diff --git a/CHANGELOG.md b/CHANGELOG.md index 8ce8a19d727..3e473a22a1c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +# 0.0.121 - Jan 22, 2024 - "Unwraps are Bad" + +## Bug Fixes + * Fix a deadlock when calling `batch_funding_transaction_generated` with + invalid input (#2841). + +## Security +0.0.121 fixes a denial-of-service vulnerability which is reachable from +untrusted input from peers in rare cases if we have a public channel or in +common cases if `P2PGossipSync` is used. + * A peer that failed to complete its handshake would cause a reachable + `unwrap` in LDK since 0.0.119 when LDK attempts to broadcast gossip to all + peers (#2842). + +In total, this release features 4 files changed, 52 insertions, 10 +deletions in 4 commits from 2 authors, in alphabetical order: + * Jeffrey Czyz + * Matt Corallo + # 0.0.120 - Jan 17, 2024 - "Unblinded Fuzzers" ## API Updates diff --git a/lightning-background-processor/Cargo.toml b/lightning-background-processor/Cargo.toml index a7e8c34faad..1872a1d0714 100644 --- a/lightning-background-processor/Cargo.toml +++ b/lightning-background-processor/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lightning-background-processor" -version = "0.0.120" +version = "0.0.121" authors = ["Valentine Wallace "] license = "MIT OR Apache-2.0" repository = "https://github.com/lightningdevkit/rust-lightning" @@ -22,11 +22,11 @@ default = ["std"] [dependencies] bitcoin = { version = "0.30.2", default-features = false } -lightning = { version = "0.0.120", path = "../lightning", default-features = false } -lightning-rapid-gossip-sync = { version = "0.0.120", path = "../lightning-rapid-gossip-sync", default-features = false } +lightning = { version = "0.0.121", path = "../lightning", default-features = false } +lightning-rapid-gossip-sync = { version = "0.0.121", path = "../lightning-rapid-gossip-sync", default-features = false } [dev-dependencies] tokio = { version = "1.35", features = [ "macros", "rt", "rt-multi-thread", "sync", "time" ] } -lightning = { version = "0.0.120", path = "../lightning", features = ["_test_utils"] } -lightning-invoice = { version = "0.28.0", path = "../lightning-invoice" } -lightning-persister = { version = "0.0.120", path = "../lightning-persister" } +lightning = { version = "0.0.121", path = "../lightning", features = ["_test_utils"] } +lightning-invoice = { version = "0.29.0", path = "../lightning-invoice" } +lightning-persister = { version = "0.0.121", path = "../lightning-persister" } diff --git a/lightning-block-sync/Cargo.toml b/lightning-block-sync/Cargo.toml index 86cf2f346ef..5e41f4d19ae 100644 --- a/lightning-block-sync/Cargo.toml +++ b/lightning-block-sync/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lightning-block-sync" -version = "0.0.120" +version = "0.0.121" authors = ["Jeffrey Czyz", "Matt Corallo"] license = "MIT OR Apache-2.0" repository = "https://github.com/lightningdevkit/rust-lightning" @@ -20,11 +20,11 @@ rpc-client = [ "serde_json", "chunked_transfer" ] [dependencies] bitcoin = "0.30.2" hex = { package = "hex-conservative", version = "0.1.1", default-features = false } -lightning = { version = "0.0.120", path = "../lightning" } +lightning = { version = "0.0.121", path = "../lightning" } tokio = { version = "1.35", features = [ "io-util", "net", "time", "rt" ], optional = true } serde_json = { version = "1.0", optional = true } chunked_transfer = { version = "1.4", optional = true } [dev-dependencies] -lightning = { version = "0.0.120", path = "../lightning", features = ["_test_utils"] } +lightning = { version = "0.0.121", path = "../lightning", features = ["_test_utils"] } tokio = { version = "1.35", features = [ "macros", "rt" ] } diff --git a/lightning-custom-message/Cargo.toml b/lightning-custom-message/Cargo.toml index ceea1503640..fbec38431c4 100644 --- a/lightning-custom-message/Cargo.toml +++ b/lightning-custom-message/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lightning-custom-message" -version = "0.0.120" +version = "0.0.121" authors = ["Jeffrey Czyz"] license = "MIT OR Apache-2.0" repository = "https://github.com/lightningdevkit/rust-lightning" @@ -15,4 +15,4 @@ rustdoc-args = ["--cfg", "docsrs"] [dependencies] bitcoin = "0.30.2" -lightning = { version = "0.0.120", path = "../lightning" } +lightning = { version = "0.0.121", path = "../lightning" } diff --git a/lightning-invoice/Cargo.toml b/lightning-invoice/Cargo.toml index e4201e9e4fc..e0d3560c10b 100644 --- a/lightning-invoice/Cargo.toml +++ b/lightning-invoice/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "lightning-invoice" description = "Data structures to parse and serialize BOLT11 lightning invoices" -version = "0.28.0" +version = "0.29.0" authors = ["Sebastian Geisler "] documentation = "https://docs.rs/lightning-invoice/" license = "MIT OR Apache-2.0" @@ -21,7 +21,7 @@ std = ["bitcoin/std", "num-traits/std", "lightning/std", "bech32/std"] [dependencies] bech32 = { version = "0.9.0", default-features = false } -lightning = { version = "0.0.120", path = "../lightning", default-features = false } +lightning = { version = "0.0.121", path = "../lightning", default-features = false } secp256k1 = { version = "0.27.0", default-features = false, features = ["recovery", "alloc"] } num-traits = { version = "0.2.8", default-features = false } hashbrown = { version = "0.8", optional = true } @@ -29,6 +29,6 @@ serde = { version = "1.0.118", optional = true } bitcoin = { version = "0.30.2", default-features = false } [dev-dependencies] -lightning = { version = "0.0.120", path = "../lightning", default-features = false, features = ["_test_utils"] } +lightning = { version = "0.0.121", path = "../lightning", default-features = false, features = ["_test_utils"] } hex = { package = "hex-conservative", version = "0.1.1", default-features = false } serde_json = { version = "1"} diff --git a/lightning-net-tokio/Cargo.toml b/lightning-net-tokio/Cargo.toml index 076dff16217..f779a4395b7 100644 --- a/lightning-net-tokio/Cargo.toml +++ b/lightning-net-tokio/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lightning-net-tokio" -version = "0.0.120" +version = "0.0.121" authors = ["Matt Corallo"] license = "MIT OR Apache-2.0" repository = "https://github.com/lightningdevkit/rust-lightning/" @@ -16,9 +16,9 @@ rustdoc-args = ["--cfg", "docsrs"] [dependencies] bitcoin = "0.30.2" -lightning = { version = "0.0.120", path = "../lightning" } +lightning = { version = "0.0.121", path = "../lightning" } tokio = { version = "1.35", features = [ "rt", "sync", "net", "time" ] } [dev-dependencies] tokio = { version = "1.35", features = [ "macros", "rt", "rt-multi-thread", "sync", "net", "time" ] } -lightning = { version = "0.0.120", path = "../lightning", features = ["_test_utils"] } +lightning = { version = "0.0.121", path = "../lightning", features = ["_test_utils"] } diff --git a/lightning-persister/Cargo.toml b/lightning-persister/Cargo.toml index 24ccb7f3077..aad5f2dc1e9 100644 --- a/lightning-persister/Cargo.toml +++ b/lightning-persister/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lightning-persister" -version = "0.0.120" +version = "0.0.121" authors = ["Valentine Wallace", "Matt Corallo"] license = "MIT OR Apache-2.0" repository = "https://github.com/lightningdevkit/rust-lightning" @@ -15,7 +15,7 @@ rustdoc-args = ["--cfg", "docsrs"] [dependencies] bitcoin = "0.30.2" -lightning = { version = "0.0.120", path = "../lightning" } +lightning = { version = "0.0.121", path = "../lightning" } [target.'cfg(windows)'.dependencies] windows-sys = { version = "0.48.0", default-features = false, features = ["Win32_Storage_FileSystem", "Win32_Foundation"] } @@ -24,5 +24,5 @@ windows-sys = { version = "0.48.0", default-features = false, features = ["Win32 criterion = { version = "0.4", optional = true, default-features = false } [dev-dependencies] -lightning = { version = "0.0.120", path = "../lightning", features = ["_test_utils"] } +lightning = { version = "0.0.121", path = "../lightning", features = ["_test_utils"] } bitcoin = { version = "0.30.2", default-features = false } diff --git a/lightning-rapid-gossip-sync/Cargo.toml b/lightning-rapid-gossip-sync/Cargo.toml index 86c69e22a18..5da607c9fa0 100644 --- a/lightning-rapid-gossip-sync/Cargo.toml +++ b/lightning-rapid-gossip-sync/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lightning-rapid-gossip-sync" -version = "0.0.120" +version = "0.0.121" authors = ["Arik Sosman "] license = "MIT OR Apache-2.0" repository = "https://github.com/lightningdevkit/rust-lightning" @@ -15,11 +15,11 @@ no-std = ["lightning/no-std"] std = ["lightning/std"] [dependencies] -lightning = { version = "0.0.120", path = "../lightning", default-features = false } +lightning = { version = "0.0.121", path = "../lightning", default-features = false } bitcoin = { version = "0.30.2", default-features = false } [target.'cfg(ldk_bench)'.dependencies] criterion = { version = "0.4", optional = true, default-features = false } [dev-dependencies] -lightning = { version = "0.0.120", path = "../lightning", features = ["_test_utils"] } +lightning = { version = "0.0.121", path = "../lightning", features = ["_test_utils"] } diff --git a/lightning-transaction-sync/Cargo.toml b/lightning-transaction-sync/Cargo.toml index faeadadafa2..26a82809e06 100644 --- a/lightning-transaction-sync/Cargo.toml +++ b/lightning-transaction-sync/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lightning-transaction-sync" -version = "0.0.120" +version = "0.0.121" authors = ["Elias Rohrer"] license = "MIT OR Apache-2.0" repository = "https://github.com/lightningdevkit/rust-lightning" @@ -23,7 +23,7 @@ electrum = ["electrum-client"] async-interface = [] [dependencies] -lightning = { version = "0.0.120", path = "../lightning", default-features = false, features = ["std"] } +lightning = { version = "0.0.121", path = "../lightning", default-features = false, features = ["std"] } bitcoin = { version = "0.30.2", default-features = false } bdk-macros = "0.6" futures = { version = "0.3", optional = true } @@ -31,7 +31,7 @@ esplora-client = { version = "0.6", default-features = false, optional = true } electrum-client = { version = "0.18.0", optional = true } [dev-dependencies] -lightning = { version = "0.0.120", path = "../lightning", default-features = false, features = ["std", "_test_utils"] } +lightning = { version = "0.0.121", path = "../lightning", default-features = false, features = ["std", "_test_utils"] } tokio = { version = "1.35.0", features = ["full"] } [target.'cfg(not(no_download))'.dev-dependencies] diff --git a/lightning/Cargo.toml b/lightning/Cargo.toml index 1cd112d33a1..1fe0f0dd119 100644 --- a/lightning/Cargo.toml +++ b/lightning/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "lightning" -version = "0.0.120" +version = "0.0.121" authors = ["Matt Corallo"] license = "MIT OR Apache-2.0" repository = "https://github.com/lightningdevkit/rust-lightning/"