Patch Package OTP 24.3.4.3 Released

Patch Package:           OTP 24.3.4.3
Git Tag:                 OTP-24.3.4.3
Date:                    2022-08-18
Trouble Report Id:       OTP-18044, OTP-18104, OTP-18162, OTP-18164,
                         OTP-18169, OTP-18170, OTP-18172, OTP-18173,
                         OTP-18175, OTP-18177, OTP-18182, OTP-18189,
                         OTP-18190, OTP-18193, OTP-18195, OTP-18197,
                         OTP-18198
Seq num:                 ERIERL-826, ERIERL-829, GH-6122, GH-6129,
                         GH-6163, GH-6165, GH-6185
System:                  OTP
Release:                 24
Application:             compiler-8.1.1.1, crypto-5.0.6.3,
                         erts-12.3.2.3, inets-7.5.3.1, kernel-8.3.2.1,
                         public_key-1.12.0.1, ssl-10.7.3.3
Predecessor:             OTP 24.3.4.2

 Check out the git tag OTP-24.3.4.3, and build a full OTP system
 including documentation. Apply one or more applications from this
 build as patches to your installation using the 'otp_patch_apply'
 tool. For information on install requirements, see descriptions for
 each application version below.

 ---------------------------------------------------------------------
 --- HIGHLIGHTS ------------------------------------------------------
 ---------------------------------------------------------------------

  OTP-18172    Application(s): crypto
               Related Id(s): ERIERL-826

               *** POTENTIAL INCOMPATIBILITY ***

               Changed the behaviour of the engine load/unload
               functions

               The engine load/unload functions have got changed
               semantics to get a more consistent behaviour and work
               correct when variables are garbage collected.

               The load functions now don't register the methods for
               the engine to replace. That will now be handled with
               the new functions engine_register/engine_unregister if
               needed.

               Some functions functions are removed from the
               documentation and therefor the API, but they are left
               in the code for compatibility.

               -- engine_load/4: is now the same as engine_load/3

               -- engine_unload/2: is now the same as engine_unload/1

               -- ensure_engine_loaded/3: is now the same as
               ensure_engine_loaded/2

               -- ensure_engine_unloaded/1, ensure_engine_unloaded/2:
               is now the same as engine_unload/1


 ---------------------------------------------------------------------
 --- POTENTIAL INCOMPATIBILITIES -------------------------------------
 ---------------------------------------------------------------------

  OTP-18172    Application(s): crypto
               Related Id(s): ERIERL-826

               *** HIGHLIGHT ***

               Changed the behaviour of the engine load/unload
               functions

               The engine load/unload functions have got changed
               semantics to get a more consistent behaviour and work
               correct when variables are garbage collected.

               The load functions now don't register the methods for
               the engine to replace. That will now be handled with
               the new functions engine_register/engine_unregister if
               needed.

               Some functions functions are removed from the
               documentation and therefor the API, but they are left
               in the code for compatibility.

               -- engine_load/4: is now the same as engine_load/3

               -- engine_unload/2: is now the same as engine_unload/1

               -- ensure_engine_loaded/3: is now the same as
               ensure_engine_loaded/2

               -- ensure_engine_unloaded/1, ensure_engine_unloaded/2:
               is now the same as engine_unload/1


 ---------------------------------------------------------------------
 --- compiler-8.1.1.1 ------------------------------------------------
 ---------------------------------------------------------------------

 The compiler-8.1.1.1 application can be applied independently of
 other applications on a full OTP 24 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-18162    Application(s): compiler
               Related Id(s): PR-6102

               The bin_opt_info and recv_opt_info options would cause
               the compiler to crash when attempting to compile
               generated code without location information.


  OTP-18182    Application(s): compiler
               Related Id(s): GH-6163

               In rare circumstances involving floating point
               operations, the compiler could terminate with an
               internal consistency check failure.


 Full runtime dependencies of compiler-8.1.1.1: crypto-3.6, erts-11.0,
 kernel-7.0, stdlib-3.13


 ---------------------------------------------------------------------
 --- crypto-5.0.6.3 --------------------------------------------------
 ---------------------------------------------------------------------

 The crypto-5.0.6.3 application can be applied independently of other
 applications on a full OTP 24 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-18172    Application(s): crypto
               Related Id(s): ERIERL-826

               *** HIGHLIGHT ***

               *** POTENTIAL INCOMPATIBILITY ***

               Changed the behaviour of the engine load/unload
               functions

               The engine load/unload functions have got changed
               semantics to get a more consistent behaviour and work
               correct when variables are garbage collected.

               The load functions now don't register the methods for
               the engine to replace. That will now be handled with
               the new functions engine_register/engine_unregister if
               needed.

               Some functions functions are removed from the
               documentation and therefor the API, but they are left
               in the code for compatibility.

               -- engine_load/4: is now the same as engine_load/3

               -- engine_unload/2: is now the same as engine_unload/1

               -- ensure_engine_loaded/3: is now the same as
               ensure_engine_loaded/2

               -- ensure_engine_unloaded/1, ensure_engine_unloaded/2:
               is now the same as engine_unload/1


 Full runtime dependencies of crypto-5.0.6.3: erts-9.0, kernel-5.3,
 stdlib-3.4


 ---------------------------------------------------------------------
 --- erts-12.3.2.3 ---------------------------------------------------
 ---------------------------------------------------------------------

 Note! The erts-12.3.2.3 application *cannot* be applied independently
       of other applications on an arbitrary OTP 24 installation.

       On a full OTP 24 installation, also the following runtime
       dependency has to be satisfied:
       -- kernel-8.3 (first satisfied in OTP 24.3)


 --- Fixed Bugs and Malfunctions ---

  OTP-18104    Application(s): erts
               Related Id(s): OTP-18093

               Fix faulty distribution encoding of terms with either

               -- a fun with bit-string or export-fun in its
               environment when encoded toward a not yet established
               (pending) connection

               -- or a fun with a binary/bitstring, in its
               environment, referring to an off-heap binary (larger
               than 64 bytes).

               The symptom could be failed decoding on the receiving
               side leading to aborted connection. Fix OTP-18093 is a
               workaround for theses bugs that makes the VM accepts
               such faulty encoded funs.

               The first encoding bug toward pending connection exists
               only in OTP 23 and 24, but the second one exists also
               on OTP 25.


  OTP-18164    Application(s): erts
               Related Id(s): PR-6114

               Distributed exit signals could be lost under the
               following conditions:

               -- An exit signal from a parent process to a child
               process was lost if:

               -- the parent process terminated before the spawn
               request that created the child had completed,

               -- the spawn request set up a link between parent and
               child

               -- the spawn request was distributed, and

               -- the exit reason was larger than one machine word.

               -- Loss of a connection over which a not yet completed
               spawn request was ongoing could cause loss of exit
               signals. Such loss of exit signals was very rare.
               Besides the above described connection loss also the
               following conditions had to be satisfied:

               -- The spawn request that was interrupted by the
               connection loss also had to set up a link between the
               parent process and the child process.

               -- The parent process that issued the spawn request
               also had to be terminating while the spawn request was
               interrupted by the connection loss.

               -- The same parent process also had to have made other
               spawn requests to other nodes than to the node to which
               the connection was lost.

               -- These spawn requests to the other nodes also had to
               set up links.

               -- These spawn requests to the other nodes also had to
               be not yet completed at the time of the connection
               loss. That is, the spawn reply from the child process
               had not yet reached the parent process.

               If all the conditions above were met, exit signals to
               the children spawned due to the above described spawn
               requests to other nodes *could* be lost.

               The above bug also caused a significant memory leak
               when it was triggered since the destruction of the
               parent process never completed.


  OTP-18169    Application(s): erts
               Related Id(s): PR-6134

               A race could cause process_info(Pid, message_queue_len)
               on other processes to return invalid results.


  OTP-18170    Application(s): erts
               Related Id(s): PR-6135

               Fixed reduction counting for handling process system
               tasks.


  OTP-18175    Application(s): erts
               Related Id(s): PR-6142

               Priority elevation of terminating processes did not
               work which could cause execution of such processes to
               be delayed.


  OTP-18177    Application(s): erts
               Related Id(s): PR-6150

               An unlink operation made by a process that terminated
               before the unlink operation completed, i.e., before it
               had received an unlink-ack signal from the linked
               process, caused an exit signal to erroneously be sent
               from the terminating process to the process being
               unlinked. This exit signal would most often be ignored
               by the receiver, but if the receiver of the exit signal
               concurrently set up a new link, it could receive the
               exit signal with the actual exit reason of the
               terminating process instead of a noproc exit reason. It
               is however very hard to detect that this has happened
               and has no obvious negative consequences, so it should
               be considered harmless.

               A distributed unlink-ack signal received by a
               terminating process was also not properly removed which
               could cause a minor memory leak.


  OTP-18190    Application(s): erts
               Related Id(s): GH-6185, PR-6209

               The monitor/3 BIF did not apply options to the created
               monitor if the target process or port did not exist.
               That is, the corresponding down message would get a
               `DOWN` tag even if a custom tag had been set, and the
               returned reference was not an alias even if the alias
               option had been passed.


  OTP-18197    Application(s): erts
               Related Id(s): GH-6165, PR-6213

               The erlang:monotonic_time/1, erlang:system_time/1,
               erlang:time_offset/1, and os:system_time/1 BIFs
               erroneously failed when passed the argument native.


 Full runtime dependencies of erts-12.3.2.3: kernel-8.3, sasl-3.3,
 stdlib-3.13


 ---------------------------------------------------------------------
 --- inets-7.5.3.1 ---------------------------------------------------
 ---------------------------------------------------------------------

 The inets-7.5.3.1 application can be applied independently of other
 applications on a full OTP 24 installation.

 --- Improvements and New Features ---

  OTP-18193    Application(s): inets
               Related Id(s): GH-6122

               Remove documentation of no longer supported callback.


 Full runtime dependencies of inets-7.5.3.1: erts-6.0, kernel-3.0,
 mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5


 ---------------------------------------------------------------------
 --- kernel-8.3.2.1 --------------------------------------------------
 ---------------------------------------------------------------------

 Note! The kernel-8.3.2.1 application *cannot* be applied
       independently of other applications on an arbitrary OTP 24
       installation.

       On a full OTP 24 installation, also the following runtime
       dependency has to be satisfied:
       -- erts-12.3 (first satisfied in OTP 24.3)


 --- Fixed Bugs and Malfunctions ---

  OTP-18198    Application(s): kernel
               Related Id(s): GH-6129, PR-6216

               A call to net_kernel:setopts(new, Opts) at the same
               time as a connection was being set up could cause a
               deadlock between the net_kernel process and the process
               setting up the connection.


 Full runtime dependencies of kernel-8.3.2.1: crypto-5.0, erts-12.3,
 sasl-3.0, stdlib-3.13


 ---------------------------------------------------------------------
 --- public_key-1.12.0.1 ---------------------------------------------
 ---------------------------------------------------------------------

 The public_key-1.12.0.1 application can be applied independently of
 other applications on a full OTP 24 installation.

 --- Fixed Bugs and Malfunctions ---

  OTP-18189    Application(s): public_key
               Related Id(s): ERIERL-829

               Correct asn1 typenames available in type
               pki_asn1_type()


 Full runtime dependencies of public_key-1.12.0.1: asn1-3.0,
 crypto-3.8, erts-6.0, kernel-3.0, stdlib-3.5


 ---------------------------------------------------------------------
 --- ssl-10.7.3.3 ----------------------------------------------------
 ---------------------------------------------------------------------

 Note! The ssl-10.7.3.3 application *cannot* be applied independently
       of other applications on an arbitrary OTP 24 installation.

       On a full OTP 24 installation, also the following runtime
       dependency has to be satisfied:
       -- public_key-1.11.3 (first satisfied in OTP 24.1.2)


 --- Fixed Bugs and Malfunctions ---

  OTP-18044    Application(s): ssl

               Reject unexpected application data in all relevant
               places for all TLS versions. Also, handle TLS-1.3
               middlebox compatibility with more care. This will make
               malicious connections fail early and further, mitigate
               possible DoS attacks, that would be caught by the
               handshake timeout.

               Thanks to Aina Toky Rasoamanana and Olivier Levillain
               from Télécom SudParis for alerting us of the issues in
               our implementation.


  OTP-18173    Application(s): ssl

               The link to crypto:engine_load refered the function
               with wrong arity.


  OTP-18195    Application(s): ssl

               Make sure periodical refresh of CA certificate files
               repopulates cache properly.


 Full runtime dependencies of ssl-10.7.3.3: crypto-5.0, erts-10.0,
 inets-5.10.7, kernel-8.0, public_key-1.11.3, runtime_tools-1.15.1,
 stdlib-3.12


 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
 ---------------------------------------------------------------------
2 Likes