Slashdot Mirror
Mac OS X 10.2.8 Available
Transfan76 writes "The 10.2.8 Update delivers enhanced functionality and improved reliability for the following applications, services and technologies: Audio, Bluetooth, Classic compatibility, Finder, Graphics, LDAP, Power Management, Safari, and FireWire and USB device compatibility. The update also provides updated security services and includes the latest Security Updates." Does this have the update to ssh?
Now, this update is NOT FOR G5 OWNERS. That said, does this update basically bring all G3s and G4s to the same as G5s (bugfix and feature/improvement wise, except for 1 or 2 very new ones), or is this above and beyond (since I know that G5s shipped with a newer version of OS X). Thanks.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
No official word on the updated SSH, but the version string has been changed from "OpenSSH_3.4p1" to "OpenSSH_3.4p1+CAN-2003-0693".
Soooo, I'd have to guess that, yes, it is fixed.
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
Well, this has *an* update to ssh, I dunno if it's *the* update to ssh.
The version string changes to:
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
From:
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090609f
So it's still 3.4, but it looks like they added some patch.
"The worst tyrannies were the ones where a governance required its own logic on every embedded node." - Vernor Vinge
There are already about half a dozen spymac members who've been burned with this update. They've lost ALL their mail accounts after rebooting to 10.2.8.
I'll be waiting until that's fixed
The MacOS 10.2.6 update is a lot older than 2 weeks.
However, you're right in the sense that these updates don't actually require a restart. They are just doing it "to be sure".
Vonal Declosion
FWIW, my XBench results under 10.2.6 were 69.99. Under 10.2.8 I have 76.3.
.x update the changes to the underlying OS have much greater license.
A nice little improvement even if it is a synthetic benchmark it's nice to see Apple striving for optimisation. Hopefully this mindset will be seen in Panther to a much greater degree seeing as being a full
-Nex
This sig has been deprecated.
A couple of people have reported to XLR8 Your Mac that their M-Audio Revolution 7.1 cards no longer work after the update. One mentions that M-Audio knows about it and is working on a fix.
An odd thing was that it reset my monitor settings back to 16bit colour ('Thousands'), so you may want to watch out for that. Aqua does such a good job of dithering you probably wouldn't even notice at first.
Another odd thing was that my display went a little funky when doing the cross-fading desktop pictures just a second ago. Fixed itself after the transition was complete, no idea what that's about.
If you're superstitious like me don't forget to do the Repair Permissions trick - its the new Rebuild Desktop - although I had no issues there either.
One last thing, be prepared to have your frickin Keychain pestering you for the next week....
If Jesus wants me it knows where to find me.
The cross-fading desktops feature has a new bug (on a 12" PB anyway) where the secondary monitor - in my case a Sony 17" CRT - screws up the transition effect.
The PowerBook is running at 1024x768/32bit on its main display, and 1280x1024/32bit on the secondary (NOT mirroring).
During the crossfade the first picture suddenly appears to squish to have the horizontal resolution, pushed to the left, and the palette gets munged (purple). It snaps back to normal after the fade but it ain't pretty.
If Jesus wants me it knows where to find me.
APPLE-SA-2003-09-22 Mac OS X 10.2.8
Mac OS X 10.2.8 is now available. It contains fixes for recent
vulnerabilities in:
OpenSSH: Mac OS X 10.2.8 contains the patches to address CVE
CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682. On Mac OS X
versions prior to 10.2.8, the vulnerability is limited to a denial
of service from the possibility of causing sshd to crash. Each
login session has its own sshd, so established connections are
preserved up to the point where system resources are exhausted by
an attack.
To deliver the update in a rapid and reliable manner, only the
patches for CVE IDs listed above were applied, and not the entire
set of patches for OpenSSH 3.7.1. Thus, the OpenSSH version in
Mac OS X 10.2.8, as obtained via the "ssh -V" command, is:
OpenSSH_3.4p1+CAN-2003-0693, SSH protocols 1.5/2.0, OpenSSL
0x0090609f
Sendmail: Addresses CVE CAN-2003-0694 and CAN-2003-0681 to fix a
buffer overflow in address parsing, as well as a potential buffer
overflow in ruleset parsing.
fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in
the fb_realpath() function that may allow attackers to execute
arbitrary code.
arplookup(): Fixes CAN-2003-0804. The arplookup() function caches
ARP requests for routes on a local link. On a local subnet only,
it is possible for an attacker to send a sufficient number of
spoofed ARP requests which will exhaust kernel memory, leading to
a denial of service.
10.2.7 was a G5-only version of Mac OS X as a stop-gap measure before Apple finishes 10.3.6 426)
Apple says (http://docs.info.apple.com/article.html?artnum=8
Don't use the 10.2.7 CDsthat come with the G5 macs on normal macs, it's g5 only.
As another poster said "to be sure", also I bet apple and old school mac users are uneasy with the idea of system updates without a restart. I'm just glad they finally wised up and don't have the iApps force you to restart anymore.
I was going to mod you up in sympathy but I decided to reply instead when I saw the flamebait at the end of your post. I agree fully that the installation procedure for the airport card is not trivial, and is a blemish on Apple's otherwise very good hardware record. It could really have been made simpler or at leats be done for free at an Apple store. Technically challenged people (most computer users fit into this category) should not be made to do this.
But Apple has made these cards default in the newer Powerbooks AFAIK and you could have installed a wireless PC card with the same ease as you would have on a PC laptop. Apart from this I have never seen a PC laptop with an even close attention to detail and engineering quality of an Apple laptop, with the possible exception of IBM's Thinkpads, which are quite solid. Dell and Compaq's offerings are poorly engiineered in order to save money and it shows.
Anyway, who cares. If something drives you to rage, then I think you have other problems...
The Belkin USB 2.0 PCI card I put in my Dual-867 PowerMac G4 now works at USB 2.0 speed. I can actually transfer files to my Maxtor external hard drive in a reasonable amount of time. Too bad I already bought a Firewire drive to use instead.
Apple pioneered the use of USB and Firewire. It's a shame to see they dropped the ball on USB 2 until now.
Discussed further here. Respect to Andrew McPherson for coming up with a workaround: make a backup of /System/Library/Extensions/AppleGMACEthernet.kext before upgrading, and restore it afterwards. If you've already upgraded, follow the link for more info.
Ceterum censeo subscriptionem esse delendam.
Very small fonts in Safari render MUCH better now. They are actually legible. Must be an improvement to the Webcore. I can now read the positions on my Yahoo! Fantasy Football roster!
upgrades have involved reboots in the past because, to improve performace, Apple has implemented part of iTunes as kernel extensions, and any tampering with the kernel requires a fresh boot to ensure stability. Other updates may have been done out of ignorance or habit, but in the case of the iApps, the reboots have generally been unavoidable.
That said, did the 10.2.8 update involve any kernel changes? It's been long enough that there could be a point release to the kernel itself by now, not to mention any other updated kernel extensions. I haven't yet had a chance to inspect the bill of materials (hint: lsbom /Library/Receipts/fooApp.pkg to learn what was updated in a given package), but if anything in there touched the kernel, then a reboot really does has to happen.
DO NOT LEAVE IT IS NOT REAL
Oh, by the way, the "easily accessed" slot is on the side, just where it is on a PC, and accepts standard wireless cards. The Airport card is for people who don't want to be bothered unplugging their wireless card every time they want to to put something else in that slot.
>Dumbass, Sir, to you....
TOPIC
This software updates Mac OS X 10.2.6 or 10.2.7 to version 10.2.8.
Important: This update works only with Power Mac G3- and G4-based desktop and portable computers, including iMac, eMac, and iBook. This update does not work with Power Mac G5 computers.
However, you're right in the sense that these updates don't actually require a restart. They are just doing it "to be sure".
I suppose they could try to kill the old sshd and restart it - but that's more trouble than it's worth.
As for uptime complaints because of update...
NEWSFLASH: If you don't wanna lose the uptime, don't update.
Or do it by hand and don't restart. Or just get a grip and realize that it don't matter.
I didn't restart for the Java patch...
As another poster alluded to, USB 2.0 != high speed.
USB 2.0 is a new protocol standard, it happens to have two version (IIRC), standard and fast. You CAN impliment USB 2.0 and only support the older/slower transfer speed.
For whatever reason, Apple has decided to not use (perhaps not license) the "USB 2.0 (HighSpeed)" logo.
Article X: The powers not delegated... by the Constitution...are reserved...to the people
Judging from the change list, it patches the USB, Bluetooth, and audio drivers. Maybe Apple doesn't feel comfortable changing kexts without a reboot.
Link to downloadable installer
When the incremental updates produce funny results (any iBook owners remember the "low battery" warning disappearing after updating to [IIRC] 10.2.5?), you might want to try an Update Combo. Only 97MB!
See Apple's Security page:
Mac OS X 10.2.8
OpenSSH: Addresses CAN-2003-0693, CAN-2003-0695, and CAN-2003-0682 to fix buffer management errors in OpenSSH's sshd versions prior to 3.7.1
sendmail: Addresses CAN-2003-0694 and CAN-2003-0681 to fix a buffer overflow in address parsing, as well as a potential buffer overflow in ruleset parsing.
fb_realpath(): Fixes CAN-2003-0466 which is an off-by-one error in the fb_realpath() function that may allow attackers to execute arbitrary code.
arplookup(): Fixes CAN-2003-0804. The arplookup() function caches ARP requests for routes on a local link. On a local subnet only, it is possible for an attacker to send a sufficient number of spoofed ARP requests which will exhaust kernel memory, leading to a denial of service.
Apple has apparently improved CSS in Safari. The Complex Spiral Demo previously mentioned via the Mac Browser Smackdown, which in turn was mentioned on slashdot, now renders correctly in Safari. (Previously Safari was coloring black the parts which weren't in the blue box and were off the screen when the page finished loading.)
(As a side note, I couldn't load the Ars Technica article without turning off Javascript. It kept sending me to some crappy ad that was supposed to redirect me back to the article but didn't.)