Merge branch 'dev' of https://github.com/zerotier/ZeroTierOne into dev-multipath

Dockerfile.release

@@ -15,8 +15,10 @@ COPY --from=stage zerotier-one.deb .
 
 RUN dpkg -i zerotier-one.deb && rm -f zerotier-one.deb
 RUN echo "${VERSION}" >/etc/zerotier-version
+RUN rm -rf /var/lib/zerotier-one
 
 COPY entrypoint.sh.release /entrypoint.sh
 RUN chmod 755 /entrypoint.sh
 
-CMD /entrypoint.sh
+CMD []
+ENTRYPOINT ["/entrypoint.sh"]

RELEASE-NOTES.md

@@ -1,6 +1,12 @@
 ZeroTier Release Notes
 ======
 
+# 2021-04-13 -- Version 1.6.5
+
+ * Fix a bug in potential network path filtering that could in some circumstances lead to "software laser" effects.
+ * Fix a printf overflow in zerotier-cli (not exploitable or a security risk)
+ * Windows now looks up the name of ZeroTier devices instead of relying on them having "ZeroTier" in them.
+
 # 2021-02-15 -- Version 1.6.4
 
  * The groundhog saw his shadow, which meant that the "connection coma" bug still wasn't gone. We think we found it this time.

debian/changelog

@@ -1,3 +1,11 @@
+zerotier-one (1.6.5) unstable; urgency=medium
+
+  * Fix path filtering bug that could cause "software laser" effect.
+  * Fix printf overflow in CLI (not exploitable or security related)
+  * Fix Windows device enumeration issue.
+
+ -- Adam Ierymenko <[email protected]>  Tue, 13 Apr 2021 01:00:00 -0700
+
 zerotier-one (1.6.4) unstable; urgency=medium
 
   * REALLY fix a problem causing nodes to go into a "coma" with some network configurations.

entrypoint.sh.release

@@ -5,6 +5,31 @@ grepzt() {
   return $?
 }
 
+mkztfile() {
+  file=$1
+  mode=$2
+  content=$3
+
+  mkdir -p /var/lib/zerotier-one
+  echo "$content" > "/var/lib/zerotier-one/$file"
+  chmod "$mode" "/var/lib/zerotier-one/$file"
+}
+
+if [ "x$ZEROTIER_API_SECRET" != "x" ]
+then
+  mkztfile authtoken.secret 0600 "$ZEROTIER_API_SECRET"
+fi
+
+if [ "x$ZEROTIER_IDENTITY_PUBLIC" != "x" ]
+then
+  mkztfile identity.public 0644 "$ZEROTIER_IDENTITY_PUBLIC"
+fi
+
+if [ "x$ZEROTIER_IDENTITY_SECRET" != "x" ]
+then
+  mkztfile identity.secret 0600 "$ZEROTIER_IDENTITY_SECRET"
+fi
+
 echo "starting zerotier"
 setsid /usr/sbin/zerotier-one &
 
@@ -14,7 +39,7 @@ do
   sleep 1
 done
 
-echo "joining networks"
+echo "joining networks: $@"
 
 for i in "$@"
 do

ext/bin/tap-windows-ndis6/x64.old/zttap300.inf

@@ -34,7 +34,7 @@ DriverVer=08/13/2015,6.2.9200.20557
 
 [Strings]
 DeviceDescription = "ZeroTier One Virtual Port"
-Provider = "ZeroTier Networks LLC"
+Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat.
 
 ; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back!
 [Manufacturer]
@@ -70,7 +70,7 @@ AddService = zttap300,        2, zttap300.service
 
 [zttap300.reg]
 HKR, Ndi,            Service,      0, "zttap300"
-HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; 'ndis5' is correct
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
 HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
 HKR, ,               Manufacturer, 0, "%Provider%"
 HKR, ,               ProductName,  0, "%DeviceDescription%"

ext/bin/tap-windows-ndis6/x64/zttap300.inf

@@ -70,7 +70,7 @@ AddService = zttap300,        2, zttap300.service
 
 [zttap300.reg]
 HKR, Ndi,            Service,      0, "zttap300"
-HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; 'ndis5' is correct
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
 HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
 HKR, ,               Manufacturer, 0, "%Provider%"
 HKR, ,               ProductName,  0, "%DeviceDescription%"

ext/bin/tap-windows-ndis6/x86.old/zttap300.inf

@@ -34,7 +34,7 @@ DriverVer=08/13/2015,6.2.9200.20557
 
 [Strings]
 DeviceDescription = "ZeroTier One Virtual Port"
-Provider = "ZeroTier Networks LLC"
+Provider = "ZeroTier Networks LLC" ; We're ZeroTier, Inc. now but kernel mode certs are $300+ so fuqdat.
 
 ; To build for x86, take NTamd64 off this and off the named section manually, build, then put it back!
 [Manufacturer]
@@ -70,7 +70,7 @@ AddService = zttap300,        2, zttap300.service
 
 [zttap300.reg]
 HKR, Ndi,            Service,      0, "zttap300"
-HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; 'ndis5' is correct
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
 HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
 HKR, ,               Manufacturer, 0, "%Provider%"
 HKR, ,               ProductName,  0, "%DeviceDescription%"

ext/bin/tap-windows-ndis6/x86/zttap300.inf

@@ -67,7 +67,7 @@ AddService = zttap300,        2, zttap300.service
 
 [zttap300.reg]
 HKR, Ndi,            Service,      0, "zttap300"
-HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; 'ndis5' is correct
+HKR, Ndi\Interfaces, UpperRange,   0, "ndis5" ; yes, 'ndis5' is correct... yup, Windows.
 HKR, Ndi\Interfaces, LowerRange,   0, "ethernet"
 HKR, ,               Manufacturer, 0, "%Provider%"
 HKR, ,               ProductName,  0, "%DeviceDescription%"

ext/installfiles/mac/ZeroTier One.pkgproj

@@ -689,7 +689,7 @@
 				<key>USE_HFS+_COMPRESSION</key>
 				<false/>
 				<key>VERSION</key>
-				<string>1.6.4</string>
+				<string>1.6.5</string>
 			</dict>
 			<key>TYPE</key>
 			<integer>0</integer>

ext/installfiles/windows/ZeroTier One.aip

@@ -17,7 +17,6 @@
     <ROW Property="ARPHELPTELEPHONE" Value="949-505-9993"/>
     <ROW Property="ARPNOMODIFY" MultiBuildValue="DefaultBuild:1"/>
     <ROW Property="ARPNOREPAIR" Value="1" MultiBuildValue="ExeBuild:1"/>
-    <ROW Property="ARPPRODUCTICON" Value="ZeroTierIcon.exe" Type="8"/>
     <ROW Property="ARPSYSTEMCOMPONENT" Value="1"/>
     <ROW Property="ARPURLINFOABOUT" Value="https://www.zerotier.com/"/>
     <ROW Property="ARPURLUPDATEINFO" Value="https://www.zerotier.com/"/>
@@ -26,10 +25,10 @@
     <ROW Property="LIMITUI" MultiBuildValue="DefaultBuild:1"/>
     <ROW Property="MSIFASTINSTALL" MultiBuildValue="DefaultBuild:2"/>
     <ROW Property="Manufacturer" Value="ZeroTier, Inc."/>
-    <ROW Property="ProductCode" Value="1033:{1F07B39A-82D1-4F50-9C20-D9D0DB62ABF7} " Type="16"/>
+    <ROW Property="ProductCode" Value="1033:{EB928ABB-D74D-44AC-96BE-DABCBEAE9EB3} " Type="16"/>
     <ROW Property="ProductLanguage" Value="1033"/>
     <ROW Property="ProductName" Value="ZeroTier One"/>
-    <ROW Property="ProductVersion" Value="1.6.4" Type="32"/>
+    <ROW Property="ProductVersion" Value="1.6.5" Type="32"/>
     <ROW Property="REBOOT" MultiBuildValue="DefaultBuild:ReallySuppress"/>
     <ROW Property="RUNAPPLICATION" Value="1" Type="4"/>
     <ROW Property="SecureCustomProperties" Value="OLDPRODUCTS;AI_NEWERPRODUCTFOUND;AI_SETUPEXEPATH;SETUPEXEDIR"/>
@@ -62,8 +61,8 @@
     <ROW Directory="x86_pre_win10_Dir" Directory_Parent="x86_Dir" DefaultDir=".:X86_PR~1|x86_pre_win10"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiCompsComponent">
-    <ROW Component="AI_CustomARPName" ComponentId="{E75BE975-5C05-4ED1-B5C0-C7474BFA0C02}" Directory_="APPDIR" Attributes="4" KeyPath="DisplayName" Options="1"/>
-    <ROW Component="AI_DisableModify" ComponentId="{020DCABD-5D56-49B9-AF48-F07F0B55E590}" Directory_="APPDIR" Attributes="4" KeyPath="NoModify" Options="1"/>
+    <ROW Component="AI_CustomARPName" ComponentId="{3E28390A-EFBD-4C66-AC5B-0E8CC0503370}" Directory_="APPDIR" Attributes="4" KeyPath="DisplayName" Options="1"/>
+    <ROW Component="AI_DisableModify" ComponentId="{46FFA8C5-A0CB-4E05-9AD3-911D543DE8CA}" Directory_="APPDIR" Attributes="4" KeyPath="NoModify" Options="1"/>
     <ROW Component="AI_ExePath" ComponentId="{8E02B36C-7A19-429B-A93E-77A9261AC918}" Directory_="APPDIR" Attributes="4" KeyPath="AI_ExePath"/>
     <ROW Component="APPDIR" ComponentId="{4DD7907D-D7FE-4CD6-B1A0-B5C1625F5133}" Directory_="APPDIR" Attributes="0"/>
     <ROW Component="Hardcodet.Wpf.TaskbarNotification.dll" ComponentId="{BEA825AF-2555-44AF-BE40-47FFC16DCBA6}" Directory_="APPDIR" Attributes="0" Condition="ZTHEADLESS = &quot;No&quot;" KeyPath="Hardcodet.Wpf.TaskbarNotification.dll"/>
@@ -110,6 +109,9 @@
     <ROW File="zttap300.inf_3" Component_="zttap300_x86_pre_win10" FileName="zttap300.inf" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x86.old\zttap300.inf" SelfReg="false"/>
     <ROW File="zttap300.sys_1" Component_="zttap300_x86_pre_win10" FileName="zttap300.sys" Attributes="0" SourcePath="..\..\bin\tap-windows-ndis6\x86.old\zttap300.sys" SelfReg="false"/>
   </COMPONENT>
+  <COMPONENT cid="caphyon.advinst.custcomp.AiComponentAliasComponent">
+    <ROW AliasRowId="AI_CustomARPName" AliasRowOperation="2" Condition="#DefaultBuild:ZTHEADLESS=&quot;No&quot;"/>
+  </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.AiPersistentDataComponent">
     <ROW PersistentRow="segoeui.ttf" Type="0" Condition="1"/>
     <ROW PersistentRow="segoeuib.ttf" Type="0" Condition="1"/>
@@ -319,9 +321,6 @@
     <ROW Environment="Path" Name="=-*Path" Value="[~];[APPDIR]" Component_="ZeroTierOne.exe"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFeatCompsComponent">
-    <ROW Feature_="ZeroTierOne" Component_="AI_CustomARPName"/>
-    <ROW Feature_="ZeroTierOne" Component_="AI_DisableModify"/>
-    <ROW Feature_="ZeroTierOne" Component_="AI_ExePath"/>
     <ROW Feature_="ZeroTierOne" Component_="Hardcodet.Wpf.TaskbarNotification.dll"/>
     <ROW Feature_="ZeroTierOne" Component_="Newtonsoft.Json.dll"/>
     <ROW Feature_="ZeroTierOne" Component_="ProductInformation"/>
@@ -337,6 +336,9 @@
     <ROW Feature_="ZeroTierOne" Component_="zttap300_x64_win10"/>
     <ROW Feature_="ZeroTierOne" Component_="zttap300_x64_pre_win10"/>
     <ROW Feature_="ZeroTierOne" Component_="zttap300_x86_pre_win10"/>
+    <ROW Feature_="ZeroTierOne" Component_="AI_CustomARPName"/>
+    <ROW Feature_="ZeroTierOne" Component_="AI_DisableModify"/>
+    <ROW Feature_="ZeroTierOne" Component_="AI_ExePath"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiFontsComponent">
     <ROW File_="segoeui.ttf"/>
@@ -359,7 +361,6 @@
     <ROW Action="AI_DATA_SETTER_1" Condition="(REMOVE)" Sequence="3101"/>
     <ROW Action="InstallFinalize" Sequence="6600" SeqType="0" MsiKey="InstallFinalize"/>
     <ROW Action="AI_RemoveExternalUIStub" Condition="(REMOVE=&quot;ALL&quot;) AND ((VersionNT &gt; 500) OR((VersionNT = 500) AND (ServicePackLevel &gt;= 4)))" Sequence="1502"/>
-    <ROW Action="AI_GetArpIconPath" Sequence="1402"/>
     <ROW Action="TapDeviceRemove32" Condition="( Installed AND ( REMOVE = &quot;ALL&quot; OR AI_INSTALL_MODE = &quot;Remove&quot; ) AND NOT UPGRADINGPRODUCTCODE ) AND ( NOT VersionNT64 )" Sequence="1603"/>
     <ROW Action="TapDeviceRemove64" Condition="( Installed AND ( REMOVE = &quot;ALL&quot; OR AI_INSTALL_MODE = &quot;Remove&quot; ) AND NOT UPGRADINGPRODUCTCODE ) AND ( VersionNT64 )" Sequence="1604"/>
     <ROW Action="AI_FwInstall" Condition="(VersionNT &gt;= 501) AND (REMOVE &lt;&gt; &quot;ALL&quot;)" Sequence="5802"/>
@@ -379,7 +380,7 @@
     <ROW Action="AI_DeleteLzma" Condition="SETUPEXEDIR=&quot;&quot; AND Installed AND (REMOVE&lt;&gt;&quot;ALL&quot;) AND (AI_INSTALL_MODE&lt;&gt;&quot;Remove&quot;) AND (NOT PATCH)" Sequence="6594" Builds="ExeBuild"/>
     <ROW Action="TerminateUI" Sequence="1602"/>
     <ROW Action="AI_DATA_SETTER_6" Sequence="1601"/>
-    <ROW Action="AI_AiBackupImmediate" Sequence="1401"/>
+    <ROW Action="AI_AiBackupImmediate" Sequence="1402"/>
     <ROW Action="AI_AiBackupRollback" Sequence="1501"/>
     <ROW Action="AI_AiRestoreDeferred" Sequence="6595"/>
     <ROW Action="AI_EnableDebugLog" Sequence="51"/>
@@ -388,6 +389,7 @@
     <ROW Action="AI_PrepareChainers" Condition="VersionMsi &gt;= &quot;4.05&quot;" Sequence="5851"/>
     <ROW Action="AI_ExtractFiles" Sequence="1399" Builds="ExeBuild"/>
     <ROW Action="AI_DATA_SETTER_4" Sequence="1398"/>
+    <ROW Action="AI_GetArpIconPath" Sequence="1401"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiInstallUISequenceComponent">
     <ROW Action="AI_RESTORE_LOCATION" Condition="APPDIR=&quot;&quot;" Sequence="749"/>
@@ -420,21 +422,23 @@
     <ROW Registry="DisplayIcon" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="DisplayIcon" Value="[ARP_ICON_PATH]" Component_="AI_CustomARPName"/>
     <ROW Registry="DisplayName" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="DisplayName" Value="[AI_PRODUCTNAME_ARP]" Component_="AI_CustomARPName"/>
     <ROW Registry="DisplayVersion" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="DisplayVersion" Value="[ProductVersion]" Component_="AI_CustomARPName"/>
+    <ROW Registry="EstimatedSize" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="EstimatedSize" Value="#[AI_ARP_SIZE]" Component_="AI_CustomARPName" VirtualValue="#"/>
     <ROW Registry="HelpLink" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="HelpLink" Value="[ARPHELPLINK]" Component_="AI_CustomARPName"/>
     <ROW Registry="HelpTelephone" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="HelpTelephone" Value="[ARPHELPTELEPHONE]" Component_="AI_CustomARPName"/>
     <ROW Registry="InstallLocation" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="InstallLocation" Value="[APPDIR]" Component_="AI_CustomARPName"/>
-    <ROW Registry="ModifyPath" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="ModifyPath" Value="[AI_UNINSTALLER] /I [ProductCode]" Component_="AI_CustomARPName"/>
+    <ROW Registry="ModifyPath" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="ModifyPath" Value="[AI_UNINSTALLER] /i [ProductCode] AI_UNINSTALLER_CTP=1" Component_="AI_CustomARPName"/>
     <ROW Registry="NoModify" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="NoModify" Value="#1" Component_="AI_DisableModify" VirtualValue="#"/>
     <ROW Registry="NoRepair" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="NoRepair" Value="#1" Component_="AI_CustomARPName" VirtualValue="#"/>
     <ROW Registry="Path" Root="-1" Key="Software\[Manufacturer]\[ProductName]" Name="Path" Value="[APPDIR]" Component_="ProductInformation"/>
     <ROW Registry="Publisher" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="Publisher" Value="[Manufacturer]" Component_="AI_CustomARPName"/>
+    <ROW Registry="Readme" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="Readme" Value="[ARPREADME]" Component_="AI_CustomARPName"/>
     <ROW Registry="URLInfoAbout" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="URLInfoAbout" Value="[ARPURLINFOABOUT]" Component_="AI_CustomARPName"/>
     <ROW Registry="URLUpdateInfo" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="URLUpdateInfo" Value="[ARPURLUPDATEINFO]" Component_="AI_CustomARPName"/>
     <ROW Registry="UninstallPath" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="UninstallPath" Value="[AI_UNINSTALLER] /x [ProductCode] AI_UNINSTALLER_CTP=1" Component_="AI_CustomARPName"/>
     <ROW Registry="UninstallString" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="UninstallString" Value="[AI_UNINSTALLER] /x [ProductCode] AI_UNINSTALLER_CTP=1" Component_="AI_CustomARPName"/>
     <ROW Registry="Version" Root="-1" Key="Software\[Manufacturer]\[ProductName]" Name="Version" Value="[ProductVersion]" Component_="ProductInformation"/>
-    <ROW Registry="VersionMajor" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="VersionMajor" Value="#0" Component_="AI_CustomARPName" VirtualValue="#"/>
-    <ROW Registry="VersionMinor" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="VersionMinor" Value="#7" Component_="AI_CustomARPName" VirtualValue="#"/>
+    <ROW Registry="VersionMajor" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="VersionMajor" Value="#1" Component_="AI_CustomARPName" VirtualValue="#"/>
+    <ROW Registry="VersionMinor" Root="-1" Key="Software\Microsoft\Windows\CurrentVersion\Uninstall\[ProductName] [ProductVersion]" Name="VersionMinor" Value="#6" Component_="AI_CustomARPName" VirtualValue="#"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.MsiServCtrlComponent">
     <ROW ServiceControl="zerotierone_x64.exe" Name="ZeroTierOneService" Event="163" Wait="1" Component_="zerotierone_x64.exe"/>
@@ -479,7 +483,7 @@
     <ROW XmlAttribute="xsischemaLocation" XmlElement="swidsoftware_identification_tag" Name="xsi:schemaLocation" Flags="14" Order="3" Value="http://standards.iso.org/iso/19770/-2/2008/schema.xsd software_identification_tag.xsd"/>
   </COMPONENT>
   <COMPONENT cid="caphyon.advinst.msicomp.XmlElementComponent">
-    <ROW XmlElement="swidbuild" ParentElement="swidnumeric" Name="swid:build" Condition="1" Order="2" Flags="14" Text="4" UpdateIndexInParent="0"/>
+    <ROW XmlElement="swidbuild" ParentElement="swidnumeric" Name="swid:build" Condition="1" Order="2" Flags="14" Text="5" UpdateIndexInParent="0"/>
     <ROW XmlElement="swidentitlement_required_indicator" ParentElement="swidsoftware_identification_tag" Name="swid:entitlement_required_indicator" Condition="1" Order="0" Flags="14" Text="false" UpdateIndexInParent="0"/>
     <ROW XmlElement="swidmajor" ParentElement="swidnumeric" Name="swid:major" Condition="1" Order="0" Flags="14" Text="1" UpdateIndexInParent="0"/>
     <ROW XmlElement="swidminor" ParentElement="swidnumeric" Name="swid:minor" Condition="1" Order="1" Flags="14" Text="6" UpdateIndexInParent="0"/>

osdep/LinuxEthernetTap.cpp

@@ -207,6 +207,15 @@ LinuxEthernetTap::LinuxEthernetTap(
 					printf("WARNING: ioctl() failed setting up Linux tap device (bring interface up)\n");
 					return;
 				}
+
+				ifr.ifr_ifru.ifru_hwaddr.sa_family = ARPHRD_ETHER;
+				_mac.copyTo(ifr.ifr_ifru.ifru_hwaddr.sa_data,6);
+				if (ioctl(sock,SIOCSIFHWADDR,(void *)&ifr) < 0) {
+					::close(sock);
+					printf("WARNING: ioctl() failed setting up Linux tap device (set MAC)\n");
+					return;
+				}
+
 				ifr.ifr_flags |= IFF_UP;
 				if (ioctl(sock,SIOCSIFFLAGS,(void *)&ifr) < 0) {
 					::close(sock);
@@ -220,14 +229,6 @@ LinuxEthernetTap::LinuxEthernetTap(
 				// main ZeroTier loop.
 				usleep(500000);
 
-				ifr.ifr_ifru.ifru_hwaddr.sa_family = ARPHRD_ETHER;
-				_mac.copyTo(ifr.ifr_ifru.ifru_hwaddr.sa_data,6);
-				if (ioctl(sock,SIOCSIFHWADDR,(void *)&ifr) < 0) {
-					::close(sock);
-					printf("WARNING: ioctl() failed setting up Linux tap device (set MAC)\n");
-					return;
-				}
-
 				ifr.ifr_ifru.ifru_mtu = (int)_mtu;
 				if (ioctl(sock,SIOCSIFMTU,(void *)&ifr) < 0) {
 					::close(sock);

osdep/MacDNSHelper.mm

@@ -39,18 +39,27 @@ void MacDNSHelper::setDNS(uint64_t nwid, const char *domain, const std::vector<I
     sprintf(buf, "State:/Network/Service/%.16llx/DNS", nwid);
     CFStringRef key = CFStringCreateWithCString(NULL, buf, kCFStringEncodingUTF8);
     CFArrayRef list = SCDynamicStoreCopyKeyList(ds, key);
-
     CFIndex i = 0, j = CFArrayGetCount(list);
-    bool ret = TRUE;
-    if (j <= 0) {
-        ret &= SCDynamicStoreAddValue(ds, key, dict);
-    } else {
-        ret &= SCDynamicStoreSetValue(ds, (CFStringRef)CFArrayGetValueAtIndex(list, i), dict);
+    bool dnsServersChanged = true;
+    CFPropertyListRef oldDNSServers = NULL;
+    if (j > 0) {
+        oldDNSServers = SCDynamicStoreCopyValue(ds, (CFStringRef)CFArrayGetValueAtIndex(list, i));
+        dnsServersChanged = !CFEqual(oldDNSServers,dict);
     }
-    if (!ret) {
-        fprintf(stderr, "Error writing DNS configuration\n");
+    if (dnsServersChanged) {
+        bool ret = TRUE;
+        if (j <= 0) {
+            ret &= SCDynamicStoreAddValue(ds, key, dict);
+        } else {
+            ret &= SCDynamicStoreSetValue(ds, (CFStringRef)CFArrayGetValueAtIndex(list, i), dict);
+        }
+        if (!ret) {
+            fprintf(stderr, "Error writing DNS configuration\n");
+        }
+    }
+    if (oldDNSServers != NULL) {
+        CFRelease(oldDNSServers);
     }
-
     CFRelease(list);
     CFRelease(key);
     CFRelease(dict);
@@ -63,8 +72,8 @@ void MacDNSHelper::setDNS(uint64_t nwid, const char *domain, const std::vector<I
     delete[] s;
     CFRelease(ds);
 }
-    
-void MacDNSHelper::removeDNS(uint64_t nwid) 
+
+void MacDNSHelper::removeDNS(uint64_t nwid)
 {
     SCDynamicStoreRef ds = SCDynamicStoreCreate(NULL, CFSTR("zerotier"), NULL, NULL);
 

osdep/MacEthernetTapAgent.c

@@ -64,6 +64,7 @@
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 #include <sys/sysctl.h>
+#include <sys/resource.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <net/bpf.h>
@@ -181,6 +182,14 @@ static void die()
 		run("/sbin/ifconfig",s_peerDeviceName,"destroy",(char *)0);
 }
 
+static inline void close_inherited_fds()
+{
+	struct rlimit lim;
+	getrlimit(RLIMIT_NOFILE, &lim);
+	for (int i=3,j=(int)lim.rlim_cur;i<j;++i)
+		close(i);
+}
+
 int main(int argc,char **argv)
 {
 	char buf[128];
@@ -206,6 +215,8 @@ int main(int argc,char **argv)
 	signal(SIGINT,&exit);
 	signal(SIGPIPE,&exit);
 
+	close_inherited_fds();
+
 	if (getuid() != 0) {
 		if (setuid(0) != 0) {
 			fprintf(stderr,"E must be run as root or with root setuid bit on executable\n");

version.h

@@ -27,7 +27,7 @@
 /**
  * Revision
  */
-#define ZEROTIER_ONE_VERSION_REVISION 4
+#define ZEROTIER_ONE_VERSION_REVISION 5
 
 /**
  * Build version

windows/WinUI/AboutView.xaml

@@ -19,7 +19,7 @@
                     <Run Text="ZeroTier One"/>
                 </Paragraph>
                 <Paragraph TextAlignment="Center">
-                    <Run FontSize="14" Text="Version 1.6.4"/>
+                    <Run FontSize="14" Text="Version 1.6.5"/>
                     <LineBreak/>
                     <Run FontSize="14" Text="(c) 2011-2021 ZeroTier, Inc."/>
                     <LineBreak/>

zerotier-one.spec

@@ -1,5 +1,5 @@
 Name:           zerotier-one
-Version:        1.6.4
+Version:        1.6.5
 Release:        1%{?dist}
 Summary:        ZeroTier network virtualization service
 
@@ -152,6 +152,9 @@ esac
 %endif
 
 %changelog
+* Tue Apr 13 2021 Adam Ierymenko <[email protected]> - 1.6.5
+- see https://github.com/zerotier/ZeroTierOne for release notes
+
 * Mon Feb 15 2021 Adam Ierymenko <[email protected]> - 1.6.4
 - see https://github.com/zerotier/ZeroTierOne for release notes