Security¶

No security issues were found in this release.

If you find a security issue, please read SECURITY in the source (online here: https://gitlab.com/nbdkit/libnbd/blob/master/SECURITY). To find out about previous security issues in libnbd, see libnbd-security(3).

New APIs¶

No new APIs were added in this release.

Enhancements to existing APIs¶

Optimizations to nbd_pread_structured(3) (Eric Blake).

Many performance enhancements in the Python bindings: "nbd.pread" now avoids an extra memory allocation and copy. Buffers can now be passed to "nbd.Buffer.from_bytearray". New methods "nbd.Buffer.{to,from}_buffer" allow control over copying and sharing "nbd.Buffer". Any buffer-like object can be used in "nbd.aio_{pread,pwrite}". "len(nbd.Buffer(n))" now works. Improve error messages when the wrong types are passed to several APIs. Fix usage of "PyGILState". (Eric Blake)

Golang "AioBuffer" now calls panic on invalid usage (Nir Soffer).

In golang tests, use "GOTRACEBACK=crash" so we get full core dumps on failures.

kTLS should now work (transparently) when available in the kernel and GnuTLS. Use of kTLS will be indicated in debug output. (Daiki Ueno, František Krenželok)

Tools¶

New nbddump(1) tool which can efficiently hexdump the contents of an NBD server.

nbdcopy(1) now obeys the NBD server minimum/preferred block size when copying, which should make it more efficient and avoids issues with some qemu-nbd configurations where the minimum block size must be obeyed for correct operation.

Tests¶

New tests for "nbd+vsock://" URI support.

Other improvements and bug fixes¶

Fixed rare TLS deadlock when reading from slow servers, and support for clean shutdown when connecting to qemu-nbd over TLS (thanks Michael Ablassmeier).

The library now uses the GnuTLS flag "GNUTLS_NO_SIGNAL" (if available) which ensures that TLS connections should not cause the main program to exit with "SIGPIPE" in certain cases of server failure. (Libnbd has long used "MSG_NOSIGNAL" on non-TLS connections which has a similar effect.)

Various enhancements to fuzzing were made, including support for AFL++ clang-LTO mode, ASAN, allowing seed test cases to be captured, and extended testing of APIs.

Tests were fixed so they should pass on RHEL 7 and FreeBSD.

Documentation¶

No changes in this release.

Build¶

"ARRAY_SIZE" macro added to simplify static array sizing (thanks Laszlo Ersek).

Various errors found by Coverity were fixed.