From d931d3a41e00eb2c547feb75ef2396d349c78793 Mon Sep 17 00:00:00 2001
From: doriscchao <doriscchao@tencent.com>
Date: Tue, 14 Apr 2026 16:10:53 +0800
Subject: [PATCH 1/2]  Update to version 9.0.117 to fix multiple CVEs

---
 sources     |  2 +-
 tomcat.spec | 17 +++++++++++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/sources b/sources
index 674672b..111567c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.111-src.tar.gz) = aa27b0e104cecb2d75853fc46ddae2bccda12ebb1c0e86e51731f7183028e17970dbacfd9d0f5534b32ea4c1d1f68bb0dac510aa71944ea686a545cf8e5adb40
+SHA512 (apache-tomcat-9.0.117-src.tar.gz) = f40854a6ed1f208ccdd3da82527fc806eb9231aebaee86d6987e9699d1d31bb548765241424368708b89bdce01d4558a638532a35932f686d3edabd26951041d
diff --git a/tomcat.spec b/tomcat.spec
index f0e3c75..dab803f 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -13,7 +13,7 @@
 
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 Name:          tomcat
-Version:       9.0.111
+Version:       9.0.117
 Release:       1%{?dist}
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
@@ -152,7 +152,7 @@ touch HACK
   -Dversion.build="%{micro_version}" \
   deploy
 
-rm output/build/bin/commons-daemon.jar output/build/lib/ecj.jar
+rm output/build/lib/ecj.jar
 rm -rf output/build/webapps/examples
 
 %install
@@ -234,6 +234,7 @@ pushd %{buildroot}%{_javadir}/%{name}
     ln -s ../../java/%{name}-servlet-%{servletspec}-api.jar .
     ln -s ../../java/%{name}-el-%{elspec}-api.jar .
     ln -s $(build-classpath ecj/ecj) jasper-jdt.jar
+    cp -a ../../%{name}/bin/tomcat-juli.jar .
 popd
 
 pushd %{buildroot}%{_datadir}/%{name}
@@ -414,6 +415,17 @@ fi
 %{_var}/lib/%{name}/webapps/ROOT
 
 %changelog
+* Tue Apr 14 2026 Doris Chao <doriscchao@tencent.com> - 9.0.117-1
+- [Type] security
+- [DESC] Update to version 9.0.117 to fix multiple CVEs:
+- Fixed in 9.0.117: CVE-2026-34500 (Moderate), CVE-2026-34487 (Low),
+- CVE-2026-34486 (Important), CVE-2026-34483 (Low)
+- Fixed in 9.0.116: CVE-2026-32990 (Moderate), CVE-2026-29146 (Important),
+- CVE-2026-29145 (Moderate), CVE-2026-29129 (Low), CVE-2026-25854 (Low),
+- CVE-2026-24880 (Low)
+- Fixed in 9.0.115: CVE-2026-24734 (Moderate)
+- Fixed in 9.0.113: CVE-2026-24733 (Low), CVE-2025-66614 (Moderate)
+
 * Wed Oct 29 2025 Doris Chao <doriscchao@tencent.com> - 9.0.111-1
 - [Type] security
 - [DESC] Update to version 9.0.111 to fix CVE-2025-55752, CVE-2025-55754
@@ -495,3 +507,4 @@ fi
 
 * Mon Apr 24 2023 Miaojun Dong <zoedong@tencent.com> - 9.0.71-1
 - initial build
+
-- 
Gitee


From ac2833265d2cb0c6e4aec46481afab3d6cab8166 Mon Sep 17 00:00:00 2001
From: doriscchao <doriscchao@tencent.com>
Date: Tue, 14 Apr 2026 16:36:01 +0800
Subject: [PATCH 2/2] fix

---
 tomcat.spec | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tomcat.spec b/tomcat.spec
index dab803f..26d1888 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -361,6 +361,7 @@ fi
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/bin/bootstrap.jar
 %{_datadir}/%{name}/bin/catalina-tasks.xml
+%{_datadir}/%{name}/bin/commons-daemon.jar
 %{_datadir}/%{name}/lib
 %{_datadir}/%{name}/temp
 %{_datadir}/%{name}/webapps
-- 
Gitee