Provided by: nbdkit_1.40.4-5ubuntu1_amd64 
NAME
nbdkit-release-notes-1.40 - release notes for nbdkit 1.40
DESCRIPTION
These are the release notes for nbdkit stable release 1.40. This describes the major
changes since 1.38.
nbdkit 1.40.0 was released on 22 July 2024.
Security
The server is now more careful about quoting user-provided filenames before printing them
in error messages (thanks Mykola Ivanets).
Short plugin and filter names ("file" is the short name of nbdkit-file-plugin(1)) are now
more restrictive. This change should not be visible to users, but tightens up corner
cases with possible security implications. See:
https://gitlab.com/nbdkit/nbdkit/-/commit/f4d5e7d39e3d37a498821a87234127d561caa0f5
Previous documentation in nbdkit-tls(1) incorrectly asserted that when using X.509
certificates, nbdkit checks the client's CN. This is not true. nbdkit only checks that
the client presents a certificate issued by the Certificate Authority specified by the
--tls-certificates directory. The documentation has been corrected. (Thanks Jon
Szymaniak, Daniel P. Berrangé).
nbdkit-ip-filter(1) incorrectly parsed "security:" rules, which might subtly change the
semantics of access lists. This has been fixed in this release.
nbdkit-ip-filter(1) previously allowed unknown [not IPv4/v6, Unix or vsock] socket
families implicitly, so having a "deny=all" rule would not necessarily deny every
connection. This has been changed in this release so all unknown socket families are
denied.
All past security issues and information about how to report new ones can be found in
nbdkit-security(1).
Plugins
nbdkit-file-plugin(1) now exposes minimum and preferred I/O size and the rotational
property of block devices.
nbdkit-curl-plugin(1) prints the version of libcurl and other useful information in
--dump-plugin output.
nbdkit-vddk-plugin(1) has been tested with VMware VDDK 8.0.3.
Filters
New nbdkit-bzip2-filter(1) supporting bzip2-compressed images (Georg Pfuetzenreuter).
New nbdkit-rotational-filter(1) which can be used to change the rotational property of a
plugin (whether it advertises that it behaves like a spinning hard disk, or RAM / flash
storage).
New nbdkit-spinning-filter(1) can be used to add seek delays to simulate a spinning hard
disk.
nbdkit-ip-filter(1) has new rule types for checking the client's X.509 Distinguished Name
(DN) and Issuer's DN.
Language bindings
Ruby language support has been removed. This did not work because of a fundamental
problem in Ruby's garbage collection. See:
https://gitlab.com/nbdkit/nbdkit/-/commit/7364cbaae809b5ffb6b4dd847cbdd0b368a20024
Server
New --print-uri option which prints the URI of the server to help users find the NBD
endpoint.
Add a common function to find the size of a file or block device which should work
properly across Linux and all the BSDs, and use this in several places where we need to
know the size of a file or block device (thanks Eric Blake).
When generating an NBD URI with TLS enabled, append "?tls-certificates=DIR" or
"?tls-psk-key=FILE" parameter. For libnbd-based NBD clients this allows the client to
find the corresponding TLS credentials.
API
New nbdkit_parse_delay(3) function which can be used to parse short delays and sleeps,
like "100ms" or "1.2μs". It is used by nbdkit-delay-filter(1), nbdkit-retry-filter(1),
nbdkit-retry-request-filter(1) and nbdkit-spinning-filter(1). There are also bindings in
OCaml and Python.
New nbdkit_peer_tls_dn(3) and nbdkit_peer_tls_issuer_dn(3) to read the client's X.509
certificate Distinguished Name (DN) and Issuer's DN.
Documentation
Each nbdkit API function now has a separate manual page, eg. nbdkit_parse_size(3) and
nbdkit_debug(3).
Fix references to external nbd-server(1) and nbd-client(8) man pages (Vera Wu).
Revise the main README.md file in the sources.
Tests
CI updates and fixes (Daniel Berrangé, Eric Blake).
Build
The minimum version of gnutls is now ≥ 3.5.18.
Internals
Make error checking of ioctl(2) calls consistent by always checking if the return value
"== -1".
SEE ALSO
nbdkit(1).
AUTHORS
Authors of nbdkit 1.40:
Daniel P. Berrangé
Eric Blake
Georg Pfuetzenreuter
Richard W.M. Jones
COPYRIGHT
Copyright Red Hat
LICENSE
Redistribution and use in source and binary forms, with or without modification, are
permitted provided that the following conditions are met:
• Redistributions of source code must retain the above copyright notice, this list of
conditions and the following disclaimer.
• Redistributions in binary form must reproduce the above copyright notice, this list of
conditions and the following disclaimer in the documentation and/or other materials
provided with the distribution.
• Neither the name of Red Hat nor the names of its contributors may be used to endorse
or promote products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.