nbdkit-release-notes-1.44 - release notes for nbdkit 1.44
These are the release notes for nbdkit stable release 1.44. This describes the major changes since 1.42.
nbdkit 1.44.0 was released on 1 July 2025.
Fix off-by-one for maximum block_status length (CVE-2025-47711), and a 32-bit overflow in extents handling (CVE-2025-47712) (reported by Nikolay Ivanets and Eric Blake, and fixed by Eric Blake).
Thread-local storage is now used when printing certain protocol messages in verbose mode, which avoids possible output corruption. Since these messages were generated based on untrusted client input, the existing code was examined to see if this could have been exploitable, but it is not thought so. Nevertheless the fix was backported to stable version 1.42.2 and updating is recommended.
See nbdkit-security(1) for past security issues.
New nbdkit-nfs-plugin(1) which allows access to disk images stored on NFS servers (thanks Ronnie Sahlberg).
nbdkit-file-plugin(1) is now much more careful about checking for errors from certain Linux system calls that we previously thought were just advisory (thanks Eric Sandeen, Dave Chinner).
nbdkit-file-plugin(1) can now trim LVM thin block devices (thanks Germano Veit Michel, Eric Blake).
nbdkit-curl-plugin(1) adds new proxy-cafile and proxy-capath parameters (Adi Aloni).
nbdkit-vddk-plugin(1) adds a new export parameter which allows the client to choose which file to serve via the NBD protocol export name. This plugin has also been optimized so that querying extent information no longer slows down reads. Debugging information has also be improved, and we can now track the time taken to run asynchronous commands.
nbdkit-info-plugin(1) adds a new mode=version method.
nbdkit-torrent-plugin(1) now supports prefetching. This plugin now also generates additional information in --dump-plugin output.
nbdkit-data-plugin(1) allows @offset to use scaling suffixes, eg. @4M to move the offset to 4194304 (Eric Blake).
New nbdkit-openonce-filter(1) which can be used to open the underlying plugin once, sharing the plugin across connections.
nbdkit-cacheextents-filter has been deprecated, and is expected to be removed in nbdkit 1.46.
nbdkit-cow-filter(1) now understands that the NBD protocol export name causes multiple disk images to be exported, and correctly creates an overlay per export. (See also "Documentation" below.)
nbdkit-ext2-filter(1) now permits concurrent client connections (Eric Blake).
nbdkit-fua-filter(1) adds a new flush-on-close=true flag which can be used to force a flush to persistent storage when the connection closes even if the client does not request one.
nbdkit-blocksize-policy-filter(1) will now round unaligned extents from plugins. Also adjust blocksize-error-policy=error to allow access to the unaligned tail of the disk image, but at the same time add new blocksize-error-policy=strict-error mode which can be used to block that. (Eric Blake).
Plugins written in Golang now issue a warning if fork(2) is called, since that will likely cause the plugin to break.
For the Rust plugin and Rust examples, clippy warnings are now only enabled if the ./configure --enable-gcc-warnings build option is used.
New --log=/path option allowing error logging to be sent to a file. Also new --log=default option which just directs logging to the default output (the same as if --log is not used at all).
The filter API (which is not part of our API promise) changes the .thread_model call, allowing the current thread model to be changed conditionally based on what the plugin sets it to.
Filters which are "export-safe" — that is, they correctly handle the case where plugins serve different content depending on the NBD protocol export name — are now documented in "EXPORT-SAFE FILTERS" in nbdkit-protocol(1).
A common macro is used for all references in the documentation to magic parameters.
The particularly long-running test-spinning-mkfs.sh test has been modified to finish more quickly.
Previously running the whole test suite would leave many /tmp/nbdkitXXXXXX temporary directories behind. These have been reduced although not quite eliminated.
New define function in tests/functions.sh which provides a simpler way to add inline plugins and scripts to tests, reducing concerns around quoting.
Several tests were modified to use the --run method to start the test client. This improves performance and reduces fragility of the tests.
Tests now use set -u (error if an undefined variable is used) to reduce a common cause of errors.
The ./configure output has been beautified, which also helps to highlight problems when glancing at the output.
Fix build issues with GCC 15.
Allow User Statically Defined Tracing (USDT) probes to be added into the server. Few actual probes are added so far, but the build system has been modified to allow it.
nbdkit-vddk-plugin(1) drops support for VDDK 6.5, so the minimum required version is now VDDK ≥ 6.7. Support for VDDK 9.0.0.0 has been added.
Builds on clang were complaining about unused -pthread option. This warning has been fixed (Eric Blake).
In Python code, remove unnecessary global statements (thanks Nir Soffer).
nbdkit-file-plugin(1) now produces more detailed information in error messages, particularly about the file being accessed and the offset and size of the request that failed.
In debug mode, when the server starts up it prints a debug message summarising the flow of request processing through filters and the plugin, making this easier to understand.
Authors of nbdkit 1.44:
Copyright Red Hat
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
Neither the name of Red Hat nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.