v1.76.3-sunos
·
176 commits
to sunos-1.78
since this release
Commits
- 3bee38d: VERSION.txt: this is v1.75.0 (tailscale#13454) (kari-ts) #13454
- add new concurrent server benchmark #13449 (Brad Fitzpatrick)
- add node attr for SSH environment variables (tailscale#13450) #13450 (Mario Minardi)
- afec2d4: wgengine/magicsock: remove redundant deadline from netcheck report call (tailscale#13395) (Jordan Whited) #13395
- 124ff3b: {api.md,publicapi}: remove old API docs (tailscale#13468) (Mario Minardi) #13468
- 40833a7: wgengine/magicsock: disable raw disco by default; add envknob to enable (Andrew Dunham) #13483
- f572286: gokrazy, various: use point versions of Go and update Nix deps (Andrew Dunham) #13485
- update license notices #13180 (License Updater)
- refactor DERP server's peer-gone watch mechanism #13477 (Brad Fitzpatrick)
- 4084c61: wgengine/magicsock: add side-effect-free function for netcheck UDP sends (tailscale#13487) (Jordan Whited) #13487
- 5f4a4c6: wgengine/magicsock: fix sendUDPStd docs (tailscale#13490) (Jordan Whited) #13490
- 8b962f2: cmd/natc: fix nil pointer (Fran Bull) #13496
- 951884b: net/netcheck,wgengine/magicsock: plumb OnlyTCP443 controlknob through netcheck (tailscale#13491) (Jordan Whited) #13491
- add a ListenAndServe method to the Server type (tailscale#13498) #13498 (M. J. Fromberger)
- 3a467b6: go/toolchain: use ed9dc37b2b000f376a3e819cbb159e2c17a2dac6 (tailscale#13507) (Andrea Gottardo) #13507
- af5a845: net/dns/resolver: fix dns-sd NXDOMAIN responses from quad-100 (James Tucker) #13512
- d0a56a8: cmd/containerboot: split main.go (tailscale#13517) (Tom Proctor) #13517
- 3e9ca6c: go.toolchain.rev: bump oss, test toolchain matches go.toolchain.rev (Brad Fitzpatrick) #13528
- dc86d35: types/views: add SliceView.All iterator (tailscale#13536) (Joe Tsai) #13536
- add AcceptEnv field to SSHRule (tailscale#13523) #13523 (Mario Minardi)
- 07991de: .github: pin actions/checkout to latest v3 or v4 as appropriate (tailscale#13551) (Mario Minardi) #13551
- 2c1bbfb: .github: pin actions/setup-go usage to latest 5.x (tailscale#13553) (Mario Minardi) #13553
- 22e98cf: .github: pin codeql actions to latest 3.x (tailscale#13552) (Mario Minardi) #13552
- a3f7e72: .github: use and pin slackapi/slack-github-action to latest 1.x (tailscale#13554) (Mario Minardi) #13554
- a8bd0cb: .github: update and pin actions/cache to latest 4.x (tailscale#13555) (Mario Minardi) #13555
- 04bbef0: .github: update and pin actions/upload-artifact to latest 4.x (tailscale#13556) (Mario Minardi) #13556
- 05d82fb: .github: pin re-actors/alls-green to latest 1.x (tailscale#13558) (Mario Minardi) #13558
- a98f75b: .github: Bump tibdex/github-app-token from 1.8.0 to 2.1.0 (tailscale#9529) (dependabot[bot]) #9529
- add
tailscale dns query(tailscale#13368) #13368 (Andrea Gottardo) - 43f4131: {release,version}: add DSM7.2 specific synology builds (tailscale#13405) (Mario Minardi) #13405
- 6f7e7a3: tool/gocross: make gocross-wrapper.sh keep multiple Go toolchains around (Brad Fitzpatrick) #13500
- document the RunWatchConnectionLoop callback gotchas #13567 (Brad Fitzpatrick)
- 0e0e53d: util/usermetrics: make usermetrics non-global (Kristoffer Dalby) #13550
- clean up updateBuiltinWarnablesLocked a bit, fix DERP warnings #13577 (Brad Fitzpatrick)
- 2fdbcbd: wgengine/magicsock: only used cached results for GetLastNetcheckReport (Adrian Dewhurst) #13584
- 65c2635: cmd/k8s-operator, k8s-operator: fix outdated kb links (tailscale#13585) (Cameron Stokes) #13585
- revert changes to MultiLabelMap's String method #13588 (Andrew Dunham)
- 9eb59c7: wgengine/magicsock: fix check for EPERM on macOS (James Tucker) #13587
- c90c993: ssh/tailssh: add logic for matching against AcceptEnv patterns (tailscale#13466) (Mario Minardi) #13466
- 3dc33a0: net/tsaddr: add WithoutExitRoutes and IsExitRoute (Kristoffer Dalby) #13569
- 0909431: cmd/tailscale: use tsaddr helpers (Kristoffer Dalby) #13569
- f03e82a: client/web: use tsaddr helpers (Kristoffer Dalby) #13569
- 7d1160d: {ipn,net,tsnet}: use tsaddr helpers (Kristoffer Dalby) #13569
- make opts.Metrics mandatory #13590 (Kristoffer Dalby)
- 69be54c: net/captivedetection: exclude ipsec interfaces from captive portal detection (tailscale#13598) (Andrea Gottardo) #13598
- 7ec8bdf: go.mod: upgrade golangci-lint (Andrew Dunham) #13603
- cab2e6e: cmd/k8s-operator,k8s-operator: add ProxyGroup CRD (tailscale#13591) (Tom Proctor) #13591
- 7783255: ipn/ipnlocal: add advertised and primary route metrics (Kristoffer Dalby) #13574
- c62b073: cmd/k8s-operator: remove auth key once proxy has logged in (tailscale#13612) (Irbe Krumina) #13612
- 096b090: cmd/containerboot,kube,util/linuxfw: configure kube egress proxies to route to 1+ tailnet targets (tailscale#13531) (Irbe Krumina) #13531
- fb0f8fc: cmd/tsidp: add --dir flag (Maisem Ali) #13592
- don't create a filch buffer if logging is disabled #13617 (Anton Tolchanov)
- dd6b808: .github: Bump peter-evans/create-pull-request from 7.0.1 to 7.0.5 (tailscale#13626) (dependabot[bot]) #13626
- Add logic to set accepted environment variables in SSH session (tailscale#13559) #13559 (Mario Minardi)
- d3f302d: cmd/tailscale/cli: make 'tailscale debug ts2021' try twice (Brad Fitzpatrick) #13638
- fd32f0d: control/controlhttp: factor out some code in prep for future change (Brad Fitzpatrick) #13638
- 1eaad7d: control/controlhttp: fix connectivity on Alaska Air wifi (Brad Fitzpatrick) #13599
- 16ef887: net/portmapper: don't return unspecified/local external IPs (Andrew Dunham) #13639
- 262c526: net/portmapper: don't treat 0.0.0.0 as a valid IP (Brad Fitzpatrick) #13641
- 992ee6d: .github: Bump github/codeql-action from 3.26.8 to 3.26.9 (tailscale#13625) (dependabot[bot]) #13625
- e66fe1f: docs/windows/policy: add ADMX policy setting to configure the AuthKey (Nick Khyl) #13642
- ed1ac79: net/captivedetection: set Timeout on net.Dialer (tailscale#13613) (Andrea Gottardo) #13613
- 30f0fa9: control/controlclient: bound ReportHealthChange context lifetime to Direct client's (Brad Fitzpatrick) #13652
- f49d218: net/dnscache: don't fall back to an IPv6 dial if we don't have IPv6 (Brad Fitzpatrick) #13644
- 6b03e18: control/controlhttp: rename a param from addr to optAddr for clarity (Brad Fitzpatrick) #13644
- a01b545: control/control{client,http}: don't noise dial localhost:443 in http-only tests (Brad Fitzpatrick) #13644
- 6de6ab0: net/dns: tweak DoH timeout, limit MaxConnsPerHost, require TLS 1.3 (tailscale#13564) (Andrea Gottardo) #13564
- add the start of a testing wishlist #13663 (Brad Fitzpatrick)
- d837e02: wf/firewall: allow link-local multicast for permitted local routes when the killswitch is on on Windows (Nick Khyl) #13661
- 383120c: ipn/ipnlocal: don't run portlist code unless service collection is on (Brad Fitzpatrick) #13665
- add func to check for known valid ServiceProtos (tailscale#13668) #13668 (Naman Sood)
- 6f694da: wgengine/magicsock: avoid log spam from ReceiveFunc on shutdown (Brad Fitzpatrick) #13667
- 1f8eea5: control/controlclient: include HTTP status string in error message too (Brad Fitzpatrick) #13674
- 5f88b65: wgengine/netstack: check userspace ping success on Windows (Brad Fitzpatrick) #13655
- force TLS 1.3 handshake #13657 (Andrea Gottardo)
- dc60c8d: ssh/tailssh: pass window size pixels in IoctlSetWinsize events (Brad Fitzpatrick) #13675
- add StrictTransportSecurityOptions config (tailscale#13679) #13679 (Patrick O'Doherty)
- 9bd158c: cmd/containerboot,util/linuxfw: create a SNAT rule for dst/src only once, clean up if needed (tailscale#13658) (Irbe Krumina) #13658
- e8bb5d1: cmd/{k8s-operator,containerboot},k8s-operator,kube: reconcile ExternalName Services for ProxyGroup (tailscale#13635) (Irbe Krumina) #13635
- f30d853: cmd/tailscale/cli: don't print disablement secrets if init fails (tailscale#13673) (Erisa A) #13673
- update SetPackage doc with new Android values (tailscale#13537) #13537 (kari-ts)
- allow passing http.Server in safeweb.Config (tailscale#13688) #13688 (Patrick O'Doherty)
- support disk-based envknobs on the macsys build #13690 (Andrew Dunham)
- stop conntrack log spam about Canonical net probes #13694 (Brad Fitzpatrick)
- panic if tailscale_go build tag but Go toolchain mismatch #13702 (Brad Fitzpatrick)
- e48cddf: cmd/{containerboot,k8s-operator},k8s-operator,kube: add ProxyGroup controller (tailscale#13684) (Tom Proctor) #13684
- cb10edd: tool/gocross: fix argument order to find (Brad Fitzpatrick) #13713
- c588c36: types/key: use tlpub: in error message (tailscale#13707) (Erisa A) #13707
- add server metric for batch write sizes #13693 (Brad Fitzpatrick)
- 7f016ba: cmd/k8s-operator,k8s-operator: create ConfigMap for egress services + small fixes for egress services (tailscale#13715) (Irbe Krumina) #13715
- fix omitted word in comment #13716 (Brad Fitzpatrick)
- 9a73462: types/lazy: add DeferredInit type (Nick Hill) #13712
- 266c14d: .github: Bump actions/cache from 4.0.2 to 4.1.0 (tailscale#13711) (dependabot[bot]) #13711
- 866714a: .github: Bump github/codeql-action from 3.26.9 to 3.26.11 (tailscale#13710) (dependabot[bot]) #13710
- cba2e76: cmd/containerboot: simplify k8s setup logic (tailscale#13627) (Tom Proctor) #13627
- 36cb2e4: cmd/k8s-operator,k8s-operator: use default ProxyClass if set for ProxyGroup (tailscale#13720) (Tom Proctor) #13720
- 8ee7f82: net/netcheck: don't panic if a region has no Nodes (Andrew Dunham) #13729
- 861dc36: cmd/{k8s-operator,containerboot},kube/egressservices: fix Pod IP check for dual stack clusters (tailscale#13721) (Irbe Krumina) #13721
- 841eaac: net/sockstats: quiet some log spam in release builds (Brad Fitzpatrick) #13733
- 83efade: kube/egressservices: improve egress ports config readability (tailscale#13722) (Tom Proctor) #13722
- 07c157e: cmd/k8s-operator: base ProxyGroup StatefulSet on common proxy.yaml definition (tailscale#13714) (Tom Proctor) #13714
- 29cf59a: util/syspolicy/setting: update Snapshot to use Go 1.23 iterators (Nick Khyl) #13732
- da40609: util/syspolicy, ipn: add "tailscale debug component-logs" support (Nick Khyl) #13735
- 60011e7: cmd/k8s-operator: fix Pod IP selection (tailscale#13743) (Irbe Krumina) #13743
- f6d4d03: cmd/k8s-operator: don't error out if ProxyClass for ProxyGroup not found. (tailscale#13736) (Irbe Krumina) #13736
- 94c7965: types/views: add iterators to the three Map view types (Brad Fitzpatrick) #13747
- 89ee6bb: cmd/k8s-operator,k8s-operator/apis: set a readiness condition on egress Services for ProxyGroup (tailscale#13746) (Irbe Krumina) #13746
- add iterators to Map (tailscale#13739) #13739 (Joe Tsai)
- 2cadb80: util/vizerror: add WrapWithMessage (Percy Wegmann) #13752
- delete Map.Range, update callers to iterators #13756 (Brad Fitzpatrick)
- allocate map with Map.WithLock (tailscale#13755) #13755 (Joe Tsai)
- fix defer in loop (tailscale#13757) #13757 (Joe Tsai)
- 367fba8: control/controlhttp: don't link ts2021 server + websocket code on iOS (Brad Fitzpatrick) #13763
- don't depend on go-ps on iOS #13759 (Brad Fitzpatrick)
- 2531065: clientupdate, ipn/localapi: don't use google/uuid, thin iOS deps (Brad Fitzpatrick) #13761
- db1519c: k8s-operator/apis: revert ProxyGroup readiness cond name change (tailscale#13770) (Irbe Krumina) #13770
- don't link distsign on platforms that don't download #13767 (Brad Fitzpatrick)
- fix panic caused by logging after test finishes #13758 (Andrew Dunham)
- 5089806: ipn/conffile: don't depend on hujson on iOS/Android (Brad Fitzpatrick) #13774
- 51fb4ce: VERSION.txt: this is v1.76.0 (Jonathan Nobels)
- b6852d5: ssh/tailssh: calculate passthrough environment at latest possible stage (Percy Wegmann)
- f4d76fb: net/netcheck: fix netcheck cli-triggered nil pointer deref (tailscale#13782) (tailscale#13795) (Jordan Whited) #13795
- 78c8f7e: net/dns/resolver: forward SERVFAIL responses over PeerDNS (Nick Khyl) #13827
- 24929f6: VERSION.txt: this is v1.76.1 (Andrea Gottardo)
- 088d785: VERSION.txt: this is v1.76.2 (Andrea Gottardo)
- 02acaa0: VERSION.txt: this is v1.76.3 (Nick Khyl)
- 5ca3785: illumos/solaris support rebased onto 1.76.3 (Nahum Shalman)
- 627c808: build tailscale client (Kevin Meziere)