[Bug 267052] security/teleport: Update to 4.4.12

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 14 Oct 2022 15:45:40 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267052

            Bug ID: 267052
           Summary: security/teleport: Update to 4.4.12
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: swills@FreeBSD.org
          Reporter: kraileth@elderlinux.org
             Flags: maintainer-feedback?(swills@FreeBSD.org)
          Assignee: swills@FreeBSD.org

Created attachment 237302
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=237302&action=edit
Update security/teleport to version 4.4.12

The version of Teleport currently packaged by FreeBSD (4.3.9, from Dec. 2020!)
contains multiple known vulnerabilities and most components silently broke
since the port is getting compiled with Go 1.16 and higher. I tried to mail the
maintainer last year but didn't get a response.

There has been an attempt by someone else to get the software updated
(https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261459), but nothing
happened since January. This could be due to said effort being incomplete and
providing no update path (forcing existing clusters to be re-installed).

I've chosen the more comprehensive path of step-by-step upgrades. This first
step brings Teleport up to version 4.4.12, the final one in the 4.4 branch that
was released in March this year. It can be used to upgrade existing 4.3
installations and unbreaks several components with newer versions of Go. If it
is committed, I intend to follow up an update to version 5.2.5.

The port description has been revised as Teleport evolved significantly since
the port was introduced at version 2.5.6. This proposal passes "portlint -AC"
and a test build with Synth. I set up a test cluster with 4.3.9 nodes (package
built with old Go), updated the machines with this port and ensured that
Teleport still works. If this patch requires further work to be committed, I'll
be happy to do that.

-- 
You are receiving this mail because:
You are the assignee for the bug.