diff --git a/.gitignore b/.gitignore
index 260a2d6..9969f1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
 SOURCES/httpd-2.4.6.tar.bz2
-SOURCES/centos-noindex.tar.gz
diff --git a/.httpd.metadata b/.httpd.metadata
index 51a60dd..d335a99 100644
--- a/.httpd.metadata
+++ b/.httpd.metadata
@@ -1,2 +1 @@
 16d8ec72535ded65d035122b0d944b0e64eaa2a2 SOURCES/httpd-2.4.6.tar.bz2
-acf5cccf4afaecf3afeb18c50ae59fd5c6504910  SOURCES/centos-noindex.tar.gz
diff --git a/SOURCES/httpd-2.4.6-CVE-2013-4352.patch b/SOURCES/httpd-2.4.6-CVE-2013-4352.patch
new file mode 100644
index 0000000..48a52f2
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2013-4352.patch
@@ -0,0 +1,25 @@
+--- a/modules/cache/cache_storage.c	2013/09/14 13:30:39	1523234
++++ b/modules/cache/cache_storage.c	2013/09/14 13:32:25	1523235
+@@ -713,7 +713,9 @@
+                 || APR_SUCCESS
+                         != cache_canonicalise_key(r, r->pool, location,
+                                 &location_uri, &location_key)
+-                || strcmp(r->parsed_uri.hostname, location_uri.hostname)) {
++                || !(r->parsed_uri.hostname && location_uri.hostname
++                        && !strcmp(r->parsed_uri.hostname,
++                                location_uri.hostname))) {
+             location_key = NULL;
+         }
+     }
+@@ -726,8 +728,9 @@
+                 || APR_SUCCESS
+                         != cache_canonicalise_key(r, r->pool, content_location,
+                                 &content_location_uri, &content_location_key)
+-                || strcmp(r->parsed_uri.hostname,
+-                        content_location_uri.hostname)) {
++                || !(r->parsed_uri.hostname && content_location_uri.hostname
++                        && !strcmp(r->parsed_uri.hostname,
++                                content_location_uri.hostname))) {
+             content_location_key = NULL;
+         }
+     }
diff --git a/SOURCES/httpd-2.4.6-CVE-2014-0117.patch b/SOURCES/httpd-2.4.6-CVE-2014-0117.patch
new file mode 100644
index 0000000..f548d99
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2014-0117.patch
@@ -0,0 +1,11 @@
+--- a/modules/proxy/proxy_util.c	2014/07/15 16:07:44	1610736
++++ b/modules/proxy/proxy_util.c	2014/07/15 16:11:04	1610737
+@@ -3132,7 +3132,7 @@
+     const char *name;
+ 
+     do {
+-        while (*val == ',') {
++        while (*val == ',' || *val == ';') {
+             val++;
+         }
+         name = ap_get_token(x->pool, &val, 0);
diff --git a/SOURCES/httpd-2.4.6-CVE-2014-0118.patch b/SOURCES/httpd-2.4.6-CVE-2014-0118.patch
new file mode 100644
index 0000000..e82b79f
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2014-0118.patch
@@ -0,0 +1,266 @@
+diff --git a/modules/filters/mod_deflate.c b/modules/filters/mod_deflate.c
+index 79f6f8d..6c415c8 100644
+--- a/modules/filters/mod_deflate.c
++++ b/modules/filters/mod_deflate.c
+@@ -37,6 +37,7 @@
+ #include "httpd.h"
+ #include "http_config.h"
+ #include "http_log.h"
++#include "http_core.h"
+ #include "apr_lib.h"
+ #include "apr_strings.h"
+ #include "apr_general.h"
+@@ -52,6 +53,9 @@
+ static const char deflateFilterName[] = "DEFLATE";
+ module AP_MODULE_DECLARE_DATA deflate_module;
+ 
++#define AP_INFLATE_RATIO_LIMIT 200
++#define AP_INFLATE_RATIO_BURST 3
++
+ typedef struct deflate_filter_config_t
+ {
+     int windowSize;
+@@ -63,6 +67,12 @@ typedef struct deflate_filter_config_t
+     char *note_output_name;
+ } deflate_filter_config;
+ 
++typedef struct deflate_dirconf_t {
++    apr_off_t inflate_limit;
++    int ratio_limit,
++        ratio_burst;
++} deflate_dirconf_t;
++
+ /* RFC 1952 Section 2.3 defines the gzip header:
+  *
+  * +---+---+---+---+---+---+---+---+---+---+
+@@ -204,6 +214,14 @@ static void *create_deflate_server_config(apr_pool_t *p, server_rec *s)
+     return c;
+ }
+ 
++static void *create_deflate_dirconf(apr_pool_t *p, char *dummy)
++{
++    deflate_dirconf_t *dc = apr_pcalloc(p, sizeof(*dc));
++    dc->ratio_limit = AP_INFLATE_RATIO_LIMIT;
++    dc->ratio_burst = AP_INFLATE_RATIO_BURST;
++    return dc;
++}
++
+ static const char *deflate_set_window_size(cmd_parms *cmd, void *dummy,
+                                            const char *arg)
+ {
+@@ -295,6 +313,55 @@ static const char *deflate_set_compressionlevel(cmd_parms *cmd, void *dummy,
+     return NULL;
+ }
+ 
++
++static const char *deflate_set_inflate_limit(cmd_parms *cmd, void *dirconf,
++                                      const char *arg)
++{
++    deflate_dirconf_t *dc = (deflate_dirconf_t*) dirconf;
++    char *errp;
++
++    if (APR_SUCCESS != apr_strtoff(&dc->inflate_limit, arg, &errp, 10)) {
++        return "DeflateInflateLimitRequestBody is not parsable.";
++    }
++    if (*errp || dc->inflate_limit < 0) {
++        return "DeflateInflateLimitRequestBody requires a non-negative integer.";
++    }
++
++    return NULL;
++}
++
++static const char *deflate_set_inflate_ratio_limit(cmd_parms *cmd,
++                                                   void *dirconf,
++                                                   const char *arg)
++{
++    deflate_dirconf_t *dc = (deflate_dirconf_t*) dirconf;
++    int i;
++
++    i = atoi(arg);
++    if (i <= 0)
++        return "DeflateInflateRatioLimit must be positive";
++
++    dc->ratio_limit = i;
++
++    return NULL;
++}
++
++static const char *deflate_set_inflate_ratio_burst(cmd_parms *cmd,
++                                                   void *dirconf,
++                                                   const char *arg)
++{
++    deflate_dirconf_t *dc = (deflate_dirconf_t*) dirconf;
++    int i;
++
++    i = atoi(arg);
++    if (i <= 0)
++        return "DeflateInflateRatioBurst must be positive";
++
++    dc->ratio_burst = i;
++
++    return NULL;
++}
++
+ typedef struct deflate_ctx_t
+ {
+     z_stream stream;
+@@ -304,6 +371,8 @@ typedef struct deflate_ctx_t
+     int (*libz_end_func)(z_streamp);
+     unsigned char *validation_buffer;
+     apr_size_t validation_buffer_length;
++    int ratio_hits;
++    apr_off_t inflate_total;
+     unsigned int inflate_init:1;
+     unsigned int filter_init:1;
+     unsigned int done:1;
+@@ -422,6 +491,22 @@ static void deflate_check_etag(request_rec *r, const char *transform)
+     }
+ }
+ 
++/* Check whether the (inflate) ratio exceeds the configured limit/burst. */
++static int check_ratio(request_rec *r, deflate_ctx *ctx,
++                       const deflate_dirconf_t *dc)
++{
++    if (ctx->stream.total_in) {
++        int ratio = ctx->stream.total_out / ctx->stream.total_in;
++        if (ratio < dc->ratio_limit) {
++            ctx->ratio_hits = 0;
++        }
++        else if (++ctx->ratio_hits > dc->ratio_burst) {
++            return 0;
++        }
++    }
++    return 1;
++}
++
+ static int have_ssl_compression(request_rec *r)
+ {
+     const char *comp;
+@@ -897,6 +982,8 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
+     int zRC;
+     apr_status_t rv;
+     deflate_filter_config *c;
++    deflate_dirconf_t *dc;
++    apr_off_t inflate_limit;
+ 
+     /* just get out of the way of things we don't want. */
+     if (mode != AP_MODE_READBYTES) {
+@@ -904,6 +991,7 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
+     }
+ 
+     c = ap_get_module_config(r->server->module_config, &deflate_module);
++    dc = ap_get_module_config(r->per_dir_config, &deflate_module);
+ 
+     if (!ctx) {
+         char deflate_hdr[10];
+@@ -994,6 +1082,12 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
+         apr_brigade_cleanup(ctx->bb);
+     }
+ 
++    inflate_limit = dc->inflate_limit; 
++    if (inflate_limit == 0) { 
++        /* The core is checking the deflated body, we'll check the inflated */
++        inflate_limit = ap_get_limit_req_body(f->r);
++    }
++
+     if (APR_BRIGADE_EMPTY(ctx->proc_bb)) {
+         rv = ap_get_brigade(f->next, ctx->bb, mode, block, readbytes);
+ 
+@@ -1038,6 +1132,17 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
+ 
+                 ctx->stream.next_out = ctx->buffer;
+                 len = c->bufferSize - ctx->stream.avail_out;
++ 
++                ctx->inflate_total += len;
++                if (inflate_limit && ctx->inflate_total > inflate_limit) { 
++                    inflateEnd(&ctx->stream);
++                    ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02647)
++                            "Inflated content length of %" APR_OFF_T_FMT
++                            " is larger than the configured limit"
++                            " of %" APR_OFF_T_FMT, 
++                            ctx->inflate_total, inflate_limit);
++                    return APR_ENOSPC;
++                }
+ 
+                 ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len);
+                 tmp_heap = apr_bucket_heap_create((char *)ctx->buffer, len,
+@@ -1073,6 +1178,26 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
+                     ctx->stream.next_out = ctx->buffer;
+                     len = c->bufferSize - ctx->stream.avail_out;
+ 
++                    ctx->inflate_total += len;
++                    if (inflate_limit && ctx->inflate_total > inflate_limit) { 
++                        inflateEnd(&ctx->stream);
++                        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02648)
++                                "Inflated content length of %" APR_OFF_T_FMT
++                                " is larger than the configured limit"
++                                " of %" APR_OFF_T_FMT, 
++                                ctx->inflate_total, inflate_limit);
++                        return APR_ENOSPC;
++                    }
++
++                    if (!check_ratio(r, ctx, dc)) {
++                        inflateEnd(&ctx->stream);
++                        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02649)
++                                "Inflated content ratio is larger than the "
++                                "configured limit %i by %i time(s)",
++                                dc->ratio_limit, dc->ratio_burst);
++                        return APR_EINVAL;
++                    }
++
+                     ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len);
+                     tmp_heap = apr_bucket_heap_create((char *)ctx->buffer, len,
+                                                       NULL, f->c->bucket_alloc);
+@@ -1193,6 +1318,7 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,
+     int zRC;
+     apr_status_t rv;
+     deflate_filter_config *c;
++    deflate_dirconf_t *dc;
+ 
+     /* Do nothing if asked to filter nothing. */
+     if (APR_BRIGADE_EMPTY(bb)) {
+@@ -1200,6 +1326,7 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,
+     }
+ 
+     c = ap_get_module_config(r->server->module_config, &deflate_module);
++    dc = ap_get_module_config(r->per_dir_config, &deflate_module);
+ 
+     if (!ctx) {
+ 
+@@ -1462,6 +1589,14 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,
+         while (ctx->stream.avail_in != 0) {
+             if (ctx->stream.avail_out == 0) {
+ 
++                if (!check_ratio(r, ctx, dc)) {
++                    ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02650)
++                            "Inflated content ratio is larger than the "
++                            "configured limit %i by %i time(s)",
++                            dc->ratio_limit, dc->ratio_burst);
++                    return APR_EINVAL;
++                }
++
+                 ctx->stream.next_out = ctx->buffer;
+                 len = c->bufferSize - ctx->stream.avail_out;
+ 
+@@ -1548,12 +1683,20 @@ static const command_rec deflate_filter_cmds[] = {
+                   "Set the Deflate Memory Level (1-9)"),
+     AP_INIT_TAKE1("DeflateCompressionLevel", deflate_set_compressionlevel, NULL, RSRC_CONF,
+                   "Set the Deflate Compression Level (1-9)"),
++    AP_INIT_TAKE1("DeflateInflateLimitRequestBody", deflate_set_inflate_limit, NULL, OR_ALL,
++                  "Set a limit on size of inflated input"),
++    AP_INIT_TAKE1("DeflateInflateRatioLimit", deflate_set_inflate_ratio_limit, NULL, OR_ALL,
++                  "Set the inflate ratio limit above which inflation is "
++                  "aborted (default: " APR_STRINGIFY(AP_INFLATE_RATIO_LIMIT) ")"),
++    AP_INIT_TAKE1("DeflateInflateRatioBurst", deflate_set_inflate_ratio_burst, NULL, OR_ALL,
++                  "Set the maximum number of following inflate ratios above limit "
++                  "(default: " APR_STRINGIFY(AP_INFLATE_RATIO_BURST) ")"),
+     {NULL}
+ };
+ 
+ AP_DECLARE_MODULE(deflate) = {
+     STANDARD20_MODULE_STUFF,
+-    NULL,                         /* dir config creater */
++    create_deflate_dirconf,       /* dir config creater */
+     NULL,                         /* dir merger --- default is to override */
+     create_deflate_server_config, /* server config */
+     NULL,                         /* merge server config */
diff --git a/SOURCES/httpd-2.4.6-CVE-2014-0226.patch b/SOURCES/httpd-2.4.6-CVE-2014-0226.patch
new file mode 100644
index 0000000..67c7046
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2014-0226.patch
@@ -0,0 +1,119 @@
+Index: server/scoreboard.c
+===================================================================
+--- a/server/scoreboard.c	(revision 1610498)
++++ b/server/scoreboard.c	(revision 1610499)
+@@ -579,6 +579,21 @@
+                                                  sbh->thread_num);
+ }
+ 
++AP_DECLARE(void) ap_copy_scoreboard_worker(worker_score *dest, 
++                                           int child_num,
++                                           int thread_num)
++{
++    worker_score *ws = ap_get_scoreboard_worker_from_indexes(child_num, thread_num);
++
++    memcpy(dest, ws, sizeof *ws);
++
++    /* For extra safety, NUL-terminate the strings returned, though it
++     * should be true those last bytes are always zero anyway. */
++    dest->client[sizeof(dest->client) - 1] = '\0';
++    dest->request[sizeof(dest->request) - 1] = '\0';
++    dest->vhost[sizeof(dest->vhost) - 1] = '\0';
++}
++
+ AP_DECLARE(process_score *) ap_get_scoreboard_process(int x)
+ {
+     if ((x < 0) || (x >= server_limit)) {
+Index: modules/generators/mod_status.c
+===================================================================
+--- a/modules/generators/mod_status.c	(revision 1610498)
++++ b/modules/generators/mod_status.c	(revision 1610499)
+@@ -194,7 +194,7 @@
+     long req_time;
+     int short_report;
+     int no_table_report;
+-    worker_score *ws_record;
++    worker_score *ws_record = apr_palloc(r->pool, sizeof *ws_record);
+     process_score *ps_record;
+     char *stat_buffer;
+     pid_t *pid_buffer, worker_pid;
+@@ -306,7 +306,7 @@
+         for (j = 0; j < thread_limit; ++j) {
+             int indx = (i * thread_limit) + j;
+ 
+-            ws_record = ap_get_scoreboard_worker_from_indexes(i, j);
++            ap_copy_scoreboard_worker(ws_record, i, j);
+             res = ws_record->status;
+ 
+             if ((i >= max_servers || j >= threads_per_child)
+@@ -637,7 +637,7 @@
+ 
+         for (i = 0; i < server_limit; ++i) {
+             for (j = 0; j < thread_limit; ++j) {
+-                ws_record = ap_get_scoreboard_worker_from_indexes(i, j);
++                ap_copy_scoreboard_worker(ws_record, i, j);
+ 
+                 if (ws_record->access_count == 0 &&
+                     (ws_record->status == SERVER_READY ||
+Index: modules/lua/lua_request.c
+===================================================================
+--- a/modules/lua/lua_request.c	(revision 1610498)
++++ b/modules/lua/lua_request.c	(revision 1610499)
+@@ -1245,16 +1245,22 @@
+  */
+ static int lua_ap_scoreboard_worker(lua_State *L)
+ {
+-    int i,
+-        j;
+-    worker_score   *ws_record;
++    int i, j;
++    worker_score *ws_record = NULL;
++    request_rec *r = NULL;
+ 
+     luaL_checktype(L, 1, LUA_TUSERDATA);
+     luaL_checktype(L, 2, LUA_TNUMBER);
+     luaL_checktype(L, 3, LUA_TNUMBER);
++
++    r = ap_lua_check_request_rec(L, 1);
++    if (!r) return 0;
++
+     i = lua_tointeger(L, 2);
+     j = lua_tointeger(L, 3);
+-    ws_record = ap_get_scoreboard_worker_from_indexes(i, j);
++    ws_record = apr_palloc(r->pool, sizeof *ws_record);
++
++    ap_copy_scoreboard_worker(ws_record, i, j);
+     if (ws_record) {
+         lua_newtable(L);
+ 
+Index: include/scoreboard.h
+===================================================================
+--- a/include/scoreboard.h	(revision 1610498)
++++ b/include/scoreboard.h	(revision 1610499)
+@@ -183,8 +183,25 @@
+ AP_DECLARE(void) ap_time_process_request(ap_sb_handle_t *sbh, int status);
+ 
+ AP_DECLARE(worker_score *) ap_get_scoreboard_worker(ap_sb_handle_t *sbh);
++
++/** Return a pointer to the worker_score for a given child, thread pair.
++ * @param child_num The child number.
++ * @param thread_num The thread number.
++ * @return A pointer to the worker_score structure.
++ * @deprecated This function is deprecated, use ap_copy_scoreboard_worker instead. */
+ AP_DECLARE(worker_score *) ap_get_scoreboard_worker_from_indexes(int child_num,
+                                                                 int thread_num);
++
++/** Copy the contents of a worker scoreboard entry.  The contents of
++ * the worker_score structure are copied verbatim into the dest
++ * structure.
++ * @param dest Output parameter.
++ * @param child_num The child number.
++ * @param thread_num The thread number.
++ */
++AP_DECLARE(void) ap_copy_scoreboard_worker(worker_score *dest,
++                                           int child_num, int thread_num);
++
+ AP_DECLARE(process_score *) ap_get_scoreboard_process(int x);
+ AP_DECLARE(global_score *) ap_get_scoreboard_global(void);
+ 
+
diff --git a/SOURCES/httpd-2.4.6-CVE-2014-0231.patch b/SOURCES/httpd-2.4.6-CVE-2014-0231.patch
new file mode 100644
index 0000000..580123a
--- /dev/null
+++ b/SOURCES/httpd-2.4.6-CVE-2014-0231.patch
@@ -0,0 +1,144 @@
+--- a/modules/generators/mod_cgid.c	2014/07/14 20:16:45	1610511
++++ b/modules/generators/mod_cgid.c	2014/07/14 20:18:26	1610512
+@@ -97,6 +97,10 @@
+ static pid_t parent_pid;
+ static ap_unix_identity_t empty_ugid = { (uid_t)-1, (gid_t)-1, -1 };
+ 
++typedef struct { 
++    apr_interval_time_t timeout;
++} cgid_dirconf;
++
+ /* The APR other-child API doesn't tell us how the daemon exited
+  * (SIGSEGV vs. exit(1)).  The other-child maintenance function
+  * needs to decide whether to restart the daemon after a failure
+@@ -968,7 +972,14 @@
+     return overrides->logname ? overrides : base;
+ }
+ 
++static void *create_cgid_dirconf(apr_pool_t *p, char *dummy)
++{
++    cgid_dirconf *c = (cgid_dirconf *) apr_pcalloc(p, sizeof(cgid_dirconf));
++    return c;
++}
++
+ static const char *set_scriptlog(cmd_parms *cmd, void *dummy, const char *arg)
++
+ {
+     server_rec *s = cmd->server;
+     cgid_server_conf *conf = ap_get_module_config(s->module_config,
+@@ -1021,7 +1032,16 @@
+ 
+     return NULL;
+ }
++static const char *set_script_timeout(cmd_parms *cmd, void *dummy, const char *arg)
++{
++    cgid_dirconf *dc = dummy;
+ 
++    if (ap_timeout_parameter_parse(arg, &dc->timeout, "s") != APR_SUCCESS) { 
++        return "CGIDScriptTimeout has wrong format";
++    }
++ 
++    return NULL;
++}
+ static const command_rec cgid_cmds[] =
+ {
+     AP_INIT_TAKE1("ScriptLog", set_scriptlog, NULL, RSRC_CONF,
+@@ -1033,6 +1053,10 @@
+     AP_INIT_TAKE1("ScriptSock", set_script_socket, NULL, RSRC_CONF,
+                   "the name of the socket to use for communication with "
+                   "the cgi daemon."),
++    AP_INIT_TAKE1("CGIDScriptTimeout", set_script_timeout, NULL, RSRC_CONF | ACCESS_CONF,
++                  "The amount of time to wait between successful reads from "
++                  "the CGI script, in seconds."),
++                  
+     {NULL}
+ };
+ 
+@@ -1356,12 +1380,16 @@
+     apr_file_t *tempsock;
+     struct cleanup_script_info *info;
+     apr_status_t rv;
++    cgid_dirconf *dc;
+ 
+     if (strcmp(r->handler, CGI_MAGIC_TYPE) && strcmp(r->handler, "cgi-script")) {
+         return DECLINED;
+     }
+ 
+     conf = ap_get_module_config(r->server->module_config, &cgid_module);
++    dc = ap_get_module_config(r->per_dir_config, &cgid_module);
++
++    
+     is_included = !strcmp(r->protocol, "INCLUDED");
+ 
+     if ((argv0 = strrchr(r->filename, '/')) != NULL) {
+@@ -1441,6 +1469,12 @@
+      */
+ 
+     apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool);
++    if (dc->timeout > 0) { 
++        apr_file_pipe_timeout_set(tempsock, dc->timeout);
++    }
++    else { 
++        apr_file_pipe_timeout_set(tempsock, r->server->timeout);
++    }
+     apr_pool_cleanup_kill(r->pool, (void *)((long)sd), close_unix_socket);
+ 
+     /* Transfer any put/post args, CERN style...
+@@ -1517,6 +1551,10 @@
+             if (rv != APR_SUCCESS) {
+                 /* silly script stopped reading, soak up remaining message */
+                 child_stopped_reading = 1;
++                ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02651)
++                              "Error writing request body to script %s", 
++                              r->filename);
++
+             }
+         }
+         apr_brigade_cleanup(bb);
+@@ -1610,7 +1648,13 @@
+             return HTTP_MOVED_TEMPORARILY;
+         }
+ 
+-        ap_pass_brigade(r->output_filters, bb);
++        rv = ap_pass_brigade(r->output_filters, bb);
++        if (rv != APR_SUCCESS) { 
++            /* APLOG_ERR because the core output filter message is at error,
++             * but doesn't know it's passing CGI output 
++             */
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, APLOGNO(02550) "Failed to flush CGI output to client");
++        }
+     }
+ 
+     if (nph) {
+@@ -1741,6 +1785,8 @@
+     request_rec *r = f->r;
+     cgid_server_conf *conf = ap_get_module_config(r->server->module_config,
+                                                   &cgid_module);
++    cgid_dirconf *dc = ap_get_module_config(r->per_dir_config, &cgid_module);
++
+     struct cleanup_script_info *info;
+ 
+     add_ssi_vars(r);
+@@ -1770,6 +1816,13 @@
+      * get rid of the cleanup we registered when we created the socket.
+      */
+     apr_os_pipe_put_ex(&tempsock, &sd, 1, r->pool);
++    if (dc->timeout > 0) {
++        apr_file_pipe_timeout_set(tempsock, dc->timeout);
++    }
++    else {
++        apr_file_pipe_timeout_set(tempsock, r->server->timeout);
++    }
++
+     apr_pool_cleanup_kill(r->pool, (void *)((long)sd), close_unix_socket);
+ 
+     APR_BRIGADE_INSERT_TAIL(bb, apr_bucket_pipe_create(tempsock,
+@@ -1875,7 +1928,7 @@
+ 
+ AP_DECLARE_MODULE(cgid) = {
+     STANDARD20_MODULE_STUFF,
+-    NULL, /* dir config creater */
++    create_cgid_dirconf, /* dir config creater */
+     NULL, /* dir merger --- default is to override */
+     create_cgid_config, /* server config */
+     merge_cgid_config, /* merge server config */
diff --git a/SOURCES/welcome.conf b/SOURCES/welcome.conf
index 5897cad..5d1e452 100644
--- a/SOURCES/welcome.conf
+++ b/SOURCES/welcome.conf
@@ -16,7 +16,3 @@
 </Directory>
 
 Alias /.noindex.html /usr/share/httpd/noindex/index.html
-Alias /css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
-Alias /css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
-Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
-Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
diff --git a/SPECS/httpd.spec b/SPECS/httpd.spec
index 97f9f21..2e5ffcb 100644
--- a/SPECS/httpd.spec
+++ b/SPECS/httpd.spec
@@ -4,7 +4,7 @@
 %define mmn 20120211
 %define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
-%define vstring CentOS
+%define vstring Red Hat
 
 # Drop automatic provides for module DSOs
 %{?filter_setup:
@@ -15,10 +15,10 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.6
-Release: 17%{?dist}.1
+Release: 18%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex.tar.gz
+Source1: index.html
 Source2: httpd.logrotate
 Source3: httpd.sysconf
 Source4: httpd-ssl-pass-dialog
@@ -76,6 +76,11 @@ Patch60: httpd-2.4.6-r1553540.patch
 # Security fixes
 Patch200: httpd-2.4.6-CVE-2013-6438.patch
 Patch201: httpd-2.4.6-CVE-2014-0098.patch
+Patch202: httpd-2.4.6-CVE-2014-0231.patch
+Patch203: httpd-2.4.6-CVE-2014-0117.patch
+Patch204: httpd-2.4.6-CVE-2014-0118.patch
+Patch205: httpd-2.4.6-CVE-2014-0226.patch
+Patch206: httpd-2.4.6-CVE-2013-4352.patch
 License: ASL 2.0
 Group: System Environment/Daemons
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -212,6 +217,11 @@ rm modules/ssl/ssl_engine_dh.c
 
 %patch200 -p1 -b .cve6438
 %patch201 -p1 -b .cve0098
+%patch202 -p1 -b .cve0231
+%patch203 -p1 -b .cve0117
+%patch204 -p1 -b .cve0118
+%patch205 -p1 -b .cve0226
+%patch206 -p1 -b .cve4352
 
 # Patch in the vendor string and the release string
 sed -i '/^#define PLATFORM/s/Unix/%{vstring}/' os/unix/os.h
@@ -365,10 +375,8 @@ EOF
 
 # Handle contentdir
 mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
-tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
-        -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
-        --strip-components=1
-
+install -m 644 -p $RPM_SOURCE_DIR/index.html \
+        $RPM_BUILD_ROOT%{contentdir}/noindex/index.html
 rm -rf %{contentdir}/htdocs
 
 # remove manual sources
@@ -391,7 +399,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
       $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
 
 # Symlink for the powered-by-$DISTRO image:
-ln -s ../noindex/images/poweredby.png \
+ln -s ../../pixmaps/poweredby.png \
         $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
 
 # symlinks for /etc/httpd
@@ -576,7 +584,7 @@ rm -rf $RPM_BUILD_ROOT
 %{contentdir}/error/README
 %{contentdir}/error/*.var
 %{contentdir}/error/include/*.html
-%{contentdir}/noindex/*
+%{contentdir}/noindex/index.html
 
 %dir %{docroot}
 %dir %{docroot}/cgi-bin
@@ -642,10 +650,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
-* Tue Jun 17 2014 Jim Perrin <jperrin@centos.org> - 2.4.6-17.el7.centos.1
-- Remove index.html, add centos-noindex.tar.gz
-- update welcome.conf with proper aliases
-- change symlink for poweredby.png
+* Thu Jul 17 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-18
+- mod_cgid: add security fix for CVE-2014-0231 (#1120607)
+- mod_proxy: add security fix for CVE-2014-0117 (#1120607)
+- mod_deflate: add security fix for CVE-2014-0118 (#1120607)
+- mod_status: add security fix for CVE-2014-0226 (#1120607)
+- mod_cache: add secutiry fix for CVE-2013-4352 (#1120607)
 
 * Thu Mar 20 2014 Jan Kaluza <jkaluza@redhat.com> - 2.4.6-17
 - mod_dav: add security fix for CVE-2013-6438 (#1077907)