[Libguestfs] ANNOUNCE: nbdkit 1.44.0

I'm pleased to announce the new stable release of nbdkit 1.44. nbdkit is a Network Block Device (NBD) server with a stable plugin ABI and a permissive license. nbdkit 1.44.0 can be downloaded here: https://download.libguestfs.org/nbdkit/1.44-stable/ git here: https://gitlab.com/nbdkit/nbdkit Release notes for nbdkit 1.44 online: https://libguestfs.org/nbdkit-release-notes-1.44.1.html There's no Fedora package as currently the Fedora data center is moving location. It's coming as soon as we can build one! ---- nbdkit 1.44.0 was released on 1 July 2025. Security Fix off-by-one for maximum block_status length (CVE-2025-47711), and a 32-bit overflow in extents handling (CVE-2025-47712) (reported by Nikolay Ivanets and Eric Blake, and fixed by Eric Blake). Thread-local storage is now used when printing certain protocol messages in verbose mode, which avoids possible output corruption. Since these messages were generated based on untrusted client input, the existing code was examined to see if this could have been exploitable, but it is not thought so. Nevertheless the fix was backported to stable version 1.42.2 and updating is recommended. See nbdkit-security(1) for past security issues. Plugins New nbdkit-nfs-plugin(1) which allows access to disk images stored on NFS servers (thanks Ronnie Sahlberg). nbdkit-file-plugin(1) is now much more careful about checking for errors from certain Linux system calls that we previously thought were just advisory (thanks Eric Sandeen, Dave Chinner). nbdkit-file-plugin(1) can now trim LVM thin block devices (thanks Germano Veit Michel, Eric Blake). nbdkit-curl-plugin(1) adds new "proxy-cafile" and "proxy-capath" parameters (Adi Aloni). nbdkit-vddk-plugin(1) adds a new "export" parameter which allows the client to choose which file to serve via the NBD protocol export name. This plugin has also been optimized so that querying extent information no longer slows down reads. Debugging information has also be improved, and we can now track the time taken to run asynchronous commands. nbdkit-info-plugin(1) adds a new "mode=version" method. nbdkit-torrent-plugin(1) now supports prefetching. This plugin now also generates additional information in --dump-plugin output. nbdkit-data-plugin(1) allows @offset to use scaling suffixes, eg. @4M to move the offset to 4194304 (Eric Blake). Filters New nbdkit-openonce-filter(1) which can be used to open the underlying plugin once, sharing the plugin across connections. nbdkit-cacheextents-filter(1) has been deprecated, and is expected to be removed in nbdkit 1.46. nbdkit-cow-filter(1) now understands that the NBD protocol export name causes multiple disk images to be exported, and correctly creates an overlay per export. (See also "Documentation" below.) nbdkit-ext2-filter(1) now permits concurrent client connections (Eric Blake). nbdkit-fua-filter(1) adds a new "flush-on-close=true" flag which can be used to force a flush to persistent storage when the connection closes even if the client does not request one. nbdkit-blocksize-policy-filter(1) will now round unaligned extents from plugins. Also adjust "blocksize-error-policy=error" to allow access to the unaligned tail of the disk image, but at the same time add new "blocksize-error-policy=strict-error" mode which can be used to block that. (Eric Blake). Language bindings Plugins written in Golang now issue a warning if fork(2) is called, since that will likely cause the plugin to break. For the Rust plugin and Rust examples, clippy warnings are now only enabled if the "./configure --enable-gcc-warnings" build option is used. Server New --log=/path option allowing error logging to be sent to a file. Also new --log=default option which just directs logging to the default output (the same as if --log is not used at all). API The filter API (which is not part of our API promise) changes the ".thread_model" call, allowing the current thread model to be changed conditionally based on what the plugin sets it to. Documentation Filters which are "export-safe" — that is, they correctly handle the case where plugins serve different content depending on the NBD protocol export name — are now documented in "EXPORT-SAFE FILTERS" in nbdkit-protocol(1). A common macro is used for all references in the documentation to magic parameters. Tests The particularly long-running "test-spinning-mkfs.sh" test has been modified to finish more quickly. Previously running the whole test suite would leave many /tmp/nbdkitXXXXXX temporary directories behind. These have been reduced although not quite eliminated. New "define" function in tests/functions.sh which provides a simpler way to add inline plugins and scripts to tests, reducing concerns around quoting. Several tests were modified to use the --run method to start the test client. This improves performance and reduces fragility of the tests. Tests now use "set -u" (error if an undefined variable is used) to reduce a common cause of errors. Build The "./configure" output has been beautified, which also helps to highlight problems when glancing at the output. Fix build issues with GCC 15. Allow User Statically Defined Tracing (USDT) probes to be added into the server. Few actual probes are added so far, but the build system has been modified to allow it. nbdkit-vddk-plugin(1) drops support for VDDK 6.5, so the minimum required version is now VDDK ≥ 6.7. Support for VDDK 9.0.0.0 has been added. Builds on clang were complaining about unused -pthread option. This warning has been fixed (Eric Blake). Internals In Python code, remove unnecessary "global" statements (thanks Nir Soffer). nbdkit-file-plugin(1) now produces more detailed information in error messages, particularly about the file being accessed and the offset and size of the request that failed. In debug mode, when the server starts up it prints a debug message summarising the flow of request processing through filters and the plugin, making this easier to understand. AUTHORS Authors of nbdkit 1.44: Adi Aloni Daniel P. Berrangé Eric Blake Richard W.M. Jones -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html