Tailscale package is very old

The package listed in the opkg source is a very old version for all architectures https://downloads.openwrt.org/releases/23.05.3/packages/

Who do I need to contact to ask them to update it?

I think their requirements exceed go 1.21 in OpenWRT 23.05.

1 Like

The nature of stable releases is that packages aren't getting updated to new major versions (apart from security- and bug fixes), so unless there is a strong need for an update, it won't be. Yes, the circumstances are a bit more relaxed for leaf packages in the package feeds compared to essential packages, but the same principles more or less apply.

There seems to be a need for update, at least Tailscale's admin portal warns about version 1.58.2-1:

Security update available
This machine is running a version with a known security vulnerability. It’s recommended to update to 1.68.2.

You can take courage to downgrade golang requirement and roll back dependabot library updates if not compatible.

Assuming, you build image from src: Overwrite the 23.05 Makefile for go, using the Makefile from master branch, which is quite new. (Worked for me to build new version of xray-core on 22.03.6.) And, in case of luck you might also find Makefile for newer version of tailscale on master branch. To give it a try. In case, of no luck, you still have a good chance for success by manually editing the standard tailscale Makefile on 23.05, changing version number and checksum.

2 Likes

There is no security notes in tailscale changelog. Refer to more info in tool you used to check.

The tool does not provide more info, but it is official information from Tailscale's admin console. Maybe they are referring to ' TS-2024-005' (see https://tailscale.com/security-bulletins ) which needs version <=1.66.0 to get fixed?

The problem is dependabot auto requirement bump, you have to down go requirement, then every breaking dependency, watching `s you go to not reintroduce 3rd party vulnerabilities.

Alternative is to add described config workaround into openwrt`s scripts.

If you are their customer ask for exact security patch nimbers.

You can cross-compile newest tailscale 1.68 on ubuntu, after installing newest go (1.22). Assuming, go supports your openwrt-platform. Consult tailscale docs how to build small image-combined. Just did it for ATH79.