diff options
| -rw-r--r-- | early-plugins.mk | 4 | ||||
| -rw-r--r-- | release-notes/OTP-25.3.2.16.README.txt | 240 |
2 files changed, 242 insertions, 2 deletions
diff --git a/early-plugins.mk b/early-plugins.mk index bd8b8e4..39702fb 100644 --- a/early-plugins.mk +++ b/early-plugins.mk @@ -19,7 +19,7 @@ OTP-21 := OTP-21.0.9 OTP-21.1.4 OTP-21.2.7 OTP-21.3.8.24 OTP-22 := OTP-22.0.7 OTP-22.1.8 OTP-22.2.8 OTP-22.3.4.27 OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.7.3 OTP-23.3.4.20 OTP-24 := OTP-24.0.6 OTP-24.1.7 OTP-24.2.2 OTP-24.3.4.17 -OTP-25 := OTP-25.0.4 OTP-25.1.2.1 OTP-25.2.3 OTP-25.3.2.15 +OTP-25 := OTP-25.0.4 OTP-25.1.2.1 OTP-25.2.3 OTP-25.3.2.16 OTP-26 := OTP-26.0.2 OTP-26.1.2 OTP-26.2.5.6 OTP-27 := OTP-27.0.1 OTP-27.1.3 OTP-27.2 @@ -117,7 +117,7 @@ OTP-24-DROPPED := OTP-24.0-rc2 OTP-24.0-rc3 OTP-24.0 OTP-24.0.1 OTP-24.0.5 \ OTP-25-DROPPED := OTP-25.0-rc1 OTP-25.0-rc2 OTP-25.0-rc3 OTP-25.0 \ OTP-25.0.1 OTP-25.0.2 OTP-25.0.3 OTP-25.1 OTP-25.1.1 OTP-25.1.2 OTP-25.2 \ OTP-25.2.1 OTP-25.2.2 OTP-25.3 OTP-25.3.1 OTP-25.3.2 OTP-25.3.2.1 OTP-25.3.2.2 \ - OTP-25.3.2.3 OTP-25.3.2.4 OTP-25.3.2.5 OTP-25.3.2.6 OTP-25.3.2.7 OTP-25.3.2.8 OTP-25.3.2.9 OTP-25.3.2.10 OTP-25.3.2.11 OTP-25.3.2.12 OTP-25.3.2.13 OTP-25.3.2.14 + OTP-25.3.2.3 OTP-25.3.2.4 OTP-25.3.2.5 OTP-25.3.2.6 OTP-25.3.2.7 OTP-25.3.2.8 OTP-25.3.2.9 OTP-25.3.2.10 OTP-25.3.2.11 OTP-25.3.2.12 OTP-25.3.2.13 OTP-25.3.2.14 OTP-25.3.2.15 OTP-26-DROPPED := OTP-26.0-rc3 \ OTP-26.0 OTP-26.0.1 OTP-26.1 OTP-26.1.1 OTP-26.2 OTP-26.2.1 OTP-26.2.2 OTP-26.2.3 OTP-26.2.4 OTP-26.2.5 OTP-26.2.5.1 OTP-26.2.5.2 OTP-26.2.5.3 OTP-26.2.5.4 OTP-26.2.5.5 OTP-27-DROPPED := OTP-27.0-rc1 OTP-27.0-rc2 \ diff --git a/release-notes/OTP-25.3.2.16.README.txt b/release-notes/OTP-25.3.2.16.README.txt new file mode 100644 index 0000000..8851d88 --- /dev/null +++ b/release-notes/OTP-25.3.2.16.README.txt @@ -0,0 +1,240 @@ +Patch Package: OTP 25.3.2.16 +Git Tag: OTP-25.3.2.16 +Date: 2024-12-05 +Trouble Report Id: OTP-19240, OTP-19311, OTP-19326, OTP-19330, + OTP-19350, OTP-19352, OTP-19365, OTP-19379, + OTP-19380 +Seq num: CVE-2024-53846, ERIERL-1157, GH-8755, + GH-8829, GH-8929, GH-8983, GH-9009, + OTP-19240, OTP-19532, PR-8840, PR-8878, + PR-8980, PR-8995, PR-9008, PR-9053, PR-9080, + PR-9130 +System: OTP +Release: 25 +Application: common_test-1.24.0.5, erts-13.2.2.12, + inets-8.3.1.5, public_key-1.13.3.5, + ssh-4.15.3.8, ssl-10.9.1.7, stdlib-4.3.1.6 +Predecessor: OTP 25.3.2.15 + + Check out the git tag OTP-25.3.2.16, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- common_test-1.24.0.5 -------------------------------------------- + --------------------------------------------------------------------- + + The common_test-1.24.0.5 application can be applied independently of + other applications on a full OTP 25 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19365 Application(s): common_test + Related Id(s): ERIERL-1157, PR-9080 + + With this change, cth_surefire hook module handles + group path reduction for a skipped group. This fixes a + bug manifesting with improper group path for a group + executed after a group which was skipped. + + + Full runtime dependencies of common_test-1.24.0.5: compiler-6.0, + crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4, + observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, + stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8 + + + --------------------------------------------------------------------- + --- erts-13.2.2.12 -------------------------------------------------- + --------------------------------------------------------------------- + + Note! The erts-13.2.2.12 application *cannot* be applied + independently of other applications on an arbitrary OTP 25 + installation. + + On a full OTP 25 installation, also the following runtime + dependencies have to be satisfied: + -- kernel-8.5 (first satisfied in OTP 25.1) + -- stdlib-4.1 (first satisfied in OTP 25.1) + + + --- Fixed Bugs and Malfunctions --- + + OTP-19330 Application(s): erts + Related Id(s): GH-8983, PR-9008 + + Fix lock order violation if a NIF monitor down callback + calls enif_whereis_pid. Would cause debug emulator to + crash but could potentially lead to deadlocks in + optimized emulator. + + + Full runtime dependencies of erts-13.2.2.12: kernel-8.5, sasl-3.3, + stdlib-4.1 + + + --------------------------------------------------------------------- + --- inets-8.3.1.5 --------------------------------------------------- + --------------------------------------------------------------------- + + The inets-8.3.1.5 application can be applied independently of other + applications on a full OTP 25 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19379 Application(s): inets + Related Id(s): GH-8829, PR-8878 + + Fixed a bug where calling httpc:set_options/2 when one + of keys: ipfamily or unix_socket, was not present, + would cause the other value to get overriden by the + default value. The validation of these options was also + improved. + + + Full runtime dependencies of inets-8.3.1.5: erts-13.0, kernel-6.0, + mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, + stdlib-4.0 + + + --------------------------------------------------------------------- + --- public_key-1.13.3.5 --------------------------------------------- + --------------------------------------------------------------------- + + The public_key-1.13.3.5 application can be applied independently of + other applications on a full OTP 25 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19240 Application(s): public_key + Related Id(s): PR-8840, OTP-19532 + + If both ext-key-usage and key-usage are defined for a + certificate it should be checked that these usages are + consistent with each other. This will have the affect + that such certificates where the ext-key-usages is + marked as critical and the usages is consistent with + the key-use it can be considered valid without + mandatory application specific checks for the + ext-key-useage extension. + + + OTP-19350 Application(s): public_key + Related Id(s): GH-9009, PR-9053 + + Handle decoding of EDDSA key properly, when decoding a + PEM file that contains only the public EDDSA key. + + + Full runtime dependencies of public_key-1.13.3.5: asn1-3.0, + crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5 + + + --------------------------------------------------------------------- + --- ssh-4.15.3.8 ---------------------------------------------------- + --------------------------------------------------------------------- + + The ssh-4.15.3.8 application can be applied independently of other + applications on a full OTP 25 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-19326 Application(s): ssh + Related Id(s): GH-8929, PR-8995 + + With this change, ssh connection does not crash upon + receiving exit-signal message for an already terminated + channel. + + + Full runtime dependencies of ssh-4.15.3.8: crypto-5.0, erts-11.0, + kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15 + + + --------------------------------------------------------------------- + --- ssl-10.9.1.7 ---------------------------------------------------- + --------------------------------------------------------------------- + + Note! The ssl-10.9.1.7 application *cannot* be applied independently + of other applications on an arbitrary OTP 25 installation. + + On a full OTP 25 installation, also the following runtime + dependency has to be satisfied: + -- stdlib-4.1 (first satisfied in OTP 25.1) + + + --- Fixed Bugs and Malfunctions --- + + OTP-19311 Application(s): ssl + Related Id(s): PR-8980 + + Avoid generating an internal alert for case that should + have been an orderly shutdown by the supervisor. + + + OTP-19352 Application(s): ssl + Related Id(s): PR-9130, CVE-2024-53846, OTP-19240 + + If present, extended key-usage TLS (SSL) role check + (pk-clientAuth, pk-serverAuth) should always be + performed for peer-cert. An intermediate CA cert may + relax the requirement if AnyExtendedKeyUsage purpose is + present. + + In OTP-25.3.2.8, OTP-26.2 and OTP-27.0 these + requirements became too relaxed. There where two + problems, firstly the peer cert extension was only + checked if it was marked critical, and secondly the CA + cert check did not assert the relaxed + AnyExtendedKeyUsage purpose. + + This could result in that certificates might be misused + for purposes not intended by the certificate authority. + + Thanks to Bryan Paxton for reporting the issue. + + + Full runtime dependencies of ssl-10.9.1.7: crypto-5.0, erts-10.0, + inets-5.10.7, kernel-8.4, public_key-1.11.3, runtime_tools-1.15.1, + stdlib-4.1 + + + --------------------------------------------------------------------- + --- stdlib-4.3.1.6 -------------------------------------------------- + --------------------------------------------------------------------- + + Note! The stdlib-4.3.1.6 application *cannot* be applied + independently of other applications on an arbitrary OTP 25 + installation. + + On a full OTP 25 installation, also the following runtime + dependencies have to be satisfied: + -- erts-13.1 (first satisfied in OTP 25.1) + -- kernel-8.5.1 (first satisfied in OTP 25.1.1) + + + --- Fixed Bugs and Malfunctions --- + + OTP-19380 Application(s): stdlib + Related Id(s): GH-8755 + + Fixed an error in uri_string:percent_decode spec + + + Full runtime dependencies of stdlib-4.3.1.6: compiler-5.0, + crypto-4.5, erts-13.1, kernel-8.5.1, sasl-3.0 + + + --------------------------------------------------------------------- + --- Thanks to ------------------------------------------------------- + --------------------------------------------------------------------- + + Marko Mindek, zmstone + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + |