Upgrade to upstream major new version 3.0 (pre-release rc0)

2013-07-22 18:52:14 -04:00 · 2013-07-22 18:52:14 -04:00 · 7e11ad3d44
commit 7e11ad3d44
parent 3ea30fb14e
9 changed files with 385 additions and 610 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,6 @@
-freeradius-server-2.1.9.tar.bz2
+/freeradius-server-2.1.9.tar.bz2
 /freeradius-server-2.1.10.tar.bz2
 /freeradius-server-2.1.11.tar.bz2
 /freeradius-server-2.1.12.tar.bz2
 /freeradius-server-2.2.0.tar.bz2
 /freeradius-server-release_3_0_0_rc0.tar.gz
--- a/freeradius-cert-config.patch
+++ b/freeradius-cert-config.patch
@ -1,52 +0,0 @@
 diff -r -u freeradius-server-2.2.0.orig/raddb/certs/ca.cnf freeradius-server-2.2.0.work/raddb/certs/ca.cnf
 --- freeradius-server-2.2.0.orig/raddb/certs/ca.cnf	2012-09-10 07:51:34.000000000 -0400
 +++ freeradius-server-2.2.0.work/raddb/certs/ca.cnf	2012-09-25 15:29:08.792013636 -0400
@@ -14,7 +14,7 @@
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
 -default_days		= 365
 +default_days		= 60
 default_crl_days	= 30
 default_md		= sha1
 preserve		= no
 diff -r -u freeradius-server-2.2.0.orig/raddb/certs/client.cnf freeradius-server-2.2.0.work/raddb/certs/client.cnf
 --- freeradius-server-2.2.0.orig/raddb/certs/client.cnf	2012-09-10 07:51:34.000000000 -0400
 +++ freeradius-server-2.2.0.work/raddb/certs/client.cnf	2012-09-25 15:29:19.046932303 -0400
@@ -14,7 +14,7 @@
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
 -default_days		= 365
 +default_days		= 60
 default_crl_days	= 30
 default_md		= sha1
 preserve		= no
 diff -r -u freeradius-server-2.2.0.orig/raddb/certs/server.cnf freeradius-server-2.2.0.work/raddb/certs/server.cnf
 --- freeradius-server-2.2.0.orig/raddb/certs/server.cnf	2012-09-10 07:51:34.000000000 -0400
 +++ freeradius-server-2.2.0.work/raddb/certs/server.cnf	2012-09-25 15:29:26.118877959 -0400
@@ -14,7 +14,7 @@
 RANDFILE		= $dir/.rand
 name_opt		= ca_default
 cert_opt		= ca_default
 -default_days		= 365
 +default_days		= 60
 default_crl_days	= 30
 default_md		= sha1
 preserve		= no
 diff -r -u freeradius-server-2.2.0.orig/raddb/eap.conf freeradius-server-2.2.0.work/raddb/eap.conf
 --- freeradius-server-2.2.0.orig/raddb/eap.conf	2012-09-10 07:51:34.000000000 -0400
 +++ freeradius-server-2.2.0.work/raddb/eap.conf	2012-09-25 15:31:17.623971648 -0400
@@ -281,7 +281,11 @@
 			# for the server to print out an error message,
 			# and refuse to start.
 			#
 -			make_cert_command = "${certdir}/bootstrap"
 +			# Redhat RPM's run the bootstrap certificate creation
 +			# as part of the RPM install (not upgrade), therefore
 +			# the make_cert_command is commented out.
 +			#
 +			#make_cert_command = "${certdir}/bootstrap"
 			#
 			#  Elliptical cryptography configuration
--- a/freeradius-dhcp_sqlippool.patch
+++ b/freeradius-dhcp_sqlippool.patch
@ -1,18 +0,0 @@
 diff --git a/raddb/modules/dhcp_sqlippool b/raddb/modules/dhcp_sqlippool
 index 39358b2..2a29daf 100644
 --- a/raddb/modules/dhcp_sqlippool
 +++ b/raddb/modules/dhcp_sqlippool
@@ -14,8 +14,11 @@ sqlippool dhcp_sqlippool {
 	# Client's MAC address is mapped to Calling-Station-Id in policy.conf
 	pool-key = "%{Calling-Station-Id}"
 -	# For now, it only works with MySQL.
 -	$INCLUDE ${confdir}/sql/mysql/ippool-dhcp.conf
 +	# For now, it only works with MySQL. 
 +	# This line is commented by default to enable clean startup when you
 +	# don't have freeradius-mysql installed. Uncomment this line if you 
 +	# use this module.
 +	#$INCLUDE ${confdir}/sql/mysql/ippool-dhcp.conf
 	sqlippool_log_exists = "DHCP: Existing IP: %{reply:Framed-IP-Address} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})"
--- a/freeradius-exclude-config-file.patch
+++ b/freeradius-exclude-config-file.patch
@ -1,103 +0,0 @@
 a53a18e Be more careful about which config files we load
 diff --git a/src/include/conffile.h b/src/include/conffile.h
 index bc7f90a..21fc2cd 100644
 --- a/src/include/conffile.h
 +++ b/src/include/conffile.h
@@ -58,6 +58,7 @@ int		cf_section_parse(CONF_SECTION *, void *base,
 				 const CONF_PARSER *variables);
 void		cf_section_parse_free(CONF_SECTION *cs, void *base);
 const CONF_PARSER *cf_section_parse_table(CONF_SECTION *cs);
 +int cf_exclude_file(const char *filename);
 CONF_SECTION	*cf_file_read(const char *file);
 int		cf_file_include(const char *file, CONF_SECTION *cs);
 diff --git a/src/main/conffile.c b/src/main/conffile.c
 index ff76e2c..38b6aec 100644
 --- a/src/main/conffile.c
 +++ b/src/main/conffile.c
@@ -1276,6 +1276,41 @@ static int condition_looks_ok(const char **ptr)
 	return 0;
 }
 +int cf_exclude_file(const char *filename)
 +{
 +	int i;
 +	size_t len;
 +	const char *p = filename;
 +
 +	/*
 +	 *	FIXME: Maybe later make this a globally set configuration
 +	 *	variable.  But that's low priority.
 +	 */
 +	static const char *excluded[] = {
 +		"rpmsave", "rpmnew", "dpkg-new", "dpkg-dist", "dpkg-old",
 +		"bak", NULL
 +	};
 +
 +	if (!p || !*p) return TRUE; /* coding error */
 +
 +	if (*p == '.') return TRUE; /* ".", "..", ".foo", ... */
 +
 +	if (*p == '#') return TRUE; /* #foo# */
 +
 +	len = strlen(p);
 +	if (p[len - 1] == '~') return TRUE; /* foo~ */
 +
 +	p = strrchr(p, '.');
 +	if (!p) return FALSE;	/* just "foo", it's OK */
 +
 +	p++;
 +	for (i = 0; excluded[i] != NULL; i++) {
 +		if (strcmp(p, excluded[i]) == 0) return TRUE;
 +	}
 +
 +	return FALSE;
 +}
 +
 static const char *cf_local_file(CONF_SECTION *cs, const char *local,
 				 char *buffer, size_t bufsize)
@@ -1512,25 +1547,11 @@ static int cf_section_read(const char *filename, int *lineno, FILE *fp,
 				}
 				/*
 -				 *	Read the directory, ignoring "." files.
 +				 *	Read the directory, ignoring some files.
 				 */
 				while ((dp = readdir(dir)) != NULL) {
 -					const char *p;
 -
 -					if (dp->d_name[0] == '.') continue;
 -
 -					/*
 -					 *	Check for valid characters
 -					 */
 -					for (p = dp->d_name; *p != '\0'; p++) {
 -						if (isalpha((int)*p) ||
 -						    isdigit((int)*p) ||
 -						    (*p == '-') ||
 -						    (*p == '_') ||
 -						    (*p == '.')) continue;
 -						break;
 -					}
 -					if (*p != '\0') continue;
 +					if (cf_exclude_file(dp->d_name))
 +						continue;
 					snprintf(buf2, sizeof(buf2), "%s%s",
 						 value, dp->d_name);
 diff --git a/src/modules/rlm_policy/parse.c b/src/modules/rlm_policy/parse.c
 index 71a7eb6..4b3fc7c 100644
 --- a/src/modules/rlm_policy/parse.c
 +++ b/src/modules/rlm_policy/parse.c
@@ -1589,8 +1589,7 @@ static int parse_include(policy_lex_file_t *lexer)
 			while ((dp = readdir(dir)) != NULL) {
 				struct stat buf;
 -				if (dp->d_name[0] == '.') continue;
 -				if (strchr(dp->d_name, '~') != NULL) continue;
 +				if (cf_exclude_file(dp->d_name)) continue;
 				strlcpy(p, dp->d_name,
 					sizeof(buffer) - (p - buffer));
--- a/freeradius-radeapclient-ipv6.patch
+++ b/freeradius-radeapclient-ipv6.patch
@ -1,158 +0,0 @@
 diff -r -u freeradius-server-2.1.12.orig/man/man1/radeapclient.1 freeradius-server-2.1.12.work/man/man1/radeapclient.1
 --- freeradius-server-2.1.12.orig/man/man1/radeapclient.1	2011-09-30 10:12:07.000000000 -0400
 +++ freeradius-server-2.1.12.work/man/man1/radeapclient.1	2012-02-28 11:11:46.023456307 -0500
@@ -3,6 +3,8 @@
 radeapclient - send EAP packets to a RADIUS server, calculate responses
 .SH SYNOPSIS
 .B radeapclient
 +.RB [ \-4 ]
 +.RB [ \-6 ]
 .RB [ \-c
 .IR count ]
 .RB [ \-d
@@ -27,7 +29,7 @@
 \fBradeapclient\fP is a radius client program. It can send arbitrary radius
 packets to a radius server, then shows the reply. Radeapclient differs from
 radclient in that if there is an EAP-MD5 challenge, then it will be responded
 -to. 
 +to.
 .PP
 \fBradeapclient\fP is otherwise identical to \fBradclient\fP.
 .PP
@@ -36,11 +38,15 @@
 .PP
 .PP
 The \fIEAP-MD5-Password\fP attribute, if present is used to respond to an
 -MD5 challenge. 
 +MD5 challenge.
 .PP
 No other EAP types are currently supported.
 .SH OPTIONS
 +.IP \-4
 +Use IPv4 (default)
 +.IP \-6
 +Use IPv6
 .IP \-c\ \fIcount\fP
 Send each packet \fIcount\fP times.
 .IP \-d\ \fIraddb\fP
@@ -82,7 +88,7 @@
   echo 'EAP-Type-Identity = "bob";
   echo 'Message-Authenticator = 0x00';
   echo 'NAS-Port = 0' ) >req.txt
 -  
 +
 radeapclient -x localhost auth testing123 <req.txt
 .fi
 .sp
 diff -r -u freeradius-server-2.1.12.orig/src/modules/rlm_eap/radeapclient.c freeradius-server-2.1.12.work/src/modules/rlm_eap/radeapclient.c
 --- freeradius-server-2.1.12.orig/src/modules/rlm_eap/radeapclient.c	2011-09-30 10:12:07.000000000 -0400
 +++ freeradius-server-2.1.12.work/src/modules/rlm_eap/radeapclient.c	2012-02-28 11:44:34.011174367 -0500
@@ -90,6 +90,8 @@
 	fprintf(stderr, "  -s          Print out summary information of auth results.\n");
 	fprintf(stderr, "  -v          Show program version information.\n");
 	fprintf(stderr, "  -x          Debugging mode.\n");
 +	fprintf(stderr, "  -4          Use IPv4 address of server\n");
 +	fprintf(stderr, "  -6          Use IPv6 address of server.\n");
 	exit(1);
 }
@@ -169,7 +171,7 @@
 		ip = &packet->dst_ipaddr;
 		port = packet->dst_port;
 	}
 -	
 +
 	/*
 	 *	Client-specific debugging re-prints the input
 	 *	packet into the client log.
@@ -975,15 +977,22 @@
 	FILE *fp;
 	int count = 1;
 	int id;
 +	int force_af = AF_UNSPEC;
 	id = ((int)getpid() & 0xff);
 	fr_debug_flag = 0;
 	radlog_dest = RADLOG_STDERR;
 -	while ((c = getopt(argc, argv, "c:d:f:hi:qst:r:S:xXv")) != EOF)
 +	while ((c = getopt(argc, argv, "46c:d:f:hi:qst:r:S:xXv")) != EOF)
 	{
 		switch(c) {
 +		case '4':
 +			force_af = AF_INET;
 +			break;
 +		case '6':
 +			force_af = AF_INET6;
 +			break;
 		case 'c':
 			if (!isdigit((int) *optarg))
 				usage();
@@ -1106,11 +1115,45 @@
 	req->id = id;
 	/*
 -	 *	Strip port from hostname if needed.
 +	 *	Resolve hostname.
 	 */
 -	if ((p = strchr(argv[1], ':')) != NULL) {
 -		*p++ = 0;
 -		port = atoi(p);
 +	if (force_af == AF_UNSPEC) force_af = AF_INET;
 +	req->dst_ipaddr.af = force_af;
 +	if (strcmp(argv[1], "-") != 0) {
 +		const char *hostname = argv[1];
 +		const char *portname = argv[1];
 +		char buffer[256];
 +
 +		if (*argv[1] == '[') { /* IPv6 URL encoded */
 +			p = strchr(argv[1], ']');
 +			if ((size_t) (p - argv[1]) >= sizeof(buffer)) {
 +				usage();
 +			}
 +
 +			memcpy(buffer, argv[1] + 1, p - argv[1] - 1);
 +			buffer[p - argv[1] - 1] = '\0';
 +
 +			hostname = buffer;
 +			portname = p + 1;
 +
 +		}
 +		p = strchr(portname, ':');
 +		if (p && (strchr(p + 1, ':') == NULL)) {
 +			*p = '\0';
 +			portname = p + 1;
 +		} else {
 +			portname = NULL;
 +		}
 +
 +		if (ip_hton(hostname, force_af, &req->dst_ipaddr) < 0) {
 +			fprintf(stderr, "radclient: Failed to find IP address for host %s: %s\n", hostname, strerror(errno));
 +			exit(1);
 +		}
 +
 +		/*
 +		 *	Strip port from hostname if needed.
 +		 */
 +		if (portname) port = atoi(portname);
 	}
 	/*
@@ -1143,15 +1186,7 @@
 	} else {
 		usage();
 	}
 -
 -	/*
 -	 *	Resolve hostname.
 -	 */
 	req->dst_port = port;
 -	if (ip_hton(argv[1], AF_INET, &req->dst_ipaddr) < 0) {
 -		fprintf(stderr, "radclient: Failed to find IP address for host %s\n", argv[1]);
 -		exit(1);
 -	}
 	/*
 	 *	Add the secret.
--- a/freeradius-radtest.patch
+++ b/freeradius-radtest.patch
@ -1,13 +0,0 @@
 diff -u -r freeradius-server-2.1.12.orig/src/main/radtest.in freeradius-server-2.1.12/src/main/radtest.in
 --- freeradius-server-2.1.12.orig/src/main/radtest.in	2011-09-30 10:12:07.000000000 -0400
 +++ freeradius-server-2.1.12/src/main/radtest.in	2012-01-05 15:51:56.877585514 -0500
@@ -121,7 +121,7 @@
 	    echo "EAP-Code = Response"
 	    echo "EAP-Type-Identity = \"$1\""
 	fi
 -	if [ "$6" ]
 +	if [ ! -z "$6" ] && [[ $6 =~ ^[0-9]+$ ]] && [ $6 -gt 0 ]
 	then
 		echo "Framed-Protocol = PPP"
 	fi
 Only in freeradius-server-2.1.12/src/main: radtest.in~
--- a/freeradius-redhat-config.patch
+++ b/freeradius-redhat-config.patch
@ -0,0 +1,13 @@
 --- freeradius-server-release_3_0_0_rc0.orig/raddb/radiusd.conf.in	2013-07-11 11:09:02.000000000 -0400
 +++ freeradius-server-release_3_0_0_rc0/raddb/radiusd.conf.in	2013-07-20 07:51:22.811104727 -0400
@@ -376,8 +376,8 @@
 	#  member.  This can allow for some finer-grained access
 	#  controls.
 	#
 -#	user = radius
 -#	group = radius
 +	user = radiusd
 +	group = radiusd
 	#  Core dumps are a bad thing.  This should only be set to
 	#  'yes' if you're debugging a problem with the server.
--- a/freeradius.spec
+++ b/freeradius.spec
@ -1,33 +1,34 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
-Version: 2.2.0
+Version: 3.0.0
-Release: 6%{?dist}
+Release: rc0.0%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
-Source0: ftp://ftp.freeradius.org/pub/radius/freeradius-server-%{version}.tar.bz2
+# Is elliptic curve cryptography supported?
 %if 0%{?rhel}
 %global HAVE_EC_CRYPTO 1
 %else
 %global HAVE_EC_CRYPTO 0
 %endif
 %global dist_base freeradius-server-release_3_0_0_rc0
 Source0: %{dist_base}.tar.gz
 #FIXME, after 3.0 is released  Source0: ftp://ftp.freeradius.org/pub/radius/%{dist_base}.tar.bz2
 Source100: radiusd.service
 Source102: freeradius-logrotate
 Source103: freeradius-pam-conf
 Source104: %{name}-tmpfiles.conf
-Patch1: freeradius-cert-config.patch
+Patch1: freeradius-redhat-config.patch
 Patch2: freeradius-radtest.patch
 Patch3: freeradius-radeapclient-ipv6.patch
 Patch4: freeradius-exclude-config-file.patch
 Patch5: freeradius-dhcp_sqlippool.patch
-Obsoletes: freeradius-devel
+%global docdir %{_docdir}/freeradius-%{version}
 Obsoletes: freeradius-libs
 %define docdir %{_docdir}/freeradius-%{version}
 %define initddir %{?_initddir:%{_initddir}}%{!?_initddir:%{_initrddir}}
 BuildRequires: autoconf
 BuildRequires: gdbm-devel
-BuildRequires: libtool
+BuildRequires: openssl
 BuildRequires: libtool-ltdl-devel
 BuildRequires: openssl-devel
 BuildRequires: pam-devel
 BuildRequires: zlib-devel
@ -36,6 +37,14 @@ BuildRequires: net-snmp-utils
 BuildRequires: readline-devel
 BuildRequires: libpcap-devel
 BuildRequires: systemd-units
 BuildRequires: libtalloc-devel
 BuildRequires: pcre-devel
 %if ! 0%{?rhel}
 BuildRequires: tncfhh-devel
 BuildRequires: libyubikey-devel
 BuildRequires: ykclient-devel
 %endif
 Requires: openssl
 Requires(pre): shadow-utils glibc-common
@ -74,6 +83,14 @@ of the server, and let you decide if they satisfy your needs.
 Support for RFC and VSA Attributes Additional server configuration
 attributes Selecting a particular configuration Authentication methods
 %package devel
 Group: System Environment/Daemons
 Summary: FreeRADIUS utilities
 Requires: %{name} = %{version}-%{release}
 %description devel
 Development headers and libraries for FreeRADIUS.
 %package ldap
 Summary: LDAP support for freeradius
 Group: System Environment/Daemons
@ -98,12 +115,7 @@ Group: System Environment/Daemons
 Requires: %{name} = %{version}-%{release}
 Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version))
 %{?fedora:BuildRequires: perl-devel}
 %if 0%{?rhel} <= 5
 BuildRequires: perl
 %endif
 %if 0%{?rhel} >= 6
 BuildRequires: perl-devel
 %endif
 BuildRequires: perl(ExtUtils::Embed)
 %description perl
@ -136,6 +148,15 @@ BuildRequires: postgresql-devel
 %description postgresql
 This plugin provides the postgresql support for the FreeRADIUS server project.
 %package sqlite
 Summary: SQLite support for freeradius
 Group: System Environment/Daemons
 Requires: %{name} = %{version}-%{release}
 BuildRequires: sqlite-devel
 %description sqlite
 This plugin provides the SQLite support for the FreeRADIUS server project.
 %package unixODBC
 Summary: Unix ODBC support for freeradius
 Group: System Environment/Daemons
@ -147,43 +168,17 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 %prep
-%setup -q -n freeradius-server-%{version}
+%setup -q -n %{dist_base}
-%patch1 -p1 -b .cert-config
+%patch1 -p1 -b .redhat-config
 %patch2 -p1 -b .radtest
 %patch3 -p1 -b radeapclient-ipv6
 %patch4 -p1 -b exclude-config-file
 # do not make backup file for module configs, the backup will be installed
 %patch5 -p1
 # Some source files mistakenly have execute permissions set
 find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} +
 %build
-# Add compile/link options
+# Force compile/link options, extra security for network facing daemon
-#   -fpic, -fPIE, -DPIE -pie, -Wl,-znow
+%global _hardened_build 1
 #     Extra security for network facing daemon; fully relocatable code
 #     loaded at random addresses, address tables are read-only
 #   -fno-strict-aliasing
 #     Source code does not observe strict aliasing, disable certain
 #     optimizations which may yield unanticipated results, fixes this error:
 #     "dereferencing type-punned pointer will break strict-aliasing rules"
 %ifarch s390 s390x
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fPIC -fPIE -DPIE"
 export LDFLAGS="-pie -Wl,-znow"
 %else
 export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -fpic -fPIE -DPIE"
 export LDFLAGS="-pie -Wl,-znow"
 %endif
 %configure \
        --libdir=%{_libdir}/freeradius \
        --with-system-libtool \
        --with-system-libltdl \
        --disable-ltdl-install \
        --with-udpfromto \
        --with-gnu-ld \
        --with-threads \
        --with-thread-pool \
        --with-docdir=%{docdir} \
        --with-rlm-sql_postgresql-include-dir=/usr/include/pgsql \
        --with-rlm-sql-postgresql-lib-dir=%{_libdir} \
@ -192,28 +187,18 @@ export LDFLAGS="-pie -Wl,-znow"
        --with-unixodbc-lib-dir=%{_libdir} \
        --with-rlm-dbm-lib-dir=%{_libdir} \
        --with-rlm-krb5-include-dir=/usr/kerberos/include \
        --with-modules="rlm_wimax" \
        --without-rlm_eap_ikev2 \
        --without-rlm_sql_iodbc \
        --without-rlm_sql_firebird \
        --without-rlm_sql_db2 \
        --without-rlm_sql_oracle
 %if "%{_lib}" == "lib64"
 perl -pi -e 's:sys_lib_search_path_spec=.*:sys_lib_search_path_spec="/lib64 /usr/lib64 /usr/local/lib64":' libtool
 %endif
 make
 %install
 mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/radiusd
 # fix for bad libtool bug - can not rebuild dependent libs and bins
 #FIXME export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}
 make install R=$RPM_BUILD_ROOT
-# modify default configuration
+
 RADDB=$RPM_BUILD_ROOT%{_sysconfdir}/raddb
 perl -i -pe 's/^#user =.*$/user = radiusd/'   $RADDB/radiusd.conf
 perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf
 # logs
 mkdir -p $RPM_BUILD_ROOT/var/log/radius/radacct
 touch $RPM_BUILD_ROOT/var/log/radius/{radutmp,radius.log}
@ -228,25 +213,32 @@ install -d -m 0710 %{buildroot}%{_localstatedir}/run/radiusd/
 install -m 0644 %{SOURCE104} %{buildroot}%{_sysconfdir}/tmpfiles.d/radiusd.conf
 # remove unneeded stuff
-rm -rf doc/00-OLD
+rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/*.crt
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/*.csr
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/*.der
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/*.key
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/*.pem
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/*.p12
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/index.*
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/serial*
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/dh
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/random
 rm -f $RPM_BUILD_ROOT/usr/sbin/rc.radiusd
 rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.a
 rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.la
 rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sql/mssql
 rm -rf $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sql/oracle
 rm -rf $RPM_BUILD_ROOT/%{_datadir}/dialup_admin/sql/oracle
 rm -rf $RPM_BUILD_ROOT/%{_datadir}/dialup_admin/lib/sql/oracle
 rm -rf $RPM_BUILD_ROOT/%{_datadir}/dialup_admin/lib/sql/drivers/oracle
-# remove header files, we don't ship a devel package and the
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/mssql
-# headers have multilib conflicts
+
-rm -rf $RPM_BUILD_ROOT/%{_includedir}
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool/oracle
 rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/oracle
 # remove unsupported config files
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/experimental.conf
 # install doc files omitted by standard install
-for f in COPYRIGHT CREDITS INSTALL README; do
+for f in COPYRIGHT CREDITS INSTALL README.rst VERSION; do
    cp $f $RPM_BUILD_ROOT/%{docdir}
 done
 cp LICENSE $RPM_BUILD_ROOT/%{docdir}/LICENSE.gpl
@ -259,7 +251,7 @@ cat >> $RPM_BUILD_ROOT/%{docdir}/REDHAT << EOF
 Red Hat, RHEL, Fedora, and CentOS specific information can be found on the
 FreeRADIUS Wiki in the Red Hat FAQ.
-http://wiki.freeradius.org/Red_Hat_FAQ
+http://wiki.freeradius.org/guide/Red-Hat-FAQ
 Please reference that document.
@ -293,144 +285,35 @@ if [ $1 -eq 0 ]; then           # uninstall
 fi
 exit 0
 %triggerun -- freeradius < 2.1.11-5
 # Save the current service runlevel info
 # User must manually run systemd-sysv-convert --apply radiusd
 # to migrate them to systemd targets
 /usr/bin/systemd-sysv-convert --save radiusd >/dev/null 2>&1 ||:
 # Run these because the SysV package being removed won't do them
 /sbin/chkconfig --del radiusd >/dev/null 2>&1 || :
 /bin/systemctl try-restart radiusd.service >/dev/null 2>&1 || :
 %files
 %defattr(-,root,root)
 # doc
 %doc %{docdir}/
-%config(noreplace) %{_sysconfdir}/pam.d/radiusd
+
 %config(noreplace) %{_sysconfdir}/logrotate.d/radiusd
 %{_unitdir}/radiusd.service
 %config %{_sysconfdir}/tmpfiles.d/radiusd.conf
 %dir %attr(710,radiusd,radiusd) %{_localstatedir}/run/radiusd
 %dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd
 # configs
 %dir %attr(755,root,radiusd) /etc/raddb
 %defattr(-,root,radiusd)
 %attr(644,root,radiusd) %config(noreplace) /etc/raddb/dictionary
 %config(noreplace) /etc/raddb/acct_users
 %config(noreplace) /etc/raddb/attrs
 %config(noreplace) /etc/raddb/attrs.access_challenge
 %config(noreplace) /etc/raddb/attrs.access_reject
 %config(noreplace) /etc/raddb/attrs.accounting_response
 %config(noreplace) /etc/raddb/attrs.pre-proxy
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/clients.conf
 %config(noreplace) /etc/raddb/hints
 %config(noreplace) /etc/raddb/huntgroups
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sqlippool.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/preproxy_users
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/proxy.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/radiusd.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sql.conf
 %dir %attr(750,root,radiusd) /etc/raddb/sql
 #%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sql/oracle/*
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/users
 %dir %attr(770,root,radiusd) /etc/raddb/certs
 %config(noreplace) /etc/raddb/certs/Makefile
 %config(noreplace) /etc/raddb/certs/README
 %config(noreplace) /etc/raddb/certs/xpextensions
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf
 %attr(750,root,radiusd) /etc/raddb/certs/bootstrap
 %dir %attr(750,root,radiusd) /etc/raddb/sites-available
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/*
 %dir %attr(750,root,radiusd) /etc/raddb/sites-enabled
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-enabled/*
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/eap.conf
 %config(noreplace) %attr(640,root,radiusd) /etc/raddb/example.pl
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.conf
 %config(noreplace) /etc/raddb/policy.txt
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/templates.conf
 %dir %attr(750,root,radiusd) /etc/raddb/modules
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/acct_unique
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/always
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/attr_filter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/attr_rewrite
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/cache
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/chap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/checkval
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/counter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/cui
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/detail
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/detail.example.com
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/detail.log
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/dhcp_sqlippool
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/digest
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/dynamic_clients
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/echo
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/etc_group
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/exec
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/expiration
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/expr
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/files
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/inner-eap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/ippool
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/logintime
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/linelog
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/mac2ip
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/mac2vlan
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/mschap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/ntlm_auth
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/opendirectory
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/otp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/pam
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/pap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/perl
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/passwd
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/policy
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/preprocess
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/radrelay
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/radutmp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/realm
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/redis
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/rediswho
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/replicate
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/smbpasswd
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/smsotp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/soh
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/sql_log
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/sqlcounter_expire_on_login
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/sradutmp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/unix
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/wimax
 # binaries
 %defattr(-,root,root)
 /usr/sbin/checkrad
 /usr/sbin/raddebug
 /usr/sbin/radiusd
 /usr/sbin/radwatch
 /usr/sbin/radmin
 # man-pages
 %doc %{_mandir}/man5/acct_users.5.gz
 %doc %{_mandir}/man5/clients.conf.5.gz
 %doc %{_mandir}/man5/dictionary.5.gz
 %doc %{_mandir}/man5/radiusd.conf.5.gz
 %doc %{_mandir}/man5/radrelay.conf.5.gz
 %doc %{_mandir}/man5/rlm_acct_unique.5.gz
 %doc %{_mandir}/man5/rlm_always.5.gz
 %doc %{_mandir}/man5/rlm_attr_filter.5.gz
 %doc %{_mandir}/man5/rlm_attr_rewrite.5.gz
 %doc %{_mandir}/man5/rlm_chap.5.gz
 %doc %{_mandir}/man5/rlm_counter.5.gz
 %doc %{_mandir}/man5/rlm_detail.5.gz
 %doc %{_mandir}/man5/rlm_digest.5.gz
 %doc %{_mandir}/man5/rlm_expr.5.gz
 %doc %{_mandir}/man5/rlm_files.5.gz
 %doc %{_mandir}/man5/rlm_idn.5.gz
 %doc %{_mandir}/man5/rlm_mschap.5.gz
 %doc %{_mandir}/man5/rlm_pap.5.gz
 %doc %{_mandir}/man5/rlm_passwd.5.gz
 %doc %{_mandir}/man5/rlm_policy.5.gz
 %doc %{_mandir}/man5/rlm_realm.5.gz
 %doc %{_mandir}/man5/rlm_sql.5.gz
 %doc %{_mandir}/man5/rlm_sql_log.5.gz
 %doc %{_mandir}/man5/rlm_unix.5.gz
 %doc %{_mandir}/man5/unlang.5.gz
 %doc %{_mandir}/man5/users.5.gz
@ -439,116 +322,273 @@ exit 0
 %doc %{_mandir}/man8/radmin.8.gz
 %doc %{_mandir}/man8/radrelay.8.gz
 %doc %{_mandir}/man8/radwatch.8.gz
 # system
 %config(noreplace) %{_sysconfdir}/pam.d/radiusd
 %config(noreplace) %{_sysconfdir}/logrotate.d/radiusd
 %{_unitdir}/radiusd.service
 %config %{_sysconfdir}/tmpfiles.d/radiusd.conf
 %dir %attr(710,radiusd,radiusd) %{_localstatedir}/run/radiusd
 %dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd
 # configs (raddb)
 %dir %attr(755,root,radiusd) /etc/raddb
 %defattr(-,root,radiusd)
 /etc/raddb/README.rst
 %attr(644,root,radiusd) %config(noreplace) /etc/raddb/dictionary
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/clients.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/templates.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/trigger.conf
 # symlink: /etc/raddb/hints -> ./mods-config/preprocess/hints
 %config /etc/raddb/hints
 # symlink: /etc/raddb/huntgroups -> ./mods-config/preprocess/huntgroups
 %config /etc/raddb/huntgroups
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/proxy.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/radiusd.conf
 # symlink: /etc/raddb/users -> ./mods-config/files/authorize
 %config(noreplace) /etc/raddb/users
 # certs
 %dir %attr(770,root,radiusd) /etc/raddb/certs
 %config(noreplace) /etc/raddb/certs/Makefile
 /etc/raddb/certs/README
 %config(noreplace) /etc/raddb/certs/xpextensions
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf
 %attr(750,root,radiusd) /etc/raddb/certs/bootstrap
 # mods-config
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config
 /etc/raddb/mods-config/README.rst
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/attr_filter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/attr_filter/*
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/files
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/files/*
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/preprocess
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/preprocess/*
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main
 # sites-available
 %dir %attr(750,root,radiusd) /etc/raddb/sites-available
 /etc/raddb/sites-available/README
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/control-socket
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/decoupled-accounting
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/robust-proxy-accounting
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/soh
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/coa
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/example
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/inner-tunnel
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/dhcp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/check-eap-tls
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/status
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/dhcp.relay
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/virtual.example.com
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/originate-coa
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/vmps
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/default
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/proxy-inner-tunnel
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/dynamic-clients
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/copy-acct-to-home-server
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/buffered-sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/tls
 # sites-enabled
 %dir %attr(750,root,radiusd) /etc/raddb/sites-enabled
 # symlink: /etc/raddb/sites-enabled/inner-tunnel -> ../sites-available/inner-tunnel
 /etc/raddb/sites-enabled/inner-tunnel
 # symlink: /etc/raddb/sites-enabled/default -> ../sites-available/default
 /etc/raddb/sites-enabled/default
 # mods-available
 %dir %attr(750,root,radiusd) /etc/raddb/mods-available
 /etc/raddb/mods-available/README.rst
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/always
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/attr_filter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache_eap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/chap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/counter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cui
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.example.com
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.log
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp_sqlippool
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/digest
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dynamic_clients
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/eap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/echo
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/etc_group
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/exec
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/expiration
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/expr
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/files
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/idn
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/inner-eap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ippool
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/linelog
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/logintime
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/mac2ip
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/mac2vlan
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/mschap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ntlm_auth
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/opendirectory
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/otp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/pam
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/pap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/passwd
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/preprocess
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/radutmp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/realm
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/redis
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rediswho
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/replicate
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/smbpasswd
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/smsotp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/soh
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sometimes
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlippool
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sradutmp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unix
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/utf8
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/wimax
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/yubikey
 # mods-enabled
 # symlink: /etc/raddb/mods-enabled/xxx -> ../mods-available/xxx
 %dir %attr(750,root,radiusd) /etc/raddb/mods-enabled
 %config(missingok) /etc/raddb/mods-enabled/always
 %config(missingok) /etc/raddb/mods-enabled/attr_filter
 %config(missingok) /etc/raddb/mods-enabled/cache_eap
 %config(missingok) /etc/raddb/mods-enabled/chap
 %config(missingok) /etc/raddb/mods-enabled/detail
 %config(missingok) /etc/raddb/mods-enabled/detail.log
 %config(missingok) /etc/raddb/mods-enabled/dhcp
 %config(missingok) /etc/raddb/mods-enabled/digest
 %config(missingok) /etc/raddb/mods-enabled/dynamic_clients
 %config(missingok) /etc/raddb/mods-enabled/eap
 %config(missingok) /etc/raddb/mods-enabled/echo
 %config(missingok) /etc/raddb/mods-enabled/exec
 %config(missingok) /etc/raddb/mods-enabled/expiration
 %config(missingok) /etc/raddb/mods-enabled/expr
 %config(missingok) /etc/raddb/mods-enabled/files
 %config(missingok) /etc/raddb/mods-enabled/linelog
 %config(missingok) /etc/raddb/mods-enabled/logintime
 %config(missingok) /etc/raddb/mods-enabled/mschap
 %config(missingok) /etc/raddb/mods-enabled/ntlm_auth
 %config(missingok) /etc/raddb/mods-enabled/pap
 %config(missingok) /etc/raddb/mods-enabled/passwd
 %config(missingok) /etc/raddb/mods-enabled/preprocess
 %config(missingok) /etc/raddb/mods-enabled/radutmp
 %config(missingok) /etc/raddb/mods-enabled/realm
 %config(missingok) /etc/raddb/mods-enabled/replicate
 %config(missingok) /etc/raddb/mods-enabled/soh
 %config(missingok) /etc/raddb/mods-enabled/sradutmp
 %config(missingok) /etc/raddb/mods-enabled/unix
 %config(missingok) /etc/raddb/mods-enabled/utf8
 # policy
 %dir %attr(750,root,radiusd) /etc/raddb/policy.d
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/accounting
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/canonicalization
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/control
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/cui
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/dhcp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/eap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/filter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/operator-name
 # binaries
 %defattr(-,root,root)
 /usr/sbin/checkrad
 /usr/sbin/raddebug
 /usr/sbin/radiusd
 /usr/sbin/radmin
 # dictionaries
 %dir %attr(755,root,root) /usr/share/freeradius
 /usr/share/freeradius/*
 # logs
 %dir %attr(700,radiusd,radiusd) /var/log/radius/
 %dir %attr(700,radiusd,radiusd) /var/log/radius/radacct/
 %ghost %attr(644,radiusd,radiusd) /var/log/radius/radutmp
 %ghost %attr(600,radiusd,radiusd) /var/log/radius/radius.log
-# RADIUS shared libs
+
 # libs
 %attr(755,root,root) %{_libdir}/freeradius/lib*.so*
-# RADIUS Loadable Modules
+
 # loadable modules
 %dir %attr(755,root,root) %{_libdir}/freeradius
-#%attr(755,root,root) %{_libdir}/freeradius/rlm_*.so*
+%{_libdir}/freeradius/proto_dhcp.so
-#%{_libdir}/freeradius/rlm_acctlog*.so
+%{_libdir}/freeradius/proto_vmps.so
 %{_libdir}/freeradius/rlm_acct_unique.so
 %{_libdir}/freeradius/rlm_acct_unique-%{version}.so
 %{_libdir}/freeradius/rlm_acctlog.so
 %{_libdir}/freeradius/rlm_acctlog-%{version}.so
 %{_libdir}/freeradius/rlm_always.so
 %{_libdir}/freeradius/rlm_always-%{version}.so
 %{_libdir}/freeradius/rlm_attr_filter.so
 %{_libdir}/freeradius/rlm_attr_filter-%{version}.so
 %{_libdir}/freeradius/rlm_attr_rewrite.so
 %{_libdir}/freeradius/rlm_attr_rewrite-%{version}.so
 %{_libdir}/freeradius/rlm_cache.so
 %{_libdir}/freeradius/rlm_cache-%{version}.so
 %{_libdir}/freeradius/rlm_chap.so
 %{_libdir}/freeradius/rlm_chap-%{version}.so
 %{_libdir}/freeradius/rlm_checkval.so
 %{_libdir}/freeradius/rlm_checkval-%{version}.so
 %{_libdir}/freeradius/rlm_copy_packet.so
 %{_libdir}/freeradius/rlm_copy_packet-%{version}.so
 %{_libdir}/freeradius/rlm_counter.so
-%{_libdir}/freeradius/rlm_counter-%{version}.so
+%{_libdir}/freeradius/rlm_cram.so
 %{_libdir}/freeradius/rlm_dbm.so
 %{_libdir}/freeradius/rlm_dbm-%{version}.so
 %{_libdir}/freeradius/rlm_detail.so
-%{_libdir}/freeradius/rlm_detail-%{version}.so
+%{_libdir}/freeradius/rlm_dhcp.so
 %{_libdir}/freeradius/rlm_digest.so
 %{_libdir}/freeradius/rlm_digest-%{version}.so
 %{_libdir}/freeradius/rlm_dynamic_clients.so
 %{_libdir}/freeradius/rlm_dynamic_clients-%{version}.so
 %{_libdir}/freeradius/rlm_eap.so
 %{_libdir}/freeradius/rlm_eap-%{version}.so
 %{_libdir}/freeradius/rlm_eap_gtc.so
 %{_libdir}/freeradius/rlm_eap_gtc-%{version}.so
 %{_libdir}/freeradius/rlm_eap_leap.so
 %{_libdir}/freeradius/rlm_eap_leap-%{version}.so
 %{_libdir}/freeradius/rlm_eap_md5.so
 %{_libdir}/freeradius/rlm_eap_md5-%{version}.so
 %{_libdir}/freeradius/rlm_eap_mschapv2.so
 %{_libdir}/freeradius/rlm_eap_mschapv2-%{version}.so
 %{_libdir}/freeradius/rlm_eap_peap.so
-%{_libdir}/freeradius/rlm_eap_peap-%{version}.so
+%if %{HAVE_EC_CRYPTO}
 %{_libdir}/freeradius/rlm_eap_pwd.so
 %endif
 %{_libdir}/freeradius/rlm_eap_sim.so
 %{_libdir}/freeradius/rlm_eap_sim-%{version}.so
 %{_libdir}/freeradius/rlm_eap_tls.so
-%{_libdir}/freeradius/rlm_eap_tls-%{version}.so
+%if ! 0%{?rhel}
 %{_libdir}/freeradius/rlm_eap_tnc.so
 %endif
 %{_libdir}/freeradius/rlm_eap_ttls.so
 %{_libdir}/freeradius/rlm_eap_ttls-%{version}.so
 %{_libdir}/freeradius/rlm_exec.so
 %{_libdir}/freeradius/rlm_exec-%{version}.so
 %{_libdir}/freeradius/rlm_expiration.so
 %{_libdir}/freeradius/rlm_expiration-%{version}.so
 %{_libdir}/freeradius/rlm_expr.so
 %{_libdir}/freeradius/rlm_expr-%{version}.so
 %{_libdir}/freeradius/rlm_fastusers.so
 %{_libdir}/freeradius/rlm_fastusers-%{version}.so
 %{_libdir}/freeradius/rlm_files.so
 %{_libdir}/freeradius/rlm_files-%{version}.so
 %{_libdir}/freeradius/rlm_ippool.so
 %{_libdir}/freeradius/rlm_ippool-%{version}.so
 %{_libdir}/freeradius/rlm_linelog.so
 %{_libdir}/freeradius/rlm_linelog-%{version}.so
 %{_libdir}/freeradius/rlm_logintime.so
 %{_libdir}/freeradius/rlm_logintime-%{version}.so
 %{_libdir}/freeradius/rlm_mschap.so
 %{_libdir}/freeradius/rlm_mschap-%{version}.so
 %{_libdir}/freeradius/rlm_otp.so
 %{_libdir}/freeradius/rlm_otp-%{version}.so
 %{_libdir}/freeradius/rlm_pam.so
 %{_libdir}/freeradius/rlm_pam-%{version}.so
 %{_libdir}/freeradius/rlm_pap.so
 %{_libdir}/freeradius/rlm_pap-%{version}.so
 %{_libdir}/freeradius/rlm_passwd.so
 %{_libdir}/freeradius/rlm_passwd-%{version}.so
 %{_libdir}/freeradius/rlm_policy.so
 %{_libdir}/freeradius/rlm_policy-%{version}.so
 %{_libdir}/freeradius/rlm_preprocess.so
 %{_libdir}/freeradius/rlm_preprocess-%{version}.so
 %{_libdir}/freeradius/rlm_radutmp.so
 %{_libdir}/freeradius/rlm_radutmp-%{version}.so
 %{_libdir}/freeradius/rlm_realm.so
 %{_libdir}/freeradius/rlm_realm-%{version}.so
 %{_libdir}/freeradius/rlm_replicate.so
 %{_libdir}/freeradius/rlm_replicate-%{version}.so
 %{_libdir}/freeradius/rlm_soh.so
-%{_libdir}/freeradius/rlm_soh-%{version}.so
+%{_libdir}/freeradius/rlm_sometimes.so
 %{_libdir}/freeradius/rlm_sql.so
 %{_libdir}/freeradius/rlm_sql-%{version}.so
 %{_libdir}/freeradius/rlm_sql_log.so
 %{_libdir}/freeradius/rlm_sql_log-%{version}.so
 %{_libdir}/freeradius/rlm_sqlcounter.so
 %{_libdir}/freeradius/rlm_sqlcounter-%{version}.so
 %{_libdir}/freeradius/rlm_sqlippool.so
-%{_libdir}/freeradius/rlm_sqlippool-%{version}.so
+%{_libdir}/freeradius/rlm_sql_null.so
 %{_libdir}/freeradius/rlm_unix.so
-%{_libdir}/freeradius/rlm_unix-%{version}.so
+%{_libdir}/freeradius/rlm_utf8.so
 %{_libdir}/freeradius/rlm_wimax.so
-%{_libdir}/freeradius/rlm_wimax-%{version}.so
+%{_libdir}/freeradius/rlm_yubikey.so
 %files utils
 /usr/bin/*
@ -565,48 +605,113 @@ exit 0
 %doc %{_mandir}/man8/radcrypt.8.gz
 %doc %{_mandir}/man8/radsniff.8.gz
 %doc %{_mandir}/man8/radsqlrelay.8.gz
 %doc %{_mandir}/man8/rlm_dbm_cat.8.gz
 %doc %{_mandir}/man8/rlm_dbm_parser.8.gz
 %doc %{_mandir}/man8/rlm_ippool_tool.8.gz
 %files devel
 /usr/include/freeradius
 %files krb5
 %{_libdir}/freeradius/rlm_krb5.so
-%{_libdir}/freeradius/rlm_krb5-%{version}.so
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/krb5
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/krb5
 %files perl
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/perl
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/perl
 /etc/raddb/mods-config/perl/example.pl
 %{_libdir}/freeradius/rlm_perl.so
 %{_libdir}/freeradius/rlm_perl-%{version}.so
 %files python
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/python
 /etc/raddb/mods-config/python/example.py*
 %{_libdir}/freeradius/rlm_python.so
 %{_libdir}/freeradius/rlm_python-%{version}.so
 %files mysql
-%dir %attr(750,root,radiusd) /etc/raddb/sql/mysql
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/mysql
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sql/mysql/*
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/queries.conf
-%dir %attr(750,root,radiusd) /etc/raddb/sql/ndb
+
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sql/ndb/*
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/mysql/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/mysql/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/setup.sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/mysql/extras
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/mysql/extras/wimax
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/extras/wimax/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/extras/wimax/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/ndb
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/ndb/setup.sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/ndb/schema.sql
 /etc/raddb/mods-config/sql/main/ndb/README
 %{_libdir}/freeradius/rlm_sql_mysql.so
 %{_libdir}/freeradius/rlm_sql_mysql-%{version}.so
 %files postgresql
-%dir %attr(750,root,radiusd) /etc/raddb/sql/postgresql
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/postgresql
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sql/postgresql/*
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/queries.conf
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui/postgresql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/postgresql/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/postgresql/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool/postgresql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/postgresql/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/postgresql/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/postgresql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/setup.sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/postgresql/extras
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/extras/update_radacct_group.sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/extras/voip-postpaid.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql
 %{_libdir}/freeradius/rlm_sql_postgresql.so
-%{_libdir}/freeradius/rlm_sql_postgresql-%{version}.so
+
 %files sqlite
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui/sqlite
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/sqlite/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/sqlite/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool/sqlite
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/sqlite/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/sqlite/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/sqlite
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/schema.sql
 %{_libdir}/freeradius/rlm_sql_sqlite.so
 %files ldap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/ldap.attrmap
 %{_libdir}/freeradius/rlm_ldap.so
-%{_libdir}/freeradius/rlm_ldap-%{version}.so
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ldap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/ldap
 %files unixODBC
 %{_libdir}/freeradius/rlm_sql_unixodbc.so
 %{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so
 %changelog
 * Mon Jul 22 2013 John Dennis <jdennis@redhat.com> - 3.0.0-rc0.0
 - Upgrade to new upstream major version release
 * Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.0-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--- a/2
+++ b/2
@ -1 +1 @@
-0fb333fe6a64eb2b1dd6ef67f7bca119  freeradius-server-2.2.0.tar.bz2
+cac8744139ad8f6cab49c4b5664e0b21  freeradius-server-release_3_0_0_rc0.tar.gz
`@ -1 +1 @@`
	`0fb333fe6a64eb2b1dd6ef67f7bca119 freeradius-server-2.2.0.tar.bz2`	`cac8744139ad8f6cab49c4b5664e0b21 freeradius-server-release_3_0_0_rc0.tar.gz`