Age | Commit message (Collapse) | Author |
|
|
|
|
|
maint-19
* kellymclaughlin/crypto/aes_cfb_128/PR-1393/OTP-14313:
Fix bug with AES CFB 128
Demonstrate the bug with AES CFB 128 encryption
|
|
into maint-19
* raimo/file-read_file-leaks-file-descriptors/ERL-383/OTP-14308:
Close FD after trying to open a directory
|
|
into maint-19
* voltone/inets/httpc_redirect_normalize_host/PR-1381/OTP-14301:
Omit port from Host header on redirect to well-known port
|
|
* ingela/maint-19/active-once/ERL-371/OTP-14300:
ssl: Prepare for release
ssl: Avoid data loss in active once
|
|
* hans/ssh/daemon_info_crash_ip/OTP-14298:
ssh: fixed crash in ssh:daemon_info
|
|
* egil/erts/fix-sigterm/OTP-14290:
erts: Make sigterm signal safe for non-smp beam
|
|
* hans/ftp/recv_chunk/OTP-14242:
inets/ftp: spelling correction
inets/ftp: DBG macro change
inets/ftp: Fixed fault with operations after recv_chunks.
inets/ftp: Testcase for repeating chunked fetch
|
|
Fix a bug with the use of the aes_cfb128 cipher by calling the correct
underlying openssl interface function when the cipher is specified.
|
|
Demonstrate a bug with AES CFB 128 for certain key sizes introduced
with the Erlang 19.0 release. The code in the block_crypt_nif function
in the crypto.c source file incorrectly calls aes_cfb_8_crypt when the
specified cipher is aes_cfb8 or aes_cfb128 and the key size is 24 or
32. The aes_cfb_8_crypt function calls the AES_cfb8_encrypt function
from the openssl interface, but this is incorrect when the cipher is
aes_cfb128.
Unfortunately the test cases in the crypto test suite are insufficient
to detect an issue like this because it exercises the encryption and
decryption roundtrip using the same incorrect underlying function. The
problem was observed when trying to update an application to Erlang 19
that attempted to decrypt data that was encrypted using aes_cfb128 by
another source. In this commit I altered the crypto test suite to
provide a demonstration of this problem.
|
|
|
|
|
|
Emulate active once in such a way that data recived by the TLS
connection process, but not fetch via active once option
by the user, can be delivered at next active once before final close.
|
|
|
|
The signal handler will now schedule a sigterm message instead of sending
the message in the signal handler. The signal handler must refrain from
memory allocations and thus the event is scheduled.
|
|
ERL-316, as part of 19.3, adds the port number to the Host header
upon automatic redirection. The port number is included even if it
is a well-known port (80, 443). This is different from the
behaviour of most HTTP clients, as well as httpc's own for new
requests.
The added port number can lead to problems such as this one, where
the request signature assumes the client will not send the :443
suffix on redirection to an https URL:
https://github.com/nerves-project/nerves/issues/96
I was unable to add a test case, since that would require a server
on a well-known port, but I manually verified that the GitHub/S3
signing issue was indeed resolved with this patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Extend Travis CI to test more configurations
|
|
* siri/appups-19.3:
Update appups in kernel and stdlib for OTP-19.3
|
|
Build Erlang and run smoke test in a Docker container running
32-bit Linxux.
|
|
|
|
|
|
Since docker is run from the top-level of the otp repository, the
entire repository will be the context for the docker daemon. In my
private repository, more than 800Mb had to be copied before the
build could be started.
Let the ./scripts directory be the context for docker instead.
That way, only the otp.tar.gz file needs to be copied.
While we are it, also use the ADD command in the Dockerfiles to
pack up the tar file and avoid copying the tar file itself to
the Docker image.
|
|
* anders/diameter/capx_strictness/OTP-14257:
Add transport_opt() capx_strictness
|
|
|
|
* anders/diameter/19.3/OTP-14252:
vsn -> 1.12.2
Update appup for 19.3
|
|
* anders/diameter/19.2/failover/OTP-14206:
Avoid sending large terms between nodes unnecessarily
Don't use request table for answer routing
Fix/redo failover optimization
|
|
Pass all argument except the first as the command for "docker run".
|
|
* ingela/ssl/next-maint-version:
ssl: Version update
|
|
* ingela/ssl/dtls-cont:
dtls: Only test this for TLS for now
dtls: Avoid mixup of protocol to test
dtls: 'dtlsv1.2' corresponds to 'tlsv1.2'
dtls: Correct dialyzer spec and postpone inclusion of test
dtls: Erlang distribution over DTLS is not supported
dtls: Enable some DTLS tests in ssl_to_openssl_SUITE
dtls: Enable DTLS test in ssl_certificate_verify_SUITE
dtls: Hibernation and retransmit timers
dtls: Make sure retransmission timers are run
dtls: DTLS specific handling of socket and ciphers
|
|
We want to avoid failing test cases but still be able to merge
DTLS progress for 19.3
|
|
To allow the Peer State Machine requirement that only the expected
capabilities exchange message be received in the relevant state to be
relaxed. If {capx_strictness, false} is configured then anything bu the
expected CER/CEA is ignored.
This is non-standard behaviour, and thusfar undocumented. Use at your
own risk.
|
|
Running fewer jobs in parallel reduces the risk of running out
of memory.
|
|
|
|
We never use the installed Erlang package. Setting the language
to C could also allow us to build on platforms that don't support
the Erlang language (e.g. osx).
|
|
Travis CI: Avoid that builds gets killed for inactivity
|
|
When relaying outgoing requests through transport on a remote node,
terms that were stripped when sending to the transport process weren't
stripped when spawning a process on the remote node.
Also, don't save the request to the process dictionary in a process that
just relays an answer.
|
|
The table has existed forever, to route incoming answers to a waiting
request process: each outgoing request writes to the table, and each
incoming answer reads. This has been seen to suffer from lock contention
at high load however, so this commit moves the routing into the
diameter_peer_fsm processes that are diameter's conduit to transport
processes. The request table is still used for failover detection, but
entries are only written when a watchdog state transitions leaves or
enters state OKAY.
|