Message ID | 20211016141519.1928-1-chipitsine@gmail.com |
---|---|
State | Superseded, archived |
Headers | show |
Series | [Openvpn-devel] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation | expand |
gentle ping сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin <chipitsine@gmail.com>: > found by BinSkim, more details: > > https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 > > Signed-off-by: Ilya Shipitsin <chipitsine@gmail.com> > --- > src/compat/Debug.props | 10 ++++++++++ > src/compat/Release.props | 10 ++++++++++ > src/openvpn/openvpn.vcxproj | 4 ++++ > src/openvpnmsica/openvpnmsica-Debug.props | 10 ++++++++++ > src/openvpnmsica/openvpnmsica-Release.props | 10 ++++++++++ > src/openvpnserv/openvpnserv.vcxproj | 4 ++++ > 6 files changed, 48 insertions(+) > > diff --git a/src/compat/Debug.props b/src/compat/Debug.props > index 31bb9d91..14d7a1f7 100644 > --- a/src/compat/Debug.props > +++ b/src/compat/Debug.props > @@ -17,5 +17,15 @@ > <DebugInformationFormat>EditAndContinue</DebugInformationFormat> > </ClCompile> > </ItemDefinitionGroup> > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + </ItemDefinitionGroup> > <ItemGroup /> > </Project> > \ No newline at end of file > diff --git a/src/compat/Release.props b/src/compat/Release.props > index 50eaa8de..df04ddf2 100644 > --- a/src/compat/Release.props > +++ b/src/compat/Release.props > @@ -22,5 +22,15 @@ > <OptimizeReferences>true</OptimizeReferences> > </Link> > </ItemDefinitionGroup> > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + </ItemDefinitionGroup> > <ItemGroup /> > </Project> > \ No newline at end of file > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj > index 65ee6839..38dd22de 100644 > --- a/src/openvpn/openvpn.vcxproj > +++ b/src/openvpn/openvpn.vcxproj > @@ -158,6 +158,7 @@ > > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > @@ -173,6 +174,7 @@ > > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > @@ -204,6 +206,7 @@ > > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > @@ -220,6 +223,7 @@ > > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > diff --git a/src/openvpnmsica/openvpnmsica-Debug.props > b/src/openvpnmsica/openvpnmsica-Debug.props > index 43532cfe..c99346af 100644 > --- a/src/openvpnmsica/openvpnmsica-Debug.props > +++ b/src/openvpnmsica/openvpnmsica-Debug.props > @@ -10,5 +10,15 @@ > <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> > </ClCompile> > </ItemDefinitionGroup> > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + </ItemDefinitionGroup> > <ItemGroup /> > </Project> > \ No newline at end of file > diff --git a/src/openvpnmsica/openvpnmsica-Release.props > b/src/openvpnmsica/openvpnmsica-Release.props > index 47727b35..70f82713 100644 > --- a/src/openvpnmsica/openvpnmsica-Release.props > +++ b/src/openvpnmsica/openvpnmsica-Release.props > @@ -11,5 +11,15 @@ > <ControlFlowGuard>Guard</ControlFlowGuard> > </ClCompile> > </ItemDefinitionGroup> > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + </ItemDefinitionGroup> > + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > + <Link> > + <CETCompat>true</CETCompat> > + </Link> > + </ItemDefinitionGroup> > <ItemGroup /> > </Project> > \ No newline at end of file > diff --git a/src/openvpnserv/openvpnserv.vcxproj > b/src/openvpnserv/openvpnserv.vcxproj > index 5fd7d60b..65d03e3b 100644 > --- a/src/openvpnserv/openvpnserv.vcxproj > +++ b/src/openvpnserv/openvpnserv.vcxproj > @@ -130,6 +130,7 @@ > <Link> > > <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > @@ -141,6 +142,7 @@ > <Link> > > <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > @@ -163,6 +165,7 @@ > <Link> > > <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > @@ -174,6 +177,7 @@ > <Link> > > <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > <SubSystem>Console</SubSystem> > + <CETCompat>true</CETCompat> > </Link> > </ItemDefinitionGroup> > <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > -- > 2.29.2.windows.2 > > <div dir="ltr"><div dir="ltr"><div dir="ltr"><pre style="box-sizing:border-box;font-family:ui-monospace,SFMono-Regular,"SF Mono",Menlo,Consolas,"Liberation Mono",monospace;font-size:13px;margin-top:10px;margin-bottom:0px;max-width:100%;line-height:1.45;color:rgb(36,41,47);white-space:pre-wrap;overflow:visible;background-color:rgba(234,238,242,0.5)">gentle ping</pre></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin <<a href="mailto:chipitsine@gmail.com">chipitsine@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">found by BinSkim, more details:<br> <a href="https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160" rel="noreferrer" target="_blank">https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160</a><br> <br> Signed-off-by: Ilya Shipitsin <<a href="mailto:chipitsine@gmail.com" target="_blank">chipitsine@gmail.com</a>><br> ---<br> src/compat/Debug.props | 10 ++++++++++<br> src/compat/Release.props | 10 ++++++++++<br> src/openvpn/openvpn.vcxproj | 4 ++++<br> src/openvpnmsica/openvpnmsica-Debug.props | 10 ++++++++++<br> src/openvpnmsica/openvpnmsica-Release.props | 10 ++++++++++<br> src/openvpnserv/openvpnserv.vcxproj | 4 ++++<br> 6 files changed, 48 insertions(+)<br> <br> diff --git a/src/compat/Debug.props b/src/compat/Debug.props<br> index 31bb9d91..14d7a1f7 100644<br> --- a/src/compat/Debug.props<br> +++ b/src/compat/Debug.props<br> @@ -17,5 +17,15 @@<br> <DebugInformationFormat>EditAndContinue</DebugInformationFormat><br> </ClCompile><br> </ItemDefinitionGroup><br> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> + <Link><br> + <CETCompat>true</CETCompat><br> + </Link><br> + </ItemDefinitionGroup><br> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> + <Link><br> + <CETCompat>true</CETCompat><br> + </Link><br> + </ItemDefinitionGroup><br> <ItemGroup /><br> </Project><br> \ No newline at end of file<br> diff --git a/src/compat/Release.props b/src/compat/Release.props<br> index 50eaa8de..df04ddf2 100644<br> --- a/src/compat/Release.props<br> +++ b/src/compat/Release.props<br> @@ -22,5 +22,15 @@<br> <OptimizeReferences>true</OptimizeReferences><br> </Link><br> </ItemDefinitionGroup><br> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> + <Link><br> + <CETCompat>true</CETCompat><br> + </Link><br> + </ItemDefinitionGroup><br> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> + <Link><br> + <CETCompat>true</CETCompat><br> + </Link><br> + </ItemDefinitionGroup><br> <ItemGroup /><br> </Project><br> \ No newline at end of file<br> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj<br> index 65ee6839..38dd22de 100644<br> --- a/src/openvpn/openvpn.vcxproj<br> +++ b/src/openvpn/openvpn.vcxproj<br> @@ -158,6 +158,7 @@<br> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> <SubSystem>Console</SubSystem><br> + <CETCompat>true</CETCompat><br> </Link><br> </ItemDefinitionGroup><br> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> @@ -173,6 +174,7 @@<br> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> <SubSystem>Console</SubSystem><br> + <CETCompat>true</CETCompat><br> </Link><br> </ItemDefinitionGroup><br> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> @@ -204,6 +206,7 @@<br> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> <SubSystem>Console</SubSystem><br> + <CETCompat>true</CETCompat><br> </Link><br> </ItemDefinitionGroup><br> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> @@ -220,6 +223,7 @@<br> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> <SubSystem>Console</SubSystem><br> + <CETCompat>true</CETCompat><br> </Link><br> </ItemDefinitionGroup><br> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props b/src/openvpnmsica/openvpnmsica-Debug.props<br> index 43532cfe..c99346af 100644<br> --- a/src/openvpnmsica/openvpnmsica-Debug.props<br> +++ b/src/openvpnmsica/openvpnmsica-Debug.props<br> @@ -10,5 +10,15 @@<br> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary><br> </ClCompile><br> </ItemDefinitionGroup><br> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> + <Link><br> + <CETCompat>true</CETCompat><br> + </Link><br> + </ItemDefinitionGroup><br> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> + <Link><br> + <CETCompat>true</CETCompat><br> + </Link><br> + </ItemDefinitionGroup><br> <ItemGroup /><br> </Project><br> \ No newline at end of file<br> diff --git a/src/openvpnmsica/openvpnmsica-Release.props b/src/openvpnmsica/openvpnmsica-Release.props<br> index 47727b35..70f82713 100644<br> --- a/src/openvpnmsica/openvpnmsica-Release.props<br> +++ b/src/openvpnmsica/openvpnmsica-Release.props<br> @@ -11,5 +11,15 @@<br> <ControlFlowGuard>Guard</ControlFlowGuard><br> </ClCompile><br> </ItemDefinitionGroup><br> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> + <Link><br> + <CETCompat>true</CETCompat><br> + </Link><br> + </ItemDefinitionGroup><br> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> + <Link><br> + <CETCompat>true</CETCompat><br> + </Link><br> + </ItemDefinitionGroup><br> <ItemGroup /><br> </Project><br> \ No newline at end of file<br> diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj<br> index 5fd7d60b..65d03e3b 100644<br> --- a/src/openvpnserv/openvpnserv.vcxproj<br> +++ b/src/openvpnserv/openvpnserv.vcxproj<br> @@ -130,6 +130,7 @@<br> <Link><br> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> <SubSystem>Console</SubSystem><br> + <CETCompat>true</CETCompat><br> </Link><br> </ItemDefinitionGroup><br> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> @@ -141,6 +142,7 @@<br> <Link><br> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> <SubSystem>Console</SubSystem><br> + <CETCompat>true</CETCompat><br> </Link><br> </ItemDefinitionGroup><br> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> @@ -163,6 +165,7 @@<br> <Link><br> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> <SubSystem>Console</SubSystem><br> + <CETCompat>true</CETCompat><br> </Link><br> </ItemDefinitionGroup><br> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> @@ -174,6 +177,7 @@<br> <Link><br> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> <SubSystem>Console</SubSystem><br> + <CETCompat>true</CETCompat><br> </Link><br> </ItemDefinitionGroup><br> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> -- <br> 2.29.2.windows.2<br> <br> </blockquote></div></div>
Hi, Sorry for the delay. 1) Was it really necessary to modify .props? I enabled this via Linker->Advanced->CET Shadow Stack Compatible and only .vcxproj files got modified. 2) I think we could enable it for all binaries (openvpn/openvpnmsica/openvpnserv/tapctl) for ARM64/WIn32/x64 Release configurations. -Lev ma 27. jouluk. 2021 klo 11.09 Илья Шипицин (chipitsine@gmail.com) kirjoitti: > > gentle ping > > > сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin <chipitsine@gmail.com>: >> >> found by BinSkim, more details: >> https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 >> >> Signed-off-by: Ilya Shipitsin <chipitsine@gmail.com> >> --- >> src/compat/Debug.props | 10 ++++++++++ >> src/compat/Release.props | 10 ++++++++++ >> src/openvpn/openvpn.vcxproj | 4 ++++ >> src/openvpnmsica/openvpnmsica-Debug.props | 10 ++++++++++ >> src/openvpnmsica/openvpnmsica-Release.props | 10 ++++++++++ >> src/openvpnserv/openvpnserv.vcxproj | 4 ++++ >> 6 files changed, 48 insertions(+) >> >> diff --git a/src/compat/Debug.props b/src/compat/Debug.props >> index 31bb9d91..14d7a1f7 100644 >> --- a/src/compat/Debug.props >> +++ b/src/compat/Debug.props >> @@ -17,5 +17,15 @@ >> <DebugInformationFormat>EditAndContinue</DebugInformationFormat> >> </ClCompile> >> </ItemDefinitionGroup> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> + <Link> >> + <CETCompat>true</CETCompat> >> + </Link> >> + </ItemDefinitionGroup> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> + <Link> >> + <CETCompat>true</CETCompat> >> + </Link> >> + </ItemDefinitionGroup> >> <ItemGroup /> >> </Project> >> \ No newline at end of file >> diff --git a/src/compat/Release.props b/src/compat/Release.props >> index 50eaa8de..df04ddf2 100644 >> --- a/src/compat/Release.props >> +++ b/src/compat/Release.props >> @@ -22,5 +22,15 @@ >> <OptimizeReferences>true</OptimizeReferences> >> </Link> >> </ItemDefinitionGroup> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> + <Link> >> + <CETCompat>true</CETCompat> >> + </Link> >> + </ItemDefinitionGroup> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> + <Link> >> + <CETCompat>true</CETCompat> >> + </Link> >> + </ItemDefinitionGroup> >> <ItemGroup /> >> </Project> >> \ No newline at end of file >> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj >> index 65ee6839..38dd22de 100644 >> --- a/src/openvpn/openvpn.vcxproj >> +++ b/src/openvpn/openvpn.vcxproj >> @@ -158,6 +158,7 @@ >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> <SubSystem>Console</SubSystem> >> + <CETCompat>true</CETCompat> >> </Link> >> </ItemDefinitionGroup> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> @@ -173,6 +174,7 @@ >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> <SubSystem>Console</SubSystem> >> + <CETCompat>true</CETCompat> >> </Link> >> </ItemDefinitionGroup> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> @@ -204,6 +206,7 @@ >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> <SubSystem>Console</SubSystem> >> + <CETCompat>true</CETCompat> >> </Link> >> </ItemDefinitionGroup> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> @@ -220,6 +223,7 @@ >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> <SubSystem>Console</SubSystem> >> + <CETCompat>true</CETCompat> >> </Link> >> </ItemDefinitionGroup> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props b/src/openvpnmsica/openvpnmsica-Debug.props >> index 43532cfe..c99346af 100644 >> --- a/src/openvpnmsica/openvpnmsica-Debug.props >> +++ b/src/openvpnmsica/openvpnmsica-Debug.props >> @@ -10,5 +10,15 @@ >> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> >> </ClCompile> >> </ItemDefinitionGroup> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> + <Link> >> + <CETCompat>true</CETCompat> >> + </Link> >> + </ItemDefinitionGroup> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> + <Link> >> + <CETCompat>true</CETCompat> >> + </Link> >> + </ItemDefinitionGroup> >> <ItemGroup /> >> </Project> >> \ No newline at end of file >> diff --git a/src/openvpnmsica/openvpnmsica-Release.props b/src/openvpnmsica/openvpnmsica-Release.props >> index 47727b35..70f82713 100644 >> --- a/src/openvpnmsica/openvpnmsica-Release.props >> +++ b/src/openvpnmsica/openvpnmsica-Release.props >> @@ -11,5 +11,15 @@ >> <ControlFlowGuard>Guard</ControlFlowGuard> >> </ClCompile> >> </ItemDefinitionGroup> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> + <Link> >> + <CETCompat>true</CETCompat> >> + </Link> >> + </ItemDefinitionGroup> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> + <Link> >> + <CETCompat>true</CETCompat> >> + </Link> >> + </ItemDefinitionGroup> >> <ItemGroup /> >> </Project> >> \ No newline at end of file >> diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj >> index 5fd7d60b..65d03e3b 100644 >> --- a/src/openvpnserv/openvpnserv.vcxproj >> +++ b/src/openvpnserv/openvpnserv.vcxproj >> @@ -130,6 +130,7 @@ >> <Link> >> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> <SubSystem>Console</SubSystem> >> + <CETCompat>true</CETCompat> >> </Link> >> </ItemDefinitionGroup> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> @@ -141,6 +142,7 @@ >> <Link> >> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> <SubSystem>Console</SubSystem> >> + <CETCompat>true</CETCompat> >> </Link> >> </ItemDefinitionGroup> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> @@ -163,6 +165,7 @@ >> <Link> >> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> <SubSystem>Console</SubSystem> >> + <CETCompat>true</CETCompat> >> </Link> >> </ItemDefinitionGroup> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> @@ -174,6 +177,7 @@ >> <Link> >> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> <SubSystem>Console</SubSystem> >> + <CETCompat>true</CETCompat> >> </Link> >> </ItemDefinitionGroup> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> -- >> 2.29.2.windows.2 >> > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel
CETCOMPAT is not supported for ARM. Regarding other arch I do not have particular opinion, I'm fine with either props or vcxproj approach On Fri, Dec 31, 2021, 5:09 PM Lev Stipakov <lstipakov@gmail.com> wrote: > Hi, > > Sorry for the delay. > > 1) Was it really necessary to modify .props? I enabled this via > Linker->Advanced->CET Shadow Stack Compatible and only .vcxproj files > got modified. > > 2) I think we could enable it for all binaries > (openvpn/openvpnmsica/openvpnserv/tapctl) for ARM64/WIn32/x64 Release > configurations. > > -Lev > > ma 27. jouluk. 2021 klo 11.09 Илья Шипицин (chipitsine@gmail.com) > kirjoitti: > > > > gentle ping > > > > > > сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin <chipitsine@gmail.com>: > >> > >> found by BinSkim, more details: > >> > https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 > >> > >> Signed-off-by: Ilya Shipitsin <chipitsine@gmail.com> > >> --- > >> src/compat/Debug.props | 10 ++++++++++ > >> src/compat/Release.props | 10 ++++++++++ > >> src/openvpn/openvpn.vcxproj | 4 ++++ > >> src/openvpnmsica/openvpnmsica-Debug.props | 10 ++++++++++ > >> src/openvpnmsica/openvpnmsica-Release.props | 10 ++++++++++ > >> src/openvpnserv/openvpnserv.vcxproj | 4 ++++ > >> 6 files changed, 48 insertions(+) > >> > >> diff --git a/src/compat/Debug.props b/src/compat/Debug.props > >> index 31bb9d91..14d7a1f7 100644 > >> --- a/src/compat/Debug.props > >> +++ b/src/compat/Debug.props > >> @@ -17,5 +17,15 @@ > >> <DebugInformationFormat>EditAndContinue</DebugInformationFormat> > >> </ClCompile> > >> </ItemDefinitionGroup> > >> + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > >> + <Link> > >> + <CETCompat>true</CETCompat> > >> + </Link> > >> + </ItemDefinitionGroup> > >> + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > >> + <Link> > >> + <CETCompat>true</CETCompat> > >> + </Link> > >> + </ItemDefinitionGroup> > >> <ItemGroup /> > >> </Project> > >> \ No newline at end of file > >> diff --git a/src/compat/Release.props b/src/compat/Release.props > >> index 50eaa8de..df04ddf2 100644 > >> --- a/src/compat/Release.props > >> +++ b/src/compat/Release.props > >> @@ -22,5 +22,15 @@ > >> <OptimizeReferences>true</OptimizeReferences> > >> </Link> > >> </ItemDefinitionGroup> > >> + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > >> + <Link> > >> + <CETCompat>true</CETCompat> > >> + </Link> > >> + </ItemDefinitionGroup> > >> + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > >> + <Link> > >> + <CETCompat>true</CETCompat> > >> + </Link> > >> + </ItemDefinitionGroup> > >> <ItemGroup /> > >> </Project> > >> \ No newline at end of file > >> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj > >> index 65ee6839..38dd22de 100644 > >> --- a/src/openvpn/openvpn.vcxproj > >> +++ b/src/openvpn/openvpn.vcxproj > >> @@ -158,6 +158,7 @@ > >> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > >> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > >> <SubSystem>Console</SubSystem> > >> + <CETCompat>true</CETCompat> > >> </Link> > >> </ItemDefinitionGroup> > >> <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > >> @@ -173,6 +174,7 @@ > >> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > >> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > >> <SubSystem>Console</SubSystem> > >> + <CETCompat>true</CETCompat> > >> </Link> > >> </ItemDefinitionGroup> > >> <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > >> @@ -204,6 +206,7 @@ > >> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > >> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > >> <SubSystem>Console</SubSystem> > >> + <CETCompat>true</CETCompat> > >> </Link> > >> </ItemDefinitionGroup> > >> <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > >> @@ -220,6 +223,7 @@ > >> > <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> > >> > <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> > >> <SubSystem>Console</SubSystem> > >> + <CETCompat>true</CETCompat> > >> </Link> > >> </ItemDefinitionGroup> > >> <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > >> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props > b/src/openvpnmsica/openvpnmsica-Debug.props > >> index 43532cfe..c99346af 100644 > >> --- a/src/openvpnmsica/openvpnmsica-Debug.props > >> +++ b/src/openvpnmsica/openvpnmsica-Debug.props > >> @@ -10,5 +10,15 @@ > >> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> > >> </ClCompile> > >> </ItemDefinitionGroup> > >> + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > >> + <Link> > >> + <CETCompat>true</CETCompat> > >> + </Link> > >> + </ItemDefinitionGroup> > >> + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > >> + <Link> > >> + <CETCompat>true</CETCompat> > >> + </Link> > >> + </ItemDefinitionGroup> > >> <ItemGroup /> > >> </Project> > >> \ No newline at end of file > >> diff --git a/src/openvpnmsica/openvpnmsica-Release.props > b/src/openvpnmsica/openvpnmsica-Release.props > >> index 47727b35..70f82713 100644 > >> --- a/src/openvpnmsica/openvpnmsica-Release.props > >> +++ b/src/openvpnmsica/openvpnmsica-Release.props > >> @@ -11,5 +11,15 @@ > >> <ControlFlowGuard>Guard</ControlFlowGuard> > >> </ClCompile> > >> </ItemDefinitionGroup> > >> + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > >> + <Link> > >> + <CETCompat>true</CETCompat> > >> + </Link> > >> + </ItemDefinitionGroup> > >> + <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > >> + <Link> > >> + <CETCompat>true</CETCompat> > >> + </Link> > >> + </ItemDefinitionGroup> > >> <ItemGroup /> > >> </Project> > >> \ No newline at end of file > >> diff --git a/src/openvpnserv/openvpnserv.vcxproj > b/src/openvpnserv/openvpnserv.vcxproj > >> index 5fd7d60b..65d03e3b 100644 > >> --- a/src/openvpnserv/openvpnserv.vcxproj > >> +++ b/src/openvpnserv/openvpnserv.vcxproj > >> @@ -130,6 +130,7 @@ > >> <Link> > >> > <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > >> <SubSystem>Console</SubSystem> > >> + <CETCompat>true</CETCompat> > >> </Link> > >> </ItemDefinitionGroup> > >> <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > >> @@ -141,6 +142,7 @@ > >> <Link> > >> > <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > >> <SubSystem>Console</SubSystem> > >> + <CETCompat>true</CETCompat> > >> </Link> > >> </ItemDefinitionGroup> > >> <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > >> @@ -163,6 +165,7 @@ > >> <Link> > >> > <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > >> <SubSystem>Console</SubSystem> > >> + <CETCompat>true</CETCompat> > >> </Link> > >> </ItemDefinitionGroup> > >> <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > >> @@ -174,6 +177,7 @@ > >> <Link> > >> > <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> > >> <SubSystem>Console</SubSystem> > >> + <CETCompat>true</CETCompat> > >> </Link> > >> </ItemDefinitionGroup> > >> <ItemDefinitionGroup > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > >> -- > >> 2.29.2.windows.2 > >> > > _______________________________________________ > > Openvpn-devel mailing list > > Openvpn-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > > > > -- > -Lev > <div dir="auto">CETCOMPAT is not supported for ARM.<div dir="auto">Regarding other arch I do not have particular opinion, I'm fine with either props or vcxproj approach</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 31, 2021, 5:09 PM Lev Stipakov <<a href="mailto:lstipakov@gmail.com">lstipakov@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br> <br> Sorry for the delay.<br> <br> 1) Was it really necessary to modify .props? I enabled this via<br> Linker->Advanced->CET Shadow Stack Compatible and only .vcxproj files<br> got modified.<br> <br> 2) I think we could enable it for all binaries<br> (openvpn/openvpnmsica/openvpnserv/tapctl) for ARM64/WIn32/x64 Release<br> configurations.<br> <br> -Lev<br> <br> ma 27. jouluk. 2021 klo 11.09 Илья Шипицин (<a href="mailto:chipitsine@gmail.com" target="_blank" rel="noreferrer">chipitsine@gmail.com</a>) kirjoitti:<br> ><br> > gentle ping<br> ><br> ><br> > сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin <<a href="mailto:chipitsine@gmail.com" target="_blank" rel="noreferrer">chipitsine@gmail.com</a>>:<br> >><br> >> found by BinSkim, more details:<br> >> <a href="https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160" rel="noreferrer noreferrer" target="_blank">https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160</a><br> >><br> >> Signed-off-by: Ilya Shipitsin <<a href="mailto:chipitsine@gmail.com" target="_blank" rel="noreferrer">chipitsine@gmail.com</a>><br> >> ---<br> >> src/compat/Debug.props | 10 ++++++++++<br> >> src/compat/Release.props | 10 ++++++++++<br> >> src/openvpn/openvpn.vcxproj | 4 ++++<br> >> src/openvpnmsica/openvpnmsica-Debug.props | 10 ++++++++++<br> >> src/openvpnmsica/openvpnmsica-Release.props | 10 ++++++++++<br> >> src/openvpnserv/openvpnserv.vcxproj | 4 ++++<br> >> 6 files changed, 48 insertions(+)<br> >><br> >> diff --git a/src/compat/Debug.props b/src/compat/Debug.props<br> >> index 31bb9d91..14d7a1f7 100644<br> >> --- a/src/compat/Debug.props<br> >> +++ b/src/compat/Debug.props<br> >> @@ -17,5 +17,15 @@<br> >> <DebugInformationFormat>EditAndContinue</DebugInformationFormat><br> >> </ClCompile><br> >> </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> <ItemGroup /><br> >> </Project><br> >> \ No newline at end of file<br> >> diff --git a/src/compat/Release.props b/src/compat/Release.props<br> >> index 50eaa8de..df04ddf2 100644<br> >> --- a/src/compat/Release.props<br> >> +++ b/src/compat/Release.props<br> >> @@ -22,5 +22,15 @@<br> >> <OptimizeReferences>true</OptimizeReferences><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> <ItemGroup /><br> >> </Project><br> >> \ No newline at end of file<br> >> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj<br> >> index 65ee6839..38dd22de 100644<br> >> --- a/src/openvpn/openvpn.vcxproj<br> >> +++ b/src/openvpn/openvpn.vcxproj<br> >> @@ -158,6 +158,7 @@<br> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> >> @@ -173,6 +174,7 @@<br> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> >> @@ -204,6 +206,7 @@<br> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> >> @@ -220,6 +223,7 @@<br> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> >> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props b/src/openvpnmsica/openvpnmsica-Debug.props<br> >> index 43532cfe..c99346af 100644<br> >> --- a/src/openvpnmsica/openvpnmsica-Debug.props<br> >> +++ b/src/openvpnmsica/openvpnmsica-Debug.props<br> >> @@ -10,5 +10,15 @@<br> >> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary><br> >> </ClCompile><br> >> </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> <ItemGroup /><br> >> </Project><br> >> \ No newline at end of file<br> >> diff --git a/src/openvpnmsica/openvpnmsica-Release.props b/src/openvpnmsica/openvpnmsica-Release.props<br> >> index 47727b35..70f82713 100644<br> >> --- a/src/openvpnmsica/openvpnmsica-Release.props<br> >> +++ b/src/openvpnmsica/openvpnmsica-Release.props<br> >> @@ -11,5 +11,15 @@<br> >> <ControlFlowGuard>Guard</ControlFlowGuard><br> >> </ClCompile><br> >> </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> <ItemGroup /><br> >> </Project><br> >> \ No newline at end of file<br> >> diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj<br> >> index 5fd7d60b..65d03e3b 100644<br> >> --- a/src/openvpnserv/openvpnserv.vcxproj<br> >> +++ b/src/openvpnserv/openvpnserv.vcxproj<br> >> @@ -130,6 +130,7 @@<br> >> <Link><br> >> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> >> @@ -141,6 +142,7 @@<br> >> <Link><br> >> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> >> @@ -163,6 +165,7 @@<br> >> <Link><br> >> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> >> @@ -174,6 +177,7 @@<br> >> <Link><br> >> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> >> --<br> >> 2.29.2.windows.2<br> >><br> > _______________________________________________<br> > Openvpn-devel mailing list<br> > <a href="mailto:Openvpn-devel@lists.sourceforge.net" target="_blank" rel="noreferrer">Openvpn-devel@lists.sourceforge.net</a><br> > <a href="https://lists.sourceforge.net/lists/listinfo/openvpn-devel" rel="noreferrer noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/openvpn-devel</a><br> <br> <br> <br> -- <br> -Lev<br> </blockquote></div>
For the record https://github.com/microsoft/binskim/issues/508 On Fri, Dec 31, 2021, 8:35 PM Илья Шипицин <chipitsine@gmail.com> wrote: > CETCOMPAT is not supported for ARM. > Regarding other arch I do not have particular opinion, I'm fine with > either props or vcxproj approach > > On Fri, Dec 31, 2021, 5:09 PM Lev Stipakov <lstipakov@gmail.com> wrote: > >> Hi, >> >> Sorry for the delay. >> >> 1) Was it really necessary to modify .props? I enabled this via >> Linker->Advanced->CET Shadow Stack Compatible and only .vcxproj files >> got modified. >> >> 2) I think we could enable it for all binaries >> (openvpn/openvpnmsica/openvpnserv/tapctl) for ARM64/WIn32/x64 Release >> configurations. >> >> -Lev >> >> ma 27. jouluk. 2021 klo 11.09 Илья Шипицин (chipitsine@gmail.com) >> kirjoitti: >> > >> > gentle ping >> > >> > >> > сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin <chipitsine@gmail.com>: >> >> >> >> found by BinSkim, more details: >> >> >> https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 >> >> >> >> Signed-off-by: Ilya Shipitsin <chipitsine@gmail.com> >> >> --- >> >> src/compat/Debug.props | 10 ++++++++++ >> >> src/compat/Release.props | 10 ++++++++++ >> >> src/openvpn/openvpn.vcxproj | 4 ++++ >> >> src/openvpnmsica/openvpnmsica-Debug.props | 10 ++++++++++ >> >> src/openvpnmsica/openvpnmsica-Release.props | 10 ++++++++++ >> >> src/openvpnserv/openvpnserv.vcxproj | 4 ++++ >> >> 6 files changed, 48 insertions(+) >> >> >> >> diff --git a/src/compat/Debug.props b/src/compat/Debug.props >> >> index 31bb9d91..14d7a1f7 100644 >> >> --- a/src/compat/Debug.props >> >> +++ b/src/compat/Debug.props >> >> @@ -17,5 +17,15 @@ >> >> <DebugInformationFormat>EditAndContinue</DebugInformationFormat> >> >> </ClCompile> >> >> </ItemDefinitionGroup> >> >> + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> >> + <Link> >> >> + <CETCompat>true</CETCompat> >> >> + </Link> >> >> + </ItemDefinitionGroup> >> >> + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> >> + <Link> >> >> + <CETCompat>true</CETCompat> >> >> + </Link> >> >> + </ItemDefinitionGroup> >> >> <ItemGroup /> >> >> </Project> >> >> \ No newline at end of file >> >> diff --git a/src/compat/Release.props b/src/compat/Release.props >> >> index 50eaa8de..df04ddf2 100644 >> >> --- a/src/compat/Release.props >> >> +++ b/src/compat/Release.props >> >> @@ -22,5 +22,15 @@ >> >> <OptimizeReferences>true</OptimizeReferences> >> >> </Link> >> >> </ItemDefinitionGroup> >> >> + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> >> + <Link> >> >> + <CETCompat>true</CETCompat> >> >> + </Link> >> >> + </ItemDefinitionGroup> >> >> + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> >> + <Link> >> >> + <CETCompat>true</CETCompat> >> >> + </Link> >> >> + </ItemDefinitionGroup> >> >> <ItemGroup /> >> >> </Project> >> >> \ No newline at end of file >> >> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj >> >> index 65ee6839..38dd22de 100644 >> >> --- a/src/openvpn/openvpn.vcxproj >> >> +++ b/src/openvpn/openvpn.vcxproj >> >> @@ -158,6 +158,7 @@ >> >> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> >> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> >> <SubSystem>Console</SubSystem> >> >> + <CETCompat>true</CETCompat> >> >> </Link> >> >> </ItemDefinitionGroup> >> >> <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> >> @@ -173,6 +174,7 @@ >> >> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> >> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> >> <SubSystem>Console</SubSystem> >> >> + <CETCompat>true</CETCompat> >> >> </Link> >> >> </ItemDefinitionGroup> >> >> <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> >> @@ -204,6 +206,7 @@ >> >> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> >> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> >> <SubSystem>Console</SubSystem> >> >> + <CETCompat>true</CETCompat> >> >> </Link> >> >> </ItemDefinitionGroup> >> >> <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> >> @@ -220,6 +223,7 @@ >> >> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> >> >> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> >> >> <SubSystem>Console</SubSystem> >> >> + <CETCompat>true</CETCompat> >> >> </Link> >> >> </ItemDefinitionGroup> >> >> <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> >> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props >> b/src/openvpnmsica/openvpnmsica-Debug.props >> >> index 43532cfe..c99346af 100644 >> >> --- a/src/openvpnmsica/openvpnmsica-Debug.props >> >> +++ b/src/openvpnmsica/openvpnmsica-Debug.props >> >> @@ -10,5 +10,15 @@ >> >> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> >> >> </ClCompile> >> >> </ItemDefinitionGroup> >> >> + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> >> + <Link> >> >> + <CETCompat>true</CETCompat> >> >> + </Link> >> >> + </ItemDefinitionGroup> >> >> + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> >> + <Link> >> >> + <CETCompat>true</CETCompat> >> >> + </Link> >> >> + </ItemDefinitionGroup> >> >> <ItemGroup /> >> >> </Project> >> >> \ No newline at end of file >> >> diff --git a/src/openvpnmsica/openvpnmsica-Release.props >> b/src/openvpnmsica/openvpnmsica-Release.props >> >> index 47727b35..70f82713 100644 >> >> --- a/src/openvpnmsica/openvpnmsica-Release.props >> >> +++ b/src/openvpnmsica/openvpnmsica-Release.props >> >> @@ -11,5 +11,15 @@ >> >> <ControlFlowGuard>Guard</ControlFlowGuard> >> >> </ClCompile> >> >> </ItemDefinitionGroup> >> >> + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> >> + <Link> >> >> + <CETCompat>true</CETCompat> >> >> + </Link> >> >> + </ItemDefinitionGroup> >> >> + <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> >> + <Link> >> >> + <CETCompat>true</CETCompat> >> >> + </Link> >> >> + </ItemDefinitionGroup> >> >> <ItemGroup /> >> >> </Project> >> >> \ No newline at end of file >> >> diff --git a/src/openvpnserv/openvpnserv.vcxproj >> b/src/openvpnserv/openvpnserv.vcxproj >> >> index 5fd7d60b..65d03e3b 100644 >> >> --- a/src/openvpnserv/openvpnserv.vcxproj >> >> +++ b/src/openvpnserv/openvpnserv.vcxproj >> >> @@ -130,6 +130,7 @@ >> >> <Link> >> >> >> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> >> <SubSystem>Console</SubSystem> >> >> + <CETCompat>true</CETCompat> >> >> </Link> >> >> </ItemDefinitionGroup> >> >> <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> >> @@ -141,6 +142,7 @@ >> >> <Link> >> >> >> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> >> <SubSystem>Console</SubSystem> >> >> + <CETCompat>true</CETCompat> >> >> </Link> >> >> </ItemDefinitionGroup> >> >> <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> >> @@ -163,6 +165,7 @@ >> >> <Link> >> >> >> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> >> <SubSystem>Console</SubSystem> >> >> + <CETCompat>true</CETCompat> >> >> </Link> >> >> </ItemDefinitionGroup> >> >> <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> >> @@ -174,6 +177,7 @@ >> >> <Link> >> >> >> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> >> >> <SubSystem>Console</SubSystem> >> >> + <CETCompat>true</CETCompat> >> >> </Link> >> >> </ItemDefinitionGroup> >> >> <ItemDefinitionGroup >> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> >> -- >> >> 2.29.2.windows.2 >> >> >> > _______________________________________________ >> > Openvpn-devel mailing list >> > Openvpn-devel@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >> >> >> >> -- >> -Lev >> > <div dir="auto">For the record<div dir="auto"><a href="https://github.com/microsoft/binskim/issues/508">https://github.com/microsoft/binskim/issues/508</a><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 31, 2021, 8:35 PM Илья Шипицин <<a href="mailto:chipitsine@gmail.com">chipitsine@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">CETCOMPAT is not supported for ARM.<div dir="auto">Regarding other arch I do not have particular opinion, I'm fine with either props or vcxproj approach</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Dec 31, 2021, 5:09 PM Lev Stipakov <<a href="mailto:lstipakov@gmail.com" target="_blank" rel="noreferrer">lstipakov@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br> <br> Sorry for the delay.<br> <br> 1) Was it really necessary to modify .props? I enabled this via<br> Linker->Advanced->CET Shadow Stack Compatible and only .vcxproj files<br> got modified.<br> <br> 2) I think we could enable it for all binaries<br> (openvpn/openvpnmsica/openvpnserv/tapctl) for ARM64/WIn32/x64 Release<br> configurations.<br> <br> -Lev<br> <br> ma 27. jouluk. 2021 klo 11.09 Илья Шипицин (<a href="mailto:chipitsine@gmail.com" rel="noreferrer noreferrer" target="_blank">chipitsine@gmail.com</a>) kirjoitti:<br> ><br> > gentle ping<br> ><br> ><br> > сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin <<a href="mailto:chipitsine@gmail.com" rel="noreferrer noreferrer" target="_blank">chipitsine@gmail.com</a>>:<br> >><br> >> found by BinSkim, more details:<br> >> <a href="https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160" rel="noreferrer noreferrer noreferrer" target="_blank">https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160</a><br> >><br> >> Signed-off-by: Ilya Shipitsin <<a href="mailto:chipitsine@gmail.com" rel="noreferrer noreferrer" target="_blank">chipitsine@gmail.com</a>><br> >> ---<br> >> src/compat/Debug.props | 10 ++++++++++<br> >> src/compat/Release.props | 10 ++++++++++<br> >> src/openvpn/openvpn.vcxproj | 4 ++++<br> >> src/openvpnmsica/openvpnmsica-Debug.props | 10 ++++++++++<br> >> src/openvpnmsica/openvpnmsica-Release.props | 10 ++++++++++<br> >> src/openvpnserv/openvpnserv.vcxproj | 4 ++++<br> >> 6 files changed, 48 insertions(+)<br> >><br> >> diff --git a/src/compat/Debug.props b/src/compat/Debug.props<br> >> index 31bb9d91..14d7a1f7 100644<br> >> --- a/src/compat/Debug.props<br> >> +++ b/src/compat/Debug.props<br> >> @@ -17,5 +17,15 @@<br> >> <DebugInformationFormat>EditAndContinue</DebugInformationFormat><br> >> </ClCompile><br> >> </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> <ItemGroup /><br> >> </Project><br> >> \ No newline at end of file<br> >> diff --git a/src/compat/Release.props b/src/compat/Release.props<br> >> index 50eaa8de..df04ddf2 100644<br> >> --- a/src/compat/Release.props<br> >> +++ b/src/compat/Release.props<br> >> @@ -22,5 +22,15 @@<br> >> <OptimizeReferences>true</OptimizeReferences><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> <ItemGroup /><br> >> </Project><br> >> \ No newline at end of file<br> >> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj<br> >> index 65ee6839..38dd22de 100644<br> >> --- a/src/openvpn/openvpn.vcxproj<br> >> +++ b/src/openvpn/openvpn.vcxproj<br> >> @@ -158,6 +158,7 @@<br> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> >> @@ -173,6 +174,7 @@<br> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> >> @@ -204,6 +206,7 @@<br> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> >> @@ -220,6 +223,7 @@<br> >> <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies><br> >> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> >> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props b/src/openvpnmsica/openvpnmsica-Debug.props<br> >> index 43532cfe..c99346af 100644<br> >> --- a/src/openvpnmsica/openvpnmsica-Debug.props<br> >> +++ b/src/openvpnmsica/openvpnmsica-Debug.props<br> >> @@ -10,5 +10,15 @@<br> >> <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary><br> >> </ClCompile><br> >> </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> <ItemGroup /><br> >> </Project><br> >> \ No newline at end of file<br> >> diff --git a/src/openvpnmsica/openvpnmsica-Release.props b/src/openvpnmsica/openvpnmsica-Release.props<br> >> index 47727b35..70f82713 100644<br> >> --- a/src/openvpnmsica/openvpnmsica-Release.props<br> >> +++ b/src/openvpnmsica/openvpnmsica-Release.props<br> >> @@ -11,5 +11,15 @@<br> >> <ControlFlowGuard>Guard</ControlFlowGuard><br> >> </ClCompile><br> >> </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> >> + <Link><br> >> + <CETCompat>true</CETCompat><br> >> + </Link><br> >> + </ItemDefinitionGroup><br> >> <ItemGroup /><br> >> </Project><br> >> \ No newline at end of file<br> >> diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj<br> >> index 5fd7d60b..65d03e3b 100644<br> >> --- a/src/openvpnserv/openvpnserv.vcxproj<br> >> +++ b/src/openvpnserv/openvpnserv.vcxproj<br> >> @@ -130,6 +130,7 @@<br> >> <Link><br> >> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"><br> >> @@ -141,6 +142,7 @@<br> >> <Link><br> >> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"><br> >> @@ -163,6 +165,7 @@<br> >> <Link><br> >> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"><br> >> @@ -174,6 +177,7 @@<br> >> <Link><br> >> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies><br> >> <SubSystem>Console</SubSystem><br> >> + <CETCompat>true</CETCompat><br> >> </Link><br> >> </ItemDefinitionGroup><br> >> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"><br> >> --<br> >> 2.29.2.windows.2<br> >><br> > _______________________________________________<br> > Openvpn-devel mailing list<br> > <a href="mailto:Openvpn-devel@lists.sourceforge.net" rel="noreferrer noreferrer" target="_blank">Openvpn-devel@lists.sourceforge.net</a><br> > <a href="https://lists.sourceforge.net/lists/listinfo/openvpn-devel" rel="noreferrer noreferrer noreferrer" target="_blank">https://lists.sourceforge.net/lists/listinfo/openvpn-devel</a><br> <br> <br> <br> -- <br> -Lev<br> </blockquote></div> </blockquote></div>
diff --git a/src/compat/Debug.props b/src/compat/Debug.props index 31bb9d91..14d7a1f7 100644 --- a/src/compat/Debug.props +++ b/src/compat/Debug.props @@ -17,5 +17,15 @@ <DebugInformationFormat>EditAndContinue</DebugInformationFormat> </ClCompile> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + </ItemDefinitionGroup> <ItemGroup /> </Project> \ No newline at end of file diff --git a/src/compat/Release.props b/src/compat/Release.props index 50eaa8de..df04ddf2 100644 --- a/src/compat/Release.props +++ b/src/compat/Release.props @@ -22,5 +22,15 @@ <OptimizeReferences>true</OptimizeReferences> </Link> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + </ItemDefinitionGroup> <ItemGroup /> </Project> \ No newline at end of file diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index 65ee6839..38dd22de 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -158,6 +158,7 @@ <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> @@ -173,6 +174,7 @@ <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> @@ -204,6 +206,7 @@ <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> @@ -220,6 +223,7 @@ <AdditionalDependencies>Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib</AdditionalDependencies> <AdditionalLibraryDirectories>$(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props b/src/openvpnmsica/openvpnmsica-Debug.props index 43532cfe..c99346af 100644 --- a/src/openvpnmsica/openvpnmsica-Debug.props +++ b/src/openvpnmsica/openvpnmsica-Debug.props @@ -10,5 +10,15 @@ <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary> </ClCompile> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + </ItemDefinitionGroup> <ItemGroup /> </Project> \ No newline at end of file diff --git a/src/openvpnmsica/openvpnmsica-Release.props b/src/openvpnmsica/openvpnmsica-Release.props index 47727b35..70f82713 100644 --- a/src/openvpnmsica/openvpnmsica-Release.props +++ b/src/openvpnmsica/openvpnmsica-Release.props @@ -11,5 +11,15 @@ <ControlFlowGuard>Guard</ControlFlowGuard> </ClCompile> </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + </ItemDefinitionGroup> + <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> + <Link> + <CETCompat>true</CETCompat> + </Link> + </ItemDefinitionGroup> <ItemGroup /> </Project> \ No newline at end of file diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj index 5fd7d60b..65d03e3b 100644 --- a/src/openvpnserv/openvpnserv.vcxproj +++ b/src/openvpnserv/openvpnserv.vcxproj @@ -130,6 +130,7 @@ <Link> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> @@ -141,6 +142,7 @@ <Link> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> @@ -163,6 +165,7 @@ <Link> <AdditionalDependencies>Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> @@ -174,6 +177,7 @@ <Link> <AdditionalDependencies>legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies> <SubSystem>Console</SubSystem> + <CETCompat>true</CETCompat> </Link> </ItemDefinitionGroup> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
found by BinSkim, more details: https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 Signed-off-by: Ilya Shipitsin <chipitsine@gmail.com> --- src/compat/Debug.props | 10 ++++++++++ src/compat/Release.props | 10 ++++++++++ src/openvpn/openvpn.vcxproj | 4 ++++ src/openvpnmsica/openvpnmsica-Debug.props | 10 ++++++++++ src/openvpnmsica/openvpnmsica-Release.props | 10 ++++++++++ src/openvpnserv/openvpnserv.vcxproj | 4 ++++ 6 files changed, 48 insertions(+)