Patch Package OTP Released

Mon Feb 3 15:18:48 CET 2020

Patch Package:           OTP
Git Tag:                 OTP-
Date:                    2020-02-03
Trouble Report Id:       OTP-16436, OTP-16438, OTP-16441
Seq num:                 ERL-1152
System:                  OTP
Release:                 21
Application:             erts-, stdlib-
Predecessor:             OTP

 Check out the git tag OTP-, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 --- erts- ---------------------------------------------------

 Note! The erts- application *cannot* be applied independently
       of other applications on an arbitrary OTP 21 installation.

       On a full OTP 21 installation, also the following runtime
       dependencies have to be satisfied:
       -- kernel-6.1 (first satisfied in OTP 21.1)
       -- sasl-3.3 (first satisfied in OTP 21.2)

 --- Fixed Bugs and Malfunctions ---

  OTP-16436    Application(s): erts
               Related Id(s): ERL-1152

               A process could end up in a state where it got
               endlessly rescheduled without making any progress. This
               occurred when a system task, such as check of process
               code (part of a code purge), was scheduled on a high
               priority process trying to execute on a dirty

  OTP-16438    Application(s): erts

               Fixed bug in erlang:list_to_ref/1 when called with a
               reference created by a remote note. Function
               list_to_ref/1 is intended for debugging and not to be
               used in application programs. Bug exist since OTP 20.0.

 Full runtime dependencies of erts- kernel-6.1, sasl-3.3,

 --- stdlib- --------------------------------------------------

 The stdlib- application can be applied independently of other
 applications on a full OTP 21 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-16441    Application(s): stdlib

               A directory traversal vulnerability has been eliminated
               in erl_tar. erl_tar will now refuse to extract symlinks
               that points outside the targeted extraction directory
               and will return {error,{Path,unsafe_symlink}}. (Thanks
               to Eric Meadows-Jönsson for the bug report and for
               suggesting a fix.)

 Full runtime dependencies of stdlib- compiler-5.0,
 crypto-3.3, erts-10.0, kernel-6.0, sasl-3.0


More information about the erlang-questions mailing list