diff --git a/.gitignore b/.gitignore
index 260a2d6..9969f1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
 SOURCES/httpd-2.4.6.tar.bz2
-SOURCES/centos-noindex.tar.gz
diff --git a/.httpd.metadata b/.httpd.metadata
index 17ede1b..d335a99 100644
--- a/.httpd.metadata
+++ b/.httpd.metadata
@@ -1,2 +1 @@
 16d8ec72535ded65d035122b0d944b0e64eaa2a2 SOURCES/httpd-2.4.6.tar.bz2
-6ce5ab3c765b9efeceb2e636e32373bc6e6ed489 SOURCES/centos-noindex.tar.gz
diff --git a/SOURCES/httpd-2.4.6-ab-ssl-error.patch b/SOURCES/httpd-2.4.6-ab-ssl-error.patch
new file mode 100644
index 0000000..8f169f7
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-ab-ssl-error.patch
@@ -0,0 +1,27 @@
+diff --git a/support/ab.c b/support/ab.c
+index bf76406..80c1b74 100644
+--- a/support/ab.c
++++ b/support/ab.c
+@@ -1346,11 +1346,21 @@ static void read_connection(struct connection * c)
+                      && good == 0) {
+                 return;
+             }
++            else if (scode == SSL_ERROR_SYSCALL
++                     && status == 0
++                     && c->read != 0) {
++                /* connection closed, but in violation of the protocol, after
++                 * some data has already been read; this commonly happens, so
++                 * let the length check catch any response errors
++                 */
++                good++;
++                close_connection(c);
++            }
+             else if (scode != SSL_ERROR_WANT_WRITE
+                      && scode != SSL_ERROR_WANT_READ) {
+                 /* some fatal error: */
+                 c->read = 0;
+-                BIO_printf(bio_err, "SSL read failed (%d) - closing connection\n", scode);
++                BIO_printf(bio_err, "SSL read failed (%d) - closing connection\n", scode);
+                 ERR_print_errors(bio_err);
+                 close_connection(c);
+             }
diff --git a/SOURCES/httpd-2.4.6-dhparams-free.patch b/SOURCES/httpd-2.4.6-dhparams-free.patch
new file mode 100644
index 0000000..2319ff8
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-dhparams-free.patch
@@ -0,0 +1,31 @@
+diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
+index ee46db4..c560422 100644
+--- a/modules/ssl/ssl_engine_init.c
++++ b/modules/ssl/ssl_engine_init.c
+@@ -915,7 +915,7 @@ static void ssl_init_server_certs(server_rec *s,
+     const char *rsa_id, *dsa_id;
+ #ifndef OPENSSL_NO_EC
+     const char *ecc_id;
+-    EC_GROUP *ecparams;
++    EC_GROUP *ecparams = NULL;
+     int nid;
+     EC_KEY *eckey = NULL;
+ #endif
+@@ -988,6 +988,7 @@ static void ssl_init_server_certs(server_rec *s,
+                      "Custom DH parameters (%d bits) for %s loaded from %s",
+                      BN_num_bits(dhparams->p), vhost_id,
+                      mctx->pks->cert_files[0]);
++        DH_free(dhparams);
+     }
+ 
+ #ifndef OPENSSL_NO_EC
+@@ -1012,6 +1013,9 @@ static void ssl_init_server_certs(server_rec *s,
+         SSL_CTX_set_tmp_ecdh(mctx->ssl_ctx, eckey);
+ #endif
+     }
++    if (ecparams) {
++        EC_GROUP_free(ecparams);
++    }
+     EC_KEY_free(eckey);
+ #endif
+ }
diff --git a/SOURCES/httpd-2.4.6-r1610396.patch b/SOURCES/httpd-2.4.6-r1610396.patch
new file mode 100644
index 0000000..39edd6b
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1610396.patch
@@ -0,0 +1,189 @@
+Index: modules/ldap/util_ldap.c
+===================================================================
+--- a/modules/ldap/util_ldap.c	(revision 1610395)
++++ b/modules/ldap/util_ldap.c	(revision 1610396)
+@@ -157,10 +157,12 @@
+       */
+      if (!ldc->keep) {
+          uldap_connection_unbind(ldc);
++         ldc->r = NULL;
+      }
+      else {
+          /* mark our connection as available for reuse */
+          ldc->freed = apr_time_now();
++         ldc->r = NULL;
+ #if APR_HAS_THREADS
+          apr_thread_mutex_unlock(ldc->lock);
+ #endif
+@@ -179,6 +181,9 @@
+ 
+     if (ldc) {
+         if (ldc->ldap) {
++            if (ldc->r) { 
++                ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp unbind", ldc); 
++            }
+             ldap_unbind_s(ldc->ldap);
+             ldc->ldap = NULL;
+         }
+@@ -319,6 +324,8 @@
+         return(result->rc);
+     }
+ 
++    ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, "LDC %pp init", ldc);
++
+     if (ldc->ChaseReferrals == AP_LDAP_CHASEREFERRALS_ON) {
+         /* Now that we have an ldap struct, add it to the referral list for rebinds. */
+         rc = apr_ldap_rebind_add(ldc->rebind_pool, ldc->ldap, ldc->binddn, ldc->bindpw);
+@@ -516,6 +523,10 @@
+         ldc->reason = "LDAP: ldap_simple_bind() parse result failed";
+         return uldap_ld_errno(ldc);
+     }
++    else { 
++        ldc->last_backend_conn = ldc->r->request_time;
++        ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, ldc->r, "LDC %pp bind", ldc);
++    }
+     return rc;
+ }
+ 
+@@ -540,7 +551,7 @@
+ 
+     /* If the connection is already bound, return
+     */
+-    if (ldc->bound)
++    if (ldc->bound && !ldc->must_rebind)
+     {
+         ldc->reason = "LDAP: connection open successful (already bound)";
+         return LDAP_SUCCESS;
+@@ -621,6 +632,7 @@
+     }
+     else {
+         ldc->bound = 1;
++        ldc->must_rebind = 0;
+         ldc->reason = "LDAP: connection open successful";
+     }
+ 
+@@ -718,13 +730,17 @@
+             && !compare_client_certs(dc->client_certs, l->client_certs))
+         {
+             if (st->connection_pool_ttl > 0) {
+-                if (l->bound && (now - l->freed) > st->connection_pool_ttl) {
++                if (l->bound && (now - l->last_backend_conn) > st->connection_pool_ttl) {
+                     ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
+                                   "Removing LDAP connection last used %" APR_TIME_T_FMT " seconds ago",
+-                                  (now - l->freed) / APR_USEC_PER_SEC);
++                                  (now - l->last_backend_conn) / APR_USEC_PER_SEC);
++                    l->r = r;
+                     uldap_connection_unbind(l);
+                     /* Go ahead (by falling through) and use it, so we don't create more just to unbind some other old ones */
+                 }
++                ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, 
++                              "Reuse %s LDC %pp", 
++                              l->bound ? "bound" : "unbound", l);
+             }
+             break;
+         }
+@@ -751,12 +767,25 @@
+                 (l->deref == deref) && (l->secure == secureflag) &&
+                 !compare_client_certs(dc->client_certs, l->client_certs))
+             {
++                if (st->connection_pool_ttl > 0) {
++                    if (l->bound && (now - l->last_backend_conn) > st->connection_pool_ttl) {
++                        ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r,
++                                "Removing LDAP connection last used %" APR_TIME_T_FMT " seconds ago",
++                                (now - l->last_backend_conn) / APR_USEC_PER_SEC);
++                        l->r = r;
++                        uldap_connection_unbind(l);
++                        /* Go ahead (by falling through) and use it, so we don't create more just to unbind some other old ones */
++                    }
++                    ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, 
++                                  "Reuse %s LDC %pp (will rebind)", 
++                                   l->bound ? "bound" : "unbound", l);
++                }
++
+                 /* the bind credentials have changed */
+-                /* no check for connection_pool_ttl, since we are unbinding any way */
+-                uldap_connection_unbind(l);
+-
++                l->must_rebind = 1;
+                 util_ldap_strdup((char**)&(l->binddn), binddn);
+                 util_ldap_strdup((char**)&(l->bindpw), bindpw);
++
+                 break;
+             }
+ #if APR_HAS_THREADS
+@@ -846,6 +875,7 @@
+ #if APR_HAS_THREADS
+     apr_thread_mutex_unlock(st->mutex);
+ #endif
++    l->r = r;
+     return l;
+ }
+ 
+@@ -965,6 +995,7 @@
+         return result;
+     }
+ 
++    ldc->last_backend_conn = r->request_time;
+     entry = ldap_first_entry(ldc->ldap, res);
+     searchdn = ldap_get_dn(ldc->ldap, entry);
+ 
+@@ -1116,6 +1147,7 @@
+         goto start_over;
+     }
+ 
++    ldc->last_backend_conn = r->request_time;
+     ldc->reason = "Comparison complete";
+     if ((LDAP_COMPARE_TRUE == result) ||
+         (LDAP_COMPARE_FALSE == result) ||
+@@ -1241,6 +1273,7 @@
+         return res;
+     }
+ 
++    ldc->last_backend_conn = r->request_time;
+     entry = ldap_first_entry(ldc->ldap, sga_res);
+ 
+     /*
+@@ -1723,6 +1756,7 @@
+      * We should have found exactly one entry; to find a different
+      * number is an error.
+      */
++    ldc->last_backend_conn = r->request_time;
+     count = ldap_count_entries(ldc->ldap, res);
+     if (count != 1)
+     {
+@@ -1788,10 +1822,10 @@
+         /*
+          * We have just bound the connection to a different user and password
+          * combination, which might be reused unintentionally next time this
+-         * connection is used from the connection pool. To ensure no confusion,
+-         * we mark the connection as unbound.
++         * connection is used from the connection pool.
+          */
+-        ldc->bound = 0;
++        ldc->must_rebind = 0;
++        ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, "LDC %pp used for authn, must be rebound", ldc);
+     }
+ 
+     /*
+@@ -1983,6 +2017,7 @@
+      * We should have found exactly one entry; to find a different
+      * number is an error.
+      */
++    ldc->last_backend_conn = r->request_time;
+     count = ldap_count_entries(ldc->ldap, res);
+     if (count != 1)
+     {
+Index: include/util_ldap.h
+===================================================================
+--- a/include/util_ldap.h	(revision 1610395)
++++ b/include/util_ldap.h	(revision 1610396)
+@@ -133,6 +133,9 @@
+     int ReferralHopLimit;               /* # of referral hops to follow (default = AP_LDAP_DEFAULT_HOPLIMIT) */
+     apr_time_t freed;                   /* the time this conn was placed back in the pool */
+     apr_pool_t *rebind_pool;            /* frequently cleared pool for rebind data */
++    int must_rebind;                    /* The connection was last bound with other then binddn/bindpw */
++    request_rec *r;                     /* request_rec used to find this util_ldap_connection_t */
++    apr_time_t last_backend_conn;       /* the approximate time of the last backend LDAP requst */
+ } util_ldap_connection_t;
+ 
+ typedef struct util_ldap_config_t {
diff --git a/SOURCES/httpd-2.4.6-r1621601.patch b/SOURCES/httpd-2.4.6-r1621601.patch
new file mode 100644
index 0000000..4296804
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1621601.patch
@@ -0,0 +1,21 @@
+--- a/modules/proxy/mod_proxy_http.c	2014/08/31 16:06:36	1621600
++++ b/modules/proxy/mod_proxy_http.c	2014/08/31 16:07:45	1621601
+@@ -1652,6 +1652,18 @@
+             if (!r->header_only && /* not HEAD request */
+                 (proxy_status != HTTP_NO_CONTENT) && /* not 204 */
+                 (proxy_status != HTTP_NOT_MODIFIED)) { /* not 304 */
++                const char *tmp;
++                /* Add minimal headers needed to allow http_in filter
++                 * detecting end of body without waiting for a timeout. */
++                if ((tmp = apr_table_get(r->headers_out, "Transfer-Encoding"))) {
++                    apr_table_set(backend->r->headers_in, "Transfer-Encoding", tmp);
++                }
++                else if ((tmp = apr_table_get(r->headers_out, "Content-Length"))) {
++                    apr_table_set(backend->r->headers_in, "Content-Length", tmp);
++                }
++                else if (te) {
++                    apr_table_set(backend->r->headers_in, "Transfer-Encoding", te);
++                }
+                 ap_discard_request_body(backend->r);
+             }
+             return proxy_status;
diff --git a/SOURCES/httpd-2.4.6-r1650677.patch b/SOURCES/httpd-2.4.6-r1650677.patch
new file mode 100644
index 0000000..6599d98
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1650677.patch
@@ -0,0 +1,49 @@
+--- a/modules/proxy/mod_proxy_fcgi.c	2015/01/09 21:25:26	1650676
++++ b/modules/proxy/mod_proxy_fcgi.c	2015/01/09 21:33:12	1650677
+@@ -367,7 +367,7 @@
+                              request_rec *r, int request_id)
+ {
+     apr_bucket_brigade *ib, *ob;
+-    int seen_end_of_headers = 0, done = 0;
++    int seen_end_of_headers = 0, done = 0, ignore_body = 0;
+     apr_status_t rv = APR_SUCCESS;
+     int script_error_status = HTTP_OK;
+     conn_rec *c = r->connection;
+@@ -577,9 +577,16 @@
+                                 APR_BRIGADE_INSERT_TAIL(ob, tmp_b);
+                                 r->status = status;
+                                 ap_pass_brigade(r->output_filters, ob);
+-                                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01070)
+-                                              "Error parsing script headers");
+-                                rv = APR_EINVAL;
++                                if (status == HTTP_NOT_MODIFIED) {
++                                    /* The 304 response MUST NOT contain
++                                     * a message-body, ignore it. */
++                                    ignore_body = 1;
++                                }
++                                else {
++                                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01070)
++                                                    "Error parsing script headers");
++                                    rv = APR_EINVAL;
++                                }
+                                 break;
+                             }
+ 
+@@ -598,7 +605,7 @@
+                                 r->status = HTTP_OK;
+                             }
+ 
+-                            if (script_error_status == HTTP_OK) {
++                            if (script_error_status == HTTP_OK && !ignore_body) {
+                                 rv = ap_pass_brigade(r->output_filters, ob);
+                                 if (rv != APR_SUCCESS) {
+                                     break;
+@@ -626,7 +633,7 @@
+                          * but that could be a huge amount of data; so we pass
+                          * along smaller chunks
+                          */
+-                        if (script_error_status == HTTP_OK) {
++                        if (script_error_status == HTTP_OK && !ignore_body) {
+                             rv = ap_pass_brigade(r->output_filters, ob);
+                             if (rv != APR_SUCCESS) {
+                                 break;
diff --git a/SOURCES/httpd-2.4.6-r1651658.patch b/SOURCES/httpd-2.4.6-r1651658.patch
new file mode 100644
index 0000000..d0de5d5
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1651658.patch
@@ -0,0 +1,22 @@
+--- a/modules/proxy/mod_proxy_fcgi.c	2015/01/14 13:22:50	1651657
++++ b/modules/proxy/mod_proxy_fcgi.c	2015/01/14 13:24:10	1651658
+@@ -204,9 +204,19 @@
+     apr_status_t rv;
+     apr_size_t len;
+     int i, numenv;
++    char *proxyfilename = r->filename;
++
++    /* Strip balancer prefix */
++    if (r->filename && !strncmp(r->filename, "proxy:balancer://", 17)) { 
++        char *newfname = apr_pstrdup(r->pool, r->filename+17);
++        newfname = ap_strchr(newfname, '/');
++        r->filename  = newfname;
++    }
+ 
+     ap_add_common_vars(r);
+     ap_add_cgi_vars(r);
++ 
++    r->filename = proxyfilename;
+ 
+     /* XXX are there any FastCGI specific env vars we need to send? */
+ 
diff --git a/SOURCES/httpd-2.4.6-r1664565.patch b/SOURCES/httpd-2.4.6-r1664565.patch
new file mode 100644
index 0000000..65f9a99
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1664565.patch
@@ -0,0 +1,68 @@
+--- httpd/modules/mappers/mod_rewrite.c  2015/03/06 08:55:34 1664564
++++ httpd/modules/mappers/mod_rewrite.c 2015/03/06 09:14:07 1664565
+@@ -267,6 +267,8 @@
+     const char *dbdq;              /* SQL SELECT statement for rewritemap */
+     const char *checkfile2;        /* filename to check for map existence
+                                       NULL if only one file               */
++    const char *user;              /* run RewriteMap program as this user */
++    const char *group;             /* run RewriteMap program as this group */
+ } rewritemap_entry;
+ 
+ /* special pattern types for RewriteCond */
+@@ -1171,6 +1173,7 @@
+ 
+ static apr_status_t rewritemap_program_child(apr_pool_t *p,
+                                              const char *progname, char **argv,
++                                             const char *user, const char *group,
+                                              apr_file_t **fpout,
+                                              apr_file_t **fpin)
+ {
+@@ -1183,6 +1186,8 @@
+                                                   APR_FULL_BLOCK, APR_NO_PIPE))
+         && APR_SUCCESS == (rc=apr_procattr_dir_set(procattr,
+                                              ap_make_dirstr_parent(p, argv[0])))
++        && (!user || APR_SUCCESS == (rc=apr_procattr_user_set(procattr, user, "")))
++        && (!group || APR_SUCCESS == (rc=apr_procattr_group_set(procattr, group)))
+         && APR_SUCCESS == (rc=apr_procattr_cmdtype_set(procattr, APR_PROGRAM))
+         && APR_SUCCESS == (rc=apr_procattr_child_errfn_set(procattr,
+                                                            rewrite_child_errfn))
+@@ -1240,6 +1245,7 @@
+         }
+ 
+         rc = rewritemap_program_child(p, map->argv[0], map->argv,
++                                      map->user, map->group,
+                                       &fpout, &fpin);
+         if (rc != APR_SUCCESS || fpin == NULL || fpout == NULL) {
+             ap_log_error(APLOG_MARK, APLOG_ERR, rc, s, APLOGNO(00654)
+@@ -3018,7 +3024,7 @@
+ }
+ 
+ static const char *cmd_rewritemap(cmd_parms *cmd, void *dconf, const char *a1,
+-                                  const char *a2)
++                                  const char *a2, const char *a3)
+ {
+     rewrite_server_conf *sconf;
+     rewritemap_entry *newmap;
+@@ -3124,6 +3130,11 @@
+ 
+         newmap->type      = MAPTYPE_PRG;
+         newmap->checkfile = newmap->argv[0];
++        if (a3) {
++            char *tok_cntx;
++            newmap->user = apr_strtok(apr_pstrdup(cmd->pool, a3), ":", &tok_cntx);
++            newmap->group = apr_strtok(NULL, ":", &tok_cntx);
++        }
+     }
+     else if (strncasecmp(a2, "int:", 4) == 0) {
+         newmap->type      = MAPTYPE_INT;
+@@ -5205,8 +5216,8 @@
+                      "an input string and a to be applied regexp-pattern"),
+     AP_INIT_RAW_ARGS("RewriteRule",     cmd_rewriterule,     NULL, OR_FILEINFO,
+                      "an URL-applied regexp-pattern and a substitution URL"),
+-    AP_INIT_TAKE2(   "RewriteMap",      cmd_rewritemap,      NULL, RSRC_CONF,
+-                     "a mapname and a filename"),
++    AP_INIT_TAKE23(   "RewriteMap",      cmd_rewritemap,      NULL, RSRC_CONF,
++                     "a mapname and a filename and options"),
+     { NULL }
+ };
+ 
diff --git a/SOURCES/httpd-2.4.6-r1681107.patch b/SOURCES/httpd-2.4.6-r1681107.patch
new file mode 100644
index 0000000..9a02995
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1681107.patch
@@ -0,0 +1,84 @@
+Index: modules/aaa/mod_authz_dbd.c
+===================================================================
+--- a/modules/aaa/mod_authz_dbd.c	(revision 1681106)
++++ b/modules/aaa/mod_authz_dbd.c	(revision 1681107)
+@@ -174,7 +174,9 @@
+                           action, r->user, message?message:noerror);
+                 }
+                 else if (newuri == NULL) {
+-                    newuri = apr_dbd_get_entry(dbd->driver, row, 0);
++                    newuri =
++                        apr_pstrdup(r->pool,
++                                    apr_dbd_get_entry(dbd->driver, row, 0));
+                 }
+                 /* we can't break out here or row won't get cleaned up */
+             }
+@@ -204,7 +206,6 @@
+     apr_dbd_prepared_t *query;
+     apr_dbd_results_t *res = NULL;
+     apr_dbd_row_t *row = NULL;
+-    const char **group;
+ 
+     if (cfg->query == NULL) {
+         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01649)
+@@ -224,8 +225,9 @@
+              rv != -1;
+              rv = apr_dbd_get_row(dbd->driver, r->pool, res, &row, -1)) {
+             if (rv == 0) {
+-                group = apr_array_push(groups);
+-                *group = apr_dbd_get_entry(dbd->driver, row, 0);
++                APR_ARRAY_PUSH(groups, const char *) =
++                    apr_pstrdup(r->pool,
++                                apr_dbd_get_entry(dbd->driver, row, 0));
+             }
+             else {
+                 message = apr_dbd_error(dbd->driver, dbd->handle, rv);
+Index: modules/session/mod_session_dbd.c
+===================================================================
+--- a/modules/session/mod_session_dbd.c	(revision 1681106)
++++ b/modules/session/mod_session_dbd.c	(revision 1681107)
+@@ -138,7 +138,8 @@
+             return APR_EGENERAL;
+         }
+         if (*val == NULL) {
+-            *val = apr_dbd_get_entry(dbd->driver, row, 0);
++            *val = apr_pstrdup(r->pool,
++                               apr_dbd_get_entry(dbd->driver, row, 0));
+         }
+         /* we can't break out here or row won't get cleaned up */
+     }
+Index: modules/mappers/mod_rewrite.c
+===================================================================
+--- a/modules/mappers/mod_rewrite.c	(revision 1681106)
++++ b/modules/mappers/mod_rewrite.c	(revision 1681107)
+@@ -1352,12 +1352,14 @@
+     while ((rv = apr_dbd_get_row(db->driver, r->pool, res, &row, -1)) == 0) {
+         ++n;
+         if (ret == NULL) {
+-            ret = apr_dbd_get_entry(db->driver, row, 0);
++            ret = apr_pstrdup(r->pool,
++                              apr_dbd_get_entry(db->driver, row, 0));
+         }
+         else {
+             /* randomise crudely amongst multiple results */
+             if ((double)rand() < (double)RAND_MAX/(double)n) {
+-                ret = apr_dbd_get_entry(db->driver, row, 0);
++                ret = apr_pstrdup(r->pool,
++                                  apr_dbd_get_entry(db->driver, row, 0));
+             }
+         }
+     }
+@@ -1370,11 +1372,11 @@
+     case 0:
+         return NULL;
+     case 1:
+-        return apr_pstrdup(r->pool, ret);
++        return ret;
+     default:
+         /* what's a fair rewritelog level for this? */
+         rewritelog((r, 3, NULL, "Multiple values found for %s", key));
+-        return apr_pstrdup(r->pool, ret);
++        return ret;
+     }
+ }
+ 
diff --git a/SOURCES/httpd-2.4.6-r1684462.patch b/SOURCES/httpd-2.4.6-r1684462.patch
new file mode 100644
index 0000000..ff5fe4b
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1684462.patch
@@ -0,0 +1,34 @@
+--- a/modules/ssl/ssl_engine_kernel.c	2015/06/09 15:55:41	1684461
++++ b/modules/ssl/ssl_engine_kernel.c	2015/06/09 16:09:28	1684462
+@@ -1940,7 +1940,7 @@
+ #ifndef OPENSSL_NO_TLSEXT
+ /*
+  * This callback function is executed when OpenSSL encounters an extended
+- * client hello with a server name indication extension ("SNI", cf. RFC 4366).
++ * client hello with a server name indication extension ("SNI", cf. RFC 6066).
+  */
+ int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx)
+ {
+@@ -1962,7 +1962,21 @@
+                               "No matching SSL virtual host for servername "
+                               "%s found (using default/first virtual host)",
+                               servername);
+-                return SSL_TLSEXT_ERR_ALERT_WARNING;
++                /*
++                 * RFC 6066 section 3 says "It is NOT RECOMMENDED to send
++                 * a warning-level unrecognized_name(112) alert, because
++                 * the client's behavior in response to warning-level alerts
++                 * is unpredictable."
++                 *
++                 * To maintain backwards compatibility in mod_ssl, we
++                 * no longer send any alert (neither warning- nor fatal-level),
++                 * i.e. we take the second action suggested in RFC 6066:
++                 * "If the server understood the ClientHello extension but
++                 * does not recognize the server name, the server SHOULD take
++                 * one of two actions: either abort the handshake by sending
++                 * a fatal-level unrecognized_name(112) alert or continue
++                 * the handshake."
++                 */
+             }
+         }
+     }
diff --git a/SOURCES/httpd-2.4.6-r1705528.patch b/SOURCES/httpd-2.4.6-r1705528.patch
new file mode 100644
index 0000000..0be0309
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1705528.patch
@@ -0,0 +1,24 @@
+Index: modules/cache/cache_util.c
+===================================================================
+--- a/modules/cache/cache_util.c	(revision 1705527)
++++ b/modules/cache/cache_util.c	(revision 1705528)
+@@ -1254,7 +1254,6 @@
+     headers_out = apr_table_overlay(r->pool, r->headers_out,
+                                         r->err_headers_out);
+ 
+-    apr_table_clear(r->err_headers_out);
+
+     headers_out = ap_cache_cacheable_headers(r->pool, headers_out,
+                                                   r->server);
+Index: modules/cache/mod_cache.c
+===================================================================
+--- a/modules/cache/mod_cache.c	(revision 1705527)
++++ b/modules/cache/mod_cache.c	(revision 1705528)
+@@ -1452,6 +1452,7 @@
+          * headers that might have snuck in.
+          */
+         r->headers_out = ap_cache_cacheable_headers_out(r);
++        apr_table_clear(r->err_headers_out);
+ 
+         /* Merge in our cached headers.  However, keep any updated values. */
+         /* take output, overlay on top of cached */
diff --git a/SOURCES/httpd-2.4.6-r1723522.patch b/SOURCES/httpd-2.4.6-r1723522.patch
new file mode 100644
index 0000000..83db1c8
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1723522.patch
@@ -0,0 +1,13 @@
+diff --git a/docs/manual/mod/mod_log_debug.html.en b/docs/manual/mod/mod_log_debug.html.en
+index d3d4bd7..1ffd37f 100644
+--- a/docs/manual/mod/mod_log_debug.html.en
++++ b/docs/manual/mod/mod_log_debug.html.en
+@@ -61,7 +61,7 @@
+         Log message if request to /foo/* is processed in a sub-request:
+         <pre class="prettyprint lang-config">
+ &lt;Location /foo/&gt;
+-&nbsp;&nbsp;LogMessage "subrequest to /foo/" hook=type_checker expr=%{IS_SUBREQ}
++&nbsp;&nbsp;LogMessage "subrequest to /foo/" hook=type_checker "expr=-T %{IS_SUBREQ}"
+ &lt;/Location&gt;
+         </pre>
+ 
diff --git a/SOURCES/httpd-2.4.6-rotatelog-timezone.patch b/SOURCES/httpd-2.4.6-rotatelog-timezone.patch
new file mode 100644
index 0000000..2ef4f11
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-rotatelog-timezone.patch
@@ -0,0 +1,97 @@
+diff --git a/support/rotatelogs.c b/support/rotatelogs.c
+index d75d018..216bb12 100644
+--- a/support/rotatelogs.c
++++ b/support/rotatelogs.c
+@@ -178,14 +178,14 @@ static void usage(const char *argv0, const char *reason)
+     exit(1);
+ }
+ 
+-/*
+- * Get the unix time with timezone corrections
+- * given in the config struct.
+- */
+-static int get_now(rotate_config_t *config)
++/* This function returns the current Unix time (time_t) plus any
++ * configured or derived local time offset.  The offset applied is
++ * returned via *offset. */
++static int get_now(rotate_config_t *config, apr_int32_t *offset)
+ {
+     apr_time_t tNow = apr_time_now();
+-    int utc_offset = config->utc_offset;
++    int utc_offset;
++
+     if (config->use_localtime) {
+         /* Check for our UTC offset before using it, since it might
+          * change if there's a switch between standard and daylight
+@@ -195,6 +195,13 @@ static int get_now(rotate_config_t *config)
+         apr_time_exp_lt(&lt, tNow);
+         utc_offset = lt.tm_gmtoff;
+     }
++    else {
++        utc_offset = config->utc_offset;
++    }
++
++    if (offset)
++        *offset = utc_offset;
++
+     return (int)apr_time_sec(tNow) + utc_offset;
+ }
+ 
+@@ -258,13 +265,13 @@ static void checkRotate(rotate_config_t *config, rotate_status_t *status)
+             status->rotateReason = ROTATE_SIZE;
+         }
+         else if (config->tRotation) {
+-            if (get_now(config) >= status->tLogEnd) {
++            if (get_now(config, NULL) >= status->tLogEnd) {
+                 status->rotateReason = ROTATE_TIME;
+             }
+         }
+     }
+     else if (config->tRotation) {
+-        if (get_now(config) >= status->tLogEnd) {
++        if (get_now(config, NULL) >= status->tLogEnd) {
+             status->rotateReason = ROTATE_TIME;
+         }
+     }
+@@ -371,12 +378,16 @@ static void post_rotate(apr_pool_t *pool, struct logfile *newlog,
+ static void doRotate(rotate_config_t *config, rotate_status_t *status)
+ {
+ 
+-    int now = get_now(config);
++    apr_int32_t offset;
++    int now;
+     int tLogStart;
+     apr_status_t rv;
+     struct logfile newlog;
+     int thisLogNum = -1;
+ 
++    /* Retrieve local-time-adjusted-Unix-time. */
++    now = get_now(config, &offset);
++
+     status->rotateReason = ROTATE_NONE;
+ 
+     if (config->tRotation) {
+@@ -401,7 +412,13 @@ static void doRotate(rotate_config_t *config, rotate_status_t *status)
+         apr_time_exp_t e;
+         apr_size_t rs;
+ 
+-        apr_time_exp_gmt(&e, tNow);
++        /* Explode the local-time-adjusted-Unix-time into a struct tm,
++         * first *reversing* local-time-adjustment applied by
++         * get_now() if we are using localtime. */
++        if (config->use_localtime)
++            apr_time_exp_lt(&e, tNow - apr_time_from_sec(offset));
++        else
++            apr_time_exp_gmt(&e, tNow);
+         apr_strftime(newlog.name, &rs, sizeof(newlog.name), config->szLogRoot, &e);
+     }
+     else {
+@@ -648,7 +665,7 @@ int main (int argc, const char * const argv[])
+         nRead = sizeof(buf);
+ #if APR_FILES_AS_SOCKETS
+         if (config.create_empty && config.tRotation) {
+-            polltimeout = status.tLogEnd ? status.tLogEnd - get_now(&config) : config.tRotation;
++            polltimeout = status.tLogEnd ? status.tLogEnd - get_now(&config, NULL) : config.tRotation;
+             if (polltimeout <= 0) {
+                 pollret = APR_TIMEUP;
+             }
diff --git a/SOURCES/welcome.conf b/SOURCES/welcome.conf
index c1b6c11..5d1e452 100644
--- a/SOURCES/welcome.conf
+++ b/SOURCES/welcome.conf
@@ -16,7 +16,3 @@
 </Directory>
 
 Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec
index 248691b..e34b1c5 100644
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@@ -4,7 +4,7 @@
 %define mmn 20120211
 %define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
-%define vstring CentOS
+%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
 
 # Drop automatic provides for module DSOs
 %{?filter_setup:
@@ -15,10 +15,10 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.6
-Release: 40%{?dist}.4
+Release: 45%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex.tar.gz
+Source1: index.html
 Source2: httpd.logrotate
 Source3: httpd.sysconf
 Source4: httpd-ssl-pass-dialog
@@ -70,6 +70,7 @@ Patch35: httpd-2.4.6-pre_htaccess.patch
 Patch36: httpd-2.4.6-r1573626.patch
 Patch37: httpd-2.4.6-uds.patch
 Patch38: httpd-2.4.6-upn.patch
+Patch39: httpd-2.4.6-r1664565.patch
 # Bug fixes
 Patch51: httpd-2.4.3-sslsninotreq.patch
 Patch55: httpd-2.4.4-malformed-host.patch
@@ -110,6 +111,17 @@ Patch90: httpd-2.4.6-apachectl-status.patch
 Patch91: httpd-2.4.6-r1650655.patch
 Patch92: httpd-2.4.6-r1533448.patch
 Patch93: httpd-2.4.6-r1610013.patch
+Patch94: httpd-2.4.6-r1705528.patch
+Patch95: httpd-2.4.6-r1684462.patch
+Patch96: httpd-2.4.6-r1650677.patch
+Patch97: httpd-2.4.6-r1621601.patch
+Patch98: httpd-2.4.6-r1610396.patch
+Patch99: httpd-2.4.6-rotatelog-timezone.patch
+Patch100: httpd-2.4.6-ab-ssl-error.patch
+Patch101: httpd-2.4.6-r1723522.patch
+Patch102: httpd-2.4.6-r1681107.patch
+Patch103: httpd-2.4.6-dhparams-free.patch
+Patch104: httpd-2.4.6-r1651658.patch
 Patch105: httpd-2.4.6-r1560093.patch
 Patch106: httpd-2.4.6-r1748212.patch
 # Security fixes
@@ -257,6 +269,7 @@ rm modules/ssl/ssl_engine_dh.c
 %patch36 -p1 -b .r1573626
 %patch37 -p1 -b .uds
 %patch38 -p1 -b .upn
+%patch39 -p1 -b .r1664565
 
 %patch51 -p1 -b .sninotreq
 %patch55 -p1 -b .malformedhost
@@ -297,6 +310,17 @@ rm modules/ssl/ssl_engine_dh.c
 %patch91 -p1 -b .r1650655
 %patch92 -p1 -b .r1533448
 %patch93 -p1 -b .r1610013
+%patch94 -p1 -b .r1705528
+%patch95 -p1 -b .r1684462
+%patch96 -p1 -b .r1650677
+%patch97 -p1 -b .r1621601
+%patch98 -p1 -b .r1610396
+%patch99 -p1 -b .rotatelogtimezone
+%patch100 -p1 -b .absslerror
+%patch101 -p1 -b .r1723522
+%patch102 -p1 -b .r1681107
+%patch103 -p1 -b .dhparamsfree
+%patch104 -p1 -b .r1651658
 %patch105 -p1 -b .r1560093
 %patch106 -p1 -b .r1748212
 
@@ -465,10 +489,8 @@ EOF
 
 # Handle contentdir
 mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
-tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
-        -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
-        --strip-components=1
-
+install -m 644 -p $RPM_SOURCE_DIR/index.html \
+        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
 rm -rf %{contentdir}/htdocs
 
 # remove manual sources
@@ -491,7 +513,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
       $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
 
 # Symlink for the powered-by-$DISTRO image:
-ln -s ../noindex/images/poweredby.png \
+ln -s ../../pixmaps/poweredby.png \
         $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
 
 # symlinks for /etc/httpd
@@ -591,7 +613,7 @@ fi
 %{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > %{sslkey} 2> /dev/null
 
 FQDN=`hostname`
-if [ "x${FQDN}" = "x" ]; then
+if [ "x${FQDN}" = "x" -o ${#FQDN} -gt 59 ]; then
    FQDN=localhost.localdomain
 fi
 
@@ -677,7 +699,7 @@ rm -rf $RPM_BUILD_ROOT
 %{contentdir}/error/README
 %{contentdir}/error/*.var
 %{contentdir}/error/include/*.html
-%{contentdir}/noindex/*
+%{contentdir}/noindex/index.html
 
 %dir %{docroot}
 %dir %{docroot}/cgi-bin
@@ -743,23 +765,37 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
-* Mon Jul 18 2016 CentOS Sources <bugs@centos.org> - 2.4.6-40.el7.centos.4
-- Remove index.html, add centos-noindex.tar.gz
-- change vstring
-- change symlink for poweredby.png
-- update welcome.conf with proper aliases
+* Wed Aug 03 2016 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-45
+- RFE: run mod_rewrite external mapping program as non-root (#1316900)
 
-* Tue Jul 12 2016 Joe Orton <jorton@redhat.com> - 2.4.6-40.4
+* Tue Jul 12 2016 Joe Orton <jorton@redhat.com> - 2.4.6-44
 - add security fix for CVE-2016-5387
 
-* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.6-40.3
-- add 451 (Unavailable For Legal Reasons) response status-code (#1353269)
-
-* Fri Jun 17 2016 Joe Orton <jorton@redhat.com> - 2.4.6-40.2
-- mod_cache: treat cache as valid with changed Expires in 304 (#1347648)
-
-* Mon Mar 21 2016 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-40.1
-- fix apache user creation when apache group already exists (#1319001)
+* Tue Jul  5 2016 Joe Orton <jorton@redhat.com> - 2.4.6-43
+- add 451 (Unavailable For Legal Reasons) response status-code (#1343582)
+
+* Fri Jun 17 2016 Joe Orton <jorton@redhat.com> - 2.4.6-42
+- mod_cache: treat cache as valid with changed Expires in 304 (#1331341)
+
+* Wed Feb 24 2016 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-41
+- mod_cache: merge r->err_headers_out into r->headers when the response
+  is cached for the first time (#1264989)
+- mod_ssl: Do not send SSL warning when SNI hostname is not found as per
+  RFC 6066 (#1298148)
+- mod_proxy_fcgi: Ignore body data from backend for 304 responses (#1263038)
+- fix apache user creation when apache group already exists (#1299889)
+- fix apache user creation when USERGROUPS_ENAB is set to 'no' (#1288757)
+- mod_proxy: fix slow response time for reponses with error status code
+  when using ProxyErrorOverride (#1283653)
+- mod_ldap: Respect LDAPConnectionPoolTTL for authn connections (#1300149)
+- mod_ssl: use "localhost" in the dummy SSL cert for long FQDNs (#1240495)
+- rotatelogs: improve support for localtime (#1244545)
+- ab: fix read failure when targeting SSL server (#1255331)
+- mod_log_debug: fix LogMessage example in documentation (#1279465)
+- mod_authz_dbd, mod_authn_dbd, mod_session_dbd, mod_rewrite: Fix lifetime
+  of DB lookup entries independently of the selected DB engine (#1287844)
+- mod_ssl: fix hardware crypto support with custom DH parms (#1291865)
+- mod_proxy_fcgi: fix SCRIPT_FILENAME when a balancer is used (#1302797)
 
 * Thu Sep 17 2015 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-40
 - mod_dav: follow up fix for previous commit (#1263975)