1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
|
Patch Package: OTP 22.3.1
Git Tag: OTP-22.3.1
Date: 2020-04-06
Trouble Report Id: OTP-16553, OTP-16555, OTP-16556, OTP-16567,
OTP-16572, OTP-16574, OTP-16578, OTP-16580
Seq num: ERIERL-481, ERIERL-482, ERL-1188, ERL-1199,
ERL-1205, ERL-1212
System: OTP
Release: 22
Application: compiler-7.5.4, erts-10.7.1, inets-7.1.3,
ssl-9.6.1, stdlib-3.12.1, xmerl-1.3.24
Predecessor: OTP 22.3
Check out the git tag OTP-22.3.1, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-16556 Application(s): inets
Remove use of http_uri and mod_esi eval API.
This is a backport from OTP 23 that improves the check
of URIs to ensure that invalid URIs does not cause
vulnerabilities. This will render the deprecated
mod_esi eval API unusable as it used URI that does not
conform to valid URI syntax.
---------------------------------------------------------------------
--- OTP-22.3.1 ------------------------------------------------------
---------------------------------------------------------------------
--- Fixed Bugs and Malfunctions ---
OTP-16574 Application(s): otp
Related Id(s): ERL-1205
OTP would not build with Xcode 11.4 on macOS Catalina
(10.15).
---------------------------------------------------------------------
--- compiler-7.5.4 --------------------------------------------------
---------------------------------------------------------------------
The compiler-7.5.4 application can be applied independently of other
applications on a full OTP 22 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16580 Application(s): compiler
Related Id(s): ERL-1212
Fixed a bug in the validator that could cause it to
reject valid code.
Full runtime dependencies of compiler-7.5.4: crypto-3.6, erts-9.0,
hipe-3.12, kernel-4.0, stdlib-2.5
---------------------------------------------------------------------
--- erts-10.7.1 -----------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.7.1 application *cannot* be applied independently
of other applications on an arbitrary OTP 22 installation.
On a full OTP 22 installation, also the following runtime
dependency has to be satisfied:
-- kernel-6.5.1 (first satisfied in OTP 22.2)
--- Fixed Bugs and Malfunctions ---
OTP-16553 Application(s): erts, stdlib
re:run(Subject, RE, [unicode]) returned nomatch instead
of failing with a badarg error exception when Subject
contained illegal utf8 and RE was passed as a binary.
This has been corrected along with corrections of
reduction counting in re:run() error cases.
OTP-16555 Application(s): erts
Related Id(s): ERL-1188
Fixed a bug that could cause the emulator to crash when
purging modules or persistent terms.
OTP-16572 Application(s): erts
Related Id(s): ERL-1199, OTP-16269
Fixed a bug in a receive optimization. This could cause
a receive not to match even though a matching message
was present in the message queue. This bug was
introduced in ERTS version 10.6 (OTP 22.2).
Full runtime dependencies of erts-10.7.1: kernel-6.5.1, sasl-3.3,
stdlib-3.5
---------------------------------------------------------------------
--- inets-7.1.3 -----------------------------------------------------
---------------------------------------------------------------------
The inets-7.1.3 application can be applied independently of other
applications on a full OTP 22 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16556 Application(s): inets
*** POTENTIAL INCOMPATIBILITY ***
Remove use of http_uri and mod_esi eval API.
This is a backport from OTP 23 that improves the check
of URIs to ensure that invalid URIs does not cause
vulnerabilities. This will render the deprecated
mod_esi eval API unusable as it used URI that does not
conform to valid URI syntax.
Full runtime dependencies of inets-7.1.3: erts-6.0, kernel-3.0,
mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5
---------------------------------------------------------------------
--- ssl-9.6.1 -------------------------------------------------------
---------------------------------------------------------------------
Note! The ssl-9.6.1 application *cannot* be applied independently of
other applications on an arbitrary OTP 22 installation.
On a full OTP 22 installation, also the following runtime
dependency has to be satisfied:
-- public_key-1.7.2 (first satisfied in OTP 22.3)
--- Fixed Bugs and Malfunctions ---
OTP-16567 Application(s): ssl
Related Id(s): ERIERL-481
Correct error handling when the partial_chain fun
claims a certificate to be the trusted cert that is not
part of the chain. This bug would hide the appropriate
alert generating an "INTERNAL_ERROR" alert instead.
Full runtime dependencies of ssl-9.6.1: crypto-4.2, erts-10.0,
inets-5.10.7, kernel-6.0, public_key-1.7.2, stdlib-3.5
---------------------------------------------------------------------
--- stdlib-3.12.1 ---------------------------------------------------
---------------------------------------------------------------------
Note! The stdlib-3.12.1 application *cannot* be applied independently
of other applications on an arbitrary OTP 22 installation.
On a full OTP 22 installation, also the following runtime
dependency has to be satisfied:
-- erts-10.7.1 (first satisfied in OTP 22.3.1)
--- Fixed Bugs and Malfunctions ---
OTP-16553 Application(s): erts, stdlib
re:run(Subject, RE, [unicode]) returned nomatch instead
of failing with a badarg error exception when Subject
contained illegal utf8 and RE was passed as a binary.
This has been corrected along with corrections of
reduction counting in re:run() error cases.
Full runtime dependencies of stdlib-3.12.1: compiler-5.0, crypto-3.3,
erts-10.7.1, kernel-6.0, sasl-3.0
---------------------------------------------------------------------
--- xmerl-1.3.24 ----------------------------------------------------
---------------------------------------------------------------------
The xmerl-1.3.24 application can be applied independently of other
applications on a full OTP 22 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16578 Application(s): xmerl
Related Id(s): ERIERL-482
Fix a performance problem when using internal general
references in XML content.
Full runtime dependencies of xmerl-1.3.24: erts-6.0, kernel-3.0,
stdlib-2.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
|
