[Pkg-apache-commits] r1016 - in /trunk/apache2: ./ mpm-itk/ mpm-itk/debian/ mpm-itk/patches/

sf at alioth.debian.org sf at alioth.debian.org
Tue Aug 4 08:42:30 UTC 2009


Author: sf
Date: Tue Aug  4 08:42:29 2009
New Revision: 1016

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1016
Log:
merge apache2 and apache2-mpm-itk and add Steinar to Uploaders

Added:
    trunk/apache2/apache2-mpm-itk.dirs
    trunk/apache2/mpm-itk/
    trunk/apache2/mpm-itk/CHANGES
    trunk/apache2/mpm-itk/COPYRIGHT
    trunk/apache2/mpm-itk/README
    trunk/apache2/mpm-itk/debian/
    trunk/apache2/mpm-itk/debian/changelog
    trunk/apache2/mpm-itk/patches/
    trunk/apache2/mpm-itk/patches/01-copy-prefork.patch
    trunk/apache2/mpm-itk/patches/02-rename-prefork-to-itk.patch
    trunk/apache2/mpm-itk/patches/03-add-mpm-to-build-system.patch
    trunk/apache2/mpm-itk/patches/04-correct-output-makefile-location.patch
    trunk/apache2/mpm-itk/patches/05-add-copyright.patch
    trunk/apache2/mpm-itk/patches/06-hook-just-after-merging-perdir-config.patch
    trunk/apache2/mpm-itk/patches/07-base-functionality.patch
    trunk/apache2/mpm-itk/patches/08-max-clients-per-vhost.patch
    trunk/apache2/mpm-itk/patches/09-capabilities.patch
    trunk/apache2/mpm-itk/patches/10-nice.patch
    trunk/apache2/mpm-itk/patches/series
Modified:
    trunk/apache2/changelog
    trunk/apache2/clean
    trunk/apache2/control
    trunk/apache2/copyright
    trunk/apache2/rules

Added: trunk/apache2/apache2-mpm-itk.dirs
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/apache2-mpm-itk.dirs?rev=1016&op=file
==============================================================================
--- trunk/apache2/apache2-mpm-itk.dirs (added)
+++ trunk/apache2/apache2-mpm-itk.dirs Tue Aug  4 08:42:29 2009
@@ -1,0 +1,2 @@
+usr/sbin
+usr/lib/debug/usr/sbin

Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=1016&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Tue Aug  4 08:42:29 2009
@@ -20,6 +20,9 @@
     versions to the world (LP: #205996)
   * Make a2ensite and friends ignore the same filenames as apache does for
     included config files, even if LANG is not C.
+  * Merge source packages apache2 and apache2-mpm-itk (current itk version is
+    2.2.11-02). This removes the binNMU mess necessary for every apache2 upload
+    (closes: #500885, #512084). Add Steinar to Uploaders.
   * Ship our own version of the magic config file (taken from file 4.17-5etch3)
     which is still compatible with mod_mime_magic (closes: #483111).
   * Add ThreadLimit to the default config and put ThreadsPerChild and

Modified: trunk/apache2/clean
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/clean?rev=1016&op=diff
==============================================================================
--- trunk/apache2/clean (original)
+++ trunk/apache2/clean Tue Aug  4 08:42:29 2009
@@ -10,5 +10,9 @@
 debian/apache2-mpm-prefork.preinst
 debian/apache2-mpm-prefork.prerm
 debian/apache2-mpm-prefork.lintian-overrides
+debian/apache2-mpm-itk.postinst
+debian/apache2-mpm-itk.preinst
+debian/apache2-mpm-itk.prerm
+debian/apache2-mpm-itk.lintian-overrides
 debian/apache2-prefork-dev.postinst
 debian/apache2-threaded-dev.postinst

Modified: trunk/apache2/control
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/control?rev=1016&op=diff
==============================================================================
--- trunk/apache2/control (original)
+++ trunk/apache2/control Tue Aug  4 08:42:29 2009
@@ -2,8 +2,8 @@
 Section: httpd
 Priority: optional
 Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
-Uploaders: Tollef Fog Heen <tfheen at debian.org>, Thom May <thom at debian.org>, Adam Conrad <adconrad at 0c3.net>, Peter Samuelson <peter at p12n.org>, Stefan Fritsch <sf at debian.org>
-Build-Depends: debhelper (>= 7), dpatch, lsb-release, libaprutil1-dev (>= 1.3.4), libapr1-dev (>= 1.2.7-6), openssl, libpcre3-dev, mawk, zlib1g-dev, libssl-dev, sharutils
+Uploaders: Tollef Fog Heen <tfheen at debian.org>, Thom May <thom at debian.org>, Adam Conrad <adconrad at 0c3.net>, Peter Samuelson <peter at p12n.org>, Stefan Fritsch <sf at debian.org>, Steinar H. Gunderson <sesse at debian.org>
+Build-Depends: debhelper (>= 7), dpatch, lsb-release, libaprutil1-dev (>= 1.3.4), libapr1-dev (>= 1.2.7-6), openssl, libpcre3-dev, mawk, zlib1g-dev, libssl-dev, sharutils, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], autoconf
 Standards-Version: 3.8.2
 Vcs-Browser: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2
 Vcs-svn: svn://svn.debian.org/pkg-apache/trunk/apache2
@@ -87,6 +87,22 @@
  .
  This MPM is experimental and less tested than the worker and prefork MPMs.
  
+Package: apache2-mpm-itk
+Depends: apache2.2-common (= ${binary:Version}), apache2.2-bin (= ${binary:Version})
+Provides: apache2-mpm, apache2, httpd, httpd-cgi
+Conflicts: apache2-mpm, apache2-common
+Architecture: all
+Description: multiuser MPM for Apache 2.2
+ The ITK Multi-Processing Module (MPM) works in about the same way as the
+ classical "prefork" module (that is, without threads), except that it allows
+ you to constrain each individual vhost to a particular system user. This
+ allows you to run several different web sites on a single server without
+ worrying that they will be able to read each others' files. This is a
+ third-party MPM that is not included in the normal Apache httpd.
+ .
+ Please note that this MPM is somewhat less tested than the MPMs that come with
+ Apache itself.
+
 Package: apache2-utils
 Architecture: any
 Replaces: apache2-common, apache-utils (<< 1.3.33-4)
@@ -134,7 +150,7 @@
 
 Package: apache2
 Architecture: all
-Depends: apache2-mpm-worker (>= ${source:Version}) | apache2-mpm-prefork (>= ${source:Version}) | apache2-mpm-event (>= ${source:Version}) | apache2-mpm-itk, apache2.2-common (= ${binary:Version})
+Depends: apache2-mpm-worker (>= ${source:Version}) | apache2-mpm-prefork (>= ${source:Version}) | apache2-mpm-event (>= ${source:Version}) | apache2-mpm-itk (>= ${source:Version}), apache2.2-common (= ${binary:Version})
 Description: Apache HTTP Server metapackage         
  The Apache Software Foundation's goal is to build a secure, efficient and
  extensible HTTP server as standards-compliant open source software. The

Modified: trunk/apache2/copyright
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/copyright?rev=1016&op=diff
==============================================================================
--- trunk/apache2/copyright (original)
+++ trunk/apache2/copyright Tue Aug  4 08:42:29 2009
@@ -3,7 +3,11 @@
 
 It was downloaded from http://httpd.apache.org/download.cgi
 
-Upstream Authors: The Apache Software Foundation - http://httpd.apache.org
+Upstream Authors:
+	The Apache Software Foundation - http://httpd.apache.org
+	For apache2-mpm-itk:
+	Steinar H. Gunderson <sgunderson at bigfoot.com>
+	Knut Auvor Grythe <knut at auvor.no>
 
 Copyright:
 
@@ -17,6 +21,13 @@
 On a Debian system, the license can be found at
 /usr/share/common-licenses/Apache-2.0 .
 
+APACHE2-MPM-ITK:
+
+apache2-mpm-itk is copyright Steinar H. Gunderson <sgunderson at bigfoot.com>
+and Knut Auvor Grythe <knut at auvor.no>, and is provided under the same license
+as the Apache web server.
+
+Get the latest version at http://mpm-itk.sesse.net/ .
 
 APACHE HTTP SERVER SUBCOMPONENTS: 
 

Added: trunk/apache2/mpm-itk/CHANGES
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/CHANGES?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/CHANGES (added)
+++ trunk/apache2/mpm-itk/CHANGES Tue Aug  4 08:42:29 2009
@@ -1,0 +1,44 @@
+apache2.2-mpm-itk 2.2.11-02, released 2009-04-14:
+
+  * Really fix the waitpid() code; thanks to Dave Cundiff for spotting the typo.
+  * Add CAP_DAC_READ_SEARCH to the list of capabilities, so Apache can read
+    .htaccess files that are not world readable. This should fix some of the
+    "permission denied" problems that cropped up in 2.2.11-01, although you
+    will still see the problem if you use root-squashed NFS.
+
+apache2.2-mpm-itk 2.2.11-01, released 2009-03-21:
+
+  * NOTE: This release contains major new functionality. As with mpm-itk in
+    general, you may want to consider closely whether you actually want to
+    put it in production. Also note that Apache 2.0 is no longer supported.
+  * Updated for Apache 2.2.11 (in particular, prefork had a few minor changes
+    that are now incorporated).
+  * Allow uid/gid and nice value to be set per-directory (actually per-location)
+    in addition to per-vhost. Adapted from patch by Knut Auvor Grythe.
+  * Some minor code cleanups.
+  * If waitpid() is interrupted by a signal (returning EINTR), try again.
+    This fixes a race condition where a graceful restart could fail and hang
+    the child forever. Adapted from patch by Jan Boysen, who also diagnosed and
+    reported the bug.
+  * As a side effect of the per-directory patches doing proper config merging,
+    you can now set default values for all options outside the vhost definitions
+    and have them get properly overridden by settings in more specific scopes.
+  * Fix a small memory leak on reload by using apr_pstrdup() instead of
+    strdup().
+
+apache2.2-mpm-itk 2.2.6-02, released 2008-07-27:
+
+  * Fix a typo in the autoconf snippet that would prevent building with
+    capability dropping support. Note that you'll need to run autoheader before
+    autoconf to get -lcap detected (the Debian/Ubuntu packages was missing
+    this, so others might as well).
+
+apache2.2-mpm-itk 2.2.6-01, released 2008-01-05:
+
+  * Updated 01-copy-prefork.patch to let prefork.c come from Apache 2.2.6
+    instead of 2.2.3. Updated all the patches so they apply cleanly
+    afterwards. In other words, there is no mpm-itk-specific functionality
+    in this release, it's only a maintenance release against the latest
+    Apache.
+  * Removed a few instances of trailing whitespace in the patches.
+  * Added this changelog.

Added: trunk/apache2/mpm-itk/COPYRIGHT
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/COPYRIGHT?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/COPYRIGHT (added)
+++ trunk/apache2/mpm-itk/COPYRIGHT Tue Aug  4 08:42:29 2009
@@ -1,0 +1,686 @@
+apache2-mpm-itk is copyright Steinar H. Gunderson <sgunderson at bigfoot.com>
+and Knut Auvor Grythe <knut at auvor.no>, and is provided under the same license
+as the Apache web server.
+
+Get the latest version at http://mpm-itk.sesse.net/ .
+
+The entire license text for Apache is:
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+
+
+APACHE HTTP SERVER SUBCOMPONENTS: 
+
+The Apache HTTP Server includes a number of subcomponents with
+separate copyright notices and license terms. Your use of the source
+code for the these subcomponents is subject to the terms and
+conditions of the following licenses. 
+
+For the mod_mime_magic component:
+
+/*
+ * mod_mime_magic: MIME type lookup via file magic numbers
+ * Copyright (c) 1996-1997 Cisco Systems, Inc.
+ *
+ * This software was submitted by Cisco Systems to the Apache Group in July
+ * 1997.  Future revisions and derivatives of this source code must
+ * acknowledge Cisco Systems as the original contributor of this module.
+ * All other licensing and usage conditions are those of the Apache Group.
+ *
+ * Some of this code is derived from the free version of the file command
+ * originally posted to comp.sources.unix.  Copyright info for that program
+ * is included below as required.
+ * ---------------------------------------------------------------------------
+ * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
+ *
+ * This software is not subject to any license of the American Telephone and
+ * Telegraph Company or of the Regents of the University of California.
+ *
+ * Permission is granted to anyone to use this software for any purpose on any
+ * computer system, and to alter it and redistribute it freely, subject to
+ * the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission.  Since few users ever read sources, credits
+ * must appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software.  Since few users ever read
+ * sources, credits must appear in the documentation.
+ *
+ * 4. This notice may not be removed or altered.
+ * -------------------------------------------------------------------------
+ *
+ */
+
+
+For the  modules\mappers\mod_imap.c component:
+
+  "macmartinized" polygon code copyright 1992 by Eric Haines, erich at eye.com
+
+For the  server\util_md5.c component:
+
+/************************************************************************
+ * NCSA HTTPd Server
+ * Software Development Group
+ * National Center for Supercomputing Applications
+ * University of Illinois at Urbana-Champaign
+ * 605 E. Springfield, Champaign, IL 61820
+ * httpd at ncsa.uiuc.edu
+ *
+ * Copyright  (C)  1995, Board of Trustees of the University of Illinois
+ *
+ ************************************************************************
+ *
+ * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code
+ *
+ *  Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc.
+ *  Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon
+ *     University (see Copyright below).
+ *  Portions of Content-MD5 code Copyright (C) 1991 Bell Communications 
+ *     Research, Inc. (Bellcore) (see Copyright below).
+ *  Portions extracted from mpack, John G. Myers - jgm+ at cmu.edu
+ *  Content-MD5 Code contributed by Martin Hamilton (martin at net.lut.ac.uk)
+ *
+ */
+
+
+/* these portions extracted from mpack, John G. Myers - jgm+ at cmu.edu */
+/* (C) Copyright 1993,1994 by Carnegie Mellon University
+ * All Rights Reserved.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without
+ * fee, provided that the above copyright notice appear in all copies
+ * and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of Carnegie
+ * Mellon University not be used in advertising or publicity
+ * pertaining to distribution of the software without specific,
+ * written prior permission.  Carnegie Mellon University makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied
+ * warranty.
+ *
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+ * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore)
+ *
+ * Permission to use, copy, modify, and distribute this material
+ * for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice and this permission notice
+ * appear in all copies, and that the name of Bellcore not be
+ * used in advertising or publicity pertaining to this
+ * material without the specific, prior written permission
+ * of an authorized representative of Bellcore.  BELLCORE
+ * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY
+ * OF THIS MATERIAL FOR ANY PURPOSE.  IT IS PROVIDED "AS IS",
+ * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.  
+ */
+
+For the  srclib\apr\include\apr_md5.h component: 
+/*
+ * This is work is derived from material Copyright RSA Data Security, Inc.
+ *
+ * The RSA copyright statement and Licence for that original material is
+ * included below. This is followed by the Apache copyright statement and
+ * licence for the modifications made to that material.
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+
+For the  srclib\apr\passwd\apr_md5.c component:
+
+/*
+ * This is work is derived from material Copyright RSA Data Security, Inc.
+ *
+ * The RSA copyright statement and Licence for that original material is
+ * included below. This is followed by the Apache copyright statement and
+ * licence for the modifications made to that material.
+ */
+
+/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+/*
+ * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0
+ * MD5 crypt() function, which is licenced as follows:
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk at login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.  Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+
+For the srclib\apr-util\crypto\apr_md4.c component:
+
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+ * rights reserved.
+ *
+ * License to copy and use this software is granted provided that it
+ * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
+ * Algorithm" in all material mentioning or referencing this software
+ * or this function.
+ *
+ * License is also granted to make and use derivative works provided
+ * that such works are identified as "derived from the RSA Data
+ * Security, Inc. MD4 Message-Digest Algorithm" in all material
+ * mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+For the srclib\apr-util\include\apr_md4.h component:
+
+ *
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+ * rights reserved.
+ *
+ * License to copy and use this software is granted provided that it
+ * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
+ * Algorithm" in all material mentioning or referencing this software
+ * or this function.
+ *
+ * License is also granted to make and use derivative works provided
+ * that such works are identified as "derived from the RSA Data
+ * Security, Inc. MD4 Message-Digest Algorithm" in all material
+ * mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+
+For the srclib\apr-util\test\testdbm.c component:
+
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2002 The Apache Software Foundation.  All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ *    if any, must include the following acknowledgment:
+ *       "This product includes software developed by the
+ *        Apache Software Foundation (http://www.apache.org/)."
+ *    Alternately, this acknowledgment may appear in the software itself,
+ *    if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ *    not be used to endorse or promote products derived from this
+ *    software without prior written permission. For written
+ *    permission, please contact apache at apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ *    nor may "Apache" appear in their name, without prior written
+ *    permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * This file came from the SDBM package (written by oz at nexus.yorku.ca).
+ * That package was under public domain. This file has been ported to
+ * APR, updated to ANSI C and other, newer idioms, and added to the Apache
+ * codebase under the above copyright and license.
+ */
+
+
+For the srclib\apr-util\test\testmd4.c component:
+
+ *
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
+ * rights reserved.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+For the srclib\apr-util\xml\expat\conftools\install-sh component:
+
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+#
+
+For the srclib\pcre\install-sh component:
+
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+
+For the pcre component:
+
+PCRE LICENCE
+------------
+
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+Written by: Philip Hazel <ph10 at cam.ac.uk>
+
+University of Cambridge Computing Service,
+Cambridge, England. Phone: +44 1223 334714.
+
+Copyright (c) 1997-2001 University of Cambridge
+
+Permission is granted to anyone to use this software for any purpose on any
+computer system, and to redistribute it freely, subject to the following
+restrictions:
+
+1. This software is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+2. The origin of this software must not be misrepresented, either by
+   explicit claim or by omission. In practice, this means that if you use
+   PCRE in software which you distribute to others, commercially or
+   otherwise, you must put a sentence like this
+
+     Regular expression support is provided by the PCRE library package,
+     which is open source software, written by Philip Hazel, and copyright
+     by the University of Cambridge, England.
+
+   somewhere reasonably visible in your documentation and in any relevant
+   files or online help data or similar. A reference to the ftp site for
+   the source, that is, to
+
+     ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
+
+   should also be given in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.
+
+4. If PCRE is embedded in any software that is released under the GNU
+   General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL),
+   then the terms of that licence shall supersede any condition above with
+   which it is incompatible.
+
+The documentation for PCRE, supplied in the "doc" directory, is distributed
+under the same terms as the software itself.
+
+End PCRE LICENCE
+
+
+For the test\zb.c component:
+
+/*                          ZeusBench V1.01
+			    ===============
+
+This program is Copyright (C) Zeus Technology Limited 1996.
+
+This program may be used and copied freely providing this copyright notice
+is not removed.
+
+This software is provided "as is" and any express or implied waranties, 
+including but not limited to, the implied warranties of merchantability and
+fitness for a particular purpose are disclaimed.  In no event shall 
+Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, 
+exemplary, or consequential damaged (including, but not limited to, 
+procurement of substitute good or services; loss of use, data, or profits;
+or business interruption) however caused and on theory of liability.  Whether
+in contract, strict liability or tort (including negligence or otherwise) 
+arising in any way out of the use of this software, even if advised of the
+possibility of such damage.
+
+     Written by Adam Twiss (adam at zeus.co.uk).  March 1996
+
+Thanks to the following people for their input:
+  Mike Belshe (mbelshe at netscape.com) 
+  Michael Campanella (campanella at stevms.enet.dec.com)
+
+*/
+
+For the expat xml parser component:
+
+Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
+                               and Clark Cooper
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+	
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+	
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+====================================================================

Added: trunk/apache2/mpm-itk/README
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/README?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/README (added)
+++ trunk/apache2/mpm-itk/README Tue Aug  4 08:42:29 2009
@@ -1,0 +1,121 @@
+This is a copy of the documentation available at http://mpm-itk.sesse.net/,
+dumped with the Lynx web browser and edited briefly.
+
+                              The Apache 2 ITK MPM
+
+   apache2-mpm-itk (just mpm-itk for short) is an MPM (Multi-Processing
+   Module) for the [1]Apache web server. mpm-itk allows you to run each of
+   your vhost under a separate uid and gid -- in short, the scripts and
+   configuration files for one vhost no longer have to be readable for all
+   the other vhosts.
+
+   There are already MPMs available that do this; however, I am not aware
+   of any besides mpm-itk that are actively developed. (If you only run
+   CGI scripts, suexec will probably solve most of your problems with any
+   MPM.)
+
+   mpm-itk is based on the traditional prefork MPM, which means it's
+   non-threaded; in short, this means you can run non-thread-aware code
+   (like many [2]PHP extensions) without problems. On the other hand, you
+   lose out to any performance benefit you'd get with threads, of course;
+   you'd have to decide for yourself if that's worth it or not. You will
+   also take an additional performance hit over prefork, since there's an
+   extra fork per request.
+
+Installation
+
+   If you can't apply a patch, you probably should not be using this. :-)
+   However, several distributions now include mpm-itk as a choice
+   alongside the other MPMs; in alphabetical order:
+     * [3]Arch Linux
+     * [4]Debian GNU/Linux
+     * [5]FreeBSD ports
+     * [6]Gentoo Linux
+     * [7]Mandriva
+     * [8]Ubuntu
+
+   If you know of any I missed, or if you have included mpm-itk in your
+   favourite distribution, please drop me a note (see below). I'd always
+   be happy to expand this list :-)
+
+Configuration
+
+   The new configuration settings compared to the prefork MPM are:
+     * AssignUserID: Takes two parameters, uid and gid (or really, user
+       name and group name); specifies what uid and gid the vhost will run
+       as (after parsing the request etc., of course). Note that if you do
+       not assign a user ID, the default one from Apache will be used.
+     * MaxClientsVHost: A separate MaxClients for the vhost. This can be
+       useful if, say, half of your vhosts depend on some NFS server (like
+       on our setup); if the NFS server goes down, you do not want the
+       children waiting forever on NFS to take the non-NFS-dependent hosts
+       down. This can thus act as a safety measure, giving "server too
+       busy" on the NFS-dependent vhosts while keeping the other ones
+       happily running. (Of course, you could use it to simply keep one
+       site from eating way too much resources, but there are probably
+       better ways of doing that.)
+     * NiceValue: Lets you nice some requests down, to give them less CPU
+       time.
+
+   AssignUserID and NiceValue can be set wherever you'd like in the Apache
+   configuration, except in .htaccess. MaxClientsVHost can only be set
+   inside a VirtualHost directive.
+
+Quirks and warnings
+
+   Since mpm-itk has to be able to setuid(), it runs as root (although
+   restricted with POSIX capabilities where possible) until the request is
+   parsed and the vhost determined. This means that any security hole
+   before the request is parsed will be a root security hole. (The most
+   likely place is probably in mod_ssl.) This is not going to change in
+   the near future, as the most likely alternative solution (socket
+   passing and its variants) is very hard to get to work properly in a
+   number of common use cases, like SSL.
+
+   The lack of socket passing also leads to another minor quirk: if you
+   connect to httpd, make a request and then make a request on the same
+   connection that gets handled by a different uid, mpm-itk simply shuts
+   down the connection. This is perfectly legal according to RFC2616, and
+   all major clients seem to handle it well; the web server simply
+   simulates a timeout, and the client just opens a new connection and
+   retries the request. However, there is a small performance hit, and
+   thus you should avoid including content from multiple uids in the same
+   page.
+
+   Note that mpm-itk is experimental software; and we've done a fair
+   amount of stress testing, but it's nowhere as tested as, say, prefork.
+   That being said, it's being run in production at several sites in the
+   world, both hobbyist and commercial, some as large as ~10 million hits
+   a day.
+
+   People have reported issues with mpm-itk and mod_python, mod_ruby and
+   FastCGI. I believe the mod_python and FastCGI problems have been
+   largely solved by updates to those packages, but as I use neither, I
+   can't really guarantee anything. YMMV, test before use.
+
+Licensing
+
+   mpm-itk is licensed under the Apache License, version 2.0, like the
+   rest of Apache.
+
+Contact
+
+   mpm-itk is developed by Steinar H. Gunderson; e-mail address is at my
+   [9]home page.
+
+   There is a user mailing list at mpm-itk [at] lists.err.no. Visit the
+   [10]mailing list page to subscribe, or send a blank e-mail to
+   mpm-itk-subscribe [at] lists.err.no.
+
+References
+
+   1. http://www.apache.org/
+   2. http://www.php.net/
+   3. http://www.archlinux.org/
+   4. http://www.debian.org/
+   5. http://www.freebsd.org/
+   6. http://www.gentoo.org/
+   7. http://www.mandriva.com/
+   8. http://www.ubuntu.com/
+   9. http://www.sesse.net/
+  10. http://lists.err.no/mailman/listinfo/mpm-itk

Added: trunk/apache2/mpm-itk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/debian/changelog?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/debian/changelog (added)
+++ trunk/apache2/mpm-itk/debian/changelog Tue Aug  4 08:42:29 2009
@@ -1,0 +1,117 @@
+apache2-mpm-itk has been merged into the apache2 source package. For newer
+changes, see the apache2 changelog.
+
+apache2-mpm-itk (2.2.11-02-1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Tue, 14 Apr 2009 23:47:36 +0200
+
+apache2-mpm-itk (2.2.11-01-1) unstable; urgency=low
+
+  * New upstream release.
+    * Updated debian/copyright file with COPYRIGHT from the tarball.
+    * Updated apache2-src build-dependency to make sure we build against Apache
+      2.2.11. (The patch set itself will work just fine for 2.2.9, although
+      not without some fuzz.)
+  * Updated Standards-Version to 3.8.1 (no changes needed).
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Sun, 22 Mar 2009 15:39:39 +0100
+
+apache2-mpm-itk (2.2.6-02-1) unstable; urgency=medium
+
+  * New upstream release.
+    * Fixes a configure test for libcap.
+  * Update Debian package to fix fine-grained capability dropping support.
+    Together with the upstream fixes, this enables capability dropping,
+    which was previously broken. (Closes: #492614)
+    * Run autoheader before autoconf, so HAVE_LIBCAP gets into the right .h
+      file.
+    * Change build-dependency from libcap-dev to libcap2-dev, as libcap-dev is
+      deprecated.
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Sun, 27 Jul 2008 22:18:26 +0200
+
+apache2-mpm-itk (2.2.6-01-3.1) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Correctly determine the dependency on apache2.2-common. (Closes: #477772)
+
+ -- Stefan Fritsch <sf at debian.org>  Wed, 18 Jun 2008 23:09:34 +0200
+
+apache2-mpm-itk (2.2.6-01-3) unstable; urgency=low
+
+  * Use config.nice from apache2-src. This allows us to drop the
+    build-dependency on apache2-prefork-dev.
+    * Bump versioned build-dependency on apache2-src to 2.2.9.
+    * Build-depend on libaprutil1-dev, since we no lenger get it in
+      transitively from apache2-prefork-dev.
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Sun, 15 Jun 2008 10:11:49 -0700
+
+apache2-mpm-itk (2.2.6-01-2) unstable; urgency=low
+
+  * Update the long description to better reflect the status of the package
+    (it can hardly be called “highly experimental” anymore).
+  * Lintian fixes:
+    * Build-depend on apache2-src (>= 2.2.6) instead of apache2-src
+      (>= 2.2.6-1).
+    * Update to Standards-Version 3.7.3 (no changes needed).
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Tue, 29 Apr 2008 00:55:41 +0200
+
+apache2-mpm-itk (2.2.6-01-1) unstable; urgency=high
+
+  * New upstream release, with patches updated for Apache 2.2.6. Should fix
+    FTBFS (but that FTBFS was silently ignored, see next item).
+    * Update the apache2-src build dependency to at least 2.2.6-1, as I'm
+      unsure of the effects of building with this patch set against older
+      versions.
+  * Use "set -e" in the patch target so failing hunks are not ignored during
+    building.
+  * Updated the homepage URL in debian/copyright, and added
+    licensing/copyright/tarball information.
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Sat, 05 Jan 2008 12:27:08 +0100
+
+apache2-mpm-itk (2.2.3-04-3) unstable; urgency=medium
+
+  * Provide and conflict with apache2-mpm, in line with new practice from
+    the main Apache package. This replaces the old conflict lines, as well as
+    the Provides: apache2-modules.
+  * apache2-src now contains a top-level directory; adjust debian/rules
+    accordingly so we just unpack the tarball instead of making an apache2.2
+    directory and untarring within that. Fixes FTBFS with newer apache2-src.
+    (Closes: #428919)
+    * Build-depend on apache2-src (>= 2.2.3-5), as this will now FTBFS with
+      older apache2-src versions.
+  * Remove an obsolete comment from the debian/rules source target.
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Fri, 15 Jun 2007 13:19:51 +0200
+
+apache2-mpm-itk (2.2.3-04-2) unstable; urgency=low
+
+  * Don't build-depend on libcap-dev for non-Linux architectures, which
+    prevents building on those; patch from Cyril Brulebois.
+    (Closes: #416460)
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Sat, 19 May 2007 01:48:11 +0200
+
+apache2-mpm-itk (2.2.3-04-1) unstable; urgency=low
+
+  * New upstream release; now with split patches in a tarball (with license
+    and all) instead of one monolithic patch.
+    * Adjust debian/rules accordingly.
+    * Make a "source" target that uses quilt instead of manual patching.
+  * Remove workaround for old apache2-src.
+  * Drop dh_testroot from the clean target, as we do not really need root for
+    it, and it's convenient to be able to just do "debian/rules source" without
+    using fakeroot.
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Wed, 25 Apr 2007 14:13:33 +0200
+
+apache2-mpm-itk (2.2.3-01-1) unstable; urgency=low
+
+  * Initial port to Apache 2.2, and upload to Debian.
+
+ -- Steinar H. Gunderson <sesse at debian.org>  Sun, 29 Oct 2006 23:05:36 +0100

Added: trunk/apache2/mpm-itk/patches/01-copy-prefork.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/01-copy-prefork.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/01-copy-prefork.patch (added)
+++ trunk/apache2/mpm-itk/patches/01-copy-prefork.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,1662 @@
+Just copies server/mpm/prefork/* to server/mpm/experimental/itk/, with prefork.c
+copied to itk.c. Basically the patch equivalent of
+
+  mkdir server/mpm/experimental/itk/
+  cp server/mpm/prefork/* server/mpm/experimental/itk/
+  mv server/mpm/experimental/itk/prefork.c server/mpm/experimental/itk/itk.c
+
+Index: httpd-2.2.11/server/mpm/experimental/itk/Makefile.in
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in	2009-03-17 21:38:54.000000000 +0100
+@@ -0,0 +1,5 @@
++
++LTLIBRARY_NAME    = libprefork.la
++LTLIBRARY_SOURCES = prefork.c
++
++include $(top_srcdir)/build/ltlib.mk
+Index: httpd-2.2.11/server/mpm/experimental/itk/config.m4
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4	2009-03-17 21:38:53.000000000 +0100
+@@ -0,0 +1,3 @@
++if test "$MPM_NAME" = "prefork" ; then
++    APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile)
++fi
+Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c	2009-03-17 21:38:54.000000000 +0100
+@@ -0,0 +1,1486 @@
++/* Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements.  See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License.  You may obtain a copy of the License at
++ *
++ *     http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#include "apr.h"
++#include "apr_portable.h"
++#include "apr_strings.h"
++#include "apr_thread_proc.h"
++#include "apr_signal.h"
++
++#define APR_WANT_STDIO
++#define APR_WANT_STRFUNC
++#include "apr_want.h"
++
++#if APR_HAVE_UNISTD_H
++#include <unistd.h>
++#endif
++#if APR_HAVE_SYS_TYPES_H
++#include <sys/types.h>
++#endif
++
++#define CORE_PRIVATE
++
++#include "ap_config.h"
++#include "httpd.h"
++#include "mpm_default.h"
++#include "http_main.h"
++#include "http_log.h"
++#include "http_config.h"
++#include "http_core.h"          /* for get_remote_host */
++#include "http_connection.h"
++#include "scoreboard.h"
++#include "ap_mpm.h"
++#include "unixd.h"
++#include "mpm_common.h"
++#include "ap_listen.h"
++#include "ap_mmn.h"
++#include "apr_poll.h"
++
++#ifdef HAVE_BSTRING_H
++#include <bstring.h>            /* for IRIX, FD_SET calls bzero() */
++#endif
++#ifdef HAVE_TIME_H
++#include <time.h>
++#endif
++#ifdef HAVE_SYS_PROCESSOR_H
++#include <sys/processor.h> /* for bindprocessor() */
++#endif
++
++#include <signal.h>
++#include <sys/times.h>
++
++/* Limit on the total --- clients will be locked out if more servers than
++ * this are needed.  It is intended solely to keep the server from crashing
++ * when things get out of hand.
++ *
++ * We keep a hard maximum number of servers, for two reasons --- first off,
++ * in case something goes seriously wrong, we want to stop the fork bomb
++ * short of actually crashing the machine we're running on by filling some
++ * kernel table.  Secondly, it keeps the size of the scoreboard file small
++ * enough that we can read the whole thing without worrying too much about
++ * the overhead.
++ */
++#ifndef DEFAULT_SERVER_LIMIT
++#define DEFAULT_SERVER_LIMIT 256
++#endif
++
++/* Admin can't tune ServerLimit beyond MAX_SERVER_LIMIT.  We want
++ * some sort of compile-time limit to help catch typos.
++ */
++#ifndef MAX_SERVER_LIMIT
++#define MAX_SERVER_LIMIT 200000
++#endif
++
++#ifndef HARD_THREAD_LIMIT
++#define HARD_THREAD_LIMIT 1
++#endif
++
++/* config globals */
++
++int ap_threads_per_child=0;         /* Worker threads per child */
++static apr_proc_mutex_t *accept_mutex;
++static int ap_daemons_to_start=0;
++static int ap_daemons_min_free=0;
++static int ap_daemons_max_free=0;
++static int ap_daemons_limit=0;      /* MaxClients */
++static int server_limit = DEFAULT_SERVER_LIMIT;
++static int first_server_limit = 0;
++static int changed_limit_at_restart;
++static int mpm_state = AP_MPMQ_STARTING;
++static ap_pod_t *pod;
++
++/*
++ * The max child slot ever assigned, preserved across restarts.  Necessary
++ * to deal with MaxClients changes across AP_SIG_GRACEFUL restarts.  We
++ * use this value to optimize routines that have to scan the entire scoreboard.
++ */
++int ap_max_daemons_limit = -1;
++server_rec *ap_server_conf;
++
++/* one_process --- debugging mode variable; can be set from the command line
++ * with the -X flag.  If set, this gets you the child_main loop running
++ * in the process which originally started up (no detach, no make_child),
++ * which is a pretty nice debugging environment.  (You'll get a SIGHUP
++ * early in standalone_main; just continue through.  This is the server
++ * trying to kill off any child processes which it might have lying
++ * around --- Apache doesn't keep track of their pids, it just sends
++ * SIGHUP to the process group, ignoring it in the root process.
++ * Continue through and you'll be fine.).
++ */
++
++static int one_process = 0;
++
++static apr_pool_t *pconf;               /* Pool for config stuff */
++static apr_pool_t *pchild;              /* Pool for httpd child stuff */
++
++static pid_t ap_my_pid; /* it seems silly to call getpid all the time */
++static pid_t parent_pid;
++#ifndef MULTITHREAD
++static int my_child_num;
++#endif
++ap_generation_t volatile ap_my_generation=0;
++
++#ifdef TPF
++int tpf_child = 0;
++char tpf_server_name[INETD_SERVNAME_LENGTH+1];
++#endif /* TPF */
++
++static volatile int die_now = 0;
++
++#ifdef GPROF
++/*
++ * change directory for gprof to plop the gmon.out file
++ * configure in httpd.conf:
++ * GprofDir $RuntimeDir/   -> $ServerRoot/$RuntimeDir/gmon.out
++ * GprofDir $RuntimeDir/%  -> $ServerRoot/$RuntimeDir/gprof.$pid/gmon.out
++ */
++static void chdir_for_gprof(void)
++{
++    core_server_config *sconf =
++        ap_get_module_config(ap_server_conf->module_config, &core_module);
++    char *dir = sconf->gprof_dir;
++    const char *use_dir;
++
++    if(dir) {
++        apr_status_t res;
++        char *buf = NULL ;
++        int len = strlen(sconf->gprof_dir) - 1;
++        if(*(dir + len) == '%') {
++            dir[len] = '\0';
++            buf = ap_append_pid(pconf, dir, "gprof.");
++        }
++        use_dir = ap_server_root_relative(pconf, buf ? buf : dir);
++        res = apr_dir_make(use_dir,
++                           APR_UREAD | APR_UWRITE | APR_UEXECUTE |
++                           APR_GREAD | APR_GEXECUTE |
++                           APR_WREAD | APR_WEXECUTE, pconf);
++        if(res != APR_SUCCESS && !APR_STATUS_IS_EEXIST(res)) {
++            ap_log_error(APLOG_MARK, APLOG_ERR, res, ap_server_conf,
++                         "gprof: error creating directory %s", dir);
++        }
++    }
++    else {
++        use_dir = ap_server_root_relative(pconf, DEFAULT_REL_RUNTIMEDIR);
++    }
++
++    chdir(use_dir);
++}
++#else
++#define chdir_for_gprof()
++#endif
++
++/* XXX - I don't know if TPF will ever use this module or not, so leave
++ * the ap_check_signals calls in but disable them - manoj */
++#define ap_check_signals()
++
++/* a clean exit from a child with proper cleanup */
++static void clean_child_exit(int code) __attribute__ ((noreturn));
++static void clean_child_exit(int code)
++{
++    mpm_state = AP_MPMQ_STOPPING;
++
++    if (pchild) {
++        apr_pool_destroy(pchild);
++    }
++    ap_mpm_pod_close(pod);
++    chdir_for_gprof();
++    exit(code);
++}
++
++static void accept_mutex_on(void)
++{
++    apr_status_t rv = apr_proc_mutex_lock(accept_mutex);
++    if (rv != APR_SUCCESS) {
++        const char *msg = "couldn't grab the accept mutex";
++
++        if (ap_my_generation !=
++            ap_scoreboard_image->global->running_generation) {
++            ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg);
++            clean_child_exit(0);
++        }
++        else {
++            ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg);
++            exit(APEXIT_CHILDFATAL);
++        }
++    }
++}
++
++static void accept_mutex_off(void)
++{
++    apr_status_t rv = apr_proc_mutex_unlock(accept_mutex);
++    if (rv != APR_SUCCESS) {
++        const char *msg = "couldn't release the accept mutex";
++
++        if (ap_my_generation !=
++            ap_scoreboard_image->global->running_generation) {
++            ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg);
++            /* don't exit here... we have a connection to
++             * process, after which point we'll see that the
++             * generation changed and we'll exit cleanly
++             */
++        }
++        else {
++            ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg);
++            exit(APEXIT_CHILDFATAL);
++        }
++    }
++}
++
++/* On some architectures it's safe to do unserialized accept()s in the single
++ * Listen case.  But it's never safe to do it in the case where there's
++ * multiple Listen statements.  Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
++ * when it's safe in the single Listen case.
++ */
++#ifdef SINGLE_LISTEN_UNSERIALIZED_ACCEPT
++#define SAFE_ACCEPT(stmt) do {if (ap_listeners->next) {stmt;}} while(0)
++#else
++#define SAFE_ACCEPT(stmt) do {stmt;} while(0)
++#endif
++
++AP_DECLARE(apr_status_t) ap_mpm_query(int query_code, int *result)
++{
++    switch(query_code){
++    case AP_MPMQ_MAX_DAEMON_USED:
++        *result = ap_daemons_limit;
++        return APR_SUCCESS;
++    case AP_MPMQ_IS_THREADED:
++        *result = AP_MPMQ_NOT_SUPPORTED;
++        return APR_SUCCESS;
++    case AP_MPMQ_IS_FORKED:
++        *result = AP_MPMQ_DYNAMIC;
++        return APR_SUCCESS;
++    case AP_MPMQ_HARD_LIMIT_DAEMONS:
++        *result = server_limit;
++        return APR_SUCCESS;
++    case AP_MPMQ_HARD_LIMIT_THREADS:
++        *result = HARD_THREAD_LIMIT;
++        return APR_SUCCESS;
++    case AP_MPMQ_MAX_THREADS:
++        *result = 0;
++        return APR_SUCCESS;
++    case AP_MPMQ_MIN_SPARE_DAEMONS:
++        *result = ap_daemons_min_free;
++        return APR_SUCCESS;
++    case AP_MPMQ_MIN_SPARE_THREADS:
++        *result = 0;
++        return APR_SUCCESS;
++    case AP_MPMQ_MAX_SPARE_DAEMONS:
++        *result = ap_daemons_max_free;
++        return APR_SUCCESS;
++    case AP_MPMQ_MAX_SPARE_THREADS:
++        *result = 0;
++        return APR_SUCCESS;
++    case AP_MPMQ_MAX_REQUESTS_DAEMON:
++        *result = ap_max_requests_per_child;
++        return APR_SUCCESS;
++    case AP_MPMQ_MAX_DAEMONS:
++        *result = server_limit;
++        return APR_SUCCESS;
++    case AP_MPMQ_MPM_STATE:
++        *result = mpm_state;
++        return APR_SUCCESS;
++    }
++    return APR_ENOTIMPL;
++}
++
++#if defined(NEED_WAITPID)
++/*
++   Systems without a real waitpid sometimes lose a child's exit while waiting
++   for another.  Search through the scoreboard for missing children.
++ */
++int reap_children(int *exitcode, apr_exit_why_e *status)
++{
++    int n, pid;
++
++    for (n = 0; n < ap_max_daemons_limit; ++n) {
++        if (ap_scoreboard_image->servers[n][0].status != SERVER_DEAD &&
++                kill((pid = ap_scoreboard_image->parent[n].pid), 0) == -1) {
++            ap_update_child_status_from_indexes(n, 0, SERVER_DEAD, NULL);
++            /* just mark it as having a successful exit status */
++            *status = APR_PROC_EXIT;
++            *exitcode = 0;
++            return(pid);
++        }
++    }
++    return 0;
++}
++#endif
++
++/*****************************************************************
++ * Connection structures and accounting...
++ */
++
++static void just_die(int sig)
++{
++    clean_child_exit(0);
++}
++
++static void stop_listening(int sig)
++{
++    ap_close_listeners();
++
++    /* For a graceful stop, we want the child to exit when done */
++    die_now = 1;
++}
++
++/* volatile just in case */
++static int volatile shutdown_pending;
++static int volatile restart_pending;
++static int volatile is_graceful;
++
++static void sig_term(int sig)
++{
++    if (shutdown_pending == 1) {
++        /* Um, is this _probably_ not an error, if the user has
++         * tried to do a shutdown twice quickly, so we won't
++         * worry about reporting it.
++         */
++        return;
++    }
++    shutdown_pending = 1;
++    is_graceful = (sig == AP_SIG_GRACEFUL_STOP);
++}
++
++/* restart() is the signal handler for SIGHUP and AP_SIG_GRACEFUL
++ * in the parent process, unless running in ONE_PROCESS mode
++ */
++static void restart(int sig)
++{
++    if (restart_pending == 1) {
++        /* Probably not an error - don't bother reporting it */
++        return;
++    }
++    restart_pending = 1;
++    is_graceful = (sig == AP_SIG_GRACEFUL);
++}
++
++static void set_signals(void)
++{
++#ifndef NO_USE_SIGACTION
++    struct sigaction sa;
++#endif
++
++    if (!one_process) {
++        ap_fatal_signal_setup(ap_server_conf, pconf);
++    }
++
++#ifndef NO_USE_SIGACTION
++    sigemptyset(&sa.sa_mask);
++    sa.sa_flags = 0;
++
++    sa.sa_handler = sig_term;
++    if (sigaction(SIGTERM, &sa, NULL) < 0)
++        ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGTERM)");
++#ifdef AP_SIG_GRACEFUL_STOP
++    if (sigaction(AP_SIG_GRACEFUL_STOP, &sa, NULL) < 0)
++        ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf,
++                     "sigaction(" AP_SIG_GRACEFUL_STOP_STRING ")");
++#endif
++#ifdef SIGINT
++    if (sigaction(SIGINT, &sa, NULL) < 0)
++        ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGINT)");
++#endif
++#ifdef SIGXCPU
++    sa.sa_handler = SIG_DFL;
++    if (sigaction(SIGXCPU, &sa, NULL) < 0)
++        ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)");
++#endif
++#ifdef SIGXFSZ
++    sa.sa_handler = SIG_DFL;
++    if (sigaction(SIGXFSZ, &sa, NULL) < 0)
++        ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)");
++#endif
++#ifdef SIGPIPE
++    sa.sa_handler = SIG_IGN;
++    if (sigaction(SIGPIPE, &sa, NULL) < 0)
++        ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGPIPE)");
++#endif
++
++    /* we want to ignore HUPs and AP_SIG_GRACEFUL while we're busy
++     * processing one
++     */
++    sigaddset(&sa.sa_mask, SIGHUP);
++    sigaddset(&sa.sa_mask, AP_SIG_GRACEFUL);
++    sa.sa_handler = restart;
++    if (sigaction(SIGHUP, &sa, NULL) < 0)
++        ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGHUP)");
++    if (sigaction(AP_SIG_GRACEFUL, &sa, NULL) < 0)
++        ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(" AP_SIG_GRACEFUL_STRING ")");
++#else
++    if (!one_process) {
++#ifdef SIGXCPU
++        apr_signal(SIGXCPU, SIG_DFL);
++#endif /* SIGXCPU */
++#ifdef SIGXFSZ
++        apr_signal(SIGXFSZ, SIG_DFL);
++#endif /* SIGXFSZ */
++    }
++
++    apr_signal(SIGTERM, sig_term);
++#ifdef SIGHUP
++    apr_signal(SIGHUP, restart);
++#endif /* SIGHUP */
++#ifdef AP_SIG_GRACEFUL
++    apr_signal(AP_SIG_GRACEFUL, restart);
++#endif /* AP_SIG_GRACEFUL */
++#ifdef AP_SIG_GRACEFUL_STOP
++    apr_signal(AP_SIG_GRACEFUL_STOP, sig_term);
++#endif /* AP_SIG_GRACEFUL */
++#ifdef SIGPIPE
++    apr_signal(SIGPIPE, SIG_IGN);
++#endif /* SIGPIPE */
++
++#endif
++}
++
++/*****************************************************************
++ * Child process main loop.
++ * The following vars are static to avoid getting clobbered by longjmp();
++ * they are really private to child_main.
++ */
++
++static int requests_this_child;
++static int num_listensocks = 0;
++
++
++int ap_graceful_stop_signalled(void)
++{
++    /* not ever called anymore... */
++    return 0;
++}
++
++
++static void child_main(int child_num_arg)
++{
++    apr_pool_t *ptrans;
++    apr_allocator_t *allocator;
++    apr_status_t status;
++    int i;
++    ap_listen_rec *lr;
++    apr_pollset_t *pollset;
++    ap_sb_handle_t *sbh;
++    apr_bucket_alloc_t *bucket_alloc;
++    int last_poll_idx = 0;
++
++    mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this
++                                   * child initializes
++                                   */
++
++    my_child_num = child_num_arg;
++    ap_my_pid = getpid();
++    requests_this_child = 0;
++
++    ap_fatal_signal_child_setup(ap_server_conf);
++
++    /* Get a sub context for global allocations in this child, so that
++     * we can have cleanups occur when the child exits.
++     */
++    apr_allocator_create(&allocator);
++    apr_allocator_max_free_set(allocator, ap_max_mem_free);
++    apr_pool_create_ex(&pchild, pconf, NULL, allocator);
++    apr_allocator_owner_set(allocator, pchild);
++
++    apr_pool_create(&ptrans, pchild);
++    apr_pool_tag(ptrans, "transaction");
++
++    /* needs to be done before we switch UIDs so we have permissions */
++    ap_reopen_scoreboard(pchild, NULL, 0);
++    status = apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild);
++    if (status != APR_SUCCESS) {
++        ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf,
++                     "Couldn't initialize cross-process lock in child "
++                     "(%s) (%d)", ap_lock_fname, ap_accept_lock_mech);
++        clean_child_exit(APEXIT_CHILDFATAL);
++    }
++
++    if (unixd_setup_child()) {
++        clean_child_exit(APEXIT_CHILDFATAL);
++    }
++
++    ap_run_child_init(pchild, ap_server_conf);
++
++    ap_create_sb_handle(&sbh, pchild, my_child_num, 0);
++
++    (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL);
++
++    /* Set up the pollfd array */
++    /* ### check the status */
++    (void) apr_pollset_create(&pollset, num_listensocks, pchild, 0);
++
++    for (lr = ap_listeners, i = num_listensocks; i--; lr = lr->next) {
++        apr_pollfd_t pfd = { 0 };
++
++        pfd.desc_type = APR_POLL_SOCKET;
++        pfd.desc.s = lr->sd;
++        pfd.reqevents = APR_POLLIN;
++        pfd.client_data = lr;
++
++        /* ### check the status */
++        (void) apr_pollset_add(pollset, &pfd);
++    }
++
++    mpm_state = AP_MPMQ_RUNNING;
++
++    bucket_alloc = apr_bucket_alloc_create(pchild);
++
++    /* die_now is set when AP_SIG_GRACEFUL is received in the child;
++     * shutdown_pending is set when SIGTERM is received when running
++     * in single process mode.  */
++    while (!die_now && !shutdown_pending) {
++        conn_rec *current_conn;
++        void *csd;
++
++        /*
++         * (Re)initialize this child to a pre-connection state.
++         */
++
++        apr_pool_clear(ptrans);
++
++        if ((ap_max_requests_per_child > 0
++             && requests_this_child++ >= ap_max_requests_per_child)) {
++            clean_child_exit(0);
++        }
++
++        (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL);
++
++        /*
++         * Wait for an acceptable connection to arrive.
++         */
++
++        /* Lock around "accept", if necessary */
++        SAFE_ACCEPT(accept_mutex_on());
++
++        if (num_listensocks == 1) {
++            /* There is only one listener record, so refer to that one. */
++            lr = ap_listeners;
++        }
++        else {
++            /* multiple listening sockets - need to poll */
++            for (;;) {
++                apr_int32_t numdesc;
++                const apr_pollfd_t *pdesc;
++
++                /* timeout == -1 == wait forever */
++                status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc);
++                if (status != APR_SUCCESS) {
++                    if (APR_STATUS_IS_EINTR(status)) {
++                        if (one_process && shutdown_pending) {
++                            return;
++                        }
++                        else if (die_now) {
++                            /* In graceful stop/restart; drop the mutex
++                             * and terminate the child. */
++                            SAFE_ACCEPT(accept_mutex_off());
++                            clean_child_exit(0);
++                        }
++                        continue;
++                    }
++                    /* Single Unix documents select as returning errnos
++                     * EBADF, EINTR, and EINVAL... and in none of those
++                     * cases does it make sense to continue.  In fact
++                     * on Linux 2.0.x we seem to end up with EFAULT
++                     * occasionally, and we'd loop forever due to it.
++                     */
++                    ap_log_error(APLOG_MARK, APLOG_ERR, status,
++                                 ap_server_conf, "apr_pollset_poll: (listen)");
++                    SAFE_ACCEPT(accept_mutex_off());
++                    clean_child_exit(1);
++                }
++
++                /* We can always use pdesc[0], but sockets at position N
++                 * could end up completely starved of attention in a very
++                 * busy server. Therefore, we round-robin across the
++                 * returned set of descriptors. While it is possible that
++                 * the returned set of descriptors might flip around and
++                 * continue to starve some sockets, we happen to know the
++                 * internal pollset implementation retains ordering
++                 * stability of the sockets. Thus, the round-robin should
++                 * ensure that a socket will eventually be serviced.
++                 */
++                if (last_poll_idx >= numdesc)
++                    last_poll_idx = 0;
++
++                /* Grab a listener record from the client_data of the poll
++                 * descriptor, and advance our saved index to round-robin
++                 * the next fetch.
++                 *
++                 * ### hmm... this descriptor might have POLLERR rather
++                 * ### than POLLIN
++                 */
++                lr = pdesc[last_poll_idx++].client_data;
++                goto got_fd;
++            }
++        }
++    got_fd:
++        /* if we accept() something we don't want to die, so we have to
++         * defer the exit
++         */
++        status = lr->accept_func(&csd, lr, ptrans);
++
++        SAFE_ACCEPT(accept_mutex_off());      /* unlock after "accept" */
++
++        if (status == APR_EGENERAL) {
++            /* resource shortage or should-not-occur occured */
++            clean_child_exit(1);
++        }
++        else if (status != APR_SUCCESS) {
++            continue;
++        }
++
++        /*
++         * We now have a connection, so set it up with the appropriate
++         * socket options, file descriptors, and read/write buffers.
++         */
++
++        current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
++        if (current_conn) {
++            ap_process_connection(current_conn, csd);
++            ap_lingering_close(current_conn);
++        }
++
++        /* Check the pod and the generation number after processing a
++         * connection so that we'll go away if a graceful restart occurred
++         * while we were processing the connection or we are the lucky
++         * idle server process that gets to die.
++         */
++        if (ap_mpm_pod_check(pod) == APR_SUCCESS) { /* selected as idle? */
++            die_now = 1;
++        }
++        else if (ap_my_generation !=
++                 ap_scoreboard_image->global->running_generation) { /* restart? */
++            /* yeah, this could be non-graceful restart, in which case the
++             * parent will kill us soon enough, but why bother checking?
++             */
++            die_now = 1;
++        }
++    }
++    clean_child_exit(0);
++}
++
++
++static int make_child(server_rec *s, int slot)
++{
++    int pid;
++
++    if (slot + 1 > ap_max_daemons_limit) {
++        ap_max_daemons_limit = slot + 1;
++    }
++
++    if (one_process) {
++        apr_signal(SIGHUP, sig_term);
++        /* Don't catch AP_SIG_GRACEFUL in ONE_PROCESS mode :) */
++        apr_signal(SIGINT, sig_term);
++#ifdef SIGQUIT
++        apr_signal(SIGQUIT, SIG_DFL);
++#endif
++        apr_signal(SIGTERM, sig_term);
++        child_main(slot);
++        return 0;
++    }
++
++    (void) ap_update_child_status_from_indexes(slot, 0, SERVER_STARTING,
++                                               (request_rec *) NULL);
++
++
++#ifdef _OSD_POSIX
++    /* BS2000 requires a "special" version of fork() before a setuid() call */
++    if ((pid = os_fork(unixd_config.user_name)) == -1) {
++#elif defined(TPF)
++    if ((pid = os_fork(s, slot)) == -1) {
++#else
++    if ((pid = fork()) == -1) {
++#endif
++        ap_log_error(APLOG_MARK, APLOG_ERR, errno, s, "fork: Unable to fork new process");
++
++        /* fork didn't succeed. Fix the scoreboard or else
++         * it will say SERVER_STARTING forever and ever
++         */
++        (void) ap_update_child_status_from_indexes(slot, 0, SERVER_DEAD,
++                                                   (request_rec *) NULL);
++
++        /* In case system resources are maxxed out, we don't want
++         * Apache running away with the CPU trying to fork over and
++         * over and over again.
++         */
++        sleep(10);
++
++        return -1;
++    }
++
++    if (!pid) {
++#ifdef HAVE_BINDPROCESSOR
++        /* by default AIX binds to a single processor
++         * this bit unbinds children which will then bind to another cpu
++         */
++        int status = bindprocessor(BINDPROCESS, (int)getpid(),
++                                   PROCESSOR_CLASS_ANY);
++        if (status != OK) {
++            ap_log_error(APLOG_MARK, APLOG_WARNING, errno,
++                         ap_server_conf, "processor unbind failed %d", status);
++        }
++#endif
++        RAISE_SIGSTOP(MAKE_CHILD);
++        AP_MONCONTROL(1);
++        /* Disable the parent's signal handlers and set up proper handling in
++         * the child.
++         */
++        apr_signal(SIGHUP, just_die);
++        apr_signal(SIGTERM, just_die);
++        /* The child process just closes listeners on AP_SIG_GRACEFUL.
++         * The pod is used for signalling the graceful restart.
++         */
++        apr_signal(AP_SIG_GRACEFUL, stop_listening);
++        child_main(slot);
++    }
++
++    ap_scoreboard_image->parent[slot].pid = pid;
++
++    return 0;
++}
++
++
++/* start up a bunch of children */
++static void startup_children(int number_to_start)
++{
++    int i;
++
++    for (i = 0; number_to_start && i < ap_daemons_limit; ++i) {
++        if (ap_scoreboard_image->servers[i][0].status != SERVER_DEAD) {
++            continue;
++        }
++        if (make_child(ap_server_conf, i) < 0) {
++            break;
++        }
++        --number_to_start;
++    }
++}
++
++
++/*
++ * idle_spawn_rate is the number of children that will be spawned on the
++ * next maintenance cycle if there aren't enough idle servers.  It is
++ * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by
++ * without the need to spawn.
++ */
++static int idle_spawn_rate = 1;
++#ifndef MAX_SPAWN_RATE
++#define MAX_SPAWN_RATE  (32)
++#endif
++static int hold_off_on_exponential_spawning;
++
++static void perform_idle_server_maintenance(apr_pool_t *p)
++{
++    int i;
++    int to_kill;
++    int idle_count;
++    worker_score *ws;
++    int free_length;
++    int free_slots[MAX_SPAWN_RATE];
++    int last_non_dead;
++    int total_non_dead;
++
++    /* initialize the free_list */
++    free_length = 0;
++
++    to_kill = -1;
++    idle_count = 0;
++    last_non_dead = -1;
++    total_non_dead = 0;
++
++    for (i = 0; i < ap_daemons_limit; ++i) {
++        int status;
++
++        if (i >= ap_max_daemons_limit && free_length == idle_spawn_rate)
++            break;
++        ws = &ap_scoreboard_image->servers[i][0];
++        status = ws->status;
++        if (status == SERVER_DEAD) {
++            /* try to keep children numbers as low as possible */
++            if (free_length < idle_spawn_rate) {
++                free_slots[free_length] = i;
++                ++free_length;
++            }
++        }
++        else {
++            /* We consider a starting server as idle because we started it
++             * at least a cycle ago, and if it still hasn't finished starting
++             * then we're just going to swamp things worse by forking more.
++             * So we hopefully won't need to fork more if we count it.
++             * This depends on the ordering of SERVER_READY and SERVER_STARTING.
++             */
++            if (status <= SERVER_READY) {
++                ++ idle_count;
++                /* always kill the highest numbered child if we have to...
++                 * no really well thought out reason ... other than observing
++                 * the server behaviour under linux where lower numbered children
++                 * tend to service more hits (and hence are more likely to have
++                 * their data in cpu caches).
++                 */
++                to_kill = i;
++            }
++
++            ++total_non_dead;
++            last_non_dead = i;
++        }
++    }
++    ap_max_daemons_limit = last_non_dead + 1;
++    if (idle_count > ap_daemons_max_free) {
++        /* kill off one child... we use the pod because that'll cause it to
++         * shut down gracefully, in case it happened to pick up a request
++         * while we were counting
++         */
++        ap_mpm_pod_signal(pod);
++        idle_spawn_rate = 1;
++    }
++    else if (idle_count < ap_daemons_min_free) {
++        /* terminate the free list */
++        if (free_length == 0) {
++            /* only report this condition once */
++            static int reported = 0;
++
++            if (!reported) {
++                ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf,
++                            "server reached MaxClients setting, consider"
++                            " raising the MaxClients setting");
++                reported = 1;
++            }
++            idle_spawn_rate = 1;
++        }
++        else {
++            if (idle_spawn_rate >= 8) {
++                ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf,
++                    "server seems busy, (you may need "
++                    "to increase StartServers, or Min/MaxSpareServers), "
++                    "spawning %d children, there are %d idle, and "
++                    "%d total children", idle_spawn_rate,
++                    idle_count, total_non_dead);
++            }
++            for (i = 0; i < free_length; ++i) {
++#ifdef TPF
++                if (make_child(ap_server_conf, free_slots[i]) == -1) {
++                    if(free_length == 1) {
++                        shutdown_pending = 1;
++                        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, ap_server_conf,
++                                    "No active child processes: shutting down");
++                    }
++                }
++#else
++                make_child(ap_server_conf, free_slots[i]);
++#endif /* TPF */
++            }
++            /* the next time around we want to spawn twice as many if this
++             * wasn't good enough, but not if we've just done a graceful
++             */
++            if (hold_off_on_exponential_spawning) {
++                --hold_off_on_exponential_spawning;
++            }
++            else if (idle_spawn_rate < MAX_SPAWN_RATE) {
++                idle_spawn_rate *= 2;
++            }
++        }
++    }
++    else {
++        idle_spawn_rate = 1;
++    }
++}
++
++/*****************************************************************
++ * Executive routines.
++ */
++
++int ap_mpm_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
++{
++    int index;
++    int remaining_children_to_start;
++    apr_status_t rv;
++
++    ap_log_pid(pconf, ap_pid_fname);
++
++    first_server_limit = server_limit;
++    if (changed_limit_at_restart) {
++        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
++                     "WARNING: Attempt to change ServerLimit "
++                     "ignored during restart");
++        changed_limit_at_restart = 0;
++    }
++
++    /* Initialize cross-process accept lock */
++    ap_lock_fname = apr_psprintf(_pconf, "%s.%" APR_PID_T_FMT,
++                                 ap_server_root_relative(_pconf, ap_lock_fname),
++                                 ap_my_pid);
++
++    rv = apr_proc_mutex_create(&accept_mutex, ap_lock_fname,
++                               ap_accept_lock_mech, _pconf);
++    if (rv != APR_SUCCESS) {
++        ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
++                     "Couldn't create accept lock (%s) (%d)",
++                     ap_lock_fname, ap_accept_lock_mech);
++        mpm_state = AP_MPMQ_STOPPING;
++        return 1;
++    }
++
++#if APR_USE_SYSVSEM_SERIALIZE
++    if (ap_accept_lock_mech == APR_LOCK_DEFAULT ||
++        ap_accept_lock_mech == APR_LOCK_SYSVSEM) {
++#else
++    if (ap_accept_lock_mech == APR_LOCK_SYSVSEM) {
++#endif
++        rv = unixd_set_proc_mutex_perms(accept_mutex);
++        if (rv != APR_SUCCESS) {
++            ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
++                         "Couldn't set permissions on cross-process lock; "
++                         "check User and Group directives");
++            mpm_state = AP_MPMQ_STOPPING;
++            return 1;
++        }
++    }
++
++    if (!is_graceful) {
++        if (ap_run_pre_mpm(s->process->pool, SB_SHARED) != OK) {
++            mpm_state = AP_MPMQ_STOPPING;
++            return 1;
++        }
++        /* fix the generation number in the global score; we just got a new,
++         * cleared scoreboard
++         */
++        ap_scoreboard_image->global->running_generation = ap_my_generation;
++    }
++
++    set_signals();
++
++    if (one_process) {
++        AP_MONCONTROL(1);
++        make_child(ap_server_conf, 0);
++    }
++    else {
++    if (ap_daemons_max_free < ap_daemons_min_free + 1)  /* Don't thrash... */
++        ap_daemons_max_free = ap_daemons_min_free + 1;
++
++    /* If we're doing a graceful_restart then we're going to see a lot
++     * of children exiting immediately when we get into the main loop
++     * below (because we just sent them AP_SIG_GRACEFUL).  This happens pretty
++     * rapidly... and for each one that exits we'll start a new one until
++     * we reach at least daemons_min_free.  But we may be permitted to
++     * start more than that, so we'll just keep track of how many we're
++     * supposed to start up without the 1 second penalty between each fork.
++     */
++    remaining_children_to_start = ap_daemons_to_start;
++    if (remaining_children_to_start > ap_daemons_limit) {
++        remaining_children_to_start = ap_daemons_limit;
++    }
++    if (!is_graceful) {
++        startup_children(remaining_children_to_start);
++        remaining_children_to_start = 0;
++    }
++    else {
++        /* give the system some time to recover before kicking into
++         * exponential mode
++         */
++        hold_off_on_exponential_spawning = 10;
++    }
++
++    ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++                "%s configured -- resuming normal operations",
++                ap_get_server_description());
++    ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf,
++                "Server built: %s", ap_get_server_built());
++#ifdef AP_MPM_WANT_SET_ACCEPT_LOCK_MECH
++    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf,
++                "AcceptMutex: %s (default: %s)",
++                apr_proc_mutex_name(accept_mutex),
++                apr_proc_mutex_defname());
++#endif
++    restart_pending = shutdown_pending = 0;
++
++    mpm_state = AP_MPMQ_RUNNING;
++
++    while (!restart_pending && !shutdown_pending) {
++        int child_slot;
++        apr_exit_why_e exitwhy;
++        int status, processed_status;
++        /* this is a memory leak, but I'll fix it later. */
++        apr_proc_t pid;
++
++        ap_wait_or_timeout(&exitwhy, &status, &pid, pconf);
++
++        /* XXX: if it takes longer than 1 second for all our children
++         * to start up and get into IDLE state then we may spawn an
++         * extra child
++         */
++        if (pid.pid != -1) {
++            processed_status = ap_process_child_status(&pid, exitwhy, status);
++            if (processed_status == APEXIT_CHILDFATAL) {
++                mpm_state = AP_MPMQ_STOPPING;
++                return 1;
++            }
++
++            /* non-fatal death... note that it's gone in the scoreboard. */
++            child_slot = find_child_by_pid(&pid);
++            if (child_slot >= 0) {
++                (void) ap_update_child_status_from_indexes(child_slot, 0, SERVER_DEAD,
++                                                           (request_rec *) NULL);
++                if (processed_status == APEXIT_CHILDSICK) {
++                    /* child detected a resource shortage (E[NM]FILE, ENOBUFS, etc)
++                     * cut the fork rate to the minimum
++                     */
++                    idle_spawn_rate = 1;
++                }
++                else if (remaining_children_to_start
++                    && child_slot < ap_daemons_limit) {
++                    /* we're still doing a 1-for-1 replacement of dead
++                     * children with new children
++                     */
++                    make_child(ap_server_conf, child_slot);
++                    --remaining_children_to_start;
++                }
++#if APR_HAS_OTHER_CHILD
++            }
++            else if (apr_proc_other_child_alert(&pid, APR_OC_REASON_DEATH, status) == APR_SUCCESS) {
++                /* handled */
++#endif
++            }
++            else if (is_graceful) {
++                /* Great, we've probably just lost a slot in the
++                 * scoreboard.  Somehow we don't know about this
++                 * child.
++                 */
++                ap_log_error(APLOG_MARK, APLOG_WARNING,
++                            0, ap_server_conf,
++                            "long lost child came home! (pid %ld)", (long)pid.pid);
++            }
++            /* Don't perform idle maintenance when a child dies,
++             * only do it when there's a timeout.  Remember only a
++             * finite number of children can die, and it's pretty
++             * pathological for a lot to die suddenly.
++             */
++            continue;
++        }
++        else if (remaining_children_to_start) {
++            /* we hit a 1 second timeout in which none of the previous
++             * generation of children needed to be reaped... so assume
++             * they're all done, and pick up the slack if any is left.
++             */
++            startup_children(remaining_children_to_start);
++            remaining_children_to_start = 0;
++            /* In any event we really shouldn't do the code below because
++             * few of the servers we just started are in the IDLE state
++             * yet, so we'd mistakenly create an extra server.
++             */
++            continue;
++        }
++
++        perform_idle_server_maintenance(pconf);
++#ifdef TPF
++        shutdown_pending = os_check_server(tpf_server_name);
++        ap_check_signals();
++        sleep(1);
++#endif /*TPF */
++    }
++    } /* one_process */
++
++    mpm_state = AP_MPMQ_STOPPING;
++
++    if (shutdown_pending && !is_graceful) {
++        /* Time to shut down:
++         * Kill child processes, tell them to call child_exit, etc...
++         */
++        if (unixd_killpg(getpgrp(), SIGTERM) < 0) {
++            ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGTERM");
++        }
++        ap_reclaim_child_processes(1);          /* Start with SIGTERM */
++
++        /* cleanup pid file on normal shutdown */
++        {
++            const char *pidfile = NULL;
++            pidfile = ap_server_root_relative (pconf, ap_pid_fname);
++            if ( pidfile != NULL && unlink(pidfile) == 0)
++                ap_log_error(APLOG_MARK, APLOG_INFO,
++                                0, ap_server_conf,
++                                "removed PID file %s (pid=%ld)",
++                                pidfile, (long)getpid());
++        }
++
++        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++                    "caught SIGTERM, shutting down");
++
++        return 1;
++    } else if (shutdown_pending) {
++        /* Time to perform a graceful shut down:
++         * Reap the inactive children, and ask the active ones
++         * to close their listeners, then wait until they are
++         * all done to exit.
++         */
++        int active_children;
++        apr_time_t cutoff = 0;
++
++        /* Stop listening */
++        ap_close_listeners();
++
++        /* kill off the idle ones */
++        ap_mpm_pod_killpg(pod, ap_max_daemons_limit);
++
++        /* Send SIGUSR1 to the active children */
++        active_children = 0;
++        for (index = 0; index < ap_daemons_limit; ++index) {
++            if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) {
++                /* Ask each child to close its listeners. */
++                ap_mpm_safe_kill(MPM_CHILD_PID(index), AP_SIG_GRACEFUL);
++                active_children++;
++            }
++        }
++
++        /* Allow each child which actually finished to exit */
++        ap_relieve_child_processes();
++
++        /* cleanup pid file */
++        {
++            const char *pidfile = NULL;
++            pidfile = ap_server_root_relative (pconf, ap_pid_fname);
++            if ( pidfile != NULL && unlink(pidfile) == 0)
++                ap_log_error(APLOG_MARK, APLOG_INFO,
++                                0, ap_server_conf,
++                                "removed PID file %s (pid=%ld)",
++                                pidfile, (long)getpid());
++        }
++
++        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++           "caught " AP_SIG_GRACEFUL_STOP_STRING ", shutting down gracefully");
++
++        if (ap_graceful_shutdown_timeout) {
++            cutoff = apr_time_now() +
++                     apr_time_from_sec(ap_graceful_shutdown_timeout);
++        }
++
++        /* Don't really exit until each child has finished */
++        shutdown_pending = 0;
++        do {
++            /* Pause for a second */
++            sleep(1);
++
++            /* Relieve any children which have now exited */
++            ap_relieve_child_processes();
++
++            active_children = 0;
++            for (index = 0; index < ap_daemons_limit; ++index) {
++                if (ap_mpm_safe_kill(MPM_CHILD_PID(index), 0) == APR_SUCCESS) {
++                    active_children = 1;
++                    /* Having just one child is enough to stay around */
++                    break;
++                }
++            }
++        } while (!shutdown_pending && active_children &&
++                 (!ap_graceful_shutdown_timeout || apr_time_now() < cutoff));
++
++        /* We might be here because we received SIGTERM, either
++         * way, try and make sure that all of our processes are
++         * really dead.
++         */
++        unixd_killpg(getpgrp(), SIGTERM);
++
++        return 1;
++    }
++
++    /* we've been told to restart */
++    apr_signal(SIGHUP, SIG_IGN);
++    apr_signal(AP_SIG_GRACEFUL, SIG_IGN);
++    if (one_process) {
++        /* not worth thinking about */
++        return 1;
++    }
++
++    /* advance to the next generation */
++    /* XXX: we really need to make sure this new generation number isn't in
++     * use by any of the children.
++     */
++    ++ap_my_generation;
++    ap_scoreboard_image->global->running_generation = ap_my_generation;
++
++    if (is_graceful) {
++        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++                    "Graceful restart requested, doing restart");
++
++        /* kill off the idle ones */
++        ap_mpm_pod_killpg(pod, ap_max_daemons_limit);
++
++        /* This is mostly for debugging... so that we know what is still
++         * gracefully dealing with existing request.  This will break
++         * in a very nasty way if we ever have the scoreboard totally
++         * file-based (no shared memory)
++         */
++        for (index = 0; index < ap_daemons_limit; ++index) {
++            if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) {
++                ap_scoreboard_image->servers[index][0].status = SERVER_GRACEFUL;
++                /* Ask each child to close its listeners.
++                 *
++                 * NOTE: we use the scoreboard, because if we send SIGUSR1
++                 * to every process in the group, this may include CGI's,
++                 * piped loggers, etc. They almost certainly won't handle
++                 * it gracefully.
++                 */
++                ap_mpm_safe_kill(ap_scoreboard_image->parent[index].pid, AP_SIG_GRACEFUL);
++            }
++        }
++    }
++    else {
++        /* Kill 'em off */
++        if (unixd_killpg(getpgrp(), SIGHUP) < 0) {
++            ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGHUP");
++        }
++        ap_reclaim_child_processes(0);          /* Not when just starting up */
++        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++                    "SIGHUP received.  Attempting to restart");
++    }
++
++    return 0;
++}
++
++/* This really should be a post_config hook, but the error log is already
++ * redirected by that point, so we need to do this in the open_logs phase.
++ */
++static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
++{
++    apr_status_t rv;
++
++    pconf = p;
++    ap_server_conf = s;
++
++    if ((num_listensocks = ap_setup_listeners(ap_server_conf)) < 1) {
++        ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_STARTUP, 0,
++                     NULL, "no listening sockets available, shutting down");
++        return DONE;
++    }
++
++    if ((rv = ap_mpm_pod_open(pconf, &pod))) {
++        ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_STARTUP, rv, NULL,
++                "Could not open pipe-of-death.");
++        return DONE;
++    }
++    return OK;
++}
++
++static int prefork_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
++{
++    static int restart_num = 0;
++    int no_detach, debug, foreground;
++    apr_status_t rv;
++
++    mpm_state = AP_MPMQ_STARTING;
++
++    debug = ap_exists_config_define("DEBUG");
++
++    if (debug) {
++        foreground = one_process = 1;
++        no_detach = 0;
++    }
++    else
++    {
++        no_detach = ap_exists_config_define("NO_DETACH");
++        one_process = ap_exists_config_define("ONE_PROCESS");
++        foreground = ap_exists_config_define("FOREGROUND");
++    }
++
++    /* sigh, want this only the second time around */
++    if (restart_num++ == 1) {
++        is_graceful = 0;
++
++        if (!one_process && !foreground) {
++            rv = apr_proc_detach(no_detach ? APR_PROC_DETACH_FOREGROUND
++                                           : APR_PROC_DETACH_DAEMONIZE);
++            if (rv != APR_SUCCESS) {
++                ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL,
++                             "apr_proc_detach failed");
++                return HTTP_INTERNAL_SERVER_ERROR;
++            }
++        }
++
++        parent_pid = ap_my_pid = getpid();
++    }
++
++    unixd_pre_config(ptemp);
++    ap_listen_pre_config();
++    ap_daemons_to_start = DEFAULT_START_DAEMON;
++    ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON;
++    ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON;
++    ap_daemons_limit = server_limit;
++    ap_pid_fname = DEFAULT_PIDLOG;
++    ap_lock_fname = DEFAULT_LOCKFILE;
++    ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD;
++    ap_extended_status = 0;
++#ifdef AP_MPM_WANT_SET_MAX_MEM_FREE
++    ap_max_mem_free = APR_ALLOCATOR_MAX_FREE_UNLIMITED;
++#endif
++
++    apr_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir));
++
++    return OK;
++}
++
++static void prefork_hooks(apr_pool_t *p)
++{
++    /* The prefork open_logs phase must run before the core's, or stderr
++     * will be redirected to a file, and the messages won't print to the
++     * console.
++     */
++    static const char *const aszSucc[] = {"core.c", NULL};
++
++#ifdef AUX3
++    (void) set42sig();
++#endif
++
++    ap_hook_open_logs(prefork_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE);
++    /* we need to set the MPM state before other pre-config hooks use MPM query
++     * to retrieve it, so register as REALLY_FIRST
++     */
++    ap_hook_pre_config(prefork_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
++}
++
++static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg)
++{
++    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++    if (err != NULL) {
++        return err;
++    }
++
++    ap_daemons_to_start = atoi(arg);
++    return NULL;
++}
++
++static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, const char *arg)
++{
++    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++    if (err != NULL) {
++        return err;
++    }
++
++    ap_daemons_min_free = atoi(arg);
++    if (ap_daemons_min_free <= 0) {
++       ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                    "WARNING: detected MinSpareServers set to non-positive.");
++       ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                    "Resetting to 1 to avoid almost certain Apache failure.");
++       ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                    "Please read the documentation.");
++       ap_daemons_min_free = 1;
++    }
++
++    return NULL;
++}
++
++static const char *set_max_free_servers(cmd_parms *cmd, void *dummy, const char *arg)
++{
++    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++    if (err != NULL) {
++        return err;
++    }
++
++    ap_daemons_max_free = atoi(arg);
++    return NULL;
++}
++
++static const char *set_max_clients (cmd_parms *cmd, void *dummy, const char *arg)
++{
++    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++    if (err != NULL) {
++        return err;
++    }
++
++    ap_daemons_limit = atoi(arg);
++    if (ap_daemons_limit > server_limit) {
++       ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                    "WARNING: MaxClients of %d exceeds ServerLimit value "
++                    "of %d servers,", ap_daemons_limit, server_limit);
++       ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                    " lowering MaxClients to %d.  To increase, please "
++                    "see the ServerLimit", server_limit);
++       ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                    " directive.");
++       ap_daemons_limit = server_limit;
++    }
++    else if (ap_daemons_limit < 1) {
++        ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                     "WARNING: Require MaxClients > 0, setting to 1");
++        ap_daemons_limit = 1;
++    }
++    return NULL;
++}
++
++static const char *set_server_limit (cmd_parms *cmd, void *dummy, const char *arg)
++{
++    int tmp_server_limit;
++
++    const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++    if (err != NULL) {
++        return err;
++    }
++
++    tmp_server_limit = atoi(arg);
++    /* you cannot change ServerLimit across a restart; ignore
++     * any such attempts
++     */
++    if (first_server_limit &&
++        tmp_server_limit != server_limit) {
++        /* how do we log a message?  the error log is a bit bucket at this
++         * point; we'll just have to set a flag so that ap_mpm_run()
++         * logs a warning later
++         */
++        changed_limit_at_restart = 1;
++        return NULL;
++    }
++    server_limit = tmp_server_limit;
++
++    if (server_limit > MAX_SERVER_LIMIT) {
++       ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                    "WARNING: ServerLimit of %d exceeds compile time limit "
++                    "of %d servers,", server_limit, MAX_SERVER_LIMIT);
++       ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                    " lowering ServerLimit to %d.", MAX_SERVER_LIMIT);
++       server_limit = MAX_SERVER_LIMIT;
++    }
++    else if (server_limit < 1) {
++        ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                     "WARNING: Require ServerLimit > 0, setting to 1");
++        server_limit = 1;
++    }
++    return NULL;
++}
++
++static const command_rec prefork_cmds[] = {
++UNIX_DAEMON_COMMANDS,
++LISTEN_COMMANDS,
++AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
++              "Number of child processes launched at server startup"),
++AP_INIT_TAKE1("MinSpareServers", set_min_free_servers, NULL, RSRC_CONF,
++              "Minimum number of idle children, to handle request spikes"),
++AP_INIT_TAKE1("MaxSpareServers", set_max_free_servers, NULL, RSRC_CONF,
++              "Maximum number of idle children"),
++AP_INIT_TAKE1("MaxClients", set_max_clients, NULL, RSRC_CONF,
++              "Maximum number of children alive at the same time"),
++AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF,
++              "Maximum value of MaxClients for this run of Apache"),
++AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
++{ NULL }
++};
++
++module AP_MODULE_DECLARE_DATA mpm_prefork_module = {
++    MPM20_MODULE_STUFF,
++    ap_mpm_rewrite_args,        /* hook to run before apache parses args */
++    NULL,                       /* create per-directory config structure */
++    NULL,                       /* merge per-directory config structures */
++    NULL,                       /* create per-server config structure */
++    NULL,                       /* merge per-server config structures */
++    prefork_cmds,               /* command apr_table_t */
++    prefork_hooks,              /* register hooks */
++};
+Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h	2009-03-17 21:38:54.000000000 +0100
+@@ -0,0 +1,62 @@
++/* Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements.  See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License.  You may obtain a copy of the License at
++ *
++ *     http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++/**
++ * @file prefork/mpm.h
++ * @brief Unix Prefork MPM (default for Uinx systems)
++ *
++ * @defgroup APACHE_MPM_PREFORK Unix Prefork
++ * @ingroup  APACHE_MPM APACHE_OS_UNIX
++ * @{
++ */
++
++#include "httpd.h"
++#include "mpm_default.h"
++#include "scoreboard.h"
++#include "unixd.h"
++
++#ifndef APACHE_MPM_PREFORK_H
++#define APACHE_MPM_PREFORK_H
++
++#define PREFORK_MPM
++
++#define MPM_NAME "Prefork"
++
++#define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
++#define AP_MPM_WANT_WAIT_OR_TIMEOUT
++#define AP_MPM_WANT_PROCESS_CHILD_STATUS
++#define AP_MPM_WANT_SET_PIDFILE
++#define AP_MPM_WANT_SET_SCOREBOARD
++#define AP_MPM_WANT_SET_LOCKFILE
++#define AP_MPM_WANT_SET_MAX_REQUESTS
++#define AP_MPM_WANT_SET_COREDUMPDIR
++#define AP_MPM_WANT_SET_ACCEPT_LOCK_MECH
++#define AP_MPM_WANT_SIGNAL_SERVER
++#define AP_MPM_WANT_SET_MAX_MEM_FREE
++#define AP_MPM_WANT_FATAL_SIGNAL_HANDLER
++#define AP_MPM_WANT_SET_GRACEFUL_SHUTDOWN
++#define AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK
++
++#define AP_MPM_USES_POD 1
++#define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
++#define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0)
++#define MPM_ACCEPT_FUNC unixd_accept
++
++extern int ap_threads_per_child;
++extern int ap_max_daemons_limit;
++extern server_rec *ap_server_conf;
++#endif /* APACHE_MPM_PREFORK_H */
++/** @} */
+Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h	2009-03-17 21:38:54.000000000 +0100
+@@ -0,0 +1,74 @@
++/* Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements.  See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License.  You may obtain a copy of the License at
++ *
++ *     http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++/**
++ * @file  prefork/mpm_default.h
++ * @brief Prefork MPM defaults
++ *
++ * @addtogroup APACHE_MPM_PREFORK
++ * @{
++ */
++
++#ifndef APACHE_MPM_DEFAULT_H
++#define APACHE_MPM_DEFAULT_H
++
++/* Number of servers to spawn off by default --- also, if fewer than
++ * this free when the caretaker checks, it will spawn more.
++ */
++#ifndef DEFAULT_START_DAEMON
++#define DEFAULT_START_DAEMON 5
++#endif
++
++/* Maximum number of *free* server processes --- more than this, and
++ * they will die off.
++ */
++
++#ifndef DEFAULT_MAX_FREE_DAEMON
++#define DEFAULT_MAX_FREE_DAEMON 10
++#endif
++
++/* Minimum --- fewer than this, and more will be created */
++
++#ifndef DEFAULT_MIN_FREE_DAEMON
++#define DEFAULT_MIN_FREE_DAEMON 5
++#endif
++
++/* File used for accept locking, when we use a file */
++#ifndef DEFAULT_LOCKFILE
++#define DEFAULT_LOCKFILE DEFAULT_REL_RUNTIMEDIR "/accept.lock"
++#endif
++
++/* Where the main/parent process's pid is logged */
++#ifndef DEFAULT_PIDLOG
++#define DEFAULT_PIDLOG DEFAULT_REL_RUNTIMEDIR "/httpd.pid"
++#endif
++
++/*
++ * Interval, in microseconds, between scoreboard maintenance.
++ */
++#ifndef SCOREBOARD_MAINTENANCE_INTERVAL
++#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000
++#endif
++
++/* Number of requests to try to handle in a single process.  If <= 0,
++ * the children don't die off.
++ */
++#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD
++#define DEFAULT_MAX_REQUESTS_PER_CHILD 10000
++#endif
++
++#endif /* AP_MPM_DEFAULT_H */
++/** @} */

Added: trunk/apache2/mpm-itk/patches/02-rename-prefork-to-itk.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/02-rename-prefork-to-itk.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/02-rename-prefork-to-itk.patch (added)
+++ trunk/apache2/mpm-itk/patches/02-rename-prefork-to-itk.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,157 @@
+Rename prefork to itk in the copy that was created in 01-copy-prefork.patch.
+
+Index: httpd-2.2.11/server/mpm/experimental/itk/Makefile.in
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/Makefile.in	2009-03-17 21:38:54.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in	2009-03-17 21:39:03.000000000 +0100
+@@ -1,5 +1,5 @@
+ 
+-LTLIBRARY_NAME    = libprefork.la
+-LTLIBRARY_SOURCES = prefork.c
++LTLIBRARY_NAME    = libitk.la
++LTLIBRARY_SOURCES = itk.c
+ 
+ include $(top_srcdir)/build/ltlib.mk
+Index: httpd-2.2.11/server/mpm/experimental/itk/config.m4
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/config.m4	2009-03-17 21:38:53.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4	2009-03-17 21:39:03.000000000 +0100
+@@ -1,3 +1,3 @@
+-if test "$MPM_NAME" = "prefork" ; then
++if test "$MPM_NAME" = "itk" ; then
+     APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile)
+ fi
+Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c	2009-03-17 21:38:54.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c	2009-03-17 21:39:03.000000000 +0100
+@@ -1250,7 +1250,7 @@
+ /* This really should be a post_config hook, but the error log is already
+  * redirected by that point, so we need to do this in the open_logs phase.
+  */
+-static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
++static int itk_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
+ {
+     apr_status_t rv;
+ 
+@@ -1271,7 +1271,7 @@
+     return OK;
+ }
+ 
+-static int prefork_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
++static int itk_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
+ {
+     static int restart_num = 0;
+     int no_detach, debug, foreground;
+@@ -1328,9 +1328,9 @@
+     return OK;
+ }
+ 
+-static void prefork_hooks(apr_pool_t *p)
++static void itk_hooks(apr_pool_t *p)
+ {
+-    /* The prefork open_logs phase must run before the core's, or stderr
++    /* The itk open_logs phase must run before the core's, or stderr
+      * will be redirected to a file, and the messages won't print to the
+      * console.
+      */
+@@ -1340,11 +1340,11 @@
+     (void) set42sig();
+ #endif
+ 
+-    ap_hook_open_logs(prefork_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE);
++    ap_hook_open_logs(itk_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE);
+     /* we need to set the MPM state before other pre-config hooks use MPM query
+      * to retrieve it, so register as REALLY_FIRST
+      */
+-    ap_hook_pre_config(prefork_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
++    ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
+ }
+ 
+ static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg)
+@@ -1457,7 +1457,7 @@
+     return NULL;
+ }
+ 
+-static const command_rec prefork_cmds[] = {
++static const command_rec itk_cmds[] = {
+ UNIX_DAEMON_COMMANDS,
+ LISTEN_COMMANDS,
+ AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
+@@ -1474,13 +1474,13 @@
+ { NULL }
+ };
+ 
+-module AP_MODULE_DECLARE_DATA mpm_prefork_module = {
++module AP_MODULE_DECLARE_DATA mpm_itk_module = {
+     MPM20_MODULE_STUFF,
+     ap_mpm_rewrite_args,        /* hook to run before apache parses args */
+     NULL,                       /* create per-directory config structure */
+     NULL,                       /* merge per-directory config structures */
+     NULL,                       /* create per-server config structure */
+     NULL,                       /* merge per-server config structures */
+-    prefork_cmds,               /* command apr_table_t */
+-    prefork_hooks,              /* register hooks */
++    itk_cmds,                   /* command apr_table_t */
++    itk_hooks,                  /* register hooks */
+ };
+Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm.h	2009-03-17 21:38:54.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h	2009-03-17 21:39:03.000000000 +0100
+@@ -15,10 +15,10 @@
+  */
+ 
+ /**
+- * @file prefork/mpm.h
+- * @brief Unix Prefork MPM (default for Uinx systems)
++ * @file itk/mpm.h
++ * @brief ITK MPM (setuid per-vhost, no threads)
+  *
+- * @defgroup APACHE_MPM_PREFORK Unix Prefork
++ * @defgroup APACHE_MPM_ITK Apache ITK
+  * @ingroup  APACHE_MPM APACHE_OS_UNIX
+  * @{
+  */
+@@ -28,12 +28,12 @@
+ #include "scoreboard.h"
+ #include "unixd.h"
+ 
+-#ifndef APACHE_MPM_PREFORK_H
+-#define APACHE_MPM_PREFORK_H
++#ifndef APACHE_MPM_ITK_H
++#define APACHE_MPM_ITK_H
+ 
+-#define PREFORK_MPM
++#define ITK_MPM
+ 
+-#define MPM_NAME "Prefork"
++#define MPM_NAME "ITK"
+ 
+ #define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
+ #define AP_MPM_WANT_WAIT_OR_TIMEOUT
+@@ -58,5 +58,5 @@
+ extern int ap_threads_per_child;
+ extern int ap_max_daemons_limit;
+ extern server_rec *ap_server_conf;
+-#endif /* APACHE_MPM_PREFORK_H */
++#endif /* APACHE_MPM_ITK_H */
+ /** @} */
+Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm_default.h	2009-03-17 21:38:54.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h	2009-03-17 21:39:03.000000000 +0100
+@@ -15,10 +15,10 @@
+  */
+ 
+ /**
+- * @file  prefork/mpm_default.h
+- * @brief Prefork MPM defaults
++ * @file  itk/mpm_default.h
++ * @brief ITK MPM defaults
+  *
+- * @addtogroup APACHE_MPM_PREFORK
++ * @addtogroup APACHE_MPM_ITK
+  * @{
+  */
+ 

Added: trunk/apache2/mpm-itk/patches/03-add-mpm-to-build-system.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/03-add-mpm-to-build-system.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/03-add-mpm-to-build-system.patch (added)
+++ trunk/apache2/mpm-itk/patches/03-add-mpm-to-build-system.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,25 @@
+Add the new MPM to the build system as an alternative to the other MPMs,
+and mark it as experimental.
+
+Index: apache2.2/server/mpm/config.m4
+===================================================================
+--- apache2.2.orig/server/mpm/config.m4	2007-01-29 21:30:26.000000000 +0100
++++ apache2.2/server/mpm/config.m4	2007-01-29 21:30:35.000000000 +0100
+@@ -1,7 +1,7 @@
+ AC_MSG_CHECKING(which MPM to use)
+ AC_ARG_WITH(mpm,
+ APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use.
+-                          MPM={beos|event|worker|prefork|mpmt_os2}),[
++                          MPM={beos|event|worker|prefork|mpmt_os2|itk}),[
+   APACHE_MPM=$withval
+ ],[
+   if test "x$APACHE_MPM" = "x"; then
+@@ -23,7 +23,7 @@
+ 
+ ap_mpm_is_experimental ()
+ {
+-    if test "$apache_cv_mpm" = "event" ; then
++    if test "$apache_cv_mpm" = "event" -o "$apache_cv_mpm" = "itk" ; then
+         return 0
+     else
+         return 1

Added: trunk/apache2/mpm-itk/patches/04-correct-output-makefile-location.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/04-correct-output-makefile-location.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/04-correct-output-makefile-location.patch (added)
+++ trunk/apache2/mpm-itk/patches/04-correct-output-makefile-location.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,13 @@
+Fix the build system to use MPM_SUBDIR_NAME (which points to the directory
+with the MPM in) instead of MPM_NAME (which returns the name of the MPM);
+they differ since the MPM is in experimental/.
+
+Index: apache2.2/server/mpm/experimental/itk/config.m4
+===================================================================
+--- apache2.2.orig/server/mpm/experimental/itk/config.m4	2007-01-29 21:03:51.000000000 +0100
++++ apache2.2/server/mpm/experimental/itk/config.m4	2007-01-29 21:03:57.000000000 +0100
+@@ -1,3 +1,3 @@
+ if test "$MPM_NAME" = "itk" ; then
+-    APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile)
++    APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile)
+ fi

Added: trunk/apache2/mpm-itk/patches/05-add-copyright.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/05-add-copyright.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/05-add-copyright.patch (added)
+++ trunk/apache2/mpm-itk/patches/05-add-copyright.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,87 @@
+Add copyright notices, as the next patches are going to add code.
+
+Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c	2009-03-21 13:02:18.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c	2009-03-21 13:02:33.000000000 +0100
+@@ -12,6 +12,12 @@
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
++ * 
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson at bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ *
++ * Portions copyright 2008 Knut Auvor Grythe <knut at auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
+  */
+ 
+ #include "apr.h"
+Index: httpd-2.2.11/server/mpm/experimental/itk/mpm.h
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm.h	2009-03-21 13:02:18.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h	2009-03-21 13:02:33.000000000 +0100
+@@ -12,6 +12,12 @@
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
++ *
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson at bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ *
++ * Portions copyright 2008 Knut Auvor Grythe <knut at auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
+  */
+ 
+ /**
+Index: httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/mpm_default.h	2009-03-21 13:02:18.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h	2009-03-21 13:02:33.000000000 +0100
+@@ -12,6 +12,12 @@
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
++ * 
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson at bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ * 
++ * Portions copyright 2008 Knut Auvor Grythe <knut at auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
+  */
+ 
+ /**
+Index: httpd-2.2.11/include/http_request.h
+===================================================================
+--- httpd-2.2.11.orig/include/http_request.h	2009-03-21 13:03:19.000000000 +0100
++++ httpd-2.2.11/include/http_request.h	2009-03-21 13:03:31.000000000 +0100
+@@ -12,6 +12,12 @@
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
++ * 
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson at bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ * 
++ * Portions copyright 2008 Knut Auvor Grythe <knut at auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
+  */
+ 
+ /**
+Index: httpd-2.2.11/server/request.c
+===================================================================
+--- httpd-2.2.11.orig/server/request.c	2009-03-21 13:03:04.000000000 +0100
++++ httpd-2.2.11/server/request.c	2009-03-21 13:03:13.000000000 +0100
+@@ -12,6 +12,12 @@
+  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  * See the License for the specific language governing permissions and
+  * limitations under the License.
++ * 
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson at bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ * 
++ * Portions copyright 2008 Knut Auvor Grythe <knut at auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
+  */
+ 
+ /*

Added: trunk/apache2/mpm-itk/patches/06-hook-just-after-merging-perdir-config.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/06-hook-just-after-merging-perdir-config.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/06-hook-just-after-merging-perdir-config.patch (added)
+++ trunk/apache2/mpm-itk/patches/06-hook-just-after-merging-perdir-config.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,60 @@
+Add an extra hook right after merging per-directory configuration.
+This makes sure we are able to setuid() as early as possible (that
+is, as soon as know what uid/gid to use for this location), so we
+won't run all sorts of subrequests and other stuff as root.
+
+Index: httpd-2.2.11/include/http_request.h
+===================================================================
+--- httpd-2.2.11.orig/include/http_request.h	2009-03-21 13:03:31.000000000 +0100
++++ httpd-2.2.11/include/http_request.h	2009-03-21 13:03:41.000000000 +0100
+@@ -356,6 +356,15 @@
+  */
+ AP_DECLARE_HOOK(void,insert_filter,(request_rec *r))
+ 
++/**
++ * This hook allows modules to affect the request immediately after the
++ * per-directory configuration for the request has been generated. This allows
++ * modules to make decisions based upon the current directory configuration
++ * @param r The current request
++ * @return OK or DECLINED
++ */
++AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r))
++ 
+ AP_DECLARE(int) ap_location_walk(request_rec *r);
+ AP_DECLARE(int) ap_directory_walk(request_rec *r);
+ AP_DECLARE(int) ap_file_walk(request_rec *r);
+Index: httpd-2.2.11/server/request.c
+===================================================================
+--- httpd-2.2.11.orig/server/request.c	2009-03-21 13:03:13.000000000 +0100
++++ httpd-2.2.11/server/request.c	2009-03-21 13:03:41.000000000 +0100
+@@ -67,6 +67,7 @@
+     APR_HOOK_LINK(auth_checker)
+     APR_HOOK_LINK(insert_filter)
+     APR_HOOK_LINK(create_request)
++    APR_HOOK_LINK(post_perdir_config)
+ )
+ 
+ AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name,
+@@ -86,6 +87,8 @@
+ AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r))
+ AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request,
+                           (request_rec *r), (r), OK, DECLINED)
++AP_IMPLEMENT_HOOK_RUN_ALL(int,post_perdir_config,
++                          (request_rec *r), (r), OK, DECLINED)
+ 
+ 
+ static int decl_die(int status, char *phase, request_rec *r)
+@@ -164,6 +167,13 @@
+         return access_status;
+     }
+ 
++    /* First chance to handle the request after per-directory configuration is
++     * generated 
++     */
++    if ((access_status = ap_run_post_perdir_config(r))) {
++        return access_status;
++    }
++
+     /* Only on the main request! */
+     if (r->main == NULL) {
+         if ((access_status = ap_run_header_parser(r))) {

Added: trunk/apache2/mpm-itk/patches/07-base-functionality.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/07-base-functionality.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/07-base-functionality.patch (added)
+++ trunk/apache2/mpm-itk/patches/07-base-functionality.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,218 @@
+Add the base functionality of mpm_itk over prefork; parse the new configuration
+options, fork on each new connection, and setuid() as required.
+
+Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c	2009-03-21 23:52:01.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c	2009-04-14 23:27:51.000000000 +0200
+@@ -26,6 +26,11 @@
+ #include "apr_thread_proc.h"
+ #include "apr_signal.h"
+ 
++# define _DBG(text,par...) \
++    ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
++                "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \
++                getpid(), getuid(), getgid(), __FUNCTION__, par)
++
+ #define APR_WANT_STDIO
+ #define APR_WANT_STRFUNC
+ #include "apr_want.h"
+@@ -47,6 +52,7 @@
+ #include "http_config.h"
+ #include "http_core.h"          /* for get_remote_host */
+ #include "http_connection.h"
++#include "http_request.h"       /* for ap_hook_post_perdir_config */
+ #include "scoreboard.h"
+ #include "ap_mpm.h"
+ #include "unixd.h"
+@@ -146,6 +152,15 @@
+ 
+ static volatile int die_now = 0;
+ 
++typedef struct
++{
++    uid_t uid;
++    gid_t gid;
++    char *username;
++} itk_per_dir_conf;
++
++module AP_MODULE_DECLARE_DATA mpm_itk_module;
++
+ #ifdef GPROF
+ /*
+  * change directory for gprof to plop the gmon.out file
+@@ -512,10 +527,6 @@
+         clean_child_exit(APEXIT_CHILDFATAL);
+     }
+ 
+-    if (unixd_setup_child()) {
+-        clean_child_exit(APEXIT_CHILDFATAL);
+-    }
+-
+     ap_run_child_init(pchild, ap_server_conf);
+ 
+     ap_create_sb_handle(&sbh, pchild, my_child_num, 0);
+@@ -651,10 +662,38 @@
+          * socket options, file descriptors, and read/write buffers.
+          */
+ 
+-        current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
+-        if (current_conn) {
+-            ap_process_connection(current_conn, csd);
+-            ap_lingering_close(current_conn);
++        {
++            pid_t pid = fork(), child_pid;
++            int status;
++            switch (pid) {
++            case -1:
++                ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork: Unable to fork new process");
++                break;
++            case 0: /* child */
++                apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild);
++                current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
++                if (current_conn) {
++                    ap_process_connection(current_conn, csd);
++                    ap_lingering_close(current_conn);
++                }
++                exit(0);
++            default: /* parent; just wait for child to be done */
++                do {
++                    child_pid = waitpid(pid, &status, 0);
++                } while (child_pid == -1 && errno == EINTR);
++
++                if (child_pid != pid || !WIFEXITED(status)) {
++                    if (WIFSIGNALED(status)) {
++                        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status));
++                    } else if (WEXITSTATUS(status) != 0) {
++                        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child exited with non-zero exit status %u", WEXITSTATUS(status));
++                    } else {
++                        ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "waitpid() failed");
++                    }
++                    clean_child_exit(1);
++                }
++                break;
++            }
+         }
+ 
+         /* Check the pod and the generation number after processing a
+@@ -672,6 +711,10 @@
+              */
+             die_now = 1;
+         }
++
++        /* if we have already setuid(), die (we can't be used anyhow) */
++        if (getuid())
++            die_now = 1;
+     }
+     clean_child_exit(0);
+ }
+@@ -1334,6 +1377,56 @@
+     return OK;
+ }
+ 
++static int itk_post_perdir_config(request_rec *r)
++{
++    uid_t wanted_uid;
++    gid_t wanted_gid;
++    const char *wanted_username;
++    int err = 0;
++
++    itk_per_dir_conf *dconf =
++        (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
++
++    strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
++    ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
++
++    wanted_uid = dconf->uid;
++    wanted_gid = dconf->gid;
++    wanted_username = dconf->username;
++
++    if (wanted_uid == -1 || wanted_gid == -1) {
++        wanted_uid = unixd_config.user_id;
++        wanted_gid = unixd_config.group_id;
++        wanted_username = unixd_config.user_name;
++    }
++
++    if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
++        if (setgid(wanted_gid)) {
++            _DBG("setgid(%d): %s", wanted_gid, strerror(errno));
++            err = 1;
++        } else if (initgroups(wanted_username, wanted_gid)) {
++            _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno));
++            err = 1;
++        } else if (setuid(wanted_uid)) {
++            _DBG("setuid(%d): %s", wanted_uid, strerror(errno));
++            err = 1;
++        }
++    }
++
++    /*
++     * Most likely a case of switching uid/gid within a persistent
++     * connection; the RFCs allow us to just close the connection
++     * at anytime, so we excercise our right. :-)
++     */
++    if (err) {
++        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
++            "Couldn't set uid/gid, closing connection.");
++        ap_lingering_close(r->connection);
++        exit(0);
++    }
++    return OK;
++}
++
+ static void itk_hooks(apr_pool_t *p)
+ {
+     /* The itk open_logs phase must run before the core's, or stderr
+@@ -1351,6 +1444,9 @@
+      * to retrieve it, so register as REALLY_FIRST
+      */
+     ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
++
++    /* set the uid as fast as possible, but not before merging per-dit config */
++    ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
+ }
+ 
+ static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg)
+@@ -1463,6 +1559,15 @@
+     return NULL;
+ }
+ 
++static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name)
++{
++    itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
++    dconf->username = apr_pstrdup(cmd->pool, user_name);
++    dconf->uid = ap_uname2id(user_name);
++    dconf->gid = ap_gname2id(group_name);
++    return NULL;
++}
++
+ static const command_rec itk_cmds[] = {
+ UNIX_DAEMON_COMMANDS,
+ LISTEN_COMMANDS,
+@@ -1476,14 +1581,25 @@
+               "Maximum number of children alive at the same time"),
+ AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF,
+               "Maximum value of MaxClients for this run of Apache"),
++AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF,
++              "Tie a virtual host to a specific child process."),
+ AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
+ { NULL }
+ };
+ 
++/* == allocate a private per-dir config structure == */
++static void *itk_create_dir_config(apr_pool_t *p, char *dummy)
++{
++    itk_per_dir_conf *c = (itk_per_dir_conf *)
++        apr_pcalloc(p, sizeof(itk_per_dir_conf));
++    c->uid = c->gid = -1;
++    return c;
++}
++
+ module AP_MODULE_DECLARE_DATA mpm_itk_module = {
+     MPM20_MODULE_STUFF,
+     ap_mpm_rewrite_args,        /* hook to run before apache parses args */
+-    NULL,                       /* create per-directory config structure */
++    itk_create_dir_config,      /* create per-directory config structure */
+     NULL,                       /* merge per-directory config structures */
+     NULL,                       /* create per-server config structure */
+     NULL,                       /* merge per-server config structures */

Added: trunk/apache2/mpm-itk/patches/08-max-clients-per-vhost.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/08-max-clients-per-vhost.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/08-max-clients-per-vhost.patch (added)
+++ trunk/apache2/mpm-itk/patches/08-max-clients-per-vhost.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,94 @@
+Enforce the per-vhost server limit. Note that this is per-vhost, not
+per-directory (since it works by reading the scoreboard), so we need to add
+per-server configuration data.
+
+Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c	2009-03-21 13:03:45.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c	2009-03-21 13:03:50.000000000 +0100
+@@ -159,6 +159,11 @@
+     char *username;
+ } itk_per_dir_conf;
+ 
++typedef struct
++{
++    int max_clients_vhost;
++} itk_server_conf;
++
+ module AP_MODULE_DECLARE_DATA mpm_itk_module;
+ 
+ #ifdef GPROF
+@@ -1383,6 +1388,26 @@
+     gid_t wanted_gid;
+     const char *wanted_username;
+     int err = 0;
++    
++    itk_server_conf *sconf =
++        (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module);
++
++    /* Enforce MaxClientsVhost. */
++    if (sconf->max_clients_vhost > 0) {
++        int i, num_other_servers = 0;
++        for (i = 0; i < ap_daemons_limit; ++i) {
++            worker_score *ws = &ap_scoreboard_image->servers[i][0];
++            if (ws->status >= SERVER_BUSY_READ && strncmp(ws->vhost, r->server->server_hostname, 31) == 0)
++                ++num_other_servers;
++        }
++
++        if (num_other_servers > sconf->max_clients_vhost) {
++            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
++                "MaxClientsVhost reached for %s, refusing client.",
++                r->server->server_hostname);
++            return HTTP_SERVICE_UNAVAILABLE;
++        }
++    }
+ 
+     itk_per_dir_conf *dconf =
+         (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
+@@ -1568,6 +1593,14 @@
+     return NULL;
+ }
+ 
++static const char *set_max_clients_vhost (cmd_parms *cmd, void *dummy, const char *arg)   
++{
++    itk_server_conf *sconf =
++        (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module);
++    sconf->max_clients_vhost = atoi(arg);
++    return NULL;
++}
++
+ static const command_rec itk_cmds[] = {
+ UNIX_DAEMON_COMMANDS,
+ LISTEN_COMMANDS,
+@@ -1583,6 +1616,8 @@
+               "Maximum value of MaxClients for this run of Apache"),
+ AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF,
+               "Tie a virtual host to a specific child process."),
++AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF,
++              "Maximum number of children alive at the same time for this virtual host."),
+ AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
+ { NULL }
+ };
+@@ -1596,12 +1631,21 @@
+     return c;
+ }
+ 
++/* == allocate a private server config structure == */
++static void *itk_create_server_config(apr_pool_t *p, server_rec *s)
++{
++    itk_server_conf *c = (itk_server_conf *)
++        apr_pcalloc(p, sizeof(itk_server_conf));
++    c->max_clients_vhost = -1;
++    return c;
++}
++
+ module AP_MODULE_DECLARE_DATA mpm_itk_module = {
+     MPM20_MODULE_STUFF,
+     ap_mpm_rewrite_args,        /* hook to run before apache parses args */
+     itk_create_dir_config,      /* create per-directory config structure */
+     NULL,                       /* merge per-directory config structures */
+-    NULL,                       /* create per-server config structure */
++    itk_create_server_config,   /* create per-server config structure */
+     NULL,                       /* merge per-server config structures */
+     itk_cmds,                   /* command apr_table_t */
+     itk_hooks,                  /* register hooks */

Added: trunk/apache2/mpm-itk/patches/09-capabilities.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/09-capabilities.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/09-capabilities.patch (added)
+++ trunk/apache2/mpm-itk/patches/09-capabilities.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,75 @@
+Use Linux' capability system to run as a sort of "lesser root"; we drop nearly
+all root privilegies except the ability to setuid. An attacker capable of injecting
+code will still be able to run as any (normal) user on the system, but at least
+he/she cannot directly load kernel code etc.
+
+Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c	2009-04-14 23:28:02.000000000 +0200
++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c	2009-04-14 23:29:16.000000000 +0200
+@@ -71,6 +71,10 @@
+ #include <sys/processor.h> /* for bindprocessor() */
+ #endif
+ 
++#if HAVE_LIBCAP
++#include <sys/capability.h>
++#endif
++
+ #include <signal.h>
+ #include <sys/times.h>
+ 
+@@ -501,6 +505,15 @@
+     apr_bucket_alloc_t *bucket_alloc;
+     int last_poll_idx = 0;
+ 
++#if HAVE_LIBCAP
++    cap_t caps;
++    cap_value_t suidcaps[] = {
++        CAP_SETUID,
++        CAP_SETGID,
++	CAP_DAC_READ_SEARCH,
++    };
++#endif    
++
+     mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this
+                                    * child initializes
+                                    */
+@@ -554,6 +567,22 @@
+         (void) apr_pollset_add(pollset, &pfd);
+     }
+ 
++#if HAVE_LIBCAP
++    /* Drop as many privileges as we can. We'll still
++     * access files with uid=0, and we can setuid() to anything, but
++     * at least there's tons of other evilness (like loading kernel
++     * modules) we can't do directly.  (The setuid() capability will
++     * go away automatically when we setuid() or exec() -- the former
++     * is likely to come first.)
++     */
++    caps = cap_init();
++    cap_clear(caps);
++    cap_set_flag(caps, CAP_PERMITTED, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET);
++    cap_set_flag(caps, CAP_EFFECTIVE, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET);
++    cap_set_proc(caps);
++    cap_free(caps);
++#endif    
++
+     mpm_state = AP_MPMQ_RUNNING;
+ 
+     bucket_alloc = apr_bucket_alloc_create(pchild);
+Index: httpd-2.2.11/server/mpm/config.m4
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/config.m4	2009-04-14 23:26:41.000000000 +0200
++++ httpd-2.2.11/server/mpm/config.m4	2009-04-14 23:28:03.000000000 +0200
+@@ -66,6 +66,11 @@
+ else
+   MPM_SUBDIR_NAME=$MPM_NAME
+ fi
++
++if test "$apache_cv_mpm" = "itk" ; then
++  AC_CHECK_LIB(cap, cap_init)
++fi
++
+ MPM_DIR=server/mpm/$MPM_SUBDIR_NAME
+ MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la
+ 

Added: trunk/apache2/mpm-itk/patches/10-nice.patch
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/10-nice.patch?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/10-nice.patch (added)
+++ trunk/apache2/mpm-itk/patches/10-nice.patch Tue Aug  4 08:42:29 2009
@@ -1,0 +1,140 @@
+Support a per-location nice value. Note that since we now have two different settings
+in the per-dir configuration, we need to introduce a merge function.
+
+Index: httpd-2.2.11/server/mpm/experimental/itk/itk.c
+===================================================================
+--- httpd-2.2.11.orig/server/mpm/experimental/itk/itk.c	2009-04-14 23:29:16.000000000 +0200
++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c	2009-04-14 23:31:05.000000000 +0200
+@@ -156,11 +156,14 @@
+ 
+ static volatile int die_now = 0;
+ 
++#define UNSET_NICE_VALUE 100
++
+ typedef struct
+ {
+     uid_t uid;
+     gid_t gid;
+     char *username;
++    int nice_value;
+ } itk_per_dir_conf;
+ 
+ typedef struct
+@@ -511,6 +514,7 @@
+         CAP_SETUID,
+         CAP_SETGID,
+ 	CAP_DAC_READ_SEARCH,
++        CAP_SYS_NICE,
+     };
+ #endif    
+ 
+@@ -1444,6 +1448,12 @@
+     strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
+     ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
+ 
++    if (dconf->nice_value != UNSET_NICE_VALUE &&
++        setpriority(PRIO_PROCESS, 0, dconf->nice_value)) {
++        _DBG("setpriority(): %s", strerror(errno));
++        err = 1;
++    }
++
+     wanted_uid = dconf->uid;
+     wanted_gid = dconf->gid;
+     wanted_username = dconf->username;
+@@ -1454,7 +1464,7 @@
+         wanted_username = unixd_config.user_name;
+     }
+ 
+-    if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
++    if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
+         if (setgid(wanted_gid)) {
+             _DBG("setgid(%d): %s", wanted_gid, strerror(errno));
+             err = 1;
+@@ -1474,7 +1484,7 @@
+      */
+     if (err) {
+         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
+-            "Couldn't set uid/gid, closing connection.");
++            "Couldn't set uid/gid/priority, closing connection.");
+         ap_lingering_close(r->connection);
+         exit(0);
+     }
+@@ -1630,6 +1640,27 @@
+     return NULL;
+ }
+ 
++static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg)
++{
++    itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
++    int nice_value = atoi(arg);
++
++    if (nice_value < -20) {
++        ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                     "WARNING: NiceValue of %d is below -20, increasing NiceValue to -20.",
++                     nice_value);
++        nice_value = -20;
++    }
++    else if (nice_value > 19) {
++        ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++                     "WARNING: NiceValue of %d is above 19, lowering NiceValue to 19.",
++                     nice_value);
++        nice_value = 19;
++    }
++    dconf->nice_value = nice_value;
++    return NULL;
++}
++
+ static const command_rec itk_cmds[] = {
+ UNIX_DAEMON_COMMANDS,
+ LISTEN_COMMANDS,
+@@ -1647,6 +1678,8 @@
+               "Tie a virtual host to a specific child process."),
+ AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF,
+               "Maximum number of children alive at the same time for this virtual host."),
++AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF,
++              "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."),
+ AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
+ { NULL }
+ };
+@@ -1657,6 +1690,32 @@
+     itk_per_dir_conf *c = (itk_per_dir_conf *)
+         apr_pcalloc(p, sizeof(itk_per_dir_conf));
+     c->uid = c->gid = -1;
++    c->nice_value = UNSET_NICE_VALUE;
++    return c;
++}
++
++/* == merge the parent per-dir config structure into ours == */
++static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr)
++{
++    itk_per_dir_conf *c = (itk_per_dir_conf *)
++        apr_pcalloc(p, sizeof(itk_per_dir_conf));
++    itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr;
++    itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr;
++
++    if (child->username != NULL) {
++      c->username = apr_pstrdup(p, child->username);
++      c->uid = child->uid;
++      c->gid = child->gid;
++    } else if (parent->username != NULL) {
++      c->username = apr_pstrdup(p, parent->username);
++      c->uid = parent->uid;
++      c->gid = parent->gid;
++    }
++    if (child->nice_value != UNSET_NICE_VALUE) {
++      c->nice_value = child->nice_value;
++    } else {
++      c->nice_value = parent->nice_value;
++    }
+     return c;
+ }
+ 
+@@ -1673,7 +1732,7 @@
+     MPM20_MODULE_STUFF,
+     ap_mpm_rewrite_args,        /* hook to run before apache parses args */
+     itk_create_dir_config,      /* create per-directory config structure */
+-    NULL,                       /* merge per-directory config structures */
++    itk_merge_dir_config,       /* merge per-directory config structures */
+     itk_create_server_config,   /* create per-server config structure */
+     NULL,                       /* merge per-server config structures */
+     itk_cmds,                   /* command apr_table_t */

Added: trunk/apache2/mpm-itk/patches/series
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/mpm-itk/patches/series?rev=1016&op=file
==============================================================================
--- trunk/apache2/mpm-itk/patches/series (added)
+++ trunk/apache2/mpm-itk/patches/series Tue Aug  4 08:42:29 2009
@@ -1,0 +1,10 @@
+01-copy-prefork.patch
+02-rename-prefork-to-itk.patch
+03-add-mpm-to-build-system.patch
+04-correct-output-makefile-location.patch
+05-add-copyright.patch
+06-hook-just-after-merging-perdir-config.patch
+07-base-functionality.patch
+08-max-clients-per-vhost.patch
+09-capabilities.patch
+10-nice.patch

Modified: trunk/apache2/rules
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/rules?rev=1016&op=diff
==============================================================================
--- trunk/apache2/rules (original)
+++ trunk/apache2/rules Tue Aug  4 08:42:29 2009
@@ -96,12 +96,12 @@
 
 clean: unpatch
 	dh_testdir
-	rm -rf $(BUILD) mpm-worker mpm-prefork mpm-event install
+	rm -rf $(BUILD) mpm-worker mpm-prefork mpm-event mpm-itk install
 	dh_clean
 
 build: patch-stamp build-stamp 
-build-stamp: patch-stamp mpm-worker mpm-prefork mpm-event
-	for mpm in prefork event ; do \
+build-stamp: patch-stamp mpm-worker mpm-prefork mpm-event mpm-itk
+	for mpm in prefork event itk ; do \
 		if ! diff -u $(BUILD)/$$mpm/mods.list $(BUILD)/worker/mods.list ; then \
 			echo Different modules built into httpd binaries, will not proceed ;\
 			exit 1 ;\
@@ -110,17 +110,40 @@
 	touch $@
 
 
-mpm-worker mpm-prefork mpm-event: mpm-%: patch-stamp mpm-%.scripts-stamp
+mpm-worker mpm-prefork mpm-event mpm-itk: mpm-%: patch-stamp mpm-%.scripts-stamp
 	dh_testdir
 	mkdir -p $(BUILD)/$*
-	if [ $* = worker ] ; then \
-		ENABLE_MODULES="$(AP2_MODS_CONFARGS)" ;\
-	else \
-		ENABLE_MODULES=--enable-modules=none ;\
-	fi ;\
-	cd $(BUILD)/$* ;\
-	CFLAGS="$(AP2_CFLAGS)" LDFLAGS="$(AP2_LDFLAGS)" $(CONFFLAGS) $(REALCURDIR)/configure --srcdir=$(REALCURDIR) $(AP2_COMMON_CONFARGS) $$ENABLE_MODULES --with-mpm=$*  ;\
-	$(MAKE) ;\
+	# we don't want modifications done by itk outside of server/mpm/experimental/itk
+	# to appear in the other mpms. Therefore we copy the whole source tree.
+	set -ex ;										\
+	if [ $* = itk ] ; then 									\
+		cp -a `find . -maxdepth 1 -mindepth 1 -not -name debian` $(BUILD)/$* ;		\
+		cd $(BUILD)/$* ;								\
+		mkdir server/mpm/experimental/itk/ ;						\
+		cp server/mpm/prefork/* server/mpm/experimental/itk/ ;				\
+		mv server/mpm/experimental/itk/prefork.c server/mpm/experimental/itk/itk.c ;	\
+												\
+		for PATCH in `tail -n +2 ../../mpm-itk/patches/series`; do			\
+			echo Applying $$PATCH ... ;						\
+			patch -p1 < ../../mpm-itk/patches/$$PATCH ;				\
+			echo ;									\
+		done ;										\
+												\
+		autoheader ;									\
+		autoconf ;									\
+		CONFIGURE=./configure ;								\
+	else 											\
+		cd $(BUILD)/$* ;								\
+		CONFIGURE="$(REALCURDIR)/configure --srcdir=$(REALCURDIR)" ;			\
+	fi ;											\
+	if [ $* = worker ] ; then 								\
+		ENABLE_MODULES="$(AP2_MODS_CONFARGS)" ;						\
+	else 											\
+		ENABLE_MODULES=--enable-modules=none ;						\
+	fi ;											\
+	CFLAGS="$(AP2_CFLAGS)" LDFLAGS="$(AP2_LDFLAGS)" $(CONFFLAGS) $$CONFIGURE 		\
+		$(AP2_COMMON_CONFARGS) $$ENABLE_MODULES --with-mpm=$*  ;			\
+	$(MAKE) ;										\
 	./apache2 -l |grep -v $* > mods.list
 	touch $@
 
@@ -178,7 +201,7 @@
 	dh_installdirs
 	mkdir -p debian/apache2-src/tmp/apache2
 	find -mindepth 1 -maxdepth 1 -not -name debian -print0 | tar cf - --null -T - | (cd debian/apache2-src/tmp/apache2 && tar xf -)
-	for i in prefork worker event; do \
+	for i in prefork worker event itk; do \
 	  cp debian/build-tree/$$i/config.nice debian/apache2-src/tmp/apache2/config.nice.$$i ; \
 	done
 	cd debian/apache2-src/tmp/ && tar czf ../usr/src/apache2.tar.gz apache2
@@ -257,7 +280,7 @@
 	ln -s a2enmod debian/apache2.2-common/usr/sbin/a2dissite
 	cp debian/default-index.html debian/apache2.2-common/usr/share/apache2/default-site/index.html
 
-	for i in worker prefork event; do \
+	for i in worker prefork event itk; do \
 		rm -rf debian/apache2-mpm-$$i/ ;\
 		mkdir -p debian/apache2-mpm-$$i/usr/sbin ;\
 		mkdir -p debian/apache2-mpm-$$i/usr/lib/debug/usr/sbin ;\
@@ -290,8 +313,11 @@
 	dh_installcron -i -r --name=apache2
 	dh_installchangelogs -i CHANGES -Napache2
 	dh_installchangelogs -papache2 -papache2-suexec -papache2-suexec-custom
+	cp debian/mpm-itk/README debian/apache2.2-common/usr/share/doc/apache2.2-common/README.mpm-itk
+	cp debian/mpm-itk/CHANGES debian/apache2.2-common/usr/share/doc/apache2.2-common/changelog.mpm-itk
+	cp debian/mpm-itk/debian/changelog debian/apache2.2-common/usr/share/doc/apache2.2-common/changelog.mpm-itk.Debian
 	dh_lintian -i
-	for p in apache2-mpm-prefork apache2-mpm-event apache2-mpm-worker apache2; do \
+	for p in apache2-mpm-prefork apache2-mpm-event apache2-mpm-worker apache2-mpm-itk apache2; do \
 		rm -rf debian/$$p/usr/share/doc/$$p ;\
 		ln -s apache2.2-common debian/$$p/usr/share/doc/$$p ;\
 	done




More information about the Pkg-apache-commits mailing list