diff --git a/ChangeLog b/ChangeLog index 062a1ad32..e18ef0bd5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,128 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Default behavior changes + * In the experimental PSA secure element interface, change the encoding of + key lifetimes to encode a persistence level and the location. Although C + prototypes do not effectively change, code calling + psa_register_se_driver() must be modified to pass the driver's location + instead of the keys' lifetime. If the library is upgraded on an existing + device, keys created with the old lifetime value will not be readable or + removable through Mbed TLS after the upgrade. + +Features + * New functions in the error module return constant strings for + high- and low-level error codes, complementing mbedtls_strerror() + which constructs a string for any error code, including compound + ones, but requires a writable buffer. Contributed by Gaurav Aggarwal + in #3176. + * The new utility programs/ssl/ssl_context_info prints a human-readable + dump of an SSL context saved with mbedtls_ssl_context_save(). + * Add support for midipix, a POSIX layer for Microsoft Windows. + * Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows + parsing unsupported certificate extensions via user provided callback. + Contributed by Nicola Di Lieto in #3243 as + a solution to #3241. + * Pass the "certificate policies" extension to the callback supplied to + mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported + policies (#3419). + * Added support to entropy_poll for the kern.arandom syscall supported on + some BSD systems. Contributed by Nia Alarie in #3423. + * Add support for Windows 2000 in net_sockets. Contributed by opatomic. #3239 + +Security + * Fix a side channel vulnerability in modular exponentiation that could + reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, + Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute + of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul + Strackx (Fortanix) in #3394. + * Fix side channel in mbedtls_ecp_check_pub_priv() and + mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a + private key that didn't include the uncompressed public key), as well as + mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL + f_rng argument. An attacker with access to precise enough timing and + memory access information (typically an untrusted operating system + attacking a secure enclave) could fully recover the ECC private key. + Found and reported by Alejandro Cabrera Aldaya and Billy Brumley. + * Fix issue in Lucky 13 counter-measure that could make it ineffective when + hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT + macros). This would cause the original Lucky 13 attack to be possible in + those configurations, allowing an active network attacker to recover + plaintext after repeated timing measurements under some conditions. + Reported and fix suggested by Luc Perneel in #3246. + +Bugfix + * Fix the Visual Studio Release x64 build configuration for mbedtls itself. + Completes a previous fix in Mbed TLS 2.19 that only fixed the build for + the example programs. Reported in #1430 and fix contributed by irwir. + * Fix undefined behavior in X.509 certificate parsing if the + pathLenConstraint basic constraint value is equal to INT_MAX. + The actual effect with almost every compiler is the intended + behavior, so this is unlikely to be exploitable anywhere. #3192 + * Fix issue with a detected HW accelerated record error not being exposed + due to shadowed variable. Contributed by Sander Visser in #3310. + * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a + NULL pointer argument. Contributed by Sander Visser in #3312. + * Fix potential linker errors on dual world platforms by inlining + mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately + from psa_crypto.c. Fixes #3300. + * Remove dead code in X.509 certificate parsing. Contributed by irwir in + #2855. + * Include asn1.h in error.c. Fixes #3328 reported by David Hu. + * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() + when PRNG function fails. Contributed by Jonas Lejeune in #3318. + * Remove unused macros from MSVC projects. Reported in #3297 and fix + submitted in #3333 by irwir. + * Add additional bounds checks in ssl_write_client_hello() preventing + output buffer overflow if the configuration declared a buffer that was + too small. + * Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and + fix submitted in #3421 by Nia Alarie. + * Fix building library/net_sockets.c and the ssl_mail_client program on + NetBSD. Contributed by Nia Alarie in #3422. + * Fix false positive uninitialised variable reported by cpp-check. + Contributed by Sander Visser in #3311. + * Update iv and len context pointers manually when reallocating buffers + using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues + when receiving a connection with CID, when these fields were shifted + in ssl_parse_record_header(). + +Changes + * Fix warnings about signedness issues in format strings. The build is now + clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen + in #3153. + * Fix minor performance issue in operations on Curve25519 caused by using a + suboptimal modular reduction in one place. Found and fix contributed by + Aurelien Jarno in #3209. + * Combine identical cases in switch statements in md.c. Contributed + by irwir in #3208. + * Simplify a bounds check in ssl_write_certificate_request(). Contributed + by irwir in #3150. + * Unify the example programs termination to call mbedtls_exit() instead of + using a return command. This has been done to enable customization of the + behavior in bare metal environments. + * Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?". + Contributed by Koh M. Nakagawa in #3326. + * Use FindPython3 when cmake version >= 3.15.0 + * Abort the ClientHello writing function as soon as some extension doesn't + fit into the record buffer. Previously, such extensions were silently + dropped. As a consequence, the TLS handshake now fails when the output + buffer is not large enough to hold the ClientHello. + * The unit tests now rely on header files in tests/include/test and source + files in tests/src. When building with make or cmake, the files in + tests/src are compiled and the resulting object linked into each test + executable. + * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on + `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel + coutermeasures. If side channels are not a concern, this dependency can + be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. + * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes + Martinho. #3147 + * Remove superfluous assignment in mbedtls_ssl_parse_certificate(). Reported + in #3182 and fix submitted by irwir. #3217 + * Fix typo in XTS tests. Reported and fix submitted by Kxuan. #3319 + = mbed TLS 2.22.0 branch released 2020-04-14 New deprecations diff --git a/ChangeLog.d/add_win2k_net_socket.txt b/ChangeLog.d/add_win2k_net_socket.txt deleted file mode 100644 index 9842c5d87..000000000 --- a/ChangeLog.d/add_win2k_net_socket.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add support for Windows 2000 in net_sockets. Contributed by opatomic. #3239 diff --git a/ChangeLog.d/align-msvc-flags.txt b/ChangeLog.d/align-msvc-flags.txt deleted file mode 100644 index 02de3fd34..000000000 --- a/ChangeLog.d/align-msvc-flags.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes - Martinho. #3147 diff --git a/ChangeLog.d/bugfix.txt b/ChangeLog.d/bugfix.txt deleted file mode 100644 index 922bd318b..000000000 --- a/ChangeLog.d/bugfix.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix the Visual Studio Release x64 build configuration for mbedtls itself. - Completes a previous fix in Mbed TLS 2.19 that only fixed the build for - the example programs. Reported in #1430 and fix contributed by irwir. diff --git a/ChangeLog.d/bugfix_PR2855.txt b/ChangeLog.d/bugfix_PR2855.txt deleted file mode 100644 index 6e29710ec..000000000 --- a/ChangeLog.d/bugfix_PR2855.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Remove dead code in X.509 certificate parsing. Contributed by irwir in #2855. diff --git a/ChangeLog.d/bugfix_PR3333.txt b/ChangeLog.d/bugfix_PR3333.txt deleted file mode 100644 index 90766ac71..000000000 --- a/ChangeLog.d/bugfix_PR3333.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Remove unused macros from MSVC projects. Reported in #3297 and fix submitted in #3333 by irwir. diff --git a/ChangeLog.d/bugfix_PR3405 b/ChangeLog.d/bugfix_PR3405 deleted file mode 100644 index 73c57c081..000000000 --- a/ChangeLog.d/bugfix_PR3405 +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Update iv and len context pointers manually when reallocating buffers - using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues - when receiving a connection with CID, when these fields were shifted - in ssl_parse_record_header(). diff --git a/ChangeLog.d/bugfix_PR3421.txt b/ChangeLog.d/bugfix_PR3421.txt deleted file mode 100644 index b52dee00f..000000000 --- a/ChangeLog.d/bugfix_PR3421.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and fix submitted in #3421 by Nia Alarie. diff --git a/ChangeLog.d/bugfix_PR3422.txt b/ChangeLog.d/bugfix_PR3422.txt deleted file mode 100644 index dfe152c36..000000000 --- a/ChangeLog.d/bugfix_PR3422.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix building library/net_sockets.c and the ssl_mail_client program on NetBSD. Contributed by Nia Alarie in #3422. diff --git a/ChangeLog.d/ecp-internal-rng.txt b/ChangeLog.d/ecp-internal-rng.txt deleted file mode 100644 index c0419acad..000000000 --- a/ChangeLog.d/ecp-internal-rng.txt +++ /dev/null @@ -1,15 +0,0 @@ -Changes - * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on - `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel - coutermeasures. If side channels are not a concern, this dependency can - be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. - -Security - * Fix side channel in mbedtls_ecp_check_pub_priv() and - mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a - private key that didn't include the uncompressed public key), as well as - mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL - f_rng argument. An attacker with access to precise enough timing and - memory access information (typically an untrusted operating system - attacking a secure enclave) could fully recover the ECC private key. - Found and reported by Alejandro Cabrera Aldaya and Billy Brumley. diff --git a/ChangeLog.d/error-asn1.txt b/ChangeLog.d/error-asn1.txt deleted file mode 100644 index c165696fd..000000000 --- a/ChangeLog.d/error-asn1.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Include asn1.h in error.c. Fixes #3328 reported by David Hu. diff --git a/ChangeLog.d/error_const.txt b/ChangeLog.d/error_const.txt deleted file mode 100644 index e0086b74c..000000000 --- a/ChangeLog.d/error_const.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * New functions in the error module return constant strings for - high- and low-level error codes, complementing mbedtls_strerror() - which constructs a string for any error code, including compound - ones, but requires a writable buffer. Contributed by Gaurav Aggarwal - in #3176. diff --git a/ChangeLog.d/fix-ecp-mul-memory-leak.txt b/ChangeLog.d/fix-ecp-mul-memory-leak.txt deleted file mode 100644 index e82cadc2d..000000000 --- a/ChangeLog.d/fix-ecp-mul-memory-leak.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() - when PRNG function fails. Contributed by Jonas Lejeune in #3318. diff --git a/ChangeLog.d/fix-ecp_double_add_mxz.txt b/ChangeLog.d/fix-ecp_double_add_mxz.txt deleted file mode 100644 index 91531b2bb..000000000 --- a/ChangeLog.d/fix-ecp_double_add_mxz.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Fix minor performance issue in operations on Curve25519 caused by using a - suboptimal modular reduction in one place. Found and fix contributed by - Aurelien Jarno in #3209. diff --git a/ChangeLog.d/fix-gcc-format-signedness-warnings.txt b/ChangeLog.d/fix-gcc-format-signedness-warnings.txt deleted file mode 100644 index 2d22b942d..000000000 --- a/ChangeLog.d/fix-gcc-format-signedness-warnings.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Fix warnings about signedness issues in format strings. The build is now - clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen - in #3153. diff --git a/ChangeLog.d/fix-masked-hw-record-init-error.txt b/ChangeLog.d/fix-masked-hw-record-init-error.txt deleted file mode 100644 index 2ef80daae..000000000 --- a/ChangeLog.d/fix-masked-hw-record-init-error.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix issue with a detected HW accelerated record error not being exposed - due to shadowed variable. Contributed by Sander Visser in #3310. diff --git a/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt b/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt deleted file mode 100644 index e631f4d02..000000000 --- a/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a - NULL pointer argument. Contributed by Sander Visser in #3312. diff --git a/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt b/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt deleted file mode 100644 index 6be1e5b54..000000000 --- a/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?". - Contributed by Koh M. Nakagawa in #3326. diff --git a/ChangeLog.d/fix-typo-in-xts-test.txt b/ChangeLog.d/fix-typo-in-xts-test.txt deleted file mode 100644 index 4711b8cf9..000000000 --- a/ChangeLog.d/fix-typo-in-xts-test.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Fix typo in XTS tests. Reported and fix submitted by Kxuan. #3319 diff --git a/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt b/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt deleted file mode 100644 index d0bd1dc6a..000000000 --- a/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix potential linker errors on dual world platforms by inlining - mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately - from psa_crypto.c. Fixes #3300. diff --git a/ChangeLog.d/l13-hw-accel.txt b/ChangeLog.d/l13-hw-accel.txt deleted file mode 100644 index 53c79243b..000000000 --- a/ChangeLog.d/l13-hw-accel.txt +++ /dev/null @@ -1,7 +0,0 @@ -Security - * Fix issue in Lucky 13 counter-measure that could make it ineffective when - hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT - macros). This would cause the original Lucky 13 attack to be possible in - those configurations, allowing an active network attacker to recover - plaintext after repeated timing measurements under some conditions. - Reported and fix suggested by Luc Perneel in #3246. diff --git a/ChangeLog.d/make-cpp-check-happy.txt b/ChangeLog.d/make-cpp-check-happy.txt deleted file mode 100644 index 2ae74cb0a..000000000 --- a/ChangeLog.d/make-cpp-check-happy.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix false positive uninitialised variable reported by cpp-check. - Contributed by Sander Visser in #3311. diff --git a/ChangeLog.d/max_pathlen.txt b/ChangeLog.d/max_pathlen.txt deleted file mode 100644 index 08f9c65a8..000000000 --- a/ChangeLog.d/max_pathlen.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix undefined behavior in X.509 certificate parsing if the - pathLenConstraint basic constraint value is equal to INT_MAX. - The actual effect with almost every compiler is the intended - behavior, so this is unlikely to be exploitable anywhere. #3192 diff --git a/ChangeLog.d/md_switch.txt b/ChangeLog.d/md_switch.txt deleted file mode 100644 index a4d369b51..000000000 --- a/ChangeLog.d/md_switch.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Combine identical cases in switch statements in md.c. Contributed - by irwir in #3208. diff --git a/ChangeLog.d/midipix-support.txt b/ChangeLog.d/midipix-support.txt deleted file mode 100644 index 53599abe4..000000000 --- a/ChangeLog.d/midipix-support.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add support for midipix, a POSIX layer for Microsoft Windows. diff --git a/ChangeLog.d/montmul-cmp-branch.txt b/ChangeLog.d/montmul-cmp-branch.txt deleted file mode 100644 index 59945188a..000000000 --- a/ChangeLog.d/montmul-cmp-branch.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a side channel vulnerability in modular exponentiation that could - reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, - Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute - of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul - Strackx (Fortanix) in #3394. diff --git a/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt b/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt deleted file mode 100644 index fdea746de..000000000 --- a/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows - parsing unsupported certificate extensions via user provided callback. - Contributed by Nicola Di Lieto in #3243 as - a solution to #3241. diff --git a/ChangeLog.d/pass-unsupported-policies-to-callback.txt b/ChangeLog.d/pass-unsupported-policies-to-callback.txt deleted file mode 100644 index d139b4c18..000000000 --- a/ChangeLog.d/pass-unsupported-policies-to-callback.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Pass the "certificate policies" extension to the callback supplied to - mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported - policies (#3419). diff --git a/ChangeLog.d/psa-lifetime-locations.txt b/ChangeLog.d/psa-lifetime-locations.txt deleted file mode 100644 index 6ac02bc61..000000000 --- a/ChangeLog.d/psa-lifetime-locations.txt +++ /dev/null @@ -1,8 +0,0 @@ -Default behavior changes - * In the experimental PSA secure element interface, change the encoding of - key lifetimes to encode a persistence level and the location. Although C - prototypes do not effectively change, code calling - psa_register_se_driver() must be modified to pass the driver's location - instead of the keys' lifetime. If the library is upgraded on an existing - device, keys created with the old lifetime value will not be readable or - removable through Mbed TLS after the upgrade. diff --git a/ChangeLog.d/remove-extra-assignment.txt b/ChangeLog.d/remove-extra-assignment.txt deleted file mode 100644 index a98c42347..000000000 --- a/ChangeLog.d/remove-extra-assignment.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Remove superfluous assignment in mbedtls_ssl_parse_certificate(). Reported - in #3182 and fix submitted by irwir. #3217 diff --git a/ChangeLog.d/ssl_context_info.txt b/ChangeLog.d/ssl_context_info.txt deleted file mode 100644 index 6a15061fa..000000000 --- a/ChangeLog.d/ssl_context_info.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * The new utility programs/ssl/ssl_context_info prints a human-readable - dump of an SSL context saved with mbedtls_ssl_context_save(). diff --git a/ChangeLog.d/ssl_write_certificate_request.txt b/ChangeLog.d/ssl_write_certificate_request.txt deleted file mode 100644 index 2d3067aba..000000000 --- a/ChangeLog.d/ssl_write_certificate_request.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Simplify a bounds check in ssl_write_certificate_request(). Contributed - by irwir in #3150. diff --git a/ChangeLog.d/sysctl-arnd-support.txt b/ChangeLog.d/sysctl-arnd-support.txt deleted file mode 100644 index 14ad67412..000000000 --- a/ChangeLog.d/sysctl-arnd-support.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Added support to entropy_poll for the kern.arandom syscall supported on some BSD systems. Contributed by Nia Alarie in #3423. diff --git a/ChangeLog.d/tests-common-code.txt b/ChangeLog.d/tests-common-code.txt deleted file mode 100644 index 0af2da526..000000000 --- a/ChangeLog.d/tests-common-code.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * The unit tests now rely on header files in tests/include/test and source - files in tests/src. When building with make or cmake, the files in - tests/src are compiled and the resulting object linked into each test - executable. diff --git a/ChangeLog.d/unified-exit-in-examples.txt b/ChangeLog.d/unified-exit-in-examples.txt deleted file mode 100644 index 3ef9798ad..000000000 --- a/ChangeLog.d/unified-exit-in-examples.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Unify the example programs termination to call mbedtls_exit() instead of - using a return command. This has been done to enable customization of the - behavior in bare metal environments. diff --git a/ChangeLog.d/uniformize_bounds_checks.txt b/ChangeLog.d/uniformize_bounds_checks.txt deleted file mode 100644 index 210ab1051..000000000 --- a/ChangeLog.d/uniformize_bounds_checks.txt +++ /dev/null @@ -1,9 +0,0 @@ -Bugfix - * Add additional bounds checks in ssl_write_client_hello() preventing - output buffer overflow if the configuration declared a buffer that was - too small. -Changes - * Abort the ClientHello writing function as soon as some extension doesn't - fit into the record buffer. Previously, such extensions were silently - dropped. As a consequence, the TLS handshake now fails when the output - buffer is not large enough to hold the ClientHello. diff --git a/ChangeLog.d/use-find-python3-cmake.txt b/ChangeLog.d/use-find-python3-cmake.txt deleted file mode 100644 index 36a5171ee..000000000 --- a/ChangeLog.d/use-find-python3-cmake.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Use FindPython3 when cmake version >= 3.15.0