v1.38.4-sunos

Commits

• add recorders field to SSHRule struct (Charlotte Brandhorst-Satzkorn)
• move recorders field from SSHRule to SSHAction (Charlotte Brandhorst-Satzkorn)
• dbbc465: ssh/tailssh: stream SSH recordings to configured recorders (Maisem Ali)
• d216363: ssh/tailssh: add more metadata to recording header (Maisem Ali)
• 40091d0: ssh/tailssh: allow recorders to be configured on the first or final action (Maisem Ali)
• 2474bd2: ssh/tailssh: use background context for uploading recordings (Maisem Ali)
• 0651c1a: ssh/tailssh: add docs to CastHeader fields (Maisem Ali)
• 8414c59: ssh/tailssh: enable recording of non-pty sessions (Maisem Ali)
• e6b81f9: ssh/tailssh: handle session recording when running in userspace mode (Maisem Ali)
• 1b1ac05: ssh/tailssh: add session recording test for non-pty sessions (Maisem Ali)
• 71a5f2a: ssh/tailssh: add tests for recording failure (Maisem Ali)
• 49e305f: ssh/tailssh: fix race in errors returned when starting recorder (Maisem Ali)
• c3301ab: go.toolchain.rev: update for go 1.20.3 (David Anderson) #7789
• 383b7c7: cmd/tailscale/cli: make serve and funnel visible in list (tailscale#7737) (shayne)
• 296d682: cmd/tailscale/cli: fix inconsistency between serve text and example command (Mihai Parparita)
• 61f36aa: cmd/tailscale/cli: do not allow turning Funnel on while shields-up (tailscale#7770) (shayne)
• 00205f0: ssh/tailssh: handle output matching better in tests (tailscale#7799) (Maisem Ali)
• 214217d: cmd/tailscale/cli: [serve] add support for proxy paths (tailscale#7800) (shayne)
• 043a345: VERSION.txt: this is v1.38.4 (Rhea Ghosh)
• 1ef27eb: Merge tag 'v1.38.4' into sunos-1.38 (Nahum Shalman)

v1.38.3-sunos

Commits

• d47b74e: ipn/ipnlocal: also store ACME keys in the certStore (Maisem Ali)
• 26bf7c4: ipn/ipnlocal: fix cert storage in Kubernetes (Maisem Ali)
• 068ed7d: ipn/ipnlocal: use atomicfile.WriteFile in certFileStore (Maisem Ali)
• change references from alpha to beta (tailscale#7613) (shayne)
• d7bbd4f: ipn/ipnlocal: [serve/funnel] use actual SrcAddr as X-Forwarded-For (tailscale#7600) (shayne)
• c750186: ipn/ipnlocal: [serve] Trim mountPoint prefix from proxy path (tailscale#7334) (shayne)
• 47ebe6f: VERSION.txt: this is v1.38.3 (Shayne Sweeney)
• d02885d: Merge tag 'v1.38.3' into sunos-1.38 (Nahum Shalman)

v1.38.2-sunos

Commits

• fd558e2: net/interfaces: also allow link-local for AzureAppServices. (Denton Gentry)
• aad01c8: cmd/tailscale/cli: move tskey-wrap functionality under lock sign (Tom DNetto)
• d00c046: ssh/tailssh: fix privilege dropping on FreeBSD; add tests (Andrew Dunham)
• 817aa28: net/sockstats: export cellular-only clientmetrics (Mihai Parparita)
• 3db61d0: VERSION.txt: this is v1.38.2 (Denton Gentry)
• 7db9e12: Merge tag 'v1.38.2' into sunos-1.38 (Nahum Shalman)

v1.38.1-sunos

Commits

• 4136f27: ipn/localapi: fix validHost parsing logic (David Crawshaw) #7114
• f8fc3db: flake.nix: update SRI hash. (David Anderson) #7137
• update nixpkgs flake, override go_1_20 for tailscale_go (tailscale#7139) #7139 (shayne)
• ca45fe2: cmd/tailscale/cli: delete ActLikeCLI (Brad Fitzpatrick) #7146
• 27d146d: .github/ISSUE_TEMPLATE: add link to wiki/OtherSoftwareInterop (Brad Fitzpatrick) #7148
• 8e6a1ab: util/vizerror: add new package for visible errors (Will Norris) #7120
• 598ec46: fixup! util/vizerror: add new package for visible errors (Will Norris) #7120
• a6c6979: fixup! util/vizerror: add new package for visible errors (Will Norris) #7120
• 648aa00: fixup! util/vizerror: add new package for visible errors (Will Norris) #7120
• 51e1ab5: fixup! util/vizerror: add new package for visible errors (Will Norris) #7120
• 1008506: util/vizerror: add As function to get wrapped Error (Will Norris) #7153
• 623176e: go.toolchain.branch: update to Go 1.20 (Brad Fitzpatrick) #7150
• update to Go 1.20, use strings.CutPrefix/Suffix instead of our fork #7152 (Brad Fitzpatrick)
• f7b3156: .github/workflows: delete CIFuzz job (Brad Fitzpatrick) #7156
• use Go 1.20's bytes.Clone #7155 (Brad Fitzpatrick)
• 7393ce5: wgengine/magicsock: add envknob to print information about port selection (Andrew Dunham) #7128
• 2755f38: health, net/tlsdial: add healthcheck for self-signed cert (Andrew Dunham) #7149
• 03645f0: net/{netns,netstat}: use new x/sys/cpu.IsBigEndian (Brad Fitzpatrick) #7158
• update tailscale{,d} licenses #7159 (License Updater)
• 5ba2543: ipn/ipnlocal: print warning about DNS servers in bugreport --diagnose (Andrew Dunham) #7160
• 2dc3dc2: util/multierr: implement Go 1.20+'s multiple error Unwrap (Andrew Dunham) #7161
• 02a2dcf: go.toolchain.rev: use new statically built toolchain (David Anderson) #7167
• update win/apple licenses #7168 (License Updater)
• d2301db: ipn/localapi: print node IDs, pubkeys, and expiry on bugreport (Andrew Dunham) #7174
• 880a41b: net/dns/resolver: add envknob to debug exit node DNS queries on on Windows (Andrew Dunham) #7173
• add wire fields/docs for resuming streaming map sessions #5208 (Brad Fitzpatrick)
• 8cf2805: tailcfg, localapi: plumb device token to server (David Crawshaw) #7111
• update win/apple licenses #7176 (License Updater)
• b690818: net/tshttpproxy: more directly use Transport proxy CONNECT hooks (Mihai Parparita) #7179
• 0e3fb91: net/dns/resolver: remove maxDoHInFlight (Mihai Parparita) #7180
• 6bae55e: ipn/ipnlocal: add support to store certs in k8s secrets (Maisem Ali) #7142
• 4daba23: cmd/get-authkey: add an OAuth API client to produce an authkey (Denton Gentry) #7181
• 1acdcff: go.toolchain.rev: update toolchain to test ios workaround (David Anderson) #7183
• implement pcap streaming for datapath debugging #7018 (Tom DNetto)
• 6d84f34: ipn/ipnlocal: handle more edge cases in netmap expiry timer (Andrew Dunham) #7194
• 2a09418: .github/workflows: use ./tool/go in go mod tidy (Maisem Ali) #7196
• 0fd2f71: ipn/ipnlocal: use presence of NodeID to identify logins (Maisem Ali) #7195
• unify and optimize the various not-version funcs #7197 (David Anderson)
• cab2b2b: ipn/localapi: print envknobs on bugreport (Andrew Dunham) #7200
• 9be47f7: ipn/ipnlocal: fix the path for writing cert files (tailscale#7203) (M. J. Fromberger) #7203
• increase maximum log line size in low memory mode #7208 (Mihai Parparita)
• remove unused NLKeyStateKey constant #7216 (Mihai Parparita)
• 05adf22: cmd/k8s-operator: add support for running an auth proxy (Maisem Ali) #7178
• 2477fc4: net/netutil: only check Linux sysctls w/ procfs, assume absent means false (Brad Fitzpatrick) #7219
• fb84ccd: control/controlhttp: don't require valid TLS cert for Noise connection (Brad Fitzpatrick) #7214
• 62f4df3: net/interfaces, net/netns: add node attributes to control default interface getting and binding (Mihai Parparita) #7215
• 2f4df30: .github/workflows: re-enable CIFuzz job (Mihai Parparita) #7218
• 89bd414: ipn/ipnstate: update field docs on PeerStatus. (Maisem Ali) #7221
• 6ef834a: get-authkey: require tags to be specified (Will Norris) #7224
• 3c107ff: net/connstats: fix ticker in NewStatistics (tailscale#7225) (Colin Adler) #7225
• ba48ec5: util/linuxfw: initial implementation of package (Andrew Dunham) #5734
• 33f29a1: go.toolchain.rev: update toolchain to test iOS Go fix (David Anderson) #7232
• 0e4f2bd: pull-toolchain.sh: don't run update-flake.sh (David Anderson) #7236
• 9e4d993: go.toolchain.rev: bump Go toolchain (Brad Fitzpatrick) #7234
• 6799ef8: ipn/ipnlocal: add PeerAPI endpoint for doctor output (Mihai Parparita) #7235
• update win/apple licenses #7233 (License Updater)
• return correct Meta.MajorMinorPatch in non-dev builds #7198 (David Anderson)
• start logging DISCO frames to pcap stream #7223 (Tom DNetto)
• undo previous "optimization", do more work lazily #7246 (David Anderson)
• 7d204d8: ipn/ipnlocal: fix passthrough of formatting arguments in PeerAPI doctor output (Mihai Parparita) #7250
• 21fda7f: net/routetable: include unknown flags in the routetable doctor output (Mihai Parparita) #7249
• fa932fe: net/interfaces: redo how we get the default interface on macOS and iOS (Mihai Parparita) #7248
• 5bca44d: cmd/sync-containers: update latest and stable tags (Denton Gentry) #7253
• 9e6b4d7: types/lazy: helpers for lazily computed values (David Anderson) [tailscale#7247](https://g...

v1.36.2-sunos

Commits

• 6842c3c: net/interfaces: redo how we get the default interface on macOS and iOS (Mihai Parparita)
• 0438c67: VERSION.txt: this is v1.36.2 (Denton Gentry)
• 1cab44e: Merge tag 'v1.36.2' into sunos-1.36 (Nahum Shalman)

v1.36.1-sunos

Commits

• 50cf21a: cmd/tailscale/cli: fix TUNmode display on synology web page (tailscale#7064) (phirework)
• [windows] check if running via Scoop (tailscale#7068) (shayne)
• d1fc9bb: go.mod: bump wintun-go (Brad Fitzpatrick)
• a3ce35d: net/netstat: add nil checks to Windows OSMetadata implementation (Aaron Klotz)
• 6bdb9da: net/netstat: document the Windows netstat code a bit more (Brad Fitzpatrick)
• ad504be: ipn/ipnlocal: use presence of NodeID to identify logins (Maisem Ali)
• increase maximum log line size in low memory mode (Mihai Parparita)
• 5a98bbc: cmd/get-authkey: add an OAuth API client to produce an authkey (Denton Gentry)
• fe33b17: ipn/ipnlocal: handle more edge cases in netmap expiry timer (Andrew Dunham)
• 6d98b5c: net/netns: add functionality to bind outgoing sockets based on route table (Andrew Dunham)
• a8231b1: net/interfaces, net/netns: add node attributes to control default interface getting and binding (Mihai Parparita)
• 576b08e: VERSION.txt: this is v1.36.1 (Denton Gentry)
• cc67578: Merge tag 'v1.36.1' into sunos-1.36 (Nahum Shalman)

v1.36.0-sunos

Features

• build: add support on Loongnix-Server (loong64) (tailscale#6233) #6233 (缘生)

Commits

• c933b88: VERSION.txt: this is v1.35.0 (Denton Gentry) #6624
• 9c773af: ipn/ipnlocal: fix use of stale profile while processing netmap (Tom DNetto) #6616
• 3f16dec: api.md: change "admin panel" to "admin console" (Julia Stein) #6625
• cb525a1: cmd/tailscaled: fix typo in netstack variable name (Mihai Parparita) #6626
• 79f3a5d: net/netns, net/interfaces: explicitly bind sockets to the default interface on all Darwin variants (Mihai Parparita) #6566
• update android licenses #6628 (License Updater)
• 1598cd0: net/tsaddr: remove ContainsFunc helpers (they're now in x/exp/slices) (Brad Fitzpatrick) #6630
• update win/apple licenses #6633 (License Updater)
• 5ff946a: cmd/containerboot: fix TS_STATE_DIR environment variable (Anton Tolchanov) #6636
• update win/apple licenses #6640 (License Updater)
• a469ec8: cmd/containerboot: fix some lint. (David Anderson) #6632
• e04aaa7: cmd/containerboot: split tailscaled bringup and auth phases. (David Anderson) #6632
• e79a1eb: cmd/containerboot: refactor tests to have more explicit phases. (David Anderson) #6632
• e36c27b: cmd/containerboot: check that k8s secret permissions are correct. (David Anderson) #6646
• a887ca7: ipn/ipnlocal: improve redactErr to handle more cases (Andrew Dunham) #6642
• 367228e: cmd/containerboot: gracefully degrade if missing patch permissions in k8s. (David Anderson) #6649
• 98f2135: cmd/tailscaled: add a special command to tailscaled's Windows service for removing WinTun (Aaron Klotz) #6645
• 55e0512: ipn/ipnlocal,cmd/tailscale: minor improvements to lock modify command (Tom DNetto) #6617
• 1b65630: cmd/containerboot: switch to IPN bus monitoring instead of polling. (David Anderson) #6658
• 98114bf: cmd/tailscale/cli, ipn/localapi: add funnel status to status command (tailscale#6402) (shayne) #6402
• update win/apple licenses #6659 (License Updater)
• 2d271f3: ipn/ipnlocal: disallow exit nodes from using exit nodes (salman) #6383
• add HTTP client method to tsnet.Server (tailscale#6669) #6669 (Xe Iaso)
• e27f4f0: cmd/tailscale/cli: add progress to tailscale file cp (Tom DNetto) #6547
• bdc45b9: wgengine/magicsock: fix panic when rebinding fails (Mihai Parparita) #6650
• 389238f: cmd/tailscale/cli: add workaround for improper named socket quoting in ssh command (James Tucker) #6673
• 76389d8: net/tstun, wgengine/magicsock: enable vectorized I/O on Linux (tailscale#6663) (Jordan Whited) #6663
• 383e203: cmd/tailscale/cli: update lock status help strings (tailscale#6675) (Walter Poupore) #6675
• eb1adf6: net/tstun: reuse buffered packet from pool (Maisem Ali) #6678
• b630944: wgengine/router: fix tests on systems with older Busybox 'ip' binary (Andrew Dunham) #6684
• update golang.zx2c4.com/wireguard to github.com/tailscale/wireguard-go (tailscale#6692) #6692 (Jordan Whited)
• update win/apple licenses #6693 (License Updater)
• 9d335aa: cmd/tailscale/cli: [ssh] fix typo in help text (tailscale#6694) (shayne) #6694
• 5a523fd: go.mod: update deps to add support for GOARCH=loong64 (Brad Fitzpatrick) #6701
• 7b65b7f: go.mod: bump tailscale/wireguard-go for loong64 (Brad Fitzpatrick) #6703
• 53e2010: cmd/tailscaled: change Windows implementation to shut down subprocess via closing its stdin (Aaron Klotz) #6682
• 47002d9: ipn/ipnlocal: add a few metrics for PeerAPI and LocalAPI (Mihai Parparita) #6691
• b2d4abf: cmd/k8s-operator: add a kubernetes operator. (David Anderson) #6713
• 041a0e3: client/tailscale: add APIs for auth key management. (tailscale#6715) (Dave Anderson) #6715
• c47578b: util/multierr: add Range (tailscale#6643) (Joe Tsai) #6643
• bd2995c: ipn/ipnlocal: simplify redactErr (tailscale#6716) (Joe Tsai) #6716
• ca08e31: util/endian: delete package; use updated josharian/native instead (Brad Fitzpatrick) #6717
• 3b7ae39: cmd/k8s-operator: use the client's authkey method to create auth keys. (David Anderson) #6718
• bc8f5a7: cmd/k8s-operator: add a basic unit test. (David Anderson) #6718
• 53a9cc7: cmd/k8s-operator: rename main.go -> operator.go. (David Anderson) #6718
• 8dbb3b8: cmd/k8s-operator: remove unused structs. Cleanup missed in tailscale#6718. (David Anderson) #6719
• c902190: cmd/k8s-operator: factor out some of the larger expected test outputs. (David Anderson) #6720
• 9c77205: cmd/k8s-operator: add more tests for "normal" paths. (David Anderson) #6720
• add a target for doing dev builds of the k8s operator. #6722 (David Anderson)
• 0d47cd2: wgengine/monitor: fix panic due to race on Windows (Andrew Dunham) #6723
• 44be59c: wgengine/magicsock: fix panic in wireguard-go rate limiting path (Brad Fitzpatrick) #6724
• 3f4d51c: net/dns: don't send on closed channel when message too large (Andrew Dunham) #6728
• c0fcab0: client/tailscale: fix request object for key creation. (David Anderson) #6729
• 8ccd707: cmd/k8s-operator: remove times requeues in proxy deletion path. (David Anderson) #6729
• d857fd0: cmd/k8s-operator: sprinkle debug logging throughout. (David Anderson) #6732
• 835a73c: cmd/k8s-operator: remove unnecessary timed requeue. (David Anderson) #6732
• da53b13: cmd/gitops-pusher: support alternate api-server URLs (Denton Gentry) #6709
• a7ab342: cmd/k8s-operator: refactor reconcile loop, un-plumbing reconcile.Result. (David Anderson) #6744
• 3a5fc23: cmd/k8s-operator: use oauth credentials for API access. (David Anderson) #6746
• 55b2400: net/tstun: don't return early from a partial tun.Read() (tailscale#6745) (Jordan Whited) #6745
• 350aab0: util/multierr: optimize New for nil cases (tailscale#6750) (Joe Tsai) #6750
• 56f7da0: ssh/tailssh: set default Tailscale SSH $PATH for non-interactive commands (Brad Fitzpatrick) #6748
• 8171eb6: cmd/k8s-operator: move the operator into its own namespace. (David Anderson) #6749
• 53c4892: ipn/ipnserver: propagate http.Serve error (Anton Tolchanov) #6753
• update win/apple licenses [tailscale#6711]...

v1.34.2-sunos

Commits

• Release Workflow tweak (Nahum Shalman)
• e32d5af: cmd/tailscale: use localhost for QNAP authLogin.cgi (Denton Gentry)
• 48d5b7f: net/dns/resolvconffile: fix handling of multiple search domains (Brad Fitzpatrick)
• c27a52d: ipn/profiles: set default prefs based on Windows registry (tailscale#6803) (Kristoffer Dalby)
• 08d0cdf: go.toolchain.rev: bump Go to 1.19.4 (Brad Fitzpatrick)
• ac1000e: go.mod: bump x/sys for linux/arm64 cpu SIGILL fix (Denton Gentry)
• c5ef910: VERSION.txt: this is v1.34.2 (Denton Gentry)
• 5120a2a: Merge tag 'v1.34.2' into sunos-1.34 (Nahum Shalman)

v1.34.1-sunos

Commits

• 682abd9: cmd/containerboot: fix TS_STATE_DIR environment variable (Anton Tolchanov) #6656
• 97e3919: cmd/containerboot: fix some lint. (David Anderson) #6656
• cc440cc: cmd/containerboot: split tailscaled bringup and auth phases. (David Anderson) #6656
• ae1ca4f: cmd/containerboot: refactor tests to have more explicit phases. (David Anderson) #6656
• 77a3efa: cmd/containerboot: check that k8s secret permissions are correct. (David Anderson) #6656
• 1e03bae: cmd/containerboot: gracefully degrade if missing patch permissions in k8s. (David Anderson) #6656
• 8ed27fa: cmd/tailscale/cli: add workaround for improper named socket quoting in ssh command (James Tucker)
• 8a112e4: ipn/ipnlocal: add a few metrics for PeerAPI and LocalAPI (Mihai Parparita)
• 394c275: cmd/tailscale/cli: [ssh] fix typo in help text (tailscale#6694) (shayne)
• 84ecf77: wgengine/router: fix tests on systems with older Busybox 'ip' binary (Andrew Dunham)
• 22ad720: wgengine/magicsock: fix panic when rebinding fails (Mihai Parparita)
• c1d2349: wgengine/magicsock: fix panic in wireguard-go rate limiting path (Brad Fitzpatrick)
• 331d553: VERSION.txt: this is v1.34.1 (Denton Gentry)
• e3498b7: Merge tag 'v1.34.1' into sunos-1.34 (Nahum Shalman)
• c3f231a: XXX patch tool/go for sunos builds (Nahum Shalman)
• use build_dist for setting version strings (Nahum Shalman)
• Build and ship releases on GitHub (Nahum Shalman)

v1.34.1-go-1.19.4-sunos

Commits

• 682abd9: cmd/containerboot: fix TS_STATE_DIR environment variable (Anton Tolchanov) #6656
• 97e3919: cmd/containerboot: fix some lint. (David Anderson) #6656
• cc440cc: cmd/containerboot: split tailscaled bringup and auth phases. (David Anderson) #6656
• ae1ca4f: cmd/containerboot: refactor tests to have more explicit phases. (David Anderson) #6656
• 77a3efa: cmd/containerboot: check that k8s secret permissions are correct. (David Anderson) #6656
• 1e03bae: cmd/containerboot: gracefully degrade if missing patch permissions in k8s. (David Anderson) #6656
• 8ed27fa: cmd/tailscale/cli: add workaround for improper named socket quoting in ssh command (James Tucker)
• 8a112e4: ipn/ipnlocal: add a few metrics for PeerAPI and LocalAPI (Mihai Parparita)
• 394c275: cmd/tailscale/cli: [ssh] fix typo in help text (tailscale#6694) (shayne)
• 84ecf77: wgengine/router: fix tests on systems with older Busybox 'ip' binary (Andrew Dunham)
• 22ad720: wgengine/magicsock: fix panic when rebinding fails (Mihai Parparita)
• c1d2349: wgengine/magicsock: fix panic in wireguard-go rate limiting path (Brad Fitzpatrick)
• 331d553: VERSION.txt: this is v1.34.1 (Denton Gentry)
• e3498b7: Merge tag 'v1.34.1' into sunos-1.34 (Nahum Shalman)
• c3f231a: XXX patch tool/go for sunos builds (Nahum Shalman)
• use build_dist for setting version strings (Nahum Shalman)
• Build and ship releases on GitHub (Nahum Shalman)
• Release Workflow tweak (Nahum Shalman)