diff --git a/.gitignore b/.gitignore
index 8214f68..52d28fe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/trousers-0.3.14.tar.gz
+SOURCES/trousers-0.3.15.tar.gz
diff --git a/.trousers.metadata b/.trousers.metadata
index b677878..253f73f 100644
--- a/.trousers.metadata
+++ b/.trousers.metadata
@@ -1 +1 @@
-9ca2cc9e1179465f6c5d9055e2b855e25031b85a SOURCES/trousers-0.3.14.tar.gz
+75cd40e17c9385299e50ff2099905865442b59f1 SOURCES/trousers-0.3.15.tar.gz
diff --git a/SOURCES/trousers-0.3.14-double-free.patch b/SOURCES/trousers-0.3.14-double-free.patch
deleted file mode 100644
index ef7a36a..0000000
--- a/SOURCES/trousers-0.3.14-double-free.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff -ur trousers-0.3.14/src/tspi/tsp_auth.c trousers-0.3.14-new/src/tspi/tsp_auth.c
---- trousers-0.3.14/src/tspi/tsp_auth.c	2014-07-23 12:42:45.000000000 -0700
-+++ trousers-0.3.14-new/src/tspi/tsp_auth.c	2019-05-27 13:41:57.316000945 -0700
-@@ -1221,7 +1221,7 @@
- 	}
- 
- 	*handles = handle;
--    handles_track = handles;
-+	handles_track = handles;
- 
-     // Since the call tree of this function can possibly alloc memory 
-     // (check RPC_ExecuteTransport_TP function), its better to keep track of
-@@ -1229,9 +1229,11 @@
- 	result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL,
- 					       NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL);
- 
--	free(handles);
--    handles = NULL;
--    free(handles_track);
-+	if (handles != handles_track) {
-+		free(handles);
-+	}
-+
-+	free(handles_track);
- 
- 	return result;
- }
diff --git a/SOURCES/trousers-0.3.14-memset.patch b/SOURCES/trousers-0.3.14-memset.patch
deleted file mode 100644
index f8a2804..0000000
--- a/SOURCES/trousers-0.3.14-memset.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff -ur trousers-0.3.14/src/include/spi_utils.h trousers-0.3.14-new/src/include/spi_utils.h
---- trousers-0.3.14/src/include/spi_utils.h	2014-07-23 12:42:44.000000000 -0700
-+++ trousers-0.3.14-new/src/include/spi_utils.h	2019-06-05 11:25:12.278782622 -0700
-@@ -53,7 +53,7 @@
- void *calloc_tspi(TSS_HCONTEXT, UINT32);
- TSS_RESULT free_tspi(TSS_HCONTEXT, void *);
- TSS_RESULT __tspi_add_mem_entry(TSS_HCONTEXT, void *);
--void * __no_optimize __tspi_memset(void *, int, size_t);
-+void * __tspi_memset(void *, int, size_t);
- 
- /* secrets.c */
- 
-diff -ur trousers-0.3.14/src/tspi/tsp_context_mem.c trousers-0.3.14-new/src/tspi/tsp_context_mem.c
---- trousers-0.3.14/src/tspi/tsp_context_mem.c	2014-07-23 12:42:45.000000000 -0700
-+++ trousers-0.3.14-new/src/tspi/tsp_context_mem.c	2019-06-05 11:27:23.585033966 -0700
-@@ -258,8 +258,10 @@
- }
- 
- /* definition for a memset that cannot be optimized away */
--void * __no_optimize
-+void *
- __tspi_memset(void *s, int c, size_t n)
- {
--	return memset(s, c, n);
-+	memset(s, c, n);
-+	asm volatile("" ::: "memory");
-+	return s;
- }
diff --git a/SOURCES/trousers-0.3.14-noinline.patch b/SOURCES/trousers-0.3.14-noinline.patch
index 2880bb3..856fd5d 100644
--- a/SOURCES/trousers-0.3.14-noinline.patch
+++ b/SOURCES/trousers-0.3.14-noinline.patch
@@ -1,14 +1,14 @@
-diff -ur a/src/include/tspps.h b/src/include/tspps.h
---- a/src/include/tspps.h	2014-07-23 12:42:44.000000000 -0700
-+++ b/src/include/tspps.h	2018-08-01 19:33:42.454192873 -0700
+diff -ur trousers-0.3.15/src/include/tspps.h trousers-0.3.15-new/src/include/tspps.h
+--- trousers-0.3.15/src/include/tspps.h	2020-05-27 23:01:45.000000000 -0700
++++ trousers-0.3.15-new/src/include/tspps.h	2020-11-06 17:46:53.796319788 -0700
 @@ -18,8 +18,8 @@
  
  TSS_RESULT	   get_file(int *);
  int		   put_file(int);
 -inline TSS_RESULT  read_data(int, void *, UINT32);
 -inline TSS_RESULT  write_data(int, void *, UINT32);
-+TSS_RESULT  	   read_data(int, void *, UINT32);
-+TSS_RESULT  	   write_data(int, void *, UINT32);
++TSS_RESULT  read_data(int, void *, UINT32);
++TSS_RESULT  write_data(int, void *, UINT32);
  UINT32		   psfile_get_num_keys(int);
  TSS_RESULT	   psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *);
  TSS_RESULT	   psfile_remove_key_by_uuid(int, TSS_UUID *);
diff --git a/SPECS/trousers.spec b/SPECS/trousers.spec
index 9ced8b5..f3502d4 100644
--- a/SPECS/trousers.spec
+++ b/SPECS/trousers.spec
@@ -1,7 +1,7 @@
 Name: trousers
 Summary: TCG's Software Stack v1.2
-Version: 0.3.14
-Release: 4%{?dist}
+Version: 0.3.15
+Release: 1%{?dist}
 License: BSD
 Group: System Environment/Libraries
 Url: http://trousers.sourceforge.net
@@ -12,12 +12,9 @@ Patch1: trousers-0.3.14-noinline.patch
 # submitted upstream https://sourceforge.net/p/trousers/mailman/message/35766729/
 Patch2: trousers-0.3.14-unlock-in-err-path.patch
 Patch3: trousers-0.3.14-fix-indent-obj_policy.patch
-Patch4: trousers-0.3.14-double-free.patch
-Patch5: trousers-0.3.14-fix-indent-tspi_key.patch
-# submitted upstream
-Patch6: trousers-0.3.14-memset.patch
+Patch4: trousers-0.3.14-fix-indent-tspi_key.patch
 
-BuildRequires: libtool, openssl-devel
+BuildRequires: libtool openssl-devel gettext-devel autoconf automake
 BuildRequires: systemd
 Requires(pre): shadow-utils
 Requires(post): systemd-units
@@ -62,17 +59,13 @@ Header files and man pages for use in creating Trusted Computing enabled
 applications.
 
 %prep
-%setup -cq
-%patch1 -p1 -b .noinline
-%patch2 -p1 -b .unlock
-%patch3 -p1 -b .indent_obj_policy
-%patch4 -p1 -b .double_free
-%patch5 -p1 -b .indent_tspi_key
-%patch6 -p1 -b .memset
+%autosetup -p1
 # fix man page paths
 sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in
 
 %build
+chmod +x ./bootstrap.sh
+./bootstrap.sh
 %configure --with-gui=openssl
 make -k %{?_smp_mflags}
 
@@ -84,10 +77,14 @@ mkdir -p $RPM_BUILD_ROOT%{_unitdir}
 install -m 0644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/
 
 %pre
-getent group tss >/dev/null || groupadd -g 59 -r tss
-getent passwd tss >/dev/null || \
-useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin \
- -c "Account used by the trousers package to sandbox the tcsd daemon" tss
+getent group tss >/dev/null || groupadd -f -g 59 -r tss
+if ! getent passwd tss >/dev/null ; then
+    if ! getent passwd 59 >/dev/null ; then
+      useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
+    else
+      useradd -r -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
+    fi
+fi
 exit 0
 
 %post
@@ -106,7 +103,7 @@ exit 0
 %files
 %doc README ChangeLog
 %{_sbindir}/tcsd
-%config(noreplace) %attr(0600, tss, tss) %{_sysconfdir}/tcsd.conf
+%config(noreplace) %attr(0640, root, tss) %{_sysconfdir}/tcsd.conf
 %{_mandir}/man5/*
 %{_mandir}/man8/*
 %attr(644,root,root) %{_unitdir}/tcsd.service
@@ -130,6 +127,11 @@ exit 0
 %{_libdir}/libtddl.a
 
 %changelog
+* Fri Nov 06 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 0.3.15-1
+- Rebase to 0.3.15
+- Fix CVE-2020-24330 CVE-2020-24331 CVE-2020-24332
+resolves: rhbz#1725782 rhbz#1877517 rhbz#1882402 rhbz#1882414
+
 * Wed Jun 05 2019 Jerry Snitselaar <jsnitsel@redhat.com> - 0.3.14-4
 - Fix annocheck warnings
 resolves: rhbz#1624181