import CS tomcat9-9.0.110-2.el10

2026-04-14 05:59:35 -04:00
9 changed files with 2 additions and 4041 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -1 +0,0 @@
-1
--- a/.gitignore
+++ b/.gitignore
@ -1,9 +1 @@
-results_tomcat9
-*.rpm
-/tomcat-9.0.87.redhat-*-src.zip
-/apache-tomcat-9*-src.tar.gz
-apache-tomcat-*-src
-/tomcat9.iml
-/.idea/.gitignore
-/.idea/modules.xml
-/.idea/vcs.xml
+apache-tomcat-9.0.110-src.tar.gz
--- a/ci.fmf
+++ b/ci.fmf
@ -1 +0,0 @@
-resultsdb-testcase: separate
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
--- !Policy
-product_versions:
-  - rhel-10
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}
--- a/plans/smoke.fmf
+++ b/plans/smoke.fmf
@ -1,9 +0,0 @@
-summary: Basic smoke test
-prepare:
-  - name: packages
-    how: install
-    package:
-      - tomcat9
-execute:
-    how: tmt
-    script: which tomcat
--- a/plans/tier1-internal.fmf
+++ b/plans/tier1-internal.fmf
@ -1,11 +0,0 @@
-summary: Internal Tier1 beakerlib tests.
-discover:
-  - name: rhel
-    how: fmf
-    url: git://pkgs.devel.redhat.com/tests/tomcat9
-    filter: 'tier: 1'
-execute:
-    how: tmt
-adjust:
-    enabled: false
-    when: distro == centos-stream-10
--- a/rhel-150720.patch
+++ b/rhel-150720.patch
--- a/rhel-168243.patch
+++ b/rhel-168243.patch
@ -1,34 +0,0 @@
-diff -up ./java/org/apache/coyote/ajp/Constants.java ./java/org/apache/coyote/ajp/Constants.java
--- ./java/org/apache/coyote/ajp/Constants.java	2025-10-01 04:36:05.000000000 -0400
-+++ ./java/org/apache/coyote/ajp/Constants.java	2026-04-14 15:27:50.820988961 -0400
-@@ -105,7 +105,7 @@
-
-     // Translates integer codes to names of HTTP methods
-     private static final String[] methodTransArray =
-            { Method.OPTIONS, Method.GET, Method.HEAD, Method.POST, Method.PUT, Method.OPTIONS, Method.TRACE, Method.TRACE, Method.PROPPATCH, Method.MKCOL, Method.COPY,
-+            { Method.OPTIONS, Method.GET, Method.HEAD, Method.POST, Method.PUT, Method.DELETE, Method.TRACE, Method.TRACE, Method.PROPPATCH, Method.MKCOL, Method.COPY,
-                     Method.MOVE, Method.LOCK, Method.UNLOCK, "ACL", "REPORT", "VERSION-CONTROL", "CHECKIN", "CHECKOUT", "UNCHECKOUT",
-                     "SEARCH", "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY" };
-
-diff -up ./test/org/apache/catalina/realm/TestRealmBase.java ./test/org/apache/catalina/realm/TestRealmBase.java
--- ./test/org/apache/catalina/realm/TestRealmBase.java	2025-10-01 04:36:05.000000000 -0400
-+++ ./test/org/apache/catalina/realm/TestRealmBase.java	2026-04-14 15:27:50.821211035 -0400
-@@ -660,7 +660,7 @@
-         SecurityConstraint deleteConstraint = new SecurityConstraint();
-         deleteConstraint.addAuthRole(ROLE1);
-         SecurityCollection deleteCollection = new SecurityCollection();
-        deleteCollection.addMethod(Method.OPTIONS);
-+        deleteCollection.addMethod(Method.DELETE);
-         deleteCollection.addPatternDecoded("/*");
-         deleteConstraint.addCollection(deleteCollection);
-
-@@ -772,7 +772,7 @@
-
-         // Only user1 should be able to perform a DELETE as only that user has
-         // role1.
-        request.setMethod(Method.OPTIONS);
-+        request.setMethod(Method.DELETE);
-
-         SecurityConstraint[] constraintsDelete =
-                 mapRealm.findSecurityConstraints(request, context);
-
--- a/tomcat9.spec
+++ b/tomcat9.spec
@ -53,7 +53,7 @@
 Name:          tomcat9
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       4%{?dist}
+Release:       2%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API

 License:       Apache-2.0
@ -79,8 +79,6 @@ Patch4:        rhbz-1857043.patch
 Patch6:        tomcat-%{major_version}.%{minor_version}-bnd-annotation.patch
 Patch7:        build-with-java-25.patch
 Patch8:        rhel-158962.patch
-Patch9:        rhel-168243.patch
-Patch10:        rhel-150720.patch

 BuildArch:     noarch

@ -214,8 +212,6 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch -P6 -p0
 %patch -P7 -p0
 %patch -P8 -p1
-%patch -P9 -p1
-%patch -P10 -p1

 # Remove webservices naming resources as it's generally unused
 %{__rm} -rf java/org/apache/naming/factory/webservices
@ -638,13 +634,6 @@ fi
 %{appdir}/ROOT

 %changelog
-* Thu Apr 16 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.110-4
- Resolves: RHEL-150720
-  Tomcat: Certificate revocation bypass due to improper OCSP response validation (CVE-2026-24734)
-
-* Tue Apr 14 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-3
- Resolves: RHEL-168243 Fix copy/paste error in AJP connector that caused DELETE requests to be processed as OPTIONS requests (BZ#69848)
-
 * Mon Mar 23 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-2
 - Resolves: RHEL-158962 NPE in tomcat9 when used with TLS enabled custom connector