REDISTRIBUTION LICENSING ALERT
If you redistribute binary Netatalk packages, please be advised that there may be incompatible licensing terms in this source package. To avoid potential issues when redistributing, it is strongly recommended to build this package with -Dwith-embedded-ssl=false when using the Meson build system. The Autotools build system is not affected. Alternatively, upgrade to Netatalk 3.2.2 or later.
DOCKER COMPATIBILITY ALERT
If you previously used the Netatalk 3.1.18 Docker image for making Time Machine backups in macOS, you may run into errors after upgrading to the Netatalk 3.2.0 image or later. It is recommended to discard the backup sparsebundle and redo the backup. If you absolutely must access the older backup sparsebundle, downgrading to the 3.1.18 image should restore access.
Netatalk 3.2.1 is available!
The Netatalk team is proud to announce the latest version in the Netatalk 3.2 release series.
This release includes a patch for security vulnerabilities CVE-2024-38439, CVE-2024-38440, and CVE-2024-38441. Users of the 3.x release series are encouraged to update their servers to this version.
Additionally, this version reworks the configuration options for the new Meson build system, following user feedback to the prior release. See the table below for a breakdown of the changes.
The Netatalk 3 Webmin Module v1.1 is recommended to use with this version.
Please see NEWS for the full changelog.
Major Changes
Meson build system
The Meson build system was introduced in Netatalk 3.2.0, and exists in parallel with the traditional GNU Autotools build system. We plan to remove Autotools in a future feature release version of Netatalk.
Please see INSTALL for instructions how to use the new build system. The online manual also has a new appendix with build instructions for specific operating systems.
To improve the usability and consistency of the build system, we revisited the naming scheme and types of a majority of the package specific options in this version. The following table breaks down the changes between 3.2.0 and 3.2.1. Options in italics are unchanged.
| 3.2.0 option | takes | 3.2.1 option | takes |
|---|---|---|---|
| build-manual | true/false | with-manual | true/false |
| build-tests | true/false | with-tests | true/false |
| disable-init-hooks | true/false | with-init-hooks | true/false |
| disable-largefile | true/false | with-largefile | true/false |
| disable-sendfile | true/false | with-sendfile | true/false |
| disable-shell-check | true/false | with-shell-check | true/false |
| disable-tcp-wrappers | true/false | with-tcp-wrappers | true/false |
| enable-debug | true/false | with-debug | true/false |
| enable-debugging | true/false | with-debugging | true/false |
| enable-krbV-uam | enabled/disabled | with-krbV-uam | true/false |
| enable-overwrite | true/false | with-overwrite | true/false |
| enable-pgp-uam | enabled/disabled | with-pgp-uam | true/false |
| enable-quota | enabled/disabled | with-quota | true/false |
| enable-rpath | true/false | with-rpath | true/false |
| enable-zeroconf | enabled/disabled | with-zeroconf | true/false |
| with-acls | enabled/disabled | with-acls | true/false |
| with-afpstats | enabled/disabled | with-acls | true/false |
| with-bdb | string | with-bdb-path | string |
| with-cnid-dbd-backend | true/false | with-cnid-dbd-backend | true/false |
| with-cnid-default-backend | string | with-cnid-default-backend | combo |
| with-cnid-last-backend | true/false | with-cnid-last-backend | true/false |
| with-cracklib | string | with-cracklib | true/false |
| with-cracklib-path | string | ||
| with-dbus-daemon | string | with-dbus-daemon-path | string |
| with-dbus-sysconf-dir | string | with-dbus-sysconf-path | string |
| with-docbook | string | with-docbook-path | string |
| with-dtrace | true/false | with-dtrace | true/false |
| with-embedded-ssl | true/false | with-embedded-ssl | true/false |
| with-gssapi | string | with-gssapi | true/false |
| with-gssapi-path | string | ||
| with-init-dir | string | with-init-dir | string |
| with-init-style | combo | with-init-style | combo |
| with-kerberos | enabled/disabled | with-kerberos | true/false |
| with-ldap | string | with-ldap | true/false |
| with-ldap-path | string | ||
| with-libgcrypt-dir | string | with-libgcrypt-path | true/false |
| with-libiconv | string | with-libiconv | true/false |
| with-libiconv-path | string | ||
| with-libtirpc | true/false | REMOVED | |
| with-lockfile | string | with-lockfile-path | string |
| with-mysql-config | string | with-mysql-config | string |
| with-pam | string | with-pam-path | string |
| without-pam | true/false | with-pam | true/false |
| with-shadow | enabled/disabled | with-shadow | true/false |
| with-spotlight | enabled/disabled | with-spotlight | true/false |
| with-ssl-dir | string | REMOVED | |
| with-tracker-install-prefix | string | with-tracker-install-prefix | string |
| with-tracker-pkgconfig-version | string | REMOVED | |
| with-tracker-prefix | string | with-tracker-prefix | string |
| with-uams-path | string | with-uams-path | string |
Bundled WolfSSL
WolfSSL was introduced in Netatalk 3.2.0 as the recommended SSL provider for the DHX (DHCAST128) and Random Number user authentication modules.
In addition to the bundled WolfSSL library, the latest version of Netatalk now supports building with system provided WolfSSL libraries. At the time of release, only Debian and Ubuntu could be confirmed shipping a fully-featured WolfSSL library.
Alpine Linux, Arch Linux, DragonFly BSD and FreeBSD also ship WolfSSL libraries. However in our testing neither were complete enough to be used with Netatalk. On these platforms we will still use the bundled WolfSSL library.
What’s Changed
- meson: Fix -Doption paths on systems where rpath is enabled by default by @dgsga in #1053
- meson: Fix library search macro on Omnios hosts by @dgsga in #1056
- docker: Don’t bail out when password is longer than 8 chars by @rdmark in #1067
- meson: afpstats should depend on Perl; don’t install dev scripts by @rdmark in #1070
- meson: set setuid bit to allow user afppasswd changing by @rdmark in #1071
- meson: Fix logic of UCS-2-INTERNAL detection macro by @dgsga in #1075
- meson: Address various issues with the meson build system by @dgsga in #1082
- Use portable linux macro in etc/afpd header by @dgsga in #1083
- meson: Further refinements to meson build system by @dgsga in #1086
- meson: Fix issues with quota support on linux and macOS hosts by @dgsga in #1092
- meson: Simplify options semantics and standardize feature macros by @dgsga in #1099
- docker: Bump to Alpine 3.20 base image by @rdmark in #1111
- docker: Correct group management for Alpine by @rdmark in #1116
- meson: Set executable flags when installing scripts by @rdmark in #1117
- meson: with-rpath syntax is invalid by @rdmark in #1130
- docs: Indicate license for software package, and add SSLeay notice by @rdmark in #1125
- autotools and meson: Use pkg-config to find libgcrypt by @dgsga in #1132
- Debian Trixie expects systemd scripts in /usr/lib by @rdmark in #1135
- Add copyright for mac_roman.h by @rdmark in #1137
- Cleanup of copyright headers to make them more scanner friendly by @rdmark in #1142
- Remove unused atalk/talloc.h header by @dgsga in #1154
- CVE-2024-38439,CVE-2024-38440,CVE-2024-38441: Harden user login by @rdmark in #1158
- docs: Rephrase tarball section of manual by @rdmark in #1164
- meson: Prioritize native WolfSSL package over built-in SSL library if it has the correct configuration by @dgsga in #1160
- Changelog for 3.2.1 release by @rdmark in #1168
Full Changelog: https://github.com/Netatalk/netatalk/compare/netatalk-3-2-0…netatalk-3-2-1
Note: The Debian deb package distributed with this release is built for Debian 12 Bookworm.
Downloads
- netatalk-3.2.1.tar.xz (1.8 MB)
- netatalk-3.2.1.tar.xz.sha256sum (0.0 MB)
- netatalk_3.2.1.ds-1_amd64.deb (0.6 MB)
Footnotes
Release published on 2024-06-29
Generated from GitHub Release Notes
