Patch Package OTP 25.1 Released
Henrik Nord X
henrik.x.nord@REDACTED
Wed Sep 21 14:59:13 CEST 2022
Patch Package: OTP 25.1
Git Tag: OTP-25.1
Date: 2022-09-21
Trouble Report Id: OTP-17115, OTP-17340, OTP-17934, OTP-18032,
OTP-18037, OTP-18044, OTP-18050, OTP-18091,
OTP-18093, OTP-18099, OTP-18102, OTP-18104,
OTP-18107, OTP-18109, OTP-18115, OTP-18118,
OTP-18121, OTP-18125, OTP-18127, OTP-18133,
OTP-18134, OTP-18138, OTP-18139, OTP-18142,
OTP-18144, OTP-18146, OTP-18147, OTP-18148,
OTP-18151, OTP-18152, OTP-18153, OTP-18154,
OTP-18160, OTP-18161, OTP-18162, OTP-18163,
OTP-18165, OTP-18166, OTP-18171, OTP-18172,
OTP-18178, OTP-18179, OTP-18180, OTP-18181,
OTP-18182, OTP-18183, OTP-18184, OTP-18186,
OTP-18187, OTP-18189, OTP-18191, OTP-18193,
OTP-18194, OTP-18195, OTP-18196, OTP-18199,
OTP-18200, OTP-18201, OTP-18202, OTP-18203,
OTP-18205, OTP-18207, OTP-18208, OTP-18214,
OTP-18215, OTP-18216, OTP-18217, OTP-18218,
OTP-18219, OTP-18220, OTP-18222, OTP-18229,
OTP-18232, OTP-18233, OTP-18234, OTP-18239,
OTP-18241, OTP-18243, OTP-18244
Seq num: ERIERL-456, ERIERL-661, ERIERL-666,
ERIERL-817, ERIERL-826, ERIERL-829,
ERIERL-833, ERIERL-834, ERIERL-835,
ERIERL-836, ERIERL-837, ERIERL-852,
ERIERL-855, ERL-97, GH-3064, GH-5719,
GH-5981, GH-6021, GH-6024, GH-6026, GH-6105,
GH-6122, GH-6158, GH-6163, GH-6164, GH-6169,
GH-6184, GH-6219, GH-6222, GH-6239, GH-6241,
GH-6242, GH-6244, GH-6247, GH-6277
System: OTP
Release: 25
Application: asn1-5.0.20, common_test-1.23.1,
compiler-8.2.1, crypto-5.1.2, dialyzer-5.0.2,
diameter-2.2.7, erl_docgen-1.4, erts-13.1,
eunit-2.8, inets-8.1, jinterface-1.13.1,
kernel-8.5, megaco-4.4.1, observer-2.13,
parsetools-2.4.1, public_key-1.13.1,
snmp-5.13.1, ssh-4.15, ssl-10.8.4,
stdlib-4.1, xmerl-1.3.30
Predecessor: OTP 25.0.4
Check out the git tag OTP-25.1, and build a full OTP system including
documentation. Apply one or more applications from this build as
patches to your installation using the 'otp_patch_apply' tool. For
information on install requirements, see descriptions for each
application version below.
---------------------------------------------------------------------
--- HIGHLIGHTS ------------------------------------------------------
---------------------------------------------------------------------
OTP-18153 Application(s): crypto
Crypto is now considered to be usable with the OpenSSL
3.0 cryptolib for production code.
ENGINE and FIPS are not yet fully functional.
OTP-18172 Application(s): crypto
Related Id(s): ERIERL-826
*** POTENTIAL INCOMPATIBILITY ***
Changed the behaviour of the engine load/unload
functions
The engine load/unload functions have got changed
semantics to get a more consistent behaviour and work
correct when variables are garbage collected.
The load functions now don't register the methods for
the engine to replace. That will now be handled with
the new functions engine_register/engine_unregister if
needed.
Some functions are removed from the documentation and
therefor the API, but they are left in the code for
compatibility.
-- engine_load/4: is now the same as engine_load/3
-- engine_unload/2: is now the same as engine_unload/1
-- ensure_engine_loaded/3: is now the same as
ensure_engine_loaded/2
-- ensure_engine_unloaded/1, ensure_engine_unloaded/2:
is now the same as engine_unload/1
OTP-18241 Application(s): ssl
A vulnerability has been discovered and corrected. It
is registered as CVE-2022-37026 "Client Authentication
Bypass". Corrections have been released on the
supported tracks with patches 23.3.4.15, 24.3.4.2, and
25.0.2. The vulnerability might also exist in older OTP
versions. We recommend that impacted users upgrade to
one of these versions or later on the respective
tracks. OTP 25.1 would be an even better choice.
Impacted are those who are running an ssl/tls/dtls
server using the ssl application either directly or
indirectly via other applications. For example via
inets (httpd), cowboy, etc. Note that the vulnerability
only affects servers that request client certification,
that is sets the option {verify, verify_peer}.
---------------------------------------------------------------------
--- POTENTIAL INCOMPATIBILITIES -------------------------------------
---------------------------------------------------------------------
OTP-18172 Application(s): crypto
Related Id(s): ERIERL-826
*** HIGHLIGHT ***
Changed the behaviour of the engine load/unload
functions
The engine load/unload functions have got changed
semantics to get a more consistent behaviour and work
correct when variables are garbage collected.
The load functions now don't register the methods for
the engine to replace. That will now be handled with
the new functions engine_register/engine_unregister if
needed.
Some functions are removed from the documentation and
therefor the API, but they are left in the code for
compatibility.
-- engine_load/4: is now the same as engine_load/3
-- engine_unload/2: is now the same as engine_unload/1
-- ensure_engine_loaded/3: is now the same as
ensure_engine_loaded/2
-- ensure_engine_unloaded/1, ensure_engine_unloaded/2:
is now the same as engine_unload/1
OTP-18239 Application(s): stdlib
When changing callback module in gen_statem the
state_enter calls flag from the old module was used in
for the first event in the new module, which could
confuse the new module and cause malfunction. This bug
has been corrected.
With this change some sys debug message formats have
been modified, which can be a problem for debug code
relying on the format.
---------------------------------------------------------------------
--- OTP-25.1 --------------------------------------------------------
---------------------------------------------------------------------
--- Improvements and New Features ---
OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,
parsetools, stdlib, xmerl
Related Id(s): PR-5965
There is a new configure option,
--enable-deterministic-build, which will apply the
deterministic compiler option when building Erlang/OTP.
The deterministic option has been improved to eliminate
more sources of non-determinism in several
applications.
---------------------------------------------------------------------
--- asn1-5.0.20 -----------------------------------------------------
---------------------------------------------------------------------
The asn1-5.0.20 application can be applied independently of other
applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,
parsetools, stdlib, xmerl
Related Id(s): PR-5965
There is a new configure option,
--enable-deterministic-build, which will apply the
deterministic compiler option when building Erlang/OTP.
The deterministic option has been improved to eliminate
more sources of non-determinism in several
applications.
Full runtime dependencies of asn1-5.0.20: erts-11.0, kernel-7.0,
stdlib-3.13
---------------------------------------------------------------------
--- common_test-1.23.1 ----------------------------------------------
---------------------------------------------------------------------
The common_test-1.23.1 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18208 Application(s): common_test
Related Id(s): ERIERL-852, PR-6229
Fix cth_surefire to handle when a suite is not compiled
with debug_info. This bug has been present since
Erlang/OTP 25.0.
--- Improvements and New Features ---
OTP-18138 Application(s): common_test
Related Id(s): GH-5719, PR-6029
Common Test now preserves stack traces for throws.
Full runtime dependencies of common_test-1.23.1: compiler-6.0,
crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4,
observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0,
stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8
---------------------------------------------------------------------
--- compiler-8.2.1 --------------------------------------------------
---------------------------------------------------------------------
The compiler-8.2.1 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18125 Application(s): compiler
Related Id(s): GH-6026
The compiler will now forbid using the empty atom '' as
module name. Also forbidden are modules names
containing control characters, and module names
containing only spaces and soft hyphens.
OTP-18162 Application(s): compiler
Related Id(s): PR-6102
The bin_opt_info and recv_opt_info options would cause
the compiler to crash when attempting to compile
generated code without location information.
OTP-18182 Application(s): compiler
Related Id(s): GH-6163
In rare circumstances involving floating point
operations, the compiler could terminate with an
internal consistency check failure.
OTP-18183 Application(s): compiler
Related Id(s): GH-6169
In rare circumstances when doing arithmetic
instructions on non-numbers, the compiler could crash.
OTP-18184 Application(s): compiler
Related Id(s): GH-6164
In rare circumstances, complex boolean expressions in
nested cases could cause the compiler to crash.
OTP-18186 Application(s): compiler
Expression similar to #{assoc:=V} = #key=>self()}, V
would return the empty map instead of raising an
exception.
OTP-18187 Application(s): compiler
Related Id(s): GH-6184
Eliminated a crash in the beam_ssa_bool pass of the
compiler when compiling a complex guard expression.
OTP-18202 Application(s): compiler
Related Id(s): GH-6222
In rare circumstances, the compiler could crash with an
internal consistency check failure.
OTP-18214 Application(s): compiler
Related Id(s): GH-6158
When compiling with the option inline_list_funcs, the
compiler could produce a nonsensical warning.
OTP-18234 Application(s): compiler
Related Id(s): GH-6277
When given the no_ssa_opt option, the compiler could
terminate with an internal consistency failure
diagnostic when compiling map matching.
--- Improvements and New Features ---
OTP-18050 Application(s): compiler
Made warnings for existing atoms being keywords in
experimental features more precise, by not warning
about quoted atoms.
OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,
parsetools, stdlib, xmerl
Related Id(s): PR-5965
There is a new configure option,
--enable-deterministic-build, which will apply the
deterministic compiler option when building Erlang/OTP.
The deterministic option has been improved to eliminate
more sources of non-determinism in several
applications.
Full runtime dependencies of compiler-8.2.1: crypto-5.1, erts-13.0,
kernel-8.4, stdlib-4.0
---------------------------------------------------------------------
--- crypto-5.1.2 ----------------------------------------------------
---------------------------------------------------------------------
The crypto-5.1.2 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18147 Application(s): crypto
Related Id(s): GH-6024, PR-6056
Fix configure with --with-ssl and
--disable-dynamic-ssl-lib on Windows.
OTP-18152 Application(s): crypto
Remove all references correctly in the garbage
collection if an engine handle was not explicit
unloaded.
OTP-18172 Application(s): crypto
Related Id(s): ERIERL-826
*** HIGHLIGHT ***
*** POTENTIAL INCOMPATIBILITY ***
Changed the behaviour of the engine load/unload
functions
The engine load/unload functions have got changed
semantics to get a more consistent behaviour and work
correct when variables are garbage collected.
The load functions now don't register the methods for
the engine to replace. That will now be handled with
the new functions engine_register/engine_unregister if
needed.
Some functions are removed from the documentation and
therefor the API, but they are left in the code for
compatibility.
-- engine_load/4: is now the same as engine_load/3
-- engine_unload/2: is now the same as engine_unload/1
-- ensure_engine_loaded/3: is now the same as
ensure_engine_loaded/2
-- ensure_engine_unloaded/1, ensure_engine_unloaded/2:
is now the same as engine_unload/1
OTP-18200 Application(s): crypto
Fixed a naming bug for AES-CFB and Blowfish-CFB/OFB
when linked with OpenSSL 3.0 cryptolib.
OTP-18205 Application(s): crypto, public_key
Related Id(s): GH-6219
Sign/verify does now behave as in OTP-24 and earlier
for eddsa.
--- Improvements and New Features ---
OTP-18037 Application(s): crypto
Pass elliptic curve names from crypto.erl to crypto's
nif.
OTP-18133 Application(s): crypto
The configure option --disable-deprecated-warnings is
removed. It was used for some releases when the support
for OpenSSL 3.0 was not completed. It is not needed in
OTP 25.
OTP-18153 Application(s): crypto
*** HIGHLIGHT ***
Crypto is now considered to be usable with the OpenSSL
3.0 cryptolib for production code.
ENGINE and FIPS are not yet fully functional.
OTP-18217 Application(s): crypto
Do not exit if the legacy provider is missing in
libcrypto 3.0.
Full runtime dependencies of crypto-5.1.2: erts-9.0, kernel-5.3,
stdlib-3.9
---------------------------------------------------------------------
--- dialyzer-5.0.2 --------------------------------------------------
---------------------------------------------------------------------
The dialyzer-5.0.2 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18127 Application(s): dialyzer
Related Id(s): ERIERL-817
Two bugs have been fixed in Dialyzer's checking of
behaviors:
When a *mandatory* callback function is present but not
exported, Dialyzer would not complain about a missing
callback.
When an *optional* callback function was not exported
and had incompatible arguments and/or the return values
were incompatible, Dialyzer would complain. This has
been changed to suppress the warning, because the
function might not be intended to be a callback
function, for instance if a release added a new
optional callback function (such as format_status/1 for
the gen_server behaviour added in OTP 25).
OTP-18148 Application(s): dialyzer
Related Id(s): PR-6068
The no_extra_return and no_missing_return warnings can
now be suppressed through -dialyzer directives in
source code.
Full runtime dependencies of dialyzer-5.0.2: compiler-8.0, erts-12.0,
kernel-8.0, stdlib-3.15, syntax_tools-2.0, wx-2.0
---------------------------------------------------------------------
--- diameter-2.2.7 --------------------------------------------------
---------------------------------------------------------------------
The diameter-2.2.7 application can be applied independently of other
applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,
parsetools, stdlib, xmerl
Related Id(s): PR-5965
There is a new configure option,
--enable-deterministic-build, which will apply the
deterministic compiler option when building Erlang/OTP.
The deterministic option has been improved to eliminate
more sources of non-determinism in several
applications.
Full runtime dependencies of diameter-2.2.7: erts-10.0, kernel-3.2,
ssl-9.0, stdlib-3.0
---------------------------------------------------------------------
--- erl_docgen-1.4 --------------------------------------------------
---------------------------------------------------------------------
The erl_docgen-1.4 application can be applied independently of other
applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18244 Application(s): erl_docgen
Update DTD to allow XML tag em under pre.
Full runtime dependencies of erl_docgen-1.4: edoc-1.0, erts-11.0,
kernel-8.0, stdlib-3.15, xmerl-1.3.7
---------------------------------------------------------------------
--- erts-13.1 -------------------------------------------------------
---------------------------------------------------------------------
Note! The erts-13.1 application *cannot* be applied independently of
other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependencies have to be satisfied:
-- kernel-8.5 (first satisfied in OTP 25.1)
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-17934 Application(s): erts, kernel, stdlib
Related Id(s): PR-6007
Fixed inconsistency bugs in global due to
nodeup/nodedown messages not being delivered
before/after traffic over connections. Also fixed
various other inconsistency bugs and deadlocks in both
global_group and global.
As building blocks for these fixes, a new BIF
erlang:nodes/2 has been introduced and
net_kernel:monitor_nodes/2 has been extended.
The -hidden and -connect_all command line arguments did
not work if multiple instances were present on the
command line which has been fixed. The new kernel
parameter connect_all has also been introduced in order
to replace the -connect_all command line argument.
OTP-18091 Application(s): erts, kernel
Related Id(s): #5789
Fixed IPv6 multicast_if and membership socket options.
OTP-18093 Application(s): erts
Related Id(s): OTP-18104, PR-5987
Accept funs (NEW_FUN_EXT) with incorrectly encoded size
field. This is a workaround for a bug (OTP-18104)
existing in OTP 23 and 24 that could cause incorrect
size fields in certain cases. The emulator does not use
the decoded size field, but erl_interface still does
and is not helped by this workaround.
OTP-18102 Application(s): erts, kernel
Related Id(s): #5904
Fixed issue with inet:getifaddrs hanging on pure IPv6
Windows
OTP-18104 Application(s): erts
Related Id(s): OTP-18093
Fix faulty distribution encoding of terms with either
-- a fun with bit-string or export-fun in its
environment when encoded toward a not yet established
(pending) connection
-- or a fun with a binary/bitstring, in its
environment, referring to an off-heap binary (larger
than 64 bytes).
The symptom could be failed decoding on the receiving
side leading to aborted connection. Fix OTP-18093 is a
workaround for theses bugs that makes the VM accepts
such faulty encoded funs.
The first encoding bug toward pending connection exists
only in OTP 23 and 24, but the second one exists also
on OTP 25.
OTP-18144 Application(s): erts
Related Id(s): GH-5981
Fixed emulator crash that could happen during crashdump
generation of ETS tables with options ordered_set and
{write_concurrency,true}.
OTP-18160 Application(s): erts
Related Id(s): PR-6103
Retrieval of monotonic and system clock resolution on
MacOS could cause a crash and/or erroneous results.
OTP-18161 Application(s): erts
Related Id(s): PR-6081
Fix bug where the max allowed size of erl +hmax was
lower than what was allowed by process_flag.
OTP-18201 Application(s): erts
On computers with ARM64 (AArch64) processors, the JIT
could generate incorrect code when more than 4095 bits
were skipped at the tail end of a binary match.
OTP-18216 Application(s): erts
Related Id(s): GH-6239, PR-6240
In rare circumstances, an is_binary/1 guard test could
succeed when given a large integer.
OTP-18218 Application(s): erts
Related Id(s): ERIERL-855
Fix bug causing ets:info (and sometimes ets:whereis) to
return 'undefined' for an existing table if a
concurrent process were doing ets:insert with a long
list on the same table.
OTP-18222 Application(s): erts
Related Id(s): GH-6242, PR-6248
Fix writing and reading of more than 2 GB in a single
read/write operation on macOS. Before this fix
attempting to read/write more than 2GB would result in
{error,einval}.
OTP-18243 Application(s): erts
Related Id(s): GH-6247, PR-6258
Fix bug sometimes causing emulator crash at node
shutdown when there are pending connections. Only seen
when running duel distribution protocols, inet_drv and
inet_tls_dist.
--- Improvements and New Features ---
OTP-17340 Application(s): erts
Related Id(s): PR-6133
Yield when adjusting large process message queues due
to
-- copying terms from a literal area prior to removing
the literal area.
-- changing the message_queue_data state from on_heap
to off_heap.
The message queue adjustment work will now be
interleaved with all other types of work that processes
have to do, even other message queue adjustment work.
OTP-18032 Application(s): erts, kernel
Add rudimentary debug feature (option) for the
inet-driver based sockets, such as gen_tcp and gen_udp.
OTP-18107 Application(s): erts, kernel
Related Id(s): PR-6009
Introduced the hidden and dist_listen options to
net_kernel:start/2.
Also documented the -dist_listen command line argument
which was erroneously documented as a kernel parameter
and not as a command line argument.
OTP-18109 Application(s): erts
New documentation chapter "Debugging NIFs and Port
Drivers" under Interoperability Tutorial.
OTP-18199 Application(s): erts, stdlib
Related Id(s): PR-5790
Add new API function erl_features:configurable/0
Full runtime dependencies of erts-13.1: kernel-8.5, sasl-3.3,
stdlib-4.1
---------------------------------------------------------------------
--- eunit-2.8 -------------------------------------------------------
---------------------------------------------------------------------
The eunit-2.8 application can be applied independently of other
applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18181 Application(s): eunit
Related Id(s): ERL-97, GH-3064, PR-5461
With this change, Eunit can optionally not try to
execute related module with "_tests" suffix. This might
be used for avoiding duplicated executions when source
and test modules are located in the same folder.
Full runtime dependencies of eunit-2.8: erts-9.0, kernel-5.3,
stdlib-3.4
---------------------------------------------------------------------
--- inets-8.1 -------------------------------------------------------
---------------------------------------------------------------------
The inets-8.1 application can be applied independently of other
applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18118 Application(s): inets
Add httpc:ssl_verify_host_options/1 to help setting
default ssl options for the https client.
OTP-18178 Application(s): inets, ssh
Related Id(s): ERIERL-833, ERIERL-834, ERIERL-835
This change fixes dialyzer warnings generated for
inets/httpd examples (includes needed adjustment of
spec for ssh_sftp module).
OTP-18193 Application(s): inets
Related Id(s): GH-6122
Remove documentation of no longer supported callback.
Full runtime dependencies of inets-8.1: erts-6.0, kernel-6.0,
mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0,
stdlib-4.0
---------------------------------------------------------------------
--- jinterface-1.13.1 -----------------------------------------------
---------------------------------------------------------------------
The jinterface-1.13.1 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18215 Application(s): jinterface
Related Id(s): PR-6154
Fix javadoc build error by adding option -encoding
UTF-8.
---------------------------------------------------------------------
--- kernel-8.5 ------------------------------------------------------
---------------------------------------------------------------------
Note! The kernel-8.5 application *cannot* be applied independently of
other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependency has to be satisfied:
-- erts-13.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-17934 Application(s): erts, kernel, stdlib
Related Id(s): PR-6007
Fixed inconsistency bugs in global due to
nodeup/nodedown messages not being delivered
before/after traffic over connections. Also fixed
various other inconsistency bugs and deadlocks in both
global_group and global.
As building blocks for these fixes, a new BIF
erlang:nodes/2 has been introduced and
net_kernel:monitor_nodes/2 has been extended.
The -hidden and -connect_all command line arguments did
not work if multiple instances were present on the
command line which has been fixed. The new kernel
parameter connect_all has also been introduced in order
to replace the -connect_all command line argument.
OTP-18091 Application(s): erts, kernel
Related Id(s): #5789
Fixed IPv6 multicast_if and membership socket options.
OTP-18102 Application(s): erts, kernel
Related Id(s): #5904
Fixed issue with inet:getifaddrs hanging on pure IPv6
Windows
OTP-18115 Application(s): kernel
Related Id(s): PR-5939
The type specifications for inet:getopts/2 and
inet:setopts/2 have been corrected regarding SCTP
options.
OTP-18121 Application(s): kernel
Related Id(s): PR-5972
The type specifications for inet:parse_* have been
tightened.
OTP-18171 Application(s): kernel
Related Id(s): PR-6131
Fix gen_tcp:connect/3 spec to include the inet_backend
option.
OTP-18229 Application(s): kernel
Related Id(s): PR-6212
Fix bug where using a binary as the format when calling
logger:log(Level, Format, Args) (or any other logging
function) would cause a crash or incorrect logging.
--- Improvements and New Features ---
OTP-18032 Application(s): erts, kernel
Add rudimentary debug feature (option) for the
inet-driver based sockets, such as gen_tcp and gen_udp.
OTP-18107 Application(s): erts, kernel
Related Id(s): PR-6009
Introduced the hidden and dist_listen options to
net_kernel:start/2.
Also documented the -dist_listen command line argument
which was erroneously documented as a kernel parameter
and not as a command line argument.
OTP-18163 Application(s): kernel
Related Id(s): PR-6058, PR-6275
Scope and group monitoring have been introduced in pg.
For more information see the documentation of
pg:monitor_scope(), pg:monitor(), and pg:demonitor().
OTP-18232 Application(s): kernel
Related Id(s): OTP-17843, PR-6264
A new function global:disconnect/0 has been introduced
with which one can cleanly disconnect a node from all
other nodes in a cluster of global nodes.
Full runtime dependencies of kernel-8.5: crypto-5.0, erts-13.1,
sasl-3.0, stdlib-4.0
---------------------------------------------------------------------
--- megaco-4.4.1 ----------------------------------------------------
---------------------------------------------------------------------
The megaco-4.4.1 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18179 Application(s): megaco
Related Id(s): ERIERL-836
Fixed various dialyzer related issues in the examples
and the application proper.
--- Improvements and New Features ---
OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,
parsetools, stdlib, xmerl
Related Id(s): PR-5965
There is a new configure option,
--enable-deterministic-build, which will apply the
deterministic compiler option when building Erlang/OTP.
The deterministic option has been improved to eliminate
more sources of non-determinism in several
applications.
Full runtime dependencies of megaco-4.4.1: asn1-3.0, debugger-4.0,
erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5
---------------------------------------------------------------------
--- observer-2.13 ---------------------------------------------------
---------------------------------------------------------------------
The observer-2.13 application can be applied independently of other
applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18151 Application(s): observer
Related Id(s): PR-6063
Fixed units in gui.
Full runtime dependencies of observer-2.13: erts-11.0, et-1.5,
kernel-8.1, runtime_tools-1.19, stdlib-3.13, wx-1.2
---------------------------------------------------------------------
--- parsetools-2.4.1 ------------------------------------------------
---------------------------------------------------------------------
The parsetools-2.4.1 application can be applied independently of
other applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,
parsetools, stdlib, xmerl
Related Id(s): PR-5965
There is a new configure option,
--enable-deterministic-build, which will apply the
deterministic compiler option when building Erlang/OTP.
The deterministic option has been improved to eliminate
more sources of non-determinism in several
applications.
Full runtime dependencies of parsetools-2.4.1: erts-6.0, kernel-3.0,
stdlib-3.4
---------------------------------------------------------------------
--- public_key-1.13.1 -----------------------------------------------
---------------------------------------------------------------------
The public_key-1.13.1 application can be applied independently of
other applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18154 Application(s): public_key
Related Id(s): PR-6002
Support more Linux distributions in cacerts_load/0.
OTP-18189 Application(s): public_key
Related Id(s): ERIERL-829
Correct asn1 typenames available in type
pki_asn1_type()
OTP-18205 Application(s): crypto, public_key
Related Id(s): GH-6219
Sign/verify does now behave as in OTP-24 and earlier
for eddsa.
Full runtime dependencies of public_key-1.13.1: asn1-3.0, crypto-4.6,
erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
--- snmp-5.13.1 -----------------------------------------------------
---------------------------------------------------------------------
The snmp-5.13.1 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17115 Application(s): snmp
Related Id(s): ERIERL-456
Improved the get-bulk response max size calculation.
Its now possible to configure 'empty pdu size', see
appendix c for more info.
OTP-18180 Application(s): snmp
Related Id(s): ERIERL-837
Fix various example dialyzer issues
Full runtime dependencies of snmp-5.13.1: crypto-4.6, erts-12.0,
kernel-8.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5
---------------------------------------------------------------------
--- ssh-4.15 --------------------------------------------------------
---------------------------------------------------------------------
The ssh-4.15 application can be applied independently of other
applications on a full OTP 25 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18220 Application(s): ssh
Related Id(s): ERIERL-661, ERIERL-666
Handling rare race condition at channel close.
--- Improvements and New Features ---
OTP-18134 Application(s): ssh
Related Id(s): GH-6021
New ssh option no_auth_needed to skip the ssh
authentication. Use with caution!
OTP-18178 Application(s): inets, ssh
Related Id(s): ERIERL-833, ERIERL-834, ERIERL-835
This change fixes dialyzer warnings generated for
inets/httpd examples (includes needed adjustment of
spec for ssh_sftp module).
OTP-18196 Application(s): ssh
The new function ssh:daemon_replace_options/2 makes it
possible to change the Options in a running SSH server.
Established connections are not affected, only those
created after the call to this new function.
OTP-18207 Application(s): ssh
Related Id(s): PR-6231
Add a timeout as option max_initial_idle_time. It
closes a connection that does not allocate a channel
within the timeout time.
For more information about timeouts, see the Timeouts
section in the User's Guide Hardening chapter.
Full runtime dependencies of ssh-4.15: crypto-5.0, erts-11.0,
kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15
---------------------------------------------------------------------
--- ssl-10.8.4 ------------------------------------------------------
---------------------------------------------------------------------
Note! The ssl-10.8.4 application *cannot* be applied independently of
other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependency has to be satisfied:
-- stdlib-4.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-18044 Application(s): ssl
Reject unexpected application data in all relevant
places for all TLS versions. Also, handle TLS-1.3
middlebox compatibility with more care. This will make
malicious connections fail early and further, mitigate
possible DoS attacks, that would be caught by the
handshake timeout.
Thanks to Aina Toky Rasoamanana and Olivier Levillain
from Télécom SudParis for alerting us of the issues in
our implementation.
OTP-18099 Application(s): ssl
Related Id(s): PR-6287
With this change, value of cacertfile option will be
adjusted before loading certs from the file.
Adjustments include converting relative paths to
absolute and converting symlinks to actual file path.
Thanks to Marcus Johansson
OTP-18191 Application(s): ssl
Related Id(s): GH-6105
In TLS-1.3, if chain certs are missing (so server auth
domain adherence can not be determined) send peer cert
and hope the server is able to recreate a chain in its
auth domain.
OTP-18195 Application(s): ssl
Make sure periodical refresh of CA certificate files
repopulates cache properly.
OTP-18203 Application(s): ssl
Related Id(s): PR-5996
Correct internal CRL cache functions to use internal
format consistently.
OTP-18219 Application(s): ssl
Related Id(s): GH-6241, PR-6249
Incorrect handling of client middlebox negotiation for
TLS-1.3 could result in that a TLS-1.3 server would not
use middlebox mode although the client was expecting it
too and failing the negotiation with unexpected
message.
OTP-18233 Application(s): ssl
Related Id(s): GH-6244, PR-6270
If the "User" process, the process starting the TLS
connection, gets killed in the middle of spawning the
dynamic connection tree make sure we do not leave any
processes behind.
--- Improvements and New Features ---
OTP-18241 Application(s): ssl
*** HIGHLIGHT ***
A vulnerability has been discovered and corrected. It
is registered as CVE-2022-37026 "Client Authentication
Bypass". Corrections have been released on the
supported tracks with patches 23.3.4.15, 24.3.4.2, and
25.0.2. The vulnerability might also exist in older OTP
versions. We recommend that impacted users upgrade to
one of these versions or later on the respective
tracks. OTP 25.1 would be an even better choice.
Impacted are those who are running an ssl/tls/dtls
server using the ssl application either directly or
indirectly via other applications. For example via
inets (httpd), cowboy, etc. Note that the vulnerability
only affects servers that request client certification,
that is sets the option {verify, verify_peer}.
Full runtime dependencies of ssl-10.8.4: crypto-5.0, erts-10.0,
inets-5.10.7, kernel-8.4, public_key-1.11.3, runtime_tools-1.15.1,
stdlib-4.1
---------------------------------------------------------------------
--- stdlib-4.1 ------------------------------------------------------
---------------------------------------------------------------------
Note! The stdlib-4.1 application *cannot* be applied independently of
other applications on an arbitrary OTP 25 installation.
On a full OTP 25 installation, also the following runtime
dependency has to be satisfied:
-- erts-13.1 (first satisfied in OTP 25.1)
--- Fixed Bugs and Malfunctions ---
OTP-17934 Application(s): erts, kernel, stdlib
Related Id(s): PR-6007
Fixed inconsistency bugs in global due to
nodeup/nodedown messages not being delivered
before/after traffic over connections. Also fixed
various other inconsistency bugs and deadlocks in both
global_group and global.
As building blocks for these fixes, a new BIF
erlang:nodes/2 has been introduced and
net_kernel:monitor_nodes/2 has been extended.
The -hidden and -connect_all command line arguments did
not work if multiple instances were present on the
command line which has been fixed. The new kernel
parameter connect_all has also been introduced in order
to replace the -connect_all command line argument.
OTP-18139 Application(s): stdlib
Related Id(s): PR-6060
Fix the public_key:ssh* functions to be listed under
the correct release in the Removed Functionality User's
Guide.
OTP-18142 Application(s): stdlib
Related Id(s): PR-6078
The type spec for format_status/1 in gen_statem,
gen_server and gen_event has been corrected to state
that the return value is of the same type as the
argument (instead of the same value as the argument).
OTP-18146 Application(s): stdlib
Related Id(s): PR-5983
If the timer server child spec was already present in
kernel_sup but it was not started, the timer server
would fail to start with an {error, already_present}
error instead of restarting the server.
OTP-18239 Application(s): stdlib
*** POTENTIAL INCOMPATIBILITY ***
When changing callback module in gen_statem the
state_enter calls flag from the old module was used in
for the first event in the new module, which could
confuse the new module and cause malfunction. This bug
has been corrected.
With this change some sys debug message formats have
been modified, which can be a problem for debug code
relying on the format.
--- Improvements and New Features ---
OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,
parsetools, stdlib, xmerl
Related Id(s): PR-5965
There is a new configure option,
--enable-deterministic-build, which will apply the
deterministic compiler option when building Erlang/OTP.
The deterministic option has been improved to eliminate
more sources of non-determinism in several
applications.
OTP-18166 Application(s): stdlib
Related Id(s): PR-6108
The rfc339_to_system_time/1,2 functions now allows the
minutes part to be omitted from the time zone.
OTP-18194 Application(s): stdlib
Related Id(s): PR-6199
The receive statement in gen_event has been optimized
to not use selective receive (which was never needed,
and could cause severe performance degradation under
heavy load).
OTP-18199 Application(s): erts, stdlib
Related Id(s): PR-5790
Add new API function erl_features:configurable/0
Full runtime dependencies of stdlib-4.1: compiler-5.0, crypto-4.5,
erts-13.1, kernel-8.4, sasl-3.0
---------------------------------------------------------------------
--- xmerl-1.3.30 ----------------------------------------------------
---------------------------------------------------------------------
The xmerl-1.3.30 application can be applied independently of other
applications on a full OTP 25 installation.
--- Improvements and New Features ---
OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp,
parsetools, stdlib, xmerl
Related Id(s): PR-5965
There is a new configure option,
--enable-deterministic-build, which will apply the
deterministic compiler option when building Erlang/OTP.
The deterministic option has been improved to eliminate
more sources of non-determinism in several
applications.
Full runtime dependencies of xmerl-1.3.30: erts-6.0, kernel-3.0,
stdlib-2.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-announce/attachments/20220921/3857dae7/attachment-0001.htm>
More information about the erlang-announce
mailing list