1 |
>>>>> On Sun, 02 May 2021, Fabian Groffen wrote: |
2 |
|
3 |
> Title: Exim >=4.94 disallows tainted variables in transport configurations |
4 |
|
5 |
Title is too long (GLEP 42 allows 50 chars max). |
6 |
|
7 |
> Author: Fabian Groffen <grobian@g.o> |
8 |
> Posted: 2021-05-?? |
9 |
> Revision: 1 |
10 |
> News-Item-Format: 2.0 |
11 |
> Display-If-Installed: mail-mta/exim |
12 |
|
13 |
> Since the release of Exim-4.94, transports refuse to use tainted data in |
14 |
> constructing a delivery location. If you use this in your transports, |
15 |
> your configuration will break, causing errors and possible downtime. |
16 |
|
17 |
> Particularly, the use of $local_part in any transport, should likely be |
18 |
> updated with $local_part_data. Check your local_delivery transport, |
19 |
> which historically used $local_part. |
20 |
|
21 |
> Unfortunately there is not much documentation on "tainted" data for |
22 |
> Exim[1], and to resolve this, non-official sources need to be used, such |
23 |
> as [2] and [3]. |
24 |
|
25 |
I have no idea what this news item is trying to tell me. But I don't use |
26 |
Exim, so probably that's the reason. :) Maybe mention at least that Exim |
27 |
is a mailer? |
28 |
|
29 |
Ulrich |
30 |
|
31 |
> [1] https://lists.exim.org/lurker/message/20201109.222746.24ea3904.en.html |
32 |
> [2] https://mox.sh/sysadmin/tainted-filename-errors-in-exim-4.94/ |
33 |
> [3] https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configuration-variables/ |