diff --git a/.gitignore b/.gitignore
index 260a2d6..9969f1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
 SOURCES/httpd-2.4.6.tar.bz2
-SOURCES/centos-noindex.tar.gz
diff --git a/.httpd.metadata b/.httpd.metadata
index 17ede1b..d335a99 100644
--- a/.httpd.metadata
+++ b/.httpd.metadata
@@ -1,2 +1 @@
 16d8ec72535ded65d035122b0d944b0e64eaa2a2 SOURCES/httpd-2.4.6.tar.bz2
-6ce5ab3c765b9efeceb2e636e32373bc6e6ed489 SOURCES/centos-noindex.tar.gz
diff --git a/SOURCES/httpd-2.4.6-CVE-2016-5387.patch b/SOURCES/httpd-2.4.6-CVE-2016-5387.patch
new file mode 100644
index 0000000..9f22044
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2016-5387.patch
@@ -0,0 +1,16 @@
+
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5387
+
+--- httpd-2.4.6/server/util_script.c.cve5387
++++ httpd-2.4.6/server/util_script.c
+@@ -190,6 +190,10 @@
+             continue;
+         }
+ #endif
++        else if (!strcasecmp(hdrs[i].key, "Proxy")) {
++            /* Don't pass through HTTP_PROXY */
++            continue;
++        }
+         else
+             add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
+     }
diff --git a/SOURCES/httpd-2.4.6-r1560093.patch b/SOURCES/httpd-2.4.6-r1560093.patch
new file mode 100644
index 0000000..664699a
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1560093.patch
@@ -0,0 +1,16 @@
+# ./pullrev.sh 1560093
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1331341
+
+http://svn.apache.org/viewvc?view=revision&revision=1560093
+
+--- httpd-2.4.6/modules/cache/mod_cache.c
++++ httpd-2.4.6/modules/cache/mod_cache.c
+@@ -1130,7 +1130,6 @@
+                         "Content-Range")))
+                 || ((reason = cache_header_cmp(r->pool, left, right,
+                         "Content-Type")))
+-                || ((reason = cache_header_cmp(r->pool, left, right, "Expires")))
+                 || ((reason = cache_header_cmp(r->pool, left, right, "ETag")))
+                 || ((reason = cache_header_cmp(r->pool, left, right,
+                         "Last-Modified")))) {
diff --git a/SOURCES/httpd-2.4.6-r1748212.patch b/SOURCES/httpd-2.4.6-r1748212.patch
new file mode 100644
index 0000000..69ff27f
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-r1748212.patch
@@ -0,0 +1,70 @@
+# ./pullrev.sh 1748212
+http://svn.apache.org/viewvc?view=revision&revision=1748212
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1343582
+
+diff -uap httpd-2.4.6/include/httpd.h.r1748212 httpd-2.4.6/include/httpd.h
+--- httpd-2.4.6/include/httpd.h.r1748212
++++ httpd-2.4.6/include/httpd.h
+@@ -477,7 +477,7 @@ AP_DECLARE(const char *) ap_get_server_b
+  * When adding a new code here add it to status_lines as well.
+  * A future version should dynamically generate the apr_table_t at startup.
+  */
+-#define RESPONSE_CODES 83
++#define RESPONSE_CODES 103
+ 
+ #define HTTP_CONTINUE                        100
+ #define HTTP_SWITCHING_PROTOCOLS             101
+@@ -525,6 +525,7 @@ AP_DECLARE(const char *) ap_get_server_b
+ #define HTTP_PRECONDITION_REQUIRED           428
+ #define HTTP_TOO_MANY_REQUESTS               429
+ #define HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE 431
++#define HTTP_UNAVAILABLE_FOR_LEGAL_REASONS   451
+ #define HTTP_INTERNAL_SERVER_ERROR           500
+ #define HTTP_NOT_IMPLEMENTED                 501
+ #define HTTP_BAD_GATEWAY                     502
+diff -uap httpd-2.4.6/modules/http/http_protocol.c.r1748212 httpd-2.4.6/modules/http/http_protocol.c
+--- httpd-2.4.6/modules/http/http_protocol.c.r1748212
++++ httpd-2.4.6/modules/http/http_protocol.c
+@@ -146,7 +146,27 @@ static const char * const status_lines[R
+     "429 Too Many Requests",
+     NULL, /* 430 */
+     "431 Request Header Fields Too Large",
+-#define LEVEL_500 71
++    NULL, /* 432 */
++    NULL, /* 433 */
++    NULL, /* 434 */
++    NULL, /* 435 */
++    NULL, /* 436 */
++    NULL, /* 437 */
++    NULL, /* 438 */
++    NULL, /* 439 */
++    NULL, /* 440 */
++    NULL, /* 441 */
++    NULL, /* 442 */
++    NULL, /* 443 */
++    NULL, /* 444 */
++    NULL, /* 445 */
++    NULL, /* 446 */
++    NULL, /* 447 */
++    NULL, /* 448 */
++    NULL, /* 449 */
++    NULL, /* 450 */
++    "451 Unavailable For Legal Reasons",
++#define LEVEL_500 91
+     "500 Internal Server Error",
+     "501 Not Implemented",
+     "502 Bad Gateway",
+@@ -1295,6 +1315,12 @@ static const char *get_canned_error_stri
+     case HTTP_NETWORK_AUTHENTICATION_REQUIRED:
+         return("<p>The client needs to authenticate to gain\n"
+                "network access.</p>\n");
++    case HTTP_UNAVAILABLE_FOR_LEGAL_REASONS:
++        s1 = apr_pstrcat(p,
++                         "<p>Access to ", ap_escape_html(r->pool, r->uri),
++                         "\nhas been denied for legal reasons.<br />\n",
++                         NULL);
++        return(add_optional_notes(r, s1, "error-notes", "</p>\n"));
+     default:                    /* HTTP_INTERNAL_SERVER_ERROR */
+         /*
+          * This comparison to expose error-notes could be modified to
diff --git a/SOURCES/welcome.conf b/SOURCES/welcome.conf
index c1b6c11..5d1e452 100644
--- a/SOURCES/welcome.conf
+++ b/SOURCES/welcome.conf
@@ -16,7 +16,3 @@
 </Directory>
 
 Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec
index 39ceacb..8c8a96e 100644
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@@ -4,7 +4,7 @@
 %define mmn 20120211
 %define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
-%define vstring CentOS
+%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
 
 # Drop automatic provides for module DSOs
 %{?filter_setup:
@@ -15,10 +15,10 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.6
-Release: 40%{?dist}.1
+Release: 40%{?dist}.4
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex.tar.gz
+Source1: index.html
 Source2: httpd.logrotate
 Source3: httpd.sysconf
 Source4: httpd-ssl-pass-dialog
@@ -110,6 +110,8 @@ Patch90: httpd-2.4.6-apachectl-status.patch
 Patch91: httpd-2.4.6-r1650655.patch
 Patch92: httpd-2.4.6-r1533448.patch
 Patch93: httpd-2.4.6-r1610013.patch
+Patch105: httpd-2.4.6-r1560093.patch
+Patch106: httpd-2.4.6-r1748212.patch
 # Security fixes
 Patch200: httpd-2.4.6-CVE-2013-6438.patch
 Patch201: httpd-2.4.6-CVE-2014-0098.patch
@@ -122,6 +124,7 @@ Patch207: httpd-2.4.6-CVE-2013-5704.patch
 Patch208: httpd-2.4.6-CVE-2014-3581.patch
 Patch209: httpd-2.4.6-CVE-2015-3185.patch
 Patch210: httpd-2.4.6-CVE-2015-3183.patch
+Patch211: httpd-2.4.6-CVE-2016-5387.patch
 License: ASL 2.0
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -294,6 +297,8 @@ rm modules/ssl/ssl_engine_dh.c
 %patch91 -p1 -b .r1650655
 %patch92 -p1 -b .r1533448
 %patch93 -p1 -b .r1610013
+%patch105 -p1 -b .r1560093
+%patch106 -p1 -b .r1748212
 
 %patch200 -p1 -b .cve6438
 %patch201 -p1 -b .cve0098
@@ -306,6 +311,7 @@ rm modules/ssl/ssl_engine_dh.c
 %patch208 -p1 -b .cve3581
 %patch209 -p1 -b .cve3185
 %patch210 -p1 -b .cve3183
+%patch211 -p1 -b .cve5387
 
 # Patch in the vendor string and the release string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -459,10 +465,8 @@ EOF
 
 # Handle contentdir
 mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
-tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
-        -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
-        --strip-components=1
-
+install -m 644 -p $RPM_SOURCE_DIR/index.html \
+        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
 rm -rf %{contentdir}/htdocs
 
 # remove manual sources
@@ -485,7 +489,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
       $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
 
 # Symlink for the powered-by-$DISTRO image:
-ln -s ../noindex/images/poweredby.png \
+ln -s ../../pixmaps/poweredby.png \
         $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
 
 # symlinks for /etc/httpd
@@ -671,7 +675,7 @@ rm -rf $RPM_BUILD_ROOT
 %{contentdir}/error/README
 %{contentdir}/error/*.var
 %{contentdir}/error/include/*.html
-%{contentdir}/noindex/*
+%{contentdir}/noindex/index.html
 
 %dir %{docroot}
 %dir %{docroot}/cgi-bin
@@ -737,11 +741,14 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
-* Thu May 12 2016 CentOS Sources <bugs@centos.org> - 2.4.6-40.el7.centos.1
-- Remove index.html, add centos-noindex.tar.gz
-- change vstring
-- change symlink for poweredby.png
-- update welcome.conf with proper aliases
+* Tue Jul 12 2016 Joe Orton <jorton@redhat.com> - 2.4.6-40.4
+- add security fix for CVE-2016-5387
+
+* Thu Jul  7 2016 Joe Orton <jorton@redhat.com> - 2.4.6-40.3
+- add 451 (Unavailable For Legal Reasons) response status-code (#1353269)
+
+* Fri Jun 17 2016 Joe Orton <jorton@redhat.com> - 2.4.6-40.2
+- mod_cache: treat cache as valid with changed Expires in 304 (#1347648)
 
 * Mon Mar 21 2016 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-40.1
 - fix apache user creation when apache group already exists (#1319001)