From 915904f3016c18c789c653893411425493d11155 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Thu, 15 Feb 2024 16:06:16 +0100 Subject: OTP-24.3.4.15 --- early-plugins.mk | 4 +- release-notes/OTP-24.3.4.15.README.txt | 218 +++++++++++++++++++++++++++++++++ 2 files changed, 220 insertions(+), 2 deletions(-) create mode 100644 release-notes/OTP-24.3.4.15.README.txt diff --git a/early-plugins.mk b/early-plugins.mk index c8a9457..5e760e9 100644 --- a/early-plugins.mk +++ b/early-plugins.mk @@ -18,7 +18,7 @@ OTP-20 := OTP-20.0.5 OTP-20.1.7 OTP-20.2.4 OTP-20.3.8.26 OTP-21 := OTP-21.0.9 OTP-21.1.4 OTP-21.2.7 OTP-21.3.8.24 OTP-22 := OTP-22.0.7 OTP-22.1.8 OTP-22.2.8 OTP-22.3.4.26 OTP-23 := OTP-23.0.4 OTP-23.1.5 OTP-23.2.7.3 OTP-23.3.4.19 -OTP-24 := OTP-24.0.6 OTP-24.1.7 OTP-24.2.2 OTP-24.3.4.14 +OTP-24 := OTP-24.0.6 OTP-24.1.7 OTP-24.2.2 OTP-24.3.4.15 OTP-25 := OTP-25.0.4 OTP-25.1.2.1 OTP-25.2.3 OTP-25.3.2.7 OTP-26 := OTP-26.0.2 OTP-26.1.2 OTP-26.2 @@ -106,7 +106,7 @@ OTP-24-DROPPED := OTP-24.0-rc2 OTP-24.0-rc3 OTP-24.0 OTP-24.0.1 OTP-24.0.5 \ OTP-24.2 OTP-24.2.1 OTP-24.3 OTP-24.3.1 OTP-24.3.2 OTP-24.3.3 OTP-24.3.4 \ OTP-24.3.4.1 OTP-24.3.4.2 OTP-24.3.4.3 OTP-24.3.4.4 OTP-24.3.4.5 OTP-24.3.4.6 \ OTP-24.3.4.7 OTP-24.3.4.8 OTP-24.3.4.9 OTP-24.3.4.10 OTP-24.3.4.11 OTP-24.3.4.12 \ - OTP-24.3.4.13 + OTP-24.3.4.13 OTP-24.3.4.14 OTP-25-DROPPED := OTP-25.0-rc1 OTP-25.0-rc2 OTP-25.0-rc3 OTP-25.0 \ OTP-25.0.1 OTP-25.0.2 OTP-25.0.3 OTP-25.1 OTP-25.1.1 OTP-25.1.2 OTP-25.2 \ OTP-25.2.1 OTP-25.2.2 OTP-25.3 OTP-25.3.1 OTP-25.3.2 OTP-25.3.2.1 OTP-25.3.2.2 \ diff --git a/release-notes/OTP-24.3.4.15.README.txt b/release-notes/OTP-24.3.4.15.README.txt new file mode 100644 index 0000000..8ef2b53 --- /dev/null +++ b/release-notes/OTP-24.3.4.15.README.txt @@ -0,0 +1,218 @@ +Patch Package: OTP 24.3.4.15 +Git Tag: OTP-24.3.4.15 +Date: 2023-12-18 +Trouble Report Id: OTP-18802, OTP-18830, OTP-18844, OTP-18850, + OTP-18869, OTP-18877, OTP-18885, OTP-18896, + OTP-18897, OTP-18899, OTP-18902 +Seq num: GH-7571, GH-7834, GH-7890 +System: OTP +Release: 24 +Application: asn1-5.0.18.2, erl_interface-5.2.2.1, + erts-12.3.2.15, mnesia-4.20.4.4, ssh-4.13.2.4 +Predecessor: OTP 24.3.4.14 + + Check out the git tag OTP-24.3.4.15, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- POTENTIAL INCOMPATIBILITIES ------------------------------------- + --------------------------------------------------------------------- + + OTP-18897 Application(s): ssh + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + 'chacha20-poly1305@openssh.com' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH. + + + --------------------------------------------------------------------- + --- OTP-24.3.4.15 --------------------------------------------------- + --------------------------------------------------------------------- + + --- Improvements and New Features --- + + OTP-18896 Application(s): otp + + Updated copyright and license information. + + + --------------------------------------------------------------------- + --- asn1-5.0.18.2 --------------------------------------------------- + --------------------------------------------------------------------- + + The asn1-5.0.18.2 application can be applied independently of other + applications on a full OTP 24 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18844 Application(s): asn1 + + Fix benign warning from gcc 11 about mismatching call + to free(). + + + Full runtime dependencies of asn1-5.0.18.2: erts-11.0, kernel-7.0, + stdlib-3.13 + + + --------------------------------------------------------------------- + --- erl_interface-5.2.2.1 ------------------------------------------- + --------------------------------------------------------------------- + + The erl_interface-5.2.2.1 application can be applied independently of + other applications on a full OTP 24 installation. + + --- Improvements and New Features --- + + OTP-18877 Application(s): erl_interface, erts + + Replaced old md5 implementation with an implementation + from OpenSSL. + + + --------------------------------------------------------------------- + --- erts-12.3.2.15 -------------------------------------------------- + --------------------------------------------------------------------- + + Note! The erts-12.3.2.15 application *cannot* be applied + independently of other applications on an arbitrary OTP 24 + installation. + + On a full OTP 24 installation, also the following runtime + dependency has to be satisfied: + -- kernel-8.3 (first satisfied in OTP 24.3) + + + --- Fixed Bugs and Malfunctions --- + + OTP-18802 Application(s): erts + + Fix faulty debug assert when page size is larger than + 16kb, like on PowerPC. Did crash debug VM directly at + start. + + + OTP-18885 Application(s): erts + Related Id(s): GH-7834, GH-7890, PR-7915 + + On OTP 24 and OTP 25, incoming distributed messages + larger than 64 KiB sent using an alias leaked memory if + the alias had been removed prior to entering the node. + This issue was not present on OTP 26. + + Incoming distributed messages larger than 64 KiB sent + using an alias which had been removed on the receiving + node could crash the node. This crash was quite + unlikely on OTP 24 and OTP 25, but very likely on OTP + 26. + + 'DOWN' signals with exit reason larger than 64 KiB + directed towards a process on a node with a not + matching creation leaked memory on the receiving node. + Such signals should however be very rare. + + + OTP-18902 Application(s): erts + + Removed unnecessary PCRE source tar-ball. + + + --- Improvements and New Features --- + + OTP-18830 Application(s): erts + Related Id(s): PR-7823 + + Removed unnecessary regexp library used when generating + yielding BIFs. + + + OTP-18877 Application(s): erl_interface, erts + + Replaced old md5 implementation with an implementation + from OpenSSL. + + + OTP-18899 Application(s): erts + + Removed unused makewhatis script. + + + Full runtime dependencies of erts-12.3.2.15: kernel-8.3, sasl-3.3, + stdlib-3.13 + + + --------------------------------------------------------------------- + --- mnesia-4.20.4.4 ------------------------------------------------- + --------------------------------------------------------------------- + + The mnesia-4.20.4.4 application can be applied independently of other + applications on a full OTP 24 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18850 Application(s): mnesia + + mnesia:add_table_copy/3 no longer fails with reason + system_limit when the node is starting. + + + Full runtime dependencies of mnesia-4.20.4.4: erts-9.0, kernel-5.3, + stdlib-3.4 + + + --------------------------------------------------------------------- + --- ssh-4.13.2.4 ---------------------------------------------------- + --------------------------------------------------------------------- + + The ssh-4.13.2.4 application can be applied independently of other + applications on a full OTP 24 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-18869 Application(s): ssh + Related Id(s): GH-7571, PR-7849 + + With this change, connection handler does not execute + socket operations until it becomes socket owner. + Previously errors could occur if connection handler + tried to work with socket whose owner exited. + + + OTP-18897 Application(s): ssh + + *** POTENTIAL INCOMPATIBILITY *** + + With this change (being response to CVE-2023-48795), + ssh can negotiate "strict KEX" OpenSSH extension with + peers supporting it; also + 'chacha20-poly1305@openssh.com' algorithm becomes a + less preferred cipher. + + If strict KEX availability cannot be ensured on both + connection sides, affected encryption modes(CHACHA and + CBC) can be disabled with standard ssh configuration. + This will provide protection against vulnerability, but + at a cost of affecting interoperability. See + Configuring algorithms in SSH. + + + Full runtime dependencies of ssh-4.13.2.4: crypto-5.0, erts-9.0, + kernel-5.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + -- cgit v1.2.3