Accepting request 1126937 from home:ojkastl_buildservice:Branch_devel_kubic

update to 14.1.3 OBS-URL: https://build.opensuse.org/request/show/1126937 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/teleport?expand=0&rev=168
2023-11-16 14:59:01 +00:00 · 2023-11-16 14:59:01 +00:00 · 6365b461a6
commit 6365b461a6
parent b7dccb4a9d
8 changed files with 72 additions and 11 deletions
--- a/2
+++ b/2
@ -4,7 +4,7 @@
    <param name="scm">git</param>
    <param name="submodules">disable</param>
    <param name="exclude">.git</param>
-    <param name="revision">v14.1.2</param>
+    <param name="revision">v14.1.3</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="changesgenerate">enable</param>
    <param name="versionrewrite-pattern">v(.*)</param>
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/gravitational/teleport</param>
-              <param name="changesrevision">47a97d98c1ea8c44d954e3508064f89fce6c3f8f</param></service></servicedata>
+              <param name="changesrevision">748fa4e13472fbf93bc0d4833c5647bc82e7fbf4</param></service></servicedata>
--- a/teleport-14.1.2.obscpio
+++ b/teleport-14.1.2.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f57d6b4254ce60c3c09c677e457aa30f99f6b377968410aa512ac22c9fde58c4
-size 257082382
--- a/teleport-14.1.3.obscpio
+++ b/teleport-14.1.3.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:61da350436bc0db3c9b0b9d5446ea00ca73fbe2804ed7c75b64c7be4b7b7104b
+size 257082382
--- a/teleport.changes
+++ b/teleport.changes
@ -1,3 +1,64 @@
+-------------------------------------------------------------------
+Thu Nov 16 14:24:38 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 14.1.3:
+  * Security Fixes
+    - [Medium] Arbitrary code execution with LD_PRELOAD and SFTP
+      Teleport implements SFTP using a subcommand. Prior to this
+      release it was possible to inject environment variables into
+      the execution of this subcommand, via shell init scripts or
+      via the SSH environment request.
+      This is addressed by preventing LD_PRELOAD and other
+      dangerous environment variables from being forwarded during
+      re-exec.
+  * [Medium] Outbound SSH from Proxy can lead to IP spoofing
+      If the Teleport auth or proxy services are configured to
+      accept PROXY protocol headers, a malicious actor can use this
+      to spoof their IP address.
+      This is addressed by requiring that the first bytes of any
+      SSH connection are the SSH protocol prefix, denying a
+      malicious actor the opportunity to send their own proxy
+      headers.
+  * Other Fixes & Improvements
+    - Fixed issue where tbot would select the wrong address for
+      Kubernetes Access when in ports separate mode #34283
+    - Added post-review state of Access Request in audit log
+      description #34213
+    - Updated Operator Reconciliation to skip Teleport Operator on
+      status updates #34194
+    - Updated Kube Agent Auto-Discovery to install the Teleport
+      version provided by Automatic Upgrades #34157
+    - Updated Server Auto-Discovery installer script to use bash
+      instead of sh #34144
+    - When a promotable Access Request targets a resource that
+      belongs to an Access List, owners of that list will now
+      automatically be added as reviewers. #34131
+    - Added Database Automatic User Provisioning support for
+      Redshift #34126
+    - Added teleport_auth_type config parameter to the AWS
+      Terraform examples #34124
+    - Fixed issue where an auto-provisioned PostgreSQL user may
+      keep old roles indefinitely #34121
+    - Fixed incorrectly set file mode for Windows TPM files #34113
+    - Added dynamic credential reloading for access plugins #34079
+    - Fixed Azure Identity federated Application ID #33960
+    - Fixed issue where Kubernetes Audit Events reported incorrect
+      information in the exec audit #33950
+    - Added support for formatting hostname as host:port to tsh
+      puttyconfig #33883
+    - Added support for --set-context-name to tsh proxy kube
+    - Fixed various Access List bookkeeping issues #33834
+    - Fixed issue where tsh aws ecs execute-command would always
+      fail #33833
+    - Updated UI to automatically redirect to login page on missing
+      session cookie #33806
+    - Added Dynamic Discovery matching for Databases #33693
+    - Fixed formatting errors on empty result sets in tsh #33633
+    - Added Database Automatic User Provisioning support for
+      MariaDB #34256
+    - Fixed issue where MySQL auto-user deletion fails on usernames
+      with quotes #34304
+
 -------------------------------------------------------------------
 Thu Nov 09 06:48:36 UTC 2023 - kastl@b1-systems.de

--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@ -1,4 +1,4 @@
 name: teleport
-version: 14.1.2
-mtime: 1699479548
-commit: 47a97d98c1ea8c44d954e3508064f89fce6c3f8f
+version: 14.1.3
+mtime: 1699485178
+commit: 748fa4e13472fbf93bc0d4833c5647bc82e7fbf4
--- a/teleport.spec
+++ b/teleport.spec
@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true

 Name:           teleport
-Version:        14.1.2
+Version:        14.1.3
 Release:        0
 Summary:        Identity-aware, multi-protocol access proxy
 License:        Apache-2.0
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:de0295ba1aca450550fa2423c5ebe248f0700011298e1dbf709b48f4b359d783
-size 39643323
+oid sha256:cb42b2dc64b3ae449fb4f448a9b098fd7cf5798a67083e32eac6756ef7b71868
+size 39644500