diff --git a/.gitignore b/.gitignore
index 260a2d6..9969f1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
 SOURCES/httpd-2.4.6.tar.bz2
-SOURCES/centos-noindex.tar.gz
diff --git a/.httpd.metadata b/.httpd.metadata
index 17ede1b..d335a99 100644
--- a/.httpd.metadata
+++ b/.httpd.metadata
@@ -1,2 +1 @@
 16d8ec72535ded65d035122b0d944b0e64eaa2a2 SOURCES/httpd-2.4.6.tar.bz2
-6ce5ab3c765b9efeceb2e636e32373bc6e6ed489 SOURCES/centos-noindex.tar.gz
diff --git a/SOURCES/httpd-2.4.6-r1833014.patch b/SOURCES/httpd-2.4.6-r1833014.patch
new file mode 100644
index 0000000..9a8f455
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1833014.patch
@@ -0,0 +1,83 @@
+diff --git a/modules/http/http_request.c b/modules/http/http_request.c
+index c97dc77..9885de4 100644
+--- a/modules/http/http_request.c
++++ b/modules/http/http_request.c
+@@ -227,11 +227,21 @@ AP_DECLARE(void) ap_die(int type, request_rec *r)
+     ap_die_r(type, r, r->status);
+ }
+ 
+-static void check_pipeline(conn_rec *c)
++#define RETRIEVE_BRIGADE_FROM_POOL(bb, key, pool, allocator) do {       \
++    apr_pool_userdata_get((void **)&bb, key, pool);                     \
++    if (bb == NULL) {                                                   \
++        bb = apr_brigade_create(pool, allocator);                       \
++        apr_pool_userdata_setn((const void *)bb, key, NULL, pool);      \
++    }                                                                   \
++    else {                                                              \
++        apr_brigade_cleanup(bb);                                        \
++    }                                                                   \
++} while(0)
++
++static void check_pipeline(conn_rec *c, apr_bucket_brigade *bb)
+ {
+     if (c->keepalive != AP_CONN_CLOSE) {
+         apr_status_t rv;
+-        apr_bucket_brigade *bb = apr_brigade_create(c->pool, c->bucket_alloc);
+ 
+         rv = ap_get_brigade(c->input_filters, bb, AP_MODE_SPECULATIVE,
+                             APR_NONBLOCK_READ, 1);
+@@ -245,11 +255,10 @@ static void check_pipeline(conn_rec *c)
+         else {
+             c->data_in_input_filters = 1;
+         }
+-        apr_brigade_destroy(bb);
++        apr_brigade_cleanup(bb);
+     }
+ }
+ 
+-
+ AP_DECLARE(void) ap_process_request_after_handler(request_rec *r)
+ {
+     apr_bucket_brigade *bb;
+@@ -260,11 +269,13 @@ AP_DECLARE(void) ap_process_request_after_handler(request_rec *r)
+      * this bucket is destroyed, the request will be logged and
+      * its pool will be freed
+      */
+-    bb = apr_brigade_create(r->connection->pool, r->connection->bucket_alloc);
++    RETRIEVE_BRIGADE_FROM_POOL(bb, "ap_process_request_after_handler_brigade",
++                               c->pool, c->bucket_alloc);
+     b = ap_bucket_eor_create(r->connection->bucket_alloc, r);
+     APR_BRIGADE_INSERT_HEAD(bb, b);
+ 
+     ap_pass_brigade(r->connection->output_filters, bb);
++    apr_brigade_cleanup(bb);
+ 
+     /* From here onward, it is no longer safe to reference r
+      * or r->pool, because r->pool may have been destroyed
+@@ -273,7 +284,7 @@ AP_DECLARE(void) ap_process_request_after_handler(request_rec *r)
+ 
+     if (c->cs)
+         c->cs->state = CONN_STATE_WRITE_COMPLETION;
+-    check_pipeline(c);
++    check_pipeline(c, bb);
+     AP_PROCESS_REQUEST_RETURN((uintptr_t)r, r->uri, r->status);
+     if (ap_extended_status) {
+         ap_time_process_request(c->sbh, STOP_PREQUEST);
+@@ -363,7 +374,8 @@ void ap_process_request(request_rec *r)
+     ap_process_async_request(r);
+ 
+     if (!c->data_in_input_filters) {
+-        bb = apr_brigade_create(c->pool, c->bucket_alloc);
++        RETRIEVE_BRIGADE_FROM_POOL(bb, "ap_process_request_after_handler_brigade",
++                                   c->pool, c->bucket_alloc);
+         b = apr_bucket_flush_create(c->bucket_alloc);
+         APR_BRIGADE_INSERT_HEAD(bb, b);
+         rv = ap_pass_brigade(c->output_filters, bb);
+@@ -380,6 +392,7 @@ void ap_process_request(request_rec *r)
+                           "Timeout while writing data for URI %s to the"
+                           " client", r->unparsed_uri);
+         }
++        apr_brigade_cleanup(bb);
+     }
+     if (ap_extended_status) {
+         ap_time_process_request(c->sbh, STOP_PREQUEST);
diff --git a/SOURCES/welcome.conf b/SOURCES/welcome.conf
index c1b6c11..5d1e452 100644
--- a/SOURCES/welcome.conf
+++ b/SOURCES/welcome.conf
@@ -16,7 +16,3 @@
 </Directory>
 
 Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec
index 4675e4c..dfb7057 100644
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@@ -4,7 +4,7 @@
 %define mmn 20120211
 %define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
-%define vstring CentOS
+%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
 
 # Drop automatic provides for module DSOs
 %{?filter_setup:
@@ -15,10 +15,10 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.6
-Release: 88%{?dist}
+Release: 89%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex.tar.gz
+Source1: index.html
 Source2: httpd.logrotate
 Source3: httpd.sysconf
 Source4: httpd-ssl-pass-dialog
@@ -189,6 +189,8 @@ Patch137: httpd-2.4.6-r1825120.patch
 Patch138: httpd-2.4.6-r1515372.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=1458364
 Patch139: httpd-2.4.6-r1824872.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1583218
+Patch140: httpd-2.4.6-r1833014.patch
 
 # Security fixes
 Patch200: httpd-2.4.6-CVE-2013-6438.patch
@@ -432,6 +434,7 @@ rm modules/ssl/ssl_engine_dh.c
 %patch137 -p1 -b .r1825120
 %patch138 -p1 -b .r1515372
 %patch139 -p1 -b .r1824872
+%patch140 -p1 -b .r1833014
 
 
 %patch200 -p1 -b .cve6438
@@ -608,10 +611,8 @@ EOF
 
 # Handle contentdir
 mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
-tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
-        -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
-        --strip-components=1
-
+install -m 644 -p $RPM_SOURCE_DIR/index.html \
+        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
 rm -rf %{contentdir}/htdocs
 
 # remove manual sources
@@ -634,7 +635,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
       $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
 
 # Symlink for the powered-by-$DISTRO image:
-ln -s ../noindex/images/poweredby.png \
+ln -s ../../pixmaps/poweredby.png \
         $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
 
 # symlinks for /etc/httpd
@@ -820,7 +821,7 @@ rm -rf $RPM_BUILD_ROOT
 %{contentdir}/error/README
 %{contentdir}/error/*.var
 %{contentdir}/error/include/*.html
-%{contentdir}/noindex/*
+%{contentdir}/noindex/index.html
 
 %dir %{docroot}
 %dir %{docroot}/cgi-bin
@@ -886,11 +887,8 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
-* Tue Oct 30 2018 CentOS Sources <bugs@centos.org> - 2.4.6-88.el7.centos
-- Remove index.html, add centos-noindex.tar.gz
-- change vstring
-- change symlink for poweredby.png
-- update welcome.conf with proper aliases
+* Fri Mar 15 2019 Joe Orton <jorton@redhat.com> - 2.4.6-89
+- fix per-request leak of bucket brigade structure (#1583218)
 
 * Thu Jun 21 2018 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-88
 - Resolves: #1527295 - httpd with worker/event mpm segfaults after multiple