[apache2] 01/03: Drop the itk package, it is provided as from its own source package in future
Arno Töll
atoell-guest at alioth.debian.org
Thu Nov 7 23:26:29 UTC 2013
This is an automated email from the git hooks/post-receive script.
atoell-guest pushed a commit to branch master
in repository apache2.
commit 8e85857c16e22e6ec11ab8f5503bc9c2f49ab0ea
Author: Arno Töll <arno at debian.org>
Date: Thu Nov 7 22:48:40 2013 +0100
Drop the itk package, it is provided as from its own source package in future
---
debian/a2query.in | 2 +-
debian/apache2.NEWS | 5 +
debian/apache2.postinst | 6 +-
debian/changelog | 10 +-
debian/config-dir/mods-available/mpm_itk.conf | 17 -
debian/config-dir/mods-available/mpm_itk.load | 2 -
debian/control | 4 +-
...htaccess-reads-for-persistent-connections.patch | 61 --
debian/patches/itk-rerun-configure.patch | 784 --------------------
debian/patches/itk/02-rename-prefork-to-itk.patch | 294 --------
debian/patches/itk/05-add-copyright.patch | 36 -
debian/patches/itk/07-base-functionality.patch | 229 ------
debian/patches/itk/08-max-clients-per-vhost.patch | 99 ---
debian/patches/itk/09-capabilities.patch | 59 --
debian/patches/itk/10-nice.patch | 140 ----
...htaccess-reads-for-persistent-connections.patch | 23 -
debian/patches/itk/README | 5 -
debian/patches/itk/series | 12 -
debian/patches/series | 10 -
debian/rules | 20 +-
20 files changed, 23 insertions(+), 1795 deletions(-)
diff --git a/debian/a2query.in b/debian/a2query.in
index 219b9ba..47a60f2 100755
--- a/debian/a2query.in
+++ b/debian/a2query.in
@@ -209,7 +209,7 @@ sub load_modules
my $file = $_;
next if $file !~ m/\.load$/;
$file =~ s/\.load//;
- if ($file =~ /mpm_(\w+)/)
+ if ($file =~ /mpm_(\w+)/ && $file ne 'mpm_itk')
{
$MPM = $1 if $MPM eq 'invalid';
if(grep { $_ =~ m/^mpm_/ } @MODULES)
diff --git a/debian/apache2.NEWS b/debian/apache2.NEWS
index 76a728d..75be4ce 100644
--- a/debian/apache2.NEWS
+++ b/debian/apache2.NEWS
@@ -20,6 +20,11 @@ apache2 (2.4.1-1) unstable; urgency=low
a2dismod mpm_worker
a2enmod mpm_prefork
+ MPM ITK users should be advised, that ITK is not a MPM anymore. Instead, it
+ is a simple Apache module, expanding functionality of the prefork MPM. Thus,
+ users should switch to the prefork MPM and enable ITK as a module. The
+ upgrade scripts ensure this for the upgrade from Debian Wheezy.
+
We did change the security model for Apache in our default configuration. We
do not allow access to the file system outside /var/www and /usr/share.
If you are running virtual hosts or scripts outside these directories, you
diff --git a/debian/apache2.postinst b/debian/apache2.postinst
index e7e1ac2..f32cc54 100644
--- a/debian/apache2.postinst
+++ b/debian/apache2.postinst
@@ -173,7 +173,11 @@ enable_default_mpm()
;;
apache2-mpm-itk)
- mpm="mpm_itk"
+ # apache2-mpm-itk is installed, which is a
+ # transitional package depending on
+ # libapache2-mpm-itk which will enable itself
+ # in its maintainer scripts.
+ mpm="mpm_prefork"
;;
*)
diff --git a/debian/changelog b/debian/changelog
index 3751673..fbfa0ee 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,8 +25,16 @@ apache2 (2.4.6-4) UNRELEASED; urgency=low
* Add a virtual provides line to the itk/worker/event/prefork transitional
packages so that people with an unusual (unsupported) Apache setup
can upgrade neatless in some corner cases (Closes: #728937)
+ * Drop the Apache ITK patches. The Apache ITK MPM is a standalone package
+ now and will be provided by libapache2-mpm-itk in future. The
+ apache2-mpm-itk package depends on this package from now on. Users of itk
+ are advised to consult the itk manual.
+ * Remove Steinar H. Gunderson from uploaders, he will continue to support
+ itk in his own package in future. The remaining Apache team thanks Steinar
+ for all the work in the past.
- -- Arno Töll <arno at debian.org> Thu, 07 Nov 2013 14:21:10 +0100
+
+ -- Arno Töll <arno at debian.org> Thu, 07 Nov 2013 22:46:29 +0100
apache2 (2.4.6-3) unstable; urgency=low
diff --git a/debian/config-dir/mods-available/mpm_itk.conf b/debian/config-dir/mods-available/mpm_itk.conf
deleted file mode 100644
index c85b5ab..0000000
--- a/debian/config-dir/mods-available/mpm_itk.conf
+++ /dev/null
@@ -1,17 +0,0 @@
-# itk MPM
-# StartServers: number of server processes to start
-# MinSpareServers: minimum number of server processes which are kept spare
-# MaxSpareServers: maximum number of server processes which are kept spare
-# MaxRequestWorkers: maximum number of server processes allowed to start
-# MaxConnectionsPerChild: maximum number of requests a server process serves
-# XXX adjust!
-
-<IfModule mpm_itk_module>
- StartServers 5
- MinSpareServers 5
- MaxSpareServers 10
- MaxRequestWorkers 150
- MaxConnectionsPerChild 0
-</IfModule>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/debian/config-dir/mods-available/mpm_itk.load b/debian/config-dir/mods-available/mpm_itk.load
deleted file mode 100644
index d9203f1..0000000
--- a/debian/config-dir/mods-available/mpm_itk.load
+++ /dev/null
@@ -1,2 +0,0 @@
-# Conflicts: mpm_event mpm_worker mpm_prefork
-LoadModule mpm_itk_module /usr/lib/apache2/modules/mod_mpm_itk.so
diff --git a/debian/control b/debian/control
index 3affc67..1ebff44 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,7 @@ Source: apache2
Section: httpd
Priority: optional
Maintainer: Debian Apache Maintainers <debian-apache at lists.debian.org>
-Uploaders: Stefan Fritsch <sf at debian.org>, Steinar H. Gunderson <sesse at debian.org>, Arno Töll <arno at debian.org>
+Uploaders: Stefan Fritsch <sf at debian.org>, Arno Töll <arno at debian.org>
Build-Depends: debhelper (>= 8.9.7~), lsb-release, dpkg-dev (>= 1.16.1~),
libaprutil1-dev (>= 1.5.0), libapr1-dev, libpcre3-dev, zlib1g-dev,
libssl-dev (>= 0.9.8m), libcap-dev [linux-any], perl,
@@ -101,7 +101,7 @@ Architecture: any
Section: oldlibs
Priority: extra
Provides: httpd, httpd-cgi
-Depends: ${misc:Depends}, apache2 (= ${binary:Version})
+Depends: ${misc:Depends}, apache2 (= ${binary:Version}), libapache2-mpm-itk
Description: transitional itk MPM package for apache2
This is a transitional package to apache2 for users of apache2-mpm-itk and
can be safely removed after the installation is complete.
diff --git a/debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch b/debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch
deleted file mode 100644
index 647a5d4..0000000
--- a/debian/patches/itk-fix-htaccess-reads-for-persistent-connections.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Fix an itk issue where users can sometimes get spurious 403s on persistent
-connections (the description in the comments explains the logic).
-This would particularly hit people with reverse proxies, since these
-have a higher tendency of accessing things from different vhosts in
-the same connection.
-
---- a/server/config.c
-+++ b/server/config.c
-@@ -52,6 +52,10 @@
- #include "util_varbuf.h"
- #include "mpm_common.h"
-
-+#include "http_connection.h"
-+#include <unistd.h>
-+#include <sys/types.h>
-+
- #define APLOG_UNSET (APLOG_NO_MODULE - 1)
- /* we know core's module_index is 0 */
- #undef APLOG_MODULE_INDEX
-@@ -69,6 +73,8 @@
-
- AP_DECLARE_DATA ap_directive_t *ap_conftree = NULL;
-
-+AP_DECLARE_DATA int ap_running_under_mpm_itk = 0;
-+
- APR_HOOK_STRUCT(
- APR_HOOK_LINK(header_parser)
- APR_HOOK_LINK(pre_config)
-@@ -2138,6 +2144,32 @@
- else {
- if (!APR_STATUS_IS_ENOENT(status)
- && !APR_STATUS_IS_ENOTDIR(status)) {
-+ /*
-+ * If we are in a persistent connection, we might end up in a state
-+ * where we can no longer read .htaccess files because we have already
-+ * setuid(). This can either be because the previous request was for
-+ * another vhost (basically the same problem as when setuid() fails in
-+ * itk.c), or it can be because a .htaccess file is readable only by
-+ * root.
-+ *
-+ * In any case, we don't want to give out a 403, since the request has
-+ * a very real chance of succeeding on a fresh connection (where
-+ * presumably uid=0). Thus, we give up serving the request on this
-+ * TCP connection, and do a hard close of the socket. As long as we're
-+ * in a persistent connection (and there _should_ not be a way this
-+ * would happen on the first request in a connection, save for subrequests,
-+ * which we special-case), this is allowed, as it is what happens on
-+ * a timeout. The browser will simply open a new connection and try
-+ * again (there's of course a performance hit, though, both due to
-+ * the new connection setup and the fork() of a new server child).
-+ */
-+ if (ap_running_under_mpm_itk && r->main == NULL && getuid() != 0) {
-+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, status, r,
-+ "Couldn't read %s, closing connection.",
-+ filename);
-+ ap_lingering_close(r->connection);
-+ exit(0);
-+ }
- ap_log_rerror(APLOG_MARK, APLOG_CRIT, status, r, APLOGNO(00529)
- "%s pcfg_openfile: unable to check htaccess file, "
- "ensure it is readable and that '%s' "
diff --git a/debian/patches/itk-rerun-configure.patch b/debian/patches/itk-rerun-configure.patch
deleted file mode 100644
index d2cf19a..0000000
--- a/debian/patches/itk-rerun-configure.patch
+++ /dev/null
@@ -1,784 +0,0 @@
-# the analogon of running autoheader; autoconf, which is a pain to clean up
-#
-# To refresh this,
-# - unpack apr+apr-util in srclib/apr{,-util}
-# - run 'fakeroot debian/rules server/mpm/itk/.stamp'
-# - run 'buildconf'
---- a/configure
-+++ b/configure
-@@ -1983,6 +1983,10 @@
- default. MPM={event|worker|prefork|winnt} This will
- be statically linked as the only available MPM
- unless --enable-mpms-shared is also specified.
-+ --with-mpm=MPM Choose the process model for Apache to use by
-+ default. MPM={event|worker|prefork|winnt|itk} This
-+ will be statically linked as the only available MPM
-+ unless --enable-mpms-shared is also specified.
- --with-module=module-type:module-file
- Enable module-file in the modules/<module-type>
- directory.
-@@ -25865,6 +25869,27 @@
-
- fi
-
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if itk MPM supports this platform" >&5
-+$as_echo_n "checking if itk MPM supports this platform... " >&6; }
-+if test $forking_mpms_supported != yes; then
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no - This is not a forking platform" >&5
-+$as_echo "no - This is not a forking platform" >&6; }
-+else
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
-+$as_echo "yes" >&6; }
-+
-+ if test "yes" = "yes"; then
-+ eval "ap_supported_mpm_itk=shared"
-+ ap_supported_shared_mpms="$ap_supported_shared_mpms itk "
-+ else
-+ eval "ap_supported_mpm_itk=static"
-+ fi
-+ if test "no" = "yes"; then
-+ eval "ap_threaded_mpm_itk=yes"
-+ fi
-+
-+fi
-+
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking if mpmt_os2 MPM supports this platform" >&5
- $as_echo_n "checking if mpmt_os2 MPM supports this platform... " >&6; }
- case $host in
-@@ -27480,6 +27505,182 @@
-
-
-
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which MPM to use by default" >&5
-+$as_echo_n "checking which MPM to use by default... " >&6; }
-+
-+# Check whether --with-mpm was given.
-+if test "${with_mpm+set}" = set; then :
-+ withval=$with_mpm;
-+ default_mpm=$withval
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5
-+$as_echo "$withval" >&6; };
-+
-+else
-+
-+ if ap_mpm_is_supported "winnt"; then
-+ default_mpm=winnt
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: winnt" >&5
-+$as_echo "winnt" >&6; }
-+ elif ap_mpm_is_supported "mpmt_os2"; then
-+ default_mpm=mpmt_os2
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: mpmt_os2" >&5
-+$as_echo "mpmt_os2" >&6; }
-+ elif ap_mpm_is_supported "event"; then
-+ default_mpm=event
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: event" >&5
-+$as_echo "event" >&6; }
-+ elif ap_mpm_is_supported "worker"; then
-+ default_mpm=worker
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: worker - event is not supported" >&5
-+$as_echo "worker - event is not supported" >&6; }
-+ else
-+ default_mpm=prefork
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: prefork - event and worker are not supported" >&5
-+$as_echo "prefork - event and worker are not supported" >&6; }
-+ fi
-+
-+fi
-+
-+
-+
-+ if ap_mpm_is_enabled $default_mpm; then
-+ :
-+ else
-+ eval "ap_enabled_mpm_$default_mpm=yes"
-+ ap_enabled_mpms="$ap_enabled_mpms $default_mpm "
-+ fi
-+
-+
-+# Check whether --enable-mpms-shared was given.
-+if test "${enable_mpms_shared+set}" = set; then :
-+ enableval=$enable_mpms_shared;
-+ if test "$enableval" = "no"; then
-+ mpm_build=static
-+ else
-+ mpm_build=shared
-+ if test "$enableval" = "yes"; then
-+ enableval=$default_mpm
-+ fi
-+ for i in $enableval; do
-+ if test "$i" = "all"; then
-+ for j in $ap_supported_shared_mpms; do
-+ eval "enable_mpm_$j=shared"
-+
-+ if ap_mpm_is_enabled $j; then
-+ :
-+ else
-+ eval "ap_enabled_mpm_$j=yes"
-+ ap_enabled_mpms="$ap_enabled_mpms $j "
-+ fi
-+
-+ done
-+ else
-+ i=`echo $i | sed 's/-/_/g'`
-+ if ap_mpm_supports_shared $i; then
-+ eval "enable_mpm_$i=shared"
-+
-+ if ap_mpm_is_enabled $i; then
-+ :
-+ else
-+ eval "ap_enabled_mpm_$i=yes"
-+ ap_enabled_mpms="$ap_enabled_mpms $i "
-+ fi
-+
-+ else
-+ as_fn_error $? "MPM $i does not support dynamic loading." "$LINENO" 5
-+ fi
-+ fi
-+ done
-+ fi
-+
-+else
-+ mpm_build=static
-+fi
-+
-+
-+for i in $ap_enabled_mpms; do
-+ if ap_mpm_is_supported $i; then
-+ :
-+ else
-+ as_fn_error $? "MPM $i is not supported on this platform." "$LINENO" 5
-+ fi
-+ if test "$i" = "itk" ; then
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_init in -lcap" >&5
-+$as_echo_n "checking for cap_init in -lcap... " >&6; }
-+if ${ac_cv_lib_cap_cap_init+:} false; then :
-+ $as_echo_n "(cached) " >&6
-+else
-+ ac_check_lib_save_LIBS=$LIBS
-+LIBS="-lcap $LIBS"
-+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
-+/* end confdefs.h. */
-+
-+/* Override any GCC internal prototype to avoid an error.
-+ Use char because int might match the return type of a GCC
-+ builtin and then its argument prototype would still apply. */
-+#ifdef __cplusplus
-+extern "C"
-+#endif
-+char cap_init ();
-+int
-+main ()
-+{
-+return cap_init ();
-+ ;
-+ return 0;
-+}
-+_ACEOF
-+if ac_fn_c_try_link "$LINENO"; then :
-+ ac_cv_lib_cap_cap_init=yes
-+else
-+ ac_cv_lib_cap_cap_init=no
-+fi
-+rm -f core conftest.err conftest.$ac_objext \
-+ conftest$ac_exeext conftest.$ac_ext
-+LIBS=$ac_check_lib_save_LIBS
-+fi
-+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_cap_init" >&5
-+$as_echo "$ac_cv_lib_cap_cap_init" >&6; }
-+if test "x$ac_cv_lib_cap_cap_init" = xyes; then :
-+ cat >>confdefs.h <<_ACEOF
-+#define HAVE_LIBCAP 1
-+_ACEOF
-+
-+ LIBS="-lcap $LIBS"
-+
-+fi
-+
-+ fi
-+done
-+
-+if test $mpm_build = "shared"; then
-+ eval "tmp=\$enable_mpm_$default_mpm"
-+ if test "$tmp" != "shared"; then
-+ as_fn_error $? "The default MPM ($default_mpm) must be included in --enable-mpms-shared. Use --with-mpm to change the default MPM." "$LINENO" 5
-+ fi
-+fi
-+
-+
-+ APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES server/mpm/Makefile"
-+
-+
-+if test $mpm_build = "shared"; then
-+ MPM_LIB=""
-+else
-+ MPM_LIB=server/mpm/$default_mpm/lib${default_mpm}.la
-+ MODLIST="$MODLIST mpm_${default_mpm}"
-+fi
-+
-+MPM_SUBDIRS=$ap_enabled_mpms
-+
-+ APACHE_VAR_SUBST="$APACHE_VAR_SUBST MPM_SUBDIRS"
-+
-+
-+
-+ APACHE_VAR_SUBST="$APACHE_VAR_SUBST MPM_LIB"
-+
-+
-+
-
-
- APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_MPM_EVENT_LDADD"
-@@ -27570,6 +27771,77 @@
-
-
-
-+ if ap_mpm_is_enabled itk; then
-+ if test -z ""; then
-+ objects="itk.lo"
-+ else
-+ objects=""
-+ fi
-+
-+ if test -z ""; then
-+ mpmpath="server/mpm/itk"
-+ else
-+ mpmpath=
-+ fi
-+
-+ test -d $mpmpath || $srcdir/build/mkdir.sh $mpmpath
-+
-+
-+ APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $mpmpath/Makefile"
-+
-+
-+ if test -z "$enable_mpm_itk"; then
-+
-+ if test "x$AP_LIBS" = "x"; then
-+ test "x$silent" != "xyes" && echo " setting AP_LIBS to \"\""
-+ AP_LIBS=""
-+ else
-+ apr_addto_bugger=""
-+ for i in $apr_addto_bugger; do
-+ apr_addto_duplicate="0"
-+ for j in $AP_LIBS; do
-+ if test "x$i" = "x$j"; then
-+ apr_addto_duplicate="1"
-+ break
-+ fi
-+ done
-+ if test $apr_addto_duplicate = "0"; then
-+ test "x$silent" != "xyes" && echo " adding \"$i\" to AP_LIBS"
-+ AP_LIBS="$AP_LIBS $i"
-+ fi
-+ done
-+ fi
-+
-+ libname="libitk.la"
-+ cat >$mpmpath/modules.mk<<EOF
-+$libname: $objects
-+ \$(MOD_LINK) $objects
-+DISTCLEAN_TARGETS = modules.mk
-+static = $libname
-+shared =
-+EOF
-+ else
-+ apache_need_shared=yes
-+ libname="mod_mpm_itk.la"
-+ shobjects=`echo $objects | sed 's/\.lo/.slo/g'`
-+ cat >$mpmpath/modules.mk<<EOF
-+$libname: $shobjects
-+ \$(SH_LINK) -rpath \$(libexecdir) -module -avoid-version $objects
-+DISTCLEAN_TARGETS = modules.mk
-+static =
-+shared = $libname
-+EOF
-+ # add default MPM to LoadModule list
-+ if test itk = $default_mpm; then
-+ DSO_MODULES="$DSO_MODULES mpm_itk"
-+ ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},mpm_itk"
-+ fi
-+ fi
-+
-+ fi
-+
-+
-+
- if ap_mpm_is_enabled prefork; then
- if test -z ""; then
- objects="prefork.lo"
-@@ -27811,6 +28083,7 @@
-
- if ap_mpm_is_enabled "worker" \
- || ap_mpm_is_enabled "event" \
-+ || ap_mpm_is_enabled "itk" \
- || ap_mpm_is_enabled "prefork"; then
- unixd_mods_enable=yes
- else
-@@ -30038,6 +30311,371 @@
-
-
-
-+
-+
-+ current_dir=arch/unix
-+ modpath_current=modules/arch/unix
-+ modpath_static=
-+ modpath_shared=
-+ for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do
-+ eval MOD_$var=
-+ done
-+ test -d arch/unix || $srcdir/build/mkdir.sh $modpath_current
-+ > $modpath_current/modules.mk
-+
-+
-+if ap_mpm_is_enabled "worker" \
-+ || ap_mpm_is_enabled "event" \
-+ || ap_mpm_is_enabled "prefork"; then
-+ unixd_mods_enable=yes
-+else
-+ unixd_mods_enable=no
-+fi
-+
-+
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_unixd" >&5
-+$as_echo_n "checking whether to enable mod_unixd... " >&6; }
-+ # Check whether --enable-unixd was given.
-+if test "${enable_unixd+set}" = set; then :
-+ enableval=$enable_unixd; force_unixd=$enableval
-+else
-+ enable_unixd=$unixd_mods_enable
-+fi
-+
-+ _apmod_extra_msg=""
-+ case "$enable_unixd" in
-+ yes|static|shared)
-+ _apmod_required="yes"
-+ ;;
-+ *)
-+ case "$module_selection" in
-+ reallyall|all|most)
-+ _apmod_required="no"
-+ ;;
-+ *)
-+ _apmod_required="yes"
-+ ;;
-+ esac
-+ esac
-+ if test "$enable_unixd" = "static"; then
-+ enable_unixd=static
-+ elif test "$enable_unixd" = "yes"; then
-+ enable_unixd=$module_default
-+ elif test "$enable_unixd" = "most"; then
-+ if test "$module_selection" = "most" -o "$module_selection" = "all" -o \
-+ "$module_selection" = "reallyall"
-+ then
-+ enable_unixd=$module_default
-+ elif test "$module_selection" = "few" -o "$module_selection" = "none"; then
-+ enable_unixd=no
-+ fi
-+ _apmod_extra_msg=" ($module_selection)"
-+ elif test "$enable_unixd" = "maybe-all"; then
-+ if test "$module_selection" = "all" -o "$module_selection" = "reallyall"
-+ then
-+ enable_unixd=$module_default
-+ _apmod_extra_msg=" ($module_selection)"
-+ else
-+ enable_unixd=no
-+ fi
-+ elif test "$enable_unixd" = "no" -a "$module_selection" = "reallyall" -a \
-+ "$force_unixd" != "no" ; then
-+ enable_unixd=$module_default
-+ _apmod_extra_msg=" ($module_selection)"
-+ fi
-+ if test "$enable_unixd" != "no"; then
-+ :
-+ fi
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_unixd$_apmod_extra_msg" >&5
-+$as_echo "$enable_unixd$_apmod_extra_msg" >&6; }
-+ if test "$enable_unixd" != "no"; then
-+ case "$enable_unixd" in
-+ static*)
-+ MODLIST="$MODLIST unixd"
-+ if test "unixd" = "so"; then
-+ sharedobjs=yes
-+ fi
-+ shared="";;
-+ *)
-+ enable_unixd=`echo $enable_unixd|sed 's/shared,*//'`
-+ sharedobjs=yes
-+ shared=yes
-+ DSO_MODULES="$DSO_MODULES unixd"
-+ if test "$unixd_mods_enable" = "yes" ; then
-+ ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},unixd"
-+ fi
-+ ;;
-+ esac
-+
-+
-+ if test -z ""; then
-+ objects="mod_unixd.lo"
-+ else
-+ objects=""
-+ fi
-+
-+ if test -z "$module_standalone"; then
-+ if test -z "$shared"; then
-+ # The filename of a convenience library must have a "lib" prefix:
-+ libname="libmod_unixd.la"
-+ BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname"
-+ modpath_static="$modpath_static $libname"
-+ cat >>$modpath_current/modules.mk<<EOF
-+$libname: $objects
-+ \$(MOD_LINK) $objects \$(MOD_UNIXD_LDADD)
-+EOF
-+ if test ! -z "\$(MOD_UNIXD_LDADD)"; then
-+
-+ if test "x$AP_LIBS" = "x"; then
-+ test "x$silent" != "xyes" && echo " setting AP_LIBS to \"\$(MOD_UNIXD_LDADD)\""
-+ AP_LIBS="\$(MOD_UNIXD_LDADD)"
-+ else
-+ apr_addto_bugger="\$(MOD_UNIXD_LDADD)"
-+ for i in $apr_addto_bugger; do
-+ apr_addto_duplicate="0"
-+ for j in $AP_LIBS; do
-+ if test "x$i" = "x$j"; then
-+ apr_addto_duplicate="1"
-+ break
-+ fi
-+ done
-+ if test $apr_addto_duplicate = "0"; then
-+ test "x$silent" != "xyes" && echo " adding \"$i\" to AP_LIBS"
-+ AP_LIBS="$AP_LIBS $i"
-+ fi
-+ done
-+ fi
-+
-+ fi
-+ else
-+ apache_need_shared=yes
-+ libname="mod_unixd.la"
-+ shobjects=`echo $objects | sed 's/\.lo/.slo/g'`
-+ modpath_shared="$modpath_shared $libname"
-+ cat >>$modpath_current/modules.mk<<EOF
-+$libname: $shobjects
-+ \$(SH_LINK) -rpath \$(libexecdir) -module -avoid-version $objects \$(MOD_UNIXD_LDADD)
-+EOF
-+ fi
-+ fi
-+
-+
-+ APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_UNIXD_LDADD"
-+
-+
-+
-+ fi
-+
-+
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_privileges" >&5
-+$as_echo_n "checking whether to enable mod_privileges... " >&6; }
-+ # Check whether --enable-privileges was given.
-+if test "${enable_privileges+set}" = set; then :
-+ enableval=$enable_privileges; force_privileges=$enableval
-+else
-+ enable_privileges=no
-+fi
-+
-+ _apmod_extra_msg=""
-+ case "$enable_privileges" in
-+ yes|static|shared)
-+ _apmod_required="yes"
-+ ;;
-+ *)
-+ case "$module_selection" in
-+ reallyall|all|most)
-+ _apmod_required="no"
-+ ;;
-+ *)
-+ _apmod_required="yes"
-+ ;;
-+ esac
-+ esac
-+ if test "$enable_privileges" = "static"; then
-+ enable_privileges=static
-+ elif test "$enable_privileges" = "yes"; then
-+ enable_privileges=$module_default
-+ elif test "$enable_privileges" = "most"; then
-+ if test "$module_selection" = "most" -o "$module_selection" = "all" -o \
-+ "$module_selection" = "reallyall"
-+ then
-+ enable_privileges=$module_default
-+ elif test "$module_selection" = "few" -o "$module_selection" = "none"; then
-+ enable_privileges=no
-+ fi
-+ _apmod_extra_msg=" ($module_selection)"
-+ elif test "$enable_privileges" = "maybe-all"; then
-+ if test "$module_selection" = "all" -o "$module_selection" = "reallyall"
-+ then
-+ enable_privileges=$module_default
-+ _apmod_extra_msg=" ($module_selection)"
-+ else
-+ enable_privileges=no
-+ fi
-+ elif test "$enable_privileges" = "no" -a "$module_selection" = "reallyall" -a \
-+ "$force_privileges" != "no" ; then
-+ enable_privileges=$module_default
-+ _apmod_extra_msg=" ($module_selection)"
-+ fi
-+ if test "$enable_privileges" != "no"; then
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: checking dependencies" >&5
-+$as_echo "checking dependencies" >&6; }
-+ :
-+
-+ for ac_header in priv.h
-+do :
-+ ac_fn_c_check_header_mongrel "$LINENO" "priv.h" "ac_cv_header_priv_h" "$ac_includes_default"
-+if test "x$ac_cv_header_priv_h" = xyes; then :
-+ cat >>confdefs.h <<_ACEOF
-+#define HAVE_PRIV_H 1
-+_ACEOF
-+ ap_HAVE_PRIV_H="yes"
-+else
-+ ap_HAVE_PRIV_H="no"
-+fi
-+
-+done
-+
-+ if test $ap_HAVE_PRIV_H = "no"; then
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Your system does not support privileges." >&5
-+$as_echo "$as_me: WARNING: Your system does not support privileges." >&2;}
-+ enable_privileges="no"
-+ fi
-+
-+ :
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable mod_privileges" >&5
-+$as_echo_n "checking whether to enable mod_privileges... " >&6; }
-+ if test "$enable_privileges" = "no"; then
-+ if test "$_apmod_required" = "no"; then
-+ _apmod_extra_msg=" (disabled)"
-+ else
-+ as_fn_error $? "mod_privileges has been requested but can not be built due to prerequisite failures" "$LINENO" 5
-+ fi
-+ fi
-+ fi
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_privileges$_apmod_extra_msg" >&5
-+$as_echo "$enable_privileges$_apmod_extra_msg" >&6; }
-+ if test "$enable_privileges" != "no"; then
-+ case "$enable_privileges" in
-+ static*)
-+ MODLIST="$MODLIST privileges"
-+ if test "privileges" = "so"; then
-+ sharedobjs=yes
-+ fi
-+ shared="";;
-+ *)
-+ enable_privileges=`echo $enable_privileges|sed 's/shared,*//'`
-+ sharedobjs=yes
-+ shared=yes
-+ DSO_MODULES="$DSO_MODULES privileges"
-+ if test "no" = "yes" ; then
-+ ENABLED_DSO_MODULES="${ENABLED_DSO_MODULES},privileges"
-+ fi
-+ ;;
-+ esac
-+
-+
-+ if test -z ""; then
-+ objects="mod_privileges.lo"
-+ else
-+ objects=""
-+ fi
-+
-+ if test -z "$module_standalone"; then
-+ if test -z "$shared"; then
-+ # The filename of a convenience library must have a "lib" prefix:
-+ libname="libmod_privileges.la"
-+ BUILTIN_LIBS="$BUILTIN_LIBS $modpath_current/$libname"
-+ modpath_static="$modpath_static $libname"
-+ cat >>$modpath_current/modules.mk<<EOF
-+$libname: $objects
-+ \$(MOD_LINK) $objects \$(MOD_PRIVILEGES_LDADD)
-+EOF
-+ if test ! -z "\$(MOD_PRIVILEGES_LDADD)"; then
-+
-+ if test "x$AP_LIBS" = "x"; then
-+ test "x$silent" != "xyes" && echo " setting AP_LIBS to \"\$(MOD_PRIVILEGES_LDADD)\""
-+ AP_LIBS="\$(MOD_PRIVILEGES_LDADD)"
-+ else
-+ apr_addto_bugger="\$(MOD_PRIVILEGES_LDADD)"
-+ for i in $apr_addto_bugger; do
-+ apr_addto_duplicate="0"
-+ for j in $AP_LIBS; do
-+ if test "x$i" = "x$j"; then
-+ apr_addto_duplicate="1"
-+ break
-+ fi
-+ done
-+ if test $apr_addto_duplicate = "0"; then
-+ test "x$silent" != "xyes" && echo " adding \"$i\" to AP_LIBS"
-+ AP_LIBS="$AP_LIBS $i"
-+ fi
-+ done
-+ fi
-+
-+ fi
-+ else
-+ apache_need_shared=yes
-+ libname="mod_privileges.la"
-+ shobjects=`echo $objects | sed 's/\.lo/.slo/g'`
-+ modpath_shared="$modpath_shared $libname"
-+ cat >>$modpath_current/modules.mk<<EOF
-+$libname: $shobjects
-+ \$(SH_LINK) -rpath \$(libexecdir) -module -avoid-version $objects \$(MOD_PRIVILEGES_LDADD)
-+EOF
-+ fi
-+ fi
-+
-+
-+ APACHE_VAR_SUBST="$APACHE_VAR_SUBST MOD_PRIVILEGES_LDADD"
-+
-+
-+
-+ fi
-+
-+
-+
-+ if test "x$INCLUDES" = "x"; then
-+ test "x$silent" != "xyes" && echo " setting INCLUDES to \"-I\$(top_srcdir)/$modpath_current\""
-+ INCLUDES="-I\$(top_srcdir)/$modpath_current"
-+ else
-+ apr_addto_bugger="-I\$(top_srcdir)/$modpath_current"
-+ for i in $apr_addto_bugger; do
-+ apr_addto_duplicate="0"
-+ for j in $INCLUDES; do
-+ if test "x$i" = "x$j"; then
-+ apr_addto_duplicate="1"
-+ break
-+ fi
-+ done
-+ if test $apr_addto_duplicate = "0"; then
-+ test "x$silent" != "xyes" && echo " adding \"$i\" to INCLUDES"
-+ INCLUDES="$INCLUDES $i"
-+ fi
-+ done
-+ fi
-+
-+
-+
-+ echo "DISTCLEAN_TARGETS = modules.mk" >> $modpath_current/modules.mk
-+ echo "static = $modpath_static" >> $modpath_current/modules.mk
-+ echo "shared = $modpath_shared" >> $modpath_current/modules.mk
-+ for var in CFLAGS CXXFLAGS CPPFLAGS LDFLAGS LIBS INCLUDES; do
-+ if eval val=\"\$MOD_$var\"; test -n "$val"; then
-+ echo "MOD_$var = $val" >> $modpath_current/modules.mk
-+ fi
-+ done
-+ if test ! -z "$modpath_static" -o ! -z "$modpath_shared"; then
-+ MODULE_DIRS="$MODULE_DIRS $current_dir"
-+ else
-+ MODULE_CLEANDIRS="$MODULE_CLEANDIRS $current_dir"
-+ fi
-+
-+ APACHE_FAST_OUTPUT_FILES="$APACHE_FAST_OUTPUT_FILES $modpath_current/Makefile"
-+
-+
-+
-+
-
- if ap_mpm_is_enabled mpmt_os2; then
- if test -z "mpmt_os2.lo mpmt_os2_child.lo"; then
---- a/include/ap_config_auto.h.in
-+++ b/include/ap_config_auto.h.in
-@@ -103,6 +103,9 @@
- /* Define to 1 if you have the `kqueue' function. */
- #undef HAVE_KQUEUE
-
-+/* Define to 1 if you have the `cap' library (-lcap). */
-+#undef HAVE_LIBCAP
-+
- /* Define to 1 if you have the <limits.h> header file. */
- #undef HAVE_LIMITS_H
-
---- a/build/ltmain.sh
-+++ b/build/ltmain.sh
-@@ -70,7 +70,7 @@
- # compiler: $LTCC
- # compiler flags: $LTCFLAGS
- # linker: $LD (gnu? $with_gnu_ld)
--# $progname: (GNU libtool) 2.4.2
-+# $progname: (GNU libtool) 2.4.2 Debian-2.4.2-1.3
- # automake: $automake_version
- # autoconf: $autoconf_version
- #
-@@ -80,7 +80,7 @@
-
- PROGRAM=libtool
- PACKAGE=libtool
--VERSION=2.4.2
-+VERSION="2.4.2 Debian-2.4.2-1.3"
- TIMESTAMP=""
- package_revision=1.3337
-
-@@ -5851,10 +5851,9 @@
- # -tp=* Portland pgcc target processor selection
- # --sysroot=* for sysroot support
- # -O*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
-- # -stdlib=* select c++ std lib with clang
- -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
- -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
-- -O*|-flto*|-fwhopr*|-fuse-linker-plugin|-stdlib=*)
-+ -O*|-flto*|-fwhopr*|-fuse-linker-plugin)
- func_quote_for_eval "$arg"
- arg="$func_quote_for_eval_result"
- func_append compile_command " $arg"
-@@ -6125,7 +6124,10 @@
- case $pass in
- dlopen) libs="$dlfiles" ;;
- dlpreopen) libs="$dlprefiles" ;;
-- link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
-+ link)
-+ libs="$deplibs %DEPLIBS%"
-+ test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
-+ ;;
- esac
- fi
- if test "$linkmode,$pass" = "lib,dlpreopen"; then
-@@ -6445,19 +6447,19 @@
- # It is a libtool convenience library, so add in its objects.
- func_append convenience " $ladir/$objdir/$old_library"
- func_append old_convenience " $ladir/$objdir/$old_library"
-+ tmp_libs=
-+ for deplib in $dependency_libs; do
-+ deplibs="$deplib $deplibs"
-+ if $opt_preserve_dup_deps ; then
-+ case "$tmp_libs " in
-+ *" $deplib "*) func_append specialdeplibs " $deplib" ;;
-+ esac
-+ fi
-+ func_append tmp_libs " $deplib"
-+ done
- elif test "$linkmode" != prog && test "$linkmode" != lib; then
- func_fatal_error "\`$lib' is not a convenience library"
- fi
-- tmp_libs=
-- for deplib in $dependency_libs; do
-- deplibs="$deplib $deplibs"
-- if $opt_preserve_dup_deps ; then
-- case "$tmp_libs " in
-- *" $deplib "*) func_append specialdeplibs " $deplib" ;;
-- esac
-- fi
-- func_append tmp_libs " $deplib"
-- done
- continue
- fi # $pass = conv
-
-@@ -7350,6 +7352,9 @@
- revision="$number_minor"
- lt_irix_increment=no
- ;;
-+ *)
-+ func_fatal_configuration "$modename: unknown library version type \`$version_type'"
-+ ;;
- esac
- ;;
- no)
diff --git a/debian/patches/itk/02-rename-prefork-to-itk.patch b/debian/patches/itk/02-rename-prefork-to-itk.patch
deleted file mode 100644
index 19c76de..0000000
--- a/debian/patches/itk/02-rename-prefork-to-itk.patch
+++ /dev/null
@@ -1,294 +0,0 @@
-Rename prefork to itk in the copy that was created in 01-copy-prefork.patch.
-
-Index: httpd-2.4.1/server/mpm/itk/config.m4
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/config.m4
-+++ httpd-2.4.1/server/mpm/itk/config.m4
-@@ -1,7 +1,7 @@
--AC_MSG_CHECKING(if prefork MPM supports this platform)
-+AC_MSG_CHECKING(if itk MPM supports this platform)
- if test $forking_mpms_supported != yes; then
- AC_MSG_RESULT(no - This is not a forking platform)
- else
- AC_MSG_RESULT(yes)
-- APACHE_MPM_SUPPORTED(prefork, yes, no)
-+ APACHE_MPM_SUPPORTED(itk, yes, no)
- fi
-Index: httpd-2.4.1/server/mpm/itk/config3.m4
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/config3.m4
-+++ httpd-2.4.1/server/mpm/itk/config3.m4
-@@ -1 +1 @@
--APACHE_MPM_MODULE(prefork, $enable_mpm_prefork)
-+APACHE_MPM_MODULE(itk, $enable_mpm_itk)
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -95,11 +95,11 @@ static int server_limit = 0;
- static int mpm_state = AP_MPMQ_STARTING;
- static ap_pod_t *pod;
-
--/* data retained by prefork across load/unload of the module
-+/* data retained by itk across load/unload of the module
- * allocated on first call to pre-config hook; located on
- * subsequent calls to pre-config hook
- */
--typedef struct prefork_retained_data {
-+typedef struct itk_retained_data {
- int first_server_limit;
- int module_loads;
- ap_generation_t my_generation;
-@@ -122,8 +122,8 @@ typedef struct prefork_retained_data {
- #define MAX_SPAWN_RATE (32)
- #endif
- int hold_off_on_exponential_spawning;
--} prefork_retained_data;
--static prefork_retained_data *retained;
-+} itk_retained_data;
-+static itk_retained_data *retained;
-
- #define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
-
-@@ -189,7 +189,7 @@ static void chdir_for_gprof(void)
- #define chdir_for_gprof()
- #endif
-
--static void prefork_note_child_killed(int childnum, pid_t pid,
-+static void itk_note_child_killed(int childnum, pid_t pid,
- ap_generation_t gen)
- {
- AP_DEBUG_ASSERT(childnum != -1); /* no scoreboard squatting with this MPM */
-@@ -200,7 +200,7 @@ static void prefork_note_child_killed(in
- ap_scoreboard_image->parent[childnum].pid = 0;
- }
-
--static void prefork_note_child_started(int slot, pid_t pid)
-+static void itk_note_child_started(int slot, pid_t pid)
- {
- ap_scoreboard_image->parent[slot].pid = pid;
- ap_run_child_status(ap_server_conf,
-@@ -219,7 +219,7 @@ static void clean_child_exit(int code)
- }
-
- if (one_process) {
-- prefork_note_child_killed(/* slot */ 0, 0, 0);
-+ itk_note_child_killed(/* slot */ 0, 0, 0);
- }
-
- ap_mpm_pod_close(pod);
-@@ -277,7 +277,7 @@ static void accept_mutex_off(void)
- #define SAFE_ACCEPT(stmt) do {stmt;} while(0)
- #endif
-
--static int prefork_query(int query_code, int *result, apr_status_t *rv)
-+static int itk_query(int query_code, int *result, apr_status_t *rv)
- {
- *rv = APR_SUCCESS;
- switch(query_code){
-@@ -330,9 +330,9 @@ static int prefork_query(int query_code,
- return OK;
- }
-
--static const char *prefork_get_name(void)
-+static const char *itk_get_name(void)
- {
-- return "prefork";
-+ return "itk";
- }
-
- /*****************************************************************
-@@ -735,7 +735,7 @@ static int make_child(server_rec *s, int
- apr_signal(SIGQUIT, SIG_DFL);
- #endif
- apr_signal(SIGTERM, sig_term);
-- prefork_note_child_started(slot, getpid());
-+ itk_note_child_started(slot, getpid());
- child_main(slot);
- /* NOTREACHED */
- }
-@@ -793,7 +793,7 @@ static int make_child(server_rec *s, int
- child_main(slot);
- }
-
-- prefork_note_child_started(slot, pid);
-+ itk_note_child_started(slot, pid);
-
- return 0;
- }
-@@ -914,7 +914,7 @@ static void perform_idle_server_maintena
- * Executive routines.
- */
-
--static int prefork_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
-+static int itk_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
- {
- int index;
- int remaining_children_to_start;
-@@ -1029,7 +1029,7 @@ static int prefork_run(apr_pool_t *_pcon
- if (child_slot >= 0) {
- (void) ap_update_child_status_from_indexes(child_slot, 0, SERVER_DEAD,
- (request_rec *) NULL);
-- prefork_note_child_killed(child_slot, 0, 0);
-+ itk_note_child_killed(child_slot, 0, 0);
- if (processed_status == APEXIT_CHILDSICK) {
- /* child detected a resource shortage (E[NM]FILE, ENOBUFS, etc)
- * cut the fork rate to the minimum
-@@ -1094,7 +1094,7 @@ static int prefork_run(apr_pool_t *_pcon
- ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, APLOGNO(00168) "killpg SIGTERM");
- }
- ap_reclaim_child_processes(1, /* Start with SIGTERM */
-- prefork_note_child_killed);
-+ itk_note_child_killed);
-
- /* cleanup pid file on normal shutdown */
- ap_remove_pid(pconf, ap_pid_fname);
-@@ -1128,7 +1128,7 @@ static int prefork_run(apr_pool_t *_pcon
- }
-
- /* Allow each child which actually finished to exit */
-- ap_relieve_child_processes(prefork_note_child_killed);
-+ ap_relieve_child_processes(itk_note_child_killed);
-
- /* cleanup pid file */
- ap_remove_pid(pconf, ap_pid_fname);
-@@ -1147,7 +1147,7 @@ static int prefork_run(apr_pool_t *_pcon
- sleep(1);
-
- /* Relieve any children which have now exited */
-- ap_relieve_child_processes(prefork_note_child_killed);
-+ ap_relieve_child_processes(itk_note_child_killed);
-
- active_children = 0;
- for (index = 0; index < ap_daemons_limit; ++index) {
-@@ -1216,7 +1216,7 @@ static int prefork_run(apr_pool_t *_pcon
- ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, APLOGNO(00172) "killpg SIGHUP");
- }
- ap_reclaim_child_processes(0, /* Not when just starting up */
-- prefork_note_child_killed);
-+ itk_note_child_killed);
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf, APLOGNO(00173)
- "SIGHUP received. Attempting to restart");
- }
-@@ -1227,7 +1227,7 @@ static int prefork_run(apr_pool_t *_pcon
- /* This really should be a post_config hook, but the error log is already
- * redirected by that point, so we need to do this in the open_logs phase.
- */
--static int prefork_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
-+static int itk_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
- {
- int startup = 0;
- int level_flags = 0;
-@@ -1257,11 +1257,11 @@ static int prefork_open_logs(apr_pool_t
- return OK;
- }
-
--static int prefork_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
-+static int itk_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
- {
- int no_detach, debug, foreground;
- apr_status_t rv;
-- const char *userdata_key = "mpm_prefork_module";
-+ const char *userdata_key = "mpm_itk_module";
-
- mpm_state = AP_MPMQ_STARTING;
-
-@@ -1315,7 +1315,7 @@ static int prefork_pre_config(apr_pool_t
- return OK;
- }
-
--static int prefork_check_config(apr_pool_t *p, apr_pool_t *plog,
-+static int itk_check_config(apr_pool_t *p, apr_pool_t *plog,
- apr_pool_t *ptemp, server_rec *s)
- {
- int startup = 0;
-@@ -1401,7 +1401,7 @@ static int prefork_check_config(apr_pool
- ap_daemons_limit = 1;
- }
-
-- /* ap_daemons_to_start > ap_daemons_limit checked in prefork_run() */
-+ /* ap_daemons_to_start > ap_daemons_limit checked in itk_run() */
- if (ap_daemons_to_start < 0) {
- if (startup) {
- ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_STARTUP, 0, NULL, APLOGNO(00184)
-@@ -1432,12 +1432,12 @@ static int prefork_check_config(apr_pool
- ap_daemons_min_free = 1;
- }
-
-- /* ap_daemons_max_free < ap_daemons_min_free + 1 checked in prefork_run() */
-+ /* ap_daemons_max_free < ap_daemons_min_free + 1 checked in itk_run() */
-
- return OK;
- }
-
--static void prefork_hooks(apr_pool_t *p)
-+static void itk_hooks(apr_pool_t *p)
- {
- /* Our open_logs hook function must run before the core's, or stderr
- * will be redirected to a file, and the messages won't print to the
-@@ -1445,15 +1445,15 @@ static void prefork_hooks(apr_pool_t *p)
- */
- static const char *const aszSucc[] = {"core.c", NULL};
-
-- ap_hook_open_logs(prefork_open_logs, NULL, aszSucc, APR_HOOK_REALLY_FIRST);
-+ ap_hook_open_logs(itk_open_logs, NULL, aszSucc, APR_HOOK_REALLY_FIRST);
- /* we need to set the MPM state before other pre-config hooks use MPM query
- * to retrieve it, so register as REALLY_FIRST
- */
-- ap_hook_pre_config(prefork_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
-- ap_hook_check_config(prefork_check_config, NULL, NULL, APR_HOOK_MIDDLE);
-- ap_hook_mpm(prefork_run, NULL, NULL, APR_HOOK_MIDDLE);
-- ap_hook_mpm_query(prefork_query, NULL, NULL, APR_HOOK_MIDDLE);
-- ap_hook_mpm_get_name(prefork_get_name, NULL, NULL, APR_HOOK_MIDDLE);
-+ ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
-+ ap_hook_check_config(itk_check_config, NULL, NULL, APR_HOOK_MIDDLE);
-+ ap_hook_mpm(itk_run, NULL, NULL, APR_HOOK_MIDDLE);
-+ ap_hook_mpm_query(itk_query, NULL, NULL, APR_HOOK_MIDDLE);
-+ ap_hook_mpm_get_name(itk_get_name, NULL, NULL, APR_HOOK_MIDDLE);
- }
-
- static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg)
-@@ -1515,7 +1515,7 @@ static const char *set_server_limit (cmd
- return NULL;
- }
-
--static const command_rec prefork_cmds[] = {
-+static const command_rec itk_cmds[] = {
- LISTEN_COMMANDS,
- AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
- "Number of child processes launched at server startup"),
-@@ -1533,13 +1533,13 @@ AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
- { NULL }
- };
-
--AP_DECLARE_MODULE(mpm_prefork) = {
-+AP_DECLARE_MODULE(mpm_itk) = {
- MPM20_MODULE_STUFF,
- NULL, /* hook to run before apache parses args */
- NULL, /* create per-directory config structure */
- NULL, /* merge per-directory config structures */
- NULL, /* create per-server config structure */
- NULL, /* merge per-server config structures */
-- prefork_cmds, /* command apr_table_t */
-- prefork_hooks, /* register hooks */
-+ itk_cmds, /* command apr_table_t */
-+ itk_hooks, /* register hooks */
- };
-Index: httpd-2.4.1/server/mpm/itk/mpm_default.h
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/mpm_default.h
-+++ httpd-2.4.1/server/mpm/itk/mpm_default.h
-@@ -15,10 +15,10 @@
- */
-
- /**
-- * @file prefork/mpm_default.h
-- * @brief Prefork MPM defaults
-+ * @file itk/mpm_default.h
-+ * @brief ITK MPM defaults
- *
-- * @defgroup APACHE_MPM_PREFORK Prefork MPM
-+ * @defgroup APACHE_MPM_ITK Apache ITK
- * @ingroup APACHE_INTERNAL
- * @{
- */
diff --git a/debian/patches/itk/05-add-copyright.patch b/debian/patches/itk/05-add-copyright.patch
deleted file mode 100644
index 0528ec9..0000000
--- a/debian/patches/itk/05-add-copyright.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Add copyright notices, as the next patches are going to add code.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -12,6 +12,12 @@
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-+ *
-+ * Portions copyright 2005-2012 Steinar H. Gunderson <sgunderson at bigfoot.com>.
-+ * Licensed under the same terms as the rest of Apache.
-+ *
-+ * Portions copyright 2008 Knut Auvor Grythe <knut at auvor.no>.
-+ * Licensed under the same terms as the rest of Apache.
- */
-
- #include "apr.h"
-Index: httpd-2.4.1/server/mpm/itk/mpm_default.h
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/mpm_default.h
-+++ httpd-2.4.1/server/mpm/itk/mpm_default.h
-@@ -12,6 +12,12 @@
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-+ *
-+ * Portions copyright 2005-2012 Steinar H. Gunderson <sgunderson at bigfoot.com>.
-+ * Licensed under the same terms as the rest of Apache.
-+ *
-+ * Portions copyright 2008 Knut Auvor Grythe <knut at auvor.no>.
-+ * Licensed under the same terms as the rest of Apache.
- */
-
- /**
diff --git a/debian/patches/itk/07-base-functionality.patch b/debian/patches/itk/07-base-functionality.patch
deleted file mode 100644
index d48edbb..0000000
--- a/debian/patches/itk/07-base-functionality.patch
+++ /dev/null
@@ -1,229 +0,0 @@
-Add the base functionality of mpm_itk over prefork; parse the new configuration
-options, fork on each new connection, and setuid() as required.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -26,6 +26,11 @@
- #include "apr_thread_proc.h"
- #include "apr_signal.h"
-
-+# define _DBG(text,par...) \
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
-+ "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \
-+ getpid(), getuid(), getgid(), __FUNCTION__, par)
-+
- #define APR_WANT_STDIO
- #define APR_WANT_STRFUNC
- #include "apr_want.h"
-@@ -64,6 +69,9 @@
- #include <signal.h>
- #include <sys/times.h>
-
-+/* Import our private hook. */
-+AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r))
-+
- /* Limit on the total --- clients will be locked out if more servers than
- * this are needed. It is intended solely to keep the server from crashing
- * when things get out of hand.
-@@ -153,6 +161,15 @@ static pid_t ap_my_pid; /* it seems sill
- static pid_t parent_pid;
- static int my_child_num;
-
-+typedef struct
-+{
-+ uid_t uid;
-+ gid_t gid;
-+ char *username;
-+} itk_per_dir_conf;
-+
-+module AP_MODULE_DECLARE_DATA mpm_itk_module;
-+
- #ifdef GPROF
- /*
- * change directory for gprof to plop the gmon.out file
-@@ -542,10 +559,6 @@ static void child_main(int child_num_arg
- clean_child_exit(APEXIT_CHILDFATAL);
- }
-
-- if (ap_run_drop_privileges(pchild, ap_server_conf)) {
-- clean_child_exit(APEXIT_CHILDFATAL);
-- }
--
- ap_run_child_init(pchild, ap_server_conf);
-
- ap_create_sb_handle(&sbh, pchild, my_child_num, 0);
-@@ -695,13 +708,40 @@ static void child_main(int child_num_arg
- * socket options, file descriptors, and read/write buffers.
- */
-
-- current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
-- if (current_conn) {
-+ {
-+ pid_t pid = fork(), child_pid;
-+ int status;
-+ switch (pid) {
-+ case -1:
-+ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork: Unable to fork new process");
-+ break;
-+ case 0: /* child */
-+ current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
-+ if (current_conn) {
- #if APR_HAS_THREADS
-- current_conn->current_thread = thd;
-+ current_conn->current_thread = thd;
- #endif
-- ap_process_connection(current_conn, csd);
-- ap_lingering_close(current_conn);
-+ ap_process_connection(current_conn, csd);
-+ ap_lingering_close(current_conn);
-+ }
-+ exit(0);
-+ default: /* parent; just wait for child to be done */
-+ do {
-+ child_pid = waitpid(pid, &status, 0);
-+ } while (child_pid == -1 && errno == EINTR);
-+
-+ if (child_pid != pid || !WIFEXITED(status)) {
-+ if (WIFSIGNALED(status)) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status));
-+ } else if (WEXITSTATUS(status) != 0) {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child exited with non-zero exit status %u", WEXITSTATUS(status));
-+ } else {
-+ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "waitpid() failed");
-+ }
-+ clean_child_exit(1);
-+ }
-+ break;
-+ }
- }
-
- /* Check the pod and the generation number after processing a
-@@ -719,6 +759,10 @@ static void child_main(int child_num_arg
- */
- die_now = 1;
- }
-+
-+ /* if we have already setuid(), die (we can't be used anyhow) */
-+ if (getuid())
-+ die_now = 1;
- }
- apr_pool_clear(ptrans); /* kludge to avoid crash in APR reslist cleanup code */
- clean_child_exit(0);
-@@ -1443,6 +1487,56 @@ static int itk_check_config(apr_pool_t *
- return OK;
- }
-
-+static int itk_post_perdir_config(request_rec *r)
-+{
-+ uid_t wanted_uid;
-+ gid_t wanted_gid;
-+ const char *wanted_username;
-+ int err = 0;
-+
-+ itk_per_dir_conf *dconf =
-+ (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
-+
-+ strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
-+ ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
-+
-+ wanted_uid = dconf->uid;
-+ wanted_gid = dconf->gid;
-+ wanted_username = dconf->username;
-+
-+ if (wanted_uid == -1 || wanted_gid == -1) {
-+ wanted_uid = ap_unixd_config.user_id;
-+ wanted_gid = ap_unixd_config.group_id;
-+ wanted_username = ap_unixd_config.user_name;
-+ }
-+
-+ if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
-+ if (setgid(wanted_gid)) {
-+ _DBG("setgid(%d): %s", wanted_gid, strerror(errno));
-+ err = 1;
-+ } else if (initgroups(wanted_username, wanted_gid)) {
-+ _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno));
-+ err = 1;
-+ } else if (setuid(wanted_uid)) {
-+ _DBG("setuid(%d): %s", wanted_uid, strerror(errno));
-+ err = 1;
-+ }
-+ }
-+
-+ /*
-+ * Most likely a case of switching uid/gid within a persistent
-+ * connection; the RFCs allow us to just close the connection
-+ * at anytime, so we excercise our right. :-)
-+ */
-+ if (err) {
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
-+ "Couldn't set uid/gid, closing connection.");
-+ ap_lingering_close(r->connection);
-+ exit(0);
-+ }
-+ return OK;
-+}
-+
- static void itk_hooks(apr_pool_t *p)
- {
- /* Our open_logs hook function must run before the core's, or stderr
-@@ -1460,6 +1554,9 @@ static void itk_hooks(apr_pool_t *p)
- ap_hook_mpm(itk_run, NULL, NULL, APR_HOOK_MIDDLE);
- ap_hook_mpm_query(itk_query, NULL, NULL, APR_HOOK_MIDDLE);
- ap_hook_mpm_get_name(itk_get_name, NULL, NULL, APR_HOOK_MIDDLE);
-+
-+ /* set the uid as fast as possible, but not before merging per-dit config */
-+ ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
- }
-
- static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg)
-@@ -1521,6 +1618,21 @@ static const char *set_server_limit (cmd
- return NULL;
- }
-
-+static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name)
-+{
-+ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
-+
-+ const char *err = ap_check_cmd_context(cmd, NOT_IN_HTACCESS);
-+ if (err) {
-+ return err;
-+ }
-+
-+ dconf->username = apr_pstrdup(cmd->pool, user_name);
-+ dconf->uid = ap_uname2id(user_name);
-+ dconf->gid = ap_gname2id(group_name);
-+ return NULL;
-+}
-+
- static const command_rec itk_cmds[] = {
- LISTEN_COMMANDS,
- AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
-@@ -1535,14 +1647,25 @@ AP_INIT_TAKE1("MaxRequestWorkers", set_m
- "Maximum number of children alive at the same time"),
- AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF,
- "Maximum value of MaxRequestWorkers for this run of Apache"),
-+AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF,
-+ "Tie a virtual host to a specific child process."),
- AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
- { NULL }
- };
-
-+/* == allocate a private per-dir config structure == */
-+static void *itk_create_dir_config(apr_pool_t *p, char *dummy)
-+{
-+ itk_per_dir_conf *c = (itk_per_dir_conf *)
-+ apr_pcalloc(p, sizeof(itk_per_dir_conf));
-+ c->uid = c->gid = -1;
-+ return c;
-+}
-+
- AP_DECLARE_MODULE(mpm_itk) = {
- MPM20_MODULE_STUFF,
- NULL, /* hook to run before apache parses args */
-- NULL, /* create per-directory config structure */
-+ itk_create_dir_config, /* create per-directory config structure */
- NULL, /* merge per-directory config structures */
- NULL, /* create per-server config structure */
- NULL, /* merge per-server config structures */
diff --git a/debian/patches/itk/08-max-clients-per-vhost.patch b/debian/patches/itk/08-max-clients-per-vhost.patch
deleted file mode 100644
index 8953217..0000000
--- a/debian/patches/itk/08-max-clients-per-vhost.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-Enforce the per-vhost server limit. Note that this is per-vhost, not
-per-directory (since it works by reading the scoreboard), so we need to add
-per-server configuration data.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -168,6 +168,11 @@ typedef struct
- char *username;
- } itk_per_dir_conf;
-
-+typedef struct
-+{
-+ int max_clients_vhost;
-+} itk_server_conf;
-+
- module AP_MODULE_DECLARE_DATA mpm_itk_module;
-
- #ifdef GPROF
-@@ -1493,9 +1498,29 @@ static int itk_post_perdir_config(reques
- gid_t wanted_gid;
- const char *wanted_username;
- int err = 0;
-+
-+ itk_server_conf *sconf =
-+ (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module);
-+ itk_per_dir_conf *dconf;
-+
-+ /* Enforce MaxClientsVhost. */
-+ if (sconf->max_clients_vhost > 0) {
-+ int i, num_other_servers = 0;
-+ for (i = 0; i < ap_daemons_limit; ++i) {
-+ worker_score *ws = &ap_scoreboard_image->servers[i][0];
-+ if (ws->status >= SERVER_BUSY_READ && strncmp(ws->vhost, r->server->server_hostname, 31) == 0)
-+ ++num_other_servers;
-+ }
-
-- itk_per_dir_conf *dconf =
-- (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
-+ if (num_other_servers > sconf->max_clients_vhost) {
-+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
-+ "MaxClientsVhost reached for %s, refusing client.",
-+ r->server->server_hostname);
-+ return HTTP_SERVICE_UNAVAILABLE;
-+ }
-+ }
-+
-+ dconf = (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
-
- strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
- ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
-@@ -1633,6 +1658,14 @@ static const char *assign_user_id (cmd_p
- return NULL;
- }
-
-+static const char *set_max_clients_vhost (cmd_parms *cmd, void *dummy, const char *arg)
-+{
-+ itk_server_conf *sconf =
-+ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module);
-+ sconf->max_clients_vhost = atoi(arg);
-+ return NULL;
-+}
-+
- static const command_rec itk_cmds[] = {
- LISTEN_COMMANDS,
- AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
-@@ -1649,6 +1682,8 @@ AP_INIT_TAKE1("ServerLimit", set_server_
- "Maximum value of MaxRequestWorkers for this run of Apache"),
- AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF,
- "Tie a virtual host to a specific child process."),
-+AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF,
-+ "Maximum number of children alive at the same time for this virtual host."),
- AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
- { NULL }
- };
-@@ -1662,12 +1697,21 @@ static void *itk_create_dir_config(apr_p
- return c;
- }
-
-+/* == allocate a private server config structure == */
-+static void *itk_create_server_config(apr_pool_t *p, server_rec *s)
-+{
-+ itk_server_conf *c = (itk_server_conf *)
-+ apr_pcalloc(p, sizeof(itk_server_conf));
-+ c->max_clients_vhost = -1;
-+ return c;
-+}
-+
- AP_DECLARE_MODULE(mpm_itk) = {
- MPM20_MODULE_STUFF,
- NULL, /* hook to run before apache parses args */
- itk_create_dir_config, /* create per-directory config structure */
- NULL, /* merge per-directory config structures */
-- NULL, /* create per-server config structure */
-+ itk_create_server_config, /* create per-server config structure */
- NULL, /* merge per-server config structures */
- itk_cmds, /* command apr_table_t */
- itk_hooks, /* register hooks */
diff --git a/debian/patches/itk/09-capabilities.patch b/debian/patches/itk/09-capabilities.patch
deleted file mode 100644
index 3093587..0000000
--- a/debian/patches/itk/09-capabilities.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Use Linux' capability system to run as a sort of "lesser root"; we drop nearly
-all root privilegies except the ability to setuid. An attacker capable of injecting
-code will still be able to run as any (normal) user on the system, but at least
-he/she cannot directly load kernel code etc.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -66,6 +66,10 @@
- #include <sys/processor.h> /* for bindprocessor() */
- #endif
-
-+#if HAVE_LIBCAP
-+#include <sys/capability.h>
-+#endif
-+
- #include <signal.h>
- #include <sys/times.h>
-
-@@ -522,6 +526,15 @@ static void child_main(int child_num_arg
- int last_poll_idx = 0;
- const char *lockfile;
-
-+#if HAVE_LIBCAP
-+ cap_t caps;
-+ cap_value_t suidcaps[] = {
-+ CAP_SETUID,
-+ CAP_SETGID,
-+ CAP_DAC_READ_SEARCH,
-+ };
-+#endif
-+
- mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this
- * child initializes
- */
-@@ -596,6 +609,22 @@ static void child_main(int child_num_arg
- lr->accept_func = ap_unixd_accept;
- }
-
-+#if HAVE_LIBCAP
-+ /* Drop as many privileges as we can. We'll still
-+ * access files with uid=0, and we can setuid() to anything, but
-+ * at least there's tons of other evilness (like loading kernel
-+ * modules) we can't do directly. (The setuid() capability will
-+ * go away automatically when we setuid() or exec() -- the former
-+ * is likely to come first.)
-+ */
-+ caps = cap_init();
-+ cap_clear(caps);
-+ cap_set_flag(caps, CAP_PERMITTED, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET);
-+ cap_set_flag(caps, CAP_EFFECTIVE, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET);
-+ cap_set_proc(caps);
-+ cap_free(caps);
-+#endif
-+
- mpm_state = AP_MPMQ_RUNNING;
-
- bucket_alloc = apr_bucket_alloc_create(pchild);
diff --git a/debian/patches/itk/10-nice.patch b/debian/patches/itk/10-nice.patch
deleted file mode 100644
index c2f9c3d..0000000
--- a/debian/patches/itk/10-nice.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-Support a per-location nice value. Note that since we now have two different settings
-in the per-dir configuration, we need to introduce a merge function.
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -165,11 +165,14 @@ static pid_t ap_my_pid; /* it seems sill
- static pid_t parent_pid;
- static int my_child_num;
-
-+#define UNSET_NICE_VALUE 100
-+
- typedef struct
- {
- uid_t uid;
- gid_t gid;
- char *username;
-+ int nice_value;
- } itk_per_dir_conf;
-
- typedef struct
-@@ -532,6 +535,7 @@ static void child_main(int child_num_arg
- CAP_SETUID,
- CAP_SETGID,
- CAP_DAC_READ_SEARCH,
-+ CAP_SYS_NICE,
- };
- #endif
-
-@@ -1554,6 +1558,12 @@ static int itk_post_perdir_config(reques
- strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
- ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
-
-+ if (dconf->nice_value != UNSET_NICE_VALUE &&
-+ setpriority(PRIO_PROCESS, 0, dconf->nice_value)) {
-+ _DBG("setpriority(): %s", strerror(errno));
-+ err = 1;
-+ }
-+
- wanted_uid = dconf->uid;
- wanted_gid = dconf->gid;
- wanted_username = dconf->username;
-@@ -1564,7 +1574,7 @@ static int itk_post_perdir_config(reques
- wanted_username = ap_unixd_config.user_name;
- }
-
-- if (wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
-+ if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
- if (setgid(wanted_gid)) {
- _DBG("setgid(%d): %s", wanted_gid, strerror(errno));
- err = 1;
-@@ -1584,7 +1594,7 @@ static int itk_post_perdir_config(reques
- */
- if (err) {
- ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
-- "Couldn't set uid/gid, closing connection.");
-+ "Couldn't set uid/gid/priority, closing connection.");
- ap_lingering_close(r->connection);
- exit(0);
- }
-@@ -1695,6 +1705,27 @@ static const char *set_max_clients_vhost
- return NULL;
- }
-
-+static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg)
-+{
-+ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
-+ int nice_value = atoi(arg);
-+
-+ if (nice_value < -20) {
-+ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
-+ "WARNING: NiceValue of %d is below -20, increasing NiceValue to -20.",
-+ nice_value);
-+ nice_value = -20;
-+ }
-+ else if (nice_value > 19) {
-+ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
-+ "WARNING: NiceValue of %d is above 19, lowering NiceValue to 19.",
-+ nice_value);
-+ nice_value = 19;
-+ }
-+ dconf->nice_value = nice_value;
-+ return NULL;
-+}
-+
- static const command_rec itk_cmds[] = {
- LISTEN_COMMANDS,
- AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
-@@ -1713,6 +1744,8 @@ AP_INIT_TAKE2("AssignUserID", assign_use
- "Tie a virtual host to a specific child process."),
- AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF,
- "Maximum number of children alive at the same time for this virtual host."),
-+AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF,
-+ "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."),
- AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
- { NULL }
- };
-@@ -1723,6 +1756,32 @@ static void *itk_create_dir_config(apr_p
- itk_per_dir_conf *c = (itk_per_dir_conf *)
- apr_pcalloc(p, sizeof(itk_per_dir_conf));
- c->uid = c->gid = -1;
-+ c->nice_value = UNSET_NICE_VALUE;
-+ return c;
-+}
-+
-+/* == merge the parent per-dir config structure into ours == */
-+static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr)
-+{
-+ itk_per_dir_conf *c = (itk_per_dir_conf *)
-+ itk_create_dir_config(p, NULL);
-+ itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr;
-+ itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr;
-+
-+ if (child->username != NULL) {
-+ c->username = child->username;
-+ c->uid = child->uid;
-+ c->gid = child->gid;
-+ } else {
-+ c->username = parent->username;
-+ c->uid = parent->uid;
-+ c->gid = parent->gid;
-+ }
-+ if (child->nice_value != UNSET_NICE_VALUE) {
-+ c->nice_value = child->nice_value;
-+ } else {
-+ c->nice_value = parent->nice_value;
-+ }
- return c;
- }
-
-@@ -1739,7 +1798,7 @@ AP_DECLARE_MODULE(mpm_itk) = {
- MPM20_MODULE_STUFF,
- NULL, /* hook to run before apache parses args */
- itk_create_dir_config, /* create per-directory config structure */
-- NULL, /* merge per-directory config structures */
-+ itk_merge_dir_config, /* merge per-directory config structures */
- itk_create_server_config, /* create per-server config structure */
- NULL, /* merge per-server config structures */
- itk_cmds, /* command apr_table_t */
diff --git a/debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch b/debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch
deleted file mode 100644
index b8033a6..0000000
--- a/debian/patches/itk/11-fix-htaccess-reads-for-persistent-connections.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-To work around an issue where users can sometimes get spurious 403s on
-persistent connections the server needs to know it is running itk:
-
-Index: httpd-2.4.1/server/mpm/itk/itk.c
-===================================================================
---- httpd-2.4.1.orig/server/mpm/itk/itk.c
-+++ httpd-2.4.1/server/mpm/itk/itk.c
-@@ -181,6 +181,7 @@ typedef struct
- } itk_server_conf;
-
- module AP_MODULE_DECLARE_DATA mpm_itk_module;
-+extern AP_DECLARE_DATA int ap_running_under_mpm_itk;
-
- #ifdef GPROF
- /*
-@@ -543,6 +544,7 @@ static void child_main(int child_num_arg
- * child initializes
- */
-
-+ ap_running_under_mpm_itk = 1;
- my_child_num = child_num_arg;
- ap_my_pid = getpid();
- requests_this_child = 0;
diff --git a/debian/patches/itk/README b/debian/patches/itk/README
deleted file mode 100644
index 7fbbeb1..0000000
--- a/debian/patches/itk/README
+++ /dev/null
@@ -1,5 +0,0 @@
-This is a prerelease version of mpm-itk against Apache 2.4.1.
-It is barely tested at all; use with caution.
-
-Follow the mpm-itk mailing list (http://lists.err.no/mailman/listinfo/mpm-itk)
-for a production 2.4 release.
diff --git a/debian/patches/itk/series b/debian/patches/itk/series
deleted file mode 100644
index c2af971..0000000
--- a/debian/patches/itk/series
+++ /dev/null
@@ -1,12 +0,0 @@
-#00-fix-bug-52904.patch
-#01-copy-prefork.patch
-02-rename-prefork-to-itk.patch
-#03-add-mpm-to-build-system.patch
-05-add-copyright.patch
-#06-hook-just-after-merging-perdir-config.patch
-07-base-functionality.patch
-08-max-clients-per-vhost.patch
-09-capabilities.patch
-10-nice.patch
-11-fix-htaccess-reads-for-persistent-connections.patch
-#99-rerun-configure.patch
diff --git a/debian/patches/series b/debian/patches/series
index 019f931..4d3cd0d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,14 +6,4 @@ suexec-CVE-2007-1742.patch
customize_apxs.patch
build_suexec-custom.patch
open_htaccess_hook.patch
-# The patch below must not be applied by quilt at extraction time. It depends
-# on some script-fu to be executed before. Have a look
-# to debian/rules' prepare-custom-suexec target.
-# If you're aware of that you can uncomment it at any time later and work on it
-# as you wish. However, it must be shipped commented out in the final package.
-#suexec-custom.patch
-# some changes to the core needed for itk:
-add-itk-to-build-system.patch
-itk-fix-htaccess-reads-for-persistent-connections.patch
-itk-rerun-configure.patch
fix_CHANGES
diff --git a/debian/rules b/debian/rules
index 9a3bf41..b15ef25 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,16 +24,6 @@ support/suexec-custom.c: support/suexec.c debian/patches/suexec-custom.patch
cp support/suexec.c support/suexec-custom.c
patch -p1 -i debian/patches/suexec-custom.patch
-server/mpm/itk/.stamp:
- mkdir server/mpm/itk/
- cp server/mpm/prefork/* server/mpm/itk/
- mv server/mpm/itk/prefork.c server/mpm/itk/itk.c
- set -ex; for p in $$(grep -v '^#' debian/patches/itk/series) ; do \
- echo Applying $$p ... ;\
- patch -p1 -i debian/patches/itk/$$p ;\
- done
- touch "$@"
-
prebuild-checks:
ERRS="" ;\
for a in $$(find debian/config-dir/ -type f) ; do \
@@ -86,7 +76,7 @@ generate-maintainer-scripts:
clean build build-arch build-indep binary binary-arch binary-indep: %:
dh $@ --parallel --with autotools_dev
-override_dh_auto_configure: generate-maintainer-scripts prebuild-checks server/mpm/itk/.stamp support/suexec-custom.c
+override_dh_auto_configure: generate-maintainer-scripts prebuild-checks support/suexec-custom.c
./configure --enable-layout=Debian --enable-so --with-program-name=apache2 \
--enable-suexec --with-suexec-caller=www-data \
--with-suexec-bin=/usr/lib/apache2/suexec --with-suexec-docroot=/var/www \
@@ -102,13 +92,6 @@ override_dh_auto_configure: generate-maintainer-scripts prebuild-checks server/m
LTFLAGS="$(AP2_LTFLAGS)"
-ifeq ($(DEB_HOST_ARCH_OS),linux)
- # XXX Hack to make mod_mpm_itk.so link against libcap until we
- # XXX move itk to a separate package
- echo "$(DEB_HOST_ARCH_OS): non weird arch: adding -lcap"
- perl -p -i -e 's/(-avoid-version)/$$1 -lcap/' server/mpm/itk/modules.mk
-endif
-
override_dh_install: clean-config-vars prepare-scripts
dh_install --list-missing
@@ -171,7 +154,6 @@ override_dh_builddeb:
override_dh_auto_clean:
dh_auto_clean
- if test -d server/mpm/itk ; then rm -r server/mpm/itk ; fi
override_dh_gencontrol:
dh_gencontrol -p libapache2-mod-proxy-html -- -v1:$(DEBIAN_VERSION)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list