From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0FD601382C5 for ; Sun, 2 May 2021 10:50:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BCE76E0907; Sun, 2 May 2021 10:50:10 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 6C068E0900 for ; Sun, 2 May 2021 10:50:10 +0000 (UTC) Date: Sun, 2 May 2021 12:50:02 +0200 From: Fabian Groffen To: gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] [News item review v2] Exim >=4.94 transports: tainted not permitted Message-ID: Mail-Followup-To: gentoo-dev@lists.gentoo.org Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4fsc0Qi7aV4Pq+p5" Content-Disposition: inline List-Id: Gentoo Linux mail User-Agent: Mutt/2.0.6 (Darwin 20.3.0, VIM - Vi IMproved 8.2) X-Archives-Salt: 6008e4f9-6259-4573-834b-fecafa2a121c X-Archives-Hash: 50ffe6439c7d27f9e9c732700657d31e --4fsc0Qi7aV4Pq+p5 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Title: Exim>=3D4.94 transports: tainted not permitted Author: Fabian Groffen Posted: 2021-05-?? Revision: 1 News-Item-Format: 2.0 Display-If-Installed: mail-mta/exim The Message Transfer Agent Exim disallows tainted variables in transport configurations since version 4.94. Existing exim.conf configurations in /etc/exim need to be reviewed for breakage prior to upgrading to >=3Dmail-mta/exim-4.94 to avoid error conditions at runtime. Since the release of Exim-4.94, transports refuse to use tainted data in constructing a delivery location. If you use this in your transports, your configuration will break, causing errors and possible downtime. Particularly, the use of $local_part in any transport, should likely be updated with $local_part_data. Check your local_delivery transport, which historically used $local_part. Unfortunately there is not much documentation on "tainted" data for Exim[1], and to resolve this, non-official sources need to be used, such as [2] and [3]. [1] https://lists.exim.org/lurker/message/20201109.222746.24ea3904.en.html [2] https://mox.sh/sysadmin/tainted-filename-errors-in-exim-4.94/ [3] https://jimbobmcgee.wordpress.com/2020/07/29/de-tainting-exim-configura= tion-variables/ --=20 Fabian Groffen Gentoo on a different level --4fsc0Qi7aV4Pq+p5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAABCgAdFiEELUvHd/Gtp7LaU1vuzpXahU5EQpMFAmCOg9kACgkQzpXahU5E QpPLWgf/f0rcq30MSwoYotuUytwVXRzVBuCHBr58QjLMSoGtp9QFaMh9rT6TnCmx rBFjwg1domCYqBvdX6SE9hJmVfCZlv7HRW+XZQ9HBsf01bHBLp/uL6ye+kvwIV69 2ud1ywOl6h6xIwvgrKKNHPqOFulXieIwbv7/pj/tRqbVGeKxyQXMHkNGK434j/VM 8N3EthXzCMPAWD5A2A+s5mJgUdjTzWph58o0ByO3SvC4q1Vl9Ao7QW/JYKR4LQxo 3PFvW8GzO74xnGRvlnQFJkS+bs98feis0uoooP86co1AT5twk6rKlCRej4Ib9Gxm UUNSQluinTLXTTUG9DtJgjCs2+TYnw== =cDEB -----END PGP SIGNATURE----- --4fsc0Qi7aV4Pq+p5--