| 1 |
>>>>> On Sun, 02 May 2021, Fabian Groffen wrote: |
| 2 |
|
| 3 |
> Title: Exim >=4.94 disallows tainted variables in transport configurations |
| 4 |
|
| 5 |
Title is too long (GLEP 42 allows 50 chars max). |
| 6 |
|
| 7 |
> Author: Fabian Groffen <grobian@g.o> |
| 8 |
> Posted: 2021-05-?? |
| 9 |
> Revision: 1 |
| 10 |
> News-Item-Format: 2.0 |
| 11 |
> Display-If-Installed: mail-mta/exim |
| 12 |
|
| 13 |
> Since the release of Exim-4.94, transports refuse to use tainted data in |
| 14 |
> constructing a delivery location. If you use this in your transports, |
| 15 |
> your configuration will break, causing errors and possible downtime. |
| 16 |
|
| 17 |
> Particularly, the use of $local_part in any transport, should likely be |
| 18 |
> updated with $local_part_data. Check your local_delivery transport, |
| 19 |
> which historically used $local_part. |
| 20 |
|
| 21 |
> Unfortunately there is not much documentation on "tainted" data for |
| 22 |
> Exim[1], and to resolve this, non-official sources need to be used, such |
| 23 |
> as [2] and [3]. |
| 24 |
|
| 25 |
I have no idea what this news item is trying to tell me. But I don't use |
| 26 |
Exim, so probably that's the reason. :) Maybe mention at least that Exim |
| 27 |
is a mailer? |
| 28 |
|
| 29 |
Ulrich |
| 30 |
|
| 31 |
> [1] https://lists.exim.org/lurker/message/20201109.222746.24ea3904.en.html |
| 32 |
> [2] https://mox.sh/sysadmin/tainted-filename-errors-in-exim-4.94/ |
| 33 |
> [3] https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/ |
Archives