X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/5fcc791a74a6f6933b3fb03f36e9ea3553152cf7..0b4dfe7aa1f12214abdfa1037497d6c49a471612:/doc/doc-txt/ChangeLog?ds=sidebyside diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 74568ce3f..9de2e1194 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -93,6 +93,7 @@ JH/20 Taint checking: disallow use of tainted data for - the autoreply transport file, log and once options - file names used by the redirect router (including filter files) - named-queue names + - paths used by single-key lookups Previously this was permitted. JH/21 Bug 2501: Fix init call in the heimdal authenticator. Previously it @@ -152,6 +153,17 @@ JH/31 Fix spurious detection of timeout while writing to transport filter. JH/32 Bug 2541: Fix segfault on bad cmdline -f (sender) argument. Previously an attempt to copy the string was made before checking it. +JH/33 Fix the dsearch lookup to return an untainted result. Previously the + taint of the lookup key was maintained; we now regard the presence in the + filesystem as sufficient validation. + +JH/34 Fix the readsocket expansion to not segfault when an empty "options" + argument is supplied. + +JH/35 The dsearch lookup now requires that the directory is an absolute path. + Previously this was not checked, and nonempty relative paths made an + access under Exim's current working directory. + Exim version 4.93 -----------------