diff --git a/.gitignore b/.gitignore
index 260a2d6..9969f1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
SOURCES/httpd-2.4.6.tar.bz2
-SOURCES/centos-noindex.tar.gz
diff --git a/.httpd.metadata b/.httpd.metadata
index 17ede1b..d335a99 100644
--- a/.httpd.metadata
+++ b/.httpd.metadata
@@ -1,2 +1 @@
16d8ec72535ded65d035122b0d944b0e64eaa2a2 SOURCES/httpd-2.4.6.tar.bz2
-6ce5ab3c765b9efeceb2e636e32373bc6e6ed489 SOURCES/centos-noindex.tar.gz
diff --git a/SOURCES/httpd-2.4.6-r1872790.patch b/SOURCES/httpd-2.4.6-r1872790.patch
new file mode 100644
index 0000000..a707b4f
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1872790.patch
@@ -0,0 +1,337 @@
+# ./pullrev.sh 1872790
+
+http://svn.apache.org/viewvc?view=revision&revision=1872790
+
+- Adjusted to remove (pointless-for-RHEL) additions of #if APR_HAS_THREADS.
+- merged a previous change to connection_destructor in mod_proxy_balancer.c
+- s/hostname_ex/hostname since 2.4.6 doesn't have hostname_ex
+
+--- httpd-2.4.6/modules/proxy/mod_proxy_balancer.c.r1872790
++++ httpd-2.4.6/modules/proxy/mod_proxy_balancer.c
+@@ -1229,12 +1229,23 @@
+ bsel->wupdated = bsel->s->wupdated = nworker->s->updated = apr_time_now();
+ /* by default, all new workers are disabled */
+ ap_proxy_set_wstatus('D', 1, nworker);
++ } else {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10163)
++ "%s: failed to add worker %s",
++ bsel->s->name, val);
++ PROXY_GLOBAL_UNLOCK(bsel);
++ return HTTP_BAD_REQUEST;
+ }
+ if ((rv = PROXY_GLOBAL_UNLOCK(bsel)) != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(01203)
+ "%s: Unlock failed for adding worker",
+ bsel->s->name);
+ }
++ } else {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10164)
++ "%s: failed to add worker %s",
++ bsel->s->name, val);
++ return HTTP_BAD_REQUEST;
+ }
+
+ }
+--- httpd-2.4.6/modules/proxy/mod_proxy_ftp.c.r1872790
++++ httpd-2.4.6/modules/proxy/mod_proxy_ftp.c
+@@ -972,7 +972,7 @@
+ conn_rec *origin, *data = NULL;
+ apr_status_t err = APR_SUCCESS;
+ apr_status_t uerr = APR_SUCCESS;
+- apr_bucket_brigade *bb = apr_brigade_create(p, c->bucket_alloc);
++ apr_bucket_brigade *bb;
+ char *buf, *connectname;
+ apr_port_t connectport;
+ char buffer[MAX_STRING_LEN];
+@@ -1112,13 +1112,15 @@
+
+ if (worker->s->is_address_reusable) {
+ if (!worker->cp->addr) {
++#if APR_HAS_THREADS
+ if ((err = PROXY_THREAD_LOCK(worker->balancer)) != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, err, r, APLOGNO(01037) "lock");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
++#endif
+ }
+- connect_addr = worker->cp->addr;
+- address_pool = worker->cp->pool;
++ connect_addr = AP_VOLATILIZE_T(apr_sockaddr_t *, worker->cp->addr);
++ address_pool = worker->cp->dns_pool;
+ }
+ else
+ address_pool = r->pool;
+@@ -1206,6 +1208,7 @@
+ * correct directory...
+ */
+
++ bb = apr_brigade_create(p, c->bucket_alloc);
+
+ /* possible results: */
+ /* 120 Service ready in nnn minutes. */
+--- httpd-2.4.6/modules/proxy/mod_proxy.h.r1872790
++++ httpd-2.4.6/modules/proxy/mod_proxy.h
+@@ -260,12 +260,15 @@
+
+ /* Connection pool */
+ struct proxy_conn_pool {
+- apr_pool_t *pool; /* The pool used in constructor and destructor calls */
+- apr_sockaddr_t *addr; /* Preparsed remote address info */
+- apr_reslist_t *res; /* Connection resource list */
+- proxy_conn_rec *conn; /* Single connection for prefork mpm */
++ apr_pool_t *pool; /* The pool used in constructor and destructor calls */
++ apr_sockaddr_t *addr; /* Preparsed remote address info */
++ apr_reslist_t *res; /* Connection resource list */
++ proxy_conn_rec *conn; /* Single connection for prefork mpm */
++ apr_pool_t *dns_pool; /* The pool used for worker scoped DNS resolutions */
+ };
+
++#define AP_VOLATILIZE_T(T, x) (*(T volatile *)&(x))
++
+ /* Keep below in sync with proxy_util.c! */
+ /* worker status bits */
+ #define PROXY_WORKER_INITIALIZED 0x0001
+--- httpd-2.4.6/modules/proxy/proxy_util.c.r1872790
++++ httpd-2.4.6/modules/proxy/proxy_util.c
+@@ -1318,16 +1324,14 @@
+
+ static apr_status_t conn_pool_cleanup(void *theworker)
+ {
+- proxy_worker *worker = (proxy_worker *)theworker;
+- if (worker->cp->res) {
+- worker->cp->pool = NULL;
+- }
++ ((proxy_worker *)theworker)->cp = NULL;
+ return APR_SUCCESS;
+ }
+
+ static void init_conn_pool(apr_pool_t *p, proxy_worker *worker)
+ {
+ apr_pool_t *pool;
++ apr_pool_t *dns_pool;
+ proxy_conn_pool *cp;
+
+ /*
+@@ -1339,11 +1343,20 @@
+ apr_pool_create(&pool, p);
+ apr_pool_tag(pool, "proxy_worker_cp");
+ /*
++ * Create a subpool of the connection pool for worker
++ * scoped DNS resolutions. This is needed to avoid race
++ * conditions in using the connection pool by multiple
++ * threads during ramp up.
++ */
++ apr_pool_create(&dns_pool, pool);
++ apr_pool_tag(dns_pool, "proxy_worker_dns");
++ /*
+ * Alloc from the same pool as worker.
+ * proxy_conn_pool is permanently attached to the worker.
+ */
+ cp = (proxy_conn_pool *)apr_pcalloc(p, sizeof(proxy_conn_pool));
+ cp->pool = pool;
++ cp->dns_pool = dns_pool;
+ worker->cp = cp;
+ }
+
+@@ -1359,14 +1372,6 @@
+ proxy_conn_rec *conn = (proxy_conn_rec *)theconn;
+ proxy_worker *worker = conn->worker;
+
+- /*
+- * If the connection pool is NULL the worker
+- * cleanup has been run. Just return.
+- */
+- if (!worker->cp) {
+- return APR_SUCCESS;
+- }
+-
+ if (conn->r) {
+ apr_pool_destroy(conn->r->pool);
+ conn->r = NULL;
+@@ -1487,10 +1492,11 @@
+ static apr_status_t connection_destructor(void *resource, void *params,
+ apr_pool_t *pool)
+ {
+- proxy_conn_rec *conn = (proxy_conn_rec *)resource;
++ proxy_worker *worker = params;
+
+ /* Destroy the pool only if not called from reslist_destroy */
+- if (conn->worker->cp->pool) {
++ if (worker->cp) {
++ proxy_conn_rec *conn = resource;
+ apr_pool_destroy(conn->pool);
+ }
+
+@@ -1880,67 +1886,73 @@
+ ap_proxy_worker_name(p, worker));
+ }
+ else {
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00927)
+- "initializing worker %s local",
+- ap_proxy_worker_name(p, worker));
+ apr_global_mutex_lock(proxy_mutex);
+- /* Now init local worker data */
+- if (worker->tmutex == NULL) {
+- rv = apr_thread_mutex_create(&(worker->tmutex), APR_THREAD_MUTEX_DEFAULT, p);
+- if (rv != APR_SUCCESS) {
+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00928)
+- "can not create worker thread mutex");
+- apr_global_mutex_unlock(proxy_mutex);
+- return rv;
++ /* Check again after we got the lock if we are still uninitialized */
++ if (!(AP_VOLATILIZE_T(unsigned int, worker->local_status) & PROXY_WORKER_INITIALIZED)) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00927)
++ "initializing worker %s local",
++ ap_proxy_worker_name(p, worker));
++ /* Now init local worker data */
++#if APR_HAS_THREADS
++ if (worker->tmutex == NULL) {
++ rv = apr_thread_mutex_create(&(worker->tmutex), APR_THREAD_MUTEX_DEFAULT, p);
++ if (rv != APR_SUCCESS) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00928)
++ "can not create worker thread mutex");
++ apr_global_mutex_unlock(proxy_mutex);
++ return rv;
++ }
+ }
+- }
+- if (worker->cp == NULL)
+- init_conn_pool(p, worker);
+- if (worker->cp == NULL) {
+- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00929)
+- "can not create connection pool");
+- apr_global_mutex_unlock(proxy_mutex);
+- return APR_EGENERAL;
+- }
+-
+- if (worker->s->hmax) {
+- rv = apr_reslist_create(&(worker->cp->res),
+- worker->s->min, worker->s->smax,
+- worker->s->hmax, worker->s->ttl,
+- connection_constructor, connection_destructor,
+- worker, worker->cp->pool);
+-
+- apr_pool_cleanup_register(worker->cp->pool, (void *)worker,
+- conn_pool_cleanup,
+- apr_pool_cleanup_null);
+-
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00930)
+- "initialized pool in child %" APR_PID_T_FMT " for (%s) min=%d max=%d smax=%d",
+- getpid(), worker->s->hostname, worker->s->min,
+- worker->s->hmax, worker->s->smax);
+-
+- /* Set the acquire timeout */
+- if (rv == APR_SUCCESS && worker->s->acquire_set) {
+- apr_reslist_timeout_set(worker->cp->res, worker->s->acquire);
++#endif
++ if (worker->cp == NULL)
++ init_conn_pool(p, worker);
++ if (worker->cp == NULL) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00929)
++ "can not create connection pool");
++ apr_global_mutex_unlock(proxy_mutex);
++ return APR_EGENERAL;
+ }
+
+- }
+- else {
+- void *conn;
++ if (worker->s->hmax) {
++ rv = apr_reslist_create(&(worker->cp->res),
++ worker->s->min, worker->s->smax,
++ worker->s->hmax, worker->s->ttl,
++ connection_constructor, connection_destructor,
++ worker, worker->cp->pool);
++
++ apr_pool_pre_cleanup_register(worker->cp->pool, worker,
++ conn_pool_cleanup);
++
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00930)
++ "initialized pool in child %" APR_PID_T_FMT " for (%s) min=%d max=%d smax=%d",
++ getpid(), worker->s->hostname, worker->s->min,
++ worker->s->hmax, worker->s->smax);
++
++ /* Set the acquire timeout */
++ if (rv == APR_SUCCESS && worker->s->acquire_set) {
++ apr_reslist_timeout_set(worker->cp->res, worker->s->acquire);
++ }
+
+- rv = connection_constructor(&conn, worker, worker->cp->pool);
+- worker->cp->conn = conn;
++ }
++ else {
++ void *conn;
++
++ rv = connection_constructor(&conn, worker, worker->cp->pool);
++ worker->cp->conn = conn;
+
+- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00931)
+- "initialized single connection worker in child %" APR_PID_T_FMT " for (%s)",
+- getpid(), worker->s->hostname);
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, s, APLOGNO(00931)
++ "initialized single connection worker in child %" APR_PID_T_FMT " for (%s)",
++ getpid(), worker->s->hostname);
++ }
++ if (rv == APR_SUCCESS) {
++ worker->local_status |= (PROXY_WORKER_INITIALIZED);
++ }
+ }
+ apr_global_mutex_unlock(proxy_mutex);
+
+ }
+ if (rv == APR_SUCCESS) {
+ worker->s->status |= (PROXY_WORKER_INITIALIZED);
+- worker->local_status |= (PROXY_WORKER_INITIALIZED);
+ }
+ return rv;
+ }
+@@ -2183,13 +2195,13 @@
+ else {
+ /* create the new connection if the previous was destroyed */
+ if (!worker->cp->conn) {
+- connection_constructor((void **)conn, worker, worker->cp->pool);
++ rv = connection_constructor((void **)conn, worker, worker->cp->pool);
+ }
+ else {
+ *conn = worker->cp->conn;
+ worker->cp->conn = NULL;
++ rv = APR_SUCCESS;
+ }
+- rv = APR_SUCCESS;
+ }
+
+ if (rv != APR_SUCCESS) {
+@@ -2374,15 +2386,25 @@
+ }
+
+ /*
+- * Worker can have the single constant backend adress.
+- * The single DNS lookup is used once per worker.
+- * If dynamic change is needed then set the addr to NULL
+- * inside dynamic config to force the lookup.
++ * Recheck addr after we got the lock. This may have changed
++ * while waiting for the lock.
+ */
+- err = apr_sockaddr_info_get(&(worker->cp->addr),
+- conn->hostname, APR_UNSPEC,
+- conn->port, 0,
+- worker->cp->pool);
++ if (!AP_VOLATILIZE_T(apr_sockaddr_t *, worker->cp->addr)) {
++
++ apr_sockaddr_t *addr;
++
++ /*
++ * Worker can have the single constant backend address.
++ * The single DNS lookup is used once per worker.
++ * If dynamic change is needed then set the addr to NULL
++ * inside dynamic config to force the lookup.
++ */
++ err = apr_sockaddr_info_get(&addr,
++ conn->hostname, APR_UNSPEC,
++ conn->port, 0,
++ worker->cp->dns_pool);
++ worker->cp->addr = addr;
++ }
+ conn->addr = worker->cp->addr;
+ if ((uerr = PROXY_THREAD_UNLOCK(worker)) != APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, uerr, r, APLOGNO(00946) "unlock");
diff --git a/SOURCES/httpd-2.4.6-r1879224.patch b/SOURCES/httpd-2.4.6-r1879224.patch
new file mode 100644
index 0000000..85b6744
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1879224.patch
@@ -0,0 +1,13 @@
+diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
+index 0e4017c..d6903f7 100644
+--- a/modules/ssl/ssl_engine_kernel.c
++++ b/modules/ssl/ssl_engine_kernel.c
+@@ -1511,7 +1511,7 @@ static void modssl_proxy_info_log(conn_rec *c,
+ *cert = info->x509; \
+ CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
+ *pkey = info->x_pkey->dec_pkey; \
+- CRYPTO_add(&(*pkey)->references, +1, CRYPTO_LOCK_X509_PKEY)
++ CRYPTO_add(&(*pkey)->references, +1, CRYPTO_LOCK_EVP_PKEY)
+
+ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
+ {
diff --git a/SOURCES/httpd-2.4.6-r1881459.patch b/SOURCES/httpd-2.4.6-r1881459.patch
new file mode 100644
index 0000000..c8222c0
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1881459.patch
@@ -0,0 +1,36 @@
+diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c
+index 7808262..38e43d3 100644
+--- a/modules/generators/mod_cgi.c
++++ b/modules/generators/mod_cgi.c
+@@ -946,6 +946,13 @@ static int cgi_handler(request_rec *r)
+ if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,
+ APLOG_MODULE_INDEX)))
+ {
++ /* In the case of a timeout reading script output, clear
++ * the brigade to avoid a second attempt to read the
++ * output. */
++ if (ret == HTTP_GATEWAY_TIME_OUT) {
++ apr_brigade_cleanup(bb);
++ }
++
+ ret = log_script(r, conf, ret, dbuf, sbuf, bb, script_err);
+
+ /*
+diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c
+index 56d3524..b1e7dec 100644
+--- a/modules/generators/mod_cgid.c
++++ b/modules/generators/mod_cgid.c
+@@ -1554,6 +1554,13 @@ static int cgid_handler(request_rec *r)
+ if ((ret = ap_scan_script_header_err_brigade_ex(r, bb, sbuf,
+ APLOG_MODULE_INDEX)))
+ {
++ /* In the case of a timeout reading script output, clear
++ * the brigade to avoid a second attempt to read the
++ * output. */
++ if (ret == HTTP_GATEWAY_TIME_OUT) {
++ apr_brigade_cleanup(bb);
++ }
++
+ ret = log_script(r, conf, ret, dbuf, sbuf, bb, NULL);
+
+ /*
diff --git a/SOURCES/welcome.conf b/SOURCES/welcome.conf
index c1b6c11..5d1e452 100644
--- a/SOURCES/welcome.conf
+++ b/SOURCES/welcome.conf
@@ -16,7 +16,3 @@
</Directory>
Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec
index 13a8054..a4b27a4 100644
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@@ -4,7 +4,7 @@
%define mmn 20120211
%define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
%define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
-%define vstring CentOS
+%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
# Drop automatic provides for module DSOs
%{?filter_setup:
@@ -15,10 +15,10 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.4.6
-Release: 95%{?dist}
+Release: 97%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex.tar.gz
+Source1: index.html
Source2: httpd.logrotate
Source3: httpd.sysconf
Source4: httpd-ssl-pass-dialog
@@ -201,6 +201,12 @@ Patch141: httpd-2.4.6-r1583175.patch
Patch142: httpd-2.4.6-r1862604.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1724879
Patch143: httpd-2.4.6-ssl-close-notify-client.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1852350
+Patch144: httpd-2.4.6-r1879224.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1785100
+Patch145: httpd-2.4.6-r1881459.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=1862499
+Patch146: httpd-2.4.6-r1872790.patch
# Security fixes
Patch200: httpd-2.4.6-CVE-2013-6438.patch
@@ -462,6 +468,9 @@ rm modules/ssl/ssl_engine_dh.c
%patch141 -p1 -b .r1583175
%patch142 -p1 -b .r1862604
%patch143 -p1 -b .ssl-close-notify-client
+%patch144 -p1 -b .r1879224
+%patch145 -p1 -b .r1881459
+%patch146 -p1 -b .r1872790
%patch200 -p1 -b .cve6438
%patch201 -p1 -b .cve0098
@@ -648,10 +657,8 @@ EOF
# Handle contentdir
mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
-tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
- -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
- --strip-components=1
-
+install -m 644 -p $RPM_SOURCE_DIR/index.html \
+ $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
rm -rf %{contentdir}/htdocs
# remove manual sources
@@ -674,7 +681,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
$RPM_BUILD_ROOT%{docroot}/cgi-bin/*
# Symlink for the powered-by-$DISTRO image:
-ln -s ../noindex/images/poweredby.png \
+ln -s ../../pixmaps/poweredby.png \
$RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
# symlinks for /etc/httpd
@@ -860,7 +867,7 @@ rm -rf $RPM_BUILD_ROOT
%{contentdir}/error/README
%{contentdir}/error/*.var
%{contentdir}/error/include/*.html
-%{contentdir}/noindex/*
+%{contentdir}/noindex/index.html
%dir %{docroot}
%dir %{docroot}/cgi-bin
@@ -926,11 +933,12 @@ rm -rf $RPM_BUILD_ROOT
%{_sysconfdir}/rpm/macros.httpd
%changelog
-* Tue Sep 29 2020 CentOS Sources <bugs@centos.org> - 2.4.6-95.el7.centos
-- Remove index.html, add centos-noindex.tar.gz
-- change vstring
-- change symlink for poweredby.png
-- update welcome.conf with proper aliases
+* Wed Oct 07 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-97
+- Resolves: #1852350 - httpd/mod_proxy_http/mod_ssl aborted when sending
+ a client cert to backend server
+- Resolves: #1785100 - mod_cgid takes CGIDScriptTimeout x 2 seconds for timeout
+- Resolves: #1862499 - Intermittent Segfault in Apache httpd due to pool
+ concurrency issues
* Fri Apr 17 2020 Lubos Uhliarik <luhliari@redhat.com> - 2.4.6-95
- Resolves: #1823262 - CVE-2020-1934 httpd: mod_proxy_ftp use of uninitialized