From 468458178674fb49abacb3068f08b3f276c4c5ff2d616e51c5d92eaf1d981698 Mon Sep 17 00:00:00 2001 From: Johannes Kastl Date: Sun, 7 Jan 2024 18:14:46 +0000 Subject: [PATCH 1/2] Accepting request 1137397 from home:ojkastl_buildservice:Branch_devel_kubic update to 14.3.0 OBS-URL: https://build.opensuse.org/request/show/1137397 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/teleport?expand=0&rev=180 --- _service | 2 +- teleport-14.2.3.obscpio | 3 --- teleport-14.3.0.obscpio | 3 +++ teleport.obsinfo | 6 +++--- teleport.spec | 4 ++-- vendor.tar.gz | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) delete mode 100644 teleport-14.2.3.obscpio create mode 100644 teleport-14.3.0.obscpio diff --git a/_service b/_service index 191de36..125eb52 100644 --- a/_service +++ b/_service @@ -4,7 +4,7 @@ git disable .git - v14.2.3 + v14.3.0 @PARENT_TAG@ disable v(.*) diff --git a/teleport-14.2.3.obscpio b/teleport-14.2.3.obscpio deleted file mode 100644 index adb0a2d..0000000 --- a/teleport-14.2.3.obscpio +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4a5a36dcc6823c55b07fee4ddb180c29b5ff5bfe99e91488ced3c5919cb6c766 -size 239788046 diff --git a/teleport-14.3.0.obscpio b/teleport-14.3.0.obscpio new file mode 100644 index 0000000..16701ae --- /dev/null +++ b/teleport-14.3.0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0817fe3200fbf91fe8ff7b9a0560ffdfd9e4ff2f0f22259f476f8ab5ad7d78a3 +size 242148366 diff --git a/teleport.obsinfo b/teleport.obsinfo index 54239f8..d7a5fee 100644 --- a/teleport.obsinfo +++ b/teleport.obsinfo @@ -1,4 +1,4 @@ name: teleport -version: 14.2.3 -mtime: 1702593530 -commit: 22e50b45420e7e4775e91c36650b81253210791c +version: 14.3.0 +mtime: 1703891334 +commit: 390d33c42bbe52f4bde6302bfbffccfeeb30ff29 diff --git a/teleport.spec b/teleport.spec index 11cab71..0676433 100644 --- a/teleport.spec +++ b/teleport.spec @@ -1,7 +1,7 @@ # # spec file for package teleport # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define __arch_install_post export NO_BRP_STRIP_DEBUG=true Name: teleport -Version: 14.2.3 +Version: 14.3.0 Release: 0 Summary: Identity-aware, multi-protocol access proxy License: Apache-2.0 diff --git a/vendor.tar.gz b/vendor.tar.gz index 3352a09..8ef77ee 100644 --- a/vendor.tar.gz +++ b/vendor.tar.gz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:66e6d3c12eb28f99fb0c2128df1036a55103734c0e4fb1f3a821a22639ef16bc -size 39744634 +oid sha256:2e17ddbdbf63d0e8487759cd5334f7bd5715ded26bafd98b91662d503509fbdc +size 40440309 From db5806aa81f3da71f7a1526a1751913ce8b79ebd438efcf465e87540d9627372 Mon Sep 17 00:00:00 2001 From: Johannes Kastl Date: Sun, 7 Jan 2024 18:32:12 +0000 Subject: [PATCH 2/2] Accepting request 1137409 from home:ojkastl_buildservice:Branch_devel_kubic update to 14.3.0 (now including changelog) OBS-URL: https://build.opensuse.org/request/show/1137409 OBS-URL: https://build.opensuse.org/package/show/devel:kubic/teleport?expand=0&rev=181 --- teleport.changes | 71 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 70 insertions(+), 1 deletion(-) diff --git a/teleport.changes b/teleport.changes index 26c5e59..fe8cbc8 100644 --- a/teleport.changes +++ b/teleport.changes @@ -1,3 +1,72 @@ +------------------------------------------------------------------- +Sun Jan 7 18:18:50 UTC 2024 - Johannes Kastl + +- update to 14.3.0: + This release of Teleport contains multiple security fixes, + improvements and bug fixes. + * Security fixes + - Teleport Proxy now restricts SFTP for normal users as + described under Advisory + https://github.com/gravitational/teleport/security/advisories/GHSA-c9v7-wmwj-vf6x + - Fixed an issue that would allow for SSRF via Teleport's + reverse tunnel subsystem. Documented under the advisory + -https://github.com/gravitational/teleport/security/advisories/GHSA-hw4x-mcx5-9q36 + - On macOS, Teleport filters the environment to prevent code + execution via `DYLD_` variables. Documented under + https://github.com/gravitational/teleport/security/advisories/GHSA-vfxf-76hv-v4w4 + - A fix was applied to Access Lists to prevent possible + privilege escalation of list owners. Documented under + https://github.com/gravitational/teleport/security/advisories/GHSA-76cc-p55w-63g3 + * Other Fixes & Improvements + - Added the ability to promote an access request to an access + list in Teleport Connect + - Fixed an issue that would prevent websocket upgrades from + completing. + - Enhanced the audit events related to Teleport's SAML IdP + - Added support for STS session tags in the database + configuration for granular DynamoDB access. + - Added support for the IAM join method in ca-west-1. + - Improved the formatting of access list notifications in tsh. + - Fixed downgrade logic of KubernetesResources to Role v6 + - Fixed potential panic during early phases of SSH service + lifetime + - Added a `tsh latency` command to monitor ssh connection + latency in realtime + - Support GitHub joining from Enterprise accounts with + `include_enterprise_slug` enabled. + - Added vpc-id as a label to auto-discovered RDS databases + - Improved teleport agent performance when handling a large + number of TCP forwarding requests. + - Bump golang.org/x/crypto to v0.17.0, which addresses the + Terrapin vulnerability (CVE-2023-48795) + - Include the lock expiration time in `lock.create` audit + events + - Add custom attribute mapping to the + `saml_idp_service_provider` spec. + - Fixed PIV not being available on Windows tsh binaries + - Restored direct dial SSH server compatibility with certain + SSH tools such as `ssh-keyscan` (#35647) + - Prevent users from deleting their last passwordless device + - the `teleport-kube-agent` chart now supports passing extra + arguments to the updater. + - New access lists with an unspecified NextAuditDate now pick + a new date instead of being rejected + - Changed the minimal supported macOS version of Teleport + Connect to 10.15 (Catalina) + - Add non-AD desktops to Enroll New Resource + - Fixed a bug in `teleport-kube-agent` chart when using both + `appResources` and the `discovery` role. + - Fixed session upload audit events sometimes containing an + incorrect URL for the session recording. + - Prevent tsh from re-authenticating if the MFA ceremony fails + during `tsh ssh` + - Prevent attempts to join a nonexistent SSH session from + hanging forever + - Improved Windows hosts registration with a new + `static_hosts` configuration field + - Fixed the sorting of name and description columns for user + groups when creating an access request + ------------------------------------------------------------------- Fri Dec 15 06:33:22 UTC 2023 - Johannes Kastl @@ -6813,7 +6882,7 @@ Tue Apr 26 19:47:35 UTC 2022 - kastl@b1-systems.de Tue Apr 26 18:54:52 UTC 2022 - Johannes Kastl - introduce new executable tbot for new feature Machine ID - https://goteleport.com/docs/machine-id/getting-started/ + https://goteleport.com/docs/machine-id/getting-started/ ------------------------------------------------------------------- Tue Apr 26 06:24:53 UTC 2022 - kastl@b1-systems.de