Index: branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch
===================================================================
--- branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch	(revision 1172)
+++ branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch	(revision 1179)
@@ -46,5 +46,5 @@
    AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] )
 --- httpd-2.2.11/support/suexec.c.old	2008-11-30 10:47:31.000000000 -0500
-+++ httpd-2.2.11/support/suexec.c	2009-06-03 05:16:45.000000000 -0400
++++ httpd-2.2.11/support/suexec.c	2009-06-08 09:02:17.000000000 -0400
 @@ -30,6 +30,9 @@
   *
@@ -141,5 +141,13 @@
      gid_t gid;              /* target group placeholder  */
      char *target_uname;     /* target user name          */
-@@ -350,6 +413,20 @@
+@@ -268,6 +331,7 @@
+      * Start with a "clean" environment
+      */
+     clean_env();
++    setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */
+ 
+     prog = argv[0];
+     /*
+@@ -350,6 +414,20 @@
  #endif /*_OSD_POSIX*/
  
@@ -162,5 +170,5 @@
       * or attempts to back up out of the current directory,
       * to protect against attacks.  If any are
-@@ -371,6 +448,7 @@
+@@ -371,6 +449,7 @@
          userdir = 1;
      }
@@ -170,5 +178,5 @@
       * Error out if the target username is invalid.
       */
-@@ -452,7 +530,7 @@
+@@ -452,7 +531,7 @@
       * Error out if attempt is made to execute as root or as
       * a UID less than AP_UID_MIN.  Tsk tsk.
@@ -179,5 +187,5 @@
          exit(107);
      }
-@@ -484,6 +562,21 @@
+@@ -484,6 +563,21 @@
          log_err("failed to setuid (%ld: %s)\n", uid, cmd);
          exit(110);
@@ -201,5 +209,5 @@
      /*
       * Get the current working directory, as well as the proper
-@@ -506,6 +599,21 @@
+@@ -506,6 +600,21 @@
              log_err("cannot get docroot information (%s)\n", target_homedir);
              exit(112);
@@ -223,5 +231,5 @@
      else {
          if (((chdir(AP_DOC_ROOT)) != 0) ||
-@@ -532,15 +640,17 @@
+@@ -532,15 +641,17 @@
      /*
       * Error out if cwd is writable by others.
@@ -242,5 +250,5 @@
          exit(117);
      }
-@@ -548,10 +658,12 @@
+@@ -548,10 +659,12 @@
      /*
       * Error out if the program is writable by others.
@@ -255,5 +263,5 @@
      /*
       * Error out if the file is setuid or setgid.
-@@ -565,6 +677,7 @@
+@@ -565,6 +678,7 @@
       * Error out if the target name/group is different from
       * the name/group of the cwd or the program.
@@ -263,5 +271,5 @@
          (gid != dir_info.st_gid) ||
          (uid != prg_info.st_uid) ||
-@@ -576,16 +689,33 @@
+@@ -576,16 +690,33 @@
                  prg_info.st_uid, prg_info.st_gid);
          exit(120);
Index: branches/fc11-dev/server/common/patches/openafs-scripts.patch
===================================================================
--- branches/fc11-dev/server/common/patches/openafs-scripts.patch	(revision 1172)
+++ branches/fc11-dev/server/common/patches/openafs-scripts.patch	(revision 1179)
@@ -3,4 +3,5 @@
 # with modifications by Joe Presbrey <presbrey@mit.edu>
 # and Anders Kaseorg <andersk@mit.edu>
+# and Edward Z. Yang <ezyang@mit.edu>
 #
 # This file is available under both the MIT license and the GPL.
@@ -43,6 +44,6 @@
 #
 diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c
---- openafs-1.4/src/afs/afs_analyze.c	2008-10-27 19:54:06.000000000 -0400
-+++ openafs-1.4+scripts/src/afs/afs_analyze.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/afs_analyze.c
++++ openafs-1.4+scripts/src/afs/afs_analyze.c
 @@ -585,7 +585,7 @@
  			 (afid ? afid->Fid.Volume : 0));
@@ -54,7 +55,55 @@
  		(aerrP->err_Volume)++;
  	    areq->volumeError = VOLBUSY;
+diff -ur openafs-1.4/src/afs/LINUX/osi_vnodeops.c openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
+--- openafs-1.4/src/afs/LINUX/osi_vnodeops.c
++++ openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
+@@ -875,6 +875,28 @@
+ 	/* should we always update the attributes at this point? */
+ 	/* unlikely--the vcache entry hasn't changed */
+ 
++	/* [scripts] This code makes hardlinks work correctly.
++	 *
++	 * We want Apache to be able to read a file with hardlinks
++	 * named .htaccess and foo to be able to read it via .htaccess
++	 * and not via foo, regardless of which name was looked up
++	 * (remember, inodes do not have filenames associated with them.)
++	 *
++	 * It is important that we modify the existing cache entry even
++	 * if it is otherwise totally valid and would not be reloaded.
++	 * Otherwise, it won't recover from repeatedly reading the same
++	 * inode via multiple hardlinks or different names.  Specifically,
++	 * Apache will be able to read both names if it was first looked
++	 * up (by anyone!) via .htaccess, and neither if it was first
++	 * looked up via foo.
++	 *
++	 * With regards to performance, the strncmp() is bounded by
++	 * three characters, so it takes O(3) operations.  If this code
++	 * is extended to all static-cat extensions, we'll want to do
++	 * some clever hashing using gperf here.
++	 */
++	vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0;
++
+     } else {
+ #ifdef notyet
+ 	pvcp = VTOAFS(dp->d_parent->d_inode);		/* dget_parent()? */
+diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
+--- openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c
++++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
+@@ -1572,6 +1572,12 @@
+     }
+ 
+   done:
++    if (tvc) {
++	/* [scripts] check Apache's ability to read this file, so that
++	 * we can figure this out on an access() call */
++	tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
++    }
++
+     /* put the network buffer back, if need be */
+     if (tname != aname && tname)
+ 	osi_FreeLargeSpace(tname);
 diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h
---- openafs-1.4/src/afs/afs.h	2009-01-19 14:27:19.000000000 -0500
-+++ openafs-1.4+scripts/src/afs/afs.h	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/afs.h
++++ openafs-1.4+scripts/src/afs/afs.h
 @@ -208,8 +208,16 @@
  #define QTOC(e)	    QEntry(e, struct cell, lruq)
@@ -74,7 +123,15 @@
      afs_int32 flags;		/* things like O_SYNC, O_NONBLOCK go here */
      char initd;			/* if non-zero, Error fields meaningful */
+@@ -743,6 +751,7 @@
+ #ifdef AFS_SUN5_ENV
+     short multiPage;		/* count of multi-page getpages in progress */
+ #endif
++    int apache_access;		/* whether or not Apache has access to a file */
+ };
+ 
+ #define	DONT_CHECK_MODE_BITS	0
 diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c
---- openafs-1.4/src/afs/afs_osi_pag.c	2008-10-20 15:29:46.000000000 -0400
-+++ openafs-1.4+scripts/src/afs/afs_osi_pag.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/afs_osi_pag.c
++++ openafs-1.4+scripts/src/afs/afs_osi_pag.c
 @@ -51,6 +51,8 @@
  #endif
@@ -103,6 +160,6 @@
  }
 diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
---- openafs-1.4/src/afs/afs_pioctl.c	2009-01-19 13:09:34.000000000 -0500
-+++ openafs-1.4+scripts/src/afs/afs_pioctl.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/afs_pioctl.c
++++ openafs-1.4+scripts/src/afs/afs_pioctl.c
 @@ -1217,6 +1217,10 @@
      struct AFSFetchStatus OutStatus;
@@ -150,6 +207,6 @@
  	return EIO;		/* Inappropriate ioctl for device */
 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
---- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c	2008-03-07 12:34:08.000000000 -0500
-+++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c
++++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
 @@ -118,6 +118,17 @@
  
@@ -170,5 +227,5 @@
      } else {
  	/* some rights come from dir and some from file.  Specifically, you 
-@@ -171,6 +182,18 @@
+@@ -171,6 +182,19 @@
  		    fileBits |= PRSFS_READ;
  	    }
@@ -180,5 +237,6 @@
 +             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
 +             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
-+             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) &&
++             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
++                 (avc->m.Mode == 0100777 || avc->apache_access)) &&
 +             !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
 +             !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
@@ -190,6 +248,6 @@
  }
 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
---- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c	2009-01-13 14:37:28.000000000 -0500
-+++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c
++++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
 @@ -87,8 +87,8 @@
  	}