Accepting request 1137413 from devel:kubic

OBS-URL: https://build.opensuse.org/request/show/1137413
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/teleport?expand=0&rev=88

_service

@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="submodules">disable</param>
     <param name="exclude">.git</param>
-    <param name="revision">v14.2.3</param>
+    <param name="revision">v14.3.0</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">disable</param>
     <param name="versionrewrite-pattern">v(.*)</param>

teleport-14.2.3.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4a5a36dcc6823c55b07fee4ddb180c29b5ff5bfe99e91488ced3c5919cb6c766
-size 239788046

teleport-14.3.0.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0817fe3200fbf91fe8ff7b9a0560ffdfd9e4ff2f0f22259f476f8ab5ad7d78a3
+size 242148366

teleport.changes

@@ -1,3 +1,72 @@
+-------------------------------------------------------------------
+Sun Jan  7 18:18:50 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- update to 14.3.0:
+  This release of Teleport contains multiple security fixes,
+  improvements and bug fixes.
+  * Security fixes
+    - Teleport Proxy now restricts SFTP for normal users as
+      described under Advisory
+      https://github.com/gravitational/teleport/security/advisories/GHSA-c9v7-wmwj-vf6x
+    - Fixed an issue that would allow for SSRF via Teleport's
+      reverse tunnel subsystem. Documented under the advisory
+      -https://github.com/gravitational/teleport/security/advisories/GHSA-hw4x-mcx5-9q36
+    - On macOS, Teleport filters the environment to prevent code
+      execution via `DYLD_` variables. Documented under
+      https://github.com/gravitational/teleport/security/advisories/GHSA-vfxf-76hv-v4w4
+    - A fix was applied to Access Lists to prevent possible
+      privilege escalation of list owners.  Documented under
+      https://github.com/gravitational/teleport/security/advisories/GHSA-76cc-p55w-63g3
+  * Other Fixes & Improvements
+    -  Added the ability to promote an access request to an access
+       list in Teleport Connect
+    -  Fixed an issue that would prevent websocket upgrades from
+       completing.
+    -  Enhanced the audit events related to Teleport's SAML IdP
+    -  Added support for STS session tags in the database
+       configuration for granular DynamoDB access.
+    -  Added support for the IAM join method in ca-west-1.
+    -  Improved the formatting of access list notifications in tsh.
+    -  Fixed downgrade logic of KubernetesResources to Role v6
+    -  Fixed potential panic during early phases of SSH service
+       lifetime
+    -  Added a `tsh latency` command to monitor ssh connection
+       latency in realtime
+    -  Support GitHub joining from Enterprise accounts with
+       `include_enterprise_slug` enabled.
+    -  Added vpc-id as a label to auto-discovered RDS databases
+    -  Improved teleport agent performance when handling a large
+       number of TCP forwarding requests.
+    -  Bump golang.org/x/crypto to v0.17.0, which addresses the
+       Terrapin vulnerability (CVE-2023-48795)
+    -  Include the lock expiration time in `lock.create` audit
+       events
+    -  Add custom attribute mapping to the
+       `saml_idp_service_provider` spec.
+    -  Fixed PIV not being available on Windows tsh binaries
+    -  Restored direct dial SSH server compatibility with certain
+       SSH tools such as `ssh-keyscan` (#35647)
+    -  Prevent users from deleting their last passwordless device
+    -  the `teleport-kube-agent` chart now supports passing extra
+       arguments to the updater.
+    -  New access lists with an unspecified NextAuditDate now pick
+       a new date instead of being rejected
+    -  Changed the minimal supported macOS version of Teleport
+       Connect to 10.15 (Catalina)
+    -  Add non-AD desktops to Enroll New Resource
+    -  Fixed a bug in `teleport-kube-agent` chart when using both
+       `appResources` and the `discovery` role.
+    -  Fixed session upload audit events sometimes containing an
+       incorrect URL for the session recording.
+    -  Prevent tsh from re-authenticating if the MFA ceremony fails
+       during `tsh ssh`
+    -  Prevent attempts to join a nonexistent SSH session from
+       hanging forever
+    -  Improved Windows hosts registration with a new
+       `static_hosts` configuration field
+    -  Fixed the sorting of name and description columns for user
+       groups when creating an access request
+
 -------------------------------------------------------------------
 Fri Dec 15 06:33:22 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>
 

teleport.obsinfo

@@ -1,4 +1,4 @@
 name: teleport
-version: 14.2.3
-mtime: 1702593530
-commit: 22e50b45420e7e4775e91c36650b81253210791c
+version: 14.3.0
+mtime: 1703891334
+commit: 390d33c42bbe52f4bde6302bfbffccfeeb30ff29

teleport.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package teleport
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %define __arch_install_post export NO_BRP_STRIP_DEBUG=true
 
 Name:           teleport
-Version:        14.2.3
+Version:        14.3.0
 Release:        0
 Summary:        Identity-aware, multi-protocol access proxy
 License:        Apache-2.0

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:66e6d3c12eb28f99fb0c2128df1036a55103734c0e4fb1f3a821a22639ef16bc
-size 39744634
+oid sha256:2e17ddbdbf63d0e8487759cd5334f7bd5715ded26bafd98b91662d503509fbdc
+size 40440309