Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
OS X Operating Systems Upgrades

Apple Releases Mac OS X 10.3.9 Update 149

OmniVector writes "Right after the Mac OS X 10.4 Tiger announcement just a few days ago, Apple has released an update to version 10.3.9 for Mac OS X and Mac OS X Server (both available via Software Update). The changes mostly include bugfixes with Stickies, Safari, and the Finder." The Server update also addresses issues with Open Directory, cyrus, AFP, and SMB, among others. Apple also updated iMovie, iPhoto, iDVD, and iSight this week.
This discussion has been archived. No new comments can be posted.

Apple Releases Mac OS X 10.3.9 Update

Comments Filter:
  • Undocumented bug fix (Score:5, Informative)

    by objekt ( 232270 ) on Friday April 15, 2005 @08:53PM (#12251778) Homepage
    Now my Mac doesn't lock up when I choose the "Restart..."/"Shut Down..." and then sleep the screen during the optional 2-minute wait period.
    • Okay, I'm not sure why you'd be wanting to put the computer to sleep after you've selected restart or shut down. So are you now expecting the behavior to be when you wake the computer up, it'll continue with the two minute countdown to restart/shut down? Jus' wonderin'.......
      • I expect it to shut down or restart, which ever I chose, not to lock up. Sleeping the screen is something I do a lot. With a mouse in hand I might want to sleep it and walk away knowing that no one will be able to stop the shutdown sequence without knowing my password (to unlock the screen saver). Sure, hitting the return/enter key or clicking the little "shut down" button might seem the better choice. Sleeping the screen is more of a reflex action for me and it should work without incident--it now does. I'
    • by Anonymous Coward
      Unfortunately the macs are still vulnerable to a local root exploit published over six months ago.

      I wonder when they're going to bother fixing little things like root privilege escalations. After they finish polishing those Aqua buttons a little more?
  • Safari 1.3 (Score:5, Informative)

    by OmniVector ( 569062 ) <se e m y h o mepage> on Friday April 15, 2005 @08:56PM (#12251796) Homepage
    wow i'm a dumbass, and completely left out something really important! Safari 1.3 came out with this update. and consequently seems to have caused problems with some of my Adium themes and Colloquy no longer even renders. Also, one of my Safari plugins caused safari to crash on launch. (AcidSearch it appears).

    lastly, folks, beware of the warning on apple's front page with this update if you're running mac os x server! You must have an administrator account password that does not contain spaces or Option-keyed characters to install this update.
    • Re:Safari 1.3 (Score:1, Interesting)

      by Anonymous Coward
      Wonder why that is? Doesn't OS X have full support for Unicode? Or are they using some chincy shell script again? (memories of the iTunes update that deleted your hard drive.)
      • my guess is that it has something to do with the upgrade to directory services.... as far as what... you'll have to ask apple (in the process of installing the server update remotely)
    • Re:Safari 1.3 (Score:5, Informative)

      by Matthias Wiesmann ( 221411 ) on Saturday April 16, 2005 @03:15AM (#12253365) Homepage Journal
      Information about the changes in Safari 1.3 can be found on on David Hyatt's blog [mozillazine.org].
    • Re:Safari 1.3 (Score:1, Interesting)

      by Anonymous Coward

      Safari 1.3 came out with this update. and consequently seems to have caused problems with some of my Adium themes and Colloquy no longer even renders.

      They changed the keyboard shortcut to change tabs too. The previous command-shift-arrows has been replaced with command-{/}. Not a joy for example people using the Finnish layout, as it has become now command-shift-alt-8/9. Cannot switch tabs anymore with one hand via keyboard, and you fellow slashdotters should know how bad that is!

      • One handed tab changing using command-shift-arrow is very awkward and impractical on my titanium powerbook... the new shortcut will be better for English layout powerbook users.
    • Re:Safari 1.3 (Score:3, Informative)

      by zhiwenchong ( 155773 )
      Also I found a problem with Sogudi. Whenever I tried to type a URL without a www, ie. "apple.com", the spinning beachball of death pops up.

      I removed Sogudi, and everything works again. And yes, I finally noticed the speed improvement.
    • And jipes... google maps's sidebar got messed up by this update.
    • seems to have caused problems with some of my Adium themes

      Care to elaborate? Some of Adium's themes had problems before this update. Are you sure these are new problems?
    • + Undo in text fields! + improved pop-up window blocking + faster, especially on https connection + command-shift-arrow works properly now + improved javascript compatibility All around, a great release for this browser. I was on the cusp of switching to Firefox, but undo and spelling checking in the web form text areas are the dog's bollocks!
      • Yeah, I just noticed undo in text fields. That alone is worth the entire update, as anyone on Slashdot who uses Safari and has lost an entire comment or journal entry because they selected all and then hit 'c' instead of cmd-'c' can attest.
    • Re:Safari 1.3 (Score:2, Informative)

      by tcoady ( 22541 )
      Same here. But AcidSearch 0.4 fixes include "Support for Safari 1.3 added".

      More info here http://www.pozytron.com/acidsearch/ [pozytron.com]
  • Vindicated, yes! (Score:3, Informative)

    by hrbrmstr ( 324215 ) * on Friday April 15, 2005 @09:08PM (#12251853) Homepage Journal
    I've been bug reporting and complaining about the SSL performance in Safari for almost two years. Folks here and on other Mac forums have dismissed me as some type of loon (they are more right than I'd like to admit most of the time). Apple finally does something about it (though, we'll see if it really helps...I'm installing it now).

    It's nice to be right...
    • Re:Vindicated, yes! (Score:3, Interesting)

      by Maserati ( 8679 )
      I work in one of the most pro-Apple commercial shops in North America. We're stuck recommending Firefox for an HR section of the Intranet because the SSL support in Safari is so damn slow. Fixing that before we have to roll Tiger out will be nice.

      I still need to double check that we've got a current Firefox on the standard build.
  • Trackpad (Score:5, Interesting)

    by BigZaphod ( 12942 ) on Friday April 15, 2005 @09:09PM (#12251863) Homepage
    It seems as if this update fixed the sensitivity problems with my PowerBook trackpad. I have a 1.67Ghz PB with the new trackpad that supports the vertical/horizontal scrolling stuff and it has always been far less sensitive than my old PB -- until I rebooted after this update. Cool!

    Although the Safari upgrade re-added Apple, Amazon, eBay, etc. links to my bookmark bar. That was sort of annoying, but easy enough to fix.
    • Re:Trackpad (Score:5, Informative)

      by poopdeville ( 841677 ) on Friday April 15, 2005 @10:33PM (#12252295)
      Although the Safari upgrade re-added Apple, Amazon, eBay, etc. links to my bookmark bar. That was sort of annoying, but easy enough to fix.

      That's because Software Update downloaded a fresh copy of Safari for you. Your "personal" bookmarks are stored in your ~/Library/ directory somewhere, whereas the stock ones are in the application bundle.
  • Wow! (Score:5, Funny)

    by numbski ( 515011 ) * <numbskiNO@SPAMhksilver.net> on Friday April 15, 2005 @09:19PM (#12251905) Homepage Journal
    Everything feels peppier and more responsive! Doesn't take 15 minutes to copy a 20MB file anymore either.

    Haven't even run the update yet either. ;)
    • Come on, if you're going to quote a joke [kottke.org], at least get the punchline right! It's "20 minutes to copy a 17Mb file"
  • There are definitely some bugfixes for stickies and the like. But there are also some important security fixes in the bag. That is a lot of CAN entries for a update that is "mostly bugfixes."

    For whatever reason apple felt icky about calling it an "update," so they threw in this language:

    "Note: It is Apple's standard practice to provide security fixes via a Security Update. On occasion, when a security fix is required to a core system component such as the Kernel, it will be released in a Software Update."

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    APPLE-SA-2005-04-15 Mac OS X v10.3.9

    Mac OS X v10.3.9 and Mac OS X Server v10.3.9 are now available and deliver the following security enhancements:

    Kernel
    CVE ID: CAN-2005-0969
    Impact: A kernel input validation issue can lead to a local denial of service
    Description: The Kernel contains syscall emulation functionality that was never used in Mac OS X. Insufficient validation of an input parameter list could result in a heap overflow and a local denial of service through a kernel panic. The issue is addressed by removing the syscall emulation functionality. Credit to Dino Dai Zovi for reporting this issue.

    Kernel
    CVE ID: CAN-2005-0970
    Impact: Permitting SUID/SGID scripts to be installed could lead to privilege escalation. Description: Mac OS X inherited the ability to run SUID/SGID scripts from FreeBSD. Apple does not distribute any SUID/SGID scripts, but the system would allow them to be installed or created. This update removes the ability of Mac OS X to run SUID/SGID scripts. Credit to Bruce Murphy of rattus.net and Justin Walker for reporting this issue.

    Kernel
    CVE ID: CAN-2005-0971
    CERT: VU#212190
    Impact: A Kernel stack overflow in the semop() system call could lead to a local privilege escalation.
    Description: The incorrect handling of system call arguments could be used to obtain elevated privileges. This update includes a fix to check access to the kernel object.

    Kernel
    CVE ID: CAN-2005-0972
    CERT: VU#185702
    Impact: An integer overflow in the searchfs() system call could allow an unprivileged local user to execute arbitrary code with elevated privileges
    Description: The searchfs() system call contains an integer overflow vulnerability that could allow an unprivileged local user to execute arbitrary code with elevated privileges. This update adds input validation on the parameters passed to searchfs() to correct the issue.

    Kernel
    CVE ID: CAN-2005-0973
    Impact: Local system users can cause a system resource starvation
    Description: A vulnerability in the handling of values passed to the setsockopt() call could allow unprivileged local users to exhaust available memory. Credit to Robert Stump for reporting this issue.

    Kernel
    CVE ID: CAN-2005-0974
    CERT: VU#713614
    Impact: Local system users can cause a local denial of service
    Description: A vulnerability in the nfs_mount() call due to insufficient checks on input values could allow unprivileged local users to create a denial of service via a kernel panic.

    Kernel
    CVE ID: CAN-2005-0975
    Impact: Local system users can cause a temporary interruption of system operation
    Description: A vulnerability in the parsing of certain executable files could allow unprivileged local users to temporarily suspend system operations. Credit to Neil Archibald for reporting this issue.

    Safari
    CVE ID: CAN-2005-0976
    Impact: Remote sites could cause html and javascript to run in the local domain.
    Description: This update closes a vulnerability that allowed remote websites to load javascript to execute in the local domain. Credit to David Remahl for reporting this issue.

    Note: It is Apple's standard practice to provide security fixes via a Security Update. On occasion, when a security fix is required to a core system component such as the Kernel, it will be released in a Software Update.

    Mac OS X v10.3.9 and Mac OS X Server v10.3.9 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site:
  • by BobWeiner ( 83404 ) on Friday April 15, 2005 @09:32PM (#12251964) Homepage Journal
    ...installed fine on both the single proc. G5 at work and the dual G5 I have at home. Subjectively, it feels faster in the Finder, as well as Safari.

    Bring on Tiger!

  • Installed it tonight on my 15" PowerBook (1.5 GHz), and all is fine. PithHelmet is disabled by the long-awaited Safari 1.3 update, for those of you who count on it, but the developer's site says he's already finishing up a fix for it. It's nice to finally see 1.3, even if it's only a couple more weeks until Tiger and 2.0.

    I haven't really noticed any other changes so far - my mileage hasn't magically improved, it's not Snappier (tm), and I haven't gotten a whiter, brighter smile from it. But it's good to
    • Safari 1.3 tabbed browsing doesn't work anymore -- even after I trashed the safari .plist file and then took the safari folder out. It worked ok with a new user, though, so I must have some kind of special condition. It also broke SafariSorter. I've got an 867 mhz 12" pbook.
    • Fix for PithHelmet (Score:3, Informative)

      by rohanl ( 152781 )
      If you can't wait for the developer's fix, you can patch the Info.plist file so it will load in the new Safari.

      In the file "/Library/Application Support/SIMBL/Plugins/PithHelmet.bundle/Contents/I nfo.plist" change the MaxBundleVersion from "146" to "312"

      It seems to load and work without any problems for me
  • Java broken now? (Score:4, Interesting)

    by MasterofSpork ( 459876 ) on Friday April 15, 2005 @10:13PM (#12252199)
    Hey has anyone else found that java apps stop working. I can't get Eclipse or FurtherNET to start.

    Are any of you getting a segfault when running java from the Terminal?

    Anyone have this problem and found a fix? I'm out of ideas.
  • by fsck! ( 98098 ) <jacob.elderNO@SPAMgmail.com> on Friday April 15, 2005 @10:14PM (#12252201) Homepage
    If you use AcidSearch [pozytron.com], you'll find that Safari segfaults on startup. You can get Safari back by removing /Library/Application Support/SIMBL/Plugins/AcidSearch.bundle. AcidSearch is cool; I hope they update soon.
  • by MasterofSpork ( 459876 ) on Friday April 15, 2005 @10:15PM (#12252212)
    The light sensor in my Powerbook isn't going nuts changing my screen brightness anymore. Maybe this issue has been fixed too. I'm not in fluorescent lighting to give it a good test though.
    • Maybe I'm missing something, but why does it turn off the keyboard light if you happen to bump the keyboard light adjustment keys while the ambient light is bright? It appears this new update didn't address that.

      I wonder if there's some checkbox that I need to check or something. Grr. It is the most annoying thing.

      I suppose this isn't really a question directed at you, but your comment about the light sensor reminded me to test for it on my PowerBook. :-)
    • This is good to hear. I've been using my 15" under a under-cabinet fluorescent light at work quite often for the past few days, and it almost looks like the backlight will flicker along with the light.

      Also, did you notice that your logs tend to fill with requests to change the brightness almost constantly? Have you noticed (yet) if this fixes that?

      As a rule of thumb I'll probably wait until tomorrow night to apply this update...
  • Um, wierd. I just installed 10.3.9 on my 1.67GHz PB, and now in the finder under the network browser it shows:

    Applications
    Library
    Users

    ...all of which appear to be empty, instead of the regular:

    Local
    Servers
    WORKGROUP

    Anyone know how to get the network browsing back to normal?
    • have u got samba enabled? try stopping and starting the (Windows File Sharing) service again (from sharing in System Preferences)
    • by Anonymous Coward
      Yeah, that occasionally happens to me and other Mac users I know too. I would try a reboot first. If that doesn't work, report back and I'll try to think of other ideas. I can tell you that force-deleting Network from Computer (you have to type your admin password) to try and get it to re-generate doesn't work, at least if you don't reboot; however, if just rebooting doesn't work, I might try force-deleting it and then rebooting again. *shrug*
  • Yeah, thanks. I just updated to 10.3.8 this morning and there's already a new update.

    Guess I'll have to cheer for the bugfixes :-)
    • Well, think about it this way: If you install 10.3.9 the same day as 10.3.8, your uptime results start incrementing sooner than they would if you'd waited. And by not installing 10.3.8 until 10.3.9 came out, maybe you had some extra uptime before, as well.
  • 1.3 17 PB.

    Just the standard bookmarks, don't know why
  • Not about the update itself, but what it implies about webcore.

    Safari
    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9
    CVE ID: CAN-2005-0976
    Impact: Remote sites could cause html and javascript to run in the local domain.
    Description: This update closes a vulnerability that allowed remote websites to load javascript to execute in the local domain. Credit to David Remahl for reporting this issue.

    "local domain" sounds a lot like Microsoft's "local security zone". I had assumed that Apple would be smarte
    • by remahl ( 698283 ) on Saturday April 16, 2005 @06:38AM (#12253951)

      I discovered this vulnerability, and i can confirm that Apple is indeed starting to think in zone separation paths...

      I have written a detailed advisory [remahl.se] about the problem (Apple conveniently "forgot" to link to it). Apple allows XMLHttpRequest more privileges when running from a file: URL than from http:. This created a problem combined with the fact that disk images are automatically mounted with predictable paths and that Safari did not enforce separation between the http: and file: zones.

      Apple took the approach of separating the zones instead of limiting XMLHttpRequest access from file: URLs.

      Note that Konqueror is already separating zones, and also allows file: URLs to use XMLHttpRequest to access local resources.

      I don't know if there are any other instances where the local zone is given higher privileges than the Internet zone. That's something for future research. If you haven't already updated, feel free to test the demo exploit on the advisory page.

      • Apple took the approach of separating the zones instead of limiting XMLHttpRequest access from file: URLs.

        Note that Konqueror is already separating zones, and also allows file: URLs to use XMLHttpRequest to access local resources.


        Stercus stercus stercus moriturus sum.

        Microsoft has spent seven years proving conclusively that these kinds of zones are an unworkable approach to security. A web browser has to operate in a mandatory access control environment, and that means that rights once given up must nev
  • Safari 1.3 seems considerably faster to me in terms of page scrolling on my 1.42ghz mac mini.

  • I guess I don't use Stickies enough. But it seems like a very simple application.
    • Re:Stickies? (Score:1, Insightful)

      by Anonymous Coward
      But it seems like a very simple application.

      Which just goes to show how hard programming can be, and how immature (in the young and developing meaning of the word) the computer "science" and software "engineering" fields are.
    • Re:Stickies? (Score:4, Informative)

      by Maserati ( 8679 ) on Saturday April 16, 2005 @01:15PM (#12256143) Homepage Journal
      Since the anonymous comment hasn't been modded up yet...

      Stickies is a beautiful application, sheer coding elegance. It does one thing very well. All it does is display a bunch of text windows in a variety of pastel colors. Each window can be 'windowshaded', which minimizes a window in place by displaying just the title bar (toggled with a double click). I keep all of my stickies windowshaded - the first line of text shows in the title bar so you can tell them apart. And you can drag and drop in and out of a sticky.

      That's all Stickies does. It displays windows you can type into. Nothing fancy, sheer minimalism in action. Adding more features would destroy the program's simplicity.

      Give 'em a try, they're a great place to stash snippets of text without going to multiple clipboards.

      But they aren't plain vanilla text windows. When Apple wrote the default text editing widget for Cocoa they made it very powerful. Because of that text in a sticky note can be be in any mix of fonts and faces, images can be pasted in, and the text can be kerned, and styles can be copied and re-applied. You even inherit the system-wide spellchecker by using the standard text widget.

      Apple has provided a very rich application framework, which raises the quality of software produced by small shops. We've all seen the infinity variety (and range of quality) of widgets that turn up in shareware for Windows. Having a rich frameowrk provided with the OS (and the developer tools) is much better, trust me on this.

      The drag and drop feature is really nice. Windows has it, but it's much more widely support in Mac apps, again because of the rich frameworks.

      Mac OS 9 had that windowshading for all windows, some miss it so there are extensions for OS X that do that.
  • "The changes mostly include bugfixes with Stickies, Safari, and the Finder." The Server update also addresses issues with Open Directory, cyrus, AFP, and SMB, among others. Apple also updated iMovie, iPhoto, iDVD, and iSight this week."

    Gee, where are the flames about "having to update all the time because of bugs"? (and quite a few are security related, hah-ha-a) It obviously happens often enough to put a "Software Updates" link somewhere in the OS.
    • by argent ( 18001 )
      I just finished reinstalling Windows because it had eaten its little brain.

      Install Windows. Reboot.
      Install VIA 4-in-1 drivers. Reboot.
      Install Audio drivers. Reboot.
      Install Ethernet and USB drivers. Reboot.
      Install video card drivers. Reboot.
      1 service pack. Reboot.
      42 "security and critical updates". Reboot.
      4 post service-pack updates. Reboot.
      DirectX. Reboot. .NET. Reboot.
      Windows Media Player. Reboot.
      7 reboots to bring Norton Antivirus up to date.
      2 driver updates for the motherboard. 2 more reboots.

      If I'd up
  • I'm sure this is too quick for that, and we know what happened the last time apple added something at the last minute for 10.2.8, but has apple said anything at all about the 10 year old bug [slashdot.org]? P
    • Of course it does. This is what it's all about. The 10 year old bug is hiding inside the Stickies app. There is a security vulnerability in Stickies.app which can cause a remote privilege escalation but notifies xinetd, ultimately causing the kernel panic mentioned in the news item you refer to, as a measure of protection hidden in xinetd against remote privilege escalation attacks.

      The bug can be reproduced by creating a purple sticky, setting the font to Arial 12 Bold, and typing:

      ALL YOUR BASE ARE BEL

  • by mh101 ( 620659 ) on Saturday April 16, 2005 @12:02PM (#12255601)
    I always wished Safari's download manager would list the transfer rate in addition to the file size and estimated time remaining.

    And lo and behold, after installing 10.3.9 it does! Way to go, Apple!

    • Option-clicking on the estimated time figure has toggled to transfer rate for quite a long time (since Safari came out?)
    • Speaking of Safari nuances, anyone know if there's a way to pull down a list of recently typed URLs in the Safari address bar? Most other browsers allow this, but in my limited use of Safari, if this is possible I haven't found it. That's one of my 2 gripes with Safari; the other one is lack of back/forward/etc. by right-clicking in a page. Again, most if not all other browsers have this convenient capability.
  • After the last update [apple.com], it might pay to let this one sit a few days!
  • Now if I'm typing something online, and hit Command+Shift+Left/Right, it will actually select everything from where I am to the beginning of the line, just like it does in TextEdit and most other apps.

    I like it a lot more than when I would hit it and it would switch tabs, even though I was typing something in a text box.
  • Does anyone here use securemote VPN ? it used to work with 10.3.8, rebooting in 10.3.9, securemote says it can't start :(
  • WebCT Fix (Score:3, Interesting)

    by edibleplastic ( 98111 ) on Saturday April 16, 2005 @05:10PM (#12257579)
    Not that this will affect many people but for some reason in the past when I would surf to my school's WebCT page Safari would beachball right after I logged in. This seems to be fixed with the new update. Good job!
    • Re:WebCT Fix (Score:3, Interesting)

      by GrahamCox ( 741991 )
      Ah, WebCT. What a crock of poop that is. I always have to force a WebCT page (any editor view, content is OK) to refresh manually by tweaking the browser window size to get it to display in Safari. I hope that's fixed too.
  • by macmurph ( 622189 ) on Monday April 18, 2005 @06:32PM (#12275878)
    When I right-click an image in Safari, I am no longer able to specify which folder I want to save it to. The only option is "Save to Safari Downloads".

    This does streamline things... but I think I miss the customization options that a save dialog provides.
    • Yeah, that is kind of irritating. However, dragging images from Safari to the Finder still works, so another thing you can do is navigate to the folder you want to download to in the Finder, go to Safari, start dragging the image, hit Expose if necessary, and drop the image in that folder. A little convoluted, but it works. (If Safari is in the background, you can drag stuff from it without bringing it to the foreground by holding the Command key while doing so.)

      Unfortunately, it looks like you can't drag

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Working...