From 9f9a870399673f8b85ef84b5d7e0416027240000 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Tue, 21 Sep 2021 11:31:25 -0400 Subject: [PATCH] Version bump, backport one more fix. --- RELEASE-NOTES.md | 4 ++ ext/installfiles/mac/ZeroTier One.pkgproj | 9 +++- osdep/ManagedRoute.cpp | 50 ++++++++++++++++++----- version.h | 2 +- 4 files changed, 53 insertions(+), 12 deletions(-) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 5b3ccb85c..4e7f371a4 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,6 +1,10 @@ ZeroTier Release Notes ====== +# 2021-09-21 -- Version 1.6.6 + + * Point release to back-port additional endpoint-side mitigations against vulnerability announced by Pulse Security. + # 2021-04-13 -- Version 1.6.5 * Fix a bug in potential network path filtering that could in some circumstances lead to "software laser" effects. diff --git a/ext/installfiles/mac/ZeroTier One.pkgproj b/ext/installfiles/mac/ZeroTier One.pkgproj index fcc1676c0..bcc461afb 100755 --- a/ext/installfiles/mac/ZeroTier One.pkgproj +++ b/ext/installfiles/mac/ZeroTier One.pkgproj @@ -689,7 +689,7 @@ USE_HFS+_COMPRESSION VERSION - 1.6.5 + 1.6.6 TYPE 0 @@ -865,6 +865,13 @@ PROJECT_SETTINGS + ADVANCED_OPTIONS + + installer-script.options:hostArchitectures + + x86_64,arm64 + + BUILD_FORMAT 0 BUILD_PATH diff --git a/osdep/ManagedRoute.cpp b/osdep/ManagedRoute.cpp index 85f2c67c9..4c1214a66 100644 --- a/osdep/ManagedRoute.cpp +++ b/osdep/ManagedRoute.cpp @@ -250,14 +250,26 @@ static void _routeCmd(const char *op,const InetAddress &target,const InetAddress char iptmp[64]; if (via) { if ((ifscope)&&(ifscope[0])) { +#ifdef ZT_TRACE + fprintf(stderr, "DEBUG: route %s -ifscope %s %s %s" ZT_EOL_S, ifscope,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString(ttmp),via.toIpString(iptmp)); +#endif ::execl(ZT_BSD_ROUTE_CMD,ZT_BSD_ROUTE_CMD,op,"-ifscope",ifscope,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString(ttmp),via.toIpString(iptmp),(const char *)0); } else { +#ifdef ZT_TRACE + fprintf(stderr, "DEBUG: route %s %s %s %s" ZT_EOL_S, op,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString(ttmp),via.toIpString(iptmp)); +#endif ::execl(ZT_BSD_ROUTE_CMD,ZT_BSD_ROUTE_CMD,op,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString(ttmp),via.toIpString(iptmp),(const char *)0); } } else if ((localInterface)&&(localInterface[0])) { if ((ifscope)&&(ifscope[0])) { +#ifdef ZT_TRACE + fprintf(stderr, "DEBUG: route %s -ifscope %s %s %s -interface %s" ZT_EOL_S, op, ifscope,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString(ttmp),localInterface); +#endif ::execl(ZT_BSD_ROUTE_CMD,ZT_BSD_ROUTE_CMD,op,"-ifscope",ifscope,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString(ttmp),"-interface",localInterface,(const char *)0); } else { +#ifdef ZT_TRACE + fprintf(stderr, "DEBUG: route %s %s %s -interface %s" ZT_EOL_S, op,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString(ttmp),localInterface); +#endif ::execl(ZT_BSD_ROUTE_CMD,ZT_BSD_ROUTE_CMD,op,((target.ss_family == AF_INET6) ? "-inet6" : "-inet"),target.toString(ttmp),"-interface",localInterface,(const char *)0); } } @@ -393,9 +405,7 @@ ManagedRoute::ManagedRoute(const InetAddress &target,const InetAddress &via,cons } ManagedRoute::~ManagedRoute() -{ - this->remove(); -} +{} /* Linux NOTE: for default route override, some Linux distributions will * require a change to the rp_filter parameter. A value of '1' will prevent @@ -427,6 +437,24 @@ bool ManagedRoute::sync() #ifdef __BSD__ // ------------------------------------------------------------ + if (_device[0]) { + bool haveDevice = false; + struct ifaddrs *ifa = (struct ifaddrs *)0; + if (!getifaddrs(&ifa)) { + struct ifaddrs *p = ifa; + while (p) { + if ((p->ifa_name)&&(!strcmp(_device, p->ifa_name))) { + haveDevice = true; + break; + } + p = p->ifa_next; + } + freeifaddrs(ifa); + } + if (!haveDevice) + return false; + } + // Find lowest metric system route that this route should override (if any) InetAddress newSystemVia; char newSystemDevice[128]; @@ -471,23 +499,25 @@ bool ManagedRoute::sync() if (_systemVia) { _routeCmd("add",leftt,_systemVia,_systemDevice,(const char *)0); - _routeCmd("change",leftt,_systemVia,_systemDevice,(const char *)0); + //_routeCmd("change",leftt,_systemVia,_systemDevice,(const char *)0); if (rightt) { _routeCmd("add",rightt,_systemVia,_systemDevice,(const char *)0); - _routeCmd("change",rightt,_systemVia,_systemDevice,(const char *)0); + //_routeCmd("change",rightt,_systemVia,_systemDevice,(const char *)0); } } } if (!_applied.count(leftt)) { - _applied[leftt] = false; // not ifscoped + _applied[leftt] = !_via; + _routeCmd("delete",leftt,_via,(const char *)0,(_via) ? (const char *)0 : _device); _routeCmd("add",leftt,_via,(const char *)0,(_via) ? (const char *)0 : _device); - _routeCmd("change",leftt,_via,(const char *)0,(_via) ? (const char *)0 : _device); + //_routeCmd("change",leftt,_via,(const char *)0,(_via) ? (const char *)0 : _device); } if ((rightt)&&(!_applied.count(rightt))) { - _applied[rightt] = false; // not ifscoped + _applied[rightt] = !_via; + _routeCmd("delete",rightt,_via,(const char *)0,(_via) ? (const char *)0 : _device); _routeCmd("add",rightt,_via,(const char *)0,(_via) ? (const char *)0 : _device); - _routeCmd("change",rightt,_via,(const char *)0,(_via) ? (const char *)0 : _device); + //_routeCmd("change",rightt,_via,(const char *)0,(_via) ? (const char *)0 : _device); } #endif // __BSD__ ------------------------------------------------------------ @@ -566,4 +596,4 @@ void ManagedRoute::remove() _applied.clear(); } -} // namespace ZeroTier \ No newline at end of file +} // namespace ZeroTier diff --git a/version.h b/version.h index d6c2612e0..81286f557 100644 --- a/version.h +++ b/version.h @@ -27,7 +27,7 @@ /** * Revision */ -#define ZEROTIER_ONE_VERSION_REVISION 5 +#define ZEROTIER_ONE_VERSION_REVISION 6 /** * Build version