Description: <short summary of the patch>
 TODO: Put a short summary on the line above and replace this paragraph
 with a longer explanation of this change. Complete the meta-information
 with other relevant fields (see below for details). To make it easier, the
 information below has been extracted from the changelog. Adjust it or drop
 it.
 .
 freeradius (2.2.5+dfsg-0.1) unstable; urgency=medium
 .
   * Non-maintainer Upload
     * Remove remnants of freeradius-dilaupadmin, Closes: #669741
     * Permit creating freerad to fail because user might exist, Closes: #661915
     * Update to standards version 3.9.5, no changes
   * New upstream version, Closes: #740857, #691770
     - Include dictionary.mikrotik, Closes: #672200
Author: Sam Hartman <hartmans@debian.org>
Bug-Debian: http://bugs.debian.org/661915
Bug-Debian: http://bugs.debian.org/669741
Bug-Debian: http://bugs.debian.org/672200
Bug-Debian: http://bugs.debian.org/691770
Bug-Debian: http://bugs.debian.org/740857

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: http://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: <YYYY-MM-DD>

--- freeradius-2.2.5+dfsg.orig/Make.inc.in
+++ freeradius-2.2.5+dfsg/Make.inc.in
@@ -1,7 +1,7 @@
 # -*- makefile -*-
 # Make.inc.in
 #
-# Version:	$Id: 5464b2e0e75bdfe1c8b1acfb0491b3e82c74e557 $
+# Version:	$Id: d3ade3b17314bead1763290a90749673092cf7e6 $
 #
 
 # Location of files.
--- /dev/null
+++ freeradius-2.2.5+dfsg/Make.inc.in.orig
@@ -0,0 +1,117 @@
+# -*- makefile -*-
+# Make.inc.in
+#
+# Version:	$Id: 5464b2e0e75bdfe1c8b1acfb0491b3e82c74e557 $
+#
+
+# Location of files.
+prefix		= @prefix@
+exec_prefix	= @exec_prefix@
+sysconfdir	= @sysconfdir@
+localstatedir	= @localstatedir@
+libdir		= @libdir@
+bindir		= @bindir@
+sbindir		= @sbindir@
+docdir		= @docdir@
+mandir		= @mandir@
+datadir		= @datadir@
+dictdir		= $(datadir)/freeradius
+logdir		= @logdir@
+includedir	= @includedir@
+raddbdir	= @raddbdir@
+radacctdir	= @radacctdir@
+top_builddir	= @abs_top_builddir@
+top_build_prefix=@abs_top_builddir@/
+top_srcdir	= @abs_top_srcdir@
+datarootdir	= @datarootdir@
+
+MAKE		= @MAKE@
+CC		= @CC@
+RANLIB		= @RANLIB@
+INCLUDE		= -I${top_srcdir} -I${top_srcdir}/src
+CFLAGS		= $(INCLUDE) @CFLAGS@
+CPPFLAGS	= @CPPFLAGS@
+LIBPREFIX	= @LIBPREFIX@
+EXEEXT		= @EXEEXT@
+
+LIBTOOL		= @LIBTOOL@
+ACLOCAL		= @ACLOCAL@
+AUTOCONF	= @AUTOCONF@
+AUTOHEADER	= @AUTOHEADER@
+INSTALL		= ${top_builddir}/install-sh -c
+INSTALL_PROGRAM	= ${INSTALL}
+INSTALL_DATA	= ${INSTALL} -m 644
+INSTALL_SCRIPT	= ${INSTALL_PROGRAM}
+INSTALLSTRIP	= @INSTALLSTRIP@
+
+LCRYPT		= @CRYPTLIB@
+LIBS		= @LIBS@
+LDFLAGS		= @LDFLAGS@
+
+LOGDIR		= ${logdir}
+RADDBDIR	= ${raddbdir}
+RUNDIR		= ${localstatedir}/run/radiusd
+SBINDIR		= ${sbindir}
+RADIR		= ${radacctdir}
+LIBRADIUS	= $(top_builddir)/src/lib/$(LIBPREFIX)freeradius-radius.la
+
+LIBLTDL		= @LIBLTDL@
+INCLTDL		= @INCLTDL@
+LTDL_SUBDIRS	= @LTDL_SUBDIRS@
+CFLAGS		+= $(INCLTDL)
+
+USE_SHARED_LIBS	= @USE_SHARED_LIBS@
+USE_STATIC_LIBS = @USE_STATIC_LIBS@
+STATIC_MODULES	= @STATIC_MODULES@
+
+OPENSSL_LIBS	= @OPENSSL_LIBS@
+OPENSSL_INCLUDE = @OPENSSL_INCLUDE@
+
+LIBREADLINE	= @LIBREADLINE@
+
+#
+#  SQL driver defines
+#
+SQL_ODBC_LIBS = @ODBC_LIBS@
+SQL_ODBC_INCLUDE = @ODBC_INCLUDE@
+
+RADIUSD_MAJOR_VERSION	= @RADIUSD_MAJOR_VERSION@
+RADIUSD_MINOR_VERSION	= @RADIUSD_MINOR_VERSION@
+RADIUSD_INCRM_VERSION	= @RADIUSD_INCRM_VERSION@
+RADIUSD_VERSION		= @RADIUSD_VERSION@
+RADIUSD_VERSION_STRING  = @RADIUSD_VERSION_STRING@
+RADIUSD_VERSION_COMMIT  = @RADIUSD_VERSION_COMMIT@
+
+MODULES			= @MODULES@
+HOSTINFO		= @HOSTINFO@
+
+ifneq ($(WITH_OPENSSL_MD5),)
+LIBRADIUS_WITH_OPENSSL = 1
+CFLAGS += -DWITH_OPENSSL_MD5
+endif
+
+ifneq ($(WITH_OPENSSL_SHA1),)
+LIBRADIUS_WITH_OPENSSL = 1
+CFLAGS += -DWITH_OPENSSL_SHA1
+endif
+
+ifneq ($(LIBRADIUS_WITH_OPENSSL),)
+ifeq ($(OPENSSL_LIBS),)
+$(error OPENSSL_LIBS must be define in order to use WITH_OPENSSL_*)
+else
+LIBRADIUS += $(OPENSSL_LIBS)
+endif
+endif
+
+#  http://clang.llvm.org/StaticAnalysis.html
+#
+#  $ make SCAN=/path/to/checker/ 
+#
+ifneq ($(SCAN),)
+CC		:= $(SCAN)/scan-build gcc -DFR_SCAN_BUILD
+LIBTOOL		:= 
+endif
+
+ifeq "$(LIBTOOL)" ""
+$(error Building FreeRADIUS requires libtool)
+endif
--- /dev/null
+++ freeradius-2.2.5+dfsg/Make.inc.in.rej
@@ -0,0 +1,11 @@
+--- Make.inc.in
++++ Make.inc.in
+@@ -50,7 +50,7 @@
+ 
+ LOGDIR		= ${logdir}
+ RADDBDIR	= ${raddbdir}
+-RUNDIR		= ${localstatedir}/run/radiusd
++RUNDIR		= ${localstatedir}/run/freeradius
+ SBINDIR		= ${sbindir}
+ RADIR		= ${radacctdir}
+ LIBRADIUS	= $(top_builddir)/src/lib/$(LIBPREFIX)freeradius-radius.la
--- freeradius-2.2.5+dfsg.orig/doc/Makefile
+++ freeradius-2.2.5+dfsg/doc/Makefile
@@ -1,7 +1,7 @@
 #
 # Makefile
 #
-# Version:	$Id: aaf7675ac139ee0274dae8352fe60ccaf426dec8 $
+# Version:	$Id: 38bd934181e15cb4c754ba25c58d33e105cd3b6b $
 #
 
 include ../Make.inc
--- freeradius-2.2.5+dfsg.orig/raddb/eap.conf
+++ freeradius-2.2.5+dfsg/raddb/eap.conf
@@ -2,7 +2,7 @@
 ##
 ##  eap.conf -- Configuration for EAP types (PEAP, TTLS, etc.)
 ##
-##	$Id: 95bebe4d25ef13871fb201ba540ed008078dab07 $
+##	$Id: 4157e09820bcb6c00cfe7f36cf9ca4f15860a6f9 $
 
 #######################################################################
 #
--- freeradius-2.2.5+dfsg.orig/raddb/modules/dhcp_sqlippool
+++ freeradius-2.2.5+dfsg/raddb/modules/dhcp_sqlippool
@@ -2,7 +2,7 @@
 ##
 ##  See sqlippool.conf for common configuration explanation
 ##
-##  $Id: 39358b222d016d62e5cf6e8c77fd214cc7614feb $
+##  $Id: 2a29daf8b411d34c150376e581437ccfcf626541 $
 
 sqlippool dhcp_sqlippool {
 	sql-instance-name = "sql"
--- freeradius-2.2.5+dfsg.orig/raddb/radiusd.conf.in
+++ freeradius-2.2.5+dfsg/raddb/radiusd.conf.in
@@ -3,7 +3,7 @@
 ## radiusd.conf	-- FreeRADIUS server configuration file.
 ##
 ##	http://www.freeradius.org/
-##	$Id: 201b70b31b5bb4c2ef98c102690daa3462d5e1e3 $
+##	$Id: 39a19410e81ae0f833e01ddc09c08c80860e47eb $
 ##
 
 ######################################################################
--- /dev/null
+++ freeradius-2.2.5+dfsg/raddb/radiusd.conf.in.orig
@@ -0,0 +1,865 @@
+# -*- text -*-
+##
+## radiusd.conf	-- FreeRADIUS server configuration file.
+##
+##	http://www.freeradius.org/
+##	$Id: 201b70b31b5bb4c2ef98c102690daa3462d5e1e3 $
+##
+
+######################################################################
+#
+#	Read "man radiusd" before editing this file.  See the section
+#	titled DEBUGGING.  It outlines a method where you can quickly
+#	obtain the configuration you want, without running into
+#	trouble.
+#
+#	Run the server in debugging mode, and READ the output.
+#
+#		$ radiusd -X
+#
+#	We cannot emphasize this point strongly enough.  The vast
+#	majority of problems can be solved by carefully reading the
+#	debugging output, which includes warnings about common issues,
+#	and suggestions for how they may be fixed.
+#
+#	There may be a lot of output, but look carefully for words like:
+#	"warning", "error", "reject", or "failure".  The messages there
+#	will usually be enough to guide you to a solution.
+#
+#	If you are going to ask a question on the mailing list, then
+#	explain what you are trying to do, and include the output from
+#	debugging mode (radiusd -X).  Failure to do so means that all
+#	of the responses to your question will be people telling you
+#	to "post the output of radiusd -X".
+
+######################################################################
+#
+#  	The location of other config files and logfiles are declared
+#  	in this file.
+#
+#  	Also general configuration for modules can be done in this
+#  	file, it is exported through the API to modules that ask for
+#  	it.
+#
+#	See "man radiusd.conf" for documentation on the format of this
+#	file.  Note that the individual configuration items are NOT
+#	documented in that "man" page.  They are only documented here,
+#	in the comments.
+#
+#	As of 2.0.0, FreeRADIUS supports a simple processing language
+#	in the "authorize", "authenticate", "accounting", etc. sections.
+#	See "man unlang" for details.
+#
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+sysconfdir = @sysconfdir@
+localstatedir = @localstatedir@
+sbindir = @sbindir@
+logdir = @logdir@
+raddbdir = @raddbdir@
+radacctdir = @radacctdir@
+
+#
+#  name of the running server.  See also the "-n" command-line option.
+name = radiusd
+
+#  Location of config and logfiles.
+confdir = ${raddbdir}
+run_dir = ${localstatedir}/run/${name}
+
+# Should likely be ${localstatedir}/lib/radiusd
+db_dir = ${raddbdir}
+
+#
+# libdir: Where to find the rlm_* modules.
+#
+#   This should be automatically set at configuration time.
+#
+#   If the server builds and installs, but fails at execution time
+#   with an 'undefined symbol' error, then you can use the libdir
+#   directive to work around the problem.
+#
+#   The cause is usually that a library has been installed on your
+#   system in a place where the dynamic linker CANNOT find it.  When
+#   executing as root (or another user), your personal environment MAY
+#   be set up to allow the dynamic linker to find the library.  When
+#   executing as a daemon, FreeRADIUS MAY NOT have the same
+#   personalized configuration.
+#
+#   To work around the problem, find out which library contains that symbol,
+#   and add the directory containing that library to the end of 'libdir',
+#   with a colon separating the directory names.  NO spaces are allowed.
+#
+#   e.g. libdir = /usr/local/lib:/opt/package/lib
+#
+#   You can also try setting the LD_LIBRARY_PATH environment variable
+#   in a script which starts the server.
+#
+#   If that does not work, then you can re-configure and re-build the
+#   server to NOT use shared libraries, via:
+#
+#	./configure --disable-shared
+#	make
+#	make install
+#
+libdir = @libdir@
+
+#  pidfile: Where to place the PID of the RADIUS server.
+#
+#  The server may be signalled while it's running by using this
+#  file.
+#
+#  This file is written when ONLY running in daemon mode.
+#
+#  e.g.:  kill -HUP `cat /var/run/radiusd/radiusd.pid`
+#
+pidfile = ${run_dir}/${name}.pid
+
+#  chroot: directory where the server does "chroot".
+#
+#  The chroot is done very early in the process of starting the server.
+#  After the chroot has been performed it switches to the "user" listed
+#  below (which MUST be specified).  If "group" is specified, it switchs
+#  to that group, too.  Any other groups listed for the specified "user"
+#  in "/etc/group" are also added as part of this process.
+#
+#  The current working directory (chdir / cd) is left *outside* of the
+#  chroot until all of the modules have been initialized.  This allows
+#  the "raddb" directory to be left outside of the chroot.  Once the
+#  modules have been initialized, it does a "chdir" to ${logdir}.  This
+#  means that it should be impossible to break out of the chroot.
+#
+#  If you are worried about security issues related to this use of chdir,
+#  then simply ensure that the "raddb" directory is inside of the chroot,
+#  end be sure to do "cd raddb" BEFORE starting the server.
+#
+#  If the server is statically linked, then the only files that have
+#  to exist in the chroot are ${run_dir} and ${logdir}.  If you do the
+#  "cd raddb" as discussed above, then the "raddb" directory has to be
+#  inside of the chroot directory, too.
+#
+#chroot = /path/to/chroot/directory
+
+# user/group: The name (or #number) of the user/group to run radiusd as.
+#
+#   If these are commented out, the server will run as the user/group
+#   that started it.  In order to change to a different user/group, you
+#   MUST be root ( or have root privleges ) to start the server.
+#
+#   We STRONGLY recommend that you run the server with as few permissions
+#   as possible.  That is, if you're not using shadow passwords, the
+#   user and group items below should be set to radius'.
+#
+#  NOTE that some kernels refuse to setgid(group) when the value of
+#  (unsigned)group is above 60000; don't use group nobody on these systems!
+#
+#  On systems with shadow passwords, you might have to set 'group = shadow'
+#  for the server to be able to read the shadow password file.  If you can
+#  authenticate users while in debug mode, but not in daemon mode, it may be
+#  that the debugging mode server is running as a user that can read the
+#  shadow info, and the user listed below can not.
+#
+#  The server will also try to use "initgroups" to read /etc/groups.
+#  It will join all groups where "user" is a member.  This can allow
+#  for some finer-grained access controls.
+#
+#user = radius
+#group = radius
+
+#  panic_action: Command to execute if the server dies unexpectedly.
+#
+#  FOR PRODUCTION SYSTEMS, ACTIONS SHOULD ALWAYS EXIT.
+#  AN INTERACTIVE ACTION MEANS THE SERVER IS NOT RESPONDING TO REQUESTS.
+#  AN INTERACTICE ACTION MEANS THE SERVER WILL NOT RESTART.
+#
+#  The panic action is a command which will be executed if the server
+#  receives a fatal, non user generated signal, i.e. SIGSEGV, SIGBUS,
+#  SIGABRT or SIGFPE.
+#
+#  This can be used to start an interactive debugging session so
+#  that information regarding the current state of the server can
+#  be acquired.
+#
+#  The following string substitutions are available:
+#  - %e   The currently executing program e.g. /sbin/radiusd
+#  - %p   The PID of the currently executing program e.g. 12345
+#
+#  Standard ${} substitutions are also allowed.
+#
+#  An example panic action for opening an interactive session in GDB would be:
+#
+#panic_action = "gdb %e %p"
+#
+#  Again, don't use that on a production system.
+#
+#  An example panic action for opening an automated session in GDB would be:
+#
+#panic_action = "gdb -silent -x ${raddbdir}/panic.gdb %e %p > ${logdir}/gdb-%e-%p.log 2>&1"
+#
+#  That command can be used on a production system.
+#
+
+#  max_request_time: The maximum time (in seconds) to handle a request.
+#
+#  Requests which take more time than this to process may be killed, and
+#  a REJECT message is returned.
+#
+#  WARNING: If you notice that requests take a long time to be handled,
+#  then this MAY INDICATE a bug in the server, in one of the modules
+#  used to handle a request, OR in your local configuration.
+#
+#  This problem is most often seen when using an SQL database.  If it takes
+#  more than a second or two to receive an answer from the SQL database,
+#  then it probably means that you haven't indexed the database.  See your
+#  SQL server documentation for more information.
+#
+#  Useful range of values: 5 to 120
+#
+max_request_time = 30
+
+#  cleanup_delay: The time to wait (in seconds) before cleaning up
+#  a reply which was sent to the NAS.
+#
+#  The RADIUS request is normally cached internally for a short period
+#  of time, after the reply is sent to the NAS.  The reply packet may be
+#  lost in the network, and the NAS will not see it.  The NAS will then
+#  re-send the request, and the server will respond quickly with the
+#  cached reply.
+#
+#  If this value is set too low, then duplicate requests from the NAS
+#  MAY NOT be detected, and will instead be handled as seperate requests.
+#
+#  If this value is set too high, then the server will cache too many
+#  requests, and some new requests may get blocked.  (See 'max_requests'.)
+#
+#  Useful range of values: 2 to 10
+#
+cleanup_delay = 5
+
+#  max_requests: The maximum number of requests which the server keeps
+#  track of.  This should be 256 multiplied by the number of clients.
+#  e.g. With 4 clients, this number should be 1024.
+#
+#  If this number is too low, then when the server becomes busy,
+#  it will not respond to any new requests, until the 'cleanup_delay'
+#  time has passed, and it has removed the old requests.
+#
+#  If this number is set too high, then the server will use a bit more
+#  memory for no real benefit.
+#
+#  If you aren't sure what it should be set to, it's better to set it
+#  too high than too low.  Setting it to 1000 per client is probably
+#  the highest it should be.
+#
+#  Useful range of values: 256 to infinity
+#
+max_requests = 1024
+
+#  listen: Make the server listen on a particular IP address, and send
+#  replies out from that address. This directive is most useful for
+#  hosts with multiple IP addresses on one interface.
+#
+#  If you want the server to listen on additional addresses, or on
+#  additionnal ports, you can use multiple "listen" sections.
+#
+#  Each section make the server listen for only one type of packet,
+#  therefore authentication and accounting have to be configured in
+#  different sections.
+#
+#  The server ignore all "listen" section if you are using '-i' and '-p'
+#  on the command line.
+#
+listen {
+	#  Type of packets to listen for.
+	#  Allowed values are:
+	#	auth	listen for authentication packets
+	#	acct	listen for accounting packets
+	#	proxy   IP to use for sending proxied packets
+	#	detail  Read from the detail file.  For examples, see
+	#               raddb/sites-available/copy-acct-to-home-server
+	#	status  listen for Status-Server packets.  For examples,
+	#		see raddb/sites-available/status
+	#	coa     listen for CoA-Request and Disconnect-Request
+	#		packets.  For examples, see the file
+	#		raddb/sites-available/coa
+	#
+	type = auth
+
+	#  Note: "type = proxy" lets you control the source IP used for
+	#        proxying packets, with some limitations:
+	#
+	#    * A proxy listener CANNOT be used in a virtual server section.
+	#    * You should probably set "port = 0".
+	#    * Any "clients" configuration will be ignored.
+	#
+	#  See also proxy.conf, and the "src_ipaddr" configuration entry
+	#  in the sample "home_server" section.  When you specify the
+	#  source IP address for packets sent to a home server, the
+	#  proxy listeners are automatically created.
+
+	#  IP address on which to listen.
+	#  Allowed values are:
+	#	dotted quad (1.2.3.4)
+	#       hostname    (radius.example.com)
+	#       wildcard    (*)
+	ipaddr = *
+
+	#  OR, you can use an IPv6 address, but not both
+	#  at the same time.
+#	ipv6addr = ::	# any.  ::1 == localhost
+
+	#  Port on which to listen.
+	#  Allowed values are:
+	#	integer port number (1812)
+	#	0 means "use /etc/services for the proper port"
+	port = 0
+
+	#  Some systems support binding to an interface, in addition
+	#  to the IP address.  This feature isn't strictly necessary,
+	#  but for sites with many IP addresses on one interface,
+	#  it's useful to say "listen on all addresses for eth0".
+	#
+	#  If your system does not support this feature, you will
+	#  get an error if you try to use it.
+	#
+#	interface = eth0
+
+	#  Per-socket lists of clients.  This is a very useful feature.
+	#
+	#  The name here is a reference to a section elsewhere in
+	#  radiusd.conf, or clients.conf.  Having the name as
+	#  a reference allows multiple sockets to use the same
+	#  set of clients.
+	#
+	#  If this configuration is used, then the global list of clients
+	#  is IGNORED for this "listen" section.  Take care configuring
+	#  this feature, to ensure you don't accidentally disable a
+	#  client you need.
+	#
+	#  See clients.conf for the configuration of "per_socket_clients".
+	#
+#	clients = per_socket_clients
+}
+
+#  This second "listen" section is for listening on the accounting
+#  port, too.
+#
+listen {
+	ipaddr = *
+#	ipv6addr = ::
+	port = 0
+	type = acct
+#	interface = eth0
+#	clients = per_socket_clients
+}
+
+#  hostname_lookups: Log the names of clients or just their IP addresses
+#  e.g., www.freeradius.org (on) or 206.47.27.232 (off).
+#
+#  The default is 'off' because it would be overall better for the net
+#  if people had to knowingly turn this feature on, since enabling it
+#  means that each client request will result in AT LEAST one lookup
+#  request to the nameserver.   Enabling hostname_lookups will also
+#  mean that your server may stop randomly for 30 seconds from time
+#  to time, if the DNS requests take too long.
+#
+#  Turning hostname lookups off also means that the server won't block
+#  for 30 seconds, if it sees an IP address which has no name associated
+#  with it.
+#
+#  allowed values: {no, yes}
+#
+hostname_lookups = no
+
+#  Core dumps are a bad thing.  This should only be set to 'yes'
+#  if you're debugging a problem with the server.
+#
+#  allowed values: {no, yes}
+#
+allow_core_dumps = no
+
+#  Regular expressions
+#
+#  These items are set at configure time.  If they're set to "yes",
+#  then setting them to "no" turns off regular expression support.
+#
+#  If they're set to "no" at configure time, then setting them to "yes"
+#  WILL NOT WORK.  It will give you an error.
+#
+regular_expressions	= @REGEX@
+extended_expressions	= @REGEX_EXTENDED@
+
+#
+#  Logging section.  The various "log_*" configuration items
+#  will eventually be moved here.
+#
+log {
+	#
+	#  Destination for log messages.  This can be one of:
+	#
+	#	files - log to "file", as defined below.
+	#	syslog - to syslog (see also the "syslog_facility", below.
+	#	stdout - standard output
+	#	stderr - standard error.
+	#
+	#  The command-line option "-X" over-rides this option, and forces
+	#  logging to go to stdout.
+	#
+	destination = files
+
+	#
+	#  The logging messages for the server are appended to the
+	#  tail of this file if destination == "files"
+	#
+	#  If the server is running in debugging mode, this file is
+	#  NOT used.
+	#
+	file = ${logdir}/radius.log
+
+	#
+	#  If this configuration parameter is set, then log messages for
+	#  a *request* go to this file, rather than to radius.log.
+	#
+	#  i.e. This is a log file per request, once the server has accepted
+	#  the request as being from a valid client.  Messages that are
+	#  not associated with a request still go to radius.log.
+	#
+	#  Not all log messages in the server core have been updated to use
+	#  this new internal API.  As a result, some messages will still
+	#  go to radius.log.  Please submit patches to fix this behavior.
+	#
+	#  The file name is expanded dynamically.  You should ONLY user
+	#  server-side attributes for the filename (e.g. things you control).
+	#  Using this feature MAY also slow down the server substantially,
+	#  especially if you do thinks like SQL calls as part of the
+	#  expansion of the filename.
+	#
+	#  The name of the log file should use attributes that don't change
+	#  over the lifetime of a request, such as User-Name,
+	#  Virtual-Server or Packet-Src-IP-Address.  Otherwise, the log
+	#  messages will be distributed over multiple files.
+	#
+	#  Logging can be enabled for an individual request by a special
+	#  dynamic expansion macro:  %{debug: 1}, where the debug level
+	#  for this request is set to '1' (or 2, 3, etc.).  e.g.
+	#
+	#	...
+	#	update control {
+	#	       Tmp-String-0 = "%{debug:1}"
+	#	}
+	#	...
+	#
+	#  The attribute that the value is assigned to is unimportant,
+	#  and should be a "throw-away" attribute with no side effects.
+	#
+	#requests = ${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log
+
+	#
+	#  Which syslog facility to use, if ${destination} == "syslog"
+	#
+	#  The exact values permitted here are OS-dependent.  You probably
+	#  don't want to change this.
+	#
+	syslog_facility = daemon
+
+	#  Log the full User-Name attribute, as it was found in the request.
+	#
+	# allowed values: {no, yes}
+	#
+	stripped_names = no
+
+	#  Log authentication requests to the log file.
+	#
+	#  allowed values: {no, yes}
+	#
+	auth = no
+
+	#  Log passwords with the authentication requests.
+	#  auth_badpass  - logs password if it's rejected
+	#  auth_goodpass - logs password if it's correct
+	#
+	#  allowed values: {no, yes}
+	#
+	auth_badpass = no
+	auth_goodpass = no
+
+	#  Log additional text at the end of the "Login OK" messages.
+	#  for these to work, the "auth" and "auth_goopass" or "auth_badpass"
+	#  configurations above have to be set to "yes".
+	#
+	#  The strings below are dynamically expanded, which means that
+	#  you can put anything you want in them.  However, note that
+	#  this expansion can be slow, and can negatively impact server
+	#  performance.
+	#
+#	msg_goodpass = ""
+#	msg_badpass = ""
+}
+
+#  The program to execute to do concurrency checks.
+checkrad = ${sbindir}/checkrad
+
+# SECURITY CONFIGURATION
+#
+#  There may be multiple methods of attacking on the server.  This
+#  section holds the configuration items which minimize the impact
+#  of those attacks
+#
+security {
+	#
+	#  max_attributes: The maximum number of attributes
+	#  permitted in a RADIUS packet.  Packets which have MORE
+	#  than this number of attributes in them will be dropped.
+	#
+	#  If this number is set too low, then no RADIUS packets
+	#  will be accepted.
+	#
+	#  If this number is set too high, then an attacker may be
+	#  able to send a small number of packets which will cause
+	#  the server to use all available memory on the machine.
+	#
+	#  Setting this number to 0 means "allow any number of attributes"
+	max_attributes = 200
+
+	#
+	#  reject_delay: When sending an Access-Reject, it can be
+	#  delayed for a few seconds.  This may help slow down a DoS
+	#  attack.  It also helps to slow down people trying to brute-force
+	#  crack a users password.
+	#
+	#  Setting this number to 0 means "send rejects immediately"
+	#
+	#  If this number is set higher than 'cleanup_delay', then the
+	#  rejects will be sent at 'cleanup_delay' time, when the request
+	#  is deleted from the internal cache of requests.
+	#
+	#  Useful ranges: 1 to 5
+	reject_delay = 1
+
+	#
+	#  status_server: Whether or not the server will respond
+	#  to Status-Server requests.
+	#
+	#  When sent a Status-Server message, the server responds with
+	#  an Access-Accept or Accounting-Response packet.
+	#
+	#  This is mainly useful for administrators who want to "ping"
+	#  the server, without adding test users, or creating fake
+	#  accounting packets.
+	#
+	#  It's also useful when a NAS marks a RADIUS server "dead".
+	#  The NAS can periodically "ping" the server with a Status-Server
+	#  packet.  If the server responds, it must be alive, and the
+	#  NAS can start using it for real requests.
+	#
+	#  See also raddb/sites-available/status
+	#
+	status_server = yes
+
+	#
+	#  allow_vulnerable_openssl: Allow the server to start with
+	#  versions of OpenSSL known to have critical vulnerabilities.
+	#
+	#  This check is based on the version number reported by libssl
+	#  and may not reflect patches applied to libssl by
+	#  distribution maintainers.
+	#
+	allow_vulnerable_openssl = no
+}
+
+# PROXY CONFIGURATION
+#
+#  proxy_requests: Turns proxying of RADIUS requests on or off.
+#
+#  The server has proxying turned on by default.  If your system is NOT
+#  set up to proxy requests to another server, then you can turn proxying
+#  off here.  This will save a small amount of resources on the server.
+#
+#  If you have proxying turned off, and your configuration files say
+#  to proxy a request, then an error message will be logged.
+#
+#  To disable proxying, change the "yes" to "no", and comment the
+#  $INCLUDE line.
+#
+#  allowed values: {no, yes}
+#
+proxy_requests  = yes
+$INCLUDE proxy.conf
+
+
+# CLIENTS CONFIGURATION
+#
+#  Client configuration is defined in "clients.conf".
+#
+
+#  The 'clients.conf' file contains all of the information from the old
+#  'clients' and 'naslist' configuration files.  We recommend that you
+#  do NOT use 'client's or 'naslist', although they are still
+#  supported.
+#
+#  Anything listed in 'clients.conf' will take precedence over the
+#  information from the old-style configuration files.
+#
+$INCLUDE clients.conf
+
+
+# THREAD POOL CONFIGURATION
+#
+#  The thread pool is a long-lived group of threads which
+#  take turns (round-robin) handling any incoming requests.
+#
+#  You probably want to have a few spare threads around,
+#  so that high-load situations can be handled immediately.  If you
+#  don't have any spare threads, then the request handling will
+#  be delayed while a new thread is created, and added to the pool.
+#
+#  You probably don't want too many spare threads around,
+#  otherwise they'll be sitting there taking up resources, and
+#  not doing anything productive.
+#
+#  The numbers given below should be adequate for most situations.
+#
+thread pool {
+	#  Number of servers to start initially --- should be a reasonable
+	#  ballpark figure.
+	start_servers = 5
+
+	#  Limit on the total number of servers running.
+	#
+	#  If this limit is ever reached, clients will be LOCKED OUT, so it
+	#  should NOT BE SET TOO LOW.  It is intended mainly as a brake to
+	#  keep a runaway server from taking the system with it as it spirals
+	#  down...
+	#
+	#  You may find that the server is regularly reaching the
+	#  'max_servers' number of threads, and that increasing
+	#  'max_servers' doesn't seem to make much difference.
+	#
+	#  If this is the case, then the problem is MOST LIKELY that
+	#  your back-end databases are taking too long to respond, and
+	#  are preventing the server from responding in a timely manner.
+	#
+	#  The solution is NOT do keep increasing the 'max_servers'
+	#  value, but instead to fix the underlying cause of the
+	#  problem: slow database, or 'hostname_lookups=yes'.
+	#
+	#  For more information, see 'max_request_time', above.
+	#
+	max_servers = 32
+
+	#  Server-pool size regulation.  Rather than making you guess
+	#  how many servers you need, FreeRADIUS dynamically adapts to
+	#  the load it sees, that is, it tries to maintain enough
+	#  servers to handle the current load, plus a few spare
+	#  servers to handle transient load spikes.
+	#
+	#  It does this by periodically checking how many servers are
+	#  waiting for a request.  If there are fewer than
+	#  min_spare_servers, it creates a new spare.  If there are
+	#  more than max_spare_servers, some of the spares die off.
+	#  The default values are probably OK for most sites.
+	#
+	min_spare_servers = 3
+	max_spare_servers = 10
+
+	#  When the server receives a packet, it places it onto an
+	#  internal queue, where the worker threads (configured above)
+	#  pick it up for processing.  The maximum size of that queue
+	#  is given here.
+	#
+	#  When the queue is full, any new packets will be silently
+	#  discarded.
+	#
+	#  The most common cause of the queue being full is that the
+	#  server is dependent on a slow database, and it has received
+	#  a large "spike" of traffic.  When that happens, there is
+	#  very little you can do other than make sure the server
+	#  receives less traffic, or make sure that the database can
+	#  handle the load.
+	#
+#	max_queue_size = 65536
+
+	#  There may be memory leaks or resource allocation problems with
+	#  the server.  If so, set this value to 300 or so, so that the
+	#  resources will be cleaned up periodically.
+	#
+	#  This should only be necessary if there are serious bugs in the
+	#  server which have not yet been fixed.
+	#
+	#  '0' is a special value meaning 'infinity', or 'the servers never
+	#  exit'
+	max_requests_per_server = 0
+}
+
+# MODULE CONFIGURATION
+#
+#  The names and configuration of each module is located in this section.
+#
+#  After the modules are defined here, they may be referred to by name,
+#  in other sections of this configuration file.
+#
+modules {
+	#
+	#  Each module has a configuration as follows:
+	#
+	#	name [ instance ] {
+	#		config_item = value
+	#		...
+	#	}
+	#
+	#  The 'name' is used to load the 'rlm_name' library
+	#  which implements the functionality of the module.
+	#
+	#  The 'instance' is optional.  To have two different instances
+	#  of a module, it first must be referred to by 'name'.
+	#  The different copies of the module are then created by
+	#  inventing two 'instance' names, e.g. 'instance1' and 'instance2'
+	#
+	#  The instance names can then be used in later configuration
+	#  INSTEAD of the original 'name'.  See the 'radutmp' configuration
+	#  for an example.
+	#
+
+	#
+	#  As of 2.0.5, most of the module configurations are in a
+	#  sub-directory.  Files matching the regex /[a-zA-Z0-9_.]+/
+	#  are loaded.  The modules are initialized ONLY if they are
+	#  referenced in a processing section, such as authorize,
+	#  authenticate, accounting, pre/post-proxy, etc.
+	#
+	$INCLUDE ${confdir}/modules/
+
+	#  Extensible Authentication Protocol
+	#
+	#  For all EAP related authentications.
+	#  Now in another file, because it is very large.
+	#
+	$INCLUDE eap.conf
+
+	#  Include another file that has the SQL-related configuration.
+	#  This is another file only because it tends to be big.
+	#
+#	$INCLUDE sql.conf
+
+	#
+	#  This module is an SQL enabled version of the counter module.
+	#
+	#  Rather than maintaining seperate (GDBM) databases of
+	#  accounting info for each counter, this module uses the data
+	#  stored in the raddacct table by the sql modules. This
+	#  module NEVER does any database INSERTs or UPDATEs.  It is
+	#  totally dependent on the SQL module to process Accounting
+	#  packets.
+	#
+#	$INCLUDE sql/mysql/counter.conf
+
+	#
+	#  IP addresses managed in an SQL table.
+	#
+#	$INCLUDE sqlippool.conf
+}
+
+# Instantiation
+#
+#  This section orders the loading of the modules.  Modules
+#  listed here will get loaded BEFORE the later sections like
+#  authorize, authenticate, etc. get examined.
+#
+#  This section is not strictly needed.  When a section like
+#  authorize refers to a module, it's automatically loaded and
+#  initialized.  However, some modules may not be listed in any
+#  of the following sections, so they can be listed here.
+#
+#  Also, listing modules here ensures that you have control over
+#  the order in which they are initalized.  If one module needs
+#  something defined by another module, you can list them in order
+#  here, and ensure that the configuration will be OK.
+#
+instantiate {
+	#
+	#  Allows the execution of external scripts.
+	#  The entire command line (and output) must fit into 253 bytes.
+	#
+	#  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
+	exec
+
+	#
+	#  The expression module doesn't do authorization,
+	#  authentication, or accounting.  It only does dynamic
+	#  translation, of the form:
+	#
+	#	Session-Timeout = `%{expr:2 + 3}`
+	#
+	#  This module needs to be instantiated, but CANNOT be
+	#  listed in any other section.  See 'doc/rlm_expr' for
+	#  more information.
+	#
+	#  rlm_expr is also responsible for registering many
+	#  other xlat functions such as md5, sha1 and lc.
+	#
+	#  We do not recommend removing it's listing here.
+	expr
+
+	#
+	# We add the counter module here so that it registers
+	# the check-name attribute before any module which sets
+	# it
+#	daily
+	expiration
+	logintime
+
+	# subsections here can be thought of as "virtual" modules.
+	#
+	# e.g. If you have two redundant SQL servers, and you want to
+	# use them in the authorize and accounting sections, you could
+	# place a "redundant" block in each section, containing the
+	# exact same text.  Or, you could uncomment the following
+	# lines, and list "redundant_sql" in the authorize and
+	# accounting sections.
+	#
+	#redundant redundant_sql {
+	#	sql1
+	#	sql2
+	#}
+}
+
+######################################################################
+#
+#	Policies that can be applied in multiple places are listed
+#	globally.  That way, they can be defined once, and referred
+#	to multiple times.
+#
+######################################################################
+$INCLUDE policy.conf
+
+######################################################################
+#
+#	Load virtual servers.
+#
+#	This next $INCLUDE line loads files in the directory that
+#	match the regular expression: /[a-zA-Z0-9_.]+/
+#
+#	It allows you to define new virtual servers simply by placing
+#	a file into the raddb/sites-enabled/ directory.
+#
+$INCLUDE sites-enabled/
+
+######################################################################
+#
+#	All of the other configuration sections like "authorize {}",
+#	"authenticate {}", "accounting {}", have been moved to the
+#	the file:
+#
+#		raddb/sites-available/default
+#
+#	This is the "default" virtual server that has the same
+#	configuration as in version 1.0.x and 1.1.x.  The default
+#	installation enables this virtual server.  You should
+#	edit it to create policies for your local site.
+#
+#	For more documentation on virtual servers, see:
+#
+#		raddb/sites-available/README
+#
+######################################################################
--- /dev/null
+++ freeradius-2.2.5+dfsg/raddb/radiusd.conf.in.rej
@@ -0,0 +1,22 @@
+--- raddb/radiusd.conf.in
++++ raddb/radiusd.conf.in
+@@ -62,7 +62,7 @@
+ 
+ #
+ #  name of the running server.  See also the "-n" command-line option.
+-name = radiusd
++name = freeradius
+ 
+ #  Location of config and logfiles.
+ confdir = ${raddbdir}
+@@ -164,8 +164,8 @@
+ #  It will join all groups where "user" is a member.  This can allow
+ #  for some finer-grained access controls.
+ #
+-#user = radius
+-#group = radius
++user = freerad
++group = freerad
+ 
+ #  panic_action: Command to execute if the server dies unexpectedly.
+ #
--- /dev/null
+++ freeradius-2.2.5+dfsg/scripts/freeradius.monitrc.rej
@@ -0,0 +1,15 @@
+--- scripts/freeradius.monitrc
++++ scripts/freeradius.monitrc
+@@ -8,9 +8,9 @@
+ #  Totalmem limit should be lowered to 200.0 if none of the 
+ #  interpreted language modules or rlm_cache are being used.
+ #
+-check process radiusd with pidfile /var/run/radiusd/radiusd.pid
+-   start program = "/etc/init.d/radiusd start"
+-   stop program = "/etc/init.d/radiusd stop"
++check process freeradius with pidfile /var/run/freeradius/freeradius.pid
++   start program = "/etc/init.d/freeradius start"
++   stop program = "/etc/init.d/freeradius stop"
+    if failed host 127.0.0.1 port 1812 type udp protocol radius secret testing123 then alert
+    if failed host 127.0.0.1 port 1813 type udp protocol radius secret testing123 then alert
+    if cpu > 95% for 2 cycles then alert
--- freeradius-2.2.5+dfsg.orig/src/main/radclient.c
+++ freeradius-2.2.5+dfsg/src/main/radclient.c
@@ -1,7 +1,7 @@
 /*
  * radclient.c	General radius packet debug tool.
  *
- * Version:	$Id: 65c7a5cdb022612051530f8c79133f93b0f00328 $
+ * Version:	$Id: a3d11d23917f3ed879889658be056073c1243c0e $
  *
  *   This program is free software; you can redistribute it and/or modify
  *   it under the terms of the GNU General Public License as published by
@@ -23,7 +23,7 @@
  */
 
 #include <freeradius-devel/ident.h>
-RCSID("$Id: 65c7a5cdb022612051530f8c79133f93b0f00328 $")
+RCSID("$Id: a3d11d23917f3ed879889658be056073c1243c0e $")
 
 #include <freeradius-devel/libradius.h>
 #include <freeradius-devel/conf.h>
--- freeradius-2.2.5+dfsg.orig/src/modules/rlm_sql_log/Makefile
+++ freeradius-2.2.5+dfsg/src/modules/rlm_sql_log/Makefile
@@ -1,7 +1,7 @@
 #
 # Makefile
 #
-# Version:	$Id: e09feda643e1eb51fa72d5e782225d66c6a17b7e $
+# Version:	$Id: cfda9e720eb35eaa0481afa2ddfd5a71cf5cfad3 $
 #
 
 TARGET      = rlm_sql_log
--- freeradius-2.2.5+dfsg.orig/src/modules/rlm_sqlcounter/Makefile.in
+++ freeradius-2.2.5+dfsg/src/modules/rlm_sqlcounter/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: bd853f0810544d0ff2e66ebb5559fc3b53c19e9e $
+# $Id: dc57c7c169cd71b046387491c74aa0b42d651ad6 $
 #
 
 TARGET      = @targetname@
--- freeradius-2.2.5+dfsg.orig/src/modules/rlm_sqlippool/Makefile.in
+++ freeradius-2.2.5+dfsg/src/modules/rlm_sqlippool/Makefile.in
@@ -1,5 +1,5 @@
 #
-# $Id: af28710f09ff162000a5142f96faa471c83aa005 $
+# $Id: 3aa52c088e1b49631d0aa696450da1899e50ba91 $
 #
 
 INCLUDE += -I/usr/local/include/
