Otp 24.3.4.15 - Erlang/OTP

Erlang/OTP 24.3.4.15

Patch Package	OTP 24.3.4.15
Git Tag	OTP-24.3.4.15
Date	2023-12-18
Issue Id	GH-7571 GH-7834 GH-7890
System	OTP
Release	24
Application	asn1-5.0.18.2 erl_interface-5.2.2.1 erts-12.3.2.15 mnesia-4.20.4.4 ssh-4.13.2.4
	Potential Incompatibilities

Potential Incompatibilities #

OTP-18897

Application(s):: ssh

With this change (being response to CVE-2023-48795), ssh can negotiate "strict KEX" OpenSSH extension with peers supporting it; also 'chacha20-poly1305@openssh.com' algorithm becomes a less preferred cipher.

If strict KEX availability cannot be ensured on both connection sides, affected encryption modes(CHACHA and CBC) can be disabled with standard ssh configuration. This will provide protection against vulnerability, but at a cost of affecting interoperability. See Configuring algorithms in SSH.

OTP-24.3.4.15 #

OTP-18896

Application(s):: otp

Updated copyright and license information.

asn1-5.0.18.2 #

The asn1-5.0.18.2 application can be applied independently of other applications on a full OTP 24 installation.

OTP-18844

Application(s):: asn1

Fix benign warning from gcc 11 about mismatching call to free().

Full runtime dependencies of asn1-5.0.18.2: erts-11.0, kernel-7.0, stdlib-3.13

erl_interface-5.2.2.1 #

The erl_interface-5.2.2.1 application can be applied independently of other applications on a full OTP 24 installation.

OTP-18877

Application(s):: erl_interface, erts

Replaced old md5 implementation with an implementation from OpenSSL.

erts-12.3.2.15 #

Note! The erts-12.3.2.15 application *cannot* be applied independently of other applications on an arbitrary OTP 24 installation. On a full OTP 24 installation, also the following runtime dependency has to be satisfied: -- kernel-8.3 (first satisfied in OTP 24.3)

OTP-18802

Application(s):: erts

Fix faulty debug assert when page size is larger than 16kb, like on PowerPC. Did crash debug VM directly at start.

OTP-18885

Application(s):: erts
Related Id(s):: GH-7834 , GH-7890 , PR-7915

On OTP 24 and OTP 25, incoming distributed messages larger than 64 KiB sent using an alias leaked memory if the alias had been removed prior to entering the node. This issue was not present on OTP 26.

Incoming distributed messages larger than 64 KiB sent using an alias which had been removed on the receiving node could crash the node. This crash was quite unlikely on OTP 24 and OTP 25, but very likely on OTP 26.

'DOWN' signals with exit reason larger than 64 KiB directed towards a process on a node with a not matching creation leaked memory on the receiving node. Such signals should however be very rare.

OTP-18902

Application(s):: erts

Removed unnecessary PCRE source tar-ball.

OTP-18830

Application(s):: erts
Related Id(s):: PR-7823

Removed unnecessary regexp library used when generating yielding BIFs.

OTP-18877

Application(s):: erl_interface, erts

Replaced old md5 implementation with an implementation from OpenSSL.

OTP-18899

Application(s):: erts

Removed unused makewhatis script.

Full runtime dependencies of erts-12.3.2.15: kernel-8.3, sasl-3.3, stdlib-3.13

mnesia-4.20.4.4 #

The mnesia-4.20.4.4 application can be applied independently of other applications on a full OTP 24 installation.

OTP-18850

Application(s):: mnesia

mnesia:add_table_copy/3 no longer fails with reason system_limit when the node is starting.

Full runtime dependencies of mnesia-4.20.4.4: erts-9.0, kernel-5.3, stdlib-3.4

ssh-4.13.2.4 #

The ssh-4.13.2.4 application can be applied independently of other applications on a full OTP 24 installation.

OTP-18869

Application(s):: ssh
Related Id(s):: GH-7571 , PR-7849

With this change, connection handler does not execute socket operations until it becomes socket owner. Previously errors could occur if connection handler tried to work with socket whose owner exited.

OTP-18897

Application(s):: ssh

*** POTENTIAL INCOMPATIBILITY ***

Full runtime dependencies of ssh-4.13.2.4: crypto-5.0, erts-9.0, kernel-5.3, public_key-1.6.1, runtime_tools-1.15.1, stdlib-3.15