diff --git a/_service b/_service
index 5fefdf1..62dd460 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
git
disable
.git
- v15.4.2
+ v15.4.3
@PARENT_TAG@
disable
v(.*)
@@ -32,4 +32,8 @@
+
+ true
+ teleport/tool/fdpass-teleport
+
diff --git a/teleport-15.4.2.obscpio b/teleport-15.4.2.obscpio
deleted file mode 100644
index 14d98c0..0000000
--- a/teleport-15.4.2.obscpio
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:58cb16b508a6bc992b4b3aadacdd3f8a254f9520415e2839fd281e5943ea8fe7
-size 253931022
diff --git a/teleport-15.4.3.obscpio b/teleport-15.4.3.obscpio
new file mode 100644
index 0000000..78f394b
--- /dev/null
+++ b/teleport-15.4.3.obscpio
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:eef752c67fe727ffd13456008b0529df3fbc1242909e17e78fdf409fdf6c996c
+size 254003214
diff --git a/teleport.changes b/teleport.changes
index 8eec8fc..bd181a6 100644
--- a/teleport.changes
+++ b/teleport.changes
@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Jun 13 05:17:15 UTC 2024 - Johannes Kastl
+
+- new subpackage teleport-fdpass-teleport, see below
+- update to 15.4.3:
+ Note: This release includes a new binary, fdpass-teleport, that
+ can be optionally used by Machine ID to significantly reduce
+ resource consumption in use-cases that create large numbers of
+ SSH connections (e.g. Ansible). Refer to the documentation for
+ more details.
+ * Update azidentity to v1.6.0 (patches CVE-2024-35255). #42859
+ * Remote rate limits on endpoints used extensively to connect to
+ the cluster. #42835
+ * Machine ID SSH multiplexer now only writes artifacts if they
+ have not changed, resolving a potential race condition with the
+ OpenSSH client. #42830
+ * Use more efficient API when querying SSH nodes to resolve Proxy
+ Templates in tbot. #42829
+ * Improve the performance of the Athena audit log and S3 session
+ storage backends. #42795
+ * Prevent a panic in the Proxy when accessing an offline
+ application. #42786
+ * Improve backoff of session recording uploads by teleport
+ agents. #42776
+ * Introduce the new Machine ID ssh-multiplexer service for
+ significant improvements in SSH performance. #42761
+ * Reduce backend writes incurred by tracking status of
+ non-recorded sessions. #42694
+ * Fix not being able to logout from the web UI when session
+ invalidation errors. #42648
+ * Fix access list listing not updating when creating or deleting
+ an access list in the web UI. #4383
+ * Fix crashes related to importing GCP labels. #42871
+
-------------------------------------------------------------------
Tue Jun 11 12:12:48 UTC 2024 - Johannes Kastl
diff --git a/teleport.obsinfo b/teleport.obsinfo
index c576957..a4ef1a5 100644
--- a/teleport.obsinfo
+++ b/teleport.obsinfo
@@ -1,4 +1,4 @@
name: teleport
-version: 15.4.2
-mtime: 1718094157
-commit: cd2ff3e478af17cfb26338cdec11b37ffca10774
+version: 15.4.3
+mtime: 1718228621
+commit: 46e1a24d66dfe03e09b3fe068821d8f4804f47b3
diff --git a/teleport.spec b/teleport.spec
index 1bcb7c9..6dc44fd 100644
--- a/teleport.spec
+++ b/teleport.spec
@@ -19,17 +19,22 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: teleport
-Version: 15.4.2
+Version: 15.4.3
Release: 0
Summary: Identity-aware, multi-protocol access proxy
License: Apache-2.0
URL: https://github.com/gravitational/teleport
Source: %{name}-%{version}.tar.gz
+# go vendoring
Source1: vendor.tar.gz
Source2: webassets.tar.gz
Source3: teleport.service
Source4: teleport.yaml
Source5: tbot.yaml
+# Rust vendoring
+Source6: vendor.tar.zst
+BuildRequires: cargo >= 1.69
+BuildRequires: cargo-packaging
BuildRequires: git-core
BuildRequires: go >= 1.20
BuildRequires: pam-devel
@@ -69,10 +74,18 @@ License: Apache-2.0
Machine ID is a service that programmatically issues and renews short-lived certificates to any service account (e.g., a CI/CD server) by retrieving credentials from the Teleport Auth Service. This enables fine-grained role-based access controls and audit.
tbot is the executable belonging to the Machine ID service.
+%package -n teleport-fdpass-teleport
+Summary: Significantly reduce resource consumption by large numbers of SSH connections
+License: Apache-2.0
+
+%description -n teleport-fdpass-teleport
+fdpass-teleport can be optionally used by Machine ID to significantly reduce resource consumption in use-cases that create large numbers of SSH connections (e.g. Ansible).
+
%prep
%setup -q
%setup -q -T -D -a 1
%setup -q -T -D -a 2
+tar xvf %{SOURCE6} -C tool/fdpass-teleport
%build
@@ -97,7 +110,6 @@ go build \
-buildmode=pie \
-ldflags="-w -s -X main.VERSION=%{version}" \
-o tbot ./tool/tbot
-
go build \
-tags "pam" \
-mod=vendor \
@@ -105,11 +117,15 @@ go build \
-ldflags="-w -s -X main.VERSION=%{version}" \
-o tctl ./tool/tctl
+cd tool/fdpass-teleport
+%{cargo_build}
+
%install
# Install the binary.
install -D -m 0755 tsh "%{buildroot}/%{_bindir}/tsh"
install -D -m 0755 tctl "%{buildroot}/%{_bindir}/tctl"
install -D -m 0755 tbot "%{buildroot}/%{_bindir}/tbot"
+install -D -m 0755 tool/fdpass-teleport/target/release/fdpass-teleport "%{buildroot}/%{_bindir}/fdpass-teleport"
install -D -m 0755 teleport "%{buildroot}/%{_sbindir}/teleport"
install -D -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/teleport.service
install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/teleport.yaml
@@ -168,4 +184,9 @@ install -D -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/tbot.yaml
%{_unitdir}/machine-id.service
%config(noreplace) %{_sysconfdir}/tbot.yaml
+%files -n teleport-fdpass-teleport
+%doc README.md
+%license LICENSE
+%{_bindir}/fdpass-teleport
+
%changelog
diff --git a/vendor.tar.gz b/vendor.tar.gz
index af4f1e9..d46bfe1 100644
--- a/vendor.tar.gz
+++ b/vendor.tar.gz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:4b6d2f342caea8f1c041797e0c1eb525ae39298163a96c43cc0c59e58d930503
-size 51439754
+oid sha256:640eea8261267a62c93e84b8ca6b0077fd84634a2d48d51cef42e750b2a4300a
+size 51521081
diff --git a/vendor.tar.zst b/vendor.tar.zst
new file mode 100644
index 0000000..9d17d3f
--- /dev/null
+++ b/vendor.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7cbc9d4ccdec929c44c17a019eebaa53d8bee173ff91c9c029e7a4db42374454
+size 715019