From 368ecb000c58995c5f61443d45d43942f1f431d0 Mon Sep 17 00:00:00 2001
From: "Heiko Schlittermann (HS12-RIPE)" <hs@schlittermann.de>
Date: Sat, 3 Apr 2021 09:29:13 +0200
Subject: [PATCH] update doc

(cherry picked from commit 77cc1ad3058e4ef7ae82adb914ccff0be9fe2c8b)
---
 doc/doc-docbook/spec.xfpt | 29 +++++++++++++++++++++++++
 doc/doc-txt/NewStuff      | 45 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index c59468716..05d8e6ed1 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -239,6 +239,14 @@
   <secondary>failure report</secondary>
   <see><emphasis>bounce message</emphasis></see>
 </indexterm>
+<indexterm role="concept">
+  <primary>de-tainting</primary>
+  <see><emphasis>tainting, de-tainting</emphasis></see>
+</indexterm>
+<indexterm role="concept">
+  <primary>detainting</primary>
+  <see><emphasis>tainting, de-tainting</emphasis></see>
+</indexterm>
 <indexterm role="concept">
   <primary>dialup</primary>
   <see><emphasis>intermittently connected hosts</emphasis></see>
@@ -9606,6 +9614,8 @@ reasons,
 and expansion of data deriving from the sender (&"tainted data"&)
 .new
 is not permitted (including acessing a file using a tainted name).
+The main config option &%allow_insecure_tainted_data%& can be used as
+mitigation during uprades to more secure configurations.
 .wen
 
 .new
@@ -14590,6 +14600,7 @@ listed in more than one group.
 .section "Miscellaneous" "SECID96"
 .table2
 .row &%add_environment%&             "environment variables"
+.row &%allow_insecure_tainted_data%& "turn taint errors into warnings"
 .row &%bi_command%&                  "to run for &%-bi%& command line option"
 .row &%debug_store%&                 "do extra internal checks"
 .row &%disable_ipv6%&                "do no IPv6 processing"
@@ -15201,6 +15212,18 @@ domains (defined in the named domain list &%local_domains%& in the default
 configuration). This &"magic string"& matches the domain literal form of all
 the local host's IP addresses.
 
+.new
+.option allow_insecure_tainted_data main boolean false
+.cindex "de-tainting"
+.oindex "allow_insecure_tainted_data"
+The handling of tainted data may break older (pre 4.94) configurations.
+Setting this option to "true" turns taint errors (which result in a temporary
+message rejection) into warnings. This option is meant as mitigation only
+and deprecated already today. Future releases of Exim may ignore it.
+The &%taint%& log selector can be used to suppress even the warnings.
+.wen
+
+
 
 .option allow_mx_to_ip main boolean false
 .cindex "MX record" "pointing to IP address"
@@ -38750,6 +38773,7 @@ selection marked by asterisks:
 &` smtp_protocol_error        `&  SMTP protocol errors
 &` smtp_syntax_error          `&  SMTP syntax errors
 &` subject                    `&  contents of &'Subject:'& on <= lines
+&`*taint                      `&  taint errors or warnings
 &`*tls_certificate_verified   `&  certificate verification status
 &`*tls_cipher                 `&  TLS cipher suite on <= and => lines
 &` tls_peerdn                 `&  TLS peer DN on <= and => lines
@@ -39145,6 +39169,11 @@ using a CA trust anchor,
 &`CV=dane`& if using a DNS trust anchor,
 and &`CV=no`& if not.
 .next
+.cindex "log" "Taint warnings"
+&%taint%&: Log warnings about tainted data. This selector can't be
+turned of if &%allow_insecure_tainted_data%& is false (which is the
+default).
+.next
 .cindex "log" "TLS cipher"
 .cindex "TLS" "logging cipher"
 &%tls_cipher%&: When a message is sent or received over an encrypted
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
index 46a69c1d7..0ef9ab25e 100644
--- a/doc/doc-txt/NewStuff
+++ b/doc/doc-txt/NewStuff
@@ -56,6 +56,51 @@ Version 4.95
 
 16. Main option "hosts_require_helo", requiring HELO or EHLO before MAIL.
 
+Version 4.95
+------------
+
+ 1. The fast-ramp two phase queue run support, previously experimental, is
+    now supported by default.
+
+ 2. The native SRS support, previously experimental, is now supported. It is
+    not built unless specified in the Local/Makefile.
+
+ 3. TLS resumption support, previously experimental, is now supported and
+    included in default builds.
+
+ 4. Single-key LMDB lookups, previously experimental, are now supported.
+    The support is not built unless specified in the Local/Makefile.
+
+ 5. Option "message_linelength_limit" on the smtp transport to enforce (by
+    default) the RFC 998 character limit.
+
+ 6. An option to ignore the cache on a lookup.
+
+ 7. Quota checking during reception (i.e. at SMTP time) for appendfile-
+    transport-managed quotas.
+
+ 8. Sqlite lookups accept a "file=<path>" option to specify a per-operation
+    db file, replacing the previous prefix to the SQL string (which had
+    issues when the SQL used tainted values).
+
+ 9. Lsearch lookups accept a "ret=full" option, to return both the portion
+    of the line matching the key, and the remainder.
+
+10. A command-line option to have a daemon not create a notifier socket.
+
+11. Faster TLS startup.  When various configuration options contain no
+    expandable elements, the information can be preloaded and cached rather
+    than the provious behaviour of always loading at startup time for every
+    connection.  This helps particularly for the CA bundle.
+
+12. Proxy Protocol Timeout is configurable via "proxy_protocol_timeout"
+    main config option.
+
+13. Option "smtp_accept_msx_per_connection" is now expanded.
+
+13. A main config option "allow_insecure_tainted_data" allows to turn
+    taint errors into warnings.
+
 Version 4.94
 ------------
 
-- 
2.30.2