lunar (1) libnbd-release-notes-1.2.1.gz

Provided by: libnbd-dev_1.14.2-1_amd64 bug

NAME

       libnbd-release-notes-1.2 - release notes for libnbd 1.2

DESCRIPTION

       These are the release notes for libnbd stable release 1.2.  This describes the major
       changes since 1.0.

       libnbd 1.2.0 was released on 14th November 2019.

   Security
       Two security problems were found during development of libnbd 1.2.  Both were backported
       to the 1.0 stable branch.  Upgrading is highly advisable.

       CVE-2019-14842 protocol downgrade attack when using "LIBNBD_TLS_REQUIRE"

       See the full announcement and links to mitigation, tests and fixes here:
       https://www.redhat.com/archives/libguestfs/2019-September/msg00128.html

       remote code execution vulnerability

       See the full announcement here:
       https://www.redhat.com/archives/libguestfs/2019-October/msg00060.html

   New APIs
       nbd_can_fast_zero(3)
           Test support by the server for fast zeroing (Eric Blake).

       nbd_connect_socket(3)
       nbd_aio_connect_socket(3)
           Connect to a local connected socket which you create in your main program using your
           own chosen method.

       nbd_connect_systemd_socket_activation(3)
       nbd_aio_connect_systemd_socket_activation(3)
           Connect to local processes that support systemd socket activation.

       nbd_connect_vsock(3)
       nbd_aio_connect_vsock(3)
           Used to connect to servers over "AF_VSOCK".

       nbd_get_handshake_flags(3)
       nbd_set_handshake_flags(3)
       nbd_get_request_structured_replies(3)
       nbd_set_request_structured_replies(3)
       nbd_get_structured_replies_negotiated(3)
           Can be used when testing NBD servers to avoid various NBD features (Eric Blake).

       nbd_get_protocol(3)
           Get the NBD protocol variant that the server supports.

       nbd_get_tls_negotiated(3)
           Did we actually negotiate a TLS connection?

       nbd_set_uri_allow_local_file(3)
       nbd_set_uri_allow_tls(3)
       nbd_set_uri_allow_transports(3)
           These can be used to filter NBD URIs before calling nbd_connect_uri(3).

   New features
       New tool nbdfuse(1) lets you create a loop-mounted file backed by an NBD server without
       needing root.

       "AF_VSOCK" is now a supported protocol (thanks Stefan Hajnoczi and Stefano Garzarella).

       Support for the "FAST_ZERO" flag (Eric Blake).

       Allow disabling certain protocol features, to make it easier to test servers (Eric Blake).

       Stack-allocated Variable Length Arrays (VLAs) are now banned throughout the library,
       making the library easier to consume from threads and other small stack situations.

       Reproducible builds (Chris Lamb).

       Support for filtering potentially dangerous or undesirable NBD URI features.

   Documentation
       Many improvements to the generated manual pages, including:

       •   Separate "RETURN VALUE" and "ERRORS" sections for each API function.

       •   Example code.

       •   Relevant links can be added to the "SEE ALSO" section.

       •   Link to NBD URI specification where relevant, and improve documentation around what
           URIs libnbd supports.

       •   Document libnbd version number scheme.

       •   Document limits on export name length, encoding etc.

       New libnbd-security(3) man page listing past security issues and remediations (Eric
       Blake).

   Tools
       nbdsh(1) has a new --base-allocation option which can be used to request "base:allocation"
       metadata context.

       New nbdsh(1) --uri (-u) option to connect to URIs.

   Tests
       You can now fuzz libnbd using either American Fuzzy Lop or clang’s libFuzzer.

       Add unit tests for nbdsh(1) (Eric Blake).

       Improved interop testing with various NBD servers and features.

   Other improvements and bug fixes
       nbd_connect_tcp(3) now tries to return the correct errno(3) from the underlying connect(2)
       call when that fails.

       The nbd-protocol.h header file is now shared between libnbd and nbdkit.

       Better fork-safety in "nbd_connect_*" APIs.

       The code was analyzed with Coverity and various problems identified and fixed.

SEE ALSO

       libnbd(3).

AUTHORS

       Eric Blake

       Richard W.M. Jones

       Copyright (C) 2019 Red Hat Inc.

LICENSE

       This library is free software; you can redistribute it and/or modify it under the terms of
       the GNU Lesser General Public License as published by the Free Software Foundation; either
       version 2 of the License, or (at your option) any later version.

       This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
       without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
       See the GNU Lesser General Public License for more details.

       You should have received a copy of the GNU Lesser General Public License along with this
       library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
       Floor, Boston, MA 02110-1301 USA