packages/erlang
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:18ed21df36bd5f9cd1488445d4679d48ee0c9a52
Branches Tags
packages:main
...
compare: packages:7814fc00d99c28d324e10560d4b356c56f1f3de5
Branches Tags
packages:main

10 Commits
18ed21df36 ... 7814fc00d9

Author SHA1 Message Date
openeuler-ci-bot
7814fc00d9
!27 Fix CVE-2023-48795 
From: @wk333 
Reviewed-by: @lyn1001 
Signed-off-by: @lyn1001
 2024-01-25 09:22:17 +00:00
wk333
da7cab7296 Fix CVE-2023-48795 2024-01-25 16:13:45 +08:00
openeuler-ci-bot
8e7e70462f
!21 Fix CVE-2022-37026 
From: @wk333 
Reviewed-by: @caodongxia 
Signed-off-by: @caodongxia
 2023-12-13 03:43:18 +00:00
wk333
b4af7a2965 Fix CVE-2022-37026 2023-12-13 10:36:14 +08:00
openeuler-ci-bot
1385aefe13
!13 【软件升级】openEuler 22.03 LTS版本erlang软件升级至23.3.4.9 
Merge pull request !13 from 王歌/openEuler-22.03-LTS-Next
 2022-01-20 08:33:26 +00:00
wang--ge
cd19b95375 update to version 23.3.4.9 2022-01-19 14:55:57 +08:00
openeuler-ci-bot
912d5aceab
!12 fix build error for autoconf 2.71 
Merge pull request !12 from wk333/openEuler-22.03-LTS-Next
 2022-01-11 02:03:23 +00:00
wk333
5ca04d4435 fix build error for autoconf 2.71 2022-01-08 03:05:45 +08:00
openeuler-ci-bot
e3f376fd1d !11 fix build error caused by GCC upgrade to 10 
From: @lipingEmmaSiguyi
Reviewed-by: @small_leek
Signed-off-by: @small_leek
 2021-08-03 11:21:20 +00:00
Li Ping
dfde791442 update erlang.spec and add extern-ei-default-socket-callbacks.patch 2021-08-03 17:48:19 +08:00
16 changed files with 2075 additions and 788 deletions
Show Stats Expand all files Collapse all files

593
CVE-2022-37026.patch Normal file
View File

@ -0,0 +1,593 @@
From cd5024867e7b7d3a6e94194af9e01e1fb77e36c9 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Tue, 24 May 2022 17:52:02 +0200
Subject: [PATCH] ssl: Enhanch handling of unexpected messages
Origin:
https://github.com/erlang/otp/commit/cd5024867e7b7d3a6e94194af9e01e1fb77e36c9
https://github.com/erlang/otp/commit/6a1baa36e4e6c1b682e8b48e0c141602e0b8e6e5
Make better use of gen_statem. Rename flag and values to better names.
---
lib/ssl/src/dtls_connection.erl | 25 ++++-
lib/ssl/src/ssl_connection.hrl | 6 +-
lib/ssl/src/ssl_gen_statem.erl | 3 -
lib/ssl/src/tls_connection.erl | 21 +++-
lib/ssl/src/tls_dtls_connection.erl | 155 +++++++++++++++++-----------
lib/ssl/src/tls_gen_connection.erl | 23 ++++-
lib/ssl/src/tls_handshake_1_3.erl | 8 +-
lib/ssl/test/ssl_npn_SUITE.erl | 8 +-
8 files changed, 171 insertions(+), 78 deletions(-)
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 78348826e471..5a85bf8016ed 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -46,7 +46,8 @@
%% ClientKeyExchange \
%% CertificateVerify* Flight 5
%% [ChangeCipherSpec] /
-%% Finished --------> /
+%% NextProtocol* /
+%% Finished --------> /
%%
%% [ChangeCipherSpec] \ Flight 6
%% <-------- Finished /
@@ -64,7 +65,8 @@
%% <-------- Finished / part 2
%%
%% [ChangeCipherSpec] \ Abbrev Flight 3
-%% Finished --------> /
+%% NextProtocol* /
+%% Finished --------> /
%%
%%
%% Message Flights for Abbbriviated Handshake
@@ -140,6 +142,7 @@
user_hello/3,
wait_ocsp_stapling/3,
certify/3,
+ wait_cert_verify/3,
cipher/3,
abbreviated/3,
connection/3]).
@@ -462,6 +465,24 @@ certify(state_timeout, Event, State) ->
certify(Type, Event, State) ->
gen_handshake(?FUNCTION_NAME, Type, Event, State).
+
+%%--------------------------------------------------------------------
+-spec wait_cert_verify(gen_statem:event_type(), term(), #state{}) ->
+ gen_statem:state_function_result().
+%%--------------------------------------------------------------------
+wait_cert_verify(enter, _Event, State0) ->
+ {State, Actions} = handle_flight_timer(State0),
+ {keep_state, State, Actions};
+wait_cert_verify(info, Event, State) ->
+ gen_info(Event, ?FUNCTION_NAME, State);
+wait_cert_verify(state_timeout, Event, State) ->
+ handle_state_timeout(Event, ?FUNCTION_NAME, State);
+wait_cert_verify(Type, Event, #state{connection_env = #connection_env{negotiated_version = Version}} = State) ->
+ try tls_dtls_connection:gen_handshake(?FUNCTION_NAME, Type, Event, State)
+ catch throw:#alert{} = Alert ->
+ ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State)
+ end.
+
%%--------------------------------------------------------------------
-spec cipher(gen_statem:event_type(), term(), #state{}) ->
gen_statem:state_function_result().
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index 4f9584bb9ffe..9534ae023446 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -115,7 +115,7 @@
%% need to worry about packet loss in TLS. In DTLS we
%% need to track DTLS handshake seqnr
flight_buffer = [] :: list() | map(),
- client_certificate_requested = false :: boolean(),
+ client_certificate_status = not_requested :: not_requested | requested | empty | needs_verifying | verified,
protocol_specific = #{} :: map(),
session :: #session{} | secret_printout(),
key_share,
@@ -147,8 +147,8 @@
%% session_cache_cb - not implemented
%% crl_db - not implemented
%% client_hello_version - Bleichenbacher mitigation in TLS 1.2
-%% client_certificate_requested - Built into TLS 1.3 state machine
-%% key_algorithm - not used
+%% client_certificate_status - only uses non_requested| requested
+%% key_algorithm - only uses not_requested and requested
%% diffie_hellman_params - used in TLS 1.2 ECDH key exchange
%% diffie_hellman_keys - used in TLS 1.2 ECDH key exchange
%% psk_identity - not used
diff --git a/lib/ssl/src/ssl_gen_statem.erl b/lib/ssl/src/ssl_gen_statem.erl
index e6268b4876cf..cde74b6acf00 100644
--- a/lib/ssl/src/ssl_gen_statem.erl
+++ b/lib/ssl/src/ssl_gen_statem.erl
@@ -669,9 +669,6 @@ handle_common_event(internal, {protocol_record, TLSorDTLSRecord}, StateName,
Connection:handle_protocol_record(TLSorDTLSRecord, StateName, State);
handle_common_event(timeout, hibernate, _, _) ->
{keep_state_and_data, [hibernate]};
-handle_common_event(internal, #change_cipher_spec{type = <<1>>}, StateName,
- #state{connection_env = #connection_env{negotiated_version = Version}} = State) ->
- handle_own_alert(?ALERT_REC(?FATAL, ?HANDSHAKE_FAILURE), Version, StateName, State);
handle_common_event({timeout, handshake}, close, _StateName, #state{start_or_recv_from = StartFrom} = State) ->
{stop_and_reply,
{shutdown, user_timeout},
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 8f25e5a3cd43..d87d6c15a224 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -34,6 +34,7 @@
%% ClientKeyExchange \
%% CertificateVerify* Flight 3 part 1
%% [ChangeCipherSpec] /
+%% NextProtocol*
%% Finished --------> / Flight 3 part 2
%% [ChangeCipherSpec]
%% <-------- Finished Flight 4
@@ -48,6 +49,7 @@
%% [ChangeCipherSpec]
%% <-------- Finished Abbrev Flight 2 part 2
%% [ChangeCipherSpec]
+%% NextProtocol*
%% Finished --------> Abbrev Flight 3
%% Application Data <-------> Application Data
%%
@@ -70,13 +72,14 @@
%% |
%% New session | Resumed session
%% WAIT_OCSP_STAPELING CERTIFY <----------------------------------> ABBRIVIATED
-%%
+%% WAIT_CERT_VERIFY
%% <- Possibly Receive -- | |
-%% OCSP Stapel ------> | Flight 3 part 1 |
+%% OCSP Stapel/CertVerify -> | Flight 3 part 1 |
%% | |
%% V | Abbrev Flight 2 part 2 to Abbrev Flight 3
%% CIPHER |
%% | |
+%% | |
%% | Fligth 3 part 2 to Flight 4 |
%% | |
%% V V
@@ -121,6 +124,7 @@
user_hello/3,
wait_ocsp_stapling/3,
certify/3,
+ wait_cert_verify/3,
cipher/3,
abbreviated/3,
connection/3]).
@@ -303,6 +307,19 @@ certify(info, Event, State) ->
certify(Type, Event, State) ->
tls_dtls_connection:gen_handshake(?FUNCTION_NAME, Type, Event, State).
+
+%%--------------------------------------------------------------------
+-spec wait_cert_verify(gen_statem:event_type(), term(), #state{}) ->
+ gen_statem:state_function_result().
+%%--------------------------------------------------------------------
+wait_cert_verify(info, Event, State) ->
+ gen_info(Event, ?FUNCTION_NAME, State);
+wait_cert_verify(Type, Event, #state{connection_env = #connection_env{negotiated_version = Version}} = State) ->
+ try tls_dtls_connection:gen_handshake(?FUNCTION_NAME, Type, Event, State)
+ catch throw:#alert{} = Alert ->
+ ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State)
+ end.
+
%%--------------------------------------------------------------------
-spec cipher(gen_statem:event_type(), term(), #state{}) ->
gen_statem:state_function_result().
diff --git a/lib/ssl/src/tls_dtls_connection.erl b/lib/ssl/src/tls_dtls_connection.erl
index 02c55f3941b6..7d659baea0e7 100644
--- a/lib/ssl/src/tls_dtls_connection.erl
+++ b/lib/ssl/src/tls_dtls_connection.erl
@@ -54,6 +54,7 @@
user_hello/3,
abbreviated/3,
certify/3,
+ wait_cert_verify/3,
wait_ocsp_stapling/3,
cipher/3,
connection/3,
@@ -319,7 +320,7 @@ certify(internal, #certificate{asn1_certificates = []},
ssl_options = #{verify := verify_peer,
fail_if_no_peer_cert := false}} =
State0) ->
- Connection:next_event(?FUNCTION_NAME, no_record, State0#state{client_certificate_requested = false});
+ Connection:next_event(?FUNCTION_NAME, no_record, State0#state{client_certificate_status = empty});
certify(internal, #certificate{},
#state{static_env = #static_env{role = server},
connection_env = #connection_env{negotiated_version = Version},
@@ -344,16 +345,21 @@ certify(internal, #certificate{asn1_certificates = [Peer|_]} = Cert,
ocsp_stapling_state = #{ocsp_expect := Status} = OcspState},
connection_env = #connection_env{
negotiated_version = Version},
- ssl_options = Opts} = State) when Status =/= staple ->
+ ssl_options = Opts} = State0) when Status =/= staple ->
OcspInfo = ocsp_info(OcspState, Opts, Peer),
case ssl_handshake:certify(Cert, CertDbHandle, CertDbRef,
Opts, CRLDbInfo, Role, Host,
ensure_tls(Version), OcspInfo) of
{PeerCert, PublicKeyInfo} ->
- handle_peer_cert(Role, PeerCert, PublicKeyInfo,
- State#state{client_certificate_requested = false}, Connection, []);
+ State = case Role of
+ server ->
+ State0#state{client_certificate_status = needs_verifying};
+ client ->
+ State0
+ end,
+ handle_peer_cert(Role, PeerCert, PublicKeyInfo, State, Connection, []);
#alert{} = Alert ->
- ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State)
+ ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0)
end;
certify(internal, #server_key_exchange{exchange_keys = Keys},
#state{static_env = #static_env{role = client,
@@ -421,7 +427,7 @@ certify(internal, #certificate_request{},
%% The client does not have a certificate and will send an empty reply, the server may fail
%% or accept the connection by its own preference. No signature algorihms needed as there is
%% no certificate to verify.
- Connection:next_event(?FUNCTION_NAME, no_record, State#state{client_certificate_requested = true});
+ Connection:next_event(?FUNCTION_NAME, no_record, State#state{client_certificate_status = requested});
certify(internal, #certificate_request{} = CertRequest,
#state{static_env = #static_env{role = client,
protocol_cb = Connection},
@@ -435,7 +441,7 @@ certify(internal, #certificate_request{} = CertRequest,
ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State);
NegotiatedHashSign ->
Connection:next_event(?FUNCTION_NAME, no_record,
- State#state{client_certificate_requested = true,
+ State#state{client_certificate_status = requested,
handshake_env = HsEnv#handshake_env{cert_hashsign_algorithm = NegotiatedHashSign}})
end;
%% PSK and RSA_PSK might bypass the Server-Key-Exchange
@@ -514,14 +520,6 @@ certify(internal, #server_hello_done{},
#alert{} = Alert ->
ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State0)
end;
-certify(internal = Type, #client_key_exchange{} = Msg,
- #state{static_env = #static_env{role = server},
- client_certificate_requested = true,
- connection_env = #connection_env{negotiated_version = Version},
- ssl_options = #{fail_if_no_peer_cert := true}} = State) ->
- %% We expect a certificate here
- Alert = ?ALERT_REC(?FATAL,?UNEXPECTED_MESSAGE, {unexpected_msg, {Type, Msg}}),
- ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State);
certify(internal, #client_key_exchange{exchange_keys = Keys},
State = #state{handshake_env = #handshake_env{kex_algorithm = KeyAlg},
static_env = #static_env{protocol_cb = Connection},
@@ -539,37 +537,53 @@ certify(Type, Event, State) ->
ssl_gen_statem:handle_common_event(Type, Event, ?FUNCTION_NAME, State).
%%--------------------------------------------------------------------
--spec cipher(gen_statem:event_type(),
- #hello_request{} | #certificate_verify{} | #finished{} | term(),
+-spec wait_cert_verify(gen_statem:event_type(),
+ #hello_request{} | #certificate_verify{} | term(),
#state{}) ->
gen_statem:state_function_result().
%%--------------------------------------------------------------------
-cipher({call, From}, Msg, State) ->
- handle_call(Msg, From, ?FUNCTION_NAME, State);
-cipher(info, Msg, State) ->
- handle_info(Msg, ?FUNCTION_NAME, State);
-cipher(internal, #certificate_verify{signature = Signature,
- hashsign_algorithm = CertHashSign},
- #state{static_env = #static_env{role = server,
- protocol_cb = Connection},
- handshake_env = #handshake_env{tls_handshake_history = Hist,
- kex_algorithm = KexAlg,
- public_key_info = PubKeyInfo} = HsEnv,
- connection_env = #connection_env{negotiated_version = Version},
- session = #session{master_secret = MasterSecret}
- } = State) ->
+wait_cert_verify(internal, #certificate_verify{signature = Signature,
+ hashsign_algorithm = CertHashSign},
+ #state{static_env = #static_env{role = server,
+ protocol_cb = Connection},
+ client_certificate_status = needs_verifying,
+ handshake_env = #handshake_env{tls_handshake_history = Hist,
+ kex_algorithm = KexAlg,
+ public_key_info = PubKeyInfo},
+ connection_env = #connection_env{negotiated_version = Version},
+ session = #session{master_secret = MasterSecret} = Session0
+ } = State) ->
TLSVersion = ssl:tls_version(Version),
- %% Use negotiated value if TLS-1.2 otherwhise return default
+ %% Use negotiated value if TLS-1.2 otherwise return default
HashSign = negotiated_hashsign(CertHashSign, KexAlg, PubKeyInfo, TLSVersion),
case ssl_handshake:certificate_verify(Signature, PubKeyInfo,
TLSVersion, HashSign, MasterSecret, Hist) of
valid ->
- Connection:next_event(?FUNCTION_NAME, no_record,
- State#state{handshake_env = HsEnv#handshake_env{cert_hashsign_algorithm = HashSign}});
+ Connection:next_event(cipher, no_record,
+ State#state{client_certificate_status = verified,
+ session = Session0#session{sign_alg = HashSign}});
#alert{} = Alert ->
- ssl_gen_statem:handle_own_alert(Alert, Version, ?FUNCTION_NAME, State)
+ throw(Alert)
end;
+
+wait_cert_verify(internal, #hello_request{}, _) ->
+ keep_state_and_data;
+wait_cert_verify(Type, Event, State) ->
+ ssl_gen_statem:handle_common_event(Type, Event, ?FUNCTION_NAME, State).
+
+%%--------------------------------------------------------------------
+-spec cipher(gen_statem:event_type(),
+ #hello_request{} | #finished{} | term(),
+ #state{}) ->
+ gen_statem:state_function_result().
+%%--------------------------------------------------------------------
+cipher({call, From}, Msg, State) ->
+ handle_call(Msg, From, ?FUNCTION_NAME, State);
+cipher(info, Msg, State) ->
+ handle_info(Msg, ?FUNCTION_NAME, State);
+
+
%% client must send a next protocol message if we are expecting it
cipher(internal, #finished{},
#state{static_env = #static_env{role = server},
@@ -609,6 +623,7 @@ cipher(internal, #next_protocol{selected_protocol = SelectedProtocol},
Connection:next_event(?FUNCTION_NAME, no_record,
State#state{handshake_env = HsEnv#handshake_env{negotiated_protocol = SelectedProtocol,
expecting_next_protocol_negotiation = false}});
+
cipher(internal, #change_cipher_spec{type = <<1>>},
#state{handshake_env = HsEnv,
static_env = #static_env{protocol_cb = Connection},
@@ -881,12 +896,12 @@ handle_peer_cert_key(_, _, _, _, State) ->
certify_client(#state{static_env = #static_env{role = client,
cert_db = CertDbHandle,
cert_db_ref = CertDbRef},
- client_certificate_requested = true,
+ client_certificate_status = requested,
session = #session{own_certificates = OwnCerts}}
= State, Connection) ->
Certificate = ssl_handshake:certificate(OwnCerts, CertDbHandle, CertDbRef, client),
Connection:queue_handshake(Certificate, State);
-certify_client(#state{client_certificate_requested = false} = State, _) ->
+certify_client(#state{client_certificate_status = not_requested} = State, _) ->
State.
verify_client_cert(#state{static_env = #static_env{role = client},
@@ -894,7 +909,7 @@ verify_client_cert(#state{static_env = #static_env{role = client},
cert_hashsign_algorithm = HashSign},
connection_env = #connection_env{negotiated_version = Version,
private_key = PrivateKey},
- client_certificate_requested = true,
+ client_certificate_status = requested,
session = #session{master_secret = MasterSecret,
own_certificates = OwnCerts}} = State, Connection) ->
@@ -907,7 +922,7 @@ verify_client_cert(#state{static_env = #static_env{role = client},
#alert{} = Alert ->
throw(Alert)
end;
-verify_client_cert(#state{client_certificate_requested = false} = State, _) ->
+verify_client_cert(#state{client_certificate_status = not_requested} = State, _) ->
State.
client_certify_and_key_exchange(#state{connection_env = #connection_env{negotiated_version = Version}} =
@@ -917,7 +932,7 @@ client_certify_and_key_exchange(#state{connection_env = #connection_env{negotiat
{State2, Actions} = finalize_handshake(State1, certify, Connection),
State = State2#state{
%% Reinitialize
- client_certificate_requested = false},
+ client_certificate_status = not_requested},
Connection:next_event(cipher, no_record, State, Actions)
catch
throw:#alert{} = Alert ->
@@ -936,8 +951,8 @@ server_certify_and_key_exchange(State0, Connection) ->
certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS},
#state{connection_env = #connection_env{private_key = Key},
- handshake_env = #handshake_env{client_hello_version = {Major, Minor} = Version}}
- = State, Connection) ->
+ handshake_env = #handshake_env{client_hello_version = {Major, Minor} = Version},
+ client_certificate_status = CCStatus} = State, Connection) ->
FakeSecret = make_premaster_secret(Version, rsa),
%% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret
%% and fail handshake later.RFC 5246 section 7.4.7.1.
@@ -955,56 +970,74 @@ certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS
catch
#alert{description = ?DECRYPT_ERROR} ->
FakeSecret
- end,
- calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
+ end,
+ calculate_master_secret(PremasterSecret, State, Connection, certify, client_kex_next_state(CCStatus));
certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey},
#state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params,
- kex_keys = {_, ServerDhPrivateKey}}
+ kex_keys = {_, ServerDhPrivateKey}},
+ client_certificate_status = CCStatus
} = State,
Connection) ->
PremasterSecret = ssl_handshake:premaster_secret(ClientPublicDhKey, ServerDhPrivateKey, Params),
- calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
+ calculate_master_secret(PremasterSecret, State, Connection, certify, client_kex_next_state(CCStatus));
certify_client_key_exchange(#client_ec_diffie_hellman_public{dh_public = ClientPublicEcDhPoint},
- #state{handshake_env = #handshake_env{kex_keys = ECDHKey}} = State, Connection) ->
+ #state{handshake_env = #handshake_env{kex_keys = ECDHKey},
+ client_certificate_status = CCStatus
+ } = State, Connection) ->
PremasterSecret = ssl_handshake:premaster_secret(#'ECPoint'{point = ClientPublicEcDhPoint}, ECDHKey),
- calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
+ calculate_master_secret(PremasterSecret, State, Connection, certify, client_kex_next_state(CCStatus));
certify_client_key_exchange(#client_psk_identity{} = ClientKey,
#state{ssl_options =
- #{user_lookup_fun := PSKLookup}} = State0,
+ #{user_lookup_fun := PSKLookup},
+ client_certificate_status = CCStatus
+ } = State0,
Connection) ->
PremasterSecret = ssl_handshake:premaster_secret(ClientKey, PSKLookup),
- calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher);
+ calculate_master_secret(PremasterSecret, State0, Connection, certify, client_kex_next_state(CCStatus));
certify_client_key_exchange(#client_dhe_psk_identity{} = ClientKey,
#state{handshake_env = #handshake_env{diffie_hellman_params = #'DHParameter'{} = Params,
kex_keys = {_, ServerDhPrivateKey}},
ssl_options =
- #{user_lookup_fun := PSKLookup}} = State0,
+ #{user_lookup_fun := PSKLookup},
+ client_certificate_status = CCStatus
+ } = State0,
Connection) ->
PremasterSecret =
ssl_handshake:premaster_secret(ClientKey, ServerDhPrivateKey, Params, PSKLookup),
- calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher);
+ calculate_master_secret(PremasterSecret, State0, Connection, certify, client_kex_next_state(CCStatus));
certify_client_key_exchange(#client_ecdhe_psk_identity{} = ClientKey,
#state{handshake_env = #handshake_env{kex_keys = ServerEcDhPrivateKey},
ssl_options =
- #{user_lookup_fun := PSKLookup}} = State,
+ #{user_lookup_fun := PSKLookup},
+ client_certificate_status = CCStatus
+ } = State,
Connection) ->
PremasterSecret =
ssl_handshake:premaster_secret(ClientKey, ServerEcDhPrivateKey, PSKLookup),
- calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
+ calculate_master_secret(PremasterSecret, State, Connection, certify, client_kex_next_state(CCStatus));
certify_client_key_exchange(#client_rsa_psk_identity{} = ClientKey,
- #state{connection_env = #connection_env{private_key = Key},
+ #state{connection_env = #connection_env{private_key = PrivateKey},
ssl_options =
- #{user_lookup_fun := PSKLookup}} = State0,
+ #{user_lookup_fun := PSKLookup},
+ client_certificate_status = CCStatus} = State0,
Connection) ->
- PremasterSecret = ssl_handshake:premaster_secret(ClientKey, Key, PSKLookup),
- calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher);
+ PremasterSecret = ssl_handshake:premaster_secret(ClientKey, PrivateKey, PSKLookup),
+ calculate_master_secret(PremasterSecret, State0, Connection, certify, client_kex_next_state(CCStatus));
certify_client_key_exchange(#client_srp_public{} = ClientKey,
#state{handshake_env = #handshake_env{srp_params = Params,
- kex_keys = Key}
+ kex_keys = Key},
+ client_certificate_status = CCStatus
} = State0, Connection) ->
PremasterSecret = ssl_handshake:premaster_secret(ClientKey, Key, Params),
- calculate_master_secret(PremasterSecret, State0, Connection, certify, cipher).
+ calculate_master_secret(PremasterSecret, State0, Connection, certify, client_kex_next_state(CCStatus)).
+
+client_kex_next_state(needs_verifying) ->
+ wait_cert_verify;
+client_kex_next_state(empty) ->
+ cipher;
+client_kex_next_state(not_requested) ->
+ cipher.
certify_server(#state{handshake_env = #handshake_env{kex_algorithm = KexAlg}} =
State, _) when KexAlg == dh_anon;
@@ -1334,7 +1367,7 @@ request_client_cert(#state{static_env = #static_env{cert_db = CertDbHandle,
Msg = ssl_handshake:certificate_request(CipherSuite, CertDbHandle, CertDbRef,
HashSigns, TLSVersion),
State = Connection:queue_handshake(Msg, State0),
- State#state{client_certificate_requested = true};
+ State#state{client_certificate_status = requested};
request_client_cert(#state{ssl_options = #{verify := verify_none}} =
State, _) ->
diff --git a/lib/ssl/src/tls_gen_connection.erl b/lib/ssl/src/tls_gen_connection.erl
index 5da87e79d6be..37106ea6ff21 100644
--- a/lib/ssl/src/tls_gen_connection.erl
+++ b/lib/ssl/src/tls_gen_connection.erl
@@ -349,7 +349,28 @@ next_event(StateName, #alert{} = Alert, State, Actions) ->
{next_state, StateName, State, [{next_event, internal, Alert} | Actions]}.
%%% TLS record protocol level application data messages
-handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName,
+handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA}, StateName,
+ #state{static_env = #static_env{role = server},
+ connection_env = #connection_env{negotiated_version = Version},
+ handshake_env = #handshake_env{renegotiation = {false, first}}
+ } = State) when StateName == initial_hello;
+ StateName == hello;
+ StateName == certify;
+ StateName == wait_cert_verify;
+ StateName == wait_ocsp_stapling;
+ StateName == abbreviated;
+ StateName == cipher
+ ->
+ %% Application data can not be sent before initial handshake pre TLS-1.3.
+ Alert = ?ALERT_REC(?FATAL, ?UNEXPECTED_MESSAGE, application_data_before_initial_handshake),
+ ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State);
+handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA}, start = StateName,
+ #state{static_env = #static_env{role = server},
+ connection_env = #connection_env{negotiated_version = Version}
+ } = State) ->
+ Alert = ?ALERT_REC(?FATAL, ?DECODE_ERROR, invalid_tls_13_message),
+ ssl_gen_statem:handle_own_alert(Alert, Version, StateName, State);
+handle_protocol_record(#ssl_tls{type = ?APPLICATION_DATA, fragment = Data}, StateName,
#state{start_or_recv_from = From,
socket_options = #socket_options{active = false}} = State0) when From =/= undefined ->
case ssl_gen_statem:read_application_data(Data, State0) of
diff --git a/lib/ssl/src/tls_handshake_1_3.erl b/lib/ssl/src/tls_handshake_1_3.erl
index a6014739c681..7fd1b8767201 100644
--- a/lib/ssl/src/tls_handshake_1_3.erl
+++ b/lib/ssl/src/tls_handshake_1_3.erl
@@ -1187,7 +1187,7 @@ maybe_append_change_cipher_spec(#state{
maybe_append_change_cipher_spec(State, Bin) ->
{State, Bin}.
-maybe_queue_cert_cert_cv(#state{client_certificate_requested = false} = State) ->
+maybe_queue_cert_cert_cv(#state{client_certificate_status = not_requested} = State) ->
{ok, State};
maybe_queue_cert_cert_cv(#state{connection_states = _ConnectionStates0,
session = #session{session_id = _SessionId,
@@ -1408,7 +1408,7 @@ create_change_cipher_spec(#state{ssl_options = #{log_level := LogLevel}}) ->
process_certificate_request(#certificate_request_1_3{},
#state{session = #session{own_certificates = undefined}} = State) ->
- {ok, {State#state{client_certificate_requested = true}, wait_cert}};
+ {ok, {State#state{client_certificate_status = requested}, wait_cert}};
process_certificate_request(#certificate_request_1_3{
extensions = Extensions},
@@ -1427,11 +1427,11 @@ process_certificate_request(#certificate_request_1_3{
%% Check if server supports signature algorithm of client certificate
case check_cert_sign_algo(SignAlgo, SignHash, ServerSignAlgs, ServerSignAlgsCert) of
ok ->
- {ok, {State#state{client_certificate_requested = true,
+ {ok, {State#state{client_certificate_status = requested,
session = Session#session{sign_alg = SelectedSignAlg}}, wait_cert}};
{error, _} ->
%% Certificate not supported: send empty certificate in state 'wait_finished'
- {ok, {State#state{client_certificate_requested = true,
+ {ok, {State#state{client_certificate_status = requested,
session = Session#session{own_certificates = undefined}}, wait_cert}}
end
catch
diff --git a/lib/ssl/test/ssl_npn_SUITE.erl b/lib/ssl/test/ssl_npn_SUITE.erl
index 81c75ecff04a..914563b782ed 100644
--- a/lib/ssl/test/ssl_npn_SUITE.erl
+++ b/lib/ssl/test/ssl_npn_SUITE.erl
@@ -68,14 +68,18 @@
all() ->
[{group, 'tlsv1.2'},
{group, 'tlsv1.1'},
- {group, 'tlsv1'}
+ {group, 'tlsv1'},
+ {group, 'dtlsv1.2'},
+ {group, 'dtlsv1'}
].
groups() ->
[
{'tlsv1.2', [], next_protocol_tests()},
{'tlsv1.1', [], next_protocol_tests()},
- {'tlsv1', [], next_protocol_tests()}
+ {'tlsv1', [], next_protocol_tests()},
+ {'dtlsv1.2', [], next_protocol_tests()},
+ {'dtlsv1', [], next_protocol_tests()}
].
next_protocol_tests() ->

825
CVE-2023-48795-erlang23.patch Normal file
View File

@ -0,0 +1,825 @@
From ee67d46285394db95133709cef74b0c462d665aa Mon Sep 17 00:00:00 2001
From: Jakub Witczak <kuba@erlang.org>
Date: Fri, 15 Dec 2023 09:12:33 +0100
Subject: [PATCH] ssh: KEX strict
Origin: https://github.com/erlang/otp/commit/ee67d46285394db95133709cef74b0c462d665aa
- negotiate "strict KEX" OpenSSH feature
- when negotiated between peers apply strict KEX
- related tests
- print_seqnums fix in ssh_trtp test code
---
lib/ssh/src/ssh.hrl | 5 +-
lib/ssh/src/ssh_connection_handler.erl | 12 ++-
lib/ssh/src/ssh_transport.erl | 104 ++++++++++++++++++++-----
lib/ssh/src/ssh_transport.hrl | 4 +-
lib/ssh/test/ssh_protocol_SUITE.erl | 100 +++++++++++++++++++++---
lib/ssh/test/ssh_test_lib.erl | 52 ++++++++++++-
lib/ssh/test/ssh_to_openssh_SUITE.erl | 90 ++++++++++++++++-----
lib/ssh/test/ssh_trpt_test_lib.erl | 34 ++++----
8 files changed, 335 insertions(+), 66 deletions(-)
diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl
index e37a14a..7df6d4d 100644
--- a/lib/ssh/src/ssh.hrl
+++ b/lib/ssh/src/ssh.hrl
@@ -431,6 +431,8 @@
send_ext_info, %% May send ext-info to peer
recv_ext_info, %% Expect ext-info from peer
+ kex_strict_negotiated = false,
+
algorithms, %% #alg{}
send_mac = none, %% send MAC algorithm
@@ -502,7 +504,8 @@
c_lng,
s_lng,
send_ext_info,
- recv_ext_info
+ recv_ext_info,
+ kex_strict_negotiated = false
}).
-record(ssh_pty, {c_version = "", % client version string, e.g "SSH-2.0-Erlang/4.10.5"
diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl
index 625f177..8e8c082 100644
--- a/lib/ssh/src/ssh_connection_handler.erl
+++ b/lib/ssh/src/ssh_connection_handler.erl
@@ -741,7 +741,7 @@ handle_event(_, no_hello_received, {hello,_Role}=StateName, D0) ->
handle_event(_, {#ssh_msg_kexinit{}=Kex, Payload}, {kexinit,Role,ReNeg},
D = #data{key_exchange_init_msg = OwnKex}) ->
Ssh1 = ssh_transport:key_init(peer_role(Role), D#data.ssh_params, Payload),
- Ssh = case ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1) of
+ Ssh = case ssh_transport:handle_kexinit_msg(Kex, OwnKex, Ssh1, ReNeg) of
{ok, NextKexMsg, Ssh2} when Role==client ->
send_bytes(NextKexMsg, D),
Ssh2;
@@ -1114,6 +1114,16 @@ handle_event(_, #ssh_msg_disconnect{description=Desc} = Msg, StateName, D0) ->
disconnect_fun("Received disconnect: "++Desc, D),
{stop_and_reply, {shutdown,Desc}, Actions, D};
+handle_event(internal, #ssh_msg_ignore{}, {_StateName, _Role, init},
+ #data{ssh_params = #ssh{kex_strict_negotiated = true,
+ send_sequence = SendSeq,
+ recv_sequence = RecvSeq}}) ->
+ ?DISCONNECT(?SSH_DISCONNECT_KEY_EXCHANGE_FAILED,
+ io_lib:format("strict KEX violation: unexpected SSH_MSG_IGNORE "
+ "send_sequence = ~p recv_sequence = ~p",
+ [SendSeq, RecvSeq])
+ );
+
handle_event(_, #ssh_msg_ignore{}, _, _) ->
keep_state_and_data;
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 9bbd8b9..8e17dae 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -42,7 +42,7 @@
key_exchange_init_msg/1,
key_init/3, new_keys_message/1,
ext_info_message/1,
- handle_kexinit_msg/3, handle_kexdh_init/2,
+ handle_kexinit_msg/4, handle_kexdh_init/2,
handle_kex_dh_gex_group/2, handle_kex_dh_gex_init/2, handle_kex_dh_gex_reply/2,
handle_new_keys/2, handle_kex_dh_gex_request/2,
handle_kexdh_reply/2,
@@ -213,7 +213,6 @@ supported_algorithms(cipher) ->
same(
select_crypto_supported(
[
- {'chacha20-poly1305@openssh.com', [{ciphers,chacha20}, {macs,poly1305}]},
{'aes256-gcm@openssh.com', [{ciphers,aes_256_gcm}]},
{'aes256-ctr', [{ciphers,aes_256_ctr}]},
{'aes192-ctr', [{ciphers,aes_192_ctr}]},
@@ -221,6 +220,7 @@ supported_algorithms(cipher) ->
{'aes128-ctr', [{ciphers,aes_128_ctr}]},
{'AEAD_AES_256_GCM', [{ciphers,aes_256_gcm}]},
{'AEAD_AES_128_GCM', [{ciphers,aes_128_gcm}]},
+ {'chacha20-poly1305@openssh.com', [{ciphers,chacha20}, {macs,poly1305}]},
{'aes256-cbc', [{ciphers,aes_256_cbc}]},
{'aes192-cbc', [{ciphers,aes_192_cbc}]},
{'aes128-cbc', [{ciphers,aes_128_cbc}]},
@@ -336,7 +336,8 @@ kexinit_message(Role, Random, Algs, HostKeyAlgs, Opts) ->
#ssh_msg_kexinit{
cookie = Random,
kex_algorithms = to_strings( get_algs(kex,Algs) )
- ++ kex_ext_info(Role,Opts),
+ ++ kex_ext_info(Role,Opts)
+ ++ kex_strict_alg(Role),
server_host_key_algorithms = HostKeyAlgs,
encryption_algorithms_client_to_server = c2s(cipher,Algs),
encryption_algorithms_server_to_client = s2c(cipher,Algs),
@@ -364,10 +365,12 @@ new_keys_message(Ssh0) ->
handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own,
- #ssh{role = client} = Ssh) ->
+ #ssh{role = client} = Ssh, ReNeg) ->
try
- {ok, Algorithms} = select_algorithm(client, Own, CounterPart, Ssh#ssh.opts),
+ {ok, Algorithms} =
+ select_algorithm(client, Own, CounterPart, Ssh, ReNeg),
true = verify_algorithm(Algorithms),
+ true = verify_kexinit_is_first_msg(Algorithms, Ssh, ReNeg),
Algorithms
of
Algos ->
@@ -380,10 +383,12 @@ handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own,
end;
handle_kexinit_msg(#ssh_msg_kexinit{} = CounterPart, #ssh_msg_kexinit{} = Own,
- #ssh{role = server} = Ssh) ->
+ #ssh{role = server} = Ssh, ReNeg) ->
try
- {ok, Algorithms} = select_algorithm(server, CounterPart, Own, Ssh#ssh.opts),
+ {ok, Algorithms} =
+ select_algorithm(server, CounterPart, Own, Ssh, ReNeg),
true = verify_algorithm(Algorithms),
+ true = verify_kexinit_is_first_msg(Algorithms, Ssh, ReNeg),
Algorithms
of
Algos ->
@@ -459,6 +464,21 @@ verify_algorithm(#alg{kex = Kex}) ->
false -> {false, "kex"}
end.
+verify_kexinit_is_first_msg(#alg{kex_strict_negotiated = false}, _, _) ->
+ true;
+verify_kexinit_is_first_msg(#alg{kex_strict_negotiated = true}, _, renegotiate) ->
+ true;
+verify_kexinit_is_first_msg(#alg{kex_strict_negotiated = true},
+ #ssh{send_sequence = 1, recv_sequence = 1},
+ init) ->
+ true;
+verify_kexinit_is_first_msg(#alg{kex_strict_negotiated = true},
+ #ssh{send_sequence = SendSequence,
+ recv_sequence = RecvSequence}, init) ->
+ error_logger:warning_report(
+ lists:concat(["KEX strict violation (", SendSequence, ", ", RecvSequence, ")."])),
+ {false, "kex_strict"}.
+
%%%----------------------------------------------------------------
%%%
%%% Key exchange initialization
@@ -821,6 +841,9 @@ handle_new_keys(#ssh_msg_newkeys{}, Ssh0) ->
)
end.
+%%%----------------------------------------------------------------
+kex_strict_alg(client) -> [?kex_strict_c];
+kex_strict_alg(server) -> [?kex_strict_s].
%%%----------------------------------------------------------------
kex_ext_info(Role, Opts) ->
@@ -1029,7 +1052,35 @@ known_host_key(#ssh{opts = Opts, peer = {PeerName,{IP,Port}}} = Ssh,
%%
%% The first algorithm in each list MUST be the preferred (guessed)
%% algorithm. Each string MUST contain at least one algorithm name.
-select_algorithm(Role, Client, Server, Opts) ->
+select_algorithm(Role, Client, Server,
+ #ssh{opts = Opts,
+ kex_strict_negotiated = KexStrictNegotiated0},
+ ReNeg) ->
+ KexStrictNegotiated =
+ case ReNeg of
+ %% KEX strict negotiated once per connection
+ init ->
+ Result =
+ case Role of
+ server ->
+ lists:member(?kex_strict_c,
+ Client#ssh_msg_kexinit.kex_algorithms);
+ client ->
+ lists:member(?kex_strict_s,
+ Server#ssh_msg_kexinit.kex_algorithms)
+ end,
+ case Result of
+ true ->
+ error_logger:info_report(
+ lists:concat([Role, " will use strict KEX ordering"]));
+ _ ->
+ ok
+ end,
+ Result;
+ _ ->
+ KexStrictNegotiated0
+ end,
+
{Encrypt0, Decrypt0} = select_encrypt_decrypt(Role, Client, Server),
{SendMac0, RecvMac0} = select_send_recv_mac(Role, Client, Server),
@@ -1080,7 +1131,8 @@ select_algorithm(Role, Client, Server, Opts) ->
c_lng = C_Lng,
s_lng = S_Lng,
send_ext_info = SendExtInfo,
- recv_ext_info = RecvExtInfo
+ recv_ext_info = RecvExtInfo,
+ kex_strict_negotiated = KexStrictNegotiated
}}.
@@ -1178,7 +1230,8 @@ alg_setup(snd, SSH) ->
c_lng = ALG#alg.c_lng,
s_lng = ALG#alg.s_lng,
send_ext_info = ALG#alg.send_ext_info,
- recv_ext_info = ALG#alg.recv_ext_info
+ recv_ext_info = ALG#alg.recv_ext_info,
+ kex_strict_negotiated = ALG#alg.kex_strict_negotiated
};
alg_setup(rcv, SSH) ->
@@ -1190,22 +1243,23 @@ alg_setup(rcv, SSH) ->
c_lng = ALG#alg.c_lng,
s_lng = ALG#alg.s_lng,
send_ext_info = ALG#alg.send_ext_info,
- recv_ext_info = ALG#alg.recv_ext_info
+ recv_ext_info = ALG#alg.recv_ext_info,
+ kex_strict_negotiated = ALG#alg.kex_strict_negotiated
}.
-
-alg_init(snd, SSH0) ->
+alg_init(Dir = snd, SSH0) ->
{ok,SSH1} = send_mac_init(SSH0),
{ok,SSH2} = encrypt_init(SSH1),
{ok,SSH3} = compress_init(SSH2),
- SSH3;
+ {ok,SSH4} = maybe_reset_sequence(Dir, SSH3),
+ SSH4;
-alg_init(rcv, SSH0) ->
+alg_init(Dir = rcv, SSH0) ->
{ok,SSH1} = recv_mac_init(SSH0),
{ok,SSH2} = decrypt_init(SSH1),
{ok,SSH3} = decompress_init(SSH2),
- SSH3.
-
+ {ok,SSH4} = maybe_reset_sequence(Dir, SSH3),
+ SSH4.
alg_final(snd, SSH0) ->
{ok,SSH1} = send_mac_final(SSH0),
@@ -2161,6 +2215,14 @@ crypto_name_supported(Tag, CryptoName, Supported) ->
same(Algs) -> [{client2server,Algs}, {server2client,Algs}].
+maybe_reset_sequence(snd, Ssh = #ssh{kex_strict_negotiated = true}) ->
+ {ok, Ssh#ssh{send_sequence = 0}};
+maybe_reset_sequence(rcv, Ssh = #ssh{kex_strict_negotiated = true}) ->
+ {ok, Ssh#ssh{recv_sequence = 0}};
+maybe_reset_sequence(_Dir, Ssh) ->
+ {ok, Ssh}.
+
+
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%
%% Other utils
@@ -2187,14 +2249,14 @@ ssh_dbg_flags(raw_messages) -> ssh_dbg_flags(hello);
ssh_dbg_flags(ssh_messages) -> ssh_dbg_flags(hello).
-ssh_dbg_on(alg) -> dbg:tpl(?MODULE,select_algorithm,4,x);
+ssh_dbg_on(alg) -> dbg:tpl(?MODULE,select_algorithm,5,x);
ssh_dbg_on(hello) -> dbg:tp(?MODULE,hello_version_msg,1,x),
dbg:tp(?MODULE,handle_hello_version,1,x);
ssh_dbg_on(raw_messages) -> ssh_dbg_on(hello);
ssh_dbg_on(ssh_messages) -> ssh_dbg_on(hello).
-ssh_dbg_off(alg) -> dbg:ctpl(?MODULE,select_algorithm,4);
+ssh_dbg_off(alg) -> dbg:ctpl(?MODULE,select_algorithm,5);
ssh_dbg_off(hello) -> dbg:ctpg(?MODULE,hello_version_msg,1),
dbg:ctpg(?MODULE,handle_hello_version,1);
ssh_dbg_off(raw_messages) -> ssh_dbg_off(hello);
@@ -2217,9 +2279,9 @@ ssh_dbg_format(hello, {call,{?MODULE,handle_hello_version,[Hello]}}) ->
ssh_dbg_format(hello, {return_from,{?MODULE,handle_hello_version,1},_Ret}) ->
skip;
-ssh_dbg_format(alg, {call,{?MODULE,select_algorithm,[_,_,_,_]}}) ->
+ssh_dbg_format(alg, {call,{?MODULE,select_algorithm,[_,_,_,_,_]}}) ->
skip;
-ssh_dbg_format(alg, {return_from,{?MODULE,select_algorithm,4},{ok,Alg}}) ->
+ssh_dbg_format(alg, {return_from,{?MODULE,select_algorithm,5},{ok,Alg}}) ->
["Negotiated algorithms:\n",
wr_record(Alg)
];
diff --git a/lib/ssh/src/ssh_transport.hrl b/lib/ssh/src/ssh_transport.hrl
index f424a4f..59ac9db 100644
--- a/lib/ssh/src/ssh_transport.hrl
+++ b/lib/ssh/src/ssh_transport.hrl
@@ -266,5 +266,7 @@
-define(dh_group18,
{2, 16#FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFFF}).
-
+%%% OpenSSH KEX strict
+-define(kex_strict_c, "kex-strict-c-v00@openssh.com").
+-define(kex_strict_s, "kex-strict-s-v00@openssh.com").
-endif. % -ifdef(ssh_transport).
diff --git a/lib/ssh/test/ssh_protocol_SUITE.erl b/lib/ssh/test/ssh_protocol_SUITE.erl
index ab854e4..ecdc74b 100644
--- a/lib/ssh/test/ssh_protocol_SUITE.erl
+++ b/lib/ssh/test/ssh_protocol_SUITE.erl
@@ -53,6 +53,9 @@
empty_service_name/1,
ext_info_c/1,
ext_info_s/1,
+ kex_strict_negotiated/1,
+ kex_strict_msg_ignore/1,
+ kex_strict_msg_unknown/1,
gex_client_init_option_groups/1,
gex_client_init_option_groups_file/1,
gex_client_init_option_groups_moduli_file/1,
@@ -134,8 +137,10 @@ groups() ->
gex_client_init_option_groups_moduli_file,
gex_client_init_option_groups_file,
gex_client_old_request_exact,
- gex_client_old_request_noexact
- ]},
+ gex_client_old_request_noexact,
+ kex_strict_negotiated,
+ kex_strict_msg_ignore,
+ kex_strict_msg_unknown]},
{service_requests, [], [bad_service_name,
bad_long_service_name,
bad_very_long_service_name,
@@ -160,17 +165,16 @@ groups() ->
init_per_suite(Config) ->
?CHECK_CRYPTO(start_std_daemon( setup_dirs( start_apps(Config)))).
-
+
end_per_suite(Config) ->
stop_apps(Config).
-
-
init_per_testcase(no_common_alg_server_disconnects, Config) ->
start_std_daemon(Config, [{preferred_algorithms,[{public_key,['ssh-rsa']},
{cipher,?DEFAULT_CIPHERS}
]}]);
-
+init_per_testcase(kex_strict_negotiated, Config) ->
+ Config;
init_per_testcase(TC, Config) when TC == gex_client_init_option_groups ;
TC == gex_client_init_option_groups_moduli_file ;
TC == gex_client_init_option_groups_file ;
@@ -213,6 +217,8 @@ init_per_testcase(_TestCase, Config) ->
end_per_testcase(no_common_alg_server_disconnects, Config) ->
stop_std_daemon(Config);
+end_per_testcase(kex_strict_negotiated, Config) ->
+ Config;
end_per_testcase(TC, Config) when TC == gex_client_init_option_groups ;
TC == gex_client_init_option_groups_moduli_file ;
TC == gex_client_init_option_groups_file ;
@@ -814,6 +820,80 @@ ext_info_c(Config) ->
{result, Pid, Error} -> ct:fail("Error: ~p",[Error])
end.
+%%%--------------------------------------------------------------------
+%%%
+kex_strict_negotiated(Config0) ->
+ {ok,Pid} = ssh_test_lib:add_report_handler(),
+ Config = start_std_daemon(Config0, []),
+ {Server, Host, Port} = proplists:get_value(server, Config),
+ #{level := Level} = logger:get_primary_config(),
+ logger:set_primary_config(level, notice),
+ {ok, ConnRef} = std_connect({Host, Port}, Config, []),
+ {algorithms, A} = ssh:connection_info(ConnRef, algorithms),
+ ssh:stop_daemon(Server),
+ {ok, Reports} = ssh_test_lib:get_reports(Pid),
+ ct:log("Reports = ~p", [Reports]),
+ true = ssh_test_lib:kex_strict_negotiated(client, Reports),
+ true = ssh_test_lib:kex_strict_negotiated(server, Reports),
+ logger:set_primary_config(Level),
+ ok.
+
+%% Connect to an erlang server and inject unexpected SSH ignore
+kex_strict_msg_ignore(Config) ->
+ ct:log("START: ~p~n=================================", [?FUNCTION_NAME]),
+ ExpectedReason = "strict KEX violation: unexpected SSH_MSG_IGNORE",
+ TestMessages =
+ [{send, ssh_msg_ignore},
+ {match, #ssh_msg_kexdh_reply{_='_'}, receive_msg},
+ {match, disconnect(?SSH_DISCONNECT_KEY_EXCHANGE_FAILED), receive_msg}],
+ kex_strict_helper(Config, TestMessages, ExpectedReason).
+
+%% Connect to an erlang server and inject unexpected non-SSH binary
+kex_strict_msg_unknown(Config) ->
+ ct:log("START: ~p~n=================================", [?FUNCTION_NAME]),
+ ExpectedReason = "Bad packet: Size",
+ TestMessages =
+ [{send, ssh_msg_unknown},
+ {match, #ssh_msg_kexdh_reply{_='_'}, receive_msg},
+ {match, disconnect(?SSH_DISCONNECT_KEY_EXCHANGE_FAILED), receive_msg}],
+ kex_strict_helper(Config, TestMessages, ExpectedReason).
+
+kex_strict_helper(Config, TestMessages, ExpectedReason) ->
+ {ok,HandlerPid} = ssh_test_lib:add_report_handler(),
+ #{level := Level} = logger:get_primary_config(),
+ logger:set_primary_config(level, notice),
+ %% Connect and negotiate keys
+ {ok, InitialState} = ssh_trpt_test_lib:exec(
+ [{set_options, [print_ops, print_seqnums, print_messages]}]
+ ),
+ {ok, _AfterKexState} =
+ ssh_trpt_test_lib:exec(
+ [{connect,
+ server_host(Config),server_port(Config),
+ [{preferred_algorithms,[{kex,[?DEFAULT_KEX]},
+ {cipher,?DEFAULT_CIPHERS}
+ ]},
+ {silently_accept_hosts, true},
+ {recv_ext_info, false},
+ {user_dir, user_dir(Config)},
+ {user_interaction, false}
+ | proplists:get_value(extra_options,Config,[])
+ ]},
+ receive_hello,
+ {send, hello},
+ {send, ssh_msg_kexinit},
+ {match, #ssh_msg_kexinit{_='_'}, receive_msg},
+ {send, ssh_msg_kexdh_init}] ++
+ TestMessages,
+ InitialState),
+ ct:sleep(100),
+ {ok, Reports} = ssh_test_lib:get_reports(HandlerPid),
+ ct:log("HandlerPid = ~p~nReports = ~p", [HandlerPid, Reports]),
+ true = ssh_test_lib:kex_strict_negotiated(client, Reports),
+ true = ssh_test_lib:kex_strict_negotiated(server, Reports),
+ true = ssh_test_lib:event_logged(server, Reports, ExpectedReason),
+ logger:set_primary_config(Level),
+ ok.
%%%----------------------------------------------------------------
%%%
@@ -835,7 +915,7 @@ modify_append(Config) ->
Ciphers = filter_supported(cipher, ?CIPHERS),
{ok,_} =
chk_pref_algs(Config,
- [?DEFAULT_KEX, ?EXTRA_KEX],
+ [?DEFAULT_KEX, ?EXTRA_KEX, list_to_atom(?kex_strict_s)],
Ciphers,
[{preferred_algorithms, [{kex,[?DEFAULT_KEX]},
{cipher,Ciphers}
@@ -849,7 +929,7 @@ modify_prepend(Config) ->
Ciphers = filter_supported(cipher, ?CIPHERS),
{ok,_} =
chk_pref_algs(Config,
- [?EXTRA_KEX, ?DEFAULT_KEX],
+ [?EXTRA_KEX, ?DEFAULT_KEX, list_to_atom(?kex_strict_s)],
Ciphers,
[{preferred_algorithms, [{kex,[?DEFAULT_KEX]},
{cipher,Ciphers}
@@ -863,7 +943,7 @@ modify_rm(Config) ->
Ciphers = filter_supported(cipher, ?CIPHERS),
{ok,_} =
chk_pref_algs(Config,
- [?DEFAULT_KEX],
+ [?DEFAULT_KEX, list_to_atom(?kex_strict_s)],
tl(Ciphers),
[{preferred_algorithms, [{kex,[?DEFAULT_KEX,?EXTRA_KEX]},
{cipher,Ciphers}
@@ -882,7 +962,7 @@ modify_combo(Config) ->
LastC = lists:last(Ciphers),
{ok,_} =
chk_pref_algs(Config,
- [?DEFAULT_KEX],
+ [?DEFAULT_KEX, list_to_atom(?kex_strict_s)],
[LastC] ++ (tl(Ciphers)--[LastC]) ++ [hd(Ciphers)],
[{preferred_algorithms, [{kex,[?DEFAULT_KEX,?EXTRA_KEX]},
{cipher,Ciphers}
diff --git a/lib/ssh/test/ssh_test_lib.erl b/lib/ssh/test/ssh_test_lib.erl
index fb7365e..c20acdf 100644
--- a/lib/ssh/test/ssh_test_lib.erl
+++ b/lib/ssh/test/ssh_test_lib.erl
@@ -120,7 +120,11 @@ setup_host_key_create_dir/3,
setup_host_key/3,
setup_known_host/3,
get_addr_str/0,
-file_base_name/2
+file_base_name/2,
+add_report_handler/0,
+get_reports/1,
+kex_strict_negotiated/2,
+event_logged/3
]).
-include_lib("common_test/include/ct.hrl").
@@ -1227,3 +1231,49 @@ file_base_name(system_src, 'ecdsa-sha2-nistp521') -> "ssh_host_ecdsa_key521";
file_base_name(system_src, Alg) -> file_base_name(system, Alg).
%%%----------------------------------------------------------------
+add_report_handler() ->
+ ssh_eqc_event_handler:add_report_handler().
+
+get_reports(Pid) ->
+ ssh_eqc_event_handler:get_reports(Pid).
+
+-define(SEARCH_FUN(EXP),
+ begin
+ fun({info_report, _, {_, std_info, EXP}}) ->
+ true;
+ (_) ->
+ false
+ end
+ end).
+-define(SEARCH_SUFFIX, " will use strict KEX ordering").
+
+kex_strict_negotiated(client, Reports) ->
+ kex_strict_negotiated(?SEARCH_FUN("client" ++ ?SEARCH_SUFFIX), Reports);
+kex_strict_negotiated(server, Reports) ->
+ kex_strict_negotiated(?SEARCH_FUN("server" ++ ?SEARCH_SUFFIX), Reports);
+kex_strict_negotiated(SearchFun, Reports) when is_function(SearchFun) ->
+ case lists:search(SearchFun, Reports) of
+ {value, _} -> true;
+ _ -> false
+ end.
+
+event_logged(Role, Reports, Reason) ->
+ SearchF =
+ fun({info_msg, _, {_, _Format, Args}}) ->
+ AnyF = fun (E) when is_list(E) ->
+ case string:find(E, Reason) of
+ nomatch -> false;
+ _ -> true
+ end;
+ (_) ->
+ false
+ end,
+ lists:member(Role, Args) andalso
+ lists:any(AnyF, Args);
+ (_) ->
+ false
+ end,
+ case lists:search(SearchF, Reports) of
+ {value, _} -> true;
+ _ -> false
+ end.
diff --git a/lib/ssh/test/ssh_to_openssh_SUITE.erl b/lib/ssh/test/ssh_to_openssh_SUITE.erl
index 96072cb..f677a87 100644
--- a/lib/ssh/test/ssh_to_openssh_SUITE.erl
+++ b/lib/ssh/test/ssh_to_openssh_SUITE.erl
@@ -23,6 +23,7 @@
-include_lib("common_test/include/ct.hrl").
-include("ssh_test_lib.hrl").
+-include_lib("ssh/src/ssh_transport.hrl").
-export([
suite/0,
@@ -38,7 +39,9 @@
-export([
erlang_server_openssh_client_renegotiate/1,
+ eserver_oclient_kex_strict/1,
erlang_shell_client_openssh_server/1,
+ eclient_oserver_kex_strict/1,
exec_direct_with_io_in_sshc/1,
exec_with_io_in_sshc/1,
tunnel_in_erlclient_erlserver/1,
@@ -74,12 +77,14 @@ groups() ->
[{erlang_client, [], [tunnel_in_erlclient_erlserver,
tunnel_out_erlclient_erlserver,
{group, tunnel_distro_server},
- erlang_shell_client_openssh_server
+ erlang_shell_client_openssh_server,
+ eclient_oserver_kex_strict
]},
{tunnel_distro_server, [], [tunnel_in_erlclient_openssh_server,
tunnel_out_erlclient_openssh_server]},
{erlang_server, [], [{group, tunnel_distro_client},
erlang_server_openssh_client_renegotiate,
+ eserver_oclient_kex_strict,
exec_with_io_in_sshc,
exec_direct_with_io_in_sshc
]},
@@ -87,16 +92,15 @@ groups() ->
tunnel_out_non_erlclient_erlserver]}
].
-init_per_suite(Config) ->
+init_per_suite(Config0) ->
?CHECK_CRYPTO(
- case gen_tcp:connect("localhost", 22, []) of
+ case gen_tcp:connect("localhost", 22, [{active, false}]) of
{error,econnrefused} ->
- {skip,"No openssh deamon (econnrefused)"};
- _ ->
+ {skip,"No openssh daemon (econnrefused)"};
+ {ok, Sock} ->
ssh_test_lib:openssh_sanity_check(
- [{ptty_supported, ssh_test_lib:ptty_supported()}
- | Config]
- )
+ [{ptty_supported, ssh_test_lib:ptty_supported()},
+ {kex_strict, check_kex_strict(Sock)}| Config0])
end
).
@@ -142,6 +146,25 @@ end_per_testcase(_TestCase, _Config) ->
%% Test Cases --------------------------------------------------------
%%--------------------------------------------------------------------
erlang_shell_client_openssh_server(Config) when is_list(Config) ->
+ eclient_oserver_helper(Config).
+
+eclient_oserver_kex_strict(Config) when is_list(Config)->
+ case proplists:get_value(kex_strict, Config) of
+ true ->
+ {ok, HandlerPid} = ssh_test_lib:add_report_handler(),
+ #{level := Level} = logger:get_primary_config(),
+ logger:set_primary_config(level, notice),
+ Result = eclient_oserver_helper(Config),
+ {ok, Reports} = ssh_test_lib:get_reports(HandlerPid),
+ ct:pal("Reports = ~p", [Reports]),
+ true = ssh_test_lib:kex_strict_negotiated(client, Reports),
+ logger:set_primary_config(Level),
+ Result;
+ _ ->
+ {skip, "KEX strict not support by local OpenSSH"}
+ end.
+
+eclient_oserver_helper(Config) ->
process_flag(trap_exit, true),
IO = ssh_test_lib:start_io_server(),
Prev = lists:usort(supervisor:which_children(sshc_sup)),
@@ -166,7 +189,6 @@ erlang_shell_client_openssh_server(Config) when is_list(Config) ->
false
end)
end.
-
%%--------------------------------------------------------------------
%% Test that the server could redirect stdin and stdout from/to an
%% OpensSSH client when handling an exec request
@@ -233,6 +255,25 @@ exec_direct_with_io_in_sshc(Config) when is_list(Config) ->
%%--------------------------------------------------------------------
%% Test that the Erlang/OTP server can renegotiate with openSSH
erlang_server_openssh_client_renegotiate(Config) ->
+ eserver_oclient_renegotiate_helper(Config).
+
+eserver_oclient_kex_strict(Config) ->
+ case proplists:get_value(kex_strict, Config) of
+ true ->
+ {ok, HandlerPid} = ssh_test_lib:add_report_handler(),
+ #{level := Level} = logger:get_primary_config(),
+ logger:set_primary_config(level, notice),
+ Result = eserver_oclient_renegotiate_helper(Config),
+ {ok, Reports} = ssh_test_lib:get_reports(HandlerPid),
+ ct:log("Reports = ~p", [Reports]),
+ true = ssh_test_lib:kex_strict_negotiated(server, Reports),
+ logger:set_primary_config(Level),
+ Result;
+ _ ->
+ {skip, "KEX strict not support by local OpenSSH"}
+ end.
+
+eserver_oclient_renegotiate_helper(Config) ->
_PubKeyAlg = ssh_rsa,
SystemDir = proplists:get_value(data_dir, Config),
PrivDir = proplists:get_value(priv_dir, Config),
@@ -258,9 +299,9 @@ erlang_server_openssh_client_renegotiate(Config) ->
OpenSsh = ssh_test_lib:open_port({spawn, Cmd++" < "++DataFile}),
- Expect = fun({data,R}) ->
+ Expect = fun({data,R}) ->
try
- NonAlphaChars = [C || C<-lists:seq(1,255),
+ NonAlphaChars = [C || C<-lists:seq(1,255),
not lists:member(C,lists:seq($a,$z)),
not lists:member(C,lists:seq($A,$Z))
],
@@ -278,15 +319,14 @@ erlang_server_openssh_client_renegotiate(Config) ->
(_) ->
false
end,
-
- try
- ssh_test_lib:rcv_expected(Expect, OpenSsh, ?TIMEOUT)
+ try
+ ssh_test_lib:rcv_expected(Expect, OpenSsh, ?TIMEOUT)
of
- _ ->
- %% Unfortunately we can't check that there has been a renegotiation, just trust OpenSSH.
- ssh:stop_daemon(Pid)
+ _ ->
+ %% Unfortunately we can't check that there has been a renegotiation, just trust OpenSSH.
+ ssh:stop_daemon(Pid)
catch
- throw:{skip,R} -> {skip,R}
+ throw:{skip,R} -> {skip,R}
end.
%%--------------------------------------------------------------------
@@ -571,3 +611,17 @@ no_forwarding() ->
"---- The function no_forwarding() returns ~p",
[Cmnd,TheText, FailRegExp, Result]),
Result.
+
+check_kex_strict(Sock) ->
+ %% Send some version, in order to receive KEXINIT from server
+ ok = gen_tcp:send(Sock, "SSH-2.0-OpenSSH_9.5\r\n"),
+ ct:sleep(100),
+ {ok, Packet} = gen_tcp:recv(Sock, 0),
+ case string:find(Packet, ?kex_strict_s) of
+ nomatch ->
+ ct:log("KEX strict NOT supported by local OpenSSH"),
+ false;
+ _ ->
+ ct:log("KEX strict supported by local OpenSSH"),
+ true
+ end.
diff --git a/lib/ssh/test/ssh_trpt_test_lib.erl b/lib/ssh/test/ssh_trpt_test_lib.erl
index eea392b..80c570a 100644
--- a/lib/ssh/test/ssh_trpt_test_lib.erl
+++ b/lib/ssh/test/ssh_trpt_test_lib.erl
@@ -73,7 +73,7 @@ exec(L, S) when is_list(L) -> lists:foldl(fun exec/2, S, L);
exec(Op, S0=#s{}) ->
S1 = init_op_traces(Op, S0),
try seqnum_trace(
- op(Op, S1))
+ op(Op, S1), S1)
of
S = #s{} ->
case proplists:get_value(silent,S#s.opts) of
@@ -331,12 +331,20 @@ send(S0, ssh_msg_kexinit) ->
{Msg, _Bytes, _C0} = ssh_transport:key_exchange_init_msg(S0#s.ssh),
send(S0, Msg);
+send(S0, ssh_msg_ignore) ->
+ Msg = #ssh_msg_ignore{data = "unexpected_ignore_message"},
+ send(S0, Msg);
+
+send(S0, ssh_msg_unknown) ->
+ Msg = binary:encode_hex(<<"0000000C060900000000000000000000">>),
+ send(S0, Msg);
+
send(S0=#s{alg_neg={undefined,PeerMsg}}, Msg=#ssh_msg_kexinit{}) ->
S1 = opt(print_messages, S0,
fun(X) when X==true;X==detail -> {"Send~n~s~n",[format_msg(Msg)]} end),
S2 = case PeerMsg of
#ssh_msg_kexinit{} ->
- try ssh_transport:handle_kexinit_msg(PeerMsg, Msg, S1#s.ssh) of
+ try ssh_transport:handle_kexinit_msg(PeerMsg, Msg, S1#s.ssh, init) of
{ok,Cx} when ?role(S1) == server ->
S1#s{alg = Cx#ssh.algorithms};
{ok,_NextKexMsgBin,Cx} when ?role(S1) == client ->
@@ -358,7 +366,7 @@ send(S0=#s{alg_neg={undefined,PeerMsg}}, Msg=#ssh_msg_kexinit{}) ->
send(S0, ssh_msg_kexdh_init) when ?role(S0) == client ->
{OwnMsg, PeerMsg} = S0#s.alg_neg,
{ok, NextKexMsgBin, C} =
- try ssh_transport:handle_kexinit_msg(PeerMsg, OwnMsg, S0#s.ssh)
+ try ssh_transport:handle_kexinit_msg(PeerMsg, OwnMsg, S0#s.ssh, init)
catch
Class:Exc ->
fail("Algoritm negotiation failed!",
@@ -441,7 +449,7 @@ recv(S0 = #s{}) ->
fail("2 kexint received!!", S);
{OwnMsg, _} ->
- try ssh_transport:handle_kexinit_msg(PeerMsg, OwnMsg, S#s.ssh) of
+ try ssh_transport:handle_kexinit_msg(PeerMsg, OwnMsg, S#s.ssh, init) of
{ok,C} when ?role(S) == server ->
S#s{alg_neg = {OwnMsg, PeerMsg},
alg = C#ssh.algorithms,
@@ -725,23 +733,23 @@ report_trace(Class, Term, S) ->
fun(true) -> {"~s ~p",[Class,Term]} end)
).
-seqnum_trace(S) ->
+seqnum_trace(S, S0) ->
opt(print_seqnums, S,
- fun(true) when S#s.ssh#ssh.send_sequence =/= S#s.ssh#ssh.send_sequence,
- S#s.ssh#ssh.recv_sequence =/= S#s.ssh#ssh.recv_sequence ->
+ fun(true) when S0#s.ssh#ssh.send_sequence =/= S#s.ssh#ssh.send_sequence,
+ S0#s.ssh#ssh.recv_sequence =/= S#s.ssh#ssh.recv_sequence ->
{"~p seq num: send ~p->~p, recv ~p->~p~n",
[?role(S),
- S#s.ssh#ssh.send_sequence, S#s.ssh#ssh.send_sequence,
- S#s.ssh#ssh.recv_sequence, S#s.ssh#ssh.recv_sequence
+ S0#s.ssh#ssh.send_sequence, S#s.ssh#ssh.send_sequence,
+ S0#s.ssh#ssh.recv_sequence, S#s.ssh#ssh.recv_sequence
]};
- (true) when S#s.ssh#ssh.send_sequence =/= S#s.ssh#ssh.send_sequence ->
+ (true) when S0#s.ssh#ssh.send_sequence =/= S#s.ssh#ssh.send_sequence ->
{"~p seq num: send ~p->~p~n",
[?role(S),
- S#s.ssh#ssh.send_sequence, S#s.ssh#ssh.send_sequence]};
- (true) when S#s.ssh#ssh.recv_sequence =/= S#s.ssh#ssh.recv_sequence ->
+ S0#s.ssh#ssh.send_sequence, S#s.ssh#ssh.send_sequence]};
+ (true) when S0#s.ssh#ssh.recv_sequence =/= S#s.ssh#ssh.recv_sequence ->
{"~p seq num: recv ~p->~p~n",
[?role(S),
- S#s.ssh#ssh.recv_sequence, S#s.ssh#ssh.recv_sequence]}
+ S0#s.ssh#ssh.recv_sequence, S#s.ssh#ssh.recv_sequence]}
end).
print_traces(S) when S#s.prints == [] -> S;
--
2.33.0

36
README.en.md
View File

@ -1,36 +0,0 @@
# erlang
#### Description
A general-purpose programming language and runtime environment
#### Software Architecture
Software architecture description
#### Installation
1. xxxx
2. xxxx
3. xxxx
#### Instructions
1. xxxx
2. xxxx
3. xxxx
#### Contribution
1. Fork the repository
2. Create Feat_xxx branch
3. Commit your code
4. Create Pull Request
#### Gitee Feature
1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md
2. Gitee blog [blog.gitee.com](https://blog.gitee.com)
3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore)
4. The most valuable open source project [GVP](https://gitee.com/gvp)
5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help)
6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

37
README.md
View File

@ -1,37 +0,0 @@
# erlang
#### 介绍
A general-purpose programming language and runtime environment
#### 软件架构
软件架构说明
#### 安装教程
1. xxxx
2. xxxx
3. xxxx
#### 使用说明
1. xxxx
2. xxxx
3. xxxx
#### 参与贡献
1. Fork 本仓库
2. 新建 Feat_xxx 分支
3. 提交代码
4. 新建 Pull Request
#### 码云特技
1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md
2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com)
3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目
4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目
5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help)
6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)

1045
erlang.spec
View File

File diff suppressed because it is too large Load Diff

4
erlang.yaml
View File

@ -1,4 +0,0 @@
version_control: github
src_repo: erlang/otp
tag_prefix: "OTP-"
seperator: "."

8
otp-0001-Do-not-format-man-pages-and-do-not-install-miscellan.patch
View File

@ -6,10 +6,10 @@ Subject: [PATCH] Do not format man-pages and do not install miscellaneous
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/erts/etc/common/Makefile.in b/erts/etc/common/Makefile.in
index 1f35cef669..f603eb2946 100644
index 7a2b821c46..f5f3ee69cb 100644
--- a/erts/etc/common/Makefile.in
+++ b/erts/etc/common/Makefile.in
@@ -496,10 +496,6 @@ endif
@@ -528,10 +528,6 @@ endif
ifneq ($(INSTALL_TOP_BIN),)
$(INSTALL_PROGRAM) $(INSTALL_TOP_BIN) "$(RELEASE_PATH)"
endif
@ -21,10 +21,10 @@ index 1f35cef669..f603eb2946 100644
$(INSTALL_DIR) "$(RELEASE_PATH)/erts-$(VSN)/src"
$(INSTALL_DATA) $(INSTALL_SRC) "$(RELEASE_PATH)/erts-$(VSN)/src"
diff --git a/erts/etc/unix/Install.src b/erts/etc/unix/Install.src
index e4b842877c..382561821f 100644
index 2dbf628972..5151f5130a 100644
--- a/erts/etc/unix/Install.src
+++ b/erts/etc/unix/Install.src
@@ -141,14 +141,5 @@ cp -p ../releases/%I_SYSTEM_VSN%/start_*.boot .
@@ -142,14 +142,5 @@ cp -p ../releases/%I_SYSTEM_VSN%/start_*.boot .
cp -p ../releases/%I_SYSTEM_VSN%/no_dot_erlang.boot .
cp -p $Name.boot start.boot
cp -p ../releases/%I_SYSTEM_VSN%/$Name.script start.script

4
otp-0002-Remove-rpath.patch
View File

@ -5,10 +5,10 @@ Subject: [PATCH] Remove rpath
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/lib/crypto/c_src/Makefile.in b/lib/crypto/c_src/Makefile.in
index 31124ba477..a4a6c158cc 100644
index 0821bd8d00..c94f01420e 100644
--- a/lib/crypto/c_src/Makefile.in
+++ b/lib/crypto/c_src/Makefile.in
@@ -96,7 +96,7 @@ endif
@@ -126,7 +126,7 @@ TEST_ENGINE_LIB = $(LIBDIR)/otp_test_engine$(TYPEMARKER).@DED_EXT@
DYNAMIC_CRYPTO_LIB=@SSL_DYNAMIC_ONLY@
ifeq ($(DYNAMIC_CRYPTO_LIB),yes)

25
otp-0003-Do-not-install-C-sources.patch
View File

@ -14,7 +14,7 @@ https://bugzilla.redhat.com/818419
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/lib/asn1/c_src/Makefile b/lib/asn1/c_src/Makefile
index 1f714df357..95835d6ed2 100644
index cb606fd74e..48a7c2f4f1 100644
--- a/lib/asn1/c_src/Makefile
+++ b/lib/asn1/c_src/Makefile
@@ -136,8 +136,6 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@ -27,10 +27,10 @@ index 1f714df357..95835d6ed2 100644
release_docs_spec:
diff --git a/lib/crypto/c_src/Makefile.in b/lib/crypto/c_src/Makefile.in
index a4a6c158cc..13658302f5 100644
index c94f01420e..e2cae1692f 100644
--- a/lib/crypto/c_src/Makefile.in
+++ b/lib/crypto/c_src/Makefile.in
@@ -216,16 +216,11 @@ docs:
@@ -237,16 +237,11 @@ docs:
include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
@ -48,12 +48,12 @@ index a4a6c158cc..13658302f5 100644
release_docs_spec:
diff --git a/lib/erl_interface/src/Makefile.in b/lib/erl_interface/src/Makefile.in
index b0bb9bfadf..eeff0338c3 100644
index 7ff3f09abb..2b94ce7de0 100644
--- a/lib/erl_interface/src/Makefile.in
+++ b/lib/erl_interface/src/Makefile.in
@@ -842,14 +842,14 @@ ifneq ($(EXE_TARGETS),)
@@ -748,14 +748,13 @@ release: opt
$(INSTALL_DATA) $(OBJ_TARGETS) "$(RELEASE_PATH)/usr/lib"
$(INSTALL_PROGRAM) $(EXE_TARGETS) "$(RELSYSDIR)/bin"
endif
$(INSTALL_DATA) $(EXTRA) "$(RELSYSDIR)/src"
- $(INSTALL_DATA) connect/*.[ch] "$(RELSYSDIR)/src/connect"
- $(INSTALL_DATA) decode/*.[ch] "$(RELSYSDIR)/src/decode"
@ -61,7 +61,7 @@ index b0bb9bfadf..eeff0338c3 100644
- $(INSTALL_DATA) epmd/*.[ch] "$(RELSYSDIR)/src/epmd"
- $(INSTALL_DATA) misc/*.[ch] "$(RELSYSDIR)/src/misc"
- $(INSTALL_DATA) registry/*.[ch] "$(RELSYSDIR)/src/registry"
- $(INSTALL_DATA) legacy/*.[ch] "$(RELSYSDIR)/src/legacy"
- $(INSTALL_DATA) global/*.[ch] "$(RELSYSDIR)/src/global"
- $(INSTALL_DATA) prog/*.[ch] "$(RELSYSDIR)/src/prog"
+ $(INSTALL_DATA) connect/*.h "$(RELSYSDIR)/src/connect"
+ $(INSTALL_DATA) decode/*.h "$(RELSYSDIR)/src/decode"
@ -69,16 +69,15 @@ index b0bb9bfadf..eeff0338c3 100644
+ $(INSTALL_DATA) epmd/*.h "$(RELSYSDIR)/src/epmd"
+ $(INSTALL_DATA) misc/*.h "$(RELSYSDIR)/src/misc"
+ $(INSTALL_DATA) registry/*.h "$(RELSYSDIR)/src/registry"
+ $(INSTALL_DATA) legacy/*.h "$(RELSYSDIR)/src/legacy"
+ $(INSTALL_DATA) prog/*.h "$(RELSYSDIR)/src/prog"
release_docs:
diff --git a/lib/megaco/src/flex/Makefile.in b/lib/megaco/src/flex/Makefile.in
index c37ad4d702..09bf1efe95 100644
index cd409fa54f..c65e817385 100644
--- a/lib/megaco/src/flex/Makefile.in
+++ b/lib/megaco/src/flex/Makefile.in
@@ -271,7 +271,7 @@ release_spec: opt
@@ -251,7 +251,7 @@ release_spec: opt
$(INSTALL_DATA) $(ERL_FILES) $(INTERNAL_HRL_FILES) "$(RELSYSDIR)/src/flex"
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
ifeq ($(ENABLE_MEGACO_FLEX_SCANNER),true)
@ -88,7 +87,7 @@ index c37ad4d702..09bf1efe95 100644
endif
diff --git a/lib/odbc/c_src/Makefile.in b/lib/odbc/c_src/Makefile.in
index 784e73c47e..568c5e4c3e 100644
index 3c16e7e294..82fe1492ef 100644
--- a/lib/odbc/c_src/Makefile.in
+++ b/lib/odbc/c_src/Makefile.in
@@ -129,11 +129,8 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@ -117,10 +116,10 @@ index 27b156a2c9..f11ff303b6 100644
$(INSTALL_PROGRAM) $(TARGET_FILES) "$(RELSYSDIR)/priv/bin"
diff --git a/lib/tools/c_src/Makefile.in b/lib/tools/c_src/Makefile.in
index 289322b6fa..9e2b9b7e7c 100644
index 8e13571786..ae18ef3cf4 100644
--- a/lib/tools/c_src/Makefile.in
+++ b/lib/tools/c_src/Makefile.in
@@ -189,8 +189,6 @@ include ../vsn.mk
@@ -188,8 +188,6 @@ include ../vsn.mk
RELSYSDIR = $(RELEASE_PATH)/lib/tools-$(TOOLS_VSN)
release_spec: all

4
otp-0004-Do-not-install-Java-sources.patch
View File

@ -5,10 +5,10 @@ Subject: [PATCH] Do not install Java sources
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile b/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
index ee616f3d7e..fdd28e79b3 100644
index bcbb206db6..1451378b35 100644
--- a/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
+++ b/lib/jinterface/java_src/com/ericsson/otp/erlang/Makefile
@@ -120,8 +120,6 @@ release release_docs release_tests release_html:
@@ -123,8 +123,6 @@ release release_docs release_tests release_html:
$(V_at)$(MAKE) $(MFLAGS) RELEASE_PATH="$(RELEASE_PATH)" $(TARGET_MAKEFILE) $@_spec
release_spec: opt

15
otp-0005-Do-not-install-nteventlog-and-related-doc-files-on-n.patch
View File

@ -6,10 +6,10 @@ Subject: [PATCH] Do not install nteventlog and related doc-files on non-win32
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/lib/os_mon/doc/src/Makefile b/lib/os_mon/doc/src/Makefile
index 354f8ed26b..12adcfbcf2 100644
index d16f2b4831..c5b721f995 100644
--- a/lib/os_mon/doc/src/Makefile
+++ b/lib/os_mon/doc/src/Makefile
@@ -36,12 +36,17 @@ RELSYSDIR = $(RELEASE_PATH)/lib/$(APPLICATION)-$(VSN)
@@ -31,11 +31,16 @@ APPLICATION=os_mon
# Target Specs
# ----------------------------------------------------
XML_APPLICATION_FILES = ref_man.xml
@ -21,7 +21,6 @@ index 354f8ed26b..12adcfbcf2 100644
XML_REF3_FILES = cpu_sup.xml \
disksup.xml \
memsup.xml \
os_mon_mib.xml \
os_sup.xml \
- nteventlog.xml
+ $(NTEVENTLOG_DOCFILE)
@ -29,25 +28,25 @@ index 354f8ed26b..12adcfbcf2 100644
XML_REF6_FILES = os_mon_app.xml
diff --git a/lib/os_mon/src/Makefile b/lib/os_mon/src/Makefile
index fc2eb22393..e2f4d5a090 100644
index 98c5ced068..e2f4d5a090 100644
--- a/lib/os_mon/src/Makefile
+++ b/lib/os_mon/src/Makefile
@@ -34,8 +34,13 @@ RELSYSDIR = $(RELEASE_PATH)/lib/os_mon-$(VSN)
@@ -34,7 +34,13 @@ RELSYSDIR = $(RELEASE_PATH)/lib/os_mon-$(VSN)
# ----------------------------------------------------
# Target Specs
# ----------------------------------------------------
-MODULES= disksup memsup cpu_sup os_mon os_mon_mib os_sup os_mon_sysinfo nteventlog
+ifeq ($(findstring win32,$(TARGET)),win32)
+NTEVENTLOG=nteventlog
+else
+NTEVENTLOG=
+endif
MODULES= disksup memsup cpu_sup os_mon os_mon_mib os_sup os_mon_sysinfo \
- nteventlog
+MODULES= disksup memsup cpu_sup os_mon os_mon_mib os_sup os_mon_sysinfo \
+ $(NTEVENTLOG)
INCLUDE=../include
CSRC=../c_src
@@ -79,7 +84,11 @@ docs:
@@ -78,7 +84,11 @@ docs:
# ----------------------------------------------------
$(APP_TARGET): $(APP_SRC) ../vsn.mk

127
otp-0006-Do-not-install-erlang-sources.patch
View File

@ -8,10 +8,10 @@ Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
Signed-off-by: Hans Ulrich Niedermann <hun@n-dimensional.de>
diff --git a/erts/preloaded/src/Makefile b/erts/preloaded/src/Makefile
index e1bd5bc295..a4833521d1 100644
index b0c205cec8..7fad1ddc75 100644
--- a/erts/preloaded/src/Makefile
+++ b/erts/preloaded/src/Makefile
@@ -94,8 +94,6 @@ $(APP_TARGET): $(APP_SRC) $(ERL_TOP)/erts/vsn.mk
@@ -121,8 +121,6 @@ $(APP_TARGET): $(APP_SRC) $(ERL_TOP)/erts/vsn.mk
include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: $(APP_TARGET)
@ -21,10 +21,10 @@ index e1bd5bc295..a4833521d1 100644
$(INSTALL_DATA) $(STATIC_TARGET_FILES) $(APP_TARGET) "$(RELSYSDIR)/ebin"
diff --git a/lib/asn1/src/Makefile b/lib/asn1/src/Makefile
index ba459f6cd3..5565126214 100644
index a6ff72898c..35d4530f32 100644
--- a/lib/asn1/src/Makefile
+++ b/lib/asn1/src/Makefile
@@ -154,7 +154,7 @@ release_spec: opt
@@ -155,7 +155,7 @@ release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/ebin"
$(INSTALL_DATA) $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) "$(RELSYSDIR)/ebin"
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -34,10 +34,10 @@ index ba459f6cd3..5565126214 100644
$(INSTALL_DATA) $(EXAMPLES) "$(RELSYSDIR)/examples"
diff --git a/lib/common_test/src/Makefile b/lib/common_test/src/Makefile
index 80eaed70bd..cde0c6823d 100644
index 7d7b5ed203..9151e4097b 100644
--- a/lib/common_test/src/Makefile
+++ b/lib/common_test/src/Makefile
@@ -152,7 +152,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -157,7 +157,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -63,10 +63,10 @@ index f015064b39..57f96d2929 100644
$(INSTALL_SCRIPT) $(PROGRAMS) "$(RELEASE_PATH)/test_server"
diff --git a/lib/compiler/src/Makefile b/lib/compiler/src/Makefile
index 2408c76b48..700e236964 100644
index b1531ac985..dbcfe0042c 100644
--- a/lib/compiler/src/Makefile
+++ b/lib/compiler/src/Makefile
@@ -173,8 +173,8 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -184,8 +184,8 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -78,7 +78,7 @@ index 2408c76b48..700e236964 100644
$(INSTALL_DATA) $(INSTALL_FILES) "$(RELSYSDIR)/ebin"
diff --git a/lib/crypto/src/Makefile b/lib/crypto/src/Makefile
index 1753ba4f36..2cd09475e8 100644
index c3f1c859e5..0d72d6c82d 100644
--- a/lib/crypto/src/Makefile
+++ b/lib/crypto/src/Makefile
@@ -81,8 +81,6 @@ docs:
@ -104,10 +104,10 @@ index 118cb6b758..86722d8767 100644
$(INSTALL_DATA) $(TARGET_FILES) $(TARGET_TOOLBOX_FILES) "$(RELSYSDIR)/ebin"
diff --git a/lib/dialyzer/src/Makefile b/lib/dialyzer/src/Makefile
index fc08e7ca2f..2464a15c3f 100644
index 1f5b308c7d..1f728c56d6 100644
--- a/lib/dialyzer/src/Makefile
+++ b/lib/dialyzer/src/Makefile
@@ -158,7 +158,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -161,7 +161,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -117,10 +117,10 @@ index fc08e7ca2f..2464a15c3f 100644
$(INSTALL_DIR) "$(RELSYSDIR)/ebin"
$(INSTALL_DATA) $(INSTALL_FILES) "$(RELSYSDIR)/ebin"
diff --git a/lib/diameter/src/Makefile b/lib/diameter/src/Makefile
index 98636ed6e2..171846f1e4 100644
index 348cc350e1..9d87858def 100644
--- a/lib/diameter/src/Makefile
+++ b/lib/diameter/src/Makefile
@@ -250,11 +250,8 @@ release_spec: opt
@@ -260,11 +260,8 @@ release_spec: opt
$(MAKE) $(EXAMPLE_DIRS:%/=release_examples_%)
$(TARGET_DIRS:%/=release_src_%): release_src_%:
@ -168,10 +168,10 @@ index b79a537424..d0b231e5fc 100644
release_docs_spec:
diff --git a/lib/erl_docgen/src/Makefile b/lib/erl_docgen/src/Makefile
index 82d051e9bb..950fdbe177 100644
index 4c6f542ebb..d0cd6d8f68 100644
--- a/lib/erl_docgen/src/Makefile
+++ b/lib/erl_docgen/src/Makefile
@@ -90,8 +90,6 @@ $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
@@ -91,8 +91,6 @@ $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
@ -193,10 +193,10 @@ index b6347d8b6d..a695d2cc2d 100644
$(INSTALL_DIR) "$(RELSYSDIR)/include"
$(INSTALL_DATA) $(HRL_FILES) "$(RELSYSDIR)/include"
diff --git a/lib/eunit/src/Makefile b/lib/eunit/src/Makefile
index 3510d3cc93..9179e9b4c2 100644
index 32f75202a0..a89fa7f2d2 100644
--- a/lib/eunit/src/Makefile
+++ b/lib/eunit/src/Makefile
@@ -120,7 +120,6 @@ release_spec: opt
@@ -121,7 +121,6 @@ release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/ebin"
$(INSTALL_DATA) $(PARSE_TRANSFORM_BIN) $(OBJECTS) "$(RELSYSDIR)/ebin"
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -205,10 +205,10 @@ index 3510d3cc93..9179e9b4c2 100644
$(INSTALL_DIR) "$(RELSYSDIR)/include"
$(INSTALL_DATA) $(INCLUDE_DELIVERABLES) "$(RELSYSDIR)/include"
diff --git a/lib/hipe/cerl/Makefile b/lib/hipe/cerl/Makefile
index f653dce36f..7cc5c06528 100644
index affbb10ff6..44598beff2 100644
--- a/lib/hipe/cerl/Makefile
+++ b/lib/hipe/cerl/Makefile
@@ -102,7 +102,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -105,7 +105,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/cerl"
@ -244,10 +244,10 @@ index b220bc16a0..d4073277be 100644
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
diff --git a/lib/hipe/llvm/Makefile b/lib/hipe/llvm/Makefile
index 817ff67dcd..e50ba5e207 100644
index 5e8f2076db..06d3f2684d 100644
--- a/lib/hipe/llvm/Makefile
+++ b/lib/hipe/llvm/Makefile
@@ -101,7 +101,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -104,7 +104,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) $(RELSYSDIR)/llvm
@ -283,10 +283,10 @@ index e5033e444b..74a444b386 100644
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
diff --git a/lib/hipe/rtl/Makefile b/lib/hipe/rtl/Makefile
index becdd0b7d8..da8f66343f 100644
index 67485875a6..f83a2bb9e2 100644
--- a/lib/hipe/rtl/Makefile
+++ b/lib/hipe/rtl/Makefile
@@ -105,7 +105,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -108,7 +108,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/rtl"
@ -343,10 +343,10 @@ index 8248e37c44..1f1b23184b 100644
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
diff --git a/lib/inets/src/http_server/Makefile b/lib/inets/src/http_server/Makefile
index 1c05d454a5..88f9f62d3b 100644
index da9549406f..eaa14b628f 100644
--- a/lib/inets/src/http_server/Makefile
+++ b/lib/inets/src/http_server/Makefile
@@ -135,7 +135,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -134,7 +134,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
$(INSTALL_DIR) "$(RELSYSDIR)/src/http_server"
@ -369,10 +369,10 @@ index ec1ae70305..88c084ef58 100644
$(INSTALL_DATA) $(EXTERNAL_HRL_FILES) "$(RELSYSDIR)/include"
$(INSTALL_DIR) "$(RELSYSDIR)/ebin"
diff --git a/lib/kernel/src/Makefile b/lib/kernel/src/Makefile
index 3d1506ea08..728fa64869 100644
index 6c75bcffee..d15bdb867a 100644
--- a/lib/kernel/src/Makefile
+++ b/lib/kernel/src/Makefile
@@ -227,7 +227,6 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -236,7 +236,6 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -394,10 +394,10 @@ index ab45548099..5c7a7f0be9 100644
$(INSTALL_DATA) $(EXTERNAL_HRL_FILES) "$(RELSYSDIR)/include"
diff --git a/lib/megaco/src/binary/Makefile b/lib/megaco/src/binary/Makefile
index b9643669f6..5b5a4cf482 100644
index 7fc90fd6d5..6ad086ed01 100644
--- a/lib/megaco/src/binary/Makefile
+++ b/lib/megaco/src/binary/Makefile
@@ -176,7 +176,7 @@ release_spec: opt
@@ -177,7 +177,7 @@ release_spec: opt
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
$(INSTALL_DIR) "$(RELSYSDIR)/src"
$(INSTALL_DIR) "$(RELSYSDIR)/src/binary"
@ -420,10 +420,10 @@ index 869b516b05..fa7d774d84 100644
diff --git a/lib/megaco/src/flex/Makefile.in b/lib/megaco/src/flex/Makefile.in
index 09bf1efe95..b320b2e96f 100644
index c65e817385..3bc4dea207 100644
--- a/lib/megaco/src/flex/Makefile.in
+++ b/lib/megaco/src/flex/Makefile.in
@@ -268,7 +268,6 @@ release_spec: opt
@@ -248,7 +248,6 @@ release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src/flex"
$(INSTALL_DIR) "$(RELSYSDIR)/priv/lib"
$(INSTALL_DIR) "$(RELSYSDIR)/include"
@ -445,10 +445,10 @@ index d07db3fa4b..7f421d24cc 100644
release_docs_spec:
diff --git a/lib/megaco/src/text/Makefile b/lib/megaco/src/text/Makefile
index 8e7e82b276..2a118d24e3 100644
index 3dd24b1df7..836e163499 100644
--- a/lib/megaco/src/text/Makefile
+++ b/lib/megaco/src/text/Makefile
@@ -135,7 +135,7 @@ release_spec: opt
@@ -131,7 +131,7 @@ release_spec: opt
$(INSTALL_DATA) $(BEAM_TARGET_FILES) "$(RELSYSDIR)/ebin"
$(INSTALL_DIR) "$(RELSYSDIR)/src"
$(INSTALL_DIR) "$(RELSYSDIR)/src/text"
@ -471,10 +471,10 @@ index 028a63e98e..9e11e9bfb2 100644
release_docs_spec:
diff --git a/lib/mnesia/src/Makefile b/lib/mnesia/src/Makefile
index 7d316df263..60fdefb5d0 100644
index 90e8780754..1a13d764b3 100644
--- a/lib/mnesia/src/Makefile
+++ b/lib/mnesia/src/Makefile
@@ -134,7 +134,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -135,7 +135,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -520,19 +520,6 @@ index e2f4d5a090..57f21a145b 100644
$(INSTALL_DATA) $(HRL_FILES) "$(RELSYSDIR)/src"
$(INSTALL_DIR) "$(RELSYSDIR)/ebin"
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
diff --git a/lib/otp_mibs/src/Makefile b/lib/otp_mibs/src/Makefile
index 5c7af39c3f..a85368b4f4 100644
--- a/lib/otp_mibs/src/Makefile
+++ b/lib/otp_mibs/src/Makefile
@@ -96,8 +96,6 @@ $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
- $(INSTALL_DIR) "$(RELSYSDIR)/src"
- $(INSTALL_DATA) $(ERL_FILES) "$(RELSYSDIR)/src"
$(INSTALL_DIR) "$(RELSYSDIR)/ebin"
$(INSTALL_DATA) $(TARGETS) "$(RELSYSDIR)/ebin"
diff --git a/lib/parsetools/src/Makefile b/lib/parsetools/src/Makefile
index ba206904ec..281cc8657c 100644
--- a/lib/parsetools/src/Makefile
@ -547,7 +534,7 @@ index ba206904ec..281cc8657c 100644
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
$(INSTALL_DIR) "$(RELSYSDIR)/include"
diff --git a/lib/public_key/asn1/Makefile b/lib/public_key/asn1/Makefile
index a920ea87ea..7672ef3470 100644
index 1fef168463..e5411b903b 100644
--- a/lib/public_key/asn1/Makefile
+++ b/lib/public_key/asn1/Makefile
@@ -96,8 +96,8 @@ release_spec: opt
@ -562,10 +549,10 @@ index a920ea87ea..7672ef3470 100644
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
diff --git a/lib/public_key/src/Makefile b/lib/public_key/src/Makefile
index e61390bce3..6ed6c2cf9f 100644
index 76bdffe089..fc5e4dfa8e 100644
--- a/lib/public_key/src/Makefile
+++ b/lib/public_key/src/Makefile
@@ -109,8 +109,6 @@ $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
@@ -110,8 +110,6 @@ $(APPUP_TARGET): $(APPUP_SRC) ../vsn.mk
include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
@ -601,10 +588,10 @@ index 76286c5499..d921f9f294 100644
$(INSTALL_DATA) $(HRL_FILES) "$(RELSYSDIR)/include"
$(INSTALL_DIR) "$(RELSYSDIR)/examples"
diff --git a/lib/sasl/src/Makefile b/lib/sasl/src/Makefile
index 7338bdf016..a280225dad 100644
index 16a42caf11..674364281d 100644
--- a/lib/sasl/src/Makefile
+++ b/lib/sasl/src/Makefile
@@ -93,7 +93,6 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -94,7 +94,6 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -613,17 +600,17 @@ index 7338bdf016..a280225dad 100644
$(INSTALL_DIR) "$(RELSYSDIR)/ebin"
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
diff --git a/lib/snmp/src/agent/Makefile b/lib/snmp/src/agent/Makefile
index 2943a4d550..8203e62361 100644
index 1bde1ca972..acc42385f3 100644
--- a/lib/snmp/src/agent/Makefile
+++ b/lib/snmp/src/agent/Makefile
@@ -131,7 +131,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -140,7 +140,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
$(INSTALL_DIR) "$(RELSYSDIR)/src/agent"
- $(INSTALL_DATA) $(ERL_FILES) $(HRL_FILES) "$(RELSYSDIR)/src/agent"
+ $(INSTALL_DATA) $(HRL_FILES) "$(RELSYSDIR)/src/agent"
$(INSTALL_DIR) "$(RELSYSDIR)/ebin"
$(INSTALL_DATA) $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) \
$(INSTALL_DATA) $(BEHAVIOUR_TARGET_FILES) $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) \
"$(RELSYSDIR)/ebin"
diff --git a/lib/snmp/src/app/Makefile b/lib/snmp/src/app/Makefile
index 6f2b8a4077..bd062a6473 100644
@ -639,10 +626,10 @@ index 6f2b8a4077..bd062a6473 100644
$(INSTALL_DATA) $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) \
"$(RELSYSDIR)/ebin"
diff --git a/lib/snmp/src/compile/Makefile b/lib/snmp/src/compile/Makefile
index 4093ffa9ca..18878aa5db 100644
index d9678669a5..ff9dff95d9 100644
--- a/lib/snmp/src/compile/Makefile
+++ b/lib/snmp/src/compile/Makefile
@@ -123,7 +123,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -125,7 +125,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
$(INSTALL_DIR) "$(RELSYSDIR)/src/compiler"
@ -652,17 +639,17 @@ index 4093ffa9ca..18878aa5db 100644
$(INSTALL_DATA) $(EBIN_FILES) "$(RELSYSDIR)/ebin"
$(INSTALL_DIR) "$(RELSYSDIR)/bin"
diff --git a/lib/snmp/src/manager/Makefile b/lib/snmp/src/manager/Makefile
index 0cc87492f1..d203f2846a 100644
index 57ff08c160..d51f627ca5 100644
--- a/lib/snmp/src/manager/Makefile
+++ b/lib/snmp/src/manager/Makefile
@@ -114,7 +114,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -123,7 +123,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
$(INSTALL_DIR) "$(RELSYSDIR)/src/manager"
- $(INSTALL_DATA) $(ERL_FILES) $(HRL_FILES) "$(RELSYSDIR)/src/manager"
+ $(INSTALL_DATA) $(HRL_FILES) "$(RELSYSDIR)/src/manager"
$(INSTALL_DIR) "$(RELSYSDIR)/ebin"
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
$(INSTALL_DATA) $(BEHAVIOUR_TARGET_FILES) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
# $(INSTALL_DIR) "$(RELSYSDIR)/include"
diff --git a/lib/snmp/src/misc/Makefile b/lib/snmp/src/misc/Makefile
index adc2c4858f..89ce954e99 100644
@ -678,10 +665,10 @@ index adc2c4858f..89ce954e99 100644
$(INSTALL_DATA) $(TARGET_FILES) "$(RELSYSDIR)/ebin"
# $(INSTALL_DIR) "$(RELSYSDIR)/include"
diff --git a/lib/ssh/src/Makefile b/lib/ssh/src/Makefile
index 6d64a45112..5b1249ca5b 100644
index ab6137e518..bdeabca8c3 100644
--- a/lib/ssh/src/Makefile
+++ b/lib/ssh/src/Makefile
@@ -139,7 +139,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -154,7 +154,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -691,10 +678,10 @@ index 6d64a45112..5b1249ca5b 100644
$(INSTALL_DATA) $(BEHAVIOUR_TARGET_FILES) $(TARGET_FILES) $(APP_TARGET) \
$(APPUP_TARGET) "$(RELSYSDIR)/ebin"
diff --git a/lib/ssl/src/Makefile b/lib/ssl/src/Makefile
index 8d1341f594..72ab265200 100644
index 5edd6cb4b9..39008882ca 100644
--- a/lib/ssl/src/Makefile
+++ b/lib/ssl/src/Makefile
@@ -149,7 +149,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -207,7 +207,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -704,10 +691,10 @@ index 8d1341f594..72ab265200 100644
$(INSTALL_DATA) $(BEHAVIOUR_TARGET_FILES) $(TARGET_FILES) $(APP_TARGET) \
$(APPUP_TARGET) "$(RELSYSDIR)/ebin"
diff --git a/lib/stdlib/src/Makefile b/lib/stdlib/src/Makefile
index c95f7637f7..0f601aefb5 100644
index e3e0c9c03d..ff9bad32ab 100644
--- a/lib/stdlib/src/Makefile
+++ b/lib/stdlib/src/Makefile
@@ -214,7 +214,6 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -223,7 +223,6 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -729,10 +716,10 @@ index c21d2f49c8..03dbc74ef7 100644
$(INSTALL_DATA) $(INCLUDE_DELIVERABLES) "$(RELSYSDIR)/include"
diff --git a/lib/tftp/src/Makefile b/lib/tftp/src/Makefile
index 602ae845a4..a1f2f09a00 100644
index 029bd731bd..85c633b4f0 100644
--- a/lib/tftp/src/Makefile
+++ b/lib/tftp/src/Makefile
@@ -98,7 +98,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
@@ -101,7 +101,7 @@ include $(ERL_TOP)/make/otp_release_targets.mk
release_spec: opt
$(INSTALL_DIR) "$(RELSYSDIR)/src"
@ -755,7 +742,7 @@ index cc5bee9a8f..7dfa55cb41 100644
$(INSTALL_DATA) $(TARGET_FILES) $(APP_TARGET) $(APPUP_TARGET) \
"$(RELSYSDIR)/ebin"
diff --git a/lib/wx/src/Makefile b/lib/wx/src/Makefile
index 21b45af2c4..a7bf34f4f4 100644
index 52f4008e0a..dc297f1d55 100644
--- a/lib/wx/src/Makefile
+++ b/lib/wx/src/Makefile
@@ -122,9 +122,9 @@ $(EBIN)/%.beam: $(EGEN)/%.erl $(HEADER_FILES)

2
otp-0007-Add-extra-search-directory.patch
View File

@ -5,7 +5,7 @@ Subject: [PATCH] Add extra search directory
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/lib/kernel/src/code_server.erl b/lib/kernel/src/code_server.erl
index 68e1205301..0f534ff814 100644
index 4c4823eb38..de0ab149fb 100644
--- a/lib/kernel/src/code_server.erl
+++ b/lib/kernel/src/code_server.erl
@@ -79,11 +79,17 @@ init(Ref, Parent, [Root,Mode]) ->

4
otp-0009-Load-man-pages-from-system-wide-directory.patch
View File

@ -7,10 +7,10 @@ Patch allows one to use standard man path with erl -man command.
as required by Debian policy.)
diff --git a/erts/etc/common/erlexec.c b/erts/etc/common/erlexec.c
index 23bbb86333..741b492668 100644
index 9dba684cbb..b4c5a8413f 100644
--- a/erts/etc/common/erlexec.c
+++ b/erts/etc/common/erlexec.c
@@ -722,8 +722,10 @@ int main(int argc, char **argv)
@@ -727,8 +727,10 @@ int main(int argc, char **argv)
error("-man not supported on Windows");
#else
argv[i] = "man";

134
otp-0010-Improve-nodes-querying.patch
View File

@ -1,134 +0,0 @@
From: Peter Lemenkov <lemenkov@gmail.com>
Date: Wed, 24 Oct 2018 14:58:41 +0200
Subject: [PATCH] Improve nodes querying
We've got a few similar stacktraces once. See the following one for
example:
** Reason for termination ==
** {badarg,
[{ets,next,[sys_dist,'rabbitmq-cli-42@host.example.com'],[]},
{net_kernel,get_nodes,2,[{file,"net_kernel.erl"},{line,1025}]},
{net_kernel,get_nodes,2,[{file,"net_kernel.erl"},{line,1019}]},
{net_kernel,get_nodes_info,0,[{file,"net_kernel.erl"},{line,1439}]},
{rabbit_mgmt_external_stats,cluster_links,0,
[{file,"src/rabbit_mgmt_external_stats.erl"},{line,252}]},
{rabbit_mgmt_external_stats,emit_node_node_stats,1,
[{file,"src/rabbit_mgmt_external_stats.erl"},{line,366}]},
{rabbit_mgmt_external_stats,handle_info,2,
[{file,"src/rabbit_mgmt_external_stats.erl"},{line,347}]},
{gen_server,try_dispatch,4,[{file,"gen_server.erl"},{line,615}]}]}
The problem is that when we're trying to query a list of connected
nodes, we're doing it in the following way:
Call for the first record in ETS
While not EOF:
Call for the next record in ETS
What happens, when some Node disconnects during the "not EOF" loop?
We'll get an exception.
Let's do it differently - query a list of nodes in one shot, and then
get info from each of the nodes in list (w/o extra calls to ets). These
individual calls care of disconnected nodes so everything will be fine
even if a node disconnects.
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
diff --git a/lib/kernel/src/net_kernel.erl b/lib/kernel/src/net_kernel.erl
index a9dc77837e..04025cf35b 100644
--- a/lib/kernel/src/net_kernel.erl
+++ b/lib/kernel/src/net_kernel.erl
@@ -670,24 +670,16 @@ code_change(_OldVsn, State, _Extra) ->
terminate(no_network, State) ->
lists:foreach(
- fun({Node, Type}) ->
- case Type of
- normal -> ?nodedown(Node, State);
- _ -> ok
- end
- end, get_up_nodes() ++ [{node(), normal}]);
+ fun(Node) -> ?nodedown(Node, State)
+ end, get_nodes_up_normal() ++ [node()]);
terminate(_Reason, State) ->
lists:foreach(
fun(#listen {listen = Listen,module = Mod}) ->
Mod:close(Listen)
end, State#state.listen),
lists:foreach(
- fun({Node, Type}) ->
- case Type of
- normal -> ?nodedown(Node, State);
- _ -> ok
- end
- end, get_up_nodes() ++ [{node(), normal}]).
+ fun(Node) -> ?nodedown(Node, State)
+ end, get_nodes_up_normal() ++ [node()]).
%% ------------------------------------------------------------
@@ -1139,35 +1131,10 @@ disconnect_pid(Pid, State) ->
%%
%%
%%
-get_nodes(Which) ->
- get_nodes(ets:first(sys_dist), Which).
-get_nodes('$end_of_table', _) ->
- [];
-get_nodes(Key, Which) ->
- case ets:lookup(sys_dist, Key) of
- [Conn = #connection{state = up}] ->
- [Conn#connection.node | get_nodes(ets:next(sys_dist, Key),
- Which)];
- [Conn = #connection{}] when Which =:= all ->
- [Conn#connection.node | get_nodes(ets:next(sys_dist, Key),
- Which)];
- _ ->
- get_nodes(ets:next(sys_dist, Key), Which)
- end.
-
-%% Return a list of all nodes that are 'up'.
-get_up_nodes() ->
- get_up_nodes(ets:first(sys_dist)).
-
-get_up_nodes('$end_of_table') -> [];
-get_up_nodes(Key) ->
- case ets:lookup(sys_dist, Key) of
- [#connection{state=up,node=Node,type=Type}] ->
- [{Node,Type}|get_up_nodes(ets:next(sys_dist, Key))];
- _ ->
- get_up_nodes(ets:next(sys_dist, Key))
- end.
+%% Return a list of all nodes that are 'up' and not hidden.
+get_nodes_up_normal() ->
+ ets:select(sys_dist, [{#connection{node = '$1', state = up, type = normal, _ = '_'}, [], ['$1']}]).
ticker(Kernel, Tick) when is_integer(Tick) ->
process_flag(priority, max),
@@ -1632,15 +1599,14 @@ get_node_info(Node, Key) ->
end.
get_nodes_info() ->
- get_nodes_info(get_nodes(all), []).
-
-get_nodes_info([Node|Nodes], InfoList) ->
- case get_node_info(Node) of
- {ok, Info} -> get_nodes_info(Nodes, [{Node, Info}|InfoList]);
- _ -> get_nodes_info(Nodes, InfoList)
- end;
-get_nodes_info([], InfoList) ->
- {ok, InfoList}.
+ Nodes = ets:select(sys_dist, [{#connection{node = '$1', _ = '_'}, [], ['$1']}]),
+ {ok, lists:filtermap(
+ fun(Node) ->
+ case get_node_info(Node) of
+ {ok, Info} -> {true, {Node, Info}};
+ _ -> false
+ end
+ end, Nodes)}.
%% ------------------------------------------------------------
%% Misc. functions

BIN
otp-OTP-21.3.3.tar.gz → otp-OTP-23.3.4.9.tar.gz
View File

Binary file not shown.