Netatalk 3.2.1
REDISTRIBUTION LICENSING ALERT
If you redistribute binary Netatalk packages, please be advised that there may be incompatible licensing terms in this source package. To avoid potential issues when redistributing, it is strongly recommended to build this package with -Dwith-embedded-ssl=false when using the Meson build system. The Autotools build system is not affected. Alternatively, upgrade to Netatalk 3.2.2 or later.
DOCKER COMPATIBILITY ALERT
If you previously used the Netatalk 3.1.18 Docker image for making Time Machine backups in macOS, you may run into errors after upgrading to the Netatalk 3.2.0 image or later. It is recommended to discard the backup sparsebundle and redo the backup. If you absolutely must access the older backup sparsebundle, downgrading to the 3.1.18 image should restore access.
Netatalk 3.2.1 is available!
The Netatalk team is proud to announce the latest version in the Netatalk 3.2 release series.
This release includes a patch for security vulnerabilities CVE-2024-38439, CVE-2024-38440, and CVE-2024-38441. Users of the 3.x release series are encouraged to update their servers to this version.
Additionally, this version reworks the configuration options for the new Meson build system, following user feedback to the prior release. See the table below for a breakdown of the changes.
The Netatalk 3 Webmin Module v1.1 is recommended to use with this version.
Please see NEWS for the full changelog.
Major Changes
Meson build system
The Meson build system was introduced in Netatalk 3.2.0, and exists in parallel with the traditional GNU Autotools build system. We plan to remove Autotools in a future feature release version of Netatalk.
Please see INSTALL for instructions how to use the new build system. The online manual also has a new appendix with build instructions for specific operating systems.
To improve the usability and consistency of the build system, we revisited the naming scheme and types of a majority of the package specific options in this version. The following table breaks down the changes between 3.2.0 and 3.2.1. Options in italics are unchanged.
| 3.2.0 option | takes | 3.2.1 option | takes |
|---|---|---|---|
| build-manual | true/false | with-manual | true/false |
| build-tests | true/false | with-tests | true/false |
| disable-init-hooks | true/false | with-init-hooks | true/false |
| disable-largefile | true/false | with-largefile | true/false |
| disable-sendfile | true/false | with-sendfile | true/false |
| disable-shell-check | true/false | with-shell-check | true/false |
| disable-tcp-wrappers | true/false | with-tcp-wrappers | true/false |
| enable-debug | true/false | with-debug | true/false |
| enable-debugging | true/false | with-debugging | true/false |
| enable-krbV-uam | enabled/disabled | with-krbV-uam | true/false |
| enable-overwrite | true/false | with-overwrite | true/false |
| enable-pgp-uam | enabled/disabled | with-pgp-uam | true/false |
| enable-quota | enabled/disabled | with-quota | true/false |
| enable-rpath | true/false | with-rpath | true/false |
| enable-zeroconf | enabled/disabled | with-zeroconf | true/false |
| with-acls | enabled/disabled | with-acls | true/false |
| with-afpstats | enabled/disabled | with-acls | true/false |
| with-bdb | string | with-bdb-path | string |
| with-cnid-dbd-backend | true/false | with-cnid-dbd-backend | true/false |
| with-cnid-default-backend | string | with-cnid-default-backend | combo |
| with-cnid-last-backend | true/false | with-cnid-last-backend | true/false |
| with-cracklib | string | with-cracklib | true/false |
| with-cracklib-path | string | ||
| with-dbus-daemon | string | with-dbus-daemon-path | string |
| with-dbus-sysconf-dir | string | with-dbus-sysconf-path | string |
| with-docbook | string | with-docbook-path | string |
| with-dtrace | true/false | with-dtrace | true/false |
| with-embedded-ssl | true/false | with-embedded-ssl | true/false |
| with-gssapi | string | with-gssapi | true/false |
| with-gssapi-path | string | ||
| with-init-dir | string | with-init-dir | string |
| with-init-style | combo | with-init-style | combo |
| with-kerberos | enabled/disabled | with-kerberos | true/false |
| with-ldap | string | with-ldap | true/false |
| with-ldap-path | string | ||
| with-libgcrypt-dir | string | with-libgcrypt-path | true/false |
| with-libiconv | string | with-libiconv | true/false |
| with-libiconv-path | string | ||
| with-libtirpc | true/false | REMOVED | |
| with-lockfile | string | with-lockfile-path | string |
| with-mysql-config | string | with-mysql-config | string |
| with-pam | string | with-pam-path | string |
| without-pam | true/false | with-pam | true/false |
| with-shadow | enabled/disabled | with-shadow | true/false |
| with-spotlight | enabled/disabled | with-spotlight | true/false |
| with-ssl-dir | string | REMOVED | |
| with-tracker-install-prefix | string | with-tracker-install-prefix | string |
| with-tracker-pkgconfig-version | string | REMOVED | |
| with-tracker-prefix | string | with-tracker-prefix | string |
| with-uams-path | string | with-uams-path | string |
Bundled WolfSSL
WolfSSL was introduced in Netatalk 3.2.0 as the recommended SSL provider for the DHX (DHCAST128) and Random Number user authentication modules.
In addition to the bundled WolfSSL library, the latest version of Netatalk now supports building with system provided WolfSSL libraries. At the time of release, only Debian and Ubuntu could be confirmed shipping a fully-featured WolfSSL library.
Alpine Linux, Arch Linux, DragonFly BSD and FreeBSD also ship WolfSSL libraries. However in our testing neither were complete enough to be used with Netatalk. On these platforms we will still use the bundled WolfSSL library.
What’s Changed
- meson: Fix -Doption paths on systems where rpath is enabled by default by @dgsga in https://github.com/Netatalk/netatalk/pull/1053
- meson: Fix library search macro on Omnios hosts by @dgsga in https://github.com/Netatalk/netatalk/pull/1056
- docker: Don’t bail out when password is longer than 8 chars by @rdmark in https://github.com/Netatalk/netatalk/pull/1067
- meson: afpstats should depend on Perl; don’t install dev scripts by @rdmark in https://github.com/Netatalk/netatalk/pull/1070
- meson: set setuid bit to allow user afppasswd changing by @rdmark in https://github.com/Netatalk/netatalk/pull/1071
- meson: Fix logic of UCS-2-INTERNAL detection macro by @dgsga in https://github.com/Netatalk/netatalk/pull/1075
- meson: Address various issues with the meson build system by @dgsga in https://github.com/Netatalk/netatalk/pull/1082
- Use portable linux macro in etc/afpd header by @dgsga in https://github.com/Netatalk/netatalk/pull/1083
- meson: Further refinements to meson build system by @dgsga in https://github.com/Netatalk/netatalk/pull/1086
- meson: Fix issues with quota support on linux and macOS hosts by @dgsga in https://github.com/Netatalk/netatalk/pull/1092
- meson: Simplify options semantics and standardize feature macros by @dgsga in https://github.com/Netatalk/netatalk/pull/1099
- docker: Bump to Alpine 3.20 base image by @rdmark in https://github.com/Netatalk/netatalk/pull/1111
- docker: Correct group management for Alpine by @rdmark in https://github.com/Netatalk/netatalk/pull/1116
- meson: Set executable flags when installing scripts by @rdmark in https://github.com/Netatalk/netatalk/pull/1117
- meson: with-rpath syntax is invalid by @rdmark in https://github.com/Netatalk/netatalk/pull/1130
- docs: Indicate license for software package, and add SSLeay notice by @rdmark in https://github.com/Netatalk/netatalk/pull/1125
- autotools and meson: Use pkg-config to find libgcrypt by @dgsga in https://github.com/Netatalk/netatalk/pull/1132
- Debian Trixie expects systemd scripts in /usr/lib by @rdmark in https://github.com/Netatalk/netatalk/pull/1135
- Add copyright for mac_roman.h by @rdmark in https://github.com/Netatalk/netatalk/pull/1137
- Cleanup of copyright headers to make them more scanner friendly by @rdmark in https://github.com/Netatalk/netatalk/pull/1142
- Remove unused atalk/talloc.h header by @dgsga in https://github.com/Netatalk/netatalk/pull/1154
- CVE-2024-38439,CVE-2024-38440,CVE-2024-38441: Harden user login by @rdmark in https://github.com/Netatalk/netatalk/pull/1158
- docs: Rephrase tarball section of manual by @rdmark in https://github.com/Netatalk/netatalk/pull/1164
- meson: Prioritize native WolfSSL package over built-in SSL library if it has the correct configuration by @dgsga in https://github.com/Netatalk/netatalk/pull/1160
- Changelog for 3.2.1 release by @rdmark in https://github.com/Netatalk/netatalk/pull/1168
Full Changelog: https://github.com/Netatalk/netatalk/compare/netatalk-3-2-0…netatalk-3-2-1
Note: The Debian deb package distributed with this release is built for Debian 12 Bookworm.
Release published on 2024-06-29
Generated from the original at GitHub
