diff --git a/CVE-2021-26690.patch b/CVE-2021-26690.patch
new file mode 100644
index 0000000000000000000000000000000000000000..2c3d49d263fddf9fd4bc72c2a38b26643e11c541
--- /dev/null
+++ b/CVE-2021-26690.patch
@@ -0,0 +1,27 @@
+From 67bd9bfe6c38831e14fe7122f1d84391472498f8 Mon Sep 17 00:00:00 2001
+From: Yann Ylavic <ylavic@apache.org>
+Date: Mon, 1 Mar 2021 20:07:08 +0000
+Subject: [PATCH] mod_session: save one apr_strtok() in
+ session_identity_decode().
+
+When the encoding is invalid (missing '='), no need to parse further.
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68
+---
+ modules/session/mod_session.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
+index a2b4a3e608b..01f41fe5d0f 100644
+--- a/modules/session/mod_session.c
++++ b/modules/session/mod_session.c
+@@ -413,8 +413,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z)
+         char *plast = NULL;
+         const char *psep = "=";
+         char *key = apr_strtok(pair, psep, &plast);
+-        char *val = apr_strtok(NULL, psep, &plast);
+         if (key && *key) {
++            char *val = apr_strtok(NULL, sep, &plast);
+             if (!val || !*val) {
+                 apr_table_unset(z->entries, key);
+             }
diff --git a/CVE-2021-30641.patch b/CVE-2021-30641.patch
new file mode 100644
index 0000000000000000000000000000000000000000..042b01395c4cacd5129657af9547e674ddf7cbd3
--- /dev/null
+++ b/CVE-2021-30641.patch
@@ -0,0 +1,62 @@
+From eb986059aa5aa0b6c1d52714ea83e3dd758afdd1 Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Wed, 21 Apr 2021 01:10:12 +0000
+Subject: [PATCH] Merge r1889036 from trunk:
+
+legacy default slash-matching behavior w/ 'MergeSlashes OFF'
+
+Submitted By: Ruediger Pluem
+Reviewed By: covener, rpluem, ylavic
+
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1889038 13f79535-47bb-0310-9956-ffa450edef68
+---
+ server/request.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/server/request.c b/server/request.c
+index 0f150a763d6..299eae04d3f 100644
+--- a/server/request.c
++++ b/server/request.c
+@@ -1420,7 +1420,20 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
+ 
+     cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
+     cached = (cache->cached != NULL);
+-    entry_uri = r->uri;
++
++   /*
++    * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri
++    * have not been merged. But for Location walks we always go with merged
++    * slashes no matter what merge_slashes is set to.
++    */
++    if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
++        entry_uri = r->uri;
++    }
++    else {
++        char *uri = apr_pstrdup(r->pool, r->uri);
++        ap_no2slash(uri);
++        entry_uri = uri;
++    }
+ 
+     /* If we have an cache->cached location that matches r->uri,
+      * and the vhost's list of locations hasn't changed, we can skip
+@@ -1488,7 +1501,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
+                     pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
+                 }
+ 
+-                if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
++                if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
+                     continue;
+                 }
+ 
+@@ -1498,7 +1511,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
+                         apr_table_setn(r->subprocess_env,
+                                        ((const char **)entry_core->refs->elts)[i],
+                                        apr_pstrndup(r->pool,
+-                                       entry_uri + pmatch[i].rm_so,
++                                       r->uri + pmatch[i].rm_so,
+                                        pmatch[i].rm_eo - pmatch[i].rm_so));
+                     }
+                 }
diff --git a/httpd.spec b/httpd.spec
index e4bb4e6079cab434df9aabc7f1dbda65e5b587c8..51b1f98cce32e70642ae39e0a4698bf0f02c5605 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.43
-Release:          5
+Release:          6
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@@ -72,6 +72,8 @@ Patch18:          CVE-2020-9490.patch
 Patch19:          CVE-2021-26691.patch
 Patch20:          CVE-2020-13950.patch
 Patch21:          CVE-2020-35452.patch
+Patch22:          CVE-2021-30641.patch
+Patch23:          CVE-2021-26690.patch
 
 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@@ -508,6 +510,12 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Fri Jul 23 2021 lijingyuan <lijingyuan3@huawei.com> - 2.4.43-6
+- Type:cves
+- ID:CVE-2021-30641 CVE-2021-26690
+- SUG:restart
+- DESC:fix CVE-2021-30641 CVE-2021-26690
+
 * Mon Jun 21 2021 yanglu <yanglu72@huawei.com> - 2.4.43-5
 - Type:cves
 - ID:CVE-2020-13950 CVE-2020-35452