import OL tomcat9-9.0.87-8.el10_1.1

.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -1,3 +1 @@
-/tomcat-9.0.87.redhat-00005-src.zip
-/tomcat-9.0.87.redhat-00006-src.zip
-/tomcat-9.0.87.redhat-00008-src.zip
+tomcat-9.0.87.redhat-00013-src.zip

ci.fmf

@@ -1 +0,0 @@
-resultsdb-testcase: separate

gating.yaml

@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-10
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}

plans/smoke.fmf

@@ -1,9 +0,0 @@
-summary: Basic smoke test
-prepare:
-  - name: packages
-    how: install
-    package:
-      - tomcat9
-execute:
-    how: tmt
-    script: which tomcat

plans/tier1-internal.fmf

@@ -1,11 +0,0 @@
-summary: Internal Tier1 beakerlib tests.
-discover:
-  - name: rhel
-    how: fmf
-    url: git://pkgs.devel.redhat.com/tests/tomcat9
-    filter: 'tier: 1'
-execute:
-    how: tmt
-adjust:
-    enabled: false
-    when: distro == centos-stream-10

sources

@@ -1 +1 @@
-SHA512 (tomcat-9.0.87.redhat-00008-src.zip) = 5863c033928427db91d1ecf92485641aa3de8d0bf38dd23293c6d86667da46df77b592342031f7caf915a52ed87a415a1d88937809a0b799a17b5901ceda03c2
+SHA512 (tomcat-9.0.87.redhat-00013-src.zip) = 1049d86d4bbdfd251a3f0cc72840cb6535a5637a76becaec8cb9c6532430dabaefd007af285fa1ac8d6a2a70f1d0378f6a1e908f7e7c5aff7c2bbedcd521cc9d

tomcat-server

@@ -10,7 +10,8 @@ OPTIONS="-Dcatalina.base=$CATALINA_BASE \
 -Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \
 -Djava.io.tmpdir=$CATALINA_TMPDIR \
 -Djava.util.logging.config.file=${LOGGING_PROPERTIES} \
--Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
+-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
+-Dsun.io.useCanonCaches=false"
 
 if [ "$1" = "start" ] ; then
   FLAGS="${FLAGS} $CATALINA_OPTS"

tomcat9.spec

@@ -32,7 +32,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 87
-%global packdname tomcat-%{major_version}.%{minor_version}.%{micro_version}.redhat-00008-src
+%global packdname tomcat-%{major_version}.%{minor_version}.%{micro_version}.redhat-00013-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@@ -53,7 +53,7 @@
 Name:          tomcat9
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       5%{?dist}
+Release:       8%{?dist}.1
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       Apache-2.0
@@ -622,6 +622,36 @@ fi
 %{appdir}/ROOT
 
 %changelog
+* Thu Nov 27 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-8.el10_1.1
+- Resolves: RHEL-124497
+  tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
+- Resolves: RHEL-91732
+  tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
+
+* Mon Aug 18 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-8
+- Resolves: RHEL-102186
+  tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
+
+* Wed Aug 13 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-7
+- Resolves: RHEL-108485
+  tomcat: Apache Commons FileUpload DOS via part headers (CVE-2025-48976)
+- Resolves: RHEL-108493
+  tomcat: Dos in multipart upload (CVE-2025-48988)
+- Resolves: RHEL-108501
+  tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
+- Resolves: RHEL-108509
+  tomcat: Denial of service (CVE-2025-52434)
+- Resolves: RHEL-108522
+  tomcat: Denial of service (CVE-2025-52520)
+- Resolves: RHEL-108517
+  tomcat: Denial of service (CVE-2025-53506)
+
+* Mon May 26 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5.el10_0.1
+- Resolves: RHEL-91750
+  tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650)
+- Resolves: RHEL-94960
+  tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337)
+
 * Mon Apr 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-5
 - Resolves: RHEL-82927
   tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813)