Patch Package OTP 24.3.4.1 Released
Erlang/OTP
otp@REDACTED
Wed Jun 8 10:37:49 CEST 2022
Patch Package: OTP 24.3.4.1
Git Tag: OTP-24.3.4.1
Date: 2022-06-08
Trouble Report Id: OTP-17858, OTP-18085, OTP-18087, OTP-18092,
OTP-18093, OTP-18094, OTP-18100, OTP-18123,
OTP-18128, OTP-18129
Seq num: ERIERL-728, GH-5950, GH-5961, GH-5985,
GH-5994
System: OTP
Release: 24
Application: crypto-5.0.6.1, erts-12.3.2.1,
mnesia-4.20.4.1, ssh-4.13.2.1, ssl-10.7.3.1
Predecessor: OTP 24.3.4
Check out the git tag OTP-24.3.4.1, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- crypto-5.0.6.1 --------------------------------------------------
---------------------------------------------------------------------
The crypto-5.0.6.1 application can be applied independently of other
applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17858 Application(s): crypto
Related Id(s): ERIERL-728
Fix timing bug in ensure_engine_loaded
When two ensure_engine_loaded() calls were done in
parallel there was a possibility that a crypto lib
function was called by both instead of just one of them
which resulted in an error. This is solved by moving
the implementation from erlang down into a NIF function
that uses a mutex to protect the sensitive part.
Full runtime dependencies of crypto-5.0.6.1: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- erts-12.3.2.1 ---------------------------------------------------
---------------------------------------------------------------------
Note! The erts-12.3.2.1 application *cannot* be applied independently
of other applications on an arbitrary OTP 24 installation.
On a full OTP 24 installation, also the following runtime
dependency has to be satisfied:
-- kernel-8.3 (first satisfied in OTP 24.3)
--- Fixed Bugs and Malfunctions ---
OTP-18093 Application(s): erts
Related Id(s): OTP-18104, PR-5987
Accept funs (NEW_FUN_EXT) with incorrectly encoded size
field. This is a workaround for a bug (OTP-18104)
existing in OTP 23 and 24 that could cause incorrect
size fields in certain cases. The emulator does not use
the decoded size field, but erl_interface still does
and is not helped by this workaround.
OTP-18123 Application(s): erts
Related Id(s): GH-5994
The zlib built in to the runtime system has been
updated to version 1.2.12. (Note that on most
platforms, the platform's own zlib is used.)
Full runtime dependencies of erts-12.3.2.1: kernel-8.3, sasl-3.3,
stdlib-3.13
---------------------------------------------------------------------
--- mnesia-4.20.4.1 -------------------------------------------------
---------------------------------------------------------------------
The mnesia-4.20.4.1 application can be applied independently of other
applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18128 Application(s): mnesia
Related Id(s): PR-6013
Fixed add_table_copy which could leave a table lock if
the receiving node went down during the operation.
Full runtime dependencies of mnesia-4.20.4.1: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- ssh-4.13.2.1 ----------------------------------------------------
---------------------------------------------------------------------
The ssh-4.13.2.1 application can be applied independently of other
applications on a full OTP 24 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18094 Application(s): ssh
Binaries can be limited in logs with the parameter
max_log_item_len. The default value is 500 bytes.
Full runtime dependencies of ssh-4.13.2.1: crypto-5.0, erts-9.0,
kernel-5.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15
---------------------------------------------------------------------
--- ssl-10.7.3.1 ----------------------------------------------------
---------------------------------------------------------------------
Note! The ssl-10.7.3.1 application *cannot* be applied independently
of other applications on an arbitrary OTP 24 installation.
On a full OTP 24 installation, also the following runtime
dependency has to be satisfied:
-- public_key-1.11.3 (first satisfied in OTP 24.1.2)
--- Fixed Bugs and Malfunctions ---
OTP-18087 Application(s): ssl
Related Id(s): GH-5961
When a TLS-1.3 enabled client tried to talk to a
TLS-1.2 server that coalesces TLS-1.2 handshake message
over one TLS record, the connection could fail due to
some message being handled in the wrong state, this has
been fixed.
OTP-18092 Application(s): ssl
Related Id(s): PR-5959
Fixed tls-1.3 session ticket lifetime which was
discarded to quickly before.
OTP-18100 Application(s): ssl
Related Id(s): GH-5985
Correctly handles supported protocol version change
from default to something else by sni_fun supplied to
ssl:handshake/[2,3] together with a TCP-socket (so
called upgrade).
OTP-18129 Application(s): ssl
Related Id(s): GH-5950
Also, TLS-1.3 should respond with a protocol version
alert if previous versions, that are supported but not
configured, are attempted.
--- Improvements and New Features ---
OTP-18085 Application(s): ssl
Enhance handling of handshake decoding errors,
especially for certificate authorities extension to
ensure graceful termination.
Full runtime dependencies of ssl-10.7.3.1: crypto-5.0, erts-10.0,
inets-5.10.7, kernel-8.0, public_key-1.11.3, runtime_tools-1.15.1,
stdlib-3.12
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
More information about the erlang-announce
mailing list