.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Podwrapper::Man 1.24.0 (Pod::Simple 3.45)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Required to disable full justification in groff 1.23.0.
.if n .ds AD l
.\" ========================================================================
.\"
.IX Title "libnbd-release-notes-1.24 1"
.TH libnbd-release-notes-1.24 1 2025-12-16 libnbd-1.24.0 LIBNBD
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
libnbd\-release\-notes\-1.24 \- release notes for libnbd 1.24
.SH DESCRIPTION
.IX Header "DESCRIPTION"
These are the release notes for libnbd stable release 1.24.
This describes the major changes since 1.22.
.PP
libnbd 1.24.0 was released on \fB16 December 2025\fR.
.SS Security
.IX Subsection "Security"
In \fBnbd_connect_uri\fR\|(3), and in several libnbd tools (for example,
\&\fBnbdinfo\fR\|(1)), when using nbd+ssh:// URIs, the hostname field was not
adequately sanitized.  A consequence is that an attacker who can
control this field in the URI could run commands from libnbd.  This
issue affected libnbd ≥ 1.22.  For more information see:
https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/YZMBF3SJRWTRVT5L3KWSNHITFTRMQNTT/
.PP
If you find a security issue, please read \fISECURITY\fR in the source
(online here:
https://gitlab.com/nbdkit/libnbd/blob/master/SECURITY).  To
find out about previous security issues in libnbd, see
\&\fBlibnbd\-security\fR\|(3).
.SS "New APIs"
.IX Subsection "New APIs"
New \fBnbd_get_version_extra\fR\|(3) returns the string passed to
\&\f(CW\*(C`./configure \-\-with\-extra="..."\*(C'\fR.  This is intended to be used by
downstream packagers.
.PP
New \fBnbd_get_handle_size\fR\|(3) which returns an estimate of the size of
the handle in bytes.  This is intended for use by garbage collected
languages as a hint for when to free the handle.
.PP
New \fBnbd_get_tls_priority\fR\|(3) and \fBnbd_set_tls_priority\fR\|(3) which
allow you to temporarily override the system TLS priority string.
.PP
New \fBnbd_set_uri_allow_tls_priority\fR\|(3) API which lets you enable the
new \f(CW\*(C`?tls\-priority=PRIORITY\*(C'\fR feature in NBD URIs (this is disabled by
default).
.SS "Enhancements to existing APIs"
.IX Subsection "Enhancements to existing APIs"
In \fBnbd_connect_uri\fR\|(3) nbd+ssh:// URIs, extra \f(CW\*(C`nbd\-port\*(C'\fR and
\&\f(CW\*(C`tls\-username\*(C'\fR query parameters allow you to separately control the
NBD TLS and SSH user/port.  The new \f(CW\*(C`compress=true\*(C'\fR query parameter
lets you enable SSH compression.
.PP
Also in nbd_connect_uri, the new \f(CW\*(C`tls\-priority=PRIORITY\*(C'\fR parameter
lets you override the TLS priority string (but this is not enabled by
default, see previous section).
.SS Protocol
.IX Subsection "Protocol"
Post\-Quantum Cryptography (PQC) ciphers and certificates for TLS
connections are now fully supported.  As part of this change multiple
client certificates can now be loaded by the library.  (Thanks Dan
Berrange).
.SS Tools
.IX Subsection "Tools"
New \fBnbddiscard\fR\|(1) and \fBnbdzero\fR\|(1) tools which can be used to
trim/discard, or zero, part or all of an NBD disk (additional features
by Eric Blake).
.PP
New \fBnbdcopy\fR\|(1) \fI\-\-blkhash\fR feature.  This can calculate the
blkhash (similar to a checksum) of the image as it is being copied
(Nir Soffer, Vera Wu).
.PP
nbdcopy now obeys \fI\-\-destination\-is\-zero\fR and \fI\-\-allocated\fR options
when running in synchronous mode (Nir Soffer).
.SS "Language bindings"
.IX Subsection "Language bindings"
OCaml bindings now implement \f(CW\*(C`NBD.Buffer.is_zero\*(C'\fR
.PP
OCaml bindings now provide a better estimate of the size of the libnbd
handle to the garbage collector, allowing it to — at least in theory —
make better decisions on when to free the handle (thanks Kit\-ty\-kate).
.PP
Python bindings implement indexing and slicing of \f(CW\*(C`nbd.Buffer\*(C'\fR
.PP
Improve the automatic conversion of POD documentation to Rust
documentation.  Previously garbled mark\-up will now be converted
properly.
.SS Tests
.IX Subsection "Tests"
Enhanced tests of the nbdcopy \fI\-\-allocated\fR and
\&\fI\-\-destination\-is\-zero\fR options.
.PP
When running libnbd tests on ZFS, several tests would fail.  They are
now skipped (thanks Arsen Arsenović, Eric Blake).
.SS "Other improvements and bug fixes"
.IX Subsection "Other improvements and bug fixes"
nbdcopy now gives a hard error if the Linux system call
\&\fBsync_file_range\fR\|(2) fails.  This can happen for certain device I/O
errors (thanks Eric Sandeen, Dave Chinner).
.PP
On macOS and Linux, set Unix domain socket buffer sizes for improved
performance (Nir Soffer).
.PP
Fix several typos and spelling mistakes in the documentation (Eric
Blake).
.SS Documentation
.IX Subsection "Documentation"
New \fBlibnbd\-python\fR\|(3) page which provides an introduction to the
Python API.  This information was previously scattered in a few
places.
.SS Build
.IX Subsection "Build"
\&\f(CW\*(C`./configure \-\-with\-extra="..."\*(C'\fR can be used by downstream packagers
to add extra information to the \fI\-\-version\fR output of tools, such as
the version of the downstream package.
.PP
Colourize and improve the \f(CW\*(C`./configure\*(C'\fR output, if using a terminal.
.SS Internals
.IX Subsection "Internals"
Copy new vector and string functions from nbdkit, including
\&\f(CW\*(C`vector_uniq\*(C'\fR, \f(CW\*(C`vector_append_array\*(C'\fR, \f(CW\*(C`vector_insert_array\*(C'\fR,
C,vector_remove_range>, \f(CW\*(C`string_append_format\*(C'\fR.
.PP
Fix the memory allocation behaviour of the internal vector library,
which should reduce memory usage in some situations (Eric Blake).
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBlibnbd\fR\|(3).
.SH AUTHORS
.IX Header "AUTHORS"
.IP "Christopher Byrne" 4
.IX Item "Christopher Byrne"
.PD 0
.IP "Eric Blake" 4
.IX Item "Eric Blake"
.IP "Nir Soffer" 4
.IX Item "Nir Soffer"
.IP "Richard W.M. Jones" 4
.IX Item "Richard W.M. Jones"
.PD
.SH COPYRIGHT
.IX Header "COPYRIGHT"
Copyright Red Hat
.SH LICENSE
.IX Header "LICENSE"
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2 of the License, or (at your option) any later version.
.PP
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Lesser General Public License for more details.
.PP
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110\-1301 USA