From ffb444dbeb6bea3cb155502395e61cb6d18708c9 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 11 Apr 2022 12:15:41 -0400 Subject: [PATCH 1/7] 1.8.8 bump --- debian/changelog | 6 ++ ext/installfiles/mac/ZeroTier One.pkgproj | 2 +- ext/installfiles/windows/ZeroTier One.aip | 75 +++++++++++++++++------ version.h | 2 +- zerotier-one.spec | 5 +- 5 files changed, 69 insertions(+), 21 deletions(-) diff --git a/debian/changelog b/debian/changelog index 3c2655421..9d74a5b6d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +zerotier-one (1.8.8) unstable; urgency=medium + + * See RELEASE-NOTES.md for release notes. + + -- Adam Ierymenko Mon, 11 Apr 2022 01:00:00 -0700 + zerotier-one (1.8.7) unstable; urgency=medium * See RELEASE-NOTES.md for release notes. diff --git a/ext/installfiles/mac/ZeroTier One.pkgproj b/ext/installfiles/mac/ZeroTier One.pkgproj index 75bf70aa3..62c6f6e2d 100755 --- a/ext/installfiles/mac/ZeroTier One.pkgproj +++ b/ext/installfiles/mac/ZeroTier One.pkgproj @@ -701,7 +701,7 @@ USE_HFS+_COMPRESSION VERSION - 1.8.7 + 1.8.8 TYPE 0 diff --git a/ext/installfiles/windows/ZeroTier One.aip b/ext/installfiles/windows/ZeroTier One.aip index c3fca20b2..e623a3263 100644 --- a/ext/installfiles/windows/ZeroTier One.aip +++ b/ext/installfiles/windows/ZeroTier One.aip @@ -30,10 +30,10 @@ - + - + @@ -52,31 +52,37 @@ - + - + - + - - - - - - + + + + + + - + + + + + + + @@ -250,6 +256,12 @@ + + + + + + @@ -289,6 +301,7 @@ + @@ -337,6 +350,12 @@ + + + + + + @@ -346,7 +365,7 @@ - + @@ -372,7 +391,7 @@ - + @@ -382,17 +401,20 @@ + + - - + + - + + @@ -405,6 +427,23 @@ + + + + + + + + + + + + + + + + + @@ -491,7 +530,7 @@ - + diff --git a/version.h b/version.h index 0f2a7e0ac..86bc38eb6 100644 --- a/version.h +++ b/version.h @@ -27,7 +27,7 @@ /** * Revision */ -#define ZEROTIER_ONE_VERSION_REVISION 7 +#define ZEROTIER_ONE_VERSION_REVISION 8 /** * Build version diff --git a/zerotier-one.spec b/zerotier-one.spec index d84455c11..9d18c78ca 100644 --- a/zerotier-one.spec +++ b/zerotier-one.spec @@ -1,5 +1,5 @@ Name: zerotier-one -Version: 1.8.7 +Version: 1.8.8 Release: 1%{?dist} Summary: ZeroTier network virtualization service @@ -165,6 +165,9 @@ esac %endif %changelog +* Fri Apr 11 2022 Adam Ierymenko - 1.8.8 +- see https://github.com/zerotier/ZeroTierOne for release notes + * Fri Mar 21 2022 Adam Ierymenko - 1.8.7 - see https://github.com/zerotier/ZeroTierOne for release notes From ff0e6a53fc5d67198f5d138ec7cf584cd3dc83bb Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 11 Apr 2022 12:16:32 -0400 Subject: [PATCH 2/7] Release notes for 1.8.8 --- RELEASE-NOTES.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index dacbc1837..80f352664 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -1,6 +1,11 @@ ZeroTier Release Notes ====== +# 2022-04-11 -- Version 1.8.8 + + * Fix a local privilege escalation bug in the Windows installer. + * No changes for other platforms. Windows upgrade recommended, everyone else optional. + # 2022-03-30 -- Version 1.8.7 * Fix for dependency installations in Windows MSI package. From 24ec63400526a844208163ae1fe734857810a01e Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 11 Apr 2022 12:28:14 -0400 Subject: [PATCH 3/7] Possible fix for Ubuntu versioning issue on libstdc++6 --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index e8498070b..541dcea2b 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Homepage: https://www.zerotier.com/ Package: zerotier-one Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, iproute2, adduser, libstdc++6, openssl +Depends: ${shlibs:Depends}, ${misc:Depends}, iproute2, adduser, libstdc++6 (>= 5), openssl Homepage: https://www.zerotier.com/ Description: ZeroTier network virtualization service ZeroTier One lets you join ZeroTier virtual networks and From bd9c8d65ef6530ee5d14293a6d60cd2d4953ee05 Mon Sep 17 00:00:00 2001 From: Adam Ierymenko Date: Mon, 11 Apr 2022 12:46:12 -0400 Subject: [PATCH 4/7] Release notes for 1.8.8 --- RELEASE-NOTES.md | 1 + 1 file changed, 1 insertion(+) diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md index 80f352664..0011a81ea 100644 --- a/RELEASE-NOTES.md +++ b/RELEASE-NOTES.md @@ -4,6 +4,7 @@ ZeroTier Release Notes # 2022-04-11 -- Version 1.8.8 * Fix a local privilege escalation bug in the Windows installer. + * Dependency fix for some Ubuntu versions. * No changes for other platforms. Windows upgrade recommended, everyone else optional. # 2022-03-30 -- Version 1.8.7 From df46248a0cc80aec6cd16a5b6e3d80b61a374e55 Mon Sep 17 00:00:00 2001 From: Erik Hollensbe Date: Tue, 12 Apr 2022 23:56:16 -0700 Subject: [PATCH 5/7] silence catting files that don't exist in docker entrypoint Signed-off-by: Erik Hollensbe --- entrypoint.sh.release | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh.release b/entrypoint.sh.release index d8222305b..71d3a7cf2 100644 --- a/entrypoint.sh.release +++ b/entrypoint.sh.release @@ -1,7 +1,7 @@ #!/bin/sh grepzt() { - [ -f /var/lib/zerotier-one/zerotier-one.pid -a -n "$(cat /var/lib/zerotier-one/zerotier-one.pid)" -a -d "/proc/$(cat /var/lib/zerotier-one/zerotier-one.pid)" ] + [ -f /var/lib/zerotier-one/zerotier-one.pid -a -n "$(cat /var/lib/zerotier-one/zerotier-one.pid 2>/dev/null)" -a -d "/proc/$(cat /var/lib/zerotier-one/zerotier-one.pid 2>/dev/null)" ] return $? } @@ -34,7 +34,7 @@ mkztfile zerotier-one.port 0600 "9993" killzerotier() { echo "Killing zerotier" - kill $(cat /var/lib/zerotier-one/zerotier-one.pid) + kill $(cat /var/lib/zerotier-one/zerotier-one.pid 2>/dev/null) exit 0 } From 8598f34ebfec040eaa2d3528822246e79b88b8cf Mon Sep 17 00:00:00 2001 From: Erik Hollensbe Date: Wed, 13 Apr 2022 00:09:46 -0700 Subject: [PATCH 6/7] prettify the entrypoint log output Signed-off-by: Erik Hollensbe --- entrypoint.sh.release | 46 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/entrypoint.sh.release b/entrypoint.sh.release index 71d3a7cf2..bb0744e82 100644 --- a/entrypoint.sh.release +++ b/entrypoint.sh.release @@ -33,29 +33,57 @@ fi mkztfile zerotier-one.port 0600 "9993" killzerotier() { - echo "Killing zerotier" + log "Killing zerotier" kill $(cat /var/lib/zerotier-one/zerotier-one.pid 2>/dev/null) exit 0 } +log_header() { + echo -n "\r=>" +} + +log_detail_header() { + echo -n "\r===>" +} + +log() { + echo "$(log_header)" "$@" +} + +log_params() { + title=$1 + shift + log "$title" "[$@]" +} + +log_detail() { + echo "$(log_detail_header)" "$@" +} + +log_detail_params() { + title=$1 + shift + log_detail "$title" "[$@]" +} + trap killzerotier INT TERM -echo "Configuring networks to join" +log "Configuring networks to join" mkdir -p /var/lib/zerotier-one/networks.d -echo "joining networks: $@" +log_params "Joining networks:" $@ for i in "$@" do - echo "Configuring join for $i" + log_detail_params "Configuring join:" "$i" touch "/var/lib/zerotier-one/networks.d/${i}.conf" done -echo "starting zerotier" +log "Starting ZeroTier" nohup /usr/sbin/zerotier-one & while ! grepzt do - echo "zerotier hasn't started, waiting a second" + log_detail "ZeroTier hasn't started, waiting a second" if [ -f nohup.out ] then @@ -65,7 +93,7 @@ do sleep 1 done -echo "Writing healthcheck for networks: $@" +log_params "Writing healthcheck for networks:" $@ cat >/healthcheck.sh < Date: Thu, 31 Mar 2022 21:45:38 -0700 Subject: [PATCH 7/7] Fix ZT_SSO_SUPPORTED flag behavior. Allow disabling for embedded targets. --- make-linux.mk | 34 +++++++++++++++++++++------------- node/Constants.hpp | 19 ++++++++++++------- service/OneService.cpp | 20 ++++++++++---------- 3 files changed, 43 insertions(+), 30 deletions(-) diff --git a/make-linux.mk b/make-linux.mk index c5daa0b36..0e30561b7 100644 --- a/make-linux.mk +++ b/make-linux.mk @@ -1,12 +1,12 @@ # Automagically pick CLANG or RH/CentOS newer GCC if present # This is only done if we have not overridden these with an environment or CLI variable ifeq ($(origin CC),default) - CC:=$(shell if [ -e /usr/bin/clang ]; then echo clang; else echo gcc; fi) - CC:=$(shell if [ -e /opt/rh/devtoolset-8/root/usr/bin/gcc ]; then echo /opt/rh/devtoolset-8/root/usr/bin/gcc; else echo $(CC); fi) + CC:=$(shell if [ -e /usr/bin/clang ]; then echo clang; else echo gcc; fi) + CC:=$(shell if [ -e /opt/rh/devtoolset-8/root/usr/bin/gcc ]; then echo /opt/rh/devtoolset-8/root/usr/bin/gcc; else echo $(CC); fi) endif ifeq ($(origin CXX),default) - CXX:=$(shell if [ -e /usr/bin/clang++ ]; then echo clang++; else echo g++; fi) - CXX:=$(shell if [ -e /opt/rh/devtoolset-8/root/usr/bin/g++ ]; then echo /opt/rh/devtoolset-8/root/usr/bin/g++; else echo $(CXX); fi) + CXX:=$(shell if [ -e /usr/bin/clang++ ]; then echo clang++; else echo g++; fi) + CXX:=$(shell if [ -e /opt/rh/devtoolset-8/root/usr/bin/g++ ]; then echo /opt/rh/devtoolset-8/root/usr/bin/g++; else echo $(CXX); fi) endif INCLUDES?=-Izeroidc/target @@ -75,16 +75,19 @@ else endif ifeq ($(ZT_QNAP), 1) - override DEFS+=-D__QNAP__ + override DEFS+=-D__QNAP__ + ZT_EMBEDDED=1 endif ifeq ($(ZT_UBIQUITI), 1) - override DEFS+=-D__UBIQUITI__ + override DEFS+=-D__UBIQUITI__ + ZT_EMBEDDED=1 endif ifeq ($(ZT_SYNOLOGY), 1) override CFLAGS+=-fPIC override CXXFLAGS+=-fPIC override DEFS+=-D__SYNOLOGY__ + ZT_EMBEDDED=1 endif ifeq ($(ZT_DISABLE_COMPRESSION), 1) @@ -213,9 +216,9 @@ ifeq ($(CC_MACH),armv7hl) ZT_USE_ARM32_NEON_ASM_CRYPTO=1 endif ifeq ($(CC_MACH),armv7ve) - ZT_ARCHITECTURE=3 - override DEFS+=-DZT_NO_TYPE_PUNNING - ZT_USE_ARM32_NEON_ASM_CRYPTO=1 + ZT_ARCHITECTURE=3 + override DEFS+=-DZT_NO_TYPE_PUNNING + ZT_USE_ARM32_NEON_ASM_CRYPTO=1 endif ifeq ($(CC_MACH),arm64) ZT_ARCHITECTURE=4 @@ -268,10 +271,13 @@ ifeq ($(ZT_IA32),1) endif ifeq ($(ZT_SSO_SUPPORTED), 1) - ifeq ($(ZT_DEBUG),1) - LDLIBS+=zeroidc/target/debug/libzeroidc.a -ldl -lssl -lcrypto - else - LDLIBS+=zeroidc/target/release/libzeroidc.a -ldl -lssl -lcrypto + ifeq ($(ZT_EMBEDDED),) + override DEFS+=-DZT_SSO_SUPPORTED=1 + ifeq ($(ZT_DEBUG),1) + LDLIBS+=zeroidc/target/debug/libzeroidc.a -ldl -lssl -lcrypto + else + LDLIBS+=zeroidc/target/release/libzeroidc.a -ldl -lssl -lcrypto + endif endif endif @@ -384,9 +390,11 @@ debug: FORCE make ZT_DEBUG=1 selftest ifeq ($(ZT_SSO_SUPPORTED), 1) +ifeq ($(ZT_EMBEDDED),) zeroidc: FORCE # export PATH=/root/.cargo/bin:$$PATH; cd zeroidc && cargo build -j1 $(RUSTFLAGS) export PATH=/root/.cargo/bin:$$PATH; cd zeroidc && cargo build $(RUSTFLAGS) +endif else zeroidc: endif diff --git a/node/Constants.hpp b/node/Constants.hpp index 930c91299..c3108ff03 100644 --- a/node/Constants.hpp +++ b/node/Constants.hpp @@ -50,16 +50,17 @@ #define __UNIX_LIKE__ #endif #include - #if (defined(__amd64) || defined(__amd64__) || defined(__x86_64) || defined(__x86_64__) || defined(__AMD64) || defined(__AMD64__) || defined(_M_X64) || defined(__aarch64__)) -#define OIDC_SUPPORTED 1 -#else -#define OIDC_SUPPORTED 0 +#ifdef ZT_SSO_SUPPORTED +#define ZT_SSO_ENABLED 1 +#endif #endif #endif #ifdef __APPLE__ -#define OIDC_SUPPORTED 1 +#ifdef ZT_SSO_SUPPORTED +#define ZT_SSO_ENABLED 1 +#endif #define likely(x) __builtin_expect((x),1) #define unlikely(x) __builtin_expect((x),0) #include @@ -73,7 +74,9 @@ #endif #if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) -#define OIDC_SUPPORTED 0 +#ifdef ZT_SSO_SUPPORTED +#define ZT_SSO_ENABLED 0 +#endif #ifndef __UNIX_LIKE__ #define __UNIX_LIKE__ #endif @@ -89,7 +92,9 @@ #endif #if defined(_WIN32) || defined(_WIN64) -#define OIDC_SUPPORTED 1 +#ifdef ZT_SSO_SUPPORTED +#define ZT_SSO_ENABLED 1 +#endif #ifndef __WINDOWS__ #define __WINDOWS__ #endif diff --git a/service/OneService.cpp b/service/OneService.cpp index 246df7446..78b4b058f 100644 --- a/service/OneService.cpp +++ b/service/OneService.cpp @@ -53,7 +53,7 @@ #include "OneService.hpp" #include "SoftwareUpdater.hpp" -#if OIDC_SUPPORTED +#if ZT_SSO_ENABLED #include #endif @@ -195,7 +195,7 @@ public: NetworkState() : _webPort(9993) , _tap((EthernetTap *)0) -#if OIDC_SUPPORTED +#if ZT_SSO_ENABLED , _idc(nullptr) #endif { @@ -212,7 +212,7 @@ public: this->_managedRoutes.clear(); this->_tap.reset(); -#if OIDC_SUPPORTED +#if ZT_SSO_ENABLED if (_idc) { zeroidc::zeroidc_stop(_idc); zeroidc::zeroidc_delete(_idc); @@ -296,7 +296,7 @@ public: if (_config.ssoEnabled && _config.ssoVersion == 1) { // fprintf(stderr, "ssoEnabled for %s\n", nwid); -#if OIDC_SUPPORTED +#if ZT_SSO_ENABLED if (_idc == nullptr) { assert(_config.issuerURL != nullptr); @@ -353,7 +353,7 @@ public: } const char* getAuthURL() { -#if OIDC_SUPPORTED +#if ZT_SSO_ENABLED if (_idc != nullptr) { return zeroidc::zeroidc_get_auth_url(_idc); } @@ -363,7 +363,7 @@ public: } const char* doTokenExchange(const char *code) { -#if OIDC_SUPPORTED +#if ZT_SSO_ENABLED if (_idc == nullptr) { fprintf(stderr, "ainfo or idc null\n"); return ""; @@ -386,7 +386,7 @@ public: } uint64_t getExpiryTime() { -#if OIDC_SUPPORTED +#if ZT_SSO_ENABLED if (_idc == nullptr) { fprintf(stderr, "idc is null\n"); return 0; @@ -404,7 +404,7 @@ private: std::vector _managedIps; std::map< InetAddress, SharedPtr > _managedRoutes; OneService::NetworkSettings _settings; -#if OIDC_SUPPORTED +#if ZT_SSO_ENABLED zeroidc::ZeroIDC *_idc; #endif }; @@ -1707,7 +1707,7 @@ public: scode = _controller->handleControlPlaneHttpGET(std::vector(ps.begin()+1,ps.end()),urlArgs,headers,body,responseBody,responseContentType); } else scode = 404; } -#if OIDC_SUPPORTED +#if ZT_SSO_ENABLED } else if (ps[0] == "sso") { char resBuf[4096] = {0}; const char *error = zeroidc::zeroidc_get_url_param_value("error", path.c_str()); @@ -2310,11 +2310,11 @@ public: fprintf(stderr,"ERROR: unable to add ip address %s" ZT_EOL_S, ip->toString(ipbuf)); } } +#endif #ifdef __APPLE__ if (!MacDNSHelper::addIps(n.config().nwid, n.config().mac, n.tap()->deviceName().c_str(), newManagedIps)) fprintf(stderr, "ERROR: unable to add v6 addresses to system configuration" ZT_EOL_S); -#endif #endif n.setManagedIps(newManagedIps); }