rlucas.net: The Next Generation Rotating Header Image

Apple Security Update 2003-03-24 Breaks Many Things?

For Mac OS X users who installed the Software Update with a security component on 24 March 2003, some things might be broken if you use Apache, Sendmail, or the Perl PostgreSQL module DBD::Pg.


1) Regarding Sendmail:

See http://www.macosxhints.com/article.php?story=20030306145838840

(relevant error message: Sendmail might complain in /var/log/mail.log of “Deferred: Connection refused by localhost “)

(summary: Apple makes sendmail look at /etc/mail/submit.cf instead of sendmail.cf)


2) Regarding Apache:

See http://ganter.dyndns.org/misc/apple_ssl.php and http://apple.slashdot.org/comments.pl?sid=58276&threshold=1&commentsort=0&tid=172&mode=thread&cid=5640470

(relevant error message: Apache segfaults out on some SSL requests with the crash message [try /var/log/system.log]

Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001)

… and specifically complains that the error is in ssl_var_lookup_ssl)

(summary: Apple supplies a faulty libssl.so for Apache; a working version is provided)

(fix: see dyndns link above or try http://cyber.law.harvard.edu/blogs/gems/rlucas/libssl.so NO WARRANTY courtesy only mirror)


3) Regarding DBD::Pg
See http://gborg.postgresql.org/pipermail/dbdpg-general/2003-March/000039.html

(relevant error message:

dyld: perl Undefined symbols:
_BIO_free
_BIO_new_mem_buf
_DH_check
_DH_generate_parameters
_DH_size
_ERR_get_error
_ERR_reason_error_string
_EVP_PKEY_free
_PEM_read_DHparams
_PEM_read_PrivateKey
_PEM_read_X509
_PEM_read_bio_DHparams
_SSL_CTX_ctrl
_SSL_CTX_free
_SSL_CTX_load_verify_locations
_SSL_CTX_new
_SSL_CTX_set_tmp_dh_callback
_SSL_CTX_set_verify
_SSL_CTX_set_verify_depth
_SSL_connect
_SSL_free

… and more, whenever a script uses DBD::Pg.)

(summary: Perl scripts now crash out. Might be because PostgreSQL was compiled before the security update. Does anyone know otherwise?)


I am going to install the July Security Update to see if it fixes things at all.


UPDATE: The July security update does not fix it. However, recompiling PostgreSQL fixes most of the errors (see 25 July 2003 entry for a persistent error with utf-8 support).

Leave a Reply

Your email address will not be published. Required fields are marked *