update to 16.4.7

OBS-URL: https://build.opensuse.org/package/show/devel:kubic/teleport?expand=0&rev=247

_service

@@ -4,11 +4,11 @@
     <param name="scm">git</param>
     <param name="submodules">disable</param>
     <param name="exclude">.git</param>
-    <param name="revision">v16.4.6</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">disable</param>
-    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="revision">v16.4.7</param>
     <param name="match-tag">v*</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionrewrite-pattern">v(.*)</param>
+    <param name="changesgenerate">disable</param>
   </service>
   <service name="tar_scm" mode="manual">
     <param name="url">https://github.com/gravitational/webassets</param>

teleport-16.4.6.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d04f6e750e15fc695b13560b589b3662409c3d57d6413caf682920e6c25f5f31
-size 280200206

teleport-16.4.7.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:611284ef1cfaf5f8184f3585fb94b8022e2f95600fc3b06e7a81e1bf08c55b43
+size 279968782

teleport.changes

@@ -1,3 +1,64 @@
+-------------------------------------------------------------------
+Tue Nov 12 06:42:07 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- update to 16.4.7:
+  * Fixed bug in Kubernetes session recordings where both root and
+    leaf cluster recorded the same Kubernetes session. Recordings
+    of leaf resources are only available in leaf clusters. #48738
+  * Machine ID can now be forced to use the explicitly configured
+    proxy address using the TBOT_USE_PROXY_ADDR environment
+    variable. This should better support split proxy address
+    operation. #48675
+  * Fixed undefined error in open source version when clicking on
+    Add Application tile in the Enroll Resources page in the Web
+    UI. #48616
+  * Updated Go to 1.22.9. #48581
+  * The teleport-cluster Helm chart now uses the configured
+    serviceAccount.name from chart values for its pre-deploy
+    configuration check Jobs. #48579
+  * Fixed a bug that prevented the Teleport UI from properly
+    displaying Plugin Audit log details. #48462
+  * Fixed an issue preventing migration of unmanaged users to
+    Teleport host users when including teleport-keep in a role's
+    host_groups. #48455
+  * Fixed showing the list of access requests in Teleport Connect
+    when a leaf cluster is selected in the cluster selector. #48441
+  * Added Connect support for selecting Kubernetes namespaces
+    during access requests. #48413
+  * Fixed a rare "internal error" on older U2F authenticators when
+    using tsh. #48402
+  * Fixed tsh play not skipping idle time when --skip-idle-time was
+    provided. #48397
+  * Added a warning to tctl edit about dynamic edits to statically
+    configured resources. #48392
+  * Define a new role.allow.request field called
+    kubernetes_resources that allows admins to define what kinds of
+    Kubernetes resources a requester can make. #48387
+  * Fixed a Teleport Kubernetes Operator bug that happened for
+    OIDCConnector resources with non-nil max_age. #48376
+  * Updated host user creation to prevent local password expiration
+    policies from affecting Teleport managed users. #48163
+  * Added support for Entra ID directory synchronization for
+    clusters without public internet access. #48089
+  * Fixed "Missing Region" error for teleport bootstrap commands.
+    #47995
+  * Fixed a bug that prevented selecting security groups during the
+    Aurora database enrollment wizard in the web UI. #47975
+  * During the Set Up Access of the Enroll New Resource flows, Okta
+    users will be asked to change the role instead of entering the
+    principals and getting an error afterwards. #47957
+  * Fixed teleport_connected_resource metric overshooting after
+    keepalive errors. #47949
+  * Fixed an issue preventing connections with users whose
+    configured home directories were inaccessible. #47916
+  * Added a resolve command to tsh that may be used as the target
+    for a Match exec condition in an SSH config. #47868
+  * Respect HTTP_PROXY environment variables for Access Request
+    integrations. #47738
+  * Updated tsh ssh to support the -- delimiter similar to openssh.
+    It is now possible to execute a command via tsh ssh user@host
+    -- echo test or tsh ssh -- host uptime. #47493
+
 -------------------------------------------------------------------
 Wed Oct 23 19:59:26 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
 

teleport.obsinfo

@@ -1,4 +1,4 @@
 name: teleport
-version: 16.4.6
-mtime: 1729696164
-commit: 3104d1ac1ceac0d0405f6a675110f258a67dbb2a
+version: 16.4.7
+mtime: 1731375738
+commit: 15dfef10fe2175e458e54e81e94dcae0b5f59757

teleport.spec

@@ -16,10 +16,8 @@
 #
 
 
-%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
-
 Name:           teleport
-Version:        16.4.6
+Version:        16.4.7
 Release:        0
 Summary:        Identity-aware, multi-protocol access proxy
 License:        AGPL-3.0-only
@@ -36,15 +34,18 @@ Source6:        vendor.tar.zst
 BuildRequires:  cargo >= 1.69
 BuildRequires:  cargo-packaging
 BuildRequires:  git-core
-BuildRequires:  go1.22 >= 1.22.6
+BuildRequires:  go1.22 >= 1.22.9
 BuildRequires:  pam-devel
 BuildRequires:  systemd-rpm-macros
 Requires:       teleport-tctl
 
 %description
-Teleport is the easiest, most secure way to access all your infrastructure. Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols.
+Teleport is the easiest, most secure way to access all your infrastructure.
+Teleport is an identity-aware, multi-protocol access proxy which understands
+SSH, HTTPS, RDP, Kubernetes API, MySQL, MongoDB and PostgreSQL wire protocols.
 
-On the server-side, Teleport is a single binary which enables convenient secure access to behind-NAT resources such as:
+On the server-side, Teleport is a single binary which enables convenient secure
+access to behind-NAT resources such as:
 * SSH nodes - SSH works in browsers too!
 * Kubernetes clusters
 * PostgreSQL, MongoDB, CockroachDB and MySQL databases
@@ -71,7 +72,10 @@ Summary:        CLI tool for Machine ID
 License:        Apache-2.0
 
 %description -n teleport-tbot
-Machine ID is a service that programmatically issues and renews short-lived certificates to any service account (e.g., a CI/CD server) by retrieving credentials from the Teleport Auth Service. This enables fine-grained role-based access controls and audit.
+Machine ID is a service that programmatically issues and renews short-lived
+certificates to any service account (e.g., a CI/CD server) by retrieving
+credentials from the Teleport Auth Service. This enables fine-grained
+role-based access controls and audit.
 tbot is the executable belonging to the Machine ID service.
 
 %package -n teleport-fdpass-teleport
@@ -79,7 +83,9 @@ Summary:        Significantly reduce resource consumption by large numbers of SS
 License:        Apache-2.0
 
 %description -n teleport-fdpass-teleport
-fdpass-teleport can be optionally used by Machine ID to significantly reduce resource consumption in use-cases that create large numbers of SSH connections (e.g. Ansible).
+fdpass-teleport can be optionally used by Machine ID to significantly reduce
+resource consumption in use-cases that create large numbers of SSH connections
+(e.g. Ansible).
 
 %prep
 %setup -q

vendor.tar.gz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:39424da30baf398391dc12e436f37d83947ace81a023f6e2fc251b4b690770e4
-size 46776161
+oid sha256:c77a1db3984a74b6c2a7f4c7e6fa3f9f475e1ad49bc8d1123d2d149e5e63939d
+size 46781164

vendor.tar.zst

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:4ab85d230031a7ff69ff4ffb80efe1e6e3048a17543cd75004004833cc976b97
-size 729773
+oid sha256:76257b2718534c1704e89d1f423d6c384c810517a913abbc26d3a98fbcec5c5b
+size 728970