diff options
author | Loïc Hoguin <[email protected]> | 2025-01-14 13:19:05 +0100 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2025-01-14 13:19:05 +0100 |
commit | 331b3a7230119ed9bddd7c377e5728fe89ce1e4f (patch) | |
tree | be13b53c6e1eb60360ff99781c01f03f165d4de0 | |
parent | 1bdf6b0e2f6d913ff5854a093ba2541123be3267 (diff) | |
download | ci.erlang.mk-331b3a7230119ed9bddd7c377e5728fe89ce1e4f.tar.gz ci.erlang.mk-331b3a7230119ed9bddd7c377e5728fe89ce1e4f.tar.bz2 ci.erlang.mk-331b3a7230119ed9bddd7c377e5728fe89ce1e4f.zip |
OTP-26.2.5.6
-rw-r--r-- | early-plugins.mk | 4 | ||||
-rw-r--r-- | release-notes/OTP-26.2.5.6.README.txt | 261 |
2 files changed, 263 insertions, 2 deletions
diff --git a/early-plugins.mk b/early-plugins.mk index 85f7d77..bd8b8e4 100644 --- a/early-plugins.mk +++ b/early-plugins.mk @@ -20,7 +20,7 @@ OTP-22 := OTP-22.0.7 OTP-22.1.8 OTP-22.2.8 OTP-22.3.4.27 OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.7.3 OTP-23.3.4.20 OTP-24 := OTP-24.0.6 OTP-24.1.7 OTP-24.2.2 OTP-24.3.4.17 OTP-25 := OTP-25.0.4 OTP-25.1.2.1 OTP-25.2.3 OTP-25.3.2.15 -OTP-26 := OTP-26.0.2 OTP-26.1.2 OTP-26.2.5.5 +OTP-26 := OTP-26.0.2 OTP-26.1.2 OTP-26.2.5.6 OTP-27 := OTP-27.0.1 OTP-27.1.3 OTP-27.2 OTP-18+ := $(OTP-18) $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) $(OTP-24) $(OTP-25) $(OTP-26) $(OTP-27) @@ -119,7 +119,7 @@ OTP-25-DROPPED := OTP-25.0-rc1 OTP-25.0-rc2 OTP-25.0-rc3 OTP-25.0 \ OTP-25.2.1 OTP-25.2.2 OTP-25.3 OTP-25.3.1 OTP-25.3.2 OTP-25.3.2.1 OTP-25.3.2.2 \ OTP-25.3.2.3 OTP-25.3.2.4 OTP-25.3.2.5 OTP-25.3.2.6 OTP-25.3.2.7 OTP-25.3.2.8 OTP-25.3.2.9 OTP-25.3.2.10 OTP-25.3.2.11 OTP-25.3.2.12 OTP-25.3.2.13 OTP-25.3.2.14 OTP-26-DROPPED := OTP-26.0-rc3 \ - OTP-26.0 OTP-26.0.1 OTP-26.1 OTP-26.1.1 OTP-26.2 OTP-26.2.1 OTP-26.2.2 OTP-26.2.3 OTP-26.2.4 OTP-26.2.5 OTP-26.2.5.1 OTP-26.2.5.2 OTP-26.2.5.3 OTP-26.2.5.4 + OTP-26.0 OTP-26.0.1 OTP-26.1 OTP-26.1.1 OTP-26.2 OTP-26.2.1 OTP-26.2.2 OTP-26.2.3 OTP-26.2.4 OTP-26.2.5 OTP-26.2.5.1 OTP-26.2.5.2 OTP-26.2.5.3 OTP-26.2.5.4 OTP-26.2.5.5 OTP-27-DROPPED := OTP-27.0-rc1 OTP-27.0-rc2 \ OTP-27.1.2 diff --git a/release-notes/OTP-26.2.5.6.README.txt b/release-notes/OTP-26.2.5.6.README.txt new file mode 100644 index 0000000..13aada9 --- /dev/null +++ b/release-notes/OTP-26.2.5.6.README.txt @@ -0,0 +1,261 @@ +Patch Package: OTP 26.2.5.6 +Git Tag: OTP-26.2.5.6 +Date: 2024-12-05 +Trouble Report Id: OTP-19240, OTP-19330, OTP-19332, OTP-19350, + OTP-19352, OTP-19357, OTP-19365, OTP-19366, + OTP-19368, OTP-19379, OTP-19380 +Seq num: #8989, CVE-2024-53846, ERIERL-1134, + ERIERL-1154, ERIERL-1157, GH-8755, GH-8829, + GH-8983, GH-9009, OTP-19061, OTP-19240, + OTP-19532, PR-8840, PR-8878, PR-9008, + PR-9053, PR-9080, PR-9093, PR-9130 +System: OTP +Release: 26 +Application: common_test-1.26.2.3, erts-14.2.5.5, + inets-9.1.0.2, kernel-9.2.4.4, + mnesia-4.23.1.1, public_key-1.15.1.4, + ssl-11.1.4.6, stdlib-5.2.3.3 +Predecessor: OTP 26.2.5.5 + + Check out the git tag OTP-26.2.5.6, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- common_test-1.26.2.3 -------------------------------------------- + --------------------------------------------------------------------- + + The common_test-1.26.2.3 application can be applied independently of + other applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19365 Application(s): common_test + Related Id(s): ERIERL-1157, PR-9080 + + With this change, cth_surefire hook module handles + group path reduction for a skipped group. This fixes a + bug manifesting with improper group path for a group + executed after a group which was skipped. + + + Full runtime dependencies of common_test-1.26.2.3: compiler-6.0, + crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4, + observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, + stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8 + + + --------------------------------------------------------------------- + --- erts-14.2.5.5 --------------------------------------------------- + --------------------------------------------------------------------- + + The erts-14.2.5.5 application can be applied independently of other + applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19330 Application(s): erts + Related Id(s): GH-8983, PR-9008 + + Fix lock order violation if a NIF monitor down callback + calls enif_whereis_pid. Would cause debug emulator to + crash but could potentially lead to deadlocks in + optimized emulator. + + + OTP-19332 Application(s): erts, kernel + Related Id(s): #8989 + + gen_udp:send on domain local can leak inet_reply + messages. + + + OTP-19366 Application(s): erts, kernel + Related Id(s): ERIERL-1134, OTP-19061 + + net:getifaddrs does not properly report the running + flag on windows. + + + Full runtime dependencies of erts-14.2.5.5: kernel-9.0, sasl-3.3, + stdlib-4.1 + + + --------------------------------------------------------------------- + --- inets-9.1.0.2 --------------------------------------------------- + --------------------------------------------------------------------- + + The inets-9.1.0.2 application can be applied independently of other + applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19379 Application(s): inets + Related Id(s): GH-8829, PR-8878 + + Fixed a bug where calling httpc:set_options/2 when one + of keys: ipfamily or unix_socket, was not present, + would cause the other value to get overriden by the + default value. The validation of these options was also + improved. + + + Full runtime dependencies of inets-9.1.0.2: erts-14.0, kernel-9.0, + mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, + stdlib-5.0, stdlib-5.0 + + + --------------------------------------------------------------------- + --- kernel-9.2.4.4 -------------------------------------------------- + --------------------------------------------------------------------- + + The kernel-9.2.4.4 application can be applied independently of other + applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19332 Application(s): erts, kernel + Related Id(s): #8989 + + gen_udp:send on domain local can leak inet_reply + messages. + + + OTP-19357 Application(s): kernel + + Failure to create an UDP IPv6 socket when inet_backend + = socket with certain IPv6 socket options. + + + OTP-19366 Application(s): erts, kernel + Related Id(s): ERIERL-1134, OTP-19061 + + net:getifaddrs does not properly report the running + flag on windows. + + + Full runtime dependencies of kernel-9.2.4.4: crypto-5.0, erts-14.0, + sasl-3.0, stdlib-5.0 + + + --------------------------------------------------------------------- + --- mnesia-4.23.1.1 ------------------------------------------------- + --------------------------------------------------------------------- + + The mnesia-4.23.1.1 application can be applied independently of other + applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19368 Application(s): mnesia + Related Id(s): ERIERL-1154, PR-9093 + + Mnesia could crash if table was deleted during + checkpoint initialization. + + + Full runtime dependencies of mnesia-4.23.1.1: erts-9.0, kernel-5.3, + stdlib-5.0 + + + --------------------------------------------------------------------- + --- public_key-1.15.1.4 --------------------------------------------- + --------------------------------------------------------------------- + + The public_key-1.15.1.4 application can be applied independently of + other applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19240 Application(s): public_key + Related Id(s): PR-8840, OTP-19532 + + If both ext-key-usage and key-usage are defined for a + certificate it should be checked that these usages are + consistent with each other. This will have the affect + that such certificates where the ext-key-usages is + marked as critical and the usages is consistent with + the key-use it can be considered valid without + mandatory application specific checks for the + ext-key-useage extension. + + + OTP-19350 Application(s): public_key + Related Id(s): GH-9009, PR-9053 + + Handle decoding of EDDSA key properly, when decoding a + PEM file that contains only the public EDDSA key. + + + Full runtime dependencies of public_key-1.15.1.4: asn1-3.0, + crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5 + + + --------------------------------------------------------------------- + --- ssl-11.1.4.6 ---------------------------------------------------- + --------------------------------------------------------------------- + + The ssl-11.1.4.6 application can be applied independently of other + applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19352 Application(s): ssl + Related Id(s): PR-9130, CVE-2024-53846, OTP-19240 + + If present, extended key-usage TLS (SSL) role check + (pk-clientAuth, pk-serverAuth) should always be + performed for peer-cert. An intermediate CA cert may + relax the requirement if AnyExtendedKeyUsage purpose is + present. + + In OTP-25.3.2.8, OTP-26.2 and OTP-27.0 these + requirements became too relaxed. There where two + problems, firstly the peer cert extension was only + checked if it was marked critical, and secondly the CA + cert check did not assert the relaxed + AnyExtendedKeyUsage purpose. + + This could result in that certificates might be misused + for purposes not intended by the certificate authority. + + Thanks to Bryan Paxton for reporting the issue. + + + Full runtime dependencies of ssl-11.1.4.6: crypto-5.0, erts-14.0, + inets-5.10.7, kernel-9.0, public_key-1.11.3, runtime_tools-1.15.1, + stdlib-4.1 + + + --------------------------------------------------------------------- + --- stdlib-5.2.3.3 -------------------------------------------------- + --------------------------------------------------------------------- + + The stdlib-5.2.3.3 application can be applied independently of other + applications on a full OTP 26 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19380 Application(s): stdlib + Related Id(s): GH-8755 + + Fixed an error in uri_string:percent_decode spec + + + Full runtime dependencies of stdlib-5.2.3.3: compiler-5.0, + crypto-4.5, erts-13.1, kernel-9.0, sasl-3.0 + + + --------------------------------------------------------------------- + --- Thanks to ------------------------------------------------------- + --------------------------------------------------------------------- + + Marko Mindek + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + |