X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=CHANGELOG.md;h=84d5529d88be1a885405bc29c469067b95ad7e7d;hb=75c3df018cf2ac5cf91409fe4c707cf1df270cdb;hp=24a8c96ffaa4e94d88139a31549be0d4c079e0ec;hpb=ab0739e3ea5df4552cb77d051b7625349e222229;p=rust-lightning diff --git a/CHANGELOG.md b/CHANGELOG.md index 24a8c96f..84d5529d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,477 @@ +# 0.0.106 - 2022-04-03 + +## API Updates + * Minimum supported rust version (MSRV) is now 1.41.1 (#1310). + * Lightning feature `option_scid_alias` is now supported and may be negotiated + when opening a channel with a peer. It can be configured via + `ChannelHandshakeConfig::negotiate_scid_privacy` and is off by default but + will be on by default in the future (#1351). + * `OpenChannelRequest` now has a `channel_type` field indicating the features + the channel will operate with and should be used to filter channels with + undesirable features (#1351). See the Serialization Compatibility section. + * `ChannelManager` supports sending and receiving short channel id aliases in + the `funding_locked` message. These are used when forwarding payments and + constructing invoice route hints for improved privacy. `ChannelDetails` has a + `inbound_scid_alias` field and a `get_inbound_payment_scid` method to support + the latter (#1311). + * `DefaultRouter` and `find_route` take an additional random seed to improve + privacy by adding a random CLTV expiry offset to each path's final hop. This + helps obscure the intended recipient from adversarial intermediate hops + (#1286). The seed is also used to randomize candidate paths during route + selection (#1359). + * The `lightning-block-sync` crate's `init::synchronize_listeners` method + interface has been relaxed to support multithreaded environments (#1349). + * `ChannelManager::create_inbound_payment_for_hash`'s documentation has been + corrected to remove the one-year restriction on `invoice_expiry_delta_secs`, + which is only applicable to the deprecated `create_inbound_payment_legacy` + and `create_inbound_payment_for_hash_legacy` methods (#1341). + * `Features` mutator methods now take `self` by reference instead of by value + (#1331). + * The CLTV of the last hop in a path is now included when comparing against + `RouteParameters::max_total_cltv_expiry_delta` (#1358). + * Invoice creation functions in `lightning-invoice` crate's `utils` module + include versions that accept a description hash instead of only a description + (#1361). + * `RoutingMessageHandler::sync_routing_table` has been renamed `peer_connected` + (#1368). + * `MessageSendEvent::SendGossipTimestampFilter` has been added to indicate that + a `gossip_timestamp_filter` should be sent (#1368). + * `PeerManager` takes an optional `NetAddress` in `new_outbound_connection` and + `new_inbound_connection`, which is used to report back the remote address to + the connecting peer in the `init` message (#1326). + * `ChannelManager::accept_inbound_channel` now takes a `user_channel_id`, which + is used in a similar manner as in outbound channels. (#1381). + * `BackgroundProcessor` now persists `NetworkGraph` on a timer and upon + shutdown as part of a new `Persister` trait, which also includes + `ChannelManager` persistence (#1376). + * `ProbabilisticScoringParameters` now has a `base_penalty_msat` option, which + default to 500 msats. It is applied at each hop to help avoid longer paths + (#1375). + * `ProbabilisticScoringParameters::liquidity_penalty_multiplier_msat`'s default + value is now 40,000 msats instead of 10,000 msats (#1375). + * The `lightning` crate has a `grind_signatures` feature used to produce + signatures with low r-values for more predictable transaction weight. This + feature is on by default (#1388). + * `ProbabilisticScoringParameters` now has a `amount_penalty_multiplier_msat` + option, which is used to further penalize large amounts (#1399). + * `PhantomRouteHints`, `FixedPenaltyScorer`, and `ScoringParameters` now + implement `Clone` (#1346). + +## Bug Fixes + * Fixed a compilation error in `ProbabilisticScorer` under `--feature=no-std` + (#1347). + * Invoice creation functions in `lightning-invoice` crate's `utils` module + filter invoice hints in order to limit the invoice size (#1325). + * Fixed a bug where a `funding_locked` message was delayed by a block if the + funding transaction was confirmed while offline, depending on the ordering + of `Confirm::transactions_confirmed` calls when brought back online (#1363). + * Fixed a bug in `NetGraphMsgHandler` where it didn't continue to receive + gossip messages from peers after initial connection (#1368, #1382). + * `ChannelManager::timer_tick_occurred` will now timeout a received multi-path + payment (MPP) after three ticks if not received in full instead of waiting + until near the HTLC timeout block(#1353). + * Fixed an issue with `find_route` causing it to be overly aggressive in using + MPP over channels to the same first hop (#1370). + * Reduced time spent processing `channel_update` messages by checking + signatures after checking if no newer messages have already been processed + (#1380). + * Fixed a few issues in `find_route` which caused preferring paths with a + higher cost (#1398). + * Fixed an issue in `ProbabilisticScorer` where a channel with not enough + liquidity could still be used when retrying a failed payment if it was on a + path with an overall lower cost (#1399). + +## Serialization Compatibility + * Channels open with `option_scid_alias` negotiated will be incompatible with + prior releases (#1351). This may occur in the following cases: + * Outbound channels when `ChannelHandshakeConfig::negotiate_scid_privacy` is + enabled. + * Inbound channels when automatically accepted from an `OpenChannel` message + with a `channel_type` that has `ChannelTypeFeatures::supports_scid_privacy` + return true. See `UserConfig::accept_inbound_channels`. + * Inbound channels when manually accepted from an `OpenChannelRequest` with a + `channel_type` that has `ChannelTypeFeatures::supports_scid_privacy` return + true. See `UserConfig::manually_accept_inbound_channels`. + +In total, this release features 43 files changed, 4052 insertions, 1274 +deletions in 75 commits from 11 authors, in alphabetical order: + * Devrandom + * Duncan Dean + * Elias Rohrer + * Jeffrey Czyz + * Jurvis Tan + * Luiz Parreira + * Matt Corallo + * Omar Shamardy + * Viktor Tigerström + * dependabot[bot] + * psycho-pirate + + +# 0.0.105 - 2022-02-28 + +## API Updates + * `Phantom node` payments are now supported, allowing receipt of a payment on + any one of multiple nodes without any coordination across the nodes being + required. See the new `PhantomKeysManager`'s docs for more, as well as + requirements on `KeysInterface::get_inbound_payment_key_material` and + `lightning_invoice::utils::create_phantom_invoice` (#1199). + * In order to support phantom node payments, several `KeysInterface` methods + now accept a `Recipient` parameter to select between the local `node_id` and + a phantom-specific one. + * `ProbabilisticScorer`, a `Score` based on learning the current balances of + channels in the network, was added. It attempts to better capture payment + success probability than the existing `Scorer`, though may underperform on + nodes with low payment volume. We welcome feedback on performance (#1227). + * `Score::channel_penalty_msat` now always takes the channel value, instead of + an `Option` (#1227). + * `UserConfig::manually_accept_inbound_channels` was added which, when set, + generates a new `Event::OpenChannelRequest`, which allows manual acceptance + or rejection of incoming channels on a per-channel basis (#1281). + * `Payee` has been renamed to `PaymentParameters` (#1271). + * `PaymentParameters` now has a `max_total_cltv_expiry_delta` field. This + defaults to 1008 and limits the maximum amount of time an HTLC can be pending + before it will either fail or be claimed (#1234). + * The `lightning-invoice` crate now supports no-std environments. This required + numerous API changes around timestamp handling and std+no-std versions of + several methods that previously assumed knowledge of the time (#1223, #1230). + * `lightning-invoice` now supports parsing invoices with expiry times of more + than one year. This required changing the semantics of `ExpiryTime` (#1273). + * The `CounterpartyCommitmentSecrets` is now public, allowing external uses of + the `BOLT 3` secret storage scheme (#1299). + * Several `Sign` methods now receive HTLC preimages as proof of state + transition, see new documentation for more (#1251). + * `KeysInterface::sign_invoice` now provides the HRP and other invoice data + separately to make it simpler for external signers to parse (#1272). + * `Sign::sign_channel_announcement` now returns both the node's signature and + the per-channel signature. `InMemorySigner` now requires the node's secret + key in order to implement this (#1179). + * `ChannelManager` deserialization will now fail if the `KeysInterface` used + has a different `node_id` than the `ChannelManager` expects (#1250). + * A new `ErrorAction` variant was added to send `warning` messages (#1013). + * Several references to `chain::Listen` objects in `lightning-block-sync` no + longer require a mutable reference (#1304). + +## Bug Fixes + * Fixed a regression introduced in 0.0.104 where `ChannelManager`'s internal + locks could have an order violation leading to a deadlock (#1238). + * Fixed cases where slow code (including user I/O) could cause us to + disconnect peers with ping timeouts in `BackgroundProcessor` (#1269). + * Now persist the `ChannelManager` prior to `BackgroundProcessor` stopping, + preventing race conditions where channels are closed on startup even with a + clean shutdown. This requires that users stop network processing and + disconnect peers prior to `BackgroundProcessor` shutdown (#1253). + * Fields in `ChannelHandshakeLimits` provided via the `override_config` to + `create_channel` are now applied instead of the default config (#1292). + * Fixed the generation of documentation on docs.rs to include API surfaces + which are hidden behind feature flags (#1303). + * Added the `channel_type` field to `accept_channel` messages we send, which + may avoid some future compatibility issues with other nodes (#1314). + * Fixed a bug where, if a previous LDK run using `lightning-persister` crashed + while persisting updated data, we may have failed to initialize (#1332). + * Fixed a rare bug where having both pending inbound and outbound HTLCs on a + just-opened inbound channel could cause `ChannelDetails::balance_msat` to + underflow and be reported as large, or cause panics in debug mode (#1268). + * Moved more instances of verbose gossip logging from the `Trace` level to the + `Gossip` level (#1220). + * Delayed `announcement_signatures` until the channel has six confirmations, + slightly improving propagation of channel announcements (#1179). + * Several fixes in script and transaction weight calculations when anchor + outputs are enabled (#1229). + +## Serialization Compatibility + * Using `ChannelManager` data written by versions prior to 0.0.105 will result + in preimages for HTLCs that were pending at startup to be missing in calls + to `KeysInterface` methods (#1251). + * Any phantom invoice payments received on a node that is not upgraded to + 0.0.105 will fail with an "unknown channel" error. Further, downgrading to + 0.0.104 or before and then upgrading again will invalidate existing phantom + SCIDs which may be included in invoices (#1199). + +## Security +0.0.105 fixes two denial-of-service vulnerabilities which may be reachable from +untrusted input in certain application designs. + + * Route calculation spuriously panics when a routing decision is made for a + path where the second-to-last hop is a private channel, included due to a + multi-hop route hint in an invoice. + * `ChannelMonitor::get_claimable_balances` spuriously panics in some scenarios + when the LDK application's local commitment transaction is confirmed while + HTLCs are still pending resolution. + +In total, this release features 109 files changed, 7270 insertions, 2131 +deletions in 108 commits from 15 authors, in alphabetical order: + * Conor Okus + * Devrandom + * Elias Rohrer + * Jeffrey Czyz + * Jurvis Tan + * Ken Sedgwick + * Matt Corallo + * Naveen + * Tibo-lg + * Valentine Wallace + * Viktor Tigerström + * dependabot[bot] + * hackerrdave + * naveen + * vss96 + + +# 0.0.104 - 2021-12-17 + +## API Updates + * A `PaymentFailed` event is now provided to indicate a payment has failed + fully. This event is generated either after + `ChannelManager::abandon_payment` is called for a given payment, or the + payment times out, and there are no further pending HTLCs for the payment. + This event should be used to detect payment failure instead of + `PaymentPathFailed::all_paths_failed`, unless no payment retries occur via + `ChannelManager::retry_payment` (#1202). + * Payment secrets are now generated deterministically using material from + the new `KeysInterface::get_inbound_payment_key_material` (#1177). + * A `PaymentPathSuccessful` event has been added to ease passing success info + to a scorer, along with a `Score::payment_path_successful` method to accept + such info (#1178, #1197). + * `Score::channel_penalty_msat` has additional arguments describing the + channel's capacity and the HTLC amount being sent over the channel (#1166). + * A new log level `Gossip` has been added, which is used for verbose + information generated during network graph sync. Enabling the + `max_level_trace` feature or ignoring `Gossip` log entries reduces log + growth during initial start up from many GiB to several MiB (#1145). + * The `allow_wallclock_use` feature has been removed in favor of only using + the `std` and `no-std` features (#1212). + * `NetworkGraph` can now remove channels that we haven't heard updates for in + two weeks with `NetworkGraph::remove_stale_channels{,with_time}`. The first + is called automatically if a `NetGraphMsgHandler` is passed to + `BackgroundProcessor::start` (#1212). + * `InvoicePayer::pay_pubkey` was added to enable sending "keysend" payments to + supported recipients, using the `InvoicePayer` to handle retires (#1160). + * `user_payment_id` has been removed from `PaymentPurpose`, and + `ChannelManager::create_inbound_payment{,_for_hash}` (#1180). + * Updated documentation for several `ChannelManager` functions to remove stale + references to panics which no longer occur (#1201). + * The `Score` and `LockableScore` objects have moved into the + `routing::scoring` module instead of being in the `routing` module (#1166). + * The `Time` parameter to `ScorerWithTime` is no longer longer exposed, + instead being fixed based on the `std`/`no-std` feature (#1184). + * `ChannelDetails::balance_msat` was added to fetch a channel's balance + without subtracting the reserve values, lining up with on-chain claim amounts + less on-chain fees (#1203). + * An explicit `UserConfig::accept_inbound_channels` flag is now provided, + removing the need to set `min_funding_satoshis` to > 21 million BTC (#1173). + * Inbound channels that fail to see the funding transaction confirm within + 2016 blocks are automatically force-closed with + `ClosureReason::FundingTimedOut` (#1083). + * We now accept a channel_reserve value of 0 from counterparties, as it is + insecure for our counterparty but not us (#1163). + * `NetAddress::OnionV2` parsing was removed as version 2 onion services are no + longer supported in modern Tor (#1204). + * Generation and signing of anchor outputs is now supported in the + `KeysInterface`, though no support for them exists in the channel itself (#1176) + +## Bug Fixes + * Fixed a race condition in `InvoicePayer` where paths may be retried after + the retry count has been exceeded. In this case the + `Event::PaymentPathFailed::all_paths_failed` field is not a reliable payment + failure indicator. There was no acceptable alternative indicator, + `Event::PaymentFailed` as been added to provide one (#1202). + * Reduced the blocks-before-timeout we expect of outgoing HTLCs before + refusing to forward. This check was overly strict and resulted in refusing + to forward som HTLCs to a next hop that had a lower security threshold than + us (#1119). + * LDK no longer attempt to update the channel fee for outbound channels when + we cannot afford the new fee. This could have caused force-closure by our + channel counterparty (#1054). + * Fixed several bugs which may have prevented the reliable broadcast of our + own channel announcements and updates (#1169). + * Fixed a rare bug which may have resulted in spurious route finding failures + when using last-hop hints and MPP with large value payments (#1168). + * `KeysManager::spend_spendable_outputs` no longer adds a change output that + is below the dust threshold for non-standard change scripts (#1131). + * Fixed a minor memory leak when attempting to send a payment that fails due + to an error when updating the `ChannelMonitor` (#1143). + * Fixed a bug where a `FeeEstimator` that returns values rounded to the next + sat/vbyte may result in force-closures (#1208). + * Handle MPP timeout HTLC error codes, instead of considering the recipient to + have sent an invalid error, removing them from the network graph (#1148) + +## Serialization Compatibility + * All above new events/fields are ignored by prior clients. All above new + events/fields are not present when reading objects serialized by prior + versions of the library. + * Payment secrets are now generated deterministically. This reduces the memory + footprint for inbound payments, however, newly-generated inbound payments + using `ChannelManager::create_inbound_payment{,_for_hash}` will not be + receivable using versions prior to 0.0.104. + `ChannelManager::create_inbound_payment{,_for_hash}_legacy` are provided for + backwards compatibility (#1177). + * `PaymentPurpose::InvoicePayment::user_payment_id` will be 0 when reading + objects written with 0.0.104 when read by 0.0.103 and previous (#1180). + +In total, this release features 51 files changed, 5356 insertions, 2238 +deletions in 107 commits from 9 authors, in alphabetical order: + * Antoine Riard + * Conor Okus + * Devrandom + * Duncan Dean + * Elias Rohrer + * Jeffrey Czyz + * Ken Sedgwick + * Matt Corallo + * Valentine Wallace + + +# 0.0.103 - 2021-11-02 + +## API Updates + * This release is almost entirely focused on a new API in the + `lightning-invoice` crate - the `InvoicePayer`. `InvoicePayer` is a + struct which takes a reference to a `ChannelManager` and a `Router` + and retries payments as paths fail. It limits retries to a configurable + number, but is not serialized to disk and may retry additional times across + a serialization/load. In order to learn about failed payments, it must + receive `Event`s directly from the `ChannelManager`, wrapping a + user-provided `EventHandler` which it provides all unhandled events to + (#1059). + * `get_route` has been renamed `find_route` (#1059) and now takes a + `RouteParameters` struct in replacement of a number of its long list of + arguments (#1134). The `Payee` in the `RouteParameters` is stored in the + `Route` object returned and provided in the `RouteParameters` contained in + `Event::PaymentPathFailed` (#1059). + * `ChannelMonitor`s must now be persisted after calls that provide new block + data, prior to `MonitorEvent`s being passed back to `ChannelManager` for + processing. If you are using a `ChainMonitor` this is handled for you. + The `Persist` API has been updated to `Option`ally take the + `ChannelMonitorUpdate` as persistence events that result from chain data no + longer have a corresponding update (#1108). + * `routing::Score` now has a `payment_path_failed` method which it can use to + learn which channels often fail payments. It is automatically called by + `InvoicePayer` for failed payment paths (#1144). + * The default `Scorer` implementation is now a type alias to a type generic + across different clocks and supports serialization to persist scoring data + across restarts (#1146). + * `Event::PaymentSent` now includes the full fee which was spent across all + payment paths which were fulfilled or pending when the payment was fulfilled + (#1142). + * `Event::PaymentSent` and `Event::PaymentPathFailed` now include the + `PaymentId` which matches the `PaymentId` returned from + `ChannelManager::send_payment` or `InvoicePayer::pay_invoice` (#1059). + * `NetGraphMsgHandler` now takes a `Deref` to the `NetworkGraph`, allowing for + shared references to the graph data to make serialization and references to + the graph data in the `InvoicePayer`'s `Router` simpler (#1149). + * `routing::Score::channel_penalty_msat` has been updated to provide the + `NodeId` of both the source and destination nodes of a channel (#1133). + +## Bug Fixes + * Previous versions would often disconnect peers during initial graph sync due + to ping timeouts while processing large numbers of gossip messages. We now + delay disconnecting peers if we receive messages from them even if it takes + a while to receive a pong from them. Further, we avoid sending too many + gossip messages between pings to ensure we should always receive pongs in a + timely manner (#1137). + * If a payment was sent, creating an outbound HTLC and sending it to our + counterparty (implying the `ChannelMonitor` was persisted on disk), but the + `ChannelManager` was not persisted prior to shutdown/crash, no + `Event::PaymentPathFailed` event was generated if the HTLC was eventually + failed on chain. Events are now consistent irrespective of `ChannelManager` + persistence or non-persistence (#1104). + +## Serialization Compatibility + * All above new Events/fields are ignored by prior clients. All above new + Events/fields are not present when reading objects serialized by prior + versions of the library. + * Payments for which a `Route` was generated using a previous version or for + which the payment was originally sent by a previous version of the library + will not be retried by an `InvoicePayer`. + +This release was singularly focused and some contributions by third parties +were delayed. +In total, this release features 38 files changed, 4414 insertions, and 969 +deletions in 71 commits from 2 authors, in alphabetical order: + + * Jeffrey Czyz + * Matt Corallo + + +# 0.0.102 - 2021-10-18 + +## API Updates + * `get_route` now takes a `Score` as an argument. `Score` is queried during + the route-finding process, returning the absolute amounts which you are + willing to pay to avoid routing over a given channel. As a default, a + `Scorer` is provided which returns a constant amount, with a suggested + default of 500 msat. This translates to a willingness to pay up to 500 msat + in additional fees per hop in order to avoid additional hops (#1124). + * `Event::PaymentPathFailed` now contains a `short_channel_id` field which may + be filled in with a channel that can be "blamed" for the payment failure. + Payment retries should likely avoid the given channel for some time (#1077). + * `PublicKey`s in `NetworkGraph` have been replaced with a `NodeId` struct + which contains only a simple `[u8; 33]`, substantially improving + `NetworkGraph` deserialization performance (#1107). + * `ChainMonitor`'s `HashMap` of `ChannelMonitor`s is now private, exposed via + `Chainmonitor::get_monitor` and `ChainMonitor::list_monitors` instead + (#1112). + * When an outbound channel is closed prior to the broadcasting of its funding + transaction, but after you call + `ChannelManager::funding_transaction_generated`, a new event type, + `Event::DiscardFunding`, is generated, informing you the transaction was not + broadcasted and that you can spend the same inputs again elsewhere (#1098). + * `ChannelManager::create_channel` now returns the temporary channel ID which + may later appear in `Event::ChannelClosed` or `ChannelDetails` prior to the + channel being funded (#1121). + * `Event::PaymentSent` now contains the payment hash as well as the payment + preimage (#1062). + * `ReadOnlyNetworkGraph::get_addresses` now returns owned `NetAddress` rather + than references. As a side-effect this method is now exposed in foreign + language bindings (#1115). + * The `Persist` and `ChannelMonitorUpdateErr` types have moved to the + `lightning::chain::chainmonitor` and `lightning::chain` modules, + respectively (#1112). + * `ChannelManager::send_payment` now returns a `PaymentId` which identifies a + payment (whether MPP or not) and can be used to retry the full payment or + MPP parts through `retry_payment` (#1096). Note that doing so is currently + *not* crash safe, and you may find yourself sending twice. It is recommended + that you *not* use the `retry_payment` API until the next release. + +## Bug Fixes + * Due to an earlier fix for the Lightning dust inflation vulnerability tracked + in CVE-2021-41591/CVE-2021-41592/CVE-2021-41593 in 0.0.100, we required + counterparties to accept a dust limit slightly lower than the dust limit now + required by other implementations. This appeared as, at least, latest lnd + always refusing to accept channels opened by LDK clients (#1065). + * If there are multiple channels available to the same counterparty, + `get_route` would only consider the channel listed last as available for + sending (#1100). + * `Persist` implementations returning + `ChannelMonitorUpdateErr::TemporaryFailure` from `watch_channel` previously + resulted in the `ChannelMonitor` not being stored at all, resulting in a + panic after monitor updating is complete (#1112). + * If payments are pending awaiting forwarding at startup, an + `Event::PendingHTLCsForwardable` event will always be provided. This ensures + user code calls `ChannelManager::process_pending_htlc_fowards` even if it + shut down while awaiting the batching timer during the previous run (#1076). + * If a call to `ChannelManager::send_payment` failed due to lack of + availability of funds locally, LDK would store the payment as pending + forever, with no ability to retry or fail it, leaking memory (#1109). + +## Serialization Compatibility + * All above new Events/fields are ignored by prior clients. All above new + Events/fields, except for `Event::PaymentSent::payment_hash` are not present + when reading objects serialized by prior versions of the library. + +In total, this release features 32 files changed, 2248 insertions, and 1483 +deletions in 51 commits from 7 authors, in alphabetical order: + + * 1nF0rmed + * Duncan Dean + * Elias Rohrer + * Galder Zamarreño + * Jeffrey Czyz + * Matt Corallo + * Valentine Wallace + + # 0.0.101 - 2021-09-23 ## API Updates