Accepting request 1126938 from devel:kubic

OBS-URL: https://build.opensuse.org/request/show/1126938
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/teleport?expand=0&rev=82

_service

@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="submodules">disable</param>
     <param name="exclude">.git</param>
-    <param name="revision">v14.1.2</param>
+    <param name="revision">v14.1.3</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
     <param name="versionrewrite-pattern">v(.*)</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/gravitational/teleport</param>
-              <param name="changesrevision">47a97d98c1ea8c44d954e3508064f89fce6c3f8f</param></service></servicedata>
+              <param name="changesrevision">748fa4e13472fbf93bc0d4833c5647bc82e7fbf4</param></service></servicedata>

teleport-14.1.2.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f57d6b4254ce60c3c09c677e457aa30f99f6b377968410aa512ac22c9fde58c4
-size 257082382

teleport-14.1.3.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:61da350436bc0db3c9b0b9d5446ea00ca73fbe2804ed7c75b64c7be4b7b7104b
+size 257082382

teleport.changes

@@ -1,3 +1,64 @@
+-------------------------------------------------------------------
+Thu Nov 16 14:24:38 UTC 2023 - kastl@b1-systems.de
+
+- Update to version 14.1.3:
+  * Security Fixes
+    - [Medium] Arbitrary code execution with LD_PRELOAD and SFTP
+      Teleport implements SFTP using a subcommand. Prior to this
+      release it was possible to inject environment variables into
+      the execution of this subcommand, via shell init scripts or
+      via the SSH environment request.
+      This is addressed by preventing LD_PRELOAD and other
+      dangerous environment variables from being forwarded during
+      re-exec.
+  * [Medium] Outbound SSH from Proxy can lead to IP spoofing
+      If the Teleport auth or proxy services are configured to
+      accept PROXY protocol headers, a malicious actor can use this
+      to spoof their IP address.
+      This is addressed by requiring that the first bytes of any
+      SSH connection are the SSH protocol prefix, denying a
+      malicious actor the opportunity to send their own proxy
+      headers.
+  * Other Fixes & Improvements
+    - Fixed issue where tbot would select the wrong address for
+      Kubernetes Access when in ports separate mode #34283
+    - Added post-review state of Access Request in audit log
+      description #34213
+    - Updated Operator Reconciliation to skip Teleport Operator on
+      status updates #34194
+    - Updated Kube Agent Auto-Discovery to install the Teleport
+      version provided by Automatic Upgrades #34157
+    - Updated Server Auto-Discovery installer script to use bash
+      instead of sh #34144
+    - When a promotable Access Request targets a resource that
+      belongs to an Access List, owners of that list will now
+      automatically be added as reviewers. #34131
+    - Added Database Automatic User Provisioning support for
+      Redshift #34126
+    - Added teleport_auth_type config parameter to the AWS
+      Terraform examples #34124
+    - Fixed issue where an auto-provisioned PostgreSQL user may
+      keep old roles indefinitely #34121
+    - Fixed incorrectly set file mode for Windows TPM files #34113
+    - Added dynamic credential reloading for access plugins #34079
+    - Fixed Azure Identity federated Application ID #33960
+    - Fixed issue where Kubernetes Audit Events reported incorrect
+      information in the exec audit #33950
+    - Added support for formatting hostname as host:port to tsh
+      puttyconfig #33883
+    - Added support for --set-context-name to tsh proxy kube
+    - Fixed various Access List bookkeeping issues #33834
+    - Fixed issue where tsh aws ecs execute-command would always
+      fail #33833
+    - Updated UI to automatically redirect to login page on missing
+      session cookie #33806
+    - Added Dynamic Discovery matching for Databases #33693
+    - Fixed formatting errors on empty result sets in tsh #33633
+    - Added Database Automatic User Provisioning support for
+      MariaDB #34256
+    - Fixed issue where MySQL auto-user deletion fails on usernames
+      with quotes #34304
+
 -------------------------------------------------------------------
 Thu Nov 09 06:48:36 UTC 2023 - kastl@b1-systems.de
 

teleport.obsinfo

@@ -1,4 +1,4 @@
 name: teleport
-version: 14.1.2
+version: 14.1.3
-mtime: 1699479548
+mtime: 1699485178
-commit: 47a97d98c1ea8c44d954e3508064f89fce6c3f8f
+commit: 748fa4e13472fbf93bc0d4833c5647bc82e7fbf4

teleport.spec

@@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           teleport
-Version:        14.1.2
+Version:        14.1.3
 Release:        0
 Summary:        Identity-aware, multi-protocol access proxy
 License:        Apache-2.0

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:de0295ba1aca450550fa2423c5ebe248f0700011298e1dbf709b48f4b359d783
+oid sha256:cb42b2dc64b3ae449fb4f448a9b098fd7cf5798a67083e32eac6756ef7b71868
-size 39643323
+size 39644500