Assemble Changelog
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
diff --git a/ChangeLog b/ChangeLog
index 5434e55..497d719 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,57 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS x.x.x branch released xxxx-xx-xx
+
+Features
+ * AES-NI is now supported in Windows builds with clang and clang-cl.
+ Resolves #8372.
+ * Add pc files for pkg-config. eg.:
+ pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
+
+Security
+ * Passing buffers that are stored in untrusted memory as arguments
+ to PSA functions is now secure by default.
+ The PSA core now protects against modification of inputs or exposure
+ of intermediate outputs during operations. This is currently implemented
+ by copying buffers.
+ This feature increases code size and memory usage. If buffers passed to
+ PSA functions are owned exclusively by the PSA core for the duration of
+ the function call (i.e. no buffer parameters are in shared memory),
+ copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.
+ Note that setting this option will cause input-output buffer overlap to
+ be only partially supported (#3266).
+ Fixes CVE-2024-28960
+
+Bugfix
+ * Fix the build with CMake when Everest is enabled through
+ a user configuration file or the compiler command line. Fixes #8165.
+ * Fix an inconsistency between implementations and usages of `__cpuid`,
+ which mainly causes failures when building Windows target using
+ mingw or clang. Fixes #8334 & #8332.
+ * Correct initial capacities for key derivation algorithms:TLS12_PRF,
+ TLS12_PSK_TO_MS
+ * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
+ multiple of 8. Fixes #868.
+ * Avoid segmentation fault caused by releasing not initialized
+ entropy resource in gen_key example. Fixes #8809.
+ * Fix missing bitflags in SSL session serialization headers. Their absence
+ allowed SSL sessions saved in one configuration to be loaded in a
+ different, incompatible configuration.
+ * Fix the restoration of the ALPN when loading serialized connection with
+ * the mbedtls_ssl_context_load() API.
+ * Fully support arbitrary overlap between inputs and outputs of PSA
+ functions. Note that overlap is still only partially supported when
+ MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266).
+
+Changes
+ * Use heap memory to allocate DER encoded public/private key.
+ This reduces stack usage significantly for writing a public/private
+ key to a PEM string.
+ * cmake: Use GnuInstallDirs to customize install directories
+ Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
+ variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if
+ LIB_INSTALL_DIR is set.
+
= Mbed TLS 2.28.7 branch released 2024-01-26
Security
diff --git a/ChangeLog.d/8372.txt b/ChangeLog.d/8372.txt
deleted file mode 100644
index 4a72edf..0000000
--- a/ChangeLog.d/8372.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * AES-NI is now supported in Windows builds with clang and clang-cl.
- Resolves #8372.
diff --git a/ChangeLog.d/cmake_use_GnuInstallDirs.txt b/ChangeLog.d/cmake_use_GnuInstallDirs.txt
deleted file mode 100644
index d848755..0000000
--- a/ChangeLog.d/cmake_use_GnuInstallDirs.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * cmake: Use GnuInstallDirs to customize install directories
- Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
- variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if
- LIB_INSTALL_DIR is set.
diff --git a/ChangeLog.d/fix-alpn-negotiating-bug.txt b/ChangeLog.d/fix-alpn-negotiating-bug.txt
deleted file mode 100644
index 3bceb37..0000000
--- a/ChangeLog.d/fix-alpn-negotiating-bug.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix the restoration of the ALPN when loading serialized connection with
- * the mbedtls_ssl_context_load() API.
diff --git a/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt b/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt
deleted file mode 100644
index c52aa3d..0000000
--- a/ChangeLog.d/fix-cmake-3rdparty-custom-config.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix the build with CMake when Everest is enabled through
- a user configuration file or the compiler command line. Fixes #8165.
diff --git a/ChangeLog.d/fix-mingw32-build.txt b/ChangeLog.d/fix-mingw32-build.txt
deleted file mode 100644
index feef0a2..0000000
--- a/ChangeLog.d/fix-mingw32-build.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix an inconsistency between implementations and usages of `__cpuid`,
- which mainly causes failures when building Windows target using
- mingw or clang. Fixes #8334 & #8332.
diff --git a/ChangeLog.d/fix-ssl-session-serialization-config.txt b/ChangeLog.d/fix-ssl-session-serialization-config.txt
deleted file mode 100644
index ca1cc81..0000000
--- a/ChangeLog.d/fix-ssl-session-serialization-config.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix missing bitflags in SSL session serialization headers. Their absence
- allowed SSL sessions saved in one configuration to be loaded in a
- different, incompatible configuration.
diff --git a/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt b/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt
deleted file mode 100644
index 11b8278..0000000
--- a/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Correct initial capacities for key derivation algorithms:TLS12_PRF,
- TLS12_PSK_TO_MS
diff --git a/ChangeLog.d/gen-key-segfault.txt b/ChangeLog.d/gen-key-segfault.txt
deleted file mode 100644
index fefc702..0000000
--- a/ChangeLog.d/gen-key-segfault.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Avoid segmentation fault caused by releasing not initialized
- entropy resource in gen_key example. Fixes #8809.
diff --git a/ChangeLog.d/pkg-config-files-addition.txt b/ChangeLog.d/pkg-config-files-addition.txt
deleted file mode 100644
index 5df6ffb..0000000
--- a/ChangeLog.d/pkg-config-files-addition.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Features
- * Add pc files for pkg-config. eg.:
- pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
diff --git a/ChangeLog.d/pkwrite-pem-use-heap.txt b/ChangeLog.d/pkwrite-pem-use-heap.txt
deleted file mode 100644
index 11db7b6..0000000
--- a/ChangeLog.d/pkwrite-pem-use-heap.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Changes
- * Use heap memory to allocate DER encoded public/private key.
- This reduces stack usage significantly for writing a public/private
- key to a PEM string.
diff --git a/ChangeLog.d/psa-shared-memory-protection.txt b/ChangeLog.d/psa-shared-memory-protection.txt
deleted file mode 100644
index 09779b7..0000000
--- a/ChangeLog.d/psa-shared-memory-protection.txt
+++ /dev/null
@@ -1,17 +0,0 @@
-Security
- * Passing buffers that are stored in untrusted memory as arguments
- to PSA functions is now secure by default.
- The PSA core now protects against modification of inputs or exposure
- of intermediate outputs during operations. This is currently implemented
- by copying buffers.
- This feature increases code size and memory usage. If buffers passed to
- PSA functions are owned exclusively by the PSA core for the duration of
- the function call (i.e. no buffer parameters are in shared memory),
- copying may be disabled by setting MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS.
- Note that setting this option will cause input-output buffer overlap to
- be only partially supported (#3266).
- Fixes CVE-2024-28960
-Bugfix
- * Fully support arbitrary overlap between inputs and outputs of PSA
- functions. Note that overlap is still only partially supported when
- MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set (#3266).
diff --git a/ChangeLog.d/rsa-bitlen.txt b/ChangeLog.d/rsa-bitlen.txt
deleted file mode 100644
index 9cb8689..0000000
--- a/ChangeLog.d/rsa-bitlen.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
- multiple of 8. Fixes #868.