diff --git a/.gitignore b/.gitignore
index 77005cf..f2e090d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 bitlbee-1.2.8.tar.gz
+bitlbee-3.0.tar.gz
diff --git a/bitlbee-3.0-configure-eclipse.patch b/bitlbee-3.0-configure-eclipse.patch
new file mode 100644
index 0000000..a00f088
--- /dev/null
+++ b/bitlbee-3.0-configure-eclipse.patch
@@ -0,0 +1,16 @@
+diff --git a/configure b/configure
+index be06d6a..8976adc 100755
+--- a/configure
++++ b/configure
+@@ -128,8 +128,9 @@ LFLAGS=
+ EFLAGS=
+ EOF
+ 
+-srcdir="$(dirname $0)"
+-if [ "$srcdir" != "." ]; then
++srcdir="$(readlink -f $(dirname $0))"
++curdir="$(readlink -f $(pwd))"
++if [ "$srcdir" != "$curdir" ]; then
+ 	echo
+ 	echo "configure script run from a different directory. Will create some symlinks..."
+ 	if [ ! -e Makefile -o -L Makefile ]; then
diff --git a/bitlbee-3.0-nss.patch b/bitlbee-3.0-nss.patch
new file mode 100644
index 0000000..36abcef
--- /dev/null
+++ b/bitlbee-3.0-nss.patch
@@ -0,0 +1,179 @@
+diff --git a/configure b/configure
+index ff68da8..be06d6a 100755
+--- a/configure
++++ b/configure
+@@ -288,10 +288,10 @@ EOF
+ 
+ detect_nss()
+ {
+-	if $PKG_CONFIG --version > /dev/null 2>/dev/null && $PKG_CONFIG mozilla-nss; then
++	if $PKG_CONFIG --version > /dev/null 2>/dev/null && $PKG_CONFIG nss; then
+ 		cat<<EOF>>Makefile.settings
+-EFLAGS+=`$PKG_CONFIG --libs mozilla-nss`
+-CFLAGS+=`$PKG_CONFIG --cflags mozilla-nss`
++EFLAGS+=`$PKG_CONFIG --libs nss`
++CFLAGS+=`$PKG_CONFIG --cflags nss`
+ EOF
+ 		
+ 		ssl=nss
+@@ -426,7 +426,7 @@ if [ "$ret" = "0" ]; then
+ 	exit 1
+ fi;
+ 
+-if [ "$msn" = "1" -a "$ssl" != "openssl" -a "$ssl" != "gnutls" ]; then
++if [ "$msn" = "1" -a "$ssl" != "openssl" -a "$ssl" != "nss" -a "$ssl" != "gnutls" ]; then
+ 	# Needed for MSN only. OpenSSL exports nice cipher functions already,
+ 	# in case of GnuTLS we should be able to use gcrypt. Otherwise, use
+ 	# built-in stuff. (Since right now those are the only two supported
+diff --git a/lib/ssl_nss.c b/lib/ssl_nss.c
+index b0e2f9f..63a47f5 100644
+--- a/lib/ssl_nss.c
++++ b/lib/ssl_nss.c
+@@ -33,8 +33,10 @@
+ #include <prio.h>
+ #include <sslproto.h>
+ #include <nss.h>
++#include <pk11pub.h>
+ #include <private/pprio.h>
+ #include <ssl.h>
++#include <seccomon.h>
+ #include <secerr.h>
+ #include <sslerr.h>
+ 
+@@ -52,6 +54,7 @@ struct scd
+ };
+ 
+ static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond );
++static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond );
+ 
+ 
+ static SECStatus nss_auth_cert (void *arg, PRFileDesc *socket, PRBool checksig, PRBool isserver)
+@@ -121,6 +124,35 @@ void *ssl_connect( char *host, int port, ssl_input_function func, gpointer data
+ 	return( conn );
+ }
+ 
++static gboolean ssl_starttls_real( gpointer data, gint source, b_input_condition cond )
++{
++	struct scd *conn = data;
++
++	return ssl_connected( conn, conn->fd, B_EV_IO_WRITE );
++}
++
++void *ssl_starttls( int fd, ssl_input_function func, gpointer data )
++{
++	struct scd *conn = g_new0( struct scd, 1 );
++
++	conn->fd = fd;
++	conn->func = func;
++	conn->data = data;
++
++	/* This function should be called via a (short) timeout instead of
++	   directly from here, because these SSL calls are *supposed* to be
++	   *completely* asynchronous and not ready yet when this function
++	   (or *_connect, for examle) returns. Also, errors are reported via
++	   the callback function, not via this function's return value.
++
++	   In short, doing things like this makes the rest of the code a lot
++	   simpler. */
++
++	b_timeout_add( 1, ssl_starttls_real, conn );
++
++	return conn;
++}
++
+ static gboolean ssl_connected( gpointer data, gint source, b_input_condition cond )
+ {
+ 	struct scd *conn = data;
+@@ -200,3 +232,92 @@ b_input_condition ssl_getdirection( void *conn )
+ 	/* Just in case someone calls us, let's return the most likely case: */
+ 	return B_EV_IO_READ;
+ }
++
++size_t ssl_des3_encrypt(const unsigned char *key, size_t key_len,
++    const unsigned char *input, size_t input_len, const unsigned char *iv,
++    unsigned char **res)
++{
++  int output_length = 0;
++
++  CK_MECHANISM_TYPE cipherMech;
++  PK11SlotInfo* slot = NULL;
++  PK11SymKey* SymKey = NULL;
++  SECItem* SecParam = NULL;
++  PK11Context* EncContext = NULL;
++  SECItem keyItem, ivItem;
++  SECStatus rv1, rv2;
++  int tmp1_outlen, tmp2_outlen;
++
++  if (!initialized)
++    {
++      ssl_init();
++    }
++
++  *res = g_new0(unsigned char, 1024);
++
++  cipherMech = CKM_DES3_CBC_PAD;
++  slot = PK11_GetBestSlot(cipherMech, NULL);
++
++  if (slot == NULL)
++    {
++      fprintf(stderr, "Unable to find security device (err %d)\n",
++          PR_GetError());
++      goto out;
++    }
++
++  // Converts "raw key" into a key object.
++  keyItem.type = siBuffer;
++  keyItem.data = (unsigned char*)key;
++  keyItem.len = key_len;
++
++  SymKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, CKA_ENCRYPT,
++                             &keyItem, NULL);
++
++  if (SymKey == NULL)
++  {
++    fprintf(stderr, "Failure to import key into NSS (err %d)\n",
++            PR_GetError());
++    goto out;
++  }
++
++  /* set up the PKCS11 encryption paramters.
++   * when not using CBC mode, ivItem.data and ivItem.len can be 0, or you
++   * can simply pass NULL for the iv parameter in PK11_ParamFromIV func
++   */
++  ivItem.type = siBuffer;
++  ivItem.data = iv;
++  ivItem.len = strlen(iv); // ??? Is it right? FIXME
++  SecParam = PK11_ParamFromIV(cipherMech, &ivItem);
++  if (SecParam == NULL)
++  {
++    fprintf(stderr, "Failure to set up PKCS11 param (err %d)\n",
++            PR_GetError());
++    goto out;
++  }
++
++  /* ========================= START SECTION ============================= */
++  /* If using the the same key and iv over and over, stuff before this     */
++  /* section and after this section needs to be done only ONCE             */
++  /* ENCRYPT data into buf1. buf1 len must be atleast (data len + 8) */
++  tmp1_outlen = tmp2_outlen = 0;
++
++  /* Create cipher context */
++  EncContext = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT,
++                                          SymKey, SecParam);
++  rv1 = PK11_CipherOp(EncContext, res, &tmp1_outlen, sizeof(res),
++                      input, input_len+1);
++  rv2 = PK11_DigestFinal(EncContext, res+tmp1_outlen, &tmp2_outlen,
++                         sizeof(res)-tmp1_outlen);
++  PK11_DestroyContext(EncContext, PR_TRUE);
++  output_length = tmp1_outlen + tmp2_outlen;
++  if (rv1 != SECSuccess || rv2 != SECSuccess)
++    goto out;
++
++  return output_length;
++
++  out:
++    if (SymKey)
++      PK11_FreeSymKey(SymKey);
++    if (SecParam)
++      SECITEM_FreeItem(SecParam, PR_TRUE);
++}
diff --git a/bitlbee.spec b/bitlbee.spec
index 9f242ae..cbfe03b 100644
--- a/bitlbee.spec
+++ b/bitlbee.spec
@@ -1,7 +1,7 @@
 Summary:           IRC to other chat networks gateway
 Name:              bitlbee
-Version:           1.2.8
-Release:           1%{?dist}
+Version:           3.0
+Release:           2%{?dist}
 License:           GPLv2+ and MIT
 Group:             System Environment/Daemons
 URL:               http://www.bitlbee.org/
@@ -9,7 +9,8 @@ Source0:           http://get.bitlbee.org/src/%{name}-%{version}.tar.gz
 Source1:           bitlbee.xinetd
 Source2:           bitlbee-wrapper.h
 Patch0:            bitlbee-1.2.7-libresolv.patch
-Patch1:            bitlbee-1.2.8-strtoll.patch
+Patch1:            bitlbee-3.0-nss.patch
+Patch2:            bitlbee-3.0-configure-eclipse.patch
 Requires:          xinetd
 Requires(pre):     shadow-utils
 Requires(preun):   /sbin/service
@@ -40,18 +41,9 @@ developing programs and plugins which use bitlbee.
 %setup -q
 %if 0%{?fedora}%{?rhel} < 6
 %patch0 -p1 -b .libresolv
-%patch1 -p1 -b .strtoll
 %endif
-
-perl -pi.make -e '
-                s|\$\(BINDIR\)|\$(sbindir)|g;
-                s|\$\(DATADIR\)|\$(datadir)/%{name}|g;
-                s|\$\(ETCDIR\)|\$(sysconfdir)/%{name}|g;
-                s|\$\(MANDIR\)|\$(mandir)|g;
-                s|\$\(INCLUDEDIR\)|\$(includedir)/%{name}|g;
-                s|\$\(PCDIR\)|\$(libdir)/pkgconfig|g;
-                s|install -m|install -p -m|g;
-        ' Makefile */Makefile */*/Makefile
+%patch1 -p1 -b .nss
+%patch2 -p1 -b .configureEclipse
 
 %build
 CFLAGS="$RPM_OPT_FLAGS" ./configure \
@@ -71,11 +63,12 @@ CFLAGS="$RPM_OPT_FLAGS" ./configure \
         --ssl=openssl
 %endif
 
-make %{?_smp_mflags}
+make DESTDIR=$RPM_BUILD_ROOT %{?_smp_mflags}
 
 %install
 rm -rf $RPM_BUILD_ROOT
-%makeinstall install-dev
+make DESTDIR=$RPM_BUILD_ROOT \
+    install install-dev install-etc
 
 # Install some files manually to their correct destination
 mkdir -p $RPM_BUILD_ROOT{%{_localstatedir}/lib,%{_libdir}}/%{name}
@@ -115,7 +108,7 @@ rm -rf $RPM_BUILD_ROOT
 %doc COPYING doc/{AUTHORS,CHANGES,CREDITS,FAQ,README}
 %doc doc/user-guide/*.xml doc/user-guide/user-guide.txt
 %dir %{_sysconfdir}/%{name}
-%config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
+%config(noreplace) %{_sysconfdir}/%{name}/
 %config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
 %{_sbindir}/%{name}
 %{_libdir}/%{name}/
@@ -130,6 +123,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
+* Sun Nov 21 2010 Matěj Cepl <mcepl@redhat.com> - 3.0-2
+- Get rid of bad regexp magic, now with pure DESTDIR.
+
+* Fri Oct 22 2010 Matěj Cepl <mcepl@redhat.com> - 3.0-1
+- New upstream release.
+
 * Sun Jul 04 2010 Robert Scheck <robert@fedoraproject.org> 1.2.8-1
 - Upgrade to 1.2.8
 
diff --git a/sources b/sources
index 331f529..1818830 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-e1fbbd9d96ec7c2377b1b286689c1b83  bitlbee-1.2.8.tar.gz
+455fc8070d758c2bb3442ef4c709ad69  bitlbee-3.0.tar.gz