Splitting a patch into patch per file doesn't make review easier. If you wanted to split by something you could have grouped by severity, parfait annotations (which i won't apply), false positives, ...
mod_webdav fd leak: this is a real one, although if opening the upload tmpfiles fails we are screwed anyway.
mod_mysql_vhost: leak on config init, looks like one buffer per block. also leaks in "non error" cases.
These won't get applied:
lemon.c: don't care, it's just the parser generator
fdevent.c: misses the error cases. already fixed in svn (found with clang analyzer)
array.c/array_replace: du is not allowed to be NULL (maybe add assert())
configfile.c array_insert_unique() call: if array_insert_unique fails here there are deeper problems.. the keys are supposed to be unique in that stage. (maybe add assert())
configfile.c modules/prepends NULL checks: i'd rather have a segfault if this happens (maybe add assert())
parfait annotations: as i already said, i'm not applying those
The problem with assert() is that it could be optimized away, so we can't do anything "real" in the standard assert() (only boolean checks without side effects).