diff --git a/download b/download
deleted file mode 100644
index 35e4d066ff4c1020f4f897ab2882e0f3f356d0ce..0000000000000000000000000000000000000000
--- a/download
+++ /dev/null
@@ -1 +0,0 @@
-ea5e361ca37b8d7853404419dd502efe  httpd-2.4.6.tar.bz2
diff --git a/httpd-2.4.6-CVE-2023-25690.patch b/httpd-2.4.6-CVE-2023-25690.patch
new file mode 100644
index 0000000000000000000000000000000000000000..db8498b4ca6e90b802a8772336504cfda0eae4f8
--- /dev/null
+++ b/httpd-2.4.6-CVE-2023-25690.patch
@@ -0,0 +1,232 @@
+diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
+index b89d3e4..19f70d1 100644
+--- a/modules/mappers/mod_rewrite.c
++++ b/modules/mappers/mod_rewrite.c
+@@ -166,6 +166,7 @@ static const char* really_last_key = "rewrite_really_last";
+ #define RULEFLAG_DISCARDPATHINFO    1<<15
+ #define RULEFLAG_QSDISCARD          1<<16
+ #define RULEFLAG_END                1<<17
++#define RULEFLAG_QSNONE             (1<<20) /* programattic only */
+ 
+ /* return code of the rewrite rule
+  * the result may be escaped - or not
+@@ -725,10 +726,18 @@ static char *escape_absolute_uri(apr_pool_t *p, char *uri, unsigned scheme)
+  * split out a QUERY_STRING part from
+  * the current URI string
+  */
+-static void splitout_queryargs(request_rec *r, int qsappend, int qsdiscard)
++static void splitout_queryargs(request_rec *r, int flags)
+ {
+     char *q;
+     int split;
++    int qsappend = flags & RULEFLAG_QSAPPEND;
++    int qsdiscard = flags & RULEFLAG_QSDISCARD;
++
++    if (flags & RULEFLAG_QSNONE) {
++        rewritelog((r, 2, NULL, "discarding query string, no parse from substitution"));
++        r->args = NULL;
++        return;
++    }
+ 
+     /* don't touch, unless it's a scheme for which a query string makes sense.
+      * See RFC 1738 and RFC 2368.
+@@ -2661,7 +2670,7 @@ static apr_status_t rewritelock_remove(void *data)
+  * XXX: what an inclined parser. Seems we have to leave it so
+  *      for backwards compat. *sigh*
+  */
+-static int parseargline(char *str, char **a1, char **a2, char **a3)
++static int parseargline(char *str, char **a1, char **a2, char **a2_end, char **a3)
+ {
+     char quote;
+ 
+@@ -2712,8 +2721,10 @@ static int parseargline(char *str, char **a1, char **a2, char **a3)
+ 
+     if (!*str) {
+         *a3 = NULL; /* 3rd argument is optional */
++        *a2_end = str;
+         return 0;
+     }
++    *a2_end = str;
+     *str++ = '\0';
+ 
+     while (apr_isspace(*str)) {
+@@ -3230,6 +3241,7 @@ static const char *cmd_rewritecond(cmd_parms *cmd, void *in_dconf,
+     ap_regex_t *regexp;
+     char *a1;
+     char *a2;
++    char *a2_end;
+     char *a3;
+     const char *err;
+ 
+@@ -3248,7 +3260,7 @@ static const char *cmd_rewritecond(cmd_parms *cmd, void *in_dconf,
+      * of the argument line. So we can use a1 .. a3 without
+      * copying them again.
+      */
+-    if (parseargline(str, &a1, &a2, &a3)) {
++    if (parseargline(str, &a1, &a2, &a2_end, &a3)) {
+         return apr_pstrcat(cmd->pool, "RewriteCond: bad argument line '", str,
+                            "'", NULL);
+     }
+@@ -3645,6 +3657,7 @@ static const char *cmd_rewriterule(cmd_parms *cmd, void *in_dconf,
+     ap_regex_t *regexp;
+     char *a1;
+     char *a2;
++    char *a2_end;
+     char *a3;
+     const char *err;
+ 
+@@ -3659,7 +3672,7 @@ static const char *cmd_rewriterule(cmd_parms *cmd, void *in_dconf,
+     }
+ 
+     /*  parse the argument line ourself */
+-    if (parseargline(str, &a1, &a2, &a3)) {
++    if (parseargline(str, &a1, &a2, &a2_end, &a3)) {
+         return apr_pstrcat(cmd->pool, "RewriteRule: bad argument line '", str,
+                            "'", NULL);
+     }
+@@ -3705,6 +3718,16 @@ static const char *cmd_rewriterule(cmd_parms *cmd, void *in_dconf,
+         newrule->flags |= RULEFLAG_NOSUB;
+     }
+ 
++    if (*(a2_end-1) == '?') {
++        /* a literal ? at the end of the unsubstituted rewrite rule */
++        newrule->flags |= RULEFLAG_QSNONE;
++    }
++    else if (newrule->flags & RULEFLAG_QSDISCARD) {
++        if (NULL == ap_strchr(newrule->output, '?')) {
++            newrule->flags |= RULEFLAG_QSNONE;
++        }
++    }
++
+     /* now, if the server or per-dir config holds an
+      * array of RewriteCond entries, we take it for us
+      * and clear the array
+@@ -4110,7 +4133,7 @@ static int apply_rewrite_rule(rewriterule_entry *p, rewrite_ctx *ctx)
+         r->path_info = NULL;
+     }
+ 
+-    splitout_queryargs(r, p->flags & RULEFLAG_QSAPPEND, p->flags & RULEFLAG_QSDISCARD);
++    splitout_queryargs(r, p->flags);
+ 
+     /* Add the previously stripped per-directory location prefix, unless
+      * (1) it's an absolute URL path and
+@@ -4565,6 +4588,17 @@ static int hook_uri2file(request_rec *r)
+         unsigned skip;
+         apr_size_t flen;
+ 
++        if (r->args && *(ap_scan_vchar_obstext(r->args))) {
++            /*
++             * We have a raw control character or a ' ' in r->args.
++             * Correct encoding was missed.
++             */
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10410)
++                          "Rewritten query string contains control "
++                          "characters or spaces");
++            return HTTP_FORBIDDEN;
++        }
++
+         if (ACTION_STATUS == rulestatus) {
+             int n = r->status;
+ 
+@@ -4833,6 +4867,17 @@ static int hook_fixup(request_rec *r)
+     if (rulestatus) {
+         unsigned skip;
+ 
++        if (r->args && *(ap_scan_vchar_obstext(r->args))) {
++            /*
++             * We have a raw control character or a ' ' in r->args.
++             * Correct encoding was missed.
++             */
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10411)
++                          "Rewritten query string contains control "
++                          "characters or spaces");
++            return HTTP_FORBIDDEN;
++        }
++
+         if (ACTION_STATUS == rulestatus) {
+             int n = r->status;
+ 
+diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c
+index 9b69a2e..a52d777 100644
+--- a/modules/proxy/mod_proxy_ajp.c
++++ b/modules/proxy/mod_proxy_ajp.c
+@@ -69,6 +69,16 @@ static int proxy_ajp_canon(request_rec *r, char *url)
+         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+                                  r->proxyreq);
+         search = r->args;
++        if (search && *(ap_scan_vchar_obstext(search))) {
++            /*
++             * We have a raw control character or a ' ' in r->args.
++             * Correct encoding was missed.
++             */
++             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10406)
++                           "To be forwarded query string contains control "
++                           "characters or spaces");
++             return HTTP_FORBIDDEN;
++        }
+     }
+     if (path == NULL)
+         return HTTP_BAD_REQUEST;
+diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
+index 4d9d2af..fa385c3 100644
+--- a/modules/proxy/mod_proxy_balancer.c
++++ b/modules/proxy/mod_proxy_balancer.c
+@@ -94,6 +94,16 @@ static int proxy_balancer_canon(request_rec *r, char *url)
+         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+                                  r->proxyreq);
+         search = r->args;
++        if (search && *(ap_scan_vchar_obstext(search))) {
++            /*
++             * We have a raw control character or a ' ' in r->args.
++             * Correct encoding was missed.
++             */
++             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10407)
++                           "To be forwarded query string contains control "
++                           "characters or spaces");
++             return HTTP_FORBIDDEN;
++        }
+     }
+     if (path == NULL)
+         return HTTP_BAD_REQUEST;
+diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
+index 6767c89..1a10d99 100644
+--- a/modules/proxy/mod_proxy_http.c
++++ b/modules/proxy/mod_proxy_http.c
+@@ -87,6 +87,16 @@ static int proxy_http_canon(request_rec *r, char *url)
+             path = ap_proxy_canonenc(r->pool, url, strlen(url),
+                                      enc_path, 0, r->proxyreq);
+             search = r->args;
++            if (search && *(ap_scan_vchar_obstext(search))) {
++                /*
++                 * We have a raw control character or a ' ' in r->args.
++                 * Correct encoding was missed.
++                 */
++                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10408)
++                              "To be forwarded query string contains control "
++                              "characters or spaces");
++                return HTTP_FORBIDDEN;
++            }
+         }
+         break;
+     case PROXYREQ_PROXY:
+diff --git a/modules/proxy/mod_proxy_wstunnel.c b/modules/proxy/mod_proxy_wstunnel.c
+index eb34eee..438d035 100644
+--- a/modules/proxy/mod_proxy_wstunnel.c
++++ b/modules/proxy/mod_proxy_wstunnel.c
+@@ -73,6 +73,16 @@ static int proxy_wstunnel_canon(request_rec *r, char *url)
+         path = ap_proxy_canonenc(r->pool, url, strlen(url), enc_path, 0,
+                                  r->proxyreq);
+         search = r->args;
++        if (search && *(ap_scan_vchar_obstext(search))) {
++            /*
++             * We have a raw control character or a ' ' in r->args.
++             * Correct encoding was missed.
++             */
++            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10409)
++                          "To be forwarded query string contains control "
++                          "characters or spaces");
++            return HTTP_FORBIDDEN;
++        }
+     }
+     if (path == NULL)
+         return HTTP_BAD_REQUEST;
diff --git a/httpd-2.4.6.tar.bz2 b/httpd-2.4.6.tar.bz2
new file mode 100644
index 0000000000000000000000000000000000000000..ac1eef8767a1a350b16e6127d523315ca9522492
Binary files /dev/null and b/httpd-2.4.6.tar.bz2 differ
diff --git a/httpd.spec b/httpd.spec
index 83df33457c4b49c4b408665b77b4a2d4b7ad96f7..4722aee4500941b26d511b77574d269759efede4 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -4,6 +4,7 @@
 %define mmn 20120211
 %define oldmmnisa %{mmn}-%{__isa_name}-%{__isa_bits}
 %define mmnisa %{mmn}%{__isa_name}%{__isa_bits}
+%define vstring %(source /etc/os-release; echo ${REDHAT_SUPPORT_PRODUCT})
 %define vstring CentOS
 
 # Drop automatic provides for module DSOs
@@ -15,10 +16,10 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.6
-Release: 98%{?dist}.6
+Release: 98%{?dist}.7
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
-Source1: centos-noindex.tar.gz
+Source1: centos-noindex.tar.gz 
 Source2: httpd.logrotate
 Source3: httpd.sysconf
 Source4: httpd-ssl-pass-dialog
@@ -249,6 +250,7 @@ Patch243: httpd-2.4.6-CVE-2021-34798.patch
 Patch244: httpd-2.4.6-CVE-2021-39275.patch
 Patch245: httpd-2.4.6-CVE-2021-26691.patch
 Patch246: httpd-2.4.6-CVE-2022-22720.patch
+Patch247: httpd-2.4.6-CVE-2023-25690.patch
 
 License: ASL 2.0
 Group: System Environment/Daemons
@@ -518,6 +520,7 @@ rm modules/ssl/ssl_engine_dh.c
 %patch244 -p1 -b .cve39275
 %patch245 -p1 -b .cve26691
 %patch246 -p1 -b .cve22720
+%patch247 -p1 -b .cve25690
 
 # need to be applied in the end since security patches
 # are changing the code that present in this patch
@@ -678,7 +681,6 @@ mkdir $RPM_BUILD_ROOT%{contentdir}/noindex
 tar xzf $RPM_SOURCE_DIR/centos-noindex.tar.gz \
         -C $RPM_BUILD_ROOT%{contentdir}/noindex/ \
         --strip-components=1
-
 rm -rf %{contentdir}/htdocs
 
 # remove manual sources
@@ -701,7 +703,7 @@ rm -v $RPM_BUILD_ROOT%{docroot}/html/*.html \
       $RPM_BUILD_ROOT%{docroot}/cgi-bin/*
 
 # Symlink for the powered-by-$DISTRO image:
-ln -s ../noindex/images/poweredby.png \
+ln -s ../../pixmaps/poweredby.png \
         $RPM_BUILD_ROOT%{contentdir}/icons/poweredby.png
 
 # symlinks for /etc/httpd
@@ -953,11 +955,12 @@ rm -rf $RPM_BUILD_ROOT
 %{_sysconfdir}/rpm/macros.httpd
 
 %changelog
-* Tue Jan 24 2023 CentOS Sources <bugs@centos.org> - 2.4.6-98.el7.centos.6
-- Remove index.html, add centos-noindex.tar.gz
-- change vstring
-- change symlink for poweredby.png
-- update welcome.conf with proper aliases
+* Wed Apr  5 2023 Johnny Hughes <johnny@centos.org>
+- Manual CentOS Debranding
+
+* Tue Mar 21 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.7
+- Resolves: #2177742 - CVE-2023-25690 httpd: HTTP request splitting with
+  mod_rewrite and mod_proxy 
 
 * Wed Dec 07 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.6-97.6
 - Resolves: #2101997 - HEAD request with a 404 and custom ErrorPage causes
diff --git a/index.html b/index.html
deleted file mode 100644
index 06ad3fcb3168b1405abcca254040a9bf4d408ca2..0000000000000000000000000000000000000000
--- a/index.html
+++ /dev/null
@@ -1,123 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-	<head>
-		<title>Test Page for the Apache HTTP Server on Red Hat Enterprise Linux</title>
-		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-		<style type="text/css">
-			/*<![CDATA[*/
-			body {
-				background-color: #fff;
-				color: #000;
-				font-size: 0.9em;
-				font-family: sans-serif,helvetica;
-				margin: 0;
-				padding: 0;
-			}
-			:link {
-				color: #c00;
-			}
-			:visited {
-				color: #c00;
-			}
-			a:hover {
-				color: #f50;
-			}
-			h1 {
-				text-align: center;
-				margin: 0;
-				padding: 0.6em 2em 0.4em;
-				background-color: #900;
-				color: #fff;
-				font-weight: normal;
-				font-size: 1.75em;
-				border-bottom: 2px solid #000;
-			}
-			h1 strong {
-				font-weight: bold;
-			}
-			h2 {
-				font-size: 1.1em;
-				font-weight: bold;
-			}
-			hr {
-				display: none;
-			}
-			.content {
-				padding: 1em 5em;
-			}
-			.content-columns {
-				/* Setting relative positioning allows for 
-				absolute positioning for sub-classes */
-				position: relative;
-				padding-top: 1em;
-			}
-			.content-column-left {
-				/* Value for IE/Win; will be overwritten for other browsers */
-				width: 47%;
-				padding-right: 3%;
-				float: left;
-				padding-bottom: 2em;
-			}
-			.content-column-left hr {
-				display: none;
-			}
-			.content-column-right {
-				/* Values for IE/Win; will be overwritten for other browsers */
-				width: 47%;
-				padding-left: 3%;
-				float: left;
-				padding-bottom: 2em;
-			}
-			.content-columns>.content-column-left, .content-columns>.content-column-right {
-				/* Non-IE/Win */
-			}
-			img {
-				border: 2px solid #fff;
-				padding: 2px;
-				margin: 2px;
-			}
-			a:hover img {
-				border: 2px solid #f50;
-			}
-			/*]]>*/
-		</style>
-	</head>
-
-	<body>
-		<h1>Red Hat Enterprise Linux <strong>Test Page</strong></h1>
-
-		<div class="content">
-			<div class="content-middle">
-				<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly.</p>
-			</div>
-			<hr />
-
-			<div class="content-columns">
-				<div class="content-column-left">
-					<h2>If you are a member of the general public:</h2>
-
-					<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.</p>
-
-					<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>
-
-					<p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".</p>
-
-					<p>For information on Red Hat Enterprise Linux, please visit the <a href="http://www.redhat.com/">Red Hat, Inc. website</a>. The documentation for Red Hat Enterprise Linux is <a href="http://www.redhat.com/docs/manuals/enterprise/">available on the Red Hat, Inc. website</a>.</p>
-					<hr />
-				</div>
-
-				<div class="content-column-right">
-					<h2>If you are the website administrator:</h2>
-
-					<p>You may now add content to the directory <tt>/var/www/html/</tt>. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file <tt>/etc/httpd/conf.d/welcome.conf</tt>.</p>
-
-                                        <p>You are free to use the image below on web sites powered by the Apache HTTP Server:</p>
-					
-                                        <p align="center"><a href="http://httpd.apache.org/"><img src="/icons/apache_pb2.gif" alt="[ Powered by Apache ]"/></a></p>
-
-				</div>
-			</div>
-		</div>
-	</body>
-</html>