1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
|
Patch Package: OTP 23.1
Git Tag: OTP-23.1
Date: 2020-09-23
Trouble Report Id: OTP-14106, OTP-15130, OTP-15187, OTP-15767,
OTP-15855, OTP-16411, OTP-16448, OTP-16591,
OTP-16592, OTP-16607, OTP-16625, OTP-16650,
OTP-16655, OTP-16658, OTP-16661, OTP-16663,
OTP-16674, OTP-16675, OTP-16694, OTP-16697,
OTP-16700, OTP-16701, OTP-16705, OTP-16707,
OTP-16710, OTP-16713, OTP-16715, OTP-16716,
OTP-16732, OTP-16734, OTP-16735, OTP-16737,
OTP-16738, OTP-16739, OTP-16740, OTP-16741,
OTP-16742, OTP-16743, OTP-16744, OTP-16746,
OTP-16748, OTP-16751, OTP-16753, OTP-16754,
OTP-16755, OTP-16760, OTP-16761, OTP-16763,
OTP-16764, OTP-16765, OTP-16767, OTP-16768,
OTP-16770, OTP-16771, OTP-16774, OTP-16775,
OTP-16776, OTP-16777, OTP-16778, OTP-16779,
OTP-16782, OTP-16783, OTP-16784, OTP-16785,
OTP-16786, OTP-16787, OTP-16790, OTP-16791,
OTP-16798, OTP-16801, OTP-16802, OTP-16803,
OTP-16813, OTP-16815, OTP-16816, OTP-16820,
OTP-16821, OTP-16823, OTP-16830, OTP-16832,
OTP-16833, OTP-16836, OTP-16837, OTP-16838,
OTP-16846, OTP-16848, OTP-16850, OTP-16851,
OTP-16854, OTP-16857, OTP-16866
Seq num: ERIERL-484, ERIERL-496, ERIERL-500,
ERIERL-509, ERIERL-511, ERIERL-512,
ERIERL-516, ERIERL-519, ERIERL-520,
ERIERL-522, ERIERL-523, ERIERL-524, ERL-1215,
ERL-1241, ERL-1247, ERL-1257, ERL-1259,
ERL-1268, ERL-1271, ERL-1280, ERL-1283,
ERL-1284, ERL-1287, ERL-1288, ERL-1293,
ERL-1297, ERL-1305, ERL-1307, ERL-1309,
ERL-1310, ERL-1312, ERL-1316, ERL-1317,
ERL-1319, ERL-1327, ERL-1334, ERL-1340,
ERL-1344, ERL-1355
System: OTP
Release: 23
Application: asn1-5.0.14, compiler-7.6.3, crypto-4.8,
dialyzer-4.2.1, erl_docgen-1.0.1,
erl_interface-4.0.1, erts-11.1, eunit-2.6,
ftp-1.0.5, hipe-4.0.1, inets-7.3, kernel-7.1,
megaco-3.19.3, mnesia-4.18, observer-2.9.5,
odbc-2.13.1, os_mon-2.6, public_key-1.9,
runtime_tools-1.15.1, sasl-4.0.1, snmp-5.6.1,
ssh-4.10.1, ssl-10.1, stdlib-3.13.2,
syntax_tools-2.3.1, tools-3.4.1
Predecessor: OTP 23.0.4
Check out the git tag OTP-23.1, and build a full OTP system including
documentation. Apply one or more applications from this build as
patches to your installation using the 'otp_patch_apply' tool. For
information on install requirements, see descriptions for each
application version below.
---------------------------------------------------------------------
--- HIGHLIGHTS ------------------------------------------------------
---------------------------------------------------------------------
OTP-16790 Application(s): inets
Related Id(s): ERIERL-522
A vulnerability in the httpd module (inets application)
regarding directory traversal that was introduced in
OTP 22.3.1 and corrected in OTP 22.3.4.6. It was also
introduced in OTP 23.0 and corrected in OTP 23.1 The
vulnerability is registered as CVE-2020-25623
The vulnerability is only exposed if the http server
(httpd) in the inets application is used. The
vulnerability makes it possible to read arbitrary files
which the Erlang system has read access to with for
example a specially prepared http request.
---------------------------------------------------------------------
--- OTP-23.1 --------------------------------------------------------
---------------------------------------------------------------------
--- Fixed Bugs and Malfunctions ---
OTP-16833 Application(s): erts, otp
Related Id(s): PR-2729
Adjust /bin/sh to /system/bin/sh in scripts when
installing on Android.
--- Improvements and New Features ---
OTP-16779 Application(s): otp
Related Id(s): ERL-1305, PR-2700
Changes in build system to make it build for macOS 11.0
with Apple Silicon. Also corrected execution of match
specs to work on Apple Silicon.
---------------------------------------------------------------------
--- asn1-5.0.14 -----------------------------------------------------
---------------------------------------------------------------------
The asn1-5.0.14 application can be applied independently of other
applications on a full OTP 23 installation.
--- Improvements and New Features ---
OTP-16707 Application(s): asn1, erl_interface, erts, odbc
Related Id(s): PR-2638
Changes in order to build on the Haiku operating
system.
Thanks to Calvin Buckley
Full runtime dependencies of asn1-5.0.14: erts-7.0, kernel-3.0,
stdlib-2.0
---------------------------------------------------------------------
--- compiler-7.6.3 --------------------------------------------------
---------------------------------------------------------------------
The compiler-7.6.3 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16701 Application(s): compiler
Related Id(s): ERL-1271
If the update of a map with the 'Map#{Key := Value}'
syntax failed, the line number in the stack backtrace
could be incorrect.
OTP-16755 Application(s): compiler
Related Id(s): ERL-1297
Fixed a performance bug that slowed down compilation of
modules with deeply nested terms.
OTP-16820 Application(s): compiler
The compiler could in rare circumstances do an an
unsafe optimization that would result in a matching of
a nested map pattern would fail to match.
OTP-16838 Application(s): compiler
Related Id(s): ERL-1340
Fixed a bug in the validator that caused it to reject
valid code.
Full runtime dependencies of compiler-7.6.3: crypto-3.6, erts-11.0,
hipe-3.12, kernel-7.0, stdlib-3.13
---------------------------------------------------------------------
--- crypto-4.8 ------------------------------------------------------
---------------------------------------------------------------------
The crypto-4.8 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16658 Application(s): crypto
Related Id(s): ERL-1257, OTP-15884
Fix type spec bug in crypto for crypto_init and
crypto:one_time
OTP-16846 Application(s): crypto
Related Id(s): PR-2741
The deprecation message for crypto:rand_uniform/2
indicated a non-existent function. The correct one
(rand:uniform/1) is now suggested.
--- Improvements and New Features ---
OTP-16771 Application(s): crypto
Related Id(s): ERIERL-509
Implemented a workaround to allow fallback from using
the EVP API for Diffie-Hellman key generation
OTP-16774 Application(s): crypto, ssh
The internal Diffie-Hellman high level API for key
generation was slow in old and by OpenSSL now
unsupported cryptolib versions (1.0.1 and earlier).
If such a cryptolib is used anyhow, the low-level API
is used internally in the crypto application.
Full runtime dependencies of crypto-4.8: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- dialyzer-4.2.1 --------------------------------------------------
---------------------------------------------------------------------
The dialyzer-4.2.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16813 Application(s): dialyzer
Related Id(s): ERL-1307
In rare circumstance, dialyzer wold crash when
analyzing a list comprehension.
Full runtime dependencies of dialyzer-4.2.1: compiler-7.0, erts-9.0,
hipe-3.16.1, kernel-5.3, stdlib-3.4, syntax_tools-2.0, wx-1.2
---------------------------------------------------------------------
--- erl_docgen-1.0.1 ------------------------------------------------
---------------------------------------------------------------------
The erl_docgen-1.0.1 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16661 Application(s): erl_docgen
Related Id(s): ERL-1259
Repaired lost function "since" versions in the right
margin of the module reference HTML documentation.
OTP-16675 Application(s): erl_docgen
Remove erlang compilation warnings and trailing
whitespaces.
Full runtime dependencies of erl_docgen-1.0.1: edoc-0.7.13, erts-9.0,
stdlib-3.4, xmerl-1.3.7
---------------------------------------------------------------------
--- erl_interface-4.0.1 ---------------------------------------------
---------------------------------------------------------------------
The erl_interface-4.0.1 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16740 Application(s): erl_interface
Fix erl_interface on windows to be compiled with
correct flags to make internal primitives reentrant.
OTP-16753 Application(s): erl_interface
Related Id(s): ERL-1288, PR-2678
Fixed ei_get_type to set *size to zero for floats,
pids, port and refs according to documentation.
OTP-16786 Application(s): erl_interface
Fix ei_connect when using a dynamic node name to force
usage of distribution version 6.
This bug caused erl_call -R -address to not work
properly.
--- Improvements and New Features ---
OTP-16707 Application(s): asn1, erl_interface, erts, odbc
Related Id(s): PR-2638
Changes in order to build on the Haiku operating
system.
Thanks to Calvin Buckley
--- Known Bugs and Problems ---
OTP-16607 Application(s): erl_interface
Related Id(s): OTP-16608
The ei API for decoding/encoding terms is not fully
64-bit compatible since terms that have a
representation on the external term format larger than
2 GB cannot be handled.
---------------------------------------------------------------------
--- erts-11.1 -------------------------------------------------------
---------------------------------------------------------------------
The erts-11.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16625 Application(s): erts
Related Id(s): PR-2609
Update the documentation of the abstract format to use
ANNO instead of LINE.
OTP-16710 Application(s): erts
Related Id(s): ERL-1280
The emulator will no longer revert to the default
number of schedulers when running under a CPU quota
lower than 1 CPU.
OTP-16713 Application(s): erts
Fixed a problem with crash dumps. When a process that
contained reference to literals internally created by
the runtime system (such as the tuple returned by
os:type/0), the literal would not be included in the
crash dump and the crashdump viewer would complain
about the heap being incomplete.
OTP-16738 Application(s): erts
Fix configure detection of PGO for clang.
OTP-16741 Application(s): erts
The to_erl program has been fixed to correctly
interpret newline as only newline and not
newline+return.
This bug would cause the terminal to behave strangely
when using lines longer than the terminal size.
OTP-16770 Application(s): erts
A race condition when changing process priority by
calling process_flag(priority, Prio) could cause
elevation of priority for a system task to be ignored.
This bug hit if the system task was scheduled on the
process calling process_flag() at the same time as the
priority was changed. The bug is quite harmless and
should hit very seldom if ever.
OTP-16833 Application(s): erts, otp
Related Id(s): PR-2729
Adjust /bin/sh to /system/bin/sh in scripts when
installing on Android.
OTP-16850 Application(s): erts
Related Id(s): ERL-1344
In rare circumstances, when loading a BEAM file
generated by an alternative code generator (not the
Erlang compiler in OTP) or from handwritten or patched
BEAM code, the loader could do an unsafe optimization.
OTP-16857 Application(s): erts
A memory and file descriptor leak in socket has been
fixed. (When a newly opened socket that had not entered
the fd into the VM's poll set (neither received, sent,
accepted nor connected) was abandoned without closing
(process died), after assigning a different controlling
process, then a memory block and the file descriptor
could be leaked.)
OTP-16866 Application(s): erts
Related Id(s): ERL-1355
The documentation of statistics(run_queue) erroneously
stated that it returns the total length of all normal
run queues when it is the total length of all normal
and dirty CPU run queues that is returned. The
documentation has been updated to reflect the actual
behavior.
--- Improvements and New Features ---
OTP-16707 Application(s): asn1, erl_interface, erts, odbc
Related Id(s): PR-2638
Changes in order to build on the Haiku operating
system.
Thanks to Calvin Buckley
OTP-16715 Application(s): erts
When building the inet driver on Windows, there where
many compiler warnings regarding type casting (used
when calling the debug macro). This has now been
resolved.
OTP-16763 Application(s): erts, kernel
Make (use of) the socket registry optional (still
enabled by default). Its now possible to build OTP with
the socket registry turned off, turn it off by setting
an environment variable and controlling in runtime (via
function calls and arguments when creating sockets).
OTP-16821 Application(s): erts
Related Id(s): PR-2733
Change default filename encoding on android to UTF-8.
OTP-16848 Application(s): erts
Related Id(s): PR-2737
Clarification of the format of the atom cache header
used by the distribution.
Full runtime dependencies of erts-11.1: kernel-7.0, sasl-3.3,
stdlib-3.13
---------------------------------------------------------------------
--- eunit-2.6 -------------------------------------------------------
---------------------------------------------------------------------
The eunit-2.6 application can be applied independently of other
applications on a full OTP 23 installation.
--- Improvements and New Features ---
OTP-16674 Application(s): eunit
Fixed compiler warning.
Full runtime dependencies of eunit-2.6: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- ftp-1.0.5 -------------------------------------------------------
---------------------------------------------------------------------
The ftp-1.0.5 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16734 Application(s): ftp
Related Id(s): ERIERL-496, OTP-16697
Avoid timing issue when setting active once on a socket
that is being closed by the peer.
Full runtime dependencies of ftp-1.0.5: erts-7.0, kernel-6.0,
stdlib-3.5
---------------------------------------------------------------------
--- hipe-4.0.1 ------------------------------------------------------
---------------------------------------------------------------------
The hipe-4.0.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16737 Application(s): hipe
Fixed a warning issued when building the hipe
application.
Full runtime dependencies of hipe-4.0.1: compiler-5.0, erts-9.3,
kernel-5.3, stdlib-3.4, syntax_tools-1.6.14
---------------------------------------------------------------------
--- inets-7.3 -------------------------------------------------------
---------------------------------------------------------------------
The inets-7.3 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16650 Application(s): inets
Related Id(s): ERL-1215, PR-2629
Clarify the handling of percent encoded characters in
http client.
OTP-16663 Application(s): inets
Related Id(s): ERL-1241
fix crash for undefined port in uri.
OTP-16735 Application(s): inets
Related Id(s): ERIERL-496, OTP-16697
Avoid timing issue when setting active once on a socket
that is being closed by the peer.
OTP-16746 Application(s): inets
Related Id(s): ERL-1268
Handle message body of response with 1XX status code as
next http message.
OTP-16775 Application(s): inets
Related Id(s): ERIERL-519
Fix a crash in http server when setopts is called on a
socket closed by the peer.
OTP-16790 Application(s): inets
Related Id(s): ERIERL-522
*** HIGHLIGHT ***
A vulnerability in the httpd module (inets application)
regarding directory traversal that was introduced in
OTP 22.3.1 and corrected in OTP 22.3.4.6. It was also
introduced in OTP 23.0 and corrected in OTP 23.1 The
vulnerability is registered as CVE-2020-25623
The vulnerability is only exposed if the http server
(httpd) in the inets application is used. The
vulnerability makes it possible to read arbitrary files
which the Erlang system has read access to with for
example a specially prepared http request.
--- Improvements and New Features ---
OTP-16591 Application(s): inets
Related Id(s): ERIERL-484
Add support of PATCH method in mod_esi.
Full runtime dependencies of inets-7.3: erts-6.0, kernel-3.0,
mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5
---------------------------------------------------------------------
--- kernel-7.1 ------------------------------------------------------
---------------------------------------------------------------------
The kernel-7.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15187 Application(s): kernel
Related Id(s): ERL-1293
A fallback has been implemented for file:sendfile when
using inet_backend socket
OTP-16694 Application(s): kernel
Related Id(s): PR-2625
Make default TCP distribution honour option backlog in
inet_dist_listen_options.
OTP-16743 Application(s): kernel
Related Id(s): ERL-1287
Raw option handling for the experimental gen_tcp_socket
backend was broken so that all raw options were ignored
by for example gen_tcp:listen/2, a bug that now has
been fixed. Reported by Jan Uhlig.
OTP-16748 Application(s): kernel
Related Id(s): ERL-1284
Accept fails with inet-backend socket.
OTP-16754 Application(s): kernel
Fixed various minor errors in the socket backend of
gen_tcp.
OTP-16768 Application(s): kernel
Related Id(s): ERL-1312
Correct disk_log:truncate/1 to count the header. Also
correct the documentation to state that
disk_log:truncate/1 can be used with external disk
logs.
OTP-16783 Application(s): kernel
Fix erl_epmd:port_please/2,3 type specs to include all
possible error values.
OTP-16785 Application(s): kernel
Fix erl -erl_epmd_port to work properly. Before this
fix it did not work at all.
OTP-16823 Application(s): kernel
Related Id(s): PR-2722
Fix typespec for internal function
erlang:seq_trace_info/1 to allow term() as returned
label. This in turn fixes so that calls to
seq_trace:get_token/1 can be correctly analyzer by
dialyzer.
OTP-16832 Application(s): kernel
Related Id(s): PR-2738
Fix erroneous double registration of processes in pg
when distribution is dynamically started.
--- Improvements and New Features ---
OTP-16763 Application(s): erts, kernel
Make (use of) the socket registry optional (still
enabled by default). Its now possible to build OTP with
the socket registry turned off, turn it off by setting
an environment variable and controlling in runtime (via
function calls and arguments when creating sockets).
OTP-16784 Application(s): kernel
erl -remsh nodename no longer requires the hostname to
be given when used together with dynamic nodenames.
Full runtime dependencies of kernel-7.1: erts-11.0, sasl-3.0,
stdlib-3.13
---------------------------------------------------------------------
--- megaco-3.19.3 ---------------------------------------------------
---------------------------------------------------------------------
The megaco-3.19.3 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16836 Application(s): megaco
The expected number of warnings when (yecc) generating
v2 and v3 (text) parser's was incorrect.
Full runtime dependencies of megaco-3.19.3: asn1-3.0, debugger-4.0,
erts-7.0, et-1.5, kernel-3.0, runtime_tools-1.8.14, stdlib-2.5
---------------------------------------------------------------------
--- mnesia-4.18 -----------------------------------------------------
---------------------------------------------------------------------
The mnesia-4.18 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16782 Application(s): mnesia
Related Id(s): PR-2663
FIx mnesia delete object handling in transaction
storage. In a transaction mnesia:read/1 could indicate
that exiting objects did not exist after another object
was deleted.
--- Improvements and New Features ---
OTP-16815 Application(s): mnesia
Related Id(s): ERIERL-500
Fixed crash during startup, which could happen if a
table was deleted on another node.
Full runtime dependencies of mnesia-4.18: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- observer-2.9.5 --------------------------------------------------
---------------------------------------------------------------------
The observer-2.9.5 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16778 Application(s): observer
Fix graph windows flickering on windows.
Full runtime dependencies of observer-2.9.5: erts-11.0, et-1.5,
kernel-7.0, runtime_tools-1.8.14, stdlib-3.13, wx-1.2
---------------------------------------------------------------------
--- odbc-2.13.1 -----------------------------------------------------
---------------------------------------------------------------------
The odbc-2.13.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Improvements and New Features ---
OTP-16707 Application(s): asn1, erl_interface, erts, odbc
Related Id(s): PR-2638
Changes in order to build on the Haiku operating
system.
Thanks to Calvin Buckley
Full runtime dependencies of odbc-2.13.1: erts-6.0, kernel-3.0,
stdlib-2.0
---------------------------------------------------------------------
--- os_mon-2.6 ------------------------------------------------------
---------------------------------------------------------------------
The os_mon-2.6 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16798 Application(s): os_mon
Related Id(s): ERL-1327
memsup now returns the correct amount of system memory
on macOS.
--- Improvements and New Features ---
OTP-16742 Application(s): os_mon
Fix memsup:get_os_wordsize/0 to return the current size
on aarch64.
Full runtime dependencies of os_mon-2.6: erts-6.0, kernel-3.0,
sasl-2.4, stdlib-2.0
---------------------------------------------------------------------
--- public_key-1.9 --------------------------------------------------
---------------------------------------------------------------------
The public_key-1.9 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16801 Application(s): public_key
Related Id(s): ERL-1309
Fixed an insignificant whitespace issue when decoding
PEM file.
--- Improvements and New Features ---
OTP-16448 Application(s): public_key, ssl
Experimental OCSP client support.
OTP-16592 Application(s): public_key
Use user returned path validation error for selfsigned
cert. It allows users of the ssl application to
customize the generated TLS alert, within the range of
defined alerts.
OTP-16705 Application(s): public_key
add API function to retrieve the subject-ID of an X509
certificate
Full runtime dependencies of public_key-1.9: asn1-3.0, crypto-3.8,
erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
--- runtime_tools-1.15.1 --------------------------------------------
---------------------------------------------------------------------
The runtime_tools-1.15.1 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16787 Application(s): runtime_tools
Related Id(s): PR-2673
Fixed a crash in appmon_info triggered by trying to
read port info from a port that was in the process of
terminating.
appmon_info is used by observer to get information from
the observed node.
Full runtime dependencies of runtime_tools-1.15.1: erts-11.0,
kernel-7.0, mnesia-4.12, stdlib-3.13
---------------------------------------------------------------------
--- sasl-4.0.1 ------------------------------------------------------
---------------------------------------------------------------------
The sasl-4.0.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16744 Application(s): sasl
Related Id(s): ERL-1247, PR-2666
Make release_handler more resilient against exiting
processes during upgrade.
Full runtime dependencies of sasl-4.0.1: erts-10.2, kernel-5.3,
stdlib-3.4, tools-2.6.14
---------------------------------------------------------------------
--- snmp-5.6.1 ------------------------------------------------------
---------------------------------------------------------------------
The snmp-5.6.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15130 Application(s): snmp
Related Id(s): ERIERL-524, OTP-16541
For agent fix PrivParams for SNMPv3 USM with AES
privacy, as earlier fixed for the manager in OTP_16541.
OTP-15767 Application(s): snmp
Related Id(s): ERIERL-523
The SNMP Agent missed to re-activate datagram reception
in an odd timeout case and went deaf. This bug has been
fixed.
OTP-16716 Application(s): snmp
Use of deprecated functions in example 2 has been
removed (no more compiler warnings).
OTP-16760 Application(s): snmp
Related Id(s): ERIERL-511
A file descriptor leak has been plugged. When calling
the reconfigure function of a mib, it opened the config
file(s) but never closed them on successful read.
Full runtime dependencies of snmp-5.6.1: crypto-3.3, erts-6.0,
kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5
---------------------------------------------------------------------
--- ssh-4.10.1 ------------------------------------------------------
---------------------------------------------------------------------
The ssh-4.10.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16761 Application(s): ssh
Related Id(s): PR-2679
Fixed a bug when a message to ssh-agent was divided
into separate packets.
OTP-16791 Application(s): ssh
Related Id(s): ERIERL-520
Fix a bug that could crash the cli server if a too
large cli-window was requested from the client.
--- Improvements and New Features ---
OTP-14106 Application(s): ssh
Increased test coverage.
OTP-16411 Application(s): ssh
A chapter about hardening the OTP SSH is added to the
User's Guide.
OTP-16774 Application(s): crypto, ssh
The internal Diffie-Hellman high level API for key
generation was slow in old and by OpenSSL now
unsupported cryptolib versions (1.0.1 and earlier).
If such a cryptolib is used anyhow, the low-level API
is used internally in the crypto application.
OTP-16803 Application(s): ssh
A new timeout is defined for daemons: hello_timeout.
The timeout is supposed to be used as a simple DoS
attack protection. It closes an incoming TCP-connection
if no valid first SSH message is received from the
client within the timeout limit after the TCP initial
connection setup.
The initial value is 30s by compatibility reasons, but
could be lowered if needed, for example in the code or
in a config file.
Full runtime dependencies of ssh-4.10.1: crypto-4.6.4, erts-9.0,
kernel-5.3, public_key-1.6.1, stdlib-3.4.1
---------------------------------------------------------------------
--- ssl-10.1 --------------------------------------------------------
---------------------------------------------------------------------
The ssl-10.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16697 Application(s): ssl
Related Id(s): ERIERL-496
If a passive socket is created, ssl:recv/2,3 is never
called and then the peer closes the socket the
controlling process will no longer receive an active
close message.
OTP-16764 Application(s): ssl
Data deliver with ssl:recv/2,3 could fail for when
using packet mode. This has been fixed by correcting
the flow control handling of passive sockets when
packet mode is used.
OTP-16765 Application(s): ssl
This change fixes a potential man-in-the-middle
vulnerability when the ssl client is configured to
automatically handle session tickets ({session_tickets,
auto}).
OTP-16767 Application(s): ssl
Related Id(s): ERIERL-512
Fix the internal handling of options 'verify' and
'verify_fun'.
This change fixes a vulnerability when setting the ssl
option 'verify' to verify_peer in a continued handshake
won't take any effect resulting in the acceptance of
expired peer certificates.
OTP-16776 Application(s): ssl
Related Id(s): ERL-1316
This change fixes the handling of stateless session
tickets when anti-replay is enabled.
OTP-16777 Application(s): ssl
Related Id(s): ERL-1317
Fix a crash due to the faulty handling of stateful
session tickets received by servers expecting stateless
session tickets.
This change also improves the handling of
faulty/invalid tickets.
OTP-16837 Application(s): ssl
Related Id(s): ERL-1319, OTP-16764
Correct flow ctrl checks from OTP-16764 to work as
intended. Probably will not have a noticeable affect
but will make connections more well behaved under some
circumstances.
OTP-16851 Application(s): ssl
Related Id(s): PR-2703
Distribution over TLS could exhibit livelock-like
behaviour when there is a constant stream of
distribution messages. Distribution data is now chunked
every 16 Mb to avoid that.
--- Improvements and New Features ---
OTP-15855 Application(s): ssl
Implement the cookie extension for TLS 1.3.
OTP-16448 Application(s): public_key, ssl
Experimental OCSP client support.
OTP-16802 Application(s): ssl
Related Id(s): ERIERL-516
TLS 1.0 -TLS-1.2 sessions tables now have a absolute
max value instead of using a shrinking mechanism when
reaching the limit. To avoid out of memory problems
under heavy load situations. Note that this change
infers that implementations of ssl_session_cache_api
needs to implement the size function (introduce in OTP
19) for session reuse to be optimally utilized.
Full runtime dependencies of ssl-10.1: crypto-4.2, erts-10.0,
inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.5
---------------------------------------------------------------------
--- stdlib-3.13.2 ---------------------------------------------------
---------------------------------------------------------------------
The stdlib-3.13.2 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16655 Application(s): stdlib
The functions digraph:in_edges/2 and
digraph:out_edges/2 would return false edges if called
for a vertex that had a '_' atom in its name term.
OTP-16700 Application(s): stdlib
filelib:wildcard("not-a-directory/..") should return an
empty list. On Windows it returned
"not-a-directory/..".
OTP-16739 Application(s): stdlib
Fix the typespec of shell_docs:render to use the
correct type for an MFA.
OTP-16751 Application(s): stdlib
Related Id(s): ERL-1283
Fix uri_string:recompose/1 when host is present but
input path is not absolute.
This change prevents the recompose operation to change
the top level domain of the host when the path does not
start with a slash.
OTP-16816 Application(s): stdlib
Related Id(s): ERL-1310
The epp module would return a badly formed error term
when an 'if' preprocessor directive referenced an
undefined symbol. epp:format_error/1 would crash when
called with the bad error term.
OTP-16830 Application(s): stdlib
Related Id(s): ERL-1334, PR-2718
lists:sublist(List, Start, Len) failed with an
exception if Start > length(List) + 1 even though it is
explicitly documented that "It is not an error for
Start+Len to exceed the length of the list".
Full runtime dependencies of stdlib-3.13.2: compiler-5.0, crypto-3.3,
erts-11.0, kernel-7.0, sasl-3.0
---------------------------------------------------------------------
--- syntax_tools-2.3.1 ----------------------------------------------
---------------------------------------------------------------------
The syntax_tools-2.3.1 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16732 Application(s): syntax_tools
Related Id(s): PR-2659
Minor documentation fix of erl_syntax:operator/1.
Full runtime dependencies of syntax_tools-2.3.1: compiler-7.0,
erts-9.0, kernel-5.0, stdlib-3.4
---------------------------------------------------------------------
--- tools-3.4.1 -----------------------------------------------------
---------------------------------------------------------------------
The tools-3.4.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16854 Application(s): tools
Related Id(s): PR-2750
Correct the Xref analysis locals_not_used to find
functions called exclusively from on_load functions.
Full runtime dependencies of tools-3.4.1: compiler-5.0, erts-11.0,
erts-9.1, kernel-5.4, runtime_tools-1.8.14, stdlib-3.4
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
|