diff --git a/ChangeLog b/ChangeLog
index ea9c089..6a66805 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+=== 1.5 (2013-03-XX)
+
+- added support for signing MSI files (patch from Marc-André Lureau)
+- calculate correct PE checksum instead of setting it to 0
+	 (patch from Roland Schwingel)
+- added support for extracting/removing/verifying signature on PE files
+- fixed problem with not being able to decode timestamps with no newlines
+- added stricter checks for PE file validity
+- added support for reading keys from PVK files (requires OpenSSL 1.0.0 or later)
+
+
 === 1.4 (2011-08-12)
 
 - improved build system (patch from Alon Bar-Lev)
@@ -6,7 +17,6 @@
 - added support for sha1/sha256 - default hash is now sha1
 - added flag for commercial signing (default is individual)
 
-
 === 1.3.1 (2009-08-07)
 
 - support signing of 64-bit executables (fix  from Paul Kendall)
diff --git a/README b/README
index 44ee94e..3bac87b 100644
--- a/README
+++ b/README
@@ -47,11 +47,12 @@ to do the signing with the Microsoft signcode.exe:
 
   http://www.matthew-jones.com/articles/codesigning.html
 
-To sign with osslsigncode you need the spc file mentioned
-in the article above, and you will also need the private
-key, but not as a pvk file - it must be a simple key file
-on DER format or in PEM format. You can create a DER file
-from the PEM file by doing:
+To sign with osslsigncode you need the spc file mentioned in the
+article above, and you will also need the private key, it must
+be a key file in DER or PEM format, or if osslsigncode was
+compiled against OpenSSL 1.0.0 or later, in PVK format.
+
+. You can create a DER file from the PEM file by doing:
 
   openssl rsa -passin pass:XXXXX -outform der \
         -in <pem-key-file> -out <der-key-file>
@@ -62,7 +63,13 @@ To sign an EXE or MSI file you can now do:
         -n "Your Application" -i http://www.yourwebsite.com/ \
         -in yourapp.exe -out yourapp-signed.exe
 
-or if you are using the PEM key file:
+or if you are using a PVK key file:
+
+  osslsigncode -spc <spc-file> -pvk <der-key-file> \
+        -n "Your Application" -i http://www.yourwebsite.com/ \
+        -in yourapp.exe -out yourapp-signed.exe
+
+or if you are using a PEM key file:
 
   osslsigncode -spc <spc-file> -key <der-key-file> -pass <pem-password> \
         -n "Your Application" -i http://www.yourwebsite.com/ \
diff --git a/TODO b/TODO
index 8daf424..f06d961 100644
--- a/TODO
+++ b/TODO
@@ -1,9 +1,11 @@
-- tool for extracting/removing the signature
+- page hashing support
+- RFC3161 timestamping
+- signature extraction/removal/verificaton on MSI/CAB files
+- improved signature verification on PE files
+- clean up / untangle code
 - separate timestamping
 - man page
-- verify signatures
 - remove mmap usage to increase portability
 - tests
 - fix other stuff marked 'XXX'
 - free memory properly :)
-