From 50d802172f61d38cbd88e50f13dc08d7f69e7ede Mon Sep 17 00:00:00 2001
From: Simon Butcher <simon.butcher@arm.com>
Date: Mon, 30 Apr 2018 17:23:10 +0100
Subject: [PATCH] Fix the ChangeLog for clarity, english and credit

---
 ChangeLog | 55 +++++++++++++++++++++++++++++--------------------------
 1 file changed, 29 insertions(+), 26 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0af942bb0..24020fb2c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,38 +3,40 @@ mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS 2.1.x branch released xxxx-xx-xx
 
 Security
-   * Fix a bug in the X.509 module potentially leading to a buffer overread
-     during CRT verification or to invalid or omitted checks for certificate
-     validity. The former can be triggered remotely, while the latter requires
-     a non DER-compliant certificate correctly signed by a trusted CA, or a
-     trusted CA with a non DER-compliant certificate. Found by luocm on GitHub.
-     Fixes #825.
-   * Fix buffer length assertion in the ssl_parse_certificate_request()
-     function which leads to an arbitrary overread of the message buffer. The
-     overreads could occur upon receiving a message malformed at the point
-     where an optional signature algorithms list is expected in the cases of
-     the signature algorithms section being too short. In the debug builds
-     the overread data is printed to the standard output.
+   * Fix an issue in the X.509 module which could lead to a buffer overread
+     during certificate validation. Additionally, the issue could also lead to
+     unnecessary callback checks being made or to some validation checks to be
+     omitted. The overread could be triggered remotely, while the other issues
+     would require a non DER-compliant certificate to be correctly signed by a
+     trusted CA, or a trusted CA with a non DER-compliant certificate. Found by
+     luocm. Fixes #825.
+   * Fix the buffer length assertion in the ssl_parse_certificate_request()
+     function which led to an arbitrary overread of the message buffer. The
+     overreads could be caused by receiving a malformed message at the point
+     where an optional signature algorithms list is expected when the signature
+     algorithms section is too short. In builds with debug output, the overread
+     data is output with the debug data.
    * Fix a client-side bug in the validation of the server's ciphersuite choice
-     potentially leading to the client accepting a ciphersuite it didn't offer
-     or one that cannot be used with the (D)TLS version chosen by the server.
-     This may lead to corruption of internal data structures for some
-     configurations.
+     which could potentially lead to the client accepting a ciphersuite it didn't
+     offer or a ciphersuite that cannot be used with the TLS or DTLS version
+     chosen by the server. This could lead to corruption of internal data
+     structures for some configurations.
 
 Bugfix
    * Add missing dependencies in test suites that led to build failures
      in configurations that omit certain hashes or public-key algorithms.
      Fixes #1040.
    * Add missing dependencies for MBEDTLS_HAVE_TIME_DATE and
-     MBEDTLS_VERSION_FEATURES in test suites. Contributed by Deomid Ryabkov.
-     Fixes #1299, #1475.
-   * Fix dynamic library building process with Makefile on Mac OS X. Fixed by
-     mnacamura.
+     MBEDTLS_VERSION_FEATURES in some test suites. Contributed by
+     Deomid Ryabkov. Fixes #1299, #1475.
+   * Fix the Makefile build process for building shared libraries on Mac OS X.
+     Fixed by mnacamura.
    * Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously Mbed TLS was
-     unable to parse keys with only the optional parameters field of the
-     ECPrivateKey structure. Found by jethrogb, fixed in #1379.
-   * Return plaintext data sooner on unpadded CBC decryption, as stated in
-     the mbedtls_cipher_update() documentation. Contributed by Andy Leiserson.
+     unable to parse keys which had only the optional parameters field of the
+     ECPrivateKey structure. Found by Jethro Beekman, fixed in #1379.
+   * Return the plaintext data more quickly on unpadded CBC decryption, as
+     stated in the mbedtls_cipher_update() documentation. Contributed by
+     Andy Leiserson.
    * Fix overriding and ignoring return values when parsing and writing to
      a file in pk_sign program. Found by kevlut in #1142.
    * Fix buffer length assertions in the ssl_parse_certificate_request()
@@ -53,10 +55,11 @@ Changes
    * Provide an empty implementation of mbedtls_pkcs5_pbes2() when
      MBEDTLS_ASN1_PARSE_C is not enabled. This allows the use of PBKDF2
      without PBES2. Fixed by Marcos Del Sol Vives.
-   * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov.
+   * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan
+     Krylov.
    * Improve the documentation of mbedtls_ssl_write(). Suggested by
      Paul Sokolovsky in #1356.
-   * Add an option in the makefile to support ar utilities where the operation
+   * Add an option in the Makefile to support ar utilities where the operation
      letter must not be prefixed by '-', such as LLVM. Found and fixed by
      Alex Hixon.
    * Allow configuring the shared library extension by setting the DLEXT