1libnbd-release-notes-1.18(1)        LIBNBD        libnbd-release-notes-1.18(1)
2
3
4

NAME

6       libnbd-release-notes-1.18 - release notes for libnbd 1.18
7

DESCRIPTION

9       These are the release notes for libnbd stable release 1.18.  This
10       describes the major changes since 1.16.
11
12       libnbd 1.18.0 was released on 27 September 2023.
13
14   Security
15       Eric Blake found a case where a server could cause libnbd to crash,
16       although not in the normal libnbd configuration.  For more information
17       see the announcement here:
18       https://listman.redhat.com/archives/libguestfs/2023-July/032035.html
19
20       Eric Blake found an issue with nbd_get_size(3) where a server that
21       returns a size > (uint64_t)INT64_MAX and < (uint64_t)-1 would cause
22       nbd_get_size to return a negative number (which is not -1 and so
23       callers may or may not treat it as an error).  While no client code in
24       libnbd itself is affected by this, it could affect external clients.
25       libnbd ≥ 1.16.5 now returns an error (-1) and sets nbd_get_errno to
26       "EOVERFLOW" in this case.  This was assigned CVE-2023-5215 (low
27       severity).  See the announcement here:
28       https://listman.redhat.com/archives/libguestfs/2023-September/032711.html
29
30       During routine fuzzing we found several security problems which had
31       been introduced during this development cycle and have subsequently
32       been fixed.  Stable (even numbered) releases of libnbd should not be
33       vulnerable; do not use the development (odd numbered) releases in
34       production.
35
36       If you find a security issue, please read SECURITY in the source
37       (online here: https://gitlab.com/nbdkit/libnbd/blob/master/SECURITY).
38       To find out about previous security issues in libnbd, see
39       libnbd-security(3).
40
41   New APIs
42       nbd_block_status_64(3)
43       nbd_aio_block_status_64(3)
44           Make a 64 bit block status request, see "Protocol" below (Eric
45           Blake).
46
47       nbd_block_status_filter(3)
48       nbd_aio_block_status_filter(3)
49           Send filtered block status command, see "Protocol" below (Eric
50           Blake).
51
52       nbd_can_block_status_payload(3)
53           Find out if the server supports filtered block status command (Eric
54           Blake).
55
56       nbd_set_request_extended_headers(3)
57       nbd_get_request_extended_headers(3)
58       nbd_get_extended_headers_negotiated(3)
59       nbd_opt_extended_headers(3)
60       nbd_aio_opt_extended_headers(3)
61           Set/get whether we request extended headers from the server, and
62           find out if we negotiated extended headers, see "Protocol" below
63           (Eric Blake).
64
65   Enhancements to existing APIs
66       "qemu:" meta-context constants (eg. "qemu:dirty-bitmap" as
67       "LIBNBD_CONTEXT_QEMU_DIRTY_BITMAP") are now available through the C,
68       Golang, OCaml and Python language bindings (Eric Blake).
69
70       nbd_shutdown(3) now works correctly when in opt mode (Eric Blake).
71
72       nbd_set_string(3) adds "LIBNBD_STRICT_AUTO_FLAG" which allows the
73       client to test how servers behave when the payload length flag is
74       adjusted (Eric Blake).
75
76   Protocol
77       libnbd now supports NBD 64 bit "extended headers" and extent sizes.  In
78       practice this allows certain requests such as zeroing very large
79       sections of the disk to be implemented much more efficiently, with
80       servers that support this (Eric Blake).
81
82       libnbd now supports filtered block status requests (Eric Blake).
83
84   Tools
85       nbdcopy(1), nbdinfo(1) and nbddump(1) have been expanded to use and
86       report NBD 64 bit / extended header support when the server supports it
87       (Eric Blake).
88
89       nbdinfo --has can be used as an alias for --can, eg.
90       "nbdinfo --has structured-reply URI" (Eric Blake).
91
92       nbdinfo makes the export size output optional, for servers which send
93       an oversized one (Eric Blake).
94
95       nbdcopy now supports "human sizes" for some parameters, eg.
96       "nbdcopy --request-size=1M ...".
97
98   Language bindings
99       New Rust bindings.  There is a basic API for ordinary use, and an
100       asynch API implemented using Tokio.  Rust ≥ 1.69 is required.  (Tage
101       Johansson, supported by sponsorship from Google Summer of Code 2023,
102       additional review and fixes by Eric Blake).
103
104       OCaml 5 is now supported.
105
106       Golang 1.21 is now supported.  The minimum version is now 1.17 (Eric
107       Blake).
108
109       Use "gofmt" to format Golang bindings (Eric Blake).
110
111       Use "unsafe.Slice" when converting C arrays to Golang slices (Eric
112       Blake).
113
114       All language bindings support NBD 64 bit / extended headers, and
115       examples of how to use this feature are available (Eric Blake).
116
117   Tests
118       Fix a couple of race conditions in tests where we did not fully consume
119       stdin in nbdkit-sh-plugin(3) pwrite method (Eric Blake).
120
121       Fuzzing now disables client-side strictness checks, enabling a wider
122       range of inputs to be fuzzed (Eric Blake).
123
124   Other improvements and bug fixes
125       Consistently wrap source code at 80 columns (Laszlo Ersek).
126
127       Debug messages no longer print the very verbose state transitions
128       inside the state machine as these are not usually useful.  You can
129       reenable this by defining "-DLIBNBD_STATE_VERBOSE=1" at compile time.
130
131       Completion ".callback" methods are now always called exactly once, and
132       documentation is clearer on when this happens (Eric Blake).
133
134   Documentation
135       "podwrapper" has a new --replace parameter which makes it easier to use
136       "AC_SUBST"-substitutions in documentation.
137
138   Build
139       Automake's "subdir-objects" option is now used (Eric Blake).
140
141       Multiple, ongoing fixes to the CI tests (Eric Blake).
142

SEE ALSO

144       libnbd(3).
145

AUTHORS

147       Eric Blake
148       Laszlo Ersek
149       Richard W.M. Jones
150       Tage Johansson
151

COPYRIGHT

153       Copyright Red Hat
154

LICENSE

156       This library is free software; you can redistribute it and/or modify it
157       under the terms of the GNU Lesser General Public License as published
158       by the Free Software Foundation; either version 2 of the License, or
159       (at your option) any later version.
160
161       This library is distributed in the hope that it will be useful, but
162       WITHOUT ANY WARRANTY; without even the implied warranty of
163       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
164       Lesser General Public License for more details.
165
166       You should have received a copy of the GNU Lesser General Public
167       License along with this library; if not, write to the Free Software
168       Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
169       02110-1301 USA
170
171
172
173libnbd-1.18.1                     2023-10-31      libnbd-release-notes-1.18(1)