Message ID | 20210617061027.140-1-lstipakov@gmail.com |
---|---|
Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.27.255.9]) by backend30.mail.ord1d.rsapps.net with LMTP id mBkUCLnnymCqOwAAIUCqbw (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Thu, 17 Jun 2021 02:12:09 -0400 Received: from proxy4.mail.iad3a.rsapps.net ([172.27.255.9]) by director14.mail.ord1d.rsapps.net with LMTP id YN7SB7nnymCLSQAAeJ7fFg (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Thu, 17 Jun 2021 02:12:09 -0400 Received: from smtp15.gate.iad3a ([172.27.255.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy4.mail.iad3a.rsapps.net with LMTPS id SEaNArnnymBGfQAA8Zvu4w (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) for <patchwork@openvpn.net>; Thu, 17 Jun 2021 02:12:09 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: f204054c-cf32-11eb-af51-525400f46865-1-1 Received: from [216.105.38.7] ([216.105.38.7:53412] helo=lists.sourceforge.net) by smtp15.gate.iad3a.rsapps.net (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 67/67-23098-8B7EAC06; Thu, 17 Jun 2021 02:12:08 -0400 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from <openvpn-devel-bounces@lists.sourceforge.net>) id 1ltlFA-0006pB-18; Thu, 17 Jun 2021 06:11:12 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from <lstipakov@gmail.com>) id 1ltlF7-0006os-Bm for openvpn-devel@lists.sourceforge.net; Thu, 17 Jun 2021 06:11:09 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=yiTwqXfWKqj6dcRbOwv8IGjT4cWTZDPu+atndoEjEAU=; b=EEEy8CbRy0ryZkKFawD8CKshUQ uln6HEReuB++0tA4rZa/nXaZ/ws8IpRKTCWGflNlGkTy8++05bF+lUgM0os48dWy+zMXBLIZ/jETg dd6NiY0mOojX0gqGgArYLgZ7Kt7XE//1nrC99Bu9pT4J5KL7k+mMX58J0NnYXuL+myJM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=yiTwqXfWKqj6dcRbOwv8IGjT4cWTZDPu+atndoEjEAU=; b=WQhoY16Pllb+A4DJNvp/3KNO9T Uf4z4sQqsdmEJItf7W5xl70JSSVDZotOjFU+55angtXbq6WcUbUwr7zAHzbtqHUKXvEiVYT0bFzcE nqOgkLDY3n0ztl6PcqyjhJCY6pt/ZPlhtbEFCJX1DxFVql5GXY5k8extgMucUC5W0y4I=; Received: from mail-ej1-f47.google.com ([209.85.218.47]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1ltlF3-00DI91-To for openvpn-devel@lists.sourceforge.net; Thu, 17 Jun 2021 06:11:10 +0000 Received: by mail-ej1-f47.google.com with SMTP id g20so7873603ejt.0 for <openvpn-devel@lists.sourceforge.net>; Wed, 16 Jun 2021 23:11:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=yiTwqXfWKqj6dcRbOwv8IGjT4cWTZDPu+atndoEjEAU=; b=VYJ2iM4BaYC//2IFtwWiQtUjhKdOXv3jGiCcrWleDFGXu9ygllypmNPjqPObf9QlF6 IqlCNtbRSkNwrGfV2PLdweyIEED67vCJPTgaNP6/qI6R5oicc/TYN6Ag+7rJ+mZJRs0O LOuLLSlpPD0ez16VlIuwHZ+dp9EhOdY5v9r0Om6DhXyvUwK4SeFFGs3b+dqyYi0Te7Ox Oh/pzBlGbxjyR4sXxNO47mTzYF49f8mMJYH4gumlvE+/53FFrMY52DzQms5AHwTm5fZI CJxdvR1hpO5Z8oBCaLUDjRoKiFv9JlmHUiTKYlPyoB1ZxrqaNCPLQ6Wrt+ImIc74WMaV Lxog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=yiTwqXfWKqj6dcRbOwv8IGjT4cWTZDPu+atndoEjEAU=; b=kqwL2IAN9VVWevqN1eWqpPjAEWcDC+EbP3jNPXLbAFkJLHbrrS89RnM/F6SDSFT1g+ Ax5sGy1Rc26nGIfY3zABIKxtmjA2NQ405QhS3AqRMsGwaIK5ZCiv+b8hhM/8c/byfmdq tUBadJGeLQYab4Gg5+pd2IlxjQxlfNGhKH5M+qdzxMhQ1N1AfC49xvb/U4XDrfyzt3py CmfBNV4m54GW3Sjy3J7QuhXvKndWjaj4jkI3rpm4V5QYpQNHauwfuK5UZGdfy84CWwuy P1e0mKV8Vpm5VVGYYJ3EEC2gyzLMro0fTTEO/t5zYVURu8SvgmaijFcheJXERLY++kkr 6sqg== X-Gm-Message-State: AOAM532NJ7ByUOA4HGJxkUNmaWWcgSUjt12Xl4TJpaBLYwPZmx5DtfEo tjgDR9nIowF+sB+t6zxNslY21Etg76M5McR6 X-Google-Smtp-Source: ABdhPJwuRg64sHnTSj28VMUKn/2VMU2eXSPuv0tAAExps7mTk5LXj/dzVrp7kAMmsmMNUbbVWFF/pw== X-Received: by 2002:a17:907:62a7:: with SMTP id nd39mr3440026ejc.502.1623910259204; Wed, 16 Jun 2021 23:10:59 -0700 (PDT) Received: from LAPTOP-4L3N7KFS.localdomain (nat3.panoulu.net. [185.38.2.3]) by smtp.gmail.com with ESMTPSA id u18sm3010717ejg.34.2021.06.16.23.10.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Jun 2021 23:10:58 -0700 (PDT) From: Lev Stipakov <lstipakov@gmail.com> To: openvpn-devel@lists.sourceforge.net Date: Thu, 17 Jun 2021 09:10:27 +0300 Message-Id: <20210617061027.140-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.17.1 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (lstipakov[at]gmail.com) 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.218.47 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.218.47 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1ltlF3-00DI91-To Subject: [Openvpn-devel] [PATCH 0/2] Disable OpenSSL config autoload in Windows X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: <openvpn-devel.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe> List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel> List-Post: <mailto:openvpn-devel@lists.sourceforge.net> List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help> List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>, <mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe> Cc: Lev Stipakov <lev@openvpn.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox |
From: Lev Stipakov <lev@openvpn.net> These two patches prevent OpenSSL from loading config from a user-writable location, which may pose a security risk. Lev Stipakov (2): crypto_openssl.c: disable explicit initialization on Windows contrib/vcpkg-ports: add openssl port with --no-autoload-config option set contrib/vcpkg-ports/openssl/portfile.cmake | 25 ++ .../vcpkg-ports/openssl/unix/CMakeLists.txt | 280 ++++++++++++++++++ .../vcpkg-ports/openssl/unix/portfile.cmake | 49 +++ .../openssl/unix/remove-deps.cmake | 7 + .../openssl/unix/vcpkg-cmake-wrapper.cmake | 18 ++ contrib/vcpkg-ports/openssl/usage | 4 + .../openssl/uwp/EnableUWPSupport.patch | 170 +++++++++++ .../vcpkg-ports/openssl/uwp/make-openssl.bat | 16 + .../vcpkg-ports/openssl/uwp/portfile.cmake | 156 ++++++++++ contrib/vcpkg-ports/openssl/vcpkg.json | 7 + .../openssl/windows/portfile.cmake | 174 +++++++++++ .../openssl/windows/vcpkg-cmake-wrapper.cmake | 10 + src/openvpn/crypto_openssl.c | 2 + 13 files changed, 918 insertions(+) create mode 100644 contrib/vcpkg-ports/openssl/portfile.cmake create mode 100644 contrib/vcpkg-ports/openssl/unix/CMakeLists.txt create mode 100644 contrib/vcpkg-ports/openssl/unix/portfile.cmake create mode 100644 contrib/vcpkg-ports/openssl/unix/remove-deps.cmake create mode 100644 contrib/vcpkg-ports/openssl/unix/vcpkg-cmake-wrapper.cmake create mode 100644 contrib/vcpkg-ports/openssl/usage create mode 100644 contrib/vcpkg-ports/openssl/uwp/EnableUWPSupport.patch create mode 100644 contrib/vcpkg-ports/openssl/uwp/make-openssl.bat create mode 100644 contrib/vcpkg-ports/openssl/uwp/portfile.cmake create mode 100644 contrib/vcpkg-ports/openssl/vcpkg.json create mode 100644 contrib/vcpkg-ports/openssl/windows/portfile.cmake create mode 100644 contrib/vcpkg-ports/openssl/windows/vcpkg-cmake-wrapper.cmake