Patch Package: OTP 25.1 Git Tag: OTP-25.1 Date: 2022-09-21 Trouble Report Id: OTP-17115, OTP-17340, OTP-17934, OTP-18032, OTP-18037, OTP-18044, OTP-18050, OTP-18091, OTP-18093, OTP-18099, OTP-18102, OTP-18104, OTP-18107, OTP-18109, OTP-18115, OTP-18118, OTP-18121, OTP-18125, OTP-18127, OTP-18133, OTP-18134, OTP-18138, OTP-18139, OTP-18142, OTP-18144, OTP-18146, OTP-18147, OTP-18148, OTP-18151, OTP-18152, OTP-18153, OTP-18154, OTP-18160, OTP-18161, OTP-18162, OTP-18163, OTP-18165, OTP-18166, OTP-18171, OTP-18172, OTP-18178, OTP-18179, OTP-18180, OTP-18181, OTP-18182, OTP-18183, OTP-18184, OTP-18186, OTP-18187, OTP-18189, OTP-18191, OTP-18193, OTP-18194, OTP-18195, OTP-18196, OTP-18199, OTP-18200, OTP-18201, OTP-18202, OTP-18203, OTP-18205, OTP-18207, OTP-18208, OTP-18214, OTP-18215, OTP-18216, OTP-18217, OTP-18218, OTP-18219, OTP-18220, OTP-18222, OTP-18229, OTP-18232, OTP-18233, OTP-18234, OTP-18239, OTP-18241, OTP-18243, OTP-18244 Seq num: ERIERL-456, ERIERL-661, ERIERL-666, ERIERL-817, ERIERL-826, ERIERL-829, ERIERL-833, ERIERL-834, ERIERL-835, ERIERL-836, ERIERL-837, ERIERL-852, ERIERL-855, ERL-97, GH-3064, GH-5719, GH-5981, GH-6021, GH-6024, GH-6026, GH-6105, GH-6122, GH-6158, GH-6163, GH-6164, GH-6169, GH-6184, GH-6219, GH-6222, GH-6239, GH-6241, GH-6242, GH-6244, GH-6247, GH-6277 System: OTP Release: 25 Application: asn1-5.0.20, common_test-1.23.1, compiler-8.2.1, crypto-5.1.2, dialyzer-5.0.2, diameter-2.2.7, erl_docgen-1.4, erts-13.1, eunit-2.8, inets-8.1, jinterface-1.13.1, kernel-8.5, megaco-4.4.1, observer-2.13, parsetools-2.4.1, public_key-1.13.1, snmp-5.13.1, ssh-4.15, ssl-10.8.4, stdlib-4.1, xmerl-1.3.30 Predecessor: OTP 25.0.4 Check out the git tag OTP-25.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below. --------------------------------------------------------------------- --- HIGHLIGHTS ------------------------------------------------------ --------------------------------------------------------------------- OTP-18153 Application(s): crypto Crypto is now considered to be usable with the OpenSSL 3.0 cryptolib for production code. ENGINE and FIPS are not yet fully functional. OTP-18172 Application(s): crypto Related Id(s): ERIERL-826 *** POTENTIAL INCOMPATIBILITY *** Changed the behaviour of the engine load/unload functions The engine load/unload functions have got changed semantics to get a more consistent behaviour and work correct when variables are garbage collected. The load functions now don't register the methods for the engine to replace. That will now be handled with the new functions engine_register/engine_unregister if needed. Some functions are removed from the documentation and therefor the API, but they are left in the code for compatibility. -- engine_load/4: is now the same as engine_load/3 -- engine_unload/2: is now the same as engine_unload/1 -- ensure_engine_loaded/3: is now the same as ensure_engine_loaded/2 -- ensure_engine_unloaded/1, ensure_engine_unloaded/2: is now the same as engine_unload/1 OTP-18241 Application(s): ssl A vulnerability has been discovered and corrected. It is registered as CVE-2022-37026 "Client Authentication Bypass". Corrections have been released on the supported tracks with patches 23.3.4.15, 24.3.4.2, and 25.0.2. The vulnerability might also exist in older OTP versions. We recommend that impacted users upgrade to one of these versions or later on the respective tracks. OTP 25.1 would be an even better choice. Impacted are those who are running an ssl/tls/dtls server using the ssl application either directly or indirectly via other applications. For example via inets (httpd), cowboy, etc. Note that the vulnerability only affects servers that request client certification, that is sets the option {verify, verify_peer}. --------------------------------------------------------------------- --- POTENTIAL INCOMPATIBILITIES ------------------------------------- --------------------------------------------------------------------- OTP-18172 Application(s): crypto Related Id(s): ERIERL-826 *** HIGHLIGHT *** Changed the behaviour of the engine load/unload functions The engine load/unload functions have got changed semantics to get a more consistent behaviour and work correct when variables are garbage collected. The load functions now don't register the methods for the engine to replace. That will now be handled with the new functions engine_register/engine_unregister if needed. Some functions are removed from the documentation and therefor the API, but they are left in the code for compatibility. -- engine_load/4: is now the same as engine_load/3 -- engine_unload/2: is now the same as engine_unload/1 -- ensure_engine_loaded/3: is now the same as ensure_engine_loaded/2 -- ensure_engine_unloaded/1, ensure_engine_unloaded/2: is now the same as engine_unload/1 OTP-18239 Application(s): stdlib When changing callback module in gen_statem the state_enter calls flag from the old module was used in for the first event in the new module, which could confuse the new module and cause malfunction. This bug has been corrected. With this change some sys debug message formats have been modified, which can be a problem for debug code relying on the format. --------------------------------------------------------------------- --- OTP-25.1 -------------------------------------------------------- --------------------------------------------------------------------- --- Improvements and New Features --- OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl Related Id(s): PR-5965 There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications. --------------------------------------------------------------------- --- asn1-5.0.20 ----------------------------------------------------- --------------------------------------------------------------------- The asn1-5.0.20 application can be applied independently of other applications on a full OTP 25 installation. --- Improvements and New Features --- OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl Related Id(s): PR-5965 There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications. Full runtime dependencies of asn1-5.0.20: erts-11.0, kernel-7.0, stdlib-3.13 --------------------------------------------------------------------- --- common_test-1.23.1 ---------------------------------------------- --------------------------------------------------------------------- The common_test-1.23.1 application can be applied independently of other applications on a full OTP 25 installation. --- Fixed Bugs and Malfunctions --- OTP-18208 Application(s): common_test Related Id(s): ERIERL-852, PR-6229 Fix cth_surefire to handle when a suite is not compiled with debug_info. This bug has been present since Erlang/OTP 25.0. --- Improvements and New Features --- OTP-18138 Application(s): common_test Related Id(s): GH-5719, PR-6029 Common Test now preserves stack traces for throws. Full runtime dependencies of common_test-1.23.1: compiler-6.0, crypto-4.5, debugger-4.1, erts-7.0, ftp-1.0, inets-6.0, kernel-8.4, observer-2.1, runtime_tools-1.8.16, sasl-2.5, snmp-5.1.2, ssh-4.0, stdlib-4.0, syntax_tools-1.7, tools-3.2, xmerl-1.3.8 --------------------------------------------------------------------- --- compiler-8.2.1 -------------------------------------------------- --------------------------------------------------------------------- The compiler-8.2.1 application can be applied independently of other applications on a full OTP 25 installation. --- Fixed Bugs and Malfunctions --- OTP-18125 Application(s): compiler Related Id(s): GH-6026 The compiler will now forbid using the empty atom '' as module name. Also forbidden are modules names containing control characters, and module names containing only spaces and soft hyphens. OTP-18162 Application(s): compiler Related Id(s): PR-6102 The bin_opt_info and recv_opt_info options would cause the compiler to crash when attempting to compile generated code without location information. OTP-18182 Application(s): compiler Related Id(s): GH-6163 In rare circumstances involving floating point operations, the compiler could terminate with an internal consistency check failure. OTP-18183 Application(s): compiler Related Id(s): GH-6169 In rare circumstances when doing arithmetic instructions on non-numbers, the compiler could crash. OTP-18184 Application(s): compiler Related Id(s): GH-6164 In rare circumstances, complex boolean expressions in nested cases could cause the compiler to crash. OTP-18186 Application(s): compiler Expression similar to #{assoc:=V} = #key=>self()}, V would return the empty map instead of raising an exception. OTP-18187 Application(s): compiler Related Id(s): GH-6184 Eliminated a crash in the beam_ssa_bool pass of the compiler when compiling a complex guard expression. OTP-18202 Application(s): compiler Related Id(s): GH-6222 In rare circumstances, the compiler could crash with an internal consistency check failure. OTP-18214 Application(s): compiler Related Id(s): GH-6158 When compiling with the option inline_list_funcs, the compiler could produce a nonsensical warning. OTP-18234 Application(s): compiler Related Id(s): GH-6277 When given the no_ssa_opt option, the compiler could terminate with an internal consistency failure diagnostic when compiling map matching. --- Improvements and New Features --- OTP-18050 Application(s): compiler Made warnings for existing atoms being keywords in experimental features more precise, by not warning about quoted atoms. OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl Related Id(s): PR-5965 There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications. Full runtime dependencies of compiler-8.2.1: crypto-5.1, erts-13.0, kernel-8.4, stdlib-4.0 --------------------------------------------------------------------- --- crypto-5.1.2 ---------------------------------------------------- --------------------------------------------------------------------- The crypto-5.1.2 application can be applied independently of other applications on a full OTP 25 installation. --- Fixed Bugs and Malfunctions --- OTP-18147 Application(s): crypto Related Id(s): GH-6024, PR-6056 Fix configure with --with-ssl and --disable-dynamic-ssl-lib on Windows. OTP-18152 Application(s): crypto Remove all references correctly in the garbage collection if an engine handle was not explicit unloaded. OTP-18172 Application(s): crypto Related Id(s): ERIERL-826 *** HIGHLIGHT *** *** POTENTIAL INCOMPATIBILITY *** Changed the behaviour of the engine load/unload functions The engine load/unload functions have got changed semantics to get a more consistent behaviour and work correct when variables are garbage collected. The load functions now don't register the methods for the engine to replace. That will now be handled with the new functions engine_register/engine_unregister if needed. Some functions are removed from the documentation and therefor the API, but they are left in the code for compatibility. -- engine_load/4: is now the same as engine_load/3 -- engine_unload/2: is now the same as engine_unload/1 -- ensure_engine_loaded/3: is now the same as ensure_engine_loaded/2 -- ensure_engine_unloaded/1, ensure_engine_unloaded/2: is now the same as engine_unload/1 OTP-18200 Application(s): crypto Fixed a naming bug for AES-CFB and Blowfish-CFB/OFB when linked with OpenSSL 3.0 cryptolib. OTP-18205 Application(s): crypto, public_key Related Id(s): GH-6219 Sign/verify does now behave as in OTP-24 and earlier for eddsa. --- Improvements and New Features --- OTP-18037 Application(s): crypto Pass elliptic curve names from crypto.erl to crypto's nif. OTP-18133 Application(s): crypto The configure option --disable-deprecated-warnings is removed. It was used for some releases when the support for OpenSSL 3.0 was not completed. It is not needed in OTP 25. OTP-18153 Application(s): crypto *** HIGHLIGHT *** Crypto is now considered to be usable with the OpenSSL 3.0 cryptolib for production code. ENGINE and FIPS are not yet fully functional. OTP-18217 Application(s): crypto Do not exit if the legacy provider is missing in libcrypto 3.0. Full runtime dependencies of crypto-5.1.2: erts-9.0, kernel-5.3, stdlib-3.9 --------------------------------------------------------------------- --- dialyzer-5.0.2 -------------------------------------------------- --------------------------------------------------------------------- The dialyzer-5.0.2 application can be applied independently of other applications on a full OTP 25 installation. --- Fixed Bugs and Malfunctions --- OTP-18127 Application(s): dialyzer Related Id(s): ERIERL-817 Two bugs have been fixed in Dialyzer's checking of behaviors: When a *mandatory* callback function is present but not exported, Dialyzer would not complain about a missing callback. When an *optional* callback function was not exported and had incompatible arguments and/or the return values were incompatible, Dialyzer would complain. This has been changed to suppress the warning, because the function might not be intended to be a callback function, for instance if a release added a new optional callback function (such as format_status/1 for the gen_server behaviour added in OTP 25). OTP-18148 Application(s): dialyzer Related Id(s): PR-6068 The no_extra_return and no_missing_return warnings can now be suppressed through -dialyzer directives in source code. Full runtime dependencies of dialyzer-5.0.2: compiler-8.0, erts-12.0, kernel-8.0, stdlib-3.15, syntax_tools-2.0, wx-2.0 --------------------------------------------------------------------- --- diameter-2.2.7 -------------------------------------------------- --------------------------------------------------------------------- The diameter-2.2.7 application can be applied independently of other applications on a full OTP 25 installation. --- Improvements and New Features --- OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl Related Id(s): PR-5965 There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications. Full runtime dependencies of diameter-2.2.7: erts-10.0, kernel-3.2, ssl-9.0, stdlib-3.0 --------------------------------------------------------------------- --- erl_docgen-1.4 -------------------------------------------------- --------------------------------------------------------------------- The erl_docgen-1.4 application can be applied independently of other applications on a full OTP 25 installation. --- Improvements and New Features --- OTP-18244 Application(s): erl_docgen Update DTD to allow XML tag em under pre. Full runtime dependencies of erl_docgen-1.4: edoc-1.0, erts-11.0, kernel-8.0, stdlib-3.15, xmerl-1.3.7 --------------------------------------------------------------------- --- erts-13.1 ------------------------------------------------------- --------------------------------------------------------------------- Note! The erts-13.1 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependencies have to be satisfied: -- kernel-8.5 (first satisfied in OTP 25.1) -- stdlib-4.1 (first satisfied in OTP 25.1) --- Fixed Bugs and Malfunctions --- OTP-17934 Application(s): erts, kernel, stdlib Related Id(s): PR-6007 Fixed inconsistency bugs in global due to nodeup/nodedown messages not being delivered before/after traffic over connections. Also fixed various other inconsistency bugs and deadlocks in both global_group and global. As building blocks for these fixes, a new BIF erlang:nodes/2 has been introduced and net_kernel:monitor_nodes/2 has been extended. The -hidden and -connect_all command line arguments did not work if multiple instances were present on the command line which has been fixed. The new kernel parameter connect_all has also been introduced in order to replace the -connect_all command line argument. OTP-18091 Application(s): erts, kernel Related Id(s): #5789 Fixed IPv6 multicast_if and membership socket options. OTP-18093 Application(s): erts Related Id(s): OTP-18104, PR-5987 Accept funs (NEW_FUN_EXT) with incorrectly encoded size field. This is a workaround for a bug (OTP-18104) existing in OTP 23 and 24 that could cause incorrect size fields in certain cases. The emulator does not use the decoded size field, but erl_interface still does and is not helped by this workaround. OTP-18102 Application(s): erts, kernel Related Id(s): #5904 Fixed issue with inet:getifaddrs hanging on pure IPv6 Windows OTP-18104 Application(s): erts Related Id(s): OTP-18093 Fix faulty distribution encoding of terms with either -- a fun with bit-string or export-fun in its environment when encoded toward a not yet established (pending) connection -- or a fun with a binary/bitstring, in its environment, referring to an off-heap binary (larger than 64 bytes). The symptom could be failed decoding on the receiving side leading to aborted connection. Fix OTP-18093 is a workaround for theses bugs that makes the VM accepts such faulty encoded funs. The first encoding bug toward pending connection exists only in OTP 23 and 24, but the second one exists also on OTP 25. OTP-18144 Application(s): erts Related Id(s): GH-5981 Fixed emulator crash that could happen during crashdump generation of ETS tables with options ordered_set and {write_concurrency,true}. OTP-18160 Application(s): erts Related Id(s): PR-6103 Retrieval of monotonic and system clock resolution on MacOS could cause a crash and/or erroneous results. OTP-18161 Application(s): erts Related Id(s): PR-6081 Fix bug where the max allowed size of erl +hmax was lower than what was allowed by process_flag. OTP-18201 Application(s): erts On computers with ARM64 (AArch64) processors, the JIT could generate incorrect code when more than 4095 bits were skipped at the tail end of a binary match. OTP-18216 Application(s): erts Related Id(s): GH-6239, PR-6240 In rare circumstances, an is_binary/1 guard test could succeed when given a large integer. OTP-18218 Application(s): erts Related Id(s): ERIERL-855 Fix bug causing ets:info (and sometimes ets:whereis) to return 'undefined' for an existing table if a concurrent process were doing ets:insert with a long list on the same table. OTP-18222 Application(s): erts Related Id(s): GH-6242, PR-6248 Fix writing and reading of more than 2 GB in a single read/write operation on macOS. Before this fix attempting to read/write more than 2GB would result in {error,einval}. OTP-18243 Application(s): erts Related Id(s): GH-6247, PR-6258 Fix bug sometimes causing emulator crash at node shutdown when there are pending connections. Only seen when running duel distribution protocols, inet_drv and inet_tls_dist. --- Improvements and New Features --- OTP-17340 Application(s): erts Related Id(s): PR-6133 Yield when adjusting large process message queues due to -- copying terms from a literal area prior to removing the literal area. -- changing the message_queue_data state from on_heap to off_heap. The message queue adjustment work will now be interleaved with all other types of work that processes have to do, even other message queue adjustment work. OTP-18032 Application(s): erts, kernel Add rudimentary debug feature (option) for the inet-driver based sockets, such as gen_tcp and gen_udp. OTP-18107 Application(s): erts, kernel Related Id(s): PR-6009 Introduced the hidden and dist_listen options to net_kernel:start/2. Also documented the -dist_listen command line argument which was erroneously documented as a kernel parameter and not as a command line argument. OTP-18109 Application(s): erts New documentation chapter "Debugging NIFs and Port Drivers" under Interoperability Tutorial. OTP-18199 Application(s): erts, stdlib Related Id(s): PR-5790 Add new API function erl_features:configurable/0 Full runtime dependencies of erts-13.1: kernel-8.5, sasl-3.3, stdlib-4.1 --------------------------------------------------------------------- --- eunit-2.8 ------------------------------------------------------- --------------------------------------------------------------------- The eunit-2.8 application can be applied independently of other applications on a full OTP 25 installation. --- Improvements and New Features --- OTP-18181 Application(s): eunit Related Id(s): ERL-97, GH-3064, PR-5461 With this change, Eunit can optionally not try to execute related module with "_tests" suffix. This might be used for avoiding duplicated executions when source and test modules are located in the same folder. Full runtime dependencies of eunit-2.8: erts-9.0, kernel-5.3, stdlib-3.4 --------------------------------------------------------------------- --- inets-8.1 ------------------------------------------------------- --------------------------------------------------------------------- The inets-8.1 application can be applied independently of other applications on a full OTP 25 installation. --- Improvements and New Features --- OTP-18118 Application(s): inets Add httpc:ssl_verify_host_options/1 to help setting default ssl options for the https client. OTP-18178 Application(s): inets, ssh Related Id(s): ERIERL-833, ERIERL-834, ERIERL-835 This change fixes dialyzer warnings generated for inets/httpd examples (includes needed adjustment of spec for ssh_sftp module). OTP-18193 Application(s): inets Related Id(s): GH-6122 Remove documentation of no longer supported callback. Full runtime dependencies of inets-8.1: erts-6.0, kernel-6.0, mnesia-4.12, public_key-1.13, runtime_tools-1.8.14, ssl-9.0, stdlib-4.0 --------------------------------------------------------------------- --- jinterface-1.13.1 ----------------------------------------------- --------------------------------------------------------------------- The jinterface-1.13.1 application can be applied independently of other applications on a full OTP 25 installation. --- Fixed Bugs and Malfunctions --- OTP-18215 Application(s): jinterface Related Id(s): PR-6154 Fix javadoc build error by adding option -encoding UTF-8. --------------------------------------------------------------------- --- kernel-8.5 ------------------------------------------------------ --------------------------------------------------------------------- Note! The kernel-8.5 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependency has to be satisfied: -- erts-13.1 (first satisfied in OTP 25.1) --- Fixed Bugs and Malfunctions --- OTP-17934 Application(s): erts, kernel, stdlib Related Id(s): PR-6007 Fixed inconsistency bugs in global due to nodeup/nodedown messages not being delivered before/after traffic over connections. Also fixed various other inconsistency bugs and deadlocks in both global_group and global. As building blocks for these fixes, a new BIF erlang:nodes/2 has been introduced and net_kernel:monitor_nodes/2 has been extended. The -hidden and -connect_all command line arguments did not work if multiple instances were present on the command line which has been fixed. The new kernel parameter connect_all has also been introduced in order to replace the -connect_all command line argument. OTP-18091 Application(s): erts, kernel Related Id(s): #5789 Fixed IPv6 multicast_if and membership socket options. OTP-18102 Application(s): erts, kernel Related Id(s): #5904 Fixed issue with inet:getifaddrs hanging on pure IPv6 Windows OTP-18115 Application(s): kernel Related Id(s): PR-5939 The type specifications for inet:getopts/2 and inet:setopts/2 have been corrected regarding SCTP options. OTP-18121 Application(s): kernel Related Id(s): PR-5972 The type specifications for inet:parse_* have been tightened. OTP-18171 Application(s): kernel Related Id(s): PR-6131 Fix gen_tcp:connect/3 spec to include the inet_backend option. OTP-18229 Application(s): kernel Related Id(s): PR-6212 Fix bug where using a binary as the format when calling logger:log(Level, Format, Args) (or any other logging function) would cause a crash or incorrect logging. --- Improvements and New Features --- OTP-18032 Application(s): erts, kernel Add rudimentary debug feature (option) for the inet-driver based sockets, such as gen_tcp and gen_udp. OTP-18107 Application(s): erts, kernel Related Id(s): PR-6009 Introduced the hidden and dist_listen options to net_kernel:start/2. Also documented the -dist_listen command line argument which was erroneously documented as a kernel parameter and not as a command line argument. OTP-18163 Application(s): kernel Related Id(s): PR-6058, PR-6275 Scope and group monitoring have been introduced in pg. For more information see the documentation of pg:monitor_scope(), pg:monitor(), and pg:demonitor(). OTP-18232 Application(s): kernel Related Id(s): OTP-17843, PR-6264 A new function global:disconnect/0 has been introduced with which one can cleanly disconnect a node from all other nodes in a cluster of global nodes. Full runtime dependencies of kernel-8.5: crypto-5.0, erts-13.1, sasl-3.0, stdlib-4.0 --------------------------------------------------------------------- --- megaco-4.4.1 ---------------------------------------------------- --------------------------------------------------------------------- The megaco-4.4.1 application can be applied independently of other applications on a full OTP 25 installation. --- Fixed Bugs and Malfunctions --- OTP-18179 Application(s): megaco Related Id(s): ERIERL-836 Fixed various dialyzer related issues in the examples and the application proper. --- Improvements and New Features --- OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl Related Id(s): PR-5965 There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications. Full runtime dependencies of megaco-4.4.1: asn1-3.0, debugger-4.0, erts-12.0, et-1.5, kernel-8.0, runtime_tools-1.8.14, stdlib-2.5 --------------------------------------------------------------------- --- observer-2.13 --------------------------------------------------- --------------------------------------------------------------------- The observer-2.13 application can be applied independently of other applications on a full OTP 25 installation. --- Improvements and New Features --- OTP-18151 Application(s): observer Related Id(s): PR-6063 Fixed units in gui. Full runtime dependencies of observer-2.13: erts-11.0, et-1.5, kernel-8.1, runtime_tools-1.19, stdlib-3.13, wx-1.2 --------------------------------------------------------------------- --- parsetools-2.4.1 ------------------------------------------------ --------------------------------------------------------------------- The parsetools-2.4.1 application can be applied independently of other applications on a full OTP 25 installation. --- Improvements and New Features --- OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl Related Id(s): PR-5965 There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications. Full runtime dependencies of parsetools-2.4.1: erts-6.0, kernel-3.0, stdlib-3.4 --------------------------------------------------------------------- --- public_key-1.13.1 ----------------------------------------------- --------------------------------------------------------------------- The public_key-1.13.1 application can be applied independently of other applications on a full OTP 25 installation. --- Fixed Bugs and Malfunctions --- OTP-18154 Application(s): public_key Related Id(s): PR-6002 Support more Linux distributions in cacerts_load/0. OTP-18189 Application(s): public_key Related Id(s): ERIERL-829 Correct asn1 typenames available in type pki_asn1_type() OTP-18205 Application(s): crypto, public_key Related Id(s): GH-6219 Sign/verify does now behave as in OTP-24 and earlier for eddsa. Full runtime dependencies of public_key-1.13.1: asn1-3.0, crypto-4.6, erts-6.0, kernel-3.0, stdlib-3.5 --------------------------------------------------------------------- --- snmp-5.13.1 ----------------------------------------------------- --------------------------------------------------------------------- The snmp-5.13.1 application can be applied independently of other applications on a full OTP 25 installation. --- Fixed Bugs and Malfunctions --- OTP-17115 Application(s): snmp Related Id(s): ERIERL-456 Improved the get-bulk response max size calculation. Its now possible to configure 'empty pdu size', see appendix c for more info. OTP-18180 Application(s): snmp Related Id(s): ERIERL-837 Fix various example dialyzer issues Full runtime dependencies of snmp-5.13.1: crypto-4.6, erts-12.0, kernel-8.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5 --------------------------------------------------------------------- --- ssh-4.15 -------------------------------------------------------- --------------------------------------------------------------------- The ssh-4.15 application can be applied independently of other applications on a full OTP 25 installation. --- Fixed Bugs and Malfunctions --- OTP-18220 Application(s): ssh Related Id(s): ERIERL-661, ERIERL-666 Handling rare race condition at channel close. --- Improvements and New Features --- OTP-18134 Application(s): ssh Related Id(s): GH-6021 New ssh option no_auth_needed to skip the ssh authentication. Use with caution! OTP-18178 Application(s): inets, ssh Related Id(s): ERIERL-833, ERIERL-834, ERIERL-835 This change fixes dialyzer warnings generated for inets/httpd examples (includes needed adjustment of spec for ssh_sftp module). OTP-18196 Application(s): ssh The new function ssh:daemon_replace_options/2 makes it possible to change the Options in a running SSH server. Established connections are not affected, only those created after the call to this new function. OTP-18207 Application(s): ssh Related Id(s): PR-6231 Add a timeout as option max_initial_idle_time. It closes a connection that does not allocate a channel within the timeout time. For more information about timeouts, see the Timeouts section in the User's Guide Hardening chapter. Full runtime dependencies of ssh-4.15: crypto-5.0, erts-11.0, kernel-6.0, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15 --------------------------------------------------------------------- --- ssl-10.8.4 ------------------------------------------------------ --------------------------------------------------------------------- Note! The ssl-10.8.4 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependency has to be satisfied: -- stdlib-4.1 (first satisfied in OTP 25.1) --- Fixed Bugs and Malfunctions --- OTP-18044 Application(s): ssl Reject unexpected application data in all relevant places for all TLS versions. Also, handle TLS-1.3 middlebox compatibility with more care. This will make malicious connections fail early and further, mitigate possible DoS attacks, that would be caught by the handshake timeout. Thanks to Aina Toky Rasoamanana and Olivier Levillain from Télécom SudParis for alerting us of the issues in our implementation. OTP-18099 Application(s): ssl Related Id(s): PR-6287 With this change, value of cacertfile option will be adjusted before loading certs from the file. Adjustments include converting relative paths to absolute and converting symlinks to actual file path. Thanks to Marcus Johansson OTP-18191 Application(s): ssl Related Id(s): GH-6105 In TLS-1.3, if chain certs are missing (so server auth domain adherence can not be determined) send peer cert and hope the server is able to recreate a chain in its auth domain. OTP-18195 Application(s): ssl Make sure periodical refresh of CA certificate files repopulates cache properly. OTP-18203 Application(s): ssl Related Id(s): PR-5996 Correct internal CRL cache functions to use internal format consistently. OTP-18219 Application(s): ssl Related Id(s): GH-6241, PR-6249 Incorrect handling of client middlebox negotiation for TLS-1.3 could result in that a TLS-1.3 server would not use middlebox mode although the client was expecting it too and failing the negotiation with unexpected message. OTP-18233 Application(s): ssl Related Id(s): GH-6244, PR-6270 If the "User" process, the process starting the TLS connection, gets killed in the middle of spawning the dynamic connection tree make sure we do not leave any processes behind. --- Improvements and New Features --- OTP-18241 Application(s): ssl *** HIGHLIGHT *** A vulnerability has been discovered and corrected. It is registered as CVE-2022-37026 "Client Authentication Bypass". Corrections have been released on the supported tracks with patches 23.3.4.15, 24.3.4.2, and 25.0.2. The vulnerability might also exist in older OTP versions. We recommend that impacted users upgrade to one of these versions or later on the respective tracks. OTP 25.1 would be an even better choice. Impacted are those who are running an ssl/tls/dtls server using the ssl application either directly or indirectly via other applications. For example via inets (httpd), cowboy, etc. Note that the vulnerability only affects servers that request client certification, that is sets the option {verify, verify_peer}. Full runtime dependencies of ssl-10.8.4: crypto-5.0, erts-10.0, inets-5.10.7, kernel-8.4, public_key-1.11.3, runtime_tools-1.15.1, stdlib-4.1 --------------------------------------------------------------------- --- stdlib-4.1 ------------------------------------------------------ --------------------------------------------------------------------- Note! The stdlib-4.1 application *cannot* be applied independently of other applications on an arbitrary OTP 25 installation. On a full OTP 25 installation, also the following runtime dependency has to be satisfied: -- erts-13.1 (first satisfied in OTP 25.1) --- Fixed Bugs and Malfunctions --- OTP-17934 Application(s): erts, kernel, stdlib Related Id(s): PR-6007 Fixed inconsistency bugs in global due to nodeup/nodedown messages not being delivered before/after traffic over connections. Also fixed various other inconsistency bugs and deadlocks in both global_group and global. As building blocks for these fixes, a new BIF erlang:nodes/2 has been introduced and net_kernel:monitor_nodes/2 has been extended. The -hidden and -connect_all command line arguments did not work if multiple instances were present on the command line which has been fixed. The new kernel parameter connect_all has also been introduced in order to replace the -connect_all command line argument. OTP-18139 Application(s): stdlib Related Id(s): PR-6060 Fix the public_key:ssh* functions to be listed under the correct release in the Removed Functionality User's Guide. OTP-18142 Application(s): stdlib Related Id(s): PR-6078 The type spec for format_status/1 in gen_statem, gen_server and gen_event has been corrected to state that the return value is of the same type as the argument (instead of the same value as the argument). OTP-18146 Application(s): stdlib Related Id(s): PR-5983 If the timer server child spec was already present in kernel_sup but it was not started, the timer server would fail to start with an {error, already_present} error instead of restarting the server. OTP-18239 Application(s): stdlib *** POTENTIAL INCOMPATIBILITY *** When changing callback module in gen_statem the state_enter calls flag from the old module was used in for the first event in the new module, which could confuse the new module and cause malfunction. This bug has been corrected. With this change some sys debug message formats have been modified, which can be a problem for debug code relying on the format. --- Improvements and New Features --- OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl Related Id(s): PR-5965 There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications. OTP-18166 Application(s): stdlib Related Id(s): PR-6108 The rfc339_to_system_time/1,2 functions now allows the minutes part to be omitted from the time zone. OTP-18194 Application(s): stdlib Related Id(s): PR-6199 The receive statement in gen_event has been optimized to not use selective receive (which was never needed, and could cause severe performance degradation under heavy load). OTP-18199 Application(s): erts, stdlib Related Id(s): PR-5790 Add new API function erl_features:configurable/0 Full runtime dependencies of stdlib-4.1: compiler-5.0, crypto-4.5, erts-13.1, kernel-8.4, sasl-3.0 --------------------------------------------------------------------- --- xmerl-1.3.30 ---------------------------------------------------- --------------------------------------------------------------------- The xmerl-1.3.30 application can be applied independently of other applications on a full OTP 25 installation. --- Improvements and New Features --- OTP-18165 Application(s): asn1, compiler, diameter, megaco, otp, parsetools, stdlib, xmerl Related Id(s): PR-5965 There is a new configure option, --enable-deterministic-build, which will apply the deterministic compiler option when building Erlang/OTP. The deterministic option has been improved to eliminate more sources of non-determinism in several applications. Full runtime dependencies of xmerl-1.3.30: erts-6.0, kernel-3.0, stdlib-2.5 --------------------------------------------------------------------- --------------------------------------------------------------------- ---------------------------------------------------------------------