Changes in 2.2.5
================
* FIX: Fix errors searching volumes
* NEW: Configurable symlink handling with a new volume option
'followsymlinks'. Setting the option causes afpd to follow
symlinks on the server side.
* UPD: Reload groups when reloading volumes. FR #71.
* FIX: Fix a possible crash in cname() where cname_mtouname calls
dirlookup() where the curdir is freed because the dircache
detected a dev/inode cache difference and evicted the object
from the cache. Fixes bug #498.
* FIX: Change default FinderInfo for directories to be all 0, fixes
bug 514.
check all the bells and whistles are still in place, and functional.
While here, update to Netatalk 2.2.4. Note that we will ship Netatalk
2 as long as NetBSD ships ddp ("netatalk") support, so v3 is not a
replacement.
Changes to package setup:
Set PLIST_VARS.{ea,acl} so that the package builds on Ubuntu Linux 10
LTS. I guess there are version and file-system dependencies?
Add dnssd option for mDNSResponder ("zeroconf") support.
Remaining (upstream) issues:
dbd(8) breaks with a less-than-helpful error message, see end of
PR pkg/47578
afpd(8) mis-maps user IDs -- a security issue
Upstream changes:
Changes in 2.2.4
================
* FIX: Missing UAM links
* FIX: Lockup in AFP logout on Fedora 17
* FIX: Reset signal handlers and alarm timer after successfull PAM
authentication. Fixes a problem with AFP disconnects caused
by pam_smbpass.so messing with our handlers and timer.
* FIX: afpd: Fix a possible problem with sendfile on Solaris derived
platforms
Changes in 2.2.3
================
* NEW: afpd: support for mdnsresponder
* NEW: afpd: new LDAP config option ldap_uuid_string
* UPD: based on Unicode 6.1.0
* UPD: experimental systemd service files: always run both afpd and cnid_metad
* UPD: afpd: Ensure our umask is not altered by eg pam_umask
* UPD: afpd: Use GSS_C_NO_NAME as server principal when Kerberos options -fqdn
and -krb5service are not set, from Jamie Gilbertson
* UPD: afpd: Changed behaviour for TimeMachine volumes in case there's a problem
talking to the CNID daemons. Previously the volume was flagged read-only
and an AFP message was sent to the client. As this might result in
TimeMachine assuming the backup sparse bundle is damaged, we now just
switch the CNID database to an in-memory tdb without the additional stuff.
* FIX: afpd: sendfile() on FreeBSD was broken, courtesy of Denis Ahrens
* FIX: afpd: Dont use searchdb when doing partial name search
* FIX: afpd: Fix a possible bug handling disconnected sessions,
NetAFP Bug ID #16
* FIX: afpd: Close IPC fds in afpd session child inherited from the afpd
master process
* FIX: dbd: Don't remove BerkeleyDB if it's still in use by eg cnid_dbd, fixes
bug introduced in 2.2.2
* FIX: debian initscript: start avahi-daemon (if available) before atalkd
* FIX: Zeroconf could not advertise non-ASCII time machine volume name
Changes in 2.2.2
================
* NEW: afpd: New option "adminauthuser". Specifying eg "-adminauthuser root"
whenever a normal user login fails, afpd tries to authenticate as
the specified adminauthuser. If this succeeds, a normal session is
created for the original connecting user. Said differently: if you
know the password of adminauthuser, you can authenticate as any other
user.
* NEW: configure option "--enable-suse-systemd" for openSUSE12.1 and later.
"--enable-redhat-systemd" and "--enable-suse-systemd" are same as
"--enable-systemd".
"--enable-suse" is renamed "--enable-suse-sysv".
* NEW: experimental systemd service files in distrib/systemd/
* UPD: afpd: Enhanced POSIX ACL mapping semantics, from Laura Mueller
* UPD: afpd: Reset options every time a :DEFAULT: line is found in a
AppleVolumes file
* UPD: afpd: Convert passwords from legacy encoding (wire format) to host
encoding, NetAFP Bug ID #14
* UPD: afpd: Don't set ATTRBIT_SHARED flag for directories
* UPD: afpd: Use sendfile() on Solaris and FreeBSD for sending data
* UPD: afpd: Faster volume used size calculation for "volsizelimit" option,
cf man AppleVolume.default for details
* FIX: afpd: ACL access checking
* FIX: afpd: Fix an error when duplicating files that lacked an AppleDouble
file which lead to a possible Finder crash
* FIX: afpd: Read-only filesystems lead to afpd processes running as root
* FIX: afpd: Fix for filesystem without NFSv4 ACL support on Solaris
* FIX: afpd: Fix catsearch bug, NetAFP Bug ID #12
* FIX: afpd: Fix dircache bug, NetAFP Bug ID #13
* FIX: dbd: Better checking for duplicated or bogus CNIDs from AppleDouble
files
* FIX: dbd: Remove BerkeleyDB database environment after running `dbd`. This
is crucial for the automatic BerkeleyDB database upgrade feature which
is built into cnid_dbd and dbd.
* FIX: Fix compilation error when AppleTalk support is disabled
* FIX: Portability fixes
* FIX: search of surrogate pair
Add support for the new libquota. Drop support for the proplib
libquota; it's not worth the configure-time hassle.
Fix some moderately serious bugs in the original/previous libquota
patches; it's clear for example they were never tested with group
quotas.
Fix quota support in configure: for some reasons, configure thinks that
quota support should be disabled if one of
rpc/rpc.h rpc/pmap_prot.h rpcsvc/rquota.h
is missing or unusable, while the code compiles file with one of
them missing, at last on NetBSD.
bump PKGREVISION
Adds command_args to startup script to write the pid file to /var/run
as intended. Apparently the lack of a pid file did not affect NetBSD's
ability to stop the daemon, but it did prevent it on DragonFly BSD.
Fix patch to quota-check.m4 so that the autoconf'ed configure will
define HAVE_LIBQUOTA too
Use QL_STATUS(quota_check_limit()) instead of quota_check_limit(). This is
the only visible change in binaries.
Do not bump PKGREVISION as the previous code has been there for only a few
hours.
check for getfsquota() in libquota. If it's there, use getfsquota() and
quota_check_limit() from libquota instead of local getnfsquota or direct
calls to quotactl().
Tested on NetBSD-current and NetBSD 5.1. OK agc@
Changes in 2.1.4
~~~~~~~~~~~~~~~~
* FIX: afpd: Downstream fix for FreeBSD PR 148022
* FIX: afpd: Fixes for bugs 3074077 and 3074078
* FIX: afpd: Better handling of symlinks in combination with ACLs and EAs.
Fixes bug 3074076.
* FIX: dbd: Adding a file with the CNID from it's adouble file did
not work in case that CNID was alread occupied in the database
* FIX: macusers: add support for Solaris
* NEW: cnid_metad: use a PID lockfile
* NEW: afpd: prevent log flooding
* UPD: dbd: ignore ".zfs" snapshot directories
* UPD: dbd: support interrupting -re mode
Does not fix pkg/43953, unfortunately.
Changes in 2.1.3
================
* FIX: afpd: fix a serious error in networking IO code
* FIX: afpd: Solaris 10 compatibilty fix: don't use SO_SNDTIMEO, use
non-blocking IO and select instead for writing/sending data.
* UPD: Support for BerkeleyDB 5.0.
Changes in 2.1.2
================
* FIX: afpd: fix for possible crash in case more then one server is
configured in afpd.conf.
* FIX: afpd: ExtendedAttributes in FreeBSD
* FIX: afpd: sharing home folders corrupted the per volume umask.
* UPD: afpd: umask for home folders is no longer taken from startup umask.
* UPD: afpd: dont and permissions with parent folder when creating new
directories on "upriv" volumes.
* UPD: afpd: use 'afpserver@fqdn' instead of 'afpserver/fqdn@realm'.
Prevents a crash in older GNU GSSAPI libs on eg. CentOS 5.x.
Changes in 2.1.1
================
* UPD: fallback to a temporary in memory tdb CNID database if the volume
database can't be opened now works with the default backend "dbd" too.
* FIX: afpd: afp_ldap.conf was missing from tarball. This only effected
[Open]Solaris.
* FIX: afpd: Check if options->server is set in set_signature, preventing
SIGSEGV.
* FIX: afpd: server signature wasn't initialized in some cases
* FIX: DESTDIR support: DESTDIR was expanded twice
* FIX: Fix for compilation error if header files of an older Netatalk
version are installed.
Changes in 2.1-release
======================
* NEW: afpd: new volume option "volsizelimit" for limitting reported volume
size. Useful for limitting TM backup size.
* UPD: dbd: -c option for rebuilding volumes which prevents the creation
of .AppleDouble stuff, only removes orphaned files.
Changes in 2.1-beta2
====================
* NEW: afpd: static generated AFP signature stored in afp_signature.conf,
cf man 5 afp_signature.conf
* NEW: afpd: clustering support: new per volume option "cnidserver".
* UPD: afpd: set volume defaults options "upriv" and "usedots" in the
volume config file AppleVolumes.default. This will only affect
new installations, but not upgrades.
* FIX: afpd: prevent security attack guessing valid server accounts. afpd
now returns error -5023 for unknown users, as does AppleFileServer.
Changes in 2.1-beta1
====================
* NEW: afpd: AFP 3.2 support
* NEW: afpd: Extended Attributes support using native attributes or
using files inside .AppleDouble directories.
* NEW: afpd: ACL support with ZFS
* NEW: cnid_metad: options -l and -f to configure logging
* NEW: IPv6 support
* NEW: AppleDouble compatible UNIX files utility suite `ad ...`.
With 2.1 only `ad ls`.
* NEW: CNID database maintanance utility dbd
* NEW: support BerkeleyDB upgrade. Starting with the next release
after 2.1 in case of BerkeleyDB library updates, Netatalk
will be able to upgrade the CNID databases.
* NEW: afpd: store and read CNIDs to/from AppleDouble files by default.
This is used as a cache and as a backup in case the database
is deleted or corrupted. It can be disabled with a new volume
option "nocnidcache".
* NEW: afpd: sending SIGINT to a child afpd process enables debug logging
to /tmp/afpd.PID.XXXXXX.
* NEW: configure args to download and install a "private" Webmin instance
including only basic Webmin modules plus our netatalk.wbm.
* NEW: fallback to a temporary in memory tdb CNID database if the volume
database can't be opened.
* NEW: support for Unicode characters in the range above U+010000 using
internal surrogate pairs
* NEW: apple_dump: utility to dump AppleSingle and AppleDouble files
* NEW: afpldaptest: utility to check afp_ldap.conf.
* UPD: atalkd and papd are now disabled by default. AppleTalk is legacy.
* UPD: slp advertisement is now disabled by default. server option -slp
SRVLOC is legacy.
* UPD: cdb/dbd CNID backend requires BerkeleyDB >= 4.6
* UPD: afpd: default CNID backend is "dbd"
* UPD: afpd: try to install PAM config that pulls in system|common auth
* UPD: afpd: symlink handling: never followed server side, client resolves
them, so it's safe to use them now.
* UPD: afpd: Comment out all extension->type/creator mappings in
AppleVolumes.system. They're unmaintained, possibly wrong and
do not fit for OS X.
* FIX: rewritten logger
* FIX: afpd: UNIX permissions handling
* FIX: cnid_dbd: always use BerkeleyDB transactions
* FIX: initscripts installation now correctly uses autoconf paths,
ie they're installed to --sysconfdir.
* FIX: UTF-8 volume name length
* FIX: atalkd: workaround for broken Linux 2.6 AT kernel module:
Linux 2.6 sends broadcast queries to the first available socket
which is in our case the last configured one. atalkd now tries to
find the right one.
Note: now a misconfigured or plugged router can broadcast a wrong route !
* REM: afpd: removed CNID backends "db3", "hash" and "mtab"
* REM: cnid_maint: use dbd
* REM: cleanappledouble.pl: use dbd
* REM: nu: use `macusers` instead
NEW: afpd: Time Machine support with new volume option "tm".
FIX: papd: Remove variable expansion for BSD printers. Fixes
CVE-2008-5718.
FIX: afpd: .AppleDxxx folders were user accessible if option 'usedots'
was set
FIX: afpd: vetoed files/dirs where still accessible
FIX: afpd: cnid_resolve: don't return '..' as a valid name.
FIX: uniconv: -d option wasn't working
pkgsrc changs:
* Add LICENSE.
* Fix some pkglint warnings.
* cjk patch was incorporated and cjk PKG_OPTION was removed.
Changes in 2.0.4
================
* REM: remove timeout
* NEW: afpd: DHX2 uams using GNU libgcrypt.
* NEW: afpd: volume options 'illegalseq', 'perm' and 'invisibledots'
'ilegalseq' encode illegal sequence in filename asis, ex "\217-", which is not
a valid SHIFT-JIS char, is encoded as U\217 -.
'perm' value OR with the client requested permissions. (help with OSX 10.5
strange permissions).
Make dot files visible by default with 'usedots', use 'invisibledots'
for keeping the old behavior, ie for OS9 (OSX hide dot files on its
own).
* NEW: afpd: volume options allow_hosts/denied hosts
* NEW: afpd: volume options dperm/fperm default directory and file
permissions or with server requests.
* NEW: afpd: afpd.conf, allow line continuation with \
* NEW: afpd: AppleVolumes.default allow line continuation with \
* NEW: afpd: Mac greek encoding.
* NEW: afpd: CJK encoding.
* UPD: afpd: Default UAMs: DHX + DHX2
* FIX: afpd: return the right error in createfile and copyfile if the disk
is full.
* FIX: afpd: resolveid return the same error code than OSX if it's a directory
* FIX: afpd: server name check, test for the whole loopback subnet
not only 127.0.0.1.
* UPD: afpd: limit comments size to 128 bytes, (workaround for Adobe CS2 bug).
* UPD: afpd: no more daemon icon.
* UPD: usedots, return an invalide name only for .Applexxx files used by netatalk not
all files starting with .apple.
* UPD: cnid: increase the number of cnid_dbd slots to 512.
* FIX: cnid: dbd detach the daemon from the control terminal.
* UPD: cnid: never ending Berkeley API changes...
* UPD: cnid: dbd add a timeout when reading data from afpd client.
* UPD: cnid: Don't wait five second after the first error when speaking to the dbd
backend.
* FIX: papd: vars use % not $
* FIX: papd: quote chars in popen variables expansion. security fix.
* FIX: papd: papd -d didn't write to stderr.
* FIX: papd: ps comments don't always use ()
* FIX: many compilation errors (solaris, AFS, Tru64, xfs quota...).
feature 2.1 release. It could make netatalk1 package obsolete.
* Use RCD_SCRIPTS instead of substituting a Makefile to be fix pkglint
errors.
* Move PKG_OPTION part to options.mk
* From patch-aa, remove last change which made by
configure/gnu-configure.mk.
* Change content of MESSAGE from covered by pkginstall framework to
caution about migration from netatalk 1.x.
Approved by MAINTAINER and PKGREVISION.
Also fix build on NetBSD1.6
Changes in 2.0.3
================
* NEW: afpd: add a cachecnid option that controls if afpd should
use the IDs stored in the AD2 files as cache. Defaults
to off.
* UPD: afpd: deal with more than 32 groups.
* FIX: afpd: several catsearch fixes, based on patch from
TSUBAKIMOTO Hiroya.
* FIX: afpd: fix a race when a client very quickly reconnects and
tries to kill its old session.
* FIX: afpd: OSX style symlink caused problems with Panther clients.
* FIX: afpd: old files with default type didn't show the right icon
in finder, from Shlomi Yaakobovich, slightly modified.
* FIX: cnid_check: disable cnid_check if CNID db was configured with
transactions and really bail out after the first error.
* FIX: admin-group configure option was broken.
* FIX: several problems with IDs cached in AD2 files.
* FIX: Ignore BIDI in UTF8 hints from OSX.
* FIX: Lots of gcc warning fixes.
* FIX: small configure script changes.
Changes in 2.0.2
NEW: cnid: Add an indexes check and rebuild, optional for dbd (parameter
check default no), standalone program cnid_index for cdb.
UPD: Enhanced afpd's -v command line switch and added -V for more verbose
information
UPD: uams_gss: build the principal used by uams_gss.so from afpd's
configuration, don't use GSS_C_NT_HOSTBASED_SERVICE
UPD: cnid_dbd: add process id in syslog and small clean up
REM: remove netatalkshorternamelinks.pl
FIX: afpd: check for DenyRead on FPCopyFile
FIX: afpd: add missing flush for AD2 Metadata on FPCopyFile
FIX: afpd: Deal with AFP3 connection and type 2 (non-UTF8) names.
reported by Gair Heaton, HI RESOLUTION SYSTEMS
FIX: afpd: Broken 'crlf' option
FIX: afpd: fix afpd/dhx memory bug, by Ralf Schuchardt
FIX: afpd: Return an error if we cannot get the db stamp in afp_openvol.
FIX: afpd: Fix slp registration with Solaris9 slpd, from hat at
fa2.so-net.ne.jp
Changes:
* Netatalk's file server, afpd, now speaking AFP 3.1 allows long
filenames, UTF-8 names, large file support and full MacOS X
compatibility
* The print server task, papd, can directly interact with CUPS,
automagically sharing all CUPS queues
* Kerberos V support, allowing true "Single Sign On"
* Whole rework of the CNID subsystem, providing reliable and
persistant storage of file and directory IDs
* Huge improvements regarding product documentation making
Netatalk's features accessible more easily
* Tons of bugs fixed compared to all previous versions
PR pkg/21341. From "NEWS":
Changes in 1.6.2
================
* FIX: atalkd: Fixes for reading long configuration file lines. [Dan Wilga]
* FIX: afpd: CNID id allocation in a multiuser environment.
* FIX: papd: Fix PSSP support when PAM is enabled.
* FIX: macusers: Can now cope with IP addresses as well as host names.
* FIX: etc2ps.sh: Install correctly.
PR pkg/20471:
Changes in 1.6.1
================
* UPD: Improve --enable-fhs. [Olaf Hering]
* UPD: Add BDB 4.1.x support.
* UPD: Add more documentation on CNID, as well as list which versions
of Berkeley DB are supported.
* FIX: Codepage file maccode.koi8-r is now correctly cleaned.
* FIX: Fix init script location on SuSE. [Olaf]
* FIX: Build fixes. [Olaf, Steven N. Hirsch]
* FIX: Various bugs when a user doesn't have access permission to a folder.
(Fixes an OSX kernel panic.)
* FIX: CNID, folders' DID handling with concurrent access or symlinks.
(Fixes an endless loop in afpd.)
Changes in 1.6.0
================
* FIX: pap looks at the STDOUT file descriptor to see if it's connected to
a tty, instead of STDIN.
Changes in 1.6pre2
==================
* UPD: Removed --with-catsearch option from configure and enable FPCatSearch
by default.
* UPD: The dbpath argument does now support variable substitution.
* FIX: Build fix for non-GNU-C compilers in libatalk/util/logger.c.
* FIX: Two directories with the same name but different case confused the
Mac Finder.
* FIX: The ROOT_PARENT directory could get invalidated.
Changes in 1.6pre1
====================
* NEW: Long file name mangling support.
* NEW: Improved log file support.
* NEW: Server-side find capability ("FPCatSearch")
* NEW: Concurrent datastore (CDB) is now the default CNID datastore. This
should be heavily tested in a multiuser environment.
* NEW: Variable substitution support has been added for the dbpath AppleVolume
option.
* UPD: CNID DID handling is now enabled by default.
* FIX: Various bug and build fixes as well as code cleanups.
*******************************************************************************
Changes to the package:
- Now use buildlink2.
- Drop --with-flock for now, as it's currently broken.
- Add (heretofore) missing dependendency on "devel/rx".
- Add --with-did=last, to avoid having to create a dependendency on db3.
--with-did=last was the default with netatalk 1.5.5.
Use getrlimit() and setrlimit() to attempt to set the open
filedescriptor to a sane value. Avoids afpd running out of
fork slots when serving MacOS 10.2 clients. Patch sent back
to maintainers.
Update supplied by David Rankin (to version 1.5.2) in pkg/15642
further updated to 1.5.3.1 by me.
Changes since the old umich version (and netatalk-asun) are numerous
bug fixes, cleanups and new features and its actively being maintained.
stricter requirements now present in sys/net/rtsock.c in a -current kernel.
This change is sufficient for i386, but may still not be correct for
LP64 systems or systems with different alignment constraints.
Thanks to wrstuden for identifying the kernel change that affected this.
Configuration files really are host-dependent, so putting them in ${PREFIX}
which is often shared across machines of the same architecture, doesn't make
sense. Add machinery to install default configuration files.
Closes pkg/9948.
