Assemble Changelog
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/ChangeLog b/ChangeLog
index d36ff4e..07db747 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,56 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS x.x.x branch released xxxx-xx-xx
+
+Default behavior changes
+ * In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
+ mbedtls_ssl_handshake() now fails with
+ MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ if certificate-based authentication of the server is attempted.
+ This is because authenticating a server without knowing what name
+ to expect is usually insecure. To restore the old behavior, either
+ call mbedtls_ssl_set_hostname() with NULL as the hostname, or
+ enable the new compile-time option
+ MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
+ The content of ssl->hostname after mbedtls_ssl_set_hostname(ssl, NULL)
+ has changed, see the documentation of the hostname field in the
+ mbedtls_ssl_context struct type for details.
+
+Security
+ * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
+ if they use certificate authentication (i.e. not pre-shared keys).
+ Otherwise, in many scenarios, the server could be impersonated.
+ The library will now prevent the handshake and return
+ MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ if mbedtls_ssl_set_hostname() has not been called.
+ CVE-2025-27809
+ * Zeroize temporary heap buffers used in PSA operations.
+ * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
+ or there was a cryptographic hardware failure when calculating the
+ Finished message, it could be calculated incorrectly. This would break
+ the security guarantees of the TLS handshake.
+ CVE-2025-27810
+
+Bugfix
+ * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
+ and 'mbedtls_net_connect' to prevent possible double close fd
+ problems. Fixes #9711.
+ * Fix compilation on MS-DOS DJGPP. Fixes #9813.
+ * Fix missing constraints on the AES-NI inline assembly which is used on
+ GCC-like compilers when building AES for generic x86_64 targets. This
+ may have resulted in incorrect code with some compilers, depending on
+ optimizations. Fixes #9819.
+ * Fix issue where psa_key_derivation_input_integer() is not detecting
+ bad state after an operation has been aborted.
+ * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that
+ occurred whenever SSL debugging was enabled on a copy of Mbed TLS built
+ with Visual Studio 2013 or MinGW.
+ Fixes #10017.
+ * Remove Everest Visual Studio 2010 compatibility headers, which could
+ shadow standard CRT headers inttypes.h and stdbool.h with incomplete
+ implementatios if placed on the include path, eg. when building Mbed TLS
+ with the .sln file shipped with the project.
+
= Mbed TLS 2.28.9 branch released 2024-08-30
Security
diff --git a/ChangeLog.d/fix-aesni-asm-clobbers.txt b/ChangeLog.d/fix-aesni-asm-clobbers.txt
deleted file mode 100644
index 538f0c5..0000000
--- a/ChangeLog.d/fix-aesni-asm-clobbers.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix missing constraints on the AES-NI inline assembly which is used on
- GCC-like compilers when building AES for generic x86_64 targets. This
- may have resulted in incorrect code with some compilers, depending on
- optimizations. Fixes #9819.
diff --git a/ChangeLog.d/fix-compilation-with-djgpp.txt b/ChangeLog.d/fix-compilation-with-djgpp.txt
deleted file mode 100644
index 5b79fb6..0000000
--- a/ChangeLog.d/fix-compilation-with-djgpp.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix compilation on MS-DOS DJGPP. Fixes #9813.
diff --git a/ChangeLog.d/fix-key-derive-bad-state-error.txt b/ChangeLog.d/fix-key-derive-bad-state-error.txt
deleted file mode 100644
index 0bccf77..0000000
--- a/ChangeLog.d/fix-key-derive-bad-state-error.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix issue where psa_key_derivation_input_integer() is not detecting
- bad state after an operation has been aborted.
diff --git a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt b/ChangeLog.d/fix-msvc-version-guard-format-zu.txt
deleted file mode 100644
index 2713f6c..0000000
--- a/ChangeLog.d/fix-msvc-version-guard-format-zu.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-Bugfix
- * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that
- occurred whenever SSL debugging was enabled on a copy of Mbed TLS built
- with Visual Studio 2013 or MinGW.
- Fixes #10017.
- * Remove Everest Visual Studio 2010 compatibility headers, which could
- shadow standard CRT headers inttypes.h and stdbool.h with incomplete
- implementatios if placed on the include path, eg. when building Mbed TLS
- with the .sln file shipped with the project.
diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
deleted file mode 100644
index 913c185..0000000
--- a/ChangeLog.d/mbedtls_ssl_set_hostname.txt
+++ /dev/null
@@ -1,22 +0,0 @@
-Default behavior changes
- * In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
- mbedtls_ssl_handshake() now fails with
- MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
- if certificate-based authentication of the server is attempted.
- This is because authenticating a server without knowing what name
- to expect is usually insecure. To restore the old behavior, either
- call mbedtls_ssl_set_hostname() with NULL as the hostname, or
- enable the new compile-time option
- MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
- The content of ssl->hostname after mbedtls_ssl_set_hostname(ssl, NULL)
- has changed, see the documentation of the hostname field in the
- mbedtls_ssl_context struct type for details.
-
-Security
- * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
- if they use certificate authentication (i.e. not pre-shared keys).
- Otherwise, in many scenarios, the server could be impersonated.
- The library will now prevent the handshake and return
- MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
- if mbedtls_ssl_set_hostname() has not been called.
- CVE-2025-27809
diff --git a/ChangeLog.d/psa-zeroize.txt b/ChangeLog.d/psa-zeroize.txt
deleted file mode 100644
index e597302..0000000
--- a/ChangeLog.d/psa-zeroize.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Security
- * Zeroize temporary heap buffers used in PSA operations.
diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
deleted file mode 100644
index 213cf55..0000000
--- a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
- and 'mbedtls_net_connect' to prevent possible double close fd
- problems. Fixes #9711.
diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt
deleted file mode 100644
index cd52d32..0000000
--- a/ChangeLog.d/tls12-check-finished-calc.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Security
- * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
- or there was a cryptographic hardware failure when calculating the
- Finished message, it could be calculated incorrectly. This would break
- the security guarantees of the TLS handshake.
- CVE-2025-27810