diff --git a/apache-tomcat-9.0.10-src.tar.gz b/apache-tomcat-9.0.10-src.tar.gz
deleted file mode 100644
index 98485e0..0000000
--- a/apache-tomcat-9.0.10-src.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5d6a2ff9715c1624d9e99e0b02e1811d2772a3291c8641269cfc0884d5942c34
-size 5147367
diff --git a/apache-tomcat-9.0.10-src.tar.gz.asc b/apache-tomcat-9.0.10-src.tar.gz.asc
deleted file mode 100644
index cb0d0bd..0000000
--- a/apache-tomcat-9.0.10-src.tar.gz.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAlstN0UACgkQEMAcWi9g
-Wec65Q/+JAVi3ft4q5R7rcF5cA1Qh2vK1Jh2PaWrIQbk5PxFb8uG0IdbZXn2DlIL
-9F7Pa20pGti84/CgN19OqYxFOvxr6g0lxyG+0FqGxKAsEG/LhznLTl7a7a0Mios4
-PyiYdpdFGNp7eCpavckYGIqtqGeCfY1dZiVtA7ZmV1OiACVSuwdRowb6xCcwuz2H
-ZgqSybLLDQVknOpoJHtPrqr8spy+P1IULUdrZb3aMeXaQ9R+UdNb/zmX967N/gd6
-S0fQKuoJp35kQ9PWwYhWrgsxX6/ZNuLo1DvIL1KLoFnEEqPVy1mVXdFunb99kaIZ
-phhRv4tIV9DNqMg3Gy4u2axjAOKE5lJ+HwrcQt2GlyWXEwbC2cqUmJ1whzv+C9H0
-5tM49fUDFlFm2WBKzcgGH8piofH2bkaA5wCQUwW23rlU/GisDQvTXk/K3U5itpIS
-7xPzeap2McNPURn1zjmFeqyoMkujnf8qkValITVpDo0c84o9/5+ywheTE7/VIzXF
-0LYelM0UuW0BqWFy8GY6iRk3EycfK6DcxejbNpB8TEXq+am5y7y1lNa7xz56WfDY
-KcVoSG9kionCdgJeivCaDK/PdVEWb5vqs0XjOryrInB5C1R5t4jbwxJCU0FSo7in
-7cHSeh4HxBC6bAQfsrhy4uoWkdz9Y8DvEOaC5sN205sLr7kMe3E=
-=WeRG
------END PGP SIGNATURE-----
diff --git a/apache-tomcat-9.0.12-src.tar.gz b/apache-tomcat-9.0.12-src.tar.gz
new file mode 100644
index 0000000..e09733c
--- /dev/null
+++ b/apache-tomcat-9.0.12-src.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9147fc05d0e9861ab60fe875c9d7a225dfbbd32a21c9f221109cc584489b0e39
+size 5194369
diff --git a/apache-tomcat-9.0.12-src.tar.gz.asc b/apache-tomcat-9.0.12-src.tar.gz.asc
new file mode 100644
index 0000000..6dcc721
--- /dev/null
+++ b/apache-tomcat-9.0.12-src.tar.gz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAluPBGoACgkQEMAcWi9g
+WefN+g/7B5ie5pQF0i2ABQ+66djkzIZ4GxSyCmWCf1l9VaqaMLXv8XiirLIDCt8G
+lDFH3P/XFgL1v1DQUZ091QNxNWPPLNR+gIL+AMdbP33LaBnChjITj9pdXgsNltAC
+MlBS17H4pWI/lnK0RE/UslJ+O1oNbPbpLYz1J6q1wyk1Z0Cnok9ABxGXiEOeh54Q
+pmQ6PejLWQ2z8xTL/roJIUQnO1SAp2Cdrk9aDeY58mYqKKvJagA0FMlFodGOEbLH
+NFY817wbA587akb79qPp1aveDv3ItMSKxMZFBvt2wzbIZlesOF/Uwm9UP+CX7s0R
+aLpJ9yXo8RfXjIYxuJDkPnC/q1Jepj3rLPnyRNVTtJ4gW6vwKsd7gBp5ox17Q0HA
+6xc0DX9ttjOIMUDK8jWGz0jo1Cn1xHUMaXe/qgtPAwcxcB1oB0rZNOdoaYPyCAul
+/OJZC7HrkIjZDOHFv3UgzhqC6HwcEJfTQJUS9EW6smKnx8NrBN6/SIz7gWkB3iy0
+LjTRbUmQ3bQ6klie1B5jYXiMTjs+DtMmZ6HtR7HAFtvZHdiC/FbHWwpNINyb0846
+bSTjpQvvZUk9alh/P1THErZKyztKpxWaBPOO7Eto/nYv2m/7gu6+SxR714M1f2/7
+JDQCVBj2FtFTjZP53fZNeGdY2UcvasLSOkVhwGQUOMrHN9U9Wxw=
+=UbeY
+-----END PGP SIGNATURE-----
diff --git a/tomcat-9.0-disable-osgi-build.patch b/tomcat-9.0-disable-osgi-build.patch
index f663891..3239a35 100644
--- a/tomcat-9.0-disable-osgi-build.patch
+++ b/tomcat-9.0-disable-osgi-build.patch
@@ -1,21 +1,8 @@
-Index: build.xml
-IDEA additional info:
-Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
-<+>UTF-8
+Index: apache-tomcat-9.0.12-src/build.xml
 ===================================================================
---- build.xml	(date 1529515764000)
-+++ build.xml	(date 1534335916000)
-@@ -15,7 +15,8 @@
-   See the License for the specific language governing permissions and
-   limitations under the License.
- -->
--<project name="Tomcat 9.0" default="deploy" basedir=".">
-+<project name="Tomcat 9.0" default="deploy" basedir="."
-+  xmlns:if="ant:if" xmlns:unless="ant:unless">
- 
-   <!-- ===================== Initialize Property Values ==================== -->
- 
-@@ -728,7 +729,7 @@
+--- apache-tomcat-9.0.12-src.orig/build.xml
++++ apache-tomcat-9.0.12-src/build.xml
+@@ -740,7 +740,7 @@
    </target>
  
    <target name="build-bnd" unless="bnd.uptodate"
@@ -24,16 +11,25 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
  
      <mkdir dir="${tomcat.bnd}" />
      <copy todir="${tomcat.bnd}" overwrite="yes" filtering="yes"
-@@ -2970,7 +2971,7 @@
+@@ -3178,7 +3178,7 @@ Read the Building page on the Apache Tom
  
    <!-- ======================= Macros, Taskdefs etc ======================== -->
  
--  <target name="setup-bnd" >
-+  <target name="setup-bnd" if="add.osgi.jar.metadata"> 
+-  <target name="download-bnd" >
++  <target name="download-bnd" if="add.osgi.jar.metadata">
      <!-- Download bnd -->
      <antcall target="downloadfile">
        <param name="sourcefile" value="${bnd.loc}"/>
-@@ -3025,7 +3026,7 @@
+@@ -3200,7 +3200,7 @@ Read the Building page on the Apache Tom
+     </antcall>
+   </target>
+ 
+-  <target name="setup-bnd" depends="download-bnd">
++  <target name="setup-bnd" depends="download-bnd" if="add.osgi.jar.metadata">
+     <!-- Add bnd tasks to project -->
+     <path id="bndlib.classpath">
+       <fileset file="${bnd.jar}" />
+@@ -3240,7 +3240,7 @@ Read the Building page on the Apache Tom
          <zipfileset file="@{notice}" fullpath="META-INF/NOTICE" />
          <zipfileset file="@{license}" fullpath="META-INF/LICENSE" />
        </jar>
diff --git a/tomcat-9.0-javadoc.patch b/tomcat-9.0-javadoc.patch
index e054444..20877dd 100644
--- a/tomcat-9.0-javadoc.patch
+++ b/tomcat-9.0-javadoc.patch
@@ -1,11 +1,8 @@
-Index: build.xml
-IDEA additional info:
-Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
-<+>UTF-8
+Index: apache-tomcat-9.0.12-src/build.xml
 ===================================================================
---- build.xml	(date 1511643656000)
-+++ build.xml	(revision )
-@@ -1772,10 +1772,11 @@
+--- apache-tomcat-9.0.12-src.orig/build.xml
++++ apache-tomcat-9.0.12-src/build.xml
+@@ -1861,10 +1861,11 @@ Apache Tomcat ${version} native binaries
        encoding="UTF-8"
        docencoding="UTF-8"
        charset="UTF-8"
@@ -18,7 +15,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
        <classpath>
          <path refid="compile.classpath"/>
          <path refid="tomcat.webservices.classpath"/>
-@@ -1793,10 +1794,11 @@
+@@ -1882,10 +1883,11 @@ Apache Tomcat ${version} native binaries
        encoding="UTF-8"
        docencoding="UTF-8"
        charset="UTF-8"
@@ -31,7 +28,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
        <classpath>
          <path refid="compile.classpath"/>
          <path refid="tomcat.webservices.classpath"/>
-@@ -1814,10 +1816,11 @@
+@@ -1903,10 +1905,11 @@ Apache Tomcat ${version} native binaries
        encoding="UTF-8"
        docencoding="UTF-8"
        charset="UTF-8"
@@ -44,7 +41,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
        <classpath>
          <path refid="compile.classpath"/>
          <path refid="tomcat.webservices.classpath"/>
-@@ -1835,10 +1838,11 @@
+@@ -1924,10 +1927,11 @@ Apache Tomcat ${version} native binaries
        encoding="UTF-8"
        docencoding="UTF-8"
        charset="UTF-8"
@@ -57,7 +54,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
        <classpath>
          <path refid="compile.classpath"/>
          <path refid="tomcat.webservices.classpath"/>
-@@ -1855,10 +1859,11 @@
+@@ -1944,10 +1948,11 @@ Apache Tomcat ${version} native binaries
        encoding="UTF-8"
        docencoding="UTF-8"
        charset="UTF-8"
@@ -71,12 +68,12 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
        <classpath>
          <path refid="compile.classpath"/>
          <path refid="tomcat.webservices.classpath"/>
-@@ -1868,9 +1873,6 @@
+@@ -1957,9 +1962,6 @@ Apache Tomcat ${version} native binaries
        <link href="../jspapi"/>
        <link href="../elapi"/>
        <link href="../websocketapi"/>
 -      <link href="http://docs.oracle.com/javase/8/docs/api/"/>
--      <link href="http://commons.apache.org/proper/commons-io/javadocs/api-release/"/>
+-      <link href="https://commons.apache.org/proper/commons-io/javadocs/api-release/"/>
 -      <link href="https://javaee.github.io/javaee-spec/javadocs/"/>
        <packageset dir="${tomcat.dist}/src/java/">
          <include name="org/**"/>
diff --git a/tomcat-9.0-sle.catalina.policy.patch b/tomcat-9.0-sle.catalina.policy.patch
index 2319087..9a50f78 100644
--- a/tomcat-9.0-sle.catalina.policy.patch
+++ b/tomcat-9.0-sle.catalina.policy.patch
@@ -1,11 +1,8 @@
 Index: conf/catalina.policy
-IDEA additional info:
-Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
-<+>UTF-8
 ===================================================================
---- conf/catalina.policy	(revision Local version)
-+++ conf/catalina.policy	(revision Shelved version)
-@@ -167,6 +167,9 @@
+--- conf/catalina.policy.orig
++++ conf/catalina.policy
+@@ -167,6 +167,9 @@ grant {
      permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
  
      // Precompiled JSPs need access to these packages.
@@ -15,7 +12,7 @@ Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
      permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
      permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
      permission java.lang.RuntimePermission
-@@ -230,6 +233,15 @@
+@@ -216,6 +219,15 @@ grant codeBase "file:${catalina.home}/we
  };
  
  
diff --git a/tomcat-9.0-tomcat-users-webapp.patch b/tomcat-9.0-tomcat-users-webapp.patch
index cb7783a..8215910 100644
--- a/tomcat-9.0-tomcat-users-webapp.patch
+++ b/tomcat-9.0-tomcat-users-webapp.patch
@@ -1,6 +1,8 @@
---- conf/tomcat-users.xml~	2008-01-28 17:41:06.000000000 -0500
-+++ conf/tomcat-users.xml	2008-03-07 19:40:07.000000000 -0500
-@@ -23,4 +23,14 @@
+Index: conf/tomcat-users.xml
+===================================================================
+--- conf/tomcat-users.xml.orig
++++ conf/tomcat-users.xml
+@@ -41,4 +41,14 @@
    <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
    <user username="role1" password="<must-be-changed>" roles="role1"/>
  -->
diff --git a/tomcat.changes b/tomcat.changes
index d940a77..80a837f 100644
--- a/tomcat.changes
+++ b/tomcat.changes
@@ -1,8 +1,21 @@
+-------------------------------------------------------------------
+Thu Oct 18 08:12:41 UTC 2018 - malbu@suse.com
+
+- Update to Tomcat 9.0.12. See changelog at 
+  http://tomcat.apache.org/tomcat-9.0-doc/changelog.html#Tomcat_9.0.12_(markt)
+- Fixed CVEs:
+  - CVE-2018-11784 (bsc#1110850)
+- Rebased patches:
+  - tomcat-9.0-disable-osgi-build.patch
+  - tomcat-9.0-javadoc.patch
+  - tomcat-9.0-sle.catalina.policy.patch
+  - tomcat-9.0-tomcat-users-webapp.patch
+
 -------------------------------------------------------------------
 Tue Sep 11 10:34:02 UTC 2018 - ecsos@opensuse.org
 
 - Declare following files to config(noreplace) to prevent override
-  access  rights:
+  access rights:
   - host-manager/META-INF/context.xml
   - manager/META-INF/context.xml
 
diff --git a/tomcat.spec b/tomcat.spec
index c54b4a0..c25432f 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -22,7 +22,7 @@
 %define elspec 3.0
 %define major_version 9
 %define minor_version 0
-%define micro_version 10
+%define micro_version 12
 %define packdname apache-tomcat-%{version}-src
 # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
 %global basedir /srv/%{name}
@@ -257,8 +257,8 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch1
 %patch2
 %patch3
-%patch4
-%patch5
+%patch4 -p1
+%patch5 -p1
 
 # remove date from docs
 sed -i -e '/build-date/ d' webapps/docs/tomcat-docs.xsl