From 8a958c33c66559b954e36b13a06002f9c62885f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Wed, 23 Sep 2020 17:32:30 +0200 Subject: OTP-23.1 Also fix the path for OTP-23.0 on Windows. --- early-plugins.mk | 7 +- release-notes/OTP-23.1.README.txt | 1210 +++++++++++++++++++++++++++++++++++++ 2 files changed, 1214 insertions(+), 3 deletions(-) create mode 100644 release-notes/OTP-23.1.README.txt diff --git a/early-plugins.mk b/early-plugins.mk index 891949a..6d7b3f5 100644 --- a/early-plugins.mk +++ b/early-plugins.mk @@ -28,7 +28,7 @@ OTP-19 := OTP-19.0.7 OTP-19.1.6 OTP-19.2.3 OTP-19.3.6.13 OTP-20 := OTP-20.0.5 OTP-20.1.7 OTP-20.2.4 OTP-20.3.8.26 OTP-21 := OTP-21.0.9 OTP-21.1.4 OTP-21.2.7 OTP-21.3.8.17 OTP-22 := OTP-22.0.7 OTP-22.1.8 OTP-22.2.8 OTP-22.3.4.10 -OTP-23 := OTP-23.0.4 +OTP-23 := OTP-23.0.4 OTP-23.1 OTP-18+ := $(OTP-18) $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) OTP-19+ := $(OTP-19) $(OTP-20) $(OTP-21) $(OTP-22) $(OTP-23) @@ -165,7 +165,7 @@ WINDOWS-OTP-19 := 19.0 19.1 19.2 19.3 WINDOWS-OTP-20 := 20.0 20.1 20.2 20.3 WINDOWS-OTP-21 := 21.0.1 21.1 21.2 21.3 WINDOWS-OTP-22 := 22.0 22.1 22.2 22.3 -WINDOWS-OTP-23 := 23.0 +WINDOWS-OTP-23 := 23.0 23.1 WINDOWS-OTP-18+ := $(WINDOWS-OTP-18) $(WINDOWS-OTP-19) $(WINDOWS-OTP-20) $(WINDOWS-OTP-21) \ $(WINDOWS-OTP-22) $(WINDOWS-OTP-23) @@ -218,7 +218,8 @@ WINDOWS-OTP-22.1-INSTALL-DIR := $(call msys2_path,$(PROGRAMFILES)/erl10.5/bin) WINDOWS-OTP-22.2-INSTALL-DIR := $(call msys2_path,$(PROGRAMFILES)/erl10.6/bin) WINDOWS-OTP-22.3-INSTALL-DIR := $(call msys2_path,$(PROGRAMFILES)/erl10.7/bin) -WINDOWS-OTP-23.0-INSTALL-DIR := $(call msys2_path,$(PROGRAMFILES)/erl11.0/bin) +WINDOWS-OTP-23.0-INSTALL-DIR := $(call msys2_path,$(PROGRAMFILES)/erl-23.0/bin) +WINDOWS-OTP-23.1-INSTALL-DIR := $(call msys2_path,$(PROGRAMFILES)/erl-23.1/bin) # We have to duplicate this for it to work as # it is not yet defined when we define this. diff --git a/release-notes/OTP-23.1.README.txt b/release-notes/OTP-23.1.README.txt new file mode 100644 index 0000000..4d30b2e --- /dev/null +++ b/release-notes/OTP-23.1.README.txt @@ -0,0 +1,1210 @@ +Patch Package: OTP 23.1 +Git Tag: OTP-23.1 +Date: 2020-09-23 +Trouble Report Id: OTP-14106, OTP-15130, OTP-15187, OTP-15767, + OTP-15855, OTP-16411, OTP-16448, OTP-16591, + OTP-16592, OTP-16607, OTP-16625, OTP-16650, + OTP-16655, OTP-16658, OTP-16661, OTP-16663, + OTP-16674, OTP-16675, OTP-16694, OTP-16697, + OTP-16700, OTP-16701, OTP-16705, OTP-16707, + OTP-16710, OTP-16713, OTP-16715, OTP-16716, + OTP-16732, OTP-16734, OTP-16735, OTP-16737, + OTP-16738, OTP-16739, OTP-16740, OTP-16741, + OTP-16742, OTP-16743, OTP-16744, OTP-16746, + OTP-16748, OTP-16751, OTP-16753, OTP-16754, + OTP-16755, OTP-16760, OTP-16761, OTP-16763, + OTP-16764, OTP-16765, OTP-16767, OTP-16768, + OTP-16770, OTP-16771, OTP-16774, OTP-16775, + OTP-16776, OTP-16777, OTP-16778, OTP-16779, + OTP-16782, OTP-16783, OTP-16784, OTP-16785, + OTP-16786, OTP-16787, OTP-16790, OTP-16791, + OTP-16798, OTP-16801, OTP-16802, OTP-16803, + OTP-16813, OTP-16815, OTP-16816, OTP-16820, + OTP-16821, OTP-16823, OTP-16830, OTP-16832, + OTP-16833, OTP-16836, OTP-16837, OTP-16838, + OTP-16846, OTP-16848, OTP-16850, OTP-16851, + OTP-16854, OTP-16857, OTP-16866 +Seq num: ERIERL-484, ERIERL-496, ERIERL-500, + ERIERL-509, ERIERL-511, ERIERL-512, + ERIERL-516, ERIERL-519, ERIERL-520, + ERIERL-522, ERIERL-523, ERIERL-524, ERL-1215, + ERL-1241, ERL-1247, ERL-1257, ERL-1259, + ERL-1268, ERL-1271, ERL-1280, ERL-1283, + ERL-1284, ERL-1287, ERL-1288, ERL-1293, + ERL-1297, ERL-1305, ERL-1307, ERL-1309, + ERL-1310, ERL-1312, ERL-1316, ERL-1317, + ERL-1319, ERL-1327, ERL-1334, ERL-1340, + ERL-1344, ERL-1355 +System: OTP +Release: 23 +Application: asn1-5.0.14, compiler-7.6.3, crypto-4.8, + dialyzer-4.2.1, erl_docgen-1.0.1, + erl_interface-4.0.1, erts-11.1, eunit-2.6, + ftp-1.0.5, hipe-4.0.1, inets-7.3, kernel-7.1, + megaco-3.19.3, mnesia-4.18, observer-2.9.5, + odbc-2.13.1, os_mon-2.6, public_key-1.9, + runtime_tools-1.15.1, sasl-4.0.1, snmp-5.6.1, + ssh-4.10.1, ssl-10.1, stdlib-3.13.2, + syntax_tools-2.3.1, tools-3.4.1 +Predecessor: OTP 23.0.4 + + Check out the git tag OTP-23.1, and build a full OTP system including + documentation. Apply one or more applications from this build as + patches to your installation using the 'otp_patch_apply' tool. For + information on install requirements, see descriptions for each + application version below. + + --------------------------------------------------------------------- + --- HIGHLIGHTS ------------------------------------------------------ + --------------------------------------------------------------------- + + OTP-16790 Application(s): inets + Related Id(s): ERIERL-522 + + A vulnerability in the httpd module (inets application) + regarding directory traversal that was introduced in + OTP 22.3.1 and corrected in OTP 22.3.4.6. It was also + introduced in OTP 23.0 and corrected in OTP 23.1 The + vulnerability is registered as CVE-2020-25623 + + The vulnerability is only exposed if the http server + (httpd) in the inets application is used. The + vulnerability makes it possible to read arbitrary files + which the Erlang system has read access to with for + example a specially prepared http request. + + + --------------------------------------------------------------------- + --- OTP-23.1 -------------------------------------------------------- + --------------------------------------------------------------------- + + --- Fixed Bugs and Malfunctions --- + + OTP-16833 Application(s): erts, otp + Related Id(s): PR-2729 + + Adjust /bin/sh to /system/bin/sh in scripts when + installing on Android. + + + --- Improvements and New Features --- + + OTP-16779 Application(s): otp + Related Id(s): ERL-1305, PR-2700 + + Changes in build system to make it build for macOS 11.0 + with Apple Silicon. Also corrected execution of match + specs to work on Apple Silicon. + + + --------------------------------------------------------------------- + --- asn1-5.0.14 ----------------------------------------------------- + --------------------------------------------------------------------- + + The asn1-5.0.14 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Improvements and New Features --- + + OTP-16707 Application(s): asn1, erl_interface, erts, odbc + Related Id(s): PR-2638 + + Changes in order to build on the Haiku operating + system. + + Thanks to Calvin Buckley + + + Full runtime dependencies of asn1-5.0.14: erts-7.0, kernel-3.0, + stdlib-2.0 + + + --------------------------------------------------------------------- + --- compiler-7.6.3 -------------------------------------------------- + --------------------------------------------------------------------- + + The compiler-7.6.3 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16701 Application(s): compiler + Related Id(s): ERL-1271 + + If the update of a map with the 'Map#{Key := Value}' + syntax failed, the line number in the stack backtrace + could be incorrect. + + + OTP-16755 Application(s): compiler + Related Id(s): ERL-1297 + + Fixed a performance bug that slowed down compilation of + modules with deeply nested terms. + + + OTP-16820 Application(s): compiler + + The compiler could in rare circumstances do an an + unsafe optimization that would result in a matching of + a nested map pattern would fail to match. + + + OTP-16838 Application(s): compiler + Related Id(s): ERL-1340 + + Fixed a bug in the validator that caused it to reject + valid code. + + + Full runtime dependencies of compiler-7.6.3: crypto-3.6, erts-11.0, + hipe-3.12, kernel-7.0, stdlib-3.13 + + + --------------------------------------------------------------------- + --- crypto-4.8 ------------------------------------------------------ + --------------------------------------------------------------------- + + The crypto-4.8 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16658 Application(s): crypto + Related Id(s): ERL-1257, OTP-15884 + + Fix type spec bug in crypto for crypto_init and + crypto:one_time + + + OTP-16846 Application(s): crypto + Related Id(s): PR-2741 + + The deprecation message for crypto:rand_uniform/2 + indicated a non-existent function. The correct one + (rand:uniform/1) is now suggested. + + + --- Improvements and New Features --- + + OTP-16771 Application(s): crypto + Related Id(s): ERIERL-509 + + Implemented a workaround to allow fallback from using + the EVP API for Diffie-Hellman key generation + + + OTP-16774 Application(s): crypto, ssh + + The internal Diffie-Hellman high level API for key + generation was slow in old and by OpenSSL now + unsupported cryptolib versions (1.0.1 and earlier). + + If such a cryptolib is used anyhow, the low-level API + is used internally in the crypto application. + + + Full runtime dependencies of crypto-4.8: erts-9.0, kernel-5.3, + stdlib-3.4 + + + --------------------------------------------------------------------- + --- dialyzer-4.2.1 -------------------------------------------------- + --------------------------------------------------------------------- + + The dialyzer-4.2.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16813 Application(s): dialyzer + Related Id(s): ERL-1307 + + In rare circumstance, dialyzer wold crash when + analyzing a list comprehension. + + + Full runtime dependencies of dialyzer-4.2.1: compiler-7.0, erts-9.0, + hipe-3.16.1, kernel-5.3, stdlib-3.4, syntax_tools-2.0, wx-1.2 + + + --------------------------------------------------------------------- + --- erl_docgen-1.0.1 ------------------------------------------------ + --------------------------------------------------------------------- + + The erl_docgen-1.0.1 application can be applied independently of + other applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16661 Application(s): erl_docgen + Related Id(s): ERL-1259 + + Repaired lost function "since" versions in the right + margin of the module reference HTML documentation. + + + OTP-16675 Application(s): erl_docgen + + Remove erlang compilation warnings and trailing + whitespaces. + + + Full runtime dependencies of erl_docgen-1.0.1: edoc-0.7.13, erts-9.0, + stdlib-3.4, xmerl-1.3.7 + + + --------------------------------------------------------------------- + --- erl_interface-4.0.1 --------------------------------------------- + --------------------------------------------------------------------- + + The erl_interface-4.0.1 application can be applied independently of + other applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16740 Application(s): erl_interface + + Fix erl_interface on windows to be compiled with + correct flags to make internal primitives reentrant. + + + OTP-16753 Application(s): erl_interface + Related Id(s): ERL-1288, PR-2678 + + Fixed ei_get_type to set *size to zero for floats, + pids, port and refs according to documentation. + + + OTP-16786 Application(s): erl_interface + + Fix ei_connect when using a dynamic node name to force + usage of distribution version 6. + + This bug caused erl_call -R -address to not work + properly. + + + --- Improvements and New Features --- + + OTP-16707 Application(s): asn1, erl_interface, erts, odbc + Related Id(s): PR-2638 + + Changes in order to build on the Haiku operating + system. + + Thanks to Calvin Buckley + + + --- Known Bugs and Problems --- + + OTP-16607 Application(s): erl_interface + Related Id(s): OTP-16608 + + The ei API for decoding/encoding terms is not fully + 64-bit compatible since terms that have a + representation on the external term format larger than + 2 GB cannot be handled. + + + --------------------------------------------------------------------- + --- erts-11.1 ------------------------------------------------------- + --------------------------------------------------------------------- + + The erts-11.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16625 Application(s): erts + Related Id(s): PR-2609 + + Update the documentation of the abstract format to use + ANNO instead of LINE. + + + OTP-16710 Application(s): erts + Related Id(s): ERL-1280 + + The emulator will no longer revert to the default + number of schedulers when running under a CPU quota + lower than 1 CPU. + + + OTP-16713 Application(s): erts + + Fixed a problem with crash dumps. When a process that + contained reference to literals internally created by + the runtime system (such as the tuple returned by + os:type/0), the literal would not be included in the + crash dump and the crashdump viewer would complain + about the heap being incomplete. + + + OTP-16738 Application(s): erts + + Fix configure detection of PGO for clang. + + + OTP-16741 Application(s): erts + + The to_erl program has been fixed to correctly + interpret newline as only newline and not + newline+return. + + This bug would cause the terminal to behave strangely + when using lines longer than the terminal size. + + + OTP-16770 Application(s): erts + + A race condition when changing process priority by + calling process_flag(priority, Prio) could cause + elevation of priority for a system task to be ignored. + This bug hit if the system task was scheduled on the + process calling process_flag() at the same time as the + priority was changed. The bug is quite harmless and + should hit very seldom if ever. + + + OTP-16833 Application(s): erts, otp + Related Id(s): PR-2729 + + Adjust /bin/sh to /system/bin/sh in scripts when + installing on Android. + + + OTP-16850 Application(s): erts + Related Id(s): ERL-1344 + + In rare circumstances, when loading a BEAM file + generated by an alternative code generator (not the + Erlang compiler in OTP) or from handwritten or patched + BEAM code, the loader could do an unsafe optimization. + + + OTP-16857 Application(s): erts + + A memory and file descriptor leak in socket has been + fixed. (When a newly opened socket that had not entered + the fd into the VM's poll set (neither received, sent, + accepted nor connected) was abandoned without closing + (process died), after assigning a different controlling + process, then a memory block and the file descriptor + could be leaked.) + + + OTP-16866 Application(s): erts + Related Id(s): ERL-1355 + + The documentation of statistics(run_queue) erroneously + stated that it returns the total length of all normal + run queues when it is the total length of all normal + and dirty CPU run queues that is returned. The + documentation has been updated to reflect the actual + behavior. + + + --- Improvements and New Features --- + + OTP-16707 Application(s): asn1, erl_interface, erts, odbc + Related Id(s): PR-2638 + + Changes in order to build on the Haiku operating + system. + + Thanks to Calvin Buckley + + + OTP-16715 Application(s): erts + + When building the inet driver on Windows, there where + many compiler warnings regarding type casting (used + when calling the debug macro). This has now been + resolved. + + + OTP-16763 Application(s): erts, kernel + + Make (use of) the socket registry optional (still + enabled by default). Its now possible to build OTP with + the socket registry turned off, turn it off by setting + an environment variable and controlling in runtime (via + function calls and arguments when creating sockets). + + + OTP-16821 Application(s): erts + Related Id(s): PR-2733 + + Change default filename encoding on android to UTF-8. + + + OTP-16848 Application(s): erts + Related Id(s): PR-2737 + + Clarification of the format of the atom cache header + used by the distribution. + + + Full runtime dependencies of erts-11.1: kernel-7.0, sasl-3.3, + stdlib-3.13 + + + --------------------------------------------------------------------- + --- eunit-2.6 ------------------------------------------------------- + --------------------------------------------------------------------- + + The eunit-2.6 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Improvements and New Features --- + + OTP-16674 Application(s): eunit + + Fixed compiler warning. + + + Full runtime dependencies of eunit-2.6: erts-9.0, kernel-5.3, + stdlib-3.4 + + + --------------------------------------------------------------------- + --- ftp-1.0.5 ------------------------------------------------------- + --------------------------------------------------------------------- + + The ftp-1.0.5 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16734 Application(s): ftp + Related Id(s): ERIERL-496, OTP-16697 + + Avoid timing issue when setting active once on a socket + that is being closed by the peer. + + + Full runtime dependencies of ftp-1.0.5: erts-7.0, kernel-6.0, + stdlib-3.5 + + + --------------------------------------------------------------------- + --- hipe-4.0.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + The hipe-4.0.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16737 Application(s): hipe + + Fixed a warning issued when building the hipe + application. + + + Full runtime dependencies of hipe-4.0.1: compiler-5.0, erts-9.3, + kernel-5.3, stdlib-3.4, syntax_tools-1.6.14 + + + --------------------------------------------------------------------- + --- inets-7.3 ------------------------------------------------------- + --------------------------------------------------------------------- + + The inets-7.3 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16650 Application(s): inets + Related Id(s): ERL-1215, PR-2629 + + Clarify the handling of percent encoded characters in + http client. + + + OTP-16663 Application(s): inets + Related Id(s): ERL-1241 + + fix crash for undefined port in uri. + + + OTP-16735 Application(s): inets + Related Id(s): ERIERL-496, OTP-16697 + + Avoid timing issue when setting active once on a socket + that is being closed by the peer. + + + OTP-16746 Application(s): inets + Related Id(s): ERL-1268 + + Handle message body of response with 1XX status code as + next http message. + + + OTP-16775 Application(s): inets + Related Id(s): ERIERL-519 + + Fix a crash in http server when setopts is called on a + socket closed by the peer. + + + OTP-16790 Application(s): inets + Related Id(s): ERIERL-522 + + *** HIGHLIGHT *** + + A vulnerability in the httpd module (inets application) + regarding directory traversal that was introduced in + OTP 22.3.1 and corrected in OTP 22.3.4.6. It was also + introduced in OTP 23.0 and corrected in OTP 23.1 The + vulnerability is registered as CVE-2020-25623 + + The vulnerability is only exposed if the http server + (httpd) in the inets application is used. The + vulnerability makes it possible to read arbitrary files + which the Erlang system has read access to with for + example a specially prepared http request. + + + --- Improvements and New Features --- + + OTP-16591 Application(s): inets + Related Id(s): ERIERL-484 + + Add support of PATCH method in mod_esi. + + + Full runtime dependencies of inets-7.3: erts-6.0, kernel-3.0, + mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5 + + + --------------------------------------------------------------------- + --- kernel-7.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + The kernel-7.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-15187 Application(s): kernel + Related Id(s): ERL-1293 + + A fallback has been implemented for file:sendfile when + using inet_backend socket + + + OTP-16694 Application(s): kernel + Related Id(s): PR-2625 + + Make default TCP distribution honour option backlog in + inet_dist_listen_options. + + + OTP-16743 Application(s): kernel + Related Id(s): ERL-1287 + + Raw option handling for the experimental gen_tcp_socket + backend was broken so that all raw options were ignored + by for example gen_tcp:listen/2, a bug that now has + been fixed. Reported by Jan Uhlig. + + + OTP-16748 Application(s): kernel + Related Id(s): ERL-1284 + + Accept fails with inet-backend socket. + + + OTP-16754 Application(s): kernel + + Fixed various minor errors in the socket backend of + gen_tcp. + + + OTP-16768 Application(s): kernel + Related Id(s): ERL-1312 + + Correct disk_log:truncate/1 to count the header. Also + correct the documentation to state that + disk_log:truncate/1 can be used with external disk + logs. + + + OTP-16783 Application(s): kernel + + Fix erl_epmd:port_please/2,3 type specs to include all + possible error values. + + + OTP-16785 Application(s): kernel + + Fix erl -erl_epmd_port to work properly. Before this + fix it did not work at all. + + + OTP-16823 Application(s): kernel + Related Id(s): PR-2722 + + Fix typespec for internal function + erlang:seq_trace_info/1 to allow term() as returned + label. This in turn fixes so that calls to + seq_trace:get_token/1 can be correctly analyzer by + dialyzer. + + + OTP-16832 Application(s): kernel + Related Id(s): PR-2738 + + Fix erroneous double registration of processes in pg + when distribution is dynamically started. + + + --- Improvements and New Features --- + + OTP-16763 Application(s): erts, kernel + + Make (use of) the socket registry optional (still + enabled by default). Its now possible to build OTP with + the socket registry turned off, turn it off by setting + an environment variable and controlling in runtime (via + function calls and arguments when creating sockets). + + + OTP-16784 Application(s): kernel + + erl -remsh nodename no longer requires the hostname to + be given when used together with dynamic nodenames. + + + Full runtime dependencies of kernel-7.1: erts-11.0, sasl-3.0, + stdlib-3.13 + + + --------------------------------------------------------------------- + --- megaco-3.19.3 --------------------------------------------------- + --------------------------------------------------------------------- + + The megaco-3.19.3 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16836 Application(s): megaco + + The expected number of warnings when (yecc) generating + v2 and v3 (text) parser's was incorrect. + + + Full runtime dependencies of megaco-3.19.3: asn1-3.0, debugger-4.0, + erts-7.0, et-1.5, kernel-3.0, runtime_tools-1.8.14, stdlib-2.5 + + + --------------------------------------------------------------------- + --- mnesia-4.18 ----------------------------------------------------- + --------------------------------------------------------------------- + + The mnesia-4.18 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16782 Application(s): mnesia + Related Id(s): PR-2663 + + FIx mnesia delete object handling in transaction + storage. In a transaction mnesia:read/1 could indicate + that exiting objects did not exist after another object + was deleted. + + + --- Improvements and New Features --- + + OTP-16815 Application(s): mnesia + Related Id(s): ERIERL-500 + + Fixed crash during startup, which could happen if a + table was deleted on another node. + + + Full runtime dependencies of mnesia-4.18: erts-9.0, kernel-5.3, + stdlib-3.4 + + + --------------------------------------------------------------------- + --- observer-2.9.5 -------------------------------------------------- + --------------------------------------------------------------------- + + The observer-2.9.5 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16778 Application(s): observer + + Fix graph windows flickering on windows. + + + Full runtime dependencies of observer-2.9.5: erts-11.0, et-1.5, + kernel-7.0, runtime_tools-1.8.14, stdlib-3.13, wx-1.2 + + + --------------------------------------------------------------------- + --- odbc-2.13.1 ----------------------------------------------------- + --------------------------------------------------------------------- + + The odbc-2.13.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Improvements and New Features --- + + OTP-16707 Application(s): asn1, erl_interface, erts, odbc + Related Id(s): PR-2638 + + Changes in order to build on the Haiku operating + system. + + Thanks to Calvin Buckley + + + Full runtime dependencies of odbc-2.13.1: erts-6.0, kernel-3.0, + stdlib-2.0 + + + --------------------------------------------------------------------- + --- os_mon-2.6 ------------------------------------------------------ + --------------------------------------------------------------------- + + The os_mon-2.6 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16798 Application(s): os_mon + Related Id(s): ERL-1327 + + memsup now returns the correct amount of system memory + on macOS. + + + --- Improvements and New Features --- + + OTP-16742 Application(s): os_mon + + Fix memsup:get_os_wordsize/0 to return the current size + on aarch64. + + + Full runtime dependencies of os_mon-2.6: erts-6.0, kernel-3.0, + sasl-2.4, stdlib-2.0 + + + --------------------------------------------------------------------- + --- public_key-1.9 -------------------------------------------------- + --------------------------------------------------------------------- + + The public_key-1.9 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16801 Application(s): public_key + Related Id(s): ERL-1309 + + Fixed an insignificant whitespace issue when decoding + PEM file. + + + --- Improvements and New Features --- + + OTP-16448 Application(s): public_key, ssl + + Experimental OCSP client support. + + + OTP-16592 Application(s): public_key + + Use user returned path validation error for selfsigned + cert. It allows users of the ssl application to + customize the generated TLS alert, within the range of + defined alerts. + + + OTP-16705 Application(s): public_key + + add API function to retrieve the subject-ID of an X509 + certificate + + + Full runtime dependencies of public_key-1.9: asn1-3.0, crypto-3.8, + erts-6.0, kernel-3.0, stdlib-3.5 + + + --------------------------------------------------------------------- + --- runtime_tools-1.15.1 -------------------------------------------- + --------------------------------------------------------------------- + + The runtime_tools-1.15.1 application can be applied independently of + other applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16787 Application(s): runtime_tools + Related Id(s): PR-2673 + + Fixed a crash in appmon_info triggered by trying to + read port info from a port that was in the process of + terminating. + + appmon_info is used by observer to get information from + the observed node. + + + Full runtime dependencies of runtime_tools-1.15.1: erts-11.0, + kernel-7.0, mnesia-4.12, stdlib-3.13 + + + --------------------------------------------------------------------- + --- sasl-4.0.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + The sasl-4.0.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16744 Application(s): sasl + Related Id(s): ERL-1247, PR-2666 + + Make release_handler more resilient against exiting + processes during upgrade. + + + Full runtime dependencies of sasl-4.0.1: erts-10.2, kernel-5.3, + stdlib-3.4, tools-2.6.14 + + + --------------------------------------------------------------------- + --- snmp-5.6.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + The snmp-5.6.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-15130 Application(s): snmp + Related Id(s): ERIERL-524, OTP-16541 + + For agent fix PrivParams for SNMPv3 USM with AES + privacy, as earlier fixed for the manager in OTP_16541. + + + OTP-15767 Application(s): snmp + Related Id(s): ERIERL-523 + + The SNMP Agent missed to re-activate datagram reception + in an odd timeout case and went deaf. This bug has been + fixed. + + + OTP-16716 Application(s): snmp + + Use of deprecated functions in example 2 has been + removed (no more compiler warnings). + + + OTP-16760 Application(s): snmp + Related Id(s): ERIERL-511 + + A file descriptor leak has been plugged. When calling + the reconfigure function of a mib, it opened the config + file(s) but never closed them on successful read. + + + Full runtime dependencies of snmp-5.6.1: crypto-3.3, erts-6.0, + kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5 + + + --------------------------------------------------------------------- + --- ssh-4.10.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + The ssh-4.10.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16761 Application(s): ssh + Related Id(s): PR-2679 + + Fixed a bug when a message to ssh-agent was divided + into separate packets. + + + OTP-16791 Application(s): ssh + Related Id(s): ERIERL-520 + + Fix a bug that could crash the cli server if a too + large cli-window was requested from the client. + + + --- Improvements and New Features --- + + OTP-14106 Application(s): ssh + + Increased test coverage. + + + OTP-16411 Application(s): ssh + + A chapter about hardening the OTP SSH is added to the + User's Guide. + + + OTP-16774 Application(s): crypto, ssh + + The internal Diffie-Hellman high level API for key + generation was slow in old and by OpenSSL now + unsupported cryptolib versions (1.0.1 and earlier). + + If such a cryptolib is used anyhow, the low-level API + is used internally in the crypto application. + + + OTP-16803 Application(s): ssh + + A new timeout is defined for daemons: hello_timeout. + + The timeout is supposed to be used as a simple DoS + attack protection. It closes an incoming TCP-connection + if no valid first SSH message is received from the + client within the timeout limit after the TCP initial + connection setup. + + The initial value is 30s by compatibility reasons, but + could be lowered if needed, for example in the code or + in a config file. + + + Full runtime dependencies of ssh-4.10.1: crypto-4.6.4, erts-9.0, + kernel-5.3, public_key-1.6.1, stdlib-3.4.1 + + + --------------------------------------------------------------------- + --- ssl-10.1 -------------------------------------------------------- + --------------------------------------------------------------------- + + The ssl-10.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16697 Application(s): ssl + Related Id(s): ERIERL-496 + + If a passive socket is created, ssl:recv/2,3 is never + called and then the peer closes the socket the + controlling process will no longer receive an active + close message. + + + OTP-16764 Application(s): ssl + + Data deliver with ssl:recv/2,3 could fail for when + using packet mode. This has been fixed by correcting + the flow control handling of passive sockets when + packet mode is used. + + + OTP-16765 Application(s): ssl + + This change fixes a potential man-in-the-middle + vulnerability when the ssl client is configured to + automatically handle session tickets ({session_tickets, + auto}). + + + OTP-16767 Application(s): ssl + Related Id(s): ERIERL-512 + + Fix the internal handling of options 'verify' and + 'verify_fun'. + + This change fixes a vulnerability when setting the ssl + option 'verify' to verify_peer in a continued handshake + won't take any effect resulting in the acceptance of + expired peer certificates. + + + OTP-16776 Application(s): ssl + Related Id(s): ERL-1316 + + This change fixes the handling of stateless session + tickets when anti-replay is enabled. + + + OTP-16777 Application(s): ssl + Related Id(s): ERL-1317 + + Fix a crash due to the faulty handling of stateful + session tickets received by servers expecting stateless + session tickets. + + This change also improves the handling of + faulty/invalid tickets. + + + OTP-16837 Application(s): ssl + Related Id(s): ERL-1319, OTP-16764 + + Correct flow ctrl checks from OTP-16764 to work as + intended. Probably will not have a noticeable affect + but will make connections more well behaved under some + circumstances. + + + OTP-16851 Application(s): ssl + Related Id(s): PR-2703 + + Distribution over TLS could exhibit livelock-like + behaviour when there is a constant stream of + distribution messages. Distribution data is now chunked + every 16 Mb to avoid that. + + + --- Improvements and New Features --- + + OTP-15855 Application(s): ssl + + Implement the cookie extension for TLS 1.3. + + + OTP-16448 Application(s): public_key, ssl + + Experimental OCSP client support. + + + OTP-16802 Application(s): ssl + Related Id(s): ERIERL-516 + + TLS 1.0 -TLS-1.2 sessions tables now have a absolute + max value instead of using a shrinking mechanism when + reaching the limit. To avoid out of memory problems + under heavy load situations. Note that this change + infers that implementations of ssl_session_cache_api + needs to implement the size function (introduce in OTP + 19) for session reuse to be optimally utilized. + + + Full runtime dependencies of ssl-10.1: crypto-4.2, erts-10.0, + inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.5 + + + --------------------------------------------------------------------- + --- stdlib-3.13.2 --------------------------------------------------- + --------------------------------------------------------------------- + + The stdlib-3.13.2 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16655 Application(s): stdlib + + The functions digraph:in_edges/2 and + digraph:out_edges/2 would return false edges if called + for a vertex that had a '_' atom in its name term. + + + OTP-16700 Application(s): stdlib + + filelib:wildcard("not-a-directory/..") should return an + empty list. On Windows it returned + "not-a-directory/..". + + + OTP-16739 Application(s): stdlib + + Fix the typespec of shell_docs:render to use the + correct type for an MFA. + + + OTP-16751 Application(s): stdlib + Related Id(s): ERL-1283 + + Fix uri_string:recompose/1 when host is present but + input path is not absolute. + + This change prevents the recompose operation to change + the top level domain of the host when the path does not + start with a slash. + + + OTP-16816 Application(s): stdlib + Related Id(s): ERL-1310 + + The epp module would return a badly formed error term + when an 'if' preprocessor directive referenced an + undefined symbol. epp:format_error/1 would crash when + called with the bad error term. + + + OTP-16830 Application(s): stdlib + Related Id(s): ERL-1334, PR-2718 + + lists:sublist(List, Start, Len) failed with an + exception if Start > length(List) + 1 even though it is + explicitly documented that "It is not an error for + Start+Len to exceed the length of the list". + + + Full runtime dependencies of stdlib-3.13.2: compiler-5.0, crypto-3.3, + erts-11.0, kernel-7.0, sasl-3.0 + + + --------------------------------------------------------------------- + --- syntax_tools-2.3.1 ---------------------------------------------- + --------------------------------------------------------------------- + + The syntax_tools-2.3.1 application can be applied independently of + other applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16732 Application(s): syntax_tools + Related Id(s): PR-2659 + + Minor documentation fix of erl_syntax:operator/1. + + + Full runtime dependencies of syntax_tools-2.3.1: compiler-7.0, + erts-9.0, kernel-5.0, stdlib-3.4 + + + --------------------------------------------------------------------- + --- tools-3.4.1 ----------------------------------------------------- + --------------------------------------------------------------------- + + The tools-3.4.1 application can be applied independently of other + applications on a full OTP 23 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16854 Application(s): tools + Related Id(s): PR-2750 + + Correct the Xref analysis locals_not_used to find + functions called exclusively from on_load functions. + + + Full runtime dependencies of tools-3.4.1: compiler-5.0, erts-11.0, + erts-9.1, kernel-5.4, runtime_tools-1.8.14, stdlib-3.4 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + -- cgit v1.2.3