From 6c988b733b4100908ffc7a809be4c3e020258f27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Thu, 21 Jan 2021 15:11:50 +0100 Subject: OTP-23.2.3 OTP-23.2.2 OTP-22.3.4.15 OTP-22.3.4.14 OTP-21.3.8.19 --- early-plugins.mk | 12 +- release-notes/OTP-21.3.8.19.README.txt | 81 ++++++++++++ release-notes/OTP-22.3.4.14.README.txt | 73 +++++++++++ release-notes/OTP-22.3.4.15.README.txt | 38 ++++++ release-notes/OTP-23.2.2.README.txt | 221 +++++++++++++++++++++++++++++++++ release-notes/OTP-23.2.3.README.txt | 102 +++++++++++++++ 6 files changed, 521 insertions(+), 6 deletions(-) create mode 100644 release-notes/OTP-21.3.8.19.README.txt create mode 100644 release-notes/OTP-22.3.4.14.README.txt create mode 100644 release-notes/OTP-22.3.4.15.README.txt create mode 100644 release-notes/OTP-23.2.2.README.txt create mode 100644 release-notes/OTP-23.2.3.README.txt diff --git a/early-plugins.mk b/early-plugins.mk index 0703163..b295afa 100644 --- a/early-plugins.mk +++ b/early-plugins.mk @@ -26,9 +26,9 @@ OTP-18 := OTP-18.0.3 OTP-18.1.5 OTP-18.2.4 OTP-18.3.4.11 OTP-19 := OTP-19.0.7 OTP-19.1.6 OTP-19.2.3 OTP-19.3.6.13 OTP-20 := OTP-20.0.5 OTP-20.1.7 OTP-20.2.4 OTP-20.3.8.26 -OTP-21 := OTP-21.0.9 OTP-21.1.4 OTP-21.2.7 OTP-21.3.8.18 -OTP-22 := OTP-22.0.7 OTP-22.1.8 OTP-22.2.8 OTP-22.3.4.13 -OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.1 +OTP-21 := OTP-21.0.9 OTP-21.1.4 OTP-21.2.7 OTP-21.3.8.19 +OTP-22 := OTP-22.0.7 OTP-22.1.8 OTP-22.2.8 OTP-22.3.4.15 +OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.3 OTP-18+ := $(OTP-18) $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) OTP-19+ := $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) @@ -78,7 +78,7 @@ OTP-21-DROPPED := OTP-21.0-rc1 OTP-21.0-rc2 OTP-21.0 OTP-21.0.1 OTP-21.0.2 \ OTP-21.3.7 OTP-21.3.8 OTP-21.3.8.1 OTP-21.3.8.2 OTP-21.3.8.3 OTP-21.3.8.4 \ OTP-21.3.8.5 OTP-21.3.8.6 OTP-21.3.8.7 OTP-21.3.8.8 OTP-21.3.8.10 \ OTP-21.3.8.11 OTP-21.3.8.12 OTP-21.3.8.13 OTP-21.3.8.14 OTP-21.3.8.15 \ - OTP-21.3.8.16 OTP-21.3.8.17 + OTP-21.3.8.16 OTP-21.3.8.17 OTP-21.3.8.18 OTP-22-DROPPED := OTP-22.0-rc1 OTP-22.0-rc2 OTP-22.0-rc3 OTP-22.0 \ OTP-22.0.1 OTP-22.0.2 OTP-22.0.3 OTP-22.0.4 OTP-22.0.5 OTP-22.0.6 \ OTP-22.1 OTP-22.1.1 OTP-22.1.2 OTP-22.1.3 OTP-22.1.4 OTP-22.1.5 \ @@ -86,10 +86,10 @@ OTP-22-DROPPED := OTP-22.0-rc1 OTP-22.0-rc2 OTP-22.0-rc3 OTP-22.0 \ OTP-22.2.4 OTP-22.2.6 OTP-22.2.7 OTP-22.3 OTP-22.3.1 OTP-22.3.2 \ OTP-22.3.3 OTP-22.3.4 OTP-22.3.4.1 OTP-22.3.4.2 OTP-22.3.4.3 \ OTP-22.3.4.4 OTP-22.3.4.5 OTP-22.3.4.8 OTP-22.3.4.9 OTP-22.3.4.10 \ - OTP-22.3.4.11 OTP-22.3.4.12 + OTP-22.3.4.11 OTP-22.3.4.12 OTP-22.3.4.13 OTP-23-DROPPED := OTP-23.0-rc1 OTP-23.0-rc2 OTP-23.0-rc3 OTP-23.0 OTP-23.0.1 \ OTP-23.0.2 OTP-23.0.3 OTP-23.1 OTP-23.1.1 OTP-23.1.2 OTP-23.1.3 OTP-23.1.4 \ - OTP-23.2 + OTP-23.2 OTP-23.2.1 OTP-DROPPED := $(OTP-18-DROPPED) $(OTP-19-DROPPED) $(OTP-20-DROPPED) \ $(OTP-21-DROPPED) $(OTP-22-DROPPED) $(OTP-23-DROPPED) diff --git a/release-notes/OTP-21.3.8.19.README.txt b/release-notes/OTP-21.3.8.19.README.txt new file mode 100644 index 0000000..039d072 --- /dev/null +++ b/release-notes/OTP-21.3.8.19.README.txt @@ -0,0 +1,81 @@ +Patch Package: OTP 21.3.8.19 +Git Tag: OTP-21.3.8.19 +Date: 2021-01-20 +Trouble Report Id: OTP-16869, OTP-17080, OTP-17088, OTP-17107 +Seq num: ERIERL-580, ERL-1337 +System: OTP +Release: 21 +Application: crypto-4.4.2.3, erts-10.3.5.15 +Predecessor: OTP 21.3.8.18 + + Check out the git tag OTP-21.3.8.19, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- crypto-4.4.2.3 -------------------------------------------------- + --------------------------------------------------------------------- + + The crypto-4.4.2.3 application can be applied independently of other + applications on a full OTP 21 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17107 Application(s): crypto + + Adding missing flag in BN-calls in SRP. + + + Full runtime dependencies of crypto-4.4.2.3: erts-9.0, kernel-5.3, + stdlib-3.4 + + + --------------------------------------------------------------------- + --- erts-10.3.5.15 -------------------------------------------------- + --------------------------------------------------------------------- + + Note! The erts-10.3.5.15 application *cannot* be applied + independently of other applications on an arbitrary OTP 21 + installation. + + On a full OTP 21 installation, also the following runtime + dependencies have to be satisfied: + -- kernel-6.1 (first satisfied in OTP 21.1) + -- sasl-3.3 (first satisfied in OTP 21.2) + + + --- Fixed Bugs and Malfunctions --- + + OTP-16869 Application(s): erts + Related Id(s): ERL-1337 + + Fixed rare distribution bug in race between received + signal (link/monitor/spawn_request/spawn_reply) and + disconnection. Symptom: VM crash. Since: OTP 21.0. + + + OTP-17080 Application(s): erts + + The suspend_process() and resume_process() BIFs did not + check their arguments properly which could cause an + emulator crash. + + + OTP-17088 Application(s): erts + Related Id(s): ERIERL-580 + + The runtime system would get into an infinite loop if + the runtime system was started with more than 1023 file + descriptors already open. + + + Full runtime dependencies of erts-10.3.5.15: kernel-6.1, sasl-3.3, + stdlib-3.5 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + diff --git a/release-notes/OTP-22.3.4.14.README.txt b/release-notes/OTP-22.3.4.14.README.txt new file mode 100644 index 0000000..79304e8 --- /dev/null +++ b/release-notes/OTP-22.3.4.14.README.txt @@ -0,0 +1,73 @@ +Patch Package: OTP 22.3.4.14 +Git Tag: OTP-22.3.4.14 +Date: 2021-01-13 +Trouble Report Id: OTP-17073, OTP-17080, OTP-17088 +Seq num: ERIERL-580 +System: OTP +Release: 22 +Application: compiler-7.5.4.3, erts-10.7.2.7 +Predecessor: OTP 22.3.4.13 + + Check out the git tag OTP-22.3.4.14, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- compiler-7.5.4.3 ------------------------------------------------ + --------------------------------------------------------------------- + + The compiler-7.5.4.3 application can be applied independently of + other applications on a full OTP 22 installation. + + --- Improvements and New Features --- + + OTP-17073 Application(s): compiler + + Fixed a bug in the type optimization pass that could + yield incorrect values or cause the wrong clauses to be + executed. + + + Full runtime dependencies of compiler-7.5.4.3: crypto-3.6, erts-9.0, + hipe-3.12, kernel-4.0, stdlib-2.5 + + + --------------------------------------------------------------------- + --- erts-10.7.2.7 --------------------------------------------------- + --------------------------------------------------------------------- + + Note! The erts-10.7.2.7 application *cannot* be applied independently + of other applications on an arbitrary OTP 22 installation. + + On a full OTP 22 installation, also the following runtime + dependency has to be satisfied: + -- kernel-6.5.1 (first satisfied in OTP 22.2) + + + --- Fixed Bugs and Malfunctions --- + + OTP-17080 Application(s): erts + + The suspend_process() and resume_process() BIFs did not + check their arguments properly which could cause an + emulator crash. + + + OTP-17088 Application(s): erts + Related Id(s): ERIERL-580 + + The runtime system would get into an infinite loop if + the runtime system was started with more than 1023 file + descriptors already open. + + + Full runtime dependencies of erts-10.7.2.7: kernel-6.5.1, sasl-3.3, + stdlib-3.5 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + diff --git a/release-notes/OTP-22.3.4.15.README.txt b/release-notes/OTP-22.3.4.15.README.txt new file mode 100644 index 0000000..49d648a --- /dev/null +++ b/release-notes/OTP-22.3.4.15.README.txt @@ -0,0 +1,38 @@ +Patch Package: OTP 22.3.4.15 +Git Tag: OTP-22.3.4.15 +Date: 2021-01-20 +Trouble Report Id: OTP-17107 +Seq num: +System: OTP +Release: 22 +Application: crypto-4.6.5.2 +Predecessor: OTP 22.3.4.14 + + Check out the git tag OTP-22.3.4.15, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- crypto-4.6.5.2 -------------------------------------------------- + --------------------------------------------------------------------- + + The crypto-4.6.5.2 application can be applied independently of other + applications on a full OTP 22 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17107 Application(s): crypto + + Adding missing flag in BN-calls in SRP. + + + Full runtime dependencies of crypto-4.6.5.2: erts-9.0, kernel-5.3, + stdlib-3.4 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + diff --git a/release-notes/OTP-23.2.2.README.txt b/release-notes/OTP-23.2.2.README.txt new file mode 100644 index 0000000..dc90813 --- /dev/null +++ b/release-notes/OTP-23.2.2.README.txt @@ -0,0 +1,221 @@ +Patch Package: OTP 23.2.2 +Git Tag: OTP-23.2.2 +Date: 2021-01-15 +Trouble Report Id: OTP-16607, OTP-17080, OTP-17088, OTP-17093, + OTP-17098, OTP-17099, OTP-17100 +Seq num: ERIERL-580, ERIERL-585, ERL-1447 +System: OTP +Release: 23 +Application: crypto-4.8.2, erl_interface-4.0.2, + erts-11.1.6, megaco-3.19.5, odbc-2.13.2, + snmp-5.7.1, ssl-10.2.1 +Predecessor: OTP 23.2.1 + + Check out the git tag OTP-23.2.2, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- OTP-23.2.2 ------------------------------------------------------ + --------------------------------------------------------------------- + + --- Fixed Bugs and Malfunctions --- + + OTP-17093 Application(s): crypto, megaco, odbc, otp, snmp + Related Id(s): ERL-1447, PR-2948 + + Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure + script sources. + + + --------------------------------------------------------------------- + --- crypto-4.8.2 ---------------------------------------------------- + --------------------------------------------------------------------- + + The crypto-4.8.2 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17093 Application(s): crypto, megaco, odbc, otp, snmp + Related Id(s): ERL-1447, PR-2948 + + Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure + script sources. + + + Full runtime dependencies of crypto-4.8.2: erts-9.0, kernel-5.3, + stdlib-3.4 + + + --------------------------------------------------------------------- + --- erl_interface-4.0.2 --------------------------------------------- + --------------------------------------------------------------------- + + The erl_interface-4.0.2 application can be applied independently of + other applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17099 Application(s): erl_interface + Related Id(s): ERIERL-585 + + Integers outside of the range [-(1 bsl 32) - 1, (1 bsl + 32) -1] were previously intended to be printed in an + internal bignum format by ei_print_term() and + ei_s_print_term(). Unfortunately the implementation has + been buggy since OTP R13B02 and since then produced + results with random content which also could crash the + calling program. + + This fix replaces the printing of the internal format + with printing in hexadecimal form and extend the range + for printing in decimal form. Currently integers in the + range [-(1 bsl 64), (1 bsl 64)] are printed in decimal + form and integers outside of this range in Erlang + hexadecimal form. + + + --- Known Bugs and Problems --- + + OTP-16607 Application(s): erl_interface + Related Id(s): OTP-16608 + + The ei API for decoding/encoding terms is not fully + 64-bit compatible since terms that have a + representation on the external term format larger than + 2 GB cannot be handled. + + + --------------------------------------------------------------------- + --- erts-11.1.6 ----------------------------------------------------- + --------------------------------------------------------------------- + + The erts-11.1.6 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17080 Application(s): erts + + The suspend_process() and resume_process() BIFs did not + check their arguments properly which could cause an + emulator crash. + + + OTP-17088 Application(s): erts + Related Id(s): ERIERL-580 + + The runtime system would get into an infinite loop if + the runtime system was started with more than 1023 file + descriptors already open. + + + Full runtime dependencies of erts-11.1.6: kernel-7.0, sasl-3.3, + stdlib-3.13 + + + --------------------------------------------------------------------- + --- megaco-3.19.5 --------------------------------------------------- + --------------------------------------------------------------------- + + The megaco-3.19.5 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17093 Application(s): crypto, megaco, odbc, otp, snmp + Related Id(s): ERL-1447, PR-2948 + + Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure + script sources. + + + Full runtime dependencies of megaco-3.19.5: asn1-3.0, debugger-4.0, + erts-7.0, et-1.5, kernel-3.0, runtime_tools-1.8.14, stdlib-2.5 + + + --------------------------------------------------------------------- + --- odbc-2.13.2 ----------------------------------------------------- + --------------------------------------------------------------------- + + The odbc-2.13.2 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17093 Application(s): crypto, megaco, odbc, otp, snmp + Related Id(s): ERL-1447, PR-2948 + + Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure + script sources. + + + Full runtime dependencies of odbc-2.13.2: erts-6.0, kernel-3.0, + stdlib-2.0 + + + --------------------------------------------------------------------- + --- snmp-5.7.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + The snmp-5.7.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17093 Application(s): crypto, megaco, odbc, otp, snmp + Related Id(s): ERL-1447, PR-2948 + + Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure + script sources. + + + Full runtime dependencies of snmp-5.7.1: crypto-3.3, erts-6.0, + kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5 + + + --------------------------------------------------------------------- + --- ssl-10.2.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + The ssl-10.2.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17098 Application(s): ssl + + Fix CVE-2020-35733 this only affects ssl-10.2 + (OTP-23.2). This vulnerability could enable a man in + the middle attack using a fake chain to a known trusted + ROOT. Also limits alternative chain handling, for + handling of possibly extraneous certs, to improve + memory management. + + + --- Improvements and New Features --- + + OTP-17100 Application(s): ssl + + Add support for AES CCM based cipher suites defined in + RFC 7251 + + Also Correct cipher suite name conversion to OpenSSL + names. A few names where corrected earlier in OTP-16267 + For backwards compatible reasons we support usage of + openSSL names for cipher suites. Mostly anonymous + suites names where incorrect, but also some legacy + suites. + + + Full runtime dependencies of ssl-10.2.1: crypto-4.2, erts-10.0, + inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.12 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + diff --git a/release-notes/OTP-23.2.3.README.txt b/release-notes/OTP-23.2.3.README.txt new file mode 100644 index 0000000..db69d4e --- /dev/null +++ b/release-notes/OTP-23.2.3.README.txt @@ -0,0 +1,102 @@ +Patch Package: OTP 23.2.3 +Git Tag: OTP-23.2.3 +Date: 2021-01-20 +Trouble Report Id: OTP-17097, OTP-17107, OTP-17108, OTP-17110 +Seq num: ERIERL-586, ERL-1442 +System: OTP +Release: 23 +Application: crypto-4.8.3, erts-11.1.7, snmp-5.7.2, + ssh-4.10.7 +Predecessor: OTP 23.2.2 + + Check out the git tag OTP-23.2.3, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- crypto-4.8.3 ---------------------------------------------------- + --------------------------------------------------------------------- + + The crypto-4.8.3 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17107 Application(s): crypto + + Adding missing flag in BN-calls in SRP. + + + Full runtime dependencies of crypto-4.8.3: erts-9.0, kernel-5.3, + stdlib-3.4 + + + --------------------------------------------------------------------- + --- erts-11.1.7 ----------------------------------------------------- + --------------------------------------------------------------------- + + The erts-11.1.7 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Improvements and New Features --- + + OTP-17097 Application(s): erts + + Make windows installer remove write access rights for + non admin users when installing to a non default + directory. Reduces the risk for DLL sideloading, but + the user should always be aware of the access rights + for the installation. + + + Full runtime dependencies of erts-11.1.7: kernel-7.0, sasl-3.3, + stdlib-3.13 + + + --------------------------------------------------------------------- + --- snmp-5.7.2 ------------------------------------------------------ + --------------------------------------------------------------------- + + The snmp-5.7.2 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17110 Application(s): snmp + Related Id(s): ERIERL-586 + + [manager] Misspelled priv protocol (atom) made it + impossible to update usm user 'priv_key' configuration + for usmAesCfb128Protocol via function calls. + + + Full runtime dependencies of snmp-5.7.2: crypto-3.3, erts-6.0, + kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5 + + + --------------------------------------------------------------------- + --- ssh-4.10.7 ------------------------------------------------------ + --------------------------------------------------------------------- + + The ssh-4.10.7 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-17108 Application(s): ssh + Related Id(s): ERL-1442 + + The SSH daemon erroneously replaced LF with CRLF also + when there was no pty requested from the server. + + + Full runtime dependencies of ssh-4.10.7: crypto-4.6.4, erts-9.0, + kernel-5.3, public_key-1.6.1, stdlib-3.4.1 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + -- cgit v1.2.3