[Git][java-team/tomcat9][bullseye] 3 commits: Fix CVE-2025-55752, CVE-2025-55754, CVE-2025-61795
Markus Koschany (@apo)
gitlab at salsa.debian.org
Thu Feb 5 12:03:34 GMT 2026
Markus Koschany pushed to branch bullseye at Debian Java Maintainers / tomcat9
Commits:
05b972f8 by Markus Koschany at 2026-02-04T11:57:54+01:00
Fix CVE-2025-55752, CVE-2025-55754, CVE-2025-61795
and refresh all other patches
- - - - -
ae293869 by Markus Koschany at 2026-02-04T13:28:58+01:00
Update changelog
- - - - -
3d380557 by Markus Koschany at 2026-02-04T13:40:16+01:00
Add patch headers
- - - - -
19 changed files:
- debian/changelog
- debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
- debian/patches/0005-skip-test-failures.patch
- debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch
- debian/patches/0010-debianize-build-xml.patch
- debian/patches/0013-dont-look-for-build-properties-in-user-home.patch
- debian/patches/0018-fix-manager-webapp.patch
- debian/patches/0019-add-distribution-to-error-page.patch
- debian/patches/0021-dont-test-unsupported-ciphers.patch
- debian/patches/0023-disable-shutdown-by-socket.patch
- debian/patches/0024-systemd-log-formatter.patch
- debian/patches/0030-eclipse-jdt-classpath.patch
- debian/patches/Bundle-Version.patch
- + debian/patches/CVE-2025-55752.patch
- + debian/patches/CVE-2025-55754.patch
- + debian/patches/CVE-2025-61795.patch
- debian/patches/disable-jacoco.patch
- debian/patches/exclude-TestJNDIRealmIntegration.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,12 +1,18 @@
-tomcat9 (9.0.107-0+deb11u2) UNRELEASED; urgency=medium
+tomcat9 (9.0.107-0+deb11u2) bullseye-security; urgency=medium
* Team upload.
* Fix a regression introduced by the last upload and look for OpenJDK 17
again. (Closes: #1114028)
* Add a autopkgtest to detect possible OpenJDK 17 regressions. Thanks to
Santiago Ruano Rincón for the patch.
-
- -- Markus Koschany <apo at debian.org> Thu, 25 Sep 2025 00:50:44 +0200
+ * Fix CVE-2025-61795: denial of service due to incorrect processing of
+ multipart uploads
+ * Fix CVE-2025-55754: insufficient escape of ANSI escape sequences in log
+ messages
+ * Fix CVE-2025-55752: path traversal vulnerability due to a bug in rewrite
+ rules
+
+ -- Markus Koschany <apo at debian.org> Wed, 04 Feb 2026 13:13:38 +0100
tomcat9 (9.0.107-0+deb11u1) bullseye-security; urgency=high
=====================================
debian/patches/0004-split-deploy-webapps-target-from-deploy-target.patch
=====================================
@@ -1,6 +1,13 @@
From: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Date: Mon, 28 Jun 2010 21:32:35 +0200
Subject: [PATCH] split deploy-webapps target from deploy target
+
+---
+ build.xml | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/build.xml b/build.xml
+index a6870ee..bca4750 100644
--- a/build.xml
+++ b/build.xml
@@ -1493,7 +1493,7 @@
=====================================
debian/patches/0005-skip-test-failures.patch
=====================================
@@ -1,6 +1,14 @@
-Description: Ignore the failing tests
-Author: Emmanuel Bourg <ebourg at apache.org>
+From: Emmanuel Bourg <ebourg at apache.org>
+Date: Wed, 4 Feb 2026 11:55:06 +0100
+Subject: Ignore the failing tests
+
Forwarded: not-needed
+---
+ build.xml | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/build.xml b/build.xml
+index bca4750..f83417f 100644
--- a/build.xml
+++ b/build.xml
@@ -1955,8 +1955,10 @@
=====================================
debian/patches/0009-Use-java.security.policy-file-in-catalina.sh.patch
=====================================
@@ -1,12 +1,18 @@
From: Adam Guthrie <asguthrie at gmail.com>
Date: Mon, 28 Jun 2010 21:53:50 +0200
-Subject: [PATCH] Use java.security.policy file in catalina.sh
- Make sure catalina.sh uses the Debian/Ubuntu java.security.policy
- file location when Tomcat is started with a security manager.
+Subject: [PATCH] Use java.security.policy file in catalina.sh Make sure
+ catalina.sh uses the Debian/Ubuntu java.security.policy file location when
+ Tomcat is started with a security manager.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/591802
Bug-Debian: http://bugs.debian.org/585379
Forwarded: not-needed
+---
+ bin/catalina.sh | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/bin/catalina.sh b/bin/catalina.sh
+index e312cf5..1efd6c4 100755
--- a/bin/catalina.sh
+++ b/bin/catalina.sh
@@ -392,7 +392,7 @@ if [ "$1" = "debug" ] ; then
=====================================
debian/patches/0010-debianize-build-xml.patch
=====================================
@@ -8,6 +8,8 @@ Last-Update: 2011-05-16
build.xml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
+diff --git a/build.xml b/build.xml
+index f83417f..fb937f4 100644
--- a/build.xml
+++ b/build.xml
@@ -1009,7 +1009,7 @@
=====================================
debian/patches/0013-dont-look-for-build-properties-in-user-home.patch
=====================================
@@ -1,8 +1,17 @@
-Description: Don't look for build.properties in the user home directory.
- This directory doesn't exist on the builders and the attempt to load
- a property file there causes a build failure.
-Author: Jakub Adam <jakub.adam at ktknet.cz>
+From: Jakub Adam <jakub.adam at ktknet.cz>
+Date: Wed, 4 Feb 2026 11:55:06 +0100
+Subject: Don't look for build.properties in the user home directory.
+
Forwarded: not-needed
+
+This directory doesn't exist on the builders and the attempt to load
+a property file there causes a build failure.
+---
+ build.xml | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/build.xml b/build.xml
+index fb937f4..a9b4bd4 100644
--- a/build.xml
+++ b/build.xml
@@ -852,7 +852,6 @@
=====================================
debian/patches/0018-fix-manager-webapp.patch
=====================================
@@ -1,31 +1,21 @@
-Description: This patch changes the manager path from webapps/manager to
- ../tomcat9-admin/manager
-Author: TJ <ubuntu at iam.tj>, Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
+From: "TJ ubuntu at iam.tj,
+ Gianfranco Costamagna" <costamagnagianfranco at yahoo.it>
+Date: Wed, 4 Feb 2026 11:55:06 +0100
+Subject: This patch changes the manager path from webapps/manager to
+
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1128067
Reviewed-By: Gianfranco Costamagna <costamagnagianfranco at yahoo.it>
Last-Update: 2013-08-01
---- a/webapps/host-manager/WEB-INF/manager.xml
-+++ b/webapps/host-manager/WEB-INF/manager.xml
-@@ -20,7 +20,7 @@
- Context configuration file for the Tomcat Manager Web App
-
- -->
--<Context docBase="${catalina.home}/webapps/manager"
-+<Context docBase="${catalina.home}/../tomcat9-admin/manager"
- privileged="true" antiResourceLocking="false" >
- <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
- sameSiteCookies="strict" />
---- a/webapps/docs/manager-howto.xml
-+++ b/webapps/docs/manager-howto.xml
-@@ -74,7 +74,7 @@ configuration file in the
- <code>$CATALINA_BASE/conf/[enginename]/[hostname]</code> folder. Here is an
- example:</p>
- <source><![CDATA[<Context privileged="true" antiResourceLocking="false"
-- docBase="${catalina.home}/webapps/manager">
-+ docBase="${catalina.home}/../tomcat9-admin/manager">
- <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
- sameSiteCookies="strict" />
- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+
+../tomcat9-admin/manager
+---
+ conf/catalina.policy | 10 +++++-----
+ webapps/docs/manager-howto.xml | 2 +-
+ webapps/host-manager/WEB-INF/manager.xml | 2 +-
+ 3 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/conf/catalina.policy b/conf/catalina.policy
+index 7aab95d..f81e72e 100644
--- a/conf/catalina.policy
+++ b/conf/catalina.policy
@@ -189,7 +189,7 @@ grant {
@@ -37,7 +27,7 @@ Last-Update: 2013-08-01
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
-@@ -197,7 +197,7 @@ grant codeBase "file:${catalina.base}/we
+@@ -197,7 +197,7 @@ grant codeBase "file:${catalina.base}/webapps/manager/-" {
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
permission org.apache.catalina.security.DeployXmlPermission "manager";
};
@@ -46,7 +36,7 @@ Last-Update: 2013-08-01
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
-@@ -212,10 +212,10 @@ grant codeBase "file:${catalina.home}/we
+@@ -212,10 +212,10 @@ grant codeBase "file:${catalina.home}/webapps/manager/-" {
// - default CATALINA_HOME == CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE
// - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME
@@ -59,10 +49,36 @@ Last-Update: 2013-08-01
permission org.apache.catalina.security.DeployXmlPermission "host-manager";
};
-@@ -261,4 +261,4 @@ grant codeBase "file:${catalina.home}/we
+@@ -261,4 +261,4 @@ grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
//
// The permissions granted to a specific JAR
// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
-// };
\ No newline at end of file
+// };
+diff --git a/webapps/docs/manager-howto.xml b/webapps/docs/manager-howto.xml
+index f9ede9d..f1a41cf 100644
+--- a/webapps/docs/manager-howto.xml
++++ b/webapps/docs/manager-howto.xml
+@@ -74,7 +74,7 @@ configuration file in the
+ <code>$CATALINA_BASE/conf/[enginename]/[hostname]</code> folder. Here is an
+ example:</p>
+ <source><![CDATA[<Context privileged="true" antiResourceLocking="false"
+- docBase="${catalina.home}/webapps/manager">
++ docBase="${catalina.home}/../tomcat9-admin/manager">
+ <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
+ sameSiteCookies="strict" />
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+diff --git a/webapps/host-manager/WEB-INF/manager.xml b/webapps/host-manager/WEB-INF/manager.xml
+index a26dca6..145c6e0 100644
+--- a/webapps/host-manager/WEB-INF/manager.xml
++++ b/webapps/host-manager/WEB-INF/manager.xml
+@@ -20,7 +20,7 @@
+ Context configuration file for the Tomcat Manager Web App
+
+ -->
+-<Context docBase="${catalina.home}/webapps/manager"
++<Context docBase="${catalina.home}/../tomcat9-admin/manager"
+ privileged="true" antiResourceLocking="false" >
+ <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor"
+ sameSiteCookies="strict" />
=====================================
debian/patches/0019-add-distribution-to-error-page.patch
=====================================
@@ -1,8 +1,30 @@
-Description: Adds the name of the distribution to the version of Tomcat
- reported on the error pages (i.e. 'Apache Tomcat/8.0.x (Debian)')
-Author: Yolanda Robla <yolanda.robla at canonical.com>
+From: Yolanda Robla <yolanda.robla at canonical.com>
+Date: Wed, 4 Feb 2026 11:55:06 +0100
+Subject: Adds the name of the distribution to the version of Tomcat
+
Forwarded: not-needed
Bug-Debian: http://bugs.debian.org/729840
+
+reported on the error pages (i.e. 'Apache Tomcat/8.0.x (Debian)')
+---
+ build.xml | 1 +
+ java/org/apache/catalina/util/ServerInfo.properties | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/build.xml b/build.xml
+index a9b4bd4..25d5322 100644
+--- a/build.xml
++++ b/build.xml
+@@ -285,6 +285,7 @@
+ <filter token="YEAR" value="${year}"/>
+ <filter token="VERSION" value="${version}"/>
+ <filter token="VERSION_NUMBER" value="${version.number}"/>
++ <filter token="TOMCAT_DISTRIBUTION" value="${distribution.name}"/>
+ <filter token="VERSION_MAJOR" value="${version.major}"/>
+ <filter token="VERSION_MAJOR_MINOR" value="${version.major.minor}"/>
+ <filter token="VERSION_BUILT" value="${today} ${tstamp} UTC"/>
+diff --git a/java/org/apache/catalina/util/ServerInfo.properties b/java/org/apache/catalina/util/ServerInfo.properties
+index 3aa34f4..c8dff06 100644
--- a/java/org/apache/catalina/util/ServerInfo.properties
+++ b/java/org/apache/catalina/util/ServerInfo.properties
@@ -13,7 +13,7 @@
@@ -14,13 +36,3 @@ Bug-Debian: http://bugs.debian.org/729840
server.number=@VERSION_NUMBER@
server.built=@VERSION_BUILT@
server.built.iso=@VERSION_BUILT_ISO@
---- a/build.xml
-+++ b/build.xml
-@@ -285,6 +285,7 @@
- <filter token="YEAR" value="${year}"/>
- <filter token="VERSION" value="${version}"/>
- <filter token="VERSION_NUMBER" value="${version.number}"/>
-+ <filter token="TOMCAT_DISTRIBUTION" value="${distribution.name}"/>
- <filter token="VERSION_MAJOR" value="${version.major}"/>
- <filter token="VERSION_MAJOR_MINOR" value="${version.major.minor}"/>
- <filter token="VERSION_BUILT" value="${today} ${tstamp} UTC"/>
=====================================
debian/patches/0021-dont-test-unsupported-ciphers.patch
=====================================
@@ -12,6 +12,8 @@ Forwarded: not-needed
.../tomcat/util/net/openssl/ciphers/TesterOpenSSL.java | 18 ++++++++++++++++++
3 files changed, 20 insertions(+), 2 deletions(-)
+diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
+index 9b9eb5e..9d81307 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestCipher.java
@@ -76,7 +76,7 @@ public class TestCipher {
@@ -23,9 +25,11 @@ Forwarded: not-needed
Set<String> expectedCipherSuites = new HashSet<>();
for (Cipher cipher : Cipher.values()) {
+diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+index 1c2b946..8bb4315 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TestOpenSSLCipherConfigurationParser.java
-@@ -573,7 +573,7 @@ public class TestOpenSSLCipherConfigurat
+@@ -573,7 +573,7 @@ public class TestOpenSSLCipherConfigurationParser {
private void testSpecification(String specification) throws Exception {
// Filter out cipher suites that OpenSSL does not implement
@@ -34,6 +38,8 @@ Forwarded: not-needed
List<String> jsseCipherListFromOpenSSL =
OpenSSLCipherConfigurationParser.parseExpression(openSSLCipherList);
List<String> jsseCipherListFromParser =
+diff --git a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+index 4274bbd..a309830 100644
--- a/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
+++ b/test/org/apache/tomcat/util/net/openssl/ciphers/TesterOpenSSL.java
@@ -105,6 +105,24 @@ public class TesterOpenSSL {
=====================================
debian/patches/0023-disable-shutdown-by-socket.patch
=====================================
@@ -1,6 +1,14 @@
-Description: Disables the shutdown port (8005) by default
-Author: Emmanuel Bourg <ebourg at apache.org>
+From: Emmanuel Bourg <ebourg at apache.org>
+Date: Wed, 4 Feb 2026 11:55:06 +0100
+Subject: Disables the shutdown port (8005) by default
+
Forwarded: no
+---
+ conf/server.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/conf/server.xml b/conf/server.xml
+index 1be01d5..8255e0a 100644
--- a/conf/server.xml
+++ b/conf/server.xml
@@ -19,7 +19,7 @@
=====================================
debian/patches/0024-systemd-log-formatter.patch
=====================================
@@ -1,6 +1,16 @@
-Description: Adds a log formatter suitable for systemd
-Author: Emmanuel Bourg <ebourg at apache.org>
+From: Emmanuel Bourg <ebourg at apache.org>
+Date: Wed, 4 Feb 2026 11:55:06 +0100
+Subject: Adds a log formatter suitable for systemd
+
Forwarded: no
+---
+ java/org/apache/juli/SystemdFormatter.java | 109 +++++++++++++++++++++++++++++
+ 1 file changed, 109 insertions(+)
+ create mode 100644 java/org/apache/juli/SystemdFormatter.java
+
+diff --git a/java/org/apache/juli/SystemdFormatter.java b/java/org/apache/juli/SystemdFormatter.java
+new file mode 100644
+index 0000000..014a193
--- /dev/null
+++ b/java/org/apache/juli/SystemdFormatter.java
@@ -0,0 +1,109 @@
=====================================
debian/patches/0030-eclipse-jdt-classpath.patch
=====================================
@@ -1,6 +1,14 @@
-Description: Updates the Eclipse Compiler classpath
-Author: Emmanuel Bourg <ebourg at apache.org>
+From: Emmanuel Bourg <ebourg at apache.org>
+Date: Wed, 4 Feb 2026 11:55:06 +0100
+Subject: Updates the Eclipse Compiler classpath
+
Forwarded: no
+---
+ build.xml | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/build.xml b/build.xml
+index 020f91c..769be2f 100644
--- a/build.xml
+++ b/build.xml
@@ -231,6 +231,7 @@
=====================================
debian/patches/Bundle-Version.patch
=====================================
@@ -6,6 +6,8 @@ Subject: Bundle-Version
res/bnd/build-defaults.bnd | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
+diff --git a/res/bnd/build-defaults.bnd b/res/bnd/build-defaults.bnd
+index 37532ca..1f09df3 100644
--- a/res/bnd/build-defaults.bnd
+++ b/res/bnd/build-defaults.bnd
@@ -13,7 +13,7 @@
@@ -17,7 +19,7 @@ Subject: Bundle-Version
Bundle-License: https://www.apache.org/licenses/LICENSE-2.0.txt
Specification-Title: Apache Tomcat
-@@ -33,4 +33,4 @@ Implementation-Vendor: Apache Software F
+@@ -33,4 +33,4 @@ Implementation-Vendor: Apache Software Foundation
-removeheaders: DSTAMP,TODAY,TSTAMP
=====================================
debian/patches/CVE-2025-55752.patch
=====================================
@@ -0,0 +1,272 @@
+From: Markus Koschany <apo at debian.org>
+Date: Wed, 4 Feb 2026 11:55:32 +0100
+Subject: CVE-2025-55752
+
+Origin: https://github.com/apache/tomcat/commit/b5042622b8b78340ae65403c55dcb9c7416924df
+---
+ .../catalina/valves/rewrite/RewriteValve.java | 35 ++++---
+ .../apache/catalina/startup/TomcatBaseTest.java | 2 +-
+ .../catalina/valves/rewrite/TestRewriteValve.java | 107 ++++++++++++++++++++-
+ webapps/docs/changelog.xml | 4 +
+ 4 files changed, 131 insertions(+), 17 deletions(-)
+
+diff --git a/java/org/apache/catalina/valves/rewrite/RewriteValve.java b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
+index a3f95b2..358d72b 100644
+--- a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
++++ b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
+@@ -326,7 +326,7 @@ public class RewriteValve extends ValveBase {
+
+ // As long as MB isn't a char sequence or affiliated, this has to be converted to a string
+ Charset uriCharset = request.getConnector().getURICharset();
+- String originalQueryStringEncoded = request.getQueryString();
++ String queryStringOriginalEncoded = request.getQueryString();
+ MessageBytes urlMB = context ? request.getRequestPathMB() : request.getDecodedRequestURIMB();
+ urlMB.toChars();
+ CharSequence urlDecoded = urlMB.getCharChunk();
+@@ -427,10 +427,10 @@ public class RewriteValve extends ValveBase {
+ StringBuilder urlStringEncoded =
+ new StringBuilder(REWRITE_DEFAULT_ENCODER.encode(urlStringRewriteEncoded, uriCharset));
+
+- if (!qsd && originalQueryStringEncoded != null && !originalQueryStringEncoded.isEmpty()) {
++ if (!qsd && queryStringOriginalEncoded != null && !queryStringOriginalEncoded.isEmpty()) {
+ if (rewrittenQueryStringRewriteEncoded == null) {
+ urlStringEncoded.append('?');
+- urlStringEncoded.append(originalQueryStringEncoded);
++ urlStringEncoded.append(queryStringOriginalEncoded);
+ } else {
+ if (qsa) {
+ // if qsa is specified append the query
+@@ -438,7 +438,7 @@ public class RewriteValve extends ValveBase {
+ urlStringEncoded.append(
+ REWRITE_QUERY_ENCODER.encode(rewrittenQueryStringRewriteEncoded, uriCharset));
+ urlStringEncoded.append('&');
+- urlStringEncoded.append(originalQueryStringEncoded);
++ urlStringEncoded.append(queryStringOriginalEncoded);
+ } else if (index == urlStringEncoded.length() - 1) {
+ // if the ? is the last character delete it, its only purpose was to
+ // prevent the rewrite module from appending the query string
+@@ -553,24 +553,31 @@ public class RewriteValve extends ValveBase {
+
+ // Step 3. Complete the 2nd stage to encoding.
+ chunk.append(REWRITE_DEFAULT_ENCODER.encode(urlStringRewriteEncoded, uriCharset));
+- // Decoded and normalized URI
+- // Rewriting may have denormalized the URL
+- urlStringRewriteEncoded = RequestUtil.normalize(urlStringRewriteEncoded);
++ // Rewriting may have denormalized the URL and added encoded characters
++ // Decode then normalize
++ String urlStringRewriteDecoded = URLDecoder.decode(urlStringRewriteEncoded, uriCharset.name());
++ urlStringRewriteDecoded = RequestUtil.normalize(urlStringRewriteDecoded);
+ request.getCoyoteRequest().decodedURI().setChars(MessageBytes.EMPTY_CHAR_ARRAY, 0, 0);
+ chunk = request.getCoyoteRequest().decodedURI().getCharChunk();
+ if (context) {
+ // This is decoded and normalized
+ chunk.append(request.getServletContext().getContextPath());
+ }
+- chunk.append(URLDecoder.decode(urlStringRewriteEncoded, uriCharset.name()));
+- // Set the new Query if there is one
+- if (queryStringRewriteEncoded != null) {
++ chunk.append(urlStringRewriteDecoded);
++ // Set the new Query String
++ if (queryStringRewriteEncoded == null) {
++ // No new query string. Therefore the original is retained unless QSD is defined.
++ if (qsd) {
++ request.getCoyoteRequest().queryString().setChars(MessageBytes.EMPTY_CHAR_ARRAY, 0, 0);
++ }
++ } else {
++ // New query string. Therefore the original is dropped unless QSA is defined (and QSD is not).
+ request.getCoyoteRequest().queryString().setChars(MessageBytes.EMPTY_CHAR_ARRAY, 0, 0);
+ chunk = request.getCoyoteRequest().queryString().getCharChunk();
+ chunk.append(REWRITE_QUERY_ENCODER.encode(queryStringRewriteEncoded, uriCharset));
+- if (qsa && originalQueryStringEncoded != null && !originalQueryStringEncoded.isEmpty()) {
++ if (qsa && queryStringOriginalEncoded != null && !queryStringOriginalEncoded.isEmpty()) {
+ chunk.append('&');
+- chunk.append(originalQueryStringEncoded);
++ chunk.append(queryStringOriginalEncoded);
+ }
+ }
+ // Set the new host if it changed
+@@ -665,6 +672,10 @@ public class RewriteValve extends ValveBase {
+ while (flagsTokenizer.hasMoreElements()) {
+ parseRuleFlag(line, rule, flagsTokenizer.nextToken());
+ }
++ // If QSD and QSA are present, QSD always takes precedence
++ if (rule.isQsdiscard()) {
++ rule.setQsappend(false);
++ }
+ }
+ return rule;
+ } else if (token.equals("RewriteMap")) {
+diff --git a/test/org/apache/catalina/startup/TomcatBaseTest.java b/test/org/apache/catalina/startup/TomcatBaseTest.java
+index 160360d..6839387 100644
+--- a/test/org/apache/catalina/startup/TomcatBaseTest.java
++++ b/test/org/apache/catalina/startup/TomcatBaseTest.java
+@@ -553,7 +553,7 @@ public abstract class TomcatBaseTest extends LoggingBaseTest {
+ value.append(';');
+ }
+ }
+- out.println("PARAM/" + name + ": " + value);
++ out.println("PARAM:" + name + ": " + value);
+ }
+
+ out.println("SESSION-REQUESTED-ID: " +
+diff --git a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+index 458349c..7c81e93 100644
+--- a/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
++++ b/test/org/apache/catalina/valves/rewrite/TestRewriteValve.java
+@@ -301,17 +301,112 @@ public class TestRewriteValve extends TomcatBaseTest {
+ }
+
+ @Test
+- public void testQueryString() throws Exception {
++ public void testQueryStringTargetOnly() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?je=2", "/b/id=1", "/c/id=1", "je=2");
++ }
++
++ @Test
++ public void testQueryStringTargetOnlyQSA() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?je=2 [QSA]", "/b/id=1", "/c/id=1", "je=2");
++ }
++
++ @Test
++ public void testQueryStringTargetOnlyQSD() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?je=2 [QSD]", "/b/id=1", "/c/id=1", "je=2");
++ }
++
++ @Test
++ public void testQueryStringTargetOnlyQSAQSD() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?je=2 [QSA,QSD]", "/b/id=1", "/c/id=1", "je=2");
++ }
++
++ @Test
++ public void testQueryStringTargetOnlyQS() throws Exception {
+ doTestRewrite("RewriteRule ^/b/(.*) /c?$1", "/b/id=1", "/c", "id=1");
+ }
+
++ @Test
++ public void testQueryStringTargetOnlyQSAQS() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c?$1 [QSA]", "/b/id=1", "/c", "id=1");
++ }
++
++ @Test
++ public void testQueryStringTargetOnlyQSDQS() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c?$1 [QSD]", "/b/id=1", "/c", "id=1");
++ }
++
++ @Test
++ public void testQueryStringTargetOnlyQSAQSDQS() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c?$1 [QSA,QSD]", "/b/id=1", "/c", "id=1");
++ }
++
++ @Test
++ public void testQueryStringSourceOnly() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1", "/b/d?id=1", "/c/d", "id=1");
++ }
++
++ @Test
++ public void testQueryStringSourceOnlyQSA() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1 [QSA]", "/b/d?id=1", "/c/d", "id=1");
++ }
++
++ @Test
++ public void testQueryStringSourceOnlyQSD() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1 [QSD]", "/b/d?id=1", "/c/d", null);
++ }
++
++ @Test
++ public void testQueryStringSourceOnlyQSAQSD() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1 [QSA,QSD]", "/b/d?id=1", "/c/d", null);
++ }
++
++ @Test
++ public void testQueryStringSourceAndTarget() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?id=1", "/b/d?je=2", "/c/d", "id=1");
++ }
++
++ @Test
++ public void testQueryStringSourceAndTargetQSA() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?id=1 [QSA]", "/b/d?je=2", "/c/d", "id=1&je=2");
++ }
++
++ @Test
++ public void testQueryStringSourceAndTargetQSD() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?id=1 [QSD]", "/b/d?je=2", "/c/d", "id=1");
++ }
++
++ @Test
++ public void testQueryStringSourceAndTargetQSAQSD() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?id=1 [QSA,QSD]", "/b/d?je=2", "/c/d", "id=1");
++ }
++
++ @Test
++ public void testQueryStringEncoded01() throws Exception {
++ doTestRewrite("RewriteCond %{QUERY_STRING} a=(.*)\nRewriteRule ^/b.*$ /%1 [QSD]", "/b?a=c", "/c", null);
++ }
++
++ @Test
++ public void testQueryStringEncoded02() throws Exception {
++ doTestRewrite("RewriteCond %{QUERY_STRING} a=(.*)\nRewriteRule ^/b.*$ /z/%1 [QSD]", "/b?a=%2e%2e%2fc%2faAbB", "/z/%2e%2e%2fc%2faAbB", null);
++ }
++
+ @Test
+ public void testQueryStringRemove() throws Exception {
+- doTestRewrite("RewriteRule ^/b/(.*) /c/$1?", "/b/d?=1", "/c/d", null);
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?", "/b/d?id=1", "/c/d", null);
+ }
+
+ @Test
+ public void testQueryStringRemove02() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1 [QSD]", "/b/d?id=1", "/c/d", null);
++ }
++
++ @Test
++ public void testQueryStringRemoveInvalid() throws Exception {
++ doTestRewrite("RewriteRule ^/b/(.*) /c/$1?", "/b/d?=1", "/c/d", null);
++ }
++
++ @Test
++ public void testQueryStringRemoveInvalid02() throws Exception {
+ doTestRewrite("RewriteRule ^/b/(.*) /c/$1 [QSD]", "/b/d?=1", "/c/d", null);
+ }
+
+@@ -616,7 +711,7 @@ public class TestRewriteValve extends TomcatBaseTest {
+ public void testFlagsNC() throws Exception {
+ // https://bz.apache.org/bugzilla/show_bug.cgi?id=60116
+ doTestRewrite("RewriteCond %{QUERY_STRING} a=([a-z]*) [NC]\n" + "RewriteRule .* - [E=X-Test:%1]", "/c?a=aAa",
+- "/c", null, "aAa");
++ "/c", "a=aAa", "aAa");
+ }
+
+ @Test
+@@ -806,12 +901,16 @@ public class TestRewriteValve extends TomcatBaseTest {
+ // were written into the request target
+ Assert.assertEquals(400, rc);
+ } else {
++ // If there is an expected URI, the request should be successful
++ Assert.assertEquals(200, rc);
+ String body = res.toString();
+ RequestDescriptor requestDesc = SnoopResult.parse(body);
+ String requestURI = requestDesc.getRequestInfo("REQUEST-URI");
+ Assert.assertEquals(expectedURI, requestURI);
+
+- if (expectedQueryString != null) {
++ if (expectedQueryString == null) {
++ Assert.assertTrue(requestDesc.getParams().isEmpty());
++ } else {
+ String queryString = requestDesc.getRequestInfo("REQUEST-QUERY-STRING");
+ Assert.assertEquals(expectedQueryString, queryString);
+ }
+diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
+index 4fc968d..c05b0ed 100644
+--- a/webapps/docs/changelog.xml
++++ b/webapps/docs/changelog.xml
+@@ -132,6 +132,10 @@
+ Align size tracking for multipart requests with FileUpload's use of
+ <code>long</code>. (schultz)
+ </fix>
++ <fix>
++ Fix handling of <code>QSA</code> and <code>QSD</code> flags in
++ <code>RewriteValve</code>. (markt)
++ </fix>
+ </changelog>
+ </subsection>
+ <subsection name="Coyote">
=====================================
debian/patches/CVE-2025-55754.patch
=====================================
@@ -0,0 +1,267 @@
+From: Markus Koschany <apo at debian.org>
+Date: Wed, 4 Feb 2026 11:56:34 +0100
+Subject: CVE-2025-55754
+
+Origin: https://github.com/apache/tomcat/commit/a03cabf3a36a42d27d8d997ed31f034f50ba6cd5
+---
+ java/org/apache/juli/JdkLoggerFormatter.java | 4 +-
+ java/org/apache/juli/LogUtil.java | 64 +++++++++++++++++++
+ java/org/apache/juli/OneLineFormatter.java | 4 +-
+ java/org/apache/juli/VerbatimFormatter.java | 7 +--
+ test/org/apache/juli/TestLogUtil.java | 93 ++++++++++++++++++++++++++++
+ webapps/docs/changelog.xml | 3 +
+ 6 files changed, 167 insertions(+), 8 deletions(-)
+ create mode 100644 java/org/apache/juli/LogUtil.java
+ create mode 100644 test/org/apache/juli/TestLogUtil.java
+
+diff --git a/java/org/apache/juli/JdkLoggerFormatter.java b/java/org/apache/juli/JdkLoggerFormatter.java
+index 80ba904..65d44a4 100644
+--- a/java/org/apache/juli/JdkLoggerFormatter.java
++++ b/java/org/apache/juli/JdkLoggerFormatter.java
+@@ -100,7 +100,7 @@ public class JdkLoggerFormatter extends Formatter {
+ }
+
+ // Append the message
+- buf.append(message);
++ buf.append(LogUtil.escape(message));
+
+ // Append stack trace if not null
+ if (t != null) {
+@@ -110,7 +110,7 @@ public class JdkLoggerFormatter extends Formatter {
+ java.io.PrintWriter pw = new java.io.PrintWriter(sw);
+ t.printStackTrace(pw);
+ pw.close();
+- buf.append(sw);
++ buf.append(LogUtil.escape(sw.toString()));
+ }
+
+ buf.append(System.lineSeparator());
+diff --git a/java/org/apache/juli/LogUtil.java b/java/org/apache/juli/LogUtil.java
+new file mode 100644
+index 0000000..c7eb098
+--- /dev/null
++++ b/java/org/apache/juli/LogUtil.java
+@@ -0,0 +1,64 @@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package org.apache.juli;
++
++public class LogUtil {
++
++ private LogUtil() {
++ // Utility class. Hide default constructor
++ }
++
++
++ /**
++ * Escape a string so it can be displayed in a readable format. Characters that may not be printable in some/all of
++ * the contexts in which log messages will be viewed will be escaped using Java \\uNNNN escaping.
++ * <p>
++ * All control characters are escaped apart from horizontal tab (\\u0009), new line (\\u000a) and carriage return
++ * (\\u000d).
++ *
++ * @param input The string to escape
++ *
++ * @return The escaped form of the input string
++ */
++ @SuppressWarnings("null") // sb is not null when used
++ public static String escape(final String input) {
++ final int len = input.length();
++ int i = 0;
++ int lastControl = -1;
++ StringBuilder sb = null;
++ while (i < len) {
++ char c = input.charAt(i);
++ if (Character.getType(c) == Character.CONTROL) {
++ if (!(c == '\t' || c == '\n' || c == '\r')) {
++ if (lastControl == -1) {
++ sb = new StringBuilder(len + 20);
++ }
++ sb.append(input.substring(lastControl + 1, i));
++ sb.append(String.format("\\u%1$04x", Integer.valueOf(c)));
++ lastControl = i;
++ }
++ }
++ i++;
++ }
++ if (lastControl == -1) {
++ return input;
++ } else {
++ sb.append(input.substring(lastControl + 1, len));
++ return sb.toString();
++ }
++ }
++}
+diff --git a/java/org/apache/juli/OneLineFormatter.java b/java/org/apache/juli/OneLineFormatter.java
+index 4ad3680..3c54de4 100644
+--- a/java/org/apache/juli/OneLineFormatter.java
++++ b/java/org/apache/juli/OneLineFormatter.java
+@@ -147,7 +147,7 @@ public class OneLineFormatter extends Formatter {
+
+ // Message
+ sb.append(' ');
+- sb.append(formatMessage(record));
++ sb.append(LogUtil.escape(formatMessage(record)));
+
+ // New line for next record
+ sb.append(System.lineSeparator());
+@@ -158,7 +158,7 @@ public class OneLineFormatter extends Formatter {
+ PrintWriter pw = new IndentingPrintWriter(sw);
+ record.getThrown().printStackTrace(pw);
+ pw.close();
+- sb.append(sw.getBuffer());
++ sb.append(LogUtil.escape(sw.toString()));
+ }
+
+ return sb.toString();
+diff --git a/java/org/apache/juli/VerbatimFormatter.java b/java/org/apache/juli/VerbatimFormatter.java
+index 88efa4d..2653b18 100644
+--- a/java/org/apache/juli/VerbatimFormatter.java
++++ b/java/org/apache/juli/VerbatimFormatter.java
+@@ -20,9 +20,9 @@ import java.util.logging.Formatter;
+ import java.util.logging.LogRecord;
+
+ /**
+- * Outputs just the log message with no additional elements. Stack traces are not logged. Log messages are separated by
+- * <code>System.lineSeparator()</code>. This is intended for use by access logs and the like that need complete control
+- * over the output format.
++ * Outputs just the log message with no additional elements and no escaping. Stack traces are not logged. Log messages
++ * are separated by <code>System.lineSeparator()</code>. This is intended for use by access logs and the like that need
++ * complete control over the output format.
+ */
+ public class VerbatimFormatter extends Formatter {
+
+@@ -31,5 +31,4 @@ public class VerbatimFormatter extends Formatter {
+ // Timestamp + New line for next record
+ return record.getMessage() + System.lineSeparator();
+ }
+-
+ }
+diff --git a/test/org/apache/juli/TestLogUtil.java b/test/org/apache/juli/TestLogUtil.java
+new file mode 100644
+index 0000000..12360c2
+--- /dev/null
++++ b/test/org/apache/juli/TestLogUtil.java
+@@ -0,0 +1,93 @@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package org.apache.juli;
++
++import org.junit.Assert;
++import org.junit.Test;
++
++public class TestLogUtil {
++
++ @Test
++ public void testEscapeForLoggingEmptyString() {
++ doTestEscapeForLogging("");
++ }
++
++
++ @Test
++ public void testEscapeForLoggingNone() {
++ doTestEscapeForLogging("No escaping");
++ }
++
++
++ @Test
++ public void testEscapeForLoggingControlStart() {
++ doTestEscapeForLogging("\u0006Text", "\\u0006Text");
++ }
++
++
++ @Test
++ public void testEscapeForLoggingControlMiddle() {
++ doTestEscapeForLogging("Text\u0006Text", "Text\\u0006Text");
++ }
++
++
++ @Test
++ public void testEscapeForLoggingControlEnd() {
++ doTestEscapeForLogging("Text\u0006", "Text\\u0006");
++ }
++
++
++ @Test
++ public void testEscapeForLoggingControlOnly() {
++ doTestEscapeForLogging("\u0006", "\\u0006");
++ }
++
++
++ @Test
++ public void testEscapeForLoggingControlsStart() {
++ doTestEscapeForLogging("\u0006\u0007Text", "\\u0006\\u0007Text");
++ }
++
++
++ @Test
++ public void testEscapeForLoggingControlsMiddle() {
++ doTestEscapeForLogging("Text\u0006\u0007Text", "Text\\u0006\\u0007Text");
++ }
++
++
++ @Test
++ public void testEscapeForLoggingControlsEnd() {
++ doTestEscapeForLogging("Text\u0006\u0007", "Text\\u0006\\u0007");
++ }
++
++
++ @Test
++ public void testEscapeForLoggingControlsOnly() {
++ doTestEscapeForLogging("\u0006\u0007", "\\u0006\\u0007");
++ }
++
++
++ private void doTestEscapeForLogging(String input) {
++ doTestEscapeForLogging(input, input);
++ }
++
++
++ private void doTestEscapeForLogging(String input, String expected) {
++ String result = LogUtil.escape(input);
++ Assert.assertEquals(expected, result);
++ }
++}
+\ No newline at end of file
+diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
+index c05b0ed..8e78763 100644
+--- a/webapps/docs/changelog.xml
++++ b/webapps/docs/changelog.xml
+@@ -184,6 +184,9 @@
+ Remove the <code>INSTANCEOF</code> and <code>FUNCTIONSUFFIX</code>
+ definitions from the EL grammar as both are unused. (markt)
+ </scode>
++ <add>
++ Add escaping to log formatters to align with JSON formatter. (markt)
++ </add>
+ </changelog>
+ </subsection>
+ <subsection name="Web applications">
=====================================
debian/patches/CVE-2025-61795.patch
=====================================
@@ -0,0 +1,78 @@
+From: Markus Koschany <apo at debian.org>
+Date: Wed, 4 Feb 2026 11:57:33 +0100
+Subject: CVE-2025-61795
+
+Origin: https://github.com/apache/tomcat/commit/afa422bd7ca1eef0f507259c682fd876494d9c3b
+---
+ .../catalina/connector/LocalStrings.properties | 1 +
+ java/org/apache/catalina/connector/Request.java | 21 ++++++++++++++++++++-
+ webapps/docs/changelog.xml | 4 ++++
+ 3 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/java/org/apache/catalina/connector/LocalStrings.properties b/java/org/apache/catalina/connector/LocalStrings.properties
+index de2de4a..74b021e 100644
+--- a/java/org/apache/catalina/connector/LocalStrings.properties
++++ b/java/org/apache/catalina/connector/LocalStrings.properties
+@@ -94,6 +94,7 @@ request.asyncNotSupported=A filter or servlet of the current chain does not supp
+ request.fragmentInDispatchPath=The fragment in dispatch path [{0}] has been removed
+ request.illegalWrap=The request wrapper must wrap the request obtained from getRequest()
+ request.notAsync=It is illegal to call this method if the current request is not in asynchronous mode (i.e. isAsyncStarted() returns false)
++request.partCleanup.failed=Unable to delete temporary file for uploaded part after multi-part processing failed
+ request.session.failed=Failed to load session [{0}] due to [{1}]
+
+ requestFacade.nullRequest=The request object has been recycled and is no longer associated with this facade
+diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
+index c25ac6b..ed6f8be 100644
+--- a/java/org/apache/catalina/connector/Request.java
++++ b/java/org/apache/catalina/connector/Request.java
+@@ -2712,8 +2712,9 @@ public class Request implements HttpServletRequest {
+ upload.setFileCountMax(partLimit);
+
+ parts = new ArrayList<>();
++ List<FileItem> items = null;
+ try {
+- List<FileItem> items = upload.parseRequest(new ServletRequestContext(this));
++ items = upload.parseRequest(new ServletRequestContext(this));
+ int maxPostSize = getConnector().getMaxPostSize();
+ long postSize = 0;
+ Charset charset = getCharset();
+@@ -2766,6 +2767,24 @@ public class Request implements HttpServletRequest {
+ // addParameters() will set parseFailedReason
+ checkSwallowInput();
+ partsParseException = e;
++ } finally {
++ /*
++ * GC will delete any temporary copies of uploaded files left in the work directory but if we know that the
++ * upload has failed then explicitly clean up now.
++ */
++ if (!success) {
++ parts.clear();
++ if (items != null) {
++ for (FileItem item : items) {
++ try {
++ item.delete();
++ } catch (Throwable t) {
++ ExceptionUtils.handleThrowable(t);
++ log.warn(sm.getString("request.partCleanup.failed"), t);
++ }
++ }
++ }
++ }
+ }
+ } finally {
+ // This might look odd but is correct. setParseFailedReason() only
+diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
+index 8e78763..7a98ef9 100644
+--- a/webapps/docs/changelog.xml
++++ b/webapps/docs/changelog.xml
+@@ -136,6 +136,10 @@
+ Fix handling of <code>QSA</code> and <code>QSD</code> flags in
+ <code>RewriteValve</code>. (markt)
+ </fix>
++ <fix>
++ Be proactive in cleaning up temporary files after a failed multi-part
++ upload rather than waiting for GC to do it. (markt)
++ </fix>
+ </changelog>
+ </subsection>
+ <subsection name="Coyote">
=====================================
debian/patches/disable-jacoco.patch
=====================================
@@ -7,6 +7,8 @@ Forwarded: not-needed
build.xml | 29 +----------------------------
1 file changed, 1 insertion(+), 28 deletions(-)
+diff --git a/build.xml b/build.xml
+index 0b1bacc..020f91c 100644
--- a/build.xml
+++ b/build.xml
@@ -1917,7 +1917,7 @@
@@ -59,7 +61,7 @@ Forwarded: not-needed
</target>
<target name="spotbugs"
-@@ -3709,15 +3689,8 @@ Configured for ${release.asfusername} to
+@@ -3709,15 +3689,8 @@ Configured for ${release.asfusername} to release Tomcat ${version.major}.${versi
<path id="jacoco.classpath">
<fileset file="${jacoco.jar}" />
</path>
=====================================
debian/patches/exclude-TestJNDIRealmIntegration.patch
=====================================
@@ -10,6 +10,8 @@ Forwarded: not-needed
build.xml | 1 +
1 file changed, 1 insertion(+)
+diff --git a/build.xml b/build.xml
+index 25d5322..0b1bacc 100644
--- a/build.xml
+++ b/build.xml
@@ -1899,6 +1899,7 @@
=====================================
debian/patches/series
=====================================
@@ -15,3 +15,6 @@ Bundle-Version.patch
0026-easymock4-compatibility.patch
JDTCompiler.patch
openssl.patch
+CVE-2025-55752.patch
+CVE-2025-55754.patch
+CVE-2025-61795.patch
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/compare/83d0df1271753683ea87f6d424c221683ee9d075...3d38055781b64125fdff66b14e4c930a069aa61e
--
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/compare/83d0df1271753683ea87f6d424c221683ee9d075...3d38055781b64125fdff66b14e4c930a069aa61e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20260205/8b1e02da/attachment.htm>
More information about the pkg-java-commits
mailing list