From fe6d560133c35f3e7fcf1ca0a55ff1a4f13cbe0d Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Tue, 13 Sep 2016 13:03:04 -0400
Subject: [PATCH] Resolves: rhbz#1375581 CVE-2016-5388 CGI sets environmental
 variable based on user supplied Proxy request header

---
 sources                         |  2 +-
 tomcat-8.0.36-asfbz-59960.patch | 13 -------------
 tomcat-8.0.37-javadoc-fix.patch | 13 +++++++++++++
 tomcat.spec                     | 10 +++++++---
 4 files changed, 21 insertions(+), 17 deletions(-)
 delete mode 100644 tomcat-8.0.36-asfbz-59960.patch
 create mode 100644 tomcat-8.0.37-javadoc-fix.patch

diff --git a/sources b/sources
index 525648d..739ef6e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-be048e9ffa26957892933c9fa6bca0d8  apache-tomcat-8.0.36-src.tar.gz
+8723324d35eed02a4aa979066d810d86  apache-tomcat-8.0.37-src.tar.gz
diff --git a/tomcat-8.0.36-asfbz-59960.patch b/tomcat-8.0.36-asfbz-59960.patch
deleted file mode 100644
index 20de181..0000000
--- a/tomcat-8.0.36-asfbz-59960.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Index: java/org/apache/catalina/tribes/group/interceptors/MessageDispatch15Interceptor.java
-===================================================================
---- java/org/apache/catalina/tribes/group/interceptors/MessageDispatch15Interceptor.java	(revision 1755541)
-+++ java/org/apache/catalina/tribes/group/interceptors/MessageDispatch15Interceptor.java	(working copy)
-@@ -18,7 +18,7 @@
- 
- /**
-  * @deprecated Originally provided an optional implementation that used Java 5+
-- *             features. Now the minimum Java version is >=5, those features
-+ *             features. Now the minimum Java version is &gt;=5, those features
-  *             have been added to {@link MessageDispatchInterceptor} which
-  *             should be used instead. This class will be removed in Tomcat
-  *             8.5.x onwards.
diff --git a/tomcat-8.0.37-javadoc-fix.patch b/tomcat-8.0.37-javadoc-fix.patch
new file mode 100644
index 0000000..502f373
--- /dev/null
+++ b/tomcat-8.0.37-javadoc-fix.patch
@@ -0,0 +1,13 @@
+Index: java/org/apache/catalina/servlets/CGIServlet.java
+===================================================================
+--- java/org/apache/catalina/servlets/CGIServlet.java	(revision 1759564)
++++ java/org/apache/catalina/servlets/CGIServlet.java	(revision 1759565)
+@@ -358,7 +358,7 @@
+      *
+      * @exception  IOException  if a write operation exception occurs
+      *
+-     * @deprecated Use {@link #printServletEnvironment(HttpServletRequest).
++     * @deprecated Use {@link #printServletEnvironment(HttpServletRequest)}.
+      *             This will be removed in Tomcat 8.5.X onwards
+      */
+     @Deprecated
diff --git a/tomcat.spec b/tomcat.spec
index c0dfcd3..4c02fed 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 8
 %global minor_version 0
-%global micro_version 36
+%global micro_version 37
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 3.1
 %global elspec 3.0
@@ -57,7 +57,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       2%{?dist}
+Release:       1%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 Group:         System Environment/Daemons
@@ -87,7 +87,7 @@ Source32:      tomcat-named.service
 Patch0:        %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 Patch1:        %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
 Patch2:        %{name}-8.0.36-CompilerOptionsV9.patch
-Patch3:        %{name}-8.0.36-asfbz-59960.patch
+Patch3:        %{name}-8.0.37-javadoc-fix.patch
 
 BuildArch:     noarch
 
@@ -694,6 +694,10 @@ fi
 %attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service
 
 %changelog
+* Tue Sep 13 2016 Coty Sutherland <csutherl@redhat.com> - 1:8.0.37-1
+- Rebase to 8.0.37
+- Resolves: rhbz#1375581 CVE-2016-5388 CGI sets environmental variable based on user supplied Proxy request header
+
 * Thu Aug 11 2016 Coty Sutherland <csutherl@redhat.com> - 1:8.0.36-2
 - Related: rhbz#1349469 Correct typo in changelog entry