I'm pleased to announce new stable releases of nbdkit 1.42 and libnbd 1.22 nbdkit is a Network Block Device (NBD) server with a stable plugin ABI and a permissive license. libnbd is an NBD client library in userspace.
Notable features include: - New nbdkit-time-limit-filter, nbdkit-lzip-filter - New nbdkit --timeout and --keepalive options - New nbd+ssh:// URI format for libnbd, tunneling NBD over SSH - Send the full plugin error from nbdkit to libnbd - Support for GCC 15, Tcl 9.0, OCaml 5.3, Rust 1.84 nbdkit 1.42.0 can be downloaded here: https://download.libguestfs.org/nbdkit/1.42-stable/ git here: https://gitlab.com/nbdkit/nbdkit libnbd 1.22.0 can be downloaded here: https://download.libguestfs.org/libnbd/1.22-stable/ git here: https://gitlab.com/nbdkit/libnbd Release notes for nbdkit 1.42 online: https://libguestfs.org/nbdkit-release-notes-1.42.1.html Release notes for libnbd 1.22 online: https://libguestfs.org/libnbd-release-notes-1.22.1.html ----- nbdkit-release-notes-1.42(1) NBDKIT nbdkit-release-notes-1.42(1) NAME nbdkit-release-notes-1.42 - release notes for nbdkit 1.42 DESCRIPTION These are the release notes for nbdkit stable release 1.42. This describes the major changes since 1.40. nbdkit 1.42.0 was released on 11 February 2025. Security nbdkit-ip-filter(1) has been fixed to close an information leak. In an unusual configuration of the filter, it could leak the list of exports to clients that are supposed to be blocked. All past security issues and information about how to report new ones can be found in nbdkit-security(1). Plugins nbdkit-ondemand-plugin(1) now allows more characters to appear in filenames. Colons are now allowed, so filenames containing MAC addresses can be used, which is useful when using NBD in pre-boot environments. Also add the "share=true" option to allow sharing. (Thanks Markus Hartung) nbdkit-vddk-plugin(1) now prints the default list of transports in --dump-plugin output. Also this plugin now handles partial chunks correctly when reading extents for disks with a non-aligned size (thanks Ming Xie). Filters New nbdkit-time-limit-filter(1) can be used to specify the maximum time limit for a connection. (See also the new --timeout option below). New nbdkit-lzip-filter(1) implements random access to lzip-compressed files (Jan Felix Langenbach). Language bindings Multiple updates to nbdkit-rust-plugin(3) to keep up to date with latest changes in the Rust language (Alan Somers). Fix crash that happened in nbdkit-ocaml-plugin(3) plugins with OCaml ≥ 5 (thanks Guillaume Munch-Maccagnoni, Gabriel Scherer). Also update the ocamldoc documentation. Fix more OCaml 5 deprecation warnings. Add support for Tcl 9.0 to nbdkit-tcl-plugin(3). Server nbdkit will now try to send the last plugin error message over the NBD protocol to the client, to provide additional information. This requires an NBD client which supports this, such as qemu ≥ 2.12 or libnbd ≥ 1.22. New nbdkit --timeout flag can be used as a security measure to ensure that clients don't consume resources by opening lots of connections and then not negotiating (or negotiating slowly) the full NBD session. New nbdkit --keepalive option which enables TCP-level keepalives. This is useful for detecting dead clients. nbdkit --dump-config output now includes "timeout_option=yes|no" and "vsock_option=yes|no" reflecting whether the --timeout and --vsock options are available. Bug fixes Detect and warn about certain conditions which can cause the closed-source VDDK library to crash the server (Matthew Arnold, Nijin Ashok, Eric Blake). Tests Plugins from nbdkit 1.38 have been added to the tests/old-plugins directory. Build nbdkit should be buildable again on macOS. Add support for GCC 15. SEE ALSO nbdkit(1). AUTHORS Authors of nbdkit 1.42: Alan Somers Eric Blake Jan Felix Langenbach Richard W.M. Jones ---------- libnbd-release-notes-1.22(1) LIBNBD libnbd-release-notes-1.22(1) NAME libnbd-release-notes-1.22 - release notes for libnbd 1.22 DESCRIPTION These are the release notes for libnbd stable release 1.22. This describes the major changes since 1.20. libnbd 1.22.0 was released on 11 February 2025. Security Multiple flaws in TLS server certificate checking were found and fixed (CVE-2024-7383). See https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2/ (thanks Jon Szymaniak, Daniel P. Berrangé). If you find a security issue, please read SECURITY in the source (online here: https://gitlab.com/nbdkit/libnbd/blob/master/SECURITY). To find out about previous security issues in libnbd, see libnbd-security(3). New APIs nbd_set_tls_hostname(3) and nbd_get_tls_hostname(3) can be used to set and get the hostname used for TLS server certificate checking. This hostname, if set, is used in preference to the hostname of the server. This can be used when NBD connections are proxied, or transported over a Unix domain socket. nbd_is_uri(3) applies a heuristic to detect if something is likely to be an NBD URI or not. nbd_get_subprocess_pid(3) returns the process ID (PID) of the subprocess created by functions such as nbd_connect_command(3). Enhancements to existing APIs As an extension to nbd_connect_uri(3), you can now connect to "nbd+ssh://" or "nbds+ssh://" URIs, creating an NBD tunnel over an SSH connection. This is very convenient when you have SSH access to a remote host, but a firewall prevents direct access to NBD ports. Protocol We now print the full error message string if one is sent by the server. nbdkit ≥ 1.42 will send full error messages from plugins over the NBD connection to compatible NBD clients like libnbd 1.22 or qemu. Tools Fix nbdfuse(1) so that TLS URIs using "?tls-certificates" or "?tls-psk-file" now work properly (Jon Szymaniak). nbddump(1) has a new --offset option (Eric Blake). Language bindings Various fixes to the Rust bindings (thanks Hanna Czenczek). The documentation included in the Rust bindings has been improved greatly. Other improvements and bug fixes Common code is now used to get the size of block devices, and this has been fixed to work properly on BSD. This affected at least nbdcopy when used to copy to and from block devices on BSD. Documentation Fix links to nbd-server(1) and other pages in HTML-generated documentation (Vera Wu). In nbd_connect_uri(3) we documented small differences in the way that we parse NBD URIs versus qemu. nbd_connect_uri(3) adds additional documentation on the reserved VSock port numbers. Build gnutls ≥ 3.5.18 is now required. This matches the version needed by qemu. If using RHEL, this means that RHEL ≥ 8 is now required. libnbd should now compile on macOS. examples/connect-benchmark is a new example that can be used to benchmark connections. Add support for GCC 15. SEE ALSO libnbd(3). AUTHORS Daniel P. Berrangé Eric Blake Richard W.M. Jones Jon Szymaniak _______________________________________________ Libguestfs mailing list -- guestfs@lists.libguestfs.org To unsubscribe send an email to guestfs-le...@lists.libguestfs.org
