Assemble Changelog

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>

ChangeLog

@@ -1,5 +1,56 @@
 Mbed TLS ChangeLog (Sorted per branch, date)
 
+= Mbed TLS x.x.x branch released xxxx-xx-xx
+
+Default behavior changes
+   * In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
+     mbedtls_ssl_handshake() now fails with
+     MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+     if certificate-based authentication of the server is attempted.
+     This is because authenticating a server without knowing what name
+     to expect is usually insecure. To restore the old behavior, either
+     call mbedtls_ssl_set_hostname() with NULL as the hostname, or
+     enable the new compile-time option
+     MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
+     The content of ssl->hostname after mbedtls_ssl_set_hostname(ssl, NULL)
+     has changed, see the documentation of the hostname field in the
+     mbedtls_ssl_context struct type for details.
+
+Security
+   * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
+     if they use certificate authentication (i.e. not pre-shared keys).
+     Otherwise, in many scenarios, the server could be impersonated.
+     The library will now prevent the handshake and return
+     MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+     if mbedtls_ssl_set_hostname() has not been called.
+     CVE-2025-27809
+   * Zeroize temporary heap buffers used in PSA operations.
+   * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
+     or there was a cryptographic hardware failure when calculating the
+     Finished message, it could be calculated incorrectly. This would break
+     the security guarantees of the TLS handshake.
+     CVE-2025-27810
+
+Bugfix
+   * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
+     and 'mbedtls_net_connect' to prevent possible double close fd
+     problems. Fixes #9711.
+   * Fix compilation on MS-DOS DJGPP. Fixes #9813.
+   * Fix missing constraints on the AES-NI inline assembly which is used on
+     GCC-like compilers when building AES for generic x86_64 targets. This
+     may have resulted in incorrect code with some compilers, depending on
+     optimizations. Fixes #9819.
+   * Fix issue where psa_key_derivation_input_integer() is not detecting
+     bad state after an operation has been aborted.
+   * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that
+     occurred whenever SSL debugging was enabled on a copy of Mbed TLS built
+     with Visual Studio 2013 or MinGW.
+     Fixes #10017.
+   * Remove Everest Visual Studio 2010 compatibility headers, which could
+     shadow standard CRT headers inttypes.h and stdbool.h with incomplete
+     implementatios if placed on the include path, eg. when building Mbed TLS
+     with the .sln file shipped with the project.
+
 = Mbed TLS 2.28.9 branch released 2024-08-30
 
 Security

ChangeLog.d/fix-aesni-asm-clobbers.txt

@@ -1,5 +0,0 @@
-Bugfix
-   * Fix missing constraints on the AES-NI inline assembly which is used on
-     GCC-like compilers when building AES for generic x86_64 targets. This
-     may have resulted in incorrect code with some compilers, depending on
-     optimizations. Fixes #9819.

ChangeLog.d/fix-compilation-with-djgpp.txt

@@ -1,2 +0,0 @@
-Bugfix
-   * Fix compilation on MS-DOS DJGPP. Fixes #9813.

ChangeLog.d/fix-key-derive-bad-state-error.txt

@@ -1,3 +0,0 @@
-Bugfix
-   * Fix issue where psa_key_derivation_input_integer() is not detecting
-     bad state after an operation has been aborted.

ChangeLog.d/fix-msvc-version-guard-format-zu.txt

@@ -1,9 +0,0 @@
-Bugfix
-   * Fix definition of MBEDTLS_PRINTF_SIZET to prevent runtime crashes that
-     occurred whenever SSL debugging was enabled on a copy of Mbed TLS built
-     with Visual Studio 2013 or MinGW.
-     Fixes #10017.
-   * Remove Everest Visual Studio 2010 compatibility headers, which could
-     shadow standard CRT headers inttypes.h and stdbool.h with incomplete
-     implementatios if placed on the include path, eg. when building Mbed TLS
-     with the .sln file shipped with the project.

ChangeLog.d/mbedtls_ssl_set_hostname.txt

@@ -1,22 +0,0 @@
-Default behavior changes
-   * In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
-     mbedtls_ssl_handshake() now fails with
-     MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
-     if certificate-based authentication of the server is attempted.
-     This is because authenticating a server without knowing what name
-     to expect is usually insecure. To restore the old behavior, either
-     call mbedtls_ssl_set_hostname() with NULL as the hostname, or
-     enable the new compile-time option
-     MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME.
-     The content of ssl->hostname after mbedtls_ssl_set_hostname(ssl, NULL)
-     has changed, see the documentation of the hostname field in the
-     mbedtls_ssl_context struct type for details.
-
-Security
-   * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
-     if they use certificate authentication (i.e. not pre-shared keys).
-     Otherwise, in many scenarios, the server could be impersonated.
-     The library will now prevent the handshake and return
-     MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
-     if mbedtls_ssl_set_hostname() has not been called.
-     CVE-2025-27809

ChangeLog.d/psa-zeroize.txt

@@ -1,2 +0,0 @@
-Security
-   * Zeroize temporary heap buffers used in PSA operations.

ChangeLog.d/replace-close-with-mbedtls_net_close.txt

@@ -1,4 +0,0 @@
-Bugfix
-   * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
-     and 'mbedtls_net_connect' to prevent possible double close fd
-     problems. Fixes #9711.

ChangeLog.d/tls12-check-finished-calc.txt

@@ -1,6 +0,0 @@
-Security
-   * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
-     or there was a cryptographic hardware failure when calculating the
-     Finished message, it could be calculated incorrectly. This would break
-     the security guarantees of the TLS handshake.
-     CVE-2025-27810