Security Update 2004-09-07
Here's the description:
Looks like they've changed quite a bit, but it only weighs in at 7.6MB.
Quote:
Security Update 2004-09-07 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:
CoreFoundation
IPSec
Kerberos
libpcap
lukemftpd
NetworkConfig
OpenLDAP
OpenSSH
PPPDialer
rsync
Safari
tcpdump
For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798
Security Update 2004-09-07 delivers a number of security enhancements and is recommended for all Macintosh users. This update includes the following components:
CoreFoundation
IPSec
Kerberos
libpcap
lukemftpd
NetworkConfig
OpenLDAP
OpenSSH
PPPDialer
rsync
Safari
tcpdump
For detailed information on this Update, please visit this website: http://www.info.apple.com/kbnum/n61798
Looks like they've changed quite a bit, but it only weighs in at 7.6MB.
Comments
Originally posted by bauman
Here's the description:
Looks like they've changed quite a bit, but it only weighs in at 7.6MB.
Hey, it's not SP2
(v 1.1).
Has anyone a guess as to what had to be fixed up so soon after the initial release?
Originally posted by wcattey
I see that a new version of this Security Update has just come out
(v 1.1).
Has anyone a guess as to what had to be fixed up so soon after the initial release?
The FTP server. The original update included a more secure replacement ftpd program (lukemftpd), but it apparently didn't play nice with OSX's built-in authentication system. So if you applied the update, your machine couldn't be an ftp server anymore. This update patches the new ftpd so it works. Neither the sftp server nor ftp clients were affected by the bug.
From Apple's security list via xlr8yourmac:
" Security Update 2004-09-07 v1.1 is now available and fixes the following issues in Security Update 2004-09-07 v1.0:
* lukemftpd: Corrects the path to the file containing users who are not permitted to use FTP. When this file cannot be found (as in the default installation of v1.0), FTP will not authorize any users. The ability to use long login names is also restored.
* Safari: The Safari version number is changed to provide compatibility with web sites that incorrectly identify Safari as a different browser. Tips to correctly identify the Safari browser via JavaScript are available at:
http://developer.apple.com/internet/...afari_faq.html
http://developer.apple.com/internet/...tdetection.htm
Security Update 2004-09-07 v1.1 contains no additional security enhancements, and is simply an updated version of Security Update 2004-09-07 v1.0. "
Originally posted by Tuttle
So only two userland program get updated and it requires a restart?
It would be hard to have a "dual-personality" installer detecting whether you're upgrading from Update 1.0 or from "plain" 10.3.5.