netatalk - Debian Package Tracker

general

source: netatalk (main)
version: 4.1.2~ds-4
maintainer: Debian Netatalk team (archive) (DMD)
uploaders: Daniel Markstedt [DMD] – Jonas Smedegaard [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.12~ds-3
o-o-sec: 3.1.12~ds-3+deb10u5
oldstable: 3.1.12~ds-8+deb11u1
old-sec: 3.1.12~ds-8+deb11u2
testing: 4.1.2~ds-4
unstable: 4.1.2~ds-4

versioned links

3.1.12~ds-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.12~ds-3+deb10u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.12~ds-8+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.12~ds-8+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.2~ds-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

a2boot
atalkd
libatalk
libatalk-dev
macipgw
netatalk (9 bugs: 0, 8, 1, 0)
netatalk-doc
netatalk-tests
netatalk-tools
papd
timelord

action needed

A new upstream version is available: 4.2.0 high

A new upstream version 4.2.0 is available, you should consider packaging it.

Created: 2025-04-01 Last update: 2025-04-02 23:02

3 security issues in buster high

There are 3 open security issues in buster.

3 important issues:

CVE-2024-38439: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c.
CVE-2024-38440: Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).'
CVE-2024-38441: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c.

Created: 2024-06-17 Last update: 2024-06-29 19:18

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

Created: 2022-11-13 Last update: 2022-11-14 05:14

Depends on packages which need a new maintainer normal

The packages that netatalk depends on which need a new maintainer are:

db5.3 (#1055356)
- Depends: libdb5.3t64 libdb5.3t64
db-defaults (#1055344)
- Build-Depends: libdb-dev
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-18 Last update: 2025-04-02 20:31

50 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 8325a96c5fa4b0d0a43fd70631788ad2a6fb57fd
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Wed Apr 2 08:23:07 2025 +0200

    update copyright

commit 4350a54e6639c6e540b3432295160b58c8d54137
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Wed Apr 2 05:40:20 2025 +0000

    update copyright hints

commit b59857704d7812b8d5e886fa399c742298564ada
Merge: a33b0a01c 5098dec3f
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Tue Apr 1 21:55:42 2025 +0200

    Update upstream source from tag 'upstream/4.2.0_ds'
    
    Update to upstream version '4.2.0~ds'
    with Debian dir 1f7646f3198a40113279dc320d40c939176c36e9

commit a33b0a01c8d935b7522182eba1e9b616327b6430
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sat Mar 8 12:29:59 2025 +0100

    update changelog

commit 37426c6a9507dbd2049f5ff23a71cf076296d04d
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sat Mar 8 10:26:21 2025 +0000

    declare compliance with Debian Policy 4.7.2

commit a6df12502e759dd1cb49d35afceb9266d721ca3a
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sat Mar 8 10:25:25 2025 +0000

    restore dependency on libtracker-sparql-3.0-dev

commit ac0d09b508b972a251fefdeef6d2a84ed86c46e9
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Tue Feb 25 07:24:03 2025 +0100

    update changelog

commit 9e4ae89fa4f1e8377cc86b870d2a7fc767c3c52b
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Tue Feb 25 06:42:27 2025 +0100

    update smoke test to accommodate localsearch daemon

commit 83cce66efd237a07ea4c9ceb7ecfee935e7e2fea
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Mon Feb 24 22:54:51 2025 +0100

    update changelog

commit cba58fcf24613006475e38c4036628f282b73f29
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Mon Feb 24 22:54:47 2025 +0100

    declare compliance with Debian Policy 4.7.1

commit a1b50669f8eb75a8b9e1cb823e2784a5c67b93cd
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Mon Feb 24 22:37:39 2025 +0100

    build-depend on libtinysparql-dev localsearch (not libtracker-sparql-3.0-dev tracker); depend on localsearch (not tracker tracker-miner-fs); closes: bug#1098776, thanks to Santiago Vila

commit 19a67dcb7d4367ec425d13768895be21772d20ac
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Thu Feb 13 07:11:54 2025 +0100

    update changelog and copyright hints

commit fe35e91119c997580a1f1c5f93103867ab3dfe83
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Thu Feb 13 07:10:32 2025 +0100

    update copyright info: update coverage

commit 07fa249350d8e8f084a20125bae929ddc469824c
Merge: 178a3ca57 c4809f3e2
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Thu Feb 13 07:06:00 2025 +0100

    Update upstream source from tag 'upstream/4.1.2_ds'
    
    Update to upstream version '4.1.2~ds'
    with Debian dir 28f9f9a1f23fc22aea51f6a3dc9323808c7b7b99

commit 178a3ca57d53e2fd0ef8dc6db5febe4c88ecc1f8
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Fri Jan 24 19:38:55 2025 +0100

    update changelog

commit 951aae21d8fbb8d45def89654a13ad8d195844d2
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Fri Jan 24 18:30:07 2025 +0100

    remove patch obsoleted by upstream changes

commit 4b13882ef7cc7cd3926e71f67c9f6afa360832d5
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Fri Jan 24 18:29:06 2025 +0100

    update copyright year

commit 7c7f72c748cf0d29fe8b85d831aeb2980e0e1687
Merge: 244068950 4d4959dcd
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Fri Jan 24 18:03:58 2025 +0100

    Update upstream source from tag 'upstream/4.1.1_ds'
    
    Update to upstream version '4.1.1~ds'
    with Debian dir d7ea8bc40d671db2e79087d741a386209fb7654f

commit 244068950fecf0b9a19e4742dcdb850288609bcb
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Tue Jan 14 19:12:29 2025 +0100

    fix copyright path after upstream changes

commit 865abe39dc75210ab91b1d18b78166f5e35b6daa
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Mon Jan 13 22:56:00 2025 +0100

    update changelog

commit 04fef5d000008145fd492d9b7641d33e47ea18f8
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Mon Jan 13 17:40:07 2025 +0000

    patch 001 that disables all default settings for macipgw

commit e2df766f1b5ca5529b343f6440dd3aef5cf7f314
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sun Jan 12 21:59:29 2025 +0000

    install new macipgw config and man page

commit 5f161896618e21dd87e94a9939f93f584516ee47
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sun Jan 12 21:56:30 2025 +0000

    add patch 001 that removes default nameserver from macipgw config

commit 117e5e93d7c5f135f4246693a2ec9b085c62701e
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sun Jan 12 22:52:12 2025 +0100

    remove patch obsoleted by upstream changes

commit 3a13e124f9068ae4722846cb9a5050eebd643b37
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sun Jan 12 21:58:50 2025 +0100

    run testsuite in big-endian compatible mode on s390x

commit 9723322557679811af34e24e43c2b266f06d4aba
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sun Jan 12 21:37:53 2025 +0100

    update description of netatalk-tools package

commit 34f22e44c22ca5277bfb287cf018f7ece3d900d5
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Jan 12 19:19:43 2025 +0100

    update changelog and copyright hints

commit ad737437e7b5824f5f92cc66ec5a431c47012318
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Jan 12 19:18:16 2025 +0100

    update copyright info: update coverage

commit e68854262719de373fc98ead598bf669e7677c55
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Jan 12 19:10:47 2025 +0100

    adapt packaging for upstream renamed executable apple_dump -> addump

commit b0a69a2a348b6d87908333b42752f12e8f1dda41
Merge: f81e0828d 6ee12b607
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Jan 12 18:52:57 2025 +0100

    Update upstream source from tag 'upstream/4.1.0_ds'
    
    Update to upstream version '4.1.0~ds'
    with Debian dir 9192ec82320fad444cbeb7cf0912ce5b5a2f3a5e

commit f81e0828d58a7088f6c368568ac5f8c768a2cee3
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Wed Dec 18 11:16:05 2024 +0100

    update changelog

commit d02197885bcb19dced73dd25021689189ed03fe2
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Wed Dec 18 07:36:20 2024 +0900

    refresh patch 202 to unfuzz it

commit 5b994b761e85860b0b0b13e5e42eff8d5683d9b4
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Wed Dec 18 07:28:54 2024 +0900

    add patch 001 that skips test358 which is flaky on s390x

commit bad9964ba23d4a1ae168ceba0d0ca86775dd6108
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Wed Dec 18 07:22:32 2024 +0900

    remove patch 001 obsoleted by upstream changes

commit 43543ecdc4467b324f3ff961c807c27983a28ffd
Merge: c3689805a d78b19dff
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Tue Dec 17 15:45:07 2024 +0100

    Update upstream source from tag 'upstream/4.0.8_ds'
    
    Update to upstream version '4.0.8~ds'
    with Debian dir 52a6530ded2beb4742a4a37a5f67d39142d534c6

commit c3689805a498b9afa7696529c95792ec9fe7ba8b
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Fri Dec 6 09:04:19 2024 +0100

    update changelog

commit 2d8f66a60fc77c309206d85143d0dcf1719f1a92
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sun Dec 1 18:21:57 2024 +0000

    add patch 001: retry logic for flaky testsuite test

commit f560508e4ebaaeb6e19379b5685a2176ae8b7ab1
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sat Nov 30 21:10:27 2024 +0100

    update changelog

commit 9cc70d6695a4a35a4bad3ef8341d71d2a40d62ff
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sat Nov 30 21:09:51 2024 +0100

    update patch 202

commit aae5285e5de7592d35ef777db17e5f27100e5e07
Merge: 098c40894 eaa8455a6
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sat Nov 30 21:05:18 2024 +0100

    Update upstream source from tag 'upstream/4.0.7_ds'
    
    Update to upstream version '4.0.7~ds'
    with Debian dir 7d3a462e3630d3fca2565dc1f143c19defcbff2f

commit 098c40894d825f4a03d5254a82ea7952dcc581d3
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sat Nov 16 18:58:43 2024 +0100

    update changelog and copyright hints

commit a6015ae8f443e26e0e2802250478a48f60ee5327
Merge: 56d13f967 ede011f1b
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sat Nov 16 18:45:34 2024 +0100

    Update upstream source from tag 'upstream/4.0.6_ds'
    
    Update to upstream version '4.0.6~ds'
    with Debian dir 5ee9ebb5b218c87b8a71c7993861fbf4c3c6f37d

commit 56d13f9670bb989eda3a128f0db25a3d5aefb398
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Nov 10 13:49:48 2024 +0100

    update changelog

commit fc01d245a1aad0a5078cf4f097c6325342fdeeef
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Nov 10 13:44:25 2024 +0100

    revert to clean generated files
    
    This reverts commit 6c2ca20e540c21e01273a53225df0e5fa0940900.

commit 6c2ca20e540c21e01273a53225df0e5fa0940900
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sun Nov 10 12:01:13 2024 +0000

    upstream once more distribute generated Unicode source files

commit 8d1fe2fa8ef2249ce7cd3924bbd8eddbd16f9f66
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sun Nov 10 11:57:20 2024 +0000

    the spare afp_encodingtest.1 man page has been removed upstream

commit d03a996d7c4b71a2d814252ef9fc4b692886d522
Merge: 9a550cbfd 129f657c6
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Nov 10 10:58:56 2024 +0100

    Update upstream source from tag 'upstream/4.0.5_ds'
    
    Update to upstream version '4.0.5~ds'
    with Debian dir befc1ea17f6d04f6c6d737bb9121ca30b9005a1d

commit 9a550cbfdecfe8c125ccb8583616a5e1ace07752
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Nov 10 10:58:40 2024 +0100

    update copyright info: exclude generated files from repackaged source

commit 9ae5736b5107639a99cbb8d4c4ba561a363790ec
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sat Nov 9 23:51:59 2024 +0100

    libev is not sufficient for netatalk, so discarding TODO
    
    For investigation details, see https://github.com/Netatalk/netatalk/issues/1574

commit ab06c97f6a3570b1699b85f85e3ef860f98190d2
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Fri Nov 8 09:40:29 2024 +0100

    update changelog

Created: 2025-04-01 Last update: 2025-04-02 08:00

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2025-02-25 Last update: 2025-02-25 10:30

news

[rss feed]

[2025-03-10] netatalk 4.1.2~ds-4 MIGRATED to testing (Debian testing watch)
[2025-03-08] Accepted netatalk 4.1.2~ds-4 (source) into unstable (Jonas Smedegaard)
[2025-02-25] Accepted netatalk 4.1.2~ds-3 (source) into unstable (Jonas Smedegaard)
[2025-02-24] Accepted netatalk 4.1.2~ds-2 (source) into unstable (Jonas Smedegaard)
[2025-02-15] netatalk 4.1.2~ds-1 MIGRATED to testing (Debian testing watch)
[2025-02-13] Accepted netatalk 4.1.2~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-01-28] netatalk 4.1.1~ds-1 MIGRATED to testing (Debian testing watch)
[2025-01-24] Accepted netatalk 4.1.1~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-01-16] netatalk 4.1.0~ds-1 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted netatalk 4.1.0~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-12-20] netatalk 4.0.8~ds-1 MIGRATED to testing (Debian testing watch)
[2024-12-18] Accepted netatalk 4.0.8~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-12-08] netatalk 4.0.7~ds-2 MIGRATED to testing (Debian testing watch)
[2024-12-06] Accepted netatalk 4.0.7~ds-2 (source) into unstable (Jonas Smedegaard)
[2024-11-30] Accepted netatalk 4.0.7~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-11-27] Accepted netatalk 3.1.12~ds-8+deb11u2 (source) into oldstable-security (Thorsten Alteholz)
[2024-11-19] netatalk 4.0.6~ds-1 MIGRATED to testing (Debian testing watch)
[2024-11-16] Accepted netatalk 4.0.6~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-11-12] netatalk 4.0.5~ds-1 MIGRATED to testing (Debian testing watch)
[2024-11-10] Accepted netatalk 4.0.5~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-11-08] Accepted netatalk 4.0.4~ds-2 (source) into unstable (Jonas Smedegaard)
[2024-11-07] Accepted netatalk 4.0.4~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-11-02] netatalk 4.0.3~ds-2 MIGRATED to testing (Debian testing watch)
[2024-10-30] Accepted netatalk 4.0.3~ds-2 (source) into unstable (Jonas Smedegaard)
[2024-10-30] Accepted netatalk 4.0.3~ds-1 (source amd64 all) into experimental (Debian FTP Masters) (signed by: Jonas Smedegaard)
[2024-10-28] Accepted netatalk 4.0.2~ds-2 (source) into unstable (Jonas Smedegaard)
[2024-10-20] Accepted netatalk 4.0.2~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-10-18] netatalk 4.0.1~ds-1 MIGRATED to testing (Debian testing watch)
[2024-10-12] Accepted netatalk 4.0.1~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-10-05] Accepted netatalk 4.0.0~ds-4 (source) into unstable (Jonas Smedegaard)

bugs [bug history graph]

all: 9
RC: 0
I&N: 8
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.1.2~ds-4
40 bugs