From 294eb77db8a37d5929cca0a0aa0eca10e7c4c61e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= Date: Mon, 6 Apr 2020 15:23:55 +0200 Subject: OTP-22.3.1 --- release-notes/OTP-22.3.1.README.txt | 214 ++++++++++++++++++++++++++++++++++++ 1 file changed, 214 insertions(+) create mode 100644 release-notes/OTP-22.3.1.README.txt (limited to 'release-notes') diff --git a/release-notes/OTP-22.3.1.README.txt b/release-notes/OTP-22.3.1.README.txt new file mode 100644 index 0000000..887c630 --- /dev/null +++ b/release-notes/OTP-22.3.1.README.txt @@ -0,0 +1,214 @@ +Patch Package: OTP 22.3.1 +Git Tag: OTP-22.3.1 +Date: 2020-04-06 +Trouble Report Id: OTP-16553, OTP-16555, OTP-16556, OTP-16567, + OTP-16572, OTP-16574, OTP-16578, OTP-16580 +Seq num: ERIERL-481, ERIERL-482, ERL-1188, ERL-1199, + ERL-1205, ERL-1212 +System: OTP +Release: 22 +Application: compiler-7.5.4, erts-10.7.1, inets-7.1.3, + ssl-9.6.1, stdlib-3.12.1, xmerl-1.3.24 +Predecessor: OTP 22.3 + + Check out the git tag OTP-22.3.1, and build a full OTP system + including documentation. Apply one or more applications from this + build as patches to your installation using the 'otp_patch_apply' + tool. For information on install requirements, see descriptions for + each application version below. + + --------------------------------------------------------------------- + --- POTENTIAL INCOMPATIBILITIES ------------------------------------- + --------------------------------------------------------------------- + + OTP-16556 Application(s): inets + + Remove use of http_uri and mod_esi eval API. + + This is a backport from OTP 23 that improves the check + of URIs to ensure that invalid URIs does not cause + vulnerabilities. This will render the deprecated + mod_esi eval API unusable as it used URI that does not + conform to valid URI syntax. + + + --------------------------------------------------------------------- + --- OTP-22.3.1 ------------------------------------------------------ + --------------------------------------------------------------------- + + --- Fixed Bugs and Malfunctions --- + + OTP-16574 Application(s): otp + Related Id(s): ERL-1205 + + OTP would not build with Xcode 11.4 on macOS Catalina + (10.15). + + + --------------------------------------------------------------------- + --- compiler-7.5.4 -------------------------------------------------- + --------------------------------------------------------------------- + + The compiler-7.5.4 application can be applied independently of other + applications on a full OTP 22 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16580 Application(s): compiler + Related Id(s): ERL-1212 + + Fixed a bug in the validator that could cause it to + reject valid code. + + + Full runtime dependencies of compiler-7.5.4: crypto-3.6, erts-9.0, + hipe-3.12, kernel-4.0, stdlib-2.5 + + + --------------------------------------------------------------------- + --- erts-10.7.1 ----------------------------------------------------- + --------------------------------------------------------------------- + + Note! The erts-10.7.1 application *cannot* be applied independently + of other applications on an arbitrary OTP 22 installation. + + On a full OTP 22 installation, also the following runtime + dependency has to be satisfied: + -- kernel-6.5.1 (first satisfied in OTP 22.2) + + + --- Fixed Bugs and Malfunctions --- + + OTP-16553 Application(s): erts, stdlib + + re:run(Subject, RE, [unicode]) returned nomatch instead + of failing with a badarg error exception when Subject + contained illegal utf8 and RE was passed as a binary. + This has been corrected along with corrections of + reduction counting in re:run() error cases. + + + OTP-16555 Application(s): erts + Related Id(s): ERL-1188 + + Fixed a bug that could cause the emulator to crash when + purging modules or persistent terms. + + + OTP-16572 Application(s): erts + Related Id(s): ERL-1199, OTP-16269 + + Fixed a bug in a receive optimization. This could cause + a receive not to match even though a matching message + was present in the message queue. This bug was + introduced in ERTS version 10.6 (OTP 22.2). + + + Full runtime dependencies of erts-10.7.1: kernel-6.5.1, sasl-3.3, + stdlib-3.5 + + + --------------------------------------------------------------------- + --- inets-7.1.3 ----------------------------------------------------- + --------------------------------------------------------------------- + + The inets-7.1.3 application can be applied independently of other + applications on a full OTP 22 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16556 Application(s): inets + + *** POTENTIAL INCOMPATIBILITY *** + + Remove use of http_uri and mod_esi eval API. + + This is a backport from OTP 23 that improves the check + of URIs to ensure that invalid URIs does not cause + vulnerabilities. This will render the deprecated + mod_esi eval API unusable as it used URI that does not + conform to valid URI syntax. + + + Full runtime dependencies of inets-7.1.3: erts-6.0, kernel-3.0, + mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5 + + + --------------------------------------------------------------------- + --- ssl-9.6.1 ------------------------------------------------------- + --------------------------------------------------------------------- + + Note! The ssl-9.6.1 application *cannot* be applied independently of + other applications on an arbitrary OTP 22 installation. + + On a full OTP 22 installation, also the following runtime + dependency has to be satisfied: + -- public_key-1.7.2 (first satisfied in OTP 22.3) + + + --- Fixed Bugs and Malfunctions --- + + OTP-16567 Application(s): ssl + Related Id(s): ERIERL-481 + + Correct error handling when the partial_chain fun + claims a certificate to be the trusted cert that is not + part of the chain. This bug would hide the appropriate + alert generating an "INTERNAL_ERROR" alert instead. + + + Full runtime dependencies of ssl-9.6.1: crypto-4.2, erts-10.0, + inets-5.10.7, kernel-6.0, public_key-1.7.2, stdlib-3.5 + + + --------------------------------------------------------------------- + --- stdlib-3.12.1 --------------------------------------------------- + --------------------------------------------------------------------- + + Note! The stdlib-3.12.1 application *cannot* be applied independently + of other applications on an arbitrary OTP 22 installation. + + On a full OTP 22 installation, also the following runtime + dependency has to be satisfied: + -- erts-10.7.1 (first satisfied in OTP 22.3.1) + + + --- Fixed Bugs and Malfunctions --- + + OTP-16553 Application(s): erts, stdlib + + re:run(Subject, RE, [unicode]) returned nomatch instead + of failing with a badarg error exception when Subject + contained illegal utf8 and RE was passed as a binary. + This has been corrected along with corrections of + reduction counting in re:run() error cases. + + + Full runtime dependencies of stdlib-3.12.1: compiler-5.0, crypto-3.3, + erts-10.7.1, kernel-6.0, sasl-3.0 + + + --------------------------------------------------------------------- + --- xmerl-1.3.24 ---------------------------------------------------- + --------------------------------------------------------------------- + + The xmerl-1.3.24 application can be applied independently of other + applications on a full OTP 22 installation. + + --- Fixed Bugs and Malfunctions --- + + OTP-16578 Application(s): xmerl + Related Id(s): ERIERL-482 + + Fix a performance problem when using internal general + references in XML content. + + + Full runtime dependencies of xmerl-1.3.24: erts-6.0, kernel-3.0, + stdlib-2.5 + + + --------------------------------------------------------------------- + --------------------------------------------------------------------- + --------------------------------------------------------------------- + -- cgit v1.2.3