--- httpd-2.4.41/server/util.c~	2019-07-22 21:28:14.000000000 +0200
+++ httpd-2.4.41/server/util.c	2019-08-17 10:09:47.225371702 +0200
@@ -3477,8 +3477,14 @@ AP_DECLARE(const char *)ap_dir_fnmatch(a
 
     candidates = apr_array_make(w->ptemp, 1, sizeof(fnames));
     while (apr_dir_read(&dirent, APR_FINFO_DIRENT | APR_FINFO_TYPE, dirp) == APR_SUCCESS) {
+        size_t slen;
+        slen = strlen(dirent.name);
         /* strip out '.' and '..' */
-        if (strcmp(dirent.name, ".")
+        if (strcmp(dirent.name, ".") && (dirent.name)[slen-1] != '~'
+            && (dirent.name)[0] != '.'
+            && (slen < 8 || strcmp((dirent.name + slen - 7), ".rpmnew"))
+            && (slen < 9 || ( strcmp((dirent.name + slen - 8), ".rpmorig")
+            && strcmp((dirent.name + slen - 8), ".rpmsave")))
             && strcmp(dirent.name, "..")
             && (apr_fnmatch(fname, dirent.name,
                             APR_FNM_PERIOD) == APR_SUCCESS)) {