v1.70.0-beta-sunos
github-actions
released this
21 Jul 13:39
·
558 commits
to sunos-1.78
since this release
Bug Fixes
- broken tests for localhost #12200 (Josh McKinney)
Builds
- deps: bump golang.org/x/image from 0.15.0 to 0.18.0 #12629 (dependabot[bot])
Continuous Integration
- enable checklocks workflow for specific packages #12626 (Andrew Dunham)
Commits
- 5f12139: VERSION.txt: this is v1.69.0 (tailscale#12441) (Mario Minardi) #12441
- d0f1a83: net/dnscache: use parent context to perform lookup (Andrew Dunham) #12418
- 02e3c04: net/dns: re-query system resolvers on no-upstream resolver failure on apple platforms (tailscale#12398) (Jonathan Nobels) #12398
- d7fdc01: ssh/tailssh: check IsSELinuxEnforcing in tailscaled process (Percy Wegmann) #12445
- ccdd2e6: cmd/derper: add a README (Brad Fitzpatrick) #12446
- 88f2d23: wgengine/netstack: fix 4via6 subnet routes (tailscale#12454) (Irbe Krumina) #12454
- 72c8f77: wgengine/netstack: add test for tailscale#12448 (Andrew Dunham) #12458
- 6908fb0: ipn/localapi,client/tailscale,cmd/derper: add WhoIs lookup by nodekey, use in derper (Brad Fitzpatrick) #12466
- 65888d9: derp/xdp,cmd/xdpderper: initial skeleton (tailscale#12390) (Jordan Whited) #12390
- update PeerAPIDNS Port value documentation #12271 (James Tucker)
- 9189fe0: cmd/stunc: support user-specified port (tailscale#12469) (Jordan Whited) #12469
- bd2a6d5: util/winutil: add UserProfile type for (un)loading user profiles (Aaron Klotz) #12428
- e8ca30a: xcode/iOS: support serial number collection via MDM on iOS (tailscale#11429) (Andrea Gottardo) #11429
- begin work to use structured health warnings instead of strings, pipe changes into ipn.Notify (tailscale#12406) #12406 (Andrea Gottardo)
- 7354547: util/winutil: update UserProfile to ensure any environment variables in the roaming profile path are expanded (Aaron Klotz) #12471
- create a catch-all NRPT rule when "Override local DNS" is enabled on Windows #12426 (Nick Khyl)
- fix data race in new warnable code #12481 (Brad Fitzpatrick)
- e2c0d69: wgengine/filter: add filter benchmark (Brad Fitzpatrick) #12490
- 21ed31e: wgengine/filter: use NewContainsIPFunc for Srcs matches (Brad Fitzpatrick) #12488
- 7574f58: wgengine/filter: add more benchmarks, make names more explicit (Brad Fitzpatrick) #12493
- 491483d: cmd/viewer,type/views: add MapSlice for maps of slices (Maisem Ali) #12492
- 64ac64f: net/tsaddr: use bart in NewContainsIPFunc, add tests, benchmarks (Brad Fitzpatrick) #12487
- 10e8a2a: wgengine/filter: fix copy/pasteo in new benchmark's v6 CIDR (Brad Fitzpatrick) #12496
- d4220a7: wgengine/filter: add TCP non-SYN benchmarks (Brad Fitzpatrick) #12497
- 36b1b4a: wgengine/filter: split local+logging lookups by IPv4-vs-IPv6 (Brad Fitzpatrick) #12491
- 86e0f9b: net/ipset, wgengine/filter/filtertype: add split-out packages (Brad Fitzpatrick) #12499
- bf2d13c: net/ipset: return all closures from named wrappers (Brad Fitzpatrick) #12500
- 20a5f93: wgengine/filter: add UDP flow benchmark (Brad Fitzpatrick) #12502
- 1f6645b: net/ipset: skip the loop over Prefixes when there's only one (Brad Fitzpatrick) #12503
- a1ab7f7: client/tailscale: add NodeID to device (Kristoffer Dalby) #12506
- allow switching from unstable to stable tracks (tailscale#12477) #12477 (Andrew Lytvynov)
- 674c998: cmd/tailscale/cli: do not allow update --version on macOS (tailscale#12508) (Andrew Lytvynov) #12508
- 8cc2738: cmd/{containerboot,k8s-operator}: store proxy device ID early to help with cleanup for broken proxies (tailscale#12425) (Irbe Krumina) #12425
- 315f3d5: derp/xdp: fix handling of zero value UDP checksums (tailscale#12510) (Jordan Whited) #12510
- 2db2d04: types/logid: add Add method (tailscale#12478) (Joe Tsai) #12478
- add a verifyClients check to the consistency check #12515 (James Tucker)
- update Windows hostinfo to include MSIDist registry value #12523 (Aaron Klotz)
- 45d2f43: proxymap, various: distinguish between different protocols (Andrew Dunham) #12385
- 3099323: cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (tailscale#12463) (Tom Proctor) #12463
- bfb775c: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #11777
- bd93c30: wgengine/filter/filtertype: make Match.IPProto a view (Brad Fitzpatrick) #12526
- expose DependsOn to local API via UnhealthyState (tailscale#12513) #12513 (Andrea Gottardo)
- a93173b: cmd/xdpderper,derp/xdp: implement mode that drops STUN packets (tailscale#12527) (Jordan Whited) #12527
- 8eb15d3: cli/netcheck: fail with output if we time out fetching a derpmap (tailscale#12528) (Andrea Gottardo) #12528
- include DERP region name in bad derp notifications (tailscale#12530) #12530 (Andrea Gottardo)
- 9e0a5cc: net/flowtrack: optimize Tuple type for use as map key (Brad Fitzpatrick) #12507
- 162d593: net/flowtrack: fix, test String method (Brad Fitzpatrick) #12533
- 21460a5: tailcfg, wgengine/filter: remove most FilterRule.SrcBits code (Brad Fitzpatrick) #12529
- fix fmt verb for nodekeys #12539 (Brad Fitzpatrick)
- don't verify mesh peers when --verify-clients is set #12540 (Brad Fitzpatrick)
- fix nil DERPMap dereference panic #12535 (Andrea Gottardo)
- 1023b2a: util/deephash: fix test regression on 32-bit (Brad Fitzpatrick) #12544
- 0004827: control/controlhttp: add health warning for macOS filtering blocking Tailscale (tailscale#12546) (Brad Fitzpatrick) #12546
- 732605f: control/controlclient: move noiseConn to internal package (Andrew Dunham) #12550
- 24976b5: cmd/tailscale/cli: actually perform Noise request in 'debug ts2021' (Andrew Dunham) #12550
- 730f036: ssh/tailssh: replace incubator process with su instead of running su as child (Percy Wegmann) #12470
- bd50a34: wgengine/filter: add "Accept" TCP log lines to verbose logging (tailscale#12525) (Keli) #12525
- fd3efd9: control/controlclient: add more Screen Time blocking detection (Brad Fitzpatrick) #12556
- 07063bc: ssh/tailssh: fix integration test (tailscale#12562) (Irbe Krumina) #12562
- 5ec01bf: wgengine/filter: support FilterRules matching on srcIP node caps [capver 100] (Brad Fitzpatrick) #12543
- dcb0f18: cmd/proxy-to-grafana: add flag for alternative control server (Kristoffer Dalby) #12570
- 0d6e71d: cmd/stunstamp: add explicit metric to track timeout events (tailscale#12564) (Jordan Whited) #12564
- d7a4f9d: net/dns: ensure multiple hosts with the same IP address are combined into a single HostEntry (Aaron Klotz) #12576
- add PeerPresentFlags bitmask to Watch messages #12582 (Brad Fitzpatrick)
- 91786ff: cmd/derper: add debug endpoint to adjust mutex profiling rate (Brad Fitzpatrick) #12587
- update license notices (tailscale#12414) #12414 (tailscale-license-updater[bot])
- 7dd76c3: net/netns: add Windows support for bind-to-interface-by-route (Aaron Klotz) #12552
- 200d921: types/lazy: add Peek method to SyncValue (Andrew Dunham) #12589
- account for increased size of peerPresent messages in mesh updates #12592 (Brad Fitzpatrick)
- redo, simplify how mesh update writes are queued/written #12597 (Brad Fitzpatrick)
- 24a40f5: util/linuxfw: verify that IPv6 if available if (tailscale#12598) (Irbe Krumina) #12598
- don't schedule advertisement of 0 routes #12594 (Fran Bull)
- make RunConnectionLoop funcs take Messages, support PeerPresentFlags #12603 (Brad Fitzpatrick)
- 94415e8: cmd/stunstamp: remove sqlite DB and API (tailscale#12604) (Jordan Whited) #12604
- d5e692f: ipn/ipnlocal: check operator user via osuser package (Brad Fitzpatrick) #12602
- 27033c6: net/dns: recheck DNS config on SERVFAIL errors (tailscale#12547) (Jonathan Nobels) #12547
- a475c43: net/dns/resolver: fix test failure (Andrew Dunham) #12610
- 8161024: wgengine/magicsock: always set home DERP if no control conn (Andrew Dunham) #12608
- 53a5d00: net/dns: ensure /etc/resolv.conf is world-readable even with a umask (Andrew Dunham) #12611
- da078b4: util/winutil: add package for logging into Windows via Service-for-User (S4U) (Aaron Klotz) #12474
- 30f8d81: ipn/ipnlocal: fix data race in tests (Andrew Dunham) #12612
- add warming-up warnable (tailscale#12553) #12553 (Andrea Gottardo)
- accept a function to call before request handling #12600 (Anton Tolchanov)
- 7525417: ipn/ipnlocal: don't bind localListener if its context is canceled (tailscale#12621) (Naman Sood) #12621
- a6b13e6: cmd/tailscale/cli: correct command emitted by exit node suggestion (Adrian Dewhurst) #12619
- 8487fd2: wgengine/magicsock: add more DERP home clientmetrics (Andrew Dunham) #12624
- 5f17709: util/winutil: ensure domain controller address is used when retrieving remote profile information (Aaron Klotz) #12628
- b292f7f: util/winutil/s4u: fix incorrect token type specified in s4u Login (Aaron Klotz) #12630
- 9766f0e: net/dns: move mutex before the field it guards (Brad Fitzpatrick) #12606
- 46fda6b: cmd/derper: add some DERP diagnostics pointers (James Tucker) #12459
- b3f9184: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12605
- 6b801a8: cmd/derper: link to various derper docs in more places (Brad Fitzpatrick) #12633
- 210264f: cmd/derper: clarify that derper and tailscaled need to be in sync (Brad Fitzpatrick) #12632
- 1d6ab9f: cmd/serve: don't convert localhost to 127.0.0.1 (Josh McKinney) #12200
- do not log an error on shutdown #12636 (Anton Tolchanov)
- 2064dc2: health,ipn/ipnlocal: hide update warning when auto-updates are enabled (tailscale#12631) (Andrew Lytvynov) #12631
- 0bb8256: go.mod: update wireguard-go (tailscale#12645) (Jordan Whited) #12645
- 8f75889: ipn/ipnlocal: fix nil pointer dereference and add related test (Adrian Dewhurst) #12648
- test SigCredential signatures and netmap filtering #12638 (Anton Tolchanov)
- 781f794: ipn/ipnlocal: allow multiple signature chains from the same SigCredential (Anton Tolchanov) #12638
- b565a9f: cmd/xdpderper: add autodetection for default interface name (James Tucker) #12650
- 114d1ca: derp/xdp: retain the link so that the fd is not closed (James Tucker) #12659
- 8965e87: ipn/ipnlocal: handle auto value for ExitNodeID syspolicy (tailscale#12512) (Claire Wang) #12512
- d15250a: go.{mod,sum}: bump mkctr (tailscale#12654) (Tom Proctor) #12654
- bump CurrentCapabilityVersion to capture SSH agent forwarding fix #12675 (Percy Wegmann)
- update license notices #12671 (License Updater)
- b56058d: tool/gocross: fix regression detecting when gocross needs rebuild (Brad Fitzpatrick) #12678
- ddf94a7: cmd/stunstamp: fix handling of invalid DERP map resp (tailscale#12679) (Jordan Whited) #12679
- da32468: version/mkversion: allow env config of oss git cache dir (Brad Fitzpatrick) #12680
- 0129336: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12646
- 4e5ef5b: net/dns: fix broken dns benchmark tests (tailscale#12686) (Jonathan Nobels) #12686
- 458decd: go.toolchain.rev: update to Go 1.22.5 (tailscale#12690) (Andrew Lytvynov) #12690
- reduce severity of some warnings, improve update messages (tailscale#12689) #12689 (Andrea Gottardo)
- don't refresh the pacman repository on Arch (tailscale#12194) #12194 (Chris Palmer)
- 42f01af: cmd/tailscale/cli: exit node filter should display all exit node options (tailscale#12699) (Charlotte Brandhorst-Satzkorn) #12699
- send ImpactsConnectivity value over LocalAPI (tailscale#12700) #12700 (Andrea Gottardo)
- 01a7726: cmd/containerboot,cmd/k8s-operator: enable IPv6 for fqdn egress proxies (tailscale#12577) (Tom Proctor) #12577
- c4b20c5: go.mod: bump github.com/tailscale/wireguard-go (Brad Fitzpatrick) #12714
- e181f12: util/winutil/s4u: fix some doc comments in the s4u package (Aaron Klotz) #12717
- 9df107f: wgengine/magicsock: use derp-region-as-magic-AddrPort hack in fewer places (Brad Fitzpatrick) #12722
- d2fef01: control/controlknobs,tailcfg,wgengine/magicsock: remove DRPO shutoff switch (Brad Fitzpatrick) #12723
- 42dac7c: wgengine/magicsock: add debug envknob for injecting an endpoint (Brad Fitzpatrick) #12735
- c8fe9f0: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12716
- update license notices #12737 (License Updater)
- 2b638f5: cmd/k8s-operator: add depaware.txt (Maisem Ali) #12743
- ba517ab: cmd/k8s-operator,ssh/tailssh,tsnet: optionally record 'kubectl exec' sessions via Kubernetes operator's API server proxy (tailscale#12274) (Irbe Krumina) #12274
- 5576972: client/tailscale: use safesocket.ConnectContext (Maisem Ali) #12744
- e21d876: types/opt: add generic Value[T any] for optional values of any types (Nick Khyl) #12739
- return true for CanAutoUpdate for macsys (tailscale#12746) #12746 (Andrew Lytvynov)
- 7b1c764: ipn/ipnlocal: gate systemd-run flags on systemd version (tailscale#12747) (Andrew Lytvynov) #12747
- 8bd442b: util/winutil/gp, net/dns: add package for Group Policy API (Nick Khyl) #12688
- 2238ca8: go.mod: bump bart (Maisem Ali) #12748
- 726d5d5: cmd/k8s-operator: update depaware.txt (Nick Khyl) #12750
- propagate DERPMap request creation errors #12740 (Anton Tolchanov)
- 6a982fa: cmd/k8s-operator: send container name to session recorder (tailscale#12763) (Irbe Krumina) #12763
- 986d60a: cmd/k8s-operator: add metrics for attempted/uploaded session recordings (tailscale#12765) (Irbe Krumina) #12765
- add generic Pool (tailscale#12759) #12759 (Joe Tsai)
- add test for package comments, fix, add comments as needed #12769 (Brad Fitzpatrick)
- b546a6e: wgengine/magicsock: allow a CSV list for pretendpoint (Lee Briggs) #12768
- add network hardware addresses to posture identity #12704 (Anton Tolchanov)
- add note that API docs have moved to existing docs files (tailscale#12770) #12770 (Mario Minardi)
- 8d7b78f: net/dns/publicdns: remove additional information in DOH URL passed to IPv6 address generation for controlD. (KevinLiang10) #12773
- support delayed Warnable visibility (tailscale#12783) #12783 (Andrea Gottardo)
- fc28c8e: cmd/cloner, cmd/viewer, util/codegen: add support for generic types and interfaces (Nick Khyl) #12738
- add Map.WithLock to allow mutations to the underlying map (tailscale#8101) #8101 (Joe Tsai)
- 49bf63c: ipn/ipnlocal: check for offline auto exit node in SetControlClientStatus (tailscale#12772) (Claire Wang) #12772
- 808b413: wgengine/magicsock: use wireguard-go/conn.PeerAwareEndpoint (Brad Fitzpatrick) #12751
- drop unnecessary logging in TestSetUnhealthyWithTimeToVisible (tailscale#12795) #12795 (Andrea Gottardo)
- f0b9d3f: net/tstun: fix docstring for Wrapper.SetWGConfig (tailscale#12796) (Jordan Whited) #12796
- close idle HTTP connections on shutdown #12797 (Anton Tolchanov)
- 9609b26: cmd/tailscale: resolve taildrive share paths (Linus Brogan) #12791
- 5d61d1c: log/sockstatlog: don't block for more than 5s on shutdown (Anton Tolchanov) #12798
- track metrics for route info storing #12790 (Fran Bull)
- fd0acc4: cmd/cloner, cmd/viewer: add _test prefix for files generated with the test build tag (Nick Khyl) #12799
- add stack trace to panic error msg #12785 (Paul Scott)
- allow FQDN in exit node selection #12819 (Adrian Dewhurst)
- fix TestStdHandler_panic flake #12818 (Paul Scott)
- fc074a6: client/tailscale: add the nodeAttrs section (Anton Tolchanov) #12815
- update license notices #12817 (License Updater)
- 8882c6b: ipn/ipnlocal: wait for DERP before auto exit node migration (Adrian Dewhurst) #12820
- log once per request #12141 (Paul Scott)
- 2742153: cmd/k8s-operator: add a metric to track the amount of ProxyClass resources (tailscale#12833) (Irbe Krumina) #12833
- d601f16: VERSION.txt: this is v1.70.0 (Aaron Klotz)
- 879b4cf: illumos/solaris support rebased onto 1.70.0 (Nahum Shalman)
- 2cb96d2: build tailscale client (Kevin Meziere)
- fixups for 1.70 (Nahum Shalman)
- update go modules (Nahum Shalman)