Changes 4.76:
* The new ldap_require_cert option would segfault if used.  Fixed.
* Harmonised TLS library version reporting; only show if debugging.
  Layout now matches that introduced for other libraries in 4.74 PP/03.
* New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1
* New "dns_use_edns0" global option.
* Don't segfault on misconfiguration of ref:name exim-user as uid.
* Extra paranoia around buffer usage at the STARTTLS transition.
  nb: Exim is not vulnerable to http://www.kb.cert.org/vuls/id/555316
* Updated PolarSSL code to 0.14.2.
* Catch divide-by-zero in ${eval:...}.
* Condition negation of bool{}/bool_lax{} did not negate.  Fixed.
* CVE-2011-1764 - DKIM log line was subject to a format-string attack --
  SECURITY: remote arbitrary code execution.
* SECURITY - DKIM signature header parsing was double-expanded, second
  time unintentionally subject to list matching rules, letting the header
  cause arbitrary Exim lookups (of items which can occur in lists, *not*
  arbitrary string expansion). This allowed for information disclosure.
* Fix another SIGFPE (x86) in ${eval:...} expansion, this time related to
  INT_MIN/-1 -- value coerced to INT_MAX.

(adam)