Security Update 2004-12-02: User experiences; httpd.conf changes preserved

Late yesterday we noted Apple's release of four different versions of Security Update 2004-12-02, for the Client and Server versions of Mac OS X 10.2.8 and 10.3.6. We've since received a good number of reports on the update from MacFixIt readers.

The good news is that the reports are thus far quite positive. Most people who have installed the security update have done so without any resulting problems.

That being said, it wouldn't be an update without at least a few reports of problems. We've also got apparent good news for Apache tweakers.

Connection problems A couple readers have reported network/Internet connection issues since applying the update. Eric notes that he's no longer able to connect to his gray AirPort Base Station from his 14" iBook 700MHz. And reader Charlie writes:

"I installed the update today, rebooted, and have not been able to get on-line since. Every time I try the modem connects, but Internet [Connect] tells me that it cannot make a connection. Eudora cannot find the mail server & Netscape says it cannot find the site. I have to switch back to OS 9 to get online."

Unfortunately, as we've noted before with OS X updates, the cause of some issues like these are very difficult to pin down because, well, they shouldn't be happening. What we mean is that if you examine the contents of an update package (using a utility such as the excellent Pacifist), you can see exactly which files are modified or replaced. If none of the files related to the problem at hand are modified or replaced by the update, it's a good bet that the update itself didn't cause the problem -- it may just be bad luck, coincidence, or a sign of other problems (drive corruption, permissions problems, corrupt preference files, etc.) This is one reason we encourage readers to make sure their drives are in good shape, using Disk Utility or a third-party utility like DiskWarrior, before installing any update.

We'll continue to monitor similar reports, but we don't see any changes provided by the Security Update that might have affected the ability to connect to an AirPort Base Station or to the Internet. (Safari itself was updated, but neither Internet Connect nor the AirPort software was changed.)

httpd.conf changes preserved In the past, updates to Apache, OS X's built-in Web server, have often included the installation of a new version of /etc/httpd/httpd.conf, the Apache configuration file. (This new version of the httpd.conf file usually contains updated settings that either close security holes in Apache or correspond to new features in an updated version of the Apache software.) Unfortunately, when savvy OS X users edit the httpd.conf file themselves to enable or disable features or otherwise customize Apache, those changes are often lost when an Apple update installs a new version of httpd.conf.

However, reader Roger Moffat reports that although Security Update 2004-12-02 did indeed update the httpd.conf file, it preserved his custom changes:

"I've installed the December Security update on a couple of machines. Seeing that it made changes to Apache, I was concerned what would happen to my G4 on which I've set up PHP and mySQL, as well as 6 virtual hosts in the httpd.conf file. I'd also modified [the file] previously with 'fixes' for the .DS_Store vulnerability, but not the .ht file access mentioned in the update notes.

"The Security Update did alter my httpd.conf file, increasing the number of lines in it from 1188 to 1201. These extra lines include notes about the .DS_Store and .ht fixes, as well as the fixes themselves. There was [also] a backup of my current file saved by the Updater. [This is normally the case. -Ed] After the update and restart the Apache is updated to 1.23.33, as noted, [however,] it still works as expected for the 6 virtual hosts, PHP/mySQL etc -- unlike at least one earlier Mac OS X update which undid the modifications that had been made to the httpd.conf file."

What are your experiences with the update? Drop us an email at Late-breakers@macfixit.com.

Resources