Revisions of erlang
Matwey Kornilov (matwey)
accepted
request 656598
from
Matwey Kornilov (matwey)
(revision 10)
- Update to 18.3.4.11 (boo#1118867). - Changes for 18.3.4.11: * stdlib: List subtraction (The -- operator) will now yield properly on large inputs. * erts: List subtraction (The -- operator) will now yield properly on large inputs. - Changes for 18.3.4.10: * erts: Fixed small memory leak that could occur when sending to a terminating port.
Matwey Kornilov (matwey)
accepted
request 629280
from
Matwey Kornilov (matwey)
(revision 9)
- Update to 18.3.4.9: * ssh: Fix rare spurios shutdowns of ssh servers when receiveing {'EXIT',_,normal} messages.
Matwey Kornilov (matwey)
accepted
request 596494
from
Matwey Kornilov (matwey)
(revision 8)
- Update to 18.3.4.8: * ssh: Default exec is disabled when a user-defined shell is enabled
Matwey Kornilov (matwey)
accepted
request 545685
from
Matwey Kornilov (matwey)
(revision 7)
- Update to 18.3.4.7: * ssl: An erlang TLS server configured with cipher suites using rsa key exchange, may be vulnerable to ani Adaptive Chosen Ciphertext attack (AKA Bleichenbacheri attack) against RSA, which when exploited, may resulti in plaintext recovery of encrypted messages and/or ai Man-in-the-middle (MiTM) attack, despite the attackeri not having gained access to the server’s private key itself. CVE-2017-1000385 Exploiting this vulnerability to perform plaintext recovery of encrypted messages will, in most practical cases, allow an attacker to read the plaintext only after the session has completed. Only TLS sessions established using RSA key exchange are vulnerable to this attack. Exploiting this vulnerability to conduct a MiTM attack requires the attacker to complete the initial attack, which may require thousands of server requests, during the handshake phase of the targeted session within the window of the configured handshake timeout. This attack may be conducted against any TLS session using RSA signatures, but only if cipher suites using RSA key exchange are also enabled on the server. The limited window of opportunity, limitations in bandwidth, and latency make this attack significantly more difficult to execute. RSA key exchange is enabled by default although least prioritized if server order is honored. For such a cipher suite to be chosen it must also be supported by the client and probably the only shared cipher suite. Captured TLS sessions encrypted with ephemeral cipher suites (DHE or ECDHE) are not at risk for subsequent decryption due to this vulnerability.
Matwey Kornilov (matwey)
accepted
request 544610
from
Matwey Kornilov (matwey)
(revision 6)
- Add 0001-Add-structure-for-mutual-recursion-detection-in-ePCR.patch 0002-fix-find_fixedlen-stk-overflow-w-mutual-recursion.patch 0003-Fix-heap-overflow-with-unmatched-closing-parens.patch: fix bno#1030062 (CVE-2016-10253)
Matwey Kornilov (matwey)
accepted
request 542714
from
Matwey Kornilov (matwey)
(revision 5)
- Update to 18.3.4.6: * compiler: Fail labels on guard BIFs weren't taken into account during an optimization pass, and a bug in the validation pass sometimes prevented this from being noticed when a fault occurred. * eldap: Misc building environment updates * erts: Fix performance bug in pre-allocators that could cause them to permanently fall back on normal more expensive memory allocation. Pre-allocators are used for quick allocation of short lived meta data used by messages and other scheduled tasks. Bug exists since OTP_R15B02. * erts: Fixed bug in operator bxor causing erroneuos result when one operand is a big *negative* integer with the lowest N*W bits as zero and the other operand not larger than N*W bits. N is an integer of 1 or larger and W is 32 or 64 depending on word size. * erts: A timer internal bit-field used for storing scheduler id was too small. As a result, VM internal timer data structures could become inconsistent when using 1024 schedulers on the system. Note that systems with less than 1024 schedulers are not effected by this bug. * erts: Fixed bug in binary_to_term and binary_to_atom that could cause VM crash. Typically happens when the last character of an UTF8 string is in the range 128 to 255, but truncated to only one byte. Bug exists in binary_to_term since ERTS version 5.10.2 (OTP_R16B01) and binary_to_atom since ERTS version 9.0 (OTP-20.0). * ssh: Trailing white space was removed at end of the hello-string. This caused interoperability problems with some other ssh-implementations (e.g OpenSSH 7.3p1 on Solaris 11)
Matwey Kornilov (matwey)
accepted
request 454239
from
Matwey Kornilov (matwey)
(revision 4)
- Update to 18.3.4.5: * crypto: Key exchange algorithms diffie-hellman-group-exchange-sha* optimized, up to a factor of 11 for the slowest ( = biggest and safest) one. * erts: A bug has been fixed where if erlang was started +B on a unix platform it would be killed by a SIGUSR2 signal when creating a crash dump. * erts: Calls to erl_drv_send_term() or erl_drv_output_term() from a non-scheduler thread while the corresponding port was invalid caused the emulator to enter an inconsistent state which eventually caused an emulator crash. * erts: Driver and NIF operations accessing processes or ports could cause an emulator crash when used from non-scheduler threads. * erts: Fix bug in binary_to_term for binaries created by term_to_binary with option compressed. The bug can cause badarg exception for a valid binary when Erlang VM is linked against a zlib library of version 1.2.9 or newer. Bug exists since OTP 17.0. * inets: Shutdown gracefully on connection or TLS handshake errors * ssh: The key exchange algorithm diffie-hellman-group-exchange-sha* has a server-option {dh_gex_limits,{Min,Max}}. There was a hostkey signature validation error on the client side if the option was used and the Min or the Max differed fromthe corresponding values obtained from the client. * ssh: Key exchange algorithms diffie-hellman-group-exchange-sha* optimized, up to a factor of 11 for the slowest ( = biggest and safest) one.
Matwey Kornilov (matwey)
committed
(revision 1)
osc copypac from project:openSUSE:Leap:42.2 package:erlang revision:4
Displaying all 10 revisions