Add dsearch changes to changelog & readme

kurahaupo · kurahaupo · commit 56af238bd836 · 2022-09-02T11:46:17.000+10:00
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
@@ -36,6 +36,13 @@ JH/08 Bug 2915: Fix use-after-free for $regex<n> variables. Previously when
       These variables were introduced in Exim 4.87.
       Debug help from Graeme Fowler.
 
+MK/08 Numerous changes to dsearch lookups: (a) now performs taint check before
+      other validations to prevent an attacker from making inferences from the
+      varying error messages; (b) no longer require "read" permission on the
+      directory (so you can now chmod a-r the dir to improve system security);
+      (c) uses fstatat on systems that support it (reducing the syscall count);
+      (d) additional filter options to support matching all inode types; (e)
+      new ret=dir option. See documentation for full list.
 
 Exim version 4.96
 -----------------
diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff
@@ -9,10 +9,30 @@ the documentation is updated, this file is reduced to a short list.
 Version 4.97
 ------------
 
- 1. The expansion-test faciility (exim -be) can set variables.
+ 1. The expansion-test facility (exim -be) can set variables.
 
  2. An event on a failing SMTP AUTH, for both client and server operations.
 
+ 3. Dsearch lookup will now check for taint violations before doing anything
+    else (this prevents an attacker from inferring the locations of files from
+    differences in error messages).
+
+ 4. Dsearch lookup no longer requires read access to directories; consider
+    revoking read access using chmod go-r /path/to/containing/dir/.
+
+ 5. Dsearch lookup will use fstatat() on systems that support it.
+
+ 6. Dsearch lookup has new option "ret=dir" to return only the name of the
+    containing directory without the target (this simplifies some kinds of
+    nested loopup expansions).
+
+ 7. Dsearch lookup now has filter= parameters to match all common inode types
+    (file, dir, symlink, pipe, socket, tty, & bdev).
+
+ 8. Dsearch lookup has new option "filter=nodots" to exclude "." and ".."
+    even when directory matching is not required; equivalent to "filter=subdir"
+    but without requiring that the target actually be a directory.
+
 Version 4.96
 ------------
 
diff --git a/src/README.UPDATING b/src/README.UPDATING
@@ -26,6 +26,15 @@ The rest of this document contains information about changes in 4.xx releases
 that might affect a running system.
 
 
+Exim version 4.97
+-----------------
+
+The dsearch lookup type no longer requires read permission on its target
+directories; scan permission alone now suffices. If you were relying on
+unreadable directories to block dsearch lookups, you should now make other
+arrangements. Conversely, you may now tighten up the permissions on any
+directories that used to require world or group read access.
+
 Exim version 4.95
 -----------------
 
