Accepting request 1217972 from devel:kubic
OBS-URL: https://build.opensuse.org/request/show/1217972 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/teleport?expand=0&rev=119
This commit is contained in:
commit
7d36582289
2
_service
2
_service
@ -4,7 +4,7 @@
|
||||
<param name="scm">git</param>
|
||||
<param name="submodules">disable</param>
|
||||
<param name="exclude">.git</param>
|
||||
<param name="revision">v16.4.3</param>
|
||||
<param name="revision">v16.4.6</param>
|
||||
<param name="versionformat">@PARENT_TAG@</param>
|
||||
<param name="changesgenerate">disable</param>
|
||||
<param name="versionrewrite-pattern">v(.*)</param>
|
||||
|
@ -1,4 +0,0 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">https://github.com/gravitational/teleport</param>
|
||||
<param name="changesrevision">f1ce28f6f67aa2e9f14400785f7a43ec247da995</param></service></servicedata>
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:f9003dbd95143e457e013439e5c4b3d0ca95dff2b210fe3e9ba5bf60e2fb93f7
|
||||
size 280437262
|
3
teleport-16.4.6.obscpio
Normal file
3
teleport-16.4.6.obscpio
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d04f6e750e15fc695b13560b589b3662409c3d57d6413caf682920e6c25f5f31
|
||||
size 280200206
|
@ -1,3 +1,83 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 23 19:59:26 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
|
||||
|
||||
- update to 16.4.6 (16.4.4 and 16.4.5 do not exist):
|
||||
* Security Fix - [High] Privilege persistence in Okta SCIM-only
|
||||
integration
|
||||
When Okta SCIM-only integration is enabled, in certain cases
|
||||
Teleport could calculate the effective set of permission based
|
||||
on SSO user's stale traits. This could allow a user who was
|
||||
unassigned from an Okta group to log into a Teleport cluster
|
||||
once with a role granted by the unassigned group being present
|
||||
in their effective role set.
|
||||
Note: This issue only affects Teleport clusters that have
|
||||
installed a SCIM-only Okta integration as described in this
|
||||
guide. If you have an Okta integration with user sync enabled
|
||||
or only using Okta SSO auth connector to log into your Teleport
|
||||
cluster without SCIM integration configured, you're unaffected.
|
||||
To verify your configuration:
|
||||
- Use tctl get plugins/okta --format=json | jq
|
||||
".[].spec.Settings.okta.sync_settings.sync_users"
|
||||
command to check if you have Okta integration with user sync
|
||||
enabled. If it outputs null or false, you may be affected and
|
||||
should upgrade.
|
||||
- Check SCIM provisioning settings for the Okta application you
|
||||
created or updated while following the SCIM-only setup guide.
|
||||
If SCIM provisioning is enabled, you may be affected and
|
||||
should upgrade.
|
||||
We strongly recommend customers who use Okta SCIM integration
|
||||
to upgrade their auth servers to version 16.3.0 or later.
|
||||
Teleport services other than auth (proxy, SSH, Kubernetes,
|
||||
desktop, application, database and discovery) are not impacted
|
||||
and do not need to be updated.
|
||||
* Other improvements and fixes
|
||||
- Added a new teleport_roles_total metric that exposes the
|
||||
number of roles which exist in a cluster. #47812
|
||||
- Teleport's Windows Desktop Service now filters domain-joined
|
||||
Linux hosts out during LDAP discovery. #47773
|
||||
- The join_token.create audit event has been enriched with
|
||||
additional metadata. #47765
|
||||
- Propagate resources configured in teleport-kube-agent chart
|
||||
values to post-install and post-delete hooks. #47743
|
||||
- Add support for the Datadog Incident Management plugin helm
|
||||
chart. #47727
|
||||
- Automatic device enrollment may be locally disabled using the
|
||||
TELEPORT_DEVICE_AUTO_ENROLL_DISABLED=1 environment variable.
|
||||
#47720
|
||||
- Fixed the Machine ID and GitHub Actions wizard. #47708
|
||||
- Added migration to update the old import_all_objects database
|
||||
object import rule to the new preset. #47707
|
||||
- Alter ServiceAccounts in the teleport-cluster Helm chart to
|
||||
automatically disable mounting of service account tokens on
|
||||
newer Kubernetes distributions, helping satisfy security
|
||||
linters. #47703
|
||||
- Avoid tsh auto-enroll escalation in machines without a TPM.
|
||||
#47695
|
||||
- Fixed a bug that prevented users from canceling tsh scan keys
|
||||
executions. #47658
|
||||
- Postgres database session start events now include the
|
||||
Postgres backend PID for the session. #47643
|
||||
- Reworked the teleport-event-handler integration to
|
||||
significantly improve performance, especially when running
|
||||
with larger --concurrency values. #47633
|
||||
- Fixes a bug where Let's Encrypt certificate renewal failed in
|
||||
AMI and HA deployments due to insufficient disk space caused
|
||||
by syncing audit logs. #47622
|
||||
- Adds support for custom SQS consumer lock name and disabling
|
||||
a consumer. #47614
|
||||
- Fixed an issue that prevented RDS Aurora discovery
|
||||
configuration in the AWS OIDC enrollment wizard when any
|
||||
cluster existed without member instances. #47605
|
||||
- Extend the Datadog plugin to support automatic approvals.
|
||||
#47602
|
||||
- Allow using a custom database for Firestore backends. #47583
|
||||
- Include host name instead of host uuid in error messages when
|
||||
SSH connections are prevented due to an invalid login. #47578
|
||||
- Fix the example Terraform code to support the new larger
|
||||
Teleport Enterprise licenses and updates output of web
|
||||
address to use fqdn when ACM is disabled. #47512
|
||||
- Add new tctl subcommands to manage bot instances. #47225
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 18 06:50:44 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
name: teleport
|
||||
version: 16.4.3
|
||||
mtime: 1729078070
|
||||
commit: d506b628c2d6bc3b3bd257350261713cb4b0df3e
|
||||
version: 16.4.6
|
||||
mtime: 1729696164
|
||||
commit: 3104d1ac1ceac0d0405f6a675110f258a67dbb2a
|
||||
|
@ -19,7 +19,7 @@
|
||||
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
|
||||
|
||||
Name: teleport
|
||||
Version: 16.4.3
|
||||
Version: 16.4.6
|
||||
Release: 0
|
||||
Summary: Identity-aware, multi-protocol access proxy
|
||||
License: AGPL-3.0-only
|
||||
|
@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:79a18db8daa78cf72b6aba9d80e8421c1f334a3883a97b8f8100ca1322b7f7ae
|
||||
size 46790012
|
||||
oid sha256:39424da30baf398391dc12e436f37d83947ace81a023f6e2fc251b4b690770e4
|
||||
size 46776161
|
||||
|
Loading…
Reference in New Issue
Block a user