forked from pool/tailscale
03d95338db
* DNS over TCP failures when querying the Tailscale-internal resolver are fixed. OBS-URL: https://build.opensuse.org/package/show/network:vpn/tailscale?expand=0&rev=36
314 lines
14 KiB
Plaintext
314 lines
14 KiB
Plaintext
-------------------------------------------------------------------
|
|
Thu Aug 22 22:08:51 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
|
|
|
|
- update to 1.72.1:
|
|
* DNS over TCP failures when querying the Tailscale-internal resolver are fixed.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 21 16:05:02 UTC 2024 - rrahl0@opensuse.org
|
|
|
|
- Update to version 1.72.0:
|
|
* posture: deduplicate MAC addresses before returning them
|
|
* health/dns: reduce severity of DNS unavailable warning
|
|
* safeweb: add Server.Close method
|
|
* go.mod.sri: update SRI hash for go.mod changes
|
|
* go.{mod,sum}: migrate from nhooyr.io/websocket to github.com/coder/websocket
|
|
* cmd/viewer: add support for map-like container types
|
|
- update golang(API) to 1.23
|
|
- export version variables, to circumvent a bug
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 18 06:31:58 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
|
|
|
|
- update to 1.70.0:
|
|
* New: Restrict recommended and automatically selected exit nodes using the
|
|
new AllowedSuggestedExitNodes system policy. Applies only to platforms that
|
|
support system policies.
|
|
* Changed: Improved NAT traversal for some uncommon scenarios.
|
|
* Changed: Optimized sending firewall rules to clients more efficiently.
|
|
* Fixed: Exit node suggestion CLI command now prints the hostname.
|
|
* Fixed: Taildrive share paths configured through the CLI resolve relative
|
|
to where you run the tailscale command.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 2 20:35:35 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
|
|
|
|
- update to 1.68.2:
|
|
* Fixed: Tailnet lock validation of rotation signatures now permits multiple nodes
|
|
signed by the same pre-signed reusable auth key.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jun 16 13:30:20 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
|
|
|
|
- update to 1.68.1:
|
|
* Fixed: 4via6 subnet router advertisement works as expected.
|
|
* Fixed: Tailscale SSH access to Security-Enhanced Linux (SELinux) machines works as expected.
|
|
- update to 1.68.0:
|
|
* New: Auto-updates are allowed in containers, but ignore the tailnet-wide default
|
|
* New: Apply auto-updates even if the node is down or disconnected from the coordination server.
|
|
* New: tailscale lock status now prints the node's signature.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 22 08:36:37 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
|
|
|
|
- update to 1.66.4:
|
|
* Fixed: Restored UDP connectivity through Mullvad exit nodes
|
|
* Stateful filtering is now off by default
|
|
|
|
- update to 1.66.3:
|
|
* Login URLs did not always appear in the console when running tailscale up
|
|
* Starting with v1.66, the Kubernetes operator must always run the same or later version
|
|
as the proxies it manages.
|
|
* Expose cloud services on cluster network to the tailnet, using Kubernetes ExternalName Services
|
|
* Expose tailnet services that use Tailscale HTTPS to cluster workloads
|
|
* Cluster workloads can now refer to Tailscale Ingress resources by their MagicDNS names
|
|
* Configure environment variables for Tailscale Kubernetes operator proxies using ProxyClass CRD
|
|
* Expose tailscaled metrics endpoint for Tailscale Kubernetes operator proxies through ProxyClass CRD
|
|
* Configure labels for the Kubernetes operator Pods with Helm chart values
|
|
* Configure affinity rules for Kubernetes operator proxy Pods with ProxyClass
|
|
* Kubernetes operator proxy init container no longer attempts to enable IPv6 forwarding on systems
|
|
that don't have IPv6 module loaded
|
|
* Tailscale containers running on Kubernetes no longer error if an empty Kubernetes Secret is
|
|
pre-created for the tailscaled state
|
|
* Improved the ambiguous error messages when Tailscale running on Kubernetes does not have the right
|
|
permissions to perform actions against the tailscaled state Secret
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 10 15:16:33 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
|
|
|
|
- update to 1.66.1:
|
|
* Resolved issues with nftables rules for stateful filtering,
|
|
introduced in v1.66.0.
|
|
* tailscale set command flags --netfilter-mode, --snat-subnet-routes,
|
|
and --stateful-filtering are added.
|
|
|
|
- update to 1.66.0:
|
|
* Implemented client-side quarantining for shared-in exit nodes,
|
|
as a mitigation for a security vulnerability described in TS-2024-005.
|
|
* Use the --stateful-filtering flag for the tailscale up to enable stateful filtering for
|
|
subnet routers and exit nodes, as a mitigation for a security vulnerability described
|
|
in TS-2024-005.
|
|
* Added tab completions
|
|
* Use the tailscale exit-node suggest command to automatically pick an available exit node
|
|
that is likely to perform best.
|
|
* Site-to-site networking now also requires --stateful-filtering=false in addition to
|
|
--snat-subnet-routes=false on new subnet routers. Existing subnet routers with --snat-subnet-routes=false
|
|
will default to --stateful-filtering=false.
|
|
|
|
- update to 1.64.2:
|
|
* nothing relevant for linux
|
|
|
|
- update to 1.64.1:
|
|
* nothing relevant for linux
|
|
|
|
- update to 1.64.0:
|
|
* New: tailscale configure kubeconfig now respects KUBECONFIG environment variable.
|
|
* Fixed: tailscale configure kubeconfig now works with partially empty kubeconfig.
|
|
* Fixed: MSS clamping for Kubernetes operator proxies using nftables.
|
|
* Fixed: Containers on hosts with partial support for ip6tables no longer crash.
|
|
|
|
- turn of changelog generation
|
|
- add completions for bash
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Mar 30 08:28:56 UTC 2024 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- update to 1.62.1:
|
|
* Send load balancing hint HTTP request header
|
|
* Fixed: Kubernetes operator proxies should not accept subnet routes
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 14 03:13:54 UTC 2024 - rrahl0@proton.me
|
|
|
|
- update to 1.62.0:
|
|
* IPv6 support detection in a container environment is improved
|
|
* New: Web interface now uses ACL grants to manage access on tagged devices
|
|
* Tailscale SSH connections now disable unnecessary hostname canonicalization
|
|
* tailscale bugreport command for generating diagnostic logs now contain ethtool information
|
|
* Mullvad's family-friendly server is added to the list of well known DNS over HTTPS (DoH) servers
|
|
* DNS over HTTP requests now contain a timeout
|
|
* TCP forwarding attempts in userspace mode now have a per-client limit
|
|
* Endpoints with link-local IPv6 addresses is preferred over private addresses
|
|
* WireGuard logs are less verbose
|
|
* Go min. version 1.22.1
|
|
* DERP server region no longer changes if connectivity to the new DERP region is degraded
|
|
|
|
- update to 1.60.1:
|
|
* Exposing port 8080 to other devices on your tailnet works as expected
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 20 22:10:41 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
|
|
|
|
- Add disable-auto-update.patch to prevent auto updates and instead
|
|
ask users to use Zypper to update manually
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 20 14:52:46 UTC 2024 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- change to the non deprecated manualrun
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 16 14:38:14 UTC 2024 - alexandre.vicenzi@suse.com
|
|
|
|
- Spec cleanup
|
|
* Use tar_scm to avoid commit hashes in the spec
|
|
* Use tailscale build scripts
|
|
* Drop ProtectClock fix for Leap, DeviceAllow fixes it
|
|
- Add build-verbose.patch to get go flags into build log
|
|
- Enable PrivateDevices but allow access to /dev/net/tun in tailscaled.service
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 16 00:50:26 UTC 2024 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- update to 1.60.0:
|
|
* minimum go version 1.22
|
|
* authentication: present users with a valid login page when
|
|
attempting to login even after leaving device unattended for several days
|
|
* networking: mute noisy peer mtu discovery errors
|
|
* networking: expose gVisor metrics in debug mode
|
|
* port mapper: support legacy "urn:dslforum-org" port mapping services
|
|
* port mapper: fix crash when no support mapping services found
|
|
* ssh: log warning when unable to find SSH host keys
|
|
* serve: improve error message when running as non-root
|
|
* Detect when Tailscale is running on Digital Ocean and automatically
|
|
use Digital Ocean's DNS resolvers
|
|
* enable app connectors to install routes for domains that resolve to CNAME
|
|
records
|
|
* support pre-configured routes from control server
|
|
* add new read-only mode
|
|
* tailscale status command: fix output formatting Tailnet
|
|
includes location-based exit nodes
|
|
* a new ProxyClass custom resource that allows to provide custom
|
|
configuration for cluster resources that the operator creates
|
|
* ACL tags for the operator can now be configured via Helm chart values
|
|
* routing to Ingress backends that require an exact path without a slash
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 7 14:52:53 UTC 2024 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- make rpm not overwrite /etc/default/taiscaled
|
|
- defattr everything to root
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 3 11:18:05 UTC 2024 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- no stripping of binaries
|
|
- add commitID to binaries for upstream
|
|
- add directory for saved configs
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 23 23:54:36 UTC 2024 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- switch services to manual
|
|
- update to version 1.58.2:
|
|
* Fixed: [App connectors][app-connectors] have improved scheduling
|
|
and merging of route changes under some conditions
|
|
* Fixed: Crash when performing UPnP portmapping on older routers
|
|
with no supported portmapping services
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 19 08:06:27 UTC 2024 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- update to version 1.58.0:
|
|
* portmap: check the epoch from NAT-PMP & PCP, establish new portmapping if it changes
|
|
* portmap: better handle multiple interfaces
|
|
* portmap: handle multiple UPnP discovery responses
|
|
* increase the number of 4via6 site IDs from 256 to 65,536
|
|
* taildrop: allow category Z unicode characters
|
|
* increased binary size with 1.56 is resolved in 1.58
|
|
* Reduce home DERP flapping when there's still an active connection
|
|
* device web ui: fixed issue when accessing shared devices
|
|
* device web ui: fixed login issue when accessed over https
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 10 02:17:57 UTC 2024 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- fix an issue with Leap, where ProtectClock prevents to connect to
|
|
/dev/net/tun
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 15 21:22:39 UTC 2023 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- update to version 1.56.1:
|
|
* Fixed: Web interface redirects to the correct self IP known by source peer
|
|
* Fixed: Usage of slices.Compact from app connector domains list
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 15 13:48:28 UTC 2023 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- fix version output to what upstream expects
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 13 22:08:30 UTC 2023 - rrahl0@proton.me
|
|
|
|
- Update to version 1.56.0:
|
|
* improve responsiveness under load, especially with bidirectional traffic
|
|
* improve UPnP portmapping
|
|
* add tailscale whois subcommand to observe metadata associated with a Tailscale IP
|
|
* include tailnet name and profile ID in tailscale switch --list to disambiguate
|
|
profiles with common login names
|
|
* improve tailscale web interface for configuring some device settings such as exit nodes,
|
|
subnet routers, and Tailscale SSH
|
|
* improve containerboot to symlink its socket file if possible,
|
|
making the tailscale CLI work without --socket=/tmp/tailscale.sock
|
|
* add support in Kubernetes operator cluster egress for referring to a tailnet service
|
|
by its MagicDNS name
|
|
|
|
|
|
- Update to version 1.54.1:
|
|
* no relevant updates to the linux version
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 24 21:59:11 UTC 2023 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- tailscale couldn't connect to /dev/net/tun
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 23 06:51:24 UTC 2023 - rrahl0@proton.me
|
|
|
|
- Update to version 1.54.0:
|
|
* improve throughput substantially for UDP packets over TUN device with recent Linux kernels
|
|
|
|
|
|
- Update to version 1.52.1:
|
|
* no linux improvements
|
|
|
|
- Update to version 1.52.0:
|
|
* tailscale set command flag --auto-update is added to opt in to automatic client updates
|
|
* tailscale serve and tailscale funnel commands are updated for improved usability
|
|
* tailscale update command for manual updates is now in beta
|
|
* Taildrop file transfer displays a progress meter
|
|
* nftables auto-detection is improved when TS_DEBUG_FIREWALL_MODE=auto is used
|
|
* DNS detection of NetworkManager with configured but absent systemd-resolved
|
|
* Taildrop now resumes file transfers after partial transfers are interrupted
|
|
* tailscale up command displays a message about client updates when newer versions are available
|
|
* tailscale status command displays a message about client updates when newer versions are available
|
|
* tailscale cert command renews in the background. The current certificate only displays if it has expired.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 02 23:51:03 UTC 2023 - rrahl0@proton.me
|
|
|
|
- Update to version 1.50.1:
|
|
* fix bug where serve config could get wiped
|
|
* Funnel support for tsnet apps
|
|
* fix potential crash with UPnP
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Sep 30 19:38:50 UTC 2023 - rrahl0@proton.me
|
|
|
|
- Update to version 1.50.0:
|
|
* Update tailscale{,d} licenses
|
|
* Update Quad9 addresses and references
|
|
* Adds support for Wikimedia DNS using DNS-over-HTTPS
|
|
|
|
- Update to version 1.48.1:
|
|
* no relevant updates
|
|
|
|
- Update to version 1.48.2:
|
|
* Improvements to Mullvad exit nodes
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 18 15:56:24 UTC 2023 - Richard Rahl <rrahl0@proton.me>
|
|
|
|
- Initial revision
|