chore(deps): update dependency erlang to v29.0.1 #6

Merged

rosa merged 1 commit from renovate/erlang-29.x into main 2026-06-05 04:10:26 +00:00

Conversation 0 Commits 1 Files changed 1 +1 -1

rosa commented 2026-06-05 04:02:14 +00:00

Owner

Copy link

This PR contains the following updates:

Package	Update	Change
erlang	patch	29.0 → 29.0.1

---

Release Notes

erlang/otp (erlang)

v29.0.1: OTP 29.0.1

Compare Source

Patch Package:           OTP 29.0.1
Git Tag:                 OTP-29.0.1
Date:                    2026-05-27
Trouble Report Id:       OTP-20112, OTP-20129, OTP-20130, OTP-20134,
                         OTP-20138, OTP-20139, OTP-20140, OTP-20141,
                         OTP-20146
Seq num:                 CVE-2026-42789, CVE-2026-42790, ERIERL-1321,
                         GH-11088, PR-11007, PR-11089, PR-11100,
                         PR-11107, PR-11123, PR-11124, PR-11125,
                         PR-11135, PR-11136
System:                  OTP
Release:                 29
Application:             compiler-10.0.1, erts-17.0.1, kernel-11.0.1,
                         public_key-1.21.1, snmp-5.20.4, ssl-11.7.1
Predecessor:             OTP 29.0

Check out the git tag OTP-29.0.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp_patch_apply' tool. For information on install requirements, see descriptions for each application version below.

POTENTIAL INCOMPATIBILITIES

• 'public_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names.

  'ssl'. Error handling is slightly changed to better reflect public_key behaviour.

  Own Id: OTP-20130
  Application(s): public_key, ssl
  Related Id(s): PR-11124, CVE-2026-42790

compiler-10.0.1

The compiler-10.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

• In rare circumstances, optimization of boolean expressions could invert the boolean value.

  Own Id: OTP-20140
  Related Id(s): GH-11088, PR-11089

• The compiler could crash when compiling code using native records in certain ways.

  Own Id: OTP-20146
  Related Id(s): PR-11135

Full runtime dependencies of compiler-10.0.1

crypto-5.1, erts-13.0, kernel-8.4, stdlib-8.0

erts-17.0.1

The erts-17.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

• Comparison of two native records could return an incorrect result or crash the runtime system.

  Own Id: OTP-20139
  Related Id(s): PR-11107

Full runtime dependencies of erts-17.0.1

kernel-9.0, sasl-3.3, stdlib-4.1

kernel-11.0.1

The kernel-11.0.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

• SCTP peeloff of an IPv6 socket, the peeled-off socket does not inherit the parent options as expected.

  Own Id: OTP-20134
  Related Id(s): PR-11007

Full runtime dependencies of kernel-11.0.1

crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0

public_key-1.21.1

The public_key-1.21.1 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

• OCSP responder certificates are now checked for expiration before being accepted as authorized responders. Previously, expired or not-yet-valid responder certificates were incorrectly accepted when verifying OCSP responses.

  Own Id: OTP-20112
  Related Id(s): PR-11136

• Corrected basic constraint path validation check in accordance to RFC 5280.

  Own Id: OTP-20129
  Related Id(s): PR-11123, CVE-2026-42789

• 'public_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names.

  'ssl'. Error handling is slightly changed to better reflect public_key behaviour.

  Own Id: OTP-20130
  Related Id(s): PR-11124, CVE-2026-42790

  *** POTENTIAL INCOMPATIBILITY ***

Full runtime dependencies of public_key-1.21.1

asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0

snmp-5.20.4

The snmp-5.20.4 application can be applied independently of other applications on a full OTP 29 installation.

Fixed Bugs and Malfunctions

• Fixed a bug in snmpm_usm:generate_outgoing_msg/5 that caused a badmatch crash when constructing an error response for an unknown user/engineID combination.

  Own Id: OTP-20138
  Related Id(s): ERIERL-1321, PR-11100

Full runtime dependencies of snmp-5.20.4

asn1-5.4, crypto-4.6, erts-12.0, kernel-8.0, mnesia-4.12, runtime_tools-1.8.14, stdlib-5.0

ssl-11.7.1

Note! The ssl-11.7.1 application cannot be applied independently of other applications on an arbitrary OTP 29 installation.

   On a full OTP 29 installation, also the following runtime
   dependency has to be satisfied:
   -- public_key-1.21.1 (first satisfied in OTP 29.0.1)

Fixed Bugs and Malfunctions

• 'public_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names.

  'ssl'. Error handling is slightly changed to better reflect public_key behaviour.

  Own Id: OTP-20130
  Related Id(s): PR-11124, CVE-2026-42790

  *** POTENTIAL INCOMPATIBILITY ***

• Could cause server to terminate a connection without an alert towards a bad client.

  Own Id: OTP-20141
  Related Id(s): PR-11125

Full runtime dependencies of ssl-11.7.1

crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public_key-1.21.1, runtime_tools-1.15.1, stdlib-7.0

Thanks to

Martin Hässler, Paul Guyot

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [erlang](https://github.com/erlang/otp) | patch | `29.0` → `29.0.1` | --- ### Release Notes <details> <summary>erlang/otp (erlang)</summary> ### [`v29.0.1`](https://github.com/erlang/otp/releases/tag/OTP-29.0.1): OTP 29.0.1 [Compare Source](https://github.com/erlang/otp/compare/OTP-29.0...OTP-29.0.1) ``` Patch Package: OTP 29.0.1 Git Tag: OTP-29.0.1 Date: 2026-05-27 Trouble Report Id: OTP-20112, OTP-20129, OTP-20130, OTP-20134, OTP-20138, OTP-20139, OTP-20140, OTP-20141, OTP-20146 Seq num: CVE-2026-42789, CVE-2026-42790, ERIERL-1321, GH-11088, PR-11007, PR-11089, PR-11100, PR-11107, PR-11123, PR-11124, PR-11125, PR-11135, PR-11136 System: OTP Release: 29 Application: compiler-10.0.1, erts-17.0.1, kernel-11.0.1, public_key-1.21.1, snmp-5.20.4, ssl-11.7.1 Predecessor: OTP 29.0 ``` Check out the git tag OTP-29.0.1, and build a full OTP system including documentation. Apply one or more applications from this build as patches to your installation using the 'otp\_patch\_apply' tool. For information on install requirements, see descriptions for each application version below. ### POTENTIAL INCOMPATIBILITIES - 'public\_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names. 'ssl'. Error handling is slightly changed to better reflect public\_key behaviour. Own Id: OTP-20130\ Application(s): public\_key, ssl\ Related Id(s): [PR-11124], [CVE-2026-42790] ### compiler-10.0.1 The compiler-10.0.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - In rare circumstances, optimization of boolean expressions could invert the boolean value. Own Id: OTP-20140\ Related Id(s): [GH-11088], [PR-11089] - The compiler could crash when compiling code using native records in certain ways. Own Id: OTP-20146\ Related Id(s): [PR-11135] > #### Full runtime dependencies of compiler-10.0.1 > > crypto-5.1, erts-13.0, kernel-8.4, stdlib-8.0 ### erts-17.0.1 The erts-17.0.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Comparison of two native records could return an incorrect result or crash the runtime system. Own Id: OTP-20139\ Related Id(s): [PR-11107] > #### Full runtime dependencies of erts-17.0.1 > > kernel-9.0, sasl-3.3, stdlib-4.1 ### kernel-11.0.1 The kernel-11.0.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - SCTP peeloff of an IPv6 socket, the peeled-off socket does not inherit the parent options as expected. Own Id: OTP-20134\ Related Id(s): [PR-11007] > #### Full runtime dependencies of kernel-11.0.1 > > crypto-5.8, erts-17.0, sasl-3.0, stdlib-8.0 ### public\_key-1.21.1 The public\_key-1.21.1 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - OCSP responder certificates are now checked for expiration before being accepted as authorized responders. Previously, expired or not-yet-valid responder certificates were incorrectly accepted when verifying OCSP responses. Own Id: OTP-20112\ Related Id(s): [PR-11136] - Corrected basic constraint path validation check in accordance to RFC 5280. Own Id: OTP-20129\ Related Id(s): [PR-11123], [CVE-2026-42789] - 'public\_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names. 'ssl'. Error handling is slightly changed to better reflect public\_key behaviour. Own Id: OTP-20130\ Related Id(s): [PR-11124], [CVE-2026-42790] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* > #### Full runtime dependencies of public\_key-1.21.1 > > asn1-5.0, crypto-5.8, erts-13.0, kernel-8.0, stdlib-4.0 ### snmp-5.20.4 The snmp-5.20.4 application can be applied independently of other applications on a full OTP 29 installation. #### Fixed Bugs and Malfunctions - Fixed a bug in snmpm\_usm:generate\_outgoing\_msg/5 that caused a badmatch crash when constructing an error response for an unknown user/engineID combination. Own Id: OTP-20138\ Related Id(s): ERIERL-1321, [PR-11100] > #### Full runtime dependencies of snmp-5.20.4 > > asn1-5.4, crypto-4.6, erts-12.0, kernel-8.0, mnesia-4.12, runtime\_tools-1.8.14, stdlib-5.0 ### ssl-11.7.1 Note! The ssl-11.7.1 application *cannot* be applied independently of other applications on an arbitrary OTP 29 installation. ``` On a full OTP 29 installation, also the following runtime dependency has to be satisfied: -- public_key-1.21.1 (first satisfied in OTP 29.0.1) ``` #### Fixed Bugs and Malfunctions - 'public\_key', Adhere to RFC 9525, and remove support for legacy fallback to check hostname against subject common name. Also improve error handling creating two separate errors for name constraint check for subject names and subject alternative names. 'ssl'. Error handling is slightly changed to better reflect public\_key behaviour. Own Id: OTP-20130\ Related Id(s): [PR-11124], [CVE-2026-42790] \*\*\* POTENTIAL INCOMPATIBILITY \*\*\* - Could cause server to terminate a connection without an alert towards a bad client. Own Id: OTP-20141\ Related Id(s): [PR-11125] > #### Full runtime dependencies of ssl-11.7.1 > > crypto-5.8, erts-16.0, inets-5.10.7, kernel-10.3, public\_key-1.21.1, runtime\_tools-1.15.1, stdlib-7.0 ### Thanks to Martin Hässler, Paul Guyot [cve-2026-42789]: https://nvd.nist.gov/vuln/detail/CVE-2026-42789 [cve-2026-42790]: https://nvd.nist.gov/vuln/detail/CVE-2026-42790 [gh-11088]: https://github.com/erlang/otp/issues/11088 [pr-11007]: https://github.com/erlang/otp/pull/11007 [pr-11089]: https://github.com/erlang/otp/pull/11089 [pr-11100]: https://github.com/erlang/otp/pull/11100 [pr-11107]: https://github.com/erlang/otp/pull/11107 [pr-11123]: https://github.com/erlang/otp/pull/11123 [pr-11124]: https://github.com/erlang/otp/pull/11124 [pr-11125]: https://github.com/erlang/otp/pull/11125 [pr-11135]: https://github.com/erlang/otp/pull/11135 [pr-11136]: https://github.com/erlang/otp/pull/11136 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMTIuNCIsInVwZGF0ZWRJblZlciI6IjQzLjIxMi40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZSJdfQ==-->

rosa added 1 commit 2026-06-05 04:02:15 +00:00

chore(deps): update dependency erlang to v29.0.1 dc9b8c7c3c

rosa scheduled this pull request to auto merge when all checks succeed 2026-06-05 04:02:15 +00:00

rosa merged commit dc9b8c7c3c into main 2026-06-05 04:10:26 +00:00

rosa deleted branch renovate/erlang-29.x 2026-06-05 04:10:26 +00:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

rosa/int_set!6

No description provided.