Index: branches/fc19-dev/server/common/patches/httpd-suexec-scripts.patch
===================================================================
--- branches/fc19-dev/server/common/patches/httpd-suexec-scripts.patch	(revision 2402)
+++ branches/fc19-dev/server/common/patches/httpd-suexec-scripts.patch	(revision 2422)
@@ -1,38 +1,31 @@
-# scripts.mit.edu httpd suexec patch
-# Copyright (C) 2006, 2007, 2008  Jeff Arnold <jbarnold@mit.edu>,
-#                                 Joe Presbrey <presbrey@mit.edu>,
-#                                 Anders Kaseorg <andersk@mit.edu>,
-#                                 Geoffrey Thomas <geofft@mit.edu>
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
-#
-# See /COPYRIGHT in this repository for more information.
-#
---- httpd-2.2.2/support/Makefile.in.old	2005-07-06 19:15:34.000000000 -0400
-+++ httpd-2.2.2/support/Makefile.in	2007-01-20 17:12:51.000000000 -0500
-@@ -60,7 +60,7 @@
-
- suexec_OBJECTS = suexec.lo
- suexec: $(suexec_OBJECTS)
--	$(LINK) $(suexec_OBJECTS)
-+	$(LINK) -lselinux $(suexec_OBJECTS)
-
- htcacheclean_OBJECTS = htcacheclean.lo
- htcacheclean: $(htcacheclean_OBJECTS)
---- httpd-2.2.2/configure.in.old	2007-07-17 10:48:25.000000000 -0400
-+++ httpd-2.2.2/configure.in	2008-08-29 08:15:41.000000000 -0400
-@@ -559,6 +559,10 @@
+From 8445788d68230b2e18739166f4c3ae6434038421 Mon Sep 17 00:00:00 2001
+From: Alexander Chernyakhovsky <achernya@mit.edu>
+Date: Fri, 3 May 2013 21:38:58 -0400
+Subject: [PATCH 1/4] Add scripts-specific support to suexec
+
+This patch make suexec aware of static-cat, Scripts' tool to serve
+static content out of AFS.  Specifically, this introduces a whitelist
+of extensions for which suexec is supposed to invoke static-cat as a
+content-handler.
+
+Additionally, this patch also sets JAVA_TOOL_OPTIONS, to allow the JVM
+to start up in Scripts' limited memory environment.
+
+Furthermore, this patch deals with some of suexec's paranoia being
+incorrect in an AFS world, by ignoring some of the irrelevant stat
+results.
+
+Finally, add support for invoking php-cgi for php files, in a safe
+manner that will strip arguments passed by Apache to php-cgi.
+---
+ configure.in     |    4 ++
+ support/suexec.c |  172 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 173 insertions(+), 3 deletions(-)
+
+diff --git a/configure.in b/configure.in
+index d93f78c..14faccf 100644
+--- a/configure.in
++++ b/configure.in
+@@ -720,6 +720,10 @@ AC_ARG_WITH(suexec-userdir,
  APACHE_HELP_STRING(--with-suexec-userdir,User subdirectory),[
    AC_DEFINE_UNQUOTED(AP_USERDIR_SUFFIX, "$withval", [User subdirectory] ) ] )
@@ -45,6 +38,8 @@
  APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[
    AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] )
---- httpd-2.2.11/support/suexec.c.old	2008-11-30 10:47:31.000000000 -0500
-+++ httpd-2.2.11/support/suexec.c	2009-06-08 09:02:17.000000000 -0400
+diff --git a/support/suexec.c b/support/suexec.c
+index 5b6b254..e377042 100644
+--- a/support/suexec.c
++++ b/support/suexec.c
 @@ -30,6 +30,9 @@
   *
@@ -57,13 +52,5 @@
  #include "ap_config.h"
  #include "suexec.h"
-@@ -46,6 +49,7 @@
- #include <stdio.h>
- #include <stdarg.h>
- #include <stdlib.h>
-+#include <selinux/selinux.h>
- 
- #ifdef HAVE_PWD_H
- #include <pwd.h>
-@@ -95,6 +99,7 @@
+@@ -92,6 +95,7 @@ static const char *const safe_env_lst[] =
  {
      /* variable name starts with */
@@ -73,5 +60,5 @@
  
      /* variable name is */
-@@ -245,9 +250,108 @@
+@@ -264,9 +268,108 @@ static void clean_env(void)
      environ = cleanenv;
  }
@@ -182,5 +169,5 @@
      gid_t gid;              /* target group placeholder  */
      char *target_uname;     /* target user name          */
-@@ -268,6 +368,7 @@
+@@ -286,6 +389,7 @@ int main(int argc, char *argv[])
       * Start with a "clean" environment
       */
@@ -188,7 +175,7 @@
 +    setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */
  
-     prog = argv[0];
-     /*
-@@ -350,6 +451,20 @@
+     /*
+      * Check existence/validity of the UID of the user
+@@ -369,6 +473,20 @@ int main(int argc, char *argv[])
  #endif /*_OSD_POSIX*/
  
@@ -211,5 +198,5 @@
       * or attempts to back up out of the current directory,
       * to protect against attacks.  If any are
-@@ -371,6 +486,7 @@
+@@ -390,6 +508,7 @@ int main(int argc, char *argv[])
          userdir = 1;
      }
@@ -219,5 +206,5 @@
       * Error out if the target username is invalid.
       */
-@@ -452,7 +568,7 @@
+@@ -471,7 +590,7 @@ int main(int argc, char *argv[])
       * Error out if attempt is made to execute as root or as
       * a UID less than AP_UID_MIN.  Tsk tsk.
@@ -225,9 +212,9 @@
 -    if ((uid == 0) || (uid < AP_UID_MIN)) {
 +    if ((uid == 0) || (uid < AP_UID_MIN && uid != 102)) { /* uid 102 = signup  */
-         log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
+         log_err("cannot run as forbidden uid (%lu/%s)\n", (unsigned long)uid, cmd);
          exit(107);
      }
-@@ -484,6 +599,7 @@
-         log_err("failed to setuid (%ld: %s)\n", uid, cmd);
+@@ -503,6 +622,7 @@ int main(int argc, char *argv[])
+         log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd);
          exit(110);
      }
@@ -236,5 +223,5 @@
      /*
       * Get the current working directory, as well as the proper
-@@ -506,6 +637,21 @@
+@@ -525,6 +645,21 @@ int main(int argc, char *argv[])
              log_err("cannot get docroot information (%s)\n", target_homedir);
              exit(112);
@@ -258,5 +245,5 @@
      else {
          if (((chdir(AP_DOC_ROOT)) != 0) ||
-@@ -532,15 +678,17 @@
+@@ -551,15 +686,17 @@ int main(int argc, char *argv[])
      /*
       * Error out if cwd is writable by others.
@@ -277,5 +264,5 @@
          exit(117);
      }
-@@ -548,10 +696,12 @@
+@@ -567,10 +704,12 @@ int main(int argc, char *argv[])
      /*
       * Error out if the program is writable by others.
@@ -290,5 +277,5 @@
      /*
       * Error out if the file is setuid or setgid.
-@@ -565,6 +715,7 @@
+@@ -584,6 +723,7 @@ int main(int argc, char *argv[])
       * Error out if the target name/group is different from
       * the name/group of the cwd or the program.
@@ -298,6 +285,6 @@
          (gid != dir_info.st_gid) ||
          (uid != prg_info.st_uid) ||
-@@ -576,12 +727,14 @@
-                 prg_info.st_uid, prg_info.st_gid);
+@@ -595,12 +735,14 @@ int main(int argc, char *argv[])
+                 (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
          exit(120);
      }
@@ -314,5 +301,5 @@
          exit(121);
      }
-@@ -614,6 +767,30 @@
+@@ -649,6 +791,30 @@ int main(int argc, char *argv[])
      /*
       * Execute the command, replacing our image with its own.
@@ -345,2 +332,5 @@
      /* We need the #! emulation when we want to execute scripts */
      {
+-- 
+1.7.9.6 (Apple Git-31.1)
+