Patch Package: OTP 24.3.4.1 Git Tag: OTP-24.3.4.1 Date: 2022-06-08 Trouble Report Id: OTP-17858, OTP-18085, OTP-18087, OTP-18092, OTP-18093, OTP-18094, OTP-18100, OTP-18123, OTP-18128, OTP-18129 Seq num: ERIERL-728, GH-5950, GH-5961, GH-5985, GH-5994 System: OTP Release: 24 Application: crypto-5.0.6.1, erts-12.3.2.1, mnesia-4.20.4.1, ssh-4.13.2.1, ssl-10.7.3.1 Predecessor: OTP 24.3.4 Check out the git tag OTP-24.3.4.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. --------------------------------------------------------------------- --- crypto-5.0.6.1 -------------------------------------------------- --------------------------------------------------------------------- The crypto-5.0.6.1 application can be applied independently of other applications on a full OTP 24 installation. --- Fixed Bugs and Malfunctions --- OTP-17858 Application(s): crypto Related Id(s): ERIERL-728 Fix timing bug in ensure_engine_loaded When two ensure_engine_loaded() calls were done in parallel there was a possibility that a crypto lib function was called by both instead of just one of them which resulted in an error. This is solved by moving the implementation from erlang down into a NIF function that uses a mutex to protect the sensitive part. Full runtime dependencies of crypto-5.0.6.1: erts-9.0, kernel-5.3, stdlib-3.4 --------------------------------------------------------------------- --- erts-12.3.2.1 --------------------------------------------------- --------------------------------------------------------------------- Note! The erts-12.3.2.1 application *cannot* be applied independently of other applications on an arbitrary OTP 24 installation. On a full OTP 24 installation, also the following runtime dependency has to be satisfied: -- kernel-8.3 (first satisfied in OTP 24.3) --- Fixed Bugs and Malfunctions --- OTP-18093 Application(s): erts Related Id(s): OTP-18104, PR-5987 Accept funs (NEW_FUN_EXT) with incorrectly encoded size field. This is a workaround for a bug (OTP-18104) existing in OTP 23 and 24 that could cause incorrect size fields in certain cases. The emulator does not use the decoded size field, but erl_interface still does and is not helped by this workaround. OTP-18123 Application(s): erts Related Id(s): GH-5994 The zlib built in to the runtime system has been updated to version 1.2.12. (Note that on most platforms, the platform's own zlib is used.) Full runtime dependencies of erts-12.3.2.1: kernel-8.3, sasl-3.3, stdlib-3.13 --------------------------------------------------------------------- --- mnesia-4.20.4.1 ------------------------------------------------- --------------------------------------------------------------------- The mnesia-4.20.4.1 application can be applied independently of other applications on a full OTP 24 installation. --- Fixed Bugs and Malfunctions --- OTP-18128 Application(s): mnesia Related Id(s): PR-6013 Fixed add_table_copy which could leave a table lock if the receiving node went down during the operation. Full runtime dependencies of mnesia-4.20.4.1: erts-9.0, kernel-5.3, stdlib-3.4 --------------------------------------------------------------------- --- ssh-4.13.2.1 ---------------------------------------------------- --------------------------------------------------------------------- The ssh-4.13.2.1 application can be applied independently of other applications on a full OTP 24 installation. --- Fixed Bugs and Malfunctions --- OTP-18094 Application(s): ssh Binaries can be limited in logs with the parameter max_log_item_len. The default value is 500 bytes. Full runtime dependencies of ssh-4.13.2.1: crypto-5.0, erts-9.0, kernel-5.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15 --------------------------------------------------------------------- --- ssl-10.7.3.1 ---------------------------------------------------- --------------------------------------------------------------------- Note! The ssl-10.7.3.1 application *cannot* be applied independently of other applications on an arbitrary OTP 24 installation. On a full OTP 24 installation, also the following runtime dependency has to be satisfied: -- public_key-1.11.3 (first satisfied in OTP 24.1.2) --- Fixed Bugs and Malfunctions --- OTP-18087 Application(s): ssl Related Id(s): GH-5961 When a TLS-1.3 enabled client tried to talk to a TLS-1.2 server that coalesces TLS-1.2 handshake message over one TLS record, the connection could fail due to some message being handled in the wrong state, this has been fixed. OTP-18092 Application(s): ssl Related Id(s): PR-5959 Fixed tls-1.3 session ticket lifetime which was discarded to quickly before. OTP-18100 Application(s): ssl Related Id(s): GH-5985 Correctly handles supported protocol version change from default to something else by sni_fun supplied to ssl:handshake/[2,3] together with a TCP-socket (so called upgrade). OTP-18129 Application(s): ssl Related Id(s): GH-5950 Also, TLS-1.3 should respond with a protocol version alert if previous versions, that are supported but not configured, are attempted. --- Improvements and New Features --- OTP-18085 Application(s): ssl Enhance handling of handshake decoding errors, especially for certificate authorities extension to ensure graceful termination. Full runtime dependencies of ssl-10.7.3.1: crypto-5.0, erts-10.0, inets-5.10.7, kernel-8.0, public_key-1.11.3, runtime_tools-1.15.1, stdlib-3.12 --------------------------------------------------------------------- --------------------------------------------------------------------- ---------------------------------------------------------------------