The last update brought compat implementations for EVP_Digest{Sign,Verify}
which break the build after these functions were added to libcrypto.
ok sthen
Use the upstream codepath that uses SSL_SESSION_get_master_key()
and SSL_get_client_random() instead of reaching into the SSL_SESSION
and SSL3_STATE structs.
Fast elliptic curve cryptography, specifically digital signatures. There
is no nonce reuse, no branching on secret material, and all points are
validated before any operations are performed on them. Timing side
channels are mitigated via Montgomery point multiplication. Nonces are
generated per RFC6979.
CVE-2021-1252 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252>:
Fix for Excel XLM parser infinite loop. Affects 0.103.0 and 0.103.1 only.
CVE-2021-1404 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1404>:
Fix for PDF parser buffer over-read; possible crash. Affects 0.103.0 and 0.103.1 only.
CVE-2021-1405 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405>:
Fix for mail parser NULL-dereference crash. Affects 0.103.1 and prior.
Fix possible memory leak in PNG parser.
FreshClam: Deprecate the SafeBrowsing config option. The SafeBrowsing
option will no longer do anything.
FreshClam: Improved HTTP 304, 403, & 429 handling.
Fix the FreshClam mirror-sync issue where a downloaded database is
"older than the version advertised."
Note, while it is broadly compatible with the most common use of
yubiserve it has its limits: it supports only sqlite3 (using the same
schema as before) not other databases, and it only supports HTTP
internally, if you require HTTPS then you will need to use a proxy (e.g.
relayd or nginx). It no longer uses a configuration file, only command
line arguments.
