Check return values of setgid/setuid.

[users/jgh/exim.git] / doc / doc-txt / ChangeLog

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index d19f30866d91d18e1442a9b8c625ad4c0b85d4d7..a1bd4e7fca8f6057257240b217eb7a15f8051de9 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -12,6 +12,31 @@ TF/01 Failure to get a lock on a hints database can have serious
 TF/02 Log LMTP confirmation messages in the same way as SMTP,
       controlled using the smtp_confirmation log selector.
 
+TF/03 Include the error message when we fail to unlink a spool file.
+
+DW/01 Bugzilla 139: Support dynamically loaded lookups as modules.
+      With thanks to Steve Haslam, Johannes Berg & Serge Demonchaux
+      for maintaining out-of-tree patches for some time.
+
+PP/01 Bugzilla 139: Documentation and portability issues.
+      Avoid GNU Makefile-isms, let Exim continue to build on BSD.
+      Handle per-OS dynamic-module compilation flags.
+
+PP/02 Let /dev/null have normal permissions.
+      The 4.73 fixes were a little too stringent and complained about the
+      permissions on /dev/null.  Exempt it from some checks.
+      Reported by Andreas M. Kirchwitz.
+
+PP/03 Report version information for many libraries, including
+      Exim version information for dynamically loaded libraries.  Created
+      version.h, now support a version extension string for distributors
+      who patch heavily. Dynamic module ABI change.
+
+PP/04 CVE-2011-0017 - check return value of setuid/setgid. This is a
+      privilege escalation vulnerability whereby the Exim run-time user
+      can cause root to append content of the attacker's choosing to
+      arbitrary files.
+
 
 Exim version 4.73
 -----------------