Update Info

openSUSE-2019-995


Recommended update for erlang


Type: recommended
Severity: moderate
Issued: 2019-04-19
Description:
This update for erlang fixes the following issues:

Erlang was updated to 18.3.4.11 (boo#1118867) or to 20.3.8.15 (boo#1118869)

Changes for 18.3.4.11:

  * stdlib: List subtraction (The -- operator) will now yield properly on large inputs.
  * erts: List subtraction (The -- operator) will now yield properly on large inputs.
  * erts: Fixed small memory leak that could occur when sending to a terminating port.
  * ssh: Fix rare spurios shutdowns of ssh servers when receiveing {'EXIT',_,normal} messages.
  * ssh: Default exec is disabled when a user-defined shell is enabled


Changes for 20.3.8.15:

  * asn1: Handle erroneous length during decode (BER only) without crashing.
  * ssh: Incompatibility with newer OpenSSH fixed. Previously versions 7.8 and later could cause Erlang SSH to exit.
  * ssl: Add engine support for RSA key exchange
  * erts: List subtraction (The -- operator) will now yield properly on large inputs.
  * stdlib: List subtraction (The -- operator) will now yield properly on large inputs.
  * ssl: Extend check for undelivered data at closing, could under some circumstances fail to deliverd all data that was acctualy recivied.
  * erts: ERTS internal trees of monitor structures could get into
    an inconsistent state. This could cause 'DOWN' messages not to
    be delivered when they should, as well as delivery of 'DOWN'
    messages that should not be delivered.
  * erts: Fixed bug in ets:select_replace when called with a fully
    bound key could cause a following call to ets:next or ets:prev
    to crash the emulator or return invalid result.
  * eldap: A race condition at close could cause the eldap client to
    exit with a badarg message as cause.
  - http://erlang.org/download/OTP-20.3.8.9.README
  * Fix a regression in OTP-15204 that removed .beam file metadata
  - http://erlang.org/download/OTP-20.3.8.8.README
  * inets: Do not use chunked-encoding with 1xx, 204 and 304
    responses when using mod_esi
  * inets: Add robust handling of chunked-encoded HTTP responses
    with an empty body (1xx, 204, 304)
  - Changes for 20.3.8.7:
  - http://erlang.org/download/OTP-20.3.8.7.README
  * crypto: Update the crypto engine functions to handle multiple
    loads of an engine
  * mnesia: Fixed a bug where the bag table index data was not
    deleted when objects were deleted.
 * inets: Change status code for no mod found to handle request to 501
 * erts: Fixed a bug causing some Erlang references to be
   inconsistently ordered. This could for example cause failure
   to look up certain elements with references as keys in search
   data structures. This bug was introduced in R13B02. Thanks to
   Simon Cornish for finding the bug and supplying a fix.
 * compiler: Fixed an issue where files compiled with the
   +deterministic option differed if they were compiled in a
   different directory but were otherwise identical.
 * crypto: Fixed a node crash in crypto:compute_key(ecdh, ...)
   when passing a wrongly typed Others argument.
 * erts: Fixed a bug which caused an emulator crash when
   enif_send() was called by a NIF that executed on a dirty
   scheduler. The bug was either triggered when the NIF called
   enif_send() without a message environment, or when the process
   executing the NIF was send traced.
 * erts: Fixed a bug causing some Erlang references to be
   inconsistently ordered. This could for example cause failure
   to look up certain elements with references as keys in search
   data structures. This bug was introduced in R13B02. Thanks to
   Simon Cornish for finding the bug and supplying a fix.
 * mnesia: When master node is set do not force a load from
   ram_copies replica when there are no available disc_copies,
   since that would load an empty table. Wait until a disk
   replica is available or until user explicitly force_loads the
   table.
 * mnesia: Allow to add replicas even if all other replicas are
   down when the other replicase are not stored on disk.
 * ssl: Correct handling of empty server SNI extension
 * ssl: Correct cipher suite handling for ECDHE_*, the incorrect
   handling could cause an incorrrect suite to be selected and
   most likly fail the handshake.
 * asn1: A bug in ASN.1 BER decoding has been fixed. When
   decoding a recursively enclosed term the length was not
   propagated to that term decoding, so if the length of the
   enclosed term was longer than the enclosing that error was not
   dectected. A hard coded C stack limitation for decoding
   recursive ASN.1 terms has been introduced. This is currently
   set to 8 kWords giving a nesting depth of about 1000 levels.
   Deeper terms can not be decoded, which should not be much of a
   real world limitation.
 * erts: Fixed a race condition in the inet driver that could
   cause receive to hang when the emulator was compiled with gcc8.
 * erts: Fix bug in generation of erl_crash.dump, which could
   cause VM to crash. Bug exist since erts-9.2 (OTP-20.2).
 * ic: Fixed potential buffer overflow bugs in
   oe_ei_encode_long/ulong/longlong/ulonglong functions on 64-bit
   architectures. These functions expect 32 bit integers as the
   IDL type "long" is defined as 32 bits. But there is nothing
   preventing user code from "breaking" the interface and pass
   larger values on 64-bit architectures where the C type "long"
   is 64 bits.
 * inets: Enhance error handling, that is mod_get will return 403
   if a path is a directory and not a file.
 * kernel: Non semantic change in dist_util.erl to silence
   dialyzer warning.
 * ssl: Improve cipher suite handling correcting ECC and TLS-1.2
   requierments. Backport of solution for ERL-641
 * ssl: Option keyfile defaults to certfile and should be trumped
   with key. This failed for engine keys.
 * erl_interface: Make ei_connect and friends also accept state
   ok_simultaneous during handshake, which means the other node
   has initiated a connection setup that will be cancelled in
   favor of this connection.
 * erts: Fixed a rare bug that could cause processes to be
   scheduled after they had been freed.
 * ic: Fixed bug in ic causing potential buffer overrun in
   funtion oe_ei_encode_atom. Bug exists since ic-4.4.4
   (OTP-20.3.4).
 * kernel: Fix some potential buggy behavior in how ticks are
   sent on inter node distribution connections. Tick is now sent
   to c-node even if there are unsent buffered data, as c-nodes
   need ticks in order to send reply ticks. The amount of sent
   data was also calculated wrongly when ticks were suppressed
   due to unsent buffered data.
 * inets: Options added for setting low-level properties on the
   underlying TCP connections. The options are: sock_ctrl,
   sock_data_act and sock_data_pass. See the manual for details.
 * ssh: SFTP clients reported the error reason "" if a non-OTP
   sftp server was killed during a long file transmission. Now
   the signal name (for example "KILL") will be the error reason
   if the server's reason is empty. The documentation also lacked
   type information about this class of errors.
 * ssh: Fix ssh_sftp decode error for sftp protocol version 4
 * syntax_tools: Fix a bug regarding reverting map types.


              

Packages


  • erlang-20.3.8.15-bp150.5.1