File tailscale.changes of Package tailscale
-------------------------------------------------------------------
Sun Jun 16 13:30:20 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 1.68.1:
* Fixed: 4via6 subnet router advertisement works as expected.
* Fixed: Tailscale SSH access to Security-Enhanced Linux (SELinux) machines works as expected.
- update to 1.68.0:
* New: Auto-updates are allowed in containers, but ignore the tailnet-wide default
* New: Apply auto-updates even if the node is down or disconnected from the coordination server.
* New: tailscale lock status now prints the node's signature.
-------------------------------------------------------------------
Wed May 22 08:36:37 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 1.66.4:
* Fixed: Restored UDP connectivity through Mullvad exit nodes
* Stateful filtering is now off by default
- update to 1.66.3:
* Login URLs did not always appear in the console when running tailscale up
* Starting with v1.66, the Kubernetes operator must always run the same or later version
as the proxies it manages.
* Expose cloud services on cluster network to the tailnet, using Kubernetes ExternalName Services
* Expose tailnet services that use Tailscale HTTPS to cluster workloads
* Cluster workloads can now refer to Tailscale Ingress resources by their MagicDNS names
* Configure environment variables for Tailscale Kubernetes operator proxies using ProxyClass CRD
* Expose tailscaled metrics endpoint for Tailscale Kubernetes operator proxies through ProxyClass CRD
* Configure labels for the Kubernetes operator Pods with Helm chart values
* Configure affinity rules for Kubernetes operator proxy Pods with ProxyClass
* Kubernetes operator proxy init container no longer attempts to enable IPv6 forwarding on systems
that don't have IPv6 module loaded
* Tailscale containers running on Kubernetes no longer error if an empty Kubernetes Secret is
pre-created for the tailscaled state
* Improved the ambiguous error messages when Tailscale running on Kubernetes does not have the right
permissions to perform actions against the tailscaled state Secret
-------------------------------------------------------------------
Fri May 10 15:16:33 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 1.66.1:
* Resolved issues with nftables rules for stateful filtering,
introduced in v1.66.0.
* tailscale set command flags --netfilter-mode, --snat-subnet-routes,
and --stateful-filtering are added.
- update to 1.66.0:
* Implemented client-side quarantining for shared-in exit nodes,
as a mitigation for a security vulnerability described in TS-2024-005.
* Use the --stateful-filtering flag for the tailscale up to enable stateful filtering for
subnet routers and exit nodes, as a mitigation for a security vulnerability described
in TS-2024-005.
* Added tab completions
* Use the tailscale exit-node suggest command to automatically pick an available exit node
that is likely to perform best.
* Site-to-site networking now also requires --stateful-filtering=false in addition to
--snat-subnet-routes=false on new subnet routers. Existing subnet routers with --snat-subnet-routes=false
will default to --stateful-filtering=false.
- update to 1.64.2:
* nothing relevant for linux
- update to 1.64.1:
* nothing relevant for linux
- update to 1.64.0:
* New: tailscale configure kubeconfig now respects KUBECONFIG environment variable.
* Fixed: tailscale configure kubeconfig now works with partially empty kubeconfig.
* Fixed: MSS clamping for Kubernetes operator proxies using nftables.
* Fixed: Containers on hosts with partial support for ip6tables no longer crash.
- turn of changelog generation
- add completions for bash
-------------------------------------------------------------------
Sat Mar 30 08:28:56 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- update to 1.62.1:
* Send load balancing hint HTTP request header
* Fixed: Kubernetes operator proxies should not accept subnet routes
-------------------------------------------------------------------
Thu Mar 14 03:13:54 UTC 2024 - rrahl0@proton.me
- update to 1.62.0:
* IPv6 support detection in a container environment is improved
* New: Web interface now uses ACL grants to manage access on tagged devices
* Tailscale SSH connections now disable unnecessary hostname canonicalization
* tailscale bugreport command for generating diagnostic logs now contain ethtool information
* Mullvad's family-friendly server is added to the list of well known DNS over HTTPS (DoH) servers
* DNS over HTTP requests now contain a timeout
* TCP forwarding attempts in userspace mode now have a per-client limit
* Endpoints with link-local IPv6 addresses is preferred over private addresses
* WireGuard logs are less verbose
* Go min. version 1.22.1
* DERP server region no longer changes if connectivity to the new DERP region is degraded
- update to 1.60.1:
* Exposing port 8080 to other devices on your tailnet works as expected
-------------------------------------------------------------------
Tue Feb 20 22:10:41 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
- Add disable-auto-update.patch to prevent auto updates and instead
ask users to use Zypper to update manually
-------------------------------------------------------------------
Tue Feb 20 14:52:46 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- change to the non deprecated manualrun
-------------------------------------------------------------------
Fri Feb 16 14:38:14 UTC 2024 - alexandre.vicenzi@suse.com
- Spec cleanup
* Use tar_scm to avoid commit hashes in the spec
* Use tailscale build scripts
* Drop ProtectClock fix for Leap, DeviceAllow fixes it
- Add build-verbose.patch to get go flags into build log
- Enable PrivateDevices but allow access to /dev/net/tun in tailscaled.service
-------------------------------------------------------------------
Fri Feb 16 00:50:26 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- update to 1.60.0:
* minimum go version 1.22
* authentication: present users with a valid login page when
attempting to login even after leaving device unattended for several days
* networking: mute noisy peer mtu discovery errors
* networking: expose gVisor metrics in debug mode
* port mapper: support legacy "urn:dslforum-org" port mapping services
* port mapper: fix crash when no support mapping services found
* ssh: log warning when unable to find SSH host keys
* serve: improve error message when running as non-root
* Detect when Tailscale is running on Digital Ocean and automatically
use Digital Ocean's DNS resolvers
* enable app connectors to install routes for domains that resolve to CNAME
records
* support pre-configured routes from control server
* add new read-only mode
* tailscale status command: fix output formatting Tailnet
includes location-based exit nodes
* a new ProxyClass custom resource that allows to provide custom
configuration for cluster resources that the operator creates
* ACL tags for the operator can now be configured via Helm chart values
* routing to Ingress backends that require an exact path without a slash
-------------------------------------------------------------------
Wed Feb 7 14:52:53 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- make rpm not overwrite /etc/default/taiscaled
- defattr everything to root
-------------------------------------------------------------------
Sat Feb 3 11:18:05 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- no stripping of binaries
- add commitID to binaries for upstream
- add directory for saved configs
-------------------------------------------------------------------
Tue Jan 23 23:54:36 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- switch services to manual
- update to version 1.58.2:
* Fixed: [App connectors][app-connectors] have improved scheduling
and merging of route changes under some conditions
* Fixed: Crash when performing UPnP portmapping on older routers
with no supported portmapping services
-------------------------------------------------------------------
Fri Jan 19 08:06:27 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- update to version 1.58.0:
* portmap: check the epoch from NAT-PMP & PCP, establish new portmapping if it changes
* portmap: better handle multiple interfaces
* portmap: handle multiple UPnP discovery responses
* increase the number of 4via6 site IDs from 256 to 65,536
* taildrop: allow category Z unicode characters
* increased binary size with 1.56 is resolved in 1.58
* Reduce home DERP flapping when there's still an active connection
* device web ui: fixed issue when accessing shared devices
* device web ui: fixed login issue when accessed over https
-------------------------------------------------------------------
Wed Jan 10 02:17:57 UTC 2024 - Richard Rahl <rrahl0@proton.me>
- fix an issue with Leap, where ProtectClock prevents to connect to
/dev/net/tun
-------------------------------------------------------------------
Fri Dec 15 21:22:39 UTC 2023 - Richard Rahl <rrahl0@proton.me>
- update to version 1.56.1:
* Fixed: Web interface redirects to the correct self IP known by source peer
* Fixed: Usage of slices.Compact from app connector domains list
-------------------------------------------------------------------
Fri Dec 15 13:48:28 UTC 2023 - Richard Rahl <rrahl0@proton.me>
- fix version output to what upstream expects
-------------------------------------------------------------------
Wed Dec 13 22:08:30 UTC 2023 - rrahl0@proton.me
- Update to version 1.56.0:
* improve responsiveness under load, especially with bidirectional traffic
* improve UPnP portmapping
* add tailscale whois subcommand to observe metadata associated with a Tailscale IP
* include tailnet name and profile ID in tailscale switch --list to disambiguate
profiles with common login names
* improve tailscale web interface for configuring some device settings such as exit nodes,
subnet routers, and Tailscale SSH
* improve containerboot to symlink its socket file if possible,
making the tailscale CLI work without --socket=/tmp/tailscale.sock
* add support in Kubernetes operator cluster egress for referring to a tailnet service
by its MagicDNS name
- Update to version 1.54.1:
* no relevant updates to the linux version
-------------------------------------------------------------------
Fri Nov 24 21:59:11 UTC 2023 - Richard Rahl <rrahl0@proton.me>
- tailscale couldn't connect to /dev/net/tun
-------------------------------------------------------------------
Thu Nov 23 06:51:24 UTC 2023 - rrahl0@proton.me
- Update to version 1.54.0:
* improve throughput substantially for UDP packets over TUN device with recent Linux kernels
- Update to version 1.52.1:
* no linux improvements
- Update to version 1.52.0:
* tailscale set command flag --auto-update is added to opt in to automatic client updates
* tailscale serve and tailscale funnel commands are updated for improved usability
* tailscale update command for manual updates is now in beta
* Taildrop file transfer displays a progress meter
* nftables auto-detection is improved when TS_DEBUG_FIREWALL_MODE=auto is used
* DNS detection of NetworkManager with configured but absent systemd-resolved
* Taildrop now resumes file transfers after partial transfers are interrupted
* tailscale up command displays a message about client updates when newer versions are available
* tailscale status command displays a message about client updates when newer versions are available
* tailscale cert command renews in the background. The current certificate only displays if it has expired.
-------------------------------------------------------------------
Mon Oct 02 23:51:03 UTC 2023 - rrahl0@proton.me
- Update to version 1.50.1:
* fix bug where serve config could get wiped
* Funnel support for tsnet apps
* fix potential crash with UPnP
-------------------------------------------------------------------
Sat Sep 30 19:38:50 UTC 2023 - rrahl0@proton.me
- Update to version 1.50.0:
* Update tailscale{,d} licenses
* Update Quad9 addresses and references
* Adds support for Wikimedia DNS using DNS-over-HTTPS
- Update to version 1.48.1:
* no relevant updates
- Update to version 1.48.2:
* Improvements to Mullvad exit nodes
-------------------------------------------------------------------
Fri Aug 18 15:56:24 UTC 2023 - Richard Rahl <rrahl0@proton.me>
- Initial revision
