Leopard 10.5.1 released

[adsl3g]

http://www.appleinsider.com/article...mac_os_x_10_5_1_update_for_leopard_users.html

Mac OS X 10.5.1 is available as a 110MB download and includes general operating system fixes that enhance the stability, compatibility and security of your Mac, Apple says.

The following improvements for both PowerPC and Intel-based Macs are included in this update:

AirPort

* Allows password-protected accounts on AirPort Disks to show up on in the Finder's Shared Sidebar.
* Resolves an issue with saved passwords for wireless networks.

Back to My Mac

* Improves the reliability of Back to My Mac-enabled Macs appearing in the Finder's Shared Sidebar.
* Improves compatibility with D-Link NAT gateways.

Disk utilities

* Restores the functionality of the progress bar during permission repairs in Disk Utility.
* Addresses an issue that could produce an alert when creating disk images using Disk Utility or Terminal.
* Improves disk partitioning when multiple RAID sets are created on the same disk.

iCal

* iCal alarms are now more reliably delivered via email.
* Resolves an issue when inviting attendees via a CalDAV account.

Mail

* Improves stability when resizing columns in the message viewer or switching between Stationery templates in email messages.
* Addresses an issue in which attachments enclosed inside an HTML link may not be clickable in email messages.
* Fixes an issue with email accounts added using the "Simple Setup" feature in which messages cannot be sent due to an SMTP connection failure.
* Improves Smart Mailboxes compatibility with .Mac Sync, and addresses an issue with To Do's disappearing when using Smart Mailboxes.
* Resolves an issue with syncing Mail accounts with .Mac in which multiple On My Mac folders appear in the Mailbox pane.

Networking

* Addresses an issue in which Microsoft Windows shared folders may be read-only when connected via SMB.

Printing

* Resolves an issue in which user-selected values on Paper Feed PDE are reset to default while saving a custom preset.

Security, Firewall

* Addresses a code signing issue; third-party applications can now run when included in the Application Firewall or when whitelisted in Parental Controls.
* In Security preferences' Firewall tab, the "Block All" option is now called "Allow Only essential services".
* Includes recent Apple security updates..

System and Finder

* Addresses a potential data loss issue when moving files across partitions in the Finder.
* Resolves an issue with login after turning off FileVault for a specific user account.
* Improves compatibility with Adobe Flash-based uploaders used by .Mac Web Gallery and certain other websites and applications.
* Resolves a potential text drawing issue with certain Adobe Flash-based websites and applications.

Time Machine

* Addresses formatting issues with certain drives used with Time Machine (specifically, single-partition MBR drives greater than 512 GB in size as well as NTFS drives of any size and partition scheme).
* Resolves an issue in which files restored in Time Machine may be restored to the backup hierarchy rather than the folders to which they belong.

Mac OS X 10.5.1 Server

Apple also released Mac OS X Server 10.5.1 Update [110MB] which delivers several improvements, including:

Server Preferences

* Addresses an issue which could block adding external users to a newly-created group.

NetBoot

* Addresses an issue in which 10.5.x-based software images could lead to an unresponsive NetBoot client.

Open Directory

* Addresses an issue blocking control of client application access when usernames contain non-ASCII characters.
* Addresses intermittent Password Server errors.

SMB File Service

* Addresses an issue in which Microsoft Windows clients may misinterpret shared folders' ACL settings.

Download: http://www.apple.com/support/downloads/macosx1051update.html

 

[rwenzori]

Thanks. Grabbing it now.

 

[bwana]

Downloaded and installed.

 

[adsl3g]

Have installed it and my wireless connected and held the connection after a restart (so far so good). My one NAS drive a Fujitsu-Siemens SBLAN is still not showing any files in the finder window.

I think this issue is due to the software on the drive not being able to create users - you only specify a user name and PW. My SBLAN2 NAS drive you must create users and groups apart from the admin user and PW.

I got the SBLAN2 NAS as an upgrade to the SBLAN NAS as it was not a very good buy - the fan in the enclosure also sounds like VW Beetle when it starts up.

I am looking for a FireWire enclosure to use the HD of the SBLAN NAS in and dump the old enclosure but none of the COmputer shops stock these things, I can only get online.

FTP'ing to the SBLAN NAS drive works fine but only Read access.

 

[icyrus]

Downloaded and installed.

Did it fix your screenshot problems?

 

[bwana]

Did it fix your screenshot problems?

No - but here's a kicker - screenshots work from another user account.

 

[icyrus]

No - but here's a kicker - screenshots work from another user account.

Different permissions or same permissions?

 

[bwana]

Different permissions or same permissions?

On what?

 

[icyrus]

On what?

The user accounts.

 

[koffiejunkie]

* In Security preferences' Firewall tab, the "Block All" option is now called "Allow Only essential services".

This bothers me. There should be a "block all" option and it really should block all incoming connections.

For the sake of interest, is anyone here running 10.5.1 with a direct internet connection (i.e. not behind a router but with e.g. a 3g card, good old 56kmodem or USB adsl/iBurst modem)? For the greater good of everyone I'd like to run a portscan against such a machine and see what exactly "essential services" are. If you're interested, PM me.

* Addresses formatting issues with certain drives used with Time Machine (specifically, single-partition MBR drives greater than 512 GB in size as well as NTFS drives of any size and partition scheme).

So can Leopard write NTFS?

 

[bwana]

This bothers me. There should be a "block all" option and it really should block all incoming connections.

For the sake of interest, is anyone here running 10.5.1 with a direct internet connection (i.e. not behind a router but with e.g. a 3g card, good old 56kmodem or USB adsl/iBurst modem)? For the greater good of everyone I'd like to run a portscan against such a machine and see what exactly "essential services" are. If you're interested, PM me.

I'm game.

 

[icyrus]

This bothers me. There should be a "block all" option and it really should block all incoming connections.

For the sake of interest, is anyone here running 10.5.1 with a direct internet connection (i.e. not behind a router but with e.g. a 3g card, good old 56kmodem or USB adsl/iBurst modem)? For the greater good of everyone I'd like to run a portscan against such a machine and see what exactly "essential services" are. If you're interested, PM me.

Are you going to use nmap? If so keep in mind that nmap will respond with open/filtered to some ports that are not actually publicly accessible.

If you are intent in blocking all connections then you can use command line or 3rd party tools to manipulate ipfw directly.

The slashdot article on this has some interesting comments:

http://it.slashdot.org/it/07/11/15/2135204.shtml

This one in particular:

Now, I *do* wish that Apple had one more option: Block *everything*, but explain, hey, this is going to break some things like Bonjour, etc., so be SURE that you want to do this, and don't complain if all of a sudden your AppleTV syncing and iTunes sharing and automatic local machine discovery no longer work.

Apple describes all of this very explicitly here [apple.com]:

The 10.5.0 Application Firewall blocked all but:

Processes that are running as UID 0
mDNSResponder

The 10.5.1 Application Firewall blocks all but:

configd, which implements DHCP and other network configuration services
mDNSResponder, which implements Bonjour
racoon, which implements IPSec

So, while I haven't extensively tested yet, it does NOT appear to allow UID 0 processes, but rather only the above processes.

 

[bwana]

Are you going to use nmap? If so keep in mind that nmap will respond with open/filtered to some ports that are not actually publicly accessible.

Even in stealth mode?

 

[icyrus]

Even in stealth mode?

I'm not sure, apparently.

There is an article about the original hassles here:
http://securosis.com/2007/11/01/investigating-the-leopard-firewall/

And this comment relates directly to this particular issue:

I disagree. Open/filtered (because we all know you’re using NMap, and probably a SYN scan…) just means that you’re getting a RST from the firewall. The firewall is telling you that you’re not allowed so NMap tells you that someone is allowed, just not you. This is good and bad, but it in no way really breaks any of the functionality of the mode of operation.

If you get an open/filtered results - try actually connecting to it. That will answer it quite categorically.

This whole leopard firewall issue is a bit of a storm-in-a-teacup I think

 

[bwana]

I see someone is having fun port scanning me.

(the firewall log has already [-]doubled[/-] quadrupled in size )

 

[koffiejunkie]

I see someone is having fun port scanning me.

(the firewall log has already [-]doubled[/-] quadrupled in size )

It seems to be working then

 

[koffiejunkie]

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-16 10:10 GMT
Initiating Parallel DNS resolution of 1 host. at 10:10
Completed Parallel DNS resolution of 1 host. at 10:10, 0.16s elapsed
Initiating SYN Stealth Scan at 10:10
Scanning dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx) [65535 ports]
SYN Stealth Scan Timing: About 2.14% done; ETC: 10:33 (0:22:52 remaining)
Completed SYN Stealth Scan at 10:32, 1361.50s elapsed (65535 total ports)
Warning: OS detection for XX.xxx.XX.xxx will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Initiating OS detection (try #1) against dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx)
Retrying OS detection (try #2) against dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx)
Initiating gen1 OS Detection against XX.xxx.XX.xxx at 1364.320s
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Host dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx) appears to be up ... good.
All 65535 scanned ports on dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx) are filtered
Too many fingerprints match this host to give specific OS details

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 1365.438 seconds
Raw packets sent: 131114 (5.774MB) | Rcvd: 16 (1180B)


The second scan is still running....

 

[bwana]

Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-16 10:10 GMT
Initiating Parallel DNS resolution of 1 host. at 10:10
Completed Parallel DNS resolution of 1 host. at 10:10, 0.16s elapsed
Initiating SYN Stealth Scan at 10:10
Scanning dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx) [65535 ports]
SYN Stealth Scan Timing: About 2.14% done; ETC: 10:33 (0:22:52 remaining)
Completed SYN Stealth Scan at 10:32, 1361.50s elapsed (65535 total ports)
Warning: OS detection for XX.xxx.XX.xxx will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Initiating OS detection (try #1) against dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx)
Retrying OS detection (try #2) against dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx)
Initiating gen1 OS Detection against XX.xxx.XX.xxx at 1364.320s
Warning: OS detection will be MUCH less reliable because we did not find at least 1 open and 1 closed TCP port
Host dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx) appears to be up ... good.
All 65535 scanned ports on dsl-xxx-XX-xxx.telkomadsl.co.za (XX.xxx.XX.xxx) are filtered
Too many fingerprints match this host to give specific OS details

OS detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 1365.438 seconds
Raw packets sent: 131114 (5.774MB) | Rcvd: 16 (1180B)


The second scan is still running....

What does all that mean?

 

[bwana]

Hope you got all you needed because we've been eskom'ed.

 

[koffiejunkie]

Oh, that's why my nessus scan died Oh well....

From the nmap output it looks like the firewall is doing its job. I don't have Leopard yet (will buy my MacBook in a few weeks and start tinkering) so I don't know what the Leopard firewall does. Just for interest sake, what does 'ipfw list' in a terminal show you?