Netatalk 3.2.1


If you redistribute binary Netatalk packages, please be advised that there may be incompatible licensing terms in this source package. To avoid potential issues when redistributing, it is strongly recommended to build this package with -Dwith-embedded-ssl=false when using the Meson build system. The Autotools build system is not affected. A future release version will address this issue.


If you previously used the Netatalk 3.1.18 Docker image for making Time Machine backups in macOS, you may run into errors after upgrading to the Netatalk 3.2.0 image or later. It is recommended to discard the backup sparsebundle and redo the backup. If you absolutely must access the older backup sparsebundle, downgrading to the 3.1.18 image should restore access.

Netatalk 3.2.1 is available!

The Netatalk team is proud to announce the latest version in the Netatalk 3.2 release series.

This release includes a patch for security vulnerabilities CVE-2024-38439, CVE-2024-38440, and CVE-2024-38441. Users of the 3.x release series are encouraged to update their servers to this version.

Additionally, this version reworks the configuration options for the new Meson build system, following user feedback to the prior release. See the table below for a breakdown of the changes.

The Netatalk 3 Webmin Module v1.1 is recommended to use with this version.

Please see NEWS for the full changelog.

Major Changes

Meson build system

The Meson build system was introduced in Netatalk 3.2.0, and exists in parallel with the traditional GNU Autotools build system. We plan to remove Autotools in a future feature release version of Netatalk.

Please see INSTALL for instructions how to use the new build system. The online manual also has a new appendix with build instructions for specific operating systems.

To improve the usability and consistency of the build system, we revisited the naming scheme and types of a majority of the package specific options in this version. The following table breaks down the changes between 3.2.0 and 3.2.1. Options in italics are unchanged.

3.2.0 option takes 3.2.1 option takes
build-manual true/false with-manual true/false
build-tests true/false with-tests true/false
disable-init-hooks true/false with-init-hooks true/false
disable-largefile true/false with-largefile true/false
disable-sendfile true/false with-sendfile true/false
disable-shell-check true/false with-shell-check true/false
disable-tcp-wrappers true/false with-tcp-wrappers true/false
enable-debug true/false with-debug true/false
enable-debugging true/false with-debugging true/false
enable-krbV-uam enabled/disabled with-krbV-uam true/false
enable-overwrite true/false with-overwrite true/false
enable-pgp-uam enabled/disabled with-pgp-uam true/false
enable-quota enabled/disabled with-quota true/false
enable-rpath true/false with-rpath true/false
enable-zeroconf enabled/disabled with-zeroconf true/false
with-acls enabled/disabled with-acls true/false
with-afpstats enabled/disabled with-acls true/false
with-bdb string with-bdb-path string
with-cnid-dbd-backend true/false with-cnid-dbd-backend true/false
with-cnid-default-backend string with-cnid-default-backend combo
with-cnid-last-backend true/false with-cnid-last-backend true/false
with-cracklib string with-cracklib true/false
with-cracklib-path string
with-dbus-daemon string with-dbus-daemon-path string
with-dbus-sysconf-dir string with-dbus-sysconf-path string
with-docbook string with-docbook-path string
with-dtrace true/false with-dtrace true/false
with-embedded-ssl true/false with-embedded-ssl true/false
with-gssapi string with-gssapi true/false
with-gssapi-path string
with-init-dir string with-init-dir string
with-init-style combo with-init-style combo
with-kerberos enabled/disabled with-kerberos true/false
with-ldap string with-ldap true/false
with-ldap-path string
with-libgcrypt-dir string with-libgcrypt-path true/false
with-libiconv string with-libiconv true/false
with-libiconv-path string
with-libtirpc true/false REMOVED
with-lockfile string with-lockfile-path string
with-mysql-config string with-mysql-config string
with-pam string with-pam-path string
without-pam true/false with-pam true/false
with-shadow enabled/disabled with-shadow true/false
with-spotlight enabled/disabled with-spotlight true/false
with-ssl-dir string REMOVED
with-tracker-install-prefix string with-tracker-install-prefix string
with-tracker-pkgconfig-version string REMOVED
with-tracker-prefix string with-tracker-prefix string
with-uams-path string with-uams-path string

Bundled WolfSSL

WolfSSL was introduced in Netatalk 3.2.0 as the recommended SSL provider for the DHX (DHCAST128) and Random Number user authentication modules.

In addition to the bundled WolfSSL library, the latest version of Netatalk now supports building with system provided WolfSSL libraries. At the time of release, only Debian and Ubuntu could be confirmed shipping a fully-featured WolfSSL library.

Alpine Linux, Arch Linux, DragonFly BSD and FreeBSD also ship WolfSSL libraries. However in our testing neither were complete enough to be used with Netatalk. On these platforms we will still use the bundled WolfSSL library.

What’s Changed

Full Changelog:…netatalk-3-2-1

Release published on 2024-06-29

Generated from the original at GitHub