diff --git a/ChangeLog.d/error_const.txt b/ChangeLog.d/error_const.txt new file mode 100644 index 000000000000..e0086b74cf79 --- /dev/null +++ b/ChangeLog.d/error_const.txt @@ -0,0 +1,6 @@ +Features + * New functions in the error module return constant strings for + high- and low-level error codes, complementing mbedtls_strerror() + which constructs a string for any error code, including compound + ones, but requires a writable buffer. Contributed by Gaurav Aggarwal + in #3176. diff --git a/ChangeLog.d/max_pathlen.txt b/ChangeLog.d/max_pathlen.txt new file mode 100644 index 000000000000..08f9c65a8017 --- /dev/null +++ b/ChangeLog.d/max_pathlen.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix undefined behavior in X.509 certificate parsing if the + pathLenConstraint basic constraint value is equal to INT_MAX. + The actual effect with almost every compiler is the intended + behavior, so this is unlikely to be exploitable anywhere. #3192 diff --git a/ChangeLog.d/md_switch.txt b/ChangeLog.d/md_switch.txt new file mode 100644 index 000000000000..a4d369b51f18 --- /dev/null +++ b/ChangeLog.d/md_switch.txt @@ -0,0 +1,3 @@ +Changes + * Combine identical cases in switch statements in md.c. Contributed + by irwir in #3208. diff --git a/ChangeLog.d/ssl_context_info.txt b/ChangeLog.d/ssl_context_info.txt new file mode 100644 index 000000000000..6a15061faa70 --- /dev/null +++ b/ChangeLog.d/ssl_context_info.txt @@ -0,0 +1,3 @@ +Features + * The new utility programs/ssl/ssl_context_info prints a human-readable + dump of an SSL context saved with mbedtls_ssl_context_save(). diff --git a/ChangeLog.d/ssl_write_certificate_request.txt b/ChangeLog.d/ssl_write_certificate_request.txt new file mode 100644 index 000000000000..2d3067aba8ec --- /dev/null +++ b/ChangeLog.d/ssl_write_certificate_request.txt @@ -0,0 +1,3 @@ +Changes + * Simplify a bounds check in ssl_write_certificate_request(). Contributed + by irwir in #3150.