Index: branches/fc11-dev/server/common/oursrc/nss_nonlocal/configure.ac
===================================================================
--- branches/fc11-dev/server/common/oursrc/nss_nonlocal/configure.ac	(revision 1172)
+++ branches/fc11-dev/server/common/oursrc/nss_nonlocal/configure.ac	(revision 1179)
@@ -1,3 +1,3 @@
-AC_INIT([nss_nonlocal], [1.8], [andersk@mit.edu])
+AC_INIT([nss_nonlocal], [1.9], [andersk@mit.edu])
 AC_CANONICAL_TARGET
 AM_INIT_AUTOMAKE([-Wall -Werror foreign])
Index: branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-group.c
===================================================================
--- branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-group.c	(revision 1172)
+++ branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-group.c	(revision 1179)
@@ -98,10 +98,20 @@
     fct.ptr = fct_start;
     do {
+    morebuf:
 	if (fct.l == _nss_nonlocal_getgrgid_r)
 	    status = NSS_STATUS_NOTFOUND;
 	else
 	    status = DL_CALL_FCT(fct.l, (gid, &gbuf, buf, buflen, errnop));
-	if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
-	    break;
+	if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
+	    free(buf);
+	    buflen *= 2;
+	    buf = malloc(buflen);
+	    if (buf == NULL) {
+		*errnop = ENOMEM;
+		errno = old_errno;
+		return NSS_STATUS_TRYAGAIN;
+	    }
+	    goto morebuf;
+	}
     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
 
@@ -118,5 +128,5 @@
 
 enum nss_status
-get_local_group(const char *name, struct group *grp, char *buffer, size_t buflen, int *errnop)
+get_local_group(const char *name, struct group *grp, char **buffer, int *errnop)
 {
     static const char *fct_name = "getgrnam_r";
@@ -130,11 +140,10 @@
 	void *ptr;
     } fct;
-    struct group gbuf;
-    int n;
+    size_t buflen;
     int old_errno = errno;
 
-    int len = sysconf(_SC_GETGR_R_SIZE_MAX);
-    char *buf = malloc(len);
-    if (buf == NULL) {
+    buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+    *buffer = malloc(buflen);
+    if (*buffer == NULL) {
 	*errnop = ENOMEM;
 	errno = old_errno;
@@ -144,5 +153,6 @@
     if (fct_start == NULL &&
 	__nss_group_lookup(&startp, fct_name, &fct_start) != 0) {
-	free(buf);
+	free(*buffer);
+	*buffer = NULL;
 	return NSS_STATUS_UNAVAIL;
     }
@@ -150,48 +160,27 @@
     fct.ptr = fct_start;
     do {
+    morebuf:
 	if (fct.l == _nss_nonlocal_getgrnam_r)
 	    status = NSS_STATUS_NOTFOUND;
 	else
-	    status = DL_CALL_FCT(fct.l, (name, &gbuf, buf, buflen, errnop));
-	if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
-	    break;
-    } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
-
-    if (status != NSS_STATUS_SUCCESS)
-	goto get_local_group_done;
-
-    n = snprintf(buffer, buflen, "%s", gbuf.gr_name);
-    if (n < 0 || n >= buflen) {
-	*errnop = ERANGE;
-	status = NSS_STATUS_TRYAGAIN;
-	goto get_local_group_done;
-    }
-    grp->gr_name = buffer;
-    buffer += n;
-    buflen -= n;
-
-    n = snprintf(buffer, buflen, "%s", gbuf.gr_passwd);
-    if (n < 0 || n >= buflen) {
-	*errnop = ERANGE;
-	status = NSS_STATUS_TRYAGAIN;
-	goto get_local_group_done;
-    }
-    grp->gr_passwd = buffer;
-    buffer += n;
-    buflen -= n;
-
-    grp->gr_gid = gbuf.gr_gid;
-
-    if (buflen < sizeof(void *)) {
-	*errnop = ERANGE;
-	status = NSS_STATUS_TRYAGAIN;
-	goto get_local_group_done;
-    }
-    *(void **)buffer = NULL;
-    buffer += sizeof(void *);
-    buflen -= sizeof(void *);
-
- get_local_group_done:
-    free(buf);
+	    status = DL_CALL_FCT(fct.l, (name, grp, *buffer, buflen, errnop));
+	if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
+	    free(*buffer);
+	    buflen *= 2;
+	    *buffer = malloc(buflen);
+	    if (*buffer == NULL) {
+		*errnop = ENOMEM;
+		errno = old_errno;
+		return NSS_STATUS_TRYAGAIN;
+	    }
+	    goto morebuf;
+	}
+    } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
+
+    if (status != NSS_STATUS_SUCCESS) {
+	free(*buffer);
+	*buffer = NULL;
+    }
+
     return status;
 }
@@ -401,5 +390,4 @@
     gid_t local_users_gid, gid;
     int is_local = 0;
-    int buflen;
     char *buffer;
 
@@ -413,17 +401,10 @@
     int old_errno = errno;
 
-    buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
-    buffer = malloc(buflen);
-    if (buffer == NULL) {
-	*errnop = ENOMEM;
-	errno = old_errno;
-	return NSS_STATUS_TRYAGAIN;
-    }
     status = get_local_group(MAGIC_LOCAL_GROUPNAME,
-			     &local_users_group, buffer, buflen, errnop);
+			     &local_users_group, &buffer, errnop);
     if (status == NSS_STATUS_SUCCESS) {
 	local_users_gid = local_users_group.gr_gid;
+	free(buffer);
     } else if (status == NSS_STATUS_TRYAGAIN) {
-	free(buffer);
 	return status;
     } else {
@@ -432,22 +413,14 @@
 	local_users_gid = -1;
     }
-    free(buffer);
 
     if (is_local) {
 	gid = local_users_gid;
     } else {
-	buflen = sysconf(_SC_GETGR_R_SIZE_MAX);
-	buffer = malloc(buflen);
-	if (buffer == NULL) {
-	    *errnop = ENOMEM;
-	    errno = old_errno;
-	    return NSS_STATUS_TRYAGAIN;
-	}
  	status = get_local_group(MAGIC_NONLOCAL_GROUPNAME,
-				 &nonlocal_users_group, buffer, buflen, errnop);
+				 &nonlocal_users_group, &buffer, errnop);
 	if (status == NSS_STATUS_SUCCESS) {
 	    gid = nonlocal_users_group.gr_gid;
+	    free(buffer);
 	} else if (status == NSS_STATUS_TRYAGAIN) {
-	    free(buffer);
 	    return status;
 	} else {
@@ -456,5 +429,4 @@
 	    gid = -1;
 	}
-	free(buffer);
     }
 
Index: branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-passwd.c
===================================================================
--- branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-passwd.c	(revision 1172)
+++ branches/fc11-dev/server/common/oursrc/nss_nonlocal/nonlocal-passwd.c	(revision 1179)
@@ -96,10 +96,20 @@
     fct.ptr = fct_start;
     do {
+    morebuf:
 	if (fct.l == _nss_nonlocal_getpwuid_r)
 	    status = NSS_STATUS_NOTFOUND;
 	else
 	    status = DL_CALL_FCT(fct.l, (uid, &pwbuf, buf, buflen, errnop));
-	if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
-	    break;
+	if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
+	    free(buf);
+	    buflen *= 2;
+	    buf = malloc(buflen);
+	    if (buf == NULL) {
+		*errnop = ENOMEM;
+		errno = old_errno;
+		return NSS_STATUS_TRYAGAIN;
+	    }
+	    goto morebuf;
+	}
     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
 
@@ -147,10 +157,20 @@
     fct.ptr = fct_start;
     do {
+    morebuf:
 	if (fct.l == _nss_nonlocal_getpwnam_r)
 	    status = NSS_STATUS_NOTFOUND;
 	else
 	    status = DL_CALL_FCT(fct.l, (user, &pwbuf, buf, buflen, errnop));
-	if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE)
-	    break;
+	if (status == NSS_STATUS_TRYAGAIN && *errnop == ERANGE) {
+	    free(buf);
+	    buflen *= 2;
+	    buf = malloc(buflen);
+	    if (buf == NULL) {
+		*errnop = ENOMEM;
+		errno = old_errno;
+		return NSS_STATUS_TRYAGAIN;
+	    }
+	    goto morebuf;
+	}
     } while (__nss_next(&nip, fct_name, &fct.ptr, status, 0) == 0);
 
Index: branches/fc11-dev/server/common/oursrc/php_scripts/build.sh
===================================================================
--- branches/fc11-dev/server/common/oursrc/php_scripts/build.sh	(revision 1179)
+++ branches/fc11-dev/server/common/oursrc/php_scripts/build.sh	(revision 1179)
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+mkdir -p test/
+cp -a config.m4 php_scripts.c php_scripts.h test/
+cd test/
+phpize
+./configure
+make
+exit
+
+cd ../
+echo '*****'
+php -c php.ini test.php
+echo '*****'
+php-cgi test.php
+echo '*****'
+php-cgi -c php.ini test.php
+echo '*****'
Index: branches/fc11-dev/server/common/oursrc/php_scripts/config.m4
===================================================================
--- branches/fc11-dev/server/common/oursrc/php_scripts/config.m4	(revision 1179)
+++ branches/fc11-dev/server/common/oursrc/php_scripts/config.m4	(revision 1179)
@@ -0,0 +1,7 @@
+PHP_ARG_ENABLE(scripts, whether to enable scripts.mit.edu support,
+[ --enable-scripts   Enable scripts.mit.edu support])
+
+if test "$PHP_SCRIPTS" != "no"; then
+  AC_DEFINE(HAVE_SCRIPTS, 1, [Whether you have scripts.mit.edu support])
+  PHP_NEW_EXTENSION(scripts, php_scripts.c, $ext_shared)
+fi
Index: branches/fc11-dev/server/common/oursrc/php_scripts/php.ini
===================================================================
--- branches/fc11-dev/server/common/oursrc/php_scripts/php.ini	(revision 1179)
+++ branches/fc11-dev/server/common/oursrc/php_scripts/php.ini	(revision 1179)
@@ -0,0 +1,5 @@
+;display_startup_errors = On
+extension_dir = /root/php_scripts/test/modules/
+extension = ../../../../root/php_scripts/test/modules/scripts.so
+;zend_extension_ts = ../../../../root/php_scripts/test/modules/scripts.so
+error_reporting = E_ALL
Index: branches/fc11-dev/server/common/oursrc/php_scripts/php_scripts.c
===================================================================
--- branches/fc11-dev/server/common/oursrc/php_scripts/php_scripts.c	(revision 1179)
+++ branches/fc11-dev/server/common/oursrc/php_scripts/php_scripts.c	(revision 1179)
@@ -0,0 +1,85 @@
+/***
+ * scripts.mit.edu PHP enhancement extension
+ *
+ * Joe Presbrey <presbrey@mit.edu>
+ * 2008-06-19
+ *
+ ***/
+
+#include "php.h"
+#include "zend_extensions.h"
+
+#include "php_scripts.h"
+
+#ifndef ZEND_EXT_API
+#define ZEND_EXT_API    ZEND_DLEXPORT
+#endif
+ZEND_EXTENSION();
+
+ZEND_MODULE_STARTUP_D(scripts)
+{
+	return SUCCESS;
+}
+
+ZEND_MODULE_SHUTDOWN_D(scripts)
+{
+}
+
+ZEND_MODULE_ACTIVATE_D(scripts)
+{
+    // replace error handler callback with our own
+    old_error_cb = zend_error_cb;
+    new_error_cb = scripts_error_cb;
+    zend_error_cb = new_error_cb;
+
+	return SUCCESS;
+}
+
+ZEND_MODULE_DEACTIVATE_D(scripts)
+{
+    // restore original error handler callback
+    zend_error_cb = old_error_cb;
+}
+
+void scripts_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args)
+{
+    char *buffer;
+    const char *user = php_get_current_user();
+
+    // enhance the log message
+    spprintf(&buffer, 0, "(%s) %s", user, format);
+
+    // pass through to builtin error callback
+    if (strncmp(format, "Module '%s' already loaded", 26)==0) {
+        // demote from E_CORE_WARNING
+        old_error_cb(E_NOTICE, error_filename, error_lineno, buffer, args);
+    } else {
+        old_error_cb(type, error_filename, error_lineno, buffer, args);
+    }
+
+    efree(buffer);
+}
+
+ZEND_DLEXPORT zend_extension zend_extension_entry = {
+    PHP_SCRIPTS_EXTNAME,
+    PHP_SCRIPTS_VERSION,
+    PHP_SCRIPTS_AUTHOR,
+    PHP_SCRIPTS_URL,
+    PHP_SCRIPTS_YEAR,
+    ZEND_MODULE_STARTUP_N(scripts),		/* startup_func_t */
+    ZEND_MODULE_SHUTDOWN_N(scripts),	/* shutdown_func_t */
+    ZEND_MODULE_ACTIVATE_N(scripts),	/* activate_func_t */
+    ZEND_MODULE_DEACTIVATE_N(scripts),	/* deactivate_func_t */
+    NULL,           					/* message_handler_func_t */
+    NULL,           					/* op_array_handler_func_t */
+    NULL,           					/* statement_handler_func_t */
+    NULL,           					/* fcall_begin_handler_func_t */
+    NULL,           					/* fcall_end_handler_func_t */
+    NULL,           					/* op_array_ctor_func_t */
+    NULL,           					/* op_array_dtor_func_t */
+    STANDARD_ZEND_EXTENSION_PROPERTIES
+};
+
+#ifdef COMPILE_DL_SCRIPTS
+ZEND_GET_MODULE(scripts)
+#endif
Index: branches/fc11-dev/server/common/oursrc/php_scripts/php_scripts.h
===================================================================
--- branches/fc11-dev/server/common/oursrc/php_scripts/php_scripts.h	(revision 1179)
+++ branches/fc11-dev/server/common/oursrc/php_scripts/php_scripts.h	(revision 1179)
@@ -0,0 +1,51 @@
+/***
+ * scripts.mit.edu PHP extension
+ *
+ * Joe Presbrey <presbrey@mit.edu>
+ * 2008-06-19
+ *
+ ***/
+
+#ifndef PHP_SCRIPTS_H
+#define PHP_SCRIPTS_H 1
+
+#define PHP_SCRIPTS_VERSION "1.0"
+#define PHP_SCRIPTS_EXTNAME "scripts"
+#define PHP_SCRIPTS_AUTHOR "presbrey@mit.edu"
+#define PHP_SCRIPTS_URL "http://scripts.mit.edu/"
+#define PHP_SCRIPTS_YEAR "2008"
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+extern zend_module_entry scripts_module_entry;
+#define phpext_scripts_ptr &scripts_module_entry
+
+/* error callback repalcement functions */
+void (*old_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args);
+void (*new_error_cb)(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args);
+void scripts_error_cb(int type, const char *error_filename, const uint error_lineno, const char *format, va_list args);
+
+static function_entry scripts_functions[] = {
+    {NULL, NULL, NULL}
+};
+
+zend_module_entry scripts_module_entry = {
+#if ZEND_MODULE_API_NO >= 20010901
+    STANDARD_MODULE_HEADER,
+#endif
+    PHP_SCRIPTS_EXTNAME,
+    scripts_functions,
+    NULL, //PHP_MINIT(scripts),
+    NULL, //PHP_MSHUTDOWN(scripts),
+    NULL,
+    NULL,
+    NULL,
+#if ZEND_MODULE_API_NO >= 20010901
+    PHP_SCRIPTS_VERSION,
+#endif
+    STANDARD_MODULE_PROPERTIES
+};
+
+#endif
Index: branches/fc11-dev/server/common/oursrc/php_scripts/test.php
===================================================================
--- branches/fc11-dev/server/common/oursrc/php_scripts/test.php	(revision 1179)
+++ branches/fc11-dev/server/common/oursrc/php_scripts/test.php	(revision 1179)
@@ -0,0 +1,7 @@
+<?php
+
+dl('scripts.so');
+dl('scripts.so');
+if (1/0) {
+    echo 'dbz';
+}
Index: branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch
===================================================================
--- branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch	(revision 1172)
+++ branches/fc11-dev/server/common/patches/httpd-suexec-scripts.patch	(revision 1179)
@@ -46,5 +46,5 @@
    AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] )
 --- httpd-2.2.11/support/suexec.c.old	2008-11-30 10:47:31.000000000 -0500
-+++ httpd-2.2.11/support/suexec.c	2009-06-03 05:16:45.000000000 -0400
++++ httpd-2.2.11/support/suexec.c	2009-06-08 09:02:17.000000000 -0400
 @@ -30,6 +30,9 @@
   *
@@ -141,5 +141,13 @@
      gid_t gid;              /* target group placeholder  */
      char *target_uname;     /* target user name          */
-@@ -350,6 +413,20 @@
+@@ -268,6 +331,7 @@
+      * Start with a "clean" environment
+      */
+     clean_env();
++    setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */
+ 
+     prog = argv[0];
+     /*
+@@ -350,6 +414,20 @@
  #endif /*_OSD_POSIX*/
  
@@ -162,5 +170,5 @@
       * or attempts to back up out of the current directory,
       * to protect against attacks.  If any are
-@@ -371,6 +448,7 @@
+@@ -371,6 +449,7 @@
          userdir = 1;
      }
@@ -170,5 +178,5 @@
       * Error out if the target username is invalid.
       */
-@@ -452,7 +530,7 @@
+@@ -452,7 +531,7 @@
       * Error out if attempt is made to execute as root or as
       * a UID less than AP_UID_MIN.  Tsk tsk.
@@ -179,5 +187,5 @@
          exit(107);
      }
-@@ -484,6 +562,21 @@
+@@ -484,6 +563,21 @@
          log_err("failed to setuid (%ld: %s)\n", uid, cmd);
          exit(110);
@@ -201,5 +209,5 @@
      /*
       * Get the current working directory, as well as the proper
-@@ -506,6 +599,21 @@
+@@ -506,6 +600,21 @@
              log_err("cannot get docroot information (%s)\n", target_homedir);
              exit(112);
@@ -223,5 +231,5 @@
      else {
          if (((chdir(AP_DOC_ROOT)) != 0) ||
-@@ -532,15 +640,17 @@
+@@ -532,15 +641,17 @@
      /*
       * Error out if cwd is writable by others.
@@ -242,5 +250,5 @@
          exit(117);
      }
-@@ -548,10 +658,12 @@
+@@ -548,10 +659,12 @@
      /*
       * Error out if the program is writable by others.
@@ -255,5 +263,5 @@
      /*
       * Error out if the file is setuid or setgid.
-@@ -565,6 +677,7 @@
+@@ -565,6 +678,7 @@
       * Error out if the target name/group is different from
       * the name/group of the cwd or the program.
@@ -263,5 +271,5 @@
          (gid != dir_info.st_gid) ||
          (uid != prg_info.st_uid) ||
-@@ -576,16 +689,33 @@
+@@ -576,16 +690,33 @@
                  prg_info.st_uid, prg_info.st_gid);
          exit(120);
Index: branches/fc11-dev/server/common/patches/openafs-scripts.patch
===================================================================
--- branches/fc11-dev/server/common/patches/openafs-scripts.patch	(revision 1172)
+++ branches/fc11-dev/server/common/patches/openafs-scripts.patch	(revision 1179)
@@ -3,4 +3,5 @@
 # with modifications by Joe Presbrey <presbrey@mit.edu>
 # and Anders Kaseorg <andersk@mit.edu>
+# and Edward Z. Yang <ezyang@mit.edu>
 #
 # This file is available under both the MIT license and the GPL.
@@ -43,6 +44,6 @@
 #
 diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c
---- openafs-1.4/src/afs/afs_analyze.c	2008-10-27 19:54:06.000000000 -0400
-+++ openafs-1.4+scripts/src/afs/afs_analyze.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/afs_analyze.c
++++ openafs-1.4+scripts/src/afs/afs_analyze.c
 @@ -585,7 +585,7 @@
  			 (afid ? afid->Fid.Volume : 0));
@@ -54,7 +55,55 @@
  		(aerrP->err_Volume)++;
  	    areq->volumeError = VOLBUSY;
+diff -ur openafs-1.4/src/afs/LINUX/osi_vnodeops.c openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
+--- openafs-1.4/src/afs/LINUX/osi_vnodeops.c
++++ openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
+@@ -875,6 +875,28 @@
+ 	/* should we always update the attributes at this point? */
+ 	/* unlikely--the vcache entry hasn't changed */
+ 
++	/* [scripts] This code makes hardlinks work correctly.
++	 *
++	 * We want Apache to be able to read a file with hardlinks
++	 * named .htaccess and foo to be able to read it via .htaccess
++	 * and not via foo, regardless of which name was looked up
++	 * (remember, inodes do not have filenames associated with them.)
++	 *
++	 * It is important that we modify the existing cache entry even
++	 * if it is otherwise totally valid and would not be reloaded.
++	 * Otherwise, it won't recover from repeatedly reading the same
++	 * inode via multiple hardlinks or different names.  Specifically,
++	 * Apache will be able to read both names if it was first looked
++	 * up (by anyone!) via .htaccess, and neither if it was first
++	 * looked up via foo.
++	 *
++	 * With regards to performance, the strncmp() is bounded by
++	 * three characters, so it takes O(3) operations.  If this code
++	 * is extended to all static-cat extensions, we'll want to do
++	 * some clever hashing using gperf here.
++	 */
++	vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0;
++
+     } else {
+ #ifdef notyet
+ 	pvcp = VTOAFS(dp->d_parent->d_inode);		/* dget_parent()? */
+diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
+--- openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c
++++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
+@@ -1572,6 +1572,12 @@
+     }
+ 
+   done:
++    if (tvc) {
++	/* [scripts] check Apache's ability to read this file, so that
++	 * we can figure this out on an access() call */
++	tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
++    }
++
+     /* put the network buffer back, if need be */
+     if (tname != aname && tname)
+ 	osi_FreeLargeSpace(tname);
 diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h
---- openafs-1.4/src/afs/afs.h	2009-01-19 14:27:19.000000000 -0500
-+++ openafs-1.4+scripts/src/afs/afs.h	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/afs.h
++++ openafs-1.4+scripts/src/afs/afs.h
 @@ -208,8 +208,16 @@
  #define QTOC(e)	    QEntry(e, struct cell, lruq)
@@ -74,7 +123,15 @@
      afs_int32 flags;		/* things like O_SYNC, O_NONBLOCK go here */
      char initd;			/* if non-zero, Error fields meaningful */
+@@ -743,6 +751,7 @@
+ #ifdef AFS_SUN5_ENV
+     short multiPage;		/* count of multi-page getpages in progress */
+ #endif
++    int apache_access;		/* whether or not Apache has access to a file */
+ };
+ 
+ #define	DONT_CHECK_MODE_BITS	0
 diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c
---- openafs-1.4/src/afs/afs_osi_pag.c	2008-10-20 15:29:46.000000000 -0400
-+++ openafs-1.4+scripts/src/afs/afs_osi_pag.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/afs_osi_pag.c
++++ openafs-1.4+scripts/src/afs/afs_osi_pag.c
 @@ -51,6 +51,8 @@
  #endif
@@ -103,6 +160,6 @@
  }
 diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
---- openafs-1.4/src/afs/afs_pioctl.c	2009-01-19 13:09:34.000000000 -0500
-+++ openafs-1.4+scripts/src/afs/afs_pioctl.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/afs_pioctl.c
++++ openafs-1.4+scripts/src/afs/afs_pioctl.c
 @@ -1217,6 +1217,10 @@
      struct AFSFetchStatus OutStatus;
@@ -150,6 +207,6 @@
  	return EIO;		/* Inappropriate ioctl for device */
 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
---- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c	2008-03-07 12:34:08.000000000 -0500
-+++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c
++++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
 @@ -118,6 +118,17 @@
  
@@ -170,5 +227,5 @@
      } else {
  	/* some rights come from dir and some from file.  Specifically, you 
-@@ -171,6 +182,18 @@
+@@ -171,6 +182,19 @@
  		    fileBits |= PRSFS_READ;
  	    }
@@ -180,5 +237,6 @@
 +             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
 +             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
-+             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID && avc->m.Mode == 33279) &&
++             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
++                 (avc->m.Mode == 0100777 || avc->apache_access)) &&
 +             !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
 +             !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
@@ -190,6 +248,6 @@
  }
 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
---- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c	2009-01-13 14:37:28.000000000 -0500
-+++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c	2009-04-08 08:07:22.000000000 -0400
+--- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c
++++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
 @@ -87,8 +87,8 @@
  	}