Patch Package OTP 25.3.2.8 Released

Erlang/OTP otp@REDACTED
Mon Dec 18 16:33:00 CET 2023


Patch Package:           OTP 25.3.2.8
Git Tag:                 OTP-25.3.2.8
Date:                    2023-12-18
Trouble Report Id:       OTP-18739, OTP-18768, OTP-18802, OTP-18830,
                         OTP-18838, OTP-18839, OTP-18841, OTP-18842,
                         OTP-18844, OTP-18850, OTP-18869, OTP-18877,
                         OTP-18885, OTP-18886, OTP-18896, OTP-18897,
                         OTP-18899, OTP-18902
Seq num:                 GH-7571, GH-7801, GH-7834, GH-7890
System:                  OTP
Release:                 25
Application:             asn1-5.0.21.1, erl_interface-5.3.2.1,
                         erts-13.2.2.5, mnesia-4.21.4.2,
                         public_key-1.13.3.2, ssh-4.15.3.1,
                         ssl-10.9.1.3, wx-2.2.2.1
Predecessor:             OTP 25.3.2.7

 Check out the git tag OTP-25.3.2.8, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- POTENTIAL INCOMPATIBILITIES -------------------------------------
 ---------------------------------------------------------------------

  OTP-18897    Application(s): ssh

               With this change (being response to CVE-2023-48795),
               ssh can negotiate "strict KEX" OpenSSH extension with
               peers supporting it; also
               'chacha20-poly1305@REDACTED' algorithm becomes a
               less preferred cipher.

               If strict KEX availability cannot be ensured on both
               connection sides, affected encryption modes(CHACHA and
               CBC) can be disabled with standard ssh configuration.
               This will provide protection against vulnerability, but
               at a cost of affecting interoperability. See
               Configuring algorithms in SSH.


 ---------------------------------------------------------------------
 --- OTP-25.3.2.8 ----------------------------------------------------
 ---------------------------------------------------------------------

 --- Improvements and New Features ---

  OTP-18896    Application(s): otp

               Updated copyright and license information.


 ---------------------------------------------------------------------
 --- asn1-5.0.21.1 ---------------------------------------------------
 ---------------------------------------------------------------------

 The asn1-5.0.21.1 application can be applied independently of other
 applications on a full OTP 25 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-18844    Application(s): asn1

               Fix benign warning from gcc 11 about mismatching call
               to free().


 Full runtime dependencies of asn1-5.0.21.1: erts-11.0, kernel-7.0,
 stdlib-3.13


 ---------------------------------------------------------------------
 --- erl_interface-5.3.2.1 -------------------------------------------
 ---------------------------------------------------------------------

 The erl_interface-5.3.2.1 application can be applied independently of
 other applications on a full OTP 25 installation.

 --- Improvements and New Features ---

  OTP-18877    Application(s): erl_interface, erts

               Replaced old md5 implementation with an implementation
               from OpenSSL.


 ---------------------------------------------------------------------
 --- erts-13.2.2.5 ---------------------------------------------------
 ---------------------------------------------------------------------

 Note! The erts-13.2.2.5 application *cannot* be applied independently
       of other applications on an arbitrary OTP 25 installation.

       On a full OTP 25 installation, also the following runtime
       dependencies have to be satisfied:
       -- kernel-8.5 (first satisfied in OTP 25.1)
       -- stdlib-4.1 (first satisfied in OTP 25.1)


 --- Fixed Bugs and Malfunctions ---

  OTP-18802    Application(s): erts

               Fix faulty debug assert when page size is larger than
               16kb, like on PowerPC. Did crash debug VM directly at
               start.


  OTP-18838    Application(s): erts
               Related Id(s): GH-7801, PR-7822

               A process with message_queue_data configured as
               off_heap could end up in an inconsistent state when
               being receive traced, inspected using process_info/2
               with the message_queue_len item, or inspected using the
               break menu (CTRL-C). When it ended up in this
               inconsistent state, it was not enqueued into a run
               queue even though it was set in a runnable state.This
               also effected signals being sent to the process after
               it had gotten into this inconsistent state, in such a
               way that it was from this point not possible to
               communicate with it.


  OTP-18839    Application(s): erts
               Related Id(s): GH-7801, PR-7822

               A race occurring when a process was selected for dirty
               execution simultaneously as it was scheduled for
               handling a signal could cause the process to end up in
               an inconsistent state. When it ended up in this
               inconsistent state, it was not enqueued into a run
               queue even though it was set in a runnable state. This
               also effected signals being sent to the process after
               it had gotten into this inconsistent state, in such a
               way that it was from this point not possible to
               communicate with it.


  OTP-18841    Application(s): erts
               Related Id(s): GH-7801, OTP-18737, PR-7822

               When a process had to to wait in the run queue for a
               long time before being selected for dirty execution, it
               could not receive signals. This caused inspection of
               such a process, for example using process_info/2, to
               take a long time.

               This issue was introduced in OTP 25.3.2.6 and 26.1 when
               fixing an issue where a constant flow of signals
               prevented a process from being able to execute dirty.


  OTP-18842    Application(s): erts

               Fixed a bug in the JIT that miscompiled large
               select_val instructions.


  OTP-18885    Application(s): erts
               Related Id(s): GH-7834, GH-7890, PR-7915

               On OTP 24 and OTP 25, incoming distributed messages
               larger than 64 KiB sent using an alias leaked memory if
               the alias had been removed prior to entering the node.
               This issue was not present on OTP 26.

               Incoming distributed messages larger than 64 KiB sent
               using an alias which had been removed on the receiving
               node could crash the node. This crash was quite
               unlikely on OTP 24 and OTP 25, but very likely on OTP
               26.

               'DOWN' signals with exit reason larger than 64 KiB
               directed towards a process on a node with a not
               matching creation leaked memory on the receiving node.
               Such signals should however be very rare.


  OTP-18902    Application(s): erts

               Removed unnecessary PCRE source tar-ball.


 --- Improvements and New Features ---

  OTP-18830    Application(s): erts
               Related Id(s): PR-7823

               Removed unnecessary regexp library used when generating
               yielding BIFs.


  OTP-18877    Application(s): erl_interface, erts

               Replaced old md5 implementation with an implementation
               from OpenSSL.


  OTP-18899    Application(s): erts

               Removed unused makewhatis script.


 Full runtime dependencies of erts-13.2.2.5: kernel-8.5, sasl-3.3,
 stdlib-4.1


 ---------------------------------------------------------------------
 --- mnesia-4.21.4.2 -------------------------------------------------
 ---------------------------------------------------------------------

 The mnesia-4.21.4.2 application can be applied independently of other
 applications on a full OTP 25 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-18850    Application(s): mnesia

               mnesia:add_table_copy/3 no longer fails with reason
               system_limit when the node is starting.


 Full runtime dependencies of mnesia-4.21.4.2: erts-9.0, kernel-5.3,
 stdlib-3.4


 ---------------------------------------------------------------------
 --- public_key-1.13.3.2 ---------------------------------------------
 ---------------------------------------------------------------------

 The public_key-1.13.3.2 application can be applied independently of
 other applications on a full OTP 25 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-18739    Application(s): public_key, ssl

               ssl application will validate id-kp-serverAuth and
               id-kp-clientAuth extended key usage only in end entity
               certificates. public_key application will disallow
               "anyExtendedKeyUsage" for CA certificates that includes
               the extended key usage extension and marks it critical.


 Full runtime dependencies of public_key-1.13.3.2: asn1-3.0,
 crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5


 ---------------------------------------------------------------------
 --- ssh-4.15.3.1 ----------------------------------------------------
 ---------------------------------------------------------------------

 The ssh-4.15.3.1 application can be applied independently of other
 applications on a full OTP 25 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-18869    Application(s): ssh
               Related Id(s): GH-7571, PR-7849

               With this change, connection handler does not execute
               socket operations until it becomes socket owner.
               Previously errors could occur if connection handler
               tried to work with socket whose owner exited.


  OTP-18897    Application(s): ssh

               *** POTENTIAL INCOMPATIBILITY ***

               With this change (being response to CVE-2023-48795),
               ssh can negotiate "strict KEX" OpenSSH extension with
               peers supporting it; also
               'chacha20-poly1305@REDACTED' algorithm becomes a
               less preferred cipher.

               If strict KEX availability cannot be ensured on both
               connection sides, affected encryption modes(CHACHA and
               CBC) can be disabled with standard ssh configuration.
               This will provide protection against vulnerability, but
               at a cost of affecting interoperability. See
               Configuring algorithms in SSH.


 Full runtime dependencies of ssh-4.15.3.1: crypto-5.0, erts-11.0,
 kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15


 ---------------------------------------------------------------------
 --- ssl-10.9.1.3 ----------------------------------------------------
 ---------------------------------------------------------------------

 Note! The ssl-10.9.1.3 application *cannot* be applied independently
       of other applications on an arbitrary OTP 25 installation.

       On a full OTP 25 installation, also the following runtime
       dependency has to be satisfied:
       -- stdlib-4.1 (first satisfied in OTP 25.1)


 --- Fixed Bugs and Malfunctions ---

  OTP-18739    Application(s): public_key, ssl

               ssl application will validate id-kp-serverAuth and
               id-kp-clientAuth extended key usage only in end entity
               certificates. public_key application will disallow
               "anyExtendedKeyUsage" for CA certificates that includes
               the extended key usage extension and marks it critical.


  OTP-18886    Application(s): ssl

               Add missing export for connection_info() API type.


 Full runtime dependencies of ssl-10.9.1.3: crypto-5.0, erts-10.0,
 inets-5.10.7, kernel-8.4, public_key-1.11.3, runtime_tools-1.15.1,
 stdlib-4.1


 ---------------------------------------------------------------------
 --- wx-2.2.2.1 ------------------------------------------------------
 ---------------------------------------------------------------------

 The wx-2.2.2.1 application can be applied independently of other
 applications on a full OTP 25 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-18768    Application(s): wx
               Related Id(s): PR-7670

               The wx application would fail to build on macOS with
               Xcode 15.


 Full runtime dependencies of wx-2.2.2.1: erts-12.0, kernel-8.0,
 stdlib-3.15


 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------



More information about the erlang-announce mailing list