Patch Package: OTP 26.0.1 Git Tag: OTP-26.0.1 Date: 2023-06-08 Trouble Report Id: OTP-18576, OTP-18578, OTP-18581, OTP-18583, OTP-18584, OTP-18585, OTP-18587, OTP-18588, OTP-18593, OTP-18595, OTP-18596, OTP-18597, OTP-18600, OTP-18601, OTP-18602, OTP-18603, OTP-18604, OTP-18617, OTP-18619, OTP-18621, OTP-18632 Seq num: ERIERL-944, GH-7213, GH-7247, GH-7248, GH-7251, GH-7252, GH-7259, GH-7264, GH-7282, GH-7288, GH-7297, GH-7301, GH-7303, GH-7338, GH-7339 System: OTP Release: 26 Application: compiler-8.3.1, erts-14.0.1, inets-9.0.1, kernel-9.0.1, ssl-11.0.1, stdlib-5.0.1, xmerl-1.3.32 Predecessor: OTP 26.0 Check out the git tag OTP-26.0.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. --------------------------------------------------------------------- --- compiler-8.3.1 -------------------------------------------------- --------------------------------------------------------------------- The compiler-8.3.1 application can be applied independently of other applications on a full OTP 26 installation. --- Fixed Bugs and Malfunctions --- OTP-18576 Application(s): compiler Fixed a bug where a failing bsl expression in a guard threw an exception instead of causing the guard to fail. OTP-18581 Application(s): compiler Related Id(s): GH-7251 Fixed a bug that would case the validator to reject legal code. OTP-18583 Application(s): compiler Related Id(s): GH-7259 The compiler could re-order clauses matching binaries so that the incorrect clause would match. That could only happen for code that used the option {error_location,line} or for code without line or column number information (e.g. generated by a parse transform). OTP-18593 Application(s): compiler Related Id(s): GH-7252 Complex guard expression using the or operator and guard BIFs that can fail could sometimes be miscompiled so that the guard would succeed even if a call to a guard BIF failed. OTP-18600 Application(s): compiler Related Id(s): GH-7248 With optimizations disabled, a try/catch construct could return an incorrect value. OTP-18601 Application(s): compiler In rare circumstance, a combination of binary construction and binary_part/3 would cause the compiler to generate unsafe code that would crash the runtime system. OTP-18617 Application(s): compiler Related Id(s): GH-7338 The compiler could be very slow when compiling guards with multiple guard tests separated with 'or' or ';'. OTP-18619 Application(s): compiler Related Id(s): GH-7339 Complex guard expressions using 'or' and map updates could succeed even if the map update failed. Full runtime dependencies of compiler-8.3.1: crypto-5.1, erts-13.0, kernel-8.4, stdlib-5.0 --------------------------------------------------------------------- --- erts-14.0.1 ----------------------------------------------------- --------------------------------------------------------------------- The erts-14.0.1 application can be applied independently of other applications on a full OTP 26 installation. --- Fixed Bugs and Malfunctions --- OTP-18585 Application(s): erts Related Id(s): OTP-18029 Build of the socket nif failed on Solaris 11. OTP-18587 Application(s): erts Fixed two reduction-counting bugs relating to binaries. OTP-18597 Application(s): erts Constructing a binary segment not aligned with a byte boundary, with a size not fitting in 31 bits, and with a value not fitting in a 64-bit word could crash the runtime system. OTP-18602 Application(s): erts Related Id(s): GH-7282 When a binary construction failed because of bad size for a segment, the error information was not always correct. OTP-18621 Application(s): erts Related Id(s): GH-7288 Fixed a crash when calling a fun that was defined in a module that had been upgraded. Full runtime dependencies of erts-14.0.1: kernel-9.0, sasl-3.3, stdlib-4.1 --------------------------------------------------------------------- --- inets-9.0.1 ----------------------------------------------------- --------------------------------------------------------------------- The inets-9.0.1 application can be applied independently of other applications on a full OTP 26 installation. --- Fixed Bugs and Malfunctions --- OTP-18604 Application(s): inets Related Id(s): GH-7303, PR-7306 Do not make the default ssl options by calling httpc:ssl_verify_host_options(true) if ssl options are supplied by the user. Full runtime dependencies of inets-9.0.1: erts-14.0, kernel-9.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, stdlib-5.0, stdlib-5.0 --------------------------------------------------------------------- --- kernel-9.0.1 ---------------------------------------------------- --------------------------------------------------------------------- The kernel-9.0.1 application can be applied independently of other applications on a full OTP 26 installation. --- Fixed Bugs and Malfunctions --- OTP-18578 Application(s): kernel, stdlib Related Id(s): GH-7213 The POSIX error exdev was sometimes incorrectly described as "cross domain link" in some error messages. OTP-18584 Application(s): kernel Related Id(s): #7238 Corrected the socket send function description (send with Timeout = nowait). The send function(s) could not return {ok, {RestData, SelectInfo}} Full runtime dependencies of kernel-9.0.1: crypto-5.0, erts-14.0, sasl-3.0, stdlib-5.0 --------------------------------------------------------------------- --- ssl-11.0.1 ------------------------------------------------------ --------------------------------------------------------------------- The ssl-11.0.1 application can be applied independently of other applications on a full OTP 26 installation. --- Fixed Bugs and Malfunctions --- OTP-18588 Application(s): ssl Related Id(s): GH-7264, PR-7277 Make sure that selection of client certificates handle both TLS-1.3 and TLS-1.2 names correctly. Could cause valid client certificate to not be selected, and an empty client certificate message to be sent to server. OTP-18596 Application(s): ssl Related Id(s): GH-7247 Improved ssl:format_error/1 to handle more error tuples. OTP-18603 Application(s): ssl Related Id(s): GH-7297 Fixed hanging ssl:connect when ssl application is not started. OTP-18632 Application(s): ssl Related Id(s): GH-7301, PR-7300 Correct handling of retransmission timers, current behavior could cause unwanted delays. Full runtime dependencies of ssl-11.0.1: crypto-5.0, erts-14.0, inets-5.10.7, kernel-9.0, public_key-1.11.3, runtime_tools-1.15.1, stdlib-4.1 --------------------------------------------------------------------- --- stdlib-5.0.1 ---------------------------------------------------- --------------------------------------------------------------------- The stdlib-5.0.1 application can be applied independently of other applications on a full OTP 26 installation. --- Fixed Bugs and Malfunctions --- OTP-18578 Application(s): kernel, stdlib Related Id(s): GH-7213 The POSIX error exdev was sometimes incorrectly described as "cross domain link" in some error messages. Full runtime dependencies of stdlib-5.0.1: compiler-5.0, crypto-4.5, erts-13.1, kernel-9.0, sasl-3.0 --------------------------------------------------------------------- --- xmerl-1.3.32 ---------------------------------------------------- --------------------------------------------------------------------- The xmerl-1.3.32 application can be applied independently of other applications on a full OTP 26 installation. --- Fixed Bugs and Malfunctions --- OTP-18595 Application(s): xmerl Related Id(s): ERIERL-944 New options to xmerl_scan and xmerl_sax_parser so one can limit the behaviour of the parsers to avoid some XML security issues. xmerl_scan gets one new option: -- {allow_entities, Boolean} -- Gives the possibility to disallow entities by setting this option to false (true is default) xmerl_sax_parser gets the following options: -- disallow_entities -- Don't allow entities in document -- {entity_recurse_limit, N} -- Set a limit on entity recursion depth (default is 3) -- {external_entities, AllowedType} -- Specify which types of external entities that are allowed, this also affect external DTD's. The types are all(default), file and none -- {fail_undeclared_ref, Boolean} -- Sets the behavior for undeclared references due to an external file is not parsed (true is default) The old option skip_external_dtd is still valid and the same as {external_entities, none} and {fail_undeclared_ref, false} but just affects DTD's and not other external references. Full runtime dependencies of xmerl-1.3.32: erts-6.0, kernel-3.0, stdlib-2.5 --------------------------------------------------------------------- --------------------------------------------------------------------- ---------------------------------------------------------------------