diff options
author | Loïc Hoguin <[email protected]> | 2025-01-14 13:17:19 +0100 |
---|---|---|
committer | Loïc Hoguin <[email protected]> | 2025-01-14 13:17:19 +0100 |
commit | e1beb81ca65383e247171035e8b7a5db8e94538f (patch) | |
tree | 0c49dfd6eae7a321f4e8c7f520e66e1456ec33d4 | |
parent | aa07e0b343e52a3a1246de37f8c863c21b7fd2b1 (diff) | |
download | ci.erlang.mk-e1beb81ca65383e247171035e8b7a5db8e94538f.tar.gz ci.erlang.mk-e1beb81ca65383e247171035e8b7a5db8e94538f.tar.bz2 ci.erlang.mk-e1beb81ca65383e247171035e8b7a5db8e94538f.zip |
OTP-27.1.3
-rw-r--r-- | early-plugins.mk | 2 | ||||
-rw-r--r-- | release-notes/OTP-27.1.3.README.txt | 234 |
2 files changed, 235 insertions, 1 deletions
diff --git a/early-plugins.mk b/early-plugins.mk index 60ae356..16b75d7 100644 --- a/early-plugins.mk +++ b/early-plugins.mk @@ -21,7 +21,7 @@ OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.7.3 OTP-23.3.4.20 OTP-24 := OTP-24.0.6 OTP-24.1.7 OTP-24.2.2 OTP-24.3.4.17 OTP-25 := OTP-25.0.4 OTP-25.1.2.1 OTP-25.2.3 OTP-25.3.2.15 OTP-26 := OTP-26.0.2 OTP-26.1.2 OTP-26.2.5.5 -OTP-27 := OTP-27.0.1 OTP-27.1.2 +OTP-27 := OTP-27.0.1 OTP-27.1.3 OTP-18+ := $(OTP-18) $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) $(OTP-24) $(OTP-25) $(OTP-26) $(OTP-27) OTP-19+ := $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) $(OTP-24) $(OTP-25) $(OTP-26) $(OTP-27) diff --git a/release-notes/OTP-27.1.3.README.txt b/release-notes/OTP-27.1.3.README.txt new file mode 100644 index 0000000..4f2f4ea --- /dev/null +++ b/release-notes/OTP-27.1.3.README.txt @@ -0,0 +1,234 @@ +Patch Package: OTP 27.1.3 +Git Tag: OTP-27.1.3 +Date: 2024-12-05 +Trouble Report Id: OTP-19240, OTP-19293, OTP-19311, OTP-19325, + OTP-19326, OTP-19328, OTP-19332, OTP-19340, + OTP-19350, OTP-19352, OTP-19357, OTP-19365, + OTP-19366, OTP-19374 +Seq num: #8989, CVE-2024-53846, ERIERL-1134, + ERIERL-1139, ERIERL-1147, ERIERL-1157, + GH-8929, GH-9009, GH-9014, GH-9100, + OTP-19061, OTP-19240, OTP-19532, PR-8840, + PR-8924, PR-8931, PR-8980, PR-8995, PR-9001, + PR-9024, PR-9053, PR-9080, PR-9111, PR-9130 +System: OTP +Release: 27 +Application: common_test-1.27.4, compiler-8.5.3, + erts-15.1.3, kernel-10.1.2, + public_key-1.16.4, ssh-5.2.4, ssl-11.2.5 +Predecessor: OTP 27.1.2 + +Check out the git tag OTP-27.1.3, and build a full OTP system including +documentation. Apply one or more applications from this build as patches to your +installation using the 'otp_patch_apply' tool. For information on install +requirements, see descriptions for each application version below. + +# common_test-1.27.4 + +The common_test-1.27.4 application can be applied independently of other +applications on a full OTP 27 installation. + +## Fixed Bugs and Malfunctions + +- With this change, cth_surefire hook module handles group path reduction for a + skipped group. This fixes a bug manifesting with improper group path for a + group executed after a group which was skipped. + + Own Id: OTP-19365 + Related Id(s): ERIERL-1157, PR-9080 + +## Improvements and New Features + +- With this change, prefix option can be specified in cth_conn_log option list. + Option allows to specify how much of additional information is added in raw + log output. + + Own Id: OTP-19293 + Related Id(s): ERIERL-1139, PR-8924, PR-8931 + +> #### Full runtime dependencies of common_test-1.27.4 +> +> compiler-6.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, +> kernel-8.4, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, +> stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8 + +# compiler-8.5.3 + +The compiler-8.5.3 application can be applied independently of other +applications on a full OTP 27 installation. + +## Fixed Bugs and Malfunctions + +- In rare circumstances, the destructive tuple update optimization could be + applied when it was unsafe. + + Own Id: OTP-19340 + Related Id(s): GH-9014, PR-9024 + +- In rare circumstances involving appending to multiple binaries, the compile + could emit unsafe code that would crash the runtime system. + + Own Id: OTP-19374 + Related Id(s): GH-9100, PR-9111 + +> #### Full runtime dependencies of compiler-8.5.3 +> +> crypto-5.1, erts-13.0, kernel-8.4, stdlib-6.0 + +# erts-15.1.3 + +The erts-15.1.3 application can be applied independently of other applications +on a full OTP 27 installation. + +## Fixed Bugs and Malfunctions + +- gen_udp:send on domain local can leak inet_reply messages. + + Own Id: OTP-19332 + Related Id(s): #8989 + +- net:getifaddrs does not properly report the running flag on windows. + + Own Id: OTP-19366 + Related Id(s): ERIERL-1134, OTP-19061 + +> #### Full runtime dependencies of erts-15.1.3 +> +> kernel-9.0, sasl-3.3, stdlib-4.1 + +# kernel-10.1.2 + +Note! The kernel-10.1.2 application _cannot_ be applied independently of other +applications on an arbitrary OTP 27 installation. + + On a full OTP 27 installation, also the following runtime + dependency has to be satisfied: + -- erts-15.1 (first satisfied in OTP 27.1) + +## Fixed Bugs and Malfunctions + +- On windows the socket:recv could return with success ({ok, Data}) even though + not all data had been read. + + Own Id: OTP-19328 + +- gen_udp:send on domain local can leak inet_reply messages. + + Own Id: OTP-19332 + Related Id(s): #8989 + +- Failure to create an UDP IPv6 socket when inet_backend = socket with certain + IPv6 socket options. + + Own Id: OTP-19357 + +- net:getifaddrs does not properly report the running flag on windows. + + Own Id: OTP-19366 + Related Id(s): ERIERL-1134, OTP-19061 + +> #### Full runtime dependencies of kernel-10.1.2 +> +> crypto-5.0, erts-15.1, sasl-3.0, stdlib-6.0 + +# public_key-1.16.4 + +The public_key-1.16.4 application can be applied independently of other +applications on a full OTP 27 installation. + +## Fixed Bugs and Malfunctions + +- If both `ext-key-usage` and `key-usage` are defined for a certificate it + should be checked that these usages are consistent with each other. This will + have the affect that such certificates where the `ext-key-usages` is marked as + critical and the usages is consistent with the `key-use` it can be considered + valid without mandatory application specific checks for the `ext-key-useage` + extension. + + Own Id: OTP-19240 + Related Id(s): PR-8840, OTP-19532 + +- Handle decoding of EDDSA key properly, when decoding a PEM file that contains + only the public EDDSA key. + + Own Id: OTP-19350 + Related Id(s): GH-9009, PR-9053 + +> #### Full runtime dependencies of public_key-1.16.4 +> +> asn1-3.0, crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5 + +# ssh-5.2.4 + +The ssh-5.2.4 application can be applied independently of other applications on +a full OTP 27 installation. + +## Fixed Bugs and Malfunctions + +- With this change, ssh connection does not crash upon receiving exit-signal + message for an already terminated channel. + + Own Id: OTP-19326 + Related Id(s): GH-8929, PR-8995 + +> #### Full runtime dependencies of ssh-5.2.4 +> +> crypto-5.0, erts-14.0, kernel-9.0, public_key-1.6.1, runtime_tools-1.15.1, +> stdlib-5.0, stdlib-6.0 + +# ssl-11.2.5 + +Note! The ssl-11.2.5 application _cannot_ be applied independently of other +applications on an arbitrary OTP 27 installation. + + On a full OTP 27 installation, also the following runtime + dependency has to be satisfied: + -- public_key-1.16.4 (first satisfied in OTP 27.1.3) + +## Fixed Bugs and Malfunctions + +- Avoid generating an internal alert for case that should have been an orderly + shutdown by the supervisor. + + Own Id: OTP-19311 + Related Id(s): PR-8980 + +- If present, extended key-usage TLS (SSL) role check (`pk-clientAuth`, + `pk-serverAuth`) should always be performed for peer-cert. An intermediate CA + cert may relax the requirement if `AnyExtendedKeyUsage` purpose is present. + + In OTP-25.3.2.8, OTP-26.2 and OTP-27.0 these requirements became too relaxed. + There where two problems, firstly the peer cert extension was only checked if + it was marked critical, and secondly the CA cert check did not assert the + relaxed `AnyExtendedKeyUsage` purpose. + + This could result in that certificates might be misused for purposes not + intended by the certificate authority. + + Thanks to Bryan Paxton for reporting the issue. + + Own Id: OTP-19352 + Related Id(s): PR-9130, CVE-2024-53846, OTP-19240 + +## Improvements and New Features + +- Back port certificate_authorities option for TLS-1.3 servers to pre TLS-1.3 + servers to enable them to disable the sending of certificate authorities in + their certificate request. This will have same affect as the the TLS-1.3 + server option although it is handled by a different mechanism in these + versions, where the functionality is described to be more of a guidance, + although some pre TLS clients have proven to make it mandatory as in TLS-1.3 + extension handling. + + Own Id: OTP-19325 + Related Id(s): ERIERL-1147, PR-9001 + +> #### Full runtime dependencies of ssl-11.2.5 +> +> crypto-5.0, erts-15.0, inets-5.10.7, kernel-9.0, public_key-1.16.4, +> runtime_tools-1.15.1, stdlib-6.0 + +# Thanks to + +Frej Drejhammar, zmstone + |