diff --git a/.gitignore b/.gitignore
index 4570e26..b36d45f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@ opencryptoki-2.3.1.tar.gz
 /opencryptoki-2.4.2.tar.gz
 /opencryptoki-2.4.3.tar.gz
 /opencryptoki-2.4.3.1-tar.gz
+/opencryptoki-v3.0.tar.gz
diff --git a/opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch b/opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch
deleted file mode 100644
index c432aac..0000000
--- a/opencryptoki-2.3.2-do-not-create-group-in-pkcs11_startup.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-diff -up opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in.orig opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in
---- opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in.orig	2010-08-24 17:13:46.000000000 +0200
-+++ opencryptoki-2.3.2/usr/sbin/pkcs11_startup/pkcs11_startup.in	2010-08-24 17:14:03.000000000 +0200
-@@ -309,31 +309,6 @@ rm -f @localstatedir@/lib/opencryptoki/p
- 		        # it from scratch
- 
- 
--# Create the pkcs11 group if it does not exist...
--cat /etc/group|grep pkcs11 >/dev/null 2>&1
--rc=$?
--if [ $rc = 1 ]
--then
--   if [ -x @GROUPADD@ ]
--   then
--	   @GROUPADD@ pkcs11 >/dev/null 2>&1
--
--   else
--	   echo "Couldn't execute @GROUPADD@. Please add the group 'pkcs11' manually."
--   fi
--fi
--
--
--if [ -x @USERMOD@ -a -x @ID@ ]
--then
--	# add the pkcs group
--	# replace spaces by commas
--	@USERMOD@ -G $( @ID@ --groups --name root | @SED@ -e 'y/ /,/'),pkcs11  root
--else
--	echo "Couldn't execute @USERMOD@. Please add root to the group 'pkcs11' manually."
--fi
--
--
- # For each card run the status command and if successful
- # create the odm stanza for the file
- 
diff --git a/opencryptoki-2.4.3-locks.patch b/opencryptoki-2.4.3-locks.patch
deleted file mode 100644
index 8fa2c1f..0000000
--- a/opencryptoki-2.4.3-locks.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff --git a/usr/Makefile.am b/usr/Makefile.am
-index 20352d5..5d42b0f 100644
---- a/usr/Makefile.am
-+++ b/usr/Makefile.am
-@@ -6,5 +6,9 @@ SUBDIRS = lib $(DAEMONDIRS)
- 
- install-data-hook:
- 	$(MKDIR_P) $(DESTDIR)$(lockdir)
--	$(CHGRP) pkcs11 $(DESTDIR)$(lockdir)
--	$(CHMOD) 0770 $(DESTDIR)$(lockdir)
-+	if test `id` = 0; then \
-+	    $(CHGRP) pkcs11 $(DESTDIR)$(lockdir); \
-+	    $(CHMOD) 0770 $(DESTDIR)$(lockdir); \
-+	else \
-+	    echo "Not running as root, you must set the correct group and mode manually!"; \
-+	fi
diff --git a/opencryptoki.spec b/opencryptoki.spec
index eb21a22..5cbc11d 100644
--- a/opencryptoki.spec
+++ b/opencryptoki.spec
@@ -2,32 +2,30 @@
 
 Name:			opencryptoki
 Summary:		Implementation of the PKCS#11 (Cryptoki) specification v2.11
-Version:		2.4.3.1
+Version:		3.0
 Release:		1%{?dist}
 License:		CPL
 Group:			System Environment/Base
 URL:			http://sourceforge.net/projects/opencryptoki
-Source0:		http://downloads.sourceforge.net/%{name}/%{name}-%{version}-tar.gz
+Source0:		http://downloads.sourceforge.net/%{name}/%{name}-v%{version}.tar.gz
 Source1:		%{name}-tmpfiles.conf
-# the pkcs11 group is created and populated in scriptlet
-Patch0:			%{name}-2.3.2-do-not-create-group-in-pkcs11_startup.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=732756
-Patch1:			%{name}-2.4-group.patch
-# fix locks dir installation
-Patch2:			%{name}-2.4.3-locks.patch
+Patch0:			%{name}-2.4-group.patch
 Requires(pre):		shadow-utils coreutils sed
 BuildRequires:		openssl-devel
 BuildRequires:		trousers-devel
+BuildRequires:		openldap-devel
 BuildRequires:		autoconf automake libtool
-BuildRequires:		systemd-units
+BuildRequires:		bison flex
+BuildRequires:		systemd
 %ifarch s390 s390x
 BuildRequires:		libica-devel >= 2.0
 %endif
 Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
 Requires:		%{name}(token)
-Requires(post):		systemd-units
-Requires(preun):	systemd-units
-Requires(postun):	systemd-units
+Requires(post):		systemd
+Requires(preun):	systemd
+Requires(postun):	systemd
 
 
 %description
@@ -43,7 +41,6 @@ This package contains the Slot Daemon (pkcsslotd) and general utilities.
 Group:			System Environment/Libraries
 Summary:		The run-time libraries for opencryptoki package
 Requires:		%{name}%{?_isa} = %{version}-%{release}
-Obsoletes:		%{name}-libs < 2.3.2
 
 %description libs
 Opencryptoki implements the PKCS#11 specification v2.11 for a set of
@@ -70,7 +67,6 @@ opencryptoki and PKCS#11 based applications
 Group:			System Environment/Libraries
 Summary:		The software token implementation for opencryptoki
 Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
-Obsoletes:		%{name}-libs < 2.3.2
 Provides:		%{name}(token)
 
 %description swtok
@@ -87,7 +83,6 @@ without any specific cryptographic hardware.
 Group:			System Environment/Libraries
 Summary:		Trusted Platform Module (TPM) device support for opencryptoki
 Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
-Obsoletes:		%{name}-libs < 2.3.2
 Provides:		%{name}(token)
 
 %description tpmtok
@@ -100,12 +95,27 @@ This package brings the necessary libraries and files to support
 Trusted Platform Module (TPM) devices in the opencryptoki stack.
 
 
+%package icsftok
+Group:			System Environment/Libraries
+Summary:		ICSF token support for opencryptoki
+Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
+Provides:		%{name}(token)
+
+%description icsftok
+Opencryptoki implements the PKCS#11 specification v2.11 for a set of
+cryptographic hardware, such as IBM 4764 and 4765 crypto cards, and the
+Trusted Platform Module (TPM) chip. Opencryptoki also brings a software
+token implementation that can be used without any cryptographic
+hardware.
+This package brings the necessary libraries and files to support
+ICSF token in the opencryptoki stack.
+
+
 %ifarch s390 s390x
 %package icatok
 Group:			System Environment/Libraries
 Summary:		ICA cryptographic devices (clear-key) support for opencryptoki
 Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
-Obsoletes:		%{name}-libs < 2.3.2
 Provides:		%{name}(token)
 
 %description icatok
@@ -123,7 +133,6 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
 Group:			System Environment/Libraries
 Summary:		CCA cryptographic devices (secure-key) support for opencryptoki
 Requires:		%{name}-libs%{?_isa} = %{version}-%{release}
-Obsoletes:		%{name}-libs < 2.3.2
 Provides:		%{name}(token)
 
 %description ccatok
@@ -140,10 +149,8 @@ cryptographic hardware such as IBM 4764 or 4765 that uses the
 
 
 %prep
-%setup -q -n %{name}-%{name}
-%patch0 -p1
-%patch1 -p1 -b .group
-%patch2 -p1 -b .locks
+%setup -q -n %{name}
+%patch0 -p1 -b .group
 
 # Upstream tarball has unnecessary executable perms set on the sources
 find . -name '*.[ch]' -print0 | xargs -0 chmod -x
@@ -159,11 +166,11 @@ find . -name '*.[ch]' -print0 | xargs -0 chmod -x
     --disable-icatok --disable-ccatok
 %endif
 
-make %{?_smp_mflags}
+make %{?_smp_mflags} CHGRP=/bin/true
 
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT CHGRP=/bin/true
 
 # Remove unwanted cruft
 rm -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/*.la
@@ -177,6 +184,7 @@ install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/%{name}.conf
 %post libs -p /sbin/ldconfig
 %post swtok -p /sbin/ldconfig
 %post tpmtok -p /sbin/ldconfig
+%post icsftok -p /sbin/ldconfig
 %ifarch s390 s390x
 %post icatok -p /sbin/ldconfig
 %post ccatok -p /sbin/ldconfig
@@ -185,6 +193,7 @@ install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_prefix}/lib/tmpfiles.d/%{name}.conf
 %postun libs -p /sbin/ldconfig
 %postun swtok -p /sbin/ldconfig
 %postun tpmtok -p /sbin/ldconfig
+%postun icsftok -p /sbin/ldconfig
 %ifarch s390 s390x
 %postun icatok -p /sbin/ldconfig
 %postun ccatok -p /sbin/ldconfig
@@ -207,10 +216,17 @@ exit 0
 %files
 %doc ChangeLog FAQ README
 %doc doc/openCryptoki-HOWTO.pdf
+%doc doc/README.token_data
+%dir %{_sysconfdir}/%{name}
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
 %{_prefix}/lib/tmpfiles.d/%{name}.conf
 %{_unitdir}/pkcsslotd.service
-%{_sbindir}/*
-%{_mandir}/man*/*
+%{_sbindir}/pkcsconf
+%{_sbindir}/pkcsslotd
+%{_mandir}/man1/pkcsconf.1*
+%{_mandir}/man5/%{name}.conf.5*
+%{_mandir}/man7/%{name}.7*
+%{_mandir}/man8/pkcsslotd.8*
 %{_libdir}/opencryptoki/methods
 %{_libdir}/pkcs11/methods
 %dir %attr(770,root,pkcs11) %{_sharedstatedir}/%{name}
@@ -244,6 +260,13 @@ exit 0
 %{_libdir}/opencryptoki/stdll/libpkcs11_tpm.*
 %{_libdir}/opencryptoki/stdll/PKCS11_TPM.so
 
+%files icsftok
+%doc doc/README.icsf_stdll
+%{_sbindir}/pkcsicsf
+%{_mandir}/man1/pkcsicsf.1*
+%{_libdir}/opencryptoki/stdll/libpkcs11_icsf.*
+%{_libdir}/opencryptoki/stdll/PKCS11_ICSF.so
+
 %ifarch s390 s390x
 %files icatok
 %{_libdir}/opencryptoki/stdll/libpkcs11_ica.*
@@ -258,6 +281,9 @@ exit 0
 
 
 %changelog
+* Mon Jul 22 2013 Dan Horák <dan[at]danny.cz> - 3.0-1
+- new upstream release 3.0
+
 * Tue Jun 25 2013 Dan Horák <dan[at]danny.cz> - 2.4.3.1-1
 - new upstream release 2.4.3.1
 
diff --git a/sources b/sources
index c07f3dc..27360b6 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-452227185f93a25e7664e2dfbc466ec4  opencryptoki-2.4.3.1-tar.gz
+ec4e2a196c8a336d400d3b17288260af  opencryptoki-v3.0.tar.gz