aboutsummaryrefslogblamecommitdiffstats
path: root/release-notes/OTP-23.2.2.README.txt
blob: dc908139519964b79d401ce52dd6fc7933410056 (plain) (tree) 
6c988b7





























































































































































































































1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221





























































































































































































































                                                                      
Patch Package:           OTP 23.2.2
Git Tag:                 OTP-23.2.2
Date:                    2021-01-15
Trouble Report Id:       OTP-16607, OTP-17080, OTP-17088, OTP-17093,
                         OTP-17098, OTP-17099, OTP-17100
Seq num:                 ERIERL-580, ERIERL-585, ERL-1447
System:                  OTP
Release:                 23
Application:             crypto-4.8.2, erl_interface-4.0.2,
                         erts-11.1.6, megaco-3.19.5, odbc-2.13.2,
                         snmp-5.7.1, ssl-10.2.1
Predecessor:             OTP 23.2.1

 Check out the git tag OTP-23.2.2, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- OTP-23.2.2 ------------------------------------------------------
 ---------------------------------------------------------------------

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.


 ---------------------------------------------------------------------
 --- crypto-4.8.2 ----------------------------------------------------
 ---------------------------------------------------------------------

 The crypto-4.8.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.


 Full runtime dependencies of crypto-4.8.2: erts-9.0, kernel-5.3,
 stdlib-3.4


 ---------------------------------------------------------------------
 --- erl_interface-4.0.2 ---------------------------------------------
 ---------------------------------------------------------------------

 The erl_interface-4.0.2 application can be applied independently of
 other applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17099    Application(s): erl_interface
               Related Id(s): ERIERL-585

               Integers outside of the range [-(1 bsl 32) - 1, (1 bsl
               32) -1] were previously intended to be printed in an
               internal bignum format by ei_print_term() and
               ei_s_print_term(). Unfortunately the implementation has
               been buggy since OTP R13B02 and since then produced
               results with random content which also could crash the
               calling program.

               This fix replaces the printing of the internal format
               with printing in hexadecimal form and extend the range
               for printing in decimal form. Currently integers in the
               range [-(1 bsl 64), (1 bsl 64)] are printed in decimal
               form and integers outside of this range in Erlang
               hexadecimal form.


 --- Known Bugs and Problems ---

  OTP-16607    Application(s): erl_interface
               Related Id(s): OTP-16608

               The ei API for decoding/encoding terms is not fully
               64-bit compatible since terms that have a
               representation on the external term format larger than
               2 GB cannot be handled.


 ---------------------------------------------------------------------
 --- erts-11.1.6 -----------------------------------------------------
 ---------------------------------------------------------------------

 The erts-11.1.6 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17080    Application(s): erts

               The suspend_process() and resume_process() BIFs did not
               check their arguments properly which could cause an
               emulator crash.


  OTP-17088    Application(s): erts
               Related Id(s): ERIERL-580

               The runtime system would get into an infinite loop if
               the runtime system was started with more than 1023 file
               descriptors already open.


 Full runtime dependencies of erts-11.1.6: kernel-7.0, sasl-3.3,
 stdlib-3.13


 ---------------------------------------------------------------------
 --- megaco-3.19.5 ---------------------------------------------------
 ---------------------------------------------------------------------

 The megaco-3.19.5 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.


 Full runtime dependencies of megaco-3.19.5: asn1-3.0, debugger-4.0,
 erts-7.0, et-1.5, kernel-3.0, runtime_tools-1.8.14, stdlib-2.5


 ---------------------------------------------------------------------
 --- odbc-2.13.2 -----------------------------------------------------
 ---------------------------------------------------------------------

 The odbc-2.13.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.


 Full runtime dependencies of odbc-2.13.2: erts-6.0, kernel-3.0,
 stdlib-2.0


 ---------------------------------------------------------------------
 --- snmp-5.7.1 ------------------------------------------------------
 ---------------------------------------------------------------------

 The snmp-5.7.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.


 Full runtime dependencies of snmp-5.7.1: crypto-3.3, erts-6.0,
 kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5


 ---------------------------------------------------------------------
 --- ssl-10.2.1 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssl-10.2.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17098    Application(s): ssl

               Fix CVE-2020-35733 this only affects ssl-10.2
               (OTP-23.2). This vulnerability could enable a man in
               the middle attack using a fake chain to a known trusted
               ROOT. Also limits alternative chain handling, for
               handling of possibly extraneous certs, to improve
               memory management.


 --- Improvements and New Features ---

  OTP-17100    Application(s): ssl

               Add support for AES CCM based cipher suites defined in
               RFC 7251

               Also Correct cipher suite name conversion to OpenSSL
               names. A few names where corrected earlier in OTP-16267
               For backwards compatible reasons we support usage of
               openSSL names for cipher suites. Mostly anonymous
               suites names where incorrect, but also some legacy
               suites.


 Full runtime dependencies of ssl-10.2.1: crypto-4.2, erts-10.0,
 inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.12


 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-13 10:56:33 +0000