X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;ds=sidebyside;f=CHANGELOG.md;h=c353a1bb99365ab82ae2e5767a13c8aa2654b637;hb=refs%2Fheads%2F2022-03-fix-bindings-docs;hp=887b738ff3cbd5ad8ed69ae171ca8105d8db453c;hpb=0ee869e5bffbaec71f53a3addce6197c8d13dee7;p=rust-lightning diff --git a/CHANGELOG.md b/CHANGELOG.md index 887b738f..c353a1bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,20 +1,235 @@ +# 0.0.105 - 2022-02-28 + +## API Updates + * `Phantom node` payments are now supported, allowing receipt of a payment on + any one of multiple nodes without any coordination across the nodes being + required. See the new `PhantomKeysManager`'s docs for more, as well as + requirements on `KeysInterface::get_inbound_payment_key_material` and + `lightning_invoice::utils::create_phantom_invoice` (#1199). + * In order to support phantom node payments, several `KeysInterface` methods + now accept a `Recipient` parameter to select between the local `node_id` and + a phantom-specific one. + * `ProbabilisticScorer`, a `Score` based on learning the current balances of + channels in the network, was added. It attempts to better capture payment + success probability than the existing `Scorer`, though may underperform on + nodes with low payment volume. We welcome feedback on performance (#1227). + * `Score::channel_penalty_msat` now always takes the channel value, instead of + an `Option` (#1227). + * `UserConfig::manually_accept_inbound_channels` was added which, when set, + generates a new `Event::OpenChannelRequest`, which allows manual acceptance + or rejection of incoming channels on a per-channel basis (#1281). + * `Payee` has been renamed to `PaymentParameters` (#1271). + * `PaymentParameters` now has a `max_total_cltv_expiry_delta` field. This + defaults to 1008 and limits the maximum amount of time an HTLC can be pending + before it will either fail or be claimed (#1234). + * The `lightning-invoice` crate now supports no-std environments. This required + numerous API changes around timestamp handling and std+no-std versions of + several methods that previously assumed knowledge of the time (#1223, #1230). + * `lightning-invoice` now supports parsing invoices with expiry times of more + than one year. This required changing the semantics of `ExpiryTime` (#1273). + * The `CounterpartyCommitmentSecrets` is now public, allowing external uses of + the `BOLT 3` secret storage scheme (#1299). + * Several `Sign` methods now receive HTLC preimages as proof of state + transition, see new documentation for more (#1251). + * `KeysInterface::sign_invoice` now provides the HRP and other invoice data + separately to make it simpler for external signers to parse (#1272). + * `Sign::sign_channel_announcement` now returns both the node's signature and + the per-channel signature. `InMemorySigner` now requires the node's secret + key in order to implement this (#1179). + * `ChannelManager` deserialization will now fail if the `KeysInterface` used + has a different `node_id` than the `ChannelManager` expects (#1250). + * A new `ErrorAction` variant was added to send `warning` messages (#1013). + * Several references to `chain::Listen` objects in `lightning-block-sync` no + longer require a mutable reference (#1304). + +## Bug Fixes + * Fixed a regression introduced in 0.0.104 where `ChannelManager`'s internal + locks could have an order violation leading to a deadlock (#1238). + * Fixed cases where slow code (including user I/O) could cause us to + disconnect peers with ping timeouts in `BackgroundProcessor` (#1269). + * Now persist the `ChannelManager` prior to `BackgroundProcessor` stopping, + preventing race conditions where channels are closed on startup even with a + clean shutdown. This requires that users stop network processing and + disconnect peers prior to `BackgroundProcessor` shutdown (#1253). + * Fields in `ChannelHandshakeLimits` provided via the `override_config` to + `create_channel` are now applied instead of the default config (#1292). + * Fixed the generation of documentation on docs.rs to include API surfaces + which are hidden behind feature flags (#1303). + * Added the `channel_type` field to `accept_channel` messages we send, which + may avoid some future compatibility issues with other nodes (#1314). + * Fixed a bug where, if a previous LDK run using `lightning-persister` crashed + while persisting updated data, we may have failed to initialize (#1332). + * Fixed a rare bug where having both pending inbound and outbound HTLCs on a + just-opened inbound channel could cause `ChannelDetails::balance_msat` to + underflow and be reported as large, or cause panics in debug mode (#1268). + * Moved more instances of verbose gossip logging from the `Trace` level to the + `Gossip` level (#1220). + * Delayed `announcement_signatures` until the channel has six confirmations, + slightly improving propagation of channel announcements (#1179). + * Several fixes in script and transaction weight calculations when anchor + outputs are enabled (#1229). + +## Serialization Compatibility + * Using `ChannelManager` data written by versions prior to 0.0.105 will result + in preimages for HTLCs that were pending at startup to be missing in calls + to `KeysInterface` methods (#1251). + * Any phantom invoice payments received on a node that is not upgraded to + 0.0.105 will fail with an "unknown channel" error. Further, downgrading to + 0.0.104 or before and then upgrading again will invalidate existing phantom + SCIDs which may be included in invoices (#1199). + +## Security +0.0.105 fixes two denial-of-service vulnerabilities which may be reachable from +untrusted input in certain application designs. + + * Route calculation spuriously panics when a routing decision is made for a + path where the second-to-last hop is a private channel, included due to a + multi-hop route hint in an invoice. + * `ChannelMonitor::get_claimable_balances` spuriously panics in some scenarios + when the LDK application's local commitment transaction is confirmed while + HTLCs are still pending resolution. + +In total, this release features 109 files changed, 7270 insertions, 2131 +deletions in 108 commits from 15 authors, in alphabetical order: + * Conor Okus + * Devrandom + * Elias Rohrer + * Jeffrey Czyz + * Jurvis Tan + * Ken Sedgwick + * Matt Corallo + * Naveen + * Tibo-lg + * Valentine Wallace + * Viktor Tigerström + * dependabot[bot] + * hackerrdave + * naveen + * vss96 + + +# 0.0.104 - 2021-12-17 + +## API Updates + * A `PaymentFailed` event is now provided to indicate a payment has failed + fully. This event is generated either after + `ChannelManager::abandon_payment` is called for a given payment, or the + payment times out, and there are no further pending HTLCs for the payment. + This event should be used to detect payment failure instead of + `PaymentPathFailed::all_paths_failed`, unless no payment retries occur via + `ChannelManager::retry_payment` (#1202). + * Payment secrets are now generated deterministically using material from + the new `KeysInterface::get_inbound_payment_key_material` (#1177). + * A `PaymentPathSuccessful` event has been added to ease passing success info + to a scorer, along with a `Score::payment_path_successful` method to accept + such info (#1178, #1197). + * `Score::channel_penalty_msat` has additional arguments describing the + channel's capacity and the HTLC amount being sent over the channel (#1166). + * A new log level `Gossip` has been added, which is used for verbose + information generated during network graph sync. Enabling the + `max_level_trace` feature or ignoring `Gossip` log entries reduces log + growth during initial start up from many GiB to several MiB (#1145). + * The `allow_wallclock_use` feature has been removed in favor of only using + the `std` and `no-std` features (#1212). + * `NetworkGraph` can now remove channels that we haven't heard updates for in + two weeks with `NetworkGraph::remove_stale_channels{,with_time}`. The first + is called automatically if a `NetGraphMsgHandler` is passed to + `BackgroundProcessor::start` (#1212). + * `InvoicePayer::pay_pubkey` was added to enable sending "keysend" payments to + supported recipients, using the `InvoicePayer` to handle retires (#1160). + * `user_payment_id` has been removed from `PaymentPurpose`, and + `ChannelManager::create_inbound_payment{,_for_hash}` (#1180). + * Updated documentation for several `ChannelManager` functions to remove stale + references to panics which no longer occur (#1201). + * The `Score` and `LockableScore` objects have moved into the + `routing::scoring` module instead of being in the `routing` module (#1166). + * The `Time` parameter to `ScorerWithTime` is no longer longer exposed, + instead being fixed based on the `std`/`no-std` feature (#1184). + * `ChannelDetails::balance_msat` was added to fetch a channel's balance + without subtracting the reserve values, lining up with on-chain claim amounts + less on-chain fees (#1203). + * An explicit `UserConfig::accept_inbound_channels` flag is now provided, + removing the need to set `min_funding_satoshis` to > 21 million BTC (#1173). + * Inbound channels that fail to see the funding transaction confirm within + 2016 blocks are automatically force-closed with + `ClosureReason::FundingTimedOut` (#1083). + * We now accept a channel_reserve value of 0 from counterparties, as it is + insecure for our counterparty but not us (#1163). + * `NetAddress::OnionV2` parsing was removed as version 2 onion services are no + longer supported in modern Tor (#1204). + * Generation and signing of anchor outputs is now supported in the + `KeysInterface`, though no support for them exists in the channel itself (#1176) + +## Bug Fixes + * Fixed a race condition in `InvoicePayer` where paths may be retried after + the retry count has been exceeded. In this case the + `Event::PaymentPathFailed::all_paths_failed` field is not a reliable payment + failure indicator. There was no acceptable alternative indicator, + `Event::PaymentFailed` as been added to provide one (#1202). + * Reduced the blocks-before-timeout we expect of outgoing HTLCs before + refusing to forward. This check was overly strict and resulted in refusing + to forward som HTLCs to a next hop that had a lower security threshold than + us (#1119). + * LDK no longer attempt to update the channel fee for outbound channels when + we cannot afford the new fee. This could have caused force-closure by our + channel counterparty (#1054). + * Fixed several bugs which may have prevented the reliable broadcast of our + own channel announcements and updates (#1169). + * Fixed a rare bug which may have resulted in spurious route finding failures + when using last-hop hints and MPP with large value payments (#1168). + * `KeysManager::spend_spendable_outputs` no longer adds a change output that + is below the dust threshold for non-standard change scripts (#1131). + * Fixed a minor memory leak when attempting to send a payment that fails due + to an error when updating the `ChannelMonitor` (#1143). + * Fixed a bug where a `FeeEstimator` that returns values rounded to the next + sat/vbyte may result in force-closures (#1208). + * Handle MPP timeout HTLC error codes, instead of considering the recipient to + have sent an invalid error, removing them from the network graph (#1148) + +## Serialization Compatibility + * All above new events/fields are ignored by prior clients. All above new + events/fields are not present when reading objects serialized by prior + versions of the library. + * Payment secrets are now generated deterministically. This reduces the memory + footprint for inbound payments, however, newly-generated inbound payments + using `ChannelManager::create_inbound_payment{,_for_hash}` will not be + receivable using versions prior to 0.0.104. + `ChannelManager::create_inbound_payment{,_for_hash}_legacy` are provided for + backwards compatibility (#1177). + * `PaymentPurpose::InvoicePayment::user_payment_id` will be 0 when reading + objects written with 0.0.104 when read by 0.0.103 and previous (#1180). + +In total, this release features 51 files changed, 5356 insertions, 2238 +deletions in 107 commits from 9 authors, in alphabetical order: + * Antoine Riard + * Conor Okus + * Devrandom + * Duncan Dean + * Elias Rohrer + * Jeffrey Czyz + * Ken Sedgwick + * Matt Corallo + * Valentine Wallace + + # 0.0.103 - 2021-11-02 ## API Updates * This release is almost entirely focused on a new API in the `lightning-invoice` crate - the `InvoicePayer`. `InvoicePayer` is a - struct which takes a reference to a `ChannelManager` and a `NetworkGraph` + struct which takes a reference to a `ChannelManager` and a `Router` and retries payments as paths fail. It limits retries to a configurable number, but is not serialized to disk and may retry additional times across a serialization/load. In order to learn about failed payments, it must receive `Event`s directly from the `ChannelManager`, wrapping a user-provided `EventHandler` which it provides all unhandled events to (#1059). - * `get_route` has been renamed `find_route` (#1059) and now takes a `Payee` - struct in replacement of a number of its long list of arguments (#1134). - `Payee` is further stored in the `Route` object returned and provided in the - `RouteParameters` contained in `Event::PaymentPathFailed` (#1059). - * `ChannelMonitor`s must now be persisted after calls which provide new block + * `get_route` has been renamed `find_route` (#1059) and now takes a + `RouteParameters` struct in replacement of a number of its long list of + arguments (#1134). The `Payee` in the `RouteParameters` is stored in the + `Route` object returned and provided in the `RouteParameters` contained in + `Event::PaymentPathFailed` (#1059). + * `ChannelMonitor`s must now be persisted after calls that provide new block data, prior to `MonitorEvent`s being passed back to `ChannelManager` for processing. If you are using a `ChainMonitor` this is handled for you. The `Persist` API has been updated to `Option`ally take the @@ -29,6 +244,9 @@ * `Event::PaymentSent` now includes the full fee which was spent across all payment paths which were fulfilled or pending when the payment was fulfilled (#1142). + * `Event::PaymentSent` and `Event::PaymentPathFailed` now include the + `PaymentId` which matches the `PaymentId` returned from + `ChannelManager::send_payment` or `InvoicePayer::pay_invoice` (#1059). * `NetGraphMsgHandler` now takes a `Deref` to the `NetworkGraph`, allowing for shared references to the graph data to make serialization and references to the graph data in the `InvoicePayer`'s `Router` simpler (#1149). @@ -36,16 +254,18 @@ `NodeId` of both the source and destination nodes of a channel (#1133). ## Bug Fixes - * Delay disconnecting peers if we receive messages from them even if it takes - a while to receive a pong from them. Further, avoid sending too many gossip - messages between pings to ensure we should always receive pongs in a timely - manner. Together, these should significantly reduce instances of us failing - to remain connected to a peer during initial gossip sync (#1137). - * If a payment is sent, creating an outbound HTLC and sending it to our + * Previous versions would often disconnect peers during initial graph sync due + to ping timeouts while processing large numbers of gossip messages. We now + delay disconnecting peers if we receive messages from them even if it takes + a while to receive a pong from them. Further, we avoid sending too many + gossip messages between pings to ensure we should always receive pongs in a + timely manner (#1137). + * If a payment was sent, creating an outbound HTLC and sending it to our counterparty (implying the `ChannelMonitor` was persisted on disk), but the `ChannelManager` was not persisted prior to shutdown/crash, no - `Event::PaymentPathFailed` event will be generated if the HTLC is eventually - failed on chain (#1104). + `Event::PaymentPathFailed` event was generated if the HTLC was eventually + failed on chain. Events are now consistent irrespective of `ChannelManager` + persistence or non-persistence (#1104). ## Serialization Compatibility * All above new Events/fields are ignored by prior clients. All above new