git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Lev Stipakov <lev@openvpn.net>
	Fri, 18 Feb 2022 23:52:55 +0000 (01:52 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Thu, 17 Mar 2022 13:01:38 +0000 (14:01 +0100)
commit	4bf8f1147dc7aadce2b15b84bb4613d965660191
tree	e31ce6c8a78f560c2ce52deef4c8ebaaa67e47c0	tree
parent	445cc852727a59f7338e59f0e594714d2b722beb	commit \| diff

msvc: adjust build options to harden binaries

- enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)

- hash object files with SHA256 (/ZH:SHA_256 compiler option)

- enable SDL. The required to add

    _CRT_NONSTDC_NO_DEPRECATE
    _CRT_SECURE_NO_WARNINGS
    _WINSOCK_DEPRECATED_NO_WARNINGS

preprocessor definitions. I don't feel like replacing strdup (which is
correct POSIX function) and inet_ntoa (we always pass IPv4 address to
it, inet_ntop will make code more complex)

Above issues were discovered by bitskim.

Before applying this patch, this one must be applied from master:

https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21774.h
tml

Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20220218235255.334-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23852.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/auth_token.c		diff \| blob \| blame \| history
src/openvpn/openvpn.vcxproj		diff \| blob \| blame \| history
src/openvpnmsica/openvpnmsica.vcxproj		diff \| blob \| blame \| history
src/openvpnserv/openvpnserv.vcxproj		diff \| blob \| blame \| history
src/tapctl/tapctl.vcxproj		diff \| blob \| blame \| history