netatalk - Debian Package Tracker

general

source: netatalk (main)
version: 4.2.3~ds-2
maintainer: Debian Netatalk team (archive) (DMD)
uploaders: Jonas Smedegaard [DMD] – Daniel Markstedt [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.1.12~ds-8+deb11u1
o-o-sec: 3.1.12~ds-8+deb11u2
stable: 4.2.3~ds-1
testing: 4.2.3~ds-2
unstable: 4.2.3~ds-2

versioned links

3.1.12~ds-8+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.1.12~ds-8+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.3~ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.3~ds-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

a2boot
atalkd
libatalk
libatalk-dev
macipgw
netatalk (10 bugs: 0, 9, 1, 0)
netatalk-doc
netatalk-tests
netatalk-tools
papd
timelord

action needed

A new upstream version is available: 4-3-2 high

A new upstream version 4-3-2 is available, you should consider packaging it.

Created: 2025-06-02 Last update: 2025-10-24 06:16

3 security issues in buster high

There are 3 open security issues in buster.

3 important issues:

CVE-2024-38439: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[PASSWDLEN] to '\0' in FPLoginExt in login in etc/uams/uams_pam.c.
CVE-2024-38440: Netatalk 3.2.0 has an off-by-one error, and resultant heap-based buffer overflow and segmentation violation, because of incorrectly using FPLoginExt in BN_bin2bn in etc/uams/uams_dhx_pam.c. The original issue 1097 report stated: 'The latest version of Netatalk (v3.2.0) contains a security vulnerability. This vulnerability arises due to a lack of validation for the length field after parsing user-provided data, leading to an out-of-bounds heap write of one byte (\0). Under specific configurations, this can result in reading metadata of the next heap block, potentially causing a Denial of Service (DoS) under certain heap layouts or with ASAN enabled. ... The vulnerability is located in the FPLoginExt operation of Netatalk, in the BN_bin2bn function found in /etc/uams/uams_dhx_pam.c ... if (!(bn = BN_bin2bn((unsigned char *)ibuf, KEYSIZE, NULL))) ... threads ... [#0] Id 1, Name: "afpd", stopped 0x7ffff4304e58 in ?? (), reason: SIGSEGV ... [#0] 0x7ffff4304e58 mov BYTE PTR [r14+0x8], 0x0 ... mov rdx, QWORD PTR [rsp+0x18] ... afp_login_ext(obj=<optimized out>, ibuf=0x62d000010424 "", ibuflen=0xffffffffffff0015, rbuf=<optimized out>, rbuflen=<optimized out>) ... afp_over_dsi(obj=0x5555556154c0 <obj>).'
CVE-2024-38441: Netatalk 3.2.0 has an off-by-one error and resultant heap-based buffer overflow because of setting ibuf[len] to '\0' in FPMapName in afp_mapname in etc/afpd/directory.c.

Created: 2024-06-17 Last update: 2024-06-29 19:18

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2022-45188: Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).

Created: 2022-11-13 Last update: 2022-11-14 05:14

Depends on packages which need a new maintainer normal

The packages that netatalk depends on which need a new maintainer are:

db5.3 (#1055356)
- Depends: libdb5.3t64 libdb5.3t64
systemtap (#1114760)
- Build-Depends: systemtap-sdt-dev
db-defaults (#1055344)
- Build-Depends: libdb-dev

Created: 2023-09-18 Last update: 2025-10-24 07:30

13 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit beb650bc7a31829b9bb56a3145dd59e3b6ab2bfd
Merge: f0735683e 180f05137
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Oct 5 15:44:47 2025 +0200

    Update upstream source from tag 'upstream/4.2.4_ds'
    
    Update to upstream version '4.2.4~ds'
    with Debian dir 491551e2add0ea29e5fa469f28828a95075ed837

commit 180f05137fe5cd0e315bf0d1743eca3c1d0f38ce
Merge: eb721bf91 cf1305355
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Oct 5 15:44:40 2025 +0200

    New upstream version 4.2.4~ds

commit f0735683e23b802ef1070aeacd2c36f49e499f68
Author: Jonas Smedegaard <dr@jones.dk>
Date:   Sun Oct 5 15:43:46 2025 +0200

    update watch file: use file format version 5; add upstream OpenPGP signature and set Pgp-Mode: yes (not yet working)

commit cf1305355d0086a6a67c5572ec53aa451aaaba9c
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Fri May 30 23:12:46 2025 +0200

    Bump to release version 4.2.4

commit a563e0316e68170bd615f4f6459ec6866d50be48
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Fri May 30 23:10:42 2025 +0200

    Changelog for 4.2.4 release

commit ad7c0569c5e4e2f21f589147247a707036d74051
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Fri May 30 23:14:49 2025 +0200

    Refresh compilation readme

commit c0cd086b7552a87b948df38b38ead4333a85aa42
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Thu May 29 09:08:17 2025 +0200

    meson: Build and link with Homebrew libraries is now opt-in, GitHub #1940
    
    Before, the build system would always attempt to detect
    an appropriate brew_prefix and then add Homebrew include and lib
    search paths
    
    This causes issues when using Homebrew on Linux and attempt
    to build Netatalk on the side, or when building MacPorts packages
    on macOS
    
    Therefore, Homebrew builds are now opt-in with the new
    -Dwith-homebrew boolean meson option

commit 837bac460fa2184f7f9986d2be3ab732dae7c8fa
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sun May 25 13:17:28 2025 +0200

    GitHub CI: Use native meson to build on Solaris
    
    The Oracle Solaris 11.4.81 CBE release now ships a recent enough meson package to be able to build netatalk

commit 244133f033d10d6e6f072874c0bc5ee85fcc6fa5
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Thu May 29 18:39:12 2025 +0200

    uams: Check for const pam_message member of pam_conv, GitHub #2185
    
    The PAM implementations of Solaris vs. other OSes differ slightly
    which we need to accommodate for

commit 99a79fa87e0caca5299029c617da09136c84f29f
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Tue May 27 21:58:56 2025 +0200

    meson: Check for brew include dir before adding it to list
    
    Protect against the case where the homebrew base dir exists but not the include dir underneath
    
    Should prevent a build failure on MacPorts

commit 30ed5489de68f25390ab71e81fc349ad8a82ab9d
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Sat May 10 10:06:25 2025 +0200

    docs: Improve grammar and verbiage of afptest man page

commit b6afed5915008aed6b59a522aa2814f467c00e46
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Fri May 9 12:42:19 2025 +0200

    Bump to development version 4.2.4

commit 1b7e017d0f86012b1b844a2807088cd4976834c2
Author: Daniel Markstedt <daniel@mindani.net>
Date:   Fri May 9 07:28:56 2025 +0200

    docs: Improve afpd and macipgw man pages
    
    Overhaul grammar and syntax in afpd man page,
    and remove reference to /usr/etc in macipgw man page
    
    Addresses issues flagged by Debian's linter

Created: 2025-09-04 Last update: 2025-10-18 16:32

lintian reports 45 warnings normal

Lintian reports 45 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-10-05 Last update: 2025-10-05 22:29

news

[rss feed]

[2025-10-08] netatalk 4.2.3~ds-2 MIGRATED to testing (Debian testing watch)
[2025-10-05] Accepted netatalk 4.2.3~ds-2 (source) into unstable (Jonas Smedegaard)
[2025-06-03] netatalk 4.2.3~ds-1 MIGRATED to testing (Debian testing watch)
[2025-05-13] Accepted netatalk 4.2.3~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-04-26] netatalk 4.2.1~ds-1 MIGRATED to testing (Debian testing watch)
[2025-04-16] Accepted netatalk 4.2.1~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-04-12] Accepted netatalk 4.2.0~ds-3 (source) into unstable (Jonas Smedegaard)
[2025-04-12] Accepted netatalk 4.2.0~ds-2+exp (source) into experimental (Jonas Smedegaard)
[2025-04-08] Accepted netatalk 4.2.0~ds-2 (source) into unstable (Jonas Smedegaard)
[2025-04-06] Accepted netatalk 4.2.0~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-03-10] netatalk 4.1.2~ds-4 MIGRATED to testing (Debian testing watch)
[2025-03-08] Accepted netatalk 4.1.2~ds-4 (source) into unstable (Jonas Smedegaard)
[2025-02-25] Accepted netatalk 4.1.2~ds-3 (source) into unstable (Jonas Smedegaard)
[2025-02-24] Accepted netatalk 4.1.2~ds-2 (source) into unstable (Jonas Smedegaard)
[2025-02-15] netatalk 4.1.2~ds-1 MIGRATED to testing (Debian testing watch)
[2025-02-13] Accepted netatalk 4.1.2~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-01-28] netatalk 4.1.1~ds-1 MIGRATED to testing (Debian testing watch)
[2025-01-24] Accepted netatalk 4.1.1~ds-1 (source) into unstable (Jonas Smedegaard)
[2025-01-16] netatalk 4.1.0~ds-1 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted netatalk 4.1.0~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-12-20] netatalk 4.0.8~ds-1 MIGRATED to testing (Debian testing watch)
[2024-12-18] Accepted netatalk 4.0.8~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-12-08] netatalk 4.0.7~ds-2 MIGRATED to testing (Debian testing watch)
[2024-12-06] Accepted netatalk 4.0.7~ds-2 (source) into unstable (Jonas Smedegaard)
[2024-11-30] Accepted netatalk 4.0.7~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-11-27] Accepted netatalk 3.1.12~ds-8+deb11u2 (source) into oldstable-security (Thorsten Alteholz)
[2024-11-19] netatalk 4.0.6~ds-1 MIGRATED to testing (Debian testing watch)
[2024-11-16] Accepted netatalk 4.0.6~ds-1 (source) into unstable (Jonas Smedegaard)
[2024-11-12] netatalk 4.0.5~ds-1 MIGRATED to testing (Debian testing watch)
[2024-11-10] Accepted netatalk 4.0.5~ds-1 (source) into unstable (Jonas Smedegaard)

bugs [bug history graph]

all: 11
RC: 0
I&N: 10
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 45)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.2.3~ds-1
40 bugs