25 Apr
2022
25 Apr
'22
3:36 p.m.
Hi, all
The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as described on https://wiki.dovecot.org/LDA/Exim
Here is the relevant ChangeLog entry:
JH/25 Taint-check exec arguments for transport-initiated external processes. Previously, tainted values could be used. This affects "pipe", "lmtp" and "queryprogram" transport, transport-filter, and ETRN commands. The ${run} expansion is also affected: in "preexpand" mode no part of the command line may be tainted, in default mode the executable name may not be tainted.
As of now I don't have a personal working solution to get untained data. I did try a small hack, but Exim was smart enough to see what I was doing.
-- -- Kirill Miazine km@krot.org