X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=NEWS;h=0c2515f7e749cd30b17fd9e3e90e50d566b71ef8;hb=296eb8dfd48fb30bbc4b2371c3e1dabefe9d833d;hp=f4c61c46aa715f61367fa0e197e625d34276c870;hpb=7a06fbf04bb5c04715bad0e465540f961190e62c;p=netatalk.git diff --git a/NEWS b/NEWS index f4c61c46..0c2515f7 100644 --- a/NEWS +++ b/NEWS @@ -1,35 +1,193 @@ +Changes in 2.1-beta2 +==================== +* NEW: afpd: static generated AFP signature stored in afp_signature.conf, + cf man 5 afp_signature.conf +* FIX: afpd: prevent security attack guessing valid server accounts. afpd + now returns error -5023 for unknown users, as does AppleFileServer. +Changes in 2.1-beta1 +==================== -REMEMBER TO UPDATE the Changes in 2.0.x section !!! -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -Changes in 2.1 -============== -* UPD: atalkd and papd are now disabled by default. - AppleTalk is legacy. -* UPD: cdb/dbd CNID backend requires BerkeleyDB >= 4.6 -* FIX: rewritten logger +* NEW: afpd: AFP 3.2 support +* NEW: afpd: Extended Attributes support using native attributes or + using files inside .AppleDouble directories. +* NEW: afpd: ACL support with ZFS * NEW: cnid_metad: options -l and -f to configure logging +* NEW: IPv6 support +* NEW: AppleDouble compatible UNIX files utility suite `ad ...`. + With 2.1 only `ad ls`. * NEW: CNID database maintanance utility dbd * NEW: support BerkeleyDB upgrade. Starting with the next release after 2.1 in case of BerkeleyDB library updates, Netatalk will be able to upgrade the CNID databases. -* NEW: AppleDouble compatible UNIX files utility suite `ad ...`. - With 2.1 only `ad ls`. -* NEW: afpd: AFP 3.2 support -* NEW: afpd: ACL support with ZFS -* NEW: afpd: ExtendedAttributes support with ZFS * NEW: afpd: store and read CNIDs to/from AppleDouble files by default. This is used as a cache and as a backup in case the database is deleted or corrupted. It can be disabled with a new volume option "nocnidcache". - +* NEW: afpd: sending SIGINT to a child afpd process enables debug logging + to /tmp/afpd.PID.XXXXXX. +* NEW: configure args to download and install a "private" Webmin instance + including only basic Webmin modules plus our netatalk.wbm. +* NEW: fallback to a temporary in memory tdb CNID database if the volume + database can't be opened. +* NEW: support for Unicode characters in the range above U+010000 using + internal surrogate pairs +* NEW: apple_dump: utility to dump AppleSingle and AppleDouble files +* NEW: afpldaptest: utility to check afp_ldap.conf. +* UPD: atalkd and papd are now disabled by default. AppleTalk is legacy. +* UPD: slp advertisement is now disabled by default. server option -slp + SRVLOC is legacy. +* UPD: cdb/dbd CNID backend requires BerkeleyDB >= 4.6 +* UPD: afpd: default CNID backend is "dbd" +* UPD: afpd: try to install PAM config that pulls in system|common auth +* UPD: afpd: symlink handling: never followed server side, client resolves + them, so it's safe to use them now. +* UPD: afpd: Comment out all extension->type/creator mappings in + AppleVolumes.system. They're unmaintained, possibly wrong and + do not fit for OS X. +* FIX: rewritten logger +* FIX: afpd: UNIX permissions handling +* FIX: cnid_dbd: always use BerkeleyDB transactions +* FIX: initscripts installation now correctly uses autoconf paths, + ie they're installed to --sysconfdir. +* FIX: UTF-8 volume name length +* FIX: atalkd: workaround for broken Linux 2.6 AT kernel module: + Linux 2.6 sends broadcast queries to the first available socket + which is in our case the last configured one. atalkd now tries to + find the right one. + Note: now a misconfigured or plugged router can broadcast a wrong route ! +* REM: afpd: removed CNID backends "db3", "hash" and "mtab" +* REM: cnid_maint: use dbd +* REM: cleanappledouble.pl: use dbd +* REM: nu: use `macusers` instead + +Changes in 2.0.5 +================ + +* NEW: afpd: Time Machine support with new volume option "tm". +* FIX: papd: Remove variable expansion for BSD printers. Fixes CVE-2008-5718. +* FIX: afpd: .AppleDxxx folders were user accessible if option 'usedots' + was set +* FIX: afpd: vetoed files/dirs where still accessible +* FIX: afpd: cnid_resolve: don't return '..' as a valid name. +* FIX: uniconv: -d option wasn't working + +Changes in 2.0.4 +================ + +* REM: remove timeout +* NEW: afpd: DHX2 uams using GNU libgcrypt. +* NEW: afpd: volume options 'illegalseq', 'perm' and 'invisibledots' + 'ilegalseq' encode illegal sequence in filename asis, ex "\217-", which is not + a valid SHIFT-JIS char, is encoded as U\217 -. + 'perm' value OR with the client requested permissions. (help with OSX 10.5 + strange permissions). + Make dot files visible by default with 'usedots', use 'invisibledots' + for keeping the old behavior, ie for OS9 (OSX hide dot files on its + own). +* NEW: afpd: volume options allow_hosts/denied hosts +* NEW: afpd: volume options dperm/fperm default directory and file + permissions or with server requests. +* NEW: afpd: afpd.conf, allow line continuation with \ +* NEW: afpd: AppleVolumes.default allow line continuation with \ +* NEW: afpd: Mac greek encoding. +* NEW: afpd: CJK encoding. +* UPD: afpd: Default UAMs: DHX + DHX2 +* FIX: afpd: return the right error in createfile and copyfile if the disk + is full. +* FIX: afpd: resolveid return the same error code than OSX if it's a directory +* FIX: afpd: server name check, test for the whole loopback subnet + not only 127.0.0.1. +* UPD: afpd: limit comments size to 128 bytes, (workaround for Adobe CS2 bug). +* UPD: afpd: no more daemon icon. +* UPD: usedots, return an invalide name only for .Applexxx files used by netatalk not + all files starting with .apple. +* UPD: cnid: increase the number of cnid_dbd slots to 512. +* FIX: cnid: dbd detach the daemon from the control terminal. +* UPD: cnid: never ending Berkeley API changes... +* UPD: cnid: dbd add a timeout when reading data from afpd client. +* UPD: cnid: Don't wait five second after the first error when speaking to the dbd + backend. +* FIX: papd: vars use % not $ +* FIX: papd: quote chars in popen variables expansion. security fix. +* FIX: papd: papd -d didn't write to stderr. +* FIX: papd: ps comments don't always use () +* FIX: many compilation errors (solaris, AFS, Tru64, xfs quota...). + +Changes in 2.0.3 +================ -Changes in 2.0.x +* NEW: afpd: add a cachecnid option that controls if afpd should + use the IDs stored in the AD2 files as cache. Defaults + to off. +* UPD: afpd: deal with more than 32 groups. +* FIX: afpd: several catsearch fixes, based on patch from + TSUBAKIMOTO Hiroya. +* FIX: afpd: fix a race when a client very quickly reconnects and + tries to kill its old session. +* FIX: afpd: OSX style symlink caused problems with Panther clients. +* FIX: afpd: old files with default type didn't show the right icon + in finder, from Shlomi Yaakobovich, slightly modified. +* FIX: cnid_check: disable cnid_check if CNID db was configured with + transactions and really bail out after the first error. +* FIX: admin-group configure option was broken. +* FIX: several problems with IDs cached in AD2 files. +* FIX: Ignore BIDI in UTF8 hints from OSX. +* FIX: Lots of gcc warning fixes. +* FIX: small configure script changes. + + +Changes in 2.0.2 ================ -........... +* NEW: cnid: Add an indexes check and rebuild, optional for dbd + (parameter check default no), standalone program cnid_index for + cdb. +* UPD: Enhanced afpd's -v command line switch and added -V for more + verbose information +* UPD: uams_gss: build the principal used by uams_gss.so from afpd's + configuration, don't use GSS_C_NT_HOSTBASED_SERVICE +* UPD: cnid_dbd: add process id in syslog and small clean up +* REM: remove netatalkshorternamelinks.pl cf. SF bug [ 1061396 ] + netatalkshorternamelinks.pl broken +* FIX: afpd: check for DenyRead on FPCopyFile +* FIX: afpd: add missing flush for AD2 Metadata on FPCopyFile, SF bug + [ 1055691 ] Word 98 OS 9 Saving an existing file +* FIX: afpd: Deal with AFP3 connection and type 2 (non-UTF8) names. + reported by Gair Heaton, HI RESOLUTION SYSTEMS +* FIX: afpd: Broken 'crlf' option +* FIX: afpd: fix SF bug [ 1079622 ] afpd/dhx memory bug, + by Ralf Schuchardt +* FIX: afpd: Return an error if we cannot get the db stamp in + afp_openvol. +* FIX: afpd: Fix slp registration with Solaris9 slpd, from + hat at fa2.so-net.ne.jp + + +Changes in 2.0.1 +================ +* NEW: --enable-debian configure option. Will install /etc/init.d/atalk + to get not in conflict with standard debian /etc/init.d/netatalk. + Reads netatalk.conf from $ETCDIR and not from /etc/default/ +* UPD: Disable logger code by default. Log to syslog instead +* UPD: changed netatalk.conf default settings to prevent problems with + AppleTalk zone names containing spaces +* FIX: insecure tempfile handling bug in etc2ps.sh, + found by Trustix, CAN-2004-0974. +* REM: remove add_netatalk_printer and netatalk.template from stable + branch until fixed. (possible symlink vulnerabilities) +* FIX: afpd: set hasBeenInited in default finder info. This bug caused + endless finder refreshes with OS9 finder if the noadouble option + was used. From TSUBAKIMOTO Hiroya. +* FIX: afpd: fix a bug in default CREATOR/TYPE handling. Due to this bug + the type/creator mappings in AppleVolumes.system were ignored, + causing problems i.e. with OS9 clients. +* FIX: AppleVolumes.system: By default don't define a CREATOR/TYPE for a + file of unknown type. +* FIX: fix two Tru64 UNIX compilation errors, + from Burkhard Schmidt bs AT cpfs.mpg.de +* FIX: afpd: FPMapId wasn't using UTF8 for groups if requested by client. Changes in 2.0.0 ================ @@ -142,7 +300,7 @@ Changes in 2.0-beta2 * FIX: numerous small bugfixes. Changes in 2.0-beta1 -===================== +==================== * NEW: OSX style adouble scheme * NEW: japanese SHIFT_JIS codepage (iconv supplied)