From f3dacbbf6eb22acbb9bdb96c99f6675022488fda Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Fri, 20 Dec 2019 08:26:42 -0500
Subject: [PATCH 01/16] Update to 9.0.30

---
 sources     | 2 +-
 tomcat.spec | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/sources b/sources
index 462e73a..33c6aba 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.26-src.tar.gz) = 8f430439c66f5a43c7a35bc99edd11549100be28b17fb44e17ec432f72e1797cdebd641a7f19c1d918635e51c164ecd1c9d1399a63abfce05d9a8c37db381837
+SHA512 (apache-tomcat-9.0.30-src.tar.gz) = 5a693c26bc78c504ca9c30cab6356927dbeded199798b558f2efe428a98fd68a88e0c113cc7b710fe3b2109e5ae3a970ff3989f909b95eb782d47d12a2a3a20d
diff --git a/tomcat.spec b/tomcat.spec
index d53c576..881aa3d 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 26
+%global micro_version 30
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 4.0
 %global elspec 3.0
@@ -610,6 +610,9 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Fri Dec 20 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.30-1
+- Update to 9.0.30
+
 * Thu Sep 26 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.26-1
 - Update to 9.0.26
 - Resolves: rhbz#1523112 tomcat systemd does not cope with - in service names

From 1c5f200345e02cd8d26285a0a6418699396d1d99 Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Thu, 5 Mar 2020 15:12:02 -0500
Subject: [PATCH 02/16] Update to 9.0.31 Resolves: rhbz#1806398 - CVE-2020-1938
 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

---
 sources     | 2 +-
 tomcat.spec | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/sources b/sources
index 33c6aba..7481d0f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.30-src.tar.gz) = 5a693c26bc78c504ca9c30cab6356927dbeded199798b558f2efe428a98fd68a88e0c113cc7b710fe3b2109e5ae3a970ff3989f909b95eb782d47d12a2a3a20d
+SHA512 (apache-tomcat-9.0.31-src.tar.gz) = a0ba9e46a3d2a4cf708e6e29b4647c041495e45865ce5c679c9dcfee77181373a2d3034222701d0f15d5c7e71e6aa3cc7db236c66ba069b3e3660a948b44342f
diff --git a/tomcat.spec b/tomcat.spec
index 881aa3d..c9c0b78 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 30
+%global micro_version 31
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 4.0
 %global elspec 3.0
@@ -610,6 +610,10 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Thu Mar 05 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.31-1
+- Update to 9.0.31
+- Resolves: rhbz#1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
+
 * Fri Dec 20 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.30-1
 - Update to 9.0.30
 

From 6899baa76117f40dadfe303b0a801206014ae85c Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Thu, 12 Mar 2020 13:41:30 -0400
Subject: [PATCH 03/16] Related: rhbz#1806398 Undo changes in defaults for AJP
 connector (CVE-2020-1938) to prevent breakage, please update your
 configuration accordingly

---
 change-defaults-for-CVE-2020-1938.patch | 72 +++++++++++++++++++++++++
 tomcat.spec                             |  7 ++-
 2 files changed, 78 insertions(+), 1 deletion(-)
 create mode 100644 change-defaults-for-CVE-2020-1938.patch

diff --git a/change-defaults-for-CVE-2020-1938.patch b/change-defaults-for-CVE-2020-1938.patch
new file mode 100644
index 0000000..03207b1
--- /dev/null
+++ b/change-defaults-for-CVE-2020-1938.patch
@@ -0,0 +1,72 @@
+diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java
+--- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig	2020-03-12 13:33:31.792406379 -0400
++++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java	2020-03-12 13:35:24.222117728 -0400
+@@ -16,7 +16,6 @@
+  */
+ package org.apache.coyote.ajp;
+ 
+-import java.net.InetAddress;
+ import java.util.regex.Pattern;
+ 
+ import org.apache.coyote.AbstractProtocol;
+@@ -49,8 +48,6 @@ public abstract class AbstractAjpProtoco
+         setConnectionTimeout(Constants.DEFAULT_CONNECTION_TIMEOUT);
+         // AJP does not use Send File
+         getEndpoint().setUseSendfile(false);
+-        // AJP listens on loopback by default
+-        getEndpoint().setAddress(InetAddress.getLoopbackAddress());
+         ConnectionHandler<S> cHandler = new ConnectionHandler<>(this);
+         setHandler(cHandler);
+         getEndpoint().setHandler(cHandler);
+@@ -180,7 +177,7 @@ public abstract class AbstractAjpProtoco
+     }
+ 
+ 
+-    private boolean secretRequired = true;
++    private boolean secretRequired = false;
+     public void setSecretRequired(boolean secretRequired) {
+         this.secretRequired = secretRequired;
+     }
+diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
+--- ./webapps/docs/changelog.xml.orig	2020-03-12 13:33:54.354348454 -0400
++++ ./webapps/docs/changelog.xml	2020-03-12 13:37:17.041828075 -0400
+@@ -178,14 +178,10 @@
+         Disable (comment out in server.xml) the AJP/1.3 connector by default.
+         (markt)
+       </update>
+-      <update>
+-        Change the default bind address for the AJP/1.3 connector to be the
+-        loopback address. (markt)
+-      </update>
+       <add>
+         Rename the <code>requiredSecret</code> attribute of the AJP/1.3
+         Connector to <code>secret</code> and add a new attribute
+-        <code>secretRequired</code> that defaults to <code>true</code>. When
++        <code>secretRequired</code> that defaults to <code>false</code>. When
+         <code>secretRequired</code> is <code>true</code> the AJP/1.3 Connector
+         will not start unless the <code>secret</code> attribute is configured to
+         a non-null, non-zero length String. (markt)
+diff -up ./webapps/docs/config/ajp.xml.orig ./webapps/docs/config/ajp.xml
+--- ./webapps/docs/config/ajp.xml.orig	2020-03-12 13:34:10.383307302 -0400
++++ ./webapps/docs/config/ajp.xml	2020-03-12 13:36:17.617980639 -0400
+@@ -315,7 +315,10 @@
+     <attribute name="address" required="false">
+       <p>For servers with more than one IP address, this attribute
+       specifies which address will be used for listening on the specified
+-      port. By default, the loopback address will be used.</p>
++      port.  By default, this port will be used on all IP addresses
++      associated with the server. A value of <code>127.0.0.1</code>
++      indicates that the Connector will only listen on the loopback
++      interface.</p>
+     </attribute>
+ 
+     <attribute name="allowedRequestAttributesPattern" required="false">
+@@ -465,7 +468,7 @@
+     <attribute name="secretRequired" required="false">
+       <p>If this attribute is <code>true</code>, the AJP Connector will only
+       start if the <strong>secret</strong> attribute is configured with a
+-      non-null, non-zero length value. The default value is <code>true</code>.
++      non-null, non-zero length value. The default value is <code>false</code>.
+       This attributue should only be set to <code>false</code> when the
+       Connector is used on a trusted network.</p>
+     </attribute>
diff --git a/tomcat.spec b/tomcat.spec
index c9c0b78..47f57e0 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -59,7 +59,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}
+Release:       2%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -81,6 +81,7 @@ Source32:      tomcat-named.service
 Patch0:        %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 Patch1:        %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
 Patch2:        %{name}-build.patch
+Patch3:        change-defaults-for-CVE-2020-1938.patch
 
 BuildArch:     noarch
 
@@ -206,6 +207,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch0 -p0
 %patch1 -p0
 %patch2 -p0
+%patch3 -p0
 
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
@@ -610,6 +612,9 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Thu Mar 12 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.31-2
+- Related: rhbz#1806398 Undo changes in defaults for AJP connector (CVE-2020-1938) to prevent breakage, please update your configuration accordingly
+
 * Thu Mar 05 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.31-1
 - Update to 9.0.31
 - Resolves: rhbz#1806398 - CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability

From 0caadef8772421ae7ba95921a2d3831402b92f99 Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Tue, 21 Apr 2020 15:56:44 -0400
Subject: [PATCH 04/16] Update to 9.0.34

---
 sources     | 2 +-
 tomcat.spec | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/sources b/sources
index 7481d0f..1bf01fc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.31-src.tar.gz) = a0ba9e46a3d2a4cf708e6e29b4647c041495e45865ce5c679c9dcfee77181373a2d3034222701d0f15d5c7e71e6aa3cc7db236c66ba069b3e3660a948b44342f
+SHA512 (apache-tomcat-9.0.34-src.tar.gz) = 8ac8a916bfe2d3daf679dab9f299bc50f138f3cc9a6e8679a22862d122dea1e5ce3b9101472295398366f5b5d8477097a3cfb536f01136e72ff09d69b2f6c3df
diff --git a/tomcat.spec b/tomcat.spec
index 47f57e0..a157efb 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 31
+%global micro_version 34
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 4.0
 %global elspec 3.0
@@ -59,7 +59,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       2%{?dist}
+Release:       1%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -612,6 +612,9 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Tue Apr 21 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-1
+- Update to 9.0.34
+
 * Thu Mar 12 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.31-2
 - Related: rhbz#1806398 Undo changes in defaults for AJP connector (CVE-2020-1938) to prevent breakage, please update your configuration accordingly
 

From be080255b5a092e4c3782b8333502467af91e080 Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Wed, 22 Apr 2020 14:55:15 -0400
Subject: [PATCH 05/16] Add updated catalina.policy patch to allow ECJ usage
 under the Security Manager

---
 tomcat-9.0-catalina-policy.patch | 35 ++++++++------------------------
 tomcat.spec                      |  7 ++++++-
 2 files changed, 14 insertions(+), 28 deletions(-)

diff --git a/tomcat-9.0-catalina-policy.patch b/tomcat-9.0-catalina-policy.patch
index 3694929..487e2be 100644
--- a/tomcat-9.0-catalina-policy.patch
+++ b/tomcat-9.0-catalina-policy.patch
@@ -1,39 +1,20 @@
---- conf/catalina.policy~	2016-06-17 10:20:17.649171968 -0400
-+++ conf/catalina.policy	2016-06-17 10:23:35.358309244 -0400
-@@ -50,6 +50,36 @@ grant codeBase "file:${java.home}/lib/ex
-         permission java.security.AllPermission;
+--- conf/catalina.policy.orig	2020-04-22 14:51:13.734893403 -0400
++++ conf/catalina.policy	2020-04-22 15:14:57.609677967 -0400
+@@ -51,6 +51,17 @@ grant codeBase "file:${java.home}/lib/ex
  };
  
+ 
 +// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
 +
++
 +// Allowing everything in /usr/share/java allows too many unknowns to be permitted
 +// Specifying the individual jars that tomcat needs to function with the security manager
 +// is the safest way forward.
-+grant codeBase "file:/usr/share/java/tomcat-servlet-3.0-api.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/tomcat-jsp-2.2-api.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/tomcat-el-2.2-api.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/log4j.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/ecj.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/apache-commons-pool.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/apache-commons-dbcp.jar" {
-+        permission java.security.AllPermission;
-+};
-+grant codeBase "file:/usr/share/java/apache-commons-collections.jar" {
++grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
 +        permission java.security.AllPermission;
 +};
 +
- 
++
  // ========== CATALINA CODE PERMISSIONS =======================================
  
+ 
diff --git a/tomcat.spec b/tomcat.spec
index a157efb..0124deb 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -59,7 +59,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}
+Release:       2%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -82,6 +82,7 @@ Patch0:        %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.p
 Patch1:        %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
 Patch2:        %{name}-build.patch
 Patch3:        change-defaults-for-CVE-2020-1938.patch
+Patch4:        %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
 
 BuildArch:     noarch
 
@@ -208,6 +209,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch1 -p0
 %patch2 -p0
 %patch3 -p0
+%patch4 -p0
 
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
@@ -612,6 +614,9 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Wed Apr 22 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-2
+- Add updated catalina.policy patch to allow ECJ usage under the Security Manager
+
 * Tue Apr 21 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-1
 - Update to 9.0.34
 

From 52b29132ca48a51194b5ac203e62bd879441a418 Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Wed, 22 Apr 2020 15:38:47 -0400
Subject: [PATCH 06/16] Tweak the default changes for CVE-2020-1938 so the
 patch applies cleanly

---
 change-defaults-for-CVE-2020-1938.patch | 49 ++++++++++++-------------
 1 file changed, 24 insertions(+), 25 deletions(-)

diff --git a/change-defaults-for-CVE-2020-1938.patch b/change-defaults-for-CVE-2020-1938.patch
index 03207b1..a7f7c49 100644
--- a/change-defaults-for-CVE-2020-1938.patch
+++ b/change-defaults-for-CVE-2020-1938.patch
@@ -1,6 +1,6 @@
 diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java
---- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig	2020-03-12 13:33:31.792406379 -0400
-+++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java	2020-03-12 13:35:24.222117728 -0400
+--- ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig	2020-04-22 15:31:12.889587528 -0400
++++ ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java	2020-04-22 15:31:37.907534419 -0400
 @@ -16,7 +16,6 @@
   */
  package org.apache.coyote.ajp;
@@ -28,9 +28,9 @@ diff -up ./java/org/apache/coyote/ajp/AbstractAjpProtocol.java.orig ./java/org/a
          this.secretRequired = secretRequired;
      }
 diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
---- ./webapps/docs/changelog.xml.orig	2020-03-12 13:33:54.354348454 -0400
-+++ ./webapps/docs/changelog.xml	2020-03-12 13:37:17.041828075 -0400
-@@ -178,14 +178,10 @@
+--- ./webapps/docs/changelog.xml.orig	2020-04-03 08:12:03.000000000 -0400
++++ ./webapps/docs/changelog.xml	2020-04-22 15:31:37.911534411 -0400
+@@ -526,14 +526,10 @@
          Disable (comment out in server.xml) the AJP/1.3 connector by default.
          (markt)
        </update>
@@ -47,26 +47,25 @@ diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
          will not start unless the <code>secret</code> attribute is configured to
          a non-null, non-zero length String. (markt)
 diff -up ./webapps/docs/config/ajp.xml.orig ./webapps/docs/config/ajp.xml
---- ./webapps/docs/config/ajp.xml.orig	2020-03-12 13:34:10.383307302 -0400
-+++ ./webapps/docs/config/ajp.xml	2020-03-12 13:36:17.617980639 -0400
-@@ -315,7 +315,10 @@
+--- ./webapps/docs/config/ajp.xml.orig	2020-04-22 15:31:37.913534406 -0400
++++ ./webapps/docs/config/ajp.xml	2020-04-22 15:35:35.003031090 -0400
+@@ -327,7 +327,9 @@
      <attribute name="address" required="false">
-       <p>For servers with more than one IP address, this attribute
-       specifies which address will be used for listening on the specified
--      port. By default, the loopback address will be used.</p>
-+      port.  By default, this port will be used on all IP addresses
-+      associated with the server. A value of <code>127.0.0.1</code>
-+      indicates that the Connector will only listen on the loopback
-+      interface.</p>
+       <p>For servers with more than one IP address, this attribute specifies
+       which address will be used for listening on the specified port. By
+-      default, the connector will listen on the loopback address. Unless the JVM
++      default, this port will be used on all IP addresses associated with the
++      server. A value of <code>127.0.0.1</code> indicates that the Connector
++      will only listen on the loopback interface.</p> Unless the JVM
+       is configured otherwise using system properties, the Java based connectors
+       (NIO, NIO2) will listen on both IPv4 and IPv6 addresses when configured
+       with either <code>0.0.0.0</code> or <code>::</code>. The APR/native
+@@ -500,7 +502,7 @@
+       the <strong>secret</strong> attribute is required to be specified for the
+       AJP Connector to start. It <strong>does not</strong> control whether
+       workers are required to provide the secret. The default value is
+-      <code>true</code>. This attribute should only be set to <code>false</code>
++      <code>false</code>. This attribute should only be set to <code>false</code>
+       when the Connector is used on a trusted network.</p>
      </attribute>
  
-     <attribute name="allowedRequestAttributesPattern" required="false">
-@@ -465,7 +468,7 @@
-     <attribute name="secretRequired" required="false">
-       <p>If this attribute is <code>true</code>, the AJP Connector will only
-       start if the <strong>secret</strong> attribute is configured with a
--      non-null, non-zero length value. The default value is <code>true</code>.
-+      non-null, non-zero length value. The default value is <code>false</code>.
-       This attributue should only be set to <code>false</code> when the
-       Connector is used on a trusted network.</p>
-     </attribute>

From 12e400452dc4fe6efcf7c372196b72ccb4811691 Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Wed, 22 Apr 2020 16:23:59 -0400
Subject: [PATCH 07/16] Fix ajp.xml (remove erroneous element)

---
 change-defaults-for-CVE-2020-1938.patch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/change-defaults-for-CVE-2020-1938.patch b/change-defaults-for-CVE-2020-1938.patch
index a7f7c49..02ed0df 100644
--- a/change-defaults-for-CVE-2020-1938.patch
+++ b/change-defaults-for-CVE-2020-1938.patch
@@ -56,7 +56,7 @@ diff -up ./webapps/docs/config/ajp.xml.orig ./webapps/docs/config/ajp.xml
 -      default, the connector will listen on the loopback address. Unless the JVM
 +      default, this port will be used on all IP addresses associated with the
 +      server. A value of <code>127.0.0.1</code> indicates that the Connector
-+      will only listen on the loopback interface.</p> Unless the JVM
++      will only listen on the loopback interface. Unless the JVM
        is configured otherwise using system properties, the Java based connectors
        (NIO, NIO2) will listen on both IPv4 and IPv6 addresses when configured
        with either <code>0.0.0.0</code> or <code>::</code>. The APR/native

From 9888898c5fca3264ddd6463742a6361d00f9ff9a Mon Sep 17 00:00:00 2001
From: Hui Wang <huwang@redhat.com>
Date: Sun, 31 May 2020 21:10:41 +0800
Subject: [PATCH 08/16] Upgrade to 9.0.35

---
 sources     | 2 +-
 tomcat.spec | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/sources b/sources
index 1bf01fc..9722027 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.34-src.tar.gz) = 8ac8a916bfe2d3daf679dab9f299bc50f138f3cc9a6e8679a22862d122dea1e5ce3b9101472295398366f5b5d8477097a3cfb536f01136e72ff09d69b2f6c3df
+SHA512 (apache-tomcat-9.0.35-src.tar.gz) = 8931c0f7c30f50d352879f8dfddc02fa59d7128813399e4eca3994be7cf2448e32e726a3cb8b387a5470ccbfa3fb74d0192c825b5f68bbb9fb6b43a9353cb24a
diff --git a/tomcat.spec b/tomcat.spec
index 0124deb..fea8cc8 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 34
+%global micro_version 35
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 4.0
 %global elspec 3.0
@@ -59,7 +59,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       2%{?dist}
+Release:       1%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -614,6 +614,9 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Sun May 31 2020 Hui Wang <huwang@redhat.com> - 1:9.0.34-1
+- Upgrade to 9.0.35
+
 * Wed Apr 22 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-2
 - Add updated catalina.policy patch to allow ECJ usage under the Security Manager
 

From a32a2d32cb04c959ef7975356c3df715a2bc3cd0 Mon Sep 17 00:00:00 2001
From: Coty Sutherland <csutherl@redhat.com>
Date: Mon, 1 Jun 2020 09:09:44 -0400
Subject: [PATCH 09/16] Fix changelog entry

---
 tomcat.spec | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tomcat.spec b/tomcat.spec
index fea8cc8..997114a 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -59,7 +59,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}
+Release:       2%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -614,7 +614,7 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
-* Sun May 31 2020 Hui Wang <huwang@redhat.com> - 1:9.0.34-1
+* Sun May 31 2020 Hui Wang <huwang@redhat.com> - 1:9.0.35-2
 - Upgrade to 9.0.35
 
 * Wed Apr 22 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.34-2

From 94b3b374165f99f08dcbdd3463c375dcca316362 Mon Sep 17 00:00:00 2001
From: Hui Wang <huwang@redhat.com>
Date: Wed, 10 Jun 2020 17:40:48 +0800
Subject: [PATCH 10/16] Upgrade to 9.0.36

---
 sources     | 2 +-
 tomcat.spec | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/sources b/sources
index 9722027..63e6a2c 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.35-src.tar.gz) = 8931c0f7c30f50d352879f8dfddc02fa59d7128813399e4eca3994be7cf2448e32e726a3cb8b387a5470ccbfa3fb74d0192c825b5f68bbb9fb6b43a9353cb24a
+SHA512 (apache-tomcat-9.0.36-src.tar.gz) = f8263594bc679f75cecf5bcf4ad8e8ccfea42ad8e90eaeb7004c63875c6b700b0f863d68f1cdd932ebc7b303bdfb86d70afe88686e576c8ea7ccd9574c74e25b
diff --git a/tomcat.spec b/tomcat.spec
index 997114a..b8290cb 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 35
+%global micro_version 36
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 4.0
 %global elspec 3.0
@@ -59,7 +59,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       2%{?dist}
+Release:       1%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -614,6 +614,9 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Wed Jun 10 2020 Hui Wang <huwang@redhat.com> - 1:9.0.36-1
+- Upgrade to 9.0.36
+
 * Sun May 31 2020 Hui Wang <huwang@redhat.com> - 1:9.0.35-2
 - Upgrade to 9.0.35
 

From f6cc8a705528a1e005d27b3dc2bf8cef9cee2e1c Mon Sep 17 00:00:00 2001
From: Hui Wang <huwang@redhat.com>
Date: Wed, 15 Jul 2020 17:07:16 +0800
Subject: [PATCH 11/16] Update to 9.0.37

---
 sources            |  2 +-
 tomcat-build.patch | 27 +++++++++++++++++++++------
 tomcat.spec        |  6 +++++-
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/sources b/sources
index 63e6a2c..1cf78f2 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.36-src.tar.gz) = f8263594bc679f75cecf5bcf4ad8e8ccfea42ad8e90eaeb7004c63875c6b700b0f863d68f1cdd932ebc7b303bdfb86d70afe88686e576c8ea7ccd9574c74e25b
+SHA512 (apache-tomcat-9.0.37-src.tar.gz) = 6e819fe255c467b0081e91c17a53fa383fe84d922492c62d7dd93cabf00e22ab30872ecaa298a9b12977b8c7518f36c8429091b24c9fb5200db64e80e853ce98
diff --git a/tomcat-build.patch b/tomcat-build.patch
index acaac9c..d0d8fc6 100644
--- a/tomcat-build.patch
+++ b/tomcat-build.patch
@@ -1,12 +1,27 @@
---- build.xml.orig	2018-08-07 10:32:04.994403913 -0400
-+++ build.xml	2018-08-07 10:32:30.874319588 -0400
-@@ -2989,6 +2989,9 @@ Read the Building page on the Apache Tom
-     <path id="bndlib.classpath">
+diff -up ./build.xml.orig ./build.xml
+--- ./build.xml.orig	2020-07-13 12:59:09.555368724 -0400
++++ ./build.xml	2020-07-13 13:06:51.246135917 -0400
+@@ -3307,6 +3307,11 @@ Read the Building page on the Apache Tom
+     <!-- Add bnd tasks to project -->
+     <path id="bnd.classpath">
        <fileset file="${bnd.jar}" />
-       <fileset file="${bndlib.jar}" />
++      <fileset file="${bndlib.jar}" />
 +      <fileset file="${bndlibg.jar}" />
 +      <fileset file="${bndannotation.jar}" />
 +      <fileset file="${slf4j-api.jar}" />
++      <fileset file="${osgi-cmpn.jar}" />
      </path>
  
-     <taskdef resource="aQute/bnd/ant/taskdef.properties" classpathref="bndlib.classpath" />
+     <taskdef resource="aQute/bnd/ant/taskdef.properties" classpathref="bnd.classpath" />
+diff -up ./res/bnd/build-defaults.bnd.orig ./res/bnd/build-defaults.bnd
+--- ./res/bnd/build-defaults.bnd.orig	2020-07-13 13:47:01.229077747 -0400
++++ ./res/bnd/build-defaults.bnd	2020-07-13 13:47:12.923095618 -0400
+@@ -13,7 +13,7 @@
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ 
+-Bundle-Version: ${version_cleanup;${version}}
++Bundle-Version: ${version}
+ 
+ Specification-Title: Apache Tomcat
+ Specification-Version: ${version.major.minor}
diff --git a/tomcat.spec b/tomcat.spec
index b8290cb..3d84ec8 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 36
+%global micro_version 37
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 4.0
 %global elspec 3.0
@@ -239,6 +239,7 @@ export OPT_JAR_LIST="xalan-j2-serializer"
       -Dbndlibg.jar="$(build-classpath aqute-bnd/aQute.libg)" \
       -Dbndannotation.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
       -Dslf4j-api.jar="$(build-classpath slf4j/slf4j-api)" \
+      -Dosgi-cmpn.jar="$(build-classpath osgi-compendium/osgi.cmpn)" \            
       -Dversion="%{version}" \
       -Dversion.build="%{micro_version}" \
       deploy dist-source
@@ -614,6 +615,9 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Wed Jul 15 2020 Hui Wang <huwang@redhat.com> - 1:9.0.37-1
+- Upgrade to 9.0.37
+
 * Wed Jun 10 2020 Hui Wang <huwang@redhat.com> - 1:9.0.36-1
 - Upgrade to 9.0.36
 

From 6e85c018c48101c0208105540ef8699cae7f53f1 Mon Sep 17 00:00:00 2001
From: Hui Wang <huwang@redhat.com>
Date: Wed, 15 Jul 2020 17:32:23 +0800
Subject: [PATCH 12/16] Remove spaces

---
 tomcat.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tomcat.spec b/tomcat.spec
index 3d84ec8..80e1bd1 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -239,7 +239,7 @@ export OPT_JAR_LIST="xalan-j2-serializer"
       -Dbndlibg.jar="$(build-classpath aqute-bnd/aQute.libg)" \
       -Dbndannotation.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
       -Dslf4j-api.jar="$(build-classpath slf4j/slf4j-api)" \
-      -Dosgi-cmpn.jar="$(build-classpath osgi-compendium/osgi.cmpn)" \            
+      -Dosgi-cmpn.jar="$(build-classpath osgi-compendium/osgi.cmpn)" \
       -Dversion="%{version}" \
       -Dversion.build="%{micro_version}" \
       deploy dist-source

From a18ba734cf1482da6e5d2fbc541340d7c1d062e7 Mon Sep 17 00:00:00 2001
From: Hui Wang <huwang@redhat.com>
Date: Wed, 16 Sep 2020 18:06:36 +0800
Subject: [PATCH 13/16] Update to 9.0.38

---
 sources     | 2 +-
 tomcat.spec | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/sources b/sources
index 1cf78f2..564403f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.37-src.tar.gz) = 6e819fe255c467b0081e91c17a53fa383fe84d922492c62d7dd93cabf00e22ab30872ecaa298a9b12977b8c7518f36c8429091b24c9fb5200db64e80e853ce98
+SHA512 (apache-tomcat-9.0.38-src.tar.gz) = 13c79abed71ead564b108ec8a046e78374611acd906f4b6e775ac0427446117192be6b25f29894e625e2dc13f79abbc97bc52b32120ce5701cbe0f5ae05bc57b
diff --git a/tomcat.spec b/tomcat.spec
index 80e1bd1..02c5cff 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 37
+%global micro_version 38
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 4.0
 %global elspec 3.0
@@ -615,6 +615,9 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Wed Sep 16 2020 Hui Wang <huwang@redhat.com> - 1:9.0.38-1
+- Update to 9.0.38
+
 * Wed Jul 15 2020 Hui Wang <huwang@redhat.com> - 1:9.0.37-1
 - Upgrade to 9.0.37
 

From 32dace131cb7b3e6392de36bb162c89721e653ce Mon Sep 17 00:00:00 2001
From: Hui Wang <huwang@redhat.com>
Date: Mon, 21 Sep 2020 11:48:26 +0800
Subject: [PATCH 14/16] Sync with f33 branch: rhbz#1857043 related

---
 rhbz-1857043.patch | 200 +++++++++++++++++++++++++++++++++++++++++++++
 tomcat.spec        |   7 +-
 2 files changed, 206 insertions(+), 1 deletion(-)
 create mode 100644 rhbz-1857043.patch

diff --git a/rhbz-1857043.patch b/rhbz-1857043.patch
new file mode 100644
index 0000000..3730769
--- /dev/null
+++ b/rhbz-1857043.patch
@@ -0,0 +1,200 @@
+diff -up ./build.xml.orig ./build.xml
+--- ./build.xml.orig	2020-07-24 10:24:08.313796968 -0400
++++ ./build.xml	2020-07-24 10:24:38.027427445 -0400
+@@ -757,7 +757,7 @@
+       filesDir="${tomcat.classes}"
+       filesId="files.annotations-api"
+       manifest="${tomcat.manifests}/annotations-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Servlet 4.0 Implementation JAR File -->
+     <jarIt jarfile="${servlet-api.jar}"
+@@ -766,41 +766,41 @@
+       manifest="${tomcat.manifests}/servlet-api.jar.manifest"
+       notice="${tomcat.manifests}/servlet-api.jar.notice"
+       license="${tomcat.manifests}/servlet-api.jar.license"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- EL Implementation JAR File -->
+     <jarIt jarfile="${el-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.el-api"
+       manifest="${tomcat.manifests}/el-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- JSP Implementation JAR File -->
+     <jarIt jarfile="${jsp-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.jsp-api"
+       manifest="${tomcat.manifests}/jsp-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- WebSocket API JAR File -->
+     <jarIt jarfile="${websocket-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.websocket-api"
+       manifest="${tomcat.manifests}/websocket-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- JASPIC 1.1 API JAR File -->
+     <jarIt jarfile="${jaspic-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.jaspic-api"
+       manifest="${tomcat.manifests}/jaspic-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Tomcat-juli JAR File -->
+     <jarIt jarfile="${tomcat-juli.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-juli"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Bootstrap JAR File -->
+     <jarIt jarfile="${bootstrap.jar}"
+@@ -812,61 +812,61 @@
+     <jarIt jarfile="${tomcat-util.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-util"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Tomcat API JAR File -->
+     <jarIt jarfile="${tomcat-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-api"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Tomcat Util Scan JAR File -->
+     <jarIt jarfile="${tomcat-util-scan.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-util-scan"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <jarIt jarfile="${tomcat-jni.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-jni"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Protocol handlers - Coyote -->
+     <jarIt jarfile="${tomcat-coyote.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-coyote"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- WebSocket implementation JAR File -->
+     <jarIt jarfile="${tomcat-websocket.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-websocket"
+       meta-inf="${tomcat.manifests}/tomcat-websocket.jar"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Catalina GroupCom/Tribes JAR File -->
+     <jarIt jarfile="${catalina-tribes.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina-tribes"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Catalina Main JAR File -->
+     <jarIt jarfile="${catalina.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Catalina Cluster/HA JAR File -->
+     <jarIt jarfile="${catalina-ha.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina-ha"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Server-Side Includes (SSI) -->
+     <jarIt jarfile="${catalina-ssi.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina-ssi"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Catalina Ant Tasks JAR File -->
+     <jarIt jarfile="${catalina-ant.jar}"
+@@ -877,27 +877,27 @@
+     <jarIt jarfile="${catalina-storeconfig.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina-storeconfig"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Jasper EL Implementation JAR File -->
+     <jarIt jarfile="${jasper-el.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.jasper-el"
+       meta-inf="${tomcat.manifests}/jasper-el.jar"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Jasper Implementation JAR File -->
+     <jarIt jarfile="${jasper.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.jasper"
+       meta-inf="${tomcat.manifests}/jasper.jar"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Re-packaged Apache Commons DBCP 2-->
+     <jarIt jarfile="${tomcat-dbcp.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-dbcp"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- i18n JARs -->
+     <jar jarfile="${tomcat.build}/lib/tomcat-i18n-cs.jar"
+@@ -1375,7 +1375,7 @@
+            filesId="files.tomcat-embed-core"
+            notice="${tomcat.manifests}/servlet-api.jar.notice"
+            license="${tomcat.manifests}/servlet-api.jar.license"
+-           addOSGi="true"
++           addOSGi="false"
+            addGraal="true"
+            graalPrefix="org.apache.tomcat.embed/tomcat-embed-core"
+            graalFiles="res/graal/tomcat-embed-core/native-image"
+@@ -1383,7 +1383,7 @@
+     <jarIt jarfile="${tomcat-embed-el.jar}"
+            filesDir="${tomcat.classes}"
+            filesId="files.tomcat-embed-el"
+-           addOSGi="true"
++           addOSGi="false"
+            addGraal="true"
+            graalPrefix="org.apache.tomcat.embed/tomcat-embed-el"
+            graalFiles="res/graal/tomcat-embed-el/native-image"
+@@ -1392,7 +1392,7 @@
+            filesDir="${tomcat.classes}"
+            filesId="files.tomcat-embed-jasper"
+            meta-inf="${tomcat.manifests}/jasper.jar"
+-           addOSGi="true"
++           addOSGi="false"
+            addGraal="true"
+            graalPrefix="org.apache.tomcat.embed/tomcat-embed-jasper"
+            graalFiles="res/graal/tomcat-embed-jasper/native-image"
+@@ -1401,7 +1401,7 @@
+            filesDir="${tomcat.classes}"
+            filesId="files.tomcat-embed-websocket"
+            meta-inf="${tomcat.manifests}/tomcat-websocket.jar"
+-           addOSGi="true"
++           addOSGi="false"
+            addGraal="true"
+            graalPrefix="org.apache.tomcat.embed/tomcat-embed-websocket"
+            graalFiles="res/graal/tomcat-embed-websocket/native-image"
diff --git a/tomcat.spec b/tomcat.spec
index 02c5cff..23ceb7d 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -59,7 +59,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}
+Release:       2%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -83,6 +83,7 @@ Patch1:        %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.pat
 Patch2:        %{name}-build.patch
 Patch3:        change-defaults-for-CVE-2020-1938.patch
 Patch4:        %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
+Patch5:        rhbz-1857043.patch
 
 BuildArch:     noarch
 
@@ -210,6 +211,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch2 -p0
 %patch3 -p0
 %patch4 -p0
+%patch5 -p0
 
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
@@ -615,6 +617,9 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Mon Sep 21 2020 Hui Wang <huwang@redhat.com> - 1:9.0.38-2
+- Related: rhbz#1857043 Temporarily remove OSGi metadata from tomcat jars
+
 * Wed Sep 16 2020 Hui Wang <huwang@redhat.com> - 1:9.0.38-1
 - Update to 9.0.38
 

From 4a82d21c9c3dfc124ad19ba44f50ad3c07ca585c Mon Sep 17 00:00:00 2001
From: Hui Wang <huwang@redhat.com>
Date: Fri, 6 Nov 2020 14:09:57 +0800
Subject: [PATCH 15/16] Update to 9.0.39 and revert upstream fix for
 LogFactory.java because of bnd lower version

---
 tomcat-9.0-LogFactory.patch | 20 ++++++++++++++++++++
 tomcat.spec                 | 11 +++++++++--
 2 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 tomcat-9.0-LogFactory.patch

diff --git a/tomcat-9.0-LogFactory.patch b/tomcat-9.0-LogFactory.patch
new file mode 100644
index 0000000..eb89fbd
--- /dev/null
+++ b/tomcat-9.0-LogFactory.patch
@@ -0,0 +1,20 @@
+diff -up ./java/org/apache/juli/logging/LogFactory.java.orig ./java/org/apache/juli/logging/LogFactory.java
+--- ./java/org/apache/juli/logging/LogFactory.java.orig	2020-11-06 13:22:26.231141049 +0800
++++ ./java/org/apache/juli/logging/LogFactory.java	2020-11-06 13:24:03.941098001 +0800
+@@ -21,8 +21,6 @@ import java.nio.file.FileSystems;
+ import java.util.ServiceLoader;
+ import java.util.logging.LogManager;
+ 
+-import aQute.bnd.annotation.spi.ServiceConsumer;
+-
+ /**
+  * This is a modified LogFactory that uses a simple {@link ServiceLoader} based
+  * discovery mechanism with a default of using JDK based logging. An
+@@ -63,7 +61,6 @@ import aQute.bnd.annotation.spi.ServiceC
+  * @author Costin Manolache
+  * @author Richard A. Sitze
+  */
+-@ServiceConsumer(value=org.apache.juli.logging.Log.class)
+ public class LogFactory {
+ 
+     private static final LogFactory singleton = new LogFactory();
diff --git a/tomcat.spec b/tomcat.spec
index 23ceb7d..4ef9c91 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 38
+%global micro_version 39
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 4.0
 %global elspec 3.0
@@ -59,7 +59,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       2%{?dist}
+Release:       1%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -84,6 +84,7 @@ Patch2:        %{name}-build.patch
 Patch3:        change-defaults-for-CVE-2020-1938.patch
 Patch4:        %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
 Patch5:        rhbz-1857043.patch
+Patch6:        %{name}-%{major_version}.%{minor_version}-LogFactory.patch
 
 BuildArch:     noarch
 
@@ -212,6 +213,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch3 -p0
 %patch4 -p0
 %patch5 -p0
+%patch6 -p0
 
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
@@ -240,6 +242,7 @@ export OPT_JAR_LIST="xalan-j2-serializer"
       -Dbndlib.jar="$(build-classpath aqute-bnd/biz.aQute.bndlib)" \
       -Dbndlibg.jar="$(build-classpath aqute-bnd/aQute.libg)" \
       -Dbndannotation.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
+      -Dosgi-annotations.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
       -Dslf4j-api.jar="$(build-classpath slf4j/slf4j-api)" \
       -Dosgi-cmpn.jar="$(build-classpath osgi-compendium/osgi.cmpn)" \
       -Dversion="%{version}" \
@@ -617,6 +620,10 @@ fi
 %attr(0660,tomcat,tomcat) %verify(not size md5 mtime) %{logdir}/catalina.out
 
 %changelog
+* Fri Nov 06 2020 Hui Wang <huwang@redhat.com> - 1:9.0.39-1
+- Update to 9.0.39
+- Revert upstream fix d1f4d8712ddb52857f40a8cc4a82bf8b8e013f88 for LogFactory.java because of our lower version of bnd
+
 * Mon Sep 21 2020 Hui Wang <huwang@redhat.com> - 1:9.0.38-2
 - Related: rhbz#1857043 Temporarily remove OSGi metadata from tomcat jars
 

From d9bc23b81a120c7f6a890cd465c3c4709a0e9cbc Mon Sep 17 00:00:00 2001
From: Hui Wang <huwang@redhat.com>
Date: Fri, 6 Nov 2020 14:25:07 +0800
Subject: [PATCH 16/16] Update source tar ball

---
 sources | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sources b/sources
index 564403f..0f52225 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.38-src.tar.gz) = 13c79abed71ead564b108ec8a046e78374611acd906f4b6e775ac0427446117192be6b25f29894e625e2dc13f79abbc97bc52b32120ce5701cbe0f5ae05bc57b
+SHA512 (apache-tomcat-9.0.39-src.tar.gz) = d13a74789db0fdd9d814296cb66ae1321407b1452e0aa7b4f554c86b9c4f0abbeb9c9c6ab4723740174fe95ade4673c67fb7cb6f220d0d3c71ac27146faf5374