Changelog entry for mbedtls_setbuf() * Security: we're improving a countermeasure. * Requirement change: the library will no longer compile on a platform without setbuf(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: cf4d9f98c79b45d7b5f38880d0bb7535d5b408b0 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 30 17:07:47 2022 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 30 17:11:30 2022 +0200
tree: f11e90401f7791224d5e2decd46252f9005727f6
parent: 6d576c9646fec898d938232d03aaad7c048e6aa1 [diff]
diff --git a/ChangeLog.d/add_mbedtls_setbuf.txt b/ChangeLog.d/add_mbedtls_setbuf.txt
new file mode 100644
index 0000000..6152d60
--- /dev/null
+++ b/ChangeLog.d/add_mbedtls_setbuf.txt

@@ -0,0 +1,10 @@
+Security
+   * Add the platform function mbedtls_setbuf() to allow buffering to be
+     disabled on stdio files, to stop secrets loaded from said files being
+     potentially left in memory after file operations. Reported by
+     Glenn Strauss.
+Requirement changes
+   * The library will no longer compile out of the box on a platform without
+     setbuf() if MBEDTLS_FS_IO is enabled. If your platform does not have
+     setbuf(), you can configure an alternative function by enabling
+     MBEDTLS_PLATFORM_SETBUF_ALT or MBEDTLS_PLATFORM_SETBUF_MACRO.
commit	cf4d9f98c79b45d7b5f38880d0bb7535d5b408b0	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 30 17:07:47 2022 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 30 17:11:30 2022 +0200
tree	f11e90401f7791224d5e2decd46252f9005727f6
parent	6d576c9646fec898d938232d03aaad7c048e6aa1 [diff]