From 916ab516bb23580b6306808f5c3d997771ffef8e Mon Sep 17 00:00:00 2001
From: Adam Krajcik <akrajcik@redhat.com>
Date: Mon, 14 Apr 2025 07:30:22 +0200
Subject: [PATCH] Fix CVE-2025-24813

Resolves: RHEL-82927 - tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT
---
 .gitignore   | 1 +
 sources      | 2 +-
 tomcat9.spec | 8 ++++++--
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 79e99ec..42f32b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /tomcat-9.0.87.redhat-00005-src.zip
 /tomcat-9.0.87.redhat-00006-src.zip
+/tomcat-9.0.87.redhat-00008-src.zip
diff --git a/sources b/sources
index fc510ef..6988a48 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (tomcat-9.0.87.redhat-00006-src.zip) = b4696cff161bc872ca420aed24f865f09820dadbde3a9c619138c4dc1a11c215d4d41dcd0c108a0d0b8c85dedf6c53fcbceb375a40f37f9a68a3c2a630d909cc
+SHA512 (tomcat-9.0.87.redhat-00008-src.zip) = 5863c033928427db91d1ecf92485641aa3de8d0bf38dd23293c6d86667da46df77b592342031f7caf915a52ed87a415a1d88937809a0b799a17b5901ceda03c2
diff --git a/tomcat9.spec b/tomcat9.spec
index ea78660..6d6116a 100644
--- a/tomcat9.spec
+++ b/tomcat9.spec
@@ -32,7 +32,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 87
-%global packdname tomcat-%{major_version}.%{minor_version}.%{micro_version}.redhat-00006-src
+%global packdname tomcat-%{major_version}.%{minor_version}.%{micro_version}.redhat-00008-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@@ -53,7 +53,7 @@
 Name:          tomcat9
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       4%{?dist}
+Release:       5%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       Apache-2.0
@@ -622,6 +622,10 @@ fi
 %{appdir}/ROOT
 
 %changelog
+* Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
+- Resolves: RHEL-82927
+  tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)
+
 * Thu Feb 13 2025 Joe Orton <jorton@redhat.com> - 1:9.0.87-4
 - add Obsoletes to aid upgrade path from tomcat-9.x
   Resolves: RHEL-79313