[apache2] 01/03: Drop the itk package, it is provided as from its own source package in future

Arno Töll atoell-guest at alioth.debian.org
Thu Nov 7 23:26:29 UTC 2013


This is an automated email from the git hooks/post-receive script.

atoell-guest pushed a commit to branch master
in repository apache2.

commit 8e85857c16e22e6ec11ab8f5503bc9c2f49ab0ea
Author: Arno Töll <arno at debian.org>
Date:   Thu Nov 7 22:48:40 2013 +0100

    Drop the itk package, it is provided as from its own source package in future
---
 debian/a2query.in                                  |    2 +-
 debian/apache2.NEWS                                |    5 +
 debian/apache2.postinst                            |    6 +-
 debian/changelog                                   |   10 +-
 debian/config-dir/mods-available/mpm_itk.conf      |   17 -
 debian/config-dir/mods-available/mpm_itk.load      |    2 -
 debian/control                                     |    4 +-
 ...htaccess-reads-for-persistent-connections.patch |   61 --
 debian/patches/itk-rerun-configure.patch           |  784 --------------------
 debian/patches/itk/02-rename-prefork-to-itk.patch  |  294 --------
 debian/patches/itk/05-add-copyright.patch          |   36 -
 debian/patches/itk/07-base-functionality.patch     |  229 ------
 debian/patches/itk/08-max-clients-per-vhost.patch  |   99 ---
 debian/patches/itk/09-capabilities.patch           |   59 --
 debian/patches/itk/10-nice.patch                   |  140 ----
 ...htaccess-reads-for-persistent-connections.patch |   23 -
 debian/patches/itk/README                          |    5 -
 debian/patches/itk/series                          |   12 -
 debian/patches/series                              |   10 -
 debian/rules                                       |   20 +-
 20 files changed, 23 insertions(+), 1795 deletions(-)

diff --git a/debian/a2query.in b/debian/a2query.in
index 219b9ba..47a60f2 100755
--- a/debian/a2query.in
+++ b/debian/a2query.in
@@ -209,7 +209,7 @@ sub load_modules
 		my $file = $_;
 		next if $file !~ m/\.load$/;
 		$file =~ s/\.load//;
-		if ($file =~ /mpm_(\w+)/)
+		if ($file =~ /mpm_(\w+)/ && $file ne 'mpm_itk')
 		{
 			$MPM = $1 if $MPM eq 'invalid';
 			if(grep { $_ =~ m/^mpm_/ } @MODULES)
diff --git a/debian/apache2.NEWS b/debian/apache2.NEWS
index 76a728d..75be4ce 100644
--- a/debian/apache2.NEWS
+++ b/debian/apache2.NEWS
@@ -20,6 +20,11 @@ apache2 (2.4.1-1) unstable; urgency=low
   a2dismod mpm_worker
   a2enmod mpm_prefork
 
+  MPM ITK users should be advised, that ITK is not a MPM anymore. Instead, it
+  is a simple Apache module, expanding functionality of the prefork MPM. Thus,
+  users should switch to the prefork MPM and enable ITK as a module. The
+  upgrade scripts ensure this for the upgrade from Debian Wheezy.
+
   We did change the security model for Apache in our default configuration. We
   do not allow access to the file system outside /var/www and /usr/share.
   If you are running virtual hosts or scripts outside these directories, you
diff --git a/debian/apache2.postinst b/debian/apache2.postinst
index e7e1ac2..f32cc54 100644
--- a/debian/apache2.postinst
+++ b/debian/apache2.postinst
@@ -173,7 +173,11 @@ enable_default_mpm()
 			;;
 
 			apache2-mpm-itk)
-				mpm="mpm_itk"
+                                # apache2-mpm-itk is installed, which is a
+                                # transitional package depending on
+                                # libapache2-mpm-itk which will enable itself
+                                # in its maintainer scripts.
+                                mpm="mpm_prefork"
 			;;
 
 			*)
diff --git a/debian/changelog b/debian/changelog
index 3751673..fbfa0ee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,8 +25,16 @@ apache2 (2.4.6-4) UNRELEASED; urgency=low
   * Add a virtual provides line to the itk/worker/event/prefork transitional
     packages so that people with an unusual (unsupported) Apache setup
     can upgrade neatless in some corner cases (Closes: #728937)
+  * Drop the Apache ITK patches. The Apache ITK MPM is a standalone package
+    now and will be provided by libapache2-mpm-itk in future. The
+    apache2-mpm-itk package depends on this package from now on. Users of itk
+    are advised to consult the itk manual.
+  * Remove Steinar H. Gunderson from uploaders, he will continue to support
+    itk in his own package in future. The remaining Apache team thanks Steinar
+    for all the work in the past.
 
- -- Arno Töll <arno at debian.org>  Thu, 07 Nov 2013 14:21:10 +0100
+
+ -- Arno Töll <arno at debian.org>  Thu, 07 Nov 2013 22:46:29 +0100
 
 apache2 (2.4.6-3) unstable; urgency=low
 
diff --git a/debian/config-dir/mods-available/mpm_itk.conf b/debian/config-dir/mods-available/mpm_itk.conf
deleted file mode 100644
index c85b5ab..0000000
--- a/debian/config-dir/mods-available/mpm_itk.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# itk MPM
-# StartServers: number of server processes to start
-# MinSpareServers: minimum number of server processes which are kept spare
-# MaxSpareServers: maximum number of server processes which are kept spare
-# MaxRequestWorkers: maximum number of server processes allowed to start
-# MaxConnectionsPerChild: maximum number of requests a server process serves
-# XXX adjust!
-
-<IfModule mpm_itk_module>
-	StartServers			 5
-	MinSpareServers		  5
-	MaxSpareServers		 10
-	MaxRequestWorkers	  150
-	MaxConnectionsPerChild   0
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/debian/config-dir/mods-available/mpm_itk.load b/debian/config-dir/mods-available/mpm_itk.load
deleted file mode 100644
index d9203f1..0000000
--- a/debian/config-dir/mods-available/mpm_itk.load
+++ /dev/null
@@ -1,2 +0,0 @@
-# Conflicts: mpm_event mpm_worker mpm_prefork
-LoadModule mpm_itk_module /usr/lib/apache2/modules/mod_mpm_itk.so
diff --git a/debian/control b/debian/control
index 3affc67..1ebff44 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: apache2
 Section: httpd
 Priority: optional
 Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
-Uploaders: Stefan Fritsch <sf at debian.org>, Steinar H. Gunderson <sesse at debian.org>, Arno Töll <arno at debian.org>
+Uploaders: Stefan Fritsch <sf at debian.org>, Arno Töll <arno at debian.org>
 Build-Depends: debhelper (>= 8.9.7~), lsb-release, dpkg-dev (>= 1.16.1~),
  libaprutil1-dev (>= 1.5.0), libapr1-dev, libpcre3-dev, zlib1g-dev,
  libssl-dev (>= 0.9.8m), libcap-dev [linux-any], perl,
@@ -101,7 +101,7 @@ Architecture: any
 Section: oldlibs
 Priority: extra
 Provides: httpd, httpd-cgi
-Depends: ${misc:Depends}, apache2 (= ${binary:Version})
+Depends: ${misc:Depends}, apache2 (= ${binary:Version}), libapache2-mpm-itk
 Description: transitional itk MPM package for apache2
  This is a transitional package to apache2 for users of apache2-mpm-itk and
  can be safely removed after the installation is complete.
diff --git a/debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch b/debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch
deleted file mode 100644
index 647a5d4..0000000
--- a/debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Fix an itk issue where users can sometimes get spurious 403s on persistent
-connections (the description in the comments explains the logic).
-This would particularly hit people with reverse proxies, since these
-have a higher tendency of accessing things from different vhosts in
-the same connection.
-
---- a/server/config.c
-+++ b/server/config.c
-@@ -52,6 +52,10 @@
- #include "util_varbuf.h"
- #include "mpm_common.h"
- 
-+#include "http_connection.h"
-+#include <unistd.h>
-+#include <sys/types.h>
-+
- #define APLOG_UNSET   (APLOG_NO_MODULE - 1)
- /* we know core's module_index is 0 */
- #undef APLOG_MODULE_INDEX
-@@ -69,6 +73,8 @@
- 
- AP_DECLARE_DATA ap_directive_t *ap_conftree = NULL;
- 
-+AP_DECLARE_DATA int ap_running_under_mpm_itk = 0;
-+
- APR_HOOK_STRUCT(
-            APR_HOOK_LINK(header_parser)
-            APR_HOOK_LINK(pre_config)
-@@ -2138,6 +2144,32 @@
-         else {
-             if (!APR_STATUS_IS_ENOENT(status)
-                 && !APR_STATUS_IS_ENOTDIR(status)) {
-+                /*
-+                 * If we are in a persistent connection, we might end up in a state
-+                 * where we can no longer read .htaccess files because we have already
-+                 * setuid(). This can either be because the previous request was for
-+                 * another vhost (basically the same problem as when setuid() fails in
-+                 * itk.c), or it can be because a .htaccess file is readable only by
-+                 * root.
-+                 *
-+                 * In any case, we don't want to give out a 403, since the request has
-+                 * a very real chance of succeeding on a fresh connection (where
-+                 * presumably uid=0). Thus, we give up serving the request on this
-+                 * TCP connection, and do a hard close of the socket. As long as we're
-+                 * in a persistent connection (and there _should_ not be a way this
-+                 * would happen on the first request in a connection, save for subrequests,
-+                 * which we special-case), this is allowed, as it is what happens on
-+                 * a timeout. The browser will simply open a new connection and try
-+                 * again (there's of course a performance hit, though, both due to
-+                 * the new connection setup and the fork() of a new server child).
-+                 */
-+                if (ap_running_under_mpm_itk && r->main == NULL && getuid() != 0) {
-+                    ap_log_rerror(APLOG_MARK, APLOG_WARNING, status, r,
-+                                  "Couldn't read %s, closing connection.",
-+                                  filename);
-+                    ap_lingering_close(r->connection);
-+                    exit(0);
-+                }
-                 ap_log_rerror(APLOG_MARK, APLOG_CRIT, status, r, APLOGNO(00529)
-                               "%s pcfg_openfile: unable to check htaccess file, "
-                               "ensure it is readable and that '%s' "
diff --git a/debian/patches/itk-rerun-configure.patch b/debian/patches/itk-rerun-configure.patch
deleted file mode 100644
index d2cf19a..0000000
--- a/debian/patches/itk-rerun-configure.patch
+++ /dev/null
@@ -1,784 +0,0 @@
-# the analogon of running autoheader; autoconf, which is a pain to clean up
-#
-# To refresh this,
-# - unpack apr+apr-util in srclib/apr{,-util}
-# - run 'fakeroot debian/rules server/mpm/itk/.stamp'
-# - run 'buildconf'
---- a/configure
-+++ b/configure
-@@ -1983,6 +1983,10 @@
-                           default. MPM={event|worker|prefork|winnt} This will
-                           be statically linked as the only available MPM
-                           unless --enable-mpms-shared is also specified.
-+  --with-mpm=MPM          Choose the process model for Apache to use by
-+                          default. MPM={event|worker|prefork|winnt|itk} This
-+                          will be statically linked as the only available MPM
-+                          unless --enable-mpms-shared is also specified.
-   --with-module=module-type:module-file
-                           Enable module-file in the modules/<module-type>
-                           directory.
-@@ -25865,6 +25869,27 @@
- 
- fi
- 
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if itk MPM supports this platform" >&5
-+$as_echo_n "checking if itk MPM supports this platform... " >&6; }
-+if test $forking_mpms_supported != yes; then
-+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - This is not a forking platform" >&5
-+$as_echo "no - This is not a forking platform" >&6; }
-+else
-+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }
-+
-+    if test "yes" = "yes"; then
-+        eval "ap_supported_mpm_itk=shared"
-+        ap_supported_shared_mpms="$ap_supported_shared_mpms itk "
-+    else
-+        eval "ap_supported_mpm_itk=static"
-+    fi
-+    if test "no" = "yes"; then
-+        eval "ap_threaded_mpm_itk=yes"
-+    fi
-+
-+fi
-+
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if mpmt_os2 MPM supports this platform" >&5
- $as_echo_n "checking if mpmt_os2 MPM supports this platform... " >&6; }
- case $host in
-@@ -27480,6 +27505,182 @@
- 
- 
- 
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which MPM to use by default" >&5
-+$as_echo_n "checking which MPM to use by default... " >&6; }
-+
-+# Check whether --with-mpm was given.
-+if test "${with_mpm+set}" = set; then :
-+  withval=$with_mpm;
-+    default_mpm=$withval
-+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-+$as_echo "$withval" >&6; };
-+
-+else
-+
-+                if ap_mpm_is_supported "winnt"; then
-+        default_mpm=winnt
-+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: winnt" >&5
-+$as_echo "winnt" >&6; }
-+    elif ap_mpm_is_supported "mpmt_os2"; then
-+        default_mpm=mpmt_os2
-+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: mpmt_os2" >&5
-+$as_echo "mpmt_os2" >&6; }
-+    elif ap_mpm_is_supported "event"; then
-+        default_mpm=event
-+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: event" >&5
-+$as_echo "event" >&6; }
-+    elif ap_mpm_is_supported "worker"; then
-+        default_mpm=worker
-+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: worker - event is not supported" >&5
-+$as_echo "worker - event is not supported" >&6; }
-+    else
-+        default_mpm=prefork
-+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: prefork - event and worker are not supported" >&5
-+$as_echo "prefork - event and worker are not supported" >&6; }
-+    fi
-+
-+fi
-+
-+
-+
-+    if ap_mpm_is_enabled $default_mpm; then
-+        :
-+    else
-+        eval "ap_enabled_mpm_$default_mpm=yes"
-+        ap_enabled_mpms="$ap_enabled_mpms $default_mpm "
-+    fi
-+
-+
-+# Check whether --enable-mpms-shared was given.
-+if test "${enable_mpms_shared+set}" = set; then :
-+  enableval=$enable_mpms_shared;
-+    if test "$enableval" = "no"; then
-+        mpm_build=static
-+    else
-+        mpm_build=shared
-+        if test "$enableval" = "yes"; then
-+            enableval=$default_mpm
-+        fi
-+        for i in $enableval; do
-+            if test "$i" = "all"; then
-+                for j in $ap_supported_shared_mpms; do
-+                    eval "enable_mpm_$j=shared"
-+
-+    if ap_mpm_is_enabled $j; then
-+        :
-+    else
-+        eval "ap_enabled_mpm_$j=yes"
-+        ap_enabled_mpms="$ap_enabled_mpms $j "
-+    fi
-+
-+                done
-+            else
-+                i=`echo $i | sed 's/-/_/g'`
-+                if ap_mpm_supports_shared $i; then
-+                    eval "enable_mpm_$i=shared"
-+
-+    if ap_mpm_is_enabled $i; then
-+        :
-+    else
-+        eval "ap_enabled_mpm_$i=yes"
-+        ap_enabled_mpms="$ap_enabled_mpms $i "
-+    fi
-+
-+                else
-+                    as_fn_error $? "MPM $i does not support dynamic loading." "$LINENO" 5
-+                fi
-+            fi
-+        done
-+    fi
-+
-+else
-+  mpm_build=static
-+fi
-+
-+
-+for i in $ap_enabled_mpms; do
-+    if ap_mpm_is_supported $i; then
-+        :
-+    else
-+        as_fn_error $? "MPM $i is not supported on this platform." "$LINENO" 5
-+    fi
-+    if test "$i" = "itk" ; then
-+        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_init in -lcap" >&5
-+$as_echo_n "checking for cap_init in -lcap... " >&6; }
-+if ${ac_cv_lib_cap_cap_init+:} false; then :
-+  $as_echo_n "(cached) " >&6
-+else
-+  ac_check_lib_save_LIBS=$LIBS
-+LIBS="-lcap  $LIBS"
-+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h.  */
-+
-+/* Override any GCC internal prototype to avoid an error.
-+   Use char because int might match the return type of a GCC
-+   builtin and then its argument prototype would still apply.  */
-+#ifdef __cplusplus
-+extern "C"
-+#endif
-+char cap_init ();
-+int
-+main ()
-+{
-+return cap_init ();
-+  ;
-+  return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+  ac_cv_lib_cap_cap_init=yes
-+else
-+  ac_cv_lib_cap_cap_init=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+    conftest$ac_exeext conftest.$ac_ext
-+LIBS=$ac_check_lib_save_LIBS
-+fi
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_cap_init" >&5
-+$as_echo "$ac_cv_lib_cap_cap_init" >&6; }
-+if test "x$ac_cv_lib_cap_cap_init" = xyes; then :
-+  cat >>confdefs.h <<_ACEOF
-+#define HAVE_LIBCAP 1
-+_ACEOF
-+
-+  LIBS="-lcap $LIBS"
-+
-+fi
-+
-+    fi
-+done
-+
-+if test $mpm_build = "shared"; then
-+    eval "tmp=\$enable_mpm_$default_mpm"
-+    if test "$tmp" != "shared"; then
-+        as_fn_error $? "The default MPM ($default_mpm) must be included in --enable-mpms-shared.  Use --with-mpm to change the default MPM." "$LINENO" 5
-+    fi
-+fi
-+
-+
-+  APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES server/mpm/Makefile"
-+
-+
-+if test $mpm_build = "shared"; then
-+    MPM_LIB=""
-+else
-+    MPM_LIB=server/mpm/$default_mpm/lib${default_mpm}.la
-+    MODLIST="$MODLIST mpm_${default_mpm}"
-+fi
-+
-+MPM_SUBDIRS=$ap_enabled_mpms
-+
-+  APACHE_VAR_SUBST="$APACHE_VAR_SUBST MPM_SUBDIRS"
-+
-+
-+
-+  APACHE_VAR_SUBST="$APACHE_VAR_SUBST MPM_LIB"
-+
-+
-+
- 
- 
-   APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_MPM_EVENT_LDADD"
-@@ -27570,6 +27771,77 @@
- 
- 
- 
-+    if ap_mpm_is_enabled itk; then
-+        if test -z ""; then
-+            objects="itk.lo"
-+        else
-+            objects=""
-+        fi
-+
-+        if test -z ""; then
-+            mpmpath="server/mpm/itk"
-+        else
-+            mpmpath=
-+        fi
-+
-+                test -d $mpmpath || $srcdir/build/mkdir.sh $mpmpath
-+
-+
-+  APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $mpmpath/Makefile"
-+
-+
-+        if test -z "$enable_mpm_itk"; then
-+
-+  if test "x$AP_LIBS" = "x"; then
-+    test "x$silent" != "xyes" && echo "  setting AP_LIBS to \"\""
-+    AP_LIBS=""
-+  else
-+    apr_addto_bugger=""
-+    for i in $apr_addto_bugger; do
-+      apr_addto_duplicate="0"
-+      for j in $AP_LIBS; do
-+        if test "x$i" = "x$j"; then
-+          apr_addto_duplicate="1"
-+          break
-+        fi
-+      done
-+      if test $apr_addto_duplicate = "0"; then
-+        test "x$silent" != "xyes" && echo "  adding \"$i\" to AP_LIBS"
-+        AP_LIBS="$AP_LIBS $i"
-+      fi
-+    done
-+  fi
-+
-+            libname="libitk.la"
-+            cat >$mpmpath/modules.mk<<EOF
-+$libname: $objects
-+	\$(MOD_LINK) $objects
-+DISTCLEAN_TARGETS = modules.mk
-+static = $libname
-+shared =
-+EOF
-+        else
-+            apache_need_shared=yes
-+            libname="mod_mpm_itk.la"
-+            shobjects=`echo $objects | sed 's/\.lo/.slo/g'`
-+            cat >$mpmpath/modules.mk<<EOF
-+$libname: $shobjects
-+	\$(SH_LINK) -rpath \$(libexecdir) -module -avoid-version $objects
-+DISTCLEAN_TARGETS = modules.mk
-+static =
-+shared = $libname
-+EOF
-+            # add default MPM to LoadModule list
-+            if test itk = $default_mpm; then
-+                DSO_MODULES="$DSO_MODULES mpm_itk"
-+                ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_itk"
-+            fi
-+        fi
-+
-+    fi
-+
-+
-+
-     if ap_mpm_is_enabled prefork; then
-         if test -z ""; then
-             objects="prefork.lo"
-@@ -27811,6 +28083,7 @@
- 
- if ap_mpm_is_enabled "worker" \
-    || ap_mpm_is_enabled "event" \
-+   || ap_mpm_is_enabled "itk" \
-    || ap_mpm_is_enabled "prefork"; then
-     unixd_mods_enable=yes
- else
-@@ -30038,6 +30311,371 @@
- 
- 
- 
-+
-+
-+  current_dir=arch/unix
-+  modpath_current=modules/arch/unix
-+  modpath_static=
-+  modpath_shared=
-+  for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do
-+    eval MOD_$var=
-+  done
-+  test -d arch/unix || $srcdir/build/mkdir.sh $modpath_current
-+  > $modpath_current/modules.mk
-+
-+
-+if ap_mpm_is_enabled "worker" \
-+   || ap_mpm_is_enabled "event" \
-+   || ap_mpm_is_enabled "prefork"; then
-+    unixd_mods_enable=yes
-+else
-+    unixd_mods_enable=no
-+fi
-+
-+
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_unixd" >&5
-+$as_echo_n "checking whether to enable mod_unixd... " >&6; }
-+    # Check whether --enable-unixd was given.
-+if test "${enable_unixd+set}" = set; then :
-+  enableval=$enable_unixd; force_unixd=$enableval
-+else
-+  enable_unixd=$unixd_mods_enable
-+fi
-+
-+    _apmod_extra_msg=""
-+        case "$enable_unixd" in
-+    yes|static|shared)
-+      _apmod_required="yes"
-+      ;;
-+    *)
-+      case "$module_selection" in
-+      reallyall|all|most)
-+        _apmod_required="no"
-+        ;;
-+      *)
-+        _apmod_required="yes"
-+        ;;
-+      esac
-+  esac
-+  if test "$enable_unixd" = "static"; then
-+    enable_unixd=static
-+  elif test "$enable_unixd" = "yes"; then
-+    enable_unixd=$module_default
-+  elif test "$enable_unixd" = "most"; then
-+    if test "$module_selection" = "most" -o "$module_selection" = "all" -o \
-+            "$module_selection" = "reallyall"
-+    then
-+      enable_unixd=$module_default
-+    elif test "$module_selection" = "few" -o "$module_selection" = "none"; then
-+      enable_unixd=no
-+    fi
-+    _apmod_extra_msg=" ($module_selection)"
-+  elif test "$enable_unixd" = "maybe-all"; then
-+    if test "$module_selection" = "all" -o "$module_selection" = "reallyall"
-+    then
-+      enable_unixd=$module_default
-+      _apmod_extra_msg=" ($module_selection)"
-+    else
-+      enable_unixd=no
-+    fi
-+  elif test "$enable_unixd" = "no" -a "$module_selection" = "reallyall" -a \
-+            "$force_unixd" != "no" ; then
-+      enable_unixd=$module_default
-+      _apmod_extra_msg=" ($module_selection)"
-+  fi
-+  if test "$enable_unixd" != "no"; then
-+            :
-+  fi
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_unixd$_apmod_extra_msg" >&5
-+$as_echo "$enable_unixd$_apmod_extra_msg" >&6; }
-+  if test "$enable_unixd" != "no"; then
-+    case "$enable_unixd" in
-+    static*)
-+      MODLIST="$MODLIST unixd"
-+      if test "unixd" = "so"; then
-+          sharedobjs=yes
-+      fi
-+      shared="";;
-+    *)
-+      enable_unixd=`echo $enable_unixd|sed 's/shared,*//'`
-+      sharedobjs=yes
-+      shared=yes
-+      DSO_MODULES="$DSO_MODULES unixd"
-+      if test "$unixd_mods_enable" = "yes" ; then
-+        ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},unixd"
-+      fi
-+      ;;
-+    esac
-+
-+
-+  if test -z ""; then
-+    objects="mod_unixd.lo"
-+  else
-+    objects=""
-+  fi
-+
-+  if test -z "$module_standalone"; then
-+    if test -z "$shared"; then
-+      # The filename of a convenience library must have a "lib" prefix:
-+      libname="libmod_unixd.la"
-+      BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname"
-+      modpath_static="$modpath_static $libname"
-+      cat >>$modpath_current/modules.mk<<EOF
-+$libname: $objects
-+	\$(MOD_LINK) $objects \$(MOD_UNIXD_LDADD)
-+EOF
-+      if test ! -z "\$(MOD_UNIXD_LDADD)"; then
-+
-+  if test "x$AP_LIBS" = "x"; then
-+    test "x$silent" != "xyes" && echo "  setting AP_LIBS to \"\$(MOD_UNIXD_LDADD)\""
-+    AP_LIBS="\$(MOD_UNIXD_LDADD)"
-+  else
-+    apr_addto_bugger="\$(MOD_UNIXD_LDADD)"
-+    for i in $apr_addto_bugger; do
-+      apr_addto_duplicate="0"
-+      for j in $AP_LIBS; do
-+        if test "x$i" = "x$j"; then
-+          apr_addto_duplicate="1"
-+          break
-+        fi
-+      done
-+      if test $apr_addto_duplicate = "0"; then
-+        test "x$silent" != "xyes" && echo "  adding \"$i\" to AP_LIBS"
-+        AP_LIBS="$AP_LIBS $i"
-+      fi
-+    done
-+  fi
-+
-+      fi
-+    else
-+      apache_need_shared=yes
-+      libname="mod_unixd.la"
-+      shobjects=`echo $objects | sed 's/\.lo/.slo/g'`
-+      modpath_shared="$modpath_shared $libname"
-+      cat >>$modpath_current/modules.mk<<EOF
-+$libname: $shobjects
-+	\$(SH_LINK) -rpath \$(libexecdir) -module -avoid-version  $objects \$(MOD_UNIXD_LDADD)
-+EOF
-+    fi
-+  fi
-+
-+
-+  APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_UNIXD_LDADD"
-+
-+
-+
-+  fi
-+
-+
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_privileges" >&5
-+$as_echo_n "checking whether to enable mod_privileges... " >&6; }
-+    # Check whether --enable-privileges was given.
-+if test "${enable_privileges+set}" = set; then :
-+  enableval=$enable_privileges; force_privileges=$enableval
-+else
-+  enable_privileges=no
-+fi
-+
-+    _apmod_extra_msg=""
-+        case "$enable_privileges" in
-+    yes|static|shared)
-+      _apmod_required="yes"
-+      ;;
-+    *)
-+      case "$module_selection" in
-+      reallyall|all|most)
-+        _apmod_required="no"
-+        ;;
-+      *)
-+        _apmod_required="yes"
-+        ;;
-+      esac
-+  esac
-+  if test "$enable_privileges" = "static"; then
-+    enable_privileges=static
-+  elif test "$enable_privileges" = "yes"; then
-+    enable_privileges=$module_default
-+  elif test "$enable_privileges" = "most"; then
-+    if test "$module_selection" = "most" -o "$module_selection" = "all" -o \
-+            "$module_selection" = "reallyall"
-+    then
-+      enable_privileges=$module_default
-+    elif test "$module_selection" = "few" -o "$module_selection" = "none"; then
-+      enable_privileges=no
-+    fi
-+    _apmod_extra_msg=" ($module_selection)"
-+  elif test "$enable_privileges" = "maybe-all"; then
-+    if test "$module_selection" = "all" -o "$module_selection" = "reallyall"
-+    then
-+      enable_privileges=$module_default
-+      _apmod_extra_msg=" ($module_selection)"
-+    else
-+      enable_privileges=no
-+    fi
-+  elif test "$enable_privileges" = "no" -a "$module_selection" = "reallyall" -a \
-+            "$force_privileges" != "no" ; then
-+      enable_privileges=$module_default
-+      _apmod_extra_msg=" ($module_selection)"
-+  fi
-+  if test "$enable_privileges" != "no"; then
-+            { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5
-+$as_echo "checking dependencies" >&6; }
-+            :
-+
-+  for ac_header in priv.h
-+do :
-+  ac_fn_c_check_header_mongrel "$LINENO" "priv.h" "ac_cv_header_priv_h" "$ac_includes_default"
-+if test "x$ac_cv_header_priv_h" = xyes; then :
-+  cat >>confdefs.h <<_ACEOF
-+#define HAVE_PRIV_H 1
-+_ACEOF
-+ ap_HAVE_PRIV_H="yes"
-+else
-+  ap_HAVE_PRIV_H="no"
-+fi
-+
-+done
-+
-+  if test $ap_HAVE_PRIV_H = "no"; then
-+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your system does not support privileges." >&5
-+$as_echo "$as_me: WARNING: Your system does not support privileges." >&2;}
-+    enable_privileges="no"
-+  fi
-+
-+            :
-+            { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_privileges" >&5
-+$as_echo_n "checking whether to enable mod_privileges... " >&6; }
-+            if test "$enable_privileges" = "no"; then
-+              if test "$_apmod_required" = "no"; then
-+                _apmod_extra_msg=" (disabled)"
-+              else
-+                as_fn_error $? "mod_privileges has been requested but can not be built due to prerequisite failures" "$LINENO" 5
-+              fi
-+            fi
-+  fi
-+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_privileges$_apmod_extra_msg" >&5
-+$as_echo "$enable_privileges$_apmod_extra_msg" >&6; }
-+  if test "$enable_privileges" != "no"; then
-+    case "$enable_privileges" in
-+    static*)
-+      MODLIST="$MODLIST privileges"
-+      if test "privileges" = "so"; then
-+          sharedobjs=yes
-+      fi
-+      shared="";;
-+    *)
-+      enable_privileges=`echo $enable_privileges|sed 's/shared,*//'`
-+      sharedobjs=yes
-+      shared=yes
-+      DSO_MODULES="$DSO_MODULES privileges"
-+      if test "no" = "yes" ; then
-+        ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},privileges"
-+      fi
-+      ;;
-+    esac
-+
-+
-+  if test -z ""; then
-+    objects="mod_privileges.lo"
-+  else
-+    objects=""
-+  fi
-+
-+  if test -z "$module_standalone"; then
-+    if test -z "$shared"; then
-+      # The filename of a convenience library must have a "lib" prefix:
-+      libname="libmod_privileges.la"
-+      BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname"
-+      modpath_static="$modpath_static $libname"
-+      cat >>$modpath_current/modules.mk<<EOF
-+$libname: $objects
-+	\$(MOD_LINK) $objects \$(MOD_PRIVILEGES_LDADD)
-+EOF
-+      if test ! -z "\$(MOD_PRIVILEGES_LDADD)"; then
-+
-+  if test "x$AP_LIBS" = "x"; then
-+    test "x$silent" != "xyes" && echo "  setting AP_LIBS to \"\$(MOD_PRIVILEGES_LDADD)\""
-+    AP_LIBS="\$(MOD_PRIVILEGES_LDADD)"
-+  else
-+    apr_addto_bugger="\$(MOD_PRIVILEGES_LDADD)"
-+    for i in $apr_addto_bugger; do
-+      apr_addto_duplicate="0"
-+      for j in $AP_LIBS; do
-+        if test "x$i" = "x$j"; then
-+          apr_addto_duplicate="1"
-+          break
-+        fi
-+      done
-+      if test $apr_addto_duplicate = "0"; then
-+        test "x$silent" != "xyes" && echo "  adding \"$i\" to AP_LIBS"
-+        AP_LIBS="$AP_LIBS $i"
-+      fi
-+    done
-+  fi
-+
-+      fi
-+    else
-+      apache_need_shared=yes
-+      libname="mod_privileges.la"
-+      shobjects=`echo $objects | sed 's/\.lo/.slo/g'`
-+      modpath_shared="$modpath_shared $libname"
-+      cat >>$modpath_current/modules.mk<<EOF
-+$libname: $shobjects
-+	\$(SH_LINK) -rpath \$(libexecdir) -module -avoid-version  $objects \$(MOD_PRIVILEGES_LDADD)
-+EOF
-+    fi
-+  fi
-+
-+
-+  APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_PRIVILEGES_LDADD"
-+
-+
-+
-+  fi
-+
-+
-+
-+  if test "x$INCLUDES" = "x"; then
-+    test "x$silent" != "xyes" && echo "  setting INCLUDES to \"-I\$(top_srcdir)/$modpath_current\""
-+    INCLUDES="-I\$(top_srcdir)/$modpath_current"
-+  else
-+    apr_addto_bugger="-I\$(top_srcdir)/$modpath_current"
-+    for i in $apr_addto_bugger; do
-+      apr_addto_duplicate="0"
-+      for j in $INCLUDES; do
-+        if test "x$i" = "x$j"; then
-+          apr_addto_duplicate="1"
-+          break
-+        fi
-+      done
-+      if test $apr_addto_duplicate = "0"; then
-+        test "x$silent" != "xyes" && echo "  adding \"$i\" to INCLUDES"
-+        INCLUDES="$INCLUDES $i"
-+      fi
-+    done
-+  fi
-+
-+
-+
-+  echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk
-+  echo "static = $modpath_static" >> $modpath_current/modules.mk
-+  echo "shared = $modpath_shared" >> $modpath_current/modules.mk
-+  for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do
-+    if eval val=\"\$MOD_$var\"; test -n "$val"; then
-+      echo "MOD_$var = $val" >> $modpath_current/modules.mk
-+    fi
-+  done
-+  if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then
-+    MODULE_DIRS="$MODULE_DIRS $current_dir"
-+  else
-+    MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir"
-+  fi
-+
-+  APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile"
-+
-+
-+
-+
- 
-     if ap_mpm_is_enabled mpmt_os2; then
-         if test -z "mpmt_os2.lo mpmt_os2_child.lo"; then
---- a/include/ap_config_auto.h.in
-+++ b/include/ap_config_auto.h.in
-@@ -103,6 +103,9 @@
- /* Define to 1 if you have the `kqueue' function. */
- #undef HAVE_KQUEUE
- 
-+/* Define to 1 if you have the `cap' library (-lcap). */
-+#undef HAVE_LIBCAP
-+
- /* Define to 1 if you have the <limits.h> header file. */
- #undef HAVE_LIMITS_H
- 
---- a/build/ltmain.sh
-+++ b/build/ltmain.sh
-@@ -70,7 +70,7 @@
- #         compiler:		$LTCC
- #         compiler flags:		$LTCFLAGS
- #         linker:		$LD (gnu? $with_gnu_ld)
--#         $progname:	(GNU libtool) 2.4.2
-+#         $progname:	(GNU libtool) 2.4.2 Debian-2.4.2-1.3
- #         automake:	$automake_version
- #         autoconf:	$autoconf_version
- #
-@@ -80,7 +80,7 @@
- 
- PROGRAM=libtool
- PACKAGE=libtool
--VERSION=2.4.2
-+VERSION="2.4.2 Debian-2.4.2-1.3"
- TIMESTAMP=""
- package_revision=1.3337
- 
-@@ -5851,10 +5851,9 @@
-       # -tp=*                Portland pgcc target processor selection
-       # --sysroot=*          for sysroot support
-       # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
--      # -stdlib=*            select c++ std lib with clang
-       -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
-       -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
--      -O*|-flto*|-fwhopr*|-fuse-linker-plugin|-stdlib=*)
-+      -O*|-flto*|-fwhopr*|-fuse-linker-plugin)
-         func_quote_for_eval "$arg"
- 	arg="$func_quote_for_eval_result"
-         func_append compile_command " $arg"
-@@ -6125,7 +6124,10 @@
- 	case $pass in
- 	dlopen) libs="$dlfiles" ;;
- 	dlpreopen) libs="$dlprefiles" ;;
--	link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
-+	link)
-+	  libs="$deplibs %DEPLIBS%"
-+	  test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
-+	  ;;
- 	esac
-       fi
-       if test "$linkmode,$pass" = "lib,dlpreopen"; then
-@@ -6445,19 +6447,19 @@
- 	    # It is a libtool convenience library, so add in its objects.
- 	    func_append convenience " $ladir/$objdir/$old_library"
- 	    func_append old_convenience " $ladir/$objdir/$old_library"
-+	    tmp_libs=
-+	    for deplib in $dependency_libs; do
-+	      deplibs="$deplib $deplibs"
-+	      if $opt_preserve_dup_deps ; then
-+		case "$tmp_libs " in
-+		*" $deplib "*) func_append specialdeplibs " $deplib" ;;
-+		esac
-+	      fi
-+	      func_append tmp_libs " $deplib"
-+	    done
- 	  elif test "$linkmode" != prog && test "$linkmode" != lib; then
- 	    func_fatal_error "\`$lib' is not a convenience library"
- 	  fi
--	  tmp_libs=
--	  for deplib in $dependency_libs; do
--	    deplibs="$deplib $deplibs"
--	    if $opt_preserve_dup_deps ; then
--	      case "$tmp_libs " in
--	      *" $deplib "*) func_append specialdeplibs " $deplib" ;;
--	      esac
--	    fi
--	    func_append tmp_libs " $deplib"
--	  done
- 	  continue
- 	fi # $pass = conv
- 
-@@ -7350,6 +7352,9 @@
- 	    revision="$number_minor"
- 	    lt_irix_increment=no
- 	    ;;
-+	  *)
-+	    func_fatal_configuration "$modename: unknown library version type \`$version_type'"
-+	    ;;
- 	  esac
- 	  ;;
- 	no)
diff --git a/debian/patches/itk/02-rename-prefork-to-itk.patch b/debian/patches/itk/02-rename-prefork-to-itk.patch
deleted file mode 100644
index 19c76de..0000000
--- a/debian/patches/itk/02-rename-prefork-to-itk.patch
+++ /dev/null
@@ -1,294 +0,0 @@
-Rename prefork to itk in the copy that was created in 01-copy-prefork.patch.
-
-Index: httpd-2.4.1/server/mpm/itk/config.m4
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/config.m4
-+++ httpd-2.4.1/server/mpm/itk/config.m4
-@@ -1,7 +1,7 @@
--AC_MSG_CHECKING(if prefork MPM supports this platform)
-+AC_MSG_CHECKING(if itk MPM supports this platform)
- if test $forking_mpms_supported != yes; then
-     AC_MSG_RESULT(no - This is not a forking platform)
- else
-     AC_MSG_RESULT(yes)
--    APACHE_MPM_SUPPORTED(prefork, yes, no)
-+    APACHE_MPM_SUPPORTED(itk, yes, no)
- fi
-Index: httpd-2.4.1/server/mpm/itk/config3.m4
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/config3.m4
-+++ httpd-2.4.1/server/mpm/itk/config3.m4
-@@ -1 +1 @@
--APACHE_MPM_MODULE(prefork, $enable_mpm_prefork)
-+APACHE_MPM_MODULE(itk, $enable_mpm_itk)
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -95,11 +95,11 @@ static int server_limit = 0;
- static int mpm_state = AP_MPMQ_STARTING;
- static ap_pod_t *pod;
- 
--/* data retained by prefork across load/unload of the module
-+/* data retained by itk across load/unload of the module
-  * allocated on first call to pre-config hook; located on
-  * subsequent calls to pre-config hook
-  */
--typedef struct prefork_retained_data {
-+typedef struct itk_retained_data {
-     int first_server_limit;
-     int module_loads;
-     ap_generation_t my_generation;
-@@ -122,8 +122,8 @@ typedef struct prefork_retained_data {
- #define MAX_SPAWN_RATE  (32)
- #endif
-     int hold_off_on_exponential_spawning;
--} prefork_retained_data;
--static prefork_retained_data *retained;
-+} itk_retained_data;
-+static itk_retained_data *retained;
- 
- #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
- 
-@@ -189,7 +189,7 @@ static void chdir_for_gprof(void)
- #define chdir_for_gprof()
- #endif
- 
--static void prefork_note_child_killed(int childnum, pid_t pid,
-+static void itk_note_child_killed(int childnum, pid_t pid,
-                                       ap_generation_t gen)
- {
-     AP_DEBUG_ASSERT(childnum != -1); /* no scoreboard squatting with this MPM */
-@@ -200,7 +200,7 @@ static void prefork_note_child_killed(in
-     ap_scoreboard_image->parent[childnum].pid = 0;
- }
- 
--static void prefork_note_child_started(int slot, pid_t pid)
-+static void itk_note_child_started(int slot, pid_t pid)
- {
-     ap_scoreboard_image->parent[slot].pid = pid;
-     ap_run_child_status(ap_server_conf,
-@@ -219,7 +219,7 @@ static void clean_child_exit(int code)
-     }
- 
-     if (one_process) {
--        prefork_note_child_killed(/* slot */ 0, 0, 0);
-+        itk_note_child_killed(/* slot */ 0, 0, 0);
-     }
- 
-     ap_mpm_pod_close(pod);
-@@ -277,7 +277,7 @@ static void accept_mutex_off(void)
- #define SAFE_ACCEPT(stmt) do {stmt;} while(0)
- #endif
- 
--static int prefork_query(int query_code, int *result, apr_status_t *rv)
-+static int itk_query(int query_code, int *result, apr_status_t *rv)
- {
-     *rv = APR_SUCCESS;
-     switch(query_code){
-@@ -330,9 +330,9 @@ static int prefork_query(int query_code,
-     return OK;
- }
- 
--static const char *prefork_get_name(void)
-+static const char *itk_get_name(void)
- {
--    return "prefork";
-+    return "itk";
- }
- 
- /*****************************************************************
-@@ -735,7 +735,7 @@ static int make_child(server_rec *s, int
-         apr_signal(SIGQUIT, SIG_DFL);
- #endif
-         apr_signal(SIGTERM, sig_term);
--        prefork_note_child_started(slot, getpid());
-+        itk_note_child_started(slot, getpid());
-         child_main(slot);
-         /* NOTREACHED */
-     }
-@@ -793,7 +793,7 @@ static int make_child(server_rec *s, int
-         child_main(slot);
-     }
- 
--    prefork_note_child_started(slot, pid);
-+    itk_note_child_started(slot, pid);
- 
-     return 0;
- }
-@@ -914,7 +914,7 @@ static void perform_idle_server_maintena
-  * Executive routines.
-  */
- 
--static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
-+static int itk_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
- {
-     int index;
-     int remaining_children_to_start;
-@@ -1029,7 +1029,7 @@ static int prefork_run(apr_pool_t *_pcon
-             if (child_slot >= 0) {
-                 (void) ap_update_child_status_from_indexes(child_slot, 0, SERVER_DEAD,
-                                                            (request_rec *) NULL);
--                prefork_note_child_killed(child_slot, 0, 0);
-+                itk_note_child_killed(child_slot, 0, 0);
-                 if (processed_status == APEXIT_CHILDSICK) {
-                     /* child detected a resource shortage (E[NM]FILE, ENOBUFS, etc)
-                      * cut the fork rate to the minimum
-@@ -1094,7 +1094,7 @@ static int prefork_run(apr_pool_t *_pcon
-             ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, APLOGNO(00168) "killpg SIGTERM");
-         }
-         ap_reclaim_child_processes(1, /* Start with SIGTERM */
--                                   prefork_note_child_killed);
-+                                   itk_note_child_killed);
- 
-         /* cleanup pid file on normal shutdown */
-         ap_remove_pid(pconf, ap_pid_fname);
-@@ -1128,7 +1128,7 @@ static int prefork_run(apr_pool_t *_pcon
-         }
- 
-         /* Allow each child which actually finished to exit */
--        ap_relieve_child_processes(prefork_note_child_killed);
-+        ap_relieve_child_processes(itk_note_child_killed);
- 
-         /* cleanup pid file */
-         ap_remove_pid(pconf, ap_pid_fname);
-@@ -1147,7 +1147,7 @@ static int prefork_run(apr_pool_t *_pcon
-             sleep(1);
- 
-             /* Relieve any children which have now exited */
--            ap_relieve_child_processes(prefork_note_child_killed);
-+            ap_relieve_child_processes(itk_note_child_killed);
- 
-             active_children = 0;
-             for (index = 0; index < ap_daemons_limit; ++index) {
-@@ -1216,7 +1216,7 @@ static int prefork_run(apr_pool_t *_pcon
-             ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, APLOGNO(00172) "killpg SIGHUP");
-         }
-         ap_reclaim_child_processes(0, /* Not when just starting up */
--                                   prefork_note_child_killed);
-+                                   itk_note_child_killed);
-         ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, APLOGNO(00173)
-                     "SIGHUP received.  Attempting to restart");
-     }
-@@ -1227,7 +1227,7 @@ static int prefork_run(apr_pool_t *_pcon
- /* This really should be a post_config hook, but the error log is already
-  * redirected by that point, so we need to do this in the open_logs phase.
-  */
--static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
-+static int itk_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
- {
-     int startup = 0;
-     int level_flags = 0;
-@@ -1257,11 +1257,11 @@ static int prefork_open_logs(apr_pool_t
-     return OK;
- }
- 
--static int prefork_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
-+static int itk_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
- {
-     int no_detach, debug, foreground;
-     apr_status_t rv;
--    const char *userdata_key = "mpm_prefork_module";
-+    const char *userdata_key = "mpm_itk_module";
- 
-     mpm_state = AP_MPMQ_STARTING;
- 
-@@ -1315,7 +1315,7 @@ static int prefork_pre_config(apr_pool_t
-     return OK;
- }
- 
--static int prefork_check_config(apr_pool_t *p, apr_pool_t *plog,
-+static int itk_check_config(apr_pool_t *p, apr_pool_t *plog,
-                                 apr_pool_t *ptemp, server_rec *s)
- {
-     int startup = 0;
-@@ -1401,7 +1401,7 @@ static int prefork_check_config(apr_pool
-         ap_daemons_limit = 1;
-     }
- 
--    /* ap_daemons_to_start > ap_daemons_limit checked in prefork_run() */
-+    /* ap_daemons_to_start > ap_daemons_limit checked in itk_run() */
-     if (ap_daemons_to_start < 0) {
-         if (startup) {
-             ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_STARTUP, 0, NULL, APLOGNO(00184)
-@@ -1432,12 +1432,12 @@ static int prefork_check_config(apr_pool
-         ap_daemons_min_free = 1;
-     }
- 
--    /* ap_daemons_max_free < ap_daemons_min_free + 1 checked in prefork_run() */
-+    /* ap_daemons_max_free < ap_daemons_min_free + 1 checked in itk_run() */
- 
-     return OK;
- }
- 
--static void prefork_hooks(apr_pool_t *p)
-+static void itk_hooks(apr_pool_t *p)
- {
-     /* Our open_logs hook function must run before the core's, or stderr
-      * will be redirected to a file, and the messages won't print to the
-@@ -1445,15 +1445,15 @@ static void prefork_hooks(apr_pool_t *p)
-      */
-     static const char *const aszSucc[] = {"core.c", NULL};
- 
--    ap_hook_open_logs(prefork_open_logs, NULL, aszSucc, APR_HOOK_REALLY_FIRST);
-+    ap_hook_open_logs(itk_open_logs, NULL, aszSucc, APR_HOOK_REALLY_FIRST);
-     /* we need to set the MPM state before other pre-config hooks use MPM query
-      * to retrieve it, so register as REALLY_FIRST
-      */
--    ap_hook_pre_config(prefork_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
--    ap_hook_check_config(prefork_check_config, NULL, NULL, APR_HOOK_MIDDLE);
--    ap_hook_mpm(prefork_run, NULL, NULL, APR_HOOK_MIDDLE);
--    ap_hook_mpm_query(prefork_query, NULL, NULL, APR_HOOK_MIDDLE);
--    ap_hook_mpm_get_name(prefork_get_name, NULL, NULL, APR_HOOK_MIDDLE);
-+    ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
-+    ap_hook_check_config(itk_check_config, NULL, NULL, APR_HOOK_MIDDLE);
-+    ap_hook_mpm(itk_run, NULL, NULL, APR_HOOK_MIDDLE);
-+    ap_hook_mpm_query(itk_query, NULL, NULL, APR_HOOK_MIDDLE);
-+    ap_hook_mpm_get_name(itk_get_name, NULL, NULL, APR_HOOK_MIDDLE);
- }
- 
- static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg)
-@@ -1515,7 +1515,7 @@ static const char *set_server_limit (cmd
-     return NULL;
- }
- 
--static const command_rec prefork_cmds[] = {
-+static const command_rec itk_cmds[] = {
- LISTEN_COMMANDS,
- AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
-               "Number of child processes launched at server startup"),
-@@ -1533,13 +1533,13 @@ AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
- { NULL }
- };
- 
--AP_DECLARE_MODULE(mpm_prefork) = {
-+AP_DECLARE_MODULE(mpm_itk) = {
-     MPM20_MODULE_STUFF,
-     NULL,                       /* hook to run before apache parses args */
-     NULL,                       /* create per-directory config structure */
-     NULL,                       /* merge per-directory config structures */
-     NULL,                       /* create per-server config structure */
-     NULL,                       /* merge per-server config structures */
--    prefork_cmds,               /* command apr_table_t */
--    prefork_hooks,              /* register hooks */
-+    itk_cmds,                   /* command apr_table_t */
-+    itk_hooks,                  /* register hooks */
- };
-Index: httpd-2.4.1/server/mpm/itk/mpm_default.h
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/mpm_default.h
-+++ httpd-2.4.1/server/mpm/itk/mpm_default.h
-@@ -15,10 +15,10 @@
-  */
- 
- /**
-- * @file  prefork/mpm_default.h
-- * @brief Prefork MPM defaults
-+ * @file  itk/mpm_default.h
-+ * @brief ITK MPM defaults
-  *
-- * @defgroup APACHE_MPM_PREFORK Prefork MPM
-+ * @defgroup APACHE_MPM_ITK Apache ITK
-  * @ingroup APACHE_INTERNAL
-  * @{
-  */
diff --git a/debian/patches/itk/05-add-copyright.patch b/debian/patches/itk/05-add-copyright.patch
deleted file mode 100644
index 0528ec9..0000000
--- a/debian/patches/itk/05-add-copyright.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Add copyright notices, as the next patches are going to add code.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -12,6 +12,12 @@
-  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  * See the License for the specific language governing permissions and
-  * limitations under the License.
-+ * 
-+ * Portions copyright 2005-2012 Steinar H. Gunderson <sgunderson at bigfoot.com>.
-+ * Licensed under the same terms as the rest of Apache.
-+ *
-+ * Portions copyright 2008 Knut Auvor Grythe <knut at auvor.no>.
-+ * Licensed under the same terms as the rest of Apache.
-  */
- 
- #include "apr.h"
-Index: httpd-2.4.1/server/mpm/itk/mpm_default.h
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/mpm_default.h
-+++ httpd-2.4.1/server/mpm/itk/mpm_default.h
-@@ -12,6 +12,12 @@
-  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  * See the License for the specific language governing permissions and
-  * limitations under the License.
-+ * 
-+ * Portions copyright 2005-2012 Steinar H. Gunderson <sgunderson at bigfoot.com>.
-+ * Licensed under the same terms as the rest of Apache.
-+ *
-+ * Portions copyright 2008 Knut Auvor Grythe <knut at auvor.no>.
-+ * Licensed under the same terms as the rest of Apache.
-  */
- 
- /**
diff --git a/debian/patches/itk/07-base-functionality.patch b/debian/patches/itk/07-base-functionality.patch
deleted file mode 100644
index d48edbb..0000000
--- a/debian/patches/itk/07-base-functionality.patch
+++ /dev/null
@@ -1,229 +0,0 @@
-Add the base functionality of mpm_itk over prefork; parse the new configuration
-options, fork on each new connection, and setuid() as required.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -26,6 +26,11 @@
- #include "apr_thread_proc.h"
- #include "apr_signal.h"
- 
-+# define _DBG(text,par...) \
-+    ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
-+                "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \
-+                getpid(), getuid(), getgid(), __FUNCTION__, par)
-+
- #define APR_WANT_STDIO
- #define APR_WANT_STRFUNC
- #include "apr_want.h"
-@@ -64,6 +69,9 @@
- #include <signal.h>
- #include <sys/times.h>
- 
-+/* Import our private hook. */
-+AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r))
-+
- /* Limit on the total --- clients will be locked out if more servers than
-  * this are needed.  It is intended solely to keep the server from crashing
-  * when things get out of hand.
-@@ -153,6 +161,15 @@ static pid_t ap_my_pid; /* it seems sill
- static pid_t parent_pid;
- static int my_child_num;
- 
-+typedef struct
-+{
-+    uid_t uid;
-+    gid_t gid;
-+    char *username;
-+} itk_per_dir_conf;
-+
-+module AP_MODULE_DECLARE_DATA mpm_itk_module;
-+
- #ifdef GPROF
- /*
-  * change directory for gprof to plop the gmon.out file
-@@ -542,10 +559,6 @@ static void child_main(int child_num_arg
-         clean_child_exit(APEXIT_CHILDFATAL);
-     }
- 
--    if (ap_run_drop_privileges(pchild, ap_server_conf)) {
--        clean_child_exit(APEXIT_CHILDFATAL);
--    }
--
-     ap_run_child_init(pchild, ap_server_conf);
- 
-     ap_create_sb_handle(&sbh, pchild, my_child_num, 0);
-@@ -695,13 +708,40 @@ static void child_main(int child_num_arg
-          * socket options, file descriptors, and read/write buffers.
-          */
- 
--        current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
--        if (current_conn) {
-+        {
-+            pid_t pid = fork(), child_pid;
-+            int status;
-+            switch (pid) {
-+            case -1:
-+                ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork: Unable to fork new process");
-+                break;
-+            case 0: /* child */
-+                current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
-+                if (current_conn) {
- #if APR_HAS_THREADS
--            current_conn->current_thread = thd;
-+                    current_conn->current_thread = thd;
- #endif
--            ap_process_connection(current_conn, csd);
--            ap_lingering_close(current_conn);
-+                    ap_process_connection(current_conn, csd);
-+                    ap_lingering_close(current_conn);
-+                }
-+                exit(0);
-+            default: /* parent; just wait for child to be done */
-+                do {
-+                    child_pid = waitpid(pid, &status, 0);
-+                } while (child_pid == -1 && errno == EINTR);
-+
-+                if (child_pid != pid || !WIFEXITED(status)) {
-+                    if (WIFSIGNALED(status)) {
-+                        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status));
-+                    } else if (WEXITSTATUS(status) != 0) {
-+                        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child exited with non-zero exit status %u", WEXITSTATUS(status));
-+                    } else {
-+                        ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "waitpid() failed");
-+                    }
-+                    clean_child_exit(1);
-+                }
-+                break;
-+            }
-         }
- 
-         /* Check the pod and the generation number after processing a
-@@ -719,6 +759,10 @@ static void child_main(int child_num_arg
-              */
-             die_now = 1;
-         }
-+
-+        /* if we have already setuid(), die (we can't be used anyhow) */
-+        if (getuid())
-+            die_now = 1;
-     }
-     apr_pool_clear(ptrans); /* kludge to avoid crash in APR reslist cleanup code */
-     clean_child_exit(0);
-@@ -1443,6 +1487,56 @@ static int itk_check_config(apr_pool_t *
-     return OK;
- }
- 
-+static int itk_post_perdir_config(request_rec *r)
-+{
-+    uid_t wanted_uid;
-+    gid_t wanted_gid;
-+    const char *wanted_username;
-+    int err = 0;
-+
-+    itk_per_dir_conf *dconf =
-+        (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
-+
-+    strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
-+    ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
-+
-+    wanted_uid = dconf->uid;
-+    wanted_gid = dconf->gid;
-+    wanted_username = dconf->username;
-+
-+    if (wanted_uid == -1 || wanted_gid == -1) {
-+        wanted_uid = ap_unixd_config.user_id;
-+        wanted_gid = ap_unixd_config.group_id;
-+        wanted_username = ap_unixd_config.user_name;
-+    }
-+
-+    if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
-+        if (setgid(wanted_gid)) {
-+            _DBG("setgid(%d): %s", wanted_gid, strerror(errno));
-+            err = 1;
-+        } else if (initgroups(wanted_username, wanted_gid)) {
-+            _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno));
-+            err = 1;
-+        } else if (setuid(wanted_uid)) {
-+            _DBG("setuid(%d): %s", wanted_uid, strerror(errno));
-+            err = 1;
-+        }
-+    }
-+
-+    /*
-+     * Most likely a case of switching uid/gid within a persistent
-+     * connection; the RFCs allow us to just close the connection
-+     * at anytime, so we excercise our right. :-)
-+     */
-+    if (err) {
-+        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
-+            "Couldn't set uid/gid, closing connection.");
-+        ap_lingering_close(r->connection);
-+        exit(0);
-+    }
-+    return OK;
-+}
-+
- static void itk_hooks(apr_pool_t *p)
- {
-     /* Our open_logs hook function must run before the core's, or stderr
-@@ -1460,6 +1554,9 @@ static void itk_hooks(apr_pool_t *p)
-     ap_hook_mpm(itk_run, NULL, NULL, APR_HOOK_MIDDLE);
-     ap_hook_mpm_query(itk_query, NULL, NULL, APR_HOOK_MIDDLE);
-     ap_hook_mpm_get_name(itk_get_name, NULL, NULL, APR_HOOK_MIDDLE);
-+
-+    /* set the uid as fast as possible, but not before merging per-dit config */
-+    ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
- }
- 
- static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg)
-@@ -1521,6 +1618,21 @@ static const char *set_server_limit (cmd
-     return NULL;
- }
- 
-+static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name)
-+{
-+    itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
-+
-+    const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
-+    if (err) {
-+        return err;
-+    }
-+
-+    dconf->username = apr_pstrdup(cmd->pool, user_name);
-+    dconf->uid = ap_uname2id(user_name);
-+    dconf->gid = ap_gname2id(group_name);
-+    return NULL;
-+}
-+
- static const command_rec itk_cmds[] = {
- LISTEN_COMMANDS,
- AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
-@@ -1535,14 +1647,25 @@ AP_INIT_TAKE1("MaxRequestWorkers", set_m
-               "Maximum number of children alive at the same time"),
- AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF,
-               "Maximum value of MaxRequestWorkers for this run of Apache"),
-+AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF,
-+              "Tie a virtual host to a specific child process."),
- AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
- { NULL }
- };
- 
-+/* == allocate a private per-dir config structure == */
-+static void *itk_create_dir_config(apr_pool_t *p, char *dummy)
-+{
-+    itk_per_dir_conf *c = (itk_per_dir_conf *)
-+        apr_pcalloc(p, sizeof(itk_per_dir_conf));
-+    c->uid = c->gid = -1;
-+    return c;
-+}
-+
- AP_DECLARE_MODULE(mpm_itk) = {
-     MPM20_MODULE_STUFF,
-     NULL,                       /* hook to run before apache parses args */
--    NULL,                       /* create per-directory config structure */
-+    itk_create_dir_config,      /* create per-directory config structure */
-     NULL,                       /* merge per-directory config structures */
-     NULL,                       /* create per-server config structure */
-     NULL,                       /* merge per-server config structures */
diff --git a/debian/patches/itk/08-max-clients-per-vhost.patch b/debian/patches/itk/08-max-clients-per-vhost.patch
deleted file mode 100644
index 8953217..0000000
--- a/debian/patches/itk/08-max-clients-per-vhost.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-Enforce the per-vhost server limit. Note that this is per-vhost, not
-per-directory (since it works by reading the scoreboard), so we need to add
-per-server configuration data.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -168,6 +168,11 @@ typedef struct
-     char *username;
- } itk_per_dir_conf;
- 
-+typedef struct
-+{
-+    int max_clients_vhost;
-+} itk_server_conf;
-+
- module AP_MODULE_DECLARE_DATA mpm_itk_module;
- 
- #ifdef GPROF
-@@ -1493,9 +1498,29 @@ static int itk_post_perdir_config(reques
-     gid_t wanted_gid;
-     const char *wanted_username;
-     int err = 0;
-+    
-+    itk_server_conf *sconf =
-+        (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module);
-+    itk_per_dir_conf *dconf;
-+
-+    /* Enforce MaxClientsVhost. */
-+    if (sconf->max_clients_vhost > 0) {
-+        int i, num_other_servers = 0;
-+        for (i = 0; i < ap_daemons_limit; ++i) {
-+            worker_score *ws = &ap_scoreboard_image->servers[i][0];
-+            if (ws->status >= SERVER_BUSY_READ && strncmp(ws->vhost, r->server->server_hostname, 31) == 0)
-+                ++num_other_servers;
-+        }
- 
--    itk_per_dir_conf *dconf =
--        (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
-+        if (num_other_servers > sconf->max_clients_vhost) {
-+            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
-+                "MaxClientsVhost reached for %s, refusing client.",
-+                r->server->server_hostname);
-+            return HTTP_SERVICE_UNAVAILABLE;
-+        }
-+    }
-+
-+    dconf = (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
- 
-     strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
-     ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
-@@ -1633,6 +1658,14 @@ static const char *assign_user_id (cmd_p
-     return NULL;
- }
- 
-+static const char *set_max_clients_vhost (cmd_parms *cmd, void *dummy, const char *arg)   
-+{
-+    itk_server_conf *sconf =
-+        (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module);
-+    sconf->max_clients_vhost = atoi(arg);
-+    return NULL;
-+}
-+
- static const command_rec itk_cmds[] = {
- LISTEN_COMMANDS,
- AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
-@@ -1649,6 +1682,8 @@ AP_INIT_TAKE1("ServerLimit", set_server_
-               "Maximum value of MaxRequestWorkers for this run of Apache"),
- AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF,
-               "Tie a virtual host to a specific child process."),
-+AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF,
-+              "Maximum number of children alive at the same time for this virtual host."),
- AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
- { NULL }
- };
-@@ -1662,12 +1697,21 @@ static void *itk_create_dir_config(apr_p
-     return c;
- }
- 
-+/* == allocate a private server config structure == */
-+static void *itk_create_server_config(apr_pool_t *p, server_rec *s)
-+{
-+    itk_server_conf *c = (itk_server_conf *)
-+        apr_pcalloc(p, sizeof(itk_server_conf));
-+    c->max_clients_vhost = -1;
-+    return c;
-+}
-+
- AP_DECLARE_MODULE(mpm_itk) = {
-     MPM20_MODULE_STUFF,
-     NULL,                       /* hook to run before apache parses args */
-     itk_create_dir_config,      /* create per-directory config structure */
-     NULL,                       /* merge per-directory config structures */
--    NULL,                       /* create per-server config structure */
-+    itk_create_server_config,   /* create per-server config structure */
-     NULL,                       /* merge per-server config structures */
-     itk_cmds,                   /* command apr_table_t */
-     itk_hooks,                  /* register hooks */
diff --git a/debian/patches/itk/09-capabilities.patch b/debian/patches/itk/09-capabilities.patch
deleted file mode 100644
index 3093587..0000000
--- a/debian/patches/itk/09-capabilities.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Use Linux' capability system to run as a sort of "lesser root"; we drop nearly
-all root privilegies except the ability to setuid. An attacker capable of injecting
-code will still be able to run as any (normal) user on the system, but at least
-he/she cannot directly load kernel code etc.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -66,6 +66,10 @@
- #include <sys/processor.h> /* for bindprocessor() */
- #endif
- 
-+#if HAVE_LIBCAP
-+#include <sys/capability.h>
-+#endif
-+
- #include <signal.h>
- #include <sys/times.h>
- 
-@@ -522,6 +526,15 @@ static void child_main(int child_num_arg
-     int last_poll_idx = 0;
-     const char *lockfile;
- 
-+#if HAVE_LIBCAP
-+    cap_t caps;
-+    cap_value_t suidcaps[] = {
-+        CAP_SETUID,
-+        CAP_SETGID,
-+        CAP_DAC_READ_SEARCH,
-+    };
-+#endif    
-+
-     mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this
-                                    * child initializes
-                                    */
-@@ -596,6 +609,22 @@ static void child_main(int child_num_arg
-         lr->accept_func = ap_unixd_accept;
-     }
- 
-+#if HAVE_LIBCAP
-+    /* Drop as many privileges as we can. We'll still
-+     * access files with uid=0, and we can setuid() to anything, but
-+     * at least there's tons of other evilness (like loading kernel
-+     * modules) we can't do directly.  (The setuid() capability will
-+     * go away automatically when we setuid() or exec() -- the former
-+     * is likely to come first.)
-+     */
-+    caps = cap_init();
-+    cap_clear(caps);
-+    cap_set_flag(caps, CAP_PERMITTED, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET);
-+    cap_set_flag(caps, CAP_EFFECTIVE, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET);
-+    cap_set_proc(caps);
-+    cap_free(caps);
-+#endif    
-+
-     mpm_state = AP_MPMQ_RUNNING;
- 
-     bucket_alloc = apr_bucket_alloc_create(pchild);
diff --git a/debian/patches/itk/10-nice.patch b/debian/patches/itk/10-nice.patch
deleted file mode 100644
index c2f9c3d..0000000
--- a/debian/patches/itk/10-nice.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-Support a per-location nice value. Note that since we now have two different settings
-in the per-dir configuration, we need to introduce a merge function.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -165,11 +165,14 @@ static pid_t ap_my_pid; /* it seems sill
- static pid_t parent_pid;
- static int my_child_num;
- 
-+#define UNSET_NICE_VALUE 100
-+
- typedef struct
- {
-     uid_t uid;
-     gid_t gid;
-     char *username;
-+    int nice_value;
- } itk_per_dir_conf;
- 
- typedef struct
-@@ -532,6 +535,7 @@ static void child_main(int child_num_arg
-         CAP_SETUID,
-         CAP_SETGID,
-         CAP_DAC_READ_SEARCH,
-+        CAP_SYS_NICE,
-     };
- #endif    
- 
-@@ -1554,6 +1558,12 @@ static int itk_post_perdir_config(reques
-     strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
-     ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
- 
-+    if (dconf->nice_value != UNSET_NICE_VALUE &&
-+        setpriority(PRIO_PROCESS, 0, dconf->nice_value)) {
-+        _DBG("setpriority(): %s", strerror(errno));
-+        err = 1;
-+    }
-+
-     wanted_uid = dconf->uid;
-     wanted_gid = dconf->gid;
-     wanted_username = dconf->username;
-@@ -1564,7 +1574,7 @@ static int itk_post_perdir_config(reques
-         wanted_username = ap_unixd_config.user_name;
-     }
- 
--    if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
-+    if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
-         if (setgid(wanted_gid)) {
-             _DBG("setgid(%d): %s", wanted_gid, strerror(errno));
-             err = 1;
-@@ -1584,7 +1594,7 @@ static int itk_post_perdir_config(reques
-      */
-     if (err) {
-         ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
--            "Couldn't set uid/gid, closing connection.");
-+            "Couldn't set uid/gid/priority, closing connection.");
-         ap_lingering_close(r->connection);
-         exit(0);
-     }
-@@ -1695,6 +1705,27 @@ static const char *set_max_clients_vhost
-     return NULL;
- }
- 
-+static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg)
-+{
-+    itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
-+    int nice_value = atoi(arg);
-+
-+    if (nice_value < -20) {
-+        ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
-+                     "WARNING: NiceValue of %d is below -20, increasing NiceValue to -20.",
-+                     nice_value);
-+        nice_value = -20;
-+    }
-+    else if (nice_value > 19) {
-+        ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
-+                     "WARNING: NiceValue of %d is above 19, lowering NiceValue to 19.",
-+                     nice_value);
-+        nice_value = 19;
-+    }
-+    dconf->nice_value = nice_value;
-+    return NULL;
-+}
-+
- static const command_rec itk_cmds[] = {
- LISTEN_COMMANDS,
- AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
-@@ -1713,6 +1744,8 @@ AP_INIT_TAKE2("AssignUserID", assign_use
-               "Tie a virtual host to a specific child process."),
- AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF,
-               "Maximum number of children alive at the same time for this virtual host."),
-+AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF,
-+              "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."),
- AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
- { NULL }
- };
-@@ -1723,6 +1756,32 @@ static void *itk_create_dir_config(apr_p
-     itk_per_dir_conf *c = (itk_per_dir_conf *)
-         apr_pcalloc(p, sizeof(itk_per_dir_conf));
-     c->uid = c->gid = -1;
-+    c->nice_value = UNSET_NICE_VALUE;
-+    return c;
-+}
-+
-+/* == merge the parent per-dir config structure into ours == */
-+static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr)
-+{
-+    itk_per_dir_conf *c = (itk_per_dir_conf *)
-+        itk_create_dir_config(p, NULL);
-+    itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr;
-+    itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr;
-+
-+    if (child->username != NULL) {
-+      c->username = child->username;
-+      c->uid = child->uid;
-+      c->gid = child->gid;
-+    } else {
-+      c->username = parent->username;
-+      c->uid = parent->uid;
-+      c->gid = parent->gid;
-+    }
-+    if (child->nice_value != UNSET_NICE_VALUE) {
-+      c->nice_value = child->nice_value;
-+    } else {
-+      c->nice_value = parent->nice_value;
-+    }
-     return c;
- }
- 
-@@ -1739,7 +1798,7 @@ AP_DECLARE_MODULE(mpm_itk) = {
-     MPM20_MODULE_STUFF,
-     NULL,                       /* hook to run before apache parses args */
-     itk_create_dir_config,      /* create per-directory config structure */
--    NULL,                       /* merge per-directory config structures */
-+    itk_merge_dir_config,       /* merge per-directory config structures */
-     itk_create_server_config,   /* create per-server config structure */
-     NULL,                       /* merge per-server config structures */
-     itk_cmds,                   /* command apr_table_t */
diff --git a/debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch b/debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch
deleted file mode 100644
index b8033a6..0000000
--- a/debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-To work around an issue where users can sometimes get spurious 403s on
-persistent connections the server needs to know it is running itk:
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -181,6 +181,7 @@ typedef struct
- } itk_server_conf;
- 
- module AP_MODULE_DECLARE_DATA mpm_itk_module;
-+extern AP_DECLARE_DATA int ap_running_under_mpm_itk;
- 
- #ifdef GPROF
- /*
-@@ -543,6 +544,7 @@ static void child_main(int child_num_arg
-                                    * child initializes
-                                    */
- 
-+    ap_running_under_mpm_itk = 1;
-     my_child_num = child_num_arg;
-     ap_my_pid = getpid();
-     requests_this_child = 0;
diff --git a/debian/patches/itk/README b/debian/patches/itk/README
deleted file mode 100644
index 7fbbeb1..0000000
--- a/debian/patches/itk/README
+++ /dev/null
@@ -1,5 +0,0 @@
-This is a prerelease version of mpm-itk against Apache 2.4.1.
-It is barely tested at all; use with caution.
-
-Follow the mpm-itk mailing list (http://lists.err.no/mailman/listinfo/mpm-itk)
-for a production 2.4 release.
diff --git a/debian/patches/itk/series b/debian/patches/itk/series
deleted file mode 100644
index c2af971..0000000
--- a/debian/patches/itk/series
+++ /dev/null
@@ -1,12 +0,0 @@
-#00-fix-bug-52904.patch
-#01-copy-prefork.patch
-02-rename-prefork-to-itk.patch
-#03-add-mpm-to-build-system.patch
-05-add-copyright.patch
-#06-hook-just-after-merging-perdir-config.patch
-07-base-functionality.patch
-08-max-clients-per-vhost.patch
-09-capabilities.patch
-10-nice.patch
-11-fix-htaccess-reads-for-persistent-connections.patch
-#99-rerun-configure.patch
diff --git a/debian/patches/series b/debian/patches/series
index 019f931..4d3cd0d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,14 +6,4 @@ suexec-CVE-2007-1742.patch
 customize_apxs.patch
 build_suexec-custom.patch
 open_htaccess_hook.patch
-# The patch below must not be applied by quilt at extraction time.  It depends
-# on some script-fu to be executed before. Have a look
-# to debian/rules' prepare-custom-suexec target.
-# If you're aware of that you can uncomment it at any time later and work on it
-# as you wish. However, it must be shipped commented out in the final package.
-#suexec-custom.patch
-# some changes to the core needed for itk:
-add-itk-to-build-system.patch
-itk-fix-htaccess-reads-for-persistent-connections.patch
-itk-rerun-configure.patch
 fix_CHANGES
diff --git a/debian/rules b/debian/rules
index 9a3bf41..b15ef25 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,16 +24,6 @@ support/suexec-custom.c: support/suexec.c debian/patches/suexec-custom.patch
 	cp support/suexec.c support/suexec-custom.c
 	patch -p1 -i debian/patches/suexec-custom.patch
 
-server/mpm/itk/.stamp:
-	mkdir server/mpm/itk/
-	cp server/mpm/prefork/* server/mpm/itk/
-	mv server/mpm/itk/prefork.c server/mpm/itk/itk.c
-	set -ex; for p in $$(grep -v '^#' debian/patches/itk/series) ; do \
-		echo Applying $$p ... ;\
-		patch -p1 -i debian/patches/itk/$$p ;\
-	done
-	touch "$@"
-
 prebuild-checks:
 	ERRS="" ;\
 	for a in $$(find debian/config-dir/ -type f) ; do \
@@ -86,7 +76,7 @@ generate-maintainer-scripts:
 clean build build-arch build-indep binary binary-arch binary-indep: %:
 	dh $@ --parallel --with autotools_dev
 
-override_dh_auto_configure: generate-maintainer-scripts prebuild-checks server/mpm/itk/.stamp support/suexec-custom.c
+override_dh_auto_configure: generate-maintainer-scripts prebuild-checks support/suexec-custom.c
 	./configure --enable-layout=Debian --enable-so --with-program-name=apache2 \
 		--enable-suexec --with-suexec-caller=www-data \
 		--with-suexec-bin=/usr/lib/apache2/suexec --with-suexec-docroot=/var/www \
@@ -102,13 +92,6 @@ override_dh_auto_configure: generate-maintainer-scripts prebuild-checks server/m
 		LTFLAGS="$(AP2_LTFLAGS)"
 
 
-ifeq ($(DEB_HOST_ARCH_OS),linux)
-	# XXX Hack to make mod_mpm_itk.so link against libcap until we
-	# XXX move itk to a separate package
-	echo "$(DEB_HOST_ARCH_OS): non weird arch: adding -lcap"
-	perl -p -i -e 's/(-avoid-version)/$$1 -lcap/' server/mpm/itk/modules.mk
-endif
-
 override_dh_install: clean-config-vars prepare-scripts
 	dh_install --list-missing
 
@@ -171,7 +154,6 @@ override_dh_builddeb:
 
 override_dh_auto_clean:
 	dh_auto_clean
-	if test -d server/mpm/itk ; then rm -r server/mpm/itk ; fi
 
 override_dh_gencontrol:
 	dh_gencontrol  -p libapache2-mod-proxy-html -- -v1:$(DEBIAN_VERSION)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git



More information about the Pkg-apache-commits mailing list