tailscale

Commit Graph

Author	SHA1	Message	Date
OSS Updater	f13255d54d	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	6 months ago
Jordan Whited	e1d0d26686	go.mod: bump wireguard-go (#10352 ) This pulls in tailscale/wireguard-go@8cc8b8b and tailscale/wireguard-go@cc193a0, which improve throughput and latency under load. Updates tailscale/corp#11061 Signed-off-by: Jordan Whited <jordan@tailscale.com>	6 months ago
Percy Wegmann	17501ea31a	ci: report test coverage to coveralls.io This records test coverage for the amd64 no race tests and uploads the results to coveralls.io. Updates #cleanup Signed-off-by: Ox Cart <ox.to.a.cart@gmail.com>	6 months ago
Irbe Krumina	66471710f8	cmd/k8s-operator: truncate long StatefulSet name prefixes (#10343 ) Kubernetes can generate StatefulSet names that are too long and result in invalid Pod revision hash label values. Calculate whether a StatefulSet name generated for a Service or Ingress will be too long and if so, truncate it. Updates tailscale/tailscale#10284 Signed-off-by: Irbe Krumina <irbe@tailscale.com>	6 months ago
OSS Updater	fc8488fac0	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	6 months ago
OSS Updater	3402998c1c	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	6 months ago
OSS Updater	146c4bacde	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	6 months ago
Maisem Ali	7d4221c295	cmd/tsidp: add start of OIDC Tailscale IdP Updates #10263 Co-authored-by: Brad Fitzpatrick <bradfitz@tailscale.com> Change-Id: I240bc9b5ecf2df6f92c45929d105fde66c06a860 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	6 months ago
OSS Updater	063657c65f	go.mod: update web-client-prebuilt module Signed-off-by: OSS Updater <noreply+oss-updater@tailscale.com>	6 months ago
Tom DNetto	ce46d92ed2	go.{mod,sum}: update inet.af/tcpproxy to fix flaking test ``` [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.085s [nix-shell:~/tailscale]$ ./tool/go test ./cmd/sniproxy --failfast --count 80 ok tailscale.com/cmd/sniproxy 127.030s ``` Fixes: #10056 Signed-off-by: Tom DNetto <tom@tailscale.com>	6 months ago
Jordan Whited	12d5c99b04	client/tailscale,ipn/{ipnlocal,localapi}: check UDP GRO config (#10071 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	6 months ago
Will Norris	fc2d63bb8c	go.mod: updates web-client-prebuilt Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Will Norris	d530153d2f	go.mod: bump web-client-prebuilt Updates #cleanup Signed-off-by: Will Norris <will@tailscale.com>	6 months ago
Will Norris	cb07ed54c6	go.mod: update web-client-prebuilt Updates tailscale/corp#14335 Signed-off-by: Will Norris <will@tailscale.com>	7 months ago
dependabot[bot]	535cb6c3f5	build(deps): bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.6+incompatible to 24.0.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.6...v24.0.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	7 months ago
Jordan Whited	bd488e4ff8	go.mod: update wireguard-go (#10046 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	7 months ago
Jordan Whited	dd842d4d37	go.mod: update wireguard-go to enable TUN UDP GSO/GRO (#10029 ) Updates tailscale/corp#9990 Signed-off-by: Jordan Whited <jordan@tailscale.com>	7 months ago
Aaron Klotz	95671b71a6	ipn, safesocket: use Windows token in LocalAPI On Windows, the idiomatic way to check access on a named pipe is for the server to impersonate the client on its current OS thread, perform access checks using the client's access token, and then revert the OS thread's access token back to its true self. The access token is a better representation of the client's rights than just a username/userid check, as it represents the client's effective rights at connection time, which might differ from their normal rights. This patch updates safesocket to do the aforementioned impersonation, extract the token handle, and then revert the impersonation. We retain the token handle for the remaining duration of the connection (the token continues to be valid even after we have reverted back to self). Since the token is a property of the connection, I changed ipnauth to wrap the concrete net.Conn to include the token. I then plumbed that change through ipnlocal, ipnserver, and localapi as necessary. I also added a PermitLocalAdmin flag to the localapi Handler which I intend to use for controlling access to a few new localapi endpoints intended for configuring auto-update. Updates https://github.com/tailscale/tailscale/issues/755 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	7 months ago
Adrian Dewhurst	5347e6a292	control/controlclient: support certstore without cgo We no longer build Windows releases with cgo enabled, which automatically turned off certstore support. Rather than re-enabling cgo, we updated our fork of the certstore package to no longer require cgo. This updates the package, cleans up how the feature is configured, and removes the cgo build tag requirement. Fixes tailscale/corp#14797 Fixes tailscale/coral#118 Change-Id: Iaea34340761c0431d759370532c16a48c0913374 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	7 months ago
Brad Fitzpatrick	7fd6cc3caa	go.mod: bump alexbrainman/sspi For https://github.com/alexbrainman/sspi/pull/13 Fixes #9131 (hopefully) Change-Id: I27bb00bbf5e03850f65f18c45f15c4441cc54b23 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago
Brad Fitzpatrick	6b1ed732df	go.mod: bump x/net to 0.17 for CVE-2023-39325 https://go.googlesource.com/net/+/b225e7ca6dde1ef5a5ae5ce922861bda011cfabd Updates tailscale/corp#15165 Change-Id: Ia8b5e16b1acfe1b2400d321034b41370396f70e2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	7 months ago
Kristoffer Dalby	9eedf86563	posture: add get serial support for Windows/Linux This commit adds support for getting serial numbers from SMBIOS on Windows/Linux (and BSD) using go-smbios. Updates #5902 Signed-off-by: Kristoffer Dalby <kristoffer@tailscale.com>	7 months ago
James Tucker	41b05e6910	go.mod: bump wireguard-go Updates #9555 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
James Tucker	0c8c374a41	go.mod: bump all dependencies except go-billy go-billy is held back at v5.4.1 in order to avoid a newly introduced subdependency that is not compatible with plan9. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
James Tucker	84acf83019	go.mod,net/dnsfallback: bump go4.org/netipx Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
James Tucker	87bc831730	go.mod,cmd/tsconnect: bump esbuild Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
James Tucker	71f2c67c6b	go.mod: bump wingoes for cross-platform HRESULT definition Updates #9579 Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Andrea Barisani	b5b4298325	go.mod,*: bump gvisor Updates #9253 Signed-off-by: Andrea Barisani <andrea@inversepath.com> Signed-off-by: James Tucker <james@tailscale.com>	8 months ago
Joe Tsai	36242904f1	go.mod: update github.com/go-json-experiment/json (#9508 ) Update github.com/go-json-experiment/json to the latest version and fix the build in light of some breaking API changes. Updates #cleanup Signed-off-by: Joe Tsai <joetsai@digital-static.net>	8 months ago
Will Norris	652f77d236	client/web: switch to using prebuilt web client assets Updates tailscale/corp#13775 Co-authored-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Sonia Appasamy <sonia@tailscale.com> Signed-off-by: Will Norris <will@tailscale.com>	8 months ago
Andrew Lytvynov	4e72992900	clientupdate: add linux tarball updates (#9144 ) As a fallback to package managers, allow updating tailscale that was self-installed in some way. There are some tricky bits around updating the systemd unit (should we stick to local binary paths or to the ones in tailscaled.service?), so leaving that out for now. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	9 months ago
Brad Fitzpatrick	98a5116434	all: adjust some build tags for plan9 I'm not saying it works, but it compiles. Updates #5794 Change-Id: I2f3c99732e67fe57a05edb25b758d083417f083e Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Aaron Klotz	ea693eacb6	util/winutil: add RegisterForRestart, allowing programs to indicate their preferences to the Windows restart manager In order for the installer to restart the GUI correctly post-upgrade, we need the GUI to be able to register its restart preferences. This PR adds API support for doing so. I'm adding it to OSS so that it is available should we need to do any such registrations on OSS binaries in the future. Updates https://github.com/tailscale/corp/issues/13998 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	9 months ago
Maisem Ali	4b13e6e087	go.mod: bump golang.org/x/net Theory is that our long lived http2 connection to control would get tainted by _something_ (unclear what) and would get closed. This picks up the fix for golang/go#60818. Updates tailscale/corp#5761 Signed-off-by: Maisem Ali <maisem@tailscale.com>	9 months ago
Sonia Appasamy	077bbb8403	client/web: add csrf protection to web client api Adds csrf protection and hooks up an initial POST request from the React web client. Updates tailscale/corp#13775 Signed-off-by: Sonia Appasamy <sonia@tailscale.com>	9 months ago
Brad Fitzpatrick	66f27c4beb	all: require Go 1.21 Updates #8419 Change-Id: I809b6a4d59d92a2ab6ec587ccbb9053376bf02c2 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	9 months ago
Andrew Lytvynov	eb6883bb5a	go.mod: upgrade nfpm to v2 (#8786 ) Upgrade the nfpm package to the latest version to pick up `24a43c5ad7`. The upgrade is from v0 to v2, so there was some breakage to fix. Generated packages should have the same contents as before. Updates https://github.com/tailscale/tailscale/issues/1882 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>	10 months ago
Aaron Klotz	37925b3e7a	go.mod, cmd/tailscaled, ipn/localapi, util/osdiag, util/winutil, util/winutil/authenticode: add Windows module list to OS-specific logs that are written upon bugreport * We update wingoes to pick up new version information functionality (See pe/version.go in the https://github.com/dblohm7/wingoes repo); * We move the existing LogSupportInfo code (including necessary syscall stubs) out of util/winutil into a new package, util/osdiag, and implement the public LogSupportInfo function may be implemented for other platforms as needed; * We add a new reason argument to LogSupportInfo and wire that into localapi's bugreport implementation; * We add module information to the Windows implementation of LogSupportInfo when reason indicates a bugreport. We enumerate all loaded modules in our process, and for each one we gather debug, authenticode signature, and version information. Fixes #7802 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	10 months ago
Aaron Klotz	7adf15f90e	cmd/tailscale/cli, util/winutil/authenticode: flesh out authenticode support Previously, tailscale upgrade was doing the bare minimum for checking authenticode signatures via `WinVerifyTrustEx`. This is fine, but we can do better: * WinVerifyTrustEx verifies that the binary's signature is valid, but it doesn't determine whose signature is valid; tailscale upgrade should also ensure that the binary is actually signed by us. * I added the ability to check the signatures of MSI files. * In future PRs I will be adding diagnostic logging that lists details about every module (ie, DLL) loaded into our process. As part of that metadata, I want to be able to extract information about who signed the binaries. This code is modelled on some C++ I wrote for Firefox back in the day. See https://searchfox.org/mozilla-central/rev/27e4816536c891d85d63695025f2549fd7976392/toolkit/xre/dllservices/mozglue/Authenticode.cpp for reference. Fixes #8284 Signed-off-by: Aaron Klotz <aaron@tailscale.com>	10 months ago
David Anderson	52212f4323	all: update exp/slices and fix call sites slices.SortFunc suffered a late-in-cycle API breakage. Updates #cleanup Signed-off-by: David Anderson <danderson@tailscale.com>	10 months ago
dependabot[bot]	8bdc03913c	go.mod: bump github.com/docker/distribution (#8121 ) Bumps [github.com/docker/distribution](https://github.com/docker/distribution) from 2.8.1+incompatible to 2.8.2+incompatible. - [Release notes](https://github.com/docker/distribution/releases) - [Commits](https://github.com/docker/distribution/compare/v2.8.1...v2.8.2) --- updated-dependencies: - dependency-name: github.com/docker/distribution dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	10 months ago
Andrew Lytvynov	7a82fd8dbe	ipn/ipnlocal: add optional support for ACME Renewal Info (ARI) (#8599 )	10 months ago
Adrian Dewhurst	8c0572e088	go.mod: bump wireguard-go This pulls in IP checksum optimization on amd64, see tailscale/wireguard-go@bb2c8f2. Updates tailscale/corp#9755 Change-Id: I60e932fc4031703b56eb86a676465c5d02d99236 Signed-off-by: Adrian Dewhurst <adrian@tailscale.com>	10 months ago
Andrew Dunham	b6d20e6f8f	go.mod, net/dns/recursive: update github.com/miekg/dns Updates #cleanup Change-Id: If4de6a84448a17dd81cc2a8af788bd18c3d0bbe3 Signed-off-by: Andrew Dunham <andrew@du.nham.ca>	11 months ago
Brad Fitzpatrick	67e912824a	all: adjust some build tags for wasi A start. Updates #8320 Change-Id: I64057f977be51ba63ce635c56d67de7ecec415d1 Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	11 months ago
Vince Prignano	1a691ec5b2	cmd/k8s-operator: update controller-runtime to v0.15 Fixes #8170 Signed-off-by: Vince Prignano <vince@prigna.com>	12 months ago
James Tucker	5def4f4a1c	go.mod: bump goreleaser deps Periodic update for start of cycle. goreleaser is not updated to v2 yet, but indirects updated. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
James Tucker	48605226dd	go.mod: bump gvisor Periodic update for start of cycle. Updates #8043 Signed-off-by: James Tucker <james@tailscale.com>	1 year ago
Maisem Ali	f46c1aede0	go.mod: bump k8s libs The key is to update sigs.k8s.io/controller-runtime and let it update others. Updates #8043 Signed-off-by: Maisem Ali <maisem@tailscale.com>	1 year ago
Brad Fitzpatrick	9e9ea6e974	go.mod: bump all deps possible that don't break the build This holds back gvisor, kubernetes, goreleaser, and esbuild, which all had breaking API changes. Updates #8043 Updates #7381 Updates #8042 (updates u-root which adds deps) Change-Id: I889759bea057cd3963037d41f608c99eb7466a5b Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>	1 year ago

1 2 3 4 5 ...

377 Commits (f9550e0bed0074644e5b722f9dacd5d9ca5f8497)