Bug#781897: unblock: erlang/17.3-dfsg-4
Hi Niels,
On Mon, Apr 6, 2015 at 9:30 AM, Niels Thykier <niels@thykier.net> wrote:
>
> Hi Sergei,
>
> Thanks for providing this debdiff.
>
> I am afraid that erlang is not really my strong suite, so I have to ask
> the following before I can answer your request.
>
> * Is this change backwards compatible in API/ABI? Will existing
> reverse dependencies build,link and run against erlang without any
> changes and without needing to be rebuilt?
> - In particular, #747593 suggests it will change the size of a C data
> structure.
There are 3 bugs fixed in this version, I'll try to go through all of them.
1) #781839: The patch doesn't change the exported SSL API, it adds
a new option for TLS 1.0 connections (padding check, which has to be
added and set to true if we want to fix the CVE vulnerbaility). A few
internal functions has been changed, though they are never called from
outside the SSL application itself. I've checked a few reverse dependencies
(yaws, ejabberd), they work fine as far as I can tell.
2) #779750: It's a trivial bug which just helps the systemd maintainers to
get rid of all the libsystemd-*-dev packages more quickly.
3) #747593: As you can see in [1], the signature of erts_gzinflate_buffer is
really ErlDrvBinary*(char*, uLong), and its prototype in [2] is just incorrect.
The patch changes only the prototype and only for one specific call [3] to
make sure the arguments types in function call at [3] are correctly converted.
So, this patch doesn't change any API or ABI.
[1] http://sources.debian.net/src/erlang/1:17.3-dfsg-3/erts/emulator/drivers/common/gzio.c/#L752
[2] http://sources.debian.net/src/erlang/1:17.3-dfsg-3/erts/emulator/beam/beam_load.c/#L46
[3] http://sources.debian.net/src/erlang/1:17.3-dfsg-3/erts/emulator/beam/beam_load.c/#L1018
Cheers!
--
Sergei Golovan
Reply to: