SUSE-RU-2023:0473-1: moderate: Recommended update for libica, openssl-ibmca, openCryptoki

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Feb 21 20:30:03 UTC 2023 


# Recommended update for libica, openssl-ibmca, openCryptoki

Announcement ID: SUSE-RU-2023:0473-1  
Rating: moderate  
References:

  * #1202365

  
Affected Products:

  * openSUSE Leap 15.4
  * Server Applications Module 15-SP4
  * SUSE Linux Enterprise High Performance Computing 15 SP4
  * SUSE Linux Enterprise Real Time 15 SP4
  * SUSE Linux Enterprise Server 15 SP4
  * SUSE Linux Enterprise Server for SAP Applications 15 SP4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

  
  
An update that contains four features and has one recommended fix can now be
installed.

## Description:

This update for libica fixes the following issues:

libica was upgraded to version 4.2.0 (jsc#PED-581, bsc#1202365).

Note that the major library versions was changed from libica.so.3 to
libica.so.4.

Features:

  * Display build info via icainfo -v
  * New API function ica_get_build_version()
  * Display fips indication via icainfo -f
  * New API function ica_get_fips_indicator()
  * New API function ica_aes_gcm_initialize_fips()
  * New API function ica_aes_gcm_kma_get_iv()
  * New API function ica_get_msa_level()

Upgrade to version 4.1.1 (jsc#PED-581, bsc#1202365).

v4.1.1:

  * Fix aes-xts multi-part operations

v4.1.0

  * FIPS: make libica FIPS 140-3 compliant
  * New API function ica_ecdsa_sign_ex()
  * New icainfo output option -r

Upgraded to version 4.0.3 (jsc#PED-581, jsc#PED-621, jsc#PED-629)

v4.0.3

  * Reduce the number of open file descriptors
  * Various bug fixes

v4.0.2

  * Various bug fixes

v4.0.1

  * Various bug fixes
  * Compute HMAC from installed library

v4.0.0

  * NO_SW_FALLBACKS is now the default for libica.so
  * Removed deprecated API functions including tests
  * Introduced 'const' for some API function parameters
  * icastats: new parm -k to display detailed counters

This update also provides rebuilds of openssl-ibmca and openCryptoki against the
new libica.

openssl-ibmca was updated:

  * Upgraded to version 2.3.1 (jsc#PED-597)
  * Adjustments for libica 4.1.0
  * First version including the provider
  * Fix for engine build without OpenSSL 3.0 sources
  * Fix PKEY segfault with OpenSSL 3.0
  * Build against libica 4.0

## Patch Instructions:

To install this SUSE Moderate update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch openSUSE-SLE-15.4-2023-473=1

  * Server Applications Module 15-SP4  
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-473=1

## Package List:

  * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
    * openCryptoki-3.17.0-150400.4.8.1
    * openCryptoki-64bit-debuginfo-3.17.0-150400.4.8.1
    * openCryptoki-64bit-3.17.0-150400.4.8.1
    * openCryptoki-debuginfo-3.17.0-150400.4.8.1
    * openCryptoki-debugsource-3.17.0-150400.4.8.1
    * openCryptoki-devel-3.17.0-150400.4.8.1
  * openSUSE Leap 15.4 (s390x)
    * libica-devel-4.2.0-150400.3.3.1
    * libica-devel-static-4.2.0-150400.3.3.1
    * openssl-ibmca-debugsource-2.3.1-150400.4.3.1
    * libica-tools-debuginfo-4.2.0-150400.3.3.1
    * openssl-ibmca-2.3.1-150400.4.3.1
    * libica-debugsource-4.2.0-150400.3.3.1
    * libica4-4.2.0-150400.3.3.1
    * libica4-debuginfo-4.2.0-150400.3.3.1
    * openssl-ibmca-debuginfo-2.3.1-150400.4.3.1
    * libica-tools-4.2.0-150400.3.3.1
  * Server Applications Module 15-SP4 (aarch64 ppc64le s390x x86_64)
    * openCryptoki-debuginfo-3.17.0-150400.4.8.1
    * openCryptoki-3.17.0-150400.4.8.1
    * openCryptoki-debugsource-3.17.0-150400.4.8.1
  * Server Applications Module 15-SP4 (ppc64le s390x)
    * openCryptoki-64bit-3.17.0-150400.4.8.1
    * openCryptoki-64bit-debuginfo-3.17.0-150400.4.8.1
  * Server Applications Module 15-SP4 (ppc64le s390x x86_64)
    * openCryptoki-devel-3.17.0-150400.4.8.1
  * Server Applications Module 15-SP4 (s390x)
    * libica-devel-4.2.0-150400.3.3.1
    * libica-devel-static-4.2.0-150400.3.3.1
    * openssl-ibmca-debugsource-2.3.1-150400.4.3.1
    * libica-tools-debuginfo-4.2.0-150400.3.3.1
    * openssl-ibmca-2.3.1-150400.4.3.1
    * libica-debugsource-4.2.0-150400.3.3.1
    * libica4-4.2.0-150400.3.3.1
    * libica4-debuginfo-4.2.0-150400.3.3.1
    * openssl-ibmca-debuginfo-2.3.1-150400.4.3.1
    * libica-tools-4.2.0-150400.3.3.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1202365
  * https://jira.suse.com/browse/PED-581
  * https://jira.suse.com/browse/PED-597
  * https://jira.suse.com/browse/PED-621
  * https://jira.suse.com/browse/PED-629

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20230221/aed5fab9/attachment.htm>

More information about the sle-updates mailing list