From f5d3a1825fec2b7da524a46ab0e36d360ab25795 Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Thu, 12 Feb 2026 20:41:43 -0500
Subject: [PATCH] Resolves: RHEL-148687 Update to Apache Tomcat 9.0.110 for PQC
 support, and switched to compiling with Java 25

* Add java-25-headless to the BuildRequires & Requires lists & set JAVA_HOME to java-25 to always use it for compiling with java-25
* Add build-with-java-25.patch that replaces the  attribute with explicit  and  attributes in javac tasks to support building with Java 25 JDK while generating appropriate bytecode versions. This enables the build to use Java 25 APIs while producing different bytecode targets, required for PQC support via FFM in Tomcat 9.0.110.
* Drop the JmxRemoteLifecycleListener patch is it's no longer necessary
* Use tar.gz instead of zip for the sources due to line ending issues
* Add rm for commons-daemon.jar from bin
---
 .gitignore                       |  3 ++
 JmxRemoteLifecycleListener.patch | 40 -----------------
 build-with-java-25.patch         | 76 ++++++++++++++++++++++++++++++++
 rhbz-1857043.patch               | 29 +++++++-----
 sources                          |  2 +-
 tomcat9.spec                     | 34 +++++++++-----
 6 files changed, 122 insertions(+), 62 deletions(-)
 delete mode 100644 JmxRemoteLifecycleListener.patch
 create mode 100644 build-with-java-25.patch

diff --git a/.gitignore b/.gitignore
index c364ab4..13bbb64 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
+results_tomcat9
+*.rpm
 /tomcat-9.0.87.redhat-00005-src.zip
 /tomcat-9.0.87.redhat-00006-src.zip
 /tomcat-9.0.87.redhat-00008-src.zip
@@ -5,3 +7,4 @@
 /tomcat-9.0.87.redhat-00011-src.zip
 /tomcat-9.0.87.redhat-00012-src.zip
 /tomcat-9.0.87.redhat-00013-src.zip
+/apache-tomcat-9.0.110-src.tar.gz
diff --git a/JmxRemoteLifecycleListener.patch b/JmxRemoteLifecycleListener.patch
deleted file mode 100644
index 3145a54..0000000
--- a/JmxRemoteLifecycleListener.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
-index f62f8d1..db19960 100644
---- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
-+++ b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
-@@ -611,34 +611,28 @@ public class JmxRemoteLifecycleListener extends SSLHostConfig implements Lifecyc
-      * Better to use the internal API than re-invent the wheel.
-      */
-     @SuppressWarnings("restriction")
--    private static class JmxRegistry extends sun.rmi.registry.RegistryImpl {
-+    private static class JmxRegistry {
-         private static final long serialVersionUID = -3772054804656428217L;
-         private final String jmxName;
-         private final Remote jmxServer;
-         public JmxRegistry(int port, RMIClientSocketFactory csf,
-                 RMIServerSocketFactory ssf, String jmxName, Remote jmxServer) throws RemoteException {
--            super(port, csf, ssf);
-             this.jmxName = jmxName;
-             this.jmxServer = jmxServer;
-         }
--        @Override
-         public Remote lookup(String name)
-                 throws RemoteException, NotBoundException {
-             return (jmxName.equals(name)) ? jmxServer : null;
-         }
--        @Override
-         public void bind(String name, Remote obj)
-                 throws RemoteException, AlreadyBoundException, AccessException {
-         }
--        @Override
-         public void unbind(String name)
-                 throws RemoteException, NotBoundException, AccessException {
-         }
--        @Override
-         public void rebind(String name, Remote obj)
-                 throws RemoteException, AccessException {
-         }
--        @Override
-         public String[] list() throws RemoteException {
-             return new String[] { jmxName };
-         }
diff --git a/build-with-java-25.patch b/build-with-java-25.patch
new file mode 100644
index 0000000..cb7c5eb
--- /dev/null
+++ b/build-with-java-25.patch
@@ -0,0 +1,76 @@
+--- build.xml.orig	2026-02-12 14:28:31.466893106 -0500
++++ build.xml	2026-02-12 14:28:44.320933346 -0500
+@@ -968,7 +968,7 @@
+     <javac srcdir="java" destdir="${tomcat.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeAntRuntime="true" >
+       <!-- Uncomment this to show unchecked warnings:
+@@ -1021,7 +1021,7 @@
+     <javac srcdir="java" destdir="${tomcat.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeAntRuntime="true" >
+       <!-- Uncomment this to show unchecked warnings:
+@@ -1038,7 +1038,7 @@
+     <javac srcdir="java" destdir="${tomcat.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${release.java.version}"
++           source="22" target="22"
+            encoding="ISO-8859-1"
+            includeAntRuntime="true"
+            if:set="has-ffm" >
+@@ -1577,7 +1577,7 @@
+     <javac   srcdir="webapps/examples/WEB-INF/classes"
+              destdir="${tomcat.build}/webapps/examples/WEB-INF/classes"
+              debug="${compile.debug}" deprecation="${compile.deprecation}"
+-             release="${compile.release}"
++             source="8" target="8"
+              classpath="${tomcat.classes}"
+              encoding="ISO-8859-1"
+              includeantruntime="false">
+@@ -1806,7 +1806,7 @@
+            destdir="${xreflect.directory}/classes"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeAntRuntime="true" >
+       <compilerarg value="-XDignore.symbol.file"/>
+@@ -1892,7 +1892,7 @@
+     <javac srcdir="test" destdir="${test.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeantruntime="true">
+       <classpath refid="tomcat.test.classpath" />
+--- modules/jdbc-pool/build.xml.orig	2026-02-12 14:28:31.469893115 -0500
++++ modules/jdbc-pool/build.xml	2026-02-12 14:28:44.327503027 -0500
+@@ -163,7 +163,7 @@
+     <javac srcdir="${basedir}/src/main/java" destdir="${tomcat.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeantruntime="false">
+       <classpath refid="tomcat.jdbc.classpath"/>
+@@ -201,7 +201,7 @@
+     <javac srcdir="${basedir}/src/test/java" destdir="${tomcat.testclasses}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeantruntime="false">
+       <classpath refid="tomcat.jdbc.classpath"/>
diff --git a/rhbz-1857043.patch b/rhbz-1857043.patch
index dd74c3b..47d2276 100644
--- a/rhbz-1857043.patch
+++ b/rhbz-1857043.patch
@@ -1,7 +1,6 @@
-diff -up ./build.xml.orig ./build.xml
---- build.xml.orig	2021-07-07 10:53:55.493742841 +0800
-+++ build.xml	2021-07-07 11:09:43.107968515 +0800
-@@ -1020,7 +1020,7 @@
+--- build.xml.orig	2026-02-11 15:17:18.947314996 -0500
++++ build.xml	2026-02-11 15:17:23.675329041 -0500
+@@ -1116,7 +1116,7 @@
        filesDir="${tomcat.classes}"
        filesId="files.annotations-api"
        manifest="${tomcat.manifests}/annotations-api.jar.manifest"
@@ -10,7 +9,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- Servlet Implementation JAR File -->
      <jarIt jarfile="${servlet-api.jar}"
-@@ -1029,41 +1029,41 @@
+@@ -1125,41 +1125,41 @@
        manifest="${tomcat.manifests}/servlet-api.jar.manifest"
        notice="${tomcat.manifests}/servlet-api.jar.notice"
        license="${tomcat.manifests}/servlet-api.jar.license"
@@ -58,7 +57,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- Bootstrap JAR File -->
      <jarIt jarfile="${bootstrap.jar}"
-@@ -1075,61 +1075,61 @@
+@@ -1171,68 +1171,68 @@
      <jarIt jarfile="${tomcat-util.jar}"
        filesDir="${tomcat.classes}"
        filesId="files.tomcat-util"
@@ -90,6 +89,14 @@ diff -up ./build.xml.orig ./build.xml
        filesDir="${tomcat.classes}"
        filesId="files.tomcat-coyote"
 -      addOSGi="true" />
++      addOSGi="false" />
+
+     <!-- OpenSSL FFM - Coyote -->
+     <jarIt jarfile="${tomcat-coyote-ffm.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-coyote-ffm"
+       manifest="${tomcat.manifests}/tomcat-coyote-ffm.jar.manifest"
+-      addOSGi="true" />
 +      addOSGi="false" />
  
      <!-- WebSocket implementation JAR File -->
@@ -130,7 +137,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- Catalina Ant Tasks JAR File -->
      <jarIt jarfile="${catalina-ant.jar}"
-@@ -1140,27 +1140,27 @@
+@@ -1243,27 +1243,27 @@
      <jarIt jarfile="${catalina-storeconfig.jar}"
        filesDir="${tomcat.classes}"
        filesId="files.catalina-storeconfig"
@@ -162,7 +169,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- i18n JARs -->
      <jar jarfile="${tomcat.build}/lib/tomcat-i18n-cs.jar"
-@@ -1620,7 +1620,7 @@
+@@ -1716,7 +1716,7 @@
             filesId="files.tomcat-embed-core"
             notice="${tomcat.manifests}/servlet-api.jar.notice"
             license="${tomcat.manifests}/servlet-api.jar.license"
@@ -171,7 +178,7 @@ diff -up ./build.xml.orig ./build.xml
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-core"
             graalFiles="res/graal/tomcat-embed-core/native-image"
-@@ -1628,7 +1628,7 @@
+@@ -1724,7 +1724,7 @@
      <jarIt jarfile="${tomcat-embed-el.jar}"
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-el"
@@ -180,7 +187,7 @@ diff -up ./build.xml.orig ./build.xml
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-el"
             graalFiles="res/graal/tomcat-embed-el/native-image"
-@@ -1637,7 +1637,7 @@
+@@ -1733,7 +1733,7 @@
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-jasper"
             meta-inf="${tomcat.manifests}/jasper.jar"
@@ -189,7 +196,7 @@ diff -up ./build.xml.orig ./build.xml
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-jasper"
             graalFiles="res/graal/tomcat-embed-jasper/native-image"
-@@ -1646,7 +1646,7 @@
+@@ -1742,7 +1742,7 @@
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-websocket"
             meta-inf="${tomcat.manifests}/tomcat-websocket.jar"
diff --git a/sources b/sources
index d789131..38dc472 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (tomcat-9.0.87.redhat-00013-src.zip) = 1049d86d4bbdfd251a3f0cc72840cb6535a5637a76becaec8cb9c6532430dabaefd007af285fa1ac8d6a2a70f1d0378f6a1e908f7e7c5aff7c2bbedcd521cc9d
+SHA512 (apache-tomcat-9.0.110-src.tar.gz) = a8fe2c59a801d6fb16ea74019c6fc58c34543d4d25a16d64e929e67c7736f6e16d08ec2061b37f1783ebfa0b1dacfff991e46ed5d24d89300a140cb94449f570
diff --git a/tomcat9.spec b/tomcat9.spec
index f97822a..1429b40 100644
--- a/tomcat9.spec
+++ b/tomcat9.spec
@@ -31,8 +31,8 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 87
-%global packdname tomcat-%{major_version}.%{minor_version}.%{micro_version}.redhat-00013-src
+%global micro_version 110
+%global packdname apache-tomcat-%{major_version}.%{minor_version}.%{micro_version}-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@@ -53,12 +53,12 @@
 Name:          tomcat9
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       9%{?dist}
+Release:       1%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       Apache-2.0
 URL:           http://tomcat.apache.org/
-Source0:       %{packdname}.zip
+Source0:       %{packdname}.tar.gz
 Source1:       tomcat-%{major_version}.%{minor_version}.conf
 Source3:       tomcat-%{major_version}.%{minor_version}.sysconfig
 Source4:       tomcat-%{major_version}.%{minor_version}.wrapper
@@ -77,20 +77,20 @@ Patch1:        tomcat-%{major_version}.%{minor_version}-tomcat-users-webapp.patc
 Patch3:        tomcat-%{major_version}.%{minor_version}-catalina-policy.patch
 Patch4:        rhbz-1857043.patch
 Patch6:        tomcat-%{major_version}.%{minor_version}-bnd-annotation.patch
-Patch7:        JmxRemoteLifecycleListener.patch
+Patch7:        build-with-java-25.patch
 
 BuildArch:     noarch
 
 BuildRequires: ant
 BuildRequires: ecj >= 1:4.10
 BuildRequires: findutils
-BuildRequires: java-devel
 BuildRequires: javapackages-local
 BuildRequires: aqute-bnd
 BuildRequires: aqute-bndlib
 BuildRequires: systemd
+BuildRequires: java-25-devel
 
-Requires:      java-headless
+Requires:      (java-headless or java-25-headless)
 Requires:      javapackages-tools
 Requires:      %{name}-lib = %{epoch}:%{version}-%{release}
 
@@ -199,7 +199,7 @@ Obsoletes: tomcat-webapps < 1:10.0.0-1
 The ROOT web application for Apache Tomcat.
 
 %prep
-%setup -q -n apache-%{packdname}
+%setup -q -n %{packdname}
 # remove pre-built binaries and windows files
 find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \
    -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete
@@ -209,7 +209,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch -P3 -p0
 %patch -P4 -p0
 %patch -P6 -p0
-%patch -P7 -p1
+%patch -P7 -p0
 
 # Remove webservices naming resources as it's generally unused
 %{__rm} -rf java/org/apache/naming/factory/webservices
@@ -229,8 +229,12 @@ export OPT_JAR_LIST="xalan-j2-serializer"
 # so just create a dummy file for later removal
 touch HACK
 
+# Adding JAVA_HOME to always compile with java-25 instead of autodetecting
+export JAVA_HOME=%{_jvmdir}/java-25-openjdk
+export PATH=$JAVA_HOME/bin:$PATH
+
 # who needs a build.properties file anyway
-%{ant} -Dbase.path="." \
+ant -Dbase.path="." \
   -Dbuild.compiler="modern" \
   -Dcommons-daemon.jar="HACK" \
   -Dcommons-daemon.native.src.tgz="HACK" \
@@ -249,6 +253,9 @@ touch HACK
 
 # remove some jars that we'll replace with symlinks later
 %{__rm} output/build/lib/ecj.jar
+# Cleanup commons-daemon.jar that somehow appeared since last build, but is unnecessary
+%{__rm} -rf output/build/bin/commons-daemon.jar
+
 # Remove the example webapps per Apache Tomcat Security Considerations
 # see https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html
 %{__rm} -rf output/build/webapps/examples
@@ -396,6 +403,9 @@ popd
 %mvn_file org.apache.tomcat:tomcat-coyote tomcat/tomcat-coyote
 %mvn_artifact res/maven/tomcat-coyote.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-coyote.jar
 
+%mvn_file org.apache.tomcat:tomcat-coyote-ffm tomcat/tomcat-coyote-ffm
+%mvn_artifact res/maven/tomcat-coyote-ffm.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-coyote-ffm.jar
+
 %mvn_file org.apache.tomcat:tomcat-dbcp tomcat/tomcat-dbcp
 %mvn_artifact res/maven/tomcat-dbcp.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-dbcp.jar
 
@@ -622,6 +632,10 @@ fi
 %{appdir}/ROOT
 
 %changelog
+* Wed Feb 11 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-1
+- Resolves: RHEL-148687
+  Update to 9.0.110 and compile with Java 25 to enable FFM features for PQC support
+
 * Fri Jan 23 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.87-9
 - Resolves: RHEL-124496
   tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)