diff --git a/.gitignore b/.gitignore
index 260a2d6..9969f1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
 SOURCES/httpd-2.4.6.tar.bz2
-SOURCES/centos-noindex.tar.gz
diff --git a/.httpd.metadata b/.httpd.metadata
index 17ede1b..d335a99 100644
--- a/.httpd.metadata
+++ b/.httpd.metadata
@@ -1,2 +1 @@
 16d8ec72535ded65d035122b0d944b0e64eaa2a2 SOURCES/httpd-2.4.6.tar.bz2
-6ce5ab3c765b9efeceb2e636e32373bc6e6ed489 SOURCES/centos-noindex.tar.gz
diff --git a/SOURCES/httpd-2.4.6-CVE-2022-22720.patch b/SOURCES/httpd-2.4.6-CVE-2022-22720.patch
new file mode 100644
index 0000000..55a6f8a
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2022-22720.patch
@@ -0,0 +1,154 @@
+diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
+index 6d85eb1..083e0b6 100644
+--- a/modules/http/http_filters.c
++++ b/modules/http/http_filters.c
+@@ -1592,9 +1592,9 @@ AP_DECLARE(int) ap_map_http_request_error(apr_status_t rv, int status)
+  */
+ AP_DECLARE(int) ap_discard_request_body(request_rec *r)
+ {
++    int rc = OK;
++    conn_rec *c = r->connection;
+     apr_bucket_brigade *bb;
+-    int seen_eos;
+-    apr_status_t rv;
+ 
+     /* Sometimes we'll get in a state where the input handling has
+      * detected an error where we want to drop the connection, so if
+@@ -1603,54 +1603,57 @@ AP_DECLARE(int) ap_discard_request_body(request_rec *r)
+      *
+      * This function is also a no-op on a subrequest.
+      */
+-    if (r->main || r->connection->keepalive == AP_CONN_CLOSE ||
+-        ap_status_drops_connection(r->status)) {
++    if (r->main || c->keepalive == AP_CONN_CLOSE) {
++        return OK;
++    }
++    if (ap_status_drops_connection(r->status)) {
++        c->keepalive = AP_CONN_CLOSE;
+         return OK;
+     }
+ 
+     bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+-    seen_eos = 0;
+-    do {
+-        apr_bucket *bucket;
++    for (;;) {
++        apr_status_t rv;
+ 
+         rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
+                             APR_BLOCK_READ, HUGE_STRING_LEN);
+-
+         if (rv != APR_SUCCESS) {
+-            apr_brigade_destroy(bb);
+-            return ap_map_http_request_error(rv, HTTP_BAD_REQUEST);
++            rc = ap_map_http_request_error(rv, HTTP_BAD_REQUEST);
++            goto cleanup;
+         }
+ 
+-        for (bucket = APR_BRIGADE_FIRST(bb);
+-             bucket != APR_BRIGADE_SENTINEL(bb);
+-             bucket = APR_BUCKET_NEXT(bucket))
+-        {
+-            const char *data;
+-            apr_size_t len;
++        while (!APR_BRIGADE_EMPTY(bb)) {
++            apr_bucket *b = APR_BRIGADE_FIRST(bb);
+ 
+-            if (APR_BUCKET_IS_EOS(bucket)) {
+-                seen_eos = 1;
+-                break;
++            if (APR_BUCKET_IS_EOS(b)) {
++                goto cleanup;
+             }
+ 
+-            /* These are metadata buckets. */
+-            if (bucket->length == 0) {
+-                continue;
+-            }
+-
+-            /* We MUST read because in case we have an unknown-length
+-             * bucket or one that morphs, we want to exhaust it.
++            /* There is no need to read empty or metadata buckets or
++             * buckets of known length, but we MUST read buckets of
++             * unknown length in order to exhaust them.
+              */
+-            rv = apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ);
++            if (b->length == (apr_size_t)-1) {
++                apr_size_t len;
++                const char *data;
++
++                rv = apr_bucket_read(b, &data, &len, APR_BLOCK_READ);
+             if (rv != APR_SUCCESS) {
+-                apr_brigade_destroy(bb);
+-                return HTTP_BAD_REQUEST;
++                    rc = HTTP_BAD_REQUEST;
++                    goto cleanup;
+             }
+         }
+-        apr_brigade_cleanup(bb);
+-    } while (!seen_eos);
+ 
+-    return OK;
++            apr_bucket_delete(b);
++        }
++    }
++
++cleanup:
++    apr_brigade_cleanup(bb);
++    if (rc != OK) {
++        c->keepalive = AP_CONN_CLOSE;
++    }
++    return rc;
+ }
+ 
+ /* Here we deal with getting the request message body from the client.
+diff --git a/server/protocol.c b/server/protocol.c
+index 8428129..a6aeb24 100644
+--- a/server/protocol.c
++++ b/server/protocol.c
+@@ -1480,23 +1480,29 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
+     rnew->main = (request_rec *) r;
+ }
+ 
+-static void end_output_stream(request_rec *r)
++static void end_output_stream(request_rec *r, int status)
+ {
+     conn_rec *c = r->connection;
+     apr_bucket_brigade *bb;
+     apr_bucket *b;
+ 
+     bb = apr_brigade_create(r->pool, c->bucket_alloc);
++    if (status != OK) {
++        b = ap_bucket_error_create(status, NULL, r->pool, c->bucket_alloc);
++        APR_BRIGADE_INSERT_TAIL(bb, b);
++    }
+     b = apr_bucket_eos_create(c->bucket_alloc);
+     APR_BRIGADE_INSERT_TAIL(bb, b);
++
+     ap_pass_brigade(r->output_filters, bb);
++    apr_brigade_cleanup(bb);
+ }
+ 
+ AP_DECLARE(void) ap_finalize_sub_req_protocol(request_rec *sub)
+ {
+     /* tell the filter chain there is no more content coming */
+     if (!sub->eos_sent) {
+-        end_output_stream(sub);
++        end_output_stream(sub, OK);
+     }
+ }
+ 
+@@ -1507,11 +1513,11 @@ AP_DECLARE(void) ap_finalize_sub_req_protocol(request_rec *sub)
+  */
+ AP_DECLARE(void) ap_finalize_request_protocol(request_rec *r)
+ {
+-    (void) ap_discard_request_body(r);
++    int status = ap_discard_request_body(r);
+ 
+     /* tell the filter chain there is no more content coming */
+     if (!r->eos_sent) {
+-        end_output_stream(r);
++        end_output_stream(r, status);
+     }
+ }
+ 
diff --git a/SOURCES/welcome.conf b/SOURCES/welcome.conf
index c1b6c11..5d1e452 100644
--- a/SOURCES/welcome.conf
+++ b/SOURCES/welcome.conf
@@ -16,7 +16,3 @@
 </Directory>
 
 Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec
index 4146dc1..e4611a1 100644
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@@ -4,7 +4,7 @@
 %define mmn 20120211
 %define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
-%define vstring CentOS
+%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
 
 # Drop automatic provides for module DSOs
 %{?filter_setup:
@@ -15,10 +15,10 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.6
-Release: 97%{?dist}.4
+Release: 97%{?dist}.5
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex.tar.gz
+Source1: index.html
 Source2: httpd.logrotate
 Source3: httpd.sysconf
 Source4: httpd-ssl-pass-dialog
@@ -246,6 +246,7 @@ Patch242: httpd-2.4.6-CVE-2021-44790.patch
 Patch243: httpd-2.4.6-CVE-2021-34798.patch
 Patch244: httpd-2.4.6-CVE-2021-39275.patch
 Patch245: httpd-2.4.6-CVE-2021-26691.patch
+Patch246: httpd-2.4.6-CVE-2022-22720.patch
 
 License: ASL 2.0
 Group: System Environment/Daemons
@@ -514,6 +515,7 @@ rm modules/ssl/ssl_engine_dh.c
 %patch243 -p1 -b .cve34798
 %patch244 -p1 -b .cve39275
 %patch245 -p1 -b .cve26691
+%patch246 -p1 -b .cve22720
 
 # Patch in the vendor string and the release string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -667,10 +669,8 @@ EOF
 
 # Handle contentdir
 mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
-tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
-        -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
-        --strip-components=1
-
+install -m 644 -p $RPM_SOURCE_DIR/index.html \
+        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
 rm -rf %{contentdir}/htdocs
 
 # remove manual sources
@@ -693,7 +693,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
       $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
 
 # Symlink for the powered-by-$DISTRO image:
-ln -s ../noindex/images/poweredby.png \
+ln -s ../../pixmaps/poweredby.png \
         $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
 
 # symlinks for /etc/httpd
@@ -879,7 +879,7 @@ rm -rf $RPM_BUILD_ROOT
 %{contentdir}/error/README
 %{contentdir}/error/*.var
 %{contentdir}/error/include/*.html
-%{contentdir}/noindex/*
+%{contentdir}/noindex/index.html
 
 %dir %{docroot}
 %dir %{docroot}/cgi-bin
@@ -945,13 +945,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
-* Mon Jan 17 2022 CentOS Sources <bugs@centos.org> - 2.4.6-97.el7.centos.4
-- Remove index.html, add centos-noindex.tar.gz
-- change vstring
-- change symlink for poweredby.png
-- update welcome.conf with proper aliases
+* Tue Mar 22 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.5
+- Resolves: #2065243 - CVE-2022-22720 httpd: HTTP request smuggling
+  vulnerability in Apache HTTP Server 2.4.52 and earlier
 
-* Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com>
+* Mon Jan 10 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.4
 - Resolves: #2031072 - CVE-2021-34798 httpd: NULL pointer dereference via
   malformed requests
 - Resolves: #2031074 - CVE-2021-39275 httpd: out-of-bounds write in