Patch Package OTP 22.3.1 Released
Erlang/OTP
otp@REDACTED
Mon Apr 6 15:14:54 CEST 2020
Patch Package: OTP 22.3.1
Git Tag: OTP-22.3.1
Date: 2020-04-06
Trouble Report Id: OTP-16553, OTP-16555, OTP-16556, OTP-16567,
OTP-16572, OTP-16574, OTP-16578, OTP-16580
Seq num: ERIERL-481, ERIERL-482, ERL-1188, ERL-1199,
ERL-1205, ERL-1212
System: OTP
Release: 22
Application: compiler-7.5.4, erts-10.7.1, inets-7.1.3,
ssl-9.6.1, stdlib-3.12.1, xmerl-1.3.24
Predecessor: OTP 22.3
Check out the git tag OTP-22.3.1, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-16556 Application(s): inets
Remove use of http_uri and mod_esi eval API.
This is a backport from OTP 23 that improves the check
of URIs to ensure that invalid URIs does not cause
vulnerabilities. This will render the deprecated
mod_esi eval API unusable as it used URI that does not
conform to valid URI syntax.
---------------------------------------------------------------------
--- OTP-22.3.1 ------------------------------------------------------
---------------------------------------------------------------------
--- Fixed Bugs and Malfunctions ---
OTP-16574 Application(s): otp
Related Id(s): ERL-1205
OTP would not build with Xcode 11.4 on macOS Catalina
(10.15).
---------------------------------------------------------------------
--- compiler-7.5.4 --------------------------------------------------
---------------------------------------------------------------------
The compiler-7.5.4 application can be applied independently of other
applications on a full OTP 22 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16580 Application(s): compiler
Related Id(s): ERL-1212
Fixed a bug in the validator that could cause it to
reject valid code.
Full runtime dependencies of compiler-7.5.4: crypto-3.6, erts-9.0,
hipe-3.12, kernel-4.0, stdlib-2.5
---------------------------------------------------------------------
--- erts-10.7.1 -----------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.7.1 application *cannot* be applied independently
of other applications on an arbitrary OTP 22 installation.
On a full OTP 22 installation, also the following runtime
dependency has to be satisfied:
-- kernel-6.5.1 (first satisfied in OTP 22.2)
--- Fixed Bugs and Malfunctions ---
OTP-16553 Application(s): erts, stdlib
re:run(Subject, RE, [unicode]) returned nomatch instead
of failing with a badarg error exception when Subject
contained illegal utf8 and RE was passed as a binary.
This has been corrected along with corrections of
reduction counting in re:run() error cases.
OTP-16555 Application(s): erts
Related Id(s): ERL-1188
Fixed a bug that could cause the emulator to crash when
purging modules or persistent terms.
OTP-16572 Application(s): erts
Related Id(s): ERL-1199, OTP-16269
Fixed a bug in a receive optimization. This could cause
a receive not to match even though a matching message
was present in the message queue. This bug was
introduced in ERTS version 10.6 (OTP 22.2).
Full runtime dependencies of erts-10.7.1: kernel-6.5.1, sasl-3.3,
stdlib-3.5
---------------------------------------------------------------------
--- inets-7.1.3 -----------------------------------------------------
---------------------------------------------------------------------
The inets-7.1.3 application can be applied independently of other
applications on a full OTP 22 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16556 Application(s): inets
*** POTENTIAL INCOMPATIBILITY ***
Remove use of http_uri and mod_esi eval API.
This is a backport from OTP 23 that improves the check
of URIs to ensure that invalid URIs does not cause
vulnerabilities. This will render the deprecated
mod_esi eval API unusable as it used URI that does not
conform to valid URI syntax.
Full runtime dependencies of inets-7.1.3: erts-6.0, kernel-3.0,
mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5
---------------------------------------------------------------------
--- ssl-9.6.1 -------------------------------------------------------
---------------------------------------------------------------------
Note! The ssl-9.6.1 application *cannot* be applied independently of
other applications on an arbitrary OTP 22 installation.
On a full OTP 22 installation, also the following runtime
dependency has to be satisfied:
-- public_key-1.7.2 (first satisfied in OTP 22.3)
--- Fixed Bugs and Malfunctions ---
OTP-16567 Application(s): ssl
Related Id(s): ERIERL-481
Correct error handling when the partial_chain fun
claims a certificate to be the trusted cert that is not
part of the chain. This bug would hide the appropriate
alert generating an "INTERNAL_ERROR" alert instead.
Full runtime dependencies of ssl-9.6.1: crypto-4.2, erts-10.0,
inets-5.10.7, kernel-6.0, public_key-1.7.2, stdlib-3.5
---------------------------------------------------------------------
--- stdlib-3.12.1 ---------------------------------------------------
---------------------------------------------------------------------
Note! The stdlib-3.12.1 application *cannot* be applied independently
of other applications on an arbitrary OTP 22 installation.
On a full OTP 22 installation, also the following runtime
dependency has to be satisfied:
-- erts-10.7.1 (first satisfied in OTP 22.3.1)
--- Fixed Bugs and Malfunctions ---
OTP-16553 Application(s): erts, stdlib
re:run(Subject, RE, [unicode]) returned nomatch instead
of failing with a badarg error exception when Subject
contained illegal utf8 and RE was passed as a binary.
This has been corrected along with corrections of
reduction counting in re:run() error cases.
Full runtime dependencies of stdlib-3.12.1: compiler-5.0, crypto-3.3,
erts-10.7.1, kernel-6.0, sasl-3.0
---------------------------------------------------------------------
--- xmerl-1.3.24 ----------------------------------------------------
---------------------------------------------------------------------
The xmerl-1.3.24 application can be applied independently of other
applications on a full OTP 22 installation.
--- Fixed Bugs and Malfunctions ---
OTP-16578 Application(s): xmerl
Related Id(s): ERIERL-482
Fix a performance problem when using internal general
references in XML content.
Full runtime dependencies of xmerl-1.3.24: erts-6.0, kernel-3.0,
stdlib-2.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
More information about the erlang-announce
mailing list