Patch cleanup in preperation for 2.0.58:

 * Updated mpm-peruser to 0.2.0 - Should fix bug 125244 and maybe bug 105778
 * Removed CVE patches that are included included upstream

4 files changed, 259 insertions, 190 deletions

diff --git a/2.0/patches/05_all_peruser-0.1.6.patch b/2.0/patches/05_all_peruser-0.2.0.patch
index f558520..61bff34 100644
--- a/2.0/patches/05_all_peruser-0.1.6.patch
+++ b/2.0/patches/05_all_peruser-0.2.0.patch
@@ -1,6 +1,6 @@
-diff -Nur httpd-2.0.52/server/mpm/config.m4 httpd-2.0.52-peruser/server/mpm/config.m4
---- httpd-2.0.52/server/mpm/config.m4	2003-03-11 00:07:52.000000000 -0700
-+++ httpd-2.0.52-peruser/server/mpm/config.m4	2005-07-12 01:57:22.000000000 -0600
+diff -Nur httpd-2.0.55/server/mpm/config.m4 httpd-2.0.55-new/server/mpm/config.m4
+--- httpd-2.0.55/server/mpm/config.m4	2004-11-24 12:31:09.000000000 -0700
++++ httpd-2.0.55-new/server/mpm/config.m4	2006-03-02 01:12:04.000000000 -0700
 @@ -1,7 +1,7 @@
  AC_MSG_CHECKING(which MPM to use)
  AC_ARG_WITH(mpm,
@@ -19,26 +19,26 @@ diff -Nur httpd-2.0.52/server/mpm/config.m4 httpd-2.0.52-peruser/server/mpm/conf
    AC_MSG_WARN(You have selected an EXPERIMENTAL MPM.  Be warned!)
    MPM_SUBDIR_NAME=experimental/$MPM_NAME
  else
-diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/Makefile.in httpd-2.0.52-peruser/server/mpm/experimental/peruser/Makefile.in
---- httpd-2.0.52/server/mpm/experimental/peruser/Makefile.in	1969-12-31 17:00:00.000000000 -0700
-+++ httpd-2.0.52-peruser/server/mpm/experimental/peruser/Makefile.in	2005-07-12 01:57:22.000000000 -0600
+diff -Nur httpd-2.0.55/server/mpm/experimental/peruser/config.m4 httpd-2.0.55-new/server/mpm/experimental/peruser/config.m4
+--- httpd-2.0.55/server/mpm/experimental/peruser/config.m4	1969-12-31 17:00:00.000000000 -0700
++++ httpd-2.0.55-new/server/mpm/experimental/peruser/config.m4	2006-03-02 01:12:04.000000000 -0700
+@@ -0,0 +1,3 @@
++if test "$MPM_NAME" = "peruser" ; then
++    APACHE_FAST_OUTPUT(server/mpm/experimental/$MPM_NAME/Makefile)
++fi
+diff -Nur httpd-2.0.55/server/mpm/experimental/peruser/Makefile.in httpd-2.0.55-new/server/mpm/experimental/peruser/Makefile.in
+--- httpd-2.0.55/server/mpm/experimental/peruser/Makefile.in	1969-12-31 17:00:00.000000000 -0700
++++ httpd-2.0.55-new/server/mpm/experimental/peruser/Makefile.in	2006-03-02 01:12:04.000000000 -0700
 @@ -0,0 +1,5 @@
 +
 +LTLIBRARY_NAME    = libperuser.la
 +LTLIBRARY_SOURCES = peruser.c
 +
 +include $(top_srcdir)/build/ltlib.mk
-diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/config.m4 httpd-2.0.52-peruser/server/mpm/experimental/peruser/config.m4
---- httpd-2.0.52/server/mpm/experimental/peruser/config.m4	1969-12-31 17:00:00.000000000 -0700
-+++ httpd-2.0.52-peruser/server/mpm/experimental/peruser/config.m4	2005-07-12 01:57:22.000000000 -0600
-@@ -0,0 +1,3 @@
-+if test "$MPM_NAME" = "peruser" ; then
-+    APACHE_FAST_OUTPUT(server/mpm/experimental/$MPM_NAME/Makefile)
-+fi
-diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/mpm.h httpd-2.0.52-peruser/server/mpm/experimental/peruser/mpm.h
---- httpd-2.0.52/server/mpm/experimental/peruser/mpm.h	1969-12-31 17:00:00.000000000 -0700
-+++ httpd-2.0.52-peruser/server/mpm/experimental/peruser/mpm.h	2005-07-12 01:57:22.000000000 -0600
-@@ -0,0 +1,103 @@
+diff -Nur httpd-2.0.55/server/mpm/experimental/peruser/mpm_default.h httpd-2.0.55-new/server/mpm/experimental/peruser/mpm_default.h
+--- httpd-2.0.55/server/mpm/experimental/peruser/mpm_default.h	1969-12-31 17:00:00.000000000 -0700
++++ httpd-2.0.55-new/server/mpm/experimental/peruser/mpm_default.h	2006-03-02 01:12:04.000000000 -0700
+@@ -0,0 +1,110 @@
 +/* ====================================================================
 + * The Apache Software License, Version 1.1
 + *
@@ -97,55 +97,62 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/mpm.h httpd-2.0.52-peruse
 + * University of Illinois, Urbana-Champaign.
 + */
 +
-+#include "httpd.h"
-+#include "mpm_default.h"
-+#include "scoreboard.h"
-+#include "unixd.h"
++#ifndef APACHE_MPM_DEFAULT_H
++#define APACHE_MPM_DEFAULT_H
 +
-+#ifndef APACHE_MPM_PERUSER_H
-+#define APACHE_MPM_PERUSER_H
++/* Number of processors to spawn off for each ServerEnvironment by default */
 +
-+#define PERUSER_MPM
++#ifndef DEFAULT_START_PROCESSORS
++#define DEFAULT_START_PROCESSORS 0
++#endif
 +
-+#define MPM_NAME "Peruser"
++/* Minimum number of running processors per ServerEnvironment */
 +
-+#define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
-+#define AP_MPM_WANT_WAIT_OR_TIMEOUT
-+#define AP_MPM_WANT_PROCESS_CHILD_STATUS
-+#define AP_MPM_WANT_SET_PIDFILE
-+#define AP_MPM_WANT_SET_SCOREBOARD
-+#define AP_MPM_WANT_SET_LOCKFILE
-+#define AP_MPM_WANT_SET_MAX_REQUESTS
-+#define AP_MPM_WANT_SET_COREDUMPDIR
-+#define AP_MPM_WANT_SET_ACCEPT_LOCK_MECH
-+#define AP_MPM_WANT_SIGNAL_SERVER
-+#define AP_MPM_WANT_SET_MAX_MEM_FREE
-+#define AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK
++#ifndef DEFAULT_MIN_PROCESSORS
++#define DEFAULT_MIN_PROCESSORS 0
++#endif
 +
-+#define AP_MPM_USES_POD 1
-+#define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
-+#define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0)
-+#define MPM_ACCEPT_FUNC unixd_accept
++/* Minimum --- fewer than this, and more will be created */
 +
-+extern int ap_threads_per_child;
-+extern int ap_max_daemons_limit;
-+extern server_rec *ap_server_conf;
++#ifndef DEFAULT_MIN_FREE_PROCESSORS
++#define DEFAULT_MIN_FREE_PROCESSORS 2
++#endif
 +
-+/* Table of child status */
-+#define SERVER_DEAD 0
-+#define SERVER_DYING 1
-+#define SERVER_ALIVE 2
++/* Maximum processors per ServerEnvironment */
 +
-+typedef struct ap_ctable {
-+    pid_t pid;
-+    unsigned char status;
-+} ap_ctable;
++#ifndef DEFAULT_MAX_PROCESSORS
++#define DEFAULT_MAX_PROCESSORS 10
++#endif
 +
-+#endif /* APACHE_MPM_PERUSER_H */
-diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/mpm_default.h httpd-2.0.52-peruser/server/mpm/experimental/peruser/mpm_default.h
---- httpd-2.0.52/server/mpm/experimental/peruser/mpm_default.h	1969-12-31 17:00:00.000000000 -0700
-+++ httpd-2.0.52-peruser/server/mpm/experimental/peruser/mpm_default.h	2005-07-12 01:57:22.000000000 -0600
-@@ -0,0 +1,110 @@
++/* File used for accept locking, when we use a file */
++#ifndef DEFAULT_LOCKFILE
++#define DEFAULT_LOCKFILE DEFAULT_REL_RUNTIMEDIR "/accept.lock"
++#endif
++
++/* Where the main/parent process's pid is logged */
++#ifndef DEFAULT_PIDLOG
++#define DEFAULT_PIDLOG DEFAULT_REL_RUNTIMEDIR "/httpd.pid"
++#endif
++
++/*
++ * Interval, in microseconds, between scoreboard maintenance.
++ */
++#ifndef SCOREBOARD_MAINTENANCE_INTERVAL
++#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000
++#endif
++
++/* Number of requests to try to handle in a single process.  If <= 0,
++ * the children don't die off.
++ */
++#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD
++#define DEFAULT_MAX_REQUESTS_PER_CHILD 10000
++#endif
++
++#endif /* AP_MPM_DEFAULT_H */
+diff -Nur httpd-2.0.55/server/mpm/experimental/peruser/mpm.h httpd-2.0.55-new/server/mpm/experimental/peruser/mpm.h
+--- httpd-2.0.55/server/mpm/experimental/peruser/mpm.h	1969-12-31 17:00:00.000000000 -0700
++++ httpd-2.0.55-new/server/mpm/experimental/peruser/mpm.h	2006-03-02 01:12:04.000000000 -0700
+@@ -0,0 +1,103 @@
 +/* ====================================================================
 + * The Apache Software License, Version 1.1
 + *
@@ -204,62 +211,55 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/mpm_default.h httpd-2.0.5
 + * University of Illinois, Urbana-Champaign.
 + */
 +
-+#ifndef APACHE_MPM_DEFAULT_H
-+#define APACHE_MPM_DEFAULT_H
-+
-+/* Number of processors to spawn off for each ServerEnvironment by default */
-+
-+#ifndef DEFAULT_START_PROCESSORS
-+#define DEFAULT_START_PROCESSORS 0
-+#endif
-+
-+/* Minimum number of running processors per ServerEnvironment */
-+
-+#ifndef DEFAULT_MIN_PROCESSORS
-+#define DEFAULT_MIN_PROCESSORS 0
-+#endif
++#include "httpd.h"
++#include "mpm_default.h"
++#include "scoreboard.h"
++#include "unixd.h"
 +
-+/* Minimum --- fewer than this, and more will be created */
++#ifndef APACHE_MPM_PERUSER_H
++#define APACHE_MPM_PERUSER_H
 +
-+#ifndef DEFAULT_MIN_FREE_PROCESSORS
-+#define DEFAULT_MIN_FREE_PROCESSORS 2
-+#endif
++#define PERUSER_MPM
 +
-+/* Maximum processors per ServerEnvironment */
++#define MPM_NAME "Peruser"
 +
-+#ifndef DEFAULT_MAX_PROCESSORS
-+#define DEFAULT_MAX_PROCESSORS 10
-+#endif
++#define AP_MPM_WANT_RECLAIM_CHILD_PROCESSES
++#define AP_MPM_WANT_WAIT_OR_TIMEOUT
++#define AP_MPM_WANT_PROCESS_CHILD_STATUS
++#define AP_MPM_WANT_SET_PIDFILE
++#define AP_MPM_WANT_SET_SCOREBOARD
++#define AP_MPM_WANT_SET_LOCKFILE
++#define AP_MPM_WANT_SET_MAX_REQUESTS
++#define AP_MPM_WANT_SET_COREDUMPDIR
++#define AP_MPM_WANT_SET_ACCEPT_LOCK_MECH
++#define AP_MPM_WANT_SIGNAL_SERVER
++#define AP_MPM_WANT_SET_MAX_MEM_FREE
++#define AP_MPM_DISABLE_NAGLE_ACCEPTED_SOCK
 +
-+/* File used for accept locking, when we use a file */
-+#ifndef DEFAULT_LOCKFILE
-+#define DEFAULT_LOCKFILE DEFAULT_REL_RUNTIMEDIR "/accept.lock"
-+#endif
++#define AP_MPM_USES_POD 1
++#define MPM_CHILD_PID(i) (ap_scoreboard_image->parent[i].pid)
++#define MPM_NOTE_CHILD_KILLED(i) (MPM_CHILD_PID(i) = 0)
++#define MPM_ACCEPT_FUNC unixd_accept
 +
-+/* Where the main/parent process's pid is logged */
-+#ifndef DEFAULT_PIDLOG
-+#define DEFAULT_PIDLOG DEFAULT_REL_RUNTIMEDIR "/httpd.pid"
-+#endif
++extern int ap_threads_per_child;
++extern int ap_max_daemons_limit;
++extern server_rec *ap_server_conf;
 +
-+/*
-+ * Interval, in microseconds, between scoreboard maintenance.
-+ */
-+#ifndef SCOREBOARD_MAINTENANCE_INTERVAL
-+#define SCOREBOARD_MAINTENANCE_INTERVAL 1000000
-+#endif
++/* Table of child status */
++#define SERVER_DEAD 0
++#define SERVER_DYING 1
++#define SERVER_ALIVE 2
 +
-+/* Number of requests to try to handle in a single process.  If <= 0,
-+ * the children don't die off.
-+ */
-+#ifndef DEFAULT_MAX_REQUESTS_PER_CHILD
-+#define DEFAULT_MAX_REQUESTS_PER_CHILD 10000
-+#endif
++typedef struct ap_ctable {
++    pid_t pid;
++    unsigned char status;
++} ap_ctable;
 +
-+#endif /* AP_MPM_DEFAULT_H */
-diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-peruser/server/mpm/experimental/peruser/peruser.c
---- httpd-2.0.52/server/mpm/experimental/peruser/peruser.c	1969-12-31 17:00:00.000000000 -0700
-+++ httpd-2.0.52-peruser/server/mpm/experimental/peruser/peruser.c	2005-07-12 01:57:38.000000000 -0600
-@@ -0,0 +1,2796 @@
++#endif /* APACHE_MPM_PERUSER_H */
+diff -Nur httpd-2.0.55/server/mpm/experimental/peruser/peruser.c httpd-2.0.55-new/server/mpm/experimental/peruser/peruser.c
+--- httpd-2.0.55/server/mpm/experimental/peruser/peruser.c	1969-12-31 17:00:00.000000000 -0700
++++ httpd-2.0.55-new/server/mpm/experimental/peruser/peruser.c	2006-03-06 02:08:38.000000000 -0700
+@@ -0,0 +1,2935 @@
 +/* ====================================================================
 + * The Apache Software License, Version 1.1
 + *
@@ -328,7 +328,6 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-pe
 +#include "apr_strings.h"
 +#include "apr_thread_proc.h"
 +#include "apr_signal.h"
-+
 +#define APR_WANT_STDIO
 +#define APR_WANT_STRFUNC
 +#define APR_WANT_IOVEC
@@ -1082,13 +1081,155 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-pe
 +    return 0;
 +}
 +
++/*
++ * This function sends a raw socket over to a processor. It uses the same
++ * on-wire format as pass_request. The recipient can determine if he got
++ * a socket or a whole request by inspecting the header_length of the
++ * message. If it is zero then only a socket was sent.
++ */
++static int pass_socket(apr_socket_t *thesock, child_info_t *processor, apr_pool_t *pool)
++{
++    int rv;
++    struct msghdr msg;
++    struct cmsghdr *cmsg;
++    int sock_fd;
++    char *body = "";
++    struct iovec iov[4];
++    apr_size_t len = 0;
++    apr_size_t header_len = 0;
++    apr_size_t body_len = 0;
++    peruser_header h;
++    apr_bucket *bucket;
++    const apr_array_header_t *headers_in_array;
++    const apr_table_entry_t *headers_in;
++    int counter;
++
++    if (!processor)
++    {
++        _DBG("server %s in child %d has no child_info associated",
++                "(unkonwn)", my_child_num);
++        return -1;
++    }
++
++    _DBG("passing request to another child.", 0);
++
++    apr_os_sock_get(&sock_fd, thesock);
++    
++    header_len = 0;
++    body_len = 0;
++
++    iov[0].iov_base = &header_len;
++    iov[0].iov_len  = sizeof(header_len);
++    iov[1].iov_base = &body_len;
++    iov[1].iov_len  = sizeof(body_len);
++    iov[2].iov_base = h.headers;
++    iov[2].iov_len  = 0;
++    iov[3].iov_base = body;
++    iov[3].iov_len  = body_len;
++
++    msg.msg_name    = NULL;
++    msg.msg_namelen = 0;
++    msg.msg_iov     = iov;
++    msg.msg_iovlen  = 4;
++
++    cmsg = apr_palloc(pool, sizeof(*cmsg) + sizeof(sock_fd));
++    cmsg->cmsg_len   = sizeof(*cmsg) + sizeof(sock_fd);
++    cmsg->cmsg_level = SOL_SOCKET;
++    cmsg->cmsg_type  = SCM_RIGHTS;
++
++    memcpy(CMSG_DATA(cmsg), &sock_fd, sizeof(sock_fd));
++
++    msg.msg_control    = cmsg;
++    msg.msg_controllen = cmsg->cmsg_len;
++
++    if (processor->status == CHILD_STATUS_STANDBY)
++    {
++        _DBG("Activating child #%d", processor->id);
++        processor->status = CHILD_STATUS_STARTING;
++    }
++
++    while (processor->status != CHILD_STATUS_ACTIVE)
++    {
++        _DBG("Waiting for child #%d...", processor->id);
++        sleep(1);
++    }
++
++    _DBG("Writing message to %d, passing sock_fd:  %d", processor->senv->output, sock_fd);
++    _DBG("header_len=%d headers=\"%s\"", header_len, h.headers);
++    _DBG("body_len=%d body=\"%s\"", body_len, body);
++
++    if ((rv = sendmsg(processor->senv->output, &msg, 0)) == -1)
++    {
++        apr_pool_destroy(pool);
++        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_server_conf,
++                     "Writing message failed %d %d", rv, errno);
++        return -1;
++    }
++
++    _DBG("Writing message succeeded %d", rv);
++
++    /* -- close the socket on our side -- */
++    _DBG("closing socket %d on our side", sock_fd);
++    apr_socket_close(thesock);
++
++    apr_pool_destroy(pool);
++    return 1;
++}
++
 +static void process_socket(apr_pool_t *p, apr_socket_t *sock, long conn_id,
-+                           apr_bucket_alloc_t *bucket_alloc)
++                           apr_bucket_alloc_t *bucket_alloc, apr_pool_t *pool)
 +{
 +    conn_rec *current_conn;
 +    int sock_fd;
 +    apr_status_t rv;
 +    ap_sb_handle_t *sbh;
++    child_info_t *processor;
++    apr_pool_t *ptrans;
++    peruser_server_conf *sconf;
++
++    _DBG("Creating dummy connection to use the vhost lookup api", 0);
++
++    ap_create_sb_handle(&sbh, p, conn_id, 0);
++    current_conn = ap_run_create_connection(p, ap_server_conf, sock, conn_id,
++                                            sbh, bucket_alloc);
++    _DBG("Looking up the right vhost");
++    ap_update_vhost_given_ip(current_conn);
++    _DBG("Base server is %s, name based vhosts %s", current_conn->base_server->server_hostname,
++		    current_conn->vhost_lookup_data ? "on" : "off");
++     
++	
++    if (!current_conn->vhost_lookup_data && CHILD_INFO_TABLE[my_child_num].type == CHILD_TYPE_MULTIPLEXER) {
++    	_DBG("We are not using name based vhosts, we'll directly pass the socket.");
++	
++	sconf = PERUSER_SERVER_CONF(current_conn->base_server->module_config);
++	processor = &CHILD_INFO_TABLE[sconf->senv->processor_id];
++
++	_DBG("Forwarding without further inspection, processor %d", processor->id);
++        if (processor->status == CHILD_STATUS_STANDBY)
++        {
++             _DBG("Activating child #%d", processor->id);
++             processor->status = CHILD_STATUS_STARTING;
++        }
++
++        _DBG("Creating new pool",0);
++	apr_pool_create(&ptrans, pool);
++        _DBG("Passing request.",0);
++        if (pass_socket(sock, processor, ptrans) == -1)
++        {
++            ap_log_error(APLOG_MARK, APLOG_ERR, 0,
++                  ap_server_conf, "Could not pass request to proper "                             
++                  "child, request will not be honoured.");
++             return;
++        }
++        if (current_conn)
++        {
++            _DBG("freeing connection",0);
++            ap_lingering_close(current_conn);
++        }
++        _DBG("doing longjmp",0);
++        longjmp(CHILD_INFO_TABLE[my_child_num].jmpbuffer, 1);
++	return;
++    }
 +
 +    if ((rv = apr_os_sock_get(&sock_fd, sock)) != APR_SUCCESS)
 +    {
@@ -1115,9 +1256,11 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-pe
 +        ap_sock_disable_nagle(sock);
 +    }
 +
-+    ap_create_sb_handle(&sbh, p, conn_id, 0);
-+    current_conn = ap_run_create_connection(p, ap_server_conf, sock, conn_id,
-+                                            sbh, bucket_alloc);
++    if (!current_conn) {
++        ap_create_sb_handle(&sbh, p, conn_id, 0);
++        current_conn = ap_run_create_connection(p, ap_server_conf, sock, conn_id,
++                                                sbh, bucket_alloc);
++    }
 +
 +    if (current_conn)
 +    {
@@ -1148,10 +1291,8 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-pe
 +            net = filter->ctx;
 +            net->in_ctx = apr_palloc(conn->pool, sizeof(*net->in_ctx));
 +            net->in_ctx->b = bb;
-+/*
 +            net->in_ctx->tmpbb = apr_brigade_create(net->in_ctx->b->p, 
 +                net->in_ctx->b->bucket_alloc);
-+*/
 +        }
 +    }
 +    _DBG("leaving (DECLINED)", 0);
@@ -1309,12 +1450,6 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-pe
 +        processor->status = CHILD_STATUS_STARTING;
 +    }
 +
-+    while (processor->status != CHILD_STATUS_ACTIVE)
-+    {
-+        _DBG("Waiting for child #%d...", processor->id);
-+        sleep(1);
-+    }
-+
 +    _DBG("Writing message to %d, passing sock_fd:  %d", processor->senv->output, sock_fd);
 +    _DBG("header_len=%d headers=\"%s\"", header_len, h.headers);
 +    _DBG("body_len=%d body=\"%s\"", body_len, body);
@@ -1399,6 +1534,8 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-pe
 +    apr_cpystrn(headers, buff, header_len + 1);
 +    _DBG("header_len=%d headers=\"%s\"", header_len, headers);
 +
++if (header_len) {    
++    _DBG("header_len > 0, we got a request", 0);
 +    /* -- store received data into an brigade and add
 +          it to the current transaction's pool -- */
 +    bucket = apr_bucket_eos_create(alloc);
@@ -1420,7 +1557,9 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-pe
 +
 +    APR_BRIGADE_INSERT_HEAD(bb, bucket);
 +    apr_pool_userdata_set(bb, "PERUSER_SOCKETS", NULL, ptrans);
-+
++} else {
++    _DBG("header_len == 0, we got a socket only", 0);
++}
 +    _DBG("returning 0", 0);
 +    return 0;
 +}
@@ -1815,7 +1954,7 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-pe
 +
 +          if(total_processors(my_child_num) <
 +              CHILD_INFO_TABLE[my_child_num].senv->max_processors &&
-+            idle_processors(my_child_num) <
++            idle_processors(my_child_num) <=
 +              CHILD_INFO_TABLE[my_child_num].senv->min_free_processors)
 +          {
 +              _DBG("CLONING CHILD");
@@ -1827,7 +1966,7 @@ diff -Nur httpd-2.0.52/server/mpm/experimental/peruser/peruser.c httpd-2.0.52-pe
 +        {
 +            _DBG("marked jmpbuffer",0);
 +            _TRACE_CALL("process_socket()",0);
-+            process_socket(ptrans, sock, my_child_num, bucket_alloc);
++            process_socket(ptrans, sock, my_child_num, bucket_alloc, pchild);
 +            _TRACE_RET("process_socket()",0);
 +        }
 +        else
diff --git a/2.0/patches/10_all_peruser-0.1.6-brigadefix.patch b/2.0/patches/10_all_peruser-0.1.6-brigadefix.patch
deleted file mode 100644
index f1a8926..0000000
--- a/2.0/patches/10_all_peruser-0.1.6-brigadefix.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -NurpP httpd-2.0.54-peruser/server/mpm/experimental/peruser/peruser.c httpd-2.0.54-peruser-brigadefix/server/mpm/experimental/peruser/peruser.c
---- httpd-2.0.54-peruser/server/mpm/experimental/peruser/peruser.c	2005-08-22 08:04:59.397143536 +0200
-+++ httpd-2.0.54-peruser-brigadefix/server/mpm/experimental/peruser/peruser.c	2005-08-22 08:07:32.979795424 +0200
-@@ -886,10 +886,8 @@ static int peruser_process_connection(co
-             net = filter->ctx;
-             net->in_ctx = apr_palloc(conn->pool, sizeof(*net->in_ctx));
-             net->in_ctx->b = bb;
--/*
-             net->in_ctx->tmpbb = apr_brigade_create(net->in_ctx->b->p, 
-                 net->in_ctx->b->bucket_alloc);
--*/
-         }
-     }
-     _DBG("leaving (DECLINED)", 0);
diff --git a/2.0/patches/99_all_2.0.55-cve-2005-3352.patch b/2.0/patches/99_all_2.0.55-cve-2005-3352.patch
deleted file mode 100644
index 2347338..0000000
--- a/2.0/patches/99_all_2.0.55-cve-2005-3352.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-http://bugs.gentoo.org/show_bug.cgi?id=118875
-
---- server/util.c	(revision 330526)
-+++ server/util.c	(working copy)
-@@ -1762,6 +1762,8 @@
-             j += 3;
-         else if (s[i] == '&')
-             j += 4;
-+        else if (s[i] == '"')
-+            j += 5;
- 
-     if (j == 0)
-         return apr_pstrmemdup(p, s, i);
-@@ -1780,6 +1782,10 @@
-             memcpy(&x[j], "&amp;", 5);
-             j += 4;
-         }
-+        else if (s[i] == '"') {
-+            memcpy(&x[j], "&quot;", 6);
-+            j += 5;
-+        }
-         else
-             x[j] = s[i];
- 
---- modules/mappers/mod_imap.c	(revision 330526)
-+++ modules/mappers/mod_imap.c	(working copy)
-@@ -342,7 +342,7 @@
-     if (!strcasecmp(value, "referer")) {
-         referer = apr_table_get(r->headers_in, "Referer");
-         if (referer && *referer) {
--	    return apr_pstrdup(r->pool, referer);
-+	    return ap_escape_html(r->pool, referer);
-         }
-         else {
- 	    /* XXX:  This used to do *value = '\0'; ... which is totally bogus
diff --git a/2.0/patches/99_all_2.0.55-cve-2005-3357.patch b/2.0/patches/99_all_2.0.55-cve-2005-3357.patch
deleted file mode 100644
index bdd5793..0000000
--- a/2.0/patches/99_all_2.0.55-cve-2005-3357.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-http://bugs.gentoo.org/show_bug.cgi?id=115324
-
---- modules/ssl/ssl_engine_kernel.c	(Revision 368148)
-+++ modules/ssl/ssl_engine_kernel.c	(Arbeitskopie)
-@@ -202,11 +202,14 @@
-     }
- 
-     /*
--     * Check to see if SSL protocol is on
-+     * Check to see whether SSL is in use; if it's not, then no
-+     * further access control checks are relevant.  (the test for
-+     * sc->enabled is probably strictly unnecessary)
-      */
--    if (!(sc->enabled || ssl)) {
-+    if (!sc->enabled || !ssl) {
-         return DECLINED;
-     }
-+
-     /*
-      * Support for per-directory reconfigured SSL connection parameters.
-      *