|Update from 28.04.2022: Do not use the packages below any more. There is Netatalk 3.1.13 out with fixes for multiple remote code execution (RCE) bugs. Use packages from recent Debian again, they have been updated.|
The full release notes for 3.1.12 are unfortunately not even half as interesting.
Be sure to read the original blog post if you are new to Netatalk3 on Debian Jessie or Stretch!|
You'll get nowhere if you install the .debs below and don't know about the upgrade path from 2.2.x which is still in the Debian archive. So RTFA.
For Debian Buster (Debian 10) we'll have Samba 4.9 which has learnt (from Samba 4.8.0 onwards) how to emulate a SMB time machine share. I'll make a write up how to install this once Buster stabilizes. This luckily means there will be no need to continue supporting Netatalk in normal production environments. So I guess bug #690227 won't see a proper fix anymore. Waiting out problems helps at times, too :/.
Update instructions and downloads:
The update instructions (assuming you have installed the 3.1.9 gcrypt build before) are:
dpkg -i libatalk18_3.1.12-1_amd64.deb netatalk_3.1.12-1_amd64.deb
# reboot the box (restart of netatalk may not be sufficient)
# After reboot: remove the obsolete libatalk17 if you have updated from 3.1.9 (libatalk16 if you are coming from 3.1.8 or earlier)
dpkg -r libatalk17
And here are the files:
|libatalk-dev_3.1.12-1_amd64.deb (libgcrypt, systemd build, build 2)||Development files for the libatalk library (dev only)||0ff18079d289cdb1b440a11b8885a021||0084fa96382d83b2693d56137c36e8ccd0660369|
|libatalk18_3.1.12-1_amd64.deb (libgcrypt, systemd build, build 2)||libatalk library (needed)||8963137e2063d47eacd66a177a433706||ae88086c8e98d4bbb46025881bbd38f6bc396aa0|
|netatalk_3.1.12-1_amd64.deb (libgcrypt, systemd build, build 2)||netatalk daemons (needed)||9694aa1cc1884eee5bb0f9e9042f5311||9c8817397bcaceaaa4dc6c4f224a7709979d47cf|
It has been four years of out-of-archive Netatalk3 now. I hope these will be the final Netatalk files I need to publish (Samba 4.8/4.9 will provide the Time Machine functionality from Debian Buster onwards), so here are the detached debug symbols, too:
|libatalk18-dbgsym_3.1.12-1_amd64.deb (libgcrypt, systemd build, build 2)||Debug symbols for libatalk18|
|netatalk-dbgsym_3.1.12-1_amd64.deb (libgcrypt, systemd build, build 2)||Debug symbols for netatalk 3.1.12|
28.04.22: Netatalk has released v3.1.13 with fixes for at least three remote pre-auth code execution (RCE) bugs. The really bad ones. All with a CVSS Score 9.8. So: Do not use the above builds any more, use current ones from Debian which are - luckily - available again. Or migrate off netatalk, it's about time.
09.01.19: Ross Burton pointed out a bug on IRC yesterday:
16:04 <rburton> trying to use your netatalk debs 16:04 <rburton> (thanks for those!) 16:04 <rburton> libatalk18 : Depends: libmysqlclient18 (>= 5.5.24+dfsg-1) but it is not installable
This snuck in despite mysql not being present in the pbuilder root. Most probably a fakeroot problem. I usually build on dedicated VMs and I should do so again (aka "note to self").
That bug is quite annoying to fix as the autotools setup from netatalk checks for presence of
mysql_config ... and then links against non-existing libs regardless (it doesn't use any of the exports). The files linked above are updated ("build 2"). If you downloaded the debs before and don't have mysql / mariadb with the compat shim present on your system, please download again. NB: There's more useless deps in the build but none as bad as MySQL. Thanks Ross for the nudge!
Full source code available from his repo. ↩