From 2c18f48dfc3d392f756615e727a2eca5a65be071 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Thu, 11 Dec 2025 07:47:44 +0000
Subject: [PATCH] import OL tomcat-9.0.87-6.el9_7.1

---
 .gitignore        |  2 +-
 .tomcat.metadata  |  2 +-
 SPECS/tomcat.spec | 10 ++++++++--
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index 9d97386..22f1060 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/tomcat-9.0.87.redhat-00012-src.zip
+SOURCES/tomcat-9.0.87.redhat-00013-src.zip
diff --git a/.tomcat.metadata b/.tomcat.metadata
index 3213092..7961324 100644
--- a/.tomcat.metadata
+++ b/.tomcat.metadata
@@ -1 +1 @@
-8b767b774d19e223f1fa9f4bb07e0db94234978a SOURCES/tomcat-9.0.87.redhat-00012-src.zip
+15a5e583a5ce045a1d47e660ca391964cd52a51a SOURCES/tomcat-9.0.87.redhat-00013-src.zip
diff --git a/SPECS/tomcat.spec b/SPECS/tomcat.spec
index 5e18256..ceb2d9a 100644
--- a/SPECS/tomcat.spec
+++ b/SPECS/tomcat.spec
@@ -32,7 +32,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 87
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00012-src
+%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00013-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@@ -56,7 +56,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       6%{?dist}
+Release:       6%{?dist}.1
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -557,6 +557,12 @@ fi
 
 
 %changelog
+* Thu Nov 27 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6.el9_7.1
+- Resolves: RHEL-124518
+  tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
+- Resolves: RHEL-91753
+  tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
+
 * Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6
 - Resolves: RHEL-102201
   tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)