nbdkit-release-notes-1.40 - release notes for nbdkit 1.40
These are the release notes for nbdkit stable release 1.40. This describes the major changes since 1.38.
nbdkit 1.40.0 was released on 22 July 2024.
The server is now more careful about quoting user-provided filenames before printing them in error messages (thanks Mykola Ivanets).
Short plugin and filter names ("file"
is the short name of nbdkit-file-plugin(1)) are now more restrictive. This change should not be visible to users, but tightens up corner cases with possible security implications. See: https://gitlab.com/nbdkit/nbdkit/-/commit/f4d5e7d39e3d37a498821a87234127d561caa0f5
Previous documentation in nbdkit-tls(1) incorrectly asserted that when using X.509 certificates, nbdkit checks the client's CN. This is not true. nbdkit only checks that the client presents a certificate issued by the Certificate Authority specified by the --tls-certificates directory. The documentation has been corrected. (Thanks Jon Szymaniak, Daniel P. Berrangé).
nbdkit-ip-filter(1) incorrectly parsed security:
rules, which might subtly change the semantics of access lists. This has been fixed in this release.
nbdkit-ip-filter(1) previously allowed unknown [not IPv4/v6, Unix or vsock] socket families implicitly, so having a deny=all
rule would not necessarily deny every connection. This has been changed in this release so all unknown socket families are denied.
All past security issues and information about how to report new ones can be found in nbdkit-security(1).
nbdkit-file-plugin(1) now exposes minimum and preferred I/O size and the rotational property of block devices.
nbdkit-curl-plugin(1) prints the version of libcurl and other useful information in --dump-plugin output.
nbdkit-vddk-plugin(1) has been tested with VMware VDDK 8.0.3.
New nbdkit-bzip2-filter(1) supporting bzip2-compressed images (Georg Pfuetzenreuter).
New nbdkit-rotational-filter(1) which can be used to change the rotational property of a plugin (whether it advertises that it behaves like a spinning hard disk, or RAM / flash storage).
New nbdkit-spinning-filter(1) can be used to add seek delays to simulate a spinning hard disk.
nbdkit-ip-filter(1) has new rule types for checking the client's X.509 Distinguished Name (DN) and Issuer's DN.
Ruby language support has been removed. This did not work because of a fundamental problem in Ruby's garbage collection. See: https://gitlab.com/nbdkit/nbdkit/-/commit/7364cbaae809b5ffb6b4dd847cbdd0b368a20024
New --print-uri option which prints the URI of the server to help users find the NBD endpoint.
Add a common function to find the size of a file or block device which should work properly across Linux and all the BSDs, and use this in several places where we need to know the size of a file or block device (thanks Eric Blake).
When generating an NBD URI with TLS enabled, append ?tls-certificates=DIR
or ?tls-psk-key=FILE
parameter. For libnbd-based NBD clients this allows the client to find the corresponding TLS credentials.
New nbdkit_parse_delay(3) function which can be used to parse short delays and sleeps, like 100ms
or 1.2μs
. It is used by nbdkit-delay-filter(1), nbdkit-retry-filter(1), nbdkit-retry-request-filter(1) and nbdkit-spinning-filter(1). There are also bindings in OCaml and Python.
New nbdkit_peer_tls_dn(3) and nbdkit_peer_tls_issuer_dn(3) to read the client's X.509 certificate Distinguished Name (DN) and Issuer's DN.
Each nbdkit API function now has a separate manual page, eg. nbdkit_parse_size(3) and nbdkit_debug(3).
Fix references to external nbd-server(1) and nbd-client(8) man pages (Vera Wu).
Revise the main README.md file in the sources.
CI updates and fixes (Daniel Berrangé, Eric Blake).
The minimum version of gnutls is now ≥ 3.5.18.
Make error checking of ioctl(2) calls consistent by always checking if the return value == -1
.
Authors of nbdkit 1.40:
Copyright Red Hat
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of Red Hat nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.