From 252c30ce536f691f264c54b75a0892a6b6f49573 Mon Sep 17 00:00:00 2001
From: Adam Krajcik <akrajcik@redhat.com>
Date: Mon, 2 Jun 2025 07:07:42 +0200
Subject: [PATCH] Fix CVE-2025-31650 and CVE-2024-56337

Resolves: RHEL-91761 - tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE
Resolves: RHEL-71971 - tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation
---
 .gitignore    |  1 +
 sources       |  2 +-
 tomcat-server |  3 ++-
 tomcat.spec   | 10 ++++++++--
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index 536f330..6e4d38f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
 /tomcat-9.0.87.redhat-00003-src.zip
 /tomcat-9.0.87.redhat-00005-src.zip
 /tomcat-9.0.87.redhat-00008-src.zip
+/tomcat-9.0.87.redhat-00010-src.zip
diff --git a/sources b/sources
index 6988a48..7a0d3a5 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (tomcat-9.0.87.redhat-00008-src.zip) = 5863c033928427db91d1ecf92485641aa3de8d0bf38dd23293c6d86667da46df77b592342031f7caf915a52ed87a415a1d88937809a0b799a17b5901ceda03c2
+SHA512 (tomcat-9.0.87.redhat-00010-src.zip) = fd65e91c2fd11d48396692e0e88fbba8c2025ec35cbefb29b9b192c516af958ad357a1232e21abd262187d14add45b1441c34d3fa76ac40ba0866febbbfb341d
diff --git a/tomcat-server b/tomcat-server
index 17ae385..25ef221 100644
--- a/tomcat-server
+++ b/tomcat-server
@@ -10,7 +10,8 @@ OPTIONS="-Dcatalina.base=$CATALINA_BASE \
 -Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \
 -Djava.io.tmpdir=$CATALINA_TMPDIR \
 -Djava.util.logging.config.file=${LOGGING_PROPERTIES} \
--Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
+-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
+-Dsun.io.useCanonCaches=false"
 
 if [ "$1" = "start" ] ; then
   FLAGS="${FLAGS} $CATALINA_OPTS"
diff --git a/tomcat.spec b/tomcat.spec
index 7e9ee92..ca0ef59 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -32,7 +32,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 87
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00008-src
+%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00010-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@@ -56,7 +56,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}.3
+Release:       1%{?dist}.4
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -556,6 +556,12 @@ fi
 
 
 %changelog
+* Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.4
+- Resolves: RHEL-91761
+  tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
+- Resolves: RHEL-71971
+  tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
+
 * Wed Apr 02 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.3
 - Resolves: RHEL-82934
   tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)