Provided by: nbdkit_1.24.1-2ubuntu4_amd64 bug

NAME

       nbdkit-release-notes-1.16 - release notes for nbdkit 1.16

DESCRIPTION

       These are the release notes for nbdkit stable release 1.16.  This describes the major
       changes since 1.14.

       nbdkit 1.16.0 was released on 14th November 2019.

   Security
       Two security issues were found during development of nbdkit 1.16.  Fixes for these were
       backported to older stable branches.  Upgrading to the fixed versions is highly
       recommended.  The new nbdkit-security(1) man page contains an up to date list of past
       security issues.

       CVE-2019-14850 denial of service due to premature opening of back-end connection

       See the full announcement and links to mitigation, tests and fixes here:
       https://www.redhat.com/archives/libguestfs/2019-September/msg00084.html

       CVE-2019-14851 assertion failure by issuing commands in the wrong order

       This CVE was caused by the fix to the previous issue.

       See the full announcement and links to mitigation, tests and fixes here:
       https://www.redhat.com/archives/libguestfs/2019-September/msg00272.html

   New features
       Add support for fast zeroing.  Plugins can expose this using the new ".can_fast_zero"
       method (Eric Blake).

       nbdkit-partitioning-plugin(1) allows use of "mbr-id=default" or "type-guid=default" to go
       back to the default MBR byte or partition type GUID.

       New --mask-handshake server flag can be used for testing client feature negotiation (Eric
       Blake).

       The client export name is passed to nbdkit-captive(1) --run parameter as $exportname (Eric
       Blake).

       Captive --run commands which fail (eg. aborting) now cause nbdkit to exit with an error
       instead of errors being silently ignored (Eric Blake).

       File descriptors can be passed to password parameters, eg: "password=-3" which means that
       the password should be read from file descriptor 3.

       nbdkit can now serve over the "AF_VSOCK" protocol (thanks Stefan Hajnoczi).

       New --log=null option discards error messages.

   Plugins
       Python 2 support has been dropped from nbdkit-python-plugin(3) in line with Python 2 end
       of life at the beginning of 2020.  Python ≥ 3.3 is required by this plugin.  If you wish
       to continue to use Python 2 then you will need to use nbdkit 1.14.

       New nbdkit-info-plugin(1) which returns various server information back to the client.  It
       can be used for testing server latency amongst other things.

       nbdkit-data-plugin(1) now allows you to write "BYTE*N" to get repeated bytes (eg.
       "nbdkit data data="0x55*4096"").

       nbdkit-ssh-plugin(1) new parameter "compression=true|false" to control transport
       compression.

       nbdkit-vddk-plugin(1) is no longer compiled on non-x86 platforms since VMware has only
       ever shipped VDDK on x86.

       nbdkit-sh-plugin(1) scripts can now see the client exportname and can use the
       "magic_config_key" feature.

   Filters
       New nbdkit-retry-filter(1) which can reopen the plugin transparently on certain types of
       failures (lots of help from Eric Blake).

   API
       Macros "NBDKIT_VERSION_MAJOR", "NBDKIT_VERSION_MINOR", "NBDKIT_VERSION_MICRO" expose the
       compile-time version of nbdkit to plugins and filters (Eric Blake).

       Filters (which unlike plugins do not have a public stable API) must now exactly match the
       version of nbdkit when loaded (Eric Blake).

       New ".can_fast_zero" method (Eric Blake).

       New "nbdkit_export_name" server function for reading the export name passed by the client.

       New "nbdkit_peer_name" server function to return the client address (like getpeername(2)).

       New server functions for safely parsing integers: "nbdkit_parse_int",
       "nbdkit_parse_unsigned", "nbdkit_parse_int8_t", "nbdkit_parse_uint8_t",
       "nbdkit_parse_int16_t", "nbdkit_parse_uint16_t", "nbdkit_parse_int32_t",
       "nbdkit_parse_uint32_t", "nbdkit_parse_int64_t", "nbdkit_parse_uint64_t".

   Bug fixes
       ".trim" with FUA flag set now works (Eric Blake).

   Documentation
       The previous release notes have been turned into man pages.

   Tests
       Several tests now optionally use nbdsh(1) instead of qemu-io.

       You can now fuzz nbdkit using either American Fuzzy Lop or clang’s libFuzzer.

       Several tests have had sleep times increased to make them more stable when run on slow or
       heavily loaded machines.

   Internals
       Reproducible builds (Chris Lamb).

       Compile code with -Wshadow warning (Eric Blake).

       The internal backend system has been extensively overhauled.  In particular this means
       that we now validate request ranges as requests are passed between filters and down to the
       plugin, making it easier to find bugs in filters early (Eric Blake).

       Plugin size and "can_*" flags are cached more aggressively by the server (Eric Blake).

       Variable Length Arrays (VLAs) on stack are now banned throughout the code.

       The nbd-protocol.h header describing the NBD protocol is now shared with libnbd(3).

       Plugin ".unload" method is now called after all worker threads have exited, avoiding races
       at server shutdown.

       Code was audited using Coverity and various problems were fixed.

SEE ALSO

       nbdkit(1).

AUTHORS

       Eric Blake

       Richard W.M. Jones

COPYRIGHT

       Copyright (C) 2019 Red Hat Inc.

LICENSE

       Redistribution and use in source and binary forms, with or without modification, are
       permitted provided that the following conditions are met:

       •   Redistributions of source code must retain the above copyright notice, this list of
           conditions and the following disclaimer.

       •   Redistributions in binary form must reproduce the above copyright notice, this list of
           conditions and the following disclaimer in the documentation and/or other materials
           provided with the distribution.

       •   Neither the name of Red Hat nor the names of its contributors may be used to endorse
           or promote products derived from this software without specific prior written
           permission.

       THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED
       WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
       FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS
       BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
       DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
       OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
       LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
       OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
       POSSIBILITY OF SUCH DAMAGE.