From patchwork Thu Jan 6 23:17:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lev Stipakov X-Patchwork-Id: 2207 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend41.mail.ord1d.rsapps.net with LMTP id tZ8VJYYT2GF9aAAAqwncew (envelope-from ) for ; Fri, 07 Jan 2022 05:18:46 -0500 Received: from proxy16.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id 0NPWKoYT2GHCTQAApN4f7A (envelope-from ) for ; Fri, 07 Jan 2022 05:18:46 -0500 Received: from smtp17.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy16.mail.ord1d.rsapps.net with LMTPS id kFVUKoYT2GH6TgAAetu3IA (envelope-from ) for ; Fri, 07 Jan 2022 05:18:46 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp17.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=gmail.com; dmarc=fail (p=none; dis=none) header.from=gmail.com X-Suspicious-Flag: YES X-Classification-ID: 32291ee4-6fa3-11ec-9891-5254008de1cb-1-1 Received: from [216.105.38.7] ([216.105.38.7:37904] helo=lists.sourceforge.net) by smtp17.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 86/AE-17316-58318D16; Fri, 07 Jan 2022 05:18:45 -0500 Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1n5mJW-0006Iy-87; Fri, 07 Jan 2022 10:17:37 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1n5mJU-0006Ij-SA for openvpn-devel@lists.sourceforge.net; Fri, 07 Jan 2022 10:17:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=MPSD52H6Z4CbnW8UUg622rViWM7VLSVZsxdF5nMt2FM=; b=BvSOT9Qc83ZB5ZcbSmkun+kzJT nnvsNceJSwXPrE148gFBpn1t2TiMv0wPqvgtUnkuH7kIWk7yNFyxMy9zOJQYuCaMesWpbG5bO7TWh +t9dy+LdrHppTPkf8Su9h7GrHWpreucepavC6YkROHp60ilBbiNO0enV++rbSDsGdNXU=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To :MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=MPSD52H6Z4CbnW8UUg622rViWM7VLSVZsxdF5nMt2FM=; b=G4sFLMYQ1LIEe8PBBuJFS8QuO/ AhykmKKWlLXdqm4XJ3nIYlNc1VyvJ1TOygZooimxfC0VJP81JxLiAA8CoQcdoXLoApPVK0ECIPslY pYPV4/fIDe1BI6Aa4n8iKKEa793FztoZepwU0O2gHvBkqLDoO37grJ93ooOxbtAgYt0c=; Received: from mail-lf1-f44.google.com ([209.85.167.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92.3) id 1n5mJT-0001cA-Ba for openvpn-devel@lists.sourceforge.net; Fri, 07 Jan 2022 10:17:35 +0000 Received: by mail-lf1-f44.google.com with SMTP id p13so13762791lfh.13 for ; Fri, 07 Jan 2022 02:17:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=MPSD52H6Z4CbnW8UUg622rViWM7VLSVZsxdF5nMt2FM=; b=YYmj+kdhaFJX/44Hcs7yO8xIzpoVZ5wosJFZeVCQmN41aFe/nh5C5FdWGwdrIuzBmw G+kahNZG1jHjKSZSChP1MK0eUciK7qarqMoN5bjnwWvCcBxO5lojJMT+e6mmGoPprGiD uL/oTsaJdVeDvtcMmSLBGF3A2Q9b3tvkeLCOj/jQ3OBWcOt3QP3cC9+q6tsnQtLZ7sqw MLxz+ZmsBUYPxMsiZGGrn7m9a5Rp6WLmx2mfETTNyXgDh8AIcRURaGEjy2apBYxCzmAQ iXeoBAcksEy+1Us7Pd05KZp8YAApPRyUVjc7mXXWJNTCMDCoHukFF+Mz5A5ExGWApeUM 38mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=MPSD52H6Z4CbnW8UUg622rViWM7VLSVZsxdF5nMt2FM=; b=5qwSX5iKghKzPlRyPCU/Cq1kH8bZ0PeJUyPpxGS0hLGqby6Koxh2zQ2N2yDSLEfV6P ovMF6Acxds3maRdC6U8oSXpfpT22jVXVZ8Ol2w1fCTJBZSGot0tYDYKh4e1Zdjz24ITJ N2D6uxWxfVEZszapKdwTOsCWTyKlgR17852GgQvVpVqUU276M26mx6FQRJ3nN56NdXQU /WDg4+Cp+z2+xMwRCrjw5Sn6BLSMYbnPYlMoLWuaUL0a4tTHTHdAjqLeWDPl3Jv0/iEE lhI3hpm2gF7/56/hci1FYA/FTggFBvKetiUJVa0s9RluhDUiu8Aj93RMbh+dvLryIgS3 ftJQ== X-Gm-Message-State: AOAM5319rV7iEpf8FqZ15/7P2QRxgPRO/6b06xL6BVXzfT2w9xSRadWr uWSxxHMEdJJKz23weGHhxFPJaEp1c9o= X-Google-Smtp-Source: ABdhPJx78HuftDj4ExfuE91OsckYaDaRC8q+384CpQgXV7ZpgkZEAhEefyvBmWEZM5xWWvfz9f2NAA== X-Received: by 2002:a2e:780b:: with SMTP id t11mr44894053ljc.461.1641550648347; Fri, 07 Jan 2022 02:17:28 -0800 (PST) Received: from LAPTOP-4L3N7KFS.localdomain (176-93-145-150.bb.dnainternet.fi. [176.93.145.150]) by smtp.gmail.com with ESMTPSA id x17sm519295lfu.183.2022.01.07.02.17.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 07 Jan 2022 02:17:27 -0800 (PST) From: Lev Stipakov To: openvpn-devel@lists.sourceforge.net Date: Fri, 7 Jan 2022 12:17:08 +0200 Message-Id: <20220107101708.100-1-lstipakov@gmail.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: References: X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov This provides hardware-enforced stack protection on compatible hardware/software. This is based on patch from Ilya Shipitsin https://patchwork.openvpn.net/patch/1987/ Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.167.44 listed in list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [lstipakov[at]gmail.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.167.44 listed in wl.mailspike.net] -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1n5mJT-0001cA-Ba Subject: [Openvpn-devel] [PATCH] msvc: mark x64 release binaries as compatible with CET shadow stack X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Lev Stipakov MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Lev Stipakov This provides hardware-enforced stack protection on compatible hardware/software. This is based on patch from Ilya Shipitsin https://patchwork.openvpn.net/patch/1987/ See https://techcommunity.microsoft.com/t5/windows-kernel-internals-blog/developer-guidance-for-hardware-enforced-stack-protection/ba-p/2163340 for more info. Signed-off-by: Lev Stipakov --- src/openvpn/openvpn.vcxproj | 1 + src/openvpnmsica/openvpnmsica.vcxproj | 5 +++++ src/openvpnserv/openvpnserv.vcxproj | 1 + src/tapctl/tapctl.vcxproj | 6 +++++- 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index d583c281..fb08c1c7 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -220,6 +220,7 @@ Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console + true diff --git a/src/openvpnmsica/openvpnmsica.vcxproj b/src/openvpnmsica/openvpnmsica.vcxproj index 11aa78bb..e7186e70 100644 --- a/src/openvpnmsica/openvpnmsica.vcxproj +++ b/src/openvpnmsica/openvpnmsica.vcxproj @@ -135,6 +135,11 @@ true + + + true + + diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj index 5fd7d60b..deed8db1 100644 --- a/src/openvpnserv/openvpnserv.vcxproj +++ b/src/openvpnserv/openvpnserv.vcxproj @@ -174,6 +174,7 @@ legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) Console + true diff --git a/src/tapctl/tapctl.vcxproj b/src/tapctl/tapctl.vcxproj index 79da9d33..da9f2703 100644 --- a/src/tapctl/tapctl.vcxproj +++ b/src/tapctl/tapctl.vcxproj @@ -140,7 +140,11 @@ - + + + true + +