I'm pleased to announce the new stable releases of nbdkit 1.40. nbdkit is a Network Block Device (NBD) server with a stable plugin ABI and a permissive license. nbdkit 1.40.0 can be downloaded from here: https://download.libguestfs.org/nbdkit/1.40-stable/ git repository: https://gitlab.com/nbdkit/nbdkit The release notes are attached below or can be read online at: https://libguestfs.org/nbdkit-release-notes-1.40.1.html Rich. These are the release notes for nbdkit stable release 1.40. This describes the major changes since 1.38. nbdkit 1.40.0 was released on 22 July 2024. Security The server is now more careful about quoting user-provided filenames before printing them in error messages (thanks Mykola Ivanets). Short plugin and filter names ("file" is the short name of nbdkit-file-plugin(1)) are now more restrictive. This change should not be visible to users, but tightens up corner cases with possible security implications. See: https://gitlab.com/nbdkit/nbdkit/-/commit/f4d5e7d39e3d37a498821a87234127d... Previous documentation in nbdkit-tls(1) incorrectly asserted that when using X.509 certificates, nbdkit checks the client's CN. This is not true. nbdkit only checks that the client presents a certificate issued by the Certificate Authority specified by the --tls-certificates directory. The documentation has been corrected. (Thanks Jon Szymaniak, Daniel P. Berrangé). nbdkit-ip-filter(1) incorrectly parsed "security:" rules, which might subtly change the semantics of access lists. This has been fixed in this release. nbdkit-ip-filter(1) previously allowed unknown [not IPv4/v6, Unix or vsock] socket families implicitly, so having a "deny=all" rule would not necessarily deny every connection. This has been changed in this release so all unknown socket families are denied. All past security issues and information about how to report new ones can be found in nbdkit-security(1). Plugins nbdkit-file-plugin(1) now exposes minimum and preferred I/O size and the rotational property of block devices. nbdkit-curl-plugin(1) prints the version of libcurl and other useful information in --dump-plugin output. nbdkit-vddk-plugin(1) has been tested with VMware VDDK 8.0.3. Filters New nbdkit-bzip2-filter(1) supporting bzip2-compressed images (Georg Pfuetzenreuter). New nbdkit-rotational-filter(1) which can be used to change the rotational property of a plugin (whether it advertises that it behaves like a spinning hard disk, or RAM / flash storage). New nbdkit-spinning-filter(1) can be used to add seek delays to simulate a spinning hard disk. nbdkit-ip-filter(1) has new rule types for checking the client's X.509 Distinguished Name (DN) and Issuer's DN. Language bindings Ruby language support has been removed. This did not work because of a fundamental problem in Ruby's garbage collection. See: https://gitlab.com/nbdkit/nbdkit/-/commit/7364cbaae809b5ffb6b4dd847cbdd0b... Server New --print-uri option which prints the URI of the server to help users find the NBD endpoint. Add a common function to find the size of a file or block device which should work properly across Linux and all the BSDs, and use this in several places where we need to know the size of a file or block device (thanks Eric Blake). When generating an NBD URI with TLS enabled, append "?tls-certificates=DIR" or "?tls-psk-key=FILE" parameter. For libnbd- based NBD clients this allows the client to find the corresponding TLS credentials. API New nbdkit_parse_delay(3) function which can be used to parse short delays and sleeps, like "100ms" or "1.2μs". It is used by nbdkit-delay-filter(1), nbdkit-retry-filter(1), nbdkit-retry-request-filter(1) and nbdkit-spinning-filter(1). There are also bindings in OCaml and Python. New nbdkit_peer_tls_dn(3) and nbdkit_peer_tls_issuer_dn(3) to read the client's X.509 certificate Distinguished Name (DN) and Issuer's DN. Documentation Each nbdkit API function now has a separate manual page, eg. nbdkit_parse_size(3) and nbdkit_debug(3). Fix references to external nbd-server(1) and nbd-client(8) man pages (Vera Wu). Revise the main README.md file in the sources. Tests CI updates and fixes (Daniel Berrangé, Eric Blake). Build The minimum version of gnutls is now ≥ 3.5.18. Internals Make error checking of ioctl(2) calls consistent by always checking if the return value "== -1". SEE ALSO nbdkit(1). AUTHORS Authors of nbdkit 1.40: Daniel P. Berrangé Eric Blake Georg Pfuetzenreuter Richard W.M. Jones -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v