Re: [Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation
For the record https://github.com/microsoft/binskim/issues/508 On Fri, Dec 31, 2021, 8:35 PM Илья Шипицин wrote: > CETCOMPAT is not supported for ARM. > Regarding other arch I do not have particular opinion, I'm fine with > either props or vcxproj approach > > On Fri, Dec 31, 2021, 5:09 PM Lev Stipakov wrote: > >> Hi, >> >> Sorry for the delay. >> >> 1) Was it really necessary to modify .props? I enabled this via >> Linker->Advanced->CET Shadow Stack Compatible and only .vcxproj files >> got modified. >> >> 2) I think we could enable it for all binaries >> (openvpn/openvpnmsica/openvpnserv/tapctl) for ARM64/WIn32/x64 Release >> configurations. >> >> -Lev >> >> ma 27. jouluk. 2021 klo 11.09 Илья Шипицин (chipits...@gmail.com) >> kirjoitti: >> > >> > gentle ping >> > >> > >> > сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin : >> >> >> >> found by BinSkim, more details: >> >> >> https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 >> >> >> >> Signed-off-by: Ilya Shipitsin >> >> --- >> >> src/compat/Debug.props | 10 ++ >> >> src/compat/Release.props| 10 ++ >> >> src/openvpn/openvpn.vcxproj | 4 >> >> src/openvpnmsica/openvpnmsica-Debug.props | 10 ++ >> >> src/openvpnmsica/openvpnmsica-Release.props | 10 ++ >> >> src/openvpnserv/openvpnserv.vcxproj | 4 >> >> 6 files changed, 48 insertions(+) >> >> >> >> diff --git a/src/compat/Debug.props b/src/compat/Debug.props >> >> index 31bb9d91..14d7a1f7 100644 >> >> --- a/src/compat/Debug.props >> >> +++ b/src/compat/Debug.props >> >> @@ -17,5 +17,15 @@ >> >>EditAndContinue >> >> >> >> >> >> + > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> >> + >> >> + true >> >> + >> >> + >> >> + > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> >> + >> >> + true >> >> + >> >> + >> >> >> >> >> >> \ No newline at end of file >> >> diff --git a/src/compat/Release.props b/src/compat/Release.props >> >> index 50eaa8de..df04ddf2 100644 >> >> --- a/src/compat/Release.props >> >> +++ b/src/compat/Release.props >> >> @@ -22,5 +22,15 @@ >> >>true >> >> >> >> >> >> + > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> >> + >> >> + true >> >> + >> >> + >> >> + > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> >> + >> >> + true >> >> + >> >> + >> >> >> >> >> >> \ No newline at end of file >> >> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj >> >> index 65ee6839..38dd22de 100644 >> >> --- a/src/openvpn/openvpn.vcxproj >> >> +++ b/src/openvpn/openvpn.vcxproj >> >> @@ -158,6 +158,7 @@ >> >> >> Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib >> >> >> $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >> >>Console >> >> + true >> >> >> >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> >> @@ -173,6 +174,7 @@ >> >> >> Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib >> >> >> $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >> >>Console >> >> + true >> >> >> >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> >> @@ -204,6 +206,7 @@ >> >> >> Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib >> >> >> $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >> >>Console >> >> + true >> >> >> >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> >> @@ -220,6 +223,7 @@ >> >> >> Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib >> >> >> $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >> >>Console >> >> + true >> >> >> >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> >> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props >> b/src/openvpnmsica/openvpnmsica-Debug.props >> >> index 43532cfe..c99346af 100644 >> >> --- a/src/openvpnmsica/openvpnmsica-Debug.props >> >> +++ b/src/openvpnmsica/openvpnmsica-Debug.props >> >> @@ -10,5 +10,15 @@ >> >>MultiThreadedDebug >> >> >> >> >> >> + > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> >> + >> >> + true >> >> + >> >> + >> >> + > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> >> + >> >> + true >> >> + >> >> + >> >> >> >> >> >> \ No newline at end of file >> >> diff --git
Re: [Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation
CETCOMPAT is not supported for ARM. Regarding other arch I do not have particular opinion, I'm fine with either props or vcxproj approach On Fri, Dec 31, 2021, 5:09 PM Lev Stipakov wrote: > Hi, > > Sorry for the delay. > > 1) Was it really necessary to modify .props? I enabled this via > Linker->Advanced->CET Shadow Stack Compatible and only .vcxproj files > got modified. > > 2) I think we could enable it for all binaries > (openvpn/openvpnmsica/openvpnserv/tapctl) for ARM64/WIn32/x64 Release > configurations. > > -Lev > > ma 27. jouluk. 2021 klo 11.09 Илья Шипицин (chipits...@gmail.com) > kirjoitti: > > > > gentle ping > > > > > > сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin : > >> > >> found by BinSkim, more details: > >> > https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 > >> > >> Signed-off-by: Ilya Shipitsin > >> --- > >> src/compat/Debug.props | 10 ++ > >> src/compat/Release.props| 10 ++ > >> src/openvpn/openvpn.vcxproj | 4 > >> src/openvpnmsica/openvpnmsica-Debug.props | 10 ++ > >> src/openvpnmsica/openvpnmsica-Release.props | 10 ++ > >> src/openvpnserv/openvpnserv.vcxproj | 4 > >> 6 files changed, 48 insertions(+) > >> > >> diff --git a/src/compat/Debug.props b/src/compat/Debug.props > >> index 31bb9d91..14d7a1f7 100644 > >> --- a/src/compat/Debug.props > >> +++ b/src/compat/Debug.props > >> @@ -17,5 +17,15 @@ > >>EditAndContinue > >> > >> > >> + Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > >> + > >> + true > >> + > >> + > >> + Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > >> + > >> + true > >> + > >> + > >> > >> > >> \ No newline at end of file > >> diff --git a/src/compat/Release.props b/src/compat/Release.props > >> index 50eaa8de..df04ddf2 100644 > >> --- a/src/compat/Release.props > >> +++ b/src/compat/Release.props > >> @@ -22,5 +22,15 @@ > >>true > >> > >> > >> + Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > >> + > >> + true > >> + > >> + > >> + Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > >> + > >> + true > >> + > >> + > >> > >> > >> \ No newline at end of file > >> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj > >> index 65ee6839..38dd22de 100644 > >> --- a/src/openvpn/openvpn.vcxproj > >> +++ b/src/openvpn/openvpn.vcxproj > >> @@ -158,6 +158,7 @@ > >> > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > >> > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) > >>Console > >> + true > >> > >> > >> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > >> @@ -173,6 +174,7 @@ > >> > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > >> > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) > >>Console > >> + true > >> > >> > >> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > >> @@ -204,6 +206,7 @@ > >> > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > >> > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) > >>Console > >> + true > >> > >> > >> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > >> @@ -220,6 +223,7 @@ > >> > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > >> > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) > >>Console > >> + true > >> > >> > >> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > >> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props > b/src/openvpnmsica/openvpnmsica-Debug.props > >> index 43532cfe..c99346af 100644 > >> --- a/src/openvpnmsica/openvpnmsica-Debug.props > >> +++ b/src/openvpnmsica/openvpnmsica-Debug.props > >> @@ -10,5 +10,15 @@ > >>MultiThreadedDebug > >> > >> > >> + Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > >> + > >> + true > >> + > >> + > >> + Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > >> + > >> + true > >> + > >> + > >> > >> > >> \ No newline at end of file > >> diff --git a/src/openvpnmsica/openvpnmsica-Release.props > b/src/openvpnmsica/openvpnmsica-Release.props > >> index 47727b35..70f82713 100644 > >> --- a/src/openvpnmsica/openvpnmsica-Release.props > >> +++ b/src/openvpnmsica/openvpnmsica-Release.props > >> @@ -11,5 +11,15 @@ > >>Guard > >> > >> > >> +
Re: [Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation
Hi, Sorry for the delay. 1) Was it really necessary to modify .props? I enabled this via Linker->Advanced->CET Shadow Stack Compatible and only .vcxproj files got modified. 2) I think we could enable it for all binaries (openvpn/openvpnmsica/openvpnserv/tapctl) for ARM64/WIn32/x64 Release configurations. -Lev ma 27. jouluk. 2021 klo 11.09 Илья Шипицин (chipits...@gmail.com) kirjoitti: > > gentle ping > > > сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin : >> >> found by BinSkim, more details: >> https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 >> >> Signed-off-by: Ilya Shipitsin >> --- >> src/compat/Debug.props | 10 ++ >> src/compat/Release.props| 10 ++ >> src/openvpn/openvpn.vcxproj | 4 >> src/openvpnmsica/openvpnmsica-Debug.props | 10 ++ >> src/openvpnmsica/openvpnmsica-Release.props | 10 ++ >> src/openvpnserv/openvpnserv.vcxproj | 4 >> 6 files changed, 48 insertions(+) >> >> diff --git a/src/compat/Debug.props b/src/compat/Debug.props >> index 31bb9d91..14d7a1f7 100644 >> --- a/src/compat/Debug.props >> +++ b/src/compat/Debug.props >> @@ -17,5 +17,15 @@ >>EditAndContinue >> >> >> + > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> + >> + true >> + >> + >> + > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> + >> + true >> + >> + >> >> >> \ No newline at end of file >> diff --git a/src/compat/Release.props b/src/compat/Release.props >> index 50eaa8de..df04ddf2 100644 >> --- a/src/compat/Release.props >> +++ b/src/compat/Release.props >> @@ -22,5 +22,15 @@ >>true >> >> >> + > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> + >> + true >> + >> + >> + > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> + >> + true >> + >> + >> >> >> \ No newline at end of file >> diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj >> index 65ee6839..38dd22de 100644 >> --- a/src/openvpn/openvpn.vcxproj >> +++ b/src/openvpn/openvpn.vcxproj >> @@ -158,6 +158,7 @@ >> >> Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib >> >> $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >>Console >> + true >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> @@ -173,6 +174,7 @@ >> >> Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib >> >> $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >>Console >> + true >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> >> @@ -204,6 +206,7 @@ >> >> Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib >> >> $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >>Console >> + true >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> @@ -220,6 +223,7 @@ >> >> Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib >> >> $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >>Console >> + true >> >> >>> Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> >> diff --git a/src/openvpnmsica/openvpnmsica-Debug.props >> b/src/openvpnmsica/openvpnmsica-Debug.props >> index 43532cfe..c99346af 100644 >> --- a/src/openvpnmsica/openvpnmsica-Debug.props >> +++ b/src/openvpnmsica/openvpnmsica-Debug.props >> @@ -10,5 +10,15 @@ >>MultiThreadedDebug >> >> >> + > Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> >> + >> + true >> + >> + >> + > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> >> + >> + true >> + >> + >> >> >> \ No newline at end of file >> diff --git a/src/openvpnmsica/openvpnmsica-Release.props >> b/src/openvpnmsica/openvpnmsica-Release.props >> index 47727b35..70f82713 100644 >> --- a/src/openvpnmsica/openvpnmsica-Release.props >> +++ b/src/openvpnmsica/openvpnmsica-Release.props >> @@ -11,5 +11,15 @@ >>Guard >> >> >> + > Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> >> + >> + true >> + >> + >> + > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> >> + >> + true >> + >> + >> >> >> \ No newline at end of file >> diff --git a/src/openvpnserv/openvpnserv.vcxproj >> b/src/openvpnserv/openvpnserv.vcxproj >> index 5fd7d60b..65d03e3b 100644 >> ---
Re: [Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation
gentle ping сб, 16 окт. 2021 г. в 19:15, Ilya Shipitsin : > found by BinSkim, more details: > > https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 > > Signed-off-by: Ilya Shipitsin > --- > src/compat/Debug.props | 10 ++ > src/compat/Release.props| 10 ++ > src/openvpn/openvpn.vcxproj | 4 > src/openvpnmsica/openvpnmsica-Debug.props | 10 ++ > src/openvpnmsica/openvpnmsica-Release.props | 10 ++ > src/openvpnserv/openvpnserv.vcxproj | 4 > 6 files changed, 48 insertions(+) > > diff --git a/src/compat/Debug.props b/src/compat/Debug.props > index 31bb9d91..14d7a1f7 100644 > --- a/src/compat/Debug.props > +++ b/src/compat/Debug.props > @@ -17,5 +17,15 @@ >EditAndContinue > > > + Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > + > + true > + > + > + Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > + > + true > + > + > > > \ No newline at end of file > diff --git a/src/compat/Release.props b/src/compat/Release.props > index 50eaa8de..df04ddf2 100644 > --- a/src/compat/Release.props > +++ b/src/compat/Release.props > @@ -22,5 +22,15 @@ >true > > > + Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > + > + true > + > + > + Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > + > + true > + > + > > > \ No newline at end of file > diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj > index 65ee6839..38dd22de 100644 > --- a/src/openvpn/openvpn.vcxproj > +++ b/src/openvpn/openvpn.vcxproj > @@ -158,6 +158,7 @@ > > > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > > > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > @@ -173,6 +174,7 @@ > > > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > > > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > @@ -204,6 +206,7 @@ > > > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > > > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > @@ -220,6 +223,7 @@ > > > Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib > > > $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'"> > diff --git a/src/openvpnmsica/openvpnmsica-Debug.props > b/src/openvpnmsica/openvpnmsica-Debug.props > index 43532cfe..c99346af 100644 > --- a/src/openvpnmsica/openvpnmsica-Debug.props > +++ b/src/openvpnmsica/openvpnmsica-Debug.props > @@ -10,5 +10,15 @@ >MultiThreadedDebug > > > + Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'"> > + > + true > + > + > + Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > + > + true > + > + > > > \ No newline at end of file > diff --git a/src/openvpnmsica/openvpnmsica-Release.props > b/src/openvpnmsica/openvpnmsica-Release.props > index 47727b35..70f82713 100644 > --- a/src/openvpnmsica/openvpnmsica-Release.props > +++ b/src/openvpnmsica/openvpnmsica-Release.props > @@ -11,5 +11,15 @@ >Guard > > > + Condition="'$(Configuration)|$(Platform)'=='Release|Win32'"> > + > + true > + > + > + Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> > + > + true > + > + > > > \ No newline at end of file > diff --git a/src/openvpnserv/openvpnserv.vcxproj > b/src/openvpnserv/openvpnserv.vcxproj > index 5fd7d60b..65d03e3b 100644 > --- a/src/openvpnserv/openvpnserv.vcxproj > +++ b/src/openvpnserv/openvpnserv.vcxproj > @@ -130,6 +130,7 @@ > > > > Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> > @@ -141,6 +142,7 @@ > > > > legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) >Console > + true > > > Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'"> > @@
[Openvpn-devel] [PATCH] BUILD: MSVC: enable the Control-flow Enforcement Technology (CET) Shadow Stack mitigation
found by BinSkim, more details: https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view=msvc-160 Signed-off-by: Ilya Shipitsin --- src/compat/Debug.props | 10 ++ src/compat/Release.props| 10 ++ src/openvpn/openvpn.vcxproj | 4 src/openvpnmsica/openvpnmsica-Debug.props | 10 ++ src/openvpnmsica/openvpnmsica-Release.props | 10 ++ src/openvpnserv/openvpnserv.vcxproj | 4 6 files changed, 48 insertions(+) diff --git a/src/compat/Debug.props b/src/compat/Debug.props index 31bb9d91..14d7a1f7 100644 --- a/src/compat/Debug.props +++ b/src/compat/Debug.props @@ -17,5 +17,15 @@ EditAndContinue + + + true + + + + + true + + \ No newline at end of file diff --git a/src/compat/Release.props b/src/compat/Release.props index 50eaa8de..df04ddf2 100644 --- a/src/compat/Release.props +++ b/src/compat/Release.props @@ -22,5 +22,15 @@ true + + + true + + + + + true + + \ No newline at end of file diff --git a/src/openvpn/openvpn.vcxproj b/src/openvpn/openvpn.vcxproj index 65ee6839..38dd22de 100644 --- a/src/openvpn/openvpn.vcxproj +++ b/src/openvpn/openvpn.vcxproj @@ -158,6 +158,7 @@ Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console + true @@ -173,6 +174,7 @@ Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console + true @@ -204,6 +206,7 @@ Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console + true @@ -220,6 +223,7 @@ Ncrypt.lib;gdi32.lib;ws2_32.lib;wininet.lib;crypt32.lib;iphlpapi.lib;winmm.lib;Fwpuclnt.lib;Rpcrt4.lib;setupapi.lib;Advapi32.lib $(OPENSSL_HOME)/lib;$(LZO_HOME)/lib;$(PKCS11H_HOME)/lib;%(AdditionalLibraryDirectories) Console + true diff --git a/src/openvpnmsica/openvpnmsica-Debug.props b/src/openvpnmsica/openvpnmsica-Debug.props index 43532cfe..c99346af 100644 --- a/src/openvpnmsica/openvpnmsica-Debug.props +++ b/src/openvpnmsica/openvpnmsica-Debug.props @@ -10,5 +10,15 @@ MultiThreadedDebug + + + true + + + + + true + + \ No newline at end of file diff --git a/src/openvpnmsica/openvpnmsica-Release.props b/src/openvpnmsica/openvpnmsica-Release.props index 47727b35..70f82713 100644 --- a/src/openvpnmsica/openvpnmsica-Release.props +++ b/src/openvpnmsica/openvpnmsica-Release.props @@ -11,5 +11,15 @@ Guard + + + true + + + + + true + + \ No newline at end of file diff --git a/src/openvpnserv/openvpnserv.vcxproj b/src/openvpnserv/openvpnserv.vcxproj index 5fd7d60b..65d03e3b 100644 --- a/src/openvpnserv/openvpnserv.vcxproj +++ b/src/openvpnserv/openvpnserv.vcxproj @@ -130,6 +130,7 @@ Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) Console + true @@ -141,6 +142,7 @@ legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) Console + true @@ -163,6 +165,7 @@ Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) Console + true @@ -174,6 +177,7 @@ legacy_stdio_definitions.lib;Userenv.lib;Iphlpapi.lib;ntdll.lib;Fwpuclnt.lib;Netapi32.lib;Shlwapi.lib;%(AdditionalDependencies) Console + true -- 2.29.2.windows.2 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
