Patch Package: OTP 23.3.4.19 Git Tag: OTP-23.3.4.19 Date: 2023-06-08 Trouble Report Id: OTP-18321, OTP-18325, OTP-18365, OTP-18388, OTP-18421, OTP-18463, OTP-18470, OTP-18525, OTP-18570, OTP-18595 Seq num: ERIERL-944, GH-6465, GH-6466, GH-6873 System: OTP Release: 23 Application: compiler-7.6.9.3, erts-11.2.2.18, stdlib-3.14.2.3, xmerl-1.3.27.1 Predecessor: OTP 23.3.4.18 Check out the git tag OTP-23.3.4.19, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. --------------------------------------------------------------------- --- compiler-7.6.9.3 ------------------------------------------------ --------------------------------------------------------------------- The compiler-7.6.9.3 application can be applied independently of other applications on a full OTP 23 installation. --- Fixed Bugs and Malfunctions --- OTP-18325 Application(s): compiler, stdlib Related Id(s): GH-6465, GH-6466 It is not allowed to call functions from guards. The compiler failed to reject a call in a guard when done by constructing a record with a default initialization expression that called a function. OTP-18365 Application(s): compiler Fixed a bug that could cause legal code to fail validation. OTP-18470 Application(s): compiler Related Id(s): GH-6873, PR-6877 The compiler would generate incorrect code for the following type of expression: Pattern = BoundVar1 = . . . = BoundVarN = Expression An exception should be raised if any of the bound variables have different values than Expression. The compiler would generate code that would cause the bound variables to be bound to the value of Expressionwhether the value matched or not. Full runtime dependencies of compiler-7.6.9.3: crypto-3.6, erts-11.0, hipe-3.12, kernel-7.0, stdlib-3.13 --------------------------------------------------------------------- --- erts-11.2.2.18 -------------------------------------------------- --------------------------------------------------------------------- Note! The erts-11.2.2.18 application *cannot* be applied independently of other applications on an arbitrary OTP 23 installation. On a full OTP 23 installation, also the following runtime dependency has to be satisfied: -- kernel-7.3.1.5 (first satisfied in OTP 23.3.4.12) --- Fixed Bugs and Malfunctions --- OTP-18321 Application(s): erts Fix list_to_atom/1 for negative code points. Could either return with a positive code point or fail with an incorrect exception. OTP-18388 Application(s): erts Related Id(s): OTP-17462, PR-6662 A race condition which was very rarely triggered could cause the signal queue of a process to become inconsistent causing the runtime system to crash. OTP-18421 Application(s): erts Related Id(s): PR-6806 process_info(Pid, status) when Pid /= self() could return an erroneous result. OTP-18463 Application(s): erts Related Id(s): PR-6858 In rare circumstances, when a process exceeded its allowed heap size set by option max_heap_size, it would not be killed as it should be, but instead enter a kind of zombie state it would never get out of. OTP-18525 Application(s): erts Related Id(s): PR-7049 Implementations of the call() driver callback that returned a faulty encoded result could cause a memory leak and could cause invalid data on the heap of the processes calling erlang:port_call/3. OTP-18570 Application(s): erts Related Id(s): PR-7190 If a runtime system which was starting the distribution already had existing pids, ports, or references referring to a node with the same nodename/creation pair that the runtime system was about to use, these already existing pids, ports, or references would not work as expected in various situations after the node had gone alive. This could only occur if the runtime system was communicated such pids, ports, or references prior to the distribution was started. That is, it was extremely unlikely to happen unless the distribution was started dynamically and was even then very unlikely to happen. The runtime system now checks for already existing pids, ports, and references with the same nodename/creation pair that it is about to use. If such are found another creation will be chosen in order to avoid these issues. Full runtime dependencies of erts-11.2.2.18: kernel-7.3.1.5, sasl-3.3, stdlib-3.13 --------------------------------------------------------------------- --- stdlib-3.14.2.3 ------------------------------------------------- --------------------------------------------------------------------- The stdlib-3.14.2.3 application can be applied independently of other applications on a full OTP 23 installation. --- Fixed Bugs and Malfunctions --- OTP-18325 Application(s): compiler, stdlib Related Id(s): GH-6465, GH-6466 It is not allowed to call functions from guards. The compiler failed to reject a call in a guard when done by constructing a record with a default initialization expression that called a function. Full runtime dependencies of stdlib-3.14.2.3: compiler-5.0, crypto-3.3, erts-11.0, kernel-7.0, sasl-3.0 --------------------------------------------------------------------- --- xmerl-1.3.27.1 -------------------------------------------------- --------------------------------------------------------------------- The xmerl-1.3.27.1 application can be applied independently of other applications on a full OTP 23 installation. --- Fixed Bugs and Malfunctions --- OTP-18595 Application(s): xmerl Related Id(s): ERIERL-944 New options to xmerl_scan and xmerl_sax_parser so one can limit the behaviour of the parsers to avoid some XML security issues. xmerl_scan gets one new option: -- {allow_entities, Boolean} -- Gives the possibility to disallow entities by setting this option to false (true is default) xmerl_sax_parser gets the following options: -- disallow_entities -- Don't allow entities in document -- {entity_recurse_limit, N} -- Set a limit on entity recursion depth (default is 3) -- {external_entities, AllowedType} -- Specify which types of external entities that are allowed, this also affect external DTD's. The types are all(default), file and none -- {fail_undeclared_ref, Boolean} -- Sets the behavior for undeclared references due to an external file is not parsed (true is default) The old option skip_external_dtd is still valid and the same as {external_entities, none} and {fail_undeclared_ref, false} but just affects DTD's and not other external references. Full runtime dependencies of xmerl-1.3.27.1: erts-6.0, kernel-3.0, stdlib-2.5 --------------------------------------------------------------------- --------------------------------------------------------------------- ---------------------------------------------------------------------