--- /dev/null
+diff -urN httpd-2.0.47.org/configure.in httpd-2.0.47/configure.in
+--- httpd-2.0.47.org/configure.in 2003-09-13 14:18:35.000000000 +0200
++++ httpd-2.0.47/configure.in 2003-09-13 14:18:50.000000000 +0200
+@@ -76,8 +76,6 @@
+ AP_CLEAN_SRCLIB_DIRS="$AP_CLEAN_SRCLIB_DIRS apr"
+ fi
+
+-APR_SETIFNULL(CC, `$apr_config --cc`)
+-APR_SETIFNULL(CPP, `$apr_config --cpp`)
+ APR_ADDTO(CFLAGS, `$apr_config --cflags`)
+ APR_ADDTO(CPPFLAGS, `$apr_config --cppflags`)
+ APR_ADDTO(LDFLAGS, `$apr_config --ldflags`)
--- /dev/null
+--- httpd-2.2.3/support/apxs.in-orig 2006-11-01 00:59:27.000000000 +0100
++++ httpd-2.2.3/support/apxs.in 2006-11-01 00:59:54.000000000 +0100
+@@ -35,6 +35,7 @@
+ my $exec_prefix = get_vars("exec_prefix");
+ my $datadir = get_vars("datadir");
+ my $localstatedir = get_vars("localstatedir");
++my $libdir = get_vars("libdir");
+ my $CFG_TARGET = get_vars("progname");
+ my $CFG_SYSCONFDIR = get_vars("sysconfdir");
+ my $CFG_CFLAGS = join ' ', map { get_vars($_) }
+@@ -44,6 +45,7 @@
+ my $CFG_CC = get_vars("CC");
+ my $libexecdir = get_vars("libexecdir");
+ my $CFG_LIBEXECDIR = eval qq("$libexecdir");
++my $CFG_DESTDIR = '';
+ my $sbindir = get_vars("sbindir");
+ my $CFG_SBINDIR = eval qq("$sbindir");
+ my $ltflags = $ENV{'LTFLAGS'};
+@@ -171,7 +173,7 @@
+ my ($val) = $2;
+ my $oldval = eval "\$CFG_$var";
+
+- unless ($var and $oldval) {
++ unless ($var and defined $oldval) {
+ print STDERR "apxs:Error: no config variable $var\n";
+ &usage;
+ }
+@@ -199,11 +201,10 @@
+ ($httpd = $0) =~ s:support/apxs$::;
+ }
+
+-unless (-x "$httpd") {
+- error("$httpd not found or not executable");
+- exit 1;
++if (not -x "$httpd") {
++ print STDERR "Note: $httpd not found or not executable.\n";
+ }
+-
++else {
+ unless (grep /mod_so/, `. $envvars && $httpd -l`) {
+ error("Sorry, no shared object support for Apache");
+ error("available under your platform. Make sure");
+@@ -211,7 +212,7 @@
+ error("your server binary `$httpd'.");
+ exit 1;
+ }
+-
++}
+ sub get_config_vars{
+ my ($file, $rh_config) = @_;
+
+@@ -479,8 +480,8 @@
+ $t =~ s|\.[^./\\]+$|\.so|;
+ if ($opt_i) {
+ push(@cmds, "$installbuilddir/instdso.sh SH_LIBTOOL='" .
+- "$libtool' $f $CFG_LIBEXECDIR");
+- push(@cmds, "chmod 755 $CFG_LIBEXECDIR/$t");
++ "$libtool' $f $CFG_DESTDIR$CFG_LIBEXECDIR");
++ push(@cmds, "chmod 755 $CFG_DESTDIR$CFG_LIBEXECDIR/$t");
+ }
+
+ # determine module symbolname and filename
--- /dev/null
+--- httpd-2.2.4/server/core.c~ 2007-04-09 12:44:44.498312561 +0300
++++ httpd-2.2.4/server/core.c 2007-04-09 13:51:55.259792868 +0300
+@@ -2733,7 +2733,7 @@
+ AP_DECLARE(const char *) ap_get_server_description(void)
+ {
+ return server_description ? server_description :
+- AP_SERVER_BASEVERSION " (" PLATFORM ")";
++ AP_SERVER_BASEVERSION " (PLD/Linux)";
+ }
+
+ AP_DECLARE(const char *) ap_get_server_banner(void)
--- /dev/null
+--- httpd-2.2.14-v/server/mpm/worker/worker.c 2007-07-18 00:48:25.000000000 +1000
++++ httpd-2.2.14/server/mpm/worker/worker.c 2009-11-02 09:40:23.129750043 +1100
+@@ -32,6 +32,7 @@
+ #include "apr_poll.h"
+ #define APR_WANT_STRFUNC
+ #include "apr_want.h"
++#include "apr_atomic.h"
+
+ #if APR_HAVE_UNISTD_H
+ #include <unistd.h>
+@@ -226,10 +227,73 @@
+ */
+ #define WORKER_SIGNAL AP_SIG_GRACEFUL
+
++#ifdef HAVE_PTHREAD_KILL
++/* Variables for suspending the worker threads. */
++static volatile sig_atomic_t suspend_workers = 0;
++static apr_uint32_t suspended_workers;
++static apr_os_thread_t **worker_os_threads;
++#endif
++
+ /* An array of socket descriptors in use by each thread used to
+ * perform a non-graceful (forced) shutdown of the server. */
+ static apr_socket_t **worker_sockets;
+
++#ifdef HAVE_PTHREAD_KILL
++static void worker_signal_handler(int sig)
++{
++ /* wait here if we are being suspended, otherwise just exit */
++ if (suspend_workers) {
++ sigset_t sigset;
++
++ apr_atomic_inc32(&suspended_workers);
++
++ sigfillset(&sigset);
++ sigdelset(&sigset, WORKER_SIGNAL);
++ sigsuspend(&sigset);
++ }
++}
++
++static void close_worker_sockets(void)
++{
++ int i, csd;
++
++ suspend_workers = 1;
++ apr_atomic_set32(&suspended_workers, 0);
++
++ /* suspend worker threads */
++ for (i = 0; i < ap_threads_per_child; i++) {
++ if (worker_os_threads[i]) {
++ pthread_kill(*worker_os_threads[i], WORKER_SIGNAL);
++ }
++ }
++
++ /* wait for threads to suspend, but press ahead after a while anyway */
++ for (i = 0;
++ apr_atomic_read32(&suspended_workers) < ap_threads_per_child && i < 25;
++ i++) {
++ apr_sleep(apr_time_from_sec(1) / 5);
++ }
++
++ /* shut down all client sockets */
++ for (i = 0; i < ap_threads_per_child; i++) {
++ if (worker_sockets[i]) {
++ apr_os_sock_get(&csd, worker_sockets[i]);
++ if (csd != -1) {
++ shutdown(csd, SHUT_RDWR);
++ }
++ }
++ }
++
++ suspend_workers = 0;
++
++ /* resume worker threads */
++ for (i = 0; i < ap_threads_per_child; i++) {
++ if (worker_os_threads[i]) {
++ pthread_kill(*worker_os_threads[i], WORKER_SIGNAL);
++ }
++ }
++}
++#else
+ static void close_worker_sockets(void)
+ {
+ int i;
+@@ -240,6 +304,7 @@
+ }
+ }
+ }
++#endif
+
+ static void wakeup_listener(void)
+ {
+@@ -836,7 +901,7 @@
+
+ #ifdef HAVE_PTHREAD_KILL
+ unblock_signal(WORKER_SIGNAL);
+- apr_signal(WORKER_SIGNAL, dummy_signal_handler);
++ apr_signal(WORKER_SIGNAL, worker_signal_handler);
+ #endif
+
+ while (!workers_may_exit) {
+@@ -977,6 +1042,10 @@
+
+ worker_sockets = apr_pcalloc(pchild, ap_threads_per_child
+ * sizeof(apr_socket_t *));
++#ifdef HAVE_PTHREAD_KILL
++ worker_os_threads = apr_pcalloc(pchild, ap_threads_per_child
++ * sizeof(*worker_os_threads));
++#endif
+
+ loops = prev_threads_created = 0;
+ while (1) {
+@@ -1012,6 +1081,9 @@
+ /* let the parent decide how bad this really is */
+ clean_child_exit(APEXIT_CHILDSICK);
+ }
++#ifdef HAVE_PTHREAD_KILL
++ apr_os_thread_get(&worker_os_threads[i], threads[i]);
++#endif
+ threads_created++;
+ }
+ /* Start the listener only when there are workers available */
--- /dev/null
+
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/home/services/httpd/html"
+
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories).
+#
+# First, we configure the "default" to be a very restrictive set of
+# features.
+#
+<Directory />
+ Options FollowSymLinks
+ AllowOverride None
+ <IfModule mod_authz_host.c>
+ Order deny,allow
+ Deny from all
+ </IfModule>
+</Directory>
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+<Directory "/home/services/httpd/html">
+ #
+ # Possible values for the Options directive are "None", "All",
+ # or any combination of:
+ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+ #
+ # Note that "MultiViews" must be named *explicitly* --- "Options All"
+ # doesn't give it to you.
+ #
+ # The Options directive is both complicated and important. Please see
+ # http://httpd.apache.org/docs/2.2/mod/core.html#options
+ # for more information.
+ #
+ Options Indexes FollowSymLinks
+
+ #
+ # AllowOverride controls what directives may be placed in .htaccess files.
+ # It can be "All", "None", or any combination of the keywords:
+ # Options FileInfo AuthConfig Limit
+ #
+ AllowOverride None
+
+ #
+ # Controls who can get stuff from this server.
+ #
+ <IfModule mod_authz_host.c>
+ Order allow,deny
+ Allow from all
+ </IfModule>
+
+</Directory>
--- /dev/null
+diff -ur httpd-2.0.49-orig/configure.in httpd-2.0.49/configure.in
+--- httpd-2.0.49-orig/configure.in 2004-04-02 15:04:49.000000000 -0700
++++ httpd-2.0.49/configure.in 2004-04-02 15:07:26.319486516 -0700
+@@ -541,9 +541,9 @@
+ APR_EXPAND_VAR(ap_prefix, $prefix)
+ AC_DEFINE_UNQUOTED(HTTPD_ROOT, "${ap_prefix}",
+ [Root directory of the Apache install area])
+-AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${rel_sysconfdir}/${progname}.conf",
++AC_DEFINE_UNQUOTED(SERVER_CONFIG_FILE, "${exp_sysconfdir}/apache.conf",
+ [Location of the config file, relative to the Apache root directory])
+-AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${rel_sysconfdir}/mime.types",
++AC_DEFINE_UNQUOTED(AP_TYPES_CONFIG_FILE, "${exp_sysconfdir}/mime.types",
+ [Location of the MIME types config file, relative to the Apache root directory])
+ AC_DEFINE_UNQUOTED(APACHE_MPM_DIR, "$MPM_DIR",
+ [Location of the source for the current MPM])
--- /dev/null
+diff -ur httpd-2.2.0.org/server/config.c httpd-2.2.0/server/config.c
+--- httpd-2.2.0.org/server/config.c 2005-11-17 14:39:15.000000000 +0100
++++ httpd-2.2.0/server/config.c 2005-12-21 16:04:35.970963000 +0100
+@@ -1537,6 +1537,7 @@
+ apr_dir_t *dirp;
+ apr_finfo_t dirent;
+ int current;
++ size_t slen;
+ apr_array_header_t *candidates = NULL;
+ fnames *fnew;
+ char *path = apr_pstrdup(p, fname);
+@@ -1562,8 +1563,13 @@
+
+ candidates = apr_array_make(p, 1, sizeof(fnames));
+ while (apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp) == APR_SUCCESS) {
++ slen = strlen(dirent.name);
+ /* strip out '.' and '..' */
+- if (strcmp(dirent.name, ".")
++ if (strcmp(dirent.name, ".") && (dirent.name)[slen-1] != '~'
++ && (dirent.name)[0] != '.'
++ && (slen < 8 || strcmp((dirent.name + slen - 7), ".rpmnew"))
++ && (slen < 9 || ( strcmp((dirent.name + slen - 8), ".rpmorig")
++ && strcmp((dirent.name + slen - 8), ".rpmsave")))
+ && strcmp(dirent.name, "..")) {
+ fnew = (fnames *) apr_array_push(candidates);
+ fnew->fname = ap_make_full_path(p, path, dirent.name);
--- /dev/null
+# This is example config file for virtual host "example.net"
+
+# Redirect only vhost. Use permanent url for same resource.
+#<VirtualHost *:80>
+# ServerAlias example.net
+# RedirectPermanent / http://www.example.net
+#</VirtualHost>
+
+#<VirtualHost *:80>
+# ServerName www.example.net
+# ServerAdmin webmaster@example.net
+# DocumentRoot /home/services/httpd/vhosts/example.net
+# ErrorLog logs/example.net-error_log
+# TransferLog logs/example.net-access_log
+#</VirtualHost>
+
+#<Directory "/home/services/httpd/vhosts/example.net">
+# AllowOverride None
+# Options None
+# <IfModule mod_authz_host.c>
+# Order allow,deny
+# Allow from all
+# </IfModule>
+#</Directory>
--- /dev/null
+# $Id: apache-httpd.conf,v 1.58 2011/10/25 09:40:41 psz Exp $
+#
+# This is the main Apache HTTP server configuration file.
+# It contains the configuration directives that give the server its instructions.
+#
+# This config aims to be clean and readable.
+# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
+# In particular, see
+# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
+# for a discussion of each configuration directive.
+
+ServerRoot "/etc/httpd"
+DefaultType text/plain
+
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+User http
+Group http
+
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#Listen 192.168.1.1:80
+Listen 80
+
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed. This address appears on some server-generated pages, such
+# as error documents. e.g. admin@example.com
+#
+ServerAdmin root@example.com
+
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+ServerName localhost
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+ErrorLog logs/error_log
+
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+LogLevel warn
+
+Timeout 300
+KeepAlive On
+MaxKeepAliveRequests 100
+KeepAliveTimeout 5
+UseCanonicalName Off
+AccessFileName .htaccess
+ServerTokens Prod
+ServerSignature On
+HostnameLookups Off
+#AddDefaultCharset UTF-8
+
+TraceEnable Off
+
+# Include other modules and packages config.
+Include conf.d/*.conf
+
+# Include webapps config
+Include webapps.d/*.conf
+
+<IfModule alias_module>
+ # ScriptAlias: This controls which directories contain server scripts.
+ # ScriptAliases are essentially the same as Aliases, except that
+ # documents in the target directory are treated as applications and
+ # run by the server when requested rather than as documents sent to the
+ # client. The same rules about trailing "/" apply to ScriptAlias
+ # directives as to Alias.
+ #
+ ScriptAlias /cgi-bin/ "/home/services/httpd/cgi-bin/"
+
+ <Directory "/home/services/httpd/cgi-bin">
+ AllowOverride None
+ Options None
+ <IfModule mod_authz_host.c>
+ Order allow,deny
+ Allow from all
+ </IfModule>
+ </Directory>
+</IfModule>
+
+# VirtualHost: Allows the daemon to respond to requests for more than one
+# server address, if your server machine is configured to accept IP packets
+# for multiple addresses. This can be accomplished with the ifconfig
+# alias flag, or through kernel patches like VIF.
+
+# Any apache.conf conf directive may go into a VirtualHost command.
+# See also the BindAddress entry.
+
+# Setup default vhost (first one defined in config) and include vhosts configuration
+NameVirtualHost *:80
+<VirtualHost *:80>
+ ServerName localhost
+# ServerAdmin webmaster@host.example.com
+# DocumentRoot /www/docs/host.example.com
+# ErrorLog logs/host.example.com-error_log
+# TransferLog logs/host.example.com-access_log
+</VirtualHost>
+
+Include vhosts.d/*.conf
--- /dev/null
+#
+# Settings for hosting different languages.
+#
+# Required modules: mod_mime, mod_negotiation
+
+# DefaultLanguage and AddLanguage allows you to specify the language of
+# a document. You can then use content negotiation to give a browser a
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases
+# the two character 'Language' abbreviation is not identical to
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+#
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
+
+#
+# Commonly used filename extensions to character sets. You probably
+# want to avoid clashes with the language extensions, unless you
+# are good at carefully testing your setup after each change.
+# See http://www.iana.org/assignments/character-sets for the
+# official list of charset names and their respective RFCs.
+#
+AddCharset us-ascii.ascii .us-ascii
+AddCharset ISO-8859-1 .iso8859-1 .latin1
+AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
+AddCharset ISO-8859-3 .iso8859-3 .latin3
+AddCharset ISO-8859-4 .iso8859-4 .latin4
+AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
+AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
+AddCharset ISO-8859-7 .iso8859-7 .grk .greek
+AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
+AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
+AddCharset ISO-8859-10 .iso8859-10 .latin6
+AddCharset ISO-8859-13 .iso8859-13
+AddCharset ISO-8859-14 .iso8859-14 .latin8
+AddCharset ISO-8859-15 .iso8859-15 .latin9
+AddCharset ISO-8859-16 .iso8859-16 .latin10
+AddCharset ISO-2022-JP .iso2022-jp .jis
+AddCharset ISO-2022-KR .iso2022-kr .kis
+AddCharset ISO-2022-CN .iso2022-cn .cis
+AddCharset Big5.Big5 .big5 .b5
+AddCharset cn-Big5 .cn-big5
+# For russian, more than one charset is used (depends on client, mostly):
+AddCharset WINDOWS-1251 .cp-1251 .win-1251
+AddCharset CP866 .cp866
+AddCharset KOI8 .koi8
+AddCharset KOI8-E .koi8-e
+AddCharset KOI8-r .koi8-r .koi8-ru
+AddCharset KOI8-U .koi8-u
+AddCharset KOI8-ru .koi8-uk .ua
+AddCharset ISO-10646-UCS-2 .ucs2
+AddCharset ISO-10646-UCS-4 .ucs4
+AddCharset UTF-7 .utf7
+AddCharset UTF-8 .utf8
+AddCharset UTF-16 .utf16
+AddCharset UTF-16BE .utf16be
+AddCharset UTF-16LE .utf16le
+AddCharset UTF-32 .utf32
+AddCharset UTF-32BE .utf32be
+AddCharset UTF-32LE .utf32le
+AddCharset euc-cn .euc-cn
+AddCharset euc-gb .euc-gb
+AddCharset euc-jp .euc-jp
+AddCharset euc-kr .euc-kr
+#Not sure how euc-tw got in - IANA doesn't list it???
+AddCharset EUC-TW .euc-tw
+AddCharset gb2312 .gb2312 .gb
+AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
+AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
+AddCharset shift_jis .shift_jis .sjis
--- /dev/null
+diff -urN httpd-2.0.45.org/config.layout httpd-2.0.45/config.layout
+--- httpd-2.0.45.org/config.layout Thu Apr 3 09:27:42 2003
++++ httpd-2.0.45/config.layout Thu Apr 3 09:27:59 2003
+@@ -298,3 +298,28 @@
+ installbuilddir: ${prefix}/etc/apache2/build
+ errordir: ${datadir}/error
+ </Layout>
++
++# PLD layout
++<Layout PLD>
++ prefix: /usr
++ exec_prefix: ${prefix}
++ bindir: ${exec_prefix}/bin
++ sbindir: ${exec_prefix}/sbin
++ libdir: ${exec_prefix}/lib
++ libexecdir: ${libdir}/apache
++ mandir: /usr/share/man
++ infodir: /usr/share/info
++ sysconfdir: /etc/httpd
++ datadir: /home/services/httpd
++ iconsdir: ${datadir}/icons
++ htdocsdir: ${datadir}/html
++ manualdir: ${datadir}/manual
++ errordir: ${datadir}/error
++ cgidir: ${prefix}/lib/cgi-bin/apache
++ includedir: ${prefix}/include/apache
++ localstatedir: /var/lib/httpd
++ runtimedir: /var/run
++ logfiledir: /var/log/httpd
++ proxycachedir: /var/cache/httpd
++ installbuilddir: ${libexecdir}/build
++</Layout>
--- /dev/null
+#
+# Provide access to the documentation on your server as
+# http://yourserver.example.com/manual/
+# The documentation is always available at
+# http://httpd.apache.org/docs/2.2/
+#
+# Required modules: mod_alias, mod_setenvif, mod_negotiation
+#
+
+AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru))?(/.*)?$ "/home/services/httpd/manual$1"
+
+<Directory "/home/services/httpd/manual">
+ Options Indexes
+ AllowOverride None
+ Order allow,deny
+ Allow from all
+
+ <Files *.html>
+ SetHandler type-map
+ </Files>
+
+ SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru)/ prefer-language=$1
+ RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru)){2,}(/.*)?$ /manual/$1$2
+
+ LanguagePriority en de es fr ja ko pt-br ru
+ ForceLanguagePriority Prefer Fallback
+</Directory>
--- /dev/null
+# $Id: apache-mod_authz_host.conf,v 1.2 2005/12/21 13:20:11 glen Exp $
+LoadModule authz_host_module modules/mod_authz_host.so
+
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<IfModule authz_host_module>
+ <FilesMatch "^\.ht">
+ Order allow,deny
+ Deny from all
+ </FilesMatch>
+</IfModule>
--- /dev/null
+# $Id: apache-mod_autoindex.conf,v 1.10 2011/04/03 13:22:25 glen Exp $
+LoadModule autoindex_module modules/mod_autoindex.so
+
+#
+# Directives controlling the display of server-generated directory listings.
+#
+
+# Required modules: mod_autoindex, mod_alias
+#
+# To see the listing of a directory, the Options directive for the
+# directory must include "Indexes", and the directory must not contain
+# a file matching those listed in the DirectoryIndex directive.
+
+<IfModule mod_autoindex.c>
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing VersionSort Charset=UTF-8
+
+# We include the /icons/ alias for FancyIndexed directory listings. If
+# you do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "/home/services/httpd/icons/"
+
+<Directory "/home/services/httpd/icons">
+ Options Indexes MultiViews
+ AllowOverride None
+ <IfModule mod_authz_host.c>
+ Order allow,deny
+ Allow from all
+ </IfModule>
+</Directory>
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions. These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes. These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes.
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing. Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
+</IfModule>
--- /dev/null
+LoadModule cache_module modules/mod_cache.so
+
+#
+# Sample Cache Configuration
+#
+
+<IfModule mod_cache.c>
+ # If you want to use mod_disk_cache instead of mod_mem_cache,
+ # just swap the two loadmodule comments.
+# LoadModule disk_cache_module modules/mod_disk_cache.so
+ LoadModule mem_cache_module modules/mod_mem_cache.so
+
+ # prevent apache from cacheing cookies
+ CacheIgnoreHeaders Set-Cookie
+
+ <IfModule mod_disk_cache.c>
+ CacheRoot "/var/cache/httpd"
+ CacheEnable disk /
+ CacheDirLevels 5
+ CacheDirLength 3
+
+# CacheDefaultExpire 3600
+# CacheMinExpire 3600
+# CacheMinFileSize 64
+# CacheMaxFileSize 64000
+ </IfModule>
+
+ <IfModule mod_mem_cache.c>
+ CacheEnable mem /
+ MCacheSize 4096
+ MCacheMaxObjectCount 100
+ MCacheMinObjectSize 1
+ MCacheMaxObjectSize 2048
+ </IfModule>
+
+ # When acting as a proxy, don't cache the list of security updates
+# CacheDisable http://security.update.server/update-list/
+</IfModule>
--- /dev/null
+# $Id: apache-mod_cgid.conf,v 1.4 2005/12/21 13:31:35 glen Exp $
+LoadModule cgid_module modules/mod_cgid.so
+
+<IfModule cgid_module>
+ #
+ # ScriptSock: On threaded servers, designate the path to the UNIX
+ # socket used to communicate with the CGI daemon of mod_cgid.
+ #
+ Scriptsock /var/run/httpd/cgisock
+</IfModule>
--- /dev/null
+# $Id: apache-mod_dav.conf,v 1.10 2010/01/19 14:01:14 baggins Exp $
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule dav_lock_module modules/mod_dav_lock.so
+
+#
+# Distributed authoring and versioning (WebDAV)
+#
+# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias
+# mod_auth_digest, mod_authn_file
+#
+
+#<IfModule mod_dav.c>
+# DavLockDB /var/lock/mod_dav/dav
+# DavMinTimeout 600
+
+# The following example gives DAV write access to a directory called
+# "uploads" under the ServerRoot directory.
+#
+# The User/Group specified in httpd.conf needs to have write permissions
+# on the directory where the DavLockDB is placed and on any directory where
+# "Dav On" is specified.
+
+#Alias /uploads "/etc/httpd/httpd/uploads"
+#<Directory "/etc/httpd/httpd/uploads">
+# Dav On
+#
+# AuthType Digest
+# AuthName DAV-upload
+# # You can use the htdigest program to create the password database:
+# # htdigest -c "/etc/httpd/httpd/user.passwd" DAV-upload admin
+# AuthUserFile "/etc/httpd/httpd/user.passwd"
+#
+# # Allow universal read-access, but writes are restricted
+# # to the admin user.
+# <LimitExcept GET OPTIONS>
+# require user admin
+# </LimitExcept>
+#</Directory>
+
+#
+# The following directives disable redirects on non-GET requests for
+# a directory that does not include the trailing slash. This fixes a
+# problem with several clients that do not appropriately handle
+# redirects for folders with DAV methods.
+#
+#BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+#BrowserMatch "MS FrontPage" redirect-carefully
+#BrowserMatch "^WebDrive" redirect-carefully
+#BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
+#BrowserMatch "^gnome-vfs/1.0" redirect-carefully
+#BrowserMatch "^XML Spy" redirect-carefully
+#BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
+
+#</IfModule>
--- /dev/null
+# $Id: apache-mod_deflate.conf,v 1.12 2011/08/13 19:27:46 glen Exp $
+LoadModule deflate_module modules/mod_deflate.so
+
+# Safe but working settings - compress only that types:
+AddOutputFilterByType DEFLATE application/javascript application/x-javascript text/javascript
+AddOutputFilterByType DEFLATE application/x-httpd-php
+AddOutputFilterByType DEFLATE application/xhtml+xml
+AddOutputFilterByType DEFLATE image/svg+xml
+AddOutputFilterByType DEFLATE text/css
+AddOutputFilterByType DEFLATE text/html
+AddOutputFilterByType DEFLATE text/plain
+AddOutputFilterByType DEFLATE text/xml
+
+# Compress all and exclude only few things - may cause some problems:
+#SetOutputFilter DEFLATE
+
+<IfModule mod_setenvif.c>
+ # Netscape 4.x has some problems...
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+
+ # Netscape 4.06-4.08 have some more problems
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+
+ # MSIE masquerades as Netscape, but it is fine
+ BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+ SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary
+ SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar|iso)$ no-gzip dont-vary
+</IfModule>
+
+<IfModule mod_headers.c>
+ # Make sure proxies don't deliver the wrong content
+ Header append Vary Accept-Encoding env=!dont-vary
+</IfModule>
--- /dev/null
+# $Id: apache-mod_dir.conf,v 1.11 2006/02/12 15:38:52 blues Exp $
+LoadModule dir_module modules/mod_dir.so
+
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+
+<IfModule dir_module>
+ DirectoryIndex index.html index.html.var index.htm index.shtml index.cgi index.php index.phtml
+</IfModule>
--- /dev/null
+# $Id: apache-mod_info.conf,v 1.9 2005/12/21 13:27:28 glen Exp $
+LoadModule info_module modules/mod_info.so
+
+# Get information about the requests being processed by the server
+# and the configuration of the server.
+#
+# Required modules: mod_info (for the server-info handler), mod_authz_host (ACL)
+
+<IfModule mod_info.c>
+#
+# Allow remote server configuration reports, with the URL of
+# http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".example.com" to match your domain to enable.
+#
+<Location /server-info>
+ SetHandler server-info
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1
+</Location>
+
+</IfModule>
--- /dev/null
+# $Id: apache-mod_log_config.conf,v 1.3 2005/12/19 15:13:03 glen Exp $
+LoadModule log_config_module modules/mod_log_config.so
+
+<IfModule log_config_module>
+ #
+ # The following directives define some format nicknames for use with
+ # a CustomLog directive (see below).
+ #
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+ <IfModule logio_module>
+ # You need to enable mod_logio.c to use %I and %O
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+ </IfModule>
+
+ #
+ # The location and format of the access logfile (Common Logfile Format).
+ # If you do not define any access logfiles within a <VirtualHost>
+ # container, they will be logged here. Contrariwise, if you *do*
+ # define per-<VirtualHost> access logfiles, transactions will be
+ # logged therein and *not* in this file.
+ #
+ CustomLog logs/access_log common
+
+ #
+ # If you prefer a logfile with access, agent, and referer information
+ # (Combined Logfile Format) you can use the following directive.
+ #
+ #CustomLog logs/access_log combined
+</IfModule>
--- /dev/null
+# $Id: apache-mod_mime.conf,v 1.2 2005/12/21 13:27:28 glen Exp $
+LoadModule mime_module modules/mod_mime.so
+
+<IfModule mime_module>
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file specified in TypesConfig for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
+
+ # For files that include their own HTTP headers:
+ #AddHandler send-as-is asis
+
+ # For server-parsed imagemap files:
+ #AddHandler imap-file map
+
+ # For type maps (negotiated resources):
+ #AddHandler type-map var
+
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ #AddType text/html .shtml
+ #AddOutputFilter INCLUDES .shtml
+</IfModule>
--- /dev/null
+# $Id: apache-mod_mime_magic.conf,v 1.4 2006/07/26 21:18:51 blues Exp $
+LoadModule mime_magic_module modules/mod_mime_magic.so
+
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type. The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+
+<IfModule mime_magic_module>
+ MIMEMagicFile /etc/httpd/magic
+</IfModule>
--- /dev/null
+# $Id: apache-mod_proxy.conf,v 1.9 2005/12/21 13:27:28 glen Exp $
+LoadModule proxy_module modules/mod_proxy.so
+
+# FIXME: enable or disable these by default?
+# I'd enable if the config is secure. but i'm not sure
+#LoadModule proxy_connect_module modules/mod_proxy_connect.so
+#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+#LoadModule proxy_http_module modules/mod_proxy_http.so
+#LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
+#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+
+# Proxy Server directives. Uncomment the following lines to
+# enable the proxy server:
+#
+<IfModule proxy_module>
+ProxyRequests On
+#
+#
+# This prevents spammers from using apache as a relay by posting to
+# http://victim:25/ and sending raw data.
+#
+<Proxy *>
+ Order deny,allow
+ Deny from all
+# Allow from .your-domain.com
+</Proxy>
+
+#
+# Enable/disable the handling of HTTP/1.1 "Via:" headers.
+# ("Full" adds the server version; "Block" removes all outgoing Via: headers)
+# Set to one of: Off | On | Full | Block
+#
+ProxyVia On
+
+# To enable the cache as well, see mod_cache.conf
+
+</IfModule>
--- /dev/null
+# $Id: apache-mod_ssl.conf,v 1.20 2010/07/06 08:18:18 psz Exp $
+LoadModule ssl_module modules/mod_ssl.so
+
+# This is the Apache server configuration file providing SSL support.
+# It contains the configuration directives to instruct the server how to
+# serve pages over an https connection. For detailing information about these
+# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
+
+<IfModule mod_ssl.c>
+#
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the SSL library.
+# The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+#
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed startup file:/dev/urandom 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+
+#
+# When we also provide SSL we have to listen to the
+# standard HTTP port (see above) and to the HTTPS port
+#
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+#
+Listen 443
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+#SSLSessionCache dbm:/var/cache/httpd/ssl_scache
+#SSLSessionCache shmcb:/var/run/ssl_scache(512000)
+SSLSessionCache shmcb:/var/cache/httpd/ssl_scache(512000)
+SSLSessionCacheTimeout 300
+
+# Semaphore:
+# Configure the path to the mutual exclusion semaphore the
+# SSL engine uses internally for inter-process synchronization.
+SSLMutex file:/var/run/httpd/ssl_mutex
+
+##
+## SSL Virtual Host Context
+##
+
+NameVirtualHost *:443
+<VirtualHost *:443>
+# SSL Engine Switch:
+# Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+# Usable SSL protocol flavors:
+# This directive can be used to control the SSL protocol flavors mod_ssl
+# should use when establishing its server environment. Clients then can only
+# connect with one of the provided protocols.
+SSLProtocol all -SSLv2
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+SSLCipherSuite ALL:!ADH:!EXP:!LOW:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
+
+# Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate. If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase. Note that a kill -HUP will prompt again. Keep
+# in mind that if you have both an RSA and a DSA certificate you
+# can configure both in parallel (to also allow the use of DSA
+# ciphers, etc.)
+SSLCertificateFile /etc/httpd/ssl/server.crt
+#SSLCertificateFile /etc/httpd/ssl/server-dsa.crt
+
+# Server Private Key:
+# If the key is not combined with the certificate, use this
+# directive to point at the key file. Keep in mind that if
+# you've both a RSA and a DSA private key you can configure
+# both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/httpd/ssl/server.key
+#SSLCertificateKeyFile /etc/httpd/ssl/server-dsa.key
+
+# Server Certificate Chain:
+# Point SSLCertificateChainFile at a file containing the
+# concatenation of PEM encoded CA certificates which form the
+# certificate chain for the server certificate. Alternatively
+# the referenced file can be the same as SSLCertificateFile
+# when the CA certificates are directly appended to the server
+# certificate for convinience.
+#SSLCertificateChainFile /etc/httpd/ssl/ca.crt
+
+# Certificate Authority (CA):
+# Set the CA certificate verification path where to find CA
+# certificates for client authentication or alternatively one
+# huge file containing all of them (file must be PEM encoded)
+# Note: Inside SSLCACertificatePath you need hash symlinks
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
+#SSLCACertificatePath /etc/httpd/ssl
+#SSLCACertificateFile /etc/httpd/ssl/ca-bundle.crt
+
+# Certificate Revocation Lists (CRL):
+# Set the CA revocation path where to find CA CRLs for client
+# authentication or alternatively one huge file containing all
+# of them (file must be PEM encoded)
+# Note: Inside SSLCARevocationPath you need hash symlinks
+# to point to the certificate files. Use the provided
+# Makefile to update the hash symlinks after changes.
+#SSLCARevocationPath /etc/httpd/ssl
+#SSLCARevocationFile /etc/httpd/ssl/ca-bundle.crl
+
+# Client Authentication (Type):
+# Client certificate verification type and depth. Types are
+# none, optional, require and optional_no_ca. Depth is a
+# number which specifies how deeply to verify the certificate
+# issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth 10
+
+# Access Control:
+# With SSLRequire you can do per-directory access control based
+# on arbitrary complex boolean expressions containing server
+# variable checks and other lookup directives. The syntax is a
+# mixture between C and Perl. See the mod_ssl documentation
+# for more details.
+#<Location />
+#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+# SSL Engine Options:
+# Set various options for the SSL engine.
+# o FakeBasicAuth:
+# Translate the client X.509 into a Basic Authorisation. This means that
+# the standard Auth/DBMAuth methods can be used for access control. The
+# user name is the `one line' version of the client's X.509 certificate.
+# Note that no password is obtained from the user. Every entry in the user
+# file needs this password: `xxj31ZMTZzkVA'.
+# o ExportCertData:
+# This exports two additional environment variables: SSL_CLIENT_CERT and
+# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+# server (always existing) and the client (only existing when client
+# authentication is used). This can be used to import the certificates
+# into CGI scripts.
+# o StdEnvVars:
+# This exports the standard SSL/TLS related `SSL_*' environment variables.
+# Per default this exportation is switched off for performance reasons,
+# because the extraction step is an expensive operation and is usually
+# useless for serving static content. So one usually enables the
+# exportation for CGI and SSI requests only.
+# o StrictRequire:
+# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+# under a "Satisfy any" situation, i.e. when it applies access is denied
+# and no other module can change it.
+# o OptRenegotiate:
+# This enables optimized SSL connection renegotiation handling when SSL
+# directives are used in per-directory context.
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<FilesMatch "\.(cgi|shtml|phtml|php)$">
+ SSLOptions +StdEnvVars
+</FilesMatch>
+<Directory "/home/services/httpd/cgi-bin">
+ SSLOptions +StdEnvVars
+</Directory>
+
+# SSL Protocol Adjustments:
+# The safe and default but still SSL/TLS standard compliant shutdown
+# approach is that mod_ssl sends the close notify alert but doesn't wait for
+# the close notify alert from client. When you need a different shutdown
+# approach you can use one of the following variables:
+# o ssl-unclean-shutdown:
+# This forces an unclean shutdown when the connection is closed, i.e. no
+# SSL close notify alert is send or allowed to received. This violates
+# the SSL/TLS standard but is needed for some brain-dead browsers. Use
+# this when you receive I/O errors because of the standard approach where
+# mod_ssl sends the close notify alert.
+# o ssl-accurate-shutdown:
+# This forces an accurate shutdown when the connection is closed, i.e. a
+# SSL close notify alert is send and mod_ssl waits for the close notify
+# alert of the client. This is 100% SSL/TLS standard compliant, but in
+# practice often causes hanging connections with brain-dead browsers. Use
+# this only for browsers where you know that their SSL implementation
+# works correctly.
+# Notice: Most problems of broken clients are also related to the HTTP
+# keep-alive facility, so you usually additionally want to disable
+# keep-alive for those clients, too. Use variable "nokeepalive" for this.
+# Similarly, one has to force some clients to use HTTP/1.0 to workaround
+# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+# "force-response-1.0" for this.
+<IfModule mod_setenvif.c>
+ BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
+</IfModule>
+
+# Per-Server Logging:
+# The home of a custom SSL log file. Use this when you want a
+# compact non-error SSL logfile on a virtual host basis.
+#<IfModule mod_log_config.c>
+# CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+# # enable common log too, otherwise you be suprised of no access logs
+# CustomLog logs/access_log common
+#</IfModule>
+
+</VirtualHost>
+
+</IfModule>
--- /dev/null
+# $Id: apache-mod_status.conf,v 1.8 2005/12/21 13:27:28 glen Exp $
+LoadModule status_module modules/mod_status.so
+
+#
+# Get information about the requests being processed by the server
+# and the configuration of the server.
+#
+# Required modules: mod_status (for the server-status handler),
+
+<IfModule mod_status.c>
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Change the ".example.com" to match your domain to enable.
+
+<Location /server-status>
+ SetHandler server-status
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.1
+</Location>
+
+#
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called. The default is Off.
+#
+#ExtendedStatus On
+
+</IfModule>
--- /dev/null
+# $Id: apache-mod_suexec.conf,v 1.5 2005/12/21 13:27:28 glen Exp $
+LoadModule suexec_module modules/mod_suexec.so
--- /dev/null
+# $Id: apache-mod_userdir.conf,v 1.6 2008/11/16 14:12:47 gotar Exp $
+LoadModule userdir_module modules/mod_userdir.so
+
+# Settings for user home directories
+#
+# Required module: mod_userdir
+
+<IfModule mod_userdir.c>
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received. Note that you must also set
+# the default access control for these directories, as in the example below.
+#
+UserDir public_html
+
+#
+# Control access to UserDir directories. The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory /home/users/*/public_html>
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ <Limit GET POST OPTIONS>
+ Order allow,deny
+ Allow from all
+ </Limit>
+ <LimitExcept GET POST OPTIONS>
+ Order deny,allow
+ Deny from all
+ </LimitExcept>
+ #<IfModule mod_php.c>
+ # php_admin_value open_basedir "/home/users:/usr/share/pear:/usr/share/php:/tmp"
+ #</IfModule>
+</Directory>
+
+</IfModule>
--- /dev/null
+# $Id: apache-mod_vhost_alias.conf,v 1.7 2009/11/04 11:42:20 glen Exp $
+LoadModule vhost_alias_module modules/mod_vhost_alias.so
+
+<IfModule mod_vhost_alias.c>
+
+# http://www.example.com/directory/file.html will be satisfied by the file
+# /srv/www/vhosts/www.example.com/directory/file.html.
+#UseCanonicalName Off
+#VirtualDocumentRoot /srv/www/vhosts/%0
+
+# For IP-based virtual hosting you might use the following in your configuration file:
+#UseCanonicalName DNS
+#VirtualDocumentRootIP /srv/www/vhosts/%1/%2/%3/%4/docs
+#VirtualScriptAliasIP /srv/www/vhosts/%1/%2/%3/%4/cgi-bin
+</IfModule>
--- /dev/null
+--- old/modules/mappers/mod_vhost_alias.c 2006-07-24 13:07:15.000000000 +0100
++++ new/modules/mappers/mod_vhost_alias.c 2006-07-24 13:09:21.000000000 +0100
+@@ -33,6 +33,8 @@
+ * both written by James Grinter <jrg@blodwen.demon.co.uk>.
+ */
+
++#define CORE_PRIVATE
++
+ #include "apr.h"
+ #include "apr_strings.h"
+ #include "apr_hooks.h"
+@@ -67,6 +69,7 @@
+ const char *cgi_root;
+ mva_mode_e doc_root_mode;
+ mva_mode_e cgi_root_mode;
++ int set_doc_root;
+ } mva_sconf_t;
+
+ static void *mva_create_server_config(apr_pool_t *p, server_rec *s)
+@@ -78,6 +81,7 @@
+ conf->cgi_root = NULL;
+ conf->doc_root_mode = VHOST_ALIAS_UNSET;
+ conf->cgi_root_mode = VHOST_ALIAS_UNSET;
++ conf->set_doc_root = 0;
+ return conf;
+ }
+
+@@ -104,6 +108,8 @@
+ conf->cgi_root_mode = child->cgi_root_mode;
+ conf->cgi_root = child->cgi_root;
+ }
++
++ conf->set_doc_root = child->set_doc_root;
+ return conf;
+ }
+
+@@ -212,6 +218,18 @@
+ return NULL;
+ }
+
++
++static const char *vhost_set_docroot(cmd_parms *cmd, void *dummy,
++ const char *str)
++{
++ mva_sconf_t *conf;
++ conf = (mva_sconf_t *) ap_get_module_config(cmd->server->module_config,
++ &vhost_alias_module);
++ conf->set_doc_root = (strcasecmp(str, "yes") == 0 ||
++ strcasecmp(str, "on") == 0) ? 1 : 0;
++ return NULL;
++}
++
+ static const command_rec mva_commands[] =
+ {
+ AP_INIT_TAKE1("VirtualScriptAlias", vhost_alias_set,
+@@ -226,6 +244,9 @@
+ AP_INIT_TAKE1("VirtualDocumentRootIP", vhost_alias_set,
+ &vhost_alias_set_doc_root_ip, RSRC_CONF,
+ "how to create the DocumentRoot based on the host"),
++ AP_INIT_TAKE1("SetVirtualDocumentRoot", vhost_set_docroot,
++ NULL, RSRC_CONF,
++ "set DOCUMENT_ROOT to parsed document root"),
+ { NULL }
+ };
+
+@@ -250,8 +271,9 @@
+ }
+ }
+
+-static void vhost_alias_interpolate(request_rec *r, const char *name,
+- const char *map, const char *uri)
++static void vhost_alias_interpolate(request_rec *r, mva_sconf_t *conf,
++ const char *name, const char *map,
++ const char *uri)
+ {
+ /* 0..9 9..0 */
+ enum { MAXDOTS = 19 };
+@@ -378,6 +400,13 @@
+ else {
+ r->filename = apr_pstrcat(r->pool, buf, uri, NULL);
+ }
++
++ if (conf->set_doc_root) {
++ request_rec *top = (r->main)?r->main:r;
++ core_server_config *core = (core_server_config *) ap_get_module_config(r->server->module_config, &core_module);
++
++ core->ap_document_root = apr_pstrdup(top->pool, buf);
++ }
+ }
+
+ static int mva_translate(request_rec *r)
+@@ -426,7 +455,7 @@
+ * canonical_path buffer.
+ */
+ r->canonical_filename = "";
+- vhost_alias_interpolate(r, name, map, uri);
++ vhost_alias_interpolate(r, conf, name, map, uri);
+
+ if (cgi) {
+ /* see is_scriptaliased() in mod_cgi */
--- /dev/null
+http://mpm-itk.sesse.net/apache2.2-mpm-itk-20090414-00.patch
+
+unchanged:
+--- httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:38:54.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/Makefile.in 2009-03-17 21:39:03.000000000 +0100
+@@ -0,0 +1,5 @@
++
++LTLIBRARY_NAME = libitk.la
++LTLIBRARY_SOURCES = itk.c
++
++include $(top_srcdir)/build/ltlib.mk
+unchanged:
+--- httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:38:53.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/config.m4 2009-03-17 21:39:03.000000000 +0100
+@@ -0,0 +1,3 @@
++if test "$MPM_NAME" = "itk" ; then
++ APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile)
++fi
+diff -u httpd-2.2.11/server/mpm/experimental/itk/itk.c httpd-2.2.11/server/mpm/experimental/itk/itk.c
+--- httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:29:16.000000000 +0200
++++ httpd-2.2.11/server/mpm/experimental/itk/itk.c 2009-04-14 23:31:05.000000000 +0200
+@@ -0,0 +1,1740 @@
++/* Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ *
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ *
++ * Portions copyright 2008 Knut Auvor Grythe <knut@auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
++ */
++
++#include "apr.h"
++#include "apr_portable.h"
++#include "apr_strings.h"
++#include "apr_thread_proc.h"
++#include "apr_signal.h"
++
++# define _DBG(text,par...) \
++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
++ "(itkmpm: pid=%d uid=%d, gid=%d) %s(): " text, \
++ getpid(), getuid(), getgid(), __FUNCTION__, par)
++
++#define APR_WANT_STDIO
++#define APR_WANT_STRFUNC
++#include "apr_want.h"
++
++#if APR_HAVE_UNISTD_H
++#include <unistd.h>
++#endif
++#if APR_HAVE_SYS_TYPES_H
++#include <sys/types.h>
++#endif
++
++#define CORE_PRIVATE
++
++#include "ap_config.h"
++#include "httpd.h"
++#include "mpm_default.h"
++#include "http_main.h"
++#include "http_log.h"
++#include "http_config.h"
++#include "http_core.h" /* for get_remote_host */
++#include "http_connection.h"
++#include "http_request.h" /* for ap_hook_post_perdir_config */
++#include "scoreboard.h"
++#include "ap_mpm.h"
++#include "unixd.h"
++#include "mpm_common.h"
++#include "ap_listen.h"
++#include "ap_mmn.h"
++#include "apr_poll.h"
++
++#ifdef HAVE_BSTRING_H
++#include <bstring.h> /* for IRIX, FD_SET calls bzero() */
++#endif
++#ifdef HAVE_TIME_H
++#include <time.h>
++#endif
++#ifdef HAVE_SYS_PROCESSOR_H
++#include <sys/processor.h> /* for bindprocessor() */
++#endif
++
++#if HAVE_LIBCAP
++#include <sys/capability.h>
++#endif
++
++#include <signal.h>
++#include <sys/times.h>
++
++/* Limit on the total --- clients will be locked out if more servers than
++ * this are needed. It is intended solely to keep the server from crashing
++ * when things get out of hand.
++ *
++ * We keep a hard maximum number of servers, for two reasons --- first off,
++ * in case something goes seriously wrong, we want to stop the fork bomb
++ * short of actually crashing the machine we're running on by filling some
++ * kernel table. Secondly, it keeps the size of the scoreboard file small
++ * enough that we can read the whole thing without worrying too much about
++ * the overhead.
++ */
++#ifndef DEFAULT_SERVER_LIMIT
++#define DEFAULT_SERVER_LIMIT 256
++#endif
++
++/* Admin can't tune ServerLimit beyond MAX_SERVER_LIMIT. We want
++ * some sort of compile-time limit to help catch typos.
++ */
++#ifndef MAX_SERVER_LIMIT
++#define MAX_SERVER_LIMIT 200000
++#endif
++
++#ifndef HARD_THREAD_LIMIT
++#define HARD_THREAD_LIMIT 1
++#endif
++
++/* config globals */
++
++int ap_threads_per_child=0; /* Worker threads per child */
++static apr_proc_mutex_t *accept_mutex;
++static int ap_daemons_to_start=0;
++static int ap_daemons_min_free=0;
++static int ap_daemons_max_free=0;
++static int ap_daemons_limit=0; /* MaxClients */
++static int server_limit = DEFAULT_SERVER_LIMIT;
++static int first_server_limit = 0;
++static int changed_limit_at_restart;
++static int mpm_state = AP_MPMQ_STARTING;
++static ap_pod_t *pod;
++
++/*
++ * The max child slot ever assigned, preserved across restarts. Necessary
++ * to deal with MaxClients changes across AP_SIG_GRACEFUL restarts. We
++ * use this value to optimize routines that have to scan the entire scoreboard.
++ */
++int ap_max_daemons_limit = -1;
++server_rec *ap_server_conf;
++
++/* one_process --- debugging mode variable; can be set from the command line
++ * with the -X flag. If set, this gets you the child_main loop running
++ * in the process which originally started up (no detach, no make_child),
++ * which is a pretty nice debugging environment. (You'll get a SIGHUP
++ * early in standalone_main; just continue through. This is the server
++ * trying to kill off any child processes which it might have lying
++ * around --- Apache doesn't keep track of their pids, it just sends
++ * SIGHUP to the process group, ignoring it in the root process.
++ * Continue through and you'll be fine.).
++ */
++
++static int one_process = 0;
++
++static apr_pool_t *pconf; /* Pool for config stuff */
++static apr_pool_t *pchild; /* Pool for httpd child stuff */
++
++static pid_t ap_my_pid; /* it seems silly to call getpid all the time */
++static pid_t parent_pid;
++#ifndef MULTITHREAD
++static int my_child_num;
++#endif
++ap_generation_t volatile ap_my_generation=0;
++
++#ifdef TPF
++int tpf_child = 0;
++char tpf_server_name[INETD_SERVNAME_LENGTH+1];
++#endif /* TPF */
++
++static volatile int die_now = 0;
++
++#define UNSET_NICE_VALUE 100
++
++typedef struct
++{
++ uid_t uid;
++ gid_t gid;
++ char *username;
++ int nice_value;
++} itk_per_dir_conf;
++
++typedef struct
++{
++ int max_clients_vhost;
++} itk_server_conf;
++
++module AP_MODULE_DECLARE_DATA mpm_itk_module;
++
++#ifdef GPROF
++/*
++ * change directory for gprof to plop the gmon.out file
++ * configure in httpd.conf:
++ * GprofDir $RuntimeDir/ -> $ServerRoot/$RuntimeDir/gmon.out
++ * GprofDir $RuntimeDir/% -> $ServerRoot/$RuntimeDir/gprof.$pid/gmon.out
++ */
++static void chdir_for_gprof(void)
++{
++ core_server_config *sconf =
++ ap_get_module_config(ap_server_conf->module_config, &core_module);
++ char *dir = sconf->gprof_dir;
++ const char *use_dir;
++
++ if(dir) {
++ apr_status_t res;
++ char *buf = NULL ;
++ int len = strlen(sconf->gprof_dir) - 1;
++ if(*(dir + len) == '%') {
++ dir[len] = '\0';
++ buf = ap_append_pid(pconf, dir, "gprof.");
++ }
++ use_dir = ap_server_root_relative(pconf, buf ? buf : dir);
++ res = apr_dir_make(use_dir,
++ APR_UREAD | APR_UWRITE | APR_UEXECUTE |
++ APR_GREAD | APR_GEXECUTE |
++ APR_WREAD | APR_WEXECUTE, pconf);
++ if(res != APR_SUCCESS && !APR_STATUS_IS_EEXIST(res)) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, res, ap_server_conf,
++ "gprof: error creating directory %s", dir);
++ }
++ }
++ else {
++ use_dir = ap_server_root_relative(pconf, DEFAULT_REL_RUNTIMEDIR);
++ }
++
++ chdir(use_dir);
++}
++#else
++#define chdir_for_gprof()
++#endif
++
++/* XXX - I don't know if TPF will ever use this module or not, so leave
++ * the ap_check_signals calls in but disable them - manoj */
++#define ap_check_signals()
++
++/* a clean exit from a child with proper cleanup */
++static void clean_child_exit(int code) __attribute__ ((noreturn));
++static void clean_child_exit(int code)
++{
++ mpm_state = AP_MPMQ_STOPPING;
++
++ if (pchild) {
++ apr_pool_destroy(pchild);
++ }
++ ap_mpm_pod_close(pod);
++ chdir_for_gprof();
++ exit(code);
++}
++
++static void accept_mutex_on(void)
++{
++ apr_status_t rv = apr_proc_mutex_lock(accept_mutex);
++ if (rv != APR_SUCCESS) {
++ const char *msg = "couldn't grab the accept mutex";
++
++ if (ap_my_generation !=
++ ap_scoreboard_image->global->running_generation) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg);
++ clean_child_exit(0);
++ }
++ else {
++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg);
++ exit(APEXIT_CHILDFATAL);
++ }
++ }
++}
++
++static void accept_mutex_off(void)
++{
++ apr_status_t rv = apr_proc_mutex_unlock(accept_mutex);
++ if (rv != APR_SUCCESS) {
++ const char *msg = "couldn't release the accept mutex";
++
++ if (ap_my_generation !=
++ ap_scoreboard_image->global->running_generation) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, NULL, "%s", msg);
++ /* don't exit here... we have a connection to
++ * process, after which point we'll see that the
++ * generation changed and we'll exit cleanly
++ */
++ }
++ else {
++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, NULL, "%s", msg);
++ exit(APEXIT_CHILDFATAL);
++ }
++ }
++}
++
++/* On some architectures it's safe to do unserialized accept()s in the single
++ * Listen case. But it's never safe to do it in the case where there's
++ * multiple Listen statements. Define SINGLE_LISTEN_UNSERIALIZED_ACCEPT
++ * when it's safe in the single Listen case.
++ */
++#ifdef SINGLE_LISTEN_UNSERIALIZED_ACCEPT
++#define SAFE_ACCEPT(stmt) do {if (ap_listeners->next) {stmt;}} while(0)
++#else
++#define SAFE_ACCEPT(stmt) do {stmt;} while(0)
++#endif
++
++AP_DECLARE(apr_status_t) ap_mpm_query(int query_code, int *result)
++{
++ switch(query_code){
++ case AP_MPMQ_MAX_DAEMON_USED:
++ *result = ap_daemons_limit;
++ return APR_SUCCESS;
++ case AP_MPMQ_IS_THREADED:
++ *result = AP_MPMQ_NOT_SUPPORTED;
++ return APR_SUCCESS;
++ case AP_MPMQ_IS_FORKED:
++ *result = AP_MPMQ_DYNAMIC;
++ return APR_SUCCESS;
++ case AP_MPMQ_HARD_LIMIT_DAEMONS:
++ *result = server_limit;
++ return APR_SUCCESS;
++ case AP_MPMQ_HARD_LIMIT_THREADS:
++ *result = HARD_THREAD_LIMIT;
++ return APR_SUCCESS;
++ case AP_MPMQ_MAX_THREADS:
++ *result = 0;
++ return APR_SUCCESS;
++ case AP_MPMQ_MIN_SPARE_DAEMONS:
++ *result = ap_daemons_min_free;
++ return APR_SUCCESS;
++ case AP_MPMQ_MIN_SPARE_THREADS:
++ *result = 0;
++ return APR_SUCCESS;
++ case AP_MPMQ_MAX_SPARE_DAEMONS:
++ *result = ap_daemons_max_free;
++ return APR_SUCCESS;
++ case AP_MPMQ_MAX_SPARE_THREADS:
++ *result = 0;
++ return APR_SUCCESS;
++ case AP_MPMQ_MAX_REQUESTS_DAEMON:
++ *result = ap_max_requests_per_child;
++ return APR_SUCCESS;
++ case AP_MPMQ_MAX_DAEMONS:
++ *result = server_limit;
++ return APR_SUCCESS;
++ case AP_MPMQ_MPM_STATE:
++ *result = mpm_state;
++ return APR_SUCCESS;
++ }
++ return APR_ENOTIMPL;
++}
++
++#if defined(NEED_WAITPID)
++/*
++ Systems without a real waitpid sometimes lose a child's exit while waiting
++ for another. Search through the scoreboard for missing children.
++ */
++int reap_children(int *exitcode, apr_exit_why_e *status)
++{
++ int n, pid;
++
++ for (n = 0; n < ap_max_daemons_limit; ++n) {
++ if (ap_scoreboard_image->servers[n][0].status != SERVER_DEAD &&
++ kill((pid = ap_scoreboard_image->parent[n].pid), 0) == -1) {
++ ap_update_child_status_from_indexes(n, 0, SERVER_DEAD, NULL);
++ /* just mark it as having a successful exit status */
++ *status = APR_PROC_EXIT;
++ *exitcode = 0;
++ return(pid);
++ }
++ }
++ return 0;
++}
++#endif
++
++/*****************************************************************
++ * Connection structures and accounting...
++ */
++
++static void just_die(int sig)
++{
++ clean_child_exit(0);
++}
++
++static void stop_listening(int sig)
++{
++ ap_close_listeners();
++
++ /* For a graceful stop, we want the child to exit when done */
++ die_now = 1;
++}
++
++/* volatile just in case */
++static int volatile shutdown_pending;
++static int volatile restart_pending;
++static int volatile is_graceful;
++
++static void sig_term(int sig)
++{
++ if (shutdown_pending == 1) {
++ /* Um, is this _probably_ not an error, if the user has
++ * tried to do a shutdown twice quickly, so we won't
++ * worry about reporting it.
++ */
++ return;
++ }
++ shutdown_pending = 1;
++ is_graceful = (sig == AP_SIG_GRACEFUL_STOP);
++}
++
++/* restart() is the signal handler for SIGHUP and AP_SIG_GRACEFUL
++ * in the parent process, unless running in ONE_PROCESS mode
++ */
++static void restart(int sig)
++{
++ if (restart_pending == 1) {
++ /* Probably not an error - don't bother reporting it */
++ return;
++ }
++ restart_pending = 1;
++ is_graceful = (sig == AP_SIG_GRACEFUL);
++}
++
++static void set_signals(void)
++{
++#ifndef NO_USE_SIGACTION
++ struct sigaction sa;
++#endif
++
++ if (!one_process) {
++ ap_fatal_signal_setup(ap_server_conf, pconf);
++ }
++
++#ifndef NO_USE_SIGACTION
++ sigemptyset(&sa.sa_mask);
++ sa.sa_flags = 0;
++
++ sa.sa_handler = sig_term;
++ if (sigaction(SIGTERM, &sa, NULL) < 0)
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGTERM)");
++#ifdef AP_SIG_GRACEFUL_STOP
++ if (sigaction(AP_SIG_GRACEFUL_STOP, &sa, NULL) < 0)
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf,
++ "sigaction(" AP_SIG_GRACEFUL_STOP_STRING ")");
++#endif
++#ifdef SIGINT
++ if (sigaction(SIGINT, &sa, NULL) < 0)
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGINT)");
++#endif
++#ifdef SIGXCPU
++ sa.sa_handler = SIG_DFL;
++ if (sigaction(SIGXCPU, &sa, NULL) < 0)
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)");
++#endif
++#ifdef SIGXFSZ
++ sa.sa_handler = SIG_DFL;
++ if (sigaction(SIGXFSZ, &sa, NULL) < 0)
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)");
++#endif
++#ifdef SIGPIPE
++ sa.sa_handler = SIG_IGN;
++ if (sigaction(SIGPIPE, &sa, NULL) < 0)
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGPIPE)");
++#endif
++
++ /* we want to ignore HUPs and AP_SIG_GRACEFUL while we're busy
++ * processing one
++ */
++ sigaddset(&sa.sa_mask, SIGHUP);
++ sigaddset(&sa.sa_mask, AP_SIG_GRACEFUL);
++ sa.sa_handler = restart;
++ if (sigaction(SIGHUP, &sa, NULL) < 0)
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGHUP)");
++ if (sigaction(AP_SIG_GRACEFUL, &sa, NULL) < 0)
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(" AP_SIG_GRACEFUL_STRING ")");
++#else
++ if (!one_process) {
++#ifdef SIGXCPU
++ apr_signal(SIGXCPU, SIG_DFL);
++#endif /* SIGXCPU */
++#ifdef SIGXFSZ
++ apr_signal(SIGXFSZ, SIG_DFL);
++#endif /* SIGXFSZ */
++ }
++
++ apr_signal(SIGTERM, sig_term);
++#ifdef SIGHUP
++ apr_signal(SIGHUP, restart);
++#endif /* SIGHUP */
++#ifdef AP_SIG_GRACEFUL
++ apr_signal(AP_SIG_GRACEFUL, restart);
++#endif /* AP_SIG_GRACEFUL */
++#ifdef AP_SIG_GRACEFUL_STOP
++ apr_signal(AP_SIG_GRACEFUL_STOP, sig_term);
++#endif /* AP_SIG_GRACEFUL */
++#ifdef SIGPIPE
++ apr_signal(SIGPIPE, SIG_IGN);
++#endif /* SIGPIPE */
++
++#endif
++}
++
++/*****************************************************************
++ * Child process main loop.
++ * The following vars are static to avoid getting clobbered by longjmp();
++ * they are really private to child_main.
++ */
++
++static int requests_this_child;
++static int num_listensocks = 0;
++
++
++int ap_graceful_stop_signalled(void)
++{
++ /* not ever called anymore... */
++ return 0;
++}
++
++
++static void child_main(int child_num_arg)
++{
++ apr_pool_t *ptrans;
++ apr_allocator_t *allocator;
++ apr_status_t status;
++ int i;
++ ap_listen_rec *lr;
++ apr_pollset_t *pollset;
++ ap_sb_handle_t *sbh;
++ apr_bucket_alloc_t *bucket_alloc;
++ int last_poll_idx = 0;
++
++#if HAVE_LIBCAP
++ cap_t caps;
++ cap_value_t suidcaps[] = {
++ CAP_SETUID,
++ CAP_SETGID,
++ CAP_DAC_READ_SEARCH,
++ CAP_SYS_NICE,
++ };
++#endif
++
++ mpm_state = AP_MPMQ_STARTING; /* for benefit of any hooks that run as this
++ * child initializes
++ */
++
++ my_child_num = child_num_arg;
++ ap_my_pid = getpid();
++ requests_this_child = 0;
++
++ ap_fatal_signal_child_setup(ap_server_conf);
++
++ /* Get a sub context for global allocations in this child, so that
++ * we can have cleanups occur when the child exits.
++ */
++ apr_allocator_create(&allocator);
++ apr_allocator_max_free_set(allocator, ap_max_mem_free);
++ apr_pool_create_ex(&pchild, pconf, NULL, allocator);
++ apr_allocator_owner_set(allocator, pchild);
++
++ apr_pool_create(&ptrans, pchild);
++ apr_pool_tag(ptrans, "transaction");
++
++ /* needs to be done before we switch UIDs so we have permissions */
++ ap_reopen_scoreboard(pchild, NULL, 0);
++ status = apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild);
++ if (status != APR_SUCCESS) {
++ ap_log_error(APLOG_MARK, APLOG_EMERG, status, ap_server_conf,
++ "Couldn't initialize cross-process lock in child "
++ "(%s) (%d)", ap_lock_fname, ap_accept_lock_mech);
++ clean_child_exit(APEXIT_CHILDFATAL);
++ }
++
++ ap_run_child_init(pchild, ap_server_conf);
++
++ ap_create_sb_handle(&sbh, pchild, my_child_num, 0);
++
++ (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL);
++
++ /* Set up the pollfd array */
++ /* ### check the status */
++ (void) apr_pollset_create(&pollset, num_listensocks, pchild, 0);
++
++ for (lr = ap_listeners, i = num_listensocks; i--; lr = lr->next) {
++ apr_pollfd_t pfd = { 0 };
++
++ pfd.desc_type = APR_POLL_SOCKET;
++ pfd.desc.s = lr->sd;
++ pfd.reqevents = APR_POLLIN;
++ pfd.client_data = lr;
++
++ /* ### check the status */
++ (void) apr_pollset_add(pollset, &pfd);
++ }
++
++#if HAVE_LIBCAP
++ /* Drop as many privileges as we can. We'll still
++ * access files with uid=0, and we can setuid() to anything, but
++ * at least there's tons of other evilness (like loading kernel
++ * modules) we can't do directly. (The setuid() capability will
++ * go away automatically when we setuid() or exec() -- the former
++ * is likely to come first.)
++ */
++ caps = cap_init();
++ cap_clear(caps);
++ cap_set_flag(caps, CAP_PERMITTED, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET);
++ cap_set_flag(caps, CAP_EFFECTIVE, sizeof(suidcaps)/sizeof(cap_value_t), suidcaps, CAP_SET);
++ cap_set_proc(caps);
++ cap_free(caps);
++#endif
++
++ mpm_state = AP_MPMQ_RUNNING;
++
++ bucket_alloc = apr_bucket_alloc_create(pchild);
++
++ /* die_now is set when AP_SIG_GRACEFUL is received in the child;
++ * shutdown_pending is set when SIGTERM is received when running
++ * in single process mode. */
++ while (!die_now && !shutdown_pending) {
++ conn_rec *current_conn;
++ void *csd;
++
++ /*
++ * (Re)initialize this child to a pre-connection state.
++ */
++
++ apr_pool_clear(ptrans);
++
++ if ((ap_max_requests_per_child > 0
++ && requests_this_child++ >= ap_max_requests_per_child)) {
++ clean_child_exit(0);
++ }
++
++ (void) ap_update_child_status(sbh, SERVER_READY, (request_rec *) NULL);
++
++ /*
++ * Wait for an acceptable connection to arrive.
++ */
++
++ /* Lock around "accept", if necessary */
++ SAFE_ACCEPT(accept_mutex_on());
++
++ if (num_listensocks == 1) {
++ /* There is only one listener record, so refer to that one. */
++ lr = ap_listeners;
++ }
++ else {
++ /* multiple listening sockets - need to poll */
++ for (;;) {
++ apr_int32_t numdesc;
++ const apr_pollfd_t *pdesc;
++
++ /* timeout == -1 == wait forever */
++ status = apr_pollset_poll(pollset, -1, &numdesc, &pdesc);
++ if (status != APR_SUCCESS) {
++ if (APR_STATUS_IS_EINTR(status)) {
++ if (one_process && shutdown_pending) {
++ return;
++ }
++ else if (die_now) {
++ /* In graceful stop/restart; drop the mutex
++ * and terminate the child. */
++ SAFE_ACCEPT(accept_mutex_off());
++ clean_child_exit(0);
++ }
++ continue;
++ }
++ /* Single Unix documents select as returning errnos
++ * EBADF, EINTR, and EINVAL... and in none of those
++ * cases does it make sense to continue. In fact
++ * on Linux 2.0.x we seem to end up with EFAULT
++ * occasionally, and we'd loop forever due to it.
++ */
++ ap_log_error(APLOG_MARK, APLOG_ERR, status,
++ ap_server_conf, "apr_pollset_poll: (listen)");
++ SAFE_ACCEPT(accept_mutex_off());
++ clean_child_exit(1);
++ }
++
++ /* We can always use pdesc[0], but sockets at position N
++ * could end up completely starved of attention in a very
++ * busy server. Therefore, we round-robin across the
++ * returned set of descriptors. While it is possible that
++ * the returned set of descriptors might flip around and
++ * continue to starve some sockets, we happen to know the
++ * internal pollset implementation retains ordering
++ * stability of the sockets. Thus, the round-robin should
++ * ensure that a socket will eventually be serviced.
++ */
++ if (last_poll_idx >= numdesc)
++ last_poll_idx = 0;
++
++ /* Grab a listener record from the client_data of the poll
++ * descriptor, and advance our saved index to round-robin
++ * the next fetch.
++ *
++ * ### hmm... this descriptor might have POLLERR rather
++ * ### than POLLIN
++ */
++ lr = pdesc[last_poll_idx++].client_data;
++ goto got_fd;
++ }
++ }
++ got_fd:
++ /* if we accept() something we don't want to die, so we have to
++ * defer the exit
++ */
++ status = lr->accept_func(&csd, lr, ptrans);
++
++ SAFE_ACCEPT(accept_mutex_off()); /* unlock after "accept" */
++
++ if (status == APR_EGENERAL) {
++ /* resource shortage or should-not-occur occured */
++ clean_child_exit(1);
++ }
++ else if (status != APR_SUCCESS) {
++ continue;
++ }
++
++ /*
++ * We now have a connection, so set it up with the appropriate
++ * socket options, file descriptors, and read/write buffers.
++ */
++
++ {
++ pid_t pid = fork(), child_pid;
++ int status;
++ switch (pid) {
++ case -1:
++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "fork: Unable to fork new process");
++ break;
++ case 0: /* child */
++ apr_proc_mutex_child_init(&accept_mutex, ap_lock_fname, pchild);
++ current_conn = ap_run_create_connection(ptrans, ap_server_conf, csd, my_child_num, sbh, bucket_alloc);
++ if (current_conn) {
++ ap_process_connection(current_conn, csd);
++ ap_lingering_close(current_conn);
++ }
++ exit(0);
++ default: /* parent; just wait for child to be done */
++ do {
++ child_pid = waitpid(pid, &status, 0);
++ } while (child_pid == -1 && errno == EINTR);
++
++ if (child_pid != pid || !WIFEXITED(status)) {
++ if (WIFSIGNALED(status)) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child died with signal %u", WTERMSIG(status));
++ } else if (WEXITSTATUS(status) != 0) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, "child exited with non-zero exit status %u", WEXITSTATUS(status));
++ } else {
++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, NULL, "waitpid() failed");
++ }
++ clean_child_exit(1);
++ }
++ break;
++ }
++ }
++
++ /* Check the pod and the generation number after processing a
++ * connection so that we'll go away if a graceful restart occurred
++ * while we were processing the connection or we are the lucky
++ * idle server process that gets to die.
++ */
++ if (ap_mpm_pod_check(pod) == APR_SUCCESS) { /* selected as idle? */
++ die_now = 1;
++ }
++ else if (ap_my_generation !=
++ ap_scoreboard_image->global->running_generation) { /* restart? */
++ /* yeah, this could be non-graceful restart, in which case the
++ * parent will kill us soon enough, but why bother checking?
++ */
++ die_now = 1;
++ }
++
++ /* if we have already setuid(), die (we can't be used anyhow) */
++ if (getuid())
++ die_now = 1;
++ }
++ clean_child_exit(0);
++}
++
++
++static int make_child(server_rec *s, int slot)
++{
++ int pid;
++
++ if (slot + 1 > ap_max_daemons_limit) {
++ ap_max_daemons_limit = slot + 1;
++ }
++
++ if (one_process) {
++ apr_signal(SIGHUP, sig_term);
++ /* Don't catch AP_SIG_GRACEFUL in ONE_PROCESS mode :) */
++ apr_signal(SIGINT, sig_term);
++#ifdef SIGQUIT
++ apr_signal(SIGQUIT, SIG_DFL);
++#endif
++ apr_signal(SIGTERM, sig_term);
++ child_main(slot);
++ return 0;
++ }
++
++ (void) ap_update_child_status_from_indexes(slot, 0, SERVER_STARTING,
++ (request_rec *) NULL);
++
++
++#ifdef _OSD_POSIX
++ /* BS2000 requires a "special" version of fork() before a setuid() call */
++ if ((pid = os_fork(unixd_config.user_name)) == -1) {
++#elif defined(TPF)
++ if ((pid = os_fork(s, slot)) == -1) {
++#else
++ if ((pid = fork()) == -1) {
++#endif
++ ap_log_error(APLOG_MARK, APLOG_ERR, errno, s, "fork: Unable to fork new process");
++
++ /* fork didn't succeed. Fix the scoreboard or else
++ * it will say SERVER_STARTING forever and ever
++ */
++ (void) ap_update_child_status_from_indexes(slot, 0, SERVER_DEAD,
++ (request_rec *) NULL);
++
++ /* In case system resources are maxxed out, we don't want
++ * Apache running away with the CPU trying to fork over and
++ * over and over again.
++ */
++ sleep(10);
++
++ return -1;
++ }
++
++ if (!pid) {
++#ifdef HAVE_BINDPROCESSOR
++ /* by default AIX binds to a single processor
++ * this bit unbinds children which will then bind to another cpu
++ */
++ int status = bindprocessor(BINDPROCESS, (int)getpid(),
++ PROCESSOR_CLASS_ANY);
++ if (status != OK) {
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno,
++ ap_server_conf, "processor unbind failed %d", status);
++ }
++#endif
++ RAISE_SIGSTOP(MAKE_CHILD);
++ AP_MONCONTROL(1);
++ /* Disable the parent's signal handlers and set up proper handling in
++ * the child.
++ */
++ apr_signal(SIGHUP, just_die);
++ apr_signal(SIGTERM, just_die);
++ /* The child process just closes listeners on AP_SIG_GRACEFUL.
++ * The pod is used for signalling the graceful restart.
++ */
++ apr_signal(AP_SIG_GRACEFUL, stop_listening);
++ child_main(slot);
++ }
++
++ ap_scoreboard_image->parent[slot].pid = pid;
++
++ return 0;
++}
++
++
++/* start up a bunch of children */
++static void startup_children(int number_to_start)
++{
++ int i;
++
++ for (i = 0; number_to_start && i < ap_daemons_limit; ++i) {
++ if (ap_scoreboard_image->servers[i][0].status != SERVER_DEAD) {
++ continue;
++ }
++ if (make_child(ap_server_conf, i) < 0) {
++ break;
++ }
++ --number_to_start;
++ }
++}
++
++
++/*
++ * idle_spawn_rate is the number of children that will be spawned on the
++ * next maintenance cycle if there aren't enough idle servers. It is
++ * doubled up to MAX_SPAWN_RATE, and reset only when a cycle goes by
++ * without the need to spawn.
++ */
++static int idle_spawn_rate = 1;
++#ifndef MAX_SPAWN_RATE
++#define MAX_SPAWN_RATE (32)
++#endif
++static int hold_off_on_exponential_spawning;
++
++static void perform_idle_server_maintenance(apr_pool_t *p)
++{
++ int i;
++ int to_kill;
++ int idle_count;
++ worker_score *ws;
++ int free_length;
++ int free_slots[MAX_SPAWN_RATE];
++ int last_non_dead;
++ int total_non_dead;
++
++ /* initialize the free_list */
++ free_length = 0;
++
++ to_kill = -1;
++ idle_count = 0;
++ last_non_dead = -1;
++ total_non_dead = 0;
++
++ for (i = 0; i < ap_daemons_limit; ++i) {
++ int status;
++
++ if (i >= ap_max_daemons_limit && free_length == idle_spawn_rate)
++ break;
++ ws = &ap_scoreboard_image->servers[i][0];
++ status = ws->status;
++ if (status == SERVER_DEAD) {
++ /* try to keep children numbers as low as possible */
++ if (free_length < idle_spawn_rate) {
++ free_slots[free_length] = i;
++ ++free_length;
++ }
++ }
++ else {
++ /* We consider a starting server as idle because we started it
++ * at least a cycle ago, and if it still hasn't finished starting
++ * then we're just going to swamp things worse by forking more.
++ * So we hopefully won't need to fork more if we count it.
++ * This depends on the ordering of SERVER_READY and SERVER_STARTING.
++ */
++ if (status <= SERVER_READY) {
++ ++ idle_count;
++ /* always kill the highest numbered child if we have to...
++ * no really well thought out reason ... other than observing
++ * the server behaviour under linux where lower numbered children
++ * tend to service more hits (and hence are more likely to have
++ * their data in cpu caches).
++ */
++ to_kill = i;
++ }
++
++ ++total_non_dead;
++ last_non_dead = i;
++ }
++ }
++ ap_max_daemons_limit = last_non_dead + 1;
++ if (idle_count > ap_daemons_max_free) {
++ /* kill off one child... we use the pod because that'll cause it to
++ * shut down gracefully, in case it happened to pick up a request
++ * while we were counting
++ */
++ ap_mpm_pod_signal(pod);
++ idle_spawn_rate = 1;
++ }
++ else if (idle_count < ap_daemons_min_free) {
++ /* terminate the free list */
++ if (free_length == 0) {
++ /* only report this condition once */
++ static int reported = 0;
++
++ if (!reported) {
++ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf,
++ "server reached MaxClients setting, consider"
++ " raising the MaxClients setting");
++ reported = 1;
++ }
++ idle_spawn_rate = 1;
++ }
++ else {
++ if (idle_spawn_rate >= 8) {
++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf,
++ "server seems busy, (you may need "
++ "to increase StartServers, or Min/MaxSpareServers), "
++ "spawning %d children, there are %d idle, and "
++ "%d total children", idle_spawn_rate,
++ idle_count, total_non_dead);
++ }
++ for (i = 0; i < free_length; ++i) {
++#ifdef TPF
++ if (make_child(ap_server_conf, free_slots[i]) == -1) {
++ if(free_length == 1) {
++ shutdown_pending = 1;
++ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, ap_server_conf,
++ "No active child processes: shutting down");
++ }
++ }
++#else
++ make_child(ap_server_conf, free_slots[i]);
++#endif /* TPF */
++ }
++ /* the next time around we want to spawn twice as many if this
++ * wasn't good enough, but not if we've just done a graceful
++ */
++ if (hold_off_on_exponential_spawning) {
++ --hold_off_on_exponential_spawning;
++ }
++ else if (idle_spawn_rate < MAX_SPAWN_RATE) {
++ idle_spawn_rate *= 2;
++ }
++ }
++ }
++ else {
++ idle_spawn_rate = 1;
++ }
++}
++
++/*****************************************************************
++ * Executive routines.
++ */
++
++int ap_mpm_run(apr_pool_t *_pconf, apr_pool_t *plog, server_rec *s)
++{
++ int index;
++ int remaining_children_to_start;
++ apr_status_t rv;
++
++ ap_log_pid(pconf, ap_pid_fname);
++
++ first_server_limit = server_limit;
++ if (changed_limit_at_restart) {
++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
++ "WARNING: Attempt to change ServerLimit "
++ "ignored during restart");
++ changed_limit_at_restart = 0;
++ }
++
++ /* Initialize cross-process accept lock */
++ ap_lock_fname = apr_psprintf(_pconf, "%s.%" APR_PID_T_FMT,
++ ap_server_root_relative(_pconf, ap_lock_fname),
++ ap_my_pid);
++
++ rv = apr_proc_mutex_create(&accept_mutex, ap_lock_fname,
++ ap_accept_lock_mech, _pconf);
++ if (rv != APR_SUCCESS) {
++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
++ "Couldn't create accept lock (%s) (%d)",
++ ap_lock_fname, ap_accept_lock_mech);
++ mpm_state = AP_MPMQ_STOPPING;
++ return 1;
++ }
++
++#if APR_USE_SYSVSEM_SERIALIZE
++ if (ap_accept_lock_mech == APR_LOCK_DEFAULT ||
++ ap_accept_lock_mech == APR_LOCK_SYSVSEM) {
++#else
++ if (ap_accept_lock_mech == APR_LOCK_SYSVSEM) {
++#endif
++ rv = unixd_set_proc_mutex_perms(accept_mutex);
++ if (rv != APR_SUCCESS) {
++ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
++ "Couldn't set permissions on cross-process lock; "
++ "check User and Group directives");
++ mpm_state = AP_MPMQ_STOPPING;
++ return 1;
++ }
++ }
++
++ if (!is_graceful) {
++ if (ap_run_pre_mpm(s->process->pool, SB_SHARED) != OK) {
++ mpm_state = AP_MPMQ_STOPPING;
++ return 1;
++ }
++ /* fix the generation number in the global score; we just got a new,
++ * cleared scoreboard
++ */
++ ap_scoreboard_image->global->running_generation = ap_my_generation;
++ }
++
++ set_signals();
++
++ if (one_process) {
++ AP_MONCONTROL(1);
++ make_child(ap_server_conf, 0);
++ }
++ else {
++ if (ap_daemons_max_free < ap_daemons_min_free + 1) /* Don't thrash... */
++ ap_daemons_max_free = ap_daemons_min_free + 1;
++
++ /* If we're doing a graceful_restart then we're going to see a lot
++ * of children exiting immediately when we get into the main loop
++ * below (because we just sent them AP_SIG_GRACEFUL). This happens pretty
++ * rapidly... and for each one that exits we'll start a new one until
++ * we reach at least daemons_min_free. But we may be permitted to
++ * start more than that, so we'll just keep track of how many we're
++ * supposed to start up without the 1 second penalty between each fork.
++ */
++ remaining_children_to_start = ap_daemons_to_start;
++ if (remaining_children_to_start > ap_daemons_limit) {
++ remaining_children_to_start = ap_daemons_limit;
++ }
++ if (!is_graceful) {
++ startup_children(remaining_children_to_start);
++ remaining_children_to_start = 0;
++ }
++ else {
++ /* give the system some time to recover before kicking into
++ * exponential mode
++ */
++ hold_off_on_exponential_spawning = 10;
++ }
++
++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++ "%s configured -- resuming normal operations",
++ ap_get_server_description());
++ ap_log_error(APLOG_MARK, APLOG_INFO, 0, ap_server_conf,
++ "Server built: %s", ap_get_server_built());
++#ifdef AP_MPM_WANT_SET_ACCEPT_LOCK_MECH
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf,
++ "AcceptMutex: %s (default: %s)",
++ apr_proc_mutex_name(accept_mutex),
++ apr_proc_mutex_defname());
++#endif
++ restart_pending = shutdown_pending = 0;
++
++ mpm_state = AP_MPMQ_RUNNING;
++
++ while (!restart_pending && !shutdown_pending) {
++ int child_slot;
++ apr_exit_why_e exitwhy;
++ int status, processed_status;
++ /* this is a memory leak, but I'll fix it later. */
++ apr_proc_t pid;
++
++ ap_wait_or_timeout(&exitwhy, &status, &pid, pconf);
++
++ /* XXX: if it takes longer than 1 second for all our children
++ * to start up and get into IDLE state then we may spawn an
++ * extra child
++ */
++ if (pid.pid != -1) {
++ processed_status = ap_process_child_status(&pid, exitwhy, status);
++ if (processed_status == APEXIT_CHILDFATAL) {
++ mpm_state = AP_MPMQ_STOPPING;
++ return 1;
++ }
++
++ /* non-fatal death... note that it's gone in the scoreboard. */
++ child_slot = find_child_by_pid(&pid);
++ if (child_slot >= 0) {
++ (void) ap_update_child_status_from_indexes(child_slot, 0, SERVER_DEAD,
++ (request_rec *) NULL);
++ if (processed_status == APEXIT_CHILDSICK) {
++ /* child detected a resource shortage (E[NM]FILE, ENOBUFS, etc)
++ * cut the fork rate to the minimum
++ */
++ idle_spawn_rate = 1;
++ }
++ else if (remaining_children_to_start
++ && child_slot < ap_daemons_limit) {
++ /* we're still doing a 1-for-1 replacement of dead
++ * children with new children
++ */
++ make_child(ap_server_conf, child_slot);
++ --remaining_children_to_start;
++ }
++#if APR_HAS_OTHER_CHILD
++ }
++ else if (apr_proc_other_child_alert(&pid, APR_OC_REASON_DEATH, status) == APR_SUCCESS) {
++ /* handled */
++#endif
++ }
++ else if (is_graceful) {
++ /* Great, we've probably just lost a slot in the
++ * scoreboard. Somehow we don't know about this
++ * child.
++ */
++ ap_log_error(APLOG_MARK, APLOG_WARNING,
++ 0, ap_server_conf,
++ "long lost child came home! (pid %ld)", (long)pid.pid);
++ }
++ /* Don't perform idle maintenance when a child dies,
++ * only do it when there's a timeout. Remember only a
++ * finite number of children can die, and it's pretty
++ * pathological for a lot to die suddenly.
++ */
++ continue;
++ }
++ else if (remaining_children_to_start) {
++ /* we hit a 1 second timeout in which none of the previous
++ * generation of children needed to be reaped... so assume
++ * they're all done, and pick up the slack if any is left.
++ */
++ startup_children(remaining_children_to_start);
++ remaining_children_to_start = 0;
++ /* In any event we really shouldn't do the code below because
++ * few of the servers we just started are in the IDLE state
++ * yet, so we'd mistakenly create an extra server.
++ */
++ continue;
++ }
++
++ perform_idle_server_maintenance(pconf);
++#ifdef TPF
++ shutdown_pending = os_check_server(tpf_server_name);
++ ap_check_signals();
++ sleep(1);
++#endif /*TPF */
++ }
++ } /* one_process */
++
++ mpm_state = AP_MPMQ_STOPPING;
++
++ if (shutdown_pending && !is_graceful) {
++ /* Time to shut down:
++ * Kill child processes, tell them to call child_exit, etc...
++ */
++ if (unixd_killpg(getpgrp(), SIGTERM) < 0) {
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGTERM");
++ }
++ ap_reclaim_child_processes(1); /* Start with SIGTERM */
++
++ /* cleanup pid file on normal shutdown */
++ {
++ const char *pidfile = NULL;
++ pidfile = ap_server_root_relative (pconf, ap_pid_fname);
++ if ( pidfile != NULL && unlink(pidfile) == 0)
++ ap_log_error(APLOG_MARK, APLOG_INFO,
++ 0, ap_server_conf,
++ "removed PID file %s (pid=%ld)",
++ pidfile, (long)getpid());
++ }
++
++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++ "caught SIGTERM, shutting down");
++
++ return 1;
++ } else if (shutdown_pending) {
++ /* Time to perform a graceful shut down:
++ * Reap the inactive children, and ask the active ones
++ * to close their listeners, then wait until they are
++ * all done to exit.
++ */
++ int active_children;
++ apr_time_t cutoff = 0;
++
++ /* Stop listening */
++ ap_close_listeners();
++
++ /* kill off the idle ones */
++ ap_mpm_pod_killpg(pod, ap_max_daemons_limit);
++
++ /* Send SIGUSR1 to the active children */
++ active_children = 0;
++ for (index = 0; index < ap_daemons_limit; ++index) {
++ if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) {
++ /* Ask each child to close its listeners. */
++ ap_mpm_safe_kill(MPM_CHILD_PID(index), AP_SIG_GRACEFUL);
++ active_children++;
++ }
++ }
++
++ /* Allow each child which actually finished to exit */
++ ap_relieve_child_processes();
++
++ /* cleanup pid file */
++ {
++ const char *pidfile = NULL;
++ pidfile = ap_server_root_relative (pconf, ap_pid_fname);
++ if ( pidfile != NULL && unlink(pidfile) == 0)
++ ap_log_error(APLOG_MARK, APLOG_INFO,
++ 0, ap_server_conf,
++ "removed PID file %s (pid=%ld)",
++ pidfile, (long)getpid());
++ }
++
++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++ "caught " AP_SIG_GRACEFUL_STOP_STRING ", shutting down gracefully");
++
++ if (ap_graceful_shutdown_timeout) {
++ cutoff = apr_time_now() +
++ apr_time_from_sec(ap_graceful_shutdown_timeout);
++ }
++
++ /* Don't really exit until each child has finished */
++ shutdown_pending = 0;
++ do {
++ /* Pause for a second */
++ sleep(1);
++
++ /* Relieve any children which have now exited */
++ ap_relieve_child_processes();
++
++ active_children = 0;
++ for (index = 0; index < ap_daemons_limit; ++index) {
++ if (ap_mpm_safe_kill(MPM_CHILD_PID(index), 0) == APR_SUCCESS) {
++ active_children = 1;
++ /* Having just one child is enough to stay around */
++ break;
++ }
++ }
++ } while (!shutdown_pending && active_children &&
++ (!ap_graceful_shutdown_timeout || apr_time_now() < cutoff));
++
++ /* We might be here because we received SIGTERM, either
++ * way, try and make sure that all of our processes are
++ * really dead.
++ */
++ unixd_killpg(getpgrp(), SIGTERM);
++
++ return 1;
++ }
++
++ /* we've been told to restart */
++ apr_signal(SIGHUP, SIG_IGN);
++ apr_signal(AP_SIG_GRACEFUL, SIG_IGN);
++ if (one_process) {
++ /* not worth thinking about */
++ return 1;
++ }
++
++ /* advance to the next generation */
++ /* XXX: we really need to make sure this new generation number isn't in
++ * use by any of the children.
++ */
++ ++ap_my_generation;
++ ap_scoreboard_image->global->running_generation = ap_my_generation;
++
++ if (is_graceful) {
++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++ "Graceful restart requested, doing restart");
++
++ /* kill off the idle ones */
++ ap_mpm_pod_killpg(pod, ap_max_daemons_limit);
++
++ /* This is mostly for debugging... so that we know what is still
++ * gracefully dealing with existing request. This will break
++ * in a very nasty way if we ever have the scoreboard totally
++ * file-based (no shared memory)
++ */
++ for (index = 0; index < ap_daemons_limit; ++index) {
++ if (ap_scoreboard_image->servers[index][0].status != SERVER_DEAD) {
++ ap_scoreboard_image->servers[index][0].status = SERVER_GRACEFUL;
++ /* Ask each child to close its listeners.
++ *
++ * NOTE: we use the scoreboard, because if we send SIGUSR1
++ * to every process in the group, this may include CGI's,
++ * piped loggers, etc. They almost certainly won't handle
++ * it gracefully.
++ */
++ ap_mpm_safe_kill(ap_scoreboard_image->parent[index].pid, AP_SIG_GRACEFUL);
++ }
++ }
++ }
++ else {
++ /* Kill 'em off */
++ if (unixd_killpg(getpgrp(), SIGHUP) < 0) {
++ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "killpg SIGHUP");
++ }
++ ap_reclaim_child_processes(0); /* Not when just starting up */
++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, ap_server_conf,
++ "SIGHUP received. Attempting to restart");
++ }
++
++ return 0;
++}
++
++/* This really should be a post_config hook, but the error log is already
++ * redirected by that point, so we need to do this in the open_logs phase.
++ */
++static int itk_open_logs(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, server_rec *s)
++{
++ apr_status_t rv;
++
++ pconf = p;
++ ap_server_conf = s;
++
++ if ((num_listensocks = ap_setup_listeners(ap_server_conf)) < 1) {
++ ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_STARTUP, 0,
++ NULL, "no listening sockets available, shutting down");
++ return DONE;
++ }
++
++ if ((rv = ap_mpm_pod_open(pconf, &pod))) {
++ ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_STARTUP, rv, NULL,
++ "Could not open pipe-of-death.");
++ return DONE;
++ }
++ return OK;
++}
++
++static int itk_pre_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp)
++{
++ static int restart_num = 0;
++ int no_detach, debug, foreground;
++ apr_status_t rv;
++
++ mpm_state = AP_MPMQ_STARTING;
++
++ debug = ap_exists_config_define("DEBUG");
++
++ if (debug) {
++ foreground = one_process = 1;
++ no_detach = 0;
++ }
++ else
++ {
++ no_detach = ap_exists_config_define("NO_DETACH");
++ one_process = ap_exists_config_define("ONE_PROCESS");
++ foreground = ap_exists_config_define("FOREGROUND");
++ }
++
++ /* sigh, want this only the second time around */
++ if (restart_num++ == 1) {
++ is_graceful = 0;
++
++ if (!one_process && !foreground) {
++ rv = apr_proc_detach(no_detach ? APR_PROC_DETACH_FOREGROUND
++ : APR_PROC_DETACH_DAEMONIZE);
++ if (rv != APR_SUCCESS) {
++ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, NULL,
++ "apr_proc_detach failed");
++ return HTTP_INTERNAL_SERVER_ERROR;
++ }
++ }
++
++ parent_pid = ap_my_pid = getpid();
++ }
++
++ unixd_pre_config(ptemp);
++ ap_listen_pre_config();
++ ap_daemons_to_start = DEFAULT_START_DAEMON;
++ ap_daemons_min_free = DEFAULT_MIN_FREE_DAEMON;
++ ap_daemons_max_free = DEFAULT_MAX_FREE_DAEMON;
++ ap_daemons_limit = server_limit;
++ ap_pid_fname = DEFAULT_PIDLOG;
++ ap_lock_fname = DEFAULT_LOCKFILE;
++ ap_max_requests_per_child = DEFAULT_MAX_REQUESTS_PER_CHILD;
++ ap_extended_status = 0;
++#ifdef AP_MPM_WANT_SET_MAX_MEM_FREE
++ ap_max_mem_free = APR_ALLOCATOR_MAX_FREE_UNLIMITED;
++#endif
++
++ apr_cpystrn(ap_coredump_dir, ap_server_root, sizeof(ap_coredump_dir));
++
++ return OK;
++}
++
++static int itk_post_perdir_config(request_rec *r)
++{
++ uid_t wanted_uid;
++ gid_t wanted_gid;
++ const char *wanted_username;
++ int err = 0;
++
++ itk_server_conf *sconf =
++ (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module);
++
++ /* Enforce MaxClientsVhost. */
++ if (sconf->max_clients_vhost > 0) {
++ int i, num_other_servers = 0;
++ for (i = 0; i < ap_daemons_limit; ++i) {
++ worker_score *ws = &ap_scoreboard_image->servers[i][0];
++ if (ws->status >= SERVER_BUSY_READ && strncmp(ws->vhost, r->server->server_hostname, 31) == 0)
++ ++num_other_servers;
++ }
++
++ if (num_other_servers > sconf->max_clients_vhost) {
++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
++ "MaxClientsVhost reached for %s, refusing client.",
++ r->server->server_hostname);
++ return HTTP_SERVICE_UNAVAILABLE;
++ }
++ }
++
++ itk_per_dir_conf *dconf =
++ (itk_per_dir_conf *) ap_get_module_config(r->per_dir_config, &mpm_itk_module);
++
++ strncpy(ap_scoreboard_image->servers[my_child_num][0].vhost, r->server->server_hostname, 31);
++ ap_scoreboard_image->servers[my_child_num][0].vhost[31] = 0;
++
++ if (dconf->nice_value != UNSET_NICE_VALUE &&
++ setpriority(PRIO_PROCESS, 0, dconf->nice_value)) {
++ _DBG("setpriority(): %s", strerror(errno));
++ err = 1;
++ }
++
++ wanted_uid = dconf->uid;
++ wanted_gid = dconf->gid;
++ wanted_username = dconf->username;
++
++ if (wanted_uid == -1 || wanted_gid == -1) {
++ wanted_uid = unixd_config.user_id;
++ wanted_gid = unixd_config.group_id;
++ wanted_username = unixd_config.user_name;
++ }
++
++ if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {
++ if (setgid(wanted_gid)) {
++ _DBG("setgid(%d): %s", wanted_gid, strerror(errno));
++ err = 1;
++ } else if (initgroups(wanted_username, wanted_gid)) {
++ _DBG("initgroups(%s, %d): %s", wanted_username, wanted_gid, strerror(errno));
++ err = 1;
++ } else if (setuid(wanted_uid)) {
++ _DBG("setuid(%d): %s", wanted_uid, strerror(errno));
++ err = 1;
++ }
++ }
++
++ /*
++ * Most likely a case of switching uid/gid within a persistent
++ * connection; the RFCs allow us to just close the connection
++ * at anytime, so we excercise our right. :-)
++ */
++ if (err) {
++ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
++ "Couldn't set uid/gid/priority, closing connection.");
++ ap_lingering_close(r->connection);
++ exit(0);
++ }
++ return OK;
++}
++
++static void itk_hooks(apr_pool_t *p)
++{
++ /* The itk open_logs phase must run before the core's, or stderr
++ * will be redirected to a file, and the messages won't print to the
++ * console.
++ */
++ static const char *const aszSucc[] = {"core.c", NULL};
++
++#ifdef AUX3
++ (void) set42sig();
++#endif
++
++ ap_hook_open_logs(itk_open_logs, NULL, aszSucc, APR_HOOK_MIDDLE);
++ /* we need to set the MPM state before other pre-config hooks use MPM query
++ * to retrieve it, so register as REALLY_FIRST
++ */
++ ap_hook_pre_config(itk_pre_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
++
++ /* set the uid as fast as possible, but not before merging per-dit config */
++ ap_hook_header_parser(itk_post_perdir_config, NULL, NULL, APR_HOOK_REALLY_FIRST);
++}
++
++static const char *set_daemons_to_start(cmd_parms *cmd, void *dummy, const char *arg)
++{
++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++ if (err != NULL) {
++ return err;
++ }
++
++ ap_daemons_to_start = atoi(arg);
++ return NULL;
++}
++
++static const char *set_min_free_servers(cmd_parms *cmd, void *dummy, const char *arg)
++{
++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++ if (err != NULL) {
++ return err;
++ }
++
++ ap_daemons_min_free = atoi(arg);
++ if (ap_daemons_min_free <= 0) {
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ "WARNING: detected MinSpareServers set to non-positive.");
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ "Resetting to 1 to avoid almost certain Apache failure.");
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ "Please read the documentation.");
++ ap_daemons_min_free = 1;
++ }
++
++ return NULL;
++}
++
++static const char *set_max_free_servers(cmd_parms *cmd, void *dummy, const char *arg)
++{
++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++ if (err != NULL) {
++ return err;
++ }
++
++ ap_daemons_max_free = atoi(arg);
++ return NULL;
++}
++
++static const char *set_max_clients (cmd_parms *cmd, void *dummy, const char *arg)
++{
++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++ if (err != NULL) {
++ return err;
++ }
++
++ ap_daemons_limit = atoi(arg);
++ if (ap_daemons_limit > server_limit) {
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ "WARNING: MaxClients of %d exceeds ServerLimit value "
++ "of %d servers,", ap_daemons_limit, server_limit);
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ " lowering MaxClients to %d. To increase, please "
++ "see the ServerLimit", server_limit);
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ " directive.");
++ ap_daemons_limit = server_limit;
++ }
++ else if (ap_daemons_limit < 1) {
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ "WARNING: Require MaxClients > 0, setting to 1");
++ ap_daemons_limit = 1;
++ }
++ return NULL;
++}
++
++static const char *set_server_limit (cmd_parms *cmd, void *dummy, const char *arg)
++{
++ int tmp_server_limit;
++
++ const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
++ if (err != NULL) {
++ return err;
++ }
++
++ tmp_server_limit = atoi(arg);
++ /* you cannot change ServerLimit across a restart; ignore
++ * any such attempts
++ */
++ if (first_server_limit &&
++ tmp_server_limit != server_limit) {
++ /* how do we log a message? the error log is a bit bucket at this
++ * point; we'll just have to set a flag so that ap_mpm_run()
++ * logs a warning later
++ */
++ changed_limit_at_restart = 1;
++ return NULL;
++ }
++ server_limit = tmp_server_limit;
++
++ if (server_limit > MAX_SERVER_LIMIT) {
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ "WARNING: ServerLimit of %d exceeds compile time limit "
++ "of %d servers,", server_limit, MAX_SERVER_LIMIT);
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ " lowering ServerLimit to %d.", MAX_SERVER_LIMIT);
++ server_limit = MAX_SERVER_LIMIT;
++ }
++ else if (server_limit < 1) {
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ "WARNING: Require ServerLimit > 0, setting to 1");
++ server_limit = 1;
++ }
++ return NULL;
++}
++
++static const char *assign_user_id (cmd_parms *cmd, void *ptr, const char *user_name, const char *group_name)
++{
++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
++ dconf->username = apr_pstrdup(cmd->pool, user_name);
++ dconf->uid = ap_uname2id(user_name);
++ dconf->gid = ap_gname2id(group_name);
++ return NULL;
++}
++
++static const char *set_max_clients_vhost (cmd_parms *cmd, void *dummy, const char *arg)
++{
++ itk_server_conf *sconf =
++ (itk_server_conf *) ap_get_module_config(cmd->server->module_config, &mpm_itk_module);
++ sconf->max_clients_vhost = atoi(arg);
++ return NULL;
++}
++
++static const char *set_nice_value (cmd_parms *cmd, void *ptr, const char *arg)
++{
++ itk_per_dir_conf *dconf = (itk_per_dir_conf *) ptr;
++ int nice_value = atoi(arg);
++
++ if (nice_value < -20) {
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ "WARNING: NiceValue of %d is below -20, increasing NiceValue to -20.",
++ nice_value);
++ nice_value = -20;
++ }
++ else if (nice_value > 19) {
++ ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
++ "WARNING: NiceValue of %d is above 19, lowering NiceValue to 19.",
++ nice_value);
++ nice_value = 19;
++ }
++ dconf->nice_value = nice_value;
++ return NULL;
++}
++
++static const command_rec itk_cmds[] = {
++UNIX_DAEMON_COMMANDS,
++LISTEN_COMMANDS,
++AP_INIT_TAKE1("StartServers", set_daemons_to_start, NULL, RSRC_CONF,
++ "Number of child processes launched at server startup"),
++AP_INIT_TAKE1("MinSpareServers", set_min_free_servers, NULL, RSRC_CONF,
++ "Minimum number of idle children, to handle request spikes"),
++AP_INIT_TAKE1("MaxSpareServers", set_max_free_servers, NULL, RSRC_CONF,
++ "Maximum number of idle children"),
++AP_INIT_TAKE1("MaxClients", set_max_clients, NULL, RSRC_CONF,
++ "Maximum number of children alive at the same time"),
++AP_INIT_TAKE1("ServerLimit", set_server_limit, NULL, RSRC_CONF,
++ "Maximum value of MaxClients for this run of Apache"),
++AP_INIT_TAKE2("AssignUserID", assign_user_id, NULL, RSRC_CONF|ACCESS_CONF,
++ "Tie a virtual host to a specific child process."),
++AP_INIT_TAKE1("MaxClientsVHost", set_max_clients_vhost, NULL, RSRC_CONF,
++ "Maximum number of children alive at the same time for this virtual host."),
++AP_INIT_TAKE1("NiceValue", set_nice_value, NULL, RSRC_CONF|ACCESS_CONF,
++ "Set nice value for the given vhost, from -20 (highest priority) to 19 (lowest priority)."),
++AP_GRACEFUL_SHUTDOWN_TIMEOUT_COMMAND,
++{ NULL }
++};
++
++/* == allocate a private per-dir config structure == */
++static void *itk_create_dir_config(apr_pool_t *p, char *dummy)
++{
++ itk_per_dir_conf *c = (itk_per_dir_conf *)
++ apr_pcalloc(p, sizeof(itk_per_dir_conf));
++ c->uid = c->gid = -1;
++ c->nice_value = UNSET_NICE_VALUE;
++ return c;
++}
++
++/* == merge the parent per-dir config structure into ours == */
++static void *itk_merge_dir_config(apr_pool_t *p, void *parent_ptr, void *child_ptr)
++{
++ itk_per_dir_conf *c = (itk_per_dir_conf *)
++ apr_pcalloc(p, sizeof(itk_per_dir_conf));
++ itk_per_dir_conf *parent = (itk_per_dir_conf *) parent_ptr;
++ itk_per_dir_conf *child = (itk_per_dir_conf *) child_ptr;
++
++ if (child->username != NULL) {
++ c->username = apr_pstrdup(p, child->username);
++ c->uid = child->uid;
++ c->gid = child->gid;
++ } else if (parent->username != NULL) {
++ c->username = apr_pstrdup(p, parent->username);
++ c->uid = parent->uid;
++ c->gid = parent->gid;
++ }
++ if (child->nice_value != UNSET_NICE_VALUE) {
++ c->nice_value = child->nice_value;
++ } else {
++ c->nice_value = parent->nice_value;
++ }
++ return c;
++}
++
++/* == allocate a private server config structure == */
++static void *itk_create_server_config(apr_pool_t *p, server_rec *s)
++{
++ itk_server_conf *c = (itk_server_conf *)
++ apr_pcalloc(p, sizeof(itk_server_conf));
++ c->max_clients_vhost = -1;
++ return c;
++}
++
++module AP_MODULE_DECLARE_DATA mpm_itk_module = {
++ MPM20_MODULE_STUFF,
++ ap_mpm_rewrite_args, /* hook to run before apache parses args */
++ itk_create_dir_config, /* create per-directory config structure */
++ itk_merge_dir_config, /* merge per-directory config structures */
++ itk_create_server_config, /* create per-server config structure */
++ NULL, /* merge per-server config structures */
++ itk_cmds, /* command apr_table_t */
++ itk_hooks, /* register hooks */
++};
+unchanged:
+--- httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-17 21:39:03.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm.h 2009-03-21 13:02:33.000000000 +0100
+@@ -0,0 +1,68 @@
++/* Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ *
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ *
++ * Portions copyright 2008 Knut Auvor Grythe <knut@auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
++ */
++
++/**
++ * @file itk/mpm.h
++ * @brief ITK MPM (setuid per-vhost, no threads)
++ *
++ * @defgroup APACHE_MPM_ITK Apache ITK
++ * @ingroup APACHE_MPM APACHE_OS_UNIX
++ * @{
++ */
++
++#include "httpd.h"
++#include "mpm_default.h"
++#include "scoreboard.h"
++#include "unixd.h"
++
++#ifndef APACHE_MPM_ITK_H
++#define APACHE_MPM_ITK_H
++
++#define ITK_MPM
++
++#define MPM_NAME "ITK"
++
++#define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
++#define AP_MPM_WANT_WAIT_OR_TIMEOUT
++#define AP_MPM_WANT_PROCESS_CHILD_STATUS
++#define AP_MPM_WANT_SET_PIDFILE
++#define AP_MPM_WANT_SET_SCOREBOARD
++#define AP_MPM_WANT_SET_LOCKFILE
++#define AP_MPM_WANT_SET_MAX_REQUESTS
++#define AP_MPM_WANT_SET_COREDUMPDIR
++#define AP_MPM_WANT_SET_ACCEPT_LOCK_MECH
++#define AP_MPM_WANT_SIGNAL_SERVER
++#define AP_MPM_WANT_SET_MAX_MEM_FREE
++#define AP_MPM_WANT_FATAL_SIGNAL_HANDLER
++#define AP_MPM_WANT_SET_GRACEFUL_SHUTDOWN
++#define AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK
++
++#define AP_MPM_USES_POD 1
++#define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
++#define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0)
++#define MPM_ACCEPT_FUNC unixd_accept
++
++extern int ap_threads_per_child;
++extern int ap_max_daemons_limit;
++extern server_rec *ap_server_conf;
++#endif /* APACHE_MPM_ITK_H */
++/** @} */
+unchanged:
+--- httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-17 21:39:03.000000000 +0100
++++ httpd-2.2.11/server/mpm/experimental/itk/mpm_default.h 2009-03-21 13:02:33.000000000 +0100
+@@ -0,0 +1,80 @@
++/* Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ *
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ *
++ * Portions copyright 2008 Knut Auvor Grythe <knut@auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
++ */
++
++/**
++ * @file itk/mpm_default.h
++ * @brief ITK MPM defaults
++ *
++ * @addtogroup APACHE_MPM_ITK
++ * @{
++ */
++
++#ifndef APACHE_MPM_DEFAULT_H
++#define APACHE_MPM_DEFAULT_H
++
++/* Number of servers to spawn off by default --- also, if fewer than
++ * this free when the caretaker checks, it will spawn more.
++ */
++#ifndef DEFAULT_START_DAEMON
++#define DEFAULT_START_DAEMON 5
++#endif
++
++/* Maximum number of *free* server processes --- more than this, and
++ * they will die off.
++ */
++
++#ifndef DEFAULT_MAX_FREE_DAEMON
++#define DEFAULT_MAX_FREE_DAEMON 10
++#endif
++
++/* Minimum --- fewer than this, and more will be created */
++
++#ifndef DEFAULT_MIN_FREE_DAEMON
++#define DEFAULT_MIN_FREE_DAEMON 5
++#endif
++
++/* File used for accept locking, when we use a file */
++#ifndef DEFAULT_LOCKFILE
++#define DEFAULT_LOCKFILE DEFAULT_REL_RUNTIMEDIR "/accept.lock"
++#endif
++
++/* Where the main/parent process's pid is logged */
++#ifndef DEFAULT_PIDLOG
++#define DEFAULT_PIDLOG DEFAULT_REL_RUNTIMEDIR "/httpd.pid"
++#endif
++
++/*
++ * Interval, in microseconds, between scoreboard maintenance.
++ */
++#ifndef SCOREBOARD_MAINTENANCE_INTERVAL
++#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000
++#endif
++
++/* Number of requests to try to handle in a single process. If <= 0,
++ * the children don't die off.
++ */
++#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD
++#define DEFAULT_MAX_REQUESTS_PER_CHILD 10000
++#endif
++
++#endif /* AP_MPM_DEFAULT_H */
++/** @} */
+unchanged:
+--- apache2.2.orig/server/mpm/config.m4 2007-01-29 21:30:26.000000000 +0100
++++ apache2.2/server/mpm/config.m4 2007-01-29 21:30:35.000000000 +0100
+@@ -1,7 +1,7 @@
+ AC_MSG_CHECKING(which MPM to use)
+ AC_ARG_WITH(mpm,
+ APACHE_HELP_STRING(--with-mpm=MPM,Choose the process model for Apache to use.
+- MPM={beos|event|worker|prefork|mpmt_os2|winnt}),[
++ MPM={beos|event|worker|prefork|mpmt_os2|winnt|itk}),[
+ APACHE_MPM=$withval
+ ],[
+ if test "x$APACHE_MPM" = "x"; then
+@@ -23,7 +23,7 @@
+
+ ap_mpm_is_experimental ()
+ {
+- if test "$apache_cv_mpm" = "event" ; then
++ if test "$apache_cv_mpm" = "event" -o "$apache_cv_mpm" = "itk" ; then
+ return 0
+ else
+ return 1
+unchanged:
+--- apache2.2.orig/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:51.000000000 +0100
++++ apache2.2/server/mpm/experimental/itk/config.m4 2007-01-29 21:03:57.000000000 +0100
+@@ -1,3 +1,3 @@
+ if test "$MPM_NAME" = "itk" ; then
+- APACHE_FAST_OUTPUT(server/mpm/$MPM_NAME/Makefile)
++ APACHE_FAST_OUTPUT(server/mpm/$MPM_SUBDIR_NAME/Makefile)
+ fi
+unchanged:
+--- httpd-2.2.11/include/http_request.h 2009-03-21 13:03:31.000000000 +0100
++++ httpd-2.2.11/include/http_request.h 2009-03-21 13:03:41.000000000 +0100
+@@ -12,6 +12,12 @@
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
++ *
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ *
++ * Portions copyright 2008 Knut Auvor Grythe <knut@auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
+ */
+
+ /**
+@@ -350,6 +356,15 @@
+ */
+ AP_DECLARE_HOOK(void,insert_filter,(request_rec *r))
+
++/**
++ * This hook allows modules to affect the request immediately after the
++ * per-directory configuration for the request has been generated. This allows
++ * modules to make decisions based upon the current directory configuration
++ * @param r The current request
++ * @return OK or DECLINED
++ */
++AP_DECLARE_HOOK(int,post_perdir_config,(request_rec *r))
++
+ AP_DECLARE(int) ap_location_walk(request_rec *r);
+ AP_DECLARE(int) ap_directory_walk(request_rec *r);
+ AP_DECLARE(int) ap_file_walk(request_rec *r);
+unchanged:
+--- httpd-2.2.11/server/request.c 2009-03-21 13:03:13.000000000 +0100
++++ httpd-2.2.11/server/request.c 2009-03-21 13:03:41.000000000 +0100
+@@ -12,6 +12,12 @@
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
++ *
++ * Portions copyright 2005-2009 Steinar H. Gunderson <sgunderson@bigfoot.com>.
++ * Licensed under the same terms as the rest of Apache.
++ *
++ * Portions copyright 2008 Knut Auvor Grythe <knut@auvor.no>.
++ * Licensed under the same terms as the rest of Apache.
+ */
+
+ /*
+@@ -61,6 +67,7 @@
+ APR_HOOK_LINK(auth_checker)
+ APR_HOOK_LINK(insert_filter)
+ APR_HOOK_LINK(create_request)
++ APR_HOOK_LINK(post_perdir_config)
+ )
+
+ AP_IMPLEMENT_HOOK_RUN_FIRST(int,translate_name,
+@@ -80,6 +87,8 @@
+ AP_IMPLEMENT_HOOK_VOID(insert_filter, (request_rec *r), (r))
+ AP_IMPLEMENT_HOOK_RUN_ALL(int, create_request,
+ (request_rec *r), (r), OK, DECLINED)
++AP_IMPLEMENT_HOOK_RUN_ALL(int,post_perdir_config,
++ (request_rec *r), (r), OK, DECLINED)
+
+
+ static int decl_die(int status, char *phase, request_rec *r)
+@@ -158,6 +167,13 @@
+ return access_status;
+ }
+
++ /* First chance to handle the request after per-directory configuration is
++ * generated
++ */
++ if ((access_status = ap_run_post_perdir_config(r))) {
++ return access_status;
++ }
++
+ /* Only on the main request! */
+ if (r->main == NULL) {
+ if ((access_status = ap_run_header_parser(r))) {
+unchanged:
+--- httpd-2.2.11.orig/server/mpm/config.m4 2009-04-14 23:26:41.000000000 +0200
++++ httpd-2.2.11/server/mpm/config.m4 2009-04-14 23:28:03.000000000 +0200
+@@ -66,6 +66,11 @@
+ else
+ MPM_SUBDIR_NAME=$MPM_NAME
+ fi
++
++if test "$apache_cv_mpm" = "itk" ; then
++ AC_CHECK_LIB(cap, cap_init)
++fi
++
+ MPM_DIR=server/mpm/$MPM_SUBDIR_NAME
+ MPM_LIB=$MPM_DIR/lib${MPM_NAME}.la
+
--- /dev/null
+#
+# Server-Pool Management (MPM specific)
+#
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+#
+# Note that this is the default PidFile for most MPMs.
+#
+PidFile /var/run/httpd.pid
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+LockFile /var/run/httpd/accept.lock
+
+#
+# Only one of the below sections will be relevant on your
+# installed httpd. Use "apachectl -l" to find out the
+# active mpm.
+#
+
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxClients: maximum number of server processes allowed to start
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule mpm_prefork_module>
+ StartServers 5
+ MinSpareServers 5
+ MaxSpareServers 10
+ MaxClients 150
+ MaxRequestsPerChild 0
+</IfModule>
+
+# worker MPM
+# StartServers: initial number of server processes to start
+# MaxClients: maximum number of simultaneous client connections
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule mpm_worker_module>
+ StartServers 2
+ MaxClients 150
+ MinSpareThreads 25
+ MaxSpareThreads 75
+ ThreadsPerChild 25
+ MaxRequestsPerChild 0
+</IfModule>
--- /dev/null
+#
+# The configuration below implements multi-language error documents through
+# content-negotiation.
+#
+# Required modules: mod_alias, mod_include, mod_negotiation
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections. We use
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+# Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /home/services/httpd/error/include/ files and copying them to /your/include/path/,
+# even on a per-VirtualHost basis. The default include files will display
+# your Apache version number and your ServerAdmin email address regardless
+# of the setting of ServerSignature.
+
+Alias /error/ "/home/services/httpd/error/"
+
+<Directory "/home/services/httpd/error">
+ AllowOverride None
+ Options IncludesNoExec
+ AddOutputFilter Includes html
+ AddHandler type-map var
+ Order allow,deny
+ Allow from all
+ LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
+ ForceLanguagePriority Prefer Fallback
+</Directory>
+
+ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+ErrorDocument 410 /error/HTTP_GONE.html.var
+ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
--- /dev/null
+--- httpd-2.2.0/docs/cgi-examples/printenv.save 2005-12-26 23:09:55.000000000 +0200
++++ httpd-2.2.0/docs/cgi-examples/printenv 2005-12-26 23:09:55.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ ##
+ ## printenv -- demo CGI program which just prints its environment
+ ##
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIICFjCCAX+gAwIBAgIBATANBgkqhkiG9w0BAQQFADBQMRowGAYDVQQKExFEdW1t
+eSBjZXJ0aWZpY2F0ZTEbMBkGA1UECxMSSGFzIHRvIGJlIHJlcGxhY2VkMRUwEwYD
+VQQDEwx3d3cuYWR2eC5jb20wHhcNMDEwNDA5MDg0NjUyWhcNMDIwNDA5MDg0NjUy
+WjBSMSEwHwYDVQQKExhBZHZhbmNlZCBFeHRyYW5ldCBTZXJ2ZXIxGTAXBgNVBAsT
+EFRlc3QgQ2VydGlmaWNhdGUxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG
+9w0BAQEFAAOBjQAwgYkCgYEAoRtceA5d+grmrN76yHT4TQvbLQqvTsq2fFafNBT/
+DdSh05okHdTldu8kgTvBzpLPuOQvSwy2SzQLwF6nmzWdfY21U33NARp46i/QWD3V
+rgIXuhXtToTnkEE6/OGq5KeELgF/EKSXLXkDydyHg9mFlh/J/kKtjv3wtIHceOGn
+E18CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCShXMRerTzEJMkIdCDD+ZkOetE65j0
+mkgAGT4etmSiUmNWXy/P26zh1P51YeS4TZFpXxgONVK9PIywhhkVNB8JFdXYKbxW
+0h0caVoEHwnfkSERcBVffxaZEDtWa95nxD8pHiZ+++PPOV1P29Ta2j23MWq2JitY
+U2Y59HXWwglSaQ==
+-----END CERTIFICATE-----
+
+
+#DUMMY
\ No newline at end of file
--- /dev/null
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQChG1x4Dl36Cuas3vrIdPhNC9stCq9OyrZ8Vp80FP8N1KHTmiQd
+1OV27ySBO8HOks+45C9LDLZLNAvAXqebNZ19jbVTfc0BGnjqL9BYPdWuAhe6Fe1O
+hOeQQTr84arkp4QuAX8QpJcteQPJ3IeD2YWWH8n+Qq2O/fC0gdx44acTXwIDAQAB
+AoGASjM323OChO8QXv4zsq9szM9xGsWZCEkE0y9yE6K39b7A6ZxMlhC/vo9V2M+U
+63dihF1UCtTIAMrvvqHZv/pplfbUJDAeNm38BBlA/ZQL8iV9qxNrBEfBkLi5AtcR
+vJq5NitAE+vpcn00QNs7EKflRwi5arQOBGqS9c3uPimtOcECQQDQc9onX9kZuzz6
+69GQYkkj3dkZx6lCtDDexTWkM1yXGVSjvFA7fZOKJRNkGgc6iwbnTsEJfaEC9j7r
+AkF7/92dAkEAxdrbwKjx4/OZnve82O4VRGkZFo6c47QDXCKhlRdJzrBSCNOnRaLx
+vjtYXbqq8BPgdGO72pj1TaAlp1+kxdYiKwJBALBhtzAl/C+3rUusirCfWcANkgws
+U95rVgbJ3C/KfggkmOfLCiCsi1ETOiszkvZIeVjz3IdJVBqLfoWgbQSdZkkCQQDF
+WpBWdW6KnSL/0Uda7ujhyx+OQ4S1EItFbPnV+FvTwkahrVUtfeI6iYGURK1bOchq
+8EyiOG5/Fp5YfGukNvrvAkBT5AAvfk6nFHshdHDhTZs+5TE24g0aTtMEQc82cobd
+JG5vFxybo3z1l1QU4/pG3jP847/6HtZCxZ/J0xLATJml
+-----END RSA PRIVATE KEY-----
+
+
+#DUMMY
\ No newline at end of file
--- /dev/null
+--- httpd-2.0.43/Makefile.in.wiget Fri Oct 4 15:20:09 2002
++++ httpd-2.0.43/Makefile.in Fri Oct 4 15:20:32 2002
+@@ -195,7 +195,7 @@
+ @if test -f $(builddir)/support/suexec; then \
+ test -d $(DESTDIR)$(sbindir) || $(MKINSTALLDIRS) $(DESTDIR)$(sbindir); \
+ $(INSTALL_PROGRAM) $(top_builddir)/support/suexec $(DESTDIR)$(sbindir); \
+- chmod 4755 $(DESTDIR)$(sbindir)/suexec; \
++ chmod 0755 $(DESTDIR)$(sbindir)/suexec; \
+ fi
+
+ suexec:
--- /dev/null
+diff -urNp httpd-2.2.8.orig/support/suexec.c httpd-2.2.8/support/suexec.c
+--- httpd-2.2.8.orig/support/suexec.c 2006-07-12 05:38:44.000000000 +0200
++++ httpd-2.2.8/support/suexec.c 2008-05-13 21:04:25.000000000 +0200
+@@ -245,6 +245,21 @@ static void clean_env(void)
+ environ = cleanenv;
+ }
+
++/*
++ * Return the `basename' of the pathname in STRING (the stuff after
++ * the last '/'). If STRING is `/', just return it. Taken from bash.
++ */
++char *base_pathname(char *string)
++{
++ char *p;
++
++ if (string[0] == '/' && string[1] == 0)
++ return (string);
++
++ p = (char *)strrchr (string, '/');
++ return (p ? ++p : string);
++}
++
+ int main(int argc, char *argv[])
+ {
+ int userdir = 0; /* ~userdir flag */
+@@ -261,6 +276,7 @@ int main(int argc, char *argv[])
+ char dwd[AP_MAXPATH]; /* docroot working directory */
+ struct passwd *pw; /* password entry holder */
+ struct group *gr; /* group entry holder */
++ struct passwd tpw; /* tmp password entry holder */
+ struct stat dir_info; /* directory info holder */
+ struct stat prg_info; /* program info holder */
+
+@@ -270,6 +286,7 @@ int main(int argc, char *argv[])
+ clean_env();
+
+ prog = argv[0];
++
+ /*
+ * Check existence/validity of the UID of the user
+ * running this program. Error out if invalid.
+@@ -382,8 +399,23 @@ int main(int argc, char *argv[])
+ }
+ else {
+ if ((pw = getpwuid(atoi(target_uname))) == NULL) {
+- log_err("invalid target user id: (%s)\n", target_uname);
+- exit(121);
++ /*
++ * If called as suexec.fcgi ignore if there is no passwd
++ * entry for specified UID. Also bail out if UID = 0.
++ */
++ if(!strcmp(base_pathname(prog),"suexec.fcgi")) {
++ tpw.pw_name = strdup(target_uname);
++ tpw.pw_uid = atoi(target_uname);
++ tpw.pw_dir = (char *)"/tmp";
++ pw = &tpw;
++ if (tpw.pw_uid <= 0) {
++ log_err("invalid target user id: (%s)\n", target_uname);
++ exit(121);
++ }
++ } else {
++ log_err("invalid target user id: (%s)\n", target_uname);
++ exit(121);
++ }
+ }
+ }
+
+@@ -560,20 +592,24 @@ int main(int argc, char *argv[])
+ }
+
+ /*
+- * Error out if the target name/group is different from
+- * the name/group of the cwd or the program.
+- */
+- if ((uid != dir_info.st_uid) ||
+- (gid != dir_info.st_gid) ||
+- (uid != prg_info.st_uid) ||
+- (gid != prg_info.st_gid)) {
+- log_err("target uid/gid (%ld/%ld) mismatch "
+- "with directory (%ld/%ld) or program (%ld/%ld)\n",
+- uid, gid,
+- dir_info.st_uid, dir_info.st_gid,
+- prg_info.st_uid, prg_info.st_gid);
+- exit(120);
++ * If not called as suexec.fcgi error out if the target
++ * name/group is different from the name/group of the cwd
++ * or the program.
++ */
++ if(strcmp(base_pathname(prog),"suexec.fcgi")) {
++ if ((uid != dir_info.st_uid) ||
++ (gid != dir_info.st_gid) ||
++ (uid != prg_info.st_uid) ||
++ (gid != prg_info.st_gid)) {
++ log_err("target uid/gid (%ld/%ld) mismatch "
++ "with directory (%ld/%ld) or program (%ld/%ld)\n",
++ uid, gid,
++ dir_info.st_uid, dir_info.st_gid,
++ prg_info.st_uid, prg_info.st_gid);
++ exit(120);
++ }
+ }
++
+ /*
+ * Error out if the program is not executable for the user.
+ * Otherwise, she won't find any error in the logs except for
--- /dev/null
+--- httpd-2.2.0/configure.in~ 2005-12-18 02:38:31.000000000 +0200
++++ httpd-2.2.0/configure.in 2005-12-18 02:40:04.000000000 +0200
+@@ -584,9 +584,9 @@
+ [Listening sockets are non-blocking when there are more than 1])
+ fi
+
+-APACHE_FAST_OUTPUT(Makefile modules/Makefile srclib/Makefile)
++APACHE_FAST_OUTPUT(Makefile modules/Makefile)
+ APACHE_FAST_OUTPUT(os/Makefile server/Makefile)
+-APACHE_FAST_OUTPUT(support/Makefile srclib/pcre/Makefile)
++APACHE_FAST_OUTPUT(support/Makefile)
+
+ if test -d ./test; then
+ APACHE_FAST_OUTPUT(test/Makefile)
+--- httpd-2.2.0/Makefile.in 2005-12-18 02:41:25.000000000 +0200
++++ httpd-2.2.0/Makefile.in 2005-12-18 02:38:31.000000000 +0200
+@@ -1,5 +1,5 @@
+
+-SUBDIRS = srclib os server modules support
++SUBDIRS = os server modules support
+ CLEAN_SUBDIRS = test
+
+ PROGRAM_NAME = $(progname)
--- /dev/null
+--- httpd-2.0.48/server/listen.c.orig Mon Mar 31 06:30:52 2003
++++ httpd-2.0.48/server/listen.c Wed Mar 3 12:05:09 2004
+@@ -120,7 +120,7 @@
+ #if APR_HAVE_IPV6
+ if (server->bind_addr->family == APR_INET6) {
+ stat = apr_socket_opt_set(s, APR_IPV6_V6ONLY, v6only_setting);
+- if (stat != APR_SUCCESS && stat != APR_ENOTIMPL) {
++ if (stat != APR_SUCCESS && stat != APR_ENOTIMPL && stat != ENOPROTOOPT) {
+ ap_log_perror(APLOG_MARK, APLOG_CRIT, stat, p,
+ "make_sock: for address %pI, apr_socket_opt_set: "
+ "(IPV6_V6ONLY)",
--- /dev/null
+#!/bin/sh
+#
+# apache Apache Web Server
+#
+# chkconfig: 345 85 15
+# description: Apache is a World Wide Web server. It is used to serve \
+# HTML files and CGI.
+# processname: httpd
+# pidfile: /var/run/httpd.pid
+# config: /etc/httpd/apache.conf
+
+# Source function library
+. /etc/rc.d/init.d/functions
+
+# Get network config
+. /etc/sysconfig/network
+
+# Get service config
+[ -f /etc/sysconfig/httpd ] && . /etc/sysconfig/httpd
+
+# Check that networking is up.
+if is_yes "${NETWORKING}"; then
+ if [ ! -f /var/lock/subsys/network -a "$1" != stop -a "$1" != status ]; then
+ msg_network_down "Apache 2.2 Web Server"
+ exit 1
+ fi
+else
+ exit 0
+fi
+
+[ -z "$HTTPD_MPM" ] && HTTPD_MPM="prefork"
+SVC_NAME="Apache 2.2 Web Server ($HTTPD_MPM)"
+
+if [ -n "${HTTPD_CONF}" ]; then
+ if [ -d "${HTTPD_CONF}" ] || [ -f "${HTTPD_CONF}" ]; then
+ CFG="-f ${HTTPD_CONF}"
+ else
+ echo "error: HTTPD_CONF='$HTTPD_CONF': not a file, not a directory"
+ exit 1
+ fi
+fi
+
+# configtest itself
+configtest() {
+ /usr/sbin/httpd.${HTTPD_MPM} -t $CFG $HTTPD_OPTS 2>&1
+ return $?
+}
+
+# wrapper for configtest:
+checkconfig() {
+ local details=${1:-0}
+
+ if [ $details -eq 1 ]; then
+ # run config test and display report (status action)
+ show "Checking %s configuration" "$SVC_NAME"; busy
+ local out
+ out=`configtest 2>&1`
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && ok || fail
+ [ "$out" ] && echo >&2 "$out"
+ else
+ # run config test and abort with nice message if failed
+ # (for actions checking status before action).
+ show "Checking %s configuration" "$SVC_NAME"; busy
+ configtest >/dev/null 2>&1
+ RETVAL=$?
+ if [ $RETVAL -eq 0 ]; then
+ ok
+ else
+ fail
+ nls 'Configuration test failed. See details with %s "checkconfig"' $0
+ exit $RETVAL
+ fi
+ fi
+}
+
+start() {
+ # Check if the service is already running?
+ if [ -f /var/lock/subsys/httpd ]; then
+ msg_already_running "$SVC_NAME"
+ return
+ fi
+
+ [ "$1" -eq 0 ] || checkconfig
+ msg_starting "$SVC_NAME"
+ # remove ssl_scache on startup, otherwise httpd may go into
+ # infinite loop if there are db transaction logs laying around
+ rm -f /var/cache/httpd/*ssl_scache*
+ daemon --pidfile /var/run/httpd.pid /usr/sbin/httpd.${HTTPD_MPM} $CFG $HTTPD_OPTS
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/httpd
+}
+
+stop() {
+ # Stop daemons.
+ if [ ! -f /var/lock/subsys/httpd ]; then
+ msg_not_running "$SVC_NAME"
+ return
+ fi
+
+ msg_stopping "$SVC_NAME"
+ killproc --pidfile /var/run/httpd.pid httpd.${HTTPD_MPM}
+ rm -f /var/lock/subsys/httpd /var/run/httpd.pid /var/run/httpd.loc* >/dev/null 2>&1
+}
+
+
+reload() {
+ if [ ! -f /var/lock/subsys/httpd ]; then
+ msg_not_running "$SVC_NAME"
+ RETVAL=7
+ return
+ fi
+
+ checkconfig
+ msg_reloading "$SVC_NAME"
+ busy
+ /usr/sbin/httpd.${HTTPD_MPM} $CFG $HTTPD_OPTS -k graceful
+ RETVAL=$?
+ [ $RETVAL -eq 0 ] && ok || fail
+}
+
+condrestart() {
+ if [ ! -f /var/lock/subsys/httpd ]; then
+ msg_not_running "$SVC_NAME"
+ RETVAL=$1
+ return
+ fi
+
+ checkconfig
+ stop
+ start
+}
+
+RETVAL=0
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ checkconfig
+ stop
+ start 0
+ ;;
+ try-restart)
+ condrestart 0
+ ;;
+ reload|force-reload|graceful|flush-logs)
+ reload
+ ;;
+ checkconfig|configtest)
+ checkconfig 1
+ ;;
+ status)
+ status httpd.${HTTPD_MPM}
+ RETVAL=$?
+ /usr/sbin/httpd.${HTTPD_MPM} $CFG $HTTPD_OPTS -S
+ ;;
+ *)
+ msg_usage "$0 {start|stop|restart|try-restart|reload|force-reload|graceful|configtest|status}"
+ exit 3
+ ;;
+esac
+
+exit $RETVAL
--- /dev/null
+/var/log/httpd/*access_log
+/var/log/httpd/*combined_log
+/var/log/httpd/*agent_log
+/var/log/httpd/*error_log
+/var/log/httpd/*referer_log
+/var/log/httpd/*request_log
+/var/log/httpd/*rewrite_log
+{
+ olddir /var/log/archive/httpd
+ sharedscripts
+ postrotate
+ /sbin/service httpd flush-logs > /dev/null
+ endscript
+}
--- /dev/null
+# TODO:
+# - config examples for mod_*
+# - --with-suexec-uidmin=500 or =1000 ?
+# - subpackages for MPMs
+# - !!!check if all modules (*.so) are exactly the same for different MPMs
+# - check those autn modules inner deps
+# - for external packages: don't use any apache module name in dep as they
+# differ for apache 1.3/2.0/2.2!? any better ideas? rpm Suggests: tags?
+# - for mod_auth_* modules require each auth module to require virtual authn so at least *_default
+# is chosen?
+# - same for mod_authz
+# - mod_auth_digest and mod_auth_basic R: apache(authn) ?
+# - drop mod_case_filter* or find summary and description for them
+# - build modules only once (not with each mpm)
+# - FYI: http://wiki.apache.org/httpd/InternalDummyConnection
+
+# Conditional build:
+%bcond_without ssl # build without SSL support
+%bcond_without ldap # build without LDAP support
+%bcond_without peruser # peruser MPM
+%bcond_without event # event MPM
+%bcond_with itk # ITK MPM
+%bcond_with distcache # distcache support
+%bcond_with bucketeer # debug one
+
+# this is internal macro, don't change to %%apache_modules_api
+%define _apache_modules_api 20051115
+
+%define openssl_ver 0.9.8i
+%define apr_ver 1:1.4.5
+%include /usr/lib/rpm/macros.perl
+Summary: The most widely used Web server on the Internet
+Summary(de.UTF-8): Leading World Wide Web-Server
+Summary(es.UTF-8): Servidor HTTPD para proveer servicios WWW
+Summary(fr.UTF-8): Le serveur web le plus utilise sur Internet
+Summary(pl.UTF-8): Serwer WWW (World Wide Web)
+Summary(pt_BR.UTF-8): Servidor HTTPD para prover serviços WWW
+Summary(ru.UTF-8): Самый популярный веб-сервер
+Summary(tr.UTF-8): Lider WWW tarayıcı
+Name: apache
+Version: 2.2.22
+Release: 1
+License: Apache v2.0
+Group: Networking/Daemons/HTTP
+Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
+# Source0-md5: d77fa5af23df96a8af68ea8114fa6ce1
+Source1: %{name}.init
+Source2: %{name}.logrotate
+Source3: %{name}.sysconfig
+Source4: %{name}-server.crt
+Source5: %{name}-server.key
+Source6: %{name}-httpd.conf
+Source7: %{name}-common.conf
+Source8: %{name}-mod_vhost_alias.conf
+Source9: %{name}-mod_status.conf
+Source10: %{name}-mod_proxy.conf
+Source11: %{name}-mod_info.conf
+Source12: %{name}-mod_ssl.conf
+Source13: %{name}-mod_dav.conf
+Source14: %{name}-mod_dir.conf
+Source15: %{name}-mod_suexec.conf
+Source16: %{name}-mod_deflate.conf
+Source17: %{name}-mod_autoindex.conf
+Source18: %{name}-multilang-errordoc.conf
+Source19: %{name}-manual.conf
+Source20: %{name}-mod_userdir.conf
+Source21: %{name}-mpm.conf
+Source22: %{name}-languages.conf
+Source23: %{name}-mod_mime.conf
+Source24: %{name}-mod_authz_host.conf
+Source25: %{name}-mod_cgid.conf
+Source26: %{name}-mod_log_config.conf
+Source27: %{name}-mod_mime_magic.conf
+Source28: %{name}-mod_cache.conf
+Source29: %{name}-example.net.conf
+Source30: %{name}.tmpfiles
+Patch0: %{name}-configdir_skip_backups.patch
+Patch1: %{name}-layout.patch
+Patch2: %{name}-suexec.patch
+Patch3: %{name}-branding.patch
+Patch4: %{name}-apr.patch
+# what about this? it isn't applied...
+Patch6: httpd-2.0.40-xfsz.patch
+Patch7: %{name}-syslibs.patch
+Patch8: httpd-2.0.45-encode.patch
+Patch9: %{name}-paths.patch
+Patch10: httpd-2.0.46-dav401dest.patch
+Patch12: httpd-2.0.46-sslmutex.patch
+Patch14: httpd-2.0.48-corelimit.patch
+Patch15: httpd-2.0.48-debuglog.patch
+Patch18: %{name}-v6only-ENOPROTOOPT.patch
+Patch19: %{name}-conffile-path.patch
+Patch20: %{name}-apxs.patch
+Patch23: %{name}-suexec_fcgi.patch
+Patch24: %{name}-bug-48094.patch
+# http://scripts.mit.edu/trac/browser/trunk/server/common/patches/httpd-2.2.x-mod_ssl-sessioncaching.patch?rev=1348
+Patch25: httpd-2.2.x-mod_ssl-sessioncaching.patch
+Patch26: apache-mod_vhost_alias_docroot.patch
+# http://mpm-itk.sesse.net/
+Patch28: apache-mpm-itk.patch
+Patch29: libtool-tag.patch
+URL: http://httpd.apache.org/
+BuildRequires: apr-devel >= %{apr_ver}
+BuildRequires: apr-util-devel >= 1:1.3.10-2
+BuildRequires: autoconf >= 2.13
+BuildRequires: automake
+%{?with_distcache:BuildRequires: distcache-devel}
+BuildRequires: libtool >= 2:1.5
+%{?with_ldap:BuildRequires: openldap-devel >= 2.3.0}
+%{?with_ssl:BuildRequires: openssl-devel >= %{openssl_ver}}
+%{?with_ssl:BuildRequires: openssl-tools >= %{openssl_ver}}
+BuildRequires: pcre-devel
+BuildRequires: pkgconfig
+BuildRequires: rpm >= 4.4.9-56
+BuildRequires: rpm-build >= 4.4.0
+BuildRequires: rpm-perlprov >= 4.1-13
+BuildRequires: rpmbuild(macros) >= 1.268
+BuildRequires: sed >= 4.0
+BuildRequires: zlib-devel
+Requires: %{name}-errordocs = %{version}-%{release}
+Requires: %{name}-mod_alias = %{version}-%{release}
+Requires: %{name}-mod_auth = %{version}-%{release}
+Requires: %{name}-mod_env = %{version}-%{release}
+Requires: %{name}-mod_log_config = %{version}-%{release}
+Requires: %{name}-mod_mime = %{version}-%{release}
+Requires: %{name}-mod_mime_magic = %{version}-%{release}
+Requires: %{name}-mod_negotiation = %{version}-%{release}
+Requires: %{name}-mod_setenvif = %{version}-%{release}
+Requires: %{name}-mod_speling = %{version}-%{release}
+Requires: %{name}-mod_userdir = %{version}-%{release}
+Requires: %{name}-mod_version = %{version}-%{release}
+Requires: %{name}-tools = %{version}-%{release}
+BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
+
+%define _sysconfdir /etc/httpd
+%define _includedir %{_prefix}/include/apache
+%define _datadir /home/services/httpd
+%define _libexecdir %{_libdir}/apache
+%define _cgibindir %{_prefix}/lib/cgi-bin/%{name}
+
+%description
+Apache is a powerful, full-featured, efficient and freely-available
+Web server. Apache is also the most popular Web server on the
+Internet.
+
+%description -l de.UTF-8
+Apache ist ein voll funktionsfähiger Web-Server, der kostenlos
+erhältlich und weit verbreitet ist.
+
+%description -l es.UTF-8
+El servidor web Apache es el mejor servidor gratuito disponible en el
+mundo UNIX hoy. Usa HTTP (HyperText Transfer Protocol) para permitir
+que navegadores vean documentos y sometan datos remotamente. Puede
+ejecutar varias funciones diferentes, incluyendo funciones de proxy y
+caché, y nos ofrece características como monitor de estado, conversión
+dinámica de tipo, y otras más.
+
+%description -l fr.UTF-8
+Apache est un serveur Web puissant, efficace, gratuit et complet.
+Apache est aussi le serveur Web le plus populaire sur Internet.
+
+%description -l pl.UTF-8
+Apache jest serwerem WWW (World Wide Web). Instalując ten pakiet
+będziesz mógł prezentować własne strony WWW w sieci Internet.
+
+%description -l pt_BR.UTF-8
+O servidor web Apache é o melhor servidor gratuito disponível no mundo
+UNIX hoje. Ele usa HTTP (HyperText Transfer Protocol) para permitir
+que browsers web vejam documentos e submetam dados remotamente. Ele
+pode executar várias funções diferentes, incluindo funções de proxy e
+cache, e oferece características como monitor de status, conversão
+dinâmica de tipo, e mais.
+
+%description -l ru.UTF-8
+Apache - мощный, функциональный, высокопроизводительный и свободно
+распространяемый веб-сервер.
+
+%description -l tr.UTF-8
+Apache serbest dağıtılan ve çok kullanılan yetenekli bir web
+sunucusudur.
+
+%package base
+Summary: The Number One HTTP Server On The Internet
+Summary(pl.UTF-8): Wiodący w Internecie serwer HTTP
+Group: Networking/Daemons/HTTP
+Requires(post): fileutils
+Requires(post,preun): /sbin/chkconfig
+Requires(postun): /usr/sbin/groupdel
+Requires(postun): /usr/sbin/userdel
+Requires(pre): /bin/id
+Requires(pre): /usr/bin/getgid
+Requires(pre): /usr/sbin/groupadd
+Requires(pre): /usr/sbin/useradd
+Requires: /sbin/chkconfig
+Requires: apr >= %{apr_ver}
+Requires: psmisc >= 20.1
+Requires: rc-scripts >= 0.4.1.23
+Provides: apache(modules-api) = %{_apache_modules_api}
+Provides: group(http)
+Provides: user(http)
+Provides: webserver = apache
+Obsoletes: apache-extra
+Obsoletes: apache6
+# packaged by mistake. really sample code
+Obsoletes: apache-mod_optional_fn_export
+Obsoletes: apache-mod_optional_fn_import
+Obsoletes: apache-mod_optional_fn_import
+Obsoletes: apache-mod_optional_hook_import
+Conflicts: apache < 2.2.0
+Conflicts: logrotate < 3.7-4
+# for the posttrans scriptlet, conflicts because in vserver environment rpm package is not installed.
+Conflicts: rpm < 4.4.2-0.2
+
+%description base
+Apache is a powerful, full-featured, efficient and freely-available
+Web server. Apache is also the most popular Web server on the
+Internet.
+
+%description base -l pl.UTF-8
+Apache jest potężnym, w pełni funkcjonalnym, wydajnym i wolnodostępnym
+serwerem WWW (World Wide Web). Jest także najbardziej popularnym
+serwerem WWW w Internecie.
+
+%package suexec
+Summary: Apache suexec wrapper
+Summary(pl.UTF-8): Wrapper suexec do serwera WWW Apache
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/suexec.html
+Requires: %{name}-base = %{version}-%{release}
+
+%description suexec
+The suEXEC feature provides Apache users the ability to run CGI and
+SSI programs under user IDs different from the user ID of the calling
+web-server. Normally, when a CGI or SSI program executes, it runs as
+the same user who is running the web server.
+
+%description suexec -l pl.UTF-8
+SuEXEC umożliwia serwerowi Apache uruchamianie programów CGI i SSI z
+innym UID niż wywołujący je serwer. Normalnie programy CGI i SSI są
+wykonywane jako taki sam użytkownik jak serwer WWW.
+
+%package tools
+Summary: Apache tools
+Summary(pl.UTF-8): Narzędzia Apache'a
+Group: Development/Tools
+
+%description tools
+Apache tools.
+
+%description tools -l pl.UTF-8
+Narzędzia Apache'a.
+
+%package index
+Summary: Apache index.html* files
+Summary(pl.UTF-8): Pliki Apache index.html*
+Group: Documentation
+Requires: %{name}-base = %{version}-%{release}
+Obsoletes: indexhtml
+
+%description index
+Apache index.html* files.
+
+%description index -l pl.UTF-8
+Pliki index.html* Apache'a.
+
+%package doc
+Summary: Apache manual
+Summary(pl.UTF-8): Podręcznik Apache'a
+Group: Documentation
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_alias = %{version}-%{release}
+Requires: %{name}-mod_dir = %{version}-%{release}
+Requires: %{name}-mod_negotiation = %{version}-%{release}
+Requires: %{name}-mod_setenvif = %{version}-%{release}
+
+%description doc
+Apache manual.
+
+%description doc -l pl.UTF-8
+Podręcznik Apache'a.
+
+%package errordocs
+Summary: Multi-language error messages for Apache
+Summary(pl.UTF-8): Wielojęzyczne komunikaty błędów dla Apache'a
+Group: Applications/WWW
+URL: http://httpd.apache.org/docs-project/
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_alias = %{version}-%{release}
+Requires: %{name}-mod_authz_host = %{version}-%{release}
+Requires: %{name}-mod_include = %{version}-%{release}
+Requires: %{name}-mod_negotiation = %{version}-%{release}
+
+%description errordocs
+Multi-language error messages.
+
+%description errordocs -l pl.UTF-8
+Dokumenty opisujące błędy HTTP dla Apache'a w wielu językach.
+
+%package devel
+Summary: Module development tools for the Apache web server
+Summary(es.UTF-8): Archivos de inclusión del Apache para desarrollo de módulos
+Summary(fr.UTF-8): Les outils de developpement de modules pour le serveur web Apache
+Summary(pl.UTF-8): Pliki nagłówkowe do tworzenia modułów rozszerzeń do serwera WWW Apache
+Summary(pt_BR.UTF-8): Arquivos de inclusão do Apache para desenvolvimento de módulos
+Summary(ru.UTF-8): Средства разработки модулей для веб-сервера Apache
+Group: Networking/Utilities
+Requires: apr-util-devel >= 1:1.2
+Requires: libtool
+Obsoletes: apache-apxs
+Obsoletes: apache-static
+
+%description devel
+The apache-devel package contains header files for Apache.
+
+%description devel -l es.UTF-8
+Este paquete contiene los archivos de inclusión para el Apache, bien
+como el utilitario apxs para la construcción de objetos compartidos
+dinámicos (DSOs). Ha ce falta instalar este paquete si deseas compilar
+o desarrollar módulos adicionales para Apache.
+
+%description devel -l fr.UTF-8
+Le package apache-devel contient le code source pour le serveur Web
+Apache et le binaire APXS dont vous aurez besoin pour construire des
+Objets Dynamiques Partages (DSOs) pour Apache.
+
+%description devel -l pl.UTF-8
+Pliki nagłówkowe i inne zasoby niezbędne przy budowaniu modułów DSO
+(Dynamic Shared Objects) dla Apache'a.
+
+%description devel -l ru.UTF-8
+Средства разработки модулей для веб-сервера Apache.
+
+%description devel -l pt_BR.UTF-8
+Este pacote contem os arquivos de inclusão para o Apache, bem como o
+utilitário apxs para a construção de objetos compartilhados dinâmicos
+(DSOs). Este pacote precisa ser instalado se você deseja compilar ou
+desenvolver módulos adicionais para o Apache.
+
+%package mod_actions
+Summary: Apache module for executing CGI scripts based on media type or request method
+Summary(pl.UTF-8): Moduł Apache'a do uruchamiania skryptów CGI w oparciu o rodzaj danych lub żądania
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_actions.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_actions) = %{version}-%{release}
+
+%description mod_actions
+This module has two directives. The Action directive lets you run CGI
+scripts whenever a file of a certain MIME content type is requested.
+The Script directive lets you run CGI scripts whenever a particular
+method is used in a request. This makes it much easier to execute
+scripts that process files.
+
+%description mod_actions -l pl.UTF-8
+Ten moduł ma dwie dyrektywy. Dyrektywa Action pozwala uruchamiać
+skrypty CGI przy żądaniu pliku o danym typie zawartości MIME.
+Dyrektywa Script pozwala uruchamiać skrypty CGI przy danej metodzie
+żądania. Znacznie ułatwia to wykonywanie skryptów przetwarzających
+pliki.
+
+%package mod_alias
+Summary: Mapping different parts of the host filesystem in the document tree and for URL redirection
+Summary(pl.UTF-8): Odwzorowywanie różnych części systemu plików w drzewie dokumentów i przekierowywanie URL-i
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_alias.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_alias) = %{version}-%{release}
+Provides: webserver(alias)
+
+%description mod_alias
+The directives contained in this module allow for manipulation and
+control of URLs as requests arrive at the server. The Alias and
+ScriptAlias directives are used to map between URLs and filesystem
+paths. This allows for content which is not directly under the
+DocumentRoot served as part of the web document tree. The ScriptAlias
+directive has the additional effect of marking the target directory as
+containing only CGI scripts.
+
+The Redirect directives are used to instruct clients to make a new
+request with a different URL. They are often used when a resource has
+moved to a new location.
+
+mod_alias is designed to handle simple URL manipulation tasks. For
+more complicated tasks such as manipulating the query string, use the
+tools provided by mod_rewrite.
+
+%description mod_alias -l pl.UTF-8
+Dyrektywy zawarte w tym module umożliwiają manipulacje i sterowanie
+URL-ami kiedy żądania są dostarczane do serwera. Dyrektywy Alias i
+ScriptAlias są używane do odwzorowywania między URL-ami i ścieżkami w
+systemie plików. Umożliwia to serwowanie treści nie będącej
+bezpośrednio wewnątrz DocumentRoota jako część drzewa dokumentów WWW.
+Dyrektywa ScriptAlias ma dodatkowy efekt oznaczania katalogu
+docelowego jako zawierającego wyłącznie skrypty CGI.
+
+Dyrektywy Redirect służą do instruowania klientów, aby wykonali nowe
+żądanie z innym URL-em. Są używane zwykle w przypadku, gdy zasoby
+zostały przeniesione w inne miejsce.
+
+mod_alias został zaprojektowany do obsługi prostych manipulacji na
+URL-ach. Bardziej skomplikowane zadania, takie jak modyfikowanie
+łańcucha zapytania można wykonać przy użyciu mod_rewrite.
+
+%package mod_asis
+Summary: Sends files that contain their own HTTP headers
+Summary(pl.UTF-8): Wysyłanie plików zawierających własne nagłówki HTTP
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_asis.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_asis) = %{version}-%{release}
+
+%description mod_asis
+This module provides the handler send-as-is which causes Apache to
+send the document without adding most of the usual HTTP headers.
+
+This can be used to send any kind of data from the server, including
+redirects and other special HTTP responses, without requiring a
+cgi-script or an nph script.
+
+For historical reasons, this module will also process any file with
+the mime type httpd/send-as-is.
+
+%description mod_asis -l pl.UTF-8
+Ten moduł udostępnia procesurę obsługi send-as-is powodującą, że
+Apache wysyła dokument bez dodawania większości zwykle używanych
+nagłówków HTTP.
+
+Może to być używane do wysyłania dowolnego rodzaju danych z serwera,
+włącznie z przekierowaniami i innymi specjalnymi odpowiedziami HTTP
+bez wymagania skryptu CGI lub nph.
+
+%package mod_auth
+Summary: Virtual package which provides backward compatibility with apache 2.0
+Summary(pl.UTF-8): Pakiet wirtualny zapewniający kompatybilność wsteczną z apache 2.0
+Group: Networking/Daemons/HTTP
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_auth_basic = %{version}-%{release}
+Requires: %{name}-mod_authn_file = %{version}-%{release}
+Requires: %{name}-mod_authz_groupfile = %{version}-%{release}
+Requires: %{name}-mod_authz_user = %{version}-%{release}
+Provides: apache(mod_auth) = %{version}-%{release}
+Provides: webserver(auth)
+
+%description mod_auth
+Virtual package which requires apache-mod_authn_file,
+apache-mod_authz_user and apache-mod_authz_groupfile for backward
+compatibility with apache 2.0.
+
+%description mod_auth -l pl.UTF-8
+Pakiet wirtualny wymagający apache-mod_authn_file,
+apache-mod_authz_user i apache-mod_authz_groupfile dla kompatybilności
+wstecznej z apache 2.0.
+
+%package mod_auth_basic
+Summary: Apache module that allows Basic authentication
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający korzystawnie z uwierzytelnienia Basic
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_auth_basic.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_auth_basic) = %{version}-%{release}
+
+%description mod_auth_basic
+This module allows the use of HTTP Basic Authentication to restrict
+access by looking up users in the given providers.
+
+HTTP Digest Authentication is provided by mod_auth_digest. This module
+should usually be combined with at least one authentication module
+such as mod_authn_file and one authorization module such as
+mod_authz_user.
+
+%description mod_auth_basic -l pl.UTF-8
+Ten moduł pozwala używać uwierzytelnienia HTTP Basic do ograniczania
+dostępu poprzez wyszukiwanie użytkowników we wskazanych miejscach
+
+%package mod_auth_dbm
+Summary: Virtual package which provides backward compatibility with apache 2.0
+Summary(pl.UTF-8): Pakiet wirtualny zapewniający kompatybilność wsteczną z apache 2.0
+Group: Networking/Daemons/HTTP
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-dbmtools = %{version}-%{release}
+Requires: %{name}-mod_authn_dbm = %{version}-%{release}
+Requires: %{name}-mod_authz_dbm = %{version}-%{release}
+Provides: apache(mod_auth_dbm) = %{version}-%{release}
+
+%description mod_auth_dbm
+Virtual package which requires apache-mod_authn_dbm and
+apache-mod_authz_dbm for backward compatibility with apache 2.0.
+
+%description mod_auth_dbm -l pl.UTF-8
+Pakiet wirtualny wymagający apache-mod_authn_dbm i
+apache-mod_authz_dbm dla kompatybilności wstecznej z apache 2.0.
+
+%package mod_auth_digest
+Summary: User authentication using MD5 Digest Authentication
+Summary(pl.UTF-8): Uwierzytelnianie użytkowników przy użyciu MD5 Digest
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_auth_digest.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_auth_digest) = %{version}-%{release}
+
+%description mod_auth_digest
+This module implements HTTP Digest Authentication. However, it has not
+been extensively tested and is therefore marked experimental.
+
+%description mod_auth_digest -l pl.UTF-8
+Ten moduł implementuje uwierzytelnienie HTTP Digest. Nie został on
+jednak zbyt obszernie przetestowany, więc jest oznaczony jako
+eksperymentalny.
+
+%package mod_authn_alias
+Summary: Apache module that provides the ability to create extended authentication
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający tworzenie rozszerzonego uwierzytelniania
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_alias.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authn_alias) = %{version}-%{release}
+
+%description mod_authn_alias
+This module allows extended authentication providers to be created
+within the configuration file and assigned an alias name.
+
+%description mod_authn_alias -l pl.UTF-8
+Ten moduł umożliwia tworzenie rozszerzonych sposobów uwierzytelniania
+w pliku konfiguracyjnym i nadawanie im aliasów.
+
+%package mod_authn_anon
+Summary: Apache module that allows "anonymous" user access to authenticated areas
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający dostęp anonimowych użytkowników do stref uwierzytelnianych
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_anon.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authn_anon) = %{version}-%{release}
+# compat
+Provides: apache(mod_auth_anon) = %{version}-%{release}
+Provides: apache-mod_auth_anon = %{version}-%{release}
+Obsoletes: apache-mod_auth_anon < 2.2.0-0.5
+
+%description mod_authn_anon
+This module provides authentication front-ends such as mod_auth_basic
+to authenticate users similar to anonymous-ftp sites, i.e. have a
+'magic' user id 'anonymous' and the email address as a password. These
+email addresses can be logged.
+
+%description mod_authn_anon -l pl.UTF-8
+Ten moduł udmożliwia frontendom uwierzytelniającym takim jak
+mod_auth_basic uwierzytelnianie użytkowników podobnie do serwisów
+anonimowego ftp, tzn. przez udostępnianie "magicznego" identyfikatora
+"anonymous" i adresu pocztowego jako hasła. Te adresy pocztowe mogą
+być logowane.
+
+%package mod_authn_dbd
+Summary: Apache module that allows user authentication using an SQL
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający uwierzytelnianie użytkowników przy użyciu tabel SQL
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_dbd = %{version}-%{release}
+Provides: apache(mod_authn_dbd) = %{version}-%{release}
+
+%description mod_authn_dbd
+This module provides authentication front-ends such as mod_auth_digest
+and mod_auth_basic to authenticate users by looking up users in SQL
+tables.
+
+%description mod_authn_dbd -l pl.UTF-8
+Ten moduł udostępnia frontendom uwierzytelniającym takim jak
+mod_auth_digest i mod_auth_basic uwierzytelnianie użytkowników poprzez
+wyszukiwanie w tabelach SQL.
+
+%package mod_authn_dbm
+Summary: Apache module that allows user authentication using DBM files
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający uwierzytelnianie użytkowników przy użyciu plików DBM
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_dbm.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authn_dbm) = %{version}-%{release}
+
+%description mod_authn_dbm
+This module provides authentication front-ends such as mod_auth_digest
+and mod_auth_basic to authenticate users by looking up users in DBM
+password files.
+
+%description mod_authn_dbm -l pl.UTF-8
+Ten moduł udostępnia frontendom uwierzytelniającym takim jak
+mod_auth_digest i mod_auth_basic uwierzytelnianie użytkowników poprzez
+wyszukiwanie w tabelach haseł DBM.
+
+%package mod_authn_default
+Summary: Apache module that rejects any credentials supplied by the user
+Summary(pl.UTF-8): Moduł Apache'a odrzucający wszystkie dane podane przez użytkownika
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_default.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authn_default) = %{version}-%{release}
+
+%description mod_authn_default
+This module is designed to be the fallback module, if you don't have
+configured an authentication module like mod_auth_basic. It simply
+rejects any credentials supplied by the user.
+
+%description mod_authn_default -l pl.UTF-8
+Ten moduł został pomyślany jako domyślny moduł uwierzytelniający,
+jeśli nie skonfigurowano modułu uwierzytelniającego takiego jak
+mod_auth_basic. Moduł ten po prostu odrzuca wszelkie dane przekazane
+przez użytkownika.
+
+%package mod_authn_file
+Summary: Apache module that allows user authentication using text files
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający uwierzytelnianie użytkowników poprzez pliki tekstowe
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authn_file) = %{version}-%{release}
+
+%description mod_authn_file
+This module provides authentication front-ends such as mod_auth_digest
+and mod_auth_basic to authenticate users by looking up users in plain
+text password files.
+
+%description mod_authn_file -l pl.UTF-8
+Ten moduł udostępnia frontendom uwierzytelniającym takim jak
+mod_auth_digest i mod_auth_basic uwierzytelnianie użytkowników poprzez
+wyszukiwanie w plikach tekstowych z hasłami.
+
+%package mod_authnz_ldap
+Summary: Apache module that allows an LDAP directory to be used to store the database for HTTP Basic authentication
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający przechowywanie danych dla uwierzytelnienia HTTP Basic w bazie LDAP
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_ldap = %{version}-%{release}
+Requires: apr-util-ldap
+Provides: apache(mod_authnz_ldap) = %{version}-%{release}
+# compat
+Provides: apache(mod_auth_ldap) = %{version}-%{release}
+Provides: apache-mod_auth_ldap = %{version}-%{release}
+Obsoletes: apache-mod_auth_ldap < 2.2.0-0.5
+
+%description mod_authnz_ldap
+This module provides authentication front-ends such as mod_auth_basic
+to authenticate users through an LDAP directory.
+
+%description mod_authnz_ldap -l pl.UTF-8
+Ten moduł udostępnia frontendom uwierzytelniającym takim jak
+mod_auth_basic uwierzytelnianie użytkowników poprzez katalog LDAP.
+
+%package mod_authz_dbm
+Summary: Apache module that allows group authorization using DBM files
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający uwierzytelnianie grup z użyciem plików DBM
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authz_dbm.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authz_dbm) = %{version}-%{release}
+
+%description mod_authz_dbm
+This module provides authorization capabilities so that authenticated
+users can be allowed or denied access to portions of the web site by
+group membership stored in DBM file.
+
+%description mod_authz_dbm -l pl.UTF-8
+Ten moduł daje możliwość udostępniania bądź blokowania części serwisu
+WWW dla uwierzytelnionych użytkowników na podstawie ich przynależności
+do grupy zapisywanej w pliku DBM.
+
+%package mod_authz_default
+Summary: Apache module that rejects any authorization request
+Summary(pl.UTF-8): Moduł Apache'a odrzucający wszystkie żądania autoryzacji
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authz_default.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authz_default) = %{version}-%{release}
+
+%description mod_authz_default
+This module is designed to be the fallback module, if you don't have
+configured an authorization module like mod_authz_user or
+mod_authz_groupfile. It simply rejects any authorization request.
+
+%description mod_authz_default -l pl.UTF-8
+Ten moduł został pomyślany jako domyślny moduł autoryzujący jeśli nie
+skonfigurowano modułu autoryzującego takiego jak mod_authz_user czy
+mod_authz_groupfile. Moduł ten po prostu odrzuca wszelkie żądania
+autoryzacji.
+
+%package mod_authz_groupfile
+Summary: Apache module that allows group authorization using plaintext files
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający autoryzację grup przy użyciu plików tekstowych
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authz_groupfile.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authz_groupfile) = %{version}-%{release}
+
+%description mod_authz_groupfile
+This module provides authorization capabilities so that authenticated
+users can be allowed or denied access to portions of the web site by
+group membership stored in plain text file.
+
+%description mod_authz_groupfile -l pl.UTF-8
+Ten moduł daje możliwość udostępniania bądź blokowania części serwisu
+WWW dla uwierzytelnionych użytkowników na podstawie ich przynależności
+do grupy zapisywanej w pliku tekstowym.
+
+%package mod_authz_host
+Summary: Apache module that allows group authorizations based on host (name or IP address)
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający autoryzację grup w oparcu o host (nazwę lub IP)
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authz_host) = %{version}-%{release}
+# for apache < 2.2.0
+Provides: apache(mod_access) = %{version}-%{release}
+Provides: webserver(access)
+
+%description mod_authz_host
+The directives provided by mod_authz_host are used in <Directory>,
+<Files>, and <Location> sections as well as .htaccess files to control
+access to particular parts of the server. Access can be controlled
+based on the client hostname, IP address, or other characteristics of
+the client request, as captured in environment variables.
+
+%description mod_authz_host -l pl.UTF-8
+Dyrektyw udostępnianych przez mod_authz_host można używać w sekcjach
+<Directory>, <Files> i <Location>, a także plikach .htaccess w celu
+sterowania dostępem do poszczególnych części serwera. Dostępem można
+sterować na podstawie nazwy hosta klienta, adresu IP lub innej
+charakterystyki żądania klienta dostępnej w zmiennych środowiskowych.
+
+%package mod_authz_owner
+Summary: Apache module that allows authorization based on file ownership
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający autoryzacje w oparciu o własność plików
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_authz_owner.html
+Requires: %{name}-base = %{version}-%{release}
+#Requires: any-auth-module
+Provides: apache(mod_authz_owner) = %{version}-%{release}
+
+%description mod_authz_owner
+This module authorizes access to files by comparing the userid used
+for HTTP authentication (the web userid) with the file-system owner or
+group of the requested file. The supplied username and password must
+be already properly verified by an authentication module, such as
+mod_auth_basic or mod_auth_digest.
+
+%description mod_authz_owner -l pl.UTF-8
+Ten moduł autoryzuje dostęp do plików poprzez porównanie
+identyfikatora użytkownika użytego przy uwierzytelnianiu HTTP (web
+userid) z właścicielem lub grupą żądanego pliku w systemie plików.
+Podana nazwa użytkownika i hasło muszą być wcześniej zweryfikowane
+przez moduł uwierzytelniania, taki jak mod_auth_basic lub
+mod_auth_digest.
+
+%package mod_authz_user
+Summary: Apache module that allows user authorization
+Summary(pl.UTF-8): Moduł Apache'a umożliwiający autoryzację użytkowników
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_authz_user.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_authz_user) = %{version}-%{release}
+
+%description mod_authz_user
+This module provides authorization capabilities so that authenticated
+users can be allowed or denied access to portions of the web site.
+
+%description mod_authz_user -l pl.UTF-8
+Ten moduł daje możliwość udostępniania bądź blokowania części serwisu
+WWW dla uwierzytelnionych użytkowników.
+
+%package mod_autoindex
+Summary: Apache module - display index of files
+Summary(pl.UTF-8): Moduł apache do wyświetlania indeksu plików
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_autoindex.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_alias = %{version}-%{release}
+Provides: apache(mod_autoindex) = %{version}-%{release}
+
+%description mod_autoindex
+This package contains mod_autoindex module. It provides generation
+index of files.
+
+%description mod_autoindex -l pl.UTF-8
+Ten pakiet dostarcza moduł autoindex, który generuje indeks plików.
+
+%package mod_bucketeer
+Summary: buckets manipulation filter
+Summary(pl.UTF-8): Dzielenie kubełków po znalezieniu znaku sterującego
+Group: Networking/Daemons/HTTP
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_bucketeer) = %{version}-%{release}
+
+%description mod_bucketeer
+Split buckets whenever we find a control-char.
+
+%description mod_bucketeer -l pl.UTF-8
+Dzielenie kubełków po znalezieniu znaku sterującego.
+
+%package mod_cache
+Summary: Content cache keyed to URIs
+Summary(pl.UTF-8): Pamięć podręczna wg klucza URI
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_cache.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_cache) = %{version}-%{release}
+
+%description mod_cache
+mod_cache implements an RFC 2616 compliant HTTP content cache that can
+be used to cache either local or proxied content. Two storage
+management modules are included in the base Apache distribution:
+mod_disk_cache implements a disk based storage manager (generally used
+for proxy caching) and mod_mem_cache implements an in-memory based
+storage manager (primarily useful for caching local content).
+
+%description mod_cache -l pl.UTF-8
+Implementacja zgodnej z RFC 2616 pamięci podręcznej, która może być
+używana do zapamiętywania zawartości lokalnej lub dostępnej przez
+proxy. Dołączono dwa moduły pozwalające magazynować dane w pamięci
+(głównie użyteczne przy cache'owaniu lokalnej zawartości) oraz na
+dysku (używane do cache'owania proxy).
+
+%package mod_case_filter
+Summary: Apache output filter that converts all output to upper case
+Summary(pl.UTF-8): Filtr wyjściowy Apache'a zamieniający wszystkie litery na wielkie
+Group: Networking/Daemons/HTTP
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_case_filter) = %{version}-%{release}
+
+%description mod_case_filter
+Apache output filter that converts all output to upper case.
+
+%description mod_case_filter -l pl.UTF-8
+Filtr wyjściowy Apache'a zamieniający wszystkie litery w wyjściu na
+wielkie.
+
+%package mod_case_filter_in
+Summary: Apache input filter that converts all request body to upper case
+Summary(pl.UTF-8): Filtr wejściowy Apache'a zamieniający wszystkie litery w żądaniu na wielkie
+Group: Networking/Daemons/HTTP
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_case_filter_in) = %{version}-%{release}
+
+%description mod_case_filter_in
+Apache input filter that converts all request body (not headers) to
+upper case.
+
+%description mod_case_filter_in -l pl.UTF-8
+Filtr wejściowy Apache'a zamieniający wszystkie litery w ciele żądania
+(ale nie nagłówkach) na wielkie.
+
+%package mod_cern_meta
+Summary: CERN httpd metafile semantics
+Summary(pl.UTF-8): Obsługa semantyki metaplików CERN httpd
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_cern_meta.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_cern_meta) = %{version}-%{release}
+
+%description mod_cern_meta
+Emulate the CERN HTTPD Meta file semantics. Meta files are HTTP
+headers that can be output in addition to the normal range of headers
+for each file accessed. They appear rather like the Apache .asis
+files, and are able to provide a crude way of influencing the Expires:
+header, as well as providing other curiosities. There are many ways to
+manage meta information, this one was chosen because there is already
+a large number of CERN users who can exploit this module.
+
+%description mod_cern_meta -l pl.UTF-8
+Moduł emulujący semantykę metaplików CERN HTTPD. Metapliki to nagłówki
+HTTP, które mogą być wysyłane oprócz normalnego zestawu nagłówków dla
+każdego przetwarzanego pliku. Zachowują się bardziej jak pliki .asis
+Apache'a i mogą dawać brutalny sposób wpływania na nagłówek Expires:,
+a także dostarczać inne ciekawostki. Jest wiele sposobów zarządzania
+metainformacjami, ta została wybrana ponieważ istnieje już wielu
+użytkowników CERN wykorzystujących ten moduł.
+
+%package mod_cgi
+Summary: Execution of CGI scripts
+Summary(pl.UTF-8): Uruchamianie skryptów CGI
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_cgi.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_alias = %{version}-%{release}
+Suggests: %{name}-suexec = %{version}-%{release}
+Provides: apache(mod_cgi) = %{version}-%{release}
+Provides: webserver(cgi)
+
+%description mod_cgi
+Any file that has the mime type application/x-httpd-cgi or handler
+cgi-script (Apache 1.1 or later) will be treated as a CGI script, and
+run by the server, with its output being returned to the client. Files
+acquire this type either by having a name containing an extension
+defined by the AddType directive, or by being in a ScriptAlias
+directory.
+
+When using a multi-threaded MPM under unix, the module mod_cgid should
+be used in place of this module. At the user level, the two modules
+are essentially identical.
+
+%description mod_cgi -l pl.UTF-8
+Ten moduł powoduje, że dowolny plik o typie MIME
+application/x-httpd-cgi albo procedurze obsługi cgi-script (w Apache'u
+1.1 lub nowszym) będzie traktowany jako skrypt CGI i uruchamiany przez
+serwer, a jego wyjście będzie zwracane klientowi. Pliki uzyskują ten
+typ przez posiadanie nazwy zawierającej rozszerzenie określone
+dyrektywą AddType lub będąc w katalogu ScriptAlias.
+
+Przy używaniu wielowątkowych MPM pod uniksem zamiast tego modułu
+należy używać modułu mod_cgid. Z poziomu użytkownika oba te moduły
+zachowują się identycznie.
+
+%package mod_cgid
+Summary: Execution of CGI scripts using an external CGI daemon
+Summary(pl.UTF-8): Uruchamianie zewnętrznych skryptów CGI za pomocą daemona CGI
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_cgid.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_alias = %{version}-%{release}
+Provides: apache(mod_cgid) = %{version}-%{release}
+Provides: webserver(cgi)
+
+%description mod_cgid
+Execution of CGI scripts using an external CGI daemon.
+
+Except for the optimizations and the additional ScriptSock directive,
+mod_cgid behaves similarly to mod_cgi.
+
+This module should be used instead of mod_cgi whenever a
+multi-threaded MPM is selected.
+
+%description mod_cgid -l pl.UTF-8
+Uruchamianie skryptów CGI za pomocą zewnętrznego demona CGI.
+
+Z wyjątkiem optymalizacji i dodatkowej dyrektywy ScriptSock, mod_cgid
+zachowuje się podobnie do mod_cgi.
+
+Tego modułu należy używać zamiast mod_cgi zawsze, jeśli wybrano
+wielowątkowy MPM.
+
+%package mod_charset_lite
+Summary: Specify character set translation or recoding
+Summary(pl.UTF-8): Translacja lub przekodowywanie znaków
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_charset_lite.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_charset_lite) = %{version}-%{release}
+
+%description mod_charset_lite
+Specify character set translation or recoding.
+
+This module provides a small subset of configuration mechanisms
+implemented by Russian Apache and its associated mod_charset.
+
+This is an experimental module and should be used with care.
+
+%description mod_charset_lite -l pl.UTF-8
+Translacja lub przekodowywanie znaków.
+
+Ten moduł udostępnia niewielki podzbiór mechanizmów konfiguracyjnych
+zaimplementowanych przez Russian Apache i powiązany z nim mod_charset.
+
+Jest to moduł eksperymentalny i należy używać go z uwagą.
+
+%package mod_dav
+Summary: Apache module - Distributed Authoring and Versioning
+Summary(pl.UTF-8): Moduł Apache'a - rozproszone autorstwo i wersjonowanie
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_dav.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: apache-mod_authn_file
+Requires: apache-mod_setenvif
+Requires: apr-util-dbm-db
+Provides: apache(mod_dav) = %{version}-%{release}
+
+%description mod_dav
+This module provides class 1 and class 2 WebDAV ('Web-based
+Distributed Authoring and Versioning') functionality for Apache. This
+extension to the HTTP protocol allows creating, moving, copying, and
+deleting resources and collections on a remote web server.
+
+%description mod_dav -l pl.UTF-8
+Moduł udostępnia klasę 1 oraz klasę 2 WebDAV (Bazującego na WWW
+rozproszonego autorstwa i wersjonowania). To rozszerzenie HTTP pozwala
+na tworzenie, przesuwanie, kopiowanie oraz kasowanie zasobów na
+zdalnym serwerze WWW.
+
+%package mod_dbd
+Summary: Manages SQL database connections
+Summary(pl.UTF-8): Zarządzanie połączeniami z bazą danych SQL
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/en/mod/mod_dbd.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_dbd) = %{version}-%{release}
+
+%description mod_dbd
+mod_dbd manages SQL database connections using apr_dbd. It provides
+database connections on request to modules requiring SQL database
+functions, and takes care of managing databases with optimal
+efficiency and scalability for both threaded and non-threaded MPMs.
+
+%description mod_dbd -l pl.UTF-8
+mod_dbd zarządza połączeniami z bazą danych SQL przy użyciu apr_dbd.
+Udostępnia połączenia z bazą danych na żądanie modułów wymagających
+funkcji bazy danych SQL, a następnie dba o zarządzanie bazami danych z
+optymalną wydajnością i skalowalnością zarówno dla wątkowych jak i
+niewątkowych MPM.
+
+%package mod_deflate
+Summary: Apache module: Compress content before it is delivered to the client
+Summary(pl.UTF-8): Moduł Apache'a kompresujący dane przed przesłaniem ich do klienta
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_deflate.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_headers = %{version}-%{release}
+Provides: apache(mod_deflate) = %{version}-%{release}
+
+%description mod_deflate
+Compress content before it is delivered to the client.
+
+%description mod_deflate -l pl.UTF-8
+Moduł kompresujący dane przed przesłaniem ich do klienta.
+
+%package mod_dir
+Summary: Apache module for "trailing slash" redirects and serving directory index files
+Summary(pl.UTF-8): Moduł Apache'a oferujący przekierowania i udostępnianie informacji o zawartości katalogu
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_dir.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_dir) = %{version}-%{release}
+Provides: webserver(indexfile)
+
+%description mod_dir
+This package contains mod_dir which provides "trailing slash"
+redirects and serving directory index files.
+
+%description mod_dir -l pl.UTF-8
+Moduł oferujący przekierowania i udostępnianie informacji o zawartości
+katalogu.
+
+%package mod_dumpio
+Summary: Dumps all I/O to error log as desired
+Summary(pl.UTF-8): Zrzucanie całości wejścia/wyjścia do logu błędów
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_dumpio.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_dumpio) = %{version}-%{release}
+
+%description mod_dumpio
+mod_dumpio allows for the logging of all input received by Apache
+and/or all output sent by Apache to be logged (dumped) to the
+error.log file.
+
+The data logging is done right after SSL decoding (for input) and
+right before SSL encoding (for output). As can be expected, this can
+produce extreme volumes of data, and should only be used when
+debugging problems.
+
+%description mod_dumpio -l pl.UTF-8
+mod_dumpio umożliwia logowanie całego wejścia otrzymanego przez
+Apache'a i/lub całęgo wyjścia wysyłanego przez Apache'a do pliku
+error.log.
+
+Logowanie danych następuja zaraz po zdekodowaniu SSL (dla wejścia) i
+zaraz przed kodowaniem SSL (dla wyjścia). Jak można się spodziewać, ta
+opcja może tworzyć ogromne ilości danych i powinna być używana tylko
+przy diagnostyce problemów.
+
+%package mod_echo
+Summary: A simple echo server to illustrate protocol modules
+Summary(pl.UTF-8): Prosty serwer ocho ilustrujący moduły protokołów
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_echo.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_echo) = %{version}-%{release}
+
+%description mod_echo
+This module provides an example protocol module to illustrate the
+concept. It provides a simple echo server. Telnet to it and type
+stuff, and it will echo it.
+
+%description mod_echo -l pl.UTF-8
+Ten moduł udostępnia przykładowy moduł protokołu ilustrujący ideę.
+Udostępnia prosty serwer echo. Można się na niego zatelnetować i
+napisać cokolwiek, a on odpowie tym samym.
+
+%package mod_env
+Summary: Modifies the environment which is passed to CGI scripts and SSI pages
+Summary(pl.UTF-8): Modyfikowanie środowiska przekazywanego skryptom CGI i stronom SSI
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_env.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_env) = %{version}-%{release}
+Provides: webserver(setenv)
+
+%description mod_env
+This module allows for control of the environment that will be
+provided to CGI scripts and SSI pages. Environment variables may be
+passed from the shell which invoked the httpd process. Alternatively,
+environment variables may be set or unset within the configuration
+process.
+
+%description mod_env -l pl.UTF-8
+Ten moduł pozwala na kontrolę środowiska udostępnianego skryptom CGI i
+stronom SSI. Zmienne środowiskowe mogą być przekazywane z powłoki w
+czasie uruchamiania procesu httpd, albo - alternatywnie - ustawiane i
+usuwane w procesie konfiguracji.
+
+%package mod_expires
+Summary: Apache module which generates Expires HTTP headers
+Summary(pl.UTF-8): Moduł Apache'a generujący nagłówki HTTP Expires
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_expires.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_expires) = %{version}-%{release}
+Provides: webserver(expires)
+
+%description mod_expires
+This module controls the setting of the Expires HTTP header in server
+responses. The expiration date can set to be relative to either the
+time the source file was last modified, or to the time of the client
+access.
+
+%description mod_expires -l pl.UTF-8
+Moduł kontroluje ustawianie nagłówka HTTP Expires. Data wygaśnięcia
+ważności może być ustalana w zależności od czasu modyfikacji plików
+źródłowych lub odwołania klienta.
+
+%package mod_ext_filter
+Summary: Pass the response body through an external program before delivery to the client
+Summary(pl.UTF-8): Przekazywanie ciała odpowiedzi do zewnętrznego programu przed przekazaniem klientowi
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_ext_filter.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_ext_filter) = %{version}-%{release}
+
+%description mod_ext_filter
+mod_ext_filter presents a simple and familiar programming model for
+filters. With this module, a program which reads from stdin and writes
+to stdout (i.e., a Unix-style filter command) can be a filter for
+Apache.
+
+This filtering mechanism is much slower than using a filter which is
+specially written for the Apache API and runs inside of the Apache
+server process, but it does have the following benefits:
+- the programming model is much simpler
+- any programming/scripting language can be used, provided that it
+ allows the program to read from standard input and write to standard
+ output
+- existing programs can be used unmodified as Apache filters
+
+Even when the performance characteristics are not suitable for
+production use, mod_ext_filter can be used as a prototype environment
+for filters.
+
+%description mod_ext_filter -l pl.UTF-8
+mod_ext_filter przedstawia prosty i przyjazny model programowania dla
+filtrów. Przy użyciu tego modułu program czytający ze standardowego
+wejścia i piszący na standardowe wyjście (czyli uniksowe polecenie
+filtrujące) może być filtrem dla Apache'a.
+
+Ten mechanizm filtrujący jest znacznie wolniejszy niż użycie filtru
+napisanego specjalnie dla API Apache'a i działającego wewnątrz procesu
+Apache'a, ale ma następujące zalety:
+- znacznie prostszy model programowania
+- możliwość użycia dowolnego języka programowania/skryptowego, jeśli
+ tylko umożliwia czytanie ze standardowego wejścia i pisanie na
+ standardowe wyjście
+- możliwość użycia istniejących programów bez modyfikacji jako filtrów
+ Apache'a.
+
+Nawet kiedy charakterystyka wydajności nie jest odpowiednia dla użytku
+produkcyjnego, mod_ext_filter można używać w środowisku prototypowym
+dla filtrów.
+
+%package mod_file_cache
+Summary: Apache module: caches a static list of files in memory
+Summary(pl.UTF-8): Moduł Apache'a cache'ujący statyczną listę plików w pamięci
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_file_cache.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_file_cache) = %{version}-%{release}
+Obsoletes: apache-mmap_static
+
+%description mod_file_cache
+Caches a static list of files in memory.
+
+This module is an extension of and borrows heavily from the
+mod_mmap_static module in Apache 1.3.
+
+%description mod_file_cache -l pl.UTF-8
+Moduł cache'ujący statyczną listę plików w pamięci.
+
+%package mod_filter
+Summary: Context-sensitive smart filter configuration module
+Summary(pl.UTF-8): Moduł inteligentnej, zależnej od kontekstu konfiguracji filtrów
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_filter.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_filter) = %{version}-%{release}
+
+%description mod_filter
+This module enables smart, context-sensitive configuration of output
+content filters. For example, apache can be configured to process
+different content-types through different filters, even when the
+content-type is not known in advance (e.g. in a proxy).
+
+%description mod_filter -l pl.UTF-8
+Ten moduł umożliwia inteligentne, zależne od kontekstu konfigurowanie
+wyjściowych filtrów treści. Na przykład, Apache'a można skonfigurować
+do przetwarzania różnych content-type poprzez różne filtry, nawet
+jeśli content-type nie jest znany z góry (np. w wypadku proxy).
+
+%package mod_headers
+Summary: Apache module allows for the customization of HTTP response headers
+Summary(pl.UTF-8): Moduł Apache'a pozwalający na modyfikację nagłówków HTTP
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_headers.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_headers) = %{version}-%{release}
+
+%description mod_headers
+This package contains mod_headers module. The module allows for the
+customization of HTTP response headers. Headers can be merged,
+replaced or removed.
+
+%description mod_headers -l pl.UTF-8
+Moduł pozwalający na łączenie, usuwanie oraz zamianę nagłówków HTTP
+wysyłanych do przeglądarki.
+
+%package mod_ident
+Summary: RFC 1413 ident lookups
+Summary(pl.UTF-8): Sprawdzanie identyfikacji RFC 1413
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_ident.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_ident) = %{version}-%{release}
+
+%description mod_ident
+This module queries an RFC 1413 compatible daemon on a remote host to
+look up the owner of a connection.
+
+%description mod_ident -l pl.UTF-8
+Ten moduł odpytuje demona zgodnego z RFC 1413 na zdalnym hoście w celu
+sprawdzenia właściciela połączenia.
+
+%package mod_imagemap
+Summary: Server-side imagemap processing
+Summary(pl.UTF-8): Przetwarzanie map obrazów po stronie serwera
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_imagemap.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_imagemap) = %{version}-%{release}
+Provides: apache-mod_imap
+Obsoletes: apache-mod_imap
+
+%description mod_imagemap
+This module processes .map files, thereby replacing the functionality
+of the imagemap CGI program. Any directory or document type configured
+to use the handler imap-file (using either AddHandler or SetHandler)
+will be processed by this module.
+
+%description mod_imagemap -l pl.UTF-8
+Ten moduł przetwarza pliki .map zastępując funkcjonalność programu CGI
+imagemap. Dowolny katalog lub rodzaj dokumentu skonfigurowany do
+używania procedury obsługi imap-file (poprzez AddHandler lub
+SetHandler) będzie przetwarzany przez ten moduł.
+
+%package mod_include
+Summary: Server-parsed html documents (Server Side Includes)
+Summary(pl.UTF-8): Dokumenty przetwarzane przez serwer (Server Side Includes)
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_include.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_include) = %{version}-%{release}
+
+%description mod_include
+This module provides a filter which will process files before they are
+sent to the client. The processing is controlled by specially
+formatted SGML comments, referred to as elements. These elements allow
+conditional text, the inclusion of other files or programs, as well as
+the setting and printing of environment variables.
+
+%description mod_include -l pl.UTF-8
+Ten moduł dostarcza procedurę obsługi przetwarzającą pliki przed
+wysłaniem ich do klienta. Przetwarzanie jest sterowane specjalnie
+sformatowanymi komentarzami SGML, nazywanymi elementami. Elementy te
+pozwalają na tekst warunkowy, dołączanie innych plików lub programów,
+a także ustawianie i wypisywanie zmiennych środowiskowych.
+
+%package mod_info
+Summary: Apache module with comprehensive overview of the server configuration
+Summary(pl.UTF-8): Moduł Apache'a udostępniający informacje o serwerze
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_info.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_authz_host = %{version}-%{release}
+Provides: apache(mod_info) = %{version}-%{release}
+
+%description mod_info
+This package contains mod_info module. It provides a comprehensive
+overview of the server configuration including all installed modules
+and directives in the configuration files.
+
+%description mod_info -l pl.UTF-8
+Moduł udostępniający informacje o konfiguracji serwera,
+zainstalowanych modułach itp.
+
+%package mod_ldap
+Summary: Apache module for LDAP connection pooling and result caching services for other LDAP modules
+Summary(pl.UTF-8): Moduł Apache'a zarządzający połączeniami z serwerami LDAP
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_ldap.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_ldap) = %{version}-%{release}
+
+%description mod_ldap
+This module was created to improve the performance of websites relying
+on backend connections to LDAP servers. In addition to the functions
+provided by the standard LDAP libraries, this module adds an LDAP
+connection pool and an LDAP shared memory cache.
+
+%description mod_ldap -l pl.UTF-8
+Moduł Apache'a poprawiający wydajność serwisów polegających na
+połączeniach z serwerami LDAP. Oprócz funkcjo udostępnianych przez
+standardowe biblioteki LDAP ten moduł dodaje zarządzanie pulą połączeń
+i współdzieloną pamięć podręczną zapytań.
+
+%package mod_log_config
+Summary: Logging of the requests made to the server
+Summary(pl.UTF-8): Logowanie żądań zgłaszanych do serwera
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_log_config.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_log_config) = %{version}-%{release}
+Provides: webserver(log)
+
+%description mod_log_config
+This module provides for flexible logging of client requests. Logs are
+written in a customizable format, and may be written directly to a
+file, or to an external program. Conditional logging is provided so
+that individual requests may be included or excluded from the logs
+based on characteristics of the request.
+
+%description mod_log_config -l pl.UTF-8
+Ten moduł umożliwia elastyczne logowanie żądań klientów. Logi są
+zapisywane w konfigurowalnym formacie i mogą być zapisywane
+bezpośrednio do pliku lub przekazywane do zewnętrznego programu.
+Dostępne jest logowanie warunkowe polegające na włączeniu lub
+wyłączeniu poszczególnych żądań z logowania na podstawie
+charakterystyki żądania.
+
+%package mod_log_forensic
+Summary: Forensic Logging of the requests made to the server
+Summary(pl.UTF-8): Logowanie żadań zgłaszanych do serwera w celu późniejszej analizy
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_log_forensic.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_log_forensic) = %{version}-%{release}
+
+%description mod_log_forensic
+This module provides for forensic logging of client requests. Logging
+is done before and after processing a request, so the forensic log
+contains two log lines for each request.
+
+%description mod_log_forensic -l pl.UTF-8
+Ten moduł pozwala na logowanie żądań w celu późniejszej analizy.
+Logowanie jest wykonywane przed i po przetworzeniu żądania, więc log
+zawiera dwie linie dla każdego żądania.
+
+%package mod_logio
+Summary: Logging of input and output bytes per request
+Summary(pl.UTF-8): Logowanie liczby bajtów wejścia i wyjścia dla zapytań
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_logio.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_log_config = %{version}-%{release}
+Provides: apache(mod_logio) = %{version}-%{release}
+
+%description mod_logio
+This module provides the logging of input and output number of bytes
+received/sent per request. The numbers reflect the actual bytes as
+received on the network, which then takes into account the headers and
+bodies of requests and responses. The counting is done before SSL/TLS
+on input and after SSL/TLS on output, so the numbers will correctly
+reflect any changes made by encryption.
+
+%description mod_logio -l pl.UTF-8
+Ten moduł zapewnia logowanie liczby bajtów wejścia i wyjścia
+odbieranych/wysyłanych przy każdym zapytaniu. Liczby odzwierciedlają
+rzeczywiste bajty przesyłane przez sieć, z wliczonymi nagłówkami i
+ciałami żądań i odpowiedzi. Zliczanie jest wykonywane przed SSL/TLS na
+wejściu i po SSL/TLS na wyjściu, więc liczby będą właściwie
+odzwierciedlały wszystkie zmiany dokonywane przez szyfrowanie.
+
+%package mod_mime
+Summary: Associates the requested filename's extensions with the file's behavior and content
+Summary(pl.UTF-8): Wiązanie określonych rozszerzeń plików z zachowaniem i zawartością
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_mime.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: mailcap
+Provides: apache(mod_mime) = %{version}-%{release}
+Provides: webserver(mime)
+
+%description mod_mime
+This module is used to associate various bits of "meta information"
+with files by their filename extensions. This information relates the
+filename of the document to it's mime-type, language, character set
+and encoding. This information is sent to the browser, and
+participates in content negotiation, so the user's preferences are
+respected when choosing one of several possible files to serve. See
+mod_negotiation for more information about content negotiation.
+
+%description mod_mime -l pl.UTF-8
+Ten moduł służy do wiązania określonych części "metainformacji" z
+plikami w zależności od rozszerzeń nazw plików. Informacje te łączą
+nazwy plików dokumentów z ich typem MIME, językiem, zestawem znaków i
+kodowaniem. Informacje te są wysyłane przeglądarce i mają wpływ na
+negocjację treści, tak że preferencje użytkownika są respektowane przy
+wybieraniu jednego z kilku dostępnych do zaserwowania. Więcej
+informacji o negocjacji treści jest w dokumentacji do mod_negotiation.
+
+%package mod_mime_magic
+Summary: Determines the MIME type of a file by looking at a few bytes of its contents
+Summary(pl.UTF-8): Określanie typu MIME pliku poprzez sprawdzanie kilku bajtów jego zawartości
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_mime_magic.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: file
+Provides: apache(mod_mime_magic) = %{version}-%{release}
+
+%description mod_mime_magic
+This module determines the MIME type of files in the same way the Unix
+file(1) command works: it looks at the first few bytes of the file. It
+is intended as a "second line of defense" for cases that mod_mime
+can't resolve.
+
+%description mod_mime_magic -l pl.UTF-8
+Ten moduł określa typ MIME plików w ten sam sposób, co uniksowe
+polecenie file(1): patrzy na kilka początkowych bajtów pliku. Ma
+służyć jako "druga linia obrony" dla przypadków, których nie może
+rozwiązać mod_mime.
+
+%package mod_negotiation
+Summary: Provides for content negotiation
+Summary(pl.UTF-8): Moduł do negocjacji treści
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_negotiation.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_mime = %{version}-%{release}
+Provides: apache(mod_negotiation) = %{version}-%{release}
+
+%description mod_negotiation
+Content negotiation, or more accurately content selection, is the
+selection of the document that best matches the clients capabilities,
+from one of several available documents.
+
+%description mod_negotiation -l pl.UTF-8
+Negocjacja treści, lub bardziej precyzyjnie - wybór treści, to wybór
+dokumentu najbardziej odpowiadającego możliwościom klientów spośród
+kilku możliwych dokumentów.
+
+%package mod_proxy
+Summary: Apache module with Web proxy
+Summary(pl.UTF-8): Moduł Apache'a dodający obsługę serwera proxy
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_authz_host = %{version}-%{release}
+Provides: apache(mod_proxy) = %{version}-%{release}
+
+%description mod_proxy
+This package contains module with implementation a proxy/cache for
+Apache. It implements proxying capability for FTP, CONNECT (for SSL),
+HTTP/0.9, HTTP/1.0 and HTTP/1.1. The module can be configured to
+connect to other proxy modules for these and other protocols.
+
+%description mod_proxy -l pl.UTF-8
+Moduł zawiera implementację serwera proxy/cache dla Apache.
+Implementacja zawiera obsługę FTP, CONNECT (dla SSL), HTTP/0.9,
+HTTP/1.0 i HTTP/1.1.
+
+%package mod_reqtimeout
+Summary: Apache module to set timeout and minimum data rate for receiving requests
+Summary(pl.UTF-8): Moduł Apache'a pozwalający na ustawianie limitu czasu oraz minimalnego transferu danych
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_reqtimeout.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_reqtimeout) = %{version}-%{release}
+Provides: webserver(reqtimeout)
+
+%description mod_reqtimeout
+Apache module to set timeout and minimum data rate for receiving
+requests.
+
+%description mod_reqtimeout -l pl.UTF-8
+Moduł Apache'a pozwalający na ustawianie limitu czasu oraz minimalnego
+transferu danych.
+
+%package mod_rewrite
+Summary: Apache module with rule-based engine for rewrite requested URLs on the fly
+Summary(pl.UTF-8): Moduł Apache'a do "przepisywania" adresów URL w locie
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_rewrite) = %{version}-%{release}
+Provides: webserver(rewrite)
+
+%description mod_rewrite
+This package contains It provides a rule-based rewriting engine to
+rewrite requested URLs on the fly.
+
+%description mod_rewrite -l pl.UTF-8
+Moduł oferujący możliwość "przepisywania" adresów URL w locie.
+
+%package mod_setenvif
+Summary: Allows the setting of environment variables based on characteristics of the request
+Summary(pl.UTF-8): Ustawianie zmiennych środowiskowych w oparciu o charakterystykę żądania
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_setenvif) = %{version}-%{release}
+
+%description mod_setenvif
+The mod_setenvif module allows you to set environment variables
+according to whether different aspects of the request match regular
+expressions you specify. These environment variables can be used by
+other parts of the server to make decisions about actions to be taken.
+
+%description mod_setenvif -l pl.UTF-8
+Moduł mod_setenvif pozwala na ustawianie zmiennych środowiskowych w
+zależności od różnych aspektów żądania pasujących do podanych wyrażeń
+regularnych. Te zmienne środowiskowe mogą być używane przez inne
+części serwera do podejmowania decyzji o podejmowanych akcjach.
+
+%package mod_speling
+Summary: Attempts to correct mistaken URLs by ignoring capitalization and by allowing up to one misspelling
+Summary(pl.UTF-8): Próba poprawiania błędnych URL-i poprzez ignorowanie wielkości liter i zezwalanie na jedną literówkę
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_speling.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_speling) = %{version}-%{release}
+
+%description mod_speling
+Requests to documents sometimes cannot be served by the core apache
+server because the request was misspelled or miscapitalized. This
+module addresses this problem by trying to find a matching document,
+even after all other modules gave up. It does its work by comparing
+each document name in the requested directory against the requested
+document name without regard to case, and allowing up to one
+misspelling (character insertion / omission / transposition or wrong
+character). A list is built with all document names which were matched
+using this strategy.
+
+%description mod_speling -l pl.UTF-8
+Czasami żądania dokumentów nie mogą być wykonane przez sam serwer
+Apache, ponieważ żądanie zostało napisane z błędem w znakach lub
+wielkości liter. Ten moduł próbuje rozwiązać ten problem próbując
+znaleźć pasujący dokument, nawet jeśli inne moduły się poddały. Działa
+on poprzez porównywanie nazwy każdego dokumentu w żądanym katalogu z
+żądaną nazwą dokumentu bez zwracania uwagi na wielkość liter i
+pozwalając na jeden błąd (dodany, pominięty, przestawiony lub zły
+znak). Tworzona jest lista dla wszystkich nazw dokumentów pasujących
+dla tej strategii.
+
+%package mod_ssl
+Summary: SSL/TLS module for the Apache HTTP server
+Summary(pl.UTF-8): Moduł SSL/TSL dla serwera Apache
+Summary(ru.UTF-8): Модуль SSL/TLS для веб-сервера Apache
+Epoch: 1
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: openssl >= %{openssl_ver}
+%if "%{pld_release}" != "ac"
+Requires: apr-util-dbm-db
+%endif
+Provides: apache(mod_ssl) = 1:%{version}-%{release}
+
+%description mod_ssl
+The mod_ssl module provides strong cryptography for the Apache Web
+server via the Secure Sockets Layer (SSL) and Transport Layer Security
+(TLS) protocols.
+
+%description mod_ssl -l pl.UTF-8
+Moduł mod_ssl udostępnia wsparcie do silnej kryptografii dla serwera
+Apache poprzez protokoły SSL/TSL (Secure Sockets Layer/Transport Layer
+Security).
+
+%description mod_ssl -l ru.UTF-8
+Модуль mod_ssl обеспечивает поддержку в веб-сервере Apache надежного
+шифрования средствами Secure Sockets Layer (SSL) и Transport Layer
+
+%package mod_status
+Summary: Server status report module for Apache
+Summary(pl.UTF-8): Moduł udostępniający informacje statystyczne z serwera Apache
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_status.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_authz_host = %{version}-%{release}
+Provides: apache(mod_status) = %{version}-%{release}
+
+%description mod_status
+The Status module allows a server administrator to find out how well
+their server is performing. A HTML page is presented that gives the
+current server statistics in an easily readable form. If required this
+page can be made to automatically refresh (given a compatible
+browser).
+
+%description mod_status -l pl.UTF-8
+Moduł pozwala administratorowi na przeglądanie statystyk dotyczących
+pracy serwera Apache (w postaci strony HTML).
+
+%package mod_substitute
+Summary: Substitute module for Apache
+Summary(pl.UTF-8): Moduł pozwalający na znajdywanie i zastępowanie wyjścia dla serwera Apache
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_substitute.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_substitute) = %{version}-%{release}
+
+%description mod_substitute
+The Substitute module provides a mechanism to perform both regular
+expression and fixed string substitutions on response bodies.
+
+%description mod_substitute -l pl.UTF-8
+Moduł pozwala na zastępowanie ciągów znaków w wyjściu również na
+podstawie wyrażenia regularnego.
+
+%package mod_unique_id
+Summary: Apache module which provides a magic token for each request
+Summary(pl.UTF-8): Moduł Apache'a nadający każdemu zapytaniu unikalny token
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_unique_id.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_unique_id) = %{version}-%{release}
+
+%description mod_unique_id
+This package contains the mod_unique_id. This module provides a magic
+token for each request which is guaranteed to be unique across "all"
+requests under very specific conditions. The unique identifier is even
+unique across multiple machines in a properly configured cluster of
+machines. The environment variable UNIQUE_ID is set to the identifier
+for each request. Unique identifiers are useful for various reasons
+which are beyond the scope of this document.
+
+%description mod_unique_id -l pl.UTF-8
+Moduł nadaje każdemu zapytaniu token unikalny w ramach wszystkich
+zapytań, nawet w ramach poprawnie skonfigurowanego klastra z wielu
+maszyn. Moduł ustawia przy każdym zapytaniu zmienną środowiskową
+UNIQUE_ID.
+
+%package mod_userdir
+Summary: User-specific directories
+Summary(pl.UTF-8): Katalogi specyficzne dla użytkowników
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_userdir.html
+Requires: %{name}-base = %{version}-%{release}
+Requires: %{name}-mod_authz_host = %{version}-%{release}
+Provides: apache(mod_userdir) = %{version}-%{release}
+
+%description mod_userdir
+This module allows user-specific directories to be accessed using the
+http://example.com/~user/ syntax.
+
+%description mod_userdir -l pl.UTF-8
+Ten moduł pozwala na dostęp do katalogów specyficznych dla
+użytkowników przy użyciu składni http://example.com/~user/ .
+
+%package mod_usertrack
+Summary: Apache module for user tracking using cookies
+Summary(pl.UTF-8): Moduł Apache'a służący do śledzenia "ciasteczek"
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_usertrack.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_usertrack) = %{version}-%{release}
+
+%description mod_usertrack
+This package contains the user tracking module which did its own
+logging using CookieLog directory. This module allow multiple log
+files.
+
+%description mod_usertrack -l pl.UTF-8
+Ten pakiet zawiera moduł śledzący użytkowników zapisujący własny log
+przy użyciu katalogu CookieLog. Pozwala na użycie wielu plików logów.
+
+%package mod_version
+Summary: Version dependent configuration
+Summary(pl.UTF-8): Konfiguracja zależna od wersji
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_version.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_version) = %{version}-%{release}
+
+%description mod_version
+This module is designed for the use in test suites and large networks
+which have to deal with different httpd versions and different
+configurations. It provides a new container -- <IfVersion>, which
+allows a flexible version checking including numeric comparisons and
+regular expressions.
+
+%description mod_version -l pl.UTF-8
+Ten moduł jest przeznaczony do używania w zestawach testów i dużych
+sieciach, gdzie trzeba inaczej obsługiwać różne wersje httpd i różne
+konfiguracje. Udostępnia nowy kontener: <IfVersion>, umożliwiający
+elastyczne sprawdzanie wersji włącznie z porównaniami liczbowymi i
+wyrażeniami regularnymi.
+
+%package mod_vhost_alias
+Summary: Apache module for dynamically configured mass virtual hosting
+Summary(pl.UTF-8): Moduł Apache'a dodający obsługę hostów wirtualnych
+Group: Networking/Daemons/HTTP
+URL: http://httpd.apache.org/docs/2.2/mod/mod_vhost_alias.html
+Requires: %{name}-base = %{version}-%{release}
+Provides: apache(mod_vhost_alias) = %{version}-%{release}
+
+%description mod_vhost_alias
+This package contains the mod_vhost_alias. It provides support for
+dynamically configured mass virtual hosting.
+
+%description mod_vhost_alias -l pl.UTF-8
+Moduł umożliwia na dynamiczne konfigurowanie masowej ilości serwerów
+wirtualnych.
+
+%package -n htpasswd-%{name}
+Summary: Apache 2 htpasswd utility: manage user files for basic authentication
+Summary(pl.UTF-8): Narzędzie htpasswd z Apache'a 2 do zarządzania plikami uwierzytelnienia basic
+Group: Networking/Utilities
+Provides: htpasswd
+Obsoletes: htpasswd
+
+%description -n htpasswd-%{name}
+htpasswd is used to create and update the flat-files used to store
+usernames and password for basic authentication of HTTP users. This
+package contains htpasswd from Apache 2; this version supports
+plaintext passwords and CRYPT (default), MD5 and SHA1 encryptions.
+
+%description -n htpasswd-%{name} -l pl.UTF-8
+htpasswd służy do tworzenia i uaktualniania plików tekstowych
+służących do przechowywania nazw użytkowników i haseł do podstawowego
+uwierzytelnienia użytkowników HTTP. Ten pakiet zawiera htpasswd z
+Apache'a 2; ta wersja obsługuje hasła zapisane czystym tekstem oraz
+zakodowane algorytmami CRYPT (domyślnym), MD5 i SHA1.
+
+%package dbmtools
+Summary: Apache 2 tools for manipulating DBM files
+Summary(pl.UTF-8): Narzędzia Apache'a 2 do obróbki plików DBM
+Group: Networking/Utilities
+Requires: %{name}-base = %{version}-%{release}
+
+%description dbmtools
+Apache 2 tools for manipulating DBM files.
+
+%description dbmtools -l pl.UTF-8
+Narzędzia Apache'a 2 do obróbki plików DBM.
+
+%package cgi_test
+Summary: cgi test/demo programs
+Summary(pl.UTF-8): Programy testowe/przykładowe cgi
+Group: Networking/Utilities
+Requires: %{name}-base = %{version}-%{release}
+Requires: filesystem >= 2.0-1
+
+%description cgi_test
+Two cgi test/demo programs: test-cgi and print-env.
+
+%description cgi_test -l pl.UTF-8
+Dwa programy testowe/przykładowe cgi: test-cgi and print-env.
+
+%prep
+%setup -q -n httpd-%{version}
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch12 -p1
+%patch14 -p1
+%patch15 -p1
+%patch18 -p1
+%patch19 -p1
+%patch20 -p1
+%patch23 -p1
+%patch24 -p1
+%patch25 -p1
+%patch26 -p1
+%patch28 -p1
+%patch29 -p1
+
+# using system apr, apr-util and pcre
+%{__rm} -r srclib/{apr,apr-util,pcre}
+
+# sanity check
+MODULES_API=`awk '/#define MODULE_MAGIC_NUMBER_MAJOR/ {print $3}' include/ap_mmn.h`
+if [ "$MODULES_API" != "%_apache_modules_api" ]; then
+ echo "Set %%_apache_modules_api to $MODULES_API and rerun."
+ exit 1
+fi
+
+# fix libdir (at least in PLD layout; no need to care about other ones)
+sed -i -e 's,/lib$,/%{_lib},' config.layout
+
+%build
+cp /usr/share/apr/build/apr_common.m4 build
+%{__libtoolize}
+%{__aclocal} -I build
+cp /usr/share/automake/config.* build
+%{__autoheader}
+%{__autoconf}
+
+# from ./buildconf
+: fixing timestamps for mod_ssl sources
+cd modules/ssl
+touch ssl_expr_parse.y
+sleep 1
+touch ssl_expr_parse.c ssl_expr_parse.h ssl_expr_scan.l
+sleep 1
+touch ssl_expr_scan.c
+cd ../..
+
+CPPFLAGS="-DMAX_SERVER_LIMIT=200000 -DBIG_SECURITY_HOLE=1"
+for mpm in prefork worker %{?with_event:event} %{?with_itk:itk}; do
+install -d "buildmpm-${mpm}"; cd "buildmpm-${mpm}"
+../%configure \
+ --enable-layout=PLD \
+ --disable-v4-mapped \
+ $( [ "${mpm}" = "prefork" -o "${mpm}" = "worker" -o "${mpm}" = "event" -o "${mpm}" = "itk" ] && echo "--enable-exception-hook" ) \
+ --enable-modules=all \
+ --enable-mods-shared=all \
+ --enable-auth-anon \
+ --enable-auth-dbm \
+ --enable-authn-dbd \
+ --enable-authn-alias \
+ --enable-authz-dbm \
+ --enable-authz-owner \
+ %{?with_ldap:--enable-authnz-ldap} \
+ --enable-auth-digest \
+ --enable-file-cache \
+ --enable-cache \
+ --enable-disk-cache \
+ --enable-mem-cache \
+ --enable-dbd \
+ %{?with_bucketeer:--enable-bucketeer} \
+ --enable-dumpio \
+ --enable-echo \
+ --enable-charset-lite \
+ --enable-deflate \
+ %{?with_ldap:--enable-ldap} \
+ --enable-ext-filter \
+ --enable-case-filter \
+ --enable-case-filter-in \
+ --enable-log-forensic \
+ --enable-logio \
+ --with-z=%{_prefix} \
+ --enable-mime-magic \
+ --enable-cern-meta \
+ --enable-expires \
+ --enable-headers \
+ --enable-ident \
+ --enable-usertrack \
+ --enable-unique-id \
+ --enable-proxy \
+ --enable-proxy-connect \
+ --enable-proxy-ftp \
+ --enable-proxy-http \
+ --enable-proxy-ajp \
+ --enable-proxy-balancer \
+ %{?with_ssl:--enable-ssl %{?with_distcache:--enable-distcache}} \
+ --enable-http \
+ --enable-dav \
+ --enable-info \
+ --enable-suexec \
+ --enable-cgi \
+ --enable-cgid \
+ --enable-dav-fs \
+ --enable-dav-lock \
+ --enable-vhost-alias \
+ --enable-imagemap \
+ --enable-speling \
+ --enable-rewrite \
+ --enable-so \
+ --with-program-name=httpd.${mpm} \
+ --with-mpm=${mpm} \
+%ifarch %{ix86}
+%ifnarch i386 i486
+ $( [ "${mpm}" = "leader" ] && echo "--enable-nonportable-atomics=yes" ) \
+%endif
+%endif
+ --with-suexec-bin=%{_sbindir}/suexec \
+ --with-suexec-caller=http \
+ --with-suexec-docroot=%{_datadir} \
+ --with-suexec-logfile=/var/log/httpd/suexec_log \
+ --with-suexec-uidmin=500 \
+ --with-suexec-gidmin=500 \
+ --with-suexec-umask=077 \
+ --with-apr=%{_bindir}/apr-1-config \
+ --with-apr-util=%{_bindir}/apu-1-config \
+ --with-pcre
+
+%{__make}
+./httpd.${mpm} -l | grep -v "${mpm}" > modules-inside
+cd ..
+
+done
+
+for mpm in worker %{?with_event:event} %{?with_itk:itk}; do
+ if ! cmp -s buildmpm-prefork/modules-inside buildmpm-${mpm}/modules-inside; then
+ echo "List of compiled modules is different between prefork-MPM and ${mpm}-MPM!"
+ echo "Build failed."
+ exit 1
+ fi
+done
+
+%install
+rm -rf $RPM_BUILD_ROOT
+install -d $RPM_BUILD_ROOT/etc/{logrotate.d,rc.d/init.d,sysconfig} \
+ $RPM_BUILD_ROOT%{_var}/{log/{httpd,archive/httpd},{run,cache}/httpd,lock/mod_dav} \
+ $RPM_BUILD_ROOT%{_sysconfdir}/{webapps.d,conf.d,vhosts.d} \
+ $RPM_BUILD_ROOT%{_datadir}/{cgi-bin,vhosts} \
+ $RPM_BUILD_ROOT/usr/lib/tmpfiles.d
+
+# prefork is default one
+%{__make} -C buildmpm-prefork install \
+ DESTDIR=$RPM_BUILD_ROOT
+
+# install other mpm-s
+for mpm in worker %{?with_event:event} %{?with_itk:itk}; do
+ install buildmpm-${mpm}/httpd.${mpm} $RPM_BUILD_ROOT%{_sbindir}/httpd.${mpm}
+done
+
+ln -s httpd.prefork $RPM_BUILD_ROOT%{_sbindir}/httpd
+ln -s %{_libexecdir} $RPM_BUILD_ROOT%{_sysconfdir}/modules
+ln -s %{_localstatedir}/run/httpd $RPM_BUILD_ROOT%{_sysconfdir}/run
+ln -s %{_var}/log/httpd $RPM_BUILD_ROOT%{_sysconfdir}/logs
+ln -s conf.d $RPM_BUILD_ROOT%{_sysconfdir}/httpd.conf
+
+install -p %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/httpd
+cp -a %{SOURCE2} $RPM_BUILD_ROOT/etc/logrotate.d/httpd
+cp -a %{SOURCE3} $RPM_BUILD_ROOT/etc/sysconfig/httpd
+
+touch $RPM_BUILD_ROOT/var/log/httpd/{access,error,agent,referer,suexec}_log
+
+%if %{with ssl}
+install -d $RPM_BUILD_ROOT%{_sysconfdir}/ssl
+cp -a %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/ssl/server.crt
+cp -a %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/ssl/server.key
+%endif
+
+cp -a %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}/apache.conf
+
+CFG="$RPM_BUILD_ROOT%{_sysconfdir}/conf.d"
+
+cp -a %{SOURCE7} $CFG/10_common.conf
+cp -a %{SOURCE23} $CFG/01_mod_mime.conf
+cp -a %{SOURCE24} $CFG/01_mod_authz_host.conf
+cp -a %{SOURCE25} $CFG/01_mod_cgid.conf
+cp -a %{SOURCE26} $CFG/01_mod_log_config.conf
+cp -a %{SOURCE27} $CFG/01_mod_mime_magic.conf
+cp -a %{SOURCE28} $CFG/01_mod_cache.conf
+cp -a %{SOURCE8} $CFG/20_mod_vhost_alias.conf
+cp -a %{SOURCE9} $CFG/25_mod_status.conf
+cp -a %{SOURCE10} $CFG/30_mod_proxy.conf
+cp -a %{SOURCE11} $CFG/35_mod_info.conf
+cp -a %{SOURCE12} $CFG/40_mod_ssl.conf
+cp -a %{SOURCE13} $CFG/45_mod_dav.conf
+cp -a %{SOURCE14} $CFG/59_mod_dir.conf
+cp -a %{SOURCE15} $CFG/13_mod_suexec.conf
+cp -a %{SOURCE16} $CFG/58_mod_deflate.conf
+cp -a %{SOURCE17} $CFG/57_mod_autoindex.conf
+cp -a %{SOURCE18} $CFG/30_errordocs.conf
+cp -a %{SOURCE19} $CFG/30_manual.conf
+cp -a %{SOURCE20} $CFG/16_mod_userdir.conf
+cp -a %{SOURCE21} $CFG/10_mpm.conf
+cp -a %{SOURCE22} $CFG/20_languages.conf
+cp -a %{SOURCE29} $RPM_BUILD_ROOT%{_sysconfdir}/vhosts.d/example.net.conf
+
+install %{SOURCE30} $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/%{name}.conf
+
+echo "LoadModule alias_module modules/mod_alias.so" > $CFG/00_mod_alias.conf
+echo "LoadModule authn_file_module modules/mod_authn_file.so" > $CFG/00_mod_authn_file.conf
+echo "LoadModule authn_dbm_module modules/mod_authn_dbm.so" > $CFG/00_mod_authn_dbm.conf
+echo "LoadModule authn_anon_module modules/mod_authn_anon.so" > $CFG/00_mod_authn_anon.conf
+echo "LoadModule authn_dbd_module modules/mod_authn_dbd.so" > $CFG/00_mod_authn_dbd.conf
+echo "LoadModule authn_default_module modules/mod_authn_default.so" > $CFG/00_mod_authn_default.conf
+echo "LoadModule authn_alias_module modules/mod_authn_alias.so" > $CFG/00_mod_authn_alias.conf
+echo "LoadModule authz_groupfile_module modules/mod_authz_groupfile.so" > $CFG/00_mod_authz_groupfile.conf
+echo "LoadModule authz_user_module modules/mod_authz_user.so" > $CFG/00_mod_authz_user.conf
+echo "LoadModule authz_dbm_module modules/mod_authz_dbm.so" > $CFG/00_mod_authz_dbm.conf
+echo "LoadModule authz_owner_module modules/mod_authz_owner.so" > $CFG/00_mod_authz_owner.conf
+echo "LoadModule authnz_ldap_module modules/mod_authnz_ldap.so" > $CFG/00_mod_authnz_ldap.conf
+echo "LoadModule authz_default_module modules/mod_authz_default.so" > $CFG/00_mod_authz_default.conf
+echo "LoadModule auth_basic_module modules/mod_auth_basic.so" > $CFG/00_mod_auth_basic.conf
+echo "LoadModule dbd_module modules/mod_dbd.so" > $CFG/00_mod_dbd.conf
+%if %{with bucketeer}
+echo "LoadModule bucketeer_module modules/mod_bucketeer.so" > $CFG/00_mod_bucketeer.conf
+%endif
+echo "LoadModule dumpio_module modules/mod_dumpio.so" > $CFG/00_mod_dumpio.conf
+echo "LoadModule echo_module modules/mod_echo.so" > $CFG/00_mod_echo.conf
+echo "LoadModule case_filter_module modules/mod_case_filter.so" > $CFG/00_mod_case_filter.conf
+echo "LoadModule case_filter_in_module modules/mod_case_filter_in.so" > $CFG/00_mod_case_filter_in.conf
+echo "LoadModule ext_filter_module modules/mod_ext_filter.so" > $CFG/00_mod_ext_filter.conf
+echo "LoadModule include_module modules/mod_include.so" > $CFG/00_mod_include.conf
+echo "LoadModule filter_module modules/mod_filter.so" > $CFG/00_mod_filter.conf
+echo "LoadModule log_forensic_module modules/mod_log_forensic.so" > $CFG/00_mod_log_forensic.conf
+echo "LoadModule logio_module modules/mod_logio.so" > $CFG/00_mod_logio.conf
+echo "LoadModule env_module modules/mod_env.so" > $CFG/00_mod_env.conf
+echo "LoadModule cern_meta_module modules/mod_cern_meta.so" > $CFG/00_mod_cern_meta.conf
+echo "LoadModule ident_module modules/mod_ident.so" > $CFG/00_mod_ident.conf
+echo "LoadModule setenvif_module modules/mod_setenvif.so" > $CFG/00_mod_setenvif.conf
+echo "LoadModule version_module modules/mod_version.so" > $CFG/00_mod_version.conf
+echo "LoadModule asis_module modules/mod_asis.so" > $CFG/00_mod_asis.conf
+echo "LoadModule cgi_module modules/mod_cgi.so" > $CFG/00_mod_cgi.conf
+echo "LoadModule negotiation_module modules/mod_negotiation.so" > $CFG/00_mod_negotiation.conf
+echo "LoadModule imagemap_module modules/mod_imagemap.so" > $CFG/00_mod_imagemap.conf
+echo "LoadModule speling_module modules/mod_speling.so" > $CFG/00_mod_speling.conf
+echo "LoadModule ldap_module modules/mod_ldap.so" > $CFG/00_mod_ldap.conf
+echo "LoadModule actions_module modules/mod_actions.so" > $CFG/00_mod_actions.conf
+echo "LoadModule auth_digest_module modules/mod_auth_digest.so" > $CFG/00_mod_auth_digest.conf
+echo "LoadModule charset_lite_module modules/mod_charset_lite.so" > $CFG/00_mod_charset_lite.conf
+echo "LoadModule expires_module modules/mod_expires.so" > $CFG/00_mod_expires.conf
+echo "LoadModule file_cache_module modules/mod_file_cache.so" > $CFG/00_mod_file_cache.conf
+echo "LoadModule headers_module modules/mod_headers.so" > $CFG/00_mod_headers.conf
+echo "LoadModule rewrite_module modules/mod_rewrite.so" > $CFG/00_mod_rewrite.conf
+echo "LoadModule usertrack_module modules/mod_usertrack.so" > $CFG/00_mod_usertrack.conf
+echo "LoadModule unique_id_module modules/mod_unique_id.so" > $CFG/00_mod_unique_id.conf
+echo "LoadModule substitute_module modules/mod_substitute.so" > $CFG/00_mod_substitute.conf
+echo "LoadModule reqtimeout_module modules/mod_reqtimeout.so" >> $CFG/00_mod_reqtimeout.conf
+
+# anything in style dir not ending with .css is trash
+%{__rm} -r $RPM_BUILD_ROOT%{_datadir}/manual/style/{lang,latex,xsl}
+find $RPM_BUILD_ROOT%{_datadir}/manual/style -type f ! -name '*.css' -print0 | xargs -0r rm -f
+
+# find manual files
+> manual.files
+cur=$(pwd)
+cd $RPM_BUILD_ROOT
+find ./%{_datadir}/manual -type d -printf "%%%%dir %{_datadir}/manual/%%P\n" >> "$cur/manual.files"
+find ./%{_datadir}/manual -type f -printf "%{_datadir}/manual/%%P\n" | sed -e '
+s/^.*\.\(de\|es\|fr\|ja\|ko\|ru\)\(\..*\)\?/%%lang(\1) &/
+s/^.*\.\(pt-br\)/%%lang(pt_BR) &/
+' >> "$cur/manual.files"
+cd $cur
+
+# htpasswd goes to %{_bindir}
+mv $RPM_BUILD_ROOT%{_sbindir}/htpasswd $RPM_BUILD_ROOT%{_bindir}
+ln -sf %{_bindir}/htpasswd $RPM_BUILD_ROOT%{_sbindir}
+
+# cgi_test: create config file with ScriptAlias
+cat << 'EOF' > $CFG/09_cgi_test.conf
+ScriptAlias /cgi-bin/printenv %{_cgibindir}/printenv
+ScriptAlias /cgi-bin/test-cgi %{_cgibindir}/test-cgi
+EOF
+
+# our suexec is patched to support php + fcgi + suexec with
+# virtual users when called as suexec.fcgi
+ln -sf suexec $RPM_BUILD_ROOT%{_sbindir}/suexec.fcgi
+
+# no value
+%{__rm} $RPM_BUILD_ROOT%{_libexecdir}/build/config.nice
+%{__rm} $RPM_BUILD_ROOT%{_libexecdir}/*.exp
+%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/mime.types
+%{__rm} $RPM_BUILD_ROOT%{_sysconfdir}/httpd.prefork.conf
+%{__rm} -r $RPM_BUILD_ROOT%{_sysconfdir}/{extra,original}
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre base
+%groupadd -g 51 http
+%useradd -u 51 -r -d /home/services/httpd -s /bin/false -c "HTTP User" -g http http
+
+%pretrans base
+# change httpd.conf from dir to symlink
+if [ ! -L /etc/httpd/httpd.conf ]; then
+ if [ -d /etc/httpd/httpd.conf ]; then
+ if [ -d /etc/httpd/conf.d ]; then
+ mv /etc/httpd/httpd.conf/* /etc/httpd/conf.d
+ rmdir /etc/httpd/httpd.conf 2>/dev/null || mv -v /etc/httpd/httpd.conf{,.rpmsave}
+ else
+ mv /etc/httpd/httpd.conf /etc/httpd/conf.d
+ fi
+
+ # new module packages issue error as first installed over 2.0 installation
+ mv -f /var/lock/subsys/httpd{,.disabled} 2>/dev/null
+ fi
+
+ # always have httpd.conf symlink (until all packages from Ac use new dir)
+ install -d /etc/httpd
+ ln -s conf.d /etc/httpd/httpd.conf
+fi
+exit 0
+
+%post base
+/sbin/chkconfig --add httpd
+umask 137
+touch /var/log/httpd/{access,error,agent,referer}_log
+
+%preun base
+if [ "$1" = "0" ]; then
+ %service httpd stop
+ /sbin/chkconfig --del httpd
+fi
+
+%postun base
+if [ "$1" = "0" ]; then
+ %userremove http
+ %groupremove http
+fi
+
+%triggerpostun base -- %{name} < 2.0.50-6.9
+%banner %{name}-2.0.50-6 << EOF
+WARNING!!!
+Since apache-2.0.50-6 autoindex module has been separated to package
+%{name}-mod_autoindex If you want to have the same functionality do:
+poldek -Uv %{name}-mod_autoindex
+EOF
+
+%triggerpostun base -- %{name} < 2.0.54-4
+%banner %{name}-2.0.54-2 << EOF
+WARNING!!!
+CGI demo/test programs - printenv and test-cgi, have been released
+from package apache into separate subpackage apache-cgi_test. If you
+need printenv and/or test-cgi, please install apache-cgi_test package,
+e.g. by running poldek -Uv apache-cgi_test
+EOF
+
+# update /etc/sysconfig/apache -> httpd rename
+if [ -f /etc/sysconfig/apache.rpmsave ]; then
+ cp -f /etc/sysconfig/httpd{,.rpmnew}
+ mv -f /etc/sysconfig/{apache.rpmsave,httpd}
+fi
+
+%triggerpostun base -- %{name} < 2.0.55-3.1
+# check for config first as in 2.2 it's .rpmsave
+if [ -f /etc/httpd/httpd.conf/10_httpd.conf ]; then
+ if ! grep -q 'Include webapps.d/' /etc/httpd/httpd.conf/10_httpd.conf; then
+ # make sure webapps.d is included
+ cp -f /etc/httpd/httpd.conf/10_httpd.conf{,.rpmsave}
+ # this file is ugly, so just append new lines
+ cat <<-EOF >> /etc/httpd/httpd.conf/10_httpd.conf
+ # Include webapps config
+ Include webapps.d/*.conf
+EOF
+ fi
+fi
+
+%triggerpostun base -- %{name} < 2.2.0
+# change HTTPD_CONF to point to new location. *only* if it's the
+# default config setting
+cp -f /etc/sysconfig/httpd{,.rpmorig}
+sed -i -e '/^HTTPD_CONF="\/etc\/httpd\/httpd.conf"/s,.*,HTTPD_CONF="/etc/httpd/apache.conf",' /etc/sysconfig/httpd
+
+if [ -f /etc/httpd/conf.d/10_httpd.conf.rpmsave ]; then
+ sed -e '
+ # as separate modules
+ /^LoadModule access_module/s,^,#,
+ /^LoadModule alias_module/s,^,#,
+ /^LoadModule asis_module/s,^,#,
+ /^LoadModule cern_meta_module/s,^,#,
+ /^LoadModule cgi_module/s,^,#,
+ /^LoadModule env_module/s,^,#,
+ /^LoadModule include_module/s,^,#,
+ /^LoadModule log_config_module/s,^,#,
+ /^LoadModule mime_magic_module/s,^,#,
+ /^LoadModule mime_module/s,^,#,
+ /^LoadModule negotiation_module/s,^,#,
+ /^LoadModule setenvif_module/s,^,#,
+ /^LoadModule speling_module/s,^,#,
+ /^LoadModule userdir_module/s,^,#,
+
+ # in 30_errordocs.conf
+ /<IfModule mod_include.c>/,/<\/IfModule>/s,^,#,
+
+ # in 57_mod_autoindex.conf
+ /^Alias \/icons\//s,^,#,
+
+ # in apache.conf
+ /^ScriptAlias \/cgi-bin\//s,^,#,
+ /^Listen 80/s,^,#,
+
+ # avoid loops
+ /Include conf.d\/\*.conf/s,^,#,
+ /Include webapps.d\/\*.conf/s,^,#,
+
+ ' < /etc/httpd/conf.d/10_httpd.conf.rpmsave > /etc/httpd/conf.d/10_httpd.conf
+fi
+
+%banner -e %{name} <<'EOF'
+NB! Apache main config has been changed to /etc/httpd/apache.conf
+
+There has been changed a lot, so many things could be broken.
+Please report bugs to <http://bugs.pld-linux.org/>.
+
+EOF
+
+%triggerpostun mod_ssl -- %{name}-mod_ssl < 1:2.2.0-3.1
+cp -f /etc/httpd/conf.d/40_mod_ssl.conf{,.rpmsave}
+sed -i -e '
+ s,/var/run/apache,/var/run/httpd,g
+ s,/var/cache/apache,/var/cache/httpd,g
+' /etc/httpd/conf.d/40_mod_ssl.conf
+
+%posttrans base
+# restore lock which we disabled in pretrans
+mv -f /var/lock/subsys/httpd{.disabled,} 2>/dev/null
+
+# minimizing apache restarts logics. we restart webserver:
+#
+# 1. at the end of transaction. (posttrans, feature from rpm 4.4.2)
+# 2. first install of module (post: $1 = 1)
+# 2. uninstall of module (postun: $1 == 0)
+#
+# the strict internal deps between apache modules and
+# main package are very important for all this to work.
+
+# restart webserver at the end of transaction
+%service httpd restart
+
+# macro called at module post scriptlet
+%define module_post \
+if [ "$1" = "1" ]; then \
+ %service -q httpd restart \
+fi
+
+# macro called at module postun scriptlet
+%define module_postun \
+if [ "$1" = "0" ]; then \
+ %service -q httpd restart \
+fi
+
+# it's sooo annoying to write them
+%define module_scripts() \
+%post %1 \
+%module_post \
+\
+%postun %1 \
+%module_postun
+
+%module_scripts mod_actions
+%module_scripts mod_alias
+%module_scripts mod_asis
+%module_scripts mod_auth_basic
+%module_scripts mod_auth_dbm
+%module_scripts mod_auth_digest
+%module_scripts mod_authn_alias
+%module_scripts mod_authn_anon
+%module_scripts mod_authn_dbd
+%module_scripts mod_authn_dbm
+%module_scripts mod_authn_default
+%module_scripts mod_authn_file
+%module_scripts mod_authnz_ldap
+%module_scripts mod_authz_dbm
+%module_scripts mod_authz_default
+%module_scripts mod_authz_groupfile
+%module_scripts mod_authz_host
+%module_scripts mod_authz_owner
+%module_scripts mod_authz_user
+%module_scripts mod_autoindex
+%module_scripts mod_bucketeer
+%module_scripts mod_cache
+%module_scripts mod_case_filter
+%module_scripts mod_case_filter_in
+%module_scripts mod_cern_meta
+%module_scripts mod_cgi
+%module_scripts mod_cgid
+%module_scripts mod_charset_lite
+%module_scripts mod_dav
+%module_scripts mod_dbd
+%module_scripts mod_deflate
+%module_scripts mod_dir
+%module_scripts mod_dumpio
+%module_scripts mod_echo
+%module_scripts mod_env
+%module_scripts mod_expires
+%module_scripts mod_ext_filter
+%module_scripts mod_file_cache
+%module_scripts mod_filter
+%module_scripts mod_headers
+%module_scripts mod_ident
+%module_scripts mod_imagemap
+%module_scripts mod_include
+%module_scripts mod_info
+%module_scripts mod_ldap
+%module_scripts mod_log_config
+%module_scripts mod_log_forensic
+%module_scripts mod_logio
+%module_scripts mod_mime
+%module_scripts mod_mime_magic
+%module_scripts mod_negotiation
+%module_scripts mod_proxy
+%module_scripts mod_reqtimeout
+%module_scripts mod_rewrite
+%module_scripts mod_setenvif
+%module_scripts mod_speling
+%module_scripts mod_ssl
+%module_scripts mod_status
+%module_scripts mod_substitute
+%module_scripts mod_unique_id
+%module_scripts mod_userdir
+%module_scripts mod_usertrack
+%module_scripts mod_version
+%module_scripts mod_vhost_alias
+%module_scripts suexec
+
+%post cgi_test
+if [ "$1" = "1" ]; then
+ %service -q httpd reload
+fi
+
+%postun cgi_test
+if [ "$1" = "0" ]; then
+ %service -q httpd reload
+fi
+
+%post errordocs
+if [ "$1" = "1" ]; then
+ %service -q httpd reload
+fi
+
+%postun errordocs
+if [ "$1" = "0" ]; then
+ %service -q httpd reload
+fi
+
+%files
+%defattr(644,root,root,755)
+
+%files base
+%defattr(644,root,root,755)
+%doc ABOUT_APACHE CHANGES README
+%doc docs/conf/mime.types
+%attr(754,root,root) /etc/rc.d/init.d/httpd
+%attr(751,root,root) %dir %{_sysconfdir}
+%{_sysconfdir}/modules
+%{_sysconfdir}/run
+%{_sysconfdir}/logs
+%ghost %{_sysconfdir}/httpd.conf
+%attr(750,root,root) %dir %{_sysconfdir}/conf.d
+%attr(750,root,root) %dir %{_sysconfdir}/vhosts.d
+%attr(750,root,root) %dir %{_sysconfdir}/webapps.d
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/apache.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_common.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mpm.conf
+%attr(640,root,root) %config(noreplace,missingok) %verify(not md5 mtime size) %{_sysconfdir}/vhosts.d/example.net.conf
+%attr(640,root,root) %{_sysconfdir}/magic
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/sysconfig/httpd
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) /etc/logrotate.d/*
+
+%dir %{_libexecdir}
+
+%attr(755,root,root) %{_sbindir}/checkgid
+%attr(755,root,root) %{_sbindir}/httpd
+%attr(755,root,root) %{_sbindir}/httpd.*
+
+%dir %attr(770,root,http) /var/run/httpd
+%dir %attr(770,root,http) /var/cache/httpd
+
+/usr/lib/tmpfiles.d/%{name}.conf
+
+%{_mandir}/man8/httpd.8*
+
+%attr(2751,root,logs) %dir /var/log/httpd
+%attr(2750,root,logs) %dir /var/log/archive/httpd
+%attr(640,root,logs) %ghost /var/log/httpd/*
+
+%dir %{_datadir}
+
+%dir %{_datadir}/cgi-bin
+%dir %{_datadir}/html
+%dir %{_datadir}/vhosts
+# do not adapter here, %{_datadir} != /usr/share here
+%{_datadir}/icons
+
+%files doc -f manual.files
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_manual.conf
+
+%files errordocs
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_errordocs.conf
+%{_datadir}/error
+
+%files suexec
+%defattr(644,root,root,755)
+%attr(4755,root,root) %{_sbindir}/suexec
+%attr(755,root,root) %{_sbindir}/suexec.fcgi
+%attr(755,root,root) %{_libexecdir}/mod_suexec.so
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_suexec.conf
+%{_mandir}/man8/suexec.8*
+
+%files index
+%defattr(644,root,root,755)
+%config(noreplace,missingok) %{_datadir}/html/index.html*
+
+%files tools
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_sbindir}/ab
+%attr(755,root,root) %{_sbindir}/apachectl
+%attr(755,root,root) %{_sbindir}/htdigest
+%attr(755,root,root) %{_sbindir}/logresolve
+%attr(755,root,root) %{_sbindir}/rotatelogs
+%{_mandir}/man1/ab.1*
+%{_mandir}/man8/apachectl.8*
+%{_mandir}/man1/htdigest.1*
+%{_mandir}/man1/logresolve.1*
+%{_mandir}/man8/rotatelogs.8*
+
+%files devel
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_sbindir}/apxs
+%attr(755,root,root) %{_sbindir}/envvars*
+%dir %{_libexecdir}
+%dir %{_libexecdir}/build
+%{_libexecdir}/build/[lprs]*.mk
+%{_libexecdir}/build/config_vars.mk
+%attr(755,root,root) %{_libexecdir}/build/*.sh
+%{_includedir}
+%{_mandir}/man1/apxs.1*
+
+%files mod_actions
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_actions.conf
+%attr(755,root,root) %{_libexecdir}/mod_actions.so
+
+%files mod_alias
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_alias.conf
+%attr(755,root,root) %{_libexecdir}/mod_alias.so
+
+%files mod_asis
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_asis.conf
+%attr(755,root,root) %{_libexecdir}/mod_asis.so
+
+%files mod_auth
+%defattr(644,root,root,755)
+
+%files mod_auth_basic
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_auth_basic.conf
+%attr(755,root,root) %{_libexecdir}/mod_auth_basic.so
+
+%files mod_auth_dbm
+%defattr(644,root,root,755)
+
+%files mod_auth_digest
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_auth_digest.conf
+%attr(755,root,root) %{_libexecdir}/mod_auth_digest.so
+
+%files mod_authn_alias
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_alias.conf
+%attr(755,root,root) %{_libexecdir}/mod_authn_alias.so
+
+%files mod_authn_anon
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_anon.conf
+%attr(755,root,root) %{_libexecdir}/mod_authn_anon.so
+
+%files mod_authn_dbd
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_dbd.conf
+%attr(755,root,root) %{_libexecdir}/mod_authn_dbd.so
+
+%files mod_authn_dbm
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_dbm.conf
+%attr(755,root,root) %{_libexecdir}/mod_authn_dbm.so
+
+%files mod_authn_default
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_default.conf
+%attr(755,root,root) %{_libexecdir}/mod_authn_default.so
+
+%files mod_authn_file
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authn_file.conf
+%attr(755,root,root) %{_libexecdir}/mod_authn_file.so
+
+%if %{with ldap}
+%files mod_authnz_ldap
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authnz_ldap.conf
+%attr(755,root,root) %{_libexecdir}/mod_authnz_ldap.so
+%endif
+
+%files mod_authz_dbm
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_dbm.conf
+%attr(755,root,root) %{_libexecdir}/mod_authz_dbm.so
+
+%files mod_authz_default
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_default.conf
+%attr(755,root,root) %{_libexecdir}/mod_authz_default.so
+
+%files mod_authz_groupfile
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_groupfile.conf
+%attr(755,root,root) %{_libexecdir}/mod_authz_groupfile.so
+
+%files mod_authz_host
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_host.conf
+%attr(755,root,root) %{_libexecdir}/mod_authz_host.so
+
+%files mod_authz_owner
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_owner.conf
+%attr(755,root,root) %{_libexecdir}/mod_authz_owner.so
+
+%files mod_authz_user
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_authz_user.conf
+%attr(755,root,root) %{_libexecdir}/mod_authz_user.so
+
+%files mod_autoindex
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_autoindex.conf
+%attr(755,root,root) %{_libexecdir}/mod_autoindex.so
+
+%if %{with bucketeer}
+%files mod_bucketeer
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_bucketeer.conf
+%attr(755,root,root) %{_libexecdir}/mod_bucketeer.so
+%endif
+
+%files mod_cache
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_cache.conf
+%attr(755,root,root) %{_sbindir}/htcacheclean
+%attr(755,root,root) %{_libexecdir}/mod_cache.so
+%attr(755,root,root) %{_libexecdir}/mod_disk_cache.so
+%attr(755,root,root) %{_libexecdir}/mod_mem_cache.so
+%{_mandir}/man8/htcacheclean.8*
+
+%files mod_case_filter
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_case_filter.conf
+%attr(755,root,root) %{_libexecdir}/mod_case_filter.so
+
+%files mod_case_filter_in
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_case_filter_in.conf
+%attr(755,root,root) %{_libexecdir}/mod_case_filter_in.so
+
+%files mod_cern_meta
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_cern_meta.conf
+%attr(755,root,root) %{_libexecdir}/mod_cern_meta.so
+
+%files mod_cgi
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_cgi.conf
+%attr(755,root,root) %{_libexecdir}/mod_cgi.so
+
+%files mod_cgid
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_cgid.conf
+%attr(755,root,root) %{_libexecdir}/mod_cgid.so
+
+%files mod_charset_lite
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_charset_lite.conf
+%attr(755,root,root) %{_libexecdir}/mod_charset_lite.so
+
+%files mod_dav
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_dav.conf
+%attr(755,root,root) %{_libexecdir}/mod_dav*.so
+%dir %attr(770,root,http) /var/lock/mod_dav
+
+%files mod_dbd
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_dbd.conf
+%attr(755,root,root) %{_libexecdir}/mod_dbd.so
+
+%files mod_deflate
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_deflate.conf
+%attr(755,root,root) %{_libexecdir}/mod_deflate.so
+
+%files mod_dir
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_dir.conf
+%attr(755,root,root) %{_libexecdir}/mod_dir.so
+
+%files mod_dumpio
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_dumpio.conf
+%attr(755,root,root) %{_libexecdir}/mod_dumpio.so
+
+%files mod_echo
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_echo.conf
+%attr(755,root,root) %{_libexecdir}/mod_echo.so
+
+%files mod_env
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_env.conf
+%attr(755,root,root) %{_libexecdir}/mod_env.so
+
+%files mod_expires
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_expires.conf
+%attr(755,root,root) %{_libexecdir}/mod_expires.so
+
+%files mod_ext_filter
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ext_filter.conf
+%attr(755,root,root) %{_libexecdir}/mod_ext_filter.so
+
+%files mod_file_cache
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_file_cache.conf
+%attr(755,root,root) %{_libexecdir}/mod_file_cache.so
+
+%files mod_filter
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_filter.conf
+%attr(755,root,root) %{_libexecdir}/mod_filter.so
+
+%files mod_headers
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_headers.conf
+%attr(755,root,root) %{_libexecdir}/mod_headers.so
+
+%files mod_ident
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ident.conf
+%attr(755,root,root) %{_libexecdir}/mod_ident.so
+
+%files mod_imagemap
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_imagemap.conf
+%attr(755,root,root) %{_libexecdir}/mod_imagemap.so
+
+%files mod_include
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_include.conf
+%attr(755,root,root) %{_libexecdir}/mod_include.so
+
+%files mod_info
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_info.conf
+%attr(755,root,root) %{_libexecdir}/mod_info.so
+
+%if %{with ldap}
+%files mod_ldap
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ldap.conf
+%attr(755,root,root) %{_libexecdir}/mod_ldap.so
+%endif
+
+%files mod_log_config
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libexecdir}/mod_log_config.so
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_log_config.conf
+
+%files mod_log_forensic
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_log_forensic.conf
+%attr(755,root,root) %{_libexecdir}/mod_log_forensic.so
+
+%files mod_logio
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_logio.conf
+%attr(755,root,root) %{_libexecdir}/mod_logio.so
+
+%files mod_mime
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libexecdir}/mod_mime.so
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_mime.conf
+
+%files mod_mime_magic
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_mime_magic.conf
+%attr(755,root,root) %{_libexecdir}/mod_mime_magic.so
+
+%files mod_negotiation
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_negotiation.conf
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_languages.conf
+%attr(755,root,root) %{_libexecdir}/mod_negotiation.so
+
+%files mod_proxy
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_proxy.conf
+%attr(755,root,root) %{_libexecdir}/mod_proxy*.so
+
+%files mod_reqtimeout
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libexecdir}/mod_reqtimeout.so
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_reqtimeout.conf
+
+%files mod_rewrite
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_sbindir}/httxt2dbm
+%attr(755,root,root) %{_libexecdir}/mod_rewrite.so
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_rewrite.conf
+%{_mandir}/man1/httxt2dbm.1*
+
+%files mod_setenvif
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_setenvif.conf
+%attr(755,root,root) %{_libexecdir}/mod_setenvif.so
+
+%files mod_speling
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_speling.conf
+%attr(755,root,root) %{_libexecdir}/mod_speling.so
+
+%if %{with ssl}
+%files mod_ssl
+%defattr(644,root,root,755)
+%attr(750,root,root) %dir %{_sysconfdir}/ssl
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssl/server.*
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_ssl.conf
+%attr(755,root,root) %{_libexecdir}/mod_ssl.so
+%endif
+
+%files mod_status
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_status.conf
+%attr(755,root,root) %{_libexecdir}/mod_status.so
+
+%files mod_substitute
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_substitute.conf
+%attr(755,root,root) %{_libexecdir}/mod_substitute.so
+
+%files mod_unique_id
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_unique_id.conf
+%attr(755,root,root) %{_libexecdir}/mod_unique_id.so
+
+%files mod_userdir
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_userdir.conf
+%attr(755,root,root) %{_libexecdir}/mod_userdir.so
+
+%files mod_usertrack
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_usertrack.conf
+%attr(755,root,root) %{_libexecdir}/mod_usertrack.so
+
+%files mod_version
+%defattr(644,root,root,755)
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_version.conf
+%attr(755,root,root) %{_libexecdir}/mod_version.so
+
+%files mod_vhost_alias
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libexecdir}/mod_vhost_alias.so
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_mod_vhost_alias.conf
+
+%files -n htpasswd-%{name}
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_bindir}/htpasswd
+%attr(755,root,root) %{_sbindir}/htpasswd
+%{_mandir}/man1/htpasswd.1*
+
+%files dbmtools
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_sbindir}/dbmmanage
+%attr(755,root,root) %{_sbindir}/htdbm
+%{_mandir}/man1/dbmmanage.1*
+%{_mandir}/man1/htdbm.1*
+
+%files cgi_test
+%defattr(644,root,root,755)
+%dir %{_cgibindir}
+%attr(755,root,root) %{_cgibindir}/*
+%attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/conf.d/*_cgi_test.conf
--- /dev/null
+# Customized settings for Apache
+# $Id: apache.sysconfig,v 1.17 2011/08/03 22:08:10 gotar Exp $
+
+# Nice level for apache
+SERVICE_RUN_NICE_LEVEL="+5"
+
+# config dir/file path. default is compiled in path
+#HTTPD_CONF="/etc/httpd/apache.conf"
+
+# other command-line options
+# -T avoid doing many unneded DocumentRoot checks
+HTTPD_OPTS=""
+
+# choose MPM
+# prefork, worker, perchild (experimental), metuxmpm (experimental)
+# (note that some may be not available)
+HTTPD_MPM="prefork"
+
+# perhaps set 128MB memory limit
+#SERVICE_LIMITS="$DEFAULT_SERVICE_LIMITS -m 128000"
+
+# Skip apache restarts invoked from rpm installs.
+#RPM_SKIP_AUTO_RESTART=yes
--- /dev/null
+d /var/run/httpd 0770 root http -
--- /dev/null
+
+Set SIGXFSZ to be ignored, so a write() beyond 2gb will fail with
+E2BIG rather than killing the process
+
+--- ./server/mpm/prefork/prefork.c.xfsz Wed Jul 17 22:39:55 2002
++++ ./server/mpm/prefork/prefork.c Mon Aug 26 15:40:24 2002
+@@ -461,7 +461,7 @@
+ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXCPU)");
+ #endif
+ #ifdef SIGXFSZ
+- sa.sa_handler = SIG_DFL;
++ sa.sa_handler = SIG_IGN;
+ if (sigaction(SIGXFSZ, &sa, NULL) < 0)
+ ap_log_error(APLOG_MARK, APLOG_WARNING, errno, ap_server_conf, "sigaction(SIGXFSZ)");
+ #endif
--- /dev/null
+* don't HTML-escape the SERVER_NAME variable
+* do escape SERVER_NAME in error docs
+* remove dates from error pages (#86474), since they won't be in the right
+language
+
+diff -ur httpd-2.2.0.org/docs/error/include/bottom.html httpd-2.2.0/docs/error/include/bottom.html
+--- httpd-2.2.0.org/docs/error/include/bottom.html 2004-11-20 21:16:24.000000000 +0100
++++ httpd-2.2.0/docs/error/include/bottom.html 2005-12-02 23:04:57.540690250 +0100
+@@ -5,10 +5,8 @@
+
+ <h2>Error <!--#echo encoding="none" var="REDIRECT_STATUS" --></h2>
+ <address>
+- <a href="/"><!--#echo var="SERVER_NAME" --></a><br />
+- <!--#config timefmt="%c" -->
+- <span><!--#echo var="DATE_LOCAL" --><br />
+- <!--#echo var="SERVER_SOFTWARE" --></span>
++ <a href="/"><!--#echo encoding="entity" var="SERVER_NAME" --></a><br />
++ <span><!--#echo var="SERVER_SOFTWARE" --></span>
+ </address>
+ </body>
+ </html>
+diff -ur httpd-2.2.0.org/server/util_script.c httpd-2.2.0/server/util_script.c
+--- httpd-2.2.0.org/server/util_script.c 2005-11-10 16:20:05.000000000 +0100
++++ httpd-2.2.0/server/util_script.c 2005-12-02 23:04:50.848272000 +0100
+@@ -224,8 +224,7 @@
+
+ apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
+ apr_table_addn(e, "SERVER_SOFTWARE", ap_get_server_banner());
+- apr_table_addn(e, "SERVER_NAME",
+- ap_escape_html(r->pool, ap_get_server_name(r)));
++ apr_table_addn(e, "SERVER_NAME", ap_get_server_name(r));
+ apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */
+ apr_table_addn(e, "SERVER_PORT",
+ apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
--- /dev/null
+--- httpd-2.0.46/modules/dav/main/mod_dav.c.dav401dest
++++ httpd-2.0.46/modules/dav/main/mod_dav.c
+@@ -2618,6 +2618,15 @@
+ return dav_error_response(r, lookup.err.status, lookup.err.desc);
+ }
+ if (lookup.rnew->status != HTTP_OK) {
++ const char *auth = apr_table_get(lookup.rnew->err_headers_out,
++ "WWW-Authenticate");
++ if (lookup.rnew->status == HTTP_UNAUTHORIZED && auth != NULL) {
++ /* propagate the WWW-Authorization header up from the
++ * subreq so the client sees it. */
++ apr_table_set(r->err_headers_out, "WWW-Authenticate",
++ apr_pstrdup(r->pool, auth));
++ }
++
+ /* ### how best to report this... */
+ return dav_error_response(r, lookup.rnew->status,
+ "Destination URI had an error.");
--- /dev/null
+diff -urbB httpd-2.2.0.org/modules/ssl/ssl_engine_mutex.c httpd-2.2.0/modules/ssl/ssl_engine_mutex.c
+--- httpd-2.2.0.org/modules/ssl/ssl_engine_mutex.c 2005-11-10 16:20:05.000000000 +0100
++++ httpd-2.2.0/modules/ssl/ssl_engine_mutex.c 2005-12-02 23:11:09.183916500 +0100
+@@ -45,6 +45,10 @@
+ if (mc->pMutex) {
+ return TRUE;
+ }
++
++ if (mc->szMutexFile)
++ apr_file_remove(mc->szMutexFile, p);
++
+ if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
+ mc->nMutexMech, s->process->pool))
+ != APR_SUCCESS) {
--- /dev/null
+
+Automatically raise the core file size limit if CoreDumpDirectory
+is configured.
+
+--- httpd-2.0.48/server/core.c.corelimit
++++ httpd-2.0.48/server/core.c
+@@ -4233,6 +4233,25 @@
+
+ ap_set_version(pconf);
+ ap_setup_make_content_type(pconf);
++
++#ifdef RLIMIT_CORE
++ if (ap_coredumpdir_configured) {
++ struct rlimit lim;
++
++ if (getrlimit(RLIMIT_CORE, &lim) == 0 && lim.rlim_cur == 0) {
++ lim.rlim_cur = lim.rlim_max;
++ if (setrlimit(RLIMIT_CORE, &lim) == 0) {
++ ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, NULL,
++ "core dump file size limit raised to %lu bytes",
++ lim.rlim_cur);
++ } else {
++ ap_log_error(APLOG_MARK, APLOG_NOTICE, errno, NULL,
++ "core dump file size is zero, setrlimit failed");
++ }
++ }
++ }
++#endif
++
+ return OK;
+ }
+
--- /dev/null
+
+__FILE__ expands to the full pathname during VPATH builds; this
+clutters up the debug log (and also bloats binaries very slightly).
+The -pie patch defines AP_FNAME during build which is equivalent
+to basename(__FILE__); use that for debug logging where available.
+
+AP_FNAME uses $(notdir ...), a GNU make extension, so this can't
+go upstream.
+
+Note this patch depends on the pie patch.
+
+--- httpd-2.0.48/include/http_log.h.debuglog
++++ httpd-2.0.48/include/http_log.h
+@@ -130,7 +130,11 @@
+
+ extern int AP_DECLARE_DATA ap_default_loglevel;
+
++#ifdef AP_FNAME
++#define APLOG_MARK AP_FNAME,__LINE__
++#else
+ #define APLOG_MARK __FILE__,__LINE__
++#endif
+
+ /**
+ * Set up for logging to stderr.
--- /dev/null
+Index: httpd-2.2.x/modules/ssl/ssl_private.h
+===================================================================
+--- httpd-2.2.x/modules/ssl/ssl_private.h (revision 833672)
++++ httpd-2.2.x/modules/ssl/ssl_private.h (working copy)
+@@ -395,6 +395,9 @@ typedef struct {
+ #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
+ const char *szCryptoDevice;
+ #endif
++#ifndef OPENSSL_NO_TLSEXT
++ ssl_enabled_t session_tickets_enabled;
++#endif
+ struct {
+ void *pV1, *pV2, *pV3, *pV4, *pV5, *pV6, *pV7, *pV8, *pV9, *pV10;
+ } rCtx;
+@@ -545,6 +548,7 @@ const char *ssl_cmd_SSLRequire(cmd_parm
+ const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg);
+ const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag);
+ const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag);
++const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *cdfg, int flag);
+
+ const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
+ const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
+Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c
+===================================================================
+--- httpd-2.2.x/modules/ssl/ssl_engine_init.c (revision 833672)
++++ httpd-2.2.x/modules/ssl/ssl_engine_init.c (working copy)
+@@ -382,6 +382,15 @@ static void ssl_init_ctx_tls_extensions(
+ ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_die();
+ }
++
++ /*
++ * Session tickets (stateless resumption)
++ */
++ if ((myModConfig(s))->session_tickets_enabled == SSL_ENABLED_FALSE) {
++ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
++ "Disabling TLS session ticket support");
++ SSL_CTX_set_options(mctx->ssl_ctx, SSL_OP_NO_TICKET);
++ }
+ }
+ #endif
+
+@@ -1018,6 +1027,11 @@ void ssl_init_CheckServers(server_rec *b
+
+ BOOL conflict = FALSE;
+
++#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0
++ unsigned char *tlsext_tick_keys = NULL;
++ long tick_keys_len;
++#endif
++
+ /*
+ * Give out warnings when a server has HTTPS configured
+ * for the HTTP port or vice versa
+@@ -1042,6 +1056,25 @@ void ssl_init_CheckServers(server_rec *b
+ ssl_util_vhostid(p, s),
+ DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT);
+ }
++
++#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER < 0x009080d0
++ /*
++ * When using OpenSSL versions 0.9.8f through 0.9.8l, configure
++ * the same ticket encryption parameters for every SSL_CTX (workaround
++ * for SNI+SessionTicket extension interoperability issue in these versions)
++ */
++ if ((sc->enabled == SSL_ENABLED_TRUE) ||
++ (sc->enabled == SSL_ENABLED_OPTIONAL)) {
++ if (!tlsext_tick_keys) {
++ tick_keys_len = SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,
++ (-1),(NULL));
++ tlsext_tick_keys = (unsigned char *)apr_palloc(p, tick_keys_len);
++ RAND_bytes(tlsext_tick_keys, tick_keys_len);
++ }
++ SSL_CTX_ctrl((sc->server->ssl_ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,
++ (tick_keys_len),(tlsext_tick_keys));
++ }
++#endif
+ }
+
+ /*
+Index: httpd-2.2.x/modules/ssl/ssl_engine_config.c
+===================================================================
+--- httpd-2.2.x/modules/ssl/ssl_engine_config.c (revision 833672)
++++ httpd-2.2.x/modules/ssl/ssl_engine_config.c (working copy)
+@@ -75,6 +75,9 @@ SSLModConfigRec *ssl_config_global_creat
+ #if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)
+ mc->szCryptoDevice = NULL;
+ #endif
++#ifndef OPENSSL_NO_TLSEXT
++ mc->session_tickets_enabled = SSL_ENABLED_UNSET;
++#endif
+
+ memset(mc->pTmpKeys, 0, sizeof(mc->pTmpKeys));
+
+@@ -1471,6 +1474,26 @@ const char *ssl_cmd_SSLStrictSNIVHostCh
+ #endif
+ }
+
++const char *ssl_cmd_SSLSessionTicketExtension(cmd_parms *cmd, void *dcfg, int flag)
++{
++#ifndef OPENSSL_NO_TLSEXT
++ const char *err;
++ SSLModConfigRec *mc = myModConfig(cmd->server);
++
++ if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
++ return err;
++ }
++
++ mc->session_tickets_enabled = flag ? SSL_ENABLED_TRUE : SSL_ENABLED_FALSE;
++
++ return NULL;
++#else
++ return "SSLSessionTicketExtension failed; OpenSSL is not built with support "
++ "for TLS extensions. Refer to the documentation, and build "
++ "a compatible version of OpenSSL.";
++#endif
++}
++
+ void ssl_hook_ConfigTest(apr_pool_t *pconf, server_rec *s)
+ {
+ if (!ap_exists_config_define("DUMP_CERTS")) {
+Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c
+===================================================================
+--- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (revision 833672)
++++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (working copy)
+@@ -29,6 +29,7 @@
+ time I was too famous.''
+ -- Unknown */
+ #include "ssl_private.h"
++#include "util_md5.h"
+
+ static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
+ #ifndef OPENSSL_NO_TLSEXT
+@@ -2010,6 +2011,7 @@ static int ssl_find_vhost(void *serverna
+ apr_array_header_t *names;
+ int i;
+ SSLConnRec *sslcon;
++ char *sid_ctx;
+
+ /* check ServerName */
+ if (!strcasecmp(servername, s->server_hostname)) {
+@@ -2074,6 +2076,21 @@ static int ssl_find_vhost(void *serverna
+ SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
+ SSL_CTX_get_verify_callback(ssl->ctx));
+ }
++ /*
++ * Adjust the session id context. ssl_init_ssl_connection()
++ * always picks the configuration of the first vhost when
++ * calling SSL_new(), but we want to tie the session to the
++ * vhost we have just switched to. Again, we have to make sure
++ * that we're not overwriting a session id context which was
++ * possibly set in ssl_hook_Access(), before triggering
++ * a renegotation.
++ */
++ if (!SSL_num_renegotiations(ssl)) {
++ sid_ctx = ap_md5_binary(c->pool, (unsigned char*)sc->vhost_id,
++ sc->vhost_id_len);
++ SSL_set_session_id_context(ssl, (unsigned char *)sid_ctx,
++ APR_MD5_DIGESTSIZE*2);
++ }
+
+ /*
+ * Save the found server into our SSLConnRec for later
+Index: httpd-2.2.x/modules/ssl/mod_ssl.c
+===================================================================
+--- httpd-2.2.x/modules/ssl/mod_ssl.c (revision 833672)
++++ httpd-2.2.x/modules/ssl/mod_ssl.c (working copy)
+@@ -92,6 +92,8 @@ static const command_rec ssl_config_cmds
+ SSL_CMD_SRV(RandomSeed, TAKE23,
+ "SSL Pseudo Random Number Generator (PRNG) seeding source "
+ "(`startup|connect builtin|file:/path|exec:/path [bytes]')")
++ SSL_CMD_SRV(SessionTicketExtension, FLAG,
++ "TLS Session Ticket extension support")
+
+ /*
+ * Per-server context configuration directives
--- /dev/null
+--- httpd-2.2.17/build/rules.mk.in~ 2006-07-12 06:38:44.000000000 +0300
++++ httpd-2.2.17/build/rules.mk.in 2011-03-26 18:27:36.410587573 +0200
+@@ -38,17 +38,17 @@
+ COMPILE = $(BASE_CC) @PICFLAGS@
+ CXX_COMPILE = $(BASE_CXX) @PICFLAGS@
+
+-SH_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CC) @SHLTCFLAGS@ -c $< && touch $@
+-SH_CXX_COMPILE = $(LIBTOOL) --mode=compile $(BASE_CXX) @SHLTCFLAGS@ -c $< && touch $@
++SH_COMPILE = $(LIBTOOL) --mode=compile --tag=CC $(BASE_CC) @SHLTCFLAGS@ -c $< && touch $@
++SH_CXX_COMPILE = $(LIBTOOL) --mode=compile --tag=CXX $(BASE_CXX) @SHLTCFLAGS@ -c $< && touch $@
+
+-LT_COMPILE = $(LIBTOOL) --mode=compile $(COMPILE) @LTCFLAGS@ -c $< && touch $@
+-LT_CXX_COMPILE = $(LIBTOOL) --mode=compile $(CXX_COMPILE) @LTCFLAGS@ -c $< && touch $@
++LT_COMPILE = $(LIBTOOL) --mode=compile --tag=CC $(COMPILE) @LTCFLAGS@ -c $< && touch $@
++LT_CXX_COMPILE = $(LIBTOOL) --mode=compile --tag=CXX $(CXX_COMPILE) @LTCFLAGS@ -c $< && touch $@
+
+ # Link-related commands
+
+-LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) @PILDFLAGS@ $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
+-SH_LINK = $(SH_LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) $(LT_LDFLAGS) $(ALL_LDFLAGS) $(SH_LDFLAGS) $(CORE_IMPLIB) $(SH_LIBS) -o $@
+-MOD_LINK = $(LIBTOOL) --mode=link $(CC) $(ALL_CFLAGS) -static $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
++LINK = $(LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) @PILDFLAGS@ $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
++SH_LINK = $(SH_LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) $(LT_LDFLAGS) $(ALL_LDFLAGS) $(SH_LDFLAGS) $(CORE_IMPLIB) $(SH_LIBS) -o $@
++MOD_LINK = $(LIBTOOL) --mode=link --tag=CC $(CC) $(ALL_CFLAGS) -static $(LT_LDFLAGS) $(ALL_LDFLAGS) -o $@
+
+ # Cross compile commands
+
+@@ -216,7 +216,7 @@
+
+ # Makes an import library from a def file
+ .def.la:
+- $(LIBTOOL) --mode=compile $(MK_IMPLIB) -o $@ $<
++ $(LIBTOOL) --mode=compile --tag=CC $(MK_IMPLIB) -o $@ $<
+
+ #
+ # Dependencies
TLD / packages / apache.git / commitdiff