v1.78.1-taildrive-sunos

Commits

• be11bf4: XXX sunos: enable taildrive (Nahum Shalman)
• 9576600: XXX library overrides for peercred (Nahum Shalman)
• 1854c95: XXX go mod tidy (Nahum Shalman)

v1.78.1-sunos

Commits

• acb4a22: VERSION.txt: this is v1.77.0 (tailscale#13779) (Jonathan Nobels) #13779
• 33029d4: net/netcheck: fix netcheck cli-triggered nil pointer deref (tailscale#13782) (Jordan Whited) #13782
• f9949cd: client/tailscale,cmd/{cli,get-authkey,k8s-operator}: set distinct User-Agents (Percy Wegmann) #13786
• 17335d2: net/dns/resolver: forward SERVFAIL responses over PeerDNS (Nick Hill) #13691
• e7545f2: net/dns/resolver: translate 5xx DoH server errors into SERVFAIL DNS responses (Nick Hill) #13691
• c2144c4: net/dns/resolver: update (*forwarder).forwardWithDestChan to always return an error unless it sends a response to responseChan (Nick Hill) #13691
• f07ff47: net/dns/resolver: add tests for using a forwarder with multiple upstream resolvers (Nick Khyl) #13691
• ecc8035: types/bools: add Compare to compare boolean values (tailscale#13792) (Joe Tsai) #13792
• 12e6094: ssh/tailssh: calculate passthrough environment at latest possible stage (Percy Wegmann) #13793
• avoid Fatal in ResourceCheck to show panic (tailscale#13790) #13790 (Paul Scott)
• instrument with usermetrics #13576 (Kristoffer Dalby)
• e0d711c: {net/connstats,wgengine/magicsock}: fix packet counting in connstats (Kristoffer Dalby) #13549
• update license notices #13815 (License Updater)
• 5f22f72: hostinfo,build_docker.sh,tailcfg: more reliably detect being in a container (tailscale#13826) (Tom Proctor) #13826
• 2aa9125: cmd/derpprobe: add /healthz endpoint (Andrew Dunham) #13830
• ff5f233: util/syspolicy: add rsop package that provides access to the resultant policy (Nick Khyl) #13718
• 74dd24c: cmd/tsconnect, logpolicy: fixes for wasm_js.go (Christian) #13819
• 6a885db: wgengine/magicsock: fix CI-only test warning of missing health tracker (Brad Fitzpatrick) #13835
• d32d742: ipn/ipnlocal: error when trying to use exit node on unsupported platform (tailscale#13726) (Mario Minardi) #13726
• 22c89fc: cmd/tailscale,ipn,tailcfg: add tailscale advertise subcommand behind envknob (tailscale#13734) (Naman Sood) #13734
• fa95318: tool/gocross: add support for tvOS Simulator (tailscale#13847) (Andrea Gottardo) #13847
• c0a9895: scripts/installer.sh: support DNF5 (Andrew Dunham) #13844
• give trusted mesh peers longer write timeouts #13853 (Brad Fitzpatrick)
• add sclient write deadline timeout metric (tailscale#13831) #13831 (Jordan Whited)
• 874db21: ipn/{ipnauth,ipnlocal,ipnserver}: send the auth URL to the user who started interactive login (Nick Khyl) #13297
• 877fa50: net/netcheck: remove arbitrary deadlines from GetReport() tests (tailscale#13832) (Jordan Whited) #13832
• e711ee5: release/dist: clamp min / max version for synology package centre (tailscale#13857) (Mario Minardi) #13857
• fd77965: net/tlsdial: call out firewalls blocking Tailscale in health warnings (tailscale#13840) (Andrea Gottardo) #13840
• track client-advertised non-ideal DERP connections in more places #13866 (Brad Fitzpatrick)
• 72587ab: scripts/installer.sh: allow Archcraft for Arch packages (tailscale#13870) (Erisa A) #13870
• remove SysDNSOS, add two Warnables for read+set system DNS config (tailscale#13874) #13874 (Andrea Gottardo)
• 0f4c9c0: cmd/viewer: import types/views when generating a getter for a map field (Nick Khyl) #13872
• d4d21a0: net/tstun: restore tap mode functionality (Maisem Ali) #13875
• 85241f8: net/tstun: use /10 as subnet for TAP mode; read IP from netmap (Maisem Ali) #13876
• fix spurious warning about DERP home region '0' #13882 (Brad Fitzpatrick)
• b2665d9: net/netcheck: add a Now field to the netcheck Report (Andrew Dunham) #13885
• 2122704: cmd/testwrapper: add pkg runtime to output (tailscale#13894) (Paul Scott) #13894
• 7fe6e50: net/dns/resolver: fix test flake (Andrew Dunham) #13903
• e815ae0: util/syspolicy, ipn/ipnlocal: update syspolicy package to utilize syspolicy/rsop (Nick Khyl) #13727
• 6ab39b7: cmd/k8s-operator: validate that tailscale.com/tailnet-ip annotation value is a valid IP (Nick Kirby) #13836
• 853fe3b: ipn/store/kubestore: cache state in memory (tailscale#13918) (Irbe Krumina) #13918
• 9d1348f: ipn/store/kubestore: don't error if state cannot be preloaded (tailscale#13926) (Irbe Krumina) #13926
• 5d07c17: net/dns: fix blank lines being added to resolv.conf on OpenBSD (tailscale#13928) (Renato Aguiar) #13928
• update license notices #13936 (License Updater)
• c0a1ed8: tstest/natlab: add latency & loss simulation (James Tucker) #13467
• 0d76d7d: tool/gocross: remove trimpath from test builds (James Tucker) #13439
• 94fa6d9: ipn/ipnlocal: log errors while fetching serial numbers (Anton Tolchanov) #13938
• 11e9676: wgengine/magicsock: fix stats packet counter on derp egress (Anton Tolchanov) #13948
• 38af62c: ipn/ipnlocal: remove the primary routes gauge for now (Anton Tolchanov) #13947
• 9545e36: cmd/tailscale/cli: add 'tailscale metrics' command (Anton Tolchanov) #13922
• 0f9a054: tstest/tailmac: fix Host.app path generation (tailscale#13953) (Jonathan Nobels) #13953
• aecb0ab: tstest/tailmac: add support for mounting host directories in the guest (tailscale#13957) (Jonathan Nobels) #13957
• 856ea23: wgengine/magicsock: log home DERP changes with latency (Tim Walters) #13895
• 1103044: cmd/k8s-operator,k8s-operator: add topology spread constraints to ProxyClass (tailscale#13959) (Irbe Krumina) #13959
• 2336c34: util/syspolicy: implement a syspolicy store that reads settings from environment variables (Nick Khyl) #13855
• 2cc1100: util/syspolicy/source: use errors instead of github.com/pkg/errors (Nick Khyl) #13968
• 2a2228f: util/syspolicy/setting: make setting.RawItem JSON-marshallable (Nick Khyl) #13956
• 540e4c8: util/syspolicy/setting: make setting.Snapshot JSON-marshallable (Nick Khyl) #13956
• f81348a: util/syspolicy/source: put EnvPolicyStore env keys in their own namespace (Brad Fitzpatrick) #13967
• e1e2278: net/netcheck: ensure prior preferred DERP is always in netchecks (James Tucker) #13970
• 532b261: wgengine/magicsock: exclude disco from throughput metrics (Anton Tolchanov) #13949
• b4f46c3: wgengine/magicsock: export packet drop metric for outbound errors (Anton Tolchanov) [tailscale#13946](tailscale#1...

v1.76.6-sunos

Commits

• fix spurious warning about DERP home region '0' (Brad Fitzpatrick)
• b73831b: net/sockstats: prevent crash in setNetMon (tailscale#13985) (Andrea Gottardo)
• 5280738: net/netcheck: ensure prior preferred DERP is always in netchecks (James Tucker) #13996
• 0472936: wgengine/magicsock: log home DERP changes with latency (Tim Walters)
• 666c961: VERSION.txt: this is v1.76.4 (Andrea Gottardo)
• dda4603: VERSION.txt: this is v1.76.5 (Andrea Gottardo)
• 1edcf9d: VERSION.txt: this is v1.76.6 (Jonathan Nobels)
• 0047fcf: Merge tag 'v1.76.6' into sunos-1.76 (Nahum Shalman)

v1.76.3-sunos

Commits

• 3bee38d: VERSION.txt: this is v1.75.0 (tailscale#13454) (kari-ts) #13454
• add new concurrent server benchmark #13449 (Brad Fitzpatrick)
• add node attr for SSH environment variables (tailscale#13450) #13450 (Mario Minardi)
• afec2d4: wgengine/magicsock: remove redundant deadline from netcheck report call (tailscale#13395) (Jordan Whited) #13395
• 124ff3b: {api.md,publicapi}: remove old API docs (tailscale#13468) (Mario Minardi) #13468
• 40833a7: wgengine/magicsock: disable raw disco by default; add envknob to enable (Andrew Dunham) #13483
• f572286: gokrazy, various: use point versions of Go and update Nix deps (Andrew Dunham) #13485
• update license notices #13180 (License Updater)
• refactor DERP server's peer-gone watch mechanism #13477 (Brad Fitzpatrick)
• 4084c61: wgengine/magicsock: add side-effect-free function for netcheck UDP sends (tailscale#13487) (Jordan Whited) #13487
• 5f4a4c6: wgengine/magicsock: fix sendUDPStd docs (tailscale#13490) (Jordan Whited) #13490
• 8b962f2: cmd/natc: fix nil pointer (Fran Bull) #13496
• 951884b: net/netcheck,wgengine/magicsock: plumb OnlyTCP443 controlknob through netcheck (tailscale#13491) (Jordan Whited) #13491
• add a ListenAndServe method to the Server type (tailscale#13498) #13498 (M. J. Fromberger)
• 3a467b6: go/toolchain: use ed9dc37b2b000f376a3e819cbb159e2c17a2dac6 (tailscale#13507) (Andrea Gottardo) #13507
• af5a845: net/dns/resolver: fix dns-sd NXDOMAIN responses from quad-100 (James Tucker) #13512
• d0a56a8: cmd/containerboot: split main.go (tailscale#13517) (Tom Proctor) #13517
• 3e9ca6c: go.toolchain.rev: bump oss, test toolchain matches go.toolchain.rev (Brad Fitzpatrick) #13528
• dc86d35: types/views: add SliceView.All iterator (tailscale#13536) (Joe Tsai) #13536
• add AcceptEnv field to SSHRule (tailscale#13523) #13523 (Mario Minardi)
• 07991de: .github: pin actions/checkout to latest v3 or v4 as appropriate (tailscale#13551) (Mario Minardi) #13551
• 2c1bbfb: .github: pin actions/setup-go usage to latest 5.x (tailscale#13553) (Mario Minardi) #13553
• 22e98cf: .github: pin codeql actions to latest 3.x (tailscale#13552) (Mario Minardi) #13552
• a3f7e72: .github: use and pin slackapi/slack-github-action to latest 1.x (tailscale#13554) (Mario Minardi) #13554
• a8bd0cb: .github: update and pin actions/cache to latest 4.x (tailscale#13555) (Mario Minardi) #13555
• 04bbef0: .github: update and pin actions/upload-artifact to latest 4.x (tailscale#13556) (Mario Minardi) #13556
• 05d82fb: .github: pin re-actors/alls-green to latest 1.x (tailscale#13558) (Mario Minardi) #13558
• a98f75b: .github: Bump tibdex/github-app-token from 1.8.0 to 2.1.0 (tailscale#9529) (dependabot[bot]) #9529
• add tailscale dns query (tailscale#13368) #13368 (Andrea Gottardo)
• 43f4131: {release,version}: add DSM7.2 specific synology builds (tailscale#13405) (Mario Minardi) #13405
• 6f7e7a3: tool/gocross: make gocross-wrapper.sh keep multiple Go toolchains around (Brad Fitzpatrick) #13500
• document the RunWatchConnectionLoop callback gotchas #13567 (Brad Fitzpatrick)
• 0e0e53d: util/usermetrics: make usermetrics non-global (Kristoffer Dalby) #13550
• clean up updateBuiltinWarnablesLocked a bit, fix DERP warnings #13577 (Brad Fitzpatrick)
• 2fdbcbd: wgengine/magicsock: only used cached results for GetLastNetcheckReport (Adrian Dewhurst) #13584
• 65c2635: cmd/k8s-operator, k8s-operator: fix outdated kb links (tailscale#13585) (Cameron Stokes) #13585
• revert changes to MultiLabelMap's String method #13588 (Andrew Dunham)
• 9eb59c7: wgengine/magicsock: fix check for EPERM on macOS (James Tucker) #13587
• c90c993: ssh/tailssh: add logic for matching against AcceptEnv patterns (tailscale#13466) (Mario Minardi) #13466
• 3dc33a0: net/tsaddr: add WithoutExitRoutes and IsExitRoute (Kristoffer Dalby) #13569
• 0909431: cmd/tailscale: use tsaddr helpers (Kristoffer Dalby) #13569
• f03e82a: client/web: use tsaddr helpers (Kristoffer Dalby) #13569
• 7d1160d: {ipn,net,tsnet}: use tsaddr helpers (Kristoffer Dalby) #13569
• make opts.Metrics mandatory #13590 (Kristoffer Dalby)
• 69be54c: net/captivedetection: exclude ipsec interfaces from captive portal detection (tailscale#13598) (Andrea Gottardo) #13598
• 7ec8bdf: go.mod: upgrade golangci-lint (Andrew Dunham) #13603
• cab2e6e: cmd/k8s-operator,k8s-operator: add ProxyGroup CRD (tailscale#13591) (Tom Proctor) #13591
• 7783255: ipn/ipnlocal: add advertised and primary route metrics (Kristoffer Dalby) #13574
• c62b073: cmd/k8s-operator: remove auth key once proxy has logged in (tailscale#13612) (Irbe Krumina) #13612
• 096b090: cmd/containerboot,kube,util/linuxfw: configure kube egress proxies to route to 1+ tailnet targets (tailscale#13531) (Irbe Krumina) #13531
• fb0f8fc: cmd/tsidp: add --dir flag (Maisem Ali) #13592
• don't create a filch buffer if logging is disabled #13617 (Anton Tolchanov)
• dd6b808: .github: Bump peter-evans/create-pull-request from 7.0.1 to 7.0.5 (tailscale#13626) (dependabot[bot]) #13626
• Add logic to set accepted environment variables in SSH session (tailscale#13559) #13559 (Mario Minardi)
• d3f302d: cmd/tailscale/cli: make 'tailscale debug ts2021' try twice (Brad Fitzpatrick) #13638
• fd32f0d: control/controlhttp: factor out some code in prep for future change (Brad Fitzpatrick) #13638
• 1eaad7d: control/controlhttp: fix connectivity on Alaska Air wifi (Brad Fitzpatrick) #13599
• 16ef887: net/portmapper: don't return unspecified/local external IPs (Andrew Dunham) #13639
• 262c526: net/portmapper: don't treat 0.0.0.0 as a valid IP (Brad Fitzpatrick) #13641
• 992ee6d: .github: Bump github/codeql-action from 3.26.8 to 3.26.9 (tailscale#13625) (dependabot[bot]) #13625
• e66fe1f: docs/windows/policy: add ADMX policy setting to configure the AuthKey (Nick Khyl) #13642
• ed1ac79: net/captivedetection: set Timeout on net.Dialer (tailscale#13613) (Andrea Gottardo) [tailscale#13613](https://github.com/tail...

v1.74.0-sunos

Builds

• deps: bump ws from 8.14.2 to 8.17.1 in /client/web (tailscale#12524) #12524 (dependabot[bot])

Commits

• 1e8f8ee: VERSION.txt: this is v1.73.0 (tailscale#13181) (Andrea Gottardo) #13181
• 8fad8c4: tstest/tailmac: add customized macOS virtualization tooling (tailscale#13146) (Jonathan Nobels) #13146
• f95785f: util/winutil: add constants from Win32 SDK for dll blocking mitigation policies (Aaron Klotz) #13183
• 16bb541: wgengine/magicsock: replace deprecated poly1305 (tailscale#13184) (tomholford) #13175
• support setting authkey at login using syspolicy (tailscale#13061) #13061 (Andrea Gottardo)
• 01aa01f: ipn/ipnlocal: network-lock, error if no pubkey instead of panic (Kristoffer Dalby) #12505
• 2105773: cmd/k8s-operator/deploy: replace wildcards in Kubernetes Operator RBAC role definitions with verbs (pierig-n3xtio) #13169
• 8f6a235: util/winutil: add GetRegUserString/SetRegUserString accessors for storage and retrieval of string values in HKEY_CURRENT_USER (Aaron Klotz) #13188
• 93dc2de: cmd/k8s-operator: support default proxy class in k8s-operator (tailscale#12711) (ChandonPierre) #12711
• df6014f: net/tstun,wgengine{/netstack/gro}: refactor and re-enable gVisor GRO for Linux (tailscale#13172) (Jordan Whited) #13172
• 7675c3e: wgengine/netstack/gro: exclude importation of gVisor GRO pkg on iOS (tailscale#13202) (Jordan Whited) #13202
• 7d83056: ssh/tailssh: fix SSH on busybox systems (Percy Wegmann) #13040
• 151b77f: cmd/tl-longchain: tool to re-sign nodes with long rotation signatures (Anton Tolchanov) #13201
• af3d3c4: types/prefs: add a package containing generic preference types (Nick Khyl) #12830
• 4b525fd: ssh/tailssh: only chdir incubator process to user's homedir when necessary and possible (Percy Wegmann) #13171
• 8e42510: wgengine/netstack: disable gVisor GSO on Linux (tailscale#13215) (Jordan Whited) #13215
• 690d3bf: cmd/tailscale/cli: add debug command to do DNS lookups portably (Brad Fitzpatrick) #13219
• 4637ac7: ipn/ipnlocal: remember last notified taildrive shares and only notify if they've changed (Percy Wegmann) #13210
• fix new lint warnings from bumping staticcheck #13220 (Brad Fitzpatrick)
• switch to and require Go 1.23 #13220 (Brad Fitzpatrick)
• 0cb7eb9: net/dns: updated gonotify dependency to v2 that supports closable context (Ilarion Kovalchuk) #13221
• aedfb82: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13227
• e54c81d: types/views: add Slice.All iterator (Brad Fitzpatrick) #12913
• d00d6d6: go.mod: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink (Percy Wegmann) #13228
• 743d296: update to github.com/tailscale/netlink library that doesn't require vishvananda/netlink (Percy Wegmann) #13228
• 1191eb0: tstest/natlab: add unix address to writer for dgram mode (Jonathan Nobels) #13229
• 6280c44: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13234
• 3c66ee3: cmd/systray: add a basic linux systray app (Will Norris) #13237
• b091264: cmd/systray: set ipn.NotifyNoPrivateKeys, permit non-operator use (Brad Fitzpatrick) #13244
• d862898: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #13238
• 3904e4d: cmd/tta, tstest/natlab/vnet: remove unneeded port 124 log hack, add log buffer (Brad Fitzpatrick) #13247
• 3b70968: cmd/vnet: add --blend and --pcap flags (Brad Fitzpatrick) #13247
• 5a99940: tstest/natlab/vnet: explicitly ignore PCP and SSDP UDP queries (Brad Fitzpatrick) #13247
• aa42ae9: tstest/natlab: make a new virtualIP type in prep for IPv6 support (Brad Fitzpatrick) #13248
• a9dc6e0: util/codegen, cmd/cloner, cmd/viewer: update codegen.LookupMethod to support alias type nodes (Nick Khyl) #13232
• 03acab2: cmd/cloner, cmd/viewer, util/codegen: add support for aliases of cloneable types (Nick Khyl) #13236
• e5fd36a: tstest/natlab: respect NATTable interface's invalid-means-drop everywhere (Brad Fitzpatrick) #13250
• 475ab1f: cmd/vnet: omit log spam when backend status hasn't changed (Brad Fitzpatrick) #13251
• 641693d: ipn/ipnlocal: install IPv6 service addr route (tailscale#13252) (Jordan Whited) #13252
• 367bfa6: tstest/integration: exercise TCP DNS queries against quad-100 (tailscale#13231) (Jordan Whited) #13231
• 9783065: tstest/integration: change log.Fatal() to t.Fatal() (tailscale#13253) (Jordan Whited) #13253
• 31b5239: tstest/natlab/vnet: flush and sync pcap file after every packet (Maisem Ali) #13255
• b78df4d: tstest/natlab/vnet: add start of IPv6 support (Brad Fitzpatrick) #13167
• 8af50fa: ipn/ipnlocal: update routes on link change with ExitNodeAllowLANAccess (James Tucker) #13246
• cccacff: types/opt: add BoolFlag for setting Bool value as a flag (Will Norris) #13264
• e0bdd5d: tstest/natlab: simplify a defer (Brad Fitzpatrick) #13259
• 3a8cfbc: tstest/natlab: be more paranoid about IP versions from gvisor (Brad Fitzpatrick) #13259
• 6dd1af0: tstest/natlab: refactor HandleEthernetPacketForRouter a bit (Brad Fitzpatrick) #13259
• 2636a83: cmd/tta: pull out test driver dialing into a type, fix bugs (Brad Fitzpatrick) #13259
• extend the gokrazy/natlab wait-for-network delay for IPv6 #13259 (Brad Fitzpatrick)
• 0157000: tstest/natlab: fix IPv6 tests, remove TODOs (Brad Fitzpatrick) #13259
• f99f970: tstest/natlab/vnet: rename some things for clarity (Brad Fitzpatrick) #13259
• 6d4973e: wgengine/netstack: use types/logger.Logf instead of stdlib log.Printf (tailscale#13267) (Jordan Whited) #13267
• d097096: net/tstun,wgengine/netstack: make inbound synthetic packet injection GSO-aware (tailscale#13266) (Jordan Whited) #13266
• bfcb356: wgengine/netstack: re-enable gVisor GSO on Linux (tailscale#13269) (Jordan Whited) #13269
• 06c31f4: tsweb/varz: remove pprof (Kristoffer Dalby) #12990
• add initial user-facing metrics #12990 (Kristoffer Dalby)
• 31cdbd6: net/tstun: fix gvisor inbound GSO packet injection (tailscale#13283) (Jordan Whited) #13283
• ff1d0aa: tstest/natlab/vnet: start adding tests (Brad Fitzpatrick) #13282
• 8b23ba7: tstest/natlab/vnet: add qemu + Virtualization.framework protocol tests (Brad Fitzpatrick) #13290
• 961ee32: ipn/{ipnauth,ipnlocal,ipnserver,localapi}: start baby step toward moving access checks from the localapi.Handler to the LocalBackend (Nick Khyl) #13281
• 73b3c8f: tstest/natlab/vnet: add IPv6 all-nodes support (Brad Fitzpa...

v1.72.1-sunos

Commits

• eb07c60: wgengine/netstack: disable gVisor GSO on Linux (tailscale#13213) (Jordan Whited) #13213
• f4a9566: VERSION.txt: this is v1.72.1 (Andrea Gottardo)
• 9a90bca: Merge tag 'v1.72.1' into sunos-1.72 (Nahum Shalman)

v1.72.0-sunos

Builds

• deps: bump github.com/docker/docker (tailscale#12966) #12966 (dependabot[bot])

Commits

• 4ff276c: VERSION.txt: this is v1.71.0 (Aaron Klotz) #12844
• remove warning (tailscale#12841) #12841 (Cameron Stokes)
• set Hostinfo.PackageType for mkctr container builds #12843 (Brad Fitzpatrick)
• f77821f: derp/derphttp: determine whether a region connect was to non-ideal node (Brad Fitzpatrick) #12725
• swallow panics #12836 (Paul Scott)
• d3af544: client/tailscale: document ACLTestFailureSummary.User field (Brad Fitzpatrick) #12852
• 1608831: wgengine/router: use quad-100 as the nexthop on Windows (Nick Khyl) #12847
• 4850186: {tool,client}: bump node version (tailscale#12840) (Mario Minardi) #12840
• 54f58d1: ipn/ipnlocal: add comment explaining auto exit node migration (Adrian Dewhurst) #12821
• log cancelled requests as 499 #12861 (Paul Scott)
• 0f57b93: cmd/k8s-operator,tstest,go.{mod,sum}: remove fybrik.io/crdoc dependency (tailscale#12862) (Irbe Krumina) #12862
• 32ce187: Add extra environment variables in deployment template (tailscale#12858) (Lee Briggs) #12858
• e7bf6e7: cmd/tailscale: add --min-validity flag to the cert command (tailscale#12822) (Andrew Lytvynov) #12822
• 20562a4: cmd/viewer, types/views, util/codegen: add viewer support for custom container types (Nick Khyl) #12809
• bd54b61: types/opt: add (Value[T]).GetOr(def T) T method (Nick Khyl) #12865
• 1f94047: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12880
• d500a92: util/slicesx: add HasPrefix, HasSuffix, CutPrefix, and CutSuffix functions (Nick Khyl) #12887
• 5d09649: types/lazy: add (*SyncValue[T]).SetForTest method (Nick Khyl) #12866
• update license notices #12886 (License Updater)
• 57856fc: ipn,wgengine/magicsock: allow setting static node endpoints via tailscaled configfile (tailscale#12882) (Irbe Krumina) #12882
• log all cancellations as 499s (tailscale#12894) #12894 (Paul Scott)
• 43375c6: types/lazy: re-init SyncValue during test cleanup if it wasn't set before SetForTest (Nick Khyl) #12905
• Add MiddlewareStack func to apply lists of Middleware (tailscale#12907) #12907 (Paul Scott)
• cf97cff: wgengine/netstack: simplify netaddrIPFromNetstackIP (Brad Fitzpatrick) #12922
• introduce captive-portal-detected Warnable (tailscale#12707) #12707 (Andrea Gottardo)
• 6840f47: net/dnsfallback: set CanPort80 in static DERPMap (tailscale#12929) (Andrea Gottardo) #12929
• 1bf82dd: util/osuser: run getent on non-Linux Unixes (Ross Williams) #12732
• c5623e0: go.{mod,sum},tstest/tools,k8s-operator,cmd/k8s-operator: autogenerate CRD API docs (tailscale#12884) (Irbe Krumina) #12884
• add QuietLogging option (tailscale#12838) #12838 (Paul Scott)
• a21bf10: cmd/k8s-operator,k8s-operator/sessionrecording,sessionrecording,ssh/tailssh: refactor session recording functionality (tailscale#12945) (Irbe Krumina) #12945
• 3088c61: go.mod: pull in latest github.com/tailscale/xnet (Percy Wegmann) #12951
• 19b0c8a: net/dns, health: raise health warning for failing forwarded DNS queries (tailscale#12888) (Jonathan Nobels) #12888
• 35a8fca: cmd/tailscale/cli: release portmap after netcheck (Andrew Dunham) #12956
• add some associated with scales #12953 (Brad Fitzpatrick)
• 2ab1d53: gokrazy/tsapp: add go.mod replacing two tailscale.com binaries with parent module (Brad Fitzpatrick) #12962
• 575feb4: util/osuser: turn wasm check into a const expression (Brad Fitzpatrick) #12930
• 34de96d: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12949
• add a warning that this is not used to build our published images (tailscale#12955) #12955 (Irbe Krumina)
• eead255: build_docker.sh: update script comment (tailscale#12970) (Irbe Krumina) #12970
• 8a8ecac: net/dns, cmd/tailscaled: plumb system health tracker into dns cleanup (tailscale#12969) (Jonathan Nobels) #12969
• 949b15d: net/captivedetection: call SetHealthy once connectivity restored (tailscale#12974) (Andrea Gottardo) #12974
• 7bc2dda: go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GSO for Linux (tailscale#12869) (Jordan Whited) #12869
• 0def4f8: net/netns: on Windows, fall back to default interface index when unspecified address is passed to ControlC and bindToInterfaceByRoute is enabled (Aaron Klotz) #12981
• 004dded: net/tlsdial: relax self-signed cert health warning (Brad Fitzpatrick) #12980
• 655b4f8: net/netns: remove some logspam by avoiding logging parse errors due to unspecified addresses (Aaron Klotz) #12983
• don't show login error details with context cancelations #12992 (Brad Fitzpatrick)
• f0230ce: go.mod,net/tstun,wgengine/netstack: implement gVisor TCP GRO for Linux (tailscale#12921) (Jordan Whited) #12921
• 4055b63: net/captivedetection: exclude cellular data interfaces (tailscale#13002) (Andrea Gottardo) #13002
• 9939374: wgengine/magicsock: use cloud metadata to get public IPs (Andrew Dunham) #12997
• d9d9d52: wgengine/netstack: increase gVisor's TCP send and receive buffer sizes (tailscale#12994) (Jordan Whited) #12994
• 4099a36: util/winutil/gp: fix a busy loop bug (Nick Khyl) #13006
• a917718: util/linuxfw: return nil interface not concrete type (Maisem Ali) #13013
• f205efc: net/packet/checksum: fix v6 NAT (Maisem Ali) #13014
• 0a6eb12: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #12967
• mark TestStdHandler_ConnectionClosedDuringBody flaky #13018 (Maisem Ali)
• 07e2487: wgengine/capture: fix v6 field typo in wireshark dissector (Maisem Ali) #13016
• a7a394e: tstest/integration: mark TestNATPing flaky (Maisem Ali) #13020
• 25f0a3f: wgengine/netstack: use build tags to exclude gVisor GRO importation on iOS (tailscale#13015) (Jordan Whited) #13015
• 17c88a1: net/captivedetection: mark TestAllEndpointsAreUpAndReturnExpectedResponse flaky (tailscale#13021) (Jordan Whited) #13021
• 0fd7374: ...

v1.70.0-sunos

sunos: update go modules

v1.70.0-beta-sunos

Bug Fixes

• broken tests for localhost #12200 (Josh McKinney)

Builds

• deps: bump golang.org/x/image from 0.15.0 to 0.18.0 #12629 (dependabot[bot])

Continuous Integration

• enable checklocks workflow for specific packages #12626 (Andrew Dunham)

Commits

• 5f12139: VERSION.txt: this is v1.69.0 (tailscale#12441) (Mario Minardi) #12441
• d0f1a83: net/dnscache: use parent context to perform lookup (Andrew Dunham) #12418
• 02e3c04: net/dns: re-query system resolvers on no-upstream resolver failure on apple platforms (tailscale#12398) (Jonathan Nobels) #12398
• d7fdc01: ssh/tailssh: check IsSELinuxEnforcing in tailscaled process (Percy Wegmann) #12445
• ccdd2e6: cmd/derper: add a README (Brad Fitzpatrick) #12446
• 88f2d23: wgengine/netstack: fix 4via6 subnet routes (tailscale#12454) (Irbe Krumina) #12454
• 72c8f77: wgengine/netstack: add test for tailscale#12448 (Andrew Dunham) #12458
• 6908fb0: ipn/localapi,client/tailscale,cmd/derper: add WhoIs lookup by nodekey, use in derper (Brad Fitzpatrick) #12466
• 65888d9: derp/xdp,cmd/xdpderper: initial skeleton (tailscale#12390) (Jordan Whited) #12390
• update PeerAPIDNS Port value documentation #12271 (James Tucker)
• 9189fe0: cmd/stunc: support user-specified port (tailscale#12469) (Jordan Whited) #12469
• bd2a6d5: util/winutil: add UserProfile type for (un)loading user profiles (Aaron Klotz) #12428
• e8ca30a: xcode/iOS: support serial number collection via MDM on iOS (tailscale#11429) (Andrea Gottardo) #11429
• begin work to use structured health warnings instead of strings, pipe changes into ipn.Notify (tailscale#12406) #12406 (Andrea Gottardo)
• 7354547: util/winutil: update UserProfile to ensure any environment variables in the roaming profile path are expanded (Aaron Klotz) #12471
• create a catch-all NRPT rule when "Override local DNS" is enabled on Windows #12426 (Nick Khyl)
• fix data race in new warnable code #12481 (Brad Fitzpatrick)
• e2c0d69: wgengine/filter: add filter benchmark (Brad Fitzpatrick) #12490
• 21ed31e: wgengine/filter: use NewContainsIPFunc for Srcs matches (Brad Fitzpatrick) #12488
• 7574f58: wgengine/filter: add more benchmarks, make names more explicit (Brad Fitzpatrick) #12493
• 491483d: cmd/viewer,type/views: add MapSlice for maps of slices (Maisem Ali) #12492
• 64ac64f: net/tsaddr: use bart in NewContainsIPFunc, add tests, benchmarks (Brad Fitzpatrick) #12487
• 10e8a2a: wgengine/filter: fix copy/pasteo in new benchmark's v6 CIDR (Brad Fitzpatrick) #12496
• d4220a7: wgengine/filter: add TCP non-SYN benchmarks (Brad Fitzpatrick) #12497
• 36b1b4a: wgengine/filter: split local+logging lookups by IPv4-vs-IPv6 (Brad Fitzpatrick) #12491
• 86e0f9b: net/ipset, wgengine/filter/filtertype: add split-out packages (Brad Fitzpatrick) #12499
• bf2d13c: net/ipset: return all closures from named wrappers (Brad Fitzpatrick) #12500
• 20a5f93: wgengine/filter: add UDP flow benchmark (Brad Fitzpatrick) #12502
• 1f6645b: net/ipset: skip the loop over Prefixes when there's only one (Brad Fitzpatrick) #12503
• a1ab7f7: client/tailscale: add NodeID to device (Kristoffer Dalby) #12506
• allow switching from unstable to stable tracks (tailscale#12477) #12477 (Andrew Lytvynov)
• 674c998: cmd/tailscale/cli: do not allow update --version on macOS (tailscale#12508) (Andrew Lytvynov) #12508
• 8cc2738: cmd/{containerboot,k8s-operator}: store proxy device ID early to help with cleanup for broken proxies (tailscale#12425) (Irbe Krumina) #12425
• 315f3d5: derp/xdp: fix handling of zero value UDP checksums (tailscale#12510) (Jordan Whited) #12510
• 2db2d04: types/logid: add Add method (tailscale#12478) (Joe Tsai) #12478
• add a verifyClients check to the consistency check #12515 (James Tucker)
• update Windows hostinfo to include MSIDist registry value #12523 (Aaron Klotz)
• 45d2f43: proxymap, various: distinguish between different protocols (Andrew Dunham) #12385
• 3099323: cmd/k8s-operator,k8s-operator,go.{mod,sum}: publish proxy status condition for annotated services (tailscale#12463) (Tom Proctor) #12463
• bfb775c: go.mod.sri: update SRI hash for go.mod changes (Flakes Updater) #11777
• bd93c30: wgengine/filter/filtertype: make Match.IPProto a view (Brad Fitzpatrick) #12526
• expose DependsOn to local API via UnhealthyState (tailscale#12513) #12513 (Andrea Gottardo)
• a93173b: cmd/xdpderper,derp/xdp: implement mode that drops STUN packets (tailscale#12527) (Jordan Whited) #12527
• 8eb15d3: cli/netcheck: fail with output if we time out fetching a derpmap (tailscale#12528) (Andrea Gottardo) #12528
• include DERP region name in bad derp notifications (tailscale#12530) #12530 (Andrea Gottardo)
• 9e0a5cc: net/flowtrack: optimize Tuple type for use as map key (Brad Fitzpatrick) #12507
• 162d593: net/flowtrack: fix, test String method (Brad Fitzpatrick) #12533
• 21460a5: tailcfg, wgengine/filter: remove most FilterRule.SrcBits code (Brad Fitzpatrick) #12529
• fix fmt verb for nodekeys #12539 (Brad Fitzpatrick)
• don't verify mesh peers when --verify-clients is set #12540 (Brad Fitzpatrick)
• fix nil DERPMap dereference panic #12535 (Andrea Gottardo)
• 1023b2a: util/deephash: fix test regression on 32-bit (Brad Fitzpatrick) #12544
• 0004827: control/controlhttp: add health warning for macOS filtering blocking Tailscale (tailscale#12546) (Brad Fitzpatrick) #12546
• 732605f: control/controlclient: move noiseConn to internal package (Andrew Dunham) #12550
• 24976b5: cmd/tailscale/cli: actually perform Noise request in 'debug ts2021' (Andrew Dunham) #12550
• 730f036: ssh/tailssh: replace incubator process with su instead of running su as child (Percy Wegmann) #12470
• bd50a34: wgengine/filter: add "Accept" TCP log lines to verbose logging (tailscale#12525) (Keli...

v1.68.2-sunos

Commits

• test SigCredential signatures and netmap filtering #12684 (Anton Tolchanov)
• 1b92ce1: ipn/ipnlocal: allow multiple signature chains from the same SigCredential (Anton Tolchanov) #12684
• 0629929: net/dns: recheck DNS config on SERVFAIL errors (tailscale#12547) (Jonathan Nobels) #12685
• c79c500: VERSION.txt: this is v1.68.2 (Anton Tolchanov)
• c061a7c: Merge tag 'v1.68.2' into sunos-1.68 (Nahum Shalman)