From b170142cf22719197722970a73268a641f994268 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Thu, 15 Feb 2024 16:07:40 +0100 Subject: OTP-25.3.2.8 --- early-plugins.mk | 4 +- release-notes/OTP-25.3.2.8.README.txt | 348 ++++++++++++++++++++++++++++++++++ 2 files changed, 350 insertions(+), 2 deletions(-) create mode 100644 release-notes/OTP-25.3.2.8.README.txt diff --git a/early-plugins.mk b/early-plugins.mk index 7dfb50c..654a1a3 100644 --- a/early-plugins.mk +++ b/early-plugins.mk @@ -19,7 +19,7 @@ OTP-21 := OTP-21.0.9 OTP-21.1.4 OTP-21.2.7 OTP-21.3.8.24 OTP-22 := OTP-22.0.7 OTP-22.1.8 OTP-22.2.8 OTP-22.3.4.26 OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.7.3 OTP-23.3.4.19 OTP-24 := OTP-24.0.6 OTP-24.1.7 OTP-24.2.2 OTP-24.3.4.16 -OTP-25 := OTP-25.0.4 OTP-25.1.2.1 OTP-25.2.3 OTP-25.3.2.7 +OTP-25 := OTP-25.0.4 OTP-25.1.2.1 OTP-25.2.3 OTP-25.3.2.8 OTP-26 := OTP-26.0.2 OTP-26.1.2 OTP-26.2 OTP-18+ := $(OTP-18) $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) $(OTP-24) $(OTP-25) $(OTP-26) @@ -110,7 +110,7 @@ OTP-24-DROPPED := OTP-24.0-rc2 OTP-24.0-rc3 OTP-24.0 OTP-24.0.1 OTP-24.0.5 \ OTP-25-DROPPED := OTP-25.0-rc1 OTP-25.0-rc2 OTP-25.0-rc3 OTP-25.0 \ OTP-25.0.1 OTP-25.0.2 OTP-25.0.3 OTP-25.1 OTP-25.1.1 OTP-25.1.2 OTP-25.2 \ OTP-25.2.1 OTP-25.2.2 OTP-25.3 OTP-25.3.1 OTP-25.3.2 OTP-25.3.2.1 OTP-25.3.2.2 \ - OTP-25.3.2.3 OTP-25.3.2.4 OTP-25.3.2.5 OTP-25.3.2.6 + OTP-25.3.2.3 OTP-25.3.2.4 OTP-25.3.2.5 OTP-25.3.2.6 OTP-25.3.2.7 OTP-26-DROPPED := OTP-26.0-rc3 \ OTP-26.0 OTP-26.0.1 OTP-26.1 OTP-26.1.1 diff --git a/release-notes/OTP-25.3.2.8.README.txt b/release-notes/OTP-25.3.2.8.README.txt new file mode 100644 index 0000000..a2a876f --- /dev/null +++ b/release-notes/OTP-25.3.2.8.README.txt @@ -0,0 +1,348 @@ +Patch Package: OTP 25.3.2.8 +Git Tag: OTP-25.3.2.8 +Date: 2023-12-18 +Trouble Report Id: OTP-18739, OTP-18768, OTP-18802, OTP-18830, + OTP-18838, OTP-18839, OTP-18841, OTP-18842, + OTP-18844, OTP-18850, OTP-18869, OTP-18877, + OTP-18885, OTP-18886, OTP-18896, OTP-18897, + OTP-18899, OTP-18902 +Seq num: GH-7571, GH-7801, GH-7834, GH-7890 +System: OTP +Release: 25 +Application: asn1-5.0.21.1, erl_interface-5.3.2.1, + erts-13.2.2.5, mnesia-4.21.4.2, + public_key-1.13.3.2, ssh-4.15.3.1, + ssl-10.9.1.3, wx-2.2.2.1 +Predecessor: OTP 25.3.2.7 + + Check out the git tag OTP-25.3.2.8, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- POTENTIAL INCOMPATIBILITIES ------------------------------------- + --------------------------------------------------------------------- + + OTP-18897 Application(s): ssh + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + 'chacha20-poly1305@openssh.com' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH. + + + --------------------------------------------------------------------- + --- OTP-25.3.2.8 ---------------------------------------------------- + --------------------------------------------------------------------- + + --- Improvements and New Features --- + + OTP-18896 Application(s): otp + + Updated copyright and license information. + + + --------------------------------------------------------------------- + --- asn1-5.0.21.1 --------------------------------------------------- + --------------------------------------------------------------------- + + The asn1-5.0.21.1 application can be applied independently of other + applications on a full OTP 25 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18844 Application(s): asn1 + + Fix benign warning from gcc 11 about mismatching call + to free(). + + + Full runtime dependencies of asn1-5.0.21.1: erts-11.0, kernel-7.0, + stdlib-3.13 + + + --------------------------------------------------------------------- + --- erl_interface-5.3.2.1 ------------------------------------------- + --------------------------------------------------------------------- + + The erl_interface-5.3.2.1 application can be applied independently of + other applications on a full OTP 25 installation. + + --- Improvements and New Features --- + + OTP-18877 Application(s): erl_interface, erts + + Replaced old md5 implementation with an implementation + from OpenSSL. + + + --------------------------------------------------------------------- + --- erts-13.2.2.5 --------------------------------------------------- + --------------------------------------------------------------------- + + Note! The erts-13.2.2.5 application *cannot* be applied independently + of other applications on an arbitrary OTP 25 installation. + + On a full OTP 25 installation, also the following runtime + dependencies have to be satisfied: + -- kernel-8.5 (first satisfied in OTP 25.1) + -- stdlib-4.1 (first satisfied in OTP 25.1) + + + --- Fixed Bugs and Malfunctions --- + + OTP-18802 Application(s): erts + + Fix faulty debug assert when page size is larger than + 16kb, like on PowerPC. Did crash debug VM directly at + start. + + + OTP-18838 Application(s): erts + Related Id(s): GH-7801, PR-7822 + + A process with message_queue_data configured as + off_heap could end up in an inconsistent state when + being receive traced, inspected using process_info/2 + with the message_queue_len item, or inspected using the + break menu (CTRL-C). When it ended up in this + inconsistent state, it was not enqueued into a run + queue even though it was set in a runnable state.This + also effected signals being sent to the process after + it had gotten into this inconsistent state, in such a + way that it was from this point not possible to + communicate with it. + + + OTP-18839 Application(s): erts + Related Id(s): GH-7801, PR-7822 + + A race occurring when a process was selected for dirty + execution simultaneously as it was scheduled for + handling a signal could cause the process to end up in + an inconsistent state. When it ended up in this + inconsistent state, it was not enqueued into a run + queue even though it was set in a runnable state. This + also effected signals being sent to the process after + it had gotten into this inconsistent state, in such a + way that it was from this point not possible to + communicate with it. + + + OTP-18841 Application(s): erts + Related Id(s): GH-7801, OTP-18737, PR-7822 + + When a process had to to wait in the run queue for a + long time before being selected for dirty execution, it + could not receive signals. This caused inspection of + such a process, for example using process_info/2, to + take a long time. + + This issue was introduced in OTP 25.3.2.6 and 26.1 when + fixing an issue where a constant flow of signals + prevented a process from being able to execute dirty. + + + OTP-18842 Application(s): erts + + Fixed a bug in the JIT that miscompiled large + select_val instructions. + + + OTP-18885 Application(s): erts + Related Id(s): GH-7834, GH-7890, PR-7915 + + On OTP 24 and OTP 25, incoming distributed messages + larger than 64 KiB sent using an alias leaked memory if + the alias had been removed prior to entering the node. + This issue was not present on OTP 26. + + Incoming distributed messages larger than 64 KiB sent + using an alias which had been removed on the receiving + node could crash the node. This crash was quite + unlikely on OTP 24 and OTP 25, but very likely on OTP + 26. + + 'DOWN' signals with exit reason larger than 64 KiB + directed towards a process on a node with a not + matching creation leaked memory on the receiving node. + Such signals should however be very rare. + + + OTP-18902 Application(s): erts + + Removed unnecessary PCRE source tar-ball. + + + --- Improvements and New Features --- + + OTP-18830 Application(s): erts + Related Id(s): PR-7823 + + Removed unnecessary regexp library used when generating + yielding BIFs. + + + OTP-18877 Application(s): erl_interface, erts + + Replaced old md5 implementation with an implementation + from OpenSSL. + + + OTP-18899 Application(s): erts + + Removed unused makewhatis script. + + + Full runtime dependencies of erts-13.2.2.5: kernel-8.5, sasl-3.3, + stdlib-4.1 + + + --------------------------------------------------------------------- + --- mnesia-4.21.4.2 ------------------------------------------------- + --------------------------------------------------------------------- + + The mnesia-4.21.4.2 application can be applied independently of other + applications on a full OTP 25 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18850 Application(s): mnesia + + mnesia:add_table_copy/3 no longer fails with reason + system_limit when the node is starting. + + + Full runtime dependencies of mnesia-4.21.4.2: erts-9.0, kernel-5.3, + stdlib-3.4 + + + --------------------------------------------------------------------- + --- public_key-1.13.3.2 --------------------------------------------- + --------------------------------------------------------------------- + + The public_key-1.13.3.2 application can be applied independently of + other applications on a full OTP 25 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18739 Application(s): public_key, ssl + + ssl application will validate id-kp-serverAuth and + id-kp-clientAuth extended key usage only in end entity + certificates. public_key application will disallow + "anyExtendedKeyUsage" for CA certificates that includes + the extended key usage extension and marks it critical. + + + Full runtime dependencies of public_key-1.13.3.2: asn1-3.0, + crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5 + + + --------------------------------------------------------------------- + --- ssh-4.15.3.1 ---------------------------------------------------- + --------------------------------------------------------------------- + + The ssh-4.15.3.1 application can be applied independently of other + applications on a full OTP 25 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18869 Application(s): ssh + Related Id(s): GH-7571, PR-7849 + + With this change, connection handler does not execute + socket operations until it becomes socket owner. + Previously errors could occur if connection handler + tried to work with socket whose owner exited. + + + OTP-18897 Application(s): ssh + + *** POTENTIAL INCOMPATIBILITY *** + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + 'chacha20-poly1305@openssh.com' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH. + + + Full runtime dependencies of ssh-4.15.3.1: crypto-5.0, erts-11.0, + kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15 + + + --------------------------------------------------------------------- + --- ssl-10.9.1.3 ---------------------------------------------------- + --------------------------------------------------------------------- + + Note! The ssl-10.9.1.3 application *cannot* be applied independently + of other applications on an arbitrary OTP 25 installation. + + On a full OTP 25 installation, also the following runtime + dependency has to be satisfied: + -- stdlib-4.1 (first satisfied in OTP 25.1) + + + --- Fixed Bugs and Malfunctions --- + + OTP-18739 Application(s): public_key, ssl + + ssl application will validate id-kp-serverAuth and + id-kp-clientAuth extended key usage only in end entity + certificates. public_key application will disallow + "anyExtendedKeyUsage" for CA certificates that includes + the extended key usage extension and marks it critical. + + + OTP-18886 Application(s): ssl + + Add missing export for connection_info() API type. + + + Full runtime dependencies of ssl-10.9.1.3: crypto-5.0, erts-10.0, + inets-5.10.7, kernel-8.4, public_key-1.11.3, runtime_tools-1.15.1, + stdlib-4.1 + + + --------------------------------------------------------------------- + --- wx-2.2.2.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + The wx-2.2.2.1 application can be applied independently of other + applications on a full OTP 25 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18768 Application(s): wx + Related Id(s): PR-7670 + + The wx application would fail to build on macOS with + Xcode 15. + + + Full runtime dependencies of wx-2.2.2.1: erts-12.0, kernel-8.0, + stdlib-3.15 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + -- cgit v1.2.3