v1.48.1-sunos

Commits

• parse /etc/synoinfo.conf to get CPU arch (tailscale#8940) (tailscale#8950) #8950 (Andrew Lytvynov)
• 7286226: 1.48 cherry-picks for nftables (tailscale#8989) (Andrew Lytvynov) #8989
• bd914d5: net/portmapper: never select port 0 in UPnP (tailscale#8996) (Andrew Lytvynov) #8996
• 0e9f04c: VERSION.txt: this is v1.48.1 (Andrew Lytvynov)
• 0ae65c2: Merge tag 'v1.48.1' into sunos-1.48 (Nahum Shalman)

v1.48.0-sunos

Commits

• 486ab42: VERSION.txt: this is v1.47.0 (tailscale#8654) (Andrea Gottardo) #66,#8654
• guard against key-length panics when verifying signatures #66,#8653 (Tom DNetto)
• 3f6b0d8: cmd/tailscale/cli: make tailscale update query softwareupdate (tailscale#8641) (Chris Palmer) #66,#8641
• efd6d90: cmd/tailscale/cli: implement update for arch-based distros (tailscale#8655) (Andrew Lytvynov) #66,#8655
• 388b124: net/dns: detect when libnss_resolve is used (Anton Tolchanov) #8640
• 3c53bed: cmd/tailscale/cli: limit Darwin-only option to Darwin (tailscale#8657) (Chris Palmer) #8657
• 32d486e: cmd/tailscale/cli: ensure custom UsageFunc is always set (tailscale#8665) (Chris Palmer) #8665
• 7560435: tstest/deptest: add test-only package to unify negative dep tests (Brad Fitzpatrick) #8668
• 88cc0ad: util/linuxfw: remove yet-unused code to fix linux/arm64 crash (Brad Fitzpatrick) #8668
• ignore io.EOF from sftp.Server.Serve #8670 (Joe Tsai)
• use tstime (tailscale#8607) #8607 (Claire Wang)
• 907c56c: api.md: add documentation to API endpoint about SCIM group warnings (Jenny Zhang) #8676
• deprecate Debug, flesh out Node.DERP docs #8681 (Brad Fitzpatrick)
• 453620d: go.toolchain.rev: bump Go version (Brad Fitzpatrick) #8685
• 2a6c237: net/dns: overwrite /tmp/resolv.conf on gokrazy (Michael Stapelberg) #8688
• add UserProfile.Groups #8693 (Brad Fitzpatrick)
• 894b237: cmd/tailscale/cli: implement update for dnf/yum-based distros (tailscale#8678) (Andrew Lytvynov) #8678
• update tailscale{,d} licenses #8610 (License Updater)
• 45b5d09: net/art: fix running tests outside of CI (David Anderson) #8611
• 486195e: net/art: make each strideTable track the IP prefix it represents (David Anderson) #8611
• fcf4d04: net/art: implement path compression optimization (David Anderson) #8611
• ac657ca: net/art: add debug hooks to strideTable (David Anderson) #8611
• 9cc3f7a: net/art: fix format of debug output (David Anderson) #8611
• b145a22: net/art: add more exhaustive table testing (David Anderson) #8611
• aaca911: net/art: add another consistency test for insert/delete (David Anderson) #8611
• 1e6f0bb: net/art: fix slowPrefixTable bugs found by fuzzing (David Anderson) #8611
• 736a442: net/art: fix comment typo (David Anderson) #8611
• de5c6ed: net/art: document valid values of strideTable.prefix (David Anderson) #8611
• 8478358: net/art: use "index", not "idx" in function names (David Anderson) #8611
• b242e2c: net/art: reword confusing function docstring (David Anderson) #8611
• b76d8a8: net/art: document return value of strideTable.delete (David Anderson) #8611
• 125b982: net/art: make Table.Get alloc-free (David Anderson) #8611
• 44ad7b3: net/art: factor out picking the right strideTable for addr family (David Anderson) #8611
• f1cd674: net/art: move slice closer to its use (David Anderson) #8611
• 4f14ed2: net/art: use encoding/binary for address bit twiddling (David Anderson) #8611
• 6afffec: net/art: use more intelligible, go-ish state tracking in table.Get (David Anderson) #8611
• 306deea: cmd/tailscale/cli,version/distro: update support for Alpine (tailscale#8701) (Andrew Lytvynov) #8701
• 1ecc16d: tailcfg,ipn/ipnlocal,wgengine: add values to PeerCapabilities (Maisem Ali) #8709
• 9edb848: cmd/tailscale/cli: implement update on FreeBSD (tailscale#8710) (Andrew Lytvynov) #8710
• c2831f6: wgengine/magicsock: delete unused stuff (David Anderson) #8716
• f7016d8: wgengine/magicsock: factor out endpoint into its own file (David Anderson) #8717
• cde37f5: wgengine/magicsock: factor out peerMap into separate file (David Anderson) #8718
• move disco pcap helper to disco package #8718 (David Anderson)
• 8477735: wgengine/magicsock: factor out more separable parts (David Anderson) #8721
• 9d89e85: wgengine/magicsock: document mysterious-looking assignment (David Anderson) #8722
• introduce exit-node subcommand to list and filter exit nodes #8617 (Charlotte Brandhorst-Satzkorn)
• aa37be7: api.md: update device authorize API docs to allow for deauth (tailscale#8728) (tinku-tailscale) #8728
• c1ecae1: ipn/{ipnlocal,localapi}: actually renew certs before expiry (tailscale#8731) (Andrew Lytvynov) #8731
• use tstime (tailscale#8597) #8597 (Claire Wang)
• use tstime (tailscale#8634) #8634 (Claire Wang)
• update exp/slices and fix call sites #8740 (David Anderson)
• 6114247: types/logid: add a Compare method (David Anderson) #8742
• update tailscale{,d} licenses #8741 (License Updater)
• 68f8e56: wgengine/magicsock: remove dead code (tailscale#8745) (salman aljammaz) #8745
• add helper to unmarshal PeerCap values #8747 (Maisem Ali)
• 5ebb271: derp/derphttp: add optional Client.BaseContext hook (Brad Fitzpatrick) #8752
• ed46442: client/tailscale/apitype: document never-nil property of WhoIsResponse (David Anderson) #8758
• eef15b4: cmd/dist,release/dist: sign release tarballs with an ECDSA key (tailscale#8759) (Andrew Lytvynov) #8759
• ec9213a: cmd/sniproxy: add client metrics (Denton Gentry) #8755
• 7adf15f: cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support (Aaron Klotz) #8285
• implement lock revoke-keys command #8644 (Tom DNetto)
• update tailscale{,d} licenses #8764 (License Updater)
• 66e46bf: ipnlocal, net/*: deprecate interfaces.GetState, use netmon more for it (Brad Fitzpatrick) #8765
• add CapabilityHTTPS const...

v1.46.1-sunos

Commits

• 6d28281: illumos/solaris support rebased onto 1.46.0 (Nahum Shalman)
• mitigation for odd bug (Nahum Shalman)
• 1670183: tstest/deptest: add test-only package to unify negative dep tests (Brad Fitzpatrick) #8674
• 0e950af: util/linuxfw: remove yet-unused code to fix linux/arm64 crash (Brad Fitzpatrick) #8674
• ignore io.EOF from sftp.Server.Serve #8674 (Joe Tsai)
• guard against key-length panics when verifying signatures (Tom DNetto)
• 2d3223f: VERSION.txt: this is v1.46.1 (Andrea Gottardo)
• 7c62ea7: Merge tag 'v1.46.1' into sunos-1.46 (Nahum Shalman)

v1.46.0-sunos

Commits

• 30d9201: VERSION.txt: this is v1.45.0 (Charlotte Brandhorst-Satzkorn) #8400
• d4de60c: .github: Bump actions/checkout from 1 to 3 (dependabot[bot]) #8379
• 61886e0: ssh/tailssh: fix double race condition with non-pty command (tailscale#8405) (Joe Tsai) #8405
• 8b80d63: wgengine/magicsock: clarify a log message is a warning, not an error (Brad Fitzpatrick) #8411
• fbacc0b: go.toolchain: switch to tailscale.go1.21 (tailscale#8415) (phirework) #8415
• 7c1068b: util/goroutines: let ScrubbedGoroutineDump get only current stack (Brad Fitzpatrick) #8426
• 4a58b1c: release/dist/synology: remove 'version' field from ui/config (David Anderson) #8233
• bfe5623: tool/gocross: make gocross behave with pre-release Go toolchains (David Anderson) #8428
• 2a9817d: api.md: add info for key description (tailscale#8429) (phirework) #8429
• add location field to hostinfo #8360 (Charlotte Brandhorst-Satzkorn)
• ovuliferous was a bit too much, but... #8432 (Brad Fitzpatrick)
• add ShardedMap type #8439 (Brad Fitzpatrick)
• c11af12: .github: actually run tests in CI (Maisem Ali) #8440
• make lxcfs container check more specific #8445 (Anton Tolchanov)
• 8e84048: cmd/testwrapper: only retry flaky failed tests (Maisem Ali) #7287
• expose field to configure Wireguard port #8447 (Tom DNetto)
• 77f5679: types/key: add test for NodePublic.Shard (Brad Fitzpatrick) #8443
• e263761: ipn/ipnlocal: validate ping type (tailscale#8458) (valscale) #8458
• adjust case of "IPv4" and "IPv6" #8456 (Brad Fitzpatrick)
• 832f102: net/netutil: parse IP forwarding val as int, not bool (tailscale#8455) (Ross Zurowski) #8455
• update location docs #8461 (Charlotte Brandhorst-Satzkorn)
• 243ce6c: util/linuxfw: decoupling IPTables logic from linux router (KevinLiang10) #8362
• d9eca20: net/tcpinfo: add package to allow fetching TCP information (Andrew Dunham) #8414
• use new net/tcpinfo package #8414 (Andrew Dunham)
• add ShardedMap.Mutate #8471 (Brad Fitzpatrick)
• update win/apple licenses #8449 (License Updater)
• update android licenses #8369 (License Updater)
• b0a984d: util/lru: add a package for a typed LRU cache (Brad Fitzpatrick) #8473
• 97ee0bc: cmd/tailscale: improve error message when signing without a tailnet lock key (Tom DNetto) #8465
• 12a2221: cmd/testwrapper/flakytest: clearly describe why TestFlakeRun fails (Maisem Ali) #8475
• do not panic when a panic logs #8478 (Maisem Ali)
• e42be5a: tstime/mono: fix Time.Unmarshal (tailscale#8480) (Joe Tsai) #8480
• 2e19790: types/views: add JSON marshal/unmarshal and AsMap to Map (Maisem Ali) #8488
• 79ee6d6: tsweb/varz: use default metrics.LabelMap.Label on serialization (Brad Fitzpatrick) #8500
• 2e4e7d6: cmd/testwrapper: output packages tested (Maisem Ali) #8501
• 1ca5dcc: cmd/testwrapper: stream output results (Maisem Ali) #8504
• 6ebd87c: util/linuxfw: add new arch build constraints (KevinLiang10) #8503
• add TestLoopbackSOCKS5 as flaky test #8503 (KevinLiang10)
• 0a86705: release/dist: add helper to build Go binaries with custom tags (David Anderson) #8513
• add LabelMap.GetIncrFunc #8514 (Brad Fitzpatrick)
• 0c427f2: docs/k8s: don't call kubectl directly from Makefile (David Wolever) #8512
• cb53846: tempfork/heap: add copy of Go's container/heap but using generics (Brad Fitzpatrick) #8537
• ack Miles Prower (tailscale#8479) #8479 (Claire Wang)
• fd8c8a3: client/tailscale: add API for verifying network lock signing deeplink (Aaron Klotz) #8540
• prepare for Clock API changes #8542 (Adrian Dewhurst)
• fix tvOS network extension bundle identifier (tailscale#8545) #8545 (Andrea Gottardo)
• 92fb80d: tstest, tstime: mockable timers and tickers (Adrian Dewhurst) #8464
• 9d1a3a9: control/controlclient: use ctx passed down to NoiseClient.getConn (Maisem Ali) #8552
• 339397a: wgengine/magicsock: remove noV4/noV6 check in addrForSendWireGuardLocked (Charlotte Brandhorst-Satzkorn) #8541
• mark TestLoopbackLocalAPI as flakey #8558 (Charlotte Brandhorst-Satzkorn)
• 7b1c3df: tailcfg,etc: remove unused tailcfg.Node.KeepAlive field (Brad Fitzpatrick) #8559
• add json omitempty to DNSConfig.ExitNodeFilteredSet #8561 (Brad Fitzpatrick)
• a7648a6: net/dnsfallback: run recursive resolver and compare results (Andrew Dunham) #8335
• 8c0572e: go.mod: bump wireguard-go (Adrian Dewhurst) #8575
• cd313e4: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #8576
• 60ab808: logpolicy, various: allow overriding log function (Andrew Dunham) #8574
• rename CapTailnetLockAlpha -> CapTailnetLock #8548 (Tom DNetto)
• fix race condition with sockstats label (tailscale#8578) #8578 (Joe Tsai)
• 8cda647: cmd/testwrapper: handle build failures (Maisem Ali) #8520
• 96d7af3: cmd/derper,tsweb: consistently add HTTP security headers (tailscale#8579) (Andrew Lytvynov) #8579
• update win/apple licenses #8582 (License Updater)
• update tailscale{,d} licenses #8577 ([License Updater](https://github.com/nshalman/tailscale...

v1.44.2-sunos

Commits

• a377e13: wgengine/magicsock: remove noV4/noV6 check in addrForSendWireGuardLocked (Charlotte Brandhorst-Satzkorn)
• mitigation for odd bug (Nahum Shalman)
• add notes about likely bug identity and fix (Nahum Shalman)
• fix hostname for custom http ports (Will Norris)
• dcac3ed: VERSION.txt: this is v1.44.2 (salman)
• cbf59e3: Merge tag 'v1.44.2' into sunos-1.44 (Nahum Shalman)

v1.44.0-sunos

Commits

• 3d180a1: VERSION.txt: this is v1.43.0 (Will Norris) #8197
• add Poller.IncludeLocalhost option #8172 (Marwan Sulaiman)
• provide authority StateID in NetworkLockStatus response (tailscale#8200) #8200 (Andrea Gottardo)
• cb94ddb: go.toolchain.rev: bump (Brad Fitzpatrick) #8211
• fix go vet complaint on copy of lock value in tailchonk_test.go (tailscale#8208) #8208 (valscale)
• c4fe9c5: go.toolchain.rev: bump, again (Brad Fitzpatrick) #8212
• c0b4a54: release/dist/cli: correctly handle absolute build outputs in manifest (David Anderson) #8213
• 399a807: wgengine/netstack: use ping6 on BSD platforms (Denton Gentry) #8227
• 32e0ba5: release/dist/synology: build synology packages with cmd/dist (David Anderson) #8218
• fc5b137: release/dist/synology: build hi3535 as armv5, not armv7 (David Anderson) #8234
• 525b9c8: .github: bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 (dependabot[bot]) #8092
• 6a156f6: client/tailscale: support deauthorizing a device (Anton Tolchanov) #8242
• 1a691ec: cmd/k8s-operator: update controller-runtime to v0.15 (Vince Prignano) #8169
• 88ee857: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #8247
• 2aa8299: cmd/tailscaled, util/winutil: log our registry keys during tailscaled startup (Aaron Klotz) #8140
• 9d09c82: ipn/ipnlocal: add more logging during profile migration (Andrew Dunham) #8252
• update win/apple licenses #8253 (License Updater)
• 07eacdf: ipn/ipnlocal: renew certificates based on lifetime (Andrew Dunham) #8258
• 67882ad: scripts/installer.sh: add BlendOS support. (Denton Gentry) #8265
• dc1d882: ipn/ipnlocal: [serve/funnel] add forwarded host and proto header (tailscale#8224) (Heiko Rothe) #8224
• 570cb01: ipn/localapi: require only read permission for WatchIPNBus (tailscale#7798) (Dominic Black) #7798
• remove misspelling of trex #8270 (DJRHails)
• 4321d1d: scripts/installer.sh: add sle-micro-rancher. (Denton Gentry) #8264
• update tailscale{,d} licenses #8248 (License Updater)
• 6554a0c: build_dist.sh: use $go consistently. (Denton Gentry) #8271
• 64f16f7: net/dnscache: use PreferGo on Windows. (Denton Gentry) #8263
• d3c8c3d: ssh/tailssh: Max Username Length 256 for linux (Derek Burdick) #8278
• add a synchronous Poll method #8275 (Marwan Sulaiman)
• document how to use Dir with multiple servers per process (tailscale#8286) #8286 (Xe Iaso)
• a353ae0: tool/gocross: handle TVOS_DEPLOYMENT_TARGET (tailscale#8292) (Andrea Gottardo) #8292
• remove async functionality #8280 (Marwan Sulaiman)
• detect tvOS by checking XPC_SERVICE_NAME (tailscale#8295) #8295 (Andrea Gottardo)
• 12f8c98: util/cmpx: add package with cmp-like things from future Go releases (Brad Fitzpatrick) #8298
• 699996a: go.toolchain.rev: upgrade to Go 1.20.5 (tailscale#8304) (phirework) #8304
• use cmpx.Or where it made sense #8305 (Brad Fitzpatrick)
• 2a9d46c: wgengine/magicsock: prefer private endpoints to public ones (Andrew Dunham) #8095
• 62130e6: util/slicesx: add Partition function (Andrew Dunham) #8309
• 2e0aa15: ssh/tailssh: add support for remote/reverse port forwarding (Maisem Ali) #8313
• f077b67: net/dns/recursive: add initial implementation of recursive DNS resolver (Andrew Dunham) #8115
• here comes trouble #8319 (Charlotte Brandhorst-Satzkorn)
• adjust some build tags for wasi #8321 (Brad Fitzpatrick)
• 167e154: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #8322
• 1543e23: net/tstun, tsnet: make happier on WASI (Brad Fitzpatrick) #8325
• 6172f95: .github: Bump golangci/golangci-lint-action from 3.4.0 to 3.6.0 (dependabot[bot]) #8327
• update tailscale{,d} licenses #8323 (License Updater)
• 5b11068: wgengine/netstack: increase maxInFlightConnectionAttempts (Denton Gentry) #8329
• fe95d81: ipn/ipnlocal,wgengine/netstack: move LocalBackend specifc serving logic to LocalBackend (Maisem Ali) #8311
• update win/apple licenses #8331 (License Updater)
• a076213: net/memnet: add optional Listener.NewConn config knob (Brad Fitzpatrick) #8332
• 4dda949: tailscale ping: note that -c can take 0 for infinity (Graham Christensen) #8333
• provide verify-deeplink local API endpoint (tailscale#8303) #8303 (Andrea Gottardo)
• 27a0f0a: Remove unused dependency from dockerfile (tailscale#8343) (Claire Wang) #8343
• 80692ed: .github/workflows: Add docker build check (tailscale#8345) (Claire Wang) #8345
• e1cdcf7: ipn/ipnlocal: add identity headers to HTTP serve proxy (Sonia Appasamy) #8297
• update win/apple licenses #8353 (License Updater)
• c783f28: tool/gocross: properly set simulator deployment target (tailscale#8355) (Nick O'Neill) #8355
• update android licenses #8368 (License Updater)
• 1302295: Dockerfile.base: install iputils (Maisem Ali) #8371
• b6d20e6: go.mod, net/dns/recursive: update github.com/miekg/dns (Andrew Dunham) #8382
• 909e9ea: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #8383
• add function for generating signing deeplinks (tailscale#8385) #8385 (Ross Zurowski)
• 2ae670e: ssh/tailssh: work around lack of scontext in SELinux (Maisem Ali) #8251
• allow monitoring of nodes marked as STUN only in default derpmap (tailscale#8391) #8391 ([valscale](https://github.com/n...

v1.42.0-sunos

Builds

• deps: bump github.com/docker/docker #7790 (dependabot[bot])

Commits

• 1145b97: VERSION.txt: this is v1.41.0 (Denton Gentry) #7988
• 161d1d2: net/ping,netcheck: add v6 pinging capabilities to pinger (tailscale#7971) (Charlotte Brandhorst-Satzkorn) #7971
• d78b334: cmd/derper: disable http2 (Kyle Carberry) #7701
• 8032b96: .github/workflows: add recency bias to action cache keys (James Tucker) #7980
• charlotte 1 spell-checking-linter 0 (tailscale#7993) #7993 (Charlotte Brandhorst-Satzkorn)
• add documentation to Map.Range #7996 (James Tucker)
• 633d08b: .github: Bump actions/setup-go from 3 to 4 (dependabot[bot]) #7954
• 042f82e: build_dist.sh: make cross-compilation friendly for env CC specified (ayanamist) #7991
• add Map.Len to get the length of the Map #7997 (James Tucker)
• a82f275: cmd/sniproxy: Set App name in tsnet hostinfo (Denton Gentry) #8004
• 1f4a345: .github: test installer script in CI in docker (Anton Tolchanov) #8001
• update win/apple licenses #7978 (License Updater)
• 42fd964: control/controlclient: use dnscache.Resolver for Noise client (Andrew Dunham) #8008
• c5bf868: ssh/tailssh: improve debug logging around revoked sessions (Tom DNetto) #8014
• bcf7b63: wgengine/magicsock: add hysteresis to endpoint selection (Andrew Dunham) #7940
• 3ae7140: net/tstun: handle exit nodes in NAT configs (Maisem Ali) #8021
• add a README.md with some docs #8019 (Brad Fitzpatrick)
• ddb4040: wgengine/magicsock: add address selection for wireguard only endpoints (tailscale#7979) (Charlotte Brandhorst-Satzkorn) #7979
• 4d79270: wgengine/magicsock: annotate, skip flaky TestIsWireGuardOnlyPickEndpointByPing (Brad Fitzpatrick) #8038
• be190e9: ssh/tailssh: restore support for recording locally (Maisem Ali) #8023
• update tailscale{,d} licenses #8040 (License Updater)
• 459744c: .github: mark bots for exemption by issuebot (tailscale#8041) (M. J. Fromberger) #8041
• 9e9ea6e: go.mod: bump all deps possible that don't break the build (Brad Fitzpatrick) #8044
• update tailscale{,d} licenses #8046 (License Updater)
• 5783adc: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #8039
• 787fc41: scripts/installer.sh: check connectivity with pkgs.tailscale.com (Anton Tolchanov) #8002
• support tailscaled-env.txt on macOS too #8048 (Brad Fitzpatrick)
• f46c1ae: go.mod: bump k8s libs (Maisem Ali) #8051
• 4860522: go.mod: bump gvisor (James Tucker) #8049
• 1c6ff31: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #8053
• 5def4f4: go.mod: bump goreleaser deps (James Tucker) #8050
• d1ce7a9: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #8056
• add detection and Taildrop for Unraid #8029 (Derek Kaser)
• add package with System type to unify subsystem init, discovery #4754 (Brad Fitzpatrick)
• 9ed3a06: net/netns: fix segv when no tailscale interface is found (James Tucker) #8064
• 8864112: ipn/ipnlocal: bound how long cert fetchher checks for existing DNS records (Brad Fitzpatrick) #8068
• 8d3d48e: ipn/ipnlocal: add NodeKey func to return the public node NodeKey (Charlotte Brandhorst-Satzkorn) #8061
• update rename SSHFailureNotifyRequest and add EventType #8061 (Charlotte Brandhorst-Satzkorn)
• 68307c1: ssh/tailssh: send ssh event notifications on recording failures (Charlotte Brandhorst-Satzkorn) #8061
• 29ded8f: ssh/tailssh,tailcfg: add connID to ssheventnotifyrequest and castheader (Charlotte Brandhorst-Satzkorn) #8061
• bump capability version #8061 (Charlotte Brandhorst-Satzkorn)
• 5c38f09: tsweb/promvarz: fix repeated expvar definition in test (James Tucker) #8065
• b9fb8ac: fix sys.Set(router) issue will crash the daemon in some OSs (Chenyang Gao) #8073
• update android licenses #8081 (License Updater)
• update tailscale{,d} licenses #8054 (License Updater)
• properly handle vcs.modified when it's "false" #8087 (Chenyang Gao)
• 58ab66e: ssh/tailssh: support LDAP users for Tailscale SSH (Brad Fitzpatrick) #8098
• a743b66: ssh/tailssh: move some user-related code into new user.go (Brad Fitzpatrick) #8099
• update win/apple licenses #8012 (License Updater)
• 827abbe: cmd/k8s-operator: print version in startup logs (Craig Rodrigues) #7814
• 1ce0825: release/dist: add deb/rpm arch mappings for mipses (salman) #8104
• ea84fc9: net/sockstats: wait before reporting battery usage (Will Norris) #8105
• 4f454f4: util/codegen: support embedded fields (Brad Fitzpatrick) #8107
• d27a6e1: tool/gocross: fix incorrect relpath usage in bootstrap script (David Anderson) #8108
• cb2fd5b: cmd/tsconnect: fix forgotten API change for wasm (Brad Fitzpatrick) #8109
• reenable TestLoopbackSOCKS5 on Windows #8114 (James Tucker)
• da90fab: net/netcheck: reenable TestBasic on Windows (James Tucker) #8113
• be less aggressive about re-uploads (tailscale#8117) #8117 (Joe Tsai)
• b690593: util/set: add a basic map-based Set type (Brad Fitzpatrick) #8122
• 85215ed: cmd/k8s-operator: handle NotFound secrets (Maisem Ali) #8123
• allow the expiry time to be specified for new keys #7143 (Matt Brown)
• 678bb92: cmd/tailscale/cl...

v1.40.1-sunos

Commits

• de26c1c: net/tstun: handle exit nodes in NAT configs (Maisem Ali)
• 0549338: cmd/k8s-operator: print version in startup logs (Craig Rodrigues)
• 42e993e: release/dist: add deb/rpm arch mappings for mipses (salman)
• c6ebbdd: ssh/tailssh: restore support for recording locally (Maisem Ali)
• 176939f: ipn/ipnlocal: bound how long cert fetchher checks for existing DNS records (Brad Fitzpatrick)
• 2e44616: ssh/tailssh: support LDAP users for Tailscale SSH (Brad Fitzpatrick)
• ba3ff98: net/sockstats: wait before reporting battery usage (Will Norris)
• d268486: VERSION.txt: this is v1.40.1 (Rhea Ghosh)
• 25ef4a6: Merge tag 'v1.40.1' into sunos-1.40 (Nahum Shalman)

v1.40.0-sunos

Continuous Integration

• add more lints (tailscale#7909) #7909 (Andrew Dunham)

Commits

• 6d3490f: VERSION.txt: this is 1.39 (Denton Gentry) #7564
• 9ebab96: version/mkversion: don't break on tagged go.mod entries (David Anderson) #7566
• remove per-interface stats from Get #7565 (Mihai Parparita)
• df3996c: tool/gocross: bootstrap correctly on an older toolchain (David Anderson) #7395
• 9526858: control/controlclient: fix accidental backoff reset (Kurnia D Win) #7570
• 1f95bfe: tool/gocross: adjust Xcode flags to match new Xcode env (David Anderson) #7448
• 0498d5e: tool/gocross: delete bootstrap tarball downloads after use (David Anderson) #7579
• do not start logtail in tests #7580 (Maisem Ali)
• add test for Funnel connections #7519 (Maisem Ali)
• 9534783: tailscale/cmd: Warn for up --force-reauth over SSH without accepting the risk (tailscale#7575) (James 'zofrex' Sanderson) #7575
• 95494a1: .github: use unique names for jobs (Maisem Ali) #7586
• 82e067e: build_dist.sh: make cross-compilation friendly (Nahum Shalman) #7583
• 927e2e3: .github: Bump actions/setup-go from 3 to 4 (dependabot[bot]) #7612
• 60a028a: .github: Bump peter-evans/create-pull-request from 4.1.4 to 4.2.4 (dependabot[bot]) #7611
• log client pubkeys on derp mesh probe failures #7614 (Anton Tolchanov)
• 50d211d: cmd/derpprobe: allow running all probes at the same time (Anton Tolchanov) #7614
• add optional debug logging for prober clients #7614 (Anton Tolchanov)
• e1fb687: cmd/tailscale/cli: fix inconsistency between serve text and example command (Mihai Parparita) #7593
• ccace1f: ssh/tailssh: fix privilege dropping on FreeBSD; add tests (Andrew Dunham) #7615
• ebc630c: net/interfaces: also allow link-local for AzureAppServices. (Denton Gentry) #7604
• df02bb0: tool/gocross: fail if the toolchain revision isn't findable (David Anderson) #7618
• e7a78bc: tool/gocross: support running from outside the repo dir (David Anderson) #7618
• d2dec13: net/sockstats: export cellular-only clientmetrics (Mihai Parparita) #7624
• f11c270: go.toolchain.rev: bump Go toolchain (Brad Fitzpatrick) #7628
• c9a4dbe: tool/gocross: correctly embed the git commit into gocross (David Anderson) #7629
• 39b2895: ssh/tailssh: make uid an int instead of uint64 (Andrew Dunham) #7630
• what?! a llama?! he's supposed to be dead! (tailscale#7623) #7623 (Sam Linville)
• add recorders field to SSHRule struct #7636 (Charlotte Brandhorst-Satzkorn)
• move recorders field from SSHRule to SSHAction #7639 (Charlotte Brandhorst-Satzkorn)
• 60cd4ac: cmd/tailscale/cli: move tskey-wrap functionality under lock sign (Tom DNetto) #7622
• 916aa78: ssh/tailssh: stream SSH recordings to configured recorders (Maisem Ali) #7640
• cc38060: scripts/installer.sh: Add Ubuntu Lunar Lobster 23.04. (Denton Gentry) #7641
• 7a97e64: ssh/tailssh: add more metadata to recording header (Maisem Ali) #7643
• d92047c: ssh/tailssh: allow recorders to be configured on the first or final action (Maisem Ali) #7644
• only record latency for successful probes #7632 (Anton Tolchanov)
• 731688e: ipn/localapi: add endpoint for adding debug log entries (Mihai Parparita) #7642
• use logtail to log and upload sockstat logs #7654 (Will Norris)
• c350cd1: ssh/tailssh: use background context for uploading recordings (Maisem Ali) #7647
• 9de8287: ssh/tailssh: lock OS thread during incubator (Andrew Dunham) #7660
• 13377e6: ssh/tailssh: always assert our final uid/gid (Andrew Dunham) #7659
• pass log IDs as the proper type rather than strings #7661 (Will Norris)
• 9d8b7a7: ipn/store/kubestore: handle "/" in ipn.StateKeys (Maisem Ali) #7663
• 8765568: ssh/tailssh: add docs to CastHeader fields (Maisem Ali) #7667
• 8a24648: ssh/tailssh: enable recording of non-pty sessions (Maisem Ali) #7667
• df89b7d: cmd/k8s-operator: disable HTTP/2 for the auth proxy (Maisem Ali) #7664
• 583e86b: ssh/tailssh: handle session recording when running in userspace mode (Maisem Ali) #7670
• add Node.SelfNodeV4MasqAddrForThisPeer #7437 (Maisem Ali)
• 535fad1: net/tstun: rename filterIn/filterOut methods to be more descriptive (Maisem Ali) #7437
• bb31fd7: net/tstun: add inital support for NAT v4 (Maisem Ali) #7437
• f6ea686: tstest/integration: add ping test w/ masquerades (Maisem Ali) #7437
• 0bf8c8e: net/tstun: use p.Buffer() in more places (Maisem Ali) #7437
• 0e203e4: net/packet: add checksum update tests (Maisem Ali) #7437
• ec90522: ipn/ipnlocal: also store ACME keys in the certStore (Maisem Ali) #7669
• 8a11f76: ipn/ipnlocal: fix cert storage in Kubernetes (Maisem Ali) #7669
• 9e81db5: ipn/ipnlocal: use atomicfile.WriteFile in certFileStore (Maisem Ali) #7669
• 4a89642: log/sockstatlog: make shutdown close idle connections (Maisem Ali) #7674
• 4cb1bfe: net/netcheck: improve determinism in hairpinning test (Andrew Dunham) #7682
• use pkg server to determine supported deb/rpm distros #7127 (Anton Tolchanov)
• 33b3596: net/dns: don't send on closed channel in resolvedManager (Andrew Dunham) #7683
• ca19cf1: log/sockstatlog: add resource cleanup test (Maisem Ali) #7675
• split out DialContext into a func #7675 (Maisem Ali)
• do not upload logs in tests #7675 (Maisem Ali)
• d2fd101: net/tstun: only log natConfig on changes (Maisem Ali) #7688
• support TS_AUTH_KEY variant too [tailscale#7689](https://githu...

v1.38.4-sunos

Commits

• add recorders field to SSHRule struct (Charlotte Brandhorst-Satzkorn)
• move recorders field from SSHRule to SSHAction (Charlotte Brandhorst-Satzkorn)
• dbbc465: ssh/tailssh: stream SSH recordings to configured recorders (Maisem Ali)
• d216363: ssh/tailssh: add more metadata to recording header (Maisem Ali)
• 40091d0: ssh/tailssh: allow recorders to be configured on the first or final action (Maisem Ali)
• 2474bd2: ssh/tailssh: use background context for uploading recordings (Maisem Ali)
• 0651c1a: ssh/tailssh: add docs to CastHeader fields (Maisem Ali)
• 8414c59: ssh/tailssh: enable recording of non-pty sessions (Maisem Ali)
• e6b81f9: ssh/tailssh: handle session recording when running in userspace mode (Maisem Ali)
• 1b1ac05: ssh/tailssh: add session recording test for non-pty sessions (Maisem Ali)
• 71a5f2a: ssh/tailssh: add tests for recording failure (Maisem Ali)
• 49e305f: ssh/tailssh: fix race in errors returned when starting recorder (Maisem Ali)
• c3301ab: go.toolchain.rev: update for go 1.20.3 (David Anderson) #7789
• 383b7c7: cmd/tailscale/cli: make serve and funnel visible in list (tailscale#7737) (shayne)
• 296d682: cmd/tailscale/cli: fix inconsistency between serve text and example command (Mihai Parparita)
• 61f36aa: cmd/tailscale/cli: do not allow turning Funnel on while shields-up (tailscale#7770) (shayne)
• 00205f0: ssh/tailssh: handle output matching better in tests (tailscale#7799) (Maisem Ali)
• 214217d: cmd/tailscale/cli: [serve] add support for proxy paths (tailscale#7800) (shayne)
• 043a345: VERSION.txt: this is v1.38.4 (Rhea Ghosh)
• 1ef27eb: Merge tag 'v1.38.4' into sunos-1.38 (Nahum Shalman)