From 9d6007e5f200e6d11ea35739da039c5373d91b6e Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Fri, 9 Nov 2018 11:42:09 -0500
Subject: [PATCH] Update to JWS 5.0.1 distribution Resolves: rhbz#1619232 -
 CVE-2018-8037 pki-servlet-container: tomcat: Due to a mishandling of close in
 NIO/NIO2 connectors user sessions can get mixed up Resolves: rhbz#1641874 -
 CVE-2018-11784 pki-servlet-container: tomcat: Open redirect in default
 servlet

---
 pki-servlet-container.spec | 11 ++++++++---
 sources                    |  2 +-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/pki-servlet-container.spec b/pki-servlet-container.spec
index 13ba221..495140b 100644
--- a/pki-servlet-container.spec
+++ b/pki-servlet-container.spec
@@ -31,7 +31,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 7
-%global redhat_version 10
+%global redhat_version 12
 %global packdname apache-tomcat-%{version}.redhat-%{redhat_version}-src
 
 # Specification versions
@@ -58,14 +58,14 @@
 Name:          pki-servlet-container
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       13%{?dist}
+Release:       14%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 Group:         System Environment/Daemons
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
 
 #Source0:       http://www.apache.org/dist/tomcat/tomcat-%%{major_version}/v%%{version}/src/%%{packdname}.tar.gz
-Source0:       tomcat-9.0.7.redhat-10-src.zip
+Source0:       tomcat-%{version}.redhat-%{redhat_version}-src.zip
 Source1:       tomcat-%{major_version}.%{minor_version}.conf
 Source3:       tomcat-%{major_version}.%{minor_version}.sysconfig
 Source4:       tomcat-%{major_version}.%{minor_version}.wrapper
@@ -455,6 +455,11 @@ fi
 %{_mavenpomdir}/JPP-tomcat-servlet-api.pom
 
 %changelog
+* Fri Nov 09 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.7-14
+- Update to JWS 5.0.1 distribution
+- Resolves: rhbz#1619232 - CVE-2018-8037 pki-servlet-container: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up
+- Resolves: rhbz#1641874 - CVE-2018-11784 pki-servlet-container: tomcat: Open redirect in default servlet
+
 * Fri Aug 03 2018 Fraser Tweedale <ftweedal@redhat.com> - 1:9.0.7-13
 - Reinstate Maven artifacts and fix maven-metadata JAR path
 
diff --git a/sources b/sources
index b5348c8..cd377bb 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-32bca41cb6e6a99498966ac885e4922e  tomcat-9.0.7.redhat-10-src.zip
+1e8f64d492694b76faee6c0825e0adf3  tomcat-9.0.7.redhat-12-src.zip