SECURITY: DKIM DNS buffer overflow protection

[exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 23c727c9291bafeb771ee22c8329de7241e84cb3..bc2fbc67192d3083bfecb785a1bd06d5149297a3 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,6 +1,14 @@
 Change log file for Exim from version 4.21
 -------------------------------------------
 
 Change log file for Exim from version 4.21
 -------------------------------------------
 

+Exim version 4.80.1
+-------------------
+
+PP/01 SECURITY: protect DKIM DNS decoding from remote exploit.
+      CVE-2012-5671
+      This, or similar/improved, will also be change PP/11 of 4.81.
+
+

 Exim version 4.80
 -----------------
 
 Exim version 4.80
 -----------------
 


@@ -146,6 +154,25 @@ PP/34 Validate tls_require_ciphers on startup, since debugging an invalid
       relatively easy to get wrong.  Should also expose TLS library linkage
       problems.
 
       relatively easy to get wrong.  Should also expose TLS library linkage
       problems.
 

+PP/35 Pull in <features.h> on Linux, for some portability edge-cases of
+      64-bit ${eval} (JH/03).
+
+PP/36 Define _GNU_SOURCE in exim.h; it's needed for some releases of
+      GNU libc to support some of the 64-bit stuff, should not lead to
+      conflicts.  Defined before os.h is pulled in, so if a given platform
+      needs to override this, it can.
+
+PP/37 Unbreak Cyrus SASL auth: SSF retrieval was incorrect, Exim thought
+      protection layer was required, which is not implemented.
+      Bugzilla 1254, patch from Wolfgang Breyha.
+
+PP/38 Overhaul DH prime handling, supply RFC-specified DH primes as built
+      into Exim, default to IKE id 23 from RFC 5114 (2048 bit).  Make
+      tls_dhparam take prime identifiers.  Also unbreak combination of
+      OpenSSL+DH_params+TLSSNI.
+
+PP/39 Disable SSLv2 by default in OpenSSL support.
+

 
 Exim version 4.77
 -----------------
 
 Exim version 4.77
 -----------------