/keywords/if-regex-match.attrs
@@ -1,5 +1,7 @@
 User-Name = '1_2_3_4_5_6_7'
 User-Password = 'hello'
 +Service-Type := 'Framed-User'
 +Calling-Station-ID := '00:11:22:33:44:55:66:ROAMYROAM'
 Response-Packet-Type == Access-Accept
 User-Name == '7_6_5_4_3_2_1_1_2_3_4_5_6_7'
--- a/freeradius-foreach.patch
+++ b/freeradius-foreach.patch
@ -1,107 +0,0 @@
 commit c0f670c233e9562118648af641d4f8d182350f31
 Author: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
 Date:   Fri May 16 11:38:22 2014 +0100
    Make the foreach code slightly more sane. Reliably reproduces the issue described by #639
 diff --git a/src/main/modcall.c b/src/main/modcall.c
 index 3dd0828..7a44bf2 100644
 --- a/src/main/modcall.c
 +++ b/src/main/modcall.c
@@ -608,9 +608,9 @@ redo:
 	 */
 	if (c->type == MOD_FOREACH) {
 		int i, foreach_depth = -1;
 -		VALUE_PAIR *vps, **tail, *vp;
 +		VALUE_PAIR *vps, *vp;
 		modcall_stack_entry_t *next = NULL;
 -		vp_cursor_t cursor;
 +		vp_cursor_t cursor, copy;
 		modgroup *g = mod_callabletogroup(c);
 		if (depth >= MODCALL_STACK_MAX) {
@@ -645,31 +645,35 @@ redo:
 		}
 		/*
 -		 *	Copy the VPs from the original request.
 +		 *	Copy the VPs from the original request, this ensures deterministic
 +		 *	behaviour if someone decides to add or remove VPs in the set were
 +		 *	iterating over.
 		 */
 -		fr_cursor_init(&cursor, &vp);
 -		/* Prime the cursor. */
 -		cursor.found = cursor.current;
 -
 		vps = NULL;
 -		tail = &vps;
 -		while (vp) {
 -			*tail = paircopyvp(request, vp);
 -			if (!*tail) break;
 +		fr_cursor_init(&cursor, &vp);
 -			tail = &((*tail)->next); /* really should be using cursors... */
 +		/* Prime the cursor. */
 +		cursor.found = cursor.current;
 +		for (fr_cursor_init(&copy, &vps);
 +		     vp;
 +		     vp = fr_cursor_next_by_da(&cursor, vp->da, g->vpt->attribute.tag)) {
 +		     VALUE_PAIR *tmp;
 -			vp = fr_cursor_next_by_da(&cursor, vp->da, g->vpt->attribute.tag);
 +		     MEM(tmp = paircopyvp(request, vp));
 +		     fr_cursor_insert(&copy, tmp);
 		}
 -		RDEBUG2("%.*sforeach %s ", depth + 1, modcall_spaces,
 -			c->name);
 +		RDEBUG2("%.*sforeach %s ", depth + 1, modcall_spaces, c->name);
 +
 		rad_assert(vps != NULL);
 -		for (vp = fr_cursor_init(&cursor, &vps);
 +		/*
 +		 *	This is the actual body of the foreach loop
 +		 */
 +		for (vp = fr_cursor_first(&copy);
 		     vp != NULL;
 -		     vp = fr_cursor_next(&cursor)) {
 +		     vp = fr_cursor_next(&copy)) {
 #ifndef NDEBUG
 			if (fr_debug_flag >= 2) {
 				char buffer[1024];
@@ -709,7 +713,7 @@ redo:
 			}
 		} /* loop over VPs */
 -		talloc_free(vps);
 +		pairfree(&vps);
 		rad_assert(next != NULL);
 		result = next->result;
 commit 860f645668b9604c897c4ee1338ecfeb88cdd75a
 Author: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
 Date:   Fri May 16 12:32:12 2014 +0100
    Don't free foreach VPs on break #639
    Wwe go back up the stack in an orderly way and don't need this hack anymore
 diff --git a/src/main/modcall.c b/src/main/modcall.c
 index 7a44bf2..5785643 100644
 --- a/src/main/modcall.c
 +++ b/src/main/modcall.c
@@ -732,9 +732,7 @@ redo:
 		for (i = 8; i >= 0; i--) {
 			copy_p = request_data_get(request, radius_get_vp, i);
 			if (copy_p) {
 -				RDEBUG2("%.*s # break Foreach-Variable-%d", depth + 1,
 -					modcall_spaces, i);
 -				pairfree(copy_p);
 +				RDEBUG2("%.*s # break Foreach-Variable-%d", depth + 1, modcall_spaces, i);
 				break;
 			}
 		}
--- a/freeradius-perl-string-escaping.patch
+++ b/freeradius-perl-string-escaping.patch
@ -1,28 +0,0 @@
 commit ff8b26e0cdad5d2579dcf64edbe2fab2b10aecd4
 Author: Alan T. DeKok <aland@freeradius.org>
 Date:   Wed May 14 13:32:42 2014 -0400
    Fix typo.  Closes #635
 diff --git a/src/modules/rlm_perl/rlm_perl.c b/src/modules/rlm_perl/rlm_perl.c
 index 65cd971..a45daec 100644
 --- a/src/modules/rlm_perl/rlm_perl.c
 +++ b/src/modules/rlm_perl/rlm_perl.c
@@ -617,7 +617,7 @@ static void perl_store_vps(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR *vps, H
 			for (vp = fr_cursor_first(&cursor);
 			     vp;
 			     vp = fr_cursor_next(&cursor)) {
 -				if (vp->da->type != PW_TYPE_INVALID) {
 +				if (vp->da->type != PW_TYPE_STRING) {
 					len = vp_prints_value(buffer, sizeof(buffer), vp, 0);
 					av_push(av, newSVpv(buffer, truncate_len(len, sizeof(buffer))));
 					RDEBUG("<--  %s = %s", vp->da->name, buffer);
@@ -634,7 +634,7 @@ static void perl_store_vps(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR *vps, H
 			 */
 		} else if (sublist) {
 -			if (sublist->da->type != PW_TYPE_INVALID) {
 +			if (sublist->da->type != PW_TYPE_STRING) {
 				len = vp_prints_value(buffer, sizeof(buffer), sublist, 0);
 				(void)hv_store(rad_hv, name, strlen(name), newSVpv(buffer, truncate_len(len, sizeof(buffer))), 0);
 				RDEBUG("<--  %s = %s", sublist->da->name, buffer);
--- a/freeradius-redhat-config.patch
+++ b/freeradius-redhat-config.patch
@ -1,38 +1,50 @@
-diff -r -u freeradius-server-3.0.0.orig/raddb/mods-available/eap freeradius-server-3.0.0/raddb/mods-available/eap
+From af06b80f84b5e95153abc7ef55dedaa614eb6b04 Mon Sep 17 00:00:00 2001
--- freeradius-server-3.0.0.orig/raddb/mods-available/eap	2013-10-07 15:49:47.000000000 -0400
+From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
-+++ freeradius-server-3.0.0/raddb/mods-available/eap	2013-11-26 17:48:56.081183431 -0500
+Date: Mon, 8 Sep 2014 12:32:13 +0300
-@@ -435,7 +435,7 @@
+Subject: [PATCH 1/1] Adjust configuration to fit Red Hat specifics
 ---
 raddb/mods-available/eap | 4 ++--
 raddb/radiusd.conf.in    | 7 +++----
 2 files changed, 5 insertions(+), 6 deletions(-)
 diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
 index 9ac2a74..86141d6 100644
 --- a/raddb/mods-available/eap
 +++ b/raddb/mods-available/eap
@@ -435,7 +435,7 @@ eap {
 			#
 			#  You should also delete all of the files
 			#  in the directory when the server starts.
-	#     		tmpdir = /tmp/radiusd
+-	#		tmpdir = /tmp/radiusd
-+	#     		tmpdir = /var/run/radiusd/tmp
+	#		tmpdir = /var/run/radiusd/tmp
-
+ 
 			#  The command used to verify the client cert.
 			#  We recommend using the OpenSSL command-line
-@@ -449,7 +449,7 @@
+@@ -449,7 +449,7 @@ eap {
 			#  in PEM format.  This file is automatically
 			#  deleted by the server when the command
 			#  returns.
-	#    		client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
+-	#		client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
-+	#    		client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
+	#		client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
 		}
-
+ 
 		#
-diff -r -u freeradius-server-3.0.0.orig/raddb/radiusd.conf.in freeradius-server-3.0.0/raddb/radiusd.conf.in
+diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
--- freeradius-server-3.0.0.orig/raddb/radiusd.conf.in	2013-10-07 15:49:47.000000000 -0400
+index 307ae10..7cf71be 100644
-+++ freeradius-server-3.0.0/raddb/radiusd.conf.in	2013-11-26 17:24:52.263467793 -0500
+--- a/raddb/radiusd.conf.in
-@@ -71,8 +71,7 @@
+++ b/raddb/radiusd.conf.in
@@ -70,8 +70,7 @@ certdir = ${confdir}/certs
 cadir   = ${confdir}/certs
 run_dir = ${localstatedir}/run/${name}
-
+ 
 -# Should likely be ${localstatedir}/lib/radiusd
 -db_dir = ${raddbdir}
 +db_dir = ${localstatedir}/lib/radiusd
-
+ 
 #
 # libdir: Where to find the rlm_* modules.
-@@ -376,8 +375,8 @@
+@@ -415,8 +414,8 @@ security {
 	#  member.  This can allow for some finer-grained access
 	#  controls.
 	#
@ -40,6 +52,9 @@ diff -r -u freeradius-server-3.0.0.orig/raddb/radiusd.conf.in freeradius-server-
 -#	group = radius
 +	user = radiusd
 +	group = radiusd
-
+ 
 	#  Core dumps are a bad thing.  This should only be set to
 	#  'yes' if you're debugging a problem with the server.
 -- 
 2.1.0
--- a/freeradius-segfault-on-config-parse.patch
+++ b/freeradius-segfault-on-config-parse.patch
@ -1,19 +0,0 @@
 commit f9e2d539599345b03dde495a36d4ec8bd90d78a5
 Author: Alan T. DeKok <aland@freeradius.org>
 Date:   Thu May 15 10:31:23 2014 -0400
    Use the correct data type.  Closes #634
 diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c
 index 86757df..4564778 100644
 --- a/src/main/mainconfig.c
 +++ b/src/main/mainconfig.c
@@ -83,7 +83,7 @@ static char const *radlog_dest = NULL;
  */
 static char const	*localstatedir = NULL;
 static char const	*prefix = NULL;
 -static char		my_name;
 +static char const	*my_name = NULL;
 static char const	*sbindir = NULL;
 static char const	*run_dir = NULL;
 static char		*syslog_facility = NULL;
--- a/freeradius.spec
+++ b/freeradius.spec
@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
-Version: 3.0.3
+Version: 3.0.4
-Release: 5%{?dist}
+Release: 0.1.rc2%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
@ -13,7 +13,7 @@ URL: http://www.freeradius.org/
 %global HAVE_EC_CRYPTO 0
 %endif
-%global dist_base freeradius-server-%{version}
+%global dist_base freeradius-server-%{version}rc2
 Source0: ftp://ftp.freeradius.org/pub/radius/%{dist_base}.tar.bz2
 Source100: radiusd.service
@ -23,11 +23,7 @@ Source104: freeradius-tmpfiles.conf
 Patch1: freeradius-redhat-config.patch
 Patch2: freeradius-postgres-sql.patch
-Patch3: freeradius-case-insensitive-matching.patch
+Patch3: freeradius-heartbleed-confirm.patch
 Patch4: freeradius-perl-string-escaping.patch
 Patch5: freeradius-segfault-on-config-parse.patch
 Patch6: freeradius-foreach.patch
 Patch7: freeradius-heartbleed-confirm.patch
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
@ -187,10 +183,6 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
 %build
 # Force compile/link options, extra security for network facing daemon
@ -265,6 +257,7 @@ rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/oracle
 rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/unbound
 rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/unbound/default.conf
 rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/couchbase
 # remove unsupported config files
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/experimental.conf
@ -412,6 +405,7 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/copy-acct-to-home-server
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/buffered-sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/tls
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/channel_bindings
 # sites-enabled
 # symlink: /etc/raddb/sites-enabled/xxx -> ../sites-available/xxx
@ -671,6 +665,7 @@ exit 0
 %files python
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/python
 /etc/raddb/mods-config/python/example.py*
 /etc/raddb/mods-config/python/radiusd.py*
 %{_libdir}/freeradius/rlm_python.so
 %files mysql
@ -768,6 +763,10 @@ exit 0
 %{_libdir}/freeradius/rlm_sql_unixodbc.so
 %changelog
 * Mon Sep  8 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.4-0.1.rc2
 - Upgrade to upstream 3.0.4-rc2 release.
  See upstream ChangeLog for details (in freeradius-doc subpackage).
 * Tue Aug 26 2014 Jitka Plesnikova <jplesnik@redhat.com> - 3.0.3-5
 - Perl 5.20 rebuild
--- a/2
+++ b/2
@ -1 +1 @@
-6093be8d2a962035d6b1111789b3447c  freeradius-server-3.0.3.tar.bz2
+5035eb3a28aeba1fc20da9b2c01ce16e  freeradius-server-3.0.4rc2.tar.bz2
`@ -1 +1 @@`
	`6093be8d2a962035d6b1111789b3447c freeradius-server-3.0.3.tar.bz2`	`5035eb3a28aeba1fc20da9b2c01ce16e freeradius-server-3.0.4rc2.tar.bz2`