erlang-18.3.4.7-9.1

- Update to 18.3.4.7:
  * ssl: An erlang TLS server configured with cipher suites using
    rsa key exchange, may be vulnerable to ani Adaptive Chosen
    Ciphertext attack (AKA Bleichenbacheri attack) against RSA,
    which when exploited, may resulti in plaintext recovery of
    encrypted messages and/or ai Man-in-the-middle (MiTM) attack,
    despite the attackeri not having gained access to the server?s
    private key itself. CVE-2017-1000385
    Exploiting this vulnerability to perform plaintext recovery of
    encrypted messages will, in most practical cases, allow an
    attacker to read the plaintext only after the session has
    completed. Only TLS sessions established using RSA key exchange
    are vulnerable to this attack.
    Exploiting this vulnerability to conduct a MiTM attack requires
    the attacker to complete the initial attack, which may require
    thousands of server requests, during the handshake phase of the
    targeted session within the window of the configured handshake
    timeout. This attack may be conducted against any TLS session
    using RSA signatures, but only if cipher suites using RSA key
    exchange are also enabled on the server. The limited window of
    opportunity, limitations in bandwidth, and latency make this
    attack significantly more difficult to execute.
    RSA key exchange is enabled by default although least
    prioritized if server order is honored. For such a cipher suite
    to be chosen it must also be supported by the client and
    probably the only shared cipher suite.
    Captured TLS sessions encrypted with ephemeral cipher suites
    (DHE or ECDHE) are not at risk for subsequent decryption due to
    this vulnerability.

- Add 0001-Add-structure-for-mutual-recursion-detection-in-ePCR.patch
  0002-fix-find_fixedlen-stk-overflow-w-mutual-recursion.patch
  0003-Fix-heap-overflow-with-unmatched-closing-parens.patch:
  fix bno#1030062 (CVE-2016-10253)

- Update to 18.3.4.6:
  * compiler: Fail labels on guard BIFs weren't taken into account
    during an optimization pass, and a bug in the validation pass
    sometimes prevented this from being noticed when a fault
    occurred.
  * eldap: Misc building environment updates
  * erts: Fix performance bug in pre-allocators that could cause
    them to permanently fall back on normal more expensive memory
    allocation. Pre-allocators are used for quick allocation of
    short lived meta data used by messages and other scheduled
    tasks. Bug exists since OTP_R15B02.
  * erts: Fixed bug in operator bxor causing erroneuos result when
    one operand is a big *negative* integer with the lowest N*W
    bits as zero and the other operand not larger than N*W bits. N
    is an integer of 1 or larger and W is 32 or 64 depending on
    word size.
  * erts: A timer internal bit-field used for storing scheduler id
    was too small. As a result, VM internal timer data structures
    could become inconsistent when using 1024 schedulers on the
    system. Note that systems with less than 1024 schedulers are
    not effected by this bug.
  * erts: Fixed bug in binary_to_term and binary_to_atom that could
    cause VM crash. Typically happens when the last character of an
    UTF8 string is in the range 128 to 255, but truncated to only
    one byte. Bug exists in binary_to_term since ERTS version
    5.10.2 (OTP_R16B01) and binary_to_atom since ERTS version 9.0
    (OTP-20.0).
  * ssh: Trailing white space was removed at end of the
    hello-string. This caused interoperability problems with some
    other ssh-implementations (e.g OpenSSH 7.3p1 on Solaris 11)

- Update to 19.2.2:
  * mnesia: Fixed crash in checkpoint handling when table was
    deleted during backup.

- Update to 19.0.4:
  * erts: Fixed a race that could cause a lost wakeup of a process
    that timed out in a receive ... after. This bug was introduced
    in ERTS version 7.0.
  * erts: Fixed segfault after writing an erl crash dump.

- Update to 18.3.4.1:
  * ssh: SSH client does not any longer retry a bad password
    given as option to ssh:connect et al.

- Rebased patches:
  + crypto.patch (manually)
  + erlang-not-install-misc.patch (manually)
  + otp-R16B-rpath.patch (manually)

- Do not suppress errors from useradd/groupadd
- Orthographic/typographical fixes

- Update to 18.3.4:
  * inets: Handle multiple \t in mime types file
  * ssl: Correct ssl:prf/5 to use the negotiated cipher suite's prf
    function in ssl:prf/5 instead of the default prf.
  * ssl: Timeouts may have the value 0, guards have been corrected
    to allow this
  * ssl: Change of internal handling of hash sign pairs as the used
    one enforced to much restrictions making some valid
    combinations unavailable.
  * ssl: Create a little randomness in sending of session
    invalidation messages, to mitigate load when whole table is
    invalidated.

- Return diameter application: as for 18.3.3 it is distributed
  under APL license

- Update to 18.3.3:
  * common_test: The nodelay option used to be enabled (true) by
  default for sockets opened by the Common Test
    telnet client.
  * common_test: Fix bug in cth_surefire
  * common_test: The ct:get_timetrap_info/0 function has been
  updated to return more information about timetrap
    scaling.
  * common_test: A problem with stylesheet HTML tags getting
  incorrectly escaped by Common Test has been
    corrected.
  * common_test: The ct_run start flag -no_esc_chars and
  ct:run_test/1 start option {esc_chars,Bool} have
    been introduced.
  * inets: Put back unused module inets_regexp
  * ssl: Correct cipher suites conversion and gaurd expression.

- Update to 18.3.2:
  * inets: Add environment information item peer_cert to mod_esi
  * ssl: Corrections to cipher suite handling using
    the 3 and 4 tuple format
  * ssl: Make values for the TLS-1.2 signature_algorithms
    extension configurable

- Update to 18.3:
  * New statistics info about runnable and active processes &
    ports. Call erlang:statistics with:
    total_run_queue_lengths | run_queue_lengths | total_active_tasks
    | active_tasks.
  * Time warp improvements: dbg:p/2 and erlang:trace/3 with
    monotonic_timestamp |strict_monotonic_timestamp.
  * Introduced a validation callback for heart.
  * The module overload in sasl has been deprecated.
  * several bug fixes

- Update to 18.2.3:
  * inets: mod_alias now traverses all aliases picking
    the longest match and not the first match.

- Update to 20.3.8.15 (boo#1118869)
- Changes for 20.3.8.15:
  * asn1: Handle erroneous length during decode (BER only) without
    crashing.
- Changes for 20.3.8.14:
  * ssh: Incompatibility with newer OpenSSH fixed. Previously
    versions 7.8 and later could cause Erlang SSH to exit.
- Changes for 20.3.8.13:
  * ssl: Add engine support for RSA key exchange
- Changes for 20.3.8.12:
  * erts: List subtraction (The -- operator) will now yield properly
    on large inputs.
  * stdlib: List subtraction (The -- operator) will now yield
    properly on large inputs.
  * ssl: Extend check for undelivered data at closing, could under
    some circumstances fail to deliverd all data that was acctualy
    recivied.
- Changes for 20.3.8.11:
  * erts: ERTS internal trees of monitor structures could get into
    an inconsistent state. This could cause 'DOWN' messages not to
    be delivered when they should, as well as delivery of 'DOWN'
    messages that should not be delivered.
- Changes for 20.3.8.10:
  * erts: Fixed bug in ets:select_replace when called with a fully
    bound key could cause a following call to ets:next or ets:prev
    to crash the emulator or return invalid result.
  * eldap: A race condition at close could cause the eldap client to
    exit with a badarg message as cause.

- Update to 20.3.8.5.
- Changes for 20.3.8.5:
  * erts: Fixed a bug causing some Erlang references to be
  inconsistently ordered. This could for example cause failure
  to look up certain elements with references as keys in search
  data structures. This bug was introduced in R13B02. Thanks to
  Simon Cornish for finding the bug and supplying a fix.
  * compiler: Fixed an issue where files compiled with the
  +deterministic option differed if they were compiled in a
  different directory but were otherwise identical.
  * crypto: Fixed a node crash in crypto:compute_key(ecdh, ...)
  when passing a wrongly typed Others argument.
  * erts: Fixed a bug which caused an emulator crash when
  enif_send() was called by a NIF that executed on a dirty
  scheduler. The bug was either triggered when the NIF called
  enif_send() without a message environment, or when the process
  executing the NIF was send traced.
  * erts: Fixed a bug causing some Erlang references to be
  inconsistently ordered. This could for example cause failure
  to look up certain elements with references as keys in search
  data structures. This bug was introduced in R13B02. Thanks to
  Simon Cornish for finding the bug and supplying a fix.
  * mnesia: When master node is set do not force a load from
  ram_copies replica when there are no available disc_copies,
  since that would load an empty table. Wait until a disk
  replica is available or until user explicitly force_loads the
  table.
  * mnesia: Allow to add replicas even if all other replicas are
  down when the other replicase are not stored on disk.
  * ssl: Correct handling of empty server SNI extension
  * ssl: Correct cipher suite handling for ECDHE_*, the incorrect
  handling could cause an incorrrect suite to be selected and
  most likly fail the handshake.
- Changes for 20.3.8.4:
  * asn1: A bug in ASN.1 BER decoding has been fixed. When
  decoding a recursively enclosed term the length was not
  propagated to that term decoding, so if the length of the
  enclosed term was longer than the enclosing that error was not
  dectected. A hard coded C stack limitation for decoding
  recursive ASN.1 terms has been introduced. This is currently
  set to 8 kWords giving a nesting depth of about 1000 levels.
  Deeper terms can not be decoded, which should not be much of a
  real world limitation.
- Changes for 20.3.8.3:
  * erts: Fixed a race condition in the inet driver that could
  cause receive to hang when the emulator was compiled with gcc8.
  * erts: Fix bug in generation of erl_crash.dump, which could
  cause VM to crash. Bug exist since erts-9.2 (OTP-20.2).
  * ic: Fixed potential buffer overflow bugs in
  oe_ei_encode_long/ulong/longlong/ulonglong functions on 64-bit
  architectures. These functions expect 32 bit integers as the
  IDL type "long" is defined as 32 bits. But there is nothing
  preventing user code from "breaking" the interface and pass
  larger values on 64-bit architectures where the C type "long"
  is 64 bits.
  * inets: Enhance error handling, that is mod_get will return 403
  if a path is a directory and not a file.
  * kernel: Non semantic change in dist_util.erl to silence
  dialyzer warning.
  * ssl: Improve cipher suite handling correcting ECC and TLS-1.2
  requierments. Backport of solution for ERL-641
  * ssl: Option keyfile defaults to certfile and should be trumped
  with key. This failed for engine keys.
- Changes for 20.3.8.2:
  * erl_interface: Make ei_connect and friends also accept state
  ok_simultaneous during handshake, which means the other node
  has initiated a connection setup that will be cancelled in
  favor of this connection.
  * erts: Fixed a rare bug that could cause processes to be
  scheduled after they had been freed.
  * ic: Fixed bug in ic causing potential buffer overrun in
  funtion oe_ei_encode_atom. Bug exists since ic-4.4.4
  (OTP-20.3.4).
  * kernel: Fix some potential buggy behavior in how ticks are
  sent on inter node distribution connections. Tick is now sent
  to c-node even if there are unsent buffered data, as c-nodes
  need ticks in order to send reply ticks. The amount of sent
  data was also calculated wrongly when ticks were suppressed
  due to unsent buffered data.
- Changes for 20.3.8.1:
  * inets: Options added for setting low-level properties on the
  underlying TCP connections. The options are: sock_ctrl,
  sock_data_act and sock_data_pass. See the manual for details.
  * ssh: SFTP clients reported the error reason "" if a non-OTP
  sftp server was killed during a long file transmission. Now
  the signal name (for example "KILL") will be the error reason
  if the server's reason is empty. The documentation also lacked
  type information about this class of errors.
  * ssh: Fix ssh_sftp decode error for sftp protocol version 4
  * syntax_tools: Fix a bug regarding reverting map types.
- Changes for 20.3.8:
  * erts: Fixed bug in ets that could cause VM crash if process A
  terminates after fixating a table and process B deletes the
  table at "the same time". The table fixation could be done
  with ets:safe_fixtable or if process A terminates in the
  middle of a long running select or match call.
  * snmp: The Snmp MIB compiler now allows using a
  TEXTUAL-CONVENTION type before defining it.
- Changes for 20.3.7:
  * erl_docgen: Update makefile so db_funcs.xsl is a part of the
  installed application.
  * erts: Fixed bug in enif_binary_to_term which could cause
  memory corruption for immediate terms (atoms, small integers,
  pids, ports, empty lists).
  * erts: Fixed bug in erlang:system_profile/2 that could cause
  superfluous {profile,_,active,_,_} messages for terminating
  processes.
  * inets: The option max_headers operated on the individual
  header length instead of the total length of all headers. Also
  headers with empty keys are now discarded.
- Changes for 20.3.6:
  * crypto: If OPENSSL_NO_EC was set, the compilation of the
  crypto nifs failed.
  * crypto: C-compile errors for LibreSSL 2.7.0 - 2.7.2 fixed
  * ssh: Host key hash erroneously calculated for clients
  following draft-00 of RFC 4419, for example PuTTY
  * ssh: Renegotiation could fail in some states
- Changes for 20.3.5:
  * erts: Fixed a crash in heart:get_cmd/0 when the stored command
  was too long.
  * ssl: Proper handling of clients that choose to send an empty
  answer to a certificate request.
- Changes for 20.3.4:
  * erl_interface: Fix bug in ei_connect functions that may cause
  failure due to insufficient buffer space for gethostbyname_r.
  * erl_interface, ic: Optimize encoding/decoding for pure 7-bit
  ascii atoms.
  * inets: Fix broken options handling in httpc (ERL-441).
  * ssh: An ssh_sftp server (running version 6) could fail if it
  is told to remove a file which in fact is a directory.
  * ssh: Fix rare spurios shutdowns of ssh servers when receiveing
  {'EXIT',_,normal} messages.
- Changes for 20.3.3:
  * sasl: When upgrading with instruction 'restart_new_emulator',
  the generated temporary boot file used 'kernelProcess'
  statements from the old release instead of the new release.
  This is now corrected.

- Update to 20.3.2
  * ssl: Added new API functions to facilitate cipher suite handling
  * erts, observer: More crash dump info such as: process binary
  virtual heap stats, full info for process causing out-of-mem
  during GC, more port related info, and dirty scheduler info.
  * inets: Add support for unix domain sockets in the http client.

- Update to 18.2.2:
  * ssh: The authentication method 'keyboard-interactive' failed
    in the Erlang client when the server after successful
    authentication continued by asking for zero more
    passwords.

- Update to 18.2.1:
  * Due to a bug in the handling of paths on windows
    none of the following would work with paths
    containing a space: ct_run dialyzer erlc escript typer
    This also contains a fix for HiPE enabled emulator for
    FreeBSD.
- Update to 18.2:
  * ssl: Add configurable upper limit for session
    cache.  erts: Add function enif_getenv to read OS
    environment variables in a portable way from NIFs.
  * kernel: Add {line_delim, byte()} option to
    inet:setopts/2 and  decode_packet/3
  * ssh: The 'ecdsa-sha2-nistp256',
    'ecdsa-sha2-nistp384' and 'ecdsa-sha2-nistp521'
    signature algorithms for ssh are implemented. See RFC5656.
  * ssh: The ssh:daemon option dh_gex_groups is
    extended to read a user provided ssh moduli file
    with generator-modulus pairs. The file is in openssh
    format.

- disable hipe on s390/s390x to fix build

- Update to 18.1.3:
  * ssl: Add possibility to downgrade an SSL/TLS connection to a
    tcp connection, and give back the socket control to a user
    process.
  * ssh: The following new key exchange algorithms are
    implemented:'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384',
    'ecdh-sha2-nistp521','diffie-hellman-group14-sha1',
    'diffie-hellman-group-exchange-sha1' and
    'diffie-hellman-group-exchange-sha256'. This raises the
    security level considerably.
  * kernel,stdlib,sasl: A mechanism for limiting the amount of
    text that the built-in error logger events will produce has
    been introduced. It is useful for limiting both the size of
    log files and the CPU time used to produce them. This
    mechanism is experimental in the sense that it may be changed
    based on feedback. See config parameter
    error_logger_format_depth in the Kernel application.
- Removed erts_fix_unlock_status_lock.patch: fixed in upstream

- Rework wxWidgets BuildRequire: fix build for Leap 42.1 (boo#967176)

- update to 18.0.3:
  * erts: Fixed a binary memory leak when printing to shell using
    the tty driver (i.e. not -oldshell).
  * erts: Fix a bug where the standard error port sometimes
    crashes with eagain as the reason.

- add erts_fix_unlock_status_lock.patch to fix a rare deadlock in erts

- fix RHEL/CentOS 7 build

- update to 18.0.2:
  * Fix processes ending up in an inconsistent half exited state
    in the runtime system without SMP support
  * Remove unnecessary copying of data when retrieving corrected
    Erlang monotonic time.
  * POTENTIAL INCOMPATIBILITY:
    Change default OS monotonic clock source chosen at build time.
    This in order to improve performance. The behavior will now on
    most systems be that (both OS and Erlang) monotonic time stops
    when the system is suspended. (changeable via the
  - -enable-prefer-elapsed-monotonic-time-during-suspend
    configure parameter)
  * Fix erlang:system_info(end_time) returning a faulty value on
    32-bit architectures.
  * Fix the trace_file_drv not handling EINTR correctly which
    caused it to fail when the runtime system received a signal.

- update to 18.0.1:
  * Fix a rare hanging of the VM seen to happen just after
    emulator start. Bug exists since R14.

- update to 18.0:
  * new license: APL 2.0 (Apache Public License)
  * erts: The time functionality has been extended. This includes
    a new API for time, as well as "time warp" modes which
    alters the behavior when system time changes. You are
    strongly encouraged to use the new API instead of the
    old API based on erlang:now/0. erlang:now/0 has been
    deprecated since it is a scalability bottleneck. See
    http://www.erlang.org/doc/apps/erts/time_correction.html
  * erts: Beside the API changes and time warp modes a lot of
    scalability and performance improvements regarding time
    management has been made. Examples are:
    + scheduler specific timer wheels,
    + scheduler specific BIF timer management,
    + parallel retrieval of monotonic time and system time
    on OS:es that support it.
  * erts: The previously introduced "eager check I/O" feature is
    now enabled by default.
  * erts/compiler: enhanced support for maps. Big maps new uses a
    HAMT (Hash Array Mapped Trie) representation internally
    which makes them more efficient. There is now also
    support for variables as map keys.
  * dialyzer: The -dialyzer() attribute can be used for suppressing
    warnings in a module by specifying functions or warning
    options. It can also be used for requesting warnings in
    a module.
  * ssl:  Remove default support for SSL-3.0 and added padding check
    for TLS-1.0 due to the Poodle vulnerability.
  * ssl:  Remove default support for RC4 cipher suites, as they are
    consider too weak.
  * stdlib: Allow maps for supervisor flags and child specs
  * stdlib: New functions in ets:
    + take/2: Works the same as ets:delete/2 but also returns
    the deleted object(s).
    + update_counter/4 with a default object as argument

- update to 17.5.6:
  * Fix broken relay counters
  * Fix diameter_sctp listener race
- fix build for SLE_12

- Update to 17.5.4

- fix systemd service files for epmd:
  * fix stop of epmd (epmd -kill is deprecated and ignored, so stop hangs)

- Update to 17.5:
  * ERTS: Added command line argument option for setting the
    initial size of process dictionaries.
  * Diameter: configurable incoming_max len and string_decode for
    diameter messages
  * Bugfixes and minor small features in applications such as
    compiler, common_test, crypto, debugger, eldap, erts, hipe,
    inets, ssh, ssl, ...
- remoce ct-fix_incl-dirs.patch (included upstream)

- add ct-fix_incl-dirs.patch (upstream patch for common test)

- Version 17.4:
  * eldap: Nearly all TCP options are possible to give in the eldap:open/2 call.
  * ssh: Added API functions ptty_alloc/3 and ptty_alloc/4, to allocate a pseudo tty.
  * ssl: Handle servers that may send an empty SNI extension to the client.

- use wxWidgets 3.0

- fix bashisms in pre script

- Update to 17.3:
  * erts: Introduced enif_schedule_nif() which allows a long
    running NIF to be broken into separate NIF invocations
    without the help of a wrapper function written in Erlang
  * common_test: Experimental support for running Quickcheck and
    PropEr tests from common_test suites is added.
    Examples of usage in the suites for the ssh and
    inets applications
  * Bugfixes and minor new features in applications such as asn1,
    erts, kernel, stdlib, diameter, ssh, mnesia, ssl, jinterface