Skip to content

Releases: Netatalk/netatalk

Netatalk 4.5.0

30 May 13:22
@github-actions github-actions
netatalk-4-5-0
3fcb0e1

Choose a tag to compare

View all tags
Netatalk 4.5.0 Latest
Latest

Netatalk 4.5.0 is available!

The Netatalk team is proud to announce the first stable version in the Netatalk 4.5 release series – one of the most feature-packed releases in the history of this project!

This release focuses on three large areas: making Finder search usable out of the box, rebuilding the AFP directory cache for much larger and faster workloads, and tightening security across authentication, filesystem handling, parsers, and build defaults. It also brings a new SRP authentication UAM, a pluggable Spotlight backend architecture, a modernized afpstats interface, and many portability improvements for Unix-like platforms.

All users of previous Netatalk versions are encouraged to upgrade to 4.5.0.

Highlights

  • Spotlight-compatible Finder search now works by default. Netatalk enables spotlight and search db by default, uses the lightweight cnid backend by default, and can also build localsearch and experimental xapian backends.
  • Directory caching has been substantially rebuilt. The cache now supports ARC eviction, up to 1 million entries, enumerate caching, AppleDouble metadata caching, inter-process cache hints, background maintenance, and optional resource fork caching.
  • Security hardening lands throughout the tree. This includes fixes for multiple CVEs, stricter bounds checks in AFP/DSI/CNID/Spotlight paths, constant-time Randnum comparisons, safer privilege transitions, strict symlink validation, and safer defaults for legacy authentication.
  • SRP authentication is now available as uams_srp.so. afppasswd now manages SRP verifiers by default while retaining explicit legacy Randnum mode with -r.
  • Classic Mac OS support continues to improve with virtual root Icon\r synthesis which enables color icons over AFP.
  • Build and portability work adds libev support as an alternative to libevent2, new Meson feature switches, mandatory dconf handling for LocalSearch indexing, improved NetBSD/OpenBSD support, and a simpler Unix socket based afpstats implementation.

Spotlight and Search

Netatalk 4.5.0 introduces a pluggable Spotlight search architecture. The AFP Spotlight RPC layer is shared, while each volume can choose a backend through spotlight backend.

The default backend is now cnid. It uses Netatalk's CNID database for fast filename-oriented Finder search, with no external indexing service beyond the normal CNID backend and the Spotlight parser dependencies. This makes Finder search useful on typical file servers without requiring LocalSearch/Tracker.

The localsearch backend remains available for richer metadata and content search. It now uses dconf keyfiles for indexer configuration; dconf is a mandatory dependency for this backend, and the LocalSearch indexer is started only when a volume is configured to use it.

The new xapian backend is experimental. It maintains a Netatalk-managed per-volume Xapian index for filename, plain-text content, and MIME type search. It is useful for testing and feedback, but is not recommended for production deployments yet.

Spotlight query behavior has also been improved. CNID, SQLite, and MySQL backed searches can return up to 10000 results per query, or as many as fit within a 10-second wall-clock budget. Wildcard queries, timestamps, additional attributes, and macOS Tahoe search paths in nested arrays are handled more robustly. Finder Spotlight filename queries shorter than 3 characters are ignored by the Spotlight backend.

Directory Cache

The directory cache is now a multi-layer cache for directory entries, file metadata, AppleDouble metadata, and optionally resource fork data. The goal is to reduce filesystem I/O during directory enumeration and metadata-heavy AFP workloads, especially on shares with many small files.

The new dircache mode = arc option enables an Adaptive Replacement Cache that learns from both recent and frequent access patterns. ARC is more memory hungry than the default LRU mode, but it is better at resisting sequential scans and backup jobs that would otherwise flush useful cache entries.

Netatalk also gained enumerate caching, AppleDouble support in cache, inter-process cache synchronization between afpd children, a tier-2 resource fork cache, and an idle worker for background cache maintenance. Cache entries are still updated for AFP operations, while dircache validation freq lets administrators tune how aggressively Netatalk validates cached entries against changes made outside AFP.

Security and Compatibility

This release includes fixes and hardening for authentication, Unicode and charset handling, LDAP filter construction, VFS metadata parsing, DSI session handling, Spotlight unmarshalling, CatSearch request parsing, CNID database operations, and papd print job handling.

Notable security-facing changes include:

  • DHCAST128/uams_dhx.so is no longer part of the default uam list. Administrators who still need it for old Classic Mac OS clients must opt in.
  • The insecure admin auth user option has been removed.
  • Randnum UAM comparisons now use constant-time secret comparison helpers, key material is cleared more deliberately, and Randnum password updates require a valid companion afppasswd.key file.
  • convert appledouble is now no by default to avoid paying the migration cost on every filesystem access. Enable it only for on-the-fly migration from AppleDouble v2 metadata to filesystem extended attributes.
  • Symlink creation and following are stricter. Absolute targets, .. components, paths escaping the volume root, and cross-device targets are rejected.
  • Nested AFP volume paths are rejected to avoid CNID corruption scenarios.
  • Server quantum parsing is stricter, and several wire-format parsers now reject truncated or oversized inputs earlier.

The libatalk ABI changed in this release. cnid_find() gained a bool *more_available out-parameter and now requires a 400-byte minimum result buffer. The libatalk soversion is bumped to v20, so out-of-tree consumers must be rebuilt against the 4.5 headers. The internal server_child_t ABI also changed because the afpstats handler now runs in the parent's main event loop.

Authentication

Netatalk now includes an SRP ("Secure Remote Password") UAM as uams_srp.so. SRP uses separate salts and verifiers rather than system passwords, and provides strong password authentication without sending the password over the network.

afppasswd now operates in SRP mode by default and writes the SRP verifier file afppasswd.srp, or the path set with srp passwd file. To manage legacy Randnum credentials, pass afppasswd -r. In Randnum mode, afppasswd -r -c creates or validates the required companion key file.

Randnum and Two-Way Randnum remain available for very old AFP clients, but are discouraged. They require the legacy passwd file and companion key file, and authentication fails until both are present and valid.

CNID and Volume Management

The new global cnid scheme setting lets administrators define the default CNID backend once in [Global], while still allowing per-volume overrides. The sqlite backend continues to mature, MySQL CNID handling has improved charset and TCP behavior, and both MySQL and SQLite now support cnid dev = no.

Volumes can now set a stable UUID explicitly with volume uuid. This is useful when running afpd without permission to write the shared state directory, or when administrators need a fixed volume identity across deployments.

The obsolete last CNID backend has been removed.

Admin Tools

afpstats has been rewritten to use a Unix domain socket instead of D-Bus. This removes the GLib/D-Bus dependency for statistics collection and makes the tool simpler to use in minimal server environments. Runtime statistics are enabled with afpstats = yes; access can be delegated with afpstats group, and afpstats -s can query a non-default socket path. Sessions connected over both TCP/IP and AppleTalk are now reported.

The historical macusers script has been removed. Use afpstats instead.

The nad utility gained mkdir and rmdir, a -F option for reading a custom afp.conf, safer and cleaner ls output, support for ls -a, and improved behavior for operations crossing AFP volume boundaries.

dbd gained -i to invalidate AppleDouble CNID hints.

afp.conf Changes

The most important new and changed afp.conf options in 4.5.0 are:

Option Scope Default Status
spotlight G/V yes Changed default; enables Spotlight-compatible Finder search globally or per volume.
search db V yes Changed default; uses CNID database name search for Catalog Search.
spotlight backend G/V cnid New; selects cnid, localsearch, or xapian per volume.
spotlight attributes G empty Limits searchable attributes for the localsearch backend only.
sparql results limit G unlimited Also applies as the per-query cap for the xapian backend.
volume uuid V generated New; assigns a static UUID to a volume.
cnid scheme G/V build default New global default with per-volume override for dbd, mysql, or sqlite.
cnid dev V yes MySQL and SQLite now support cnid dev = no.
dircache size G 65536 Replaces dircachesize; accepts 1024 through 1048576 entries.
dircache validation freq G 1 New tuning control; validates every Nth cache access, range 1-100.
dircache mode G lru New; selects lru or arc eviction.
dircache rfork budget G 0 New; total KB budget for resource fork caching, disabled at 0.
dircache rfork maxsize G 1024 New; maximum KB size of a single cached resource fork.
convert appledouble V no Changed default; enable only for dynamic AppleDouble migrati...
Read more

Contributors

rdmark, NJRoadfan, and 2 other contributors
Assets 10
Loading

Netatalk 4.4.3

13 May 22:33
@github-actions github-actions
netatalk-4-4-3
79b13d9

Choose a tag to compare

View all tags
Netatalk 4.4.3

Netatalk 4.4.3 is available!

The Netatalk team is proud to announce the latest version in the Netatalk 4.4 release series.

In addition to the following security fixes, this release contains a handful of UAM and container hardening improvements.

CVE-2026-44047, CVE-2026-44048, CVE-2026-44049, CVE-2026-44050,
CVE-2026-44051, CVE-2026-44052, CVE-2026-44054, CVE-2026-44055,
CVE-2026-44057, CVE-2026-44060, CVE-2026-44062, CVE-2026-44064,
CVE-2026-44066, CVE-2026-44068, CVE-2026-44076, CVE-2026-45354,
CVE-2026-45355, CVE-2026-45356, CVE-2026-45698, CVE-2026-45699

Note that there are another outstanding 18 CVEs that are not fixed in this release, because the Netatalk team deemed them to be of lower severity. These will be addressed in a future feature release.

All users of previous Netatalk versions are encouraged to upgrade to 4.4.3.

This is a source-only release. To build:

# Extract the source
tar -xf netatalk-4.4.3.tar.xz
cd netatalk-4.4.3

# Configure and build
meson setup build
meson compile -C build

# Install
sudo meson install -C build

What's Changed

  • [4.4] libatalk: fix OOB access when "end_of_list_marker" is passed as logtype by @rdmark in #2904
  • [4.4] libatalk: map logtype identifiers correctly with the enum by @rdmark in #2903
  • [4.4] docker: load RandNum UAM only when password init succeeds by @rdmark in #2922
  • [4.4] docker: bump production container alpine base image from 3.23.2 to 3.23.4 by @rdmark in #2920
  • [4.4] docker: harden RandNum UAM in production container by @rdmark in #2965
  • [4.4] uams: harden RandNum key file read bounds and integrity by @rdmark in #2964
  • [4.4] docs: clarify the security sensitive nature of two older features by @rdmark in #2972
  • [4.4] ci: build astyle from scratch for code formatting job by @rdmark in #2977
  • [4.4] uams: warn when Randnum afppasswd key file is missing by @rdmark in #2973
  • [4.4] docker: introduce AFP_UAMS option for fine grained control of UAMs by @rdmark in #2975
  • release v4.4.3 by @rdmark in #2989

Full Changelog: netatalk-4-4-2...netatalk-4-4-3

Contributors

rdmark
Loading

Netatalk 4.4.2

17 Apr 19:01
@github-actions github-actions
netatalk-4-4-2
d2ef3e2

Choose a tag to compare

View all tags
Netatalk 4.4.2

Netatalk 4.4.2 is available!

The Netatalk team is proud to announce the latest version in the Netatalk 4.4 release series.

This fixes a build breakage on certain 32 bit systems that was introduced between v4.3 and v4.4, plus a range of stability and reliability fixes to afpd and the SQLite CNID backend.

All users of previous Netatalk versions are encouraged to upgrade to 4.4.2.

This is a source-only release. To build:

# Extract the source
tar -xf netatalk-4.4.2.tar.xz
cd netatalk-4.4.2

# Configure and build
meson setup build
meson compile -C build

# Install
sudo meson install -C build

What's Changed

  • [4.4] Fix implicit declaration of function AfpErr2name by @knight-of-ni in #2662
  • bump to development version 4.4.2 by @rdmark in #2665
  • [4.4] GitHub CI: bump Arch, Alpine, Debian, Fedora to the latest image by @rdmark in #2663
  • [4.4] cnid: fix sqlite backend bugs, add post init validation and logging by @rdmark in #2673
  • [4.4] macusers: add a deprecation warning for this script by @rdmark in #2768
  • [4.4] afpd: use C11 atomic operations in dircache, conditional check for libatomic by @rdmark in #2767
  • [4.4] dircache: fix LRU cache eviction crash and dangling pointers by @rdmark in #2779
  • [4.4] ci: remove Spotlight dependencies from DragonFlyBSD job by @rdmark in #2782
  • [4.4] meson: fix bugs that prevent you from disabling dev docs by @rdmark in #2882
  • release netatalk 4.4.2 by @rdmark in #2892

Full Changelog: netatalk-4-4-1...netatalk-4-4-2

Contributors

rdmark and knight-of-ni
Loading

Netatalk 4.5.0 beta

03 Apr 08:42
@github-actions github-actions
netatalk-4-5-0beta
06fd4f9

Choose a tag to compare

View all tags
Netatalk 4.5.0 beta

Netatalk 4.5.0 beta is available!

The Netatalk team is proud to announce a pre-release version in the Netatalk 4.5 release series.

This release is meant to give the community an opportunity to try out major new features and provide feedback to the development team.
It is not recommended for production use.

This release introduces an ARC (Adaptive Replacement Cache) for the directory cache, along with enumerate caching, AppleDouble support in cache, inter-process cache sync, and a Resource Fork caching framework. Together with other optimizations, this results in a significant reduction of file system I/O and improved performance on workloads with many small files, which speeds up both file operations and directory listings.

A new feature synthesizes a virtual Icon\r file in the volume root, enabling Classic Mac OS clients to display custom color volume icons over the wire with the legacy icon setting.

Other highlights include a default global 'cnid scheme' option, static volume UUID configuration, mkdir and rmdir commands in the nad utility, and important improvements to the SQLite CNID backend.

This is a source-only release. To build:

# Extract the source
tar -xf netatalk-4.5.0beta.tar.xz
cd netatalk-4.5.0beta

# Configure and build
meson setup build
meson compile -C build

# Install
sudo meson install -C build

What's Changed

  • docs: revise CNID configuration details in afp.conf man page by @rdmark in #2608
  • docs: overhaul the documentation for the 'search db' option by @rdmark in #2620
  • cnid: safe memory management in sqlite backend and utility function by @rdmark in #2617
  • cnid: don't treat SQLITE_DONE as an error in cnid_sqlite_get() by @rdmark in #2616
  • cnid: store sqlite database files in path defined in vol dbpath by @rdmark in #2615
  • docs: revamp AFP Signature/UUID conf man pages by @rdmark in #2623
  • docs: integrate developer man page contents into Doxygen docs by @rdmark in #2624
  • libatalk: add volume option 'volume uuid' to define static UUID by @rdmark in #2619
  • contrib: addump technical references moved to netatalk.io by @rdmark in #2633
  • docs: use standard English automatically instead of automagically by @rdmark in #2635
  • initscripts: netatalk systemd depends on network-online.target by @rdmark in #2639
  • cnid: disallow looking up did<2 in sqlite backend by @rdmark in #2632
  • rephrase descriptions of the netatalk suite to emphasize cross-platform by @rdmark in #2644
  • [4.4] cnid: return CNID_INVALID when attempting to look up did<2 by @rdmark in #2641
  • touch up Japanese localization for 4.4.1 by @rdmark in #2656
  • meson: introduce option to force the building of subprojects by @rdmark in #2652
  • meson: package release tarball with subprojects by @rdmark in #2658
  • Fix implicit declaration of function AfpErr2name by @rdmark in #2664
  • refactor: convert adf_lock macros to functions by @andylemin in #2645
  • MySQL CNID Backend: improve charset performance, TCP performance, and test container config by @andylemin in #2649
  • docs: escape explicit double dashes in markdown sources by @rdmark in #2674
  • cnid: fix sqlite backend bugs, add post init validation and logging by @rdmark in #2672
  • tests: refactor the afpd tests to use the sqlite CNID backend by @rdmark in #2610
  • cnid: remove the obsolete 'last' CNID backend by @rdmark in #2634
  • Add ARC (Adaptive Replacement Cache) option for directory cache by @andylemin in #2668
  • nad: use scandir to sort files and dirs to list with ls by @rdmark in #2684
  • remove redundant project version setting for SonarQube Cloud by @rdmark in #2676
  • Remove superseded dircache metadata window/threshold parameters by @andylemin in #2683
  • decouple the dbd binary from cnid_dbd and make it better by @rdmark in #2685
  • testsuite: Enhance afp_speedtest with throughput statistics, TCP statistics, CSV export, and fix Local mode - baseline performance optimisations by @andylemin in #2687
  • introduce a default global 'cnid scheme' afp.conf option by @rdmark in #2689
  • update dircache docs to align with recent changes by @rdmark in #2692
  • afpd dircache: fix realloc leak, validate ghosts, improve error logging by @andylemin in #2693
  • testsuite: initialize filedir params to avoid garbage data in the bitmap by @rdmark in #2688
  • uams: fix password corruption when changing password in Cleartxt PAM UAM by @rdmark in #2699
  • nad: more sophisticated check for the MAXPHYS macro by @rdmark in #2717
  • backwards compatibility with iniparser v3 by @rdmark in #2715
  • testsuite: support OpenBSD reserved fields in speedtest by @rdmark in #2714
  • touch up the byte order macros and remove i386 optimization by @rdmark in #2712
  • papd: harden config parsing with graceful error recovery by @rdmark in #2696
  • afpstats: expose hostname for each afpd child process by @rdmark in #2720
  • consistently use the Zeroconf term by @rdmark in #2724
  • docs: improve descriptions of CNID backends, set/save password options by @rdmark in #2690
  • detect big-endian architecture correctly, remove testsuite workaround by @rdmark in #2694
  • docs: revise legal notices in Legal.md by @rdmark in #2735
  • libatalk: regenerate utf16 case lookup tables with Unicode v17.0.0 by @rdmark in #2594
  • meson: don't pass header files as sources to the compiler by @rdmark in #2730
  • nad: add an -F option for reading a custom afp.conf file by @rdmark in #2722
  • remove errant comma on security policy page by @rdmark in #2742
  • Enumerate uses cache, AD support in cache and inter-process cache sync by @andylemin in #2733
  • contrib: remove obsolete macusers script by @rdmark in #2723
  • testsuite: dynamically skip extension mapping tests when not configured by @rdmark in #2748
  • libatalk: log a warning when deprecated apf.conf option is being used by @rdmark in #2746
  • turn 'convert appledouble' option off by default by @rdmark in #2734
  • create fuzz testing framework with libfuzzer and ClusterFuzzLite by @rdmark in #2750
  • meson: consistently define install target tags by @rdmark in #2751
  • afpd: enhance LRU promote, fix moveandrename stale paths, fix 'mac charset' option, improve fork logging by @andylemin in #2754
  • afpd: validate CNID from get_id() before calling dircache_add() by @rdmark in #2697
  • afpd: use C11 atomic operations in dircache, conditional check for libatomic by @rdmark in #2756
  • rephrase container documentation to emphasize runtime agnostic operation by @rdmark in #2769
  • afpd: update Doxygen code comments in dircache by @rdmark in #2778
  • afpd: synthesize virtual Icon\r file in volume root by @rdmark in #2775
  • introduce signal handlers and refactor away unreachable code by @rdmark in #2796
  • papd: clean up dead and unreachable code by @rdmark in #2797
  • debug: Added flamegraph profiling container and tooling by @andylemin in #2784
  • nad: organize ls output into columns and sanitize filenames by @rdmark in #2804
  • nad: centralize volume validation and fix inconsistent error handling by @rdmark in #2803
  • Add support for "cnid dev = no" to MySQL and SQLite backends. by @NJRoadfan in #2806
  • dircache: add idle worker thread for background c...
Read more

Contributors

rdmark, NJRoadfan, and andylemin
Loading

Netatalk 4.4.1

21 Jan 18:27
@github-actions github-actions
netatalk-4-4-1
aebd40c

Choose a tag to compare

View all tags
Netatalk 4.4.1

Netatalk 4.4.1 is available!

The Netatalk team is proud to announce the latest version in the Netatalk 4.4 release series.

This release contains primarily a range of bugfixes and reliability improvements for the SQLite CNID backend.

Also of note is that as of this version, we bundle the subprojects (currently: bstring) in the release tarball.
This is handy when building from tarball in an environment without internet access.

All users of previous Netatalk versions are encouraged to upgrade to 4.4.1.

This is a source-only release. To build:

# Extract the source
tar -xf netatalk-4.4.1.tar.xz
cd netatalk-4.4.1

# Configure and build
meson setup build
meson compile -C build

# Install
sudo meson install -C build

What's Changed

  • GitHub CI: fix additional bugs in the Release workflow by @rdmark in #2598
  • GitHub CI: fix one more bug in the Release workflow by @rdmark in #2599
  • bump to development version 4.4.1 by @rdmark in #2605
  • build(deps): bump vmactions/freebsd-vm from 1.3.4 to 1.3.6 in /.github/workflows by @dependabot[bot] in #2602
  • build(deps): bump vmactions/solaris-vm from 1.2.2 to 1.2.3 in /.github/workflows by @dependabot[bot] in #2603
  • build(deps): bump debian from e711a7b to 4bcb9db in /distrib/docker by @dependabot[bot] in #2604
  • docs: revise CNID configuration details in afp.conf man page by @rdmark in #2608
  • docs: overhaul the documentation for the 'search db' option by @rdmark in #2620
  • cnid: safe memory management in sqlite backend and utility function by @rdmark in #2617
  • cnid: don't treat SQLITE_DONE as an error in cnid_sqlite_get() by @rdmark in #2616
  • cnid: store sqlite database files in path defined in vol dbpath by @rdmark in #2615
  • GitHub CI: add a build job on OpenIndiana by @rdmark in #2613
  • build(deps): bump vmactions/dragonflybsd-vm from 1.1.9 to 1.2.0 in /.github/workflows by @dependabot[bot] in #2626
  • docs: revamp AFP Signature/UUID conf man pages by @rdmark in #2623
  • [4.4] cnid: handle error when attempting to look up did<2 in sqlite backend by @rdmark in #2653
  • [4.4] touch up Japanese localization for 4.4.1 by @rdmark in #2655
  • release version 4.4.1 by @rdmark in #2654
  • [4.4] meson: package release tarball with subprojects by @rdmark in #2657

Full Changelog: netatalk-4-4-0...netatalk-4-4-1

Contributors

rdmark and dependabot
Loading

Netatalk 4.4.0

04 Jan 18:45
@github-actions github-actions
netatalk-4-4-0
7ccd72d

Choose a tag to compare

View all tags
Netatalk 4.4.0

Netatalk 4.4.0 is available!

The Netatalk team is proud to announce the first version in the Netatalk 4.4 release series.

In this release, we introduce sophisticated directory cache optimization which drastically reduces file system I/O by properly using the pre-existing caching architecture. The default behavior is largely unchanged.

Newly introduced afp.conf options:

dircache validation freq
dircache metadata window
dircache metadata threshold
dircache files

In addition, a bug with the dircachesize option parsing has been fixed where if you used the maximum setting of 131072 it was ignored and used the default fallback.

See the Configuration chapter in the Netatalk manual for a thorough explanation of the directory cache logic and configuration options.

Early adopters are encouraged to try out this new version. We are looking forward to hearing your feedback!

Other Notable Changes

The sqlite CNID backend is no longer flagged as experimental.
We now ship support for SQLite in the production container for netatalk.
However, the dbd backend (Berkeley DB) is still the default and recommended for most deployments.

A sample SELinux policy for netatalk can be found under distrib/selinux.
Please note that it is meant as a starting point and may need adjustments for production use.

The tool formerly known as ad is now called nad and has been thoroughly improved.
All subcommands should work properly cross-platform now for safe file operations on AFP shared volumes on the local host.

Both mysql and sqlite CNID backends now support cnid_find() which is used by the search db afp.conf option and nad find command.

We generate developer documentation with Doxygen now, while code documentation comments got a major overhaul.
The meson build system will look for Doxygen, and if found will generate and install html documentation. Control this behavior with the -Dwith-docs build system option.

The -Dwith-manual-install-dir meson option has been removed, with -Dwith-docs-install-dir introduced in its stead.
The new option applies to all types of documentation, including the new developer documentation.

Dockerfiles have been moved from the repository root to distrib/docker.

New afp.conf option valid shellcheck, replacing the build system option -Dwith-shell-check which has been removed. Note that this only takes effect for afpd, while papd is now hard coded to always enable shell check.

How to Install

This is a source-only release. To build:

# Extract the source
tar -xf netatalk-4.4.0.tar.xz
cd netatalk-4.4.0

# Configure and build
meson setup build
meson compile -C build

# Install
sudo meson install -C build

What's Changed

  • ad: make buffer size detection more portable in ad cp by @rdmark in #2413
  • getzones: defensively release memory in optarg function by @rdmark in #2421
  • meson: Solaris compatible check for iconv parameters by @rdmark in #2415
  • testsuite: Bugfixes for lantest.c, file system cleanup after tests by @andylemin in #2424
  • atalkd: NULL check before accessing struct member in rtmp_packet() by @rdmark in #2426
  • testsuite: refactor libafptest with a testhelper module by @rdmark in #2425
  • Consider the sqlite CNID backend stable by @rdmark in #2432
  • afpd: protect against bad parameters and buffer overflow in dtfile() by @rdmark in #2436
  • testsuite: Clean test volumes between each spectest test execution by @rdmark in #2437
  • afpd: introduce runtime option for valid shellcheck by @rdmark in #2439
  • testsuite: enhanced 'dircache statistics:' log output and added log support to afp_lantest by @andylemin in #2433
  • afpd: check that username is a string before assigning in log_dircache_stat() by @rdmark in #2442
  • getzones: protect against potential memory leak when exiting in optarg by @rdmark in #2441
  • meson: error out if no writable CNID backend selected for compilation by @rdmark in #2450
  • testsuite: refactor headers and declarations for internal consistency by @rdmark in #2443
  • Create SELinux policy for netatalk daemons by @rdmark in #2248
  • rename the ad binary to nad and improve code quality by @rdmark in #2440
  • dircache: Add probabilistic validation for dramatic I/O reduction by @andylemin in #2447
  • webmin: support newly added dircache tuning options by @rdmark in #2462
  • docker: build the sqlite CNID backend in the Alpine production container by @rdmark in #2458
  • docs: for testsuite man pages, list -l option separately in synopsis by @rdmark in #2460
  • nad: remove limits to operate on shared volumes using any CNID backend by @rdmark in #2461
  • cnid: implement cnid_find() in the sqlite backend by @rdmark in #2464
  • webmin: correct description of fce ignore names format by @rdmark in #2465
  • docs: generate dynamic developer documentation with Doxygen by @rdmark in #2467
  • docs: improve AppleTalk network layer diagram by @rdmark in #2469
  • docs: clarify the cipher used by UAMs in the Configuration chapter by @rdmark in #2477
  • Create a Netatalk Code of Conduct by @rdmark in #2476
  • meson: refactor the docs installation dir logic by @rdmark in #2471
  • docs: create a chapter in the developer docs for DDP / AppleTalk by @rdmark in #2473
  • Create Contributing Guidelines document by @rdmark in #2483
  • docs: custom header and footer in doxygen docs by @rdmark in #2484
  • docs: tweak doxygen settings for better and more reliable output by @rdmark in #2486
  • improve code documentation and remove dead code by @rdmark in #2485
  • docker: restructure containerization support files into distrib/docker by @rdmark in #2482
  • libatalk: purge bitrotted code in adouble and netddp modules by @rdmark in #2489
  • Reduce the usage of preprocessor macros to enable platform code by @rdmark in #2488
  • Update copyright notice in desktop.c by @rdmark in #2494
  • Update copyright information in catsearch.c by @rdmark in #2493
  • libatalk: refactor vfs module with explicit function definitions by @rdmark in #2491
  • testsuite: use the global afp.h interface for AFP commands by @rdmark in #2495
  • Revise error checking and logging section in the developer readme by @rdmark in #2497
  • Apply code documentation markup across codebase by @rdmark in #2492
  • Update bstring to version 1.0.3 by @rdmark in #2501
  • afpd: afpstats init error handling; don't build on macOS by @rdmark in #2448
  • Make the nad commands work more reliably on any OS by @rdmark in #2506
  • libatalk: implement the find function for the mysql CNID backend by @rdmark in #2508
  • libatalk: Simplify error logging on parameter error in cnid_mysql_find() by @rdmark in #2515
  • libatalk: create utility function convert_utf8_to_mac() by @rdmark in #2507
  • docs: split up developer docs per topic and make improvements by @rdmark in #2525
  • docker: expose dircache settings in production container by @rdmark in #2523
  • docs: add algorithm prefix to integritry hash for Mermaid script by @rdmark in #2544
  • docs: better descriptions and examples of classic Mac / A2 options by @rdmark in #2551
  • use explicit_bzero to clear out sensitive data from memory by @rdmark in #2562
  • nad: protect against potential memory leak in xgetcwd() by @rdmark in #2563
  • docs: adapt libatalk DSI readme to the developer docs by @rdmark in #2570
  • Restore historical changelogs from the ASUN fork to v1.5 by @rdmark in #2579
  • config: overhaul daemon configuration file comments by @rdmark in #2580
  • Create git ...
Read more

Contributors

rdmark and andylemin
Loading

Netatalk 4.3.2

07 Sep 20:06
@github-actions github-actions
netatalk-4-3-2
9be57cc

Choose a tag to compare

View all tags
Netatalk 4.3.2

Netatalk 4.3.2 is available!

The Netatalk team is proud to announce the latest version in the Netatalk 4.3 release series.

A critical bug preventing authentication with an AD domain via PAM has been fixed.

All users of previous Netatalk versions are encouraged to upgrade to 4.3.2.

This is a source-only release. To build:

# Extract the source
tar -xf netatalk-4.3.2.tar.xz
cd netatalk-4.3.2

# Configure and build
meson setup build
meson compile -C build

# Install
sudo meson install -C build

What's Changed

  • build(deps): bump SonarSource/sonarqube-scan-action from 5.3.0 to 5.3.1 by @dependabot[bot] in #2394
  • Bump to development version 4.3.2 by @rdmark in #2395
  • GitHub CI: Refactor the SonarQube scan action with supported GitHub expressions by @rdmark in #2396
  • GitHub CI: Change file endings of checksum files to match meson by @rdmark in #2397
  • meson.build: check for init bins only if installing service by @EricFromCanada in #2398
  • meson.build: prefer mDNS over Avahi on Darwin systems by @trodemaster in #2400
  • Bump to bstring 1.0.2 subproject by @rdmark in #2406
  • GitHub CI: Install shared bstring library on macOS build job by @rdmark in #2407
  • afpd: Revert to non-reentrant getpwnam() in the uam module by @rdmark in #2403
  • Release netatalk v4.3.2 by @rdmark in #2409

New Contributors

Full Changelog: netatalk-4-3-1...netatalk-4-3-2

Contributors

rdmark, EricFromCanada, and 2 other contributors
Loading

Netatalk 4.3.1

29 Aug 19:36
@github-actions github-actions
netatalk-4-3-1
5f5aed3

Choose a tag to compare

View all tags
Netatalk 4.3.1

Netatalk 4.3.1 is available!

The Netatalk team is proud to announce the latest version in the Netatalk 4.3 release series.

All users of previous Netatalk versions are encouraged to upgrade to 4.3.1.

This is a source-only release. To build:

# Extract the source
tar -xf netatalk-4.3.1.tar.xz
cd netatalk-4.3.1

# Configure and build
meson setup build
meson compile -C build

# Install
sudo meson install -C build

What's Changed

  • FIX: afpd: Refactor the afpd version helptext for readability and brevity, GitHub #2367
  • FIX: libatalk: remove macros, define interface for netddp_{close, recvfrom, sendto}, GitHub #2383
  • FIX: rtmpqry: Fix code quality issues in rtmpqry and disambiguate comments, GitHub #2379
  • NEW: testsuite: Added Linux IO monitoring to afp_lantest and refactored results display, GitHub #2354
    • The -C option has been renamed to -K in afp_lantest
  • FIX: test: Consistently initialize buffers before use in afpd component tests, GitHub #2380
  • FIX: docker: Bring back the RandNum password creation by default, GitHub #2338
  • NEW: docker: Expose Classic Mac OS login message option, GitHub #2339
  • FIX: distrib: substitute lockfile path in netatalkd init scripts for macOS, GitHub #2357
  • NEW: docs: Create separate nbplkup and nbprgstr man pages and improve them, GitHub #2336
  • UPD: docs: update logtypes list in afp.conf man page, GitHub #2364
  • UPD: docs: Flesh out the afpstats.1 man page, GitHub #2389
  • NEW: Introduce yaml code style guide and automatic formatting, GitHub #2351
  • NEW: contrib: Add support for beautifying markdown to codefmt.sh, GitHub #2356

Full Changelog: netatalk-4-3-0...netatalk-4-3-1

Loading

Netatalk 4.3.0

05 Aug 18:29
@rdmark rdmark
netatalk-4-3-0
6167471

Choose a tag to compare

View all tags
Netatalk 4.3.0

Netatalk 4.3.0 is available!

The Netatalk team is proud to announce the first version in the Netatalk 4.3 release series.
A major addition in this version is the inclusion of an experimental CNID backend that uses a SQLite database.
We have also added a brand new CLI tool for AppleTalk network inspection, called rtmpqry.

One major breaking change in this version, is that we now rely on a shared Better String library (bstring).
In previous versions we statically linked libatalk with a vendored version of bstring.
Since bstring is not widely packaged (yet) we pull in the library as a Meson subproject when building.

Berkeley DB is now effectively an optional dependency. It is possible to build netatalk without dbd support, and rely entirely on f.e. the mysql (or experimental sqlite) backend.

Early adopters are encouraged to try out this new version.
We are looking forward to getting feedback and bug reports from you!

CNID backends

sqlite

This new CNID backend depends on a sqlite v3 library on the host system.
Akin to the dbd backend, it requires no configuration or database administration.

At the time of release, it has been tested in smaller deployments with a small number concurrent users.
It is considered experimental, as it is presently unknown how it performs in a large deployment.

mysql

The mysql backend will now create a volume's CNID dir automatically on startup, which aligns behavior with the other backends.

While the mysql backend doesn't need to store a database file in this directory, it also houses AFP metadata files for the volume.

dbd

Netatalk can now be built without the Database Daemon (dbd) CNID backend.
When dbd support is not built into netatalk, it will no longer launch the cnid_metad or cnid_dbd support daemons either.

AppleTalk tooling

New and improved tools for AppleTalk network inspection and manipulation.

The brand new rtmpqry CLI tool will query RTMP (Routing Table Maintenance Protocol)
for routes and network metadata in an AppleTalk network.

nbplkup has gotten a few new features, notably -s for script-friendly output, -D to specify DDP address, and -f | -l to select the NBP op to use.

getzones is also improved, with a -c option to set Mac charset, -g to get current default Zone and valid network range, -z to validate Zone validity, and -q to list available Zones.

Special thanks to @cheesestraws (Rob Mitchelmore) for the new tool and improvements!

Build system and dependencies

bstring

The bstring shared library and headers are required to build and run netatalk.
This was previously a statically linked library inside libatalk, but the vendored code has been removed in this version.

In the absence of a shared library, the Meson build system will compile and install bstring as a subproject.

CNID backends

A new Meson option of the array type has been introduced to select and build one or more of the available CNID backends.
The default is to build all for which the dependencies are satisfied.

  • -Dwith-cnid-backends=dbd,last,mysql,sqlite

At the same time, the following obsolete options have been removed.

  • -Dwith-cnid-dbd-backend
  • -Dwith-cnid-last-backend
  • -Dwith-cnid-mysql-backend

LocalSearch / Tracker

We now require v3 or later of LocalSearch or Tracker for Spotlight indexing. Support for v0.x ~ v2 has been dropped.

Consequently, the following obsolete options have been removed.

  • -Dwith-tracker-install-prefix
  • -Dwith-tracker-prefix

Containers

The base image has been bumped from Alpine Linux v3.21 to v3.22

We no longer build support for ACLs and Spotlight in the Netatalk container.
These features did not work properly in a containerized environment.
With improvements, they may be enabled again in the future.

Tests

The afp_lantest test tool has been fleshed out with tests that thoroughly examines afpd cashing scenarios.
Special thanks to @andylemin for the contribution!

The afp_speedtest test tool got a number of bugfixes and improvements.
Notably, it is now possible to run batches of multiple tests in multiple iterations.

At the same time, each of the test tools have gotten their own man page,
while the monolithic afptest.1 man page has been removed.

Code quality

We have introduced coding standards and styleguides for C, Perl, POSIX shell, Meson, and Markdown.
These standards are now automatically enforced in the CI pipeline by the respective beautifiers (astyle, perltidy, shfmt, muon, and markdownlint).
A convenience wrapper script contrib/scripts/codefmt.sh has been added that can help you reformat the entire codebase on the fly.
Code contributors no longer have to manually care about formatting, which saves time and makes diffs smaller.
Also, a uniform code style makes the codebase easier to read and maintain overall.

All of the shell scripts have been refactored to be POSIX compliant and run on the sh interpreter rather than bash.
This removes bash as a dependency (for a slimmer container, for instance) and improves cross-platform compatibility.

All of the Perl scripts (including the Webmin module code) have been refactored to pass the strict and warning pragmas.
This prevents bugs and makes execution more reliable and memory safe.

New Contributors

Full Changelog: netatalk-4-2-4...netatalk-4-3-0

Contributors

cheesestraws, andylemin, and dependabot
Loading

Netatalk 4.2.4

31 May 06:04
@rdmark rdmark
netatalk-4-2-4
cf13053

Choose a tag to compare

View all tags
Netatalk 4.2.4

Netatalk 4.2.4 is available!

The Netatalk team is proud to announce the latest version in the Netatalk 4.2 release series.

This release has fixes for building on macOS with MacPorts, as well as the latest Solaris 11.4.81 CBE release.

BREAKING: When building on macOS with Homebrew, you now must pass the -Dwith-homebrew=true parameter to meson for it to find the libraries and headers installed by Homebrew.

All users of previous Netatalk versions are encouraged to upgrade to 4.2.4.

What's Changed

  • docs: Improve afpd and macipgw man pages by @rdmark in #2155
  • [4.2] meson: Check for brew include dir before adding it to list by @rdmark in #2190
  • [4.2] uams: Check for const pam_message member of pam_conv by @rdmark in #2196
  • [4.2] meson: Build and link with Homebrew libraries is now opt-in by @rdmark in #2194

Full Changelog: netatalk-4-2-3...netatalk-4-2-4

Contributors

rdmark
Loading