1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
=head1 NAME
nbdkit-release-notes-1.40 - release notes for nbdkit 1.40
=head1 DESCRIPTION
These are the release notes for nbdkit stable release 1.40.
This describes the major changes since 1.38.
nbdkit 1.40.0 was released on B<22 July 2024>.
=head2 Security
The server is now more careful about quoting user-provided filenames
before printing them in error messages (thanks Mykola Ivanets).
Short plugin and filter names (C<"file"> is the short name of
L<nbdkit-file-plugin(1)>) are now more restrictive. This change
should not be visible to users, but tightens up corner cases with
possible security implications. See:
L<https://gitlab.com/nbdkit/nbdkit/-/commit/f4d5e7d39e3d37a498821a87234127d561caa0f5>
Previous documentation in L<nbdkit-tls(1)> incorrectly asserted that
when using X.509 certificates, nbdkit checks the client's CN. This is
not true. nbdkit only checks that the client presents a certificate
issued by the Certificate Authority specified by the
I<--tls-certificates> directory. The documentation has been
corrected. (Thanks Jon Szymaniak, Daniel P. Berrangé).
L<nbdkit-ip-filter(1)> incorrectly parsed C<security:> rules, which
might subtly change the semantics of access lists. This has been
fixed in this release.
L<nbdkit-ip-filter(1)> previously allowed unknown [not IPv4/v6, Unix
or vsock] socket families implicitly, so having a C<deny=all> rule
would not necessarily deny every connection. This has been changed in
this release so all unknown socket families are denied.
All past security issues and information about how to report new ones
can be found in L<nbdkit-security(1)>.
=head2 Plugins
L<nbdkit-file-plugin(1)> now exposes minimum and preferred I/O size
and the rotational property of block devices.
L<nbdkit-curl-plugin(1)> prints the version of libcurl and other
useful information in I<--dump-plugin> output.
L<nbdkit-vddk-plugin(1)> has been tested with VMware VDDK 8.0.3.
=head2 Filters
New L<nbdkit-bzip2-filter(1)> supporting bzip2-compressed images
(Georg Pfuetzenreuter).
New L<nbdkit-rotational-filter(1)> which can be used to change the
rotational property of a plugin (whether it advertises that it behaves
like a spinning hard disk, or RAM / flash storage).
New L<nbdkit-spinning-filter(1)> can be used to add seek delays to
simulate a spinning hard disk.
L<nbdkit-ip-filter(1)> has new rule types for checking the client's
X.509 Distinguished Name (DN) and Issuer's DN.
=head2 Language bindings
Ruby language support has been removed. This did not work because of
a fundamental problem in Ruby's garbage collection. See:
L<https://gitlab.com/nbdkit/nbdkit/-/commit/7364cbaae809b5ffb6b4dd847cbdd0b368a20024>
=head2 Server
New I<--print-uri> option which prints the URI of the server to help
users find the NBD endpoint.
Add a common function to find the size of a file or block device which
should work properly across Linux and all the BSDs, and use this in
several places where we need to know the size of a file or block
device (thanks Eric Blake).
When generating an NBD URI with TLS enabled, append
C<?tls-certificates=DIR> or C<?tls-psk-key=FILE> parameter. For
libnbd-based NBD clients this allows the client to find the
corresponding TLS credentials.
=head2 API
New L<nbdkit_parse_delay(3)> function which can be used to parse short
delays and sleeps, like C<100ms> or C<1.2μs>. It is used by
L<nbdkit-delay-filter(1)>, L<nbdkit-retry-filter(1)>,
L<nbdkit-retry-request-filter(1)> and L<nbdkit-spinning-filter(1)>.
There are also bindings in OCaml and Python.
New L<nbdkit_peer_tls_dn(3)> and L<nbdkit_peer_tls_issuer_dn(3)> to
read the client's X.509 certificate Distinguished Name (DN) and
Issuer's DN.
=begin comment
=head2 Bug fixes
=end comment
=head2 Documentation
Each nbdkit API function now has a separate manual page, eg.
L<nbdkit_parse_size(3)> and L<nbdkit_debug(3)>.
Fix references to external L<nbd-server(1)> and L<nbd-client(8)> man
pages (Vera Wu).
Revise the main F<README.md> file in the sources.
=head2 Tests
CI updates and fixes (Daniel Berrangé, Eric Blake).
=head2 Build
The minimum version of gnutls is now E<ge> 3.5.18.
=head2 Internals
Make error checking of L<ioctl(2)> calls consistent by always checking
if the return value C<== -1>.
=head1 SEE ALSO
L<nbdkit(1)>.
=head1 AUTHORS
Authors of nbdkit 1.40:
=begin comment
git shortlog -s v1.38.0..
=end comment
=over 4
=item Daniel P. Berrangé
=item Eric Blake
=item Georg Pfuetzenreuter
=item Richard W.M. Jones
=back
=head1 COPYRIGHT
Copyright Red Hat
|
