Age | Commit message (Collapse) | Author |
|
SSI is an old technique implemented by mod_include, that was badly
tested and not recommended to use, as having the server parse HTML
pages is a double edged sword! It can be costly for a heavily loaded
server to perform parsing of HTML pages while sending
them. Furthermore, it can be considered a security risk to have
average users executing commands in the name of the Erlang node user.
|
|
=== OTP-17.5 ===
Changed Applications:
- asn1-3.0.4
- common_test-1.10
- compiler-5.0.4
- crypto-3.5
- debugger-4.0.3
- dialyzer-2.7.4
- diameter-1.9
- eldap-1.1.1
- erts-6.4
- hipe-3.11.3
- inets-5.10.6
- kernel-3.2
- mnesia-4.12.5
- observer-2.0.4
- os_mon-2.3.1
- public_key-0.23
- runtime_tools-1.8.16
- ssh-3.2
- ssl-6.0
- stdlib-2.4
- syntax_tools-1.6.18
- test_server-3.8
- tools-2.7.2
- wx-1.3.3
Unchanged Applications:
- cosEvent-2.1.15
- cosEventDomain-1.1.14
- cosFileTransfer-1.1.16
- cosNotification-1.1.21
- cosProperty-1.1.17
- cosTime-1.1.14
- cosTransactions-1.2.14
- edoc-0.7.16
- erl_docgen-0.3.7
- erl_interface-3.7.20
- et-1.5
- eunit-2.2.9
- gs-1.5.16
- ic-4.3.6
- jinterface-1.5.12
- megaco-3.17.3
- odbc-2.10.22
- orber-3.7.1
- ose-1.0.2
- otp_mibs-1.0.10
- parsetools-2.0.12
- percept-0.8.10
- reltool-0.6.6
- sasl-2.4.1
- snmp-5.1.1
- typer-0.9.8
- webtool-0.8.10
- xmerl-1.3.7
Conflicts:
OTP_VERSION
erts/vsn.mk
lib/ssl/vsn.mk
|
|
|
|
|
|
|
|
* egil/maps/tests:
debugger: Strengthen Maps tests
compiler: Strengthen Maps tests
erts: Strengthen Maps tests
|
|
* maint:
observer: Fix crash in process_window
|
|
* dgud/observer/fix-atom-tostr/OTP-12634:
observer: Fix crash in process_window
|
|
Links can be to named processes, convert atom to list
|
|
|
|
Conflicts:
lib/stdlib/src/stdlib.appup.src
|
|
* anders/diameter/hardening/OTP-12628:
Remove potentially large error reason in call to diameter_lib:log/4
Limit FQDN in DiameterURI to 255 octets
Limit DiameterURI ports to 0-65535 digits on decode
Add service_opt() incoming_maxlen
Add guard to reject {spawn_opt, false} as transport/service_opt()
|
|
The function is intended to be traced on, to see abnormalities (mostly)
without producing excessive output. In the case of decode failure, the
error reason can be things like {badmatch, HugeBinary}.
Missed in commit 0058430.
|
|
* dgud/mnesia/try-catch:
mnesia: Replace catch with try-catch
|
|
Avoids building stacktraces where it is not needed and do
not mask errors, i.e. only catch the relevant classes in each try.
|
|
* dgud/wx/prefer-wxMSW-3/OTP-12632:
wx: Fix variable cursor constants
wx: On Mac keyboards use meta field as raw_ctrl
wx: Prefer wxWidgets-3.0. branch on windows
|
|
Fix cursor constants that changes with OS and wxWidgets releases.
|
|
On mac and wxWidgets-3.0 the crtlDown field in keyboard and
mouse events are set when command button is pressed.
The ctrl key on mac keyboard is in a field called raw_control as this
would be backward incompatible to add we reuse the metaDown field as
indicator when the ctrl keyboard button is pressed.
|
|
Since no bug fixes are done anymore on the 2.8 branch it is time
to switch the preferred version to 3.0 branch.
|
|
* dgud/observer/allocator-graphs/OTP-12631:
observer: Fix menu code (for mac)
observer: Add a new tab memory allocator charts
|
|
Have been broken since:
6fe02e14d observer: Add SASL log view for processes
|
|
Easier to the see memory usage and utilization as charts instead of
values that is updating during runtime.
Remove from system page and create a separate allocator tab.
|
|
|
|
|
|
As for the port number in the parent commit, a FQDN can't be arbitrarily
long, at most 255 octets. Make decode fail if it's more.
|
|
A port number is a 16-bit integer, but the regexp used to parse it in
commit 1590920 slavishly followed the RFC 6733 grammar in matching an
arbitrary number of digits. Make decode fail if it's anything more than
5, to avoid doing erlang:list_to_integer/1 on arbitrarily large lists.
Also make it fail if the resulting integer is outside of the expected
range.
|
|
To bound the length of incoming messages that will be decoded. A message
longer than the specified number of bytes is discarded. An
incoming_maxlen_exceeded counter is incremented to make note of the
occurrence.
The motivation is to prevent a sufficiently malicious peer from
generating significant load by sending long messages with many AVPs for
diameter to decode. The 24-bit message length header accomodates
(16#FFFFFF - 20) div 12 = 1398099
Unsigned32 AVPs for example, which the current record-valued decode is
too slow with in practice. A bound of 16#FFFF bytes allows for 5461
small AVPs, which is probably more than enough for the majority of
applications, but the default is the full 16#FFFFFF.
|
|
|
|
* egil/maps/refactor-tagscheme/OTP-12585:
erts: Refactor Map - use multiple values ESTACK_PUSHN
erts: GC needs the size even if the frag is not referenced
Revert "hipe: Handle separate hashmap tag correctly"
erts: Combine flat and hash maps under one unifying tag
|
|
It was possible to configure the option, but doing so caused the service
to fail when starting a watchdog process:
{function_clause,
[{diameter_service,'-spawn_opts/1-lc$^0/1-0-',
[false],
[{file,"base/diameter_service.erl"},{line,846}]},
{diameter_service,start,5,
[{file,"base/diameter_service.erl"},{line,820}]},
{diameter_service,start,3,
[{file,"base/diameter_service.erl"},{line,782}]},
{diameter_service,handle_call,3,
[{file,"base/diameter_service.erl"},{line,385}]},
{gen_server,try_handle_call,4,[{file,"gen_server.erl"},{line,607}]},
{gen_server,handle_msg,5,[{file,"gen_server.erl"},{line,639}]},
{proc_lib,init_p_do_apply,3,[{file,"proc_lib.erl"},{line,237}]}]}
Tests for the option in the config suite were also missing.
Bungled in commit 78b3dc6.
|
|
|
|
* peppe/common_test/failing_telnet_tests:
Add documentation and make get_data behaviour backwards compatible
Introduce polling feature in ct_telnet
Fix problem with invalid timeouts because of truncated floats
OTP-12627
|
|
|
|
* bjorn/doc:
cerl_trees: Fix incorrect EDoc reference to the cerl module
cerl: Correct incorrect EDoc references
|
|
* erland/OTP18/inets/time_api/OTP-12441:
inets: Add new module inets_time_compat with new time API The new module is backwards compatible.
|
|
* erland/ssh/OTP18/time_api/OTP-12444:
ssh: Use new time API
|
|
This reverts commit 4dc5f194b0a5a6f052763bb7494b0458f98d96ca.
|
|
|
|
The new module is backwards compatible.
|
|
|
|
|
|
|
|
Required load order by ticket.
- OTP-11492, answer messages discarded
- OTP-12415, retransmission failure
- OTP-12475, grouped AVP decode
- OTP-12543, no requests after DPR
none
- OTP-12412, shutdown issues
diameter_lib
diameter_service
- OTP-12428, transport_opt() pool_size
diameter_lib
diameter_service
diameter, diameter_config
diameter_{tcp,sctp}
diameter, diameter_config
- OTP-12439, new time api in Erlang/OTP 18
diameter_lib
diameter_{config,peer,reg,service,session,stats,sync,watchdog,sctp}
- OTP-11952, service_opt() decode_string
- OTP-12589, DiameterURI encode/decode
diameter_{capx,codec,peer}
diameter_types
diameter_traffic
diameter_{service,peer_fsm}
diameter_watchdog
diameter, diameter_config
- OTP-12542, DPR with diameter:call/4
diameter_{peer_fsm,watchdog}
diameter, diameter_config
- OTP-12609, transport_opt() dpr_timeout
diameter_peer_fsm
diameter, diameter_config
|
|
|
|
|
|
* anders/diameter/dpr/OTP-12609:
Discard incoming/outgoing requests after incoming DPR
Add transport_opt() dpr_timeout
Be lenient with errors in incoming DPR
|
|
Despite claims of full backwards compatibility, the text of RFC 6733
changes the interpretation of unspecified values in a DiameterURI. In
particular, 3588 says that the default port and transport are 3868 and
sctp respectively, while 6733 says it's either 3868/tcp (aaa) or
5658/tcp (aaas). The 3588 defaults were used regardless, but now use
them only if the common dictionary is diameter_gen_base_rfc3588. The
6733 defaults are used otherwise.
This kind of change in the standard can lead to interop problems, since
a node has to know which RFC its peer is following to know that it will
properly interpret missing URI components. Encode of a URI includes all
components to avoid such confusion.
That said, note that the defaults in the diameter_uri record have *not*
been changed. This avoids breaking code that depends on them, but the
risk is that such code sends inappropriate values. The record defaults
may be changed in a future release, to force values to be explicitly
specified.
|
|
Both RFC 3588 and 6733 disallow the combination. Make its encode fail.
|
|
* anders/diameter/string_decode/OTP-11952:
Let examples override default service options
Set {restrict_connections, false} in example server
Set {string_decode, false} in examples
Test {string_decode, false} in traffic suite
Add service_opt() string_decode
Strip potentially large terms when sending outgoing Diameter messages
Improve language consistency in diameter(1)
|
|
* anders/diameter/route_record/OTP-12551:
Fix ordering of AVPs in relayed messages
|