From 369ea7a041b5a47c28dcf3cefbf5258794eb04df Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 2 Oct 2025 15:43:02 +0100
Subject: [PATCH] Assemble ChangeLog

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 ChangeLog                                     | 43 +++++++++++++++++++
 .../fix-dependency-on-generated-files.txt     |  3 --
 ChangeLog.d/gcd-sign.txt                      |  5 ---
 ChangeLog.d/mbedtls_cipher_finish_padded.txt  |  4 --
 ChangeLog.d/pkcs7-padding-error-leak.txt      |  5 ---
 ChangeLog.d/psa_can_do_cipher.txt             |  5 ---
 ChangeLog.d/replace_time_t.txt                |  4 --
 ChangeLog.d/ssbleed-mstep.txt                 | 12 ------
 8 files changed, 43 insertions(+), 38 deletions(-)
 delete mode 100644 ChangeLog.d/fix-dependency-on-generated-files.txt
 delete mode 100644 ChangeLog.d/gcd-sign.txt
 delete mode 100644 ChangeLog.d/mbedtls_cipher_finish_padded.txt
 delete mode 100644 ChangeLog.d/pkcs7-padding-error-leak.txt
 delete mode 100644 ChangeLog.d/psa_can_do_cipher.txt
 delete mode 100644 ChangeLog.d/replace_time_t.txt
 delete mode 100644 ChangeLog.d/ssbleed-mstep.txt

diff --git a/ChangeLog b/ChangeLog
index 4d4bbdbe51..59a9604394 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,48 @@
 Mbed TLS ChangeLog (Sorted per branch, date)
 
+= Mbed TLS 3.6.5 branch released 2025-10-15
+
+API changes
+   * When building the library as a PSA client (MBEDTLS_PSA_CRYPTO_CLIENT
+     enabled and MBEDTLS_PSA_CRYPTO_C disabled), you need to provide the
+     function psa_can_do_cipher() in addition to psa_can_do_hash(). This
+     changed was made in Mbed TLS 3.6.0 but was not announced then.
+
+Features
+   * The new function mbedtls_cipher_finish_padded() is similar to
+     mbedtls_cipher_finish(), but makes it easier to process invalid-padding
+     conditions in constant time.
+
+Security
+   * Fix a timing side channel in CBC-PKCS7 decryption that could
+     allow an attacker who can submit chosen ciphertexts to recover
+     some plaintexts through a timing-based padding oracle attack.
+     Credits to Beat Heeb from Oberon microsystems AG. CVE-2025-59438
+   * Fix a local timing side-channel in modular inversion and GCD that was
+     exploitable in RSA key generation and other RSA operations (see the full
+     advisory for details), allowing a local attacker to fully recover the
+     private key. This can be exploited on some Arm-v9 CPUs by an unprivileged
+     attacker running code on the same core (SSBleed), or when Trustzone-M is
+     used, by the non-secure side abusing timer interrupts (M-Step), and
+     probably in other similar settings as well. Found and reported
+     independently by: SSBleed: Chang Liu (Tsinghua University) and Trevor E.
+     Carlson (National University of Singapore); M-Step: Cristiano Rodrigues
+     (University of Minho), Marton Bognar (DistriNet, KU Leuven), Sandro Pinto
+     (University of Minho), Jo Van Bulck (DistriNet, KU Leuven). CVE-2025-54764
+
+Bugfix
+    * Fix potential CMake parallel build failure when building both the static
+      and shared libraries.
+   * Fix a build error or incorrect TLS session
+     lifetime on platforms where mbedtls_time_t
+     is not time_t. Fixes #10236.
+
+Changes
+   * The function mbedtls_mpi_gcd() now always gives a non-negative output.
+     Previously the output was negative when B = 0 and A < 0, which was not
+     documented, and inconsistent as all other inputs resulted in a non-negative
+     output.
+
 = Mbed TLS 3.6.4 branch released 2025-06-30
 
 Features
diff --git a/ChangeLog.d/fix-dependency-on-generated-files.txt b/ChangeLog.d/fix-dependency-on-generated-files.txt
deleted file mode 100644
index b3e7e4e16b..0000000000
--- a/ChangeLog.d/fix-dependency-on-generated-files.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
-    * Fix potential CMake parallel build failure when building both the static
-      and shared libraries.
diff --git a/ChangeLog.d/gcd-sign.txt b/ChangeLog.d/gcd-sign.txt
deleted file mode 100644
index 52d1e1f24f..0000000000
--- a/ChangeLog.d/gcd-sign.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
-   * The function mbedtls_mpi_gcd() now always gives a non-negative output.
-     Previously the output was negative when B = 0 and A < 0, which was not
-     documented, and inconsistent as all other inputs resulted in a non-negative
-     output.
diff --git a/ChangeLog.d/mbedtls_cipher_finish_padded.txt b/ChangeLog.d/mbedtls_cipher_finish_padded.txt
deleted file mode 100644
index bf2405eb41..0000000000
--- a/ChangeLog.d/mbedtls_cipher_finish_padded.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
-   * The new function mbedtls_cipher_finish_padded() is similar to
-     mbedtls_cipher_finish(), but makes it easier to process invalid-padding
-     conditions in constant time.
diff --git a/ChangeLog.d/pkcs7-padding-error-leak.txt b/ChangeLog.d/pkcs7-padding-error-leak.txt
deleted file mode 100644
index 9193a0860e..0000000000
--- a/ChangeLog.d/pkcs7-padding-error-leak.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Security
-   * Fix a timing side channel in CBC-PKCS7 decryption that could
-     allow an attacker who can submit chosen ciphertexts to recover
-     some plaintexts through a timing-based padding oracle attack.
-     Credits to Beat Heeb from Oberon microsystems AG. CVE-2025-59438
diff --git a/ChangeLog.d/psa_can_do_cipher.txt b/ChangeLog.d/psa_can_do_cipher.txt
deleted file mode 100644
index 16598b636e..0000000000
--- a/ChangeLog.d/psa_can_do_cipher.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-API changes
-   * When building the library as a PSA client (MBEDTLS_PSA_CRYPTO_CLIENT
-     enabled and MBEDTLS_PSA_CRYPTO_C disabled), you need to provide the
-     function psa_can_do_cipher() in addition to psa_can_do_hash(). This
-     changed was made in Mbed TLS 3.6.0 but was not announced then.
diff --git a/ChangeLog.d/replace_time_t.txt b/ChangeLog.d/replace_time_t.txt
deleted file mode 100644
index ec0282a9f2..0000000000
--- a/ChangeLog.d/replace_time_t.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
-   * Fix a build error or incorrect TLS session
-     lifetime on platforms where mbedtls_time_t
-     is not time_t. Fixes #10236.
diff --git a/ChangeLog.d/ssbleed-mstep.txt b/ChangeLog.d/ssbleed-mstep.txt
deleted file mode 100644
index 8fc9ef753f..0000000000
--- a/ChangeLog.d/ssbleed-mstep.txt
+++ /dev/null
@@ -1,12 +0,0 @@
-Security
-   * Fix a local timing side-channel in modular inversion and GCD that was
-     exploitable in RSA key generation and other RSA operations (see the full
-     advisory for details), allowing a local attacker to fully recover the
-     private key. This can be exploited on some Arm-v9 CPUs by an unprivileged
-     attacker running code on the same core (SSBleed), or when Trustzone-M is
-     used, by the non-secure side abusing timer interrupts (M-Step), and
-     probably in other similar settings as well. Found and reported
-     independently by: SSBleed: Chang Liu (Tsinghua University) and Trevor E.
-     Carlson (National University of Singapore); M-Step: Cristiano Rodrigues
-     (University of Minho), Marton Bognar (DistriNet, KU Leuven), Sandro Pinto
-     (University of Minho), Jo Van Bulck (DistriNet, KU Leuven). CVE-2025-54764