Merge branch 'dev' of github.com:/zerotier/ZeroTierOne into dev

2024-12-23 14:52:24 +00:00 · 2023-03-07 16:47:30 -05:00 · 2023-03-07 16:47:30 -05:00 · 64423f3a09
commit 64423f3a09
parent 9fb3f04385 dd627cd7f4
5 changed files with 144 additions and 32 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,95 @@
 # Security
 ZeroTier takes the security of our software products and services seriously, which 
 includes all source code repositories managed through our GitHub organization.
 ## Supported Versions
 The following versions of ZeroTier One receive security updates
 | Version | Supported          |
 | ------- | ------------------ |
 | 1.10.x   | :white_check_mark: |
 | 1.8.x   | :white_check_mark:  |
 | < 1.8.0 | :x: |
 ## Reporting a Vulnerability
 **Please do not report security issues through public GitHub issues**
 Instead, please report vulnerabilities via email to security@zerotier.com. If possible,
 please encrypt with our PGP key (see below).
 Please include the following information, or as much as you can provide to help us 
 understand the nature and scope of the issue:
  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
  * Full paths of source file(s) related to the manifestation of the issue
  * The location of the affected source code (tag/branch/commit or direct URL)
  * Any special configuration required to reproduce the issue
  * Step-by-step instructions to reproduce the issue
  * Proof-of-concept or exploit code (if possible)
  * Impact of the issue, including how an attacker might exploit the issue
 ## Preferred Languages
 We prefer all communications to be in English.
 ## security@zerotier.com PGP key
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBGQGOVIBEACalXTnNqaiSOVLFEiqHpDMg8N/OI5D5850Xy1ZEvx3B3rz7cbn
 k30ozHtJKbh+vqpyItE7DjyQAuF19gP5Q64Yh0Y+MmLHq60q/GwOwAYz7cI+UzA3
 5x8YqcmTp32LAM1xJn+iMlMLBuAmJl4kULKmOXPlpqPiyTFs5saizvm7fgRmfgJJ
 HpsnIrTkaDFJhAR+jvMJohVYwmhuydeI0DsHu7KGpG1ddcHDrUjOPNqXnnAPSPwx
 llw4yfKlQb8GYErsv/G5QVyzd5+SxEuiI4MARRnrk8LlMQ33CR6pzIQ/Bk5AAmye
 mHqfEAknkiOf++urYhRs9BL3Kz3MdV0cg92zr9EFOg0u56jxf5OnAiTOhGUUA0hn
 dS7peVGl46R9Oy2JYIazNDGi+4NIsYDFXsnsss9xOQVygPyeQd71zFHfix0jct9w
 j3o/kj7Egsnm9nc13354bYT6bbalqXiRWwGH1eAFpjueNWiVFwZS6NZUP3WeNDiY
 BlPo1LodvolbXiJcTILTCyEkERJPCK2zoE2nTdVfvTLWsuehw1M6Yd2/q74TVYy/
 RY+KjHkrChEBQ9PqXsXRHj6opKbT8JLfZkvU5k+3IiqqxOpB+QXFI/whj493CxWW
 so7QAmzOCyJq8GDVPxzkwUac22YIkXdiOmb8i/HWq+kLY/HjQE259Gx6KwARAQAB
 tClaZXJvVGllciBTZWN1cml0eSA8c2VjdXJpdHlAemVyb3RpZXIuY29tPokCTAQT
 AQoANhYhBH1HQGb+4jzl6mnFqf09m6uqADkABQJkBjlSAhsDBAsJCAcEFQoJCAUW
 AgMBAAIeAQIXgAAKCRD9PZurqgA5ACqPD/sFt6SG6Tu0HwTY2ofJtYsa2GBLL0pf
 dYlX4cWSs1PVB5+m5Oj18y+GB2umA9GnsVtmvaSfp3XEngt2zNWX27uUsVfL35b2
 /5TVVe8RjzOedqMN+lQWMvO+f/C1zmWYXjjpC+iGjgMMaRRrofkkn+7uL4N9y6gY
 rcXtpACT1rYFC+i1AKnZfUO8Vr5ji7odq0f7bDkN/N38rB0kRRwEmO8wqdpQK6gK
 nxf9vgJl5ggimDk5Xtz1sfd3y28bf5N4hdOCkXUbd10nUFY3wDNTM4VxozxTGJeG
 imdcc19Wuw/1fGUZ5SIjgPanCdPLGYwSTr+M6Fuern9uTtlC1GOby3BUtmVGP6EU
 1pSAJSRpmoBPHKKOYtSMwV8PCboXru9P1ab8y8STKM3SKyghUJrl17gdc0LaksZa
 E54pJudGPIQMFRqZjMdV6jgMuaLTozjZ4mW8EThf4mkX4xDkO8l7cOn0225ZYJZC
 lZKpdnwzk9owkJA80u4KBNJxTtB4ZAPzjBsD5hFzCZQTLNQp/psU3EjZsau28eXT
 E/C1QjEQHgy4ohkgQlCm1H1+clKssCWcdmsVGXuS1u8gh4K6X9b0Z6LeCGRaQvH2
 +DB8oTAdqp9nUZv9rP4pbo+sR4fF67CFLriVuxjedAiFkbM4uHMFcL4tc/X9+DRo
 YN5X7oEkZvO507kCDQRkBjlSARAAz58UMF7K1qKyQjzKTcutaYZ5SaIGky9lCLZn
 /2vjpFCoBogkxS/6IKQcwZk8b4S9QstaaQZDFEkxqNeKC0GiFTAMAb6SmYcK495h
 EZnHl0NA5Nc2dBlZk5E/ENzTCz2bXaxCcVESc2z+xCzu07brbhGrqvliKiwOUzt9
 JzqEsar6I95OutBcZvkFCs44/Uf9bS1qf1w4klE8w3vdMtGH23umrET4tFZ+sh6o
 ZFtQx0u2eKjsRdn/RMtsxLNaJlcE1DdIAqBpQrcmuwMC8v5wUGfCGZjhClzmyQlq
 akUkayir7UtbHbFT/mgO+YI77YGXWk5QrwPscqqT2l8KB/YMujNDmaWa/0KV1lIY
 zr5s4dzVeiwqFLR9ANFIhzFwzf3JLi6XSx123Qix0TxZoYPZCHl7yoi9qi6qybz5
 0Od2LSz3jbApeKYymZ+zjE+YV5y9DI6Wzy1j2M1FogNvTO9fMk+6dLt4HhTdSNvH
 cKya462YCcy+tnZTkhmh+FTebbJlV6D4wG7skE5KCdBhjm53xLwp6XW9L6n2CrkL
 W1IDBcCz0oPd1sMkXbO3wnxdXprV2XurCfsg/R2nszSNzvdJ8/xj3cr9hpoJ714R
 qqyoEDRZ1Ss9kGL166o5MpN5qb/EewdkqGgWP7YFXbhsdHQiW7Z7dAqzjoaybD4O
 nakkwyUAEQEAAYkCNgQYAQoAIBYhBH1HQGb+4jzl6mnFqf09m6uqADkABQJkBjlS
 AhsMAAoJEP09m6uqADkAax0P/Rh8EZYRqW6dPYTl1YQusAK10rAcRNq3ekjofXGk
 oXK1S7HWGoFgl5++5nfSfNgFJ5VLcgIM56wtIf49zFjWe5oC6fw8k+ghh4d2chMP
 hdDILx6e0c30Iq1+EvovGR9hWa0wJ4cKTdzlwhY9ZC09q0ia+bl2mwpie1JQDR0c
 zXCjt+PldLeeK9z1/XT0Q7KowYC+U18oR+KFm+EaRV4QT85JVequnIeGkmaHJrHB
 lH4T5A5ib7y8edon1c0Zx3GsaxJUojkEJ0SX7ffVDu6ztUZfkHfCVpMW4VzUeGA/
 m+CtFO9ciLRGZEkRa+zhIGoBvwEXU0GiwiF4nZ0F2C8UioeW0YIEV9zl3nXJctYE
 ZKc2whSENQRTGgaYHVoVZhznt71LKWgFLshwBo81UCXVkzwAjMW1ActDnmPw5M7q
 xR5Qp5G49Z1GmfSozazha0HVFPKNV5i3RlTzs4yLUnZyH0yC9IvtOefMHcLjG96L
 N5miEV97gvJJjrn8rhRvpUwAWgmT/9IuYjBNQTtNN40arto5HxezR76WCjdKYxdL
 p3dM1iiBDShHNm7LdyZlLFhTOMU0tNBxJJ7B09ar5gakeZjD+2aB1ODX9VuFtozL
 onBjI2gIkry0UIkuznHfFw05lZAZAiqHEVgVi/WTk4C/bklDZNgE0lx+IWzEz2iS
 L455
 =lheL
 -----END PGP PUBLIC KEY BLOCK-----
 ```
--- a/java/jni/ZT_jnicache.cpp
+++ b/java/jni/ZT_jnicache.cpp
@ -176,7 +176,15 @@ void setupJNICache(JavaVM *vm) {
    EXCEPTIONANDNULLCHECK(Peer_ctor = env->GetMethodID(Peer_class, "<init>", "(JIIIILcom/zerotier/sdk/PeerRole;[Lcom/zerotier/sdk/PeerPhysicalPath;)V"));
    EXCEPTIONANDNULLCHECK(Version_ctor = env->GetMethodID(Version_class, "<init>", "(III)V"));
    EXCEPTIONANDNULLCHECK(VirtualNetworkConfigListener_onNetworkConfigurationUpdated_method = env->GetMethodID(VirtualNetworkConfigListener_class, "onNetworkConfigurationUpdated", "(JLcom/zerotier/sdk/VirtualNetworkConfigOperation;Lcom/zerotier/sdk/VirtualNetworkConfig;)I"));
-    EXCEPTIONANDNULLCHECK(VirtualNetworkConfig_ctor = env->GetMethodID(VirtualNetworkConfig_class, "<init>", "(JJLjava/lang/String;Lcom/zerotier/sdk/VirtualNetworkStatus;Lcom/zerotier/sdk/VirtualNetworkType;IZZZIJ[Ljava/net/InetSocketAddress;[Lcom/zerotier/sdk/VirtualNetworkRoute;Lcom/zerotier/sdk/VirtualNetworkDNS;)V"));
+
    //
    // ANDROID-56: temporarily remove parameters to prevent crashing
    //
 //    EXCEPTIONANDNULLCHECK(VirtualNetworkConfig_ctor = env->GetMethodID(VirtualNetworkConfig_class, "<init>", "(JJLjava/lang/String;Lcom/zerotier/sdk/VirtualNetworkStatus;Lcom/zerotier/sdk/VirtualNetworkType;IZZZIJ[Ljava/net/InetSocketAddress;[Lcom/zerotier/sdk/VirtualNetworkRoute;Lcom/zerotier/sdk/VirtualNetworkDNS;)V"));
    EXCEPTIONANDNULLCHECK(VirtualNetworkConfig_ctor = env->GetMethodID(VirtualNetworkConfig_class, "<init>", "(JJLjava/lang/String;Lcom/zerotier/sdk/VirtualNetworkStatus;Lcom/zerotier/sdk/VirtualNetworkType;IZZZ[Ljava/net/InetSocketAddress;[Lcom/zerotier/sdk/VirtualNetworkRoute;Lcom/zerotier/sdk/VirtualNetworkDNS;)V"));
    EXCEPTIONANDNULLCHECK(VirtualNetworkDNS_ctor = env->GetMethodID(VirtualNetworkDNS_class, "<init>", "(Ljava/lang/String;Ljava/util/ArrayList;)V"));
    EXCEPTIONANDNULLCHECK(VirtualNetworkFrameListener_onVirtualNetworkFrame_method = env->GetMethodID(VirtualNetworkFrameListener_class, "onVirtualNetworkFrame", "(JJJJJ[B)V"));
    EXCEPTIONANDNULLCHECK(VirtualNetworkRoute_ctor = env->GetMethodID(VirtualNetworkRoute_class, "<init>", "(Ljava/net/InetSocketAddress;Ljava/net/InetSocketAddress;II)V"));
--- a/java/jni/ZT_jniutils.cpp
+++ b/java/jni/ZT_jniutils.cpp
@ -307,8 +307,11 @@ jobject newNetworkConfig(JNIEnv *env, const ZT_VirtualNetworkConfig &vnetConfig)
            vnetConfig.dhcp,
            vnetConfig.bridge,
            vnetConfig.broadcastEnabled,
-            vnetConfig.portError,
+            //
-            vnetConfig.netconfRevision,
+            // ANDROID-56: temporarily remove parameters to prevent crashing
            //
 //            vnetConfig.portError,
 //            vnetConfig.netconfRevision,
            assignedAddrArrayObj,
            routesArrayObj,
            dnsObj);
--- a/java/src/com/zerotier/sdk/VirtualNetworkConfig.java
+++ b/java/src/com/zerotier/sdk/VirtualNetworkConfig.java
@ -66,9 +66,12 @@ public class VirtualNetworkConfig implements Comparable<VirtualNetworkConfig> {
    private final boolean broadcastEnabled;
-    private final int portError;
+    //
-
+    // ANDROID-56: temporarily remove parameters to prevent crashing
-    private final long netconfRevision;
+    //
 //    private final int portError;
 //
 //    private final long netconfRevision;
    private final InetSocketAddress[] assignedAddresses;
@ -76,7 +79,7 @@ public class VirtualNetworkConfig implements Comparable<VirtualNetworkConfig> {
    private final VirtualNetworkDNS dns;
-    public VirtualNetworkConfig(long nwid, long mac, String name, VirtualNetworkStatus status, VirtualNetworkType type, int mtu, boolean dhcp, boolean bridge, boolean broadcastEnabled, int portError, long netconfRevision, InetSocketAddress[] assignedAddresses, VirtualNetworkRoute[] routes, VirtualNetworkDNS dns) {
+    public VirtualNetworkConfig(long nwid, long mac, String name, VirtualNetworkStatus status, VirtualNetworkType type, int mtu, boolean dhcp, boolean bridge, boolean broadcastEnabled, InetSocketAddress[] assignedAddresses, VirtualNetworkRoute[] routes, VirtualNetworkDNS dns) {
        this.nwid = nwid;
        this.mac = mac;
        this.name = name;
@ -89,11 +92,11 @@ public class VirtualNetworkConfig implements Comparable<VirtualNetworkConfig> {
        this.dhcp = dhcp;
        this.bridge = bridge;
        this.broadcastEnabled = broadcastEnabled;
-        this.portError = portError;
+//        this.portError = portError;
-        if (netconfRevision < 0) {
+//        if (netconfRevision < 0) {
-            throw new RuntimeException("netconfRevision < 0: " + netconfRevision);
+//            throw new RuntimeException("netconfRevision < 0: " + netconfRevision);
-        }
+//        }
-        this.netconfRevision = netconfRevision;
+//        this.netconfRevision = netconfRevision;
        this.assignedAddresses = assignedAddresses;
        this.routes = routes;
        this.dns = dns;
@ -101,7 +104,7 @@ public class VirtualNetworkConfig implements Comparable<VirtualNetworkConfig> {
    @Override
    public String toString() {
-        return "VirtualNetworkConfig(" + StringUtils.networkIdToString(nwid) + ", " + StringUtils.macAddressToString(mac) + ", " + name + ", " + status + ", " + type + ", " + mtu + ", " + dhcp + ", " + bridge + ", " + broadcastEnabled + ", " + portError + ", " + netconfRevision + ", " + Arrays.toString(assignedAddresses) + ", " + Arrays.toString(routes) + ", " + dns + ")";
+        return "VirtualNetworkConfig(" + StringUtils.networkIdToString(nwid) + ", " + StringUtils.macAddressToString(mac) + ", " + name + ", " + status + ", " + type + ", " + mtu + ", " + dhcp + ", " + bridge + ", " + broadcastEnabled + ", " + Arrays.toString(assignedAddresses) + ", " + Arrays.toString(routes) + ", " + dns + ")";
    }
    @Override
@ -168,17 +171,17 @@ public class VirtualNetworkConfig implements Comparable<VirtualNetworkConfig> {
            return false;
        }
-        if (this.portError != cfg.portError) {
+//        if (this.portError != cfg.portError) {
-            Log.i(TAG, "Port Error Changed. Old: " + this.portError + ", New: " + cfg.portError);
+//            Log.i(TAG, "Port Error Changed. Old: " + this.portError + ", New: " + cfg.portError);
-
+//
-            return false;
+//            return false;
-        }
+//        }
-
+//
-        if (this.netconfRevision != cfg.netconfRevision) {
+//        if (this.netconfRevision != cfg.netconfRevision) {
-            Log.i(TAG, "NetConfRevision Changed. Old: " + this.netconfRevision + ", New: " + cfg.netconfRevision);
+//            Log.i(TAG, "NetConfRevision Changed. Old: " + this.netconfRevision + ", New: " + cfg.netconfRevision);
-
+//
-            return false;
+//            return false;
-        }
+//        }
        if (!Arrays.equals(assignedAddresses, cfg.assignedAddresses)) {
@ -277,8 +280,8 @@ public class VirtualNetworkConfig implements Comparable<VirtualNetworkConfig> {
        result = 37 * result + (dhcp ? 1 : 0);
        result = 37 * result + (bridge ? 1 : 0);
        result = 37 * result + (broadcastEnabled ? 1 : 0);
-        result = 37 * result + portError;
+//        result = 37 * result + portError;
-        result = 37 * result + (int) (netconfRevision ^ (netconfRevision >>> 32));
+//        result = 37 * result + (int) (netconfRevision ^ (netconfRevision >>> 32));
        result = 37 * result + Arrays.hashCode(assignedAddresses);
        result = 37 * result + Arrays.hashCode(routes);
        result = 37 * result + (dns == null ? 0 : dns.hashCode());
@ -359,18 +362,18 @@ public class VirtualNetworkConfig implements Comparable<VirtualNetworkConfig> {
    /**
     * If the network is in PORT_ERROR state, this is the error most recently returned by the port config callback
     */
-    public int getPortError() {
+//    public int getPortError() {
-        return portError;
+//        return portError;
-    }
+//    }
    /**
     * Network config revision as reported by netconf master
     *
     * <p>If this is zero, it means we're still waiting for our netconf.</p>
     */
-    public long getNetconfRevision() {
+//    public long getNetconfRevision() {
-        return netconfRevision;
+//        return netconfRevision;
-    }
+//    }
    /**
     * ZeroTier-assigned addresses (in {@link InetSocketAddress} objects)
--- a/make-linux.mk
+++ b/make-linux.mk
@ -146,6 +146,9 @@ endif
 ifeq ($(CC_MACH),e2k)
 	ZT_ARCHITECTURE=2
 endif
 ifeq ($(CC_MACH),e2k64)
 	ZT_ARCHITECTURE=2
 endif
 ifeq ($(CC_MACH),i386)
 	ZT_ARCHITECTURE=1
 	ZT_SSO_SUPPORTED=1