Taintcheck transport-process arguments

author: Jeremy Harris <jgh146exb@wizmail.org> 2022-03-27 20:41:05 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2022-03-27 21:00:33 +0100
commit: cfe6acff2ddc7eb03b3489770219edf829abd323 (patch)
tree: f3c643b463a9a9226e46739c080411613f828c38 /doc/doc-txt/ChangeLog
parent: 5800e3234f2594639d82e5063d9c522c6a881d25 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1c799b664..913518dea 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -100,6 +100,18 @@ JH/23 Bug 2864: FreeBSD: fix transport hang after 4xx/5xx response. Previously
       resulted in the library waiting for the peer's Close.  If that was never
       sent we waited forever.  Fix by tracking send calls.
 
+JH/24 The ${run} expansion item now expands its command string elements after
+      splitting.  Previously it was before; the new ordering makes handling
+      zero-length arguments simpler.  The old ordering can be obtained by
+      appending a new option "preexpand", after a comma, to the "run".
+
+JH/25 Taint-check exec arguments for transport-initiated external processes.
+      Previously, tainted values could be used.  This affects "pipe", "lmtp" and
+      "queryprogram" transport, transport-filter, and ETRN commands.
+      The ${run} expansion is also affected: in "preexpand" mode no part of
+      the command line may be tainted, in default mode the executable name
+      may not be tainted.
+
 
 Exim version 4.95
 -----------------
author	Jeremy Harris <jgh146exb@wizmail.org>	2022-03-27 20:41:05 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2022-03-27 21:00:33 +0100
commit	cfe6acff2ddc7eb03b3489770219edf829abd323 (patch)
tree	f3c643b463a9a9226e46739c080411613f828c38 /doc/doc-txt/ChangeLog
parent	5800e3234f2594639d82e5063d9c522c6a881d25 (diff)