Здравствуйте. Кто-нибудь кроме меня использует сборку apache из backports/2.4? От той, что в updates, она наиболее сильно отличается этим: * Wed Aug 24 2005 Michael Shigorin 1.3.33rusPL30.20-alt2.M24.1 - built for ALM2.4 (see alt3 changelog below!) * Wed Aug 24 2005 Michael Shigorin 1.3.33rusPL30.20-alt3 - exchanged httpd and httpd-perl startup/shutdown order; see README.ALT for further details on mod_perl setup (#4994, #6437) thanks combr@, tma@, solo@, Ivan Adzhubey for discussion and fixes (you *will* need to chkconfig them on for this to apply) - rolled back #2928 workarounds (should be unneeded) - hard kill remaining processes after normal stop() part - fixed #6351 (delaycompress in logrotate; may influence #3153) thanks dfo@, sorry ldv@ - fixed a transition bug in /etc/init.d/httpd::conftest() - UseCanonicalName Off in httpd{,-perl}.conf (#7704) - updated and extended README.ALT - Thu Feb 17 2005 + added missing NameVirtualHost directive to default Vhosts.conf - Sat Feb 12 2005 + Vhosts.conf thinko fix suggested by Alexey Morozov (morozov@) (Aug 24: could have lost that.... can't remember details now) - Sat Jan 29 2005 + macros extended (see README.ALT); also #1735, #5634, #5989 + re-fixed #4235 (weird hostname hack) + implemented separate TMPDIR (addon modules should follow) (#5989) + disabled mod_charset for mod_perl (hm... #2941-related) + commented out "AddDefaultCharset iso8859-1" by default (#5754) + added %apache_vhostdir and %apache_vhconfdir (#5634) + upped HARD_SERVER_LIMIT from 256 to 1024 (#5748; needs additional /etc/security/limits.conf tweaking to actually happen) + changed %suexec_docroot from /home to /var/www (#2461) + changed suexec binary permissions (see #5309) from 4711 root:root to 4710 root:apache + changed TMPDIR in initscripts to use more specific location than /tmp so that you can restrict apache access to that by ACL and further configure php and other software running as apache (#5989) + added patch to consult POSIX ACLs on CGI execution decision (#4987; disabled by default, build --with acl_support to enable) Соответственно с одной стороны -- не совсем хорошо выкатывать не связанные напрямую с безопасностью или критическими проблемами изменения в updates, с другой -- каждая строчка тут имеет обоснование. Проблема в том, что мне технически неудобно вести две ветки для 2.4, есть риск "загрязнения" и больше мороки. Но на сейчас склоняюсь к тому, чтобы всё-таки дырки и улучшения раздельно. -- ---- WBR, Michael Shigorin ------ Linux.Kiev http://www.linux.kiev.ua/