Update dependency erlang to v23.3.4

[renovate]

This PR contains the following updates:

Package	Update	Change
erlang	minor	23.1 -> 23.3.4

---

Release Notes

erlang/otp (erlang)

v23.3.4: OTP 23.3.4

Compare Source

v23.3.3: OTP 23.3.3

Compare Source

Patch Package:           OTP 23.3.3
Git Tag:                 OTP-23.3.3
Date:                    2021-05-06
Trouble Report Id:       OTP-16607, OTP-16930, OTP-17347, OTP-17357,
                         OTP-17358, OTP-17361
Seq num:                 ERL-1371, ERL-1439, ERL-ERL-610, GH-3480,
                         GH-4396, GH-4774
System:                  OTP
Release:                 23
Application:             common_test-1.20.2, compiler-7.6.8,
                         erl_interface-4.0.3, kernel-7.3.1,
                         runtime_tools-1.16.1
Predecessor:             OTP 23.3.2

 Check out the git tag OTP-23.3.3, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- common_test-1.20.2 ----------------------------------------------
 ---------------------------------------------------------------------

 The common_test-1.20.2 application can be applied independently of
 other applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17347    Application(s): common_test
               Related Id(s): ERL-1439, GH-3480

               Before this change Config leaked between test groups in
               case of a subgroup was skipped (GH-3480).

 Full runtime dependencies of common_test-1.20.2: compiler-6.0,
 crypto-3.6, debugger-4.1, erts-7.0, ftp-1.0.0, inets-6.0, kernel-4.0,
 observer-2.1, runtime_tools-1.8.16, sasl-2.4.2, snmp-5.1.2, ssh-4.0,
 stdlib-3.5, syntax_tools-1.7, tools-2.8, xmerl-1.3.8

 ---------------------------------------------------------------------
 --- compiler-7.6.8 --------------------------------------------------
 ---------------------------------------------------------------------

 The compiler-7.6.8 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17357    Application(s): compiler
               Related Id(s): GH-4774

               Fixed a bug in the validator that could cause it to
               reject valid code.

 Full runtime dependencies of compiler-7.6.8: crypto-3.6, erts-11.0,
 hipe-3.12, kernel-7.0, stdlib-3.13

 ---------------------------------------------------------------------
 --- erl_interface-4.0.3 ---------------------------------------------
 ---------------------------------------------------------------------

 The erl_interface-4.0.3 application can be applied independently of
 other applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17358    Application(s): erl_interface
               Related Id(s): ERL-ERL-610

               Fix bug where sending of large data with
               ei_send_*/ei_rpc with infinite timeout could fail when
               the tcp buffer becomes full.

               Fault has existed since OTP-21.

 --- Known Bugs and Problems ---

  OTP-16607    Application(s): erl_interface
               Related Id(s): OTP-16608

               The ei API for decoding/encoding terms is not fully
               64-bit compatible since terms that have a
               representation on the external term format larger than
               2 GB cannot be handled.

 ---------------------------------------------------------------------
 --- kernel-7.3.1 ----------------------------------------------------
 ---------------------------------------------------------------------

 The kernel-7.3.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17361    Application(s): kernel

               A bug in the Erlang DNS resolver has been fixed, where
               it could be made to bring down the kernel supervisor
               and thereby the whole node, when getting an incorrect
               (IN A reply to an IN CNAME query) reply from the DNS
               server and used the reply record's value without
               verifying its type.

 Full runtime dependencies of kernel-7.3.1: erts-11.0, sasl-3.0,
 stdlib-3.13

 ---------------------------------------------------------------------
 --- runtime_tools-1.16.1 --------------------------------------------
 ---------------------------------------------------------------------

 The runtime_tools-1.16.1 application can be applied independently of
 other applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-16930    Application(s): runtime_tools
               Related Id(s): ERL-1371, GH-4396

               The function dbg:n/1 used a local fun to set up a
               tracer on a remote node. This works fine as long as the
               remote node is running exactly the same version of
               Erlang/OTP but does not work at all otherwise. This is
               fixed by exporting the relevant function and by calling
               this function on the remote node to set up remote
               tracing.

 Full runtime dependencies of runtime_tools-1.16.1: erts-11.0,
 kernel-7.0, mnesia-4.12, stdlib-3.13

 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------

v23.3.2: OTP 23.3.2

Compare Source

Patch Package:           OTP 23.3.2
Git Tag:                 OTP-23.3.2
Date:                    2021-04-27
Trouble Report Id:       OTP-17227, OTP-17291, OTP-17295, OTP-17296,
                         OTP-17297, OTP-17298, OTP-17299, OTP-17306,
                         OTP-17307, OTP-17308, OTP-17328, OTP-17348,
                         OTP-17349
Seq num:                 ERIERL-506, ERIERL-607, ERIERL-631,
                         ERIERL-641, GH-4514, GH-4682, GH-4687,
                         GH-4710
System:                  OTP
Release:                 23
Application:             asn1-5.0.15, common_test-1.20.1, erts-11.2.1,
                         ssl-10.3.1, stdlib-3.14.2, xmerl-1.3.27
Predecessor:             OTP 23.3.1

 Check out the git tag OTP-23.3.2, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- asn1-5.0.15 -----------------------------------------------------
 ---------------------------------------------------------------------

 The asn1-5.0.15 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17227    Application(s): asn1
               Related Id(s): GH-4514

               A parameterized type with a SEQUENCE with extension
               ("...") made the compiler backend to crash.

  OTP-17306    Application(s): asn1
               Related Id(s): ERIERL-506

               For JER encoding rules an INTEGER value outside the
               declared range is now reported as error during decode.

 --- Improvements and New Features ---

  OTP-17297    Application(s): asn1
               Related Id(s): ERIERL-607

               For the JER encoding rules, the declared order of the
               fields in a SEQUENCE is now maintained in the resulting
               JSON object. Previously a map was used which caused an
               undefined order of the fields which was not friendly
               for debugging.

 Full runtime dependencies of asn1-5.0.15: erts-7.0, kernel-3.0,
 stdlib-2.0

 ---------------------------------------------------------------------
 --- common_test-1.20.1 ----------------------------------------------
 ---------------------------------------------------------------------

 The common_test-1.20.1 application can be applied independently of
 other applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17328    Application(s): common_test
               Related Id(s): ERIERL-631

               A race condition could cause ct_netconfc:open/* to
               return a disfunctional handle, resulting in errors when
               invoking other api functions on it, and making it
               impossible to establish a new connection to the server
               in question. Similar symptoms were possible with open/*
               in modules ct_ssh and ct_telnet.

               Internal messages from common_test processes could be
               left in the caller's message queue after a timeout when
               invoking call/* in modules ct_netconfc and ct_ssh. An
               internal process used by module ct_telnet could leak
               memory due to stray messages.

               Calls to ct_telnet:open/* and ct_telnet:get_data/1
               could hang indefinitely if the TCP connection to the
               server was lost.

 Full runtime dependencies of common_test-1.20.1: compiler-6.0,
 crypto-3.6, debugger-4.1, erts-7.0, ftp-1.0.0, inets-6.0, kernel-4.0,
 observer-2.1, runtime_tools-1.8.16, sasl-2.4.2, snmp-5.1.2, ssh-4.0,
 stdlib-3.5, syntax_tools-1.7, tools-2.8, xmerl-1.3.8

 ---------------------------------------------------------------------
 --- erts-11.2.1 -----------------------------------------------------
 ---------------------------------------------------------------------

 The erts-11.2.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17291    Application(s): erts

               The following signals could pass before other signals
               from the same sender to the same receiver. That is,
               these signals could arrive too early.

               -- garbage-collect request. Sent from one process to
               another using one of the garbage_collect() BIFs.

               -- check-process-code request. Sent from one process to
               another using one of the check_process_code() BIFs.

               -- is-process-alive reply. Sent as a response to a
               process calling the is_process_alive() BIF.

               -- process-info reply. Sent as a response to a process
               calling one of the process_info() BIFs.

               -- port-command reply. Sent as a response to a process
               calling one of the port_command() BIFs.

               -- port-connect reply. Sent as a response to a process
               calling the port_connect() BIF.

               -- port-close reply. Sent as a response to a process
               calling the port_close() BIF.

               -- port-control reply. Sent as a response to a process
               calling the port_control() BIF.

               -- port-call reply. Sent as a response to a process
               calling the port_call() BIF.

               -- port-info reply. Sent as a response to a process
               calling one of the port_info() BIFs.

  OTP-17298    Application(s): erts

               Fix bug in persistent_term:get/0 and info/0 that could
               cause VM crash in rare cases. Bug exists since OTP
               23.0.

  OTP-17299    Application(s): erts
               Related Id(s): GH-4710

               Fixed a bug in zlib where decompression would crash
               with data_error on some valid inputs.

  OTP-17307    Application(s): erts

               A garbage collection of a literal area missed messages
               that entirely consisted of a term in a literal area.
               This could in turn lead to a crash of the runtime
               system.

  OTP-17349    Application(s): erts

               A call to process_flag(message_queue_data, off_heap)
               could cause a crash of the runtime system when
               sequential tracing was enabled.

 Full runtime dependencies of erts-11.2.1: kernel-7.0, sasl-3.3,
 stdlib-3.13

 ---------------------------------------------------------------------
 --- ssl-10.3.1 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssl-10.3.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17296    Application(s): ssl
               Related Id(s): GH-4682

               Retain backwards compatible behavior of verify_fun when
               handling incomplete chains that are not verifiable.

  OTP-17348    Application(s): ssl
               Related Id(s): ERIERL-641

               Avoid server session handler crash, this will increase
               session ruse opportunities.

 Full runtime dependencies of ssl-10.3.1: crypto-4.2, erts-10.0,
 inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.12

 ---------------------------------------------------------------------
 --- stdlib-3.14.2 ---------------------------------------------------
 ---------------------------------------------------------------------

 The stdlib-3.14.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17295    Application(s): stdlib
               Related Id(s): GH-4687

               Dictionaries that have become zipped by the zip module
               did not get executable permission (for the file owner)
               which makes the files inside the dictionary
               inaccessible. This is fixed by giving dictionaries
               inside a zip archive XRW permission.

 Full runtime dependencies of stdlib-3.14.2: compiler-5.0, crypto-3.3,
 erts-11.0, kernel-7.0, sasl-3.0

 ---------------------------------------------------------------------
 --- xmerl-1.3.27 ----------------------------------------------------
 ---------------------------------------------------------------------

 The xmerl-1.3.27 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17308    Application(s): xmerl

               Fixed the bug that Xmerl SAX parser couldn't handle
               files ending with a ^M.

 Full runtime dependencies of xmerl-1.3.27: erts-6.0, kernel-3.0,
 stdlib-2.5

 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------

v23.3.1: OTP 23.3.1

Compare Source

Patch Package:           OTP 23.3.1
Git Tag:                 OTP-23.3.1
Date:                    2021-03-30
Trouble Report Id:       OTP-17279
Seq num:                
System:                  OTP
Release:                 23
Application:             ssh-4.11.1
Predecessor:             OTP 23.3

 Check out the git tag OTP-23.3.1, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- ssh-4.11.1 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssh-4.11.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17279    Application(s): ssh

               The idle_time timer was not cancelled when a channel
               was opened within the timeout time on an empty
               connection that have had channels previously.

 Full runtime dependencies of ssh-4.11.1: crypto-4.6.4, erts-9.0,
 kernel-5.3, public_key-1.6.1, stdlib-3.4.1

v23.3: OTP 23.3

Compare Source

Erlang/OTP 23.3 is the third maintenance patch release for OTP 23, with mostly bug fixes as well as a few improvements.

A full list of bug fixes and improvements in the readme.

Download and documentation

Online documentation can be browsed here:
https://erlang.org/documentation/doc-11.2/doc

Pre-built versions for Windows can be fetched here:
https://erlang.org/download/otp_win32\_23.3.exe\
https://erlang.org/download/otp_win64\_23.3.exe

The Erlang/OTP source can also be found at GitHub on the official Erlang repository:
https://github.com/erlang/otp

v23.2.7: OTP 23.2.7

Compare Source

Patch Package:           OTP 23.2.7
Git Tag:                 OTP-23.2.7
Date:                    2021-03-03
Trouble Report Id:       OTP-12960, OTP-17228
Seq num:                 ERIERL-598, ERIERL-614
System:                  OTP
Release:                 23
Application:             kernel-7.2.1, ssl-10.2.4
Predecessor:             OTP 23.2.6

 Check out the git tag OTP-23.2.7, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- kernel-7.2.1 ----------------------------------------------------
 ---------------------------------------------------------------------

 The kernel-7.2.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-12960    Application(s): kernel
               Related Id(s): ERIERL-598, PR-4509

               When using the DNS resolver option
               servfail_retry_timeout it did not honour the overall
               call time-out in e.g inet_res:getbyname/3. This
               misbehaviour has now been fixed. Also, the
               servfail_retry_timeout behaviour has been improved to
               only be enforced for servers that gives a servfail
               answer.

 Full runtime dependencies of kernel-7.2.1: erts-11.0, sasl-3.0,
 stdlib-3.13

 ---------------------------------------------------------------------
 --- ssl-10.2.4 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssl-10.2.4 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17228    Application(s): ssl
               Related Id(s): ERIERL-614

               Enhance logging option log_level to support none and
               all, also restore backwards compatibility for log_alert
               option.

 Full runtime dependencies of ssl-10.2.4: crypto-4.2, erts-10.0,
 inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.12

 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------

v23.2.6: OTP 23.2.6

Compare Source

Patch Package:           OTP 23.2.6
Git Tag:                 OTP-23.2.6
Date:                    2021-02-25
Trouble Report Id:       OTP-17173, OTP-17205, OTP-17220
Seq num:                 ERIERL-581, ERIERL-608
System:                  OTP
Release:                 23
Application:             inets-7.3.2, ssh-4.10.8
Predecessor:             OTP 23.2.5

 Check out the git tag OTP-23.2.6, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- inets-7.3.2 -----------------------------------------------------
 ---------------------------------------------------------------------

 The inets-7.3.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17205    Application(s): inets
               Related Id(s): ERIERL-608

               Solves CVE-2021-27563, that is make sure no form of
               relative path can be used to go outside webservers
               directory.

  OTP-17220    Application(s): inets

               Make sure HEAD requests rejects directory links

 Full runtime dependencies of inets-7.3.2: erts-6.0, kernel-3.0,
 mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5

 ---------------------------------------------------------------------
 --- ssh-4.10.8 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssh-4.10.8 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17173    Application(s): ssh
               Related Id(s): ERIERL-581

               Don't timeout slow connection setups and tear-downs. A
               rare crash risk for the controller is also removed.

 Full runtime dependencies of ssh-4.10.8: crypto-4.6.4, erts-9.0,
 kernel-5.3, public_key-1.6.1, stdlib-3.4.1

 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------

v23.2.5: OTP 23.2.5

Compare Source

Patch Package:           OTP 23.2.5
Git Tag:                 OTP-23.2.5
Date:                    2021-02-16
Trouble Report Id:       OTP-17185, OTP-17190, OTP-17191
Seq num:                 ERIERL-606, ERL-1476, GH-4192
System:                  OTP
Release:                 23
Application:             erts-11.1.8, ssl-10.2.3, tools-3.4.3
Predecessor:             OTP 23.2.4

 Check out the git tag OTP-23.2.5, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- erts-11.1.8 -----------------------------------------------------
 ---------------------------------------------------------------------

 The erts-11.1.8 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17185    Application(s): erts

               Fixed a bug that could cause some work scheduled for
               execution on scheduler threads to be delayed until
               other similar work appeared. Beside delaying various
               cleanup of internal data structures also the following
               could be delayed:

               -- Termination of a distribution controller process

               -- Disabling of the distribution on a node

               -- Gathering of memory allocator information using the
               instrument module

               -- Enabling, disabling, and gathering of msacc
               information

               -- Delivery of 'CHANGE' messages when time offset is
               monitored

               -- A call to erlang:cancel_timer()

               -- A call to erlang:read_timer()

               -- A call to erlang:statistics(io | garbage_collection
               | scheduler_wall_time)

               -- A call to ets:all()

               -- A call to erlang:memory()

               -- A call to erlang:system_info({allocator |
               allocator_sizes, _})

               -- A call to erlang:trace_delivered()

               The bug existed on runtime systems running on all types
               of hardware except for x86/x86_64.

 Full runtime dependencies of erts-11.1.8: kernel-7.0, sasl-3.3,
 stdlib-3.13

 ---------------------------------------------------------------------
 --- ssl-10.2.3 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssl-10.2.3 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17190    Application(s): ssl
               Related Id(s): ERIERL-606

               Avoid race when the first two upgrade server handshakes
               (that is servers that use a gen_tcp socket as input to
               ssl:handshake/2,3) start close to each other. Could
               lead to that one of the handshakes would fail.

 Full runtime dependencies of ssl-10.2.3: crypto-4.2, erts-10.0,
 inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.12

 ---------------------------------------------------------------------
 --- tools-3.4.3 -----------------------------------------------------
 ---------------------------------------------------------------------

 The tools-3.4.3 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17191    Application(s): tools
               Related Id(s): ERL-1476, GH-4192, OTP-16922

               Correct the Xref analysis undefined_functions to not
               report internally generated behaviour_info/1.

 Full runtime dependencies of tools-3.4.3: compiler-5.0, erts-11.0,
 erts-9.1, kernel-5.4, runtime_tools-1.8.14, stdlib-3.4

 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------

v23.2.4: OTP 23.2.4

Compare Source

Patch Package:           OTP 23.2.4
Git Tag:                 OTP-23.2.4
Date:                    2021-02-04
Trouble Report Id:       OTP-16239, OTP-17139, OTP-17161, OTP-17174
Seq num:                 ERIERL-597, ERL-1458
System:                  OTP
Release:                 23
Application:             snmp-5.7.3, ssl-10.2.2
Predecessor:             OTP 23.2.3

 Check out the git tag OTP-23.2.4, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- snmp-5.7.3 ------------------------------------------------------
 ---------------------------------------------------------------------

 The snmp-5.7.3 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17161    Application(s): snmp

               [manager] In a function handling snmp errors, an unused
               result (_Error) could result in matching issues and
               therefor case clause runtime errors (crash). Note that
               this would only happen in *very* unusual error cases.

 Full runtime dependencies of snmp-5.7.3: crypto-3.3, erts-6.0,
 kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5

 ---------------------------------------------------------------------
 --- ssl-10.2.2 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssl-10.2.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17139    Application(s): ssl
               Related Id(s): ERL-1458, OTP-16239

               Avoid that upgrade (from TCP to TLS) servers starts
               multiple session cache handlers for the same server.
               This applies to Erlang distribution over TLS servers.

  OTP-17174    Application(s): ssl
               Related Id(s): ERIERL-597

               Legacy cipher suites defined before TLS-1.2 (but still
               supported) should be possible to use in TLS-1.2. They
               where accidentally excluded for available cipher suites
               for TLS-1.2 in OTP-23.2.2.

 --- Improvements and New Features ---

  OTP-16239    Application(s): ssl
               Related Id(s): ERL-1458, OTP-17139

               Enable Erlang distribution over TLS to run TLS-1.3,
               although TLS-1.2 will still be default.

 Full runtime dependencies of ssl-10.2.2: crypto-4.2, erts-10.0,
 inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.12

 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------

v23.2.3: OTP 23.2.3

Compare Source

Patch Package:           OTP 23.2.3
Git Tag:                 OTP-23.2.3
Date:                    2021-01-20
Trouble Report Id:       OTP-17097, OTP-17107, OTP-17108, OTP-17110
Seq num:                 ERIERL-586, ERL-1442
System:                  OTP
Release:                 23
Application:             crypto-4.8.3, erts-11.1.7, snmp-5.7.2,
                         ssh-4.10.7
Predecessor:             OTP 23.2.2

 Check out the git tag OTP-23.2.3, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- crypto-4.8.3 ----------------------------------------------------
 ---------------------------------------------------------------------

 The crypto-4.8.3 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17107    Application(s): crypto

               Adding missing flag in BN-calls in SRP.

 Full runtime dependencies of crypto-4.8.3: erts-9.0, kernel-5.3,
 stdlib-3.4

 ---------------------------------------------------------------------
 --- erts-11.1.7 -----------------------------------------------------
 ---------------------------------------------------------------------

 The erts-11.1.7 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Improvements and New Features ---

  OTP-17097    Application(s): erts

               Make windows installer remove write access rights for
               non admin users when installing to a non default
               directory. Reduces the risk for DLL sideloading, but
               the user should always be aware of the access rights
               for the installation.

 Full runtime dependencies of erts-11.1.7: kernel-7.0, sasl-3.3,
 stdlib-3.13

 ---------------------------------------------------------------------
 --- snmp-5.7.2 ------------------------------------------------------
 ---------------------------------------------------------------------

 The snmp-5.7.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17110    Application(s): snmp
               Related Id(s): ERIERL-586

               [manager] Misspelled priv protocol (atom) made it
               impossible to update usm user 'priv_key' configuration
               for usmAesCfb128Protocol via function calls.

 Full runtime dependencies of snmp-5.7.2: crypto-3.3, erts-6.0,
 kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5

 ---------------------------------------------------------------------
 --- ssh-4.10.7 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssh-4.10.7 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17108    Application(s): ssh
               Related Id(s): ERL-1442

               The SSH daemon erroneously replaced LF with CRLF also
               when there was no pty requested from the server.

 Full runtime dependencies of ssh-4.10.7: crypto-4.6.4, erts-9.0,
 kernel-5.3, public_key-1.6.1, stdlib-3.4.1

 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------

v23.2.2: OTP 23.2.2

Compare Source

Patch Package:           OTP 23.2.2
Git Tag:                 OTP-23.2.2
Date:                    2021-01-15
Trouble Report Id:       OTP-16607, OTP-17080, OTP-17088, OTP-17093,
                         OTP-17098, OTP-17099, OTP-17100
Seq num:                 ERIERL-580, ERIERL-585, ERL-1447
System:                  OTP
Release:                 23
Application:             crypto-4.8.2, erl_interface-4.0.2,
                         erts-11.1.6, megaco-3.19.5, odbc-2.13.2,
                         snmp-5.7.1, ssl-10.2.1
Predecessor:             OTP 23.2.1

 Check out the git tag OTP-23.2.2, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- OTP-23.2.2 ------------------------------------------------------
 ---------------------------------------------------------------------

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.

 ---------------------------------------------------------------------
 --- crypto-4.8.2 ----------------------------------------------------
 ---------------------------------------------------------------------

 The crypto-4.8.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.

 Full runtime dependencies of crypto-4.8.2: erts-9.0, kernel-5.3,
 stdlib-3.4

 ---------------------------------------------------------------------
 --- erl_interface-4.0.2 ---------------------------------------------
 ---------------------------------------------------------------------

 The erl_interface-4.0.2 application can be applied independently of
 other applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17099    Application(s): erl_interface
               Related Id(s): ERIERL-585

               Integers outside of the range [-(1 bsl 32) - 1, (1 bsl
               32) -1] were previously intended to be printed in an
               internal bignum format by ei_print_term() and
               ei_s_print_term(). Unfortunately the implementation has
               been buggy since OTP R13B02 and since then produced
               results with random content which also could crash the
               calling program.

               This fix replaces the printing of the internal format
               with printing in hexadecimal form and extend the range
               for printing in decimal form. Currently integers in the
               range [-(1 bsl 64), (1 bsl 64)] are printed in decimal
               form and integers outside of this range in Erlang
               hexadecimal form.

 --- Known Bugs and Problems ---

  OTP-16607    Application(s): erl_interface
               Related Id(s): OTP-16608

               The ei API for decoding/encoding terms is not fully
               64-bit compatible since terms that have a
               representation on the external term format larger than
               2 GB cannot be handled.

 ---------------------------------------------------------------------
 --- erts-11.1.6 -----------------------------------------------------
 ---------------------------------------------------------------------

 The erts-11.1.6 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17080    Application(s): erts

               The suspend_process() and resume_process() BIFs did not
               check their arguments properly which could cause an
               emulator crash.

  OTP-17088    Application(s): erts
               Related Id(s): ERIERL-580

               The runtime system would get into an infinite loop if
               the runtime system was started with more than 1023 file
               descriptors already open.

 Full runtime dependencies of erts-11.1.6: kernel-7.0, sasl-3.3,
 stdlib-3.13

 ---------------------------------------------------------------------
 --- megaco-3.19.5 ---------------------------------------------------
 ---------------------------------------------------------------------

 The megaco-3.19.5 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.

 Full runtime dependencies of megaco-3.19.5: asn1-3.0, debugger-4.0,
 erts-7.0, et-1.5, kernel-3.0, runtime_tools-1.8.14, stdlib-2.5

 ---------------------------------------------------------------------
 --- odbc-2.13.2 -----------------------------------------------------
 ---------------------------------------------------------------------

 The odbc-2.13.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.

 Full runtime dependencies of odbc-2.13.2: erts-6.0, kernel-3.0,
 stdlib-2.0

 ---------------------------------------------------------------------
 --- snmp-5.7.1 ------------------------------------------------------
 ---------------------------------------------------------------------

 The snmp-5.7.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17093    Application(s): crypto, megaco, odbc, otp, snmp
               Related Id(s): ERL-1447, PR-2948

               Fixed usage of AC_CONFIG_AUX_DIRS() macros in configure
               script sources.

 Full runtime dependencies of snmp-5.7.1: crypto-3.3, erts-6.0,
 kernel-3.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-2.5

 ---------------------------------------------------------------------
 --- ssl-10.2.1 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssl-10.2.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-17098    Application(s): ssl

               Fix CVE-2020-35733 this only affects ssl-10.2
               (OTP-23.2). This vulnerability could enable a man in
               the middle attack using a fake chain to a known trusted
               ROOT. Also limits alternative chain handling, for
               handling of possibly extraneous certs, to improve
               memory management.

 --- Improvements and New Features ---

  OTP-17100    Application(s): ssl

               Add support for AES CCM based cipher suites defined in
               RFC 7251

               Also Correct cipher suite name conversion to OpenSSL
               names. A few names where corrected earlier in OTP-16267
               For backwards compatible reasons we support usage of
               openSSL names for cipher suites. Mostly anonymous
               suites names where incorrect, but also some legacy
               suites.

 Full runtime dependencies of ssl-10.2.1: crypto-4.2, erts-10.0,
 inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.12

 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------

v23.2.1: OTP 23.2.1

Compare Source

v23.2: OTP 23.2

Compare Source

Erlang/OTP 23.2 is the second maintenance patch release for OTP 23, with mostly bug fixes as well as a few improvements.

A few of the changes and highlights are:

SSL

Handle extraneous certs in certificate chains as well as chains that are incomplete but can be reconstructed or unordered chains. The cert and certfile options will now accept a list of certificates so that the user may specify the chain explicitly.

Potential incompatibility

stdlib

Improved the API and documentation of the uri_string module. Added a new chapter to the Users Guide about Uniform Resource Identifiers and their handling with the new API. Added two new API functions: uri_string:allowed_characters/0 and uri_string:percent_decode/1.

This change has been marked as potentially incompatible as uri_string:normalize/2 used to decode percent-encoded character triplets that corresponded to characters not in the reserved set. After this change, uri_string:normalize/2 will only decode those percent-encoded triplets that correspond to characters in the unreserved set (ALPHA / DIGIT / "-" / "." / "_" / "~").

A full list of bug fixes and improvements in the readme.

Download and documentation

Online documentation can be browsed here:
https://erlang.org/documentation/doc-11.1.4/doc

Pre-built versions for Windows can be fetched here:
https://erlang.org/download/otp_win32\_23.2.exe\
https://erlang.org/download/otp_win64\_23.2.exe

The Erlang/OTP source can also be found at GitHub on the official Erlang repository:
https://github.com/erlang/otp

v23.1.5: OTP 23.1.5

Compare Source

v23.1.4: OTP 23.1.4

Compare Source

v23.1.3: OTP 23.1.3

Compare Source

v23.1.2: OTP 23.1.2

Compare Source

v23.1.1: OTP 23.1.1

Compare Source

Patch Package:           OTP 23.1.1
Git Tag:                 OTP-23.1.1
Date:                    2020-10-02
Trouble Report Id:       OTP-16847, OTP-16856, OTP-16870, OTP-16874,
                         OTP-16892, OTP-16895, OTP-16902, OTP-16903,
                         OTP-16904, OTP-16906
Seq num:                 ERIERL-532, ERIERL-534, ERL-1301, ERL-1356,
                         ERL-1359, ERL-1362
System:                  OTP
Release:                 23
Application:             compiler-7.6.4, erts-11.1.1, os_mon-2.6.1,
                         public_key-1.9.1, ssh-4.10.2
Predecessor:             OTP 23.1

 Check out the git tag OTP-23.1.1, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- OTP-23.1.1 ------------------------------------------------------
 ---------------------------------------------------------------------

 --- Fixed Bugs and Malfunctions ---

  OTP-16903    Application(s): otp
               Related Id(s): ERL-1362

               Fixed the missing redistribution file in the windows
               installers.

 ---------------------------------------------------------------------
 --- compiler-7.6.4 --------------------------------------------------
 ---------------------------------------------------------------------

 The compiler-7.6.4 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-16895    Application(s): compiler
               Related Id(s): ERL-1359

               Fixed a performance bug that could be triggered by
               tuple matching in very large functions.

 Full runtime dependencies of compiler-7.6.4: crypto-3.6, erts-11.0,
 hipe-3.12, kernel-7.0, stdlib-3.13

 ---------------------------------------------------------------------
 --- erts-11.1.1 -----------------------------------------------------
 ---------------------------------------------------------------------

 The erts-11.1.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-16847    Application(s): erts
               Related Id(s): ERL-1301

               inet:setopts([{active,once}]) wakes up IO polling
               thread unnecessarily, leading to lock contention and
               visibly higher CPU utilization.

  OTP-16870    Application(s): erts

               Two bugs in the ERTS internal thread wakeup
               functionality have been fixed. These bugs mainly hit
               when all threads in the system tried to go to sleep.
               When the bugs were triggered, certain operations were
               delayed until a thread woke up due to some other
               reason. Most important operations effected were code
               loading, persistent term updates, and memory
               deallocation.

  OTP-16874    Application(s): erts
               Related Id(s): ERL-1356, PR-2763

               Fixed bug in ets:select_replace/2 on compressed tables
               that could produce faulty results or VM crash. Bug
               exists since OTP 20.

  OTP-16892    Application(s): erts

               When compiling Erlang/OTP on macOS using Xcode 12, the
               performance of the BEAM interpreter would be degraded.

 --- Improvements and New Features ---

  OTP-16856    Application(s): erts

               As of OTP 22, the allocator specific memory carrier
               pools were replaced by a node global carrier pool. This
               unfortunately caused substantial memory fragmentation
               in some cases due to long lived data being spread into
               carriers used by allocators mainly handling short lived
               data.

               A new command line argument +M<S>cp has been introduced
               with which one can enable the old behavior as well as
               configuring other behaviors for the carrier pools. In
               order to configure the old behavior, with allocator
               specific carrier pools for all allocators, pass +Mucp :
               (including the colon character) as a command line
               argument to erl when starting the Erlang system.

               The default configuration for carrier pools will be
               changed to +Mucp : some time in the future, but not in
               this patch.

 Full runtime dependencies of erts-11.1.1: kernel-7.0, sasl-3.3,
 stdlib-3.13

 ---------------------------------------------------------------------
 --- os_mon-2.6.1 ----------------------------------------------------
 ---------------------------------------------------------------------

 The os_mon-2.6.1 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Improvements and New Features ---

  OTP-16906    Application(s): os_mon
               Related Id(s): ERIERL-532

               The configuration parameter
               memsup_improved_system_memory_data has been introduced.
               It can be used to modify the result returned by
               memsup:get_system_memory_data(). For more information
               see the memsup documentation.

               Note that the configuration parameter is intended to be
               removed in OTP 24 and the modified result is intended
               to be used as of OTP 24.

 Full runtime dependencies of os_mon-2.6.1: erts-6.0, kernel-3.0,
 sasl-2.4, stdlib-2.0

 ---------------------------------------------------------------------
 --- public_key-1.9.1 ------------------------------------------------
 ---------------------------------------------------------------------

 The public_key-1.9.1 application can be applied independently of
 other applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-16902    Application(s): public_key
               Related Id(s): ERIERL-534

               Fix the issue that pem_decode will crash with an
               invalid input.

 Full runtime dependencies of public_key-1.9.1: asn1-3.0, crypto-3.8,
 erts-6.0, kernel-3.0, stdlib-3.5

 ---------------------------------------------------------------------
 --- ssh-4.10.2 ------------------------------------------------------
 ---------------------------------------------------------------------

 The ssh-4.10.2 application can be applied independently of other
 applications on a full OTP 23 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-16904    Application(s): ssh

               Fix decoder bug.

 Full runtime dependencies of ssh-4.10.2: crypto-4.6.4, erts-9.0,
 kernel-5.3, public_key-1.6.1, stdlib-3.4.1

 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.