Patch Package: OTP 23.3.4.19
Git Tag: OTP-23.3.4.19
Date: 2023-06-08
Trouble Report Id: OTP-18321, OTP-18325, OTP-18365, OTP-18388,
OTP-18421, OTP-18463, OTP-18470, OTP-18525,
OTP-18570, OTP-18595
Seq num: ERIERL-944, GH-6465, GH-6466, GH-6873
System: OTP
Release: 23
Application: compiler-7.6.9.3, erts-11.2.2.18,
stdlib-3.14.2.3, xmerl-1.3.27.1
Predecessor: OTP 23.3.4.18
Check out the git tag OTP-23.3.4.19, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- compiler-7.6.9.3 ------------------------------------------------
---------------------------------------------------------------------
The compiler-7.6.9.3 application can be applied independently of
other applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18325 Application(s): compiler, stdlib
Related Id(s): GH-6465, GH-6466
It is not allowed to call functions from guards. The
compiler failed to reject a call in a guard when done
by constructing a record with a default initialization
expression that called a function.
OTP-18365 Application(s): compiler
Fixed a bug that could cause legal code to fail
validation.
OTP-18470 Application(s): compiler
Related Id(s): GH-6873, PR-6877
The compiler would generate incorrect code for the
following type of expression:
Pattern = BoundVar1 = . . . = BoundVarN = Expression
An exception should be raised if any of the bound
variables have different values than Expression. The
compiler would generate code that would cause the bound
variables to be bound to the value of Expressionwhether
the value matched or not.
Full runtime dependencies of compiler-7.6.9.3: crypto-3.6, erts-11.0,
hipe-3.12, kernel-7.0, stdlib-3.13
---------------------------------------------------------------------
--- erts-11.2.2.18 --------------------------------------------------
---------------------------------------------------------------------
Note! The erts-11.2.2.18 application *cannot* be applied
independently of other applications on an arbitrary OTP 23
installation.
On a full OTP 23 installation, also the following runtime
dependency has to be satisfied:
-- kernel-7.3.1.5 (first satisfied in OTP 23.3.4.12)
--- Fixed Bugs and Malfunctions ---
OTP-18321 Application(s): erts
Fix list_to_atom/1 for negative code points. Could
either return with a positive code point or fail with
an incorrect exception.
OTP-18388 Application(s): erts
Related Id(s): OTP-17462, PR-6662
A race condition which was very rarely triggered could
cause the signal queue of a process to become
inconsistent causing the runtime system to crash.
OTP-18421 Application(s): erts
Related Id(s): PR-6806
process_info(Pid, status) when Pid /= self() could
return an erroneous result.
OTP-18463 Application(s): erts
Related Id(s): PR-6858
In rare circumstances, when a process exceeded its
allowed heap size set by option max_heap_size, it would
not be killed as it should be, but instead enter a kind
of zombie state it would never get out of.
OTP-18525 Application(s): erts
Related Id(s): PR-7049
Implementations of the call() driver callback that
returned a faulty encoded result could cause a memory
leak and could cause invalid data on the heap of the
processes calling erlang:port_call/3.
OTP-18570 Application(s): erts
Related Id(s): PR-7190
If a runtime system which was starting the distribution
already had existing pids, ports, or references
referring to a node with the same nodename/creation
pair that the runtime system was about to use, these
already existing pids, ports, or references would not
work as expected in various situations after the node
had gone alive. This could only occur if the runtime
system was communicated such pids, ports, or references
prior to the distribution was started. That is, it was
extremely unlikely to happen unless the distribution
was started dynamically and was even then very unlikely
to happen. The runtime system now checks for already
existing pids, ports, and references with the same
nodename/creation pair that it is about to use. If such
are found another creation will be chosen in order to
avoid these issues.
Full runtime dependencies of erts-11.2.2.18: kernel-7.3.1.5,
sasl-3.3, stdlib-3.13
---------------------------------------------------------------------
--- stdlib-3.14.2.3 -------------------------------------------------
---------------------------------------------------------------------
The stdlib-3.14.2.3 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18325 Application(s): compiler, stdlib
Related Id(s): GH-6465, GH-6466
It is not allowed to call functions from guards. The
compiler failed to reject a call in a guard when done
by constructing a record with a default initialization
expression that called a function.
Full runtime dependencies of stdlib-3.14.2.3: compiler-5.0,
crypto-3.3, erts-11.0, kernel-7.0, sasl-3.0
---------------------------------------------------------------------
--- xmerl-1.3.27.1 --------------------------------------------------
---------------------------------------------------------------------
The xmerl-1.3.27.1 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-18595 Application(s): xmerl
Related Id(s): ERIERL-944
New options to xmerl_scan and xmerl_sax_parser so one
can limit the behaviour of the parsers to avoid some
XML security issues.
xmerl_scan gets one new option:
-- {allow_entities, Boolean} -- Gives the possibility
to disallow entities by setting this option to false
(true is default)
xmerl_sax_parser gets the following options:
-- disallow_entities -- Don't allow entities in
document
-- {entity_recurse_limit, N} -- Set a limit on entity
recursion depth (default is 3)
-- {external_entities, AllowedType} -- Specify which
types of external entities that are allowed, this also
affect external DTD's. The types are all(default), file
and none
-- {fail_undeclared_ref, Boolean} -- Sets the behavior
for undeclared references due to an external file is
not parsed (true is default)
The old option skip_external_dtd is still valid and the
same as {external_entities, none} and
{fail_undeclared_ref, false} but just affects DTD's and
not other external references.
Full runtime dependencies of xmerl-1.3.27.1: erts-6.0, kernel-3.0,
stdlib-2.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
2 Likes
OTP 23 is no longer maintained, so this is likely the last patch on OTP 23.
2 Likes