Message ID | 20220107145359.311-1-lstipakov@gmail.com |
---|---|
State | Awaiting Upstream |
Headers | show |
Series | [Openvpn-devel,2.5] msvc: adjust build options to harden binaries | expand |
Hi Ilja, Is there any chance you could have a look at this patch? pe 7. tammik. 2022 klo 16.54 Lev Stipakov (lstipakov@gmail.com) kirjoitti: > > From: Lev Stipakov <lev@openvpn.net> > > - enable hardware-enforced stack protection on > compatible hardware/software (/CETCOMPAT linker option) > > - hash object files with SHA256 (/ZH:SHA_256 compiler option) > > - enable SDL. The required to add > > _CRT_NONSTDC_NO_DEPRECATE > _CRT_SECURE_NO_WARNINGS > _WINSOCK_DEPRECATED_NO_WARNINGS > > preprocessor definitions. I don't feel like replacing strdup (which is > correct POSIX function) and inet_ntoa (we always pass IPv4 address to > it, inet_ntop will make code more complex) > > Above issues were discovered by bitskim. > > Signed-off-by: Lev Stipakov <lev@openvpn.net> > --- > > Note that one needs to cherry-pick commit > > "e5e9a07" (tapctl: Resolve MSVC C4996 warnings) > > before applying this patch. > > src/openvpn/openvpn.vcxproj | 35 +++++++++++------ > src/openvpnmsica/openvpnmsica.vcxproj | 43 +++++++++++++++++++++ > src/openvpnserv/openvpnserv.vcxproj | 26 ++++++++++--- > src/tapctl/tapctl.vcxproj | 54 ++++++++++++++++++++++++--- > 4 files changed, 134 insertions(+), 24 deletions(-) > > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj > index 33b8f19a..a540ec22 100644 > --- a/src/openvpn/openvpn.vcxproj > +++ b/src/openvpn/openvpn.vcxproj > @@ -147,11 +147,12 @@ > </PropertyGroup> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > <ClCompile> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > - <WarningLevel>Level2</WarningLevel> > <TreatWarningAsError>true</TreatWarningAsError> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > + <WarningLevel>Level2</WarningLevel> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > @@ -162,11 +163,12 @@ > </ItemDefinitionGroup> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > <ClCompile> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > - <WarningLevel>Level2</WarningLevel> > <TreatWarningAsError>true</TreatWarningAsError> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir)include;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > + <WarningLevel>Level2</WarningLevel> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > @@ -177,11 +179,12 @@ > </ItemDefinitionGroup> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > <ClCompile> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > - <WarningLevel>Level2</WarningLevel> > <TreatWarningAsError>true</TreatWarningAsError> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > + <WarningLevel>Level2</WarningLevel> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > @@ -192,44 +195,52 @@ > </ItemDefinitionGroup> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > <ClCompile> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > - <WarningLevel>Level2</WarningLevel> > <TreatWarningAsError>true</TreatWarningAsError> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > <ControlFlowGuard>Guard</ControlFlowGuard> > + <WarningLevel>Level2</WarningLevel> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <SDLCheck>true</SDLCheck> > </ClCompile> > <ResourceCompile /> > <Link> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > <ClCompile> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > - <WarningLevel>Level2</WarningLevel> > <TreatWarningAsError>true</TreatWarningAsError> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > <ControlFlowGuard>Guard</ControlFlowGuard> > + <SDLCheck>true</SDLCheck> > + <WarningLevel>Level2</WarningLevel> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > <ClCompile> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > - <WarningLevel>Level2</WarningLevel> > <TreatWarningAsError>true</TreatWarningAsError> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > <ControlFlowGuard>Guard</ControlFlowGuard> > + <WarningLevel>Level2</WarningLevel> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <SDLCheck>true</SDLCheck> > </ClCompile> > <ResourceCompile /> > <Link> > diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj > index 11aa78bb..5e774430 100644 > --- a/src/openvpnmsica/openvpnmsica.vcxproj > +++ b/src/openvpnmsica/openvpnmsica.vcxproj > @@ -135,6 +135,49 @@ > <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > <VcpkgEnabled>true</VcpkgEnabled> > </PropertyGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + <ClCompile> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + <ClCompile> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <SDLCheck>true</SDLCheck> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > + <ClCompile> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > + <ClCompile> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > + <ClCompile> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > + <ClCompile> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > <ItemGroup> > <ClCompile Include="..\tapctl\error.c" /> > <ClCompile Include="..\tapctl\tap.c" /> > diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj > index 520242f4..c70db229 100644 > --- a/src/openvpnserv/openvpnserv.vcxproj > +++ b/src/openvpnserv/openvpnserv.vcxproj > @@ -124,7 +124,9 @@ > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > <ClCompile> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > @@ -135,7 +137,9 @@ > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > <ClCompile> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > @@ -146,7 +150,9 @@ > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > <ClCompile> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > @@ -157,29 +163,37 @@ > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > <ClCompile> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > <ClCompile> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > <ClCompile> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > </ClCompile> > <ResourceCompile /> > <Link> > diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj > index 79da9d33..f439dc4f 100644 > --- a/src/tapctl/tapctl.vcxproj > +++ b/src/tapctl/tapctl.vcxproj > @@ -135,12 +135,54 @@ > <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > <VcpkgEnabled>true</VcpkgEnabled> > </PropertyGroup> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" /> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" /> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" /> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" /> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" /> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > + <ClCompile> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > + <ClCompile> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > + <ClCompile> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > + <ClCompile> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > + <ClCompile> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + <ClCompile> > + <SDLCheck>true</SDLCheck> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > + </ClCompile> > + </ItemDefinitionGroup> > <ItemGroup> > <ClCompile Include="error.c" /> > <ClCompile Include="tap.c" /> > -- > 2.23.0.windows.1 > -- -Lev
Sorry, I did not catch that you have been waiting for me. I'll have a look in couple of days ср, 9 февр. 2022 г. в 15:07, Lev Stipakov <lstipakov@gmail.com>: > Hi Ilja, > > Is there any chance you could have a look at this patch? > > > pe 7. tammik. 2022 klo 16.54 Lev Stipakov (lstipakov@gmail.com) kirjoitti: > > > > From: Lev Stipakov <lev@openvpn.net> > > > > - enable hardware-enforced stack protection on > > compatible hardware/software (/CETCOMPAT linker option) > > > > - hash object files with SHA256 (/ZH:SHA_256 compiler option) > > > > - enable SDL. The required to add > > > > _CRT_NONSTDC_NO_DEPRECATE > > _CRT_SECURE_NO_WARNINGS > > _WINSOCK_DEPRECATED_NO_WARNINGS > > > > preprocessor definitions. I don't feel like replacing strdup (which is > > correct POSIX function) and inet_ntoa (we always pass IPv4 address to > > it, inet_ntop will make code more complex) > > > > Above issues were discovered by bitskim. > > > > Signed-off-by: Lev Stipakov <lev@openvpn.net> > > --- > > > > Note that one needs to cherry-pick commit > > > > "e5e9a07" (tapctl: Resolve MSVC C4996 warnings) > > > > before applying this patch. > > > > src/openvpn/openvpn.vcxproj | 35 +++++++++++------ > > src/openvpnmsica/openvpnmsica.vcxproj | 43 +++++++++++++++++++++ > > src/openvpnserv/openvpnserv.vcxproj | 26 ++++++++++--- > > src/tapctl/tapctl.vcxproj | 54 ++++++++++++++++++++++++--- > > 4 files changed, 134 insertions(+), 24 deletions(-) > > > > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj > > index 33b8f19a..a540ec22 100644 > > --- a/src/openvpn/openvpn.vcxproj > > +++ b/src/openvpn/openvpn.vcxproj > > @@ -147,11 +147,12 @@ > > </PropertyGroup> > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > > <ClCompile> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > > - <WarningLevel>Level2</WarningLevel> > > <TreatWarningAsError>true</TreatWarningAsError> > > > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > + <WarningLevel>Level2</WarningLevel> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > @@ -162,11 +163,12 @@ > > </ItemDefinitionGroup> > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > > <ClCompile> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > > - <WarningLevel>Level2</WarningLevel> > > <TreatWarningAsError>true</TreatWarningAsError> > > > <AdditionalIncludeDirectories>..\compat;$(SolutionDir)include;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > + <WarningLevel>Level2</WarningLevel> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > @@ -177,11 +179,12 @@ > > </ItemDefinitionGroup> > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > > <ClCompile> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > > - <WarningLevel>Level2</WarningLevel> > > <TreatWarningAsError>true</TreatWarningAsError> > > > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > + <WarningLevel>Level2</WarningLevel> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > @@ -192,44 +195,52 @@ > > </ItemDefinitionGroup> > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > > <ClCompile> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > > - <WarningLevel>Level2</WarningLevel> > > <TreatWarningAsError>true</TreatWarningAsError> > > > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > <ControlFlowGuard>Guard</ControlFlowGuard> > > + <WarningLevel>Level2</WarningLevel> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + <SDLCheck>true</SDLCheck> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > > > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > > <SubSystem>Console</SubSystem> > > + <CETCompat>true</CETCompat> > > </Link> > > </ItemDefinitionGroup> > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > > <ClCompile> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > > - <WarningLevel>Level2</WarningLevel> > > <TreatWarningAsError>true</TreatWarningAsError> > > > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > <ControlFlowGuard>Guard</ControlFlowGuard> > > + <SDLCheck>true</SDLCheck> > > + <WarningLevel>Level2</WarningLevel> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > > > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > > <SubSystem>Console</SubSystem> > > + <CETCompat>true</CETCompat> > > </Link> > > </ItemDefinitionGroup> > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > > <ClCompile> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> > > - <WarningLevel>Level2</WarningLevel> > > <TreatWarningAsError>true</TreatWarningAsError> > > > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > <ControlFlowGuard>Guard</ControlFlowGuard> > > + <WarningLevel>Level2</WarningLevel> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + <SDLCheck>true</SDLCheck> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > diff --git a/src/openvpnmsica/openvpnmsica.vcxproj > b/src/openvpnmsica/openvpnmsica.vcxproj > > index 11aa78bb..5e774430 100644 > > --- a/src/openvpnmsica/openvpnmsica.vcxproj > > +++ b/src/openvpnmsica/openvpnmsica.vcxproj > > @@ -135,6 +135,49 @@ > > <PropertyGroup Label="Vcpkg" > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > > <VcpkgEnabled>true</VcpkgEnabled> > > </PropertyGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > > + <Link> > > + <CETCompat>true</CETCompat> > > + </Link> > > + <ClCompile> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > > + <Link> > > + <CETCompat>true</CETCompat> > > + </Link> > > + <ClCompile> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + <SDLCheck>true</SDLCheck> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > > + <ClCompile> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > > + <ClCompile> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > > + <ClCompile> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > > + <ClCompile> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > <ItemGroup> > > <ClCompile Include="..\tapctl\error.c" /> > > <ClCompile Include="..\tapctl\tap.c" /> > > diff --git a/src/openvpnserv/openvpnserv.vcxproj > b/src/openvpnserv/openvpnserv.vcxproj > > index 520242f4..c70db229 100644 > > --- a/src/openvpnserv/openvpnserv.vcxproj > > +++ b/src/openvpnserv/openvpnserv.vcxproj > > @@ -124,7 +124,9 @@ > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > > <ClCompile> > > > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > @@ -135,7 +137,9 @@ > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > > <ClCompile> > > > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > @@ -146,7 +150,9 @@ > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > > <ClCompile> > > > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > @@ -157,29 +163,37 @@ > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > > <ClCompile> > > > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > > <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > > <SubSystem>Console</SubSystem> > > + <CETCompat>true</CETCompat> > > </Link> > > </ItemDefinitionGroup> > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > > <ClCompile> > > > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > > <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > > <SubSystem>Console</SubSystem> > > + <CETCompat>true</CETCompat> > > </Link> > > </ItemDefinitionGroup> > > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > > <ClCompile> > > > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> > > - > <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + > <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > </ClCompile> > > <ResourceCompile /> > > <Link> > > diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj > > index 79da9d33..f439dc4f 100644 > > --- a/src/tapctl/tapctl.vcxproj > > +++ b/src/tapctl/tapctl.vcxproj > > @@ -135,12 +135,54 @@ > > <PropertyGroup Label="Vcpkg" > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > > <VcpkgEnabled>true</VcpkgEnabled> > > </PropertyGroup> > > - <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" /> > > - <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" /> > > - <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" /> > > - <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" /> > > - <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" /> > > - <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > > + <ClCompile> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > > + <ClCompile> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > > + <ClCompile> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > > + <ClCompile> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + <Link> > > + <CETCompat>true</CETCompat> > > + </Link> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > > + <ClCompile> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > > + <Link> > > + <CETCompat>true</CETCompat> > > + </Link> > > + <ClCompile> > > + <SDLCheck>true</SDLCheck> > > + <AdditionalOptions>/ZH:SHA_256 > %(AdditionalOptions)</AdditionalOptions> > > + > <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> > > + </ClCompile> > > + </ItemDefinitionGroup> > > <ItemGroup> > > <ClCompile Include="error.c" /> > > <ClCompile Include="tap.c" /> > > -- > > 2.23.0.windows.1 > > > > > -- > -Lev > <div dir="ltr">Sorry, I did not catch that you have been waiting for me. <div>I'll have a look in couple of days</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 9 февр. 2022 г. в 15:07, Lev Stipakov <<a href="mailto:lstipakov@gmail.com">lstipakov@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Ilja,<br> <br> Is there any chance you could have a look at this patch?<br> <br> <br> pe 7. tammik. 2022 klo 16.54 Lev Stipakov (<a href="mailto:lstipakov@gmail.com" target="_blank">lstipakov@gmail.com</a>) kirjoitti:<br> ><br> > From: Lev Stipakov <<a href="mailto:lev@openvpn.net" target="_blank">lev@openvpn.net</a>><br> ><br> > - enable hardware-enforced stack protection on<br> > compatible hardware/software (/CETCOMPAT linker option)<br> ><br> > - hash object files with SHA256 (/ZH:SHA_256 compiler option)<br> ><br> > - enable SDL. The required to add<br> ><br> > _CRT_NONSTDC_NO_DEPRECATE<br> > _CRT_SECURE_NO_WARNINGS<br> > _WINSOCK_DEPRECATED_NO_WARNINGS<br> ><br> > preprocessor definitions. I don't feel like replacing strdup (which is<br> > correct POSIX function) and inet_ntoa (we always pass IPv4 address to<br> > it, inet_ntop will make code more complex)<br> ><br> > Above issues were discovered by bitskim.<br> ><br> > Signed-off-by: Lev Stipakov <<a href="mailto:lev@openvpn.net" target="_blank">lev@openvpn.net</a>><br> > ---<br> ><br> > Note that one needs to cherry-pick commit<br> ><br> > "e5e9a07" (tapctl: Resolve MSVC C4996 warnings)<br> ><br> > before applying this patch.<br> ><br> > src/openvpn/openvpn.vcxproj | 35 +++++++++++------<br> > src/openvpnmsica/openvpnmsica.vcxproj | 43 +++++++++++++++++++++<br> > src/openvpnserv/openvpnserv.vcxproj | 26 ++++++++++---<br> > src/tapctl/tapctl.vcxproj | 54 ++++++++++++++++++++++++---<br> > 4 files changed, 134 insertions(+), 24 deletions(-)<br> ><br> > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj<br> > index 33b8f19a..a540ec22 100644<br> > --- a/src/openvpn/openvpn.vcxproj<br> > +++ b/src/openvpn/openvpn.vcxproj<br> > @@ -147,11 +147,12 @@<br> > </PropertyGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -162,11 +163,12 @@<br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir)include;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -177,11 +179,12 @@<br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -192,44 +195,52 @@<br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > <ControlFlowGuard>Guard</ControlFlowGuard><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <SDLCheck>true</SDLCheck><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> > <SubSystem>Console</SubSystem><br> > + <CETCompat>true</CETCompat><br> > </Link><br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > <ControlFlowGuard>Guard</ControlFlowGuard><br> > + <SDLCheck>true</SDLCheck><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> > <SubSystem>Console</SubSystem><br> > + <CETCompat>true</CETCompat><br> > </Link><br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > <ControlFlowGuard>Guard</ControlFlowGuard><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <SDLCheck>true</SDLCheck><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj<br> > index 11aa78bb..5e774430 100644<br> > --- a/src/openvpnmsica/openvpnmsica.vcxproj<br> > +++ b/src/openvpnmsica/openvpnmsica.vcxproj<br> > @@ -135,6 +135,49 @@<br> > <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > <VcpkgEnabled>true</VcpkgEnabled><br> > </PropertyGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > + <Link><br> > + <CETCompat>true</CETCompat><br> > + </Link><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> > + <Link><br> > + <CETCompat>true</CETCompat><br> > + </Link><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <SDLCheck>true</SDLCheck><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > <ItemGroup><br> > <ClCompile Include="..\tapctl\error.c" /><br> > <ClCompile Include="..\tapctl\tap.c" /><br> > diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj<br> > index 520242f4..c70db229 100644<br> > --- a/src/openvpnserv/openvpnserv.vcxproj<br> > +++ b/src/openvpnserv/openvpnserv.vcxproj<br> > @@ -124,7 +124,9 @@<br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -135,7 +137,9 @@<br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -146,7 +150,9 @@<br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -157,29 +163,37 @@<br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> > <SubSystem>Console</SubSystem><br> > + <CETCompat>true</CETCompat><br> > </Link><br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> > <SubSystem>Console</SubSystem><br> > + <CETCompat>true</CETCompat><br> > </Link><br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj<br> > index 79da9d33..f439dc4f 100644<br> > --- a/src/tapctl/tapctl.vcxproj<br> > +++ b/src/tapctl/tapctl.vcxproj<br> > @@ -135,12 +135,54 @@<br> > <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > <VcpkgEnabled>true</VcpkgEnabled><br> > </PropertyGroup><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + <Link><br> > + <CETCompat>true</CETCompat><br> > + </Link><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > + <Link><br> > + <CETCompat>true</CETCompat><br> > + </Link><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > <ItemGroup><br> > <ClCompile Include="error.c" /><br> > <ClCompile Include="tap.c" /><br> > --<br> > 2.23.0.windows.1<br> ><br> <br> <br> --<br> -Lev<br> </blockquote></div>
original patch does not apply C:\i\openvpn-chipitsine-2.5>"C:\Program Files\Git\usr\bin\patch.exe" -p1 < c:\users\ilia\Downloads\Openvpn-devel-2.5-msvc-adjust-build-options-to-harden-binaries.diff patching file src/openvpn/openvpn.vcxproj Hunk #1 FAILED at 147. Hunk #2 FAILED at 162. Hunk #3 FAILED at 177. Hunk #4 FAILED at 192. 4 out of 4 hunks FAILED -- saving rejects to file src/openvpn/openvpn.vcxproj.rej patching file src/openvpnmsica/openvpnmsica.vcxproj patching file src/openvpnserv/openvpnserv.vcxproj patching file src/tapctl/tapctl.vcxproj I tried to apply manually: test · chipitsine/openvpn@eeff765 (github.com) <https://github.com/chipitsine/openvpn/commit/eeff76551238b0194e72953b916c4481aab5f303> minor build issues still there: test · chipitsine/openvpn@eeff765 (github.com) <https://github.com/chipitsine/openvpn/runs/5226889392?check_suite_focus=true> also, I have a question on <SDLCheck>true</SDLCheck>, in your patch it is not applied to all configurations, but to few of them. is it on purpose ? ср, 9 февр. 2022 г. в 15:16, Илья Шипицин <chipitsine@gmail.com>: > Sorry, I did not catch that you have been waiting for me. > I'll have a look in couple of days > > ср, 9 февр. 2022 г. в 15:07, Lev Stipakov <lstipakov@gmail.com>: > >> Hi Ilja, >> >> Is there any chance you could have a look at this patch? >> >> >> pe 7. tammik. 2022 klo 16.54 Lev Stipakov (lstipakov@gmail.com) >> kirjoitti: >> > >> > From: Lev Stipakov <lev@openvpn.net> >> > >> > - enable hardware-enforced stack protection on >> > compatible hardware/software (/CETCOMPAT linker option) >> > >> > - hash object files with SHA256 (/ZH:SHA_256 compiler option) >> > >> > - enable SDL. The required to add >> > >> > _CRT_NONSTDC_NO_DEPRECATE >> > _CRT_SECURE_NO_WARNINGS >> > _WINSOCK_DEPRECATED_NO_WARNINGS >> > >> > preprocessor definitions. I don't feel like replacing strdup (which is >> > correct POSIX function) and inet_ntoa (we always pass IPv4 address to >> > it, inet_ntop will make code more complex) >> > >> > Above issues were discovered by bitskim. >> > >> > Signed-off-by: Lev Stipakov <lev@openvpn.net> >> > --- >> > >> > Note that one needs to cherry-pick commit >> > >> > "e5e9a07" (tapctl: Resolve MSVC C4996 warnings) >> > >> > before applying this patch. >> > >> > src/openvpn/openvpn.vcxproj | 35 +++++++++++------ >> > src/openvpnmsica/openvpnmsica.vcxproj | 43 +++++++++++++++++++++ >> > src/openvpnserv/openvpnserv.vcxproj | 26 ++++++++++--- >> > src/tapctl/tapctl.vcxproj | 54 ++++++++++++++++++++++++--- >> > 4 files changed, 134 insertions(+), 24 deletions(-) >> > >> > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj >> > index 33b8f19a..a540ec22 100644 >> > --- a/src/openvpn/openvpn.vcxproj >> > +++ b/src/openvpn/openvpn.vcxproj >> > @@ -147,11 +147,12 @@ >> > </PropertyGroup> >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> > <ClCompile> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > >> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> >> > - <WarningLevel>Level2</WarningLevel> >> > <TreatWarningAsError>true</TreatWarningAsError> >> > >> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > + <WarningLevel>Level2</WarningLevel> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > @@ -162,11 +163,12 @@ >> > </ItemDefinitionGroup> >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> > <ClCompile> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > >> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> >> > - <WarningLevel>Level2</WarningLevel> >> > <TreatWarningAsError>true</TreatWarningAsError> >> > >> <AdditionalIncludeDirectories>..\compat;$(SolutionDir)include;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > + <WarningLevel>Level2</WarningLevel> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > @@ -177,11 +179,12 @@ >> > </ItemDefinitionGroup> >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> > <ClCompile> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > >> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> >> > - <WarningLevel>Level2</WarningLevel> >> > <TreatWarningAsError>true</TreatWarningAsError> >> > >> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > + <WarningLevel>Level2</WarningLevel> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > @@ -192,44 +195,52 @@ >> > </ItemDefinitionGroup> >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> > <ClCompile> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > >> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> >> > - <WarningLevel>Level2</WarningLevel> >> > <TreatWarningAsError>true</TreatWarningAsError> >> > >> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > <ControlFlowGuard>Guard</ControlFlowGuard> >> > + <WarningLevel>Level2</WarningLevel> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + <SDLCheck>true</SDLCheck> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> > >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> > <SubSystem>Console</SubSystem> >> > + <CETCompat>true</CETCompat> >> > </Link> >> > </ItemDefinitionGroup> >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> > <ClCompile> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > >> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> >> > - <WarningLevel>Level2</WarningLevel> >> > <TreatWarningAsError>true</TreatWarningAsError> >> > >> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > <ControlFlowGuard>Guard</ControlFlowGuard> >> > + <SDLCheck>true</SDLCheck> >> > + <WarningLevel>Level2</WarningLevel> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> > >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> > <SubSystem>Console</SubSystem> >> > + <CETCompat>true</CETCompat> >> > </Link> >> > </ItemDefinitionGroup> >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> > <ClCompile> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > >> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> >> > - <WarningLevel>Level2</WarningLevel> >> > <TreatWarningAsError>true</TreatWarningAsError> >> > >> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > <ControlFlowGuard>Guard</ControlFlowGuard> >> > + <WarningLevel>Level2</WarningLevel> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + <SDLCheck>true</SDLCheck> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > diff --git a/src/openvpnmsica/openvpnmsica.vcxproj >> b/src/openvpnmsica/openvpnmsica.vcxproj >> > index 11aa78bb..5e774430 100644 >> > --- a/src/openvpnmsica/openvpnmsica.vcxproj >> > +++ b/src/openvpnmsica/openvpnmsica.vcxproj >> > @@ -135,6 +135,49 @@ >> > <PropertyGroup Label="Vcpkg" >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> > <VcpkgEnabled>true</VcpkgEnabled> >> > </PropertyGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> > + <Link> >> > + <CETCompat>true</CETCompat> >> > + </Link> >> > + <ClCompile> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> > + <Link> >> > + <CETCompat>true</CETCompat> >> > + </Link> >> > + <ClCompile> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + <SDLCheck>true</SDLCheck> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> > + <ClCompile> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> > + <ClCompile> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> > + <ClCompile> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> > + <ClCompile> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > <ItemGroup> >> > <ClCompile Include="..\tapctl\error.c" /> >> > <ClCompile Include="..\tapctl\tap.c" /> >> > diff --git a/src/openvpnserv/openvpnserv.vcxproj >> b/src/openvpnserv/openvpnserv.vcxproj >> > index 520242f4..c70db229 100644 >> > --- a/src/openvpnserv/openvpnserv.vcxproj >> > +++ b/src/openvpnserv/openvpnserv.vcxproj >> > @@ -124,7 +124,9 @@ >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> > <ClCompile> >> > >> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > @@ -135,7 +137,9 @@ >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> > <ClCompile> >> > >> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > @@ -146,7 +150,9 @@ >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> > <ClCompile> >> > >> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > @@ -157,29 +163,37 @@ >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> > <ClCompile> >> > >> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > >> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> > <SubSystem>Console</SubSystem> >> > + <CETCompat>true</CETCompat> >> > </Link> >> > </ItemDefinitionGroup> >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> > <ClCompile> >> > >> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > >> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> > <SubSystem>Console</SubSystem> >> > + <CETCompat>true</CETCompat> >> > </Link> >> > </ItemDefinitionGroup> >> > <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> > <ClCompile> >> > >> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> >> > - >> <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + >> <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > </ClCompile> >> > <ResourceCompile /> >> > <Link> >> > diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj >> > index 79da9d33..f439dc4f 100644 >> > --- a/src/tapctl/tapctl.vcxproj >> > +++ b/src/tapctl/tapctl.vcxproj >> > @@ -135,12 +135,54 @@ >> > <PropertyGroup Label="Vcpkg" >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> > <VcpkgEnabled>true</VcpkgEnabled> >> > </PropertyGroup> >> > - <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" /> >> > - <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" /> >> > - <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" /> >> > - <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" /> >> > - <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" /> >> > - <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> > + <ClCompile> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> > + <ClCompile> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> > + <ClCompile> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> > + <ClCompile> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + <Link> >> > + <CETCompat>true</CETCompat> >> > + </Link> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> > + <ClCompile> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> > + <Link> >> > + <CETCompat>true</CETCompat> >> > + </Link> >> > + <ClCompile> >> > + <SDLCheck>true</SDLCheck> >> > + <AdditionalOptions>/ZH:SHA_256 >> %(AdditionalOptions)</AdditionalOptions> >> > + >> <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> >> > + </ClCompile> >> > + </ItemDefinitionGroup> >> > <ItemGroup> >> > <ClCompile Include="error.c" /> >> > <ClCompile Include="tap.c" /> >> > -- >> > 2.23.0.windows.1 >> > >> >> >> -- >> -Lev >> > <div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">original patch does not apply<div><br></div><div><div>C:\i\openvpn-chipitsine-2.5>"C:\Program Files\Git\usr\bin\patch.exe" -p1 < c:\users\ilia\Downloads\Openvpn-devel-2.5-msvc-adjust-build-options-to-harden-binaries.diff</div><div>patching file src/openvpn/openvpn.vcxproj</div><div>Hunk #1 FAILED at 147.</div><div>Hunk #2 FAILED at 162.</div><div>Hunk #3 FAILED at 177.</div><div>Hunk #4 FAILED at 192.</div><div>4 out of 4 hunks FAILED -- saving rejects to file src/openvpn/openvpn.vcxproj.rej</div><div>patching file src/openvpnmsica/openvpnmsica.vcxproj</div><div>patching file src/openvpnserv/openvpnserv.vcxproj</div><div>patching file src/tapctl/tapctl.vcxproj</div></div><div><br></div><div><br></div><div>I tried to apply manually: <a href="https://github.com/chipitsine/openvpn/commit/eeff76551238b0194e72953b916c4481aab5f303">test · chipitsine/openvpn@eeff765 (github.com)</a></div><div><br></div><div>minor build issues still there: <a href="https://github.com/chipitsine/openvpn/runs/5226889392?check_suite_focus=true">test · chipitsine/openvpn@eeff765 (github.com)</a></div><div><br></div><div><br></div><div>also, I have a question on <SDLCheck>true</SDLCheck>, in your patch it is not applied to all configurations, but to few of them. is it on purpose ?</div><div><br></div><div><br></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 9 февр. 2022 г. в 15:16, Илья Шипицин <<a href="mailto:chipitsine@gmail.com">chipitsine@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Sorry, I did not catch that you have been waiting for me. <div>I'll have a look in couple of days</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">ср, 9 февр. 2022 г. в 15:07, Lev Stipakov <<a href="mailto:lstipakov@gmail.com" target="_blank">lstipakov@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Ilja,<br> <br> Is there any chance you could have a look at this patch?<br> <br> <br> pe 7. tammik. 2022 klo 16.54 Lev Stipakov (<a href="mailto:lstipakov@gmail.com" target="_blank">lstipakov@gmail.com</a>) kirjoitti:<br> ><br> > From: Lev Stipakov <<a href="mailto:lev@openvpn.net" target="_blank">lev@openvpn.net</a>><br> ><br> > - enable hardware-enforced stack protection on<br> > compatible hardware/software (/CETCOMPAT linker option)<br> ><br> > - hash object files with SHA256 (/ZH:SHA_256 compiler option)<br> ><br> > - enable SDL. The required to add<br> ><br> > _CRT_NONSTDC_NO_DEPRECATE<br> > _CRT_SECURE_NO_WARNINGS<br> > _WINSOCK_DEPRECATED_NO_WARNINGS<br> ><br> > preprocessor definitions. I don't feel like replacing strdup (which is<br> > correct POSIX function) and inet_ntoa (we always pass IPv4 address to<br> > it, inet_ntop will make code more complex)<br> ><br> > Above issues were discovered by bitskim.<br> ><br> > Signed-off-by: Lev Stipakov <<a href="mailto:lev@openvpn.net" target="_blank">lev@openvpn.net</a>><br> > ---<br> ><br> > Note that one needs to cherry-pick commit<br> ><br> > "e5e9a07" (tapctl: Resolve MSVC C4996 warnings)<br> ><br> > before applying this patch.<br> ><br> > src/openvpn/openvpn.vcxproj | 35 +++++++++++------<br> > src/openvpnmsica/openvpnmsica.vcxproj | 43 +++++++++++++++++++++<br> > src/openvpnserv/openvpnserv.vcxproj | 26 ++++++++++---<br> > src/tapctl/tapctl.vcxproj | 54 ++++++++++++++++++++++++---<br> > 4 files changed, 134 insertions(+), 24 deletions(-)<br> ><br> > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj<br> > index 33b8f19a..a540ec22 100644<br> > --- a/src/openvpn/openvpn.vcxproj<br> > +++ b/src/openvpn/openvpn.vcxproj<br> > @@ -147,11 +147,12 @@<br> > </PropertyGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -162,11 +163,12 @@<br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir)include;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -177,11 +179,12 @@<br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -192,44 +195,52 @@<br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > <ControlFlowGuard>Guard</ControlFlowGuard><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <SDLCheck>true</SDLCheck><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> > <SubSystem>Console</SubSystem><br> > + <CETCompat>true</CETCompat><br> > </Link><br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > <ControlFlowGuard>Guard</ControlFlowGuard><br> > + <SDLCheck>true</SDLCheck><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> > <SubSystem>Console</SubSystem><br> > + <CETCompat>true</CETCompat><br> > </Link><br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> > <ClCompile><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions><br> > - <WarningLevel>Level2</WarningLevel><br> > <TreatWarningAsError>true</TreatWarningAsError><br> > <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > <ControlFlowGuard>Guard</ControlFlowGuard><br> > + <WarningLevel>Level2</WarningLevel><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <SDLCheck>true</SDLCheck><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj<br> > index 11aa78bb..5e774430 100644<br> > --- a/src/openvpnmsica/openvpnmsica.vcxproj<br> > +++ b/src/openvpnmsica/openvpnmsica.vcxproj<br> > @@ -135,6 +135,49 @@<br> > <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > <VcpkgEnabled>true</VcpkgEnabled><br> > </PropertyGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > + <Link><br> > + <CETCompat>true</CETCompat><br> > + </Link><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> > + <Link><br> > + <CETCompat>true</CETCompat><br> > + </Link><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <SDLCheck>true</SDLCheck><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> > + <ClCompile><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > <ItemGroup><br> > <ClCompile Include="..\tapctl\error.c" /><br> > <ClCompile Include="..\tapctl\tap.c" /><br> > diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj<br> > index 520242f4..c70db229 100644<br> > --- a/src/openvpnserv/openvpnserv.vcxproj<br> > +++ b/src/openvpnserv/openvpnserv.vcxproj<br> > @@ -124,7 +124,9 @@<br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -135,7 +137,9 @@<br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -146,7 +150,9 @@<br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > @@ -157,29 +163,37 @@<br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> > <SubSystem>Console</SubSystem><br> > + <CETCompat>true</CETCompat><br> > </Link><br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> > <SubSystem>Console</SubSystem><br> > + <CETCompat>true</CETCompat><br> > </Link><br> > </ItemDefinitionGroup><br> > <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> > <ClCompile><br> > <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories><br> > - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > </ClCompile><br> > <ResourceCompile /><br> > <Link><br> > diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj<br> > index 79da9d33..f439dc4f 100644<br> > --- a/src/tapctl/tapctl.vcxproj<br> > +++ b/src/tapctl/tapctl.vcxproj<br> > @@ -135,12 +135,54 @@<br> > <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > <VcpkgEnabled>true</VcpkgEnabled><br> > </PropertyGroup><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" /><br> > - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + <Link><br> > + <CETCompat>true</CETCompat><br> > + </Link><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> > + <Link><br> > + <CETCompat>true</CETCompat><br> > + </Link><br> > + <ClCompile><br> > + <SDLCheck>true</SDLCheck><br> > + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions><br> > + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions><br> > + </ClCompile><br> > + </ItemDefinitionGroup><br> > <ItemGroup><br> > <ClCompile Include="error.c" /><br> > <ClCompile Include="tap.c" /><br> > --<br> > 2.23.0.windows.1<br> ><br> <br> <br> --<br> -Lev<br> </blockquote></div> </blockquote></div>
Hi, Thanks for testing. > original patch does not apply Indeed it doesn't apply anymore since recent changes to vcxproj files. I have rebased it. > minor build issues still there: test · chipitsine/openvpn@eeff765 (github.com) Those are likely because this was not applied https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html to your 2.5 branch. I have mentioned it in the patch email, but not in a commit message. > also, I have a question on <SDLCheck>true</SDLCheck>, in your patch it is not applied to all configurations, but to few of them. is it on purpose ? For some reasons I missed debug configurations in some projects, I'll add those. Here are my GHa builds: master: https://github.com/lstipakov/openvpn/actions/runs/1857589993 release/2.5: https://github.com/lstipakov/openvpn/actions/runs/1857547158
чт, 17 февр. 2022 г. в 13:53, Lev Stipakov <lstipakov@gmail.com>: > Hi, > > Thanks for testing. > > > original patch does not apply > > Indeed it doesn't apply anymore since recent changes to vcxproj files. > I have rebased it. > > > minor build issues still there: test · chipitsine/openvpn@eeff765 ( > github.com) > > Those are likely because this was not applied > > https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html > to your 2.5 branch. > I have mentioned it in the patch email, but not in a commit message. > > > also, I have a question on <SDLCheck>true</SDLCheck>, in your patch it > is not applied to all configurations, but to few of them. is it on purpose ? > > For some reasons I missed debug configurations in some projects, I'll add > those. > > Here are my GHa builds: > > master: https://github.com/lstipakov/openvpn/actions/runs/1857589993 > release/2.5 > <https://github.com/lstipakov/openvpn/actions/runs/1857589993release/2.5>: > https://github.com/lstipakov/openvpn/actions/runs/1857547158 can you please apply "pdb" patch to your branch ? CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 <https://github.com/OpenVPN/openvpn/commit/9da733751ce80b2226ef19923365bd3102cfbd47> BinSkim uses pdb for analysis. probably, it makes sense to apply this patch to release/2.5 branch as well > > > -- > -Lev > <div dir="ltr"><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">чт, 17 февр. 2022 г. в 13:53, Lev Stipakov <<a href="mailto:lstipakov@gmail.com">lstipakov@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br> <br> Thanks for testing.<br> <br> > original patch does not apply<br> <br> Indeed it doesn't apply anymore since recent changes to vcxproj files.<br> I have rebased it.<br> <br> > minor build issues still there: test · chipitsine/openvpn@eeff765 (<a href="http://github.com" rel="noreferrer" target="_blank">github.com</a>)<br> <br> Those are likely because this was not applied<br> <a href="https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html" rel="noreferrer" target="_blank">https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.html</a><br> to your 2.5 branch.<br> I have mentioned it in the patch email, but not in a commit message.<br> <br> > also, I have a question on <SDLCheck>true</SDLCheck>, in your patch it is not applied to all configurations, but to few of them. is it on purpose ?<br> <br> For some reasons I missed debug configurations in some projects, I'll add those.<br> <br> Here are my GHa builds:<br> <br> master: <a href="https://github.com/lstipakov/openvpn/actions/runs/1857589993release/2.5" rel="noreferrer" target="_blank">https://github.com/lstipakov/openvpn/actions/runs/1857589993<br> release/2.5</a>: <a href="https://github.com/lstipakov/openvpn/actions/runs/1857547158" rel="noreferrer" target="_blank">https://github.com/lstipakov/openvpn/actions/runs/1857547158</a></blockquote><div><br></div><div>can you please apply "pdb" patch to your branch ?</div><div><a href="https://github.com/OpenVPN/openvpn/commit/9da733751ce80b2226ef19923365bd3102cfbd47">CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337</a><br></div><div><br></div><div>BinSkim uses pdb for analysis.</div><div><br></div><div>probably, it makes sense to apply this patch to release/2.5 branch as well</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br> <br> -- <br> -Lev<br> </blockquote></div></div></div>
Hi, > can you please apply "pdb" patch to your branch ? > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624 > BinSkim uses pdb for analysis. > > probably, it makes sense to apply this patch to release/2.5 branch as well I agree. /me looks at Gert.
Ack from me. чт, 17 февр. 2022 г. в 16:55, Lev Stipakov <lstipakov@gmail.com>: > Hi, > > > can you please apply "pdb" patch to your branch ? > > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 > > Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624 > > > BinSkim uses pdb for analysis. > > > > probably, it makes sense to apply this patch to release/2.5 branch as > well > > I agree. /me looks at Gert. > > -- > -Lev > <div dir="ltr">Ack from me.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">чт, 17 февр. 2022 г. в 16:55, Lev Stipakov <<a href="mailto:lstipakov@gmail.com">lstipakov@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi,<br> <br> > can you please apply "pdb" patch to your branch ?<br> > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337<br> <br> Done! <a href="https://github.com/lstipakov/openvpn/actions/runs/1858390624" rel="noreferrer" target="_blank">https://github.com/lstipakov/openvpn/actions/runs/1858390624</a><br> <br> > BinSkim uses pdb for analysis.<br> ><br> > probably, it makes sense to apply this patch to release/2.5 branch as well<br> <br> I agree. /me looks at Gert.<br> <br> -- <br> -Lev<br> </blockquote></div>
Hi, On Thu, Feb 17, 2022 at 01:55:35PM +0200, Lev Stipakov wrote: > > can you please apply "pdb" patch to your branch ? > > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 > > Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624 > > > BinSkim uses pdb for analysis. > > > > probably, it makes sense to apply this patch to release/2.5 branch as well > > I agree. /me looks at Gert. I'm a bit confused on what exactly you want applied where now. What is "this patch"? This one, or "the pdb patch", or yet something else mentioned in this thread? gert
pdb patch On Sun, Feb 20, 2022, 7:04 PM Gert Doering <gert@greenie.muc.de> wrote: > Hi, > > On Thu, Feb 17, 2022 at 01:55:35PM +0200, Lev Stipakov wrote: > > > can you please apply "pdb" patch to your branch ? > > > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337 > > > > Done! https://github.com/lstipakov/openvpn/actions/runs/1858390624 > > > > > BinSkim uses pdb for analysis. > > > > > > probably, it makes sense to apply this patch to release/2.5 branch as > well > > > > I agree. /me looks at Gert. > > I'm a bit confused on what exactly you want applied where now. > > What is "this patch"? This one, or "the pdb patch", or yet something > else mentioned in this thread? > > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > gert@greenie.muc.de > <div dir="auto">pdb patch</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Feb 20, 2022, 7:04 PM Gert Doering <<a href="mailto:gert@greenie.muc.de">gert@greenie.muc.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br> <br> On Thu, Feb 17, 2022 at 01:55:35PM +0200, Lev Stipakov wrote:<br> > > can you please apply "pdb" patch to your branch ?<br> > > CI: github actions: keep "pdb" in artifacts · OpenVPN/openvpn@9da7337<br> > <br> > Done! <a href="https://github.com/lstipakov/openvpn/actions/runs/1858390624" rel="noreferrer noreferrer" target="_blank">https://github.com/lstipakov/openvpn/actions/runs/1858390624</a><br> > <br> > > BinSkim uses pdb for analysis.<br> > ><br> > > probably, it makes sense to apply this patch to release/2.5 branch as well<br> > <br> > I agree. /me looks at Gert.<br> <br> I'm a bit confused on what exactly you want applied where now.<br> <br> What is "this patch"? This one, or "the pdb patch", or yet something<br> else mentioned in this thread?<br> <br> gert<br> -- <br> "If was one thing all people took for granted, was conviction that if you <br> feed honest figures into a computer, honest figures come out. Never doubted <br> it myself till I met a computer with a sense of humor."<br> Robert A. Heinlein, The Moon is a Harsh Mistress<br> <br> Gert Doering - Munich, Germany <a href="mailto:gert@greenie.muc.de" target="_blank" rel="noreferrer">gert@greenie.muc.de</a><br> </blockquote></div>
Hi,
On Sun, Feb 20, 2022 at 07:07:15PM +0500, ???????? ?????????????? wrote:
> pdb patch
Whatever that is... a commit ID in master would be much easier for
me to cherrypick.
(In any case, *this* patch can't go into 2.5 before the *master* patch
has an ACK - for patches for "master + 2.5", master always comes first,
then release branch)
gert
It is applied to master. git id: https://github.com/OpenVPN/openvpn/commit/9da733751ce80b2226ef19923365bd3102cfbd47 On Sun, Feb 20, 2022, 7:10 PM Gert Doering <gert@greenie.muc.de> wrote: > Hi, > > On Sun, Feb 20, 2022 at 07:07:15PM +0500, ???????? ?????????????? wrote: > > pdb patch > > Whatever that is... a commit ID in master would be much easier for > me to cherrypick. > > (In any case, *this* patch can't go into 2.5 before the *master* patch > has an ACK - for patches for "master + 2.5", master always comes first, > then release branch) > > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > gert@greenie.muc.de > <div dir="auto">It is applied to master.<div dir="auto"><br></div><div dir="auto">git id: <a href="https://github.com/OpenVPN/openvpn/commit/9da733751ce80b2226ef19923365bd3102cfbd47">https://github.com/OpenVPN/openvpn/commit/9da733751ce80b2226ef19923365bd3102cfbd47</a></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Feb 20, 2022, 7:10 PM Gert Doering <<a href="mailto:gert@greenie.muc.de">gert@greenie.muc.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br> <br> On Sun, Feb 20, 2022 at 07:07:15PM +0500, ???????? ?????????????? wrote:<br> > pdb patch<br> <br> Whatever that is... a commit ID in master would be much easier for<br> me to cherrypick.<br> <br> (In any case, *this* patch can't go into 2.5 before the *master* patch<br> has an ACK - for patches for "master + 2.5", master always comes first,<br> then release branch)<br> <br> gert<br> -- <br> "If was one thing all people took for granted, was conviction that if you <br> feed honest figures into a computer, honest figures come out. Never doubted <br> it myself till I met a computer with a sense of humor."<br> Robert A. Heinlein, The Moon is a Harsh Mistress<br> <br> Gert Doering - Munich, Germany <a href="mailto:gert@greenie.muc.de" target="_blank" rel="noreferrer">gert@greenie.muc.de</a><br> </blockquote></div>
Hi,
On Sun, Feb 20, 2022 at 07:15:33PM +0500, ???????? ?????????????? wrote:
> It is applied to master.
The "adjust build options to harden binaries" has no ACK for master.
This is needed so the 2.5 patch can go into 2.5
gert
Lev, I'm lost here. Can you please follow up? On Sun, Feb 20, 2022, 7:18 PM Gert Doering <gert@greenie.muc.de> wrote: > Hi, > > On Sun, Feb 20, 2022 at 07:15:33PM +0500, ???????? ?????????????? wrote: > > It is applied to master. > > The "adjust build options to harden binaries" has no ACK for master. > > This is needed so the 2.5 patch can go into 2.5 > > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > gert@greenie.muc.de > <div dir="auto">Lev, I'm lost here. Can you please follow up?</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Feb 20, 2022, 7:18 PM Gert Doering <<a href="mailto:gert@greenie.muc.de">gert@greenie.muc.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br> <br> On Sun, Feb 20, 2022 at 07:15:33PM +0500, ???????? ?????????????? wrote:<br> > It is applied to master.<br> <br> The "adjust build options to harden binaries" has no ACK for master.<br> <br> This is needed so the 2.5 patch can go into 2.5<br> <br> gert<br> -- <br> "If was one thing all people took for granted, was conviction that if you <br> feed honest figures into a computer, honest figures come out. Never doubted <br> it myself till I met a computer with a sense of humor."<br> Robert A. Heinlein, The Moon is a Harsh Mistress<br> <br> Gert Doering - Munich, Germany <a href="mailto:gert@greenie.muc.de" target="_blank" rel="noreferrer">gert@greenie.muc.de</a><br> </blockquote></div>
Hi,
On Sun, Feb 20, 2022 at 07:29:24PM +0500, ???????? ?????????????? wrote:
> Lev, I'm lost here. Can you please follow up?
Please test and ACK *this* patch:
https://patchwork.openvpn.net/patch/2296/
this is the "v2 for master" patch.
When that is done, we can talk about release/2.5 application.
gert
There is ack from me earlier in this thread. Lev, I did all things you asked me to do. Please follow up. I do not catch what else left On Sun, Feb 20, 2022, 7:38 PM Gert Doering <gert@greenie.muc.de> wrote: > Hi, > > On Sun, Feb 20, 2022 at 07:29:24PM +0500, ???????? ?????????????? wrote: > > Lev, I'm lost here. Can you please follow up? > > Please test and ACK *this* patch: > > https://patchwork.openvpn.net/patch/2296/ > > this is the "v2 for master" patch. > > When that is done, we can talk about release/2.5 application. > > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > gert@greenie.muc.de > <div dir="auto">There is ack from me earlier in this thread.<div dir="auto"><br></div><div dir="auto">Lev, I did all things you asked me to do. Please follow up. I do not catch what else left</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Feb 20, 2022, 7:38 PM Gert Doering <<a href="mailto:gert@greenie.muc.de">gert@greenie.muc.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br> <br> On Sun, Feb 20, 2022 at 07:29:24PM +0500, ???????? ?????????????? wrote:<br> > Lev, I'm lost here. Can you please follow up?<br> <br> Please test and ACK *this* patch:<br> <br> <a href="https://patchwork.openvpn.net/patch/2296/" rel="noreferrer noreferrer" target="_blank">https://patchwork.openvpn.net/patch/2296/</a><br> <br> this is the "v2 for master" patch. <br> <br> When that is done, we can talk about release/2.5 application.<br> <br> gert<br> -- <br> "If was one thing all people took for granted, was conviction that if you <br> feed honest figures into a computer, honest figures come out. Never doubted <br> it myself till I met a computer with a sense of humor."<br> Robert A. Heinlein, The Moon is a Harsh Mistress<br> <br> Gert Doering - Munich, Germany <a href="mailto:gert@greenie.muc.de" target="_blank" rel="noreferrer">gert@greenie.muc.de</a><br> </blockquote></div>
Hi,
On Sun, Feb 20, 2022 at 07:53:56PM +0500, ???????? ?????????????? wrote:
> There is ack from me earlier in this thread.
"ACK in this thread" is not really helpful, as it is not clear for
which patch exactly this is.
(You basically ACKed in response to v1 of the 2.5 patch, while we
have v2 for the master + 2.5 patch out)
For me, to make clear which version of which patches an ACK refers
to, it is important that the reply is to the correct e-mail - you can
see in patchwork if your ACK has been recorded or not.
https://patchwork.openvpn.net/project/openvpn2/list/
gert
Let's start from the beginning. I'll start two new threads (master and 2.5) and Ilya could ack them. Ilya, to ack please reply on those threads with following line: Acked-by: Firstname Lastname <email@example.com> su 20. helmik. 2022 klo 19.31 Gert Doering (gert@greenie.muc.de) kirjoitti: > > Hi, > > On Sun, Feb 20, 2022 at 07:53:56PM +0500, ???????? ?????????????? wrote: > > There is ack from me earlier in this thread. > > "ACK in this thread" is not really helpful, as it is not clear for > which patch exactly this is. > > (You basically ACKed in response to v1 of the 2.5 patch, while we > have v2 for the master + 2.5 patch out) > > For me, to make clear which version of which patches an ACK refers > to, it is important that the reply is to the correct e-mail - you can > see in patchwork if your ACK has been recorded or not. > > https://patchwork.openvpn.net/project/openvpn2/list/ > > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany gert@greenie.muc.de
Lev, I see two new messages in this thread. Please clarify what do you want me to do? пн, 21 февр. 2022 г. в 13:59, Lev Stipakov <lstipakov@gmail.com>: > Let's start from the beginning. > > I'll start two new threads (master and 2.5) and Ilya could ack them. > > Ilya, to ack please reply on those threads with following line: > > Acked-by: Firstname Lastname <email@example.com> > > su 20. helmik. 2022 klo 19.31 Gert Doering (gert@greenie.muc.de) > kirjoitti: > > > > Hi, > > > > On Sun, Feb 20, 2022 at 07:53:56PM +0500, ???????? ?????????????? wrote: > > > There is ack from me earlier in this thread. > > > > "ACK in this thread" is not really helpful, as it is not clear for > > which patch exactly this is. > > > > (You basically ACKed in response to v1 of the 2.5 patch, while we > > have v2 for the master + 2.5 patch out) > > > > For me, to make clear which version of which patches an ACK refers > > to, it is important that the reply is to the correct e-mail - you can > > see in patchwork if your ACK has been recorded or not. > > > > https://patchwork.openvpn.net/project/openvpn2/list/ > > > > gert > > -- > > "If was one thing all people took for granted, was conviction that if you > > feed honest figures into a computer, honest figures come out. Never > doubted > > it myself till I met a computer with a sense of humor." > > Robert A. Heinlein, The Moon is a Harsh > Mistress > > > > Gert Doering - Munich, Germany > gert@greenie.muc.de > > > > -- > -Lev > <div dir="ltr">Lev, I see two new messages in this thread. Please clarify what do you want me to do?</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">пн, 21 февр. 2022 г. в 13:59, Lev Stipakov <<a href="mailto:lstipakov@gmail.com">lstipakov@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Let's start from the beginning.<br> <br> I'll start two new threads (master and 2.5) and Ilya could ack them.<br> <br> Ilya, to ack please reply on those threads with following line:<br> <br> Acked-by: Firstname Lastname <<a href="mailto:email@example.com" target="_blank">email@example.com</a>><br> <br> su 20. helmik. 2022 klo 19.31 Gert Doering (<a href="mailto:gert@greenie.muc.de" target="_blank">gert@greenie.muc.de</a>) kirjoitti:<br> ><br> > Hi,<br> ><br> > On Sun, Feb 20, 2022 at 07:53:56PM +0500, ???????? ?????????????? wrote:<br> > > There is ack from me earlier in this thread.<br> ><br> > "ACK in this thread" is not really helpful, as it is not clear for<br> > which patch exactly this is.<br> ><br> > (You basically ACKed in response to v1 of the 2.5 patch, while we<br> > have v2 for the master + 2.5 patch out)<br> ><br> > For me, to make clear which version of which patches an ACK refers<br> > to, it is important that the reply is to the correct e-mail - you can<br> > see in patchwork if your ACK has been recorded or not.<br> ><br> > <a href="https://patchwork.openvpn.net/project/openvpn2/list/" rel="noreferrer" target="_blank">https://patchwork.openvpn.net/project/openvpn2/list/</a><br> ><br> > gert<br> > --<br> > "If was one thing all people took for granted, was conviction that if you<br> > feed honest figures into a computer, honest figures come out. Never doubted<br> > it myself till I met a computer with a sense of humor."<br> > Robert A. Heinlein, The Moon is a Harsh Mistress<br> ><br> > Gert Doering - Munich, Germany <a href="mailto:gert@greenie.muc.de" target="_blank">gert@greenie.muc.de</a><br> <br> <br> <br> -- <br> -Lev<br> </blockquote></div>
Reply to both of them with the line (remove ">"): > Acked-by: Ilya Shipitsin <chipitsine@gmail.com> if you think that you could ack both of those patches. ma 21. helmik. 2022 klo 13.17 Илья Шипицин (chipitsine@gmail.com) kirjoitti: > > Lev, I see two new messages in this thread. Please clarify what do you want me to do? > > пн, 21 февр. 2022 г. в 13:59, Lev Stipakov <lstipakov@gmail.com>: >> >> Let's start from the beginning. >> >> I'll start two new threads (master and 2.5) and Ilya could ack them. >> >> Ilya, to ack please reply on those threads with following line: >> >> Acked-by: Firstname Lastname <email@example.com> >> >> su 20. helmik. 2022 klo 19.31 Gert Doering (gert@greenie.muc.de) kirjoitti: >> > >> > Hi, >> > >> > On Sun, Feb 20, 2022 at 07:53:56PM +0500, ???????? ?????????????? wrote: >> > > There is ack from me earlier in this thread. >> > >> > "ACK in this thread" is not really helpful, as it is not clear for >> > which patch exactly this is. >> > >> > (You basically ACKed in response to v1 of the 2.5 patch, while we >> > have v2 for the master + 2.5 patch out) >> > >> > For me, to make clear which version of which patches an ACK refers >> > to, it is important that the reply is to the correct e-mail - you can >> > see in patchwork if your ACK has been recorded or not. >> > >> > https://patchwork.openvpn.net/project/openvpn2/list/ >> > >> > gert >> > -- >> > "If was one thing all people took for granted, was conviction that if you >> > feed honest figures into a computer, honest figures come out. Never doubted >> > it myself till I met a computer with a sense of humor." >> > Robert A. Heinlein, The Moon is a Harsh Mistress >> > >> > Gert Doering - Munich, Germany gert@greenie.muc.de >> >> >> >> -- >> -Lev
sorry, it does not look like "2 new threads". also, I'm not sure patchwork will be able to pick 2 ack from 1 thread. I'm not motivated to run in circles from you to Gert and back. if you can find someone more motivated, I'll appreciate that. пн, 21 февр. 2022 г. в 17:02, Lev Stipakov <lstipakov@gmail.com>: > Reply to both of them with the line (remove ">"): > > > Acked-by: Ilya Shipitsin <chipitsine@gmail.com> > > if you think that you could ack both of those patches. > > ma 21. helmik. 2022 klo 13.17 Илья Шипицин (chipitsine@gmail.com) > kirjoitti: > > > > Lev, I see two new messages in this thread. Please clarify what do you > want me to do? > > > > пн, 21 февр. 2022 г. в 13:59, Lev Stipakov <lstipakov@gmail.com>: > >> > >> Let's start from the beginning. > >> > >> I'll start two new threads (master and 2.5) and Ilya could ack them. > >> > >> Ilya, to ack please reply on those threads with following line: > >> > >> Acked-by: Firstname Lastname <email@example.com> > >> > >> su 20. helmik. 2022 klo 19.31 Gert Doering (gert@greenie.muc.de) > kirjoitti: > >> > > >> > Hi, > >> > > >> > On Sun, Feb 20, 2022 at 07:53:56PM +0500, ???????? ?????????????? > wrote: > >> > > There is ack from me earlier in this thread. > >> > > >> > "ACK in this thread" is not really helpful, as it is not clear for > >> > which patch exactly this is. > >> > > >> > (You basically ACKed in response to v1 of the 2.5 patch, while we > >> > have v2 for the master + 2.5 patch out) > >> > > >> > For me, to make clear which version of which patches an ACK refers > >> > to, it is important that the reply is to the correct e-mail - you can > >> > see in patchwork if your ACK has been recorded or not. > >> > > >> > https://patchwork.openvpn.net/project/openvpn2/list/ > >> > > >> > gert > >> > -- > >> > "If was one thing all people took for granted, was conviction that if > you > >> > feed honest figures into a computer, honest figures come out. Never > doubted > >> > it myself till I met a computer with a sense of humor." > >> > Robert A. Heinlein, The Moon is a Harsh > Mistress > >> > > >> > Gert Doering - Munich, Germany > gert@greenie.muc.de > >> > >> > >> > >> -- > >> -Lev > > > > -- > -Lev > <div dir="ltr">sorry, it does not look like "2 new threads".<div>also, I'm not sure patchwork will be able to pick 2 ack from 1 thread.</div><div><br></div><div>I'm not motivated to run in circles from you to Gert and back.</div><div>if you can find someone more motivated, I'll appreciate that.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">пн, 21 февр. 2022 г. в 17:02, Lev Stipakov <<a href="mailto:lstipakov@gmail.com">lstipakov@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Reply to both of them with the line (remove ">"):<br> <br> > Acked-by: Ilya Shipitsin <<a href="mailto:chipitsine@gmail.com" target="_blank">chipitsine@gmail.com</a>><br> <br> if you think that you could ack both of those patches.<br> <br> ma 21. helmik. 2022 klo 13.17 Илья Шипицин (<a href="mailto:chipitsine@gmail.com" target="_blank">chipitsine@gmail.com</a>) kirjoitti:<br> ><br> > Lev, I see two new messages in this thread. Please clarify what do you want me to do?<br> ><br> > пн, 21 февр. 2022 г. в 13:59, Lev Stipakov <<a href="mailto:lstipakov@gmail.com" target="_blank">lstipakov@gmail.com</a>>:<br> >><br> >> Let's start from the beginning.<br> >><br> >> I'll start two new threads (master and 2.5) and Ilya could ack them.<br> >><br> >> Ilya, to ack please reply on those threads with following line:<br> >><br> >> Acked-by: Firstname Lastname <<a href="mailto:email@example.com" target="_blank">email@example.com</a>><br> >><br> >> su 20. helmik. 2022 klo 19.31 Gert Doering (<a href="mailto:gert@greenie.muc.de" target="_blank">gert@greenie.muc.de</a>) kirjoitti:<br> >> ><br> >> > Hi,<br> >> ><br> >> > On Sun, Feb 20, 2022 at 07:53:56PM +0500, ???????? ?????????????? wrote:<br> >> > > There is ack from me earlier in this thread.<br> >> ><br> >> > "ACK in this thread" is not really helpful, as it is not clear for<br> >> > which patch exactly this is.<br> >> ><br> >> > (You basically ACKed in response to v1 of the 2.5 patch, while we<br> >> > have v2 for the master + 2.5 patch out)<br> >> ><br> >> > For me, to make clear which version of which patches an ACK refers<br> >> > to, it is important that the reply is to the correct e-mail - you can<br> >> > see in patchwork if your ACK has been recorded or not.<br> >> ><br> >> > <a href="https://patchwork.openvpn.net/project/openvpn2/list/" rel="noreferrer" target="_blank">https://patchwork.openvpn.net/project/openvpn2/list/</a><br> >> ><br> >> > gert<br> >> > --<br> >> > "If was one thing all people took for granted, was conviction that if you<br> >> > feed honest figures into a computer, honest figures come out. Never doubted<br> >> > it myself till I met a computer with a sense of humor."<br> >> > Robert A. Heinlein, The Moon is a Harsh Mistress<br> >> ><br> >> > Gert Doering - Munich, Germany <a href="mailto:gert@greenie.muc.de" target="_blank">gert@greenie.muc.de</a><br> >><br> >><br> >><br> >> --<br> >> -Lev<br> <br> <br> <br> -- <br> -Lev<br> </blockquote></div>
diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index 33b8f19a..a540ec22 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -147,11 +147,12 @@ </PropertyGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <ClCompile> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> - <WarningLevel>Level2</WarningLevel> <TreatWarningAsError>true</TreatWarningAsError> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <WarningLevel>Level2</WarningLevel> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> @@ -162,11 +163,12 @@ </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ClCompile> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> - <WarningLevel>Level2</WarningLevel> <TreatWarningAsError>true</TreatWarningAsError> <AdditionalIncludeDirectories>..\compat;$(SolutionDir)include;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <WarningLevel>Level2</WarningLevel> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> @@ -177,11 +179,12 @@ </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> <ClCompile> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> - <WarningLevel>Level2</WarningLevel> <TreatWarningAsError>true</TreatWarningAsError> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> + <WarningLevel>Level2</WarningLevel> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> @@ -192,44 +195,52 @@ </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ClCompile> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> - <WarningLevel>Level2</WarningLevel> <TreatWarningAsError>true</TreatWarningAsError> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <ControlFlowGuard>Guard</ControlFlowGuard> + <WarningLevel>Level2</WarningLevel> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <SDLCheck>true</SDLCheck> </ClCompile> <ResourceCompile /> <Link> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <ClCompile> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> - <WarningLevel>Level2</WarningLevel> <TreatWarningAsError>true</TreatWarningAsError> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <ControlFlowGuard>Guard</ControlFlowGuard> + <SDLCheck>true</SDLCheck> + <WarningLevel>Level2</WarningLevel> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> <ClCompile> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> <UndefinePreprocessorDefinitions>%(UndefinePreprocessorDefinitions)</UndefinePreprocessorDefinitions> - <WarningLevel>Level2</WarningLevel> <TreatWarningAsError>true</TreatWarningAsError> <AdditionalIncludeDirectories>..\compat;$(SolutionDir);%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> <ControlFlowGuard>Guard</ControlFlowGuard> + <WarningLevel>Level2</WarningLevel> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <SDLCheck>true</SDLCheck> </ClCompile> <ResourceCompile /> <Link> diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj index 11aa78bb..5e774430 100644 --- a/src/openvpnmsica/openvpnmsica.vcxproj +++ b/src/openvpnmsica/openvpnmsica.vcxproj @@ -135,6 +135,49 @@ <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <VcpkgEnabled>true</VcpkgEnabled> </PropertyGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + <ClCompile> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + <ClCompile> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <SDLCheck>true</SDLCheck> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> + <ClCompile> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> + <ClCompile> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <ClCompile> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <ClCompile> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> <ItemGroup> <ClCompile Include="..\tapctl\error.c" /> <ClCompile Include="..\tapctl\tap.c" /> diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj index 520242f4..c70db229 100644 --- a/src/openvpnserv/openvpnserv.vcxproj +++ b/src/openvpnserv/openvpnserv.vcxproj @@ -124,7 +124,9 @@ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> <ClCompile> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> @@ -135,7 +137,9 @@ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ClCompile> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> @@ -146,7 +150,9 @@ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> <ClCompile> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> @@ -157,29 +163,37 @@ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> <ClCompile> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <ClCompile> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> <ClCompile> <AdditionalIncludeDirectories>..\openvpn;..\compat;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> - <PreprocessorDefinitions>_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <PreprocessorDefinitions>_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_WARNINGS;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> </ClCompile> <ResourceCompile /> <Link> diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj index 79da9d33..f439dc4f 100644 --- a/src/tapctl/tapctl.vcxproj +++ b/src/tapctl/tapctl.vcxproj @@ -135,12 +135,54 @@ <PropertyGroup Label="Vcpkg" Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <VcpkgEnabled>true</VcpkgEnabled> </PropertyGroup> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" /> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" /> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" /> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" /> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" /> - <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" /> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> + <ClCompile> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> + <ClCompile> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <ClCompile> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <ClCompile> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + <Link> + <CETCompat>true</CETCompat> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <ClCompile> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + <ClCompile> + <SDLCheck>true</SDLCheck> + <AdditionalOptions>/ZH:SHA_256 %(AdditionalOptions)</AdditionalOptions> + <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions> + </ClCompile> + </ItemDefinitionGroup> <ItemGroup> <ClCompile Include="error.c" /> <ClCompile Include="tap.c" />