Changes in 2.2.5
================
* FIX: Fix errors searching volumes
* NEW: Configurable symlink handling with a new volume option
'followsymlinks'. Setting the option causes afpd to follow
symlinks on the server side.
* UPD: Reload groups when reloading volumes. FR #71.
* FIX: Fix a possible crash in cname() where cname_mtouname calls
dirlookup() where the curdir is freed because the dircache
detected a dev/inode cache difference and evicted the object
from the cache. Fixes bug #498.
* FIX: Change default FinderInfo for directories to be all 0, fixes
bug 514.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
check all the bells and whistles are still in place, and functional.
While here, update to Netatalk 2.2.4. Note that we will ship Netatalk
2 as long as NetBSD ships ddp ("netatalk") support, so v3 is not a
replacement.
Changes to package setup:
Set PLIST_VARS.{ea,acl} so that the package builds on Ubuntu Linux 10
LTS. I guess there are version and file-system dependencies?
Add dnssd option for mDNSResponder ("zeroconf") support.
Remaining (upstream) issues:
dbd(8) breaks with a less-than-helpful error message, see end of
PR pkg/47578
afpd(8) mis-maps user IDs -- a security issue
Upstream changes:
Changes in 2.2.4
================
* FIX: Missing UAM links
* FIX: Lockup in AFP logout on Fedora 17
* FIX: Reset signal handlers and alarm timer after successfull PAM
authentication. Fixes a problem with AFP disconnects caused
by pam_smbpass.so messing with our handlers and timer.
* FIX: afpd: Fix a possible problem with sendfile on Solaris derived
platforms
Changes in 2.2.3
================
* NEW: afpd: support for mdnsresponder
* NEW: afpd: new LDAP config option ldap_uuid_string
* UPD: based on Unicode 6.1.0
* UPD: experimental systemd service files: always run both afpd and cnid_metad
* UPD: afpd: Ensure our umask is not altered by eg pam_umask
* UPD: afpd: Use GSS_C_NO_NAME as server principal when Kerberos options -fqdn
and -krb5service are not set, from Jamie Gilbertson
* UPD: afpd: Changed behaviour for TimeMachine volumes in case there's a problem
talking to the CNID daemons. Previously the volume was flagged read-only
and an AFP message was sent to the client. As this might result in
TimeMachine assuming the backup sparse bundle is damaged, we now just
switch the CNID database to an in-memory tdb without the additional stuff.
* FIX: afpd: sendfile() on FreeBSD was broken, courtesy of Denis Ahrens
* FIX: afpd: Dont use searchdb when doing partial name search
* FIX: afpd: Fix a possible bug handling disconnected sessions,
NetAFP Bug ID #16
* FIX: afpd: Close IPC fds in afpd session child inherited from the afpd
master process
* FIX: dbd: Don't remove BerkeleyDB if it's still in use by eg cnid_dbd, fixes
bug introduced in 2.2.2
* FIX: debian initscript: start avahi-daemon (if available) before atalkd
* FIX: Zeroconf could not advertise non-ASCII time machine volume name
Changes in 2.2.2
================
* NEW: afpd: New option "adminauthuser". Specifying eg "-adminauthuser root"
whenever a normal user login fails, afpd tries to authenticate as
the specified adminauthuser. If this succeeds, a normal session is
created for the original connecting user. Said differently: if you
know the password of adminauthuser, you can authenticate as any other
user.
* NEW: configure option "--enable-suse-systemd" for openSUSE12.1 and later.
"--enable-redhat-systemd" and "--enable-suse-systemd" are same as
"--enable-systemd".
"--enable-suse" is renamed "--enable-suse-sysv".
* NEW: experimental systemd service files in distrib/systemd/
* UPD: afpd: Enhanced POSIX ACL mapping semantics, from Laura Mueller
* UPD: afpd: Reset options every time a :DEFAULT: line is found in a
AppleVolumes file
* UPD: afpd: Convert passwords from legacy encoding (wire format) to host
encoding, NetAFP Bug ID #14
* UPD: afpd: Don't set ATTRBIT_SHARED flag for directories
* UPD: afpd: Use sendfile() on Solaris and FreeBSD for sending data
* UPD: afpd: Faster volume used size calculation for "volsizelimit" option,
cf man AppleVolume.default for details
* FIX: afpd: ACL access checking
* FIX: afpd: Fix an error when duplicating files that lacked an AppleDouble
file which lead to a possible Finder crash
* FIX: afpd: Read-only filesystems lead to afpd processes running as root
* FIX: afpd: Fix for filesystem without NFSv4 ACL support on Solaris
* FIX: afpd: Fix catsearch bug, NetAFP Bug ID #12
* FIX: afpd: Fix dircache bug, NetAFP Bug ID #13
* FIX: dbd: Better checking for duplicated or bogus CNIDs from AppleDouble
files
* FIX: dbd: Remove BerkeleyDB database environment after running `dbd`. This
is crucial for the automatic BerkeleyDB database upgrade feature which
is built into cnid_dbd and dbd.
* FIX: Fix compilation error when AppleTalk support is disabled
* FIX: Portability fixes
* FIX: search of surrogate pair
Add support for the new libquota. Drop support for the proplib
libquota; it's not worth the configure-time hassle.
Fix some moderately serious bugs in the original/previous libquota
patches; it's clear for example they were never tested with group
quotas.
Fix quota support in configure: for some reasons, configure thinks that
quota support should be disabled if one of
rpc/rpc.h rpc/pmap_prot.h rpcsvc/rquota.h
is missing or unusable, while the code compiles file with one of
them missing, at last on NetBSD.
bump PKGREVISION
Adds command_args to startup script to write the pid file to /var/run
as intended. Apparently the lack of a pid file did not affect NetBSD's
ability to stop the daemon, but it did prevent it on DragonFly BSD.
Fix patch to quota-check.m4 so that the autoconf'ed configure will
define HAVE_LIBQUOTA too
Use QL_STATUS(quota_check_limit()) instead of quota_check_limit(). This is
the only visible change in binaries.
Do not bump PKGREVISION as the previous code has been there for only a few
hours.
check for getfsquota() in libquota. If it's there, use getfsquota() and
quota_check_limit() from libquota instead of local getnfsquota or direct
calls to quotactl().
Tested on NetBSD-current and NetBSD 5.1. OK agc@
Changes in 2.1.5
================
* UPD: afpd: support newlines in -loginmesg with \n escaping syntax
* UPD: afpd: support for changed chmod semantics on ZFS with ACLs
in onnv145+
* FIX: afpd: fix leaking ressource when moving objects on the server
* FIX: afpd: backport Solaris 10 compatibilty fix from 2.2: don't use
SO_SNDTIMEO/SO_RCVTIMEO, use non-blocking IO and select instead.
* FIX: afpd: misaligned memory access on Sparc in ad_setattr, fixes
bug 3110004.
* FIX: cnid_dbd: backport Solaris 10 compatibilty fix from 2.2: don't
use SO_SNDTIMEO/SO_RCVTIMEO, use non-blocking IO and select instead.
Changes in 2.1.4
~~~~~~~~~~~~~~~~
* FIX: afpd: Downstream fix for FreeBSD PR 148022
* FIX: afpd: Fixes for bugs 3074077 and 3074078
* FIX: afpd: Better handling of symlinks in combination with ACLs and EAs.
Fixes bug 3074076.
* FIX: dbd: Adding a file with the CNID from it's adouble file did
not work in case that CNID was alread occupied in the database
* FIX: macusers: add support for Solaris
* NEW: cnid_metad: use a PID lockfile
* NEW: afpd: prevent log flooding
* UPD: dbd: ignore ".zfs" snapshot directories
* UPD: dbd: support interrupting -re mode
Does not fix pkg/43953, unfortunately.
Changes in 2.1.3
================
* FIX: afpd: fix a serious error in networking IO code
* FIX: afpd: Solaris 10 compatibilty fix: don't use SO_SNDTIMEO, use
non-blocking IO and select instead for writing/sending data.
* UPD: Support for BerkeleyDB 5.0.
Changes in 2.1.2
================
* FIX: afpd: fix for possible crash in case more then one server is
configured in afpd.conf.
* FIX: afpd: ExtendedAttributes in FreeBSD
* FIX: afpd: sharing home folders corrupted the per volume umask.
* UPD: afpd: umask for home folders is no longer taken from startup umask.
* UPD: afpd: dont and permissions with parent folder when creating new
directories on "upriv" volumes.
* UPD: afpd: use 'afpserver@fqdn' instead of 'afpserver/fqdn@realm'.
Prevents a crash in older GNU GSSAPI libs on eg. CentOS 5.x.
Changes in 2.1.1
================
* UPD: fallback to a temporary in memory tdb CNID database if the volume
database can't be opened now works with the default backend "dbd" too.
* FIX: afpd: afp_ldap.conf was missing from tarball. This only effected
[Open]Solaris.
* FIX: afpd: Check if options->server is set in set_signature, preventing
SIGSEGV.
* FIX: afpd: server signature wasn't initialized in some cases
* FIX: DESTDIR support: DESTDIR was expanded twice
* FIX: Fix for compilation error if header files of an older Netatalk
version are installed.
Changes in 2.1-release
======================
* NEW: afpd: new volume option "volsizelimit" for limitting reported volume
size. Useful for limitting TM backup size.
* UPD: dbd: -c option for rebuilding volumes which prevents the creation
of .AppleDouble stuff, only removes orphaned files.
Changes in 2.1-beta2
====================
* NEW: afpd: static generated AFP signature stored in afp_signature.conf,
cf man 5 afp_signature.conf
* NEW: afpd: clustering support: new per volume option "cnidserver".
* UPD: afpd: set volume defaults options "upriv" and "usedots" in the
volume config file AppleVolumes.default. This will only affect
new installations, but not upgrades.
* FIX: afpd: prevent security attack guessing valid server accounts. afpd
now returns error -5023 for unknown users, as does AppleFileServer.
Changes in 2.1-beta1
====================
* NEW: afpd: AFP 3.2 support
* NEW: afpd: Extended Attributes support using native attributes or
using files inside .AppleDouble directories.
* NEW: afpd: ACL support with ZFS
* NEW: cnid_metad: options -l and -f to configure logging
* NEW: IPv6 support
* NEW: AppleDouble compatible UNIX files utility suite `ad ...`.
With 2.1 only `ad ls`.
* NEW: CNID database maintanance utility dbd
* NEW: support BerkeleyDB upgrade. Starting with the next release
after 2.1 in case of BerkeleyDB library updates, Netatalk
will be able to upgrade the CNID databases.
* NEW: afpd: store and read CNIDs to/from AppleDouble files by default.
This is used as a cache and as a backup in case the database
is deleted or corrupted. It can be disabled with a new volume
option "nocnidcache".
* NEW: afpd: sending SIGINT to a child afpd process enables debug logging
to /tmp/afpd.PID.XXXXXX.
* NEW: configure args to download and install a "private" Webmin instance
including only basic Webmin modules plus our netatalk.wbm.
* NEW: fallback to a temporary in memory tdb CNID database if the volume
database can't be opened.
* NEW: support for Unicode characters in the range above U+010000 using
internal surrogate pairs
* NEW: apple_dump: utility to dump AppleSingle and AppleDouble files
* NEW: afpldaptest: utility to check afp_ldap.conf.
* UPD: atalkd and papd are now disabled by default. AppleTalk is legacy.
* UPD: slp advertisement is now disabled by default. server option -slp
SRVLOC is legacy.
* UPD: cdb/dbd CNID backend requires BerkeleyDB >= 4.6
* UPD: afpd: default CNID backend is "dbd"
* UPD: afpd: try to install PAM config that pulls in system|common auth
* UPD: afpd: symlink handling: never followed server side, client resolves
them, so it's safe to use them now.
* UPD: afpd: Comment out all extension->type/creator mappings in
AppleVolumes.system. They're unmaintained, possibly wrong and
do not fit for OS X.
* FIX: rewritten logger
* FIX: afpd: UNIX permissions handling
* FIX: cnid_dbd: always use BerkeleyDB transactions
* FIX: initscripts installation now correctly uses autoconf paths,
ie they're installed to --sysconfdir.
* FIX: UTF-8 volume name length
* FIX: atalkd: workaround for broken Linux 2.6 AT kernel module:
Linux 2.6 sends broadcast queries to the first available socket
which is in our case the last configured one. atalkd now tries to
find the right one.
Note: now a misconfigured or plugged router can broadcast a wrong route !
* REM: afpd: removed CNID backends "db3", "hash" and "mtab"
* REM: cnid_maint: use dbd
* REM: cleanappledouble.pl: use dbd
* REM: nu: use `macusers` instead
NEW: afpd: Time Machine support with new volume option "tm".
FIX: papd: Remove variable expansion for BSD printers. Fixes
CVE-2008-5718.
FIX: afpd: .AppleDxxx folders were user accessible if option 'usedots'
was set
FIX: afpd: vetoed files/dirs where still accessible
FIX: afpd: cnid_resolve: don't return '..' as a valid name.
FIX: uniconv: -d option wasn't working
