diff --git a/sources b/sources
index c2a102c..525648d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f8a1a0f811f6ffe0a4ccc1132c442d8b apache-tomcat-8.0.32-src.tar.gz
+be048e9ffa26957892933c9fa6bca0d8 apache-tomcat-8.0.36-src.tar.gz
diff --git a/tomcat-8.0-tomcat-users-webapp.patch b/tomcat-8.0-tomcat-users-webapp.patch
index 9f05e37..860c4cf 100644
--- a/tomcat-8.0-tomcat-users-webapp.patch
+++ b/tomcat-8.0-tomcat-users-webapp.patch
@@ -1,8 +1,8 @@
--- conf/tomcat-users.xml~ 2008-01-28 17:41:06.000000000 -0500
+++ conf/tomcat-users.xml 2008-03-07 19:40:07.000000000 -0500
@@ -23,4 +23,14 @@
-
-
+
+
-->
+
+
@@ -13,5 +13,5 @@
+
+
+
-+
++
diff --git a/tomcat-8.0.36-CompilerOptionsV9.patch b/tomcat-8.0.36-CompilerOptionsV9.patch
new file mode 100644
index 0000000..0b44236
--- /dev/null
+++ b/tomcat-8.0.36-CompilerOptionsV9.patch
@@ -0,0 +1,24 @@
+--- java/org/apache/jasper/compiler/JDTCompiler.java~ 2016-07-01 14:39:19.728255958 -0400
++++ java/org/apache/jasper/compiler/JDTCompiler.java 2016-07-01 14:39:37.191311760 -0400
+@@ -312,9 +312,6 @@
+ } else if(opt.equals("1.8")) {
+ settings.put(CompilerOptions.OPTION_Source,
+ CompilerOptions.VERSION_1_8);
+- } else if(opt.equals("1.9")) {
+- settings.put(CompilerOptions.OPTION_Source,
+- CompilerOptions.VERSION_1_9);
+ } else {
+ log.warn("Unknown source VM " + opt + " ignored.");
+ settings.put(CompilerOptions.OPTION_Source,
+@@ -361,11 +358,6 @@
+ CompilerOptions.VERSION_1_8);
+ settings.put(CompilerOptions.OPTION_Compliance,
+ CompilerOptions.VERSION_1_8);
+- } else if(opt.equals("1.9")) {
+- settings.put(CompilerOptions.OPTION_TargetPlatform,
+- CompilerOptions.VERSION_1_9);
+- settings.put(CompilerOptions.OPTION_Compliance,
+- CompilerOptions.VERSION_1_9);
+ } else {
+ log.warn("Unknown target VM " + opt + " ignored.");
+ settings.put(CompilerOptions.OPTION_TargetPlatform,
diff --git a/tomcat.spec b/tomcat.spec
index f429dc3..be5d53b 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
%global jspspec 2.3
%global major_version 8
%global minor_version 0
-%global micro_version 32
+%global micro_version 36
%global packdname apache-tomcat-%{version}-src
%global servletspec 3.1
%global elspec 3.0
@@ -57,7 +57,7 @@
Name: tomcat
Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version}
-Release: 5%{?dist}
+Release: 1%{?dist}
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
Group: System Environment/Daemons
@@ -86,6 +86,7 @@ Source32: tomcat-named.service
Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
+Patch2: %{name}-8.0.36-CompilerOptionsV9.patch
BuildArch: noarch
@@ -237,6 +238,8 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
%patch0 -p0
%patch1 -p0
+%patch2 -p0
+
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
%{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
@@ -679,7 +682,8 @@ fi
%attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service
%changelog
-* Mon Aug 08 2016 Coty Sutherland - 1:8.0.32-5
+* Mon Aug 08 2016 Coty Sutherland - 1:8.0.36-1
+- Resolves: rhbz#1349463 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service (updates to 8.0.36)
- Resolves: rhbz#1364056 The command tomcat-digest doesn't work
- Resolves: rhbz#1363884 The tomcat-tool-wrapper script is broken