From 959ac9a8059aa2568f495a5231c9b81f5c17bd6c6eaa04a1db5256c0f3bea020 Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Wed, 8 Jan 2020 07:19:26 +0000
Subject: [PATCH 1/3] Accepting request 759699 from
 home:mateialbu:branches:Java:packages

- Update to Tomcat 9.0.30. See changelog at
  http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
- Fixed CVEs:
  - CVE-2019-12418 (bsc#1159723)
  - CVE-2019-17563 (bsc#1159729)

OBS-URL: https://build.opensuse.org/request/show/759699
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=180
---
 apache-tomcat-9.0.27-src.tar.gz     |  3 --
 apache-tomcat-9.0.27-src.tar.gz.asc | 16 --------
 apache-tomcat-9.0.30-src.tar.gz     |  3 ++
 apache-tomcat-9.0.30-src.tar.gz.asc | 16 ++++++++
 tomcat-9.0-JDTCompiler-java.patch   | 62 -----------------------------
 tomcat.changes                      |  9 +++++
 tomcat.spec                         | 17 ++++----
 7 files changed, 35 insertions(+), 91 deletions(-)
 delete mode 100644 apache-tomcat-9.0.27-src.tar.gz
 delete mode 100644 apache-tomcat-9.0.27-src.tar.gz.asc
 create mode 100644 apache-tomcat-9.0.30-src.tar.gz
 create mode 100644 apache-tomcat-9.0.30-src.tar.gz.asc
 delete mode 100644 tomcat-9.0-JDTCompiler-java.patch

diff --git a/apache-tomcat-9.0.27-src.tar.gz b/apache-tomcat-9.0.27-src.tar.gz
deleted file mode 100644
index a277922..0000000
--- a/apache-tomcat-9.0.27-src.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5a78d96d388a0d143a9f9f002db18659d478f44bed19b59ec6f6d4e09033c7f1
-size 5761278
diff --git a/apache-tomcat-9.0.27-src.tar.gz.asc b/apache-tomcat-9.0.27-src.tar.gz.asc
deleted file mode 100644
index 63860dc..0000000
--- a/apache-tomcat-9.0.27-src.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAl2bDO8ACgkQEMAcWi9g
-Wecy8hAAkeYA9buTHPdlkkcVa3pg8ROg06QB56iI2318FjObFUqbKLfehM+Kluft
-1W24fp2QC+JWU3dwX1A8zANr0qtBJ4GEzbdZr7f7MivBvc8Eqlo5pL45McTgMoyI
-KjlYgFF5U/hFkMNMk5J5h+q9NjnojgFJsy18fPnfry7BfS2aC+qegBvnFm5svmoO
-K9y7nGxv8TFZs2Q0H2yExgiezrjsBCZllGDqyK/9kIFp1nbWr4eMcdU5a6lHOtP2
-LI/z4+dSfPN1ktyymPP2sq851C1XlRl5R8J4YRWOqGzPIYkAUKOcDxGRel5Uw4wd
-F4RQbb+oZ0S8YXN9mks/u0Shv2Dtq5cuSGEyrsRyT4+ZL/EwkwWaoCoVAG17bARC
-+J1aGHJAtJYA7lyJB0q3BLZRP7YENJv0kfxk4YWDABYvbXN0vMlFvhihc4byvO9J
-XqHo4C5unBbU7jcSP+/GJhuujMTxOqiG9NUwOMrLHNsUjsQTYNMyFzzm5OA9I0eZ
-JT+qWMm4Cu/v9a+6pfMv5tNWRhhLjeCfO7jcp2k+E+3YX3jghPy+RWOH1bT2ccZA
-Os0WbdmRtSW9lkQlqYaXE7uAgXE/yZmDLfngVEcJnJjhZCLKskx3XqNI6uR0t7c0
-9lOU1GBAH94ztZjAOkCIwjH3Roi5vsuGcAmYFyusIS7QSTXQfso=
-=s4BA
------END PGP SIGNATURE-----
diff --git a/apache-tomcat-9.0.30-src.tar.gz b/apache-tomcat-9.0.30-src.tar.gz
new file mode 100644
index 0000000..a8f720c
--- /dev/null
+++ b/apache-tomcat-9.0.30-src.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:073bf0a56738d9bcb70c6065077495506b41dcea26731f0599c701efb90dc4ba
+size 5798307
diff --git a/apache-tomcat-9.0.30-src.tar.gz.asc b/apache-tomcat-9.0.30-src.tar.gz.asc
new file mode 100644
index 0000000..aa24d18
--- /dev/null
+++ b/apache-tomcat-9.0.30-src.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAl3r2Q8ACgkQEMAcWi9g
+WefsBg/8CwNTI+JvM9pVcD7I3QzHjZJ61JMkf/cmgTvuDbWHCIlWiXqXEd5NcizF
+yuC1lg+8JotS+ZK5puOlZRzfX1W9sQ0ry6namKb6msj/czcgAQUVMIRC8ezjAlHe
+4pyweTv1bBVnL5zyvQr/f4344i/hzwR0PBFeNu2dAXp7Hs1E4nMDNi8j0RrNUF3s
+8WmIH+TxlNAJ0efc7T0NkQ3UbbOyuqDeAhAFlcFgZny/91JjAEJNs/ne1KXFZ2kK
+cyTOf03TBmz4HjNtQBTE7S8r1ZKGU1PJumivPnUToKgdBUf3SWiF3m3ywYXhbOIs
+OkME+Ru1Sx8M87fvqTf7qxgIaMk1DtTqqyG4K9bkhaDvnGTpqA+vSHK7rdnQVa1V
+E8ubJNA1/k94gLd2x9l4iP9ofgeF7U+Z0/UV3sJ6/U9RDHvm5QYEbgnoufCNiI/F
+59wUKSJbyCCVCH4t6w1PQg33hOHG+pqGDZS2L4Ji26UJzMb7cdftnn5BDOm8+pWX
+An50t/4X2yhYC9HyiCUFKsZdew0Sb0LTtqwySpagrjiW6KhxVqUoN1YwSBrcseXW
+DFsqQSPOYVMD9b05f5sog7gczI+2nusrshBWQD8rU0NPbuUladEJGP8MTlb2F4W5
+MecDnTUgJqvlrVgNULWaxcxby2NGh8bzoDXfE/Eg+JTDenh2g54=
+=Pnl6
+-----END PGP SIGNATURE-----
diff --git a/tomcat-9.0-JDTCompiler-java.patch b/tomcat-9.0-JDTCompiler-java.patch
deleted file mode 100644
index 259759b..0000000
--- a/tomcat-9.0-JDTCompiler-java.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-Index: apache-tomcat-9.0.19-src/java/org/apache/jasper/compiler/JDTCompiler.java
-===================================================================
---- apache-tomcat-9.0.19-src.orig/java/org/apache/jasper/compiler/JDTCompiler.java
-+++ apache-tomcat-9.0.19-src/java/org/apache/jasper/compiler/JDTCompiler.java
-@@ -312,18 +312,18 @@ public class JDTCompiler extends org.apa
-                              CompilerOptions.VERSION_1_7);
-             } else if(opt.equals("1.8")) {
-                 settings.put(CompilerOptions.OPTION_Source,
--                             CompilerOptions.VERSION_1_8);
-+                             "1.8"); // CompilerOptions.VERSION_1_8
-             // Version format changed from Java 9 onwards.
-             // Support old format that was used in EA implementation as well
-             } else if(opt.equals("9") || opt.equals("1.9")) {
-                 settings.put(CompilerOptions.OPTION_Source,
--                             CompilerOptions.VERSION_9);
-+                             "9"); // CompilerOptions.VERSION_9
-             } else if(opt.equals("10")) {
-                 settings.put(CompilerOptions.OPTION_Source,
--                             CompilerOptions.VERSION_10);
-+                             "10"); // CompilerOptions.VERSION_10
-             } else if(opt.equals("11")) {
-                 settings.put(CompilerOptions.OPTION_Source,
--                             CompilerOptions.VERSION_11);
-+                             "11"); // CompilerOptions.VERSION_11
-             } else if(opt.equals("12")) {
-                 // Constant not available in latest ECJ version shipped with
-                 // Tomcat. May be supported in a snapshot build.
-@@ -377,26 +377,26 @@ public class JDTCompiler extends org.apa
-                         CompilerOptions.VERSION_1_7);
-             } else if(opt.equals("1.8")) {
-                 settings.put(CompilerOptions.OPTION_TargetPlatform,
--                             CompilerOptions.VERSION_1_8);
-+                             "1.8"); // CompilerOptions.VERSION_1_8
-                 settings.put(CompilerOptions.OPTION_Compliance,
--                        CompilerOptions.VERSION_1_8);
-+                        "1.8"); // CompilerOptions.VERSION_1_8
-             // Version format changed from Java 9 onwards.
-             // Support old format that was used in EA implementation as well
-             } else if(opt.equals("9") || opt.equals("1.9")) {
-                 settings.put(CompilerOptions.OPTION_TargetPlatform,
--                             CompilerOptions.VERSION_9);
-+                             "9"); // CompilerOptions.VERSION_9
-                 settings.put(CompilerOptions.OPTION_Compliance,
--                        CompilerOptions.VERSION_9);
-+                        "9"); // CompilerOptions.VERSION_9
-             } else if(opt.equals("10")) {
-                 settings.put(CompilerOptions.OPTION_TargetPlatform,
--                        CompilerOptions.VERSION_10);
-+                        "10"); // CompilerOptions.VERSION_10
-                 settings.put(CompilerOptions.OPTION_Compliance,
--                        CompilerOptions.VERSION_10);
-+                        "10"); // CompilerOptions.VERSION_10
-             } else if(opt.equals("11")) {
-                 settings.put(CompilerOptions.OPTION_TargetPlatform,
--                        CompilerOptions.VERSION_11);
-+                        "11"); // CompilerOptions.VERSION_11
-                 settings.put(CompilerOptions.OPTION_Compliance,
--                        CompilerOptions.VERSION_11);
-+                        "11"); // CompilerOptions.VERSION_11
-             } else if(opt.equals("12")) {
-                 // Constant not available in latest ECJ version shipped with
-                 // Tomcat. May be supported in a snapshot build.
diff --git a/tomcat.changes b/tomcat.changes
index d1be317..e2a47b9 100644
--- a/tomcat.changes
+++ b/tomcat.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Fri Dec 27 10:22:58 UTC 2019 - Matei Albu <malbu@suse.com>
+
+- Update to Tomcat 9.0.30. See changelog at
+  http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
+- Fixed CVEs:
+  - CVE-2019-12418 (bsc#1159723)
+  - CVE-2019-17563 (bsc#1159729)
+
 -------------------------------------------------------------------
 Mon Nov 18 09:13:10 UTC 2019 - Fridrich Strba <fstrba@suse.com>
 
diff --git a/tomcat.spec b/tomcat.spec
index f5a2d0c..dca7879 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package tomcat
 #
-# Copyright (c) 2019 SUSE LLC.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 # Copyright (c) 2000-2009, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties
@@ -22,7 +22,7 @@
 %define elspec 3.0
 %define major_version 9
 %define minor_version 0
-%define micro_version 27
+%define micro_version 30
 %define packdname apache-tomcat-%{version}-src
 # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
 %global basedir /srv/%{name}
@@ -73,14 +73,12 @@ Source1002:     %{name}.keyring
 Patch0:         %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 #PATCH-FIX-UPSTREAM: from jpackage.org package
 Patch1:         %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
-# PATCH-FIX-UPSTREAM: https://issues.apache.org/bugzilla/show_bug.cgi?id=56373
-Patch2:         %{name}-%{major_version}.%{minor_version}-JDTCompiler-java.patch
 # PATCH-FIX-SLE: Change security manager default policies bnc#891264
-Patch3:         %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.patch
+Patch2:         %{name}-%{major_version}.%{minor_version}-sle.catalina.policy.patch
 # PATCH-FIX-OPENSUSE: build javadoc with the same java source level as the class files
-Patch4:         %{name}-%{major_version}.%{minor_version}-javadoc.patch
+Patch3:         %{name}-%{major_version}.%{minor_version}-javadoc.patch
 # PATCH-FIX-OPENSUSE: disable adding OSGi metadata to JAR files because bndtools is not avalable in SLES/OpenSUSE
-Patch5:         tomcat-9.0-disable-osgi-build.patch
+Patch4:         tomcat-9.0-disable-osgi-build.patch
 
 BuildRequires:  ant >= 1.8.1
 BuildRequires:  ant-antlr
@@ -255,10 +253,9 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
           -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -print -delete
 %patch0
 %patch1
-#%patch2 -p1
-%patch3
+%patch2
+%patch3 -p1
 %patch4 -p1
-%patch5 -p1
 
 # remove date from docs
 sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl

From 1097707624bf9c81b794d19e7920e84efcaa3f9c0d7179ff4d9e98e348542b2c Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Wed, 8 Jan 2020 07:21:02 +0000
Subject: [PATCH 2/3] OBS-URL:
 https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=181

---
 tomcat.changes | 3 +++
 tomcat.spec    | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/tomcat.changes b/tomcat.changes
index e2a47b9..1617a12 100644
--- a/tomcat.changes
+++ b/tomcat.changes
@@ -6,6 +6,9 @@ Fri Dec 27 10:22:58 UTC 2019 - Matei Albu <malbu@suse.com>
 - Fixed CVEs:
   - CVE-2019-12418 (bsc#1159723)
   - CVE-2019-17563 (bsc#1159729)
+- Removed patch:
+  * tomcat-9.0-JDTCompiler-java.patch
+    + It was not applied
 
 -------------------------------------------------------------------
 Mon Nov 18 09:13:10 UTC 2019 - Fridrich Strba <fstrba@suse.com>
diff --git a/tomcat.spec b/tomcat.spec
index dca7879..63dae4c 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package tomcat
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
 # Copyright (c) 2000-2009, JPackage Project
 #
 # All modifications and additions to the file contributed by third parties

From 6dda5b6b5271f6a041f3ee1a8082be9da0d75bede8268d7c4b9ca965b32a633e Mon Sep 17 00:00:00 2001
From: Fridrich Strba <fstrba@suse.com>
Date: Wed, 8 Jan 2020 11:40:53 +0000
Subject: [PATCH 3/3] OBS-URL:
 https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=182

---
 tomcat.changes | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tomcat.changes b/tomcat.changes
index 1617a12..86d4850 100644
--- a/tomcat.changes
+++ b/tomcat.changes
@@ -4,6 +4,8 @@ Fri Dec 27 10:22:58 UTC 2019 - Matei Albu <malbu@suse.com>
 - Update to Tomcat 9.0.30. See changelog at
   http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.30_(markt)
 - Fixed CVEs:
+  - CVE-2019-0221 (bsc#1136085)
+  - CVE-2019-10072 (bsc#1139924)
   - CVE-2019-12418 (bsc#1159723)
   - CVE-2019-17563 (bsc#1159729)
 - Removed patch: