RHEL 9.0.0 Alpha bootstrap

The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/trousers#ba65b02d14df4e4a21c824845cabda9bf5b5995d

.gitignore

@@ -0,0 +1,8 @@
+trousers-0.3.1.tar.gz
+trousers-0.3.4.tar.gz
+/trousers-0.3.6.tar.gz
+/trousers-0.3.9.tar.gz
+/trousers-0.3.10.tar.gz
+/trousers-0.3.11.2.tar.gz
+/trousers-0.3.13.tar.gz
+/trousers-0.3.14.tar.gz

sources

@@ -0,0 +1 @@
+SHA512 (trousers-0.3.14.tar.gz) = bf87f00329cf1d76a12cf6b6181fa22f90e76af3c5786e6e2db98438d2d3f0c0e05364374664173f45e3a2f6c0e2364948d0b958a7845cb23fcb340150cd9b21

tcsd.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=TCG Core Services Daemon
+
+[Service]
+Type=forking
+ExecStart=/sbin/tcsd
+
+[Install]
+WantedBy=multi-user.target
+

trousers-0.3.13-noinline.patch

@@ -0,0 +1,70 @@
+diff -up trousers-0.3.13/src/include/tcsps.h.noinline trousers-0.3.13/src/include/tcsps.h
+--- trousers-0.3.13/src/include/tcsps.h.noinline	2014-04-24 20:05:44.000000000 +0200
++++ trousers-0.3.13/src/include/tcsps.h	2015-05-26 16:36:20.685075185 +0200
+@@ -27,8 +27,8 @@ void		   ps_destroy();
+ TSS_RESULT  read_data(int, void *, UINT32);
+ TSS_RESULT  write_data(int, void *, UINT32);
+ #else
+-inline TSS_RESULT  read_data(int, void *, UINT32);
+-inline TSS_RESULT  write_data(int, void *, UINT32);
++TSS_RESULT  read_data(int, void *, UINT32);
++TSS_RESULT  write_data(int, void *, UINT32);
+ #endif
+ int		   write_key_init(int, UINT32, UINT32, UINT32);
+ TSS_RESULT	   cache_key(UINT32, UINT16, TSS_UUID *, TSS_UUID *, UINT16, UINT32, UINT32);
+diff -up trousers-0.3.13/src/include/tspps.h.noinline trousers-0.3.13/src/include/tspps.h
+--- trousers-0.3.13/src/include/tspps.h.noinline	2014-04-24 20:05:44.000000000 +0200
++++ trousers-0.3.13/src/include/tspps.h	2015-05-26 16:36:31.730325291 +0200
+@@ -18,8 +18,8 @@
+ 
+ TSS_RESULT	   get_file(int *);
+ int		   put_file(int);
+-inline TSS_RESULT  read_data(int, void *, UINT32);
+-inline TSS_RESULT  write_data(int, void *, UINT32);
++TSS_RESULT  read_data(int, void *, UINT32);
++TSS_RESULT  write_data(int, void *, UINT32);
+ UINT32		   psfile_get_num_keys(int);
+ TSS_RESULT	   psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *);
+ TSS_RESULT	   psfile_remove_key_by_uuid(int, TSS_UUID *);
+diff -up trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline trousers-0.3.13/src/tcs/ps/ps_utils.c
+--- trousers-0.3.13/src/tcs/ps/ps_utils.c.noinline	2014-04-24 20:05:44.000000000 +0200
++++ trousers-0.3.13/src/tcs/ps/ps_utils.c	2015-05-26 16:38:33.626085483 +0200
+@@ -45,7 +45,7 @@ struct key_disk_cache *key_disk_cache_he
+ #ifdef SOLARIS
+ TSS_RESULT
+ #else
+-inline TSS_RESULT
++TSS_RESULT
+ #endif
+ read_data(int fd, void *data, UINT32 size)
+ {
+@@ -67,7 +67,7 @@ read_data(int fd, void *data, UINT32 siz
+ #ifdef SOLARIS
+ TSS_RESULT
+ #else
+-inline TSS_RESULT
++TSS_RESULT
+ #endif
+ write_data(int fd, void *data, UINT32 size)
+ {
+diff -up trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline trousers-0.3.13/src/tspi/ps/ps_utils.c
+--- trousers-0.3.13/src/tspi/ps/ps_utils.c.noinline	2014-04-24 20:05:44.000000000 +0200
++++ trousers-0.3.13/src/tspi/ps/ps_utils.c	2015-05-26 16:39:30.881381965 +0200
+@@ -22,7 +22,7 @@
+ #include "tspps.h"
+ #include "tsplog.h"
+ 
+-inline TSS_RESULT
++TSS_RESULT
+ read_data(int fd, void *data, UINT32 size)
+ {
+ 	int rc;
+@@ -39,7 +39,7 @@ read_data(int fd, void *data, UINT32 siz
+ 	return TSS_SUCCESS;
+ }
+ 
+-inline TSS_RESULT
++TSS_RESULT
+ write_data(int fd, void *data, UINT32 size)
+ {
+ 	int rc;

trousers-0.3.14-double-free.patch

@@ -0,0 +1,27 @@
+diff -ur trousers-0.3.14/src/tspi/tsp_auth.c trousers-0.3.14-new/src/tspi/tsp_auth.c
+--- trousers-0.3.14/src/tspi/tsp_auth.c	2014-07-23 12:42:45.000000000 -0700
++++ trousers-0.3.14-new/src/tspi/tsp_auth.c	2019-05-27 13:41:57.316000945 -0700
+@@ -1221,7 +1221,7 @@
+ 	}
+ 
+ 	*handles = handle;
+-    handles_track = handles;
++	handles_track = handles;
+ 
+     // Since the call tree of this function can possibly alloc memory 
+     // (check RPC_ExecuteTransport_TP function), its better to keep track of
+@@ -1229,9 +1229,11 @@
+ 	result = obj_context_transport_execute(tspContext, TPM_ORD_Terminate_Handle, 0, NULL,
+ 					       NULL, &handlesLen, &handles, NULL, NULL, NULL, NULL);
+ 
+-	free(handles);
+-    handles = NULL;
+-    free(handles_track);
++	if (handles != handles_track) {
++		free(handles);
++	}
++
++	free(handles_track);
+ 
+ 	return result;
+ }

trousers-0.3.14-fix-indent-obj_policy.patch

@@ -0,0 +1,12 @@
+diff -ur trousers-0.3.14/src/tspi/obj_policy.c trousers-0.3.14-new/src/tspi/obj_policy.c
+--- trousers-0.3.14/src/tspi/obj_policy.c	2014-07-23 12:42:44.000000000 -0700
++++ trousers-0.3.14-new/src/tspi/obj_policy.c	2019-05-27 13:29:56.720899059 -0700
+@@ -984,7 +984,7 @@
+ 					      policy->popupString,
+ 					      policy->Secret)))
+ 			goto done;
+-			policy->SecretSet = TRUE;
++		policy->SecretSet = TRUE;
+ 	}	
+ 	memcpy(secret, policy->Secret, TPM_SHA1_160_HASH_LEN);
+ 	*mode = policy->SecretMode;

trousers-0.3.14-fix-indent-tspi_key.patch

@@ -0,0 +1,18 @@
+diff -ur trousers-0.3.14/src/tspi/tspi_key.c trousers-0.3.14-new/src/tspi/tspi_key.c
+--- trousers-0.3.14/src/tspi/tspi_key.c	2014-07-23 12:42:45.000000000 -0700
++++ trousers-0.3.14-new/src/tspi/tspi_key.c	2019-05-27 13:44:42.366735438 -0700
+@@ -370,10 +370,10 @@
+ 	/* get the key to be wrapped's private key */
+ 	if ((result = obj_rsakey_get_priv_blob(hKey, &keyPrivBlobLen, &keyPrivBlob)))
+ 		goto done;
+-    /* verify if its under the maximum size, according to the
+-     * TPM_STORE_ASYMKEY specification */
+-    if (keyPrivBlobLen > TPM_STORE_PRIVKEY_LEN)
+-        return TSPERR(TSS_E_ENC_INVALID_LENGTH);
++	/* verify if its under the maximum size, according to the
++	 * TPM_STORE_ASYMKEY specification */
++	if (keyPrivBlobLen > TPM_STORE_PRIVKEY_LEN)
++		return TSPERR(TSS_E_ENC_INVALID_LENGTH);
+ 
+ 	/* get the key to be wrapped's blob */
+ 	if ((result = obj_rsakey_get_blob(hKey, &keyBlobLen, &keyBlob)))

trousers-0.3.14-noinline.patch

@@ -0,0 +1,14 @@
+diff -ur a/src/include/tspps.h b/src/include/tspps.h
+--- a/src/include/tspps.h	2014-07-23 12:42:44.000000000 -0700
++++ b/src/include/tspps.h	2018-08-01 19:33:42.454192873 -0700
+@@ -18,8 +18,8 @@
+ 
+ TSS_RESULT	   get_file(int *);
+ int		   put_file(int);
+-inline TSS_RESULT  read_data(int, void *, UINT32);
+-inline TSS_RESULT  write_data(int, void *, UINT32);
++TSS_RESULT  	   read_data(int, void *, UINT32);
++TSS_RESULT  	   write_data(int, void *, UINT32);
+ UINT32		   psfile_get_num_keys(int);
+ TSS_RESULT	   psfile_get_parent_uuid_by_uuid(int, TSS_UUID *, TSS_UUID *);
+ TSS_RESULT	   psfile_remove_key_by_uuid(int, TSS_UUID *);

trousers-0.3.14-tcsd-header-fix.patch

@@ -0,0 +1,37 @@
+From b692f86a93c8f7e6ac938277a9aec434b02c252b Mon Sep 17 00:00:00 2001
+From: Jerry Snitselaar <jsnitsel@redhat.com>
+Date: Wed, 18 Mar 2020 13:35:22 -0700
+Subject: [PATCH] trousers: resolve build failure
+
+The global variables tcsd_sa_chld and tcsd_sa_int in tcsd.h are
+causing build failures in latest Fedora release:
+
+/usr/bin/ld: ../../src/tcs/libtcs.a(libtcs_a-tcsi_changeauth.o):/builddir/build/BUILD/trousers-0.3.13/src/tcs/../include/tcsd.h:169: multiple definition of `tcsd_sa_chld'; tcsd-svrside.o:/builddir/build/BUILD/trousers-0.3.13/src/tcsd/../../src/include/tcsd.h:169: first defined here
+/usr/bin/ld: ../../src/tcs/libtcs.a(libtcs_a-tcsi_changeauth.o):/builddir/build/BUILD/trousers-0.3.13/src/tcs/../include/tcsd.h:168: multiple definition of `tcsd_sa_int'; tcsd-svrside.o:/builddir/build/BUILD/trousers-0.3.13/src/tcsd/../../src/include/tcsd.h:168: first defined here
+
+They are no longer used since 9b40e581470b ("Improved daemon's signal
+handling") so just remove them.
+
+Signed-off-by: Jerry Snitselaar <jsnitsel@redhat.com>
+---
+ src/include/tcsd.h | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/src/include/tcsd.h b/src/include/tcsd.h
+index 5b9462b85ed6..f5c286e01c86 100644
+--- a/src/include/tcsd.h
++++ b/src/include/tcsd.h
+@@ -164,10 +164,4 @@ TSS_RESULT tcsd_thread_create(int, char *);
+ void	   *tcsd_thread_run(void *);
+ void	   thread_signal_init();
+ 
+-/* signal handling */
+-#ifndef __APPLE__
+-struct sigaction tcsd_sa_int;
+-struct sigaction tcsd_sa_chld;
+-#endif
+-
+ #endif
+-- 
+2.24.0
+

trousers-0.3.14-unlock-in-err-path.patch

@@ -0,0 +1,11 @@
+diff -ur a/src/tspi/obj_context.c b/src/tspi/obj_context.c
+--- a/src/tspi/obj_context.c	2014-11-03 12:31:55.000000000 -0700
++++ b/src/tspi/obj_context.c	2018-08-10 11:02:02.246962638 -0700
+@@ -276,6 +276,7 @@
+     context->machineName = (BYTE *)calloc(1, len);
+     if (context->machineName == NULL) {
+         LogError("malloc of %u bytes failed.", len);
++	obj_list_put(&context_list);
+         return TSPERR(TSS_E_OUTOFMEMORY);
+     }
+     memcpy(context->machineName, name, len);

trousers-openssl1.1.patch

@@ -0,0 +1,448 @@
+@@ -, +, @@ 
+---
+ src/tcs/crypto/openssl/crypto.c      | 15 ++++++---
+ src/trspi/crypto/openssl/hash.c      | 17 ++++++----
+ src/trspi/crypto/openssl/rsa.c       | 64 ++++++++++++++++++++++++++++++-----
+ src/trspi/crypto/openssl/symmetric.c | 65 +++++++++++++++++++++---------------
+ 4 files changed, 115 insertions(+), 46 deletions(-)
+--- a/src/tcs/crypto/openssl/crypto.c	
++++ a/src/tcs/crypto/openssl/crypto.c	
+@@ -31,13 +31,17 @@ 
+ TSS_RESULT
+ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ {
+-	EVP_MD_CTX md_ctx;
++	EVP_MD_CTX *md_ctx;
+ 	unsigned int result_size;
+ 	int rv;
+ 
++	md_ctx = EVP_MD_CTX_new();
++	if (md_ctx == NULL)
++		return TSPERR(TSS_E_OUTOFMEMORY);
++
+ 	switch (HashType) {
+ 		case TSS_HASH_SHA1:
+-			rv = EVP_DigestInit(&md_ctx, EVP_sha1());
++			rv = EVP_DigestInit(md_ctx, EVP_sha1());
+ 			break;
+ 		default:
+ 			rv = TCSERR(TSS_E_BAD_PARAMETER);
+@@ -50,19 +54,20 @@ Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ 		goto out;
+ 	}
+ 
+-	rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
++	rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
+ 	if (rv != EVP_SUCCESS) {
+ 		rv = TCSERR(TSS_E_INTERNAL_ERROR);
+ 		goto out;
+ 	}
+ 
+-	result_size = EVP_MD_CTX_size(&md_ctx);
+-	rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
++	result_size = EVP_MD_CTX_size(md_ctx);
++	rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
+ 	if (rv != EVP_SUCCESS) {
+ 		rv = TCSERR(TSS_E_INTERNAL_ERROR);
+ 	} else
+ 		rv = TSS_SUCCESS;
+ 
+ out:
++	EVP_MD_CTX_free(md_ctx);
+ 	return rv;
+ }
+--- a/src/trspi/crypto/openssl/hash.c	
++++ a/src/trspi/crypto/openssl/hash.c	
+@@ -56,13 +56,17 @@ int MGF1(unsigned char *, long, const unsigned char *, long);
+ TSS_RESULT
+ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ {
+-	EVP_MD_CTX md_ctx;
++	EVP_MD_CTX *md_ctx;
+ 	unsigned int result_size;
+ 	int rv;
+ 
++	md_ctx = EVP_MD_CTX_new();
++	if (md_ctx == NULL)
++		return TSPERR(TSS_E_OUTOFMEMORY);
++
+ 	switch (HashType) {
+ 		case TSS_HASH_SHA1:
+-			rv = EVP_DigestInit(&md_ctx, EVP_sha1());
++			rv = EVP_DigestInit(md_ctx, EVP_sha1());
+ 			break;
+ 		default:
+ 			rv = TSPERR(TSS_E_BAD_PARAMETER);
+@@ -75,14 +79,14 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ 		goto err;
+ 	}
+ 
+-	rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
++	rv = EVP_DigestUpdate(md_ctx, Buf, BufSize);
+ 	if (rv != EVP_SUCCESS) {
+ 		rv = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		goto err;
+ 	}
+ 
+-	result_size = EVP_MD_CTX_size(&md_ctx);
+-	rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
++	result_size = EVP_MD_CTX_size(md_ctx);
++	rv = EVP_DigestFinal(md_ctx, Digest, &result_size);
+ 	if (rv != EVP_SUCCESS) {
+ 		rv = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		goto err;
+@@ -94,6 +98,7 @@ Trspi_Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
+ err:
+ 	DEBUG_print_openssl_errors();
+ out:
++	EVP_MD_CTX_free(md_ctx);
+         return rv;
+ }
+ 
+@@ -112,7 +117,7 @@ Trspi_HashInit(Trspi_HashCtx *ctx, UINT32 HashType)
+ 			break;
+ 	}
+ 
+-	if ((ctx->ctx = malloc(sizeof(EVP_MD_CTX))) == NULL)
++	if ((ctx->ctx = EVP_MD_CTX_new()) == NULL)
+ 		return TSPERR(TSS_E_OUTOFMEMORY);
+ 
+ 	rv = EVP_DigestInit((EVP_MD_CTX *)ctx->ctx, (const EVP_MD *)md);
+--- a/src/trspi/crypto/openssl/rsa.c	
++++ a/src/trspi/crypto/openssl/rsa.c	
+@@ -38,6 +38,25 @@ 
+ #define DEBUG_print_openssl_errors()
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100001L
++static int
++RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++	if (n != NULL) {
++		BN_free(r->n);
++		r->n = n;
++	}
++	if (e != NULL) {
++		BN_free(r->e);
++		r->e = e;
++	}
++	if (d != NULL) {
++		BN_free(r->d);
++		r->d = d;
++	}
++	return 1;
++}
++#endif
+ 
+ /*
+  * Hopefully this will make the code clearer since
+@@ -61,6 +80,7 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
+ 	RSA *rsa = RSA_new();
+ 	BYTE encodedData[256];
+ 	int encodedDataLen;
++	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
+ 
+ 	if (rsa == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
+@@ -68,12 +88,20 @@ Trspi_RSA_Encrypt(unsigned char *dataToEncrypt, /* in */
+ 	}
+ 
+ 	/* set the public key value in the OpenSSL object */
+-	rsa->n = BN_bin2bn(publicKey, keysize, rsa->n);
++	rsa_n = BN_bin2bn(publicKey, keysize, NULL);
+ 	/* set the public exponent */
+-	rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
++	rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
+ 
+-	if (rsa->n == NULL || rsa->e == NULL) {
++	if (rsa_n == NULL || rsa_e == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
++		goto err;
++	}
++	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
++		rv = TSPERR(TSS_E_FAIL);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
+ 		goto err;
+ 	}
+ 
+@@ -123,6 +151,7 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
+ 	unsigned char exp[] = { 0x01, 0x00, 0x01 }; /* The default public exponent for the TPM */
+ 	unsigned char buf[256];
+ 	RSA *rsa = RSA_new();
++	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
+ 
+ 	if (rsa == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
+@@ -146,12 +175,20 @@ Trspi_Verify(UINT32 HashType, BYTE *pHash, UINT32 iHashLength,
+ 	}
+ 
+ 	/* set the public key value in the OpenSSL object */
+-	rsa->n = BN_bin2bn(pModulus, iKeyLength, rsa->n);
++	rsa_n = BN_bin2bn(pModulus, iKeyLength, NULL);
+ 	/* set the public exponent */
+-	rsa->e = BN_bin2bn(exp, sizeof(exp), rsa->e);
++	rsa_e = BN_bin2bn(exp, sizeof(exp), NULL);
+ 
+-	if (rsa->n == NULL || rsa->e == NULL) {
++	if (rsa_n == NULL || rsa_e == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
++		goto err;
++	}
++	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
++		rv = TSPERR(TSS_E_FAIL);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
+ 		goto err;
+ 	}
+ 
+@@ -195,6 +232,7 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
+ 	int rv, e_size = 3;
+ 	unsigned char exp[] = { 0x01, 0x00, 0x01 };
+ 	RSA *rsa = RSA_new();
++	BIGNUM *rsa_n = NULL, *rsa_e = NULL;
+ 
+ 	if (rsa == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
+@@ -237,12 +275,20 @@ Trspi_RSA_Public_Encrypt(unsigned char *in, unsigned int inlen,
+ 	}
+ 
+ 	/* set the public key value in the OpenSSL object */
+-	rsa->n = BN_bin2bn(pubkey, pubsize, rsa->n);
++	rsa_n = BN_bin2bn(pubkey, pubsize, NULL);
+ 	/* set the public exponent */
+-	rsa->e = BN_bin2bn(exp, e_size, rsa->e);
++	rsa_e = BN_bin2bn(exp, e_size, NULL);
+ 
+-	if (rsa->n == NULL || rsa->e == NULL) {
++	if (rsa_n == NULL || rsa_e == NULL) {
+ 		rv = TSPERR(TSS_E_OUTOFMEMORY);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
++		goto err;
++	}
++	if (!RSA_set0_key(rsa, rsa_n, rsa_e, NULL)) {
++		rv = TSPERR(TSS_E_FAIL);
++		BN_free(rsa_n);
++		BN_free(rsa_e);
+ 		goto err;
+ 	}
+ 
+--- a/src/trspi/crypto/openssl/symmetric.c	
++++ a/src/trspi/crypto/openssl/symmetric.c	
+@@ -52,7 +52,7 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
+ 		  UINT32 *out_len)
+ {
+ 	TSS_RESULT result = TSS_SUCCESS;
+-	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX *ctx = NULL;
+ 	UINT32 tmp;
+ 
+ 	switch (alg) {
+@@ -64,33 +64,37 @@ Trspi_Encrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
+ 			break;
+ 	}
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		result = TSPERR(TSS_E_OUTOFMEMORY);
++		goto done;
++	}
+ 
+-	if (!EVP_EncryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
++	if (!EVP_EncryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (*out_len < in_len + EVP_CIPHER_CTX_block_size(&ctx) - 1) {
++	if (*out_len < in_len + EVP_CIPHER_CTX_block_size(ctx) - 1) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_EncryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
++	if (!EVP_EncryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_EncryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
++	if (!EVP_EncryptFinal(ctx, out + *out_len, (int *)&tmp)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 	*out_len += tmp;
+ done:
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return result;
+ }
+ 
+@@ -99,7 +103,7 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
+ 		  UINT32 *out_len)
+ {
+ 	TSS_RESULT result = TSS_SUCCESS;
+-	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX *ctx = NULL;
+ 	UINT32 tmp;
+ 
+ 	switch (alg) {
+@@ -111,28 +115,32 @@ Trspi_Decrypt_ECB(UINT16 alg, BYTE *key, BYTE *in, UINT32 in_len, BYTE *out,
+ 			break;
+ 	}
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		result = TSPERR(TSS_E_OUTOFMEMORY);
++		goto done;
++	}
+ 
+-	if (!EVP_DecryptInit(&ctx, EVP_aes_256_ecb(), key, NULL)) {
++	if (!EVP_DecryptInit(ctx, EVP_aes_256_ecb(), key, NULL)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, in, in_len)) {
++	if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, in, in_len)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
++	if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 	*out_len += tmp;
+ done:
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return result;
+ }
+ 
+@@ -255,7 +263,7 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 		 UINT32 *out_len)
+ {
+ 	TSS_RESULT result = TSS_SUCCESS;
+-	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX *ctx;
+ 	EVP_CIPHER *cipher;
+ 	BYTE *def_iv = NULL, *outiv_ptr;
+ 	UINT32 tmp;
+@@ -269,7 +277,9 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 	if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
+ 		return TSPERR(TSS_E_INTERNAL_ERROR);
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL)
++		return TSPERR(TSS_E_OUTOFMEMORY);
+ 
+ 	/* If the iv passed in is NULL, create a new random iv and prepend it to the ciphertext */
+ 	iv_len = EVP_CIPHER_iv_length(cipher);
+@@ -289,25 +299,25 @@ Trspi_SymEncrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 		outiv_ptr = out;
+ 	}
+ 
+-	if (!EVP_EncryptInit(&ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
++	if (!EVP_EncryptInit(ctx, (const EVP_CIPHER *)cipher, key, def_iv)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(&ctx) * 2) - 1) {
++	if ((UINT32)outiv_len < in_len + (EVP_CIPHER_CTX_block_size(ctx) * 2) - 1) {
+ 		LogDebug("Not enough space to do symmetric encryption");
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_EncryptUpdate(&ctx, outiv_ptr, &outiv_len, in, in_len)) {
++	if (!EVP_EncryptUpdate(ctx, outiv_ptr, &outiv_len, in, in_len)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_EncryptFinal(&ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
++	if (!EVP_EncryptFinal(ctx, outiv_ptr + outiv_len, (int *)&tmp)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+@@ -320,7 +330,7 @@ done:
+ 		*out_len += iv_len;
+ 		free(def_iv);
+ 	}
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return result;
+ }
+ 
+@@ -329,7 +339,7 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 		 UINT32 *out_len)
+ {
+ 	TSS_RESULT result = TSS_SUCCESS;
+-	EVP_CIPHER_CTX ctx;
++	EVP_CIPHER_CTX *ctx = NULL;
+ 	EVP_CIPHER *cipher;
+ 	BYTE *def_iv = NULL, *iniv_ptr;
+ 	UINT32 tmp;
+@@ -341,7 +351,10 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 	if ((cipher = get_openssl_cipher(alg, mode)) == NULL)
+ 		return TSPERR(TSS_E_INTERNAL_ERROR);
+ 
+-	EVP_CIPHER_CTX_init(&ctx);
++	ctx = EVP_CIPHER_CTX_new();
++	if (ctx == NULL) {
++		return TSPERR(TSS_E_OUTOFMEMORY);
++	}
+ 
+ 	/* If the iv is NULL, assume that its prepended to the ciphertext */
+ 	if (iv == NULL) {
+@@ -361,19 +374,19 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ 		iniv_len = in_len;
+ 	}
+ 
+-	if (!EVP_DecryptInit(&ctx, cipher, key, def_iv)) {
++	if (!EVP_DecryptInit(ctx, cipher, key, def_iv)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_DecryptUpdate(&ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
++	if (!EVP_DecryptUpdate(ctx, out, (int *)out_len, iniv_ptr, iniv_len)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+ 	}
+ 
+-	if (!EVP_DecryptFinal(&ctx, out + *out_len, (int *)&tmp)) {
++	if (!EVP_DecryptFinal(ctx, out + *out_len, (int *)&tmp)) {
+ 		result = TSPERR(TSS_E_INTERNAL_ERROR);
+ 		DEBUG_print_openssl_errors();
+ 		goto done;
+@@ -383,6 +396,6 @@ Trspi_SymDecrypt(UINT16 alg, UINT16 mode, BYTE *key, BYTE *iv, BYTE *in, UINT32
+ done:
+ 	if (def_iv != iv)
+ 		free(def_iv);
+-	EVP_CIPHER_CTX_cleanup(&ctx);
++	EVP_CIPHER_CTX_free(ctx);
+ 	return result;
+ }
+-- 

trousers.spec

@@ -0,0 +1,300 @@
+Name: trousers
+Summary: TCG's Software Stack v1.2
+Version: 0.3.14
+Release: 3%{?dist}
+License: BSD
+Url: http://trousers.sourceforge.net
+
+Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
+Source1: tcsd.service
+Patch1:  trousers-0.3.14-noinline.patch
+# submitted upstream
+Patch2: trousers-0.3.14-unlock-in-err-path.patch
+Patch3: trousers-0.3.14-fix-indent-obj_policy.patch
+Patch4: trousers-0.3.14-double-free.patch
+Patch5: trousers-0.3.14-fix-indent-tspi_key.patch
+Patch6: trousers-0.3.14-tcsd-header-fix.patch
+
+BuildRequires: libtool, openssl-devel
+BuildRequires: systemd
+Requires(pre): shadow-utils
+Requires(post): systemd-units
+Requires(preun): systemd-units
+Requires(postun): systemd-units
+Requires: %{name}-lib%{?_isa} = %{version}-%{release}
+
+%description
+TrouSerS is an implementation of the Trusted Computing Group's Software Stack
+(TSS) specification. You can use TrouSerS to write applications that make use
+of your TPM hardware. TPM hardware can create, store and use RSA keys
+securely (without ever being exposed in memory), verify a platform's software
+state using cryptographic hashes and more.
+
+%package lib
+Summary: TrouSerS libtspi library
+# Needed obsoletes due to the -lib subpackage split
+Obsoletes: trousers < 0.3.13-4
+
+%description lib
+The libtspi library for use in Trusted Computing enabled applications.
+
+%package static
+Summary: TrouSerS TCG Device Driver Library
+Requires: %{name}-devel%{?_isa} = %{version}-%{release}
+
+%description static
+The TCG Device Driver Library (TDDL) used by the TrouSerS tcsd as the
+interface to the TPM's device driver. For more information about writing
+applications to the TDDL interface, see the latest TSS spec at
+https://www.trustedcomputinggroup.org/specs/TSS.
+
+%package devel
+Summary: TrouSerS header files and documentation
+Requires: %{name}-lib%{?_isa} = %{version}-%{release}
+
+%description devel
+Header files and man pages for use in creating Trusted Computing enabled
+applications.
+
+%prep
+%autosetup -c -p1
+# fix man page paths
+sed -i -e 's|/var/tpm|/var/lib/tpm|g' -e 's|/usr/local/var|/var|g' man/man5/tcsd.conf.5.in man/man8/tcsd.8.in
+
+%build
+%configure --with-gui=openssl
+make -k %{?_smp_mflags}
+
+%install
+mkdir -p %{buildroot}%{_localstatedir}/lib/tpm
+%make_install
+find %{buildroot} -type f -name '*.la' -print -delete
+mkdir -p %{buildroot}%{_unitdir}
+install -Dpm0644 %{SOURCE1} %{buildroot}%{_unitdir}/
+
+%pre
+getent group tss >/dev/null || groupadd -f -g 59 -r tss
+if ! getent passwd tss >/dev/null ; then
+    if ! getent passwd 59 >/dev/null ; then
+      useradd -r -u 59 -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
+    else
+      useradd -r -g tss -d /dev/null -s /sbin/nologin -c "Account used for TPM access" tss
+    fi
+fi
+exit 0
+
+%post
+%systemd_post tcsd.service
+
+%preun
+%systemd_preun tcsd.service
+
+%postun
+%systemd_postun_with_restart tcsd.service 
+
+%files
+%doc README ChangeLog
+%{_sbindir}/tcsd
+%config(noreplace) %attr(0600, tss, tss) %{_sysconfdir}/tcsd.conf
+%{_mandir}/man5/*
+%{_mandir}/man8/*
+%attr(644,root,root) %{_unitdir}/tcsd.service
+%attr(0700, tss, tss) %{_localstatedir}/lib/tpm/
+
+%files lib
+%license LICENSE
+%{_libdir}/libtspi.so.1*
+
+%files devel
+# The files to be used by developers, 'trousers-devel'
+%doc doc/LTC-TSS_LLD_08_r2.pdf doc/TSS_programming_SNAFUs.txt
+%attr(0755, root, root) %{_libdir}/libtspi.so
+%{_includedir}/tss/
+%{_includedir}/trousers/
+%{_mandir}/man3/Tspi_*
+
+%files static
+# The only static library shipped by trousers, the TDDL
+%{_libdir}/libtddl.a
+
+%changelog
+* Tue Sep 15 2020 Peter Robinson <pbrobinson@fedoraproject.org> - 0.3.14-3
+- Update user creation to latest guidelines
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.14-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Wed Mar 18 2020 Jerry Snitselaar <jsnitsel@redhat.com> - 0.3.14-1
+- Rebase to 0.3.14 release
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Tue Feb  7 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.3.13-7
+- Add patch for OpenSSL 1.1
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.13-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.13-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue May 26 2015 Tomáš Mráz <tmraz@redhat.com> 0.3.13-4
+- Split libtspi to a trousers-lib subpackage (#1225062)
+- Fix FTBFS with current gcc (drop inline keyword when bogus)
+
+* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.13-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.13-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Thu May 15 2014 Steve Grubb <sgrubb@redhat.com> 0.3.13-1
+- New upstream bug fix release
+
+* Tue Mar 18 2014 Steve Grubb <sgrubb@redhat.com> 0.3.11.2-3
+- Fix crash when linking libgnutls and libmysqlclient (#1069079)
+- Don't order tcsd after syslog.target (#1055198)
+
+* Thu Feb 13 2014 Peter Robinson <pbrobinson@fedoraproject.org> 0.3.11.2-2
+- Minor spec cleanups
+
+* Mon Aug 19 2013 Steve Grubb <sgrubb@redhat.com> 0.3.11.2-1
+- New upstream bug fix and license change release
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.10-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Sun Jun 02 2013 Steve Grubb <sgrubb@redhat.com> 0.3.10-3
+- Remove +x bit from service file (#963916)
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Tue Sep 25 2012 Steve Grubb <sgrubb@redhat.com> 0.3.10-1
+- New upstream bug fix release
+
+* Thu Aug 30 2012 Steve Grubb <sgrubb@redhat.com> 0.3.9-4
+- Make daemon full RELRO
+
+* Mon Aug 27 2012 Steve Grubb <sgrubb@redhat.com> 0.3.9-3
+- bz #836476 - Provide native systemd service
+
+* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jun 21 2012 Steve Grubb <sgrubb@redhat.com> 0.3.9-1
+- New upstream bug fix release
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Fri Apr 08 2011 Steve Grubb <sgrubb@redhat.com> 0.3.6-1
+- New upstream bug fix release
+
+* Thu Feb 10 2011 Miloš Jakubíček <xjakub@fi.muni.cz> - 0.3.4-5
+- Fix paths in man pages, mark them as %%doc -- fix BZ#676394
+
+* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.4-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Sat May 01 2010 Miloš Jakubíček <xjakub@fi.muni.cz> - 0.3.4-3
+- Fix init script to conform to Fedora guidelines
+- Do not overuse macros
+
+* Mon Feb 08 2010 Steve Grubb <sgrubb@redhat.com> 0.3.4-2
+- Fix issue freeing a data structure
+
+* Fri Jan 29 2010 Steve Grubb <sgrubb@redhat.com> 0.3.4-1
+- New upstream bug fix release
+- Upstream requested the tpm-emulator patch be dropped
+
+* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.3.1-19
+- rebuilt with new openssl
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Thu May 14 2009 Milos Jakubicek <xjakub@fi.muni.cz> - 0.3.1-17
+- Do not overuse macros.
+- Removed unnecessary file requirements on chkconfig, ldconfig and service,
+  now requiring the initscripts and chkconfig packages.
+
+* Wed May 06 2009 Milos Jakubicek <xjakub@fi.muni.cz> - 0.3.1-16
+- Fix a typo in groupadd causing the %%pre scriptlet to fail (resolves BZ#486155).
+
+* Mon Apr 27 2009 Milos Jakubicek <xjakub@fi.muni.cz> - 0.3.1-15
+- Fix FTBFS: added trousers-0.3.1-gcc44.patch
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.1-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Sun Jan 18 2009 Tomas Mraz <tmraz@redhat.com> - 0.3.1-13
+- rebuild with new openssl
+
+* Tue Dec 16 2008 David Woodhouse <David.Woodhouse@intel.com> - 0.3.1-12
+- Bump release to avoid wrong tag in rawhide
+
+* Tue Dec 16 2008 David Woodhouse <David.Woodhouse@intel.com> - 0.3.1-11
+- Work around SELinux namespace pollution (#464037)
+- Use SO_REUSEADDR
+- Use TPM emulator if it's available and no hardware is
+
+* Fri Aug 08 2008 Emily Ratliff <ratliff@austin.ibm.com> - 0.3.1-10
+- Use the uid/gid pair assigned to trousers from BZ#457593
+
+* Fri Aug 01 2008 Emily Ratliff <ratliff@austin.ibm.com> - 0.3.1-9
+- Incorporated changes from the RHEL package which were done by Steve Grubb
+
+* Wed Jun 04 2008 Emily Ratliff <ratliff@austin.ibm.com> - 0.3.1-8
+- Fix cast issue preventing successful build on ppc64 and x86_64
+
+* Tue Jun 03 2008 Emily Ratliff <ratliff@austin.ibm.com> - 0.3.1-7
+- Fix for BZ #434267 and #440733. Patch authored by Debora Velarde
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.3.1-6
+- Autorebuild for GCC 4.3
+
+* Mon Dec 17 2007 Kent Yoder <kyoder@users.sf.net> - 0.3.1-5
+- Updated static rpm's comment line (too long)
+
+* Thu Dec 13 2007 Kent Yoder <kyoder@users.sf.net> - 0.3.1-4
+- Updated specfile for RHBZ#323441 comment #28
+
+* Wed Dec 12 2007 Kent Yoder <kyoder@users.sf.net> - 0.3.1-3
+- Updated specfile for RHBZ#323441 comment #22
+
+* Wed Nov 28 2007 Kent Yoder <kyoder@users.sf.net> - 0.3.1-2
+- Updated to include the include dirs in the devel package;
+added the no-install-hooks patch
+
+* Wed Nov 28 2007 Kent Yoder <kyoder@users.sf.net> - 0.3.1-1
+- Updated specfile for RHBZ#323441 comment #13
+
+* Mon Nov 12 2007 Kent Yoder <kyoder@users.sf.net> - 0.3.1
+- Updated specfile for comments in RHBZ#323441
+
+* Wed Jun 07 2006 Kent Yoder <kyoder@users.sf.net> - 0.2.6-1
+- Updated build section to use smp_mflags
+- Removed .la file from installed dest and files section
+
+* Tue Jun 06 2006 Kent Yoder <kyoder@users.sf.net> - 0.2.6-1
+- Initial add of changelog tag for trousers CVS