Patch Package OTP 22.2.5 Released

Erlang/OTP otp@REDACTED
Mon Feb 3 13:25:36 CET 2020


Patch Package:           OTP 22.2.5
Git Tag:                 OTP-22.2.5
Date:                    2020-02-03
Trouble Report Id:       OTP-16358, OTP-16436, OTP-16441
Seq num:                 ERL-1152
System:                  OTP
Release:                 22
Application:             erts-10.6.3, stdlib-3.11.2
Predecessor:             OTP 22.2.4

 Check out the git tag OTP-22.2.5, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- erts-10.6.3 -----------------------------------------------------
 ---------------------------------------------------------------------

 Note! The erts-10.6.3 application *cannot* be applied independently
       of other applications on an arbitrary OTP 22 installation.

       On a full OTP 22 installation, also the following runtime
       dependency has to be satisfied:
       -- kernel-6.5.1 (first satisfied in OTP 22.2)


 --- Fixed Bugs and Malfunctions ---

  OTP-16436    Application(s): erts
               Related Id(s): ERL-1152

               A process could end up in a state where it got
               endlessly rescheduled without making any progress. This
               occurred when a system task, such as check of process
               code (part of a code purge), was scheduled on a high
               priority process trying to execute on a dirty
               scheduler.


 --- Improvements and New Features ---

  OTP-16358    Application(s): erts

               Improved signal handling for processes executing dirty.
               For example, avoid busy wait in dirty signal handler
               process when process is doing garbage collection on
               dirty scheduler.


 Full runtime dependencies of erts-10.6.3: kernel-6.5.1, sasl-3.3,
 stdlib-3.5


 ---------------------------------------------------------------------
 --- stdlib-3.11.2 ---------------------------------------------------
 ---------------------------------------------------------------------

 Note! The stdlib-3.11.2 application *cannot* be applied independently
       of other applications on an arbitrary OTP 22 installation.

       On a full OTP 22 installation, also the following runtime
       dependency has to be satisfied:
       -- erts-10.6.2 (first satisfied in OTP 22.2.2)


 --- Fixed Bugs and Malfunctions ---

  OTP-16441    Application(s): stdlib

               A directory traversal vulnerability has been eliminated
               in erl_tar. erl_tar will now refuse to extract symlinks
               that points outside the targeted extraction directory
               and will return {error,{Path,unsafe_symlink}}. (Thanks
               to Eric Meadows-Jönsson for the bug report and for
               suggesting a fix.)


 Full runtime dependencies of stdlib-3.11.2: compiler-5.0, crypto-3.3,
 erts-10.6.2, kernel-6.0, sasl-3.0


 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------




More information about the erlang-announce mailing list