Patch Package: OTP 22.3.1 Git Tag: OTP-22.3.1 Date: 2020-04-06 Trouble Report Id: OTP-16553, OTP-16555, OTP-16556, OTP-16567, OTP-16572, OTP-16574, OTP-16578, OTP-16580 Seq num: ERIERL-481, ERIERL-482, ERL-1188, ERL-1199, ERL-1205, ERL-1212 System: OTP Release: 22 Application: compiler-7.5.4, erts-10.7.1, inets-7.1.3, ssl-9.6.1, stdlib-3.12.1, xmerl-1.3.24 Predecessor: OTP 22.3 Check out the git tag OTP-22.3.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. --------------------------------------------------------------------- --- POTENTIAL INCOMPATIBILITIES ------------------------------------- --------------------------------------------------------------------- OTP-16556 Application(s): inets Remove use of http_uri and mod_esi eval API. This is a backport from OTP 23 that improves the check of URIs to ensure that invalid URIs does not cause vulnerabilities. This will render the deprecated mod_esi eval API unusable as it used URI that does not conform to valid URI syntax. --------------------------------------------------------------------- --- OTP-22.3.1 ------------------------------------------------------ --------------------------------------------------------------------- --- Fixed Bugs and Malfunctions --- OTP-16574 Application(s): otp Related Id(s): ERL-1205 OTP would not build with Xcode 11.4 on macOS Catalina (10.15). --------------------------------------------------------------------- --- compiler-7.5.4 -------------------------------------------------- --------------------------------------------------------------------- The compiler-7.5.4 application can be applied independently of other applications on a full OTP 22 installation. --- Fixed Bugs and Malfunctions --- OTP-16580 Application(s): compiler Related Id(s): ERL-1212 Fixed a bug in the validator that could cause it to reject valid code. Full runtime dependencies of compiler-7.5.4: crypto-3.6, erts-9.0, hipe-3.12, kernel-4.0, stdlib-2.5 --------------------------------------------------------------------- --- erts-10.7.1 ----------------------------------------------------- --------------------------------------------------------------------- Note! The erts-10.7.1 application *cannot* be applied independently of other applications on an arbitrary OTP 22 installation. On a full OTP 22 installation, also the following runtime dependency has to be satisfied: -- kernel-6.5.1 (first satisfied in OTP 22.2) --- Fixed Bugs and Malfunctions --- OTP-16553 Application(s): erts, stdlib re:run(Subject, RE, [unicode]) returned nomatch instead of failing with a badarg error exception when Subject contained illegal utf8 and RE was passed as a binary. This has been corrected along with corrections of reduction counting in re:run() error cases. OTP-16555 Application(s): erts Related Id(s): ERL-1188 Fixed a bug that could cause the emulator to crash when purging modules or persistent terms. OTP-16572 Application(s): erts Related Id(s): ERL-1199, OTP-16269 Fixed a bug in a receive optimization. This could cause a receive not to match even though a matching message was present in the message queue. This bug was introduced in ERTS version 10.6 (OTP 22.2). Full runtime dependencies of erts-10.7.1: kernel-6.5.1, sasl-3.3, stdlib-3.5 --------------------------------------------------------------------- --- inets-7.1.3 ----------------------------------------------------- --------------------------------------------------------------------- The inets-7.1.3 application can be applied independently of other applications on a full OTP 22 installation. --- Fixed Bugs and Malfunctions --- OTP-16556 Application(s): inets *** POTENTIAL INCOMPATIBILITY *** Remove use of http_uri and mod_esi eval API. This is a backport from OTP 23 that improves the check of URIs to ensure that invalid URIs does not cause vulnerabilities. This will render the deprecated mod_esi eval API unusable as it used URI that does not conform to valid URI syntax. Full runtime dependencies of inets-7.1.3: erts-6.0, kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5 --------------------------------------------------------------------- --- ssl-9.6.1 ------------------------------------------------------- --------------------------------------------------------------------- Note! The ssl-9.6.1 application *cannot* be applied independently of other applications on an arbitrary OTP 22 installation. On a full OTP 22 installation, also the following runtime dependency has to be satisfied: -- public_key-1.7.2 (first satisfied in OTP 22.3) --- Fixed Bugs and Malfunctions --- OTP-16567 Application(s): ssl Related Id(s): ERIERL-481 Correct error handling when the partial_chain fun claims a certificate to be the trusted cert that is not part of the chain. This bug would hide the appropriate alert generating an "INTERNAL_ERROR" alert instead. Full runtime dependencies of ssl-9.6.1: crypto-4.2, erts-10.0, inets-5.10.7, kernel-6.0, public_key-1.7.2, stdlib-3.5 --------------------------------------------------------------------- --- stdlib-3.12.1 --------------------------------------------------- --------------------------------------------------------------------- Note! The stdlib-3.12.1 application *cannot* be applied independently of other applications on an arbitrary OTP 22 installation. On a full OTP 22 installation, also the following runtime dependency has to be satisfied: -- erts-10.7.1 (first satisfied in OTP 22.3.1) --- Fixed Bugs and Malfunctions --- OTP-16553 Application(s): erts, stdlib re:run(Subject, RE, [unicode]) returned nomatch instead of failing with a badarg error exception when Subject contained illegal utf8 and RE was passed as a binary. This has been corrected along with corrections of reduction counting in re:run() error cases. Full runtime dependencies of stdlib-3.12.1: compiler-5.0, crypto-3.3, erts-10.7.1, kernel-6.0, sasl-3.0 --------------------------------------------------------------------- --- xmerl-1.3.24 ---------------------------------------------------- --------------------------------------------------------------------- The xmerl-1.3.24 application can be applied independently of other applications on a full OTP 22 installation. --- Fixed Bugs and Malfunctions --- OTP-16578 Application(s): xmerl Related Id(s): ERIERL-482 Fix a performance problem when using internal general references in XML content. Full runtime dependencies of xmerl-1.3.24: erts-6.0, kernel-3.0, stdlib-2.5 --------------------------------------------------------------------- --------------------------------------------------------------------- ---------------------------------------------------------------------